Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2249: Actions.php in wpforo/tags/2.1.7/classes – WordPress Plugin Repository

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.

CVE
#sql#js#wordpress#php#rce#ssrf#auth

1<?php23namespace wpforo\classes;45// Exit if accessed directly6if( ! defined( ‘ABSPATH’ ) ) exit();78class Actions {9 /**10 * wpForoAction constructor.11 */12 public function __construct() {13 $this->init_hooks();14 }1516 /**17 * method for initializing all necessary hooks18 */19 public function init_hooks() {20 add_action( 'wpforo_after_init_classes’, function() { if( WPF()->need_activation() ) wpforo_activation(); }, 0 );2122 add_action( 'wpforo_after_init’, [ $this, ‘do_actions’ ], 999 );23 add_action( 'wpforo_action_user_delete’, [ $this, ‘user_delete’ ] );24 add_action( 'deleted_user’, [ $this, ‘deleted_user’ ], 10, 2 );2526 add_action( 'wp_ajax_wpforo_profiles_default_cover_upload’, [ $this, ‘profiles_default_cover_upload’ ] );27 add_action( 'wp_ajax_wpforo_deactivate’, [ $this, ‘deactivate’ ] );2829 if( ! wpforo_is_admin() ) {30 add_action( 'wpforo_actions’, function(){31 if( wpfval($_REQUEST, ‘wpfaction’) === ‘topic_add’ ) unregister_post_type( ‘topic’ );32 } );3334 add_action( 'wpforo_actions’, [ $this, ‘init_default_attach_hooks’ ] );35 add_action( 'wpforo_actions’, [ $this, ‘init_wp_emoji_hooks’ ] );3637 add_action( 'wpforo_actions’, [ $this, ‘feed_rss2’ ] );38 add_action( 'wpforo_actions’, [ $this, ‘mark_all_read’ ] );39 add_action( 'wpforo_actions’, [ $this, ‘mark_notification_read’ ] );4041 add_action( 'wpforo_action_registration’, [ $this, ‘registration’ ] );42 add_action( 'wpforo_action_login’, [ $this, ‘login’ ] );43 add_action( 'wpforo_action_lostpassword’, [ $this, ‘lostpassword’ ] );44 add_action( 'wpforo_action_resetpassword_form’, [ $this, ‘resetpassword_form’ ] );45 add_action( 'wpforo_action_resetpassword’, [ $this, ‘resetpassword’ ] );46 add_action( 'wpforo_action_profile_update’, [ $this, ‘profile_update’ ] );47 add_action( 'wpforo_action_ucf_file_delete’, [ $this, ‘ucf_file_delete’ ] );48 add_action( 'wpforo_action_cantlogin_contact’, [ $this, ‘cantlogin_contact’ ] );4950 add_action( 'wpforo_action_topic_add’, [ $this, ‘topic_add’ ] );51 add_action( 'wpforo_action_topic_edit’, [ $this, ‘topic_edit’ ] );52 add_action( 'wpforo_action_topic_move’, [ $this, ‘topic_move’ ] );53 add_action( 'wpforo_action_topic_merge’, [ $this, ‘topic_merge’ ] );54 add_action( 'wpforo_action_topic_split’, [ $this, ‘topic_split’ ] );5556 add_action( 'wpforo_action_post_add’, [ $this, ‘post_add’ ] );57 add_action( 'wpforo_action_post_edit’, [ $this, ‘post_edit’ ] );5859 ## ajax actions ##60 add_action( 'wp_ajax_wpforo_dissmiss_recaptcha_note’, [ $this, ‘dissmiss_recaptcha_note’ ] );61 add_action( 'wp_ajax_wpforo_acp_toggle’, [ $this, ‘acp_toggle’ ] );62 add_action( 'wp_ajax_wpforo_clear_all_notifications’, [ $this, ‘clear_all_notifications’ ] );63 add_action( 'wp_ajax_wpforo_profile_cover_upload’, [ $this, ‘profile_cover_upload’ ] );64 add_action( 'wp_ajax_wpforo_profile_cover_delete’, [ $this, ‘profile_cover_delete’ ] );65 add_action( 'wp_ajax_wpforo_get_topic_head_more_info’, [ $this, ‘get_topic_head_more_info’ ] );66 add_action( 'wp_ajax_nopriv_wpforo_get_topic_head_more_info’, [ $this, ‘get_topic_head_more_info’ ] );67 add_action( 'wp_ajax_wpforo_get_topic_overview_chunk’, [ $this, ‘get_topic_overview_chunk’ ] );68 add_action( 'wp_ajax_nopriv_wpforo_get_topic_overview_chunk’, [ $this, ‘get_topic_overview_chunk’ ] );69 add_action( 'wp_ajax_wpforo_get_overview’, [ $this, ‘get_overview’ ] );70 add_action( 'wp_ajax_nopriv_wpforo_get_overview’, [ $this, ‘get_overview’ ] );71 add_action( 'wp_ajax_wpforo_user_ban’, [ $this, ‘user_ban_ajax’ ] );72 add_action( 'wp_ajax_wpforo_get_member_template’, [ $this, ‘get_member_template’ ] );73 add_action( 'wp_ajax_nopriv_wpforo_get_member_template’, [ $this, ‘get_member_template’ ] );74 add_action( 'wp_ajax_wpforo_search_existed_topics’, [ $this, ‘search_existed_topics’ ] );75 add_action( 'wp_ajax_nopriv_wpforo_search_existed_topics’, [ $this, ‘search_existed_topics’ ] );76 } else {77 add_action( 'wpforo_actions’, [ $this, ‘check_dashboard_permissions’ ], 1 );78 add_action( 'wpforo_actions’, [ $this, ‘repair_lost_main_shortcode_page’ ] );7980 add_action( 'wpforo_action_synch_user_profiles’, [ $this, ‘synch_user_profiles’ ] );81 add_action( 'wpforo_action_reset_user_cache’, [ $this, ‘reset_user_cache’ ] );82 add_action( 'wpforo_action_reset_forums_stats’, [ $this, ‘reset_forums_stats’ ] );83 add_action( 'wpforo_action_reset_topics_stats’, [ $this, ‘reset_topics_stats’ ] );84 add_action( 'wpforo_action_reset_users_stats’, [ $this, ‘reset_users_stats’ ] );85 add_action( 'wpforo_action_rebuild_threads’, [ $this, ‘rebuild_threads’ ] );86 add_action( 'wpforo_action_reset_phrase_cache’, [ $this, ‘reset_phrase_cache’ ] );87 add_action( 'wpforo_action_recrawl_phrases’, [ $this, ‘recrawl_phrases’ ] );88 add_action( 'wpforo_action_clean_up’, [ $this, ‘clean_up’ ] );89 add_action( 'wpforo_action_flush_permalinks’, [ $this, ‘flush_permalinks’ ] );9091 add_action( 'wpforo_action_base_slugs_settings_save’, [ $this, ‘base_slugs_settings_save’ ] );92 add_action( 'wpforo_action_general_settings_save’, [ $this, ‘general_settings_save’ ] );9394 add_action( 'wpforo_action_slugs_settings_save’, [ $this, ‘slugs_settings_save’ ] );95 add_action( 'wpforo_action_board_settings_save’, [ $this, ‘board_settings_save’ ] );9697 add_action( 'wpforo_action_akismet_settings_save’, [ $this, ‘akismet_settings_save’ ] );98 add_action( 'wpforo_action_antispam_settings_save’, [ $this, ‘antispam_settings_save’ ] );99 add_action( 'wpforo_action_authorization_settings_save’, [ $this, ‘authorization_settings_save’ ] );100 add_action( 'wpforo_action_buddypress_settings_save’, [ $this, ‘buddypress_settings_save’ ] );101 add_action( 'wpforo_action_components_settings_save’, [ $this, ‘components_settings_save’ ] );102 add_action( 'wpforo_action_email_settings_save’, [ $this, ‘email_settings_save’ ] );103 add_action( 'wpforo_action_forums_settings_save’, [ $this, ‘forums_settings_save’ ] );104 add_action( 'wpforo_action_logging_settings_save’, [ $this, ‘logging_settings_save’ ] );105 add_action( 'wpforo_action_members_settings_save’, [ $this, ‘members_settings_save’ ] );106 add_action( 'wpforo_action_notifications_settings_save’, [ $this, ‘notifications_settings_save’ ] );107 add_action( 'wpforo_action_posting_settings_save’, [ $this, ‘posting_settings_save’ ] );108 add_action( 'wpforo_action_profiles_settings_save’, [ $this, ‘profiles_settings_save’ ] );109 add_action( 'wpforo_action_rating_settings_save’, [ $this, ‘rating_settings_save’ ] );110 add_action( 'wpforo_action_recaptcha_settings_save’, [ $this, ‘recaptcha_settings_save’ ] );111 add_action( 'wpforo_action_rss_settings_save’, [ $this, ‘rss_settings_save’ ] );112 add_action( 'wpforo_action_seo_settings_save’, [ $this, ‘seo_settings_save’ ] );113 add_action( 'wpforo_action_social_settings_save’, [ $this, ‘social_settings_save’ ] );114 add_action( 'wpforo_action_styles_settings_save’, [ $this, ‘styles_settings_save’ ] );115 add_action( 'wpforo_action_tags_settings_save’, [ $this, ‘tags_settings_save’ ] );116 add_action( 'wpforo_action_topics_settings_save’, [ $this, ‘topics_settings_save’ ] );117 add_action( 'wpforo_action_um_settings_save’, [ $this, ‘um_settings_save’ ] );118 add_action( 'wpforo_action_legal_settings_save’, [ $this, ‘legal_settings_save’ ] );119120 add_action( 'wpforo_action_board_add’, [ $this, ‘board_add’ ] );121 add_action( 'wpforo_action_board_edit’, [ $this, ‘board_edit’ ] );122 add_action( 'wpforo_action_board_delete’, [ $this, ‘board_delete’ ] );123124 add_action( 'wpforo_action_add_new_xml_translation’, [ $this, ‘add_new_xml_translation’ ] );125 add_action( 'wpforo_action_phrases_change_lang’, [ $this, ‘phrases_change_lang’ ] );126 add_action( 'wpforo_action_dashboard_options_save’, [ $this, ‘dashboard_options_save’ ] );127 add_action( 'wpforo_action_colors_css_download’, [ $this, ‘colors_css_download’ ] );128// add_action( 'wpforo_action_cleanup_options_save’, [ $this, ‘cleanup_options_save’ ] );129 add_action( 'wpforo_action_misc_options_save’, [ $this, ‘misc_options_save’ ] );130 add_action( 'wpforo_action_legal_options_save’, [ $this, ‘legal_options_save’ ] );131 add_action( 'wpforo_action_delete_spam_file’, [ $this, ‘delete_spam_file’ ] );132 add_action( 'wpforo_action_delete_all_spam_files’, [ $this, ‘delete_all_spam_files’ ] );133 add_action( 'wpforo_action_database_update’, [ $this, ‘database_update’ ] );134135 add_action( 'wpforo_action_forum_add’, [ $this, ‘forum_add’ ] );136 add_action( 'wpforo_action_forum_edit’, [ $this, ‘forum_edit’ ] );137 add_action( 'wpforo_action_forum_delete’, [ $this, ‘forum_delete’ ] );138 add_action( 'wpforo_action_forum_hierarchy_save’, [ $this, ‘forum_hierarchy_save’ ] );139140 add_action( 'wpforo_action_dashboard_post_unapprove’, [ $this, ‘dashboard_post_unapprove’ ] );141 add_action( 'wpforo_action_dashboard_post_approve’, [ $this, ‘dashboard_post_approve’ ] );142 add_action( 'wpforo_action_dashboard_post_delete’, [ $this, ‘dashboard_post_delete’ ] );143 add_action( 'wpforo_action_bulk_moderation’, [ $this, ‘bulk_moderation’ ] );144145 add_action( 'wpforo_action_phrase_add’, [ $this, ‘phrase_add’ ] );146 add_action( 'wpforo_action_phrase_edit_form’, [ $this, ‘phrase_edit_form’ ] );147 add_action( 'wpforo_action_phrase_edit’, [ $this, ‘phrase_edit’ ] );148149 add_action( 'wpforo_action_user_ban’, [ $this, ‘user_ban’ ] );150 add_action( 'wpforo_action_user_unban’, [ $this, ‘user_unban’ ] );151 add_action( 'wpforo_action_user_activate’, [ $this, ‘user_activate’ ] );152 add_action( 'wpforo_action_user_deactivate’, [ $this, ‘user_deactivate’ ] );153 add_action( 'wpforo_action_bulk_members’, [ $this, ‘bulk_members’ ] );154155 add_action( 'wpforo_action_usergroup_add’, [ $this, ‘usergroup_add’ ] );156 add_action( 'wpforo_action_usergroup_edit’, [ $this, ‘usergroup_edit’ ] );157 add_action( 'wpforo_action_usergroup_delete’, [ $this, ‘usergroup_delete’ ] );158 add_action( 'wpforo_action_default_groupid_change’, [ $this, ‘default_groupid_change’ ] );159 add_action( 'wpforo_action_usergroup_delete_form’, [ $this, ‘usergroup_delete_form’ ] );160161 add_action( 'wpforo_action_access_add’, [ $this, ‘access_add’ ] );162 add_action( 'wpforo_action_access_edit’, [ $this, ‘access_edit’ ] );163 add_action( 'wpforo_action_access_delete’, [ $this, ‘access_delete’ ] );164165 add_action( 'wpforo_action_theme_activate’, [ $this, ‘theme_activate’ ] );166 add_action( 'wpforo_action_theme_delete’, [ $this, ‘theme_delete’ ] );167168 add_action( 'wpforo_action_update_addons_css’, [ $this, ‘update_addons_css’ ] );169 add_action( 'wpforo_action_dissmiss_poll_version_is_old’, [ $this, ‘dissmiss_poll_version_is_old’ ] );170171 add_action( 'wpforo_action_uninstall’, [ $this, ‘uninstall’ ] );172 }173 add_action( 'wpforo_action_reset_all_caches’, [ $this, ‘reset_all_caches’ ] );174 }175176 /**177 * wpforo main actions doing place178 */179 public function do_actions() {180 do_action( ‘wpforo_actions’ );181 $wpforo_actions = array_unique( array_merge( (array) wpfval( $_POST, ‘wpfaction’ ), (array) wpfval( WPF()->GET, ‘wpfaction’ ) ) );182 if( ! empty( $wpforo_actions ) ) {183 foreach( $wpforo_actions as $wpforo_action ) {184 $wpforo_action = sanitize_title( $wpforo_action );185 do_action( “wpforo_action_{$wpforo_action}” );186 }187 }188 do_action( ‘wpforo_actions_end’ );189 }190191 /**192 * init wpforo default attachments system when wpforo advanced attachments addon has not exists193 */194 public function init_default_attach_hooks() {195 add_action( 'delete_attachment’, 'wpforo_delete_attachment’, 10 );196 if( has_action( 'wpforo_topic_form_extra_fields_after’, [ WPF()->tpl, ‘add_default_attach_input’ ] ) ) {197 add_filter( 'wpforo_add_topic_data_filter’, ‘wpforo_add_default_attachment’ );198 add_filter( 'wpforo_edit_topic_data_filter’, ‘wpforo_add_default_attachment’ );199 add_filter( 'wpforo_add_post_data_filter’, ‘wpforo_add_default_attachment’ );200 add_filter( 'wpforo_edit_post_data_filter’, ‘wpforo_add_default_attachment’ );201 add_filter( 'wpforo_body_text_filter’, ‘wpforo_default_attachments_filter’ );202 }203 }204205 /**206 * init wp emojis when wpforo emoticons addon has not exists207 */208 public function init_wp_emoji_hooks() {209 if( ! class_exists( ‘wpForoSmiles’ ) ) {210 add_filter( 'wpforo_body_text_filter’, 'wp_encode_emoji’, 9 );211 add_filter( 'wpforo_body_text_filter’, ‘convert_smilies’ );212 }213 }214215 /**216 * get request_uri redirect to url with concatenation of &can_do=do217 * @return bool true if you can do action now | false if you can not do action now218 */219 private function can_do() {220 if( wpfval( $_GET, ‘can_do’ ) === ‘do’ ) return true;221222 $refresh_url = preg_replace( '#&can_do=?[^=?&\r\n]*#isu’, '’, wpforo_get_request_uri() );223 $refresh_url .