/modules/contact-form/grunion-contact-form.php

  1. <?php 
  2.  
  3. /** 
  4. Plugin Name: Grunion Contact Form 
  5. Description: Add a contact form to any post, page or text widget. Emails will be sent to the post's author by default, or any email address you choose. As seen on WordPress.com. 
  6. Plugin URI: http://automattic.com/# 
  7. AUthor: Automattic, Inc. 
  8. Author URI: http://automattic.com/ 
  9. Version: 2.4 
  10. License: GPLv2 or later 
  11. */ 
  12.  
  13. define( 'GRUNION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); 
  14. define( 'GRUNION_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); 
  15.  
  16. if ( is_admin() ) 
  17. require_once GRUNION_PLUGIN_DIR . '/admin.php'; 
  18.  
  19. /** 
  20. * Sets up various actions, filters, post types, post statuses, shortcodes. 
  21. */ 
  22. class Grunion_Contact_Form_Plugin { 
  23.  
  24. /** 
  25. * @var string The Widget ID of the widget currently being processed. Used to build the unique contact-form ID for forms embedded in widgets. 
  26. */ 
  27. public $current_widget_id; 
  28.  
  29. static $using_contact_form_field = false; 
  30.  
  31. static function init() { 
  32. static $instance = false; 
  33.  
  34. if ( !$instance ) { 
  35. $instance = new Grunion_Contact_Form_Plugin; 
  36.  
  37. return $instance; 
  38.  
  39. /** 
  40. * Strips HTML tags from input. Output is NOT HTML safe. 
  41. * 
  42. * @param string $string 
  43. * @return string 
  44. */ 
  45. public static function strip_tags( $string ) { 
  46. $string = wp_kses( $string, array() ); 
  47. return str_replace( '&', '&', $string ); // undo damage done by wp_kses_normalize_entities() 
  48.  
  49. function __construct() { 
  50. $this->add_shortcode(); 
  51.  
  52. // While generating the output of a text widget with a contact-form shortcode, we need to know its widget ID. 
  53. add_action( 'dynamic_sidebar', array( $this, 'track_current_widget' ) ); 
  54.  
  55. // Add a "widget" shortcode attribute to all contact-form shortcodes embedded in widgets 
  56. add_filter( 'widget_text', array( $this, 'widget_atts' ), 0 ); 
  57.  
  58. // If Text Widgets don't get shortcode processed, hack ours into place. 
  59. if ( !has_filter( 'widget_text', 'do_shortcode' ) ) 
  60. add_filter( 'widget_text', array( $this, 'widget_shortcode_hack' ), 5 ); 
  61.  
  62. // Akismet to the rescue 
  63. if ( defined( 'AKISMET_VERSION' ) || function_exists( 'akismet_http_post' ) ) { 
  64. add_filter( 'jetpack_contact_form_is_spam', array( $this, 'is_spam_akismet' ), 10, 2 ); 
  65. add_action( 'contact_form_akismet', array( $this, 'akismet_submit' ), 10, 2 ); 
  66.  
  67. add_action( 'loop_start', array( 'Grunion_Contact_Form', '_style_on' ) ); 
  68.  
  69. add_action( 'wp_ajax_grunion-contact-form', array( $this, 'ajax_request' ) ); 
  70. add_action( 'wp_ajax_nopriv_grunion-contact-form', array( $this, 'ajax_request' ) ); 
  71.  
  72. // Export to CSV feature 
  73. if ( is_admin() ) { 
  74. add_action( 'admin_init', array( $this, 'download_feedback_as_csv' ) ); 
  75. add_action( 'admin_footer-edit.php', array( $this, 'export_form' ) ); 
  76.  
  77. // custom post type we'll use to keep copies of the feedback items 
  78. register_post_type( 'feedback', array( 
  79. 'labels' => array( 
  80. 'name' => __( 'Feedback', 'jetpack' ),  
  81. 'singular_name' => __( 'Feedback', 'jetpack' ),  
  82. 'search_items' => __( 'Search Feedback', 'jetpack' ),  
  83. 'not_found' => __( 'No feedback found', 'jetpack' ),  
  84. 'not_found_in_trash' => __( 'No feedback found', 'jetpack' ) 
  85. ),  
  86. 'menu_icon' => GRUNION_PLUGIN_URL . '/images/grunion-menu.png',  
  87. 'show_ui' => TRUE,  
  88. 'show_in_admin_bar' => FALSE,  
  89. 'public' => FALSE,  
  90. 'rewrite' => FALSE,  
  91. 'query_var' => FALSE,  
  92. 'capability_type' => 'page' 
  93. ) ); 
  94.  
  95. // Add to REST API post type whitelist 
  96. add_filter( 'rest_api_allowed_post_types', array( $this, 'allow_feedback_rest_api_type' ) ); 
  97.  
  98. // Add "spam" as a post status 
  99. register_post_status( 'spam', array( 
  100. 'label' => 'Spam',  
  101. 'public' => FALSE,  
  102. 'exclude_from_search' => TRUE,  
  103. 'show_in_admin_all_list' => FALSE,  
  104. 'label_count' => _n_noop( 'Spam <span class="count">(%s)</span>', 'Spam <span class="count">(%s)</span>', 'jetpack' ),  
  105. 'protected' => TRUE,  
  106. '_builtin' => FALSE 
  107. ) ); 
  108.  
  109. // POST handler 
  110. if ( 
  111. isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) 
  112. && 
  113. isset( $_POST['action'] ) && 'grunion-contact-form' == $_POST['action'] 
  114. && 
  115. isset( $_POST['contact-form-id'] ) 
  116. ) { 
  117. add_action( 'template_redirect', array( $this, 'process_form_submission' ) ); 
  118.  
  119. /** Can be dequeued by placing the following in wp-content/themes/yourtheme/functions.php 
  120. * 
  121. * function remove_grunion_style() { 
  122. * wp_deregister_style('grunion.css'); 
  123. * } 
  124. * add_action('wp_print_styles', 'remove_grunion_style'); 
  125. */ 
  126. if( is_rtl() ) { 
  127. wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/rtl/grunion-rtl.css', array(), JETPACK__VERSION ); 
  128. } else { 
  129. wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/grunion.css', array(), JETPACK__VERSION ); 
  130.  
  131. /** 
  132. * Add to REST API post type whitelist 
  133. */ 
  134. function allow_feedback_rest_api_type( $post_types ) { 
  135. $post_types[] = 'feedback'; 
  136. return $post_types; 
  137.  
  138. /** 
  139. * Handles all contact-form POST submissions 
  140. * 
  141. * Conditionally attached to `template_redirect` 
  142. */ 
  143. function process_form_submission() { 
  144. // Add a filter to replace tokens in the subject field with sanitized field values 
  145. add_filter( 'contact_form_subject', array( $this, 'replace_tokens_with_input' ), 10, 2 ); 
  146.  
  147. $id = stripslashes( $_POST['contact-form-id'] ); 
  148.  
  149. if ( is_user_logged_in() ) { 
  150. check_admin_referer( "contact-form_{$id}" ); 
  151.  
  152. $is_widget = 0 === strpos( $id, 'widget-' ); 
  153.  
  154. $form = false; 
  155.  
  156. if ( $is_widget ) { 
  157. // It's a form embedded in a text widget 
  158.  
  159. $this->current_widget_id = substr( $id, 7 ); // remove "widget-" 
  160. $widget_type = implode( '-', array_slice( explode( '-', $this->current_widget_id ), 0, -1 ) ); // Remove trailing -# 
  161.  
  162. // Is the widget active? 
  163. $sidebar = is_active_widget( false, $this->current_widget_id, $widget_type ); 
  164.  
  165. // This is lame - no core API for getting a widget by ID 
  166. $widget = isset( $GLOBALS['wp_registered_widgets'][$this->current_widget_id] ) ? $GLOBALS['wp_registered_widgets'][$this->current_widget_id] : false; 
  167.  
  168. if ( $sidebar && $widget && isset( $widget['callback'] ) ) { 
  169. // This is lamer - no API for outputting a given widget by ID 
  170. ob_start(); 
  171. // Process the widget to populate Grunion_Contact_Form::$last 
  172. call_user_func( $widget['callback'], array(), $widget['params'][0] ); 
  173. ob_end_clean(); 
  174. } else { 
  175. // It's a form embedded in a post 
  176.  
  177. $post = get_post( $id ); 
  178.  
  179. // Process the content to populate Grunion_Contact_Form::$last 
  180. apply_filters( 'the_content', $post->post_content ); 
  181.  
  182. $form = Grunion_Contact_Form::$last; 
  183.  
  184. // No form may mean user is using do_shortcode, grab the form using the stored post meta 
  185. if ( ! $form ) { 
  186.  
  187. // Get shortcode from post meta 
  188. $shortcode = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode', true ); 
  189.  
  190. // Format it 
  191. if ( $shortcode != '' ) { 
  192. $shortcode = '[contact-form]' . $shortcode . '[/contact-form]'; 
  193. do_shortcode( $shortcode ); 
  194.  
  195. // Recreate form 
  196. $form = Grunion_Contact_Form::$last; 
  197.  
  198. if ( ! $form ) { 
  199. return false; 
  200.  
  201. if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() ) 
  202. return $form->errors; 
  203.  
  204. // Process the form 
  205. return $form->process_submission(); 
  206.  
  207. function ajax_request() { 
  208. $submission_result = self::process_form_submission(); 
  209.  
  210. if ( ! $submission_result ) { 
  211. header( "HTTP/1.1 500 Server Error", 500, true ); 
  212. echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">'; 
  213. esc_html_e( 'An error occurred. Please try again later.', 'jetpack' ); 
  214. echo '</li></ul></div>'; 
  215. } elseif ( is_wp_error( $submission_result ) ) { 
  216. header( "HTTP/1.1 400 Bad Request", 403, true ); 
  217. echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">'; 
  218. echo esc_html( $submission_result->get_error_message() ); 
  219. echo '</li></ul></div>'; 
  220. } else { 
  221. echo '<h3>' . esc_html__( 'Message Sent', 'jetpack' ) . '</h3>' . $submission_result; 
  222.  
  223. die; 
  224.  
