forked from mansj/enable-media-replace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
upload.php
246 lines (197 loc) · 9 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
<?php
if (!current_user_can('upload_files'))
wp_die(__('You do not have permission to upload files.', 'enable-media-replace'));
// Define DB table names
global $wpdb;
$table_name = $wpdb->prefix . "posts";
$postmeta_table_name = $wpdb->prefix . "postmeta";
function emr_delete_current_files($current_file) {
// Delete old file
do_action( 'emr_delete_file', $current_file );
// Find path of current file
$current_path = substr($current_file, 0, (strrpos($current_file, "/")));
// Check if old file exists first
if (file_exists($current_file)) {
// Now check for correct file permissions for old file
clearstatcache();
if (is_writable($current_file)) {
// Everything OK; delete the file
unlink($current_file);
}
else {
// File exists, but has wrong permissions. Let the user know.
printf(__('The file %1$s can not be deleted by the web server, most likely because the permissions on the file are wrong.', "enable-media-replace"), $current_file);
exit;
}
}
// Delete old resized versions if this was an image
$suffix = substr($current_file, (strlen($current_file)-4));
$prefix = substr($current_file, 0, (strlen($current_file)-4));
$imgAr = array(".png", ".gif", ".jpg");
if (in_array($suffix, $imgAr)) {
// It's a png/gif/jpg based on file name
do_action( 'emr_delete_image', $current_file );
// Get thumbnail filenames from metadata
$metadata = wp_get_attachment_metadata($_POST["ID"]);
if (is_array($metadata)) { // Added fix for error messages when there is no metadata (but WHY would there not be? I don't know…)
foreach($metadata["sizes"] AS $thissize) {
// Get all filenames and do an unlink() on each one;
$thisfile = $thissize["file"];
// Create array with all old sizes for replacing in posts later
$oldfilesAr[] = $thisfile;
// Look for files and delete them
if (strlen($thisfile)) {
$thisfile = $current_path . "/" . $thissize["file"];
if (file_exists($thisfile)) {
unlink($thisfile);
}
}
}
}
// Old (brutal) method, left here for now
//$mask = $prefix . "-*x*" . $suffix;
//array_map( "unlink", glob( $mask ) );
}
}
function emr_delete_thumbnail($current_thumb) {
// Delete old file
// Find path of current file
$current_path = substr($current_thumb, 0, (strrpos($current_thumb, "/")));
// Check if old file exists first
if (file_exists($current_thumb)) {
//error_log ('file exists'); //debug
// Now check for correct file permissions for old file
clearstatcache();
if (is_writable($current_thumb)) {
//error_log ('file is writable'); //debug
// Everything OK; delete the file
unlink($current_thumb);
//error_log ('file is deleted'); //debug
}
else {
// File exists, but has wrong permissions. Let the user know.
printf(__('The file %1$s can not be deleted by the web server, most likely because the permissions on the file are wrong.', "enable-media-replace"), $current_thumb);
exit;
}
}
}
// Get old guid and filetype from DB
$sql = "SELECT guid, post_mime_type FROM $table_name WHERE ID = '" . (int) $_POST["ID"] . "'";
list($current_filename, $current_filetype) = $wpdb->get_row($sql, ARRAY_N);
// Massage a bunch of vars
$current_guid = $current_filename;
$current_filename = substr($current_filename, (strrpos($current_filename, "/") + 1));
$current_file = get_attached_file((int) $_POST["ID"], apply_filters( 'emr_unfiltered_get_attached_file', true ));
$current_path = substr($current_file, 0, (strrpos($current_file, "/")));
$current_file = str_replace("//", "/", $current_file);
$current_filename = basename($current_file);
$replace_type = $_POST["replace_type"];
// We have three types: replace / replace_and_search / replace_thumb
if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
// New method for validating that the uploaded file is allowed, using WP:s internal wp_check_filetype_and_ext() function.
$filedata = wp_check_filetype_and_ext($_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["name"]);
if ($filedata["ext"] == "") {
echo __("File type does not meet security guidelines. Try another.", 'enable-media-replace');
exit;
}
$new_filename = $_FILES["userfile"]["name"];
$new_filesize = $_FILES["userfile"]["size"];
$new_filetype = $filedata["type"];
// save original file permissions
$original_file_perms = fileperms($current_file) & 0777;
if ($replace_type == "replace") {
// Drop-in replace and we don't even care if you uploaded something that is the wrong file-type.
