本文整理汇总了PHP中pods_unslash函数的典型用法代码示例。如果您正苦于以下问题:PHP pods_unslash函数的具体用法?PHP pods_unslash怎么用?PHP pods_unslash使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pods_unslash函数的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: admin_ajax
/**
* Handle admin ajax
*
* @since 2.0
*/
public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$component = $params->component;
$method = $params->method;
if (!isset($component) || !isset($this->components[$component]) || !isset($this->settings['components'][$component])) {
pods_error('Invalid AJAX request', $this);
}
if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-component-' . $component . '-' . $method)) {
pods_error('Unauthorized request', $this);
}
// Cleaning up $params
unset($params->action);
unset($params->component);
unset($params->method);
unset($params->_wpnonce);
$params = (object) apply_filters('pods_component_ajax_' . $component . '_' . $method, $params, $component, $method);
$output = false;
// Component init
if (isset($this->components[$component]['object']) && method_exists($this->components[$component]['object'], 'init')) {
$this->components[$component]['object']->init($this->settings['components'][$component], $component);
}
// Handle internal methods
if (isset($this->components[$component]['object']) && !method_exists($this->components[$component]['object'], 'ajax_' . $method) && method_exists($this, 'admin_ajax_' . $method)) {
$output = call_user_func(array($this, 'admin_ajax_' . $method), $component, $params);
} elseif (!isset($this->components[$component]['object']) || !method_exists($this->components[$component]['object'], 'ajax_' . $method)) {
pods_error('API method does not exist', $this);
} else {
$output = call_user_func(array($this->components[$component]['object'], 'ajax_' . $method), $params);
}
if (!is_bool($output)) {
echo $output;
}
die;
// KBAI!
}示例2: wp_create_nonce
$uri_hash = wp_create_nonce('pods_uri_' . $_SERVER['REQUEST_URI']);
$field_hash = wp_create_nonce('pods_fields_' . implode(',', array_keys($submittable_fields)));
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce = wp_create_nonce('pods_form_' . $pod->pod . '_' . $uid . '_' . ($duplicate ? 0 : $pod->id()) . '_' . $uri_hash . '_' . $field_hash);
if (isset($_POST['_pods_nonce'])) {
$action = __('saved', 'pods');
if ('create' == pods_var_raw('do', 'post', 'save')) {
$action = __('created', 'pods');
} elseif ('duplicate' == pods_var_raw('do', 'get', 'save')) {
$action = __('duplicated', 'pods');
}
try {
$params = pods_unslash((array) $_POST);
$id = $pod->api->process_form($params, $pod, $fields, $thank_you);
$message = sprintf(__('<strong>Success!</strong> %s %s successfully.', 'pods'), $obj->item, $action);
if (0 < strlen(pods_var('detail_url', $pod->pod_data['options']))) {
$message .= ' <a target="_blank" href="' . $pod->field('detail_url') . '">' . sprintf(__('View %s', 'pods'), $obj->item) . '</a>';
}
$error = sprintf(__('<strong>Error:</strong> %s %s successfully.', 'pods'), $obj->item, $action);
if (0 < $id) {
echo $obj->message($message);
} else {
echo $obj->error($error);
}
} catch (Exception $e) {
echo $obj->error($e->getMessage());
}
} elseif (isset($_GET['do'])) {示例3: admin_ajax
/**
* Handle ajax calls for the administration
*/
public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
// Fixup $_POST data
$_POST[str_replace('_podsfix_', '', $key)] = $_POST[$key];
// Fixup $params with unslashed data
$params[str_replace('_podsfix_', '', $key)] = $value;
// Unset the _podsfix_* keys
unset($params[$key]);
}
$params = (object) $params;
$methods = array('add_pod' => array('priv' => true), 'save_pod' => array('priv' => true), 'load_sister_fields' => array('priv' => true), 'process_form' => array('custom_nonce' => true), 'upgrade' => array('priv' => true), 'migrate' => array('priv' => true));
$methods = apply_filters('pods_admin_ajax_methods', $methods, $this);
if (!isset($params->method) || !isset($methods[$params->method])) {
pods_error('Invalid AJAX request', $this);
}
$defaults = array('priv' => null, 'name' => $params->method, 'custom_nonce' => null);
$method = (object) array_merge($defaults, (array) $methods[$params->method]);
if (true !== $method->custom_nonce && (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-' . $params->method))) {
