Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/elemento.../includes
File: user.php
<?php
[0] Fix | Delete
namespace Elementor;
[1] Fix | Delete
[2] Fix | Delete
use Elementor\Core\Common\Modules\Ajax\Module as Ajax;
[3] Fix | Delete
[4] Fix | Delete
if ( ! defined( 'ABSPATH' ) ) {
[5] Fix | Delete
exit; // Exit if accessed directly.
[6] Fix | Delete
}
[7] Fix | Delete
[8] Fix | Delete
/**
[9] Fix | Delete
* Elementor user.
[10] Fix | Delete
*
[11] Fix | Delete
* Elementor user handler class is responsible for checking if the user can edit
[12] Fix | Delete
* with Elementor and displaying different admin notices.
[13] Fix | Delete
*
[14] Fix | Delete
* @since 1.0.0
[15] Fix | Delete
*/
[16] Fix | Delete
class User {
[17] Fix | Delete
[18] Fix | Delete
/**
[19] Fix | Delete
* Holds the admin notices key.
[20] Fix | Delete
*
[21] Fix | Delete
* @var string Admin notices key.
[22] Fix | Delete
*/
[23] Fix | Delete
const ADMIN_NOTICES_KEY = 'elementor_admin_notices';
[24] Fix | Delete
[25] Fix | Delete
/**
[26] Fix | Delete
* Holds the editor introduction screen key.
[27] Fix | Delete
*
[28] Fix | Delete
* @var string Introduction key.
[29] Fix | Delete
*/
[30] Fix | Delete
const INTRODUCTION_KEY = 'elementor_introduction';
[31] Fix | Delete
[32] Fix | Delete
/**
[33] Fix | Delete
* Holds the beta tester key.
[34] Fix | Delete
*
[35] Fix | Delete
* @var string Beta tester key.
[36] Fix | Delete
*/
[37] Fix | Delete
const BETA_TESTER_META_KEY = 'elementor_beta_tester';
[38] Fix | Delete
[39] Fix | Delete
/**
[40] Fix | Delete
* Holds the URL of the Beta Tester Opt-in API.
[41] Fix | Delete
*
[42] Fix | Delete
* @since 1.0.0
[43] Fix | Delete
*
[44] Fix | Delete
* @var string API URL.
[45] Fix | Delete
*/
[46] Fix | Delete
const BETA_TESTER_API_URL = 'https://my.elementor.com/api/v1/beta_tester/';
[47] Fix | Delete
[48] Fix | Delete
/**
[49] Fix | Delete
* Holds the dismissed editor notices key.
[50] Fix | Delete
*
[51] Fix | Delete
* @since 3.19.0
[52] Fix | Delete
*
[53] Fix | Delete
* @var string Editor notices key.
[54] Fix | Delete
*/
[55] Fix | Delete
const DISMISSED_EDITOR_NOTICES_KEY = 'elementor_dismissed_editor_notices';
[56] Fix | Delete
[57] Fix | Delete
/**
[58] Fix | Delete
* Init.
[59] Fix | Delete
*
[60] Fix | Delete
* Initialize Elementor user.
[61] Fix | Delete
*
[62] Fix | Delete
* @since 1.0.0
[63] Fix | Delete
* @access public
[64] Fix | Delete
* @static
[65] Fix | Delete
*/
[66] Fix | Delete
public static function init() {
[67] Fix | Delete
add_action( 'wp_ajax_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
[68] Fix | Delete
add_action( 'admin_post_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
[69] Fix | Delete
[70] Fix | Delete
add_action( 'elementor/ajax/register_actions', [ __CLASS__, 'register_ajax_actions' ] );
[71] Fix | Delete
}
[72] Fix | Delete
[73] Fix | Delete
/**
[74] Fix | Delete
* @param Ajax $ajax
[75] Fix | Delete
* @since 2.1.0
[76] Fix | Delete
* @access public
[77] Fix | Delete
* @static
[78] Fix | Delete
*/
[79] Fix | Delete
public static function register_ajax_actions( Ajax $ajax ) {
[80] Fix | Delete
$ajax->register_ajax_action( 'introduction_viewed', [ __CLASS__, 'set_introduction_viewed' ] );
[81] Fix | Delete
$ajax->register_ajax_action( 'beta_tester_signup', [ __CLASS__, 'register_as_beta_tester' ] );
[82] Fix | Delete
$ajax->register_ajax_action( 'dismissed_editor_notices', [ __CLASS__, 'set_dismissed_editor_notices' ] );
[83] Fix | Delete
}
[84] Fix | Delete
[85] Fix | Delete
/**
[86] Fix | Delete
* Is current user can edit.
