Skip to content

Commit

Permalink
New Pod forms save!
Browse files Browse the repository at this point in the history
  • Loading branch information
@sc0ttkclark
sc0ttkclark committed Aug 12, 2012
1 parent 445bd7b commit f0c9a79
Show file tree
Hide file tree
Showing 6 changed files with 120 additions and 108 deletions.
50 changes: 26 additions & 24 deletions classes/PodsAPI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1766,7 +1766,10 @@ public function save_pod_item ( $params ) {

$sql = $wpdb->prepare( "REPLACE INTO `@wp_pods_tbl_{$params->pod}` ({$table_fields}) VALUES ({$table_formats})", $table_values );

$params->id = pods_query( $sql, 'Cannot add/save table row' );
$id = pods_query( $sql, 'Cannot add/save table row' );

if ( empty( $params->id ) )
$params->id = $id;
}
}
}
Expand Down Expand Up @@ -4189,59 +4192,58 @@ public function cache_flush_pods ( $pod = null ) {
}

/**
* Process a Pod-based form
*
* @param mixed $params
* @param object $obj Pod object
* @param array $fields Fields being submitted in form ( key => settings )
* @param string $thank_you URL to send to upon success
*
* @return mixed
*/
public function process_form ( $obj = null, $fields = null, $thank_you = null ) {
public function process_form ( $params, $obj = null, $fields = null, $thank_you = null ) {
$this->display_errors = false;

$nonce = $pod = $id = $uri = $form = null;
$form = null;

if ( isset( $_POST[ '_pods_nonce' ] ) )
$nonce = $_POST[ '_pods_nonce' ];
$nonce = pods_var( '_pods_nonce', $params );
$pod = pods_var( '_pods_pod', $params );
$id = pods_var( '_pods_id', $params );
$uri = pods_var( '_pods_uri', $params );
$form = pods_var( '_pods_form', $params );

if ( is_object( $obj ) ) {
$pod = $obj->pod;
$id = $obj->id();
}
else {
if ( isset( $_POST[ '_pods_pod' ] ) )
$pod = $_POST[ '_pods_pod' ];

if ( isset( $_POST[ '_pods_id' ] ) )
$id = $_POST[ '_pods_id' ];
}

if ( isset( $_POST[ '_pods_uri' ] ) )
$uri = $_POST[ '_pods_uri' ];

if ( !empty( $fields ) ) {
$fields = array_keys( $fields );
$form = implode( ',', $fields );
}
elseif ( isset( $_POST[ '_pods_form' ] ) ) {
$form = $_POST[ '_pods_form' ];
else
$fields = explode( ',', $form );
}

if ( empty( $nonce) || empty( $pod ) || empty( $uri ) || empty( $fields ) )
return pods_error( __( 'Invalid submission', 'pods' ), $this );

$action = 'pods_form_' . $pod . '_' . session_id() . '_' . $id . '_' . $uri . '_' . wp_hash( $form );
$uid = @session_id();

if ( is_user_logged_in() )
$uid = 'user_' . get_current_user_id();

$action = 'pods_form_' . $pod . '_' . $uid . '_' . $id . '_' . $uri . '_' . wp_hash( $form );

if ( empty( $uid ) )
return pods_error( __( 'Access denied for your session, please refresh and try again.', 'pods' ), $this );

if ( wp_verify_nonce( $nonce, $action ) )
return pods_error( __( 'Access denied, please refresh and try again.', 'pods' ), $this );

$data = array();

foreach ( $fields as $field ) {
$data[ $field ] = '';

if ( isset( $_POST[ $field ] ) )
$data[ $field ] = $_POST[ $field ];
$data[ $field ] = pods_var( 'pods_field_' . $field, $params, '' );
}

$params = array(
Expand All @@ -4253,7 +4255,7 @@ public function process_form ( $obj = null, $fields = null, $thank_you = null )
$id = $this->save_pod_item( $params );

if ( 0 < $id && !empty( $thank_you ) )
echo '<script type="text/javascript">document.location = "' . esc_url( $thank_you ) . '";</script>';
echo '<script type="text/javascript">document.location = "' . esc_js( $thank_you ) . '";</script>';

return $id;
}
Expand Down
24 changes: 12 additions & 12 deletions classes/PodsAdmin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,23 +664,21 @@ public function admin_ajax () {
'security_settings' => array( 'priv' => 'manage_settings' ),
'select2_ajax' => array('priv' => 'manage_pds', 'format' => 'json'),
'upgrade' => array( 'priv' => 'manage_pods' ),
'process_form' => array()
'process_form' => array( 'custom_nonce' => true )
);

