CVE-2023-0039: wp-upg.php in wp-upg/trunk – WordPress Plugin Repository

1<?php2/*3Plugin Name: User Post Gallery4Plugin URI: http://odude.com/5Description: UPG - User Post Gallery. User can post content/images from frontend.6Version: 2.197Author: ODude Network8Author URI: http://odude.com/9License: GPLv2 or later10Text Domain: wp-upg11Domain Path: /languages12 */1314define('UPG_PLUGIN_VERSION’, ‘2.19’);15define('upg_ROOT_URL’, plugin_dir_url(__FILE__));16define('upg_FOLDER’, dirname(plugin_basename(__FILE__)));17define('upg_BASE_DIR’, WP_CONTENT_DIR . ‘/plugins/’ . upg_FOLDER . ‘/’);18define('upg_PLUGIN_URL’, content_url(‘/plugins/’ . upg_FOLDER));1920function upg_languages()21{22 load_plugin_textdomain('wp-upg’, false, dirname(plugin_basename(__FILE__)) . ‘/languages/’);23}2425include dirname(__FILE__) . '/classes/class.settings-api.php’;26include dirname(__FILE__) . "/classes/class.FormEntries.php";27include dirname(__FILE__) . '/classes/class.html_form.php’;28include dirname(__FILE__) . "/classes/quick_mode_setting.php";29include dirname(__FILE__) . "/classes/class.AlbumThumbnail.php";30include dirname(__FILE__) . "/libs/functions.php";31include dirname(__FILE__) . "/libs/functions-boolean.php";32include dirname(__FILE__) . "/libs/load_more.php";33include dirname(__FILE__) . "/libs/install.php";34include dirname(__FILE__) . "/libs/hooks.php";35include dirname(__FILE__) . "/libs/custom_column.php";36include dirname(__FILE__) . "/setting.php";37include dirname(__FILE__) . "/addon.php";38include dirname(__FILE__) . "/shortcode.php";39include dirname(__FILE__) . "/libs/metabox.php";40include dirname(__FILE__) . "/libs/breadcrumb.php";41include dirname(__FILE__) . "/layout/edit.php";42include dirname(__FILE__) . "/layout/button.php";43include dirname(__FILE__) . "/libs/taxonomy.php";44include dirname(__FILE__) . "/widgets/categories.php";45include dirname(__FILE__) . "/widgets/form.php";46include dirname(__FILE__) . "/addon/ultimatemember.php";47include dirname(__FILE__) . "/addon/buddypress.php";4849register_activation_hook(__FILE__, ‘upg_install’);50register_uninstall_hook(__FILE__, ‘upg_drop’);5152function upg_plugin_check_version()53{54 $options = get_option('upg_settings’, ‘’);5556 if (UPG_PLUGIN_VERSION !== get_option(‘upg_plugin_version’)) {57 //upg_log(‘I will be executed as soon as version do not match’);5859 if (get_option(‘upg_plugin_version’) < 1.92) {6061 if (isset($options[‘global_form_layout’])) {62 upg_set_option('global_form_layout’, 'upg_form’, $options[‘global_form_layout’]);63 upg_set_option('global_layout’, 'upg_gallery’, $options[‘global_layout’]);64 upg_set_option('global_media_layout’, 'upg_preview’, $options[‘global_media_layout’]);65 //upg_log('Value Updated to : '.$options[‘global_media_layout’]);66 }67 }6869 //Update Permalink70 flush_rewrite_rules();71 // Copy layouts from media folder to plugin folder72 require_once ABSPATH . 'wp-admin/includes/file.php’;73 WP_Filesystem();74 $upload_dir = wp_upload_dir();75 $path = $upload_dir[‘basedir’] . '/upg/’;76 $copy_file = copy_dir($path, upg_BASE_DIR . "layout/", $skip_list = array());7778 update_option('upg_plugin_version’, UPG_PLUGIN_VERSION);79 }80}8182//Loading css files83function upg_enqueue_scripts()84{85 global $upg_plugin, $current_screen;86 $options = get_option('upg_settings’, ‘’);8788 wp_enqueue_style('upg-style’, plugins_url() . ‘/’ . upg_FOLDER . '/css/style.css’, '’, UPG_PLUGIN_VERSION, ‘all’);8990 if (!isset($options[‘fancybox’]) || ‘0’ == $options[‘fancybox’]) {91 wp_enqueue_style('upg_fancybox_css’, plugins_url() . ‘/’ . upg_FOLDER . '/css/jquery.fancybox.min.css’, '’, UPG_PLUGIN_VERSION, ‘all’);92 wp_enqueue_script('upg_fancybox_js’, plugins_url() . ‘/’ . upg_FOLDER . '/js/jquery.fancybox.min.js’, array(‘jquery’), null, false);93 }9495 if (!isset($options[‘purecss’]) || ‘0’ == $options[‘purecss’]) {96 wp_enqueue_style('odude-pure’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/pure-min.css’);97 wp_enqueue_style('odude-pure-grid’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/grids-responsive-min.css’);98 }99100 if (!isset($options[‘fontawesome’]) || ‘0’ == $options[‘fontawesome’]) {101 wp_enqueue_style('upg-fontawesome’, ‘https://use.fontawesome.com/releases/v5.3.1/css/all.css’);102 }103 wp_enqueue_script('upg_input_tags’, plugins_url() . ‘/’ . upg_FOLDER . '/js/jquery.tagsinput.js’, '’, UPG_PLUGIN_VERSION, ‘’);104 wp_enqueue_script('upg_tags’, plugins_url() . ‘/’ . upg_FOLDER . '/js/filter-tags.js’, '’, UPG_PLUGIN_VERSION, ‘’);105 wp_enqueue_script('upg_common’, plugins_url() . ‘/’ . upg_FOLDER . '/js/common.js’, '’, UPG_PLUGIN_VERSION, ‘’);106 wp_enqueue_script('jquery.zoom’, plugins_url() . ‘/’ . upg_FOLDER . ‘/js/jquery.zoom.js’);107 wp_enqueue_script('upg_delete’, plugins_url() . ‘/’ . upg_FOLDER . '/js/upg_delete.js’, '’, UPG_PLUGIN_VERSION, ‘’);108 wp_enqueue_script('upg_oembed’, plugins_url() . ‘/’ . upg_FOLDER . '/js/upg_oembed.js’, '’, UPG_PLUGIN_VERSION, ‘’);109 wp_enqueue_script('upg_load_more’, plugins_url() . ‘/’ . upg_FOLDER . '/js/upg_load_more.js’, '’, UPG_PLUGIN_VERSION, ‘’);110 wp_enqueue_script('upg_ajax_post’, plugins_url() . ‘/’ . upg_FOLDER . '/js/upg_ajax_post.js’, '’, UPG_PLUGIN_VERSION, ‘’);111112 // Localize the script with new data113 $translation_array = array(114 ‘delete_string’ => __('Are you sure you want to delete?’, ‘wp-upg’),115 ‘ajaxurl’ => admin_url(‘admin-ajax.php’),116 );117118 wp_localize_script('upg_load_more’, 'myAjax’, $translation_array);119 wp_localize_script('upg_common’, 'myAjax_datatable’, array(‘ajaxurl’ => admin_url(‘admin-ajax.php?action=upg_datatable’)));120}121function upg_admin_enqueue_scripts()122{123 global $upg_plugin, $current_screen;124 $options = get_option('upg_settings’, ‘’);125 $screen = get_current_screen();126 //echo $screen->base;127 if (‘upg_page_wp_upg’ == $screen->base) {128129 wp_enqueue_style('odude-pure’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/pure-min.css’);130 //wp_enqueue_style(‘font-awesome-css’,’https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css’);131 wp_enqueue_style('odude-pure-grid’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/grids-responsive-min.css’);132 }133 wp_enqueue_script(‘jquery’);134 wp_enqueue_script(‘jquery-form’);135 wp_enqueue_script(‘jquery-ui-core’);136 wp_enqueue_script(‘jquery-ui-datepicker’);137 wp_enqueue_script(‘jquery-ui-tabs’); // enqueue jQuery UI Tabs138 //wp_enqueue_script(‘jquery-ui-accordion’);139 wp_enqueue_style(‘wp-color-picker’);140 wp_enqueue_script(‘wp-color-picker’);141142 $options = get_option('upg_settings’, ‘’);143 wp_enqueue_style('upg-style’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/aristo.css’);144 wp_enqueue_style('upg-admin’, plugins_url() . ‘/’ . upg_FOLDER . ‘/css/admin.css’);145}146147//Move image meta box-media148function upg_admin_footer_hook()149{150 global $post;151 if (get_post_type($post) == ‘upg’) { ?