/modules/contact-form/grunion-contact-form.php

  1. <?php 
  2.  
  3. /** 
  4. Plugin Name: Grunion Contact Form 
  5. Description: Add a contact form to any post, page or text widget. Emails will be sent to the post's author by default, or any email address you choose. As seen on WordPress.com. 
  6. Plugin URI: http://automattic.com/# 
  7. AUthor: Automattic, Inc. 
  8. Author URI: http://automattic.com/ 
  9. Version: 2.4 
  10. License: GPLv2 or later 
  11. */ 
  12.  
  13. define( 'GRUNION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); 
  14. define( 'GRUNION_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); 
  15.  
  16. if ( is_admin() ) 
  17. require_once GRUNION_PLUGIN_DIR . '/admin.php'; 
  18.  
  19. /** 
  20. * Sets up various actions, filters, post types, post statuses, shortcodes. 
  21. */ 
  22. class Grunion_Contact_Form_Plugin { 
  23.  
  24. /** 
  25. * @var string The Widget ID of the widget currently being processed. Used to build the unique contact-form ID for forms embedded in widgets. 
  26. */ 
  27. public $current_widget_id; 
  28.  
  29. static $using_contact_form_field = false; 
  30.  
  31. static function init() { 
  32. static $instance = false; 
  33.  
  34. if ( !$instance ) { 
  35. $instance = new Grunion_Contact_Form_Plugin; 
  36.  
  37. return $instance; 
  38.  
  39. /** 
  40. * Strips HTML tags from input. Output is NOT HTML safe. 
  41. * 
  42. * @param mixed $data_with_tags 
  43. * @return mixed 
  44. */ 
  45. public static function strip_tags( $data_with_tags ) { 
  46. if ( is_array( $data_with_tags ) ) { 
  47. foreach ( $data_with_tags as $index => $value ) { 
  48. $index = sanitize_text_field( strval( $index ) ); 
  49. $value = wp_kses( strval( $value ), array() ); 
  50. $value = str_replace( '&', '&', $value ); // undo damage done by wp_kses_normalize_entities() 
  51.  
  52. $data_without_tags[ $index ] = $value; 
  53. } else { 
  54. $data_without_tags = wp_kses( $data_with_tags, array() ); 
  55. $data_without_tags = str_replace( '&', '&', $data_without_tags ); // undo damage done by wp_kses_normalize_entities() 
  56.  
  57. return $data_without_tags; 
  58.  
  59. function __construct() { 
  60. $this->add_shortcode(); 
  61.  
  62. // While generating the output of a text widget with a contact-form shortcode, we need to know its widget ID. 
  63. add_action( 'dynamic_sidebar', array( $this, 'track_current_widget' ) ); 
  64.  
  65. // Add a "widget" shortcode attribute to all contact-form shortcodes embedded in widgets 
  66. add_filter( 'widget_text', array( $this, 'widget_atts' ), 0 ); 
  67.  
  68. // If Text Widgets don't get shortcode processed, hack ours into place. 
  69. if ( !has_filter( 'widget_text', 'do_shortcode' ) ) 
  70. add_filter( 'widget_text', array( $this, 'widget_shortcode_hack' ), 5 ); 
  71.  
  72. // Akismet to the rescue 
  73. if ( defined( 'AKISMET_VERSION' ) || function_exists( 'akismet_http_post' ) ) { 
  74. add_filter( 'jetpack_contact_form_is_spam', array( $this, 'is_spam_akismet' ), 10, 2 ); 
  75. add_action( 'contact_form_akismet', array( $this, 'akismet_submit' ), 10, 2 ); 
  76.  
  77. add_action( 'loop_start', array( 'Grunion_Contact_Form', '_style_on' ) ); 
  78.  
  79. add_action( 'wp_ajax_grunion-contact-form', array( $this, 'ajax_request' ) ); 
  80. add_action( 'wp_ajax_nopriv_grunion-contact-form', array( $this, 'ajax_request' ) ); 
  81.  
  82. // Export to CSV feature 
  83. if ( is_admin() ) { 
  84. add_action( 'admin_init', array( $this, 'download_feedback_as_csv' ) ); 
  85. add_action( 'admin_footer-edit.php', array( $this, 'export_form' ) ); 
  86.  
  87. // custom post type we'll use to keep copies of the feedback items 
  88. register_post_type( 'feedback', array( 
  89. 'labels' => array( 
  90. 'name' => __( 'Feedback', 'jetpack' ),  
  91. 'singular_name' => __( 'Feedback', 'jetpack' ),  
  92. 'search_items' => __( 'Search Feedback', 'jetpack' ),  
  93. 'not_found' => __( 'No feedback found', 'jetpack' ),  
  94. 'not_found_in_trash' => __( 'No feedback found', 'jetpack' ) 
  95. ),  
  96. 'menu_icon' => GRUNION_PLUGIN_URL . '/images/grunion-menu.png',  
  97. 'show_ui' => TRUE,  
  98. 'show_in_admin_bar' => FALSE,  
  99. 'public' => FALSE,  
  100. 'rewrite' => FALSE,  
  101. 'query_var' => FALSE,  
  102. 'capability_type' => 'page' 
  103. ) ); 
  104.  
  105. // Add to REST API post type whitelist 
  106. add_filter( 'rest_api_allowed_post_types', array( $this, 'allow_feedback_rest_api_type' ) ); 
  107.  
  108. // Add "spam" as a post status 
  109. register_post_status( 'spam', array( 
  110. 'label' => 'Spam',  
  111. 'public' => FALSE,  
  112. 'exclude_from_search' => TRUE,  
  113. 'show_in_admin_all_list' => FALSE,  
  114. 'label_count' => _n_noop( 'Spam <span class="count">(%s)</span>', 'Spam <span class="count">(%s)</span>', 'jetpack' ),  
  115. 'protected' => TRUE,  
  116. '_builtin' => FALSE 
  117. ) ); 
  118.  
  119. // POST handler 
  120. if ( 
  121. isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) 
  122. && 
  123. isset( $_POST['action'] ) && 'grunion-contact-form' == $_POST['action'] 
  124. && 
  125. isset( $_POST['contact-form-id'] ) 
  126. ) { 
  127. add_action( 'template_redirect', array( $this, 'process_form_submission' ) ); 
  128.  
  129. /** Can be dequeued by placing the following in wp-content/themes/yourtheme/functions.php 
  130. * 
  131. * function remove_grunion_style() { 
  132. * wp_deregister_style('grunion.css'); 
  133. * } 
  134. * add_action('wp_print_styles', 'remove_grunion_style'); 
  135. */ 
  136. if( is_rtl() ) { 
  137. wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/rtl/grunion-rtl.css', array(), JETPACK__VERSION ); 
  138. } else { 
  139. wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/grunion.css', array(), JETPACK__VERSION ); 
  140.  
  141. /** 
  142. * Add to REST API post type whitelist 
  143. */ 
  144. function allow_feedback_rest_api_type( $post_types ) { 
  145. $post_types[] = 'feedback'; 
  146. return $post_types; 
  147.  
  148. /** 
  149. * Handles all contact-form POST submissions 
  150. * 
  151. * Conditionally attached to `template_redirect` 
  152. */ 
  153. function process_form_submission() { 
  154. // Add a filter to replace tokens in the subject field with sanitized field values 
  155. add_filter( 'contact_form_subject', array( $this, 'replace_tokens_with_input' ), 10, 2 ); 
  156.  
  157. $id = stripslashes( $_POST['contact-form-id'] ); 
  158.  
  159. if ( is_user_logged_in() ) { 
  160. check_admin_referer( "contact-form_{$id}" ); 
  161.  
  162. $is_widget = 0 === strpos( $id, 'widget-' ); 
  163.  
  164. $form = false; 
  165.  
  166. if ( $is_widget ) { 
  167. // It's a form embedded in a text widget 
  168.  
  169. $this->current_widget_id = substr( $id, 7 ); // remove "widget-" 
  170. $widget_type = implode( '-', array_slice( explode( '-', $this->current_widget_id ), 0, -1 ) ); // Remove trailing -# 
  171.  
  172. // Is the widget active? 
  173. $sidebar = is_active_widget( false, $this->current_widget_id, $widget_type ); 
  174.  
  175. // This is lame - no core API for getting a widget by ID 
  176. $widget = isset( $GLOBALS['wp_registered_widgets'][$this->current_widget_id] ) ? $GLOBALS['wp_registered_widgets'][$this->current_widget_id] : false; 
  177.  
  178. if ( $sidebar && $widget && isset( $widget['callback'] ) ) { 
  179. // This is lamer - no API for outputting a given widget by ID 
  180. ob_start(); 
  181. // Process the widget to populate Grunion_Contact_Form::$last 
  182. call_user_func( $widget['callback'], array(), $widget['params'][0] ); 
  183. ob_end_clean(); 
  184. } else { 
  185. // It's a form embedded in a post 
  186.  
  187. $post = get_post( $id ); 
  188.  
  189. // Process the content to populate Grunion_Contact_Form::$last 
  190. /** This filter is already documented in core. wp-includes/post-template.php */ 
  191. apply_filters( 'the_content', $post->post_content ); 
  192.  
  193. $form = Grunion_Contact_Form::$last; 
  194.  
  195. // No form may mean user is using do_shortcode, grab the form using the stored post meta 
  196. if ( ! $form ) { 
  197.  
  198. // Get shortcode from post meta 
  199. $shortcode = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode', true ); 
  200.  
  201. // Format it 
  202. if ( $shortcode != '' ) { 
  203. $shortcode = '[contact-form]' . $shortcode . '[/contact-form]'; 
  204. do_shortcode( $shortcode ); 
  205.  
  206. // Recreate form 
  207. $form = Grunion_Contact_Form::$last; 
  208.  
  209. if ( ! $form ) { 
  210. return false; 
  211.  
  212. if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() ) 
  213. return $form->errors; 
  214.  
  215. // Process the form 
  216. return $form->process_submission(); 
  217.  
  218. function ajax_request() { 
  219. $submission_result = self::process_form_submission(); 
  220.  
  221. if ( ! $submission_result ) { 
  222. header( "HTTP/1.1 500 Server Error", 500, true ); 
  223. echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">'; 
  224. esc_html_e( 'An error occurred. Please try again later.', 'jetpack' ); 
  225. echo '</li></ul></div>'; 
  226. } elseif ( is_wp_error( $submission_result ) ) { 
  227. header( "HTTP/1.1 400 Bad Request", 403, true ); 
  228. echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">'; 
  229. echo esc_html( $submission_result->get_error_message() ); 
  230. echo '</li></ul></div>'; 
  231. } else { 
  232. echo '<h3>' . esc_html__( 'Message Sent', 'jetpack' ) . '</h3>' . $submission_result; 
  233.  
  234. die; 
  235.  
