PluginProbe ʕ •ᴥ•ʔ
Advanced Ads – Ad Manager & AdSense / 1.40.0
Advanced Ads – Ad Manager & AdSense v1.40.0
2.0.23 2.0.22 2.0.21 1.38.0 1.39.0 1.39.1 1.39.2 1.39.3 1.39.4 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.40.0 1.40.1 1.40.2 1.41.0 1.42.0 1.42.1 1.42.2 1.43.0 1.44.0 1.44.1 1.45.0 1.45.1 1.46.0 1.47.0 1.47.1 1.47.2 1.47.3 1.47.4 1.47.5 1.48.0 1.48.1 1.49.0 1.5.0 1.5.0.1 1.5.1 1.5.2 1.5.2.1 1.5.4 1.5.4.1 1.5.5 1.50.0 1.51.0 1.51.1 1.51.2 1.51.3 1.52.0 1.52.1 1.52.2 1.52.3 1.52.4 1.53.0 1.53.1 1.53.2 1.54.0 1.54.1 1.55.0 1.56.0 1.56.1 1.56.2 1.56.3 1.56.4 1.6 1.6.1 1.6.10 1.6.10.1 1.6.10.2 1.6.11 1.6.11.1 1.6.12 1.6.13 1.6.14 1.6.15 1.6.16 1.6.17 1.6.17.1 1.6.17.2 1.6.2 1.6.2.1 1.6.3 1.6.4 1.6.4.1 1.6.5 1.6.6 1.6.6.1 1.6.7 1.6.7.1 1.6.8 1.6.8.1 1.6.8.2 1.6.8.3 1.6.9 1.6.9.1 1.6.9.2 1.6.9.3 1.6.9.4 1.7 1.7.0.1 1.7.0.2 1.7.0.3 1.7.1 1.7.1.1 1.7.1.2 1.7.1.3 1.7.1.4 1.7.1.5 1.7.10 trunk 1.7.11 1.0.1 1.7.12 1.0.2 1.7.13 1.0.3 1.7.14 1.1.0 1.7.15 1.1.1 1.7.16 1.1.2 1.7.17 1.1.3 1.7.18 1.10 1.7.19 1.10.1 1.7.2 1.10.10 1.7.2.1 1.10.11 1.7.20 1.10.12 1.7.21 1.10.2 1.7.22 1.10.3 1.7.23 1.10.4 1.7.24 1.10.5 1.7.25 1.10.6 1.7.3 1.10.7 1.7.4 1.10.8 1.7.4.1 1.10.9 1.7.4.2 1.11 1.7.4.3 1.11.1 1.7.4.4 1.11.2 1.7.4.5 1.12 1.7.5 1.13 1.7.5.1 1.13.1 1.7.6 1.13.2 1.7.7 1.13.3 1.7.8 1.13.4 1.7.9 1.13.5 1.7.9.1 1.13.6 1.7.9.2 1.13.7 1.7.9.3 1.13.8 1.8 1.14 1.8.1 1.14.1 1.8.10 1.14.10 1.8.11 1.14.11 1.8.12 1.14.2 1.8.13 1.14.3 1.8.14 1.14.4 1.8.15 1.14.5 1.8.16 1.14.6 1.8.17 1.14.7 1.8.18 1.14.8 1.8.19 1.14.9 1.8.2 1.15 1.8.20 1.16 1.8.21 1.16.1 1.8.22 1.17 1.8.23 1.17.1 1.8.24 1.17.10 1.8.25 1.17.10-rc.1 1.8.26 1.17.11 1.8.27 1.17.12 1.8.28 1.17.12-rc.1 1.8.29 1.17.2 1.8.3 1.17.3 1.8.30 1.17.4 1.8.4 1.17.5 1.8.5 1.17.6 1.8.6 1.17.7 1.8.7 1.17.8 1.8.8 1.17.9 1.8.9 1.17.9-beta.1 1.9 1.18.0 2.0.0 1.19.0 2.0.1 1.19.1 2.0.10 1.2 2.0.11 1.2.1 2.0.12 1.2.2 2.0.13 1.2.3 2.0.14 1.2.4 2.0.15 1.2.5 2.0.16 1.2.6 2.0.17 1.2.7 2.0.18 1.20.0 2.0.19 1.20.0-rc.1 2.0.2 1.20.0-rc.2 2.0.20 1.20.1 2.0.3 1.20.2 2.0.4 1.20.3 2.0.5 1.21.0 2.0.6 1.21.1 2.0.7 1.22.0 2.0.8 1.22.1 2.0.9 1.22.2 1.23.0 1.23.1 1.23.2 1.24.0 1.24.1 1.24.2 1.25.0 1.25.1 1.26.0 1.27.0 1.28.0 1.29.0 1.29.1 1.3 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.30.0 1.30.1 1.30.2 1.30.2-rc.1 1.30.3 1.30.4 1.30.4-rc.1 1.30.5 1.31.0 1.31.1 1.32.0 1.32.0-rc.1 1.33.0 1.33.1 1.33.2 1.34.0 1.35.0 1.35.1 1.36.0 1.36.1 1.36.2 1.36.3 1.37.0 1.37.1 1.37.2
advanced-ads / classes / ad_type_plain.php
advanced-ads / classes Last commit date
