HEX
Server: LiteSpeed
System: Linux node612.namehero.net 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User: dfwparty (1186)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/dfwparty/candytheclown.com/wp-content/plugins/ws-form-pro/public/add-view.php
<?php
	// phpcs:disable missing_direct_file_access_protection -- Direct access required

	// This script is only used if we can reliably load wp-load.php in SHORTINIT mode as determine by scripts in class-ws-form-public.php
	// It executes the add view method without loading all of WordPress to improve performance

	// Check super globals
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.NonceVerification.Missing -- These are only checks
	if(!isset($_SERVER) || !isset($_POST)) { exit; }

	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.NonceVerification.Missing -- Public method, no NONCE required, sanitized below
	$ws_form_server = $_SERVER;

	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.NonceVerification.Missing -- Public method, no NONCE required, sanitized below
	$ws_form_post = $_POST;

	// Check array elements exist
	if(
		!isset($ws_form_server['SCRIPT_FILENAME']) ||
		!isset($ws_form_server['HTTP_REFERER']) ||
		!isset($ws_form_server['HTTP_HOST']) ||
		!isset($ws_form_server['REQUEST_METHOD']) ||
		(strtolower($ws_form_server['REQUEST_METHOD']) !== 'post') ||
		!isset($ws_form_post['wsffid'])
	) {
		exit;
	}

	// Check referrer
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.WP.AlternativeFunctions.parse_url_parse_url -- Cannot use WordPress functions at this point
	if(strtolower(parse_url($ws_form_server['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($ws_form_server['HTTP_HOST'])) { exit; }

	// Get form ID
	$ws_form_form_id =  intval($ws_form_post['wsffid']);	// phpcs:ignore WordPress.Security.NonceVerification

	// Check form ID
	if($ws_form_form_id === 0) { exit; }

	// Load WordPress
	define('SHORTINIT', true);

	if(!defined('WS_FORM_AV_WORDPRESS_ROOT')) { define('WS_FORM_AV_WORDPRESS_ROOT', dirname($ws_form_server['SCRIPT_FILENAME'], 5)); }

	$ws_form_wp_load_paths = array(

		WS_FORM_AV_WORDPRESS_ROOT . '/wp-load.php',
		WS_FORM_AV_WORDPRESS_ROOT . '/.wordpress/wp-load.php',	// e.g. FlyWheel
	);

	$ws_form_wp_load_success = false;

	foreach($ws_form_wp_load_paths as $ws_form_wp_load_path) {

		if(file_exists($ws_form_wp_load_path)) {

			require_once $ws_form_wp_load_path;
			$ws_form_wp_load_success = true;
			break;
		}
	}

	if(!$ws_form_wp_load_success) {

		ws_form_error('Unable to find wp-load.php');
	}

	// Required definitions
	define('WS_FORM_IDENTIFIER', 'ws_form');
	define('WS_FORM_DB_TABLE_PREFIX', 'wsf_');

	// Dummy function
	// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
	function __($m) { return $m; }

	// Load stats class
	if(!defined('WS_FORM_AV_PLUGIN_ROOT')) { define('WS_FORM_AV_PLUGIN_ROOT', dirname($ws_form_server['SCRIPT_FILENAME'], 2)); }
	if(!file_exists(WS_FORM_AV_PLUGIN_ROOT . '/includes/class-ws-form-common.php')) { exit; }
	require_once WS_FORM_AV_PLUGIN_ROOT . '/includes/class-ws-form-common.php';
	if(!file_exists(WS_FORM_AV_PLUGIN_ROOT . '/includes/core/class-ws-form-core.php')) { exit; }
	require_once WS_FORM_AV_PLUGIN_ROOT . '/includes/core/class-ws-form-core.php';
	if(!file_exists(WS_FORM_AV_PLUGIN_ROOT . '/includes/core/class-ws-form-form-stat.php')) { exit; }
	require_once WS_FORM_AV_PLUGIN_ROOT . '/includes/core/class-ws-form-form-stat.php';

	global $wpdb;
	if(empty($wpdb)) { exit; }

	// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,WordPress.DB.PreparedSQL.NotPrepared -- Checks if form ID exists
	if(!$wpdb->get_var($wpdb->prepare(
		"SELECT ID FROM {$wpdb->prefix}wsf_form WHERE id = %d AND status = 'publish'",
		$ws_form_form_id
	))) { exit; };

	try {

		// Log view
		$ws_form_form_stat = new WS_Form_Form_Stat();
		$ws_form_form_stat->form_id = $ws_form_form_id;
		$ws_form_form_stat->db_add_view();

	} catch (Exception $e) {

		// Exit with error to avoid PHP error messages
		exit;
	}

	// X-Robots-Tag header
	header('X-Robots-Tag: noindex, nofollow');

	// JSON response
	header('Content-Type: application/json');
	echo json_encode(array('error' => false));
	exit;

	function ws_form_error($error_message) {

		// JSON response
		header('Content-Type: application/json');
		echo json_encode(array('error' => true, 'error_message' => $error_message));
		exit;
	}