  236. /** 
  237. * Ensure the post author is always zero for contact-form feedbacks 
  238. * Attached to `wp_insert_post_data` 
  239. * 
  240. * @see Grunion_Contact_Form::process_submission() 
  241. * 
  242. * @param array $data the data to insert 
  243. * @param array $postarr the data sent to wp_insert_post() 
  244. * @return array The filtered $data to insert 
  245. */ 
  246. function insert_feedback_filter( $data, $postarr ) { 
  247. if ( $data['post_type'] == 'feedback' && $postarr['post_type'] == 'feedback' ) { 
  248. $data['post_author'] = 0; 
  249.  
  250. return $data; 
  251. /** 
  252. * Adds our contact-form shortcode 
  253. * The "child" contact-field shortcode is enabled as needed by the contact-form shortcode handler 
  254. */ 
  255. function add_shortcode() { 
  256. add_shortcode( 'contact-form', array( 'Grunion_Contact_Form', 'parse' ) ); 
  257. add_shortcode( 'contact-field', array( 'Grunion_Contact_Form', 'parse_contact_field' ) ); 
  258.  
  259. static function tokenize_label( $label ) { 
  260. return '{' . trim( preg_replace( '#^\d+_#', '', $label ) ) . '}'; 
  261.  
  262. static function sanitize_value( $value ) { 
  263. return preg_replace( '=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value ); 
  264.  
  265. /** 
  266. * Replaces tokens like {city} or {City} (case insensitive) with the value 
  267. * of an input field of that name 
  268. * 
  269. * @param string $subject 
  270. * @param array $field_values Array with field label => field value associations 
  271. * 
  272. * @return string The filtered $subject with the tokens replaced 
  273. */ 
  274. function replace_tokens_with_input( $subject, $field_values ) { 
  275. // Wrap labels into tokens (inside {}) 
  276. $wrapped_labels = array_map( array( 'Grunion_Contact_Form_Plugin', 'tokenize_label' ), array_keys( $field_values ) ); 
  277. // Sanitize all values 
  278. $sanitized_values = array_map( array( 'Grunion_Contact_Form_Plugin', 'sanitize_value' ), array_values( $field_values ) ); 
  279.  
  280. foreach ( $sanitized_values as $k => $sanitized_value ) { 
  281. if ( is_array( $sanitized_value ) ) { 
  282. $sanitized_values[ $k ] = implode( ', ', $sanitized_value ); 
  283.  
  284. // Search for all valid tokens (based on existing fields) and replace with the field's value 
  285. $subject = str_ireplace( $wrapped_labels, $sanitized_values, $subject ); 
  286. return $subject; 
  287.  
  288. /** 
  289. * Tracks the widget currently being processed. 
  290. * Attached to `dynamic_sidebar` 
  291. * 
  292. * @see $current_widget_id 
  293. * 
  294. * @param array $widget The widget data 
  295. */ 
  296. function track_current_widget( $widget ) { 
  297. $this->current_widget_id = $widget['id']; 
  298.  
  299. /** 
  300. * Adds a "widget" attribute to every contact-form embedded in a text widget. 
  301. * Used to tell the difference between post-embedded contact-forms and widget-embedded contact-forms 
  302. * Attached to `widget_text` 
  303. * 
  304. * @param string $text The widget text 
  305. * @return string The filtered widget text 
  306. */ 
  307. function widget_atts( $text ) { 
  308. Grunion_Contact_Form::style( true ); 
  309.  
  310. return preg_replace( '/\[contact-form([^a-zA-Z_-])/', '[contact-form widget="' . $this->current_widget_id . '"\\1', $text ); 
  311.  
  312. /** 
  313. * For sites where text widgets are not processed for shortcodes, we add this hack to process just our shortcode 
  314. * Attached to `widget_text` 
  315. * 
  316. * @param string $text The widget text 
  317. * @return string The contact-form filtered widget text 
  318. */ 
  319. function widget_shortcode_hack( $text ) { 
  320. if ( !preg_match( '/\[contact-form([^a-zA-Z_-])/', $text ) ) { 
  321. return $text; 
  322.  
  323. $old = $GLOBALS['shortcode_tags']; 
  324. remove_all_shortcodes(); 
  325. Grunion_Contact_Form_Plugin::$using_contact_form_field = true; 
  326. $this->add_shortcode(); 
  327.  
  328. $text = do_shortcode( $text ); 
  329.  
  330. Grunion_Contact_Form_Plugin::$using_contact_form_field = false; 
  331. $GLOBALS['shortcode_tags'] = $old; 
  332.  
  333. return $text; 
  334.  
  335. /** 
  336. * Populate an array with all values necessary to submit a NEW contact-form feedback to Akismet. 
  337. * Note that this includes the current user_ip etc, so this should only be called when accepting a new item via $_POST 
  338. * 
  339. * @param array $form Contact form feedback array 
  340. * @return array feedback array with additional data ready for submission to Akismet 
  341. */ 
  342. function prepare_for_akismet( $form ) { 
  343. $form['comment_type'] = 'contact_form'; 
  344. $form['user_ip'] = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] ); 
  345. $form['user_agent'] = $_SERVER['HTTP_USER_AGENT']; 
  346. $form['referrer'] = $_SERVER['HTTP_REFERER']; 
  347. $form['blog'] = get_option( 'home' ); 
  348.  
  349. $ignore = array( 'HTTP_COOKIE' ); 
  350.  
  351. foreach ( $_SERVER as $k => $value ) 
  352. if ( !in_array( $k, $ignore ) && is_string( $value ) ) 
  353. $form["$k"] = $value; 
  354.  
  355. return $form; 
  356.  
  357. /** 
  358. * Submit contact-form data to Akismet to check for spam. 
  359. * If you're accepting a new item via $_POST, run it Grunion_Contact_Form_Plugin::prepare_for_akismet() first 
  360. * Attached to `jetpack_contact_form_is_spam` 
  361. * 
  362. * @param bool $is_spam 
  363. * @param array $form 
  364. * @return bool|WP_Error TRUE => spam, FALSE => not spam, WP_Error => stop processing entirely 
  365. */ 
  366. function is_spam_akismet( $is_spam, $form = array() ) { 
  367. global $akismet_api_host, $akismet_api_port; 
  368.  
  369. // The signature of this function changed from accepting just $form. 
  370. // If something only sends an array, assume it's still using the old 
  371. // signature and work around it. 
  372. if ( empty( $form ) && is_array( $is_spam ) ) { 
  373. $form = $is_spam; 
  374. $is_spam = false; 
  375.  
  376. // If a previous filter has alrady marked this as spam, trust that and move on. 
  377. if ( $is_spam ) { 
  378. return $is_spam; 
  379.  
  380. if ( !function_exists( 'akismet_http_post' ) && !defined( 'AKISMET_VERSION' ) ) 
  381. return false; 
  382.  
  383. $query_string = http_build_query( $form ); 
  384.  
  385. if ( method_exists( 'Akismet', 'http_post' ) ) { 
  386. $response = Akismet::http_post( $query_string, 'comment-check' ); 
  387. } else { 
  388. $response = akismet_http_post( $query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port ); 
  389.  
  390. $result = false; 
  391.  
  392. if ( isset( $response[0]['x-akismet-pro-tip'] ) && 'discard' === trim( $response[0]['x-akismet-pro-tip'] ) && get_option( 'akismet_strictness' ) === '1' ) 
  393. $result = new WP_Error( 'feedback-discarded', __('Feedback discarded.', 'jetpack' ) ); 
  394. elseif ( isset( $response[1] ) && 'true' == trim( $response[1] ) ) // 'true' is spam 
  395. $result = true; 
  396.  
  397. /** 
  398. * Filter the results returned by Akismet for each submitted contact form. 
  399. * 
  400. * @module contact-form 
  401. * 
  402. * @since 1.3.1 
  403. * 
  404. * @param WP_Error|bool $result Is the submitted feedback spam. 
  405. * @param array|bool $form Submitted feedback. 
  406. */ 
  407. return apply_filters( 'contact_form_is_spam_akismet', $result, $form ); 
  408.  
  409. /** 
  410. * Submit a feedback as either spam or ham 
  411. * 
  412. * @param string $as Either 'spam' or 'ham'. 
  413. * @param array $form the contact-form data 
  414. */ 
  415. function akismet_submit( $as, $form ) { 
  416. global $akismet_api_host, $akismet_api_port; 
  417.  
  418. if ( !in_array( $as, array( 'ham', 'spam' ) ) ) 
  419. return false; 
  420.  
  421. $query_string = ''; 
  422. if ( is_array( $form ) ) 
  423. $query_string = http_build_query( $form ); 
  424. if ( method_exists( 'Akismet', 'http_post' ) ) { 
  425. $response = Akismet::http_post( $query_string, "submit-{$as}" ); 
  426. } else { 
  427. $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port ); 
  428.  
  429. return trim( $response[1] ); 
  430.  
  431. /** 
  432. * Prints the menu 
  433. */ 
  434. function export_form() { 
  435. if ( get_current_screen()->id != 'edit-feedback' ) 
  436. return; 
  437.  
  438. if ( ! current_user_can( 'export' ) ) { 
  439. return; 
  440.  
  441. // if there aren't any feedbacks, bail out 
  442. if ( ! (int) wp_count_posts( 'feedback' )->publish ) 
  443. return; 
  444. ?> 
  445.  
  446. <div id="feedback-export" style="display:none"> 
  447. <h2><?php _e( 'Export feedback as CSV', 'jetpack' ) ?></h2> 
  448. <div class="clear"></div> 
  449. <form action="<?php echo admin_url( 'admin-post.php' ); ?>" method="post" class="form"> 
  450. <?php wp_nonce_field( 'feedback_export', 'feedback_export_nonce' ); ?> 
  451.  
  452. <input name="action" value="feedback_export" type="hidden"> 
  453. <label for="post"><?php _e( 'Select feedback to download', 'jetpack' ) ?></label> 
  454. <select name="post"> 
  455. <option value="all"><?php esc_html_e( 'All posts', 'jetpack' ) ?></option> 
  456. <?php echo $this->get_feedbacks_as_options() ?> 
  457. </select> 
  458.  
  459. <br><br> 
  460. <input type="submit" name="submit" id="submit" class="button button-primary" value="<?php esc_html_e( 'Download', 'jetpack' ); ?>"> 
  461. </form> 
  462. </div> 
  463.  
  464. <?php 
  465. // There aren't any usable actions in core to output the "export feedback" form in the correct place,  
  466. // so this inline JS moves it from the top of the page to the bottom. 
  467. ?> 
  468. <script type='text/javascript'> 
  469. var menu = document.getElementById( 'feedback-export' ),  
  470. wrapper = document.getElementsByClassName( 'wrap' )[0]; 
  471. wrapper.appendChild(menu); 
  472. menu.style.display = 'block'; 
  473. </script> 
  474. <?php 
  475.  
  476. /** 
  477. * download as a csv a contact form or all of them in a csv file 
  478. */ 
  479. function download_feedback_as_csv() { 
  480. if ( empty( $_POST['feedback_export_nonce'] ) ) 
  481. return; 
  482.  
  483. check_admin_referer( 'feedback_export', 'feedback_export_nonce' ); 
  484.  
