- Timestamp:
- 01/04/2024 07:47:40 PM (16 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
eventon-lite/trunk/includes/admin/class-admin-ajax.php
r2978856 r3017578 2 2 /** 3 3 * Function ajax for backend 4 * @version L 2.24 * @version L2.2.8 5 5 */ 6 6 class EVO_admin_ajax{ … … 11 11 'import_settings' =>'import_settings', 12 12 13 'eventpost_update_meta' =>'evo_eventpost_update_meta',14 13 'rel_event_list' =>'rel_event_list', 15 14 'get_latlng' =>'get_latlng', … … 35 34 // virtual events 36 35 public function config_virtual_event(){ 36 37 // validate if user has permission 38 if( !current_user_can('edit_eventons') ){ 39 wp_send_json(array( 40 'status'=>'bad','msg'=> __('You do not have proper permission to access this','eventon') 41 )); 42 wp_die(); 43 } 44 37 45 $post_data = $this->helper->sanitize_array( $_POST); 38 46 39 $EVENT = new EVO_Event( $post_data['eid'] );47 $EVENT = new EVO_Event( (int) $post_data['eid'] ); 40 48 41 49 ob_start(); … … 43 51 include_once('views/virtual_event_settings.php'); 44 52 45 echo json_encode(array(53 wp_send_json(array( 46 54 'status'=>'good','content'=> ob_get_clean() 47 ));exit; 55 )); 56 wp_die(); 48 57 } 49 58 public function select_virtual_moderator(){ … … 51 60 ob_start(); 52 61 53 $eid = sanitize_text_field( $_POST['eid'] );62 $eid = (int) $_POST['eid']; 54 63 55 64 $EVENT = new EVO_Event( $eid); … … 63 72 <form class='evo_vir_select_mod'> 64 73 <input type="hidden" name="action" value='eventon_save_virtual_mod_settings'> 65 <input type="hidden" name="eid" value='<?php echo $eid;?>'> 74 <input type="hidden" name="eid" value='<?php echo esc_attr( $eid );?>'> 75 76 <?php wp_nonce_field( 'evo_save_virtual_mod_settings', 'evo_noncename' );?> 66 77 67 78 <p class='row'> … … 90 101 </select> 91 102 </p> 92 <p class='evo_save_changes' ><span class='evo_btn save_virtual_event_mod_config ' data-eid='<?php echo $eid;?>' style='margin-right: 10px'><?php _e('Save Changes','eventon');?></span></p>103 <p class='evo_save_changes' ><span class='evo_btn save_virtual_event_mod_config ' data-eid='<?php echo esc_attr( $eid );?>' style='margin-right: 10px'><?php _e('Save Changes','eventon');?></span></p> 93 104 </form> 94 105 </div> … … 96 107 <?php 97 108 98 echo json_encode(array(109 wp_send_json(array( 99 110 'status'=>'good','content'=> ob_get_clean() 100 )); exit;111 ));wp_die(); 101 112 } 102 113 public function get_virtual_users_select_options($role_slug, $set_user_id=''){ … … 118 129 public function get_virtual_users(){ 119 130 131 // validate if user has permission 132 if( !current_user_can('edit_eventons') ){ 133 wp_send_json(array( 134 'status'=>'bad','msg'=> __('You do not have proper permission to access this','eventon') 135 )); 136 wp_die(); 137 } 138 120 139 $user_role = sanitize_text_field( $_POST['_user_role']); 121 140 122 echo json_encode(array(141 wp_send_json(array( 123 142 'status'=>'good', 124 143 'content'=> empty($user_role) ? 125 144 "<option value=''>--</option>" : 126 145 $this->get_virtual_users_select_options($user_role) 127 )); exit;146 )); wp_die(); 128 147 129 148 130 149 } 131 150 public function save_virtual_event_settings(){ 151 // validate if user has permission 152 if( current_user_can('edit_eventons') ){ 153 wp_send_json(array( 154 'status'=>'bad','msg'=> __('You do not have proper permission to access this','eventon') 155 )); 156 wp_die(); 157 } 158 159 // nonce validation 160 if( isset($_POST['evo_noncename']) && !wp_verify_nonce( $_POST['evo_noncename'], 'evo_save_virtual_event_settings' ) ){ 161 wp_send_json(array( 162 'status'=>'bad','msg'=> __('Nonce validation failed','eventon') 163 )); wp_die(); 164 } 165 132 166 $post_data = $this->helper->sanitize_array( $_POST); 133 167 … … 143 177 } 144 178 145 echo json_encode(array(179 