function wfu_process_media_insert($file_path, $page_id)
{
$wp_upload_dir = wp_upload_dir();
$filetype = wp_check_filetype(wfu_basename($file_path), null);
$attachment = array('guid' => $wp_upload_dir['url'] . '/' . wfu_basename($file_path), 'post_mime_type' => $filetype['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', wfu_basename($file_path)), 'post_content' => '', 'post_status' => 'inherit');
$attach_id = wp_insert_attachment($attachment, $file_path, $page_id);
// If file is an image, process the default thumbnails for previews
require_once ABSPATH . 'wp-admin/includes/image.php';
$attach_data = wp_generate_attachment_metadata($attach_id, $file_path);
$update_attach = wp_update_attachment_metadata($attach_id, $attach_data);
return $attach_id;
}
function wfu_download_file()
{
$file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$ticket = isset($_POST['ticket']) ? $_POST['ticket'] : (isset($_GET['ticket']) ? $_GET['ticket'] : '');
if ($file_code == '' || $ticket == '') {
die;
}
$ticket = wfu_sanitize_code($ticket);
//if download ticket does not exist or is expired die
if (!isset($_SESSION['wfu_download_ticket_' . $ticket]) || time() > $_SESSION['wfu_download_ticket_' . $ticket]) {
die;
}
//destroy ticket so it cannot be used again
unset($_SESSION['wfu_download_ticket_' . $ticket]);
$file_code = wfu_sanitize_code($file_code);
//if file_code starts with exportdata, then this is a request for export of
//uploaded file data, so disposition_name will not be the filename of the file
//but wfu_export.csv; also set flag to delete file after download operation
if (substr($file_code, 0, 10) == "exportdata") {
$file_code = substr($file_code, 10);
$filepath = wfu_get_filepath_from_safe($file_code);
$disposition_name = "wfu_export.csv";
$delete_file = true;
} else {
$filepath = wfu_get_filepath_from_safe($file_code);
if ($filepath === false) {
die;
}
$filepath = wfu_flatten_path($filepath);
if (substr($filepath, 0, 1) == "/") {
$filepath = substr($filepath, 1);
}
$filepath = substr($filepath, 0, 6) == 'ftp://' || substr($filepath, 0, 7) == 'ftps://' || substr($filepath, 0, 7) == 'sftp://' ? $filepath : $_SESSION['wfu_ABSPATH'] . $filepath;
$disposition_name = wfu_basename($filepath);
$delete_file = false;
}
//reject download of php files for security reasons
if (wfu_file_extension_restricted($filepath)) {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! File is forbidden for security reasons.");</script>');
}
//check that file exists
if (!file_exists($filepath)) {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! File does not exist.' . $filepath . '");</script>');
}
//get mime type
@set_time_limit(0);
// disable the time limit for this script
$fsize = filesize($filepath);
if ($fd = @fopen($filepath, "rb")) {
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"" . $disposition_name . "\"");
header('Content-Transfer-Encoding: binary');
header('Connection: Keep-Alive');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header("Content-length: {$fsize}");
$failed = false;
while (!feof($fd)) {
$buffer = @fread($fd, 1024 * 8);
echo $buffer;
ob_flush();
flush();
if (connection_status() != 0) {
$failed = true;
break;
}
}
fclose($fd);
} else {
$failed = true;
}
if ($delete_file) {
unset($filepath);
}
if (!$failed) {
$_SESSION['wfu_download_status_' . $ticket] = 'downloaded';
die;
} else {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! Could not download file.");</script>');
}
}
function wfu_process_files($params, $method)
{
$sid = $params["uploadid"];
$sesid = session_id();
$user = wp_get_current_user();
if (0 == $user->ID) {
$user_id = 0;
$user_login = "******";
$user_email = "";
$is_admin = false;
} else {
$user_id = $user->ID;
$user_login = $user->user_login;
$user_email = $user->user_email;
$is_admin = current_user_can('manage_options');
}
$plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
$unique_id = sanitize_text_field($_POST['uniqueuploadid_' . $sid]);
// determine if this routine is only for checking the file
$only_check = isset($_POST['only_check']) ? $_POST['only_check'] == "1" : false;
$suppress_admin_messages = $params["adminmessages"] != "true" || !$is_admin;
$success_count = 0;
$warning_count = 0;
$error_count = 0;
$default_colors = wfu_prepare_message_colors(WFU_VAR("WFU_DEFAULTMESSAGECOLORS"));
$notify_only_filename_list = "";
$notify_target_path_list = "";
$notify_attachment_list = "";
$uploadedfile = 'uploadedfile_' . $sid;
$hiddeninput = 'hiddeninput_' . $sid;
$allowed_patterns = explode(",", $params["uploadpatterns"]);
foreach ($allowed_patterns as $key => $allowed_pattern) {
$allowed_patterns[$key] = trim($allowed_pattern);
}
$userdata_fields = $params["userdata_fields"];
foreach ($userdata_fields as $userdata_key => $userdata_field) {
$userdata_fields[$userdata_key]["value"] = isset($_POST[$hiddeninput . '_userdata_' . $userdata_key]) ? strip_tags($_POST[$hiddeninput . '_userdata_' . $userdata_key]) : "";
}
$params_output_array["version"] = "full";
$params_output_array["general"]['shortcode_id'] = $sid;
$params_output_array["general"]['unique_id'] = $unique_id;
$params_output_array["general"]['state'] = 0;
