public function admin_ajax()
{
if (false === headers_sent()) {
pods_session_start();
header('Content-Type: text/html; charset=' . get_bloginfo('charset'));
}
// Sanitize input
$params = pods_unslash((array) $_POST);
foreach ($params as $key => $value) {
if ('action' == $key) {
continue;
}
// Fixup $_POST data
$_POST[str_replace('_podsfix_', '', $key)] = $_POST[$key];
// Fixup $params with unslashed data
$params[str_replace('_podsfix_', '', $key)] = $value;
// Unset the _podsfix_* keys
unset($params[$key]);
}
$params = (object) $params;
$methods = array('add_pod' => array('priv' => true), 'save_pod' => array('priv' => true), 'load_sister_fields' => array('priv' => true), 'process_form' => array('custom_nonce' => true), 'upgrade' => array('priv' => true), 'migrate' => array('priv' => true));
/**
* AJAX Callbacks in field editor
*
* @since unknown
*
* @param array $method Callback method map
* @param object|PodsAdmin Class object
*/
$methods = apply_filters('pods_admin_ajax_methods', $methods, $this);
if (!isset($params->method) || !isset($methods[$params->method])) {
pods_error('Invalid AJAX request', $this);
}
$defaults = array('priv' => null, 'name' => $params->method, 'custom_nonce' => null);
$method = (object) array_merge($defaults, (array) $methods[$params->method]);
if (true !== $method->custom_nonce && (!isset($params->_wpnonce) || false === wp_verify_nonce($params->_wpnonce, 'pods-' . $params->method))) {
pods_error(__('Unauthorized request', 'pods'), $this);
}
// Cleaning up $params
unset($params->action);
unset($params->method);
if (true !== $method->custom_nonce) {
unset($params->_wpnonce);
}
// Check permissions (convert to array to support multiple)
if (!empty($method->priv) && !pods_is_admin(array('pods')) && true !== $method->priv && !pods_is_admin($method->priv)) {
pods_error(__('Access denied', 'pods'), $this);
}
$params->method = $method->name;
$params = apply_filters('pods_api_' . $method->name, $params, $method);
$api = pods_api();
$api->display_errors = false;
if ('upgrade' == $method->name) {
$output = (string) pods_upgrade($params->version)->ajax($params);
} elseif ('migrate' == $method->name) {
$output = (string) apply_filters('pods_api_migrate_run', $params);
} else {
if (!method_exists($api, $method->name)) {
pods_error('API method does not exist', $this);
} elseif ('save_pod' == $method->name) {
if (isset($params->field_data_json) && is_array($params->field_data_json)) {
$params->fields = $params->field_data_json;
unset($params->field_data_json);
foreach ($params->fields as $k => $v) {
if (empty($v)) {
unset($params->fields[$k]);
} elseif (!is_array($v)) {
$params->fields[$k] = (array) @json_decode($v, true);
}
}
}
}
// Dynamically call the API method
$params = (array) $params;
$output = call_user_func(array($api, $method->name), $params);
}
// Output in json format
if (false !== $output) {
if (is_array($output) || is_object($output)) {
wp_send_json($output);
} else {
echo $output;
}
} else {
pods_error('There was a problem with your request.');
}
die;
// KBAI!
}