[87] Fix | Delete
*
[88] Fix | Delete
* Whether the current user can edit the post.
[89] Fix | Delete
*
[90] Fix | Delete
* @since 1.0.0
[91] Fix | Delete
* @access public
[92] Fix | Delete
* @static
[93] Fix | Delete
*
[94] Fix | Delete
* @param int $post_id Optional. The post ID. Default is `0`.
[95] Fix | Delete
*
[96] Fix | Delete
* @return bool Whether the current user can edit the post.
[97] Fix | Delete
*/
[98] Fix | Delete
public static function is_current_user_can_edit( $post_id = 0 ) {
[99] Fix | Delete
$post = get_post( $post_id );
[100] Fix | Delete
[101] Fix | Delete
if ( ! $post ) {
[102] Fix | Delete
return false;
[103] Fix | Delete
}
[104] Fix | Delete
[105] Fix | Delete
if ( 'trash' === get_post_status( $post->ID ) ) {
[106] Fix | Delete
return false;
[107] Fix | Delete
}
[108] Fix | Delete
[109] Fix | Delete
if ( ! self::is_current_user_can_edit_post_type( $post->post_type ) ) {
[110] Fix | Delete
return false;
[111] Fix | Delete
}
[112] Fix | Delete
[113] Fix | Delete
$post_type_object = get_post_type_object( $post->post_type );
[114] Fix | Delete
[115] Fix | Delete
if ( ! isset( $post_type_object->cap->edit_post ) ) {
[116] Fix | Delete
return false;
[117] Fix | Delete
}
[118] Fix | Delete
[119] Fix | Delete
$edit_cap = $post_type_object->cap->edit_post;
[120] Fix | Delete
if ( ! current_user_can( $edit_cap, $post->ID ) ) {
[121] Fix | Delete
return false;
[122] Fix | Delete
}
[123] Fix | Delete
[124] Fix | Delete
if ( intval( get_option( 'page_for_posts' ) ) === $post->ID ) {
[125] Fix | Delete
return false;
[126] Fix | Delete
}
[127] Fix | Delete
[128] Fix | Delete
return true;
[129] Fix | Delete
}
[130] Fix | Delete
[131] Fix | Delete
/**
[132] Fix | Delete
* Is current user can access elementor.
[133] Fix | Delete
*
[134] Fix | Delete
* Whether the current user role is not excluded by Elementor Settings.
[135] Fix | Delete
*
[136] Fix | Delete
* @since 2.1.7
[137] Fix | Delete
* @access public
[138] Fix | Delete
* @static
[139] Fix | Delete
*
[140] Fix | Delete
* @return bool True if can access, False otherwise.
[141] Fix | Delete
*/
[142] Fix | Delete
public static function is_current_user_in_editing_black_list() {
[143] Fix | Delete
$user = wp_get_current_user();
[144] Fix | Delete
$exclude_roles = get_option( 'elementor_exclude_user_roles', [] );
[145] Fix | Delete
[146] Fix | Delete
$compare_roles = array_intersect( $user->roles, $exclude_roles );
[147] Fix | Delete
if ( ! empty( $compare_roles ) ) {
[148] Fix | Delete
return false;
[149] Fix | Delete
}
[150] Fix | Delete
[151] Fix | Delete
return true;
[152] Fix | Delete
}
[153] Fix | Delete
[154] Fix | Delete
/**
[155] Fix | Delete
* Is current user can edit post type.
[156] Fix | Delete
*
[157] Fix | Delete
* Whether the current user can edit the given post type.
[158] Fix | Delete
*
[159] Fix | Delete
* @since 1.9.0
[160] Fix | Delete
* @access public
[161] Fix | Delete
* @static
[162] Fix | Delete
*
[163] Fix | Delete
* @param string $post_type the post type slug to check.
