Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WPForms\Lite\Admin;

[2] Fix | Delete

[3] Fix | Delete

use WP_Error;

[4] Fix | Delete

use WPForms\Helpers\PluginSilentUpgrader;

[5] Fix | Delete

[6] Fix | Delete

/**

[7] Fix | Delete

* WPForms Connect.

[8] Fix | Delete

[9] Fix | Delete

* WPForms Connect is our service that makes it easy for non-techy users to

[10] Fix | Delete

* upgrade to WPForms Pro without having to manually install WPForms Pro plugin.

[11] Fix | Delete

[12] Fix | Delete

* @since 1.5.5

[13] Fix | Delete

[14] Fix | Delete

class Connect {

[15] Fix | Delete

[16] Fix | Delete

/**

[17] Fix | Delete

* WPForms Pro plugin basename.

[18] Fix | Delete

[19] Fix | Delete

* @since 1.8.4

[20] Fix | Delete

[21] Fix | Delete

* @var string

[22] Fix | Delete

[23] Fix | Delete

const PRO_PLUGIN = 'wpforms/wpforms.php';

[24] Fix | Delete

[25] Fix | Delete

/**

[26] Fix | Delete

* Constructor.

[27] Fix | Delete

[28] Fix | Delete

* @since 1.5.5

[29] Fix | Delete

[30] Fix | Delete

public function __construct() {

[31] Fix | Delete

[32] Fix | Delete

$this->hooks();

[33] Fix | Delete

}

[34] Fix | Delete

[35] Fix | Delete

/**

[36] Fix | Delete

* Hooks.

[37] Fix | Delete

[38] Fix | Delete

* @since 1.5.5

[39] Fix | Delete

[40] Fix | Delete

public function hooks() {

[41] Fix | Delete

[42] Fix | Delete

add_action( 'wpforms_settings_enqueue', [ $this, 'settings_enqueues' ] );

[43] Fix | Delete

add_action( 'wp_ajax_wpforms_connect_url', [ $this, 'generate_url' ] );

[44] Fix | Delete

add_action( 'wp_ajax_nopriv_wpforms_connect_process', [ $this, 'process' ] );

[45] Fix | Delete

}

[46] Fix | Delete

[47] Fix | Delete

/**

[48] Fix | Delete

* Settings page enqueues.

[49] Fix | Delete

[50] Fix | Delete

* @since 1.5.5

[51] Fix | Delete

[52] Fix | Delete

public function settings_enqueues() {

[53] Fix | Delete

[54] Fix | Delete

$min = wpforms_get_min_suffix();

[55] Fix | Delete

[56] Fix | Delete

wp_enqueue_script(

[57] Fix | Delete

'wpforms-connect',

[58] Fix | Delete

WPFORMS_PLUGIN_URL . "assets/lite/js/admin/connect{$min}.js",

[59] Fix | Delete

[ 'jquery' ],

[60] Fix | Delete

WPFORMS_VERSION,

[61] Fix | Delete

true

[62] Fix | Delete

);

[63] Fix | Delete

}

[64] Fix | Delete

[65] Fix | Delete

/**

[66] Fix | Delete

* Generate and return WPForms Connect URL.

[67] Fix | Delete

[68] Fix | Delete

* @since 1.5.5

[69] Fix | Delete

[70] Fix | Delete

public function generate_url() {

[71] Fix | Delete

[72] Fix | Delete

// Run a security check.

[73] Fix | Delete

check_ajax_referer( 'wpforms-admin', 'nonce' );

[74] Fix | Delete

[75] Fix | Delete

// Check for permissions.

[76] Fix | Delete

if ( ! current_user_can( 'install_plugins' ) ) {

[77] Fix | Delete

wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'wpforms-lite' ) ] );

[78] Fix | Delete

}

[79] Fix | Delete

[80] Fix | Delete

$current_plugin = plugin_basename( WPFORMS_PLUGIN_FILE );

[81] Fix | Delete

$is_pro = wpforms()->is_pro();

[82] Fix | Delete

[83] Fix | Delete

// Local development environment.