  485. if ( ! current_user_can( 'export' ) ) { 
  486. return; 
  487.  
  488. $args = array( 
  489. 'posts_per_page' => -1,  
  490. 'post_type' => 'feedback',  
  491. 'post_status' => 'publish',  
  492. 'order' => 'ASC',  
  493. 'fields' => 'ids',  
  494. 'suppress_filters' => false,  
  495. ); 
  496.  
  497. $filename = date( "Y-m-d" ) . '-feedback-export.csv'; 
  498.  
  499. // Check if we want to download all the feedbacks or just a certain contact form 
  500. if ( ! empty( $_POST['post'] ) && $_POST['post'] !== 'all' ) { 
  501. $args['post_parent'] = (int) $_POST['post']; 
  502. $filename = date( "Y-m-d" ) . '-' . str_replace( ' ', '-', get_the_title( (int) $_POST['post'] ) ) . '.csv'; 
  503.  
  504. $feedbacks = get_posts( $args ); 
  505. $filename = sanitize_file_name( $filename ); 
  506. $fields = $this->get_field_names( $feedbacks ); 
  507.  
  508. array_unshift( $fields, __( 'Contact Form', 'jetpack' ) ); 
  509.  
  510. if ( empty( $feedbacks ) ) 
  511. return; 
  512.  
  513. // Forces the download of the CSV instead of echoing 
  514. header( 'Content-Disposition: attachment; filename=' . $filename ); 
  515. header( 'Pragma: no-cache' ); 
  516. header( 'Expires: 0' ); 
  517. header( 'Content-Type: text/csv; charset=utf-8' ); 
  518.  
  519. $output = fopen( 'php://output', 'w' ); 
  520.  
  521. // Prints the header 
  522. fputcsv( $output, $fields ); 
  523.  
  524. // Create the csv string from the array of post ids 
  525. foreach ( $feedbacks as $feedback ) { 
  526. fputcsv( $output, self::make_csv_row_from_feedback( $feedback, $fields ) ); 
  527.  
  528. fclose( $output ); 
  529.  
  530. /** 
  531. * Returns a string of HTML <option> items from an array of posts 
  532. * 
  533. * @return string a string of HTML <option> items 
  534. */ 
  535. protected function get_feedbacks_as_options() { 
  536. $options = ''; 
  537.  
  538. // Get the feedbacks' parents' post IDs 
  539. $feedbacks = get_posts( array( 
  540. 'fields' => 'id=>parent',  
  541. 'posts_per_page' => 100000,  
  542. 'post_type' => 'feedback',  
  543. 'post_status' => 'publish',  
  544. 'suppress_filters' => false,  
  545. ) ); 
  546. $parents = array_unique( array_values( $feedbacks ) ); 
  547.  
  548. $posts = get_posts( array( 
  549. 'orderby' => 'ID',  
  550. 'posts_per_page' => 1000,  
  551. 'post_type' => 'any',  
  552. 'post__in' => array_values( $parents ),  
  553. 'suppress_filters' => false,  
  554. ) ); 
  555.  
  556. // creates the string of <option> elements 
  557. foreach ( $posts as $post ) { 
  558. $options .= sprintf( '<option value="%s">%s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) ); 
  559.  
  560. return $options; 
  561.  
  562. /** 
  563. * Get the names of all the form's fields 
  564. * 
  565. * @param array|int $posts the post we want the fields of 
  566. * @return array the array of fields 
  567. */ 
  568. protected function get_field_names( $posts ) { 
  569. $posts = (array) $posts; 
  570. $all_fields = array(); 
  571.  
  572. foreach ( $posts as $post ) { 
  573. $fields = self::parse_fields_from_content( $post ); 
  574.  
  575. if ( isset( $fields['_feedback_all_fields'] ) ) { 
  576. $extra_fields = array_keys( $fields['_feedback_all_fields'] ); 
  577. $all_fields = array_merge( $all_fields, $extra_fields ); 
  578.  
  579. $all_fields = array_unique( $all_fields ); 
  580. return $all_fields; 
  581.  
  582. public static function parse_fields_from_content( $post_id ) { 
  583. static $post_fields; 
  584.  
  585. if ( !is_array( $post_fields ) ) 
  586. $post_fields = array(); 
  587.  
  588. if ( isset( $post_fields[$post_id] ) ) 
  589. return $post_fields[$post_id]; 
  590.  
  591. $all_values = array(); 
  592. $post_content = get_post_field( 'post_content', $post_id ); 
  593. $content = explode( '<!--more-->', $post_content ); 
  594. $lines = array(); 
  595.  
  596. if ( count( $content ) > 1 ) { 
  597. $content = str_ireplace( array( '<br />', ')</p>' ), '', $content[1] ); 
  598. $one_line = preg_replace( '/\s+/', ' ', $content ); 
  599. $one_line = preg_replace( '/.*Array \( (.*)\)/', '$1', $one_line ); 
  600.  
  601. preg_match_all( '/\[([^\]]+)\] =\>\; ([^\[]+)/', $one_line, $matches ); 
  602.  
  603. if ( count( $matches ) > 1 ) 
  604. $all_values = array_combine( array_map('trim', $matches[1]), array_map('trim', $matches[2]) ); 
  605.  
  606. $lines = array_filter( explode( "\n", $content ) ); 
  607.  
  608. $var_map = array( 
  609. 'AUTHOR' => '_feedback_author',  
  610. 'AUTHOR EMAIL' => '_feedback_author_email',  
  611. 'AUTHOR URL' => '_feedback_author_url',  
  612. 'SUBJECT' => '_feedback_subject',  
  613. 'IP' => '_feedback_ip' 
  614. ); 
  615.  
  616. $fields = array(); 
  617.  
  618. foreach( $lines as $line ) { 
  619. $vars = explode( ': ', $line, 2 ); 
  620. if ( !empty( $vars ) ) { 
  621. if ( isset( $var_map[$vars[0]] ) ) { 
  622. $fields[$var_map[$vars[0]]] = self::strip_tags( trim( $vars[1] ) ); 
  623.  
  624. $fields['_feedback_all_fields'] = $all_values; 
  625.  
  626. $post_fields[$post_id] = $fields; 
  627.  
  628. return $fields; 
  629.  
  630. /** 
  631. * Creates a valid csv row from a post id 
  632. * 
  633. * @param int $post_id The id of the post 
  634. * @param array $fields An array containing the names of all the fields of the csv 
  635. * @return String The csv row 
  636. */ 
  637. protected static function make_csv_row_from_feedback( $post_id, $fields ) { 
  638. $content_fields = self::parse_fields_from_content( $post_id ); 
  639. $all_fields = array(); 
  640.  
  641. if ( isset( $content_fields['_feedback_all_fields'] ) ) 
  642. $all_fields = $content_fields['_feedback_all_fields']; 
  643.  
  644. // Overwrite the parsed content with the content we stored in post_meta in a better format. 
  645. $extra_fields = get_post_meta( $post_id, '_feedback_extra_fields', true ); 
  646. foreach ( $extra_fields as $extra_field => $extra_value ) { 
  647. $all_fields[$extra_field] = $extra_value; 
  648.  
  649. // The first element in all of the exports will be the subject 
  650. $row_items[] = $content_fields['_feedback_subject']; 
  651.  
  652. // Loop the fields array in order to fill the $row_items array correctly 
  653. foreach ( $fields as $field ) { 
  654. if ( $field === __( 'Contact Form', 'jetpack' ) ) // the first field will ever be the contact form, so we can continue 
  655. continue; 
  656. elseif ( array_key_exists( $field, $all_fields ) ) 
  657. $row_items[] = $all_fields[$field]; 
  658. else 
  659. $row_items[] = ''; 
  660.  
  661. return $row_items; 
  662.  
  663. public static function get_ip_address() { 
  664. return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null; 
  665.  
  666. /** 
  667. * Generic shortcode class. 
  668. * Does nothing other than store structured data and output the shortcode as a string 
  669. * 
  670. * Not very general - specific to Grunion. 
  671. */ 
  672. class Crunion_Contact_Form_Shortcode { 
  673. /** 
  674. * @var string the name of the shortcode: [$shortcode_name /] 
  675. */ 
  676. public $shortcode_name; 
  677.  
  678. /** 
  679. * @var array key => value pairs for the shortcode's attributes: [$shortcode_name key="value" ... /] 
  680. */ 
  681. public $attributes; 
  682.  
  683. /** 
  684. * @var array key => value pair for attribute defaults 
  685. */ 
  686. public $defaults = array(); 
  687.  
  688. /** 
  689. * @var null|string Null for selfclosing shortcodes. Hhe inner content of otherwise: [$shortcode_name]$content[/$shortcode_name] 
  690. */ 
  691. public $content; 
  692.  
  693. /** 
  694. * @var array Associative array of inner "child" shortcodes equivalent to the $content: [$shortcode_name][child 1/][child 2/][/$shortcode_name] 
  695. */ 
  696. public $fields; 
  697.  
  698. /** 
  699. * @var null|string The HTML of the parsed inner "child" shortcodes". Null for selfclosing shortcodes. 
  700. */ 
  701. public $body; 
  702.  
  703. /** 
  704. * @param array $attributes An associative array of shortcode attributes. @see shortcode_atts() 
  705. * @param null|string $content Null for selfclosing shortcodes. The inner content otherwise. 
  706. */ 
  707. function __construct( $attributes, $content = null ) { 
  708. $this->attributes = $this->unesc_attr( $attributes ); 
  709. if ( is_array( $content ) ) { 
  710. $string_content = ''; 
  711. foreach ( $content as $field ) { 
  712. $string_content .= (string) $field; 
  713.  
  714. $this->content = $string_content; 
  715. } else { 
  716. $this->content = $content; 
  717.  
  718. $this->parse_content( $this->content ); 
  719.  
  720. /** 
  721. * Processes the shortcode's inner content for "child" shortcodes 
  722. * 
  723. * @param string $content The shortcode's inner content: [shortcode]$content[/shortcode] 
  724. */ 
  725. function parse_content( $content ) { 
  726. if ( is_null( $content ) ) { 
  727. $this->body = null; 
  728.  
  729. $this->body = do_shortcode( $content ); 
  730.  
  731. /** 
  732. * Returns the value of the requested attribute. 
  733. * 
  734. * @param string $key The attribute to retrieve 
  735. * @return mixed 
  736. */ 
  737. function get_attribute( $key ) { 
  738. return isset( $this->attributes[$key] ) ? $this->attributes[$key] : null; 
  739.  
  740. function esc_attr( $value ) { 
  741. if ( is_array( $value ) ) { 
  742. return array_map( array( $this, 'esc_attr' ), $value ); 
  743.  
  744. $value = Grunion_Contact_Form_Plugin::strip_tags( $value ); 
  745. $value = _wp_specialchars( $value, ENT_QUOTES, false, true ); 
  746.  
  747. // Shortcode attributes can't contain "]" 
  748. $value = str_replace( ']', '', $value ); 
  749. $value = str_replace( ', ', ',', $value ); // store commas encoded 
  750. $value = strtr( $value, array( '%' => '%25', '&' => '%26' ) ); 
  751.  
