/**
* Handle admin ajax
*
* @since 2.0
*/
public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$component = $params->component;
$method = $params->method;
if (!isset($component) || !isset($this->components[$component]) || !isset($this->settings['components'][$component])) {
pods_error('Invalid AJAX request', $this);
}
if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-component-' . $component . '-' . $method)) {
pods_error('Unauthorized request', $this);
}
// Cleaning up $params
unset($params->action);
unset($params->component);
unset($params->method);
unset($params->_wpnonce);
$params = (object) apply_filters('pods_component_ajax_' . $component . '_' . $method, $params, $component, $method);
$output = false;
// Component init
if (isset($this->components[$component]['object']) && method_exists($this->components[$component]['object'], 'init')) {
$this->components[$component]['object']->init($this->settings['components'][$component], $component);
}
// Handle internal methods
if (isset($this->components[$component]['object']) && !method_exists($this->components[$component]['object'], 'ajax_' . $method) && method_exists($this, 'admin_ajax_' . $method)) {
$output = call_user_func(array($this, 'admin_ajax_' . $method), $component, $params);
} elseif (!isset($this->components[$component]['object']) || !method_exists($this->components[$component]['object'], 'ajax_' . $method)) {
pods_error('API method does not exist', $this);
} else {
$output = call_user_func(array($this->components[$component]['object'], 'ajax_' . $method), $params);
}
if (!is_bool($output)) {
echo $output;
}
die;
// KBAI!
}
/**
* Handle ajax calls for the administration
*/
public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
// Fixup $_POST data
$_POST[str_replace('_podsfix_', '', $key)] = $_POST[$key];
// Fixup $params with unslashed data
$params[str_replace('_podsfix_', '', $key)] = $value;
// Unset the _podsfix_* keys
unset($params[$key]);
}
$params = (object) $params;
$methods = array('add_pod' => array('priv' => true), 'save_pod' => array('priv' => true), 'load_sister_fields' => array('priv' => true), 'process_form' => array('custom_nonce' => true), 'upgrade' => array('priv' => true), 'migrate' => array('priv' => true));
$methods = apply_filters('pods_admin_ajax_methods', $methods, $this);
if (!isset($params->method) || !isset($methods[$params->method])) {
pods_error('Invalid AJAX request', $this);
}
$defaults = array('priv' => null, 'name' => $params->method, 'custom_nonce' => null);
$method = (object) array_merge($defaults, (array) $methods[$params->method]);
if (true !== $method->custom_nonce && (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-' . $params->method))) {
pods_error(__('Unauthorized request', 'pods'), $this);
}
// Cleaning up $params
unset($params->action);
unset($params->method);
if (true !== $method->custom_nonce) {
unset($params->_wpnonce);
}
// Check permissions (convert to array to support multiple)
if (!empty($method->priv) && !pods_is_admin(array('pods')) && true !== $method->priv && !pods_is_admin($method->priv)) {
pods_error(__('Access denied', 'pods'), $this);
}
$params->method = $method->name;
$params = apply_filters('pods_api_' . $method->name, $params, $method);
$api = pods_api();
if ('upgrade' == $method->name) {
$output = (string) pods_upgrade($params->version)->ajax($params);
} elseif ('migrate' == $method->name) {
$output = (string) apply_filters('pods_api_migrate_run', $params);
} else {
if (!method_exists($api, $method->name)) {
pods_error('API method does not exist', $this);
} elseif ('save_pod' == $method->name) {
if (isset($params->field_data_json) && is_array($params->field_data_json)) {
$params->fields = $params->field_data_json;
unset($params->field_data_json);
foreach ($params->fields as $k => $v) {
if (empty($v)) {
unset($params->fields[$k]);
} elseif (!is_array($v)) {
$params->fields[$k] = (array) @json_decode($v, true);
}
}
}
}
// Dynamically call the API method
$params = (array) $params;
$output = call_user_func(array($api, $method->name), $params);
}
// Output in json format
if (false !== $output) {
if (is_array($output) || is_object($output)) {
wp_send_json($output);
} else {
echo $output;
}
} else {
pods_error('There was a problem with your request.');
}
die;
// KBAI!
