示例#1
0
 /**
  * Handle admin ajax
  *
  * @since 2.0
  */
 public function admin_ajax()
 {
     if (false === headers_sent()) {
         pods_session_start();
         header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
     }
     // Sanitize input
     $params = pods_unslash((array) $_POST);
     foreach ($params as $key => $value) {
         if ('action' == $key) {
             continue;
         }
         unset($params[$key]);
         $params[str_replace('_podsfix_', '', $key)] = $value;
     }
     $params = (object) $params;
     $component = $params->component;
     $method = $params->method;
     if (!isset($component) || !isset($this->components[$component]) || !isset($this->settings['components'][$component])) {
         pods_error('Invalid AJAX request', $this);
     }
     if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-component-' . $component . '-' . $method)) {
         pods_error('Unauthorized request', $this);
     }
     // Cleaning up $params
     unset($params->action);
     unset($params->component);
     unset($params->method);
     unset($params->_wpnonce);
     $params = (object) apply_filters('pods_component_ajax_' . $component . '_' . $method, $params, $component, $method);
     $output = false;
     // Component init
     if (isset($this->components[$component]['object']) && method_exists($this->components[$component]['object'], 'init')) {
         $this->components[$component]['object']->init($this->settings['components'][$component], $component);
     }
     // Handle internal methods
     if (isset($this->components[$component]['object']) && !method_exists($this->components[$component]['object'], 'ajax_' . $method) && method_exists($this, 'admin_ajax_' . $method)) {
         $output = call_user_func(array($this, 'admin_ajax_' . $method), $component, $params);
     } elseif (!isset($this->components[$component]['object']) || !method_exists($this->components[$component]['object'], 'ajax_' . $method)) {
         pods_error('API method does not exist', $this);
     } else {
         $output = call_user_func(array($this->components[$component]['object'], 'ajax_' . $method), $params);
     }
     if (!is_bool($output)) {
         echo $output;
     }
     die;
     // KBAI!
 }
示例#2
0
 /**
  * Handle ajax calls for the administration
  */
 public function admin_ajax()
 {
     if (false === headers_sent()) {
         pods_session_start();
         header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
     }
     // Sanitize input
     $params = pods_unslash((array) $_POST);
     foreach ($params as $key => $value) {
         if ('action' == $key) {
             continue;
         }
         // Fixup $_POST data
         $_POST[str_replace('_podsfix_', '', $key)] = $_POST[$key];
         // Fixup $params with unslashed data
         $params[str_replace('_podsfix_', '', $key)] = $value;
         // Unset the _podsfix_* keys
         unset($params[$key]);
     }
     $params = (object) $params;
     $methods = array('add_pod' => array('priv' => true), 'save_pod' => array('priv' => true), 'load_sister_fields' => array('priv' => true), 'process_form' => array('custom_nonce' => true), 'upgrade' => array('priv' => true), 'migrate' => array('priv' => true));
     $methods = apply_filters('pods_admin_ajax_methods', $methods, $this);
     if (!isset($params->method) || !isset($methods[$params->method])) {
         pods_error('Invalid AJAX request', $this);
     }
     $defaults = array('priv' => null, 'name' => $params->method, 'custom_nonce' => null);
     $method = (object) array_merge($defaults, (array) $methods[$params->method]);
     if (true !== $method->custom_nonce && (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-' . $params->method))) {
         pods_error(__('Unauthorized request', 'pods'), $this);
     }
     // Cleaning up $params
     unset($params->action);
     unset($params->method);
     if (true !== $method->custom_nonce) {
         unset($params->_wpnonce);
     }
     // Check permissions (convert to array to support multiple)
     if (!empty($method->priv) && !pods_is_admin(array('pods')) && true !== $method->priv && !pods_is_admin($method->priv)) {
         pods_error(__('Access denied', 'pods'), $this);
     }
     $params->method = $method->name;
     $params = apply_filters('pods_api_' . $method->name, $params, $method);
     $api = pods_api();
     if ('upgrade' == $method->name) {
         $output = (string) pods_upgrade($params->version)->ajax($params);
     } elseif ('migrate' == $method->name) {
         $output = (string) apply_filters('pods_api_migrate_run', $params);
     } else {
         if (!method_exists($api, $method->name)) {
             pods_error('API method does not exist', $this);
         } elseif ('save_pod' == $method->name) {
             if (isset($params->field_data_json) && is_array($params->field_data_json)) {
                 $params->fields = $params->field_data_json;
                 unset($params->field_data_json);
                 foreach ($params->fields as $k => $v) {
                     if (empty($v)) {
                         unset($params->fields[$k]);
                     } elseif (!is_array($v)) {
                         $params->fields[$k] = (array) @json_decode($v, true);
                     }
                 }
             }
         }
         // Dynamically call the API method
         $params = (array) $params;
         $output = call_user_func(array($api, $method->name), $params);
     }
     // Output in json format
     if (false !== $output) {
         if (is_array($output) || is_object($output)) {
             wp_send_json($output);
         } else {
             echo $output;
         }
     } else {
         pods_error('There was a problem with your request.');
     }
     die;
     // KBAI!
