if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) { $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; } unset($current_user); } require_once ABSPATH . 'wp-admin/admin.php'; if (!current_user_can('upload_files')) { wp_die(__('You do not have permission to upload files.')); } header('Content-Type: text/html; charset=' . get_option('blog_charset')); if (isset($_REQUEST['action']) && 'upload-attachment' === $_REQUEST['action']) { define('DOING_AJAX', true); include ABSPATH . 'wp-admin/includes/ajax-actions.php'; send_nosniff_header(); nocache_headers(); wp_ajax_upload_attachment(); die('0'); } // just fetch the detail form for that attachment if (isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch']) { $post = get_post($id); if ('attachment' != $post->post_type) { wp_die(__('Unknown post type.')); } if (!current_user_can('edit_post', $id)) { wp_die(__('You are not allowed to edit this item.')); } switch ($_REQUEST['fetch']) { case 3: if ($thumb_url = wp_get_attachment_image_src($id, 'thumbnail', true)) { echo '<img class="pinkynail" src="' . esc_url($thumb_url[0]) . '" alt="" />';
/** * AJAX chunk receiver. * Ajax callback for plupload to handle chunked uploads. * Based on code by Davit Barbakadze * https://gist.github.com/jayarjo/5846636 * * @since 1.2.0 */ public function ajax_chunk_receiver() { /** Check that we have an upload and there are no errors. */ if (empty($_FILES) || $_FILES['async-upload']['error']) { /** Failed to move uploaded file. */ die; } /** Authenticate user. */ if (!is_user_logged_in() || !current_user_can('upload_files')) { die; } check_admin_referer('media-form'); /** Check and get file chunks. */ $chunk = isset($_REQUEST['chunk']) ? intval($_REQUEST['chunk']) : 0; $chunks = isset($_REQUEST['chunks']) ? intval($_REQUEST['chunks']) : 0; /** Get file name and path + name. */ $fileName = isset($_REQUEST['name']) ? $_REQUEST['name'] : $_FILES['async-upload']['name']; $filePath = dirname($_FILES['async-upload']['tmp_name']) . '/' . md5($fileName); $tuxbfu_max_upload_size = intval(get_option('tuxbfu_max_upload_size', 0) * 1048576); if ($tuxbfu_max_upload_size < 0) { $tuxbfu_max_upload_size = 0; } if ($tuxbfu_max_upload_size > 0 && file_exists("{$filePath}.part") && filesize("{$filePath}.part") + filesize($_FILES['async-upload']['tmp_name']) > $tuxbfu_max_upload_size) { if (!$chunks || $chunk == $chunks - 1) { @unlink("{$filePath}.part"); if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) { echo wp_json_encode(array('success' => false, 'data' => array('message' => __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads'), 'filename' => $_FILES['async-upload']['name']))); wp_die(); } else { echo '<div class="error-div error"> <a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a> <strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '<br />' . __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads') . '</strong><br />' . esc_html($id->get_error_message()) . '</div>'; } } die; } /** Open temp file. */ $out = @fopen("{$filePath}.part", $chunk == 0 ? 'wb' : 'ab'); if ($out) { /** Read binary input stream and append it to temp file. */ $in = @fopen($_FILES['async-upload']['tmp_name'], 'rb'); if ($in) { while ($buff = fread($in, 4096)) { fwrite($out, $buff); } } else { /** Failed to open input stream. */ /** Attempt to clean up unfinished output. */ @fclose($out); @unlink("{$filePath}.part"); die; } @fclose($in); @fclose($out); @unlink($_FILES['async-upload']['tmp_name']); } else { /** Failed to open output stream. */ die; } /** Check if file has finished uploading all parts. */ if (!$chunks || $chunk == $chunks - 1) { /** Recreate upload in $_FILES global and pass off to WordPress. */ rename("{$filePath}.part", $_FILES['async-upload']['tmp_name']); $_FILES['async-upload']['name'] = $fileName; $_FILES['async-upload']['size'] = filesize($_FILES['async-upload']['tmp_name']); $_FILES['async-upload']['type'] = $this->get_mime_content_type($_FILES['async-upload']['tmp_name']); header('Content-Type: text/html; charset=' . get_option('blog_charset')); if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) { send_nosniff_header(); nocache_headers(); wp_ajax_upload_attachment(); die('0'); } else { $post_id = 0; if (isset($_REQUEST['post_id'])) { $post_id = absint($_REQUEST['post_id']); if (!get_post($post_id) || !current_user_can('edit_post', $post_id)) { $post_id = 0; } } $id = media_handle_upload('async-upload', $post_id); if (is_wp_error($id)) { echo '<div class="error-div error"> <a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a> <strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '</strong><br />' . esc_html($id->get_error_message()) . '</div>'; exit; } if (isset($_REQUEST['short']) && $_REQUEST['short']) { // Short form response - attachment ID only. echo $id; } elseif (isset($_REQUEST['type'])) { // Long form response - big chunk o html. $type = $_REQUEST['type']; /** * Filter the returned ID of an uploaded attachment. * * The dynamic portion of the hook name, `$type`, refers to the attachment type, * such as 'image', 'audio', 'video', 'file', etc. * * @since 1.2.0 * * @param int $id Uploaded attachment ID. */ echo apply_filters("async_upload_{$type}", $id); } } } die; }