From bf70c26f33702959daf1cb8d6a55e7a987f7be88 Mon Sep 17 00:00:00 2001 From: Maksym Tsypliakov Date: Sat, 5 Feb 2022 15:28:57 +0100 Subject: [PATCH] #41 Escape output --- rapid-addon.php | 233 ++++++++++++++++++++++++------------------------ 1 file changed, 115 insertions(+), 118 deletions(-) diff --git a/rapid-addon.php b/rapid-addon.php index 97a9876..13e220a 100644 --- a/rapid-addon.php +++ b/rapid-addon.php @@ -9,7 +9,7 @@ */ if (!class_exists('RapidAddon')) { - + class RapidAddon { public $name; @@ -24,13 +24,13 @@ class RapidAddon { public $logger = null; public $when_to_run = false; public $image_options = array( - 'download_images' => 'yes', - 'download_featured_delim' => ',', + 'download_images' => 'yes', + 'download_featured_delim' => ',', 'download_featured_image' => '', 'gallery_featured_image' => '', 'gallery_featured_delim' => ',', 'featured_image' => '', - 'featured_delim' => ',', + 'featured_delim' => ',', 'search_existing_images' => 1, 'is_featured' => 0, 'create_draft' => 'no', @@ -64,7 +64,7 @@ function __construct($name, $slug) { $this->isWizard = false; } } - + function set_import_function($name) { $this->import_function = $name; } @@ -74,7 +74,7 @@ function set_post_saved_function($name) { } function is_active_addon($post_type = null) { - + if ( ! class_exists( 'PMXI_Plugin' ) ) { return false; } @@ -85,16 +85,16 @@ function is_active_addon($post_type = null) { if (@in_array($post_type, $this->active_post_types) or empty($this->active_post_types)) { $addon_active = true; } - } + } if ($addon_active){ - + $current_theme = wp_get_theme(); - $parent_theme = $current_theme->parent(); + $parent_theme = $current_theme->parent(); $theme_name = $current_theme->get('Name'); - + $addon_active = (@in_array($theme_name, $this->active_themes) or empty($this->active_themes)) ? true : false; if ( ! $addon_active and $parent_theme ){ @@ -102,7 +102,7 @@ function is_active_addon($post_type = null) { $addon_active = (@in_array($parent_theme_name, $this->active_themes) or empty($this->active_themes)) ? true : false; } - + if ( $addon_active and ! empty($this->active_plugins) ){ include_once( ABSPATH . 'wp-admin/includes/plugin.php' ); @@ -112,7 +112,7 @@ function is_active_addon($post_type = null) { $addon_active = false; break; } - } + } } } @@ -123,9 +123,9 @@ function is_active_addon($post_type = null) { return apply_filters('rapid_is_active_add_on', $addon_active, $post_type, $this->slug); } - + /** - * + * * Add-On Initialization * * @param array $conditions - list of supported themes and post types @@ -139,7 +139,7 @@ function run($conditions = array()) { @$this->active_post_types = ( ! empty($conditions['post_types'])) ? $conditions['post_types'] : array(); @$this->active_themes = ( ! empty($conditions['themes'])) ? $conditions['themes'] : array(); - @$this->active_plugins = ( ! empty($conditions['plugins'])) ? $conditions['plugins'] : array(); + @$this->active_plugins = ( ! empty($conditions['plugins'])) ? $conditions['plugins'] : array(); add_filter('pmxi_addons', array($this, 'wpai_api_register')); add_filter('wp_all_import_addon_parse', array($this, 'wpai_api_parse')); @@ -152,10 +152,10 @@ function run($conditions = array()) { add_filter('wp_all_import_post_type_image', array($this, 'post_type_image'), 10, 1 ); add_action('pmxi_extend_options_featured', array($this, 'wpai_api_metabox'), 10, 2); add_action('admin_init', array($this, 'admin_notice_ignore')); - } + } function parse($data) { - + if ( ! $this->is_active_addon($data['import']->options['custom_type'])) return false; $parsedData = $this->helper_parse($data, $this->options_array()); @@ -180,9 +180,9 @@ function add_field($field_slug, $field_name, $field_type, $enum_values = null, $ } else { - foreach ($value as $n => $param) { + foreach ($value as $n => $param) { if (is_array($param) and ! empty($this->fields[$param['slug']])){ - $this->fields[$param['slug']]['is_sub_field'] = true; + $this->fields[$param['slug']]['is_sub_field'] = true; } } } @@ -224,7 +224,7 @@ function acf_is_show_group($is_show, $acf_group){ } /** - * + * * Add an option to WP All Import options list * * @param string $slug - option name @@ -238,14 +238,14 @@ function add_option($slug, $default_value = ''){ function options_array() { $options_list = array(); - + if ( ! empty( $this->fields ) ) { foreach ($this->fields as $field_slug => $field_params) { if (in_array($field_params['type'], array('title', 'plain_text', 'acf'))) continue; $default_value = ''; if (!empty($field_params['enum_values'])){ - foreach ($field_params['enum_values'] as $key => $value) { + foreach ($field_params['enum_values'] as $key => $value) { $default_value = $key; break; } @@ -253,7 +253,7 @@ function options_array() { $options_list[$field_slug] = $default_value; } - } + } if ( ! empty($this->options) ){ foreach ($this->options as $slug => $value) { @@ -312,7 +312,7 @@ function post_saved( $importData ){ if (is_callable($this->post_saved_function)) call_user_func($this->post_saved_function, $importData['pid'], $importData['import'], $importData['logger']); - + } function import($importData, $parsedData) { @@ -340,7 +340,7 @@ function import($importData, $parsedData) { switch ($field_params['type']) { case 'image': - + // import the specified image, then set the value of the field to the image ID in the media library $image_url_or_path = $parsedData[$field_slug][$index]; @@ -380,12 +380,12 @@ function import($importData, $parsedData) { ); break; - + default: // set the field data to the value of the field after it's been parsed $data[$field_slug] = $parsedData[$field_slug][$index]; break; - } + } // apply mapping rules if they exist if (!empty($import_options['mapping'][$field_slug])) { @@ -402,7 +402,7 @@ function import($importData, $parsedData) { } // -------------------- } - } + } call_user_func($this->import_function, $post_id, $data, $importData['import'], $importData['articleData'], $importData['logger']); } @@ -427,28 +427,28 @@ function wpai_api_metabox($post_type, $current_values) { $counter = 0; - foreach ($this->fields as $field_slug => $field_params) { + foreach ($this->fields as $field_slug => $field_params) { // do not render sub fields - if ($field_params['is_sub_field']) continue; + if ($field_params['is_sub_field']) continue; - $counter++; + $counter++; - $this->render_field($field_params, $field_slug, $current_values, $visible_fields == $counter); + $this->render_field($field_params, $field_slug, $current_values, $visible_fields == $counter); - //if ( $field_params['type'] != 'accordion' ) echo "
"; + //if ( $field_params['type'] != 'accordion' ) echo "
"; } echo $this->helper_metabox_bottom(); - if ( ! empty($this->image_sections) ){ - $is_images_section_enabled = apply_filters('wp_all_import_is_images_section_enabled', true, $post_type); + if ( ! empty($this->image_sections) ){ + $is_images_section_enabled = apply_filters('wp_all_import_is_images_section_enabled', true, $post_type); foreach ($this->image_sections as $k => $section) { $section_options = array(); foreach ($this->image_options as $slug => $value) { $section_options[$section['slug'] . $slug] = $value; - } + } if ( ! $is_images_section_enabled and ! $k ){ $section_options[$section['slug'] . 'is_featured'] = 1; } @@ -456,7 +456,7 @@ function wpai_api_metabox($post_type, $current_values) { } } - } + } function render_field($field_params, $field_slug, $current_values, $in_the_bottom = false){ @@ -501,7 +501,7 @@ function render_field($field_params, $field_slug, $current_values, $in_the_botto ); } else if ($field_params['type'] == 'image' or $field_params['type'] == 'file') { - + if (!isset($current_values[$this->slug]['download_image'][$field_slug])) { $current_values[$this->slug]['download_image'][$field_slug] = ''; } PMXI_API::add_field( @@ -518,8 +518,8 @@ function render_field($field_params, $field_slug, $current_values, $in_the_botto ) ); - } else if ($field_params['type'] == 'radio') { - + } else if ($field_params['type'] == 'radio') { + if (!isset($current_values[$this->slug]['mapping'][$field_slug])) { $current_values[$this->slug]['mapping'][$field_slug] = array(); } if (!isset($current_values[$this->slug]['xpaths'][$field_slug])) { $current_values[$this->slug]['xpaths'][$field_slug] = ''; } @@ -545,13 +545,13 @@ function render_field($field_params, $field_slug, $current_values, $in_the_botto PMXI_API::add_field( 'accordion', $field_params['name'], - array( + array( 'tooltip' => $field_params['tooltip'], - 'field_name' => $this->slug."[".$field_slug."]", - 'field_key' => $field_slug, + 'field_name' => $this->slug."[".$field_slug."]", + 'field_key' => $field_slug, 'addon_prefix' => $this->slug, 'sub_fields' => $this->get_sub_fields($field_params, $field_slug, $current_values), - 'in_the_bottom' => $in_the_bottom + 'in_the_bottom' => $in_the_bottom ) ); @@ -563,19 +563,19 @@ function render_field($field_params, $field_slug, $current_values, $in_the_botto $fieldData['key'] = $field_params['field_obj']->post_name; if (empty($fieldData['name'])) $fieldData['name'] = $field_params['field_obj']->post_excerpt; if (function_exists('pmai_render_field')) { - echo pmai_render_field($fieldData, ( ! empty($current_values) ) ? $current_values : array() ); + echo esc_html(pmai_render_field($fieldData, ( ! empty($current_values) ) ? $current_values : array() )); } } else if($field_params['type'] == 'title'){ ?> -

