/**
* Submit processing for admin_options view
*
* @uses update_option()
* @uses wp_die()
* @uses wp_verify_nonce()
*/
private function _submit_admin_options()
{
$code_snippet = wp_check_invalid_utf8(htmlentities(stripslashes($_REQUEST['single_drop']), ENT_QUOTES, "UTF-8"));
$caching = "";
update_option($this->slug . '_single_drop', $code_snippet);
// Other cache sources
if (defined('WP_CACHE') && WP_CACHE == true) {
$caching = "other";
}
// Check for CloudFlare
if (defined('CLOUDFLARE_VERSION')) {
$caching = "cloudflare";
}
// Check for W3 Total Cache
if (defined('W3TC')) {
if (function_exists('w3tc_pgcache_flush_url')) {
w3tc_pgcache_flush_url("/");
$caching = "";
} else {
$caching = "w3-total-cache";
}
}
// Check for WP Super Cache
if (function_exists('wpsupercache_site_admin')) {
$caching = "wp-super-cache";
}
// Check for Quick Cache
if (class_exists('\\quick_cache\\plugin')) {
$caching = "quick-cache";
}
wp_redirect(admin_url('admin.php') . '?page=' . $this->slug . '&message=submit&caching=' . $caching);
exit;
}
/**
* Sanitize each setting field as needed
*
* @param array $input Contains all settings fields as array keys
*/
public function sanitize($input)
{
if (isset($input['widget_rememberme'])) {
$new_input['widget_rememberme'] = absint($input['widget_rememberme']);
}
if (isset($input['code_reset_email_text'])) {
$filtered = wp_check_invalid_utf8($input['code_reset_email_text']);
}
$new_input['code_reset_email_text'] = wp_strip_all_tags($filtered);
return $new_input;
}
function of_sanitize_text_field($value, $option)
{
$defaults = array('html' => false);
$option = array_merge($defaults, $option);
if ($option['html']) {
// don't strip html tags
return wp_check_invalid_utf8($value);
} else {
return sanitize_text_field($value);
}
}
public function build_csp()
{
$csp = $this->options['content_security_policy'];
if (!empty($this->options['csp_report_url'])) {
$csp .= "; report-uri ";
$csp .= $this->options['csp_report_url'];
}
$this->csp = _wp_specialchars(wp_check_invalid_utf8($csp), 'double');
if (!$this->options['enforce_csp']) {
$this->csp_type .= '-Report-Only';
}
}
function wpcf7_sanitize_query_var($text)
{
$text = wp_unslash($text);
$text = wp_check_invalid_utf8($text);
if (false !== strpos($text, '<')) {
$text = wp_pre_kses_less_than($text);
$text = wp_strip_all_tags($text);
}
$text = preg_replace('/%[a-f0-9]{2}/i', '', $text);
$text = preg_replace('/ +/', ' ', $text);
$text = trim($text, ' ');
return $text;
}
/**
* @return array
* @author Panagiotis Vagenas <*****@*****.**>
* @since 151229
*/
protected function validateInvoicePostFields()
{
if (!$this->isTimologioRequest()) {
return array();
}
$validated = array();
foreach ($this->fields as $fieldName) {
$value = isset($_POST[$fieldName]) ? wp_strip_all_tags(wp_check_invalid_utf8(stripslashes($_POST[$fieldName]))) : '';
if (!empty($value)) {
$validated[$fieldName] = $value;
}
}
return $validated;
}
/**
* Output any queued javascript code in the footer.
*/
function si_print_js()
{
global $si_queued_js;
if (!empty($si_queued_js)) {
// Sanitize.
$si_queued_js = wp_check_invalid_utf8($si_queued_js);
$si_queued_js = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $si_queued_js);
$si_queued_js = str_replace("\r", '', $si_queued_js);
$js = "<!-- Social Icons JavaScript -->\n<script type=\"text/javascript\">\njQuery(function(\$) { {$si_queued_js} });\n</script>\n";
/**
* social_icons_queued_js filter.
* @param string $js JavaScript code.
*/
echo apply_filters('social_icons_queued_js', $js);
unset($si_queued_js);
}
}
/**
* Filter a sanitized multi line text field string without removing linebreaks and tabs.
*
* @since 1.4.3
*
* @param string $filtered The sanitized string.
* @param string $str The string prior to being sanitized.
*/
function sanitize_multiline_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, true);
}
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
return $filtered;
}
function weaverii_validate_all_options($in)
{
/* validation for all options */
$err_msg = '';
// no error message yet
if (empty($in)) {
wp_die(__('You attempted to save options, but something has gone wrong. Please be sure you are logged in and your host is correctly configured. See the "Weaver II Doesn\'t Save Settings" FAQ on weavertheme.com.', 'weaver-ii'));
}
if (!current_user_can('edit_theme_options')) {
wp_die(__('You do not have sufficient permissions to manage options for this site.', 'weaver-ii'));
}
$wvr_last = '';
foreach ($in as $key => $value) {
switch ($key) {
/* -------- integer -------- */
case 'wii_excerpt_length':
if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) {
$opt_id = str_replace('wii_', '', $key);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= weaverii_t_('Option must be an integer value: ') . '"' . $opt_id . '" = "' . $value . '".' . weaverii_t_(' Value has been cleared to blank value') . '<br />';
$in[$key] = '';
}
break;
case 'wii_style_version':
// auto-bumb whenever save options
$vers = $value ? $value + 1 : 1;
// bump or init
$in[$key] = $vers;
break;
/* ---------- text ----------- */
/* ---------- text ----------- */
case 'wii_excerpt_more_msg':
case 'wii_header_maxwidth':
if (!empty($value)) {
$in[$key] = weaverii_filter_textarea($value);
}
break;
case 'wii_themename':
// can't be empty!
