/** * Check if a file is specified for loading. * * Also save changes to it if posted. * * @since 1.2.0 Added custom save destination; under PME content directory. * @since 1.1.0 Improved sprintf calls for localization purposes. * @since 1.0.0 */ public static function process_request() { // Skip if no file is specified if (!isset($_REQUEST['pofile'])) { return; } // If file was specified via $_POST, check for manage nonce action if (isset($_POST['pofile']) && (!isset($_POST['_pomoeditor_nonce']) || !wp_verify_nonce($_POST['_pomoeditor_nonce'], 'pomoeditor-manage-' . md5($_POST['pofile'])))) { wp_die(__('Cheatin’ uh?'), 403); } // Create the source/destination paths $file = $_REQUEST['pofile']; $source = realpath(WP_CONTENT_DIR . '/' . $file); // Check that the source exists if (strtolower(pathinfo($source, PATHINFO_EXTENSION)) != 'po') { /* Translators: %s = full path to file */ wp_die(sprintf(__('The requested file is not supported: %s', 'pomo-editor'), $source), 400); } elseif (!file_exists($source)) { /* Translators: %s = full path to file */ wp_die(sprintf(__('The requested file cannot be found: %s', 'pomo-editor'), $source), 404); } elseif (!is_path_permitted($source)) { /* Translators: %s = full path to file */ wp_die(sprintf(__('The requested file is not within one of the permitted paths: %s', 'pomo-editor'), $source), 403); } elseif (!is_writable($source)) { /* Translators: %s = full path to file */ wp_die(sprintf(__('The requested file is not writable: %s', 'pomo-editor'), $source), 403); } elseif (isset($_POST['podata'])) { // Load $project = new Project($source); $project->load(); // Update $project->update(json_decode(stripslashes($_POST['podata']), true), true); // Create destination from $source $destination = $source; // If the destination isn't already in the PME content directory, prepend it if (strpos($file, 'pomo-editor/') !== 0) { $destination = str_replace(WP_CONTENT_DIR, PME_CONTENT_DIR, $source); $file = 'pomo-editor/' . $file; } // Save $project->export($destination); // Redirect wp_redirect(admin_url("tools.php?page=pomo-editor&pofile={$file}&changes-saved=true")); exit; } }