<?php if ( ! defined( 'ABSPATH' ) ) exit;
add_action( 'wp_ajax_ninja_forms_save_metabox_state', 'ninja_forms_save_metabox_state' );
function ninja_forms_save_metabox_state(){
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$plugin_settings = nf_get_settings();
$page = esc_html( $_REQUEST['page'] );
$tab = esc_html( $_REQUEST['tab'] );
$slug = esc_html( $_REQUEST['slug'] );
$metabox_state = esc_html( $_REQUEST['metabox_state'] );
$plugin_settings['metabox_state'][$page][$tab][$slug] = $metabox_state;
update_option( 'ninja_forms_settings', $plugin_settings );
* When a field settings metabox is expanded, return a JSON element containing the field settings HTML
function nf_output_field_settings_html() {
// Bail if we aren't in the admin
// Bail if we don't have proper permissions
if ( ! current_user_can( apply_filters( 'nf_new_field_capabilities', 'manage_options' ) ) )
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_id = esc_html( $_REQUEST['field_id'] );
$data = isset ( $_REQUEST['data'] ) ? json_decode( stripslashes( $_REQUEST['data'] ), true ) : array();
$field = ninja_forms_get_field_by_id( $field_id );
$field_data = $field['data'];
$data = wp_parse_args( $data, $field_data );
nf_output_registered_field_settings( $field_id, $data );
add_action( 'wp_ajax_nf_output_field_settings_html', 'nf_output_field_settings_html' );
* Save our admin fields page.
function nf_admin_save_builder() {
global $ninja_forms_fields, $wpdb;
// Bail if we aren't in the admin
// Bail if we don't have proper permissions
if ( ! current_user_can( apply_filters( 'nf_new_field_capabilities', 'manage_options' ) ) )
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_data = json_decode( stripslashes( $_REQUEST['field_data'] ), true );
$form_id = esc_html( $_REQUEST['form_id'] );
$form_title = stripslashes( $_REQUEST['form_title'] );
$field_order = json_decode( strip_tags( stripslashes( $_REQUEST['field_order'] ) ), true );
if ( is_array ( $field_order ) ) {
foreach ( $field_order as $id ) {
$id = str_replace( 'ninja_forms_field_', '', $id );
$order_array[ $id ] = $x;
foreach ( $field_data as $field ) {
$field_id = $field['id'];
unset( $field['metabox_state'] );
$tmp_array[ $field_id ] = $field;
$field_data = $tmp_array;
if ( isset ( $ninja_forms_fields ) && is_array( $ninja_forms_fields ) ) {
foreach ( $ninja_forms_fields as $slug => $field ){
if ( $field['save_function'] != '') {
$save_function = $field['save_function'];
$arguments['form_id'] = $form_id;
$arguments['data'] = $field_data;
$field_data = call_user_func_array( $save_function, $arguments );
if( $form_id != '' && $form_id != 0 && $form_id != 'new' ){
foreach ( $field_data as $field_id => $vals ) {
$field_order = isset( $order_array[$field_id] ) ? $order_array[$field_id] : '';
$field_row = ninja_forms_get_field_by_id( $field_id );
$data = $field_row['data'];
foreach( $vals as $k => $v ){
$data_array = array('data' => serialize( $data ), 'order' => $field_order);
$wpdb->update( NINJA_FORMS_FIELDS_TABLE_NAME, $data_array, array( 'id' => $field_id ));
$date_updated = date( 'Y-m-d H:i:s', strtotime ( 'now' ) );
Ninja_Forms()->form( $form_id )->update_setting( 'form_title', $form_title );
Ninja_Forms()->form( $form_id )->update_setting( 'date_updated', $date_updated );
Ninja_Forms()->form( $form_id )->update_setting( 'status', '' );
// Dump our current form transient.
