function testCreateTree() { $this->testSetUser(); wpfb_loadclass('Admin'); /** @var WPFB_Category $parent */ $parent = null; /** @var WPFB_Category[] $cats */ $cats = array(); for ($d = 0; $d < 4; $d++) { $res = WPFB_Admin::InsertCategory(array('cat_name' => "layer {$d}", 'cat_parent' => $parent ? $parent->GetId() : 0)); $this->assertEmpty($res['error']); /** @var WPFB_Category $cat */ $cat = $res['cat']; $this->assertTrue($parent ? $cat->GetParent()->Equals($parent) : is_null($cat->GetParent())); $this->assertTrue(is_dir($cat->GetLocalPath())); $cats[] = $cat; $parent = $cat; } // print_r(array_map( function($c) { return strval($c);}, $cats)); $files = new TestFileSet(); $res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner(), 'file_category' => $parent)); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_File $file01 */ $file01 = $res['file']; }
function testDownload() { $usr = wp_create_user('test_admin', 'test_admin'); $this->assertNotWPError($usr); wp_set_current_user($usr); $files = new TestFileSet(); $res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner())); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_File $file01 */ $file01 = $res['file']; $file01->Delete(); }
function test_new_file_remote() { $usr = wp_create_user('test_admin', 'test_admin'); $this->assertNotWPError($usr); wp_set_current_user($usr); wpfb_loadclass('Admin'); $res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'https://wpfilebase.com/wp-content/blogs.dir/2/files/2015/03/banner_023.png')); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_File $file */ $file = $res['file']; $this->assertTrue($file->IsLocal(), 'IsLocal false'); $this->assertFileExists($file->GetLocalPath()); $this->assertNotEmpty($file->file_thumbnail); $this->assertFileExists($file->GetThumbPath()); $this->assertTrue($file->Remove()); }
static function Display() { global $wpdb, $user_ID; wpfb_loadclass('File', 'Category', 'Admin', 'Output'); $_POST = stripslashes_deep($_POST); $_GET = stripslashes_deep($_GET); $action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : ''; $clean_uri = remove_query_arg(array('message', 'action', 'file_id', 'cat_id', 'deltpl', 'hash_sync')); // keep search keyword // nonce/referer check (security) if ($action == 'updatefile' || $action == 'addfile') { $nonce_action = WPFB . "-" . $action; if ($action == 'updatefile') { $nonce_action .= $_POST['file_id']; } if (!check_admin_referer($nonce_action, 'wpfb-file-nonce')) { wp_die(__('Cheatin’ uh?')); } } // switch simple/extended form if (isset($_GET['exform'])) { $exform = !empty($_GET['exform']) && $_GET['exform'] == 1; update_user_option($user_ID, WPFB_OPT_NAME . '_exform', $exform, true); } else { $exform = (bool) get_user_option(WPFB_OPT_NAME . '_exform'); } ?> <div class="wrap"> <?php switch ($action) { case 'editfile': if (!current_user_can('upload_files')) { wp_die(__('Cheatin’ uh?')); } if (!empty($_POST['files'])) { if (!is_array($_POST['files'])) { $_POST['files'] = explode(',', $_POST['files']); } $files = array(); foreach ($_POST['files'] as $file_id) { $file = WPFB_File::GetFile($file_id); if (!is_null($file) && $file->CurUserCanEdit()) { $files[] = $file; } } if (count($files) > 0) { WPFB_Admin::PrintForm('file', $files, array('multi_edit' => true)); } else { wp_die('No files to edit.'); } } else { $file = WPFB_File::GetFile($_GET['file_id']); if (is_null($file) || !$file->CurUserCanEdit()) { wp_die(__('You do not have the permission to edit this file!', 'wp-filebase')); } WPFB_Admin::PrintForm('file', $file); } break; case 'updatefile': $file_id = (int) $_POST['file_id']; $update = true; $file = WPFB_File::GetFile($file_id); if (is_null($file) || !