  752. // shortcode_parse_atts() does stripcslashes() 
  753. $value = addslashes( $value ); 
  754. return $value; 
  755.  
  756. function unesc_attr( $value ) { 
  757. if ( is_array( $value ) ) { 
  758. return array_map( array( $this, 'unesc_attr' ), $value ); 
  759.  
  760. // For back-compat with old Grunion encoding 
  761. // Also, unencode commas 
  762. $value = strtr( $value, array( '%26' => '&', '%25' => '%' ) ); 
  763. $value = preg_replace( array( '/�*22;/i', '/�*27;/i', '/�*26;/i', '/�*2c;/i' ), array( '"', "'", '&', ', ' ), $value ); 
  764. $value = htmlspecialchars_decode( $value, ENT_QUOTES ); 
  765. $value = Grunion_Contact_Form_Plugin::strip_tags( $value ); 
  766.  
  767. return $value; 
  768.  
  769. /** 
  770. * Generates the shortcode 
  771. */ 
  772. function __toString() { 
  773. $r = "[{$this->shortcode_name} "; 
  774.  
  775. foreach ( $this->attributes as $key => $value ) { 
  776. if ( !$value ) { 
  777. continue; 
  778.  
  779. if ( isset( $this->defaults[$key] ) && $this->defaults[$key] == $value ) { 
  780. continue; 
  781.  
  782. if ( 'id' == $key ) { 
  783. continue; 
  784.  
  785. $value = $this->esc_attr( $value ); 
  786.  
  787. if ( is_array( $value ) ) { 
  788. $value = join( ', ', $value ); 
  789.  
  790. if ( false === strpos( $value, "'" ) ) { 
  791. $value = "'$value'"; 
  792. } elseif ( false === strpos( $value, '"' ) ) { 
  793. $value = '"' . $value . '"'; 
  794. } else { 
  795. // Shortcodes can't contain both '"' and "'". Strip one. 
  796. $value = str_replace( "'", '', $value ); 
  797. $value = "'$value'"; 
  798.  
  799. $r .= "{$key}={$value} "; 
  800.  
  801. $r = rtrim( $r ); 
  802.  
  803. if ( $this->fields ) { 
  804. $r .= ']'; 
  805.  
  806. foreach ( $this->fields as $field ) { 
  807. $r .= (string) $field; 
  808.  
  809. $r .= "[/{$this->shortcode_name}]"; 
  810. } else { 
  811. $r .= '/]'; 
  812.  
  813. return $r; 
  814.  
  815. /** 
  816. * Class for the contact-form shortcode. 
  817. * Parses shortcode to output the contact form as HTML 
  818. * Sends email and stores the contact form response (a.k.a. "feedback") 
  819. */ 
  820. class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode { 
  821. public $shortcode_name = 'contact-form'; 
  822.  
  823. /** 
  824. * @var WP_Error stores form submission errors 
  825. */ 
  826. public $errors; 
  827.  
  828. /** 
  829. * @var Grunion_Contact_Form The most recent (inclusive) contact-form shortcode processed 
  830. */ 
  831. static $last; 
  832.  
  833. /** 
  834. * @var Whatever form we are currently looking at. If processed, will become $last 
  835. */ 
  836. static $current_form; 
  837.  
  838. /** 
  839. * @var bool Whether to print the grunion.css style when processing the contact-form shortcode 
  840. */ 
  841. static $style = false; 
  842.  
  843. function __construct( $attributes, $content = null ) { 
  844. global $post; 
  845.  
  846. // Set up the default subject and recipient for this form 
  847. $default_to = ''; 
  848. $default_subject = "[" . get_option( 'blogname' ) . "]"; 
  849.  
  850. if ( !empty( $attributes['widget'] ) && $attributes['widget'] ) { 
  851. $default_to .= get_option( 'admin_email' ); 
  852. $attributes['id'] = 'widget-' . $attributes['widget']; 
  853. $default_subject = sprintf( _x( '%1$s Sidebar', '%1$s = blog name', 'jetpack' ), $default_subject ); 
  854. } else if ( $post ) { 
  855. $attributes['id'] = $post->ID; 
  856. $default_subject = sprintf( _x( '%1$s %2$s', '%1$s = blog name, %2$s = post title', 'jetpack' ), $default_subject, Grunion_Contact_Form_Plugin::strip_tags( $post->post_title ) ); 
  857. $post_author = get_userdata( $post->post_author ); 
  858. $default_to .= $post_author->user_email; 
  859.  
  860. // Keep reference to $this for parsing form fields 
  861. self::$current_form = $this; 
  862.  
  863. $this->defaults = array( 
  864. 'to' => $default_to,  
  865. 'subject' => $default_subject,  
  866. 'show_subject' => 'no', // only used in back-compat mode 
  867. 'widget' => 0, // Not exposed to the user. Works with Grunion_Contact_Form_Plugin::widget_atts() 
  868. 'id' => null, // Not exposed to the user. Set above. 
  869. 'submit_button_text' => __( 'Submit »', 'jetpack' ),  
  870. ); 
  871.  
  872. $attributes = shortcode_atts( $this->defaults, $attributes, 'contact-form' ); 
  873.  
  874. // We only enable the contact-field shortcode temporarily while processing the contact-form shortcode 
  875. Grunion_Contact_Form_Plugin::$using_contact_form_field = true; 
  876.  
  877. parent::__construct( $attributes, $content ); 
  878.  
  879. // There were no fields in the contact form. The form was probably just [contact-form /]. Build a default form. 
  880. if ( empty( $this->fields ) ) { 
  881. // same as the original Grunion v1 form 
  882. $default_form = ' 
  883. [contact-field label="' . __( 'Name', 'jetpack' ) . '" type="name" required="true" /] 
  884. [contact-field label="' . __( 'Email', 'jetpack' ) . '" type="email" required="true" /] 
  885. [contact-field label="' . __( 'Website', 'jetpack' ) . '" type="url" /]'; 
  886.  
  887. if ( 'yes' == strtolower( $this->get_attribute( 'show_subject' ) ) ) { 
  888. $default_form .= ' 
  889. [contact-field label="' . __( 'Subject', 'jetpack' ) . '" type="subject" /]'; 
  890.  
  891. $default_form .= ' 
  892. [contact-field label="' . __( 'Message', 'jetpack' ) . '" type="textarea" /]'; 
  893.  
  894. $this->parse_content( $default_form ); 
  895.  
  896. // Store the shortcode 
  897. $this->store_shortcode( $default_form, $attributes ); 
  898. } else { 
  899. // Store the shortcode 
  900. $this->store_shortcode( $content, $attributes ); 
  901.  
  902. // $this->body and $this->fields have been setup. We no longer need the contact-field shortcode. 
  903. Grunion_Contact_Form_Plugin::$using_contact_form_field = false; 
  904.  
  905. /** 
  906. * Store shortcode content for recall later 
  907. * - used to receate shortcode when user uses do_shortcode 
  908. * 
  909. * @param string $content 
  910. */ 
  911. static function store_shortcode( $content = null, $attributes = null ) { 
  912.  
  913. if ( $content != null and isset( $attributes['id'] ) ) { 
  914.  
  915. $shortcode_meta = get_post_meta( $attributes['id'], '_g_feedback_shortcode', true ); 
  916.  
  917. if ( $shortcode_meta != '' or $shortcode_meta != $content ) { 
  918. update_post_meta( $attributes['id'], '_g_feedback_shortcode', $content ); 
  919.  
  920.  
  921. /** 
  922. * Toggle for printing the grunion.css stylesheet 
  923. * 
  924. * @param bool $style 
  925. */ 
  926. static function style( $style ) { 
  927. $previous_style = self::$style; 
  928. self::$style = (bool) $style; 
  929. return $previous_style; 
  930.  
  931. /** 
  932. * Turn on printing of grunion.css stylesheet 
  933. * @see ::style() 
  934. * @internal 
  935. * @param bool $style 
  936. */ 
  937. static function _style_on() { 
  938. return self::style( true ); 
  939.  
  940. /** 
  941. * The contact-form shortcode processor 
  942. * 
  943. * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts() 
  944. * @param string|null $content The shortcode's inner content: [contact-form]$content[/contact-form] 
  945. * @return string HTML for the concat form. 
  946. */ 
  947. static function parse( $attributes, $content ) { 
  948. // Create a new Grunion_Contact_Form object (this class) 
  949. $form = new Grunion_Contact_Form( $attributes, $content ); 
  950.  
  951. $id = $form->get_attribute( 'id' ); 
  952.  
  953. if ( !$id ) { // something terrible has happened 
  954. return '[contact-form]'; 
  955.  
  956. if ( is_feed() ) { 
  957. return '[contact-form]'; 
  958.  
  959. // Only allow one contact form per post/widget 
  960. if ( self::$last && $id == self::$last->get_attribute( 'id' ) ) { 
  961. // We're processing the same post 
  962.  
  963. if ( self::$last->attributes != $form->attributes || self::$last->content != $form->content ) { 
  964. // And we're processing a different shortcode; 
  965. return ''; 
  966. } // else, we're processing the same shortcode - probably a separate run of do_shortcode() - let it through 
  967.  
  968. } else { 
  969. self::$last = $form; 
  970.  
  971. // Enqueue the grunion.css stylesheet if self::$style allows it 
  972. if ( self::$style && ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) ) { 
  973. // Enqueue the style here instead of printing it, because if some other plugin has run the_post()+rewind_posts(),  
  974. // (like VideoPress does), the style tag gets "printed" the first time and discarded, leaving the contact form unstyled. 
  975. // when WordPress does the real loop. 
  976. wp_enqueue_style( 'grunion.css' ); 
  977.  
  978. $r = ''; 
  979. $r .= "<div id='contact-form-$id'>\n"; 
  980.  
  981. if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() ) { 
  982. // There are errors. Display them 
  983. $r .= "<div class='form-error'>\n<h3>" . __( 'Error!', 'jetpack' ) . "</h3>\n<ul class='form-errors'>\n"; 
  984. foreach ( $form->errors->get_error_messages() as $message ) 
  985. $r .= "\t<li class='form-error-message'>" . esc_html( $message ) . "</li>\n"; 
  986. $r .= "</ul>\n</div>\n\n"; 
  987.  
  988. if ( isset( $_GET['contact-form-id'] ) && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' ) && isset( $_GET['contact-form-sent'] ) ) { 
  989. // The contact form was submitted. Show the success message/results 
  990.  
  991. $feedback_id = (int) $_GET['contact-form-sent']; 
  992.  
  993. $back_url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', '_wpnonce' ) ); 
  994.  
  995. $r_success_message = 
  996. "<h3>" . __( 'Message Sent', 'jetpack' ) . 
  997. ' (<a href="' . esc_url( $back_url ) . '">' . esc_html__( 'go back', 'jetpack' ) . '</a>)' . 
  998. "</h3>\n\n"; 
  999.  