= '&can_do=do’;224 header( “refresh:0.1;url=” . $refresh_url );225226 add_filter( ‘wpforo_admin_loading’, ‘__return_true’ );227228 return false;229 }230231 /**232 * @return string $u_action return union bulk action233 */234 private function get_current_bulk_action() {235 $u_action = ‘’;236 if( ! empty( $_GET[‘action’] ) && $_GET[‘action’] !== '-1’ ) {237 $u_action = sanitize_textarea_field( $_GET[‘action’] );238 } elseif( ! empty( $_GET[‘action2’] ) && $_GET[‘action2’] !== '-1’ ) {239 $u_action = sanitize_textarea_field( $_GET[‘action2’] );240 }241242 return $u_action;243 }244245 /**246 * catch if rss url show rss feed for given arguments247 */248 public function feed_rss2() {249 if( wpfval( WPF()->GET, ‘type’ ) === ‘rss2’ ) {250 $forum_rss_items = apply_filters( 'wpforo_forum_feed_limit’, 10 );251 $topic_rss_items = apply_filters( 'wpforo_topic_feed_limit’, 10 );252253 $forumid = intval( wpfval( WPF()->GET, ‘forum’ ) );254 if( ! $forumid ) {255 $forum = [];256 $forum[‘forumurl’] = wpforo_home_url();257 $forum[‘title’] = '’;258 } elseif( $forum = wpforo_forum( $forumid ) ) {259 $forum[‘forumurl’] = $forum[‘url’];260 }261262 if( wpfval( WPF()->GET, ‘topic’ ) ) {263 $topicid = intval( WPF()->GET[‘topic’] );264 if( ! $topicid ) {265 $posts = WPF()->post->get_posts( [266 ‘row_count’ => $topic_rss_items,267 ‘orderby’ => '`created` DESC, `postid` DESC’,268 ‘check_private’ => true,269 ] );270 $topic[‘title’] = '’;271 $topic[‘topicurl’] = wpforo_home_url();272 } else {273 $topic = wpforo_topic( $topicid );274 $topic[‘topicurl’] = ( wpfval( $topic, ‘url’ ) ) ? $topic[‘url’] : WPF()->topic->get_url( $topicid );275 $posts = WPF()->post->get_posts( [276 ‘topicid’ => $topicid,277 ‘row_count’ => $topic_rss_items,278 ‘orderby’ => '`created` DESC, `postid` DESC’,279 ‘check_private’ => true,280 ] );281 }282 foreach( $posts as $key => $post ) {283 $member = wpforo_member( $post );284 $posts[ $key ][‘description’] = wpforo_text( trim( strip_tags( $post[‘body’] ) ), 190, false );285 $posts[ $key ][‘content’] = trim( $post[‘body’] );286 $posts[ $key ][‘posturl’] = WPF()->post->get_url( $post[‘postid’] );287 $posts[ $key ][‘author’] = $member[‘display_name’];288 }289 WPF()->feed->rss2_topic( $forum, $topic, $posts );290 } else {291 if( ! $forumid ) {292 $topics = WPF()->topic->get_topics( [293 ‘row_count’ => $forum_rss_items,294 ‘orderby’ => 'created’,295 ‘order’ => 'DESC’,296 ] );297 } else {298 $topics = WPF()->topic->get_topics( [299 ‘forumid’ => $forumid,300 ‘row_count’ => $forum_rss_items,301 ‘orderby’ => 'created’,302 ‘order’ => 'DESC’,303 ] );304 }305 foreach( $topics as $key => $topic ) {306 $post = wpforo_post( $topic[‘first_postid’] );307 $member = wpforo_member( $topic );308 $topics[ $key ][‘description’] = wpforo_text( trim( strip_tags( $post[‘body’] ) ), 190, false );309 $topics[ $key ][‘content’] = trim( $post[‘body’] );310 $topics[ $key ][‘topicurl’] = WPF()->topic->get_url( $topic[‘topicid’] );311 $topics[ $key ][‘author’] = $member[‘display_name’];312 }313 WPF()->feed->rss2_forum( $forum, $topics );314 }315 exit();316 }317 }318319 /**320 * ucf_file_delete delete /wp-content/uploads/UCFFILENAME321 */322 public function ucf_file_delete() {323 $userid = 0;324 if( wpfval( WPF()->GET, ‘foro_f’ ) && wpfval( WPF()->GET, ‘foro_u’ ) && wpfval( WPF()->GET, ‘foro_n’ ) ) {325 if( wp_verify_nonce( WPF()->GET[‘foro_n’], ‘wpforo_delete_profile_field’ ) ) {326 $userid = intval( WPF()->GET[‘foro_u’] );327 $field = sanitize_title( WPF()->GET[‘foro_f’] );328 if( $file = WPF()->member->get_custom_field( $userid, $field ) ) {329 $file = wpforo_fix_upload_dir( $file );330 $result = WPF()->member->update_custom_field( $userid, $field, ‘’ );331 if( $result ) {332 if( file_exists( $file ) ) @unlink( $file );333 WPF()->phrase->clear_cache();334 WPF()->notice->add( 'Deleted Successfully!’, ‘success’ );335 } else {336 WPF()->notice->clear();337 WPF()->notice->add( 'Sorry, this file cannot be deleted’, ‘error’ );338 }339 }340 }341 }342343 wp_safe_redirect( $userid ? WPF()->member->get_profile_url( $userid, ‘account’ ) : wpforo_home_url() );344 exit();345 }346347 /**348 * mark all bold forum topics as read349 */350 public function mark_all_read() {351 if( wpfval( WPF()->GET, ‘foro’ ) === ‘allread’ ) {352 if( wpfval( WPF()->GET, ‘foro_n’ ) && wp_verify_nonce( WPF()->GET[‘foro_n’], ‘wpforo_mark_all_read’ ) ) {353 WPF()->log->mark_all_read();354 $current_url = wpforo_get_request_uri();355 $current_url = strtok( $current_url, ‘?’ );356 wp_safe_redirect( $current_url );357 exit();358 }359 }360 }361362 /**363 * Open/Close Frontend Admin CPanel364 */365 public function acp_toggle() {366 wpforo_verify_nonce( ‘wpforo_acp_toggle’ );367 $toggle_status = wpfval( $_POST, ‘toggle_status’ );368 if( in_array( $toggle_status, [ 'open’, ‘close’ ] ) ) {369 update_user_meta( WPF()->current_userid, 'wpf-acp-toggle’, $toggle_status );370 wp_send_json_success();371 } else {372 wp_send_json_error();373 }374 }375376 /**377 * set a notification read378 */379 public function mark_notification_read() {380 if( wpfval( WPF()->GET, ‘_nread’ ) && is_user_logged_in() ) {381 if( wpfval( WPF()->GET, ‘foro_n’ ) && wp_verify_nonce( WPF()->GET[‘foro_n’], ‘wpforo_mark_notification_read’ ) ) {382 $id = intval( WPF()->GET[‘_nread’] );383 WPF()->activity->read_notification( $id );384 $current_url = wpforo_get_request_uri();385 $current_url = strtok( $current_url, ‘?’ );386 wp_safe_redirect( $current_url );387 exit();388 }389 }390 }391392 /**393 * clear all notifications394 */395 public function clear_all_notifications() {396 if( wpfval( $_POST, ‘foro_n’ ) && wp_verify_nonce( $_POST[‘foro_n’], ‘wpforo_clear_notifications’ ) ) {397 WPF()->activity->clear_notifications();398 echo WPF()->activity->get_no_notifications_html();399 }400 exit();401 }402403 public function profile_cover_upload() {404405 wpforo_verify_nonce( ‘wpforo_profile_cover_upload’ );406407 if( WPF()->current_object[‘user’] && WPF()->usergroup->can( ‘upc’ ) && WPF()->perm->user_can_edit_account( WPF()->current_object[‘user’] ) && ($image_blob = wpfval( $_POST, ‘image_blob’ )) ){408409 // split the base64 encoded string:410 // $data[ 0 ] == "data:image/png;base64,/xd92204dsdds1…"411 // $data[ 1 ] == <actual base64 string>412 $data = explode( ',’, $image_blob );413 if( isset( $data[1] ) ){414 // Decode it back to binary415 $file_content = base64_decode($data[1]);416 } else {417 // This part can be removed, I just leave it for an unknown case418 $file_content = file_get_contents($image_blob);419 }420421 if( $file_content ){422 $file_basename = WPF()->current_object[‘user’][‘user_login’] . ‘_’ . WPF()->current_object[‘user’][‘userid’] . '.jpg’;423 $file_dir = WPF()->folders[‘covers’][‘dir’] . DIRECTORY_SEPARATOR . $file_basename;424 $file_url = WPF()->folders[‘covers’][‘url//’] . ‘/’ . $file_basename;425 if( file_put_contents($file_dir, $file_content) ){426 WPF()->member->update_profile_field( WPF()->current_object[‘user’][‘userid’], 'cover’, $file_url );427 wp_send_json_success();428 }429 }430 }431 wp_send_json_error();432 }433434 public function profile_cover_delete() {435 wpforo_verify_nonce( ‘wpforo_profile_cover_delete’ );436437 if( WPF()->current_object[‘user’] && WPF()->usergroup->can( ‘upc’ ) && WPF()->perm->user_can_edit_account( WPF()->current_object[‘user’] ) ){438 WPF()->member->update_profile_field( WPF()->current_object[‘user’][‘userid’], 'cover’, ‘’ );439 wp_send_json_success( [ ‘background_url’ => wpforo_setting( 'profiles’, ‘default_cover’ ) ] );440 }441 wp_send_json_error();442 }443444 public function profiles_default_cover_upload() {445446 if( $image_blob = wpfval( $_POST, ‘image_blob’ ) ){447448 // split the base64 encoded string:449 // $data[ 0 ] == "data:image/png;base64,/xd92204dsdds1…"450 // $data[ 1 ] == <actual base64 string>451 $data = explode( ',’, $image_blob );452 if( isset( $data[1] ) ){453 // Decode it back to binary454 $file_content = base64_decode($data[1]);455 } else {456 // This part can be removed, I just leave it for an unknown case457 $file_content = file_get_contents($image_blob);458 }459460 if( $file_content ){461 $file_basename = 'profiles_custom_default_cover.jpg’;462 $file_dir = WPF()->folders[‘covers’][‘dir’] . DIRECTORY_SEPARATOR . $file_basename;463 $file_url = WPF()->folders[‘covers’][‘url//’] . ‘/’ . $file_basename;464 if( file_put_contents($file_dir, $file_content) ){465 WPF()->settings->profiles[‘default_cover’] = $file_url;466 wpforo_update_option( 'wpforo_profiles’, WPF()->settings->profiles );467 wp_send_json_success();468 }469 }470 }471 wp_send_json_error();472 }473474 public function get_topic_head_more_info() {475 wpforo_verify_nonce( ‘wpforo_get_topic_head_more_info’ );476 if( $topicid = wpforo_bigintval( wpfval( $_POST, ‘topicid’ ) ) ){477 wp_send_json_success( [ ‘html’ => wpforo_topic_active_participants( $topicid ) . wpforo_topic_overview( $topicid ) ] );478 }479480 wp_send_json_error();481 }482483 public function get_topic_overview_chunk() {484 wpforo_verify_nonce( ‘wpforo_get_topic_overview_chunk’ );485 if( $topicid = wpforo_bigintval( wpfval( $_POST, ‘topicid’ ) ) ){486 if( !( $chunksize = (int) wpfval( $_POST, ‘chunksize’ ) ) ) $chunksize = 5;487 $offset = (int) wpfval( $_POST, ‘offset’ );488489 wp_send_json_success( wpforo_get_topic_overview_chunk( $topicid, $chunksize, $offset ) );490 }491492 wp_send_json_error();493 }494495 public function get_overview() {496 wpforo_verify_nonce( ‘wpforo_get_overview’ );497 if( $postid = wpforo_bigintval( wpfval( $_POST, ‘postid’ ) ) ){498 if( $post = wpforo_post( $postid ) ){499 wp_send_json_success(500 [501 ‘title’ => '<i class="fas fa-user"></i>  ' . wpforo_phrase( 'Posted by ', false )502 . ' ' . wpforo_member_link(wpforo_member($post), '’, 20, '’, false)503 . ' • '504 . ' ' . wpforo_date($post[‘created’], 'ago’, false),505 ‘content’ => trim( wpforo_content( $post, false ) ),506 ]507 );508 }509 }510511 wp_send_json_error();512 }513514 /**515 * registration form submit action516 */517 public function registration() {518 if( ! empty( $_POST[‘wpfreg’] ) ) {519 wpforo_verify_form( ‘wpforo_user_register’ );520 if( $userid = WPF()->member->create( $_POST ) ) {521 if( wpforo_setting( 'authorization’, ‘redirect_url_after_register’ ) ) {522 $redirect_url = wpforo_setting( 'authorization’, ‘redirect_url_after_register’ );523 } elseif( ( $redirect_to = wpfval( $_GET, ‘redirect_to’ ) ) && wpforo_is_url_internal( urldecode( $redirect_to ) ) ) {524 $redirect_url = urldecode( $redirect_to );525 } elseif( is_wpforo_url() ) {526 $redirect_url = preg_replace( '#\?.*$#is’, '’, wpforo_get_request_uri() );527 } else {528 $redirect_url = ( wpforo_setting( 'authorization’, ‘user_register_email_confirm’ ) ? wpforo_home_url() : WPF()->member->get_profile_url( $userid, ‘account’ ) );529 }530531 wp_safe_redirect( $redirect_url );532 exit();533 }534 }535 }536537 /**538 * login form submit action539 */540 public function login() {541 wpforo_verify_form( ‘login’ );542 if( isset( $_POST[‘wpforologin’] ) && isset( $_POST[‘log’] ) && isset( $_POST[‘pwd’] ) ) {543 if( ! is_wp_error( $user = wp_signon() ) ) {544 $wpf_login_times = intval( get_user_meta( $user->ID, '_wpf_login_times’, true ) );545 if( isset( $user->ID ) && $wpf_login_times >= 1 ) {546 $name = ( isset( $user->data->display_name ) ) ? $user->data->display_name : '’;547 WPF()->notice->add( 'Welcome back %s!’, 'success’, $name );548 } else {549 WPF()->notice->add( 'Welcome to our Community!’, ‘success’ );550 }551 $wpf_login_times ++;552 update_user_meta( $user->ID, '_wpf_login_times’, $wpf_login_times );553 if( wpforo_setting( 'authorization’, ‘redirect_url_after_login’ ) ) {554 $redirect_url = wpforo_setting( 'authorization’, ‘redirect_url_after_login’ );555 } elseif( ( $redirect_to = wpfval( $_GET, ‘redirect_to’ ) ) && wpforo_is_url_internal( urldecode( $redirect_to ) ) ) {556 $redirect_url = urldecode( $redirect_to );557 } elseif( is_wpforo_url() ) {558 $redirect_url = preg_replace( '#\?.