/**
*
*/
function pods_deploy_handler()
{
if (pods_v_sanitized('pods-deploy-submit', 'post')) {
if (!pods_deploy_dependency_check()) {
return;
}
$remote_url = pods_v_sanitized('remote-url', 'post', false, true);
$private_key = pods_v_sanitized('private-key', 'post');
$public_key = pods_v_sanitized('public-key', 'post');
if ($remote_url && $private_key && $public_key) {
Pods_Deploy_Auth::save_local_keys($private_key, $public_key);
pods_deploy($remote_url, $private_key, $public_key);
} else {
_e('Keys and URL for remote site not set', 'pods-deploy');
pods_error(var_dump(array($remote_url, $private_key, $public_key)));
}
} elseif (pods_v_sanitized('pods-deploy-key-gen-submit', 'post')) {
$activate = pods_v_sanitized('allow-deploy', 'post');
if ($activate) {
Pods_Deploy_Auth::allow_deploy();
Pods_Deploy_Auth::generate_keys();
include 'ui/main.php';
} else {
Pods_Deploy_Auth::revoke_keys();
}
include_once 'ui/main.php';
} else {
include_once 'ui/main.php';
}
}
/**
* Handles UI output and form processing
*
* @since 0.4.0
*/
function deploy_handler()
{
if (pods_v_sanitized('pods-deploy-submit', 'post')) {
if (!pods_deploy_dependency_check()) {
return;
}
if (!($nonce = pods_v_sanitized('_wpnonce', $_REQUEST)) || !wp_verify_nonce($nonce, 'pods-deploy')) {
pods_error(__('Bad nonce.', 'pods-deploy'));
}
$remote_url = pods_v_sanitized('remote-url', 'post', false, true);
$private_key = pods_v_sanitized('private-key', 'post');
$public_key = pods_v_sanitized('public-key', 'post');
if ($remote_url && $private_key && $public_key) {
Pods_Deploy_Auth::save_local_keys($private_key, $public_key);
update_option(self::$remote_url_key, $remote_url);
$params = array('remote_url' => $remote_url, 'private_key' => $private_key, 'public_key' => $public_key);
$pod_types = $this->pod_types();
foreach ($pod_types as $type => $type_names) {
$type_sanitized = $this->type_sanitize($type, $type_names);
if (!empty($type_sanitized)) {
$params['deploy_types'][$type] = $type_sanitized;
}
}
/**
* Filter which Pods to deploy.
*
* @param array $Pods Name of Pods to be deployed.
* @param array $params Full params array.
*
* @return array $Pods
*
* @since 0.5.0
*/
$params['deploy_types'] = apply_filters('pods_deploy_pods_to_deploy', $params['deploy_types'], $params);
if (!pods_v_sanitized('deploy-components', 'post')) {
$params['components'] = false;
} else {
$params['components'] = true;
}
pods_deploy($params);
} else {
_e('Keys and URL for remote site not set', 'pods-deploy');
pods_error(var_dump(array($remote_url, $private_key, $public_key)));
}
} elseif (pods_v_sanitized('pods-deploy-key-gen-submit', 'post')) {
$activate = pods_v_sanitized('allow-deploy', 'post');
if ($activate) {
Pods_Deploy_Auth::allow_deploy();
Pods_Deploy_Auth::generate_keys();
} else {
Pods_Deploy_Auth::revoke_keys();
}
$this->include_view();
} else {
$this->include_view();
}
}
function slug_num_not_zero($pieces, $is_new_item)
{
//get the value of the 'number_of_frogs' field into $num
$num = $pieces['fields']['number_of_frogs']['value'];
//if $num is greater than 0 return, which updates post.
if ($num > 0) {
return $pieces;
} else {
//if not throw an error.