  1000. // Don't show the feedback details unless the nonce matches 
  1001. if ( $feedback_id && wp_verify_nonce( stripslashes( $_GET['_wpnonce'] ), "contact-form-sent-{$feedback_id}" ) ) { 
  1002. $r_success_message .= self::success_message( $feedback_id, $form ); 
  1003.  
  1004. /** 
  1005. * Filter the message returned after a successfull contact form submission. 
  1006. * 
  1007. * @module contact-form 
  1008. * 
  1009. * @since 1.3.1 
  1010. * 
  1011. * @param string $r_success_message Success message. 
  1012. */ 
  1013. $r .= apply_filters( 'grunion_contact_form_success_message', $r_success_message ); 
  1014. } else { 
  1015. // Nothing special - show the normal contact form 
  1016.  
  1017. if ( $form->get_attribute( 'widget' ) ) { 
  1018. // Submit form to the current URL 
  1019. $url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', 'action', '_wpnonce' ) ); 
  1020. } else { 
  1021. // Submit form to the post permalink 
  1022. $url = get_permalink(); 
  1023.  
  1024. // For SSL/TLS page. See RFC 3986 Section 4.2 
  1025. $url = set_url_scheme( $url ); 
  1026.  
  1027. // May eventually want to send this to admin-post.php... 
  1028. /** 
  1029. * Filter the contact form action URL. 
  1030. * 
  1031. * @module contact-form 
  1032. * 
  1033. * @since 1.3.1 
  1034. * 
  1035. * @param string $contact_form_id Contact form post URL. 
  1036. * @param $post $GLOBALS['post'] Post global variable. 
  1037. * @param int $id Contact Form ID. 
  1038. */ 
  1039. $url = apply_filters( 'grunion_contact_form_form_action', "{$url}#contact-form-{$id}", $GLOBALS['post'], $id ); 
  1040.  
  1041. $r .= "<form action='" . esc_url( $url ) . "' method='post' class='contact-form commentsblock'>\n"; 
  1042. $r .= $form->body; 
  1043. $r .= "\t<p class='contact-submit'>\n"; 
  1044. $r .= "\t\t<input type='submit' value='" . esc_attr( $form->get_attribute( 'submit_button_text' ) ) . "' class='pushbutton-wide'/>\n"; 
  1045. if ( is_user_logged_in() ) { 
  1046. $r .= "\t\t" . wp_nonce_field( 'contact-form_' . $id, '_wpnonce', true, false ) . "\n"; // nonce and referer 
  1047. $r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n"; 
  1048. $r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n"; 
  1049. $r .= "\t</p>\n"; 
  1050. $r .= "</form>\n"; 
  1051.  
  1052. $r .= "</div>"; 
  1053.  
  1054. return $r; 
  1055.  
  1056. /** 
  1057. * Returns a success message to be returned if the form is sent via AJAX. 
  1058. * 
  1059. * @param int $feedback_id 
  1060. * @param object Grunion_Contact_Form $form 
  1061. * 
  1062. * @return string $message 
  1063. */ 
  1064. static function success_message( $feedback_id, $form ) { 
  1065. return wp_kses( 
  1066. '<blockquote class="contact-form-submission">' 
  1067. . '<p>' . join( self::get_compiled_form( $feedback_id, $form ), '</p><p>' ) . '</p>' 
  1068. . '</blockquote>',  
  1069. array( 'br' => array(), 'blockquote' => array( 'class' => array() ), 'p' => array() ) 
  1070. ); 
  1071.  
  1072. /** 
  1073. * Returns a compiled form with labels and values in a form of an array 
  1074. * of lines. 
  1075. * @param int $feedback_id 
  1076. * @param object Grunion_Contact_Form $form 
  1077. * 
  1078. * @return array $lines 
  1079. */ 
  1080. static function get_compiled_form( $feedback_id, $form ) { 
  1081. $feedback = get_post( $feedback_id ); 
  1082. $field_ids = $form->get_field_ids(); 
  1083. $content_fields = Grunion_Contact_Form_Plugin::parse_fields_from_content( $feedback_id ); 
  1084.  
  1085. // Maps field_ids to post_meta keys 
  1086. $field_value_map = array( 
  1087. 'name' => 'author',  
  1088. 'email' => 'author_email',  
  1089. 'url' => 'author_url',  
  1090. 'subject' => 'subject',  
  1091. 'textarea' => false, // not a post_meta key. This is stored in post_content 
  1092. ); 
  1093.  
  1094. $compiled_form = array(); 
  1095.  
  1096. // "Standard" field whitelist 
  1097. foreach ( $field_value_map as $type => $meta_key ) { 
  1098. if ( isset( $field_ids[$type] ) ) { 
  1099. $field = $form->fields[$field_ids[$type]]; 
  1100.  
  1101. if ( $meta_key ) { 
  1102. if ( isset( $content_fields["_feedback_{$meta_key}"] ) ) 
  1103. $value = $content_fields["_feedback_{$meta_key}"]; 
  1104. } else { 
  1105. // The feedback content is stored as the first "half" of post_content 
  1106. $value = $feedback->post_content; 
  1107. list( $value ) = explode( '<!--more-->', $value ); 
  1108. $value = trim( $value ); 
  1109.  
  1110. $field_index = array_search( $field_ids[ $type ], $field_ids['all'] ); 
  1111. $compiled_form[ $field_index ] = sprintf( 
  1112. '<b>%1$s:</b> %2$s<br /><br />',  
  1113. wp_kses( $field->get_attribute( 'label' ), array() ),  
  1114. nl2br( wp_kses( $value, array() ) ) 
  1115. ); 
  1116.  
  1117. // "Non-standard" fields 
  1118. if ( $field_ids['extra'] ) { 
  1119. // array indexed by field label (not field id) 
  1120. $extra_fields = get_post_meta( $feedback_id, '_feedback_extra_fields', true ); 
  1121. $extra_field_keys = array_keys( $extra_fields ); 
  1122.  
  1123. $i = 0; 
  1124. foreach ( $field_ids['extra'] as $field_id ) { 
  1125. $field = $form->fields[$field_id]; 
  1126. $field_index = array_search( $field_id, $field_ids['all'] ); 
  1127.  
  1128. $label = $field->get_attribute( 'label' ); 
  1129.  
  1130. $compiled_form[ $field_index ] = sprintf( 
  1131. '<b>%1$s:</b> %2$s<br /><br />',  
  1132. wp_kses( $label, array() ),  
  1133. nl2br( wp_kses( $extra_fields[$extra_field_keys[$i]], array() ) ) 
  1134. ); 
  1135.  
  1136. $i++; 
  1137.  
  1138. // Sorting lines by the field index 
  1139. ksort( $compiled_form ); 
  1140.  
  1141. return $compiled_form; 
  1142.  
  1143. /** 
  1144. * The contact-field shortcode processor 
  1145. * We use an object method here instead of a static Grunion_Contact_Form_Field class method to parse contact-field shortcodes so that we can tie them to the contact-form object. 
  1146. * 
  1147. * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts() 
  1148. * @param string|null $content The shortcode's inner content: [contact-field]$content[/contact-field] 
  1149. * @return HTML for the contact form field 
  1150. */ 
  1151. static function parse_contact_field( $attributes, $content ) { 
  1152. // Don't try to parse contact form fields if not inside a contact form 
  1153. if ( ! Grunion_Contact_Form_Plugin::$using_contact_form_field ) { 
  1154. $att_strs = array(); 
  1155. foreach ( $attributes as $att => $val ) { 
  1156. if ( is_numeric( $att ) ) { // Is a valueless attribute 
  1157. $att_strs[] = esc_html( $val ); 
  1158. } else if ( isset( $val ) ) { // A regular attr - value pair 
  1159. $att_strs[] = esc_html( $att ) . '=\'' . esc_html( $val ) . '\''; 
  1160.  
  1161. $html = '[contact-field ' . implode( ' ', $att_strs ); 
  1162.  
  1163. if ( isset( $content ) && ! empty( $content ) ) { // If there is content, let's add a closing tag 
  1164. $html .= ']' . esc_html( $content ) . '[/contact-field]'; 
  1165. } else { // Otherwise let's add a closing slash in the first tag 
  1166. $html .= '/]'; 
  1167.  
  1168. return $html; 
  1169.  
  1170. $form = Grunion_Contact_Form::$current_form; 
  1171.  
  1172. $field = new Grunion_Contact_Form_Field( $attributes, $content, $form ); 
  1173.  
  1174. $field_id = $field->get_attribute( 'id' ); 
  1175. if ( $field_id ) { 
  1176. $form->fields[$field_id] = $field; 
  1177. } else { 
  1178. $form->fields[] = $field; 
  1179.  
  1180. if ( 
  1181. isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action'] 
  1182. && 
  1183. isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id'] 
  1184. ) { 
  1185. // If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary. 
  1186. $field->validate(); 
  1187.  
  1188. // Output HTML 
  1189. return $field->render(); 
  1190.  
  1191. /** 
  1192. * Loops through $this->fields to generate a (structured) list of field IDs 
  1193. * @return array 
  1194. */ 
  1195. function get_field_ids() { 
  1196. $field_ids = array( 
  1197. 'all' => array(), // array of all field_ids 
  1198. 'extra' => array(), // array of all non-whitelisted field IDs 
  1199.  
  1200. // Whitelisted "standard" field IDs: 
  1201. // 'email' => field_id,  
  1202. // 'name' => field_id,  
  1203. // 'url' => field_id,  
  1204. // 'subject' => field_id,  
  1205. // 'textarea' => field_id,  
  1206. ); 
  1207.  
  1208. foreach ( $this->fields as $id => $field ) { 
  1209. $field_ids['all'][] = $id; 
  1210.  
  1211. $type = $field->get_attribute( 'type' ); 
  1212. if ( isset( $field_ids[$type] ) ) { 
  1213. // This type of field is already present in our whitelist of "standard" fields for this form 
  1214. // Put it in extra 
  1215. $field_ids['extra'][] = $id; 
  1216. continue; 
  1217.  
  1218. switch ( $type ) { 
  1219. case 'email' : 
  1220. case 'telephone' : 
  1221. case 'name' : 
  1222. case 'url' : 
  1223. case 'subject' : 
  1224. case 'textarea' : 
  1225. $field_ids[$type] = $id; 
  1226. break; 
  1227. default : 
  1228. // Put everything else in extra 
  1229. $field_ids['extra'][] = $id; 
  1230.  
  1231. return $field_ids; 
  1232.  
  1233. /** 
  1234. * Process the contact form's POST submission 
  1235. * Stores feedback. Sends email. 
  1236. */ 
  1237. function process_submission() { 
  1238. global $post; 
  1239.  
  1240. $plugin = Grunion_Contact_Form_Plugin::init(); 
  1241.  
  1242. $id = $this->get_attribute( 'id' ); 
  1243. $to = $this->get_attribute( 'to' ); 
  1244. $widget = $this->get_attribute( 'widget' ); 
  1245.  
  1246. $contact_form_subject = $this->get_attribute( 'subject' ); 
  1247.  