$params_output_array["general"]['files_count'] = 0;
$params_output_array["general"]['update_wpfilebase'] = "";
$params_output_array["general"]['redirect_link'] = $params["redirect"] == "true" ? $params["redirectlink"] : "";
$params_output_array["general"]['upload_finish_time'] = 0;
$params_output_array["general"]['message'] = "";
$params_output_array["general"]['message_type'] = "";
$params_output_array["general"]['admin_messages']['wpfilebase'] = "";
$params_output_array["general"]['admin_messages']['notify'] = "";
$params_output_array["general"]['admin_messages']['redirect'] = "";
$params_output_array["general"]['admin_messages']['other'] = "";
$params_output_array["general"]['errors']['wpfilebase'] = "";
$params_output_array["general"]['errors']['notify'] = "";
$params_output_array["general"]['errors']['redirect'] = "";
$params_output_array["general"]['color'] = $default_colors['color'];
$params_output_array["general"]['bgcolor'] = $default_colors['bgcolor'];
$params_output_array["general"]['borcolor'] = $default_colors['borcolor'];
$params_output_array["general"]['notify_only_filename_list'] = "";
$params_output_array["general"]['notify_target_path_list'] = "";
$params_output_array["general"]['notify_attachment_list'] = "";
$params_output_array["general"]['fail_message'] = "";
$params_output_array["general"]['fail_admin_message'] = "";
/* safe_output is a minimized version of params_output_array, that is passed as text, in case JSON parse fails
its data are separated by semicolon (;) and are the following:
upload state: the upload state number
default colors: the default color, bgcolor and borcolor values, separated by comma(,)
file_count: the number of files processed
filedata: message type, header, message and admin message of each file, encoded and separated by comma (,) */
$params_output_array["general"]['safe_output'] = "";
/* js_script is javascript code that is executed after each file upload and is defined in wfu_after_file_upload action */
$params_output_array["general"]['js_script'] = "";
/* adjust $uploadedfile variable (holding file data) if this is a redirection caused because the browser of the user could not handle AJAX upload */
if (isset($_FILES[$uploadedfile . '_redirected'])) {
$uploadedfile .= '_redirected';
}
/* notify admin if this is a redirection caused because the browser of the user could not handle AJAX upload */
$params_output_array["general"]['admin_messages']['other'] = $params['adminerrors'];
if (isset($_FILES[$uploadedfile]['error']) || $only_check) {
$files_count = 1;
// in case of checking of file, then the $_FILES variable has not been set because no file has been uploaded,
// so we set it manually in order to allow the routine to continue
if ($only_check) {
$_FILES[$uploadedfile]['name'] = wfu_plugin_decode_string($_POST[$uploadedfile . '_name']);
$_FILES[$uploadedfile]['type'] = 'any';
$_FILES[$uploadedfile]['tmp_name'] = 'any';
$_FILES[$uploadedfile]['error'] = '';
$_FILES[$uploadedfile]['size'] = $_POST[$uploadedfile . '_size'];
}
} else {
$files_count = 0;
}
$params_output_array["general"]['files_count'] = $files_count;
// index of uploaded file in case of ajax uploads (in ajax uploads only one file is uploaded in every ajax call)
// the index is used to store any file data in session variables, in case the file is uploaded in two or more passes
// (like the case were in the first pass it is only checked)
$single_file_index = isset($_POST[$uploadedfile . '_index']) ? $_POST[$uploadedfile . '_index'] : -1;
/* append userdata fields to upload path */
$search = array();
$replace = array();
foreach ($userdata_fields as $userdata_key => $userdata_field) {
$ind = 1 + $userdata_key;
array_push($search, '/%userdata' . $ind . '%/');
array_push($replace, $userdata_field["value"]);
}
$params["uploadpath"] = preg_replace($search, $replace, $params["uploadpath"]);
/* append subfolder name to upload path */
if ($params["askforsubfolders"] == "true") {
if ($params["subfoldertree"] == "auto+" && $params['subdir_selection_index'] != '') {
if (substr($params["uploadpath"], -1, 1) == "/") {
$params["uploadpath"] .= $params['subdir_selection_index'];
} else {
$params["uploadpath"] .= '/' . $params['subdir_selection_index'];
}
} elseif ($params["subfoldertree"] != "auto+" && $params['subdir_selection_index'] >= 1) {
if (substr($params["uploadpath"], -1, 1) == "/") {
$params["uploadpath"] .= $params['subfoldersarray'][$params['subdir_selection_index']];
} else {
$params["uploadpath"] .= '/' . $params['subfoldersarray'][$params['subdir_selection_index']];
}
}
}
if ($files_count == 1) {
foreach ($_FILES[$uploadedfile] as $key => $prop) {
$fileprops[$key] = $prop;
}
$upload_path_ok = false;
$allowed_file_ok = false;
$size_file_ok = false;
$size_file_phpenv_ok = true;
$ignore_server_actions = false;
$file_output['color'] = $default_colors['color'];
$file_output['bgcolor'] = $default_colors['bgcolor'];
$file_output['borcolor'] = $default_colors['borcolor'];
$file_output['header'] = "";
$file_output['message'] = "";
$file_output['message_type'] = "";
$file_output['admin_messages'] = "";
$file_output['uploaded_file_props'] = "";
$fileid = -1;