$methods = apply_filters( 'pods_admin_ajax_methods', $methods, $this );

if ( !isset( $params->method ) || !isset( $methods[ $params->method ] ) )
pods_error( 'Invalid AJAX request', $this );

if ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) )
pods_error( 'Unauthorized request', $this );

$defaults = array(
'priv' => null,
'format' => null,
'safe' => null,
'access_pod_specific' => null,
'name' => $params->method
'name' => $params->method,
'custom_nonce' => false
);

$method = (object) array_merge( $defaults, (array) $methods[ $params->method ] );
Expand All @@ -690,19 +688,22 @@ public function admin_ajax () {
unset( $params->method );
unset( $params->_wpnonce );

if ( false === $method->custom_nonce && ( !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method ) ) )
pods_error( __( 'Unauthorized request', 'pods' ), $this );

if ( true === $method->access_pod_specific ) {
$priv_val = false;
if ( isset( $params->pod ) )
$priv_val = 'pod_' . $params->pod;
if ( false === $priv_val || ( !pods_access( $priv_val ) && !pods_access( 'manage_content' ) ) )
pods_error( 'Access denied', $this );
pods_error( __( 'Access denied', 'pods' ), $this );
}

// Check permissions (convert to array to support multiple)
if ( !empty( $method->priv ) ) {
foreach ( (array) $method->priv as $priv_val ) {
if ( !pods_access( $priv_val ) )
pods_error( 'Access denied', $this );
pods_error( __( 'Access denied', 'pods' ), $this );
}
}

Expand Down Expand Up @@ -738,9 +739,6 @@ public function admin_ajax () {

$params->data = $columns;
}
elseif ( 'process_form' == $method->name ) {
$this->api->process_form();
}
elseif ( 'save_pod' == $method->name ) {
if ( isset( $params->field_data ) && !is_array( $params->field_data ) ) {
$params->field_data = stripslashes( $params->field_data );
Expand All @@ -750,7 +748,9 @@ public function admin_ajax () {

$params = apply_filters( 'pods_api_' . $method->name, $params, $method );

if ( 'upgrade' == $method->name ) {
if ( 'process_form' == $method->name )
$output = $this->api->process_form( $params );
elseif ( 'upgrade' == $method->name ) {
require_once( PODS_DIR . 'sql/PodsUpgrade.php' );

$upgrade = new PodsUpgrade_2_0();
Expand Down Expand Up @@ -850,7 +850,7 @@ public function admin_ajax_upload () {
$upload_disabled = true;

if ( true === $upload_disabled || !isset( $params->_wpnonce ) || false === wp_verify_nonce( $params->_wpnonce, 'pods-' . $params->method . '-' . $params->id ) )
pods_error( 'Unauthorized request', $this );
pods_error( __( 'Unauthorized request', 'pods' ), $this );

$method = $params->method;

Expand Down
88 changes: 46 additions & 42 deletions classes/PodsData.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -971,69 +971,71 @@ public function reset ( $row = null ) {
public static function query ($sql, $error = 'Database Error', $results_error = null, $no_results_error = null) {
global $wpdb;

if ($wpdb->show_errors)
if ( $wpdb->show_errors )
self::$display_errors = true;

$display_errors = self::$display_errors;

if (is_object($error)) {
if (isset($error->display_errors) && false === $error->display_errors)
if ( is_object( $error ) ) {
if ( isset( $error->display_errors ) && false === $error->display_errors )
$display_errors = false;

$error = 'Database Error';
}
elseif (is_bool($error)) {
elseif ( is_bool( $error ) ) {
$display_errors = $error;

if (false !== $error)
if ( false !== $error )
$error = 'Database Error';
}

$params = (object) array('sql' => $sql,
'error' => $error,
'results_error' => $results_error,
'no_results_error' => $no_results_error,
'display_errors' => $display_errors);
$params = (object) array(
'sql' => $sql,
'error' => $error,
'results_error' => $results_error,
'no_results_error' => $no_results_error,
'display_errors' => $display_errors
);

// Handle Preparations of Values (sprintf format)
if (is_array($sql)) {
if (isset($sql[0]) && 1 < count($sql)) {
if (2 == count($sql)) {
if (!is_array($sql[1]))
$sql[1] = array($sql[1]);
if ( is_array( $sql ) ) {
if ( isset( $sql[ 0 ] ) && 1 < count( $sql ) ) {
if ( 2 == count( $sql ) ) {
if ( !is_array( $sql[ 1 ] ) )
$sql[ 1 ] = array( $sql[ 1 ] );

