芝麻web文件管理V1.00
编辑当前文件:/home/royashxg/public_html/wp-content/plugins/metform/base/shortcode.php
enqueue_form_assets(); if( isset($atts['form_id']) ){ $atts['form_id'] = absint(sanitize_text_field($atts['form_id'])); } $attributes = shortcode_atts(array( 'form_id' => 'test', ), $atts); return '
' . \MetForm\Utils\Util::render_form_content($attributes['form_id'], $attributes['form_id']) . '
'; } public function render_thank_you_page($atts) { if($GLOBALS['pagenow'] == 'post.php'){ return; } global $post; $this->enqueue_form_assets(); $a = shortcode_atts(array( 'fname' => '', 'lname' => '', ), $atts); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $postMeta = get_post_meta( $post_id, 'metform_entries__form_data', true ); $first_name = !empty($postMeta[$a['fname']]) ? $postMeta[$a['fname']] : ''; $payment_status = get_post_meta( $post_id, 'metform_entries__payment_status', true ); $tnx_id = get_post_meta( $post_id, 'metform_entries__payment_trans', true ); $msg = ''; if ($payment_status == 'paid') { $msg = $first_name . esc_html__(' Thank you for your payment.', 'metform'). '
' . esc_html__(' Your transcation ID : ', 'metform' ). $tnx_id; } else { $msg = esc_html__('Thank you . Your payment status : ', 'metform') . $payment_status; } return $msg; } public function render_mf_field($atts){ $this->enqueue_form_assets(); $a = shortcode_atts(array( 'field' => '' ),$atts); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $field = get_post_meta( $post_id, 'metform_entries__form_data', true ); if(!is_array($field)){ return esc_html__("No entry found.", 'metform')."
"; // br added if one page have multiple shortcode which is not available } if(!key_exists($a['field'], $field)){ return $a['field'] . esc_html__("No entry found.", 'metform').'
'; } $field = get_post_meta($post_id, 'metform_entries__form_data',true) [$a['field']]; return is_array($field) ? map_deep(implode(" , ",$field), 'esc_html') : esc_html($field); } public function render_first_name($atts) { $this->enqueue_form_assets(); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $first_name = get_post_meta( $post_id, 'metform_entries__form_data', true )['mf-listing-fname']; return esc_html($first_name); } public function render_last_name($atts) { $this->enqueue_form_assets(); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $last_name = get_post_meta( $post_id, 'metform_entries__form_data', true )['mf-listing-lname']; return esc_html($last_name); } public function render_payment_status($atts) { $this->enqueue_form_assets(); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $payment_status = get_post_meta( $post_id, 'metform_entries__payment_status', true ); return $payment_status; } public function render_transaction_id($atts) { $this->enqueue_form_assets(); //phpcs:ignore WordPress.Security.NonceVerification -- Nonce can't be added, Its a callback function of 'add_shortcode' $post_id = isset($_GET['id']) ? sanitize_text_field(wp_unslash($_GET['id'])) : ''; // ##check transient id and session hashed token if(empty($post_id)){ return ; } $token_str = $post_id.get_current_user_id(); $access_status_check = $this->transient_and_session_checker($token_str, $post_id); if(!$access_status_check){ return; // return nothing or below invalid access // return "invalid access"; } $tnx_id = get_post_meta( $post_id, 'metform_entries__payment_trans', true ); return $tnx_id; } public function transient_and_session_checker($token_str, $post_id) { $has_transient_mf_entry_id = get_transient( 'transient_mf_form_data_entry_id_'.$post_id ); $status = true; // if transient expire return false if(empty($has_transient_mf_entry_id)){ $status = false; } // if transient mismatche return false if( $has_transient_mf_entry_id != $post_id ){ $status = false; } // if token empty return false if(!isset($_COOKIE['bWYtY29va2ll'])) { $status = false; } // token not matched return false if((isset($_COOKIE['bWYtY29va2ll']) && !password_verify($token_str, sanitize_text_field(wp_unslash($_COOKIE['bWYtY29va2ll']))))) { $status = false; } return $status; } }