PSC 1.5.6 WPML - CTXPS_Security.php

1. <?php
2.  
3. if(!class_exists('CTXPS_Security')){
4. /**
5.  * Handles security-related actions.
6.  */
7. class CTXPS_Security{
8.     /**
9.      * Top-level method for running security check on content, then displaying
10.      * Access Denied message when appropriate. Overall, this is the core
11.      * validation method for PSC.
12.      *
13.      * @global object $post Gets db information about this post (used to determind post_type)
14.      * @global object $current_user Info for the currently logged in user
15.      * @param string $content
16.      * @return string
17.      */
18.     public static function protect_content(){
19.         global $post,$page,$id,$current_user,$is_IIS;
20.         $secureallowed = true;
21.         $plugin_opts = get_option('contexture_ps_options');
22.  
23.         //SET 401 CODE IF ON AD PAGE (AND NEVER BLOCK)
24.         if(!is_admin() && CTXPS_Queries::check_ad_status()){
25.             if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
26.                 status_header(401); // This causes problems on IIS and some FastCGI setups
27.             }
28.             return;//Exit the function, no further checks are needed
29.         }
30.  
31.         //CONDITIONS WHERE USER SHOULD BE LET THROUGH
32.         if(current_user_can('edit_others_posts')){
33.             return;//Exit the function, no further checks are needed
34.         }
35.  
36.         //SITE-WIDE PROTECTION
37.         if($plugin_opts['ad_opt_protect_site']==='true'){
38.  
39.             /**Groups that this user is a member of*/
40.             $siteaccess = CTXPS_Queries::get_user_groups($current_user->ID,true);
41.             //User isnt in any groups, no more checking necessary
42.             if(empty($siteaccess)){
43.                 self::deny_access($plugin_opts);
44.             }
45.             //If $siteaccess returned anything, we can safely assume user has "Limited"
46.             //Since "Full" isn't implemented yet, we don't have to make that check or change the way get_user_groups works
47.         }
48.  
49.         //POST/PAGE-SPECIFIC PROTECTION
50.         if(!is_home() && !is_category() && !is_tag() && !is_feed() && !is_tax() && !is_admin() && !is_404() && !is_archive() && !is_search()) {
51.  
52.             //We may want to use a global override, so check first...
53.             if(!isset($useraccess)){
54.                 /**Groups that this user is a member of*/
55.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
56.             }
57.            
58.             /**MERGE PAGE/TERM ARRAYS******************************************/
59.            
60.             //Get any page requirements
61.             $pagereqs = self::get_post_protection($post->ID);
62.            
63.  
64.             /**PAGE/SECTION CHECK**********************************************/
65.             $pagereqs = self::get_post_protection($post->ID);
66.  
67.             if($pagereqs !== false && is_array($pagereqs)){
68.                 //Determine if user can access this content
69.                 $pageallowed = self::check_access($useraccess,$pagereqs);
70.  
71.                 //NOT ALLOWED TO ACCESS!
72.                 if(!$pageallowed){
73.                     self::deny_access($plugin_opts);
74.                 }
75.             }
76.  
77.  
78.             //If we reach this point, there's no reason to deny access
79.         }
80.     }
81.  
82.  
83.     /**
84.      * Hooks to the loop and removes data for posts that are protected when the security
85.      * doesn't pass muster.
86.      *
87.      * @global object $current_user
88.      * @param array $content
89.      * @return <type>
90.      */
91.     public static function filter_loops($content){
92.         global $current_user;
93.  
94.         //Get plugin options
95.         $dbOpts = get_option('contexture_ps_options');
96.  
97.         if(is_feed() && $dbOpts['ad_msg_usefilter_rss']=='false'){
98.             //If this is a feed and it's filtering is explicitly disabled, do no filtering. Otherwise... filter as normal (below)
99.             return $content;
100.         }else{
101.             //Do this only if user is not an admin, or if this is the blog page, category page, tag page, or feed (and isnt an admin page)
102.             if( !current_user_can('edit_others_posts') && ( is_home() || is_category() || is_tag() || is_tax() || is_feed() || is_author() || is_search() || is_archive() )  && !is_admin()) {
103.                 foreach($content as $post->key => $post->value){
104.  
