Completed
Push — remove/wp-admin-publicize-conn... ( d708bd...e84ae6 )
by
unknown
64:00 queued 52:22
created

Grunion_Contact_Form_Field::validate()   D

Complexity

Conditions 9
Paths 19

Size

Total Lines 40
Code Lines 25

Duplication

Lines 0
Ratio 0 %
Metric Value
dl 0
loc 40
rs 4.9091
cc 9
eloc 25
nc 19
nop 0
1
<?php
2
3
/*
4
Plugin Name: Grunion Contact Form
5
Description: Add a contact form to any post, page or text widget.  Emails will be sent to the post's author by default, or any email address you choose.  As seen on WordPress.com.
6
Plugin URI: http://automattic.com/#
7
AUthor: Automattic, Inc.
8
Author URI: http://automattic.com/
9
Version: 2.4
10
License: GPLv2 or later
11
*/
12
13
define( 'GRUNION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
14
define( 'GRUNION_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
15
16
if ( is_admin() )
17
	require_once GRUNION_PLUGIN_DIR . '/admin.php';
18
19
/**
20
 * Sets up various actions, filters, post types, post statuses, shortcodes.
21
 */
22
class Grunion_Contact_Form_Plugin {
23
24
	/**
25
	 * @var string The Widget ID of the widget currently being processed.  Used to build the unique contact-form ID for forms embedded in widgets.
26
	 */
27
	public $current_widget_id;
28
29
	static $using_contact_form_field = false;
0 ignored issues
show
Coding Style introduced by
The visibility should be declared for property $using_contact_form_field.

The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using

class A {
    var $property;
}

the property is implicitly global.

To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.

Loading history...
30
31
	static function init() {
32
		static $instance = false;
33
34
		if ( !$instance ) {
35
			$instance = new Grunion_Contact_Form_Plugin;
36
		}
37
38
		return $instance;
39
	}
40
41
	/**
42
	 * Strips HTML tags from input.  Output is NOT HTML safe.
43
	 *
44
	 * @param mixed $data_with_tags
45
	 * @return mixed
46
	 */
47
	public static function strip_tags( $data_with_tags ) {
48
		if ( is_array( $data_with_tags ) ) {
49
			foreach ( $data_with_tags as $index => $value ) {
50
				$index = sanitize_text_field( strval( $index ) );
51
				$value = wp_kses( strval( $value ), array() );
52
				$value = str_replace( '&amp;', '&', $value ); // undo damage done by wp_kses_normalize_entities()
53
54
				$data_without_tags[ $index ] = $value;
0 ignored issues
show
Coding Style Comprehensibility introduced by
$data_without_tags was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data_without_tags = array(); before regardless.

Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code.

Let’s take a look at an example:

foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}

As you can see in this example, the array $myArray is initialized the first time when the foreach loop is entered. You can also see that the value of the bar key is only written conditionally; thus, its value might result from a previous iteration.

This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.

Loading history...
55
			}
56
		} else {
57
			$data_without_tags = wp_kses( $data_with_tags, array() );
58
			$data_without_tags = str_replace( '&amp;', '&', $data_without_tags ); // undo damage done by wp_kses_normalize_entities()
59
		}
60
61
		return $data_without_tags;
0 ignored issues
show
Bug introduced by
The variable $data_without_tags does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
62
	}
63
64
	function __construct() {
65
		$this->add_shortcode();
66
67
		// While generating the output of a text widget with a contact-form shortcode, we need to know its widget ID.
68
		add_action( 'dynamic_sidebar', array( $this, 'track_current_widget' ) );
69
70
		// Add a "widget" shortcode attribute to all contact-form shortcodes embedded in widgets
71
		add_filter( 'widget_text', array( $this, 'widget_atts' ), 0 );
72
73
		// If Text Widgets don't get shortcode processed, hack ours into place.
74
		if ( !has_filter( 'widget_text', 'do_shortcode' ) )
75
			add_filter( 'widget_text', array( $this, 'widget_shortcode_hack' ), 5 );
76
77
		// Akismet to the rescue
78
		if ( defined( 'AKISMET_VERSION' ) || function_exists( 'akismet_http_post' ) ) {
79
			add_filter( 'jetpack_contact_form_is_spam', array( $this, 'is_spam_akismet' ), 10, 2 );
80
			add_action( 'contact_form_akismet', array( $this, 'akismet_submit' ), 10, 2 );
81
		}
82
83
		add_action( 'loop_start', array( 'Grunion_Contact_Form', '_style_on' ) );
84
85
		add_action( 'wp_ajax_grunion-contact-form', array( $this, 'ajax_request' ) );
86
		add_action( 'wp_ajax_nopriv_grunion-contact-form', array( $this, 'ajax_request' ) );
87
88
		// Export to CSV feature
89
		if ( is_admin() ) {
90
			add_action( 'admin_init',            array( $this, 'download_feedback_as_csv' ) );
91
			add_action( 'admin_footer-edit.php', array( $this, 'export_form' ) );
92
		}
93
94
		// custom post type we'll use to keep copies of the feedback items
95
		register_post_type( 'feedback', array(
96
			'labels'            => array(
97
				'name'               => __( 'Feedback', 'jetpack' ),
98
				'singular_name'      => __( 'Feedback', 'jetpack' ),
99
				'search_items'       => __( 'Search Feedback', 'jetpack' ),
100
				'not_found'          => __( 'No feedback found', 'jetpack' ),
101
				'not_found_in_trash' => __( 'No feedback found', 'jetpack' )
102
			),
103
			'menu_icon'         => GRUNION_PLUGIN_URL . '/images/grunion-menu.png',
104
			'show_ui'           => TRUE,
105
			'show_in_admin_bar' => FALSE,
106
			'public'            => FALSE,
107
			'rewrite'           => FALSE,
108
			'query_var'         => FALSE,
109
			'capability_type'   => 'page',
110
			'capabilities'		=> array(
111
				'create_posts'        => false,
112
				'publish_posts'       => 'publish_pages',
113
				'edit_posts'          => 'edit_pages',
114
				'edit_others_posts'   => 'edit_others_pages',
115
				'delete_posts'        => 'delete_pages',
116
				'delete_others_posts' => 'delete_others_pages',
117
				'read_private_posts'  => 'read_private_pages',
118
				'edit_post'           => 'edit_page',
119
				'delete_post'         => 'delete_page',
120
				'read_post'           => 'read_page',
121
			),
122
			'map_meta_cap'		=> true,
123
		) );
124
125
		// Add to REST API post type whitelist
126
		add_filter( 'rest_api_allowed_post_types', array( $this, 'allow_feedback_rest_api_type' ) );
127
128
		// Add "spam" as a post status
129
		register_post_status( 'spam', array(
130
			'label'                  => 'Spam',
131
			'public'                 => FALSE,
132
			'exclude_from_search'    => TRUE,
133
			'show_in_admin_all_list' => FALSE,
134
			'label_count'            => _n_noop( 'Spam <span class="count">(%s)</span>', 'Spam <span class="count">(%s)</span>', 'jetpack' ),
135
			'protected'              => TRUE,
136
			'_builtin'               => FALSE
137
		) );
138
139
		// POST handler
140
		if (
141
			isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] )
142
		&&
143
			isset( $_POST['action'] ) && 'grunion-contact-form' == $_POST['action']
144
		&&
145
			isset( $_POST['contact-form-id'] )
146
		) {
147
			add_action( 'template_redirect', array( $this, 'process_form_submission' ) );
148
		}
149
150
		/* Can be dequeued by placing the following in wp-content/themes/yourtheme/functions.php
151
		 *
152
		 * 	function remove_grunion_style() {
153
		 *		wp_deregister_style('grunion.css');
154
		 *	}
155
		 *	add_action('wp_print_styles', 'remove_grunion_style');
156
		 */
157
		if( is_rtl() ){
158
			wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/rtl/grunion-rtl.css', array(), JETPACK__VERSION );
159
		} else {
160
			wp_register_style( 'grunion.css', GRUNION_PLUGIN_URL . 'css/grunion.css', array(), JETPACK__VERSION );
161
		}
162
	}
163
164
	/**
165
	 * Add to REST API post type whitelist
166
	 */
167
	function allow_feedback_rest_api_type( $post_types ) {
168
		$post_types[] = 'feedback';
169
		return $post_types;
170
	}
171
172
	/**
173
	 * Handles all contact-form POST submissions
174
	 *
175
	 * Conditionally attached to `template_redirect`
176
	 */
177
	function process_form_submission() {
178
		// Add a filter to replace tokens in the subject field with sanitized field values
179
		add_filter( 'contact_form_subject', array( $this, 'replace_tokens_with_input' ), 10, 2 );
180
181
		$id = stripslashes( $_POST['contact-form-id'] );
182
183
		if ( is_user_logged_in() ) {
184
			check_admin_referer( "contact-form_{$id}" );
185
		}
186
187
		$is_widget = 0 === strpos( $id, 'widget-' );
188
189
		$form = false;
0 ignored issues
show
Unused Code introduced by
$form is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
190
191
		if ( $is_widget ) {
192
			// It's a form embedded in a text widget
193
194
			$this->current_widget_id = substr( $id, 7 ); // remove "widget-"
195
			$widget_type = implode( '-', array_slice( explode( '-', $this->current_widget_id ), 0, -1 ) ); // Remove trailing -#
196
197
			// Is the widget active?
198
			$sidebar = is_active_widget( false, $this->current_widget_id, $widget_type );
199
200
			// This is lame - no core API for getting a widget by ID
201
			$widget = isset( $GLOBALS['wp_registered_widgets'][$this->current_widget_id] ) ? $GLOBALS['wp_registered_widgets'][$this->current_widget_id] : false;
202
203
			if ( $sidebar && $widget && isset( $widget['callback'] ) ) {
204
				// This is lamer - no API for outputting a given widget by ID
205
				ob_start();
206
				// Process the widget to populate Grunion_Contact_Form::$last
207
				call_user_func( $widget['callback'], array(), $widget['params'][0] );
208
				ob_end_clean();
209
			}
210
		} else {
211
			// It's a form embedded in a post
212
213
			$post = get_post( $id );
214
215
			// Process the content to populate Grunion_Contact_Form::$last
216
			/** This filter is already documented in core. wp-includes/post-template.php */
217
			apply_filters( 'the_content', $post->post_content );
218
		}
219
220
		$form = Grunion_Contact_Form::$last;
0 ignored issues
show
Bug introduced by
The property last cannot be accessed from this context as it is declared private in class Grunion_Contact_Form.

This check looks for access to properties that are not accessible from the current context.

If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class.

Loading history...
221
222
		// No form may mean user is using do_shortcode, grab the form using the stored post meta
223
		if ( ! $form ) {
224
225
			// Get shortcode from post meta
226
			$shortcode = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode', true );
227
228
			// Format it
229
			if ( $shortcode != '' ) {
230
				$shortcode = '[contact-form]' . $shortcode . '[/contact-form]';
231
				do_shortcode( $shortcode );
232
233
				// Recreate form
234
				$form = Grunion_Contact_Form::$last;
0 ignored issues
show
Bug introduced by
The property last cannot be accessed from this context as it is declared private in class Grunion_Contact_Form.

This check looks for access to properties that are not accessible from the current context.

If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class.

Loading history...
235
			}
236
237
			if ( ! $form ) {
238
				return false;
239
			}
240
		}
241
242
		if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() )
243
			return $form->errors;
244
245
		// Process the form
246
		return $form->process_submission();
247
	}
248
249
	function ajax_request() {
250
		$submission_result = self::process_form_submission();
251
252
		if ( ! $submission_result ) {
253
			header( "HTTP/1.1 500 Server Error", 500, true );
254
			echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">';
255
			esc_html_e( 'An error occurred. Please try again later.', 'jetpack' );
256
			echo '</li></ul></div>';
257
		} elseif ( is_wp_error( $submission_result ) ) {
258
			header( "HTTP/1.1 400 Bad Request", 403, true );
259
			echo '<div class="form-error"><ul class="form-errors"><li class="form-error-message">';
260
			echo esc_html( $submission_result->get_error_message() );
261
			echo '</li></ul></div>';
262
		} else {
263
			echo '<h3>' . esc_html__( 'Message Sent', 'jetpack' ) . '</h3>' . $submission_result;
264
		}
265
266
		die;
0 ignored issues
show
Coding Style Compatibility introduced by
The method ajax_request() contains an exit expression.