if (empty($value)) {
$in[$key] = 'please-give-this-a-name';
} else {
$in[$key] = weaverii_filter_textarea($value);
}
break;
/* code */
/* code */
case '_wii_metainfo':
// meta info for header
// meta info for header
case 'wii_theme_head_opts':
// Predefined Theme CSS Rules
// Predefined Theme CSS Rules
case 'wii_menu_addhtml-left':
// add html to left menu
// add html to left menu
case 'wii_menu_addhtml':
case '_wii_copyright':
// Alternate copyright
// Alternate copyright
case '_wii_css_rows':
case 'ftp_hostname':
case 'ftp_username':
case '_wii_search_button_url':
if (!empty($value)) {
$in[$key] = weaverii_filter_code($value);
}
break;
case 'ftp_password':
// special handling for password
if (!empty($value)) {
$c_t = weaverii_encrypt(trim($value));
$in[$key] = $c_t;
}
break;
case 'wii_perpagewidgets':
// Add widget areas for per page - names must be lower case
if (!empty($value)) {
$in[$key] = strtolower(str_ireplace(' ', '', weaverii_filter_code($value)));
}
break;
/* must not have <style .... </style> */
/* must not have <style .... </style> */
case 'wii_add_css':
// Add CSS Rules to Weaver II's style rules
if (!empty($value)) {
$val = weaverii_filter_code($value);
$in[$key] = $val;
if (stripos($val, '<style') !== false || stripos($val, '</style') !== false) {
$err_msg .= weaverii_t_('"Add CSS Rules" option must not contain <style> tags!') . weaverii_t_(' Please correct your entry.') . '<br />';
}
}
break;
case 'wii_last_option':
// check for wii_last_option...
if (!empty($value)) {
$wvr_last = $value;
}
break;
case 'hide_advanced_btn':
if (stripos($value, 'hide') === false) {
$in['hide_advanced'] = 'show';
} else {
$in['hide_advanced'] = 'hide';
}
break;
case 'hide_advanced':
$val = $value;
if (isset($in['hide_advanced_btn'])) {
if (stripos($in['hide_advanced_btn'], 'hide') === false) {
$val = 'show';
} else {
$val = 'hide';
}
}
$in[$key] = $val;
break;
case '_phpactions':
if (!empty($value)) {
$in[$key] = stripslashes(wp_check_invalid_utf8(addslashes($value)));
}
break;
default:
/* to here, then colors, _css, or checkbox/selectors */
$keylen = strlen($key);
if (strrpos($key, '_css') == $keylen - 4) {
// all _css settings
if (!empty($value)) {
$val = weaverii_filter_code($value);
$in[$key] = $val;
if (strpos($val, '{') === false || strpos($val, '}') === false) {
$opt_id = str_replace('_css', '', $key);
// kill _css
$opt_id = str_replace('wii_', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= weaverii_t_('CSS options must be enclosed in {}\'s: ') . '"' . $opt_id . '" = "' . $value . '".' . weaverii_t_(' Please correct your entry.') . '<br />';
}
}
break;
}
// _css
if (strrpos($key, '_insert') == $keylen - 7) {
// all _insert settings
if (!empty($value)) {
$val = weaverii_filter_code($value);
$in[$key] = $val;
}
break;
}
// _insert
if (strrpos($key, '_url') == $keylen - 4) {
// all _url settings
if (!empty($value)) {
$val = weaverii_filter_code($value);
// can't use esc_url because that forces a leading html{background-image: url(%template_directory%images/addon_themes.png);}
$in[$key] = $val;
}
break;
}
// _insert
if (strrpos($key, '_dec') == $keylen - 4) {
if (!empty($value) && !is_numeric($value)) {
$opt_id = str_replace('wii_', '', $key);
$opt_id = str_replace('_dec', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= weaverii_t_('Option must be a numeric value: ') . '"' . $opt_id . '" = "' . $value . '".' . weaverii_t_(' Value has been cleared to blank value.') . '<br />';
$in[$key] = '';
}
break;
}
if (strrpos($key, '_int') == $keylen - 4 || strrpos($key, '_X') == $keylen - 2 || strrpos($key, '_Y') == $keylen - 2 || strrpos($key, '_L') == $keylen - 2 || strrpos($key, '_R') == $keylen - 2 || strrpos($key, '_T') == $keylen - 2 || strrpos($key, '_B') == $keylen - 2) {
if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) {
$opt_id = str_replace('wii_', '', $key);
$opt_id = str_replace('_int', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= weaverii_t_('Option must be a numeric value: ') . '"' . $opt_id . '" = "' . $value . '".' . weaverii_t_(' Value has been cleared to blank value.') . '<br />';
$in[$key] = '';
}
break;
}
if (strrpos($key, 'color') == $keylen - 5) {
// _bgcolor and _color (order here important - after _css, etc.)
if (!empty($value)) {
$val = weaverii_filter_code($value);
if (preg_match('/^#?+[0-9a-f]{3}(?:[0-9a-f]{3})?$/i', $val)) {
// hex value
$val = strtoupper($val);
// force hex values to upper case, just to be tidy
if ($val[0] != '#') {
$val = '#' . $val;
}
$in[$key] = $val;
} else {
if (preg_match("/^([a-zA-Z])+\$/i", $val)) {
// name - all letters
$in[$key] = $val;
} else {
// only legal things left are rgb and rgba
$isrgb = strpos($val, 'rgb');
if ($isrgb === false || $isrgb != 0) {
$in[$key] = '';
$err_msg .= 'Color must be a valid # hex value, rgb value, or color name (a-z): ' . '"' . $key . '" = "' . $value . '".' . ' Value has been cleared to blank value.' . '<br />';
} else {
$in[$key] = $val;
}
}
}
}
break;
}
if (!empty($value) && is_string($value) && !is_numeric($value)) {
$in[$key] = weaverii_filter_textarea($value);
}
break;
}
}
/* if ($wvr_last != 'Weaver II') {
$err_msg .= 'Warning - your host may be configured to limit how many input var options you are allowed to pass via PHP.' .
