public static function set_post_fields($field, $value, $errors = null) { $field->field_options = maybe_unserialize($field->field_options); if (!isset($field->field_options['post_field']) || $field->field_options['post_field'] == '') { if (isset($errors)) { return $errors; } return; } if ($field->type == 'file') { global $frm_vars; if (!isset($frm_vars['media_id'])) { $frm_vars['media_id'] = array(); } $frm_vars['media_id'][$field->id] = $value; } global $frmpro_settings; if ($value && !empty($value) && isset($field->field_options['unique']) && $field->field_options['unique']) { global $frmdb; $entry_id = isset($_POST) && isset($_POST['id']) ? $_POST['id'] : false; $post_id = $entry_id ? $frmdb->get_var($frmdb->entries, array('id' => $entry_id), 'post_id') : false; if (isset($errors) && FrmProEntryMetaHelper::post_value_exists($field->field_options['post_field'], $value, $post_id, $field->field_options['custom_field'])) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'unique_msg'); } unset($entry_id); unset($post_id); } if ($field->field_options['post_field'] == 'post_custom') { if ($field->type == 'date' and !preg_match('/^\\d{4}-\\d{2}-\\d{2}/', trim($value))) { $value = FrmProAppHelper::convert_date($value, $frmpro_settings->date_format, 'Y-m-d'); } $_POST['frm_wp_post_custom'][$field->id . '=' . $field->field_options['custom_field']] = $value; if (isset($errors)) { return $errors; } return; } if ($field->field_options['post_field'] == 'post_date') { if (!preg_match('/^\\d{4}-\\d{2}-\\d{2}/', trim($value))) { $value = FrmProAppHelper::convert_date($value, $frmpro_settings->date_format, 'Y-m-d H:i:s'); } } else { if ($field->type != 'tag' && $field->field_options['post_field'] == 'post_category') { $value = (array) $value; // change text to numeric ids if (defined('WP_IMPORTING')) { foreach ($value as $k => $val) { if (empty($val)) { continue; } $term = term_exists($val, $field->field_options['taxonomy']); if ($term) { $value[$k] = is_array($term) ? $term['term_id'] : $term; } unset($k, $val, $term); } } if (isset($field->field_options['taxonomy']) && $field->field_options['taxonomy'] != 'category') { $new_value = array(); foreach ($value as $val) { if ($val == 0) { continue; } $term = get_term($val, $field->field_options['taxonomy']); if (!isset($term->errors)) { $new_value[$val] = $term->name; } else { $new_value[$val] = $val; } unset($term); } if (!isset($_POST['frm_tax_input'])) { $_POST['frm_tax_input'] = array(); } if (isset($_POST['frm_tax_input'][$field->field_options['taxonomy']])) { foreach ($new_value as $new_key => $new_name) { $_POST['frm_tax_input'][$field->field_options['taxonomy']][$new_key] = $new_name; } } else { $_POST['frm_tax_input'][$field->field_options['taxonomy']] = $new_value; } } else { $_POST['frm_wp_post'][$field->id . '=' . $field->field_options['post_field']] = $value; } } else { if ($field->type == 'tag' && $field->field_options['post_field'] == 'post_category') { $value = trim($value); $value = array_map('trim', explode(',', $value)); $tax_type = isset($field->field_options['taxonomy']) && !empty($field->field_options['taxonomy']) ? $field->field_options['taxonomy'] : 'frm_tag'; if (!isset($_POST['frm_tax_input'])) { $_POST['frm_tax_input'] = array(); } if (is_taxonomy_hierarchical($tax_type)) { //create the term or check to see if it exists $terms = array(); foreach ($value as $v) { $term_id = term_exists($v, $tax_type); if (!$term_id) { $term_id = wp_insert_term($v, $tax_type); } if ($term_id && is_array($term_id)) { $term_id = $term_id['term_id']; } if (is_numeric($term_id)) { $terms[$term_id] = $v; } unset($term_id); unset($v); } $value = $terms; unset($terms); } if (!isset($_POST['frm_tax_input'][$tax_type])) { $_POST['frm_tax_input'][$tax_type] = (array) $value; } else { $_POST['frm_tax_input'][$tax_type] += (array) $value; } } } } if ($field->field_options['post_field'] != 'post_category') { $_POST['frm_wp_post'][$field->id . '=' . $field->field_options['post_field']] = $value; } if (isset($errors)) { return $errors; } }
