function ecu_options_page() { // Handle changed options if (isset($_POST['submitted'])) { check_admin_referer('easy-comment-uploads'); // Update options update_option('ecu_images_only', $_POST['images_only'] != null); if (isset($_POST['permission_required'])) { update_option('ecu_permission_required', $_POST['permission_required']); } update_option('ecu_hide_comment_form', (int) ($_POST['hide_comment_form'] != null)); update_option('ecu_show_full_file_path', (int) ($_POST['show_full_file_path'] != null)); if (isset($_POST['max_file_size']) && preg_match('/[0-9]+/', $_POST['max_file_size']) && $_POST['max_file_size'] >= 0) { update_option('ecu_max_file_size', $_POST['max_file_size']); } if (isset($_POST['upload_files_uploads_per_hour']) && preg_match('/[-]?[0-9]+/', $_POST['upload_files_uploads_per_hour']) && $_POST['upload_files_uploads_per_hour'] >= -1) { $uploads_per_hour = get_option('ecu_uploads_per_hour'); } $uploads_per_hour['upload_files'] = $_POST['upload_files_uploads_per_hour']; update_option('ecu_uploads_per_hour', $uploads_per_hour); if (isset($_POST['edit_posts_uploads_per_hour']) && preg_match('/[-]?[0-9]+/', $_POST['edit_posts_uploads_per_hour']) && $_POST['edit_posts_uploads_per_hour'] >= -1) { $uploads_per_hour = get_option('ecu_uploads_per_hour'); } $uploads_per_hour['edit_posts'] = $_POST['edit_posts_uploads_per_hour']; update_option('ecu_uploads_per_hour', $uploads_per_hour); if (isset($_POST['read_uploads_per_hour']) && preg_match('/[-]?[0-9]+/', $_POST['read_uploads_per_hour']) && $_POST['read_uploads_per_hour'] >= -1) { $uploads_per_hour = get_option('ecu_uploads_per_hour'); } $uploads_per_hour['read'] = $_POST['read_uploads_per_hour']; update_option('ecu_uploads_per_hour', $uploads_per_hour); if (isset($_POST['none_uploads_per_hour']) && preg_match('/[-]?[0-9]+/', $_POST['none_uploads_per_hour']) && $_POST['none_uploads_per_hour'] >= -1) { $uploads_per_hour = get_option('ecu_uploads_per_hour'); } $uploads_per_hour['none'] = $_POST['none_uploads_per_hour']; update_option('ecu_uploads_per_hour', $uploads_per_hour); if (isset($_POST['enabled_pages']) && preg_match('/^(all)|(([0-9]+ )*[0-9]+)$/', $_POST['enabled_pages'])) { update_option('ecu_enabled_pages', $_POST['enabled_pages']); } if (isset($_POST['file_extension_blacklist']) && $_POST['file_extension_blacklist'] != implode(', ', ecu_get_blacklist()) && preg_match('/^[a-z0-9]+([, ][ ]*[a-z0-9]+)*$/i', $_POST['file_extension_blacklist'])) { if ($_POST['file_extension_blacklist'] == 'default') { delete_option('ecu_file_extension_blacklist'); } else { if ($_POST['file_extension_blacklist'] == 'none') { update_option('ecu_file_extension_blacklist', array()); } else { update_option('ecu_file_extension_blacklist', preg_split("/[, ][ ]*/", $_POST['file_extension_blacklist'])); } } } if (isset($_POST['file_extension_whitelist']) && preg_match('/^[a-z0-9]+([, ][ ]*[a-z0-9]+)*$/i', $_POST['file_extension_whitelist'])) { if ($_POST['file_extension_whitelist'] == 'ignore') { delete_option('ecu_file_extension_whitelist'); } else { update_option('ecu_file_extension_whitelist', preg_split("/[, ][ ]*/", $_POST['file_extension_whitelist'])); } } // Inform user echo '<div id="message" class="updated fade"><p>' . __('Easy Comment Uploads options saved.') . '</p></div>'; } update_user_meta(get_current_user_id(), 'ecu_test', 'test'); // Store current values for fields $images_only = get_option('ecu_images_only') ? 'checked' : ''; $hide_comment_form = get_option('ecu_hide_comment_form') ? 'checked' : ''; $show_full_file_path = get_option('ecu_show_full_file_path') ? 'checked' : ''; $premission_required = array(); foreach (array('none', 'read', 'edit_posts', 'upload_files') as $elem) { $permission_required[] = get_option('ecu_permission_required') == $elem ? 'checked' : ''; } $max_file_size = get_option('ecu_max_file_size'); $enabled_pages = get_option('ecu_enabled_pages'); $file_extension_blacklist = ecu_get_blacklist() ? implode(', ', ecu_get_blacklist()) : 'none'; $file_extension_whitelist = get_option('ecu_file_extension_whitelist') === false ? 