Changeset 2051415
- Timestamp:
- 03/15/2019 06:48:49 PM (7 years ago)
- Location:
- code-injection/trunk
- Files:
-
- 13 added
- 1 deleted
- 5 edited
-
assets/code-editor.js (added)
-
assets/essentials.js (added)
-
assets/jquery.caret.min.js (added)
-
assets/jquery.tag-editor.css (added)
-
assets/jquery.tag-editor.min.js (added)
-
assets/wp-ci-general-settings.js (added)
-
assets/wp-code-injection-admin.css (modified) (1 diff)
-
assets/wp-code-injection-admin.js (deleted)
-
includes (added)
-
includes/assets-manager.php (added)
-
includes/calendar-heatmap.php (added)
-
includes/code-metabox.php (added)
-
includes/code-type.php (added)
-
includes/database.php (added)
-
includes/index.php (added)
-
readme.txt (modified) (1 diff)
-
uninstall.php (modified) (3 diffs)
-
wp-code-injection-plugin-widget.php (modified) (5 diffs)
-
wp-code-injection.php (modified) (17 diffs)
Legend:
- Unmodified
- Added
- Removed
-
code-injection/trunk/assets/wp-code-injection-admin.css
r2030642 r2051415 9 9 z-index: 9; 10 10 } 11 12 .gdcp-heatmap-container { 13 width: 332px; 14 height: 84px; 15 } 16 17 .gdcp-heatmap-row { 18 display: block; 19 padding: 0; 20 margin: 0; 21 float: left; 22 clear: both; 23 } 24 25 .gdcp-heatmap-row .dow { 26 float: left; 27 padding: 0; 28 margin: 0; 29 font-size: 10px; 30 line-height: 11px; 31 margin-right: 2px; 32 width: 30px; 33 text-align: left; 34 color: #aaa; 35 } 36 37 .gdcp-heatmap-cell { 38 display: block; 39 padding: 0; 40 margin: 1px; 41 float:left; 42 background-color: #ebedf0; 43 width:10px; 44 height:10px; 45 position: relative; 46 } 47 48 .gdcp-heatmap-cell .info { 49 display: none; 50 position: absolute; 51 bottom: 17px; 52 left: 50%; 53 transform: translate(-50% , 0); 54 -webkit-transform: translate(-50% , 0); 55 border-radius: 4px; 56 background-color: #1f1f1f; 57 background-color: rgba(0,0,0,.78); 58 padding: 10px; 59 box-sizing: border-box; 60 width: 170px; 61 color: #ccc; 62 text-align: center; 63 z-index: 100; 64 margin: 0; 65 } 66 67 .gdcp-chart-colors { 68 font-size: 10px; 69 line-height: 8px; 70 margin-top: 4px; 71 display: inline-block; 72 margin-left: 50px; 73 } 74 75 .gdcp-chart-colors .gradient { 76 width: 10px; 77 height: 10px; 78 display: block; 79 } 80 81 .gdcp-chart-colors i { 82 float:left; 83 margin:1px; 84 } 85 86 .gdcp-heatmap-cell .info .time { 87 color:#aaa; 88 } 89 90 .gdcp-heatmap-cell .info .arrow-down { 91 width: 0; 92 height: 0; 93 border-left: 6px solid transparent; 94 border-right: 6px solid transparent; 95 border-top: 6px solid rgba(0,0,0,.8); 96 display: block; 97 margin: 0; 98 padding: 0; 99 position: absolute; 100 left: 50%; 101 top: 100%; 102 transform: translate(-50% , 0); 103 } 104 105 .gdcp-heatmap-cell:hover .info { 106 107 display:block; 108 109 } 110 111 112 .gdcp-version-box { 113 font-size: 12px; 114 padding: 2px; 115 padding-left: 8px; 116 padding-right: 8px; 117 margin-left: 8px; 118 background-color: #00b2ff; 119 color: white; 120 border-radius: 2px; 121 text-decoration: none; 122 } 123 124 .tag-editor .tag-editor-delete i { 125 line-height: unset !important; 126 } 127 128 .ack-head-wrapper { 129 display: inline-block; 130 width: 100%; 131 } 132 133 .ack-head-wrapper .ack-title { 134 float: left; 135 } 136 137 .ack-head-wrapper .ack-new { 138 float: right; 139 } 140 141 p.description code { 142 font-style: normal; 143 } -
code-injection/trunk/readme.txt
