function kia_repeating_save_filter($meta, $post_id)
{
if (is_array($meta) && !empty($meta)) {
array_walk($meta, function (&$item, $key) {
if (isset($item['textarea'])) {
$item['textarea'] = sanitize_post_field('post_content', $item['textarea'], $post_id, 'db');
}
});
}
return $meta;
}
/**
* Create new posts via ajax.
* Requires title and post_type to be present in $_POST
*
* @return array
*/
function acf_create_rel_post()
{
// validate nonce first
if (!wp_verify_nonce($_POST['nonce'], 'acf_nonce')) {
wp_send_json_error();
}
if (!current_user_can('publish_posts')) {
wp_send_json_error();
}
// collect and santize data before insertion
$title = sanitize_post_field('post_title', $_POST['title'], null, 'db');
$post_type = sanitize_post_field('post_type', $_POST['post_type'][0], null, 'db');
if (!empty($title) && !empty($post_type)) {
// allow other developers to filter arguments
$post_id = wp_insert_post(apply_filters('acf_add_rel_post_args', array('post_type' => $post_type, 'post_title' => $title)));
}
wp_send_json_success(apply_filters('acf_add_rel_post_created', $post_id));
}
/**
* Save a possible override of the default sup and sub headers at an individual page level.
*
* @param int $post_id The current post ID.
* @param WP_Post $post Object representing the current post.
*/
function save_main_header($post_id, $post)
{
if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
return;
}
if (!isset($_POST['_spine_header_nonce']) || false === wp_verify_nonce($_POST['_spine_header_nonce'], 'save-spine-main-header')) {
return;
}
if ('auto-draft' === $post->post_status) {
return;
}
if (isset($_POST['spine_sup_header']) && '' != trim($_POST['spine_sup_header'])) {
$sup_header = sanitize_post_field('post_title', $_POST['spine_sup_header'], $post->ID, 'db');
update_post_meta($post_id, 'sup-header', $sup_header);
} else {
delete_post_meta($post_id, 'sup-header');
}
if (isset($_POST['spine_sub_header']) && '' != trim($_POST['spine_sub_header'])) {
$sub_header = sanitize_post_field('post_title', $_POST['spine_sub_header'], $post->ID, 'db');
update_post_meta($post_id, 'sub-header', $sub_header);
} else {
delete_post_meta($post_id, 'sub-header');
}
}
/**
* Get the unfiltered value of a global $post's key
*
* Used most frequently when editing a forum/topic/reply
*
* @since 2.1.0 bbPress (r3694)
*
* @global WP_Query $post
* @param string $field Name of the key
* @param string $context How to sanitize - raw|edit|db|display|attribute|js
* @return string Field value
*/
function bbp_get_global_post_field($field = 'ID', $context = 'edit')
{
global $post;
$retval = isset($post->{$field}) ? $post->{$field} : '';
$retval = sanitize_post_field($field, $retval, $post->ID, $context);
return apply_filters('bbp_get_global_post_field', $retval, $post);
}
/**
* Sanitize every post field.
*
* If the context is 'raw', then the post object or array will just be returned.
*
* @since 2.3.0
* @uses sanitize_post_field() Used to sanitize the fields.
*
* @param object|array $post The Post Object or Array
* @param string $context Optional, default is 'display'. How to sanitize post fields.
* @return object|array The now sanitized Post Object or Array (will be the same type as $post)
*/
function sanitize_post($post, $context = 'display')
{
if ('raw' == $context) {
return $post;
}
if (is_object($post)) {
if (!isset($post->ID)) {
$post->ID = 0;
}
foreach (array_keys(get_object_vars($post)) as $field) {
$post->{$field} = sanitize_post_field($field, $post->{$field}, $post->ID, $context);
}
$post->filter = $context;
} else {
if (!isset($post['ID'])) {
$post['ID'] = 0;
}
foreach (array_keys($post) as $field) {
$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
}
$post['filter'] = $context;
}
return $post;
}
/**
* Determine if a post exists based on title, content, and date
*
* @since 2.0.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $title Post title
* @param string $content Optional post content
* @param string $date Optional post date
* @return int Post ID if post exists, 0 otherwise.
*/
function post_exists($title, $content = '', $date = '')
{
global $wpdb;
$post_title = wp_unslash(sanitize_post_field('post_title', $title, 0, 'db'));
$post_content = wp_unslash(sanitize_post_field('post_content', $content, 0, 'db'));
$post_date = wp_unslash(sanitize_post_field('post_date', $date, 0, 'db'));
$query = "SELECT ID FROM {$wpdb->posts} WHERE 1=1";
$args = array();
if (!empty($date)) {
$query .= ' AND post_date = %s';
$args[] = $post_date;
}
if (!empty($title)) {
$query .= ' AND post_title = %s';
$args[] = $post_title;
}
if (!empty($content)) {
$query .= ' AND post_content = %s';
$args[] = $post_content;
}
if (!empty($args)) {
return (int) $wpdb->get_var($wpdb->prepare($query, $args));
}
return 0;
}
function spot_post_exists($title, $content = '', $date = '')
{
global $wpdb;
$post_title = stripslashes(sanitize_post_field('post_title', $title, 0, 'db'));
$post_slug = sanitize_title($title);
$post_content = stripslashes(sanitize_post_field('post_content', $content, 0, 'db'));
$post_date = stripslashes(sanitize_post_field('post_date', $date, 0, 'db'));
$query = "SELECT ID FROM {$wpdb->posts} WHERE 1=1 AND post_type = '" . SPOTS_POST_TYPE . "'";
// force checking of spots only
$args = array();
if (!empty($date)) {
$query .= ' AND post_date = %s';
$args[] = $post_date;
}
if (!empty($title)) {
$query .= ' AND ( post_title = %s OR post_name = %s )';
$args[] = $post_title;
$args[] = $post_slug;
}
if (!empty($content)) {
$query .= ' AND post_content = %s';
$args[] = $post_content;
}
if (!empty($args)) {
return $wpdb->get_var($wpdb->prepare($query, $args));
}
return 0;
}
/**
* process_posts
*
* Imports posts and loads $this->posts
*
* @uses $wpdb
*
* @param none
* @return none
*/
public function process_posts()
{
$headers = array();
$content = array();
// read file contents first
if (($handle = fopen($this->file, 'r')) !== false) {
$row = 0;
while (($data = fgetcsv($handle, 1000, self::DELIMITER)) !== false) {
// read headers
if ($row === 0) {
$headers = $data;
} else {
$content[] = $data;
}
$row++;
}
}
fclose($handle);
$results = array('errors' => 0, 'updated' => 0);
// Check for invalid headers
$matches = preg_grep('/^(' . implode('|', array_keys($this->header_settings)) . ')$/', $headers, PREG_GREP_INVERT);
if ($matches) {
\Timber::render('importer/invalid-headers.twig', array('headers' => $matches));
}
// store the post data
if ($headers && $content) {
// read cols
foreach ($content as $row => &$cols) {
$post_id = $content[$row][array_search('ID', $headers)];
$post = get_post($post_id);
if (!$post) {
\Timber::render('importer/warning.twig', array('message' => sprintf(__("ID `%s` does not match any existing posts.", TEXTDOMAIN), esc_html($post_id))));
$results['errors']++;
continue;
}
$post->post_status = 'publish';
foreach ($cols as $col => $val) {
if (!isset($headers[$col])) {
continue;
}
$key = $headers[$col];
switch ($key) {
case 'ID':
continue 2;
// skip to next col
// skip to next col
case 'post_title':
case 'post_content':
case 'post_date':
case 'post_date_gmt':
case 'comment_status':
case 'ping_status':
case 'post_name':
case 'status':
case 'post_parent':
case 'menu_order':
case 'post_type':
case 'post_password':
case 'is_sticky':
$post->{$key} = sanitize_post_field($key, $val, $post->ID, 'save');
break;
// TODO categories, tags, attachments!
