function testCreateTree()
{
$this->testSetUser();
wpfb_loadclass('Admin');
/** @var WPFB_Category $parent */
$parent = null;
/** @var WPFB_Category[] $cats */
$cats = array();
for ($d = 0; $d < 4; $d++) {
$res = WPFB_Admin::InsertCategory(array('cat_name' => "layer {$d}", 'cat_parent' => $parent ? $parent->GetId() : 0));
$this->assertEmpty($res['error']);
/** @var WPFB_Category $cat */
$cat = $res['cat'];
$this->assertTrue($parent ? $cat->GetParent()->Equals($parent) : is_null($cat->GetParent()));
$this->assertTrue(is_dir($cat->GetLocalPath()));
$cats[] = $cat;
$parent = $cat;
}
// print_r(array_map( function($c) { return strval($c);}, $cats));
$files = new TestFileSet();
$res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner(), 'file_category' => $parent));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_File $file01 */
$file01 = $res['file'];
}
function testDownload()
{
$usr = wp_create_user('test_admin', 'test_admin');
$this->assertNotWPError($usr);
wp_set_current_user($usr);
$files = new TestFileSet();
$res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner()));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_File $file01 */
$file01 = $res['file'];
$file01->Delete();
}
function test_new_file_remote()
{
$usr = wp_create_user('test_admin', 'test_admin');
$this->assertNotWPError($usr);
wp_set_current_user($usr);
wpfb_loadclass('Admin');
$res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'https://wpfilebase.com/wp-content/blogs.dir/2/files/2015/03/banner_023.png'));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_File $file */
$file = $res['file'];
$this->assertTrue($file->IsLocal(), 'IsLocal false');
$this->assertFileExists($file->GetLocalPath());
$this->assertNotEmpty($file->file_thumbnail);
$this->assertFileExists($file->GetThumbPath());
$this->assertTrue($file->Remove());
}
static function Display()
{
global $wpdb, $user_ID;
wpfb_loadclass('File', 'Category', 'Admin', 'Output');
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
$action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : '';
$clean_uri = remove_query_arg(array('message', 'action', 'file_id', 'cat_id', 'deltpl', 'hash_sync'));
// keep search keyword
// nonce/referer check (security)
if ($action == 'updatefile' || $action == 'addfile') {
$nonce_action = WPFB . "-" . $action;
if ($action == 'updatefile') {
$nonce_action .= $_POST['file_id'];
}
if (!check_admin_referer($nonce_action, 'wpfb-file-nonce')) {
wp_die(__('Cheatin’ uh?'));
}
}
// switch simple/extended form
if (isset($_GET['exform'])) {
$exform = !empty($_GET['exform']) && $_GET['exform'] == 1;
update_user_option($user_ID, WPFB_OPT_NAME . '_exform', $exform, true);
} else {
$exform = (bool) get_user_option(WPFB_OPT_NAME . '_exform');
}
?>
<div class="wrap">
<?php
switch ($action) {
case 'editfile':
if (!current_user_can('upload_files')) {
wp_die(__('Cheatin’ uh?'));
}
if (!empty($_POST['files'])) {
if (!is_array($_POST['files'])) {
$_POST['files'] = explode(',', $_POST['files']);
}
$files = array();
foreach ($_POST['files'] as $file_id) {
$file = WPFB_File::GetFile($file_id);
if (!is_null($file) && $file->CurUserCanEdit()) {
$files[] = $file;
}
}
if (count($files) > 0) {
WPFB_Admin::PrintForm('file', $files, array('multi_edit' => true));
} else {
wp_die('No files to edit.');
}
} else {
$file = WPFB_File::GetFile($_GET['file_id']);
if (is_null($file) || !$file->CurUserCanEdit()) {
wp_die(__('You do not have the permission to edit this file!', 'wp-filebase'));
}
WPFB_Admin::PrintForm('file', $file);
}
break;
case 'updatefile':
$file_id = (int) $_POST['file_id'];
$update = true;
$file = WPFB_File::GetFile($file_id);
if (is_null($file) || !$file->CurUserCanEdit()) {
wp_die(__('Cheatin’ uh?'));
}
case 'addfile':
$update = !empty($update);
if (!WPFB_Core::CurUserCanUpload()) {
wp_die(__('Cheatin’ uh?'));
}
extract($_POST);
if (isset($jj) && isset($ss)) {
$jj = $jj > 31 ? 31 : $jj;
$hh = $hh > 23 ? $hh - 24 : $hh;
$mn = $mn > 59 ? $mn - 60 : $mn;
