/**
* Update the Views Bootrstap version
*
* $_POST:
* wpnonce: wpv_bootstrap_version_nonce
* status: 1|2|3|-1
*/
function wpv_update_bootstrap_version_status()
{
if (!current_user_can('manage_options')) {
$data = array('type' => 'capability', 'message' => __('You do not have permissions for that.', 'wpv-views'));
wp_send_json_error($data);
}
if (!isset($_POST["wpnonce"]) || !wp_verify_nonce($_POST["wpnonce"], 'wpv_bootstrap_version_nonce')) {
$data = array('type' => 'nonce', 'message' => __('Your security credentials have expired. Please reload the page to get new ones.', 'wpv-views'));
wp_send_json_error($data);
}
$status = wpv_getpost('status', null, array(1, 2, 3, -1));
if (null != $status) {
$this->wpv_bootstrap_version = $status;
$this->save();
wp_send_json_success();
} else {
wp_send_json_error();
}
wp_send_json_success();
}
/**
* Bind specific posts to a Content Template.
*
* Following POST parameters are expected:
* - id: Content Template ID
* - wpnonce: A valid wpv_ct_{$id}_bind_posts_by_{$user_id} nonce.
* - posts_to_bind: An array of post IDs that should be bound.
*
* Returns a default WP json response (error/success), possibly with a debug message
* on error.
*
* @since 1.9
*/
function wpv_ct_bind_posts_callback() {
// Authentication and validation
if ( ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( 'Untrusted user' );
}
$ct_id = (int) wpv_getpost( 'id' );
$uid = get_current_user_id();
$nonce_name = "wpv_ct_{$ct_id}_bind_posts_by_{$uid}";
if ( ! wp_verify_nonce( wpv_getpost( 'wpnonce' ), $nonce_name ) ) {
wp_send_json_error( "Security check ($nonce_name)" );
}
$ct = WPV_Content_Template::get_instance( $ct_id );
if( null == $ct ) {
wp_send_json_error( 'Invalid Content Template' );
}
$posts_to_bind = wpv_getpost( 'posts_to_bind' );
if( !is_array( $posts_to_bind ) ) {
wp_send_json_error( 'Invalid arguments (' . print_r( $posts_to_bind, true ) . ')' );
}
// Post binding
$updated = $ct->bind_posts( $posts_to_bind );
if( false === $updated ) {
wp_send_json_error( 'bind_posts failed' );
}
wp_send_json_success( array( 'updated' => $updated ) );
}
function toolset_update_toolset_admin_bar_options()
{
$toolset_options = Toolset_Settings::get_instance();
if (!current_user_can('manage_options')) {
$data = array('type' => 'capability', 'message' => __('You do not have permissions for that.', 'wpv-views'));
wp_send_json_error($data);
}
if (!isset($_POST["wpnonce"]) || !wp_verify_nonce($_POST["wpnonce"], 'toolset_admin_bar_settings_nonce')) {
$data = array('type' => 'nonce', 'message' => __('Your security credentials have expired. Please reload the page to get new ones.', 'wpv-views'));
wp_send_json_error($data);
}
$frontend = isset($_POST['frontend']) ? sanitize_text_field($_POST['frontend']) : 'true';
$backend = wpv_getpost('backend', null, array('disable', 'editor', 'always'));
if (null != $backend) {
$toolset_options['shortcodes_generator'] = $backend;
}
$toolset_options['show_admin_bar_shortcut'] = $frontend == 'true' ? 'on' : 'off';
$toolset_options->save();
wp_send_json_success();
}
function wpv_view_bulk_trashdel_render_popup_callback()
{
if (!current_user_can('manage_options')) {
die("Untrusted user");
}
$nonce = wpv_getpost('wpnonce');
if (!wp_verify_nonce($nonce, 'wpv_view_listing_actions_nonce')) {
die("Security check");
}
$post_ids = wpv_getpost('ids', array());
if (is_string($_POST['ids'])) {
$post_ids = array($_POST['ids']);
}
// We only get IDs and titles
global $wpdb;
$post_ids = array_map('esc_attr', $post_ids);
$post_ids = array_map('trim', $post_ids);
// is_numeric does sanitization
$post_ids = array_filter($post_ids, 'is_numeric');
$post_ids = array_map('intval', $post_ids);
if (!empty($post_ids)) {
$post_id_list = implode(',', $post_ids);
$views = $wpdb->get_results("SELECT ID as id, post_title \n\t\t\tFROM {$wpdb->posts} \n\t\t\tWHERE post_type = 'view' \n\t\t\tAND id IN ( {$post_id_list} )");
} else {
$views = array();
// This should never happen.