[164] Fix | Delete
*
[165] Fix | Delete
* @return bool True if can edit, False otherwise.
[166] Fix | Delete
*/
[167] Fix | Delete
public static function is_current_user_can_edit_post_type( $post_type ) {
[168] Fix | Delete
if ( ! self::is_current_user_in_editing_black_list() ) {
[169] Fix | Delete
return false;
[170] Fix | Delete
}
[171] Fix | Delete
[172] Fix | Delete
if ( ! Utils::is_post_type_support( $post_type ) ) {
[173] Fix | Delete
return false;
[174] Fix | Delete
}
[175] Fix | Delete
[176] Fix | Delete
$post_type_object = get_post_type_object( $post_type );
[177] Fix | Delete
[178] Fix | Delete
if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) {
[179] Fix | Delete
return false;
[180] Fix | Delete
}
[181] Fix | Delete
[182] Fix | Delete
return true;
[183] Fix | Delete
}
[184] Fix | Delete
[185] Fix | Delete
/**
[186] Fix | Delete
* Get user notices.
[187] Fix | Delete
*
[188] Fix | Delete
* Retrieve the list of notices for the current user.
[189] Fix | Delete
*
[190] Fix | Delete
* @since 2.0.0
[191] Fix | Delete
* @access public
[192] Fix | Delete
* @static
[193] Fix | Delete
*
[194] Fix | Delete
* @return array A list of user notices.
[195] Fix | Delete
*/
[196] Fix | Delete
public static function get_user_notices() {
[197] Fix | Delete
$notices = get_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, true );
[198] Fix | Delete
return is_array( $notices ) ? $notices : [];
[199] Fix | Delete
}
[200] Fix | Delete
[201] Fix | Delete
/**
[202] Fix | Delete
* Is admin notice viewed.
[203] Fix | Delete
*
[204] Fix | Delete
* Whether the admin notice was viewed by the current user.
[205] Fix | Delete
*
[206] Fix | Delete
* @since 1.0.0
[207] Fix | Delete
* @access public
[208] Fix | Delete
* @static
[209] Fix | Delete
*
[210] Fix | Delete
* @param int $notice_id The notice ID.
[211] Fix | Delete
*
[212] Fix | Delete
* @return bool Whether the admin notice was viewed by the user.
[213] Fix | Delete
*/
[214] Fix | Delete
public static function is_user_notice_viewed( $notice_id ) {
[215] Fix | Delete
$notices = self::get_user_notices();
[216] Fix | Delete
[217] Fix | Delete
if ( empty( $notices[ $notice_id ] ) ) {
[218] Fix | Delete
return false;
[219] Fix | Delete
}
[220] Fix | Delete
[221] Fix | Delete
// BC: Handles old structure ( `[ 'notice_id' => 'true' ]` ).
[222] Fix | Delete
if ( 'true' === $notices[ $notice_id ] ) {
[223] Fix | Delete
return true;
[224] Fix | Delete
}
[225] Fix | Delete
[226] Fix | Delete
return $notices[ $notice_id ]['is_viewed'] ?? false;
[227] Fix | Delete
}
[228] Fix | Delete
[229] Fix | Delete
/**
[230] Fix | Delete
* Checks whether the current user is allowed to upload JSON files.
[231] Fix | Delete
*
[232] Fix | Delete
* Note: The 'json-upload' capability is managed by the Role Manager as a part of its blacklist restrictions.
[233] Fix | Delete
* In this context, we are negating the user's permission check to use it as a whitelist, allowing uploads.
[234] Fix | Delete
*
[235] Fix | Delete
* @return bool Whether the current user can upload JSON files.
[236] Fix | Delete
*/
[237] Fix | Delete
public static function is_current_user_can_upload_json() {
[238] Fix | Delete
return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'json-upload' );
[239] Fix | Delete
}
[240] Fix | Delete
[241] Fix | Delete
public static function is_current_user_can_use_custom_html() {
[242] Fix | Delete
return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'custom-html' );
[243] Fix | Delete
}
[244] Fix | Delete
[245] Fix | Delete
/**
[246] Fix | Delete
* Set admin notice as viewed.
[247] Fix | Delete
*
[248] Fix | Delete
* Flag the admin notice as viewed by the current user, using an authenticated ajax request.