pods_error('You shall not pass!');
}
}
public function admin_ajax_settings($component, $params)
{
if (!isset($this->components[$component])) {
wp_die('Invalid Component');
} elseif (!method_exists($this->components[$component]['object'], 'options')) {
pods_error('Component options method does not exist', $this);
}
$options = $this->components[$component]['object']->options($this->settings['components'][$component]);
if (empty($this->settings['components'][$component])) {
$this->settings['components'][$component] = array();
}
foreach ($options as $field_name => $field_option) {
$field_option = PodsForm::field_setup($field_option, null, $field_option['type']);
if (!is_array($field_option['group'])) {
$field_value = pods_var_raw('pods_setting_' . $field_name, $params);
$this->settings['components'][$component][$field_name] = $field_value;
} else {
foreach ($field_option['group'] as $field_group_name => $field_group_option) {
$field_value = pods_var_raw('pods_setting_' . $field_group_name, $params);
$this->settings['components'][$component][$field_group_name] = $field_value;
}
}
}
$settings = version_compare(PHP_VERSION, '5.4.0', '>=') ? json_encode($this->settings, JSON_UNESCAPED_UNICODE) : json_encode($this->settings);
update_option('pods_component_settings', $settings);
return '1';
}
/**
* Process a Pod-based form
*
* @param mixed $params
* @param object $obj Pod object
* @param array $fields Fields being submitted in form ( key => settings )
* @param string $thank_you URL to send to upon success
*
* @return mixed
*
* @since 2.0
*/
public function process_form($params, $obj = null, $fields = null, $thank_you = null)
{
$this->display_errors = false;
$form = null;
$nonce = pods_var('_pods_nonce', $params);
$pod = pods_var('_pods_pod', $params);
$id = pods_var('_pods_id', $params);
$uri = pods_var('_pods_uri', $params);
$form = pods_var('_pods_form', $params);
$location = pods_var('_pods_location', $params);
if (is_object($obj)) {
$pod = $obj->pod;
$id = $obj->id();
}
if (!empty($fields)) {
$fields = array_keys($fields);
$form = implode(',', $fields);
} else {
$fields = explode(',', $form);
}
if (empty($nonce) || empty($pod) || empty($uri) || empty($fields)) {
return pods_error(__('Invalid submission', 'pods'), $this);
}
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$field_hash = wp_create_nonce('pods_fields_' . $form);
$action = 'pods_form_' . $pod . '_' . $uid . '_' . $id . '_' . $uri . '_' . $field_hash;
if (empty($uid)) {
return pods_error(__('Access denied for your session, please refresh and try again.', 'pods'), $this);
}
if (false === wp_verify_nonce($nonce, $action)) {
return pods_error(__('Access denied, please refresh and try again.', 'pods'), $this);
}
$data = array();
foreach ($fields as $field) {
$data[$field] = pods_var_raw('pods_field_' . $field, $params, '');
}
$params = array('pod' => $pod, 'id' => $id, 'data' => $data, 'from' => 'process_form', 'location' => $location);
$id = $this->save_pod_item($params);
if (0 < $id && !empty($thank_you)) {
$thank_you = str_replace('X_ID_X', $id, $thank_you);
pods_redirect($thank_you);
}
return $id;
}
/**
* Handle ajax calls for the administration
*/
public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
// Fixup $_POST data
$_POST[str_replace('_podsfix_', '', $key)] = $_POST[$key];
// Fixup $params with unslashed data
$params[str_replace('_podsfix_', '', $key)] = $value;
// Unset the _podsfix_* keys
unset($params[$key]);
}
$params = (object) $params;
$methods = array('add_pod' => array('priv' => true), 'save_pod' => array('priv' => true), 'load_sister_fields' => array('priv' => true), 'process_form' => array('custom_nonce' => true), 'upgrade' => array('priv' => true), 'migrate' => array('priv' => true));
$methods = apply_filters('pods_admin_ajax_methods', $methods, $this);
if (!isset($params->method) || !isset($methods[$params->method])) {
pods_error('Invalid AJAX request', $this);
}
$defaults = array('priv' => null, 'name' => $params->method, 'custom_nonce' => null);
$method = (object) array_merge($defaults, (array) $methods[$params->method]);
if (true !== $method->custom_nonce && (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-' . $params->method))) {
pods_error(__('Unauthorized request', 'pods'), $this);
}
// Cleaning up $params
unset($params->action);
unset($params->method);
if (true !== $method->custom_nonce) {
unset($params->_wpnonce);
}
// Check permissions (convert to array to support multiple)
if (!empty($method->priv) && !pods_is_admin(array('pods')) && true !== $method->priv && !pods_is_admin($method->priv)) {
pods_error(__('Access denied', 'pods'), $this);
}
$params->method = $method->name;
$params = apply_filters('pods_api_' . $method->name, $params, $method);
$api = pods_api();
if ('upgrade' == $method->name) {
$output = (string) pods_upgrade($params->version)->ajax($params);
} elseif ('migrate' == $method->name) {
$output = (string) apply_filters('pods_api_migrate_run', $params);
} else {
if (!method_exists($api, $method->name)) {
pods_error('API method does not exist', $this);
} elseif ('save_pod' == $method->name) {
if (isset($params->field_data_json) && is_array($params->field_data_json)) {
$params->fields = $params->field_data_json;
unset($params->field_data_json);
foreach ($params->fields as $k => $v) {
if (empty($v)) {
unset($params->fields[$k]);
} elseif (!is_array($v)) {
$params->fields[$k] = (array) @json_decode($v, true);
}
}
}
}
// Dynamically call the API method
$params = (array) $params;
$output = call_user_func(array($api, $method->name), $params);
}
// Output in json format
if (false !== $output) {
if (is_array($output) || is_object($output)) {
wp_send_json($output);
} else {
echo $output;
}
} else {
pods_error('There was a problem with your request.');
}
die;
// KBAI!