}
$view_count = count($views);
// Different values based on the action we're confirming (they're all here).
$view_action = wpv_getpost('view_action', 'delete', array('delete', 'trash'));
$dialog_header = 'delete' == $view_action ? __('Delete Views', 'wpv-views') : __('Trash Views', 'wpv-views');
$action_word = 'delete' == $view_action ? __('delete', 'wpv-views') : __('trash', 'wpv-views');
$button_label = 'delete' == $view_action ? _n('Delete', 'Delete all', $view_count, 'wpv-views') : _n('Trash', 'Trash all', $view_count, 'wpv-views');
$button_class = 'delete' == $view_action ? 'js-bulk-remove-view-permanent' : 'js-bulk-confirm-view-trash';
$nonce = 'delete' == $view_action ? wp_create_nonce('wpv_bulk_remove_view_permanent_nonce') : wp_create_nonce('wpv_view_listing_actions_nonce');
?>
<div class="wpv-dialog">
<div class="wpv-dialog-header">
<h2><?php
echo $dialog_header;
?>
</h2>
</div>
<div class="wpv-dialog-content">
<p>
<?php
printf(_n('Are you sure you want to %s this View?', 'Are you sure you want %s these Views?', $view_count, 'wpv-views'), $action_word);
?>
</p>
<p>
<?php
echo _n('Please use the Scan button first to be sure that it is not used anywhere.', 'Please use Scan buttons first to be sure that they are not used anywhere.', $view_count, 'wpv-views');
?>
</p>
<table class="wpv-view-table" style="width: 100%;">
<?php
foreach ($views as $view) {
?>
<tr>
<td><strong><?php
echo $view->post_title;
?>
</strong></td>
<td class="wpv-admin-listing-col-scan">
<button class="button js-scan-button" data-view-id="<?php
echo esc_attr($view->id);
?>
">
<?php
_e('Scan', 'wp-views');
?>
</button>
<span class="js-nothing-message hidden"><?php
_e('Nothing found', 'wpv-views');
?>
</span>
</td>
</tr>
<?php
}
?>
</table>
</div>
<div class="wpv-dialog-footer">
<button class="button js-dialog-close">
<?php
_e('Cancel', 'wpv-views');
?>
</button>
<button class="button button-primary <?php
echo esc_attr($button_class);
?>
"
data-nonce="<?php
echo esc_attr($nonce);
?>
"
data-view-ids="<?php
echo urlencode(implode(',', $post_ids));
?>
">
<?php
echo $button_label;
?>
</button>
</div>
</div>
<?php
die;
}
function wpv_update_filter_extra_callback() {
// Authentication
if ( ! current_user_can( 'manage_options' ) ) {
$data = array(
'type' => 'capability',
'message' => __( 'You do not have permissions for that.', 'wpv-views' )
);
wp_send_json_error( $data );
}
if (
! isset( $_POST["wpnonce"] )
|| ! wp_verify_nonce( $_POST["wpnonce"], 'wpv_view_filter_extra_nonce' )
) {
$data = array(
'type' => 'nonce',
'message' => __( 'Your security credentials have expired. Please reload the page to get new ones.', 'wpv-views' )
);
wp_send_json_error( $data );
}
// Get the View
$view_id = (int) wpv_getpost( 'id', 0 );
$view = WPV_View::get_instance( $view_id );
if ( $view_id < 1 || null == $view ) {
$data = array(
'type' => 'id',
'message' => __( 'Wrong or missing ID.', 'wpv-views' )
);
wp_send_json_error( $data );
}
// Update View settings. Note that if any of those properties fail to update, nothing will be saved -
// that doesn't happen until finish_modifying_view_settings() is called.
