Esempio n. 1
0
function wfu_ajax_action_download_file_invoker()
{
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
        die;
    }
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
        die;
    }
    //check if user is allowed to download files
    if (!current_user_can('manage_options')) {
        die;
    }
    //	$filepath = wfu_plugin_decode_string($file_code);
    $file_code = wfu_sanitize_code($file_code);
    $filepath = wfu_get_filepath_from_safe($file_code);
    if ($filepath === false) {
        die;
    }
    $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
    //check if user is allowed to perform this action on this file
    if (!wfu_current_user_owes_file($filepath)) {
        die;
    }
    //generate download unique id to monitor this download
    $download_id = wfu_create_random_string(16);
    //store download status of this download
    $_SESSION['wfu_download_status_' . $download_id] = 'starting';
    //generate download ticket which expires in 30sec and store it in session
    //it will be used as security measure for the downloader script, which runs outside Wordpress environment
    $_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
    //generate download monitor ticket which expires in 30sec and store it in session
    //it will be used as security measure for the monitor script that will check download status
    $_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
    //this routine returns a dynamically created iframe element, that will call the actual download script;
    //the actual download script runs outside Wordpress environment in order to ensure that no php warnings
    //or echo from other plugins is generated, that could scramble the downloaded file;
    //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
    //by the time it is consumed by the download script, so it cannot be used again
    $response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
    die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);
}
function wfu_safe_store_browser_params($params)
{
    $code = wfu_create_random_string(16);
    $_SESSION['wfu_browser_actions_safe_storage'][$code] = $params;
    return $code;
}
Esempio n. 3
0
function wfu_safe_store_browser_actions($action_list)
{
    $code = wfu_create_random_string(16);
    $_SESSION['wfu_browser_actions_safe_storage'][$code] = $action_list;
    return $code;
}
Esempio n. 4
0
function wfu_manage_instances_of_shortcode($tag, $title, $slug, $inc)
{
    global $wp_registered_widgets, $wp_registered_sidebars;
    $siteurl = site_url();
    $args = array('post_type' => array("post", "page"), 'post_status' => "publish,private,draft", 'posts_per_page' => -1);
    $posts = get_posts($args);
    $wfu_shortcodes = array();
    //get shortcode instances from page/posts
    foreach ($posts as $post) {
        $ret = wfu_get_content_shortcodes($post, $tag);
        if ($ret !== false) {
            $wfu_shortcodes = array_merge($wfu_shortcodes, $ret);
        }
    }
    //get shortcode instances from sidebars
    $data = array();
    $widget_base = $tag . '_widget';
    if (is_array($wp_registered_widgets)) {
        foreach ($wp_registered_widgets as $id => $widget) {
            if (substr($id, 0, strlen($widget_base)) == $widget_base) {
                $widget_obj = isset($widget['callback']) ? isset($widget['callback'][0]) ? $widget['callback'][0] instanceof WP_Widget ? $widget['callback'][0] : false : false : false;
                $widget_sidebar = is_active_widget(false, $id, $widget_base);
                if ($widget_obj !== false && $widget_sidebar !== false) {
                    if (isset($wp_registered_sidebars[$widget_sidebar]) && isset($wp_registered_sidebars[$widget_sidebar]['name'])) {
                        $widget_sidebar = $wp_registered_sidebars[$widget_sidebar]['name'];
                    }
                    $data['post_id'] = "";
                    $data['post_hash'] = "";
                    $data['shortcode'] = $widget_obj->shortcode();
                    $data['position'] = 0;
                    $data['widgetid'] = $id;
                    $data['sidebar'] = $widget_sidebar;
                    array_push($wfu_shortcodes, $data);
                }
            }
        }
    }
    $list = wfu_construct_post_list($posts);
    $pagelist = wfu_flatten_post_list($list["page"]);
    $postlist = wfu_flatten_post_list($list["post"]);
    $echo_str = "\n\t\t" . '<h3 style="margin-bottom: 10px; margin-top: 40px;">' . $title . '</h3>';
    $onchange_js = 'document.getElementById(\'wfu_add_plugin_ok_' . $inc . '\').disabled = !((document.getElementById(\'wfu_page_type_' . $inc . '\').value == \'page\' && document.getElementById(\'wfu_page_list_' . $inc . '\').value != \'\') || (document.getElementById(\'wfu_page_type_' . $inc . '\').value == \'post\' && document.getElementById(\'wfu_post_list_' . $inc . '\').value != \'\'));';
    $no_shortcodes = count($wfu_shortcodes) == 0;
    $echo_str .= "\n\t\t" . '<div id="wfu_add_plugin_button_' . $inc . '" style="' . (!$no_shortcodes ? '' : 'color:blue; font-weight:bold; font-size:larger;') . 'margin-bottom: 20px; margin-top: 10px;">';
    $addbutton_pre = !$no_shortcodes ? '' : '<label>Press </label>';
    $addbutton_post = !$no_shortcodes ? '' : '<label> to get started and add the ' . $slug . ' in a page</label>';
    $echo_str .= "\n\t\t\t" . $addbutton_pre . '<button onclick="document.getElementById(\'wfu_add_plugin_button_' . $inc . '\').style.display = \'none\'; document.getElementById(\'wfu_add_plugin_' . $inc . '\').style.display = \'inline-block\'; ' . $onchange_js . '">' . (!$no_shortcodes ? 'Add Plugin Instance' : 'here') . '</button>' . $addbutton_post;
    $echo_str .= "\n\t\t" . '</div>';
    $echo_str .= "\n\t\t" . '<div id="wfu_add_plugin_' . $inc . '" style="margin-bottom: 20px; margin-top: 10px; position:relative; display:none;">';
    $echo_str .= "\n\t\t\t" . '<div id="wfu_add_plugin_' . $inc . '_overlay" style="position:absolute; top:0; left:0; width:100%; height:100%; background-color:rgba(255,255,255,0.8); border:none; display:none;">';
    $echo_str .= "\n\t\t\t\t" . '<table style="background:none; border:none; margin:0; padding:0; line-height:1; border-spacing:0; width:100%; height:100%; table-layout:fixed;"><tbody><tr><td style="text-align:center; vertical-align:middle;"><div style="display:inline-block;"><span class="spinner" style="opacity:1; float:left; margin:0; display:inline;"></span><label style="margin-left:4px;">please wait...</label></div></td></tr></tbody></table>';
    $echo_str .= "\n\t\t\t" . '</div>';
    $echo_str .= "\n\t\t\t" . '<label>Add ' . $slug . ' to </label><select id="wfu_page_type_' . $inc . '" onchange="document.getElementById(\'wfu_page_list_' . $inc . '\').style.display = (this.value == \'page\' ? \'inline-block\' : \'none\'); document.getElementById(\'wfu_post_list_' . $inc . '\').style.display = (this.value == \'post\' ? \'inline-block\' : \'none\'); ' . $onchange_js . '"><option value="page" selected="selected">Page</option><option value="post">Post</option></select>';
    $echo_str .= "\n\t\t\t" . '<select id="wfu_page_list_' . $inc . '" style="margin-bottom:6px;" onchange="' . $onchange_js . '">';
    $echo_str .= "\n\t\t\t\t" . '<option value=""></option>';
    foreach ($pagelist as $item) {
        $echo_str .= "\n\t\t\t\t" . '<option value="' . $item['id'] . '">' . str_repeat('&nbsp;', 4 * $item['level']) . ($item['status'] == 1 ? '[Private]' : ($item['status'] == 2 ? '[Draft]' : '')) . $item['title'] . '</option>';
    }
    $echo_str .= "\n\t\t\t" . '</select>';
    $echo_str .= "\n\t\t\t" . '<select id="wfu_post_list_' . $inc . '" style="display:none; margin-bottom:6px;" onchange="' . $onchange_js . '">';
    $echo_str .= "\n\t\t\t\t" . '<option value=""></option>';
    foreach ($postlist as $item) {
        $echo_str .= "\n\t\t\t\t" . '<option value="' . $item['id'] . '">' . str_repeat('&nbsp;', 4 * $item['level']) . ($item['status'] == 1 ? '[Private]' : ($item['status'] == 2 ? '[Draft]' : '')) . $item['title'] . '</option>';
    }
    $echo_str .= "\n\t\t\t" . '</select><br />';
    $add_shortcode_ticket = wfu_create_random_string(16);
    $_SESSION['wfu_add_shortcode_ticket_for_' . $tag] = $add_shortcode_ticket;
    $echo_str .= "\n\t\t" . '<button id="wfu_add_plugin_ok_' . $inc . '" style="float:right; margin: 0 2px 0 4px;" disabled="disabled" onclick="document.getElementById(\'wfu_add_plugin_' . $inc . '_overlay\').style.display = \'block\'; window.location = \'' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=add_shortcode&amp;tag=' . $tag . '&amp;postid=\' + (document.getElementById(\'wfu_page_type_' . $inc . '\').value == \'page\' ? document.getElementById(\'wfu_page_list_' . $inc . '\').value : document.getElementById(\'wfu_post_list_' . $inc . '\').value) + \'&amp;nonce=' . $add_shortcode_ticket . '\';">Ok</button>';
    $echo_str .= "\n\t\t" . '<button style="float:right;" onclick="document.getElementById(\'wfu_page_type_' . $inc . '\').value = \'page\'; document.getElementById(\'wfu_page_list_' . $inc . '\').value = \'\'; document.getElementById(\'wfu_post_list_' . $inc . '\').value = \'\'; document.getElementById(\'wfu_add_plugin_' . $inc . '\').style.display = \'none\'; document.getElementById(\'wfu_add_plugin_button_' . $inc . '\').style.display = \'inline-block\';">Cancel</button>';
    $echo_str .= "\n\t\t" . '</div>';
    $echo_str .= "\n\t\t" . '<table class="wp-list-table widefat fixed striped">';
    $echo_str .= "\n\t\t\t" . '<thead>';
    $echo_str .= "\n\t\t\t\t" . '<tr>';
    $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="5%" style="text-align:center;">';
    $echo_str .= "\n\t\t\t\t\t\t" . '<label>#</label>';
    $echo_str .= "\n\t\t\t\t\t" . '</th>';
    //	$echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" style="text-align:center;">';
    //	$echo_str .= "\n\t\t\t\t\t\t".'<label>ID</label>';
    //	$echo_str .= "\n\t\t\t\t\t".'</th>';
    $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="10%" style="text-align:center;">';
    $echo_str .= "\n\t\t\t\t\t\t" . '<label>Type</label>';
    $echo_str .= "\n\t\t\t\t\t" . '</th>';
    $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="30%" style="text-align:center;">';
    $echo_str .= "\n\t\t\t\t\t\t" . '<label>Title</label>';
    $echo_str .= "\n\t\t\t\t\t" . '</th>';
    $echo_str .= "\n\t\t\t\t\t" . '<th scope="col" width="45%" style="text-align:center;">';
    $echo_str .= "\n\t\t\t\t\t\t" . '<label>Shortcode</label>';
    $echo_str .= "\n\t\t\t\t\t" . '</th>';
    $echo_str .= "\n\t\t\t\t" . '</tr>';
    $echo_str .= "\n\t\t\t" . '</thead>';
    $echo_str .= "\n\t\t\t" . '<tbody>';
    $i = 1;
    foreach ($wfu_shortcodes as $key => $data) {
        $widget_id = isset($data['widgetid']) ? $data['widgetid'] : '';
        if ($widget_id == "") {
            $id = $data['post_id'];
            $posttype_obj = get_post_type_object(get_post_type($id));
            $type = $posttype_obj ? $posttype_obj->labels->singular_name : "";
            $title = get_the_title($id);
            if (trim($title) == "") {
                $title = 'ID: ' . $id;
            }
        } else {
            $type = 'Sidebar';
            $title = $data['sidebar'];
        }
        $data_enc = wfu_safe_store_shortcode_data(wfu_encode_array_to_string($data));
        $echo_str .= "\n\t\t\t\t" . '<tr onmouseover="var actions=document.getElementsByName(\'wfu_shortcode_actions_' . $inc . '\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_shortcode_actions_' . $inc . '_' . $i . '\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_shortcode_actions_' . $inc . '\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
        $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">';
        $echo_str .= "\n\t\t\t\t\t\t" . '<a class="row-title" href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&action=edit_shortcode&tag=' . $tag . '&data=' . $data_enc . '" title="Instance #' . $i . '">Instance ' . $i . '</a>';
        $echo_str .= "\n\t\t\t\t\t\t" . '<div id="wfu_shortcode_actions_' . $inc . '_' . $i . '" name="wfu_shortcode_actions_' . $inc . '" style="visibility:hidden;">';
        $echo_str .= "\n\t\t\t\t\t\t\t" . '<span>';
        $echo_str .= "\n\t\t\t\t\t\t\t\t" . '<a href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&action=edit_shortcode&tag=' . $tag . '&data=' . $data_enc . '" title="Edit this shortcode">Edit</a>';
        $echo_str .= "\n\t\t\t\t\t\t\t\t" . ' | ';
        $echo_str .= "\n\t\t\t\t\t\t\t" . '</span>';
        $echo_str .= "\n\t\t\t\t\t\t\t" . '<span>';
        $echo_str .= "\n\t\t\t\t\t\t\t\t" . '<a href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_shortcode&data=' . $data_enc . '" title="Delete this shortcode">Delete</a>';
        $echo_str .= "\n\t\t\t\t\t\t\t" . '</span>';
        $echo_str .= "\n\t\t\t\t\t\t" . '</div>';
        $echo_str .= "\n\t\t\t\t\t" . '</td>';
        //		$echo_str .= "\n\t\t\t\t\t".'<td style="padding: 5px 5px 5px 10px; text-align:center;">'.$id.'</td>';
        $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">' . $type . '</td>';
        $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:center;">' . $title . '</td>';
        $echo_str .= "\n\t\t\t\t\t" . '<td style="padding: 5px 5px 5px 10px; text-align:left;">';
        $echo_str .= "\n\t\t\t\t\t\t" . '<textarea rows="3" disabled="disabled" style="width:100%;">' . trim($data['shortcode']) . '</textarea>';
        $echo_str .= "\n\t\t\t\t\t" . '</td>';
        $echo_str .= "\n\t\t\t\t" . '</tr>';
        $i++;
    }
    $echo_str .= "\n\t\t\t" . '</tbody>';
    $echo_str .= "\n\t\t" . '</table>';
    return $echo_str;
}
Esempio n. 5
0
function wfu_shortcode_composer($data = '', $shortcode_tag = 'wordpress_file_upload')
{
    global $wpdb;
    global $wp_roles;
    $siteurl = site_url();
    $components = wfu_component_definitions();
    if ($shortcode_tag == 'wordpress_file_upload') {
        $plugin_title = "Uploader";
        $cats = wfu_category_definitions();
        $defs = wfu_attribute_definitions();
    } else {
        $plugin_title = "Browser";
        $cats = wfu_browser_category_definitions();
        $defs = wfu_browser_attribute_definitions();
    }
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    if ($data == "") {
        $shortcode = $plugin_options['shortcode'];
        $shortcode_full = '[' . $shortcode_tag . ' ' . $shortcode . ']';
        $postid = "";
        $postname = "";
        $posttype = "";
        $posthash = "";
        $shortcode_position = -1;
        $widgetid = "";
        $sidebar = "";
        $autosave = true;
    } else {
        $shortcode = trim(substr($data['shortcode'], strlen('[' . $shortcode_tag), -1));
        $shortcode_full = $data['shortcode'];
        $postid = $data['post_id'];
        $postname = get_the_title($postid);
        $posttype_obj = get_post_type_object(get_post_type($postid));
        $posttype = $posttype_obj ? $posttype_obj->labels->singular_name : "";
        $posthash = $data['post_hash'];
        $shortcode_position = $data['position'];
        $widgetid = isset($data['widgetid']) ? $data['widgetid'] : "";
        $sidebar = isset($data['sidebar']) ? $data['sidebar'] : "";
        $autosave = false;
    }
    // index $components
    $components_indexed = array();
    foreach ($components as $component) {
        $components_indexed[$component['id']] = $component;
    }
    // complete defs array and index dependencies
    $governors = array();
    $shortcode_attrs = wfu_shortcode_string_to_array($shortcode);
    $shortcode_id = '';
    foreach ($defs as $key => $def) {
        $attr = $def['attribute'];
        $defs[$key]['default'] = $def['value'];
        if (array_key_exists($attr, $shortcode_attrs)) {
            $defs[$key]['value'] = $shortcode_attrs[$attr];
        }
        $subblock_active = false;
        //detect if the dependencies of this attribute will be disabled or not
        if ($def['type'] == "onoff" && $defs[$key]['value'] == "true" || $def['type'] == "radio" && in_array("*" . $defs[$key]['value'], $def['listitems'])) {
            $subblock_active = true;
        }
        // assign dependencies if exist
        if ($def['dependencies'] != null) {
            foreach ($def['dependencies'] as $dependency) {
                if (substr($dependency, 0, 1) == "!") {
                    //invert state for this dependency if an exclamation mark is defined
                    $governors[substr($dependency, 1)] = array('attribute' => $attr, 'active' => !$subblock_active, 'inv' => '_inv');
                } else {
                    $governors[$dependency] = array('attribute' => $attr, 'active' => $subblock_active, 'inv' => '');
                }
            }
        }
        if ($attr == 'uploadid' || $attr == 'browserid') {