function validate($errors, $field) { if ($field->type == 'user_id') { // make sure we have a user ID if (!is_numeric($_POST['item_meta'][$field->id])) { $_POST['item_meta'][$field->id] = FrmProAppHelper::get_user_id_param($_POST['item_meta'][$field->id]); } //add user id to post variables to be saved with entry $_POST['frm_user_id'] = $_POST['item_meta'][$field->id]; } else { if ($field->type == 'time' and is_array($_POST['item_meta'][$field->id])) { $_POST['item_meta'][$field->id] = $value = $_POST['item_meta'][$field->id]['H'] . ':' . $_POST['item_meta'][$field->id]['m'] . (isset($_POST['item_meta'][$field->id]['A']) ? ' ' . $_POST['item_meta'][$field->id]['A'] : ''); } } // don't validate if going backwards if (FrmProFormsHelper::going_to_prev($field->form_id)) { return array(); } // clear any existing errors if draft if (FrmProFormsHelper::saving_draft($field->form_id) && isset($errors['field' . $field->id])) { unset($errors['field' . $field->id]); } //if the field is a file upload, check for a file if ($field->type == 'file' && isset($_FILES['file' . $field->id]) && !empty($_FILES['file' . $field->id]['name'])) { $filled = true; if (is_array($_FILES['file' . $field->id]['name'])) { $filled = false; foreach ($_FILES['file' . $field->id]['name'] as $n) { if (!empty($n)) { $filled = true; } } } if ($filled) { if (isset($errors['field' . $field->id])) { unset($errors['field' . $field->id]); } if (isset($field->field_options['restrict']) && $field->field_options['restrict'] && isset($field->field_options['ftypes']) && !empty($field->field_options['ftypes'])) { $mimes = $field->field_options['ftypes']; } else { $mimes = null; } //check allowed mime types for this field if (is_array($_FILES['file' . $field->id]['name'])) { foreach ($_FILES['file' . $field->id]['name'] as $name) { if (empty($name)) { continue; } $file_type = wp_check_filetype($name, $mimes); unset($name); if (!$file_type['ext']) { break; } } } else { $file_type = wp_check_filetype($_FILES['file' . $field->id]['name'], $mimes); } if (isset($file_type) && !$file_type['ext']) { $errors['field' . $field->id] = $field->field_options['invalid'] == __('This field is invalid', 'formidable') || $field->field_options['invalid'] == '' || $field->field_options['invalid'] == $field->name . ' ' . __('is invalid', 'formidable') ? __('Sorry, this file type is not permitted for security reasons.', 'formidable') : $field->field_options['invalid']; } unset($file_type); } unset($filled); } // if saving draft, only check file type since it won't be checked later if (FrmProFormsHelper::saving_draft($field->form_id)) { return $errors; } if (in_array($field->type, array('break', 'html', 'divider'))) { $hidden = FrmProFieldsHelper::is_field_hidden($field, stripslashes_deep($_POST)); global $frm_hidden_break, $frm_hidden_divider; if ($field->type == 'break') { $frm_hidden_break = array('field_order' => $field->field_order, 'hidden' => $hidden); } else { if ($field->type == 'divider') { $frm_hidden_divider = array('field_order' => $field->field_order, 'hidden' => $hidden); } } if (isset($errors['field' . $field->id])) { unset($errors['field' . $field->id]); } } $value = $_POST['item_meta'][$field->id]; if (($field->type != 'tag' and $value == 0 or $field->type == 'tag' and $value == '') and isset($field->field_options['post_field']) and $field->field_options['post_field'] == 'post_category' and $field->required == '1') { global $frm_settings; $errors['field' . $field->id] = (!isset($field->field_options['blank']) or $field->field_options['blank'] == '' or $field->field_options['blank'] == 'Untitled cannot be blank') ? $frm_settings->blank_msg : $field->field_options['blank']; } //Don't require fields hidden with shortcode fields="25,26,27" global $frm_vars; if (isset($frm_vars['show_fields']) and !empty($frm_vars['show_fields']) and is_array($frm_vars['show_fields']) and $field->required == '1' and isset($errors['field' . $field->id]) and !in_array($field->id, $frm_vars['show_fields']) and !in_array($field->field_key, $frm_vars['show_fields'])) { unset($errors['field' . $field->id]); $_POST['item_meta'][$field->id] = $value = ''; } //Don't require a conditionally hidden field if (isset($field->field_options['hide_field']) and !empty($field->field_options['hide_field'])) { if (FrmProFieldsHelper::is_field_hidden($field, stripslashes_deep($_POST))) { if (isset($errors['field' . $field->id])) { unset($errors['field' . $field->id]); } $_POST['item_meta'][$field->id] = $value = ''; } } //Don't require a field hidden in a conditional page or section heading if (isset($errors['field' . $field->id]) or $_POST['item_meta'][$field->id] != '') { global $frm_hidden_break, $frm_hidden_divider; if ($frm_hidden_break and $frm_hidden_break['hidden'] or $frm_hidden_divider and $frm_hidden_divider['hidden'] and (!$frm_hidden_break or $frm_hidden_break['field_order'] < $frm_hidden_divider['field_order'])) { if (isset($errors['field' . $field->id])) { unset($errors['field' . $field->id]); } $_POST['item_meta'][$field->id] = $value = ''; } } //make sure the [auto_id] is still unique if (!empty($field->default_value) and !is_array($field->default_value) and !empty($value) and is_numeric($value) and strpos($field->default_value, '[auto_id') !== false) { //make sure we are not editing if (isset($_POST) and !isset($_POST['id']) or !is_numeric($_POST['id'])) { $_POST['item_meta'][$field->id] = $value = FrmProFieldsHelper::get_default_value($field->default_value, $field); } } //check uniqueness if ($value and !empty($value) and isset($field->field_options['unique']) and $field->field_options['unique']) { $entry_id = (isset($_POST) and isset($_POST['id'])) ? $_POST['id'] : false; if ($field->type == 'time') { //TODO: add server-side validation for unique date-time } else { if ($field->type == 'date') { global $frmpro_settings; $old_value = $value; if (!preg_match('/^\\d{4}-\\d{2}-\\d{2}$/', trim($value))) { $value = FrmProAppHelper::convert_date($value, $frmpro_settings->date_format, 'Y-m-d'); } if (FrmProEntryMetaHelper::value_exists($field->id, $value, $entry_id)) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'unique_msg'); } $value = $old_value; } else { if (FrmProEntryMetaHelper::value_exists($field->id, $value, $entry_id)) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'unique_msg'); } } } unset($entry_id); } // validate number settings if ('number' == $field->type && $value != '') { global $frm_settings; // only check if options are available in settings if ($frm_settings->use_html && isset($field->field_options['minnum']) && isset($field->field_options['maxnum'])) { //minnum maxnum if ((double) $value < $field->field_options['minnum']) { $errors['field' . $field->id] = __('Please select a higher number', 'formidable'); } else { if ((double) $value > $field->field_options['maxnum']) { $errors['field' . $field->id] = __('Please select a lower number', 'formidable'); } } } } if (!empty($value) and ($field->type == 'website' or $field->type == 'url' or $field->type == 'image')) { if (trim($value) == 'http://') { $_POST['item_meta'][$field->id] = $value = ''; } else { $value = esc_url_raw($value); $_POST['item_meta'][$field->id] = $value = preg_match('/^(https?|ftps?|mailto|news|feed|telnet):/is', $value) ? $value : 'http://' . $value; } } $errors = FrmProEntryMetaHelper::set_post_fields($field, $value, $errors); if (!FrmProFieldsHelper::is_field_visible_to_user($field)) { //don't validate admin only fields that can't be seen unset($errors['field' . $field->id]); return $errors; } if (false and isset($field->field_options['use_calc']) and !empty($field->field_options['use_calc']) and !empty($field->field_options['calc'])) { $field->field_options['calc'] = trim($field->field_options['calc']); preg_match_all("/\\[(.*?)\\]/s", $field->field_options['calc'], $calc_matches, PREG_PATTERN_ORDER); if (isset($calc_matches[1])) { foreach ($calc_matches[1] as $c) { if (is_numeric($c)) { $c_id = $c; } else { global $frm_field; $c_field = $frm_field->getOne($c); if (!$c_field) { $field->field_options['calc'] = str_replace('[' . $c . ']', 0, $field->field_options['calc']); continue; } $c_id = $c_field->id; unset($c_field); } $c_val = trim($_POST['item_meta'][$c_id]); if (!is_numeric($c_val)) { preg_match_all('/[0-9,]*\\.?[0-9]+/', $c_val, $c_matches); $c_val = $c_matches ? end($c_matches[0]) : 0; unset($c_matches); } if ($c_val == '') { $c_val = 0; } $field->field_options['calc'] = str_replace('[' . $c . ']', $c_val, $field->field_options['calc']); unset($c); unset($c_id); } include FrmAppHelper::plugin_path() . '/pro/classes/helpers/FrmProMathHelper.php'; $m = new EvalMath(); if (strpos($field->field_options['calc'], ').toFixed(')) { $field->field_options['calc'] = str_replace(').toFixed(2', '', $field->field_options['calc']); $round = 2; } $result = $m->evaluate(str_replace('Math.', '', '(' . $field->field_options['calc'] . ')')); if (isset($round) and $round) { $result = sprintf('%.' . $round . 'f', $result); } unset($m); $_POST['item_meta'][$field->id] = $value = $result; unset($result); } unset($calc_matches); } //Don't validate the format if field is blank if ($value == '' or is_array($value)) { return $errors; } $value = trim($value); //validate the format if ($field->type == 'number' and !is_numeric($value) or $field->type == 'email' and !is_email($value) or ($field->type == 'website' or $field->type == 'url' or $field->type == 'image') and !preg_match('/^http(s)?:\\/\\/([\\da-z\\.-]+)\\.([\\da-z\\.-]+)/i', $value)) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'invalid'); } if ($field->type == 'phone') { $pattern = (isset($field->field_options['format']) and !empty($field->field_options['format'])) ? $field->field_options['format'] : '^((\\+\\d{1,3}(-|.| )?\\(?\\d\\)?(-| |.)?\\d{1,5})|(\\(?\\d{2,6}\\)?))(-|.| )?(\\d{3,4})(-|.| )?(\\d{4})(( x| ext)\\d{1,5}){0,1}$'; $pattern = apply_filters('frm_phone_pattern', $pattern, $field); //check if format is already a regular expression if (strpos($pattern, '^') !== 0) { //if not, create a regular expression $pattern = preg_replace('/\\d/', '\\d', preg_quote($pattern)); $pattern = '/^' . $pattern . '$/'; } else { $pattern = '/' . $pattern . '/'; } if (!preg_match($pattern, $value)) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'invalid'); } unset($pattern); } if ($field->type == 'date') { if (!preg_match('/^\\d{4}-\\d{2}-\\d{2}$/', $value)) { global $frmpro_settings; $formated_date = FrmProAppHelper::convert_date($value, $frmpro_settings->date_format, 'Y-m-d'); //check format before converting if ($value != date($frmpro_settings->date_format, strtotime($formated_date))) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'invalid'); } $value = $formated_date; unset($formated_date); } $date = explode('-', $value); if (count($date) != 3 or !checkdate((int) $date[1], (int) $date[2], (int) $date[0])) { $errors['field' . $field->id] = FrmProFieldsHelper::get_error_msg($field, 'invalid'); } } return $errors; }