delete_transient( 'nf_form_' . $form_id );
add_action( 'wp_ajax_nf_admin_save_builder', 'nf_admin_save_builder' );
add_action('wp_ajax_ninja_forms_new_field', 'ninja_forms_new_field');
function ninja_forms_new_field(){
global $wpdb, $ninja_forms_fields;
// Bail if we aren't in the admin
// Bail if we don't have proper permissions
if ( ! current_user_can( apply_filters( 'nf_new_field_capabilities', 'manage_options' ) ) )
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$type = esc_html( $_REQUEST['type'] );
$form_id = absint( $_REQUEST['form_id'] );
if( isset( $ninja_forms_fields[$type]['name'] ) ){
$type_name = $ninja_forms_fields[$type]['name'];
if( isset( $ninja_forms_fields[$type]['default_label'] ) ){
$default_label = $ninja_forms_fields[$type]['default_label'];
if( isset( $ninja_forms_fields[$type]['edit_options'] ) ){
$edit_options = $ninja_forms_fields[$type]['edit_options'];
if ( $default_label != '' ) {
$input_limit_msg = __( 'character(s) left', 'ninja-forms' );
$data = serialize( array( 'label' => $label, 'input_limit_msg' => $input_limit_msg ) );
if($form_id != 0 && $form_id != ''){
$new_id = ninja_forms_insert_field( $form_id, $args );
$new_html = ninja_forms_return_echo('ninja_forms_edit_field', $new_id, true );
header("Content-type: application/json");
$array = array ('new_id' => $new_id, 'new_type' => $type_name, 'new_html' => $new_html, 'edit_options' => $edit_options, 'new_type_slug' => $type );
echo json_encode($array);
add_action('wp_ajax_ninja_forms_remove_field', 'ninja_forms_remove_field');
function ninja_forms_remove_field(){
// Bail if we aren't in the admin
// Bail if we don't have proper permissions
if ( ! current_user_can( apply_filters( 'nf_delete_field_capabilities', 'manage_options' ) ) )
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_id = absint( $_REQUEST['field_id'] );
$form_id = absint( $_REQUEST['form_id'] );
$wpdb->query($wpdb->prepare("DELETE FROM ".NINJA_FORMS_FIELDS_TABLE_NAME." WHERE id = %d", $field_id));
Ninja_Forms()->form( $form_id )->dump_cache();
add_action('wp_ajax_ninja_forms_add_list_option', 'ninja_forms_add_list_options');
function ninja_forms_add_list_options(){
// Bail if we aren't in the admin
// Bail if we don't have proper permissions
if ( ! current_user_can( apply_filters( 'nf_new_field_capabilities', 'manage_options' ) ) )
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_id = absint( $_REQUEST['field_id'] );
$x = absint( $_REQUEST['x'] );
$hidden_value = esc_html( $_REQUEST['hidden_value'] );
ninja_forms_field_list_option_output($field_id, $x, '', $hidden_value);
function ninja_forms_insert_fav(){
global $wpdb, $ninja_forms_fields;
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$fav_id = absint( $_REQUEST['field_id'] );
$form_id = absint( $_REQUEST['form_id'] );
$fav_row = ninja_forms_get_fav_by_id($fav_id);
$data = serialize($fav_row['data']);
$type = $fav_row['type'];
$type_name = $ninja_forms_fields[$type]['name'];
if($form_id != 0 && $form_id != ''){
$new_id = ninja_forms_insert_field( $form_id, $args );
$new_html = ninja_forms_return_echo('ninja_forms_edit_field', $new_id, true );
header("Content-type: application/json");
$array = array ('new_id' => $new_id, 'new_type' => $type_name, 'new_html' => $new_html);
echo json_encode($array);
add_action('wp_ajax_ninja_forms_insert_fav', 'ninja_forms_insert_fav');
function ninja_forms_insert_def(){
global $wpdb, $ninja_forms_fields;
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$def_id = absint( $_REQUEST['field_id'] );
$form_id = absint( $_REQUEST['form_id'] );
$def_row = ninja_forms_get_def_by_id($def_id);
$data = serialize($def_row['data']);
$type = $def_row['type'];
$type_name = $ninja_forms_fields[$type]['name'];
if($form_id != 0 && $form_id != ''){
$new_id = ninja_forms_insert_field( $form_id, $args );
$new_html = ninja_forms_return_echo('ninja_forms_edit_field', $new_id, true );
header("Content-type: application/json");
$array = array ('new_id' => $new_id, 'new_type' => $type_name, 'new_html' => $new_html);
echo json_encode($array);
add_action('wp_ajax_ninja_forms_insert_def', 'ninja_forms_insert_def');
add_action('wp_ajax_ninja_forms_add_fav', 'ninja_forms_add_fav');
function ninja_forms_add_fav(){
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_data = $_REQUEST['field_data'];
$field_id = absint( $_REQUEST['field_id'] );