[84] Fix | Delete

if ( $current_plugin === self::PRO_PLUGIN && ! $is_pro ) {

[85] Fix | Delete

wp_send_json_error( [ 'message' => esc_html__( 'There must be a non-developer Lite version installed to upgrade.', 'wpforms-lite' ) ] );

[86] Fix | Delete

}

[87] Fix | Delete

[88] Fix | Delete

$key = ! empty( $_POST['key'] ) ? sanitize_text_field( wp_unslash( $_POST['key'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification

[89] Fix | Delete

[90] Fix | Delete

// Empty license key.

[91] Fix | Delete

if ( empty( $key ) ) {

[92] Fix | Delete

wp_send_json_error( [ 'message' => esc_html__( 'Please enter your license key to connect.', 'wpforms-lite' ) ] );

[93] Fix | Delete

}

[94] Fix | Delete

[95] Fix | Delete

// Whether it is the pro version.

[96] Fix | Delete

if ( $is_pro ) {

[97] Fix | Delete

wp_send_json_error( [ 'message' => esc_html__( 'Only the Lite version can be upgraded.', 'wpforms-lite' ) ] );

[98] Fix | Delete

}

[99] Fix | Delete

[100] Fix | Delete

// Verify pro version is not installed.

[101] Fix | Delete

$active = activate_plugin( self::PRO_PLUGIN, false, false, true );

[102] Fix | Delete

[103] Fix | Delete

if ( ! is_wp_error( $active ) ) {

[104] Fix | Delete

[105] Fix | Delete

// Deactivate Lite.

[106] Fix | Delete

deactivate_plugins( $current_plugin );

[107] Fix | Delete

[108] Fix | Delete

// phpcs:ignore WPForms.Comments.PHPDocHooks.RequiredHookDocumentation, WPForms.PHP.ValidateHooks.InvalidHookName

[109] Fix | Delete

do_action( 'wpforms_plugin_deactivated', $current_plugin );

[110] Fix | Delete

[111] Fix | Delete

wp_send_json_success(

[112] Fix | Delete

[

[113] Fix | Delete

'message' => esc_html__( 'WPForms Pro is installed but not activated.', 'wpforms-lite' ),

[114] Fix | Delete

'reload' => true,

[115] Fix | Delete

]

[116] Fix | Delete

);

[117] Fix | Delete

}

[118] Fix | Delete

[119] Fix | Delete

// Generate URL.

[120] Fix | Delete

$oth = hash( 'sha512', wp_rand() );

[121] Fix | Delete

$hashed_oth = hash_hmac( 'sha512', $oth, wp_salt() );

[122] Fix | Delete

[123] Fix | Delete

update_option( 'wpforms_connect_token', $oth );

[124] Fix | Delete

update_option( 'wpforms_connect', $key );

[125] Fix | Delete

[126] Fix | Delete

$version = WPFORMS_VERSION;

[127] Fix | Delete

$endpoint = admin_url( 'admin-ajax.php' );

[128] Fix | Delete

$redirect = admin_url( 'admin.php?page=wpforms-settings' );

[129] Fix | Delete

$url = add_query_arg(

[130] Fix | Delete

[

[131] Fix | Delete

'key' => $key,

[132] Fix | Delete

'oth' => $hashed_oth,

[133] Fix | Delete

'endpoint' => $endpoint,

[134] Fix | Delete

'version' => $version,

[135] Fix | Delete

'siteurl' => admin_url(),

[136] Fix | Delete

'homeurl' => site_url(),

[137] Fix | Delete

'redirect' => rawurldecode( base64_encode( $redirect ) ), // phpcs:ignore

[138] Fix | Delete

'v' => 2,

[139] Fix | Delete

[140] Fix | Delete

'https://upgrade.wpforms.com'

[141] Fix | Delete

);

[142] Fix | Delete

[143] Fix | Delete

wp_send_json_success(

[144] Fix | Delete

[

[145] Fix | Delete

'url' => $url,

[146] Fix | Delete

'back_url' => add_query_arg(

[147] Fix | Delete

[

[148] Fix | Delete

'action' => 'wpforms_connect',

[149] Fix | Delete

'oth' => $hashed_oth,

[150] Fix | Delete

[151] Fix | Delete

$endpoint

[152] Fix | Delete

[153] Fix | Delete

]

[154] Fix | Delete

);

[155] Fix | Delete

}

[156] Fix | Delete

[157] Fix | Delete

/**

[158] Fix | Delete

* Process WPForms Connect.

