Exemplo n.º 1
0
        echo (int) @unlink($tmp);
    }
    // delete other old temp files
    require_once ABSPATH . 'wp-admin/includes/file.php';
    $tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp');
    foreach ($tmp_files as $tmp) {
        if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) {
            @unlink($tmp);
        }
    }
    exit;
}
if (empty($_FILES['async-upload'])) {
    wp_die(__('No file was uploaded.', WPFB) . ' (ASYNC)');
}
if (!@is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !@move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
    wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
}
$_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
$json = json_encode($_FILES['async-upload']);
if ($file_add_now) {
    $file_data = array('file_flash_upload' => $json, 'file_category' => 0);
    if (!empty($_REQUEST['presets'])) {
        $presets = array();
        parse_str(stripslashes($_REQUEST['presets']), $presets);
        WPFB_Admin::AdaptPresets($presets);
        $file_data = array_merge($file_data, $presets);
    }
    $result = WPFB_Admin::InsertFile($file_data, false);
    if (empty($result['error'])) {
        $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
Exemplo n.º 2
0
 private static function upload($args)
 {
     define('TMP_FILE_MAX_AGE', 3600 * 3);
     $frontend_upload = !empty($args['frontend_upload']) && $args['frontend_upload'] !== "false";
     $file_add_now = !empty($args['file_add_now']) && $args['file_add_now'] !== "false";
     // TODO: need to check if frontend_upload and user logged in state
     // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
     if (!is_user_logged_in()) {
         if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
             $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
         } elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
             $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
         }
         if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
             $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
         }
         if (!empty($_REQUEST['auth_cookie']) || !empty($_REQUEST['logged_in_cookie'])) {
             wp_set_current_user(wp_validate_auth_cookie());
         }
     }
     wpfb_loadclass('Category', 'File');
     $parent_cat = empty($args['cat_id']) ? null : WPFB_Category::GetCat($args['cat_id']);
     if ($frontend_upload) {
         if ($file_add_now) {
             wpfb_ajax_die('Unsupported upload!');
         } else {
             if (!WPFB_Core::$settings->frontend_upload && !current_user_can('upload_files')) {
                 wpfb_ajax_die(__('You do not have permission to upload files.'));
             }
         }
     } else {
         if (!WPFB_Core::CurUserCanUpload() && !$parent_cat && !$parent_cat->CurUserCanAddFiles()) {
             wpfb_ajax_die(__('You do not have permission to upload files.'));
         }
         check_admin_referer(WPFB . '-async-upload');
     }
     wpfb_loadclass('Admin');
     if (!empty($args['delupload'])) {
         $del_upload = @json_decode($args['delupload']);
         if ($del_upload && is_file($tmp = WPFB_Core::UploadDir() . '/.tmp/' . str_replace(array('../', '.tmp/'), '', $del_upload->tmp_name))) {
             echo (int) @unlink($tmp);
         }
         // delete other old temp files
         require_once ABSPATH . 'wp-admin/includes/file.php';
         $tmp_files = list_files(WPFB_Core::UploadDir() . '/.tmp');
         foreach ($tmp_files as $tmp) {
             if (time() - filemtime($tmp) >= TMP_FILE_MAX_AGE) {
                 @unlink($tmp);
             }
         }
         exit;
     }
     if (empty($_FILES['async-upload'])) {
         wpfb_ajax_die(__('No file was uploaded.', 'wp-filebase') . ' (ASYNC)');
     }
     if (!is_uploaded_file($_FILES['async-upload']['tmp_name']) || !($tmp = WPFB_Admin::GetTmpFile($_FILES['async-upload']['name'])) || !move_uploaded_file($_FILES['async-upload']['tmp_name'], $tmp)) {
         wpfb_ajax_die(sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name'])));
     }
     $_FILES['async-upload']['tmp_name'] = trim(substr($tmp, strlen(WPFB_Core::UploadDir())), '/');
     $json = json_encode($_FILES['async-upload']);
     if ($file_add_now) {
         $file_data = array('file_flash_upload' => $json, 'file_category' => 0);
         if (!empty($args['presets'])) {
             $presets = array();
             parse_str($args['presets'], $presets);
             WPFB_Admin::AdaptPresets($presets);
             $file_data = array_merge($file_data, $presets);
         }
         $result = WPFB_Admin::InsertFile($file_data, false);
         if (empty($result['error'])) {
             $resp = array_merge((array) $result['file'], array('file_thumbnail_url' => $result['file']->GetIconUrl(), 'file_edit_url' => $result['file']->GetEditUrl(), 'file_cur_user_can_edit' => $result['file']->CurUserCanEdit(), 'file_download_url' => $result['file']->GetUrl(), 'nonce' => wp_create_nonce(WPFB . '-updatefile' . $result['file_id'])));
             if (isset($args['tpl_tag'])) {
                 $tpl_tag = $args['tpl_tag'];
                 if ($tpl_tag === 'false') {
                     $tpl_tag = null;
                 }
                 $resp['tpl'] = $result['file']->GenTpl2($tpl_tag);
             }
         } else {
             wpfb_ajax_die($result['error']);
         }
         $json = json_encode($resp);
     }
     header('Content-Type: application/json; charset=' . get_option('blog_charset'));
     //header('Content-Length: ' . strlen($json));
     echo $json;
 }