// determine if file data have been saved to session variables, due to a previous pass of this file
$file_map = "filedata_" . $unique_id . "_" . $single_file_index;
// retrieve unique id of the file, used in filter actions for identifying each separate file
$file_unique_id = isset($_SESSION[$file_map]) ? $_SESSION[$file_map]['file_unique_id'] : '';
$filedata_previously_defined = $file_unique_id != '';
/* generate unique id for each file for use in filter actions if it has not been previously defined */
if (!$filedata_previously_defined) {
$file_unique_id = wfu_create_random_string(20);
}
/* Get uploaded file size in Mbytes */
// correct file size in case of checking of file otherwise $upload_file_size will be zero and the routine will fail
if ($only_check) {
$upload_file_size = $fileprops['size'];
if ($upload_file_size == 0) {
$upload_file_size++;
}
} else {
$upload_file_size = filesize($fileprops['tmp_name']);
if ($upload_file_size == 0 && file_exists($fileprops['tmp_name']) && $fileprops['error'] == 0) {
$upload_file_size++;
}
}
$upload_file_size_MB = $upload_file_size / 1024 / 1024;
$only_filename = $fileprops['name'];
$target_path = wfu_upload_plugin_full_path($params) . $only_filename;
if ($upload_file_size > 0) {
/* Section to perform filter action wfu_before_file_check before file is checked in order to perform
any filename or userdata modifications or reject the upload of the file by setting error_message item
of $ret_data array to a non-empty value */
$filter_error_message = '';
$filter_admin_message = '';
if ($file_unique_id != '' && !$filedata_previously_defined) {
/* store file data and upload result to filemap session array
for use by after_upload filters */
if (!isset($_SESSION["filedata_" . $unique_id])) {
$_SESSION["filedata_" . $unique_id] = array();
}
$real_file_index = $single_file_index;
if ($single_file_index == -1) {
$real_file_index = $i;
}
// get correct file size
if ($only_check) {
$filesize = $fileprops['size'];
} else {
$filesize = filesize($fileprops['tmp_name']);
}
$_SESSION["filedata_" . $unique_id][$real_file_index] = array("file_unique_id" => $file_unique_id, "original_filename" => $only_filename, "filesize" => $filesize);
// prepare parameters for wfu_before_file_check filter
$changable_data['file_path'] = $target_path;
$changable_data['user_data'] = $userdata_fields;
$changable_data['error_message'] = $filter_error_message;
$changable_data['admin_message'] = $filter_admin_message;
$additional_data['shortcode_id'] = $sid;
$additional_data['file_unique_id'] = $file_unique_id;
$additional_data['file_size'] = $filesize;
$additional_data['user_id'] = $user->ID;
$additional_data['page_id'] = $params["pageid"];
$ret_data = apply_filters('wfu_before_file_check', $changable_data, $additional_data);
$target_path = $ret_data['file_path'];
$only_filename = wfu_basename($target_path);
$userdata_fields = $ret_data['user_data'];
$filter_error_message = $ret_data['error_message'];
$filter_admin_message = $ret_data['admin_message'];
// if this is a file check, which means that a second pass of the file will follow, then we do not want to
// apply the filters again, so we store the changable data to session variables for this specific file
if ($only_check) {
$_SESSION[$file_map]['file_unique_id'] = $file_unique_id;
$_SESSION[$file_map]['filepath'] = $target_path;
$_SESSION[$file_map]['userdata'] = $userdata_fields;
}
}
// if this is a second pass of the file, because a first pass with file checking was done before, then retrieve
// file data that may have previously changed because of application of filters
if ($filedata_previously_defined) {
$target_path = $_SESSION[$file_map]['filepath'];
$only_filename = wfu_basename($target_path);
$userdata_fields = $_SESSION[$file_map]['userdata'];
}
if ($filter_error_message != '') {
//errorabort flag designates that file will be aborted and no resuming will be attempted
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $filter_error_message);
if ($filter_admin_message != '') {
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $filter_admin_message);
}
} else {
/* generate safe filename by removing invalid characters if forcefilename is deactivated */
if ($params['forcefilename'] != "true") {
$only_filename = wfu_upload_plugin_clean($only_filename);
//reconstruct target_path
$target_path = wfu_basedir($target_path) . $only_filename;
}
/* if medialink or postlink is activated then the target path becomes the current wordpress upload folder */
if ($params["medialink"] == "true" || $params["postlink"] == "true") {
$mediapath = wp_upload_dir();
$target_path = $mediapath['path'] . '/' . $only_filename;
}
/* Check if upload path exist */
if (is_dir(wfu_basedir($target_path))) {
$upload_path_ok = true;
} else {
if ($params["createpath"] == "true") {
$wfu_create_directory_ret = wfu_create_directory(wfu_basedir($target_path), $params["accessmethod"], $params["ftpinfo"]);
if ($wfu_create_directory_ret != "") {
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_create_directory_ret);
}
if (is_dir(wfu_basedir($target_path))) {
$upload_path_ok = true;
}
}
}
/* File name control, reject files with .php, .js (and other) extensions for security reasons.