' Unfortunately, this means your settings may not be saved correctly. See the "Weaver II Doesn\'t Save Settings" FAQ on weavertheme.com.<br />';
} */
if (!empty($err_msg)) {
add_settings_error('weaverii_settings', 'settings_error', $err_msg, 'error');
} else {
add_settings_error('weaverii_settings', 'settings_updated', weaverii_t_('Weaver II Settings Saved.'), 'updated');
}
// $GLOBALS['wvrNoSettings'] = false; // we've saved now
return $in;
}
/**
* Sanitize a string from user input or from the db
*
* check for invalid UTF-8,
* Convert single < characters to entity,
* strip all tags,
* remove line breaks, tabs and extra white space,
* strip octets.
*
* @since 2.9.0
*
* @param string $str
* @return string
*/
function sanitize_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered));
}
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
/**
* Filter a sanitized text field string.
*
* @since 2.9.0
*
* @param string $filtered The sanitized string.
* @param string $str The string prior to being sanitized.
*/
return apply_filters('sanitize_text_field', $filtered, $str);
}
function esc_attr($text)
{
$safe_text = wp_check_invalid_utf8($text);
$safe_text = _wp_specialchars($safe_text, ENT_QUOTES);
return apply_filters('attribute_escape', $safe_text, $text);
}
/**
* Process the checkout after the confirm order button is pressed
*
* @access public
* @return void
*/
public function process_checkout()
{
global $wpdb, $current_user;
wp_verify_nonce($_POST['_wpnonce'], 'woocommerce-process_checkout');
if (!defined('WOOCOMMERCE_CHECKOUT')) {
define('WOOCOMMERCE_CHECKOUT', true);
}
// Prevent timeout
@set_time_limit(0);
do_action('woocommerce_before_checkout_process');
if (sizeof(WC()->cart->get_cart()) == 0) {
wc_add_notice(sprintf(__('Sorry, your session has expired. <a href="%s" class="wc-backward">Return to homepage</a>', 'woocommerce'), home_url()), 'error');
}
do_action('woocommerce_checkout_process');
// Checkout fields (not defined in checkout_fields)
$this->posted['terms'] = isset($_POST['terms']) ? 1 : 0;
$this->posted['createaccount'] = isset($_POST['createaccount']) ? 1 : 0;
$this->posted['payment_method'] = isset($_POST['payment_method']) ? stripslashes($_POST['payment_method']) : '';
$this->posted['shipping_method'] = isset($_POST['shipping_method']) ? $_POST['shipping_method'] : '';
$this->posted['ship_to_different_address'] = isset($_POST['ship_to_different_address']) ? true : false;
if (isset($_POST['shiptobilling'])) {
_deprecated_argument('WC_Checkout::process_checkout()', '2.1', 'The "shiptobilling" field is deprecated. THe template files are out of date');
$this->posted['ship_to_different_address'] = $_POST['shiptobilling'] ? false : true;
}
// Ship to billing only option
if (WC()->cart->ship_to_billing_address_only()) {
$this->posted['ship_to_different_address'] = false;
}
// Update customer shipping and payment method to posted method
$chosen_shipping_methods = WC()->session->get('chosen_shipping_methods');
if (isset($this->posted['shipping_method']) && is_array($this->posted['shipping_method'])) {
foreach ($this->posted['shipping_method'] as $i => $value) {
$chosen_shipping_methods[$i] = wc_clean($value);
}
}
WC()->session->set('chosen_shipping_methods', $chosen_shipping_methods);
WC()->session->set('chosen_payment_method', $this->posted['payment_method']);
// Note if we skip shipping
$skipped_shipping = false;
// Get posted checkout_fields and do validation
foreach ($this->checkout_fields as $fieldset_key => $fieldset) {
// Skip shipping if not needed
if ($fieldset_key == 'shipping' && ($this->posted['ship_to_different_address'] == false || !WC()->cart->needs_shipping())) {
$skipped_shipping = true;
continue;
}
// Ship account if not needed
if ($fieldset_key == 'account' && (is_user_logged_in() || $this->must_create_account == false && empty($this->posted['createaccount']))) {
continue;
}
foreach ($fieldset as $key => $field) {
if (!isset($field['type'])) {
$field['type'] = 'text';
}
// Get Value
switch ($field['type']) {
case "checkbox":
$this->posted[$key] = isset($_POST[$key]) ? 1 : 0;
break;
case "multiselect":
$this->posted[$key] = isset($_POST[$key]) ? implode(', ', array_map('wc_clean', $_POST[$key])) : '';
break;
case "textarea":
$this->posted[$key] = isset($_POST[$key]) ? wp_strip_all_tags(wp_check_invalid_utf8(stripslashes($_POST[$key]))) : '';
break;
default:
$this->posted[$key] = isset($_POST[$key]) ? wc_clean($_POST[$key]) : '';
break;
}
// Hooks to allow modification of value
$this->posted[$key] = apply_filters('woocommerce_process_checkout_' . sanitize_title($field['type']) . '_field', $this->posted[$key]);
$this->posted[$key] = apply_filters('woocommerce_process_checkout_field_' . $key, $this->posted[$key]);
// Validation: Required fields
if (isset($field['required']) && $field['required'] && empty($this->posted[$key])) {
wc_add_notice('<strong>' . $field['label'] . '</strong> ' . __('is a required field.', 'woocommerce'), 'error');
}
if (!empty($this->posted[$key])) {
// Validation rules
if (!empty($field['validate']) && is_array($field['validate'])) {
foreach ($field['validate'] as $rule) {
switch ($rule) {
case 'postcode':
$this->posted[$key] = strtoupper(str_replace(' ', '', $this->posted[$key]));
if (!WC_Validation::is_postcode($this->posted[$key], $_POST[$fieldset_key . '_country'])) {
wc_add_notice(__('Please enter a valid postcode/ZIP.', 'woocommerce'), 'error');
} else {
$this->posted[$key] = wc_format_postcode($this->posted[$key], $_POST[$fieldset_key . '_country']);
}
break;
case 'phone':
$this->posted[$key] = wc_format_phone_number($this->posted[$key]);
if (!WC_Validation::is_phone($this->posted[$key])) {
