function ajax($action)
{
define('DOING_AJAX', true);
if (empty($action)) {
return;
}
ini_set('html_errors', 0);
if (AJAXFLOW_NONCE) {
if (!wp_verify_nonce($action, $_REQUEST['_wpnonce'])) {
wp_die('Security check didn´t pass, please check _wpnonce!', AJAXFLOW_TAG);
}
}
$shortinit = apply_filters(AJAXFLOW_TAG . '_shortinit', false, $action);
if ($shortinit || isset($_REQUEST['shortinit']) && $_REQUEST['shortinit']) {
define('SHORTINIT', true);
}
require_once ABSPATH . '/wp-load.php';
header('Content-Type: text/html');
send_nosniff_header();
header('Cache-Control: no-cache');
header('Pragma: no-cache');
do_action(AJAXFLOW_TAG . '_shortinit_load');
if (is_user_logged_in()) {
do_action(AJAXFLOW_TAG . '_' . $action);
} else {
do_action(AJAXFLOW_TAG . '_nopriv_' . $action);
}
wp_die('Your ' . AJAXFLOW_TAG . ' call does not exists or exit is missing in action!', AJAXFLOW_TAG);
exit;
}
/**
* Update Headers for better security
*/
public static function send_headers($headers)
{
send_nosniff_header();
$headers['X-Frame-Options'] = 'SAMEORIGIN';
// http://engineeredweb.com/blog/2013/secure-site-clickjacking-x-frame-options/
$headers['X-XSS-Protection'] = '1; mode=block';
// https://kb.sucuri.net/warnings/hardening/headers-x-xss-protection
return $headers;
}
/**
* Send headers for WC Ajax Requests
* @since 2.5.0
*/
private static function wc_ajax_headers()
{
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
status_header(200);
}
function json_template_redirect()
{
// If this is not a request for json then bail
if (is_json_request()) {
// Set the appropriate header
header('Content-Type: application/json; charset=utf-8');
// Help prevent MIME-type confusion attacks in IE8+
send_nosniff_header();
}
return;
}
function essb_proccess_share_this_image()
{
$current_action = isset($_REQUEST['essb-image-share']) ? $_REQUEST['essb-image-share'] : '';
if ($current_action == "yes") {
define('DOING_AJAX', true);
send_nosniff_header();
header('Pragma: no-cache');
include_once ESSB3_PLUGIN_ROOT . 'lib/modules/social-image-share/essb-social-image-share-selected.php';
exit;
}
}
/**
* Redirect to a JSON representation of a post if the JSON query var is set.
*
* In order to power the SPA, a JSON representation of a post is needed. This function hooks into "template_redirect"
* and will use a JSON template to render a post when needed. Appending "?cspa-json=1" to a post or a post format
* archive will render the JSON template.
*
* @since 1.0.
*
* @return void
*/
function zt_json_template_redirect()
{
global $wp_query;
// If this is not a request for json then bail
if (!isset($wp_query->query_vars['zt-json']) || '1' !== $wp_query->query_vars['zt-json']) {
return;
}
// Set the appropriate header
header('Content-Type: application/json; charset=utf-8');
// Help prevent MIME-type confusion attacks in IE8+
send_nosniff_header();
// Render the template and stop execution
get_template_part('json', 'posts');
exit;
}
/**
* Hooked to the 'bbp_template_redirect' action, this is bbPress's custom
* theme-side ajax handler.
*
* @since 2.3.0 bbPress (r4543)
*
* @return If not a bbPress ajax request
*/
function bbp_do_ajax()
{
// Bail if not an ajax request
if (!bbp_is_ajax()) {
return;
}
// Set WordPress core ajax constant
define('DOING_AJAX', true);
// Set the header content type
@header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
// Disable content sniffing in browsers that support it
send_nosniff_header();
// Perform custom bbPress ajax
do_action('bbp_ajax_' . $_REQUEST['action']);
// All done
die('0');
}
/**
* Set BSR AJAX constant and headers.
* @access public
*/
public function define_ajax()
{
if (isset($_GET['bsr-ajax']) && !empty($_GET['bsr-ajax'])) {
// Define the WordPress "DOING_AJAX" constant.
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
// Prevent notices from breaking AJAX functionality.
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send the headers.
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}
public function endpoint()
{
global $wp_query;
if (!isset($wp_query->query_vars[$this->endpoint])) {
return;
}
do_action('cornerstone_before_endpoint');
send_origin_headers();
if (empty($_REQUEST['action'])) {
die('0');
}
@header('X-Robots-Tag: noindex');
@header('Cornerstone: true');
send_nosniff_header();
nocache_headers();
$action = is_user_logged_in() ? 'cornerstone_endpoint_' : 'cornerstone_endpoint_nopriv_';
do_action($action . $_REQUEST['action']);
die('0');
}
/**
* Handles AJAX response
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$theme_my_login = Theme_My_Login::get_object();
if (Theme_My_Login::is_tml_page() && isset($_GET['ajax'])) {
define('DOING_AJAX', true);
$instance =& $theme_my_login->get_instance();
$instance->set_option('default_action', !empty($theme_my_login->request_action) ? $theme_my_login->request_action : 'login');
$instance->set_option('gravatar_size', 75);
$instance->set_option('before_title', '<h2>');
$instance->set_option('after_title', '</h2>');
$data = $instance->display();
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
$x = new WP_Ajax_Response(array('what' => 'login', 'action' => $theme_my_login->request_action, 'data' => $theme_my_login->errors->get_error_code() ? $theme_my_login->errors : $data, 'supplemental' => array('html' => $data, 'success' => is_user_logged_in())));
$x->send();
exit;
}
}
/**
* Set WC AJAX constant and headers.