$file->CurUserCanEdit()) { wp_die(__('Cheatin’ uh?')); } case 'addfile': $update = !empty($update); if (!WPFB_Core::CurUserCanUpload()) { wp_die(__('Cheatin’ uh?')); } extract($_POST); if (isset($jj) && isset($ss)) { $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['file_date'] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss); } $result = WPFB_Admin::InsertFile(stripslashes_deep(array_merge($_POST, $_FILES)), true); if (isset($result['error']) && $result['error']) { $message = $result['error'] . '<br /><a href="javascript:history.back()">' . __("Go back") . '</a>'; } else { $message = $update ? __('File updated.', 'wp-filebase') : __('File added.', 'wp-filebase'); } default: if (!current_user_can('upload_files')) { wp_die(__('Cheatin’ uh?')); } if (!empty($_REQUEST['redirect']) && !empty($_REQUEST['redirect_to'])) { WPFB_AdminLite::JsRedirect($_REQUEST['redirect_to']); exit; } if (!empty($_POST['deleteit'])) { foreach ((array) $_POST['delete'] as $file_id) { if (is_object($file = WPFB_File::GetFile($file_id)) && $file->CurUserCanDelete()) { $file->Remove(true); } } WPFB_File::UpdateTags(); } ?> <h2><?php echo str_replace(array('(<', '>)'), array('<', '>'), sprintf(__('Manage Files (<a href="%s">add new</a>)', 'wp-filebase'), '#addfile" class="add-new-h2')); echo '<a href="' . admin_url('admin.php?page=wpfilebase_manage&action=batch-upload') . '" class="add-new-h2">' . __('Batch Upload', 'wp-filebase') . '</a>'; if (isset($_GET['s']) && $_GET['s']) { printf('<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html(stripslashes($_GET['s']))); } ?> </h2> <?php if (!empty($message)) { ?> <div id="message" class="updated fade"><p><?php echo $message; ?> </p></div><?php } if (WPFB_Core::CurUserCanUpload() && ($action == 'addfile' || $action == 'updatefile')) { unset($file); WPFB_Admin::PrintForm('file', null, array('exform' => $exform, 'item' => new WPFB_File(isset($result['error']) && $result['error'] ? $_POST : null))); } wpfb_loadclass('FileListTable'); $file_table = new WPFB_FileListTable(); $file_table->prepare_items(); ?> <form class="search-form topmargin" action="" method="get"> <input type="hidden" value="<?php echo esc_attr($_GET['page']); ?> " name="page" /> <input type="hidden" value="<?php echo empty($_GET['view']) ? '' : esc_attr(@$_GET['view']); ?> " name="view" /> <?php $file_table->search_box(__('Search Files', 'wp-filebase'), 's'); ?> </form> <?php $file_table->views(); ?> <form id="posts-filter" action="" method="post"> <input type="hidden" name="page" value="<?php echo $_REQUEST['page']; ?> " /> <?php $file_table->display(); ?> </form> <br class="clear" /> <?php if ($action != 'addfile' && $action != 'updatefile' && WPFB_Core::CurUserCanUpload()) { unset($file); WPFB_Admin::PrintForm('file', null, array('exform' => $exform)); } break; // default } /* $file_list_table = new WPFB_File_List_Table(); $pagenum = $file_list_table->get_pagenum(); $doaction = $file_list_table->current_action(); $file_list_table->prepare_items(); $file_list_table->views(); $file_list_table->search_box( "asdf", 'post' ); $file_list_table->display(); */ ?> </div> <!-- wrap --> <?php }
if (!WPFB_Core::$settings->auto_attach_files) { echo '<div id="no-auto-attach-note" class="updated">'; printf(__('Note: Listing of attached files is disabled. You have to <a href="%s">insert the attachments tag</a> to show the files in the content.'), 'javascript:insAttachTag();'); echo '</div>'; } if ($action == 'addfile' || $action == 'updatefile') { // nonce/referer check (security) $nonce_action = WPFB . "-" . $action; if ($action == 'updatefile') { $nonce_action .= $_POST['file_id']; } // check both nonces, since when using ajax uploader, the nonce if witout suffix -editor if (!wp_verify_nonce($_POST['wpfb-file-nonce'], $nonce_action . "-editor") && !wp_verify_nonce($_POST['wpfb-file-nonce'], $nonce_action)) { wp_die(__('Cheatin’ uh?')); } $result = WPFB_Admin::InsertFile(stripslashes_deep(array_merge($_POST, $_FILES))); if (isset($result['error']) && $result['error']) { ?> <div id="message" class="updated fade"><p><?php echo $result['error']; ?> </p></div><?php $file = new WPFB_File($_POST); } else { // success!!!! $file_id = $result['file_id']; if ($action != 'addfile') { $file = null; } } }