wc_add_notice('<strong>' . $field['label'] . '</strong> ' . __('is not a valid phone number.', 'woocommerce'), 'error');
}
break;
case 'email':
$this->posted[$key] = strtolower($this->posted[$key]);
if (!is_email($this->posted[$key])) {
wc_add_notice('<strong>' . $field['label'] . '</strong> ' . __('is not a valid email address.', 'woocommerce'), 'error');
}
break;
case 'state':
// Get valid states
$valid_states = WC()->countries->get_states($_POST[$fieldset_key . '_country']);
if ($valid_states) {
$valid_state_values = array_flip(array_map('strtolower', $valid_states));
}
// Convert value to key if set
if (isset($valid_state_values[strtolower($this->posted[$key])])) {
$this->posted[$key] = $valid_state_values[strtolower($this->posted[$key])];
}
// Only validate if the country has specific state options
if ($valid_states && sizeof($valid_states) > 0) {
if (!in_array($this->posted[$key], array_keys($valid_states))) {
wc_add_notice('<strong>' . $field['label'] . '</strong> ' . __('is not valid. Please enter one of the following:', 'woocommerce') . ' ' . implode(', ', $valid_states), 'error');
}
}
break;
}
}
}
}
}
}
// Update customer location to posted location so we can correctly check available shipping methods
if (isset($this->posted['billing_country'])) {
WC()->customer->set_country($this->posted['billing_country']);
}
if (isset($this->posted['billing_state'])) {
WC()->customer->set_state($this->posted['billing_state']);
}
if (isset($this->posted['billing_postcode'])) {
WC()->customer->set_postcode($this->posted['billing_postcode']);
}
// Shipping Information
if (!$skipped_shipping) {
// Update customer location to posted location so we can correctly check available shipping methods
if (isset($this->posted['shipping_country'])) {
WC()->customer->set_shipping_country($this->posted['shipping_country']);
}
if (isset($this->posted['shipping_state'])) {
WC()->customer->set_shipping_state($this->posted['shipping_state']);
}
if (isset($this->posted['shipping_postcode'])) {
WC()->customer->set_shipping_postcode($this->posted['shipping_postcode']);
}
} else {
// Update customer location to posted location so we can correctly check available shipping methods
if (isset($this->posted['billing_country'])) {
WC()->customer->set_shipping_country($this->posted['billing_country']);
}
if (isset($this->posted['billing_state'])) {
WC()->customer->set_shipping_state($this->posted['billing_state']);
}
if (isset($this->posted['billing_postcode'])) {
WC()->customer->set_shipping_postcode($this->posted['billing_postcode']);
}
}
// Update cart totals now we have customer address
WC()->cart->calculate_totals();
// Terms
if (!isset($_POST['woocommerce_checkout_update_totals']) && empty($this->posted['terms']) && wc_get_page_id('terms') > 0) {
wc_add_notice(__('You must accept our Terms & Conditions.', 'woocommerce'), 'error');
}
if (WC()->cart->needs_shipping()) {
if (!in_array(WC()->customer->get_shipping_country(), array_keys(WC()->countries->get_shipping_countries()))) {
wc_add_notice(sprintf(__('Unfortunately <strong>we do not ship to %s</strong>. Please enter an alternative shipping address.', 'woocommerce'), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country()), 'error');
}
// Validate Shipping Methods
$packages = WC()->shipping->get_packages();
$this->shipping_methods = WC()->session->get('chosen_shipping_methods');
foreach ($packages as $i => $package) {
if (!isset($package['rates'][$this->shipping_methods[$i]])) {
wc_add_notice(__('Invalid shipping method.', 'woocommerce'), 'error');
$this->shipping_methods[$i] = '';
}
}
}
if (WC()->cart->needs_payment()) {
// Payment Method
$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
if (!isset($available_gateways[$this->posted['payment_method']])) {
$this->payment_method = '';
wc_add_notice(__('Invalid payment method.', 'woocommerce'), 'error');
} else {
$this->payment_method = $available_gateways[$this->posted['payment_method']];
$this->payment_method->validate_fields();
}
}
// Action after validation
do_action('woocommerce_after_checkout_validation', $this->posted);
if (!isset($_POST['woocommerce_checkout_update_totals']) && wc_notice_count('error') == 0) {
try {
// Customer accounts
$this->customer_id = apply_filters('woocommerce_checkout_customer_id', get_current_user_id());
if (!is_user_logged_in() && ($this->must_create_account || !empty($this->posted['createaccount']))) {
$username = !empty($this->posted['account_username']) ? $this->posted['account_username'] : '';
$password = !empty($this->posted['account_password']) ? $this->posted['account_password'] : '';
$new_customer = wc_create_new_customer($this->posted['billing_email'], $username, $password);
if (is_wp_error($new_customer)) {
throw new Exception($new_customer->get_error_message());
}
$this->customer_id = $new_customer;
wc_set_customer_auth_cookie($this->customer_id);
// As we are now logged in, checkout will need to refresh to show logged in data
WC()->session->set('reload_checkout', true);
// Add customer info from other billing fields
if ($this->posted['billing_first_name'] && apply_filters('woocommerce_checkout_update_customer_data', true, $this)) {
$userdata = array('ID' => $this->customer_id, 'first_name' => $this->posted['billing_first_name'] ? $this->posted['billing_first_name'] : '', 'last_name' => $this->posted['billing_last_name'] ? $this->posted['billing_last_name'] : '', 'display_name' => $this->posted['billing_first_name'] ? $this->posted['billing_first_name'] : '');
wp_update_user(apply_filters('woocommerce_checkout_customer_userdata', $userdata, $this));
}
}
// Do a final stock check at this point
$this->check_cart_items();
