Advanced_Ads_Modal.php
2 years ago
EDD_SL_Plugin_Updater.php
2 years ago
ad-ajax.php
2 years ago
ad-debug.php
2 years ago
ad-expiration.php
3 years ago
ad-health-notices.php
2 years ago
ad-model.php
2 years ago
ad-select.php
3 years ago
ad.php
2 years ago
ad_ajax_callbacks.php
2 years ago
ad_group.php
2 years ago
ad_placements.php
2 years ago
ad_type_abstract.php
2 years ago
ad_type_content.php
2 years ago
ad_type_dummy.php
2 years ago
ad_type_group.php
2 years ago
ad_type_image.php
2 years ago
ad_type_plain.php
2 years ago
checks.php
2 years ago
class-translation-promo.php
2 years ago
compatibility.php
2 years ago
display-conditions.php
2 years ago
filesystem.php
2 years ago
frontend_checks.php
2 years ago
in-content-injector.php
2 years ago
inline-css.php
2 years ago
plugin.php
2 years ago
upgrades.php
2 years ago
utils.php
3 years ago
visitor-conditions.php
2 years ago
widget.php
2 years ago
ad_type_plain.php
313 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Advanced Ads Plain Ad Type |
| 5 | * |
| 6 | * @package Advanced_Ads |
| 7 | * @author Thomas Maier <support@wpadvancedads.com> |
| 8 | * @license GPL-2.0+ |
| 9 | * @link https://wpadvancedads.com |
| 10 | * @copyright 2014 Thomas Maier, Advanced Ads GmbH |
| 11 | * |
| 12 | * Class containing information about the plain text/code ad type |
| 13 | * |
| 14 | * see ad-type-content.php for a better sample on ad type |
| 15 | */ |
| 16 | class Advanced_Ads_Ad_Type_Plain extends Advanced_Ads_Ad_Type_Abstract { |
| 17 | |
| 18 | /** |
| 19 | * ID - internal type of the ad type |
| 20 | * |
| 21 | * @var string $ID ad type id. |
| 22 | */ |
| 23 | public $ID = 'plain'; |
| 24 | |
| 25 | /** |
| 26 | * Set basic attributes |
| 27 | */ |
| 28 | public function __construct() { |
| 29 | $this->title = __( 'Plain Text and Code', 'advanced-ads' ); |
| 30 | $this->description = __( 'Any ad network, Amazon, customized AdSense codes, shortcodes, and code like JavaScript, HTML or PHP.', 'advanced-ads' ); |
| 31 | $this->parameters = [ |
| 32 | 'content' => '', |
| 33 | ]; |
| 34 | } |
| 35 | |
| 36 | /** |
| 37 | * Output for the ad parameters metabox |
| 38 | * |
| 39 | * This will be loaded using ajax when changing the ad type radio buttons |
| 40 | * echo the output right away here |
| 41 | * name parameters must be in the "advanced_ads" array |
| 42 | * |
| 43 | * @param Advanced_Ads_Ad $ad Advanced_Ads_Ad. |
| 44 | */ |
| 45 | public function render_parameters( $ad ) { |
| 46 | // Load content. |
| 47 | $content = ( isset( $ad->content ) ) ? $ad->content : ''; |
| 48 | |
| 49 | ?><p class="description"><?php esc_html_e( 'Insert plain text or code into this field.', 'advanced-ads' ); ?></p> |
| 50 | <?php $this->error_unfiltered_html( $ad ); ?> |
| 51 | <textarea |
| 52 | id="advads-ad-content-plain" |
| 53 | cols="40" |
| 54 | rows="10" |
| 55 | name="advanced_ad[content]" |
| 56 | onkeyup="Advanced_Ads_Admin.check_ad_source()" |
| 57 | ><?php echo esc_textarea( $content ); ?></textarea> |
| 58 | <?php include ADVADS_ABSPATH . 'admin/views/ad-info-after-textarea.php'; ?> |
| 59 | <input type="hidden" name="advanced_ad[output][allow_php]" value="0"/> |
| 60 | |
| 61 | <?php |
| 62 | |
| 63 | $this->render_php_allow( $ad ); |
| 64 | $this->render_shortcodes_allow( $ad ); |
| 65 | ?> |