// TODO categories, tags, attachments!
default:
foreach ($this->header_settings as $pattern => $settings) {
if (preg_match("/{$pattern}/", $key)) {
$settings = wp_parse_args($settings, array('filter' => FILTER_SANITIZE_STRING, 'filter_options' => null));
$val = trim(filter_var($val, $settings['filter'], $settings['filter_options']));
$val = apply_filters('importer_meta_field_value', $val, array($settings));
do_action('importer_meta_field_update', $post, $key, $val);
break;
}
}
}
}
if (wp_update_post($post)) {
$results['updated']++;
}
}
\Timber::render('importer/complete.twig', array('results' => $results));
} else {
\Timber::render('importer/error.twig', array('error' => __("File had no recognized content!", TEXTDOMAIN)));
}
}
/**
* Save home page
*/
function siteorigin_panels_save_home_page()
{
if (!isset($_POST['_sopanels_home_nonce']) || !wp_verify_nonce($_POST['_sopanels_home_nonce'], 'save')) {
return;
}
if (!current_user_can('edit_theme_options')) {
return;
}
if (!isset($_POST['panels_data'])) {
return;
}
// Check that the home page ID is set and the home page exists
$page_id = get_option('page_on_front');
if (empty($page_id)) {
$page_id = get_option('siteorigin_panels_home_page_id');
}
$post_content = wp_unslash($_POST['post_content']);
if (!$page_id || get_post_meta($page_id, 'panels_data', true) == '') {
// Lets create a new page
$page_id = wp_insert_post(array('post_title' => __('Home Page', 'siteorigin-panels'), 'post_status' => !empty($_POST['siteorigin_panels_home_enabled']) ? 'publish' : 'draft', 'post_type' => 'page', 'post_content' => $post_content, 'comment_status' => 'closed'));
update_option('page_on_front', $page_id);
update_option('siteorigin_panels_home_page_id', $page_id);
// Action triggered when creating a new home page through the custom home page interface
do_action('siteorigin_panels_create_home_page', $page_id);
} else {
// `wp_insert_post` does it's own sanitization, but it seems `wp_update_post` doesn't.
$post_content = sanitize_post_field('post_content', $post_content, $page_id, 'db');
// Update the post with changed content to save revision if necessary.
wp_update_post(array('ID' => $page_id, 'post_content' => $post_content));
}
// Save the updated page data
$panels_data = json_decode(wp_unslash($_POST['panels_data']), true);
$panels_data['widgets'] = siteorigin_panels_process_raw_widgets($panels_data['widgets']);
$panels_data = siteorigin_panels_styles_sanitize_all($panels_data);
update_post_meta($page_id, 'panels_data', $panels_data);
$template = get_post_meta($page_id, '_wp_page_template', true);
$home_template = siteorigin_panels_setting('home-template');
if (($template == '' || $template == 'default') && !empty($home_template)) {
// Set the home page template
update_post_meta($page_id, '_wp_page_template', $home_template);
}
if (!empty($_POST['siteorigin_panels_home_enabled'])) {
update_option('show_on_front', 'page');
update_option('page_on_front', $page_id);
update_option('siteorigin_panels_home_page_id', $page_id);
wp_publish_post($page_id);
} else {
// We're disabling this home page
update_option('show_on_front', 'posts');
// Change the post status to draft
$post = get_post($page_id);
if ($post->post_status != 'draft') {
global $wpdb;
$wpdb->update($wpdb->posts, array('post_status' => 'draft'), array('ID' => $post->ID));
clean_post_cache($post->ID);
$old_status = $post->post_status;
$post->post_status = 'draft';
wp_transition_post_status('draft', $old_status, $post);
do_action('edit_post', $post->ID, $post);
do_action("save_post_{$post->post_type}", $post->ID, $post, true);
do_action('save_post', $post->ID, $post, true);
do_action('wp_insert_post', $post->ID, $post, true);
}
}
}
/**
* Saves a doc.
*
* This method handles saving for both new and existing docs. It detects the difference by
* looking for the presence of $this->doc_slug
*
* @since 1.0-beta
*/
function save($args = false)
{
global $bp, $wp_rewrite;
// bbPress plays naughty with revision saving
add_action('pre_post_update', 'wp_save_post_revision');
// Get the required taxonomy items associated with the group. We only run this
// on a save because it requires extra database hits.
$this->setup_terms();
// Set up the default value for the result message
$results = array('message' => __('Unknown error. Please try again.', 'bp-docs'), 'redirect' => 'create');
// Backward compatibility. Had to change to doc_content to work with wp_editor
$doc_content = '';
if (isset($_POST['doc_content'])) {
$doc_content = $_POST['doc_content'];
} else {
if (isset($_POST['doc']['content'])) {
$doc_content = $_POST['doc']['content'];
}
}
// Check group associations
// @todo Move into group integration piece
// This group id is only used to check whether the user can associate the doc with the group.
$associated_group_id = isset($_POST['associated_group_id']) ? intval($_POST['associated_group_id']) : null;
if (bp_is_active('groups')) {
if (!empty($associated_group_id) && !current_user_can('bp_docs_associate_with_group', $associated_group_id)) {
$retval = array('message_type' => 'error', 'message' => __('You are not allowed to associate a Doc with that group.', 'bp-docs'), 'redirect_url' => bp_docs_get_create_link());
return $retval;
}
}
if (empty($_POST['doc']['title'])) {
// The title field is required
$result['message'] = __('The title field is required.', 'bp-docs');
$result['redirect'] = !empty($this->doc_slug) ? 'edit' : 'create';
} else {
$defaults = array('post_type' => $this->post_type_name, 'post_title' => $_POST['doc']['title'], 'post_name' => isset($_POST['doc']['permalink']) ? sanitize_title($_POST['doc']['permalink']) : sanitize_title($_POST['doc']['title']), 'post_content' => sanitize_post_field('post_content', $doc_content, 0, 'db'), 'post_status' => 'publish');
$r = wp_parse_args($args, $defaults);
if (empty($this->doc_slug)) {
$this->is_new_doc = true;
$r['post_author'] = bp_loggedin_user_id();
// If there's a 'doc_id' value in the POST, use
// the autodraft as a starting point
if (isset($_POST['doc_id']) && 0 != $_POST['doc_id']) {
$post_id = (int) $_POST['doc_id'];
$r['ID'] = $post_id;
wp_update_post($r);
} else {
$post_id = wp_insert_post($r);
}
if (!$post_id) {
$result['message'] = __('There was an error when creating the doc.', 'bp-docs');
$result['redirect'] = 'create';
} else {
$this->doc_id = $post_id;
$the_doc = get_post($this->doc_id);
$this->doc_slug = $the_doc->post_name;
// A normal, successful save
$result['message'] = __('Doc successfully created!', 'bp-docs');
$result['redirect'] = 'single';
}
} else {
$this->is_new_doc = false;
$doc = bp_docs_get_current_doc();
$this->doc_id = $doc->ID;
$r['ID'] = $this->doc_id;
// Make sure the post_name is set
if (empty($r['post_name'])) {
$r['post_name'] = sanitize_title($r['post_title']);
}
// Make sure the post_name is unique
$r['post_name'] = wp_unique_post_slug($r['post_name'], $this->doc_id, $r['post_status'], $this->post_type_name, $doc->post_parent);
$this->doc_slug = $r['post_name'];
// Save pre-update post data, for comparison by callbacks.