// Abort if errors are present
if (wc_notice_count('error') > 0) {
throw new Exception();
}
$order_id = $this->create_order();
do_action('woocommerce_checkout_order_processed', $order_id, $this->posted);
// Process payment
if (WC()->cart->needs_payment()) {
// Store Order ID in session so it can be re-used after payment failure
WC()->session->order_awaiting_payment = $order_id;
// Process Payment
$result = $available_gateways[$this->posted['payment_method']]->process_payment($order_id);
// Redirect to success/confirmation/payment page
if ($result['result'] == 'success') {
$result = apply_filters('woocommerce_payment_successful_result', $result, $order_id);
if (is_ajax()) {
echo '<!--WC_START-->' . json_encode($result) . '<!--WC_END-->';
exit;
} else {
wp_redirect($result['redirect']);
exit;
}
}
} else {
if (empty($order)) {
$order = new WC_Order($order_id);
}
// No payment was required for order
$order->payment_complete();
// Empty the Cart
WC()->cart->empty_cart();
// Get redirect
$return_url = $order->get_checkout_order_received_url();
// Redirect to success/confirmation/payment page
if (is_ajax()) {
echo '<!--WC_START-->' . json_encode(array('result' => 'success', 'redirect' => apply_filters('woocommerce_checkout_no_payment_needed_redirect', $return_url, $order))) . '<!--WC_END-->';
exit;
} else {
wp_safe_redirect(apply_filters('woocommerce_checkout_no_payment_needed_redirect', $return_url, $order));
exit;
}
}
} catch (Exception $e) {
if (!empty($e)) {
wc_add_notice($e->getMessage(), 'error');
}
}
}
// endif
// If we reached this point then there were errors
if (is_ajax()) {
ob_start();
wc_print_notices();
$messages = ob_get_clean();
echo '<!--WC_START-->' . json_encode(array('result' => 'failure', 'messages' => $messages, 'refresh' => isset(WC()->session->refresh_totals) ? 'true' : 'false', 'reload' => isset(WC()->session->reload_checkout) ? 'true' : 'false')) . '<!--WC_END-->';
unset(WC()->session->refresh_totals, WC()->session->reload_checkout);
exit;
}
}
function weaverii_filter_code($text)
{
// Much option input from Weaver Xtreme can be code, and thus must not be
// content filtered - at least for admins. The utf8 check is about the extent of it, although even
// that is more restrictive than the standard text widget uses.
// Note: this check also works OK for simple checkboxes/radio buttons/selections,
// so it is ok to blindly pass those options in here, too.
$trimmed = trim($text);
$noslash = stripslashes($trimmed);
if ($trimmed == ' ') {
return '';
}
if (current_user_can('unfiltered_html')) {
return wp_check_invalid_utf8($noslash);
} else {
return wp_filter_post_kses($trimmed);
// wp_filter_post_kses() handles slashes
}
}
/**
* Sanitize a string from user input or from the db
*
* check for invalid UTF-8,
* Convert single < characters to entity,
* strip all tags,
* remove line breaks, tabs and extra whitre space,
* strip octets.
*
* @since 2.9
*
* @param string $str
* @return string
*/
function sanitize_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/\\s+/', ' ', $filtered));
}
$match = array();
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
}
return apply_filters('sanitize_text_field', $filtered, $str);
}
public static function require_billing_information($post_id, $post)
{
// must be shop order
if ($post->post_type != 'shop_order') {
return;
}
// only perform this check if the associated option is on
if (self::$options->{'qsot-require-billing-information'} != 'yes') {
return;
}
// only when the past is being saved in the admin
if (!isset($_POST['action']) || $_POST['action'] != 'editpost') {
return;
}
// load the order
$order = wc_get_order($post_id);
if (!is_object($order) || !isset($order->id)) {
return;
}
// do not perform this check on cancelled orders, because they are irrelevant checks at that point
if ('cancelled' == $order->get_status()) {
return;
}
// ****** most of this is adapted from the checkout logic from WC2.3.x
// get all the fields that we should be validating. derived from checkout process
$fields = WC()->countries->get_address_fields(self::_get_value('_billing_country', $order), '_billing_');
$errors = array();
// cycle through each field, and validate the input
foreach ($fields as $key => $field) {
// make sure we have a field type
if (!isset($field['type'])) {
$field['type'] = 'text';
}
// find the submitted value of the field
switch ($field['type']) {
// checkboxes are on or off
case 'checkbox':
$value = isset($_POST[$key]) ? 1 : 0;
break;
// multiselect boxes have multiple values that need cleaning
// multiselect boxes have multiple values that need cleaning
case 'multiselect':
$value = isset($_POST[$key]) ? implode(', ', array_map('wc_clean', $_POST[$key])) : '';
break;
// textareas allow for lots of text, so clean that up
// textareas allow for lots of text, so clean that up
case 'textarea':
$value = isset($_POST[$key]) ? wp_strip_all_tags(wp_check_invalid_utf8(stripslashes($_POST[$key]))) : '';
break;
// all other fields should be cleaned as well
// all other fields should be cleaned as well
default:
$value = isset($_POST[$key]) ? is_array($_POST[$key]) ? array_map('wc_clean', $_POST[$key]) : wc_clean($_POST[$key]) : '';
break;
}
// allow modification of resulting value
$value = apply_filters('woocommerce_process_checkout_' . sanitize_title($field['type']) . '_field', $value);
$value = apply_filters('woocommerce_process_checkout_field_' . $key, $value);
// check required fields
if (isset($field['required']) && $field['required'] && empty($value)) {
$error[] = '<strong>' . $field['label'] . '</strong> ' . __('is a required field.', 'woocommerce');
}
// some non-empty fields need addtiional validation. handle that here
