<?php

[0] Fix | Delete

namespace sgpb;

[1] Fix | Delete

use \SGPBConfigDataHelper;

[2] Fix | Delete

[3] Fix | Delete

class Ajax

[4] Fix | Delete

{

[5] Fix | Delete

private $postData;

[6] Fix | Delete

[7] Fix | Delete

public function __construct()

[8] Fix | Delete

{

[9] Fix | Delete

$this->actions();

[10] Fix | Delete

}

[11] Fix | Delete

[12] Fix | Delete

public function setPostData($postData)

[13] Fix | Delete

{

[14] Fix | Delete

$this->postData = $postData;

[15] Fix | Delete

}

[16] Fix | Delete

[17] Fix | Delete

public function getPostData()

[18] Fix | Delete

{

[19] Fix | Delete

return $this->postData;

[20] Fix | Delete

}

[21] Fix | Delete

[22] Fix | Delete

/**

[23] Fix | Delete

* Return ajax param form post data by key

[24] Fix | Delete

*

[25] Fix | Delete

* @since 1.0.0

[26] Fix | Delete

*

[27] Fix | Delete

* @param string $key

[28] Fix | Delete

*

[29] Fix | Delete

* @return string $value

[30] Fix | Delete

*/

[31] Fix | Delete

public function getValueFromPost($key)

[32] Fix | Delete

{

[33] Fix | Delete

$postData = $this->getPostData();

[34] Fix | Delete

$value = '';

[35] Fix | Delete

[36] Fix | Delete

if(!empty($postData[$key])) {

[37] Fix | Delete

$value = $postData[$key];

[38] Fix | Delete

}

[39] Fix | Delete

[40] Fix | Delete

return $value;

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

public function actions()

[44] Fix | Delete

{

[45] Fix | Delete

add_action('wp_ajax_sgpb_send_to_open_counter', array($this, 'addToCounter'));

[46] Fix | Delete

add_action('wp_ajax_nopriv_sgpb_send_to_open_counter', array($this, 'addToCounter'));

[47] Fix | Delete

[48] Fix | Delete

add_action('wp_ajax_sgpb_process_after_submission', array($this, 'sgpbSubsciptionFormSubmittedAction'));

[49] Fix | Delete

add_action('wp_ajax_nopriv_sgpb_process_after_submission', array($this, 'sgpbSubsciptionFormSubmittedAction'));

[50] Fix | Delete

[51] Fix | Delete

add_action('wp_ajax_sgpb_subscription_submission', array($this, 'subscriptionSubmission'));

[52] Fix | Delete

add_action('wp_ajax_nopriv_sgpb_subscription_submission', array($this, 'subscriptionSubmission'));

[53] Fix | Delete

[54] Fix | Delete

$allowToAction = AdminHelper::userCanAccessTo();

[55] Fix | Delete

[56] Fix | Delete

if($allowToAction) {

[57] Fix | Delete

add_action('wp_ajax_add_condition_group_row', array($this, 'addConditionGroupRow'));

[58] Fix | Delete

add_action('wp_ajax_add_condition_rule_row', array($this, 'addConditionRuleRow'));

[59] Fix | Delete

add_action('wp_ajax_change_condition_rule_row', array($this, 'changeConditionRuleRow'));

[60] Fix | Delete

add_action('wp_ajax_select2_search_data', array($this, 'select2SearchData'));

[61] Fix | Delete

add_action('wp_ajax_change_popup_status', array($this, 'changePopupStatus'));

[62] Fix | Delete

// proStartGold

[63] Fix | Delete

add_action('wp_ajax_check_same_origin', array($this, 'checkSameOrigin'));

[64] Fix | Delete

// proEndGold

[65] Fix | Delete

add_action('wp_ajax_sgpb_subscribers_delete', array($this, 'deleteSubscribers'));

[66] Fix | Delete

add_action('wp_ajax_sgpb_add_subscribers', array($this, 'addSubscribers'));

[67] Fix | Delete

add_action('wp_ajax_sgpb_import_subscribers', array($this, 'importSubscribers'));

[68] Fix | Delete

add_action('wp_ajax_sgpb_import_settings', array($this, 'importSettings'));

[69] Fix | Delete

add_action('wp_ajax_sgpb_save_imported_subscribers', array($this, 'saveImportedSubscribers'));