| 66 | <script>jQuery( function () { Advanced_Ads_Admin.check_ad_source() } )</script> |
| 67 | <?php |
| 68 | } |
| 69 | |
| 70 | /** |
| 71 | * Render php output field |
| 72 | * |
| 73 | * @param object $ad Advanced_Ads_Ad object. |
| 74 | */ |
| 75 | public function render_php_allow( $ad ) { |
| 76 | $content = ( isset( $ad->content ) ) ? $ad->content : ''; |
| 77 | |
| 78 | // Check if php is allowed. |
| 79 | if ( isset( $ad->output['allow_php'] ) ) { |
| 80 | $allow_php = absint( $ad->output['allow_php'] ); |
| 81 | } else { |
| 82 | /** |
| 83 | * For compatibility for ads with PHP added prior to 1.3.18 |
| 84 | * check if there is php code in the content |
| 85 | */ |
| 86 | $allow_php = preg_match( '/<\?php/', $content ); |
| 87 | } |
| 88 | ?> |
| 89 | <label class="label" for="advads-parameters-php"><?php esc_html_e( 'Allow PHP', 'advanced-ads' ); ?></label> |
| 90 | <div> |
| 91 | <input id="advads-parameters-php" type="checkbox" name="advanced_ad[output][allow_php]" value="1" <?php checked( 1, $allow_php ); ?> onChange="Advanced_Ads_Admin.check_ad_source();" <?php disabled( ! $this->is_php_globally_allowed() ); ?>/> |
| 92 | <span class="advads-help"> |
| 93 | <span class="advads-tooltip"> |
| 94 | <?php |
| 95 | echo wp_kses( |
| 96 | __( 'Execute PHP code (wrapped in <code><?php ?></code>)', 'advanced-ads' ), |
| 97 | [ |
| 98 | 'code' => [], |
| 99 | ] |
| 100 | ); |
| 101 | ?> |
| 102 | </span> |
| 103 | </span> |
| 104 | <?php if ( ! $this->is_php_globally_allowed() ) : ?> |
| 105 | <p class="advads-notice-inline advads-error"> |
| 106 | <?php |
| 107 | printf( |
| 108 | /* translators: The name of the constant preventing PHP execution */ |
| 109 | esc_html__( 'Executing PHP code has been disallowed by %s', 'advanced-ads' ), |
| 110 | sprintf( '<code>%s</code>', defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ? 'DISALLOW_FILE_EDIT' : 'ADVANCED_ADS_DISALLOW_PHP' ) |
| 111 | ); |
| 112 | ?> |
| 113 | </p> |
| 114 | <?php else : ?> |
| 115 | <p class="advads-notice-inline advads-error" id="advads-allow-php-warning" style="display:none;"> |
| 116 | <?php esc_html_e( 'Using PHP code can be dangerous. Please make sure you know what you are doing.', 'advanced-ads' ); ?> |
| 117 | </p> |
| 118 | <?php endif; ?> |
| 119 | <p class="advads-notice-inline advads-error" id="advads-parameters-php-warning" style="display:none;"> |
| 120 | <?php esc_html_e( 'No PHP tag detected in your code.', 'advanced-ads' ); ?> <?php esc_html_e( 'Uncheck this checkbox for improved performance.', 'advanced-ads' ); ?> |
| 121 | </p> |
| 122 | </div> |
| 123 | <hr/> |
| 124 | <?php |
| 125 | } |
| 126 | |
| 127 | /** |
| 128 | * Render allow shortcodes field. |
| 129 | * |
| 130 | * @param object $ad Advanced_Ads_Ad object. |
| 131 | */ |
| 132 | public function render_shortcodes_allow( $ad ) { |
| 133 | $allow_shortcodes = ! empty( $ad->output['allow_shortcodes'] ); |
| 134 | ?> |
| 135 | <label class="label" |
| 136 | for="advads-parameters-shortcodes"><?php esc_html_e( 'Execute shortcodes', 'advanced-ads' ); ?></label> |
| 137 | <div> |
| 138 | <input id="advads-parameters-shortcodes" type="checkbox" name="advanced_ad[output][allow_shortcodes]" |
| 139 | value="1" |
| 140 | <?php |
| 141 | checked( 1, $allow_shortcodes ); |
| 142 | ?> |
