function tdomf_prepare_string($message, $form_id = false, $mode = "", $post_id = false, $errors = "", $post_args = array()) { global $current_user; if ($post_id !== false) { $post =& get_post($post_id); // "post_date" is now only updated when a post is published // so now submission date is captured in a custom field // Failing that, go back to the old method of post_modified // if ($post->post_status == 'publish' || $post->post_status == 'future') { $submission_date = mysql2date(get_option('date_format'), $post->post_date_gmt); $submission_time = mysql2date(get_option('time_format'), $post->post_date_gmt); } else { if (get_post_meta($post_id, TDOMF_KEY_SUBMISSION_DATE_GMT, true)) { $date = get_post_meta($post_id, TDOMF_KEY_SUBMISSION_DATE_GMT, true); $submission_date = mysql2date(get_option('date_format'), $date); $submission_time = mysql2date(get_option('time_format'), $date); } else { $submission_date = mysql2date(get_option('date_format'), $post->post_modified_gmt); $submission_time = mysql2date(get_option('time_format'), $post->post_modified_gmt); } } // url, date and time are safe but title is not: scrub $patterns = array('/' . TDOMF_MACRO_SUBMISSIONURL . '/', '/' . TDOMF_MACRO_SUBMISSIONDATE . '/', '/' . TDOMF_MACRO_SUBMISSIONTIME . '/', '/' . TDOMF_MACRO_SUBMISSIONTITLE . '/'); $replacements = array(get_permalink($post_id), $submission_date, $submission_time, tdomf_protect_input($post->post_title)); $message = preg_replace($patterns, $replacements, $message); } if (!empty($errors)) { $message = preg_replace('/' . TDOMF_MACRO_SUBMISSIONERRORS . '/', $errors, $message); } if (is_user_logged_in()) { get_currentuserinfo(); // might not be safe $message = preg_replace('/' . TDOMF_MACRO_USERNAME . '/', tdomf_protect_input($current_user->display_name), $message); } else { if ($post_id !== false) { // may not be safe at all $message = preg_replace('/' . TDOMF_MACRO_USERNAME . '/', tdomf_protect_input(get_post_meta($post_id, TDOMF_KEY_NAME, true)), $message); } else { $message = preg_replace('/' . TDOMF_MACRO_USERNAME . '/', __("Unregistered", "tdomf"), $message); } } $message = preg_replace('/' . TDOMF_MACRO_IP . '/', $_SERVER['REMOTE_ADDR'], $message); if ($form_id !== false) { // these macros are inputed by form admin so are considered safe $patterns = array('/' . TDOMF_MACRO_FORMURL . '/', '/' . TDOMF_MACRO_FORMID . '/', '/' . TDOMF_MACRO_FORMNAME . '/', '/' . TDOMF_MACRO_FORMDESCRIPTION . '/'); $replacements = array($_SERVER['REQUEST_URI'] . '#tdomf_form' . $form_id, $form_id, tdomf_get_option_form(TDOMF_OPTION_NAME, $form_id), tdomf_get_option_form(TDOMF_OPTION_DESCRIPTION, $form_id)); $message = preg_replace($patterns, $replacements, $message); } // A lot of people use the ID uppercase format $post_ID = $post_id; // execute any PHP code in the message ob_start(); extract($post_args, EXTR_PREFIX_INVALID, "tdomf_"); $message = @eval("?>" . $message); $message = ob_get_contents(); ob_end_clean(); return $message; }