[70] Fix | Delete

add_action('wp_ajax_sgpb_send_newsletter', array($this, 'sendNewsletter'));

[71] Fix | Delete

add_action('wp_ajax_sgpb_change_review_popup_show_period', array($this, 'changeReviewPopupPeriod'));

[72] Fix | Delete

add_action('wp_ajax_sgpb_dont_show_review_popup', array($this, 'dontShowReviewPopup'));

[73] Fix | Delete

add_action('wp_ajax_sgpb_close_banner', array($this, 'closeMainRateUsBanner'));

[74] Fix | Delete

add_action('wp_ajax_sgpb_close_license_notice', array($this, 'closeLicenseNoticeBanner'));

[75] Fix | Delete

add_action('wp_ajax_sgpb_hide_ask_review_popup', array($this, 'dontShowAskReviewBanner'));

[76] Fix | Delete

add_action('wp_ajax_sgpb_reset_popup_opening_count', array($this, 'resetPopupOpeningCount'));

[77] Fix | Delete

/*Extension notification panel*/

[78] Fix | Delete

add_action('wp_ajax_sgpb_dont_show_extension_panel', array($this, 'extensionNotificationPanel'));

[79] Fix | Delete

add_action('wp_ajax_sgpb_dont_show_problem_alert', array($this, 'dontShowProblemAlert'));

[80] Fix | Delete

// autosave

[81] Fix | Delete

add_action('wp_ajax_sgpb_autosave', array($this, 'sgpbAutosave'));

[82] Fix | Delete

}

[83] Fix | Delete

}

[84] Fix | Delete

[85] Fix | Delete

public function sgpbAutosave()

[86] Fix | Delete

{

[87] Fix | Delete

$allowToAction = AdminHelper::userCanAccessTo();

[88] Fix | Delete

if(!$allowToAction) {

[89] Fix | Delete

wp_die('');

[90] Fix | Delete

}

[91] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[92] Fix | Delete

/**

[93] Fix | Delete

* We only allow administrator to do this action

[94] Fix | Delete

*/

[95] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[96] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[97] Fix | Delete

}

[98] Fix | Delete

if (!isset($_POST['post_ID'])){

[99] Fix | Delete

wp_die(0);

[100] Fix | Delete

}

[101] Fix | Delete

$popupId = (int)sanitize_text_field($_POST['post_ID']);

[102] Fix | Delete

$postStatus = get_post_status($popupId);

[103] Fix | Delete

if($postStatus == 'publish') {

[104] Fix | Delete

wp_die('');

[105] Fix | Delete

}

[106] Fix | Delete

[107] Fix | Delete

if(!isset($_POST['allPopupData'])) {

[108] Fix | Delete

wp_die(true);

[109] Fix | Delete

}

[110] Fix | Delete

// we will use array_walk_recursive method for sanitizing current data because we can receive an multidimensional array!

[111] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[112] Fix | Delete

$allPopupData = $_POST['allPopupData']; //

[113] Fix | Delete

array_walk_recursive($allPopupData, function(&$item){

[114] Fix | Delete

$item = sanitize_text_field($item);

[115] Fix | Delete

});

[116] Fix | Delete

[117] Fix | Delete

$popupData = SGPopup::parsePopupDataFromData($allPopupData);

[118] Fix | Delete

do_action('save_post_popupbuilder');

[119] Fix | Delete

[120] Fix | Delete

$popupType = $popupData['sgpb-type'];

[121] Fix | Delete

$popupClassName = SGPopup::getPopupClassNameFormType($popupType);

[122] Fix | Delete

$popupClassPath = SGPopup::getPopupTypeClassPath($popupType);

[123] Fix | Delete

[124] Fix | Delete

if(file_exists($popupClassPath.$popupClassName.'.php')) {

[125] Fix | Delete

require_once($popupClassPath.$popupClassName.'.php');

[126] Fix | Delete

$popupClassName = __NAMESPACE__.'\\'.$popupClassName;

[127] Fix | Delete

$popupClassName::create($popupData, '_preview', 1);

[128] Fix | Delete

}

[129] Fix | Delete

[130] Fix | Delete

wp_die();

