/**
  * Sanitises a fragment of XML code.
  *
  * @since 1.4
  *
  * @param string $xml
  * @return string
  */
 public static function ksesXML($xml)
 {
     $xml = wp_kses_no_null($xml);
     $xml = wp_kses_js_entities($xml);
     $xml = wp_kses_normalize_entities($xml);
     return preg_replace_callback('%(<[^>]*(>|$)|>)%', array('self', 'kses_split'), $xml);
 }
Ejemplo n.º 2
0
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
{
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $string = wp_kses_hook($string);
    $allowed_html_fixed = wp_kses_array_lc($allowed_html);
    return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
Ejemplo n.º 3
0
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
 * link protocols, except for 'javascript' which should not be allowed for
 * untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
{
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $allowed_html_fixed = wp_kses_array_lc($allowed_html);
    $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
    // WP changed the order of these funcs and added args to wp_kses_hook
    return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
Ejemplo n.º 4
0
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
    global $allowedprotocols;
    if (empty($allowed_protocols)) {
        $allowed_protocols = $allowedprotocols;
    }
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
Ejemplo n.º 5
0
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
	###############################################################################
		# This function makes sure that only the allowed HTML element names, attribute
		# names and attribute values plus only sane HTML entities will occur in
		# $string. You have to remove any slashes from PHP's magic quotes before you
		# call this function.
		###############################################################################
	{
	$string = wp_kses_no_null($string);
	$string = wp_kses_js_entities($string);
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string);
	$allowed_html_fixed = wp_kses_array_lc($allowed_html);
	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
} # function wp_kses
Ejemplo n.º 6
0
 function nextgen_esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     if ('' == $url) {
         return $url;
     }
     $url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     /* If the URL doesn't appear to contain a scheme, we
      * presume it needs http:// appended (unless a relative
      * link starting with /, # or ? or a php file).
      */
     if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
         $url = 'http://' . $url;
     }
     // Replace ampersands and single quotes only when displaying.
     if ('display' == $_context) {
         $url = wp_kses_normalize_entities($url);
         $url = str_replace('&amp;', '&#038;', $url);
         $url = str_replace("'", '&#039;', $url);
         $url = str_replace('%', '%25', $url);
         $url = str_replace(' ', '%20', $url);
     }
     if ('/' === $url[0]) {
         $good_protocol_url = $url;
     } else {
         if (!is_array($protocols)) {
             $protocols = wp_allowed_protocols();
         }
         $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
         if (strtolower($good_protocol_url) != strtolower($url)) {
             return '';
         }
     }
     return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
    function processShortcodePreformattedText($attribute, $content, $tag)
    {
        $attribute = $this->processAttribute($tag, $attribute);
        $html = null;
        $Validation = new PBValidation();
        if ($Validation->isEmpty($content)) {
            return $html;
        }
        if (!$Validation->isBool($attribute['open_default'])) {
            return $html;
        }
        $class = array('pb-preformatted-text');
        if ($attribute['open_default'] == 1) {
            array_push($class, 'pb-preformatted-text-visible');
        }
        array_push($class, $attribute['css_class']);
        $id = PBHelper::createId('pb_preformatted_text');
        $content = nl2br(trim(preg_replace(array('/\\[/', '/\\]/'), array('&#91;', '&#93;'), htmlspecialchars($content))));
        $html = '
			<div id="' . $id . '"' . PBHelper::createClassAttribute($class) . '>
				<a href="#">
					<span class="pb-preformatted-text-label-open">' . esc_html($attribute['label_open']) . '</span>
					<span class="pb-preformatted-text-label-close">' . esc_html($attribute['label_close']) . '</span>
				</a>
				<pre>' . wp_kses_normalize_entities($content) . '</pre>
			</div>
			<div class="pb-script-tag">
				<script type="text/javascript">
					jQuery(document).ready(function($) 
					{
						$("#' . $id . '").PBPreformattedText();
					});
				</script>
			</div>
		';
        return PBHelper::formatHTML($html);
    }
Ejemplo n.º 8
0
/**
 * Handle import/export for categories & listings.
 *
 * @since 1.4.6
 * @package GeoDirectory
 *
 * @global object $wpdb WordPress Database object.
 * @global string $plugin_prefix Geodirectory plugin table prefix.
 * @global object $current_user Current user object.
 * @global null|object $wp_filesystem WP_Filesystem object.
 * @return string Json data.
 */
function geodir_ajax_import_export()
{
    global $wpdb, $plugin_prefix, $current_user, $wp_filesystem;
    // try to set higher limits for import
    @ini_set('max_input_time', 3000);
    @ini_set('max_execution_time', 3000);
    @ini_set('memory_limit', '256M');
    error_reporting(0);
    $json = array();
    if (!current_user_can('manage_options')) {
        wp_send_json($json);
    }
    $task = isset($_REQUEST['task']) ? $_REQUEST['task'] : NULL;
    $nonce = isset($_REQUEST['_nonce']) ? $_REQUEST['_nonce'] : NULL;
    $stat = isset($_REQUEST['_st']) ? $_REQUEST['_st'] : false;
    if (!wp_verify_nonce($nonce, 'geodir_import_export_nonce')) {
        wp_send_json($json);
    }
    $post_type = isset($_REQUEST['_pt']) ? $_REQUEST['_pt'] : NULL;
    /*if( empty( $wp_filesystem ) ) {
    		require_once( ABSPATH . '/wp-admin/includes/file.php' );
    		WP_Filesystem();
    		global $wp_filesystem;
    	}*/
    $wp_filesystem = geodir_init_filesystem();
    if (!$wp_filesystem) {
        $json['error'] = __('Fail, something wrong to create csv file.', GEODIRECTORY_TEXTDOMAIN);
        wp_send_json($json);
        exit;
    }
    $csv_file_dir = geodir_path_import_export(false);
    if (!$wp_filesystem->is_dir($csv_file_dir)) {
        $wp_filesystem->mkdir($csv_file_dir, FS_CHMOD_DIR);
    }
    switch ($task) {
        case 'export_posts':
            // WPML
            $is_wpml = geodir_is_wpml();
            if ($is_wpml) {
                global $sitepress;
                $active_lang = ICL_LANGUAGE_CODE;
                $sitepress->switch_lang('all', true);
            }
            // WPML
            if ($post_type == 'gd_event') {
                //add_filter( 'geodir_imex_count_posts', 'geodir_imex_count_events', 10, 2 );
                add_filter('geodir_imex_export_posts_query', 'geodir_imex_get_events_query', 10, 2);
            }
            $file_name = $post_type . '_' . date('j_n_y');
            $posts_count = geodir_get_posts_count($post_type);
            $file_url = geodir_path_import_export() . '/' . $file_name . '.csv';
            $file_path = $csv_file_dir . '/' . $file_name . '.csv';
            $file_path_temp = $csv_file_dir . '/' . $post_type . '_' . $nonce . '.csv';
            if (isset($_REQUEST['_st'])) {
                $line_count = (int) geodir_import_export_line_count($file_path_temp);
                $percentage = count($posts_count) > 0 && $line_count > 0 ? ceil($line_count / $posts_count) * 100 : 0;
                $percentage = min($percentage, 100);
                $json['percentage'] = $percentage;
                // WPML
                if ($is_wpml) {
                    $sitepress->switch_lang($active_lang, true);
                }
                // WPML
                wp_send_json($json);
            } else {
                if ($wp_filesystem->exists($file_path)) {
                    $wp_filesystem->delete($file_path);
                }
                if (!$posts_count > 0) {
                    $json['error'] = __('No records to export.', GEODIRECTORY_TEXTDOMAIN);
                } else {
                    $args = array('hide_empty' => 0);
                    $posts = geodir_imex_get_posts($post_type);
                    if (!empty($posts)) {
                        $total_posts = count($posts);
                        $per_page = 100;
                        $total_pages = ceil($total_posts / $per_page);
                        for ($i = 0; $i <= $total_pages; $i++) {
                            $save_posts = array_slice($posts, $i * $per_page, $per_page);
                            $clear = $i == 0 ? true : false;
                            geodir_save_csv_data($file_path_temp, $save_posts, $clear);
                        }
                        if ($wp_filesystem->exists($file_path_temp)) {
                            $wp_filesystem->move($file_path_temp, $file_path, true);
                        }
                        if ($wp_filesystem->exists($file_path)) {
                            $json['total'] = $posts_count;
                            $json['csv_file'] = $file_url;
                        } else {
                            $json['error'] = __('Fail, something wrong to create csv file.', GEODIRECTORY_TEXTDOMAIN);
                        }
                    } else {
                        $json['error'] = __('No records to export.', GEODIRECTORY_TEXTDOMAIN);
                    }
                }
                // WPML
                if ($is_wpml) {
                    $sitepress->switch_lang($active_lang, true);
                }
                // WPML
                wp_send_json($json);
            }
            break;
        case 'export_cats':
            // WPML
            $is_wpml = geodir_is_wpml();
            if ($is_wpml) {
                global $sitepress;
                $active_lang = ICL_LANGUAGE_CODE;
                $sitepress->switch_lang('all', true);
            }
            // WPML
            $file_name = $post_type . 'category_' . date('j_n_y');
            $terms_count = geodir_get_terms_count($post_type);
            $file_url = geodir_path_import_export() . '/' . $file_name . '.csv';
            $file_path = $csv_file_dir . '/' . $file_name . '.csv';
            $file_path_temp = $csv_file_dir . '/' . $post_type . 'category_' . $nonce . '.csv';
            if (isset($_REQUEST['_st'])) {
                $line_count = (int) geodir_import_export_line_count($file_path_temp);
                $percentage = count($terms_count) > 0 && $line_count > 0 ? ceil($line_count / $terms_count) * 100 : 0;
                $percentage = min($percentage, 100);
                $json['percentage'] = $percentage;
                // WPML
                if ($is_wpml) {
                    $sitepress->switch_lang($active_lang, true);
                }
                // WPML
                wp_send_json($json);
            } else {
                if ($wp_filesystem->exists($file_path)) {
                    $wp_filesystem->delete($file_path);
                }
                if (!$terms_count > 0) {
                    $json['error'] = __('No records to export.', GEODIRECTORY_TEXTDOMAIN);
                } else {
                    $args = array('hide_empty' => 0);
                    $terms = geodir_imex_get_terms($post_type);
                    if (!empty($terms)) {
                        $total_terms = count($terms);
                        $per_page = 50;
                        $total_pages = ceil($total_terms / $per_page);
                        for ($i = 0; $i <= $total_pages; $i++) {
                            $save_terms = array_slice($terms, $i * $per_page, $per_page);
                            $clear = $i == 0 ? true : false;
                            geodir_save_csv_data($file_path_temp, $save_terms, $clear);
                        }
                        if ($wp_filesystem->exists($file_path_temp)) {
                            $wp_filesystem->move($file_path_temp, $file_path, true);
                        }
                        if ($wp_filesystem->exists($file_path)) {
                            $json['total'] = $terms_count;
                            $json['csv_file'] = $file_url;
                        } else {
                            $json['error'] = __('Fail, something wrong to create csv file.', GEODIRECTORY_TEXTDOMAIN);
                        }
                    } else {
                        $json['error'] = __('No records to export.', GEODIRECTORY_TEXTDOMAIN);
                    }
                }
                // WPML
                if ($is_wpml) {
                    $sitepress->switch_lang($active_lang, true);
                }
                // WPML
                wp_send_json($json);
            }
            break;
        case 'prepare_import':
        case 'import_cat':
        case 'import_post':
            // WPML
            $is_wpml = geodir_is_wpml();
            if ($is_wpml) {
                global $sitepress;
                $active_lang = ICL_LANGUAGE_CODE;
            }
            // WPML
            ini_set('auto_detect_line_endings', true);
            $uploads = wp_upload_dir();
            $uploads_dir = $uploads['path'];
            $uploads_subdir = $uploads['subdir'];
            $csv_file = isset($_POST['_file']) ? $_POST['_file'] : NULL;
            $import_choice = isset($_REQUEST['_ch']) ? $_REQUEST['_ch'] : 'skip';
            $csv_file_arr = explode('/', $csv_file);
            $csv_filename = end($csv_file_arr);
            $target_path = $uploads_dir . '/temp_' . $current_user->data->ID . '/' . $csv_filename;
            $json['file'] = $csv_file;
            $json['error'] = __('The uploaded file is not a valid csv file. Please try again.', GEODIRECTORY_TEXTDOMAIN);
            if ($csv_file && $wp_filesystem->is_file($target_path) && $wp_filesystem->exists($target_path)) {
                $wp_filetype = wp_check_filetype_and_ext($target_path, $csv_filename);
                if (!empty($wp_filetype) && isset($wp_filetype['ext']) && strtolower($wp_filetype['ext']) == 'csv') {
                    $json['error'] = NULL;
                    $json['rows'] = 0;
                    if (($handle = fopen($target_path, "r")) !== FALSE) {
                        while (($data = fgetcsv($handle, 100000, ",")) !== FALSE) {
                            if (!empty($data)) {
                                $file[] = $data;
                            }
                        }
                        fclose($handle);
                    }
                    $json['rows'] = !empty($file) && count($file) > 1 ? count($file) - 1 : 0;
                    if (!$json['rows'] > 0) {
                        $json['error'] = __('No data found in csv file.', GEODIRECTORY_TEXTDOMAIN);
                    }
                } else {
                    wp_send_json($json);
                }
            } else {
                wp_send_json($json);
            }
            if ($task == 'prepare_import' || !empty($json['error'])) {
                wp_send_json($json);
            }
            $total = $json['rows'];
            $limit = isset($_POST['limit']) ? (int) $_POST['limit'] : 1;
            $processed = isset($_POST['processed']) ? (int) $_POST['processed'] : 0;
            $count = $limit;
            $requested_limit = $limit;
            if ($count < $total) {
                $count = $processed + $count;
                if ($count > $total) {
                    $count = $total;
                }
            } else {
                $count = $total;
            }
            $created = 0;
            $updated = 0;
            $skipped = 0;
            $invalid = 0;
            $invalid_addr = 0;
            $images = 0;
            $invalid_title = 0;
            $customKeyarray = array();
            $gd_post_info = array();
            $post_location = array();
            $countpost = 0;
            $post_types = geodir_get_posttypes();
            if ($task == 'import_cat') {
                if (!empty($file)) {
                    $columns = isset($file[0]) ? $file[0] : NULL;
                    if (empty($columns) || !empty($columns) && $columns[0] == '') {
                        $json['error'] = CSV_INVAILD_FILE;
                        wp_send_json($json);
                    }
                    for ($i = 1; $i <= $limit; $i++) {
                        $index = $processed + $i;
                        if (isset($file[$index])) {
                            $row = $file[$index];
                            $row = array_map('trim', $row);
                            $row = array_map('utf8_encode', $row);
                            $cat_id = '';
                            $cat_name = '';
                            $cat_slug = '';
                            $cat_posttype = '';
                            $cat_parent = '';
                            $cat_description = '';
                            $cat_top_description = '';
                            $cat_image = '';
                            $cat_icon = '';
                            $cat_language = '';
                            $c = 0;
                            foreach ($columns as $column) {
                                if ($column == 'cat_id') {
                                    $cat_id = (int) $row[$c];
                                } else {
                                    if ($column == 'cat_name') {
                                        $cat_name = $row[$c];
                                    } else {
                                        if ($column == 'cat_slug') {
                                            $cat_slug = $row[$c];
                                        } else {
                                            if ($column == 'cat_posttype') {
                                                $cat_posttype = $row[$c];
                                            } else {
                                                if ($column == 'cat_parent') {
                                                    $cat_parent = trim($row[$c]);
                                                } else {
                                                    if ($column == 'cat_description') {
                                                        $cat_description = $row[$c];
                                                    } else {
                                                        if ($column == 'cat_top_description') {
                                                            $cat_top_description = $row[$c];
                                                        } else {
                                                            if ($column == 'cat_image') {
                                                                $cat_image = $row[$c];
                                                            } else {
                                                                if ($column == 'cat_icon') {
                                                                    $cat_icon = $row[$c];
                                                                }
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                                // WPML
                                if ($is_wpml && $column == 'cat_language') {
                                    $cat_language = strtolower(trim($row[$c]));
                                }
                                // WPML
                                $c++;
                            }
                            if ($cat_name == '' || !in_array($cat_posttype, $post_types)) {
                                $invalid++;
                                continue;
                            }
                            // WPML
                            if ($is_wpml && $cat_language != '') {
                                $sitepress->switch_lang($cat_language, true);
                            }
                            // WPML
                            $term_data = array();
                            $term_data['name'] = $cat_name;
                            $term_data['slug'] = $cat_slug;
                            $term_data['description'] = $cat_description;
                            $term_data['top_description'] = $cat_top_description;
                            $term_data['image'] = $cat_image != '' ? basename($cat_image) : '';
                            $term_data['icon'] = $cat_icon != '' ? basename($cat_icon) : '';
                            $term_data = array_map('utf8_encode', $term_data);
                            $taxonomy = $cat_posttype . 'category';
                            $term_data['taxonomy'] = $taxonomy;
                            $term_parent_id = 0;
                            if ($cat_parent != "" || (int) $cat_parent > 0) {
                                $term_parent = '';
                                if ($term_parent = get_term_by('name', $cat_parent, $taxonomy)) {
                                    $term_parent = $term_parent;
                                } else {
                                    if ($term_parent = get_term_by('slug', $cat_parent, $taxonomy)) {
                                        $term_parent = $term_parent;
                                    } else {
                                        if ($term_parent = get_term_by('id', $cat_parent, $taxonomy)) {
                                            $term_parent = $term_parent;
                                        } else {
                                            $term_parent_data = array();
                                            $term_parent_data['name'] = $cat_parent;
                                            $term_parent_data = array_map('utf8_encode', $term_parent_data);
                                            $term_parent_data['taxonomy'] = $taxonomy;
                                            $term_parent_id = (int) geodir_imex_insert_term($taxonomy, $term_parent_data);
