Below is a differential between the unpatched vulnerable code and the patched update, for reference.
--- a/classified-listing/app/Controllers/Ajax/AjaxCFG.php
+++ b/classified-listing/app/Controllers/Ajax/AjaxCFG.php
@@ -18,8 +18,12 @@
function edit_field_delete() {
$data = null;
$error = true;
- if ( Functions::verify_nonce() ) {
- $post_id = !empty( $_REQUEST['id'] ) ? $_REQUEST['id'] : 0;
+ if ( !Functions::verify_nonce() ) {
+ $msg = esc_html__( "Session expired", "classified-listing" );
+ } elseif ( !current_user_can( 'manage_rtcl_options' ) ) {
+ $msg = esc_html__( "You do not have permission to delete custom fields.", "classified-listing" );
+ } else {
+ $post_id = !empty( $_REQUEST['id'] ) ? absint( $_REQUEST['id'] ) : 0;
if ( $post_id && ( $post = get_post( $post_id ) ) && $post->post_type === rtcl()->post_type_cf ) {
$p = wp_delete_post( $post_id, true );
if ( $p ) {
@@ -32,8 +36,6 @@
$data = $_REQUEST;
$msg = esc_html__( "Field was not selected", "classified-listing" );
}
- } else {
- $msg = esc_html__( "Session expired", "classified-listing" );
}
wp_send_json( [
'data' => $data,
@@ -43,6 +45,14 @@
}
function edit_field_choose() {
+ if ( !Functions::verify_nonce() ) {
+ esc_html_e( "Session expired", "classified-listing" );
+ die();
+ }
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ esc_html_e( "You do not have permission to view custom fields.", "classified-listing" );
+ die();
+ }
$html = null;
$fields = Options::get_custom_field_list();
$html .= "<p>" . esc_html__( "You can choose from the available fields:", "classified-listing" ) . "</p>";
@@ -58,8 +68,12 @@
$data = null;
$error = true;
$type = !empty( $_REQUEST['type'] ) && array_key_exists( $_REQUEST['type'], Options::get_custom_field_list() ) ? esc_attr( $_REQUEST['type'] ) : 'text';
- if ( Functions::verify_nonce() ) {
- $parent_id = !empty( $_REQUEST['id'] ) ? $_REQUEST['id'] : 0;
+ if ( !Functions::verify_nonce() ) {
+ $msg = esc_html__( "Session expired", "classified-listing" );
+ } elseif ( !current_user_can( 'manage_rtcl_options' ) ) {
+ $msg = esc_html__( "You do not have permission to insert custom fields.", "classified-listing" );
+ } else {
+ $parent_id = !empty( $_REQUEST['id'] ) ? absint( $_REQUEST['id'] ) : 0;
if ( $type && $parent_id ) {
$field_id = wp_insert_post( [
'post_status' => 'draft',
@@ -76,8 +90,6 @@
$data = $_REQUEST;
$msg = esc_html__( "Select a field type", "classified-listing" );
}
- } else {
- $msg = esc_html__( "Session expired", "classified-listing" );
}
wp_send_json( [
'data' => $data,
--- a/classified-listing/app/Controllers/Ajax/AjaxSettings.php
+++ b/classified-listing/app/Controllers/Ajax/AjaxSettings.php
@@ -21,8 +21,13 @@
public static function save_setting_options() {
- if ( !Functions::verify_nonce() || !current_user_can( 'manage_options' ) ) {
- wp_send_json_error( esc_html__( 'User permission error', 'classified-listing' ) );
+ if ( !Functions::verify_nonce() ) {
+ wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
+
+ return;
+ }
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to save settings.', 'classified-listing' ) );
return;
}
@@ -238,8 +243,13 @@
public static function getMediaById() {
- if ( !isset( $_POST['nonce'] ) && !wp_verify_nonce( $_POST['nonce'], 'rt_options' ) && !current_user_can( 'manage_options' ) ) {
- wp_send_json_error( [ 'message' => __( 'User permission error', 'classified-listing' ) ] );
+ if ( !isset( $_POST['nonce'] ) || !wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'rt_options' ) ) {
+ wp_send_json_error( [ 'message' => esc_html__( 'Session error !!', 'classified-listing' ) ] );
+
+ return;
+ }
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( [ 'message' => esc_html__( 'You do not have permission to access media.', 'classified-listing' ) ] );
return;
}
--- a/classified-listing/app/Controllers/Ajax/Checkout.php
+++ b/classified-listing/app/Controllers/Ajax/Checkout.php
@@ -279,8 +279,9 @@
}
$multiple_tax[] = [
- 'label' => __( 'Tax', 'classified-listing' ),
- 'amount' => $tax_amount,
+ 'label' => __( 'Tax', 'classified-listing' ),
+ 'amount' => $tax_amount,
+ 'raw_amount' => $tax_amount,
];
if ( ! empty( $results ) ) {
--- a/classified-listing/app/Controllers/Ajax/Export.php
+++ b/classified-listing/app/Controllers/Ajax/Export.php
@@ -323,6 +323,77 @@
$listing_post[] = get_post_meta( $listing->get_id(), 'never_expires', true );
$listing_post[] = get_post_meta( $listing->get_id(), 'expiry_date', true );
$listing_post[] = $listing->get_view_counts();
+
+ $bhs_data = get_post_meta( $listing->get_id(), '_rtcl_bhs', true );
+ $bhs_data = is_array( $bhs_data ) ? $bhs_data : [];
+
+ $bhs_output = '';
+ if ( ! empty( $bhs_data['active'] ) ) {
+ $bhs_type = ! empty( $bhs_data['type'] ) && 'selective' === $bhs_data['type'] ? 'Selective' : 'Open 24/7';
+ $bhs_lines = [];
+ $bhs_lines[] = 'Status: Active | Type: ' . $bhs_type;
+
+ if ( 'Selective' === $bhs_type ) {
+ $day_names = [
+ 0 => 'Sunday',
+ 1 => 'Monday',
+ 2 => 'Tuesday',
+ 3 => 'Wednesday',
+ 4 => 'Thursday',
+ 5 => 'Friday',
+ 6 => 'Saturday',
+ ];
+ foreach ( $day_names as $day_index => $day_name ) {
+ $day = $bhs_data['days'][ $day_index ] ?? [];
+ if ( ! empty( $day['open'] ) ) {
+ if ( empty( $day['times'] ) || ! is_array( $day['times'] ) ) {
+ $bhs_lines[] = $day_name . ': Open 24 Hours';
+ } else {
+ $time_ranges = [];
+ foreach ( $day['times'] as $time ) {
+ if ( ! empty( $time['start'] ) && ! empty( $time['end'] ) ) {
+ $time_ranges[] = $time['start'] . '-' . $time['end'];
+ }
+ }
+ $bhs_lines[] = $day_name . ': ' . ( ! empty( $time_ranges ) ? implode( ', ', $time_ranges ) : 'Open 24 Hours' );
+ }
+ } else {
+ $bhs_lines[] = $day_name . ': Closed';
+ }
+ }
+ }
+
+ if ( ! empty( $bhs_data['special'] ) && is_array( $bhs_data['special'] ) ) {
+ $special_entries = [];
+ foreach ( $bhs_data['special'] as $sbh ) {
+ if ( empty( $sbh['date'] ) ) {
+ continue;
+ }
+ $occur = ! empty( $sbh['occur'] ) && 'once' === $sbh['occur'] ? 'Once' : 'Repeat';
+ if ( ! empty( $sbh['open'] ) && ! empty( $sbh['times'] ) && is_array( $sbh['times'] ) ) {
+ $time_ranges = [];
+ foreach ( $sbh['times'] as $time ) {
+ if ( ! empty( $time['start'] ) && ! empty( $time['end'] ) ) {
+ $time_ranges[] = $time['start'] . '-' . $time['end'];
+ }
+ }
+ $hours = ! empty( $time_ranges ) ? implode( ', ', $time_ranges ) : 'Open 24 Hours';
+ } elseif ( ! empty( $sbh['open'] ) ) {
+ $hours = 'Open 24 Hours';
+ } else {
+ $hours = 'Closed';
+ }
+ $special_entries[] = $sbh['date'] . ' (' . $occur . '): ' . $hours;
+ }
+ if ( ! empty( $special_entries ) ) {
+ $bhs_lines[] = 'Special: ' . implode( '; ', $special_entries );
+ }
+ }
+
+ $bhs_output = implode( "n", $bhs_lines );
+ }
+ $listing_post[] = $bhs_output;
+
$listing_post[] = $listing->get_status();
foreach ( $custom_fields as $custom_meta ) {
--- a/classified-listing/app/Controllers/Ajax/FilterFormAdminAjax.php
+++ b/classified-listing/app/Controllers/Ajax/FilterFormAdminAjax.php
@@ -22,6 +22,9 @@
if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) ) {
wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
}
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to manage filter settings.', 'classified-listing' ) );
+ }
$filterId = !empty( $_POST['filterId'] ) ? sanitize_text_field( wp_unslash( $_POST['filterId'] ) ) : '';
$name = !empty( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';
$id = !empty( $_POST['id'] ) ? sanitize_text_field( wp_unslash( $_POST['id'] ) ) : '';