*$#is’, '’, wpforo_get_request_uri() );559 } else {560 $redirect_url = wpforo_home_url();561 }562 wp_safe_redirect( $redirect_url );563 } else {564 $args = [];565 foreach( $user->errors as $u_err ) $args[] = $u_err[0];566 WPF()->notice->add( $args, ‘error’ );567 wp_safe_redirect( wpforo_get_request_uri() );568 }569 exit();570 }571 }572573 public function lostpassword() {574 wpforo_verify_form( ‘lostpassword’ );575 $redirect_url = wp_get_raw_referer();576 if( wpfval( $_POST, ‘user_login’ ) ) {577 $errors = retrieve_password();578 if( is_wp_error( $errors ) ) {579 $redirect_url = wpforo_lostpassword_url();580 WPF()->notice->add( implode( ',’, $errors->get_error_messages() ), ‘error’ );581 } else {582 $redirect_url = wpforo_login_url();583 WPF()->notice->add( 'Email has been sent’, ‘success’ );584 }585 }586587 wp_safe_redirect( $redirect_url );588 exit();589 }590591 public function resetpassword_form() {592 $rp_key = sanitize_text_field( wp_unslash( $_REQUEST[‘rp_key’] ) );593 $rp_login = sanitize_user( wp_unslash( $_REQUEST[‘rp_login’] ) );594 $user = check_password_reset_key( $rp_key, $rp_login );595 if( ! $user || is_wp_error( $user ) ) {596 if( $user && $user->get_error_code() === ‘expired_key’ ) {597 WPF()->notice->add( 'The key is expired’, ‘error’ );598 } else {599 WPF()->notice->add( 'The key is invalid’, ‘error’ );600 }601 wp_safe_redirect( wpforo_login_url() );602 exit();603 }604 }605606 public function resetpassword() {607 $this->resetpassword_form();608609 $pass1 = wpfval( $_POST, ‘pass1’ );610 $pass2 = wpfval( $_POST, ‘pass2’ );611612 if( ! $pass1 ) {613 WPF()->notice->add( 'The password reset empty’, ‘error’ );614 wp_safe_redirect( wp_get_raw_referer() );615 exit();616 }617618 if( strlen( $pass1 ) < WPF()->member->pass_min_length || strlen( $pass1 ) > WPF()->member->pass_max_length ) {619 WPF()->notice->add( 'Password length must be between %d characters and %d characters.’, 'error’, [620 WPF()->member->pass_min_length,621 WPF()->member->pass_max_length,622 ] );623 wp_safe_redirect( wp_get_raw_referer() );624 exit();625 }626627 if( $pass1 !== $pass2 ) {628 WPF()->notice->add( 'The password reset mismatch’, ‘error’ );629 wp_safe_redirect( wp_get_raw_referer() );630 exit();631 }632633 $rp_login = sanitize_user( wp_unslash( $_REQUEST[‘rp_login’] ) );634 reset_password( get_user_by( 'login’, $rp_login ), $pass1 );635 wp_signon( [ ‘user_login’ => $rp_login, ‘user_password’ => $pass1 ] );636637 WPF()->notice->add( 'The password has been changed’, ‘success’ );638 wp_safe_redirect( wpforo_home_url() );639 exit();640 }641642 public function logout() {643 wp_logout();644 $redirect_url = wpforo_home_url();645 if( ( $redirect_to = wpfval( $_GET, ‘redirect_to’ ) ) && wpforo_is_url_internal( urldecode( $redirect_to ) ) ) {646 $redirect_url = urldecode( $redirect_to );647 if( strpos( $redirect_url, ‘lostpassword’ ) !== false ) $redirect_url = wpforo_login_url();648 }649 wp_safe_redirect( $redirect_url );650 exit();651 }652653 /**654 * profile_update form submit action655 */656 public function profile_update() {657 if( wpfval( $_POST, 'member’, ‘userid’ ) ) {658 wpforo_verify_form();659 $uid = intval( $_POST[‘member’][‘userid’] );660 if( ! ( $uid === WPF()->current_userid || ( WPF()->usergroup->can( ‘em’ ) && WPF()->perm->user_can_manage_user( WPF()->current_userid, $uid ) ) ) ) {661 WPF()->notice->clear();662 WPF()->notice->add( 'Permission denied’, ‘error’ );663 wp_safe_redirect( wpforo_get_request_uri() );664 exit();665 }666 if( WPF()->member->update( $_POST ) ) {667 if( $profile_url = WPF()->member->get_profile_url( $uid, 'account’, false ) ) {668 wp_safe_redirect( $profile_url );669 exit();670 }671 }672 }673674 wp_safe_redirect( wpforo_get_request_uri() );675 exit();676 }677678 public function cantlogin_contact() {679 if( wpforo_setting( 'authorization’, ‘manually_approval_contact_form’ ) && ($msg = wpfval( $_POST, ‘msg’ )) ){680 $admin_emails = wpforo_setting( 'email’, ‘admin_emails’ );681 $admin_email = wpfval($admin_emails, 0);682 $sbj = wpforo_phrase( 'Request for account approval’, false ) . ' ( ‘. wpfval( $_POST, ‘user_login’ ) .’ )';683684 add_filter( 'wp_mail_content_type’, 'wpforo_set_html_content_type’, 999 );685 if( @wpforo_send_email( $admin_email, $sbj, $msg, wpforo_admin_mail_headers() ) ) {686 WPF()->notice->add( 'Message has been sent’, ‘success’ );687 } else {688 WPF()->notice->add( 'Can\’t send report email’, ‘error’ );689 }690 remove_filter( 'wp_mail_content_type’, ‘wpforo_set_html_content_type’ );691 }692693 wp_safe_redirect( wpforo_home_url() );694 exit();695 }696697 /**698 * topic_add form submit action699 */700 public function topic_add() {701 wpforo_verify_form();702 $args = $_REQUEST[‘thread’];703 $args[‘postmetas’] = (array) wpfval( $_REQUEST, ‘data’ );704 if( $topicid = WPF()->topic->add( $args ) ) {705 wp_safe_redirect( WPF()->topic->get_url( $topicid ) );706 exit();707 }708 wp_safe_redirect( wpforo_get_request_uri() );709 exit();710 }711712 /**713 * topic_edit form submit action714 */715 public function topic_edit() {716 wpforo_verify_form();717 $args = $_REQUEST[‘thread’];718 $args[‘postmetas’] = (array) wpfval( $_REQUEST, ‘data’ );719 if( $topicid = WPF()->topic->edit( $args ) ) {720 wp_safe_redirect( WPF()->topic->get_url( $topicid ) );721 exit();722 }723 wp_safe_redirect( wpforo_get_request_uri() );724 exit();725 }726727 /**728 * post_add form submit action729 */730 public function post_add() {731 wpforo_verify_form();732 $args = $_REQUEST[‘post’];733 $args[‘postmetas’] = (array) wpfval( $_REQUEST, ‘data’ );734 if( $postid = WPF()->post->add( $args ) ) {735 wp_safe_redirect( WPF()->post->get_url( $postid ) );736 exit();737 }738 wp_safe_redirect( wpforo_get_request_uri() );739 exit();740 }741742 /**743 * post_edit form submit action744 */745 public function post_edit() {746 wpforo_verify_form();747 $args = $_REQUEST[‘post’];748 $args[‘postmetas’] = (array) wpfval( $_REQUEST, ‘data’ );749 if( $postid = WPF()->post->edit( $args ) ) {750 wp_safe_redirect( WPF()->post->get_url( $postid ) );751 exit();752 }753 wp_safe_redirect( wpforo_get_request_uri() );754 exit();755 }756757 /**758 * topic_move form submit action759 */760 public function topic_move() {761 if( ! empty( $_POST[‘topic_move’] ) ) {762 wpforo_verify_form();763 $topicid = intval( wpfval( $_POST[‘topic_move’], ‘topicid’ ) );764 $forumid = intval( wpfval( $_POST[‘topic_move’], ‘forumid’ ) );765 if( $topicid && $forumid ) {766 WPF()->topic->move( $topicid, $forumid );767 $url = WPF()->topic->get_url( $topicid, [], false );768 wpforo_clean_cache();769 wp_safe_redirect( $url );770 exit();771 }772 }773774 wp_safe_redirect( wpforo_get_request_uri() );775 exit();776 }777778 /**779 * topic_merge form submit action780 */781 public function topic_merge() {782 wpforo_verify_form();783 $redirect_to = wpforo_get_request_uri();784 if( WPF()->current_object[‘topic’] && ! empty( $_POST[‘wpforo’] ) && ! empty( $_POST[‘wpforo’][‘target_topic_url’] ) ) {785 $target_slug = wpforo_get_topic_slug_from_url( esc_url( $_POST[‘wpforo’][‘target_topic_url’] ) );786 if( ! is_null( $target_slug ) && $target = WPF()->topic->get_topic( $target_slug ) ) {787 $append = ( empty( $_POST[‘wpforo’][‘update_date_and_append’] ) ? 0 : 1 );788 $to_target_title = ( empty( $_POST[‘wpforo’][‘to_target_title’] ) ? 0 : 1 );789790 if( WPF()->topic->merge( $target, WPF()->current_object[‘topic’], [], $to_target_title, $append ) ) {791 $redirect_to = WPF()->topic->get_url( $target, [], false );792 wpforo_clean_cache();793 }794 } else {795 WPF()->notice->add( 'Target Topic not found’, ‘error’ );796 }797 }798 wp_safe_redirect( $redirect_to );799 exit();800 }801802 /**803 * topic_split form submit action804 */805 public function topic_split() {806 wpforo_verify_form();807 $redirect_to = wpforo_get_request_uri();808 if( WPF()->current_object[‘topic’] && ! empty( $_POST[‘wpforo’] ) ) {809 if( ! empty( $_POST[‘wpforo’][‘create_new’] ) ) {810 $args = [811 ‘title’ => sanitize_text_field( $_POST[‘wpforo’][‘new_topic_title’] ),812 ‘forumid’ => intval( $_POST[‘wpforo’][‘new_topic_forumid’] ),813 ‘postids’ => array_map( 'intval’, $_POST[‘wpforo’][‘posts’] ),814 ];815 $to_target_title = ( empty( $_POST[‘wpforo’][‘to_target_title’] ) ? 0 : 1 );816 if( $topicid = WPF()->topic->split( $args, $to_target_title ) ) {817 $redirect_to = WPF()->topic->get_url( $topicid );818 }819 } else {820 if( ! empty( $_POST[‘wpforo’][‘target_topic_url’] ) && ! empty( $_POST[‘wpforo’][‘posts’] ) ) {821 $target_slug = wpforo_get_topic_slug_from_url( esc_url( $_POST[‘wpforo’][‘target_topic_url’] ) );822 if( ! is_null( $target_slug ) && $target = WPF()->topic->get_topic( $target_slug ) ) {823 $append = ( empty( $_POST[‘wpforo’][‘update_date_and_append’] ) ? 0 : 1 );824 $to_target_title = ( empty( $_POST[‘wpforo’][‘to_target_title’] ) ? 0 : 1 );825 $postids = array_map( 'intval’, $_POST[‘wpforo’][‘posts’] );826 if( WPF()->topic->merge( $target, WPF()->current_object[‘topic’], $postids, $to_target_title, $append ) ) {827 $redirect_to = WPF()->topic->get_url( $target );828 }829 } else {830 WPF()->notice->add( 'Target Topic not found’, ‘error’ );831 }832 }833 }834 }835 wp_safe_redirect( $redirect_to );836 exit();837 }838839 /**840 * board add action841 */842 public function board_add() {843 check_admin_referer( ‘wpforo-board-add’ );844 if( $board = (array) wpfval( $_POST, ‘board’ ) ) {845 if( ! ( $board[‘locale’] = trim( $board[‘locale’] ) ) ) $board[‘locale’] = 'en_US’;846 $status = wpfkey( $board, ‘status’ ) ? (int) wpfval( $board, ‘status’ ) : 1;847 if( $boardid = WPF()->board->add( $board ) ) {848 // Handle translation installation.849 if( $status && $board[‘locale’] && current_user_can( ‘install_languages’ ) ) {850 require_once ABSPATH . 'wp-admin/includes/file.php’;851 require_once ABSPATH . 'wp-admin/includes/translation-install.php’;852 if( wp_can_install_language_pack() ) wp_download_language_pack( $board[‘locale’] );853 }854855 if( ( $board = WPF()->board->_get_board( $boardid ) ) && $status ) {856 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-' . $boardid . '-settings’ ) );857 exit();858 }859 }860 }861862 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-boards’ ) );863 exit();864 }865866 /**867 * board edit action868 */869 public function board_edit() {870 check_admin_referer( ‘wpforo-board-edit’ );871 if( $board = (array) wpfval( $_POST, ‘board’ ) ) {872 $boardid = (int) wpfval( $board, ‘boardid’ );873 $status = wpfkey( $board, ‘status’ ) ? (int) wpfval( $board, ‘status’ ) : 1;874 if( ! ( $board[‘locale’] = trim( $board[‘locale’] ) ) ) $board[‘locale’] = 'en_US’;875 if( WPF()->board->edit( $board, $boardid ) ) {876 if( $status && ! is_wpforo_multiboard() ){877 wp_update_post(878 [879 ‘ID’ => $board[‘pageid’],880 ‘post_name’ => $board[‘slug’],881 ]882 );883 }884 // Handle translation installation.885 if( $status && $board[‘locale’] && current_user_can( ‘install_languages’ ) ) {886 require_once ABSPATH . 'wp-admin/includes/file.php’;887 require_once ABSPATH . 'wp-admin/includes/translation-install.php’;888 if( wp_can_install_language_pack() ) wp_download_language_pack( $board[‘locale’] );889 }890 }891 }892893 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-boards’ ) );894 exit();895 }896897 /**898 * board delete action899 */900 public function board_delete() {901 if( ( $boardid = (int) wpfval( $_GET, ‘boardid’ ) ) && $boardid === WPF()->board->get_current( ‘boardid’ ) ) {902 check_admin_referer( 'wpforo-board-delete-' . $boardid );903 wpforo_board_uninstall( $boardid );904 }905906 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-boards’ ) );907 exit();908 }909910 /**911 * action to synchronize wp_users to wp_wpforo_profiles912 */913 public function synch_user_profiles() {914 check_admin_referer( ‘wpforo_synch_user_profiles’ );915916 if( $this->can_do() ) {917 wpforo_set_max_execution_time();918 wp_raise_memory_limit();919920 if( WPF()->member->synchronize_users( apply_filters( 'wpforo_rebuild_per_request’, 200 ) ) ) {921 WPF()->member->clear_db_cache();922 wpforo_clean_cache();923 WPF()->notice->add( 'Synched Successfully!’, ‘success’ );924 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-overview’ ) );925 } else {926 wp_safe_redirect( htmlspecialchars_decode( wp_nonce_url( admin_url( ‘admin.php?page=wpforo-overview&wpfaction=synch_user_profiles’ ), ‘wpforo_synch_user_profiles’ ) ) );927 }928 exit();929 }930 }931932 /**933 * reset user caches934 */935 public function reset_user_cache() {936 check_admin_referer( ‘wpforo_reset_user_cache’ );937938 if( ! current_user_can( ‘administrator’ ) ) {939 WPF()->notice->add( 'Permission denied’, ‘error’ );940 wp_safe_redirect( admin_url() );941 exit();942 }943944 wpforo_set_max_execution_time();945 wp_raise_memory_limit();946947 WPF()->member->clear_db_cache();948 WPF()->notice->add( 'Deleted Successfully!’, ‘success’ );949950 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-overview’ ) );951 exit();952 }953954 /**955 * rebuild forums statistics first|last posts etc.956 */957 public function reset_forums_stats() {958 check_admin_referer( ‘wpforo_reset_forums_stat’ );959960 if( ! current_user_can( ‘administrator’ ) ) {961 WPF()->notice->add( 'Permission denied’, ‘error’ );962 wp_safe_redirect( admin_url() );963 exit();964 }965966 wpforo_set_max_execution_time();967 wp_raise_memory_limit();968969 $forumids = WPF()->db->get_col( “SELECT `forumid` FROM " . WPF()->tables->forums . " WHERE `is_cat` = 0 ORDER BY `forumid` ASC” );970 if( ! empty( $forumids ) ) {971 foreach( $forumids as $forumid ) {972 WPF()->forum->rebuild_stats( $forumid );973 }974 WPF()->statistic_cache_clean();975 WPF()->forum->delete_tree_cache();976 WPF()->notice->add( 'Updated Successfully!’, ‘success’ );977 }978979 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );980 exit();981 }982983 /**984 * rebuild topics statistics first|last posts etc.985 */986 public function reset_topics_stats() {987 check_admin_referer( ‘wpforo_reset_topics_stat’ );988989 if( ! current_user_can( ‘administrator’ ) ) {990 WPF()->notice->add( 'Permission denied’, ‘error’ );991 wp_safe_redirect( admin_url() );992 exit();993 }994995 if( $this->can_do() ) {996 wpforo_set_max_execution_time();997 wp_raise_memory_limit();998999 $lastid = (int) wpfval( $_GET, ‘topic_lastid’ );1000 $sql = "SELECT `topicid` FROM " . WPF()->tables->topics . " WHERE `topicid` > %d ORDER BY `topicid` ASC LIMIT %d";1001 $topicids = WPF()->db->get_col( WPF()->db->prepare( $sql, $lastid, apply_filters( 'wpforo_rebuild_per_request’, 200 ) ) );1002 if( $topicids ) {1003 foreach( $topicids as $topicid ) {1004 $topic = WPF()->topic->get_topic( $topicid );1005 WPF()->topic->rebuild_first_last( $topic );1006 WPF()->topic->rebuild_stats( $topic );1007 }1008 wp_safe_redirect( htmlspecialchars_decode( wp_nonce_url( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) . ‘&wpfaction=reset_topics_stats&topic_lastid=’ . end( $topicids ) ), ‘wpforo_reset_topics_stat’ ) ) );1009 } else {1010 @WPF()->db->query(1011 “UPDATE `” . WPF()->tables->topics . “` t1012 INNER JOIN `” . WPF()->tables->posts . "` p ON p.