                                        }
                                    }
                                }
                                if (!empty($term_parent) && !is_wp_error($term_parent)) {
                                    $term_parent_id = (int) $term_parent->term_id;
                                }
                            }
                            $term_data['parent'] = (int) $term_parent_id;
                            $term_id = NULL;
                            if ($import_choice == 'update') {
                                if ($cat_id > 0 && ($term = (array) term_exists($cat_id, $taxonomy))) {
                                    $term_data['term_id'] = $term['term_id'];
                                    if ($term_id = geodir_imex_update_term($taxonomy, $term_data)) {
                                        $updated++;
                                    } else {
                                        $invalid++;
                                    }
                                } else {
                                    if ($term_data['slug'] != '' && ($term = (array) term_exists($term_data['slug'], $taxonomy))) {
                                        $term_data['term_id'] = $term['term_id'];
                                        if ($term_id = geodir_imex_update_term($taxonomy, $term_data)) {
                                            $updated++;
                                        } else {
                                            $invalid++;
                                        }
                                    } else {
                                        if ($term_id = geodir_imex_insert_term($taxonomy, $term_data)) {
                                            $created++;
                                        } else {
                                            $invalid++;
                                        }
                                    }
                                }
                            } else {
                                if ($import_choice == 'skip') {
                                    if ($cat_id > 0 && ($term = (array) term_exists($cat_id, $taxonomy))) {
                                        $skipped++;
                                    } else {
                                        if ($term_data['slug'] != '' && ($term = (array) term_exists($term_data['slug'], $taxonomy))) {
                                            $skipped++;
                                        } else {
                                            if ($term_id = geodir_imex_insert_term($taxonomy, $term_data)) {
                                                $created++;
                                            } else {
                                                $invalid++;
                                            }
                                        }
                                    }
                                } else {
                                    $invalid++;
                                }
                            }
                            if ($term_id) {
                                if (isset($term_data['top_description'])) {
                                    update_tax_meta($term_id, 'ct_cat_top_desc', $term_data['top_description'], $cat_posttype);
                                }
                                $attachment = false;
                                if (isset($term_data['image']) && $term_data['image'] != '') {
                                    $cat_image = geodir_get_default_catimage($term_id, $cat_posttype);
                                    $cat_image = !empty($cat_image) && isset($cat_image['src']) ? $cat_image['src'] : '';
                                    if (basename($cat_image) != $term_data['image']) {
                                        $attachment = true;
                                        update_tax_meta($term_id, 'ct_cat_default_img', array('id' => 'image', 'src' => $uploads['url'] . '/' . $term_data['image']), $cat_posttype);
                                    }
                                }
                                if (isset($term_data['icon']) && $term_data['icon'] != '') {
                                    $cat_icon = get_tax_meta($term_id, 'ct_cat_icon', false, $cat_posttype);
                                    $cat_icon = !empty($cat_icon) && isset($cat_icon['src']) ? $cat_icon['src'] : '';
                                    if (basename($cat_icon) != $term_data['icon']) {
                                        $attachment = true;
                                        update_tax_meta($term_id, 'ct_cat_icon', array('id' => 'icon', 'src' => $uploads['url'] . '/' . $term_data['icon']), $cat_posttype);
                                    }
                                }
                                if ($attachment) {
                                    $images++;
                                }
                            }
                            // WPML
                            if ($is_wpml && $cat_language != '') {
                                $sitepress->switch_lang($active_lang, true);
                            }
                            // WPML
                        }
                    }
                }
                $json = array();
                $json['processed'] = $limit;
                $json['created'] = $created;
                $json['updated'] = $updated;
                $json['skipped'] = $skipped;
                $json['invalid'] = $invalid;
                $json['images'] = $images;
                wp_send_json($json);
            } else {
                if ($task == 'import_post') {
                    if (!empty($file)) {
                        $wp_post_statuses = get_post_statuses();
                        // All of the WordPress supported post statuses.
                        $default_status = 'publish';
                        $current_date = date_i18n('Y-m-d', time());
                        $columns = isset($file[0]) ? $file[0] : NULL;
                        if (empty($columns) || !empty($columns) && $columns[0] == '') {
                            $json['error'] = CSV_INVAILD_FILE;
                            wp_send_json($json);
                        }
                        for ($i = 1; $i <= $limit; $i++) {
                            $index = $processed + $i;
                            $gd_post = array();
                            if (isset($file[$index])) {
                                $row = $file[$index];
                                $row = array_map('trim', $row);
                                $row = array_map('utf8_encode', $row);
                                $row = array_map('addslashes_gpc', $row);
                                $post_id = '';
                                $post_title = '';
                                $post_author = '';
                                $post_content = '';
                                $post_category_arr = array();
                                $post_tags = array();
                                $post_type = '';
                                $post_status = '';
                                $geodir_video = '';
                                $post_address = '';
                                $post_city = '';
                                $post_region = '';
                                $post_country = '';
                                $post_zip = '';
                                $post_latitude = '';
                                $post_longitude = '';
                                $geodir_timing = '';
                                $geodir_contact = '';
                                $geodir_email = '';
                                $geodir_website = '';
                                $geodir_twitter = '';
                                $geodir_facebook = '';
                                $geodir_twitter = '';
                                $post_images = array();
                                $expire_date = 'Never';
                                $language = '';
                                $original_post_id = '';
                                $c = 0;
                                foreach ($columns as $column) {
                                    $gd_post[$column] = $row[$c];
                                    if ($column == 'post_id') {
                                        $post_id = $row[$c];
                                    } else {
                                        if ($column == 'post_title') {
                                            $post_title = $row[$c];
                                        } else {
                                            if ($column == 'post_author') {
                                                $post_author = $row[$c];
                                            } else {
                                                if ($column == 'post_content') {
                                                    $post_content = $row[$c];
                                                } else {
                                                    if ($column == 'post_category' && $row[$c] != '') {
                                                        $post_category_arr = explode(',', $row[$c]);
                                                    } else {
                                                        if ($column == 'post_tags' && $row[$c] != '') {
                                                            $post_tags = explode(',', $row[$c]);
                                                        } else {
                                                            if ($column == 'post_type') {
                                                                $post_type = $row[$c];
                                                            } else {
                                                                if ($column == 'post_status') {
                                                                    $post_status = sanitize_key($row[$c]);
                                                                } else {
                                                                    if ($column == 'is_featured') {
                                                                        $is_featured = (int) $row[$c];
                                                                    } else {
                                                                        if ($column == 'geodir_video') {
                                                                            $geodir_video = $row[$c];
                                                                        } else {
                                                                            if ($column == 'post_address') {
                                                                                $post_address = $row[$c];
                                                                            } else {
                                                                                if ($column == 'post_city') {
                                                                                    $post_city = $row[$c];
                                                                                } else {
                                                                                    if ($column == 'post_region') {
                                                                                        $post_region = $row[$c];
                                                                                    } else {
                                                                                        if ($column == 'post_country') {
                                                                                            $post_country = $row[$c];
                                                                                        } else {
                                                                                            if ($column == 'post_zip') {
                                                                                                $post_zip = $row[$c];
                                                                                            } else {
                                                                                                if ($column == 'post_latitude') {
                                                                                                    $post_latitude = $row[$c];
                                                                                                } else {
                                                                                                    if ($column == 'post_longitude') {
                                                                                                        $post_longitude = $row[$c];
                                                                                                    } else {
                                                                                                        if ($column == 'geodir_timing') {
                                                                                                            $geodir_timing = $row[$c];
                                                                                                        } else {
                                                                                                            if ($column == 'geodir_contact') {
                                                                                                                $geodir_contact = $row[$c];
                                                                                                            } else {
                                                                                                                if ($column == 'geodir_email') {
                                                                                                                    $geodir_email = $row[$c];
                                                                                                                } else {
                                                                                                                    if ($column == 'geodir_website') {
                                                                                                                        $geodir_website = $row[$c];
                                                                                                                    } else {
                                                                                                                        if ($column == 'geodir_twitter') {
                                                                                                                            $geodir_twitter = $row[$c];
                                                                                                                        } else {
                                                                                                                            if ($column == 'geodir_facebook') {
                                                                                                                                $geodir_facebook = $row[$c];
                                                                                                                            } else {
                                                                                                                                if ($column == 'geodir_twitter') {
                                                                                                                                    $geodir_twitter = $row[$c];
                                                                                                                                } else {
                                                                                                                                    if ($column == 'IMAGE' && !empty($row[$c]) && $row[$c] != '') {
                                                                                                                                        $post_images[] = $row[$c];
                                                                                                                                    } else {
                                                                                                                                        if ($column == 'alive_days' && (int) $row[$c] > 0) {
                                                                                                                                            $expire_date = date_i18n('Y-m-d', strtotime($current_date . '+' . (int) $row[$c] . ' days'));
                                                                                                                                        } else {
                                                                                                                                            if ($column == 'expire_date' && $row[$c] != '' && strtolower($row[$c]) != 'never') {
                                                                                                                                                $row[$c] = str_replace('/', '-', $row[$c]);
                                                                                                                                                $expire_date = date_i18n('Y-m-d', strtotime($row[$c]));
                                                                                                                                            }
                                                                                                                                        }
                                                                                                                                    }
                                                                                                                                }
                                                                                                                            }
                                                                                                                        }
                                                                                                                    }
                                                                                                                }
                                                                                                            }
                                                                                                        }
                                                                                                    }
                                                                                                }
                                                                                            }
                                                                                        }
                                                                                    }
                                                                                }
                                                                            }
                                                                        }
                                                                    }
                                                                }
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                    // WPML
                                    if ($is_wpml) {
                                        if ($column == 'language') {
                                            $language = strtolower(trim($row[$c]));
                                        } else {
                                            if ($column == 'original_post_id') {
                                                $original_post_id = (int) $row[$c];
                                            }
                                        }
                                    }
                                    // WPML
                                    $c++;
                                }
                                // WPML
                                if ($is_wpml && $language != '') {
                                    $sitepress->switch_lang($language, true);
                                }
                                // WPML
                                $gd_post['IMAGE'] = $post_images;
                                $post_status = !empty($post_status) ? sanitize_key($post_status) : $default_status;
                                $post_status = !empty($wp_post_statuses) && !isset($wp_post_statuses[$post_status]) ? $default_status : $post_status;
                                $valid = true;
                                if ($post_title == '' || !in_array($post_type, $post_types)) {
                                    $invalid++;
                                    $valid = false;
                                }
                                $location_allowed = function_exists('geodir_cpt_no_location') && geodir_cpt_no_location($post_type) ? false : true;
                                if ($location_allowed) {
                                    $location_result = geodir_get_default_location();
                                    if ($post_address == '' || $post_city == '' || $post_region == '' || $post_country == '' || $post_latitude == '' || $post_longitude == '') {
                                        $invalid_addr++;
                                        $valid = false;
                                    } else {
                                        if (!empty($location_result) && $location_result->location_id == 0) {
