function comment_intercept()
{
if (!isset($_POST['fes_nonce']) || !isset($_POST['newcomment_body'])) {
return;
}
if (!wp_verify_nonce($_POST['fes_nonce'], 'fes_comment_nonce') || $_POST['newcomment_body'] === '') {
return;
}
$comment_id = absint($_POST['cid']);
$author_id = absint($_POST['aid']);
$post_id = absint($_POST['pid']);
$content = wp_kses($_POST['newcomment_body'], fes_allowed_html_tags());
$user = get_userdata($author_id);
update_comment_meta($comment_id, 'fes-already-processed', 'edd_fes');
$new_id = wp_insert_comment(array('user_id' => $author_id, 'comment_author_email' => $user->user_email, 'comment_author' => $user->user_login, 'comment_parent' => $comment_id, 'comment_post_ID' => $post_id, 'comment_content' => $content));
// This ensures author replies are not shown in the list
update_comment_meta($new_id, 'fes-already-processed', 'edd_fes');
}
function submit_submission_form($id = 0, $values = array(), $args = array())
{
if (is_admin() && (!isset($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], 'fes-form-submission-form'))) {
return;
}
global $edd_options;
check_ajax_referer('fes-form-submission-form');
@header('Content-Type: application/json; charset=' . get_option('blog_charset'));
$form_id = isset($_POST['form_id']) ? intval($_POST['form_id']) : 0;
$db_form_id = EDD_FES()->helper->get_option('fes-submission-form', false);
if ($form_id != $db_form_id) {
$response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied: ' . $form_id . ' != ' . $db_form_id, 'edd_fes'), 'is_post' => true);
echo json_encode($response);
exit;
}
if (!$id && isset($_REQUEST['post_id']) && absint($_REQUEST['post_id'])) {
$id = absint($_REQUEST['post_id']);
}
$user_id = get_current_user_id();
$is_vendor = EDD_FES()->vendors->vendor_is_vendor($user_id);
$is_admin = EDD_FES()->vendors->vendor_is_admin($user_id);
// if they are not a vendor, admin, or in the backend
if (!$is_admin && !is_admin() && !$is_vendor) {
$response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied', 'edd_fes'), 'is_post' => true);
echo json_encode($response);
exit;
}
if ($id) {
$post = get_post($id);
$post_author = $post->post_author;
// if they are not admin, in the admin, or the author of the post
if (!$is_admin && !is_admin() && $id !== 0 && $post_author !== $user_id) {
$response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied', 'edd_fes'), 'is_post' => true);
echo json_encode($response);
exit;
}
}
$form_vars = $this->get_input_fields($form_id);
$form_settings = get_post_meta($form_id, 'fes-form_settings', true);
list($post_vars, $taxonomy_vars, $meta_vars) = $form_vars;
// don't check captcha on post edit
if (!$id) {
// check recaptcha
if ($this->search_array($post_vars, 'input_type', 'recaptcha')) {
$this->validate_re_captcha();
}
}
$error = apply_filters('fes_submit_post_validate', '', $form_id);
if (!empty($error)) {
$this->signal_error($error);
}
$pending = false;
$new = true;
$post_id = $id;
if (!empty($post->post_status) && 'publish' != $post->post_status) {
$status = $post->post_status;
} else {
$status = 'publish';
}
// already existing product
if ($id && is_object(get_post($id))) {
$new = false;
$post_id = $id;
if (!EDD_FES()->helper->get_option('fes-auto-approve-edits', false)) {
$pending = true;
$status = 'pending';
}
} else {
if (!EDD_FES()->helper->get_option('fes-auto-approve-submissions', false)) {
$pending = true;
$status = 'pending';
}
}
$post_author = get_current_user_id();