`topicid` = t.`topicid` AND p.`is_answer` = 11013 SET t.`solved` = 11014 WHERE t.`solved` = 0"1015 );1016 WPF()->statistic_cache_clean();1017 WPF()->notice->add( 'Updated Successfully!’, ‘success’ );1018 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1019 }1020 exit();1021 }1022 }10231024 /**1025 * rebuild users statistics etc.1026 */1027 public function reset_users_stats() {1028 check_admin_referer( ‘wpforo_reset_users_stat’ );10291030 if( ! current_user_can( ‘administrator’ ) ) {1031 WPF()->notice->add( 'Permission denied’, ‘error’ );1032 wp_safe_redirect( admin_url() );1033 exit();1034 }10351036 if( $this->can_do() ) {1037 wpforo_set_max_execution_time();1038 wp_raise_memory_limit();10391040 $lastid = (int) wpfval( $_GET, ‘user_lastid’ );1041 $sql = "SELECT `userid` FROM " . WPF()->tables->profiles . " WHERE `userid` > %d ORDER BY `userid` ASC LIMIT %d";1042 $userids = WPF()->db->get_col( WPF()->db->prepare( $sql, $lastid, apply_filters( 'wpforo_rebuild_per_request’, 200 ) ) );1043 if( $userids ) {1044 foreach( $userids as $userid ) {1045 WPF()->member->rebuild_stats( $userid );1046 }10471048 wp_safe_redirect( htmlspecialchars_decode( wp_nonce_url( admin_url( ‘admin.php?page=wpforo-overview&wpfaction=reset_users_stats&user_lastid=’ . end( $userids ) ), ‘wpforo_reset_users_stat’ ) ) );1049 } else {1050 WPF()->notice->add( 'Updated Successfully!’, ‘success’ );1051 wp_safe_redirect( admin_url( ‘admin.php?page=wpforo-overview’ ) );1052 }1053 exit();1054 }1055 }10561057 /**1058 * rebuild 4 layout forum topics threads root1059 */1060 public function rebuild_threads() {1061 check_admin_referer( ‘wpforo_rebuild_threads’ );10621063 if( ! current_user_can( ‘administrator’ ) ) {1064 WPF()->notice->add( 'Permission denied’, ‘error’ );1065 wp_safe_redirect( admin_url() );1066 exit();1067 }10681069 wpforo_set_max_execution_time( 3600 );1070 wp_raise_memory_limit();10711072 WPF()->topic->rebuild_forum_threads();1073 wpforo_clean_cache();1074 WPF()->notice->add( 'Threads rebuilt successfully’, ‘success’ );10751076 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1077 exit();1078 }10791080 /**1081 * reset phrases cache from db1082 */1083 public function reset_phrase_cache() {1084 check_admin_referer( ‘wpforo_reset_phrase_cache’ );10851086 if( ! current_user_can( ‘administrator’ ) ) {1087 WPF()->notice->add( 'Permission denied’, ‘error’ );1088 wp_safe_redirect( admin_url() );1089 exit();1090 }10911092 wpforo_set_max_execution_time();1093 wp_raise_memory_limit();10941095 WPF()->phrase->clear_cache();1096 WPF()->notice->add( 'Deleted Successfully!’, ‘success’ );10971098 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1099 exit();1100 }11011102 /**1103 * recrawling phrases from all wpforo, wpforo-addons code files1104 */1105 public function recrawl_phrases() {1106 check_admin_referer( ‘wpforo_recrawl_phrases’ );11071108 if( ! current_user_can( ‘administrator’ ) ) {1109 WPF()->notice->add( 'Permission denied’, ‘error’ );1110 wp_safe_redirect( admin_url() );1111 exit();1112 }11131114 wpforo_set_max_execution_time();1115 wp_raise_memory_limit();11161117 WPF()->phrase->crawl_phrases();1118 WPF()->phrase->clear_cache();1119 WPF()->notice->clear();1120 WPF()->notice->add( 'Rebuilt Successfully!’, ‘success’ );11211122 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1123 exit();1124 }11251126 /**1127 * reset wpforo all caches (phrase, user, forum, post, stats) etc.1128 */1129 public function reset_all_caches() {1130 check_admin_referer( ‘wpforo_reset_cache’ );11311132 if( ! current_user_can( ‘administrator’ ) ) {1133 WPF()->notice->add( 'Permission denied’, ‘error’ );1134 wp_safe_redirect( admin_url() );1135 exit();1136 }11371138 wpforo_set_max_execution_time();1139 wp_raise_memory_limit();11401141 WPF()->member->clear_db_cache();1142 wpforo_clean_cache();11431144 // Flush WordPress Cache1145 wp_cache_flush();11461147 WPF()->notice->add( 'Deleted Successfully!’, ‘success’ );11481149 $redirect = ( is_admin() ) ? admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) : wpforo_home_url();1150 wp_safe_redirect( $redirect );1151 exit();1152 }11531154 /**1155 * Clean Up damaged content in database1156 */1157 public function clean_up() {1158 check_admin_referer( ‘wpforo_clean_up’ );11591160 if( ! current_user_can( ‘administrator’ ) ) {1161 WPF()->notice->add( 'Permission denied’, ‘error’ );1162 wp_safe_redirect( admin_url() );1163 exit();1164 }11651166 wpforo_set_max_execution_time();1167 wp_raise_memory_limit();11681169 wpforo_clean_up();1170 WPF()->notice->add( 'Cleaned Up!’, ‘success’ );11711172 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1173 exit();1174 }11751176 /**1177 * Flush Permalinks1178 */1179 public function flush_permalinks() {1180 check_admin_referer( ‘wpforo_flush_permalinks’ );11811182 if( ! current_user_can( ‘administrator’ ) ) {1183 WPF()->notice->add( 'Permission denied’, ‘error’ );1184 wp_safe_redirect( admin_url() );1185 exit();1186 }11871188 wpforo_set_max_execution_time();1189 wp_raise_memory_limit();11901191 if( ‘hard’ === wpfval( WPF()->GET, ‘flush_type’ ) ) {1192 $bk_time = time();1193 $current = get_option(‘rewrite_rules’);1194 update_option( ‘rewrite_rules_bk_’ . $bk_time, $current );1195 copy( ABSPATH . '/.htaccess’, ABSPATH . '/.htaccess-bk-' . $bk_time );1196 flush_rewrite_rules( true );1197 delete_option(‘rewrite_rules’);1198 } else {1199 flush_rewrite_rules( false );1200 }12011202 WPF()->phrase->clear_cache();1203 WPF()->notice->clear();1204 WPF()->notice->add( 'Flushed Successfully!’, ‘success’ );12051206 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );1207 exit();1208 }12091210 /**1211 * dashboard_options_save form submit action1212 */1213 public function dashboard_options_save() {1214 if( ! current_user_can( ‘administrator’ ) ) {1215 WPF()->notice->add( 'Permission denied’, ‘error’ );1216 wp_safe_redirect( admin_url() );1217 exit();1218 }1219 if( $dashboard_count_per_page = (int) wpfval( $_POST, ‘wpforo_dashboard_count_per_page’ ) ) {1220 wpforo_update_option( 'count_per_page’, $dashboard_count_per_page );1221 }1222 wp_safe_redirect( wpforo_get_request_uri() );1223 exit();1224 }12251226 /**1227 * checking accesses to forum admin menu pages settings etc…1228 */1229 public function check_dashboard_permissions() {1230 $page = wpfval( WPF()->GET, ‘page’ );1231 if( $page === wpforo_prefix_slug( ‘settings’ ) ) {1232 if( ! WPF()->usergroup->can( ‘ms’ ) ) {1233 WPF()->notice->add( 'Permission denied’, ‘error’ );1234 wp_safe_redirect( admin_url() );1235 exit();1236 }1237 }1238 }12391240 /**1241 * check if [wpforo] page has been deleted, restore or create new [wpforo] page1242 */1243 public function repair_lost_main_shortcode_page() {1244 if( wpfval( WPF()->GET, ‘page’ ) === wpforo_prefix_slug( ‘settings’ ) ) wpforo_repair_main_shortcode_page();1245 }12461247 /**1248 * add_new_xml_translation form submit action1249 */1250 public function add_new_xml_translation() {1251 check_admin_referer( ‘wpforo-settings-language’ );12521253 if( ! WPF()->usergroup->can( ‘ms’ ) ) {1254 WPF()->notice->add( 'Permission denied’, ‘error’ );1255 wp_safe_redirect( admin_url() );1256 exit();1257 }12581259 if( ! empty( $_FILES[‘add_lang’] ) ) {1260 WPF()->phrase->add_lang();1261 wpforo_clean_cache();1262 }1263 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘settings’ ) . ‘&tab=general’ ) );1264 exit();1265 }12661267 /**1268 * add_new_xml_translation form submit action1269 */1270 public function phrases_change_lang() {1271 check_admin_referer( ‘wpforo-phrases-change-language’ );12721273 if( $langid = (int) wpfval( $_POST, ‘langid’ ) ){1274 if( WPF()->phrase->set_language_status( $langid ) ){1275 WPF()->notice->add( 'Successfully updated’, ‘success’ );1276 }else{1277 WPF()->notice->add( 'Invalid request!’, ‘error’ );1278 }1279 }12801281 wp_safe_redirect( wp_get_raw_referer() );1282 exit();1283 }12841285 /**1286 * colors.css download action1287 */1288 public function colors_css_download() {1289 check_admin_referer( ‘dynamic_css_download’ );12901291 if( ! WPF()->usergroup->can( ‘ms’ ) ) {1292 WPF()->notice->add( 'Permission denied’, ‘error’ );1293 wp_safe_redirect( admin_url() );1294 exit();1295 }12961297 $dynamic_css = WPF()->tpl->generate_dynamic_css();1298 header( ‘Content-Type: application/download’ );1299 header( ‘Content-Disposition: attachment; filename="colors.css"’ );1300 header( ‘Content-Transfer-Encoding: binary’ );1301 header( "Content-Length: " . strlen( $dynamic_css ) );1302 echo $dynamic_css;1303 exit();1304 }130513061307 /**1308 * cleanup_options_save form submit action1309 */1310 public function cleanup_options_save() {1311 check_admin_referer( ‘wpforo-tools-cleanup’ );13121313 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1314 WPF()->notice->add( 'Permission denied’, ‘error’ );1315 wp_safe_redirect( admin_url() );1316 exit();1317 }13181319 if( ! wpfkey( $_POST, ‘reset’ ) ) {1320 if( $options = wpfval( $_POST, ‘wpforo_tools_cleanup’ ) ) {1321 if( wpforo_update_option( 'tools_cleanup’, $options ) ) {1322 WPF()->notice->add( 'Settings successfully updated’, ‘success’ );1323 }1324 }1325 } else {1326 wpforo_delete_option( ‘tools_cleanup’ );1327 WPF()->notice->add( 'Cleanup options reset successfully’, ‘success’ );1328 }13291330 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=cleanup’ ) );1331 exit();1332 }13331334 /**1335 * misc_options_save form submit action1336 */1337 public function misc_options_save() {1338 check_admin_referer( ‘wpforo-tools-misc’ );13391340 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1341 WPF()->notice->add( 'Permission denied’, ‘error’ );1342 wp_safe_redirect( admin_url() );1343 exit();1344 }13451346 if( ! wpfkey( $_POST, ‘reset’ ) ) {1347 if( $options = wpfval( $_POST, ‘wpforo_tools_misc’ ) ) {1348 $options[‘admin_note’] = wpforo_kses( $options[‘admin_note’] );1349 $options[‘admin_note_groups’] = ( wpfval( $_POST, 'wpforo_tools_misc’, ‘admin_note_groups’ ) ) ? array_map( 'intval’, $options[‘admin_note_groups’] ) : [];1350 $options[‘admin_note_pages’] = ( wpfval( $_POST, 'wpforo_tools_misc’, ‘admin_note_pages’ ) ) ? array_map( 'sanitize_textarea_field’, $options[‘admin_note_pages’] ) : [];1351 if( wpforo_update_option( 'tools_misc’, $options ) ) {1352 wpforo_clean_cache( ‘forum-soft’ );1353 WPF()->notice->add( 'Settings successfully updated’, ‘success’ );1354 }1355 }1356 } else {1357 wpforo_delete_option( ‘tools_misc’ );1358 WPF()->notice->add( 'Misc options reset successfully’, ‘success’ );1359 }13601361 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=misc’ ) );1362 exit();1363 }13641365 /**1366 * legal_options_save form submit action1367 */1368 public function legal_options_save() {1369 check_admin_referer( ‘wpforo-tools-legal’ );13701371 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1372 WPF()->notice->add( 'Permission denied’, ‘error’ );1373 wp_safe_redirect( admin_url() );1374 exit();1375 }13761377 if( ! wpfkey( $_POST, ‘reset’ ) ) {1378 if( $options = wpfval( $_POST, ‘wpforo_tools_legal’ ) ) {1379 $options[‘contact_page_url’] = esc_url( $options[‘contact_page_url’] );1380 $options[‘checkbox_terms_privacy’] = intval( $options[‘checkbox_terms_privacy’] );1381 $options[‘checkbox_email_password’] = intval( $options[‘checkbox_email_password’] );1382 $options[‘page_terms’] = esc_url( $options[‘page_terms’] );1383 $options[‘page_privacy’] = esc_url( $options[‘page_privacy’] );1384 $options[‘checkbox_forum_privacy’] = intval( $options[‘checkbox_forum_privacy’] );1385 $options[‘forum_privacy_text’] = wpforo_kses( $options[‘forum_privacy_text’], ‘post’ );1386 $options[‘checkbox_fb_login’] = intval( $options[‘checkbox_fb_login’] );1387 $options[‘cookies’] = intval( $options[‘cookies’] );1388 $options[‘rules_checkbox’] = intval( $options[‘rules_checkbox’] );1389 $options[‘rules_text’] = wpforo_kses( $options[‘rules_text’], ‘post’ );1390 if( wpforo_update_option( 'tools_legal’, $options ) ) {1391 WPF()->notice->add( 'Settings successfully updated’, ‘success’ );1392 }1393 }1394 } else {1395 wpforo_delete_option( ‘tools_legal’ );1396 WPF()->notice->add( 'Settings reset successfully’, ‘success’ );1397 }13981399 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=legal’ ) );1400 exit();1401 }14021403 /**1404 * delete detected spam file1405 */1406 public function delete_spam_file() {1407 check_admin_referer( ‘wpforo_tools_antispam_files’ );14081409 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1410 WPF()->notice->add( 'Permission denied’, ‘error’ );1411 wp_safe_redirect( admin_url() );1412 exit();1413 }14141415 if( $filename = trim( wpfval( $_GET, ‘sfname’ ) ) ) {1416 $filename = str_replace( [ '…/’, './’, ‘/’ ], '’, sanitize_file_name( $filename ) );1417 $filename = urldecode( $filename );1418 if( $filename ) {1419 $attachmentid = WPF()->post->get_attachment_id( ‘/’ . $filename );1420 if( ! wp_delete_attachment( $attachmentid ) ) {1421 @unlink( WPF()->folders[‘default_attachments’][‘dir’] . DIRECTORY_SEPARATOR . $filename );1422 }1423 WPF()->notice->add( 'Deleted’, ‘success’ );1424 }1425 }14261427 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=antispam’ ) );1428 exit();1429 }14301431 /**1432 * delete_all_spam_files all detected spam file using level attribute1433 */1434 public function delete_all_spam_files() {1435 check_admin_referer( ‘wpforo_tools_antispam_files’ );14361437 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1438 WPF()->notice->add( 'Permission denied’, ‘error’ );1439 wp_safe_redirect( admin_url() );1440 exit();1441 }14421443 if( $delete_level = (int) wpfval( $_GET, ‘level’ ) ) {1444 $default_attachments_dir = WPF()->folders[‘default_attachments’][‘dir’];1445 if( is_dir( $default_attachments_dir ) ) {1446 if( $handle = opendir( $default_attachments_dir ) ) {1447 while( false !== ( $filename = readdir( $handle ) ) ) {1448 if( $filename === ‘.’ || $filename === ‘…’ ) continue;1449 if( ! $level = WPF()->moderation->spam_file( $filename ) ) continue;1450 if( $delete_level === $level ) {1451 $attachmentid = WPF()->post->get_attachment_id( ‘/’ . $filename );1452 if( ! wp_delete_attachment( $attachmentid ) ) {1453 @unlink( $default_attachments_dir . DIRECTORY_SEPARATOR . $filename );1454 }1455 }1456 }1457 closedir( $handle );1458 WPF()->notice->add( 'Deleted’, ‘success’ );1459 }1460 }1461 }14621463 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=antispam’ ) );1464 exit();1465 }14661467 /**1468 * do database alter fixing using install.sql db-strukture1469 */1470 public function database_update() {1471 check_admin_referer( ‘wpforo_update_database’ );14721473 if( ! WPF()->usergroup->can( ‘mt’ ) ) {1474 WPF()->notice->add( 'Permission denied’, ‘error’ );1475 wp_safe_redirect( admin_url() );1476 exit();1477 }14781479 wpforo_set_max_execution_time( 3600 );14801481 wpforo_update_db();14821483 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘tools’ ) . ‘&tab=debug&view=tables’ ) );1484 exit();1485 }14861487 /**1488 * forum_add form submit action1489 */1490 public function forum_add() {1491 check_admin_referer( ‘wpforo-forum-add’ );14921493 if( ! WPF()->usergroup->can_manage_forum() ) {1494 WPF()->notice->add( 'Permission denied’, ‘error’ );1495 wp_safe_redirect( admin_url() );1496 exit();1497 }14981499 if( ! empty( $_REQUEST[‘forum’] ) ) {1500 WPF()->forum->add();1501 }15021503 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘forums’ ) ) );1504 exit();1505 }15061507 /**1508 * forum_edit form submit action1509 */1510 public function forum_edit() {1511 check_admin_referer( ‘wpforo-forum-edit’ );15121513 if( ! WPF()->usergroup->can_manage_forum() ) {1514 WPF()->notice->add( 'Permission denied’, ‘error’ );1515 wp_safe_redirect( admin_url() );1516 exit();1517 }15181519 if( ! empty( $_REQUEST[‘forum’] ) ) {1520 WPF()->forum->edit();1521 }15221523 wp_safe_redirect( wpforo_get_request_uri() );1524 exit();1525 }15261527 /**1528 * forum_delete form submit action1529 */1530 public function forum_delete() {1531 check_admin_referer( ‘wpforo-forum-delete’ );15321533 if( ! WPF()->usergroup->can_manage_forum() ) {1534 WPF()->notice->add( 'Permission denied’, ‘error’ );1535 wp_safe_redirect( admin_url() );1536 exit();1537 }15381539 $delete = (int) wpfval( $_REQUEST, 'forum’, ‘delete’ );1540 if( $delete === 1 ) {1541 WPF()->forum->delete( 0, false );1542 } elseif( $delete === 0 ) {1543 WPF()->forum->merge();1544 }15451546 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘forums’ ) ) );1547 exit();1548 }15491550 /**1551 * forum_hierarchy_save form submit action1552 */1553 public function forum_hierarchy_save() {1554 check_admin_referer( ‘wpforo-forums-hierarchy’ );15551556 if( ! WPF()->usergroup->can_manage_forum() ) {1557 WPF()->notice->add( 'Permission denied’, ‘error’ );1558 wp_safe_redirect( admin_url() );1559 exit();1560 }15611562 if( ! empty( $_REQUEST[‘forum’] ) ) {1563 WPF()->forum->update_hierarchy();1564 wpforo_clean_cache( ‘forum’ );1565 }15661567 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘forums’ ) ) );1568 exit();1569 }15701571 /**1572 * dashboard_post_unapprove action1573 */1574 public function dashboard_post_unapprove() {1575 $postid = wpfval( $_GET, ‘postid’ );1576 check_admin_referer( “wpforo-unapprove-post-{$postid}” );15771578 if( ! WPF()->usergroup->can( ‘aum’ ) ) {1579 WPF()->notice->add( 'Permission denied’, ‘error’ );1580 wp_safe_redirect( admin_url() );1581 exit();1582 }15831584 WPF()->moderation->post_unapprove( $postid );1585 wpforo_clean_cache( 'post’, $postid );15861587 wp_safe_redirect( wp_get_referer() );1588 exit();1589 }15901591 /**1592 * dashboard_post_approve action1593 */1594 public function dashboard_post_approve() {1595 $postid = wpfval( $_GET, ‘postid’ );1596 check_admin_referer( “wpforo-approve-post-{$postid}” );15971598 if( ! WPF()->usergroup->can( ‘aum’ ) ) {1599 WPF()->notice->add( 'Permission denied’, ‘error’ );1600 wp_safe_redirect( admin_url() );1601 exit();1602 }16031604 WPF()->moderation->post_approve( $postid );1605 wpforo_clean_cache( 'post’, $postid );16061607 wp_safe_redirect( wp_get_referer() );1608 exit();1609 }16101611 /**1612 * dashboard_post_delete action1613 */1614 public function dashboard_post_delete() {1615 $postid = wpfval( $_GET, ‘postid’ );1616 check_admin_referer( “wpforo-delete-post-{$postid}” );16171618 if( ! WPF()->usergroup->can( ‘aum’ ) ) {1619 WPF()->notice->add( 'Permission denied’, ‘error’ );1620 wp_safe_redirect( admin_url() );1621 exit();1622 }16231624 WPF()->post->delete( $postid );16251626 wp_safe_redirect( wp_get_referer() );1627 exit();1628 }16291630 /**1631 * doing bulk moderation actions ( approve, unapprove, delete )1632 */1633 public function bulk_moderation() {1634 check_admin_referer( ‘bulk-moderations’ );16351636 if( ! WPF()->usergroup->can( ‘aum’ ) ) {1637 WPF()->notice->add( 'Permission denied’, ‘error’ );1638 wp_safe_redirect( admin_url() );1639 exit();1640 }16411642 $u_action = $this->get_current_bulk_action();1643 $postids = (array) wpfval( $_GET, ‘postids’ );1644 if( $u_action && ! empty( $postids ) ) {1645 if( $u_action === ‘delete’ ) {1646 foreach( $postids as $postid ) WPF()->post->delete( $postid );1647 } elseif( $u_action === ‘approve’ ) {1648 foreach( $postids as $postid ) WPF()->moderation->post_approve( $postid );1649 } elseif( $u_action === ‘unapprove’ ) {1650 foreach( $postids as $postid ) WPF()->moderation->post_unapprove( $postid );1651 }1652 }16531654 wp_safe_redirect( wp_get_referer() );1655 exit();1656 }16571658 /**1659 * phrase_add form submit action1660 */1661 public function phrase_add() {1662 check_admin_referer( ‘wpforo-phrase-add’ );16631664 if( ! WPF()->usergroup->can( ‘mp’ ) ) {1665 WPF()->notice->add( 'Permission denied’, ‘error’ );1666 wp_safe_redirect( admin_url() );1667 exit();1668 }16691670 if( ! empty( $_POST[‘phrase’] ) ) {1671 WPF()->phrase->add();1672 }16731674 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘phrases’ ) ) );1675 exit();1676 }16771678 /**1679 * phrase_edit_form action redirect to phrase list page when phraseid(s) not chosen1680 */1681 public function phrase_edit_form() {1682 $phraseids = array_filter( array_map( 'intval’, array_merge( (array) wpfval( $_GET, ‘phraseid’ ), (array) wpfval( $_GET, ‘phraseids’ ) ) ) );1683 if( ! $phraseids ) {1684 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘phrases’ ) ) );1685 exit();1686 }1687 }16881689 /**1690 * phrase_edit form submit action1691 */1692 public function phrase_edit() {1693 check_admin_referer( ‘wpforo-phrases-edit’ );16941695 if( ! WPF()->usergroup->can( ‘mp’ ) ) {1696 WPF()->notice->add( 'Permission denied’, ‘error’ );1697 wp_safe_redirect( admin_url() );1698 exit();1699 }17001701 if( ! empty( $_POST[‘phrases’] ) ) {1702 WPF()->phrase->edit();1703 }17041705 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘phrases’ ) ) );1706 exit();1707 }17081709 /**1710 * user_ban action1711 */1712 public function user_ban() {1713 $userid = intval( wpfval( $_GET, ‘userid’ ) );1714 check_admin_referer( 'wpforo-user-ban-' . $userid );17151716 if( ! WPF()->usergroup->can( ‘vm’ ) || ! WPF()->usergroup->can( ‘bm’ ) || $userid === WPF()->current_userid ) {1717 WPF()->notice->add( 'Permission denied’, ‘error’ );1718 wp_safe_redirect( admin_url() );1719 exit();1720 }17211722 WPF()->member->ban( $userid );1723 wpforo_clean_cache( ‘user’ );17241725 wp_safe_redirect( wp_get_referer() );1726 exit();1727 }17281729 /**1730 * user_unban action1731 */1732 public function user_unban() {1733 $userid = intval( wpfval( $_GET, ‘userid’ ) );1734 check_admin_referer( 'wpforo-user-unban-' . $userid );17351736 if( ! WPF()->usergroup->can( ‘vm’ ) || ! WPF()->usergroup->can( ‘bm’ ) || $userid === WPF()->current_userid ) {1737 WPF()->notice->add( 'Permission denied’, ‘error’ );1738 wp_safe_redirect( admin_url() );1739 exit();1740 }17411742 WPF()->member->unban( $userid );1743 wpforo_clean_cache( ‘user’ );17441745 wp_safe_redirect( wp_get_referer() );1746 exit();1747 }17481749 /**1750 * user_activate action1751 */1752 public function user_activate() {1753 $userid = intval( wpfval( $_GET, ‘userid’ ) );1754 check_admin_referer( 'wpforo-user-activate-' . $userid );17551756 if( ! WPF()->usergroup->can( ‘vm’ ) || ! WPF()->usergroup->can( ‘bm’ ) || $userid === WPF()->current_userid ) {1757 WPF()->notice->add( 'Permission denied’, ‘error’ );1758 wp_safe_redirect( admin_url() );1759 exit();1760 }17611762 WPF()->member->activate( $userid );17631764 wp_safe_redirect( wp_get_referer() );1765 exit();1766 }17671768 /**1769 * user_deactivate action1770 */1771 public function user_deactivate() {1772 $userid = intval( wpfval( $_GET, ‘userid’ ) );1773 check_admin_referer( 'wpforo-user-deactivate-' . $userid );17741775 if( ! WPF()->usergroup->can( ‘vm’ ) || ! WPF()->usergroup->can( ‘bm’ ) || $userid === WPF()->current_userid ) {1776 WPF()->notice->add( 'Permission denied’, ‘error’ );1777 wp_safe_redirect( admin_url() );1778 exit();1779 }17801781 WPF()->member->deactivate( $userid );17821783 wp_safe_redirect( wp_get_referer() );1784 exit();1785 }17861787 public function user_ban_ajax() {1788 wpforo_verify_nonce( ‘wpforo_user_ban’ );1789 $userid = WPF()->current_object[‘user’][‘userid’];1790 $currentstate = (int) wpfval( $_POST, ‘currentstate’ );1791 if( $currentstate ){1792 $r = WPF()->member->unban( $userid );1793 }else{1794 $r = WPF()->member->ban( $userid );1795 }17961797 if( $r ){1798 wp_send_json_success( [1799 ‘currentstate’ => (int) !