public static function ProcessWidgetUpload() { $content = ''; $title = ''; if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) { wp_die(__('Cheatin’ uh?') . " (disabled)"); } $form = null; $nonce_action = $_POST['prefix'] . "=&cat=" . (int) $_POST['cat'] . "&overwrite=" . (int) $_POST['overwrite'] . "&file_post_id=" . (int) $_POST['file_post_id']; // nonce/referer check (security) if (!check_admin_referer($nonce_action, 'wpfb-file-nonce')) { wp_die(__('Cheatin’ uh?') . ' (security)'); } // if category is set in widget options, force to use this. security done with nonce checking ($_POST['cat'] is reliable) if ($_POST['cat'] >= 0) { $_POST['file_category'] = $_POST['cat']; } $result = WPFB_Admin::InsertFile(array_merge(stripslashes_deep($_POST), $_FILES, array('frontend_upload' => true, 'form' => empty($form) ? null : $form))); if (isset($result['error']) && $result['error']) { $content .= '<div id="message" class="updated fade"><p>' . $result['error'] . '</p></div>'; $title .= __('Error'); } else { // success!!!! $file = WPFB_File::GetFile($result['file_id']); $title = trim(__('File added.', WPFB), '.'); $content = __('The File has been uploaded successfully.', WPFB) . $file->GenTpl2(); } wpfb_loadclass('Output'); WPFB_Output::GeneratePage($title, $content, !empty($_POST['form_tag'])); // prepend to content if embedded form! }
/** * @depends testCreateCatAndFile */ function testCreateTree() { $this->testSetUser(); wpfb_loadclass('Admin'); WPFB_Category::DisableBubbling(false); /** @var WPFB_Category $parent */ $parent = null; /** @var WPFB_Category[] $cats */ $cats = array(); for ($d = 0; $d < 4; $d++) { $res = WPFB_Admin::InsertCategory(array('cat_name' => "layer {$d}", 'cat_parent' => $parent ? $parent->GetId() : 0)); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_Category $cat */ $cat = $res['cat']; $this->assertTrue($parent ? $cat->GetParent()->Equals($parent) : is_null($cat->GetParent())); $this->assertTrue(is_dir($cat->GetLocalPath())); $cats[] = $cat; $parent = $cat; } $this->assertEquals($cats[0]->cat_id, $cats[1]->GetParent()->cat_id); //$this->assertEquals($cats[2]->GetParent(), $cats[1], '', 0.0, 2, true); // print_r(array_map( function($c) { return strval($c);}, $cats)); $files = new TestFileSet(); $res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getImageBanner(), 'file_category' => $parent)); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_File $file01 */ $file01 = $res['file']; $res = WPFB_Admin::InsertFile(array('file_remote_uri' => 'file://' . $files->getSmallTxt(), 'file_category' => $parent->GetParent())); $this->assertEmpty($res['error'], $res['error']); /** @var WPFB_File $file02 */ $file02 = $res['file']; $this->assertEquals($file01->GetParent()->cat_id, $parent->cat_id); $this->assertEquals($file02->GetParent()->cat_id, $parent->GetParent()->cat_id); $this->assertEquals($file02->GetParent(), $parent->GetParent()); $this->assertEquals(2, $parent->GetParent()->cat_num_files_total); $this->assertEquals(2, $file02->GetParent()->cat_num_files_total); $this->assertEquals(1, $file02->GetParent()->cat_num_files); $this->assertEquals(2, $cats[0]->cat_num_files_total); $this->assertEquals(1, count($parent->GetParent()->GetChildCats(true))); $this->assertEquals(1, count($file02->GetParent()->GetChildCats(true))); $this->assertEquals(2, count($cats[0]->GetChildFiles(true)), $cats[0]); $this->assertEquals(3, count($cats[0]->GetChildCats(true)), $cats[0]); $this->assertEquals(2, count($cats[2]->GetChildFiles(true)), $cats[2]); $this->assertEquals(1, count($cats[2]->GetChildCats(true)), $cats[2]); $this->assertEquals(2, count($cats[1]->GetChildCats(true)), $cats[1]); $this->assertEquals(2, count($cats[1]->GetChildFiles(true)), $cats[1]); $res = $parent->Delete(); $this->assertEmpty($res['error'], $res['error']); unset($cats[3]); $file01->DBReload(); // TODO fix: need to reload from DB! $this->assertFileExists($file01->GetLocalPath()); $this->assertFileExists($file01->GetThumbPath()); // print_r(array_map( function($c) { return strval($c);}, $cats)); $this->assertEquals(strval($file01->GetParent()), strval($file02->GetParent())); $this->assertEquals(0, count($cats[2]->DBReload()->GetChildCats(true)), $cats[2]); $this->assertEquals(2, count($cats[2]->GetChildFiles(false)), $cats[2]); $this->assertEquals(1, count($cats[1]->DBReload()->GetChildCats(true)), $cats[1]); $this->assertEquals(2, count($cats[1]->GetChildFiles(true)), $cats[1]); $this->assertEquals(2, count($cats[0]->DBReload()->GetChildCats(true)), $cats[0]); $this->assertEquals(2, count($cats[0]->GetChildFiles(true)), $cats[0]); foreach ($cats as $cat) { $res = $cat->DBReload()->Delete(); $this->assertEmpty($res['error'], $res['error']); } $thumb = $file01->GetThumbPath(); $this->assertTrue($file01->DBReload()->Delete()); $this->assertTrue($file02->DBReload()->Delete()); $this->assertFileNotExists($thumb); }
