upload.php
6.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
<?php
namespace EnableMediaReplace;
if ( ! defined( 'ABSPATH' ) )
exit; // Exit if accessed directly.
use EnableMediaReplace\ShortPixelLogger\ShortPixelLogger as Log;
use EnableMediaReplace\Notices\NoticeController as Notices;
if (!current_user_can('upload_files'))
wp_die( esc_html__('You do not have permission to upload files.', 'enable-media-replace') );
/*require_once('classes/replacer.php');
require_once('classes/file.php'); */
use \EnableMediaReplace\Replacer as Replacer;
// Define DB table names
global $wpdb;
$table_name = $wpdb->prefix . "posts";
$postmeta_table_name = $wpdb->prefix . "postmeta";
// Starts processing.
$uihelper = new UIHelper();
$emr = EnableMediaReplacePlugin::get();
// Get old guid and filetype from DB
$post_id = isset($_POST['ID']) ? intval($_POST['ID']) : null; // sanitize, post_id.
if (is_null($post_id))
{
wp_die( esc_html__('Error in request. Please try again', 'enable-media-replace') );
}
$attachment = get_post($post_id);
if (! $emr->checkImagePermission($attachment->post_author, $attachment->ID))
wp_die( esc_html__('You do not have permission to upload files for this author.', 'enable-media-replace') );
$replacer = new Replacer($post_id);
// Massage a bunch of vars
$ID = intval($_POST["ID"]); // legacy
$replace_type = isset($_POST["replace_type"]) ? sanitize_text_field($_POST["replace_type"]) : false;
$timestamp_replace = intval($_POST['timestamp_replace']);
$redirect_error = $uihelper->getFailedRedirect($post_id);
$redirect_success = $uihelper->getSuccesRedirect($post_id);
$do_new_location = isset($_POST['new_location']) ? sanitize_text_field($_POST['new_location']) : false;
$new_location_dir = isset($_POST['location_dir']) ? sanitize_text_field($_POST['location_dir']) : null;
$settings = array(); // save settings and show last loaded.
$settings['replace_type'] = $replace_type;
$settings['timestamp_replace'] = $timestamp_replace;
$settings['new_location'] = $do_new_location;
$settings['new_location_dir'] = $new_location_dir;
switch($timestamp_replace)
{
case \EnableMediaReplace\Replacer::TIME_UPDATEALL:
case \EnableMediaReplace\Replacer::TIME_UPDATEMODIFIED:
$datetime = current_time('mysql');
break;
case \EnableMediaReplace\Replacer::TIME_CUSTOM:
$custom_date = $_POST['custom_date_formatted'];
$custom_hour = str_pad($_POST['custom_hour'],2,0, STR_PAD_LEFT);
$custom_minute = str_pad($_POST['custom_minute'], 2, 0, STR_PAD_LEFT);
// create a mysql time representation from what we have.
Log::addDebug($_POST);
Log::addDebug('Custom Date - ' . $custom_date . ' ' . $custom_hour . ':' . $custom_minute );
$custom_date = \DateTime::createFromFormat('Y-m-d G:i', $custom_date . ' ' . $custom_hour . ':' . $custom_minute );
if ($custom_date === false)
{
wp_safe_redirect($redirect_error);
$errors = \DateTime::getLastErrors();
$error = '';
if (isset($errors['errors']))
{
$error = implode(',', $errors['errors']);
}
Notices::addError(sprintf(__('Invalid Custom Date. Please custom date values (%s)', 'enable-media-replace'), $error));
exit();
}
$datetime = $custom_date->format("Y-m-d H:i:s");
$settings['custom_date'] = $datetime;
break;
}
update_option('enable_media_replace', $settings, false);
// We have two types: replace / replace_and_search
if ($replace_type == 'replace')
{
$replacer->setMode(\EnableMediaReplace\Replacer::MODE_REPLACE);
$mode = \EnableMediaReplace\Replacer::MODE_REPLACE;
}
elseif ( 'replace_and_search' == $replace_type && apply_filters( 'emr_enable_replace_and_search', true ) )
{
$replacer->setMode(\EnableMediaReplace\Replacer::MODE_SEARCHREPLACE);
$mode = \EnableMediaReplace\Replacer::MODE_SEARCHREPLACE;
if ($do_new_location && ! is_null($new_location_dir))
{
$result = $replacer->setNewTargetLocation($new_location_dir);
if (! $result)
{
wp_safe_redirect($redirect_error);
exit();
}
}
}
$replacer->setTimeMode($timestamp_replace, $datetime);
/** Check if file is uploaded properly **/
if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
Log::addDebug($_FILES['userfile']);
// New method for validating that the uploaded file is allowed, using WP:s internal wp_check_filetype_and_ext() function.
$filedata = wp_check_filetype_and_ext($_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["name"]);
Log::addDebug('Data after check', $filedata);
if (isset($_FILES['userfile']['error']) && $_FILES['userfile']['error'] > 0)
{
$e = new RunTimeException('File Uploaded Failed');
Notices::addError($e->getMessage());
wp_safe_redirect($redirect_error);
exit();
}
if ($filedata["ext"] == false && ! current_user_can( 'unfiltered_upload' )) {
Notices::addError(esc_html__("File type does not meet security guidelines. Try another.", 'enable-media-replace') );
wp_safe_redirect($redirect_error);
exit();
}
// Here we have the uploaded file
$new_filename = $_FILES["userfile"]["name"];
//$new_filesize = $_FILES["userfile"]["size"]; // Seems not to be in use.
$new_filetype = $filedata["type"];
// Gather all functions that both options do.
do_action('wp_handle_replace', array('post_id' => $post_id));
/* if ($mode = \EnableMediaReplace\Replacer::MODE_SEARCHREPLACE && $do_new_location && ! is_null($new_location_dir))
{
exit($new_filename);
$newdirfile = $replacer->newTargetLocation($new_location_dir);
}
*/
try
{
$result = $replacer->replaceWith($_FILES["userfile"]["tmp_name"], $new_filename);
}
catch(\RunTimeException $e)
{
Log::addError($e->getMessage());
// exit($e->getMessage());
}
if (is_null($result))
{
wp_safe_redirect($redirect_error);
exit();
}
// $returnurl = admin_url("/post.php?post={$_POST["ID"]}&action=edit&message=1");
// Execute hook actions - thanks rubious for the suggestion!
} else {
//TODO Better error handling when no file is selected.
//For now just go back to media management
//$returnurl = admin_url("upload.php");
Log::addInfo('Failed. Redirecting - '. $redirect_error);
Notices::addError(__('File Upload seems to have failed. No files were returned by system','enable-media-replace'));
wp_safe_redirect($redirect_error);
exit();
}
Notices::addSuccess(__('File successfully replaced','enable-media-replace'));
// Allow developers to override $returnurl
//$returnurl = apply_filters('emr_returnurl', $returnurl);
wp_redirect($redirect_success);
exit();
?>