                                            if (strtolower($post_city) != strtolower($location_result->city) || strtolower($post_region) != strtolower($location_result->region) || strtolower($post_country) != strtolower($location_result->country)) {
                                                $invalid_addr++;
                                                $valid = false;
                                            } else {
                                                if (!function_exists('geodir_location_plugin_activated')) {
                                                    $gd_post['post_locations'] = '[' . $location_result->city_slug . '],[' . $location_result->region_slug . '],[' . $location_result->country_slug . ']';
                                                    // Set the default location when location manager not activated.
                                                }
                                            }
                                        }
                                    }
                                }
                                if (!$valid) {
                                    continue;
                                }
                                $cat_taxonomy = $post_type . 'category';
                                $tags_taxonomy = $post_type . '_tags';
                                $post_category = array();
                                if (!empty($post_category_arr)) {
                                    foreach ($post_category_arr as $value) {
                                        $category_name = wp_kses_normalize_entities(trim($value));
                                        if ($category_name != '') {
                                            $term_category = array();
                                            if ($term = get_term_by('name', $category_name, $cat_taxonomy)) {
                                                $term_category = $term;
                                            } else {
                                                if ($term = get_term_by('slug', $category_name, $cat_taxonomy)) {
                                                    $term_category = $term;
                                                } else {
                                                    $term_data = array();
                                                    $term_data['name'] = $category_name;
                                                    $term_data = array_map('utf8_encode', $term_data);
                                                    $term_data['taxonomy'] = $cat_taxonomy;
                                                    $term_id = geodir_imex_insert_term($cat_taxonomy, $term_data);
                                                    if ($term_id) {
                                                        $term_category = get_term($term_id, $cat_taxonomy);
                                                    }
                                                }
                                            }
                                            if (!empty($term_category) && !is_wp_error($term_category)) {
                                                //$post_category[] = $term_category->slug;
                                                $post_category[] = intval($term_category->term_id);
                                            }
                                        }
                                    }
                                }
                                $save_post = array();
                                $save_post['post_title'] = $post_title;
                                $save_post['post_content'] = $post_content;
                                $save_post['post_type'] = $post_type;
                                $save_post['post_author'] = $post_author;
                                $save_post['post_status'] = $post_status;
                                $save_post['post_category'] = $post_category;
                                $save_post['post_tags'] = $post_tags;
                                $saved_post_id = NULL;
                                if ($import_choice == 'update') {
                                    if ($post_id > 0 && get_post($post_id)) {
                                        $save_post['ID'] = $post_id;
                                        if (wp_update_post($save_post)) {
                                            $saved_post_id = $post_id;
                                            $updated++;
                                        }
                                    } else {
                                        if ($saved_post_id = wp_insert_post($save_post)) {
                                            $created++;
                                        }
                                    }
                                    if (!$saved_post_id > 0) {
                                        $invalid++;
                                    }
                                } else {
                                    if ($import_choice == 'skip') {
                                        if ($post_id > 0 && get_post($post_id)) {
                                            $skipped++;
                                        } else {
                                            if ($saved_post_id = wp_insert_post($save_post)) {
                                                $created++;
                                            } else {
                                                $invalid++;
                                            }
                                        }
                                    } else {
                                        $invalid++;
                                    }
                                }
                                if ((int) $saved_post_id > 0) {
                                    // WPML
                                    if ($is_wpml && $original_post_id > 0 && $language != '') {
                                        $wpml_post_type = 'post_' . $post_type;
                                        $source_language = geodir_get_language_for_element($original_post_id, $wpml_post_type);
                                        $source_language = $source_language != '' ? $source_language : $sitepress->get_default_language();
                                        $trid = $sitepress->get_element_trid($original_post_id, $wpml_post_type);
                                        $sitepress->set_element_language_details($saved_post_id, $wpml_post_type, $trid, $language, $source_language);
                                    }
                                    // WPML
                                    $gd_post_info = geodir_get_post_info($saved_post_id);
                                    $gd_post['post_id'] = $saved_post_id;
                                    $gd_post['ID'] = $saved_post_id;
                                    $gd_post['post_tags'] = $post_tags;
                                    $gd_post['post_title'] = $post_title;
                                    $gd_post['post_status'] = $post_status;
                                    $gd_post['submit_time'] = time();
                                    $gd_post['submit_ip'] = $_SERVER['REMOTE_ADDR'];
                                    // post location
                                    $post_location_id = 0;
                                    if ($location_allowed && !empty($location_result) && $location_result->location_id > 0) {
                                        $post_location_info = array('city' => $post_city, 'region' => $post_region, 'country' => $post_country, 'geo_lat' => $post_latitude, 'geo_lng' => $post_longitude);
                                        if ($location_id = (int) geodir_add_new_location($post_location_info)) {
                                            $post_location_id = $location_id;
                                        }
                                    }
                                    $gd_post['post_location_id'] = $post_location_id;
                                    // post package info
                                    $package_id = isset($gd_post['package_id']) && !empty($gd_post['package_id']) ? (int) $gd_post['package_id'] : 0;
                                    if (!$package_id && !empty($gd_post_info) && isset($gd_post_info->package_id) && $gd_post_info->package_id) {
                                        $package_id = $gd_post_info->package_id;
                                    }
                                    $package_info = array();
                                    if ($package_id && function_exists('geodir_get_package_info_by_id')) {
                                        $package_info = (array) geodir_get_package_info_by_id($package_id);
                                        if (!(!empty($package_info) && isset($package_info['post_type']) && $package_info['post_type'] == $post_type)) {
                                            $package_info = array();
                                        }
                                    }
                                    if (empty($package_info)) {
                                        $package_info = (array) geodir_post_package_info(array(), '', $post_type);
                                    }
                                    if (!empty($package_info)) {
                                        $package_id = $package_info['pid'];
                                        if (isset($gd_post['alive_days']) || isset($gd_post['expire_date'])) {
                                            $gd_post['expire_date'] = $expire_date;
                                        } else {
                                            if (isset($package_info['days']) && (int) $package_info['days'] > 0) {
                                                $gd_post['alive_days'] = (int) $package_info['days'];
                                                $gd_post['expire_date'] = date_i18n('Y-m-d', strtotime($current_date . '+' . (int) $package_info['days'] . ' days'));
                                            } else {
                                                $gd_post['expire_date'] = 'Never';
                                            }
                                        }
                                        $gd_post['package_id'] = $package_id;
                                    }
                                    $table = $plugin_prefix . $post_type . '_detail';
                                    if ($post_type == 'gd_event') {
                                        $gd_post = geodir_imex_process_event_data($gd_post);
                                    }
                                    if (isset($gd_post['post_id'])) {
                                        unset($gd_post['post_id']);
                                    }
                                    // Export franchise fields
                                    $is_franchise_active = is_plugin_active('geodir_franchise/geodir_franchise.php') && geodir_franchise_enabled($post_type) ? true : false;
                                    if ($is_franchise_active) {
                                        if (isset($gd_post['gd_is_franchise']) && (int) $gd_post['gd_is_franchise'] == 1) {
                                            $gd_franchise_lock = array();
                                            if (isset($gd_post['gd_franchise_lock'])) {
                                                $gd_franchise_lock = str_replace(" ", "", $gd_post['gd_franchise_lock']);
                                                $gd_franchise_lock = trim($gd_franchise_lock);
                                                $gd_franchise_lock = explode(",", $gd_franchise_lock);
                                            }
                                            update_post_meta($saved_post_id, 'gd_is_franchise', 1);
                                            update_post_meta($saved_post_id, 'gd_franchise_lock', $gd_franchise_lock);
                                        } else {
                                            if (isset($gd_post['franchise']) && (int) $gd_post['franchise'] > 0 && geodir_franchise_check((int) $gd_post['franchise'])) {
                                                geodir_save_post_meta($saved_post_id, 'franchise', (int) $gd_post['franchise']);
                                            }
                                        }
                                    }
                                    if (!empty($save_post['post_category']) && is_array($save_post['post_category'])) {
                                        $save_post['post_category'] = array_unique(array_map('intval', $save_post['post_category']));
                                        $gd_post[$cat_taxonomy] = $save_post['post_category'];
                                    }
                                    // Save post info
                                    geodir_save_post_info($saved_post_id, $gd_post);
                                    // post taxonomies
                                    if (!empty($save_post['post_category'])) {
                                        wp_set_object_terms($saved_post_id, $save_post['post_category'], $cat_taxonomy);
                                        $post_default_category = isset($save_post['post_default_category']) ? $save_post['post_default_category'] : '';
                                        $post_category_str = isset($save_post['post_category_str']) ? $save_post['post_category_str'] : '';
                                        geodir_set_postcat_structure($saved_post_id, $cat_taxonomy, $post_default_category, $post_category_str);
                                    }
                                    if (!empty($save_post['post_tags'])) {
                                        wp_set_object_terms($saved_post_id, $save_post['post_tags'], $tags_taxonomy);
                                    }
                                    // Post images
                                    if (!empty($post_images)) {
                                        $post_images = array_unique($post_images);
                                        $old_post_images_arr = array();
                                        $saved_post_images_arr = array();
                                        $order = 1;
                                        $old_post_images = geodir_get_images($saved_post_id);
                                        if (!empty($old_post_images)) {
                                            foreach ($old_post_images as $old_post_image) {
                                                if (!empty($old_post_image) && isset($old_post_image->file) && $old_post_image->file != '') {
                                                    $old_post_images_arr[] = $old_post_image->file;
                                                }
                                            }
                                        }
                                        foreach ($post_images as $post_image) {
                                            $image_name = basename($post_image);
                                            $saved_post_images_arr[] = $image_name;
                                            if (!empty($old_post_images_arr) && in_array($image_name, $old_post_images_arr)) {
                                                continue;
                                                // Skip if image already exists.
                                            }
                                            $image_name_parts = explode('.', $image_name);
                                            array_pop($image_name_parts);
                                            $proper_image_name = implode('.', $image_name_parts);
                                            $arr_file_type = wp_check_filetype($image_name);
                                            if (!empty($arr_file_type)) {
                                                $uploaded_file_type = $arr_file_type['type'];
                                                $attachment = array();
                                                $attachment['post_id'] = $saved_post_id;
                                                $attachment['title'] = $proper_image_name;
                                                $attachment['content'] = '';
                                                $attachment['file'] = $uploads_subdir . '/' . $image_name;
                                                $attachment['mime_type'] = $uploaded_file_type;
                                                $attachment['menu_order'] = $order;
                                                $attachment['is_featured'] = 0;
                                                $attachment_set = '';
                                                foreach ($attachment as $key => $val) {
                                                    if ($val != '') {
                                                        $attachment_set .= $key . " = '" . $val . "', ";
                                                    }
                                                }
                                                $attachment_set = trim($attachment_set, ", ");
                                                // Add new attachment
                                                $wpdb->query("INSERT INTO " . GEODIR_ATTACHMENT_TABLE . " SET " . $attachment_set);
                                                $order++;
                                            }
                                        }
                                        $saved_post_images_sql = !empty($saved_post_images_arr) ? " AND ( file NOT LIKE '%/" . implode("' AND file NOT LIKE '%/", $saved_post_images_arr) . "' )" : '';
                                        // Remove previous attachment
                                        $wpdb->query("DELETE FROM " . GEODIR_ATTACHMENT_TABLE . " WHERE post_id = " . (int) $saved_post_id . " " . $saved_post_images_sql);
                                        if (!empty($saved_post_images_arr)) {
                                            $menu_order = 1;
                                            foreach ($saved_post_images_arr as $img_name) {
                                                $wpdb->query($wpdb->prepare("UPDATE " . GEODIR_ATTACHMENT_TABLE . " SET menu_order = %d WHERE post_id =%d AND file LIKE %s", array($menu_order, $saved_post_id, '%/' . $img_name)));
                                                if ($menu_order == 1) {
                                                    if ($featured_image = $wpdb->get_var($wpdb->prepare("SELECT file FROM " . GEODIR_ATTACHMENT_TABLE . " WHERE post_id =%d AND file LIKE %s", array($saved_post_id, '%/' . $img_name)))) {
                                                        $wpdb->query($wpdb->prepare("UPDATE " . $table . " SET featured_image = %s WHERE post_id =%d", array($featured_image, $saved_post_id)));
                                                    }
                                                }
                                                $menu_order++;
                                            }
                                        }
                                        if ($order > 1) {
                                            $images++;
                                        }
                                    }
                                    /** This action is documented in geodirectory-functions/post-functions.php */
                                    do_action('geodir_after_save_listing', $saved_post_id, $gd_post);
                                    if (isset($is_featured)) {
                                        geodir_save_post_meta($saved_post_id, 'is_featured', $is_featured);
                                    }
                                    if (isset($gd_post['expire_date'])) {
                                        geodir_save_post_meta($saved_post_id, 'expire_date', $gd_post['expire_date']);
                                    }
                                }
                                // WPML
                                if ($is_wpml && $language != '') {
                                    $sitepress->switch_lang($active_lang, true);
                                }
                                // WPML
                            }
                        }
                    }
                    $json = array();
                    $json['processed'] = $limit;
                    $json['created'] = $created;
                    $json['updated'] = $updated;
                    $json['skipped'] = $skipped;
                    $json['invalid'] = $invalid;
                    $json['invalid_addr'] = $invalid_addr;
                    $json['images'] = $images;
                    wp_send_json($json);
                }
            }
            break;
    }
    echo '0';
    wp_die();
}
Ejemplo n.º 9
0
/**
 * Adds 'login_post' context which changes URL scheme and escape URL for displaying on site
 *
 * @param string $url
 * @param string $original_url
 * @param string $context
 *
 * @return string
 */
function appthemes_add_login_post_context($url, $original_url, $context)
{
    if ($context == 'login_post') {
        $url = set_url_scheme($url, $context);
        $url = wp_kses_normalize_entities($url);
        $url = str_replace('&amp;', '&#038;', $url);
        $url = str_replace("'", '&#039;', $url);
    }
    return $url;
}
Ejemplo n.º 10
0
 public function html_out($value = 0)
 {
     if ($value) {
         return wp_kses_normalize_entities($value);
     }
 }
/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since 2.8.0
 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
 *		via $protocols or the common ones set in the function.
 *
 * @param string $url The URL to be cleaned.
 * @param array $protocols Optional. An array of acceptable protocols.
 *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
 * @param string $_context Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url( $url, $protocols = null, $_context = 'display' ) {
	$original_url = $url;

