/**
* {@internal Missing Short Description}}
*
* @since 2.5.0
*
* @param unknown_type $entry
* @param unknown_type $count
* @return unknown
*/
function file_gallery_list_meta_row($entry, &$count)
{
static $update_nonce = false;
if (is_protected_meta($entry['meta_key'], 'post')) {
return;
}
if (!$update_nonce) {
$update_nonce = wp_create_nonce('add-meta');
}
$r = '';
++$count;
if ($count % 2) {
$style = 'alternate';
} else {
$style = '';
}
if (is_serialized($entry['meta_value'])) {
if (is_serialized_string($entry['meta_value'])) {
// this is a serialized string, so we should display it
$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
} else {
// this is a serialized array/object so we should NOT display it
--$count;
return;
}
}
$entry['meta_key'] = esc_attr($entry['meta_key']);
$entry['meta_value'] = esc_textarea($entry['meta_value']);
// using a <textarea />
$entry['meta_id'] = (int) $entry['meta_id'];
$delete_nonce = wp_create_nonce('delete-meta_' . $entry['meta_id']);
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='{$style}'>";
$r .= "\n\t\t<td class='left'><label class='screen-reader-text' for='meta[{$entry['meta_id']}][key]'>" . __('Key') . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' type='text' size='20' value='{$entry['meta_key']}' />";
$r .= "\n\t\t<div class='submit'>";
$r .= get_submit_button(__('Delete'), 'deletemeta small', "deletemeta[{$entry['meta_id']}]", false, array('data-wp-lists' => "delete:attachment-the-list:meta-{$entry['meta_id']}::_ajax_nonce={$delete_nonce}"));
$r .= "\n\t\t";
$r .= get_submit_button(__('Update'), 'updatemeta small', "meta-{$entry['meta_id']}-submit", false, array('data-wp-lists' => "add:attachment-the-list:meta-{$entry['meta_id']}::_ajax_nonce-add-meta={$update_nonce}"));
$r .= "</div>";
$r .= wp_nonce_field('change-meta', '_ajax_nonce', false, false);
$r .= "</td>";
$r .= "\n\t\t<td><label class='screen-reader-text' for='meta[{$entry['meta_id']}][value]'>" . __('Value') . "</label><textarea name='meta[{$entry['meta_id']}][value]' id='meta[{$entry['meta_id']}][value]' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>\n\t</tr>";
return $r;
}
/**
* {@internal Missing Short Description}}
*
* @since unknown
*
* @param unknown_type $entry
* @param unknown_type $count
* @return unknown
*/
function _list_meta_row( $entry, &$count ) {
static $update_nonce = false;
if ( !$update_nonce )
$update_nonce = wp_create_nonce( 'add-meta' );
$r = '';
++ $count;
if ( $count % 2 )
$style = 'alternate';
else
$style = '';
if ('_' == $entry['meta_key'] { 0 } )
$style .= ' hidden';
if ( is_serialized( $entry['meta_value'] ) ) {
if ( is_serialized_string( $entry['meta_value'] ) ) {
// this is a serialized string, so we should display it
$entry['meta_value'] = maybe_unserialize( $entry['meta_value'] );
} else {
// this is a serialized array/object so we should NOT display it
--$count;
return;
}
}
$entry['meta_key'] = attribute_escape($entry['meta_key']);
$entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
$entry['meta_id'] = (int) $entry['meta_id'];
$delete_nonce = wp_create_nonce( 'delete-meta_' . $entry['meta_id'] );
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
$r .= "\n\t\t<td class='left'><label class='hidden' for='meta[{$entry['meta_id']}][key]'>" . __( 'Key' ) . "</label><input name='meta[{$entry['meta_id']}][key]' id='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' />";
$r .= "\n\t\t<div class='submit'><input name='deletemeta[{$entry['meta_id']}]' type='submit' ";
$r .= "class='delete:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$delete_nonce deletemeta' tabindex='6' value='".attribute_escape(__( 'Delete' ))."' />";
$r .= "\n\t\t<input name='updatemeta' type='submit' tabindex='6' value='".attribute_escape(__( 'Update' ))."' class='add:the-list:meta-{$entry['meta_id']}::_ajax_nonce=$update_nonce updatemeta' /></div>";
$r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false );
$r .= "</td>";
$r .= "\n\t\t<td><label class='hidden' for='meta[{$entry['meta_id']}][value]'>" . __( 'Value' ) . "</label><textarea name='meta[{$entry['meta_id']}][value]' id='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>\n\t</tr>";
return $r;
}
/**
* Prepares meta data for return as an object.