}
/**
* Handle autocomplete AJAX
*
* @since 2.3
*/
public function admin_ajax_relationship()
{
pods_session_start();
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_relationship_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$api = pods_api();
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field, 'table_info' => true));
$id = (int) $params->id;
$limit = 15;
if (isset($params->limit)) {
$limit = (int) $params->limit;
}
$page = 1;
if (isset($params->page)) {
$page = (int) $params->page;
}
if (!isset($params->query) || strlen(trim($params->query)) < 1) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif ('pick' != $field['type'] || empty($field['table_info'])) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('single' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_single', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('multi' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_multi', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
$object_params = array('name' => $field['name'], 'value' => null, 'options' => array_merge($field, $field['options']), 'pod' => $pod, 'id' => $id, 'context' => 'admin_ajax_relationship', 'data_params' => $params, 'page' => $page, 'limit' => $limit);
$pick_data = apply_filters('pods_field_pick_data_ajax', null, $field['name'], null, $field, $pod, $id);
if (null !== $pick_data) {
$items = $pick_data;
} else {
$items = $this->get_object_data($object_params);
}
if (!empty($items) && isset($items[0]) && !is_array($items[0])) {
$new_items = array();
foreach ($items as $id => $text) {
$new_items[] = array('id' => $id, 'text' => $text, 'image' => '');
}
$items = $new_items;
}
$items = apply_filters('pods_field_pick_data_ajax_items', $items, $field['name'], null, $field, $pod, $id);
$items = array('results' => $items);
wp_send_json($items);
die;
// KBAI!
}
/**
* Set a variable
*
* @param mixed $value The value to be set
* @param mixed $var The variable name, or URI segment position / query var name (if $type is 'url')
* @param string|array|object $type (optional) Super globals, url/url-relative, constants, globals, user data, Pod field values
*
* @return mixed Updated URL (if $type is 'url'), $value (if $type is 'constant'), Item ID (if $type is 'pods'), $type, or false if not set
* @since 2.3.10
*/
function pods_v_set($value, $var, $type = 'get')
{
$ret = false;
if (null === $var || '' === $var) {
// Invalid $var
} elseif (null === $type || '' === $type) {
// Invalid $type
} elseif (is_array($type)) {
$type[$var] = $value;
$ret = $type;
} elseif (is_object($type)) {
$type->{$var} = $value;
$ret = $type;
} else {
$type = strtolower($type);
if ('get' == $type) {
$_GET[$var] = $value;
$ret = $_GET;
} elseif ('post' == $type) {
$_POST[$var] = $value;
$ret = $_POST;
} elseif ('request' == $type) {
$_REQUEST[$var] = $value;
$ret = $_REQUEST;
} elseif ('url' == $type) {
if (is_numeric($var) && function_exists('http_build_url')) {
$url = parse_url(pods_current_url());
$uri = trim($url['path'], '/');
$uri = array_filter(explode('/', $uri));
if ('first' == $var) {
$var = 0;
} elseif ('last' == $var) {
$var = -1;
}
if ($var < 0) {
$uri[count($uri) + $var] = $value;
} else {
$uri[$var] = $value;
}
$url['path'] = '/' . implode('/', $uri) . '/';
$url['path'] = trim($url['path'], '/');
$ret = http_build_url($url);
} else {
$ret = add_query_arg(array($var => $value));
}
} elseif ('server' == $type) {
$_SERVER[$var] = $value;
$ret = $_SERVER;
} elseif (in_array($type, array('global', 'globals'))) {
$GLOBALS[$var] = $value;
$ret = $GLOBALS;
} elseif ('session' == $type) {
// Session start
pods_session_start();
$_SESSION[$var] = $value;
$ret = $_SESSION;
} elseif ('cookie' == $type && !headers_sent()) {
setcookie($var, $value, time() + 10 * DAY_IN_SECONDS, COOKIEPATH);
$ret = $_COOKIE;
} elseif ('constant' == $type && !defined($var) && (is_scalar($value) || null === $value)) {
define($var, $value);
$ret = constant($var);
} elseif ('user' == $type && is_user_logged_in()) {
$user = get_userdata(get_current_user_id());
if (!pods_version_check('wp', '3.5')) {
$user_data = get_object_vars($user->data);
} else {