*/
public static function define_ajax()
{
if (!empty($_GET['wc-ajax'])) {
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
if (!defined('WC_DOING_AJAX')) {
define('WC_DOING_AJAX', true);
}
// Turn off display_errors during AJAX events to prevent malformed JSON
if (!WP_DEBUG || WP_DEBUG && !WP_DEBUG_DISPLAY) {
@ini_set('display_errors', 0);
}
// Send headers like admin-ajax.php
send_origin_headers();
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
@header('X-Robots-Tag: noindex');
send_nosniff_header();
nocache_headers();
}
}
public static function upload()
{
GFCommon::log_debug('GFAsyncUpload::upload(): Starting.');
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
status_header(404);
die;
}
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
nocache_headers();
status_header(200);
// If the file is bigger than the server can accept then the form_id might not arrive.
// This might happen if the file is bigger than the max post size ini setting.
// Validation in the browser reduces the risk of this happening.
if (!isset($_REQUEST['form_id'])) {
GFCommon::log_debug('GFAsyncUpload::upload(): File upload aborted because the form_id was not found. The file may have been bigger than the max post size ini setting.');
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
$form_id = absint($_REQUEST['form_id']);
$form_unique_id = rgpost('gform_unique_id');
$form = GFAPI::get_form($form_id);
if (empty($form) || !$form['is_active']) {
die;
}
if (rgar($form, 'requireLogin')) {
if (!is_user_logged_in()) {
die;
}
check_admin_referer('gform_file_upload_' . $form_id, '_gform_file_upload_nonce_' . $form_id);
}
if (!ctype_alnum($form_unique_id)) {
die;
}
$target_dir = GFFormsModel::get_upload_path($form_id) . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR;
if (!is_dir($target_dir)) {
if (!wp_mkdir_p($target_dir)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Couldn't create the tmp folder: " . $target_dir);
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
}
$time = current_time('mysql');
$y = substr($time, 0, 4);
$m = substr($time, 5, 2);
//adding index.html files to all subfolders
if (!file_exists(GFFormsModel::get_upload_root() . '/index.html')) {
GFForms::add_security_files();
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . '/index.html')) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id));
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . "/{$y}/index.html")) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}");
} else {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}/{$m}");
}
}
}
if (!file_exists($target_dir . '/index.html')) {
GFCommon::recursive_add_index_file($target_dir);
}
$uploaded_filename = $_FILES['file']['name'];
$file_name = isset($_REQUEST['name']) ? $_REQUEST['name'] : '';
$field_id = rgpost('field_id');
$field_id = absint($field_id);
$field = GFFormsModel::get_field($form, $field_id);
if (empty($field) || GFFormsModel::get_input_type($field) != 'fileupload') {
die;
}
$file_name = sanitize_file_name($file_name);
$uploaded_filename = sanitize_file_name($uploaded_filename);
$allowed_extensions = !empty($field->allowedExtensions) ? GFCommon::clean_extensions(explode(',', strtolower($field->allowedExtensions))) : array();
$max_upload_size_in_bytes = $field->maxFileSize > 0 ? $field->maxFileSize * 1048576 : wp_max_upload_size();
$max_upload_size_in_mb = $max_upload_size_in_bytes / 1048576;
if ($_FILES['file']['size'] > 0 && $_FILES['file']['size'] > $max_upload_size_in_bytes) {
self::die_error(104, sprintf(__('File exceeds size limit. Maximum file size: %dMB', 'gravityforms'), $max_upload_size_in_mb));
}
if (GFCommon::file_name_has_disallowed_extension($file_name) || GFCommon::file_name_has_disallowed_extension($uploaded_filename)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Illegal file extension: {$file_name}");
self::die_error(104, __('The uploaded file type is not allowed.', 'gravityforms'));
}
if (!empty($allowed_extensions)) {
if (!GFCommon::match_file_extension($file_name, $allowed_extensions) || !GFCommon::match_file_extension($uploaded_filename, $allowed_extensions)) {
GFCommon::log_debug("GFAsyncUpload::upload(): The uploaded file type is not allowed: {$file_name}");
self::die_error(104, sprintf(__('The uploaded file type is not allowed. Must be one of the following: %s', 'gravityforms'), strtolower($field['allowedExtensions'])));
}
}
$whitelisting_disabled = apply_filters('gform_file_upload_whitelisting_disabled', false);
if (empty($allowed_extensions) && !$whitelisting_disabled) {
// Whitelist the file type
$valid_uploaded_filename = GFCommon::check_type_and_ext($_FILES['file'], $uploaded_filename);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_uploaded_filename->get_error_code(), $valid_uploaded_filename->get_error_message());
}
$valid_file_name = GFCommon::check_type_and_ext($_FILES['file'], $file_name);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_file_name->get_error_code(), $valid_file_name->get_error_message());
}
}
$tmp_file_name = $form_unique_id . '_input_' . $field_id . '_' . $file_name;
$tmp_file_name = sanitize_file_name($tmp_file_name);
$file_path = $target_dir . $tmp_file_name;
$cleanup_target_dir = true;
// Remove old files
$max_file_age = 5 * 3600;
// Temp file age in seconds
// Remove old temp files
if ($cleanup_target_dir) {
if (is_dir($target_dir) && ($dir = opendir($target_dir))) {
while (($file = readdir($dir)) !== false) {
$tmp_file_path = $target_dir . $file;
// Remove temp file if it is older than the max age and is not the current file
if (preg_match('/\\.part$/', $file) && filemtime($tmp_file_path) < time() - $max_file_age && $tmp_file_path != "{$file_path}.part") {
GFCommon::log_debug('GFAsyncUpload::upload(): Deleting file: ' . $tmp_file_path);
@unlink($tmp_file_path);
