function wfu_edit_filedetails($file)
{
global $wpdb;
$table_name2 = $wpdb->prefix . "wfu_userdata";
$dec_file = wfu_plugin_decode_string($file);
$dec_file = wfu_flatten_path($dec_file);
//check if user is allowed to perform this action
$user = wfu_current_user_allowed_action('modify', $dec_file);
if ($user == null) {
return;
}
//get file data from database with user data
$filedata = wfu_get_file_rec($dec_file, true);
if ($filedata == null) {
return;
}
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Update") {
//check for errors
$is_error = false;
foreach ($filedata->userdata as $userdata) {
if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) {
$is_error = true;
break;
}
}
if (!$is_error) {
$now_date = date('Y-m-d H:i:s');
$userdata_count = 0;
foreach ($filedata->userdata as $userdata) {
$userdata_count++;
//make existing userdata record obsolete
$wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s'));
//insert new userdata record
$wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
}
if ($userdata_count > 0) {
wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, '', null);
}
}
}
}
return true;
}
function wfu_ajax_action_download_file_invoker()
{
$file_enc = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
if ($file_enc == '' || $nonce == '') {
die;
}
//security check to avoid CSRF attacks
if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
die;
}
$filepath = wfu_plugin_decode_string($file_enc);
//check if user is allowed to perform this action
$user_allowed = wfu_current_user_allowed_action('download', $filepath);
if ($user_allowed == null) {
die;
}
//generate download unique id to monitor this download
$download_id = wfu_create_random_string(16);
//store download status of this download
$_SESSION['wfu_download_status_' . $download_id] = 'starting';
//generate download ticket which expires in 30sec and store it in session
//it will be used as security measure for the downloader script, which runs outside Wordpress environment
$_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
//generate download monitor ticket which expires in 30sec and store it in session
//it will be used as security measure for the monitor script that will check download status
$_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
//this routine returns a dynamically created iframe element, that will call the actual download script;
//the actual download script runs outside Wordpress environment in order to ensure that no php warnings
//or echo from other plugins is generated, that could scramble the downloaded file;
//a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
//by the time it is consumed by the download script, so it cannot be used again
$response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_enc . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);
}