// That's your own fault, because we warned you!
emr_delete_current_files($current_file);
// Move new file to old location/name
move_uploaded_file($_FILES["userfile"]["tmp_name"], $current_file);
// Chmod new file to original file permissions
@chmod($current_file, $original_file_perms);
// Make thumb and/or update metadata
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $current_file ) );
// Trigger possible updates on CDN and other plugins
update_attached_file( (int) $_POST["ID"], $current_file);
} elseif ($replace_type == "replace_thumb") {
// define filename
$image_size = $_POST["image_size"];
//$extension_pos = strrpos($current_filename, '.');
//$current_thumb = substr($current_filename, 0, $extension_pos) . '-'.$image_size . substr($current_filename, $extension_pos);
$current_thumb = $image_size;
$current_thumb_path = $current_path.'/'.$current_thumb;
//error_log ('thumbnail = '.$current_thumb); //debug
//error_log ('thumbnail path = '.$current_thumb_path); //debug
// delete thumbnail
emr_delete_thumbnail($current_thumb_path);
// Move new file to old location/name
move_uploaded_file($_FILES["userfile"]["tmp_name"], $current_thumb_path);
// Chmod new file to original file permissions
@chmod($current_thumb_path, $original_file_perms);
} elseif ( 'replace_and_search' == $replace_type && apply_filters( 'emr_enable_replace_and_search', true ) ) {
// Replace file, replace file name, update meta data, replace links pointing to old file name
emr_delete_current_files($current_file);
// Massage new filename to adhere to WordPress standards
$new_filename= wp_unique_filename( $current_path, $new_filename );
// Move new file to old location, new name
$new_file = $current_path . "/" . $new_filename;
move_uploaded_file($_FILES["userfile"]["tmp_name"], $new_file);
// Chmod new file to original file permissions
@chmod($current_file, $original_file_perms);
$new_filetitle = preg_replace('/\.[^.]+$/', '', basename($new_file));
$new_filetitle = apply_filters( 'enable_media_replace_title', $new_filetitle ); // Thanks Jonas Lundman (http://wordpress.org/support/topic/add-filter-hook-suggestion-to)
$new_guid = str_replace($current_filename, $new_filename, $current_guid);
// Update database file name
$sql = $wpdb->prepare(
"UPDATE $table_name SET post_title = '$new_filetitle', post_name = '$new_filetitle', guid = '$new_guid', post_mime_type = '$new_filetype' WHERE ID = %d;",
(int) $_POST["ID"]
);
$wpdb->query($sql);
// Update the postmeta file name
// Get old postmeta _wp_attached_file
$sql = $wpdb->prepare(
"SELECT meta_value FROM $postmeta_table_name WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
(int) $_POST["ID"]
);
$old_meta_name = $wpdb->get_row($sql, ARRAY_A);
$old_meta_name = $old_meta_name["meta_value"];
// Make new postmeta _wp_attached_file
$new_meta_name = str_replace($current_filename, $new_filename, $old_meta_name);
$sql = $wpdb->prepare(
"UPDATE $postmeta_table_name SET meta_value = '$new_meta_name' WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
(int) $_POST["ID"]
);
$wpdb->query($sql);
// Make thumb and/or update metadata
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $new_file) );
// Search-and-replace filename in post database
$sql = $wpdb->prepare(
"SELECT ID, post_content FROM $table_name WHERE post_content LIKE %s;",
'%' . $current_guid . '%'
);
$rs = $wpdb->get_results($sql, ARRAY_A);
foreach($rs AS $rows) {
// replace old guid with new guid
$post_content = $rows["post_content"];
$post_content = addslashes(str_replace($current_guid, $new_guid, $post_content));
$sql = $wpdb->prepare(
"UPDATE $table_name SET post_content = '$post_content' WHERE ID = %d;",
$rows["ID"]
);
$wpdb->query($sql);
}
// Trigger possible updates on CDN and other plugins
update_attached_file( (int) $_POST["ID"], $new_file);
}
$returnurl = get_bloginfo("wpurl") . "/wp-admin/post.php?post={$_POST["ID"]}&action=edit&message=1";
// Execute hook actions - thanks rubious for the suggestion!
if (isset($new_guid)) { do_action("enable-media-replace-upload-done", ($new_guid ? $new_guid : $current_guid)); }
} else {
//TODO Better error handling when no file is selected.
//For now just go back to media management
$returnurl = get_bloginfo("wpurl") . "/wp-admin/upload.php";
}
if (FORCE_SSL_ADMIN) {
$returnurl = str_replace("http:", "https:", $returnurl);
}
//save redirection
wp_redirect($returnurl);
?>