*
* @param stdClass $data Metadata row from database
* @param WP_REST_Request $request
* @param boolean $is_raw Is the value field still serialized? (False indicates the value has been unserialized)
* @return WP_REST_Response|WP_Error Meta object data on success, WP_Error otherwise
*/
public function prepare_item_for_response($data, $request, $is_raw = false)
{
$id_column = $this->get_id_column();
$id = $data->{$id_column};
$key = $data->meta_key;
$value = $data->meta_value;
// Don't expose protected fields.
if (is_protected_meta($key)) {
return new WP_Error('rest_meta_protected', sprintf(__('%s is marked as a protected field.'), $key), array('status' => 403));
}
// Normalize serialized strings
if ($is_raw && is_serialized_string($value)) {
$value = unserialize($value);
}
// Don't expose serialized data
if (is_serialized($value) || !is_string($value)) {
return new WP_Error('rest_meta_protected', sprintf(__('%s contains serialized data.'), $key), array('status' => 403));
}
$meta = array('id' => (int) $id, 'key' => $key, 'value' => $value);
$response = rest_ensure_response($meta);
$parent_column = $this->get_parent_column();
$response->add_link('about', rest_url('wp/' . $this->parent_base . '/' . $data->{$parent_column}), array('embeddable' => true));
/**
* Filter a meta value returned from the API.
*
* Allows modification of the meta value right before it is returned.
*
* @param array $response Key value array of meta data: id, key, value.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters('rest_prepare_meta_value', $response, $request);
}
function get_post_meta_by_id( $mid ) {
global $wpdb;
$mid = (int) $mid;
$meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
if ( is_serialized_string( $meta->meta_value ) )
$meta->meta_value = maybe_unserialize( $meta->meta_value );
return $meta;
}
}
$xtpl = new XTemplate($op . '.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
$xtpl->assign('LANG', $lang_module);
$xtpl->assign('REQUEST', $request);
$xtpl->assign('NV_BASE_ADMINURL', NV_BASE_ADMINURL);
$xtpl->assign('NV_LANG_VARIABLE', NV_LANG_VARIABLE);
$xtpl->assign('NV_LANG_DATA', NV_LANG_DATA);
$xtpl->assign('NV_NAME_VARIABLE', NV_NAME_VARIABLE);
$xtpl->assign('MODULE_NAME', $module_name);
$NV_Http = new NukeViet\Http\Http($global_config, NV_TEMP_DIR);
$stored_cookies = nv_get_cookies();
// Debug
$args = array('headers' => array('Referer' => NUKEVIET_STORE_APIURL), 'cookies' => $stored_cookies, 'body' => $request);
$array = $NV_Http->post(NUKEVIET_STORE_APIURL, $args);
$cookies = $array['cookies'];
$array = !empty($array['body']) ? is_serialized_string($array['body']) ? unserialize($array['body']) : array() : array();
$error = '';
if (!empty(NukeViet\Http\Http::$error)) {
$error = nv_http_get_lang(NukeViet\Http\Http::$error);
} elseif (empty($array['status']) or !isset($array['error']) or !isset($array['data']) or !isset($array['pagination']) or !is_array($array['error']) or !is_array($array['data']) or !is_array($array['pagination']) or !empty($array['error']) and (!isset($array['error']['level']) or empty($array['error']['message']))) {
$error = $lang_global['error_valid_response'];
} elseif (!empty($array['error']['message'])) {
$error = $array['error']['message'];
}
// Show error
if (!empty($error)) {
$xtpl->assign('ERROR', $error);
$xtpl->parse('main.error');
} elseif ($array['status'] == 'notlogin') {
$xtpl->assign('LOGIN_NOTE', sprintf($lang_module['login_require'], NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=login&redirect=' . nv_redirect_encrypt($client_info['selfurl'])));
$xtpl->parse('main.login');
* Check whether serialized data is of string type.