$this->previous_revision = clone $doc;
if (!wp_update_post($r)) {
$result['message'] = __('There was an error when saving the doc.', 'bp-docs');
$result['redirect'] = 'edit';
} else {
// Remove the edit lock
delete_post_meta($this->doc_id, '_edit_lock');
delete_post_meta($this->doc_id, '_bp_docs_last_pinged');
// When the post has been autosaved, we need to leave a
// special success message
if (!empty($_POST['is_auto']) && $_POST['is_auto']) {
$result['message'] = __('You idled a bit too long while in Edit mode. In order to allow others to edit the doc you were working on, your changes have been autosaved. Click the Edit button to return to Edit mode.', 'bp-docs');
} else {
// A normal, successful save
$result['message'] = __('Doc successfully edited!', 'bp-docs');
}
$result['redirect'] = 'single';
}
$post_id = $this->doc_id;
}
}
// If the Doc was successfully created, run some more stuff
if (!empty($post_id)) {
// Add to a group, if necessary
if (!is_null($associated_group_id)) {
bp_docs_set_associated_group_id($post_id, $associated_group_id);
}
// Make sure the current user is added as one of the authors
wp_set_post_terms($post_id, $this->user_term_id, $this->associated_item_tax_name, true);
// Save the last editor id. We'll use this to create an activity item
update_post_meta($this->doc_id, 'bp_docs_last_editor', bp_loggedin_user_id());
// Save settings
bp_docs_save_doc_access_settings($this->doc_id);
// Increment the revision count
$revision_count = get_post_meta($this->doc_id, 'bp_docs_revision_count', true);
update_post_meta($this->doc_id, 'bp_docs_revision_count', intval($revision_count) + 1);
}
// Provide a custom hook for plugins and optional components.
// WP's default save_post isn't enough, because we need something that fires
// only when we save from the front end (for things like taxonomies, which
// the WP admin handles automatically)
do_action('bp_docs_doc_saved', $this);
do_action('bp_docs_after_save', $this->doc_id);
$message_type = $result['redirect'] == 'single' ? 'success' : 'error';
// Stuff data into a cookie so it can be accessed on next page load
if ('error' === $message_type) {
setcookie('bp-docs-submit-data', json_encode($_POST), time() + 30, '/');
}
$redirect_base = trailingslashit(bp_get_root_domain());
if ($wp_rewrite->using_index_permalinks()) {
$redirect_base .= 'index.php/';
}
$redirect_url = apply_filters('bp_docs_post_save_redirect_base', trailingslashit($redirect_base . bp_docs_get_docs_slug()));
if ($result['redirect'] == 'single') {
$redirect_url .= $this->doc_slug;
} else {
if ($result['redirect'] == 'edit') {
$redirect_url .= $this->doc_slug . '/' . BP_DOCS_EDIT_SLUG;
} else {
if ($result['redirect'] == 'create') {
$redirect_url .= BP_DOCS_CREATE_SLUG;
}
}
}
$retval = array('message_type' => $message_type, 'message' => $result['message'], 'redirect_url' => $redirect_url);
return $retval;
}
/**
* Sanitize every post field.
*
* If the context is 'raw', then the post object or array will just be returned.
*
* @since 2.3.0
* @uses sanitize_post_field() Used to sanitize the fields.
*
* @param object|array $post The Post Object or Array
* @param string $context Optional, default is 'display'. How to sanitize post fields.
* @return object|array The now sanitized Post Object or Array (will be the same type as $post)
*/
function sanitize_post($post, $context = 'display') {
if ( 'raw' == $context )
return $post;
if ( is_object($post) ) {
if ( !isset($post->ID) )
$post->ID = 0;
foreach ( array_keys(get_object_vars($post)) as $field )
$post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context);
} else {
if ( !isset($post['ID']) )
$post['ID'] = 0;
foreach ( array_keys($post) as $field )
$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
}
return $post;
}
private function change_cats()
{
global $title, $action, $post_ID, $parent_file, $post, $post_referredby, $post_orig_referer, $checked_cats;
if ($this->admin->get_data('originalaction') == 'editpost') {
$title = __('Edit');
$action = 'edit';
$post_ID = intval($this->admin->get_data('post_ID'));
$post = $this->get_post($post_ID);
} else {
// $parent_file = 'post-new.php';
$title = __('Add New Post');
$post_ID = 0;
$post = get_default_post_to_edit();
}
check_admin_referer('change-cats_' . $post_ID);
foreach (array('post_title', 'post_name', 'post_content', 'tags_input') as $f) {
$post->{$f} = $this->admin->get_data($f);
$post->{$f} = sanitize_post_field($f, $post->{$f}, $post_ID, 'edit');
}
$post_referredby = $this->admin->get_data('referredby');
$post_orig_referer = $this->admin->get_data('_wp_original_http_referer');
if (!isset($_POST['cancel'])) {
$checked_cats = array();
if (is_array($_POST['cat']) && count($_POST['cat']) >= 1) {
foreach ($_POST['cat'] as $c) {
$checked_cats[] = intval($c);
}
} else {
$checked_cats[] = get_option('default_category');
}
} else {
$checked_cats = array_map('intval', explode(',', $this->admin->get_data('post_cats')));
}
include dirname(__FILE__) . '/edit-form.php';
}
public function product_exists($title, $sku = '', $post_name = '')
{
global $wpdb;
// Post Title Check
$post_title = stripslashes(sanitize_post_field('post_title', $title, 0, 'db'));
$query = "SELECT ID FROM {$wpdb->posts} WHERE post_type = 'product' AND post_status IN ( 'publish', 'private', 'draft', 'pending', 'future' )";
$args = array();
if (!empty($title)) {
$query .= ' AND post_title = %s';
$args[] = $post_title;
}
if (!empty($post_name)) {
$query .= ' AND post_name = %s';
$args[] = $post_name;
}
if (!empty($args)) {
$posts_that_exist = $wpdb->get_col($wpdb->prepare($query, $args));
if ($posts_that_exist) {
foreach ($posts_that_exist as $post_exists) {
// Check unique SKU
$post_exists_sku = get_post_meta($post_exists, '_sku', true);
if ($sku == $post_exists_sku) {
return true;
}
}
}
}
// Sku Check
if ($sku) {
$post_exists_sku = $wpdb->get_var($wpdb->prepare("\n\t\t\t\tSELECT {$wpdb->posts}.ID\n\t\t\t FROM {$wpdb->posts}\n\t\t\t LEFT JOIN {$wpdb->postmeta} ON ( {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id )\n\t\t\t WHERE {$wpdb->posts}.post_status IN ( 'publish', 'private', 'draft', 'pending', 'future' )\n\t\t\t AND {$wpdb->postmeta}.meta_key = '_sku' AND {$wpdb->postmeta}.meta_value = '%s'\n\t\t\t ", $sku));
if ($post_exists_sku) {
return true;
}
}
return false;
}
/**
* Clean the data being passed when saving the Banner layout.