try {
$view->begin_modifying_view_settings();
$filter_meta_html = wpv_getpost('query_val', null);
if (null != $filter_meta_html) {
$view->filter_meta_html = $filter_meta_html;
}
$view->filter_css = wpv_getpost('query_css_val');
$view->filter_js = wpv_getpost('query_js_val');
$view->finish_modifying_view_settings();
} catch ( WPV_RuntimeExceptionWithMessage $e ) {
wp_send_json_error( array( 'type' => '', 'message' => $e->getUserMessage() ) );
} catch ( Exception $e ) {
wp_send_json_error( array( 'type' => '', 'message' => __( 'An unexpected error ocurred.', 'wpv-views' ) ) );
}
// Indicate success.
$data = array(
'id' => $view_id,
'message' => __( 'Filter saved', 'wpv-views' )
);
wp_send_json_success( $data );
}
/**
* Update one or more properties of a Content Template.
*
* Note: I've put this into ct-editor.php instead of wpv-admin-ajax.php, because it will most probably
* be used *only* by Content Template edit page. No need to further bloat that file with single-purpose
* call handlers. If the usage should change in the future, just move the code to a more appropriate place.
* --Jan
*
* Following POST parameters are expected:
* - id: Content Template ID
* - wpnonce: A valid wpv_ct_{$id}_update_properties_by_{$user_id} nonce.
* - properties: An array of objects (that will be decoded from JSON to associative arrays),
* each of them representing a property with "name" and "value" keys.
*
* A WPV_Content_Template object will be instantiated and this function will try to update values of
* it's properties as defined in the "properties" POST parameter. The "update transaction" mechansim
* is used for this purpose (see WPV_Post_Object_Wrapper::update_transaction() for details
* about update logic).
*
* It always returns JSON object with a 'success' key. If an "generic" error (like invalid
* nonce or some invalid arguments) happens, success will be false. Otherwise, if success is true,
* there will be a 'data' key containing:
* - 'all_succeeded' - boolean
* - 'results', an object with property names as keys and booleans indicating that particular
* property has been saved successfully (which depends on the logic in WPV_Content_Template),
* optionally also containing a "message" property that should be displayed to the user.
*
* @since 1.9
*/
function wpv_ct_update_properties_callback() {
// Authentication and validation
if ( ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( 'Untrusted user' );
}
$ct_id = (int) wpv_getpost( 'id' );
$uid = get_current_user_id();
$nonce_name = "wpv_ct_{$ct_id}_update_properties_by_{$uid}";
if ( ! wp_verify_nonce( wpv_getpost( 'wpnonce' ), $nonce_name ) ) {
wp_send_json_error( "Security check ($nonce_name)" );
}
$ct = WPV_Content_Template::get_instance( $ct_id );
if( null == $ct ) {
wp_send_json_error( 'Invalid Content Template' );
}
$properties = wpv_getpost( 'properties' );
if( !is_array( $properties ) ) {
wp_send_json_error( 'Invalid arguments (' . print_r( $properties, true ) . ')' );
}
// Try to save data as a transaction (all at once or nothing).
// Refer to WPV_Post_Object_Wrapper::update_transaction() for details.
$transaction_data = array();
foreach( $properties as $property ) {
// Missing property value defaults to empty array because of jQuery.ajax issues with empty arrays.
// If it's invalid value for the property, it should be rejected during validation - no harm done here.
$property_value = wpv_getarr( $property, 'value', array() );
$transaction_data[ $property['name'] ] = $property_value;
}
// Run the update transaction.
// Second parameter is false mostly because vm.processTitleSectionUpdateResults in JS.
$transaction_result = $ct->update_transaction( $transaction_data, false );
// Parse the translation result into per-property results that will be returned.
$results = array();
foreach( $properties as $property ) {
$propery_name = $property['name'];
$result = array( 'name' => $propery_name );
if( true == $transaction_result['success'] ) {
// Transaction success == all was updated without errors.