  225. /** 
  226. * Ensure the post author is always zero for contact-form feedbacks 
  227. * Attached to `wp_insert_post_data` 
  228. * 
  229. * @see Grunion_Contact_Form::process_submission() 
  230. * 
  231. * @param array $data the data to insert 
  232. * @param array $postarr the data sent to wp_insert_post() 
  233. * @return array The filtered $data to insert 
  234. */ 
  235. function insert_feedback_filter( $data, $postarr ) { 
  236. if ( $data['post_type'] == 'feedback' && $postarr['post_type'] == 'feedback' ) { 
  237. $data['post_author'] = 0; 
  238.  
  239. return $data; 
  240. /** 
  241. * Adds our contact-form shortcode 
  242. * The "child" contact-field shortcode is enabled as needed by the contact-form shortcode handler 
  243. */ 
  244. function add_shortcode() { 
  245. add_shortcode( 'contact-form', array( 'Grunion_Contact_Form', 'parse' ) ); 
  246. add_shortcode( 'contact-field', array( 'Grunion_Contact_Form', 'parse_contact_field' ) ); 
  247.  
  248. static function tokenize_label( $label ) { 
  249. return '{' . trim( preg_replace( '#^\d+_#', '', $label ) ) . '}'; 
  250.  
  251. static function sanitize_value( $value ) { 
  252. return preg_replace( '=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value ); 
  253.  
  254. /** 
  255. * Replaces tokens like {city} or {City} (case insensitive) with the value 
  256. * of an input field of that name 
  257. * 
  258. * @param string $subject 
  259. * @param array $field_values Array with field label => field value associations 
  260. * 
  261. * @return string The filtered $subject with the tokens replaced 
  262. */ 
  263. function replace_tokens_with_input( $subject, $field_values ) { 
  264. // Wrap labels into tokens (inside {}) 
  265. $wrapped_labels = array_map( array( 'Grunion_Contact_Form_Plugin', 'tokenize_label' ), array_keys( $field_values ) ); 
  266. // Sanitize all values 
  267. $sanitized_values = array_map( array( 'Grunion_Contact_Form_Plugin', 'sanitize_value' ), array_values( $field_values ) ); 
  268.  
  269. // Search for all valid tokens (based on existing fields) and replace with the field's value 
  270. $subject = str_ireplace( $wrapped_labels, $sanitized_values, $subject ); 
  271. return $subject; 
  272.  
  273. /** 
  274. * Tracks the widget currently being processed. 
  275. * Attached to `dynamic_sidebar` 
  276. * 
  277. * @see $current_widget_id 
  278. * 
  279. * @param array $widget The widget data 
  280. */ 
  281. function track_current_widget( $widget ) { 
  282. $this->current_widget_id = $widget['id']; 
  283.  
  284. /** 
  285. * Adds a "widget" attribute to every contact-form embedded in a text widget. 
  286. * Used to tell the difference between post-embedded contact-forms and widget-embedded contact-forms 
  287. * Attached to `widget_text` 
  288. * 
  289. * @param string $text The widget text 
  290. * @return string The filtered widget text 
  291. */ 
  292. function widget_atts( $text ) { 
  293. Grunion_Contact_Form::style( true ); 
  294.  
  295. return preg_replace( '/\[contact-form([^a-zA-Z_-])/', '[contact-form widget="' . $this->current_widget_id . '"\\1', $text ); 
  296.  
  297. /** 
  298. * For sites where text widgets are not processed for shortcodes, we add this hack to process just our shortcode 
  299. * Attached to `widget_text` 
  300. * 
  301. * @param string $text The widget text 
  302. * @return string The contact-form filtered widget text 
  303. */ 
  304. function widget_shortcode_hack( $text ) { 
  305. if ( !preg_match( '/\[contact-form([^a-zA-Z_-])/', $text ) ) { 
  306. return $text; 
  307.  
  308. $old = $GLOBALS['shortcode_tags']; 
  309. remove_all_shortcodes(); 
  310. Grunion_Contact_Form_Plugin::$using_contact_form_field = true; 
  311. $this->add_shortcode(); 
  312.  
  313. $text = do_shortcode( $text ); 
  314.  
  315. Grunion_Contact_Form_Plugin::$using_contact_form_field = false; 
  316. $GLOBALS['shortcode_tags'] = $old; 
  317.  
  318. return $text; 
  319.  
  320. /** 
  321. * Populate an array with all values necessary to submit a NEW contact-form feedback to Akismet. 
  322. * Note that this includes the current user_ip etc, so this should only be called when accepting a new item via $_POST 
  323. * 
  324. * @param array $form Contact form feedback array 
  325. * @return array feedback array with additional data ready for submission to Akismet 
  326. */ 
  327. function prepare_for_akismet( $form ) { 
  328. $form['comment_type'] = 'contact_form'; 
  329. $form['user_ip'] = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] ); 
  330. $form['user_agent'] = $_SERVER['HTTP_USER_AGENT']; 
  331. $form['referrer'] = $_SERVER['HTTP_REFERER']; 
  332. $form['blog'] = get_option( 'home' ); 
  333.  
  334. $ignore = array( 'HTTP_COOKIE' ); 
  335.  
  336. foreach ( $_SERVER as $k => $value ) 
  337. if ( !in_array( $k, $ignore ) && is_string( $value ) ) 
  338. $form["$k"] = $value; 
  339.  
  340. return $form; 
  341.  
  342. /** 
  343. * Submit contact-form data to Akismet to check for spam. 
  344. * If you're accepting a new item via $_POST, run it Grunion_Contact_Form_Plugin::prepare_for_akismet() first 
  345. * Attached to `jetpack_contact_form_is_spam` 
  346. * 
  347. * @param bool $is_spam 
  348. * @param array $form 
  349. * @return bool|WP_Error TRUE => spam, FALSE => not spam, WP_Error => stop processing entirely 
  350. */ 
  351. function is_spam_akismet( $is_spam, $form = array() ) { 
  352. global $akismet_api_host, $akismet_api_port; 
  353.  
  354. // The signature of this function changed from accepting just $form. 
  355. // If something only sends an array, assume it's still using the old 
  356. // signature and work around it. 
  357. if ( empty( $form ) && is_array( $is_spam ) ) { 
  358. $form = $is_spam; 
  359. $is_spam = false; 
  360.  
  361. // If a previous filter has alrady marked this as spam, trust that and move on. 
  362. if ( $is_spam ) { 
  363. return $is_spam; 
  364.  
  365. if ( !function_exists( 'akismet_http_post' ) && !defined( 'AKISMET_VERSION' ) ) 
  366. return false; 
  367.  
  368. $query_string = http_build_query( $form ); 
  369.  
  370. if ( method_exists( 'Akismet', 'http_post' ) ) { 
  371. $response = Akismet::http_post( $query_string, 'comment-check' ); 
  372. } else { 
  373. $response = akismet_http_post( $query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port ); 
  374.  
  375. $result = false; 
  376.  
  377. if ( isset( $response[0]['x-akismet-pro-tip'] ) && 'discard' === trim( $response[0]['x-akismet-pro-tip'] ) && get_option( 'akismet_strictness' ) === '1' ) 
  378. $result = new WP_Error( 'feedback-discarded', __('Feedback discarded.', 'jetpack' ) ); 
  379. elseif ( isset( $response[1] ) && 'true' == trim( $response[1] ) ) // 'true' is spam 
  380. $result = true; 
  381.  
  382. return apply_filters( 'contact_form_is_spam_akismet', $result, $form ); 
  383.  
  384. /** 
  385. * Submit a feedback as either spam or ham 
  386. * 
  387. * @param string $as Either 'spam' or 'ham'. 
  388. * @param array $form the contact-form data 
  389. */ 
  390. function akismet_submit( $as, $form ) { 
  391. global $akismet_api_host, $akismet_api_port; 
  392.  
  393. if ( !in_array( $as, array( 'ham', 'spam' ) ) ) 
  394. return false; 
  395.  
  396. $query_string = ''; 
  397. if ( is_array( $form ) ) 
  398. $query_string = http_build_query( $form ); 
  399. if ( method_exists( 'Akismet', 'http_post' ) ) { 
  400. $response = Akismet::http_post( $query_string, "submit-{$as}" ); 
  401. } else { 
  402. $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port ); 
  403.  
  404. return trim( $response[1] ); 
  405.  
  406. /** 
  407. * Prints the menu 
  408. */ 
  409. function export_form() { 
  410. if ( get_current_screen()->id != 'edit-feedback' ) 
  411. return; 
  412.  
  413. if ( ! current_user_can( 'export' ) ) { 
  414. return; 
  415.  
  416. // if there aren't any feedbacks, bail out 
  417. if ( ! (int) wp_count_posts( 'feedback' )->publish ) 
  418. return; 
  419. ?> 
  420.  
  421. <div id="feedback-export" style="display:none"> 
  422. <h2><?php _e( 'Export feedback as CSV', 'jetpack' ) ?></h2> 
  423. <div class="clear"></div> 
  424. <form action="<?php echo admin_url( 'admin-post.php' ); ?>" method="post" class="form"> 
  425. <?php wp_nonce_field( 'feedback_export', 'feedback_export_nonce' ); ?> 
  426.  
  427. <input name="action" value="feedback_export" type="hidden"> 
  428. <label for="post"><?php _e( 'Select feedback to download', 'jetpack' ) ?></label> 
  429. <select name="post"> 
  430. <option value="all"><?php esc_html_e( 'All posts', 'jetpack' ) ?></option> 
  431. <?php echo $this->get_feedbacks_as_options() ?> 
  432. </select> 
  433.  
  434. <br><br> 
  435. <input type="submit" name="submit" id="submit" class="button button-primary" value="<?php esc_html_e( 'Download', 'jetpack' ); ?>"> 
  436. </form> 
  437. </div> 
  438.  
  439. <?php 
  440. // There aren't any usable actions in core to output the "export feedback" form in the correct place,  
  441. // so this inline JS moves it from the top of the page to the bottom. 
  442. ?> 
  443. <script type='text/javascript'> 
  444. var menu = document.getElementById( 'feedback-export' ),  
  445. wrapper = document.getElementsByClassName( 'wrap' )[0]; 
  446. wrapper.appendChild(menu); 
  447. menu.style.display = 'block'; 
  448. </script> 
  449. <?php 
  450.  
