From 607ec769f020a026763e8ff0805540f1047b43b8 Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 17 Sep 2009 20:36:59 +0000 Subject: [PATCH] Press This fixes. Props noel. fixes #10784 git-svn-id: http://svn.automattic.com/wordpress/trunk@11944 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/media.php | 24 +++-- wp-admin/press-this.php | 207 ++++++++++++++++++------------------ 2 files changed, 122 insertions(+), 109 deletions(-) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 5bdb221662..a68987b986 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -249,8 +249,8 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) { */ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data = array()) { $overrides = array('test_form'=>false); + $file = wp_handle_sideload($file_array, $overrides); - if ( isset($file['error']) ) return new WP_Error( 'upload_error', $file['error'] ); @@ -279,7 +279,7 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data = 'post_content' => $content, ), $post_data ); - // Save the data + // Save the attachment metadata $id = wp_insert_attachment($attachment, $file, $post_id); if ( !is_wp_error($id) ) { wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); @@ -520,25 +520,33 @@ function media_upload_image() { */ function media_sideload_image($file, $post_id, $desc = null) { if (!empty($file) ) { - $file_array['name'] = basename($file); + // Download file to temp location $tmp = download_url($file); + + // Set variables for storage + // fix file filename for query strings + preg_match('/[^\?]+\.(jpg|JPG|jpe|JPE|jpeg|JPEG|gif|GIF|png|PNG)/', $file, $matches); + $file_array['name'] = basename($matches[0]); $file_array['tmp_name'] = $tmp; - $desc = @$desc; + // If error storing temporarily, unlink if ( is_wp_error($tmp) ) { @unlink($file_array['tmp_name']); $file_array['tmp_name'] = ''; } - - $id = media_handle_sideload($file_array, $post_id, $desc); + + // do the validation and storage stuff + $id = media_handle_sideload($file_array, $post_id, @$desc); $src = $id; - + + // If error storing permanently, unlink if ( is_wp_error($id) ) { @unlink($file_array['tmp_name']); return $id; } } - + + // Finally check to make sure the file has been saved, then return the html if ( !empty($src) ) { $alt = @$desc; $html = "$alt"; diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index c6632b5195..b6e14dda14 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -42,29 +42,29 @@ function aposfix($text) { function press_it() { // define some basic variables $quick['post_status'] = 'draft'; // set as draft first - $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null; - $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : ''; - $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : ''; + $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null; + $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : ''; + $quick['post_title'] = isset($_POST['title']) ? $_POST['title'] : ''; $quick['post_content'] = ''; // insert the post with nothing in it, to get an ID $post_ID = wp_insert_post($quick, true); - $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : ''; + $content = isset($_POST['content']) ? $_POST['content'] : ''; $upload = false; - if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') ) - foreach( (array) $_REQUEST['photo_src'] as $key => $image) + if( !empty($_POST['photo_src']) && current_user_can('upload_files') ) + foreach( (array) $_POST['photo_src'] as $key => $image) // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : ''; + if( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { + $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; $upload = media_sideload_image($image, $post_ID, $desc); // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); + if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } - + // set the post_content and status - $quick['post_status'] = isset($_REQUEST['publish']) ? 'publish' : 'draft'; + $quick['post_status'] = isset($_POST['publish']) ? 'publish' : 'draft'; $quick['post_content'] = $content; // error handling for $post if ( is_wp_error($post_ID)) { @@ -100,80 +100,86 @@ if ( ! empty($selection) ) { $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; $image = isset($_GET['i']) ? $_GET['i'] : ''; -if ( !empty($_REQUEST['ajax']) ) { -switch ($_REQUEST['ajax']) { - case 'video': ?> - -
-

-
- -

-
-
- - -

-
-
- -
-
- -

- <?php echo esc_attr(__('Click to insert.')); ?>

- -

- - - - -

-
-
- +if ( !empty($_GET['ajax']) ) { + switch ($_GET['ajax']) { + case 'video': ?> + +
+

+
+ +

+
-
+ -
-
- + case 'photo_thickbox': ?> + +

+
+
+ +
-
-

|

- + + + <?php echo esc_attr(__('Click to insert.')); ?> + +

+ +

+ + +

+
+
+ +
+
+

+
+
+ +
+
+ +

|

+ ]*)src=(\"|\')([^<>]+?\.(png|jpeg|jpg|jpe|gif))[^<>\'\"]*(\2)([^>\/]*)\/*>/is'; + $pattern = '/]*)src=(\"|\')([^<>]+?\.(png|jpeg|jpg|jpe|gif)[^<>\'\"]*)(\2)([^>\/]*)\/*>/is'; preg_match_all($pattern, $content, $matches); if ( empty($matches[0]) ) return ''; @@ -210,7 +216,6 @@ switch ($_REQUEST['ajax']) { return "'" . implode("','", $sources) . "'"; } $url = urldecode($url); - $url = str_replace(' ', '%20', $url); echo 'new Array('.get_images_from_uri($url).')'; break; @@ -219,31 +224,31 @@ switch ($_REQUEST['ajax']) { // gather images and load some default JS var last = null var img, img_tag, aspect, w, h, skip, i, strtoappend = ""; + var my_src = eval( + jQuery.ajax({ + type: "GET", + url: "", + cache : false, + async : false, + data: "ajax=photo_images&u=", + dataType : "script" + }).responseText + ); + if(my_src.length == 0) { var my_src = eval( jQuery.ajax({ - type: "GET", - url: "", + type: "GET", + url: "", cache : false, async : false, - data: "ajax=photo_images&u=", + data: "ajax=photo_images&u=", dataType : "script" }).responseText ); if(my_src.length == 0) { - var my_src = eval( - jQuery.ajax({ - type: "GET", - url: "", - cache : false, - async : false, - data: "ajax=photo_images&u=", - dataType : "script" - }).responseText - ); - if(my_src.length == 0) { - strtoappend = ''; - } + strtoappend = ''; } + } for (i = 0; i < my_src.length; i++) { img = new Image();