$result['success'] = true;
} else if( true == $transaction_result['partial']
&& in_array( $propery_name, $transaction_result['updated_properties'] ) ) {
// The least desired situation (but rare) where some properties have been updated
// and some haven't.
$result['success'] = true;
} else {
// Failure, for one or the other reason. Look for an optional error message.
$result['success'] = false;
if( array_key_exists( $propery_name, $transaction_result['error_messages'] ) ) {
$error = $transaction_result['error_messages'][ $propery_name ];
$result['message'] = $error['message'];
$result['code'] = $error['code'];
}
}
$results[] = $result;
}
// Report success (because the AJAX call succeeded in general) and attach information
// about each property update.
wp_send_json_success( array( 'results' => $results ) );
}
function wpv_update_layout_extra_callback() {
// Authentication
if ( ! current_user_can( 'manage_options' ) ) {
$data = array(
'type' => 'capability',
'message' => __( 'You do not have permissions for that.', 'wpv-views' )
);
wp_send_json_error( $data );
}
if (
! isset( $_POST["wpnonce"] )
|| ! wp_verify_nonce( $_POST["wpnonce"], 'wpv_view_layout_extra_nonce' )
) {
$data = array(
'type' => 'nonce',
'message' => __( 'Your security credentials have expired. Please reload the page to get new ones.', 'wpv-views' )
);
wp_send_json_error( $data );
}
$view_id = (int) wpv_getpost( 'id', 0 );
// This will give us a View, a WPA or null.
$view = WPV_View_Base::get_instance( $view_id );
if ( $view_id < 1 || ( null == $view ) ) {
$data = array(
'type' => 'id',
'message' => __( 'Wrong or missing ID.', 'wpv-views' )
);
wp_send_json_error( $data );
}
try {
// We're updating multiple properties at once.
$view->defer_after_update_actions();
// Actually we're changing only View settings and loop settings here.
// If any of those changes fails, the database will not be updated.
$view->begin_modifying_view_settings();
$view->begin_modifying_loop_settings();
$view->css = wpv_getpost( 'layout_css_val' );
$view->js = wpv_getpost( 'layout_js_val' );
$view->loop_meta_html = wpv_getpost( 'layout_val' );
// Save the wizard settings
if ( isset( $_POST['include_wizard_data'] ) ) {
$view->loop_style = wpv_getpost( 'style' );
$view->loop_table_column_count = wpv_getpost( 'table_cols' );
$view->loop_bs_column_count = wpv_getpost( 'bootstrap_grid_cols' );
$view->loop_bs_grid_container = wpv_getpost( 'bootstrap_grid_container' );
$view->loop_row_class = wpv_getpost( 'bootstrap_grid_row_class' );
$view->loop_bs_individual = wpv_getpost( 'bootstrap_grid_individual' );
$view->loop_include_field_names = wpv_getpost( 'include_field_names' );
$view->loop_fields = wpv_getpost( 'fields' ); // @todo sanitize this
$view->loop_real_fields = wpv_getpost( 'real_fields' ); // @todo sanitize this
// Remove unused Content Template
$ct_to_delete = (int) wpv_getpost( 'delete_view_loop_template', 0 );
if( $ct_to_delete > 0 ) {
$view->delete_unused_loop_template( $ct_to_delete );
}
}
// Now store changes.
$view->finish_modifying_view_settings();
$view->finish_modifying_loop_settings();
$view->resume_after_update_actions();
} catch ( WPV_RuntimeExceptionWithMessage $e ) {
// Validation errors go here.
wp_send_json_error( array( 'type' => 'update', 'message' => $e->getUserMessage() ) );
} catch ( Exception $e ) {
wp_send_json_error( array( 'type' => 'update', 'message' => __( 'An unexpected error ocurred.', 'wpv-views' ) ) );
}
// Success!
$data = array(
'id' => $view_id,
'message' => __( 'Loop Output saved', 'wpv-views' )
);
wp_send_json_success( $data );
}