}
}
closedir($dir);
} else {
GFCommon::log_debug('GFAsyncUpload::upload(): Failed to open temp directory: ' . $target_dir);
self::die_error(100, __('Failed to open temp directory.', 'gravityforms'));
}
}
if (isset($_SERVER['HTTP_CONTENT_TYPE'])) {
$contentType = $_SERVER['HTTP_CONTENT_TYPE'];
}
if (isset($_SERVER['CONTENT_TYPE'])) {
$contentType = $_SERVER['CONTENT_TYPE'];
}
$chunk = isset($_REQUEST['chunk']) ? intval($_REQUEST['chunk']) : 0;
$chunks = isset($_REQUEST['chunks']) ? intval($_REQUEST['chunks']) : 0;
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if (strpos($contentType, 'multipart') !== false) {
if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file
$out = @fopen("{$file_path}.part", $chunk == 0 ? 'wb' : 'ab');
if ($out) {
// Read binary input stream and append it to temp file
$in = @fopen($_FILES['file']['tmp_name'], 'rb');
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
self::die_error(101, __('Failed to open input stream.', 'gravityforms'));
}
@fclose($in);
@fclose($out);
@unlink($_FILES['file']['tmp_name']);
} else {
self::die_error(102, __('Failed to open output stream.', 'gravityforms'));
}
} else {
self::die_error(103, __('Failed to move uploaded file.', 'gravityforms'));
}
} else {
// Open temp file
$out = @fopen("{$file_path}.part", $chunk == 0 ? 'wb' : 'ab');
if ($out) {
// Read binary input stream and append it to temp file
$in = @fopen('php://input', 'rb');
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
self::die_error(101, __('Failed to open input stream.', 'gravityforms'));
}
@fclose($in);
@fclose($out);
} else {
self::die_error(102, __('Failed to open output stream.', 'gravityforms'));
}
}
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
// Strip the temp .part suffix off
rename("{$file_path}.part", $file_path);
}
if (file_exists($file_path)) {
GFFormsModel::set_permissions($file_path);
} else {
self::die_error(105, __('Upload unsuccessful', 'gravityforms') . ' ' . $uploaded_filename);
}
$output = array('status' => 'ok', 'data' => array('temp_filename' => $tmp_file_name, 'uploaded_filename' => str_replace("\\'", "'", urldecode($uploaded_filename))));
$output = json_encode($output);
GFCommon::log_debug(sprintf('GFAsyncUpload::upload(): File upload complete. temp_filename: %s uploaded_filename: %s ', $tmp_file_name, $uploaded_filename));
gf_do_action('gform_post_multifile_upload', $form['id'], $form, $field, $uploaded_filename, $tmp_file_name, $file_path);
die($output);
}
/**
* Sets various HTTP headers related to Content-Type and browser caching.
*
* Most of this class method is derived from {@link WP::send_headers()}.
*
* @since 1.9.0
*/
protected function http_headers()
{
// Set up some additional headers if not on a directory page
// this is done b/c BP uses pseudo-pages.
if (!bp_is_directory()) {
global $wp_query;
$wp_query->is_404 = false;
status_header(200);
}
// Set content-type.
@header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
send_nosniff_header();
// Cache-related variables.
$last_modified = mysql2date('D, d M Y H:i:s O', bp_activity_get_last_updated(), false);
$modified_timestamp = strtotime($last_modified);
$etag = md5($last_modified);
// Set cache-related headers.
@header('Last-Modified: ' . $last_modified);
@header('Pragma: no-cache');
@header('ETag: ' . '"' . $etag . '"');
// First commit of BuddyPress! (Easter egg).
@header('Expires: Tue, 25 Mar 2008 17:13:55 GMT');
// Get ETag from supported user agents.
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
$client_etag = wp_unslash($_SERVER['HTTP_IF_NONE_MATCH']);
// Remove quotes from ETag.
$client_etag = trim($client_etag, '"');
// Strip suffixes from ETag if they exist (eg. "-gzip").
$etag_suffix_pos = strpos($client_etag, '-');
if (!empty($etag_suffix_pos)) {
$client_etag = substr($client_etag, 0, $etag_suffix_pos);
}
// No ETag found.
} else {
$client_etag = false;
}
// Get client last modified timestamp from supported user agents.
$client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
// Set 304 status if feed hasn't been updated since last fetch.
if ($client_last_modified && $client_etag ? $client_modified_timestamp >= $modified_timestamp && $client_etag == $etag : $client_modified_timestamp >= $modified_timestamp || $client_etag == $etag) {
$status = 304;
} else {
$status = false;
}
// If feed hasn't changed as reported by the user agent, set 304 status header.
if (!empty($status)) {
status_header($status);
// Cached response, so stop now!
if ($status == 304) {
exit;
}
}
}
/**
* Generate and output ajax response for related posts API call.
* NOTE: Calls exit() to end all further processing after payload has been outputed.
*
* @param array $excludes array of post_ids to exclude
* @uses send_nosniff_header, self::get_for_post_id, get_the_ID
* @return null
*/
protected function _action_frontend_init_ajax(array $excludes)
{
define('DOING_AJAX', true);
header('Content-type: application/json; charset=utf-8');
// JSON can only be UTF-8
send_nosniff_header();
$related_posts = $this->get_for_post_id(get_the_ID(), array('exclude_post_ids' => $excludes));
$options = $this->get_options();
$response = array('version' => self::VERSION, 'show_thumbnails' => (bool) $options['show_thumbnails'], 'items' => array());
if (count($related_posts) == $options['size']) {
$response['items'] = $related_posts;
}
echo json_encode($response);
exit;
}
/**
* Our own Ajax response, avoiding calling admin-ajax
*/
function ajax_response()
{
// Only proceed if the url query has a key of "Infinity"
if (!self::got_infinity()) {
return false;
}
// This should already be defined below, but make sure.
if (!defined('DOING_AJAX')) {
define('DOING_AJAX', true);
}
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
/**
* Fires at the end of the Infinite Scroll Ajax response.