*
* @since 2.0.5
*
* @param mixed $data Serialized data
* @return bool False if not a serialized string, true if it is.
*/
function is_serialized_string($data)
{
// if it isn't a string, it isn't a serialized string
if (!is_string($data)) {
return false;
}
//$data = trim( $data );
$length = strlen($data);
if ($length < 4) {
return false;
} elseif (':' !== $data[1]) {
return false;
} elseif (';' !== $data[$length - 1]) {
return false;
} elseif ($data[0] !== 's') {
return false;
} elseif ('"' !== $data[$length - 2]) {
return false;
} else {
return true;
}
}
$result = is_serialized_string(user_input());
label("after-call");
/**
* Prepares meta data for return as an object.
*
* @param stdClass $data Metadata row from database
* @param WP_REST_Request $request
* @param boolean $is_raw Is the value field still serialized? (False indicates the value has been unserialized)
* @return WP_REST_Response|WP_Error Meta object data on success, WP_Error otherwise
*/
public function prepare_item_for_response($data, $request, $is_raw = false)
{
$id_column = $this->get_id_column();
$id = $data->{$id_column};
$key = $data->meta_key;
$value = $data->meta_value;
// Don't expose protected fields.
if (is_protected_meta($key)) {
return new WP_Error('rest_meta_protected', sprintf(__('%s is marked as a protected field.'), $key), array('status' => 403));
}
// Normalize serialized strings
if ($is_raw && is_serialized_string($value)) {
$value = unserialize($value);
}
// Don't expose serialized data
if (is_serialized($value) || !is_string($value)) {
return new WP_Error('rest_meta_protected', sprintf(__('%s contains serialized data.'), $key), array('status' => 403));
}
$meta = array('id' => (int) $id, 'key' => $key, 'value' => $value);
$response = rest_ensure_response($meta);
$parent_column = $this->get_parent_column();
$response->add_link('about', rest_url('wp/' . $this->parent_base . '/' . $data->{$parent_column}), array('embeddable' => true));
return apply_filters('rest_prepare_meta_value', $response, $request);
}
function list_meta($meta)
{
global $post_ID;
// Exit if no meta
if (!$meta) {
return;
}
$count = 0;
?>
<table id='meta-list' cellpadding="3">
<tr>
<th><?php
_e('Key');
?>
</th>
<th><?php
_e('Value');
?>
</th>
<th colspan='2'><?php
_e('Action');
?>
</th>
</tr>
<?php
foreach ($meta as $entry) {
++$count;
if ($count % 2) {
$style = 'alternate';
} else {
$style = '';
}
if ('_' == $entry['meta_key'][0]) {
$style .= ' hidden';
}
if (is_serialized($entry['meta_value'])) {
if (is_serialized_string($entry['meta_value'])) {
// this is a serialized string, so we should display it
$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
} else {
// this is a serialized array/object so we should NOT display it
--$count;
continue;
}
}
$entry['meta_key'] = attribute_escape($entry['meta_key']);
$entry['meta_value'] = attribute_escape($entry['meta_value']);
$entry['meta_id'] = (int) $entry['meta_id'];
echo "\n\t\t\t<tr class='{$style}'>\n\t\t\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>\n\t\t\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>\n\t\t\t\t<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='" . attribute_escape(__('Update')) . "' /><br />\n\t\t\t\t<input name='deletemeta[{$entry['meta_id']}]' type='submit' class='deletemeta' tabindex='6' value='" . attribute_escape(__('Delete')) . "' /></td>\n\t\t\t</tr>\n\t\t";
}
echo "\n\t\t</table>\n\t";
}
protected static function unpack_variable($variable)