This is the first pass of extension control, which only checks the filename.
A second pass is performed after the file has completely uploaded, using WP inherent file
extension control, which provides better security. */
if (!wfu_file_extension_restricted(strtolower($only_filename))) {
foreach ($allowed_patterns as $allowed_pattern) {
if (wfu_upload_plugin_wildcard_match($allowed_pattern, $only_filename)) {
$allowed_file_ok = true;
break;
}
}
}
/* File size control */
if ($upload_file_size_MB <= $params["maxsize"]) {
if ($params['php_env'] == '32bit' && $upload_file_size > 2147483647) {
$size_file_phpenv_ok = false;
} else {
$size_file_ok = true;
}
}
if (!$upload_path_ok or !$allowed_file_ok or !$size_file_ok) {
//abort the file, no resuming will be attempted
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UPLOAD_FAILED);
if (!$upload_path_ok) {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_EXIST);
}
if (!$allowed_file_ok) {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_ALLOW);
}
if (!$size_file_ok) {
if ($size_file_phpenv_ok) {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_PLUGIN_SIZE);
} else {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_PLUGIN_2GBSIZE);
}
}
}
}
} else {
// This block is executed when there is an error
$upload_error = $fileprops['error'];
if ($upload_error == 1) {
$message_text = WFU_ERROR_FILE_PHP_SIZE;
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_PHP_SIZE);
} elseif ($upload_error == 2) {
$message_text = WFU_ERROR_FILE_HTML_SIZE;
} elseif ($upload_error == 3) {
$message_text = WFU_ERROR_FILE_PARTIAL;
} elseif ($upload_error == 4) {
$message_text = WFU_ERROR_FILE_NOTHING;
} elseif ($upload_error == 6) {
$message_text = WFU_ERROR_DIR_NOTEMP;
} elseif ($upload_error == 7) {
$message_text = WFU_ERROR_FILE_WRITE;
} elseif ($upload_error == 8) {
$message_text = WFU_ERROR_UPLOAD_STOPPED;
} else {
$upload_time_limit = ini_get("max_input_time");
$params_output_array["general"]['upload_finish_time'] = $params["upload_start_time"] + $upload_time_limit * 1000;
$message_text = WFU_ERROR_FILE_PHP_TIME;
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_PHP_TIME);
}
//error (and not errorabort) flag designates that a resuming of the file may be attempted
$file_output['message_type'] = "error";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $message_text);
}
$message_processed = false;
// if ( $upload_path_ok and $allowed_file_ok and $size_file_ok ) {
if (substr($file_output['message_type'], 0, 5) != "error") {
if (is_uploaded_file($fileprops['tmp_name']) || $only_check) {
$source_path = $fileprops['tmp_name'];
if ($only_check || $ignore_server_actions) {
$file_copied = true;
} else {
$file_copied = false;
if ($source_path) {
$file_exists = file_exists($target_path);
if (!$file_exists || $params["dublicatespolicy"] == "" || $params["dublicatespolicy"] == "overwrite") {
//redirect echo in internal buffer to receive and process any unwanted warning messages from wfu_upload_file
ob_start();
ob_clean();
/* Apply wfu_before_file_upload filter right before the upload, in order to allow the user to change the file name.