$user_data = $user->to_array();
}
// Role
if ('role' == $var) {
$user->set_role($value);
} elseif (isset($user_data[$var])) {
wp_update_user(array('ID' => $user->ID, $var => $value));
} else {
update_user_meta($user->ID, $var, $value);
}
$ret = get_userdata($user->ID);
} elseif ('pods' == $type) {
/**
* @var $pods Pods
*/
global $pods;
if (is_object($pods) && 'Pods' == get_class($pods) && $pods->exists()) {
$ret = $pods->save($var, $value);
}
} else {
$ret = apply_filters('pods_var_set_' . $type, $value, $var);
}
}
return $ret;
}
/**
* Set up the Pods core
*/
public function core()
{
// Session start
pods_session_start();
add_shortcode('pods', 'pods_shortcode');
add_shortcode('pods-form', 'pods_shortcode_form');
$security_settings = array('pods_disable_file_browser' => 0, 'pods_files_require_login' => 1, 'pods_files_require_login_cap' => '', 'pods_disable_file_upload' => 0, 'pods_upload_require_login' => 1, 'pods_upload_require_login_cap' => '');
foreach ($security_settings as $security_setting => $setting) {
$setting = get_option($security_setting);
if (!empty($setting)) {
$security_settings[$security_setting] = $setting;
}
}
foreach ($security_settings as $security_setting => $setting) {
if (0 == $setting) {
$setting = false;
} elseif (1 == $setting) {
$setting = true;
}
if (in_array($security_setting, array('pods_files_require_login', 'pods_upload_require_login'))) {
if (0 < strlen($security_settings[$security_setting . '_cap'])) {
$setting = $security_settings[$security_setting . '_cap'];
}
} elseif (in_array($security_setting, array('pods_files_require_login_cap', 'pods_upload_require_login_cap'))) {
continue;
}
if (!defined(strtoupper($security_setting))) {
define(strtoupper($security_setting), $setting);
}
}
$this->register_pods();
$avatar = PodsForm::field_loader('avatar');
if (method_exists($avatar, 'get_avatar')) {
add_filter('get_avatar', array($avatar, 'get_avatar'), 10, 4);
}
}
/**
* Handle plupload AJAX
*
* @since 2.3
*/
public function admin_ajax_upload()
{
pods_session_start();
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$methods = array('upload');
if (!isset($params->method) || !in_array($params->method, $methods) || !isset($params->pod) || !isset($params->field) || !isset($params->uri) || empty($params->uri)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (!empty($params->pod) && empty($params->field)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (empty($params->pod) && !current_user_can('upload_files')) {
pods_error('Invalid AJAX request', PodsInit::$admin);
}
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
global $current_user;
unset($current_user);
/**
* Access Checking
*/
$upload_disabled = false;
if (defined('PODS_DISABLE_FILE_UPLOAD') && true === PODS_DISABLE_FILE_UPLOAD) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && true === PODS_UPLOAD_REQUIRE_LOGIN && !is_user_logged_in()) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && !is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && (!is_user_logged_in() || !current_user_can(PODS_UPLOAD_REQUIRE_LOGIN))) {
$upload_disabled = true;
}
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_upload_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (true === $upload_disabled || !isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$pod = array();
$field = array('type' => 'file', 'options' => array());
$api = pods_api();
$api->display_errors = false;
if (!empty($params->pod)) {
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field));
if (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
}
if (!in_array($field['type'], PodsForm::file_field_types())) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
}
$method = $params->method;
// Cleaning up $params
unset($params->action);
unset($params->method);
unset($params->_wpnonce);
$params->post_id = pods_var('post_id', $params, 0, null, true);
/**
* Upload a new file (advanced - returns URL and ID)
*/
if ('upload' == $method) {
$file = $_FILES['Filedata'];
$limit_size = pods_var($field['type'] . '_restrict_filesize', $field['options']);
if (!empty($limit_size)) {
if (false !== stripos($limit_size, 'MB')) {