}
/**
* Handle autocomplete AJAX
*
* @since 2.3
*/
public function admin_ajax_relationship()
{
pods_session_start();
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_relationship_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$api = pods_api();
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field, 'table_info' => true));
$id = (int) $params->id;
$limit = 15;
if (isset($params->limit)) {
$limit = (int) $params->limit;
}
$page = 1;
if (isset($params->page)) {
$page = (int) $params->page;
}
if (!isset($params->query) || strlen(trim($params->query)) < 1) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif ('pick' != $field['type'] || empty($field['table_info'])) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('single' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_single', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('multi' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_multi', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
$object_params = array('name' => $field['name'], 'value' => null, 'options' => array_merge($field, $field['options']), 'pod' => $pod, 'id' => $id, 'context' => 'admin_ajax_relationship', 'data_params' => $params, 'page' => $page, 'limit' => $limit);
$pick_data = apply_filters('pods_field_pick_data_ajax', null, $field['name'], null, $field, $pod, $id);
if (null !== $pick_data) {
$items = $pick_data;
} else {
$items = $this->get_object_data($object_params);
}
if (!empty($items) && isset($items[0]) && !is_array($items[0])) {
$new_items = array();
foreach ($items as $id => $text) {
$new_items[] = array('id' => $id, 'text' => $text, 'image' => '');
}
$items = $new_items;
}
$items = apply_filters('pods_field_pick_data_ajax_items', $items, $field['name'], null, $field, $pod, $id);
$items = array('results' => $items);
wp_send_json($items);
die;
// KBAI!
}
/**
* @param $approved
* @param $commentdata
*/
public function validate_comment($approved, $commentdata)
{
$groups = $this->groups_get('comment', 'comment');
if (empty($groups)) {
return $approved;
}
$data = array();
$pod = null;
$id = null;
foreach ($groups as $group) {
if (empty($group['fields'])) {
continue;
}
if (null === $pod) {
$pod = pods($group['pod']['name'], $id, true);
}
foreach ($group['fields'] as $field) {
if (false === PodsForm::permission($field['type'], $field['name'], $field, $group['fields'], $pod, $id)) {
if (!pods_var('hidden', $field['options'], false, null, true)) {
continue;
}
}
$data[$field['name']] = '';
if (isset($_POST['pods_meta_' . $field['name']])) {
$data[$field['name']] = $_POST['pods_meta_' . $field['name']];
}
$validate = pods_api()->handle_field_validation($data[$field['name']], $field['name'], pods_api()->get_wp_object_fields('comment'), $pod->fields(), $pod, array());
if (false === $validate) {
$validate = sprintf(__('There was an issue validating the field %s', 'pods'), $field['label']);
}
if (!is_bool($validate) && !empty($validate)) {
return pods_error($validate, $this);
}
}
}
return $approved;
}
/**
* @param $params
*
* @return mixed|string|void
*/
public function migrate_pod($params)
{
/**
* @var $wpdb WPDB
*/
global $wpdb;
if (!isset($params->pod)) {
return pods_error(__('Invalid Pod.', 'pods'));
}
$pod = pods_sanitize(pods_clean_name($params->pod));