if (!empty($value)) {
// cycle through the rules
if (isset($field['validate'])) {
foreach ($field['validate'] as $rule) {
// process each rule if it is in the list
switch ($rule) {
// postcodes vary from country to country
case 'postcode':
$value = strtoupper(str_replace(' ', '', $value));
if (!WC_Validation::is_postcode($value, $_POST[$key])) {
$errors[] = __('Please enter a valid postcode/ZIP.', 'woocommerce');
}
break;
// phone digit count and format varies from country to country
// phone digit count and format varies from country to country
case 'phone':
$value = wc_format_phone_number($value);
if (!WC_Validation::is_phone($value)) {
$errors[] = '<strong>' . $field['label'] . '</strong> ' . __('is not a valid phone number.', 'woocommerce');
}
break;
// validate email addresses
// validate email addresses
case 'email':
$value = strtolower($value);
if (!is_email($value)) {
$errors[] = '<strong>' . $field['label'] . '</strong> ' . __('is not a valid email address.', 'woocommerce');
}
break;
// states cound be in different formats or have different values based on the country
// states cound be in different formats or have different values based on the country
case 'state':
$states = WC()->countries->get_states(self::_get_value('_billing_country', $order));
if (!empty($states) && is_array($states)) {
$states = array_flip(array_map('strtolower', $states));
// look up correct value if key exists
if (isset($states[strtolower($value)])) {
$value = $states[strtolower($value)];
}
}
if (!empty($states) && is_array($states) && count($states) > 0) {
if (!in_array($value, $states)) {
$errors[] = '<strong>' . $field['label'] . '</strong> ' . strtolower($value) . ' ' . __('is not valid. Please enter one of the following:', 'woocommerce') . ' ' . implode(', ', $states) . '<pre>' . var_export($states, true) . '</pre>';
}
}
break;
}
}
}
}
}
if (!empty($errors)) {
self::_update_errors($errors, $post_id);
self::_remove_recursive_filters();
self::_disable_emails();
do_action('qsot-before-guest-check-update-order-status', $post);
// if the order is not pending, cancelled or failed, then update the state to pending, so that the admin knows that there is a problem
if (!in_array($order->get_status(), array('pending', 'cancelled', 'failed'))) {
$order->update_status('pending', __('Your current settings require you to provide most billing information for each order.', 'opentickets-community-edition'));
// otherwise, just log a message saying that it is still messed up
} else {
$order->add_order_note(__('Your current settings require you to provide most billing information for each order.', 'opentickets-community-edition'), false);
}
self::_enable_emails();
add_action('save_post', array(__CLASS__, 'enforce_non_guest_orders'), PHP_INT_MAX, 2);
}
}
function dhvc_form_print_js_declaration()
{
global $dhvc_form_js_declaration;
if (!empty($dhvc_form_js_declaration)) {
echo "<script type=\"text/javascript\">\n";
// Sanitize
$dhvc_form_js_declaration = wp_check_invalid_utf8($dhvc_form_js_declaration);
$dhvc_form_js_declaration = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $dhvc_form_js_declaration);
$dhvc_form_js_declaration = str_replace("\r", '', $dhvc_form_js_declaration);
echo $dhvc_form_js_declaration . "\n</script>\n";
unset($dhvc_form_js_declaration);
}
return false;
}
private function sanitize_posted_data($value)
{
if (is_array($value)) {
$value = array_map(array($this, 'sanitize_posted_data'), $value);
} elseif (is_string($value)) {
$value = wp_check_invalid_utf8($value);
$value = wp_kses_no_null($value);
}
return $value;
}
function weaverii_filter_code($text)
{
static $weaverii_allowedadmintags = array('address' => array(), 'a' => array('class' => array(), 'href' => array(), 'id' => array(), 'title' => array(), 'rel' => array(), 'rev' => array(), 'name' => array(), 'target' => array()), 'abbr' => array('class' => array(), 'title' => array()), 'acronym' => array('title' => array()), 'article' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'aside' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'b' => array(), 'big' => array(), 'blockquote' => array('id' => array(), 'cite' => array(), 'class' => array(), 'lang' => array(), 'xml:lang' => array()), 'br' => array('class' => array()), 'button' => array('disabled' => array(), 'name' => array(), 'type' => array(), 'value' => array()), 'caption' => array('align' => array(), 'class' => array()), 'cite' => array('class' => array(), 'dir' => array(), 'lang' => array(), 'title' => array()), 'code' => array('style' => array()), 'col' => array('align' => array(), 'char' => array(), 'charoff' => array(), 'span' => array(), 'dir' => array(), 'style' => array(), 'valign' => array(), 'width' => array()), 'del' => array('datetime' => array()), 'dd' => array(), 'details' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'open' => array(), 'style' => array(), 'xml:lang' => array()), 'div' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'dl' => array(), 'dt' => array(), 'em' => array(), 'fieldset' => array(), 'figure' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'figcaption' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'font' => array('color' => array(), 'face' => array(), 'size' => array()), 'footer' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'form' => array('action' => array(), 'accept' => array(), 'accept-charset' => array(), 'enctype' => array(), 'method' => array(), 'name' => array(), 'target' => array()), 'h1' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'h2' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'h3' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'h4' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'h5' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'h6' => array('align' => array(), 