*
* @param array $data Array of data inputs being passed.
*
* @return array Clean data.
*/
public function save_banner($data)
{
$clean_data = array();
$clean_data['title'] = $clean_data['label'] = isset($data['title']) ? apply_filters('title_save_pre', $data['title']) : '';
$clean_data['hide-arrows'] = isset($data['hide-arrows']) && 1 === (int) $data['hide-arrows'] ? 1 : 0;
$clean_data['hide-dots'] = isset($data['hide-dots']) && 1 === (int) $data['hide-dots'] ? 1 : 0;
$clean_data['autoplay'] = isset($data['autoplay']) && 1 === (int) $data['autoplay'] ? 1 : 0;
if (isset($data['transition']) && in_array($data['transition'], array('fade', 'scrollHorz', 'none'))) {
$clean_data['transition'] = $data['transition'];
}
if (isset($data['delay'])) {
$clean_data['delay'] = absint($data['delay']);
}
if (isset($data['height'])) {
$clean_data['height'] = absint($data['height']);
}
if (isset($data['responsive']) && in_array($data['responsive'], array('aspect', 'balanced'))) {
$clean_data['responsive'] = $data['responsive'];
}
if (isset($data['banner-slide-order'])) {
$clean_data['banner-slide-order'] = array_map(array('TTFMAKE_Builder_Save', 'clean_section_id'), explode(',', $data['banner-slide-order']));
}
if (isset($data['banner-slides']) && is_array($data['banner-slides'])) {
foreach ($data['banner-slides'] as $id => $slide) {
if (isset($slide['content'])) {
$clean_data['banner-slides'][$id]['content'] = sanitize_post_field('post_content', $slide['content'], get_post() ? get_the_ID() : 0, 'db');
}
if (isset($slide['background-color'])) {
$clean_data['banner-slides'][$id]['background-color'] = maybe_hash_hex_color($slide['background-color']);
}
$clean_data['banner-slides'][$id]['darken'] = isset($slide['darken']) && 1 === (int) $slide['darken'] ? 1 : 0;
if (isset($slide['image-id'])) {
$clean_data['banner-slides'][$id]['image-id'] = ttfmake_sanitize_image_id($slide['image-id']);
}
$clean_data['banner-slides'][$id]['alignment'] = isset($slide['alignment']) && in_array($slide['alignment'], array('none', 'left', 'right')) ? $slide['alignment'] : 'none';
if (isset($slide['state'])) {
$clean_data['banner-slides'][$id]['state'] = in_array($slide['state'], array('open', 'closed')) ? $slide['state'] : 'open';
}
if (isset($slide['spine_slide_url'])) {
$clean_data['banner-slides'][$id]['slide-url'] = esc_url_raw($slide['spine_slide_url']);
}
}
}
if (isset($data['section-classes'])) {
$clean_data['section-classes'] = $this->clean_classes($data['section-classes']);
}
if (isset($data['section-wrapper'])) {
$clean_data['section-wrapper'] = $this->clean_classes($data['section-wrapper']);
}
if (isset($data['column-classes'])) {
$clean_data['column-classes'] = $this->clean_classes($data['column-classes']);
}
if (isset($data['label'])) {
$clean_data['label'] = sanitize_text_field($data['label']);
}
if (isset($data['background-img'])) {
$clean_data['background-img'] = esc_url_raw($data['background-img']);
}
if (isset($data['background-mobile-img'])) {
$clean_data['background-mobile-img'] = esc_url_raw($data['background-mobile-img']);
}
$clean_data = apply_filters('spine_builder_save_banner', $clean_data, $data);
return $clean_data;
}
/**
* Saves a doc.
*
* This method handles saving for both new and existing docs. It detects the difference by
* looking for the presence of $this->doc_slug
*
* @package BuddyPress Docs
* @since 1.0-beta
*/
function save($args = false)
{
global $bp;
// bbPress plays naughty with revision saving
add_action('pre_post_update', 'wp_save_post_revision');
// Get the required taxonomy items associated with the group. We only run this
// on a save because it requires extra database hits.
$this->setup_terms();
// Set up the default value for the result message
$results = array('message' => __('Unknown error. Please try again.', 'bp-docs'), 'redirect' => 'create');
// Backward compatibility. Had to change to doc_content to work with wp_editor
$doc_content = '';
if (isset($_POST['doc_content'])) {
$doc_content = $_POST['doc_content'];
} else {
if (isset($_POST['doc']['content'])) {
$doc_content = $_POST['doc']['content'];
}
}
// Check group associations
// @todo Move into group integration piece
if (bp_is_active('groups')) {
$associated_group_id = isset($_POST['associated_group_id']) ? intval($_POST['associated_group_id']) : 0;
if ($associated_group_id && !BP_Docs_Groups_Integration::user_can_associate_doc_with_group(bp_loggedin_user_id(), $associated_group_id)) {
bp_core_add_message(__('You are not allowed to associate a Doc with that group.', 'bp-docs'), 'error');
bp_core_redirect(bp_docs_get_create_link());
}
}
if (empty($_POST['doc']['title']) || empty($doc_content)) {
// Both the title and the content fields are required
$result['message'] = __('Both the title and the content fields are required.', 'bp-docs');
$result['redirect'] = $this->current_view;
} else {
// If both the title and content fields are filled in, we can proceed
$defaults = array('post_type' => $this->post_type_name, 'post_title' => $_POST['doc']['title'], 'post_name' => isset($_POST['doc']['permalink']) ? sanitize_title($_POST['doc']['permalink']) : sanitize_title($_POST['doc']['title']), 'post_content' => stripslashes(sanitize_post_field('post_content', $doc_content, 0, 'db')), 'post_status' => 'publish');
$r = wp_parse_args($args, $defaults);
if (empty($this->doc_slug)) {
$this->is_new_doc = true;
$r['post_author'] = bp_loggedin_user_id();
// This is a new doc
if (!($post_id = wp_insert_post($r))) {
$result['message'] = __('There was an error when creating the doc.', 'bp-docs');
$result['redirect'] = 'create';
} else {
$this->doc_id = $post_id;
$the_doc = get_post($this->doc_id);
$this->doc_slug = $the_doc->post_name;
// A normal, successful save
$result['message'] = __('Doc successfully created!', 'bp-docs');
$result['redirect'] = 'single';
}
} else {
$this->is_new_doc = false;
$doc = get_queried_object();
$this->doc_id = $doc->ID;
$r['ID'] = $this->doc_id;
// Make sure the post_name is set
if (empty($r['post_name'])) {
$r['post_name'] = sanitize_title($r['post_title']);
}
// Make sure the post_name is unique
$r['post_name'] = wp_unique_post_slug($r['post_name'], $this->doc_id, $r['post_status'], $this->post_type_name, $doc->post_parent);
$this->doc_slug = $r['post_name'];
if (!wp_update_post($r)) {
$result['message'] = __('There was an error when saving the doc.', 'bp-docs');
$result['redirect'] = 'edit';
} else {
// Remove the edit lock
delete_post_meta($this->doc_id, '_edit_lock');
// When the post has been autosaved, we need to leave a
// special success message
if (!empty($_POST['is_auto']) && $_POST['is_auto']) {
