function comment_intercept() { if (!isset($_POST['fes_nonce']) || !isset($_POST['newcomment_body'])) { return; } if (!wp_verify_nonce($_POST['fes_nonce'], 'fes_comment_nonce') || $_POST['newcomment_body'] === '') { return; } $comment_id = absint($_POST['cid']); $author_id = absint($_POST['aid']); $post_id = absint($_POST['pid']); $content = wp_kses($_POST['newcomment_body'], fes_allowed_html_tags()); $user = get_userdata($author_id); update_comment_meta($comment_id, 'fes-already-processed', 'edd_fes'); $new_id = wp_insert_comment(array('user_id' => $author_id, 'comment_author_email' => $user->user_email, 'comment_author' => $user->user_login, 'comment_parent' => $comment_id, 'comment_post_ID' => $post_id, 'comment_content' => $content)); // This ensures author replies are not shown in the list update_comment_meta($new_id, 'fes-already-processed', 'edd_fes'); }
function submit_submission_form($id = 0, $values = array(), $args = array()) { if (is_admin() && (!isset($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], 'fes-form-submission-form'))) { return; } global $edd_options; check_ajax_referer('fes-form-submission-form'); @header('Content-Type: application/json; charset=' . get_option('blog_charset')); $form_id = isset($_POST['form_id']) ? intval($_POST['form_id']) : 0; $db_form_id = EDD_FES()->helper->get_option('fes-submission-form', false); if ($form_id != $db_form_id) { $response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied: ' . $form_id . ' != ' . $db_form_id, 'edd_fes'), 'is_post' => true); echo json_encode($response); exit; } if (!$id && isset($_REQUEST['post_id']) && absint($_REQUEST['post_id'])) { $id = absint($_REQUEST['post_id']); } $user_id = get_current_user_id(); $is_vendor = EDD_FES()->vendors->vendor_is_vendor($user_id); $is_admin = EDD_FES()->vendors->vendor_is_admin($user_id); // if they are not a vendor, admin, or in the backend if (!$is_admin && !is_admin() && !$is_vendor) { $response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied', 'edd_fes'), 'is_post' => true); echo json_encode($response); exit; } if ($id) { $post = get_post($id); $post_author = $post->post_author; // if they are not admin, in the admin, or the author of the post if (!$is_admin && !is_admin() && $id !== 0 && $post_author !== $user_id) { $response = array('success' => false, 'redirect_to' => get_permalink($_POST['page_id']), 'message' => __('Access Denied', 'edd_fes'), 'is_post' => true); echo json_encode($response); exit; } } $form_vars = $this->get_input_fields($form_id); $form_settings = get_post_meta($form_id, 'fes-form_settings', true); list($post_vars, $taxonomy_vars, $meta_vars) = $form_vars; // don't check captcha on post edit if (!$id) { // check recaptcha if ($this->search_array($post_vars, 'input_type', 'recaptcha')) { $this->validate_re_captcha(); } } $error = apply_filters('fes_submit_post_validate', '', $form_id); if (!empty($error)) { $this->signal_error($error); } $pending = false; $new = true; $post_id = $id; if (!empty($post->post_status) && 'publish' != $post->post_status) { $status = $post->post_status; } else { $status = 'publish'; } // already existing product if ($id && is_object(get_post($id))) { $new = false; $post_id = $id; if (!EDD_FES()->helper->get_option('fes-auto-approve-edits', false)) { $pending = true; $status = 'pending'; } } else { if (!EDD_FES()->helper->get_option('fes-auto-approve-submissions', false)) { $pending = true; $status = 'pending'; } } $post_author = get_current_user_id(); $postarr = array('post_type' => 'download', 'post_status' => $status, 'post_author' => $post_author, 'post_title' => isset($_POST['post_title']) ? sanitize_text_field(trim($_POST['post_title'])) : '', 'post_content' => isset($_POST['post_content']) ? wp_kses($_POST['post_content'], fes_allowed_html_tags()) : '', 'post_excerpt' => isset($_POST['post_excerpt']) ? wp_kses($_POST['post_excerpt'], fes_allowed_html_tags()) : ''); if (isset($_POST['category'])) { $category = $_POST['category']; $postarr['post_category'] = is_array($category) ? $category : array($category); } if (isset($_POST['tags'])) { $postarr['tags_input'] = explode(',', $_POST['tags']); } $postarr = apply_filters('fes_add_post_args', $postarr, $form_id, $form_settings, $form_vars); if ($new) { $post_id = wp_insert_post($postarr); } else { $postarr['ID'] = $post_id; wp_update_post($postarr); } if ($post_id) { self::update_post_meta($meta_vars, $post_id); // set the post form_id for later usage update_post_meta($post_id, '_fes-form_id', $form_id); // find our if any images in post content and associate them if (!empty($postarr['post_content'])) { $dom = new DOMDocument(); $dom->loadHTML($postarr['post_content']); $images = $dom->getElementsByTagName('img'); if ($images->length) { foreach ($images as $img) { $url = $img->getAttribute('src'); $url = str_replace(array('"', "'", "\\"), '', $url); $attachment_id = fes_get_attachment_id_from_url($url, $post_author); if ($attachment_id) { fes_associate_attachment($attachment_id, $post_id); } } } } foreach ($taxonomy_vars as $taxonomy) { if (isset($_POST[$taxonomy['name']])) { if (is_object_in_taxonomy('download', $taxonomy['name'])) { $tax = $_POST[$taxonomy['name']]; // if it's not an array, make it one if (!is_array($tax)) { $tax = array($tax); } if ($taxonomy['type'] == 'text') { $hierarchical = array_map('trim', array_map('strip_tags', explode(',', $_POST[$taxonomy['name']]))); wp_set_object_terms($post_id, $hierarchical, $taxonomy['name']); } else { if (is_taxonomy_hierarchical($taxonomy['name'])) { wp_set_post_terms($post_id, $_POST[$taxonomy['name']], $taxonomy['name']); } else { if ($tax) { $non_hierarchical = array(); foreach ($tax as $value) { $term = get_term_by('id', $value, $taxonomy['name']); if ($term && !is_wp_error($term)) { $non_hierarchical[] = $term->name; } } wp_set_post_terms($post_id, $non_hierarchical, $taxonomy['name']); } } // hierarchical } // is text } // is object tax } // isset tax } $options = isset($_POST['option']) ? $_POST['option'] : ''; $files = isset($_POST['files']) ? $_POST['files'] : ''; $prices = array(); $edd_files = array(); if (isset($options) && $options != '') { foreach ($options as $key => $option) { $prices[] = array('name' => isset($option['description']) ? sanitize_text_field($option['description']) : '', 'amount' => isset($option['price']) ? $option['price'] : ''); } if (!empty($files)) { foreach ($files as $key => $url) { $edd_files[$key] = array('name' => basename($url), 'file' => $url, 'condition' => $key); } } } elseif (!empty($files)) { // For when there are no prices or option names allowed, https://github.com/chriscct7/edd-fes/issues/417 foreach ($files as $key => $url) { $edd_files[$key] = array('name' => basename($url), 'file' => $url, 'condition' => $key); } } do_action('fes_submission_form_save_custom_fields', $post_id); if (count($prices) === 1 || count($prices) === 0) { if (!isset($prices[0]['amount'])) { $prices[0]['amount'] = ""; } update_post_meta($post_id, '_variable_pricing', 0); update_post_meta($post_id, 'edd_price', $prices[0]['amount']); update_post_meta($post_id, 'edd_variable_prices', $prices); // Save variable prices anyway so that price options are saved } else { update_post_meta($post_id, '_variable_pricing', 1); update_post_meta($post_id, 'edd_variable_prices', $prices); if (EDD_FES()->helper->get_option('fes-allow-multiple-purchase-mode', false)) { update_post_meta($post_id, '_edd_price_options_mode', '1'); } } if (!empty($files)) { $edd_files = apply_filters('fes_pre_files_save', $edd_files, $post_id); update_post_meta($post_id, 'edd_download_files', $edd_files); } if (EDD_FES()->integrations->is_commissions_active() && $new === true) { $commission = array('amount' => eddc_get_recipient_rate(0, $post_author), 'user_id' => $post_author, 'type' => 'percentage'); update_post_meta($post_id, '_edd_commission_settings', $commission); update_post_meta($post_id, '_edd_commisions_enabled', '1'); } do_action('fes_submit_submission_form_bottom', $post_id); $redirect_to = get_permalink(EDD_FES()->helper->get_option('fes-vendor-dashboard-page', false)); if (EDD_FES()->vendors->vendor_can_edit_product($post_id)) { $redirect_to = add_query_arg(array('task' => 'edit-product'), $redirect_to); $redirect_to = add_query_arg(array('post_id' => $post_id), $redirect_to); } else { $redirect_to = add_query_arg(array('task' => 'dashboard'), $redirect_to); } // Unset edd session EDD()->session->set('edd_fes_post_id', ''); if ($new) { if ($pending) { // email admin $to = apply_filters('fes_submission_form_pending_to_admin', edd_get_admin_notice_emails(), $post_id); $from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name'); $from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email'); $subject = apply_filters('fes_submission_form_to_admin_subject', __('New Submission Received', 'edd_fes')); $message = EDD_FES()->helper->get_option('fes-admin-new-submission-email', ''); $type = "post"; $id = $post_id; $args = array('permissions' => 'fes-admin-new-submission-email-toggle'); EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args); // email user $user = new WP_User($user_id); $to = $user->user_email; $from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name'); $from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email'); $subject = apply_filters('fes_submission_new_form_to_vendor_subject', __('Submission Received', 'edd_fes')); $message = EDD_FES()->helper->get_option('fes-vendor-new-submission-email', ''); $type = "post"; $id = $post_id; $args = array('permissions' => 'fes-vendor-new-submission-email-toggle'); EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args); do_action('fes_submission_form_new_pending', $post_id); } else { do_action('fes_submission_form_new_published', $post_id); } } else { // submission heading to pending if ($pending) { // email admin $to = apply_filters('fes_submission_form_published_to_admin', edd_get_admin_notice_emails(), $post_id); $from_name = isset($edd_options['from_name']) ? $edd_options['from_name'] : get_bloginfo('name'); $from_email = isset($edd_options['from_email']) ? $edd_options['from_email'] : get_option('admin_email'); $subject = apply_filters('fes_submission_form_edit_to_admin_subject', __('New Submission Edit Received', 'edd_fes')); $message = EDD_FES()->helper->get_option('fes-admin-new-submission-edit-email', ''); $type = "post"; $id = $post_id; $args = array('permissions' => 'fes-admin-new-submission-edit-email-toggle'); EDD_FES()->emails->send_email($to, $from_name, $from_email, $subject, $message, $type, $id, $args); do_action('fes_submission_form_edit_pending', $post_id); } else { do_action('fes_submission_form_edit_published', $post_id); } } $response = array('success' => true, 'redirect_to' => $redirect_to, 'message' => __('Success!', 'edd_fes'), 'is_post' => true); $response = apply_filters('fes_add_post_redirect', $response, $post_id, $form_id); echo json_encode($response); exit; } else { $this->signal_error(__('Something went wrong! Error 1049: Post ID not set. Possibly Database lock in place.', 'edd_fes')); } }