function wfu_ajax_action_download_file_monitor()
{
$file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : '');
if ($file_enc == '' || $id == '') {
die;
}
//ensure that this is not a CSRF attack by checking validity of a security ticket
if (!isset($_SESSION['wfu_download_monitor_ticket_' . $id]) || time() > $_SESSION['wfu_download_monitor_ticket_' . $id]) {
die;
}
//destroy monitor ticket so it cannot be used again
unset($_SESSION['wfu_download_monitor_ticket_' . $id]);
//initiate loop of 30secs to check the download status of the file;
//the download status is controlled by the actual download script;
//if the file finishes within the 30secs of the loop, then this routine logs the action and notifies
//the client side about the download status of the file, otherwise an instruction
//to the client side to repeat this routine and wait for another 30secs is dispatched
$end_time = time() + 30;
$upload_ended = false;
while (time() < $end_time) {
$upload_ended = isset($_SESSION['wfu_download_status_' . $id]) ? $_SESSION['wfu_download_status_' . $id] == 'downloaded' || $_SESSION['wfu_download_status_' . $id] == 'failed' ? true : false : false;
if ($upload_ended) {
break;
}
usleep(100);
}
if ($upload_ended) {
$user = wp_get_current_user();
// $filepath = wfu_plugin_decode_string($file_code);
$filepath = wfu_get_filepath_from_safe($file_code);
if ($filepath === false) {
die;
}
$filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
wfu_log_action('download', $filepath, $user->ID, '', 0, 0, '', null);
die('wfu_ajax_action_download_file_monitor:' . $_SESSION['wfu_download_status_' . $id] . ':');
} else {
//regenerate monitor ticket
$_SESSION['wfu_download_monitor_ticket_' . $id] = time() + 30;
die('wfu_ajax_action_download_file_monitor:repeat:' . $id);
}
}
function wfu_download_file()
{
$file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$ticket = isset($_POST['ticket']) ? $_POST['ticket'] : (isset($_GET['ticket']) ? $_GET['ticket'] : '');
if ($file_code == '' || $ticket == '') {
die;
}
//if download ticket does not exist or is expired die
if (!isset($_SESSION['wfu_download_ticket_' . $ticket]) || time() > $_SESSION['wfu_download_ticket_' . $ticket]) {
die;
}
//destroy ticket so it cannot be used again
unset($_SESSION['wfu_download_ticket_' . $ticket]);
// $filepath = wfu_plugin_decode_string($file_code);
$filepath = wfu_get_filepath_from_safe($file_code);
if ($filepath === false) {
die;
}
$filepath = wfu_flatten_path($filepath);
if (substr($filepath, 0, 1) == "/") {
$filepath = substr($filepath, 1);
}
$filepath = substr($filepath, 0, 6) == 'ftp://' || substr($filepath, 0, 7) == 'ftps://' || substr($filepath, 0, 7) == 'sftp://' ? $filepath : $_SESSION['wfu_ABSPATH'] . $filepath;
//reject download of php files for security reasons
if (wfu_file_extension_restricted($filepath)) {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! File is forbidden for security reasons.");</script>');
}
//check that file exists
if (!file_exists($filepath)) {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! File does not exist.' . $filepath . '");</script>');
}
//get mime type
set_time_limit(0);
// disable the time limit for this script
$fsize = filesize($filepath);
$path_parts = pathinfo($filepath);
if ($fd = @fopen($filepath, "rb")) {
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"" . $path_parts["basename"] . "\"");
header('Content-Transfer-Encoding: binary');
header('Connection: Keep-Alive');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header("Content-length: {$fsize}");
$failed = false;
while (!feof($fd)) {
$buffer = @fread($fd, 1024 * 8);
echo $buffer;
ob_flush();
flush();
if (connection_status() != 0) {
$failed = true;
break;
}
}
fclose($fd);
} else {
$failed = true;
}
if (!$failed) {
$_SESSION['wfu_download_status_' . $ticket] = 'downloaded';
die;
} else {
$_SESSION['wfu_download_status_' . $ticket] = 'failed';
die('<script language="javascript">alert("Error! Could not download file.");</script>');
}
}
function wfu_ajax_action_include_file()
{
$file_code = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : '');
$nonce = isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : '');
if ($file_code == '' || $nonce == '') {
die;
}
if (!current_user_can('manage_options')) {
die;
}
