plugin updates
This commit is contained in:
Tony Volpe
@@ -226,6 +226,12 @@ function wpcf7dtx_get_dynamic($value, $tag = false, $sanitize = 'auto')
|
||||
/**
|
||||
* Get Allowed HTML for Form Field Properties
|
||||
*
|
||||
* @see https://www.w3schools.com/tags/tag_input.asp
|
||||
* @see https://www.w3schools.com/tags/tag_optgroup.asp
|
||||
* @see https://www.w3schools.com/tags/tag_option.asp
|
||||
* @see https://www.w3schools.com/tags/tag_select.asp
|
||||
* @see https://www.w3schools.com/tags/tag_textarea.asp
|
||||
*
|
||||
* @since 4.0.0
|
||||
*
|
||||
* @param string $type Optional. The type of input for unique properties. Default is `text`.
|
||||
@@ -256,52 +262,61 @@ function wpcf7dtx_get_allowed_field_properties($type = 'text', $extra = array())
|
||||
'id' => array(),
|
||||
'name' => array(),
|
||||
'value' => array(),
|
||||
'required' => array(),
|
||||
'class' => array(),
|
||||
'disabled' => array(),
|
||||
'readonly' => array(),
|
||||
'tabindex' => array(),
|
||||
'size' => array(),
|
||||
'title' => array(),
|
||||
'autofocus' => array(),
|
||||
// ARIA properties
|
||||
'aria-invalid' => array(),
|
||||
'aria-describedby' => array(),
|
||||
// DTX properties
|
||||
'data-dtx-value' => array(),
|
||||
);
|
||||
if ($type != 'hidden') {
|
||||
$allowed_properties['autofocus'] = array();
|
||||
$allowed_properties['readonly'] = array();
|
||||
$allowed_properties['required'] = array();
|
||||
}
|
||||
if (in_array($type, array('checkbox', 'radio', 'acceptance'))) {
|
||||
// Properties exclusive to checkboxes and radio buttons
|
||||
$allowed_properties['checked'] = array();
|
||||
$allowed_properties['dtx-default'] = array();
|
||||
} elseif (in_array($type, array('number', 'range'))) {
|
||||
// Properties exclusive to number inputs
|
||||
$allowed_properties['step'] = array();
|
||||
} elseif ($type == 'select') {
|
||||
// Properties exclusive to select fields
|
||||
$allowed_properties['size'] = array();
|
||||
$allowed_properties['multiple'] = array();
|
||||
$allowed_properties['dtx-default'] = array();
|
||||
unset($allowed_properties['type'], $allowed_properties['value'], $allowed_properties['placeholder'], $allowed_properties['size']); // Remove invalid select attributes
|
||||
}
|
||||
if (!in_array($type, array('checkbox', 'radio', 'select', 'acceptance'))) {
|
||||
// Allowed properties for all text-based inputs
|
||||
$allowed_properties['placeholder'] = array();
|
||||
unset($allowed_properties['type'], $allowed_properties['value']); // Remove invalid select attributes
|
||||
} else {
|
||||
// Properties exclusive to text-based inputs
|
||||
$allowed_properties['autocomplete'] = array();
|
||||
$allowed_properties['minlength'] = array();
|
||||
$allowed_properties['maxlength'] = array();
|
||||
if (in_array($type, array('number', 'range', 'date', 'datetime-local', 'time'))) {
|
||||
// Additional properties for number and date inputs
|
||||
$allowed_properties['min'] = array();
|
||||
$allowed_properties['max'] = array();
|
||||
$allowed_properties['list'] = array();
|
||||
|
||||
// Placeholder
|
||||
if (in_array($type, array('text', 'search', 'url', 'tel', 'email', 'password', 'number'))) {
|
||||
$allowed_properties['placeholder'] = array();
|
||||
}
|
||||
|
||||
// Textarea
|
||||
if ($type == 'textarea') {
|
||||
// Additional properties exclusive to textarea fields
|
||||
$allowed_properties['cols'] = array();
|
||||
$allowed_properties['rows'] = array();
|
||||
$allowed_properties['minlength'] = array();
|
||||
$allowed_properties['maxlength'] = array();
|
||||
$allowed_properties['wrap'] = array();
|
||||
unset($allowed_properties['type'], $allowed_properties['value']); // Remove invalid textarea attributes
|
||||
} elseif (in_array($type, array('text', 'date', 'url', 'tel', 'email', 'password'))) {
|
||||
// Additional properties exclusive to specific text fields
|
||||
} elseif (in_array($type, array('text', 'search', 'url', 'tel', 'email', 'password'))) {
|
||||
// Additional properties exclusive to these text-based fields
|
||||
$allowed_properties['size'] = array();
|
||||
$allowed_properties['minlength'] = array();
|
||||
$allowed_properties['maxlength'] = array();
|
||||
$allowed_properties['pattern'] = array();
|
||||
} elseif (in_array($type, array('number', 'range', 'date', 'datetime-local', 'time'))) {
|
||||
// Number and date inputs
|
||||
$allowed_properties['min'] = array();
|
||||
$allowed_properties['max'] = array();
|
||||
$allowed_properties['step'] = array();
|
||||
}
|
||||
}
|
||||
if (is_array($extra) && count($extra)) {
|
||||
@@ -554,8 +569,10 @@ function wpcf7dtx_textarea_html($atts)
|
||||
* group's options. It also accepts a string value of HTML already formatted as options or
|
||||
* option groups. It also accepts a string value of a self-closing shortcode that is
|
||||
* evaluated and its output is either options or option groups.