if (!in_array("{$wpdb->prefix}pod_tbl_{$pod}", $this->tables)) {
return pods_error(__('Table not found, items cannot be migrated', 'pods'));
}
if (!in_array("{$wpdb->prefix}pods_{$pod}", $this->tables)) {
return pods_error(__('New table not found, items cannot be migrated', 'pods'));
}
if (!in_array("{$wpdb->prefix}pod_types", $this->tables)) {
return pods_error(__('Pod Types table not found, items cannot be migrated', 'pods'));
}
if (!in_array("{$wpdb->prefix}pod", $this->tables)) {
return pods_error(__('Pod table not found, items cannot be migrated', 'pods'));
}
if (true === $this->check_progress(__FUNCTION__, $pod)) {
return '1';
}
$pod_data = $this->api->load_pod(array('name' => $pod), false);
if (empty($pod_data)) {
return pods_error(sprintf(__('Pod <strong>%s</strong> not found, items cannot be migrated', 'pods'), $pod));
}
$columns = array();
$old_columns = array();
foreach ($pod_data['fields'] as $field) {
if (!in_array($field['name'], array('created', 'modified', 'author')) && !in_array($field['type'], array('file', 'pick'))) {
$columns[] = pods_sanitize($field['name']);
$old_columns[] = pods_var('_pods_1x_field_name', $field['options'], $field['name'], null, false);
}
}
$into = '`id`';
$select = '`t`.`id`';
if (!empty($columns)) {
$into .= ', `' . implode('`, `', $columns) . '`';
$select .= ', `t`.`' . implode('`, `t`.`', $old_columns) . '`';
}
// Copy content from the old table into the new
$sql = "\n REPLACE INTO `@wp_pods_{$pod}`\n ( {$into} )\n ( SELECT {$select}\n FROM `@wp_pod_tbl_{$pod}` AS `t` )\n ";
pods_query($sql);
// Copy index data from the old index table into the new individual table
$sql = "\n UPDATE `@wp_pods_{$pod}` AS `t`\n LEFT JOIN `@wp_pod_types` AS `x` ON `x`.`name` = '{$pod}'\n LEFT JOIN `@wp_pod` AS `p` ON `p`.`datatype` = `x`.`id` AND `p`.`tbl_row_id` = `t`.`id`\n SET `t`.`created` = `p`.`created`, `t`.`modified` = `p`.`modified`\n WHERE `x`.`id` IS NOT NULL AND `p`.`id` IS NOT NULL\n ";
pods_query($sql);
// Copy name data from the old index table into the new individual table (if name empty in indiv table)
$sql = "\n UPDATE `@wp_pods_{$pod}` AS `t`\n LEFT JOIN `@wp_pod_types` AS `x` ON `x`.`name` = '{$pod}'\n LEFT JOIN `@wp_pod` AS `p` ON `p`.`datatype` = `x`.`id` AND `p`.`tbl_row_id` = `t`.`id`\n SET `t`.`name` = `p`.`name`\n WHERE ( `t`.`name` IS NULL OR `t`.`name` = '' ) AND `x`.`id` IS NOT NULL AND `p`.`id` IS NOT NULL\n ";
pods_query($sql);
$this->update_progress(__FUNCTION__, true, $pod);
return '1';
}
/**
* @static
*
* Do a query on the database
*
* @param string|array $sql The SQL to execute
* @param string $error Error to throw on problems
* @param null $results_error (optional)
* @param null $no_results_error (optional)
*
* @return array|bool|mixed|null|void Result of the query
*
* @since 2.0
*/
public static function query($sql, $error = 'Database Error', $results_error = null, $no_results_error = null)
{
/**
* @var $wpdb wpdb
*/
global $wpdb;
if ($wpdb->show_errors) {
self::$display_errors = true;
}
$display_errors = self::$display_errors;
if (is_object($error)) {
if (isset($error->display_errors) && false === $error->display_errors) {
$display_errors = false;
}
$error = 'Database Error';
} elseif (is_bool($error)) {
$display_errors = $error;
if (false !== $error) {
$error = 'Database Error';
}
}
$params = (object) array('sql' => $sql, 'error' => $error, 'results_error' => $results_error, 'no_results_error' => $no_results_error, 'display_errors' => $display_errors);
// Handle Preparations of Values (sprintf format)
if (is_array($sql)) {
if (isset($sql[0]) && 1 < count($sql)) {
if (2 == count($sql)) {
if (!is_array($sql[1])) {
$sql[1] = array($sql[1]);
}
$params->sql = self::prepare($sql[0], $sql[1]);
} elseif (3 == count($sql)) {
$params->sql = self::prepare($sql[0], array($sql[1], $sql[2]));
} else {
$params->sql = self::prepare($sql[0], array($sql[1], $sql[2], $sql[3]));
}
} else {
$params = array_merge($params, $sql);
}
if (1 == pods_var('pods_debug_sql_all', 'get', 0) && pods_is_admin(array('pods'))) {
echo '<textarea cols="100" rows="24">' . str_replace(array('@wp_users', '@wp_'), array($wpdb->users, $wpdb->prefix), $params->sql) . '</textarea>';
}
}
$params->sql = trim($params->sql);
// Run Query
$params->sql = self::do_hook('query', $params->sql, $params);
$result = $wpdb->query($params->sql);
$result = self::do_hook('query_result', $result, $params);
if (false === $result && !empty($params->error) && !empty($wpdb->last_error)) {
return pods_error("{$params->error}; SQL: {$params->sql}; Response: {$wpdb->last_error}", $params->display_errors);
}
if ('INSERT' == strtoupper(substr($params->sql, 0, 6)) || 'REPLACE' == strtoupper(substr($params->sql, 0, 7))) {
$result = $wpdb->insert_id;
} elseif (preg_match('/^[\\s\\r\\n\\(]*SELECT/', strtoupper($params->sql))) {
$result = (array) $wpdb->last_result;
if (!empty($result) && !empty($params->results_error)) {
return pods_error($params->results_error, $params->display_errors);
} elseif (empty($result) && !empty($params->no_results_error)) {
return pods_error($params->no_results_error, $params->display_errors);
}
}
return $result;
}
/**
* Save export to a file
*/
public function save()
{
$extension = 'txt';
if ('sv' == $this->type) {
if (',' == $this->delimiter) {
$extension = 'csv';
} elseif ("\t" == $this->delimiter) {
$extension = 'tsv';
}
} else {
$extension = $this->type;
}
$export_file = 'pods_export_' . wp_create_nonce(date_i18n('m-d-Y_h-i-sa')) . '.' . $extension;
if (!(($uploads = wp_upload_dir(current_time('mysql'))) && false === $uploads['error'])) {
return pods_error(__('There was an issue saving the export file in your uploads folder.', 'pods'), true);
}
// Generate unique file name
$filename = wp_unique_filename($uploads['path'], $export_file);
// move the file to the uploads dir
$new_file = $uploads['path'] . '/' . $filename;
file_put_contents($new_file, $this->built);
// Set correct file permissions
$stat = stat(dirname($new_file));
$perms = $stat['mode'] & 0666;
@chmod($new_file, $perms);
// Get the file type
$wp_filetype = wp_check_filetype($filename, $this->mimes);
// construct the attachment array
$attachment = array('post_mime_type' => !$wp_filetype['type'] ? 'text/' . $extension : $wp_filetype['type'], 'guid' => $uploads['url'] . '/' . $filename, 'post_parent' => null, 'post_title' => 'Pods Export (' . $export_file . ')', 'post_content' => '', 'post_status' => 'private');
// insert attachment
$attachment_id = wp_insert_attachment($attachment, $new_file);
// error!