*
* @module infinite-scroll
*
* @since 2.0.0
*/
do_action('custom_ajax_infinite_scroll');
die('0');
}
function gmedia_import_handler()
{
global $wpdb, $gmCore, $gmDB;
ini_set('max_execution_time', 600);
// HTTP headers for no cache etc
send_nosniff_header();
//send_origin_headers();
nocache_headers();
check_admin_referer('GmediaImport');
if (!current_user_can('gmedia_import')) {
wp_die(__('You do not have permission to upload files.'));
}
// 10 minutes execution time
@set_time_limit(10 * 60);
// fake upload time
usleep(10);
$import = $gmCore->_post('import');
$terms = $gmCore->_post('terms', array());
if (ob_get_level() == 0) {
ob_start();
}
echo str_pad(' ', 4096) . PHP_EOL;
wp_ob_end_flush_all();
flush();
?>
<html>
<style type="text/css">
* { margin:0; padding:0; }
pre { display:block; }
p { padding:10px 0; font-size:14px; }
.ok { color:darkgreen; }
.ko { color:darkred; }
</style>
<body>
<?php
if ('import-folder' == $import || isset($_POST['import-folder'])) {
$path = $gmCore->_post('path');
echo '<h4 style="margin: 0 0 10px">' . __('Import Server Folder') . " `{$path}`:</h4>" . PHP_EOL;
if ($path) {
$path = trim(urldecode($path), '/');
if (!empty($path)) {
$fullpath = ABSPATH . trailingslashit($path);
$files = glob($fullpath . '?*.?*', GLOB_NOSORT);
if (!empty($files)) {
$allowed_ext = get_allowed_mime_types();
$allowed_ext = array_keys($allowed_ext);
$allowed_ext = implode('|', $allowed_ext);
$allowed_ext = explode('|', $allowed_ext);
if (GMEDIA_UPLOAD_FOLDER == basename(dirname(dirname($path))) || GMEDIA_UPLOAD_FOLDER == basename(dirname($path))) {
global $wpdb;
$gmedias = $wpdb->get_col("SELECT gmuid FROM {$wpdb->prefix}gmedia");
foreach ($files as $i => $filepath) {
$gmuid = basename($filepath);
if (in_array($gmuid, $gmedias)) {
$fileinfo = $gmCore->fileinfo($gmuid, false);
if (!('image' == $fileinfo['dirname'] && !is_file($fileinfo['filepath']))) {
unset($files[$i]);
}
}
}
$move = false;
$exists = false;
} else {
$move = $gmCore->_post('delete_source');
$exists = $gmCore->_post('skip_exists', 0);
}
foreach ($files as $i => $filepath) {
$ext = pathinfo($filepath, PATHINFO_EXTENSION);
if (!in_array(strtolower($ext), $allowed_ext)) {
unset($files[$i]);
}
}
$gmCore->gmedia_import_files($files, $terms, $move, $exists);
} else {
echo sprintf(__('Folder `%s` is empty', 'grand-media'), $path) . PHP_EOL;
}
} else {
echo __('No folder chosen', 'grand-media') . PHP_EOL;
}
}
} elseif ('import-flagallery' == $import || isset($_POST['import-flagallery'])) {
echo '<h4 style="margin: 0 0 10px">' . __('Import from Flagallery plugin') . ":</h4>" . PHP_EOL;
$gallery = $gmCore->_post('gallery');
if (!empty($gallery)) {
$album = !isset($terms['gmedia_album']) || empty($terms['gmedia_album']) ? false : true;
foreach ($gallery as $gid) {
$flag_gallery = $wpdb->get_row($wpdb->prepare("SELECT gid, path, title, galdesc FROM {$wpdb->prefix}flag_gallery WHERE gid = %d", $gid), ARRAY_A);
if (empty($flag_gallery)) {
continue;
}
if (!$album) {
$terms['gmedia_album'] = $flag_gallery['title'];
if ($gmCore->is_digit($terms['gmedia_album'])) {
$terms['gmedia_album'] = 'a' . $terms['gmedia_album'];
}
if (!$gmDB->term_exists($terms['gmedia_album'], 'gmedia_album')) {
$term_id = $gmDB->insert_term($terms['gmedia_album'], 'gmedia_album', array('description' => htmlspecialchars_decode(stripslashes($flag_gallery['galdesc']))));
}
}
$path = ABSPATH . trailingslashit($flag_gallery['path']);
echo '<h5 style="margin: 10px 0 5px">' . sprintf(__('Import `%s` gallery', 'grand-media'), $flag_gallery['title']) . ":</h5>" . PHP_EOL;
$flag_pictures = $wpdb->get_results($wpdb->prepare("SELECT CONCAT('%s', filename) AS file, description, alttext AS title, link FROM {$wpdb->prefix}flag_pictures WHERE galleryid = %d", $path, $flag_gallery['gid']), ARRAY_A);
if (empty($flag_pictures)) {
echo '<pre>' . __('gallery contains 0 images', 'grand-media') . '</pre>';
continue;
}
$exists = $gmCore->_post('skip_exists', 0);
//echo '<pre>'.print_r($flag_pictures, true).'</pre>';
$gmCore->gmedia_import_files($flag_pictures, $terms, false, $exists);
}
} else {
echo __('No gallery chosen', 'grand-media') . PHP_EOL;
}
} elseif ('import-nextgen' == $import || isset($_POST['import-nextgen'])) {
echo '<h4 style="margin: 0 0 10px">' . __('Import from NextGen plugin') . ":</h4>" . PHP_EOL;
$gallery = $gmCore->_post('gallery');
if (!empty($gallery)) {
$album = !isset($terms['gmedia_album']) || empty($terms['gmedia_album']) ? false : true;
foreach ($gallery as $gid) {
$ngg_gallery = $wpdb->get_row($wpdb->prepare("SELECT gid, path, title, galdesc FROM {$wpdb->prefix}ngg_gallery WHERE gid = %d", $gid), ARRAY_A);
if (empty($ngg_gallery)) {
continue;
}
if (!$album) {
$terms['gmedia_album'] = $ngg_gallery['title'];
if ($gmCore->is_digit($terms['gmedia_album'])) {
$terms['gmedia_album'] = 'a' . $ngg_gallery['title'];
}
