} elseif ($_POST['type'] == '2') { $acceptedExts = "audio"; } } // A file is uploaded if (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])) { if ($_FILES['file']['error'] == UPLOAD_ERR_OK) { //no error $special_chars = array(' ', '`', '"', '\'', '\\', '/', " ", "#", "\$", "%", "^", "&", "*", "!", "~", "‘", "\"", "’", "'", "=", "?", "/", "[", "]", "(", ")", "|", "<", ">", ";", "\\", ",", "+", "-"); $filename = str_replace($special_chars, '', $_FILES['file']['name']); $filename = time() . $filename; @move_uploaded_file($_FILES['file']['tmp_name'], MF_FILES_PATH . $filename); @chmod(MF_FILES_PATH . $filename, 0644); $result_msg = "<font color=\"green\"><b>" . __("Successful upload!", $mf_domain) . "</b></font>"; //Checking the mimetype of the file if (valid_mime($_FILES['file']['type'], $acceptedExts)) { $operationSuccess = "true"; } else { $operationSuccess = "false"; //deleting unaccepted file $file_delete = MF_FILES_PATH . $filename; unlink($file_delete); } if ($operationSuccess == "true") { //adding the image to WP media $query = "INSERT INTO " . $wpdb->prefix . 'posts ( post_author, post_date, post_date_gmt, post_content, post_title,
} else { //TODO: here users should be set what mime types //are safety for the "files" type of field return true; } return false; } ?> <html> <head> <?php if (isset($_POST['fileframe'])) { $resp = array('error' => true, 'field_id' => $_POST['input_name'], 'msg' => __("Upload Unsuccessful", $mf_domain)); if (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])) { if ($_FILES['file']['error'] == UPLOAD_ERR_OK) { if (valid_mime($_FILES['file']['type'], $_POST['type'])) { if (!wp_verify_nonce($_POST['checking'], 'nonce_upload_file')) { $resp['msg'] = __('Sorry, your nonce did not verify.', $mf_domain); } else { $special_chars = array(' ', '`', '"', '\'', '\\', '/', " ", "#", "\$", "%", "^", "&", "*", "!", "~", "‘", "\"", "’", "'", "=", "?", "/", "[", "]", "(", ")", "|", "<", ">", ";", "\\", ",", "+", "-"); $filename = str_replace($special_chars, '', $_FILES['file']['name']); $filename = time() . $filename; @move_uploaded_file($_FILES['file']['tmp_name'], MF_FILES_DIR . $filename); @chmod(MF_FILES_DIR . $filename, 0644); $info = pathinfo(MF_FILES_DIR . $filename); $resp = array('error' => false, 'name' => $filename, 'ext' => $info['extension'], 'field_id' => $_POST['input_name'], 'file_path' => MF_FILES_DIR . $filename, 'file_url' => MF_FILES_URL . $filename, 'encode_file_url' => urlencode(MF_FILES_URL . $filename), 'phpthumb' => PHPTHUMB, 'msg' => __("Successful upload", $mf_domain)); } } else { $resp['msg'] = __("Failed to upload the file!", $mf_domain); } } elseif ($_FILES['file']['error'] == UPLOAD_ERR_INI_SIZE) {