/**
* Manage user request made via GET vars: eg. activation link, unsubscribe link, external request
*/
function alo_em_check_get_vars()
{
global $wpdb;
// From unsubscribe link
if (isset($_GET['emunsub'])) {
$get_vars = base64_decode($_GET['emunsub']);
$get = explode("|", $get_vars);
$subscriber = alo_em_get_subscriber_by_id($get[0]);
$uns_link = "";
if ($subscriber) {
$div_email = explode("@", $subscriber->email);
$arr_params = array('ac' => 'unsubscribe', 'em1' => urlencode($div_email[0]), 'em2' => urlencode($div_email[1]), 'uk' => preg_replace('/[^a-zA-Z0-9]/i', '', $get[1]));
$uns_link = add_query_arg($arr_params, alo_em_translate_url(get_option('alo_em_subsc_page'), $subscriber->lang));
}
wp_redirect($uns_link);
exit;
}
// From activation link
if (isset($_GET['emact'])) {
$get_vars = base64_decode($_GET['emact']);
$get = explode("|", $get_vars);
$subscriber = alo_em_get_subscriber($get[0]);
$act_link = "";
if ($subscriber) {
$div_email = explode("@", $subscriber->email);
//$arr_params = array ('ac' => 'activate', 'em1' => $div_email[0], 'em2' => $div_email[1], 'uk' => $get[1] );
$arr_params = array('ac' => 'activate', 'em1' => urlencode($div_email[0]), 'em2' => urlencode($div_email[1]), 'uk' => preg_replace('/[^a-zA-Z0-9]/i', '', $get[1]));
$act_link = add_query_arg($arr_params, alo_em_translate_url(get_option('alo_em_subsc_page'), $get[2]));
}
wp_redirect($act_link);
exit;
}
// Called from external request (eg. cron task)
if (isset($_GET['alo_easymail_doing_cron'])) {
//echo "OK let's do the batch!";
alo_em_batch_sending();
exit;
}
// Called from a tracked link
if (isset($_GET['emtrck'])) {
$get_vars = base64_decode($_GET['emtrck']);
$get = explode("|", $get_vars);
$recipient = isset($get[0]) && is_numeric($get[0]) ? (int) $get[0] : false;
$unikey = isset($get[1]) ? preg_replace('/[^a-zA-Z0-9]/i', '', $get[1]) : false;
$request = isset($get[2]) ? esc_url_raw($get[2]) : false;
if ($recipient && $unikey && $request) {
$rec_info = alo_em_get_recipient_by_id($recipient);
if ($rec_info && alo_em_check_subscriber_email_and_unikey($rec_info->email, $unikey)) {
alo_em_tracking_recipient($recipient, $rec_info->newsletter, $request);
switch (get_option('alo_em_campaign_vars')) {
case 'google':
$campaign_args = array('utm_source' => 'AloEasyMail', 'utm_medium' => 'email', 'utm_campaign' => $rec_info->newsletter . '-' . get_the_title($rec_info->newsletter), 'utm_content' => $request);
$campaign_args = apply_filters('alo_easymail_prepare_campaign_vars', $campaign_args, $rec_info, $request);
// Hook
$request_w_campaign = add_query_arg($campaign_args, $request);
wp_redirect($request_w_campaign);
exit;
case 'no':
default:
wp_redirect($request);
exit;
}
}
}
exit;
}
// Block XSS attempt: escape/unset subscription form inputs when not in ajax (eg. if javascript disabled)
if (!defined('DOING_AJAX') || !DOING_AJAX) {
if (isset($_REQUEST['alo_em_opt_name'])) {
unset($_REQUEST['alo_em_opt_name']);
}
if (isset($_REQUEST['alo_em_opt_email'])) {
unset($_REQUEST['alo_em_opt_email']);
}
// we do not unset 'submit' because its common name, so it could be maybe used by other plugins: only a safe escape
if (isset($_REQUEST['submit'])) {
esc_sql($_REQUEST['submit']);
}
}
}
