/**
* Send headers for WC Ajax Requests
* @since 2.5.0
*/
private static function wc_ajax_headers()
{
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
status_header(200);
}
/**
* Start preview and customize theme.
*
* Check if customize query variable exist. Init filters to filter the current theme.
*
* @since 3.4.0
*/
public function setup_theme()
{
if (!isset($_REQUEST['customize']) || 'on' != $_REQUEST['customize']) {
return;
}
send_origin_headers();
$this->start_previewing_theme();
show_admin_bar(false);
}
/**
* Set BSR AJAX constant and headers.
* @access public
*/
public function define_ajax()
{
if (isset($_GET['bsr-ajax']) && !empty($_GET['bsr-ajax'])) {
// Define the WordPress "DOING_AJAX" constant.
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
// Prevent notices from breaking AJAX functionality.
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send the headers.
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}
public function endpoint()
{
global $wp_query;
if (!isset($wp_query->query_vars[$this->endpoint])) {
return;
}
do_action('cornerstone_before_endpoint');
send_origin_headers();
if (empty($_REQUEST['action'])) {
die('0');
}
@header('X-Robots-Tag: noindex');
@header('Cornerstone: true');
send_nosniff_header();
nocache_headers();
$action = is_user_logged_in() ? 'cornerstone_endpoint_' : 'cornerstone_endpoint_nopriv_';
do_action($action . $_REQUEST['action']);
die('0');
}
/**
* Handles AJAX response
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$theme_my_login = Theme_My_Login::get_object();
if (Theme_My_Login::is_tml_page() && isset($_GET['ajax'])) {
define('DOING_AJAX', true);
$instance =& $theme_my_login->get_instance();
$instance->set_option('default_action', !empty($theme_my_login->request_action) ? $theme_my_login->request_action : 'login');
$instance->set_option('gravatar_size', 75);
$instance->set_option('before_title', '<h2>');
$instance->set_option('after_title', '</h2>');
$data = $instance->display();
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
$x = new WP_Ajax_Response(array('what' => 'login', 'action' => $theme_my_login->request_action, 'data' => $theme_my_login->errors->get_error_code() ? $theme_my_login->errors : $data, 'supplemental' => array('html' => $data, 'success' => is_user_logged_in())));
$x->send();
exit;
}
}
/**
* Set WC AJAX constant and headers.
*/
public static function define_ajax()
{
if (!empty($_GET['wc-ajax'])) {
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
if (!defined('WC_DOING_AJAX')) {
define('WC_DOING_AJAX', true);
}
// Turn off display_errors during AJAX events to prevent malformed JSON
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send headers like admin-ajax.php
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}
/**
* Executing AJAX process.
*
* @since 2.1.0
*/
define('WP_USE_THEMES', false);
define('DOING_AJAX', true);
//if (!defined('WP_ADMIN')) {
// define('WP_ADMIN', true);
//}
require_once cred_get_root_path() . 'wp-load.php';
require_once cred_get_root_path() . 'wp-admin/includes/file.php';
require_once cred_get_root_path() . 'wp-admin/includes/media.php';
require_once cred_get_root_path() . 'wp-admin/includes/image.php';
/** Allow for cross-domain requests (from the frontend). */
send_origin_headers();
$data = array();
if (isset($_REQUEST['nonce']) && check_ajax_referer('ajax_nonce', 'nonce', false)) {
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['file'])) {
$file = $_POST['file'];
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
$data = array('result' => true);
$local_file = cred_get_local($file);
//get all image attachments
$attachments = get_children(array('post_parent' => $id, 'post_type' => 'attachment'));
//loop through the array
if (!empty($attachments)) {
foreach ($attachments as $attachment) {
$attach_file = strtolower(basename($attachment->guid));
$my_local_file = strtolower(basename($local_file));
if ($attach_file == $my_local_file) {
/**
* Start preview and customize theme.
*
* Check if customize query variable exist. Init filters to filter the current theme.