'ignore' : implode(', ', get_option('ecu_file_extension_whitelist')); $uploads_per_hour = get_option('ecu_uploads_per_hour'); // Info for form $actionurl = $_SERVER['REQUEST_URI']; $nonce_field = wp_nonce_field('easy-comment-uploads'); echo <<<END <div class="wrap" style="max-width:950px !important;"> <h2>Easy Comment Uploads</h2> <form name="ecuform" action="{$action_url}" method="post"> <input type="hidden" name="submitted" value="1" /> {$nonce_field} <h3>Allowed Files</h3> <ul> <li><input id="images_only" type="checkbox" name="images_only" {$images_only} /> <label for="images_only">Only allow images to be uploaded.</label></li> </p> <li>Limit the size of uploaded files: <input id="max_file_size" type="text" name="max_file_size" value="{$max_file_size}" /> <label for="max_file_size">(KiB, 0 = unlimited)</label></li> <li>Blacklist the following file extensions: <input id="file_extenstion_blacklist" type="text" name="file_extension_blacklist" value="{$file_extension_blacklist}" /> <br /> <label for="file_extenstion_blacklist">(extensions seperated with spaces, 'none' to allow all (not recommended) or 'default' to restore the default list)</label> </li> <li>Allow only the following file extensions: <input id="file_extenstion_whitelist" type="text" name="file_extension_whitelist" value="{$file_extension_whitelist}" /> <br /> <label for="file_extension_whitelist">(extensions seperated with spaces or 'ignore' to disable the whitelist)</label> </li> </ul> <h3>User Permissions</h3> <ul> <li><input id="all_users" type="radio" name="permission_required" value="none" {$permission_required['0']} /> <label for="all_users">Allow all users to upload files with their comments.</label></li> <li><input id="registered_users_only" type="radio" name="permission_required" value="read" {$permission_required['1']} /> <label for="registered_users_only">Only allow registered users to upload files.</label></li> <li><input id="edit_rights_only" type="radio" name="permission_required" value="edit_posts" {$permission_required['2']} /> <label for="edit_rights_only">Require "Contributor" rights to upload files.</label></li> <li><input id="upload_rights_only" type="radio" name="permission_required" value="upload_files" {$permission_required['3']} /> <label for="upload_rights_only">Require "Upload" rights to uploads files (e.g. only admin, editors and authors).</label></li> <li><table class="widefat"> <tr> <th></th> <th>Uploads allowed per hour <br /><em>(-1 = unlimited)</em></th> </tr> <tr> <th>users with upload rights <br /><em>(e.g. only admin, editors and authors)</em></th> <td><input id="upload_files_uploads_per_hour" type="text" name="upload_files_uploads_per_hour" value="{$uploads_per_hour['upload_files']}" /></td> </tr> <tr> <th>contributors</th> <td><input id="edit_posts_uploads_per_hour" type="text" name="edit_posts_uploads_per_hour" value="{$uploads_per_hour['edit_posts']}" /></td> </tr> <tr> <th>registered users</th> <td><input id="read_uploads_per_hour" type="text" name="read_uploads_per_hour" value="{$uploads_per_hour['read']}" /></td> </tr> <tr> <th>unregistered users</th> <td><input id="none_uploads_per_hour" type="text" name="none_uploads_per_hour" value="{$uploads_per_hour['none']}" /></td> </tr> </table></li> </ul> <h3>Upload Form</h3> <ul> <li><input id="hide_comment_form" type="checkbox" name="hide_comment_form" {$hide_comment_form} /> <label for="hide_comment_form">Hide from comment forms</li> <li> Only allow uploads on these pages: <input id="enabled_pages" type="text" name="enabled_pages" value="{$enabled_pages}" /> <br /> <label for="enabled_pages">(<a href="http://www.techtrot.com/wordpress-page-id/">page_ids</a> seperated with spaces or 'all' to enable globally)</label> </li> </ul> <h3>Comments</h3> <ul> <li><input id="show_full_file_path" type="checkbox" name="show_full_file_path" {$show_full_file_path} /> <label for="show_full_file_path">Show full url in links to files</label></li> </ul> <p class="submit"><input type="submit" class="button-primary" name="Submit" value="Save Changes" /></p> </form> END; echo "\n <div style='margin : auto auto auto 2em; width : 40em;\n background-color : ghostwhite; border : 1px dashed gray;\n padding : 0 1em 0 1em'>\n "; ecu_upload_form_default(false); echo "</div>"; }
function filetype_blacklisted() { $blacklist = ecu_get_blacklist(); return preg_match("/\\.((" . implode('|', $blacklist) . ")|~)(\\.|\$)/i", $_FILES['file']['name']); }