r2030839 r2051415 5 5 Tested up to: 5.0.3 6 6 Requires PHP: 5.2.4 7 Stable tag: 2. 1.57 Stable tag: 2.2.8 8 8 License: Apache License, Version 2.0 9 9 License URI: http://www.apache.org/licenses/LICENSE-2.0 10 10 11 Allows You to inject code snippets into the pages by just using the Word press shortcode.11 Allows You to inject code snippets into the pages by just using the WordPress shortcode. 12 12 13 13 == Changelog == 14 14 15 = 2.1.5 = 16 * [fix] Text domain 17 18 = 2.1.4 = 19 * Initial SVN commit 15 = 2.2.8 = 16 * [fix] Assets Error 17 * [feature] Codes Category 20 18 21 19 [More](https://github.com/Rmanaf/wp-code-injection/blob/master/CHANGELOG.md) -
code-injection/trunk/uninstall.php
r2030839 r2051415 20 20 * 21 21 * Third Party Licenses : 22 * 23 * tagEditor : 24 * 25 * MIT License 22 26 * 27 * 28 * 23 29 * CodeMirror : 24 30 * … … 48 54 /** 49 55 * @package WP_Divan_Control_Panel 50 * @version 2. 1.556 * @version 2.2.9 51 57 */ 52 58 … … 56 62 57 63 58 delete_option( 'wp_dcp_code_injection_allow_shortcode' ); 64 // "CI" options 65 delete_option('wp_dcp_code_injection_db_version'); 66 67 delete_option('wp_dcp_code_injection_allow_shortcode'); 68 69 delete_option('wp_dcp_code_injection_role_version'); 70 71 72 // "Unsafe" options 73 delete_option('wp_dcp_unsafe_widgets_shortcodes'); 74 75 delete_option('wp_dcp_unsafe_widgets_php'); 76 77 delete_option('wp_dcp_unsafe_ignore_keys'); 78 79 80 if (empty(get_option('wp_dcp_unsafe_keys', ''))) { 81 82 delete_option('wp_dcp_unsafe_keys'); 83 84 } -
code-injection/trunk/wp-code-injection-plugin-widget.php
r2030839 r2051415 20 20 * 21 21 * Third Party Licenses : 22 * 23 * tagEditor : 24 * 25 * MIT License 22 26 * 27 * 28 * 23 29 * CodeMirror : 24 30 * … … 47 53 48 54 /** 55 * @author Arman Afzal <rman.afzal@gmail.com> 49 56 * @package WP_Divan_Control_Panel 50 * @version 2. 1.557 * @version 2.2.9 51 58 */ 52 59 … … 73 80 $title = apply_filters('widget_title', $instance['title']); 74 81 82 if($title == '0') 83 { 84 return; 85 } 86 75 87 //output 76 88 echo do_shortcode("[inject id='$title']"); … … 92 104 93 105 $query = new WP_Query([ 94 'post_type' => 'code s',106 'post_type' => 'code', 95 107 'post_status' => 'publish', 96 108 'posts_per_page' => -1 … … 102 114 <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Code ID:' , 'wp-code-injection'); ?></label> 103 115 <select style="width:100%;" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>"> 104 116 <option value="0">— Select —</option> 105 117 <?php 106 118 -
code-injection/trunk/wp-code-injection.php
r2030839 r2051415 20 20 * 21 21 * Third Party Licenses : 22 * 23 * tagEditor : 24 * 25 * MIT License 22 26 * 27 * 28 * 23 29 * CodeMirror : 24 30 * … … 50 56 Plugin URI: https://wordpress.org/plugins/code-injection 51 57 Description: Allows You to inject code snippets into the pages by just using the Wordpress shortcode 52 Version: 2. 1.558 Version: 2.2.9 53 59 Author: Arman Afzal 54 60 Author URI: https://github.com/Rmanaf … … 58 64 59 65 /** 66 * @author Arman Afzal <rman.afzal@gmail.com> 60 67 * @package WP_Divan_Control_Panel 61 * @version 2. 1.568 * @version 2.2.9 62 69 */ 63 70 … … 66 73 require_once __DIR__ . '/wp-code-injection-plugin-widget.php'; 67 74 75 require_once __DIR__ . '/includes/database.php'; 76 require_once __DIR__ . '/includes/calendar-heatmap.php'; 77 require_once __DIR__ . '/includes/code-metabox.php'; 78 require_once __DIR__ . '/includes/code-type.php'; 79 require_once __DIR__ . '/includes/assets-manager.php'; 80 81 68 82 if (!class_exists('WP_Code_Injection_Plugin')) { 69 70 83 71 84 class WP_Code_Injection_Plugin 72 85 { 73 86 87 private $code_meta_box; 88 private $database; 89 private $custom_post_type; 90 private $assets_manager; 91 92 public static $text_domain = 'code-injection'; 93 94 private static $role_version = '1.0.0'; 95 96 private static $client_version = '1.0.0'; 97 98 74 99 75 100 function __construct() 76 101 { 77 102 78 79 // create CPT 80 