{
if (is_string($variable) && is_serialized_string($variable)) {
$variable = unserialize($variable);
} else {
if (is_string($variable) && self::is_json($variable)) {
$variable = json_decode($variable);
}
}
return $variable;
}
<?php
/**
* @Project NUKEVIET 4.x
* @Author VINADES.,JSC (contact@vinades.vn)
* @Copyright (C) 2014 VINADES.,JSC. All rights reserved
* @License GNU/GPL version 2 or any later version
* @Createdate 2-1-2010 22:5
*/
if (!defined('NV_IS_FILE_EXTENSIONS')) {
die('Stop!!!');
}
$contents = '';
$array = $nv_Request->get_string('data', 'post', '');
$array = $array ? nv_base64_decode($array) : '';
if ($array and is_serialized_string($array)) {
$array = @unserialize($array);
} else {
$array = array();
}
$request = array();
$request['id'] = isset($array['id']) ? intval($array['id']) : 0;
$request['fid'] = isset($array['compatible']['id']) ? intval($array['compatible']['id']) : 0;
// Fixed request
$request['lang'] = NV_LANG_INTERFACE;
$request['basever'] = $global_config['version'];
$request['mode'] = 'download';
if (empty($request['id']) or empty($request['fid']) or !isset($array['tid'])) {
$contents = "ERR|" . $lang_module['download_error_preparam'];
} else {
$filename = NV_TEMPNAM_PREFIX . 'auto_' . md5($global_config['sitekey'] . session_id()) . '.zip';
</table>
<h3><?php
printf(__('Blog options (wp_%s_options)'), $id);
?>
</h3>
<table class="form-table">
<?php
$editblog_default_role = 'subscriber';
foreach ($options as $key => $val) {
if ($val['option_name'] == 'default_role') {
$editblog_default_role = $val['option_value'];
}
$disabled = '';
if (is_serialized($val['option_value'])) {
if (is_serialized_string($val['option_value'])) {
$val['option_value'] = wp_specialchars(maybe_unserialize($val['option_value']), 'single');
} else {
$val['option_value'] = "SERIALIZED DATA";
$disabled = ' disabled="disabled"';
}
}
if (stristr($val['option_value'], "\r") || stristr($val['option_value'], "\n") || stristr($val['option_value'], "\r\n")) {
?>
<tr class="form-field">
<th scope="row"><?php
echo ucwords(str_replace("_", " ", $val['option_name']));
?>
</th>
<td><textarea rows="5" cols="40" name="option[<?php
echo $val['option_name'];
/**
* member_id 会员id
platform_id 第三方平台会员id char
nick_name 昵称
type 会员类型
type_name 会员类型名称
avatar_url 头像地址
bind_time 绑定时间
bind_ip 绑定ip
* Enter description here ...
*/
public function bind()
{
$memberUpdataField = array();
//主表修改字段
$member_id = intval($this->user['user_id']);
if (!$member_id) {
$this->errorOutput(USER_NO_LOGIN);
}
$platform_id = trim($this->input['platform_id']);
$password = $this->input['password'] ? trim($this->input['password']) : '';
$type = trim($this->input['type']);
$platformInfo = $this->Members->get_platform_name($type);
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
if (in_array($type, array('m2o', 'uc')) || empty($platformInfo)) {
$this->errorOutput(BIND_MEMBER_TYPE_ERROR);
} else {
if (!$platformInfo['status']) {
$this->errorOutput(BIND_MEMBER_TYPE_CLOSE);
}
}
$type_name = $platformInfo['name'];
$device_token = $this->Members->check_device_token(trim($this->input['device_token']));
$udid = $this->Members->check_udid(trim($this->input['uuid']));
//唯一设备号
if ($device_token === 0) {
$this->errorOutput(ERROR_DEVICE_TOKEN);
}
if ($udid === 0) {
$this->errorOutput(ERROR_UDID);
}
$avatar_url = trim($this->input['avatar_url']);
$ip = hg_getip();
//验证会员是否存在
$condition = " AND m.member_id=" . $member_id;