$result['message'] = __('You idled a bit too long while in Edit mode. In order to allow others to edit the doc you were working on, your changes have been autosaved. Click the Edit button to return to Edit mode.', 'bp-docs');
} else {
// A normal, successful save
$result['message'] = __('Doc successfully edited!', 'bp-docs');
}
$result['redirect'] = 'single';
}
$post_id = $this->doc_id;
}
}
// Add to a group, if necessary
if (isset($associated_group_id)) {
bp_docs_set_associated_group_id($post_id, $associated_group_id);
}
// Make sure the current user is added as one of the authors
wp_set_post_terms($post_id, $this->user_term_id, $this->associated_item_tax_name, true);
// Save the last editor id. We'll use this to create an activity item
update_post_meta($this->doc_id, 'bp_docs_last_editor', bp_loggedin_user_id());
// Save settings
$settings = !empty($_POST['settings']) ? $_POST['settings'] : array();
$verified_settings = bp_docs_verify_settings($settings, $post_id, bp_loggedin_user_id());
$new_settings = array();
foreach ($verified_settings as $verified_setting_name => $verified_setting) {
$new_settings[$verified_setting_name] = $verified_setting['verified_value'];
if ($verified_setting['verified_value'] != $verified_setting['original_value']) {
$result['message'] = __('Your Doc was successfully saved, but some of your access settings have been changed to match the Doc\'s permissions.', 'bp-docs');
}
}
update_post_meta($this->doc_id, 'bp_docs_settings', $new_settings);
// The 'read' setting must also be saved to a taxonomy, for
// easier directory queries
$read_setting = isset($new_settings['read']) ? $new_settings['read'] : 'anyone';
bp_docs_update_doc_access($this->doc_id, $read_setting);
// Increment the revision count
$revision_count = get_post_meta($this->doc_id, 'bp_docs_revision_count', true);
update_post_meta($this->doc_id, 'bp_docs_revision_count', intval($revision_count) + 1);
// Provide a custom hook for plugins and optional components.
// WP's default save_post isn't enough, because we need something that fires
// only when we save from the front end (for things like taxonomies, which
// the WP admin handles automatically)
do_action('bp_docs_doc_saved', $this);
$message_type = $result['redirect'] == 'single' ? 'success' : 'error';
$redirect_url = trailingslashit(bp_get_root_domain() . '/' . BP_DOCS_SLUG);
if ($result['redirect'] == 'single') {
$redirect_url .= $this->doc_slug;
} else {
if ($result['redirect'] == 'edit') {
$redirect_url .= $this->doc_slug . '/' . BP_DOCS_EDIT_SLUG;
} else {
if ($result['redirect'] == 'create') {
$redirect_url .= BP_DOCS_CREATE_SLUG;
}
}
}
$retval = array('message_type' => $message_type, 'message' => $result['message'], 'redirect_url' => $redirect_url);
return $retval;
}
function update_service($post_id, $service_form, $detail_name)
{
$new_meta_value = isset($_POST[$detail_name]) ? sanitize_post_field($detail_name, $_POST[$detail_name], $post_id, 'display') : '';
$meta_key = $detail_name;
$meta_value = get_post_meta($post_id, $meta_key, true);
if ($new_meta_value && '' == $meta_value) {
add_post_meta($post_id, $meta_key, $new_meta_value, true);
} elseif ($new_meta_value && $new_meta_value != $meta_value) {
update_post_meta($post_id, $meta_key, $new_meta_value);
} elseif ('' == $new_meta_value && $meta_value) {
delete_post_meta($post_id, $meta_key, $meta_value);
}
}
/**
* Save the data for the gallery section.
*
* @since 1.0.0.
*
* @param array $data The data from the $_POST array for the section.
* @return array The cleaned data.
*/
public function save_gallery($data)
{
$clean_data = array();
if (isset($data['columns'])) {
if (in_array($data['columns'], range(1, 4))) {
$clean_data['columns'] = $data['columns'];
}
}
if (isset($data['caption-color'])) {
if (in_array($data['caption-color'], array('light', 'dark'))) {
$clean_data['caption-color'] = $data['caption-color'];
}
}
if (isset($data['captions'])) {
if (in_array($data['captions'], array('none', 'overlay', 'reveal'))) {
$clean_data['captions'] = $data['captions'];
}
}
if (isset($data['aspect'])) {
if (in_array($data['aspect'], array('none', 'landscape', 'portrait', 'square'))) {
$clean_data['aspect'] = $data['aspect'];
}
}
if (isset($data['background-image']['image-id'])) {
$clean_data['background-image'] = ttfmake_sanitize_image_id($data['background-image']['image-id']);
}
if (isset($data['title'])) {
$clean_data['title'] = $clean_data['label'] = apply_filters('title_save_pre', $data['title']);
}
if (isset($data['darken'])) {
$clean_data['darken'] = 1;
} else {
$clean_data['darken'] = 0;
}
if (isset($data['background-color'])) {
$clean_data['background-color'] = maybe_hash_hex_color($data['background-color']);
}
if (isset($data['background-style'])) {
if (in_array($data['background-style'], array('tile', 'cover'))) {
$clean_data['background-style'] = $data['background-style'];
}
}
if (isset($data['gallery-item-order'])) {
$clean_data['gallery-item-order'] = array_map(array('TTFMAKE_Builder_Save', 'clean_section_id'), explode(',', $data['gallery-item-order']));
}
if (isset($data['gallery-items']) && is_array($data['gallery-items'])) {
foreach ($data['gallery-items'] as $id => $item) {
if (isset($item['title'])) {
$clean_data['gallery-items'][$id]['title'] = apply_filters('title_save_pre', $item['title']);
}
if (isset($item['link'])) {
$clean_data['gallery-items'][$id]['link'] = esc_url_raw($item['link']);
}
if (isset($item['description'])) {
$clean_data['gallery-items'][$id]['description'] = sanitize_post_field('post_content', $item['description'], get_post() ? get_the_ID() : 0, 'db');
}
if (isset($item['image-id'])) {
$clean_data['gallery-items'][$id]['image-id'] = ttfmake_sanitize_image_id($item['image-id']);
}
}
}
return $clean_data;
}
/**
* Save the Meta Value
* @since 1.0
* @param int $post_id the ID of the post we're saving
* @return null
*/
public function meta_save($post_id)
{
//check to see if this is an autosafe and if the nonce is verified:
if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
return $post_id;
}
if (!isset($_POST['kia_subnonce']) || !wp_verify_nonce($_POST['kia_subnonce'], plugin_basename(__FILE__))) {
return $post_id;
}
// Check permissions
if ('page' == $_POST['post_type'] && !current_user_can('edit_page', $post_id)) {
return $post_id;
} else {
if (!current_user_can('edit_post', $post_id)) {
return $post_id;
}
}
//don't save if the subtitle equals the default text
if (in_array(trim($_POST['subtitle']), array(__('Subtitle', 'kia-subtitle'), ''))) {
delete_post_meta($post_id, 'kia_subtitle');
} else {
update_post_meta($post_id, 'kia_subtitle', sanitize_post_field('post_title', $_POST['subtitle'], $post_id, 'db'));
