diff --git a/includes/admin/assets/js/um-admin-field.js b/includes/admin/assets/js/um-admin-field.js
index 3e9591a8..0ff7ef15 100644
--- a/includes/admin/assets/js/um-admin-field.js
+++ b/includes/admin/assets/js/um-admin-field.js
@@ -35,22 +35,20 @@ jQuery(document).ready(function() {
/* Add a Field */
jQuery(document.body).on('submit', 'form.um_add_field', function(e){
-
e.preventDefault();
- var conditions = jQuery('.um-admin-cur-condition');
- //need fields refactor
- jQuery(conditions).each( function ( i ) {
-
- if ( jQuery( this ).find('[id^="_conditional_action"]').val() === '' ||
- jQuery( this ).find('[id^="_conditional_field"]').val() === '' ||
- jQuery( this ).find('[id^="_conditional_operator"]').val() ==='' )
- {
- jQuery(conditions[i]).find('.um-admin-remove-condition').trigger('click');
- }
- } );
- conditions = jQuery('.um-admin-cur-condition');
- jQuery(conditions).each( function ( i ) {
- var id = i === 0 ? '' : i;
+ var conditions = jQuery('.um-admin-cur-condition');
+ //need fields refactor
+ jQuery(conditions).each( function ( i ) {
+ if ( jQuery( this ).find('[id^="_conditional_action"]').val() === '' ||
+ jQuery( this ).find('[id^="_conditional_field"]').val() === '' ||
+ jQuery( this ).find('[id^="_conditional_operator"]').val() ==='' )
+ {
+ jQuery(conditions[i]).find('.um-admin-remove-condition').trigger('click');
+ }
+ } );
+ conditions = jQuery('.um-admin-cur-condition');
+ jQuery(conditions).each( function ( i ) {
+ var id = i === 0 ? '' : i;
jQuery( this ).find('[id^="_conditional_action"]').attr('name', '_conditional_action' + id);
jQuery( this ).find('[id^="_conditional_action"]').attr('id', '_conditional_action' + id);
@@ -60,8 +58,7 @@ jQuery(document).ready(function() {
jQuery( this ).find('[id^="_conditional_operator"]').attr('id', '_conditional_operator' + id);
jQuery( this ).find('[id^="_conditional_value"]').attr('name', '_conditional_value' + id);
jQuery( this ).find('[id^="_conditional_value"]').attr('id', '_conditional_value' + id);
-
- } );
+ } );
var form = jQuery(this);
jQuery.ajax({
@@ -78,40 +75,34 @@ jQuery(document).ready(function() {
complete: function(){
form.css({'opacity': 1});
},
- success: function(data){
- if (data.error){
-
- c = 0;
- jQuery.each(data.error, function(i, v){
- c++;
- if ( c == 1 ) {
- form.find('#'+i).addClass('um-admin-error').trigger('focus');
- form.find('.um-admin-error-block').show().html(v);
- }
- });
-
- um_admin_modal_responsive();
+ success: function( response ){
+ if ( response.success ) {
+ let data = response.data;
+ if ( data.error ) {
+ let c = 0;
+ jQuery.each( data.error, function(i, v){
+ c++;
+ if ( 1 === c ) {
+ form.find('#' + i).addClass('um-admin-error').trigger('focus');
+ form.find('.um-admin-error-block').show().html(v);
+ }
+ });
+ um_admin_modal_responsive();
+ } else {
+ jQuery('.um-col-demon-settings').data('in_row', '').data('in_sub_row', '').data('in_column', '').data('in_group', '');
+ um_admin_remove_modal();
+ um_admin_update_builder();
+ }
} else {
-
- jQuery('.um-col-demon-settings').data('in_row', '');
- jQuery('.um-col-demon-settings').data('in_sub_row', '');
- jQuery('.um-col-demon-settings').data('in_column', '');
- jQuery('.um-col-demon-settings').data('in_group', '');
-
- um_admin_remove_modal();
- um_admin_update_builder();
-
+ console.log( response );
}
-
},
- error: function(data){
- console.log(data);
+ error: function( response ){
+ console.log( response );
}
});
-
return false;
-
});
-});
\ No newline at end of file
+});
diff --git a/includes/admin/core/class-admin-builder.php b/includes/admin/core/class-admin-builder.php
index a2eca841..7bc41c71 100644
--- a/includes/admin/core/class-admin-builder.php
+++ b/includes/admin/core/class-admin-builder.php
@@ -37,114 +37,131 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
}
/**
- * Apply a filter to handle errors for field updating in backend
+ * Apply a filter to handle errors for field updating in backend.