add_action('init', [&$this, 'create_posttype']); 81 82 add_action('admin_init', [&$this, 'admin_init']); 83 add_action('admin_head', [&$this, 'hide_post_title_input']); 84 add_action('admin_head', [&$this, 'remove_mediabuttons']); 85 add_action('admin_enqueue_scripts', [$this, 'print_scripts']); 86 add_action('widgets_init', [$this, 'widgets_init']); 87 add_filter('title_save_pre', [&$this, 'auto_generate_post_title']); 88 add_filter('user_can_richedit', [&$this, 'disable_wysiwyg']); 89 add_filter('post_row_actions', [&$this, 'remove_quick_edit'], 10, 1); 90 add_filter('manage_codes_posts_columns', [&$this, 'manage_codes_columns']); 91 92 add_shortcode('inject', [&$this, 'shortcode']); 93 103 /** 104 * initialize custom post type 105 * @since 2.2.8 106 */ 107 $this->custom_post_type = new WP_CI_Code_Type(); 108 109 110 /** 111 * initialize database 112 * @since 2.2.6 113 */ 114 $this->database = new WP_CI_Database(); 115 116 117 /** 118 * initialize the meta box component 119 * @since 2.2.8 120 */ 121 $this->code_meta_box = new WP_CI_Code_Metabox(self::$text_domain); 122 123 124 125 /** 126 * initialize the assets manager component 127 * @since 2.2.8 128 */ 129 $this->assets_manager = new WP_CI_Assets_Manager(__FILE__ , self::$client_version); 130 131 132 133 // check "Unsafe" settings 134 $use_shortcode = get_option('wp_dcp_unsafe_widgets_shortcodes', 0); 135 136 137 if ($use_shortcode) { 138 139 add_filter('widget_text', 'shortcode_unautop'); 140 141 add_filter('widget_text', 'do_shortcode'); 142 143 } 144 145 146 add_shortcode('inject', [$this, 'ci_shortcode']); 147 148 add_shortcode('unsafe', [$this, 'unsafe_shortcode']); 149 150 add_action('admin_init', [$this, 'admin_init']); 151 152 add_action('widgets_init', [$this, 'widgets_init']); 153 94 154 add_filter('dcp_shortcodes_list', [&$this, 'add_shortcode_to_list']); 95 155 … … 98 158 99 159 /** 100 * Prints admin scripts 160 * "Unsafe" shortcode 161 * @since 2.2.6 162 */ 163 public function unsafe_shortcode($atts = [], $content = null) 164 { 165 166 $use_php = get_option('wp_dcp_unsafe_widgets_php', false); 167 168 if (!$use_php) { 169 170 $this->database->record_activity(1 , null , 1); 171 172 return; 173 174 } 175 176 $ignore_keys = get_option('wp_dcp_unsafe_ignore_keys', false); 177 178 if(!$ignore_keys){ 179 180 extract(shortcode_atts(['key' => ''], $atts)); 181 182 $keys = $this->extract_keys(get_option('wp_dcp_unsafe_keys', '')); 183 184 if (empty($keys) || !in_array($key, $keys)) { 185 186 $this->database->record_activity(1 , $key , 5); 187 188 return; 189 190 } 191 192 } 193 194 $html = $content; 195 196 if (strpos($html, "<" . "?php") !== false) { 197 198 ob_start(); 199 200 eval("?" . ">" . $html); 201 202 try{ 203 204 $html = ob_get_contents(); 205 206 } 207 catch(Exception $ex) 208 { 209 210 $this->database->record_activity(1 , $key , 4); 211 212 return; 213 214 } 215 216 ob_end_clean(); 217 218 } 219 220 return $html; 221 222 } 223 224 225 /** 226 * "CI" shortcode renderer 101 227 * @since 1.0.0 102 228 */ 103 public function print_scripts() 104 { 105 106 if (!$this->is_code_page()) { 229 public function ci_shortcode($atts = [], $content = null) 230 { 231 232 global $post; 233 234 $temp_post = $post; 235 236 extract(shortcode_atts(['id' => ''], $atts)); 237 238 if (empty($id)) 239 { 240 241 $this->database->record_activity(0 , null , 2); 107 242 108 243 return; 109 244 110 245 } 111 112 $ver = $this->get_version(); 113 114 115 wp_enqueue_style('dcp-codemirror', plugins_url('assets/codemirror/lib/codemirror.css', __FILE__), [], $ver, 'all'); 116 wp_enqueue_style('dcp-codemirror-dracula', plugins_url('assets/codemirror/theme/dracula.css', __FILE__), [], $ver, 