105.                     /**Groups that this user is a member of*/
106.                     $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
107.                     /**Groups required to access this post*/
108.                     $pagereqs = self::get_post_protection($post->value->ID);
109.                     /**Term groups required to access this post - default is false (no protection) */
110.                     $termreqs = false;
111.  
112.                     //First, check if the post has any protected terms
113.                     if(CTXPS_Queries::check_post_term_protection($post->value->ID)){
114.                         //If the term-branch is protected, get an array of groups
115.                         $termreqs = CTXPS_Queries::get_groups_by_post_terms($post->value->ID);
116.                     }
117.  
118.                     //If necessary, validate group membership for page
119.                     if($pagereqs !== false && is_array($pagereqs)){
120.                         $secureallowed = self::check_access($useraccess,$pagereqs);
121.                         //NOT ALLOWED TO ACCESS!!
122.                         if(!$secureallowed){
123.                             //If we're NOT allowed to access this page
124.                             unset($content[$post->key]);
125.                         }
126.                     }
127.  
128.                     //If necessary, validate group membership for page's terms
129.                     if($termreqs !== false && is_array($termreqs)){
130.  
131.                         //Determine if user can access this content
132.                         $termallowed = CTXPS_Security::check_access($useraccess,$termreqs);
133.  
134.                         //NOT ALLOWED TO ACCESS!
135.                         if(!$termallowed){
136.                             unset($content[$post->key]);
137.                         }
138.                     }//End if
139.                 }//End foreach
140.             }//End appropriate section check
141.         }
142.  
143.         //Adjust top-level array key numbers to be concurrent (since a gap between numbers can cause wp to freak out)
144.         $content = array_merge($content,array());
145.  
146.         return $content;
147.     }
148.  
149.  
150.     /**
151.      * When the default menu is being used, this checks restrictions for each page
152.      * in the menu and removes it if it's restricted for the current user.
153.      *
154.      * @global object $current_user
155.      * @param array $content
156.      * @return The array of wordpress posts used to build the default menu
157.      */
158.     public static function filter_auto_menus($content){
159.         global $current_user;
160.  
161.         $dbOpts = get_option('contexture_ps_options');//ad_msg_usefilter_menus
162.  
163.         //Do this filtering only if the user isn't an admin (and isn't in admin section)... and provided the user hasn't explicitly set menu filtering to false
164.         if( !current_user_can('edit_others_posts')  && !is_admin() && $dbOpts['ad_msg_usefilter_menus']!='false') {
165.  
166.             //NO MENU!!! If site protect is on, menu filtering is on, and user is anon, remove EVERYTHING
167.             if($dbOpts['ad_opt_protect_site']==='true' &&
168.                (!is_user_logged_in() || $current_user->ID==0)){
169.                 return array();
170.             }
171.  
172.             //Loop through the content array
173.             foreach($content as $post->key => $post->value){
174.  
175.                 //Get groups that this user is a member of
176.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
177.                 //Get groups required to access this page
178.                 $pagereqs = self::get_post_protection($post->value->ID);
179.  
180.                 //So long as $pagereqs is anything but false
181.                 if(!!$pagereqs){
182.  
183.                     //Determine user access
184.                     $secureallowed = self::check_access($useraccess,$pagereqs);
185.  
186.                     if($secureallowed){
187.                         //If we're allowed to access this page
188.                     }else{
189.                         //If we're NOT allowed to access this page
190.                         unset($content[$post->key]); //Remove content from array
191.                     }
192.                 }
193.  
194.                 //If this is an AD page, strip it too
195.                 if($dbOpts['ad_msg_usepages']==='true'){
196.                     if($post->value->ID==$dbOpts['ad_page_auth_id'] || $post->value->ID==$dbOpts['ad_page_anon_id']){
197.                         unset($content[$post->key]);
198.                     }
199.                 }
200.             }
201.         }
202.  
203.         return $content;
204.     }
205.  
206.  
207.     /**
208.      * When a WP3 custom menu is being used, this checks restrictions for each page
209.      * in the menu and removes it if it's restricted to the current user.
210.      *
211.      * @global object $current_user
212.      * @param array $content
213.      * @return The array of wordpress posts used to build the custom menu.