$postarr = array('post_type' => 'download', 'post_status' => $status, 'post_author' => $post_author, 'post_title' => isset($_POST['post_title']) ? sanitize_text_field(trim($_POST['post_title'])) : '', 'post_content' => isset($_POST['post_content']) ? wp_kses($_POST['post_content'], fes_allowed_html_tags()) : '', 'post_excerpt' => isset($_POST['post_excerpt']) ? wp_kses($_POST['post_excerpt'], fes_allowed_html_tags()) : '');
if (isset($_POST['category'])) {
$category = $_POST['category'];
$postarr['post_category'] = is_array($category) ? $category : array($category);
}
if (isset($_POST['tags'])) {
$postarr['tags_input'] = explode(',', $_POST['tags']);
}
$postarr = apply_filters('fes_add_post_args', $postarr, $form_id, $form_settings, $form_vars);
if ($new) {
$post_id = wp_insert_post($postarr);
} else {
$postarr['ID'] = $post_id;
wp_update_post($postarr);
}
if ($post_id) {
self::update_post_meta($meta_vars, $post_id);
// set the post form_id for later usage
update_post_meta($post_id, '_fes-form_id', $form_id);
// find our if any images in post content and associate them
if (!empty($postarr['post_content'])) {
$dom = new DOMDocument();
$dom->loadHTML($postarr['post_content']);
$images = $dom->getElementsByTagName('img');
if ($images->length) {
foreach ($images as $img) {
$url = $img->getAttribute('src');
$url = str_replace(array('"', "'", "\\"), '', $url);
$attachment_id = fes_get_attachment_id_from_url($url, $post_author);
if ($attachment_id) {
fes_associate_attachment($attachment_id, $post_id);
}
}
}
}
foreach ($taxonomy_vars as $taxonomy) {
if (isset($_POST[$taxonomy['name']])) {
if (is_object_in_taxonomy('download', $taxonomy['name'])) {
$tax = $_POST[$taxonomy['name']];
// if it's not an array, make it one
if (!is_array($tax)) {
$tax = array($tax);
}
if ($taxonomy['type'] == 'text') {
$hierarchical = array_map('trim', array_map('strip_tags', explode(',', $_POST[$taxonomy['name']])));
wp_set_object_terms($post_id, $hierarchical, $taxonomy['name']);
} else {
if (is_taxonomy_hierarchical($taxonomy['name'])) {
wp_set_post_terms($post_id, $_POST[$taxonomy['name']], $taxonomy['name']);
} else {
if ($tax) {
$non_hierarchical = array();
foreach ($tax as $value) {
$term = get_term_by('id', $value, $taxonomy['name']);
if ($term && !is_wp_error($term)) {
$non_hierarchical[] = $term->name;
}
}
wp_set_post_terms($post_id, $non_hierarchical, $taxonomy['name']);
}
}
// hierarchical
}
// is text
}
// is object tax
}
// isset tax
}
$options = isset($_POST['option']) ? $_POST['option'] : '';
$files = isset($_POST['files']) ? $_POST['files'] : '';
$prices = array();
$edd_files = array();
if (isset($options) && $options != '') {
foreach ($options as $key => $option) {
$prices[] = array('name' => isset($option['description']) ? sanitize_text_field($option['description']) : '', 'amount' => isset($option['price']) ? $option['price'] : '');
}
if (!empty($files)) {
foreach ($files as $key => $url) {
$edd_files[$key] = array('name' => basename($url), 'file' => $url, 'condition' => $key);
}
}
} elseif (!empty($files)) {
// For when there are no prices or option names allowed, https://github.com/chriscct7/edd-fes/issues/417
foreach ($files as $key => $url) {
$edd_files[$key] = array('name' => basename($url), 'file' => $url, 'condition' => $key);
}
}
do_action('fes_submission_form_save_custom_fields', $post_id);
if (count($prices) === 1 || count($prices) === 0) {
if (!isset($prices[0]['amount'])) {
$prices[0]['amount'] = "";
}
update_post_meta($post_id, '_variable_pricing', 0);
update_post_meta($post_id, 'edd_price', $prices[0]['amount']);
update_post_meta($post_id, 'edd_variable_prices', $prices);
// Save variable prices anyway so that price options are saved
} else {
update_post_meta($post_id, '_variable_pricing', 1);
update_post_meta($post_id, 'edd_variable_prices', $prices);