[131] Fix | Delete

}

[132] Fix | Delete

[133] Fix | Delete

public function dontShowReviewPopup()

[134] Fix | Delete

{

[135] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[136] Fix | Delete

/**

[137] Fix | Delete

* We only allow administrator to do this action

[138] Fix | Delete

*/

[139] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[140] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[141] Fix | Delete

}

[142] Fix | Delete

update_option('SGPBCloseReviewPopup-notification', true);

[143] Fix | Delete

do_action('sgpbGetNotifications');

[144] Fix | Delete

wp_die();

[145] Fix | Delete

}

[146] Fix | Delete

[147] Fix | Delete

public function changeReviewPopupPeriod()

[148] Fix | Delete

{

[149] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[150] Fix | Delete

/**

[151] Fix | Delete

* We only allow administrator to do this action

[152] Fix | Delete

*/

[153] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[154] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[155] Fix | Delete

}

[156] Fix | Delete

$messageType = isset($_POST['messageType']) ? sanitize_text_field($_POST['messageType']) : '';

[157] Fix | Delete

[158] Fix | Delete

if($messageType == 'count') {

[159] Fix | Delete

$maxPopupCount = get_option('SGPBMaxOpenCount');

[160] Fix | Delete

if(!$maxPopupCount) {

[161] Fix | Delete

$maxPopupCount = SGPB_ASK_REVIEW_POPUP_COUNT;

[162] Fix | Delete

}

[163] Fix | Delete

$maxPopupData = AdminHelper::getMaxOpenPopupId();

[164] Fix | Delete

if(!empty($maxPopupData['maxCount'])) {

[165] Fix | Delete

$maxPopupCount = $maxPopupData['maxCount'];

[166] Fix | Delete

}

[167] Fix | Delete

[168] Fix | Delete

$maxPopupCount += SGPB_ASK_REVIEW_POPUP_COUNT;

[169] Fix | Delete

update_option('SGPBMaxOpenCount', $maxPopupCount);

[170] Fix | Delete

wp_die();

[171] Fix | Delete

}

[172] Fix | Delete

[173] Fix | Delete

$popupTimeZone = get_option('timezone_string');

[174] Fix | Delete

if(!$popupTimeZone) {

[175] Fix | Delete

$popupTimeZone = SG_POPUP_DEFAULT_TIME_ZONE;

[176] Fix | Delete

}

[177] Fix | Delete

$timeDate = new \DateTime('now', new \DateTimeZone($popupTimeZone));

[178] Fix | Delete

$timeDate->modify('+'.SGPB_REVIEW_POPUP_PERIOD.' day');

[179] Fix | Delete

[180] Fix | Delete

$timeNow = strtotime($timeDate->format('Y-m-d H:i:s'));

[181] Fix | Delete

update_option('SGPBOpenNextTime', $timeNow);

[182] Fix | Delete

$usageDays = get_option('SGPBUsageDays');

[183] Fix | Delete

$usageDays += SGPB_REVIEW_POPUP_PERIOD;

[184] Fix | Delete

update_option('SGPBUsageDays', $usageDays);

[185] Fix | Delete

wp_die();

[186] Fix | Delete

}

[187] Fix | Delete

[188] Fix | Delete

public function resetPopupOpeningCount()

[189] Fix | Delete

{

[190] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[191] Fix | Delete

/**

[192] Fix | Delete

* We only allow administrator to do this action

[193] Fix | Delete

*/

[194] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[195] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[196] Fix | Delete

}

[197] Fix | Delete

if (!isset($_POST['popupId'])){

[198] Fix | Delete

wp_die(0);

[199] Fix | Delete

}

[200] Fix | Delete

global $wpdb;

[201] Fix | Delete

[202] Fix | Delete

$tableName = $wpdb->prefix.'sgpb_analytics';

[203] Fix | Delete

$popupId = (int)sanitize_text_field($_POST['popupId']);

[204] Fix | Delete

$allPopupsCount = get_option('SgpbCounter');

[205] Fix | Delete

if($wpdb->get_var("SHOW TABLES LIKE '$tableName'") == $tableName) {

[206] Fix | Delete

SGPopup::deleteAnalyticsDataByPopupId($popupId);