            $shortcode_id = $defs[$key]['value'];
        }
    }
    //check if attributes need to be generated more than once because their governor is a component field that appears more than once in placements attribute
    $key = 0;
    while ($key < count($defs)) {
        $defs[$key]['additional_values'] = array();
        $def = $defs[$key];
        $attr = $def['attribute'];
        //check if this attribute needs to be generated more than once
        if (array_key_exists($attr, $governors)) {
            $governor = $governors[$attr]['attribute'];
        } else {
            $governor = "";
        }
        if ($governor != "" && isset($components_indexed[$governor]) && $components_indexed[$governor]['multiplacements'] && isset($shortcode_attrs['placements'])) {
            //count how many occurrences of the governor attribute appear inside placements attribute
            $occurrences = 0;
            $sections = explode("/", $shortcode_attrs['placements']);
            foreach ($sections as $section) {
                $items_in_section = explode("+", trim($section));
                foreach ($items_in_section as $item) {
                    if (trim($item) == $governor) {
                        $occurrences++;
                    }
                }
            }
            //add indexed attributes if there is more than one occurrence
            for ($ii = 2; $ii <= $occurrences; $ii++) {
                $def2 = $def;
                $def2['attribute'] .= $ii;
                $def2['name'] .= ' (' . $ii . ')';
                if (array_key_exists($def2['attribute'], $shortcode_attrs)) {
                    $def2['value'] = $shortcode_attrs[$def2['attribute']];
                } else {
                    $def2['value'] = $def2['default'];
                }
                array_splice($defs, $key + 1, 0, array($def2));
                $key++;
            }
            //check if the shortcode contains additional indexed definitions and store them in 'additional_values'
            $ii = max(1, $occurrences) + 1;
            while (array_key_exists($attr . $ii, $shortcode_attrs)) {
                $defs[$key]['additional_values'][$ii] = $shortcode_attrs[$attr . $ii];
                $ii++;
            }
        }
        $key++;
    }
    $echo_str = '<div id="wfu_wrapper" class="wrap">';
    $echo_str .= "\n\t" . '<h2>Wordpress File Upload Control Panel</h2>';
    $echo_str .= "\n\t" . '<div id="wfu_page_obsolete_message" class="error" style="display:none;">';
    $echo_str .= "\n\t\t" . '<p>' . WFU_DASHBOARD_PAGE_OBSOLETE . '</p>';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<div id="wfu_update_rejected_message" class="error" style="display:none;">';
    $echo_str .= "\n\t\t" . '<p>' . WFU_DASHBOARD_UPDATE_SHORTCODE_REJECTED . '</p>';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<div id="wfu_update_failed_message" class="error" style="display:none;">';
    $echo_str .= "\n\t\t" . '<p>' . WFU_DASHBOARD_UPDATE_SHORTCODE_FAILED . '</p>';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<div style="margin-top:20px;">';
    if (current_user_can('manage_options')) {
        $echo_str .= "\n\t" . '<a href="' . $siteurl . '/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=manage_mainmenu" class="button" title="go back">Go to Main Menu</a>';
    }
    $echo_str .= "\n\t" . '</div>';
    if ($widgetid == "") {
        $echo_str .= "\n\t" . '<h2 style="margin-bottom: 10px; margin-top: 20px;">' . ($data == "" ? 'Test' : $posttype . ' <strong>' . $postname . '</strong>') . ': Shortcode Composer for ' . $plugin_title . ' <strong>ID ' . $shortcode_id . '</strong></h2>';
    } else {
        $echo_str .= "\n\t" . '<h2 style="margin-bottom: 10px; margin-top: 20px;">Sidebar <strong>' . $sidebar . '</strong>: Shortcode Composer for Uploader <strong>ID ' . $shortcode_id . '</strong></h2>';
    }
    $echo_str .= "\n\t" . '<div style="margin-top:10px; display:inline-block;">';
    if ($data != "") {
        $echo_str .= "\n\t\t" . '<input id="wfu_update_shortcode" type="button" value="Update" class="button-primary" disabled="disabled" onclick="wfu_save_shortcode()" /><span id="wfu_update_shortcode_wait" class="spinner" style="float:right; display:none;"></span>';
    }
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_original_enc" type="hidden" value="' . wfu_plugin_encode_string($shortcode_full) . '" />';
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_tag" type="hidden" value="' . $shortcode_tag . '" />';
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_postid" type="hidden" value="' . $postid . '" />';
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_posthash" type="hidden" value="' . $posthash . '" />';
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_position" type="hidden" value="' . $shortcode_position . '" />';
    $echo_str .= "\n\t\t" . '<input id="wfu_shortcode_widgetid" type="hidden" value="' . $widgetid . '" />';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<div style="margin-top:20px;">';
    $echo_str .= "\n\t\t" . '<div class="wfu_shortcode_container">';
    $echo_str .= "\n\t\t\t" . '<span><strong>Generated Shortcode</strong></span>';
    $echo_str .= "\n\t\t\t" . '<span id="wfu_save_label" class="wfu_save_label">saved</span>';
    $echo_str .= "\n\t\t\t" . '<textarea id="wfu_shortcode" class="wfu_shortcode" rows="5">[' . $shortcode_tag . ']</textarea>';
    $echo_str .= "\n\t\t\t" . '<div id="wfu_attribute_defaults" style="display:none;">';
    // remove hidden attributes from defs array
    foreach ($defs as $key => $def) {
        if ($def['type'] == "hidden") {
            unset($defs[$key]);
        }
    }
    foreach ($defs as $def) {
        $echo_str .= "\n\t\t\t\t" . '<input id="wfu_attribute_default_' . $def['attribute'] . '" type="hidden" value="' . $def['default'] . '" />';
    }
    $echo_str .= "\n\t\t\t" . '</div>';
    $echo_str .= "\n\t\t\t" . '<div id="wfu_attribute_values" style="display:none;">';
    foreach ($defs as $def) {
        $echo_str .= "\n\t\t\t\t" . '<input id="wfu_attribute_value_' . $def['attribute'] . '" type="hidden" value="' . $def['value'] . '" />';
        //add additional values, if exist
        foreach ($def['additional_values'] as $key => $val) {
            $echo_str .= "\n\t\t\t\t" . '<input id="wfu_attribute_value_' . $def['attribute'] . $key . '" type="hidden" value="' . $val . '" />';
        }
    }
    $echo_str .= "\n\t\t\t" . '</div>';
    $echo_str .= "\n\t\t" . '</div>';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<h3 id="wfu_tab_container" class="nav-tab-wrapper">';
    $is_first = true;
    foreach ($cats as $key => $cat) {
        $echo_str .= "\n\t\t" . '<a id="wfu_tab_' . $key . '" class="nav-tab' . ($is_first ? ' nav-tab-active' : '') . '" href="javascript: wfu_admin_activate_tab(\'' . $key . '\');">' . $cat . '</a>';
        $is_first = false;
    }
    $echo_str .= "\n\t" . '</h3>';
    $prevcat = "";
    $prevsubcat = "";
    $is_first = true;
    $block_open = false;
    $subblock_open = false;
    foreach ($defs as $def) {
        $attr = $def['attribute'];
        //check if this attribute depends on other
        if (!array_key_exists($attr, $governors)) {
            $governors[$attr] = "";
        }
        if ($governors[$attr] != "") {
            $governor = $governors[$attr];
        } else {
            $governor = array('attribute' => "independent", 'active' => true, 'inv' => '');
        }
        //close previous blocks
        if ($def['parent'] == "") {
            if ($subblock_open) {
                $echo_str .= "\n\t\t\t\t\t\t\t" . '</tbody>';
                $echo_str .= "\n\t\t\t\t\t\t" . '</table>';
                $subblock_open = false;
            }
            if ($block_open) {
                $echo_str .= "\n\t\t\t\t\t" . '</div></td>';
                $echo_str .= "\n\t\t\t\t" . '</tr>';
                $block_open = false;
            }
        }
        //check if new category must be generated
        if ($def['category'] != $prevcat) {
            if ($prevcat != "") {
                $echo_str .= "\n\t\t\t" . '</tbody>';
                $echo_str .= "\n\t\t" . '</table>';
                $echo_str .= "\n\t" . '</div>';
            }
            $prevcat = $def['category'];
            $prevsubcat = "";
            $echo_str .= "\n\t" . '<div id="wfu_container_' . $prevcat . '" class="wfu_container"' . ($is_first ? '' : ' style="display:none;"') . '">';
            $echo_str .= "\n\t\t" . '<table class="form-table wfu_main_table">';
            $echo_str .= "\n\t\t\t" . '<thead><tr><th></th><td></td><td></td></tr></thead>';
            $echo_str .= "\n\t\t\t" . '<tbody>';
            $is_first = false;
        }
        //check if new sub-category must be generated
        if ($def['subcategory'] != $prevsubcat) {
            $prevsubcat = $def['subcategory'];
            $echo_str .= "\n\t\t\t\t" . '<tr class="wfu_subcategory">';
            $echo_str .= "\n\t\t\t\t\t" . '<th scope="row" colspan="3">';
            $echo_str .= "\n\t\t\t\t\t\t" . '<h3 style="margin-bottom: 10px; margin-top: 10px;">' . $prevsubcat . '</h3>';
            $echo_str .= "\n\t\t\t\t\t" . '</th>';
            $echo_str .= "\n\t\t\t\t" . '</tr>';
        }
        //draw attribute element
        if ($def['parent'] == "") {
            $dlp = "\n\t\t\t\t";
        } else {
            if (!$subblock_open) {
                $echo_str .= "\n\t\t\t\t\t\t" . '<div class="wfu_shadow wfu_shadow_' . $def['parent'] . $governor['inv'] . '" style="display:' . ($governor['active'] ? 'none' : 'block') . ';"></div>';
                $echo_str .= "\n\t\t\t\t\t\t" . '<table class="form-table wfu_inner_table" style="margin:0;">';
                $echo_str .= "\n\t\t\t\t\t\t\t" . '<tbody>';
            }
            $dlp = "\n\t\t\t\t\t\t\t\t";
        }
        $echo_str .= $dlp . '<tr>';
        $echo_str .= $dlp . "\t" . '<th scope="row"><div class="wfu_td_div">';
        if ($def['parent'] == "") {
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_shadow wfu_shadow_' . $governor['attribute'] . $governor['inv'] . '" style="display:' . ($governor['active'] ? 'none' : 'block') . ';"></div>';
        }
        $echo_str .= $dlp . "\t\t" . '<div class="wfu_restore_container" title="Double-click to restore defaults setting"><img src="' . WFU_IMAGE_ADMIN_RESTOREDEFAULT . '" ondblclick="wfu_apply_value(\'' . $attr . '\', \'' . $def['type'] . '\', \'' . $def['default'] . '\');" /></div>';
        $echo_str .= $dlp . "\t\t" . '<label for="wfu_attribute_' . $attr . '">' . $def['name'] . '</label>';
        $echo_str .= $dlp . "\t\t" . '<input type="hidden" name="wfu_attribute_governor_' . $governor['attribute'] . '" class="wfu_attribute_governor" value="' . $attr . '" />';
        $echo_str .= $dlp . "\t\t" . '<div class="wfu_help_container" title="' . $def['help'] . '"><img src="' . WFU_IMAGE_ADMIN_HELP . '" /></div>';
        $echo_str .= $dlp . "\t" . '</div></th>';
        $echo_str .= $dlp . "\t" . '<td style="vertical-align:top;"><div class="wfu_td_div">';
        if ($def['parent'] == "") {
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_shadow wfu_shadow_' . $governor['attribute'] . $governor['inv'] . '" style="display:' . ($governor['active'] ? 'none' : 'block') . ';"></div>';
        }
        if ($def['type'] == "onoff") {
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_attribute_' . $attr . '" class="wfu_onoff_container_' . ($def['value'] == "true" ? "on" : "off") . '" onclick="wfu_admin_onoff_clicked(\'' . $attr . '\');">';
            $echo_str .= $dlp . "\t\t\t" . '<div class="wfu_onoff_slider"></div>';
            $echo_str .= $dlp . "\t\t\t" . '<span class="wfu_onoff_text">ON</span>';
            $echo_str .= $dlp . "\t\t\t" . '<span class="wfu_onoff_text">OFF</span>';
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "text") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" value="' . $val . '" />';
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_' . $attr);
            }
        } elseif ($def['type'] == "placements") {
            $components_used = array();
            foreach ($components as $component) {
                $components_used[$component['id']] = 0;
            }
            $centered_content = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div></div>';
            $centered_content_multi = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div><div class="wfu_component_box_index">YYY</div></div>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_placements_wrapper">';
            $echo_str .= $dlp . "\t\t\t" . '<div id="wfu_placements_container" class="wfu_placements_container">';
            $itemplaces = explode("/", $def['value']);
            foreach ($itemplaces as $section) {
                $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_component_separator_hor"></div>';
                $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_component_separator_ver"></div>';
                $items_in_section = explode("+", trim($section));
                $section_array = array();
                foreach ($items_in_section as $item_in_section) {
                    if (key_exists($item_in_section, $components_indexed)) {
                        if ($components_indexed[$item_in_section]['multiplacements'] || $components_used[$item_in_section] == 0) {
                            $components_used[$item_in_section]++;
                            if ($components_indexed[$item_in_section]['multiplacements']) {
                                $multi_index = $components_used[$item_in_section];
                                $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_component_box_' . $item_in_section . '_' . $multi_index . '" class="wfu_component_box" draggable="true" title="' . $components_indexed[$item_in_section]['help'] . '">' . str_replace(array("XXX", "YYY"), array($components_indexed[$item_in_section]['name'], $multi_index), $centered_content_multi) . '</div>';
                            } else {
                                $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_component_box_' . $item_in_section . '_0" class="wfu_component_box" draggable="true" title="' . $components_indexed[$item_in_section]['help'] . '">' . str_replace("XXX", $components_indexed[$item_in_section]['name'], $centered_content) . '</div>';
                            }
                            $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_component_separator_ver"></div>';
                        }
                    }
                }
            }
            $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_component_separator_hor"></div>';
            $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_component_bar_hor" class="wfu_component_bar_hor"></div>';
            $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_component_bar_ver" class="wfu_component_bar_ver"></div>';
            $echo_str .= $dlp . "\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t" . '<div id="wfu_componentlist_container" class="wfu_componentlist_container">';
            $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_componentlist_dragdrop" class="wfu_componentlist_dragdrop" style="display:none;"></div>';
            $ii = 1;
            foreach ($components as $component) {
                $echo_str .= $dlp . "\t\t\t\t" . '<div id="wfu_component_box_container_' . $component['id'] . '" class="wfu_component_box_container">';
                $echo_str .= $dlp . "\t\t\t\t\t" . '<div class="wfu_component_box_base">' . str_replace("XXX", $component['name'], $centered_content) . '</div>';
                if ($component['multiplacements']) {
                    $multi_index = $components_used[$component['id']] + 1;
                    $echo_str .= $dlp . "\t\t\t\t\t" . '<div id="wfu_component_box_' . $component['id'] . '_' . $multi_index . '" class="wfu_component_box wfu_inbase" draggable="true" title="' . $component['help'] . '">' . str_replace(array("XXX", "YYY"), array($component['name'], $multi_index), $centered_content_multi) . '</div>';
                } elseif ($components_used[$component['id']] == 0) {
                    $echo_str .= $dlp . "\t\t\t\t\t" . '<div id="wfu_component_box_' . $component['id'] . '_0" class="wfu_component_box wfu_inbase" draggable="true" title="' . $component['help'] . '">' . str_replace("XXX", $component['name'], $centered_content) . '</div>';
                }
                $echo_str .= $dlp . "\t\t\t\t" . '</div>' . ($ii++ % 3 == 0 ? '<br />' : '');
            }
            $echo_str .= $dlp . "\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "ltext") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" class="wfu_long_text" value="' . $val . '" />';