if (EDD_FES()->helper->get_option('fes-allow-multiple-purchase-mode', false)) {
update_post_meta($post_id, '_edd_price_options_mode', '1');
}
}
if (!empty($files)) {
$edd_files = apply_filters('fes_pre_files_save', $edd_files, $post_id);
update_post_meta($post_id, 'edd_download_files', $edd_files);
}
if (EDD_FES()->integrations->is_commissions_active() && $new === true) {
$commission = array('amount' => eddc_get_recipient_rate(0, $post_author), 'user_id' => $post_author, 'type' => 'percentage');
update_post_meta($post_id, '_edd_commission_settings', $commission);
update_post_meta($post_id, '_edd_commisions_enabled', '1');
}
do_action('fes_submit_submission_form_bottom', $post_id);
$redirect_to = get_permalink(EDD_FES()->helper->get_option('fes-vendor-dashboard-page', false));
if (EDD_FES()->vendors->vendor_can_edit_product($post_id)) {
$redirect_to = add_query_arg(array('task' => 'edit-product'), $redirect_to);
$redirect_to = add_query_arg(array('post_id' => $post_id), $redirect_to);
} else {
$redirect_to = add_query_arg(array('task' => 'dashboard'), $redirect_to);
}
// Unset edd session
EDD()->session->set('edd_fes_post_id', '');
if ($new) {
if ($pending) {
// email admin
$to = apply_filters('fes_submission_form_pending_to_admin', edd_get_admin_notice_emails(), $post_id);
$from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name');
$from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email');
$subject = apply_filters('fes_submission_form_to_admin_subject', __('New Submission Received', 'edd_fes'));
$message = EDD_FES()->helper->get_option('fes-admin-new-submission-email', '');
$type = "post";
$id = $post_id;
$args = array('permissions' => 'fes-admin-new-submission-email-toggle');
EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args);
// email user
$user = new WP_User($user_id);
$to = $user->user_email;
$from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name');
$from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email');
$subject = apply_filters('fes_submission_new_form_to_vendor_subject', __('Submission Received', 'edd_fes'));
$message = EDD_FES()->helper->get_option('fes-vendor-new-submission-email', '');
$type = "post";
$id = $post_id;
$args = array('permissions' => 'fes-vendor-new-submission-email-toggle');
EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args);
do_action('fes_submission_form_new_pending', $post_id);
} else {
do_action('fes_submission_form_new_published', $post_id);
}
} else {
// submission heading to pending
if ($pending) {
// email admin
$to = apply_filters('fes_submission_form_published_to_admin', edd_get_admin_notice_emails(), $post_id);
$from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name');
$from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email');
$subject = apply_filters('fes_submission_form_edit_to_admin_subject', __('New Submission Edit Received', 'edd_fes'));
$message = EDD_FES()->helper->get_option('fes-admin-new-submission-edit-email', '');
$type = "post";
$id = $post_id;
$args = array('permissions' => 'fes-admin-new-submission-edit-email-toggle');
EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args);
do_action('fes_submission_form_edit_pending', $post_id);
} else {
do_action('fes_submission_form_edit_published', $post_id);
}
}
$response = array('success' => true, 'redirect_to' => $redirect_to, 'message' => __('Success!', 'edd_fes'), 'is_post' => true);
$response = apply_filters('fes_add_post_redirect', $response, $post_id, $form_id);
echo json_encode($response);
exit;
} else {
$this->signal_error(__('Something went wrong! Error 1049: Post ID not set. Possibly Database lock in place.', 'edd_fes'));
}
}