'class' => array(), 'id' => array(), 'style' => array()), 'header' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'hr' => array('align' => array(), 'class' => array(), 'noshade' => array(), 'size' => array(), 'width' => array()), 'i' => array(), 'img' => array('alt' => array(), 'align' => array(), 'border' => array(), 'class' => array(), 'height' => array(), 'hspace' => array(), 'longdesc' => array(), 'vspace' => array(), 'src' => array(), 'style' => array(), 'width' => array()), 'ins' => array('datetime' => array(), 'cite' => array()), 'kbd' => array(), 'label' => array('for' => array()), 'legend' => array('align' => array()), 'li' => array('align' => array(), 'class' => array()), 'link' => array(), 'menu' => array('class' => array(), 'style' => array(), 'type' => array()), 'meta' => array(), 'nav' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'p' => array('class' => array(), 'align' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'pre' => array('style' => array(), 'width' => array()), 'q' => array('cite' => array()), 's' => array(), 'span' => array('class' => array(), 'dir' => array(), 'align' => array(), 'lang' => array(), 'style' => array(), 'title' => array(), 'xml:lang' => array()), 'section' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'strike' => array(), 'strong' => array(), 'style' => array(), 'sub' => array(), 'summary' => array('align' => array(), 'class' => array(), 'dir' => array(), 'lang' => array(), 'style' => array(), 'xml:lang' => array()), 'sup' => array(), 'table' => array('align' => array(), 'bgcolor' => array(), 'border' => array(), 'cellpadding' => array(), 'cellspacing' => array(), 'class' => array(), 'dir' => array(), 'id' => array(), 'rules' => array(), 'style' => array(), 'summary' => array(), 'width' => array()), 'tbody' => array('align' => array(), 'char' => array(), 'charoff' => array(), 'valign' => array()), 'td' => array('abbr' => array(), 'align' => array(), 'axis' => array(), 'bgcolor' => array(), 'char' => array(), 'charoff' => array(), 'class' => array(), 'colspan' => array(), 'dir' => array(), 'headers' => array(), 'height' => array(), 'nowrap' => array(), 'rowspan' => array(), 'scope' => array(), 'style' => array(), 'valign' => array(), 'width' => array()), 'textarea' => array('cols' => array(), 'rows' => array(), 'disabled' => array(), 'name' => array(), 'readonly' => array()), 'tfoot' => array('align' => array(), 'char' => array(), 'class' => array(), 'charoff' => array(), 'valign' => array()), 'th' => array('abbr' => array(), 'align' => array(), 'axis' => array(), 'bgcolor' => array(), 'char' => array(), 'charoff' => array(), 'class' => array(), 'colspan' => array(), 'headers' => array(), 'height' => array(), 'nowrap' => array(), 'rowspan' => array(), 'scope' => array(), 'valign' => array(), 'width' => array()), 'thead' => array('align' => array(), 'char' => array(), 'charoff' => array(), 'class' => array(), 'valign' => array()), 'title' => array(), 'tr' => array('align' => array(), 'bgcolor' => array(), 'char' => array(), 'charoff' => array(), 'class' => array(), 'style' => array(), 'valign' => array()), 'tt' => array(), 'u' => array(), 'ul' => array('class' => array(), 'style' => array(), 'type' => array()), 'ol' => array('class' => array(), 'start' => array(), 'style' => array(), 'type' => array()), 'var' => array());
// virtually all option input from Weaver II can be code, and thus must not be
// content filtered. The utf8 check is about the extent of it, although even
// that is more restrictive than the standard text widget uses.
// Note: this check also works OK for simple checkboxes/radio buttons/selections,
// so it is ok to blindly pass those options in here, too.
$noslash = trim(stripslashes($text));
if ($noslash == ' ') {
return '';
}
if (current_user_can('unfiltered_html')) {
return wp_check_invalid_utf8($noslash);
} else {
if (current_user_can('add_users')) {
return wp_kses($text, $weaverii_allowedadmintags);
} else {
return stripslashes(wp_filter_post_kses(addslashes($text)));
// wp_filter_post_kses() expects slashed
}
}
}
/**
* Prints the inline JS scripts that are registered for printing, and removes them from the queue.
*/
function ci_print_inline_js()
{
global $ci_glob_inline_js;
if (empty($ci_glob_inline_js)) {
return;
}
$sanitized = array();
foreach ($ci_glob_inline_js as $handle => $script) {
$sanitized[$handle] = wp_check_invalid_utf8($script);
}
echo '<script type="text/javascript">' . "\n";
echo "\t" . 'jQuery(document).ready(function($){' . "\n";
foreach ($sanitized as $handle => $script) {
echo "\n/* --- CI Theme Inline script ({$handle}) --- */\n";
echo $script;
}
echo "\t" . '});' . "\n";
echo '</script>' . "\n";
$ci_glob_inline_js = array();
}
/**
* Print out js code in the queue
*/
function learn_press_print_script()
{
global $learn_press_queued_js, $learn_press_queued_js_tag;
if (!empty($learn_press_queued_js)) {
echo "<!-- LearnPress JavaScript -->\n<script type=\"text/javascript\">\njQuery(function(\$) {\n";
// Sanitize
$learn_press_queued_js = wp_check_invalid_utf8($learn_press_queued_js);
$learn_press_queued_js = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $learn_press_queued_js);
$learn_press_queued_js = str_replace("\r", '', $learn_press_queued_js);
echo $learn_press_queued_js . "\n});\n</script>\n";
unset($learn_press_queued_js);
}
if (!empty($learn_press_queued_js_tag)) {
echo $learn_press_queued_js_tag;
}
}
/**
* Render the slideshow js
*
* Returns the necessary markup and js to fire a slideshow.