  1248. $to = str_replace( ' ', '', $to ); 
  1249. $emails = explode( ', ', $to ); 
  1250.  
  1251. $valid_emails = array(); 
  1252.  
  1253. foreach ( (array) $emails as $email ) { 
  1254. if ( !is_email( $email ) ) { 
  1255. continue; 
  1256.  
  1257. if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $email ) ) { 
  1258. continue; 
  1259.  
  1260. $valid_emails[] = $email; 
  1261.  
  1262. // No one to send it to, which means none of the "to" attributes are valid emails. 
  1263. // Use default email instead. 
  1264. if ( !$valid_emails ) { 
  1265. $valid_emails = $this->defaults['to']; 
  1266.  
  1267. $to = $valid_emails; 
  1268.  
  1269. // Last ditch effort to set a recipient if somehow none have been set. 
  1270. if ( empty( $to ) ) { 
  1271. $to = get_option( 'admin_email' ); 
  1272.  
  1273. // Make sure we're processing the form we think we're processing... probably a redundant check. 
  1274. if ( $widget ) { 
  1275. if ( 'widget-' . $widget != $_POST['contact-form-id'] ) { 
  1276. return false; 
  1277. } else { 
  1278. if ( $post->ID != $_POST['contact-form-id'] ) { 
  1279. return false; 
  1280.  
  1281. $field_ids = $this->get_field_ids(); 
  1282.  
  1283. // Initialize all these "standard" fields to null 
  1284. $comment_author_email = $comment_author_email_label = // v 
  1285. $comment_author = $comment_author_label = // v 
  1286. $comment_author_url = $comment_author_url_label = // v 
  1287. $comment_content = $comment_content_label = null; 
  1288.  
  1289. // For each of the "standard" fields, grab their field label and value. 
  1290.  
  1291. if ( isset( $field_ids['name'] ) ) { 
  1292. $field = $this->fields[$field_ids['name']]; 
  1293. $comment_author = Grunion_Contact_Form_Plugin::strip_tags( 
  1294. stripslashes( 
  1295. /** This filter is already documented in core/wp-includes/comment-functions.php */ 
  1296. apply_filters( 'pre_comment_author_name', addslashes( $field->value ) ) 
  1297. ); 
  1298. $comment_author_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1299.  
  1300. if ( isset( $field_ids['email'] ) ) { 
  1301. $field = $this->fields[$field_ids['email']]; 
  1302. $comment_author_email = Grunion_Contact_Form_Plugin::strip_tags( 
  1303. stripslashes( 
  1304. /** This filter is already documented in core/wp-includes/comment-functions.php */ 
  1305. apply_filters( 'pre_comment_author_email', addslashes( $field->value ) ) 
  1306. ); 
  1307. $comment_author_email_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1308.  
  1309. if ( isset( $field_ids['url'] ) ) { 
  1310. $field = $this->fields[$field_ids['url']]; 
  1311. $comment_author_url = Grunion_Contact_Form_Plugin::strip_tags( 
  1312. stripslashes( 
  1313. /** This filter is already documented in core/wp-includes/comment-functions.php */ 
  1314. apply_filters( 'pre_comment_author_url', addslashes( $field->value ) ) 
  1315. ); 
  1316. if ( 'http://' == $comment_author_url ) { 
  1317. $comment_author_url = ''; 
  1318. $comment_author_url_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1319.  
  1320. if ( isset( $field_ids['textarea'] ) ) { 
  1321. $field = $this->fields[$field_ids['textarea']]; 
  1322. $comment_content = trim( Grunion_Contact_Form_Plugin::strip_tags( $field->value ) ); 
  1323. $comment_content_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) ); 
  1324.  
  1325. if ( isset( $field_ids['subject'] ) ) { 
  1326. $field = $this->fields[$field_ids['subject']]; 
  1327. if ( $field->value ) { 
  1328. $contact_form_subject = Grunion_Contact_Form_Plugin::strip_tags( $field->value ); 
  1329.  
  1330. $all_values = $extra_values = array(); 
  1331. $i = 1; // Prefix counter for stored metadata 
  1332.  
  1333. // For all fields, grab label and value 
  1334. foreach ( $field_ids['all'] as $field_id ) { 
  1335. $field = $this->fields[$field_id]; 
  1336. $label = $i . '_' . $field->get_attribute( 'label' ); 
  1337. $value = $field->value; 
  1338.  
  1339. $all_values[$label] = $value; 
  1340. $i++; // Increment prefix counter for the next field 
  1341.  
  1342. // For the "non-standard" fields, grab label and value 
  1343. // Extra fields have their prefix starting from count( $all_values ) + 1 
  1344. foreach ( $field_ids['extra'] as $field_id ) { 
  1345. $field = $this->fields[$field_id]; 
  1346. $label = $i . '_' . $field->get_attribute( 'label' ); 
  1347. $value = $field->value; 
  1348.  
  1349. if ( is_array( $value ) ) { 
  1350. $value = implode( ', ', $value ); 
  1351.  
  1352. $extra_values[$label] = $value; 
  1353. $i++; // Increment prefix counter for the next extra field 
  1354.  
  1355. $contact_form_subject = trim( $contact_form_subject ); 
  1356.  
  1357. $comment_author_IP = Grunion_Contact_Form_Plugin::get_ip_address(); 
  1358.  
  1359. $vars = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP' ); 
  1360. foreach ( $vars as $var ) 
  1361. $$var = str_replace( array( "\n", "\r" ), '', $$var ); 
  1362.  
  1363. // Ensure that Akismet gets all of the relevant information from the contact form,  
  1364. // not just the textarea field and predetermined subject. 
  1365. $akismet_vars = compact( $vars ); 
  1366. $akismet_vars['comment_content'] = $comment_content; 
  1367.  
  1368. foreach ( array_merge( $field_ids['all'], $field_ids['extra'] ) as $field_id ) { 
  1369. $field = $this->fields[$field_id]; 
  1370.  
  1371. // Normalize the label into a slug. 
  1372. $field_slug = trim( // Strip all leading/trailing dashes. 
  1373. preg_replace( // Normalize everything to a-z0-9_- 
  1374. '/[^a-z0-9_]+/',  
  1375. '-',  
  1376. strtolower( $field->get_attribute( 'label' ) ) // Lowercase 
  1377. ),  
  1378. '-' 
  1379. ); 
  1380.  
  1381. $field_value = ( is_array( $field->value ) ) ? trim( implode( ', ', $field->value ) ) : trim( $field->value ); 
  1382.  
  1383. // Skip any values that are already in the array we're sending. 
  1384. if ( $field_value && in_array( $field_value, $akismet_vars ) ) { 
  1385. continue; 
  1386.  
  1387. $akismet_vars[ 'contact_form_field_' . $field_slug ] = $field_value; 
  1388.  
  1389. $spam = ''; 
  1390. $akismet_values = $plugin->prepare_for_akismet( $akismet_vars ); 
  1391.  
  1392. // Is it spam? 
  1393. /** This filter is already documented in modules/contact-form/admin.php */ 
  1394. $is_spam = apply_filters( 'jetpack_contact_form_is_spam', false, $akismet_values ); 
  1395. if ( is_wp_error( $is_spam ) ) // WP_Error to abort 
  1396. return $is_spam; // abort 
  1397. elseif ( $is_spam === TRUE ) // TRUE to flag a spam 
  1398. $spam = '***SPAM*** '; 
  1399.  
  1400. if ( !$comment_author ) 
  1401. $comment_author = $comment_author_email; 
  1402.  
  1403. /** 
  1404. * Filter the email where a submitted feedback is sent. 
  1405. * 
  1406. * @module contact-form 
  1407. * 
  1408. * @since 1.3.1 
  1409. * 
  1410. * @param string|array $to Array of valid email addresses, or single email address. 
  1411. */ 
  1412. $to = (array) apply_filters( 'contact_form_to', $to ); 
  1413. foreach ( $to as $to_key => $to_value ) { 
  1414. $to[$to_key] = Grunion_Contact_Form_Plugin::strip_tags( $to_value ); 
  1415.  
  1416. $blog_url = parse_url( site_url() ); 
  1417. $from_email_addr = 'wordpress@' . $blog_url['host']; 
  1418.  
  1419. $reply_to_addr = $to[0]; 
  1420. if ( ! empty( $comment_author_email ) ) { 
  1421. $reply_to_addr = $comment_author_email; 
  1422.  
  1423. $headers = 'From: "' . $comment_author .'" <' . $from_email_addr . ">\r\n" . 
  1424. 'Reply-To: "' . $comment_author . '" <' . $reply_to_addr . ">\r\n" . 
  1425. "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\""; 
  1426.  
  1427. /** This filter is already documented in modules/contact-form/admin.php */ 
  1428. $subject = apply_filters( 'contact_form_subject', $contact_form_subject, $all_values ); 
  1429. $url = $widget ? home_url( '/' ) : get_permalink( $post->ID ); 
  1430.  
  1431. $date_time_format = _x( '%1$s \a\t %2$s', '{$date_format} \a\t {$time_format}', 'jetpack' ); 
  1432. $date_time_format = sprintf( $date_time_format, get_option( 'date_format' ), get_option( 'time_format' ) ); 
  1433. $time = date_i18n( $date_time_format, current_time( 'timestamp' ) ); 
  1434.  
  1435. // keep a copy of the feedback as a custom post type 
  1436. $feedback_time = current_time( 'mysql' ); 
  1437. $feedback_title = "{$comment_author} - {$feedback_time}"; 
  1438. $feedback_status = $is_spam === TRUE ? 'spam' : 'publish'; 
  1439.  
  1440. foreach ( (array) $akismet_values as $av_key => $av_value ) { 
  1441. $akismet_values[$av_key] = Grunion_Contact_Form_Plugin::strip_tags( $av_value ); 
  1442.  
  1443. foreach ( (array) $all_values as $all_key => $all_value ) { 
  1444. $all_values[$all_key] = Grunion_Contact_Form_Plugin::strip_tags( $all_value ); 
  1445.  
  1446. foreach ( (array) $extra_values as $ev_key => $ev_value ) { 
  1447. $extra_values[$ev_key] = Grunion_Contact_Form_Plugin::strip_tags( $ev_value ); 
  1448.  
  1449. /** We need to make sure that the post author is always zero for contact 
  1450. * form submissions. This prevents export/import from trying to create 
  1451. * new users based on form submissions from people who were logged in 
  1452. * at the time. 
  1453. * 
  1454. * Unfortunately wp_insert_post() tries very hard to make sure the post 
  1455. * author gets the currently logged in user id. That is how we ended up 
  1456. * with this work around. */ 
  1457. add_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 ); 
  1458.  
  1459. $post_id = wp_insert_post( array( 
  1460. 'post_date' => addslashes( $feedback_time ),  
  1461. 'post_type' => 'feedback',  
  1462. 'post_status' => addslashes( $feedback_status ),  
  1463. 'post_parent' => (int) $post->ID,  
  1464. 'post_title' => addslashes( wp_kses( $feedback_title, array() ) ),  
  1465. 'post_content' => addslashes( wp_kses( $comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$subject}\nIP: {$comment_author_IP}\n" . print_r( $all_values, TRUE ), array() ) ), // so that search will pick up this data 
  1466. 'post_name' => md5( $feedback_title ),  
  1467. ) ); 
  1468.  