	if ( '' == $url )
		return $url;
	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
	$strip = array('%0d', '%0a', '%0D', '%0A');
	$url = _deep_replace($strip, $url);
	$url = str_replace(';//', '://', $url);
	/* If the URL doesn't appear to contain a scheme, we
	 * presume it needs http:// appended (unless a relative
	 * link starting with /, # or ? or a php file).
	 */
	if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
		! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
		$url = 'http://' . $url;

	// Replace ampersands and single quotes only when displaying.
	if ( 'display' == $_context ) {
		$url = wp_kses_normalize_entities( $url );
		$url = str_replace( '&amp;', '&#038;', $url );
		$url = str_replace( "'", '&#039;', $url );
	}

	if ( '/' === $url[0] ) {
		$good_protocol_url = $url;
	} else {
		if ( ! is_array( $protocols ) )
			$protocols = wp_allowed_protocols();
		$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
		if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
			return '';
	}

	/**
	 * Filter a string cleaned and escaped for output as a URL.
	 *
	 * @since 2.3.0
	 *
	 * @param string $good_protocol_url The cleaned URL to be returned.
	 * @param string $original_url      The URL prior to cleaning.
	 * @param string $_context          If 'display', replace ampersands and single quotes only.
	 */
	return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}
Ejemplo n.º 12
0
/**
 * When search_terms are passed to BP_User_Query, search against xprofile fields.
 *
 * @since BuddyPress (2.0.0)
 *
 * @param array $sql Clauses in the user_id SQL query.
 * @param BP_User_Query User query object.
 */
function bp_xprofile_bp_user_query_search($sql, BP_User_Query $query)
{
    global $wpdb;
    if (empty($query->query_vars['search_terms']) || empty($sql['where']['search'])) {
        return $sql;
    }
    $bp = buddypress();
    $search_terms_clean = bp_esc_like(wp_kses_normalize_entities($query->query_vars['search_terms']));
    if ($query->query_vars['search_wildcard'] === 'left') {
        $search_terms_nospace = '%' . $search_terms_clean;
        $search_terms_space = '%' . $search_terms_clean . ' %';
    } elseif ($query->query_vars['search_wildcard'] === 'right') {
        $search_terms_nospace = $search_terms_clean . '%';
        $search_terms_space = '% ' . $search_terms_clean . '%';
    } else {
        $search_terms_nospace = '%' . $search_terms_clean . '%';
        $search_terms_space = '%' . $search_terms_clean . '%';
    }
    // Combine the core search (against wp_users) into a single OR clause
    // with the xprofile_data search
    $search_xprofile = $wpdb->prepare("u.{$query->uid_name} IN ( SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s OR value LIKE %s )", $search_terms_nospace, $search_terms_space);
    $search_core = $sql['where']['search'];
    $search_combined = "( {$search_xprofile} OR {$search_core} )";
    $sql['where']['search'] = $search_combined;
    return $sql;
}
Ejemplo n.º 13
0
	function test_wp_kses_bad_protocol() {
		$bad = array(
			'dummy:alert(1)',
			'javascript:alert(1)',
			'JaVaScRiPt:alert(1)',
			'javascript:alert(1);',
			'javascript&#58;alert(1);',
			'javascript&#0058;alert(1);',
			'javascript&#0000058alert(1);',
			'javascript&#x3A;alert(1);',
			'javascript&#X3A;alert(1);',
			'javascript&#X3a;alert(1);',
			'javascript&#x3a;alert(1);',
			'javascript&#x003a;alert(1);',
			'&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29',
			'jav	ascript:alert(1);',
			'jav&#x09;ascript:alert(1);',
			'jav&#x0A;ascript:alert(1);',
			'jav&#x0D;ascript:alert(1);',
			' &#14;  javascript:alert(1);',
			'javascript:javascript:alert(1);',
			'javascript&#58;javascript:alert(1);',
			'javascript&#0000058javascript:alert(1);',
			'javascript:javascript&#58;alert(1);',
			'javascript:javascript&#0000058alert(1);',
			'javascript&#0000058alert(1)//?:',
			'feed:javascript:alert(1)',
			'feed:javascript:feed:javascript:feed:javascript:alert(1)',
		);
		foreach ( $bad as $k => $x ) {
			$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), wp_allowed_protocols() );
			if ( ! empty( $result ) && $result != 'alert(1);' && $result != 'alert(1)' ) {
				switch ( $k ) {
					case 6: $this->assertEquals( 'javascript&amp;#0000058alert(1);', $result ); break;
					case 12:
						$this->assertEquals( str_replace( '&', '&amp;', $x ), $result );
						break;
					case 22: $this->assertEquals( 'javascript&amp;#0000058alert(1);', $result ); break;
					case 23: $this->assertEquals( 'javascript&amp;#0000058alert(1)//?:', $result ); break;
					case 24: $this->assertEquals( 'feed:alert(1)', $result ); break;
					default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" );
				}
			}
		}