}
return $post_id;
}
function sanitize_post($post, $context = 'display')
{
if ('raw' == $context) {
return $post;
}
if (is_object($post)) {
foreach (array_keys(get_object_vars($post)) as $field) {
$post->{$field} = sanitize_post_field($field, $post->{$field}, $post->ID, $context);
}
} else {
foreach (array_keys($post) as $field) {
$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
}
}
return $post;
}
/**
* This function handles updating (saving) widget options
*/
public function update($new_instance, $old_instance)
{
// Widget Title
$new_instance['title'] = !empty($new_instance['title']) ? sanitize_text_field($new_instance['title']) : false;
// Widget Title
$new_instance['hide_title'] = isset($new_instance['hide_title']) ? true : false;
// Hide Widget Title
// Widget Content
//$new_instance['content'] = ( ! empty( $new_instance['content'] ) ) ? stripslashes( wp_filter_post_kses( addslashes( $new_instance['content'] ) ) ) : false; // Widget Content - wp_filter_post_kses() expects slashed content
//$new_instance['content'] = ( ! empty( $new_instance['content'] ) ) ? format_to_edit( $new_instance['content'], true ) : false; // Widget Content - wp_filter_post_kses() expects slashed content
$new_instance['content'] = !empty($new_instance['content']) ? wp_unslash(sanitize_post_field('post_content', $new_instance['content'], 0, 'db')) : false;
// Widget Content - Sanitize as post_content; Fake a Post ID
// CSS Class
if (!empty($new_instance['css_class'])) {
// Split classes
$new_instance['css_class'] = explode(' ', $new_instance['css_class']);
// Sanitize classes
foreach ($new_instance['css_class'] as &$css_class) {
$css_class = sanitize_html_class($css_class);
}
// Bring them back together
$new_instance['css_class'] = implode(' ', $new_instance['css_class']);
} else {
$new_instance['css_class'] = false;
}
return apply_filters('note_widget_update', $new_instance, $old_instance, $this);
}
function delibera_nova_pauta_create_action()
{
$opt = delibera_get_config();
if ($opt['criar_pauta_pelo_front_end'] == 'S' && is_user_logged_in() && isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'delibera_nova_pauta')) {
$title = $_POST['nova-pauta-titulo'];
$content = $_POST['nova-pauta-conteudo'];
$excerpt = $_POST['nova-pauta-resumo'];
$pauta = array();
$pauta['post_title'] = $title;
$pauta['post_excerpt'] = $excerpt;
$pauta['post_type'] = 'pauta';
//Check if there is any file uploaded
// If there is any, then ignore 'content' and use File.
// else do add 'pauta' with the text content
if (!empty($_FILES['post_pdf_contribution']['name'])) {
// Setup the array of supported file types. In this case, it's just PDF.
$supported_types = array('application/pdf');
// Get the file type of the upload
$pdf_contribution = wp_check_filetype(basename($_FILES['post_pdf_contribution']['name']));
$sent_file_type = $pdf_contribution['type'];
// Check if the type is supported. If not, throw an error.
if (!in_array($sent_file_type, $supported_types)) {
//TODO: Improve this message and avoid wp_die
wp_die("O arquivo para web não é um PDF (formato permitido).");
}
$uploaded_file = wp_upload_bits($_FILES['pauta_pdf_contribution']['name'], null, file_get_contents($_FILES['pauta_pdf_contribution']['tmp_name']));
if (isset($uploaded_file['error']) && $uploaded_file['error'] != 0) {
wp_die('Erro ao salvar arquivo para Web. O erro foi: ' . $upload['error']);
} else {
$pauta['pauta_pdf_contribution'] = $uploaded_file['url'];
}
} else {
$pauta['post_content'] = $content;
}
// para que a situação da pauta seja criada corretamente,
// é necessário criar a pauta como rascunho para depois publicar no final desta função
$pauta['post_status'] = 'draft';
$pauta_id = wp_insert_post($pauta);
if (is_int($pauta_id) && $pauta_id > 0) {
/* Os valores adicionados ao array $_POST são baseados no if da função delibera_save_post(),
* comentado abaixo
if(
( // Se tem validação, tem que ter o prazo
$opt['validacao'] == 'N' ||
(array_key_exists('prazo_validacao', $_POST) && array_key_exists('min_validacoes', $_POST) )
) &&
( // Se tem relatoria, tem que ter o prazo
$opt['relatoria'] == 'N' ||
array_key_exists('prazo_relatoria', $_POST)
) &&
( // Se tem relatoria, e é preciso eleger o relator, tem que ter o prazo para eleição
$opt['relatoria'] == 'N' ||
(
$opt['eleicao_relator'] == 'N' ||
array_key_exists('prazo_eleicao_relator', $_POST)
)
) &&
array_key_exists('prazo_discussao', $_POST) &&
array_key_exists('prazo_votacao', $_POST)
)
*/
if ($opt['validacao'] == 'S') {
$_POST['prazo_validacao'] = date('d/m/Y', strtotime('+' . $opt['dias_validacao'] . ' DAYS'));
$_POST['min_validacoes'] = $opt['minimo_validacao'];
}
if ($opt['relatoria'] == 'S') {
$_POST['prazo_relatoria'] = date('d/m/Y', strtotime('+' . $opt['dias_relatoria'] . ' DAYS'));
if ($opt['eleicao_relator'] == 'S') {
$_POST['prazo_eleicao_relator'] = date('d/m/Y', strtotime('+' . $opt['dias_votacao_relator'] . ' DAYS'));
}
}
if (trim($opt['data_fixa_nova_pauta_externa']) != '') {
$prazo_discussao = DateTime::createFromFormat('d/m/Y', $opt['data_fixa_nova_pauta_externa']);
$_POST['prazo_discussao'] = $prazo_discussao->format('d/m/Y');
$_POST['prazo_votacao'] = date('d/m/Y', strtotime('+' . $opt['dias_votacao'] . ' DAYS', $prazo_discussao->getTimestamp()));
} else {
$_POST['prazo_discussao'] = date('d/m/Y', strtotime('+' . $opt['dias_discussao'] . ' DAYS'));
$_POST['prazo_votacao'] = date('d/m/Y', strtotime('+' . $opt['dias_votacao'] . ' DAYS'));
}
// isto é necessário por causa do if da função delibera_publish_pauta()
$_POST['publish'] = 'Publicar';
$_POST['prev_status'] = 'draft';
// verifica se todos os temas enviados por post são válidos
$temas = get_terms('tema', array('hide_empty' => true));
$temas_ids = array();
if (isset($_POST['tema']) && is_array($_POST['tema'])) {
foreach ($temas as $tema) {
if (in_array($tema->term_id, $_POST['tema'])) {
$temas_ids[] = $tema->term_id;
}
}
}
// coloca os termos de temas no post
wp_set_post_terms($pauta_id, $temas_ids, 'tema');
// publica o post
wp_publish_post($pauta_id);
// isto serve para criar o slug corretamente,
// já que no wp_insert_post não cria o slug quando o status é draft e o wp_publish_post tb não cria o slug
unset($pauta['post_status']);
$pauta['ID'] = $pauta_id;
$pauta['post_name'] = sanitize_post_field('post_name', $title, $pauta_id, 'save');
wp_update_post($pauta);
// redireciona para a pauta criada
$permalink = get_post_permalink($pauta_id);
wp_safe_redirect($permalink);
die;
}
}
}
function save_project_meta($post_id)
{
// If this is an autosave, our form has not been submitted, do nothing.