$currentstate,1800 ‘notice’ => WPF()->notice->get_notices(),1801 ] );1802 }else{1803 wp_send_json_error( [ ‘notice’ => WPF()->notice->get_notices() ] );1804 }1805 }18061807 public function get_member_template() {1808 wpforo_verify_nonce( ‘wpforo_get_member_template’ );1809 $href = wpfval( $_POST, ‘href’ );1810 WPF()->init_current_url( $href );1811 WPF()->init_current_object();1812 if( wpforo_is_member_template() ){1813 if( ( $template = WPF()->tpl->get_template( WPF()->current_object[‘template’] ) ) && $template[‘type’] === ‘callback’ && is_callable( $template[‘callback_for_page’] ) ){1814 ob_start();1815 echo call_user_func( $template[‘callback_for_page’], $template );1816 wp_send_json_success( [ ‘html’ => ob_get_clean() ] );1817 }1818 }1819 wp_send_json_error();1820 }18211822 public function search_existed_topics() {1823 if( !apply_filters('wpforo_topic_suggestion’, true ) ){1824 return null;1825 }1826 wpforo_verify_nonce( ‘wpforo_search_existed_topics’ );1827 $title = trim( wpfval( $_POST, ‘title’ ) );1828 $topicids = WPF()->topic->search( $title, ‘title’ );1829 if( $topicids ){1830 $topics = WPF()->topic->get_topics( [ ‘include’ => $topicids, ‘row_count’ => apply_filters( 'wpforo_suggested_topics_limit’, 5 ), ‘orderby’ => ‘created’ ] );1831 if( $topics ){1832 $topics = array_map( function( $topic ){1833 $topic[‘url’] = WPF()->topic->get_url( $topic );1834 return $topic;1835 }, $topics );18361837 wp_send_json_success( $topics );1838 }1839 }18401841 wp_send_json_error();1842 }18431844 public function user_delete() {1845 wpforo_verify_nonce( 'user_delete’, ‘full’ );1846 if(1847 WPF()->current_object[‘user’]1848 && ( $action = WPF()->member->get_action( WPF()->current_object[‘user’], ‘delete’ ) )1849 && is_callable( $action[‘callback_for_can’] )1850 && call_user_func( $action[‘callback_for_can’] )1851 ){1852 if( ! function_exists( ‘wp_delete_user’ ) ) require_once ABSPATH . "wp-admin/includes/user.php";1853 if( wp_delete_user( WPF()->current_object[‘user’][‘userid’] ) ){1854 WPF()->notice->add( 'User successfully deleted’, ‘success’ );1855 }else{1856 WPF()->notice->add( 'User delete error’, ‘error’ );1857 }1858 }else{1859 WPF()->notice->add( 'Permission denied for this action’, ‘error’ );1860 }18611862 wp_safe_redirect( wpforo_url( '’, ‘members’ ) );1863 exit();1864 }18651866 /**1867 * action after WordPress native deleted_user hook1868 *1869 * @param int $userid already deleted user ID1870 */1871 public function deleted_user( $userid, $reassign = null ) {1872 if( wpfval( $_REQUEST, ‘wpforo_user_delete_option’ ) === ‘reassign’ ){1873 WPF()->member->delete( $userid, wpforo_bigintval( wpfval( $_REQUEST, ‘wpforo_reassign_userid’ ) ) );1874 }elseif( wpfval( $_REQUEST, ‘wpforo_user_delete_option’ ) === ‘delete’ ){1875 WPF()->member->delete( $userid );1876 }elseif( $reassign ){1877 WPF()->member->delete( $userid, $reassign );1878 }else{1879 WPF()->member->delete( $userid, ( wpforo_setting( ‘authorization’, ‘user_delete_method’ ) === ‘soft’ ? 0 : null ) );1880 }1881 WPF()->notice->clear();1882 }18831884 /**1885 * doing bulk member actions ( ban, unban, delete )1886 */1887 public function bulk_members() {1888 check_admin_referer( ‘bulk-members’ );18891890 if( ! WPF()->usergroup->can( ‘vm’ ) ) {1891 WPF()->notice->add( ‘Permission denied’, ‘error’ );1892 wp_safe_redirect( admin_url() );1893 exit();1894 }18951896 $new_groupid = - 1;1897 if( ! empty( $_GET[‘new_groupid’] ) && $_GET[‘new_groupid’] !== '-1’ ) {1898 $new_groupid = intval( $_GET[‘new_groupid’] );1899 } elseif( ! empty( $_GET[‘new_groupid2’] ) && $_GET[‘new_groupid2’] !== '-1’ ) {1900 $new_groupid = intval( $_GET[‘new_groupid2’] );1901 }19021903 $u_action = $this->get_current_bulk_action();1904 if( in_array( $u_action, [ 'ban’, 'unban’, 'activate’, ‘deactivate’ ] ) && ! WPF()->usergroup->can( ‘bm’ ) ) {1905 WPF()->notice->add( 'Permission denied’, ‘error’ );1906 wp_safe_redirect( admin_url() );1907 exit();1908 } elseif( $u_action === ‘delete’ && ! WPF()->usergroup->can( ‘dm’ ) ) {1909 WPF()->notice->add( 'Permission denied’, ‘error’ );1910 wp_safe_redirect( admin_url() );1911 exit();1912 }19131914 $userids = (array) wpfval( $_GET, ‘userids’ );1915 $userids = array_filter( array_map( 'wpforo_bigintval’, $userids ) );1916 $userids = array_diff( $userids, (array) WPF()->current_userid );1917 if( $u_action && ! empty( $userids ) ) {1918 if( $u_action === ‘delete’ ) {1919 $url = self_admin_url( ‘users.php?action=delete&users[]=’ . implode( '&users[]=’, $userids ) );1920 $url = str_replace( '&’, '&’, wp_nonce_url( $url, ‘bulk-users’ ) );1921 wp_safe_redirect( $url );1922 exit();1923 } elseif( $u_action === ‘ban’ ) {1924 foreach( $userids as $userid ) {1925 WPF()->member->ban( $userid );1926 }1927 } elseif( $u_action === ‘unban’ ) {1928 foreach( $userids as $userid ) {1929 WPF()->member->unban( $userid );1930 }1931 } elseif( $u_action === ‘activate’ ) {1932 foreach( $userids as $userid ) {1933 WPF()->member->activate( $userid );1934 }1935 } elseif( $u_action === ‘deactivate’ ) {1936 foreach( $userids as $userid ) {1937 WPF()->member->deactivate( $userid );1938 }1939 }1940 } elseif( ! $u_action && wpfkey( $_GET, ‘change_group’ ) ) {1941 if( ! empty( $userids ) && $new_groupid !== - 1 ) {1942 $status = WPF()->usergroup->set_users_groupid( [ $new_groupid => $userids ] );1943 if( $status[‘success’] ) WPF()->notice->add( 'Usergroup is successfully changed for selected users’, ‘success’ );1944 } else {1945 WPF()->notice->add( 'Please select users and usergroup’, ‘error’ );1946 }1947 }1948 wpforo_clean_cache( ‘user’ );19491950 wp_safe_redirect( wp_get_referer() );1951 exit();1952 }19531954 /**1955 * usergroup_add form submit action1956 */1957 public function usergroup_add() {1958 check_admin_referer( ‘wpforo-usergroup-add’ );19591960 if( ! WPF()->usergroup->can( ‘vmg’ ) ) {1961 WPF()->notice->add( 'Permission denied’, ‘error’ );1962 wp_safe_redirect( admin_url() );1963 exit();1964 }19651966 if( ! empty( $_POST[‘usergroup’] ) ) {1967 $group = WPF()->usergroup->fix_group( $_POST[‘usergroup’] );1968 $color = wpfval( $group, ‘wpfugc’ ) ? ‘’ : sanitize_text_field( $group[‘color’] );1969 $groupid = WPF()->usergroup->add( $group[‘name’], $group[‘cans’], $group[‘description’], $group[‘role’], $group[‘access’], $color, $group[‘visible’], $group[‘secondary’] );1970 if( $groupid ) wpforo_clean_cache( 'loop’, $groupid );1971 }19721973 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘usergroups’ ) ) );1974 exit();1975 }19761977 /**1978 * usergroup_edit form submit action1979 */1980 public function usergroup_edit() {1981 check_admin_referer( ‘wpforo-usergroup-edit’ );19821983 if( ! WPF()->usergroup->can( ‘vmg’ ) ) {1984 WPF()->notice->add( 'Permission denied’, ‘error’ );1985 wp_safe_redirect( admin_url() );1986 exit();1987 }19881989 if( ! empty( $_POST[‘usergroup’] ) ) {1990 $group = WPF()->usergroup->fix_group( $_POST[‘usergroup’] );1991 $color = wpfval( $group, ‘wpfugc’ ) ? ‘’ : sanitize_text_field( $group[‘color’] );1992 WPF()->usergroup->edit( $group[‘groupid’], $group[‘name’], $group[‘cans’], $group[‘description’], $group[‘role’], null, $color, $group[‘visible’], $group[‘secondary’] );1993 wpforo_clean_cache( 'loop’, $group[‘groupid’] );1994 }19951996 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘usergroups’ ) ) );1997 exit();1998 }19992000 /**2001 * usergroup_delete form submit action2002 */2003 public function usergroup_delete() {2004 check_admin_referer( ‘wpforo-usergroup-delete’ );20052006 if( ! WPF()->usergroup->can( ‘vmg’ ) ) {2007 WPF()->notice->add( 'Permission denied’, ‘error’ );2008 wp_safe_redirect( admin_url() );2009 exit();2010 }20112012 if( wpfval( $_POST, 'usergroup’, ‘delete’ ) ) {2013 $args = [ ‘groupid’ => wpfval( $_POST, 'usergroup’, ‘groupid’ ) ];2014 if( $userids = WPF()->member->get_userids( $args ) ) {2015 $redirect_to = self_admin_url( ‘users.php?action=delete&users[]=’ . implode( '&users[]=’, $userids ) );2016 $redirect_to = str_replace( '&’, '&’, wp_nonce_url( $redirect_to, ‘bulk-users’ ) );2017 wp_safe_redirect( $redirect_to );2018 exit();2019 }2020 }20212022 if( ! empty( $_POST[‘usergroup’] ) ) {2023 WPF()->usergroup->delete( wpfval( $_POST[‘usergroup’], ‘groupid’ ), wpfval( $_POST[‘usergroup’], ‘mergeid’ ) );2024 wpforo_clean_cache( ‘user’ );2025 }20262027 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘usergroups’ ) ) );2028 exit();2029 }20302031 /**2032 * default_groupid_change action2033 */2034 public function default_groupid_change() {2035 $default_groupid = intval( wpfval( $_GET, ‘default_groupid’ ) );2036 check_admin_referer( 'wpforo-default-groupid-change-' . $default_groupid );20372038 if( ! WPF()->usergroup->can( ‘vmg’ ) ) {2039 WPF()->notice->add( 'Permission denied’, ‘error’ );2040 wp_safe_redirect( admin_url() );2041 exit();2042 }20432044 if( $default_groupid ) WPF()->usergroup->set_default( $default_groupid );20452046 wp_safe_redirect( wp_get_raw_referer() );2047 exit();2048 }20492050 /**2051 * prevent to show usergroup delete form when !$groupid || $groupid <= 52052 */2053 public function usergroup_delete_form() {2054 if( intval( wpfval( $_GET, ‘groupid’ ) ) <= 5 ) {2055 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘usergroups’ ) ) );2056 exit();2057 }2058 }20592060 /**2061 * access_add form submit action2062 */2063 public function access_add() {2064 check_admin_referer( ‘wpforo-access-add’ );20652066 if( ! WPF()->usergroup->can( ‘ms’ ) ) {2067 WPF()->notice->add( 'Permission denied’, ‘error’ );2068 wp_safe_redirect( admin_url() );2069 exit();2070 }20712072 if( ! empty( $_POST[‘access’] ) ) {2073 WPF()->perm->add( WPF()->perm->fix_access( $_POST[‘access’] ) );2074 }20752076 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘accesses’ ) ) );2077 exit();2078 }20792080 /**2081 * access_edit form submit action2082 */2083 public function access_edit() {2084 check_admin_referer( ‘wpforo-access-edit’ );20852086 if( ! WPF()->usergroup->can( ‘ms’ ) ) {2087 WPF()->notice->add( 'Permission denied’, ‘error’ );2088 wp_safe_redirect( admin_url() );2089 exit();2090 }20912092 if( ! empty( $_POST[‘access’] ) ) {2093 WPF()->perm->edit( WPF()->perm->fix_access( $_POST[‘access’] ) );2094 wpforo_clean_cache( ‘loop’ );2095 }20962097 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘accesses’ ) ) );2098 exit();2099 }21002101 /**2102 * access_delete form submit action2103 */2104 public function access_delete() {2105 $accessid = intval( wpfval( $_GET, ‘accessid’ ) );2106 check_admin_referer( 'wpforo-access-delete-' . $accessid );21072108 if( ! WPF()->usergroup->can( ‘ms’ ) ) {2109 WPF()->notice->add( 'Permission denied’, ‘error’ );2110 wp_safe_redirect( admin_url() );2111 exit();2112 }21132114 WPF()->perm->delete( $accessid );2115 wpforo_clean_cache( ‘loop’ );21162117 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘accesses’ ) ) );2118 exit();2119 }21202121 public function theme_activate() {2122 check_admin_referer( ‘wpforo-theme-activate’ );21232124 if( ! WPF()->usergroup->can( ‘mth’ ) ) {2125 WPF()->notice->add( 'Permission denied’, ‘error’ );2126 wp_safe_redirect( admin_url() );2127 exit();2128 }21292130 $notice = __( 'Theme file not readable’, ‘wpforo’ );2131 $notice_type = 'error’;2132 if( ( $theme = trim( sanitize_text_field( wpfval( $_GET, ‘theme’ ) ) ) ) && WPF()->tpl->theme_exists( $theme ) ) {2133 $general = WPF()->settings->general;2134 $general[‘current_theme’] = $theme;2135 wpforo_update_option( 'wpforo_general’, $general );2136 $notice = __( 'Theme Successfully Activated’, ‘wpforo’ );2137 $notice_type = 'success’;2138 }21392140 WPF()->notice->add( $notice, $notice_type );2141 wp_safe_redirect( wp_get_raw_referer() );2142 exit();2143 }21442145 /**2146 * theme_delete action2147 */2148 public function theme_delete() {2149 check_admin_referer( ‘wpforo-theme-delete’ );21502151 if( ! WPF()->usergroup->can( ‘mth’ ) ) {2152 WPF()->notice->add( 'Permission denied’, ‘error’ );2153 wp_safe_redirect( admin_url() );2154 exit();2155 }21562157 $notice = __( 'Theme delete error’, ‘wpforo’ );2158 $notice_type = 'error’;2159 if( $theme = trim( sanitize_text_field( wpfval( $_GET, ‘theme’ ) ) ) ) {2160 if( WPF()->tpl->theme !== $theme ) {2161 $remove_dir = WPFORO_THEME_DIR . ‘/’ . $theme;2162 if( is_dir( $remove_dir ) ) {2163 wpforo_remove_directory( $remove_dir );2164 $notice = __( 'Theme delete success’, ‘wpforo’ );2165 $notice_type = 'success’;2166 }2167 }2168 }21692170 WPF()->notice->add( $notice, $notice_type );2171 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘themes’ ) ) );2172 exit();2173 }21742175 /**2176 * update wpForo addons CSS styles to make compatible with the current version of wpForo2177 */2178 function update_addons_css() {2179 check_admin_referer( ‘wpforo-update-addons-css’ );2180 wpforo_wrap_in_all_addons_css();2181 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘settings’ ) ) );2182 exit();2183 }21842185 /**2186 * dissmiss the poll version is old notification for admins2187 */2188 public function dissmiss_poll_version_is_old() {2189 check_admin_referer( ‘wpforo-dissmiss-poll-version-is-old’ );2190 WPF()->dissmissed[‘poll_version_is_old’] = 1;2191 wpforo_update_option( 'dissmissed’, WPF()->dissmissed );2192 wp_safe_redirect( admin_url( ‘admin.php?page=’ . wpforo_prefix_slug( ‘dashboard’ ) ) );2193 exit();2194 }21952196 /**2197 * dissmiss the recaptcha not configured notification for admins2198 */2199 public function dissmiss_recaptcha_note() {2200 if( wpfval( $_POST, ‘backend’ ) ) {2201 WPF()->dissmissed[‘recaptcha_backend_note’] = 1;2202 } else {2203 WPF()->dissmissed[‘recaptcha_note’] = 1;2204 }2205 $response = wpforo_update_option( 'dissmissed’, WPF()->dissmissed );2206 if( $response ) {2207 wp_send_json_success();2208 } else {2209 wp_send_json_error();2210 }2211 }22122213 /**2214 * wpforo before deactivate action2215 */2216 public function deactivate() {2217 $response = [ ‘code’ => 0 ];2218 $json = filter_input( INPUT_POST, ‘deactivateData’ );2219 if( $json ) {2220 parse_str( $json, $data );22212222 $blogTitle = get_option( ‘blogname’ );2223 $to = '[email protected]’;2224 $subject = '[wpForo Feedback - ' . WPFORO_VERSION . ']';2225 $headers = [];2226 $contentType = 'text/html’;2227 $fromName = apply_filters( 'wp_mail_from_name’, $blogTitle );2228 $fromName = html_entity_decode( $fromName, ENT_QUOTES );2229 $siteUrl = get_site_url();2230 $parsedUrl = parse_url( $siteUrl );2231 $domain = isset( $parsedUrl[‘host’] ) ? $parsedUrl[‘host’] : '’;2232 $fromEmail = ‘no-reply@’ . $domain;2233 $headers[] = "Content-Type: $contentType; charset=UTF-8";2234 $headers[] = “From: " . $fromName . " <” . $fromEmail . "> \r\n";2235 $message = "Dismiss and never show again";22362237 if( isset( $data[‘never_show’] ) && ( $v = intval( $data[‘never_show’] ) ) ) {2238 wpforo_update_option( 'deactivation_dialog_never_show’, $v );2239 $response[‘code’] = 'dismiss_and_deactivate’;2240 } elseif( isset( $data[‘deactivation_reason’] ) && ( $reason = trim( $data[‘deactivation_reason’] ) ) ) {2241 $subject .