[207] Fix | Delete

}

[208] Fix | Delete

if(empty($allPopupsCount)) {

[209] Fix | Delete

// TODO ASAP remove echo use only wp_die

[210] Fix | Delete

echo esc_html(SGPB_AJAX_STATUS_FALSE);

[211] Fix | Delete

wp_die();

[212] Fix | Delete

}

[213] Fix | Delete

if(isset($allPopupsCount[$popupId])) {

[214] Fix | Delete

$allPopupsCount[$popupId] = 0;

[215] Fix | Delete

}

[216] Fix | Delete

[217] Fix | Delete

$popupAnalyticsData = $wpdb->get_var( $wpdb->prepare(' DELETE FROM '.$wpdb->prefix.'sgpb_analytics WHERE target_id = %d AND event_id NOT IN (7, 12, 13)', $popupId));

[218] Fix | Delete

[219] Fix | Delete

update_option('SgpbCounter', $allPopupsCount);

[220] Fix | Delete

[221] Fix | Delete

}

[222] Fix | Delete

[223] Fix | Delete

public function dontShowAskReviewBanner()

[224] Fix | Delete

{

[225] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[226] Fix | Delete

/**

[227] Fix | Delete

* We only allow administrator to do this action

[228] Fix | Delete

*/

[229] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[230] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[231] Fix | Delete

}

[232] Fix | Delete

update_option('sgpbDontShowAskReviewBanner', 1);

[233] Fix | Delete

echo esc_html(SGPB_AJAX_STATUS_TRUE);

[234] Fix | Delete

wp_die();

[235] Fix | Delete

}

[236] Fix | Delete

[237] Fix | Delete

public function dontShowProblemAlert()

[238] Fix | Delete

{

[239] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[240] Fix | Delete

/**

[241] Fix | Delete

* We only allow administrator to do this action

[242] Fix | Delete

*/

[243] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[244] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[245] Fix | Delete

}

[246] Fix | Delete

update_option('sgpb_alert_problems', 1);

[247] Fix | Delete

echo esc_html(SGPB_AJAX_STATUS_TRUE);

[248] Fix | Delete

wp_die();

[249] Fix | Delete

}

[250] Fix | Delete

[251] Fix | Delete

public function extensionNotificationPanel()

[252] Fix | Delete

{

[253] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[254] Fix | Delete

/**

[255] Fix | Delete

* We only allow administrator to do this action

[256] Fix | Delete

*/

[257] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[258] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[259] Fix | Delete

}

[260] Fix | Delete

update_option('sgpb_extensions_updated', 1);

[261] Fix | Delete

echo esc_html(SGPB_AJAX_STATUS_TRUE);

[262] Fix | Delete

wp_die();

[263] Fix | Delete

}

[264] Fix | Delete

[265] Fix | Delete

public function closeMainRateUsBanner()

[266] Fix | Delete

{

[267] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[268] Fix | Delete

/**

[269] Fix | Delete

* We only allow administrator to do this action

[270] Fix | Delete

*/

[271] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[272] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[273] Fix | Delete

}

[274] Fix | Delete

update_option('sgpb-hide-support-banner', 1);

[275] Fix | Delete

do_action('sgpbGetNotifications');

[276] Fix | Delete

wp_die();

[277] Fix | Delete

}

[278] Fix | Delete

[279] Fix | Delete

public function closeLicenseNoticeBanner()

[280] Fix | Delete

{

[281] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[282] Fix | Delete

/**

[283] Fix | Delete

* We only allow administrator to do this action

[284] Fix | Delete

*/

[285] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[286] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[287] Fix | Delete

}

[288] Fix | Delete

update_option('sgpb-hide-license-notice-banner', 1);

[289] Fix | Delete

wp_die();

[290] Fix | Delete

}

[291] Fix | Delete

[292] Fix | Delete

public function addToCounter()

[293] Fix | Delete

{

[294] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[295] Fix | Delete

[296] Fix | Delete

if(isset($_GET['sg_popup_preview_id']) && !isset($_POST['params'])) {

[297] Fix | Delete

wp_die(0);

[298] Fix | Delete

}

[299] Fix | Delete

// we will use array_walk_recursive method for sanitizing current data because we can receive an multidimensional array!