| 143 | onChange="Advanced_Ads_Admin.check_ad_source();"/> |
| 144 | <p class="advads-notice-inline advads-error" id="advads-parameters-shortcodes-warning" |
| 145 | style="display:none;"><?php esc_html_e( 'No shortcode detected in your code.', 'advanced-ads' ); ?> <?php esc_html_e( 'Uncheck this checkbox for improved performance.', 'advanced-ads' ); ?></p> |
| 146 | </div> |
| 147 | <hr/> |
| 148 | <?php |
| 149 | } |
| 150 | |
| 151 | /** |
| 152 | * Prepare the ads frontend output |
| 153 | * |
| 154 | * @param Advanced_Ads_Ad $ad ad object. |
| 155 | * |
| 156 | * @return string $content ad content prepared for frontend output. |
| 157 | * @since 1.0.0 |
| 158 | */ |
| 159 | public function prepare_output( $ad ) { |
| 160 | $content = $ad->content; |
| 161 | |
| 162 | // Evaluate the code as PHP if setting was never saved or is allowed. |
| 163 | if ( ( ! isset( $ad->output['allow_php'] ) || $ad->output['allow_php'] ) && $this->is_php_globally_allowed() ) { |
| 164 | ob_start(); |
| 165 | // This code only runs if the "Allow PHP" option for plain text ads was enabled. |
| 166 | // phpcs:ignore Squiz.PHP.Eval.Discouraged -- this is specifically eval'd so allow eval here. |
| 167 | eval( '?>' . $ad->content ); |
| 168 | $content = ob_get_clean(); |
| 169 | } |
| 170 | |
| 171 | if ( ! is_string( $content ) ) { |
| 172 | return ''; |
| 173 | } |
| 174 | |
| 175 | /** |
| 176 | * Apply do_blocks if the content has block code |
| 177 | * works with WP 5.0.0 and later |
| 178 | */ |
| 179 | if ( function_exists( 'has_blocks' ) && has_blocks( $content ) ) { |
| 180 | $content = do_blocks( $content ); |
| 181 | } |
| 182 | |
| 183 | if ( ! empty( $ad->output['allow_shortcodes'] ) ) { |
| 184 | $content = $this->do_shortcode( $content, $ad ); |
| 185 | } |
| 186 | |
| 187 | // Add 'loading' attribute if applicable, available from WP 5.5. |
| 188 | if ( |
| 189 | function_exists( 'wp_lazy_loading_enabled' ) |
| 190 | && wp_lazy_loading_enabled( 'img', 'the_content' ) |
| 191 | && preg_match_all( '/<img\s[^>]+>/', $content, $matches ) |
| 192 | ) { |
| 193 | // iterate images. |
| 194 | foreach ( $matches[0] as $image ) { |
| 195 | // skip if it already has the loading attribute. |
| 196 | if ( strpos( $image, 'loading=' ) !== false ) { |
| 197 | continue; |
| 198 | } |
| 199 | |
| 200 | // Optimize image HTML tag with loading attributes based on WordPress filter context. |
| 201 | $content = str_replace( $image, $this->img_tag_add_loading_attr( $image, 'the_content' ), $content ); |
| 202 | } |
| 203 | } |
| 204 | |
| 205 | return ( |
| 206 | ( |
| 207 | ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) || |
| 208 | ! $this->author_can_unfiltered_html( (int) get_post_field( 'post_author', $ad->id ) ) |
| 209 | ) |
| 210 | && version_compare( $ad->options( 'last_save_version', '0' ), '1.35.0', 'ge' ) |
| 211 | ) |
| 212 | ? wp_kses( $content, wp_kses_allowed_html( 'post' ) ) |
| 213 | : $content; |
| 214 | } |
| 215 | |
| 216 | /** |
| 217 | * Check if php execution is globally forbidden. |
| 218 | * |
| 219 | * @return bool |
| 220 | */ |
| 221 | private function is_php_globally_allowed() { |
| 222 | return ! ( defined( 'ADVANCED_ADS_DISALLOW_PHP' ) && ADVANCED_ADS_DISALLOW_PHP ) |
| 223 | && ! ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ); |
| 224 | } |
| 225 | |
| 226 | /** |
| 227 | * Check if we're on an ad edit screen, if yes and the user does not have `unfiltered_html` permissions, |
| 228 | * show an admin notice. |
| 229 | * |
| 230 | * @param Advanced_Ads_Ad $ad the current ad object. |
| 231 | * |
| 232 | * @return void |
| 233 | */ |
| 234 | protected function error_unfiltered_html( Advanced_Ads_Ad $ad ) { |
| 235 | $author_id = (int) get_post_field( 'post_author', $ad->id ); |
| 236 | $current_user_id = get_current_user_id(); |
| 237 | |
| 238 | if ($this->author_can_unfiltered_html($author_id)) { |
| 239 | return; |
| 240 | } |
| 241 | |
| 242 | ?> |
| 243 | <p class="advads-notice-inline advads-error"> |
| 244 | <?php |
| 245 | if ( $author_id === $current_user_id ) { |
| 246 | esc_html_e( 'You do not have sufficient permissions to include all HTML tags.', 'advanced-ads' ); |
| 247 | } else { |
| 248 | esc_html_e( 'The creator of the ad does not have sufficient permissions to include all HTML tags.', 'advanced-ads' ); |
| 249 | if ( current_user_can( 'unfiltered_html' ) && $this->user_has_role_on_site() ) { |
| 250 | printf( '<button type="button" onclick="(()=>Advanced_Ads_Admin.reassign_ad(%d))();" class="button button-primary">%s</button>', $current_user_id, esc_html__( 'Assign ad to me', 'advanced-ads' ) ); |
| 251 | } |
| 252 | } |
| 253 | ?> |
| 254 | <a href="https://wpadvancedads.com/manual/ad-types/#Plain_Text_and_Code" target="_blank" rel="noopener"> |
| 255 | <?php esc_html_e( 'Manual', 'advanced-ads' ); ?> |
| 256 | </a> |
| 257 | </p> |
| 258 | <?php |
| 259 | } |
| 260 | |
| 261 | /** |
| 262 | * Check if the ad content needs filtering. |
| 263 | * |
| 264 | * @param string $content The parsed ad content. |
| 265 | * @deprecated |
| 266 | * |
| 267 | * @return string |
| 268 | */ |
| 269 | protected function kses_ad( $content ) { |
| 270 | return $content; |
| 271 | } |
| 272 | |
| 273 | /** |
| 274 | * Check if the author of the ad can use unfiltered_html. |
| 275 | * |
| 276 | * @param int $author_id User ID of the ad author. |
| 277 | * |
| 278 | * @return bool |
| 279 | */ |
| 280 | private function author_can_unfiltered_html( $author_id ) { |
| 281 | if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) { |
| 282 | return false; |
| 283 | } |
| 284 | |
| 285 | $unfiltered_allowed = user_can( $author_id, 'unfiltered_html' ); |
| 286 | if ( $unfiltered_allowed || ! is_multisite() ) { |
| 287 | return $unfiltered_allowed; |
| 288 | } |
| 289 | |
| 290 | $options = Advanced_Ads::get_instance()->options(); |
| 291 | if ( ! isset( $options['allow-unfiltered-html'] ) ) { |
| 292 | $options['allow-unfiltered-html'] = []; |
| 293 | } |
| 294 | $allowed_roles = $options['allow-unfiltered-html']; |
| 295 | $user = get_user_by( 'id', $author_id ); |
| 296 | |
| 297 | return ! empty( array_intersect( $user->roles, $allowed_roles ) ); |
| 298 | } |
| 299 | |
| 300 | /** |
| 301 | * Check if the current user has a role on this site. |
| 302 | * |
| 303 | * @return bool |
| 304 | */ |
| 305 | private function user_has_role_on_site() { |
| 306 | return in_array( |
| 307 | get_current_blog_id(), |
| 308 | wp_list_pluck( get_blogs_of_user( get_current_user_id() ), 'userblog_id' ), |
| 309 | true |
| 310 | ); |
| 311 | } |
| 312 | } |
| 313 |