= ' - ' . $reason;2242 $message = "<strong>Deactivation reason:</strong> " . $reason . “\r\n” . "<br/>";2243 if( isset( $data[‘deactivation_reason_desc’] ) && ( $reasonDesc = trim( $data[‘deactivation_reason_desc’] ) ) ) {2244 $message .= "<strong>Deactivation reason description:</strong> " . $reasonDesc . “\r\n” . "<br/>";2245 }2246 if( isset( $data[‘deactivation_feedback_email’] ) && ( $feedback_email = trim( $data[‘deactivation_feedback_email’] ) ) ) {2247 $to = '[email protected]’;2248 $message .= "<strong>Feedback Email:</strong> " . $feedback_email . “\r\n” . "<br/>";2249 }2250 $subject = html_entity_decode( $subject, ENT_QUOTES );2251 $message = html_entity_decode( $message, ENT_QUOTES );2252 $response[‘code’] = 'send_and_deactivate’;2253 }22542255 wp_mail( $to, $subject, $message, $headers );2256 }2257 wp_die( json_encode( $response ) );2258 }22592260 /**2261 * base_slugs_settings_save from submit action2262 *2263 * @return void2264 */2265 public function base_slugs_settings_save() {2266 check_admin_referer( ‘wpforo_settings_save_general’ );22672268 if( wpfkey( $_POST, ‘reset’ ) ) {2269 wpforo_delete_option( ‘wpforo_base_slugs’ );2270 WPF()->notice->add( 'Successfully Done’, ‘success’ );2271 } else {2272 $slugs = wpforo_array_args_cast_and_merge( array_filter( array_map( 'sanitize_title’, wp_unslash( $_POST[‘slugs’] ) ) ), WPF()->settings->_slugs );2273 $slugs = array_intersect_key($slugs, WPF()->settings->_slugs);2274 $slugs = array_diff_key( $slugs, WPF()->tpl->templates );2275 if( $slugs == array_unique( $slugs ) ){2276 wpforo_update_option( 'wpforo_base_slugs’, $slugs );2277 WPF()->notice->add( 'Successfully Done’, ‘success’ );2278 }else{2279 WPF()->notice->add( 'Please save “Forum template slugs” uniqueness’, ‘error’ );2280 }2281 }22822283 /*wp_safe_redirect( wp_get_raw_referer() );2284 exit();*/2285 }22862287 /**2288 * general_settings_save from submit action2289 *2290 * @return void2291 */2292 public function general_settings_save() {2293 check_admin_referer( ‘wpforo_settings_save_general’ );22942295 if( wpfkey( $_POST, ‘reset’ ) ) {2296 wpforo_delete_option( ‘wpforo_general’ );2297 } else {2298 $general = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘general’] ), WPF()->settings->_general );2299 $general[‘admin_bar’] = array_map( 'intval’, (array) wpfval( $_POST[‘general’], ‘admin_bar’ ) );2300 $general[‘current_theme’] = WPF()->tpl->theme;2301 wpforo_update_option( 'wpforo_general’, $general );2302 }23032304 WPF()->notice->add( 'Successfully Done’, ‘success’ );2305 wp_safe_redirect( wp_get_raw_referer() );2306 exit();2307 }23082309 /**2310 * base_slugs_settings_save from submit action2311 *2312 * @return void2313 */2314 public function slugs_settings_save() {2315 check_admin_referer( ‘wpforo_settings_save_board’ );23162317 if( wpfkey( $_POST, ‘reset’ ) ) {2318 wpforo_delete_option( ‘slugs’ );2319 WPF()->notice->add( 'Successfully Done’, ‘success’ );2320 } else {2321 $slugs = wpforo_array_args_cast_and_merge( array_filter( array_map( 'sanitize_title’, wp_unslash( $_POST[‘slugs’] ) ) ), WPF()->settings->_slugs );2322 $slugs = array_intersect_key($slugs, WPF()->tpl->templates);2323 if( $slugs == array_unique( $slugs ) ){2324 foreach( $this->generate_option_names( ‘slugs’ ) as $option_name ) {2325 wpforo_update_option( $option_name, $slugs );2326 }2327 WPF()->notice->add( 'Successfully Done’, ‘success’ );2328 }else{2329 WPF()->notice->add( 'Please save “Forum template slugs” uniqueness’, ‘error’ );2330 }2331 }23322333 /*wp_safe_redirect( wp_get_raw_referer() );2334 exit();*/2335 }23362337 /**2338 * general_settings_save from submit action2339 *2340 * @return void2341 */2342 public function board_settings_save() {2343 check_admin_referer( ‘wpforo_settings_save_board’ );23442345 if( wpfkey( $_POST, ‘reset’ ) ) {2346 wpforo_delete_option( ‘board’ );2347 } else {2348 $board = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘board’] ), WPF()->settings->_board );2349 foreach( $this->generate_option_names( ‘board’ ) as $option_name ) {2350 wpforo_update_option( $option_name, $board );2351 }2352 }23532354 wpforo_clean_cache();23552356 WPF()->notice->add( 'Successfully Done’, ‘success’ );2357 wp_safe_redirect( wp_get_raw_referer() );2358 exit();2359 }23602361 /**2362 * akismet_settings_save from submit action2363 *2364 * @return void2365 */2366 public function akismet_settings_save() {2367 check_admin_referer( ‘wpforo_settings_save_akismet’ );23682369 if( wpfkey( $_POST, ‘reset’ ) ) {2370 wpforo_delete_option( ‘akismet’ );2371 } else {2372 $akismet = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘akismet’] ), WPF()->settings->_akismet );2373 foreach( $this->generate_option_names( ‘akismet’ ) as $option_name ) {2374 wpforo_update_option( $option_name, $akismet );2375 }2376 }23772378 WPF()->notice->add( 'Successfully Done’, ‘success’ );2379 wp_safe_redirect( wp_get_raw_referer() );2380 exit();2381 }23822383 /**2384 * antispam_settings_save from submit action2385 *2386 * @return void2387 */2388 public function antispam_settings_save() {2389 check_admin_referer( ‘wpforo_settings_save_antispam’ );23902391 if( wpfkey( $_POST, ‘reset’ ) ) {2392 wpforo_delete_option( ‘antispam’ );2393 } else {2394 $antispam = wp_unslash( $_POST[‘antispam’] );2395 $antispam[‘limited_file_ext’] = array_unique( array_filter( preg_split( '#\s*\|\s*|\s*,\s*|\s+#’, trim( sanitize_textarea_field( (string) wpfval( $antispam, ‘limited_file_ext’ ) ) ) ) ) );2396 $antispam[‘exclude_file_ext’] = array_unique( array_filter( preg_split( '#\s*\|\s*|\s*,\s*|\s+#’, trim( sanitize_textarea_field( (string) wpfval( $antispam, ‘exclude_file_ext’ ) ) ) ) ) );2397 $antispam = wpforo_array_args_cast_and_merge( $antispam, WPF()->settings->_antispam );2398 foreach( $this->generate_option_names( ‘antispam’ ) as $option_name ) {2399 wpforo_update_option( $option_name, $antispam );2400 }2401 }24022403 WPF()->notice->add( 'Successfully Done’, ‘success’ );2404 wp_safe_redirect( wp_get_raw_referer() );2405 exit();2406 }24072408 /**2409 * authorization_settings_save after submit action2410 *2411 * @return void2412 */2413 public function authorization_settings_save() {2414 check_admin_referer( ‘wpforo_settings_save_authorization’ );24152416 if( wpfkey( $_POST, ‘reset’ ) ) {2417 wpforo_delete_option( ‘wpforo_authorization’ );2418 } else {2419 $authorization = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘authorization’] ), WPF()->settings->_authorization );24202421 if( preg_match( '#^https?://\S+$#iu’, $authorization[‘login_url’] ) ) $authorization[‘login_url’] = '’;2422 if( preg_match( '#^https?://\S+$#iu’, $authorization[‘register_url’] ) ) $authorization[‘register_url’] = '’;2423 if( preg_match( '#^https?://\S+$#iu’, $authorization[‘lost_password_url’] ) ) $authorization[‘lost_password_url’] = '’;24242425 if( ! preg_match( '#^https?://\S+$#iu’, $authorization[‘redirect_url_after_login’] ) ) $authorization[‘redirect_url_after_login’] = '’;2426 if( ! preg_match( '#^https?://\S+$#iu’, $authorization[‘redirect_url_after_register’] ) ) $authorization[‘redirect_url_after_register’] = '’;2427 if( ! preg_match( '#^https?://\S+$#iu’, $authorization[‘redirect_url_after_confirm_sbscrb’] ) ) $authorization[‘redirect_url_after_confirm_sbscrb’] = '’;24282429 $authorization[‘login_url’] = esc_url_raw( $authorization[‘login_url’] );2430 $authorization[‘register_url’] = esc_url_raw( $authorization[‘register_url’] );2431 $authorization[‘lost_password_url’] = esc_url_raw( $authorization[‘lost_password_url’] );2432 $authorization[‘redirect_url_after_login’] = esc_url_raw( $authorization[‘redirect_url_after_login’] );2433 $authorization[‘redirect_url_after_register’] = esc_url_raw( $authorization[‘redirect_url_after_register’] );2434 $authorization[‘redirect_url_after_confirm_sbscrb’] = esc_url_raw( $authorization[‘redirect_url_after_confirm_sbscrb’] );2435 $authorization[‘fb_api_id’] = sanitize_text_field( $authorization[‘fb_api_id’] );2436 $authorization[‘fb_api_secret’] = sanitize_text_field( $authorization[‘fb_api_secret’] );2437 $authorization[‘fb_redirect_url’] = esc_url_raw( $authorization[‘fb_redirect_url’] );24382439 wpforo_update_option( 'wpforo_authorization’, $authorization );2440 }24412442 WPF()->notice->add( 'Successfully Done’, ‘success’ );2443 wp_safe_redirect( wp_get_raw_referer() );2444 exit();2445 }24462447 /**2448 * buddypress_settings_save from submit action2449 *2450 * @return void2451 */2452 public function buddypress_settings_save() {2453 check_admin_referer( ‘wpforo_settings_save_buddypress’ );24542455 if( wpfkey( $_POST, ‘reset’ ) ) {2456 wpforo_delete_option( ‘wpforo_buddypress’ );2457 } else {2458 $buddypress = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘buddypress’] ), WPF()->settings->_buddypress );2459 wpforo_update_option( 'wpforo_buddypress’, $buddypress );2460 }24612462 WPF()->notice->add( 'Successfully Done’, ‘success’ );2463 wp_safe_redirect( wp_get_raw_referer() );2464 exit();2465 }24662467 /**2468 * components_settings_save from submit action2469 *2470 * @return void2471 */2472 public function components_settings_save() {2473 check_admin_referer( ‘wpforo_settings_save_components’ );24742475 if( wpfkey( $_POST, ‘reset’ ) ) {2476 wpforo_delete_option( ‘components’ );2477 } else {2478 $components = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘components’] ), WPF()->settings->_components );2479 foreach( $this->generate_option_names( ‘components’ ) as $option_name ) {2480 wpforo_update_option( $option_name, $components );2481 }2482 }24832484 WPF()->notice->add( 'Successfully Done’, ‘success’ );2485 wp_safe_redirect( wp_get_raw_referer() );2486 exit();2487 }24882489 /**2490 * email_settings_save from submit action2491 *2492 * @return void2493 */2494 public function email_settings_save() {2495 check_admin_referer( ‘wpforo_settings_save_email’ );24962497 if( wpfkey( $_POST, ‘reset’ ) ) {2498 wpforo_delete_option( ‘wpforo_email’ );2499 } else {2500 $email = wp_unslash( $_POST[‘email’] );2501 $email[‘admin_emails’] = sanitize_text_field( $email[‘admin_emails’] );2502 $email[‘admin_emails’] = array_map( 'sanitize_email’, preg_split('#\s*,\s*#u’, trim($email[‘admin_emails’])) );2503 $email[‘admin_emails’] = array_filter( $email[‘admin_emails’] );2504 if( !$email[‘admin_emails’] ) $email[‘admin_emails’] = (array) get_option( ‘admin_email’ );2505 $email = wpforo_array_args_cast_and_merge( $email, WPF()->settings->_email );25062507 $email[‘from_name’] = sanitize_text_field( $email[‘from_name’] );2508 $email[‘from_email’] = sanitize_text_field( $email[‘from_email’] );2509 $email[‘report_email_subject’] = sanitize_text_field( $email[‘report_email_subject’] );2510 $email[‘report_email_message’] = wpforo_kses( $email[‘report_email_message’], ‘email’ );2511 $email[‘wp_new_user_notification_email_admin_subject’] = sanitize_text_field( $email[‘wp_new_user_notification_email_admin_subject’] );2512 $email[‘wp_new_user_notification_email_admin_message’] = wpforo_kses( $email[‘wp_new_user_notification_email_admin_message’], ‘email’ );2513 $email[‘wp_new_user_notification_email_subject’] = sanitize_text_field( $email[‘wp_new_user_notification_email_subject’] );2514 $email[‘wp_new_user_notification_email_message’] = wpforo_kses( $email[‘wp_new_user_notification_email_message’], ‘email’ );2515 $email[‘reset_password_email_message’] = wpforo_kses( $email[‘reset_password_email_message’], ‘email’ );2516 $email[‘after_user_approve_email_subject’] = sanitize_text_field( $email[‘after_user_approve_email_subject’] );2517 $email[‘after_user_approve_email_message’] = wpforo_kses( $email[‘after_user_approve_email_message’], ‘email’ );25182519 wpforo_update_option( 'wpforo_email’, $email );2520 }25212522 WPF()->notice->add( 'Successfully Done’, ‘success’ );2523 wp_safe_redirect( wp_get_raw_referer() );2524 exit();2525 }25262527 /**2528 * forums_settings_save from submit action2529 *2530 * @return void2531 */2532 public function forums_settings_save() {2533 check_admin_referer( ‘wpforo_settings_save_forums’ );25342535 if( wpfkey( $_POST, ‘reset’ ) ) {2536 wpforo_delete_option( ‘forums’ );2537 } else {2538 $forums = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘forums’] ), WPF()->settings->_forums );2539 