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_' . $attr);
            }
        } elseif ($def['type'] == "integer") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="number" name="wfu_text_elements" class="wfu_short_text" min="1" value="' . $val . '" />';
            if (isset($def['listitems']['unit'])) {
                $echo_str .= $dlp . "\t\t" . '<label> ' . $def['listitems']['unit'] . '</label>';
            }
        } elseif ($def['type'] == "float") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="number" name="wfu_text_elements" class="wfu_short_text" step="any" min="0" value="' . $val . '" />';
            if (isset($def['listitems']['unit'])) {
                $echo_str .= $dlp . "\t\t" . '<label> ' . $def['listitems']['unit'] . '</label>';
            }
        } elseif ($def['type'] == "date") {
            $val = $def['value'];
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_date_container"><input id="wfu_attribute_' . $attr . '" type="text" value="' . $val . '" readonly style="padding-right:16px; background-color:white;" /><img class="wfu_datereset_button" src="' . WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL . '" onclick="var f = document.getElementById(\'wfu_attribute_' . $attr . '\'); f.value = \'\'; wfu_update_date_value({target:f});" /></div><label style="font-size:smaller; margin-left:4px;">format: YYYY-MM-DD</label>';
            $echo_str .= wfu_inject_js_code('jQuery(function() {jQuery("#wfu_attribute_' . $attr . '").datepicker({dateFormat: "yy-mm-dd", onClose: function(date, picker) {wfu_update_date_value({target:this});}});});');
        } elseif ($def['type'] == "radio") {
            $echo_str .= $dlp . "\t\t";
            $ii = 0;
            foreach ($def['listitems'] as $item) {
                $echo_str .= '<input name="wfu_radioattribute_' . $attr . '" type="radio" value="' . $item . '" ' . ($item == $def['value'] || $item == "*" . $def['value'] ? 'checked="checked" ' : '') . 'style="width:auto; margin:0px 2px 0px ' . ($ii++ == 0 ? '0px' : '8px') . ';" onchange="wfu_admin_radio_clicked(\'' . $attr . '\');" />' . ($item[0] == "*" ? substr($item, 1) : $item);
            }
            //			$echo_str .= '<input type="button" class="button" value="empty" style="width:auto; margin:-2px 0px 0px 8px;" />';
        } elseif ($def['type'] == "ptext") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $parts = explode("/", $val);
            $singular = $parts[0];
            if (count($parts) < 2) {
                $plural = $singular;
            } else {
                $plural = $parts[1];
            }
            $echo_str .= $dlp . "\t\t" . '<span class="wfu_ptext_span">Singular</span><input id="wfu_attribute_s_' . $attr . '" type="text" name="wfu_ptext_elements" value="' . $singular . '" />';
            if ($def['variables'] != null) {
                if (count($def['variables']) > 0) {
                    $echo_str .= $dlp . "\t\t" . '<br /><span class="wfu_ptext_span">&nbsp;</span>';
                }
            }
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_s_' . $attr);
            }
            $echo_str .= $dlp . "\t\t" . '<br /><span class="wfu_ptext_span">Plural</span><input id="wfu_attribute_p_' . $attr . '" type="text" name="wfu_ptext_elements" value="' . $plural . '" />';
            if ($def['variables'] != null) {
                if (count($def['variables']) > 0) {
                    $echo_str .= $dlp . "\t\t" . '<br /><span class="wfu_ptext_span">&nbsp;</span>';
                }
            }
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_p_' . $attr, $dlp);
            }
        } elseif ($def['type'] == "mtext") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<textarea id="wfu_attribute_' . $attr . '" name="wfu_text_elements" rows="5">' . $val . '</textarea>';
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_' . $attr);
            }
        } elseif ($def['type'] == "folderlist") {
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_subfolders_inner_shadow_' . $attr . '" class="wfu_subfolders_inner_shadow" style="display:none;"></div>';
            $subfolders = wfu_parse_folderlist($def['value']);
            $poptitle = "Populate list automatically with the first-level subfolders of the path defined in uploadpath";
            $edittitle = "Allow the user to type the subfolder and filter the list during typing";
            $echo_str .= $dlp . "\t\t" . '<input type="checkbox" id="wfu_subfolders_auto_' . $attr . '"' . (substr($def['value'], 0, 4) == "auto" ? ' checked="checked"' : '') . ' onchange="wfu_subfolders_auto_changed(\'' . $attr . '\');" title="' . $poptitle . '" /><label for="wfu_subfolders_auto_' . $attr . '" title="' . $poptitle . '"> Auto-populate list</label>';
            $echo_str .= $dlp . "\t\t" . '<div style="display:' . (substr($def['value'], 0, 4) == "auto" ? 'inline' : 'none') . '; padding:0; margin:0 0 0 30px; background:none; border:none;"><input type="checkbox" id="wfu_subfolders_editable_' . $attr . '"' . (substr($def['value'], 0, 5) == "auto+" ? ' checked="checked"' : '') . ' onchange="wfu_subfolders_auto_changed(\'' . $attr . '\');" title="' . $edittitle . '" /><label for="wfu_subfolders_editable_' . $attr . '" title="' . $edittitle . '"> List is editable</label></div><br />';
            $echo_str .= $dlp . "\t\t" . '<input type="hidden" id="wfu_subfolders_manualtext_' . $attr . '" value="' . (substr($def['value'], 0, 4) == "auto" ? "" : $def['value']) . '" />';
            $echo_str .= $dlp . "\t\t" . '<select id="wfu_attribute_' . $attr . '" class="wfu_select_folders' . (count($subfolders['path']) == 0 ? ' wfu_select_folders_empty' : '') . '" size="7"' . (substr($def['value'], 0, 4) == "auto" ? ' disabled="disabled"' : '') . ' onchange="wfu_subfolders_changed(\'' . $attr . '\');">';
            foreach ($subfolders['path'] as $ind => $subfolder) {
                if (substr($subfolder, -1) == '/') {
                    $subfolder = substr($subfolder, 0, -1);
                }
                $subfolder_raw = explode('/', $subfolder);
                $subfolder = $subfolder_raw[count($subfolder_raw) - 1];
                $text = str_repeat("&nbsp;&nbsp;&nbsp;", intval($subfolders['level'][$ind])) . $subfolders['label'][$ind];
                $subvalue = str_repeat("*", intval($subfolders['level'][$ind])) . ($subfolders['default'][$ind] ? '&' : '') . ($subfolder == "" ? '{root}' : $subfolder) . '/' . $subfolders['label'][$ind];
                $echo_str .= $dlp . "\t\t\t" . '<option class="' . ($subfolders['default'][$ind] ? 'wfu_select_folders_option_default' : '') . '" value="' . wfu_plugin_encode_string($subvalue) . '">' . $text . '</option>';
            }
            $echo_str .= $dlp . "\t\t\t" . '<option value="">' . (substr($def['value'], 0, 4) != "auto" && count($subfolders['path']) == 0 ? 'press here' : '') . '</option>';
            $echo_str .= $dlp . "\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_subfolder_nav_' . $attr . '" class="wfu_subfolder_nav_container">';
            $echo_str .= $dlp . "\t\t\t" . '<table class="wfu_subfolder_nav"><tbody>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_up_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" disabled="disabled" title="move item up" onclick="wfu_subfolders_up_clicked(\'' . $attr . '\');">&uarr;</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_left_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="make it parent" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_left_clicked(\'' . $attr . '\');">&larr;</button>';
            $echo_str .= $dlp . "\t\t\t\t" . '<button id="wfu_subfolders_right_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="make it child" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_right_clicked(\'' . $attr . '\');">&rarr;</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_down_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="move item down" disabled="disabled" onclick="wfu_subfolders_down_clicked(\'' . $attr . '\');">&darr;</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td style="line-height:0;"><button  class="button" style="visibility:hidden; height:10px;"></button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_add_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="add new item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_add_clicked(\'' . $attr . '\');">+</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_def_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="make it default" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_def_clicked(\'' . $attr . '\');">&diams;</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<tr><td><button id="wfu_subfolders_del_' . $attr . '" name="wfu_subfolder_nav_' . $attr . '" class="button" title="delete item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_del_clicked(\'' . $attr . '\');">-</button></tr></td>';
            $echo_str .= $dlp . "\t\t\t" . '</tbody></table>';
            $echo_str .= $dlp . "\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_subfolder_tools_' . $attr . '" class="wfu_subfolder_tools_container wfu_subfolder_tools_disabled">';
            $echo_str .= $dlp . "\t\t\t" . '<table class="wfu_subfolder_tools"><tbody><tr>';
            $echo_str .= $dlp . "\t\t\t\t" . '<td style="width:40%;">';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<label>Label</label>';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<input id="wfu_subfolders_label_' . $attr . '" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
            $echo_str .= $dlp . "\t\t\t\t" . '</td>';
            $echo_str .= $dlp . "\t\t\t\t" . '<td style="width:60%;"><div style="padding-right:36px;">';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<label>Path</label>';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<input id="wfu_subfolders_path_' . $attr . '" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<button id="wfu_subfolders_browse_' . $attr . '" class="button" title="browse folders" style="right:18px;" disabled="disabled" onclick="wfu_subfolders_browse_clicked(\'' . $attr . '\');"><img src="' . WFU_IMAGE_ADMIN_SUBFOLDER_BROWSE . '" ></button>';
            $echo_str .= $dlp . "\t\t\t\t\t" . '<button id="wfu_subfolders_ok_' . $attr . '" class="button" title="save changes" style="right:0px;" disabled="disabled" onclick="wfu_subfolders_ok_clicked(\'' . $attr . '\');"><img src="' . WFU_IMAGE_ADMIN_SUBFOLDER_OK . '" ></button>';
            // file browser dialog
            $echo_str .= $dlp . "\t\t\t\t\t" . '<div id="wfu_subfolders_browser_' . $attr . '" class="wfu_subfolders_browser_container" style="display:none;">';
            $echo_str .= $dlp . "\t\t\t\t\t\t" . '<table><tbody>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '<tr><td style="height:15px;">';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '<div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<label>Folder Browser</label>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<button class="button wfu_folder_browser_cancel" onclick="wfu_folder_browser_cancel_clicked(\'' . $attr . '\');"><img src="' . WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL . '" ></button>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '</td></tr>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '<tr><td style="height:106px;">';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '<div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<select id="wfu_subfolders_browser_list_' . $attr . '" size="2" onchange="wfu_subfolders_browser_list_changed(\'' . $attr . '\');">';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t\t" . '<option>Value</option>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t\t" . '<option>Value2</option>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t\t" . '<option>Value3</option>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<div id="wfu_subfolders_browser_msgcont_' . $attr . '" class="wfu_folder_browser_loading_container" style="padding-top:40px;">';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t\t" . '<label id="wfu_subfolders_browser_msg_' . $attr . '" style="margin-bottom:4px;">loading folder contents...</label>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t\t" . '<img id="wfu_subfolders_browser_img_' . $attr . '" src="' . WFU_IMAGE_ADMIN_SUBFOLDER_LOADING . '" ></button>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '</td></tr>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '<tr><td align="right" style="height:15px;">';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '<div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<button class="button" onclick="wfu_folder_browser_cancel_clicked(\'' . $attr . '\');">Cancel</button>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t\t" . '<button id="wfu_subfolders_browser_ok_' . $attr . '" class="button">Ok</button>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t\t\t\t\t" . '</td></tr>';
            $echo_str .= $dlp . "\t\t\t\t\t\t" . '</tbody></table>';
            $echo_str .= $dlp . "\t\t\t\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t\t\t" . '</div></td>';
            $echo_str .= $dlp . "\t\t\t" . '</tr></tbody></table>';
            $echo_str .= $dlp . "\t\t\t" . '<input id="wfu_subfolders_isnewitem_' . $attr . '" type="hidden" value="" />';
            $echo_str .= $dlp . "\t\t\t" . '<input id="wfu_subfolders_newitemindex_' . $attr . '" type="hidden" value="" />';
            $echo_str .= $dlp . "\t\t\t" . '<input id="wfu_subfolders_newitemlevel_' . $attr . '" type="hidden" value="" />';
            $echo_str .= $dlp . "\t\t\t" . '<input id="wfu_subfolders_newitemlevel2_' . $attr . '" type="hidden" value="" />';
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "mchecklist") {
            $help_count = 0;
            foreach ($def['listitems'] as $key => $item) {
                $parts = explode("/", $item);
                if (count($parts) == 1) {
                    $items[$key]['id'] = $item;
                    $items[$key]['help'] = '';
                } else {
                    $items[$key]['id'] = $parts[0];
                    $items[$key]['help'] = $parts[1];
                    $help_count++;
                }
            }
            $def['value'] = strtolower($def['value']);
            if ($def['value'] == "all") {
                $selected = array();
            } else {
                $selected = explode(",", $def['value']);
            }
            foreach ($selected as $key => $item) {
                $selected[$key] = trim($item);
            }
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_attribute_' . $attr . '" class="wfu_mchecklist_container">';
            $is_first = true;
            foreach ($items as $key => $item) {
                if (!$is_first) {
                    $echo_str .= "<br />";
                }
                $is_first = false;
                $echo_str .= $dlp . "\t\t\t" . '<div class="wfu_mchecklist_item"><input id="wfu_attribute_' . $attr . '_' . $key . '" type="checkbox"' . ($def['value'] == "all" || in_array($item['id'], $selected) ? ' checked="checked"' : '') . ($def['value'] == "all" ? ' disabled="disabled"' : '') . ' onchange="wfu_update_mchecklist_value(\'' . $attr . '\');" /><label for="wfu_attribute_' . $attr . '_' . $key . '">' . $item['id'] . '</label>';
                if ($item['help'] != '') {
                    $echo_str .= '<div class="wfu_help_container" title="' . $item['help'] . '"><img src="' . WFU_IMAGE_ADMIN_HELP . '" /></div>';
                }
                $echo_str .= '</div>';
            }
            $echo_str .= $dlp . "\t\t" . '</div>';
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_attribute_' . $attr . '_optionhelp" class="wfu_help_container" title="" style="display:none; position:absolute;"><img src="' . WFU_IMAGE_ADMIN_HELP . '" style="visibility:visible;" /></div>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_mchecklist_checkall"><input id="wfu_attribute_' . $attr . '_all" type="checkbox" onchange="wfu_update_mchecklist_value(\'' . $attr . '\');"' . ($def['value'] == "all" ? ' checked="checked"' : '') . ' /> Select all</div>';
        } elseif ($def['type'] == "rolelist") {
            $roles = $wp_roles->get_names();
            $selected = explode(",", $def['value']);
            $default_administrator = is_array($def['listitems']) && in_array('default_administrator', $def['listitems']);
            if (in_array('all', $selected)) {
                $rolesselected = $default_administrator ? array("administrator") : array();
            } else {
                $rolesselected = $selected;
            }
            foreach ($selected as $key => $item) {
                $selected[$key] = trim($item);
            }
            $echo_str .= $dlp . "\t\t" . '<table class="wfu_rolelist_container"><tbody><tr><td>';