'all'); 117 wp_enqueue_style('dcp-code-injection', plugins_url('assets/wp-code-injection-admin.css', __FILE__), [], $ver, 'all'); 118 119 //codemirror 120 wp_enqueue_script('dcp-codemirror', plugins_url('assets/codemirror/lib/codemirror.js', __FILE__), ['jquery'], $ver, false); 121 122 // addons 123 wp_enqueue_script('dcp-codemirror-addon-fold', plugins_url('assets/codemirror/addons/fold/xml-fold.js', __FILE__), [], $ver, false); 124 wp_enqueue_script('dcp-codemirror-addon-closebrackets', plugins_url('assets/codemirror/addons/edit/closebrackets.js', __FILE__), [], $ver, false); 125 wp_enqueue_script('dcp-codemirror-addon-matchbrackets', plugins_url('assets/codemirror/addons/edit/matchbrackets.js', __FILE__), [], $ver, false); 126 wp_enqueue_script('dcp-codemirror-addon-matchtags', plugins_url('assets/codemirror/addons/edit/matchtags.js', __FILE__), [], $ver, false); 127 wp_enqueue_script('dcp-codemirror-addon-closetag', plugins_url('assets/codemirror/addons/edit/closetag.js', __FILE__), [], $ver, false); 128 wp_enqueue_script('dcp-codemirror-addon-search', plugins_url('assets/codemirror/addons/search/match-highlighter.js', __FILE__), [], $ver, false); 129 wp_enqueue_script('dcp-codemirror-addon-fullscreen', plugins_url('assets/codemirror/addons/display/fullscreen.js', __FILE__), [], $ver, false); 130 131 //keymap 132 wp_enqueue_script('dcp-codemirror-keymap', plugins_url('assets/codemirror/keymap/sublime.js', __FILE__), [], $ver, false); 133 134 //mode 135 wp_enqueue_script('dcp-codemirror-mode-xml', plugins_url('assets/codemirror/mode/xml/xml.js', __FILE__), [], $ver, false); 136 wp_enqueue_script('dcp-codemirror-mode-js', plugins_url('assets/codemirror/mode/javascript/javascript.js', __FILE__), [], $ver, false); 137 wp_enqueue_script('dcp-codemirror-mode-css', plugins_url('assets/codemirror/mode/css/css.js', __FILE__), [], $ver, false); 138 wp_enqueue_script('dcp-codemirror-mode-htmlmixed', plugins_url('assets/codemirror/mode/htmlmixed/htmlmixed.js', __FILE__), [], $ver, false); 139 wp_enqueue_script('dcp-codemirror-mode-clike', plugins_url('assets/codemirror/mode/clike/clike.js', __FILE__), [], $ver, false); 140 wp_enqueue_script('dcp-codemirror-mode-php', plugins_url('assets/codemirror/mode/php/php.js', __FILE__), [], $ver, false); 141 142 wp_enqueue_script('dcp-code-injection', plugins_url('assets/wp-code-injection-admin.js', __FILE__), [], $ver, false); 143 144 } 145 146 147 148 /** 149 * Add shortcode to the DCP shortcodes list 246 247 248 $code = get_page_by_title($id, OBJECT, 'code'); 249 250 if (is_object($code)) 251 { 252 253 254 /** 255 * checks if code is enabled 256 * @since 2.2.8 257 */ 258 $co = WP_CI_Code_Metabox::get_code_options($code); 259 260 if($co['code_enabled'] == false) 261 { 262 return; 263 } 264 265 266 267 268 269 $render_shortcodes = get_option('wp_dcp_code_injection_allow_shortcode', false); 270 271 $nested_injections = $this->get_shortcode_by_name($code->post_content, 'inject'); 272 273 foreach ($nested_injections as $i) { 274 275 $params = $i['params']; 276 277 if (isset($params['id']) && $params['id'] == $id) { 278 279 $this->database->record_activity(0 , $id , 3, $code->ID); 280 281 return; 282 283 } 284 285 } 286 287 $post = $temp_post; 288 289 if ($render_shortcodes) { 290 291 $this->database->record_activity(0 , $id, 0, $code->ID); 292 293 return do_shortcode($code->post_content); 294 295 } else { 296 297 return $code->post_content; 298 299 } 300 301 } 302 303 } 304 305 /** 306 * Add shortcodes to the DCP shortcodes list 150 307 * @since 1.0.0 151 308 */ … … 153 310 { 154 311 155 $item = [ 156 'template' => "[inject id='']", 157 'description' => __("Injects code snippets