*
- * @param $errors
- * @param $array
+ * @param null|array $errors
+ * @param array $submission_data
*
* @return mixed
*/
- function um_admin_field_update_error_handling( $errors, $array ) {
- /**
- * @var $field_type
- */
- extract( $array );
+ public function um_admin_field_update_error_handling( $errors, $submission_data ) {
+ if ( ! array_key_exists( 'field_type', $submission_data ) ) {
+ return $errors;
+ }
- $field_attr = UM()->builtin()->get_core_field_attrs( $field_type );
-
- if ( isset( $field_attr['validate'] ) ) {
-
- $validate = $field_attr['validate'];
- foreach ( $validate as $post_input => $arr ) {
-
- $skip = apply_filters( 'um_admin_builder_skip_field_validation', false, $post_input, $array );
- if ( $skip ) {
- continue;
- }
-
- $mode = $arr['mode'];
-
- switch ( $mode ) {
-
- case 'numeric':
- if ( ! empty( $array['post'][ $post_input ] ) && ! is_numeric( $array['post'][ $post_input ] ) ){
- $errors[ $post_input ] = $validate[ $post_input ]['error'];
- }
- break;
-
- case 'unique':
- if ( ! isset( $array['post']['edit_mode'] ) ) {
- if ( UM()->builtin()->unique_field_err( $array['post'][ $post_input ] ) ) {
- $errors[ $post_input ] = UM()->builtin()->unique_field_err( $array['post'][ $post_input ] );
- }
- }
- break;
-
- case 'required':
- if ( $array['post'][ $post_input ] == '' ) {
- $errors[ $post_input ] = $validate[ $post_input ]['error'];
- }
- break;
-
- case 'range-start':
- if ( UM()->builtin()->date_range_start_err( $array['post'][ $post_input ] ) && $array['post']['_range'] == 'date_range' ) {
- $errors[ $post_input ] = UM()->builtin()->date_range_start_err( $array['post'][ $post_input ] );
- }
- break;
-
- case 'range-end':
- if ( UM()->builtin()->date_range_end_err( $array['post'][ $post_input ], $array['post']['_range_start'] ) && $array['post']['_range'] == 'date_range' ) {
- $errors[ $post_input ] = UM()->builtin()->date_range_end_err( $array['post'][ $post_input ], $array['post']['_range_start'] );
- }
- break;
-
- }
+ $field_attr = UM()->builtin()->get_core_field_attrs( $submission_data['field_type'] );
+ if ( ! array_key_exists( 'validate', $field_attr ) ) {
+ return $errors;
+ }
+ $validate = $field_attr['validate'];
+ foreach ( $validate as $post_input => $arr ) {
+ /**
+ * Filters the marker for skipping field validation.
+ *
+ * @param {bool} $skip Errors list. It's null by default.
+ * @param {string} $post_input Field key for validation.
+ * @param {array} $submission_data Update field handler data.
+ *
+ * @return {bool} True for skipping validation.
+ *
+ * @since 2.1.0
+ * @hook um_admin_builder_skip_field_validation
+ *
+ * @example
Skipping validation for the `_options` setting field for `billing_country` and `shipping_country` form fields.
+ * function my_custom_um_admin_builder_skip_field_validation( $skip, $post_input, $submission_data ) {
+ * if ( $post_input === '_options' && isset( $submission_data['post']['_metakey'] ) && in_array( $submission_data['post']['_metakey'], array( 'billing_country', 'shipping_country' ), true ) ) {
+ * $skip = true;
+ * }
+ * return $skip;
+ * }
+ * add_filter( 'um_admin_builder_skip_field_validation', 'my_custom_um_admin_builder_skip_field_validation', 10, 3 );
+ */
+ $skip = apply_filters( 'um_admin_builder_skip_field_validation', false, $post_input, $submission_data );
+ if ( $skip ) {
+ continue;
}
+ if ( ! array_key_exists( 'mode', $arr ) ) {
+ continue;
+ }
+
+ switch ( $arr['mode'] ) {
+ case 'numeric':
+ if ( ! empty( $submission_data['post'][ $post_input ] ) && ! is_numeric( $submission_data['post'][ $post_input ] ) ) {
+ $errors[ $post_input ] = $validate[ $post_input ]['error'];
+ }
+ break;
+ case 'unique':
+ if ( ! isset( $submission_data['post']['edit_mode'] ) ) {
+ $mode_error = UM()->builtin()->unique_field_err( $submission_data['post'][ $post_input ] );
+ if ( ! empty( $mode_error ) ) {
+ $errors[ $post_input ] = $mode_error;
+ }
+ }
+ break;
+ case 'required':
+ if ( '' === $submission_data['post'][ $post_input ] ) {
+ $errors[ $post_input ] = $validate[ $post_input ]['error'];
+ }
+ break;
+ case 'range-start':
+ if ( 'date_range' === $submission_data['post']['_range'] ) {
+ $mode_error = UM()->builtin()->date_range_start_err( $submission_data['post'][ $post_input ] );
+ if ( ! empty( $mode_error ) ) {
+ $errors[ $post_input ] = $mode_error;
+ }
+ }
+ break;
+ case 'range-end':
+ if ( 'date_range' === $submission_data['post']['_range'] ) {
+ $mode_error = UM()->builtin()->date_range_end_err( $submission_data['post'][ $post_input ], $submission_data['post']['_range_start'] );
+ if ( ! empty( $mode_error ) ) {
+ $errors[ $post_input ] = $mode_error;
+ }
+ }
+ break;
+ }
}
return $errors;
-
}
-
/**
- * Some fields may require extra fields before saving
+ * Some fields may require extra fields before saving.