214.      */
215.     public static function filter_custom_menus($content){
216.         global $current_user;
217.  
218.         $dbOpts = get_option('contexture_ps_options');//ad_msg_usefilter_menus
219.  
220.  
221.         //Do this filtering only if user isn't an admin, in admin section... and provided the user hasn't explicitly set menu filtering to false
222.         if( !current_user_can('edit_others_posts') && !is_admin() && $dbOpts['ad_msg_usefilter_menus']!='false' ) {
223.  
224.             //NO MENU!!! If site protect is on, menu filtering is on, and user is anon, remove EVERYTHING
225.             if($dbOpts['ad_opt_protect_site']==='true' &&
226.                (!is_user_logged_in() || $current_user->ID==0)){
227.                 return array();
228.             }
229.  
230.             //Get options (in case we need to strip access denied pages)
231.             $dbOpts = get_option('contexture_ps_options');
232.  
233.             foreach($content as $post->key => $post->value){
234.  
235.                 //Get groups that this user is a member of
236.                 $useraccess = CTXPS_Queries::get_user_groups($current_user->ID);
237.                 //Get groups required to access this page
238.                 $pagereqs = self::get_post_protection($post->value->object_id);
239.  
240.                 //So long as $pagereqs is anything but false
241.                 if(!!$pagereqs){
242.  
243.                     //Determine user access
244.                     $secureallowed = self::check_access($useraccess,$pagereqs);
245.  
246.                     if($secureallowed){
247.                         //If we're allowed to access this page
248.                     }else{
249.                         //If we're NOT allowed to access this page
250.                         unset($content[$post->key]);
251.                     }
252.                 }
253.                 //If this is an AD page, strip it too
254.                 if($dbOpts['ad_msg_usepages']==='true'){
255.                     if($post->value->object_id==$dbOpts['ad_page_auth_id'] || $post->value->object_id==$dbOpts['ad_page_anon_id']){
256.                         unset($content[$post->key]);
257.                     }
258.                 }
259.             }
260.         }
261.  
262.         return $content;
263.     }
264.  
265.  
266.     /**
267.      * This function takes an array of user groups and an array of page-required groups
268.      * and determines if the user should be allowed to access the specified content.
269.      *
270.      * @param array $UserGroupsArray The array returned by CTXPS_Queries::get_user_groups() (groups the user is a member of)
271.      * @param array $PageSecurityArray The array returned by ctx_ps_get_protection() (an array of pages, each containing an array of groups required)
272.      * @return bool Returns true if user has necessary permissions to access the page, false if not.
273.      */
274.     public static function check_access($UserGroupsArray,$PageSecurityArray){
275.  
276.         //Testing...
277.         //wp_die('<h2>User Groups</h2><pre>'.print_r($UserGroupsArray,true).'</pre><h2>Required Groups (by Page/Content)</h2><pre>'.print_r($PageSecurityArray,true).'</pre>');
278.  
279.         //If our page-security array is empty, automatically return false (no groups have been granted access)
280.         if( empty($PageSecurityArray) )
281.             return false;
282.  
283.         //If our user array is empty, automatically return false (user does not belong to any groups)
284.         if( empty($UserGroupsArray) )
285.             return false;
286.  
287.         //Used to count each page that has at least one group
288.         $loopswithgroups = 0;
289.  
290.         //Loop through each page's permissions, starting with current page and travelling UP the heirarchy...
291.         foreach($PageSecurityArray as $security->page => $security->secarray){
292.  
293.             //Ensure secarray is an array - if not, make it one (needed for some term checks)
294.             if(!is_array($security->secarray))
295.                 $security->secarray = array($security->secarray);
296.  
297.             //If the current page has group settings attached...
298.             if(count($security->secarray) != 0){
299.                 //Increment our group tracking var
300.                 $loopswithgroups += 1;
301.                 //If any of this user's groups do not match any of this page's groups...
302.                 if( count(array_intersect($UserGroupsArray,$security->secarray)) == 0 ){
303.                     //We return false as the user does not have access
304.                     return false;
305.                 }
306.                 //No expiration check necessary here. Expired memberships arent returned from db.
307.             }
308.         }
309.  
