File Quform/Entry/Controller.php

  1: <?php
  2: 
  3: /**
  4:  * @copyright Copyright (c) 2009-2022 ThemeCatcher (https://www.themecatcher.net)
  5:  */
  6: class Quform_Entry_Controller
  7: {
  8:     /**
  9:      * @var Quform_Form_Factory
 10:      */
 11:     protected $formFactory;
 12: 
 13:     /**
 14:      * @var Quform_Repository
 15:      */
 16:     protected $repository;
 17: 
 18:     /**
 19:      * @var Quform_Entry_Processor
 20:      */
 21:     protected $entryProcessor;
 22: 
 23:     /**
 24:      * @param  Quform_Form_Factory     $formFactory
 25:      * @param  Quform_Repository       $repository
 26:      * @param  Quform_Entry_Processor  $entryProcessor
 27:      */
 28:     public function __construct(Quform_Form_Factory $formFactory, Quform_Repository $repository,
 29:                                 Quform_Entry_Processor $entryProcessor)
 30:     {
 31:         $this->formFactory = $formFactory;
 32:         $this->repository = $repository;
 33:         $this->entryProcessor = $entryProcessor;
 34:     }
 35: 
 36:     /**
 37:      * Hook entry point for submitting the edit entry form via Ajax
 38:      */
 39:     public function process()
 40:     {
 41:         if ( ! Quform::isPostRequest() || Quform::get($_POST, 'quform_save_entry') !== '1') {
 42:             return;
 43:         }
 44: 
 45:         $this->validateProcessRequest();
 46:         $this->handleProcessRequest();
 47:     }
 48: 
 49:     /**
 50:      * Validate the request for submitting the edit entry form via Ajax
 51:      */
 52:     protected function validateProcessRequest()
 53:     {
 54:         if ( ! isset($_POST['quform_form_id'], $_POST['quform_form_uid'], $_POST['quform_entry_id']) ||
 55:             ! is_numeric($_POST['quform_form_id']) ||
 56:             ! Quform_Form::isValidUniqueId($_POST['quform_form_uid']) ||
 57:             ! is_numeric($_POST['quform_entry_id'])
 58:         ) {
 59:             $this->sendEncodedResponse(array(
 60:                 'type' => 'error',
 61:                 'message' => __('Bad request', 'quform')
 62:             ));
 63:         }
 64: 
 65:         if ( ! current_user_can('quform_edit_entries')) {
 66:             $this->sendEncodedResponse(array(
 67:                 'type' => 'error',
 68:                 'message' => __('Insufficient permissions', 'quform')
 69:             ));
 70:         }
 71: 
 72:         if ( ! check_ajax_referer('quform_edit_entry_' . $_POST['quform_entry_id'], false, false)) {
 73:             $this->sendEncodedResponse(array(
 74:                 'type' => 'error',
 75:                 'message' => __('Nonce check failed', 'quform')
 76:             ));
 77:         }
 78:     }
 79: 
 80:     /**
 81:      * Handle the request for submitting the edit entry form via Ajax
 82:      */
 83:     protected function handleProcessRequest()
 84:     {
 85:         $config = $this->repository->getConfig((int) Quform::get($_POST, 'quform_form_id'));
 86: 
 87:         if ($config === null) {
 88:             $this->sendEncodedResponse(array(
 89:                 'type' => 'error',
 90:                 'message' => __('Form not found', 'quform')
 91:             ));
 92:         }
 93: 
 94:         $config['uniqueId'] = Quform::get($_POST, 'quform_form_uid');
 95:         $config['entryId'] = isset($_POST['quform_entry_id']) && is_numeric($_POST['quform_entry_id']) ? (int) $_POST['quform_entry_id'] : null;
 96:         $config['environment'] = 'editEntry';
 97: 
 98:         $form = $this->formFactory->create($config);
 99: 
100:         $result = $this->entryProcessor->process($form);
101: 
102:         $this->sendEncodedResponse($result);
103:     }
104: 
105:     /**
106:      * JSON encodes the given data and wraps it in a &lt;textarea&gt; tag
107:      *
108:      * Escaping is necessary to counteract the fact that wrapping the JSON response in a textarea decodes HTML entities
109:      *
110:      * @see http://malsup.com/jquery/form/#file-upload
111:      *
112:      * @param array $response
113:      */
114:     protected function sendEncodedResponse($response)
115:     {
116:         if ( ! headers_sent()) {
117:             header('Content-Type: text/html; charset=' . get_option('blog_charset'));
118:         }
119: 
120:         echo '<textarea>' . Quform::escape(wp_json_encode($response)) . '</textarea>';
121: 
122:         // Call the die handler instead of exit to facilitate unit tests
123:         call_user_func(apply_filters('wp_die_ajax_handler', '_ajax_wp_die_handler'), '');
124:     }
125: }
126:
Namespaces

Classes

Interfaces

Constants

Functions
