This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * ACF File Field Class |
||
5 | * |
||
6 | * All the logic for this field type |
||
7 | * |
||
8 | * @class acf_field_file |
||
9 | * @extends acf_field |
||
10 | * @package ACF |
||
11 | * @subpackage Fields |
||
12 | */ |
||
13 | |||
14 | if( ! class_exists('acf_field_file') ) : |
||
15 | |||
16 | class acf_field_file extends acf_field { |
||
17 | |||
18 | |||
19 | /* |
||
20 | * __construct |
||
21 | * |
||
22 | * This function will setup the field type data |
||
23 | * |
||
24 | * @type function |
||
25 | * @date 5/03/2014 |
||
26 | * @since 5.0.0 |
||
27 | * |
||
28 | * @param n/a |
||
29 | * @return n/a |
||
30 | */ |
||
0 ignored issues
–
show
|
|||
31 | |||
32 | function __construct() { |
||
0 ignored issues
–
show
|
|||
33 | |||
34 | // vars |
||
35 | $this->name = 'file'; |
||
36 | $this->label = __("File",'acf'); |
||
0 ignored issues
–
show
The property
label does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
![]() |
|||
37 | $this->category = 'content'; |
||
38 | $this->defaults = array( |
||
39 | 'return_format' => 'array', |
||
40 | 'library' => 'all', |
||
41 | 'min_size' => 0, |
||
42 | 'max_size' => 0, |
||
43 | 'mime_types' => '' |
||
44 | ); |
||
45 | $this->l10n = array( |
||
46 | 'select' => __("Select File",'acf'), |
||
47 | 'edit' => __("Edit File",'acf'), |
||
48 | 'update' => __("Update File",'acf'), |
||
49 | 'uploadedTo' => __("uploaded to this post",'acf'), |
||
50 | ); |
||
51 | |||
52 | |||
53 | // filters |
||
54 | add_filter('get_media_item_args', array($this, 'get_media_item_args')); |
||
55 | add_filter('wp_prepare_attachment_for_js', array($this, 'wp_prepare_attachment_for_js'), 10, 3); |
||
56 | |||
57 | |||
58 | // do not delete! |
||
59 | parent::__construct(); |
||
60 | |||
61 | } |
||
62 | |||
63 | |||
64 | /* |
||
65 | * render_field() |
||
66 | * |
||
67 | * Create the HTML interface for your field |
||
68 | * |
||
69 | * @param $field - an array holding all the field's data |
||
70 | * |
||
71 | * @type action |
||
72 | * @since 3.6 |
||
73 | * @date 23/01/13 |
||
74 | */ |
||
75 | |||
76 | function render_field( $field ) { |
||
0 ignored issues
–
show
|
|||
77 | |||
78 | // vars |
||
79 | $uploader = acf_get_setting('uploader'); |
||
80 | |||
81 | |||
82 | // enqueue |
||
83 | if( $uploader == 'wp' ) { |
||
84 | |||
85 | acf_enqueue_uploader(); |
||
86 | |||
87 | } |
||
88 | |||
89 | |||
90 | // vars |
||
91 | $o = array( |
||
92 | 'icon' => '', |
||
93 | 'title' => '', |
||
94 | 'size' => '', |
||
95 | 'url' => '', |
||
96 | 'name' => '', |
||
97 | ); |
||
98 | |||
99 | $div = array( |
||
100 | 'class' => 'acf-file-uploader acf-cf', |
||
101 | 'data-library' => $field['library'], |
||
102 | 'data-mime_types' => $field['mime_types'], |
||
103 | 'data-uploader' => $uploader |
||
104 | ); |
||
105 | |||
106 | |||
107 | // has value |
||
108 | if( $field['value'] && is_numeric($field['value']) ) { |
||
109 | |||
110 | $file = get_post( $field['value'] ); |
||
111 | |||
112 | if( $file ) { |
||
113 | |||
114 | $div['class'] .= ' has-value'; |
||
115 | |||
116 | $o['icon'] = wp_mime_type_icon( $file->ID ); |
||
117 | $o['title'] = $file->post_title; |
||
118 | $o['size'] = @size_format(filesize( get_attached_file( $file->ID ) )); |
||
119 | $o['url'] = wp_get_attachment_url( $file->ID ); |
||
120 | |||
121 | $explode = explode('/', $o['url']); |
||
122 | $o['name'] = end( $explode ); |
||
123 | |||
124 | } |
||
125 | |||
126 | } |
||
127 | |||
128 | ?> |