310.         //If no pages have groups, then no-one can access the page
311.         if($loopswithgroups === 0){return false;}
312.  
313.         //If we haven't triggered a false return already, return true
314.         return true;
315.  
316.     }
317.  
318.  
319.     /**
320.      * Alias for self::get_{$type}_protection() to maintain backwards compatibility.
321.      *
322.      *
323.      * @param int $content_id The id of the content to check
324.      * @param string $content_type The type of content to check
325.      * @return type
326.      */
327.     public static function get_protection($content_id,$content_type='post'){
328.         switch ($content_type){
329.             case 'post':
330.                 return self::get_post_protection($content_id);
331.                 break;
332.             case 'term':
333.                 return self::get_term_protection($content_id);
334.                 break;
335.             default:
336.                 return false;
337.                 break;
338.         }
339.     }
340.  
341.  
342.     /**
343.      * This function will check the security for the specified page and all parent pages.
344.      * If security exists, a multi-dimensional array will be returned following the format
345.      * array( pageid=>array(groupid=>groupname) ), with the first item being the current
346.      * page and additional items being parents. If no security is present for any ancestor
347.      * then the function will return false.
348.      *
349.      * @global wpdb $wpdb
350.      *
351.      * @param int $post_id The id of the post to get permissions for.
352.      * @param bool $include_terms Optional. Define whether or not term protection should be merged into page protection.
353.      * @return mixed Returns an array with all the required permissions to access this page. If no security is present, returns false.
354.      */
355.     public static function get_post_protection($post_id,$include_terms=true){
356.  
357.         //If this branch isn't protected, just stop now and save all that processing power
358.         if (!CTXPS_Queries::check_section_protection($post_id)){
359.             return false;
360.         }
361.  
362.         //If we're still going, then it means something above us is protected, so lets get the list of permissions
363.         global $wpdb;
364.         $return = array();
365.         $group_array = array();
366.         /**Gets the parent id of the current page/post*/
367.         $parent_id = get_post($post_id);
368.         $parent_id = (integer)$parent_id->post_parent;
369.  
370.  
371.         /** 1. If I am secure, get my groups ***********************************/
372.  
373.             //Get Group relationship info for this page
374.             $groups = CTXPS_Queries::get_groups_by_object('post',$post_id, true);
375.  
376.             //If 0 results, dont do anything. Otherwise, re-sort into id=>name array
377.             if(!empty($groups)){
378.                 foreach($groups as $group){
379.                     $group_array[$group->group_id] = $group->group_title;
380.                 }unset($group);
381.             } unset($groups);
382.  
383.         //Add an item to the array. 'pageid'=>array('groupid','groupname')
384.         $return[(string)$post_id] = $group_array;
385.         unset($group_array);
386.        
387.         /** 1b. Get term protections *******************************************/
388.         if ( $include_terms ) {
389.             //If term protection exists for this post, get the array
390.             if( CTXPS_Queries::check_post_term_protection($post_id) ) {
391.                
392.                 //Term branch is protected, get attached groups
393.                 $termreqs = CTXPS_Queries::get_groups_by_post_terms($post_id);
394.                
395.                 //Merge those changes back into $pagereqs
396.                 $return[(string)$post_id] += $termreqs;
397.             }
398.         }
399.  
400.  
401.         /** 2. If I have a parent, recurse  ************************************/
402.  
403.             //Using our earlier results, check post_parent. If it's != 0 then recurse this function, adding the return value to $array
404.             if($parent_id != 0){
405.                 //$recursedArray = CTXPS_Security::get_protection($parentid);
406.                 //$array = array_merge($array,$recursedArray);
407.                 $parent_array = self::get_post_protection($parent_id,$include_terms);
408.                 if(!!$parent_array){
409.                   $return += $parent_array;
410.                 }
411.             }
412.  
413.  
414.         //3. Return the completed $array
415.         return $return;
416.     }
417.  
418.  
419.     /**
420.      * This function will check the security for the specified term and all parent terms.
421.      * If security exists, a multi-dimensional array will be returned following the format
422.      * array( term_id=>array(group_id=>group_name) ), with the first item being the current
423.      * term and additional items being parents. If no security is present for any ancestor
424.      * then the function will return false.