*
- * @param $array
+ * @param array $submission_data
*
- * @return mixed
+ * @return array
*/
- function um_admin_pre_save_fields_hook( $array ) {
- /**
- * @var $form_id
- * @var $field_type
- */
- extract( $array );
+ public function um_admin_pre_save_fields_hook( $submission_data ) {
+ if ( ! array_key_exists( 'form_id', $submission_data ) || ! array_key_exists( 'field_type', $submission_data ) || ! array_key_exists( 'post', $submission_data ) ) {
+ return $submission_data;
+ }
- $fields_without_metakey = UM()->builtin()->get_fields_without_metakey();
+ $form_id = $submission_data['form_id'];
+ $field_type = $submission_data['field_type'];
$fields = UM()->query()->get_attr( 'custom_fields', $form_id );
- $count = 1;
+ $count = 1;
if ( ! empty( $fields ) ) {
$count = count( $fields ) + 1;
}
- // set unique meta key
- if ( in_array( $field_type, $fields_without_metakey ) && ! isset( $array['post']['_metakey'] ) ) {
- $array['post']['_metakey'] = "um_{$field_type}_{$form_id}_{$count}";
+ // Set unique meta key.
+ $fields_without_metakey = UM()->builtin()->get_fields_without_metakey();
+ if ( ! array_key_exists( '_metakey', $submission_data['post'] ) && in_array( $field_type, $fields_without_metakey, true ) ) {
+ $submission_data['post']['_metakey'] = "um_{$field_type}_{$form_id}_{$count}";
}
- // set position
- if ( ! isset( $array['post']['_position'] ) ) {
- $array['post']['_position'] = $count;
+ // Set position.
+ if ( ! array_key_exists( '_position', $submission_data['post'] ) ) {
+ $submission_data['post']['_position'] = $count;
}
- return $array;
+ return $submission_data;
}
-
/**
* Modify field args just before it is saved into form
*
@@ -374,7 +391,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
return '';
}
- foreach( $row_fields as $key => $array ) {
+ foreach ( $row_fields as $key => $array ) {
if ( ! isset( $array['in_sub_row'] ) || ( isset( $array['in_sub_row'] ) && $array['in_sub_row'] == $subrow_id ) ) {
$results[ $key ] = $array;
unset( $this->global_fields[ $key ] );
@@ -384,18 +401,15 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
return ( isset ( $results ) ) ? $results : '';
}
-
/**
- * Display the builder
+ * Display the builder.
*/
- function show_builder() {
-
+ public function show_builder() {
$fields = UM()->query()->get_attr( 'custom_fields', $this->form_id );
- if ( !isset( $fields ) || empty( $fields ) ) { ?>
-
+ if ( empty( $fields ) ) {
+ ?>
-
@@ -403,211 +417,164 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
-
-
-
global_fields = array();
- } else {
- $this->global_fields = $fields;
- }
-
- foreach ( $this->global_fields as $key => $array ) {
- if ( $array['type'] == 'row' ) {
- $rows[ $key ] = $array;
- unset( $this->global_fields[ $key ] ); // not needed now
+ $rows = array();
+ $this->global_fields = is_array( $fields ) ? $fields : array();
+ foreach ( $this->global_fields as $key => $field_data ) {
+ if ( array_key_exists( 'type', $field_data ) && 'row' === $field_data['type'] ) {
+ $rows[ $key ] = $field_data;
+ unset( $this->global_fields[ $key ] ); // Remove rows from global fields because not needed below.
}
-
}
- if ( ! isset( $rows ) ) {
+ // Set 1st row if there aren't any rows in form.
+ if ( empty( $rows ) ) {
$rows = array(
'_um_row_1' => array(
- 'type' => 'row',
- 'id' => '_um_row_1',
- 'sub_rows' => 1,
- 'cols' => 1
+ 'type' => 'row',
+ 'id' => '_um_row_1',
+ 'sub_rows' => 1,
+ 'cols' => 1,
),
);
}
- foreach ( $rows as $row_id => $array ) { ?>
-
+ foreach ( $rows as $row_id => $array ) {
+ ?>
+
+ get_fields_by_row( $row_id );
+ $sub_rows = array_key_exists( 'sub_rows', $array ) ? $array['sub_rows'] : 1;
- get_fields_by_row( $row_id );
-
- $sub_rows = ( isset( $array['sub_rows'] ) ) ? $array['sub_rows'] : 1;
- for ( $c = 0; $c < $sub_rows; $c++ ) {
-
+ for ( $c = 0; $c < $sub_rows; $c++ ) {
$subrow_fields = $this->get_fields_in_subrow( $row_fields, $c );
-
?>
-
-
-
';
+ $col_class = ( $col_num === $i ) ? 'active' : '';
+ ?>
+
+
-
-
- 0 ) { ?>
+ 0 ) { ?>
+
+
-
-
array_sort_by_column( $subrow_fields, 'position' );
+ foreach ( $subrow_fields as $key => $keyarray ) {
+ if ( ! array_key_exists( 'type', $keyarray ) || ! array_key_exists( 'title', $keyarray ) ) {
+ continue;
+ }
- $subrow_fields = $this->array_sort_by_column( $subrow_fields, 'position');
-
- foreach( $subrow_fields as $key => $keyarray ) {
- /**
- * @var $type
- * @var $title
- */
- extract( $keyarray );
-
+ $field_type = $keyarray['type'];
+ $field_title = $keyarray['title'];
+ $in_group = array_key_exists( 'in_group', $keyarray ) ? $keyarray['in_group'] : '';
+ $in_column = array_key_exists( 'in_column', $keyarray ) ? $keyarray['in_column'] : 1;
+ $icon = array_key_exists( 'icon', $keyarray ) ? $keyarray['icon'] : '';
+ $field_name = __( 'Invalid field type', 'ultimate-member' );
+ if ( array_key_exists( $field_type, UM()->builtin()->core_fields ) && array_key_exists( 'name', UM()->builtin()->core_fields[ $field_type ] ) ) {
+ $field_name = UM()->builtin()->core_fields[ $field_type ]['name'];
+ }
?>
-
-
-
-
-
+
+
+
-
-
-
- builtin()->core_fields[$type]['name'] ) ? UM()->builtin()->core_fields[$type]['name'] : ''; ?>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
+
-
-
admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
@@ -616,512 +583,486 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$output['error'] = null;
+ // phpcs:disable WordPress.Security.NonceVerification -- Already verified by `UM()->admin()->check_ajax_nonce()`
$array = array(
'field_type' => sanitize_key( $_POST['_type'] ),
'form_id' => absint( $_POST['post_id'] ),
'args' => UM()->builtin()->get_core_field_attrs( sanitize_key( $_POST['_type'] ) ),
'post' => UM()->admin()->sanitize_builder_field_meta( $_POST ),
);
+ // phpcs:enable WordPress.Security.NonceVerification -- Already verified by `UM()->admin()->check_ajax_nonce()`
/**
- * UM hook
+ * Filters the field data before save in Form Builder.