@@ -66,6 +69,9 @@
if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) ) {
wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
}
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to remove filter forms.', 'classified-listing' ) );
+ }
$filterId = !empty( $_POST['filterId'] ) ? sanitize_text_field( wp_unslash( $_POST['filterId'] ) ) : '';
$filters = Functions::get_option( 'rtcl_filter_settings' );
@@ -88,6 +94,9 @@
if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) ) {
wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
}
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to update filter items.', 'classified-listing' ) );
+ }
$filterId = !empty( $_POST['filterId'] ) ? sanitize_text_field( wp_unslash( $_POST['filterId'] ) ) : '';
$itemId = !empty( $_POST['itemId'] ) ? sanitize_text_field( wp_unslash( $_POST['itemId'] ) ) : '';
@@ -170,6 +179,9 @@
if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) ) {
wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
}
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to reorder filter items.', 'classified-listing' ) );
+ }
$filterId = !empty( $_POST['filterId'] ) ? sanitize_text_field( wp_unslash( $_POST['filterId'] ) ) : '';
$rawItemKeys = !empty( $_POST['itemKeys'] ) && is_array( $_POST['itemKeys'] ) ? $_POST['itemKeys'] : [];
@@ -222,6 +234,9 @@
if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) ) {
wp_send_json_error( esc_html__( 'Session error !!', 'classified-listing' ) );
}
+ if ( !current_user_can( 'manage_rtcl_options' ) ) {
+ wp_send_json_error( esc_html__( 'You do not have permission to remove filter items.', 'classified-listing' ) );
+ }
$filterId = !empty( $_POST['filterId'] ) ? sanitize_text_field( wp_unslash( $_POST['filterId'] ) ) : '';
$itemId = !empty( $_POST['itemId'] ) ? sanitize_text_field( wp_unslash( $_POST['itemId'] ) ) : '';
--- a/classified-listing/app/Controllers/Ajax/FormBuilderAjax.php
+++ b/classified-listing/app/Controllers/Ajax/FormBuilderAjax.php
@@ -664,6 +664,26 @@
wp_send_json_error( esc_html__( "Given file is empty to upload.", "classified-listing" ) );
}
+ // The ID of the post this attachment is for.
+ $parent_post_id = isset( $_POST["listingId"] ) ? absint( $_POST["listingId"] ) : 0;
+
+ // Verify that the current user owns (or can edit) the target listing before accepting the upload.
+ // Without this check any user could upload files onto an arbitrary listing by supplying its ID.
+ if ( $parent_post_id > 0 ) {
+ $parent_listing = rtcl()->factory->get_listing( $parent_post_id );
+ if ( ! $parent_listing ) {
+ wp_send_json_error( esc_html__( 'Invalid listing ID.', 'classified-listing' ) );
+ }
+
+ $parent_post = $parent_listing->get_listing();
+ $post_author = (int) $parent_post->post_author;
+ $is_temp_guest = ( 'rtcl-temp' === $parent_post->post_status && 0 === $post_author && Functions::is_enable_post_for_unregister() );
+
+ if ( ! $is_temp_guest && ! Functions::current_user_can( 'edit_' . rtcl()->post_type, $parent_post_id ) ) {
+ wp_send_json_error( apply_filters( 'rtcl_fb_not_found_error_message', __( 'You do not have sufficient permissions to access this page.', 'classified-listing' ), $_REQUEST, 'permission_error' ) );
+ }
+ }
+
Filters::beforeUpload();
// you can use WP's wp_handle_upload() function:
$status = wp_handle_upload( $_FILES['image'], [ 'test_form' => false ] );
@@ -679,9 +699,6 @@
// $filename should be the path to a file in the upload directory.
$filename = $status['file'];
- // The ID of the post this attachment is for.
- $parent_post_id = isset( $_POST["listingId"] ) ? absint( $_POST["listingId"] ) : 0;
-
// Check the type of tile. We'll use this as the 'post_mime_type'.
$filetype = wp_check_filetype( basename( $filename ) );
@@ -848,6 +865,10 @@
return;
}
+ if ( ! is_user_logged_in() && apply_filters( 'rtcl_is_disable_post_for_unregister', true ) ) {
+ wp_send_json_error( __( 'Registration required to upload listing file.', 'classified-listing' ) );
+ }
+
if ( empty( $_FILES['file'] ) ) {
wp_send_json_error( esc_html__( 'Given file is empty to upload.', 'classified-listing' ) );
@@ -922,6 +943,26 @@
// The ID of the post this attachment is for.
$listing_id = isset( $_POST['listingId'] ) ? absint( $_POST['listingId'] ) : 0;
+
+ if ( $listing_id > 0 ) {
+ $parent_listing = rtcl()->factory->get_listing( $listing_id );
+ if ( ! $parent_listing ) {
+ wp_send_json_error( esc_html__( 'Invalid listing ID.', 'classified-listing' ) );
+
+ return;
+ }
+
+ $parent_post = $parent_listing->get_listing();
+ $post_author = (int) $parent_post->post_author;
+ $is_temp_guest = ( 'rtcl-temp' === $parent_post->post_status && 0 === $post_author && Functions::is_enable_post_for_unregister() );
+
+ if ( ! $is_temp_guest && ! Functions::current_user_can( 'edit_' . rtcl()->post_type, $listing_id ) ) {
+ wp_send_json_error( apply_filters( 'rtcl_fb_not_found_error_message', __( 'You do not have sufficient permissions to access this page.', 'classified-listing' ), $_REQUEST, 'permission_error' ) );
+
+ return;
+ }
+ }
+
if ( $listing_id ) {
if ( $repeater ) {
$repeaterValue = get_post_meta( $listing_id, $repeater['name'], true );
--- a/classified-listing/app/Controllers/Ajax/Import.php
+++ b/classified-listing/app/Controllers/Ajax/Import.php
@@ -5,6 +5,7 @@
use RtclControllersHooksFilters;
use RtclHelpersFunctions;
use RtclResourcesOptions;
+use RtclServicesFormBuilderFBHelper;
class Import {
@@ -45,9 +46,10 @@
'message' => esc_html__( 'Something wrong. Not added any listing!!', 'classified-listing' ),
];
- $rows = $_POST['rows'];
- parse_str( $_POST['formData'], $formData );
- $map_to = $formData['map_to'];
+ $raw_rows = $_POST['rows'] ?? null;
+ $rows = is_string( $raw_rows ) ? json_decode( wp_unslash( $raw_rows ), true ) : $raw_rows;
+ parse_str( $_POST['formData'] ?? '', $formData );
+ $map_to = $formData['map_to'] ?? null;
if ( empty( $rows ) || ! is_array( $rows ) ) {
$return['message'] = esc_html__( 'Not found listings!', 'classified-listing' );
@@ -59,25 +61,36 @@
wp_send_json( $return );
}
+ $field_labels = Functions::get_listings_default_fields() + Functions::get_listings_custom_fields();
$inserted_posts = [];
+ $errors = [];
+ $row_number = 0;
foreach ( $rows as $row ) {
- $postarr = [];
- $meta_data = [];
- $cat_id = null;
- $loc_id = null;
- $tag_id = null;
- $loc_ids = [];
- $cat_ids = [];
- $tag_ids = [];
- $author = [];
+ $row_number++;
+ $postarr = [];
+ $meta_data = [];
+ $cat_id = null;
+ $loc_id = null;
+ $tag_id = null;
+ $loc_ids = [];
+ $cat_ids = [];
+ $tag_ids = [];
+ $author = [];
+ $row_title = '';
foreach ( $row as $field => $data ) {
- $key = $map_to[ $field ];
+ if ( ! isset( $map_to[ $field ] ) || '' === $map_to[ $field ] ) {
+ continue;
+ }
+ $key = $map_to[ $field ];
+ $field_label = $field_labels[ $key ] ?? $key;
+ try {
switch ( $key ) {
case 'rtcl_title':
$postarr['post_title'] = $data;
+ $row_title = $data;
break;
case 'rtcl_content':
$postarr['post_content'] = $data;
@@ -248,6 +261,37 @@
}
}
break;
+ case '_rtcl_bhs':
+ if ( ! empty( $data ) ) {
+ $parsed_bhs = self::parse_business_hours_import( $data );
+ if ( ! empty( $parsed_bhs['active'] ) ) {
+ $fb_enabled = class_exists( FBHelper::class ) && FBHelper::isEnabled();
+ $default_form = $fb_enabled ? FBHelper::getDefaultForm() : null;
+ if ( $fb_enabled && $default_form ) {
+ // Save in new format and assign default form for proper display.