		$safe = array(
			'dummy:alert(1)',
			'HTTP://example.org/',
			'http://example.org/',
			'http&#58;//example.org/',
			'http&#x3A;//example.org/',
			'https://example.org',
			'http://example.org/wp-admin/post.php?post=2&amp;action=edit',
			'http://example.org/index.php?test=&#039;blah&#039;',
		);
		foreach ( $safe as $x ) {
			$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), array( 'http', 'https', 'dummy' ) );
			if ( $result != $x && $result != 'http://example.org/' )
				$this->fail( "wp_kses_bad_protocol incorrectly blocked $x" );
		}
	}
Ejemplo n.º 14
0
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string            Content to filter through kses
 * @param array  $allowed_html      List of allowed HTML elements
 * @param array  $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
    if (empty($allowed_protocols)) {
        $allowed_protocols = wp_allowed_protocols();
    }
    $string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
    // WP changed the order of these funcs and added args to wp_kses_hook
    return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
 /**
  * Prepare the query for user_ids.
  *
  * @since 1.7.0
  */
 public function prepare_user_ids_query()
 {
     global $wpdb;
     $bp = buddypress();
     // Default query variables used here.
     $type = '';
     $per_page = 0;
     $page = 1;
     $user_id = 0;
     $include = false;
     $search_terms = false;
     $exclude = false;
     $meta_key = false;
     $meta_value = false;
     extract($this->query_vars);
     // Setup the main SQL query container.
     $sql = array('select' => '', 'where' => array(), 'orderby' => '', 'order' => '', 'limit' => '');
     /* TYPE **************************************************************/
     // Determines the sort order, which means it also determines where the
     // user IDs are drawn from (the SELECT and WHERE statements).
     switch ($type) {
         // 'online' query happens against the last_activity usermeta key
         // Filter 'bp_user_query_online_interval' to modify the
         // number of minutes used as an interval.
         case 'online':
             $this->uid_name = 'user_id';
             $this->uid_table = $bp->members->table_name_last_activity;
             $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
             $sql['where'][] = $wpdb->prepare("u.component = %s AND u.type = 'last_activity'", buddypress()->members->id);
             /**
              * Filters the threshold for activity timestamp minutes since to indicate online status.
              *
              * @since 1.8.0
              *
              * @param int $value Amount of minutes for threshold. Default 15.
              */
             $sql['where'][] = $wpdb->prepare("u.date_recorded >= DATE_SUB( UTC_TIMESTAMP(), INTERVAL %d MINUTE )", apply_filters('bp_user_query_online_interval', 15));
             $sql['orderby'] = "ORDER BY u.date_recorded";
             $sql['order'] = "DESC";
             break;
             // 'active', 'newest', and 'random' queries
             // all happen against the last_activity usermeta key.
         // 'active', 'newest', and 'random' queries
         // all happen against the last_activity usermeta key.
         case 'active':
         case 'newest':
         case 'random':
             $this->uid_name = 'user_id';
             $this->uid_table = $bp->members->table_name_last_activity;
             $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
             $sql['where'][] = $wpdb->prepare("u.component = %s AND u.type = 'last_activity'", buddypress()->members->id);
             if ('newest' == $type) {
                 $sql['orderby'] = "ORDER BY u.user_id";
                 $sql['order'] = "DESC";
             } elseif ('random' == $type) {
                 $sql['orderby'] = "ORDER BY rand()";
             } else {
                 $sql['orderby'] = "ORDER BY u.date_recorded";
                 $sql['order'] = "DESC";
             }
             break;
             // 'popular' sorts by the 'total_friend_count' usermeta.
         // 'popular' sorts by the 'total_friend_count' usermeta.
         case 'popular':
             $this->uid_name = 'user_id';
             $this->uid_table = $wpdb->usermeta;
             $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
             $sql['where'][] = $wpdb->prepare("u.meta_key = %s", bp_get_user_meta_key('total_friend_count'));
             $sql['orderby'] = "ORDER BY CONVERT(u.meta_value, SIGNED)";
             $sql['order'] = "DESC";
             break;
             // 'alphabetical' sorts depend on the xprofile setup.
         // 'alphabetical' sorts depend on the xprofile setup.
         case 'alphabetical':
             // We prefer to do alphabetical sorts against the display_name field
             // of wp_users, because the table is smaller and better indexed. We
             // can do so if xprofile sync is enabled, or if xprofile is inactive.
             //
             // @todo remove need for bp_is_active() check.
             if (!bp_disable_profile_sync() || !bp_is_active('xprofile')) {
                 $this->uid_name = 'ID';
                 $this->uid_table = $wpdb->users;
                 $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
                 $sql['orderby'] = "ORDER BY u.display_name";
                 $sql['order'] = "ASC";
                 // When profile sync is disabled, alphabetical sorts must happen against
                 // the xprofile table.
             } else {
                 $this->uid_name = 'user_id';
                 $this->uid_table = $bp->profile->table_name_data;
                 $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
                 $sql['where'][] = $wpdb->prepare("u.field_id = %d", bp_xprofile_fullname_field_id());
                 $sql['orderby'] = "ORDER BY u.value";
                 $sql['order'] = "ASC";
             }
             // Alphabetical queries ignore last_activity, while BP uses last_activity
             // to infer spam/deleted/non-activated users. To ensure that these users
             // are filtered out, we add an appropriate sub-query.
             $sql['where'][] = "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE " . bp_core_get_status_sql('') . " )";
             break;
             // Any other 'type' falls through.
         // Any other 'type' falls through.
         default:
             $this->uid_name = 'ID';
             $this->uid_table = $wpdb->users;
             $sql['select'] = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
             // In this case, we assume that a plugin is
             // handling order, so we leave those clauses
             // blank.
             break;
     }
     /* WHERE *************************************************************/
     // 'include' - User ids to include in the results.
     $include = false !== $include ? wp_parse_id_list($include) : array();
     $include_ids = $this->get_include_ids($include);
     if (!empty($include_ids)) {
         $include_ids = implode(',', wp_parse_id_list($include_ids));
         $sql['where'][] = "u.{$this->uid_name} IN ({$include_ids})";
     }
     // 'exclude' - User ids to exclude from the results.
     if (false !== $exclude) {
         $exclude_ids = implode(',', wp_parse_id_list($exclude));
         $sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})";
     }
     // 'user_id' - When a user id is passed, limit to the friends of the user
     // @todo remove need for bp_is_active() check.
     if (!empty($user_id) && bp_is_active('friends')) {
         $friend_ids = friends_get_friend_user_ids($user_id);
         $friend_ids = implode(',', wp_parse_id_list($friend_ids));
         if (!empty($friend_ids)) {
             $sql['where'][] = "u.{$this->uid_name} IN ({$friend_ids})";
             // If the user has no friends, the query should always
             // return no users.
         } else {
             $sql['where'][] = $this->no_results['where'];
         }
     }
     /* Search Terms ******************************************************/
     // 'search_terms' searches user_login and user_nicename
     // xprofile field matches happen in bp_xprofile_bp_user_query_search().
     if (false !== $search_terms) {
         $search_terms = bp_esc_like(wp_kses_normalize_entities($search_terms));
         if ($search_wildcard === 'left') {
             $search_terms_nospace = '%' . $search_terms;
             $search_terms_space = '%' . $search_terms . ' %';
         } elseif ($search_wildcard === 'right') {
             $search_terms_nospace = $search_terms . '%';
             $search_terms_space = '% ' . $search_terms . '%';
         } else {
             $search_terms_nospace = '%' . $search_terms . '%';
             $search_terms_space = '%' . $search_terms . '%';
         }
         $sql['where']['search'] = $wpdb->prepare("u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_login LIKE %s OR user_nicename LIKE %s OR user_nicename LIKE %s ) )", $search_terms_nospace, $search_terms_space, $search_terms_nospace, $search_terms_space);
     }
     // Only use $member_type__in if $member_type is not set.
     if (empty($member_type) && !empty($member_type__in)) {
         $member_type = $member_type__in;
     }
     // Member types to exclude. Note that this takes precedence over inclusions.
     if (!empty($member_type__not_in)) {
         $member_type_clause = $this->get_sql_clause_for_member_types($member_type__not_in, 'NOT IN');
         // Member types to include.
     } elseif (!empty($member_type)) {
         $member_type_clause = $this->get_sql_clause_for_member_types($member_type, 'IN');
     }
     if (!empty($member_type_clause)) {
         $sql['where']['member_type'] = $member_type_clause;
     }
     // 'meta_key', 'meta_value' allow usermeta search
     // To avoid global joins, do a separate query.
     if (false !== $meta_key) {
         $meta_sql = $wpdb->prepare("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s", $meta_key);
         if (false !== $meta_value) {
             $meta_sql .= $wpdb->prepare(" AND meta_value = %s", $meta_value);
         }
         $found_user_ids = $wpdb->get_col($meta_sql);
         if (!empty($found_user_ids)) {
             $sql['where'][] = "u.{$this->uid_name} IN (" . implode(',', wp_parse_id_list($found_user_ids)) . ")";
         } else {
             $sql['where'][] = '1 = 0';
         }
     }
     // 'per_page', 'page' - handles LIMIT.
     if (!empty($per_page) && !empty($page)) {
         $sql['limit'] = $wpdb->prepare("LIMIT %d, %d", intval(($page - 1) * $per_page), intval($per_page));
     } else {
         $sql['limit'] = '';
     }
     /**
      * Filters the clauses for the user query.
      *
      * @since 2.0.0
      *
      * @param array         $sql  Array of SQL clauses to be used in the query.
      * @param BP_User_Query $this Current BP_User_Query instance.
      */
     $sql = apply_filters_ref_array('bp_user_query_uid_clauses', array($sql, &$this));
     // Assemble the query chunks.
     $this->uid_clauses['select'] = $sql['select'];
     $this->uid_clauses['where'] = !empty($sql['where']) ? 'WHERE ' . implode(' AND ', $sql['where']) : '';
     $this->uid_clauses['orderby'] = $sql['orderby'];
     $this->uid_clauses['order'] = $sql['order'];
     $this->uid_clauses['limit'] = $sql['limit'];
     /**
      * Fires before the BP_User_Query query is made.
      *
      * @since 1.7.0
      *
      * @param BP_User_Query $this Current BP_User_Query instance. Passed by reference.
      */
     do_action_ref_array('bp_pre_user_query', array(&$this));
 }
 static function wp_kses($string, $allowed_html, $allowed_protocols = array())
 {
     $string = wp_kses_no_null($string);
     $string = wp_kses_js_entities($string);
     $string = wp_kses_normalize_entities($string);
     return VaultPress_kses::wp_kses_split($string, $allowed_html, $allowed_protocols);
 }
Ejemplo n.º 17
0
/**
 * Filters one attribute only and ensures its value is allowed.
 *
 * This function has the advantage of being more secure than esc_attr() and can
 * escape data in some situations where wp_kses() must strip the whole attribute.
 *
 * @since 4.2.3
 *
 * @param string $string The 'whole' attribute, including name and value.
 * @param string $element The element name to which the attribute belongs.
 * @return string Filtered attribute.
 */
function wp_kses_one_attr($string, $element)
{
    $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
    $allowed_html = wp_kses_allowed_html('post');
    $allowed_protocols = wp_allowed_protocols();
    $string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    // Preserve leading and trailing whitespace.
    $matches = array();
    preg_match('/^\\s*/', $string, $matches);
    $lead = $matches[0];
    preg_match('/\\s*$/', $string, $matches);
    $trail = $matches[0];
    if (empty($trail)) {
        $string = substr($string, strlen($lead));
    } else {
        $string = substr($string, strlen($lead), -strlen($trail));
    }
    // Parse attribute name and value from input.
    $split = preg_split('/\\s*=\\s*/', $string, 2);
    $name = $split[0];
    if (count($split) == 2) {
        $value = $split[1];
        // Remove quotes surrounding $value.
        // Also guarantee correct quoting in $string for this one attribute.
        if ('' == $value) {
            $quote = '';
        } else {
            $quote = $value[0];
        }
        if ('"' == $quote || "'" == $quote) {
            if (substr($value, -1) != $quote) {
                return '';
            }
            $value = substr($value, 1, -1);
        } else {
            $quote = '"';
        }
        // Sanitize quotes and angle braces.
        $value = htmlspecialchars($value, ENT_QUOTES, null, false);
        // Sanitize URI values.
        if (in_array(strtolower($name), $uris)) {
            $value = wp_kses_bad_protocol($value, $allowed_protocols);
        }
        $string = "{$name}={$quote}{$value}{$quote}";
        $vless = 'n';
    } else {
        $value = '';
        $vless = 'y';
    }
    // Sanitize attribute by name.
    wp_kses_attr_check($name, $value, $string, $vless, $element, $allowed_html);
    // Restore whitespace.
    return $lead . $string . $trail;
}
/**
 * Imports data from CSV file using ajax.
 *
 * @since 1.0.0
 * @package GeoDirectory
 * @global object $wpdb WordPress Database object.
 * @global string $plugin_prefix Geodirectory plugin table prefix.
 * @global object $current_user Current user object.
 */
function geodir_ajax_import_csv()
{
    error_reporting(0);
    // hide error to get clean json response
    global $wpdb, $plugin_prefix, $current_user;
    $uploads = wp_upload_dir();
    ini_set('auto_detect_line_endings', true);
    $wp_post_statuses = get_post_statuses();
    // All of the WordPress supported post statuses.
    $task = isset($_POST['task']) ? $_POST['task'] : '';
    $uploadedFile = isset($_POST['gddata']['uploadedFile']) ? $_POST['gddata']['uploadedFile'] : NULL;
    $filename = $uploadedFile;
    $uploads = wp_upload_dir();
    $uploads_dir = $uploads['path'];
    $image_name_arr = explode('/', $filename);
    $filename = end($image_name_arr);
    $target_path = $uploads_dir . '/temp_' . $current_user->data->ID . '/' . $filename;
    $return = array();
    $return['file'] = $uploadedFile;
    $return['error'] = __('The uploaded file is not a valid csv file. Please try again.', 'geodirectory');
    if (is_file($target_path) && file_exists($target_path) && $uploadedFile) {
        $wp_filetype = wp_check_filetype_and_ext($target_path, $filename);
        if (!empty($wp_filetype) && isset($wp_filetype['ext']) && geodir_strtolower($wp_filetype['ext']) == 'csv') {
            $return['error'] = NULL;
            $return['rows'] = 0;
            if (($handle = fopen($target_path, "r")) !== FALSE) {
                while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
                    if (is_array($data) && !empty($data)) {
                        $file[] = '"' . implode('","', $data) . '"';
                    }
                }
                fclose($handle);
                $file = $file;
            }
            $return['rows'] = !empty($file) && count($file) > 1 ? count($file) - 1 : 0;
            if (!$return['rows'] > 0) {
                $return['error'] = __('No data found in csv file.', 'geodirectory');
            }
        }
    }