[300] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[301] Fix | Delete

$popupParams = $_POST['params'];

[302] Fix | Delete

/* Sanitizing multidimensional array */

[303] Fix | Delete

array_walk_recursive($popupParams, function(&$item){

[304] Fix | Delete

$item = sanitize_text_field($item);

[305] Fix | Delete

});

[306] Fix | Delete

[307] Fix | Delete

$popupsIdCollection = is_array($popupParams['popupsIdCollection']) ? $popupParams['popupsIdCollection'] : array();

[308] Fix | Delete

$popupsCounterData = get_option('SgpbCounter');

[309] Fix | Delete

[310] Fix | Delete

if($popupsCounterData === false) {

[311] Fix | Delete

$popupsCounterData = array();

[312] Fix | Delete

}

[313] Fix | Delete

[314] Fix | Delete

foreach($popupsIdCollection as $popupId => $popupCount) {

[315] Fix | Delete

if(empty($popupsCounterData[$popupId])) {

[316] Fix | Delete

$popupsCounterData[$popupId] = 0;

[317] Fix | Delete

}

[318] Fix | Delete

$popupsCounterData[$popupId] += $popupCount;

[319] Fix | Delete

}

[320] Fix | Delete

[321] Fix | Delete

update_option('SgpbCounter', $popupsCounterData);

[322] Fix | Delete

wp_die(1);

[323] Fix | Delete

}

[324] Fix | Delete

[325] Fix | Delete

public function deleteSubscribers()

[326] Fix | Delete

{

[327] Fix | Delete

global $wpdb;

[328] Fix | Delete

[329] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[330] Fix | Delete

/**

[331] Fix | Delete

* We only allow administrator to do this action

[332] Fix | Delete

*/

[333] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[334] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[335] Fix | Delete

}

[336] Fix | Delete

if (empty($_POST['subscribersId'])){

[337] Fix | Delete

wp_die();

[338] Fix | Delete

}

[339] Fix | Delete

$subscribersId = array_map('sanitize_text_field', $_POST['subscribersId']);

[340] Fix | Delete

[341] Fix | Delete

foreach($subscribersId as $subscriberId) {

[342] Fix | Delete

$table_sgpb_subscribers = $wpdb->prefix.SGPB_SUBSCRIBERS_TABLE_NAME;

[343] Fix | Delete

$wpdb->query( $wpdb->prepare("DELETE FROM $table_sgpb_subscribers WHERE id = %d", $subscriberId) );

[344] Fix | Delete

}

[345] Fix | Delete

}

[346] Fix | Delete

[347] Fix | Delete

public function addSubscribers()

[348] Fix | Delete

{

[349] Fix | Delete

global $wpdb;

[350] Fix | Delete

[351] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[352] Fix | Delete

/**

[353] Fix | Delete

* We only allow administrator to do this action

[354] Fix | Delete

*/

[355] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[356] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[357] Fix | Delete

}

[358] Fix | Delete

$status = SGPB_AJAX_STATUS_FALSE;

[359] Fix | Delete

$firstName = isset($_POST['firstName']) ? sanitize_text_field($_POST['firstName']) : '';

[360] Fix | Delete

$lastName = isset($_POST['lastName']) ? sanitize_text_field($_POST['lastName']) : '';

[361] Fix | Delete

$email = isset($_POST['email']) ? sanitize_text_field($_POST['email']) : '';

[362] Fix | Delete

$date = gmdate('Y-m-d');

[363] Fix | Delete

[364] Fix | Delete

// we will use array_walk_recursive method for sanitizing current data because we can receive an multidimensional array!

[365] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[366] Fix | Delete

$subscriptionPopupsId = !empty($_POST['popups']) ? $_POST['popups'] : [];

[367] Fix | Delete

array_walk_recursive($subscriptionPopupsId, function(&$item){

[368] Fix | Delete

$item = sanitize_text_field($item);

[369] Fix | Delete

});

[370] Fix | Delete

$table_sgpb_subscribers = $wpdb->prefix.SGPB_SUBSCRIBERS_TABLE_NAME;

[371] Fix | Delete

foreach($subscriptionPopupsId as $subscriptionPopupId) {

[372] Fix | Delete

[373] Fix | Delete

$res = $wpdb->get_row( $wpdb->prepare("SELECT id FROM $table_sgpb_subscribers WHERE email = %s AND subscriptionType = %d", $email, $subscriptionPopupId), ARRAY_A);