$left_join = 'LEFT JOIN ' . DB_PREFIX . 'member_bind as mb ON m.member_id=mb.member_id AND m.type=mb.type';
$ret_member = $this->mMember->get_member_info($condition, 'm.*,mb.nick_name', $left_join, 0);
$ret_member = $ret_member[0];
if (empty($ret_member)) {
$this->errorOutput(NO_MEMBER);
}
$callback_sql = '';
if (!empty($ret_member['nick_name'])) {
$nick_name = $ret_member['nick_name'];
} else {
$nick_name = $platform_id;
}
if (empty($avatar_url)) {
$avatar = array('host' => '', 'dir' => '', 'filepath' => '', 'filename' => '');
if (is_serialized_string($ret_member['avatar'])) {
$avatar = unserialize($ret_member['avatar']);
}
$avatar_url = $avatar['host'] . $avatar['dir'] . $avatar['filepath'] . $avatar['filename'];
} else {
$avatar_url = trim($this->input['avatar_url']);
}
if (hg_check_email_format($platform_id)) {
$sql = 'SELECT platform_id FROM ' . DB_PREFIX . 'member_bind WHERE platform_id="' . $platform_id . '" AND identifier=' . $identifier;
$result = $this->db->query_first($sql);
if ($result) {
$this->errorOutput(EMAIL_HAS_BINDED);
}
if (defined(BIND_EMAIL_NEED_VERIFYCODE)) {
$email_verifycode = trim($this->input['email_verifycode']);
if (!$email_verifycode) {
$this->errorOutput(VERIFY_NULL);
}
if ($this->memberverifycode->get_verifycode_info($platform_id, $email_verifycode, 1, $action = 1)) {
//验证成功之后删除
$this->memberverifycode->verifycode_delete($platform_id, $email_verifycode, 1, $action = 1);
} else {
$this->errorOutput(VERIFY_FAILED);
}
}
$type = 'email';
$type_name = '邮箱';
} elseif (hg_verify_mobile($platform_id)) {
$type = 'shouji';
$type_name = '手机';
}
$need_password_type = array('shouji', 'm2o', 'email');
if (in_array($type, $need_password_type) && $password) {
//随机串
$salt = hg_generate_salt();
//密码md5
$md5_password = md5(md5($password) . $salt);
$memberUpdataField['password'] = $md5_password;
$memberUpdataField['salt'] = $salt;
} elseif (in_array($type, $need_password_type) && empty($ret_member['password'])) {
$this->errorOutput(NO_PASSWORD);
//如果绑定类型为手机,M2O,email,但是主表未设置密码,则需要设置密码
}
if (!$member_id) {
$this->errorOutput(NO_MEMBER_ID);
}
if (!$platform_id) {
$this->errorOutput(NO_EXTERNAL_MEMBER_ID);
}
if (!$nick_name) {
$this->errorOutput(NO_NICKNAME);
}
if (!$type) {
$this->errorOutput(NO_EXTERNAL_TYPE);
}
//验证手机验证码
if ($type == 'shouji') {
$mobile_verifycode = trim($this->input['mobile_verifycode']);
if (!$mobile_verifycode) {
$this->errorOutput(MOBILE_NOT_VERIFY);
}
$mobile = $platform_id;
//简单验证手机号格式
if (!hg_verify_mobile($mobile)) {
$this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR);
}
//验证码
$verifycode = $this->mSmsServer->get_verifycode_info($mobile, $mobile_verifycode);
if (empty($verifycode)) {
$this->errorOutput(VERIFY_FAILED);
}
//删除验证码
$this->mSmsServer->mobile_verifycode_delete($mobile, $mobile_verifycode);
if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) {
$this->errorOutput(VERIFY_EXPIRED);
}
}
$condition = " AND mb.platform_id = '" . $platform_id . "' AND mb.type = '" . $type . "' AND mb.identifier=" . $identifier;
$_bind = $this->mMember->get_bind_info($condition);
if ($_bind[0] && $member_id != $_bind[0]['member_id']) {
$this->errorOutput(ACCOUNT_BIND);
//验证此账户类型是否已被其他用户绑定
}
$condition = " AND mb.member_id = '" . $member_id . "' AND mb.type = '" . $type . "' AND mb.identifier=" . $identifier;
$bind = $this->mMember->get_bind_info($condition);
$bind = $bind[0];
if ($bind) {
$this->errorOutput(BIND_TYPE_EXISTS);
//强制用户解除已有该类型绑定,防止原先绑定信息未经验证被串改!