/** * Process form input for widget * * @access public * @return Mixed */ function post($args, $options) { extract($args); // if sumbitting a new post (as opposed to editing) // make sure to *append* to post_content. For editing, overwrite. // if (TDOMF_Widget::isSubmitForm($mode)) { // Grab existing data $post = wp_get_single_post($post_ID, ARRAY_A); if (!empty($post['post_content'])) { $post = add_magic_quotes($post); } // Append $post_content = $post['post_content']; $post_content .= $this->textarea->post($args, $options, 'content_content'); } else { // $mode startswith "edit-" // Overwrite $post_content = $this->textarea->post($args, $options, 'content_content'); } // Title if ($options['title-enable']) { $content_title = tdomf_protect_input($this->textfield->post($args, $options, 'content_title')); } // Update actual post $post = array("ID" => $post_ID, "post_content" => $post_content); if ($options['title-enable']) { $post["post_title"] = $content_title; $post["post_name"] = sanitize_title($content_title); } $post_ID = wp_update_post($post); return NULL; }
/** * Process form input for widget * * @access public * @return Mixed */ function post($args, $options) { global $current_user; get_currentuserinfo(); extract($args); // if sumbitting a new post (as opposed to editing) // make sure to *append* to post_content. For editing, overwrite. // if (TDOMF_Widget::isEditForm($mode)) { $edit_data = tdomf_get_data_edit($edit_id); if (isset($whoami_name)) { $edit_data[TDOMF_KEY_NAME] = tdomf_protect_input($whoami_name); } else { $whoami_name = ""; } if (isset($whoami_webpage)) { $edit_data[TDOMF_KEY_WEB] = $whoami_webpage; } else { $whoami_webpage = ""; } if (isset($whoami_email)) { $edit_data[TDOMF_KEY_EMAIL] = $whoami_email; } else { $whoami_email = ""; } if (is_user_logged_in()) { if ($current_user->ID != get_option(TDOMF_DEFAULT_AUTHOR)) { $edit_data[TDOMF_KEY_USER_ID] = $current_user->ID; $edit_data[TDOMF_KEY_USER_NAME] = $current_user->user_login; $edit_data[TDOMF_KEY_NAME] = $current_user->display_name; $edit_data[TDOMF_KEY_EMAIL] = $current_user->user_email; $edit_data[TDOMF_KEY_WEB] = $current_user->user_url; update_usermeta($current_user->ID, TDOMF_KEY_FLAG, true); } } tdomf_set_data_edit($edit_data, $edit_id); } else { if (isset($whoami_name)) { add_post_meta($post_ID, TDOMF_KEY_NAME, tdomf_protect_input($whoami_name), true); } else { $whoami_name = ""; } if (isset($whoami_webpage)) { add_post_meta($post_ID, TDOMF_KEY_WEB, $whoami_webpage, true); } else { $whoami_webpage = ""; } if (isset($whoami_email)) { add_post_meta($post_ID, TDOMF_KEY_EMAIL, $whoami_email, true); } else { $whoami_email = ""; } if (is_user_logged_in()) { if ($current_user->ID != get_option(TDOMF_DEFAULT_AUTHOR)) { add_post_meta($post_ID, TDOMF_KEY_USER_ID, $current_user->ID, true); add_post_meta($post_ID, TDOMF_KEY_USER_NAME, $current_user->user_login, true); add_post_meta($post_ID, TDOMF_KEY_NAME, $current_user->display_name, true); add_post_meta($post_ID, TDOMF_KEY_EMAIL, $current_user->user_email, true); add_post_meta($post_ID, TDOMF_KEY_WEB, $current_user->user_url, true); update_usermeta($current_user->ID, TDOMF_KEY_FLAG, true); } } } TDOMF_WidgetWhoami::tdomf_widget_whoami_store_cookies(tdomf_protect_input($whoami_name), $whoami_email, $whoami_webpage); return NULL; }
/** * Format the custom field as per the options set by user * * @return String */ function format($value, $options) { // boolean is a special case: false turns to '' using strval if (is_bool($value)) { $value = $value ? __('true', 'tdomf') : __('false', 'tdomf'); } else { $value = strval($value); } if ($value != '0' && (empty($value) || trim($value) == "")) { return ""; } $title = $options['title']; $key = $options['key']; $output = $options['format']; $patterns = array('/%%TITLE%%/', '/%%VALUE%%/', '/%%KEY%%/'); $replacements = array($title, tdomf_protect_input($value), $key); $output = preg_replace($patterns, $replacements, $output); return $output; }