if (!$gmDB->term_exists($terms['gmedia_album'], 'gmedia_album')) {
$term_id = $gmDB->insert_term($terms['gmedia_album'], 'gmedia_album', array('description' => htmlspecialchars_decode(stripslashes($ngg_gallery['galdesc']))));
}
}
$path = ABSPATH . trailingslashit($ngg_gallery['path']);
echo '<h5 style="margin: 10px 0 5px">' . sprintf(__('Import `%s` gallery', 'grand-media'), $ngg_gallery['title']) . ":</h5>" . PHP_EOL;
$ngg_pictures = $wpdb->get_results($wpdb->prepare("SELECT CONCAT('%s', filename) AS file, description, alttext AS title FROM {$wpdb->prefix}ngg_pictures WHERE galleryid = %d", $path, $ngg_gallery['gid']), ARRAY_A);
if (empty($ngg_pictures)) {
echo '<pre>' . __('gallery contains 0 images', 'grand-media') . '</pre>';
continue;
}
$exists = $gmCore->_post('skip_exists', 0);
$gmCore->gmedia_import_files($ngg_pictures, $terms, false, $exists);
}
} else {
echo __('No gallery chosen', 'grand-media') . PHP_EOL;
}
} elseif ('import-wpmedia' == $import || isset($_POST['import-wpmedia'])) {
echo '<h4 style="margin: 0 0 10px">' . __('Import from WP Media Library') . ":</h4>" . PHP_EOL;
$wpMediaLib = $gmDB->get_wp_media_lib(array('filter' => 'selected', 'selected' => $gmCore->_post('selected')));
if (!empty($wpMediaLib)) {
$wp_media = array();
foreach ($wpMediaLib as $item) {
$wp_media[] = array('file' => get_attached_file($item->ID), 'title' => $item->post_title, 'description' => $item->post_content);
}
$exists = $gmCore->_post('skip_exists', 0);
//echo '<pre>' . print_r($wp_media, true) . '</pre>';
$gmCore->gmedia_import_files($wp_media, $terms, false, $exists);
} else {
echo __('No items chosen', 'grand-media') . PHP_EOL;
}
}
?>
</body>
</html>
<?php
wp_ob_end_flush_all();
die;
}
/**
* Send a HTTP header to disable content type sniffing in browsers which
* support it. This prevents browsers from attempting to determine a mime
* type automatically, and forces rendering in the mime type provided by
* the server.
*
* @return void
*/
public function enableNoSniff()
{
if (!headers_sent()) {
send_nosniff_header();
}
}
/**
* Tap into the filter to use data from a readme.txt file
*
* @since 2.4
* @see EDD_Software_Licensing::get_latest_version_remote()
* @param array $original_response License response array
* @param WP_Post $download Post object of the Download item
* @return array Modified array, if readme exists. Otherwise, original array is returned.
*/
function edd_sl_readme_modify_license_response($response = array(), $download = NULL)
{
if (is_admin() || defined('DOING_AJAX')) {
// Prevent errors and send headers
ini_set('display_errors', 0);
ini_set('log_errors', 1);
error_reporting(0);
define('DOING_AJAX', true);
@header('Content-type: text/plain');
@send_nosniff_header();
}
// Get the URL to use in the WP.org validator
$readme_url = get_post_meta($download->ID, '_edd_readme_location', true);
// If the URL doesn't exist, get outta here.
if (empty($readme_url)) {
return $response;
}
// Fetch the cached/fresh readme data
$readme = _edd_sl_get_readme_data($readme_url, $download->ID);
// The readme didn't exist or process. Return existing response.
if (empty($readme)) {
return $response;
}
// Modify the homepage linked to in the Update Notice
$response['homepage'] = edd_sl_readme_get_download_homepage($download->ID);
// Set the slug
$response['new_version'] = edd_software_licensing()->get_latest_version($download->ID);
// The original response sections
$response['sections'] = maybe_unserialize(@$response['sections']);
// Get the override readme sections settings
if ($readme_sections = get_post_meta($download->ID, '_edd_readme_sections', true)) {
// We loop through the settings sections and make overwrite the
// existing sections with the custom readme.txt sections.
foreach ((array) $readme_sections as $section) {
$response['sections'][$section] = $readme['sections']["{$section}"];
}
}
if (!empty($readme['tested_up_to'])) {
$response['tested'] = $readme['tested_up_to'];
}
// Reserialize it
$response['sections'] = serialize($response['sections']);
// Get the override readme meta settings
if ($readme_meta = get_post_meta($download->ID, '_edd_readme_meta', true)) {
// We loop through the settings sections and make overwrite the
// existing sections with the custom readme.txt sections.
foreach ((array) $readme_meta as $meta) {
$response[$meta] = $readme["{$meta}"];
}
}
if (get_post_meta($download->ID, '_edd_readme_plugin_added', true)) {
$response['added'] = date('Y-m-d', strtotime($download->post_date_gmt));
}
if (get_post_meta($download->ID, '_edd_readme_plugin_last_updated', true)) {
$response['last_updated'] = apply_filters('edd_sl_readme_last_updated', human_time_diff(strtotime($download->post_modified_gmt), current_time('timestamp', 1)) . ' ago', $download);
}
// Remove empty items
$response = array_filter($response);
// Filter this if you want to.