            $echo_str .= $dlp . "\t\t" . '<select id="wfu_attribute_' . $attr . '" multiple="multiple" size="' . count($roles) . '" onchange="wfu_update_rolelist_value(\'' . $attr . '\');"' . (in_array('all', $selected) ? ' disabled="disabled"' : '') . '>';
            foreach ($roles as $roleid => $rolename) {
                $echo_str .= $dlp . "\t\t\t" . '<option value="' . $roleid . '"' . (in_array($roleid, $rolesselected) ? ' selected="selected"' : '') . '>' . $rolename . '</option>';
            }
            $echo_str .= $dlp . "\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '</td><td>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_rolelist_checkbtn"><input class="' . ($default_administrator ? 'wfu_default_administrator' : '') . '" id="wfu_attribute_' . $attr . '_all" type="checkbox" onchange="wfu_update_rolelist_value(\'' . $attr . '\');"' . (in_array('all', $selected) ? ' checked="checked"' : '') . ' /><label for="wfu_attribute_' . $attr . '_all"> Select all</label></div><br />';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_rolelist_checkbtn"><input id="wfu_attribute_' . $attr . '_guests" type="checkbox" onchange="wfu_update_rolelist_value(\'' . $attr . '\');"' . (in_array("guests", $selected) ? ' checked="checked"' : '') . ' /><label for="wfu_attribute_' . $attr . '_guests"> Include guests</label></div>';
            $echo_str .= $dlp . "\t\t" . '</td></tr></tbody></table>';
        } elseif ($def['type'] == "userlist") {
            $users = get_users();
            $selected = explode(",", $def['value']);
            $default_0 = is_array($def['listitems']) && in_array('default_0', $def['listitems']);
            if (in_array('all', $selected)) {
                $usersselected = $default_0 ? array($users[0]->user_login) : array();
            } else {
                $usersselected = $selected;
            }
            $only_current = false;
            $echo_str .= $dlp . "\t\t" . '<table class="wfu_userlist_container"><tbody><tr>';
            if (is_array($def['listitems']) && in_array('include_current', $def['listitems'])) {
                $only_current = $def['value'] == 'current';
                if ($only_current) {
                    $usersselected = $default_0 ? array($users[0]->user_login) : array();
                }
                $echo_str .= $dlp . "\t\t" . '<td colspan="2"><div class="wfu_userlist_checkbtn"><input id="wfu_attribute_' . $attr . '_current" type="checkbox" onchange="wfu_update_userlist_value(\'' . $attr . '\');"' . ($only_current ? ' checked="checked"' : '') . ' /><label for="wfu_attribute_' . $attr . '_current"> Only From Current User</label></div>';
                $echo_str .= $dlp . "\t\t" . '</td></tr><tr>';
            }
            $echo_str .= $dlp . "\t\t" . '<td><select id="wfu_attribute_' . $attr . '" multiple="multiple" size="' . min(count($users), 10) . '" onchange="wfu_update_userlist_value(\'' . $attr . '\');"' . ($only_current || in_array('all', $selected) ? ' disabled="disabled"' : '') . '>';
            foreach ($users as $userid => $user) {
                $echo_str .= $dlp . "\t\t\t" . '<option value="' . $user->user_login . '"' . (in_array($user->user_login, $usersselected) ? ' selected="selected"' : '') . '>' . $user->display_name . ' (' . $user->user_login . ')</option>';
            }
            $echo_str .= $dlp . "\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '</td><td>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_userlist_checkbtn"><input class="' . ($default_0 ? 'wfu_default_0' : '') . '" id="wfu_attribute_' . $attr . '_all" type="checkbox" onchange="wfu_update_userlist_value(\'' . $attr . '\');"' . (in_array('all', $selected) ? ' checked="checked"' : '') . ($only_current ? ' disabled="disabled"' : '') . ' /><label for="wfu_attribute_' . $attr . '_all"> Select all</label></div><br />';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_userlist_checkbtn"><input id="wfu_attribute_' . $attr . '_guests" type="checkbox" onchange="wfu_update_userlist_value(\'' . $attr . '\');"' . (in_array("guests", $selected) ? ' checked="checked"' : '') . ($only_current ? ' disabled="disabled"' : '') . ' /><label for="wfu_attribute_' . $attr . '_guests"> Include guests</label></div>';
            $echo_str .= $dlp . "\t\t" . '</td></tr></tbody></table>';
        } elseif ($def['type'] == "postlist") {
            $processed = false;
            if (is_array($def['listitems'])) {
                $has_current = in_array('include_current', $def['listitems']);
                if ($has_current) {
                    unset($def['listitems'][array_search('include_current', $def['listitems'])]);
                }
                foreach ($def['listitems'] as $post_type) {
                    // if a post type cannot be found then we reset the list so that it is not processed at all
                    if (get_post_type_object($post_type) == null) {
                        $def['listitems'] = array();
                        break;
                    }
                }
                if (count($def['listitems']) > 0) {
                    $selected = explode(",", $def['value']);
                    $only_current = false;
                    $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '_postlist" type="hidden" value="' . implode(",", $def['listitems']) . '" />';
                    $echo_str .= $dlp . "\t\t" . '<table class="wfu_postlist_container"><tbody><tr>';
                    if ($has_current) {
                        $only_current = $def['value'] == 'current';
                        if ($only_current) {
                            $sselected = array();
                        }
                        $echo_str .= $dlp . "\t\t" . '<td colspan="' . count($def['listitems']) . '"><div class="wfu_postlist_checkbtn"><input id="wfu_attribute_' . $attr . '_current" type="checkbox" onchange="wfu_update_postlist_value(\'' . $attr . '\');"' . ($only_current ? ' checked="checked"' : '') . ' /><label for="wfu_attribute_' . $attr . '_current"> Only From Current Post/Page</label></div>';
                        $echo_str .= $dlp . "\t\t" . '</td></tr><tr>';
                    }
                    $postargs = array('post_type' => $def['listitems'], 'post_status' => "publish,private,draft", 'posts_per_page' => -1);
                    $posts = get_posts($postargs);
                    $list = wfu_construct_post_list($posts);
                    foreach ($def['listitems'] as $post_type) {
                        $flatlist = wfu_flatten_post_list($list[$post_type]);
                        $postobj = get_post_type_object($post_type);
                        $echo_str .= $dlp . "\t\t" . '<td><div class="wfu_postlist_header"><label>' . $postobj->label . '</label><div class="wfu_postlist_selectall"><input id="wfu_attribute_' . $attr . '_all_' . $post_type . '" type="checkbox" onchange="wfu_update_postlist_value(\'' . $attr . '\');"' . (in_array('all', $selected) || in_array('all' . $post_type, $selected) ? ' checked="checked"' : '') . ($only_current ? ' disabled="disabled"' : '') . ' /><label for="wfu_attribute_' . $attr . '_all_' . $post_type . '"> Select all</label></div></div>';
                        $echo_str .= $dlp . "\t\t" . '<select id="wfu_attribute_' . $attr . '_' . $post_type . '" multiple="multiple" size="' . min(count($flatlist), 10) . '" onchange="wfu_update_postlist_value(\'' . $attr . '\');"' . ($only_current || in_array('all', $selected) || in_array('all' . $post_type, $selected) ? ' disabled="disabled"' : '') . '>';
                        foreach ($flatlist as $item) {
                            $echo_str .= $dlp . "\t\t\t" . '<option value="' . $item['id'] . '"' . (in_array($item['id'], $selected) ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp;', 4 * $item['level']) . ($item['status'] == 1 ? '[Private]' : ($item['status'] == 2 ? '[Draft]' : '')) . $item['title'] . '</option>';
                        }
                        $echo_str .= $dlp . "\t\t" . '</select></td>';
                    }
                    $echo_str .= $dlp . "\t\t" . '</tr></tbody></table>';
                    $processed = true;
                }
            }
            if (!$processed) {
                $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
                $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" value="' . $val . '" />';
            }
        } elseif ($def['type'] == "bloglist") {
            if (function_exists('wp_get_sites')) {
                $blogs = wp_get_sites();
                $selected = explode(",", $def['value']);
                if (in_array('all', $selected)) {
                    $blogsselected = array();
                } else {
                    $blogsselected = $selected;
                }
                $only_current = false;
                $echo_str .= $dlp . "\t\t" . '<table class="wfu_bloglist_container"><tbody><tr>';
                if (is_array($def['listitems']) && in_array('include_current', $def['listitems'])) {
                    $only_current = $def['value'] == 'current';
                    if ($only_current) {
                        $blogsselected = array();
                    }
                    $echo_str .= $dlp . "\t\t" . '<td colspan="2"><div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_' . $attr . '_current" type="checkbox" onchange="wfu_update_bloglist_value(\'' . $attr . '\');"' . ($only_current ? ' checked="checked"' : '') . ' /><label for="wfu_attribute_' . $attr . '_current"> Only From Current Site</label></div>';
                    $echo_str .= $dlp . "\t\t" . '</td></tr><tr>';
                }
                $echo_str .= $dlp . "\t\t" . '<td><select id="wfu_attribute_' . $attr . '" multiple="multiple" size="' . min(count($blogs), 10) . '" onchange="wfu_update_bloglist_value(\'' . $attr . '\');"' . ($only_current || in_array('all', $selected) ? ' disabled="disabled"' : '') . '>';
                foreach ($blogs as $blog) {
                    $echo_str .= $dlp . "\t\t\t" . '<option value="' . $blog->blog_id . '"' . (in_array($blog->blog_id, $blogsselected) ? ' selected="selected"' : '') . '>' . $blog->path . '</option>';
                }
                $echo_str .= $dlp . "\t\t" . '</select>';
                $echo_str .= $dlp . "\t\t" . '</td><td>';
                $echo_str .= $dlp . "\t\t" . '<div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_' . $attr . '_all" type="checkbox" onchange="wfu_update_bloglist_value(\'' . $attr . '\');"' . (in_array('all', $selected) ? ' checked="checked"' : '') . ($only_current ? ' disabled="disabled"' : '') . ' /><label for="wfu_attribute_' . $attr . '_all"> Select all</label></div>';
                $echo_str .= $dlp . "\t\t" . '</td></tr></tbody></table>';
            } else {
                $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
                $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" value="' . $val . '" />';
            }
        } elseif ($def['type'] == "stringmatch") {
            $matchfield = "";
            $matchcriterion = "equal to";
            $matchvalue = "";
            preg_match('/^field:(.*?);\\s*criterion:(.*?)\\s*;\\s*value:(.*)$/', $def['value'], $matches);
            if (count($matches) == 4) {
                $matchfield = $matches[1];
                $matchcriterion = $matches[2];
                $matchvalue = $matches[3];
            }
            $echo_str .= $dlp . "\t\t" . '<div style="white-space:nowrap;">';
            $echo_str .= $dlp . "\t\t" . '<label>Field </label><input id="wfu_attribute_' . $attr . '_matchfield" type="text" name="wfu_stringmatch_elements" value="' . $matchfield . '" />';
            $echo_str .= $dlp . "\t\t" . '<select id="wfu_attribute_' . $attr . '_matchcriterion" value="' . $matchcriterion . '" onchange="wfu_update_stringmatch_value(\'' . $attr . '\');">';
            $echo_str .= $dlp . "\t\t\t" . '<option value="equal to"' . ($matchcriterion == "equal to" ? 'selected="selected"' : '') . '>equal to</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="starts with"' . ($matchcriterion == "starts with" ? 'selected="selected"' : '') . '>starts with</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="ends with"' . ($matchcriterion == "ends with" ? 'selected="selected"' : '') . '>ends with</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="contains"' . ($matchcriterion == "contains" ? 'selected="selected"' : '') . '>contains</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="not equal to"' . ($matchcriterion == "not equal to" ? 'selected="selected"' : '') . '>not equal to</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="does not start with"' . ($matchcriterion == "does not start with" ? 'selected="selected"' : '') . '>does not start with</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="does not end with"' . ($matchcriterion == "does not end with" ? 'selected="selected"' : '') . '>does not end with</option>';
            $echo_str .= $dlp . "\t\t\t" . '<option value="does not contain"' . ($matchcriterion == "does not contain" ? 'selected="selected"' : '') . '>does not contain</option>';
            $echo_str .= $dlp . "\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '_matchvalue" type="text" name="wfu_stringmatch_elements" value="' . $matchvalue . '" />';
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "columns") {
            $selected = explode(",", $def['value']);
            if (count($selected) == 1 && $selected[0] == "") {
                $selected = array();
            }
            $echo_str .= $dlp . "\t" . '<table class="wfu_columns_container"><tbody><tr>';
            $echo_str .= $dlp . "\t\t" . '<td>';
            $echo_str .= $dlp . "\t\t\t" . '<label class="wfu_columns_listtitle">Available Columns</label><br />';
            $echo_str .= $dlp . "\t\t\t" . '<select id="wfu_attribute_' . $attr . '_sourcelist" multiple="multiple" size="' . min(count($def['listitems']), 10) . '">';
            foreach ($def['listitems'] as $item) {
                $item_required = substr($item, 0, 1) == "*";
                if ($item_required) {
                    $item = substr($item, 1);
                }
                $item_parts = explode("/", $item, 2);
                if (count($item_parts) == 1) {
                    $item_name = $item;
                    $item_label = $item . ($item_required ? ' (required)' : '');
                } else {
                    $item_name = $item_parts[0];
                    $item_label = $item_parts[1];
                }
                $itemprops[$item_name] = array('label' => $item_label, 'required' => $item_required);
                $echo_str .= $dlp . "\t\t\t\t" . '<option value="' . $item_name . '"' . ($item_required ? ' class="wfu_columns_item_required"' : '') . ' onclick="wfu_columns_itemclicked(this);">' . $item_label . '</option>';
            }
            $echo_str .= $dlp . "\t\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '</td>';
            foreach ($itemprops as $item_name => $prop) {
                if ($prop['required'] && !in_array($item_name, $selected)) {
                    array_splice($selected, 0, 0, array($item_name));
                }
            }
            $echo_str .= $dlp . "\t\t" . '<td align="center">';
            $echo_str .= $dlp . "\t\t\t" . '<label class="wfu_columns_listtitle"></label><br />';
            $echo_str .= $dlp . "\t\t\t" . '<button class="wfu_columns_addbutton" onclick="wfu_columns_buttonaction(\'' . $attr . '\', \'add\');">Add &gt;&gt;</button><br />';
            $echo_str .= $dlp . "\t\t\t" . '<button class="wfu_columns_addbutton" onclick="wfu_columns_buttonaction(\'' . $attr . '\', \'del\');">&lt;&lt; Remove</button>';
            $echo_str .= $dlp . "\t\t" . '</td>';
            $echo_str .= $dlp . "\t\t" . '<td>';
            $echo_str .= $dlp . "\t\t\t" . '<label class="wfu_columns_listtitle">Displayed Columns</label><br />';
            $echo_str .= $dlp . "\t\t\t" . '<select id="wfu_attribute_' . $attr . '" multiple="multiple" size="' . min(count($def['listitems']), 10) . '" onchange="wfu_update_columns(\'' . $attr . '\');">';
            foreach ($selected as $item_name) {
                $echo_str .= $dlp . "\t\t\t\t" . '<option value="' . $item_name . '"' . ($itemprops[$item_name]['required'] ? ' class="wfu_columns_item_required"' : '') . ' onclick="wfu_columns_itemclicked(this);">' . $itemprops[$item_name]['label'] . '</option>';
            }
            $echo_str .= $dlp . "\t\t\t" . '</select>';
            $echo_str .= $dlp . "\t\t" . '</td>';
            $echo_str .= $dlp . "\t\t" . '<td align="center">';
            $echo_str .= $dlp . "\t\t\t" . '<label class="wfu_columns_listtitle"></label><br />';
