if (!is_array($_POST[$key])) {
$postvals[$key] = appthemes_clean($value);
} else {
$postvals[$key] = array_map('appthemes_clean', $value);
}
}
// keep only numeric, commas or decimal values
$postvals['cp_price'] = empty($_POST['cp_price']) ? '' : appthemes_clean_price($_POST['cp_price']);
if (isset($postvals['cp_currency']) && !empty($postvals['cp_currency'])) {
$price_curr = $postvals['cp_currency'];
} else {
$price_curr = $cp_options->curr_symbol;
}
// keep only values and insert/strip commas if needed
if (!empty($_POST['tags_input'])) {
$postvals['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$_POST['tags_input'] = $postvals['tags_input'];
}
// store the user IP address, ID for later
$postvals['cp_sys_userIP'] = appthemes_get_ip();
$postvals['user_id'] = $current_user->ID;
$ad_pack_id = isset($_POST['ad_pack_id']) ? appthemes_numbers_only($_POST['ad_pack_id']) : false;
if ($ad_pack_id) {
$postvals['pack_duration'] = cp_get_ad_pack_length($ad_pack_id);
}
$coupon = false;
if (cp_payments_is_enabled()) {
// see if the featured ad checkbox has been checked
if (isset($_POST['featured_ad'])) {
$postvals['featured_ad'] = $_POST['featured_ad'];
// get the featured ad price into the array
function cp_update_listing()
{
global $wpdb, $cp_options;
// check to see if html is allowed
if (!$cp_options->allow_html) {
$post_content = appthemes_filter($_POST['post_content']);
} else {
$post_content = wp_kses_post($_POST['post_content']);
}
// keep only numeric, commas or decimal values
if (!empty($_POST['cp_price'])) {
$_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']);
}
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
}
// put all the ad elements into an array
// these are the minimum required fields for WP (except tags)
$update_ad = array();
$update_ad['ID'] = trim($_POST['ad_id']);
$update_ad['post_title'] = appthemes_filter($_POST['post_title']);
$update_ad['post_content'] = trim($post_content);
if ($cp_options->moderate_edited_ads) {
$update_ad['post_status'] = 'pending';
}
// update the ad and return the ad id
$post_id = wp_update_post($update_ad);
if (!$post_id) {
return false;
}
//update post custom taxonomy "ad_tags"
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
$settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG);
}
// assemble the comma separated hidden fields back into an array so we can save them.
$metafields = explode(',', $_POST['custom_fields_vals']);
// loop through all custom meta fields and update values
foreach ($metafields as $name) {
if (!isset($_POST[$name])) {
delete_post_meta($post_id, $name);
} else {
if (is_array($_POST[$name])) {
delete_post_meta($post_id, $name);
foreach ($_POST[$name] as $checkbox_value) {
add_post_meta($post_id, $name, wp_kses_post($checkbox_value));
}
} else {
update_post_meta($post_id, $name, wp_kses_post($_POST[$name]));
}
}
}
cp_action_update_listing($post_id);
return $post_id;
}
function cp_update_listing()
{
global $wpdb;
// check to see if html is allowed
if (get_option('cp_allow_html') != 'yes') {
$post_content = appthemes_filter($_POST['post_content']);
} else {
$post_content = $_POST['post_content'];
}
// keep only numeric, commas or decimal values
if (!empty($_POST['cp_price'])) {
$_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']);
}
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
}
// put all the ad elements into an array
// these are the minimum required fields for WP (except tags)
$update_ad = array();
$update_ad['ID'] = trim($_POST['ad_id']);
$update_ad['post_title'] = appthemes_filter($_POST['post_title']);
$update_ad['post_content'] = trim($post_content);
//$update_ad['post_category'] = array((int)appthemes_filter($_POST['cat'])); // maybe use later if we decide to let users change categories
// make sure the WP sanitize_post function doesn't strip out embed & other html
if (get_option('cp_allow_html') == 'yes') {
$update_ad['filter'] = true;
}
//print_r($update_ad).' <- new ad array<br>'; // for debugging
// update the ad and return the ad id
$post_id = wp_update_post($update_ad);
if ($post_id) {
//update post custom taxonomy "ad_tags"
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
$settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG);
//echo 'Update Tags or Erro:'.print_r($settags, true);
}
// assemble the comma separated hidden fields back into an array so we can save them.
