PluginProbe ʕ •ᴥ•ʔ
OttoKit: All-in-One Automation Platform / 1.1.32
OttoKit: All-in-One Automation Platform v1.1.32
1.1.32 1.1.31 1.1.30 1.1.29 1.1.28 1.1.27 1.1.9 trunk 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.29 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39 1.0.40 1.0.41 1.0.42 1.0.43 1.0.44 1.0.45 1.0.46 1.0.47 1.0.48 1.0.49 1.0.50 1.0.51 1.0.52 1.0.53 1.0.54 1.0.55 1.0.56 1.0.57 1.0.58 1.0.59 1.0.60 1.0.61 1.0.62 1.0.63 1.0.64 1.0.65 1.0.66 1.0.67 1.0.68 1.0.69 1.0.7 1.0.70 1.0.71 1.0.72 1.0.73 1.0.74 1.0.75 1.0.76 1.0.77 1.0.78 1.0.79 1.0.8 1.0.80 1.0.81 1.0.82 1.0.83 1.0.84 1.0.85 1.0.86 1.0.87 1.0.88 1.0.89 1.0.9 1.0.90 1.1.0 1.1.1 1.1.10 1.1.11 1.1.12 1.1.13 1.1.14 1.1.15 1.1.16 1.1.17 1.1.18 1.1.19 1.1.2 1.1.20 1.1.21 1.1.22 1.1.23 1.1.24 1.1.25 1.1.26 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.1.8
suretriggers / src / Integrations / sureforms / actions / sureforms-send-data.php
suretriggers / src / Integrations / sureforms / actions Last commit date
sureforms-send-data.php 1 year ago
sureforms-send-data.php
157 lines
1 <?php
2 /**
3 * SureFormsSendData.
4 * php version 5.6
5 *
6 * @category SureFormsSendData
7 * @package SureTriggers
8 * @author BSF <username@example.com>
9 * @license https://www.gnu.org/licenses/gpl-3.0.html GPLv3
10 * @link https://www.brainstormforce.com/
11 * @since 1.0.0
12 */
13
14 namespace SureTriggers\Integrations\SureForms\Actions;
15
16 use SureTriggers\Integrations\AutomateAction;
17 use SureTriggers\Traits\SingletonLoader;
18
19 /**
20 * SureFormsSendData
21 *
22 * @category SureFormsSendData
23 * @package SureTriggers
24 * @author BSF <username@example.com>
25 * @license https://www.gnu.org/licenses/gpl-3.0.html GPLv3
26 * @link https://www.brainstormforce.com/
27 * @since 1.0.0
28 */
29 class SureFormsSendData extends AutomateAction {
30
31 /**
32 * Integration type.
33 *
34 * @var string
35 */
36 public $integration = 'SureForms';
37
38 /**
39 * Action name.
40 *
41 * @var string
42 */
43 public $action = 'sureforms_send_data';
44
45 use SingletonLoader;
46
47 /**
48 * Register a action.
49 *
50 * @param array $actions actions.
51 * @return array
52 */
53 public function register( $actions ) {
54 $actions[ $this->integration ][ $this->action ] = [
55 'label' => __( 'Send Data', 'suretriggers' ),
56 'action' => $this->action,
57 'function' => [ $this, 'action_listener' ],
58 ];
59 return $actions;
60 }
61
62 /**
63 * Action listener.
64 *
65 * @param int $user_id user_id.
66 * @param int $automation_id automation_id.
67 * @param array $fields fields.
68 * @param array $selected_options selectedOptions.
69 * @psalm-suppress UndefinedMethod
70 *
71 * @throws \Exception Exception.
72 *
73 * @return array|mixed
74 */
75 public function _action_listener( $user_id, $automation_id, $fields, $selected_options ) {
76 $endpoint_url = isset( $selected_options['endpoint_url'] ) ? esc_url( $selected_options['endpoint_url'] ) : '';
77 $sf_data = isset( $selected_options['sf_data_body'] ) ? $selected_options['sf_data_body'] : '';
78 $file_attachment = isset( $selected_options['sf_attachment'] ) ? $selected_options['sf_attachment'] : '';
79
80 // Handling SSRF Attack.
81 $blocked_hosts = [
82 '127.0.0.1', // Local access.
83 'localhost',
84 '192.168.0.0/16', // Organization access.
85 '10.0.0.0/8',
86 '172.16.0.0/12',
87 '169.254.0.0/16',
88 '0.0.0.0',
89 '0.0.0.0/0',
90 '169.254.169.254', // EC2 meta-data access.
91 ];
92
93 $host = wp_parse_url( $endpoint_url, PHP_URL_HOST );
94
95 if ( in_array( $host, $blocked_hosts ) ) {
96 throw new \Exception( 'Access blocked.' );
97 }
98
99 $form_data = [
100 'body' => $sf_data,
101 'attachment' => $file_attachment,
102 ];
103 $json_body = wp_json_encode( $form_data );
104 if ( false === $json_body ) {
105 throw new \Exception( 'Failed to encode form data to JSON.' );
106 }
107
108 $args = [
109 'method' => 'POST',
110 'headers' => [
111 'Content-Type' => 'application/json',
112 'User-Agent' => 'SureTriggers',
113 ],
114 'sslverify' => true,
115 'timeout' => 30, // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout
116 'body' => $json_body,
117 ];
118
119 if ( null === $endpoint_url ) {
120 return [];
121 }
122 // Send the HTTP request based on the method.
123 $response = wp_remote_request( $endpoint_url, $args );
124 if ( is_wp_error( $response ) ) {
125 $error_message = $response->get_error_message();
126 if ( ! empty( $selected_options['test_action'] ) ) {
127 return [
128 'success' => false,
129 'message' => 'Error: ' . $error_message,
130 ];
131 }
132 throw new \Exception( 'Request failed: ' . $error_message );
133 }
134
135 // Check for successful HTTP status codes (200, 201, 204).
136 $status_code = wp_remote_retrieve_response_code( $response );
137 if ( ! in_array( $status_code, [ 200, 201, 204 ], true ) ) {
138 $error = 'Failed to communicate with the API: ' . $endpoint_url;
139 if ( ! empty( $selected_options['test_action'] ) ) {
140 return [
141 'success' => false,
142 'message' => $error,
143 ];
144 }
145 throw new \Exception( 'API request failed: ' . wp_remote_retrieve_body( $response ) );
146 }
147
148 $result = json_decode( wp_remote_retrieve_body( $response ), true );
149 if ( json_last_error() !== JSON_ERROR_NONE ) {
150 $result = [ 'response' => wp_remote_retrieve_body( $response ) ];
151 }
152 return $result;
153 }
154 }
155
156 SureFormsSendData::get_instance();
157