CODEWITHSUNDEEP
wordpressvalidationpluginscreate-function
Katherine
Katherine

Reputation: 157

Replacing create_function in validation loop

I have a validation loop in a class in an outdated but functional plugin that I need to keep (for now). It uses create_function twice.

        if( is_array($s) ) {

            $c = count($s);

            $a = 0;

            while( $a < $c ) {

                if( isset($s[$a]['validate_callback']) ) {

                    $this->create_function[]    = $s[$a]['id'];

                    $s[$a]['validate_callback'] = '';

                    $file= addslashes(WC_XSI_SETTINGS . 'validate-' . $s[$a]['id'] . '.php');

                    $s[$a]['validate_callback'] = create_function('$fields', 'do_action("wc_xsi_settings_validate",$fields); do_action("wc_xsi_settings_validate_' . $s[$a]['id'] . '",$fields);');

                }

                $a++;

            }

        }

There were several more instances - mainly in widget declations - that I have replaced, but this one stumped me. Is there a way to perform this validation without it? I'll be honest I haven't a notion how to start and really would appreciate a heads up.

Upvotes: 0

Views: 66

Answers (1)

newan0805
newan0805

Reputation: 21

You can replace the create_function with a closure like this:

if( is_array($s) ) {

    $c = count($s);
    $a = 0;

    while( $a < $c ) {

        if( isset($s[$a]['validate_callback']) ) {

            $this->create_function[] = $s[$a]['id'];
            $s[$a]['validate_callback'] = '';

            $file = addslashes(WC_XSI_SETTINGS . 'validate-' . $s[$a]['id'] . '.php');

            // Replace create_function with a closure
            $s[$a]['validate_callback'] = function($fields) use ($s, $a) {
                do_action("wc_xsi_settings_validate", $fields);
                do_action("wc_xsi_settings_validate_" . $s[$a]['id'], $fields);
            };
        }

        $a++;
    }
}

Explanation of Changes: Anonymous Function (Closure):

  • The create_function() has been replaced by an anonymous function (function($fields) use ($s, $a)), which is a much safer and modern way to define inline functions in PHP. use ($s, $a):

  • The use keyword is necessary to bring variables from the outer scope ($s and $a) into the closure, as they are required inside the anonymous function for the callbacks. No More String-based Code:

  • The anonymous function avoids the need for string-based function creation, making the code easier to read, maintain, and much safer from potential injection vulnerabilities.

Upvotes: 1

Related Questions