$params->sql = self::prepare($sql[0], $sql[1]);
$params->sql = self::prepare( $sql[ 0 ], $sql[ 1 ] );
}
elseif (3 == count($sql))
$params->sql = self::prepare($sql[0], array($sql[1], $sql[2]));
elseif ( 3 == count( $sql ) )
$params->sql = self::prepare( $sql[ 0 ], array( $sql[ 1 ], $sql[ 2 ] ) );
else
$params->sql = self::prepare($sql[0], array($sql[1], $sql[2], $sql[3]));
$params->sql = self::prepare( $sql[ 0 ], array( $sql[ 1 ], $sql[ 2 ], $sql[ 3 ] ) );
}
else
$params = array_merge($params, $sql);
$params = array_merge( $params, $sql );
}

$params->sql = trim($params->sql);
$params->sql = trim( $params->sql );

// Run Query
$params->sql = self::do_hook('query', $params->sql, $params);
$params->sql = self::do_hook( 'query', $params->sql, $params );

$result = $wpdb->query( $params->sql );

$result = self::do_hook('query_result', $result, $params);
$result = self::do_hook( 'query_result', $result, $params );

if (false === $result && !empty($params->error) && !empty($wpdb->last_error))
return pods_error("{$params->error}; SQL: {$params->sql}; Response: {$wpdb->last_error}", $params->display_errors);
if ( false === $result && !empty( $params->error ) && !empty( $wpdb->last_error ) )
return pods_error( "{$params->error}; SQL: {$params->sql}; Response: {$wpdb->last_error}", $params->display_errors );

if ('INSERT' == substr($params->sql, 0, 6))
if ( 'INSERT' == substr( $params->sql, 0, 6 ) || 'REPLACE' == substr( $params->sql, 0, 7 ) )
$result = $wpdb->insert_id;
elseif ('SELECT' == substr($params->sql, 0, 6)) {
elseif ( 'SELECT' == substr( $params->sql, 0, 6 ) ) {
$result = (array) $wpdb->last_result;

if (!empty($result) && !empty($params->results_error))
return pods_error( $params->results_error, $params->display_errors);
elseif (empty($result) && !empty($params->no_results_error))
return pods_error( $params->no_results_error , $params->display_errors);
if ( !empty( $result ) && !empty( $params->results_error ) )
return pods_error( $params->results_error, $params->display_errors );
elseif ( empty( $result ) && !empty( $params->no_results_error ) )
return pods_error( $params->no_results_error, $params->display_errors );
}

return $result;
Expand All @@ -1049,17 +1051,19 @@ public static function query ($sql, $error = 'Database Error', $results_error =
public static function get_tables ($wp_core = true, $pods_tables = true) {
global $wpdb;

$core_wp_tables = array($wpdb->options,
$wpdb->comments,
$wpdb->commentmeta,
$wpdb->posts,
$wpdb->postmeta,
$wpdb->users,
$wpdb->usermeta,
$wpdb->links,
$wpdb->terms,
$wpdb->term_taxonomy,
$wpdb->term_relationships);
$core_wp_tables = array(
$wpdb->options,
$wpdb->comments,
$wpdb->commentmeta,
$wpdb->posts,
$wpdb->postmeta,
$wpdb->users,
$wpdb->usermeta,
$wpdb->links,
$wpdb->terms,
$wpdb->term_taxonomy,
$wpdb->term_relationships
);

$showTables = mysql_list_tables(DB_NAME);

Expand Down
5 changes: 4 additions & 1 deletion functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,10 @@ function pods_var ( $var = 'last', $type = 'get', $default = null, $allowed = nu
* @return bool
*/
function pods_cast ( $var, $default = null ) {
settype( $var, gettype( $default ) );
if ( is_object( $var ) && is_array( $default ) )
$var = get_object_vars( $var );
else
settype( $var, gettype( $default ) );

return $var;
}
Expand Down
3 changes: 2 additions & 1 deletion ui/admin/form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@

if ( isset( $_POST[ '_pods_nonce' ] ) ) {
try {
$id = $pod->api->process_form( $pod, $fields, $thank_you );
$params = stripslashes_deep( (array) $_POST );
$id = $pod->api->process_form( $params, $pod, $fields, $thank_you );
}
catch ( Exception $e ) {
echo '<div class="pods-message pods-message-error">' . $e->getMessage() . '</div>';
Expand Down
Loading

0 comments on commit f0c9a79

Please sign in to comment.