Example #1
function wfu_get_browser_actions_from_safe($code)
    //sanitize $code
    $code = wfu_sanitize_code($code);
    if ($code == "") {
        return false;
    //return actions from session variable, if exists
    if (!isset($_SESSION['wfu_browser_actions_safe_storage'][$code])) {
        return false;
    return $_SESSION['wfu_browser_actions_safe_storage'][$code];
Example #2
function wfu_ajax_action_download_file_invoker()
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
    //check if user is allowed to download files
    if (!current_user_can('manage_options')) {
    //	$filepath = wfu_plugin_decode_string($file_code);
    $file_code = wfu_sanitize_code($file_code);
    $filepath = wfu_get_filepath_from_safe($file_code);
    if ($filepath === false) {
    $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
    //check if user is allowed to perform this action on this file
    if (!wfu_current_user_owes_file($filepath)) {
    //generate download unique id to monitor this download
    $download_id = wfu_create_random_string(16);
    //store download status of this download
    $_SESSION['wfu_download_status_' . $download_id] = 'starting';
    //generate download ticket which expires in 30sec and store it in session
    //it will be used as security measure for the downloader script, which runs outside Wordpress environment
    $_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
    //generate download monitor ticket which expires in 30sec and store it in session
    //it will be used as security measure for the monitor script that will check download status
    $_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
    //this routine returns a dynamically created iframe element, that will call the actual download script;
    //the actual download script runs outside Wordpress environment in order to ensure that no php warnings
    //or echo from other plugins is generated, that could scramble the downloaded file;
    //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
    //by the time it is consumed by the download script, so it cannot be used again
    $response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
    die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);
Example #3
function wfu_edit_filedetails($file_code)
    global $wpdb;
    $table_name2 = $wpdb->prefix . "wfu_userdata";
    $user = wp_get_current_user();
    $is_admin = current_user_can('manage_options');
    //check if user is allowed to view file details
    if (!$is_admin) {
    $file_code = wfu_sanitize_code($file_code);
    $dec_file = wfu_get_filepath_from_safe($file_code);
    if ($dec_file === false) {
    $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
    //check if user is allowed to perform this action
    if (!wfu_current_user_owes_file($dec_file)) {
    //get file data from database with user data
    $filedata = wfu_get_file_rec($dec_file, true);
    if ($filedata == null) {
    if (isset($_POST['submit'])) {
        if ($_POST['submit'] == "Update") {
            //check for errors
            $is_error = false;
            foreach ($filedata->userdata as $userdata) {
                if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) {
                    $is_error = true;
            if (!$is_error) {
                $now_date = date('Y-m-d H:i:s');
                $userdata_count = 0;
                foreach ($filedata->userdata as $userdata) {
                    //make existing userdata record obsolete
                    $wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s'));
                    //insert new userdata record
                    $wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
                if ($userdata_count > 0) {
                    wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, 0, '', null);
    return true;
Example #4
function wfu_download_file()
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $ticket = isset($_POST['ticket']) ? $_POST['ticket'] : (isset($_GET['ticket']) ? $_GET['ticket'] : '');
    if ($file_code == '' || $ticket == '') {
    $ticket = wfu_sanitize_code($ticket);
    //if download ticket does not exist or is expired die
    if (!isset($_SESSION['wfu_download_ticket_' . $ticket]) || time() > $_SESSION['wfu_download_ticket_' . $ticket]) {
    //destroy ticket so it cannot be used again
    unset($_SESSION['wfu_download_ticket_' . $ticket]);
    $file_code = wfu_sanitize_code($file_code);