|
||||
* @param bool $hide_blank Optional. If true, the first blank placeholder option will have the `hidden` attribute added to it. Default is false.
|
||||
* @param bool $disable_blank Optional. If true, the first blank placeholder option will have the `disabled` attribute added to it. Default is false.
|
||||
* @param bool $hide_blank Optional. If true, the first blank placeholder option will have the
|
||||
* `hidden` attribute added to it. Default is false.
|
||||
* @param bool $disable_blank Optional. If true, the first blank placeholder option will have
|
||||
* the `disabled` attribute added to it. Default is false.
|
||||
*
|
||||
* @return string HTML output of select field
|
||||
*/
|
||||
@@ -644,9 +661,11 @@ function wpcf7dtx_select_html($atts, $options, $hide_blank = false, $disable_bla
|
||||
*
|
||||
* @param string|int $key The key to search for in the array.
|
||||
* @param array $array The array to search.
|
||||
* @param mixed $default The default value to return if not found or is empty. Default is an empty string.
|
||||
* @param mixed $default The default value to return if not found or is empty. Default is
|
||||
* an empty string.
|
||||
*
|
||||
* @return mixed The value of the key found in the array if it exists or the value of `$default` if not found or is empty.
|
||||
* @return mixed The value of the key found in the array if it exists or the value of
|
||||
* `$default` if not found or is empty.
|
||||
*/
|
||||
function wpcf7dtx_array_has_key($key, $array = array(), $default = '')
|
||||
{
|
||||
@@ -665,163 +684,163 @@ function wpcf7dtx_array_has_key($key, $array = array(), $default = '')
|
||||
|
||||
/**
|
||||
* Check if admin has allowed access to a specific post meta key
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
*
|
||||
* @param string $meta_key The post meta key to test
|
||||
*
|
||||
*
|
||||
* @return bool True if this key can be accessed, false otherwise
|
||||
*/
|
||||
function wpcf7dtx_post_meta_key_access_is_allowed($meta_key)
|
||||
{
|
||||
|
||||
// Get the DTX Settings
|
||||
$settings = wpcf7dtx_get_settings();get_option('cf7dtx_settings', []);
|
||||
$settings = wpcf7dtx_get_settings();
|
||||
|
||||
// Has access to all metadata been enabled?