  1469. // once insert has finished we don't need this filter any more 
  1470. remove_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 ); 
  1471.  
  1472. update_post_meta( $post_id, '_feedback_extra_fields', $this->addslashes_deep( $extra_values ) ); 
  1473. update_post_meta( $post_id, '_feedback_akismet_values', $this->addslashes_deep( $akismet_values ) ); 
  1474.  
  1475. $message = self::get_compiled_form( $post_id, $this ); 
  1476.  
  1477. array_push( 
  1478. $message,  
  1479. "", // Empty line left intentionally 
  1480. __( 'Time:', 'jetpack' ) . ' ' . $time . '<br />',  
  1481. __( 'IP Address:', 'jetpack' ) . ' ' . $comment_author_IP . '<br />',  
  1482. __( 'Contact Form URL:', 'jetpack' ) . " " . $url . '<br />' 
  1483. ); 
  1484.  
  1485. if ( is_user_logged_in() ) { 
  1486. array_push( 
  1487. $message,  
  1488. "",  
  1489. sprintf( 
  1490. __( 'Sent by a verified %s user.', 'jetpack' ),  
  1491. isset( $GLOBALS['current_site']->site_name ) && $GLOBALS['current_site']->site_name ? 
  1492. $GLOBALS['current_site']->site_name : '"' . get_option( 'blogname' ) . '"' 
  1493. ); 
  1494. } else { 
  1495. array_push( $message, __( 'Sent by an unverified visitor to your site.', 'jetpack' ) ); 
  1496.  
  1497. $message = join( $message, "" ); 
  1498. /** 
  1499. * Filters the message sent via email after a successfull form submission. 
  1500. * 
  1501. * @module contact-form 
  1502. * 
  1503. * @since 1.3.1 
  1504. * 
  1505. * @param string $message Feedback email message. 
  1506. */ 
  1507. $message = apply_filters( 'contact_form_message', $message ); 
  1508.  
  1509. update_post_meta( $post_id, '_feedback_email', $this->addslashes_deep( compact( 'to', 'message' ) ) ); 
  1510.  
  1511. /** 
  1512. * Fires right before the contact form message is sent via email to 
  1513. * the recipient specified in the contact form. 
  1514. * 
  1515. * @module contact-form 
  1516. * 
  1517. * @since 1.3.1 
  1518. * 
  1519. * @param integer $post_id Post contact form lives on 
  1520. * @param array $all_values Contact form fields 
  1521. * @param array $extra_values Contact form fields not included in $all_values 
  1522. */ 
  1523. do_action( 'grunion_pre_message_sent', $post_id, $all_values, $extra_values ); 
  1524.  
  1525. // schedule deletes of old spam feedbacks 
  1526. if ( ! wp_next_scheduled( 'grunion_scheduled_delete' ) ) { 
  1527. wp_schedule_event( time() + 250, 'daily', 'grunion_scheduled_delete' ); 
  1528.  
  1529. if ( 
  1530. $is_spam !== TRUE && 
  1531. /** 
  1532. * Filter to choose whether an email should be sent after each successfull contact form submission. 
  1533. * 
  1534. * @module contact-form 
  1535. * 
  1536. * @since 2.6.0 
  1537. * 
  1538. * @param bool true Should an email be sent after a form submission. Default to true. 
  1539. * @param int $post_id Post ID. 
  1540. */ 
  1541. true === apply_filters( 'grunion_should_send_email', true, $post_id ) 
  1542. ) { 
  1543. wp_mail( $to, "{$spam}{$subject}", $message, $headers ); 
  1544. } elseif ( 
  1545. true === $is_spam && 
  1546. /** 
  1547. * Choose whether an email should be sent for each spam contact form submission. 
  1548. * 
  1549. * @module contact-form 
  1550. * 
  1551. * @since 1.3.1 
  1552. * 
  1553. * @param bool false Should an email be sent after a spam form submission. Default to false. 
  1554. */ 
  1555. apply_filters( 'grunion_still_email_spam', FALSE ) == TRUE 
  1556. ) { // don't send spam by default. Filterable. 
  1557. wp_mail( $to, "{$spam}{$subject}", $message, $headers ); 
  1558.  
  1559. if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { 
  1560. return self::success_message( $post_id, $this ); 
  1561.  
  1562. $redirect = wp_get_referer(); 
  1563. if ( !$redirect ) { // wp_get_referer() returns false if the referer is the same as the current page 
  1564. $redirect = $_SERVER['REQUEST_URI']; 
  1565.  
  1566. $redirect = add_query_arg( urlencode_deep( array( 
  1567. 'contact-form-id' => $id,  
  1568. 'contact-form-sent' => $post_id,  
  1569. '_wpnonce' => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :( 
  1570. ) ), $redirect ); 
  1571.  
  1572. /** 
  1573. * Filter the URL where the reader is redirected after submitting a form. 
  1574. * 
  1575. * @module contact-form 
  1576. * 
  1577. * @since 1.9.0 
  1578. * 
  1579. * @param string $redirect Post submission URL. 
  1580. * @param int $id Contact Form ID. 
  1581. * @param int $post_id Post ID. 
  1582. */ 
  1583. $redirect = apply_filters( 'grunion_contact_form_redirect_url', $redirect, $id, $post_id ); 
  1584.  
  1585. wp_safe_redirect( $redirect ); 
  1586. exit; 
  1587.  
  1588. function addslashes_deep( $value ) { 
  1589. if ( is_array( $value ) ) { 
  1590. return array_map( array( $this, 'addslashes_deep' ), $value ); 
  1591. } elseif ( is_object( $value ) ) { 
  1592. $vars = get_object_vars( $value ); 
  1593. foreach ( $vars as $key => $data ) { 
  1594. $value->{$key} = $this->addslashes_deep( $data ); 
  1595. return $value; 
  1596.  
  1597. return addslashes( $value ); 
  1598.  
  1599. /** 
  1600. * Class for the contact-field shortcode. 
  1601. * Parses shortcode to output the contact form field as HTML. 
  1602. * Validates input. 
  1603. */ 
  1604. class Grunion_Contact_Form_Field extends Crunion_Contact_Form_Shortcode { 
  1605. public $shortcode_name = 'contact-field'; 
  1606.  
  1607. /** 
  1608. * @var Grunion_Contact_Form parent form 
  1609. */ 
  1610. public $form; 
  1611.  
  1612. /** 
  1613. * @var string default or POSTed value 
  1614. */ 
  1615. public $value; 
  1616.  
  1617. /** 
  1618. * @var bool Is the input invalid? 
  1619. */ 
  1620. public $error = false; 
  1621.  
  1622. /** 
  1623. * @param array $attributes An associative array of shortcode attributes. @see shortcode_atts() 
  1624. * @param null|string $content Null for selfclosing shortcodes. The inner content otherwise. 
  1625. * @param Grunion_Contact_Form $form The parent form 
  1626. */ 
  1627. function __construct( $attributes, $content = null, $form = null ) { 
  1628. $attributes = shortcode_atts( array( 
  1629. 'label' => null,  
  1630. 'type' => 'text',  
  1631. 'required' => false,  
  1632. 'options' => array(),  
  1633. 'id' => null,  
  1634. 'default' => null,  
  1635. 'placeholder' => null,  
  1636. ), $attributes, 'contact-field' ); 
  1637.  
  1638. // special default for subject field 
  1639. if ( 'subject' == $attributes['type'] && is_null( $attributes['default'] ) && !is_null( $form ) ) { 
  1640. $attributes['default'] = $form->get_attribute( 'subject' ); 
  1641.  
  1642. // allow required=1 or required=true 
  1643. if ( '1' == $attributes['required'] || 'true' == strtolower( $attributes['required'] ) ) 
  1644. $attributes['required'] = true; 
  1645. else 
  1646. $attributes['required'] = false; 
  1647.  
  1648. // parse out comma-separated options list (for selects, radios, and checkbox-multiples) 
  1649. if ( !empty( $attributes['options'] ) && is_string( $attributes['options'] ) ) { 
  1650. $attributes['options'] = array_map( 'trim', explode( ', ', $attributes['options'] ) ); 
  1651.  
  1652. if ( $form ) { 
  1653. // make a unique field ID based on the label, with an incrementing number if needed to avoid clashes 
  1654. $form_id = $form->get_attribute( 'id' ); 
  1655. $id = isset( $attributes['id'] ) ? $attributes['id'] : false; 
  1656.  
  1657. $unescaped_label = $this->unesc_attr( $attributes['label'] ); 
  1658. $unescaped_label = str_replace( '%', '-', $unescaped_label ); // jQuery doesn't like % in IDs? 
  1659. $unescaped_label = preg_replace( '/[^a-zA-Z0-9.-_:]/', '', $unescaped_label ); 
  1660.  
  1661. if ( empty( $id ) ) { 
  1662. $id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label ); 
  1663. $i = 0; 
  1664. $max_tries = 99; 
  1665. while ( isset( $form->fields[$id] ) ) { 
  1666. $i++; 
  1667. $id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label . '-' . $i ); 
  1668.  
  1669. if ( $i > $max_tries ) { 
  1670. break; 
  1671.  
  1672. $attributes['id'] = $id; 
  1673.  
  1674. parent::__construct( $attributes, $content ); 
  1675.  
  1676. // Store parent form 
  1677. $this->form = $form; 
  1678.  
  1679. /** 
  1680. * This field's input is invalid. Flag as invalid and add an error to the parent form 
  1681. * 
  1682. * @param string $message The error message to display on the form. 
  1683. */ 
  1684. function add_error( $message ) { 
  1685. $this->is_error = true; 
  1686.  
  1687. if ( !is_wp_error( $this->form->errors ) ) { 
  1688. $this->form->errors = new WP_Error; 
  1689.  
  1690. $this->form->errors->add( $this->get_attribute( 'id' ), $message ); 
  1691.  
  1692. /** 
  1693. * Is the field input invalid? 
  1694. * 
  1695. * @see $error 
  1696. * 
  1697. * @return bool 
  1698. */ 
  1699. function is_error() { 
  1700. return $this->error; 
  1701.  
  1702. /** 
  1703. * Validates the form input 
  1704. */ 
  1705. function validate() { 
  1706. // If it's not required, there's nothing to validate 
  1707. if ( !$this->get_attribute( 'required' ) ) { 
  1708. return; 
  1709.  
  1710. $field_id = $this->get_attribute( 'id' ); 
  1711. $field_type = $this->get_attribute( 'type' ); 
  1712. $field_label = $this->get_attribute( 'label' ); 
  1713.  
  1714. $field_value = isset( $_POST[$field_id] ) ? stripslashes( $_POST[$field_id] ) : ''; 
  1715.  