into the content", 'code-injection') 312 $list[] = [ 313 'template' => "[inject id='#']", 314 'description' => __("Injects code snippets into the content", self::$text_domain), 315 'readme' => __DIR__ . '/README.md', 316 'example' => __DIR__ . '/EXAMPLE.md' 158 317 ]; 159 318 160 if (!is_array($list)) { 161 return [$item]; 162 } 163 164 return array_merge($list, [$item]); 165 166 } 167 319 $list[] = [ 320 'template' => "[unsafe key='#']", 321 'description' => __("Allows to use of PHP syntaxes", self::$text_domain), 322 'readme' => __DIR__ . '/README.md', 323 'example' => __DIR__ . '/EXAMPLE.md' 324 ]; 325 326 return $list; 327 328 } 329 330 331 /** 332 * Update users capabilities 333 * @since 2.2.6 334 */ 335 private function update_caps(){ 336 337 $roles = ['developer' , 'administrator']; 338 339 foreach($roles as $role){ 340 341 $ur = get_role($role); 342 343 if(!isset($ur)){ 344 345 continue; 346 347 } 348 349 foreach ( [ 'publish', 'delete', 'delete_others', 'delete_private', 350 'delete_published', 'edit', 'edit_others', 'edit_private', 351 'edit_published', 'read_private' 352 ] as $cap ) { 353 354 $ur->add_cap( "{$cap}_code" ); 355 $ur->add_cap( "{$cap}_codes" ); 356 357 } 358 359 } 360 361 } 168 362 169 363 /** … … 174 368 { 175 369 176 if (!is_super_admin()) {177 return; 178 } 370 $this->register_roles(); 371 372 $this->update_caps(); 179 373 180 374 // checks for control panel plugin … … 184 378 global $_DCP_PLUGINS; 185 379 186 // control panel will take owner ofsetting section380 // control panel will take setting section 187 381 188 382 $group = 'dcp-settings-general'; 189 383 190 array_push($_DCP_PLUGINS, ['slug' => 'code-injection', 'version' => $this->get_version()]);384 array_push($_DCP_PLUGINS, ['slug' => self::$text_domain, 'version' => $this->get_version()]); 191 385 192 386 } else { … … 197 391 198 392 199 register_setting($group, 'wp_dcp_code_injection_allow_shortcode', ['default' => false]); 200 393 // settings section 201 394 add_settings_section( 202 395 'wp_code_injection_plugin', 203 __('Code Injection', 'code-injection') . "<span class=\"gdcp-version-box wp-ui-notification\">" . ($group != 'general' ? $this->get_version() : '') . "<span>",396 __('Code Injection', self::$text_domain) . "<span class=\"gdcp-version-box wp-ui-notification\">" . $this->get_version() . "<span>", 204 397 [&$this, 'settings_section_cb'], 205 398 $group 206 399 ); 207 400 401 402 403 // register "CI" settings 404 register_setting($group, 'wp_dcp_code_injection_allow_shortcode', ['default' => false]); 405 406 // register "Unsafe" settings 407 register_setting($group, 'wp_dcp_unsafe_widgets_shortcodes', ['default' => false]); 408 register_setting($group, 'wp_dcp_unsafe_keys', ['default' => '']); 409 register_setting($group, 'wp_dcp_unsafe_widgets_php', ['default' => false]); 410 register_setting($group, 'wp_dcp_unsafe_ignore_keys', ['default' => false]); 411 412 413 414 // "CI" fields 208 415 add_settings_field( 209 416 'wp_dcp_code_injection_allow_shortcode', 210 __(" Accessibility", 'code-injection'),417 __("Shortcodes", self::$text_domain), 211 418 [&$this, 'settings_field_cb'], 212 419 $group, … … 215 422 ); 216 423 217 } 424 425 // "Unsafe fields" 426 add_settings_field( 427 'wp_dcp_unsafe_widgets_shortcodes', 428 "", 429 [&$this, 'settings_field_cb'], 430 $group, 431 'wp_code_injection_plugin', 432 ['label_for' => 'wp_dcp_unsafe_widgets_shortcodes'] 433 ); 434 435 add_settings_field( 436 'wp_dcp_unsafe_widgets_php', 437 "", 438 [&$this, 'settings_field_cb'], 439 $group, 440 'wp_code_injection_plugin', 441 ['label_for' => 'wp_dcp_unsafe_widgets_php'] 442 ); 443 444 add_settings_field( 445 