pods_error(__('Unauthorized request', 'pods'), $this);
}
// Cleaning up $params
unset($params->action);
unset($params->method);
if (true !== $method->custom_nonce) {
unset($params->_wpnonce);
}
// Check permissions (convert to array to support multiple)
if (!empty($method->priv) && !pods_is_admin(array('pods')) && true !== $method->priv && !pods_is_admin($method->priv)) {
pods_error(__('Access denied', 'pods'), $this);
}
$params->method = $method->name;
$params = apply_filters('pods_api_' . $method->name, $params, $method);
$api = pods_api();
if ('upgrade' == $method->name) {
$output = (string) pods_upgrade($params->version)->ajax($params);
} elseif ('migrate' == $method->name) {
$output = (string) apply_filters('pods_api_migrate_run', $params);
} else {
if (!method_exists($api, $method->name)) {
pods_error('API method does not exist', $this);
} elseif ('save_pod' == $method->name) {
if (isset($params->field_data_json) && is_array($params->field_data_json)) {
$params->fields = $params->field_data_json;
unset($params->field_data_json);
foreach ($params->fields as $k => $v) {
if (empty($v)) {
unset($params->fields[$k]);
} elseif (!is_array($v)) {
$params->fields[$k] = (array) @json_decode($v, true);
}
}
}
}
// Dynamically call the API method
$params = (array) $params;
$output = call_user_func(array($api, $method->name), $params);
}
// Output in json format
if (false !== $output) {
if (is_array($output) || is_object($output)) {
wp_send_json($output);
} else {
echo $output;
}
} else {
pods_error('There was a problem with your request.');
}
die;
// KBAI!
}示例4: pods_v
/**
* Return a variable (if exists)
*
* @param mixed $var The variable name, can also be a modifier for specific types
* @param string|array|object $type (optional) Super globals, url/url-relative, constants, globals, options, transients, cache, user data, Pod field values, dates
* @param mixed $default (optional) The default value to set if variable doesn't exist
* @param bool $strict (optional) Only allow values (must not be empty)
* @param array $params (optional) Set 'casting'=>true to cast value from $default, 'allowed'=>$allowed to restrict a value to what's allowed
*
* @return mixed The variable (if exists), or default value
* @since 2.3.10
*/
function pods_v($var = null, $type = 'get', $default = null, $strict = false, $params = array())
{
$defaults = array('casting' => false, 'allowed' => null);
$params = (object) array_merge($defaults, (array) $params);
$output = null;
if (null === $type || '' === $type) {
// Invalid $type
} elseif (is_array($type)) {
if (isset($type[$var])) {
$output = $type[$var];
}
} elseif (is_object($type)) {
if (isset($type->{$var})) {
$output = $type->{$var};
}
} else {
$type = strtolower((string) $type);
switch ($type) {
case 'get':
if (isset($_GET[$var])) {
$output = pods_unslash($_GET[$var]);
}
break;
case 'post':
if (isset($_POST[$var])) {
$output = pods_unslash($_POST[$var]);
}
break;
case 'request':
if (isset($_REQUEST[$var])) {
$output = pods_unslash($_REQUEST[$var]);
}
break;
case 'url':
case 'uri':
$url = parse_url(pods_current_url());
$uri = trim($url['path'], '/');
$uri = array_filter(explode('/', $uri));
if ('first' == $var) {
$var = 0;
} elseif ('last' == $var) {
$var = -1;
}
if (is_numeric($var)) {
$output = $var < 0 ? pods_v(count($uri) + $var, $uri) : pods_v($var, $uri);
}
break;
case 'url-relative':
$url_raw = pods_current_url();
$prefix = get_site_url();
if (substr($url_raw, 0, strlen($prefix)) == $prefix) {
$url_raw = substr($url_raw, strlen($prefix) + 1, strlen($url_raw));
}
$url = parse_url($url_raw);
$uri = trim($url['path'], '/');
$uri = array_filter(explode('/', $uri));
if ('first' == $var) {
$var = 0;
} elseif ('last' == $var) {
$var = -1;
}
if (is_numeric($var)) {
$output = $var < 0 ? pods_v(count($uri) + $var, $uri) : pods_v($var, $uri);
}
break;
case 'template-url':
$output = get_template_directory_uri();
break;
case 'stylesheet-url':
$output = get_stylesheet_directory_uri();
break;
case 'site-url':
$blog_id = $scheme = null;
$path = '';
if (is_array($var)) {
if (isset($var[0])) {
$blog_id = $var[0];
} elseif (isset($var[1])) {
$path = $var[1];
} elseif (isset($var[2])) {
$scheme = $var[2];
}
} else {
$blog_id = $var;
}
$output = get_site_url($blog_id, $path, $scheme);
break;
case 'home-url':
//.........这里部分代码省略.........