+ $meta_data[ $key ] = $parsed_bhs;
+ if ( ! isset( $meta_data['_rtcl_form_id'] ) ) {
+ $meta_data['_rtcl_form_id'] = $default_form->id;
+ }
+ } else {
+ // Save in old format (days indexed 0-6 at root level).
+ if ( ! empty( $parsed_bhs['type'] ) && 'selective' === $parsed_bhs['type'] ) {
+ $meta_data[ $key ] = ! empty( $parsed_bhs['days'] ) ? $parsed_bhs['days'] : [];
+ } else {
+ // Open 24/7 - set all days as open.
+ $all_open = [];
+ for ( $i = 0; $i <= 6; $i++ ) {
+ $all_open[ $i ] = [ 'open' => true ];
+ }
+ $meta_data[ $key ] = $all_open;
+ }
+ if ( ! empty( $parsed_bhs['special'] ) ) {
+ $meta_data['_rtcl_special_bhs'] = $parsed_bhs['special'];
+ }
+ }
+ }
+ }
+ break;
case strpos( $key, 'repeater_' ) === 0:
if ( ! empty( $data ) ) {
$repeater_data = $this->parse_repeater_meta_data( $data );
@@ -261,92 +305,140 @@
$meta_data[ $key ] = $data;
}
}
+ } catch ( Exception $e ) {
+ $row_identifier = $row_title ? $row_title : '#' . $row_number;
+ /* translators: 1: Row identifier, 2: Field label, 3: Error message */
+ $errors[] = sprintf(
+ __( 'Row "%1$s": Field "%2$s" - %3$s', 'classified-listing' ),
+ $row_identifier,
+ $field_label,
+ $e->getMessage()
+ );
+ }
+ }
+
+ if ( empty( $postarr ) ) {
+ $row_identifier = $row_title ? $row_title : '#' . $row_number;
+ /* translators: %s: Row identifier */
+ $errors[] = sprintf( __( 'Row "%s": No valid data found to create listing.', 'classified-listing' ), $row_identifier );
+ continue;
}
- if ( ! empty( $postarr ) ) {
- $postarr['post_type'] = rtcl()->post_type;
+ $postarr['post_type'] = rtcl()->post_type;
- if ( ! empty( $author ) && ! empty( $author['post_author_email'] ) ) {
- $user_id = email_exists( $author['post_author_email'] );
- if ( isset( $author['post_author_uname'] ) && ! username_exists( $author['post_author_uname'] ) ) {
- $user_name = $author['post_author_uname'];
+ if ( ! empty( $author ) && ! empty( $author['post_author_email'] ) ) {
+ $user_id = email_exists( $author['post_author_email'] );
+ if ( isset( $author['post_author_uname'] ) && ! username_exists( $author['post_author_uname'] ) ) {
+ $user_name = $author['post_author_uname'];
+ } else {
+ $part_of_email = explode( '@', $author['post_author_email'] );
+ $user_name = username_exists( $part_of_email[0] ) ? $author['post_author_email'] : $part_of_email[0];
+ }
+ if ( ! $user_id ) {
+ $password = wp_generate_password();
+ $new_user_data = apply_filters(
+ 'rtcl_import_new_user_data',
+ [
+ 'user_login' => $user_name,
+ 'user_pass' => $password,
+ 'user_email' => $author['post_author_email'],
+ 'first_name' => $author['post_author_fname'] ?? '',
+ 'last_name' => $author['post_author_lname'] ?? '',
+ 'display_name' => $author['post_author_display_name'] ?? $user_name,
+ 'role' => $author['post_author_role'] ?? get_option( 'default_role', 'subscriber' ),
+ ],
+ );
+ $customer_id = wp_insert_user( $new_user_data );
+ if ( ! is_wp_error( $customer_id ) ) {
+ $user_id = $customer_id;
+ if ( Functions::get_option_item( 'rtcl_email_notifications_settings', 'notify_users', 'user_import', 'multi_checkbox' ) ) {
+ rtcl()->mailer()->emails['User_Import_Email_To_User']->trigger( $user_id, $new_user_data );
+ }
} else {
- $part_of_email = explode( '@', $author['post_author_email'] );
- $user_name = username_exists( $part_of_email[0] ) ? $author['post_author_email'] : $part_of_email[0];
- }
- if ( ! $user_id ) {
- $password = wp_generate_password();
- $new_user_data = apply_filters(
- 'rtcl_import_new_user_data',
- [
- 'user_login' => $user_name,
- 'user_pass' => $password,
- 'user_email' => $author['post_author_email'],
- 'first_name' => $author['post_author_fname'] ?? '',
- 'last_name' => $author['post_author_lname'] ?? '',
- 'display_name' => $author['post_author_display_name'] ?? $user_name,
- 'role' => $author['post_author_role'] ?? get_option( 'default_role', 'subscriber' ),
- ],
+ $row_identifier = $row_title ? $row_title : '#' . $row_number;
+ /* translators: 1: Row identifier, 2: Error message */
+ $errors[] = sprintf(
+ __( 'Row "%1$s": Failed to create user - %2$s', 'classified-listing' ),
+ $row_identifier,
+ $customer_id->get_error_message()
);
- $customer_id = wp_insert_user( $new_user_data );
- if ( ! is_wp_error( $customer_id ) ) {
- $user_id = $customer_id;
- if ( Functions::get_option_item( 'rtcl_email_notifications_settings', 'notify_users', 'user_import', 'multi_checkbox' ) ) {
- rtcl()->mailer()->emails['User_Import_Email_To_User']->trigger( $user_id, $new_user_data );
- }
- } else {
- $user_id = $author['post_author'];
- }
+ $user_id = $author['post_author'];
}
- $postarr['post_author'] = $user_id;
}
+ $postarr['post_author'] = $user_id;
+ }
- $post_id = wp_insert_post( $postarr );
- if ( ! is_wp_error( $post_id ) ) {
- $inserted_posts[] = $post_id;
- if ( ! empty( $meta_data ) ) {
- wp_update_post(
- [
- 'ID' => $post_id,
- 'meta_input' => $meta_data,
- ],
- );
- }
+ $post_id = wp_insert_post( $postarr, true );
+ if ( is_wp_error( $post_id ) ) {
+ $row_identifier = $row_title ? $row_title : '#' . $row_number;
+ /* translators: 1: Row identifier, 2: Error message */
+ $errors[] = sprintf(
+ __( 'Row "%1$s": Failed to create listing - %2$s', 'classified-listing' ),
+ $row_identifier,
+ $post_id->get_error_message()
+ );
+ continue;
+ }
- if ( ! is_wp_error( $cat_id ) && ! empty( $cat_ids ) ) {
- wp_set_object_terms( $post_id, $cat_ids, rtcl()->category );
- }
+ $inserted_posts[] = $post_id;
+ if ( ! empty( $meta_data ) ) {
+ wp_update_post(
+ [
+ 'ID' => $post_id,
+ 'meta_input' => $meta_data,
+ ],
+ );
+ }
- if ( ! is_wp_error( $loc_id ) && ! empty( $loc_ids ) ) {