$ss = $ss > 59 ? $ss - 60 : $ss;
$_POST['file_date'] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss);
}
$result = WPFB_Admin::InsertFile(stripslashes_deep(array_merge($_POST, $_FILES)), true);
if (isset($result['error']) && $result['error']) {
$message = $result['error'] . '<br /><a href="javascript:history.back()">' . __("Go back") . '</a>';
} else {
$message = $update ? __('File updated.', 'wp-filebase') : __('File added.', 'wp-filebase');
}
default:
if (!current_user_can('upload_files')) {
wp_die(__('Cheatin’ uh?'));
}
if (!empty($_REQUEST['redirect']) && !empty($_REQUEST['redirect_to'])) {
WPFB_AdminLite::JsRedirect($_REQUEST['redirect_to']);
exit;
}
if (!empty($_POST['deleteit'])) {
foreach ((array) $_POST['delete'] as $file_id) {
if (is_object($file = WPFB_File::GetFile($file_id)) && $file->CurUserCanDelete()) {
$file->Remove(true);
}
}
WPFB_File::UpdateTags();
}
?>
<h2><?php
echo str_replace(array('(<', '>)'), array('<', '>'), sprintf(__('Manage Files (<a href="%s">add new</a>)', 'wp-filebase'), '#addfile" class="add-new-h2'));
echo '<a href="' . admin_url('admin.php?page=wpfilebase_manage&action=batch-upload') . '" class="add-new-h2">' . __('Batch Upload', 'wp-filebase') . '</a>';
if (isset($_GET['s']) && $_GET['s']) {
printf('<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html(stripslashes($_GET['s'])));
}
?>
</h2>
<?php
if (!empty($message)) {
?>
<div id="message" class="updated fade"><p><?php
echo $message;
?>
</p></div><?php
}
if (WPFB_Core::CurUserCanUpload() && ($action == 'addfile' || $action == 'updatefile')) {
unset($file);
WPFB_Admin::PrintForm('file', null, array('exform' => $exform, 'item' => new WPFB_File(isset($result['error']) && $result['error'] ? $_POST : null)));
}
wpfb_loadclass('FileListTable');
$file_table = new WPFB_FileListTable();
$file_table->prepare_items();
?>
<form class="search-form topmargin" action="" method="get">
<input type="hidden" value="<?php
echo esc_attr($_GET['page']);
?>
" name="page" />
<input type="hidden" value="<?php
echo empty($_GET['view']) ? '' : esc_attr(@$_GET['view']);
?>
" name="view" />
<?php
$file_table->search_box(__('Search Files', 'wp-filebase'), 's');
?>
</form>
<?php
$file_table->views();
?>
<form id="posts-filter" action="" method="post">
<input type="hidden" name="page" value="<?php
echo $_REQUEST['page'];
?>
" />
<?php
$file_table->display();
?>
</form>
<br class="clear" />
<?php
if ($action != 'addfile' && $action != 'updatefile' && WPFB_Core::CurUserCanUpload()) {
unset($file);
WPFB_Admin::PrintForm('file', null, array('exform' => $exform));
}
break;
// default
}
/*
$file_list_table = new WPFB_File_List_Table();
$pagenum = $file_list_table->get_pagenum();
$doaction = $file_list_table->current_action();
$file_list_table->prepare_items();
$file_list_table->views();
$file_list_table->search_box( "asdf", 'post' );
$file_list_table->display();
*/
?>
</div> <!-- wrap -->
<?php
}
if (!WPFB_Core::$settings->auto_attach_files) {
echo '<div id="no-auto-attach-note" class="updated">';
printf(__('Note: Listing of attached files is disabled. You have to <a href="%s">insert the attachments tag</a> to show the files in the content.'), 'javascript:insAttachTag();');
echo '</div>';
}
if ($action == 'addfile' || $action == 'updatefile') {
// nonce/referer check (security)
$nonce_action = WPFB . "-" . $action;
if ($action == 'updatefile') {
$nonce_action .= $_POST['file_id'];
}
// check both nonces, since when using ajax uploader, the nonce if witout suffix -editor
if (!wp_verify_nonce($_POST['wpfb-file-nonce'], $nonce_action . "-editor") && !wp_verify_nonce($_POST['wpfb-file-nonce'], $nonce_action)) {
wp_die(__('Cheatin’ uh?'));
}
$result = WPFB_Admin::InsertFile(stripslashes_deep(array_merge($_POST, $_FILES)));
if (isset($result['error']) && $result['error']) {
?>
<div id="message" class="updated fade"><p><?php
echo $result['error'];
?>
</p></div><?php
$file = new WPFB_File($_POST);
} else {
// success!!!!
