README

Validate and sanitize form inputs and API requests with a PHP library inspired by Laravel, designed specifically for WordPress.

Overview

WP Validator is a comprehensive PHP package inspired by Laravel. It simplifies the process of data validation and sanitization for WordPress, providing a versatile and user-friendly solution for developers to ensure that user input meets specific criteria and is secure against common vulnerabilities.

Features

Data Validation: Easily validate user inputs, form submissions, and API requests.
Custom Validation Rules: Define your custom validation rules to meet your application's specific needs.
Error Messages: Detailed error messages to assist users in understanding validation failures.
Data Sanitization: Optional data sanitization functions for cleaning and formatting data.

Example Usage

To use the wp-validator package for data validation in your PHP application, follow these steps:

1. Install the Package

Begin by installing the WP Validator package using Composer:

composer require bitapps/wp-validator

2. Initialize the Validator

Create an instance of the Validator class from the package:

use BitApps\WPValidator\Validator;

$validator = new Validator;

For public methods that can be used with $validator, refer to the Validator Instance Methods section.

3. Define Your Data and Validation Rules

Prepare the data you want to validate and define the validation rules. Here's an example:

$data = [
    'first_name' => 'John',
    'last_name' => '',
    'email' => 'email@example',
    'password' => '##112233',
    'confirm_password' => '##112233',
];

$rules = [
    'first_name' => ['required', 'string'],
    'last_name' => ['required', 'string'],
    'email' => ['required', 'email'],
    'password' => ['required', 'min:8'],
    'confirm_password' => ['required', 'min:6', 'same:password'],
];

Explore all available validation rules and their usage in the Available Validation Rules section.

4. Customize Error Messages (Optional)

If you need to customize error messages, you can use the $customMessages array. In this example, we leave it empty.

$customMessages = [];

Learn more about customizing error messages in the Customizing Error Messages section.

5. Map Attribute Names (Optional)

Map your field names to user-friendly labels using the $attributes array, these labels will be used for error messages.

$attributes = [
    'first_name' => 'First Name',
    'last_name' => 'Last Name',
    'email' => 'Email',
];

6. Perform Validation

Execute the validation using the make method:

$validation = $validator->make($data, $rules, $customMessages, $attributes);

7. Handle Validation Results

Check if validation fails and, if so, print out the validation errors:

if ($validation->fails()) {
    echo "<pre>";
    echo print_r($validation->errors(), true);
    echo "</pre>";
} else {
    echo "Success!";
}

Validator Instance Methods

`make($data: array, $rules: array[, $customMessages?: array, $attributes?: array])`

This method runs the validations of $data based on given $rules. Optionally, if you pass $customMessages and $attributes, it will make the error messages (if any) based on that.

`fails(): boolean`

This method will return true or false based on the validation status. If it returns true, that means the validator has found errors in data, and you can get those errors by the errors() method.

`errors(): array`

This method will return the error messages (if any) based on the format of the passed $data array in the make() method.

Available Validation Rules

WP Validator provides a comprehensive set of validation rules to suit your needs. Here's a list of available rules:

accepted
Checks if the field under validation is one of the following: 'yes', 'on', '1', 1, 'true', true. This is useful for validating agreement type fields.
array
Checks if the field under validation is an array.
between:min,max
Checks if the field under validation falls within the range of :min and :max (inclusive).
- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
date
Checks if the field under validation is a valid date according to the strtotime PHP function.
digit_between:min,max
Checks if the length of digits for the integer number falls within the range of :min and :max (inclusive).
digits:value
Checks if the length of digits for the integer number is exactly the same as :digits.
email
Checks if the field under validation is a valid email address.
integer
Checks if the field under validation is an integer number.
ip
Checks if the field under validation is a valid IP (IPv4, IPv6) address.
ipv4
Checks if the field under validation is a valid IPv4 address.
ipv6
Checks if the field under validation is a valid IPv6 address.
json
Checks if the field under validation is a valid JSON string.
lowercase
Checks if the field under validation consists of all lowercase letters.
mac_address
Checks if the field under validation is a valid MAC address.
max:value
Checks if the field under validation is less than or equal to :max.
- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
min:value
Checks if the field under validation has a minimum value of :min.
- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
nullable
Makes the field under validation as optional (allows to be null), but respects other validation rules if specified and value is not null.
numeric
Checks if the field under validation is a valid real number.
required
Checks if the field under validation is present and not empty. A field is "empty" if it meets one of the following criteria:
- The value is NULL or FALSE.
- The value is an empty string.
- The value is an empty array or empty countable object.
present
The field must be present in the input data for validation.
same:field
Checks if the field under validation is equal to the specified :other attribute.
size:value
Checks if the field under validation has exactly the same size as :size.
- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
string
Checks if the given value is a string.
uppercase
Checks if the string value consists of all uppercase letters.
url
Checks if the value is a valid URL.