- wp_set_object_terms( $post_id, $loc_ids, rtcl()->location );
- }
+ if ( ! is_wp_error( $cat_id ) && ! empty( $cat_ids ) ) {
+ wp_set_object_terms( $post_id, $cat_ids, rtcl()->category );
+ }
- if ( ! is_wp_error( $tag_id ) && ! empty( $tag_ids ) ) {
- wp_set_object_terms( $post_id, $tag_ids, rtcl()->tag );
- }
+ if ( ! is_wp_error( $loc_id ) && ! empty( $loc_ids ) ) {
+ wp_set_object_terms( $post_id, $loc_ids, rtcl()->location );
+ }
- if ( ! empty( $attachment_ids ) && is_array( $attachment_ids ) ) {
- $attachment_ids = array_map( 'intval', $attachment_ids );
- $attachment_ids = array_filter( $attachment_ids );
- set_post_thumbnail( $post_id, $attachment_ids[0] );
- foreach ( $attachment_ids as $attachment_id ) {
- wp_update_post(
- [
- 'ID' => $attachment_id,
- 'post_parent' => $post_id,
- ],
- );
- }
- update_post_meta( $post_id, '_rtcl_attachments_order', $attachment_ids );
- }
+ if ( ! is_wp_error( $tag_id ) && ! empty( $tag_ids ) ) {
+ wp_set_object_terms( $post_id, $tag_ids, rtcl()->tag );
+ }
+
+ if ( ! empty( $attachment_ids ) && is_array( $attachment_ids ) ) {
+ $attachment_ids = array_map( 'intval', $attachment_ids );
+ $attachment_ids = array_filter( $attachment_ids );
+ set_post_thumbnail( $post_id, $attachment_ids[0] );
+ foreach ( $attachment_ids as $attachment_id ) {
+ wp_update_post(
+ [
+ 'ID' => $attachment_id,
+ 'post_parent' => $post_id,
+ ],
+ );
}
+ update_post_meta( $post_id, '_rtcl_attachments_order', $attachment_ids );
}
}
- if ( ! empty( $inserted_posts ) ) {
+ $total_rows = $row_number;
+ $success_count = count( $inserted_posts );
+ $error_count = count( $errors );
+
+ if ( $success_count > 0 && $error_count > 0 ) {
+ $return['success'] = true;
+ /* translators: 1: Success count, 2: Total rows, 3: Error count */
+ $return['message'] = sprintf(
+ __( 'Imported %1$d of %2$d listings. %3$d failed.', 'classified-listing' ),
+ $success_count,
+ $total_rows,
+ $error_count
+ );
+ $return['errors'] = $errors;
+ } elseif ( $success_count > 0 ) {
$return['success'] = true;
- /* translators: %s: Number of posts. */
- $return['message'] = sprintf( __( 'Added %d listings.', 'classified-listing' ), count( $inserted_posts ) );
+ /* translators: %d: Number of posts */
+ $return['message'] = sprintf( __( 'Successfully imported %d listings.', 'classified-listing' ), $success_count );
+ } elseif ( $error_count > 0 ) {
+ $return['message'] = __( 'Failed to import any listings.', 'classified-listing' );
+ $return['errors'] = $errors;
}
wp_send_json( $return );
@@ -385,6 +477,131 @@
return $result;
}
+ /**
+ * Parse formatted business hours text back into _rtcl_bhs meta array.
+ *
+ * Expected format:
+ * Status: Active | Type: Selective
+ * Monday: 09:00-17:00, 13:00-14:00
+ * Tuesday: Closed
+ * Special: 2024-12-25 (Once): Closed; 2024-12-31 (Repeat): 09:00-13:00
+ *
+ * Or: Status: Active | Type: Open 24/7
+ *
+ * @param string $data Formatted business hours string.
+ *
+ * @return array
+ */
+ private static function parse_business_hours_import( $data ) {
+ $bhs = [];
+ $lines = preg_split( '/rn|r|n/', trim( $data ) );
+
+ if ( empty( $lines ) ) {
+ return $bhs;
+ }
+
+ $day_map = [
+ 'sunday' => 0,
+ 'monday' => 1,
+ 'tuesday' => 2,
+ 'wednesday' => 3,
+ 'thursday' => 4,
+ 'friday' => 5,
+ 'saturday' => 6,
+ ];
+
+ foreach ( $lines as $line ) {
+ $line = trim( $line );
+ if ( '' === $line ) {
+ continue;
+ }
+
+ // Parse "Status: Active | Type: Selective" line
+ if ( stripos( $line, 'Status:' ) === 0 ) {
+ $bhs['active'] = stripos( $line, 'Active' ) !== false;
+ if ( stripos( $line, 'Selective' ) !== false ) {
+ $bhs['type'] = 'selective';
+ } else {
+ $bhs['type'] = 247;
+ }
+ continue;
+ }
+
+ // Parse "Special: ..." line
+ if ( stripos( $line, 'Special:' ) === 0 ) {
+ $special_str = trim( substr( $line, 8 ) );
+ $entries = array_map( 'trim', explode( ';', $special_str ) );
+ $special = [];
+ foreach ( $entries as $entry ) {
+ if ( preg_match( '/^(d{4}-d{2}-d{2})s*((w+)):s*(.+)$/', $entry, $m ) ) {
+ $sbh = [
+ 'date' => $m[1],
+ 'occur' => strtolower( $m[2] ) === 'once' ? 'once' : 'repeat',
+ ];
+ $hours = trim( $m[3] );
+ if ( strtolower( $hours ) === 'closed' ) {
+ $sbh['open'] = false;
+ } elseif ( strtolower( $hours ) === 'open 24 hours' ) {
+ $sbh['open'] = true;
+ } else {
+ $sbh['open'] = true;
+ $time_parts = array_map( 'trim', explode( ',', $hours ) );
+ $times = [];
+ foreach ( $time_parts as $range ) {
+ $parts = array_map( 'trim', explode( '-', $range, 2 ) );
+ if ( count( $parts ) === 2 && $parts[0] && $parts[1] ) {
+ $times[] = [ 'start' => $parts[0], 'end' => $parts[1] ];
+ }
+ }
+ if ( ! empty( $times ) ) {
+ $sbh['times'] = $times;
+ }
+ }
+ $special[] = $sbh;
+ }
+ }
+ if ( ! empty( $special ) ) {
+ $bhs['special'] = $special;
+ }
+ continue;
+ }
+
+ // Parse day lines like "Monday: 09:00-17:00, 13:00-14:00"
+ if ( preg_match( '/^(w+):s*(.+)$/', $line, $m ) ) {
+ $day_name = strtolower( $m[1] );
+ if ( isset( $day_map[ $day_name ] ) ) {
+ $day_index = $day_map[ $day_name ];
+ $hours = trim( $m[2] );
+
+ if ( ! isset( $bhs['days'] ) ) {
+ $bhs['days'] = [];
+ }
+
+ if ( strtolower( $hours ) === 'closed' ) {
+ $bhs['days'][ $day_index ] = [ 'open' => false ];
+ } elseif ( strtolower( $hours ) === 'open 24 hours' ) {
+ $bhs['days'][ $day_index ] = [ 'open' => true ];
+ } else {
+ $time_parts = array_map( 'trim', explode( ',', $hours ) );
+ $times = [];
+ foreach ( $time_parts as $range ) {
+ $parts = array_map( 'trim', explode( '-', $range, 2 ) );
+ if ( count( $parts ) === 2 && $parts[0] && $parts[1] ) {
+ $times[] = [ 'start' => $parts[0], 'end' => $parts[1] ];
+ }
+ }
+ $bhs['days'][ $day_index ] = [
+ 'open' => true,