//security check to avoid CSRF attacks
if (!wp_verify_nonce($nonce, 'wfu_include_file')) {
die;
}
$plugin_options = wfu_decode_plugin_options(get_option("wordpress_file_upload_options"));
if ($plugin_options['includeotherfiles'] != "1") {
die;
}
$file_code = wfu_sanitize_code($file_code);
$dec_file = wfu_get_filepath_from_safe($file_code);
if ($dec_file === false) {
die;
}
$user = wp_get_current_user();
$dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
$fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
if ($fileid !== false) {
die("wfu_include_file:success:" . $fileid);
} else {
die("wfu_include_file:fail:");
}
}
function wfu_edit_filedetails($file_code)
{
global $wpdb;
$table_name2 = $wpdb->prefix . "wfu_userdata";
$user = wp_get_current_user();
$is_admin = current_user_can('manage_options');
//check if user is allowed to view file details
if (!$is_admin) {
return;
}
$file_code = wfu_sanitize_code($file_code);
$dec_file = wfu_get_filepath_from_safe($file_code);
if ($dec_file === false) {
return;
}
$dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
//check if user is allowed to perform this action
if (!wfu_current_user_owes_file($dec_file)) {
return;
}
//get file data from database with user data
$filedata = wfu_get_file_rec($dec_file, true);
if ($filedata == null) {
return;
}
if (isset($_POST['submit'])) {
if ($_POST['submit'] == "Update") {
//check for errors
$is_error = false;
foreach ($filedata->userdata as $userdata) {
if (!isset($_POST['wfu_filedetails_userdata_' . $userdata->propkey])) {
$is_error = true;
break;
}
}
if (!$is_error) {
$now_date = date('Y-m-d H:i:s');
$userdata_count = 0;
foreach ($filedata->userdata as $userdata) {
$userdata_count++;
//make existing userdata record obsolete
$wpdb->update($table_name2, array('date_to' => $now_date), array('uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey), array('%s'), array('%s', '%s'));
//insert new userdata record
$wpdb->insert($table_name2, array('uploadid' => $userdata->uploadid, 'property' => $userdata->property, 'propkey' => $userdata->propkey, 'propvalue' => $_POST['wfu_filedetails_userdata_' . $userdata->propkey], 'date_from' => $now_date, 'date_to' => 0), array('%s', '%s', '%d', '%s', '%s', '%s'));
}
if ($userdata_count > 0) {
wfu_log_action('modify:' . $now_date, $dec_file, $user->ID, '', 0, 0, '', null);
}
}
}
}
return true;
}
function wordpress_file_upload_manage_dashboard()
{
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
$action = !empty($_POST['action']) ? $_POST['action'] : (!empty($_GET['action']) ? $_GET['action'] : '');
$dir = !empty($_POST['dir']) ? $_POST['dir'] : (!empty($_GET['dir']) ? $_GET['dir'] : '');
$file = !empty($_POST['file']) ? $_POST['file'] : (!empty($_GET['file']) ? $_GET['file'] : '');
$referer = !empty($_POST['referer']) ? $_POST['referer'] : (!empty($_GET['referer']) ? $_GET['referer'] : '');
$data_enc = !empty($_POST['data']) ? $_POST['data'] : (!empty($_GET['data']) ? $_GET['data'] : '');
$postid = !empty($_POST['postid']) ? $_POST['postid'] : (!empty($_GET['postid']) ? $_GET['postid'] : '');
$nonce = !empty($_POST['nonce']) ? $_POST['nonce'] : (!empty($_GET['nonce']) ? $_GET['nonce'] : '');
$tag = !empty($_POST['tag']) ? $_POST['tag'] : (!empty($_GET['tag']) ? $_GET['tag'] : '');
$echo_str = "";
if ($action == 'edit_settings') {
wfu_update_settings();
$echo_str = wfu_manage_settings();
} elseif ($action == 'shortcode_composer') {
$echo_str = wfu_shortcode_composer();
} elseif ($action == 'file_browser') {
$echo_str = wfu_browse_files($dir);
} elseif ($action == 'view_log') {
$echo_str = wfu_view_log();
} elseif ($action == 'rename_file' && $file != "") {
$echo_str = wfu_rename_file_prompt($file, 'file', false);
} elseif ($action == 'rename_dir' && $file != "") {
$echo_str = wfu_rename_file_prompt($file, 'dir', false);
} elseif ($action == 'renamefile' && $file != "") {
if (wfu_rename_file($file, 'file')) {
$echo_str = wfu_browse_files($dir);
} else {
$echo_str = wfu_rename_file_prompt($file, 'file', true);
}
} elseif ($action == 'renamedir' && $file != "") {
if (wfu_rename_file($file, 'dir')) {
$echo_str = wfu_browse_files($dir);
} else {
$echo_str = wfu_rename_file_prompt($file, 'dir', true);
}
} elseif ($action == 'delete_file' && $file != "" && $referer != "") {