||
129 | <div <?php acf_esc_attr_e($div); ?>> |
||
130 | <div class="acf-hidden"> |
||
131 | <?php acf_hidden_input(array( 'name' => $field['name'], 'value' => $field['value'], 'data-name' => 'id' )); ?> |
||
132 | </div> |
||
133 | <div class="show-if-value file-wrap acf-soh"> |
||
134 | <div class="file-icon"> |
||
135 | <img data-name="icon" src="<?php echo $o['icon']; ?>" alt=""/> |
||
136 | </div> |
||
137 | <div class="file-info"> |
||
138 | <p> |
||
139 | <strong data-name="title"><?php echo $o['title']; ?></strong> |
||
140 | </p> |
||
141 | <p> |
||
142 | <strong><?php _e('File Name', 'acf'); ?>:</strong> |
||
143 | <a data-name="name" href="<?php echo $o['url']; ?>" target="_blank"><?php echo $o['name']; ?></a> |
||
144 | </p> |
||
145 | <p> |
||
146 | <strong><?php _e('File Size', 'acf'); ?>:</strong> |
||
147 | <span data-name="size"><?php echo $o['size']; ?></span> |
||
148 | </p> |
||
149 | |||
150 | <ul class="acf-hl acf-soh-target"> |
||
151 | <?php if( $uploader != 'basic' ): ?> |
||
152 | <li><a class="acf-icon -pencil dark" data-name="edit" href="#"></a></li> |
||
153 | <?php endif; ?> |
||
154 | <li><a class="acf-icon -cancel dark" data-name="remove" href="#"></a></li> |
||
155 | </ul> |
||
156 | </div> |
||
157 | </div> |
||
158 | <div class="hide-if-value"> |
||
159 | View Code Duplication | <?php if( $uploader == 'basic' ): ?> |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
160 | |||
161 | <?php if( $field['value'] && !is_numeric($field['value']) ): ?> |
||
162 | <div class="acf-error-message"><p><?php echo $field['value']; ?></p></div> |
||
163 | <?php endif; ?> |
||
164 | |||
165 | <input type="file" name="<?php echo $field['name']; ?>" id="<?php echo $field['id']; ?>" /> |
||
166 | |||
167 | <?php else: ?> |
||
168 | |||
169 | <p style="margin:0;"><?php _e('No File selected','acf'); ?> <a data-name="add" class="acf-button" href="#"><?php _e('Add File','acf'); ?></a></p> |
||
170 | |||
171 | <?php endif; ?> |
||
172 | |||
173 | </div> |
||
174 | </div> |
||
175 | <?php |
||
176 | |||
177 | } |
||
178 | |||
179 | |||
180 | /* |
||
181 | * render_field_settings() |
||
182 | * |
||
183 | * Create extra options for your field. This is rendered when editing a field. |
||
184 | * The value of $field['name'] can be used (like bellow) to save extra data to the $field |
||
185 | * |
||
186 | * @type action |
||
187 | * @since 3.6 |
||
188 | * @date 23/01/13 |
||
189 | * |
||
190 | * @param $field - an array holding all the field's data |
||
191 | */ |
||
192 | |||
193 | function render_field_settings( $field ) { |
||
0 ignored issues
–
show
|
|||
194 | |||
195 | // clear numeric settings |
||
196 | $clear = array( |
||
197 | 'min_size', |
||
198 | 'max_size' |
||
199 | ); |
||
200 | |||
201 | foreach( $clear as $k ) { |
||
202 | |||
203 | if( empty($field[$k]) ) { |
||
204 | |||
205 | $field[$k] = ''; |
||
206 | |||
207 | } |
||
208 | |||
209 | } |
||
210 | |||
211 | |||
212 | // return_format |
||
213 | acf_render_field_setting( $field, array( |
||
214 | 'label' => __('Return Value','acf'), |
||
215 | 'instructions' => __('Specify the returned value on front end','acf'), |
||
216 | 'type' => 'radio', |
||
217 | 'name' => 'return_format', |
||
218 | 'layout' => 'horizontal', |
||
219 | 'choices' => array( |
||
220 | 'array' => __("File Array",'acf'), |
||
221 | 'url' => __("File URL",'acf'), |
||
222 | 'id' => __("File ID",'acf') |
||
223 | ) |
||
224 | )); |
||
225 | |||
226 | |||
227 | // library |
||
228 | acf_render_field_setting( $field, array( |