+ 'times' => ! empty( $times ) ? $times : [],
+ ];
+ }
+ }
+ }
+ }
+
+ return $bhs;
+ }
+
public function rtcl_import_category() {
if ( ! current_user_can( 'manage_options' ) ) {
wp_send_json(
--- a/classified-listing/app/Controllers/Ajax/ListingAdminAjax.php
+++ b/classified-listing/app/Controllers/Ajax/ListingAdminAjax.php
@@ -17,7 +17,6 @@
[ $this, 'ajax_callback_get_location_for_contact' ]
);
add_action( 'wp_ajax_rtcl_delete_temp_listing', [ $this, 'delete_temp_listing' ] );
- add_action( 'wp_ajax_nopriv_rtcl_delete_temp_listing', [ $this, 'delete_temp_listing' ] );
// Send email to user by moderator
add_action( 'wp_ajax_rtcl_send_email_to_user_by_moderator', [ $this, 'send_email_to_user_by_moderator' ] );
@@ -77,9 +76,9 @@
if ( ! wp_verify_nonce( isset( $_REQUEST[ rtcl()->nonceId ] ) ? $_REQUEST[ rtcl()->nonceId ] : null, rtcl()->nonceText ) ) {
wp_send_json_error( __( 'Session expired.', 'classified-listing' ) );
}
-
- $id = Functions::request( 'id' );
- $post = get_post( $id );
+
+ $id = absint( Functions::request( 'id' ) );
+ $post = $id ? get_post( $id ) : null;
if ( $post === null || rtcl()->post_type !== $post->post_type || $post->post_status != Functions::get_temp_listing_status() ) {
wp_send_json(
[
@@ -88,6 +87,25 @@
]
);
}
+
+ $post_author = (int) $post->post_author;
+ $current_user_id = (int) get_current_user_id();
+ $can_delete = false;
+
+ if ( current_user_can( 'manage_options' ) ) {
+ $can_delete = true;
+ } elseif ( $post_author > 0 && $current_user_id > 0 && $post_author === $current_user_id ) {
+ $can_delete = true;
+ }
+
+ if ( ! $can_delete ) {
+ wp_send_json(
+ [
+ 'result' => 0,
+ 'error' => esc_html__( 'You do not have permission to delete this listing.', 'classified-listing' )
+ ]
+ );
+ }
$param = [
'post_parent' => $id,
--- a/classified-listing/app/Controllers/Ajax/PublicUser.php
+++ b/classified-listing/app/Controllers/Ajax/PublicUser.php
@@ -222,11 +222,12 @@
wp_send_json_error( esc_html__( 'Authentication error!!', 'classified-listing' ) );
}
- if ( ! get_current_user_id() ) {
+ $current_user_id = get_current_user_id();
+ if ( ! $current_user_id ) {
wp_send_json_error( esc_html__( 'You are not authorized to display it.', 'classified-listing' ) );
}
- $order_id = absint( Functions::clean( $_POST['order_id'] ) );
+ $order_id = isset( $_POST['order_id'] ) ? absint( Functions::clean( $_POST['order_id'] ) ) : 0;
if ( ! $order_id ) {
wp_send_json_error( esc_html__( 'Order ID is missing.', 'classified-listing' ) );
@@ -237,6 +238,11 @@
if ( ! $order ) {
wp_send_json_error( esc_html__( 'Order not found.', 'classified-listing' ) );
}
+
+ $order_customer_id = (int) $order->get_customer_id();
+ if ( $order_customer_id !== (int) $current_user_id ) {
+ wp_send_json_error( esc_html__( 'You are not authorized to view this order.', 'classified-listing' ) );
+ }
ob_start();
do_action( 'rtcl_payment_receipt_popup', $order->get_id(), $order );
@@ -851,16 +857,13 @@
),
) : '';
- $data = wp_parse_args(
- [
- 'post_id' => $post_id,
- 'name' => $name,
- 'email' => $email,
- 'phone' => $phone,
- 'message' => $message,
- ],
- $_POST,
- );
+ $data = [
+ 'post_id' => $post_id,
+ 'name' => $name,
+ 'email' => $email,
+ 'phone' => $phone,
+ 'message' => $message,
+ ];
$data = apply_filters( 'rtcl_listing_seller_contact_form_data', $data, $_POST, $_FILES, $error );
@@ -949,13 +952,10 @@
}
$post_id = (int) $_POST['post_id'];
$message = esc_textarea( $_POST['message'] );
- $data = wp_parse_args(
- [
- 'post_id' => $post_id,
- 'message' => $message,
- ],
- $_POST,
- );
+ $data = [
+ 'post_id' => $post_id,
+ 'message' => $message,
+ ];
do_action( 'rtcl_listing_report_abuse_form_validation', $error, $data );
if ( is_wp_error( $error ) && ! empty( $error->errors ) ) {
--- a/classified-listing/app/Controllers/Hooks/TemplateHooks.php
+++ b/classified-listing/app/Controllers/Hooks/TemplateHooks.php
@@ -271,9 +271,9 @@
<path d="M8.65429 17.2954C3.88229 17.2954 0 13.4161 0 8.64769C0 3.87933 3.88229 0 8.65429 0C13.4263 0 17.3086 3.87933 17.3086 8.64769C17.3086 13.4161 13.4263 17.2954 8.65429 17.2954ZM8.65429 1.63937C4.78693 1.63937 1.64062 4.78328 1.64062 8.64769C1.64062 12.5121 4.78693 15.656 8.65429 15.656C12.5216 15.656 15.668 12.5121 15.668 8.64769C15.668 4.78328 12.5216 1.63937 8.65429 1.63937ZM20.7598 20.76C21.0801 20.4398 21.0801 19.9208 20.7598 19.6007L17.0889 15.9326C16.7685 15.6125 16.2491 15.6125 15.9287 15.9326C15.6084 16.2527 15.6084 16.7718 15.9287 17.0919L19.5996 20.76C19.7598 20.92 19.9697 21 20.1797 21C20.3897 21 20.5995 20.92 20.7598 20.76Z" fill="#646464"></path>
</svg></span>
</div>',
- $filed_class,
- $q,
- $placeholder,
+ esc_attr( $filed_class ),
+ esc_attr( $q ),
+ esc_attr( $placeholder ),
esc_html__( 'AI Best Matches', 'classified-listing' ),
);
--- a/classified-listing/app/Helpers/Functions.php
+++ b/classified-listing/app/Helpers/Functions.php
@@ -5770,6 +5770,7 @@
'never_expires' => 'Never Expire', // meta
'expiry_date' => 'Expiry Date', // meta
'_views' => 'Views', // meta
+ '_rtcl_bhs' => 'Business Hours', // meta
'rtcl_listing_status' => 'Status',
];
--- a/classified-listing/app/Models/RtclEmail.php
+++ b/classified-listing/app/Models/RtclEmail.php
@@ -447,7 +447,20 @@
*/
public function set_attachments( $paths = [] ) {
if ( is_array( $paths ) && ! empty( $paths ) ) {
- $this->attachments = $paths;
+ $upload_dir = wp_upload_dir();
+ $upload_base = realpath( $upload_dir['basedir'] );
+ $safe_paths = [];
+ foreach ( $paths as $path ) {
+ if ( ! is_string( $path ) || '' === $path ) {
+ continue;
+ }
+ $real = realpath( $path );
+ // Only allow files that exist within the WordPress uploads directory.