[249] Fix | Delete
*
[250] Fix | Delete
* Fired by `wp_ajax_elementor_set_admin_notice_viewed` action.
[251] Fix | Delete
*
[252] Fix | Delete
* @since 1.0.0
[253] Fix | Delete
* @access public
[254] Fix | Delete
* @static
[255] Fix | Delete
*/
[256] Fix | Delete
public static function ajax_set_admin_notice_viewed() {
[257] Fix | Delete
// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
[258] Fix | Delete
$notice_id = Utils::get_super_global_value( $_REQUEST, 'notice_id' );
[259] Fix | Delete
[260] Fix | Delete
if ( ! $notice_id ) {
[261] Fix | Delete
wp_die();
[262] Fix | Delete
}
[263] Fix | Delete
[264] Fix | Delete
check_admin_referer( 'elementor_set_admin_notice_viewed' );
[265] Fix | Delete
[266] Fix | Delete
self::set_user_notice( $notice_id );
[267] Fix | Delete
[268] Fix | Delete
if ( ! wp_doing_ajax() ) {
[269] Fix | Delete
wp_safe_redirect( admin_url() );
[270] Fix | Delete
die;
[271] Fix | Delete
}
[272] Fix | Delete
[273] Fix | Delete
wp_die();
[274] Fix | Delete
}
[275] Fix | Delete
[276] Fix | Delete
/**
[277] Fix | Delete
* @param string $notice_id
[278] Fix | Delete
* @param bool $is_viewed
[279] Fix | Delete
* @param array $meta
[280] Fix | Delete
*
[281] Fix | Delete
* @return void
[282] Fix | Delete
*/
[283] Fix | Delete
public static function set_user_notice( $notice_id, $is_viewed = true, $meta = null ) {
[284] Fix | Delete
$notices = self::get_user_notices();
[285] Fix | Delete
[286] Fix | Delete
if ( ! is_array( $meta ) ) {
[287] Fix | Delete
$meta = $notices[ $notice_id ]['meta'] ?? [];
[288] Fix | Delete
}
[289] Fix | Delete
[290] Fix | Delete
$notices[ $notice_id ] = [
[291] Fix | Delete
'is_viewed' => $is_viewed,
[292] Fix | Delete
'meta' => $meta,
[293] Fix | Delete
];
[294] Fix | Delete
[295] Fix | Delete
update_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, $notices );
[296] Fix | Delete
}
[297] Fix | Delete
[298] Fix | Delete
/**
[299] Fix | Delete
* @since 2.1.0
[300] Fix | Delete
* @access public
[301] Fix | Delete
* @static
[302] Fix | Delete
*/
[303] Fix | Delete
public static function set_introduction_viewed( array $data ) {
[304] Fix | Delete
$user_introduction_meta = self::get_introduction_meta();
[305] Fix | Delete
[306] Fix | Delete
$user_introduction_meta[ $data['introductionKey'] ] = true;
[307] Fix | Delete
[308] Fix | Delete
update_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, $user_introduction_meta );
[309] Fix | Delete
}
[310] Fix | Delete
[311] Fix | Delete
/**
[312] Fix | Delete
* @throws \Exception If the user cannot install plugins.