 }
 /**
  * Handle autocomplete AJAX
  *
  * @since 2.3
  */
 public function admin_ajax_relationship()
 {
     pods_session_start();
     // Sanitize input
     $params = pods_unslash((array) $_POST);
     foreach ($params as $key => $value) {
         if ('action' == $key) {
             continue;
         }
         unset($params[$key]);
         $params[str_replace('_podsfix_', '', $key)] = $value;
     }
     $params = (object) $params;
     $uid = @session_id();
     if (is_user_logged_in()) {
         $uid = 'user_' . get_current_user_id();
     }
     $nonce_check = 'pods_relationship_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
     if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
         pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
     }
     $api = pods_api();
     $pod = $api->load_pod(array('id' => (int) $params->pod));
     $field = $api->load_field(array('id' => (int) $params->field, 'table_info' => true));
     $id = (int) $params->id;
     $limit = 15;
     if (isset($params->limit)) {
         $limit = (int) $params->limit;
     }
     $page = 1;
     if (isset($params->page)) {
         $page = (int) $params->page;
     }
     if (!isset($params->query) || strlen(trim($params->query)) < 1) {
         pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
     } elseif (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
         pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
     } elseif ('pick' != $field['type'] || empty($field['table_info'])) {
         pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
     } elseif ('single' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_single', $field)) {
         pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
     } elseif ('multi' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_multi', $field)) {
         pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
     }
     $object_params = array('name' => $field['name'], 'value' => null, 'options' => array_merge($field, $field['options']), 'pod' => $pod, 'id' => $id, 'context' => 'admin_ajax_relationship', 'data_params' => $params, 'page' => $page, 'limit' => $limit);
     $pick_data = apply_filters('pods_field_pick_data_ajax', null, $field['name'], null, $field, $pod, $id);
     if (null !== $pick_data) {
         $items = $pick_data;
     } else {
         $items = $this->get_object_data($object_params);
     }
     if (!empty($items) && isset($items[0]) && !is_array($items[0])) {
         $new_items = array();
         foreach ($items as $id => $text) {
             $new_items[] = array('id' => $id, 'text' => $text, 'image' => '');
         }
         $items = $new_items;
     }
     $items = apply_filters('pods_field_pick_data_ajax_items', $items, $field['name'], null, $field, $pod, $id);
     $items = array('results' => $items);
     wp_send_json($items);
     die;
     // KBAI!