Advanced_Ads_Modal.php 3 years ago EDD_SL_Plugin_Updater.php 4 years ago ad-ajax.php 3 years ago ad-debug.php 3 years ago ad-expiration.php 3 years ago ad-health-notices.php 3 years ago ad-model.php 3 years ago ad-select.php 3 years ago ad.php 3 years ago ad_ajax_callbacks.php 3 years ago ad_group.php 3 years ago ad_placements.php 3 years ago ad_type_abstract.php 3 years ago ad_type_content.php 3 years ago ad_type_dummy.php 3 years ago ad_type_group.php 3 years ago ad_type_image.php 3 years ago ad_type_plain.php 3 years ago checks.php 3 years ago compatibility.php 3 years ago display-conditions.php 3 years ago filesystem.php 3 years ago frontend-notices.php 3 years ago frontend_checks.php 3 years ago in-content-injector.php 3 years ago inline-css.php 3 years ago plugin.php 3 years ago upgrades.php 6 years ago utils.php 3 years ago visitor-conditions.php 3 years ago widget.php 3 years ago
ad_type_plain.php
313 lines
1 <?php
2
3 /**
4 * Advanced Ads Plain Ad Type
5 *
6 * @package Advanced_Ads
7 * @author Thomas Maier <support@wpadvancedads.com>
8 * @license GPL-2.0+
9 * @link https://wpadvancedads.com
10 * @copyright 2014 Thomas Maier, Advanced Ads GmbH
11 *
12 * Class containing information about the plain text/code ad type
13 *
14 * see ad-type-content.php for a better sample on ad type
15 */
16 class Advanced_Ads_Ad_Type_Plain extends Advanced_Ads_Ad_Type_Abstract {
17
18 /**
19 * ID - internal type of the ad type
20 *
21 * @var string $ID ad type id.
22 */
23 public $ID = 'plain';
24
25 /**
26 * Set basic attributes
27 */
28 public function __construct() {
29 $this->title = __( 'Plain Text and Code', 'advanced-ads' );
30 $this->description = __( 'Any ad network, Amazon, customized AdSense codes, shortcodes, and code like JavaScript, HTML or PHP.', 'advanced-ads' );
31 $this->parameters = [
32 'content' => '',
33 ];
34 }
35
36 /**
37 * Output for the ad parameters metabox
38 *
39 * This will be loaded using ajax when changing the ad type radio buttons
40 * echo the output right away here
41 * name parameters must be in the "advanced_ads" array
42 *
43 * @param Advanced_Ads_Ad $ad Advanced_Ads_Ad.
44 */
45 public function render_parameters( $ad ) {
46 // Load content.
47 $content = ( isset( $ad->content ) ) ? $ad->content : '';
48
49 ?><p class="description"><?php esc_html_e( 'Insert plain text or code into this field.', 'advanced-ads' ); ?></p>
50 <?php $this->error_unfiltered_html( $ad ); ?>
51 <textarea
52 id="advads-ad-content-plain"
53 cols="40"
54 rows="10"
55 name="advanced_ad[content]"
56 onkeyup="Advanced_Ads_Admin.check_ad_source()"
57 ><?php echo esc_textarea( $content ); ?></textarea>
58 <?php include ADVADS_BASE_PATH . 'admin/views/ad-info-after-textarea.php'; ?>
59 <input type="hidden" name="advanced_ad[output][allow_php]" value="0"/>
60
61 <?php
62
63 $this->render_php_allow( $ad );
64 $this->render_shortcodes_allow( $ad );
65 ?>
66 <script>jQuery( function () { Advanced_Ads_Admin.check_ad_source() } )</script>
67 <?php
68 }
69
70 /**
71 * Render php output field
72 *
73 * @param object $ad Advanced_Ads_Ad object.
74 */
75 public function render_php_allow( $ad ) {
76 $content = ( isset( $ad->content ) ) ? $ad->content : '';
77
78 // Check if php is allowed.