$file_id = $result['file_id'];
if ($action != 'addfile') {
$file = null;
}
}
}
public static function ProcessWidgetUpload()
{
$content = '';
$title = '';
if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) {
wp_die(__('Cheatin’ uh?') . " (disabled)");
}
$form = null;
$nonce_action = $_POST['prefix'] . "=&cat=" . (int) $_POST['cat'] . "&overwrite=" . (int) $_POST['overwrite'] . "&file_post_id=" . (int) $_POST['file_post_id'];
// nonce/referer check (security)
if (!check_admin_referer($nonce_action, 'wpfb-file-nonce')) {
wp_die(__('Cheatin’ uh?') . ' (security)');
}
// if category is set in widget options, force to use this. security done with nonce checking ($_POST['cat'] is reliable)
if ($_POST['cat'] >= 0) {
$_POST['file_category'] = $_POST['cat'];
}
$result = WPFB_Admin::InsertFile(array_merge(stripslashes_deep($_POST), $_FILES, array('frontend_upload' => true, 'form' => empty($form) ? null : $form)));
if (isset($result['error']) && $result['error']) {
$content .= '<div id="message" class="updated fade"><p>' . $result['error'] . '</p></div>';
$title .= __('Error');
} else {
// success!!!!
$file = WPFB_File::GetFile($result['file_id']);
$title = trim(__('File added.', WPFB), '.');
$content = __('The File has been uploaded successfully.', WPFB) . $file->GenTpl2();
}
wpfb_loadclass('Output');
WPFB_Output::GeneratePage($title, $content, !empty($_POST['form_tag']));
// prepend to content if embedded form!
}
/**
* @depends testCreateCatAndFile
*/
function testCreateTree()
{
$this->testSetUser();
wpfb_loadclass('Admin');
WPFB_Category::DisableBubbling(false);
/** @var WPFB_Category $parent */
$parent = null;
/** @var WPFB_Category[] $cats */
$cats = array();
for ($d = 0; $d < 4; $d++) {
$res = WPFB_Admin::InsertCategory(array('cat_name' => "layer {$d}", 'cat_parent' => $parent ? $parent->GetId() : 0));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_Category $cat */
$cat = $res['cat'];
$this->assertTrue($parent ? $cat->GetParent()->Equals($parent) : is_null($cat->GetParent()));
$this->assertTrue(is_dir($cat->GetLocalPath()));
$cats[] = $cat;
$parent = $cat;
}
$this->assertEquals($cats[0]->cat_id, $cats[1]->GetParent()->cat_id);
//$this->assertEquals($cats[2]->GetParent(), $cats[1], '', 0.0, 2, true);
// print_r(array_map( function($c) { return strval($c);}, $cats));
$files = new TestFileSet();
$res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner(), 'file_category' => $parent));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_File $file01 */
$file01 = $res['file'];
$res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getSmallTxt(), 'file_category' => $parent->GetParent()));
$this->assertEmpty($res['error'], $res['error']);
/** @var WPFB_File $file02 */
$file02 = $res['file'];
$this->assertEquals($file01->GetParent()->cat_id, $parent->cat_id);
$this->assertEquals($file02->GetParent()->cat_id, $parent->GetParent()->cat_id);
$this->assertEquals($file02->GetParent(), $parent->GetParent());
$this->assertEquals(2, $parent->GetParent()->cat_num_files_total);
$this->assertEquals(2, $file02->GetParent()->cat_num_files_total);
$this->assertEquals(1, $file02->GetParent()->cat_num_files);
$this->assertEquals(2, $cats[0]->cat_num_files_total);
$this->assertEquals(1, count($parent->GetParent()->GetChildCats(true)));
$this->assertEquals(1, count($file02->GetParent()->GetChildCats(true)));
$this->assertEquals(2, count($cats[0]->GetChildFiles(true)), $cats[0]);
$this->assertEquals(3, count($cats[0]->GetChildCats(true)), $cats[0]);
$this->assertEquals(2, count($cats[2]->GetChildFiles(true)), $cats[2]);
$this->assertEquals(1, count($cats[2]->GetChildCats(true)), $cats[2]);
$this->assertEquals(2, count($cats[1]->GetChildCats(true)), $cats[1]);
$this->assertEquals(2, count($cats[1]->GetChildFiles(true)), $cats[1]);
$res = $parent->Delete();
$this->assertEmpty($res['error'], $res['error']);
unset($cats[3]);
$file01->DBReload();
// TODO fix: need to reload from DB!