[159] Fix | Delete

[160] Fix | Delete

* @since 1.5.5

[161] Fix | Delete

[162] Fix | Delete

public function process() { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh, WPForms.PHP.HooksMethod.InvalidPlaceForAddingHooks

[163] Fix | Delete

[164] Fix | Delete

$error = esc_html__( 'There was an error while installing an upgrade. Please download the plugin from wpforms.com and install it manually.', 'wpforms-lite' );

[165] Fix | Delete

[166] Fix | Delete

// Verify params present (oth & download link).

[167] Fix | Delete

$post_oth = ! empty( $_REQUEST['oth'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['oth'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification

[168] Fix | Delete

$post_url = ! empty( $_REQUEST['file'] ) ? esc_url_raw( wp_unslash( $_REQUEST['file'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification

[169] Fix | Delete

[170] Fix | Delete

if ( empty( $post_oth ) || empty( $post_url ) ) {

[171] Fix | Delete

wp_send_json_error( $error );

[172] Fix | Delete

}

[173] Fix | Delete

[174] Fix | Delete

// Verify oth.

[175] Fix | Delete

$oth = get_option( 'wpforms_connect_token' );

[176] Fix | Delete

[177] Fix | Delete

if ( empty( $oth ) ) {

[178] Fix | Delete

wp_send_json_error( $error );

[179] Fix | Delete

}

[180] Fix | Delete

[181] Fix | Delete

if ( hash_hmac( 'sha512', $oth, wp_salt() ) !== $post_oth ) {

[182] Fix | Delete

wp_send_json_error( $error );

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

// Delete so cannot replay.

[186] Fix | Delete

delete_option( 'wpforms_connect_token' );

[187] Fix | Delete

[188] Fix | Delete

// Set the current screen to avoid undefined notices.

[189] Fix | Delete

set_current_screen( 'wpforms_page_wpforms-settings' );

[190] Fix | Delete

[191] Fix | Delete

// Prepare variables.

[192] Fix | Delete

$url = esc_url_raw(

[193] Fix | Delete

add_query_arg(

[194] Fix | Delete

[ 'page' => 'wpforms-settings' ],

[195] Fix | Delete

admin_url( 'admin.php' )

[196] Fix | Delete

)

[197] Fix | Delete

);

[198] Fix | Delete

[199] Fix | Delete

// Verify pro not activated.

[200] Fix | Delete

if ( wpforms()->is_pro() ) {

[201] Fix | Delete

wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'wpforms-lite' ) );

[202] Fix | Delete

}

[203] Fix | Delete

[204] Fix | Delete

// Verify pro not installed.

[205] Fix | Delete

$active = activate_plugin( self::PRO_PLUGIN, $url, false, true );

[206] Fix | Delete

[207] Fix | Delete

if ( ! is_wp_error( $active ) ) {

[208] Fix | Delete

$plugin = plugin_basename( WPFORMS_PLUGIN_FILE );

[209] Fix | Delete

[210] Fix | Delete

deactivate_plugins( $plugin );

[211] Fix | Delete

[212] Fix | Delete

// phpcs:ignore WPForms.Comments.PHPDocHooks.RequiredHookDocumentation, WPForms.PHP.ValidateHooks.InvalidHookName

[213] Fix | Delete

do_action( 'wpforms_plugin_deactivated', $plugin );

[214] Fix | Delete

[215] Fix | Delete

wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'wpforms-lite' ) );

[216] Fix | Delete

}

[217] Fix | Delete

[218] Fix | Delete

$creds = request_filesystem_credentials( $url, '', false, false );

[219] Fix | Delete

[220] Fix | Delete

// Check for file system permissions.