79 if ( isset( $ad->output['allow_php'] ) ) {
80 $allow_php = absint( $ad->output['allow_php'] );
81 } else {
82 /**
83 * For compatibility for ads with PHP added prior to 1.3.18
84 * check if there is php code in the content
85 */
86 $allow_php = preg_match( '/<\?php/', $content );
87 }
88 ?>
89 <label class="label" for="advads-parameters-php"><?php esc_html_e( 'Allow PHP', 'advanced-ads' ); ?></label>
90 <div>
91 <input id="advads-parameters-php" type="checkbox" name="advanced_ad[output][allow_php]" value="1" <?php checked( 1, $allow_php ); ?> onChange="Advanced_Ads_Admin.check_ad_source();" <?php disabled( ! $this->is_php_globally_allowed() ); ?>/>
92 <span class="advads-help">
93 <span class="advads-tooltip">
94 <?php
95 echo wp_kses(
96 __( 'Execute PHP code (wrapped in <code>&lt;?php ?&gt;</code>)', 'advanced-ads' ),
97 [
98 'code' => [],
99 ]
100 );
101 ?>
102 </span>
103 </span>
104 <?php if ( ! $this->is_php_globally_allowed() ) : ?>
105 <p class="advads-notice-inline advads-error">
106 <?php
107 printf(
108 /* translators: The name of the constant preventing PHP execution */
109 esc_html__( 'Executing PHP code has been disallowed by %s', 'advanced-ads' ),
110 sprintf( '<code>%s</code>', defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ? 'DISALLOW_FILE_EDIT' : 'ADVANCED_ADS_DISALLOW_PHP' )
111 );
112 ?>
113 </p>
114 <?php else : ?>
115 <p class="advads-notice-inline advads-error" id="advads-allow-php-warning" style="display:none;">
116 <?php esc_html_e( 'Using PHP code can be dangerous. Please make sure you know what you are doing.', 'advanced-ads' ); ?>
117 </p>
118 <?php endif; ?>
119 <p class="advads-notice-inline advads-error" id="advads-parameters-php-warning" style="display:none;">
120 <?php esc_html_e( 'No PHP tag detected in your code.', 'advanced-ads' ); ?> <?php esc_html_e( 'Uncheck this checkbox for improved performance.', 'advanced-ads' ); ?>
121 </p>
122 </div>
123 <hr/>
124 <?php
125 }
126
127 /**
128 * Render allow shortcodes field.
129 *
130 * @param object $ad Advanced_Ads_Ad object.
131 */
132 public function render_shortcodes_allow( $ad ) {
133 $allow_shortcodes = ! empty( $ad->output['allow_shortcodes'] );
134 ?>
135 <label class="label"
136 for="advads-parameters-shortcodes"><?php esc_html_e( 'Execute shortcodes', 'advanced-ads' ); ?></label>
137 <div>
138 <input id="advads-parameters-shortcodes" type="checkbox" name="advanced_ad[output][allow_shortcodes]"
139 value="1"
140 <?php
141 checked( 1, $allow_shortcodes );
142 ?>
143 onChange="Advanced_Ads_Admin.check_ad_source();"/>
144 <p class="advads-notice-inline advads-error" id="advads-parameters-shortcodes-warning"
145 style="display:none;"><?php esc_html_e( 'No shortcode detected in your code.', 'advanced-ads' ); ?> <?php esc_html_e( 'Uncheck this checkbox for improved performance.', 'advanced-ads' ); ?></p>
146 </div>
147 <hr/>
148 <?php
149 }
150
151 /**
152 * Prepare the ads frontend output
153 *
154 * @param Advanced_Ads_Ad $ad ad object.
155 *
156 * @return string $content ad content prepared for frontend output.
157 * @since 1.0.0
158 */
159 public function prepare_output( $ad ) {
160 $content = $ad->content;
161
162 // Evaluate the code as PHP if setting was never saved or is allowed.
163 if ( ( ! isset( $ad->output['allow_php'] ) || $ad->output['allow_php'] ) && $this->is_php_globally_allowed() ) {
164 ob_start();
165 // This code only runs if the "Allow PHP" option for plain text ads was enabled.
166 // phpcs:ignore Squiz.PHP.Eval.Discouraged -- this is specifically eval'd so allow eval here.
167 eval( '?>' . $ad->content );
168 $content = ob_get_clean();
169 }
170
171 if ( ! is_string( $content ) ) {
172 return '';
173 }
174
175 /**
176 * Apply do_blocks if the content has block code
177 * works with WP 5.0.0 and later
178 */
179 if ( function_exists( 'has_blocks' ) && has_blocks( $content ) ) {
180 $content = do_blocks( $content );
181 }
182
183 if ( ! empty( $ad->output['allow_shortcodes'] ) ) {
184 $content = $this->do_shortcode( $content, $ad );
185 }
186
187 // Add 'loading' attribute if applicable, available from WP 5.5.