> <script type="text/javascript">152 jQuery(document).ready(function($) {153 $(‘#normal-sortables’).insertBefore(‘#postdivrich’);154 });155 </script> <?php }156 }157 /** Hook into the Admin Footer */ add_action('admin_footer’, ‘upg_admin_footer_hook’);158159 //Generate auto media preview page160 function upg_the_content($content)161 {162163 global $post;164 $options = get_option(‘upg_settings’);165166 if (‘upg’ != $post->post_type) {167 return $content;168 }169170 if (is_singular() && is_main_query()) {171 //Receiving all the custom post values172 $all_upg_fields = get_post_custom($post->ID);173174 //If upg_layout is mentioned in url, it will ignore currently set layout.175 if (isset($_GET[‘upg_layout’])) {176 $upg_layout_slug = $_GET[‘upg_layout’];177 $upg_layout = sanitize_text_field($upg_layout_slug);178 } else {179180 if (isset($all_upg_fields[“upg_layout”][0])) {181 $upg_layout = $all_upg_fields[“upg_layout”][0];182 } else {183 $upg_layout = "basic";184 }185 }186187 $filename = dirname(__FILE__) . “/layout/media/” . $upg_layout . “/” . $upg_layout . ".php";188189 if (file_exists($filename)) {190 require_once $filename;191 return upg_product_content($post);192 } else {193 require_once dirname(__FILE__) . "/layout/media/basic/basic.php";194 return upg_product_content($post);195 }196 }197 }198 //Include youtube from url199 function upg_showyoutube($params)200 {201202 $abc = include upg_BASE_DIR . 'layout/youtube.php’;203 return $abc;204 }205206 //Pick single upg-post207 function upg_pick($params)208 {209210 $abc = include upg_BASE_DIR . 'layout/pick.php’;211 return $abc;212 }213214 //List Primary Images [upg-list]215 function upg_list($params)216 {217 $options = get_option(‘upg_settings’);218219 $abc = include upg_BASE_DIR . 'layout/catalog.php’;220 return $abc;221 }222223 //Attach gallery to post. [upg-attach]224 function upg_attach($params)225 {226 $options = get_option(‘upg_settings’);227 $current_post_id = get_the_ID();228 $abc = include upg_BASE_DIR . 'layout/attach.php’;229230 return $abc;231 }232233 //Attach gallery to post. [upg-datatable]234 function upg_datatable_shortcode($params)235 {236 $options = get_option(‘upg_settings’);237 $current_post_id = get_the_ID();238 $abc = include upg_BASE_DIR . 'layout/datatable.php’;239240 return $abc;241 }242243 //List album [upg-album]244 function upg_album($params)245 {246 $options = get_option(‘upg_settings’);247 $abc = include upg_BASE_DIR . 'layout/album.php’;248249 return $abc;250 }251252 //Generate UPG Magic Form. [upg-form]253 function upg_magic_form($params, $content = null)254 {255 $options = get_option(‘upg_settings’);256 $abc = include upg_BASE_DIR . 'layout/form/magic_form.php’;257 return $abc;258 }259 function upg_magic_form_tag($params)260 {261 $options = get_option(‘upg_settings’);262 $abc = include upg_BASE_DIR . 'layout/form/magic_form_tag.php’;263 return $abc;264 }265266 //Generate UPG classic form [upg-post-form]267 function upg_post_form($params, $content = null)268 {269 $options = get_option(‘upg_settings’);270 $abc = include upg_BASE_DIR . 'layout/form/magic_form.php’;271 return $abc;272 }273274 //Front end User Edit Post [upg-edit]275 function upg_user_edit_form($params)276 {277 if (is_user_logged_in()) {278 if (isset($_REQUEST[“upg_id”])) {279 $post_id = $_REQUEST[“upg_id”];280 } else {281 $post_id = "0";282 }283284 if (‘0’ == $post_id) {285 return __('Invalid request’, ‘wp-upg’);286 }287288 //$post=get_post($post_id );289 $options = get_option(‘upg_settings’);290 if (get_post_field('post_author’, $post_id) == get_current_user_id() && isset($_REQUEST[“upg_id”])) {291292 $post = get_post($post_id);293294 if (upg_isVideo($post)) {295 $type = "embed";296 } else {297 $type = "image";298 }299300 if (isset($params[‘layout’])) {301 $layout = trim($params[‘layout’]);302 } else {303 $layout = "basic";304 }305306 if (isset($params[‘preview’])) {307 $preview = $params[‘preview’];308 } else {309 $preview = "basic";310 }311312 if (“youtube” == $type || “vimeo” == $type || “embed” == $type) {313 $abc = include upg_BASE_DIR . 