2008-01-09 03:14:29 -05:00
|
|
|
<?php
|
2008-08-14 02:30:38 -04:00
|
|
|
/**
|
|
|
|
* Manage media uploaded file.
|
|
|
|
*
|
|
|
|
* There are many filters in here for media. Plugins can extend functionality
|
|
|
|
* by hooking into the filters.
|
|
|
|
*
|
|
|
|
* @package WordPress
|
|
|
|
* @subpackage Administration
|
|
|
|
*/
|
|
|
|
|
2017-11-30 18:11:00 -05:00
|
|
|
if ( ! isset( $_GET['inline'] ) ) {
|
|
|
|
define( 'IFRAME_REQUEST', true );
|
|
|
|
}
|
2010-10-18 13:58:36 -04:00
|
|
|
|
2008-08-14 02:30:38 -04:00
|
|
|
/** Load WordPress Administration Bootstrap */
|
2020-02-06 01:33:11 -05:00
|
|
|
require_once __DIR__ . '/admin.php';
|
2008-09-27 04:17:55 -04:00
|
|
|
|
2015-09-02 12:21:21 -04:00
|
|
|
if ( ! current_user_can( 'upload_files' ) ) {
|
2016-06-29 11:16:29 -04:00
|
|
|
wp_die( __( 'Sorry, you are not allowed to upload files.' ), 403 );
|
2015-09-02 12:21:21 -04:00
|
|
|
}
|
2008-09-27 04:17:55 -04:00
|
|
|
|
2017-11-30 18:11:00 -05:00
|
|
|
wp_enqueue_script( 'plupload-handlers' );
|
|
|
|
wp_enqueue_script( 'image-edit' );
|
|
|
|
wp_enqueue_script( 'set-post-thumbnail' );
|
|
|
|
wp_enqueue_style( 'imgareaselect' );
|
2012-04-04 20:20:28 -04:00
|
|
|
wp_enqueue_script( 'media-gallery' );
|
2008-01-09 03:14:29 -05:00
|
|
|
|
2019-07-09 01:45:58 -04:00
|
|
|
header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
|
2008-01-09 03:14:29 -05:00
|
|
|
|
2020-01-28 19:45:18 -05:00
|
|
|
// IDs should be integers.
|
2017-11-30 18:11:00 -05:00
|
|
|
$ID = isset( $ID ) ? (int) $ID : 0;
|
|
|
|
$post_id = isset( $post_id ) ? (int) $post_id : 0;
|
2008-01-09 03:14:29 -05:00
|
|
|
|
2014-07-17 05:14:16 -04:00
|
|
|
// Require an ID for the edit screen.
|
2020-02-09 11:53:06 -05:00
|
|
|
if ( isset( $action ) && 'edit' == $action && ! $ID ) {
|
2015-09-02 12:21:21 -04:00
|
|
|
wp_die(
|
2018-02-18 21:13:32 -05:00
|
|
|
'<h1>' . __( 'Something went wrong.' ) . '</h1>' .
|
2015-09-02 12:21:21 -04:00
|
|
|
'<p>' . __( 'Invalid item ID.' ) . '</p>',
|
|
|
|
403
|
|
|
|
);
|
2015-02-03 02:47:22 -05:00
|
|
|
}
|
2008-01-09 03:14:29 -05:00
|
|
|
|
2017-11-30 18:11:00 -05:00
|
|
|
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post', $_REQUEST['post_id'] ) ) {
|
2015-09-02 12:21:21 -04:00
|
|
|
wp_die(
|
2018-02-18 21:13:32 -05:00
|
|
|
'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
|
2016-06-29 11:16:29 -04:00
|
|
|
'<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',
|
2015-09-02 12:21:21 -04:00
|
|
|
403
|
|
|
|
);
|
2015-02-03 02:47:22 -05:00
|
|
|
}
|
|
|
|
|
2020-01-28 19:45:18 -05:00
|
|
|
// Upload type: image, video, file, ...?