 }
/**
 * Set a variable
 *
 * @param mixed $value The value to be set
 * @param mixed $var The variable name, or URI segment position / query var name (if $type is 'url')
 * @param string|array|object $type (optional) Super globals, url/url-relative, constants, globals, user data, Pod field values
 *
 * @return mixed Updated URL (if $type is 'url'), $value (if $type is 'constant'), Item ID (if $type is 'pods'), $type, or false if not set
 * @since 2.3.10
 */
function pods_v_set($value, $var, $type = 'get')
{
    $ret = false;
    if (null === $var || '' === $var) {
        // Invalid $var
    } elseif (null === $type || '' === $type) {
        // Invalid $type
    } elseif (is_array($type)) {
        $type[$var] = $value;
        $ret = $type;
    } elseif (is_object($type)) {
        $type->{$var} = $value;
        $ret = $type;
    } else {
        $type = strtolower($type);
        if ('get' == $type) {
            $_GET[$var] = $value;
            $ret = $_GET;
        } elseif ('post' == $type) {
            $_POST[$var] = $value;
            $ret = $_POST;
        } elseif ('request' == $type) {
            $_REQUEST[$var] = $value;
            $ret = $_REQUEST;
        } elseif ('url' == $type) {
            if (is_numeric($var) && function_exists('http_build_url')) {
                $url = parse_url(pods_current_url());
                $uri = trim($url['path'], '/');
                $uri = array_filter(explode('/', $uri));
                if ('first' == $var) {
                    $var = 0;
                } elseif ('last' == $var) {
                    $var = -1;
                }
                if ($var < 0) {
                    $uri[count($uri) + $var] = $value;
                } else {
                    $uri[$var] = $value;
                }
                $url['path'] = '/' . implode('/', $uri) . '/';
                $url['path'] = trim($url['path'], '/');
                $ret = http_build_url($url);
            } else {
                $ret = add_query_arg(array($var => $value));
            }
        } elseif ('server' == $type) {
            $_SERVER[$var] = $value;
            $ret = $_SERVER;
        } elseif (in_array($type, array('global', 'globals'))) {
            $GLOBALS[$var] = $value;
            $ret = $GLOBALS;
        } elseif ('session' == $type) {
            // Session start
            pods_session_start();
            $_SESSION[$var] = $value;
            $ret = $_SESSION;
        } elseif ('cookie' == $type && !headers_sent()) {
            setcookie($var, $value, time() + 10 * DAY_IN_SECONDS, COOKIEPATH);
            $ret = $_COOKIE;
        } elseif ('constant' == $type && !defined($var) && (is_scalar($value) || null === $value)) {
            define($var, $value);
            $ret = constant($var);
        } elseif ('user' == $type && is_user_logged_in()) {
            $user = get_userdata(get_current_user_id());
            if (!pods_version_check('wp', '3.5')) {
                $user_data = get_object_vars($user->data);
            } else {
                $user_data = $user->to_array();
            }
            // Role
            if ('role' == $var) {
                $user->set_role($value);
            } elseif (isset($user_data[$var])) {
                wp_update_user(array('ID' => $user->ID, $var => $value));
            } else {
                update_user_meta($user->ID, $var, $value);
            }
            $ret = get_userdata($user->ID);
        } elseif ('pods' == $type) {
            /**
             * @var $pods Pods
             */
            global $pods;
            if (is_object($pods) && 'Pods' == get_class($pods) && $pods->exists()) {
                $ret = $pods->save($var, $value);
            }
        } else {
            $ret = apply_filters('pods_var_set_' . $type, $value, $var);
        }
    }
    return $ret;
}
示例#5
0
 /**
  * Set up the Pods core
  */
 public function core()
 {
     // Session start
     pods_session_start();
     add_shortcode('pods', 'pods_shortcode');
     add_shortcode('pods-form', 'pods_shortcode_form');
     $security_settings = array('pods_disable_file_browser' => 0, 'pods_files_require_login' => 1, 'pods_files_require_login_cap' => '', 'pods_disable_file_upload' => 0, 'pods_upload_require_login' => 1, 'pods_upload_require_login_cap' => '');
     foreach ($security_settings as $security_setting => $setting) {
         $setting = get_option($security_setting);
         if (!empty($setting)) {
             $security_settings[$security_setting] = $setting;
         }
     }
     foreach ($security_settings as $security_setting => $setting) {
         if (0 == $setting) {
             $setting = false;
         } elseif (1 == $setting) {
             $setting = true;
         }
         if (in_array($security_setting, array('pods_files_require_login', 'pods_upload_require_login'))) {
             if (0 < strlen($security_settings[$security_setting . '_cap'])) {
                 $setting = $security_settings[$security_setting . '_cap'];
             }