'layout/form/post_edit_youtube.php’;314 } else {315 $abc = include upg_BASE_DIR . 'layout/form/post_edit_image.php’;316 }317318 return $abc;319 }320 } else {321322 upg_login_link();323 }324 }325326 //Front end User Post [upg-post]327 function upg_user_post_form($params)328 {329 $options = get_option(‘upg_settings’);330331 if (isset($params[‘type’])) {332 $type = $params[‘type’];333 } else {334 $type = "image";335 }336337 if (isset($params[‘preview’])) {338 $preview = $params[‘preview’];339 } else {340 $preview = upg_get_option('global_media_layout’, 'upg_preview’, ‘basic’);341 }342343 if (isset($options[‘ajax_form’]) && ‘1’ == $options[‘ajax_form’]) {344 $upg_ajax = true;345 } else {346 $upg_ajax = false;347 }348349 if (isset($params[‘ajax’]) && ‘true’ == $params[‘ajax’]) {350 $upg_ajax = true;351 }352353 if (isset($params[‘ajax’]) && ‘false’ == $params[‘ajax’]) {354 $upg_ajax = false;355 }356357 if (isset($params[‘form_name’])) {358 $form_name = $params[‘form_name’];359 } else {360 $form_name = "";361 }362363 if (isset($params[‘private’]) && ‘true’ == $params[‘private’]) {364 $media_private = "true";365 } else {366 $media_private = "false";367 }368369 if (isset($params[‘attach’]) && ‘true’ == $params[‘attach’] && $upg_ajax) {370 $form_attach_id = get_the_ID();371 } else {372 $form_attach_id = "0";373 }374375 if (“youtube” == $type || “vimeo” == $type || “embed” == $type) {376 $abc = include upg_BASE_DIR . 'layout/form/post_youtube.php’;377 } else {378 $abc = include upg_BASE_DIR . 'layout/form/post_image.php’;379 }380381 return $abc;382 }383384 //Delete image attached when post is deleted385 add_action('before_delete_post’, ‘upg_before_delete_post’);386 function upg_before_delete_post($postid)387 {388389 // We check if the global post type isn’t ours and just return390 global $post_type;391 if (‘upg’ != $post_type) {392 return;393 }394395 upg_delete_post_media($postid);396 }397398 //taxonomy/album will be redirected when category is opened399 add_action('template_redirect’, ‘upg_template_redirect’);400 function upg_template_redirect()401 {402 $redirect_url = '’;403 if (!is_feed()) {404 // If Album Page405 if (is_tax(‘upg_cate’)) {406407 $term = get_queried_object();408 $redirect_url = upg_get_category_page_link($term, ‘upg_cate’);409 }410 if (is_tax(‘upg_tag’)) {411 //Converts system tag url to own url412 $term = get_queried_object();413 $page_settings = get_option(‘upg_settings’);414 $link = get_permalink(upg_get_option('main_page’, 'upg_gallery’, ‘0’));415 $link = add_query_arg("upg_tag", $term->slug, $link);416417 $redirect_url = $link;418 }419 }420 // Redirect421 if (!empty($redirect_url)) {422423 wp_redirect($redirect_url);424 exit();425 }426 }427428 //Rewrite rules for user gallery429 add_action('init’, ‘upg_user_url’);430 function upg_user_url()431 {432 $options = get_option(‘upg_settings’);433434 if (upg_get_option('main_page’, 'upg_gallery’, ‘0’) != ‘0’) {435 //$main_page=get_permalink($options[‘main_page’]);436 $main_page = basename(get_permalink(upg_get_option('main_page’, 'upg_gallery’, ‘0’)));437438 //Rewrite rules to browse by user439 add_rewrite_rule(440 ‘^’ . $main_page . '/member/([^/]*)$’,441 ‘index.php?user=$matches[1]&page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’),442 'top’443 );444445 add_rewrite_rule(446 ‘^’ . $main_page . '/member/([^/]+)/page/([0-9]+)?