If additional data are required, such as user_id or userdata values, they can be retrieved by implementing the
previous filter wfu_before_file_check, corresponding them to the unique file id */
if ($file_unique_id != '') {
$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
}
//recalculate $only_filename in case it changed with wfu_before_file_upload filter
$only_filename = wfu_basename($target_path);
//move the uploaded file to its final destination
$wfu_upload_file_ret = wfu_upload_file($source_path, $target_path, $params["accessmethod"], $params["ftpinfo"], $params["ftppassivemode"], $params["ftpfilepermissions"]);
$file_copied = $wfu_upload_file_ret["uploaded"];
//process warning messages from wfu_upload_file
$echo_message = ob_get_contents();
//finish redirecting of echo to internal buffer
ob_end_clean();
if ($echo_message != "" && !$file_copied) {
//error (and not errorabort) flag designates that file may be resumed
$file_output['message_type'] = "error";
if (stristr($echo_message, "warning") && stristr($echo_message, "permission denied") && stristr($echo_message, "unable to move")) {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_PERMISSION);
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_DIR_PERMISSION);
} else {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_MOVE);
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], strip_tags($echo_message));
}
$message_processed = true;
}
if ($wfu_upload_file_ret["admin_message"] != "") {
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_upload_file_ret["admin_message"]);
}
} else {
if ($file_exists && $params["dublicatespolicy"] == "maintain both") {
$full_path = wfu_basedir($target_path);
$name_part = $only_filename;
$ext_part = "";
$dot_pos = strrpos($name_part, ".");
if ($dot_pos) {
$ext_part = substr($name_part, $dot_pos);
$name_part = substr($name_part, 0, $dot_pos);
}
if ($params["uniquepattern"] != "datetimestamp") {
$unique_ind = 1;
do {
$unique_ind += 1;
$only_filename = $name_part . "(" . $unique_ind . ")" . $ext_part;
$target_path = $full_path . $only_filename;
} while (file_exists($target_path));
} else {
$current_datetime = gmdate("U") - 1;
do {
$current_datetime += 1;
$only_filename = $name_part . "-" . gmdate("YmdHis", $current_datetime) . $ext_part;
$target_path = $full_path . $only_filename;
} while (file_exists($target_path));
}
//redirect echo in internal buffer to receive and process any unwanted warning messages from move_uploaded_file
ob_start();
ob_clean();
/* Apply wfu_before_file_upload filter right before the upload, in order to allow the user to change the file name.
If additional data are required, such as user_id or userdata values, they can be retrieved by implementing the
previous filter wfu_before_file_check, corresponding them to the unique file id */
if ($file_unique_id != '') {
$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
}
//recalculate $only_filename in case it changed with wfu_before_file_upload filter
$only_filename = wfu_basename($target_path);
//move the uploaded file to its final destination
$wfu_upload_file_ret = wfu_upload_file($source_path, $target_path, $params["accessmethod"], $params["ftpinfo"], $params["ftppassivemode"], $params["ftpfilepermissions"]);
$file_copied = $wfu_upload_file_ret["uploaded"];
//process warning messages from move_uploaded_file
$echo_message = ob_get_contents();
//finish redirecting of echo to internal buffer
ob_end_clean();
if ($echo_message != "" && !$file_copied) {
//error (and not errorabort) flag designates that file may be resumed
$file_output['message_type'] = "error";
if (stristr($echo_message, "warning") && stristr($echo_message, "permission denied") && stristr($echo_message, "unable to move")) {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_PERMISSION);
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_DIR_PERMISSION);
} else {
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_MOVE);
$file_output['admin_messages'] = wfu_join_strings("<br />n", $file_output['admin_messages'], strip_tags($echo_message));
}
$message_processed = true;
}
if ($wfu_upload_file_ret["admin_message"] != "") {
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_upload_file_ret["admin_message"]);
}
} else {
//abort the file and do not allow resuming
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_WARNING_FILE_EXISTS);
$message_processed = true;
$file_copied = false;
}
}
}
}
if ($file_copied) {
/* prepare email notification parameters if email notification is enabled */
if ($params["notify"] == "true" && !$only_check) {
$notify_only_filename_list .= ($notify_only_filename_list == "" ? "" : ", ") . $only_filename;
$notify_target_path_list .= ($notify_target_path_list == "" ? "" : ", ") . $target_path;
if ($params["attachfile"] == "true") {
$notify_attachment_list .= ($notify_attachment_list == "" ? "" : ",") . $target_path;
}
}
/* prepare redirect link if redirection is enabled */
if ($params["redirect"] == "true") {
/* Define dynamic redirect link from variables */
$search = array('/%filename%/', '/%username%/');
$replace = array($only_filename, $user_login);
$params_output_array["general"]['redirect_link'] = trim(preg_replace($search, $replace, $params["redirectlink"]));
}
if (!$message_processed) {
$file_output['message_type'] = "success";
}
} else {
if (!$message_processed) {
//abort the file and do not allow resuming
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
}
}
/* Delete temporary file (in tmp directory) */
// unlink($source_path);
} else {
//abort the file and do not allow resuming
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
}
}
/* last check of output file status */
if ($file_output['message_type'] == "") {
if ($file_copied) {
$file_output['message_type'] = "success";
} else {
//abort the file and do not allow resuming
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
}
}
/* suppress any admin messages if user is not administrator or adminmessages is not activated */
