HEX
Server: LiteSpeed
System: Linux server315.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: globfdxw (6114)
PHP: 8.1.34
Disabled: NONE
$ pwd: /home/globfdxw/public_html/wp-content/plugins/wpforms-pdf/src/Builder/Ajax/
Upload Files
File: /home/globfdxw/public_html/wp-content/plugins/wpforms-pdf/src/Builder/Ajax/Base.php
<?php

namespace WPFormsPDF\Builder\Ajax;

/**
 * Base class for AJAX handlers.
 *
 * @since 1.0.0
 */
abstract class Base {

	/**
	 * Class constructor.
	 *
	 * @since 1.0.0
	 */
	public function __construct() {

		$this->hooks();
	}

	/**
	 * Register hooks.
	 *
	 * @since 1.0.0
	 */
	abstract protected function hooks();

	/**
	 * Verify AJAX request security and permissions.
	 *
	 * @since 1.0.0
	 */
	protected function verify_ajax_request(): void {

		if ( ! check_ajax_referer( 'wpforms-builder', 'nonce', false ) ) {
			wp_send_json_error( esc_html__( 'Security check failed.', 'wpforms-pdf' ) );
		}

		$form_id = ! empty( $_POST['form_id'] ) ? absint( $_POST['form_id'] ) : 0;

		// Check permissions.
		if ( ! wpforms_current_user_can( 'edit_form_single', $form_id ) ) {
			wp_send_json_error( esc_html__( 'You do not have permission to perform this action.', 'wpforms-pdf' ) );
		}
	}

	/**
	 * Get the post_data by key.
	 *
	 * @since 1.0.0
	 *
	 * @param string $key  Key to get data for.
	 * @param string $type Type of data to get.
	 *
	 * @return mixed
	 */
	protected function get_post_data( string $key, string $type = 'text' ) { // phpcs:ignore Generic.Metrics.CyclomaticComplexity

		switch ( $type ) {
			case 'int':
				$value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_NUMBER_INT ) ?? 0;
				break;

			case 'array':
				$value = filter_input( INPUT_POST, $key, FILTER_UNSAFE_RAW, FILTER_REQUIRE_ARRAY ) ?? [];
				$value = $this->sanitize_array( $value );
				break;

			case 'bool':
				$value = filter_input( INPUT_POST, $key, FILTER_VALIDATE_BOOLEAN ) ?? false;
				break;

			case 'json':
				$value = json_decode( filter_input( INPUT_POST, $key ), true );
				break;

			// Specific for the form_data.
			case 'form_data':
				$value = json_decode( filter_input( INPUT_POST, $key ), false );
				$value = wpforms_prepare_form_data( $value );
				$value = wpforms_sanitize_form_data( $value );
				break;

			default:
				$value = htmlspecialchars( filter_input( INPUT_POST, $key ) ?? '' );
				break;
		}

		return $value;
	}

	/**
	 * Sanitize array.
	 *
	 * @since 1.0.0
	 *
	 * @param array $data Array to sanitize.
	 *
	 * @return array
	 */
	protected function sanitize_array( array $data ): array {

		$purifier          = wpforms_get_html_purifier();
		$decode_and_purify = static function ( $item ) use ( $purifier ) {
			return $purifier->purify( wpforms_html_entity_decode_deep( $item ) );
		};

		foreach ( $data as $key => $value ) {
			if ( is_array( $value ) ) {
				$value = $this->sanitize_array( $value );
			} else {
				$value = $decode_and_purify( wp_unslash( $value ) );
			}

			$data[ $key ] = $value;
		}

		return $data;
	}
}
@ Telegram