425.      *
426.      * @global wpdb $wpdb
427.      *
428.      * @param int $term_id The id of the post to get permissions for.
429.      * @param string $taxonomy The name of the taxonomy that needs to be checked
430.      * @return mixed Returns an array with all the required permissions to access this page. If no security is present, returns false.
431.      */
432.     public static function get_term_protection($term_id,$taxonomy){
433.  
434.         //If this branch isn't protected, just stop now and save all that processing power
435.         if (!CTXPS_Queries::check_term_protection($term_id,$taxonomy)){
436.             return false;
437.         }
438.  
439.         //If we're still going, then it means something above us is protected, so lets get the list of permissions
440.         global $wpdb;
441.         $return = array();
442.         $group_array = array();
443.         /**Gets the parent id of the current page/post*/
444.         $parent_id = get_term($term_id,$taxonomy);
445.         $parent_id = (integer)$parent_id->parent;
446.         /**Gets the ctx_ps_security data for this post (if it exists) - used to determine if this is the topmost secured page*/
447.         //$amisecure = get_post_meta($postid,'ctx_ps_security',true);
448.  
449.         //1. If I am secure, get my groups
450.         //if(!empty($amisecure)){
451.             //Get Group relationship info for this page from wp_ps_security, join wp_posts on postid
452.             $groups = CTXPS_Queries::get_groups_by_object('term',$term_id, true);
453.  
454.             //If 0 results, dont do anything. Otherwise...
455.             if(!empty($groups)){
456.                 foreach($groups as $group){
457.                     $group_array[$group->group_id] = $group->group_title;
458.                 }unset($group);
459.             }
460.         //}
461.         //Add an item to the array. 'pageid'=>array('groupid','groupname')
462.         $return[(string)$term_id] = $group_array;
463.         unset($group_array);
464.         //2. If I have a parent, recurse
465.             //Using our earlier results, check post_parent. If it's != 0 then recurse this function, adding the return value to $array
466.             if($parent_id != 0){
467.                 //$recursedArray = CTXPS_Security::get_protection($parentid);
468.                 //$array = array_merge($array,$recursedArray);
469.                 $parent_array = self::get_term_protection($parent_id);
470.                 if(!!$parent_array){
471.                   $return += $parent_array;
472.                 }
473.             }
474.  
475.         //3. Return the completed $array
476.         return $return;
477.     }
478.  
479.     /**
480.      * Alias for CTXPS_Queries::check_protection. Internally, please use CTXPS_Queries
481.      * instead of this. Alias is provided for developer-friendliness only.
482.      *
483.      * @return bool Whether this page has the "protected page" flag
484.      */
485.     public static function check_protection($post_id){
486.         return CTXPS_Queries::check_protection($post_id);
487.     }
488.  
489.     /**
490.      * When called, will determined which AD message or page to show, then show it
491.      *
492.      * @param array $plugin_opts If db options are provided, we won't have to query this again
493.      */
494.     public static function deny_access($plugin_opts=array()){
495.         global $current_user,$post,$is_IIS;
496.  
497.         if(empty($plugin_opts)){
498.             $plugin_opts = get_option('contexture_ps_options');
499.         }
500.         $blogurl = get_bloginfo('url');
501.  
502.         //HANDLE UNAUTHENTICATED USERS.....
503.         if($current_user->ID == 0 || !is_user_logged_in()){
504.  
505.             //IF FORCE LOGIN....
506.             if($plugin_opts['ad_opt_login_anon']==='true'){
507.                 //TODO: Problem area for some IIS users - not sure if its possible to fix, clearly an IIS bug
508.                 wp_safe_redirect(wp_login_url((empty($_SERVER['HTTPS'])?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']));
509.                 die();
510.             }
511.  
512.             //If site restriction is enabled and user isnt logged in, don't bother linking to the homepage
513.             $homepage_link = '';
514.             if( $plugin_opts['ad_opt_protect_site']!=='true' ){
515.                 $homepage_link = '<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>';
516.             }
517.  
518.             //SHOW AD *PAGE*
519.             if($plugin_opts['ad_msg_usepages']==='true'){ //Have to exempt feed else it interupts feed render
520.  
521.                 //IF USING PAGE...