if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
return $post_id;
}
// If user does not have permissions, do nothing.
if (!current_user_can('edit_page', $post_id)) {
return $post_id;
}
// If this is not the correct type of post, do nothing.
if ('post' != $_POST['post_type'] && 'project' != $_POST['post_type'] && 'page' != $_POST['post_type'] && 'capability_page' != $_POST['post_type'] && 'homepage_module' != $_POST['post_type'] && 'client' != $_POST['post_type']) {
return $post_id;
}
// If nonce does not verify, do nothing.
if (!isset($_POST['save_project_meta_nonce']) || !wp_verify_nonce($_POST['save_project_meta_nonce'], 'save_project_meta')) {
return $post_id;
}
// Sanitize the values
if (isset($_REQUEST['external_link'])) {
$update_vals['external_link'] = sanitize_post_field('external_link', $_REQUEST['external_link'], $post_id, 'display');
} else {
if ('post' == $_POST['post_type'] || 'client' == $_POST['post_type'] || 'page' == $_POST['post_type']) {
$update_vals['external_link'] = null;
}
}
if (isset($_REQUEST['project_archived'])) {
$update_vals['project_archived'] = sanitize_post_field('project_archived', $_REQUEST['project_archived'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type']) {
$update_vals['project_archived'] = null;
}
}
if (isset($_REQUEST['project_gallery'])) {
$update_vals['project_gallery'] = sanitize_post_field('project_gallery', $_REQUEST['project_gallery'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type']) {
$update_vals['project_gallery'] = null;
}
}
if (isset($_REQUEST['recognition'])) {
$update_vals['recognition'] = sanitize_post_field('recognition', $_REQUEST['recognition'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type']) {
$update_vals['recognition'] = null;
}
}
if (isset($_REQUEST['between_slashes'])) {
$update_vals['between_slashes'] = sanitize_post_field('between_slashes', $_REQUEST['between_slashes'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type'] || 'page' == $_POST['post_type'] || 'capability_page' == $_POST['post_type']) {
$update_vals['between_slashes'] = null;
}
}
if (isset($_REQUEST['color_space'])) {
$update_vals['color_space'] = sanitize_post_field('color_space', $_REQUEST['color_space'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type'] || 'page' == $_POST['post_type']) {
$update_vals['color_space'] = null;
}
}
if (isset($_REQUEST['meta_desc'])) {
$update_vals['meta_desc'] = sanitize_post_field('meta_desc', $_REQUEST['meta_desc'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type'] || 'page' == $_POST['post_type']) {
$update_vals['meta_desc'] = null;
}
}
if (isset($_REQUEST['meta_keys'])) {
$update_vals['meta_keys'] = sanitize_post_field('meta_keys', $_REQUEST['meta_keys'], $post_id, 'display');
} else {
if ('project' == $_POST['post_type'] || 'page' == $_POST['post_type']) {
$update_vals['meta_keys'] = null;
}
}
if (isset($_REQUEST['project_services'])) {
foreach ($_REQUEST['project_services'] as $ap_key => $ap_val) {
$update_vals['project_services'][] = sanitize_text_field($ap_val);
}
} else {
if ('project' == $_POST['post_type']) {
$update_vals['project_services'] = null;
}
}
if (isset($_REQUEST['compost_gallery'])) {
$update_vals['compost_gallery'] = sanitize_post_field('compost_gallery', $_REQUEST['compost_gallery'], $post_id, 'display');
} else {
if ('page' == $_POST['post_type']) {
$update_vals['compost_gallery'] = null;
}
}
if (isset($_REQUEST['capability_projects'])) {
foreach ($_REQUEST['capability_projects'] as $ap_key => $ap_val) {
$update_vals['capability_projects'][] = sanitize_text_field($ap_val);
}
} else {
if ('capability_page' == $_POST['post_type'] || 'client' == $_POST['post_type']) {
$update_vals['capability_projects'] = null;
}
}
if (isset($_REQUEST['module_id'])) {
$update_vals['module_id'] = sanitize_post_field('module_id', $_REQUEST['module_id'], $post_id, 'display');
} else {
if ('homepage_module' == $_POST['post_type']) {
$update_vals['module_id'] = null;
}
}
if (isset($_REQUEST['module_size'])) {
$update_vals['module_size'] = sanitize_post_field('module_size', $_REQUEST['module_size'], $post_id, 'display');
} else {
if ('homepage_module' == $_POST['post_type']) {
$update_vals['module_size'] = null;
}
}
if (isset($_REQUEST['module_rollover'])) {
$update_vals['module_rollover'] = sanitize_post_field('module_rollover', $_REQUEST['module_rollover'], $post_id, 'display');
} else {
if ('homepage_module' == $_POST['post_type']) {
$update_vals['module_rollover'] = null;
}
}
//var_dump($update_vals);
// Update the metadata
if (isset($update_vals)) {
foreach ($update_vals as $uv_key => $uv_val) {
update_post_meta($post_id, $uv_key, $uv_val);
}
}
}
function set_post_field($field, $value, $post_id)
{
global $wpdb;
$post_id = absint($post_id);
$value = sanitize_post_field($field, $value, $post_id, 'db');
return $wpdb->update($wpdb->posts, array($field => $value), array('ID' => $post_id));
}
/**
* Saves a doc.
*
* This method handles saving for both new and existing docs. It detects the difference by
* looking for the presence of $this->doc_slug
*
* @package BuddyPress Docs
* @since 1.0-beta
*/
function save($args = false)
{
global $bp;
check_admin_referer('bp_docs_save');
// Get the required taxonomy items associated with the group. We only run this
// on a save because it requires extra database hits.
