} elseif ($_POST['type'] == '2') {
            $acceptedExts = "audio";
        }
    }
    // A file is uploaded
    if (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])) {
        if ($_FILES['file']['error'] == UPLOAD_ERR_OK) {
            //no error
            $special_chars = array(' ', '`', '"', '\'', '\\', '/', " ", "#", "\$", "%", "^", "&", "*", "!", "~", "‘", "\"", "’", "'", "=", "?", "/", "[", "]", "(", ")", "|", "<", ">", ";", "\\", ",", "+", "-");
            $filename = str_replace($special_chars, '', $_FILES['file']['name']);
            $filename = time() . $filename;
            @move_uploaded_file($_FILES['file']['tmp_name'], MF_FILES_PATH . $filename);
            @chmod(MF_FILES_PATH . $filename, 0644);
            $result_msg = "<font color=\"green\"><b>" . __("Successful upload!", $mf_domain) . "</b></font>";
            //Checking the mimetype of the file
            if (valid_mime($_FILES['file']['type'], $acceptedExts)) {
                $operationSuccess = "true";
            } else {
                $operationSuccess = "false";
                //deleting unaccepted file
                $file_delete = MF_FILES_PATH . $filename;
                unlink($file_delete);
            }
            if ($operationSuccess == "true") {
                //adding the image to  WP media
                $query = "INSERT INTO  " . $wpdb->prefix . 'posts  (
				post_author,
				post_date,
				post_date_gmt,
 				post_content,
				post_title,
Example #2
0
    } else {
        //TODO: here users should be set what mime types
        //are safety for the "files" type of field
        return true;
    }
    return false;
}
?>
<html>
<head>
<?php 
if (isset($_POST['fileframe'])) {
    $resp = array('error' => true, 'field_id' => $_POST['input_name'], 'msg' => __("Upload Unsuccessful", $mf_domain));
    if (isset($_FILES['file']) && !empty($_FILES['file']['tmp_name'])) {
        if ($_FILES['file']['error'] == UPLOAD_ERR_OK) {
            if (valid_mime($_FILES['file']['type'], $_POST['type'])) {
                if (!wp_verify_nonce($_POST['checking'], 'nonce_upload_file')) {
                    $resp['msg'] = __('Sorry, your nonce did not verify.', $mf_domain);
                } else {
                    $special_chars = array(' ', '`', '"', '\'', '\\', '/', " ", "#", "\$", "%", "^", "&", "*", "!", "~", "‘", "\"", "’", "'", "=", "?", "/", "[", "]", "(", ")", "|", "<", ">", ";", "\\", ",", "+", "-");
                    $filename = str_replace($special_chars, '', $_FILES['file']['name']);
                    $filename = time() . $filename;
                    @move_uploaded_file($_FILES['file']['tmp_name'], MF_FILES_DIR . $filename);
                    @chmod(MF_FILES_DIR . $filename, 0644);
                    $info = pathinfo(MF_FILES_DIR . $filename);
                    $resp = array('error' => false, 'name' => $filename, 'ext' => $info['extension'], 'field_id' => $_POST['input_name'], 'file_path' => MF_FILES_DIR . $filename, 'file_url' => MF_FILES_URL . $filename, 'encode_file_url' => urlencode(MF_FILES_URL . $filename), 'phpthumb' => PHPTHUMB, 'msg' => __("Successful upload", $mf_domain));
                }
            } else {
                $resp['msg'] = __("Failed to upload the file!", $mf_domain);
            }
        } elseif ($_FILES['file']['error'] == UPLOAD_ERR_INI_SIZE) {