foreach( $this->generate_option_names( ‘forums’ ) as $option_name ) {2540 wpforo_update_option( $option_name, $forums );2541 }2542 }25432544 WPF()->notice->add( 'Successfully Done’, ‘success’ );2545 wp_safe_redirect( wp_get_raw_referer() );2546 exit();2547 }25482549 /**2550 * logging_settings_save from submit action2551 *2552 * @return void2553 */2554 public function logging_settings_save() {2555 check_admin_referer( ‘wpforo_settings_save_logging’ );25562557 if( wpfkey( $_POST, ‘reset’ ) ) {2558 wpforo_delete_option( ‘logging’ );2559 } else {2560 $logging = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘logging’] ), WPF()->settings->_logging );2561 foreach( $this->generate_option_names( ‘logging’ ) as $option_name ) {2562 wpforo_update_option( $option_name, $logging );2563 }2564 }25652566 WPF()->notice->add( 'Successfully Done’, ‘success’ );2567 wp_safe_redirect( wp_get_raw_referer() );2568 exit();2569 }25702571 /**2572 * members_settings_save from submit action2573 *2574 * @return void2575 */2576 public function members_settings_save() {2577 check_admin_referer( ‘wpforo_settings_save_members’ );25782579 if( wpfkey( $_POST, ‘reset’ ) ) {2580 wpforo_delete_option( ‘wpforo_members’ );2581 } else {2582 $members = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘members’] ), WPF()->settings->_members );2583 wpforo_update_option( 'wpforo_members’, $members );2584 }25852586 WPF()->notice->add( 'Successfully Done’, ‘success’ );2587 wp_safe_redirect( wp_get_raw_referer() );2588 exit();2589 }25902591 /**2592 * notifications_settings_save from submit action2593 *2594 * @return void2595 */2596 public function notifications_settings_save() {2597 check_admin_referer( ‘wpforo_settings_save_notifications’ );25982599 if( wpfkey( $_POST, ‘reset’ ) ) {2600 wpforo_delete_option( ‘notifications’ );2601 } else {2602 $notifications = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘notifications’] ), WPF()->settings->_notifications );2603 foreach( $this->generate_option_names( ‘notifications’ ) as $option_name ) {2604 wpforo_update_option( $option_name, $notifications );2605 }2606 }26072608 WPF()->notice->add( 'Successfully Done’, ‘success’ );2609 wp_safe_redirect( wp_get_raw_referer() );2610 exit();2611 }26122613 /**2614 * posting_settings_save from submit action2615 *2616 * @return void2617 */2618 public function posting_settings_save() {2619 check_admin_referer( ‘wpforo_settings_save_posting’ );26202621 if( wpfkey( $_POST, ‘reset’ ) ) {2622 wpforo_delete_option( ‘posting’ );2623 } else {2624 $posting = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘posting’] ), WPF()->settings->_posting );2625 $posting[‘max_upload_size’] = $posting[‘max_upload_size’] * 1024 * 1024;2626 $posting[‘edit_own_topic_durr’] = $posting[‘edit_own_topic_durr’] * 60;2627 $posting[‘delete_own_topic_durr’] = $posting[‘delete_own_topic_durr’] * 60;2628 $posting[‘edit_own_post_durr’] = $posting[‘edit_own_post_durr’] * 60;2629 $posting[‘delete_own_post_durr’] = $posting[‘delete_own_post_durr’] * 60;2630 $posting[‘extra_html_tags’] = sanitize_textarea_field( $posting[‘extra_html_tags’] );2631 foreach( $this->generate_option_names( ‘posting’ ) as $option_name ) {2632 wpforo_update_option( $option_name, $posting );2633 }2634 }26352636 WPF()->notice->add( 'Successfully Done’, ‘success’ );2637 wp_safe_redirect( wp_get_raw_referer() );2638 exit();2639 }26402641 /**2642 * profiles_settings_save from submit action2643 *2644 * @return void2645 */2646 public function profiles_settings_save() {2647 check_admin_referer( ‘wpforo_settings_save_profiles’ );26482649 if( wpfkey( $_POST, ‘reset’ ) ) {2650 wpforo_delete_option( ‘wpforo_profiles’ );2651 } else {2652 $profiles = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘profiles’] ), WPF()->settings->_profiles );2653 $profiles[‘default_cover’] = WPF()->settings->profiles[‘default_cover’];2654 $profiles[‘default_title’] = sanitize_text_field( $profiles[‘default_title’] );2655 $profiles[‘online_status_timeout’] = $profiles[‘online_status_timeout’] * 60;2656 $profiles[‘title_groupids’] = array_map( 'intval’, (array) wpfval( $_POST[‘profiles’], ‘title_groupids’ ) );2657 $profiles[‘title_secondary_groupids’] = array_map( 'intval’, (array) wpfval( $_POST[‘profiles’], ‘title_secondary_groupids’ ) );2658 wpforo_update_option( 'wpforo_profiles’, $profiles );2659 }26602661 WPF()->notice->add( 'Successfully Done’, ‘success’ );2662 wp_safe_redirect( wp_get_raw_referer() );2663 exit();2664 }26652666 /**2667 * rating_settings_save from submit action2668 *2669 * @return void2670 */2671 public function rating_settings_save() {2672 check_admin_referer( ‘wpforo_settings_save_rating’ );26732674 if( wpfkey( $_POST, ‘reset’ ) ) {2675 wpforo_delete_option( ‘wpforo_rating’ );2676 } else {2677 $rating = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘rating’] ), WPF()->settings->_rating );2678 $rating[‘rating_title_ug’] = array_map( 'intval’, (array) wpfval( $_POST[‘rating’], ‘rating_title_ug’ ) );2679 $rating[‘rating_badge_ug’] = array_map( 'intval’, (array) wpfval( $_POST[‘rating’], ‘rating_badge_ug’ ) );2680 wpforo_update_option( 'wpforo_rating’, $rating );2681 }26822683 WPF()->notice->add( 'Successfully Done’, ‘success’ );2684 wp_safe_redirect( wp_get_raw_referer() );2685 exit();2686 }26872688 /**2689 * recaptcha_settings_save from submit action2690 *2691 * @return void2692 */2693 public function recaptcha_settings_save() {2694 check_admin_referer( ‘wpforo_settings_save_recaptcha’ );26952696 if( wpfkey( $_POST, ‘reset’ ) ) {2697 wpforo_delete_option( ‘wpforo_recaptcha’ );2698 } else {2699 $recaptcha = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘recaptcha’] ), WPF()->settings->_recaptcha );2700 $recaptcha[‘site_key’] = sanitize_text_field( $recaptcha[‘site_key’] );2701 $recaptcha[‘secret_key’] = sanitize_text_field( $recaptcha[‘secret_key’] );2702 wpforo_update_option( 'wpforo_recaptcha’, $recaptcha );2703 }27042705 WPF()->notice->add( 'Successfully Done’, ‘success’ );2706 wp_safe_redirect( wp_get_raw_referer() );2707 exit();2708 }27092710 /**2711 * rss_settings_save from submit action2712 *2713 * @return void2714 */2715 public function rss_settings_save() {2716 check_admin_referer( ‘wpforo_settings_save_rss’ );27172718 if( wpfkey( $_POST, ‘reset’ ) ) {2719 wpforo_delete_option( ‘rss’ );2720 } else {2721 $rss = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘rss’] ), WPF()->settings->_rss );2722 foreach( $this->generate_option_names( ‘rss’ ) as $option_name ) {2723 wpforo_update_option( $option_name, $rss );2724 }2725 }27262727 WPF()->notice->add( 'Successfully Done’, ‘success’ );2728 wp_safe_redirect( wp_get_raw_referer() );2729 exit();2730 }27312732 /**2733 * seo_settings_save from submit action2734 *2735 * @return void2736 */2737 public function seo_settings_save() {2738 check_admin_referer( ‘wpforo_settings_save_seo’ );27392740 if( wpfkey( $_POST, ‘reset’ ) ) {2741 wpforo_delete_option( ‘seo’ );2742 } else {2743 $seo = wp_unslash( $_POST[‘seo’] );2744 $seo[‘dofollow’] = array_filter( preg_split( '#\s+#’, sanitize_textarea_field( (string) wpfval( $seo, ‘dofollow’ ) ) ) );2745 $seo[‘noindex’] = array_filter( preg_split( '#\s+#’, sanitize_textarea_field( (string) wpfval( $seo, ‘noindex’ ) ) ) );2746 $seo[‘noindex’] = array_map( 'esc_url_raw’, $seo[‘noindex’] );2747 $seo = wpforo_array_args_cast_and_merge( $seo, WPF()->settings->_seo );2748 foreach( $this->generate_option_names( ‘seo’ ) as $option_name ) {2749 wpforo_update_option( $option_name, $seo );2750 }2751 wpforo_clean_cache( ‘forum-soft’ );2752 }27532754 WPF()->notice->add( 'Successfully Done’, ‘success’ );2755 wp_safe_redirect( wp_get_raw_referer() );2756 exit();2757 }27582759 /**2760 * social_settings_save from submit action2761 *2762 * @return void2763 */2764 public function social_settings_save() {2765 check_admin_referer( ‘wpforo_settings_save_social’ );27662767 if( wpfkey( $_POST, ‘reset’ ) ) {2768 wpforo_delete_option( ‘social’ );2769 } else {2770 $social = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘social’] ), WPF()->settings->_social );2771 $social[‘sb’] = wpforo_array_args_cast_and_merge( (array) wpfval( $_POST[‘social’], ‘sb’ ), array_map( '__return_false’, WPF()->settings->_social[‘sb’] ) );2772 $social[‘sb_location’] = wpforo_array_args_cast_and_merge( (array) wpfval( $_POST[‘social’], ‘sb_location’ ), array_map( '__return_false’, WPF()->settings->_social[‘sb_location’] ) );2773 foreach( $this->generate_option_names( ‘social’ ) as $option_name ) {2774 wpforo_update_option( $option_name, $social );2775 }2776 }27772778 WPF()->notice->add( 'Successfully Done’, ‘success’ );2779 wp_safe_redirect( wp_get_raw_referer() );2780 exit();2781 }27822783 /**2784 * styles_settings_save from submit action2785 *2786 * @return void2787 */2788 public function styles_settings_save() {2789 check_admin_referer( ‘wpforo_settings_save_styles’ );27902791 if( wpfkey( $_POST, ‘reset’ ) ) {2792 wpforo_delete_option( ‘styles_’ . WPF()->tpl->theme );2793 } else {2794 $styles = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘styles’] ), WPF()->settings->_styles );2795 $styles[‘custom_css’] = sanitize_textarea_field( $styles[‘custom_css’] );2796 foreach( $this->generate_option_names( ‘styles_’ . WPF()->tpl->theme ) as $option_name ) {2797 wpforo_update_option( $option_name, $styles );2798 }2799 }28002801 WPF()->notice->add( 'Successfully Done’, ‘success’ );2802 wp_safe_redirect( wp_get_raw_referer() );2803 exit();2804 }28052806 /**2807 * tags_settings_save from submit action2808 *2809 * @return void2810 */2811 public function tags_settings_save() {2812 check_admin_referer( ‘wpforo_settings_save_tags’ );28132814 if( wpfkey( $_POST, ‘reset’ ) ) {2815 wpforo_delete_option( ‘tags’ );2816 } else {2817 $tags = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘tags’] ), WPF()->settings->_tags );2818 foreach( $this->generate_option_names( ‘tags’ ) as $option_name ) {2819 wpforo_update_option( $option_name, $tags );2820 }2821 }28222823 WPF()->notice->add( 'Successfully Done’, ‘success’ );2824 wp_safe_redirect( wp_get_raw_referer() );2825 exit();2826 }28272828 /**2829 * topics_settings_save from submit action2830 *2831 * @return void2832 */2833 public function topics_settings_save() {2834 check_admin_referer( ‘wpforo_settings_save_topics’ );28352836 if( wpfkey( $_POST, ‘reset’ ) ) {2837 wpforo_delete_option( ‘topics’ );2838 } else {2839 $topics = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘topics’] ), WPF()->settings->_topics );2840 foreach( $this->generate_option_names( ‘topics’ ) as $option_name ) {2841 wpforo_update_option( $option_name, $topics );2842 }2843 }28442845 WPF()->notice->add( 'Successfully Done’, ‘success’ );2846 wp_safe_redirect( wp_get_raw_referer() );2847 exit();2848 }28492850 /**2851 * um_settings_save from submit action2852 *2853 * @return void2854 */2855 public function um_settings_save() {2856 check_admin_referer( ‘wpforo_settings_save_um’ );28572858 if( wpfkey( $_POST, ‘reset’ ) ) {2859 wpforo_delete_option( ‘wpforo_um’ );2860 } else {2861 $um = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘um’] ), WPF()->settings->_um );2862 wpforo_update_option( 'wpforo_um’, $um );2863 }28642865 WPF()->notice->add( 'Successfully Done’, ‘success’ );2866 wp_safe_redirect( wp_get_raw_referer() );2867 exit();2868 }28692870 /**2871 * um_settings_save from submit action2872 *2873 * @return void2874 */2875 public function legal_settings_save() {2876 check_admin_referer( ‘wpforo_settings_save_legal’ );28772878 if( wpfkey( $_POST, ‘reset’ ) ) {2879 wpforo_delete_option( ‘wpforo_legal’ );2880 } else {2881 $legal = wpforo_array_args_cast_and_merge( wp_unslash( $_POST[‘legal’] ), WPF()->settings->_legal );2882 wpforo_update_option( 'wpforo_legal’, $legal );2883 }28842885 WPF()->notice->add( 'Successfully Done’, ‘success’ );2886 wp_safe_redirect( wp_get_raw_referer() );2887 exit();2888 }28892890 /**2891 * @return array with all boardids where need to save options2892 */2893 private function get_boardids_to_be_saved() {2894 $boardids = (array) WPF()->board->get_current( ‘boardid’ );2895 if( wpfkey( $_POST, ‘save_for_all’ ) ) {2896 $boardids = array_unique( array_merge( $boardids, WPF()->board->get_active_boardids() ) );2897 }28982899 return $boardids;2900 }29012902 /**2903 * @param string $basename2904 *2905 * @return string[]2906 */2907 public function generate_option_names( $basename ) {2908 return array_map(2909 function( $boardid ) use ( $basename ) {2910 return ‘wpforo_’ . ( $boardid ? $boardid . ‘_’ : ‘’ ) . $basename;2911 },2912 $this->get_boardids_to_be_saved()2913 );2914 }29152916 /**2917 * uninstall all wpforo2918 */2919 public function uninstall() {2920 check_admin_referer( ‘wpforo_uninstall’ );2921 if( current_user_can(‘administrator’) && current_user_can( ‘activate_plugins’ ) ){2922 wpforo_uninstall();2923 }2924 wp_safe_redirect( wp_get_referer() );2925 exit();2926 }2927}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907