            $echo_str .= $dlp . "\t\t\t" . '<button class="wfu_columns_addbutton" onclick="wfu_columns_buttonaction(\'' . $attr . '\', \'up\');">&#8593;</button><br />';
            $echo_str .= $dlp . "\t\t\t" . '<button class="wfu_columns_addbutton" onclick="wfu_columns_buttonaction(\'' . $attr . '\', \'down\');">&#8595;</button>';
            $echo_str .= $dlp . "\t\t" . '</td>';
            $echo_str .= $dlp . "\t" . '</tr></tbody></table>';
        } elseif ($def['type'] == "dimensions") {
            $vals_arr = explode(",", $def['value']);
            $vals = array();
            foreach ($vals_arr as $val_raw) {
                if (trim($val_raw) != "") {
                    list($val_id, $val) = explode(":", $val_raw);
                    $vals[trim($val_id)] = trim($val);
                }
            }
            $dims = array();
            foreach ($components as $comp) {
                if ($comp['dimensions'] == null) {
                    $dims[$comp['id']] = $comp['name'];
                } else {
                    foreach ($comp['dimensions'] as $dimraw) {
                        list($dim_id, $dim_name) = explode("/", $dimraw);
                        $dims[$dim_id] = $dim_name;
                    }
                }
            }
            foreach ($dims as $dim_id => $dim_name) {
                if (!array_key_exists($dim_id, $vals)) {
                    $vals[$dim_id] = "";
                }
                $echo_str .= $dlp . "\t\t" . '<span style="display:inline-block; width:130px;">' . $dim_name . '</span><input id="wfu_attribute_' . $attr . '_' . $dim_id . '" type="text" name="wfu_dimension_elements_' . $attr . '" class="wfu_short_text" value="' . $vals[$dim_id] . '" /><br />';
            }
        } elseif ($def['type'] == "userfields") {
            $fields_arr = explode("/", $def['value']);
            $fields = array();
            foreach ($fields_arr as $field_raw) {
                $is_req = substr($field_raw, 0, 1) == "*";
                if ($is_req) {
                    $field_raw = substr($field_raw, 1);
                }
                if ($field_raw != "") {
                    array_push($fields, array("name" => $field_raw, "required" => $is_req));
                }
            }
            if (count($fields) == 0) {
                array_push($fields, array("name" => "", "required" => false));
            }
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_attribute_' . $attr . '" class="wfu_userdata_container">';
            foreach ($fields as $field) {
                $echo_str .= $dlp . "\t\t\t" . '<div class="wfu_userdata_line">';
                $echo_str .= $dlp . "\t\t\t\t" . '<input type="text" name="wfu_userfield_elements" value="' . $field['name'] . '" />';
                $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_userdata_action" onclick="wfu_userdata_add_field(this);"><img src="' . WFU_IMAGE_ADMIN_USERDATA_ADD . '" ></div>';
                $echo_str .= $dlp . "\t\t\t\t" . '<div class="wfu_userdata_action wfu_userdata_action_disabled" onclick="wfu_userdata_remove_field(this);"><img src="' . WFU_IMAGE_ADMIN_USERDATA_REMOVE . '" ></div>';
                $echo_str .= $dlp . "\t\t\t\t" . '<input type="checkbox"' . ($field['required'] ? 'checked="checked"' : '') . ' onchange="wfu_update_userfield_value({target:this});" />';
                $echo_str .= $dlp . "\t\t\t\t" . '<span>Required</span>';
                $echo_str .= $dlp . "\t\t\t" . '</div>';
            }
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "formfields") {
            //get field type definitions
            $fielddefs_array = $def['listitems'];
            foreach ($fielddefs_array as $fielddef) {
                $fielddefs[$fielddef['type']] = $fielddef;
            }
            //initialize editable field properties
            $fieldprops_basic = array('required', 'donotautocomplete', 'validate', 'typehook', 'labelposition', 'hintposition', 'default', 'data', 'group', 'format');
            $fieldprops_default = array("type" => "text", "label" => "", "labelposition" => "left", "required" => false, "donotautocomplete" => false, "validate" => false, "default" => "", "data" => "", "group" => "", "format" => "", "hintposition" => "right", "typehook" => false);
            //parse shortcode attribute to $fields
            $fields = wfu_parse_userdata_attribute($def['value']);
            $labelpositions = array("none", "top", "right", "bottom", "left");
            $hintpositions = array("none", "inline", "top", "right", "bottom", "left");
            if (count($fields) == 0) {
                array_push($fields, $fieldprops_default);
            }
            //set html template variable
            $template = $dlp . "\t\t\t\t" . '<table class="wfu_formdata_props_table"><tbody>';
            $template .= $dlp . "\t\t\t\t" . '<tr><td colspan="2"><label class="wfu_formdata_label">Type</label><select id="wfu_formfield_[[key]]_type" value="[[t]]" onchange="wfu_formdata_type_changed(\'[[key]]\');">';
            foreach ($fielddefs as $item) {
                $template .= $dlp . "\t\t\t\t\t" . '<option value="' . $item['type'] . '"[[type_' . $item['type'] . '_selected]]>' . $item['type_description'] . '</option>';
            }
            $template .= $dlp . "\t\t\t\t" . '</select></td><td>';
            $template .= $dlp . "\t\t\t\t" . '<div class="wfu_formdata_action wfu_formdata_action_add" onclick="wfu_formdata_add_field(\'[[key]]\');"><img src="' . WFU_IMAGE_ADMIN_USERDATA_ADD . '" ></div>';
            $template .= $dlp . "\t\t\t\t" . '<div class="wfu_formdata_action wfu_formdata_action_remove[[remove_disabled]]" onclick="wfu_formdata_remove_field(\'[[key]]\');"><img src="' . WFU_IMAGE_ADMIN_USERDATA_REMOVE . '" ></div></td></tr>';
            $template .= $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label">Label</label></td><td><input type="text" id="wfu_formfield_[[key]]_label" name="wfu_formfield_elements" value="[[label]]" /></td><td></td></tr>';
            $labelpos_options = "";
            foreach ($labelpositions as $pos) {
                $labelpos_options .= '<option value="' . $pos . '"[[labelposition_' . $pos . '_selected]]>' . $pos . '</option>';
            }
            $template .= $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_labelposition" title="[[labelposition_hint]]">Label Position</label></td><td><select id="wfu_formfield_[[key]]_labelposition" value="[[s]]" title="[[labelposition_hint]]" onchange="wfu_update_formfield_value({target:this});">' . $labelpos_options . '</select></td><td></td></tr>';
            $template .= '[[R->]]' . $dlp . "\t\t\t\t" . '<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_required" type="checkbox"[[r->]] checked="checked"[[<-r]] title="[[required_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_required" title="[[required_hint]]"> Required</label></td><td></td></tr>[[<-R]]';
            $template .= '[[A->]]' . $dlp . "\t\t\t\t" . '<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_donotautocomplete" type="checkbox"[[a->]] checked="checked"[[<-a]] title="[[donotautocomplete_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_donotautocomplete" title="[[donotautocomplete_hint]]"> Do not autocomplete</label></td><td></td></tr>[[<-A]]';
            $template .= '[[V->]]' . $dlp . "\t\t\t\t" . '<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_validate" type="checkbox"[[v->]] checked="checked"[[<-v]] title="[[validate_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_validate" title="[[validate_hint]]"> Validate</label></td><td></td></tr>[[<-V]]';
            $hint_options = "";
            foreach ($hintpositions as $pos) {
                $hint_options .= '<option value="' . $pos . '"[[hintposition_' . $pos . '_selected]]>' . $pos . '</option>';
            }
            $template .= '[[P->]]' . $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[hintposition_hint]]">Hint Position</label></td><td><select id="wfu_formfield_[[key]]_hintposition" value="[[p]]" title="[[hintposition_hint]]" onchange="wfu_update_formfield_value({target:this});">' . $hint_options . '</select></td><td></td></tr>[[<-P]]';
            $template .= '[[H->]]' . $dlp . "\t\t\t\t" . '<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_typehook" type="checkbox"[[h->]] checked="checked"[[<-h]] title="[[typehook_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_typehook" title="[[typehook_hint]]"> Type hook</label></td><td></td></tr>[[<-H]]';
            $template .= '[[D->]]' . $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[default_hint]]">Default</label></td><td><input id="wfu_formfield_[[key]]_default" type="text" name="wfu_formfield_elements" value="[[d]]" title="[[default_hint]]" /></td><td></td></tr>[[<-D]]';
            $template .= '[[L->]]' . $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[data_hint]]">[[data_label]]</label></td><td><input id="wfu_formfield_[[key]]_data" type="text" name="wfu_formfield_elements" value="[[l]]" title="[[data_hint]]" /></td><td></td></tr>[[<-L]]';
            $template .= '[[G->]]' . $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[group_hint]]">Group ID</label></td><td><input id="wfu_formfield_[[key]]_group" type="text" name="wfu_formfield_elements" value="[[g]]" title="[[group_hint]]" /></td><td></td></tr>[[<-G]]';
            $template .= '[[F->]]' . $dlp . "\t\t\t\t" . '<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[format_hint]]">Format</label></td><td><input id="wfu_formfield_[[key]]_format" type="text" name="wfu_formfield_elements" value="[[f]]" title="[[format_hint]]" /></td><td></td></tr>[[<-F]]';
            $template .= $dlp . "\t\t\t\t" . '</tbody></table>';
            //draw html elements
            $echo_str .= $dlp . "\t\t" . '<div id="wfu_attribute_' . $attr . '" class="wfu_formdata_container">';
            $echo_str .= $dlp . "\t\t\t" . '<div id="wfu_attribute_' . $attr . '_codeadd" style="display:none;">';
            //pass template and type props to client javascript variable and then erase the code
            $echo_str .= $dlp . "\t\t\t\t" . '<script type="text/javascript">';
            $echo_str .= $dlp . "\t\t\t\t\t" . 'var wfu_attribute_' . $attr . '_formtemplate = "' . wfu_plugin_encode_string($template) . '";';
            $echo_str .= $dlp . "\t\t\t\t\t" . 'var wfu_attribute_' . $attr . '_typeprops = {};';
            $fielddef_array = array();
            foreach ($fielddefs as $item) {
                array_push($fielddef_array, $item['type']);
            }
            //prepare storage of field definitions to browser context
            $echo_str .= $dlp . "\t\t\t\t\t" . 'wfu_attribute_' . $attr . '_typeprops[0] = \'' . implode(",", $fielddef_array) . '\'';
            foreach ($fielddefs as $item) {
                $typeprops = array();
                foreach ($fieldprops_basic as $prop) {
                    array_push($typeprops, $prop . ': \'' . $item[$prop] . '\'');
                    array_push($typeprops, $prop . '_hint: \'' . $item[$prop . '_hint'] . '\'');
                }
                array_push($typeprops, 'data_label: \'' . $item['data_label'] . '\'');
                $echo_str .= $dlp . "\t\t\t\t\t" . 'wfu_attribute_' . $attr . '_typeprops["' . $item['type'] . '"] = {' . implode(", ", $typeprops) . '};';
            }
            $echo_str .= $dlp . "\t\t\t\t\t" . 'var self = document.getElementById("wfu_attribute_' . $attr . '_codeadd"); self.parentNode.removeChild(self);';
            $echo_str .= $dlp . "\t\t\t\t" . '</script>';
            $echo_str .= $dlp . "\t\t\t" . '</div>';
            foreach ($fields as $field) {
                $ind = wfu_create_random_string(4);
                $key = $attr . "_" . $ind;
                $fielddef = $fielddefs[$field["type"]];
                $echo_str .= $dlp . "\t\t\t" . '<div id="wfu_formfield_' . $key . '_container" class="wfu_formdata_line_container">';
                //generate html elements from template, replacing variables where applicable
                $from_template = str_replace(array('[[key]]', '[[t]]', '[[label]]', '[[s]]', '[[d]]', '[[l]]', '[[data_label]]', '[[g]]', '[[f]]', '[[p]]'), array($key, $field['type'], $field['label'], $field['labelposition'], $field['default'], $field['data'], $fielddef['data_label'], $field['group'], $field['format'], $field['hintposition']), $template);
                foreach ($fieldprops_basic as $prop) {
                    $from_template = str_replace('[[' . $prop . '_hint]]', str_replace('\\r\\n', "\r\n", $fielddef[$prop . '_hint']), $from_template);
                }
                foreach ($fielddefs as $item) {
                    $from_template = str_replace('[[type_' . $item['type'] . '_selected]]', $item['type'] == $field['type'] ? ' selected = "selected"' : '', $from_template);
                }
                foreach ($labelpositions as $pos) {
                    $from_template = str_replace('[[labelposition_' . $pos . '_selected]]', $pos == $field['labelposition'] ? ' selected = "selected"' : '', $from_template);
                }
                foreach ($hintpositions as $pos) {
                    $from_template = str_replace('[[hintposition_' . $pos . '_selected]]', $pos == $field['hintposition'] ? ' selected = "selected"' : '', $from_template);
                }
                $from_template = str_replace('[[remove_disabled]]', count($fields) <= 1 ? ' wfu_formdata_action_disabled' : '', $from_template);
                //adjust checkbox field values
                $from_template = preg_replace('/\\[\\[r\\-\\>\\]\\]' . ($field['required'] ? '|' : '.*') . '\\[\\[\\<\\-r\\]\\]/', '', $from_template);
                $from_template = preg_replace('/\\[\\[a\\-\\>\\]\\]' . ($field['donotautocomplete'] ? '|' : '.*') . '\\[\\[\\<\\-a\\]\\]/', '', $from_template);
                $from_template = preg_replace('/\\[\\[v\\-\\>\\]\\]' . ($field['validate'] ? '|' : '.*') . '\\[\\[\\<\\-v\\]\\]/', '', $from_template);
                $from_template = preg_replace('/\\[\\[h\\-\\>\\]\\]' . ($field['typehook'] ? '|' : '.*') . '\\[\\[\\<\\-h\\]\\]/', '', $from_template);
                //adjust visibility of properties
                $from_template = preg_replace('/\\[\\[R\\-\\>\\]\\]' . (substr($fielddef["required"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-R\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[A\\-\\>\\]\\]' . (substr($fielddef["donotautocomplete"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-A\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[V\\-\\>\\]\\]' . (substr($fielddef["validate"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-V\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[P\\-\\>\\]\\]' . (substr($fielddef["hintposition"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-P\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[H\\-\\>\\]\\]' . (substr($fielddef["typehook"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-H\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[D\\-\\>\\]\\]' . (substr($fielddef["default"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-D\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[L\\-\\>\\]\\]' . (substr($fielddef["data"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-L\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[G\\-\\>\\]\\]' . (substr($fielddef["group"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-G\\]\\]/s', '', $from_template);
                $from_template = preg_replace('/\\[\\[F\\-\\>\\]\\]' . (substr($fielddef["format"], 0, 4) == "show" ? '|' : '.*') . '\\[\\[\\<\\-F\\]\\]/s', '', $from_template);
                $echo_str .= $from_template;
                $echo_str .= $dlp . "\t\t\t" . '</div>';
            }
            $echo_str .= $dlp . "\t\t" . '</div>';
        } elseif ($def['type'] == "color") {
            $val = str_replace(array("%n%", "%dq%", "%brl%", "%brr%"), array("\n", "&quot;", "[", "]"), $def['value']);
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" class="wfu_color_field" value="' . $val . '" />';
        } elseif ($def['type'] == "color-triplet") {
            $triplet = explode(",", $def['value']);
            foreach ($triplet as $key => $item) {
                $triplet[$key] = trim($item);
            }
            if (count($triplet) == 2) {
                $triplet = array($triplet[0], $triplet[1], "#000000");
            } elseif (count($triplet) == 1) {
                $triplet = array($triplet[0], "#FFFFFF", "#000000");
            } elseif (count($triplet) < 3) {
                $triplet = array("#000000", "#FFFFFF", "#000000");
            }
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Text Color</label><input id="wfu_attribute_' . $attr . '_color" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="' . $triplet[0] . '" /></div>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Background Color</label><input id="wfu_attribute_' . $attr . '_bgcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="' . $triplet[1] . '" /></div>';