*
* @since 3.4.0
*/
public function setup_theme()
{
send_origin_headers();
$doing_ajax_or_is_customized = $this->doing_ajax() || isset($_POST['customized']);
if (is_admin() && !$doing_ajax_or_is_customized) {
auth_redirect();
} elseif ($doing_ajax_or_is_customized && !is_user_logged_in()) {
$this->wp_die(0);
}
show_admin_bar(false);
if (!current_user_can('customize')) {
$this->wp_die(-1);
}
$this->original_stylesheet = get_stylesheet();
$this->theme = wp_get_theme(isset($_REQUEST['theme']) ? $_REQUEST['theme'] : null);
if ($this->is_theme_active()) {
// Once the theme is loaded, we'll validate it.
add_action('after_setup_theme', array($this, 'after_setup_theme'));
} else {
// If the requested theme is not the active theme and the user doesn't have the
// switch_themes cap, bail.
if (!current_user_can('switch_themes')) {
$this->wp_die(-1);
}
// If the theme has errors while loading, bail.
if ($this->theme()->errors()) {
$this->wp_die(-1);
}
// If the theme isn't allowed per multisite settings, bail.
if (!$this->theme()->is_allowed()) {
$this->wp_die(-1);
}
}
$this->start_previewing_theme();
}
/**
* Start preview and customize theme.
*
* Check if customize query variable exist. Init filters to filter the current theme.
*
* @since 3.4.0
*/
public function setup_theme()
{
send_origin_headers();
if (is_admin() && !$this->doing_ajax()) {
auth_redirect();
} elseif ($this->doing_ajax() && !is_user_logged_in()) {
$this->wp_die(0);
}
show_admin_bar(false);
if (!current_user_can('edit_theme_options')) {
$this->wp_die(-1);
}
$this->original_stylesheet = get_stylesheet();
$this->theme = wp_get_theme(isset($_REQUEST['theme']) ? $_REQUEST['theme'] : null);
if ($this->is_theme_active()) {
// Once the theme is loaded, we'll validate it.
add_action('after_setup_theme', array($this, 'after_setup_theme'));
} else {
if (!current_user_can('switch_themes')) {
$this->wp_die(-1);
}
// If the theme isn't active, you can't preview it if it is not allowed or has errors.
if ($this->theme()->errors()) {
$this->wp_die(-1);
}
if (!$this->theme()->is_allowed()) {
$this->wp_die(-1);
}
}
$this->start_previewing_theme();
}
public function handle_page_request()
{
global $HTTP_RAW_POST_DATA;
$route = get_query_var(GFWEBAPI_ROUTE_VAR);
if (false == $route) {
return;
}
send_origin_headers();
$settings = get_option('gravityformsaddon_gravityformswebapi_settings');
if (empty($settings) || !$settings['enabled']) {
$this->log_debug(__METHOD__ . '(): API not enabled, permission denied.');
$this->die_permission_denied();
}
$route_parts = pathinfo($route);
$format = rgar($route_parts, 'extension');
if ($format) {
$route = str_replace('.' . $format, '', $route);
}
$path_array = explode('/', $route);
$collection = strtolower(rgar($path_array, 0));
$id = rgar($path_array, 1);
if (strpos($id, ';') !== false) {
$id = explode(';', $id);
}
$collection2 = strtolower(rgar($path_array, 2));
$id2 = rgar($path_array, 3);
if (strpos($id2, ';') !== false) {
$id2 = explode(';', $id2);
}
if (empty($format)) {
$format = 'json';
}
$schema = strtolower(rgget('schema'));
$offset = isset($_GET['paging']['offset']) ? strtolower($_GET['paging']['offset']) : 0;
$page_size = isset($_GET['paging']['page_size']) ? strtolower($_GET['paging']['page_size']) : 10;
$method = strtoupper($_SERVER['REQUEST_METHOD']);
$args = compact('offset', 'page_size', 'schema');
$endpoint = empty($collection2) ? strtolower($method) . '_' . $collection : strtolower($method) . '_' . $collection . '_' . $collection2;
// The POST forms/[ID]/submissions endpoint is public and does not require authentication.
