echo (int) @unlink($tmp); } // delete other old temp files require_once ABSPATH . 'wp-admin/includes/file.php'; $tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp'); foreach ($tmp_files as $tmp) { if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) { @unlink($tmp); } } exit; } if (empty($_FILES['async-upload'])) { wp_die(__('No file was uploaded.', WPFB) . ' (ASYNC)'); } if (!@is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !@move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) { wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']))); } $_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/'); $json = json_encode($_FILES['async-upload']); if ($file_add_now) { $file_data = array('file_flash_upload' => $json, 'file_category' => 0); if (!empty($_REQUEST['presets'])) { $presets = array(); parse_str(stripslashes($_REQUEST['presets']), $presets); WPFB_Admin::AdaptPresets($presets); $file_data = array_merge($file_data, $presets); } $result = WPFB_Admin::InsertFile($file_data, false); if (empty($result['error'])) { $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
private static function upload($args) { define('TMP_FILE_MAX_AGE', 3600 * 3); $frontend_upload = !empty($args['frontend_upload']) && $args['frontend_upload'] !== "false"; $file_add_now = !empty($args['file_add_now']) && $args['file_add_now'] !== "false"; // TODO: need to check if frontend_upload and user logged in state // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead if (!is_user_logged_in()) { if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; } elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) { $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; } if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) { $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; } if (!empty($_REQUEST['auth_cookie']) || !empty($_REQUEST['logged_in_cookie'])) { wp_set_current_user(wp_validate_auth_cookie()); } } wpfb_loadclass('Category', 'File'); $parent_cat = empty($args['cat_id']) ? null : WPFB_Category::GetCat($args['cat_id']); if ($frontend_upload) { if ($file_add_now) { wpfb_ajax_die('Unsupported upload!'); } else { if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) { wpfb_ajax_die(__('You do not have permission to upload files.')); } } } else { if (!WPFB_Core::CurUserCanUpload() && !$parent_cat && !$parent_cat->CurUserCanAddFiles()) { wpfb_ajax_die(__('You do not have permission to upload files.')); } check_admin_referer(WPFB . '-async-upload'); } wpfb_loadclass('Admin'); if (!empty($args['delupload'])) { $del_upload = @json_decode($args['delupload']); if ($del_upload && is_file($tmp = WPFB_Core::UploadDir() . '/.tmp/' . str_replace(array('../', '.tmp/'), '', $del_upload->tmp_name))) { echo (int) @unlink($tmp); } // delete other old temp files require_once ABSPATH . 'wp-admin/includes/file.php'; $tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp'); foreach ($tmp_files as $tmp) { if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) { @unlink($tmp); } } exit; } if (empty($_FILES['async-upload'])) { wpfb_ajax_die(__('No file was uploaded.', 'wp-filebase') . ' (ASYNC)'); } if (!is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) { wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']))); } $_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/'); $json = json_encode($_FILES['async-upload']); if ($file_add_now) { $file_data = array('file_flash_upload' => $json, 'file_category' => 0); if (!empty($args['presets'])) { $presets = array(); parse_str($args['presets'], $presets); WPFB_Admin::AdaptPresets($presets); $file_data = array_merge($file_data, $presets); } $result = WPFB_Admin::InsertFile($file_data, false); if (empty($result['error'])) { $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id']))); if (isset($args['tpl_tag'])) { $tpl_tag = $args['tpl_tag']; if ($tpl_tag === 'false') { $tpl_tag = null; } $resp['tpl'] = $result['file']->GenTpl2($tpl_tag); } } else { wpfb_ajax_die($result['error']); } $json = json_encode($resp); } header('Content-Type: application/json; charset=' . get_option('blog_charset')); //header('Content-Length: ' . strlen($json)); echo $json; }