Update jetpack 5.2.1

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>

1 files changed, 41 insertions, 23 deletions

diff --git a/plugins/jetpack/modules/contact-form/grunion-contact-form.php b/plugins/jetpack/modules/contact-form/grunion-contact-form.php
index d0f06856..c7ff0f71 100644
--- a/plugins/jetpack/modules/contact-form/grunion-contact-form.php
+++ b/plugins/jetpack/modules/contact-form/grunion-contact-form.php
@@ -252,6 +252,8 @@ class Grunion_Contact_Form_Plugin {
 		add_filter( 'contact_form_subject', array( $this, 'replace_tokens_with_input' ), 10, 2 );
 
 		$id = stripslashes( $_POST['contact-form-id'] );
+		$hash = isset( $_POST['contact-form-hash'] ) ? $_POST['contact-form-hash'] : null;
+		$hash = preg_replace( '/[^\da-f]/i', '', $hash );
 
 		if ( is_user_logged_in() ) {
 			check_admin_referer( "contact-form_{$id}" );
@@ -295,20 +297,20 @@ class Grunion_Contact_Form_Plugin {
 			apply_filters( 'the_content', $post->post_content );
 		}
 
-		$form = Grunion_Contact_Form::$last;
+		$form = isset( Grunion_Contact_Form::$forms[ $hash ] ) ? Grunion_Contact_Form::$forms[ $hash ] : null;
 
 		// No form may mean user is using do_shortcode, grab the form using the stored post meta
 		if ( ! $form ) {
 
 			// Get shortcode from post meta
-			$shortcode = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode', true );
+			$shortcode = get_post_meta( $_POST['contact-form-id'], "_g_feedback_shortcode_{$hash}", true );
 
 			// Format it
 			if ( $shortcode != '' ) {
 
 				// Get attributes from post meta.
 				$parameters = '';
-				$attributes = get_post_meta( $_POST['contact-form-id'], '_g_feedback_shortcode_atts', true );
+				$attributes = get_post_meta( $_POST['contact-form-id'], "_g_feedback_shortcode_atts_{$hash}", true );
 				if ( ! empty( $attributes ) && is_array( $attributes ) ) {
 					foreach( array_filter( $attributes ) as $param => $value  ) {
 						$parameters .= " $param=\"$value\"";
@@ -576,9 +578,9 @@ class Grunion_Contact_Form_Plugin {
 			$query_string = http_build_query( $form );
 		}
 		if ( method_exists( 'Akismet', 'http_post' ) ) {
-		    $response = Akismet::http_post( $query_string, "submit-{$as}" );
+			$response = Akismet::http_post( $query_string, "submit-{$as}" );
 		} else {
-		    $response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port );
+			$response = akismet_http_post( $query_string, $akismet_api_host, "/1.1/submit-{$as}", $akismet_api_port );
 		}
 
 		return trim( $response[1] );
@@ -1291,6 +1293,11 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 	public $errors;
 
 	/**
+	 * @var string The SHA1 hash of the attributes that comprise the form.
+	 */
+	public $hash;
+
+	/**
 	 * @var Grunion_Contact_Form The most recent (inclusive) contact-form shortcode processed
 	 */
 	static $last;
@@ -1301,6 +1308,11 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 	static $current_form;
 
 	/**
+	 * @var array All found forms, indexed by hash.
+	 */
+	static $forms = array();
+
+	/**
 	 * @var bool Whether to print the grunion.css style when processing the contact-form shortcode
 	 */
 	static $style = false;
@@ -1308,6 +1320,9 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 	function __construct( $attributes, $content = null ) {
 		global $post;
 
+		$this->hash = sha1( json_encode( $attributes ) . $content );
+		self::$forms[ $this->hash ] = $this;
+
 		// Set up the default subject and recipient for this form
 		$default_to = '';
 		$default_subject = '[' . get_option( 'blogname' ) . ']';
@@ -1365,10 +1380,10 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 			$this->parse_content( $default_form );
 
 			// Store the shortcode
-			$this->store_shortcode( $default_form, $attributes );
+			$this->store_shortcode( $default_form, $attributes, $this->hash );
 		} else {
 			// Store the shortcode
-			$this->store_shortcode( $content, $attributes );
+			$this->store_shortcode( $content, $attributes, $this->hash );
 		}
 
