sureforms-send-data.php
157 lines
| 1 | <?php |
| 2 | /** |
| 3 | * SureFormsSendData. |
| 4 | * php version 5.6 |
| 5 | * |
| 6 | * @category SureFormsSendData |
| 7 | * @package SureTriggers |
| 8 | * @author BSF <username@example.com> |
| 9 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPLv3 |
| 10 | * @link https://www.brainstormforce.com/ |
| 11 | * @since 1.0.0 |
| 12 | */ |
| 13 | |
| 14 | namespace SureTriggers\Integrations\SureForms\Actions; |
| 15 | |
| 16 | use SureTriggers\Integrations\AutomateAction; |
| 17 | use SureTriggers\Traits\SingletonLoader; |
| 18 | |
| 19 | /** |
| 20 | * SureFormsSendData |
| 21 | * |
| 22 | * @category SureFormsSendData |
| 23 | * @package SureTriggers |
| 24 | * @author BSF <username@example.com> |
| 25 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPLv3 |
| 26 | * @link https://www.brainstormforce.com/ |
| 27 | * @since 1.0.0 |
| 28 | */ |
| 29 | class SureFormsSendData extends AutomateAction { |
| 30 | |
| 31 | /** |
| 32 | * Integration type. |
| 33 | * |
| 34 | * @var string |
| 35 | */ |
| 36 | public $integration = 'SureForms'; |
| 37 | |
| 38 | /** |
| 39 | * Action name. |
| 40 | * |
| 41 | * @var string |
| 42 | */ |
| 43 | public $action = 'sureforms_send_data'; |
| 44 | |
| 45 | use SingletonLoader; |
| 46 | |
| 47 | /** |
| 48 | * Register a action. |
| 49 | * |
| 50 | * @param array $actions actions. |
| 51 | * @return array |
| 52 | */ |
| 53 | public function register( $actions ) { |
| 54 | $actions[ $this->integration ][ $this->action ] = [ |
| 55 | 'label' => __( 'Send Data', 'suretriggers' ), |
| 56 | 'action' => $this->action, |
| 57 | 'function' => [ $this, 'action_listener' ], |
| 58 | ]; |
| 59 | return $actions; |
| 60 | } |
| 61 | |
| 62 | /** |
| 63 | * Action listener. |
| 64 | * |
| 65 | * @param int $user_id user_id. |
| 66 | * @param int $automation_id automation_id. |
| 67 | * @param array $fields fields. |
| 68 | * @param array $selected_options selectedOptions. |
| 69 | * @psalm-suppress UndefinedMethod |
| 70 | * |
| 71 | * @throws \Exception Exception. |
| 72 | * |
| 73 | * @return array|mixed |
| 74 | */ |
| 75 | public function _action_listener( $user_id, $automation_id, $fields, $selected_options ) { |
| 76 | $endpoint_url = isset( $selected_options['endpoint_url'] ) ? esc_url( $selected_options['endpoint_url'] ) : ''; |
| 77 | $sf_data = isset( $selected_options['sf_data_body'] ) ? $selected_options['sf_data_body'] : ''; |
| 78 | $file_attachment = isset( $selected_options['sf_attachment'] ) ? $selected_options['sf_attachment'] : ''; |
| 79 | |
| 80 | // Handling SSRF Attack. |
| 81 | $blocked_hosts = [ |
| 82 | '127.0.0.1', // Local access. |
| 83 | 'localhost', |
| 84 | '192.168.0.0/16', // Organization access. |
| 85 | '10.0.0.0/8', |
| 86 | '172.16.0.0/12', |
| 87 | '169.254.0.0/16', |
| 88 | '0.0.0.0', |
| 89 | '0.0.0.0/0', |
| 90 | '169.254.169.254', // EC2 meta-data access. |
| 91 | ]; |
| 92 | |
| 93 | $host = wp_parse_url( $endpoint_url, PHP_URL_HOST ); |
| 94 | |
| 95 | if ( in_array( $host, $blocked_hosts ) ) { |
| 96 | throw new \Exception( 'Access blocked.' ); |
| 97 | } |
| 98 | |
| 99 | $form_data = [ |
| 100 | 'body' => $sf_data, |
| 101 | 'attachment' => $file_attachment, |
| 102 | ]; |
| 103 | $json_body = wp_json_encode( $form_data ); |
| 104 | if ( false === $json_body ) { |
| 105 | throw new \Exception( 'Failed to encode form data to JSON.' ); |
| 106 | } |
| 107 | |
| 108 | $args = [ |
| 109 | 'method' => 'POST', |
| 110 | 'headers' => [ |
| 111 | 'Content-Type' => 'application/json', |
| 112 | 'User-Agent' => 'SureTriggers', |
| 113 | ], |
| 114 | 'sslverify' => true, |
| 115 | 'timeout' => 30, // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout |
| 116 | 'body' => $json_body, |
| 117 | ]; |
| 118 | |
| 119 | if ( null === $endpoint_url ) { |
| 120 | return []; |
| 121 | } |
| 122 | // Send the HTTP request based on the method. |
| 123 | $response = wp_remote_request( $endpoint_url, $args ); |
| 124 | if ( is_wp_error( $response ) ) { |
| 125 | $error_message = $response->get_error_message(); |
| 126 | if ( ! empty( $selected_options['test_action'] ) ) { |
| 127 | return [ |
| 128 | 'success' => false, |
| 129 | 'message' => 'Error: ' . $error_message, |
| 130 | ]; |
| 131 | } |
| 132 | throw new \Exception( 'Request failed: ' . $error_message ); |
| 133 | } |
| 134 | |
| 135 | // Check for successful HTTP status codes (200, 201, 204). |
| 136 | $status_code = wp_remote_retrieve_response_code( $response ); |
| 137 | if ( ! in_array( $status_code, [ 200, 201, 204 ], true ) ) { |
| 138 | $error = 'Failed to communicate with the API: ' . $endpoint_url; |
| 139 | if ( ! empty( $selected_options['test_action'] ) ) { |
| 140 | return [ |
| 141 | 'success' => false, |
| 142 | 'message' => $error, |
| 143 | ]; |
| 144 | } |
| 145 | throw new \Exception( 'API request failed: ' . wp_remote_retrieve_body( $response ) ); |
| 146 | } |
| 147 | |
| 148 | $result = json_decode( wp_remote_retrieve_body( $response ), true ); |
| 149 | if ( json_last_error() !== JSON_ERROR_NONE ) { |
| 150 | $result = [ 'response' => wp_remote_retrieve_body( $response ) ]; |
| 151 | } |
| 152 | return $result; |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | SureFormsSendData::get_instance(); |
| 157 |