$’,447 ‘index.php?user=$matches[1]&paged=$matches[2]&page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’),448 'top’449 );450451 //Rewrite rules to browse by tag452453 add_rewrite_rule(454 ‘^’ . $main_page . '/tag/([^/]*)$’,455 ‘index.php?page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’) . '&upg_tag=$matches[1]',456 'top’457 );458459 add_rewrite_rule(460 ‘^’ . $main_page . '/tag/([^/]+)/page/([0-9]+)?$’,461 ‘index.php?upg_tag=$matches[1]&paged=$matches[2]&page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’),462 'top’463 );464465 //rewrite rules pagination to browse by album466 add_rewrite_rule(467 ‘^’ . $main_page . '/([^/]+)/page/([0-9]+)?$’,468 ‘index.php?upg_cate=$matches[1]&paged=$matches[2]&page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’),469 'top’470 );471472 add_rewrite_rule(473 ‘^’ . $main_page . '/([^/]*)$’,474 ‘index.php?upg_cate=$matches[1]&page_id=’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’),475 'top’476 );477 }478 }479 function upg_query_vars($aVars)480 {481 $aVars[] = "user"; // represents the name of the variable as shown in the URL482 $aVars[] = "upg_cate";483 $aVars[] = "paged";484 return $aVars;485 }486487 add_filter('query_vars’, ‘upg_query_vars’);488489 //Changing page title dynamically. loop_start prevent from updating menu title490 add_action('loop_start’, ‘upg_set_custom_title’);491 function upg_set_custom_title()492 {493494 add_filter('the_title’, 'upg_filter_page_title’, 10, 2);495 }496497 function upg_filter_page_title($title)498 {499500 $options = get_option(‘upg_settings’);501 $current_page_id = get_the_ID();502 $album_name = "";503 $main_page_id = upg_get_option('main_page’, 'upg_gallery’, ‘0’);504 if ($main_page_id == $current_page_id && in_the_loop()) {505506 global $post;507 global $wp_query;508509 $term_slug = get_query_var(‘upg_cate’);510 $term = get_term_by('slug’, $term_slug, ‘upg_cate’);511512 if (“” != $term_slug) {513 $album_name = $term->name;514 }515516 $term_slug = get_query_var(‘upg_tag’);517 $term = get_term_by('slug’, $term_slug, ‘upg_tag’);518519 if (“” != $term_slug) {520 $album_name = $term->name;521 }522523 if (isset($wp_query->query_vars[‘user’])) {524 $user = sanitize_text_field($wp_query->query_vars[‘user’]);525 } else {526 $user = "";527 }528529 $author = get_user_by('slug’, $user);530531 if (“” != $album_name) {532533 return $album_name;534 }535536 if (“” != $user) {537538 return $author->user_nicename;539 }540 }541542 return $title;543 }544 //Include in archive page545 if (‘1’ == $options[‘archive’]) {546547 //Include UPG in archive page548 add_action('pre_get_posts’, function ($query) {549 if (550 !is_admin()551 && $query->is_main_query()552 && $query->is_archive()553 ) {554 $query->set('post_type’, array('post’, ‘upg’));555 }556 });557 //To display in Archive widget558 add_filter('getarchives_where’, function ($where) {559 $where = str_replace("post_type = ‘post’", “post_type IN ( 'post’, ‘upg’ )“, $where);560 return $where;561 });562 }563564 /**565 * Add any custom links to plugin list page566 *567 * @param array $links568 *569 * @return array570 */571 function upg_plugin_links($links)572 {573574 $more_links[] = ‘<a href="’ . admin_url() . ‘edit.php?post_type=upg&page=wp_upg_quick">’ . __('Quick Settings’, ‘wp-upg’) . '</a>’;575 $more_links[] = ‘<a href="’ . admin_url() . ‘edit.php?post_type=upg&page=wp_upg">’ . __('Advance Settings’, ‘wp-upg’) . '</a>’;576577 $links = $more_links + $links;578 return $links;579 }580581 /*582List extra links on plugin list page583 */584 function upg_plugin_links_extra($links, $file)585 {586 if (plugin_basename(__FILE__) !