*
- * @type filter
- * @title um_admin_pre_save_fields_hook
- * @description Filter field data before save
- * @input_vars
- * [{"var":"$array","type":"array","desc":"Save Field data"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_filter( 'um_admin_pre_save_fields_hook', 'function_name', 10, 1 );
- * @example
- * Change submitted value to new one by the field key.
+ * function my_custom_um_admin_pre_save_fields_hook( $submission_data ) {
+ * $submission_data['post']['{field_key}'] = {new value};
+ * return $submission_data;
* }
- * ?>
+ * add_filter( 'um_admin_pre_save_fields_hook', 'my_custom_um_admin_pre_save_fields_hook' );
*/
$array = apply_filters( 'um_admin_pre_save_fields_hook', $array );
/**
- * UM hook
+ * Filters the validation errors on the update field in Form Builder.
*
- * @type filter
- * @title um_admin_field_update_error_handling
- * @description Change error string on save field
- * @input_vars
- * [{"var":"$error","type":"string","desc":"Error String"},
- * {"var":"$array","type":"array","desc":"Save Field data"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_filter( 'um_admin_field_update_error_handling', 'function_name', 10, 2 );
- * @example
- * Added error with Error text to the field by the field key.
+ * function my_custom_um_admin_field_update_error_handling( $errors, $submission_data ) {
+ * $errors['{field_key}'] = {Error text};
+ * return $errors;
* }
- * ?>
+ * add_filter( 'um_admin_field_update_error_handling', 'my_custom_um_admin_field_update_error_handling', 10, 2 );
*/
$output['error'] = apply_filters( 'um_admin_field_update_error_handling', $output['error'], $array );
-
- /**
- * @var $_metakey
- * @var $post_id
- */
- extract( $array['post'] );
-
if ( empty( $output['error'] ) ) {
-
- $save = array();
- $save[ $_metakey ] = null;
+ $save = array();
+ $field_id = $array['post']['_metakey']; // Set field ID as it's metakey.
+ $save[ $field_id ] = null;
foreach ( $array['post'] as $key => $val ) {
+ if ( '' !== $val && '_' === substr( $key, 0, 1 ) ) { // field attribute
+ $new_key = ltrim( $key, '_' );
- if ( substr( $key, 0, 1 ) === '_' && $val !== '' ) { // field attribute
- $new_key = ltrim ( $key, '_' );
-
- if ( $new_key == 'options' ) {
- //$save[ $_metakey ][$new_key] = explode(PHP_EOL, $val);
- $save[ $_metakey ][ $new_key ] = preg_split( '/[\r\n]+/', $val, -1, PREG_SPLIT_NO_EMPTY );
+ if ( 'options' === $new_key ) {
+ $save[ $field_id ][ $new_key ] = preg_split( '/[\r\n]+/', $val, -1, PREG_SPLIT_NO_EMPTY );
} else {
- $save[ $_metakey ][ $new_key ] = $val;
+ $save[ $field_id ][ $new_key ] = $val;
}
-
- } elseif ( strstr( $key, 'um_editor' ) ) {
-
+ } elseif ( false !== strpos( $key, 'um_editor' ) ) {
if ( 'block' === $array['post']['_type'] ) {
- $save[ $_metakey ]['content'] = wp_kses_post( $val );
+ $save[ $field_id ]['content'] = wp_kses_post( $val );
} else {
- $save[ $_metakey ]['content'] = sanitize_textarea_field( $val );
+ $save[ $field_id ]['content'] = sanitize_textarea_field( $val );
}
}
-
}
- $field_ID = $_metakey;
- $field_args = $save[ $_metakey ];
-
/**
- * UM hook
+ * Filters the field options before save to form on the update field in Form Builder.
*
- * @type filter
- * @title um_admin_pre_save_field_to_form
- * @description Change field options before save to form
- * @input_vars
- * [{"var":"$field_args","type":"array","desc":"Field Options"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_filter( 'um_admin_pre_save_field_to_form', 'function_name', 10, 1 );
- * @example
- * Force change the field's metakey when store it to DB for the form.