  451. /** 
  452. * download as a csv a contact form or all of them in a csv file 
  453. */ 
  454. function download_feedback_as_csv() { 
  455. if ( empty( $_POST['feedback_export_nonce'] ) ) 
  456. return; 
  457.  
  458. check_admin_referer( 'feedback_export', 'feedback_export_nonce' ); 
  459.  
  460. if ( ! current_user_can( 'export' ) ) { 
  461. return; 
  462.  
  463. $args = array( 
  464. 'posts_per_page' => -1,  
  465. 'post_type' => 'feedback',  
  466. 'post_status' => 'publish',  
  467. 'order' => 'ASC',  
  468. 'fields' => 'ids',  
  469. 'suppress_filters' => false,  
  470. ); 
  471.  
  472. $filename = date( "Y-m-d" ) . '-feedback-export.csv'; 
  473.  
  474. // Check if we want to download all the feedbacks or just a certain contact form 
  475. if ( ! empty( $_POST['post'] ) && $_POST['post'] !== 'all' ) { 
  476. $args['post_parent'] = (int) $_POST['post']; 
  477. $filename = date( "Y-m-d" ) . '-' . str_replace( ' ', '-', get_the_title( (int) $_POST['post'] ) ) . '.csv'; 
  478.  
  479. $feedbacks = get_posts( $args ); 
  480. $filename = sanitize_file_name( $filename ); 
  481. $fields = $this->get_field_names( $feedbacks ); 
  482.  
  483. array_unshift( $fields, __( 'Contact Form', 'jetpack' ) ); 
  484.  
  485. if ( empty( $feedbacks ) ) 
  486. return; 
  487.  
  488. // Forces the download of the CSV instead of echoing 
  489. header( 'Content-Disposition: attachment; filename=' . $filename ); 
  490. header( 'Pragma: no-cache' ); 
  491. header( 'Expires: 0' ); 
  492. header( 'Content-Type: text/csv; charset=utf-8' ); 
  493.  
  494. $output = fopen( 'php://output', 'w' ); 
  495.  
  496. // Prints the header 
  497. fputcsv( $output, $fields ); 
  498.  
  499. // Create the csv string from the array of post ids 
  500. foreach ( $feedbacks as $feedback ) { 
  501. fputcsv( $output, self::make_csv_row_from_feedback( $feedback, $fields ) ); 
  502.  
  503. fclose( $output ); 
  504.  
  505. /** 
  506. * Returns a string of HTML <option> items from an array of posts 
  507. * 
  508. * @return string a string of HTML <option> items 
  509. */ 
  510. protected function get_feedbacks_as_options() { 
  511. $options = ''; 
  512.  
  513. // Get the feedbacks' parents' post IDs 
  514. $feedbacks = get_posts( array( 
  515. 'fields' => 'id=>parent',  
  516. 'posts_per_page' => 100000,  
  517. 'post_type' => 'feedback',  
  518. 'post_status' => 'publish',  
  519. 'suppress_filters' => false,  
  520. ) ); 
  521. $parents = array_unique( array_values( $feedbacks ) ); 
  522.  
  523. $posts = get_posts( array( 
  524. 'orderby' => 'ID',  
  525. 'posts_per_page' => 1000,  
  526. 'post_type' => 'any',  
  527. 'post__in' => array_values( $parents ),  
  528. 'suppress_filters' => false,  
  529. ) ); 
  530.  
  531. // creates the string of <option> elements 
  532. foreach ( $posts as $post ) { 
  533. $options .= sprintf( '<option value="%s">%s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) ); 
  534.  
  535. return $options; 
  536.  
  537. /** 
  538. * Get the names of all the form's fields 
  539. * 
  540. * @param array|int $posts the post we want the fields of 
  541. * @return array the array of fields 
  542. */ 
  543. protected function get_field_names( $posts ) { 
  544. $posts = (array) $posts; 
  545. $all_fields = array(); 
  546.  
  547. foreach ( $posts as $post ) { 
  548. $fields = self::parse_fields_from_content( $post ); 
  549.  
  550. if ( isset( $fields['_feedback_all_fields'] ) ) { 
  551. $extra_fields = array_keys( $fields['_feedback_all_fields'] ); 
  552. $all_fields = array_merge( $all_fields, $extra_fields ); 
  553.  
  554. $all_fields = array_unique( $all_fields ); 
  555. return $all_fields; 
  556.  
  557. public static function parse_fields_from_content( $post_id ) { 
  558. static $post_fields; 
  559.  
  560. if ( !is_array( $post_fields ) ) 
  561. $post_fields = array(); 
  562.  
  563. if ( isset( $post_fields[$post_id] ) ) 
  564. return $post_fields[$post_id]; 
  565.  
  566. $all_values = array(); 
  567. $post_content = get_post_field( 'post_content', $post_id ); 
  568. $content = explode( '<!--more-->', $post_content ); 
  569. $lines = array(); 
  570.  
  571. if ( count( $content ) > 1 ) { 
  572. $content = str_ireplace( array( '<br />', ')</p>' ), '', $content[1] ); 
  573. $one_line = preg_replace( '/\s+/', ' ', $content ); 
  574. $one_line = preg_replace( '/.*Array \( (.*)\)/', '$1', $one_line ); 
  575.  
  576. preg_match_all( '/\[([^\]]+)\] =\>\; ([^\[]+)/', $one_line, $matches ); 
  577.  
  578. if ( count( $matches ) > 1 ) 
  579. $all_values = array_combine( array_map('trim', $matches[1]), array_map('trim', $matches[2]) ); 
  580.  
  581. $lines = array_filter( explode( "\n", $content ) ); 
  582.  
  583. $var_map = array( 
  584. 'AUTHOR' => '_feedback_author',  
  585. 'AUTHOR EMAIL' => '_feedback_author_email',  
  586. 'AUTHOR URL' => '_feedback_author_url',  
  587. 'SUBJECT' => '_feedback_subject',  
  588. 'IP' => '_feedback_ip' 
  589. ); 
  590.  
  591. $fields = array(); 
  592.  
  593. foreach( $lines as $line ) { 
  594. $vars = explode( ': ', $line, 2 ); 
  595. if ( !empty( $vars ) ) { 
  596. if ( isset( $var_map[$vars[0]] ) ) { 
  597. $fields[$var_map[$vars[0]]] = self::strip_tags( trim( $vars[1] ) ); 
  598.  
  599. $fields['_feedback_all_fields'] = $all_values; 
  600.  
  601. $post_fields[$post_id] = $fields; 
  602.  
  603. return $fields; 
  604.  
  605. /** 
  606. * Creates a valid csv row from a post id 
  607. * 
  608. * @param int $post_id The id of the post 
  609. * @param array $fields An array containing the names of all the fields of the csv 
  610. * @return String The csv row 
  611. */ 
  612. protected static function make_csv_row_from_feedback( $post_id, $fields ) { 
  613. $content_fields = self::parse_fields_from_content( $post_id ); 
  614. $all_fields = array(); 
  615.  
  616. if ( isset( $content_fields['_feedback_all_fields'] ) ) 
  617. $all_fields = $content_fields['_feedback_all_fields']; 
  618.  
  619. // Overwrite the parsed content with the content we stored in post_meta in a better format. 
  620. $extra_fields = get_post_meta( $post_id, '_feedback_extra_fields', true ); 
  621. foreach ( $extra_fields as $extra_field => $extra_value ) { 
  622. $all_fields[$extra_field] = $extra_value; 
  623.  
  624. // The first element in all of the exports will be the subject 
  625. $row_items[] = $content_fields['_feedback_subject']; 
  626.  
  627. // Loop the fields array in order to fill the $row_items array correctly 
  628. foreach ( $fields as $field ) { 
  629. if ( $field === __( 'Contact Form', 'jetpack' ) ) // the first field will ever be the contact form, so we can continue 
  630. continue; 
  631. elseif ( array_key_exists( $field, $all_fields ) ) 
  632. $row_items[] = $all_fields[$field]; 
  633. else 
  634. $row_items[] = ''; 
  635.  
  636. return $row_items; 
  637.  
  638. public static function get_ip_address() { 
  639. return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null; 
  640.  
  641. /** 
  642. * Generic shortcode class. 
  643. * Does nothing other than store structured data and output the shortcode as a string 
  644. * 
  645. * Not very general - specific to Grunion. 
  646. */ 
  647. class Crunion_Contact_Form_Shortcode { 
  648. /** 
  649. * @var string the name of the shortcode: [$shortcode_name /] 
  650. */ 
  651. public $shortcode_name; 
  652.  
  653. /** 
  654. * @var array key => value pairs for the shortcode's attributes: [$shortcode_name key="value" ... /] 
  655. */ 
  656. public $attributes; 
  657.  
  658. /** 
  659. * @var array key => value pair for attribute defaults 
  660. */ 
  661. public $defaults = array(); 
  662.  
  663. /** 
  664. * @var null|string Null for selfclosing shortcodes. Hhe inner content of otherwise: [$shortcode_name]$content[/$shortcode_name] 
  665. */ 
  666. public $content; 
  667.  
  668. /** 
  669. * @var array Associative array of inner "child" shortcodes equivalent to the $content: [$shortcode_name][child 1/][child 2/][/$shortcode_name] 
  670. */ 
  671. public $fields; 
  672.  
  673. /** 
  674. * @var null|string The HTML of the parsed inner "child" shortcodes". Null for selfclosing shortcodes. 
  675. */ 
  676. public $body; 
  677.  
  678. /** 
  679. * @param array $attributes An associative array of shortcode attributes. @see shortcode_atts() 
  680. * @param null|string $content Null for selfclosing shortcodes. The inner content otherwise. 
  681. */ 
  682. function __construct( $attributes, $content = null ) { 
  683. $this->attributes = $this->unesc_attr( $attributes ); 
  684. if ( is_array( $content ) ) { 
  685. $string_content = ''; 
  686. foreach ( $content as $field ) { 
  687. $string_content .= (string) $field; 
  688.  
  689. $this->content = $string_content; 
  690. } else { 
  691. $this->content = $content; 
  692.  