?

+

?

-

+

$value) { - $sub_fields[$key] = array(); + $sub_fields = array(); + if ( ! empty($field_params['enum_values']) ){ + foreach ($field_params['enum_values'] as $key => $value) { + $sub_fields[$key] = array(); if (is_array($value)){ - if ($field_params['type'] == 'accordion'){ + if ($field_params['type'] == 'accordion'){ $sub_fields[$key][] = $this->convert_field($value, $current_values); } else { - foreach ($value as $k => $sub_field) { + foreach ($value as $k => $sub_field) { if (is_array($sub_field) and ! empty($this->fields[$sub_field['slug']])) - { + { $sub_fields[$key][] = $this->convert_field($sub_field, $current_values); - } + } } } } } } return $sub_fields; - } + } function convert_field($sub_field, $current_values){ $field = array(); @@ -717,32 +717,32 @@ function convert_field($sub_field, $current_values){ 'label' => $this->fields[$sub_field['slug']]['name'], 'params' => array( 'tooltip' => $this->fields[$sub_field['slug']]['tooltip'], - 'field_name' => $this->slug."[".$sub_field['slug']."]", - 'field_key' => $sub_field['slug'], + 'field_name' => $this->slug."[".$sub_field['slug']."]", + 'field_key' => $sub_field['slug'], 'addon_prefix' => $this->slug, 'sub_fields' => $this->get_sub_fields($this->fields[$sub_field['slug']], $sub_field['slug'], $current_values), 'in_the_bottom' => false ) - ); + ); break; default: # code... break; } return $field; - } + } /** - * + * * Add accordion options * * */ function add_options( $main_field = false, $title = '', $fields = array() ){ - + if ( ! empty($fields) ) - { - + { + if ($main_field){ $main_field['is_main_field'] = true; @@ -750,19 +750,19 @@ function add_options( $main_field = false, $title = '', $fields = array() ){ } - return $this->add_field('accordion_' . $fields[0]['slug'], $title, 'accordion', $fields); - + return $this->add_field('accordion_' . $fields[0]['slug'], $title, 'accordion', $fields); + } - } + } function add_title($title = '', $tooltip = ''){ if (empty($title)) return; - return $this->add_field(sanitize_key($title) . time(), $title, 'title', null, $tooltip); + return $this->add_field(sanitize_key($title) . time(), $title, 'title', null, $tooltip); - } + } function add_text($text = '', $is_html = false){ @@ -772,7 +772,7 @@ function add_text($text = '', $is_html = false){ return $this->add_field(sanitize_key($text) . time() . uniqid() . $count, $text, 'plain_text', null, "", $is_html); - } + } function helper_metabox_top($name) { @@ -897,11 +897,11 @@ function import_files( $slug, $title, $callback = NULL ){ /** * - * simply add an additional section + * simply add an additional section * */ function import_images( $slug, $title, $type = 'images', $callback = NULL ){ - + if ( empty($title) or empty($slug) ) return; if (is_array($slug)) { @@ -914,8 +914,8 @@ function import_images( $slug, $title, $type = 'images', $callback = NULL ){ 'title' => $title, 'slug' => $section_slug, 'type' => $type - ); - + ); + foreach ($this->image_options as $option_slug => $value) { $this->add_option($section_slug . $option_slug, $value); } @@ -924,7 +924,7 @@ function import_images( $slug, $title, $type = 'images', $callback = NULL ){ add_filter('wp_all_import_is_show_add_new_images', array($this, 'filter_is_show_add_new_images'), 10, 2); } - add_filter('wp_all_import_is_allow_import_images', array($this, 'is_allow_import_images'), 10, 2); + add_filter('wp_all_import_is_allow_import_images', array($this, 'is_allow_import_images'), 10, 2); if ($callback && is_callable($callback)) { add_action( $section_slug, $callback, 10, 4); @@ -933,7 +933,7 @@ function import_images( $slug, $title, $type = 'images', $callback = NULL ){ add_action( $section_slug, $slug, 