            $echo_str .= $dlp . "\t\t" . '<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Border Color</label><input id="wfu_attribute_' . $attr . '_borcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="' . $triplet[2] . '" /></div>';
        } else {
            $echo_str .= $dlp . "\t\t" . '<input id="wfu_attribute_' . $attr . '" type="text" name="wfu_text_elements" value="' . $def['value'] . '" />';
            if ($def['variables'] != null) {
                $echo_str .= $dlp . wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_' . $attr);
            }
        }
        $echo_str .= $dlp . "\t" . '</div></td>';
        if ($def['parent'] == "") {
            $echo_str .= $dlp . "\t" . '<td style="position:relative; vertical-align:top; padding:0;"><div class="wfu_td_div">';
            $block_open = false;
        } else {
            $echo_str .= $dlp . '</tr>';
            $subblock_open = true;
        }
    }
    if ($subblock_open) {
        $echo_str .= "\n\t\t\t\t\t\t" . '</div>';
    }
    if ($block_open) {
        $echo_str .= "\n\t\t\t\t\t" . '</div></td>';
        $echo_str .= "\n\t\t\t\t" . '</tr>';
    }
    $echo_str .= "\n\t\t\t" . '</tbody>';
    $echo_str .= "\n\t\t" . '</table>';
    $echo_str .= "\n\t" . '</div>';
    $echo_str .= "\n\t" . '<div id="wfu_global_dialog_container" class="wfu_global_dialog_container">';
    $echo_str .= "\n\t" . '</div>';
    $handler = 'function() { wfu_Attach_Admin_Events(' . ($data == "" ? 'true' : 'false') . '); }';
    $echo_str .= "\n\t" . '<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", ' . $handler . ', false); } else if(window.attachEvent) { window.attachEvent("onload", ' . $handler . '); } else { window["onload"] = ' . $handler . '; }</script>';
    $echo_str .= "\n" . '</div>';
    //	$echo_str .= "\n\t".'<div style="margin-top:10px;">';
    //	$echo_str .= "\n\t\t".'<label>Final shortcode text</label>';
    //	$echo_str .= "\n\t".'</div>';
    echo $echo_str;
}
Esempio n. 6
0
function wfu_process_files($params, $method)
{
    $sid = $params["uploadid"];
    $sesid = session_id();
    $user = wp_get_current_user();
    if (0 == $user->ID) {
        $user_id = 0;
        $user_login = "******";
        $user_email = "";
        $is_admin = false;
    } else {
        $user_id = $user->ID;
        $user_login = $user->user_login;
        $user_email = $user->user_email;
        $is_admin = current_user_can('manage_options');
    }
    $plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
    $unique_id = sanitize_text_field($_POST['uniqueuploadid_' . $sid]);
    // determine if this routine is only for checking the file
    $only_check = isset($_POST['only_check']) ? $_POST['only_check'] == "1" : false;
    $suppress_admin_messages = $params["adminmessages"] != "true" || !$is_admin;
    $success_count = 0;
    $warning_count = 0;
    $error_count = 0;
    $default_colors = wfu_prepare_message_colors(WFU_VAR("WFU_DEFAULTMESSAGECOLORS"));
    $notify_only_filename_list = "";
    $notify_target_path_list = "";
    $notify_attachment_list = "";
    $uploadedfile = 'uploadedfile_' . $sid;
    $hiddeninput = 'hiddeninput_' . $sid;
    $allowed_patterns = explode(",", $params["uploadpatterns"]);
    foreach ($allowed_patterns as $key => $allowed_pattern) {
        $allowed_patterns[$key] = trim($allowed_pattern);
    }
    $userdata_fields = $params["userdata_fields"];
    foreach ($userdata_fields as $userdata_key => $userdata_field) {
        $userdata_fields[$userdata_key]["value"] = isset($_POST[$hiddeninput . '_userdata_' . $userdata_key]) ? strip_tags($_POST[$hiddeninput . '_userdata_' . $userdata_key]) : "";
    }
    $params_output_array["version"] = "full";
    $params_output_array["general"]['shortcode_id'] = $sid;
    $params_output_array["general"]['unique_id'] = $unique_id;
    $params_output_array["general"]['state'] = 0;
    $params_output_array["general"]['files_count'] = 0;
    $params_output_array["general"]['update_wpfilebase'] = "";
    $params_output_array["general"]['redirect_link'] = $params["redirect"] == "true" ? $params["redirectlink"] : "";
    $params_output_array["general"]['upload_finish_time'] = 0;
    $params_output_array["general"]['message'] = "";
    $params_output_array["general"]['message_type'] = "";
    $params_output_array["general"]['admin_messages']['wpfilebase'] = "";
    $params_output_array["general"]['admin_messages']['notify'] = "";
    $params_output_array["general"]['admin_messages']['redirect'] = "";
    $params_output_array["general"]['admin_messages']['other'] = "";
    $params_output_array["general"]['errors']['wpfilebase'] = "";
    $params_output_array["general"]['errors']['notify'] = "";
    $params_output_array["general"]['errors']['redirect'] = "";
    $params_output_array["general"]['color'] = $default_colors['color'];
    $params_output_array["general"]['bgcolor'] = $default_colors['bgcolor'];
    $params_output_array["general"]['borcolor'] = $default_colors['borcolor'];
    $params_output_array["general"]['notify_only_filename_list'] = "";
    $params_output_array["general"]['notify_target_path_list'] = "";
    $params_output_array["general"]['notify_attachment_list'] = "";
    $params_output_array["general"]['fail_message'] = "";
    $params_output_array["general"]['fail_admin_message'] = "";
    /* safe_output is a minimized version of params_output_array, that is passed as text, in case JSON parse fails
    	   its data are separated by semicolon (;) and are the following:
    		upload state: the upload state number
    		default colors: the default color, bgcolor and borcolor values, separated by comma(,)
    		file_count: the number of files processed
    		filedata: message type, header, message and admin message of each file, encoded and separated by comma (,) */
    $params_output_array["general"]['safe_output'] = "";
    /* js_script is javascript code that is executed after each file upload and is defined in wfu_after_file_upload action */
    $params_output_array["general"]['js_script'] = "";
    /* adjust $uploadedfile variable (holding file data) if this is a redirection caused because the browser of the user could not handle AJAX upload */
    if (isset($_FILES[$uploadedfile . '_redirected'])) {
        $uploadedfile .= '_redirected';
    }
    /* notify admin if this is a redirection caused because the browser of the user could not handle AJAX upload */
    $params_output_array["general"]['admin_messages']['other'] = $params['adminerrors'];
    if (isset($_FILES[$uploadedfile]['error']) || $only_check) {
        $files_count = 1;
        // in case of checking of file, then the $_FILES variable has not been set because no file has been uploaded,
        // so we set it manually in order to allow the routine to continue
        if ($only_check) {
            $_FILES[$uploadedfile]['name'] = wfu_plugin_decode_string($_POST[$uploadedfile . '_name']);
            $_FILES[$uploadedfile]['type'] = 'any';
            $_FILES[$uploadedfile]['tmp_name'] = 'any';
            $_FILES[$uploadedfile]['error'] = '';
            $_FILES[$uploadedfile]['size'] = $_POST[$uploadedfile . '_size'];
        }
    } else {
        $files_count = 0;
    }
    $params_output_array["general"]['files_count'] = $files_count;
    // index of uploaded file in case of ajax uploads (in ajax uploads only one file is uploaded in every ajax call)
    // the index is used to store any file data in session variables, in case the file is uploaded in two or more passes
    // (like the case were in the first pass it is only checked)
    $single_file_index = isset($_POST[$uploadedfile . '_index']) ? $_POST[$uploadedfile . '_index'] : -1;
    /* append userdata fields to upload path */
    $search = array();
    $replace = array();
    foreach ($userdata_fields as $userdata_key => $userdata_field) {
        $ind = 1 + $userdata_key;
        array_push($search, '/%userdata' . $ind . '%/');
        array_push($replace, $userdata_field["value"]);
    }
    $params["uploadpath"] = preg_replace($search, $replace, $params["uploadpath"]);
    /* append subfolder name to upload path */
    if ($params["askforsubfolders"] == "true") {
        if ($params["subfoldertree"] == "auto+" && $params['subdir_selection_index'] != '') {
            if (substr($params["uploadpath"], -1, 1) == "/") {
                $params["uploadpath"] .= $params['subdir_selection_index'];
            } else {
                $params["uploadpath"] .= '/' . $params['subdir_selection_index'];
            }
        } elseif ($params["subfoldertree"] != "auto+" && $params['subdir_selection_index'] >= 1) {
            if (substr($params["uploadpath"], -1, 1) == "/") {
                $params["uploadpath"] .= $params['subfoldersarray'][$params['subdir_selection_index']];
            } else {
                $params["uploadpath"] .= '/' . $params['subfoldersarray'][$params['subdir_selection_index']];
            }
        }
    }
    if ($files_count == 1) {
        foreach ($_FILES[$uploadedfile] as $key => $prop) {
            $fileprops[$key] = $prop;
        }
        $upload_path_ok = false;
        $allowed_file_ok = false;
        $size_file_ok = false;
        $size_file_phpenv_ok = true;
        $ignore_server_actions = false;
        $file_output['color'] = $default_colors['color'];
        $file_output['bgcolor'] = $default_colors['bgcolor'];
        $file_output['borcolor'] = $default_colors['borcolor'];
        $file_output['header'] = "";
        $file_output['message'] = "";
        $file_output['message_type'] = "";
        $file_output['admin_messages'] = "";
        $file_output['uploaded_file_props'] = "";
        $fileid = -1;
        // determine if file data have been saved to session variables, due to a previous pass of this file
        $file_map = "filedata_" . $unique_id . "_" . $single_file_index;
        // retrieve unique id of the file, used in filter actions for identifying each separate file
        $file_unique_id = isset($_SESSION[$file_map]) ? $_SESSION[$file_map]['file_unique_id'] : '';
        $filedata_previously_defined = $file_unique_id != '';
        /* generate unique id for each file for use in filter actions if it has not been previously defined */
        if (!$filedata_previously_defined) {
            $file_unique_id = wfu_create_random_string(20);
        }
        /* Get uploaded file size in Mbytes */
        // correct file size in case of checking of file otherwise $upload_file_size will be zero and the routine will fail
        if ($only_check) {
            $upload_file_size = $fileprops['size'];
            if ($upload_file_size == 0) {
                $upload_file_size++;
            }
        } else {
            $upload_file_size = filesize($fileprops['tmp_name']);
            if ($upload_file_size == 0 && file_exists($fileprops['tmp_name']) && $fileprops['error'] == 0) {
                $upload_file_size++;
            }
        }
        $upload_file_size_MB = $upload_file_size / 1024 / 1024;
        $only_filename = $fileprops['name'];
        $target_path = wfu_upload_plugin_full_path($params) . $only_filename;
        if ($upload_file_size > 0) {
            /* Section to perform filter action wfu_before_file_check before file is checked in order to perform
               any filename or userdata modifications or reject the upload of the file by setting error_message item
               of $ret_data array to a non-empty value */
            $filter_error_message = '';
            $filter_admin_message = '';
            if ($file_unique_id != '' && !$filedata_previously_defined) {
                /* store file data and upload result to filemap session array 
                   for use by after_upload filters */
                if (!isset($_SESSION["filedata_" . $unique_id])) {
                    $_SESSION["filedata_" . $unique_id] = array();
                }
                $real_file_index = $single_file_index;
                if ($single_file_index == -1) {
                    $real_file_index = $i;
                }
                // get correct file size
                if ($only_check) {
                    $filesize = $fileprops['size'];
                } else {
                    $filesize = filesize($fileprops['tmp_name']);
                }
                $_SESSION["filedata_" . $unique_id][$real_file_index] = array("file_unique_id" => $file_unique_id, "original_filename" => $only_filename, "filesize" => $filesize);
                // prepare parameters for wfu_before_file_check filter
                $changable_data['file_path'] = $target_path;
                $changable_data['user_data'] = $userdata_fields;
                $changable_data['error_message'] = $filter_error_message;
                $changable_data['admin_message'] = $filter_admin_message;
                $additional_data['shortcode_id'] = $sid;
                $additional_data['file_unique_id'] = $file_unique_id;
                $additional_data['file_size'] = $filesize;
                $additional_data['user_id'] = $user->ID;
                $additional_data['page_id'] = $params["pageid"];
                $ret_data = apply_filters('wfu_before_file_check', $changable_data, $additional_data);
                $target_path = $ret_data['file_path'];
                $only_filename = wfu_basename($target_path);
                $userdata_fields = $ret_data['user_data'];
                $filter_error_message = $ret_data['error_message'];
                $filter_admin_message = $ret_data['admin_message'];
                // if this is a file check, which means that a second pass of the file will follow, then we do not want to
                // apply the filters again, so we store the changable data to session variables for this specific file
                if ($only_check) {
                    $_SESSION[$file_map]['file_unique_id'] = $file_unique_id;
                    $_SESSION[$file_map]['filepath'] = $target_path;
                    $_SESSION[$file_map]['userdata'] = $userdata_fields;
                }
            }
            // if this is a second pass of the file, because a first pass with file checking was done before, then retrieve
            // file data that may have previously changed because of application of filters
            if ($filedata_previously_defined) {
                $target_path = $_SESSION[$file_map]['filepath'];
                $only_filename = wfu_basename($target_path);
                $userdata_fields = $_SESSION[$file_map]['userdata'];
            }
            if ($filter_error_message != '') {
                //errorabort flag designates that file will be aborted and no resuming will be attempted
                $file_output['message_type'] = "errorabort";
                $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $filter_error_message);
                if ($filter_admin_message != '') {
                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $filter_admin_message);
                }
            } else {
                /* generate safe filename by removing invalid characters if forcefilename is deactivated */
                if ($params['forcefilename'] != "true") {
                    $only_filename = wfu_upload_plugin_clean($only_filename);
                    //reconstruct target_path
                    $target_path = wfu_basedir($target_path) . $only_filename;
                }
                /* if medialink or postlink is activated then the target path becomes the current wordpress upload folder */
                if ($params["medialink"] == "true" || $params["postlink"] == "true") {
                    $mediapath = wp_upload_dir();
                    $target_path = $mediapath['path'] . '/' . $only_filename;
                }
                /* Check if upload path exist */
                if (is_dir(wfu_basedir($target_path))) {
                    $upload_path_ok = true;
                } else {
                    if ($params["createpath"] == "true") {
                        $wfu_create_directory_ret = wfu_create_directory(wfu_basedir($target_path), $params["accessmethod"], $params["ftpinfo"]);
                        if ($wfu_create_directory_ret != "") {
                            $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_create_directory_ret);
                        }
                        if (is_dir(wfu_basedir($target_path))) {
                            $upload_path_ok = true;
                        }
                    }
                }
                /* File name control, reject files with .php, .js (and other) extensions for security reasons.