[374] Fix | Delete

// add new subscriber

[375] Fix | Delete

if(empty($res)) {

[376] Fix | Delete

$res = $wpdb->query( $wpdb->prepare("INSERT INTO $table_sgpb_subscribers (firstName, lastName, email, cDate, subscriptionType) VALUES (%s, %s, %s, %s, %d) ", $firstName, $lastName, $email, $date, $subscriptionPopupId) );

[377] Fix | Delete

} // edit existing

[378] Fix | Delete

else {

[379] Fix | Delete

$wpdb->query( $wpdb->prepare("UPDATE $table_sgpb_subscribers SET firstName = %s, lastName = %s, email = %s, cDate = %s, subscriptionType = %d, unsubscribered = 0 WHERE id = %d", $firstName, $lastName, $email, $date, $subscriptionPopupId, $res['id']) );

[380] Fix | Delete

$res = 1;

[381] Fix | Delete

}

[382] Fix | Delete

[383] Fix | Delete

if($res) {

[384] Fix | Delete

$status = SGPB_AJAX_STATUS_TRUE;

[385] Fix | Delete

}

[386] Fix | Delete

}

[387] Fix | Delete

[388] Fix | Delete

echo esc_html($status);

[389] Fix | Delete

wp_die();

[390] Fix | Delete

}

[391] Fix | Delete

[392] Fix | Delete

public function importSubscribers()

[393] Fix | Delete

{

[394] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[395] Fix | Delete

/**

[396] Fix | Delete

* We only allow administrator to do this action

[397] Fix | Delete

*/

[398] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[399] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[400] Fix | Delete

}

[401] Fix | Delete

$formId = isset($_POST['popupSubscriptionList']) ? (int)sanitize_text_field($_POST['popupSubscriptionList']) : '';

[402] Fix | Delete

$fileURL = isset($_POST['importListURL']) ? sanitize_text_field($_POST['importListURL']) : '';

[403] Fix | Delete

ob_start();

[404] Fix | Delete

require_once SG_POPUP_VIEWS_PATH.'importConfigView.php';

[405] Fix | Delete

$content = ob_get_contents();

[406] Fix | Delete

ob_end_clean();

[407] Fix | Delete

[408] Fix | Delete

echo wp_kses($content, AdminHelper::allowed_html_tags());

[409] Fix | Delete

wp_die();

[410] Fix | Delete

}

[411] Fix | Delete

[412] Fix | Delete

public function importSettings()

[413] Fix | Delete

{

[414] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[415] Fix | Delete

/**

[416] Fix | Delete

* We only allow administrator to do this action

[417] Fix | Delete

*/

[418] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[419] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[420] Fix | Delete

}

[421] Fix | Delete

ob_start();

[422] Fix | Delete

require_once SG_POPUP_VIEWS_PATH.'importPopupsView.php';

[423] Fix | Delete

$content = ob_get_contents();

[424] Fix | Delete

ob_end_clean();

[425] Fix | Delete

[426] Fix | Delete

echo wp_kses($content, AdminHelper::allowed_html_tags());

[427] Fix | Delete

wp_die();

[428] Fix | Delete

}

[429] Fix | Delete

[430] Fix | Delete

public function saveImportedSubscribers()

[431] Fix | Delete

{

[432] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[433] Fix | Delete

/**

[434] Fix | Delete

* We only allow administrator to do this action

[435] Fix | Delete

*/

[436] Fix | Delete

if ( ! current_user_can( 'manage_options' ) ) {

[437] Fix | Delete

wp_die(esc_html__('You do not have permission to do this action!', 'popup-builder'));

[438] Fix | Delete

}

[439] Fix | Delete

@ini_set('auto_detect_line_endings', '1');

[440] Fix | Delete

$formId = isset($_POST['popupSubscriptionList']) ? (int)sanitize_text_field($_POST['popupSubscriptionList']) : '';

[441] Fix | Delete

$fileURL = isset($_POST['importListURL']) ? sanitize_text_field($_POST['importListURL']) : '';

[442] Fix | Delete

// we will use array_walk_recursive method for sanitizing current data because we can receive an multidimensional array!