+ * function my_custom_um_admin_pre_save_field_to_form( $field_args ) {
+ * $field_args['metakey'] = {new_metakey};
* return $field_args;
* }
- * ?>
+ * add_filter( 'um_admin_pre_save_field_to_form', 'my_custom_um_admin_pre_save_field_to_form' );
*/
- $field_args = apply_filters( 'um_admin_pre_save_field_to_form', $field_args );
+ $field_args = apply_filters( 'um_admin_pre_save_field_to_form', $save[ $field_id ] );
- UM()->fields()->update_field( $field_ID, $field_args, $post_id );
+ UM()->fields()->update_field( $field_id, $field_args, $array['post']['post_id'] );
/**
- * UM hook
+ * Filters the field options before save to DB (globally) on the update field in Form Builder.
*
- * @type filter
- * @title um_admin_pre_save_field_to_db
- * @description Change field options before save to DB
- * @input_vars
- * [{"var":"$field_args","type":"array","desc":"Field Options"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_filter( 'um_admin_pre_save_field_to_db', 'function_name', 10, 1 );
- * @example
- * Force change the field's metakey when store it to DB globally.
+ * function my_custom_um_admin_pre_save_field_to_db( $field_args ) {
+ * $field_args['metakey'] = {new_metakey};
* return $field_args;
* }
- * ?>
+ * add_filter( 'um_admin_pre_save_field_to_db', 'my_custom_um_admin_pre_save_field_to_db' );
*/
$field_args = apply_filters( 'um_admin_pre_save_field_to_db', $field_args );
if ( ! isset( $array['args']['form_only'] ) ) {
- if ( ! isset( UM()->builtin()->predefined_fields[ $field_ID ] ) ) {
- UM()->fields()->globally_update_field( $field_ID, $field_args );
+ if ( ! isset( UM()->builtin()->predefined_fields[ $field_id ] ) ) {
+ UM()->fields()->globally_update_field( $field_id, $field_args );
}
}
-
}
- $output = json_encode( $output );
- if ( is_array( $output ) ) {
- print_r( $output );
- } else {
- echo $output;
- }
- die;
+ wp_send_json_success( $output );
}
-
/**
- *
+ * AJAX handler for dynamic content inside the modal window.
*/
- function dynamic_modal_content() {
+ public function dynamic_modal_content() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
+ // phpcs:disable WordPress.Security.NonceVerification -- already verified here
+ if ( empty( $_POST['act_id'] ) ) {
+ wp_send_json_error( __( 'Wrong dynamic-content attribute.', 'ultimate-member' ) );
+ }
+
$metabox = UM()->metabox();
+ $act_id = sanitize_key( $_POST['act_id'] );
- /**
- * @var $act_id
- * @var $arg1
- * @var $arg2
- * @var $arg3
- */
- extract( $_POST );
-
- if ( isset( $arg1 ) ) {
- $arg1 = sanitize_text_field( $arg1 );
+ $arg1 = null;
+ if ( isset( $_POST['arg1'] ) ) {
+ $arg1 = sanitize_text_field( $_POST['arg1'] );
}
- if ( isset( $arg2 ) ) {
- $arg2 = sanitize_text_field( $arg2 );
+ $arg2 = null;
+ if ( isset( $_POST['arg2'] ) ) {
+ $arg2 = sanitize_text_field( $_POST['arg2'] );
}
- if ( isset( $arg3 ) ) {
- $arg3 = sanitize_text_field( $arg3 );
+ $arg3 = null;
+ if ( isset( $_POST['arg3'] ) ) {
+ $arg3 = sanitize_text_field( $_POST['arg3'] );
}
- switch ( sanitize_key( $act_id ) ) {
+ $form_mode = null;
+ if ( isset( $_POST['form_mode'] ) ) {
+ $form_mode = sanitize_key( $_POST['form_mode'] );
+ }
+ $in_row = null;
+ if ( isset( $_POST['in_row'] ) ) {
+ $in_row = absint( $_POST['in_row'] );
+ }
+
+ $in_sub_row = null;
+ if ( isset( $_POST['in_sub_row'] ) ) {
+ $in_sub_row = absint( $_POST['in_sub_row'] );
+ }
+
+ $in_column = null;
+ if ( isset( $_POST['in_column'] ) ) {
+ $in_column = absint( $_POST['in_column'] );
+ }
+
+ $in_group = null;
+ if ( isset( $_POST['in_group'] ) ) {
+ $in_group = absint( $_POST['in_group'] );
+ }
+ // phpcs:enable WordPress.Security.NonceVerification -- already verified here
+
+ switch ( $act_id ) {
default:
-
ob_start();
-
/**
- * UM hook
+ * Fires for integration on AJAX popup admin builder modal content.
*
- * @type action
- * @title um_admin_ajax_modal_content__hook
- * @description Integration hook on ajax popup admin builder modal content
- * @input_vars
- * [{"var":"$act_id","type":"string","desc":"Ajax Action"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_action( 'um_admin_ajax_modal_content__hook', 'function_name', 10, 1 );
- * @example
- * Pass HTML to the custom UM modal with data-dynamic-content="user_info".