return apply_filters('edd_sl_license_readme_response', $response, $download, $readme);
}
/**
* File headers
*
* @access private
* @param string $filename
* @return void
*/
private function csv_header($filename)
{
send_nosniff_header();
nocache_headers();
@header('Content-Type: application/csv; charset=' . get_option('blog_charset'), true);
@header('Content-Type: application/force-download');
@header('Content-Description: File Transfer');
@header('Content-Disposition: attachment; filename=' . $filename);
}
public function ajax_download_export_file()
{
$this->ajax_nonce('not allowed');
$folder = MYMAIL_UPLOAD_DIR;
$file = $folder . '/' . $_REQUEST['file'];
if (!file_exists($file)) {
die('not found');
}
$format = $_REQUEST['format'];
$filename = basename($file);
send_nosniff_header();
nocache_headers();
switch ($format) {
case 'html':
header('Content-Type: text/html; name="' . $filename . '.html"');
break;
case 'csv':
header('Content-Type: text/csv; name="' . $filename . '.csv"');
header('Content-Transfer-Encoding: binary');
break;
default:
die('format not allowed');
}
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
header('Connection: close');
if ($format == 'html') {
echo '<table>';
}
readfile($file);
if ($format == 'html') {
echo '</table>';
}
mymail_require_filesystem();
global $wp_filesystem;
$wp_filesystem->delete($file);
exit;
}
/**
* Get AJAX ready by defining AJAX constants and sending proper headers.
* @param string $content_type Type of content to be set in header.
* @param boolean $cache Do you want to cache the results?
*/
function do_ajax($content_type = 'text/plain', $cache = false)
{
// If it's already been defined, that means we don't need to do it again.
if (defined('IDX_AJAX_IS_SETUP')) {
return;
} else {
define('IDX_AJAX_IS_SETUP', true);
}
if (!defined('ZP_NO_REDIRECT')) {
define('ZP_NO_REDIRECT', true);
}
if (!defined('ZP_NO_REDIRECT')) {
define('DOING_AJAX', true);
}
send_nosniff_header();
@header('Content-Type: ' . $content_type . ';');
@header('Accept-Encoding: gzip, deflate');
if ($cache) {
header('Cache-Control: public, store, post-check=10000000, pre-check=100000;');
header('Expires: Thu, 15 Apr 2030 20:00:00 GMT;');
header('Vary: Accept-Encoding');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", strtotime('-2 months')) . " GMT");
}
@header('Status Code: 200 OK;');
@header('X-Robots-Tag:noindex;');
}
<?php
/**
* Handle default dashboard widgets options AJAX.
*
* @package WordPress
* @subpackage Administration
*/
define('DOING_AJAX', true);
/** Load WordPress Bootstrap */
require_once './admin.php';
/** Load WordPress Administration Dashboard API */
require ABSPATH . 'wp-admin/includes/dashboard.php';
@header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
send_nosniff_header();
switch ($_GET['jax']) {
case 'dashboard_incoming_links':
wp_dashboard_incoming_links();
break;
case 'dashboard_primary':
wp_dashboard_primary();
break;
case 'dashboard_secondary':
wp_dashboard_secondary();
break;
case 'dashboard_plugins':
wp_dashboard_plugins();
break;
}
function essb_proccess_light_ajax()
{
$current_action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ($current_action == "essb_counts") {
define('DOING_AJAX', true);
send_nosniff_header();
header('content-type: application/json');
header('Cache-Control: no-cache');
header('Pragma: no-cache');
if (is_user_logged_in()) {
do_action('wp_ajax_essb_counts');
} else {
do_action('wp_ajax_nopriv_essb_counts');
}
exit;
}
}
function ajax_request()
{
// exit if robot
$bot = 'bot';
$bot2 = 'Yandex|Googlebot|slurp|yahoo|Teoma|Scooter|ia_archiver|Lycos|Rambler|Mail.Ru|Aport|WebAlta|ezooms|nigma|bingbot|Twitterbot';
$bot3 = 'Gigabot|trendictionbot|msnbot|jeeves|webcrawler|turnitinbot|technorati|findexa|findlinks|gaisbo|zyborg|surveybot|bloglines|blogsearch|pubsub|syndic8|userland|become.com';
if (preg_match("~{$bot}|{$bot2}~i", $_SERVER['HTTP_USER_AGENT'])) {
exit('bot');
}
// path to wp-load.php
$wp_load_file = $_SERVER['DOCUMENT_ROOT'] . '/core/wp-load.php';
// подраздел куда установлен WP
if (!file_exists($wp_load_file)) {
$wp_load_file = $_SERVER['DOCUMENT_ROOT'] . '/wordpress/wp-load.php';
}
if (!file_exists($wp_load_file)) {
$wp_load_file = $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php';
}
global $wpdb;
// WP load
define('SHORTINIT', true);
include_once $wp_load_file;
send_nosniff_header();
nocache_headers();
@header('Content-Type: text/html; charset=UTF-8');
@header('X-Robots-Tag: noindex');
$meta_id = intval($_POST['id']);
if (empty($meta_id)) {
exit('no meta_id');
}
// поле должно уже существовать
if ($wpdb->query("UPDATE {$wpdb->postmeta} SET meta_value = meta_value+1 WHERE meta_id={$meta_id}")) {
exit((string) $wpdb->get_var("SELECT meta_value FROM {$wpdb->postmeta} WHERE meta_id={$meta_id}"));
}
exit('0');
}
/**
* Handle an async upload.
*
* Triggers on `async-upload.php?action=wxr-import-upload` to handle
* Plupload requests from the importer.
*/
public function handle_async_upload()
{
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
nocache_headers();
check_ajax_referer('wxr-import-upload');
/*
* This function does not use wp_send_json_success() / wp_send_json_error()
* as the html4 Plupload handler requires a text/html content-type for older IE.