522.                 if(is_numeric($plugin_opts['ad_page_anon_id'])){
523.                    
524.                     //WPML SUPPORT...
525.                     $page_anon_id_current_language = $plugin_opts['ad_page_anon_id'];
526.                     if( function_exists( 'icl_object_id' ) ) {
527.                             global $sitepress;
528.                             $current_language = $sitepress->get_current_language();
529.                             $page_anon_id_current_language = icl_object_id( $page_anon_id_current_language, 'page', true, $current_language );
530.                     }
531.  
532.                     //IF USING REPLACEMENT...
533.                     if($plugin_opts['ad_opt_page_replace']==='true'){
534.                         $new_content = get_post($page_anon_id_current_language);
535.                         $post->post_title = $new_content->post_title;
536.                         $post->post_content = $new_content->post_content;
537.                         if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
538.                             status_header(401); // This causes problems on IIS and some FastCGI setups
539.                         }
540.                         return;
541.                     //ELSE USE REDIRECT...
542.                     }else{
543.                         $redir_anon_link = get_permalink($page_anon_id_current_language);
544.                         wp_redirect(apply_filters( 'psc_redir_anon_link', $redir_anon_link));
545.                         exit(sprintf(__('Access Denied. Redirecting to %s','contexture-page-security'),$redir_anon_link)); //Regular die to prevent restricted content from slipping out
546.                     }
547.  
548.                 //INVALID PAGE, USE MSG
549.                 }else{
550.                     wp_die(str_replace( '%login_url%', wp_login_url( get_permalink($post->ID) ), $plugin_opts['ad_msg_anon'] ).$homepage_link );
551.                 }
552.  
553.             //SHOW AD *MSG*
554.             }else{
555.                 //If user is anonymous, show this message
556.                 wp_die(str_replace( '%login_url%', wp_login_url( get_permalink($post->ID) ), $plugin_opts['ad_msg_anon'] ).$homepage_link );
557.             }
558.  
559.  
560.         //HANDLE AUTHENTICATED USERS....
561.         }else{
562.  
563.             //SHOW AD *PAGE*
564.             if($plugin_opts['ad_msg_usepages']==='true'){
565.  
566.                 //IF USING PAGE...
567.                 if(is_numeric($plugin_opts['ad_page_auth_id'])){
568.                    
569.                    
570.                      //WPML SUPPORT
571.                     $page_auth_id_current_language = $plugin_opts['ad_page_auth_id'];
572.                     if( function_exists( 'icl_object_id' ) ) {
573.                             global $sitepress;
574.                             $current_language = $sitepress->get_current_language();
575.                             $page_auth_id_current_language = icl_object_id( $page_auth_id_current_language, 'page', true, $current_language );
576.                     }
577.  
578.                     //IF USING REPLACEMENT...
579.                     if($plugin_opts['ad_opt_page_replace']==='true'){
580.                         $new_content = get_post($page_auth_id_current_language);
581.                         $post->post_title = $new_content->post_title;
582.                         $post->post_content = $new_content->post_content;
583.                         if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ){
584.                             status_header(401); // This causes problems on IIS and some FastCGI setups
585.                         }
586.                         return;
587.  
588.                     //ELSE USE REDIRECT...
589.                     }else{
590.                         $redir_auth_link = get_permalink($page_auth_id_current_language);
591.                         wp_redirect($redir_auth_link);
592.                         exit(sprintf(__('Access Denied. Redirecting to %s','contexture-page-security'),$redir_auth_link)); //Regular die to prevent restricted content from slipping out
593.                     }
594.  
595.                 //INVALID PAGE, USE MSG
596.                 }else{
597.                     wp_die($plugin_opts['ad_msg_auth'].'<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>');
598.                 }
599.  
600.             //SHOW AD *MSG*
601.             }else{
602.                 //If user is authenticated, show this message
603.                 wp_die($plugin_opts['ad_msg_auth'].'<a style="display:block;font-size:0.7em;" href="'.$blogurl.'">&lt;&lt; '.__('Go to home page','contexture-page-security').'</a>');
604.             }
605.         }
606.         exit(); //Useless
607.     }
608.  