if (is_wp_error($attachment_id)) {
return pods_error(__('There was an issue saving the export file in your uploads folder.', 'pods'), true);
}
return $attachment['guid'];
}
/**
* @static
*
* Run a helper within a Pod Page or WP Template
*
* $params['helper'] string Helper name
* $params['value'] string Value to run Helper on
* $params['name'] string Field name
*
* @param array $params An associative array of parameters
* @param null $obj
*
* @return mixed Anything returned by the helper
* @since 2.0
*/
public static function helper($params, $obj = null)
{
/**
* @var $obj Pods
*/
if (!empty($obj)) {
self::$obj =& $obj;
} else {
$obj =& self::$obj;
}
if (empty($obj) || !is_object($obj)) {
return '';
}
$defaults = array('helper' => '', 'value' => '', 'name' => '', 'deprecated' => false);
if (is_array($params)) {
$params = array_merge($defaults, $params);
} else {
$params = $defaults;
}
$params = (object) $params;
if (empty($params->helper)) {
return pods_error('Helper name required', $obj);
} elseif (!is_array($params->helper)) {
$params->helper = trim($params->helper);
}
if (!isset($params->value)) {
$params->value = null;
}
if (true === $params->deprecated && is_array($params->value) && !empty($params->value) && !isset($params->value[0])) {
$params->value = array($params->value);
}
if (!isset($params->name)) {
$params->name = null;
}
$helper = $obj->api->load_helper(array('name' => $params->helper));
ob_start();
if (!empty($helper) && !empty($helper['code'])) {
$code = $helper['code'];
$code = str_replace('$this->', '$obj->', $code);
$value =& $params->value;
$name =& $params->name;
$_safe_params = $params;
if (!defined('PODS_DISABLE_EVAL') || !PODS_DISABLE_EVAL) {
eval("?>{$code}");
} else {
echo $code;
}
$params = $_safe_params;
} elseif (is_callable((string) $params->helper)) {
echo call_user_func((string) $params->helper, $params->value, $params->name, $params, $obj);
}
$out = ob_get_clean();
$out = apply_filters('pods_helpers_post_helper', $out, $params, $helper);
$out = apply_filters('pods_helpers_post_helper_' . $helper['slug'], $out, $params, $helper);
return $out;
}
/**
* Handle plupload AJAX
*
* @since 2.3
*/
public function admin_ajax_upload()
{
if (false === headers_sent()) {
if ('' == session_id()) {
@session_start();
}
}
// Sanitize input
$params = stripslashes_deep((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$methods = array('upload');
if (!isset($params->method) || !in_array($params->method, $methods) || !isset($params->pod) || !isset($params->field) || !isset($params->uri) || empty($params->uri)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (!empty($params->pod) && empty($params->field)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (empty($params->pod) && !current_user_can('upload_files')) {
pods_error('Invalid AJAX request', PodsInit::$admin);
}
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
global $current_user;
unset($current_user);
/**
* Access Checking
*/
$upload_disabled = false;
if (defined('PODS_DISABLE_FILE_UPLOAD') && true === PODS_DISABLE_FILE_UPLOAD) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && true === PODS_UPLOAD_REQUIRE_LOGIN && !is_user_logged_in()) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && !is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && (!is_user_logged_in() || !current_user_can(PODS_UPLOAD_REQUIRE_LOGIN))) {
$upload_disabled = true;
}
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_upload_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (true === $upload_disabled || !isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$pod = array();
$field = array('type' => 'file', 'options' => array());
$api = pods_api();
if (!empty($params->pod)) {
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field));
if (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
}
if (!in_array($field['type'], PodsForm::file_field_types())) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
}
$method = $params->method;
// Cleaning up $params
unset($params->action);
unset($params->method);
unset($params->_wpnonce);
$params->post_id = pods_var('post_id', $params, 0, null, true);
/**
