WowPress-Tailwind/theme/request.php

<?php
require_once('vendor/autoload.php');

use Illuminate\Support\Facades\Redirect;
use WoWPress\Models\Character;
use WoWPress\Models\User;

if (empty($_POST['action'])) {
    exit(404);
}

if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php')) {
    /** Loads the WordPress Environment and Template */
    require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');
}


switch ($_POST['action']) {
    case 'addCharacter':
        isAllowed('wowpress_edit_characters');
        if (isset($_POST['addCharacter_nonce']) && wp_verify_nonce($_POST['addCharacter_nonce'], 'addCharacter')) {
            if (isset($_POST['name']) && isset($_POST['realm'])) {
                $char = Character::whereName($_POST['name'])->whereRealm($_POST['realm'])->first();
                if (empty($char->ID)) {
                    $char = new Character();
                    $char->name = $_POST['name'];
                    $char->realm = $_POST['realm'];
                    $char->updateFromAPI();
                    $char->updateMedia();
                }
            }
        }
        break;
    case 'deleteCharacter':
        isAllowed('wowpress_edit_characters');
        if (isset($_POST['deleteCharacter_nonce']) && wp_verify_nonce($_POST['deleteCharacter_nonce'], 'deleteCharacter')) {
            if (isset($_POST['id'])) {
                $char = Character::find($_POST['id']);
                if ($char->ID) {
                    $char->delete();
                }
            }
        }
        break;
    case 'updateCharacter':
        isAllowed('wowpress_edit_characters');
        if (isset($_POST['updateCharacter_nonce']) && wp_verify_nonce($_POST['updateCharacter_nonce'], 'updateCharacter')) {
            if (isset($_POST['id'])) {
                $char = Character::find($_POST['id']);
                if ($char->ID) {
                    $char->updateFromAPI();
                    $char->updateMedia();
                }
            }
        }
        break;
    case 'changeUser':
        isAllowed('wowpress_edit_characters');
        if (isset($_POST['changeUser_nonce']) && wp_verify_nonce($_POST['changeUser_nonce'], 'changeUser')) {
            if (isset($_POST['char_id']) && isset($_POST['uid'])) {
                $char = Character::find($_POST['char_id']);
                $user = User::find($_POST['uid']);
                if (!empty($char->ID)) {
                    if (empty($user->ID)) {
                        $char->user_id = null;
                        $char->save();
                    } else
                        $char->user_id = $user->ID;
                    $char->save();
                }
            }
        }
        break;
}

header('Location: ' . $_SERVER['HTTP_REFERER']);
Raids 2024-04-15 23:07:29 +02:00			`<?php`
			`require_once('vendor/autoload.php');`

			`use Illuminate\Support\Facades\Redirect;`
			`use WoWPress\Models\Character;`
Raid anmeldung 2.0 2024-04-22 15:38:22 +02:00			`use WoWPress\Models\User;`
Raids 2024-04-15 23:07:29 +02:00
			`if (empty($_POST['action'])) {`
			`exit(404);`
			`}`

			`if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php')) {`
			`/** Loads the WordPress Environment and Template */`
			`require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');`
			`}`


			`switch ($_POST['action']) {`
			`case 'addCharacter':`
Raid anmeldung 2.0 2024-04-22 15:38:22 +02:00			`isAllowed('wowpress_edit_characters');`
			`if (isset($_POST['addCharacter_nonce']) && wp_verify_nonce($_POST['addCharacter_nonce'], 'addCharacter')) {`
			`if (isset($_POST['name']) && isset($_POST['realm'])) {`
			`$char = Character::whereName($_POST['name'])->whereRealm($_POST['realm'])->first();`
			`if (empty($char->ID)) {`
			`$char = new Character();`
			`$char->name = $_POST['name'];`
			`$char->realm = $_POST['realm'];`
			`$char->updateFromAPI();`
			`$char->updateMedia();`
Raids 2024-04-15 23:07:29 +02:00			`}`
			`}`
			`}`
			`break;`
			`case 'deleteCharacter':`
Raid anmeldung 2.0 2024-04-22 15:38:22 +02:00			`isAllowed('wowpress_edit_characters');`
			`if (isset($_POST['deleteCharacter_nonce']) && wp_verify_nonce($_POST['deleteCharacter_nonce'], 'deleteCharacter')) {`
			`if (isset($_POST['id'])) {`
			`$char = Character::find($_POST['id']);`
			`if ($char->ID) {`
			`$char->delete();`
Raids 2024-04-15 23:07:29 +02:00			`}`
			`}`
			`}`
			`break;`
			`case 'updateCharacter':`
Raid anmeldung 2.0 2024-04-22 15:38:22 +02:00			`isAllowed('wowpress_edit_characters');`
			`if (isset($_POST['updateCharacter_nonce']) && wp_verify_nonce($_POST['updateCharacter_nonce'], 'updateCharacter')) {`
			`if (isset($_POST['id'])) {`
			`$char = Character::find($_POST['id']);`
			`if ($char->ID) {`
			`$char->updateFromAPI();`
			`$char->updateMedia();`
			`}`
			`}`
			`}`
			`break;`
			`case 'changeUser':`
			`isAllowed('wowpress_edit_characters');`
			`if (isset($_POST['changeUser_nonce']) && wp_verify_nonce($_POST['changeUser_nonce'], 'changeUser')) {`
			`if (isset($_POST['char_id']) && isset($_POST['uid'])) {`
			`$char = Character::find($_POST['char_id']);`
			`$user = User::find($_POST['uid']);`
			`if (!empty($char->ID)) {`
			`if (empty($user->ID)) {`
			`$char->user_id = null;`
			`$char->save();`
			`} else`
			`$char->user_id = $user->ID;`
			`$char->save();`
Raids 2024-04-15 23:07:29 +02:00			`}`
			`}`
			`}`
			`break;`
			`}`

			`header('Location: ' . $_SERVER['HTTP_REFERER']);`