Edit File by line

<?php if ( ! defined( 'ABSPATH' ) ) exit;

[0] Fix | Delete

[1] Fix | Delete

/**

[2] Fix | Delete

* Class NF_Action_Save

[3] Fix | Delete

[4] Fix | Delete

class NF_Actions_Save extends NF_Abstracts_Action

[5] Fix | Delete

{

[6] Fix | Delete

/**

[7] Fix | Delete

* @var string

[8] Fix | Delete

[9] Fix | Delete

protected $_name = 'save';

[10] Fix | Delete

[11] Fix | Delete

/**

[12] Fix | Delete

* @var array

[13] Fix | Delete

[14] Fix | Delete

protected $_tags = array();

[15] Fix | Delete

[16] Fix | Delete

/**

[17] Fix | Delete

* @var string

[18] Fix | Delete

[19] Fix | Delete

protected $_documentation_url = 'https://ninjaforms.com/docs/record-submission-action/';

[20] Fix | Delete

[21] Fix | Delete

/**

[22] Fix | Delete

* @var string

[23] Fix | Delete

[24] Fix | Delete

protected $_timing = 'late';

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* @var int

[28] Fix | Delete

[29] Fix | Delete

protected $_priority = '-1';

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* @var string

[33] Fix | Delete

[34] Fix | Delete

protected $_group = 'core';

[35] Fix | Delete

[36] Fix | Delete

/**

[37] Fix | Delete

* Constructor

[38] Fix | Delete

[39] Fix | Delete

public function __construct()

[40] Fix | Delete

{

[41] Fix | Delete

parent::__construct();

[42] Fix | Delete

[43] Fix | Delete

$this->_nicename = esc_html__( 'Record Submission', 'ninja-forms' );

[44] Fix | Delete

[45] Fix | Delete

$settings = Ninja_Forms::config( 'ActionSaveSettings' );

[46] Fix | Delete

[47] Fix | Delete

$this->_settings = array_merge( $this->_settings, $settings );

[48] Fix | Delete

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

[52] Fix | Delete

* PUBLIC METHODS

[53] Fix | Delete

[54] Fix | Delete

[55] Fix | Delete

public function save( $action_settings )

[56] Fix | Delete

{

[57] Fix | Delete

if( ! isset( $_POST[ 'form' ] ) ) return;

[58] Fix | Delete

// Get the form data from the Post variable and send it off for processing.

[59] Fix | Delete

$form = json_decode( stripslashes( $_POST[ 'form' ] ) );

[60] Fix | Delete

$this->submission_expiration_processing( $action_settings, $form->id );

[61] Fix | Delete

}

[62] Fix | Delete

[63] Fix | Delete

/**

[64] Fix | Delete

* Submission Expiration Processing

[65] Fix | Delete

* Decides if the submission expiration data should be added to the

[66] Fix | Delete

* submission expiration option or not.

[67] Fix | Delete

[68] Fix | Delete

* @param $action_settings - array.

[69] Fix | Delete

* @param $form_id - ( int ) The ID of the Form.

[70] Fix | Delete

[71] Fix | Delete

* @return void

[72] Fix | Delete

[73] Fix | Delete

public function submission_expiration_processing( $action_settings, $form_id )

[74] Fix | Delete

{

[75] Fix | Delete

[76] Fix | Delete

* Comma separated value of the form id and action setting.

[77] Fix | Delete

* Example: 5,90

[78] Fix | Delete

[79] Fix | Delete

$expiration_value = $form_id . ',' . $action_settings[ 'subs_expire_time' ];

[80] Fix | Delete

[81] Fix | Delete

// Get our expiration option.

[82] Fix | Delete

$option = $this->getOption( 'nf_sub_expiration', array() );

[83] Fix | Delete

[84] Fix | Delete

// Check if form is already listed in the option and remove it if it is

[85] Fix | Delete

$expiration_option = $this->clean_form_option( $expiration_value, $option );

[86] Fix | Delete

[87] Fix | Delete

// If our expiration setting is turned on, add current cron interval to the form entry in the option.

[88] Fix | Delete

if( 1 == $action_settings[ 'set_subs_to_expire' ] ) {

[89] Fix | Delete

$expiration_option[] = $expiration_value;

[90] Fix | Delete

}

[91] Fix | Delete

[92] Fix | Delete

// Update our option.