$authentication_required = $endpoint !== 'post_forms_submissions';
/**
* Allows overriding of authentication for all the endpoints of the Web API.
* gform_webapi_authentication_required_[end point]
* e.g.
* gform_webapi_authentication_required_post_form_submissions
*
* @param bool $authentication_required Whether authentication is required for this endpoint.
*/
$authentication_required = apply_filters('gform_webapi_authentication_required_' . $endpoint, $authentication_required);
if ($authentication_required) {
$this->authenticate();
} else {
$this->log_debug(__METHOD__ . '(): Authentication not required.');
}
$test_mode = rgget('test');
if ($test_mode) {
die('test mode');
}
if (empty($collection2)) {
do_action('gform_webapi_' . $endpoint, $id, $format, $args);
} else {
do_action('gform_webapi_' . $endpoint, $id, $id2, $format, $args);
}
if (!isset($HTTP_RAW_POST_DATA)) {
$HTTP_RAW_POST_DATA = file_get_contents('php://input');
}
$this->log_debug(__METHOD__ . '(): HTTP_RAW_POST_DATA = ' . $HTTP_RAW_POST_DATA);
$data = json_decode($HTTP_RAW_POST_DATA, true);
switch ($collection) {
case 'forms':
switch ($collection2) {
case 'results':
switch ($method) {
case 'GET':
$this->get_results($id);
break;
case 'DELETE':
case 'PUT':
case 'POST':
default:
$this->die_bad_request();
}
break;
case 'properties':
switch ($method) {
case 'PUT':
$this->put_forms_properties($data, $id);
break;
default:
$this->die_bad_request();
}
break;
case 'feeds':
if (false == empty($id2)) {
$this->die_bad_request();
}
switch ($method) {
case 'GET':
$this->get_feeds(null, $id);
break;
case 'DELETE':
$this->delete_feeds(null, $id);
break;
case 'PUT':
$this->die_not_implemented();
break;
case 'POST':
$this->post_feeds($data, $id);
break;
default:
$this->die_bad_request();
}
break;
case 'entries':
if (false == empty($id2)) {
$this->die_bad_request();
}
switch ($method) {
case 'GET':
$this->get_entries(null, $id, $schema);
break;
case 'POST':
$this->post_entries($data, $id);
break;
case 'PUT':
case 'DELETE':
$this->die_not_implemented();
break;
default:
$this->die_bad_request();
}
break;
case 'submissions':
if (false == empty($id2)) {
$this->die_bad_request();
}
switch ($method) {
case 'POST':
$this->submit_form($data, $id);
break;
case 'GET':
case 'PUT':
case 'DELETE':
$this->die_not_implemented();
break;
default:
$this->die_bad_request();
}
break;
case '':
switch ($method) {
case 'GET':
$this->get_forms($id, $schema);
break;
case 'DELETE':
$this->delete_forms($id);
break;
case 'PUT':
$this->put_forms($data, $id, $id2);
break;
case 'POST':
if (false === empty($id)) {
$this->die_bad_request();
}
$this->post_forms($data, $id);
break;
default:
$this->die_bad_request();
}
break;
default:
$this->die_bad_request();
break;
}
break;
case 'entries':
// route = /entries/{id}
switch ($method) {
case 'GET':
switch ($collection2) {
case 'fields':
// route = /entries/{id}/fields/{id2}
$this->get_entries($id, null, $schema, $id2);
break;
case '':
$this->get_entries($id, null, $schema);
break;
default:
$this->die_bad_request();
}
break;
case 'DELETE':
$this->delete_entries($id);
break;
case 'PUT':
switch ($collection2) {
case 'properties':
// route = /entries/{id}/properties/{id2}
$this->put_entry_properties($data, $id);
break;
case '':
$this->put_entries($data, $id);
break;
}
break;
case 'POST':
if (false === empty($id)) {
$this->die_bad_request();
}
$this->post_entries($data);
break;
default:
$this->die_bad_request();
}
break;
case 'feeds':
switch ($method) {
case 'GET':
$this->get_feeds($id);
break;
case 'DELETE':
if (empty($id)) {
$this->die_bad_request();
}
$this->delete_feeds($id);
break;
case 'PUT':
$this->put_feeds($data, $id);
break;
case 'POST':
if (false === empty($id)) {
$this->die_bad_request();
}
$this->post_feeds($data);
break;
default:
$this->die_bad_request();
}
break;
default:
$this->die_bad_request();
break;
}
$this->die_bad_request();
}
/**
* Start preview and customize theme.