  693. $this->parse_content( $this->content ); 
  694.  
  695. /** 
  696. * Processes the shortcode's inner content for "child" shortcodes 
  697. * 
  698. * @param string $content The shortcode's inner content: [shortcode]$content[/shortcode] 
  699. */ 
  700. function parse_content( $content ) { 
  701. if ( is_null( $content ) ) { 
  702. $this->body = null; 
  703.  
  704. $this->body = do_shortcode( $content ); 
  705.  
  706. /** 
  707. * Returns the value of the requested attribute. 
  708. * 
  709. * @param string $key The attribute to retrieve 
  710. * @return mixed 
  711. */ 
  712. function get_attribute( $key ) { 
  713. return isset( $this->attributes[$key] ) ? $this->attributes[$key] : null; 
  714.  
  715. function esc_attr( $value ) { 
  716. if ( is_array( $value ) ) { 
  717. return array_map( array( $this, 'esc_attr' ), $value ); 
  718.  
  719. $value = Grunion_Contact_Form_Plugin::strip_tags( $value ); 
  720. $value = _wp_specialchars( $value, ENT_QUOTES, false, true ); 
  721.  
  722. // Shortcode attributes can't contain "]" 
  723. $value = str_replace( ']', '', $value ); 
  724. $value = str_replace( ', ', ',', $value ); // store commas encoded 
  725. $value = strtr( $value, array( '%' => '%25', '&' => '%26' ) ); 
  726.  
  727. // shortcode_parse_atts() does stripcslashes() 
  728. $value = addslashes( $value ); 
  729. return $value; 
  730.  
  731. function unesc_attr( $value ) { 
  732. if ( is_array( $value ) ) { 
  733. return array_map( array( $this, 'unesc_attr' ), $value ); 
  734.  
  735. // For back-compat with old Grunion encoding 
  736. // Also, unencode commas 
  737. $value = strtr( $value, array( '%26' => '&', '%25' => '%' ) ); 
  738. $value = preg_replace( array( '/�*22;/i', '/�*27;/i', '/�*26;/i', '/�*2c;/i' ), array( '"', "'", '&', ', ' ), $value ); 
  739. $value = htmlspecialchars_decode( $value, ENT_QUOTES ); 
  740. $value = Grunion_Contact_Form_Plugin::strip_tags( $value ); 
  741.  
  742. return $value; 
  743.  
  744. /** 
  745. * Generates the shortcode 
  746. */ 
  747. function __toString() { 
  748. $r = "[{$this->shortcode_name} "; 
  749.  
  750. foreach ( $this->attributes as $key => $value ) { 
  751. if ( !$value ) { 
  752. continue; 
  753.  
  754. if ( isset( $this->defaults[$key] ) && $this->defaults[$key] == $value ) { 
  755. continue; 
  756.  
  757. if ( 'id' == $key ) { 
  758. continue; 
  759.  
  760. $value = $this->esc_attr( $value ); 
  761.  
  762. if ( is_array( $value ) ) { 
  763. $value = join( ', ', $value ); 
  764.  
  765. if ( false === strpos( $value, "'" ) ) { 
  766. $value = "'$value'"; 
  767. } elseif ( false === strpos( $value, '"' ) ) { 
  768. $value = '"' . $value . '"'; 
  769. } else { 
  770. // Shortcodes can't contain both '"' and "'". Strip one. 
  771. $value = str_replace( "'", '', $value ); 
  772. $value = "'$value'"; 
  773.  
  774. $r .= "{$key}={$value} "; 
  775.  
  776. $r = rtrim( $r ); 
  777.  
  778. if ( $this->fields ) { 
  779. $r .= ']'; 
  780.  
  781. foreach ( $this->fields as $field ) { 
  782. $r .= (string) $field; 
  783.  
  784. $r .= "[/{$this->shortcode_name}]"; 
  785. } else { 
  786. $r .= '/]'; 
  787.  
  788. return $r; 
  789.  
  790. /** 
  791. * Class for the contact-form shortcode. 
  792. * Parses shortcode to output the contact form as HTML 
  793. * Sends email and stores the contact form response (a.k.a. "feedback") 
  794. */ 
  795. class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode { 
  796. public $shortcode_name = 'contact-form'; 
  797.  
  798. /** 
  799. * @var WP_Error stores form submission errors 
  800. */ 
  801. public $errors; 
  802.  
  803. /** 
  804. * @var Grunion_Contact_Form The most recent (inclusive) contact-form shortcode processed 
  805. */ 
  806. static $last; 
  807.  
  808. /** 
  809. * @var Whatever form we are currently looking at. If processed, will become $last 
  810. */ 
  811. static $current_form; 
  812.  
  813. /** 
  814. * @var bool Whether to print the grunion.css style when processing the contact-form shortcode 
  815. */ 
  816. static $style = false; 
  817.  
  818. function __construct( $attributes, $content = null ) { 
  819. global $post; 
  820.  
  821. // Set up the default subject and recipient for this form 
  822. $default_to = ''; 
  823. $default_subject = "[" . get_option( 'blogname' ) . "]"; 
  824.  
  825. if ( !empty( $attributes['widget'] ) && $attributes['widget'] ) { 
  826. $default_to .= get_option( 'admin_email' ); 
  827. $attributes['id'] = 'widget-' . $attributes['widget']; 
  828. $default_subject = sprintf( _x( '%1$s Sidebar', '%1$s = blog name', 'jetpack' ), $default_subject ); 
  829. } else if ( $post ) { 
  830. $attributes['id'] = $post->ID; 
  831. $default_subject = sprintf( _x( '%1$s %2$s', '%1$s = blog name, %2$s = post title', 'jetpack' ), $default_subject, Grunion_Contact_Form_Plugin::strip_tags( $post->post_title ) ); 
  832. $post_author = get_userdata( $post->post_author ); 
  833. $default_to .= $post_author->user_email; 
  834.  
  835. // Keep reference to $this for parsing form fields 
  836. self::$current_form = $this; 
  837.  
  838. $this->defaults = array( 
  839. 'to' => $default_to,  
  840. 'subject' => $default_subject,  
  841. 'show_subject' => 'no', // only used in back-compat mode 
  842. 'widget' => 0, // Not exposed to the user. Works with Grunion_Contact_Form_Plugin::widget_atts() 
  843. 'id' => null, // Not exposed to the user. Set above. 
  844. 'submit_button_text' => __( 'Submit »', 'jetpack' ),  
  845. ); 
  846.  
  847. $attributes = shortcode_atts( $this->defaults, $attributes, 'contact-form' ); 
  848.  
  849. // We only enable the contact-field shortcode temporarily while processing the contact-form shortcode 
  850. Grunion_Contact_Form_Plugin::$using_contact_form_field = true; 
  851.  
  852. parent::__construct( $attributes, $content ); 
  853.  
  854. // There were no fields in the contact form. The form was probably just [contact-form /]. Build a default form. 
  855. if ( empty( $this->fields ) ) { 
  856. // same as the original Grunion v1 form 
  857. $default_form = ' 
  858. [contact-field label="' . __( 'Name', 'jetpack' ) . '" type="name" required="true" /] 
  859. [contact-field label="' . __( 'Email', 'jetpack' ) . '" type="email" required="true" /] 
  860. [contact-field label="' . __( 'Website', 'jetpack' ) . '" type="url" /]'; 
  861.  
  862. if ( 'yes' == strtolower( $this->get_attribute( 'show_subject' ) ) ) { 
  863. $default_form .= ' 
  864. [contact-field label="' . __( 'Subject', 'jetpack' ) . '" type="subject" /]'; 
  865.  
  866. $default_form .= ' 
  867. [contact-field label="' . __( 'Message', 'jetpack' ) . '" type="textarea" /]'; 
  868.  
  869. $this->parse_content( $default_form ); 
  870.  
  871. // Store the shortcode 
  872. $this->store_shortcode( $default_form, $attributes ); 
  873. } else { 
  874. // Store the shortcode 
  875. $this->store_shortcode( $content, $attributes ); 
  876.  
  877. // $this->body and $this->fields have been setup. We no longer need the contact-field shortcode. 
  878. Grunion_Contact_Form_Plugin::$using_contact_form_field = false; 
  879.  
  880. /** 
  881. * Store shortcode content for recall later 
  882. * - used to receate shortcode when user uses do_shortcode 
  883. * 
  884. * @param string $content 
  885. */ 
  886. static function store_shortcode( $content = null, $attributes = null ) { 
  887.  
  888. if ( $content != null and isset( $attributes['id'] ) ) { 
  889.  
  890. $shortcode_meta = get_post_meta( $attributes['id'], '_g_feedback_shortcode', true ); 
  891.  
  892. if ( $shortcode_meta != '' or $shortcode_meta != $content ) { 
  893. update_post_meta( $attributes['id'], '_g_feedback_shortcode', $content ); 
  894.  
  895.  
  896. /** 
  897. * Toggle for printing the grunion.css stylesheet 
  898. * 
  899. * @param bool $style 
  900. */ 
  901. static function style( $style ) { 
  902. $previous_style = self::$style; 
  903. self::$style = (bool) $style; 
  904. return $previous_style; 
  905.  
  906. /** 
  907. * Turn on printing of grunion.css stylesheet 
  908. * @see ::style() 
  909. * @internal 
  910. * @param bool $style 
  911. */ 
  912. static function _style_on() { 
  913. return self::style( true ); 
  914.  
  915. /** 
  916. * The contact-form shortcode processor 
  917. * 
  918. * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts() 
  919. * @param string|null $content The shortcode's inner content: [contact-form]$content[/contact-form] 
  920. * @return string HTML for the concat form. 
  921. */ 
  922. static function parse( $attributes, $content ) { 
  923. // Create a new Grunion_Contact_Form object (this class) 
  924. $form = new Grunion_Contact_Form( $attributes, $content ); 
  925.  
  926. $id = $form->get_attribute( 'id' ); 
  927.  
  928. if ( !$id ) { // something terrible has happened 
  929. return '[contact-form]'; 
  930.  
  931. if ( is_feed() ) { 
  932. return '[contact-form]'; 
  933.  
  934. // Only allow one contact form per post/widget 
  935. if ( self::$last && $id == self::$last->get_attribute( 'id' ) ) { 
  936. // We're processing the same post 
  937.  