'wp_dcp_unsafe_ignore_keys', 446 __("Activator Keys", self::$text_domain), 447 [&$this, 'settings_field_cb'], 448 $group, 449 'wp_code_injection_plugin', 450 ['label_for' => 'wp_dcp_unsafe_ignore_keys'] 451 ); 452 453 add_settings_field( 454 'wp_dcp_unsafe_keys', 455 "", 456 [&$this, 'settings_field_cb'], 457 $group, 458 'wp_code_injection_plugin', 459 ['label_for' => 'wp_dcp_unsafe_keys'] 460 ); 461 462 463 464 } 465 218 466 219 467 /** 220 468 * Settings section header 221 469 * @since 1.0.0 222 */ 470 */ 223 471 public function settings_section_cb() 224 472 { 225 226 echo "<p>" . __("General Settings", 'code-injection') . "</p>"; 473 474 ?> 475 <table class="form-table"> 476 <tbody> 477 <tr> 478 <th scope="row"> 479 <label> 480 <?php _e("Bug & Issues Reporting"); ?> 481 </label> 482 </th> 483 <td> 484 <?php _e("<p>If you faced any issues, please tell us on <strong><a target=\"_blank\" href=\"https://github.com/Rmanaf/wp-code-injection/issues/new\">Github</a></strong>"); ?> 485 </td> 486 </tr> 487 </tbody> 488 </table> 489 <?php 490 } 491 492 493 /** 494 * Retrieve keys from string 495 * @since 2.2.6 496 */ 497 private function extract_keys($text) 498 { 499 500 return array_filter(explode(',', $text), function ($elem) { 501 502 return preg_replace('/\s/', '', $elem); 503 504 }); 227 505 228 506 } 229 507 230 508 /** 231 * Settings section509 * Settings fields callback 232 510 * @since 1.0.0 233 511 */ … … 236 514 237 515 switch ($args['label_for']) { 516 238 517 case 'wp_dcp_code_injection_allow_shortcode': 239 518 … … 242 521 ?> 243 522 <label> 244 <input type="checkbox" value="1" id="wp_dcp_code_injection_allow_shortcode" name="wp_dcp_code_injection_allow_shortcode" <?php checked($nested_shortcode 245 <?php _e(" Allow rendering nested shortcodes", 'code-injection'); ?>523 <input type="checkbox" value="1" id="wp_dcp_code_injection_allow_shortcode" name="wp_dcp_code_injection_allow_shortcode" <?php checked($nested_shortcode, true); ?> /> 524 <?php _e("Render nested shortcodes in <code>[inject]</code>", self::$text_domain); ?> 246 525 </label> 247 526 <?php 248 527 break; 249 } 250 251 } 252 253 254 255 /** 256 * Rename header of title column to ID 257 * @since 1.0.0 258 */ 259 public function manage_codes_columns($columns) 260 { 261 262 $columns['title'] = "ID"; 263 264 return $columns; 265 266 } 267 268 269 /** 270 * Disable quick edit button 271 * @since 1.0.0 272 */ 273 public function remove_quick_edit($actions) 274 { 275 276 if (isset($_GET['post_type']) && $_GET['post_type'] == 'codes') { 277 unset($actions['inline hide-if-no-js']); 278 } 279 280 return $actions; 281 282 } 283 284 285 /** 286 * Hide post title input 287 * @since 1.0.0 288 */ 289 public function hide_post_title_input() 290 { 291 292 if ($this->is_code_page()) : 293 ?> 294 <style>#titlediv{display:none;}</style> 295 <?php 296 endif; 528 529 case 'wp_dcp_unsafe_keys': 530 531 $keys = get_option('wp_dcp_unsafe_keys', ''); 532 533 ?> 534 <p class="ack-head-wrapper"><span class="ack-header"><strong><?php _e("Keys:", "code-injection"); ?></strong></span><a class="button ack-new" href="javascript:void(0);" id="wp_dcp_generate_key">Generate</a><p> 535 <textarea data-placeholder="Enter Keys:" class="large-text code" id="wp_dcp_unsafe_keys" name="wp_dcp_unsafe_keys"><?php echo $keys; ?></textarea> 536 <dl> 537 <dd> 538 <p class="description"> 539 <?php _e("Enter an unique and strong key that contains digits and characters.", self::$text_domain); ?> 540 </p> 541 </dd> 542 </dl> 543 <?php 544 break; 545 546 case 'wp_dcp_unsafe_ignore_keys': 547 548 $ignore_keys = get_option('wp_dcp_unsafe_ignore_keys', false); 549 550 ?