1: <?php
2:
3: 4: 5:
6: class Quform_Settings
7: {
8: 9: 10:
11: protected $options;
12:
13: 14: 15:
16: protected $permissions;
17:
18: 19: 20:
21: protected $scriptLoader;
22:
23: 24: 25: 26: 27:
28: public function __construct(Quform_Options $options, Quform_Permissions $permissions, Quform_ScriptLoader $scriptLoader)
29: {
30: $this->options = $options;
31: $this->permissions = $permissions;
32: $this->scriptLoader = $scriptLoader;
33: }
34:
35: 36: 37:
38: public function save()
39: {
40: $this->validateSaveRequest();
41:
42: $options = json_decode(stripslashes($_POST['options']), true);
43:
44: if ( ! is_array($options)) {
45: wp_send_json(array(
46: 'type' => 'error',
47: 'message' => __('Bad request', 'quform')
48: ));
49: }
50:
51: $options = $this->sanitizeOptions($options);
52:
53: if (array_key_exists('permissions', $options)) {
54: if (is_array($options['permissions'])) {
55: $this->permissions->update($options['permissions']);
56: }
57:
58: unset($options['permissions']);
59: }
60:
61: $this->options->set($options);
62:
63: $this->scriptLoader->generateFiles();
64:
65: do_action('quform_settings_saved', $this->options);
66:
67: wp_send_json(array(
68: 'type' => 'success'
69: ));
70: }
71:
72: 73: 74:
75: protected function validateSaveRequest()
76: {
77: if ( ! Quform::isPostRequest() || ! isset($_POST['options']) || ! is_string($_POST['options'])) {
78: wp_send_json(array(
79: 'type' => 'error',
80: 'message' => __('Bad request', 'quform')
81: ));
82: }
83:
84: if ( ! current_user_can('quform_settings')) {
85: wp_send_json(array(
86: 'type' => 'error',
87: 'message' => __('Insufficient permissions', 'quform')
88: ));
89: }
90:
91: if ( ! check_ajax_referer('quform_save_settings', false, false)) {
92: wp_send_json(array(
93: 'type' => 'error',
94: 'message' => __('Nonce check failed', 'quform')
95: ));
96: }
97: }
98:
99: 100: 101: 102: 103: 104:
105: protected function sanitizeOptions(array $options)
106: {
107: if (array_key_exists('defaultEmailAddress', $options)) {
108: $options['defaultEmailAddress'] = is_string($options['defaultEmailAddress']) ? sanitize_email($options['defaultEmailAddress']) : get_bloginfo('admin_email');
109: }
110:
111: if (array_key_exists('defaultEmailName', $options)) {
112: $options['defaultEmailName'] = is_string($options['defaultEmailName']) ? sanitize_text_field($options['defaultEmailName']) : '';
113: }
114:
115: if (array_key_exists('defaultFromEmailAddress', $options)) {
116: $options['defaultFromEmailAddress'] = is_string($options['defaultFromEmailAddress']) ? sanitize_email($options['defaultFromEmailAddress']) : 'wordpress@' . preg_replace('/^www./', '', Quform::get($_SERVER, 'SERVER_NAME'));
117: }
118:
119: if (array_key_exists('defaultFromEmailName', $options)) {
120: $options['defaultFromEmailName'] = is_string($options['defaultFromEmailName']) ? sanitize_text_field($options['defaultFromEmailName']) : '';
121: }
122:
123: if (array_key_exists('locale', $options)) {
124: $options['locale'] = is_string($options['locale']) ? sanitize_text_field($options['locale']) : 'en-US';
125: }
126:
127: if (array_key_exists('dateFormatJs', $options)) {
128: $options['dateFormatJs'] = is_string($options['dateFormatJs']) ? sanitize_text_field($options['dateFormatJs']) : '';
129: }
130:
131: if (array_key_exists('timeFormatJs', $options)) {
132: $options['timeFormatJs'] = is_string($options['timeFormatJs']) ? sanitize_text_field($options['timeFormatJs']) : '';
133: }
134:
135: if (array_key_exists('dateFormat', $options)) {
136: $options['dateFormat'] = is_string($options['dateFormat']) ? sanitize_text_field($options['dateFormat']) : '';
137: }
138:
139: if (array_key_exists('timeFormat', $options)) {
140: $options['timeFormat'] = is_string($options['timeFormat']) ? sanitize_text_field($options['timeFormat']) : '';
141: }
142:
143: if (array_key_exists('rtl', $options)) {
144: $options['rtl'] = is_string($options['rtl']) ? sanitize_text_field($options['rtl']) : '';
145: }
146:
147: if (array_key_exists('recaptchaSiteKey', $options)) {
148: $options['recaptchaSiteKey'] = is_string($options['recaptchaSiteKey']) ? sanitize_text_field($options['recaptchaSiteKey']) : '';
149: }
150:
151: if (array_key_exists('recaptchaSecretKey', $options)) {