    //if file_code starts with exportdata, then this is a request for export of
    //uploaded file data, so disposition_name will not be the filename of the file
    //but wfu_export.csv; also set flag to delete file after download operation
    if (substr($file_code, 0, 10) == "exportdata") {
        $file_code = substr($file_code, 10);
        $filepath = wfu_get_filepath_from_safe($file_code);
        $disposition_name = "wfu_export.csv";
        $delete_file = true;
    } else {
        $filepath = wfu_get_filepath_from_safe($file_code);
        if ($filepath === false) {
        $filepath = wfu_flatten_path($filepath);
        if (substr($filepath, 0, 1) == "/") {
            $filepath = substr($filepath, 1);
        $filepath = substr($filepath, 0, 6) == 'ftp://' || substr($filepath, 0, 7) == 'ftps://' || substr($filepath, 0, 7) == 'sftp://' ? $filepath : $_SESSION['wfu_ABSPATH'] . $filepath;
        $path_parts = pathinfo($filepath);
        $disposition_name = $path_parts["basename"];
        $delete_file = false;
    //reject download of php files for security reasons
    if (wfu_file_extension_restricted($filepath)) {
        $_SESSION['wfu_download_status_' . $ticket] = 'failed';
        die('<script language="javascript">alert("Error! File is forbidden for security reasons.");</script>');
    //check that file exists
    if (!file_exists($filepath)) {
        $_SESSION['wfu_download_status_' . $ticket] = 'failed';
        die('<script language="javascript">alert("Error! File does not exist.' . $filepath . '");</script>');
    //get mime type
    // disable the time limit for this script
    $fsize = filesize($filepath);
    if ($fd = @fopen($filepath, "rb")) {
        header('Content-Type: application/octet-stream');
        header("Content-Disposition: attachment; filename=\"" . $disposition_name . "\"");
        header('Content-Transfer-Encoding: binary');
        header('Connection: Keep-Alive');
        header('Expires: 0');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');
        header("Content-length: {$fsize}");
        $failed = false;
        while (!feof($fd)) {
            $buffer = @fread($fd, 1024 * 8);
            echo $buffer;
            if (connection_status() != 0) {
                $failed = true;
    } else {
        $failed = true;
    if ($delete_file) {
    if (!$failed) {
        $_SESSION['wfu_download_status_' . $ticket] = 'downloaded';
    } else {
        $_SESSION['wfu_download_status_' . $ticket] = 'failed';
        die('<script language="javascript">alert("Error! Could not download file.");</script>');
function wfu_ajax_action_include_file()
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
    if (!current_user_can('manage_options')) {
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_include_file')) {
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    if ($plugin_options['includeotherfiles'] != "1") {
    $file_code = wfu_sanitize_code($file_code);
    $dec_file = wfu_get_filepath_from_safe($file_code);
    if ($dec_file === false) {
    $user = wp_get_current_user();
    $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
    $fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
    if ($fileid !== false) {
        die("wfu_include_file:success:" . $fileid);
    } else {
Example #6
function wordpress_file_upload_manage_dashboard()
    $_POST = stripslashes_deep($_POST);
    $_GET = stripslashes_deep($_GET);
    $action = !empty($_POST['action']) ? $_POST['action'] : (!empty($_GET['action']) ? $_GET['action'] : '');
    $dir = !empty($_POST['dir']) ? $_POST['dir'] : (!empty($_GET['dir']) ? $_GET['dir'] : '');
    $file = !empty($_POST['file']) ? $_POST['file'] : (!empty($_GET['file']) ? $_GET['file'] : '');
    $referer = !empty($_POST['referer']) ? $_POST['referer'] : (!empty($_GET['referer']) ? $_GET['referer'] : '');
    $data_enc = !empty($_POST['data']) ? $_POST['data'] : (!empty($_GET['data']) ? $_GET['data'] : '');
    $postid = !empty($_POST['postid']) ? $_POST['postid'] : (!empty($_GET['postid']) ? $_GET['postid'] : '');
    $nonce = !empty($_POST['nonce']) ? $_POST['nonce'] : (!empty($_GET['nonce']) ? $_GET['nonce'] : '');
    $tag = !empty($_POST['tag']) ? $_POST['tag'] : (!empty($_GET['tag']) ? $_GET['tag'] : '');
    $echo_str = "";
    if ($action == 'edit_settings') {
        $echo_str = wfu_manage_settings();
    } elseif ($action == 'shortcode_composer') {
        $echo_str = wfu_shortcode_composer();