+ if ( $real && $upload_base && 0 === strpos( $real, $upload_base . DIRECTORY_SEPARATOR ) && is_file( $real ) ) {
+ $safe_paths[] = $real;
+ }
+ }
+ $this->attachments = $safe_paths;
}
return $this;
--- a/classified-listing/app/Resources/Options.php
+++ b/classified-listing/app/Resources/Options.php
@@ -442,6 +442,7 @@
'twitter' => __( 'Twitter', 'classified-listing' ),
'linkedin' => __( 'LinkedIn', 'classified-listing' ),
'pinterest' => __( 'Pinterest', 'classified-listing' ),
+ 'vk' => __( 'VK', 'classified-listing' ),
'whatsapp' => __( 'WhatsApp (Only at mobile)', 'classified-listing' ),
'telegram' => __( 'Telegram (Only at mobile)', 'classified-listing' ),
],
@@ -515,12 +516,12 @@
'type' => 'select',
'default' => 'desc',
'options' => [
- 'name' => __( 'Name', 'classified-listing' ),
- 'id' => __( 'Id', 'classified-listing' ),
- 'count' => __( 'Count', 'classified-listing' ),
- 'slug' => __( 'Slug', 'classified-listing' ),
+ 'name' => __( 'Name', 'classified-listing' ),
+ 'id' => __( 'Id', 'classified-listing' ),
+ 'count' => __( 'Count', 'classified-listing' ),
+ 'slug' => __( 'Slug', 'classified-listing' ),
'_rtcl_order' => __( 'Custom Order', 'classified-listing' ),
- 'none' => __( 'None', 'classified-listing' ),
+ 'none' => __( 'None', 'classified-listing' ),
],
],
'taxonomy_order' => [
@@ -5151,6 +5152,7 @@
'pinterest' => esc_html__( 'Pinterest', 'classified-listing' ),
'whatsapp' => esc_html__( 'WhatsApp (Only at mobile)', 'classified-listing' ),
'telegram' => esc_html__( 'Telegram (Only at mobile)', 'classified-listing' ),
+ 'vk' => esc_html__( 'VK', 'classified-listing' ),
];
return apply_filters( 'rtcl_social_services_options', $options );
--- a/classified-listing/app/Services/FormBuilder/FBField.php
+++ b/classified-listing/app/Services/FormBuilder/FBField.php
@@ -30,25 +30,25 @@
protected $_logics;
public function __construct( array $field ) {
- $this->_field = $field;
- $this->_element = !empty( $field['element'] ) ? $field['element'] : '';
- $this->_uuid = !empty( $field['uuid'] ) ? $field['uuid'] : '';
- $this->_icon = !empty( $field['icon'] ) ? $field['icon'] : '';
- $this->_options = !empty( $field['options'] ) ? $field['options'] : '';
- $this->_is_custom = empty( $field['preset'] );
- $this->_name = !empty( $field['name'] ) ? $field['name'] : '';
- $this->_value = !empty( $field['value'] ) ? $field['value'] : '';
- $this->_label = !empty( $field['label'] ) ? $field['label'] : '';
- $this->_isFilterable = !empty( $field['filterable'] );
- $this->_isSingleViewAble = !empty( $field['single_view'] );
- $this->_isArchiveViewAble = !empty( $field['archive_view'] );
- $this->_logics = !empty( $field['logics'] ) ? $field['logics'] : '';
+ $this->_field = $field;
+ $this->_element = ! empty( $field['element'] ) ? $field['element'] : '';
+ $this->_uuid = ! empty( $field['uuid'] ) ? $field['uuid'] : '';
+ $this->_icon = ! empty( $field['icon'] ) ? $field['icon'] : '';
+ $this->_options = ! empty( $field['options'] ) ? $field['options'] : '';
+ $this->_is_custom = empty( $field['preset'] );
+ $this->_name = ! empty( $field['name'] ) ? $field['name'] : '';
+ $this->_value = ! empty( $field['value'] ) ? $field['value'] : '';
+ $this->_label = ! empty( $field['label'] ) ? $field['label'] : '';
+ $this->_isFilterable = ! empty( $field['filterable'] );
+ $this->_isSingleViewAble = ! empty( $field['single_view'] );
+ $this->_isArchiveViewAble = ! empty( $field['archive_view'] );
+ $this->_logics = ! empty( $field['logics'] ) ? $field['logics'] : '';
}
public function getField() {
return $this->_field;
}
-
+
public function getLogics() {
return $this->_logics;
}
@@ -72,9 +72,9 @@
*/
public function getIconHtml() {
$iconHtml = '';
- $icon = $this->getIconData();
- if ( !empty( $icon ) ) {
- if ( !empty( $icon['type'] ) && 'class' === $icon['type'] && !empty( $icon['class'] ) ) {
+ $icon = $this->getIconData();
+ if ( ! empty( $icon ) ) {
+ if ( ! empty( $icon['type'] ) && 'class' === $icon['type'] && ! empty( $icon['class'] ) ) {
$iconHtml .= sprintf( '<div class="rtcl-field-icon"><i class="%s"></i></div>', esc_attr( $icon['class'] ) );
}
}
@@ -95,7 +95,7 @@
* @return mixed|array
*/
public function getData( $key, $default = null ) {
- return $this->_field[$key] ?? $default;
+ return $this->_field[ $key ] ?? $default;
}
/**
@@ -132,14 +132,14 @@
* @return bool
*/
public function getNofollow() {
- return !empty( $field['nofollow'] );
+ return ! empty( $field['nofollow'] );
}
/**
* @return mixed
*/
public function getTarget() {
- return !empty( $field['target'] ) ? $field['target'] : '';
+ return ! empty( $field['target'] ) ? $field['target'] : '';
}
/**
@@ -147,22 +147,22 @@
*/
public function getDefaultValue() {
if ( $this->_element == 'checkbox' ) {
- return !empty( $this->_value ) && is_array( $this->_value ) ? array_map( 'trim', $this->_value ) : [];
+ return ! empty( $this->_value ) && is_array( $this->_value ) ? array_map( 'trim', $this->_value ) : [];
} else {
- return !empty( $this->_value ) ? trim( $this->_value ) : null;
+ return ! empty( $this->_value ) ? trim( $this->_value ) : null;
}
}
/**
- * @param integer $listing_id
+ * @param integer $listing_id
*
* @return array|mixed
*/
public function getValue( $listing_id ) {
$element = $this->getElement();
$metaKey = $this->getMetaKey();
- if ( !Functions::meta_exist( $listing_id, $this->getMetaKey() ) && 'date' != $element ) {
+ if ( ! Functions::meta_exist( $listing_id, $this->getMetaKey() ) && 'date' != $element ) {
$value = $this->getDefaultValue();
} else {
if ( 'checkbox' == $element ) {
@@ -170,19 +170,19 @@
} elseif ( 'url' == $this->getElement() ) {
$value = get_post_meta( $listing_id, $this->getMetaKey(), true );
} elseif ( 'date' == $element ) {
- $dateType = $this->getData( 'date_type', 'single' );
+ $dateType = $this->getData( 'date_type', 'single' );
$dateFormat = $this->getData( 'date_format', 'Y-d-m H:i' );
if ( 'range' === $dateType ) {
$value = [
'start' => get_post_meta( $listing_id, $metaKey . '_start', true ),
- 'end' => get_post_meta( $listing_id, $metaKey . '_end', true )
+ 'end' => get_post_meta( $listing_id, $metaKey . '_end', true ),
];
- $value['start'] = !empty( $value['start'] ) ? gmdate( $dateFormat, strtotime( $value['start'] ) ) : null;
- $value['end'] = !empty( $value['end'] ) ? gmdate( $dateFormat, strtotime( $value['end'] ) ) : null;
+ $value['start'] = ! empty( $value['start'] ) ? gmdate( $dateFormat, strtotime( $value['start'] ) ) : null;
+ $value['end'] = ! empty( $value['end'] ) ? gmdate( $dateFormat, strtotime( $value['end'] ) ) : null;
} else {
$value = get_post_meta( $listing_id, $metaKey, true );
- $value = !empty( $value ) ? gmdate( $dateFormat, strtotime( $value ) ) : '';
+ $value = ! empty( $value ) ? gmdate( $dateFormat, strtotime( $value ) ) : '';
}
