/** * @covers GravityView_Entry_Link_Shortcode::edit_shortcode */ function _test_edit($view, $entry, $atts) { $nonce_key = GravityView_Edit_Entry::get_nonce_key($view->ID, $entry['form_id'], $entry['id']); $nonce = wp_create_nonce($nonce_key); $gvid = GravityView_View_Data::getInstance()->has_multiple_views() ? '&gvid=' . gravityview_get_view_id() : ''; $atts['return'] = 'html'; $edit_link = $this->object->edit_shortcode($atts); $atts['action'] = 'edit'; $edit_link_backward_compat = $this->object->read_shortcode($atts); $this->assertEquals($edit_link, $edit_link_backward_compat); $this->assertEquals('<a href="http://example.org/?p=' . $atts['post_id'] . '&entry=' . $atts['entry_id'] . esc_attr($gvid) . '&page=gf_entries&view=entry&edit=' . $nonce . '">Edit Entry</a>', $edit_link, 'edit link'); $atts['return'] = 'url'; $edit_link_return_url = $this->object->edit_shortcode($atts); $this->assertEquals('http://example.org/?p=' . $atts['post_id'] . '&entry=' . $atts['entry_id'] . $gvid . '&page=gf_entries&view=entry&edit=' . $nonce, $edit_link_return_url, 'edit link URL only'); $atts['return'] = 'html'; $atts['link_atts'] = 'target="_blank"&title="check me out!"'; $edit_link_link_atts = $this->object->edit_shortcode($atts); $this->assertEquals('<a title=""check me out!"" target=""_blank"" href="http://example.org/?p=' . $atts['post_id'] . '&entry=' . $atts['entry_id'] . esc_attr($gvid) . '&page=gf_entries&view=entry&edit=' . $nonce . '">Edit Entry</a>', $edit_link_link_atts, 'edit link, return html, with link_atts target="_blank"&title="check me out!"'); $atts['return'] = 'html'; $atts['link_atts'] = 'target=_blank&title=check me out!'; $edit_link_link_atts = $this->object->edit_shortcode($atts); $this->assertEquals('<a title="check me out!" target="_blank" href="http://example.org/?p=' . $atts['post_id'] . '&entry=' . $atts['entry_id'] . esc_attr($gvid) . '&page=gf_entries&view=entry&edit=' . $nonce . '">Edit Entry</a>', $edit_link_link_atts, 'edit link return html with link atts target=_blank&title=check me out!'); $zero = $this->factory->user->create_and_set(array('role' => 'zero')); // User without edit entry caps should not be able to see link $this->assertNull($this->object->edit_shortcode($atts), 'user with no caps shouldn\'t be able to see link'); }
/** * return href for single entry * @param array|int $entry Entry array or entry ID * @param int|null $post_id If wanting to define the parent post, pass a post ID * @param boolean $add_directory_args True: Add args to help return to directory; False: only include args required to get to entry {@since 1.7.3} * @return string Link to the entry with the directory parent slug */ public static function entry_link($entry, $post_id = NULL, $add_directory_args = true) { if (!empty($entry) && !is_array($entry)) { $entry = GVCommon::get_entry($entry); } else { if (empty($entry)) { $entry = GravityView_frontend::getInstance()->getEntry(); } } // Second parameter used to be passed as $field; this makes sure it's not an array if (!is_numeric($post_id)) { $post_id = NULL; } // Get the permalink to the View $directory_link = self::directory_link($post_id, false); // No post ID? Get outta here. if (empty($directory_link)) { return ''; } $query_arg_name = GravityView_Post_Types::get_entry_var_name(); $entry_slug = self::get_entry_slug($entry['id'], $entry); if (get_option('permalink_structure') && !is_preview()) { $args = array(); $directory_link = trailingslashit($directory_link) . $query_arg_name . '/' . $entry_slug . '/'; } else { $args = array($query_arg_name => $entry_slug); } /** * @since 1.7.3 */ if ($add_directory_args) { if (!empty($_GET['pagenum'])) { $args['pagenum'] = intval($_GET['pagenum']); } /** * @since 1.7 */ if ($sort = rgget('sort')) { $args['sort'] = $sort; $args['dir'] = rgget('dir'); } } /** * Check if we have multiple views embedded in the same page and in that case make sure the single entry link * has the view id so that Advanced Filters can be applied correctly when rendering the single view * @see GravityView_frontend::get_context_view_id() */ if (class_exists('GravityView_View_Data') && GravityView_View_Data::getInstance()->has_multiple_views()) { $args['gvid'] = gravityview_get_view_id(); } return add_query_arg($args, $directory_link); }
/** * Generate a nonce link with the base URL of the current View embed * * We don't want to link to the single entry, because when deleted, there would be nothing to return to. * * @since 1.5.1 * @param array $entry Gravity Forms entry array * @return string|null If directory link is valid, the URL to process the delete request. Otherwise, `NULL`. */ public static function get_delete_link($entry, $view_id = 0, $post_id = null) { self::getInstance()->set_entry($entry); $base = GravityView_API::directory_link($post_id, true); if (empty($base)) { do_action('gravityview_log_error', __METHOD__ . ' - Post ID does not exist: ' . $post_id); return NULL; } // Use the slug instead of the ID for consistent security $entry_slug = GravityView_API::get_entry_slug($entry['id'], $entry); $view_id = empty($view_id) ? gravityview_get_view_id() : $view_id; $actionurl = add_query_arg(array('action' => 'delete', 'entry_id' => $entry_slug, 'gvid' => $view_id, 'view_id' => $view_id), $base); $url = wp_nonce_url($actionurl, 'delete_' . $entry_slug, 'delete'); return $url; }