    } elseif ($action == 'file_browser') {
        $echo_str = wfu_browse_files($dir);
    } elseif ($action == 'view_log') {
        $echo_str = wfu_view_log();
    } elseif ($action == 'rename_file' && $file != "") {
        $echo_str = wfu_rename_file_prompt($file, 'file', false);
    } elseif ($action == 'rename_dir' && $file != "") {
        $echo_str = wfu_rename_file_prompt($file, 'dir', false);
    } elseif ($action == 'renamefile' && $file != "") {
        if (wfu_rename_file($file, 'file')) {
            $echo_str = wfu_browse_files($dir);
        } else {
            $echo_str = wfu_rename_file_prompt($file, 'file', true);
    } elseif ($action == 'renamedir' && $file != "") {
        if (wfu_rename_file($file, 'dir')) {
            $echo_str = wfu_browse_files($dir);
        } else {
            $echo_str = wfu_rename_file_prompt($file, 'dir', true);
    } elseif ($action == 'delete_file' && $file != "" && $referer != "") {
        if (substr($file, 0, 5) == "list:") {
            $file = explode(",", substr($file, 5));
        $echo_str = wfu_delete_file_prompt($file, 'file', $referer);
    } elseif ($action == 'delete_dir' && $file != "" && $referer != "") {
        $echo_str = wfu_delete_file_prompt($file, 'dir', $referer);
    } elseif ($action == 'deletefile' && $file != "") {
        if (substr($file, 0, 5) == "list:") {
            $file = explode(",", substr($file, 5));
        wfu_delete_file($file, 'file');
        $referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
        if ($referer_url === false) {
            $referer_url = "";
        $match = array();
        preg_match("/\\&dir=(.*)/", $referer_url, $match);
        $dir = isset($match[1]) ? $match[1] : "";
        $echo_str = wfu_browse_files($dir);
    } elseif ($action == 'deletedir' && $file != "") {
        wfu_delete_file($file, 'dir');
        $referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
        if ($referer_url === false) {
            $referer_url = "";
        $match = array();
        preg_match("/\\&dir=(.*)/", $referer_url, $match);
        $dir = isset($match[1]) ? $match[1] : "";
        $echo_str = wfu_browse_files($dir);
    } elseif ($action == 'create_dir') {
        $echo_str = wfu_create_dir_prompt($dir, false);
    } elseif ($action == 'createdir') {
        if (wfu_create_dir($dir)) {
            $echo_str = wfu_browse_files($dir);
        } else {
            $echo_str = wfu_create_dir_prompt($dir, true);
    } elseif ($action == 'include_file' && $file != "" && $referer != "") {
        if (substr($file, 0, 5) == "list:") {
            $file = explode(",", substr($file, 5));
        $echo_str = wfu_include_file_prompt($file, $referer);
    } elseif ($action == 'includefile' && $file != "") {
        if (substr($file, 0, 5) == "list:") {
            $file = explode(",", substr($file, 5));
        $referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
        if ($referer_url === false) {
            $referer_url = "";
        $match = array();
        preg_match("/\\&dir=(.*)/", $referer_url, $match);
        $dir = isset($match[1]) ? $match[1] : "";
        $echo_str = wfu_browse_files($dir);
    } elseif ($action == 'file_details' && $file != "") {
        $echo_str = wfu_file_details($file, false);
    } elseif ($action == 'edit_filedetails' && $file != "") {
        $echo_str = wfu_file_details($file, false);
    } elseif ($action == 'maintenance_actions') {
        $echo_str = wfu_maintenance_actions();
    } elseif ($action == 'sync_db') {
        $affected_items = wfu_sync_database();
        $echo_str = wfu_maintenance_actions('Database updated. ' . $affected_items . ' items where affected.');
    } elseif ($action == 'clean_log_ask') {
        $echo_str = wfu_clean_log_prompt();
    } elseif ($action == 'clean_log') {
        $ret = wfu_clean_log();
        if ($ret <= -1) {
            $echo_str = wfu_maintenance_actions();
        } else {
            $echo_str = wfu_maintenance_actions('Database cleaned. ' . $ret . ' items where affected.');
    } elseif ($action == 'plugin_settings') {
        $echo_str = wfu_manage_settings();
    } elseif ($action == 'add_shortcode' && $postid != "" && $nonce != "" && $tag != "") {
        if ($_SESSION['wfu_add_shortcode_ticket_for_' . $tag] != $nonce) {
            $echo_str = wfu_manage_mainmenu();
        } elseif (wfu_add_shortcode($postid, $tag)) {
            $echo_str = wfu_manage_mainmenu();