== $file) {587 return $links;588 }589590 $more_links[] = __(‘Version’, ‘wp-upg’) . ' ' . UPG_PLUGIN_VERSION . ' | <a href="http://odude.com/demo/faq/">’ . __('Documentation’, ‘wp-upg’) . '</a>’;591 // $more_links[] = '<a target="_blank” href="https://wordpress.org/support/plugin/wp-upg/reviews/?rate=5#new-post” title="’ . __('Rate the plugin’, ‘wp-reset’) . ‘">’ . __('Rate the plugin’, ‘wp-upg’) . ' ★★★★★</a>’;592 $more_links[] = ‘<a href="’ . admin_url() . ‘edit.php?post_type=upg&page=upg_shortcode">’ . __('Shortcode Guide’, ‘wp-upg’) . '</a>’;593 $links = $more_links + $links;594 return $links;595 }596 add_filter('plugin_row_meta’, 'upg_plugin_links_extra’, 10, 2);597598 $prefix = is_network_admin() ? ‘network_admin_’ : '’;599 add_filter(“{$prefix}plugin_action_links_” . plugin_basename(__FILE__), ‘upg_plugin_links’);600601 //Set custom sizes for media settings.602 add_action('after_setup_theme’, ‘upg_your_theme_setup’);603 function upg_your_theme_setup()604 {605 $options = get_option(‘upg_settings’);606607 if (!isset($options[‘upg_thumbnail_size_h’])) {608 $options[‘upg_thumbnail_size_w’] = "150";609 $options[‘upg_thumbnail_size_h’] = "150";610611 $options[‘upg_medium_size_w’] = “300";612 $options[‘upg_medium_size_h’] = “300";613614 $options[‘upg_large_size_w’] = “1024";615 $options[‘upg_large_size_h’] = “1024";616 }617618 if (!isset($options[‘upg_thumbnail_crop’])) {619 $options[‘upg_thumbnail_crop’] = '0’;620 $crop = false;621 } else {622 $crop = true;623 }624625 add_image_size('odude-thumb’, $options[‘upg_thumbnail_size_w’], $options[‘upg_thumbnail_size_h’], $crop);626 add_image_size('odude-medium’, $options[‘upg_medium_size_w’], $options[‘upg_medium_size_h’]);627 add_image_size('odude-large’, $options[‘upg_large_size_w’], $options[‘upg_large_size_h’]);628 }629630 //Display notice as soon as plugin is activated.631 register_activation_hook(__FILE__, ‘upg_admin_notice_example_activation_hook’);632633 function upg_admin_notice_example_activation_hook()634 {635 set_transient('upg-admin-notice-example’, true, 5);636 }637638 add_action(‘admin_notices’, ‘upg_admin_notice_example_notice’);639640 function upg_admin_notice_example_notice()641 {642 $options = get_option(‘upg_settings’);643 /* Check transient, if available display notice */644 if (get_transient(‘upg-admin-notice-example’)) {645 ?>646 <div class="updated notice is-dismissible">647 <h3>UPG Notes:</h3>648 <p>Some pages are auto created. Do not delete them even if not required.</p>649 <p>Go to UPG Settings and select those pages at appropriate location.</p>650 <p>It is advisable to update Wordpress “Settings > Permalinks", after page update.</p>651 </div>652 <?php653 /* Delete transient, only display this notice once. */654 delete_transient(‘upg-admin-notice-example’);655 }656657 if (upg_get_option('main_page’, ‘upg_gallery’, ‘0’) == ‘0’) {658 ?>659 <div class="updated notice is-dismissible">660661 <p>Review the pages selected at UPG settings and save it before continue. All pages must be selected.