+ * function my_custom_um_admin_ajax_modal_content__hook( $act_id ) {
+ * if ( 'user_info' === $act_id ) {
+ * // Your HTML is here
+ * }
* }
- * ?>
+ * add_action( 'um_admin_ajax_modal_content__hook', 'my_custom_um_admin_ajax_modal_content__hook' );
*/
- do_action( 'um_admin_ajax_modal_content__hook', sanitize_key( $act_id ) );
+ do_action( 'um_admin_ajax_modal_content__hook', $act_id );
/**
- * UM hook
+ * Fires for integration on AJAX popup admin builder modal content.
*
- * @type action
- * @title um_admin_ajax_modal_content__hook_{$act_id}
- * @description Integration hook on ajax popup admin builder modal content
- * @change_log
- * ["Since: 2.0"]
- * @usage add_action( 'um_admin_ajax_modal_content__hook_{$act_id}', 'function_name', 10 );
- * @example
- * Pass HTML to the custom UM modal with data-dynamic-content="user_info".
+ * function my_custom_um_admin_ajax_modal_content__hook_user_info() {
+ * // Your HTML is here for `user_info` modal
* }
- * ?>
+ * add_action( 'um_admin_ajax_modal_content__hook_user_info', 'my_custom_um_admin_ajax_modal_content__hook_user_info' );
*/
- do_action( "um_admin_ajax_modal_content__hook_" . sanitize_key( $act_id ) );
-
+ do_action( 'um_admin_ajax_modal_content__hook_' . $act_id );
$output = ob_get_clean();
break;
-
case 'um_admin_fonticon_selector':
-
- ob_start(); ?>
-
+ ob_start();
+ ?>
-
- fonticons()->all as $icon ) { ?>
-
+ fonticons()->all as $icon ) { ?>
+
-
-
-
+
+ query()->get_attr( 'custom_fields', $arg2 );
$form_fields = array_values( array_filter( array_keys( $form_fields ) ) );
- //$form_fields = array_keys( $form_fields );
?>
-
-
+
-
- builtin()->core_fields ) {
- foreach ( UM()->builtin()->core_fields as $field_type => $array ) {
-
- if ( isset( $array['in_fields'] ) && $array['in_fields'] == false ) {
+ builtin()->core_fields ) {
+ foreach ( UM()->builtin()->core_fields as $field_type => $field_data ) {
+ if ( isset( $field_data['in_fields'] ) && false === $field_data['in_fields'] ) {
continue;
- } ?>
-
-
-
-
-
+ }
+ ?>
+
+
-
-
+
-
-
+
-
- builtin()->get_core_field_attrs( $arg1 );
+ $form_fields = UM()->query()->get_attr( 'custom_fields', $arg2 );
- ob_start();
-
- $args = UM()->builtin()->get_core_field_attrs( $arg1 );
-
- $form_fields = UM()->query()->get_attr( 'custom_fields', $arg2 );
+ if ( ! array_key_exists( $arg3, $form_fields ) ) {
+ $output = '' . esc_html__( 'This field is not setup correctly for this form.', 'ultimate-member' ) . '
';
+ break;
+ }
$metabox->set_field_type = $arg1;
- $metabox->in_edit = true;
- $metabox->edit_array = $form_fields[ $arg3 ];
+ $metabox->in_edit = true;
+ $metabox->edit_array = $form_fields[ $arg3 ];
- if ( !isset( $metabox->edit_array['metakey'] ) ){
+ if ( ! array_key_exists( 'metakey', $metabox->edit_array ) ) {
$metabox->edit_array['metakey'] = $metabox->edit_array['id'];
}
- if ( !isset( $metabox->edit_array['position'] ) ){
+ if ( ! array_key_exists( 'position', $metabox->edit_array ) ) {
$metabox->edit_array['position'] = $metabox->edit_array['id'];
}
- extract( $args );
-
- if ( ! isset( $col1 ) ) {
-
- echo ''. __( 'This field type is not setup correcty.', 'ultimate-member' ) . '
';
-
- } else {
+ ob_start();
+ if ( ! array_key_exists( 'col1', $field_type_data ) ) {
?>
-
- edit_array['in_group'] ) ) { ?>
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
- edit_array['content'] ) ? $metabox->edit_array['content'] : ''; ?>
+
+ edit_array['content'] ) ? wp_kses( $metabox->edit_array['content'], UM()->get_allowed_html( 'templates' ) ) : ''; ?>
modal_header(); ?>
-
- field_input ( $opt, $arg2, $metabox->edit_array ); } ?>
-
+ field_input( $opt, $arg2, $metabox->edit_array );
+ }
+ }
+ ?>
-
-
- field_input ( $opt, $arg2, $metabox->edit_array ); } ?>
-
-
-
- field_input ( $opt, $arg2, $metabox->edit_array ); } ?>
-
+ field_input( $opt, $arg2, $metabox->edit_array );
+ }
+ }
+ ?>
+
-
- field_input ( $opt, $arg2, $metabox->edit_array ); } ?>
-
- modal_footer( $arg2, $args, $metabox ); ?>
-
field_input( $opt, $arg2, $metabox->edit_array );
+ }
+ }
+ ?>
+
+ field_input( $opt, $arg2, $metabox->edit_array );
+ }
+ }
+ $this->modal_footer( $arg2, $field_type_data, $metabox );
}
-
$output = ob_get_clean();
break;
-
case 'um_admin_new_field_popup':
+ // $arg1 means `field_type` variable in this case.
