/** * Manage user request made via GET vars: eg. activation link, unsubscribe link, external request */ function alo_em_check_get_vars() { global $wpdb; // From unsubscribe link if (isset($_GET['emunsub'])) { $get_vars = base64_decode($_GET['emunsub']); $get = explode("|", $get_vars); $subscriber = alo_em_get_subscriber_by_id($get[0]); $uns_link = ""; if ($subscriber) { $div_email = explode("@", $subscriber->email); $arr_params = array('ac' => 'unsubscribe', 'em1' => urlencode($div_email[0]), 'em2' => urlencode($div_email[1]), 'uk' => preg_replace('/[^a-zA-Z0-9]/i', '', $get[1])); $uns_link = add_query_arg($arr_params, alo_em_translate_url(get_option('alo_em_subsc_page'), $subscriber->lang)); } wp_redirect($uns_link); exit; } // From activation link if (isset($_GET['emact'])) { $get_vars = base64_decode($_GET['emact']); $get = explode("|", $get_vars); $subscriber = alo_em_get_subscriber($get[0]); $act_link = ""; if ($subscriber) { $div_email = explode("@", $subscriber->email); //$arr_params = array ('ac' => 'activate', 'em1' => $div_email[0], 'em2' => $div_email[1], 'uk' => $get[1] ); $arr_params = array('ac' => 'activate', 'em1' => urlencode($div_email[0]), 'em2' => urlencode($div_email[1]), 'uk' => preg_replace('/[^a-zA-Z0-9]/i', '', $get[1])); $act_link = add_query_arg($arr_params, alo_em_translate_url(get_option('alo_em_subsc_page'), $get[2])); } wp_redirect($act_link); exit; } // Called from external request (eg. cron task) if (isset($_GET['alo_easymail_doing_cron'])) { //echo "OK let's do the batch!"; alo_em_batch_sending(); exit; } // Called from a tracked link if (isset($_GET['emtrck'])) { $get_vars = base64_decode($_GET['emtrck']); $get = explode("|", $get_vars); $recipient = isset($get[0]) && is_numeric($get[0]) ? (int) $get[0] : false; $unikey = isset($get[1]) ? preg_replace('/[^a-zA-Z0-9]/i', '', $get[1]) : false; $request = isset($get[2]) ? esc_url_raw($get[2]) : false; if ($recipient && $unikey && $request) { $rec_info = alo_em_get_recipient_by_id($recipient); if ($rec_info && alo_em_check_subscriber_email_and_unikey($rec_info->email, $unikey)) { alo_em_tracking_recipient($recipient, $rec_info->newsletter, $request); switch (get_option('alo_em_campaign_vars')) { case 'google': $campaign_args = array('utm_source' => 'AloEasyMail', 'utm_medium' => 'email', 'utm_campaign' => $rec_info->newsletter . '-' . get_the_title($rec_info->newsletter), 'utm_content' => $request); $campaign_args = apply_filters('alo_easymail_prepare_campaign_vars', $campaign_args, $rec_info, $request); // Hook $request_w_campaign = add_query_arg($campaign_args, $request); wp_redirect($request_w_campaign); exit; case 'no': default: wp_redirect($request); exit; } } } exit; } // Block XSS attempt: escape/unset subscription form inputs when not in ajax (eg. if javascript disabled) if (!defined('DOING_AJAX') || !DOING_AJAX) { if (isset($_REQUEST['alo_em_opt_name'])) { unset($_REQUEST['alo_em_opt_name']); } if (isset($_REQUEST['alo_em_opt_email'])) { unset($_REQUEST['alo_em_opt_email']); } // we do not unset 'submit' because its common name, so it could be maybe used by other plugins: only a safe escape if (isset($_REQUEST['submit'])) { esc_sql($_REQUEST['submit']); } } }
/** * Html row of a Subscriber in subscriber table */ function alo_em_get_subscriber_table_row($subscriber_id, $row_index = 0, $edit = false, $all_lists = false, $all_langs = false) { if (empty($subscriber_id)) { return false; } $subscriber = alo_em_get_subscriber_by_id($subscriber_id); $html = ""; //$html .= "<tr id=\"subscriber-row-{$subscriber_id}\" class=\"subscriber-row\">\n"; $html .= "<th scope=\"row\" class=\"subscriber-row-index\">" . $row_index . "</th>\n"; $html .= "<td style=\"vertical-align: middle;\">"; $html .= "<input type=\"checkbox\" name=\"subscribers[]\" id=\"subscribers_" . $subscriber_id . "\" value=\"" . $subscriber_id . "\" />\n"; $html .= "</td>\n"; if (get_option('show_avatars')) { $html .= "<td>" . get_avatar($subscriber->email, 30) . " </td>"; } $html .= "<td class=\"subscriber-email\">"; if ($edit) { $html .