[221] Fix | Delete

if ( $creds === false || ! WP_Filesystem( $creds ) ) {

[222] Fix | Delete

wp_send_json_error(

[223] Fix | Delete

esc_html__( 'There was an error while installing an upgrade. Please check file system permissions and try again. Also, you can download the plugin from wpforms.com and install it manually.', 'wpforms-lite' )

[224] Fix | Delete

);

[225] Fix | Delete

}

[226] Fix | Delete

[227] Fix | Delete

[228] Fix | Delete

* We do not need any extra credentials if we have gotten this far, so let's install the plugin.

[229] Fix | Delete

[230] Fix | Delete

[231] Fix | Delete

// Do not allow WordPress to search/download translations, as this will break JS output.

[232] Fix | Delete

remove_action( 'upgrader_process_complete', [ 'Language_Pack_Upgrader', 'async_upgrade' ], 20 );

[233] Fix | Delete

[234] Fix | Delete

// Create the plugin upgrader with our custom skin.

[235] Fix | Delete

$installer = new PluginSilentUpgrader( new ConnectSkin() );

[236] Fix | Delete

[237] Fix | Delete

// Error check.

[238] Fix | Delete

if ( ! method_exists( $installer, 'install' ) ) {

[239] Fix | Delete

wp_send_json_error( $error );

[240] Fix | Delete

}

[241] Fix | Delete

[242] Fix | Delete

// Check license key.

[243] Fix | Delete

$key = get_option( 'wpforms_connect', false );

[244] Fix | Delete

[245] Fix | Delete

if ( empty( $key ) ) {

[246] Fix | Delete

wp_send_json_error(

[247] Fix | Delete

new WP_Error(

[248] Fix | Delete

'403',

[249] Fix | Delete

esc_html__( 'No key provided.', 'wpforms-lite' )

[250] Fix | Delete

)

[251] Fix | Delete

);

[252] Fix | Delete

}

[253] Fix | Delete

[254] Fix | Delete

$installer->install( $post_url ); // phpcs:ignore

[255] Fix | Delete

[256] Fix | Delete

// Flush the cache and return the newly installed plugin basename.

[257] Fix | Delete

wp_cache_flush();

[258] Fix | Delete

[259] Fix | Delete

$plugin_basename = $installer->plugin_info();

[260] Fix | Delete

[261] Fix | Delete

if ( $plugin_basename ) {

[262] Fix | Delete

[263] Fix | Delete

// Deactivate the lite version first.

[264] Fix | Delete

$plugin = plugin_basename( WPFORMS_PLUGIN_FILE );

[265] Fix | Delete

[266] Fix | Delete

deactivate_plugins( $plugin );

[267] Fix | Delete

[268] Fix | Delete

// phpcs:ignore WPForms.Comments.PHPDocHooks.RequiredHookDocumentation, WPForms.PHP.ValidateHooks.InvalidHookName

[269] Fix | Delete

do_action( 'wpforms_plugin_deactivated', $plugin );

[270] Fix | Delete

[271] Fix | Delete

// Activate the plugin silently.

[272] Fix | Delete

$activated = activate_plugin( $plugin_basename, '', false, true );

[273] Fix | Delete

[274] Fix | Delete

if ( ! is_wp_error( $activated ) ) {

[275] Fix | Delete

add_option( 'wpforms_install', 1 );

[276] Fix | Delete

wp_send_json_success( esc_html__( 'Plugin installed & activated.', 'wpforms-lite' ) );

[277] Fix | Delete

} else {

[278] Fix | Delete

// Reactivate the lite plugin if pro activation failed.

[279] Fix | Delete

activate_plugin( plugin_basename( WPFORMS_PLUGIN_FILE ), '', false, true );

[280] Fix | Delete

wp_send_json_error( esc_html__( 'Pro version installed but needs to be activated on the Plugins page inside your WordPress admin.', 'wpforms-lite' ) );

[281] Fix | Delete

}

[282] Fix | Delete

}

[283] Fix | Delete

[284] Fix | Delete

wp_send_json_error( $error );

[285] Fix | Delete

}

[286] Fix | Delete

}

[287] Fix | Delete

[288] Fix | Delete