    if ($task == 'prepare' || !empty($return['error'])) {
        echo json_encode($return);
        exit;
    }
    $totRecords = isset($_POST['gddata']['totRecords']) ? $_POST['gddata']['totRecords'] : NULL;
    $importlimit = isset($_POST['gddata']['importlimit']) ? $_POST['gddata']['importlimit'] : 1;
    $count = $importlimit;
    $requested_limit = $importlimit;
    $tmpCnt = isset($_POST['gddata']['tmpcount']) ? $_POST['gddata']['tmpcount'] : 0;
    if ($count < $totRecords) {
        $count = $tmpCnt + $count;
        if ($count > $totRecords) {
            $count = $totRecords;
        }
    } else {
        $count = $totRecords;
    }
    $total_records = 0;
    $rowcount = 0;
    $address_invalid = 0;
    $blank_address = 0;
    $upload_files = 0;
    $invalid_post_type = 0;
    $invalid_title = 0;
    $customKeyarray = array();
    $gd_post_info = array();
    $post_location = array();
    $countpost = 0;
    if (!empty($file)) {
        $columns = isset($file[0]) ? geodir_str_getcsv($file[0]) : NULL;
        $customKeyarray = $columns;
        if (empty($columns) || !empty($columns) && $columns[0] == '') {
            $return['error'] = CSV_INVAILD_FILE;
            echo json_encode($return);
            exit;
        }
        for ($i = 1; $i <= $importlimit; $i++) {
            $current_index = $tmpCnt + $i;
            if (isset($file[$current_index])) {
                $total_records++;
                $buffer = geodir_str_getcsv($file[$current_index]);
                $post_title = addslashes($buffer[0]);
                $current_post_author = $buffer[1];
                $post_desc = addslashes($buffer[2]);
                $post_cat = array();
                $catids_arr = array();
                $post_cat = trim($buffer[3]);
                // comma seperated category name
                if ($post_cat) {
                    $post_cat_arr = explode(',', $post_cat);
                    for ($c = 0; $c < count($post_cat_arr); $c++) {
                        $catid = wp_kses_normalize_entities(trim($post_cat_arr[$c]));
                        if (!empty($buffer[5])) {
                            if (in_array($buffer[5], geodir_get_posttypes())) {
                                $p_taxonomy = geodir_get_taxonomies(addslashes($buffer[5]));
                                if (get_term_by('name', $catid, $p_taxonomy[0])) {
                                    $cat = get_term_by('name', $catid, $p_taxonomy[0]);
                                    $catids_arr[] = $cat->slug;
                                } else {
                                    if (get_term_by('slug', $catid, $p_taxonomy[0])) {
                                        $cat = get_term_by('slug', $catid, $p_taxonomy[0]);
                                        $catids_arr[] = $cat->slug;
                                    } else {
                                        $ret = wp_insert_term($catid, $p_taxonomy[0]);
                                        if ($ret && !is_wp_error($ret)) {
                                            if (get_term_by('name', $catid, $p_taxonomy[0])) {
                                                $cat = get_term_by('name', $catid, $p_taxonomy[0]);
                                                $catids_arr[] = $cat->slug;
                                            } elseif (get_term_by('slug', $catid, $p_taxonomy[0])) {
                                                $cat = get_term_by('slug', $catid, $p_taxonomy[0]);
                                                $catids_arr[] = $cat->slug;
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                if (!$catids_arr) {
                    $catids_arr[] = 1;
                }
                $post_tags = trim($buffer[4]);
                // comma seperated tags
                $tag_arr = '';
                if ($post_tags) {
                    $tag_arr = explode(',', $post_tags);
                }
                $table = $plugin_prefix . $buffer[5] . '_detail';
                // check table in database
                $error = '';
                if ($wpdb->get_var("SHOW TABLES LIKE '" . $table . "'") != $table) {
                    $invalid_post_type++;
                    continue;
                }
                if ($post_title != '') {
                    $menu_order = 0;
                    $image_folder_name = 'uplaod/';
                    $image_names = array();
                    for ($c = 5; $c < count($customKeyarray); $c++) {
                        $gd_post_info[$customKeyarray[$c]] = addslashes($buffer[$c]);
                        if ($customKeyarray[$c] == 'IMAGE') {
                            $buffer[$c] = trim($buffer[$c]);
                            if (!empty($buffer[$c])) {
                                $image_names[] = $buffer[$c];
                            }
                        }
                        if ($customKeyarray[$c] == 'alive_days') {
                            if ($buffer[$c] != '0' && $buffer[$c] != '') {
                                $submitdata = date('Y-m-d');
                                $gd_post_info['expire_date'] = date('Y-m-d', strtotime($submitdata . "+" . addslashes($buffer[$c]) . " days"));
                            } else {
                                $gd_post_info['expire_date'] = 'Never';
                            }
                        }
                        if ($customKeyarray[$c] == 'post_city') {
                            $post_city = addslashes($buffer[$c]);
                        }
                        if ($customKeyarray[$c] == 'post_region') {
                            $post_region = addslashes($buffer[$c]);
                        }
                        if ($customKeyarray[$c] == 'post_country') {
                            $post_country = addslashes($buffer[$c]);
                        }
                        if ($customKeyarray[$c] == 'post_latitude') {
                            $post_latitude = addslashes($buffer[$c]);
                        }
                        if ($customKeyarray[$c] == 'post_longitude') {
                            $post_longitude = addslashes($buffer[$c]);
                        }
                        // Post status
                        if ($customKeyarray[$c] == 'post_status') {
                            $post_status = sanitize_key($buffer[$c]);
                        }
                    }
                    /* ================ before array create ============== */
                    $location_result = geodir_get_default_location();
                    if (!isset($gd_post_info['post_city']) || $gd_post_info['post_city'] == '' || (!isset($gd_post_info['post_region']) || $gd_post_info['post_region'] == '') || (!isset($gd_post_info['post_country']) || $gd_post_info['post_country'] == '') || (!isset($gd_post_info['post_address']) || $gd_post_info['post_address'] == '') || (!isset($gd_post_info['post_latitude']) || $gd_post_info['post_latitude'] == '') || (!isset($gd_post_info['post_longitude']) || $gd_post_info['post_longitude'] == '')) {
                        $blank_address++;
                        continue;
                    } else {
                        if ($location_result->location_id == 0) {
                            if (geodir_strtolower($gd_post_info['post_city']) != geodir_strtolower($location_result->city) || geodir_strtolower($gd_post_info['post_region']) != geodir_strtolower($location_result->region) || geodir_strtolower($gd_post_info['post_country']) != geodir_strtolower($location_result->country)) {
                                $address_invalid++;
                                continue;
                            }
                        }
                    }
                    // Default post status
                    $default_status = 'publish';
                    $post_status = !empty($post_status) ? sanitize_key($post_status) : $default_status;
                    $post_status = !empty($wp_post_statuses) && !isset($wp_post_statuses[$post_status]) ? $default_status : $post_status;
                    $my_post['post_title'] = $post_title;
                    $my_post['post_content'] = $post_desc;
                    $my_post['post_type'] = addslashes($buffer[5]);
                    $my_post['post_author'] = $current_post_author;
                    $my_post['post_status'] = $post_status;
                    $my_post['post_category'] = $catids_arr;
                    $my_post['post_tags'] = $tag_arr;
                    $gd_post_info['post_tags'] = $tag_arr;
                    $gd_post_info['post_title'] = $post_title;
                    $gd_post_info['post_status'] = $post_status;
                    $gd_post_info['submit_time'] = time();
                    $gd_post_info['submit_ip'] = $_SERVER['REMOTE_ADDR'];
                    $last_postid = wp_insert_post($my_post);
                    $countpost++;
                    // Check if we need to save post location as new location
                    if ($location_result->location_id > 0) {
                        if (isset($post_city) && isset($post_region)) {
                            $request_info['post_location'] = array('city' => $post_city, 'region' => $post_region, 'country' => $post_country, 'geo_lat' => $post_latitude, 'geo_lng' => $post_longitude);
                            $post_location_info = $request_info['post_location'];
                            if ($location_id = geodir_add_new_location($post_location_info)) {
                                $post_location_id = $location_id;
                            }
                        } else {
                            $post_location_id = 0;
                        }
                    } else {
                        $post_location_id = 0;
                    }
                    /* ------- get default package info ----- */
                    $payment_info = array();
                    $package_info = array();
                    $package_info = (array) geodir_post_package_info($package_info, '', $buffer[5]);
                    $package_id = '';
                    if (isset($gd_post_info['package_id']) && $gd_post_info['package_id'] != '') {
                        $package_id = $gd_post_info['package_id'];
                    }
                    if (!empty($package_info)) {
                        $payment_info['package_id'] = $package_info['pid'];
                        if (isset($package_info['alive_days']) && $package_info['alive_days'] != 0) {
                            $payment_info['expire_date'] = date('Y-m-d', strtotime("+" . $package_info['alive_days'] . " days"));
                        } else {
                            $payment_info['expire_date'] = 'Never';
                        }
                        $gd_post_info = array_merge($gd_post_info, $payment_info);
                    }
                    $gd_post_info['post_location_id'] = $post_location_id;
                    $post_type = get_post_type($last_postid);
                    $table = $plugin_prefix . $post_type . '_detail';
                    geodir_save_post_info($last_postid, $gd_post_info);
                    if (!empty($image_names)) {
                        $upload_files++;
                        $menu_order = 1;
                        foreach ($image_names as $image_name) {
                            $img_name_arr = explode('.', $image_name);
                            $uploads = wp_upload_dir();
                            $sub_dir = $uploads['subdir'];
                            $arr_file_type = wp_check_filetype($image_name);
                            $uploaded_file_type = $arr_file_type['type'];
                            $attachment = array();
                            $attachment['post_id'] = $last_postid;
                            $attachment['title'] = $img_name_arr[0];
                            $attachment['content'] = '';
                            $attachment['file'] = $sub_dir . '/' . $image_name;
                            $attachment['mime_type'] = $uploaded_file_type;
                            $attachment['menu_order'] = $menu_order;
                            $attachment['is_featured'] = 0;
                            $attachment_set = '';
                            foreach ($attachment as $key => $val) {
                                if ($val != '') {
                                    $attachment_set .= $key . " = '" . $val . "', ";
                                }
                            }
                            $attachment_set = trim($attachment_set, ", ");
                            $wpdb->query("INSERT INTO " . GEODIR_ATTACHMENT_TABLE . " SET " . $attachment_set);
                            if ($menu_order == 1) {
                                $post_type = get_post_type($last_postid);
                                $wpdb->query($wpdb->prepare("UPDATE " . $table . " SET featured_image = %s where post_id =%d", array($sub_dir . '/' . $image_name, $last_postid)));
                            }
                            $menu_order++;
                        }
                    }
                    $gd_post_info['package_id'] = $package_id;
                    /** This action is documented in geodirectory-functions/post-functions.php */
                    do_action('geodir_after_save_listing', $last_postid, $gd_post_info);
                    if (!empty($buffer[5])) {
                        if (in_array($buffer[5], geodir_get_posttypes())) {
                            $taxonomies = geodir_get_posttype_info(addslashes($buffer[5]));
                            wp_set_object_terms($last_postid, $my_post['post_tags'], $taxonomy = $taxonomies['taxonomies'][1]);
                            wp_set_object_terms($last_postid, $my_post['post_category'], $taxonomy = $taxonomies['taxonomies'][0]);
                            $post_default_category = isset($my_post['post_default_category']) ? $my_post['post_default_category'] : '';
                            $post_category_str = isset($my_post['post_category_str']) ? $my_post['post_category_str'] : '';
                            geodir_set_postcat_structure($last_postid, $taxonomy, $post_default_category, $post_category_str);
                        }
                    }
                } else {
                    $invalid_title++;
                }
            }
        }
    }
    $return['rowcount'] = $countpost;
    $return['invalidcount'] = $address_invalid;
    $return['blank_address'] = $blank_address;
    $return['upload_files'] = $upload_files;
    $return['invalid_post_type'] = $invalid_post_type;
    $return['invalid_title'] = $invalid_title;
    $return['total_records'] = $total_records;
    echo json_encode($return);
    exit;
}
 /**
  * Checks and cleans a URL. This function is from WordPress.
  *
  * A number of characters are removed from the URL. If the URL is for displaying
  * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
  * is applied to the returned cleaned URL.
  *
  * @since 2.8.0
  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
  *		via $protocols or the common ones set in the function.
  *
  * @param string $url The URL to be cleaned.
  * @param array $protocols Optional. An array of acceptable protocols.
  *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
  * @param string $_context Private. Use esc_url_raw() for database usage.
  * @return string The cleaned $url after the 'clean_url' filter is applied.
  */
 public function esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     // Replace ampersands and single quotes only when displaying.
     if ('display' == $_context) {
         $url = wp_kses_normalize_entities($url);
         $url = str_replace('&amp;', '&#038;', $url);
         $url = str_replace('\'', '&#039;', $url);
     }
     if (!empty($url[0]) && '/' === $url[0]) {
         $good_protocol_url = $url;
     } else {
         if (!is_array($protocols)) {
             $protocols = wp_allowed_protocols();
         }
         $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
         if (strtolower($good_protocol_url) != strtolower($url)) {
             return '';
         }
     }
     /**
      * Filter a string cleaned and escaped for output as a URL.
      *
      * @since 2.3.0
      *
      * @param string $good_protocol_url The cleaned URL to be returned.
      * @param string $original_url      The URL prior to cleaning.