        } else {
            $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_ADD_SHORTCODE_REJECTED);
        $_SESSION['wfu_add_shortcode_ticket'] = 'noticket';
    } elseif ($action == 'edit_shortcode' && $data_enc != "" && $tag != "") {
        $data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
        if ($data['post_id'] == "" || wfu_check_edit_shortcode($data)) {
            wfu_shortcode_composer($data, $tag);
        } else {
            $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_EDIT_SHORTCODE_REJECTED);
    } elseif ($action == 'delete_shortcode' && $data_enc != "") {
        $data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
        if (wfu_check_edit_shortcode($data)) {
            $echo_str = wfu_delete_shortcode_prompt($data_enc);
        } else {
            $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_DELETE_SHORTCODE_REJECTED);
    } elseif ($action == 'deleteshortcode' && $data_enc != "") {
        $data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
        if (wfu_check_edit_shortcode($data)) {
            if (wfu_delete_shortcode($data)) {
            $echo_str = wfu_manage_mainmenu();
        } else {
            $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_DELETE_SHORTCODE_REJECTED);
    } else {
        $echo_str = wfu_manage_mainmenu();
    echo $echo_str;
function wfu_ajax_action_download_file_invoker()
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
    //check if user is allowed to download files
    if (!current_user_can('manage_options')) {
    $file_code = wfu_sanitize_code($file_code);
    //if file_code is exportdata, then export of data has been requested and
    //we need to create a file with export data and recreate file_code
    if ($file_code == "exportdata" && current_user_can('manage_options')) {
        $filepath = wfu_export_uploaded_files(null);
        if ($filepath === false) {
        $file_code = "exportdata" . wfu_safe_store_filepath($filepath);
    } else {
        $filepath = wfu_get_filepath_from_safe($file_code);
        if ($filepath === false) {
        $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
        //for front-end browser apply wfu_browser_check_file_action filter to allow or restrict the download
        if (isset($_POST['browser'])) {
            $changable_data["error_message"] = "";
            $filerec = wfu_get_file_rec($filepath, true);
            $userdata = array();
            foreach ($filerec->userdata as $data) {
                array_push($userdata, array("label" => $data->property, "value" => propvalue));
            $additional_data = array("file_action" => "download", "filepath" => $filepath, "uploaduser" => $filerec->uploaduserid, "userdata" => $userdata);
            $changable_data = apply_filters("wfu_browser_check_file_action", $changable_data, $additional_data);
            if ($changable_data["error_message"] != "") {
                die('wfu_ajax_action_download_file_invoker:not_allowed:' . $changable_data["error_message"]);
        //for back-end browser check if user is allowed to perform this action on this file
        if (!wfu_current_user_owes_file($filepath)) {
    //generate download unique id to monitor this download
    $download_id = wfu_create_random_string(16);
    //store download status of this download
    $_SESSION['wfu_download_status_' . $download_id] = 'starting';
    //generate download ticket which expires in 30sec and store it in session
    //it will be used as security measure for the downloader script, which runs outside Wordpress environment
    $_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
    //generate download monitor ticket which expires in 30sec and store it in session
    //it will be used as security measure for the monitor script that will check download status
    $_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
    //this routine returns a dynamically created iframe element, that will call the actual download script;
    //the actual download script runs outside Wordpress environment in order to ensure that no php warnings
    //or echo from other plugins is generated, that could scramble the downloaded file;
    //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
    //by the time it is consumed by the download script, so it cannot be used again
    $response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
    die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);