private static function actionTree($args)
{
wpfb_loadclass('File', 'Category', 'Output');
// fixed exploit, thanks to Miroslav Stampar http://unconciousmind.blogspot.com/
$root_id = empty($args['root']) || $args['root'] == 'source' ? 0 : (is_numeric($args['root']) ? intval($args['root']) : intval(substr(strrchr($args['root'], '-'), 1)));
$parent_id = $root_id == 0 && isset($args['base']) ? intval($args['base']) : $root_id;
$args = wp_parse_args($args, array('sort' => array(), 'onselect' => null, 'idp' => null, 'tpl' => null, 'inline_add' => true));
isset($args['cats_only']) && $args['cats_only'] === 'false' && ($args['cats_only'] = false);
isset($args['exclude_attached']) && $args['exclude_attached'] === 'false' && ($args['exclude_attached'] = false);
wp_send_json(WPFB_Output::GetTreeItems($parent_id, $args));
}
send_nosniff_header();
error_reporting(0);
}
$_REQUEST = stripslashes_deep($_REQUEST);
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
switch ($action = $_REQUEST['action']) {
case 'tree':
wpfb_loadclass('Core', 'File', 'Category', 'Output');
// fixed exploit, thanks to Miroslav Stampar http://unconciousmind.blogspot.com/
$root_id = empty($_REQUEST['root']) || $_REQUEST['root'] == 'source' ? 0 : (is_numeric($_REQUEST['root']) ? intval($_REQUEST['root']) : intval(substr(strrchr($_REQUEST['root'], '-'), 1)));
$parent_id = $root_id == 0 ? intval($_REQUEST['base']) : $root_id;
$args = wp_parse_args($_REQUEST, array('sort' => array(), 'onselect' => null, 'idp' => null, 'tpl' => null));
$args['cats_only'] === 'false' && ($args['cats_only'] = false);
$args['exclude_attached'] === 'false' && ($args['exclude_attached'] = false);
wpfb_print_json(WPFB_Output::GetTreeItems($parent_id, $args));
exit;
case 'delete':
wpfb_loadclass('File', 'Category');
$file_id = intval($_REQUEST['file_id']);
if (!current_user_can('upload_files') || $file_id <= 0 || ($file = WPFB_File::GetFile($file_id)) == null) {
die('-1');
}
$file->Remove();
die('1');
case 'tpl-sample':
global $current_user;
if (!current_user_can('edit_posts')) {
die('-1');
}
wpfb_loadclass('File', 'Category', 'TplLib', 'Output');
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (!WP_DEBUG) {
send_nosniff_header();
error_reporting(0);
}
$_REQUEST = stripslashes_deep($_REQUEST);
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
switch ($action = $_REQUEST['action']) {
case 'tree':
$type = $_REQUEST['type'];
wpfb_loadclass('Core', 'File', 'Category', 'Output');
// fixed exploit, thanks to Miroslav Stampar http://unconciousmind.blogspot.com/
$root_id = empty($_REQUEST['root']) || $_REQUEST['root'] == 'source' ? 0 : (is_numeric($_REQUEST['root']) ? intval($_REQUEST['root']) : intval(substr(strrchr($_REQUEST['root'], '-'), 1)));
$parent_id = $root_id == 0 ? intval($_REQUEST['base']) : $root_id;
wpfb_print_json(WPFB_Output::GetTreeItems($parent_id, $type, array('cats_only' => !empty($_REQUEST['cats_only']) && $_REQUEST['cats_only'] != 'false', 'exclude_attached' => !empty($_REQUEST['exclude_attached']) && $_REQUEST['exclude_attached'] != 'false', 'onselect' => !empty($_REQUEST['onselect']) ? $_REQUEST['onselect'] : null, 'cat_id_fmt' => empty($_REQUEST['cat_id_fmt']) ? null : wp_strip_all_tags($_REQUEST['cat_id_fmt']), 'file_id_fmt' => empty($_REQUEST['file_id_fmt']) ? null : wp_strip_all_tags($_REQUEST['file_id_fmt']))));
exit;
case 'delete':
wpfb_loadclass('File', 'Category');
$file_id = intval($_REQUEST['file_id']);
if (!current_user_can('upload_files') || $file_id <= 0 || ($file = WPFB_File::GetFile($file_id)) == null) {
die('-1');
}
$file->Remove();
die('1');
case 'tpl-sample':
global $current_user;
if (!current_user_can('edit_posts')) {
die('-1');
}
wpfb_loadclass('File', 'Category', 'TplLib', 'Output');
private static function FileBrowserList(&$content, $root_cat = null, $args = array())
{
$open_cat = empty($args['open_cats']) ? null : array_pop($args['open_cats']);
$items = WPFB_Output::GetTreeItems($root_cat, $args);
foreach ($items as $item) {
$liclass = '';
if (!empty($item->hasChildren)) {
$liclass .= 'hasChildren';
}
if ($open = !is_null($open_cat) && isset($item->cat_id) && $item->cat_id == $open_cat->cat_id) {
$liclass .= ' open';
}
$content .= '<li id="' . $item->id . '" class="' . $liclass . '"><span class="' . (empty($item->classes) ? '' : $item->classes) . '">' . $item->text . '</span>';
if ($item->hasChildren) {
$content .= "<ul>\n";
if ($open) {
self::FileBrowserList($content, WPFB_Category::GetCat($item->cat_id), $args);
} else {
$content .= "<li><span class=\"placeholder\"> </span></li>\n";
}
$content .= "</ul>\n";
}
$content .= "</li>\n";
}
}