      * @param string $_context          If 'display', replace ampersands and single quotes only.
      */
     return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
Ejemplo n.º 20
0
 /**
  * Html entity decoding for shortcode attributes and post meta values
  * - Will first change invalid entities to valid ones - &#000058 -> &#58;
  * - Then change named ones to numeric ones
  * - Then decode them all to their normal characters
  * - And remove any surrounding whitespace
  *
  * @param string $string Arbitrary string
  *
  * @return string
  */
 protected function normalize_entities($string)
 {
     return trim(wp_kses_decode_entities(ent2ncr(wp_kses_normalize_entities($string))));
 }
Ejemplo n.º 21
0
 /**
  * @ticket 26290
  */
 public function test_wp_kses_normalize_entities()
 {
     $this->assertEquals('&spades;', wp_kses_normalize_entities('&spades;'));
     $this->assertEquals('&sup1;', wp_kses_normalize_entities('&sup1;'));
     $this->assertEquals('&sup2;', wp_kses_normalize_entities('&sup2;'));
     $this->assertEquals('&sup3;', wp_kses_normalize_entities('&sup3;'));
     $this->assertEquals('&frac14;', wp_kses_normalize_entities('&frac14;'));
     $this->assertEquals('&frac12;', wp_kses_normalize_entities('&frac12;'));
     $this->assertEquals('&frac34;', wp_kses_normalize_entities('&frac34;'));
     $this->assertEquals('&there4;', wp_kses_normalize_entities('&there4;'));
 }
 function EscapeAndFilterPostKSES($strString, $arrAllowedTags = array(), $arrDisallowedTags = array(), $arrAllowedProtocols = array())
 {
     // $arrAllowedTags : e.g. array( 'noscript' => array(), 'style' => array() );
     // $arrDisallowedTags : e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' );
     global $allowedposttags;
     // $arrAllowedHTML = array_replace_recursive( $allowedposttags, $arrAllowedTags );    // the second parameter takes over the first.
     // $arrAllowedHTML = wp_parse_args( $arrAllowedTags, $allowedposttags );    // the first parameter takes over the second.
     $arrAllowedHTML = $this->oUtil->UniteArraysRecursive($arrAllowedTags, $allowedposttags);
     // the first parameter takes over the second.
     foreach ($arrDisallowedTags as $strTag) {
         if (isset($arrAllowedHTML[$strTag])) {
             unset($arrAllowedHTML[$strTag]);
         }
     }
     if (empty($arrAllowedProtocols)) {
         $arrAllowedProtocols = wp_allowed_protocols();
     }
     $strString = addslashes($strString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     $strString = stripslashes($strString);
     // wp_filter_post_kses()
     $strString = wp_kses_no_null($strString);
     // wp_kses()
     $strString = wp_kses_js_entities($strString);
     // wp_kses()
     $strString = wp_kses_normalize_entities($strString);
     // wp_kses()
     $strString = wp_kses_hook($strString, $arrAllowedHTML, $arrAllowedProtocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     $strString = wp_kses_split($strString, $arrAllowedHTML, $arrAllowedProtocols);
     $strString = addslashes($strString);
     // wp_filter_post_kses()
     $strString = stripslashes($strString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     return $strString;
 }
Ejemplo n.º 23
0
 /**
  * Escapes the given string for the KSES filter with the criteria of allowing/disallowing tags and the protocol.
  * 
  * @remark           Attributes are not supported at this moment.
  * @param            array            $aAllowedTags                e.g. array( 'noscript', 'style', )
  * @param            array            $aDisallowedTags            e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' )
  * @since            2.0.0
  */
 public static function escapeKSESFilter($sString, $aAllowedTags = array(), $aDisallowedTags = array(), $aAllowedProtocols = array())
 {
     foreach ($aAllowedTags as $sTag) {
         $aFormatAllowedTags[$sTag] = array();
         // activate the inline style attribute.
     }
     $aAllowedHTMLTags = AmazonAutoLinks_Utility::uniteArrays($aFormatAllowedTags, $GLOBALS['allowedposttags']);
     // the first parameter takes over the second.
     foreach ($aDisallowedTags as $sTag) {
         if (isset($aAllowedHTMLTags[$sTag])) {
             unset($aAllowedHTMLTags[$sTag]);
         }
     }
     if (empty($aAllowedProtocols)) {
         $aAllowedProtocols = wp_allowed_protocols();
     }
     $sString = addslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     $sString = stripslashes($sString);
     // wp_filter_post_kses()
     $sString = wp_kses_no_null($sString);
     // wp_kses()
     $sString = wp_kses_js_entities($sString);
     // wp_kses()
     $sString = wp_kses_normalize_entities($sString);
     // wp_kses()
     $sString = wp_kses_hook($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     $sString = wp_kses_split($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     $sString = addslashes($sString);
     // wp_filter_post_kses()
     $sString = stripslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     return $sString;
 }
Ejemplo n.º 24
0
 /**
  * Filters content and keeps only allowable HTML elements.
  *
  * This is the same function as built into WP, but with optional allowing of keeping "&"
  *
  * @param string $string Content to filter through kses
  * @param array $allowed_html List of allowed HTML elements
  * @param array $allowed_protocols Optional. Allowed protocol in links.
  * @return string Filtered content with only allowed HTML elements
  */
 function wp_kses($string, $allowed_html, $allowed_protocols = array(), $skip_normalize_entities = false)
 {
     if (empty($allowed_protocols)) {
         $allowed_protocols = wp_allowed_protocols();
     }
     $string = wp_kses_no_null($string);
     $string = wp_kses_js_entities($string);
     if (!$skip_normalize_entities) {
         $string = wp_kses_normalize_entities($string);
     }
     $string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     return wp_kses_split($string, $allowed_html, $allowed_protocols);
 }
Ejemplo n.º 25
0
/**
 * Converts a number of special characters into their HTML entities.
 *
 * Specifically deals with: &, <, >, ", and '.
 *
 * $quote_style can be set to ENT_COMPAT to encode " to
 * &quot;, or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
 *
 * @since 1.2.2
 *
 * @param string $string The text which is to be encoded.
 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
 * @param string $charset Optional. The character encoding of the string. Default is false.
 * @param boolean $double_encode Optional. Whether to encode existing html entities. Default is false.
 * @return string The encoded text with HTML entities.
 */
function _wp_specialchars($string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false)
{
    $string = (string) $string;
    if (0 === strlen($string)) {
        return '';
    }
    // Don't bother if there are no specialchars - saves some processing
    if (!preg_match('/[&<>"\']/', $string)) {
        return $string;
    }
    // Account for the previous behaviour of the function when the $quote_style is not an accepted value
    if (empty($quote_style)) {
        $quote_style = ENT_NOQUOTES;
    } elseif (!in_array($quote_style, array(0, 2, 3, 'single', 'double'), true)) {
        $quote_style = ENT_QUOTES;
    }
    // Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
    if (!$charset) {
        static $_charset;
        if (!isset($_charset)) {
            $alloptions = wp_load_alloptions();
            $_charset = isset($alloptions['blog_charset']) ? $alloptions['blog_charset'] : '';
        }
        $charset = $_charset;
    }
    if (in_array($charset, array('utf8', 'utf-8', 'UTF8'))) {
        $charset = 'UTF-8';
    }
    $_quote_style = $quote_style;
    if ($quote_style === 'double') {
        $quote_style = ENT_COMPAT;
        $_quote_style = ENT_COMPAT;
    } elseif ($quote_style === 'single') {
        $quote_style = ENT_NOQUOTES;
    }
    // Handle double encoding ourselves
    if (!$double_encode) {
        $string = wp_specialchars_decode($string, $_quote_style);
        /* Critical */
        // The previous line decodes &amp;phrase; into &phrase;  We must guarantee that &phrase; is valid before proceeding.
        $string = wp_kses_normalize_entities($string);
        // Now proceed with custom double-encoding silliness
        $string = preg_replace('/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string);
    }
    $string = @htmlspecialchars($string, $quote_style, $charset);
    // Handle double encoding ourselves
    if (!$double_encode) {
        $string = str_replace(array('|wp_entity|', '|/wp_entity|'), array('&', ';'), $string);
    }
    // Backwards compatibility
    if ('single' === $_quote_style) {
        $string = str_replace("'", '&#039;', $string);
    }
    return $string;
}
Ejemplo n.º 26
0
/**
 * Sanitize and validate input. Accepts an array, return a sanitized array.
 */
function theme_designspecials_validate($input)
{
    if (!isset($input['aktiv-mediaqueries-allparts'])) {
        $input['aktiv-mediaqueries-allparts'] = 0;
    }
    $input['aktiv-mediaqueries-allparts'] = $input['aktiv-mediaqueries-allparts'] == 1 ? 1 : 0;
    $input['css-default-branding-padding-top'] = wp_kses_normalize_entities($input['css-default-branding-padding-top']);
    $input['css-default-header-height'] = wp_kses_normalize_entities($input['css-default-header-height']);
    $input['css-eigene-anweisungen'] = wp_filter_post_kses($input['css-eigene-anweisungen']);
    $input['css-default-header-background-color'] = wp_filter_post_kses($input['css-default-header-background-color']);
    $input['css-default-header-background-image'] = wp_filter_post_kses($input['css-default-header-background-image']);
    $input['css-default-header-background-position'] = wp_filter_post_kses($input['css-default-header-background-position']);
    $input['css-default-header-background-repeat'] = wp_filter_post_kses($input['css-default-header-background-repeat']);
    $input['css-colorfile'] = wp_filter_post_kses($input['css-colorfile']);
    $input['css-fontfile'] = wp_filter_post_kses($input['css-fontfile']);
    return $input;
}
Ejemplo n.º 27
0
/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since 2.8.0
 *
 * @param string $url       The URL to be cleaned.
 * @param array  $protocols Optional. An array of acceptable protocols.
 *		                    Defaults to return value of wp_allowed_protocols()
 * @param string $_context  Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url($url, $protocols = null, $_context = 'display')
{
    $original_url = $url;
    if ('' == $url) {
        return $url;
    }
    $url = str_replace(' ', '%20', $url);
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\[\\]\\x80-\\xff]|i', '', $url);
    if ('' === $url) {
        return $url;
    }
    if (0 !== stripos($url, 'mailto:')) {
        $strip = array('%0d', '%0a', '%0D', '%0A');
        $url = _deep_replace($strip, $url);
    }
    $url = str_replace(';//', '://', $url);
    /* If the URL doesn't appear to contain a scheme, we
     * presume it needs http:// prepended (unless a relative
     * link starting with /, # or ? or a php file).
     */
    if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
        $url = 'http://' . $url;
    }
    // Replace ampersands and single quotes only when displaying.
    if ('display' == $_context) {
        $url = wp_kses_normalize_entities($url);
        $url = str_replace('&amp;', '&#038;', $url);
        $url = str_replace("'", '&#039;', $url);
    }
    if (false !== strpos($url, '[') || false !== strpos($url, ']')) {
        $parsed = wp_parse_url($url);
        $front = '';
        if (isset($parsed['scheme'])) {
            $front .= $parsed['scheme'] . '://';
        } elseif ('/' === $url[0]) {
            $front .= '//';
        }
        if (isset($parsed['user'])) {
            $front .= $parsed['user'];
        }
        if (isset($parsed['pass'])) {
            $front .= ':' . $parsed['pass'];
        }
        if (isset($parsed['user']) || isset($parsed['pass'])) {
            $front .= '@';
        }
        if (isset($parsed['host'])) {
            $front .= $parsed['host'];
        }
        if (isset($parsed['port'])) {
            $front .= ':' . $parsed['port'];
        }
        $end_dirty = str_replace($front, '', $url);
        $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
        $url = str_replace($end_dirty, $end_clean, $url);
    }
    if ('/' === $url[0]) {
        $good_protocol_url = $url;
    } else {
        if (!is_array($protocols)) {
            $protocols = wp_allowed_protocols();
        }
        $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
        if (strtolower($good_protocol_url) != strtolower($url)) {
            return '';
        }
    }
    /**
     * Filter a string cleaned and escaped for output as a URL.
     *
     * @since 2.3.0
     *
     * @param string $good_protocol_url The cleaned URL to be returned.
     * @param string $original_url      The URL prior to cleaning.
     * @param string $_context          If 'display', replace ampersands and single quotes only.
     */
    return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
Ejemplo n.º 28
0
/**
 * Returns parsed url and title.
 *
 * This function converts string to url and title if there is "|" separator used in url.
 * Ex: "http://wpgeodirectory.com|GeoDirectory" will return array( url => http://wpgeodirectory.com, label => GeoDirectory ).
 *
 * @package Geodirectory
 * @since 1.5.7
 * @param string $url The website url.
 * @param bool $formatted True if returns formatted url. False if not. Default true.
 * @return array Parsed url and title.
 */
function geodir_parse_custom_field_url($url, $formatted = true)
{
    if ($url == '' || !is_string($url)) {
        return NULL;
    }
    $original_url = $url;
    $url = stripcslashes($url);
    $parts = explode('|', $url, 2);
    $url = trim($parts[0]);
    if ($formatted && $url != '') {
        $url = str_replace(' ', '%20', $url);
        $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\[\\]\\x80-\\xff]|i', '', $url);
        if (0 !== stripos($url, 'mailto:')) {
            $strip = array('%0d', '%0a', '%0D', '%0A');
            $url = _deep_replace($strip, $url);
        }
        $url = str_replace(';//', '://', $url);
        if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
            $url = 'http://' . $url;
        }
        $url = wp_kses_normalize_entities($url);
        $url = str_replace('&amp;', '&#038;', $url);
        $url = str_replace("'", '&#039;', $url);
    }
    $return = array();
    $return['url'] = $url;
    if (!empty($parts[1]) && trim($parts[1]) != '') {
        $return['label'] = trim($parts[1]);
    }
    return $return;
}
Ejemplo n.º 29
0
/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since 2.8.0
 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
 *		via $protocols or the common ones set in the function.
 *
 * @param string $url The URL to be cleaned.
 * @param array $protocols Optional. An array of acceptable protocols.
 *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
 * @param string $_context Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url($url, $protocols = null, $_context = 'display')
{
    $original_url = $url;
    if ('' == $url) {
        return $url;
    }
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $url = _deep_replace($strip, $url);
    $url = str_replace(';//', '://', $url);
    /* If the URL doesn't appear to contain a scheme, we
     * presume it needs http:// appended (unless a relative
     * link starting with / or a php file).
     */
    if (strpos($url, ':') === false && substr($url, 0, 1) != '/' && substr($url, 0, 1) != '#' && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
        $url = 'http://' . $url;
    }
    // Replace ampersands and single quotes only when displaying.
    if ('display' == $_context) {
        $url = wp_kses_normalize_entities($url);
        $url = str_replace('&amp;', '&#038;', $url);
        $url = str_replace("'", '&#039;', $url);
    }
    if (!is_array($protocols)) {
        $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
    }
    if (wp_kses_bad_protocol($url, $protocols) != $url) {
        return '';
    }
    return apply_filters('clean_url', $url, $original_url, $_context);
}
Ejemplo n.º 30
0
	/**
	 * Prepare the query for user_ids.
	 *
	 * @since BuddyPress (1.7.0)
	 */
	public function prepare_user_ids_query() {
		global $wpdb, $bp;