||
229 | 'label' => __('Library','acf'), |
||
230 | 'instructions' => __('Limit the media library choice','acf'), |
||
231 | 'type' => 'radio', |
||
232 | 'name' => 'library', |
||
233 | 'layout' => 'horizontal', |
||
234 | 'choices' => array( |
||
235 | 'all' => __('All', 'acf'), |
||
236 | 'uploadedTo' => __('Uploaded to post', 'acf') |
||
237 | ) |
||
238 | )); |
||
239 | |||
240 | |||
241 | // min |
||
242 | acf_render_field_setting( $field, array( |
||
243 | 'label' => __('Minimum','acf'), |
||
244 | 'instructions' => __('Restrict which files can be uploaded','acf'), |
||
245 | 'type' => 'text', |
||
246 | 'name' => 'min_size', |
||
247 | 'prepend' => __('File size', 'acf'), |
||
248 | 'append' => 'MB', |
||
249 | )); |
||
250 | |||
251 | |||
252 | // max |
||
253 | acf_render_field_setting( $field, array( |
||
254 | 'label' => __('Maximum','acf'), |
||
255 | 'instructions' => __('Restrict which files can be uploaded','acf'), |
||
256 | 'type' => 'text', |
||
257 | 'name' => 'max_size', |
||
258 | 'prepend' => __('File size', 'acf'), |
||
259 | 'append' => 'MB', |
||
260 | )); |
||
261 | |||
262 | |||
263 | // allowed type |
||
264 | acf_render_field_setting( $field, array( |
||
265 | 'label' => __('Allowed file types','acf'), |
||
266 | 'instructions' => __('Comma separated list. Leave blank for all types','acf'), |
||
267 | 'type' => 'text', |
||
268 | 'name' => 'mime_types', |
||
269 | )); |
||
270 | |||
271 | } |
||
272 | |||
273 | |||
274 | /* |
||
275 | * format_value() |
||
276 | * |
||
277 | * This filter is appied to the $value after it is loaded from the db and before it is returned to the template |
||
278 | * |
||
279 | * @type filter |
||
280 | * @since 3.6 |
||
281 | * @date 23/01/13 |
||
282 | * |
||
283 | * @param $value (mixed) the value which was loaded from the database |
||
284 | * @param $post_id (mixed) the $post_id from which the value was loaded |
||
285 | * @param $field (array) the field array holding all the field options |
||
286 | * |
||
287 | * @return $value (mixed) the modified value |
||
288 | */ |
||
0 ignored issues
–
show
The doc-type
$value could not be parsed: Unknown type name "$value" at position 0. (view supported doc-types)
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. ![]() |
|||
289 | |||
290 | View Code Duplication | function format_value( $value, $post_id, $field ) { |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
291 | |||
292 | // bail early if no value |
||
293 | if( empty($value) ) { |
||
294 | |||
295 | return false; |
||
296 | |||
297 | } |
||
298 | |||
299 | |||
300 | // bail early if not numeric (error message) |
||
301 | if( !is_numeric($value) ) { |
||
302 | |||
303 | return false; |
||
304 | |||
305 | } |
||
306 | |||
307 | |||
308 | // convert to int |
||
309 | $value = intval($value); |
||
310 | |||
311 | |||
312 | // format |
||
313 | if( $field['return_format'] == 'url' ) { |
||
314 | |||
315 | return wp_get_attachment_url($value); |
||
316 | |||
317 | } elseif( $field['return_format'] == 'array' ) { |
||
318 | |||
319 | return acf_get_attachment( $value ); |
||
320 | } |
||
321 | |||
322 | |||
323 | // return |
||
324 | return $value; |
||
325 | } |
||
326 | |||
327 | |||
328 | /* |
||
329 | * get_media_item_args |
||
330 | * |
||
331 | * description |
||
332 | * |
||
333 | * @type function |
||
334 | * @date 27/01/13 |
||
335 | * @since 3.6.0 |
||
336 | * |
||
337 | * @param $vars (array) |
||
338 | * @return $vars |
||
339 | */ |
||
0 ignored issues
