From ef278df299f38b8e172262039f3bd38d56a64543 Mon Sep 17 00:00:00 2001
From: dd32 <dd32@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 28 Aug 2011 08:42:07 +0000
Subject: [PATCH] Store Plugin/Theme uploads in the Media Library properly. Add
 Scheduled cleanup +2hrs to clean up any aborted installation attempts. See
 #18182

git-svn-id: http://svn.automattic.com/wordpress/trunk@18617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/class-wp-upgrader.php | 61 +++++++++++++++++++------
 wp-admin/update.php                     |  4 +-
 wp-includes/default-filters.php         |  1 +
 3 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php
index 2ab5e002a1..d2687443b0 100644
--- a/wp-admin/includes/class-wp-upgrader.php
+++ b/wp-admin/includes/class-wp-upgrader.php
@@ -1434,35 +1434,66 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin {
 class File_Upload_Upgrader {
 	var $package;
 	var $filename;
+	var $id = 0;
 
 	function __construct($form, $urlholder) {
-		if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
-			wp_die($uploads['error']);
 
 		if ( empty($_FILES[$form]['name']) && empty($_GET[$urlholder]) )
 			wp_die(__('Please select a file'));
 
-		if ( !empty($_FILES) )
-			$this->filename = $_FILES[$form]['name'];
-		else if ( isset($_GET[$urlholder]) )
-			$this->filename = $_GET[$urlholder];
-
 		//Handle a newly uploaded file, Else assume its already been uploaded
-		if ( !empty($_FILES) ) {
-			$this->filename = wp_unique_filename( $uploads['basedir'], $this->filename );
-			$this->package = $uploads['basedir'] . '/' . $this->filename;
+		if ( ! empty($_FILES) ) {
+			$overrides = array( 'test_form' => false, 'test_type' => false );
+			$file = wp_handle_upload( $_FILES[$form], $overrides );
 
-			// Move the file to the uploads dir
-			if ( false === @ move_uploaded_file( $_FILES[$form]['tmp_name'], $this->package) )
-				wp_die( sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path']));
+			if ( isset( $file['error'] ) )
+				wp_die( $file['error'] );
+
+			$this->filename = $_FILES[$form]['name'];
+			$this->package = $file['file'];
+
+			// Construct the object array
+			$object = array(
+				'post_title' => $this->filename,
+				'post_content' => $file['url'],
+				'post_mime_type' => $file['type'],
+				'guid' => $file['url'],
+				'context' => 'upgrader',
+				'post_status' => 'private'
+			);
+
+			// Save the data
+			$this->id = wp_insert_attachment( $object, $file['file'] );
+
+			// schedule a cleanup for 2 hours from now in case of failed install
+			wp_schedule_single_event( time() + 7200, 'upgrader_scheduled_cleanup', array( $this->id ) );
+
+		} elseif ( is_numeric( $_GET[$urlholder] ) ) {
+			// Numeric Package = previously uploaded file, see above.
+			$this->id = (int) $_GET[$urlholder];
+			$attachment = get_post( $this->id );
+			if ( empty($attachment) )
+				wp_die(__('Please select a file'));	
+
+			$this->filename = $attachment->post_title;
+			$this->package = get_attached_file( $attachment->ID );
 		} else {
+			// Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
+			if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
+				wp_die( $uploads['error'] );
+
+			$this->filename = $_GET[$urlholder];
 			$this->package = $uploads['basedir'] . '/' . $this->filename;
 		}
 	}
 
 	function cleanup() {
-		if ( file_exists($this->package) )
-			return @unlink($this->package);
+		if ( $this->id )
+			wp_delete_attachment( $this->id );
+
+		elseif ( file_exists( $this->package ) )
+			return @unlink( $this->package );
+
 		return true;
 	}
 }
\ No newline at end of file
diff --git a/wp-admin/update.php b/wp-admin/update.php
index a37f05060a..71708d044b 100644
--- a/wp-admin/update.php
+++ b/wp-admin/update.php
@@ -134,7 +134,7 @@ if ( isset($_GET['action']) ) {
 
 		$title = sprintf( __('Installing Plugin from uploaded file: %s'), basename( $file_upload->filename ) );
 		$nonce = 'plugin-upload';
-		$url = add_query_arg(array('package' => $file_upload->filename ), 'update.php?action=upload-plugin');
+		$url = add_query_arg(array('package' => $file_upload->id), 'update.php?action=upload-plugin');
 		$type = 'upload'; //Install plugin type, From Web or an Upload.
 
 		$upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact('type', 'title', 'nonce', 'url') ) );
@@ -239,7 +239,7 @@ if ( isset($_GET['action']) ) {
 
 		$title = sprintf( __('Installing Theme from uploaded file: %s'), basename( $file_upload->filename ) );
 		$nonce = 'theme-upload';
-		$url = add_query_arg(array('package' => $file_upload->filename), 'update.php?action=upload-theme');
+		$url = add_query_arg(array('package' => $file_upload->id), 'update.php?action=upload-theme');
 		$type = 'upload'; //Install plugin type, From Web or an Upload.
 
 		$upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact('type', 'title', 'nonce', 'url') ) );
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index d1b05c9bb1..bd1309601b 100644
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -259,6 +259,7 @@ add_action( 'comment_form',               'wp_comment_form_unfiltered_html_nonce
 add_action( 'wp_scheduled_delete',        'wp_scheduled_delete'                            );
 add_action( 'admin_init',                 'send_frame_options_header',               10, 0 );
 add_action( 'importer_scheduled_cleanup', 'wp_delete_attachment'                           );
+add_action( 'upgrader_scheduled_cleanup', 'wp_delete_attachment'                           );
 
 // Navigation menu actions
 add_action( 'delete_post',                '_wp_delete_post_menu_item'         );