示例5: admin_ajax_relationship
/**
* Handle autocomplete AJAX
*
* @since 2.3
*/
public function admin_ajax_relationship()
{
pods_session_start();
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_relationship_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$api = pods_api();
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field, 'table_info' => true));
$id = (int) $params->id;
$limit = 15;
if (isset($params->limit)) {
$limit = (int) $params->limit;
}
$page = 1;
if (isset($params->page)) {
$page = (int) $params->page;
}
if (!isset($params->query) || strlen(trim($params->query)) < 1) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
} elseif ('pick' != $field['type'] || empty($field['table_info'])) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('single' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_single', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
} elseif ('multi' == pods_var(self::$type . '_format_type', $field) && 'autocomplete' == pods_var(self::$type . '_format_multi', $field)) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
$object_params = array('name' => $field['name'], 'value' => null, 'options' => array_merge($field, $field['options']), 'pod' => $pod, 'id' => $id, 'context' => 'admin_ajax_relationship', 'data_params' => $params, 'page' => $page, 'limit' => $limit);
$pick_data = apply_filters('pods_field_pick_data_ajax', null, $field['name'], null, $field, $pod, $id);
if (null !== $pick_data) {
$items = $pick_data;
} else {
$items = $this->get_object_data($object_params);
}
if (!empty($items) && isset($items[0]) && !is_array($items[0])) {
$new_items = array();
foreach ($items as $id => $text) {
$new_items[] = array('id' => $id, 'text' => $text, 'image' => '');
}
$items = $new_items;
}
$items = apply_filters('pods_field_pick_data_ajax_items', $items, $field['name'], null, $field, $pod, $id);
$items = array('results' => $items);
wp_send_json($items);
die;
// KBAI!
}示例6: save_comment
/**
* @param $comment_id
*/
public function save_comment($comment_id)
{
$groups = $this->groups_get('comment', 'comment');
if (empty($groups)) {
return $comment_id;
} elseif (empty($_POST)) {
return $comment_id;
} elseif (!wp_verify_nonce(pods_v('pods_meta', 'post'), 'pods_meta_comment')) {
return $comment_id;
}
$data = array();
$id = $comment_id;
$pod = null;
foreach ($groups as $group) {
if (empty($group['fields'])) {
continue;
}
if (null === $pod || is_object($pod) && $pod->id() != $id) {
if (!is_object(self::$current_pod) || self::$current_pod->pod != $group['pod']['name']) {
self::$current_pod = pods($group['pod']['name'], $id, true);
} elseif (self::$current_pod->id() != $id) {
self::$current_pod->fetch($id);
}
$pod = self::$current_pod;
}
foreach ($group['fields'] as $field) {
if (false === PodsForm::permission($field['type'], $field['name'], $field, $group['fields'], $pod, $id)) {
if (!pods_var('hidden', $field['options'], false)) {
continue;
}
}
$data[$field['name']] = '';
if (isset($_POST['pods_meta_' . $field['name']])) {
$data[$field['name']] = $_POST['pods_meta_' . $field['name']];
}
}
}
do_action('pods_meta_save_pre_comment', $data, $pod, $id, $groups);
if (!empty($pod)) {
// Fix for Pods doing it's own sanitization
$data = pods_unslash((array) $data);
$pod->save($data);
} elseif (!empty($id)) {
pods_no_conflict_on('comment');
foreach ($data as $field => $value) {
update_comment_meta($id, $field, $value);
}
pods_no_conflict_off('comment');
}
do_action('pods_meta_save_comment', $data, $pod, $id, $groups);
return $comment_id;
}示例7: import
/**
* Import a Package
*
* @param string|array $data a JSON array package string, or an array of Package Data
* @param bool $replace Whether to replace existing pods entirely or just update them
*
* @return array|bool
*
* @static
* @since 2.0.5
*/
public static function import($data, $replace = false)
{
if (!defined('PODS_FIELD_STRICT')) {