10, 4); } } - } + } /** * * filter to allow import images for free edition of WP All Import @@ -954,7 +954,7 @@ function additional_sections($sections){ $sections[] = $add_section; } } - + return $sections; } /** @@ -970,16 +970,16 @@ function filter_is_show_add_new_images($is_show, $post_type){ * * disable the default images section * - */ + */ function disable_default_images($post_type = false){ - + add_filter('wp_all_import_is_images_section_enabled', array($this, 'is_enable_default_images_section'), 10, 2); } - function is_enable_default_images_section($is_enabled, $post_type){ - + function is_enable_default_images_section($is_enabled, $post_type){ + return ($this->is_active_addon($post_type)) ? false : true; - + } function helper_parse($parsingData, $options) { @@ -996,17 +996,17 @@ function helper_parse($parsingData, $options) { $tmp_files = array(); - foreach ($options[$this->slug] as $option_name => $option_value) { - if ( isset($import->options[$this->slug][$option_name]) and $import->options[$this->slug][$option_name] != '') { + foreach ($options[$this->slug] as $option_name => $option_value) { + if ( isset($import->options[$this->slug][$option_name]) and $import->options[$this->slug][$option_name] != '') { if ($import->options[$this->slug][$option_name] == "xpath") { if ($import->options[$this->slug]['xpaths'][$option_name] == ""){ $count and $data[$option_name] = array_fill(0, $count, ""); } else { $data[$option_name] = XmlImportParser::factory($xml, $cxpath, (string) $import->options[$this->slug]['xpaths'][$option_name], $file)->parse(); - $tmp_files[] = $file; + $tmp_files[] = $file; } - } - else { + } + else { $data[$option_name] = XmlImportParser::factory($xml, $cxpath, (string) $import->options[$this->slug][$option_name], $file)->parse(); $tmp_files[] = $file; } @@ -1033,12 +1033,12 @@ function can_update_meta($meta_key, $import_options) { //echo "
";
 			//print_r($import_options['options']);
 			//echo "
"; - + $import_options = $import_options['options']; if ($import_options['update_all_data'] == 'yes') return true; - if ( ! $import_options['is_update_custom_fields'] ) return false; + if ( ! $import_options['is_update_custom_fields'] ) return false; if ($import_options['update_custom_fields_logic'] == "full_update") return true; if ($import_options['update_custom_fields_logic'] == "only" and ! empty($import_options['custom_fields_list']) and is_array($import_options['custom_fields_list']) and in_array($meta_key, $import_options['custom_fields_list']) ) return true; @@ -1053,12 +1053,12 @@ function can_update_taxonomy($tax_name, $import_options) { //echo "
";
 			//print_r($import_options['options']);
 			//echo "
"; - + $import_options = $import_options['options']; if ($import_options['update_all_data'] == 'yes') return true; - if ( ! $import_options['is_update_categories'] ) return false; + if ( ! $import_options['is_update_categories'] ) return false; if ($import_options['update_categories_logic'] == "full_update") return true; if ($import_options['update_categories_logic'] == "only" and ! empty($import_options['taxonomies_list']) and is_array($import_options['taxonomies_list']) and in_array($tax_name, $import_options['taxonomies_list']) ) return true; @@ -1074,9 +1074,9 @@ function can_update_image($import_options) { if ($import_options['update_all_data'] == 'yes') return true; - if (!$import_options['is_update_images']) return false; + if (!$import_options['is_update_images']) return false; - if ($import_options['is_update_images']) return true; + if ($import_options['is_update_images']) return true; return false; } @@ -1101,14 +1101,11 @@ function display_admin_notice() { ?> -
-