*
* @uses $this->enqueue_scripts()
*/
function slideshow_js($attr)
{
// Enqueue scripts
$this->enqueue_scripts();
$output = '';
if (defined('JSON_HEX_AMP')) {
// This is nice to have, but not strictly necessary since we use _wp_specialchars() below
$gallery = json_encode($attr['gallery'], JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
} else {
$gallery = json_encode($attr['gallery']);
}
$output .= '<p class="jetpack-slideshow-noscript robots-nocontent">' . esc_html__('This slideshow requires JavaScript.', 'jetpack') . '</p>';
$output .= sprintf('<div id="%s" class="slideshow-window jetpack-slideshow slideshow-%s" data-trans="%s" data-autostart="%s" data-gallery="%s"></div>', esc_attr($attr['selector'] . '-slideshow'), esc_attr($attr['color']), esc_attr($attr['trans']), esc_attr($attr['autostart']), _wp_specialchars(wp_check_invalid_utf8($gallery), ENT_QUOTES, false, true));
return $output;
}
public static function esc_value_attr($text)
{
$text = wp_check_invalid_utf8($text);
$text = htmlspecialchars(htmlspecialchars_decode(htmlspecialchars_decode($text)), ENT_QUOTES);
return $text;
}
/**
* Output any queued inline JS.
*
* @access public
* @return void
*/
public function output_inline_js()
{
if ($this->_inline_js) {
echo "<!-- WooCommerce JavaScript-->\n<script type=\"text/javascript\">\njQuery(document).ready(function(\$) {";
// Sanitize
$this->_inline_js = wp_check_invalid_utf8($this->_inline_js);
$this->_inline_js = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $this->_inline_js);
$this->_inline_js = str_replace("\r", '', $this->_inline_js);
// Output
echo $this->_inline_js;
echo "});\n</script>\n";
$this->_inline_js = '';
}
}
public function index_posts($posts)
{
$body = array();
foreach ($posts as $post) {
$body[] = '{ "index": { "_id" : ' . $post->post_id . ' } }';
$body[] = addcslashes($post->to_json(), "\n");
}
return $this->put('post/_bulk', wp_check_invalid_utf8(implode("\n", $body), true) . "\n");
}
echo esc_url(wp_get_attachment_url($item->image->ID)); ?> " data-orig-size="<?php echo esc_attr($item->meta_width()); ?> ,<?php echo esc_attr($item->meta_height()); ?> " data-comments-opened="<?php echo esc_attr(comments_open($item->image->ID)); ?> " data-image-meta="<?php echo _wp_specialchars(wp_check_invalid_utf8($fuzzy_image_meta), ENT_QUOTES, false, true); ?> " data-image-title="<?php echo esc_attr(wptexturize($item->image->post_title)); ?> " data-image-description="<?php echo esc_attr(wpautop(wptexturize($item->image->post_content))); ?> " data-medium-file="<?php echo esc_url($item->medium_file()); ?> " data-large-file="<?php
// This is nice to have, but not strictly necessary since we use _wp_specialchars() below
$extra = json_encode($this->get_container_extra_data(), JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
} else {
$extra = json_encode($this->get_container_extra_data());
}
?>
<div
class="tiled-gallery type-<?php
echo $this->type;
?>
tiled-gallery-unresized"
data-original-width="<?php
echo esc_attr(Jetpack_Tiled_Gallery::get_content_width());
?>
"
<?php
if (isset($extra)) {
?>
data-carousel-extra='<?php
echo _wp_specialchars(wp_check_invalid_utf8($extra), ENT_QUOTES, false, true);
?>
'
<?php
}
?>
>
<?php
$this->template("{$this->type}-layout", $context);
?>
</div>
/**
* Output any queued javascript code in the footer.
*/
function wc_print_js()
{
global $wc_queued_js;
if (!empty($wc_queued_js)) {
echo "<!-- WooCommerce JavaScript -->\n<script type=\"text/javascript\">\njQuery(function(\$) {";
// Sanitize
$wc_queued_js = wp_check_invalid_utf8($wc_queued_js);
$wc_queued_js = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $wc_queued_js);
$wc_queued_js = str_replace("\r", '', $wc_queued_js);
echo $wc_queued_js . "});\n</script>\n";
unset($wc_queued_js);
}
}
/**
* Escaping for raw code.
*/
function ttw_esc_code($text)
{
// virtually all option input from Weaver can be code, and thus must not be
// content filtered. The utf8 check is about the extent of it, although even
// that is more restrictive than the standard text widget uses.
// Note: this check also works OK for simple checkboxes/radio buttons/selections,
// so it is ok to blindly pass those options in here, too.
return wp_check_invalid_utf8($text);
}
function _wp_json_convert_string($string)
{
static $use_mb = null;
if (is_null($use_mb)) {
$use_mb = function_exists('mb_convert_encoding');
}
if ($use_mb) {
$encoding = mb_detect_encoding($string, mb_detect_order(), true);
if ($encoding) {
return mb_convert_encoding($string, 'UTF-8', $encoding);
} else {
return mb_convert_encoding($string, 'UTF-8', 'UTF-8');
}
} else {
return wp_check_invalid_utf8($string, true);
}
}
/**
* Output any queued javascript code in the footer.
*/
function wc_print_js()
{
global $wc_queued_js;
if (!empty($wc_queued_js)) {
// Sanitize.
$wc_queued_js = wp_check_invalid_utf8($wc_queued_js);
$wc_queued_js = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", $wc_queued_js);
$wc_queued_js = str_replace("\r", '', $wc_queued_js);
$js = "<!-- WooCommerce JavaScript -->\n<script type=\"text/javascript\">\njQuery(function(\$) { {$wc_queued_js} });\n</script>\n";
/**
* woocommerce_queued_js filter.
*
* @since 2.6.0
* @param string $js JavaScript code.
*/
echo apply_filters('woocommerce_queued_js', $js);
unset($wc_queued_js);
}
}
