CVE-2021-4388: ajax-functions.php in opal-estate/trunk/inc – WordPress Plugin Repository

1<?php 2/**3 * $Desc$4 *5 * @version $Id$6 * @package opalestate7 * @author Opal Team <[email protected] >8 * @copyright Copyright © 2016 wpopal.com. All Rights Reserved.9 * @license GNU/GPL v2 or later http://www.gnu.org/licenses/gpl-2.0.html10 *11 * @website http://www.wpopal.com12 * @support http://www.wpopal.com/support/forum.html13 */14 15if ( ! defined( ‘ABSPATH’ ) ) {16 exit; // Exit if accessed directly17}181920if (!function_exists(‘opalestate_process_send_email’)) {21 function opalestate_process_send_email() {2223 do_action( ‘opalestate_process_send_email_before’ );242526 $name = sanitize_text_field( $_POST[‘name’] );27 $email = sanitize_email( $_POST[‘email’] );28 $message = sanitize_text_field( $_POST[‘message’] );29 $phone = isset( $_POST[‘phone’] ) ? sanitize_text_field( $_POST[‘phone’]) : '’;30 $post_id = intval( $_POST[‘post_id’] );31 $id = intval( $_POST[‘id’] );32 $cc_me = isset( $_POST[‘cc_me’] ) ? absint( $_POST[‘cc_me’] ) : 0;33 $type = isset( $_POST[‘type’] ) ? $_POST[‘type’] : 'user’;3435 $subject = opalestate_get_option('contact_email_subject’, __('You got a message’, ‘opalestate’) );36 37 $default = trim(preg_replace('/\t+/’, '’, “Hi {receive_name},<br>38 You have got message from {name} with email {email}. Here is detail:39 <br>40 <br>41 {message}42 <br>43  <br>44 <br>45 <em>This message was sent by {site_link} on {current_time}.</em>”)); 4647 4849 $from_name = (string)opalestate_get_option('from_name’, get_bloginfo( ‘name’ ) );50 $from_email = (string) opalestate_get_option(‘from_email’ , get_bloginfo( ‘admin_email’ ) );51 $headers = sprintf( "From: %s <%s>\r\n Content-type: text/html", $from_name, $from_email );5253 54 $agent_email = $receive_name = '’;55 56 switch ( $type ) {5758 case 'office’:59 $agent_email = get_post_meta( $id, OPALESTATE_OFFICE_PREFIX . 'email’, true ); 60 $agent = get_post( $id );61 $receive_name = $agent->post_title;62 break;63 case 'agent’:64 $agent_email = get_post_meta( $id, OPALESTATE_AGENT_PREFIX . 'email’, true ); 65 $agent = get_post( $id );66 $receive_name = $agent->post_title;67 break;68 case 'user’:69 $user = get_user_by('id’, $id );70 $agent_email = $user->data->user_email; 71 $receive_name = $user->data->display_name; 72 break; 73 default:74 # code…75 break;76 } 7778 $site_link = $post_id ? get_permalink( $post_id ) : get_home_url();79 $current_time = date(“F j, Y, g:i a”);80 $tags = array("{receive_name}", "{name}", "{email}", "{property_link}", "{message}", "{property_name}", "{site_link}","{current_time}", “{phone}”);81 $values = array($receive_name, $name, $email, $property_link, $message, $property_name, $site_link, $current_time, $phone );82 83 $body = apply_filters('opalestate_email_contact_body_template’, opalestate_get_option('contact_email_body’, $default ), $_POST );8485 8687 $subject = html_entity_decode($subject);88 $subject = str_replace($tags, $values, $subject);8990 $body = html_entity_decode($body);91 $message = str_replace($tags, $values, $body);9293 if( $receive_name && $agent_email ) {9495 if( $cc_me ){96 $status = @wp_mail( $email, $subject, $message, $headers );97 }98 99 $status = @wp_mail( $agent_email, $subject, $message, $headers );100 $return = array( ‘status’ => 'success’, ‘msg’ => __( 'Message has been successfully sent.’, ‘opalestate’ ) );101 102 echo json_encode($return); die();103 104 }105 $return = array( ‘status’ => 'danger’, ‘msg’ => __( 'Unable to send a message.’, ‘opalestate’ ) );106 echo json_encode($return); die();107 }108}109110add_action( 'wp_ajax_send_email_contact’, ‘opalestate_process_send_email’ );111add_action( 'wp_ajax_nopriv_send_email_contact’, ‘opalestate_process_send_email’ );112113/**114 * Share content form115 */116function opalestate_share_content_form(){117118 if( is_user_logged_in() ){119 $return = array( ‘status’ => 'danger’, ‘msg’ => __( 'Unable to send a message.’, ‘opalestate’ ) );120 }121122 $friend_emails = $_POST[‘friend_email’]; 123124 $name = sanitize_text_field( $_POST[‘name’] );125 $email = sanitize_email( $_POST[‘email’] );126 $message = sanitize_text_field( $_POST[‘message’] );127 $search_link = sanitize_text_field( $_POST[‘uri’] );128 $headers = sprintf( "From: %s <%s>\r\n Content-type: text/html", $name, $email );129130131 $default = trim(preg_replace('/\t+/’, '’, “You have got message from {name} with email {email}. Here is detail:132 <br>133 <br>134 {message}135 <br>136 {search_link}137  <br>138 <br>139 <em>This message was sent by {site_link} on {current_time}.</em>”)); 140141 $site_link = get_home_url();142 $current_time = date(“F j, Y, g:i a”);143 $tags = array( "{name}", "{email}", "{search_link}", "{message}", “{site_link}","{current_time}”);144 $values = array( $name, $email, $search_link, $message, $site_link, $current_time );145 146 $body = apply_filters('opalestate_email_contact_body_template’, opalestate_get_option('share_content_body’, $default ), $_POST );147148149 $subject = sprintf( __('You sent a message from %s’, ‘opalestate’), $name ); 150 $subject = html_entity_decode($subject);151 $subject = str_replace($tags, $values, $subject);152153 $body = html_entity_decode($body);154 $message = str_replace($tags, $values, $body);155156157 if( !empty($friend_emails) && is_array($friend_emails) ) {158159 $friend_emails = array_chunk( $friend_emails, 5 );160 $friend_emails = $friend_emails[0];161 foreach ( $friend_emails as $key => $friend_email) {162 $status = @wp_mail( $friend_email, $subject, $message, $headers );163 }164 165 $return = array( ‘status’ => 'success’, ‘msg’ => __( 'Message has been successfully sent.’, ‘opalestate’ ) );166 echo json_encode($return); die();167 168 }169170 echo json_encode( $return ); die();171}172173add_action( 'wp_ajax_share_content_form’, ‘opalestate_share_content_form’ );174add_action( 'wp_ajax_nopriv_share_content_form’, ‘opalestate_share_content_form’ );175176177/* set feature property */178add_action( 'wp_ajax_opalestate_set_feature_property’, ‘opalestate_set_feature_property’ );179add_action( 'wp_ajax_nopriv_opalestate_set_feature_property’, ‘opalestate_set_feature_property’ );180if ( ! function_exists( ‘opalestate_set_feature_property’ ) ) {181 function opalestate_set_feature_property() {182183 if ( ! isset( $_REQUEST[‘nonce’] ) && ! wp_verify_nonce( $_REQUEST[‘nonce’], ‘nonce’ ) ) return;184 if ( ! isset( $_REQUEST[‘property_id’] ) ) return;185 update_post_meta( absint( $_REQUEST[‘property_id’] ), OPALESTATE_PROPERTY_PREFIX . 'featured’, 1 );186187 wp_redirect( admin_url( ‘edit.php?post_type=opalestate_property’ ) ); exit();188 }189}190/* remove feature property */191add_action( 'wp_ajax_opalestate_remove_feature_property’, ‘opalestate_remove_feature_property’ );192add_action( 'wp_ajax_nopriv_opalestate_remove_feature_property’, ‘opalestate_remove_feature_property’ );193if ( ! function_exists( ‘opalestate_remove_feature_property’ ) ) {194 function opalestate_remove_feature_property() {195 if ( ! isset( $_REQUEST[‘nonce’] ) && ! wp_verify_nonce( $_REQUEST[‘nonce’], ‘nonce’ ) ) return;196197 if ( ! isset( $_REQUEST[‘property_id’] ) ) return;198199 update_post_meta( absint( $_REQUEST[‘property_id’] ), OPALESTATE_PROPERTY_PREFIX . 