1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* Server-side file upload handler from wp-plupload, swfupload or other asynchronous upload methods. |
4
|
|
|
* |
5
|
|
|
* @package WordPress |
6
|
|
|
* @subpackage Administration |
7
|
|
|
*/ |
8
|
|
|
|
9
|
|
|
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { |
10
|
|
|
define( 'DOING_AJAX', true ); |
11
|
|
|
} |
12
|
|
|
|
13
|
|
|
if ( ! defined( 'WP_ADMIN' ) ) { |
14
|
|
|
define( 'WP_ADMIN', true ); |
15
|
|
|
} |
16
|
|
|
|
17
|
|
View Code Duplication |
if ( defined('ABSPATH') ) |
18
|
|
|
require_once(ABSPATH . 'wp-load.php'); |
19
|
|
|
else |
20
|
|
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); |
21
|
|
|
|
22
|
|
|
if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) { |
23
|
|
|
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead |
24
|
|
|
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) |
25
|
|
|
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; |
26
|
|
|
elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) |
27
|
|
|
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; |
28
|
|
|
if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) |
29
|
|
|
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; |
30
|
|
|
unset($current_user); |
31
|
|
|
} |
32
|
|
|
|
33
|
|
|
require_once( ABSPATH . 'wp-admin/admin.php' ); |
34
|
|
|
|
35
|
|
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); |
36
|
|
|
|
37
|
|
|
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { |
38
|
|
|
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); |
39
|
|
|
|
40
|
|
|
send_nosniff_header(); |
41
|
|
|
nocache_headers(); |
42
|
|
|
|
43
|
|
|
wp_ajax_upload_attachment(); |
44
|
|
|
die( '0' ); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
if ( ! current_user_can( 'upload_files' ) ) { |
48
|
|
|
wp_die( __( 'Sorry, you are not allowed to upload files.' ) ); |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
// just fetch the detail form for that attachment |
52
|
|
|
if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) { |
53
|
|
|
$post = get_post( $id ); |
54
|
|
|
if ( 'attachment' != $post->post_type ) |
55
|
|
|
wp_die( __( 'Invalid post type.' ) ); |
56
|
|
|
if ( ! current_user_can( 'edit_post', $id ) ) |
57
|
|
|
wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); |
58
|
|
|
|
59
|
|
|
switch ( $_REQUEST['fetch'] ) { |
60
|
|
|
case 3 : |
61
|
|
|
if ( $thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true ) ) |
62
|
|
|
echo '<img class="pinkynail" src="' . esc_url( $thumb_url[0] ) . '" alt="" />'; |
63
|
|
|
echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>'; |
64
|
|
|
|
65
|
|
|
// Title shouldn't ever be empty, but use filename just in case. |
66
|
|
|
$file = get_attached_file( $post->ID ); |
67
|
|
|
$title = $post->post_title ? $post->post_title : wp_basename( $file ); |
|
|
|
|
68
|
|
|
echo '<div class="filename new"><span class="title">' . esc_html( wp_html_excerpt( $title, 60, '…' ) ) . '</span></div>'; |
69
|
|
|
break; |
70
|
|
|
case 2 : |
71
|
|
|
add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); |
72
|
|
|
echo get_media_item($id, array( 'send' => false, 'delete' => true )); |
73
|
|
|
break; |
74
|
|
|
default: |
75
|
|
|
add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); |
76
|
|
|
echo get_media_item($id); |
77
|
|
|
break; |
78
|
|
|
} |
79
|
|
|
exit; |
80
|
|
|
} |
81
|
|
|
|
82
|
|
|
check_admin_referer('media-form'); |
83
|
|
|
|
84
|
|
|
$post_id = 0; |
85
|
|
View Code Duplication |
if ( isset( $_REQUEST['post_id'] ) ) { |
86
|
|
|
$post_id = absint( $_REQUEST['post_id'] ); |
87
|
|
|
if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) ) |
88
|
|
|
$post_id = 0; |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
$id = media_handle_upload( 'async-upload', $post_id ); |
92
|
|
|
if ( is_wp_error($id) ) { |
93
|
|
|
echo '<div class="error-div error"> |
94
|
|
|
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a> |
95
|
|
|
<strong>' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name']) ) . '</strong><br />' . |
96
|
|
|
esc_html($id->get_error_message()) . '</div>'; |
97
|
|
|
exit; |
98
|
|
|
} |
99
|
|
|
|
100
|
|
|
if ( $_REQUEST['short'] ) { |
101
|
|
|
// Short form response - attachment ID only. |
102
|
|
|
echo $id; |
103
|
|
|
} else { |
104
|
|
|
// Long form response - big chunk o html. |
105
|
|
|
$type = $_REQUEST['type']; |
106
|
|
|
|
107
|
|
|
/** |
108
|
|
|
* Filters the returned ID of an uploaded attachment. |
109
|
|
|
* |
110
|
|
|
* The dynamic portion of the hook name, `$type`, refers to the attachment type, |
111
|
|
|
* such as 'image', 'audio', 'video', 'file', etc. |
112
|
|
|
* |
113
|
|
|
* @since 2.5.0 |
114
|
|
|
* |
115
|
|
|
* @param int $id Uploaded attachment ID. |
116
|
|
|
*/ |
117
|
|
|
echo apply_filters( "async_upload_{$type}", $id ); |
118
|
|
|
} |
119
|
|
|
|
This check looks for type mismatches where the missing type is
false
. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTime
object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalse
before passing on the value to another function or method that may not be able to handle afalse
.