Missing any validation rule that you need? Refer to the Custom Validation Rule section to know how you can create and use custom validation rules in your project alongside the library.

Available sanitization functions

sanitize_email
Strip out all characters that are not allowable in an email address.
e.g. ['email' => ['required', 'email', 'sanitize:email']
sanitize_file_name
Sanitizes a file name by removing special characters.
e.g ['file' => ['required', 'string', 'sanitize:file_name']
sanitize_html_class
Sanitize content with allowed HTML tags for class attribute.
e.g ['class' => ['required', 'string', 'sanitize:html_class']
sanitize_key
Sanitize content with allowed HTML tags for key attribute.
e.g ['key' => ['required', 'string', 'sanitize:sanitize_key']
sanitize_text
Strip out all characters that are not allowable in a string.
e.g. ['name' => ['required', 'string', 'sanitize:text']
sanitize_textarea_field
Sanitize content with allowed HTML tags for textarea field.
e.g ['content' => ['required', 'string', 'sanitize:textarea']
sanitize_title
Strip out all characters that are not allowable in a title.
e.g. ['title' => ['required', 'string', 'sanitize:title']
sanitize_user
Sanitize a username, striping out unsafe characters.
e.g ['user' => ['required', 'string', 'sanitize:user']
sanitize_url
Sanitizes a URL by removing invalid characters for safe use in HTML attributes.
e.g. ['url' => ['required', 'url', 'sanitize:url']
wp_kses
Sanitize content with allowed HTML tags.
e.g ['content' => ['required', 'string', 'sanitize:wp_kses|a.href,a.title,br,em,strong']
wp_kses_post
Sanitize content with allowed HTML tags for post content.
e.g ['content' => ['required', 'string', 'sanitize:wp_kses_post']

Custom Validation Rule

Create the class of the validation rule into your project:

<?php

use BitApps\WPValidator\Rule;

class BooleanRule extends Rule
{
    // error message if fails...
    private $message = "The :attribute must be a boolean";

    public function validate($value)
    {
        // validation code here...
        return is_bool($value);
    }

    public function message()
    {
        return $this->message;
    }
}

Pass them as an instance into the $rules array:

$rules = [
    'agreed' => ['required', new BooleanRule],
];

Customizing Error Messages

WP Validator provides default error messages based on validation rules. For added flexibility, you can change these error messages globally or even for specific fields and validation rules:

$customMessages = [
    'required' => ':attribute is missing',
    'string' => ':attribute cannot contain any numerics',
    'between' => 'The :attribute must be given between :min & :max',
    'size' => 'The account number must consist of :size characters',
];

Now, for each validation rule, it will return the custom error messages you have set. Note: :attribute refers to the field it's currently validating, acting as a placeholder. We have more placeholders like this; explore them in the List of Placeholders section.

If you want more flexibility and wish to customize error messages individually for each validation rule and field, you can also achieve that:

$customMessages = [
    'first_name' => [
        'required' => 'First name must be present',
        'string' => 'You cannot include anything except letters in the first name',
    ],
    'email' => [
        'email' => 'The provided email is not valid',
    ],
];

If you use any other validation rules that you didn't mention in the Custom Messages array, WP Validator will follow the default error message.

List of Placeholders

:attribute
It will refer to the field name under validation & custom label if changed via $attributes array.
:value
It will refer to the value of the field under validation.
:min
It will refer to the min value parameter of between, digits_between, min validation rules.
:max
It will refer to the max value parameter of between, digits_between, max validation rules.
:digits
It will refer to the value parameter of digits validation rule.
:other
It will refer to the field parameter of same validation rule.
:size
It will refer to the value parameter of size validation rule.

Contributing

We welcome contributions from the community. If you find a bug or have a feature suggestion, please open an issue or submit a pull request.

License

This package is open-source and available under the MIT License.

bitapps / wp-validator

Maintainers

Details