$limit_size = (double) trim(str_ireplace('MB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to KB to B
} elseif (false !== stripos($limit_size, 'KB')) {
$limit_size = (double) trim(str_ireplace('KB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to B
} elseif (false !== stripos($limit_size, 'GB')) {
$limit_size = (double) trim(str_ireplace('GB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025 * 1025;
// convert to MB to KB to B
} elseif (false !== stripos($limit_size, 'B')) {
$limit_size = (double) trim(str_ireplace('B', '', $limit_size));
} else {
$limit_size = wp_max_upload_size();
}
if (0 < $limit_size && $limit_size < $file['size']) {
$error = __('File size too large, max size is %s', 'pods');
$error = sprintf($error, pods_var($field['type'] . '_restrict_filesize', $field['options']));
pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
}
}
$limit_file_type = pods_var($field['type'] . '_type', $field['options'], 'images');
if ('images' == $limit_file_type) {
$limit_types = 'jpg,jpeg,png,gif';
} elseif ('video' == $limit_file_type) {
$limit_types = 'mpg,mov,flv,mp4';
} elseif ('audio' == $limit_file_type) {
$limit_types = 'mp3,m4a,wav,wma';
} elseif ('text' == $limit_file_type) {
$limit_types = 'txt,rtx,csv,tsv';
} elseif ('any' == $limit_file_type) {
$limit_types = '';
} else {
$limit_types = pods_var($field['type'] . '_allowed_extensions', $field['options'], '', null, true);
}
$limit_types = trim(str_replace(array(' ', '.', "\n", "\t", ';'), array('', ',', ',', ','), $limit_types), ',');
if (pods_version_check('wp', '3.5')) {
$mime_types = wp_get_mime_types();
if (in_array($limit_file_type, array('images', 'audio', 'video'))) {
$new_limit_types = array();
foreach ($mime_types as $type => $mime) {
if (0 === strpos($mime, $limit_file_type)) {
$type = explode('|', $type);
$new_limit_types = array_merge($new_limit_types, $type);
}
}
if (!empty($new_limit_types)) {
$limit_types = implode(',', $new_limit_types);
}
} elseif ('any' != $limit_file_type) {
$new_limit_types = array();
$limit_types = explode(',', $limit_types);
foreach ($limit_types as $k => $limit_type) {
$found = false;
foreach ($mime_types as $type => $mime) {
if (0 === strpos($mime, $limit_type)) {
$type = explode('|', $type);
foreach ($type as $t) {
if (!in_array($t, $new_limit_types)) {
$new_limit_types[] = $t;
}
}
$found = true;
}
}
if (!$found) {
$new_limit_types[] = $limit_type;
}
}
if (!empty($new_limit_types)) {
$limit_types = implode(',', $new_limit_types);
}
}
}
$limit_types = explode(',', $limit_types);
$limit_types = array_filter(array_unique($limit_types));
if (!empty($limit_types)) {
$ok = false;
foreach ($limit_types as $limit_type) {
$limit_type = '.' . trim($limit_type, ' .');
$pos = strlen($file['name']) - strlen($limit_type);
if ($pos === stripos($file['name'], $limit_type)) {
$ok = true;
break;
}
}
if (false === $ok) {
$error = __('File type not allowed, please use one of the following: %s', 'pods');
$error = sprintf($error, '.' . implode(', .', $limit_types));
pods_error('<div style="color:#FF0000">Error: ' . $error . '</div>');
}
}
$custom_handler = apply_filters('pods_upload_handle', null, 'Filedata', $params->post_id, $params, $field);
if (null === $custom_handler) {
$linked = pods_var($field['type'] . '_linked', $field['options'], 0);
$attachment_id = media_handle_upload('Filedata', $params->post_id);
if (is_object($attachment_id)) {
$errors = array();
foreach ($attachment_id->errors['upload_error'] as $error_code => $error_message) {
$errors[] = '[' . $error_code . '] ' . $error_message;
}
pods_error('<div style="color:#FF0000">Error: ' . implode('</div><div>', $errors) . '</div>');
} else {
$attachment = get_post($attachment_id, ARRAY_A);
$attachment['filename'] = basename($attachment['guid']);
$thumb = wp_get_attachment_image_src($attachment['ID'], 'thumbnail', true);
$attachment['thumbnail'] = $thumb[0];
$attachment['link'] = '';
if ($linked) {
$attachment['link'] = wp_get_attachment_url($attachment['ID']);
}
$attachment = apply_filters('pods_upload_attachment', $attachment, $params->post_id);
wp_send_json($attachment);
}
}
}
die;
// KBAI!
}