+ // $arg2 means `form_id` variable in this case.
+ $field_type_data = UM()->builtin()->get_core_field_attrs( $arg1 );
+ $metabox->set_field_type = $arg1;
ob_start();
- $args = UM()->builtin()->get_core_field_attrs( $arg1 );
-
- $metabox->set_field_type = $arg1;
-
- /**
- * @var $in_row
- * @var $in_sub_row
- * @var $in_column
- * @var $in_group
- */
- extract( $args );
-
- if ( ! isset( $col1 ) ) {
-
- echo ''. __( 'This field type is not setup correcty.', 'ultimate-member' ) . '
';
-
+ if ( ! array_key_exists( 'col1', $field_type_data ) ) {
+ ?>
+
+
-
-
-
-
-
-
-
-
-
+ ?>
+
+
+
+
+
+
modal_header(); ?>
-
- field_input ( $opt ); } ?>
-
+ field_input( $opt );
+ }
+ }
+ ?>
-
-
- field_input ( $opt ); } ?>
-
-
-
- field_input ( $opt ); } ?>
-
+ field_input( $opt );
+ }
+ }
+ ?>
+
-
- field_input ( $opt ); } ?>
-
- modal_footer( $arg2, $args, $metabox ); ?>
-
field_input( $opt );
+ }
+ }
+ ?>
+
+ field_input( $opt );
+ }
+ }
+ $this->modal_footer( $arg2, $field_type_data, $metabox );
}
-
$output = ob_get_clean();
break;
-
case 'um_admin_preview_form':
-
+ // $arg1 means `form_id` variable in this case.
UM()->user()->preview = true;
- $mode = UM()->query()->get_attr('mode', $arg1 );
-
- if ( $mode == 'profile' ) {
+ $mode = UM()->query()->get_attr( 'mode', $arg1 );
+ if ( empty( $mode ) ) {
+ $mode = $form_mode;
+ }
+ if ( 'profile' === $mode ) {
UM()->fields()->editing = true;
}
- $output = '';
-
- if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
- $output .= do_shortcode('[ultimatemember form_id="' . $arg1 . '" /]');
- } else {
- $output .= apply_shortcodes('[ultimatemember form_id="' . $arg1 . '" /]');
- }
-
+ $output = '';
+ $output .= apply_shortcodes( '[ultimatemember form_id="' . $arg1 . '" /]' );
break;
-
case 'um_admin_review_registration':
- //$user_id = $arg1;
-
- if ( ! current_user_can( 'administrator' ) ) {
- if ( ! um_can_view_profile( $arg1 ) ) {
- $output = '';
- break;
- }
+ // $arg1 means `user_id` variable in this case.
+ if ( ! current_user_can( 'administrator' ) && ! um_can_view_profile( $arg1 ) ) {
+ $output = '';
+ break;
}
-
um_fetch_user( $arg1 );
-
UM()->user()->preview = true;
-
- $output = um_user_submitted_registration_formatted( true );
-
+ $output = um_user_submitted_registration_formatted( true );
um_reset_user();
-
break;
-
}
- if ( is_array( $output ) ) {
- print_r( $output );
- } else {
- echo $output;
- }
+ // @todo WPCS through wp_kses.
+ echo $output;
die;
}
-
/**
*
*/
diff --git a/includes/admin/core/class-admin-dragdrop.php b/includes/admin/core/class-admin-dragdrop.php
index b135b91c..b6614b70 100644
--- a/includes/admin/core/class-admin-dragdrop.php
+++ b/includes/admin/core/class-admin-dragdrop.php
@@ -35,18 +35,19 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
*/
public function update_order() {
UM()->admin()->check_ajax_nonce();
+ // phpcs:disable WordPress.Security.NonceVerification -- already verified here
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
- /**
- * @var $form_id
- */
- extract( $_POST );
+ if ( empty( $_POST['form_id'] ) ) {
+ wp_send_json_error( __( 'Invalid form ID.', 'ultimate-member' ) );
+ }
- if ( isset( $form_id ) ) {
- $form_id = absint( $form_id );
+ $form_id = absint( $_POST['form_id'] );
+ if ( empty( $form_id ) ) {
+ wp_send_json_error( __( 'Invalid form ID.', 'ultimate-member' ) );
}
$fields = UM()->query()->get_attr( 'custom_fields', $form_id );
@@ -71,12 +72,11 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
// adding rows
if ( 0 === strpos( $key, '_um_row_' ) ) {
-
$update_args = null;
$row_id = str_replace( '_um_row_', '', $key );
- if ( strstr( $_POST[ '_um_rowcols_' . $row_id . '_cols' ], ':' ) ) {
+ if ( false !== strpos( $_POST[ '_um_rowcols_' . $row_id . '_cols' ], ':' ) ) {
$cols = sanitize_text_field( $_POST[ '_um_rowcols_' . $row_id . '_cols' ] );
} else {
$cols = absint( $_POST[ '_um_rowcols_' . $row_id . '_cols' ] );
@@ -105,7 +105,6 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
}
$fields[ $key ] = $row_args;
-
}
// change field position
@@ -160,16 +159,16 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
update_option( 'um_form_rowdata_' . $form_id, $this->row_data );
UM()->query()->update_attr( 'custom_fields', $form_id, $fields );
+ // phpcs:enable WordPress.Security.NonceVerification -- already verified here
}
/**
* Load form to maintain form order.