if ($suppress_admin_messages) {
$file_output['admin_messages'] = "";
}
/* set file status to "warning" if the file has been uploaded but there are messages */
if ($file_output['message_type'] == "success") {
if ($file_output['message'] != "" || $file_output['admin_messages'] != "") {
$file_output['message_type'] = "warning";
}
}
/* set success status of the file, to be used for medialink and post actions */
$file_finished_successfully = !$only_check && ($file_output['message_type'] == "success" || $file_output['message_type'] == "warning");
/* set non-success status of the file, to be used for medialink and post actions */
$file_finished_unsuccessfully = substr($file_output['message_type'], 0, 5) == "error";
/* perform custom actions after file is completely uploaded in order to determine if file is valid ir not */
if ($file_finished_successfully && !$ignore_server_actions) {
/* Here the second pass of file extension control is performed after the file has completely
uploaded, using WP inherent functions that determine the real extension from analyzing the
data and not from the filename extension. If this check reveals an extension which is not
permitted then the file will be rejected and erased. If the real extension is different
than the original one but it is permitted, then the file will remain as it is but a warning
message will notify the user that the extension of the file does not match its contents. */
$check = wp_check_filetype_and_ext($target_path, $only_filename, false);
if ($check['proper_filename'] !== false) {
$proper_filename = $check['proper_filename'];
if (wfu_file_extension_restricted(strtolower($only_filename))) {
$file_finished_successfully = false;
$file_finished_unsuccessfully = true;
unlink($target_path);
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_REJECT);
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_WRONGEXT . $check['proper_filename']);
} else {
$file_output['message_type'] = "warning";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_WARNING_FILE_SUSPICIOUS);
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_WARNING_ADMIN_FILE_SUSPICIOUS . $check['proper_filename']);
}
}
// run any wfu_after_file_loaded filters to make any last file checks and accept or reject it
if ($file_finished_successfully) {
$filter_error_message = '';
$filter_admin_message = '';
$changable_data['error_message'] = $filter_error_message;
$changable_data['admin_message'] = $filter_admin_message;
$additional_data['file_unique_id'] = $file_unique_id;
$additional_data['file_path'] = $target_path;
$additional_data['shortcode_id'] = $sid;
$ret_data = apply_filters('wfu_after_file_loaded', $changable_data, $additional_data);
//this is a call to wfu_after_file_complete filters, which is
//the old name of wfu_after_file_loaded filters, for maintaining
//backward compatibility
$ret_data = apply_filters('wfu_after_file_complete', $changable_data, $additional_data);
$filter_error_message = $ret_data['error_message'];
$filter_admin_message = $ret_data['admin_message'];
if ($filter_error_message != '') {
$file_finished_successfully = false;
$file_finished_unsuccessfully = true;
unlink($target_path);
$file_output['message_type'] = "errorabort";
$file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $filter_error_message);
if ($filter_admin_message != '') {
$file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $filter_admin_message);
}
}
}
}
/* adjust message details and colors according to file result */
/* FileResult: A */
$search = array('/%username%/', '/%useremail%/', '/%filename%/', '/%filepath%/');
$replace = array($user_login, $user_email == "" ? "no email" : $user_email, $only_filename, $target_path);
if ($file_output['message_type'] == "success") {
$success_count++;
$color_array = explode(",", $params['successmessagecolors']);
$file_output['color'] = $color_array[0];
$file_output['bgcolor'] = $color_array[1];
$file_output['borcolor'] = $color_array[2];
$file_output['header'] = preg_replace($search, $replace, $params['successmessage']);
/* prepare details of successful file upload, visible only to administrator */
$file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_SUCCESSMESSAGE_DETAILS), $file_output['admin_messages']);
} elseif ($file_output['message_type'] == "warning") {
$warning_count++;
$color_array = explode(",", $params['warningmessagecolors']);
$file_output['color'] = $color_array[0];
$file_output['bgcolor'] = $color_array[1];
$file_output['borcolor'] = $color_array[2];
$file_output['header'] = preg_replace($search, $replace, $params['warningmessage']);
/* prepare and prepend details of successful file upload, visible only to administrator */
$file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_SUCCESSMESSAGE_DETAILS), $file_output['admin_messages']);
} elseif (substr($file_output['message_type'], 0, 5) == "error") {
$error_count++;
$color_array = explode(",", $params['failmessagecolors']);
$file_output['color'] = $color_array[0];
$file_output['bgcolor'] = $color_array[1];
$file_output['borcolor'] = $color_array[2];
$replace = array($user_login, $user_email == "" ? "no email" : $user_email, $only_filename, $target_path);
$file_output['header'] = preg_replace($search, $replace, $params['errormessage']);
/* prepare and prepend details of failed file upload, visible only to administrator */
$file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_FAILMESSAGE_DETAILS), $file_output['admin_messages']);
}
/* suppress again any admin messages if user is not administrator or adminmessages is not activated */
if ($suppress_admin_messages) {
$file_output['admin_messages'] = "";
}
$params_output_array[0] = $file_output;
if ($file_unique_id != '' && $file_finished_unsuccessfully && !$ignore_server_actions) {
/* Apply wfu_after_file_upload filter after failed upload, in order to allow the user to perform any post-upload actions.