[443] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[444] Fix | Delete

$mapping = !empty($_POST['namesMapping']) ? $_POST['namesMapping'] : [];

[445] Fix | Delete

array_walk_recursive($mapping, function(&$item){

[446] Fix | Delete

$item = sanitize_text_field($item);

[447] Fix | Delete

});

[448] Fix | Delete

[449] Fix | Delete

$fileContent = AdminHelper::getFileFromURL($fileURL);

[450] Fix | Delete

$csvFileArray = array_map('str_getcsv', file($fileURL));

[451] Fix | Delete

[452] Fix | Delete

$header = $csvFileArray[0];

[453] Fix | Delete

unset($csvFileArray[0]);

[454] Fix | Delete

$subscriptionPlusContent = apply_filters('sgpbImportToSubscriptionList', $csvFileArray, $mapping, $formId);

[455] Fix | Delete

[456] Fix | Delete

// -1 it's mean saved from Subscription Plus

[457] Fix | Delete

if($subscriptionPlusContent != -1) {

[458] Fix | Delete

global $wpdb;

[459] Fix | Delete

$subscribersTableName = $wpdb->prefix.SGPB_SUBSCRIBERS_TABLE_NAME;

[460] Fix | Delete

foreach($csvFileArray as $csvData) {

[461] Fix | Delete

$result_check = $wpdb->query( $wpdb->prepare("SELECT submittedData FROM $subscribersTableName") );

[462] Fix | Delete

if(!empty($mapping['date'])) {

[463] Fix | Delete

$date = $csvData[$mapping['date']];

[464] Fix | Delete

$date = gmdate('Y-m-d', strtotime($date));

[465] Fix | Delete

}

[466] Fix | Delete

if(!$result_check) {

[467] Fix | Delete

$wpdb->query( $wpdb->prepare("INSERT INTO $subscribersTableName (firstName, lastName, email, cDate, subscriptionType, status, unsubscribed) VALUES (%s, %s, %s, %s, %d, %d, %d) ", $csvData[$mapping['firstName']], $csvData[$mapping['lastName']], $csvData[$mapping['email']], $date, $formId, 0, 0) );

[468] Fix | Delete

} else {

[469] Fix | Delete

$wpdb->query( $wpdb->prepare("INSERT INTO $subscribersTableName (firstName, lastName, email, cDate, subscriptionType, status, unsubscribed, submittedData) VALUES (%s, %s, %s, %s, %d, %d, %d, %s) ", $csvData[$mapping['firstName']], $csvData[$mapping['lastName']], $csvData[$mapping['email']], $csvData[$mapping['date']], $formId, 0, 0, '') );

[470] Fix | Delete

}

[471] Fix | Delete

}

[472] Fix | Delete

}

[473] Fix | Delete

//Fix the vulnerable to Sensitive Information Exposure

[474] Fix | Delete

// Get the attachment ID from the URL.

[475] Fix | Delete

$csv_attachment_id = attachment_url_to_postid( $fileURL );

[476] Fix | Delete

// Check if an attachment ID was found.

[477] Fix | Delete

if ($csv_attachment_id) {

[478] Fix | Delete

// Check if the attachment exists.

[479] Fix | Delete

if (get_post_type($csv_attachment_id) === 'attachment') {

[480] Fix | Delete

// Delete the attachment and the file.

[481] Fix | Delete

wp_delete_attachment($csv_attachment_id, true);

[482] Fix | Delete

}

[483] Fix | Delete

}

[484] Fix | Delete

echo esc_html(SGPB_AJAX_STATUS_TRUE);

[485] Fix | Delete

wp_die();

[486] Fix | Delete

}

[487] Fix | Delete

[488] Fix | Delete

public function sendNewsletter()

[489] Fix | Delete

{

[490] Fix | Delete

$allowToAction = AdminHelper::userCanAccessTo();

[491] Fix | Delete

if(!$allowToAction) {

[492] Fix | Delete

wp_redirect(get_home_url());

[493] Fix | Delete

exit();

[494] Fix | Delete

}

[495] Fix | Delete

check_ajax_referer(SG_AJAX_NONCE, 'nonce');

[496] Fix | Delete

/**

[497] Fix | Delete

* We only allow administrator to do this action

[498] Fix | Delete

*/

[499] Fix | Delete