</p>662663 </div>664<?php665 }666 }667668 //Add menu hook to top of admin pages669 function upg_admin_top_menu()670 {671 if (is_admin()) {672 $page_name = ‘wp_upg_quick’;673674 if (isset($_GET[‘page’])) {675 $page_name = $_GET[‘page’];676 }677678 echo "<div style=’text-align:right’>";679680 echo “<a href=’” . admin_url(‘edit.php?post_type=upg&page=wp_upg_quick’) . “’><b class=’button " . ((‘wp_upg_quick’ == $page_name) ? ‘button-primary’ : ‘’) . " '>” . __("Basic Settings", “wp-upg”) . “</b></a>";681 echo " <a href=’” . admin_url(‘edit.php?post_type=upg&page=wp_upg’) . “’><b class=’button " . ((‘wp_upg’ == $page_name) ? ‘button-primary’ : ‘’) . " '>” . __("Advance Settings", “wp-upg”) . “</b></a>";682683 //$main_page_url = ‘#’ . upg_get_option('main_page’, 'upg_gallery’, ‘0’);684685 //if (upg_get_option('main_page’, 'upg_gallery’, ‘0’) != ‘0’ && upg_get_option('main_page’, 'upg_gallery’, ‘0’) != ‘xxx’)686 // $main_page_url = esc_url(get_page_link(upg_get_option('main_page’, 'upg_gallery’, ‘0’)));687688 //echo " <a href=’” . $main_page_url . "’ class=’button’ target=’_blank’>Test UPG Page</a>";689 echo " <a href=’” . admin_url(‘edit.php?post_type=upg&page=wp_upg_layout’) . "’ class=’button " . ((‘wp_upg_layout’ == $page_name) ? ‘button-primary’ : ‘’) . " '>” . __(‘Layout Editor’, ‘wp-upg’) . “</a>";690 echo " <a href=’” . admin_url(‘edit.php?post_type=upg&page=wp_upg_addon’) . "’ class=’button " . ((‘wp_upg_addon’ == $page_name) ? ‘button-primary’ : ‘’) . " '>” . __(‘Addons & Help’, ‘wp-upg’) . “</a>";691 echo " <a href=’” . admin_url(‘edit.php?post_type=upg&page=upg_shortcode’) . "’ class=’button " . ((‘upg_shortcode’ == $page_name) ? ‘button-primary’ : ‘’) . " '>” . __(‘Shortcode Guide’, ‘wp-upg’) . "</a>";692 if (!is_upg_pro()) {693 echo " <a href=’http://odude.com/product/wp-upg-pro/’ class=’button button-secondary’>Purchase UPG PRO</a>";694 }695 echo '</div>’;696 }697 }698 add_action('upg_admin_top_menu’, ‘upg_admin_top_menu’, 10, 2);699700 /**701 * Hook into options page after save for advance setting page.702 */703704 /* function upg_hook_advance_options_page_after_save( $old_value, $new_value )705{706// if ( $old_value[‘some_option’] != $new_value[‘some_option’] )707//{708// This value has been changed. Insert code here.709//}710711$options = get_option(‘upg_settings’);712713if( $options[‘show_advance_setting’]==’0’)714{715upg_set_option( 'show_advance_setting’, 'upg_general’, ‘0’ );716717}718//upg_log($options[‘show_advance_setting’].”----");719}720add_action( 'update_option_upg_settings’, 'upg_hook_advance_options_page_after_save’, 10, 2 ) */;721722 //datatable ajax load [upg-datable]723 add_action("wp_ajax_upg_datatable", “upg_datatable”);724 add_action("wp_ajax_nopriv_upg_datatable", “upg_datatable”);725726 function upg_datatable()727 {728 global $post;729 global $wp_query;730 $options = get_option('upg_settings’, ‘’);731 header(“Content-Type: application/json”);732733 $request = $_GET;734 //print_r($request);735736 //Add values as function into array737 $val = array();738 $val_param1 = array();739 $val_param2 = array();740 $val_param3 = array();741742 $values = explode(‘,’, $request[‘field’]);743 foreach ($values as $option) {744 $cap = explode(“:", $option);745746 //$cap[0] Is a column label assigned in datatable.php747748 array_push($val, $cap[1]);749750 if (isset($cap[2])) {751 array_push($val_param1, $cap[2]);752 } else {753 array_push($val_param1, ‘’);754 }755 if (isset($cap[3])) {756 array_push($val_param2, $cap[3]);757 } else {758 array_push($val_param2, ‘’);759 }760 if (isset($cap[4])) {761 array_push($val_param3, $cap[4]);762 } else {763 array_push($val_param3, ‘’);764 }765 }766767 //print_r($val);768769 $args = array(770 ‘post_type’ => $request[‘post_type’],771 ‘post_status’ => 'publish’,772 ‘posts_per_page’ => $request[‘length’],773 ‘offset’ => $request[‘start’],774 ‘order’ => $request[‘order’][0][‘dir’],775 ‘_meta_or_title’ => $request[‘search’][‘value’], //action hook is used to replace 's’776 );777778 if (!empty($request[‘search’][‘value’])) {779 // When datatables search is used780781 $args[‘meta_query’] = array(782 ‘relation’ => 'OR’,783 array(784 ‘key’ => 'xxxx’,785 ‘value’ => sanitize_text_field($request[‘search’][‘value’]),786 ‘compare’ => 'LIKE’,787 ),788 );789790 if (‘upg’ == $request[‘post_type’]) {791 for ($x = 1; $x <= 5; $x++) {792 if (‘on’ == $options[‘upg_custom_field_’ . $x . ‘_show_front’]) {793 $abc = array(794 ‘relation’ => 'OR’,795 array(796 ‘key’ => ‘upg_custom_field_’ . $x,797 ‘value’ => sanitize_text_field($request[‘search’][‘value’]),798 ‘compare’ => 'LIKE’,799 ),800 );801802 $args[‘meta_query’] = array_merge($args[‘meta_query’], $abc);803 }804 }805 }806 }807 //print_r($args);808809 $data_query = new WP_Query($args);810 $totalData = $data_query->found_posts;811812 if ($data_query->have_posts()) {813814 while ($data_query->have_posts()) {815816 $data_query->the_post();817 $nestedData = array();818819 //Display column based on parameters820 for ($x = 0; $x < count($val); $x++) {821822 $func_name = trim($val[$x]);823824 if (function_exists($func_name)) {825 $nestedData[] = $func_name($val_param1[$x], $val_param2[$x], $val_param3[$x]);826 } else {827 $nestedData[] = $func_name . "('” . $val_param1[$x] . “’,’” . $val_param2[$x] . “,’” . $val_param3[$x] . "’) is invalid php function";828 }829 }830831 //Display column of custom fields of UPG settings832 for ($x = 1; $x <= 5; $x++) {833 if (‘on’ == $options[‘upg_custom_field_’ . $x . ‘_show_front’]) {834835 $nestedData[] = upg_get_value(‘upg_custom_field_’ . $x);836 }837 }838839 $data[] = $nestedData;840 }841842 wp_reset_query();843844 $json_data = array(845 “draw” => intval($request[‘draw’]),846 “recordsTotal” => intval($totalData),847 “recordsFiltered” => intval($totalData),848 “data” => $data,849 );850851 echo json_encode($json_data);852 } else {853854 $json_data = array(855 “draw” => intval($request[‘draw’]),856 “recordsTotal” => intval($totalData),857 “recordsFiltered” => intval($totalData),858 “data” => '’,859 );860861 echo json_encode($json_data);862 }863 wp_reset_query();864 wp_die();865 }866867 // To search title along with meta query, replace the “s” parameter in your custom query with a “_meta_or_title” parameter.868 add_action('pre_get_posts’, function ($q) {869 if ($title = $q->get(‘_meta_or_title’)) {870 add_filter('get_meta_sql’, function ($sql) use ($title) {871 global $wpdb;872873 // Only run once:874 static $nr = 0;875 if (0 != $nr++) {876 return $sql;877 }878879 // Modified WHERE880 $sql[‘where’] = sprintf(881 " AND ( %s OR %s ) ",882 $wpdb->prepare("{$wpdb->posts}.post_title like '%%%s%%’", $title),883 mb_substr($sql[‘where’], 5, mb_strlen($sql[‘where’]))884 );885886 return $sql;887 });888 }889 });890891 //Display shortcode or content mentioned at UPG settings after content892 function upg_display_after_content($content)893 {894 global $post;895 $all_upg_fields = get_post_custom($post->ID);896897 //Skip if in content , UPG settings is ‘After Content’ set to hide898 if (isset($all_upg_fields[“upg_hide_after_content”][0]) && “hide” == $all_upg_fields[“upg_hide_after_content”][0]) {899 return $content;900 }901902 $selected = upg_get_option('after_content_post’, 'upg_general’, array());903 if (!is_array($selected)) {904 $selected = array();905 }906907 if (is_single() || is_page() || !is_main_query() || !in_the_loop()) {908 if (in_array(get_post_type(), $selected, true)) {909910 $after_content = upg_get_option('after_content’, 'upg_general’, ‘’);911 $content .= do_shortcode(stripslashes($after_content));912 }913 }914 return $content;915 //return $selected;916 }917 add_filter("the_content", “upg_display_after_content”);918?>