define('PODS_FIELD_STRICT', false);
}
if (!is_array($data)) {
$json_data = @json_decode($data, true);
if (!is_array($json_data)) {
$json_data = @json_decode(pods_unslash($data), true);
}
$data = $json_data;
}
if (!is_array($data) || empty($data)) {
return false;
}
$api = pods_api();
if (!isset($data['meta']) || !isset($data['meta']['version']) || empty($data['meta']['version'])) {
return false;
}
// Pods 1.x < 1.10
if (false === strpos($data['meta']['version'], '.') && (int) $data['meta']['version'] < 1000) {
$data['meta']['version'] = implode('.', str_split($data['meta']['version']));
} elseif (false === strpos($data['meta']['version'], '.')) {
$data['meta']['version'] = pods_version_to_point($data['meta']['version']);
}
$found = array();
if (isset($data['pods']) && is_array($data['pods'])) {
foreach ($data['pods'] as $pod_data) {
if (isset($pod_data['id'])) {
unset($pod_data['id']);
}
$pod = $api->load_pod(array('name' => $pod_data['name']), false);
$existing_fields = array();
if (!empty($pod)) {
// Delete Pod if it exists
if ($replace) {
$api->delete_pod(array('id' => $pod['id']));
$pod = array('fields' => array());
} else {
$existing_fields = $pod['fields'];
}
} else {
$pod = array('fields' => array());
}
// Backwards compatibility
if (version_compare($data['meta']['version'], '2.0', '<')) {
$core_fields = array(array('name' => 'created', 'label' => 'Date Created', 'type' => 'datetime', 'options' => array('datetime_format' => 'ymd_slash', 'datetime_time_type' => '12', 'datetime_time_format' => 'h_mm_ss_A'), 'weight' => 1), array('name' => 'modified', 'label' => 'Date Modified', 'type' => 'datetime', 'options' => array('datetime_format' => 'ymd_slash', 'datetime_time_type' => '12', 'datetime_time_format' => 'h_mm_ss_A'), 'weight' => 2), array('name' => 'author', 'label' => 'Author', 'type' => 'pick', 'pick_object' => 'user', 'options' => array('pick_format_type' => 'single', 'pick_format_single' => 'autocomplete', 'default_value' => '{@user.ID}'), 'weight' => 3));
$found_fields = array();
if (!empty($pod_data['fields'])) {
foreach ($pod_data['fields'] as $k => $field) {
$field_type = $field['coltype'];
if ('txt' == $field_type) {
$field_type = 'text';
} elseif ('desc' == $field_type) {
$field_type = 'wysiwyg';
} elseif ('code' == $field_type) {
$field_type = 'paragraph';
} elseif ('bool' == $field_type) {
$field_type = 'boolean';
} elseif ('num' == $field_type) {
$field_type = 'number';
} elseif ('date' == $field_type) {
$field_type = 'datetime';
}
$multiple = min(max((int) $field['multiple'], 0), 1);
$new_field = array('name' => trim($field['name']), 'label' => trim($field['label']), 'description' => trim($field['comment']), 'type' => $field_type, 'weight' => (int) $field['weight'], 'options' => array('required' => min(max((int) $field['required'], 0), 1), 'unique' => min(max((int) $field['unique'], 0), 1), 'input_helper' => $field['input_helper']));
if (in_array($new_field['name'], $found_fields)) {
unset($pod_data['fields'][$k]);
continue;
}
$found_fields[] = $new_field['name'];
if ('pick' == $field_type) {
$new_field['pick_object'] = 'pod';
$new_field['pick_val'] = $field['pickval'];
if ('wp_user' == $field['pickval']) {
$new_field['pick_object'] = 'user';
} elseif ('wp_post' == $field['pickval']) {
$new_field['pick_object'] = 'post_type-post';
} elseif ('wp_page' == $field['pickval']) {
$new_field['pick_object'] = 'post_type-page';
} elseif ('wp_taxonomy' == $field['pickval']) {
$new_field['pick_object'] = 'taxonomy-category';
}
// This won't work if the field doesn't exist
// $new_field[ 'sister_id' ] = $field[ 'sister_field_id' ];
$new_field['options']['pick_filter'] = $field['pick_filter'];
$new_field['options']['pick_orderby'] = $field['pick_orderby'];
$new_field['options']['pick_display'] = '';
$new_field['options']['pick_size'] = 'medium';
//.........这里部分代码省略.........