188 if (
189 function_exists( 'wp_lazy_loading_enabled' )
190 && wp_lazy_loading_enabled( 'img', 'the_content' )
191 && preg_match_all( '/<img\s[^>]+>/', $content, $matches )
192 ) {
193 // iterate images.
194 foreach ( $matches[0] as $image ) {
195 // skip if it already has the loading attribute.
196 if ( strpos( $image, 'loading=' ) !== false ) {
197 continue;
198 }
199
200 // replace the image string.
201 $content = str_replace( $image, wp_img_tag_add_loading_attr( $image, 'the_content' ), $content );
202 }
203 }
204
205 return (
206 (
207 ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) ||
208 ! $this->author_can_unfiltered_html( (int) get_post_field( 'post_author', $ad->id ) )
209 )
210 && version_compare( $ad->options( 'last_save_version', '0' ), '1.35.0', 'ge' )
211 )
212 ? wp_kses( $content, wp_kses_allowed_html( 'post' ) )
213 : $content;
214 }
215
216 /**
217 * Check if php execution is globally forbidden.
218 *
219 * @return bool
220 */
221 private function is_php_globally_allowed() {
222 return ! ( defined( 'ADVANCED_ADS_DISALLOW_PHP' ) && ADVANCED_ADS_DISALLOW_PHP )
223 && ! ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT );
224 }
225
226 /**
227 * Check if we're on an ad edit screen, if yes and the user does not have `unfiltered_html` permissions,
228 * show an admin notice.
229 *
230 * @param Advanced_Ads_Ad $ad the current ad object.
231 *
232 * @return void
233 */
234 protected function error_unfiltered_html( Advanced_Ads_Ad $ad ) {
235 $author_id = (int) get_post_field( 'post_author', $ad->id );
236 $current_user_id = get_current_user_id();
237
238 if ($this->author_can_unfiltered_html($author_id)) {
239 return;
240 }
241
242 ?>
243 <p class="advads-notice-inline advads-error">
244 <?php
245 if ( $author_id === $current_user_id ) {
246 esc_html_e( 'You do not have sufficient permissions to include all HTML tags.', 'advanced-ads' );
247 } else {
248 esc_html_e( 'The creator of the ad does not have sufficient permissions to include all HTML tags.', 'advanced-ads' );
249 if ( current_user_can( 'unfiltered_html' ) && $this->user_has_role_on_site() ) {
250 printf( '<button type="button" onclick="(()=>Advanced_Ads_Admin.reassign_ad(%d))();" class="button button-primary">%s</button>', $current_user_id, esc_html__( 'Assign ad to me', 'advanced-ads' ) );
251 }
252 }
253 ?>
254 <a href="<?php echo esc_url( ADVADS_URL ) . '/manual/ad-types/#Plain_Text_and_Code'; ?>" target="_blank" rel="noopener">
255 <?php esc_html_e( 'Manual', 'advanced-ads' ); ?>
256 </a>
257 </p>
258 <?php
259 }
260
261 /**
262 * Check if the ad content needs filtering.
263 *
264 * @param string $content The parsed ad content.
265 * @deprecated
266 *
267 * @return string
268 */
269 protected function kses_ad( $content ) {
270 return $content;
271 }
272
273 /**
274 * Check if the author of the ad can use unfiltered_html.
275 *
276 * @param int $author_id User ID of the ad author.
277 *
278 * @return bool
279 */
280 private function author_can_unfiltered_html( $author_id ) {
281 if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) {
282 return false;
283 }
284
285 $unfiltered_allowed = user_can( $author_id, 'unfiltered_html' );
286 if ( $unfiltered_allowed || ! is_multisite() ) {
287 return $unfiltered_allowed;
288 }
289
290 $options = Advanced_Ads::get_instance()->options();
291 if ( ! isset( $options['allow-unfiltered-html'] ) ) {
292 $options['allow-unfiltered-html'] = [];
293 }
294 $allowed_roles = $options['allow-unfiltered-html'];
295 $user = get_user_by( 'id', $author_id );
296
297 return ! empty( array_intersect( $user->roles, $allowed_roles ) );
298 }
299
300 /**
301 * Check if the current user has a role on this site.
302 *
303 * @return bool
304 */
305 private function user_has_role_on_site() {
306 return in_array(
307 get_current_blog_id(),
308 wp_list_pluck( get_blogs_of_user( get_current_user_id() ), 'userblog_id' ),
309 true
310 );
311 }
312 }
313