		// Default query variables used here
		$type         = '';
		$per_page     = 0;
		$page         = 1;
		$user_id      = 0;
		$include      = false;
		$search_terms = false;
		$exclude      = false;
		$meta_key     = false;
		$meta_value   = false;

		extract( $this->query_vars );

		// Setup the main SQL query container
		$sql = array(
			'select'  => '',
			'where'   => array(),
			'orderby' => '',
			'order'   => '',
			'limit'   => ''
		);

		/** TYPE **************************************************************/

		// Determines the sort order, which means it also determines where the
		// user IDs are drawn from (the SELECT and WHERE statements)
		switch ( $type ) {

			// 'online' query happens against the last_activity usermeta key
			// Filter 'bp_user_query_online_interval' to modify the
			// number of minutes used as an interval
			case 'online' :
				$this->uid_name = 'user_id';
				$this->uid_table = $bp->members->table_name_last_activity;
				$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
				$sql['where'][] = $wpdb->prepare( "u.component = %s AND u.type = 'last_activity'", buddypress()->members->id );
				$sql['where'][] = $wpdb->prepare( "u.date_recorded >= DATE_SUB( UTC_TIMESTAMP(), INTERVAL %d MINUTE )", apply_filters( 'bp_user_query_online_interval', 15 ) );
				$sql['orderby'] = "ORDER BY u.date_recorded";
				$sql['order']   = "DESC";

				break;

			// 'active', 'newest', and 'random' queries
			// all happen against the last_activity usermeta key
			case 'active' :
			case 'newest' :
			case 'random' :
				$this->uid_name = 'user_id';
				$this->uid_table = $bp->members->table_name_last_activity;
				$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
				$sql['where'][] = $wpdb->prepare( "u.component = %s AND u.type = 'last_activity'", buddypress()->members->id );

				if ( 'newest' == $type ) {
					$sql['orderby'] = "ORDER BY u.user_id";
					$sql['order'] = "DESC";
				} elseif ( 'random' == $type ) {
					$sql['orderby'] = "ORDER BY rand()";
				} else {
					$sql['orderby'] = "ORDER BY u.date_recorded";
					$sql['order'] = "DESC";
				}

				break;

			// 'popular' sorts by the 'total_friend_count' usermeta
			case 'popular' :
				$this->uid_name = 'user_id';
				$this->uid_table = $wpdb->usermeta;
				$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
				$sql['where'][] = $wpdb->prepare( "u.meta_key = %s", bp_get_user_meta_key( 'total_friend_count' ) );
				$sql['orderby'] = "ORDER BY CONVERT(u.meta_value, SIGNED)";
				$sql['order']   = "DESC";

				break;

			// 'alphabetical' sorts depend on the xprofile setup
			case 'alphabetical' :

				// We prefer to do alphabetical sorts against the display_name field
				// of wp_users, because the table is smaller and better indexed. We
				// can do so if xprofile sync is enabled, or if xprofile is inactive.
				//
				// @todo remove need for bp_is_active() check
				if ( ! bp_disable_profile_sync() || ! bp_is_active( 'xprofile' ) ) {
					$this->uid_name = 'ID';
					$this->uid_table = $wpdb->users;
					$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
					$sql['orderby'] = "ORDER BY u.display_name";
					$sql['order']   = "ASC";

				// When profile sync is disabled, alphabetical sorts must happen against
				// the xprofile table
				} else {
					$this->uid_name = 'user_id';
					$this->uid_table = $bp->profile->table_name_data;
					$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";
					$sql['where'][] = $wpdb->prepare( "u.field_id = %d", bp_xprofile_fullname_field_id() );
					$sql['orderby'] = "ORDER BY u.value";
					$sql['order']   = "ASC";
				}

				// Alphabetical queries ignore last_activity, while BP uses last_activity
				// to infer spam/deleted/non-activated users. To ensure that these users
				// are filtered out, we add an appropriate sub-query.
				$sql['where'][] = "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE " . bp_core_get_status_sql( '' ) . " )";

				break;

			// Any other 'type' falls through
			default :
				$this->uid_name = 'ID';
				$this->uid_table = $wpdb->users;
				$sql['select']  = "SELECT u.{$this->uid_name} as id FROM {$this->uid_table} u";

				// In this case, we assume that a plugin is
				// handling order, so we leave those clauses
				// blank

				break;
		}

		/** WHERE *************************************************************/

		// 'include' - User ids to include in the results
		$include     = false !== $include ? wp_parse_id_list( $include ) : array();
		$include_ids = $this->get_include_ids( $include );
		if ( ! empty( $include_ids ) ) {
			$include_ids    = implode( ',', wp_parse_id_list( $include_ids ) );
			$sql['where'][] = "u.{$this->uid_name} IN ({$include_ids})";
		}

		// 'exclude' - User ids to exclude from the results
		if ( false !== $exclude ) {
			$exclude_ids    = implode( ',', wp_parse_id_list( $exclude ) );
			$sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})";
		}

		// 'user_id' - When a user id is passed, limit to the friends of the user
		// @todo remove need for bp_is_active() check
		if ( ! empty( $user_id ) && bp_is_active( 'friends' ) ) {
			$friend_ids = friends_get_friend_user_ids( $user_id );
			$friend_ids = implode( ',', wp_parse_id_list( $friend_ids ) );

			if ( ! empty( $friend_ids ) ) {
				$sql['where'][] = "u.{$this->uid_name} IN ({$friend_ids})";

			// If the user has no friends, the query should always
			// return no users
			} else {
				$sql['where'][] = $this->no_results['where'];
			}
		}

		/** Search Terms ******************************************************/

		// 'search_terms' searches user_login and user_nicename
		// xprofile field matches happen in bp_xprofile_bp_user_query_search()
		if ( false !== $search_terms ) {
			$search_terms = bp_esc_like( wp_kses_normalize_entities( $search_terms ) );

			if ( $search_wildcard === 'left' ) {
				$search_terms_nospace = '%' . $search_terms;
				$search_terms_space   = '%' . $search_terms . ' %';
			} elseif ( $search_wildcard === 'right' ) {
				$search_terms_nospace =        $search_terms . '%';
				$search_terms_space   = '% ' . $search_terms . '%';
			} else {
				$search_terms_nospace = '%' . $search_terms . '%';
				$search_terms_space   = '%' . $search_terms . '%';
			}

			$sql['where']['search'] = $wpdb->prepare(
				"u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_login LIKE %s OR user_nicename LIKE %s OR user_nicename LIKE %s ) )",
				$search_terms_nospace,
				$search_terms_space,
				$search_terms_nospace,
				$search_terms_space
			);
		}

		// Member type.
		if ( ! empty( $member_type ) ) {
			$member_types = array();

			if ( ! is_array( $member_type ) ) {
				$member_type = preg_split( '/[,\s+]/', $member_type );
			}

			foreach ( $member_type as $mt ) {
				if ( ! bp_get_member_type_object( $mt ) ) {
					continue;
				}

				$member_types[] = $mt;
			}

			if ( ! empty( $member_types ) ) {
				$member_type_tq = new WP_Tax_Query( array(
					array(
						'taxonomy' => 'bp_member_type',
						'field'    => 'name',
						'operator' => 'IN',
						'terms'    => $member_types,
					),
				) );

				// Switch to the root blog, where member type taxonomies live.
				switch_to_blog( bp_get_root_blog_id() );

				$member_type_sql_clauses = $member_type_tq->get_sql( 'u', $this->uid_name );
				restore_current_blog();



				// Grab the first term_relationships clause and convert to a subquery.
				if ( preg_match( '/' . $wpdb->term_relationships . '\.term_taxonomy_id IN \([0-9, ]+\)/', $member_type_sql_clauses['where'], $matches ) ) {
					$sql['where']['member_type'] = "u.{$this->uid_name} IN ( SELECT object_id FROM $wpdb->term_relationships WHERE {$matches[0]} )";
				}
			}
		}

		// 'meta_key', 'meta_value' allow usermeta search
		// To avoid global joins, do a separate query
		if ( false !== $meta_key ) {
			$meta_sql = $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s", $meta_key );

			if ( false !== $meta_value ) {
				$meta_sql .= $wpdb->prepare( " AND meta_value = %s", $meta_value );
			}

			$found_user_ids = $wpdb->get_col( $meta_sql );

			if ( ! empty( $found_user_ids ) ) {
				$sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")";
			} else {
				$sql['where'][] = '1 = 0';
			}
		}

		// 'per_page', 'page' - handles LIMIT
		if ( !empty( $per_page ) && !empty( $page ) ) {
			$sql['limit'] = $wpdb->prepare( "LIMIT %d, %d", intval( ( $page - 1 ) * $per_page ), intval( $per_page ) );
		} else {
			$sql['limit'] = '';
		}

		// Allow custom filters
		$sql = apply_filters_ref_array( 'bp_user_query_uid_clauses', array( $sql, &$this ) );

		// Assemble the query chunks
		$this->uid_clauses['select']  = $sql['select'];
		$this->uid_clauses['where']   = ! empty( $sql['where'] ) ? 'WHERE ' . implode( ' AND ', $sql['where'] ) : '';
		$this->uid_clauses['orderby'] = $sql['orderby'];
		$this->uid_clauses['order']   = $sql['order'];
		$this->uid_clauses['limit']   = $sql['limit'];

		do_action_ref_array( 'bp_pre_user_query', array( &$this ) );
	}