if (!is_array($_POST[$key])) { $postvals[$key] = appthemes_clean($value); } else { $postvals[$key] = array_map('appthemes_clean', $value); } } // keep only numeric, commas or decimal values $postvals['cp_price'] = empty($_POST['cp_price']) ? '' : appthemes_clean_price($_POST['cp_price']); if (isset($postvals['cp_currency']) && !empty($postvals['cp_currency'])) { $price_curr = $postvals['cp_currency']; } else { $price_curr = $cp_options->curr_symbol; } // keep only values and insert/strip commas if needed if (!empty($_POST['tags_input'])) { $postvals['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $_POST['tags_input'] = $postvals['tags_input']; } // store the user IP address, ID for later $postvals['cp_sys_userIP'] = appthemes_get_ip(); $postvals['user_id'] = $current_user->ID; $ad_pack_id = isset($_POST['ad_pack_id']) ? appthemes_numbers_only($_POST['ad_pack_id']) : false; if ($ad_pack_id) { $postvals['pack_duration'] = cp_get_ad_pack_length($ad_pack_id); } $coupon = false; if (cp_payments_is_enabled()) { // see if the featured ad checkbox has been checked if (isset($_POST['featured_ad'])) { $postvals['featured_ad'] = $_POST['featured_ad']; // get the featured ad price into the array
function cp_update_listing() { global $wpdb, $cp_options; // check to see if html is allowed if (!$cp_options->allow_html) { $post_content = appthemes_filter($_POST['post_content']); } else { $post_content = wp_kses_post($_POST['post_content']); } // keep only numeric, commas or decimal values if (!empty($_POST['cp_price'])) { $_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']); } // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); } // put all the ad elements into an array // these are the minimum required fields for WP (except tags) $update_ad = array(); $update_ad['ID'] = trim($_POST['ad_id']); $update_ad['post_title'] = appthemes_filter($_POST['post_title']); $update_ad['post_content'] = trim($post_content); if ($cp_options->moderate_edited_ads) { $update_ad['post_status'] = 'pending'; } // update the ad and return the ad id $post_id = wp_update_post($update_ad); if (!$post_id) { return false; } //update post custom taxonomy "ad_tags" // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); $settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG); } // assemble the comma separated hidden fields back into an array so we can save them. $metafields = explode(',', $_POST['custom_fields_vals']); // loop through all custom meta fields and update values foreach ($metafields as $name) { if (!isset($_POST[$name])) { delete_post_meta($post_id, $name); } else { if (is_array($_POST[$name])) { delete_post_meta($post_id, $name); foreach ($_POST[$name] as $checkbox_value) { add_post_meta($post_id, $name, wp_kses_post($checkbox_value)); } } else { update_post_meta($post_id, $name, wp_kses_post($_POST[$name])); } } } cp_action_update_listing($post_id); return $post_id; }
function cp_update_listing() { global $wpdb; // check to see if html is allowed if (get_option('cp_allow_html') != 'yes') { $post_content = appthemes_filter($_POST['post_content']); } else { $post_content = $_POST['post_content']; } // keep only numeric, commas or decimal values if (!empty($_POST['cp_price'])) { $_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']); } // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); } // put all the ad elements into an array // these are the minimum required fields for WP (except tags) $update_ad = array(); $update_ad['ID'] = trim($_POST['ad_id']); $update_ad['post_title'] = appthemes_filter($_POST['post_title']); $update_ad['post_content'] = trim($post_content); //$update_ad['post_category'] = array((int)appthemes_filter($_POST['cat'])); // maybe use later if we decide to let users change categories // make sure the WP sanitize_post function doesn't strip out embed & other html if (get_option('cp_allow_html') == 'yes') { $update_ad['filter'] = true; } //print_r($update_ad).' <- new ad array<br>'; // for debugging // update the ad and return the ad id $post_id = wp_update_post($update_ad); if ($post_id) { //update post custom taxonomy "ad_tags" // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); $settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG); //echo 'Update Tags or Erro:'.print_r($settags, true); } // assemble the comma separated hidden fields back into an array so we can save them. $metafields = explode(',', $_POST['custom_fields_vals']); // loop through all custom meta fields and update values foreach ($metafields as $name) { if (!isset($_POST[$name])) { delete_post_meta($post_id, $name); } else { if (is_array($_POST[$name])) { delete_post_meta($post_id, $name); foreach ($_POST[$name] as $checkbox_value) { add_post_meta($post_id, $name, $checkbox_value); } } else { update_post_meta($post_id, $name, $_POST[$name]); } } } $errmsg = '<div class="box-yellow"><b>' . __('Your ad has been successfully updated.', 'appthemes') . '</b> <a href="' . CP_DASHBOARD_URL . '">' . __('Return to my dashboard', 'appthemes') . '</a></div>'; // send out the email notifications cp_edited_ad_email($post_id); } else { // the ad wasn't updated so throw an error $errmsg = '<div class="box-red"><b>' . __('There was an error trying to update your ad.', 'appthemes') . '</b></div>'; } return $errmsg; }
function cp_update_listing() { global $wpdb; // check to see if html is allowed if (get_option('cp_allow_html') != 'yes') { $post_content = appthemes_filter($_POST['post_content']); } else { $post_content = $_POST['post_content']; } // keep only numeric, commas or decimal values if (!empty($_POST['cp_price'])) { $_POST['cp_price'] = appthemes_clean_price($_POST['cp_price']); } // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); } // put all the ad elements into an array // these are the minimum required fields for WP (except tags) $update_ad = array(); $update_ad['ID'] = trim($_POST['ad_id']); $update_ad['post_title'] = appthemes_filter($_POST['post_title']); $update_ad['post_content'] = trim($post_content); //$update_ad['post_category'] = array((int)appthemes_filter($_POST['cat'])); // maybe use later if we decide to let users change categories //print_r($update_ad).' <- new ad array<br>'; // for debugging // update the ad and return the ad id $post_id = wp_update_post($update_ad); if ($post_id) { //update post custom taxonomy "ad_tags" // keep only values and insert/strip commas if needed and put into an array if (!empty($_POST['tags_input'])) { $_POST['tags_input'] = appthemes_clean_tags($_POST['tags_input']); $new_tags = explode(',', $_POST['tags_input']); $settags = wp_set_object_terms($post_id, $new_tags, APP_TAX_TAG); //echo 'Update Tags or Erro:'.print_r($settags, true); } // assemble the comma separated hidden fields back into an array so we can save them. $metafields = explode(',', $_POST['custom_fields_vals']); // loop through all custom meta fields and update values foreach ($metafields as $name) { if (!isset($_POST[$name])) { delete_post_meta($post_id, $name); } else { if (is_array($_POST[$name])) { delete_post_meta($post_id, $name); foreach ($_POST[$name] as $checkbox_value) { add_post_meta($post_id, $name, $checkbox_value); } } else { update_post_meta($post_id, $name, $_POST[$name]); } } } $result = $post_id; cp_action_update_listing($post_id); } else { // the ad wasn't updated $result = false; } return $result; }
/** * Returns cleaned fields that we expect. * * return array */ protected function clean_expected_fields() { global $cp_options; $posted = array(); foreach ($this->expected_fields() as $field) { $posted[$field] = isset($_POST[$field]) ? $_POST[$field] : ''; if (!is_array($posted[$field])) { $posted[$field] = appthemes_clean($posted[$field]); if (appthemes_str_starts_with($field, 'cp_')) { $posted[$field] = wp_kses_post($posted[$field]); } } else { $posted[$field] = array_map('appthemes_clean', $posted[$field]); if (appthemes_str_starts_with($field, 'cp_')) { $posted[$field] = array_map('wp_kses_post', $posted[$field]); } } if ($field == 'cp_price') { $posted[$field] = appthemes_clean_price($posted[$field]); } if ($field == 'tags_input') { $posted[$field] = appthemes_clean_tags($posted[$field]); $posted[$field] = wp_kses_post($posted[$field]); } if ($field == 'post_content') { // check to see if html is allowed if (!$cp_options->allow_html) { $posted[$field] = appthemes_filter($posted[$field]); } else { $posted[$field] = wp_kses_post($posted[$field]); } } if ($field == 'post_title') { $posted[$field] = appthemes_filter($posted[$field]); } } return $posted; }