–
show
The doc-type
$vars could not be parsed: Unknown type name "$vars" at position 0. (view supported doc-types)
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. ![]() |
|||
340 | |||
341 | function get_media_item_args( $vars ) { |
||
0 ignored issues
–
show
|
|||
342 | |||
343 | $vars['send'] = true; |
||
344 | return($vars); |
||
345 | |||
346 | } |
||
347 | |||
348 | |||
349 | /* |
||
350 | * update_value() |
||
351 | * |
||
352 | * This filter is appied to the $value before it is updated in the db |
||
353 | * |
||
354 | * @type filter |
||
355 | * @since 3.6 |
||
356 | * @date 23/01/13 |
||
357 | * |
||
358 | * @param $value - the value which will be saved in the database |
||
359 | * @param $post_id - the $post_id of which the value will be saved |
||
360 | * @param $field - the field array holding all the field options |
||
361 | * |
||
362 | * @return $value - the modified value |
||
363 | */ |
||
0 ignored issues
–
show
The doc-type
$value could not be parsed: Unknown type name "$value" at position 0. (view supported doc-types)
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. ![]() |
|||
364 | |||
365 | View Code Duplication | function update_value( $value, $post_id, $field ) { |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
366 | |||
367 | // array? |
||
368 | if( is_array($value) && isset($value['ID']) ) { |
||
369 | |||
370 | return $value['ID']; |
||
371 | |||
372 | } |
||
373 | |||
374 | |||
375 | // object? |
||
376 | if( is_object($value) && isset($value->ID) ) { |
||
377 | |||
378 | return $value->ID; |
||
379 | |||
380 | } |
||
381 | |||
382 | |||
383 | // return |
||
384 | return $value; |
||
385 | } |
||
386 | |||
387 | |||
388 | /* |
||
389 | * wp_prepare_attachment_for_js |
||
390 | * |
||
391 | * this filter allows ACF to add in extra data to an attachment JS object |
||
392 | * |
||
393 | * @type function |
||
394 | * @date 1/06/13 |
||
395 | * |
||
396 | * @param {int} $post_id |
||
397 | * @return {int} $post_id |
||
0 ignored issues
–
show
The doc-type
{int} could not be parsed: Unknown type name "{int}" at position 0. (view supported doc-types)
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. ![]() There is no parameter named
$post_id . Was it maybe removed?
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter /**
* @param array $germany
* @param array $island
* @param array $italy
*/
function finale($germany, $island) {
return "2:1";
}
The most likely cause is that the parameter was removed, but the annotation was not. ![]() |
|||
398 | */ |
||
0 ignored issues
–
show
The doc-type
{int} could not be parsed: Unknown type name "{int}" at position 0. (view supported doc-types)
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. ![]() |
|||
399 | |||
400 | function wp_prepare_attachment_for_js( $response, $attachment, $meta ) { |
||
0 ignored issues
–
show
|
|||
401 | |||
402 | // default |
||
403 | $fs = '0 kb'; |
||
404 | |||
405 | |||
406 | // supress PHP warnings caused by corrupt images |
||
407 | if( $i = @filesize( get_attached_file( $attachment->ID ) ) ) { |
||
408 | |||
409 | $fs = size_format( $i ); |
||
410 | |||
411 | } |
||
412 | |||
413 | |||
414 | // update JSON |
||
415 | $response['filesize'] = $fs; |
||
416 | |||
417 | |||
418 | // return |
||
419 | return $response; |
||
420 | |||
421 | } |
||
422 | |||
423 | } |
||
424 | |||
425 | new acf_field_file(); |
||
426 | |||
427 | endif; |
||
428 | |||
429 | ?> |
||
430 |
This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types.