         } elseif (in_array($security_setting, array('pods_files_require_login_cap', 'pods_upload_require_login_cap'))) {
             continue;
         }
         if (!defined(strtoupper($security_setting))) {
             define(strtoupper($security_setting), $setting);
         }
     }
     $this->register_pods();
     $avatar = PodsForm::field_loader('avatar');
     if (method_exists($avatar, 'get_avatar')) {
         add_filter('get_avatar', array($avatar, 'get_avatar'), 10, 4);
     }
 }
示例#6
0
 /**
  * Handle plupload AJAX
  *
  * @since 2.3
  */
 public function admin_ajax_upload()
 {
     pods_session_start();
     // Sanitize input
     $params = pods_unslash((array) $_POST);
     foreach ($params as $key => $value) {
         if ('action' == $key) {
             continue;
         }
         unset($params[$key]);
         $params[str_replace('_podsfix_', '', $key)] = $value;
     }
     $params = (object) $params;
     $methods = array('upload');
     if (!isset($params->method) || !in_array($params->method, $methods) || !isset($params->pod) || !isset($params->field) || !isset($params->uri) || empty($params->uri)) {
         pods_error('Invalid AJAX request', PodsInit::$admin);
     } elseif (!empty($params->pod) && empty($params->field)) {
         pods_error('Invalid AJAX request', PodsInit::$admin);
     } elseif (empty($params->pod) && !current_user_can('upload_files')) {
         pods_error('Invalid AJAX request', PodsInit::$admin);
     }
     // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
     if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
         $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
     } elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
         $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
     }
     if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
         $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
     }
     global $current_user;
     unset($current_user);
     /**
      * Access Checking
      */
     $upload_disabled = false;
     if (defined('PODS_DISABLE_FILE_UPLOAD') && true === PODS_DISABLE_FILE_UPLOAD) {
         $upload_disabled = true;
     } elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && true === PODS_UPLOAD_REQUIRE_LOGIN && !is_user_logged_in()) {
         $upload_disabled = true;
     } elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && !is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && (!is_user_logged_in() || !current_user_can(PODS_UPLOAD_REQUIRE_LOGIN))) {
         $upload_disabled = true;
     }
     $uid = @session_id();
     if (is_user_logged_in()) {
         $uid = 'user_' . get_current_user_id();
     }
     $nonce_check = 'pods_upload_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
     if (true === $upload_disabled || !isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
         pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
     }
     $pod = array();
     $field = array('type' => 'file', 'options' => array());
     $api = pods_api();
     $api->display_errors = false;
     if (!empty($params->pod)) {
         $pod = $api->load_pod(array('id' => (int) $params->pod));
         $field = $api->load_field(array('id' => (int) $params->field));
         if (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
             pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
         }
         if (!in_array($field['type'], PodsForm::file_field_types())) {
             pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
         }
     }
     $method = $params->method;
     // Cleaning up $params
     unset($params->action);
     unset($params->method);
     unset($params->_wpnonce);
     $params->post_id = pods_var('post_id', $params, 0, null, true);
     /**
      * Upload a new file (advanced - returns URL and ID)
      */
     if ('upload' == $method) {
         $file = $_FILES['Filedata'];
         $limit_size = pods_var($field['type'] . '_restrict_filesize', $field['options']);
         if (!empty($limit_size)) {
             if (false !== stripos($limit_size, 'MB')) {
                 $limit_size = (double) trim(str_ireplace('MB', '', $limit_size));
                 $limit_size = $limit_size * 1025 * 1025;
                 // convert to KB to B
             } elseif (false !== stripos($limit_size, 'KB')) {
                 $limit_size = (double) trim(str_ireplace('KB', '', $limit_size));
                 $limit_size = $limit_size * 1025 * 1025;
                 // convert to B
             } elseif (false !== stripos($limit_size, 'GB')) {
                 $limit_size = (double) trim(str_ireplace('GB', '', $limit_size));
                 $limit_size = $limit_size * 1025 * 1025 * 1025;
                 // convert to MB to KB to B
             } elseif (false !== stripos($limit_size, 'B')) {
                 $limit_size = (double) trim(str_ireplace('B', '', $limit_size));
             } else {
                 $limit_size = wp_max_upload_size();
             }
             if (0 < $limit_size && $limit_size < $file['size']) {
