function email_vendor()
{
global $wpdb, $current_user;
if (count($_POST['vendor_email']) == 0) {
echo '<p style="color:red;font-weight:bold">' . __("Please select at least one file!", "sp-cdm") . '</p>';
} else {
$files = $_POST['vendor_email'];
$how_many = count($files);
$placeholders = array_fill(0, $how_many, '%d');
$format = implode(', ', $placeholders);
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu WHERE id IN ({$format})", $files);
$r = $wpdb->get_results($query, ARRAY_A);
for ($i = 0; $i < count($r); $i++) {
if ($r[$i]['name'] == "") {
$name = $r[$i]['file'];
} else {
$name = $r[$i]['name'];
}
if ($r[$i]['name'] == '') {
$filename = $r[$i]['file'];
} else {
$filename = $r[$i]['name'];
}
$attachment_links .= '<a href="' . SP_CDM_PLUGIN_URL . 'download.php?fid=' . base64_encode($r[$i]['id'] . '|' . $r[$i]['date'] . '|' . $r[$i]['file']) . '">' . $filename . '</a><br>';
$attachment_array[$i] = '' . SP_CDM_UPLOADS_DIR . '' . $r[$i]['uid'] . '/' . $r[$i]['file'] . '';
}
if ($_POST['vendor_attach'] == 3) {
$attachments = $attachment_array;
$links .= $attachment_links;
} elseif ($_POST['vendor_attach'] == 1) {
$attachments = $attachment_array;
} else {
$links .= $attachment_links;
}
$post['links'] = $links;
$post['vendor-message'] = $_POST['vendor-message'];
$message = spdm_ajax::vendor_replace_vars(get_option('sp_cu_vendor_email'), $post);
$subject = spdm_ajax::vendor_replace_vars(get_option('sp_cu_vendor_email_subject'), $post);
//$headers = apply_filters('spcdm_admin_email_headers',$headers,$post, $uid);
if (get_option('sp_cu_vendor_email') != "") {
add_filter('wp_mail_content_type', 'set_html_content_type');
wp_mail($_POST['vendor'], stripslashes($subject), stripslashes($message), $headers, $attachments);
remove_filter('wp_mail_content_type', 'set_html_content_type');
do_action('sp_cdm_email_send', 'sp_cu_vendor_email', $r[0]['id'], $post, $uid, $to, $subject, $message, $headers, $attachments);
}
echo '<p style="color:green;font-weight:bold">' . __("Files Sent to", "sp-cdm") . ' ' . $_POST['vendor'] . '</p>';
}
}
<?php
$parse_uri = explode('wp-content', $_SERVER['SCRIPT_FILENAME']);
require_once $parse_uri[0] . 'wp-load.php';
$upload_dir = wp_upload_dir();
$function = $_GET['function'];
$spcdm_ajax = new spdm_ajax();
switch ($function) {
case "check-file-permissions":
echo cdm_file_permissions($_GET['pid']);
break;
case "check-folder-permissions":
echo cdm_folder_permissions($_GET['pid']);
break;
case "reload-project-dropdown":
echo $spcdm_ajax->project_dropdown();
break;
case "delete-file":
echo $spcdm_ajax->delete_file();
break;
case "get-file-info":
echo $spcdm_ajax->get_file_info();
break;
case "remove-category":
echo $spcdm_ajax->remove_cat();
break;
case "save-category":
echo $spcdm_ajax->save_cat($_REQUEST['uid']);
break;
case "view-file":
echo $spcdm_ajax->view_file();
<td class="cdm_file_info">' . stripslashes($r_projects[$i]['project_name']) . '</td>
<td class="cdm_file_date"> </td>
<td class="cdm_file_type">Folder</td>
</tr>
';
}
}
}
if ($_GET['sort'] == '') {
$sort = spdm_ajax::order_by();
} else {
$sort = $_GET['sort'];
}
if ($_GET['pid'] == "" or $_GET['pid'] == "0") {
$r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu where (uid = '" . $_GET['uid'] . "' " . $find_groups . ") AND pid = 0 \tAND parent = 0 " . $search_file . " order by " . $sort . " ", ARRAY_A);
} else {
$r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu where pid = '" . $_GET['pid'] . "' AND parent = 0 " . $search_file . " order by " . $sort . " ", ARRAY_A);
}
for ($i = 0; $i < count($r); $i++) {
$ext = preg_replace('/^.*\\./', '', $r[$i]['file']);
$r_cat = $wpdb->get_results("SELECT name FROM " . $wpdb->prefix . "sp_cu_cats where id = '" . $r[$i]['cid'] . "' ", ARRAY_A);
if ($r_cat[0]['name'] == '') {
$cat = stripslashes($r_cat[0]['name']);
} else {
$cat = '';