'featured’, ‘’ );200 wp_redirect( admin_url( ‘edit.php?post_type=opalestate_property’ ) ); exit();201 }202}203204/**205 * Set Featured Item Following user206 */207add_action( 'wp_ajax_opalestate_toggle_featured_property’, ‘opalestate_toggle_featured_property’ );208add_action( 'wp_ajax_nopriv_opalestate_toggle_featured_property’, ‘opalestate_toggle_featured_property’ );209210function opalestate_toggle_featured_property(){211 212 global $current_user;213 wp_get_current_user();214 $user_id = $current_user->ID;215216 $property_id = intval( $_POST[‘property_id’] );217 $post = get_post( $property_id );218219 if( $post->post_author == $user_id ) {220 221 $check = apply_filters( 'opalestate_set_feature_property_checked’, false );222 if( $check ) {223 do_action( 'opalestate_toggle_featured_property_before’, $user_id, $property_id );224 update_post_meta( $property_id, OPALESTATE_PROPERTY_PREFIX . 'featured’, 1 );225 echo json_encode( array( ‘status’ => true, ‘msg’ => __(‘Could not set this as featured’,’opalestate’) ) );226 wp_die();227 } 228 } 229230 echo json_encode( array( ‘status’ => false, ‘msg’ => __(‘Could not set this as featured’,’opalestate’) ) );231 wp_reset_query();232 wp_die();233 234}235236237/**238 * load more properties by office239 */240add_action( 'wp_ajax_get_office_property’, ‘opalestate_load_more_office_property’ );241add_action( 'wp_ajax_nopriv_get_office_property’, ‘opalestate_load_more_office_property’ );242243function opalestate_load_more_office_property(){ 244245 246 $post = array(247 ‘post_id’ => 0,248 ‘paged’ => 1,249 ‘user_id’ => 13,250 ‘related’ => '’,251 ‘limit’ => apply_filters( 'opalesate_office_properties_limit’, 5 ) 252 );253254 $post = array_merge( $post, $_POST );255 extract( $post );256257 $user_id = get_post_meta( $post_id, OPALESTATE_OFFICE_PREFIX . 'user_id’, true ); 258 $query = Opalestate_Query::get_office_property( $post_id, $user_id , $limit , $paged );259 260 if( $query->have_posts() ) :261 while( $query->have_posts() ) : $query->the_post(); ?>262 <div class="col-lg-12 col-md-12 col-sm-12">263 <?php echo Opalestate_Template_Loader::get_template_part( ‘content-property-list-v2’ ); ?>264 </div> 265 <?php endwhile; 266 endif; 267 wp_reset_postdata();268 exit;269}270271272/**273 * load more properties by office274 */275add_action( 'wp_ajax_get_agent_property’, ‘opalestate_get_agent_property’ );276add_action( 'wp_ajax_nopriv_get_agent_property’, ‘opalestate_get_agent_property’ );277278function opalestate_get_agent_property(){ 279280 global $paged;281 $post = array(282 283 ‘paged’ => 1,284 ‘id’ => 13,285 ‘limit’ => apply_filters( 'opalesate_agent_properties_limit’, 1 ) 286 );287288 $post = array_merge( $post, $_POST );289 extract( $post );290 291 set_query_var( 'paged’, $post[‘paged’] );292 $query = Opalestate_Query::get_agent_property( null, $post[‘id’], $limit );293 294 $paged = $post[‘paged’]; 295 if( $query->have_posts() ) : ?>296 <div class="opalestate-rows">297 <div class="<?php echo apply_filters('opalestate_row_container_class’, ‘row opal-row’);?>">298 <?php while( $query->have_posts() ) : $query->the_post(); ?>299 <div class="col-lg-12 col-md-12 col-sm-12">300 <?php echo Opalestate_Template_Loader::get_template_part( ‘content-property-list’ ); ?>301 </div> 302 <?php endwhile; ?> 303 </div>304 </div> 305 <?php if( $query->max_num_pages > 1 ): ?>306 <div class="w-pagination"><?php opalestate_pagination( $query->max_num_pages ); ?></div>307 <?php endif; ?>308 <?php 309 endif; 310 wp_reset_postdata();311 exit;312}