diff options
author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 18:32:31 +0100 |
---|---|---|
committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 18:32:31 +0100 |
commit | 6c86c2b2d75ac4f989826275f4a63294bdc2fd17 (patch) | |
tree | 94b40dd6efd841fb1f77fde6d8d28627924d784a /includes/admin/views/giglog_admin_page.php | |
parent | b4f6d9c766021c4b3285bdef97d29c25d5ed60fa (diff) | |
download | gigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.tar.gz gigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.tar.bz2 gigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.zip |
Move update edit concert form code to class.
Also ensure that nonce checking is performed before both adding and
editing concerts, and escape concert data before outputing it in the
form.
Diffstat (limited to 'includes/admin/views/giglog_admin_page.php')
-rw-r--r-- | includes/admin/views/giglog_admin_page.php | 52 |
1 files changed, 3 insertions, 49 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index 6ce3cc8..a2682a1 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -77,57 +77,11 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { return; } - if (isset($_POST['newconcert'])) { - if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) { - echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>'; - } - else { - if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) { - echo '<script language="javascript">alert("Yey, concert created"); </script>'; - } - else { - echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>'; - } - } - } - - if (isset($_POST['editconcert'])) - { - if (!isset($_POST['giglog_edit_concert_nonce']) - || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ ))) - { - header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); - wp_die('CSRF validation failed.', 403); - } - - $roles = array_reduce( - ['photo1', 'photo1', 'rev1', 'rev2'], - function($roles, $r) { - if (isset($_POST[$r])) { - $roles[$r] = sanitize_user($_POST[$r]); - } - return $roles; - }, - [] - ); - - $attributes = [ - 'wpgconcert_name' => sanitize_text_field($_POST['cname']), - 'venue' => intval($_POST['selectvenueadmin']), - 'wpgconcert_date' => sanitize_text_field($_POST['cdate']), - 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']), - 'wpgconcert_event' => esc_url_raw($_POST['eventurl']), - 'wpgconcert_roles' => $roles, - ]; - - $concert = GiglogAdmin_Concert::get(intval($_POST['pid'])); - if ($concert && $concert->update((object) $attributes)) { - // let user know the concert was updated. - // Look into admin_notices - } + if (isset($_POST['newconcert']) || isset($_POST['editconcert'])) { + GiglogAdmin_EditConcertForm::update(); + return; } - if(isset($_POST['newvenue'])) { if (!isset($_POST['giglog_new_venue_nonce']) |