 		// $this->body and $this->fields have been setup.  We no longer need the contact-field shortcode.
@@ -1380,18 +1395,24 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 	 *	- used to receate shortcode when user uses do_shortcode
 	 *
 	 * @param string $content
+	 * @param array $attributes
+	 * @param string $hash
 	 */
-	static function store_shortcode( $content = null, $attributes = null ) {
+	static function store_shortcode( $content = null, $attributes = null, $hash = null ) {
 
 		if ( $content != null and isset( $attributes['id'] ) ) {
 
-			$shortcode_meta = get_post_meta( $attributes['id'], '_g_feedback_shortcode', true );
+			if ( empty( $hash ) ) {
+				$hash = sha1( json_encode( $attributes ) . $content );
+			}
+
+			$shortcode_meta = get_post_meta( $attributes['id'], "_g_feedback_shortcode_{$hash}", true );
 
 			if ( $shortcode_meta != '' or $shortcode_meta != $content ) {
-				update_post_meta( $attributes['id'], '_g_feedback_shortcode', $content );
+				update_post_meta( $attributes['id'], "_g_feedback_shortcode_{$hash}", $content );
 
 				// Save attributes to post_meta for later use. They're not available later in do_shortcode situations.
-				update_post_meta( $attributes['id'], '_g_feedback_shortcode_atts', $attributes );
+				update_post_meta( $attributes['id'], "_g_feedback_shortcode_atts_{$hash}", $attributes );
 			}
 		}
 	}
@@ -1443,17 +1464,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 			return '[contact-form]';
 		}
 
-		// Only allow one contact form per post/widget
-		if ( self::$last && $id == self::$last->get_attribute( 'id' ) ) {
-			// We're processing the same post
-			if ( self::$last->attributes != $form->attributes || self::$last->content != $form->content ) {
-				// And we're processing a different shortcode;
-				return '';
-			} // else, we're processing the same shortcode - probably a separate run of do_shortcode() - let it through
-
-		} else {
-			self::$last = $form;
-		}
+		self::$last = $form;
 
 		// Enqueue the grunion.css stylesheet if self::$style allows it
 		if ( self::$style && ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) ) {
@@ -1475,7 +1486,10 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 			$r .= "</ul>\n</div>\n\n";
 		}
 
-		if ( isset( $_GET['contact-form-id'] ) && $_GET['contact-form-id'] == self::$last->get_attribute( 'id' ) && isset( $_GET['contact-form-sent'] ) ) {
+		if ( isset( $_GET['contact-form-id'] )
+			&& $_GET['contact-form-id'] == self::$last->get_attribute( 'id' )
+			&& isset( $_GET['contact-form-sent'], $_GET['contact-form-hash'] )
+			&& hash_equals( $form->hash, $_GET['contact-form-hash'] ) ) {
 			// The contact form was submitted.  Show the success message/results
 			$feedback_id = (int) $_GET['contact-form-sent'];
 
@@ -1537,6 +1551,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 			}
 			$r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n";
 			$r .= "\t\t<input type='hidden' name='action' value='grunion-contact-form' />\n";
+			$r .= "\t\t<input type='hidden' name='contact-form-hash' value='" . esc_attr( $form->hash ) . "' />\n";
 			$r .= "\t</p>\n";
 			$r .= "</form>\n";
 		}
@@ -1695,6 +1710,8 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 			isset( $_POST['action'] ) && 'grunion-contact-form' === $_POST['action']
 		&&
 			isset( $_POST['contact-form-id'] ) && $form->get_attribute( 'id' ) == $_POST['contact-form-id']
+		&&
+			isset( $_POST['contact-form-hash'] ) && hash_equals( $form->hash, $_POST['contact-form-hash'] )
 		) {
 			// If we're processing a POST submission for this contact form, validate the field value so we can show errors as necessary.
 			$field->validate();
@@ -2193,6 +2210,7 @@ class Grunion_Contact_Form extends Crunion_Contact_Form_Shortcode {
 		$redirect = add_query_arg( urlencode_deep( array(
 			'contact-form-id'   => $id,
 			'contact-form-sent' => $post_id,
+			'contact-form-hash' => $this->hash,
 			'_wpnonce'          => wp_create_nonce( "contact-form-sent-{$post_id}" ), // wp_nonce_url HTMLencodes :(
 		) ), $redirect );