152: $options['recaptchaSecretKey'] = is_string($options['recaptchaSecretKey']) ? sanitize_text_field($options['recaptchaSecretKey']) : '';
153: }
154:
155: if (array_key_exists('hcaptchaSiteKey', $options)) {
156: $options['hcaptchaSiteKey'] = is_string($options['hcaptchaSiteKey']) ? sanitize_text_field($options['hcaptchaSiteKey']) : '';
157: }
158:
159: if (array_key_exists('hcaptchaSecretKey', $options)) {
160: $options['hcaptchaSecretKey'] = is_string($options['hcaptchaSecretKey']) ? sanitize_text_field($options['hcaptchaSecretKey']) : '';
161: }
162:
163: if (array_key_exists('turnstileSiteKey', $options)) {
164: $options['turnstileSiteKey'] = is_string($options['turnstileSiteKey']) ? sanitize_text_field($options['turnstileSiteKey']) : '';
165: }
166:
167: if (array_key_exists('turnstileSecretKey', $options)) {
168: $options['turnstileSecretKey'] = is_string($options['turnstileSecretKey']) ? sanitize_text_field($options['turnstileSecretKey']) : '';
169: }
170:
171: if (array_key_exists('customCss', $options)) {
172: $options['customCss'] = is_string($options['customCss']) ? wp_strip_all_tags($options['customCss']) : '';
173: }
174:
175: if (array_key_exists('customCssTablet', $options)) {
176: $options['customCssTablet'] = is_string($options['customCssTablet']) ? wp_strip_all_tags($options['customCssTablet']) : '';
177: }
178:
179: if (array_key_exists('customCssPhone', $options)) {
180: $options['customCssPhone'] = is_string($options['customCssPhone']) ? wp_strip_all_tags($options['customCssPhone']) : '';
181: }
182:
183: if (array_key_exists('customJs', $options)) {
184: $options['customJs'] = is_string($options['customJs']) ? $options['customJs'] : '';
185: }
186:
187: if (array_key_exists('loadScripts', $options)) {
188: $options['loadScripts'] = is_string($options['loadScripts']) ? sanitize_text_field($options['loadScripts']) : 'always';
189: }
190:
191: if (array_key_exists('loadScriptsCustom', $options)) {
192: $options['loadScriptsCustom'] = is_array($options['loadScriptsCustom']) ? $options['loadScriptsCustom'] : array();
193: }
194:
195: if (array_key_exists('disabledStyles', $options)) {
196: $options['disabledStyles'] = is_array($options['disabledStyles']) ? $options['disabledStyles'] : array(
197: 'fontAwesome' => false,
198: 'select2' => false,
199: 'qtip' => false,
200: 'fancybox' => false,
201: 'fancybox2' => false,
202: 'fancybox3' => false,
203: 'magnificPopup' => false
204: );
205: }
206:
207: if (array_key_exists('disabledScripts', $options)) {
208: $options['disabledScripts'] = is_array($options['disabledScripts']) ? $options['disabledScripts'] : array(
209: 'fileUpload' => false,
210: 'scrollTo' => false,
211: 'select2' => false,
212: 'qtip' => false,
213: 'fancybox' => false,
214: 'fancybox2' => false,
215: 'fancybox3' => false,
216: 'magnificPopup' => false,
217: 'infieldLabels' => false,
218: 'datepicker' => false,
219: 'timepicker' => false
220: );
221: }
222:
223: if (array_key_exists('combineCss', $options)) {
224: $options['combineCss'] = is_bool($options['combineCss']) ? $options['combineCss'] : true;
225: }
226:
227: if (array_key_exists('combineJs', $options)) {
228: $options['combineJs'] = is_bool($options['combineJs']) ? $options['combineJs'] : true;
229: }
230:
231: if (array_key_exists('popupEnabled', $options)) {
232: $options['popupEnabled'] = is_bool($options['popupEnabled']) ? $options['popupEnabled'] : false;
233: }
234:
235: if (array_key_exists('popupScript', $options)) {
236: $options['popupScript'] = is_string($options['popupScript']) ? sanitize_text_field($options['popupScript']) : 'fancybox-2';
237: }
238:
239: if (array_key_exists('rawFix', $options)) {
240: $options['rawFix'] = is_bool($options['rawFix']) ? $options['rawFix'] : false;
241: }
242:
243: if (array_key_exists('scrollOffset', $options)) {
244: $options['scrollOffset'] = is_string($options['scrollOffset']) && is_numeric($options['scrollOffset']) ? (string) (float) $options['scrollOffset'] : '50';
245: }
246:
247: if (array_key_exists('scrollSpeed', $options)) {
248: $options['scrollSpeed'] = is_string($options['scrollSpeed']) && is_numeric($options['scrollSpeed']) ? (string) (float) $options['scrollSpeed'] : '800';
249: }
250:
251: if (array_key_exists('allowAllFileTypes', $options)) {
252: $options['allowAllFileTypes'] = is_bool($options['allowAllFileTypes']) ? $options['allowAllFileTypes'] : false;
