/**
* TODO: This seems to be hacky... we should remove it. Entry is set when updating the form using setup_vars()!
* Get the current entry and set it if it's not yet set.
* @return array Gravity Forms entry array
*/
private function get_entry()
{
if (empty($this->entry)) {
// Get the database value of the entry that's being edited
$this->entry = gravityview_get_entry(GravityView_frontend::is_single_entry());
}
return $this->entry;
}
/**
* Handle the deletion request, if $_GET['action'] is set to "delete"
*
* 1. Check referrer validity
* 2. Make sure there's an entry with the slug of $_GET['entry_id']
* 3. If so, attempt to delete the entry. If not, set the error status
* 4. Remove `action=delete` from the URL
* 5. Redirect to the page using `wp_safe_redirect()`
*
* @since 1.5.1
* @uses wp_safe_redirect()
* @return void
*/
function process_delete()
{
// If the form is submitted
if (isset($_GET['action']) && 'delete' === $_GET['action'] && isset($_GET['entry_id'])) {
// Make sure it's a GravityView request
$valid_nonce_key = wp_verify_nonce($_GET['delete'], self::get_nonce_key($_GET['entry_id']));
if (!$valid_nonce_key) {
do_action('gravityview_log_debug', __METHOD__ . ' Delete entry not processed: nonce validation failed.');
return;
}
// Get the entry slug
$entry_slug = esc_attr($_GET['entry_id']);
// See if there's an entry there
$entry = gravityview_get_entry($entry_slug);
if ($entry) {
$has_permission = $this->user_can_delete_entry($entry);
if (is_wp_error($has_permission)) {
$messages = array('message' => urlencode($has_permission->get_error_message()), 'status' => 'error');
} else {
// Delete the entry
$delete_response = $this->delete_or_trash_entry($entry);
if (is_wp_error($delete_response)) {
$messages = array('message' => urlencode($delete_response->get_error_message()), 'status' => 'error');
} else {
$messages = array('status' => $delete_response);
}
}
} else {
do_action('gravityview_log_debug', __METHOD__ . ' Delete entry failed: there was no entry with the entry slug ' . $entry_slug);
$messages = array('message' => urlencode(__('The entry does not exist.', 'gravityview')), 'status' => 'error');
}
$redirect_to_base = esc_url_raw(remove_query_arg(array('action')));
$redirect_to = add_query_arg($messages, $redirect_to_base);
wp_safe_redirect($redirect_to);
exit;
}
// endif action is delete.
}
/**
* Handle adding a note.
*
* Verify the request. If valid, add the note. If AJAX request, send response JSON.
*
* @since 1.17
*
* @var array $data {
* @type string $action "gv_note_add"
* @type string $entry-slug Entry slug or ID to add note to
* @type string $gv_note_add Nonce with action "gv_note_add_{entry slug}" and name "gv_note_add"
* @type string $_wp_http_referer Relative URL to submitting page ('/view/example/entry/123/')
* @type string $gv-note-content Note content
* @type string $add_note Submit button value ('Add Note')
* }
*
* @return void
*/
private function process_add_note($data)
{
$error = false;
$success = false;
if (empty($data['entry-slug'])) {
$error = self::strings('error-invalid');
do_action('gravityview_log_error', __METHOD__ . ': The note is missing an Entry ID.');
} else {
$valid = wp_verify_nonce($data['gv_note_add'], 'gv_note_add_' . $data['entry-slug']);
$has_cap = GVCommon::has_cap('gravityview_add_entry_notes');
if (!$has_cap) {
$error = self::strings('error-cap-add');
do_action('gravityview_log_error', __METHOD__ . ': Adding a note failed: the user does not have the "gravityview_add_entry_notes" capability.');
} elseif ($valid) {
$entry = gravityview_get_entry($data['entry-slug'], true, false);
$added = $this->add_note($entry, $data);
// Error adding note
if (is_wp_error($added)) {
$error = $added->get_error_message();
} else {
// Confirm the note was added, because GF doesn't return note ID on success
$note = GravityView_Entry_Notes::get_note($added);
// Possibly email peeps about this great new note
$this->maybe_send_entry_notes($note, $entry, $data);
if ($note) {
$success = self::display_note($note, !empty($data['show-delete']));
do_action('gravityview_log_debug', __METHOD__ . ': The note was successfully created', compact('note', 'data'));
} else {
$error = self::strings('error-add-note');
do_action('gravityview_log_error', __METHOD__ . ': The note was not successfully created', compact('note', 'data'));
}
}
} else {
$error = self::strings('error-invalid');
do_action('gravityview_log_error', __METHOD__ . ': Nonce validation failed; the note was not created');
}
}
if ($this->doing_ajax) {
if ($success) {
wp_send_json_success(array('html' => $success));
} else {
$error = $error ? $error : self::strings('error-invalid');
wp_send_json_error(array('error' => esc_html($error)));
}
}
}
/**
* Handle the deletion request, if $_GET['action'] is set to "delete"
*
* 1. Check referrer validity
* 2. Make sure there's an entry with the slug of $_GET['entry_id']
* 3. If so, attempt to delete the entry. If not, set the error status
* 4. Remove `action=delete` from the URL
* 5. Redirect to the page using `wp_safe_redirect()`
*
* @since 1.5.1
* @uses wp_safe_redirect()
* @return void
*/
function process_delete()
{
// If the form is submitted
if (RGForms::get("action") === "delete") {
$nonce_key = self::get_nonce_key($_GET['entry_id']);
// Make sure it's a valid request
check_admin_referer($nonce_key, 'delete');
// Get the entry slug
$entry_slug = esc_attr($_GET['entry_id']);
// See if there's an entry there
$entry = gravityview_get_entry($entry_slug);
if ($entry) {
$has_permission = $this->user_can_delete_entry($entry);
if (is_wp_error($has_permission)) {
$messages = array('message' => urlencode($has_permission->get_error_message()), 'status' => 'error');
} else {
// Delete the entry
$delete_response = $this->delete_or_trash_entry($entry['id']);
if (is_wp_error($delete_response)) {
$messages = array('message' => urlencode($delete_response->get_error_message()), 'status' => 'error');
} else {
$messages = array('status' => $delete_response);
}
}
} else {
do_action('gravityview_log_debug', __METHOD__ . ' Delete entry failed: there was no entry with the entry slug ' . $entry_slug);
$messages = array('message' => urlencode(__('The entry does not exist.', 'gravityview')), 'status' => 'error');
}
$redirect_to_base = esc_url_raw(remove_query_arg(array('action')));
$redirect_to = add_query_arg($messages, $redirect_to_base);
wp_safe_redirect($redirect_to);
exit;
}
// endif action is delete.
}