  938. if ( self::$last->attributes != $form->attributes || self::$last->content != $form->content ) { 
  939. // And we're processing a different shortcode; 
  940. return ''; 
  941. } // else, we're processing the same shortcode - probably a separate run of do_shortcode() - let it through 
  942.  
  943. } else { 
  944. self::$last = $form; 
  945.  
  946. // Enqueue the grunion.css stylesheet if self::$style allows it 
  947. if ( self::$style && ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) ) { 
  948. // Enqueue the style here instead of printing it, because if some other plugin has run the_post()+rewind_posts(),  
  949. // (like VideoPress does), the style tag gets "printed" the first time and discarded, leaving the contact form unstyled. 
  950. // when WordPress does the real loop. 
  951. wp_enqueue_style( 'grunion.css' ); 
  952.  
  953. $r = ''; 
  954. $r .= "<div id='contact-form-$id'>\n"; 
  955.  
  956. if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() ) { 
  957. // There are errors. Display them 
  958. $r .= "<div class='form-error'>\n<h3>" . __( 'Error!', 'jetpack' ) . "</h3>\n<ul class='form-errors'>\n"; 
  959. foreach ( $form->errors->get_error_messages() as $message ) 
  960. $r .= "\t<li class='form-error-message'>" . esc_html( $message ) . "</li>\n"; 
  961. $r .= "</ul>\n</div>\n\n"; 
  962.  
  963. if ( isset( $_GET['contact-form-id'] ) && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' ) && isset( $_GET['contact-form-sent'] ) ) { 
  964. // The contact form was submitted. Show the success message/results 
  965.  
  966. $feedback_id = (int) $_GET['contact-form-sent']; 
  967.  
  968. $back_url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', '_wpnonce' ) ); 
  969.  
  970. $r_success_message = 
  971. "<h3>" . __( 'Message Sent', 'jetpack' ) . 
  972. ' (<a href="' . esc_url( $back_url ) . '">' . esc_html__( 'go back', 'jetpack' ) . '</a>)' . 
  973. "</h3>\n\n"; 
  974.  
  975. // Don't show the feedback details unless the nonce matches 
  976. if ( $feedback_id && wp_verify_nonce( stripslashes( $_GET['_wpnonce'] ), "contact-form-sent-{$feedback_id}" ) ) { 
  977. $r_success_message .= self::success_message( $feedback_id, $form ); 
  978.  
  979. $r .= apply_filters( 'grunion_contact_form_success_message', $r_success_message ); 
  980. } else { 
  981. // Nothing special - show the normal contact form 
  982.  
  983. if ( $form->get_attribute( 'widget' ) ) { 
  984. // Submit form to the current URL 
  985. $url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', 'action', '_wpnonce' ) ); 
  986. } else { 
  987. // Submit form to the post permalink 
  988. $url = get_permalink(); 
  989.  
  990. // For SSL/TLS page. See RFC 3986 Section 4.2 
  991. $url = set_url_scheme( $url ); 
  992.  
  993. // May eventually want to send this to admin-post.php... 
  994. $url = apply_filters( 'grunion_contact_form_form_action', "{$url}#contact-form-{$id}", $GLOBALS['post'], $id ); 
  995.  
  996. $r .= "<form action='" . esc_url( $url ) . "' method='post' class='contact-form commentsblock'>\n"; 
  997. $r .= $form->body; 
  998. $r .= "\t<p class='contact-submit'>\n"; 
  999. $r .= "\t\t<input type='submit' value='" . esc_attr( $form->get_attribute( 'submit_button_text' ) ) . "' class='pushbutton-wide'/>\n"; 
  1000. if ( is_user_logged_in() ) { 
  1001. $r .= "\t\t" . wp_nonce_field( 'contact-form_' . $id, '_wpnonce', true, false ) . "\n"; // nonce and referer 
  1002. $r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n"; 
  1003. $r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n"; 
  1004. $r .= "\t</p>\n"; 
  1005. $r .= "</form>\n"; 
  1006.  
  1007. $r .= "</div>"; 
  1008.  
  1009. return $r; 
  1010.  
  1011. /** 
  1012. * Returns a success message to be returned if the form is sent via AJAX. 
  1013. * 
  1014. * @param int $feedback_id 
  1015. * @param object Grunion_Contact_Form $form 
  1016. * 
  1017. * @return string $message 
  1018. */ 
  1019. static function success_message( $feedback_id, $form ) { 
  1020. return wp_kses( 
  1021. '<blockquote class="contact-form-submission">' 
  1022. . '<p>' . join( self::get_compiled_form( $feedback_id, $form ), '</p><p>' ) . '</p>' 
  1023. . '</blockquote>',  
  1024. array( 'br' => array(), 'blockquote' => array( 'class' => array() ), 'p' => array() ) 
  1025. ); 
  1026.  
  1027. /** 
  1028. * Returns a compiled form with labels and values in a form of an array 
  1029. * of lines. 
  1030. * @param int $feedback_id 
  1031. * @param object Grunion_Contact_Form $form 
  1032. * 
  1033. * @return array $lines 
  1034. */ 
  1035. static function get_compiled_form( $feedback_id, $form ) { 
  1036. $feedback = get_post( $feedback_id ); 
  1037. $field_ids = $form->get_field_ids(); 
  1038. $content_fields = Grunion_Contact_Form_Plugin::parse_fields_from_content( $feedback_id ); 
  1039.  
  1040. // Maps field_ids to post_meta keys 
  1041. $field_value_map = array( 
  1042. 'name' => 'author',  
  1043. 'email' => 'author_email',  
  1044. 'url' => 'author_url',  
  1045. 'subject' => 'subject',  
  1046. 'textarea' => false, // not a post_meta key. This is stored in post_content 
  1047. ); 
  1048.  
  1049. $compiled_form = array(); 
  1050.  
  1051. // "Standard" field whitelist 
  1052. foreach ( $field_value_map as $type => $meta_key ) { 
  1053. if ( isset( $field_ids[$type] ) ) { 
  1054. $field = $form->fields[$field_ids[$type]]; 
  1055.  
  1056. if ( $meta_key ) { 
  1057. if ( isset( $content_fields["_feedback_{$meta_key}"] ) ) 
  1058. $value = $content_fields["_feedback_{$meta_key}"]; 
  1059. } else { 
  1060. // The feedback content is stored as the first "half" of post_content 
  1061. $value = $feedback->post_content; 
  1062. list( $value ) = explode( '<!--more-->', $value ); 
  1063. $value = trim( $value ); 
  1064.  
  1065. $field_index = array_search( $field_ids[ $type ], $field_ids['all'] ); 
  1066. $compiled_form[ $field_index ] = sprintf( 
  1067. _x( '%1$s: %2$s', '%1$s = form field label, %2$s = form field value', 'jetpack' ),  
  1068. wp_kses( $field->get_attribute( 'label' ), array() ),  
  1069. wp_kses( $value, array() ) 
  1070. ); 
  1071.  
  1072. // "Non-standard" fields 
  1073. if ( $field_ids['extra'] ) { 
  1074. // array indexed by field label (not field id) 
  1075. $extra_fields = get_post_meta( $feedback_id, '_feedback_extra_fields', true ); 
  1076. $extra_field_keys = array_keys( $extra_fields ); 
  1077.  
  1078. $i = 0; 
  1079. foreach ( $field_ids['extra'] as $field_id ) { 
  1080. $field = $form->fields[$field_id]; 
  1081. $field_index = array_search( $field_id, $field_ids['all'] ); 
  1082.  
  1083. $label = $field->get_attribute( 'label' ); 
  1084.  
  1085. $compiled_form[ $field_index ] = sprintf( 
  1086. _x( '%1$s: %2$s', '%1$s = form field label, %2$s = form field value', 'jetpack' ),  
  1087. wp_kses( $label, array() ),  
  1088. wp_kses( $extra_fields[$extra_field_keys[$i]], array() ) 
  1089. ); 
  1090.  
  1091. $i++; 
  1092.  
  1093. // Sorting lines by the field index 
  1094. ksort( $compiled_form ); 
  1095.  
  1096. return $compiled_form; 
  1097.  
  1098. /** 
  1099. * The contact-field shortcode processor 
  1100. * We use an object method here instead of a static Grunion_Contact_Form_Field class method to parse contact-field shortcodes so that we can tie them to the contact-form object. 
  1101. * 
  1102. * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts() 
  1103. * @param string|null $content The shortcode's inner content: [contact-field]$content[/contact-field] 
  1104. * @return HTML for the contact form field 
  1105. */ 
  1106. static function parse_contact_field( $attributes, $content ) { 
  1107. // Don't try to parse contact form fields if not inside a contact form 
  1108. if ( ! Grunion_Contact_Form_Plugin::$using_contact_form_field ) { 
  1109. $att_strs = array(); 
  1110. foreach ( $attributes as $att => $val ) { 
  1111. if ( is_numeric( $att ) ) { // Is a valueless attribute 
  1112. $att_strs[] = esc_html( $val ); 
  1113. } else if ( isset( $val ) ) { // A regular attr - value pair 
  1114. $att_strs[] = esc_html( $att ) . '=\'' . esc_html( $val ) . '\''; 
  1115.  
  1116. $html = '[contact-field ' . implode( ' ', $att_strs ); 
  1117.  
  1118. if ( isset( $content ) && ! empty( $content ) ) { // If there is content, let's add a closing tag 
  1119. $html .= ']' . esc_html( $content ) . '[/contact-field]'; 
  1120. } else { // Otherwise let's add a closing slash in the first tag 
  1121. $html .= '/]'; 
  1122.  
  1123. return $html; 
  1124.  
  1125. $form = Grunion_Contact_Form::$current_form; 
  1126.  
  1127. $field = new Grunion_Contact_Form_Field( $attributes, $content, $form ); 
  1128.  
  1129. $field_id = $field->get_attribute( 'id' ); 
  1130. if ( $field_id ) { 
  1131. $form->fields[$field_id] = $field; 
  1132. } else { 
  1133. $form->fields[] = $field; 
  1134.  
  1135. if ( 
  1136. isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action'] 
  1137. && 
  1138. isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id'] 
  1139. ) { 
  1140. // If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary. 