*
* Check if customize query variable exist. Init filters to filter the current theme.
*
* @since 3.4.0
*/
public function setup_theme() {
if ( is_admin() && ! $this->doing_ajax() )
auth_redirect();
elseif ( $this->doing_ajax() && ! is_user_logged_in())
wp_die( 0 );
send_origin_headers();
$this->original_stylesheet = get_stylesheet();
$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
// You can't preview a theme if it doesn't exist, or if it is not allowed (unless active).
if ( ! $this->theme->exists() )
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
if ( $this->theme->get_stylesheet() != get_stylesheet() && ( ! $this->theme()->is_allowed() || ! current_user_can( 'switch_themes' ) ) )
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
if ( ! current_user_can( 'edit_theme_options' ) )
$this->wp_die( -1, __( 'Cheatin’ uh?' ) );
$this->start_previewing_theme();
show_admin_bar( false );
}
/**
* Start preview and customize theme.
*
* Check if customize query variable exist. Init filters to filter the current theme.
*
* @since 3.4.0
*/
public function setup_theme()
{
global $pagenow;
// Check permissions for customize.php access since this method is called before customize.php can run any code,
if ('customize.php' === $pagenow && !current_user_can('customize')) {
if (!is_user_logged_in()) {
auth_redirect();
} else {
wp_die('<h1>' . __('Cheatin’ uh?') . '</h1>' . '<p>' . __('Sorry, you are not allowed to customize this site.') . '</p>', 403);
}
return;
}
if (!preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid)) {
$this->wp_die(-1, __('Invalid changeset UUID'));
}
/*
* If unauthenticated then require a valid changeset UUID to load the preview.
* In this way, the UUID serves as a secret key. If the messenger channel is present,
* then send unauthenticated code to prompt re-auth.
*/
if (!current_user_can('customize') && !$this->changeset_post_id()) {
$this->wp_die($this->messenger_channel ? 0 : -1, __('Non-existent changeset UUID.'));
}
if (!headers_sent()) {
send_origin_headers();
}
// Hide the admin bar if we're embedded in the customizer iframe.
if ($this->messenger_channel) {
show_admin_bar(false);
}
if ($this->is_theme_active()) {
// Once the theme is loaded, we'll validate it.
add_action('after_setup_theme', array($this, 'after_setup_theme'));
} else {
// If the requested theme is not the active theme and the user doesn't have the
// switch_themes cap, bail.
if (!current_user_can('switch_themes')) {
$this->wp_die(-1, __('Sorry, you are not allowed to edit theme options on this site.'));
}
// If the theme has errors while loading, bail.
if ($this->theme()->errors()) {
$this->wp_die(-1, $this->theme()->errors()->get_error_message());
}
// If the theme isn't allowed per multisite settings, bail.
if (!$this->theme()->is_allowed()) {
$this->wp_die(-1, __('The requested theme does not exist.'));
}
}
/*
* Import theme starter content for fresh installs when landing in the customizer.
* Import starter content at after_setup_theme:100 so that any
* add_theme_support( 'starter-content' ) calls will have been made.
*/
if (get_option('fresh_site') && 'customize.php' === $pagenow) {
add_action('after_setup_theme', array($this, 'import_theme_starter_content'), 100);
}
$this->start_previewing_theme();
}
public static function end($status, $response)
{
$output['status'] = $status;
$output['response'] = $response;
// PHP > 5.3
if (function_exists('header_remove')) {
header_remove('X-Pingback');
}
send_origin_headers();
header('Content-Type: application/json; charset=' . get_option('blog_charset'), true);
$output_json = json_encode($output);
echo $output_json;
die;
}