$this->setup_terms();
// Set up the default value for the result message
$results = array('message' => __('Unknown error. Please try again.', 'bp-docs'), 'redirect' => 'create');
if (empty($_POST['doc']['title']) || empty($_POST['doc']['content'])) {
// Both the title and the content fields are required
$result['message'] = __('Both the title and the content fields are required.', 'bp-doc');
$result['redirect'] = $this->current_view;
} else {
// If both the title and content fields are filled in, we can proceed
$defaults = array('post_type' => $this->post_type_name, 'post_title' => $_POST['doc']['title'], 'post_content' => stripslashes(sanitize_post_field('post_content', $_POST['doc']['content'], 0, 'db')), 'post_status' => 'publish');
$r = wp_parse_args($args, $defaults);
if (empty($this->doc_slug)) {
$this->is_new_doc = true;
$r['post_author'] = bp_loggedin_user_id();
// This is a new doc
if (!($post_id = wp_insert_post($r))) {
$result['message'] = __('There was an error when creating the doc.', 'bp-doc');
$result['redirect'] = 'create';
} else {
// If the doc was saved successfully, place it in the proper tax
wp_set_post_terms($post_id, $this->term_id, $this->associated_item_tax_name);
$this->doc_id = $post_id;
$the_doc = get_post($this->doc_id);
$this->doc_slug = $the_doc->post_name;
// A normal, successful save
$result['message'] = __('Doc successfully created!', 'bp-doc');
$result['redirect'] = 'single';
}
} else {
$this->is_new_doc = false;
// This is an existing doc, so we need to get the post ID
$the_doc_args = array('name' => $this->doc_slug, 'post_type' => $this->post_type_name);
$the_docs = get_posts($the_doc_args);
$this->doc_id = $the_docs[0]->ID;
$r['ID'] = $this->doc_id;
$r['post_author'] = $the_docs[0]->post_author;
if (!wp_update_post($r)) {
$result['message'] = __('There was an error when saving the doc.', 'bp-doc');
$result['redirect'] = 'edit';
} else {
// Remove the edit lock
delete_post_meta($this->doc_id, '_edit_lock');
// When the post has been autosaved, we need to leave a
// special success message
if (!empty($_POST['is_auto']) && $_POST['is_auto']) {
$result['message'] = __('You idled a bit too long while in Edit mode. In order to allow others to edit the doc you were working on, your changes have been autosaved. Click the Edit button to return to Edit mode.', 'bp-docs');
} else {
// A normal, successful save
$result['message'] = __('Doc successfully edited!', 'bp-doc');
}
$result['redirect'] = 'single';
}
}
// Save the last editor id. We'll use this to create an activity item
update_post_meta($this->doc_id, 'bp_docs_last_editor', bp_loggedin_user_id());
// Save settings
if (!empty($_POST['settings'])) {
update_post_meta($this->doc_id, 'bp_docs_settings', $_POST['settings']);
}
// Provide a custom hook for plugins and optional components.
// WP's default save_post isn't enough, because we need something that fires
// only when we save from the front end (for things like taxonomies, which
// the WP admin handles automatically)
do_action('bp_docs_doc_saved', $this);
}
$message_type = $result['redirect'] == 'single' ? 'success' : 'error';
bp_core_add_message($result['message'], $message_type);
// todo: abstract this out so I don't have to call group permalink here
$redirect_url = bp_get_group_permalink($bp->groups->current_group) . $bp->bp_docs->slug . '/';
if ($result['redirect'] == 'single') {
$redirect_url .= $this->doc_slug;
} else {
if ($result['redirect'] == 'edit') {
$redirect_url .= $this->doc_slug . '/' . BP_DOCS_EDIT_SLUG;
} else {
if ($result['redirect'] == 'create') {
$redirect_url .= BP_DOCS_CREATE_SLUG;
}
}
}
bp_core_redirect($redirect_url);
}
public function &__get($key)
{
if ('ancestors' == $key) {
$value = get_post_ancestors($this);
} else {
$value = get_post_meta($this->ID, $key, true);
}
if ($this->filter) {
$value = sanitize_post_field($key, $value, $this->ID, $this->filter);
}
return $value;
}
/**
* Getter.
*
* @param string $key Key to get.
* @return array|mixed
*/
public function __get($key)
{
if ('page_template' == $key && $this->__isset($key)) {
return get_post_meta($this->ID, '_wp_page_template', true);
}
if ('post_category' == $key) {
if (is_object_in_taxonomy($this->post_type, 'category')) {
$terms = get_the_terms($this, 'category');
}
if (empty($terms)) {
return array();
}
return wp_list_pluck($terms, 'term_id');
}
if ('tags_input' == $key) {
if (is_object_in_taxonomy($this->post_type, 'post_tag')) {
$terms = get_the_terms($this, 'post_tag');
}
if (empty($terms)) {
return array();
}
return wp_list_pluck($terms, 'name');
}
// Rest of the values need filtering.
if ('ancestors' == $key) {
$value = get_post_ancestors($this);
} else {
$value = get_post_meta($this->ID, $key, true);
}
if ($this->filter) {
$value = sanitize_post_field($key, $value, $this->ID, $this->filter);
}
return $value;
}
/**
* Filters in the modified timestamp info
*
* @return array post data.
**/
function update_post_info($data)
{
$dbpost = $this->normalize_post(false);
if (!is_null($dbpost)) {
$fields = array('post_modified', 'post_modified_gmt');
foreach ($fields as $field) {
// For DB sanitization, no post ID needs passed
if (!empty($dbpost[$field])) {
$data[$field] = sanitize_post_field($field, $dbpost[$field], null, 'db');
}
}
}
return $data;
}
/**
* Sanitize every post field.
*
* If the context is 'raw', then the post object or array will get minimal santization of the int fields.
*
* @since 2.3.0
* @uses sanitize_post_field() Used to sanitize the fields.
*
* @param object|array $post The Post Object or Array
* @param string $context Optional, default is 'display'. How to sanitize post fields.
* @return object|array The now sanitized Post Object or Array (will be the same type as $post)
*/
function sanitize_post($post, $context = 'display')
{
if (is_object($post)) {
// Check if post already filtered for this context
if (isset($post->filter) && $context == $post->filter) {
return $post;
}
if (!isset($post->ID)) {
$post->ID = 0;
}
foreach (array_keys(get_object_vars($post)) as $field) {
$post->{$field} = sanitize_post_field($field, $post->{$field}, $post->ID, $context);
}
$post->filter = $context;
} else {
// Check if post already filtered for this context
if (isset($post['filter']) && $context == $post['filter']) {
return $post;
}
if (!isset($post['ID'])) {
$post['ID'] = 0;
}
foreach (array_keys($post) as $field) {
$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
}
$post['filter'] = $context;
}
return $post;
}
function sanitize_post($post, $context = 'display')
{
if ('raw' == $context) {
return $post;
}
// TODO: Use array keys instead of hard coded list
$fields = array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_date', 'post_date_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'post_category');
$do_object = false;
if (is_object($post)) {
$do_object = true;
}
foreach ($fields as $field) {
if ($do_object) {
$post->{$field} = sanitize_post_field($field, $post->{$field}, $post->ID, $context);
} else {
$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);
}
}
return $post;
}