|
||||
if( isset($settings['post_meta_allow_all']) && $settings['post_meta_allow_all'] === 'enabled' ){
|
||||
if (isset($settings['post_meta_allow_all']) && $settings['post_meta_allow_all'] === 'enabled') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If not, check the Allow List
|
||||
|
||||
$allowed_keys;
|
||||
$allowed_keys = array();
|
||||
|
||||
// No key list from settings
|
||||
if( !isset($settings['post_meta_allow_keys'] ) || !is_string($settings['post_meta_allow_keys'])){
|
||||
$allowed_keys = [];
|
||||
}
|
||||
// Extract allowed keys from setting text area
|
||||
else{
|
||||
// $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['post_meta_allow_keys']);
|
||||
$allowed_keys = wpcf7dtx_parse_allowed_keys( $settings['post_meta_allow_keys'] );
|
||||
if (isset($settings['post_meta_allow_keys']) && is_string($settings['post_meta_allow_keys'])) {
|
||||
// Extract allowed keys from setting text area
|
||||
$allowed_keys = wpcf7dtx_parse_allowed_keys($settings['post_meta_allow_keys']);
|
||||
}
|
||||
|
||||
// Allow custom filters
|
||||
$allowed_keys = apply_filters( 'wpcf7dtx_post_meta_key_allow_list', $allowed_keys );
|
||||
$allowed_keys = apply_filters('wpcf7dtx_post_meta_key_allow_list', $allowed_keys);
|
||||
|
||||
// Check if the key is in the allow list
|
||||
if( in_array( $meta_key, $allowed_keys ) ){
|
||||
if (in_array($meta_key, $allowed_keys)) {
|
||||
return true; // The key is allowed
|
||||
}
|
||||
|
||||
// Everything is disallowed by default
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check if admin has allowed access to a specific user data
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
*
|
||||
* @param string $key The user data key to test
|
||||
*
|
||||
*
|
||||
* @return bool True if this key can be accessed, false otherwise
|
||||
*/
|
||||
function wpcf7dtx_user_data_access_is_allowed( $key )
|
||||
function wpcf7dtx_user_data_access_is_allowed($key)
|
||||
{
|
||||
|
||||
// Get the DTX Settings
|
||||
$settings = wpcf7dtx_get_settings(); //get_option('cf7dtx_settings', []);
|
||||
|
||||
// Has access to all metadata been enabled?
|
||||
if( isset($settings['user_data_allow_all']) && $settings['user_data_allow_all'] === 'enabled' ){
|
||||
if (isset($settings['user_data_allow_all']) && $settings['user_data_allow_all'] === 'enabled') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If not, check the Allow List
|
||||
|
||||
$allowed_keys;
|
||||
$allowed_keys = array();
|
||||
|
||||
// No key list from settings
|
||||
if( !isset($settings['user_data_allow_keys'] ) || !is_string($settings['user_data_allow_keys'])){
|
||||
$allowed_keys = [];
|
||||
}
|
||||
// Extract allowed keys from setting text area
|
||||
else{
|
||||
// $allowed_keys = preg_split('/\r\n|\r|\n/', $settings['user_data_allow_keys']);
|
||||
if (isset($settings['user_data_allow_keys']) && is_string($settings['user_data_allow_keys'])) {
|
||||
// Extract allowed keys from setting text area
|
||||
$allowed_keys = wpcf7dtx_parse_allowed_keys($settings['user_data_allow_keys']);
|
||||
}
|
||||
|
||||
// Allow custom filters
|
||||
$allowed_keys = apply_filters( 'wpcf7dtx_user_data_key_allow_list', $allowed_keys );
|
||||
$allowed_keys = apply_filters('wpcf7dtx_user_data_key_allow_list', $allowed_keys);
|
||||
|
||||
// Check if the key is in the allow list
|
||||
if( in_array( $key, $allowed_keys ) ){
|
||||
if (in_array($key, $allowed_keys)) {
|
||||
return true; // The key is allowed
|
||||
}
|
||||
|
||||
|
||||
// Everything is disallowed by default
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Take the string saved in the options array from the allow list textarea and parse it into an array by newlines.