} elseif ( 'file' == $element ) {
$value = FBHelper::getFieldAttachmentFiles( $listing_id, $this->_field );
@@ -199,19 +199,18 @@
}
/**
- * @param int $listing_id Listing id
+ * @param int $listing_id Listing id
*
* @return array|mixed|string|null
*/
public function getFormattedCustomFieldValue( int $listing_id ) {
-
$value = $this->getValue( $listing_id );
if ( 'url' == $this->getElement() && filter_var( $value, FILTER_VALIDATE_URL ) ) {
$value = esc_url( $value );
} elseif ( 'date' == $this->getElement() ) {
if ( 'range' === $this->getDateType() ) {
- $start = !empty( $value['start'] ) ? $value['start'] : null;
- $end = !empty( $value['end'] ) ? $value['end'] : null;
+ $start = ! empty( $value['start'] ) ? $value['start'] : null;
+ $end = ! empty( $value['end'] ) ? $value['end'] : null;
$value = $end ? $start . " - " . $end : $start;
}
}
@@ -273,12 +272,12 @@
public function getDateFieldOptions( $data = [] ) {
- $dateType = $this->getData( 'date_type', 'single' );
+ $dateType = $this->getData( 'date_type', 'single' );
$dateFormat = $this->getData( 'date_format', 'Y-d-m H:i' );
$js_options = Options::get_date_js_format_placeholder();
- $find = array_keys( $js_options );
- $replace = array_values( $js_options );
- $format = str_replace( $find, $replace, $dateFormat );
+ $find = array_keys( $js_options );
+ $replace = array_values( $js_options );
+ $format = str_replace( $find, $replace, $dateFormat );
$options = wp_parse_args( $data, [
'singleDatePicker' => $dateType === 'single',
@@ -286,147 +285,143 @@
'timePicker' => false !== strpos( $dateFormat, 'h:i A' ) || false !== strpos( $dateFormat, 'H:i' ),
'timePicker24Hour' => false !== strpos( $dateFormat, 'H:i' ),
'locale' => [
- 'format' => $format
- ]
+ 'format' => $format,
+ ],
] );
return apply_filters( 'rtcl_custom_field_date_options', $options, $this );
}
/**
- * @param array $catIds Current category
- * @param array $data All from data fields
+ * @param array $catIds Current category
+ * @param array $data All from data fields
*
* @return boolean
*/
public function isValidCategoryCondition( $catIds, array &$data ) {
- $catIds = is_array( $catIds ) ? $catIds : [ $catIds ];
- $presetFields = !empty( $data[FBField::PRESET] ) ? $data[FBField::PRESET] : [];
+ $catIds = is_array( $catIds ) ? $catIds : [ $catIds ];
+ $presetFields = ! empty( $data[ FBField::PRESET ] ) ? $data[ FBField::PRESET ] : [];
// check is validate for section condition
- $sections = !empty( $data[FBField::SECTIONS] ) ? $data[FBField::SECTIONS] : [];
- if ( !empty( $sections ) ) {
+ $sections = ! empty( $data[ FBField::SECTIONS ] ) ? $data[ FBField::SECTIONS ] : [];
+ if ( ! empty( $sections ) ) {
foreach ( $sections as $sectionIndex => $section ) {
-
if ( empty( $section['logics']['status'] ) || empty( $section['logics']['conditions'] ) ) {
continue;
}
// Casing loop
- if ( isset( $data[FBField::SECTIONS][$sectionIndex]['fieldsIds'] ) ) {
- $fieldsIds = $data[FBField::SECTIONS][$sectionIndex]['fieldsIds'];
+ if ( isset( $data[ FBField::SECTIONS ][ $sectionIndex ]['fieldsIds'] ) ) {
+ $fieldsIds = $data[ FBField::SECTIONS ][ $sectionIndex ]['fieldsIds'];
} else {
$fieldsIds = [];
- if ( !empty( $section['columns'] ) ) {
+ if ( ! empty( $section['columns'] ) ) {
foreach ( $section['columns'] as $column ) {
- if ( !empty( $column['fields'] ) && is_array( $column['fields'] ) ) {
+ if ( ! empty( $column['fields'] ) && is_array( $column['fields'] ) ) {
$fieldsIds = array_merge( $fieldsIds, $column['fields'] );
}
}
}
- $data[FBField::SECTIONS][$sectionIndex]['fieldsIds'] = $fieldsIds;
+ $data[ FBField::SECTIONS ][ $sectionIndex ]['fieldsIds'] = $fieldsIds;
}
- if ( !in_array( $this->_uuid, $fieldsIds ) ) {
+ if ( ! in_array( $this->_uuid, $fieldsIds ) ) {
continue;
}
// Casing loop
- if ( isset( $data[FBField::SECTIONS][$sectionIndex]['catValidation'] ) ) {
- if ( $data[FBField::SECTIONS][$sectionIndex]['catValidation'] === true ) {
+ if ( isset( $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] ) ) {
+ if ( $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] === true ) {
continue;
}
- if ( $data[FBField::SECTIONS][$sectionIndex]['catValidation'] === false ) {
+ if ( $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] === false ) {
return false;
}
-
}
- $relation = !empty( $section['logics']['relation'] ) && $section['logics']['relation'] === 'and' ? 'and' : 'or';
- $validate = [];
+ $relation = ! empty( $section['logics']['relation'] ) && $section['logics']['relation'] === 'and' ? 'and' : 'or';
+ $validate = [];
$cacheCats = [];
foreach ( $section['logics']['conditions'] as $condition ) {
- if ( empty( $condition['fieldId'] ) || empty( $condition['operator'] ) || empty( $presetFields[$condition['fieldId']] ) || 'category' !== $presetFields[$condition['fieldId']]['element'] ) {
+ if ( empty( $condition['fieldId'] ) || empty( $condition['operator'] ) || empty( $presetFields[ $condition['fieldId'] ] ) || 'category' !== $presetFields[ $condition['fieldId'] ]['element'] ) {
continue;
}
- $value = absint( $condition['value'] );
+ $value = absint( $condition['value'] );
$_catIds = [];
if ( $value ) {
- if ( !isset( $cacheCats[$value] ) ) {
- $childTerms = get_term_children( $value, rtcl()->category );
- $_catIds = !is_wp_error( $childTerms ) ? $childTerms : [];
- $_catIds[] = $value;
- $cacheCats[$value] = $_catIds;
+ if ( ! isset( $cacheCats[ $value ] ) ) {
+ $childTerms = get_term_children( $value, rtcl()->category );
+ $_catIds = ! is_wp_error( $childTerms ) ? $childTerms : [];
+ $_catIds[] = $value;
+ $cacheCats[ $value ] = $_catIds;
} else {
- $_catIds = $cacheCats[$value];
+ $_catIds = $cacheCats[ $value ];
}
}
if ( $condition['operator'] === 'empty' ) {
$validate[] = empty( $catIds );
- } else if ( $condition['operator'] === 'notEmpty' ) {
- $validate[] = !empty( $catIds );
- } else if ( in_array( $condition['operator'], [ 'contains', '=' ] ) ) {
- $common = array_intersect( $catIds, $_catIds );
+ } elseif ( $condition['operator'] === 'notEmpty' ) {
+ $validate[] = ! empty( $catIds );
+ } elseif ( in_array( $condition['operator'], [ 'contains', '=' ] ) ) {
+ $common = array_intersect( $catIds, $_catIds );
$validate[] = empty( $value ) || count( $common ) > 0;
- } else if ( in_array( $condition['operator'], [ 'doNotContains', '!=' ] ) ) {
- $common = array_intersect( $catIds, $_catIds );
+ } elseif ( in_array( $condition['operator'], [ 'doNotContains', '!=' ] ) ) {
+ $common = array_intersect( $catIds, $_catIds );
$validate[] = empty( $value ) || empty( $catIds ) || count( $common ) == 0;
}
}
if ( empty( $validate ) ) {
- $data[FBField::SECTIONS][$sectionIndex]['catValidation'] = true;
+ $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] = true;
continue;
}
if ( $relation === 'and' && in_array( false, $validate, true ) ) {
