function dwqa_pre_content($content) { global $post_submit_filter; $content = htmlspecialchars_decode($content); $content = wp_kses(dwqa_pre_content_filter($content), $post_submit_filter); return $content; }
/** * Save question submitted * @return void */ function dwqa_submit_question() { global $post_submit_filter, $dwqa_options; if (isset($_POST['dwqa-action']) && 'dwqa-submit-question' == $_POST['dwqa-action']) { global $dwqa_current_error; $valid_captcha = dwqa_valid_captcha('question'); $dwqa_submit_question_errors = new WP_Error(); if (isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'dwqa-submit-question-nonce-#!')) { if ($valid_captcha) { if (empty($_POST['question-title'])) { $dwqa_submit_question_errors->add('submit_question', 'You must enter a valid question title'); return false; } $title = esc_html($_POST['question-title']); $category = isset($_POST['question-category']) ? (int) $_POST['question-category'] : 0; if (!term_exists($category, 'dwqa-question_category')) { $category = 0; } $tags = isset($_POST['question-tag']) ? esc_html($_POST['question-tag']) : ''; $content = isset($_POST['question-content']) ? $_POST['question-content'] : ''; $content = wp_kses(dwqa_pre_content_filter($content), $post_submit_filter); $user_id = 0; $is_anonymous = false; if (is_user_logged_in()) { $user_id = get_current_user_id(); } else { //$post_author_email = $_POST['user-email']; if (isset($_POST['login-type']) && $_POST['login-type'] == 'sign-in') { $user = wp_signon(array('user_login' => $_POST['user-name'], 'user_password' => $_POST['user-password']), false); if (!is_wp_error($user)) { global $current_user; $current_user = $user; get_currentuserinfo(); $user_id = $user->data->ID; } else { $dwqa_current_error = $user; return false; } } else { //Create new user $users_can_register = get_option('users_can_register'); if (isset($_POST['user-email']) && isset($_POST['user-name-signup']) && $users_can_register && !email_exists($_POST['user-email']) && !username_exists($_POST['user-name-signup'])) { if (isset($_POST['password-signup'])) { $password = $_POST['password-signup']; } else { $password = wp_generate_password(12, false); } $user_id = wp_create_user($_POST['user-name-signup'], $password, $_POST['user-email']); if (is_wp_error($user_id)) { $dwqa_current_error = $user_id; return false; } wp_new_user_notification($user_id, $password); $user = wp_signon(array('user_login' => $_POST['user-name-signup'], 'user_password' => $password), false); if (!is_wp_error($user)) { global $current_user; $current_user = $user; get_currentuserinfo(); $user_id = $user->data->ID; } else { $dwqa_current_error = $user; return false; } } else { $message = ''; if (!$users_can_register) { $message .= __('User Registration was disabled.', 'dwqa') . '<br>'; } if (email_exists($_POST['user-email'])) { $message .= __('This email is already registered, please choose another one.', 'dwqa') . '<br>'; } if (username_exists($_POST['user-name'])) { $message .= __('This username is already registered. Please choose another one.', 'dwqa') . '<br>'; } $dwqa_current_error = new WP_Error('submit_question', $message); return false; } } } $post_status = isset($_POST['private-message']) && $_POST['private-message'] ? 'private' : 'publish'; $postarr = array('comment_status' => 'open', 'post_author' => $user_id, 'post_content' => $content, 'post_status' => $post_status, 'post_title' => $title, 'post_type' => 'dwqa-question', 'tax_input' => array('dwqa-question_category' => array($category), 'dwqa-question_tag' => explode(',', $tags))); if (dwqa_current_user_can('post_question')) { $new_question = dwqa_insert_question($postarr); } else { $new_question = new WP_Error('permission', __("You do not have permission to submit question.", 'dwqa')); } if (!is_wp_error($new_question)) { exit(wp_safe_redirect(get_permalink($new_question))); } else { $dwqa_current_error = $new_question; } } else { $dwqa_submit_question_errors->add('submit_question', __('Captcha is not correct', 'dwqa')); } } else { $dwqa_submit_question_errors->add('submit_question', __('Are you cheating huh?', 'dwqa')); } $dwqa_current_error = $dwqa_submit_question_errors; } }
function dwqa_update_question() { global $post_submit_filter, $dwqa_options; if (!isset($_POST['_wpnonce']) || !wp_verify_nonce(sanitize_text_field($_POST['_wpnonce']), '_dwqa_update_question')) { wp_send_json_error(array('message' => __('Hello, Are you cheating huh?', 'dwqa'))); } if (isset($_POST['dwqa-action']) && sanitize_text_field($_POST['dwqa-action']) == 'update-question') { //Start update question if (!isset($_POST['question'])) { wp_send_json_error(array('message' => __('The question is missing', 'dwqa'))); } $question_id = intval($_POST['question']); if (!dwqa_current_user_can('edit_question', $question_id)) { wp_send_json_error(array('message' => __('You do not have permission to edit question', 'dwqa'))); } $question_content = ''; if (isset($_POST['dwqa-question-content'])) { $question_content = wp_kses($_POST['dwqa-question-content'], $post_submit_filter); $question_content = dwqa_pre_content_filter($question_content); } $question_update = array('ID' => $question_id, 'post_content' => $question_content); if (isset($_POST['dwqa-question-title']) && $_POST['dwqa-question-title']) { $question_update['post_title'] = sanitize_text_field($_POST['dwqa-question-title']); } $old_post = get_post($question_id); $question_id = wp_update_post($question_update); $new_post = get_post($question_id); do_action('dwqa_update_question', $question_id, $old_post, $new_post); if ($question_id) { wp_safe_redirect(get_permalink($question_id)); return true; } break; } }