[313] Fix | Delete
*/
[314] Fix | Delete
public static function register_as_beta_tester( array $data ) {
[315] Fix | Delete
if ( ! current_user_can( 'install_plugins' ) ) {
[316] Fix | Delete
throw new \Exception( 'You do not have permission to install plugins.' );
[317] Fix | Delete
}
[318] Fix | Delete
[319] Fix | Delete
update_user_meta( get_current_user_id(), self::BETA_TESTER_META_KEY, true );
[320] Fix | Delete
$response = wp_safe_remote_post(
[321] Fix | Delete
self::BETA_TESTER_API_URL,
[322] Fix | Delete
[
[323] Fix | Delete
'timeout' => 25,
[324] Fix | Delete
'body' => [
[325] Fix | Delete
'api_version' => ELEMENTOR_VERSION,
[326] Fix | Delete
'site_lang' => get_bloginfo( 'language' ),
[327] Fix | Delete
'beta_tester_email' => $data['betaTesterEmail'],
[328] Fix | Delete
],
[329] Fix | Delete
]
[330] Fix | Delete
);
[331] Fix | Delete
[332] Fix | Delete
$response_code = (int) wp_remote_retrieve_response_code( $response );
[333] Fix | Delete
[334] Fix | Delete
if ( 200 === $response_code ) {
[335] Fix | Delete
self::set_introduction_viewed( [
[336] Fix | Delete
'introductionKey' => Beta_Testers::BETA_TESTER_SIGNUP,
[337] Fix | Delete
] );
[338] Fix | Delete
}
[339] Fix | Delete
}
[340] Fix | Delete
[341] Fix | Delete
/**
[342] Fix | Delete
* @param string $key
[343] Fix | Delete
*
[344] Fix | Delete
* @return array|mixed|string
[345] Fix | Delete
* @since 2.1.0
[346] Fix | Delete
* @access public
[347] Fix | Delete
* @static
[348] Fix | Delete
*/
[349] Fix | Delete
public static function get_introduction_meta( $key = '' ) {
[350] Fix | Delete
$user_introduction_meta = get_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, true );
[351] Fix | Delete
[352] Fix | Delete
if ( ! $user_introduction_meta ) {
[353] Fix | Delete
$user_introduction_meta = [];
[354] Fix | Delete
}
[355] Fix | Delete
[356] Fix | Delete
if ( $key ) {
[357] Fix | Delete
return empty( $user_introduction_meta[ $key ] ) ? '' : $user_introduction_meta[ $key ];
[358] Fix | Delete
}
[359] Fix | Delete
[360] Fix | Delete
return $user_introduction_meta;
[361] Fix | Delete
}
[362] Fix | Delete
[363] Fix | Delete
/**
[364] Fix | Delete
* Get a user option with default value as fallback.
[365] Fix | Delete
*
[366] Fix | Delete
* @param string $option - Option key.
[367] Fix | Delete
* @param int $user_id - User ID.
[368] Fix | Delete
* @param mixed $default - Default fallback value.
[369] Fix | Delete
*
[370] Fix | Delete
* @return mixed
[371] Fix | Delete
*/
[372] Fix | Delete
public static function get_user_option_with_default( $option, $user_id, $default ) {
[373] Fix | Delete
$value = get_user_option( $option, $user_id );
[374] Fix | Delete
[375] Fix | Delete
return ( false === $value ) ? $default : $value;
[376] Fix | Delete
}
[377] Fix | Delete
[378] Fix | Delete
/**
[379] Fix | Delete
* Get dismissed editor notices.
[380] Fix | Delete
*
[381] Fix | Delete
* Retrieve the list of dismissed editor notices for the current user.
[382] Fix | Delete
*
[383] Fix | Delete
* @since 3.19.0
[384] Fix | Delete
* @access public
[385] Fix | Delete
* @static
[386] Fix | Delete
*
[387] Fix | Delete
* @return array A list of dismissed editor notices.
[388] Fix | Delete
*/
[389] Fix | Delete
public static function get_dismissed_editor_notices() {
[390] Fix | Delete
$notices = get_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, true );
[391] Fix | Delete
[392] Fix | Delete
return is_array( $notices ) ? $notices : [];
[393] Fix | Delete
}
[394] Fix | Delete
[395] Fix | Delete
/**
[396] Fix | Delete
* Set dismissed editor notices for the current user.
[397] Fix | Delete
*
[398] Fix | Delete
* @since 3.19.0
[399] Fix | Delete
* @access public
[400] Fix | Delete
* @static
[401] Fix | Delete
*
[402] Fix | Delete
* @param array $data Editor notices.
[403] Fix | Delete
*
[404] Fix | Delete
* @return void
[405] Fix | Delete
*/
[406] Fix | Delete
public static function set_dismissed_editor_notices( array $data ) {
[407] Fix | Delete
$editor_notices = self::get_dismissed_editor_notices();
[408] Fix | Delete
[409] Fix | Delete
if ( ! in_array( $data['dismissId'], $editor_notices, true ) ) {
[410] Fix | Delete
$editor_notices[] = $data['dismissId'];
[411] Fix | Delete
[412] Fix | Delete
update_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, $editor_notices );
[413] Fix | Delete
}
[414] Fix | Delete
}
[415] Fix | Delete
}
[416] Fix | Delete
[417] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function