?> ,"<?php echo $val == strip_tags($val) ? $val : addslashes($val); //escape html ?> "); <?php } } $c++; unset($val); unset($col); unset($type); } if ($edit_link) { if (FrmProEntriesHelper::user_can_edit($entry, $form)) { ?> data.setCell(<?php echo $i; ?> ,<?php echo $c; ?> ,'<a href="<?php echo esc_url(add_query_arg(array('frm_action' => 'edit', 'entry' => $entry->id), $permalink) . $anchor); ?> "><?php echo addslashes($edit_link); ?> </a>'); <?php
function user_can_edit($entry, $form = false) { _deprecated_function(__FUNCTION__, '1.07.05', 'FrmProEntriesHelper::user_can_edit'); return FrmProEntriesHelper::user_can_edit($entry, $form); }
public static function update_field_ajax() { //check_ajax_referer( 'frm_ajax', 'nonce' ); $entry_id = FrmAppHelper::get_param('entry_id', 0, 'post', 'absint'); $field_id = FrmAppHelper::get_param('field_id', 0, 'post', 'sanitize_title'); $value = FrmAppHelper::get_param('value'); FrmField::maybe_get_field($field_id); if ($field_id && FrmProEntriesHelper::user_can_edit($entry_id, $field_id->form_id)) { $updated = FrmProEntryMeta::update_single_field(compact('entry_id', 'field_id', 'value')); echo $updated; } wp_die(); }
</dh> <?php } foreach ($atts['form_cols'] as $col) { ?> <td valign="top"> <?php echo FrmEntriesHelper::display_value(isset($entry->metas[$col->id]) ? $entry->metas[$col->id] : false, $col, array('type' => $col->type, 'post_id' => $entry->post_id, 'entry_id' => $entry->id)); ?> </td> <?php } if ($atts['edit_link']) { ?> <td><?php if (FrmProEntriesHelper::user_can_edit($entry, $atts['form'])) { ?> <a href="<?php echo esc_url(add_query_arg(array('frm_action' => 'edit', 'entry' => $entry->id), $atts['permalink']) . $atts['anchor']); ?> "><?php echo $atts['edit_link']; ?> </a><?php } ?> </td> <?php } if ($atts['delete_link']) { ?>
public static function update_field_ajax() { $entry_id = FrmAppHelper::get_param('entry_id'); $field_id = FrmAppHelper::get_param('field_id'); $value = FrmAppHelper::get_param('value'); global $wpdb, $frm_field, $frm_entry_meta; $entry_id = (int) $entry_id; if (!$entry_id) { die; } $where = $wpdb->prepare(is_numeric($field_id) ? "fi.id=%d" : "field_key=%s", $field_id); $field = $frm_field->getAll($where, '', ' LIMIT 1'); if (!$field || !FrmProEntriesHelper::user_can_edit($entry_id, $field->form_id)) { die; } $post_id = false; if (isset($field->field_options['post_field']) && !empty($field->field_options['post_field'])) { $post_id = $wpdb->get_var($wpdb->prepare("SELECT post_id FROM {$wpdb->prefix}frm_items WHERE id=%d", $entry_id)); } $updated = false; if (!$post_id) { $updated = $frm_entry_meta->update_entry_meta($entry_id, $field_id, $meta_key = null, $value); if (!$updated) { $wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->prefix}frm_item_metas WHERE item_id = %d and field_id = %d", $entry_id, $field_id)); $updated = $frm_entry_meta->add_entry_meta($entry_id, $field_id, '', $value); } wp_cache_delete($entry_id, 'frm_entry'); } else { switch ($field->field_options['post_field']) { case 'post_custom': $updated = update_post_meta($post_id, $field->field_options['custom_field'], maybe_serialize($value)); break; case 'post_category': $taxonomy = (isset($field->field_options['taxonomy']) and !empty($field->field_options['taxonomy'])) ? $field->field_options['taxonomy'] : 'category'; $updated = wp_set_post_terms($post_id, $value, $taxonomy); break; default: $post = get_post($post_id, ARRAY_A); $post[$field->field_options['post_field']] = maybe_serialize($value); $updated = wp_insert_post($post); break; } } if ($updated) { // set updated_at time $wpdb->update($wpdb->prefix . 'frm_items', array('updated_at' => current_time('mysql', 1), 'updated_by' => get_current_user_id()), array('id' => $entry_id)); } do_action('frm_after_update_field', compact('entry_id', 'field_id', 'value')); die($updated); }