$metafields = explode(',', $_POST['custom_fields_vals']);
// loop through all custom meta fields and update values
foreach ($metafields as $name) {
if (!isset($_POST[$name])) {
delete_post_meta($post_id, $name);
} else {
if (is_array($_POST[$name])) {
delete_post_meta($post_id, $name);
foreach ($_POST[$name] as $checkbox_value) {
add_post_meta($post_id, $name, $checkbox_value);
}
} else {
update_post_meta($post_id, $name, $_POST[$name]);
}
}
}
$errmsg = '<div class="box-yellow"><b>' . __('Your ad has been successfully updated.', 'appthemes') . '</b> <a href="' . CP_DASHBOARD_URL . '">' . __('Return to my dashboard', 'appthemes') . '</a></div>';
// send out the email notifications
cp_edited_ad_email($post_id);
} else {
// the ad wasn't updated so throw an error
$errmsg = '<div class="box-red"><b>' . __('There was an error trying to update your ad.', 'appthemes') . '</b></div>';
}
return $errmsg;
}
function cp_update_listing()
{
global $wpdb;
// check to see if html is allowed
if (get_option('cp_allow_html') != 'yes') {
$post_content = appthemes_filter($_POST['post_content']);
} else {
$post_content = $_POST['post_content'];
}
// keep only numeric, commas or decimal values
if (!empty($_POST['cp_price'])) {
$_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']);
}
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
}
// put all the ad elements into an array
// these are the minimum required fields for WP (except tags)
$update_ad = array();
$update_ad['ID'] = trim($_POST['ad_id']);
$update_ad['post_title'] = appthemes_filter($_POST['post_title']);
$update_ad['post_content'] = trim($post_content);
//$update_ad['post_category'] = array((int)appthemes_filter($_POST['cat'])); // maybe use later if we decide to let users change categories
//print_r($update_ad).' <- new ad array<br>'; // for debugging
// update the ad and return the ad id
$post_id = wp_update_post($update_ad);
if ($post_id) {
//update post custom taxonomy "ad_tags"
// keep only values and insert/strip commas if needed and put into an array
if (!empty($_POST['tags_input'])) {
$_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']);
$new_tags = explode(',', $_POST['tags_input']);
$settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG);
//echo 'Update Tags or Erro:'.print_r($settags, true);
}
// assemble the comma separated hidden fields back into an array so we can save them.
$metafields = explode(',', $_POST['custom_fields_vals']);
// loop through all custom meta fields and update values
foreach ($metafields as $name) {
if (!isset($_POST[$name])) {
delete_post_meta($post_id, $name);
} else {
if (is_array($_POST[$name])) {
delete_post_meta($post_id, $name);
foreach ($_POST[$name] as $checkbox_value) {
add_post_meta($post_id, $name, $checkbox_value);
}
} else {
update_post_meta($post_id, $name, $_POST[$name]);
}
}
}
$result = $post_id;
cp_action_update_listing($post_id);
} else {
// the ad wasn't updated
$result = false;
}
return $result;
}
/**
* Returns cleaned fields that we expect.
*
* return array
*/
protected function clean_expected_fields()
{
global $cp_options;
$posted = array();
foreach ($this->expected_fields() as $field) {
$posted[$field] = isset($_POST[$field]) ? $_POST[$field] : '';
if (!is_array($posted[$field])) {
$posted[$field] = appthemes_clean($posted[$field]);
if (appthemes_str_starts_with($field, 'cp_')) {
$posted[$field] = wp_kses_post($posted[$field]);
}
} else {
$posted[$field] = array_map('appthemes_clean', $posted[$field]);
if (appthemes_str_starts_with($field, 'cp_')) {
$posted[$field] = array_map('wp_kses_post', $posted[$field]);
}
}
if ($field == 'cp_price') {
$posted[$field] = appthemes_clean_price($posted[$field]);
}
if ($field == 'tags_input') {
$posted[$field] = appthemes_clean_tags($posted[$field]);
$posted[$field] = wp_kses_post($posted[$field]);
}
if ($field == 'post_content') {
// check to see if html is allowed
if (!$cp_options->allow_html) {
$posted[$field] = appthemes_filter($posted[$field]);
} else {
$posted[$field] = wp_kses_post($posted[$field]);
}
}
if ($field == 'post_title') {
$posted[$field] = appthemes_filter($posted[$field]);
}
}
return $posted;
}