* See https://core.trac.wordpress.org/ticket/31037
*/
if (!current_user_can('upload_files')) {
echo wp_json_encode(array('success' => false, 'data' => array('message' => __('You do not have permission to upload files.'), 'filename' => $_FILES['import']['name'])));
exit;
}
$file = wp_import_handle_upload();
if (is_wp_error($file)) {
echo wp_json_encode(array('success' => false, 'data' => array('message' => $file->get_error_message(), 'filename' => $_FILES['import']['name'])));
wp_die();
}
$attachment = wp_prepare_attachment_for_js($file['id']);
if (!$attachment) {
exit;
}
echo wp_json_encode(array('success' => true, 'data' => $attachment));
exit;
}
public static function upload()
{
GFCommon::log_debug("GFAsyncUpload::upload() - Starting");
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
nocache_headers();
status_header(200);
// If the file is bigger than the server can accept then the form_id might not arrive.
// This might happen if the file is bigger than the max post size ini setting.
// Validation in the browser reduces the risk of this happening.
if (!isset($_REQUEST["form_id"])) {
GFCommon::log_debug("GFAsyncUpload::upload() - File upload aborted because the form_id was not found. The file may have been bigger than the max post size ini setting.");
die('{"status" : "error", "error" : {"code": 500, "message": "' . __("Failed to upload file.", "gravityforms") . '"}}');
}
$form_id = $_REQUEST["form_id"];
$form_unique_id = rgpost("gform_unique_id");
$form = GFFormsModel::get_form_meta($form_id);
$target_dir = GFFormsModel::get_upload_path($form_id) . DIRECTORY_SEPARATOR . "tmp" . DIRECTORY_SEPARATOR;
wp_mkdir_p($target_dir);
$cleanup_target_dir = true;
// Remove old files
$maxFileAge = 5 * 3600;
// Temp file age in seconds
// Chunking is not currently implemented in the front-end because it's not widely supported. The code is left here for when browsers catch up.
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$file_name = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$field_id = rgpost("field_id");
$field = GFFormsModel::get_field($form, $field_id);
// Clean the fileName for security reasons
$file_name = preg_replace('/[^\\w\\._]+/', '_', $file_name);
$ext_pos = strrpos($file_name, '.');
$extension = strtolower(substr($file_name, $ext_pos + 1));
$allowed_extensions = isset($field["allowedExtensions"]) && !empty($field["allowedExtensions"]) ? GFCommon::clean_extensions(explode(",", strtolower($field["allowedExtensions"]))) : array();
$disallowed_extensions = GFCommon::get_disallowed_file_extensions();
if (empty($field["allowedExtensions"]) && in_array($extension, $disallowed_extensions)) {
GFCommon::log_debug("GFAsyncUpload::upload() - illegal file extension: {$file_name})");
die('{"status" : "error", "error" : {"code": 104, "message": "' . __("The uploaded file type is not allowed.", "gravityforms") . '"}}');
} elseif (!empty($allowed_extensions) && !in_array($extension, $allowed_extensions)) {
GFCommon::log_debug("GFAsyncUpload::upload() - The uploaded file type is not allowed: {$file_name})");
die('{"status" : "error", "error" : {"code": 104, "message": "' . sprintf(__("The uploaded file type is not allowed. Must be one of the following: %s", "gravityforms"), strtolower($field["allowedExtensions"])) . '"}}');
}
$tmp_file_name = $form_unique_id . "_input_" . $field_id . "_" . $file_name;
$file_path = $target_dir . $tmp_file_name;
// Remove old temp files
if ($cleanup_target_dir) {
if (is_dir($target_dir) && ($dir = opendir($target_dir))) {
while (($file = readdir($dir)) !== false) {
$tmp_file_path = $target_dir . $file;
// Remove temp file if it is older than the max age and is not the current file
if (preg_match('/\\.part$/', $file) && filemtime($tmp_file_path) < time() - $maxFileAge && $tmp_file_path != "{$file_path}.part") {
GFCommon::log_debug("GFAsyncUpload::upload() - Deleting file: " . $tmp_file_path);
@unlink($tmp_file_path);
}
}
closedir($dir);
} else {
GFCommon::log_debug("GFAsyncUpload::upload() - Failed to open temp directory: " . $target_dir);
die('{"status" : "error", "error" : {"code": 100, "message": "' . __("Failed to open temp directory.", "gravityforms") . '"}}');
}
}
// Look for the content type header
if (isset($_SERVER["HTTP_CONTENT_TYPE"])) {
$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
}
if (isset($_SERVER["CONTENT_TYPE"])) {
$contentType = $_SERVER["CONTENT_TYPE"];
}
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if (strpos($contentType, "multipart") !== false) {
if (isset($_FILES["file"]['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file
$out = @fopen("{$file_path}.part", $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = @fopen($_FILES["file"]['tmp_name'], "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
die('{"status" : "error", "error" : {"code": 101, "message": "' . __("Failed to open input stream.", "gravityforms") . '"}}');
}
@fclose($in);
@fclose($out);
@unlink($_FILES["file"]['tmp_name']);
} else {
die('{"status" : "error", "error" : {"code": 102, "message": "' . __("Failed to open output stream.", "gravityforms") . '"}}');
}
} else {
die('{"status" : "error", "error" : {"code": 103, "message": "' . __("Failed to move uploaded file.", "gravityforms") . '"}}');
}
} else {
// Open temp file
$out = @fopen("{$file_path}.part", $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = @fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
die('{"status" : "error", "error" : {"code": 101, "message": "' . __("Failed to open input stream.", "gravityforms") . '"}}');
}
@fclose($in);
@fclose($out);
} else {
die('{"status" : "error", "error" : {"code": 102, "message": "' . __("Failed to open output stream.", "gravityforms") . '"}}');
}
}
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) {
// Strip the temp .part suffix off
rename("{$file_path}.part", $file_path);
}
$uploaded_filename = $_FILES["file"]["name"];
$output = '{"status" : "ok", "data" : {"temp_filename" : "' . $tmp_file_name . '", "uploaded_filename" : "' . $uploaded_filename . '"}}';
GFCommon::log_debug(sprintf("GFAsyncUpload::upload() - File upload complete. temp_filename: %s uploaded_filename: %s ", $tmp_file_name, $uploaded_filename));
die($output);
}
/**
* AJAX chunk receiver.