253: }
254:
255: if (array_key_exists('showEditLink', $options)) {
256: $options['showEditLink'] = is_bool($options['showEditLink']) ? $options['showEditLink'] : true;
257: }
258:
259: if (array_key_exists('csrfProtection', $options)) {
260: $options['csrfProtection'] = is_bool($options['csrfProtection']) ? $options['csrfProtection'] : true;
261: }
262:
263: if (array_key_exists('supportPageCaching', $options)) {
264: $options['supportPageCaching'] = is_bool($options['supportPageCaching']) ? $options['supportPageCaching'] : true;
265: }
266:
267: if (array_key_exists('toolbarMenu', $options)) {
268: $options['toolbarMenu'] = is_bool($options['toolbarMenu']) ? $options['toolbarMenu'] : true;
269: }
270:
271: if (array_key_exists('dashboardWidget', $options)) {
272: $options['dashboardWidget'] = is_bool($options['dashboardWidget']) ? $options['dashboardWidget'] : true;
273: }
274:
275: if (array_key_exists('insertFormButton', $options)) {
276: $options['insertFormButton'] = is_bool($options['insertFormButton']) ? $options['insertFormButton'] : true;
277: }
278:
279: if (array_key_exists('preventFouc', $options)) {
280: $options['preventFouc'] = is_bool($options['preventFouc']) ? $options['preventFouc'] : false;
281: }
282:
283: if (array_key_exists('secureApiRequests', $options)) {
284: $options['secureApiRequests'] = is_bool($options['secureApiRequests']) ? $options['secureApiRequests'] : true;
285: }
286:
287: if (array_key_exists('saveEntries', $options)) {
288: $options['saveEntries'] = is_bool($options['saveEntries']) ? $options['saveEntries'] : true;
289: }
290:
291: if (array_key_exists('saveIpAddresses', $options)) {
292: $options['saveIpAddresses'] = is_bool($options['saveIpAddresses']) ? $options['saveIpAddresses'] : true;
293: }
294:
295: if (array_key_exists('referralEnabled', $options)) {
296: $options['referralEnabled'] = is_bool($options['referralEnabled']) ? $options['referralEnabled'] : false;
297: }
298:
299: if (array_key_exists('referralText', $options)) {
300: $options['referralText'] = is_string($options['referralText']) ? wp_kses_post($options['referralText']) : __('Powered by Quform', 'quform');
301: }
302:
303: if (array_key_exists('referralLink', $options)) {
304: $options['referralLink'] = is_string($options['referralLink']) ? sanitize_text_field($options['referralLink']) : '';
305: }
306:
307: return $options;
308: }
309:
310: 311: 312:
313: public function rebuildScriptCache()
314: {
315: if ( ! current_user_can('quform_settings')) {
316: wp_send_json(array(
317: 'type' => 'error',
318: 'message' => __('Insufficient permissions', 'quform')
319: ));
320: }
321:
322: if ( ! check_ajax_referer('quform_rebuild_script_cache', false, false)) {
323: wp_send_json(array(
324: 'type' => 'error',
325: 'message' => __('Nonce check failed', 'quform')
326: ));
327: }
328:
329: $this->scriptLoader->rebuildScriptCache();
330:
331: wp_send_json(array(
332: 'type' => 'success'
333: ));
334: }
335:
336: 337: 338:
339: public function enablePopup()
340: {
341: $this->options->set('popupEnabled', true);
342: $this->scriptLoader->rebuildScriptCache();
343: exit;
344: }
345:
346: 347: 348:
349: public function searchPosts()
350: {
351: $this->validateSearchPostsRequest();
352:
353: $search = sanitize_text_field(wp_unslash($_GET['search']));
354: $results = array();
355:
356: foreach (Quform::searchPosts($search) as $post) {
357: $results[] = array('id' => $post->ID, 'text' => $post->post_title);
358: }
359:
360: wp_send_json(array(
361: 'type' => 'success',
362: 'results' => $results
363: ));
364: }
365:
366: 367: 368:
369: protected function validateSearchPostsRequest()
370: {
371: if ( ! Quform::isGetRequest() || ! isset($_GET['search']) || ! is_string($_GET['search'])) {
372: wp_send_json(array(
373: 'type' => 'error',
374: 'message' => __('Bad request', 'quform')
375: ));
376: }
377:
378: if ( ! current_user_can('quform_settings')) {
379: wp_send_json(array(
380: 'type' => 'error',
381: 'message' => __('Insufficient permissions', 'quform')
382: ));
383: }
384:
385: if ( ! check_ajax_referer('quform_settings_search_posts', false, false)) {
386: wp_send_json(array(
387: 'type' => 'error',
388: 'message' => __('Nonce check failed', 'quform')
389: ));
390: }
391: }
392: }
393: