Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

New Pod forms save!

  • Loading branch information...
commit f0c9a7929b96e35d3a295f27197269568eb9bd65 1 parent 445bd7b
@sc0ttkclark sc0ttkclark authored
View
50 classes/PodsAPI.php
@@ -1766,7 +1766,10 @@ public function save_pod_item ( $params ) {
$sql = $wpdb->prepare( "REPLACE INTO `@wp_pods_tbl_{$params->pod}` ({$table_fields}) VALUES ({$table_formats})", $table_values );
- $params->id = pods_query( $sql, 'Cannot add/save table row' );
+ $id = pods_query( $sql, 'Cannot add/save table row' );
+
+ if ( empty( $params->id ) )
+ $params->id = $id;
}
}
}
@@ -4189,48 +4192,50 @@ public function cache_flush_pods ( $pod = null ) {
}
/**
+ * Process a Pod-based form
+ *
+ * @param mixed $params
* @param object $obj Pod object
* @param array $fields Fields being submitted in form ( key => settings )
* @param string $thank_you URL to send to upon success
*
* @return mixed
*/
- public function process_form ( $obj = null, $fields = null, $thank_you = null ) {
+ public function process_form ( $params, $obj = null, $fields = null, $thank_you = null ) {
$this->display_errors = false;
- $nonce = $pod = $id = $uri = $form = null;
+ $form = null;
- if ( isset( $_POST[ '_pods_nonce' ] ) )
- $nonce = $_POST[ '_pods_nonce' ];
+ $nonce = pods_var( '_pods_nonce', $params );
+ $pod = pods_var( '_pods_pod', $params );
+ $id = pods_var( '_pods_id', $params );
+ $uri = pods_var( '_pods_uri', $params );
+ $form = pods_var( '_pods_form', $params );
if ( is_object( $obj ) ) {
$pod = $obj->pod;
$id = $obj->id();
}
- else {
- if ( isset( $_POST[ '_pods_pod' ] ) )
- $pod = $_POST[ '_pods_pod' ];
-
- if ( isset( $_POST[ '_pods_id' ] ) )
- $id = $_POST[ '_pods_id' ];
- }
-
- if ( isset( $_POST[ '_pods_uri' ] ) )
- $uri = $_POST[ '_pods_uri' ];
if ( !empty( $fields ) ) {
$fields = array_keys( $fields );
$form = implode( ',', $fields );
}
- elseif ( isset( $_POST[ '_pods_form' ] ) ) {
- $form = $_POST[ '_pods_form' ];
+ else
$fields = explode( ',', $form );
- }
if ( empty( $nonce) || empty( $pod ) || empty( $uri ) || empty( $fields ) )
return pods_error( __( 'Invalid submission', 'pods' ), $this );
- $action = 'pods_form_' . $pod . '_' . session_id() . '_' . $id . '_' . $uri . '_' . wp_hash( $form );
+ $uid = @session_id();
+
+ if ( is_user_logged_in() )
+ $uid = 'user_' . get_current_user_id();
+
+ $action = 'pods_form_' . $pod . '_' . $uid . '_' . $id . '_' . $uri . '_' . wp_hash( $form );
+
+ if ( empty( $uid ) )
+ return pods_error( __( 'Access denied for your session, please refresh and try again.', 'pods' ), $this );
if ( wp_verify_nonce( $nonce, $action ) )
return pods_error( __( 'Access denied, please refresh and try again.', 'pods' ), $this );
@@ -4238,10 +4243,7 @@ public function process_form ( $obj = null, $fields = null, $thank_you = null )
$data = array();
foreach ( $fields as $field ) {
- $data[ $field ] = '';
-
- if ( isset( $_POST[ $field ] ) )
- $data[ $field ] = $_POST[ $field ];
+ $data[ $field ] = pods_var( 'pods_field_' . $field, $params, '' );
}
$params = array(
@@ -4253,7 +4255,7 @@ public function process_form ( $obj = null, $fields = null, $thank_you = null )
$id = $this->save_pod_item( $params );
if ( 0 < $id && !empty( $thank_you ) )
- echo '<script type="text/javascript">document.location = "' . esc_url( $thank_you ) . '";</script>';
+ echo '<script type="text/javascript">document.location = "' . esc_js( $thank_you ) . '";</script>';
return $id;
}
View
24 classes/PodsAdmin.php
@@ -664,7 +664,7 @@ public function admin_ajax () {
'security_settings' => array( 'priv' => 'manage_settings' ),
'select2_ajax' => array('priv' => 'manage_pds', 'format' => 'json'),
'upgrade' => array( 'priv' => 'manage_pods' ),
- 'process_form' => array()
+ 'process_form' => array( 'custom_nonce' => true )
);
$methods = apply_filters( 'pods_admin_ajax_methods', $methods, $this );
@@ -672,15 +672,13 @@ public function admin_ajax () {
if ( !isset( $params->method ) || !isset( $methods[ $params->method ] ) )
pods_error( 'Invalid AJAX request', $this );
- if ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) )
- pods_error( 'Unauthorized request', $this );
-
$defaults = array(
'priv' => null,
'format' => null,
'safe' => null,
'access_pod_specific' => null,
- 'name' => $params->method
+ 'name' => $params->method,
+ 'custom_nonce' => false
);
$method = (object) array_merge( $defaults, (array) $methods[ $params->method ] );
@@ -690,19 +688,22 @@ public function admin_ajax () {
unset( $params->method );
unset( $params->_wpnonce );
+ if ( false === $method->custom_nonce && ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) ) )
+ pods_error( __( 'Unauthorized request', 'pods' ), $this );
+
if ( true === $method->access_pod_specific ) {
$priv_val = false;
if ( isset( $params->pod ) )
$priv_val = 'pod_' . $params->pod;
if ( false === $priv_val || ( !pods_access( $priv_val ) && !pods_access( 'manage_content' ) ) )
- pods_error( 'Access denied', $this );
+ pods_error( __( 'Access denied', 'pods' ), $this );
}
// Check permissions (convert to array to support multiple)
if ( !empty( $method->priv ) ) {
foreach ( (array) $method->priv as $priv_val ) {
if ( !pods_access( $priv_val ) )
- pods_error( 'Access denied', $this );
+ pods_error( __( 'Access denied', 'pods' ), $this );
}
}
@@ -738,9 +739,6 @@ public function admin_ajax () {
$params->data = $columns;
}
- elseif ( 'process_form' == $method->name ) {
- $this->api->process_form();
- }
elseif ( 'save_pod' == $method->name ) {
if ( isset( $params->field_data ) && !is_array( $params->field_data ) ) {
$params->field_data = stripslashes( $params->field_data );
@@ -750,7 +748,9 @@ public function admin_ajax () {
$params = apply_filters( 'pods_api_' . $method->name, $params, $method );
- if ( 'upgrade' == $method->name ) {
+ if ( 'process_form' == $method->name )
+ $output = $this->api->process_form( $params );
+ elseif ( 'upgrade' == $method->name ) {
require_once( PODS_DIR . 'sql/PodsUpgrade.php' );
$upgrade = new PodsUpgrade_2_0();
@@ -850,7 +850,7 @@ public function admin_ajax_upload () {
$upload_disabled = true;
if ( true === $upload_disabled || !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method . '-' . $params->id ) )
- pods_error( 'Unauthorized request', $this );
+ pods_error( __( 'Unauthorized request', 'pods' ), $this );
$method = $params->method;
View
88 classes/PodsData.php
@@ -971,69 +971,71 @@ public function reset ( $row = null ) {
public static function query ($sql, $error = 'Database Error', $results_error = null, $no_results_error = null) {
global $wpdb;
- if ($wpdb->show_errors)
+ if ( $wpdb->show_errors )
self::$display_errors = true;
$display_errors = self::$display_errors;
- if (is_object($error)) {
- if (isset($error->display_errors) && false === $error->display_errors)
+ if ( is_object( $error ) ) {
+ if ( isset( $error->display_errors ) && false === $error->display_errors )
$display_errors = false;
$error = 'Database Error';
}
- elseif (is_bool($error)) {
+ elseif ( is_bool( $error ) ) {
$display_errors = $error;
- if (false !== $error)
+ if ( false !== $error )
$error = 'Database Error';
}
- $params = (object) array('sql' => $sql,
- 'error' => $error,
- 'results_error' => $results_error,
- 'no_results_error' => $no_results_error,
- 'display_errors' => $display_errors);
+ $params = (object) array(
+ 'sql' => $sql,
+ 'error' => $error,
+ 'results_error' => $results_error,
+ 'no_results_error' => $no_results_error,
+ 'display_errors' => $display_errors
+ );
// Handle Preparations of Values (sprintf format)
- if (is_array($sql)) {
- if (isset($sql[0]) && 1 < count($sql)) {
- if (2 == count($sql)) {
- if (!is_array($sql[1]))
- $sql[1] = array($sql[1]);
+ if ( is_array( $sql ) ) {
+ if ( isset( $sql[ 0 ] ) && 1 < count( $sql ) ) {
+ if ( 2 == count( $sql ) ) {
+ if ( !is_array( $sql[ 1 ] ) )
+ $sql[ 1 ] = array( $sql[ 1 ] );
- $params->sql = self::prepare($sql[0], $sql[1]);
+ $params->sql = self::prepare( $sql[ 0 ], $sql[ 1 ] );
}
- elseif (3 == count($sql))
- $params->sql = self::prepare($sql[0], array($sql[1], $sql[2]));
+ elseif ( 3 == count( $sql ) )
+ $params->sql = self::prepare( $sql[ 0 ], array( $sql[ 1 ], $sql[ 2 ] ) );
else
- $params->sql = self::prepare($sql[0], array($sql[1], $sql[2], $sql[3]));
+ $params->sql = self::prepare( $sql[ 0 ], array( $sql[ 1 ], $sql[ 2 ], $sql[ 3 ] ) );
}
else
- $params = array_merge($params, $sql);
+ $params = array_merge( $params, $sql );
}
- $params->sql = trim($params->sql);
+ $params->sql = trim( $params->sql );
// Run Query
- $params->sql = self::do_hook('query', $params->sql, $params);
+ $params->sql = self::do_hook( 'query', $params->sql, $params );
$result = $wpdb->query( $params->sql );
- $result = self::do_hook('query_result', $result, $params);
+ $result = self::do_hook( 'query_result', $result, $params );
- if (false === $result && !empty($params->error) && !empty($wpdb->last_error))
- return pods_error("{$params->error}; SQL: {$params->sql}; Response: {$wpdb->last_error}", $params->display_errors);
+ if ( false === $result && !empty( $params->error ) && !empty( $wpdb->last_error ) )
+ return pods_error( "{$params->error}; SQL: {$params->sql}; Response: {$wpdb->last_error}", $params->display_errors );
- if ('INSERT' == substr($params->sql, 0, 6))
+ if ( 'INSERT' == substr( $params->sql, 0, 6 ) || 'REPLACE' == substr( $params->sql, 0, 7 ) )
$result = $wpdb->insert_id;
- elseif ('SELECT' == substr($params->sql, 0, 6)) {
+ elseif ( 'SELECT' == substr( $params->sql, 0, 6 ) ) {
$result = (array) $wpdb->last_result;
- if (!empty($result) && !empty($params->results_error))
- return pods_error( $params->results_error, $params->display_errors);
- elseif (empty($result) && !empty($params->no_results_error))
- return pods_error( $params->no_results_error , $params->display_errors);
+ if ( !empty( $result ) && !empty( $params->results_error ) )
+ return pods_error( $params->results_error, $params->display_errors );
+ elseif ( empty( $result ) && !empty( $params->no_results_error ) )
+ return pods_error( $params->no_results_error, $params->display_errors );
}
return $result;
@@ -1049,17 +1051,19 @@ public static function query ($sql, $error = 'Database Error', $results_error =
public static function get_tables ($wp_core = true, $pods_tables = true) {
global $wpdb;
- $core_wp_tables = array($wpdb->options,
- $wpdb->comments,
- $wpdb->commentmeta,
- $wpdb->posts,
- $wpdb->postmeta,
- $wpdb->users,
- $wpdb->usermeta,
- $wpdb->links,
- $wpdb->terms,
- $wpdb->term_taxonomy,
- $wpdb->term_relationships);
+ $core_wp_tables = array(
+ $wpdb->options,
+ $wpdb->comments,
+ $wpdb->commentmeta,
+ $wpdb->posts,
+ $wpdb->postmeta,
+ $wpdb->users,
+ $wpdb->usermeta,
+ $wpdb->links,
+ $wpdb->terms,
+ $wpdb->term_taxonomy,
+ $wpdb->term_relationships
+ );
$showTables = mysql_list_tables(DB_NAME);
View
5 functions.php
@@ -416,7 +416,10 @@ function pods_var ( $var = 'last', $type = 'get', $default = null, $allowed = nu
* @return bool
*/
function pods_cast ( $var, $default = null ) {
- settype( $var, gettype( $default ) );
+ if ( is_object( $var ) && is_array( $default ) )
+ $var = get_object_vars( $var );
+ else
+ settype( $var, gettype( $default ) );
return $var;
}
View
3  ui/admin/form.php
@@ -6,7 +6,8 @@
if ( isset( $_POST[ '_pods_nonce' ] ) ) {
try {
- $id = $pod->api->process_form( $pod, $fields, $thank_you );
+ $params = stripslashes_deep( (array) $_POST );
+ $id = $pod->api->process_form( $params, $pod, $fields, $thank_you );
}
catch ( Exception $e ) {
echo '<div class="pods-message pods-message-error">' . $e->getMessage() . '</div>';
View
58 ui/js/jquery.pods.js
@@ -1,5 +1,5 @@
(function ( $ ) {
- var changed = false;
+ var pods_changed = false;
var methods = {
validate : function () {
var $form = $( 'form.pods-submittable' );
@@ -41,7 +41,7 @@
$( 'form.pods-submittable' ).on( 'submit', function ( e ) {
var $submittable = $( this );
- changed = false;
+ pods_changed = false;
e.preventDefault();
@@ -115,6 +115,8 @@
if ( !$.isEmptyObject( field_data ) )
postdata[ 'field_data' ] = $.toJSON( field_data );
+ $submitbutton = $submittable.find( 'input[type=submit], button[type=submit]' );
+
$.ajax( {
type : 'POST',
dataType : 'html',
@@ -137,18 +139,18 @@
if ( 'undefined' != typeof pods_admin_submit_error_callback )
pods_admin_submit_error_callback( err_msg );
- $submittable.css( 'cursor', 'pointer' );
- $submittable.prop( 'disabled', false );
- $submittable.parent().find( '.waiting' ).fadeOut();
+ $submitbutton.css( 'cursor', 'pointer' );
+ $submitbutton.prop( 'disabled', false );
+ $submitbutton.parent().find( '.waiting' ).fadeOut();
alert( 'Error: ' + err_msg );
console.log( err_msg );
}
},
error : function () {
- $submittable.css( 'cursor', 'pointer' );
- $submittable.prop( 'disabled', false );
- $submittable.parent().find( '.waiting' ).fadeOut();
+ $submitbutton.css( 'cursor', 'pointer' );
+ $submitbutton.prop( 'disabled', false );
+ $submitbutton.parent().find( '.waiting' ).fadeOut();
alert( 'Unable to process request, please try again.' );
}
@@ -158,23 +160,23 @@
// Handle submit via link and translate to AJAX
$( 'form.pods-submittable a.pods-submit' ).on( 'click', function ( e ) {
- e.preventDefault();
+ var $submitbutton = $( this );
- var $el = $( this );
+ e.preventDefault();
- pods_ajaxurl = $el.data( 'ajaxurl' );
+ pods_ajaxurl = $submitbutton.data( 'ajaxurl' );
if ( 'undefined' != typeof pods_ajaxurl )
pods_ajaxurl = pods_ajaxurl.replace( /\?nojs\=1/, '?pods_ajax=1' );
else if ( 'undefined' != typeof ajaxurl && ('undefined' == typeof pods_ajaxurl || '' == pods_ajaxurl || '?pods_ajax=1' == pods_ajaxurl || document.location.href == pods_ajaxurl || document.location.href.replace( /\?nojs\=1/, '?pods_ajax=1' ) == pods_ajaxurl) )
pods_ajaxurl = ajaxurl + '?pods_ajax=1';
- var postdata = $el.data();
+ var postdata = $submitbutton.data();
- if ( 'undefined' != typeof $el.data( 'confirm' ) && !confirm( $el.data( 'confirm' ) ) )
+ if ( 'undefined' != typeof $submitbutton.data( 'confirm' ) && !confirm( $submitbutton.data( 'confirm' ) ) )
return false;
- changed = false;
+ pods_changed = false;
pods_ajaxurl = pods_ajaxurl + '&action=' + postdata.action;
@@ -188,30 +190,30 @@
if ( -1 == d.indexOf( '<e>' ) && -1 != d ) {
if ( 'undefined' != typeof pods_admin_submit_callback )
pods_admin_submit_callback( d );
- else if ( 'undefined' != typeof $submittable.data( 'location' ) )
- document.location.href = $submittable.data( 'location' );
+ else if ( 'undefined' != typeof $submitbutton.data( 'location' ) )
+ document.location.href = $submitbutton.data( 'location' );
else
document.location.reload( true );
}
- else if ( 'undefined' != typeof $submittable.data( 'error-location' ) )
- document.location.href = $submittable.data( 'error-location' );
+ else if ( 'undefined' != typeof $submitbutton.data( 'error-location' ) )
+ document.location.href = $submitbutton.data( 'error-location' );
else {
var err_msg = d.replace( '<e>', '' ).replace( '</e>', '' );
if ( 'undefined' != typeof pods_admin_submit_error_callback )
pods_admin_submit_error_callback( err_msg );
- $submittable.css( 'cursor', 'pointer' );
- $submittable.prop( 'disabled', false );
- $submittable.parent().find( '.waiting' ).fadeOut();
+ $submitbutton.css( 'cursor', 'pointer' );
+ $submitbutton.prop( 'disabled', false );
+ $submitbutton.parent().find( '.waiting' ).fadeOut();
alert( 'Error: ' + err_msg );
console.log( err_msg );
}
},
error : function () {
- $submittable.css( 'cursor', 'pointer' );
- $submittable.prop( 'disabled', false );
- $submittable.parent().find( '.waiting' ).fadeOut();
+ $submitbutton.css( 'cursor', 'pointer' );
+ $submitbutton.prop( 'disabled', false );
+ $submitbutton.parent().find( '.waiting' ).fadeOut();
alert( 'Unable to process request, please try again.' );
}
@@ -220,11 +222,11 @@
// Handle submit button and show waiting image
$( 'form.pods-submittable' ).on( 'click', 'input[type=submit], button[type=submit]', function ( e ) {
- changed = false;
+ pods_changed = false;
e.preventDefault();
- $submitbutton = $( this );
+ var $submitbutton = $( this );
$submitbutton.css( 'cursor', 'default' );
$submitbutton.prop( 'disabled', true );
$submitbutton.parent().find( '.waiting' ).fadeIn();
@@ -973,10 +975,10 @@
},
exit_confirm : function () {
$( 'form.pods-submittable .pods-submittable-fields' ).on( 'change', 'input:not(:button,:submit),textarea,select', function () {
- changed = true;
+ pods_changed = true;
window.onbeforeunload = function () {
- if ( changed )
+ if ( pods_changed )
return 'Navigating away from this page will discard any changes you have made.';
}
} );
Please sign in to comment.
Something went wrong with that request. Please try again.