summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/jetpack/modules/contact-form/grunion-contact-form.php')
-rw-r--r--plugins/jetpack/modules/contact-form/grunion-contact-form.php64
1 files changed, 41 insertions, 23 deletions
diff --git a/plugins/jetpack/modules/contact-form/grunion-contact-form.php b/plugins/jetpack/modules/contact-form/grunion-contact-form.php
index d0f06856..c7ff0f71 100644
--- a/plugins/jetpack/modules/contact-form/grunion-contact-form.php
+++ b/plugins/jetpack/modules/contact-form/grunion-contact-form.php
@@ -252,6 +252,8 @@ class Grunion_Contact_Form_Plugin {
add_filter( 'contact_form_subject', array( $this, 'replace_tokens_with_input' ), 10, 2 );
$id = stripslashes( $_POST['contact-form-id'] );
+ $hash = isset( $_POST['contact-form-hash'] ) ? $_POST['contact-form-hash'] : null;
+ $hash = preg_replace( '/[^\da-f]/i', '', $hash );
if ( is_user_logged_in() ) {
check_admin_referer( "contact-form_{$id}" );
@@ -295,20 +297,20 @@ class Grunion_Contact_Form_Plugin {
apply_filters( 'the_content', $post->post_content );
}
- $form = Grunion_Contact_Form::$last;
+ $form = isset( Grunion_Contact_Form::$forms[ $hash ] ) ? Grunion_Contact_Form::$forms[ $hash ] : null;
// No form may mean user is using do_shortcode, grab the form using the stored post meta
if ( ! $form ) {
// Get shortcode from post meta
- $shortcode = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode', true );
+ $shortcode = get_post_meta( $_POST['contact-form-id'], "_g_feedback_shortcode_{$hash}", true );
// Format it
if ( $shortcode != '' ) {
// Get attributes from post meta.
$parameters = '';
- $attributes = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode_atts', true );
+ $attributes = get_post_meta( $_POST['contact-form-id'], "_g_feedback_shortcode_atts_{$hash}", true );
if ( ! empty( $attributes ) && is_array( $attributes ) ) {
foreach( array_filter( $attributes ) as $param => $value ) {
$parameters .= " $param=\"$value\"";
@@ -576,9 +578,9 @@ class Grunion_Contact_Form_Plugin {
$query_string = http_build_query( $form );
}
if ( method_exists( 'Akismet', 'http_post' ) ) {
- $response = Akismet::http_post( $query_string, "submit-{$as}" );
+ $response = Akismet::http_post( $query_string, "submit-{$as}" );
} else {
- $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port );
+ $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port );
}
return trim( $response[1] );
@@ -1291,6 +1293,11 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
public $errors;
/**
+ * @var string The SHA1 hash of the attributes that comprise the form.
+ */
+ public $hash;
+
+ /**
* @var Grunion_Contact_Form The most recent (inclusive) contact-form shortcode processed
*/
static $last;
@@ -1301,6 +1308,11 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
static $current_form;
/**
+ * @var array All found forms, indexed by hash.
+ */
+ static $forms = array();
+
+ /**
* @var bool Whether to print the grunion.css style when processing the contact-form shortcode
*/
static $style = false;
@@ -1308,6 +1320,9 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
function __construct( $attributes, $content = null ) {
global $post;
+ $this->hash = sha1( json_encode( $attributes ) . $content );
+ self::$forms[ $this->hash ] = $this;
+
// Set up the default subject and recipient for this form
$default_to = '';
$default_subject = '[' . get_option( 'blogname' ) . ']';
@@ -1365,10 +1380,10 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
$this->parse_content( $default_form );
// Store the shortcode
- $this->store_shortcode( $default_form, $attributes );
+ $this->store_shortcode( $default_form, $attributes, $this->hash );
} else {
// Store the shortcode
- $this->store_shortcode( $content, $attributes );
+ $this->store_shortcode( $content, $attributes, $this->hash );
}
// $this->body and $this->fields have been setup. We no longer need the contact-field shortcode.
@@ -1380,18 +1395,24 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
* - used to receate shortcode when user uses do_shortcode
*
* @param string $content
+ * @param array $attributes
+ * @param string $hash
*/
- static function store_shortcode( $content = null, $attributes = null ) {
+ static function store_shortcode( $content = null, $attributes = null, $hash = null ) {
if ( $content != null and isset( $attributes['id'] ) ) {
- $shortcode_meta = get_post_meta( $attributes['id'], '_g_feedback_shortcode', true );
+ if ( empty( $hash ) ) {
+ $hash = sha1( json_encode( $attributes ) . $content );
+ }
+
+ $shortcode_meta = get_post_meta( $attributes['id'], "_g_feedback_shortcode_{$hash}", true );
if ( $shortcode_meta != '' or $shortcode_meta != $content ) {
- update_post_meta( $attributes['id'], '_g_feedback_shortcode', $content );
+ update_post_meta( $attributes['id'], "_g_feedback_shortcode_{$hash}", $content );
// Save attributes to post_meta for later use. They're not available later in do_shortcode situations.
- update_post_meta( $attributes['id'], '_g_feedback_shortcode_atts', $attributes );
+ update_post_meta( $attributes['id'], "_g_feedback_shortcode_atts_{$hash}", $attributes );
}
}
}
@@ -1443,17 +1464,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
return '[contact-form]';
}
- // Only allow one contact form per post/widget
- if ( self::$last && $id == self::$last->get_attribute( 'id' ) ) {
- // We're processing the same post
- if ( self::$last->attributes != $form->attributes || self::$last->content != $form->content ) {
- // And we're processing a different shortcode;
- return '';
- } // else, we're processing the same shortcode - probably a separate run of do_shortcode() - let it through
-
- } else {
- self::$last = $form;
- }
+ self::$last = $form;
// Enqueue the grunion.css stylesheet if self::$style allows it
if ( self::$style && ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) ) {
@@ -1475,7 +1486,10 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
$r .= "</ul>\n</div>\n\n";
}
- if ( isset( $_GET['contact-form-id'] ) && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' ) && isset( $_GET['contact-form-sent'] ) ) {
+ if ( isset( $_GET['contact-form-id'] )
+ && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' )
+ && isset( $_GET['contact-form-sent'], $_GET['contact-form-hash'] )
+ && hash_equals( $form->hash, $_GET['contact-form-hash'] ) ) {
// The contact form was submitted. Show the success message/results
$feedback_id = (int) $_GET['contact-form-sent'];
@@ -1537,6 +1551,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
}
$r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n";
$r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n";
+ $r .= "\t\t<input type='hidden' name='contact-form-hash' value='" . esc_attr( $form->hash ) . "' />\n";
$r .= "\t</p>\n";
$r .= "</form>\n";
}
@@ -1695,6 +1710,8 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action']
&&
isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id']
+ &&
+ isset( $_POST['contact-form-hash'] ) && hash_equals( $form->hash, $_POST['contact-form-hash'] )
) {
// If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary.
$field->validate();
@@ -2193,6 +2210,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
$redirect = add_query_arg( urlencode_deep( array(
'contact-form-id' => $id,
'contact-form-sent' => $post_id,
+ 'contact-form-hash' => $this->hash,
'_wpnonce' => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :(
) ), $redirect );