[93] Fix | Delete

$this->updateOption( 'nf_sub_expiration', $expiration_option );

[94] Fix | Delete

}

[95] Fix | Delete

[96] Fix | Delete

/**

[97] Fix | Delete

* Retrieve a stored option

[98] Fix | Delete

[99] Fix | Delete

* @param string $key

[100] Fix | Delete

* @param mixed $default

[101] Fix | Delete

* @return mixed

[102] Fix | Delete

[103] Fix | Delete

protected function getOption(string $key, $default)

[104] Fix | Delete

{

[105] Fix | Delete

$return = get_option( $key, $default );

[106] Fix | Delete

[107] Fix | Delete

return $return;

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

/**

[111] Fix | Delete

* Update a stored value in option table

[112] Fix | Delete

[113] Fix | Delete

* @param string $key

[114] Fix | Delete

* @param mixed $value

[115] Fix | Delete

* @return void

[116] Fix | Delete

[117] Fix | Delete

protected function updateOption(string $key,$value): void

[118] Fix | Delete

{

[119] Fix | Delete

update_option( $key, $value );

[120] Fix | Delete

}

[121] Fix | Delete

/**

[122] Fix | Delete

* Compare Expiration Option

[123] Fix | Delete

* Accepts $expiration_data and checks to see if the values already exist in the array.

[124] Fix | Delete

* This allows to resave the option with new cron interval if it is set and just remove the form from the option if it is not set

[125] Fix | Delete

* @since 3.6.35

[126] Fix | Delete

[127] Fix | Delete

* @param string $expiration_value - key/value pair

[128] Fix | Delete

* $expiration_value[ 'form_id' ] = form_id(int)

[129] Fix | Delete

* $expiration_value[ 'expire_time' ] = subs_expire_time(int)

[130] Fix | Delete

* @param array $expiration_option - list of key/value pairs of the expiration options.

[131] Fix | Delete

[132] Fix | Delete

* @return array $expiration_option without current saved form

[133] Fix | Delete

[134] Fix | Delete

public function clean_form_option( $expiration_value, $expiration_option ){

[135] Fix | Delete

[136] Fix | Delete

* Breaks a part our options.

[137] Fix | Delete

* $value[ 0 ] - ( int ) Form ID

[138] Fix | Delete

* $value[ 1 ] - ( int ) Expiration time in days

[139] Fix | Delete

[140] Fix | Delete

$values = explode( ',', $expiration_value );

[141] Fix | Delete

[142] Fix | Delete

// Find the position of the value we are tyring to update.

[143] Fix | Delete

//This checks if this form is already in the expiration options, removes the form from the option's array and adds it again with the new expiration time

[144] Fix | Delete

foreach($expiration_option as $index => $form_option){

[145] Fix | Delete

$form_option = explode( ',', $form_option );

[146] Fix | Delete

if($form_option[0] == $values[0]){

[147] Fix | Delete

unset($expiration_option[$index]);

[148] Fix | Delete

}

[149] Fix | Delete

}

[150] Fix | Delete

[151] Fix | Delete

return $expiration_option;

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

public function process( $action_settings, $form_id, $data )

[155] Fix | Delete

{

[156] Fix | Delete

[157] Fix | Delete

if( isset( $data['settings']['is_preview'] ) && $data['settings']['is_preview'] ){

[158] Fix | Delete

return $data;

[159] Fix | Delete

}

[160] Fix | Delete

[161] Fix | Delete

if( ! apply_filters ( 'ninja_forms_save_submission', true, $form_id ) ) return $data;

[162] Fix | Delete

[163] Fix | Delete

$sub = Ninja_Forms()->form( $form_id )->sub()->get();

[164] Fix | Delete

[165] Fix | Delete

$hidden_field_types = apply_filters( 'nf_sub_hidden_field_types', array() );

[166] Fix | Delete

[167] Fix | Delete

// For each field on the form...

[168] Fix | Delete

foreach( $data['fields'] as $field ){

[169] Fix | Delete

[170] Fix | Delete

// If this is a "hidden" field type.

[171] Fix | Delete

if( in_array( $field[ 'type' ], array_values( $hidden_field_types ) ) ) {

[172] Fix | Delete

// Do not save it.

[173] Fix | Delete

$data[ 'actions' ][ 'save' ][ 'hidden' ][] = $field[ 'type' ];

[174] Fix | Delete

continue;

[175] Fix | Delete

}

[176] Fix | Delete

[177] Fix | Delete

$field[ 'value' ] = apply_filters( 'nf_save_sub_user_value', $field[ 'value' ], $field[ 'id' ] );

[178] Fix | Delete

[179] Fix | Delete

$save_all_none = $action_settings[ 'fields-save-toggle' ];

[180] Fix | Delete

$save_field = true;

[181] Fix | Delete

[182] Fix | Delete

// If we were told to save all fields...

[183] Fix | Delete

if( 'save_all' == $save_all_none ) {

[184] Fix | Delete

$save_field = true;

[185] Fix | Delete

// For each exception to that rule...

[186] Fix | Delete

foreach( $action_settings[ 'exception_fields' ] as $exception_field ) {

[187] Fix | Delete

// Remove it from the list.

[188] Fix | Delete

if( $field[ 'key' ] == $exception_field[ 'field'] ) {

[189] Fix | Delete

$save_field = false;

[190] Fix | Delete

break;

[191] Fix | Delete

}

[192] Fix | Delete

}

[193] Fix | Delete

} // Otherwise... (We were told to save no fields.)

