/**
* {@internal Missing Short Description}}
*
* @since 2.5.0
*
* @return unknown
*/
function media_upload_form_handler()
{
check_admin_referer('media-form');
$errors = null;
if (isset($_POST['send'])) {
$keys = array_keys($_POST['send']);
$send_id = (int) array_shift($keys);
}
if (!empty($_POST['attachments'])) {
foreach ($_POST['attachments'] as $attachment_id => $attachment) {
$post = $_post = get_post($attachment_id, ARRAY_A);
$post_type_object = get_post_type_object($post['post_type']);
if (!current_user_can($post_type_object->cap->edit_post, $attachment_id)) {
continue;
}
if (isset($attachment['post_content'])) {
$post['post_content'] = $attachment['post_content'];
}
if (isset($attachment['post_title'])) {
$post['post_title'] = $attachment['post_title'];
}
if (isset($attachment['post_excerpt'])) {
$post['post_excerpt'] = $attachment['post_excerpt'];
}
if (isset($attachment['menu_order'])) {
$post['menu_order'] = $attachment['menu_order'];
}
if (isset($send_id) && $attachment_id == $send_id) {
if (isset($attachment['post_parent'])) {
$post['post_parent'] = $attachment['post_parent'];
}
}
$post = apply_filters('attachment_fields_to_save', $post, $attachment);
if (isset($attachment['image_alt'])) {
$image_alt = get_post_meta($attachment_id, '_nxt_attachment_image_alt', true);
if ($image_alt != stripslashes($attachment['image_alt'])) {
$image_alt = nxt_strip_all_tags(stripslashes($attachment['image_alt']), true);
// update_meta expects slashed
update_post_meta($attachment_id, '_nxt_attachment_image_alt', addslashes($image_alt));
}
}
if (isset($post['errors'])) {
$errors[$attachment_id] = $post['errors'];
unset($post['errors']);
}
if ($post != $_post) {
nxt_update_post($post);
}
foreach (get_attachment_taxonomies($post) as $t) {
if (isset($attachment[$t])) {
nxt_set_object_terms($attachment_id, array_map('trim', preg_split('/,+/', $attachment[$t])), $t, false);
}
}
}
}
if (isset($_POST['insert-gallery']) || isset($_POST['update-gallery'])) {
?>
<script type="text/javascript">
/* <![CDATA[ */
var win = window.dialogArguments || opener || parent || top;
win.tb_remove();
/* ]]> */
</script>
<?php
exit;
}
if (isset($send_id)) {
$attachment = stripslashes_deep($_POST['attachments'][$send_id]);
$html = $attachment['post_title'];
if (!empty($attachment['url'])) {
$rel = '';
if (strpos($attachment['url'], 'attachment_id') || get_attachment_link($send_id) == $attachment['url']) {
$rel = " rel='attachment nxt-att-" . esc_attr($send_id) . "'";
}
$html = "<a href='{$attachment['url']}'{$rel}>{$html}</a>";
}
$html = apply_filters('media_send_to_editor', $html, $send_id, $attachment);
return media_send_to_editor($html);
}
return $errors;
}
/**
* Sanitize a string from user input or from the db
*
* check for invalid UTF-8,
* Convert single < characters to entity,
* strip all tags,
* remove line breaks, tabs and extra whitre space,
* strip octets.
*
* @since 2.9
*
* @param string $str
* @return string
*/
function sanitize_text_field($str)
{
$filtered = nxt_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = nxt_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = nxt_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered));
}
$match = array();
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
return apply_filters('sanitize_text_field', $filtered, $str);
}