* Ajax callback for plupload to handle chunked uploads.
* Based on code by Davit Barbakadze
* https://gist.github.com/jayarjo/5846636
*
* @since 1.2.0
*/
public function ajax_chunk_receiver()
{
/** Check that we have an upload and there are no errors. */
if (empty($_FILES) || $_FILES['async-upload']['error']) {
/** Failed to move uploaded file. */
die;
}
/** Authenticate user. */
if (!is_user_logged_in() || !current_user_can('upload_files')) {
die;
}
check_admin_referer('media-form');
/** Check and get file chunks. */
$chunk = isset($_REQUEST['chunk']) ? intval($_REQUEST['chunk']) : 0;
$chunks = isset($_REQUEST['chunks']) ? intval($_REQUEST['chunks']) : 0;
/** Get file name and path + name. */
$fileName = isset($_REQUEST['name']) ? $_REQUEST['name'] : $_FILES['async-upload']['name'];
$filePath = dirname($_FILES['async-upload']['tmp_name']) . '/' . md5($fileName);
$tuxbfu_max_upload_size = intval(get_option('tuxbfu_max_upload_size', 0) * 1048576);
if ($tuxbfu_max_upload_size < 0) {
$tuxbfu_max_upload_size = 0;
}
if ($tuxbfu_max_upload_size > 0 && file_exists("{$filePath}.part") && filesize("{$filePath}.part") + filesize($_FILES['async-upload']['tmp_name']) > $tuxbfu_max_upload_size) {
if (!$chunks || $chunk == $chunks - 1) {
@unlink("{$filePath}.part");
if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) {
echo wp_json_encode(array('success' => false, 'data' => array('message' => __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads'), 'filename' => $_FILES['async-upload']['name'])));
wp_die();
} else {
echo '<div class="error-div error">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>
<strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '<br />' . __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads') . '</strong><br />' . esc_html($id->get_error_message()) . '</div>';
}
}
die;
}
/** Open temp file. */
$out = @fopen("{$filePath}.part", $chunk == 0 ? 'wb' : 'ab');
if ($out) {
/** Read binary input stream and append it to temp file. */
$in = @fopen($_FILES['async-upload']['tmp_name'], 'rb');
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
/** Failed to open input stream. */
/** Attempt to clean up unfinished output. */
@fclose($out);
@unlink("{$filePath}.part");
die;
}
@fclose($in);
@fclose($out);
@unlink($_FILES['async-upload']['tmp_name']);
} else {
/** Failed to open output stream. */
die;
}
/** Check if file has finished uploading all parts. */
if (!$chunks || $chunk == $chunks - 1) {
/** Recreate upload in $_FILES global and pass off to WordPress. */
rename("{$filePath}.part", $_FILES['async-upload']['tmp_name']);
$_FILES['async-upload']['name'] = $fileName;
$_FILES['async-upload']['size'] = filesize($_FILES['async-upload']['tmp_name']);
$_FILES['async-upload']['type'] = $this->get_mime_content_type($_FILES['async-upload']['tmp_name']);
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) {
send_nosniff_header();
nocache_headers();
wp_ajax_upload_attachment();
die('0');
} else {
$post_id = 0;
if (isset($_REQUEST['post_id'])) {
$post_id = absint($_REQUEST['post_id']);
if (!get_post($post_id) || !current_user_can('edit_post', $post_id)) {
$post_id = 0;
}
}
$id = media_handle_upload('async-upload', $post_id);
if (is_wp_error($id)) {
echo '<div class="error-div error">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>
<strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '</strong><br />' . esc_html($id->get_error_message()) . '</div>';
exit;
}
if (isset($_REQUEST['short']) && $_REQUEST['short']) {
// Short form response - attachment ID only.
echo $id;
} elseif (isset($_REQUEST['type'])) {
// Long form response - big chunk o html.
$type = $_REQUEST['type'];
/**
* Filter the returned ID of an uploaded attachment.
*
* The dynamic portion of the hook name, `$type`, refers to the attachment type,
* such as 'image', 'audio', 'video', 'file', etc.
*
* @since 1.2.0
*
* @param int $id Uploaded attachment ID.
*/
echo apply_filters("async_upload_{$type}", $id);
}
}
}
die;
}
/**
* Our own Ajax response, avoiding calling admin-ajax
*/
function ajax_response()
{
// Only proceed if the url query has a key of "Infinity"
if (!self::got_infinity()) {
return false;
}
define('DOING_AJAX', true);
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
do_action('custom_ajax_infinite_scroll');
die('0');
}
public function run_ajax()
{
global $wp_query;
if ($wp_query->get("no-admin-ajax")) {
// Constant for plugins to know that we are on an AJAX request
define("DOING_AJAX", true);
// If we don't have an action, do nothing
if (!isset($_REQUEST["action"])) {
die(0);
}
// Escape the parameter to prevent disastrous things
$action = esc_attr($_REQUEST["action"]);
// Run customized no-admin-ajax methods with action "no-admin-ajax/before"
do_action("no-admin-ajax/before");
// Run customized no-admin-ajax methods for specific ajax actions with "no-admin-ajax/before/{action}"
do_action("no-admin-ajax/before/" . $action);
// Same headers as WordPress normal AJAX routine sends
$default_headers = array("Content-Type: text/html; charset=" . get_option("blog_charset"), "X-Robots-Tag: noindex");
// Filter to customize the headers sent by ajax calls
$headers = apply_filters("no-admin-ajax/headers", $default_headers);
// Send the headers to the user
if (is_array($headers) && count($headers) > 0) {
foreach ($headers as $header) {
@header($header);
}
}
send_nosniff_header();
nocache_headers();
// Run the actions
if (is_user_logged_in()) {
do_action("wp_ajax_" . $action);
} else {
do_action("wp_ajax_nopriv_" . $action);
}
die(0);
}
}