= "<input type=\"text\" id=\"subscriber-" . $subscriber_id . "-email-new\" name=\"subscriber-" . $subscriber_id . "-email-new\" class=\"subscriber-email-new\" value=\"" . format_to_edit($subscriber->email) . "\" />\n"; } else { $html .= esc_html($subscriber->email); } $html .= " </td>\n"; $html .= "<td class=\"subscriber-name\">"; if ($edit) { $html .= "<input type=\"text\" id=\"subscriber-" . $subscriber_id . "-name-new\" name=\"subscriber-" . $subscriber_id . "-name-new\" class=\"subscriber-name-new\" value=\"" . format_to_edit($subscriber->name) . "\" />\n"; } else { $html .= esc_html($subscriber->name); } $html .= " </td>\n"; //edit : added the following foreach and its content $alo_em_cf = alo_easymail_get_custom_fields(); if ($alo_em_cf) { foreach ($alo_em_cf as $key => $value) { $field_id = "subscriber-" . $subscriber_id . "-" . $key . "-new"; // edit-by-alo: added $html .= "<td class=\"subscriber-" . $key . "-new\">"; // edit-by-alo if ($edit) { $var_value = ""; if (!empty($subscriber->{$key})) { $var_value = $subscriber->{$key}; } // edit-by-alo: added //$html .= sprintf( $value['edit_html'], $subscriber_id, $subscriber_id, format_to_edit( $var_value ) ); $html .= alo_easymail_custom_field_html($key, $value, $field_id, $var_value, true); } else { $var_value = ""; // particular case: empty is a negative checkbox if (empty($subscriber->{$key}) && $value['input_type'] == 'checkbox') { $html .= alo_easymail_custom_field_html($key, $value, $field_id, $var_value, false); } else { if (!empty($subscriber->{$key})) { $var_value = $subscriber->{$key}; $html .= alo_easymail_custom_field_html($key, $value, $field_id, $var_value, false); } else { $html .= ""; } } } $html .= " </td>\n"; } } $html .= "<td>"; $user_id = email_exists($subscriber->email); if (!$user_id) { $user_id = apply_filters('alo_easymail_get_userid_by_subscriber', false, $subscriber); // Hook } if ($user_id) { $user_info = get_userdata($user_id); if (get_current_user_id() == $user_id) { $profile_link = 'profile.php'; } else { $profile_link = esc_url(add_query_arg('wp_http_referer', urlencode(stripslashes($_SERVER['REQUEST_URI'])), "user-edit.php?user_id={$user_id}")); } $html .= "<a href=\"" . $profile_link . "\" title=\"" . esc_attr(__("View user profile", "alo-easymail")) . "\">{$user_info->user_login}</a>"; } $html .= " </td>\n"; $html .= "<td class=\"subscriber-joindate\">\n"; $join_date_datetime = date_i18n(__("d/m/Y \\h.H:i", "alo-easymail"), strtotime($subscriber->join_date)); $join_time_diff = sprintf(__("%s ago", "alo-easymail"), human_time_diff(strtotime($subscriber->join_date), current_time('timestamp'))); //$html .= $join_time_diff ." <img src=\"".ALO_EM_PLUGIN_URL."/images/12-clock.png\" class=\"clock\" title=\"". esc_attr($join_date_datetime) ."\" alt=\"". $join_date_datetime ."\" />\n"; $html .= "<abbr title=\"" . esc_attr($join_date_datetime) . "\" />" . $join_time_diff . "</abbr>\n"; $html .= "</td>\n"; $html .= "<td class=\"subscriber-lastact\">\n"; $last_act = !empty($subscriber->last_act) ? $subscriber->last_act : $subscriber->join_date; $last_act_datetime = date_i18n(__("d/m/Y \\h.H:i", "alo-easymail"), strtotime($last_act)); $last_act_diff = sprintf(__("%s ago", "alo-easymail"), human_time_diff(strtotime($last_act), current_time('timestamp'))); //$last_ip_addr = ' @ IP: '. ( !empty($subscriber->ip_address) ? $subscriber->ip_address : '?' ); //$html .= $last_act_diff ." <img src=\"".ALO_EM_PLUGIN_URL."/images/12-clock.png\" class=\"clock\" title=\"". esc_attr($last_act_datetime . $last_ip_addr) ."\" alt=\"(". $last_act_datetime .")\" />\n"; $html .= "<abbr title=\"" . esc_attr($last_act_datetime) . "\" />" . $last_act_diff . "</abbr>\n"; if (!empty($subscriber->ip_address)) { $last_ip_addr = preg_replace('/[^0-9a-fA-F:., ]/', '', $subscriber->ip_address); $html .= "<br /><a href=\"http://www.whatismyipaddress.com/ip/{$last_ip_addr}\" title=\"" . esc_attr($last_ip_addr . ' @ whatismyipaddress.com') . "\" target=\"_blank\" class=\"ip-address\"/>IP " . $last_ip_addr . "</abbr>\n"; } $html .= "</td>\n"; $html .= "<td class=\"subscriber-active\">\n"; if ($edit) { $active_checked = $subscriber->active == 1 ? " checked=\"checked\" " : ""; $html .