$this->assertFileExists($file01->GetLocalPath());
$this->assertFileExists($file01->GetThumbPath());
// print_r(array_map( function($c) { return strval($c);}, $cats));
$this->assertEquals(strval($file01->GetParent()), strval($file02->GetParent()));
$this->assertEquals(0, count($cats[2]->DBReload()->GetChildCats(true)), $cats[2]);
$this->assertEquals(2, count($cats[2]->GetChildFiles(false)), $cats[2]);
$this->assertEquals(1, count($cats[1]->DBReload()->GetChildCats(true)), $cats[1]);
$this->assertEquals(2, count($cats[1]->GetChildFiles(true)), $cats[1]);
$this->assertEquals(2, count($cats[0]->DBReload()->GetChildCats(true)), $cats[0]);
$this->assertEquals(2, count($cats[0]->GetChildFiles(true)), $cats[0]);
foreach ($cats as $cat) {
$res = $cat->DBReload()->Delete();
$this->assertEmpty($res['error'], $res['error']);
}
$thumb = $file01->GetThumbPath();
$this->assertTrue($file01->DBReload()->Delete());
$this->assertTrue($file02->DBReload()->Delete());
$this->assertFileNotExists($thumb);
}
wp_die(__('No file was uploaded.', WPFB) . ' (ASYNC)');
}
if (!@is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !@move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
}
$_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
$json = json_encode($_FILES['async-upload']);
if ($file_add_now) {
$file_data = array('file_flash_upload' => $json, 'file_category' => 0);
if (!empty($_REQUEST['presets'])) {
$presets = array();
parse_str(stripslashes($_REQUEST['presets']), $presets);
WPFB_Admin::AdaptPresets($presets);
$file_data = array_merge($file_data, $presets);
}
$result = WPFB_Admin::InsertFile($file_data, false);
if (empty($result['error'])) {
$resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
if (isset($_REQUEST['tpl_tag'])) {
$tpl_tag = $_REQUEST['tpl_tag'];
if ($tpl_tag === 'false') {
$tpl_tag = null;
}
$resp['tpl'] = $result['file']->GenTpl2($tpl_tag);
}
} else {
wpfb_ajax_die($result['error']);
}
$json = json_encode($resp);
}
@header('Content-Type: application/json; charset=' . get_option('blog_charset'));
private static function upload($args)
{
define('TMP_FILE_MAX_AGE', 3600 * 3);
$frontend_upload = !empty($args['frontend_upload']) && $args['frontend_upload'] !== "false";
$file_add_now = !empty($args['file_add_now']) && $args['file_add_now'] !== "false";
// TODO: need to check if frontend_upload and user logged in state
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (!is_user_logged_in()) {
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
if (!empty($_REQUEST['auth_cookie']) || !empty($_REQUEST['logged_in_cookie'])) {
wp_set_current_user(wp_validate_auth_cookie());
}
}
wpfb_loadclass('Category', 'File');
$parent_cat = empty($args['cat_id']) ? null : WPFB_Category::GetCat($args['cat_id']);
if ($frontend_upload) {
if ($file_add_now) {
wpfb_ajax_die('Unsupported upload!');
} else {
if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) {
wpfb_ajax_die(__('You do not have permission to upload files.'));
}
}
} else {
if (!WPFB_Core::CurUserCanUpload() && !$parent_cat && !$parent_cat->CurUserCanAddFiles()) {
wpfb_ajax_die(__('You do not have permission to upload files.'));
}
check_admin_referer(WPFB . '-async-upload');
}
wpfb_loadclass('Admin');
if (!empty($args['delupload'])) {
$del_upload = @json_decode($args['delupload']);
if ($del_upload && is_file($tmp = WPFB_Core::UploadDir() . '/.tmp/' . str_replace(array('../', '.tmp/'), '', $del_upload->tmp_name))) {
echo (int) @unlink($tmp);
}
// delete other old temp files
require_once ABSPATH . 'wp-admin/includes/file.php';
$tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp');
foreach ($tmp_files as $tmp) {
if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) {
@unlink($tmp);
}
}
exit;
}
if (empty($_FILES['async-upload'])) {
wpfb_ajax_die(__('No file was uploaded.', 'wp-filebase') . ' (ASYNC)');
}
if (!is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
}
$_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
$json = json_encode($_FILES['async-upload']);
if ($file_add_now) {
$file_data = array('file_flash_upload' => $json, 'file_category' => 0);
if (!empty($args['presets'])) {
$presets = array();
parse_str($args['presets'], $presets);
WPFB_Admin::AdaptPresets($presets);
$file_data = array_merge($file_data, $presets);
}
$result = WPFB_Admin::InsertFile($file_data, false);
if (empty($result['error'])) {
$resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
if (isset($args['tpl_tag'])) {
$tpl_tag = $args['tpl_tag'];
if ($tpl_tag === 'false') {
$tpl_tag = null;
}
$resp['tpl'] = $result['file']->GenTpl2($tpl_tag);
}
} else {
wpfb_ajax_die($result['error']);
}
$json = json_encode($resp);
}
header('Content-Type: application/json; charset=' . get_option('blog_charset'));
//header('Content-Length: ' . strlen($json));
echo $json;
}