  1141. $field->validate(); 
  1142.  
  1143. // Output HTML 
  1144. return $field->render(); 
  1145.  
  1146. /** 
  1147. * Loops through $this->fields to generate a (structured) list of field IDs 
  1148. * @return array 
  1149. */ 
  1150. function get_field_ids() { 
  1151. $field_ids = array( 
  1152. 'all' => array(), // array of all field_ids 
  1153. 'extra' => array(), // array of all non-whitelisted field IDs 
  1154.  
  1155. // Whitelisted "standard" field IDs: 
  1156. // 'email' => field_id,  
  1157. // 'name' => field_id,  
  1158. // 'url' => field_id,  
  1159. // 'subject' => field_id,  
  1160. // 'textarea' => field_id,  
  1161. ); 
  1162.  
  1163. foreach ( $this->fields as $id => $field ) { 
  1164. $field_ids['all'][] = $id; 
  1165.  
  1166. $type = $field->get_attribute( 'type' ); 
  1167. if ( isset( $field_ids[$type] ) ) { 
  1168. // This type of field is already present in our whitelist of "standard" fields for this form 
  1169. // Put it in extra 
  1170. $field_ids['extra'][] = $id; 
  1171. continue; 
  1172.  
  1173. switch ( $type ) { 
  1174. case 'email' : 
  1175. case 'telephone' : 
  1176. case 'name' : 
  1177. case 'url' : 
  1178. case 'subject' : 
  1179. case 'textarea' : 
  1180. $field_ids[$type] = $id; 
  1181. break; 
  1182. default : 
  1183. // Put everything else in extra 
  1184. $field_ids['extra'][] = $id; 
  1185.  
  1186. return $field_ids; 
  1187.  
  1188. /** 
  1189. * Process the contact form's POST submission 
  1190. * Stores feedback. Sends email. 
  1191. */ 
  1192. function process_submission() { 
  1193. global $post; 
  1194.  
  1195. $plugin = Grunion_Contact_Form_Plugin::init(); 
  1196.  
  1197. $id = $this->get_attribute( 'id' ); 
  1198. $to = $this->get_attribute( 'to' ); 
  1199. $widget = $this->get_attribute( 'widget' ); 
  1200.  
  1201. $contact_form_subject = $this->get_attribute( 'subject' ); 
  1202.  
  1203. $to = str_replace( ' ', '', $to ); 
  1204. $emails = explode( ', ', $to ); 
  1205.  
  1206. $valid_emails = array(); 
  1207.  
  1208. foreach ( (array) $emails as $email ) { 
  1209. if ( !is_email( $email ) ) { 
  1210. continue; 
  1211.  
  1212. if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $email ) ) { 
  1213. continue; 
  1214.  
  1215. $valid_emails[] = $email; 
  1216.  
  1217. // No one to send it to, which means none of the "to" attributes are valid emails. 
  1218. // Use default email instead. 
  1219. if ( !$valid_emails ) { 
  1220. $valid_emails = $this->defaults['to']; 
  1221.  
  1222. $to = $valid_emails; 
  1223.  
  1224. // Last ditch effort to set a recipient if somehow none have been set. 
  1225. if ( empty( $to ) ) { 
  1226. $to = get_option( 'admin_email' ); 
  1227.  
  1228. // Make sure we're processing the form we think we're processing... probably a redundant check. 
  1229. if ( $widget ) { 
  1230. if ( 'widget-' . $widget != $_POST['contact-form-id'] ) { 
  1231. return false; 
  1232. } else { 
  1233. if ( $post->ID != $_POST['contact-form-id'] ) { 
  1234. return false; 
  1235.  
  1236. $field_ids = $this->get_field_ids(); 
  1237.  
  1238. // Initialize all these "standard" fields to null 
  1239. $comment_author_email = $comment_author_email_label = // v 
  1240. $comment_author = $comment_author_label = // v 
  1241. $comment_author_url = $comment_author_url_label = // v 
  1242. $comment_content = $comment_content_label = null; 
  1243.  
  1244. // For each of the "standard" fields, grab their field label and value. 
  1245.  
  1246. if ( isset( $field_ids['name'] ) ) { 
  1247. $field = $this->fields[$field_ids['name']]; 
  1248. $comment_author = Grunion_Contact_Form_Plugin::strip_tags( stripslashes( apply_filters( 'pre_comment_author_name', addslashes( $field->value ) ) ) ); 
  1249. $comment_author_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1250.  
  1251. if ( isset( $field_ids['email'] ) ) { 
  1252. $field = $this->fields[$field_ids['email']]; 
  1253. $comment_author_email = Grunion_Contact_Form_Plugin::strip_tags( stripslashes( apply_filters( 'pre_comment_author_email', addslashes( $field->value ) ) ) ); 
  1254. $comment_author_email_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1255.  
  1256. if ( isset( $field_ids['url'] ) ) { 
  1257. $field = $this->fields[$field_ids['url']]; 
  1258. $comment_author_url = Grunion_Contact_Form_Plugin::strip_tags( stripslashes( apply_filters( 'pre_comment_author_url', addslashes( $field->value ) ) ) ); 
  1259. if ( 'http://' == $comment_author_url ) { 
  1260. $comment_author_url = ''; 
  1261. $comment_author_url_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1262.  
  1263. if ( isset( $field_ids['textarea'] ) ) { 
  1264. $field = $this->fields[$field_ids['textarea']]; 
  1265. $comment_content = trim( Grunion_Contact_Form_Plugin::strip_tags( $field->value ) ); 
  1266. $comment_content_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1267.  
  1268. if ( isset( $field_ids['subject'] ) ) { 
  1269. $field = $this->fields[$field_ids['subject']]; 
  1270. if ( $field->value ) { 
  1271. $contact_form_subject = Grunion_Contact_Form_Plugin::strip_tags( $field->value ); 
  1272.  
  1273. $all_values = $extra_values = array(); 
  1274. $i = 1; // Prefix counter for stored metadata 
  1275.  
  1276. // For all fields, grab label and value 
  1277. foreach ( $field_ids['all'] as $field_id ) { 
  1278. $field = $this->fields[$field_id]; 
  1279. $label = $i . '_' . $field->get_attribute( 'label' ); 
  1280. $value = $field->value; 
  1281.  
  1282. $all_values[$label] = $value; 
  1283. $i++; // Increment prefix counter for the next field 
  1284.  
  1285. // For the "non-standard" fields, grab label and value 
  1286. // Extra fields have their prefix starting from count( $all_values ) + 1 
  1287. foreach ( $field_ids['extra'] as $field_id ) { 
  1288. $field = $this->fields[$field_id]; 
  1289. $label = $i . '_' . $field->get_attribute( 'label' ); 
  1290. $value = $field->value; 
  1291.  
  1292. $extra_values[$label] = $value; 
  1293. $i++; // Increment prefix counter for the next extra field 
  1294.  
  1295. $contact_form_subject = trim( $contact_form_subject ); 
  1296.  
  1297. $comment_author_IP = Grunion_Contact_Form_Plugin::get_ip_address(); 
  1298.  
  1299. $vars = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP' ); 
  1300. foreach ( $vars as $var ) 
  1301. $$var = str_replace( array( "\n", "\r" ), '', $$var ); 
  1302.  
  1303. // Ensure that Akismet gets all of the relevant information from the contact form,  
  1304. // not just the textarea field and predetermined subject. 
  1305. $akismet_vars = compact( $vars ); 
  1306. $akismet_vars['comment_content'] = $comment_content; 
  1307.  
  1308. foreach ( array_merge( $field_ids['all'], $field_ids['extra'] ) as $field_id ) { 
  1309. $field = $this->fields[$field_id]; 
  1310.  
  1311. // Normalize the label into a slug. 
  1312. $field_slug = trim( // Strip all leading/trailing dashes. 
  1313. preg_replace( // Normalize everything to a-z0-9_- 
  1314. '/[^a-z0-9_]+/',  
  1315. '-',  
  1316. strtolower( $field->get_attribute( 'label' ) ) // Lowercase 
  1317. ),  
  1318. '-' 
  1319. ); 
  1320.  
  1321. $field_value = trim( $field->value ); 
  1322.  
  1323. // Skip any values that are already in the array we're sending. 
  1324. if ( $field_value && in_array( $field_value, $akismet_vars ) ) { 
  1325. continue; 
  1326.  
  1327. $akismet_vars[ 'contact_form_field_' . $field_slug ] = $field_value; 
  1328.  
  1329. $spam = ''; 
  1330. $akismet_values = $plugin->prepare_for_akismet( $akismet_vars ); 
  1331.  
  1332. // Is it spam? 
  1333. $is_spam = apply_filters( 'jetpack_contact_form_is_spam', false, $akismet_values ); 
  1334. if ( is_wp_error( $is_spam ) ) // WP_Error to abort 
  1335. return $is_spam; // abort 
  1336. elseif ( $is_spam === TRUE ) // TRUE to flag a spam 
  1337. $spam = '***SPAM*** '; 
  1338.  
  1339. if ( !$comment_author ) 
  1340. $comment_author = $comment_author_email; 
  1341.  
  1342. $to = (array) apply_filters( 'contact_form_to', $to ); 
  1343. foreach ( $to as $to_key => $to_value ) { 
  1344. $to[$to_key] = Grunion_Contact_Form_Plugin::strip_tags( $to_value ); 
  1345.  
  1346. $blog_url = parse_url( site_url() ); 
  1347. $from_email_addr = 'wordpress@' . $blog_url['host']; 
  1348.  
  1349. $reply_to_addr = $to[0]; 
  1350. if ( ! empty( $comment_author_email ) ) { 
  1351. $reply_to_addr = $comment_author_email; 
  1352.  
  1353. $headers = 'From: "' . $comment_author .'" <' . $from_email_addr . ">\r\n" . 
  1354. 'Reply-To: "' . $comment_author . '" <' . $reply_to_addr . ">\r\n" . 
  1355. "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\""; 
  1356.  
  1357. $subject = apply_filters( 'contact_form_subject', $contact_form_subject, $all_values ); 
  1358. $url = $widget ? home_url( '/' ) : get_permalink( $post->ID ); 
  1359.  