|
2017-11-30 18:11:00 -05:00
|
|
|
if ( isset( $_GET['type'] ) ) {
|
|
|
|
$type = strval( $_GET['type'] );
|
2015-02-03 02:47:22 -05:00
|
|
|
} else {
|
|
|
|
/**
|
2016-05-22 14:01:30 -04:00
|
|
|
* Filters the default media upload type in the legacy (pre-3.5.0) media popup.
|
2015-02-03 02:47:22 -05:00
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @param string $type The default media upload type. Possible values include
|
|
|
|
* 'image', 'audio', 'video', 'file', etc. Default 'file'.
|
|
|
|
*/
|
|
|
|
$type = apply_filters( 'media_upload_default_type', 'file' );
|
|
|
|
}
|
2008-01-09 03:14:29 -05:00
|
|
|
|
2015-02-03 02:47:22 -05:00
|
|
|
// Tab: gallery, library, or type-specific.
|
2017-11-30 18:11:00 -05:00
|
|
|
if ( isset( $_GET['tab'] ) ) {
|
|
|
|
$tab = strval( $_GET['tab'] );
|
2015-02-03 02:47:22 -05:00
|
|
|
} else {
|
|
|
|
/**
|
2016-05-22 14:01:30 -04:00
|
|
|
* Filters the default tab in the legacy (pre-3.5.0) media popup.
|
2015-02-03 02:47:22 -05:00
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*
|
|
|
|
* @param string $type The default media popup tab. Default 'type' (From Computer).
|
|
|
|
*/
|
|
|
|
$tab = apply_filters( 'media_upload_default_tab', 'type' );
|
|
|
|
}
|
2008-12-09 13:03:31 -05:00
|
|
|
|
2015-02-03 02:47:22 -05:00
|
|
|
$body_id = 'media-upload';
|
2008-12-09 13:03:31 -05:00
|
|
|
|
2015-02-03 02:47:22 -05:00
|
|
|
// Let the action code decide how to handle the request.
|
2020-02-09 11:53:06 -05:00
|
|
|
if ( 'type' == $tab || 'type_url' == $tab || ! array_key_exists( $tab, media_upload_tabs() ) ) {
|
2015-02-03 02:47:22 -05:00
|
|
|
/**
|
|
|
|
* Fires inside specific upload-type views in the legacy (pre-3.5.0)
|
|
|
|
* media popup based on the current tab.
|
|
|
|
*
|
|
|
|
* The dynamic portion of the hook name, `$type`, refers to the specific
|
|
|
|
* media upload type. Possible values include 'image', 'audio', 'video',
|
|
|
|
* 'file', etc.
|
|
|
|
*
|
|
|
|
* The hook only fires if the current `$tab` is 'type' (From Computer),
|
|
|
|
* 'type_url' (From URL), or, if the tab does not exist (i.e., has not
|
|
|
|
* been registered via the {@see 'media_upload_tabs'} filter.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*/
|
2016-08-22 14:25:31 -04:00
|
|
|
do_action( "media_upload_{$type}" );
|
2015-02-03 02:47:22 -05:00
|
|
|
} else {
|
|
|
|
/**
|
|
|
|
* Fires inside limited and specific upload-tab views in the legacy
|
|
|
|
* (pre-3.5.0) media popup.
|
|
|
|
*
|
|
|
|
* The dynamic portion of the hook name, `$tab`, refers to the specific
|
|
|
|
* media upload tab. Possible values include 'library' (Media Library),
|
|
|
|
* or any custom tab registered via the {@see 'media_upload_tabs'} filter.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
*/
|
2016-08-22 14:25:31 -04:00
|
|
|
do_action( "media_upload_{$tab}" );
|
2015-02-03 02:47:22 -05:00
|
|
|
}
|
2008-12-09 13:03:31 -05:00
|
|
|
|