                   This is the first pass of extension control, which only checks the filename.
                   A second pass is performed after the file has completely uploaded, using WP inherent file
                   extension control, which provides better security. */
                if (!wfu_file_extension_restricted(strtolower($only_filename))) {
                    foreach ($allowed_patterns as $allowed_pattern) {
                        if (wfu_upload_plugin_wildcard_match($allowed_pattern, $only_filename)) {
                            $allowed_file_ok = true;
                            break;
                        }
                    }
                }
                /* File size control */
                if ($upload_file_size_MB <= $params["maxsize"]) {
                    if ($params['php_env'] == '32bit' && $upload_file_size > 2147483647) {
                        $size_file_phpenv_ok = false;
                    } else {
                        $size_file_ok = true;
                    }
                }
                if (!$upload_path_ok or !$allowed_file_ok or !$size_file_ok) {
                    //abort the file, no resuming will be attempted
                    $file_output['message_type'] = "errorabort";
                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UPLOAD_FAILED);
                    if (!$upload_path_ok) {
                        $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_EXIST);
                    }
                    if (!$allowed_file_ok) {
                        $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_ALLOW);
                    }
                    if (!$size_file_ok) {
                        if ($size_file_phpenv_ok) {
                            $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_PLUGIN_SIZE);
                        } else {
                            $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_PLUGIN_2GBSIZE);
                        }
                    }
                }
            }
        } else {
            // This block is executed when there is an error
            $upload_error = $fileprops['error'];
            if ($upload_error == 1) {
                $message_text = WFU_ERROR_FILE_PHP_SIZE;
                $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_PHP_SIZE);
            } elseif ($upload_error == 2) {
                $message_text = WFU_ERROR_FILE_HTML_SIZE;
            } elseif ($upload_error == 3) {
                $message_text = WFU_ERROR_FILE_PARTIAL;
            } elseif ($upload_error == 4) {
                $message_text = WFU_ERROR_FILE_NOTHING;
            } elseif ($upload_error == 6) {
                $message_text = WFU_ERROR_DIR_NOTEMP;
            } elseif ($upload_error == 7) {
                $message_text = WFU_ERROR_FILE_WRITE;
            } elseif ($upload_error == 8) {
                $message_text = WFU_ERROR_UPLOAD_STOPPED;
            } else {
                $upload_time_limit = ini_get("max_input_time");
                $params_output_array["general"]['upload_finish_time'] = $params["upload_start_time"] + $upload_time_limit * 1000;
                $message_text = WFU_ERROR_FILE_PHP_TIME;
                $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_PHP_TIME);
            }
            //error (and not errorabort) flag designates that a resuming of the file may be attempted
            $file_output['message_type'] = "error";
            $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $message_text);
        }
        $message_processed = false;
        //		if ( $upload_path_ok and $allowed_file_ok and $size_file_ok ) {
        if (substr($file_output['message_type'], 0, 5) != "error") {
            if (is_uploaded_file($fileprops['tmp_name']) || $only_check) {
                $source_path = $fileprops['tmp_name'];
                if ($only_check || $ignore_server_actions) {
                    $file_copied = true;
                } else {
                    $file_copied = false;
                    if ($source_path) {
                        $file_exists = file_exists($target_path);
                        if (!$file_exists || $params["dublicatespolicy"] == "" || $params["dublicatespolicy"] == "overwrite") {
                            //redirect echo in internal buffer to receive and process any unwanted warning messages from wfu_upload_file
                            ob_start();
                            ob_clean();
                            /* Apply wfu_before_file_upload filter right before the upload, in order to allow the user to change the file name.
                               If additional data are required, such as user_id or userdata values, they can be retrieved by implementing the
                               previous filter wfu_before_file_check, corresponding them to the unique file id */
                            if ($file_unique_id != '') {
                                $target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
                            }
                            //recalculate $only_filename in case it changed with wfu_before_file_upload filter
                            $only_filename = wfu_basename($target_path);
                            //move the uploaded file to its final destination
                            $wfu_upload_file_ret = wfu_upload_file($source_path, $target_path, $params["accessmethod"], $params["ftpinfo"], $params["ftppassivemode"], $params["ftpfilepermissions"]);
                            $file_copied = $wfu_upload_file_ret["uploaded"];
                            //process warning messages from wfu_upload_file
                            $echo_message = ob_get_contents();
                            //finish redirecting of echo to internal buffer
                            ob_end_clean();
                            if ($echo_message != "" && !$file_copied) {
                                //error (and not errorabort) flag designates that file may be resumed
                                $file_output['message_type'] = "error";
                                if (stristr($echo_message, "warning") && stristr($echo_message, "permission denied") && stristr($echo_message, "unable to move")) {
                                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_PERMISSION);
                                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_DIR_PERMISSION);
                                } else {
                                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_MOVE);
                                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], strip_tags($echo_message));
                                }
                                $message_processed = true;
                            }
                            if ($wfu_upload_file_ret["admin_message"] != "") {
                                $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_upload_file_ret["admin_message"]);
                            }
                        } else {
                            if ($file_exists && $params["dublicatespolicy"] == "maintain both") {
                                $full_path = wfu_basedir($target_path);
                                $name_part = $only_filename;
                                $ext_part = "";
                                $dot_pos = strrpos($name_part, ".");
                                if ($dot_pos) {
                                    $ext_part = substr($name_part, $dot_pos);
                                    $name_part = substr($name_part, 0, $dot_pos);
                                }
                                if ($params["uniquepattern"] != "datetimestamp") {
                                    $unique_ind = 1;
                                    do {
                                        $unique_ind += 1;
                                        $only_filename = $name_part . "(" . $unique_ind . ")" . $ext_part;
                                        $target_path = $full_path . $only_filename;
                                    } while (file_exists($target_path));
                                } else {
                                    $current_datetime = gmdate("U") - 1;
                                    do {
                                        $current_datetime += 1;
                                        $only_filename = $name_part . "-" . gmdate("YmdHis", $current_datetime) . $ext_part;
                                        $target_path = $full_path . $only_filename;
                                    } while (file_exists($target_path));
                                }
                                //redirect echo in internal buffer to receive and process any unwanted warning messages from move_uploaded_file
                                ob_start();
                                ob_clean();
                                /* Apply wfu_before_file_upload filter right before the upload, in order to allow the user to change the file name.
                                   If additional data are required, such as user_id or userdata values, they can be retrieved by implementing the
                                   previous filter wfu_before_file_check, corresponding them to the unique file id */
                                if ($file_unique_id != '') {
                                    $target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
                                }
                                //recalculate $only_filename in case it changed with wfu_before_file_upload filter
                                $only_filename = wfu_basename($target_path);
                                //move the uploaded file to its final destination
                                $wfu_upload_file_ret = wfu_upload_file($source_path, $target_path, $params["accessmethod"], $params["ftpinfo"], $params["ftppassivemode"], $params["ftpfilepermissions"]);
                                $file_copied = $wfu_upload_file_ret["uploaded"];
                                //process warning messages from move_uploaded_file
                                $echo_message = ob_get_contents();
                                //finish redirecting of echo to internal buffer
                                ob_end_clean();
                                if ($echo_message != "" && !$file_copied) {
                                    //error (and not errorabort) flag designates that file may be resumed
                                    $file_output['message_type'] = "error";
                                    if (stristr($echo_message, "warning") && stristr($echo_message, "permission denied") && stristr($echo_message, "unable to move")) {
                                        $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_DIR_PERMISSION);
                                        $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_DIR_PERMISSION);
                                    } else {
                                        $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_MOVE);
                                        $file_output['admin_messages'] = wfu_join_strings("<br />n", $file_output['admin_messages'], strip_tags($echo_message));
                                    }
                                    $message_processed = true;
                                }
                                if ($wfu_upload_file_ret["admin_message"] != "") {
                                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $wfu_upload_file_ret["admin_message"]);
                                }
                            } else {
                                //abort the file and do not allow resuming
                                $file_output['message_type'] = "errorabort";
                                $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_WARNING_FILE_EXISTS);
                                $message_processed = true;
                                $file_copied = false;
                            }
                        }
                    }
                }
                if ($file_copied) {
                    /* prepare email notification parameters if email notification is enabled */
                    if ($params["notify"] == "true" && !$only_check) {
                        $notify_only_filename_list .= ($notify_only_filename_list == "" ? "" : ", ") . $only_filename;
                        $notify_target_path_list .= ($notify_target_path_list == "" ? "" : ", ") . $target_path;
                        if ($params["attachfile"] == "true") {
                            $notify_attachment_list .= ($notify_attachment_list == "" ? "" : ",") . $target_path;
                        }
                    }
                    /* prepare redirect link if redirection is enabled */
                    if ($params["redirect"] == "true") {
                        /* Define dynamic redirect link from variables */
                        $search = array('/%filename%/', '/%username%/');
                        $replace = array($only_filename, $user_login);
                        $params_output_array["general"]['redirect_link'] = trim(preg_replace($search, $replace, $params["redirectlink"]));
                    }
                    if (!$message_processed) {
                        $file_output['message_type'] = "success";
                    }
                } else {
                    if (!$message_processed) {
                        //abort the file and do not allow resuming
                        $file_output['message_type'] = "errorabort";
                        $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
                    }
                }
                /* Delete temporary file (in tmp directory) */
                //				unlink($source_path);
            } else {
                //abort the file and do not allow resuming
                $file_output['message_type'] = "errorabort";
                $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
            }
        }
        /* last check of output file status */
        if ($file_output['message_type'] == "") {
            if ($file_copied) {
                $file_output['message_type'] = "success";
            } else {
                //abort the file and do not allow resuming
                $file_output['message_type'] = "errorabort";
                $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_UNKNOWN);
            }
        }
        /* suppress any admin messages if user is not administrator or adminmessages is not activated */
        if ($suppress_admin_messages) {
            $file_output['admin_messages'] = "";
        }
        /* set file status to "warning" if the file has been uploaded but there are messages */
        if ($file_output['message_type'] == "success") {
            if ($file_output['message'] != "" || $file_output['admin_messages'] != "") {
                $file_output['message_type'] = "warning";
            }
        }
        /* set success status of the file, to be used for medialink and post actions */
        $file_finished_successfully = !$only_check && ($file_output['message_type'] == "success" || $file_output['message_type'] == "warning");
        /* set non-success status of the file, to be used for medialink and post actions */
        $file_finished_unsuccessfully = substr($file_output['message_type'], 0, 5) == "error";
        /* perform custom actions after file is completely uploaded in order to determine if file is valid ir not */
        if ($file_finished_successfully && !$ignore_server_actions) {
            /* Here the second pass of file extension control is performed after the file has completely
               uploaded, using WP inherent functions that determine the real extension from analyzing the
               data and not from the filename extension. If this check reveals an extension which is not
               permitted then the file will be rejected and erased. If the real extension is different
               than the original one but it is permitted, then the file will remain as it is but a warning
               message will notify the user that the extension of the file does not match its contents. */
            $check = wp_check_filetype_and_ext($target_path, $only_filename, false);
            if ($check['proper_filename'] !== false) {
                $proper_filename = $check['proper_filename'];
                if (wfu_file_extension_restricted(strtolower($only_filename))) {
                    $file_finished_successfully = false;
                    $file_finished_unsuccessfully = true;
                    unlink($target_path);
                    $file_output['message_type'] = "errorabort";
                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_ERROR_FILE_REJECT);
                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_ERROR_ADMIN_FILE_WRONGEXT . $check['proper_filename']);
                } else {
                    $file_output['message_type'] = "warning";
                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], WFU_WARNING_FILE_SUSPICIOUS);
                    $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], WFU_WARNING_ADMIN_FILE_SUSPICIOUS . $check['proper_filename']);
                }
            }
            // run any wfu_after_file_loaded filters to make any last file checks and accept or reject it
            if ($file_finished_successfully) {
                $filter_error_message = '';
                $filter_admin_message = '';
                $changable_data['error_message'] = $filter_error_message;
                $changable_data['admin_message'] = $filter_admin_message;
                $additional_data['file_unique_id'] = $file_unique_id;
                $additional_data['file_path'] = $target_path;
                $additional_data['shortcode_id'] = $sid;
                $ret_data = apply_filters('wfu_after_file_loaded', $changable_data, $additional_data);
                //this is a call to wfu_after_file_complete filters, which is
                //the old name of wfu_after_file_loaded filters, for maintaining
                //backward compatibility
                $ret_data = apply_filters('wfu_after_file_complete', $changable_data, $additional_data);
                $filter_error_message = $ret_data['error_message'];
                $filter_admin_message = $ret_data['admin_message'];
                if ($filter_error_message != '') {
                    $file_finished_successfully = false;
                    $file_finished_unsuccessfully = true;
                    unlink($target_path);
                    $file_output['message_type'] = "errorabort";
                    $file_output['message'] = wfu_join_strings("<br />", $file_output['message'], $filter_error_message);
                    if ($filter_admin_message != '') {
                        $file_output['admin_messages'] = wfu_join_strings("<br />", $file_output['admin_messages'], $filter_admin_message);
                    }
                }
            }
        }
        /* adjust message details and colors according to file result */
        /* FileResult: A */
        $search = array('/%username%/', '/%useremail%/', '/%filename%/', '/%filepath%/');
        $replace = array($user_login, $user_email == "" ? "no email" : $user_email, $only_filename, $target_path);
        if ($file_output['message_type'] == "success") {
            $success_count++;
            $color_array = explode(",", $params['successmessagecolors']);
            $file_output['color'] = $color_array[0];
            $file_output['bgcolor'] = $color_array[1];
            $file_output['borcolor'] = $color_array[2];
            $file_output['header'] = preg_replace($search, $replace, $params['successmessage']);
            /* prepare details of successful file upload, visible only to administrator */
            $file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_SUCCESSMESSAGE_DETAILS), $file_output['admin_messages']);
        } elseif ($file_output['message_type'] == "warning") {
            $warning_count++;
            $color_array = explode(",", $params['warningmessagecolors']);
            $file_output['color'] = $color_array[0];
            $file_output['bgcolor'] = $color_array[1];
            $file_output['borcolor'] = $color_array[2];
            $file_output['header'] = preg_replace($search, $replace, $params['warningmessage']);
            /* prepare and prepend details of successful file upload, visible only to administrator */
            $file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_SUCCESSMESSAGE_DETAILS), $file_output['admin_messages']);
        } elseif (substr($file_output['message_type'], 0, 5) == "error") {
            $error_count++;
            $color_array = explode(",", $params['failmessagecolors']);
            $file_output['color'] = $color_array[0];
            $file_output['bgcolor'] = $color_array[1];
            $file_output['borcolor'] = $color_array[2];
            $replace = array($user_login, $user_email == "" ? "no email" : $user_email, $only_filename, $target_path);
            $file_output['header'] = preg_replace($search, $replace, $params['errormessage']);
            /* prepare and prepend details of failed file upload, visible only to administrator */
            $file_output['admin_messages'] = wfu_join_strings("<br />", preg_replace($search, $replace, WFU_FAILMESSAGE_DETAILS), $file_output['admin_messages']);
        }
        /* suppress again any admin messages if user is not administrator or adminmessages is not activated */
        if ($suppress_admin_messages) {
            $file_output['admin_messages'] = "";
        }
        $params_output_array[0] = $file_output;
        if ($file_unique_id != '' && $file_finished_unsuccessfully && !$ignore_server_actions) {
            /* Apply wfu_after_file_upload filter after failed upload, in order to allow the user to perform any post-upload actions.