  1360. $date_time_format = _x( '%1$s \a\t %2$s', '{$date_format} \a\t {$time_format}', 'jetpack' ); 
  1361. $date_time_format = sprintf( $date_time_format, get_option( 'date_format' ), get_option( 'time_format' ) ); 
  1362. $time = date_i18n( $date_time_format, current_time( 'timestamp' ) ); 
  1363.  
  1364. // keep a copy of the feedback as a custom post type 
  1365. $feedback_time = current_time( 'mysql' ); 
  1366. $feedback_title = "{$comment_author} - {$feedback_time}"; 
  1367. $feedback_status = $is_spam === TRUE ? 'spam' : 'publish'; 
  1368.  
  1369. foreach ( (array) $akismet_values as $av_key => $av_value ) { 
  1370. $akismet_values[$av_key] = Grunion_Contact_Form_Plugin::strip_tags( $av_value ); 
  1371.  
  1372. foreach ( (array) $all_values as $all_key => $all_value ) { 
  1373. $all_values[$all_key] = Grunion_Contact_Form_Plugin::strip_tags( $all_value ); 
  1374.  
  1375. foreach ( (array) $extra_values as $ev_key => $ev_value ) { 
  1376. $extra_values[$ev_key] = Grunion_Contact_Form_Plugin::strip_tags( $ev_value ); 
  1377.  
  1378. /** We need to make sure that the post author is always zero for contact 
  1379. * form submissions. This prevents export/import from trying to create 
  1380. * new users based on form submissions from people who were logged in 
  1381. * at the time. 
  1382. * 
  1383. * Unfortunately wp_insert_post() tries very hard to make sure the post 
  1384. * author gets the currently logged in user id. That is how we ended up 
  1385. * with this work around. */ 
  1386. add_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 ); 
  1387.  
  1388. $post_id = wp_insert_post( array( 
  1389. 'post_date' => addslashes( $feedback_time ),  
  1390. 'post_type' => 'feedback',  
  1391. 'post_status' => addslashes( $feedback_status ),  
  1392. 'post_parent' => (int) $post->ID,  
  1393. 'post_title' => addslashes( wp_kses( $feedback_title, array() ) ),  
  1394. 'post_content' => addslashes( wp_kses( $comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$subject}\nIP: {$comment_author_IP}\n" . print_r( $all_values, TRUE ), array() ) ), // so that search will pick up this data 
  1395. 'post_name' => md5( $feedback_title ),  
  1396. ) ); 
  1397.  
  1398. // once insert has finished we don't need this filter any more 
  1399. remove_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 ); 
  1400.  
  1401. update_post_meta( $post_id, '_feedback_extra_fields', $this->addslashes_deep( $extra_values ) ); 
  1402. update_post_meta( $post_id, '_feedback_akismet_values', $this->addslashes_deep( $akismet_values ) ); 
  1403.  
  1404. $message = self::get_compiled_form( $post_id, $this ); 
  1405.  
  1406. array_push( 
  1407. $message,  
  1408. "", // Empty line left intentionally 
  1409. __( 'Time:', 'jetpack' ) . ' ' . $time,  
  1410. __( 'IP Address:', 'jetpack' ) . ' ' . $comment_author_IP,  
  1411. __( 'Contact Form URL:', 'jetpack' ) . " " . $url 
  1412. ); 
  1413.  
  1414. if ( is_user_logged_in() ) { 
  1415. array_push( 
  1416. $message,  
  1417. "",  
  1418. sprintf( 
  1419. __( 'Sent by a verified %s user.', 'jetpack' ),  
  1420. isset( $GLOBALS['current_site']->site_name ) && $GLOBALS['current_site']->site_name ? 
  1421. $GLOBALS['current_site']->site_name : '"' . get_option( 'blogname' ) . '"' 
  1422. ); 
  1423. } else { 
  1424. array_push( $message, __( 'Sent by an unverified visitor to your site.', 'jetpack' ) ); 
  1425.  
  1426. $message = join( $message, "\n" ); 
  1427. $message = apply_filters( 'contact_form_message', $message ); 
  1428. $message = Grunion_Contact_Form_Plugin::strip_tags( $message ); 
  1429.  
  1430. update_post_meta( $post_id, '_feedback_email', $this->addslashes_deep( compact( 'to', 'message' ) ) ); 
  1431.  
  1432. /** 
  1433. * Fires right before the contact form message is sent via email to 
  1434. * the recipient specified in the contact form. 
  1435. * 
  1436. * @since ? 
  1437. * @module Contact_Forms 
  1438. * @param integer $post_id Post contact form lives on 
  1439. * @param array $all_values Contact form fields 
  1440. * @param array $extra_values Contact form fields not included in $all_values 
  1441. **/ 
  1442. do_action( 'grunion_pre_message_sent', $post_id, $all_values, $extra_values ); 
  1443.  
  1444. // schedule deletes of old spam feedbacks 
  1445. if ( !wp_next_scheduled( 'grunion_scheduled_delete' ) ) { 
  1446. wp_schedule_event( time() + 250, 'daily', 'grunion_scheduled_delete' ); 
  1447.  
  1448. if ( $is_spam !== TRUE && true === apply_filters( 'grunion_should_send_email', true, $post_id ) ) { 
  1449. wp_mail( $to, "{$spam}{$subject}", $message, $headers ); 
  1450. } elseif ( true === $is_spam && apply_filters( 'grunion_still_email_spam', FALSE ) == TRUE ) { // don't send spam by default. Filterable. 
  1451. wp_mail( $to, "{$spam}{$subject}", $message, $headers ); 
  1452.  
  1453. if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { 
  1454. return self::success_message( $post_id, $this ); 
  1455.  
  1456. $redirect = wp_get_referer(); 
  1457. if ( !$redirect ) { // wp_get_referer() returns false if the referer is the same as the current page 
  1458. $redirect = $_SERVER['REQUEST_URI']; 
  1459.  
  1460. $redirect = add_query_arg( urlencode_deep( array( 
  1461. 'contact-form-id' => $id,  
  1462. 'contact-form-sent' => $post_id,  
  1463. '_wpnonce' => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :( 
  1464. ) ), $redirect ); 
  1465.  
  1466. $redirect = apply_filters( 'grunion_contact_form_redirect_url', $redirect, $id, $post_id ); 
  1467.  
  1468. wp_safe_redirect( $redirect ); 
  1469. exit; 
  1470.  
  1471. function addslashes_deep( $value ) { 
  1472. if ( is_array( $value ) ) { 
  1473. return array_map( array( $this, 'addslashes_deep' ), $value ); 
  1474. } elseif ( is_object( $value ) ) { 
  1475. $vars = get_object_vars( $value ); 
  1476. foreach ( $vars as $key => $data ) { 
  1477. $value->{$key} = $this->addslashes_deep( $data ); 
  1478. return $value; 
  1479.  
  1480. return addslashes( $value ); 
  1481.  
  1482. /** 
  1483. * Class for the contact-field shortcode. 
  1484. * Parses shortcode to output the contact form field as HTML. 
  1485. * Validates input. 
  1486. */ 
  1487. class Grunion_Contact_Form_Field extends Crunion_Contact_Form_Shortcode { 
  1488. public $shortcode_name = 'contact-field'; 
  1489.  
  1490. /** 
  1491. * @var Grunion_Contact_Form parent form 
  1492. */ 
  1493. public $form; 
  1494.  
  1495. /** 
  1496. * @var string default or POSTed value 
  1497. */ 
  1498. public $value; 
  1499.  
  1500. /** 
  1501. * @var bool Is the input invalid? 
  1502. */ 
  1503. public $error = false; 
  1504.  
  1505. /** 
  1506. * @param array $attributes An associative array of shortcode attributes. @see shortcode_atts() 
  1507. * @param null|string $content Null for selfclosing shortcodes. The inner content otherwise. 
  1508. * @param Grunion_Contact_Form $form The parent form 
  1509. */ 
  1510. function __construct( $attributes, $content = null, $form = null ) { 
  1511. $attributes = shortcode_atts( array( 
  1512. 'label' => null,  
  1513. 'type' => 'text',  
  1514. 'required' => false,  
  1515. 'options' => array(),  
  1516. 'id' => null,  
  1517. 'default' => null,  
  1518. 'placeholder' => null,  
  1519. ), $attributes, 'contact-field' ); 
  1520.  
  1521. // special default for subject field 
  1522. if ( 'subject' == $attributes['type'] && is_null( $attributes['default'] ) && !is_null( $form ) ) { 
  1523. $attributes['default'] = $form->get_attribute( 'subject' ); 
  1524.  
  1525. // allow required=1 or required=true 
  1526. if ( '1' == $attributes['required'] || 'true' == strtolower( $attributes['required'] ) ) 
  1527. $attributes['required'] = true; 
  1528. else 
  1529. $attributes['required'] = false; 
  1530.  
  1531. // parse out comma-separated options list (for selects and radios) 
  1532. if ( !empty( $attributes['options'] ) && is_string( $attributes['options'] ) ) { 
  1533. $attributes['options'] = array_map( 'trim', explode( ', ', $attributes['options'] ) ); 
  1534.  
  1535. if ( $form ) { 
  1536. // make a unique field ID based on the label, with an incrementing number if needed to avoid clashes 
  1537. $form_id = $form->get_attribute( 'id' ); 
  1538. $id = isset( $attributes['id'] ) ? $attributes['id'] : false; 
  1539.  
  1540. $unescaped_label = $this->unesc_attr( $attributes['label'] ); 
  1541. $unescaped_label = str_replace( '%', '-', $unescaped_label ); // jQuery doesn't like % in IDs? 
  1542. $unescaped_label = preg_replace( '/[^a-zA-Z0-9.-_:]/', '', $unescaped_label ); 
  1543.  
  1544. if ( empty( $id ) ) { 
  1545. $id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label ); 
  1546. $i = 0; 
  1547. $max_tries = 24; 
  1548. while ( isset( $form->fields[$id] ) ) { 
  1549. $i++; 
  1550. $id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label . '-' . $i ); 
  1551.  
  1552. if ( $i > $max_tries ) { 
  1553. break; 
  1554.  
  1555. $attributes['id'] = $id; 
  1556.  