> 551 <label> 552 <input type="checkbox" value="1" id="wp_dcp_unsafe_ignore_keys" name="wp_dcp_unsafe_ignore_keys" <?php checked($ignore_keys, true); ?> /> 553 <?php _e("Ignore activator keys", self::$text_domain); ?> 554 </label> 555 <dl> 556 <dd> 557 <p class="description"> 558 <?php _e("Please consider that ignoring the activator keys, will result in the injection of malicious codes into your website.", self::$text_domain); ?> 559 </p> 560 </dd> 561 </dl> 562 <?php 563 break; 564 565 case 'wp_dcp_unsafe_widgets_shortcodes': 566 567 $shortcodes_enabled = get_option('wp_dcp_unsafe_widgets_shortcodes', false); 568 569 ?> 570 <label> 571 <input type="checkbox" value="1" id="wp_dcp_unsafe_widgets_shortcodes" name="wp_dcp_unsafe_widgets_shortcodes" <?php checked($shortcodes_enabled, true); ?> /> 572 <?php _e("Render shortcodes in <strong>Custom HTML</strong> widget", self::$text_domain); ?> 573 </label> 574 <?php 575 break; 576 577 case 'wp_dcp_unsafe_widgets_php': 578 579 $php_enabled = get_option('wp_dcp_unsafe_widgets_php', false); 580 581 ?> 582 <label> 583 <input type="checkbox" value="1" id="wp_dcp_unsafe_widgets_php" name="wp_dcp_unsafe_widgets_php" <?php checked($php_enabled, true); ?> /> 584 <?php _e("Enable <code>[unsafe key='']</code> shortcode", self::$text_domain); ?> 585 </label> 586 <dl> 587 <dd> 588 <p class="description"> 589 <?php _e("By default, <code>[inject]</code> just renders HTML content.", self::$text_domain); ?> 590 </p> 591 </dd> 592 <dd> 593 <p class="description"> 594 <?php _e("In order to run PHP codes, You have to enable <code>[unsafe]</code> shortcode.</li>", self::$text_domain); ?> 595 </p> 596 </dd> 597 <dd> 598 <p class="description"> 599 <?php _e("Please notice that each unsafe section require an <strong>Activator Key</strong> for security purposes.</li>", self::$text_domain); ?> 600 </p> 601 </dd> 602 </dl> 603 <?php 604 break; 605 606 607 } 297 608 298 609 } … … 302 613 { 303 614 304 if (current_user_can('edit_theme_options')) { 305 306 register_widget('Wp_Code_Injection_Plugin_Widget'); 307 308 } 309 310 } 311 312 313 314 /** 315 * Checks if is in post edit page 316 * @since 1.0.0 317 */ 318 private function is_edit_page($new_edit = null) 319 { 320 321 global $pagenow; 322 323 324 if (!is_admin()) return false; 325 326 327 if ($new_edit == "edit") 328 return in_array($pagenow, array('post.php', )); 329 elseif ($new_edit == "new") 330 return in_array($pagenow, array('post-new.php')); 331 else 332 return in_array($pagenow, array('post.php', 'post-new.php')); 333 334 } 335 336 337 /** 338 * Checks if is in code edit/new page 339 * @since 1.0.0 340 */ 341 private function is_code_page() 342 { 343 344 if ($this->is_edit_page('new')) { 345 if (isset($_GET['post_type']) && $_GET['post_type'] == 'codes') { 346 return true; 347 } 348 } 349 350 if ($this->is_edit_page('edit')) { 351 352 global $post; 353 354 if ('codes' == get_post_type($post)) { 355 return true; 356 } 357 358 } 359 360 return false; 361 362 } 363 364 365 366 /** 367 * Disable Media button 368 * @since 1.0.0 369 */ 370 public function remove_mediabuttons() 371 { 372 373 if ($this->is_code_page()) { 374 375 remove_action('media_buttons', 'media_buttons'); 376 377 } 378 379 } 380 381 382 /** 383 * Disable visual editor 384 * @since 1.0.0 385 */ 386 public function disable_wysiwyg($default) 387 { 388 389 if ($this->is_code_page()) { 390 return false; 391 } 392 393 return $default; 394 395 } 396 397 398 /** 399 * Shortcode renderer 400 * @since 1.0.0 401 */ 402 public function shortcode($atts = [], $content = null) 403 { 404 405 extract(shortcode_atts(['id' => ''], $atts)); 406 407 if (empty($id)) { 408 409 return; 410 411 } 412 413 $code = get_page_by_title($id, OBJECT, 