If additional data are required, such as user_id or userdata values or filepath, they can be retrieved by implementing
the previous filters wfu_before_file_check and wfu_before_file_upload, corresponding them to the unique file id.
This actions allows to define custom javascript code to run after each file finishes (either succeeded or failed).
For backward compatibility, the wfu_after_file_upload action that was implemented in previous version of the plugin
still remains. */
$changable_data['ret_value'] = null;
$changable_data['js_script'] = '';
$additional_data['shortcode_id'] = $sid;
$additional_data['file_unique_id'] = $file_unique_id;
$additional_data['upload_result'] = $file_output['message_type'];
$additional_data['error_message'] = $file_output['message'];
$additional_data['admin_messages'] = $file_output['admin_messages'];
$ret_data = apply_filters('wfu_after_file_upload', $changable_data, $additional_data);
$params_output_array["general"]['js_script'] = $ret_data['js_script'];
// do_action('wfu_after_file_upload', $file_unique_id, $file_output['message_type'], $file_output['message'], $file_output['admin_messages']);
}
if ($file_finished_successfully && !$ignore_server_actions) {
/* log file upload action if file has finished uploading successfully */
$fileid = wfu_log_action('upload', $target_path, $user->ID, $unique_id, $params['pageid'], $params['blogid'], $sid, $userdata_fields);
/* Apply wfu_after_file_upload filter after failed upload, in order to allow the user to perform any post-upload actions.
If additional data are required, such as user_id or userdata values or filepath, they can be retrieved by implementing
the previous filters wfu_before_file_check and wfu_before_file_upload, corresponding them to the unique file id.
This actions allows to define custom javascript code to run after each file finishes (either suceeded or failed).
For backward compatibility, the wfu_after_file_upload action that was implemented in previous version of the plugin
still remains. */
$changable_data['ret_value'] = null;
$changable_data['js_script'] = '';
$additional_data['shortcode_id'] = $sid;
$additional_data['file_unique_id'] = $file_unique_id;
$additional_data['upload_result'] = $file_output['message_type'];
$additional_data['error_message'] = $file_output['message'];
$additional_data['admin_messages'] = $file_output['admin_messages'];
$ret_data = apply_filters('wfu_after_file_upload', $changable_data, $additional_data);
$params_output_array["general"]['js_script'] = $ret_data['js_script'];
// do_action('wfu_after_file_upload', $file_unique_id, $file_output['message_type'], $file_output['message'], $file_output['admin_messages']);
}
/* add file to Media or attach file to current post if any of these options is activated and the file has finished uploading successfully */
if (($params["medialink"] == "true" || $params["postlink"] == "true") && $file_finished_successfully && !$ignore_server_actions) {
$pageid = $params["postlink"] == "true" ? $params['pageid'] : 0;
wfu_process_media_insert($target_path, $pageid);
}
/* store final file data and upload result to filemap session array for
use by after_upload filters */
$real_file_index = $single_file_index;
if ($single_file_index == -1) {
$real_file_index = $i;
}
if (($file_finished_successfully || $file_finished_unsuccessfully) && isset($_SESSION["filedata_" . $unique_id][$real_file_index]) && !$ignore_server_actions) {
$_SESSION["filedata_" . $unique_id][$real_file_index]["filepath"] = $target_path;
$_SESSION["filedata_" . $unique_id][$real_file_index]["user_data"] = $userdata_fields;
$_SESSION["filedata_" . $unique_id][$real_file_index]["upload_result"] = $file_output['message_type'];
$_SESSION["filedata_" . $unique_id][$real_file_index]["message"] = $file_output['message'];
$_SESSION["filedata_" . $unique_id][$real_file_index]["admin_messages"] = $file_output['admin_messages'];
}
}
// in case of file check set files_count to 0 in order to denote that the file was not really uploaded
if ($only_check) {
$params_output_array["general"]['files_count'] = 0;
}
$somefiles_Ok = $warning_count + $success_count > 0;
$allfiles_Ok = $somefiles_Ok && $error_count == 0;
/* Prepare WPFileBase Plugin update url, if this option has been selected and only if at least one file has been successfully uploaded.
