2016-05-10 07:45:42 -04:00
|
|
|
<?php
|
|
|
|
/**
|
2016-05-10 07:52:28 -04:00
|
|
|
* Upgrade API: File_Upload_Upgrader class
|
2016-05-10 07:45:42 -04:00
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Upgrader
|
2016-05-10 07:52:28 -04:00
|
|
|
* @since 4.6.0
|
2016-05-10 07:45:42 -04:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Core class used for handling file uploads.
|
|
|
|
*
|
|
|
|
* This class handles the upload process and passes it as if it's a local file
|
|
|
|
* to the Upgrade/Installer functions.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
2016-05-13 16:59:27 -04:00
|
|
|
* @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
|
2016-05-10 07:45:42 -04:00
|
|
|
*/
|
|
|
|
class File_Upload_Upgrader {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The full path to the file package.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
* @access public
|
|
|
|
* @var string $package
|
|
|
|
*/
|
|
|
|
public $package;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The name of the file.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
* @access public
|
|
|
|
* @var string $filename
|
|
|
|
*/
|
|
|
|
public $filename;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The ID of the attachment post for this file.
|
|
|
|
*
|
|
|
|
* @since 3.3.0
|
|
|
|
* @access public
|
|
|
|
* @var int $id
|
|
|
|
*/
|
|
|
|
public $id = 0;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Construct the upgrader for a form.
|
|
|
|
*
|
|
|
|
* @since 2.8.0
|
|
|
|
* @access public
|
|
|
|
*
|
|
|
|
* @param string $form The name of the form the file was uploaded from.
|
|
|
|
* @param string $urlholder The name of the `GET` parameter that holds the filename.
|
|
|
|
*/
|
|
|
|
public function __construct( $form, $urlholder ) {
|
|
|
|
|
|
|
|
if ( empty($_FILES[$form]['name']) && empty($_GET[$urlholder]) )
|
|
|
|
wp_die(__('Please select a file'));
|
|
|
|
|
|
|
|
//Handle a newly uploaded file, Else assume it's already been uploaded
|
|
|
|
if ( ! empty($_FILES) ) {
|
|
|
|
$overrides = array( 'test_form' => false, 'test_type' => false );
|
|
|
|
$file = wp_handle_upload( $_FILES[$form], $overrides );
|
|
|
|
|
|
|
|
if ( isset( $file['error'] ) )
|
|
|
|
wp_die( $file['error'] );
|
|
|
|
|
2024-01-30 10:08:23 -05:00
|
|
|
if ( 'pluginzip' === $form || 'themezip' === $form ) {
|
|
|
|
$archive_is_valid = false;
|
|
|
|
|
|
|
|
/** This filter is documented in wp-admin/includes/file.php */
|
|
|
|
if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
|
|
|
|
$archive = new ZipArchive();
|
|
|
|
$archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
|
|
|
|
|
|
|
|
if ( true === $archive_is_valid ) {
|
|
|
|
$archive->close();
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
|
|
|
|
|
|
|
|
$archive = new PclZip( $file['file'] );
|
|
|
|
$archive_is_valid = is_array( $archive->properties() );
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( true !== $archive_is_valid ) {
|
|
|
|
wp_delete_file( $file['file'] );
|
|
|
|
wp_die( __( 'Incompatible Archive.' ) );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-10 07:45:42 -04:00
|
|
|
$this->filename = $_FILES[$form]['name'];
|
|
|
|
$this->package = $file['file'];
|
|
|
|
|
|
|
|
// Construct the object array
|
|
|
|
$object = array(
|
|
|
|
'post_title' => $this->filename,
|
|
|
|
'post_content' => $file['url'],
|
|
|
|
'post_mime_type' => $file['type'],
|
|
|
|
'guid' => $file['url'],
|
|
|
|
'context' => 'upgrader',
|
|
|
|
'post_status' => 'private'
|
|
|
|
);
|
|
|
|
|
|
|
|
// Save the data.
|
|
|
|
$this->id = wp_insert_attachment( $object, $file['file'] );
|
|
|
|
|
|
|
|
// Schedule a cleanup for 2 hours from now in case of failed install.
|
|
|
|
wp_schedule_single_event( time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array( $this->id ) );
|
|
|
|
|
|
|
|
} elseif ( is_numeric( $_GET[$urlholder] ) ) {
|
|
|
|
// Numeric Package = previously uploaded file, see above.
|
|
|
|
$this->id = (int) $_GET[$urlholder];
|
|
|
|
$attachment = get_post( $this->id );
|
|
|
|
if ( empty($attachment) )
|
|
|
|
wp_die(__('Please select a file'));
|
|
|
|
|
|
|
|
$this->filename = $attachment->post_title;
|
|
|
|
$this->package = get_attached_file( $attachment->ID );
|
|
|
|
} else {
|
|
|
|
// Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
|
|
|
|
if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
|
|
|
|
wp_die( $uploads['error'] );
|
|
|
|
|
2016-09-06 13:29:31 -04:00
|
|
|
$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
|
2016-05-10 07:45:42 -04:00
|
|
|
$this->package = $uploads['basedir'] . '/' . $this->filename;
|
2016-09-06 13:29:31 -04:00
|
|
|
|
|
|
|
if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
|
|
|
|
wp_die( __( 'Please select a file' ) );
|
|
|
|
}
|
2016-05-10 07:45:42 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Delete the attachment/uploaded file.
|
|
|
|
*
|
|
|
|
* @since 3.2.2
|
|
|
|
* @access public
|
|
|
|
*
|
|
|
|
* @return bool Whether the cleanup was successful.
|
|
|
|
*/
|
|
|
|
public function cleanup() {
|
|
|
|
if ( $this->id )
|
|
|
|
wp_delete_attachment( $this->id );
|
|
|
|
|
|
|
|
elseif ( file_exists( $this->package ) )
|
|
|
|
return @unlink( $this->package );
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|