PageRenderTime 48ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-admin/async-upload.php

https://github.com/muskmelon/Greemo
PHP | 70 lines | 49 code | 11 blank | 10 comment | 20 complexity | 3a1aa62c93a9974c19f8f15692784099 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Accepts file uploads from swfupload or other asynchronous upload methods.
    4. 

  4.  *
    5. 

  5.  * @package WordPress
    6. 

  6.  * @subpackage Administration
    7. 

  7.  */
    8. 

  8. 

  9. define('WP_ADMIN', true);
    10. 

  10. 

  11. if ( defined('ABSPATH') )
    12. 

  12. 	require_once(ABSPATH . 'wp-load.php');
    13. 

  13. else
    14. 

  14. 	require_once('../wp-load.php');
    15. 

  15. 

  16. // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
    17. 

  17. if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
    18. 

  18. 	$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
    19. 

  19. elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
    20. 

  20. 	$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
    21. 

  21. if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
    22. 

  22. 	$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
    23. 

  23. unset($current_user);
    24. 

  24. require_once('./admin.php');
    25. 

  25. 

  26. header('Content-Type: text/plain; charset=' . get_option('blog_charset'));
    27. 

  27. 

  28. if ( !current_user_can('upload_files') )
    29. 

  29. 	wp_die(__('You do not have permission to upload files.'));
    30. 

  30. 

  31. // just fetch the detail form for that attachment
    32. 

  32. if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
    33. 

  33. 	$post = get_post( $id );
    34. 

  34. 	if ( 'attachment' != $post->post_type )
    35. 

  35. 		wp_die( __( 'Unknown post type.' ) );
    36. 

  36. 	$post_type_object = get_post_type_object( 'attachment' );
    37. 

  37. 	if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) )
    38. 

  38. 		wp_die( __( 'You are not allowed to edit this item.' ) );
    39. 

  39. 

  40. 	if ( 2 == $_REQUEST['fetch'] ) {
    41. 

  41. 		add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
    42. 

  42. 		echo get_media_item($id, array( 'send' => false, 'delete' => true ));
    43. 

  43. 	} else {
    44. 

  44. 		add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
    45. 

  45. 		echo get_media_item($id);
    46. 

  46. 	}
    47. 

  47. 	exit;
    48. 

  48. }
    49. 

  49. 

  50. check_admin_referer('media-form');
    51. 

  51. 

  52. $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
    53. 

  53. if ( is_wp_error($id) ) {
    54. 

  54. 	echo '<div class="error-div">
    55. 

  55. 	<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>
    56. 

  56. 	<strong>' . sprintf(__('&#8220;%s&#8221; has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']) ) . '</strong><br />' .
    57. 

  57. 	esc_html($id->get_error_message()) . '</div>';
    58. 

  58. 	exit;
    59. 

  59. }
    60. 

  60. 

  61. if ( $_REQUEST['short'] ) {
    62. 

  62. 	// short form response - attachment ID only
    63. 

  63. 	echo $id;
    64. 

  64. } else {
    65. 

  65. 	// long form response - big chunk o html
    66. 

  66. 	$type = $_REQUEST['type'];
    67. 

  67. 	echo apply_filters("async_upload_{$type}", $id);
    68. 

  68. }
    69. 

  69. 

  70. ?>
    71. 

  71.