               If additional data are required, such as user_id or userdata values or filepath, they can be retrieved by implementing
               the previous filters wfu_before_file_check and wfu_before_file_upload, corresponding them to the unique file id.
               This actions allows to define custom javascript code to run after each file finishes (either succeeded or failed).
               For backward compatibility, the wfu_after_file_upload action that was implemented in previous version of the plugin
               still remains. */
            $changable_data['ret_value'] = null;
            $changable_data['js_script'] = '';
            $additional_data['shortcode_id'] = $sid;
            $additional_data['file_unique_id'] = $file_unique_id;
            $additional_data['upload_result'] = $file_output['message_type'];
            $additional_data['error_message'] = $file_output['message'];
            $additional_data['admin_messages'] = $file_output['admin_messages'];
            $ret_data = apply_filters('wfu_after_file_upload', $changable_data, $additional_data);
            $params_output_array["general"]['js_script'] = $ret_data['js_script'];
            //			do_action('wfu_after_file_upload', $file_unique_id, $file_output['message_type'], $file_output['message'], $file_output['admin_messages']);
        }
        if ($file_finished_successfully && !$ignore_server_actions) {
            /* log file upload action if file has finished uploading successfully */
            $fileid = wfu_log_action('upload', $target_path, $user->ID, $unique_id, $params['pageid'], $params['blogid'], $sid, $userdata_fields);
            /* Apply wfu_after_file_upload filter after failed upload, in order to allow the user to perform any post-upload actions.
               If additional data are required, such as user_id or userdata values or filepath, they can be retrieved by implementing
               the previous filters wfu_before_file_check and wfu_before_file_upload, corresponding them to the unique file id.
               This actions allows to define custom javascript code to run after each file finishes (either suceeded or failed).
               For backward compatibility, the wfu_after_file_upload action that was implemented in previous version of the plugin
               still remains. */
            $changable_data['ret_value'] = null;
            $changable_data['js_script'] = '';
            $additional_data['shortcode_id'] = $sid;
            $additional_data['file_unique_id'] = $file_unique_id;
            $additional_data['upload_result'] = $file_output['message_type'];
            $additional_data['error_message'] = $file_output['message'];
            $additional_data['admin_messages'] = $file_output['admin_messages'];
            $ret_data = apply_filters('wfu_after_file_upload', $changable_data, $additional_data);
            $params_output_array["general"]['js_script'] = $ret_data['js_script'];
            //			do_action('wfu_after_file_upload', $file_unique_id, $file_output['message_type'], $file_output['message'], $file_output['admin_messages']);
        }
        /* add file to Media or attach file to current post if any of these options is activated and the file has finished uploading successfully */
        if (($params["medialink"] == "true" || $params["postlink"] == "true") && $file_finished_successfully && !$ignore_server_actions) {
            $pageid = $params["postlink"] == "true" ? $params['pageid'] : 0;
            wfu_process_media_insert($target_path, $pageid);
        }
        /* store final file data and upload result to filemap session array for
           use by after_upload filters */
        $real_file_index = $single_file_index;
        if ($single_file_index == -1) {
            $real_file_index = $i;
        }
        if (($file_finished_successfully || $file_finished_unsuccessfully) && isset($_SESSION["filedata_" . $unique_id][$real_file_index]) && !$ignore_server_actions) {
            $_SESSION["filedata_" . $unique_id][$real_file_index]["filepath"] = $target_path;
            $_SESSION["filedata_" . $unique_id][$real_file_index]["user_data"] = $userdata_fields;
            $_SESSION["filedata_" . $unique_id][$real_file_index]["upload_result"] = $file_output['message_type'];
            $_SESSION["filedata_" . $unique_id][$real_file_index]["message"] = $file_output['message'];
            $_SESSION["filedata_" . $unique_id][$real_file_index]["admin_messages"] = $file_output['admin_messages'];
        }
    }
    // in case of file check set files_count to 0 in order to denote that the file was not really uploaded
    if ($only_check) {
        $params_output_array["general"]['files_count'] = 0;
    }
    $somefiles_Ok = $warning_count + $success_count > 0;
    $allfiles_Ok = $somefiles_Ok && $error_count == 0;
    /* Prepare WPFileBase Plugin update url, if this option has been selected and only if at least one file has been successfully uploaded.
       Execution will happen only if accumulated $params_output_array["general"]['update_wpfilebase'] is not empty */
    if ($params["filebaselink"] == "true") {
        if ($somefiles_Ok) {
            $filebaseurl = site_url();
            if (substr($filebaseurl, -1, 1) == "/") {
                $filebaseurl = substr($filebaseurl, 0, strlen($filebaseurl) - 1);
            }
            /* if the following variable is not empty, then WPFileBase Plugin update must be executed
               and any admin messages must be suppressed */
            $params_output_array["general"]['update_wpfilebase'] = $filebaseurl;
        } else {
            $params_output_array["general"]['admin_messages']['wpfilebase'] = WFU_WARNING_WPFILEBASE_NOTUPDATED_NOFILES;
            $params_output_array["general"]['errors']['wpfilebase'] = "error";
        }
    }
    /* Prepare email notification parameters if email notification is enabled and only if at least one file has been successfully uploaded
       	if $method = "no-ajax" then send the email to the recipients 
       	if $method = "ajax" then return the notification parameters to the handler for further processing
       In case of ajax, execution will happen only if accumulated notify_only_filename_list is not empty */
    if ($params["notify"] == "true") {
        /* verify that there are recipients */
        $notifyrecipients = trim(preg_replace('/%useremail%/', $user_email, $params["notifyrecipients"]));
        if ($notifyrecipients != "") {
            if ($somefiles_Ok) {
                if ($method == 'no_ajax' && !$ignore_server_actions) {
                    $send_error = wfu_send_notification_email($user, $notify_only_filename_list, $notify_target_path_list, $notify_attachment_list, $userdata_fields, $params);
                    if ($send_error != "") {
                        $params_output_array["general"]['admin_messages']['notify'] = $send_error;
                        $params_output_array["general"]['errors']['notify'] = "error";
                    }
                } else {
                    /* if the following variable is not empty, then email notification must be sent
                       and any admin messages must be suppressed */
                    $params_output_array["general"]['notify_only_filename_list'] = $notify_only_filename_list;
                    $params_output_array["general"]['notify_target_path_list'] = $notify_target_path_list;
                    $params_output_array["general"]['notify_attachment_list'] = $notify_attachment_list;
                }
            } else {
                $params_output_array["general"]['admin_messages']['notify'] = WFU_WARNING_NOTIFY_NOTSENT_NOFILES;
                $params_output_array["general"]['errors']['notify'] = "error";
            }
        } else {
            $params_output_array["general"]['admin_messages']['notify'] = WFU_WARNING_NOTIFY_NOTSENT_NORECIPIENTS;
            $params_output_array["general"]['errors']['notify'] = "error";
        }
    }
    /* Prepare redirect link if redirection is enabled and only if all files have been successfully uploaded
       Execution will happen only if accumulated redirect_link is not empty and accumulated redirect errors are empty */
    if ($params["redirect"] == "true") {
        if ($params_output_array["general"]['redirect_link'] == "") {
            $params_output_array["general"]['admin_messages']['redirect'] = WFU_WARNING_REDIRECT_NOTEXECUTED_EMPTY;
            $params_output_array["general"]['errors']['redirect'] = "error";
        } elseif (!$allfiles_Ok) {
            $params_output_array["general"]['admin_messages']['redirect'] = WFU_WARNING_REDIRECT_NOTEXECUTED_FILESFAILED;
            $params_output_array["general"]['errors']['redirect'] = "error";
        }
    }
    /* suppress any admin messages if user is not administrator or adminmessages is not activated */
    if ($suppress_admin_messages) {
        $params_output_array["general"]['admin_messages']['wpfilebase'] = "";
        $params_output_array["general"]['admin_messages']['notify'] = "";
        $params_output_array["general"]['admin_messages']['redirect'] = "";
        $params_output_array["general"]['admin_messages']['other'] = "";
    }
    /* Calculate upload state from file results */
    if ($allfiles_Ok && $warning_count == 0) {
        $params_output_array["general"]['state'] = 4;
    } else {
        if ($allfiles_Ok) {
            $params_output_array["general"]['state'] = 5;
        } else {
            if ($somefiles_Ok) {
                $params_output_array["general"]['state'] = 6;
            } else {
                if (!$somefiles_Ok && $error_count > 0) {
                    $params_output_array["general"]['state'] = 7;
                } else {
                    $params_output_array["general"]['state'] = 8;
                }
            }
        }
    }
    /* construct safe output */
    $sout = $params_output_array["general"]['state'] . ";" . WFU_VAR("WFU_DEFAULTMESSAGECOLORS") . ";" . $files_count;
    for ($i = 0; $i < $files_count; $i++) {
        $sout .= ";" . wfu_plugin_encode_string($file_output['message_type']);
        $sout .= "," . wfu_plugin_encode_string($file_output['header']);
        $sout .= "," . wfu_plugin_encode_string($file_output['message']);
        $sout .= "," . wfu_plugin_encode_string($file_output['admin_messages']);
        $sout .= "," . $file_output['uploaded_file_props'];
    }
    $params_output_array["general"]['safe_output'] = $sout;
    return $params_output_array;
}
function wfu_ajax_action_download_file_invoker()
{
    $file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
    $nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
    if ($file_code == '' || $nonce == '') {
        die;
    }
    //security check to avoid CSRF attacks
    if (!wp_verify_nonce($nonce, 'wfu_download_file_invoker')) {
        die;
    }
    //check if user is allowed to download files
    if (!current_user_can('manage_options')) {
        die;
    }
    $file_code = wfu_sanitize_code($file_code);
    //if file_code is exportdata, then export of data has been requested and
    //we need to create a file with export data and recreate file_code
    if ($file_code == "exportdata" && current_user_can('manage_options')) {
        $filepath = wfu_export_uploaded_files(null);
        if ($filepath === false) {
            die;
        }
        $file_code = "exportdata" . wfu_safe_store_filepath($filepath);
    } else {
        $filepath = wfu_get_filepath_from_safe($file_code);
        if ($filepath === false) {
            die;
        }
        $filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
        //for front-end browser apply wfu_browser_check_file_action filter to allow or restrict the download
        if (isset($_POST['browser'])) {
            $changable_data["error_message"] = "";
            $filerec = wfu_get_file_rec($filepath, true);
            $userdata = array();
            foreach ($filerec->userdata as $data) {
                array_push($userdata, array("label" => $data->property, "value" => propvalue));
            }
            $additional_data = array("file_action" => "download", "filepath" => $filepath, "uploaduser" => $filerec->uploaduserid, "userdata" => $userdata);
            $changable_data = apply_filters("wfu_browser_check_file_action", $changable_data, $additional_data);
            if ($changable_data["error_message"] != "") {
                die('wfu_ajax_action_download_file_invoker:not_allowed:' . $changable_data["error_message"]);
            }
        }
        //for back-end browser check if user is allowed to perform this action on this file
        if (!wfu_current_user_owes_file($filepath)) {
            die;
        }
    }
    //generate download unique id to monitor this download
    $download_id = wfu_create_random_string(16);
    //store download status of this download
    $_SESSION['wfu_download_status_' . $download_id] = 'starting';
    //generate download ticket which expires in 30sec and store it in session
    //it will be used as security measure for the downloader script, which runs outside Wordpress environment
    $_SESSION['wfu_download_ticket_' . $download_id] = time() + 30;
    //generate download monitor ticket which expires in 30sec and store it in session
    //it will be used as security measure for the monitor script that will check download status
    $_SESSION['wfu_download_monitor_ticket_' . $download_id] = time() + 30;
    //this routine returns a dynamically created iframe element, that will call the actual download script;
    //the actual download script runs outside Wordpress environment in order to ensure that no php warnings
    //or echo from other plugins is generated, that could scramble the downloaded file;
    //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
    //by the time it is consumed by the download script, so it cannot be used again
    $response = '<iframe src="' . WFU_DOWNLOADER_URL . '?file=' . $file_code . '&ticket=' . $download_id . '" style="display: none;"></iframe>';
    die('wfu_ajax_action_download_file_invoker:wfu_download_id;' . $download_id . ':' . $response);
}
Esempio n. 8
0
function wfu_generate_current_params_index($shortcode_id, $user_login)
{
    global $post;
    $cur_index_str = '||' . $post->ID . '||' . $shortcode_id . '||' . $user_login;
    $cur_index_str_search = '\\|\\|' . $post->ID . '\\|\\|' . $shortcode_id . '\\|\\|' . $user_login;
    $index_str = get_option('wfu_params_index');
    $index = explode("&&", $index_str);
    foreach ($index as $key => $value) {
        if ($value == "") {
            unset($index[$key]);
        }
    }
    $index_match = preg_grep("/" . $cur_index_str_search . "\$/", $index);
    if (count($index_match) == 1) {
        foreach ($index_match as $key => $value) {
            if ($value == "") {
                unset($index_match[$key]);
            }
        }
    }
    if (count($index_match) <= 0) {
        $cur_index_rand = wfu_create_random_string(16);
        array_push($index, $cur_index_rand . $cur_index_str);
    } else {
        reset($index_match);
        $cur_index_rand = substr(current($index_match), 0, 16);
        if (count($index_match) > 1) {
            $index_match_keys = array_keys($index_match);
            for ($i = 1; $i < count($index_match); $i++) {
                $ii = $index_match_keys[$i];
                unset($index[array_search($index_match[$ii], $index, true)]);
            }
        }
    }
    if (count($index_match) != 1) {
        $index_str = implode("&&", $index);
        update_option('wfu_params_index', $index_str);
    }
    return $cur_index_rand;
}