|
||||
* Also strip whitespace
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param string $allowlist The string of allowed keys stored in the DB
|
||||
*
|
||||
*
|
||||
* @return array Array of allowed keys
|
||||
*/
|
||||
function wpcf7dtx_parse_allowed_keys( $allowlist ){
|
||||
function wpcf7dtx_parse_allowed_keys($allowlist)
|
||||
{
|
||||
// Split by newlines
|
||||
$keys = wpcf7dtx_split_newlines( $allowlist );
|
||||
$keys = wpcf7dtx_split_newlines($allowlist);
|
||||
// Trim whitespace
|
||||
$keys = array_map( 'trim' , $keys );
|
||||
$keys = array_map('trim', $keys);
|
||||
return $keys;
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Used to parse strings stored in the database that are from text areas with one element per line into an array of strings
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param string $str The multi-line string to be parsed into an array
|
||||
*
|
||||
*
|
||||
* @return array Array of parsed strings
|
||||
*/
|
||||
function wpcf7dtx_split_newlines( $str ){
|
||||
function wpcf7dtx_split_newlines($str)
|
||||
{
|
||||
return preg_split('/\r\n|\r|\n/', $str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the CF7 DTX settings field from the WP options table. Returns an empty array if option has not previously been set
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @return array The settings array
|
||||
*/
|
||||
function wpcf7dtx_get_settings(){
|
||||
return get_option('cf7dtx_settings', []);
|
||||
function wpcf7dtx_get_settings()
|
||||
{
|
||||
return get_option('cf7dtx_settings', array());
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the CF7 DTX settings in the WP options table
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param array $settings The settings array
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
*/
|
||||
function wpcf7dtx_update_settings($settings){
|
||||
update_option( 'cf7dtx_settings', $settings );
|
||||
function wpcf7dtx_update_settings($settings)
|
||||
{
|
||||
update_option('cf7dtx_settings', $settings);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Outputs a useful PHP Warning message to users on how to allow-list denied meta and user keys
|
||||
*
|
||||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param string $key The post meta or user key to which access is currently denied
|
||||
* @param string $type Either 'post_meta' or 'user_data', used to display an appropriate message to the user
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
function wpcf7dtx_access_denied_alert( $key, $type ){
|
||||
|
||||
function wpcf7dtx_access_denied_alert($key, $type)
|
||||
{
|
||||
// Only check on the front end
|
||||
if( is_admin() || wp_doing_ajax() || wp_is_json_request() ) return;
|
||||
if (is_admin() || wp_doing_ajax() || wp_is_json_request()) return;
|
||||
|
||||
$shortcode = '';
|
||||
$list_name = '';
|
||||
|
||||
switch( $type ){
|
||||
switch ($type) {
|
||||
case 'post_meta':
|
||||
$shortcode = 'CF7_get_custom_field';
|
||||
$list_name = __('Meta Key Allow List', 'contact-form-7-dynamic-text-extension');
|
||||
@@ -830,47 +849,21 @@ function wpcf7dtx_access_denied_alert( $key, $type ){
|
||||
$shortcode = 'CF7_get_current_user';
|
||||
$list_name = __('User Data Key Allow List', 'contact-form-7-dynamic-text-extension');
|
||||
break;
|
||||
default:
|
||||
default:
|
||||
$shortcode = '';
|
||||
$list_name = '';
|
||||
break;
|
||||
}
|
||||
|
||||
$settings_page_url = admin_url('admin.php?page=cf7dtx_settings');
|
||||
|
||||
$msg = sprintf(
|
||||
__('CF7 DTX: Access denied to key: "%1$s" in dynamic contact form shortcode: [%2$s]. Please add this key to the %3$s at %4$s','contact-form-7-dynamic-text-extension'),
|
||||
__('CF7 DTX: Access denied to key: "%1$s" in dynamic contact form shortcode: [%2$s]. Please add this key to the %3$s at %4$s', 'contact-form-7-dynamic-text-extension'),
|
||||
$key,
|
||||
$shortcode,
|
||||
$list_name,
|
||||
$settings_page_url
|
||||
);
|
||||
|
||||
trigger_error( $msg, E_USER_WARNING );
|
||||
trigger_error($msg, E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Helper function to output array and object data
|
||||
*/
|
||||
/*
|
||||
function dtxpretty ($var, $print=true, $privobj=false) {
|
||||
|
||||
$type = gettype($var);
|
||||
|
||||
if( $privobj && $type === 'object' ){
|
||||
$p = '<pre>'.print_r($var, true).'</pre>';
|
||||
}
|
||||
else {
|
||||
$p = '<pre>'.$type . ' ' . json_encode(
|
||||
$var,
|
||||
JSON_UNESCAPED_SLASHES |
|
||||
JSON_UNESCAPED_UNICODE |
|
||||
JSON_PRETTY_PRINT |
|
||||
JSON_PARTIAL_OUTPUT_ON_ERROR |
|
||||
JSON_INVALID_UTF8_SUBSTITUTE
|
||||
).'</pre>';
|
||||
}
|
||||
if( $print ) {
|
||||
echo $p;
|
||||
}
|
||||
return $p;
|
||||
}
|
||||
*/
|
||||
Reference in New Issue
Block a user