'api_key', // Field name (will be saved as-is)
* 'label' => 'API Key', // Display label
* 'type' => 'text', // Input type (text, password, select, textarea)
* 'required' => true, // Whether field is required
* 'placeholder' => '', // Optional placeholder
* 'description' => '', // Optional help text
* 'mask' => true, // Whether to mask in table (for sensitive data)
* 'show_in_table' => true, // Whether to show in accounts table
* 'options' => [] // For select fields: ['value' => 'Label']
* ]
* @param string $instructions HTML content for instructions sidebar.
* @param array $config Optional configuration:
* [
* 'ajax_action_prefix' => 'adfoin', // AJAX action prefix
* 'show_status' => false, // Show connection status column
* 'custom_save_handler' => null, // Custom save callback
* 'custom_delete_handler' => null, // Custom delete callback
* ]
*/
public static function render_settings_view( $platform, $title, $fields, $instructions, $config = array() ) {
// Default config
$config = wp_parse_args( $config, array(
'ajax_action_prefix' => 'adfoin',
'show_status' => false,
'custom_save_handler' => null,
'custom_delete_handler' => null,
) );
// Auto-sanitize existing credentials for security
self::sanitize_existing_credentials( $platform );
// Read existing credentials
$credentials = adfoin_read_credentials( $platform );
if ( ! is_array( $credentials ) ) {
$credentials = array();
}
$nonce = wp_create_nonce( 'advanced-form-integration' );
?>
6 ) {
return substr( $value, 0, 6 ) . '****';
}
// For short values, show first 2 chars + asterisks
if ( $length > 2 ) {
return substr( $value, 0, 2 ) . str_repeat( '*', $length - 2 );
}
return str_repeat( '*', $length );
}
/**
* Handle AJAX request to save credentials.
* This is a generic handler that can be used by all platforms.
*
* @param string $platform Platform slug.
* @param array $field_names Array of field names to save.
*/
public static function ajax_save_credentials( $platform, $field_names ) {
// Security check
if ( ! wp_verify_nonce( $_POST['_nonce'], 'advanced-form-integration' ) ) {
wp_send_json_error( array( 'message' => __( 'Security check failed', 'advanced-form-integration' ) ) );
}
$credentials = adfoin_read_credentials( $platform );
if ( ! is_array( $credentials ) ) {
$credentials = array();
}
// Handle deletion
if ( isset( $_POST['delete_index'] ) ) {
$index = intval( $_POST['delete_index'] );
if ( isset( $credentials[ $index ] ) ) {
array_splice( $credentials, $index, 1 );
adfoin_save_credentials( $platform, $credentials );
wp_send_json_success( array( 'message' => __( 'Account deleted successfully', 'advanced-form-integration' ) ) );
}
wp_send_json_error( array( 'message' => __( 'Account not found', 'advanced-form-integration' ) ) );
}
// Handle save/update
$id = isset( $_POST['id'] ) ? sanitize_text_field( $_POST['id'] ) : '';
$title = isset( $_POST['title'] ) ? sanitize_text_field( $_POST['title'] ) : '';
if ( empty( $id ) ) {
$id = uniqid();
}
$new_data = array(
'id' => $id,
'title' => $title,
);
// Save all field values with enhanced sanitization
foreach ( $field_names as $name ) {
$value = isset( $_POST[ $name ] ) ? $_POST[ $name ] : '';
// Enhanced sanitization to prevent XSS
$value = sanitize_text_field( $value );
$value = wp_strip_all_tags( $value );
$value = str_replace( array( '"', "'", '<', '>', '&' ), '', $value );
$new_data[ $name ] = $value;
}
// Update existing or add new
$found = false;
foreach ( $credentials as &$cred ) {
if ( $cred['id'] === $id ) {
foreach ( $new_data as $k => $v ) {
$cred[ $k ] = $v;
}
$found = true;
break;
}
}
if ( ! $found ) {
$credentials[] = $new_data;
}
adfoin_save_credentials( $platform, $credentials );
wp_send_json_success( array(
'message' => __( 'Account saved successfully', 'advanced-form-integration' ),
'credentials' => $credentials
) );
}
/**
* Sanitize existing credentials to remove any potential XSS
*
* @param string $platform Platform slug
*/
public static function sanitize_existing_credentials( $platform ) {
$credentials = adfoin_read_credentials( $platform );
if ( ! is_array( $credentials ) ) {
return;
}
$sanitized = false;
foreach ( $credentials as &$cred ) {
foreach ( $cred as $key => &$value ) {
if ( is_string( $value ) ) {
$original = $value;
$value = sanitize_text_field( $value );
$value = wp_strip_all_tags( $value );
$value = str_replace( array( '"', "'", '<', '>', '&' ), '', $value );
if ( $original !== $value ) {
$sanitized = true;
}
}
}
}
if ( $sanitized ) {
adfoin_save_credentials( $platform, $credentials );
}
}
/**
* Handle AJAX request to get credentials list (for Vue components).
* Returns masked sensitive data.
*
* @param string $platform Platform slug.
* @param array $fields Field definitions (to know which to mask).
*/
public static function ajax_get_credentials_list( $platform, $fields = array() ) {
if ( ! wp_verify_nonce( $_POST['_nonce'], 'advanced-form-integration' ) ) {
wp_send_json_error( array( 'message' => __( 'Security check failed', 'advanced-form-integration' ) ) );
}
$credentials = adfoin_read_credentials( $platform );
$list = array();
if ( is_array( $credentials ) ) {
foreach ( $credentials as $cred ) {
$masked_cred = array(
'id' => $cred['id'],
'title' => isset( $cred['title'] ) ? $cred['title'] : __( 'Untitled', 'advanced-form-integration' ),
);
// Mask sensitive fields
foreach ( $fields as $field ) {
$field_name = $field['name'];
if ( isset( $cred[ $field_name ] ) ) {
if ( ! empty( $field['mask'] ) ) {
$masked_cred[ $field_name ] = self::mask_value( $cred[ $field_name ] );
} else {
$masked_cred[ $field_name ] = $cred[ $field_name ];
}
}
}
$list[] = $masked_cred;
}
}
wp_send_json_success( $list );
}
/**
* Handle AJAX request to get full credentials (for editing).
*
* @param string $platform Platform slug.
*/
public static function ajax_get_credentials( $platform ) {
if ( ! wp_verify_nonce( $_POST['_nonce'], 'advanced-form-integration' ) ) {
wp_send_json_error( array( 'message' => __( 'Security check failed', 'advanced-form-integration' ) ) );
}
$credentials = adfoin_read_credentials( $platform );
wp_send_json_success( $credentials );
}
}