示例8: pods_v
/**
* Return a variable (if exists)
*
* @param mixed $var The variable name, can also be a modifier for specific types
* @param string|array|object $type (optional) Super globals, url/url-relative, constants, globals, options, transients, cache, user data, Pod field values, dates
* @param mixed $default (optional) The default value to set if variable doesn't exist
* @param bool $strict (optional) Only allow values (must not be empty)
* @param array $params (optional) Set 'casting'=>true to cast value from $default, 'allowed'=>$allowed to restrict a value to what's allowed
*
* @return mixed The variable (if exists), or default value
* @since 2.3.10
*/
function pods_v($var = null, $type = 'get', $default = null, $strict = false, $params = array())
{
$defaults = array('casting' => false, 'allowed' => null);
$params = (object) array_merge($defaults, (array) $params);
$output = null;
if (null === $type || '' === $type) {
// Invalid $type
} elseif (is_array($type)) {
if (isset($type[$var])) {
$output = $type[$var];
}
} elseif (is_object($type)) {
if (isset($type->{$var})) {
$output = $type->{$var};
}
} else {
$type = strtolower((string) $type);
switch ($type) {
case 'get':
if (isset($_GET[$var])) {
$output = pods_unslash($_GET[$var]);
}
break;
case 'post':
if (isset($_POST[$var])) {
$output = pods_unslash($_POST[$var]);
}
break;
case 'request':
if (isset($_REQUEST[$var])) {
$output = pods_unslash($_REQUEST[$var]);
}
break;
case 'url':
case 'uri':
$url = parse_url(pods_current_url());
$uri = trim($url['path'], '/');
$uri = array_filter(explode('/', $uri));
if ('first' == $var) {
$var = 0;
} elseif ('last' == $var) {
$var = -1;
}
if (is_numeric($var)) {
$output = $var < 0 ? pods_v(count($uri) + $var, $uri) : pods_v($var, $uri);
}
break;
case 'url-relative':
$url_raw = pods_current_url();
$prefix = get_site_url();
if (substr($url_raw, 0, strlen($prefix)) == $prefix) {
$url_raw = substr($url_raw, strlen($prefix) + 1, strlen($url_raw));
}
$url = parse_url($url_raw);
$uri = trim($url['path'], '/');
$uri = array_filter(explode('/', $uri));
if ('first' == $var) {
$var = 0;
} elseif ('last' == $var) {
$var = -1;
}
if (is_numeric($var)) {
$output = $var < 0 ? pods_v(count($uri) + $var, $uri) : pods_v($var, $uri);
}
break;
case 'template-url':
$output = get_template_directory_uri();
break;
case 'stylesheet-url':
$output = get_stylesheet_directory_uri();
break;
case 'site-url':
$blog_id = $scheme = null;
$path = '';
if (is_array($var)) {
if (isset($var[0])) {
$blog_id = $var[0];
} elseif (isset($var[1])) {
$path = $var[1];
} elseif (isset($var[2])) {
$scheme = $var[2];
}
} else {
$blog_id = $var;
}
$output = get_site_url($blog_id, $path, $scheme);
break;
case 'home-url':
//.........这里部分代码省略.........