wp_die(__('No file was uploaded.', WPFB) . ' (ASYNC)'); } if (!@is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !@move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) { wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']))); } $_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/'); $json = json_encode($_FILES['async-upload']); if ($file_add_now) { $file_data = array('file_flash_upload' => $json, 'file_category' => 0); if (!empty($_REQUEST['presets'])) { $presets = array(); parse_str(stripslashes($_REQUEST['presets']), $presets); WPFB_Admin::AdaptPresets($presets); $file_data = array_merge($file_data, $presets); } $result = WPFB_Admin::InsertFile($file_data, false); if (empty($result['error'])) { $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id']))); if (isset($_REQUEST['tpl_tag'])) { $tpl_tag = $_REQUEST['tpl_tag']; if ($tpl_tag === 'false') { $tpl_tag = null; } $resp['tpl'] = $result['file']->GenTpl2($tpl_tag); } } else { wpfb_ajax_die($result['error']); } $json = json_encode($resp); } @header('Content-Type: application/json; charset=' . get_option('blog_charset'));
private static function upload($args) { define('TMP_FILE_MAX_AGE', 3600 * 3); $frontend_upload = !empty($args['frontend_upload']) && $args['frontend_upload'] !== "false"; $file_add_now = !empty($args['file_add_now']) && $args['file_add_now'] !== "false"; // TODO: need to check if frontend_upload and user logged in state // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead if (!is_user_logged_in()) { if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; } elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; } if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) { $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; } if (!empty($_REQUEST['auth_cookie']) || !empty($_REQUEST['logged_in_cookie'])) { wp_set_current_user(wp_validate_auth_cookie()); } } wpfb_loadclass('Category', 'File'); $parent_cat = empty($args['cat_id']) ? null : WPFB_Category::GetCat($args['cat_id']); if ($frontend_upload) { if ($file_add_now) { wpfb_ajax_die('Unsupported upload!'); } else { if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) { wpfb_ajax_die(__('You do not have permission to upload files.')); } } } else { if (!WPFB_Core::CurUserCanUpload() && !$parent_cat && !$parent_cat->CurUserCanAddFiles()) { wpfb_ajax_die(__('You do not have permission to upload files.')); } check_admin_referer(WPFB . '-async-upload'); } wpfb_loadclass('Admin'); if (!empty($args['delupload'])) { $del_upload = @json_decode($args['delupload']); if ($del_upload && is_file($tmp = WPFB_Core::UploadDir() . '/.tmp/' . str_replace(array('../', '.tmp/'), '', $del_upload->tmp_name))) { echo (int) @unlink($tmp); } // delete other old temp files require_once ABSPATH . 'wp-admin/includes/file.php'; $tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp'); foreach ($tmp_files as $tmp) { if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) { @unlink($tmp); } } exit; } if (empty($_FILES['async-upload'])) { wpfb_ajax_die(__('No file was uploaded.', 'wp-filebase') . ' (ASYNC)'); } if (!is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) { wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']))); } $_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/'); $json = json_encode($_FILES['async-upload']); if ($file_add_now) { $file_data = array('file_flash_upload' => $json, 'file_category' => 0); if (!empty($args['presets'])) { $presets = array(); parse_str($args['presets'], $presets); WPFB_Admin::AdaptPresets($presets); $file_data = array_merge($file_data, $presets); } $result = WPFB_Admin::InsertFile($file_data, false); if (empty($result['error'])) { $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id']))); if (isset($args['tpl_tag'])) { $tpl_tag = $args['tpl_tag']; if ($tpl_tag === 'false') { $tpl_tag = null; } $resp['tpl'] = $result['file']->GenTpl2($tpl_tag); } } else { wpfb_ajax_die($result['error']); } $json = json_encode($resp); } header('Content-Type: application/json; charset=' . get_option('blog_charset')); //header('Content-Length: ' . strlen($json)); echo $json; }