                 $error = __('File size too large, max size is %s', 'pods');
                 $error = sprintf($error, pods_var($field['type'] . '_restrict_filesize', $field['options']));
                 pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
             }
         }
         $limit_file_type = pods_var($field['type'] . '_type', $field['options'], 'images');
         if ('images' == $limit_file_type) {
             $limit_types = 'jpg,jpeg,png,gif';
         } elseif ('video' == $limit_file_type) {
             $limit_types = 'mpg,mov,flv,mp4';
         } elseif ('audio' == $limit_file_type) {
             $limit_types = 'mp3,m4a,wav,wma';
         } elseif ('text' == $limit_file_type) {
             $limit_types = 'txt,rtx,csv,tsv';
         } elseif ('any' == $limit_file_type) {
             $limit_types = '';
         } else {
             $limit_types = pods_var($field['type'] . '_allowed_extensions', $field['options'], '', null, true);
         }
         $limit_types = trim(str_replace(array(' ', '.', "\n", "\t", ';'), array('', ',', ',', ','), $limit_types), ',');
         if (pods_version_check('wp', '3.5')) {
             $mime_types = wp_get_mime_types();
             if (in_array($limit_file_type, array('images', 'audio', 'video'))) {
                 $new_limit_types = array();
                 foreach ($mime_types as $type => $mime) {
                     if (0 === strpos($mime, $limit_file_type)) {
                         $type = explode('|', $type);
                         $new_limit_types = array_merge($new_limit_types, $type);
                     }
                 }
                 if (!empty($new_limit_types)) {
                     $limit_types = implode(',', $new_limit_types);
                 }
             } elseif ('any' != $limit_file_type) {
                 $new_limit_types = array();
                 $limit_types = explode(',', $limit_types);
                 foreach ($limit_types as $k => $limit_type) {
                     $found = false;
                     foreach ($mime_types as $type => $mime) {
                         if (0 === strpos($mime, $limit_type)) {
                             $type = explode('|', $type);
                             foreach ($type as $t) {
                                 if (!in_array($t, $new_limit_types)) {
                                     $new_limit_types[] = $t;
                                 }
                             }
                             $found = true;
                         }
                     }
                     if (!$found) {
                         $new_limit_types[] = $limit_type;
                     }
                 }
                 if (!empty($new_limit_types)) {
                     $limit_types = implode(',', $new_limit_types);
                 }
             }
         }
         $limit_types = explode(',', $limit_types);
         $limit_types = array_filter(array_unique($limit_types));
         if (!empty($limit_types)) {
             $ok = false;
             foreach ($limit_types as $limit_type) {
                 $limit_type = '.' . trim($limit_type, ' .');
                 $pos = strlen($file['name']) - strlen($limit_type);
                 if ($pos === stripos($file['name'], $limit_type)) {
                     $ok = true;
                     break;
                 }
             }
             if (false === $ok) {
                 $error = __('File type not allowed, please use one of the following: %s', 'pods');
                 $error = sprintf($error, '.' . implode(', .', $limit_types));
                 pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
             }
         }
         $custom_handler = apply_filters('pods_upload_handle', null, 'Filedata', $params->post_id, $params, $field);
         if (null === $custom_handler) {
             $linked = pods_var($field['type'] . '_linked', $field['options'], 0);
             $attachment_id = media_handle_upload('Filedata', $params->post_id);
             if (is_object($attachment_id)) {
                 $errors = array();
                 foreach ($attachment_id->errors['upload_error'] as $error_code => $error_message) {
                     $errors[] = '[' . $error_code . '] ' . $error_message;
                 }
                 pods_error('<div style="color:#FF0000">Error: ' . implode('</div><div>', $errors) . '</div>');
             } else {
                 $attachment = get_post($attachment_id, ARRAY_A);
                 $attachment['filename'] = basename($attachment['guid']);
                 $thumb = wp_get_attachment_image_src($attachment['ID'], 'thumbnail', true);
                 $attachment['thumbnail'] = $thumb[0];
                 $attachment['link'] = '';
                 if ($linked) {
                     $attachment['link'] = wp_get_attachment_url($attachment['ID']);
                 }
                 $attachment = apply_filters('pods_upload_attachment', $attachment, $params->post_id);
                 wp_send_json($attachment);
             }
         }
     }
     die;
     // KBAI!
 }