Prevent IE9 and lower displaying the download file dialogue when attempting

to upload using the `html4` Plupload handler.

The HTML4 Plupload handler uses a hidden iframe to POST the upload form, and
unfortunately Internet Explorer 9 doesn't support the `application/json`
content-type which `wp_send_json_success()` and requires `text/html` instead.

This partially reverts [30354], keeping the better error messages.

Merges [31429] to the 4.1 branch.
Fixes #31037.

Built from https://develop.svn.wordpress.org/branches/4.1@31430


git-svn-id: http://core.svn.wordpress.org/branches/4.1@31411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse 2015-02-12 01:33:24 +00:00
parent d349b9fdaf
commit 281b8022e1
2 changed files with 45 additions and 15 deletions

View File

@ -32,6 +32,8 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio
require_once( ABSPATH . 'wp-admin/admin.php' );
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
@ -46,8 +48,6 @@ if ( ! current_user_can( 'upload_files' ) ) {
wp_die( __( 'You do not have permission to upload files.' ) );
}
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
// just fetch the detail form for that attachment
if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
$post = get_post( $id );

View File

@ -1832,21 +1832,36 @@ function wp_ajax_update_widget() {
*/
function wp_ajax_upload_attachment() {
check_ajax_referer( 'media-form' );
/*
* This function does not use wp_send_json_success() / wp_send_json_error()
* as the html4 Plupload handler requires a text/html content-type for older IE.
* See https://core.trac.wordpress.org/ticket/31037
*/
if ( ! current_user_can( 'upload_files' ) ) {
wp_send_json_error( array(
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => __( "You don't have permission to upload files." ),
'filename' => $_FILES['async-upload']['name'],
)
) );
wp_die();
}
if ( isset( $_REQUEST['post_id'] ) ) {
$post_id = $_REQUEST['post_id'];
if ( ! current_user_can( 'edit_post', $post_id ) ) {
wp_send_json_error( array(
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => __( "You don't have permission to attach files to this post." ),
'filename' => $_FILES['async-upload']['name'],
)
) );
wp_die();
}
} else {
$post_id = null;
@ -1858,20 +1873,30 @@ function wp_ajax_upload_attachment() {
if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
$wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
wp_send_json_error( array(
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => __( 'The uploaded file is not a valid image. Please try again.' ),
'filename' => $_FILES['async-upload']['name'],
)
) );
wp_die();
}
}
$attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
if ( is_wp_error( $attachment_id ) ) {
wp_send_json_error( array(
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => $attachment_id->get_error_message(),
'filename' => $_FILES['async-upload']['name'],
)
) );
wp_die();
}
if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
@ -1885,7 +1910,12 @@ function wp_ajax_upload_attachment() {
if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
wp_die();
wp_send_json_success( $attachment );
echo wp_json_encode( array(
'success' => true,
'data' => $attachment,
) );
wp_die();
}
/**