An exit expression should only be used in rare cases. For example, if you write a short command line script.

In most cases however, using an exit expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage.

Loading history...
267
	}
268
269
	/**
270
	 * Ensure the post author is always zero for contact-form feedbacks
271
	 * Attached to `wp_insert_post_data`
272
	 *
273
	 * @see Grunion_Contact_Form::process_submission()
274
	 *
275
	 * @param array $data the data to insert
276
	 * @param array $postarr the data sent to wp_insert_post()
277
	 * @return array The filtered $data to insert
278
	 */
279
	function insert_feedback_filter( $data, $postarr ) {
280
		if ( $data['post_type'] == 'feedback' && $postarr['post_type'] == 'feedback' ) {
281
			$data['post_author'] = 0;
282
		}
283
284
		return $data;
285
	}
286
	/*
287
	 * Adds our contact-form shortcode
288
	 * The "child" contact-field shortcode is enabled as needed by the contact-form shortcode handler
289
	 */
290
	function add_shortcode() {
291
		add_shortcode( 'contact-form',         array( 'Grunion_Contact_Form', 'parse' ) );
292
		add_shortcode( 'contact-field',        array( 'Grunion_Contact_Form', 'parse_contact_field' ) );
293
	}
294
295
	static function tokenize_label( $label ) {
296
		return '{' . trim( preg_replace( '#^\d+_#', '', $label ) ) . '}';
297
	}
298
299
	static function sanitize_value( $value ) {
300
		return preg_replace( '=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value );
301
	}
302
303
	/**
304
	 * Replaces tokens like {city} or {City} (case insensitive) with the value
305
	 * of an input field of that name
306
	 *
307
	 * @param string $subject
308
	 * @param array $field_values Array with field label => field value associations
309
	 *
310
	 * @return string The filtered $subject with the tokens replaced
311
	 */
312
	function replace_tokens_with_input( $subject, $field_values ) {
313
		// Wrap labels into tokens (inside {})
314
		$wrapped_labels = array_map( array( 'Grunion_Contact_Form_Plugin', 'tokenize_label' ), array_keys( $field_values ) );
315
		// Sanitize all values
316
		$sanitized_values = array_map( array( 'Grunion_Contact_Form_Plugin', 'sanitize_value' ), array_values( $field_values ) );
317
318
		foreach ( $sanitized_values as $k => $sanitized_value ) {
319
			if ( is_array( $sanitized_value ) ) {
320
				$sanitized_values[ $k ] = implode( ', ', $sanitized_value );
321
			}
322
		}
323
324
		// Search for all valid tokens (based on existing fields) and replace with the field's value
325
		$subject = str_ireplace( $wrapped_labels, $sanitized_values, $subject );
326
		return $subject;
327
	}
328
329
	/**
330
	 * Tracks the widget currently being processed.
331
	 * Attached to `dynamic_sidebar`
332
	 *
333
	 * @see $current_widget_id
334
	 *
335
	 * @param array $widget The widget data
336
	 */
337
	function track_current_widget( $widget ) {
338
		$this->current_widget_id = $widget['id'];
339
	}
340
341
	/**
342
	 * Adds a "widget" attribute to every contact-form embedded in a text widget.
343
	 * Used to tell the difference between post-embedded contact-forms and widget-embedded contact-forms
344
	 * Attached to `widget_text`
345
	 *
346
	 * @param string $text The widget text
347
	 * @return string The filtered widget text
348
	 */
349
	function widget_atts( $text ) {
350
		Grunion_Contact_Form::style( true );
351
352
		return preg_replace( '/\[contact-form([^a-zA-Z_-])/', '[contact-form widget="' . $this->current_widget_id . '"\\1', $text );
353
	}
354
355
	/**
356
	 * For sites where text widgets are not processed for shortcodes, we add this hack to process just our shortcode
357
	 * Attached to `widget_text`
358
	 *
359
	 * @param string $text The widget text
360
	 * @return string The contact-form filtered widget text
361
	 */
362
	function widget_shortcode_hack( $text ) {
363
		if ( !preg_match( '/\[contact-form([^a-zA-Z_-])/', $text ) ) {
364
			return $text;
365
		}
366
367
		$old = $GLOBALS['shortcode_tags'];
368
		remove_all_shortcodes();
369
		Grunion_Contact_Form_Plugin::$using_contact_form_field = true;
370
		$this->add_shortcode();
371
372
		$text = do_shortcode( $text );
373
374
		Grunion_Contact_Form_Plugin::$using_contact_form_field = false;
375
		$GLOBALS['shortcode_tags'] = $old;
376
377
		return $text;
378
	}
379
380
	/**
381
	 * Populate an array with all values necessary to submit a NEW contact-form feedback to Akismet.
382
	 * Note that this includes the current user_ip etc, so this should only be called when accepting a new item via $_POST
383
	 *
384
	 * @param array $form Contact form feedback array
385
	 * @return array feedback array with additional data ready for submission to Akismet
386
	 */
387
	function prepare_for_akismet( $form ) {
388
		$form['comment_type'] = 'contact_form';
389
		$form['user_ip']      = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] );
390
		$form['user_agent']   = $_SERVER['HTTP_USER_AGENT'];
391
		$form['referrer']     = $_SERVER['HTTP_REFERER'];
392
		$form['blog']         = get_option( 'home' );
393
394
		$ignore = array( 'HTTP_COOKIE' );
395
396
		foreach ( $_SERVER as $k => $value )
397
			if ( !in_array( $k, $ignore ) && is_string( $value ) )
398
				$form["$k"] = $value;
399
400
		return $form;
401
	}
402
403
	/**
404
	 * Submit contact-form data to Akismet to check for spam.
405
	 * If you're accepting a new item via $_POST, run it Grunion_Contact_Form_Plugin::prepare_for_akismet() first
406
	 * Attached to `jetpack_contact_form_is_spam`
407
	 *
408
	 * @param bool $is_spam
409
	 * @param array $form
410
	 * @return bool|WP_Error TRUE => spam, FALSE => not spam, WP_Error => stop processing entirely
411
	 */
412
	function is_spam_akismet( $is_spam, $form = array() ) {
413
		global $akismet_api_host, $akismet_api_port;
414
415
		// The signature of this function changed from accepting just $form.
416
		// If something only sends an array, assume it's still using the old
417
		// signature and work around it.
418
		if ( empty( $form ) && is_array( $is_spam ) ) {
419
			$form = $is_spam;
420
			$is_spam = false;
421
		}
422
423
		// If a previous filter has alrady marked this as spam, trust that and move on.
424
		if ( $is_spam ) {
425
			return $is_spam;
426
		}
427
428
		if ( !function_exists( 'akismet_http_post' ) && !defined( 'AKISMET_VERSION' ) )
429
			return false;
430
431
		$query_string = http_build_query( $form );
432
433
		if ( method_exists( 'Akismet', 'http_post' ) ) {
434
			$response = Akismet::http_post( $query_string, 'comment-check' );
435
		} else {
436
			$response = akismet_http_post( $query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port );
437
		}
438
439
		$result = false;
440
441
		if ( isset( $response[0]['x-akismet-pro-tip'] ) && 'discard' === trim( $response[0]['x-akismet-pro-tip'] ) && get_option( 'akismet_strictness' ) === '1' )
442
			$result = new WP_Error( 'feedback-discarded', __('Feedback discarded.', 'jetpack' ) );
443
		elseif ( isset( $response[1] ) && 'true' == trim( $response[1] ) ) // 'true' is spam
444
			$result = true;
445
446
		/**
447
		 * Filter the results returned by Akismet for each submitted contact form.
448
		 *
449
		 * @module contact-form
450
		 *
451
		 * @since 1.3.1
452
		 *
453
		 * @param WP_Error|bool $result Is the submitted feedback spam.
454
		 * @param array|bool $form Submitted feedback.
455
		 */
456
		return apply_filters( 'contact_form_is_spam_akismet', $result, $form );
457
	}
458
459
	/**
460
	 * Submit a feedback as either spam or ham
461
	 *
462
	 * @param string $as Either 'spam' or 'ham'.
463
	 * @param array $form the contact-form data
464
	 */
465
	function akismet_submit( $as, $form ) {
466
		global $akismet_api_host, $akismet_api_port;
467
468
		if ( !in_array( $as, array( 'ham', 'spam' ) ) )
469
			return false;
470
471
		$query_string = '';
472
		if ( is_array( $form ) )
473
			$query_string = http_build_query( $form );
474
		if ( method_exists( 'Akismet', 'http_post' ) ) {
475
		    $response = Akismet::http_post( $query_string, "submit-{$as}" );
476
		} else {
477
		    $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port );
478
		}
479
480
		return trim( $response[1] );
481
	}
482
483
	/**
484
	 * Prints the menu
485
	 */
486
	function export_form() {
487
		if ( get_current_screen()->id != 'edit-feedback' )
488
			return;
489
490
		if ( ! current_user_can( 'export' ) ) {
491
			return;
492
		}
493
494
		// if there aren't any feedbacks, bail out
495
		if ( ! (int) wp_count_posts( 'feedback' )->publish )
496
			return;
497
		?>
498
499
		<div id="feedback-export" style="display:none">
500
			<h2><?php _e( 'Export feedback as CSV', 'jetpack' ) ?></h2>
501
			<div class="clear"></div>
502
			<form action="<?php echo admin_url( 'admin-post.php' ); ?>" method="post" class="form">
503
				<?php wp_nonce_field( 'feedback_export','feedback_export_nonce' ); ?>
504
505
				<input name="action" value="feedback_export" type="hidden">
506
				<label for="post"><?php _e( 'Select feedback to download', 'jetpack' ) ?></label>
507
				<select name="post">
508
					<option value="all"><?php esc_html_e( 'All posts', 'jetpack' ) ?></option>
509
					<?php echo $this->get_feedbacks_as_options() ?>
510
				</select>
511
512
				<br><br>
513
				<input type="submit" name="submit" id="submit" class="button button-primary" value="<?php esc_html_e( 'Download', 'jetpack' ); ?>">
514
			</form>
515
		</div>
516
517
		<?php
518
		// There aren't any usable actions in core to output the "export feedback" form in the correct place,
519
		// so this inline JS moves it from the top of the page to the bottom.
520
		?>
521
		<script type='text/javascript'>
522
		var menu = document.getElementById( 'feedback-export' ),
523
		wrapper = document.getElementsByClassName( 'wrap' )[0];
524
		wrapper.appendChild(menu);
525
		menu.style.display = 'block';
526
		</script>
527
		<?php
528
	}
529
530
	/**
531
	 * download as a csv a contact form or all of them in a csv file
532
	 */
533
	function download_feedback_as_csv() {
534
		if ( empty( $_POST['feedback_export_nonce'] ) )
535
			return;
536
537
		check_admin_referer( 'feedback_export', 'feedback_export_nonce' );
538
539
		if ( ! current_user_can( 'export' ) ) {
540
			return;
541
		}
542
543
		$args = array(
544
			'posts_per_page'   => -1,
545
			'post_type'        => 'feedback',
546
			'post_status'      => 'publish',
547
			'order'            => 'ASC',
548
			'fields'           => 'ids',
549
			'suppress_filters' => false,
550
		);
551
552
		$filename = date( "Y-m-d" ) . '-feedback-export.csv';
553
554
		// Check if we want to download all the feedbacks or just a certain contact form
555
		if ( ! empty( $_POST['post'] ) && $_POST['post'] !== 'all' ) {
556
			$args['post_parent'] = (int) $_POST['post'];
557
			$filename            = date( "Y-m-d" ) . '-' . str_replace( '&nbsp;', '-', get_the_title( (int) $_POST['post'] ) ) . '.csv';
558
		}
559
560
		$feedbacks = get_posts( $args );
561
		$filename  = sanitize_file_name( $filename );
562
		$fields    = $this->get_field_names( $feedbacks );
563
564
		array_unshift( $fields, __( 'Contact Form', 'jetpack' ) );
565
566
		if ( empty( $feedbacks ) )
567
			return;
568
569
		// Forces the download of the CSV instead of echoing
570
		header( 'Content-Disposition: attachment; filename=' . $filename );
571
		header( 'Pragma: no-cache' );
572
		header( 'Expires: 0' );
573
		header( 'Content-Type: text/csv; charset=utf-8' );
574
575
		$output = fopen( 'php://output', 'w' );
576
577
		// Prints the header
578
		fputcsv( $output, $fields );
579
580
		// Create the csv string from the array of post ids
581
		foreach ( $feedbacks as $feedback ) {
582
			fputcsv( $output, self::make_csv_row_from_feedback( $feedback, $fields ) );
583
		}
584
585
		fclose( $output );
586
	}
587
588
	/**
589
	 * Returns a string of HTML <option> items from an array of posts
590
	 *
591
	 * @return string a string of HTML <option> items
592
	 */
593
	protected function get_feedbacks_as_options() {
594
		$options = '';
595
596
		// Get the feedbacks' parents' post IDs
597
		$feedbacks = get_posts( array(
598
			'fields'           => 'id=>parent',
599
			'posts_per_page'   => 100000,
600
			'post_type'        => 'feedback',
601
			'post_status'      => 'publish',
602
			'suppress_filters' => false,
603
		) );
604
		$parents = array_unique( array_values( $feedbacks ) );
605
606
		$posts = get_posts( array(
607
			'orderby'          => 'ID',
608
			'posts_per_page'   => 1000,
609
			'post_type'        => 'any',
610
			'post__in'         => array_values( $parents ),
611
			'suppress_filters' => false,
612
		) );
613
614
		// creates the string of <option> elements
615
		foreach ( $posts as $post ) {
616
			$options .= sprintf( '<option value="%s">%s</option>', esc_attr( $post->ID ), esc_html( $post->post_title ) );
617
		}
618
619
		return $options;
620
	}
621
622
	/**
623
	 * Get the names of all the form's fields
624
	 *
625
	 * @param  array|int $posts the post we want the fields of
626
	 * @return array     the array of fields
627
	 */
628
	protected function get_field_names( $posts ) {
629
		$posts = (array) $posts;
630
		$all_fields = array();
631
632
		foreach ( $posts as $post ){
633
			$fields = self::parse_fields_from_content( $post );
634
635
			if ( isset( $fields['_feedback_all_fields'] ) ) {
636
				$extra_fields = array_keys( $fields['_feedback_all_fields'] );
637
				$all_fields = array_merge( $all_fields, $extra_fields );
638
			}
639
		}
640
641
		$all_fields = array_unique( $all_fields );
642
		return $all_fields;
643
	}
644
645
	public static function parse_fields_from_content( $post_id ) {
646
		static $post_fields;
647
648
		if ( !is_array( $post_fields ) )
649
			$post_fields = array();
650
651
		if ( isset( $post_fields[$post_id] ) )
652
			return $post_fields[$post_id];
653
654
		$all_values   = array();
655
		$post_content = get_post_field( 'post_content', $post_id );
656
		$content      = explode( '<!--more-->', $post_content );
657
		$lines        = array();
658
659
		if ( count( $content ) > 1 ) {
660
			$content  = str_ireplace( array( '<br />', ')</p>' ), '', $content[1] );
661
			$one_line = preg_replace( '/\s+/', ' ', $content );
662
			$one_line = preg_replace( '/.*Array \( (.*)\)/', '$1', $one_line );
663
664
			preg_match_all( '/\[([^\]]+)\] =\&gt\; ([^\[]+)/', $one_line, $matches );
665
666
			if ( count( $matches ) > 1 )
667
				$all_values = array_combine( array_map('trim', $matches[1]), array_map('trim', $matches[2]) );
668
669
			$lines = array_filter( explode( "\n", $content ) );
670
		}
671
672
		$var_map = array(
673
			'AUTHOR'       => '_feedback_author',
674
			'AUTHOR EMAIL' => '_feedback_author_email',
675
			'AUTHOR URL'   => '_feedback_author_url',
676
			'SUBJECT'      => '_feedback_subject',
677
			'IP'           => '_feedback_ip'
678
		);
679
680
		$fields = array();
681
682
		foreach( $lines as $line ) {
683
			$vars = explode( ': ', $line, 2 );
684
			if ( !empty( $vars ) ) {
685
				if ( isset( $var_map[$vars[0]] ) ) {
686
					$fields[$var_map[$vars[0]]] = self::strip_tags( trim( $vars[1] ) );
687
				}
688
			}
689
		}
690
691
		$fields['_feedback_all_fields'] = $all_values;
692
693
		$post_fields[$post_id] = $fields;
694
695
		return $fields;
696
	}
697
698
	/**
699
	 * Creates a valid csv row from a post id
700
	 *
701
	 * @param  int    $post_id The id of the post
702
	 * @param  array  $fields  An array containing the names of all the fields of the csv
703
	 * @return String The csv row
704
	 */
705
	protected static function make_csv_row_from_feedback( $post_id, $fields ) {
706
		$content_fields = self::parse_fields_from_content( $post_id );
707
		$all_fields     = array();
708
709
		if ( isset( $content_fields['_feedback_all_fields'] ) )
710
			$all_fields = $content_fields['_feedback_all_fields'];
711
712
		// Overwrite the parsed content with the content we stored in post_meta in a better format.
713
		$extra_fields   = get_post_meta( $post_id, '_feedback_extra_fields', true );
0 ignored issues
show
Coding Style introduced by
Equals sign not aligned correctly; expected 1 space but found 3 spaces

This check looks for improperly formatted assignments.

Every assignment must have exactly one space before and one space after the equals operator.

To illustrate:

$a = "a";
$ab = "ab";
$abc = "abc";

will have no issues, while

$a   = "a";
$ab  = "ab";
$abc = "abc";

will report issues in lines 1 and 2.

Loading history...
714
		foreach ( $extra_fields as $extra_field => $extra_value ) {
715
			$all_fields[$extra_field] = $extra_value;
716
		}
717
718
		// The first element in all of the exports will be the subject
719
		$row_items[] = $content_fields['_feedback_subject'];
0 ignored issues
show
Coding Style Comprehensibility introduced by
$row_items was never initialized. Although not strictly required by PHP, it is generally a good practice to add $row_items = array(); before regardless.

Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code.

Let’s take a look at an example:

foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}

As you can see in this example, the array $myArray is initialized the first time when the foreach loop is entered. You can also see that the value of the bar key is only written conditionally; thus, its value might result from a previous iteration.

This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.

Loading history...
720
721
		// Loop the fields array in order to fill the $row_items array correctly
722
		foreach ( $fields as $field ) {
723
			if ( $field === __( 'Contact Form', 'jetpack' ) ) // the first field will ever be the contact form, so we can continue
724
				continue;
725
			elseif ( array_key_exists( $field, $all_fields ) )
726
				$row_items[] = $all_fields[$field];
727
			else
728
				$row_items[] = '';
729
		}
730
731
		return $row_items;
732
	}
733
734
	public static function get_ip_address() {
735
		return isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null;
736
	}
737
}
738
739
/**
740
 * Generic shortcode class.
741
 * Does nothing other than store structured data and output the shortcode as a string
742
 *
743
 * Not very general - specific to Grunion.
744
 */
745
class Crunion_Contact_Form_Shortcode {
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class should be in its own file to aid autoloaders.

Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule.

Loading history...
746
	/**
747
	 * @var string the name of the shortcode: [$shortcode_name /]
748
 	 */
749
	public $shortcode_name;
750
751
	/**
752
	 * @var array key => value pairs for the shortcode's attributes: [$shortcode_name key="value" ... /]
753
	 */
754
	public $attributes;
755
756
	/**
757
	 * @var array key => value pair for attribute defaults
758
	 */
759
	public $defaults = array();
760
761
	/**
762
	 * @var null|string Null for selfclosing shortcodes.  Hhe inner content of otherwise: [$shortcode_name]$content[/$shortcode_name]
763
	 */
764
	public $content;
765
766
	/**
767
	 * @var array Associative array of inner "child" shortcodes equivalent to the $content: [$shortcode_name][child 1/][child 2/][/$shortcode_name]
768
	 */
769
	public $fields;
770
771
	/**
772
	 * @var null|string The HTML of the parsed inner "child" shortcodes".  Null for selfclosing shortcodes.
773
	 */
774
	public $body;
775
776
	/**
777
	 * @param array $attributes An associative array of shortcode attributes.  @see shortcode_atts()
778
	 * @param null|string $content Null for selfclosing shortcodes.  The inner content otherwise.
779
	 */
780
	function __construct( $attributes, $content = null ) {
781
		$this->attributes = $this->unesc_attr( $attributes );
0 ignored issues
show
Documentation Bug introduced by
It seems like $this->unesc_attr($attributes) of type * is incompatible with the declared type array of property $attributes.

Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.

Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..

Loading history...
782
		if ( is_array( $content ) ) {
783
			$string_content = '';
784
			foreach ( $content as $field ) {
785
				$string_content .= (string) $field;
786
			}
787
788
			$this->content = $string_content;
789
		} else {
790
			$this->content = $content;
791
		}
792
793
		$this->parse_content( $this->content );
794
	}
795
796
	/**
797
	 * Processes the shortcode's inner content for "child" shortcodes
798
	 *
799
	 * @param string $content The shortcode's inner content: [shortcode]$content[/shortcode]
800
	 */
801
	function parse_content( $content ) {
802
		if ( is_null( $content ) ) {
803
			$this->body = null;
804
		}
805
806
		$this->body = do_shortcode( $content );
807
	}
808
809
	/**
810
	 * Returns the value of the requested attribute.
811
	 *
812
	 * @param string $key The attribute to retrieve
813
	 * @return mixed
814
	 */
815
	function get_attribute( $key ) {
816
		return isset( $this->attributes[$key] ) ? $this->attributes[$key] : null;
817
	}
818
819
	function esc_attr( $value ) {
820
		if ( is_array( $value ) ) {
821
			return array_map( array( $this, 'esc_attr' ), $value );
822
		}
823
824
		$value = Grunion_Contact_Form_Plugin::strip_tags( $value );
825
		$value = _wp_specialchars( $value, ENT_QUOTES, false, true );
826
827
		// Shortcode attributes can't contain "]"
828
		$value = str_replace( ']', '', $value );
829
		$value = str_replace( ',', '&#x002c;', $value ); // store commas encoded
830
		$value = strtr( $value, array( '%' => '%25', '&' => '%26' ) );
831
832
		// shortcode_parse_atts() does stripcslashes()
0 ignored issues
show
Unused Code Comprehensibility introduced by
40% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
833
		$value = addslashes( $value );
834
		return $value;
835
	}
836
837
	function unesc_attr( $value ) {
838
		if ( is_array( $value ) ) {
839
			return array_map( array( $this, 'unesc_attr' ), $value );
840
		}
841
842
		// For back-compat with old Grunion encoding
843
		// Also, unencode commas
844
		$value = strtr( $value, array( '%26' => '&', '%25' => '%' ) );
845
		$value = preg_replace( array( '/&#x0*22;/i', '/&#x0*27;/i', '/&#x0*26;/i', '/&#x0*2c;/i' ), array( '"', "'", '&', ',' ), $value );
846
		$value = htmlspecialchars_decode( $value, ENT_QUOTES );
847
		$value = Grunion_Contact_Form_Plugin::strip_tags( $value );
848
849
		return $value;
850
	}
851
852
	/**
853
	 * Generates the shortcode
854
	 */
855
	function __toString() {
856
		$r = "[{$this->shortcode_name} ";
857
858
		foreach ( $this->attributes as $key => $value ) {
859
			if ( !$value ) {
860
				continue;
861
			}
862
863
			if ( isset( $this->defaults[$key] ) && $this->defaults[$key] == $value ) {
864
				continue;
865
			}
866
867
			if ( 'id' == $key ) {
868
				continue;
869
			}
870
871
			$value = $this->esc_attr( $value );
872
873
			if ( is_array( $value ) ) {
874
				$value = join( ',', $value );
875
			}
876
877
			if ( false === strpos( $value, "'" ) ) {
878
				$value = "'$value'";
879
			} elseif ( false === strpos( $value, '"' ) ) {
880
				$value = '"' . $value . '"';
881
			} else {
882
				// Shortcodes can't contain both '"' and "'".  Strip one.
883
				$value = str_replace( "'", '', $value );
884
				$value = "'$value'";
885
			}
886
887
			$r .= "{$key}={$value} ";
888
		}
889
890
		$r = rtrim( $r );
891
892
		if ( $this->fields ) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $this->fields of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
893
			$r .= ']';
894
895
			foreach ( $this->fields as $field ) {
896
				$r .= (string) $field;
897
			}
898
899
			$r .= "[/{$this->shortcode_name}]";
900
		} else {
901
			$r .= '/]';
902
		}
903
904
		return $r;
905
	}
906
}
907
908
/**
909
 * Class for the contact-form shortcode.
910
 * Parses shortcode to output the contact form as HTML
911
 * Sends email and stores the contact form response (a.k.a. "feedback")
912
 */
913
class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class should be in its own file to aid autoloaders.

Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule.

Loading history...
914
	public $shortcode_name = 'contact-form';
915
916
	/**
917
	 * @var WP_Error stores form submission errors
918
	 */
919
	public $errors;
920
921
	/**
922
	 * @var Grunion_Contact_Form The most recent (inclusive) contact-form shortcode processed
923
	 */
924
	static $last;
0 ignored issues
show
Coding Style introduced by
The visibility should be declared for property $last.

The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using

class A {
    var $property;
}

the property is implicitly global.

To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.

Loading history...
925
926
	/**
927
	 * @var Whatever form we are currently looking at. If processed, will become $last
928
	 */
929
	static $current_form;
0 ignored issues
show
Coding Style introduced by
The visibility should be declared for property $current_form.

The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using

class A {
    var $property;
}

the property is implicitly global.

To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.

Loading history...
930
931
	/**
932
	 * @var bool Whether to print the grunion.css style when processing the contact-form shortcode
933
	 */
934
	static $style = false;
0 ignored issues
show
Coding Style introduced by
The visibility should be declared for property $style.

The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using

class A {
    var $property;
}

the property is implicitly global.

To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.

Loading history...
935
936
	function __construct( $attributes, $content = null ) {
937
		global $post;
938
939
		// Set up the default subject and recipient for this form
940
		$default_to = '';
941
		$default_subject = "[" . get_option( 'blogname' ) . "]";
942
943
		if ( !empty( $attributes['widget'] ) && $attributes['widget'] ) {
944
			$default_to .= get_option( 'admin_email' );
945
			$attributes['id'] = 'widget-' . $attributes['widget'];
946
			$default_subject = sprintf( _x( '%1$s Sidebar', '%1$s = blog name', 'jetpack' ), $default_subject );
947
		} else if ( $post ) {
948
			$attributes['id'] = $post->ID;
949
			$default_subject = sprintf( _x( '%1$s %2$s', '%1$s = blog name, %2$s = post title', 'jetpack' ), $default_subject, Grunion_Contact_Form_Plugin::strip_tags( $post->post_title ) );
950
			$post_author = get_userdata( $post->post_author );
951
			$default_to .= $post_author->user_email;
952
		}
953
954
		// Keep reference to $this for parsing form fields
955
		self::$current_form = $this;
0 ignored issues
show
Documentation Bug introduced by
It seems like $this of type this<Grunion_Contact_Form> is incompatible with the declared type object<Whatever> of property $current_form.

Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.

Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..

Loading history...
956
957
		$this->defaults = array(
958
			'to'                 => $default_to,
959
			'subject'            => $default_subject,
960
			'show_subject'       => 'no', // only used in back-compat mode
961
			'widget'             => 0,    // Not exposed to the user. Works with Grunion_Contact_Form_Plugin::widget_atts()
962
			'id'                 => null, // Not exposed to the user. Set above.
963
			'submit_button_text' => __( 'Submit &#187;', 'jetpack' ),
964
		);
965
966
		$attributes = shortcode_atts( $this->defaults, $attributes, 'contact-form' );
967
968
		// We only enable the contact-field shortcode temporarily while processing the contact-form shortcode
969
		Grunion_Contact_Form_Plugin::$using_contact_form_field = true;
0 ignored issues
show
Bug introduced by
The property using_contact_form_field cannot be accessed from this context as it is declared private in class Grunion_Contact_Form_Plugin.

This check looks for access to properties that are not accessible from the current context.

If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class.

Loading history...
970
971
		parent::__construct( $attributes, $content );
972
973
		// There were no fields in the contact form. The form was probably just [contact-form /]. Build a default form.
974
		if ( empty( $this->fields ) ) {
975
			// same as the original Grunion v1 form
976
			$default_form = '
977
				[contact-field label="' . __( 'Name', 'jetpack' )    . '" type="name"  required="true" /]
978
				[contact-field label="' . __( 'Email', 'jetpack' )   . '" type="email" required="true" /]
979
				[contact-field label="' . __( 'Website', 'jetpack' ) . '" type="url" /]';
980
981
			if ( 'yes' == strtolower( $this->get_attribute( 'show_subject' ) ) ) {
982
				$default_form .= '
983
					[contact-field label="' . __( 'Subject', 'jetpack' ) . '" type="subject" /]';
984
			}
985
986
			$default_form .= '
987
				[contact-field label="' . __( 'Message', 'jetpack' ) . '" type="textarea" /]';
988
989
			$this->parse_content( $default_form );
990
991
			// Store the shortcode
992
			$this->store_shortcode( $default_form, $attributes );
993
		} else {
994
			// Store the shortcode
995
			$this->store_shortcode( $content, $attributes );
996
		}
997
998
		// $this->body and $this->fields have been setup.  We no longer need the contact-field shortcode.
999
		Grunion_Contact_Form_Plugin::$using_contact_form_field = false;
0 ignored issues
show
Bug introduced by
The property using_contact_form_field cannot be accessed from this context as it is declared private in class Grunion_Contact_Form_Plugin.

This check looks for access to properties that are not accessible from the current context.

If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class.

Loading history...
1000
	}
1001
1002
	/**
1003
	 * Store shortcode content for recall later
1004
	 *	- used to receate shortcode when user uses do_shortcode
1005
	 *
1006
	 * @param string $content
0 ignored issues
show
Documentation introduced by
Should the type for parameter $content not be string|null?

This check looks for @param annotations where the type inferred by our type inference engine differs from the declared type.

It makes a suggestion as to what type it considers more descriptive.

Most often this is a case of a parameter that can be null in addition to its declared types.

Loading history...
1007
	 */
1008
	static function store_shortcode( $content = null, $attributes = null ) {
1009
1010
		if ( $content != null and isset( $attributes['id'] ) ) {
0 ignored issues
show
Bug introduced by
It seems like you are loosely comparing $content of type string|null against null; this is ambiguous if the string can be empty. Consider using a strict comparison !== instead.
Loading history...
Comprehensibility Best Practice introduced by
Using logical operators such as and instead of && is generally not recommended.

PHP has two types of connecting operators (logical operators, and boolean operators):

  Logical Operators Boolean Operator
AND - meaning and &&
OR - meaning or ||

The difference between these is the order in which they are executed. In most cases, you would want to use a boolean operator like &&, or ||.

Let’s take a look at a few examples:

// Logical operators have lower precedence:
$f = false or true;

// is executed like this:
($f = false) or true;


// Boolean operators have higher precedence:
$f = false || true;

// is executed like this:
$f = (false || true);

Logical Operators are used for Control-Flow

One case where you explicitly want to use logical operators is for control-flow such as this:

$x === 5
    or die('$x must be 5.');

// Instead of
if ($x !== 5) {
    die('$x must be 5.');
}

Since die introduces problems of its own, f.e. it makes our code hardly testable, and prevents any kind of more sophisticated error handling; you probably do not want to use this in real-world code. Unfortunately, logical operators cannot be combined with throw at this point:

// The following is currently a parse error.
$x === 5
    or throw new RuntimeException('$x must be 5.');

These limitations lead to logical operators rarely being of use in current PHP code.

Loading history...
1011
1012
			$shortcode_meta = get_post_meta( $attributes['id'], '_g_feedback_shortcode', true );
1013
1014
			if ( $shortcode_meta != '' or $shortcode_meta != $content ) {
0 ignored issues
show
Comprehensibility Best Practice introduced by
Using logical operators such as or instead of || is generally not recommended.

PHP has two types of connecting operators (logical operators, and boolean operators):

  Logical Operators Boolean Operator
AND - meaning and &&
OR - meaning or ||

The difference between these is the order in which they are executed. In most cases, you would want to use a boolean operator like &&, or ||.

Let’s take a look at a few examples:

// Logical operators have lower precedence:
$f = false or true;

// is executed like this:
($f = false) or true;


// Boolean operators have higher precedence:
$f = false || true;

// is executed like this:
$f = (false || true);

Logical Operators are used for Control-Flow

One case where you explicitly want to use logical operators is for control-flow such as this:

$x === 5
    or die('$x must be 5.');

// Instead of
if ($x !== 5) {
    die('$x must be 5.');
}

Since die introduces problems of its own, f.e. it makes our code hardly testable, and prevents any kind of more sophisticated error handling; you probably do not want to use this in real-world code. Unfortunately, logical operators cannot be combined with throw at this point:

// The following is currently a parse error.
$x === 5
    or throw new RuntimeException('$x must be 5.');

These limitations lead to logical operators rarely being of use in current PHP code.

Loading history...
1015
				update_post_meta( $attributes['id'], '_g_feedback_shortcode', $content );
1016
			}
1017
1018
		}
1019
	}
1020
1021
	/**
1022
	 * Toggle for printing the grunion.css stylesheet
1023
	 *
1024
	 * @param bool $style
1025
	 */
1026
	static function style( $style ) {
1027
		$previous_style = self::$style;
1028
		self::$style = (bool) $style;
1029
		return $previous_style;
1030
	}
1031
1032
	/**
1033
	 * Turn on printing of grunion.css stylesheet
1034
	 * @see ::style()
1035
	 * @internal
1036
	 * @param bool $style
0 ignored issues
show
Bug introduced by
There is no parameter named $style. Was it maybe removed?

This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.

Consider the following example. The parameter $italy is not defined by the method finale(...).

/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}

The most likely cause is that the parameter was removed, but the annotation was not.

Loading history...
1037
	 */
1038
	static function _style_on() {
1039
		return self::style( true );
1040
	}
1041
1042
	/**
1043
	 * The contact-form shortcode processor
1044
	 *
1045
	 * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts()
1046
	 * @param string|null $content The shortcode's inner content: [contact-form]$content[/contact-form]
1047
	 * @return string HTML for the concat form.
1048
	 */
1049
	static function parse( $attributes, $content ) {
1050
		// Create a new Grunion_Contact_Form object (this class)
1051
		$form = new Grunion_Contact_Form( $attributes, $content );
1052
1053
		$id = $form->get_attribute( 'id' );
1054
1055
		if ( !$id ) { // something terrible has happened
1056
			return '[contact-form]';
1057
		}
1058
1059
		if ( is_feed() ) {
1060
			return '[contact-form]';
1061
		}
1062
1063
		// Only allow one contact form per post/widget
1064
		if ( self::$last && $id == self::$last->get_attribute( 'id' ) ) {
1065
			// We're processing the same post
1066
1067
			if ( self::$last->attributes != $form->attributes || self::$last->content != $form->content ) {
1068
				// And we're processing a different shortcode;
1069
				return '';
1070
			} // else, we're processing the same shortcode - probably a separate run of do_shortcode() - let it through
1071
1072
		} else {
1073
			self::$last = $form;
1074
		}
1075
1076
		// Enqueue the grunion.css stylesheet if self::$style allows it
1077
		if ( self::$style && ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) ) {
1078
			// Enqueue the style here instead of printing it, because if some other plugin has run the_post()+rewind_posts(),
1079
			// (like VideoPress does), the style tag gets "printed" the first time and discarded, leaving the contact form unstyled.
1080
			// when WordPress does the real loop.
1081
			wp_enqueue_style( 'grunion.css' );
1082
		}
1083
1084
		$r = '';
1085
		$r .= "<div id='contact-form-$id'>\n";
1086
1087
		if ( is_wp_error( $form->errors ) && $form->errors->get_error_codes() ) {
1088
			// There are errors.  Display them
1089
			$r .= "<div class='form-error'>\n<h3>" . __( 'Error!', 'jetpack' ) . "</h3>\n<ul class='form-errors'>\n";
1090
			foreach ( $form->errors->get_error_messages() as $message )
1091
				$r .= "\t<li class='form-error-message'>" . esc_html( $message ) . "</li>\n";
1092
			$r .= "</ul>\n</div>\n\n";
1093
		}
1094
1095
		if ( isset( $_GET['contact-form-id'] ) && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' ) && isset( $_GET['contact-form-sent'] ) ) {
1096
			// The contact form was submitted.  Show the success message/results
1097
1098
			$feedback_id = (int) $_GET['contact-form-sent'];
1099
1100
			$back_url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', '_wpnonce' ) );
1101
1102
			$r_success_message =
1103
				"<h3>" . __( 'Message Sent', 'jetpack' ) .
1104
				' (<a href="' . esc_url( $back_url ) . '">' . esc_html__( 'go back', 'jetpack' ) . '</a>)' .
1105
				"</h3>\n\n";
1106
1107
			// Don't show the feedback details unless the nonce matches
1108
			if ( $feedback_id && wp_verify_nonce( stripslashes( $_GET['_wpnonce'] ), "contact-form-sent-{$feedback_id}" ) ) {
1109
				$r_success_message .= self::success_message( $feedback_id, $form );
1110
			}
1111
1112
			/**
1113
			 * Filter the message returned after a successfull contact form submission.
1114
			 *
1115
			 * @module contact-form
1116
			 *
1117
			 * @since 1.3.1
1118
			 *
1119
			 * @param string $r_success_message Success message.
1120
			 */
1121
			$r .= apply_filters( 'grunion_contact_form_success_message', $r_success_message );
1122
		} else {
1123
			// Nothing special - show the normal contact form
1124
1125
			if ( $form->get_attribute( 'widget' ) ) {
1126
				// Submit form to the current URL
1127
				$url = remove_query_arg( array( 'contact-form-id', 'contact-form-sent', 'action', '_wpnonce' ) );
1128
			} else {
1129
				// Submit form to the post permalink
1130
				$url = get_permalink();
1131
			}
1132
1133
			// For SSL/TLS page. See RFC 3986 Section 4.2
1134
			$url = set_url_scheme( $url );
1135
1136
			// May eventually want to send this to admin-post.php...
1137
			/**
1138
			 * Filter the contact form action URL.
1139
			 *
1140
			 * @module contact-form
1141
			 *
1142
			 * @since 1.3.1
1143
			 *
1144
			 * @param string $contact_form_id Contact form post URL.
1145
			 * @param $post $GLOBALS['post'] Post global variable.
0 ignored issues
show
Documentation introduced by
The doc-type $post could not be parsed: Unknown type name "$post" at position 0. (view supported doc-types)

This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types.

Loading history...
1146
			 * @param int $id Contact Form ID.
1147
			 */
1148
			$url = apply_filters( 'grunion_contact_form_form_action', "{$url}#contact-form-{$id}", $GLOBALS['post'], $id );
1149
1150
			$r .= "<form action='" . esc_url( $url ) . "' method='post' class='contact-form commentsblock'>\n";
1151
			$r .= $form->body;
1152
			$r .= "\t<p class='contact-submit'>\n";
1153
			$r .= "\t\t<input type='submit' value='" . esc_attr( $form->get_attribute( 'submit_button_text' ) ) . "' class='pushbutton-wide'/>\n";
1154
			if ( is_user_logged_in() ) {
1155
				$r .= "\t\t" . wp_nonce_field( 'contact-form_' . $id, '_wpnonce', true, false ) . "\n"; // nonce and referer
1156
			}
1157
			$r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n";
1158
			$r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n";
1159
			$r .= "\t</p>\n";
1160
			$r .= "</form>\n";
1161
		}
1162
1163
		$r .= "</div>";
1164
1165
		return $r;
1166
	}
1167
1168
	/**
1169
	 * Returns a success message to be returned if the form is sent via AJAX.
1170
	 *
1171
	 * @param int $feedback_id
1172
	 * @param object Grunion_Contact_Form $form
1173
	 *
1174
	 * @return string $message
1175
	 */
1176
	static function success_message( $feedback_id, $form ) {
1177
		return wp_kses(
1178
			'<blockquote class="contact-form-submission">'
1179
			. '<p>' . join( self::get_compiled_form( $feedback_id, $form ), '</p><p>' ) . '</p>'
1180
			. '</blockquote>',
1181
			array( 'br' => array(), 'blockquote' => array( 'class' => array() ), 'p' => array() )
1182
		);
1183
	}
1184
1185
	/**
1186
	 * Returns a compiled form with labels and values in a form of  an array
1187
	 * of lines.
1188
	 * @param int $feedback_id
1189
	 * @param object Grunion_Contact_Form $form
1190
	 *
1191
	 * @return array $lines
1192
	 */
1193
	static function get_compiled_form( $feedback_id, $form ) {
1194
		$feedback       = get_post( $feedback_id );
1195
		$field_ids      = $form->get_field_ids();
1196
		$content_fields = Grunion_Contact_Form_Plugin::parse_fields_from_content( $feedback_id );
1197
1198
		// Maps field_ids to post_meta keys
1199
		$field_value_map = array(
1200
			'name'     => 'author',
1201
			'email'    => 'author_email',
1202
			'url'      => 'author_url',
1203
			'subject'  => 'subject',
1204
			'textarea' => false, // not a post_meta key.  This is stored in post_content
1205
		);
1206
1207
		$compiled_form = array();
1208
1209
		// "Standard" field whitelist
1210
		foreach ( $field_value_map as $type => $meta_key ) {
1211
			if ( isset( $field_ids[$type] ) ) {
1212
				$field = $form->fields[$field_ids[$type]];
1213
1214
				if ( $meta_key ) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $meta_key of type string|false is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== false instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For string values, the empty string '' is a special case, in particular the following results might be unexpected:

''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
Loading history...
1215
					if ( isset( $content_fields["_feedback_{$meta_key}"] ) )
1216
						$value = $content_fields["_feedback_{$meta_key}"];
1217
				} else {
1218
					// The feedback content is stored as the first "half" of post_content
1219
					$value = $feedback->post_content;
1220
					list( $value ) = explode( '<!--more-->', $value );
1221
					$value = trim( $value );
1222
				}
1223
1224
				$field_index = array_search( $field_ids[ $type ], $field_ids['all'] );
1225
				$compiled_form[ $field_index ] = sprintf(
1226
					'<b>%1$s:</b> %2$s<br /><br />',
1227
					wp_kses( $field->get_attribute( 'label' ), array() ),
1228
					nl2br( wp_kses( $value, array() ) )
0 ignored issues
show
Bug introduced by
The variable $value does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
1229
				);
1230
			}
1231
		}
1232
1233
		// "Non-standard" fields
1234
		if ( $field_ids['extra'] ) {
1235
			// array indexed by field label (not field id)
1236
			$extra_fields = get_post_meta( $feedback_id, '_feedback_extra_fields', true );
1237
			$extra_field_keys = array_keys( $extra_fields );
1238
1239
			$i = 0;
1240
			foreach ( $field_ids['extra'] as $field_id ) {
1241
				$field = $form->fields[$field_id];
1242
				$field_index = array_search( $field_id, $field_ids['all'] );
1243
1244
				$label = $field->get_attribute( 'label' );
1245
1246
				$compiled_form[ $field_index ] = sprintf(
1247
					'<b>%1$s:</b> %2$s<br /><br />',
1248
					wp_kses( $label, array() ),
1249
					nl2br( wp_kses( $extra_fields[$extra_field_keys[$i]], array() ) )
1250
				);
1251
1252
				$i++;
1253
			}
1254
		}
1255
1256
		// Sorting lines by the field index
1257
		ksort( $compiled_form );
1258
1259
		return $compiled_form;
1260
	}
1261
1262
	/**
1263
	 * The contact-field shortcode processor
1264
	 * We use an object method here instead of a static Grunion_Contact_Form_Field class method to parse contact-field shortcodes so that we can tie them to the contact-form object.
1265
	 *
1266
	 * @param array $attributes Key => Value pairs as parsed by shortcode_parse_atts()
1267
	 * @param string|null $content The shortcode's inner content: [contact-field]$content[/contact-field]
1268
	 * @return HTML for the contact form field
1269
	 */
1270
	static function parse_contact_field( $attributes, $content ) {
1271
		// Don't try to parse contact form fields if not inside a contact form
1272
		if ( ! Grunion_Contact_Form_Plugin::$using_contact_form_field ) {
0 ignored issues
show
Bug introduced by
The property using_contact_form_field cannot be accessed from this context as it is declared private in class Grunion_Contact_Form_Plugin.

This check looks for access to properties that are not accessible from the current context.

If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class.

Loading history...
1273
			$att_strs = array();
1274
			foreach ( $attributes as $att => $val ) {
1275
				if ( is_numeric( $att ) ) { // Is a valueless attribute
1276
					$att_strs[] = esc_html( $val );
1277
				} else if ( isset( $val ) ) { // A regular attr - value pair
1278
					$att_strs[] = esc_html( $att ) . '=\'' . esc_html( $val ) . '\'';
1279
				}
1280
			}
1281
1282
			$html = '[contact-field ' . implode( ' ', $att_strs );
1283
1284
			if ( isset( $content ) && ! empty( $content ) ) { // If there is content, let's add a closing tag
1285
				$html .=  ']' . esc_html( $content ) . '[/contact-field]';
1286
			} else { // Otherwise let's add a closing slash in the first tag
1287
				$html .= '/]';
1288
			}
1289
1290
			return $html;
1291
		}
1292
1293
		$form = Grunion_Contact_Form::$current_form;
1294
1295
		$field = new Grunion_Contact_Form_Field( $attributes, $content, $form );
1296
1297
		$field_id = $field->get_attribute( 'id' );
1298
		if ( $field_id ) {
1299
			$form->fields[$field_id] = $field;
1300
		} else {
1301
			$form->fields[] = $field;
1302
		}
1303
1304
		if (
1305
			isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action']
1306
		&&
1307
			isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id']
1308
		) {
1309
			// If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary.
1310
			$field->validate();
1311
		}
1312
1313
		// Output HTML
1314
		return $field->render();
1315
	}
1316
1317
	/**
1318
	 * Loops through $this->fields to generate a (structured) list of field IDs
1319
	 * @return array
1320
	 */
1321
	function get_field_ids() {
1322
		$field_ids = array(
1323
			'all'   => array(), // array of all field_ids
1324
			'extra' => array(), // array of all non-whitelisted field IDs
1325
1326
			// Whitelisted "standard" field IDs:
1327
			// 'email'    => field_id,
0 ignored issues
show
Unused Code Comprehensibility introduced by
43% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
1328
			// 'name'     => field_id,
0 ignored issues
show
Unused Code Comprehensibility introduced by
43% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
1329
			// 'url'      => field_id,
0 ignored issues
show
Unused Code Comprehensibility introduced by
43% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
1330
			// 'subject'  => field_id,
0 ignored issues
show
Unused Code Comprehensibility introduced by
43% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
1331
			// 'textarea' => field_id,
0 ignored issues
show
Unused Code Comprehensibility introduced by
43% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
1332
		);
1333
1334
		foreach ( $this->fields as $id => $field ) {
1335
			$field_ids['all'][] = $id;
1336
1337
			$type = $field->get_attribute( 'type' );
1338
			if ( isset( $field_ids[$type] ) ) {
1339
				// This type of field is already present in our whitelist of "standard" fields for this form
1340
				// Put it in extra
1341
				$field_ids['extra'][] = $id;
1342
				continue;
1343
			}
1344
1345
			switch ( $type ) {
1346
			case 'email' :
1347
			case 'telephone' :
1348
			case 'name' :
1349
			case 'url' :
1350
			case 'subject' :
1351
			case 'textarea' :
1352
				$field_ids[$type] = $id;
1353
				break;
1354
			default :
0 ignored issues
show
Coding Style introduced by
There must be no space before the colon in a DEFAULT statement

As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement.

switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}

To learn more about the PSR-2 coding standard, please refer to the PHP-Fig.

Loading history...
1355
				// Put everything else in extra
1356
				$field_ids['extra'][] = $id;
1357
			}
1358
		}
1359
1360
		return $field_ids;
1361
	}
1362
1363
	/**
1364
	 * Process the contact form's POST submission
1365
	 * Stores feedback.  Sends email.
1366
	 */
1367
	function process_submission() {
1368
		global $post;
1369
1370
		$plugin = Grunion_Contact_Form_Plugin::init();
1371
1372
		$id     = $this->get_attribute( 'id' );
1373
		$to     = $this->get_attribute( 'to' );
1374
		$widget = $this->get_attribute( 'widget' );
1375
1376
		$contact_form_subject = $this->get_attribute( 'subject' );
1377
1378
		$to = str_replace( ' ', '', $to );
1379
		$emails = explode( ',', $to );
1380
1381
		$valid_emails = array();
1382
1383
		foreach ( (array) $emails as $email ) {
1384
			if ( !is_email( $email ) ) {
1385
				continue;
1386
			}
1387
1388
			if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $email ) ) {
1389
				continue;
1390
			}
1391
1392
			$valid_emails[] = $email;
1393
		}
1394
1395
		// No one to send it to, which means none of the "to" attributes are valid emails.
1396
		// Use default email instead.
1397
		if ( !$valid_emails ) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $valid_emails of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
1398
			$valid_emails = $this->defaults['to'];
1399
		}
1400
1401
		$to = $valid_emails;
1402
1403
		// Last ditch effort to set a recipient if somehow none have been set.
1404
		if ( empty( $to ) ) {
1405
			$to = get_option( 'admin_email' );
1406
		}
1407
1408
		// Make sure we're processing the form we think we're processing... probably a redundant check.
1409
		if ( $widget ) {
1410
			if ( 'widget-' . $widget != $_POST['contact-form-id'] ) {
1411
				return false;
1412
			}
1413
		} else {
1414
			if ( $post->ID != $_POST['contact-form-id'] ) {
1415
				return false;
1416
			}
1417
		}
1418
1419
		$field_ids = $this->get_field_ids();
1420
1421
		// Initialize all these "standard" fields to null
1422
		$comment_author_email = $comment_author_email_label = // v
1423
		$comment_author       = $comment_author_label       = // v
1424
		$comment_author_url   = $comment_author_url_label   = // v
1425
		$comment_content      = $comment_content_label      = null;
1426
1427
		// For each of the "standard" fields, grab their field label and value.
1428
1429 View Code Duplication
		if ( isset( $field_ids['name'] ) ) {
1430
			$field = $this->fields[$field_ids['name']];
1431
			$comment_author = Grunion_Contact_Form_Plugin::strip_tags(
1432
				stripslashes(
1433
					/** This filter is already documented in core/wp-includes/comment-functions.php */
1434
					apply_filters( 'pre_comment_author_name', addslashes( $field->value ) )
1435
				)
1436
			);
1437
			$comment_author_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
1438
		}
1439
1440 View Code Duplication
		if ( isset( $field_ids['email'] ) ) {
1441
			$field = $this->fields[$field_ids['email']];
1442
			$comment_author_email = Grunion_Contact_Form_Plugin::strip_tags(
1443
				stripslashes(
1444
					/** This filter is already documented in core/wp-includes/comment-functions.php */
1445
					apply_filters( 'pre_comment_author_email', addslashes( $field->value ) )
1446
				)
1447
			);
1448
			$comment_author_email_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
1449
		}
1450
1451
		if ( isset( $field_ids['url'] ) ) {
1452
			$field = $this->fields[$field_ids['url']];
1453
			$comment_author_url = Grunion_Contact_Form_Plugin::strip_tags(
1454
				stripslashes(
1455
					/** This filter is already documented in core/wp-includes/comment-functions.php */
1456
					apply_filters( 'pre_comment_author_url', addslashes( $field->value ) )
1457
				)
1458
			);
1459
			if ( 'http://' == $comment_author_url ) {
1460
				$comment_author_url = '';
1461
			}
1462
			$comment_author_url_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
1463
		}
1464
1465
		if ( isset( $field_ids['textarea'] ) ) {
1466
			$field = $this->fields[$field_ids['textarea']];
1467
			$comment_content = trim( Grunion_Contact_Form_Plugin::strip_tags( $field->value ) );
1468
			$comment_content_label = Grunion_Contact_Form_Plugin::strip_tags( $field->get_attribute( 'label' ) );
1469
		}
1470
1471
		if ( isset( $field_ids['subject'] ) ) {
1472
			$field = $this->fields[$field_ids['subject']];
1473
			if ( $field->value ) {
1474
				$contact_form_subject = Grunion_Contact_Form_Plugin::strip_tags( $field->value );
1475
			}
1476
		}
1477
1478
		$all_values = $extra_values = array();
1479
		$i = 1; // Prefix counter for stored metadata
1480
1481
		// For all fields, grab label and value
1482
		foreach ( $field_ids['all'] as $field_id ) {
1483
			$field = $this->fields[$field_id];
1484
			$label = $i . '_' . $field->get_attribute( 'label' );
1485
			$value = $field->value;
1486
1487
			$all_values[$label] = $value;
1488
			$i++; // Increment prefix counter for the next field
1489
		}
1490
1491
		// For the "non-standard" fields, grab label and value
1492
		// Extra fields have their prefix starting from count( $all_values ) + 1
1493
		foreach ( $field_ids['extra'] as $field_id ) {
1494
			$field = $this->fields[$field_id];
1495
			$label = $i . '_' . $field->get_attribute( 'label' );
1496
			$value = $field->value;
1497
1498
			if ( is_array( $value ) ) {
1499
				$value = implode( ', ', $value );
1500
			}
1501
1502
			$extra_values[$label] = $value;
1503
			$i++; // Increment prefix counter for the next extra field
1504
		}
1505
1506
		$contact_form_subject = trim( $contact_form_subject );
1507
1508
		$comment_author_IP = Grunion_Contact_Form_Plugin::get_ip_address();
1509
1510
		$vars = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP' );
1511
		foreach ( $vars as $var )
1512
			$$var = str_replace( array( "\n", "\r" ), '', $$var );
1513
1514
		// Ensure that Akismet gets all of the relevant information from the contact form,
1515
		// not just the textarea field and predetermined subject.
1516
		$akismet_vars = compact( $vars );
1517
		$akismet_vars['comment_content'] = $comment_content;
1518
1519
		foreach ( array_merge( $field_ids['all'], $field_ids['extra'] ) as $field_id ) {
1520
			$field = $this->fields[$field_id];
1521
1522
			// Normalize the label into a slug.
1523
			$field_slug = trim( // Strip all leading/trailing dashes.
1524
				preg_replace(   // Normalize everything to a-z0-9_-
1525
					'/[^a-z0-9_]+/',
1526
					'-',
1527
					strtolower( $field->get_attribute( 'label' ) ) // Lowercase
1528
				),
1529
				'-'
1530
			);
1531
1532
			$field_value = ( is_array( $field->value ) ) ? trim( implode( ', ', $field->value ) ) : trim( $field->value );
1533
1534
			// Skip any values that are already in the array we're sending.
1535
			if ( $field_value && in_array( $field_value, $akismet_vars ) ) {
1536
				continue;
1537
			}
1538
1539
			$akismet_vars[ 'contact_form_field_' . $field_slug ] = $field_value;
1540
		}
1541
1542
		$spam = '';
1543
		$akismet_values = $plugin->prepare_for_akismet( $akismet_vars );
1544
1545
		// Is it spam?
1546
		/** This filter is already documented in modules/contact-form/admin.php */
1547
		$is_spam = apply_filters( 'jetpack_contact_form_is_spam', false, $akismet_values );
1548
		if ( is_wp_error( $is_spam ) ) // WP_Error to abort
1549
			return $is_spam; // abort
1550
		elseif ( $is_spam === TRUE )  // TRUE to flag a spam
1551
			$spam = '***SPAM*** ';
1552
1553
		if ( !$comment_author )
1554
			$comment_author = $comment_author_email;
1555
1556
		/**
1557
		 * Filter the email where a submitted feedback is sent.
1558
		 *
1559
		 * @module contact-form
1560
		 *
1561
		 * @since 1.3.1
1562
		 *
1563
		 * @param string|array $to Array of valid email addresses, or single email address.
1564
		 */
1565
		$to = (array) apply_filters( 'contact_form_to', $to );
1566
		foreach ( $to as $to_key => $to_value ) {
1567
			$to[$to_key] = Grunion_Contact_Form_Plugin::strip_tags( $to_value );
1568
		}
1569
1570
		$blog_url = parse_url( site_url() );
1571
		$from_email_addr = 'wordpress@' . $blog_url['host'];
1572
1573
		$reply_to_addr = $to[0];
1574
		if ( ! empty( $comment_author_email ) ) {
1575
			$reply_to_addr = $comment_author_email;
1576
		}
1577
1578
		$headers =  'From: "' . $comment_author  .'" <' . $from_email_addr  . ">\r\n" .
1579
					'Reply-To: "' . $comment_author . '" <' . $reply_to_addr  . ">\r\n" .
1580
					"Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"";
1581
1582
		/** This filter is already documented in modules/contact-form/admin.php */
1583
		$subject = apply_filters( 'contact_form_subject', $contact_form_subject, $all_values );
1584
		$url     = $widget ? home_url( '/' ) : get_permalink( $post->ID );
1585
1586
		$date_time_format = _x( '%1$s \a\t %2$s', '{$date_format} \a\t {$time_format}', 'jetpack' );
1587
		$date_time_format = sprintf( $date_time_format, get_option( 'date_format' ), get_option( 'time_format' ) );
1588
		$time = date_i18n( $date_time_format, current_time( 'timestamp' ) );
1589
1590
		// keep a copy of the feedback as a custom post type
1591
		$feedback_time   = current_time( 'mysql' );
1592
		$feedback_title  = "{$comment_author} - {$feedback_time}";
1593
		$feedback_status = $is_spam === TRUE ? 'spam' : 'publish';
1594
1595
		foreach ( (array) $akismet_values as $av_key => $av_value ) {
1596
			$akismet_values[$av_key] = Grunion_Contact_Form_Plugin::strip_tags( $av_value );
1597
		}
1598
1599
		foreach ( (array) $all_values as $all_key => $all_value ) {
1600
			$all_values[$all_key] = Grunion_Contact_Form_Plugin::strip_tags( $all_value );
1601
		}
1602
1603
		foreach ( (array) $extra_values as $ev_key => $ev_value ) {
1604
			$extra_values[$ev_key] = Grunion_Contact_Form_Plugin::strip_tags( $ev_value );
1605
		}
1606
1607
		/* We need to make sure that the post author is always zero for contact
1608
		 * form submissions.  This prevents export/import from trying to create
1609
		 * new users based on form submissions from people who were logged in
1610
		 * at the time.
1611
		 *
1612
		 * Unfortunately wp_insert_post() tries very hard to make sure the post
1613
		 * author gets the currently logged in user id.  That is how we ended up
1614
		 * with this work around. */
1615
		add_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 );
1616
1617
		$post_id = wp_insert_post( array(
1618
			'post_date'    => addslashes( $feedback_time ),
1619
			'post_type'    => 'feedback',
1620
			'post_status'  => addslashes( $feedback_status ),
1621
			'post_parent'  => (int) $post->ID,
1622
			'post_title'   => addslashes( wp_kses( $feedback_title, array() ) ),
1623
			'post_content' => addslashes( wp_kses( $comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$subject}\nIP: {$comment_author_IP}\n" . print_r( $all_values, TRUE ), array() ) ), // so that search will pick up this data
1624
			'post_name'    => md5( $feedback_title ),
1625
		) );
1626
1627
		// once insert has finished we don't need this filter any more
1628
		remove_filter( 'wp_insert_post_data', array( $plugin, 'insert_feedback_filter' ), 10, 2 );
1629
1630
		update_post_meta( $post_id, '_feedback_extra_fields', $this->addslashes_deep( $extra_values ) );
1631
		update_post_meta( $post_id, '_feedback_akismet_values', $this->addslashes_deep( $akismet_values ) );
1632
1633
		$message = self::get_compiled_form( $post_id, $this );
1634
1635
		array_push(
1636
			$message,
1637
			"", // Empty line left intentionally
1638
			__( 'Time:', 'jetpack' ) . ' ' . $time . '<br />',
1639
			__( 'IP Address:', 'jetpack' ) . ' ' . $comment_author_IP . '<br />',
1640
			__( 'Contact Form URL:', 'jetpack' ) . " " . $url . '<br />'
1641
		);
1642
1643
		if ( is_user_logged_in() ) {
1644
			array_push(
1645
				$message,
1646
				"",
1647
				sprintf(
1648
					__( 'Sent by a verified %s user.', 'jetpack' ),
1649
					isset( $GLOBALS['current_site']->site_name ) && $GLOBALS['current_site']->site_name ?
1650
						$GLOBALS['current_site']->site_name : '"' . get_option( 'blogname' ) . '"'
1651
				)
1652
			);
1653
		} else {
1654
			array_push( $message, __( 'Sent by an unverified visitor to your site.', 'jetpack' ) );
1655
		}
1656
1657
		$message = join( $message, "" );
1658
		/**
1659
		 * Filters the message sent via email after a successfull form submission.
1660
		 *
1661
		 * @module contact-form
1662
		 *
1663
		 * @since 1.3.1
1664
		 *
1665
		 * @param string $message Feedback email message.
1666
		 */
1667
		$message = apply_filters( 'contact_form_message', $message );
1668
1669
		update_post_meta( $post_id, '_feedback_email', $this->addslashes_deep( compact( 'to', 'message' ) ) );
1670
1671
		/**
1672
		 * Fires right before the contact form message is sent via email to
1673
		 * the recipient specified in the contact form.
1674
		 *
1675
		 * @module contact-form
1676
		 *
1677
		 * @since 1.3.1
1678
		 *
1679
		 * @param integer $post_id Post contact form lives on
1680
		 * @param array $all_values Contact form fields
1681
		 * @param array $extra_values Contact form fields not included in $all_values
1682
		 */
1683
		do_action( 'grunion_pre_message_sent', $post_id, $all_values, $extra_values );
1684
1685
		// schedule deletes of old spam feedbacks
1686
		if ( ! wp_next_scheduled( 'grunion_scheduled_delete' ) ) {
1687
			wp_schedule_event( time() + 250, 'daily', 'grunion_scheduled_delete' );
1688
		}
1689
1690
		if (
1691
			$is_spam !== TRUE &&
1692
			/**
1693
			 * Filter to choose whether an email should be sent after each successfull contact form submission.
1694
			 *
1695
			 * @module contact-form
1696
			 *
1697
			 * @since 2.6.0
1698
			 *
1699
			 * @param bool true Should an email be sent after a form submission. Default to true.
1700
			 * @param int $post_id Post ID.
1701
			 */
1702
			true === apply_filters( 'grunion_should_send_email', true, $post_id )
1703
		) {
1704
			wp_mail( $to, "{$spam}{$subject}", $message, $headers );
1705
		} elseif (
1706
			true === $is_spam &&
1707
			/**
1708
			 * Choose whether an email should be sent for each spam contact form submission.
1709
			 *
1710
			 * @module contact-form
1711
			 *
1712
			 * @since 1.3.1
1713
			 *
1714
			 * @param bool false Should an email be sent after a spam form submission. Default to false.
1715
			 */
1716
			apply_filters( 'grunion_still_email_spam', FALSE ) == TRUE
1717
		) { // don't send spam by default.  Filterable.
1718
			wp_mail( $to, "{$spam}{$subject}", $message, $headers );
1719
		}
1720
1721
		if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
1722
			return self::success_message( $post_id, $this );
1723
		}
1724
1725
		$redirect = wp_get_referer();
1726
		if ( !$redirect ) { // wp_get_referer() returns false if the referer is the same as the current page
1727
			$redirect = $_SERVER['REQUEST_URI'];
1728
		}
1729
1730
		$redirect = add_query_arg( urlencode_deep( array(
1731
			'contact-form-id'   => $id,
1732
			'contact-form-sent' => $post_id,
1733
			'_wpnonce'          => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :(
1734
		) ), $redirect );
1735
1736
		/**
1737
		 * Filter the URL where the reader is redirected after submitting a form.
1738
		 *
1739
		 * @module contact-form
1740
		 *
1741
		 * @since 1.9.0
1742
		 *
1743
		 * @param string $redirect Post submission URL.
1744
		 * @param int $id Contact Form ID.
1745
		 * @param int $post_id Post ID.
1746
		 */
1747
		$redirect = apply_filters( 'grunion_contact_form_redirect_url', $redirect, $id, $post_id );
1748
1749
		wp_safe_redirect( $redirect );
1750
		exit;
0 ignored issues
show
Coding Style Compatibility introduced by
The method process_submission() contains an exit expression.

An exit expression should only be used in rare cases. For example, if you write a short command line script.

In most cases however, using an exit expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage.

Loading history...
1751
	}
1752
1753
	function addslashes_deep( $value ) {
1754
		if ( is_array( $value ) ) {
1755
			return array_map( array( $this, 'addslashes_deep' ), $value );
1756
		} elseif ( is_object( $value ) ) {
1757
			$vars = get_object_vars( $value );
1758
			foreach ( $vars as $key => $data ) {
1759
				$value->{$key} = $this->addslashes_deep( $data );
1760
			}
1761
			return $value;
1762
		}
1763
1764
		return addslashes( $value );
1765
	}
1766
}
1767
1768
/**
1769
 * Class for the contact-field shortcode.
1770
 * Parses shortcode to output the contact form field as HTML.
1771
 * Validates input.
1772
 */
1773
class Grunion_Contact_Form_Field extends Crunion_Contact_Form_Shortcode {
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class should be in its own file to aid autoloaders.

Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule.

Loading history...
1774
	public $shortcode_name = 'contact-field';
1775
1776
	/**
1777
	 * @var Grunion_Contact_Form parent form
1778
	 */
1779
	public $form;
1780
1781
	/**
1782
	 * @var string default or POSTed value
1783
	 */
1784
	public $value;
1785
1786
	/**
1787
	 * @var bool Is the input invalid?
1788
	 */
1789
	public $error = false;
1790
1791
	/**
1792
	 * @param array $attributes An associative array of shortcode attributes.  @see shortcode_atts()
1793
	 * @param null|string $content Null for selfclosing shortcodes.  The inner content otherwise.
1794
	 * @param Grunion_Contact_Form $form The parent form
0 ignored issues
show
Documentation introduced by
Should the type for parameter $form not be Grunion_Contact_Form|null?

This check looks for @param annotations where the type inferred by our type inference engine differs from the declared type.

It makes a suggestion as to what type it considers more descriptive.

Most often this is a case of a parameter that can be null in addition to its declared types.

Loading history...
1795
	 */
1796
	function __construct( $attributes, $content = null, $form = null ) {
1797
		$attributes = shortcode_atts( array(
1798
			'label'       => null,
1799
			'type'        => 'text',
1800
			'required'    => false,
1801
			'options'     => array(),
1802
			'id'          => null,
1803
			'default'     => null,
1804
			'placeholder' => null,
1805
		), $attributes, 'contact-field' );
1806
1807
		// special default for subject field
1808
		if ( 'subject' == $attributes['type'] && is_null( $attributes['default'] ) && !is_null( $form ) ) {
1809
			$attributes['default'] = $form->get_attribute( 'subject' );
1810
		}
1811
1812
		// allow required=1 or required=true
1813
		if ( '1' == $attributes['required'] || 'true' == strtolower( $attributes['required'] ) )
1814
			$attributes['required'] = true;
1815
		else
1816
			$attributes['required'] = false;
1817
1818
		// parse out comma-separated options list (for selects, radios, and checkbox-multiples)
1819
		if ( !empty( $attributes['options'] ) && is_string( $attributes['options'] ) ) {
1820
			$attributes['options'] = array_map( 'trim', explode( ',', $attributes['options'] ) );
1821
		}
1822
1823
		if ( $form ) {
1824
			// make a unique field ID based on the label, with an incrementing number if needed to avoid clashes
1825
			$form_id = $form->get_attribute( 'id' );
1826
			$id = isset( $attributes['id'] ) ? $attributes['id'] : false;
1827
1828
			$unescaped_label = $this->unesc_attr( $attributes['label'] );
1829
			$unescaped_label = str_replace( '%', '-', $unescaped_label ); // jQuery doesn't like % in IDs?
1830
			$unescaped_label = preg_replace( '/[^a-zA-Z0-9.-_:]/', '', $unescaped_label );
1831
1832
			if ( empty( $id ) ) {
1833
				$id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label );
1834
				$i = 0;
1835
				$max_tries = 99;
1836
				while ( isset( $form->fields[$id] ) ) {
1837
					$i++;
1838
					$id = sanitize_title_with_dashes( 'g' . $form_id . '-' . $unescaped_label . '-' . $i );
1839
1840
					if ( $i > $max_tries ) {
1841
						break;
1842
					}
1843
				}
1844
			}
1845
1846
			$attributes['id'] = $id;
1847
		}
1848
1849
		parent::__construct( $attributes, $content );
1850
1851
		// Store parent form
1852
		$this->form = $form;
1853
	}
1854
1855
	/**
1856
	 * This field's input is invalid.  Flag as invalid and add an error to the parent form
1857
	 *
1858
	 * @param string $message The error message to display on the form.
1859
	 */
1860
	function add_error( $message ) {
1861
		$this->is_error = true;
0 ignored issues
show
Bug introduced by
The property is_error does not exist. Did you maybe forget to declare it?

In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:

class MyClass { }

$x = new MyClass();
$x->foo = true;

Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion:

class MyClass {
    public $foo;
}

$x = new MyClass();
$x->foo = true;
Loading history...
1862
1863
		if ( !is_wp_error( $this->form->errors ) ) {
1864
			$this->form->errors = new WP_Error;
1865
		}
1866
1867
		$this->form->errors->add( $this->get_attribute( 'id' ), $message );
1868
	}
1869
1870
	/**
1871
	 * Is the field input invalid?
1872
	 *
1873
	 * @see $error
1874
	 *
1875
	 * @return bool
1876
	 */
1877
	function is_error() {
1878
		return $this->error;
1879
	}
1880
1881
	/**
1882
	 * Validates the form input
1883
	 */
1884
	function validate() {
1885
		// If it's not required, there's nothing to validate
1886
		if ( !$this->get_attribute( 'required' ) ) {
1887
			return;
1888
		}
1889
1890
		$field_id    = $this->get_attribute( 'id' );
1891
		$field_type  = $this->get_attribute( 'type' );
1892
		$field_label = $this->get_attribute( 'label' );
1893
1894
		if ( isset( $_POST[ $field_id ] ) ) {
1895
			if ( is_array( $_POST[ $field_id ] ) ) {
1896
				$field_value = array_map( 'stripslashes', $_POST[ $field_id ] );
1897
			} else {
1898
				$field_value = stripslashes( $_POST[ $field_id ] );
1899
			}
1900
		} else {
1901
			$field_value = '';
1902
		}
1903
1904
		switch ( $field_type ) {
1905
		case 'email' :
1906
			// Make sure the email address is valid
1907
			if ( !is_email( $field_value ) ) {
1908
				$this->add_error( sprintf( __( '%s requires a valid email address', 'jetpack' ), $field_label ) );
1909
			}
1910
			break;
1911
		case 'checkbox-multiple' :
1912
			// Check that there is at least one option selected
1913
			if ( empty( $field_value ) ) {
1914
				$this->add_error( sprintf( __( '%s requires at least one selection', 'jetpack' ), $field_label ) );
1915
			}
1916
			break;
1917
		default :
0 ignored issues
show
Coding Style introduced by
There must be no space before the colon in a DEFAULT statement

As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement.

switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}

To learn more about the PSR-2 coding standard, please refer to the PHP-Fig.

Loading history...
1918
			// Just check for presence of any text
1919
			if ( !strlen( trim( $field_value ) ) ) {
1920
				$this->add_error( sprintf( __( '%s is required', 'jetpack' ), $field_label ) );
1921
			}
1922
		}
1923
	}
1924
1925
	/**
1926
	 * Outputs the HTML for this form field
1927
	 *
1928
	 * @return string HTML
1929
	 */
1930
	function render() {
1931
		global $current_user, $user_identity;
1932
1933
		$r = '';
1934
1935
		$field_id          = $this->get_attribute( 'id' );
1936
		$field_type        = $this->get_attribute( 'type' );
1937
		$field_label       = $this->get_attribute( 'label' );
1938
		$field_required    = $this->get_attribute( 'required' );
1939
		$placeholder       = $this->get_attribute( 'placeholder' );
1940
		$field_placeholder = ( ! empty( $placeholder ) ) ? "placeholder='" . esc_attr( $placeholder ) . "'" : '';
1941
1942
		if ( isset( $_POST[ $field_id ] ) ) {
1943
			if ( is_array( $_POST[ $field_id ] ) ) {
1944
				$this->value = array_map( 'stripslashes', $_POST[ $field_id ] );
0 ignored issues
show
Documentation Bug introduced by
It seems like array_map('stripslashes', $_POST[$field_id]) of type array is incompatible with the declared type string of property $value.

Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.

Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..

Loading history...
1945
			} else {
1946
				$this->value = stripslashes( (string) $_POST[ $field_id ] );
1947
			}
1948
		} elseif ( isset( $_GET[ $field_id ] ) ) {
1949
			$this->value = stripslashes( (string) $_GET[ $field_id ] );
1950
		} elseif (
1951
			is_user_logged_in() &&
1952
			( ( defined( 'IS_WPCOM' ) && IS_WPCOM ) ||
1953
			/**
1954
			 * Allow third-party tools to prefill the contact form with the user's details when they're logged in.
1955
			 *
1956
			 * @module contact-form
1957
			 *
1958
			 * @since 3.2.0
1959
			 *
1960
			 * @param bool false Should the Contact Form be prefilled with your details when you're logged in. Default to false.
1961
			 */
1962
			true === apply_filters( 'jetpack_auto_fill_logged_in_user', false )
1963
			)
1964
		) {
1965
			// Special defaults for logged-in users
1966
			switch ( $this->get_attribute( 'type' ) ) {
1967
			case 'email' :
1968
				$this->value = $current_user->data->user_email;
1969
				break;
1970
			case 'name' :
1971
				$this->value = $user_identity;
1972
				break;
1973
			case 'url' :
1974
				$this->value = $current_user->data->user_url;
1975
				break;
1976
			default :
0 ignored issues
show
Coding Style introduced by
There must be no space before the colon in a DEFAULT statement

As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement.

switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}

To learn more about the PSR-2 coding standard, please refer to the PHP-Fig.

Loading history...
1977
				$this->value = $this->get_attribute( 'default' );
1978
			}
1979
		} else {
1980
			$this->value = $this->get_attribute( 'default' );
1981
		}
1982
1983
		$field_value = Grunion_Contact_Form_Plugin::strip_tags( $this->value );
1984
		$field_label = Grunion_Contact_Form_Plugin::strip_tags( $field_label );
1985
1986
		/**
1987
		 * Filter the Contact Form required field text
1988
		 *
1989
		 * @module contact-form
1990
		 *
1991
		 * @since 3.8.0
1992
		 *
1993
		 * @param string $var Required field text. Default is "(required)".
1994
		 */
1995
		$required_field_text = esc_html( apply_filters( 'jetpack_required_field_text', __( "(required)", 'jetpack' ) ) );
1996
1997
		switch ( $field_type ) {
1998 View Code Duplication
		case 'email' :
1999
			$r .= "\n<div>\n";
2000
			$r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label email" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2001
			$r .= "\t\t<input type='email' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='email' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n";
2002
			$r .= "\t</div>\n";
2003
			break;
2004
		case 'telephone' :
0 ignored issues
show
Coding Style introduced by
There must be a comment when fall-through is intentional in a non-empty case body
Loading history...
2005
			$r .= "\n<div>\n";
2006
			$r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label telephone" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2007
			$r .= "\t\t<input type='tel' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='telephone' " . $field_placeholder . "/>\n";
2008 View Code Duplication
		case 'textarea' :
2009
			$r .= "\n<div>\n";
2010
			$r .= "\t\t<label for='contact-form-comment-" . esc_attr( $field_id ) . "' class='grunion-field-label textarea" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2011
			$r .= "\t\t<textarea name='" . esc_attr( $field_id ) . "' id='contact-form-comment-" . esc_attr( $field_id ) . "' rows='20' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . ">" . esc_textarea( $field_value ) . "</textarea>\n";
2012
			$r .= "\t</div>\n";
2013
			break;
2014 View Code Duplication
		case 'radio' :
2015
			$r .= "\t<div><label class='grunion-field-label" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2016
			foreach ( $this->get_attribute( 'options' ) as $option ) {
2017
				$option = Grunion_Contact_Form_Plugin::strip_tags( $option );
2018
				$r .= "\t\t<label class='grunion-radio-label radio" . ( $this->is_error() ? ' form-error' : '' ) . "'>";
2019
				$r .= "<input type='radio' name='" . esc_attr( $field_id ) . "' value='" . esc_attr( $option ) . "' class='radio' " . checked( $option, $field_value, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> ";
2020
				$r .= esc_html( $option ) . "</label>\n";
2021
				$r .= "\t\t<div class='clear-form'></div>\n";
2022
			}
2023
			$r .= "\t\t</div>\n";
2024
			break;
2025
		case 'checkbox' :
2026
			$r .= "\t<div>\n";
2027
			$r .= "\t\t<label class='grunion-field-label checkbox" . ( $this->is_error() ? ' form-error' : '' ) . "'>\n";
2028
			$r .= "\t\t<input type='checkbox' name='" . esc_attr( $field_id ) . "' value='" . esc_attr__( 'Yes', 'jetpack' ) . "' class='checkbox' " . checked( (bool) $field_value, true, false ) . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/> \n";
2029
			$r .= "\t\t" . esc_html( $field_label ) . ( $field_required ? '<span>'. $required_field_text . '</span>' : '' ) . "</label>\n";
2030
			$r .= "\t\t<div class='clear-form'></div>\n";
2031
			$r .= "\t</div>\n";
2032
			break;
2033
		case 'checkbox-multiple' :
2034
			$r .= "\t<div><label class='grunion-field-label" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2035
			foreach ( $this->get_attribute( 'options' ) as $option ) {
2036
				$option = Grunion_Contact_Form_Plugin::strip_tags( $option );
2037
				$r .= "\t\t<label class='grunion-checkbox-multiple-label checkbox-multiple" . ( $this->is_error() ? ' form-error' : '' ) . "'>";
2038
				$r .= "<input type='checkbox' name='" . esc_attr( $field_id ) . "[]' value='" . esc_attr( $option ) . "' class='checkbox-multiple' " . checked( in_array( $option, (array) $field_value ), true, false ) . " /> ";
2039
				$r .= esc_html( $option ) . "</label>\n";
2040
				$r .= "\t\t<div class='clear-form'></div>\n";
2041
			}
2042
			$r .= "\t\t</div>\n";
2043
			break;
2044 View Code Duplication
		case 'select' :
2045
			$r .= "\n<div>\n";
2046
			$r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label select" . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>'. $required_field_text . '</span>' : '' ) . "</label>\n";
2047
			$r .= "\t<select name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' class='select' " . ( $field_required ? "required aria-required='true'" : "" ) . ">\n";
2048
			foreach ( $this->get_attribute( 'options' ) as $option ) {
2049
				$option = Grunion_Contact_Form_Plugin::strip_tags( $option );
2050
				$r .= "\t\t<option" . selected( $option, $field_value, false ) . ">" . esc_html( $option ) . "</option>\n";
2051
			}
2052
			$r .= "\t</select>\n";
2053
			$r .= "\t</div>\n";
2054
			break;
2055
		case 'date' :
2056
			$r .= "\n<div>\n";
2057
			$r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2058
			$r .= "\t\t<input type='date' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n";
2059
			$r .= "\t</div>\n";
2060
2061
			wp_enqueue_script( 'grunion-frontend', plugins_url( 'js/grunion-frontend.js', __FILE__ ), array( 'jquery', 'jquery-ui-datepicker' ) );
2062
			break;
2063
		default : // text field
0 ignored issues
show
Coding Style introduced by
There must be no space before the colon in a DEFAULT statement

As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement.

switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}

To learn more about the PSR-2 coding standard, please refer to the PHP-Fig.

Loading history...
2064
			// note that any unknown types will produce a text input, so we can use arbitrary type names to handle
2065
			// input fields like name, email, url that require special validation or handling at POST
2066
			$r .= "\n<div>\n";
2067
			$r .= "\t\t<label for='" . esc_attr( $field_id ) . "' class='grunion-field-label " . esc_attr( $field_type ) . ( $this->is_error() ? ' form-error' : '' ) . "'>" . esc_html( $field_label ) . ( $field_required ? '<span>' . $required_field_text . '</span>' : '' ) . "</label>\n";
2068
			$r .= "\t\t<input type='text' name='" . esc_attr( $field_id ) . "' id='" . esc_attr( $field_id ) . "' value='" . esc_attr( $field_value ) . "' class='" . esc_attr( $field_type ) . "' " . $field_placeholder . " " . ( $field_required ? "required aria-required='true'" : "" ) . "/>\n";
2069
			$r .= "\t</div>\n";
2070
		}
2071
2072
		/**
2073
		 * Filter the HTML of the Contact Form.
2074
		 *
2075
		 * @module contact-form
2076
		 *
2077
		 * @since 2.6.0
2078
		 *
2079
		 * @param string $r Contact Form HTML output.
2080
		 * @param string $field_label Field label.
2081
		 * @param int|null $id Post ID.
2082
		 */
2083
		return apply_filters( 'grunion_contact_form_field_html', $r, $field_label, ( in_the_loop() ? get_the_ID() : null ) );
2084
	}
2085
}
2086
2087
add_action( 'init', array( 'Grunion_Contact_Form_Plugin', 'init' ) );
2088
2089
add_action( 'grunion_scheduled_delete', 'grunion_delete_old_spam' );
2090
2091
/**
2092
 * Deletes old spam feedbacks to keep the posts table size under control
2093
 */
2094
function grunion_delete_old_spam() {
2095
	global $wpdb;
2096
2097
	$grunion_delete_limit = 100;
2098
2099
	$now_gmt = current_time( 'mysql', 1 );
2100
	$sql = $wpdb->prepare( "
2101
		SELECT `ID`
2102
		FROM $wpdb->posts
2103
		WHERE DATE_SUB( %s, INTERVAL 15 DAY ) > `post_date_gmt`
2104
			AND `post_type` = 'feedback'
2105
			AND `post_status` = 'spam'
2106
		LIMIT %d
2107
	", $now_gmt, $grunion_delete_limit );
2108
	$post_ids = $wpdb->get_col( $sql );
2109
2110
	foreach ( (array) $post_ids as $post_id ) {
2111
		# force a full delete, skip the trash
2112
		wp_delete_post( $post_id, TRUE );
2113
	}
2114
2115
	# Arbitrary check points for running OPTIMIZE
2116
	# nothing special about 5000 or 11
2117
	# just trying to periodically recover deleted rows
2118
	$random_num = mt_rand( 1, 5000 );
2119
	if (
2120
		/**
2121
		 * Filter how often the module run OPTIMIZE TABLE on the core WP tables.
2122
		 *
2123
		 * @module contact-form
2124
		 *
2125
		 * @since 1.3.1
2126
		 *
2127
		 * @param int $random_num Random number.
2128
		 */
2129
		apply_filters( 'grunion_optimize_table', ( $random_num == 11 ) )
2130
	) {
2131
		$wpdb->query( "OPTIMIZE TABLE $wpdb->posts" );
2132
	}
2133
2134
	# if we hit the max then schedule another run
2135
	if ( count( $post_ids ) >= $grunion_delete_limit ) {
2136
		wp_schedule_single_event( time() + 700, 'grunion_scheduled_delete' );
2137
	}
2138
}
2139