Execution will happen only if accumulated $params_output_array["general"]['update_wpfilebase'] is not empty */
if ($params["filebaselink"] == "true") {
if ($somefiles_Ok) {
$filebaseurl = site_url();
if (substr($filebaseurl, -1, 1) == "/") {
$filebaseurl = substr($filebaseurl, 0, strlen($filebaseurl) - 1);
}
/* if the following variable is not empty, then WPFileBase Plugin update must be executed
and any admin messages must be suppressed */
$params_output_array["general"]['update_wpfilebase'] = $filebaseurl;
} else {
$params_output_array["general"]['admin_messages']['wpfilebase'] = WFU_WARNING_WPFILEBASE_NOTUPDATED_NOFILES;
$params_output_array["general"]['errors']['wpfilebase'] = "error";
}
}
/* Prepare email notification parameters if email notification is enabled and only if at least one file has been successfully uploaded
if $method = "no-ajax" then send the email to the recipients
if $method = "ajax" then return the notification parameters to the handler for further processing
In case of ajax, execution will happen only if accumulated notify_only_filename_list is not empty */
if ($params["notify"] == "true") {
/* verify that there are recipients */
$notifyrecipients = trim(preg_replace('/%useremail%/', $user_email, $params["notifyrecipients"]));
if ($notifyrecipients != "") {
if ($somefiles_Ok) {
if ($method == 'no_ajax' && !$ignore_server_actions) {
$send_error = wfu_send_notification_email($user, $notify_only_filename_list, $notify_target_path_list, $notify_attachment_list, $userdata_fields, $params);
if ($send_error != "") {
$params_output_array["general"]['admin_messages']['notify'] = $send_error;
$params_output_array["general"]['errors']['notify'] = "error";
}
} else {
/* if the following variable is not empty, then email notification must be sent
and any admin messages must be suppressed */
$params_output_array["general"]['notify_only_filename_list'] = $notify_only_filename_list;
$params_output_array["general"]['notify_target_path_list'] = $notify_target_path_list;
$params_output_array["general"]['notify_attachment_list'] = $notify_attachment_list;
}
} else {
$params_output_array["general"]['admin_messages']['notify'] = WFU_WARNING_NOTIFY_NOTSENT_NOFILES;
$params_output_array["general"]['errors']['notify'] = "error";
}
} else {
$params_output_array["general"]['admin_messages']['notify'] = WFU_WARNING_NOTIFY_NOTSENT_NORECIPIENTS;
$params_output_array["general"]['errors']['notify'] = "error";
}
}
/* Prepare redirect link if redirection is enabled and only if all files have been successfully uploaded
Execution will happen only if accumulated redirect_link is not empty and accumulated redirect errors are empty */
if ($params["redirect"] == "true") {
if ($params_output_array["general"]['redirect_link'] == "") {
$params_output_array["general"]['admin_messages']['redirect'] = WFU_WARNING_REDIRECT_NOTEXECUTED_EMPTY;
$params_output_array["general"]['errors']['redirect'] = "error";
} elseif (!$allfiles_Ok) {
$params_output_array["general"]['admin_messages']['redirect'] = WFU_WARNING_REDIRECT_NOTEXECUTED_FILESFAILED;
$params_output_array["general"]['errors']['redirect'] = "error";
}
}
/* suppress any admin messages if user is not administrator or adminmessages is not activated */
if ($suppress_admin_messages) {
$params_output_array["general"]['admin_messages']['wpfilebase'] = "";
$params_output_array["general"]['admin_messages']['notify'] = "";
$params_output_array["general"]['admin_messages']['redirect'] = "";
$params_output_array["general"]['admin_messages']['other'] = "";
}
/* Calculate upload state from file results */
if ($allfiles_Ok && $warning_count == 0) {
$params_output_array["general"]['state'] = 4;
} else {
if ($allfiles_Ok) {
$params_output_array["general"]['state'] = 5;
} else {
if ($somefiles_Ok) {
$params_output_array["general"]['state'] = 6;
} else {
if (!$somefiles_Ok && $error_count > 0) {
$params_output_array["general"]['state'] = 7;
} else {
$params_output_array["general"]['state'] = 8;
}
}
}
}
/* construct safe output */
$sout = $params_output_array["general"]['state'] . ";" . WFU_VAR("WFU_DEFAULTMESSAGECOLORS") . ";" . $files_count;
for ($i = 0; $i < $files_count; $i++) {
$sout .= ";" . wfu_plugin_encode_string($file_output['message_type']);
$sout .= "," . wfu_plugin_encode_string($file_output['header']);
$sout .= "," . wfu_plugin_encode_string($file_output['message']);
$sout .= "," . wfu_plugin_encode_string($file_output['admin_messages']);
$sout .= "," . $file_output['uploaded_file_props'];
}
$params_output_array["general"]['safe_output'] = $sout;
return $params_output_array;
}
function wfu_include_file($file_code)
{
if (!current_user_can('manage_options')) {
return;
}
$plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
if ($plugin_options['includeotherfiles'] != "1") {
return;
}
if (!is_array($file_code)) {
$file_code = array($file_code);
}
$dec_files = array();
foreach ($file_code as $index => $code) {
$file_code[$index] = wfu_sanitize_code($code);
$dec_file = wfu_get_filepath_from_safe($file_code[$index]);
if ($dec_file !== false) {
$dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
//include file if it does not have a forbidden extention and it not already included
if (!wfu_file_extension_restricted(wfu_basename($dec_file)) && wfu_get_file_rec($dec_file, false) == null) {
array_push($dec_files, $dec_file);
}
}
}
if (count($dec_files) == 0) {
return;
}
$user = wp_get_current_user();
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Include") {
foreach ($dec_files as $dec_file) {
$fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
}
}
}
return true;
}