[194] Fix | Delete

else if( 'save_none' == $save_all_none ) {

[195] Fix | Delete

$save_field = false;

[196] Fix | Delete

// For each exception to that rule...

[197] Fix | Delete

foreach( $action_settings[ 'exception_fields' ] as

[198] Fix | Delete

$exception_field ) {

[199] Fix | Delete

// Add it to the list.

[200] Fix | Delete

if( $field[ 'key' ] == $exception_field[ 'field'] ) {

[201] Fix | Delete

$save_field = true;

[202] Fix | Delete

break;

[203] Fix | Delete

}

[204] Fix | Delete

}

[205] Fix | Delete

}

[206] Fix | Delete

[207] Fix | Delete

// If we're supposed to save this field...

[208] Fix | Delete

if( $save_field ) {

[209] Fix | Delete

// Do so.

[210] Fix | Delete

$sub->update_field_value( $field[ 'id' ], $field[ 'value' ] );

[211] Fix | Delete

} // Otherwise...

[212] Fix | Delete

else {

[213] Fix | Delete

// If this field is not a list...

[214] Fix | Delete

// AND If this field is not a checkbox...

[215] Fix | Delete

// AND If this field is not a product...

[216] Fix | Delete

// AND If this field is not a termslist...

[217] Fix | Delete

if ( false == strpos( $field[ 'type' ], 'list' ) &&

[218] Fix | Delete

false == strpos( $field[ 'type' ], 'checkbox' ) &&

[219] Fix | Delete

'products' !== $field[ 'type' ] &&

[220] Fix | Delete

'terms' !== $field[ 'type' ] ) {

[221] Fix | Delete

// Anonymize it.

[222] Fix | Delete

$sub->update_field_value( $field[ 'id' ], '(redacted)' );

[223] Fix | Delete

}

[224] Fix | Delete

}

[225] Fix | Delete

}

[226] Fix | Delete

[227] Fix | Delete

// If we have extra data...

[228] Fix | Delete

if( isset( $data[ 'extra' ] ) ) {

[229] Fix | Delete

[230] Fix | Delete

$data['extra']=$this->validateExtraData($data['extra'], $form_id);

[231] Fix | Delete

[232] Fix | Delete

// Save that.

[233] Fix | Delete

$sub->update_extra_values( $data[ 'extra' ] );

[234] Fix | Delete

}

[235] Fix | Delete

[236] Fix | Delete

do_action( 'nf_before_save_sub', $sub->get_id() );

[237] Fix | Delete

[238] Fix | Delete

$sub->save();

[239] Fix | Delete

[240] Fix | Delete

do_action( 'nf_save_sub', $sub->get_id() );

[241] Fix | Delete

do_action( 'nf_create_sub', $sub->get_id() );

[242] Fix | Delete

do_action( 'ninja_forms_save_sub', $sub->get_id() );

[243] Fix | Delete

[244] Fix | Delete

$data[ 'actions' ][ 'save' ][ 'sub_id' ] = $sub->get_id();

[245] Fix | Delete

[246] Fix | Delete

return $data;

[247] Fix | Delete

}

[248] Fix | Delete

[249] Fix | Delete

/**

[250] Fix | Delete

* Ensure extra data is valid

[251] Fix | Delete

[252] Fix | Delete

* 1. Ensure that extra data is array

[253] Fix | Delete

* 2. Check that count of extra data is within allowed limit

[254] Fix | Delete

* 3. If count exceeds limit, consolidate data into single value

[255] Fix | Delete

[256] Fix | Delete

* The purpose of 'extraDataOverflowOnSave' is to attempt to store the data submitted in the case that the data truly is valid, but an add-on is storing too many values as individually keyed. It has the added benefit of providing insight on the nature of an attack should that be the case instead of an errant add-on.

[257] Fix | Delete

[258] Fix | Delete

* @param array $dataExtra

[259] Fix | Delete

* @param int $form_id

[260] Fix | Delete

* @return array

[261] Fix | Delete

[262] Fix | Delete

protected function validateExtraData( $dataExtra, $form_id): array

[263] Fix | Delete

{

[264] Fix | Delete

return $dataExtra;

[265] Fix | Delete

$return = [];

[266] Fix | Delete

[267] Fix | Delete

if(!is_array($dataExtra)){

[268] Fix | Delete

return $return;

[269] Fix | Delete

}

[270] Fix | Delete

[271] Fix | Delete

$maxCount = apply_filters('ninja_forms_max_extra_data_count',200,$form_id);

[272] Fix | Delete

[273] Fix | Delete

if($maxCount<count($dataExtra)){

[274] Fix | Delete

[275] Fix | Delete

$return['extraDataOverflowOnSave']=json_encode($dataExtra);

[276] Fix | Delete

}

[277] Fix | Delete

[278] Fix | Delete

return $return;

[279] Fix | Delete

[280] Fix | Delete

}

[281] Fix | Delete

}

[282] Fix | Delete

[283] Fix | Delete