}
$avatar_array = $this->mMember->update_avatar($avatar_url, $bind, $member_id);
if ($avatar_array && is_array($avatar_array)) {
$sql = 'UPDATE ' . DB_PREFIX . 'member SET avatar =\'' . daddslashes(serialize($avatar_array)) . '\' WHERE member_id=' . intval($member_id);
$this->db->query($sql);
}
$bind_data = array('member_id' => $member_id, 'platform_id' => $platform_id, 'nick_name' => $nick_name, 'type' => $type, 'type_name' => $type_name, 'avatar_url' => $avatar_url, 'identifier' => $identifier, 'reg_device_token' => $device_token, 'reg_udid' => $udid);
if (empty($bind)) {
$checkBind = new check_Bind();
$isUc = 0;
$isUc = $checkBind->check_Bind($member_id, 'uc');
if (empty($isUc)) {
$isUc = $checkBind->check_uc($member_id);
if ($isUc) {
$bind_data['inuc'] = $isUc;
}
}
//新增绑定表
$bind_data['bind_time'] = TIMENOW;
$bind_data['bind_ip'] = $ip;
$ret_bind = $this->mMember->bind_create($bind_data);
if (empty($ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
} else {
//更新绑定表
$ret_bind = $this->mMember->bind_update($bind_data);
if (empty($ret_bind)) {
$this->errorOutput(BIND_DATA_UPDATE_FAILED);
}
}
if ($type == 'shouji') {
$memberUpdataField['mobile'] = $platform_id;
} elseif ($type == 'email') {
$memberUpdataField['email'] = $platform_id;
}
if ($ret_member['type'] == 'email' || $ret_member['type'] == 'shouji') {
$memberUpdataField['member_name'] = $platform_id;
}
$return = array('member_id' => $member_id, 'member_name' => in_array($ret_member['member_name'], array('m2o', 'uc')) ? $ret_member['member_name'] : $platform_id, 'type' => $type, 'nick_name' => $nick_name, 'is_exist_password' => $ret_member['password'] ? 1 : 0);
if ($memberUpdataField && $this->mMember->update($memberUpdataField, array('member_id' => $member_id))) {
if ($this->settings['ucenter']['open']) {
if ($ret_member['type'] == 'm2o' && $type == 'email') {
$this->mMember->uc_user_edit($ret_member['member_name'], '', $password, $platform_id, 1);
}
}
}
$this->addItem($return);
$this->output();
}
/**
* @since 1.6.3
*
* @param $entry
* @param string $meta_type
*
* @return string|void
*/
function _list_meta_item($entry, $meta_type = 'gmedia')
{
if (is_serialized($entry['meta_value'])) {
if (is_serialized_string($entry['meta_value'])) {
// This is a serialized string, so we should display it.
$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
} else {
// This is a serialized array/object so we should NOT display it.
return;
}
}
$entry['meta_key'] = esc_attr($entry['meta_key']);
$entry['meta_value'] = esc_textarea($entry['meta_value']);
// using a <textarea />
$entry['meta_id'] = (int) $entry['meta_id'];
$colsm = 'gmedia' == $meta_type ? 6 : 4;
//$delete_nonce = wp_create_nonce( 'gmedia_custom_field', '_customfield_nonce' );
$item = '
<div class="form-group col-sm-' . $colsm . ' gm-custom-meta-' . $entry['meta_id'] . '">
<span class="delete-custom-field glyphicon glyphicon-remove pull-right text-danger"></span>
<label>' . $entry['meta_key'] . '</label>
<textarea name="meta[' . $entry['meta_id'] . ']" class="gmedia-custom-field gm-custom-field-' . $entry['meta_id'] . ' vert form-control input-sm" style="height:30px;" placeholder="' . __('Value', 'grand-media') . '" rows="1" cols="30">' . $entry['meta_value'] . '</textarea>
</div>
';
return $item;
}
function nebula_initialization_email_prev_settings()
{
$email_admin_timeout = get_transient('nebula_email_admin_timeout');
if (!empty($email_admin_timeout) || !nebula_is_initialized_before()) {
return;
}
global $wpdb;
$current_user = wp_get_current_user();
$to = $current_user->user_email;
$headers[] = 'From: ' . get_bloginfo('name');
//Carbon copy the admin if reset was done by another user.