= "<input type=\"checkbox\" id=\"subscriber-" . $subscriber_id . "-active-new\" name=\"subscriber-" . $subscriber_id . "-active-new\" class=\"subscriber-active-new\" {$active_checked} />\n"; } else { $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/" . ($subscriber->active == 1 ? "yes.png" : "no.png") . "\" />\n"; } $html .= "</td>\n"; $html .= "<td class=\"subscriber-lists\">\n"; $user_lists = alo_em_get_user_mailinglists($subscriber_id); if ($edit && is_array($all_lists)) { foreach ($all_lists as $list => $val) { $checked = is_array($user_lists) && in_array($list, $user_lists) ? " checked=\"checked\" " : ""; $html .= "<input type=\"checkbox\" name=\"subscriber-" . $subscriber_id . "-lists-new[]\" class=\"subscriber-lists-new subscriber-" . $subscriber_id . "-lists-new\" id=\"subscriber-" . $subscriber_id . "-lists-new_" . $list . "\" value=\"" . $list . "\" {$checked} /><label for=\"subscriber-" . $subscriber_id . "-lists-new_" . $list . "\">" . alo_em_translate_multilangs_array(alo_em_get_language(), $val['name'], true) . "</label><br />\n"; } } else { if ($user_lists && is_array($user_lists) && $all_lists) { $html .= "<ul class=\"userlists\">\n"; foreach ($user_lists as $user_list) { $html .= "<li>" . alo_em_translate_multilangs_array(alo_em_get_language(), $all_lists[$user_list]["name"], true) . "</li>\n"; } $html .= "</ul>\n"; } } $html .= " </td>\n"; $html .= "<td class=\"subscriber-lang\">\n"; if ($edit && is_array($all_langs) && !empty($all_langs[0])) { $html .= "<select id=\"subscriber-" . $subscriber_id . "-lang-new\" name=\"subscriber-" . $subscriber_id . "-lang-new\">\n"; $html .= "<option value=\"\"></option>\n"; foreach ($all_langs as $key => $val) { $selected = $subscriber->lang == $val ? " selected=\"selected\" " : ""; $lang_name = esc_html(alo_em_get_lang_name($val)); $html .= "<option value=\"" . $val . "\" " . $selected . ">" . $lang_name . "</option>\n"; } $html .= "</select>\n"; } else { $html .= $subscriber->lang ? alo_em_get_lang_flag($subscriber->lang, 'name') : ""; } $html .= " </td>\n"; $html .= "<td class=\"subscriber-actions\">\n"; // Actions $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/wpspin_light.gif\" style=\"display:none;vertical-align: middle;\" id=\"easymail-subscriber-" . $subscriber_id . "-actions-loading\" />\n"; if ($edit) { $html .= " <a href=\"\" title=\"" . esc_attr(__("Cancel", "alo-easymail")) . "\" class=\"easymail-subscriber-edit-inline-cancel\" id=\"easymail-subscriber-edit-inline-cancel_{$subscriber_id}\" rel=\"{$subscriber_id}\">"; $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/no.png\" /></a>\n"; $html .= " <a href=\"\" title=\"" . esc_attr(__("Save", "alo-easymail")) . "\" class=\"easymail-subscriber-edit-inline-save\" id=\"easymail-subscriber-edit-inline-save_{$subscriber_id}\" rel=\"{$subscriber_id}\">"; $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/yes.png\" /></a>\n"; } else { $html .= "<a href=\"\" title=\"" . esc_attr(__("Quick edit", "alo-easymail")) . "\" class=\"easymail-subscriber-edit-inline\" id=\"easymail-subscriber-edit-inline_{$subscriber_id}\" rel=\"{$subscriber_id}\">"; $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/16-edit.png\" alt=\"" . esc_attr(__("Quick edit", "alo-easymail")) . "\" /></a>"; $html .= " <a href=\"\" title=\"" . esc_attr(__("Delete subscriber", "alo-easymail")) . "\" class=\"easymail-subscriber-delete\" id=\"easymail-subscriber-delete_{$subscriber_id}\" rel=\"{$subscriber_id}\">"; $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/trash.png\" alt=\"" . esc_attr(__("Delete subscriber", "alo-easymail")) . "\" /></a>"; $html .= " <a href=\"\" title=\"" . esc_attr(__("Delete subscriber and add the email to the list of who unsubscribed", "alo-easymail")) . "\" class=\"easymail-subscriber-delete and-unsubscribe\" id=\"easymail-subscriber-delete-and-unsubscribe_{$subscriber_id}\" rel=\"{$subscriber_id}\">"; $html .= "<img src=\"" . ALO_EM_PLUGIN_URL . "/images/trash_del.png\" alt=\"" . esc_attr(__("Delete subscriber and add the email to the list of who unsubscribed", "alo-easymail")) . "\" /></a>"; } $html .= "</td>\n"; return $html; }