示例9: esc_html
echo $active;
?>
><?php
echo esc_html($val['name']);
?>
</option>
<?php
}
?>
</select>
<?php
}
}
}
// Display the search box and submit button
$search = empty($_GET[$this->search_var]) ? '' : pods_unslash($_GET[$this->search_var]);
if (false !== $show_textbox) {
?>
<input type="text" class="pod_search" name="<?php
echo esc_attr($this->search_var);
?>
" value="<?php
echo esc_attr($search);
?>
" />
<?php
} else {
?>
<input type="hidden" name="<?php
echo esc_attr($this->search_var);
?>示例10: admin_ajax_upload
/**
* Handle plupload AJAX
*
* @since 2.3
*/
public function admin_ajax_upload()
{
pods_session_start();
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
unset($params[$key]);
$params[str_replace('_podsfix_', '', $key)] = $value;
}
$params = (object) $params;
$methods = array('upload');
if (!isset($params->method) || !in_array($params->method, $methods) || !isset($params->pod) || !isset($params->field) || !isset($params->uri) || empty($params->uri)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (!empty($params->pod) && empty($params->field)) {
pods_error('Invalid AJAX request', PodsInit::$admin);
} elseif (empty($params->pod) && !current_user_can('upload_files')) {
pods_error('Invalid AJAX request', PodsInit::$admin);
}
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
global $current_user;
unset($current_user);
/**
* Access Checking
*/
$upload_disabled = false;
if (defined('PODS_DISABLE_FILE_UPLOAD') && true === PODS_DISABLE_FILE_UPLOAD) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && true === PODS_UPLOAD_REQUIRE_LOGIN && !is_user_logged_in()) {
$upload_disabled = true;
} elseif (defined('PODS_UPLOAD_REQUIRE_LOGIN') && !is_bool(PODS_UPLOAD_REQUIRE_LOGIN) && (!is_user_logged_in() || !current_user_can(PODS_UPLOAD_REQUIRE_LOGIN))) {
$upload_disabled = true;
}
$uid = @session_id();
if (is_user_logged_in()) {
$uid = 'user_' . get_current_user_id();
}
$nonce_check = 'pods_upload_' . (int) $params->pod . '_' . $uid . '_' . $params->uri . '_' . (int) $params->field;
if (true === $upload_disabled || !isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, $nonce_check)) {
pods_error(__('Unauthorized request', 'pods'), PodsInit::$admin);
}
$pod = array();
$field = array('type' => 'file', 'options' => array());
$api = pods_api();
$api->display_errors = false;
if (!empty($params->pod)) {
$pod = $api->load_pod(array('id' => (int) $params->pod));
$field = $api->load_field(array('id' => (int) $params->field));
if (empty($pod) || empty($field) || $pod['id'] != $field['pod_id'] || !isset($pod['fields'][$field['name']])) {
pods_error(__('Invalid field request', 'pods'), PodsInit::$admin);
}
if (!in_array($field['type'], PodsForm::file_field_types())) {
pods_error(__('Invalid field', 'pods'), PodsInit::$admin);
}
}
$method = $params->method;
// Cleaning up $params
unset($params->action);
unset($params->method);
unset($params->_wpnonce);
$params->post_id = pods_var('post_id', $params, 0, null, true);
/**
* Upload a new file (advanced - returns URL and ID)
*/
if ('upload' == $method) {
$file = $_FILES['Filedata'];
$limit_size = pods_var($field['type'] . '_restrict_filesize', $field['options']);
if (!empty($limit_size)) {
if (false !== stripos($limit_size, 'MB')) {
$limit_size = (double) trim(str_ireplace('MB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to KB to B
} elseif (false !== stripos($limit_size, 'KB')) {
$limit_size = (double) trim(str_ireplace('KB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025;
// convert to B
} elseif (false !== stripos($limit_size, 'GB')) {
$limit_size = (double) trim(str_ireplace('GB', '', $limit_size));
$limit_size = $limit_size * 1025 * 1025 * 1025;
// convert to MB to KB to B
} elseif (false !== stripos($limit_size, 'B')) {
$limit_size = (double) trim(str_ireplace('B', '', $limit_size));
} else {
$limit_size = wp_max_upload_size();
}
//.........这里部分代码省略.........