*/
public function load_field_order() {
-
$screen = get_current_screen();
- if ( ! isset( $screen->id ) || 'um_form' !== $screen->id ) {
+ if ( ! isset( $screen, $screen->id ) || 'um_form' !== $screen->id ) {
return;
} ?>
diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index e226068d..2b4a9c96 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -61,6 +61,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*/
public $is_loaded = false;
+ public $set_field_type;
+
/**
* Admin_Metabox constructor.
*/
@@ -1820,7 +1822,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
?>
-
+
-
+
-
+
-
+
@@ -2283,7 +2285,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
?>
-
+
-
+
-
+
core_fields[ $type ] ) ) ? $this->core_fields[ $type ] : array('');
+ public function get_core_field_attrs( $type ) {
+ return array_key_exists( $type, $this->core_fields ) ? $this->core_fields[ $type ] : array( '' );
}
-
/**
* Core Fields
*/
- function set_core_fields() {
-
+ public function set_core_fields() {
$this->core_fields = array(
-
'row' => array(
'name' => 'Row',
'in_fields' => false,
@@ -651,21 +647,21 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
),
/*'group' => array(
- 'name' => 'Field Group',
- 'col1' => array('_title','_max_entries'),
- 'col2' => array('_label','_public','_roles'),
- 'form_only' => true,
- 'validate' => array(
- '_title' => array(
- 'mode' => 'required',
- 'error' => 'You must provide a title'
- ),
- '_label' => array(
- 'mode' => 'required',
- 'error' => 'You must provide a label'
- ),
- )
- ),*/
+ 'name' => 'Field Group',
+ 'col1' => array('_title','_max_entries'),
+ 'col2' => array('_label','_public','_roles'),
+ 'form_only' => true,
+ 'validate' => array(
+ '_title' => array(
+ 'mode' => 'required',
+ 'error' => 'You must provide a title'
+ ),
+ '_label' => array(
+ 'mode' => 'required',
+ 'error' => 'You must provide a label'
+ ),
+ )
+ ),*/
);
@@ -1379,48 +1375,43 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
}
}
-
/**
- * Get all fields without metakeys
+ * Get all fields without metakeys.
*
* @since 2.0.56
*
* @return array
*/
- function get_fields_without_metakey() {
+ public function get_fields_without_metakey() {
$fields_without_metakey = array(
'block',
'shortcode',
'spacing',
'divider',
- 'group'
+ 'group',
);
-
/**
- * UM hook
+ * Filters the field types without meta key.
*
- * @type filter
- * @title um_fields_without_metakey
- * @description Field Types without meta key
- * @input_vars
- * [{"var":"$types","type":"array","desc":"Field Types"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage add_filter( 'um_fields_without_metakey', 'function_name', 10, 1 );
- * @example
- * It adds 'location' and 'distance' field-types to fields without metakeys array.
+ * function my_custom_um_fields_without_metakey( $field_types ) {
+ * $field_types[] = 'location';
+ * $field_types[] = 'distance';
+ * return $field_types;
* }
- * ?>
+ * add_filter( 'um_fields_without_metakey', 'my_custom_um_fields_without_metakey' );
*/
return apply_filters( 'um_fields_without_metakey', $fields_without_metakey );
}
-
/**
* May be used to show a dropdown, or source for user meta
*
diff --git a/includes/core/class-password.php b/includes/core/class-password.php
index dfd14cef..df8c3c2e 100644
--- a/includes/core/class-password.php
+++ b/includes/core/class-password.php
@@ -1,34 +1,36 @@
change_password ) ) {
+ if ( false !== $this->change_password ) {
// then COOKIE are valid then get data from them and populate hidden fields for the password reset form
$args['template'] = 'password-change';
$args['rp_key'] = '';
diff --git a/includes/core/class-query.php b/includes/core/class-query.php
index ef19440a..80b72e42 100644
--- a/includes/core/class-query.php
+++ b/includes/core/class-query.php
@@ -95,9 +95,9 @@ if ( ! class_exists( 'um\core\Query' ) ) {
}
$pages = $wpdb->get_results(
- "SELECT *
- FROM {$wpdb->posts}
- WHERE post_type = 'page' AND
+ "SELECT *
+ FROM {$wpdb->posts}
+ WHERE post_type = 'page' AND
post_status = 'publish'",
OBJECT
);
@@ -363,21 +363,18 @@ if ( ! class_exists( 'um\core\Query' ) ) {
update_post_meta( $post_id, '_um_' . $key, $new_value );
}
-
/**
- * Get data
+ * Get postmeta related to Ultimate Member.
*
- * @param $key
- * @param $post_id
+ * @param string $key
+ * @param int $post_id
*
* @return mixed
*/
- function get_attr( $key, $post_id ) {
- $meta = get_post_meta( $post_id, '_um_' . $key, true );
- return $meta;
+ public function get_attr( $key, $post_id ) {
+ return get_post_meta( $post_id, '_um_' . $key, true );
}
-
/**
* Delete data
*