$field_row = ninja_forms_get_field_by_id($field_id);
$field_type = $field_row['type'];
foreach($field_data as $key => $val){
$key = stripslashes( $key );
$key = str_replace('"', '', $key);
$key = str_replace(']', '', $key);
$key = explode('[', $key);
$count = count($key) - 1;
$data = ninja_forms_array_merge_recursive($data, $multi);
$name = stripslashes( esc_html( $_REQUEST['fav_name'] ) );
if ( !isset ( $data['label'] ) or empty ( $data['label'] ) ) {
$data = ninja_forms_stripslashes_deep( $data );
$data = serialize($data);
$wpdb->insert(NINJA_FORMS_FAV_FIELDS_TABLE_NAME, array('row_type' => 1, 'type' => $field_type, 'order' => 0, 'data' => $data, 'name' => $name));
$fav_id = $wpdb->insert_id;
$update_array = array('fav_id' => $fav_id);
$wpdb->update( NINJA_FORMS_FIELDS_TABLE_NAME, $update_array, array( 'id' => $field_id ));
$new_html = '<p class="button-controls" id="ninja_forms_insert_fav_field_'.$fav_id.'_p">
<a class="button add-new-h2 ninja-forms-insert-fav-field" id="ninja_forms_insert_fav_field_'.$fav_id.'" data-field="' . $fav_id . '" data-type="fav" href="#">'.__($name, 'ninja-forms').'</a>
header("Content-type: application/json");
$array = array ('fav_id' => $fav_id, 'fav_name' => $name, 'link_html' => $new_html);
echo json_encode($array);
add_action('wp_ajax_ninja_forms_add_def', 'ninja_forms_add_def');
function ninja_forms_add_def(){
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_data = $_REQUEST['field_data'];
$field_id = absint( $_REQUEST['field_id'] );
$field_row = ninja_forms_get_field_by_id($field_id);
$field_type = $field_row['type'];
foreach($field_data as $key => $val){
$key = str_replace('"', '', $key);
$key = str_replace(']', '', $key);
$key = explode('[', $key);
$count = count($key) - 1;
$data = ninja_forms_array_merge_recursive($data, $multi);
$name = stripslashes( esc_html( $_REQUEST['def_name'] ) );
$data = serialize($data);
$wpdb->insert(NINJA_FORMS_FAV_FIELDS_TABLE_NAME, array('row_type' => $row_type, 'type' => $field_type, 'data' => $data, 'name' => $name));
$def_id = $wpdb->insert_id;
$update_array = array('def_id' => $def_id);
$wpdb->update( NINJA_FORMS_FIELDS_TABLE_NAME, $update_array, array( 'id' => $field_id ));
$new_html = '<p class="button-controls" id="ninja_forms_insert_def_field_'.$def_id.'_p">
<a class="button add-new-h2 ninja-forms-insert-def-field" id="ninja_forms_insert_def_field_'.$def_id.'" name="" href="#">'.__($name, 'ninja-forms').'</a>
header("Content-type: application/json");
$array = array ('def_id' => $def_id, 'def_name' => $name, 'link_html' => $new_html);
echo json_encode($array);
add_action('wp_ajax_ninja_forms_remove_fav', 'ninja_forms_remove_fav');
function ninja_forms_remove_fav(){
global $wpdb, $ninja_forms_fields;
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_id = absint( $_REQUEST['field_id'] );
$field_row = ninja_forms_get_field_by_id($field_id);
$field_type = $field_row['type'];
$fav_id = $field_row['fav_id'];
$wpdb->query($wpdb->prepare("DELETE FROM ".NINJA_FORMS_FAV_FIELDS_TABLE_NAME." WHERE id = %d", $fav_id));
$wpdb->update(NINJA_FORMS_FIELDS_TABLE_NAME, array('fav_id' => '' ), array('fav_id' => $fav_id));
$type_name = $ninja_forms_fields[$field_type]['name'];
header("Content-type: application/json");
$array = array ('fav_id' => $fav_id, 'type_name' => $type_name);
echo json_encode($array);
add_action('wp_ajax_ninja_forms_remove_def', 'ninja_forms_remove_def');
function ninja_forms_remove_def(){
global $wpdb, $ninja_forms_fields;
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
$field_id = absint( $_REQUEST['field_id'] );
$field_row = ninja_forms_get_field_by_id($field_id);
$field_type = $field_row['type'];
$def_id = $field_row['def_id'];
$wpdb->query($wpdb->prepare("DELETE FROM ".NINJA_FORMS_FAV_FIELDS_TABLE_NAME." WHERE id = %d", $def_id));
$wpdb->update(NINJA_FORMS_FIELDS_TABLE_NAME, array('def_id' => '' ), array('def_id' => $def_id));
$type_name = $ninja_forms_fields[$field_type]['name'];
header("Content-type: application/json");
$array = array ('def_id' => $def_id, 'type_name' => $type_name);
echo json_encode($array);
add_action( 'wp_ajax_ninja_forms_side_sortable', 'ninja_forms_side_sortable' );
function ninja_forms_side_sortable(){
// Bail if we aren't in the admin
check_ajax_referer( 'nf_ajax', 'nf_ajax_nonce' );
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