- $data[FBField::SECTIONS][$sectionIndex]['catValidation'] = false;
+ $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] = false;
return false;
}
- if ( $relation === 'or' && !in_array( true, $validate, true ) ) {
- $data[FBField::SECTIONS][$sectionIndex]['catValidation'] = false;
+ if ( $relation === 'or' && ! in_array( true, $validate, true ) ) {
+ $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] = false;
return false;
}
- $data[FBField::SECTIONS][$sectionIndex]['catValidation'] = true;
+ $data[ FBField::SECTIONS ][ $sectionIndex ]['catValidation'] = true;
}
}
- if ( !empty( $this->_logics['status'] ) && !empty( $this->_logics['conditions'] ) ) {
- $relation = !empty( $this->_logics['relation'] ) && $this->_logics['relation'] === 'and' ? 'and' : 'or';
- $validate = [];
+ if ( ! empty( $this->_logics['status'] ) && ! empty( $this->_logics['conditions'] ) ) {
+ $relation = ! empty( $this->_logics['relation'] ) && $this->_logics['relation'] === 'and' ? 'and' : 'or';
+ $validate = [];
$cacheCats = [];
foreach ( $this->_logics['conditions'] as $condition ) {
-
- if ( empty( $condition['fieldId'] ) || empty( $condition['operator'] ) || empty( $presetFields[$condition['fieldId']] ) || 'category' !== $presetFields[$condition['fieldId']]['element'] ) {
+ if ( empty( $condition['fieldId'] ) || empty( $condition['operator'] ) || empty( $presetFields[ $condition['fieldId'] ] ) || 'category' !== $presetFields[ $condition['fieldId'] ]['element'] ) {
continue;
}
- $value = absint( $condition['value'] );
+ $value = absint( $condition['value'] );
$_catIds = [];
if ( $value ) {
- if ( !isset( $cacheCats[$value] ) ) {
- $childTerms = get_term_children( $value, rtcl()->category );
- $_catIds = !is_wp_error( $childTerms ) ? $childTerms : [];
- $_catIds[] = $value;
- $cacheCats[$value] = $_catIds;
+ if ( ! isset( $cacheCats[ $value ] ) ) {
+ $childTerms = get_term_children( $value, rtcl()->category );
+ $_catIds = ! is_wp_error( $childTerms ) ? $childTerms : [];
+ $_catIds[] = $value;
+ $cacheCats[ $value ] = $_catIds;
} else {
- $_catIds = $cacheCats[$value];
+ $_catIds = $cacheCats[ $value ];
}
}
if ( $condition['operator'] === 'empty' ) {
$validate[] = empty( $catIds );
- } else if ( $condition['operator'] === 'notEmpty' ) {
- $validate[] = !empty( $catIds );
- } else if ( in_array( $condition['operator'], [ 'contains', '=' ] ) ) {
- $common = array_intersect( $catIds, $_catIds );
+ } elseif ( $condition['operator'] === 'notEmpty' ) {
+ $validate[] = ! empty( $catIds );
+ } elseif ( in_array( $condition['operator'], [ 'contains', '=' ] ) ) {
+ $common = array_intersect( $catIds, $_catIds );
$validate[] = empty( $value ) || count( $common ) > 0;
- } else if ( in_array( $condition['operator'], [ 'doNotContains', '!=' ] ) ) {
- $common = array_intersect( $catIds, $_catIds );
+ } elseif ( in_array( $condition['operator'], [ 'doNotContains', '!=' ] ) ) {
+ $common = array_intersect( $catIds, $_catIds );
$validate[] = empty( $value ) || empty( $catIds ) || count( $common ) == 0;
}
-
}
if ( empty( $validate ) ) {
@@ -434,7 +429,7 @@
}
if ( $relation === 'and' ) {
- return !in_array( false, $validate, true );
+ return ! in_array( false, $validate, true );
} else {
return in_array( true, $validate, true );
}
@@ -452,9 +447,23 @@
}
/**
- * @param array $slField
+ * @param array $slField
*/
public function setSlField( array $slField ): void {
$this->_slField = $slField;
}
+
+ public function getOptionLabel( $value, $options = [] ) {
+ if ( empty( $options ) || empty( $value ) ) {
+ return null;
+ }
+
+ foreach ( $options as $option ) {
+ if ( isset( $option['value'] ) && $option['value'] === $value ) {
+ return $option['label'] ?? null;
+ }
+ }
+
+ return $value;
+ }
}
No newline at end of file
--- a/classified-listing/app/Traits/Functions/UtilityTrait.php
+++ b/classified-listing/app/Traits/Functions/UtilityTrait.php
@@ -700,6 +700,22 @@
}
/**
+ * Get listing ad type HTML class.
+ *
+ * @param Listing $listing Listing object.
+ *
+ * @return array
+ */
+ static function get_listing_ad_type_class( $listing ) {
+ $classes = [];
+ if ( $listing && ( $ad_type = $listing->get_ad_type() ) ) {
+ $classes[] = sanitize_html_class( 'rtcl_ad_type-' . $ad_type );
+ }
+
+ return $classes;
+ }
+
+ /**
* Retrieves the classes for the post div as an array.
*
* @param string|array $class One or more classes to add to the class list.
@@ -743,6 +759,7 @@
$listing->get_label_class(),
self::get_listing_taxonomy_class( $listing->get_category_ids(), rtcl()->category ),
self::get_listing_taxonomy_class( $listing->get_location_ids(), rtcl()->location ),
+ self::get_listing_ad_type_class( $listing ),
is_array( $extra_class ) ? $extra_class : [],
);
--- a/classified-listing/assets/block/main.asset.php
+++ b/classified-listing/assets/block/main.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('jquery', 'react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-i18n'), 'version' => '8a75787fed691ab8cc9d');
+<?php return array('dependencies' => array('jquery', 'react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-i18n'), 'version' => 'a7660fa4b00fa53e9866');
--- a/classified-listing/classified-listing.php
+++ b/classified-listing/classified-listing.php
@@ -4,7 +4,7 @@
* Plugin Name: Classified Listing – AI-Powered Classified ads & Business Directory Plugin
* Plugin URI: https://radiustheme.com/demo/wordpress/classified
* Description: The Best Classified Listing and Business Directory Plugin for WordPress to create Classified ads website, job directory, local business directory and service directory.
- * Version: 5.3.8
+ * Version: 5.3.9
* Requires at least: 6.7
* Requires PHP: 7.4
* Author: Business Directory Team by RadiusTheme
@@ -18,7 +18,7 @@
defined( 'ABSPATH' ) || die( 'Keep Silent' );
-define( 'RTCL_VERSION', '5.3.8' );
+define( 'RTCL_VERSION', '5.3.9' );
define( 'RTCL_PLUGIN_FILE', __FILE__ );
define( 'RTCL_PATH', plugin_dir_path( RTCL_PLUGIN_FILE ) );
define( 'RTCL_URL', plugins_url( '', RTCL_PLUGIN_FILE ) );
--- a/classified-listing/templates/listing/social-share.php
+++ b/classified-listing/templates/listing/social-share.php
@@ -32,3 +32,7 @@
<?php if ( in_array( 'telegram', $misc_settings['social_services'] ) ): ?>
<a class="telegram" href="https://telegram.me/share/url?text=<?php echo esc_attr($title); ?>&url=<?php echo esc_url($url); ?>" target="_blank" rel="nofollow" aria-label="Share on Telegram"><i class="rtcl-icon rtcl-icon-telegram"></i></a>
<?php endif; ?>
+
+<?php if ( in_array( 'vk', $misc_settings['social_services'] ) ): ?>
+ <a class="vk" href="https://vk.com/share.php?url=<?php echo esc_url($url); ?>&title=<?php echo esc_attr($title); ?>" target="_blank" rel="nofollow" aria-label="Share on VK"><span class="rtcl-icon rtcl-icon-vkontakte"></span></a>
+<?php endif; ?>