* Upload a new file (advanced - returns URL and ID)
*/
if ('upload' == $method) {
$file = $_FILES['Filedata'];
$limit_size = pods_var($field['type'] . '_restrict_filesize', $field['options']);
if (!empty($limit_size)) {
if (false !== stripos($limit_size, 'MB')) {
$limit_size = (double) trim(str_ireplace('MB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to KB to B
} elseif (false !== stripos($limit_size, 'KB')) {
$limit_size = (double) trim(str_ireplace('KB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to B
} elseif (false !== stripos($limit_size, 'GB')) {
$limit_size = (double) trim(str_ireplace('GB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025 * 1025;
// convert to MB to KB to B
} elseif (false !== stripos($limit_size, 'B')) {
$limit_size = (double) trim(str_ireplace('B', '', $limit_size));
} else {
$limit_size = wp_max_upload_size();
}
if (0 < $limit_size && $limit_size < $file['size']) {
$error = __('File size too large, max size is %s', 'pods');
$error = sprintf($error, pods_var($field['type'] . '_restrict_filesize', $field['options']));
pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
}
}
$limit_file_type = pods_var($field['type'] . '_type', $field['options'], 'images');
if ('images' == $limit_file_type) {
$limit_types = 'jpg,png,gif';
} elseif ('video' == $limit_file_type) {
$limit_types = 'mpg,mov,flv,mp4';
} elseif ('audio' == $limit_file_type) {
$limit_types = 'mp3,m4a,wav,wma';
} elseif ('text' == $limit_file_type) {
$limit_types = 'txt,rtx,csv,tsv';
} elseif ('any' == $limit_file_type) {
$limit_types = '';
} else {
$limit_types = pods_var($field['type'] . '_allowed_extensions', $field['options'], '', null, true);
}
$limit_types = trim(str_replace(array(' ', '.', "\n", "\t", ';'), array('', ',', ',', ','), $limit_types), ',');
if (pods_version_check('wp', '3.5')) {
$mime_types = wp_get_mime_types();
if (in_array($limit_file_type, array('images', 'audio', 'video'))) {
$new_limit_types = array();
foreach ($mime_types as $type => $mime) {
if (0 === strpos($mime, $limit_file_type)) {
$type = explode('|', $type);
$new_limit_types = array_merge($new_limit_types, $type);
}
}
if (!empty($new_limit_types)) {
$limit_types = implode(',', $new_limit_types);
}
} elseif ('any' != $limit_file_type) {
$new_limit_types = array();
$limit_types = explode(',', $limit_types);
foreach ($limit_types as $k => $limit_type) {
$found = false;
foreach ($mime_types as $type => $mime) {
if (0 === strpos($mime, $limit_type)) {
$type = explode('|', $type);
foreach ($type as $t) {
if (!in_array($t, $new_limit_types)) {
$new_limit_types[] = $t;
}
}
$found = true;
}
}
if (!$found) {
$new_limit_types[] = $limit_type;
}
}
if (!empty($new_limit_types)) {
$limit_types = implode(',', $new_limit_types);
}
}
}
$limit_types = explode(',', $limit_types);
$limit_types = array_filter(array_unique($limit_types));
if (!empty($limit_types)) {
$ok = false;
foreach ($limit_types as $limit_type) {
$limit_type = '.' . trim($limit_type, ' .');
$pos = strlen($file['name']) - strlen($limit_type);
if ($pos === stripos($file['name'], $limit_type)) {
$ok = true;
break;
}
}
if (false === $ok) {
$error = __('File type not allowed, please use one of the following: %s', 'pods');
$error = sprintf($error, '.' . implode(', .', $limit_types));
pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
}
}
$custom_handler = apply_filters('pods_upload_handle', null, 'Filedata', $params->post_id, $params);
if (null === $custom_handler) {
$attachment_id = media_handle_upload('Filedata', $params->post_id);
if (is_object($attachment_id)) {
$errors = array();
foreach ($attachment_id->errors['upload_error'] as $error_code => $error_message) {
$errors[] = '[' . $error_code . '] ' . $error_message;
}
pods_error('<div style="color:#FF0000">Error: ' . implode('</div><div>', $errors) . '</div>');
} else {
$attachment = get_post($attachment_id, ARRAY_A);
$attachment['filename'] = basename($attachment['guid']);
$thumb = wp_get_attachment_image_src($attachment['ID'], 'thumbnail', true);
$attachment['thumbnail'] = $thumb[0];
$attachment = apply_filters('pods_upload_attachment', $attachment, $params->post_id);
wp_send_json($attachment);
}
}
}
die;
// KBAI!
