if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
unset($current_user);
}
require_once ABSPATH . 'wp-admin/admin.php';
if (!current_user_can('upload_files')) {
wp_die(__('You do not have permission to upload files.'));
}
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (isset($_REQUEST['action']) && 'upload-attachment' === $_REQUEST['action']) {
define('DOING_AJAX', true);
include ABSPATH . 'wp-admin/includes/ajax-actions.php';
send_nosniff_header();
nocache_headers();
wp_ajax_upload_attachment();
die('0');
}
// just fetch the detail form for that attachment
if (isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch']) {
$post = get_post($id);
if ('attachment' != $post->post_type) {
wp_die(__('Unknown post type.'));
}
if (!current_user_can('edit_post', $id)) {
wp_die(__('You are not allowed to edit this item.'));
}
switch ($_REQUEST['fetch']) {
case 3:
if ($thumb_url = wp_get_attachment_image_src($id, 'thumbnail', true)) {
echo '<img class="pinkynail" src="' . esc_url($thumb_url[0]) . '" alt="" />';
/**
* AJAX chunk receiver.
* Ajax callback for plupload to handle chunked uploads.
* Based on code by Davit Barbakadze
* https://gist.github.com/jayarjo/5846636
*
* @since 1.2.0
*/
public function ajax_chunk_receiver()
{
/** Check that we have an upload and there are no errors. */
if (empty($_FILES) || $_FILES['async-upload']['error']) {
/** Failed to move uploaded file. */
die;
}
/** Authenticate user. */
if (!is_user_logged_in() || !current_user_can('upload_files')) {
die;
}
check_admin_referer('media-form');
/** Check and get file chunks. */
$chunk = isset($_REQUEST['chunk']) ? intval($_REQUEST['chunk']) : 0;
$chunks = isset($_REQUEST['chunks']) ? intval($_REQUEST['chunks']) : 0;
/** Get file name and path + name. */
$fileName = isset($_REQUEST['name']) ? $_REQUEST['name'] : $_FILES['async-upload']['name'];
$filePath = dirname($_FILES['async-upload']['tmp_name']) . '/' . md5($fileName);
$tuxbfu_max_upload_size = intval(get_option('tuxbfu_max_upload_size', 0) * 1048576);
if ($tuxbfu_max_upload_size < 0) {
$tuxbfu_max_upload_size = 0;
}
if ($tuxbfu_max_upload_size > 0 && file_exists("{$filePath}.part") && filesize("{$filePath}.part") + filesize($_FILES['async-upload']['tmp_name']) > $tuxbfu_max_upload_size) {
if (!$chunks || $chunk == $chunks - 1) {
@unlink("{$filePath}.part");
if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) {
echo wp_json_encode(array('success' => false, 'data' => array('message' => __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads'), 'filename' => $_FILES['async-upload']['name'])));
wp_die();
} else {
echo '<div class="error-div error">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>
<strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '<br />' . __('The file size has exceeded the maximum file size setting.', 'tuxed-big-file-uploads') . '</strong><br />' . esc_html($id->get_error_message()) . '</div>';
}
}
die;
}
/** Open temp file. */
$out = @fopen("{$filePath}.part", $chunk == 0 ? 'wb' : 'ab');
if ($out) {
/** Read binary input stream and append it to temp file. */
$in = @fopen($_FILES['async-upload']['tmp_name'], 'rb');
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
} else {
/** Failed to open input stream. */
/** Attempt to clean up unfinished output. */
@fclose($out);
@unlink("{$filePath}.part");
die;
}
@fclose($in);
@fclose($out);
@unlink($_FILES['async-upload']['tmp_name']);
} else {
/** Failed to open output stream. */
die;
}
/** Check if file has finished uploading all parts. */
if (!$chunks || $chunk == $chunks - 1) {
/** Recreate upload in $_FILES global and pass off to WordPress. */
rename("{$filePath}.part", $_FILES['async-upload']['tmp_name']);
$_FILES['async-upload']['name'] = $fileName;
$_FILES['async-upload']['size'] = filesize($_FILES['async-upload']['tmp_name']);
$_FILES['async-upload']['type'] = $this->get_mime_content_type($_FILES['async-upload']['tmp_name']);
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (!isset($_REQUEST['short']) || !isset($_REQUEST['type'])) {
send_nosniff_header();
nocache_headers();
wp_ajax_upload_attachment();
die('0');
} else {
$post_id = 0;
if (isset($_REQUEST['post_id'])) {
$post_id = absint($_REQUEST['post_id']);
if (!get_post($post_id) || !current_user_can('edit_post', $post_id)) {
$post_id = 0;
}
}
$id = media_handle_upload('async-upload', $post_id);
if (is_wp_error($id)) {
echo '<div class="error-div error">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>
<strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name'])) . '</strong><br />' . esc_html($id->get_error_message()) . '</div>';
exit;
}
if (isset($_REQUEST['short']) && $_REQUEST['short']) {
// Short form response - attachment ID only.
echo $id;
} elseif (isset($_REQUEST['type'])) {
// Long form response - big chunk o html.
$type = $_REQUEST['type'];
/**
* Filter the returned ID of an uploaded attachment.
*
* The dynamic portion of the hook name, `$type`, refers to the attachment type,
* such as 'image', 'audio', 'video', 'file', etc.
*
* @since 1.2.0
*
* @param int $id Uploaded attachment ID.
*/
echo apply_filters("async_upload_{$type}", $id);
}
}
}
die;
}