wp_send_json(array( 146 180 'status'=>'good','msg'=> __('Virtual Event Data Saved Successfully','eventon') 147 )); exit;181 )); wp_die(); 148 182 } 149 183 public function save_virtual_mod_settings(){ 150 $post_data = $this->helper->sanitize_array( $_POST); 184 // validate if user has permission 185 if( !current_user_can('edit_eventons') ){ 186 wp_send_json(array( 187 'status'=>'bad','msg'=> __('You do not have proper permission to access this','eventon') 188 )); 189 wp_die(); 190 } 191 192 // nonce validation 193 if( isset($_POST['evo_noncename']) && !wp_verify_nonce( $_POST['evo_noncename'], 'evo_save_virtual_mod_settings' ) ){ 194 wp_send_json(array( 195 'status'=>'bad','msg'=> __('Nonce validation failed','eventon') 196 )); 197 wp_die(); 198 } 199 200 $post_data = $this->helper->sanitize_array( $_POST); 151 201 152 202 $EVENT = new EVO_Event( $post_data['eid']); … … 155 205 $EVENT->save_meta('_mod', $post_data['_mod']); 156 206 157 echo json_encode(array(207 wp_send_json(array( 158 208 'status'=>'good','msg'=> __('Moderator Data Saved Successfully','eventon') 159 )); exit;209 )); wp_die(); 160 210 161 211 } … … 257 307 258 308 if( !isset($_POST['address'])){ 259 echo json_encode(array(260 'status'=>'bad','m'=> __('Address Missing','eventon'))); exit;309 wp_send_json(array( 310 'status'=>'bad','m'=> __('Address Missing','eventon'))); wp_die(); 261 311 } 262 312 … … 272 322 $response = wp_remote_retrieve_body( $response ); 273 323 if(!$response){ 274 echo json_encode(array(275 'status'=>'bad','m'=> __('Could not connect to google maps api','eventon'))); exit;324 wp_send_json(array( 325 'status'=>'bad','m'=> __('Could not connect to google maps api','eventon'))); wp_die(); 276 326 } 277 327 278 328 $RR = json_decode($response); 279 329 280 echo json_encode(array(330 wp_send_json(array( 281 331 'status'=>'good', 282 332 'lat' => $RR->results[0]->geometry->location->lat, 283 333 'lng' => $RR->results[0]->geometry->location->lng, 284 )); exit; 285 } 286 287 // update event post meta 288 function evo_eventpost_update_meta(){ 289 290 $post_data = $this->helper->recursive_sanitize_array_fields( $_POST); 291 292 if(isset($post_data['eid']) && isset($post_data['values']) ){ 293 294 $post = array(); 295 foreach($post_data['values'] as $key=>$val){ 296 update_post_meta($post_data['eid'], $key, $val); 297 298 do_action('eventon_saved_event_metadata', $post_data['eid'], $key, $val); 299 } 300 echo json_encode(array( 301 'status'=> 'good', 302 'msg'=> __('Successfully saved event meta data!','eventon') 303 )); exit; 304 }else{ 305 echo 'Event ID not available!'; exit; 306 } 334 )); wp_die(); 307 335 } 308 336 309 337 // export eventon settings 310 338 function export_settings(){ 311 // check if admin and loggedin 312 if(!is_admin() && !is_user_logged_in()) die('User not loggedin!'); 339 // validate if user has permission 340 if( !current_user_can('edit_eventons') ){ 341 wp_send_json(array( 342 'status'=>'bad','msg'=> __('You do not have proper permission to access this','eventon') 343 )); wp_die(); 344 } 313 345 314 346 // verify nonce … … 326 358 } 327 359 328 echo json_encode($json); 329 exit; 360 wp_send_json($json); wp_die(); 330 361 } 331 362 // import settings 332 363 function import_settings(){ 333 364 $output = array('status'=>'','msg'=>''); 365 334 366 // verify nonce 335 $output['success'] = wp_create_nonce('eventon_admin_nonce');367 $output['success'] = wp_create_nonce('eventon_admin_nonce'); 336 368 if(!wp_verify_nonce($_POST['nonce'], 'eventon_admin_nonce')) $output['msg'] = __('Security Check Failed!','eventon'); 337 369 … … 352 384 } 353 385 354 echo json_encode($output); 355 exit; 386 wp_send_json($output); wp_die(); 356 387 357 388 }
Note: See TracChangeset
for help on using the changeset viewer.