$admin_user_email = get_option('nebula_contact_email', get_option('admin_email'));
if ($admin_user_email != $current_user->user_email) {
$headers[] = 'Cc: ' . $admin_user_email;
}
$subject = 'Wordpress theme settings reset for ' . get_bloginfo('name');
$message = '<p>Wordpress theme settings have been reset for <strong>' . get_bloginfo('name') . '</strong> by <strong>' . $current_user->display_name . ' <' . $current_user->user_email . '></strong> on <strong>' . date('F j, Y') . '</strong> at <strong> ' . date('g:ia') . '</strong>.</p><p>Below is a record of the previous settings prior to the reset for backup purposes:</p>';
$message .= '<table style="width: 100%;>';
$options = $wpdb->get_results("SELECT * FROM {$wpdb->options} ORDER BY option_name");
foreach ($options as $option) {
if ($option->option_name != '') {
if (is_serialized($option->option_value)) {
if (is_serialized_string($option->option_value)) {
$value = maybe_unserialize($option->option_value);
$options_to_update[] = $option->option_name;
} else {
$value = 'SERIALIZED DATA';
}
} else {
$value = $option->option_value;
$options_to_update[] = $option->option_name;
}
$message .= '<tr><td style="width: 40%; min-width: 330px;">';
if (strpos(esc_html($option->option_name), 'nebula') !== false) {
$message .= '<strong style="color: #0098d7;">' . esc_html($option->option_name) . '</strong>';
} else {
$message .= '<strong>' . esc_html($option->option_name) . '</strong>';
}
$message .= '</td><td style="width: 60%;">';
if (strpos($value, "\n") !== false) {
$message .= '<textarea rows="5" style="width: 95%; resize: vertical;">' . esc_textarea($value) . '</textarea>';
} else {
$message .= '<input type="text" value="' . esc_attr($value) . '" style="width: 95%;" />';
}
$message .= '</td></tr>';
}
}
$message .= '</table>';
//Set the content type to text/html for the email. Don't forget to reset after wp_mail()!
add_filter('wp_mail_content_type', 'set_html_content_type');
function set_html_content_type()
{
return 'text/html';
}
wp_mail($to, $subject, $message, $headers);
remove_filter('wp_mail_content_type', 'set_html_content_type');
//This resets the content type for the email.
set_transient('nebula_email_admin_timeout', 'true', 60 * 15);
//15 minute expiration
}
_e('Add meta', 'woocommerce');
?>
</button></td>
</tr>
</tfoot>
<tbody class="meta_items">
<?php
if ($metadata = $order->has_meta($item_id)) {
foreach ($metadata as $meta) {
// Skip hidden core fields
if (in_array($meta['meta_key'], apply_filters('woocommerce_hidden_order_itemmeta', array('_qty', '_tax_class', '_product_id', '_variation_id', '_line_subtotal', '_line_subtotal_tax', '_line_total', '_line_tax')))) {
continue;
}
// Handle serialised fields
if (is_serialized($meta['meta_value'])) {
if (is_serialized_string($meta['meta_value'])) {
// this is a serialized string, so we should display it
$meta['meta_value'] = maybe_unserialize($meta['meta_value']);
} else {
continue;
}
}
$meta['meta_key'] = esc_attr($meta['meta_key']);
$meta['meta_value'] = esc_textarea($meta['meta_value']);
// using a <textarea />
$meta['meta_id'] = (int) $meta['meta_id'];
echo '<tr data-meta_id="' . $meta['meta_id'] . '">
<td><input type="text" name="meta_key[' . $meta['meta_id'] . ']" value="' . $meta['meta_key'] . '" /></td>
<td><input type="text" name="meta_value[' . $meta['meta_id'] . ']" value="' . $meta['meta_value'] . '" /></td>
<td width="1%"><button class="remove_order_item_meta button">×</button></td>
</tr>';
function list_meta($meta)
{
global $post_ID;
// Exit if no meta
if (!$meta) {
echo '<tbody id="the-list"><tr style="display: none;"><td> </td></tr></tbody>';
//TBODY needed for list-manipulation JS
return;
}
$count = 0;
?>
<thead>
<tr>
<th><?php
_e('Key');
?>
</th>
<th><?php
_e('Value');
?>
</th>
<th colspan='2'><?php
_e('Action');
?>
</th>
</tr>
</thead>
<?php
$r = "\n\t<tbody id='the-list'>";
foreach ($meta as $entry) {
++$count;
if ($count % 2) {