}
/**
*
*
* @since 2.0
*/
private function migrate_taxonomy($taxonomy)
{
$params = array('type' => 'taxonomy', 'storage' => 'table', 'object' => '', 'name' => pods_var_raw('name', $taxonomy), 'label' => pods_var_raw('label', $taxonomy), 'label_singular' => pods_var_raw('singular_label', $taxonomy), 'public' => 1, 'show_ui' => (int) pods_var_raw('show_ui', $taxonomy), 'hierarchical' => (int) pods_var_raw('hierarchical', $taxonomy), 'query_var' => (int) pods_var_raw('query_var', $taxonomy), 'rewrite' => (int) pods_var_raw('rewrite', $taxonomy), 'rewrite_custom_slug' => pods_var_raw('rewrite_slug', $taxonomy), 'label_search_items' => pods_var_raw('search_items', $taxonomy[0]), 'label_popular_items' => pods_var_raw('popular_items', $taxonomy[0]), 'label_all_items' => pods_var_raw('all_items', $taxonomy[0]), 'label_parent' => pods_var_raw('parent_item', $taxonomy[0]), 'label_parent_item_colon' => pods_var_raw('parent_item_colon', $taxonomy[0]), 'label_edit' => pods_var_raw('edit_item', $taxonomy[0]), 'label_update_item' => pods_var_raw('update_item', $taxonomy[0]), 'label_add_new' => pods_var_raw('add_new_item', $taxonomy[0]), 'label_new_item' => pods_var_raw('new_item_name', $taxonomy[0]), 'label_separate_items_with_commas' => pods_var_raw('separate_items_with_commas', $taxonomy[0]), 'label_add_or_remove_items' => pods_var_raw('add_or_remove_items', $taxonomy[0]), 'label_choose_from_the_most_used' => pods_var_raw('choose_from_most_used', $taxonomy[0]));
// Migrate attach-to
$attach = $taxonomy[1];
if (is_array($attach)) {
foreach ($attach as $type_name) {
$params['built_in_post_types_' . $type_name] = 1;
}
}
if (!is_object($this->api)) {
$this->api = pods_api();
}
$pod = $this->api->load_pod(array('name' => pods_clean_name($params['name'])), false);
if (!empty($pod)) {
return pods_error(sprintf(__('Pod with the name %s already exists', 'pods'), pods_clean_name($params['name'])));
}
$id = (int) $this->api->save_pod($params);
if (empty($id)) {
return false;
}
$pod = $this->api->load_pod(array('id' => $id), false);
if (empty($pod)) {
return false;
}
if ($pod['name'] != $params['name']) {
$this->api->rename_wp_object($params['type '], $params['name'], $pod['name']);
}
return $id;
}
/**
* @param $params
*
* @return mixed|void
*/
public function ajax($params)
{
if (!isset($params->step)) {
return pods_error(__('Invalid upgrade process.', 'pods'));
}
if (!isset($params->type)) {
return pods_error(__('Invalid upgrade method.', 'pods'));
}
if (!method_exists($this, $params->step . '_' . $params->type)) {
return pods_error(__('Upgrade method not found.', 'pods'));
}
return call_user_func(array($this, $params->step . '_' . $params->type), $params);
}
/**
* Handle the Edit Role AJAX
*
* @todo allow rename role_label
*
* @param $params
* @return bool|mixed|void
*/
public function ajax_edit($params)
{
global $wp_roles;
$capabilities = $this->get_capabilities();
$params->capabilities = (array) pods_var_raw('capabilities', $params, array());
$params->custom_capabilities = (array) pods_var_raw('custom_capabilities', $params, array());
$params->custom_capabilities = array_filter(array_unique($params->custom_capabilities));
if (!isset($params->id) || empty($params->id) || !isset($wp_roles->role_objects[$params->id])) {
return pods_error(__('Role not found, cannot edit it.', 'pods'));
}
/**
* @var $role WP_Role
*/
$role = $wp_roles->role_objects[$params->id];
$role_name = $params->id;
$role_label = $wp_roles->role_names[$params->id];
$role_capabilities = $role->capabilities;
$new_capabilities = array();
foreach ($params->capabilities as $capability => $x) {
if (empty($capability) || true !== (bool) $x) {
continue;
}
$new_capabilities[] = esc_attr($capability);
if (!$role->has_cap($capability)) {
$role->add_cap($capability);
}
}
foreach ($params->custom_capabilities as $x => $capability) {
if (empty($capability)) {
continue;
}
if (in_array($capability, $new_capabilities)) {
continue;
}
$new_capabilities[] = esc_attr($capability);
if (!$role->has_cap($capability)) {
$role->add_cap($capability);
}
}
foreach ($role_capabilities as $capability => $x) {
if (!in_array($capability, $new_capabilities) && false === strpos($capability, 'level_')) {
$role->remove_cap($capability);
}
}
return true;
}