slug.'_ignore=0' - ), - 'rapid_addon_'.$this->slug - ); ?>

+
+

slug.'_ignore=0' + )); ?>

array('Realia'), 'plugins' => array('plugin-directory/plugin-file.php', 'plugin-directory2/plugin-file.php')) + * $conditions - array('themes' => array('Realia'), 'plugins' => array('plugin-directory/plugin-file.php', 'plugin-directory2/plugin-file.php')) * */ function admin_notice($notice_text = '', $conditions = array()) { @@ -1136,28 +1133,28 @@ function admin_notice($notice_text = '', $conditions = array()) { if ( ! $is_show_notice and ! empty($conditions['themes']) ){ $themeInfo = wp_get_theme(); - $parentInfo = $themeInfo->parent(); + $parentInfo = $themeInfo->parent(); $currentTheme = $themeInfo->get('Name'); - - $is_show_notice = in_array($currentTheme, $conditions['themes']) ? false : true; + + $is_show_notice = in_array($currentTheme, $conditions['themes']) ? false : true; if ( $is_show_notice and $parentInfo ){ $parent_theme = $parentInfo->get('Name'); - $is_show_notice = in_array($parent_theme, $conditions['themes']) ? false : true; + $is_show_notice = in_array($parent_theme, $conditions['themes']) ? false : true; } - } + } // Required Plugins - if ( ! $is_show_notice and ! empty($conditions['plugins']) ){ + if ( ! $is_show_notice and ! empty($conditions['plugins']) ){ $requires_counter = 0; foreach ($conditions['plugins'] as $plugin) { if ( is_plugin_active($plugin) ) $requires_counter++; } - if ($requires_counter != count($conditions['plugins'])){ - $is_show_notice = true; + if ($requires_counter != count($conditions['plugins'])){ + $is_show_notice = true; } } @@ -1173,12 +1170,12 @@ function admin_notice($notice_text = '', $conditions = array()) { } - function log( $m = false){ + function log( $m = false){ $m and $this->logger and call_user_func($this->logger, $m); } - + public function remove_post_type( $type = '' ) { if ( ! empty( $type ) ) { $this->add_option( 'post_types_to_remove', $type ); @@ -1191,7 +1188,7 @@ public function filter_post_types( $custom_types = array(), $custom_type = '' ) if ( array_key_exists( $option_key, $options ) ) { $type = $options[ $option_key ]; - + if ( ! empty( $type ) ) { if ( ! is_array( $type ) ) { if ( array_key_exists( $type, $custom_types ) ) { @@ -1223,7 +1220,7 @@ public function sort_post_types( array $order ) { if ( ( $rm_key = array_search( $move_this, $order ) ) !== false ) { unset( $order[ $rm_key ] ); } - array_push( $order, $move_this ); + array_push( $order, $move_this ); } else { if ( ( $rm_key = array_search( $move_this, $order ) ) !== false ) { unset( $order[ $rm_key ] ); @@ -1247,7 +1244,7 @@ public function move_post_type( $move_this = null, $move_to = null ) { 'move_to' => $move_to ); } else { - foreach ( $move_this as $key => $move_post ) { + foreach ( $move_this as $key => $move_post ) { $move_rules[] = array( 'move_this' => $move_post, 'move_to' => $move_to[ $key ] @@ -1293,5 +1290,5 @@ public function post_type_image( $image ) { } return $image; } - } + } }