609.     /**
610.      * Used to filter the CSV data that WP uses to show attached tag lists on edit pages. This adds an
611.      * asterisk to the end of the protected terms.
612.      *
613.      * @global int $post_id Defined in get_terms_to_edit();
614.      * @param string $tags_to_edit A CSV with the list of attached tags/terms.
615.      * @param string $taxonomy The name of the taxonomy associated with this term list.
616.      * @return string Returns the same CSV, with an asterisk appended to the end of protected terms.
617.      */
618.     public static function tag_protected_terms($tags_to_edit,$taxonomy='post_tag'){
619.         global $post_id;
620.  
621.         //Assign these so we can test
622.         $edited_tags = $tags_to_edit;
623.  
624.         //Get array of protected terms for this taxonomy
625.         $terms = wp_get_post_terms($post_id,$taxonomy);
626.  
627.         //Loop through array, str_replacing matched terms in CSV with "*$term"
628.         foreach($terms as $t){
629.             if(CTXPS_Queries::check_term_protection($t->term_id, $taxonomy, false)){
630.                 $edited_tags = str_replace($t->name,$t->name.'*',$tags_to_edit);
631.             }
632.         }
633.  
634.         return $edited_tags;
635.     }
636.  
637.     /**
638.      * Adds asterisk to non-heirarchal terms that arent in use.
639.      *
640.      * @param array $tags An array of term objects
641.      * @param array $args Additional arguments
642.      * @return type
643.      */
644.     public static function tag_protected_terms_unused($tags,$args=array()){
645.  
646.         //Check each term, if it's protected, add an asterisk to its visible name
647.         foreach($tags as $term){
648.             if(isset($term->name) && isset($term->term_id) && isset($term->taxonomy)){ //Fixes an error on some screens
649.                 if(CTXPS_Queries::check_term_protection($term->term_id,$term->taxonomy)){
650.                     $term->name .= '*';
651.                 }
652.             }
653.         }
654.         return $tags;
655.     }
656.  
657.     /**
658.      * JS is injected into post.php when action=edit in order to add an asterisk
659.      * to protected terms. This is very, very, very bad form, but there aren't the
660.      * necessary hooks to do this server side (well, there is, but its obviously
661.      * never been used for anything since it's very buggy), so it's either this or
662.      * nothing. In this case, I side with usability over good coding practices.
663.      *
664.      * @param type $term_name
665.      */
666.     public static function tag_protected_terms_heirarchal(){
667.         global $current_screen;
668.  
669.         if( $current_screen->base==='post' && isset($_REQUEST['post']) ){
670.             ?><script type="text/javascript">jQuery(function(){<?php
671.  
672.             //Get taxonomies for this post
673.             $taxonomies = get_post_taxonomies($_REQUEST['post']);
674.  
675.             //For each taxonomy, get a list of term ids used for this post
676.             foreach($taxonomies as $tax){
677.                 //Initialize vars
678.                 $terms = get_terms($tax);
679.                 $termlist = array();
680.  
681.                 //Build an array out of the term ids...
682.                 foreach($terms as $term){
683.                     //...but only if it's protected
684.                     if(CTXPS_Queries::check_term_protection($term->term_id, $tax)){
685.                         $termlist[] = $term->term_id;
686.                     }
687.                 }
688.  
689.                 //Join the array into a CSV
690.                 $termlist = join(',', $termlist);
691.  
692.                 //Generate javascript to add asterisk to protected terms
693.                 if(!empty($termlist)){
694.                     $tarray = "{$tax}_protect";
695.                     ?>
696.                         var <?php echo $tarray ?> = [<?php echo $termlist ?>];
697.                         for(x in <?php echo $tarray ?>){
698.                             jQuery('#<?php echo $tax ?>div input[value="'+<?php echo $tarray ?>[x]+'"]').parent().append('*');
699.                             jQuery('#<?php echo $tax ?>div option[value="'+<?php echo $tarray ?>[x]+'"]').append('*');
700.                         }
701.                     <?php
702.                 }
703.                 //So there's no accidental carryovers
704.                 unset($terms,$termlist);
705.             }
706.  
707.             ?>});</script><?php
708.         }
709.         //Nothing to do
710.         return false;
711.     }
712.  
713. }}
714. ?>