  1716. switch ( $field_type ) { 
  1717. case 'email' : 
  1718. // Make sure the email address is valid 
  1719. if ( !is_email( $field_value ) ) { 
  1720. $this->add_error( sprintf( __( '%s requires a valid email address', 'jetpack' ), $field_label ) ); 
  1721. break; 
  1722. default : 
  1723. // Just check for presence of any text 
  1724. if ( !strlen( trim( $field_value ) ) ) { 
  1725. $this->add_error( sprintf( __( '%s is required', 'jetpack' ), $field_label ) ); 
  1726.  
  1727. /** 
  1728. * Outputs the HTML for this form field 
  1729. * 
  1730. * @return string HTML 
  1731. */ 
  1732. function render() { 
  1733. global $current_user, $user_identity; 
  1734.  
  1735. $r = ''; 
  1736.  
  1737. $field_id = $this->get_attribute( 'id' ); 
  1738. $field_type = $this->get_attribute( 'type' ); 
  1739. $field_label = $this->get_attribute( 'label' ); 
  1740. $field_required = $this->get_attribute( 'required' ); 
  1741. $placeholder = $this->get_attribute( 'placeholder' ); 
  1742. $field_placeholder = ( ! empty( $placeholder ) ) ? "placeholder='" . esc_attr( $placeholder ) . "'" : ''; 
  1743.  
  1744. if ( isset( $_POST[ $field_id ] ) ) { 
  1745. if ( is_array( $_POST[ $field_id ] ) ) { 
  1746. $this->value = array_map( 'stripslashes', $_POST[ $field_id ] ); 
  1747. } else { 
  1748. $this->value = stripslashes( (string) $_POST[ $field_id ] ); 
  1749. } elseif ( isset( $_GET[ $field_id ] ) ) { 
  1750. $this->value = stripslashes( (string) $_GET[ $field_id ] ); 
  1751. } elseif ( 
  1752. is_user_logged_in() && 
  1753. ( ( defined( 'IS_WPCOM' ) && IS_WPCOM ) || 
  1754. /** 
  1755. * Allow third-party tools to prefill the contact form with the user's details when they're logged in. 
  1756. * 
  1757. * @module contact-form 
  1758. * 
  1759. * @since 3.2.0 
  1760. * 
  1761. * @param bool false Should the Contact Form be prefilled with your details when you're logged in. Default to false. 
  1762. */ 
  1763. true === apply_filters( 'jetpack_auto_fill_logged_in_user', false ) 
  1764. ) { 
  1765. // Special defaults for logged-in users 
  1766. switch ( $this->get_attribute( 'type' ) ) { 
  1767. case 'email' : 
  1768. $this->value = $current_user->data->user_email; 
  1769. break; 
  1770. case 'name' : 
  1771. $this->value = $user_identity; 
  1772. break; 
  1773. case 'url' : 
  1774. $this->value = $current_user->data->user_url; 
  1775. break; 
  1776. default : 
  1777. $this->value = $this->get_attribute( 'default' ); 
  1778. } else { 
  1779. $this->value = $this->get_attribute( 'default' ); 
  1780.  
  1781. $field_value = Grunion_Contact_Form_Plugin::strip_tags( $this->value ); 
  1782. $field_label = Grunion_Contact_Form_Plugin::strip_tags( $field_label ); 
  1783.  
  1784. switch ( $field_type ) { 
  1785. case 'email' : 
  1786. $r .= "\n<div>\n"; 
  1787. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label email" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1788. $r .= "\t\t<input type='email' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='email' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1789. $r .= "\t</div>\n"; 
  1790. break; 
  1791. case 'telephone' : 
  1792. $r .= "\n<div>\n"; 
  1793. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label telephone" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1794. $r .= "\t\t<input type='tel' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='telephone' " . $field_placeholder . "/>\n"; 
  1795. case 'textarea' : 
  1796. $r .= "\n<div>\n"; 
  1797. $r .= "\t\t<label for='contact-form-comment-" . esc_attr( $field_id ) . "' class='grunion-field-label textarea" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1798. $r .= "\t\t<textarea name='" . esc_attr( $field_id ) . "' id='contact-form-comment-" . esc_attr( $field_id ) . "' rows='20' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . ">" . esc_textarea( $field_value ) . "</textarea>\n"; 
  1799. $r .= "\t</div>\n"; 
  1800. break; 
  1801. case 'radio' : 
  1802. $r .= "\t<div><label class='grunion-field-label" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1803. foreach ( $this->get_attribute( 'options' ) as $option ) { 
  1804. $option = Grunion_Contact_Form_Plugin::strip_tags( $option ); 
  1805. $r .= "\t\t<label class='grunion-radio-label radio" . ( $this->is_error() ? ' form-error' : '' ) . "'>"; 
  1806. $r .= "<input type='radio' name='" . esc_attr( $field_id ) . "' value='" . esc_attr( $option ) . "' class='radio' " . checked( $option, $field_value, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> "; 
  1807. $r .= esc_html( $option ) . "</label>\n"; 
  1808. $r .= "\t\t<div class='clear-form'></div>\n"; 
  1809. $r .= "\t\t</div>\n"; 
  1810. break; 
  1811. case 'checkbox' : 
  1812. $r .= "\t<div>\n"; 
  1813. $r .= "\t\t<label class='grunion-field-label checkbox" . ( $this->is_error() ? ' form-error' : '' ) . "'>\n"; 
  1814. $r .= "\t\t<input type='checkbox' name='" . esc_attr( $field_id ) . "' value='" . esc_attr__( 'Yes', 'jetpack' ) . "' class='checkbox' " . checked( (bool) $field_value, true, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> \n"; 
  1815. $r .= "\t\t" . esc_html( $field_label ) . ( $field_required ? '<span>'. __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1816. $r .= "\t\t<div class='clear-form'></div>\n"; 
  1817. $r .= "\t</div>\n"; 
  1818. break; 
  1819. case 'checkbox-multiple' : 
  1820. $r .= "\t<div><label class='grunion-field-label" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1821. foreach ( $this->get_attribute( 'options' ) as $option ) { 
  1822. $option = Grunion_Contact_Form_Plugin::strip_tags( $option ); 
  1823. $r .= "\t\t<label class='grunion-checkbox-multiple-label checkbox-multiple" . ( $this->is_error() ? ' form-error' : '' ) . "'>"; 
  1824. $r .= "<input type='checkbox' name='" . esc_attr( $field_id ) . "[]' value='" . esc_attr( $option ) . "' class='checkbox-multiple' " . checked( in_array( $option, (array) $field_value ), true, false ) . " /> "; 
  1825. $r .= esc_html( $option ) . "</label>\n"; 
  1826. $r .= "\t\t<div class='clear-form'></div>\n"; 
  1827. $r .= "\t\t</div>\n"; 
  1828. break; 
  1829. case 'select' : 
  1830. $r .= "\n<div>\n"; 
  1831. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label select" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>'. __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1832. $r .= "\t<select name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' class='select' " . ( $field_required ? "required aria-required='true'" : "" ) . ">\n"; 
  1833. foreach ( $this->get_attribute( 'options' ) as $option ) { 
  1834. $option = Grunion_Contact_Form_Plugin::strip_tags( $option ); 
  1835. $r .= "\t\t<option" . selected( $option, $field_value, false ) . ">" . esc_html( $option ) . "</option>\n"; 
  1836. $r .= "\t</select>\n"; 
  1837. $r .= "\t</div>\n"; 
  1838. break; 
  1839. case 'date' : 
  1840. $r .= "\n<div>\n"; 
  1841. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1842. $r .= "\t\t<input type='date' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1843. $r .= "\t</div>\n"; 
  1844.  
  1845. wp_enqueue_script( 'grunion-frontend', plugins_url( 'js/grunion-frontend.js', __FILE__ ), array( 'jquery', 'jquery-ui-datepicker' ) ); 
  1846. break; 
  1847. default : // text field 
  1848. // note that any unknown types will produce a text input, so we can use arbitrary type names to handle 
  1849. // input fields like name, email, url that require special validation or handling at POST 
  1850. $r .= "\n<div>\n"; 
  1851. $r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . __( "(required)", 'jetpack' ) . '</span>' : '' ) . "</label>\n"; 
  1852. $r .= "\t\t<input type='text' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n"; 
  1853. $r .= "\t</div>\n"; 
  1854.  
  1855. /** 
  1856. * Filter the HTML of the Contact Form. 
  1857. * 
  1858. * @module contact-form 
  1859. * 
  1860. * @since 2.6.0 
  1861. * 
  1862. * @param string $r Contact Form HTML output. 
  1863. * @param string $field_label Field label. 
  1864. * @param int|null $id Post ID. 
  1865. */ 
  1866. return apply_filters( 'grunion_contact_form_field_html', $r, $field_label, ( in_the_loop() ? get_the_ID() : null ) ); 
  1867.  
  1868. add_action( 'init', array( 'Grunion_Contact_Form_Plugin', 'init' ) ); 
  1869.  
  1870. add_action( 'grunion_scheduled_delete', 'grunion_delete_old_spam' ); 
  1871.  
  1872. /** 
  1873. * Deletes old spam feedbacks to keep the posts table size under control 
  1874. */ 
  1875. function grunion_delete_old_spam() { 
  1876. global $wpdb; 
  1877.  
  1878. $grunion_delete_limit = 100; 
  1879.  
  1880. $now_gmt = current_time( 'mysql', 1 ); 
  1881. $sql = $wpdb->prepare( " 
  1882. SELECT `ID` 
  1883. FROM $wpdb->posts 
  1884. WHERE DATE_SUB( %s, INTERVAL 15 DAY ) > `post_date_gmt` 
  1885. AND `post_type` = 'feedback' 
  1886. AND `post_status` = 'spam' 
  1887. LIMIT %d 
  1888. ", $now_gmt, $grunion_delete_limit ); 
  1889. $post_ids = $wpdb->get_col( $sql ); 
  1890.  
  1891. foreach ( (array) $post_ids as $post_id ) { 
  1892. # force a full delete, skip the trash 
  1893. wp_delete_post( $post_id, TRUE ); 
  1894.  
  1895. # Arbitrary check points for running OPTIMIZE 
  1896. # nothing special about 5000 or 11 
  1897. # just trying to periodically recover deleted rows 
  1898. $random_num = mt_rand( 1, 5000 ); 
  1899. if ( 
  1900. /** 
  1901. * Filter how often the module run OPTIMIZE TABLE on the core WP tables. 
  1902. * 
  1903. * @module contact-form 
  1904. * 
  1905. * @since 1.3.1 
  1906. * 
  1907. * @param int $random_num Random number. 
  1908. */ 
  1909. apply_filters( 'grunion_optimize_table', ( $random_num == 11 ) ) 
  1910. ) { 
  1911. $wpdb->query( "OPTIMIZE TABLE $wpdb->posts" ); 
  1912.  
  1913. # if we hit the max then schedule another run 
  1914. if ( count( $post_ids ) >= $grunion_delete_limit ) { 
  1915. wp_schedule_single_event( time() + 700, 'grunion_scheduled_delete' ); 
.