if (!@is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !@move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
}
$_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
$json = json_encode($_FILES['async-upload']);
if ($file_add_now) {
$file_data = array('file_flash_upload' => $json, 'file_category' => 0);
if (!empty($_REQUEST['presets'])) {
$presets = array();
parse_str(stripslashes($_REQUEST['presets']), $presets);
WPFB_Admin::AdaptPresets($presets);
$file_data = array_merge($file_data, $presets);
}
$result = WPFB_Admin::InsertFile($file_data, false);
if (empty($result['error'])) {
$resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
if (isset($_REQUEST['tpl_tag'])) {
$tpl_tag = $_REQUEST['tpl_tag'];
if ($tpl_tag === 'false') {
$tpl_tag = null;
}
$resp['tpl'] = $result['file']->GenTpl2($tpl_tag);
}
} else {
wpfb_ajax_die($result['error']);
}
$json = json_encode($resp);
}
@header('Content-Type: application/json; charset=' . get_option('blog_charset'));
@header('Content-Length: ' . strlen($json));
echo $json;
private static function upload($args)
{
define('TMP_FILE_MAX_AGE', 3600 * 3);
$frontend_upload = !empty($args['frontend_upload']) && $args['frontend_upload'] !== "false";
$file_add_now = !empty($args['file_add_now']) && $args['file_add_now'] !== "false";
// TODO: need to check if frontend_upload and user logged in state
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (!is_user_logged_in()) {
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
if (!empty($_REQUEST['auth_cookie']) || !empty($_REQUEST['logged_in_cookie'])) {
wp_set_current_user(wp_validate_auth_cookie());
}
}
wpfb_loadclass('Category', 'File');
$parent_cat = empty($args['cat_id']) ? null : WPFB_Category::GetCat($args['cat_id']);
if ($frontend_upload) {
if ($file_add_now) {
wpfb_ajax_die('Unsupported upload!');
} else {
if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) {
wpfb_ajax_die(__('You do not have permission to upload files.'));
}
}
} else {
if (!WPFB_Core::CurUserCanUpload() && !$parent_cat && !$parent_cat->CurUserCanAddFiles()) {
wpfb_ajax_die(__('You do not have permission to upload files.'));
}
check_admin_referer(WPFB . '-async-upload');
}
wpfb_loadclass('Admin');
if (!empty($args['delupload'])) {
$del_upload = @json_decode($args['delupload']);
if ($del_upload && is_file($tmp = WPFB_Core::UploadDir() . '/.tmp/' . str_replace(array('../', '.tmp/'), '', $del_upload->tmp_name))) {
echo (int) @unlink($tmp);
}
// delete other old temp files
require_once ABSPATH . 'wp-admin/includes/file.php';
$tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp');
foreach ($tmp_files as $tmp) {
if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) {
@unlink($tmp);
}
}
exit;
}
if (empty($_FILES['async-upload'])) {
wpfb_ajax_die(__('No file was uploaded.', 'wp-filebase') . ' (ASYNC)');
}
if (!is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
}
$_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
$json = json_encode($_FILES['async-upload']);
if ($file_add_now) {
$file_data = array('file_flash_upload' => $json, 'file_category' => 0);
if (!empty($args['presets'])) {
$presets = array();
parse_str($args['presets'], $presets);
WPFB_Admin::AdaptPresets($presets);
$file_data = array_merge($file_data, $presets);
}
$result = WPFB_Admin::InsertFile($file_data, false);
if (empty($result['error'])) {
$resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
if (isset($args['tpl_tag'])) {
$tpl_tag = $args['tpl_tag'];
if ($tpl_tag === 'false') {
$tpl_tag = null;
}
$resp['tpl'] = $result['file']->GenTpl2($tpl_tag);
}
} else {
wpfb_ajax_die($result['error']);
}
$json = json_encode($resp);
}
header('Content-Type: application/json; charset=' . get_option('blog_charset'));
//header('Content-Length: ' . strlen($json));
echo $json;
}
