<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WPForms\Admin\Builder\Ajax;

[2] Fix | Delete

[3] Fix | Delete

/**

[4] Fix | Delete

* Form Builder Panel Loader AJAX actions.

[5] Fix | Delete

*

[6] Fix | Delete

* @since 1.8.6

[7] Fix | Delete

*/

[8] Fix | Delete

class PanelLoader {

[9] Fix | Delete

[10] Fix | Delete

/**

[11] Fix | Delete

* Determine if the class is allowed to load.

[12] Fix | Delete

*

[13] Fix | Delete

* @since 1.8.6

[14] Fix | Delete

*

[15] Fix | Delete

* @return bool

[16] Fix | Delete

*/

[17] Fix | Delete

private function allow_load(): bool {

[18] Fix | Delete

[19] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended

[20] Fix | Delete

$action = isset( $_REQUEST['action'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) ) : '';

[21] Fix | Delete

[22] Fix | Delete

// Load only in the case of AJAX calls form the Form Builder.

[23] Fix | Delete

return wpforms_is_admin_ajax() && strpos( $action, 'wpforms_builder_' ) === 0;

[24] Fix | Delete

}

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* Initialize class.

[28] Fix | Delete

*

[29] Fix | Delete

* @since 1.8.6

[30] Fix | Delete

*/

[31] Fix | Delete

public function init(): void {

[32] Fix | Delete

[33] Fix | Delete

if ( ! $this->allow_load() ) {

[34] Fix | Delete

return;

[35] Fix | Delete

}

[36] Fix | Delete

[37] Fix | Delete

$this->hooks();

[38] Fix | Delete

}

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* Hooks.

[42] Fix | Delete

*

[43] Fix | Delete

* @since 1.8.6

[44] Fix | Delete

*/

[45] Fix | Delete

private function hooks(): void {

[46] Fix | Delete

[47] Fix | Delete

add_action( 'wp_ajax_wpforms_builder_load_panel', [ $this, 'load_panel_content' ] );

[48] Fix | Delete

}

[49] Fix | Delete

[50] Fix | Delete

/**

[51] Fix | Delete

* Save tags.

[52] Fix | Delete

*

[53] Fix | Delete

* @since 1.8.6

[54] Fix | Delete

*/

[55] Fix | Delete

public function load_panel_content(): void {

[56] Fix | Delete

[57] Fix | Delete

check_ajax_referer( 'wpforms-builder', 'nonce' );

[58] Fix | Delete

[59] Fix | Delete

$form_id = absint( filter_input( INPUT_POST, 'form_id', FILTER_SANITIZE_NUMBER_INT ) );

[60] Fix | Delete

[61] Fix | Delete

if ( ! wpforms_current_user_can( 'edit_forms', $form_id ) ) {

[62] Fix | Delete

wp_send_json_error( esc_html__( 'You do not have permission to perform this action.', 'wpforms-lite' ) );

[63] Fix | Delete

}

[64] Fix | Delete

[65] Fix | Delete

$data = $this->get_prepared_data( 'load_panel' );

[66] Fix | Delete

$panel = $data['panel'] ?? '';

[67] Fix | Delete

$panel_class = '\WPForms_Builder_Panel_' . ucfirst( $panel );

[68] Fix | Delete

$panel_obj = $this->get_panel_obj( $panel_class, $panel );

[69] Fix | Delete

[70] Fix | Delete

ob_start();

[71] Fix | Delete

$panel_obj->panel_output( [], $panel );

[72] Fix | Delete

[73] Fix | Delete

$panel_content = ob_get_clean();

[74] Fix | Delete

[75] Fix | Delete

wp_send_json_success( $panel_content );

[76] Fix | Delete

}

[77] Fix | Delete

[78] Fix | Delete

/**

[79] Fix | Delete

* Get panel object.

[80] Fix | Delete

*

[81] Fix | Delete

* @since 1.9.4

[82] Fix | Delete

*

[83] Fix | Delete

* @param string $panel_class Panel class name.

[84] Fix | Delete

* @param string $panel Panel name.

[85] Fix | Delete

*

[86] Fix | Delete

* @return object

[87] Fix | Delete

*/

[88] Fix | Delete

private function get_panel_obj( string $panel_class, string $panel ) {

[89] Fix | Delete

[90] Fix | Delete

if ( ! class_exists( $panel_class ) ) {

[91] Fix | Delete

// Load panel base class.

[92] Fix | Delete

require_once WPFORMS_PLUGIN_DIR . 'includes/admin/builder/panels/class-base.php';

[93] Fix | Delete

[94] Fix | Delete

$file = WPFORMS_PLUGIN_DIR . "includes/admin/builder/panels/class-{$panel}.php";

[95] Fix | Delete

$file_pro = WPFORMS_PLUGIN_DIR . "pro/includes/admin/builder/panels/class-{$panel}.php";

[96] Fix | Delete

[97] Fix | Delete

if ( file_exists( $file_pro ) && wpforms()->is_pro() ) {

[98] Fix | Delete

require_once $file_pro;

[99] Fix | Delete

} elseif ( file_exists( $file ) ) {

[100] Fix | Delete

require_once $file;

[101] Fix | Delete

}

[102] Fix | Delete

}

[103] Fix | Delete

[104] Fix | Delete

$panel_obj = $panel_class::instance();

[105] Fix | Delete

[106] Fix | Delete

if ( ! method_exists( $panel_obj, 'panel_content' ) ) {

[107] Fix | Delete

wp_send_json_error( esc_html__( 'Invalid panel.', 'wpforms-lite' ) );

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

return $panel_obj;

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* Get prepared data before perform ajax action.

[115] Fix | Delete

*

[116] Fix | Delete

* @since 1.8.6

[117] Fix | Delete

*

[118] Fix | Delete

* @param string $action Action: `save` OR `delete`.

[119] Fix | Delete

*

[120] Fix | Delete

* @return array

[121] Fix | Delete

* @noinspection PhpSameParameterValueInspection

[122] Fix | Delete

*/

[123] Fix | Delete

private function get_prepared_data( string $action ): array {

[124] Fix | Delete

[125] Fix | Delete

// Run a security check.

[126] Fix | Delete

if ( ! check_ajax_referer( 'wpforms-builder', 'nonce', false ) ) {

[127] Fix | Delete

wp_send_json_error( esc_html__( 'Most likely, your session expired. Please reload the page.', 'wpforms-lite' ) );

[128] Fix | Delete

}

[129] Fix | Delete

[130] Fix | Delete

// Check for permissions.

[131] Fix | Delete

if ( ! wpforms_current_user_can( 'edit_forms' ) ) {

[132] Fix | Delete

wp_send_json_error( esc_html__( 'You are not allowed to perform this action.', 'wpforms-lite' ) );

[133] Fix | Delete

}

[134] Fix | Delete

[135] Fix | Delete

$data = [];

[136] Fix | Delete

[137] Fix | Delete

if ( $action === 'load_panel' ) {

[138] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[139] Fix | Delete

$data['panel'] = ! empty( $_POST['panel'] ) ? sanitize_key( $_POST['panel'] ) : '';

[140] Fix | Delete

}

[141] Fix | Delete

[142] Fix | Delete

return $data;

[143] Fix | Delete

}

[144] Fix | Delete

}

[145] Fix | Delete

[146] Fix | Delete