'codes'); 414 415 if (is_object($code)) { 416 417 $render_shortcodes = get_option('wp_dcp_code_injection_allow_shortcode', false); 418 419 $nested_injections = $this->get_shortcode_by_name($code->post_content, 'inject'); 420 421 foreach ($nested_injections as $i) { 422 423 $params = $i['params']; 424 425 if (isset($params['id']) && $params['id'] == $id) { 426 427 return ''; 428 429 } 430 431 } 432 433 if ($render_shortcodes) { 434 435 return do_shortcode($code->post_content); 436 437 } else { 438 439 return $code->post_content; 440 441 } 442 443 } 444 445 } 615 register_widget('Wp_Code_Injection_Plugin_Widget'); 616 617 } 618 446 619 447 620 … … 486 659 487 660 488 /** 489 * Generate title 490 * @since 1.0.0 491 */ 492 public function auto_generate_post_title($title) 493 { 494 495 global $post; 496 497 if (isset($post->ID)) { 498 499 if (empty($_POST['post_title']) && 'codes' == get_post_type($post->ID)) { 500 501 $title = 'code-' . md5(uniqid(rand(), true)); 502 503 } 504 } 505 506 return $title; 507 508 } 509 510 511 512 /** 513 * Create CPT 514 * @since 1.0.0 515 */ 516 public function create_posttype() 517 { 518 519 $lables = [ 520 'name' => __('Codes', 'code-injection'), 521 'singular_name' => __('Code', 'code-injection'), 522 'add_new_item' => __('Add New Code', 'code-injection'), 523 'edit_item' => __('Edit Code', 'code-injection'), 524 'new_item' => __('New Code', 'code-injection'), 525 'search_items ' => __('Search Codes', 'code-injection'), 526 'not_found' => __('No codes found', 'code-injection'), 527 'not_found_in_trash ' => __('No codes found in Trash', 'code-injection'), 528 'all_items' => __('All Codes', 'code-injection') 529 ]; 530 531 register_post_type( 532 'Codes', 661 662 /** 663 * generates random unique ID 664 * @since 2.2.8 665 */ 666 public static function generate_id($prefix = '') 667 { 668 669 return $prefix . md5(uniqid(rand(0,1), true)); 670 671 } 672 673 674 675 /** 676 * Register developer role 677 * @since 2.2.6 678 */ 679 private function register_roles() 680 { 681 682 $role_version = get_option( 'wp_dcp_code_injection_role_version', '' ); 683 684 if($role_version == self::$role_version){ 685 686 return; 687 688 } 689 690 $developer = get_role( 'developer' ); 691 692 if(isset($developer)){ 693 694 remove_role( 'developer' ); 695 696 } 697 698 add_role('developer', 699 __('Developer' , self::$text_domain), 533 700 [ 534 'menu_icon' => 'dashicons-editor-code', 535 'labels' => $lables, 536 'public' => false, 537 'show_ui' => true, 538 'rewrite' => false, 539 'query_var' => false, 540 'exclude_from_search' => true, 541 'publicly_queryable' => false, 542 'supports' => ['author', 'revisions', 'title', 'editor'], 543 'capabilities' => [ 544 'edit_post' => 'update_core', 545 'read_post' => 'update_core', 546 'delete_post' => 'update_core', 547 'edit_posts' => 'update_core', 548 'edit_others_posts' => 'update_core', 549 'delete_posts' => 'update_core', 550 'publish_posts' => 'update_core', 551 'read_private_posts' => 'update_core' 552 ], 553 'can_export' => true 701 'read' => true, 702 'edit_posts' => false, 703 'delete_posts' => false, 704 'publish_posts' => false, 705 'upload_files' => true, 554 706 ] 555 707 ); 556 708 557 709 558 } 710 update_option( 'wp_dcp_code_injection_role_version', self::$role_version ); 711 712 } 713 559 714 560 715 /** … … 578 733 flush_rewrite_rules(); 579 734 735 remove_role('developer'); 736 580 737 } 581 738 … … 584 741 * @since 1.0.0 585 742 */ 586 p rivatefunction get_version()743 public static function get_version() 587 744 { 588 745 … … 590 747 591 748 } 749 592 750 } 593 751 }
Note: See TracChangeset
for help on using the changeset viewer.