if (substr($file, 0, 5) == "list:") {
$file = explode(",", substr($file, 5));
}
$echo_str = wfu_delete_file_prompt($file, 'file', $referer);
} elseif ($action == 'delete_dir' && $file != "" && $referer != "") {
$echo_str = wfu_delete_file_prompt($file, 'dir', $referer);
} elseif ($action == 'deletefile' && $file != "") {
if (substr($file, 0, 5) == "list:") {
$file = explode(",", substr($file, 5));
}
wfu_delete_file($file, 'file');
$referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
if ($referer_url === false) {
$referer_url = "";
}
$match = array();
preg_match("/\\&dir=(.*)/", $referer_url, $match);
$dir = isset($match[1]) ? $match[1] : "";
$echo_str = wfu_browse_files($dir);
} elseif ($action == 'deletedir' && $file != "") {
wfu_delete_file($file, 'dir');
$referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
if ($referer_url === false) {
$referer_url = "";
}
$match = array();
preg_match("/\\&dir=(.*)/", $referer_url, $match);
$dir = isset($match[1]) ? $match[1] : "";
$echo_str = wfu_browse_files($dir);
} elseif ($action == 'create_dir') {
$echo_str = wfu_create_dir_prompt($dir, false);
} elseif ($action == 'createdir') {
if (wfu_create_dir($dir)) {
$echo_str = wfu_browse_files($dir);
} else {
$echo_str = wfu_create_dir_prompt($dir, true);
}
} elseif ($action == 'include_file' && $file != "" && $referer != "") {
if (substr($file, 0, 5) == "list:") {
$file = explode(",", substr($file, 5));
}
$echo_str = wfu_include_file_prompt($file, $referer);
} elseif ($action == 'includefile' && $file != "") {
if (substr($file, 0, 5) == "list:") {
$file = explode(",", substr($file, 5));
}
wfu_include_file($file);
$referer_url = wfu_flatten_path(wfu_get_filepath_from_safe(wfu_sanitize_code($referer)));
if ($referer_url === false) {
$referer_url = "";
}
$match = array();
preg_match("/\\&dir=(.*)/", $referer_url, $match);
$dir = isset($match[1]) ? $match[1] : "";
$echo_str = wfu_browse_files($dir);
} elseif ($action == 'file_details' && $file != "") {
$echo_str = wfu_file_details($file, false);
} elseif ($action == 'edit_filedetails' && $file != "") {
wfu_edit_filedetails($file);
$echo_str = wfu_file_details($file, false);
} elseif ($action == 'maintenance_actions') {
$echo_str = wfu_maintenance_actions();
} elseif ($action == 'sync_db') {
$affected_items = wfu_sync_database();
$echo_str = wfu_maintenance_actions('Database updated. ' . $affected_items . ' items where affected.');
} elseif ($action == 'clean_log_ask') {
$echo_str = wfu_clean_log_prompt();
} elseif ($action == 'clean_log') {
$ret = wfu_clean_log();
if ($ret <= -1) {
$echo_str = wfu_maintenance_actions();
} else {
$echo_str = wfu_maintenance_actions('Database cleaned. ' . $ret . ' items where affected.');
}
} elseif ($action == 'plugin_settings') {
$echo_str = wfu_manage_settings();
} elseif ($action == 'add_shortcode' && $postid != "" && $nonce != "" && $tag != "") {
if ($_SESSION['wfu_add_shortcode_ticket_for_' . $tag] != $nonce) {
$echo_str = wfu_manage_mainmenu();
} elseif (wfu_add_shortcode($postid, $tag)) {
$echo_str = wfu_manage_mainmenu();
} else {
$echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_ADD_SHORTCODE_REJECTED);
}
$_SESSION['wfu_add_shortcode_ticket'] = 'noticket';
} elseif ($action == 'edit_shortcode' && $data_enc != "" && $tag != "") {
$data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
if ($data['post_id'] == "" || wfu_check_edit_shortcode($data)) {
wfu_shortcode_composer($data, $tag);
} else {
$echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_EDIT_SHORTCODE_REJECTED);
}
} elseif ($action == 'delete_shortcode' && $data_enc != "") {
$data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
if (wfu_check_edit_shortcode($data)) {
$echo_str = wfu_delete_shortcode_prompt($data_enc);
} else {
$echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_DELETE_SHORTCODE_REJECTED);
}
} elseif ($action == 'deleteshortcode' && $data_enc != "") {
$data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
if (wfu_check_edit_shortcode($data)) {
if (wfu_delete_shortcode($data)) {
wfu_clear_shortcode_data_from_safe($data_enc);
}
$echo_str = wfu_manage_mainmenu();
} else {
$echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_DELETE_SHORTCODE_REJECTED);
}
} else {
$echo_str = wfu_manage_mainmenu();
}
echo $echo_str;
}