  1557. parent::__construct( $attributes, $content ); 
  1558.  
  1559. // Store parent form 
  1560. $this->form = $form; 
  1561.  
  1562. /** 
  1563. * This field's input is invalid. Flag as invalid and add an error to the parent form 
  1564. * 
  1565. * @param string $message The error message to display on the form. 
  1566. */ 
  1567. function add_error( $message ) { 
  1568. $this->is_error = true; 
  1569.  
  1570. if ( !is_wp_error( $this->form->errors ) ) { 
  1571. $this->form->errors = new WP_Error; 
  1572.  
  1573. $this->form->errors->add( $this->get_attribute( 'id' ), $message ); 
  1574.  
  1575. /** 
  1576. * Is the field input invalid? 
  1577. * 
  1578. * @see $error 
  1579. * 
  1580. * @return bool 
  1581. */ 
  1582. function is_error() { 
  1583. return $this->error; 
  1584.  
  1585. /** 
  1586. * Validates the form input 
  1587. */ 
  1588. function validate() { 
  1589. // If it's not required, there's nothing to validate 
  1590. if ( !$this->get_attribute( 'required' ) ) { 
  1591. return; 
  1592.  
  1593. $field_id = $this->get_attribute( 'id' ); 
  1594. $field_type = $this->get_attribute( 'type' ); 
  1595. $field_label = $this->get_attribute( 'label' ); 
  1596.  
  1597. $field_value = isset( $_POST[$field_id] ) ? stripslashes( $_POST[$field_id] ) : ''; 
  1598.  
  1599. switch ( $field_type ) { 
  1600. case 'email' : 
  1601. // Make sure the email address is valid 
  1602. if ( !is_email( $field_value ) ) { 
  1603. $this->add_error( sprintf( __( '%s requires a valid email address', 'jetpack' ), $field_label ) ); 
  1604. break; 
  1605. default : 
  1606. // Just check for presence of any text 
  1607. if ( !strlen( trim( $field_value ) ) ) { 
  1608. $this->add_error( sprintf( __( '%s is required', 'jetpack' ), $field_label ) ); 
  1609.  
  1610. /** 
  1611. * Outputs the HTML for this form field 
  1612. * 
  1613. * @return string HTML 
  1614. */ 
  1615. function render() { 
  1616. global $current_user, $user_identity; 
  1617.  
  1618. $r = ''; 
  1619.  
  1620. $field_id = $this->get_attribute( 'id' ); 
  1621. $field_type = $this->get_attribute( 'type' ); 
  1622. $field_label = $this->get_attribute( 'label' ); 
  1623. $field_required = $this->get_attribute( 'required' ); 
  1624. $placeholder = $this->get_attribute( 'placeholder' ); 
  1625. $field_placeholder = ( ! empty( $placeholder ) ) ? "placeholder='" . esc_attr( $placeholder ) . "'" : ''; 
  1626.  
  1627. if ( isset( $_POST[$field_id] ) ) { 
  1628. $this->value = stripslashes( (string) $_POST[$field_id] ); 
  1629. } elseif ( 
  1630. is_user_logged_in() 
  1631. && ( ( defined( 'IS_WPCOM' ) && IS_WPCOM ) 
  1632. || true === apply_filters( 'jetpack_auto_fill_logged_in_user', false ) 
  1633. ) { 
  1634. // Special defaults for logged-in users 
  1635. switch ( $this->get_attribute( 'type' ) ) { 
  1636. case 'email' : 
  1637. $this->value = $current_user->data->user_email; 
  1638. break; 
  1639. case 'name' : 
  1640. $this->value = $user_identity; 
  1641. break; 
  1642. case 'url' : 
  1643. $this->value = $current_user->data->user_url; 
  1644. break; 
  1645. default : 
  1646. $this->value = $this->get_attribute( 'default' ); 
  1647. } else { 
  1648. $this->value = $this->get_attribute( 'default' ); 
  1649.  
  1650. $field_value = Grunion_Contact_Form_Plugin::strip_tags( $this->value ); 
  1651. $field_label = Grunion_Contact_Form_Plugin::strip_tags( $field_label ); 
  1652.  
  1653. switch ( $field_type ) { 
  1654. case 'email' : 
  1655. $r .= "\n<div>\n"; 
  1656. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label email" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1657. $r .= "\t\t<input type='email' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='email' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1658. $r .= "\t</div>\n"; 
  1659. break; 
  1660. case 'telephone' : 
  1661. $r .= "\n<div>\n"; 
  1662. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label telephone" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1663. $r .= "\t\t<input type='tel' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='telephone' " . $field_placeholder . "/>\n"; 
  1664. case 'textarea' : 
  1665. $r .= "\n<div>\n"; 
  1666. $r .= "\t\t<label for='contact-form-comment-" . esc_attr( $field_id ) . "' class='grunion-field-label textarea" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1667. $r .= "\t\t<textarea name='" . esc_attr( $field_id ) . "' id='contact-form-comment-" . esc_attr( $field_id ) . "' rows='20' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . ">" . esc_textarea( $field_value ) . "</textarea>\n"; 
  1668. $r .= "\t</div>\n"; 
  1669. break; 
  1670. case 'radio' : 
  1671. $r .= "\t<div><label class='grunion-field-label" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1672. foreach ( $this->get_attribute( 'options' ) as $option ) { 
  1673. $option = Grunion_Contact_Form_Plugin::strip_tags( $option ); 
  1674. $r .= "\t\t<label class='grunion-radio-label radio" . ( $this->is_error() ? ' form-error' : '' ) . "'>"; 
  1675. $r .= "<input type='radio' name='" . esc_attr( $field_id ) . "' value='" . esc_attr( $option ) . "' class='radio' " . checked( $option, $field_value, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> "; 
  1676. $r .= esc_html( $option ) . "</label>\n"; 
  1677. $r .= "\t\t<div class='clear-form'></div>\n"; 
  1678. $r .= "\t\t</div>\n"; 
  1679. break; 
  1680. case 'checkbox' : 
  1681. $r .= "\t<div>\n"; 
  1682. $r .= "\t\t<label class='grunion-field-label checkbox" . ( $this->is_error() ? ' form-error' : '' ) . "'>\n"; 
  1683. $r .= "\t\t<input type='checkbox' name='" . esc_attr( $field_id ) . "' value='" . esc_attr__( 'Yes', 'jetpack' ) . "' class='checkbox' " . checked( (bool) $field_value, true, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> \n"; 
  1684. $r .= "\t\t" . esc_html( $field_label ) . ( $field_required ? '<span>'. __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1685. $r .= "\t\t<div class='clear-form'></div>\n"; 
  1686. $r .= "\t</div>\n"; 
  1687. break; 
  1688. case 'select' : 
  1689. $r .= "\n<div>\n"; 
  1690. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label select" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>'. __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1691. $r .= "\t<select name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' class='select' " . ( $field_required ? "required aria-required='true'" : "" ) . ">\n"; 
  1692. foreach ( $this->get_attribute( 'options' ) as $option ) { 
  1693. $option = Grunion_Contact_Form_Plugin::strip_tags( $option ); 
  1694. $r .= "\t\t<option" . selected( $option, $field_value, false ) . ">" . esc_html( $option ) . "</option>\n"; 
  1695. $r .= "\t</select>\n"; 
  1696. $r .= "\t</div>\n"; 
  1697. break; 
  1698. case 'date' : 
  1699. $r .= "\n<div>\n"; 
  1700. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1701. $r .= "\t\t<input type='date' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1702. $r .= "\t</div>\n"; 
  1703.  
  1704. wp_enqueue_script( 'grunion-frontend', plugins_url( 'js/grunion-frontend.js', __FILE__ ), array( 'jquery', 'jquery-ui-datepicker' ) ); 
  1705. break; 
  1706. default : // text field 
  1707. // note that any unknown types will produce a text input, so we can use arbitrary type names to handle 
  1708. // input fields like name, email, url that require special validation or handling at POST 
  1709. $r .= "\n<div>\n"; 
  1710. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1711. $r .= "\t\t<input type='text' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1712. $r .= "\t</div>\n"; 
  1713.  
  1714. return apply_filters( 'grunion_contact_form_field_html', $r, $field_label, ( in_the_loop() ? get_the_ID() : null ) ); 
  1715.  
  1716. add_action( 'init', array( 'Grunion_Contact_Form_Plugin', 'init' ) ); 
  1717.  
  1718. add_action( 'grunion_scheduled_delete', 'grunion_delete_old_spam' ); 
  1719.  
  1720. /** 
  1721. * Deletes old spam feedbacks to keep the posts table size under control 
  1722. */ 
  1723. function grunion_delete_old_spam() { 
  1724. global $wpdb; 
  1725.  
  1726. $grunion_delete_limit = 100; 
  1727.  
  1728. $now_gmt = current_time( 'mysql', 1 ); 
  1729. $sql = $wpdb->prepare( " 
  1730. SELECT `ID` 
  1731. FROM $wpdb->posts 
  1732. WHERE DATE_SUB( %s, INTERVAL 15 DAY ) > `post_date_gmt` 
  1733. AND `post_type` = 'feedback' 
  1734. AND `post_status` = 'spam' 
  1735. LIMIT %d 
  1736. ", $now_gmt, $grunion_delete_limit ); 
  1737. $post_ids = $wpdb->get_col( $sql ); 
  1738.  
  1739. foreach ( (array) $post_ids as $post_id ) { 
  1740. # force a full delete, skip the trash 
  1741. wp_delete_post( $post_id, TRUE ); 
  1742.  
  1743. # Arbitrary check points for running OPTIMIZE 
  1744. # nothing special about 5000 or 11 
  1745. # just trying to periodically recover deleted rows 
  1746. $random_num = mt_rand( 1, 5000 ); 
  1747. if ( apply_filters( 'grunion_optimize_table', ( $random_num == 11 ) ) ) { 
  1748. $wpdb->query( "OPTIMIZE TABLE $wpdb->posts" ); 
  1749.  
  1750. # if we hit the max then schedule another run 
  1751. if ( count( $post_ids ) >= $grunion_delete_limit ) { 
  1752. wp_schedule_single_event( time() + 700, 'grunion_scheduled_delete' ); 
.