$style = 'alternate';
} else {
$style = '';
}
if ('_' == $entry['meta_key'][0]) {
$style .= ' hidden';
}
if (is_serialized($entry['meta_value'])) {
if (is_serialized_string($entry['meta_value'])) {
// this is a serialized string, so we should display it
$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
} else {
// this is a serialized array/object so we should NOT display it
--$count;
continue;
}
}
$key_js = js_escape($entry['meta_key']);
$entry['meta_key'] = attribute_escape($entry['meta_key']);
$entry['meta_value'] = attribute_escape($entry['meta_value']);
$entry['meta_id'] = (int) $entry['meta_id'];
$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='{$style}'>";
$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
$r .= "\n\t\t<td align='center'><input name='updatemeta' type='submit' class='updatemeta' tabindex='6' value='" . attribute_escape(__('Update')) . "' /><br />";
$r .= "\n\t\t<input name='deletemeta[{$entry['meta_id']}]' type='submit' onclick=\"return deleteSomething( 'meta', {$entry['meta_id']}, '";
$r .= js_escape(sprintf(__("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop."), $key_js));
$r .= "' );\" class='deletemeta' tabindex='6' value='" . attribute_escape(__('Delete')) . "' /></td>";
$r .= "\n\t</tr>";
}
echo $r;
echo "\n\t</tbody>";
}
/**
* {@internal Missing Short Description}}
*
* @since unknown
*
* @param unknown_type $mid
* @return unknown
*/
function get_post_meta_by_id($mid)
{
global $wpdb;
$mid = (int) $mid;
$meta = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->postmeta} WHERE meta_id = %d", $mid));
if (is_serialized_string($meta->meta_value)) {
$meta->meta_value = maybe_unserialize($meta->meta_value);
}
return $meta;
}
/**
* @dataProvider data_is_serialized_string
*/
public function test_is_serialized_string($value, $result)
{
$this->assertSame(is_serialized_string($value), $result);
}
<form name="form" action="options.php" method="post" id="all-options">
<?php
wp_nonce_field('options-options');
?>
<input type="hidden" name="action" value="update" />
<input type='hidden' name='option_page' value='options' />
<table class="form-table">
<?php
$options = $wpdb->get_results("SELECT * FROM {$wpdb->options} ORDER BY option_name");
foreach ((array) $options as $option) {
$disabled = false;
if ($option->option_name == '') {
continue;
}
if (is_serialized($option->option_value)) {
if (is_serialized_string($option->option_value)) {
// this is a serialized string, so we should display it
$value = maybe_unserialize($option->option_value);
$options_to_update[] = $option->option_name;
$class = 'all-options';
} else {
$value = 'SERIALIZED DATA';
$disabled = true;
$class = 'all-options disabled';
}
} else {
$value = $option->option_value;
$options_to_update[] = $option->option_name;
$class = 'all-options';
}
$name = esc_attr($option->option_name);
/**
* Prepares meta data for return as an object
*
* @param int $post Post ID
* @param stdClass $data Metadata row from database
* @param boolean $is_serialized Is the value field still serialized? (False indicates the value has been unserialized)
* @return array|WP_Error Meta object data on success, WP_Error otherwise
*/
protected function prepare_meta($post, $data, $is_raw = false)
{
$ID = $data->meta_id;
$key = $data->meta_key;
$value = $data->meta_value;
// Don't expose protected fields.
if (is_protected_meta($key)) {
return new WP_Error('json_meta_protected', sprintf(__('%s is marked as a protected field.'), $key), array('status' => 403));
}
// Normalize serialized strings
if ($is_raw && is_serialized_string($value)) {
$value = unserialize($value);
}
// Don't expose serialized data
if (is_serialized($value) || !is_string($value)) {
return new WP_Error('json_meta_protected', sprintf(__('%s contains serialized data.'), $key), array('status' => 403));
}
$meta = array('ID' => (int) $ID, 'key' => $key, 'value' => $value);
return apply_filters('json_prepare_meta_value', $meta, $post);
}
