AdminNotices.php
5 years ago
AjaxHandler.php
5 years ago
Autologin.php
5 years ago
BuddyPressBbPress.php
5 years ago
EditUserProfile.php
5 years ago
ExtensionManager.php
5 years ago
FileUploader.php
5 years ago
FormPreviewHandler.php
5 years ago
FormRepository.php
5 years ago
FormShortcodeDefaults.php
5 years ago
GDPR.php
5 years ago
GlobalSiteAccess.php
5 years ago
ImageUploader.php
5 years ago
LoginAuth.php
5 years ago
Miscellaneous.php
5 years ago
ModifyRedirectDefaultLinks.php
5 years ago
PPRESS_Session.php
5 years ago
PROFILEPRESS_sql.php
5 years ago
PasswordReset.php
5 years ago
ProfileUrlRewrite.php
5 years ago
RegistrationAuth.php
5 years ago
SendEmail.php
5 years ago
ShortcodeThemeFactory.php
5 years ago
UserAvatar.php
5 years ago
UserSignupLocationListingPage.php
5 years ago
UsernameEmailRestrictLogin.php
5 years ago
WelcomeEmailAfterSignup.php
5 years ago
default-email-template.php
5 years ago
index.php
5 years ago
FileUploader.php
192 lines
| 1 | <?php |
| 2 | |
| 3 | namespace ProfilePress\Core\Classes; |
| 4 | |
| 5 | use WP_Error; |
| 6 | |
| 7 | /** |
| 8 | * @package ProfilePress custom file upload PHP class |
| 9 | * |
| 10 | * @since 1.10 |
| 11 | */ |
| 12 | class FileUploader |
| 13 | { |
| 14 | /** init poop */ |
| 15 | public static function init() |
| 16 | { |
| 17 | $result = array(); |
| 18 | |
| 19 | if (empty($_FILES)) return $result; |
| 20 | |
| 21 | // remove registration and edit profile avatar and cover image from files uploaded to be processed. |
| 22 | $skip = ['wpua-file', 'reg_avatar', 'eup_avatar', 'reg_cover_image', 'eup_cover_image']; |
| 23 | |
| 24 | foreach ($_FILES as $field_key => $uploaded_file_array) { |
| 25 | if ( ! in_array($field_key, $skip) && ! empty($uploaded_file_array)) { |
| 26 | $result[$field_key] = self::process($uploaded_file_array, $field_key); |
| 27 | } |
| 28 | } |
| 29 | |
| 30 | return $result; |
| 31 | } |
| 32 | |
| 33 | /** |
| 34 | * Upload the file |
| 35 | * |
| 36 | * @param $file |
| 37 | * |
| 38 | * @return bool|WP_Error |
| 39 | */ |
| 40 | public static function process($file, $field_key) |
| 41 | { |
| 42 | /** |
| 43 | * Fires before image is process for validation and uploading |
| 44 | */ |
| 45 | do_action('ppress_before_saving_file', $file, $field_key); |
| 46 | |
| 47 | // validate all uploaded file but only return error for file with hidden "required-"field-key" field POSTed data. |
| 48 | // i.e if the file has the "required" shortcode attribute. |
| 49 | // added in "reg_custom_profile_field" in registration shortcode parser. |
| 50 | |
| 51 | if ($file["error"] !== 0) { |
| 52 | self::error_file_logger($file, self::codeToMessage($file["error"])); |
| 53 | if (isset($_POST["required-{$field_key}"])) { |
| 54 | return new WP_Error( |
| 55 | 'file_error', |
| 56 | apply_filters('ppress_file_unexpected_error', |
| 57 | esc_html__('Unexpected error with file upload, Please try again.', 'wp-user-avatar'), |
| 58 | $field_key |
| 59 | ) |
| 60 | ); |
| 61 | } |
| 62 | |
| 63 | return false; |
| 64 | } |
| 65 | |
| 66 | // filesize in megabyte. default is 10MB |
| 67 | $file_size = apply_filters('ppress_file_upload_size', 10, $field_key); |
| 68 | |
| 69 | if ($file["size"] > ($file_size * 1000000)) { |
| 70 | return new WP_Error('file_too_large', apply_filters( |
| 71 | 'ppress_file_too_large', |
| 72 | sprintf( |
| 73 | esc_html__('Uploaded file is greater than the allowed sized of %s', 'wp-user-avatar'), |
| 74 | "$file_size MB" |
| 75 | ), |
| 76 | $field_key |
| 77 | ) |
| 78 | ); |
| 79 | } |
| 80 | |
| 81 | // array of allowed file extensions |
| 82 | $extensions = PROFILEPRESS_sql::get_field_option_values($field_key); |
| 83 | |
| 84 | $allowed_extensions = array_filter(array_map('trim', explode(',', $extensions)), function ($value) { |
| 85 | return ! empty($value); |
| 86 | }); |
| 87 | |
| 88 | $filename = $file['name']; |
| 89 | |
| 90 | // get the file extension |
| 91 | $fileExtension = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); |
| 92 | |
| 93 | if ( ! empty($allowed_extensions) && ! in_array($fileExtension, $allowed_extensions)) { |
| 94 | return new WP_Error('invalid_file', $filename . ' ' . apply_filters('ppress_invalid_file_error', esc_html__('appears to be of an invalid file format. Please try again.', 'wp-user-avatar'), $field_key)); |
| 95 | } |
| 96 | |
| 97 | $file_upload_dir = apply_filters('ppress_file_upload_dir', PPRESS_FILE_UPLOAD_DIR, $field_key); |
| 98 | |
| 99 | // ensure a safe filename |
| 100 | $file_name = preg_replace("/[^A-Z0-9._-]/i", "_", $filename); |
| 101 | |
| 102 | // don't overwrite an existing file |
| 103 | $i = 0; |
| 104 | $file_exist_parts = pathinfo($file_name); |
| 105 | while (file_exists($file_upload_dir . $file_name)) { |
| 106 | $i++; |
| 107 | $file_name = $file_exist_parts["filename"] . "-" . $i . "." . $file_exist_parts["extension"]; |
| 108 | } |
| 109 | |
| 110 | // does file uploads folder exist? if NO, create it. |
| 111 | if ( ! file_exists($file_upload_dir)) { |
| 112 | mkdir($file_upload_dir, 0755); |
| 113 | } |
| 114 | |
| 115 | // create index.php file in file uploads folder |
| 116 | if ( ! file_exists($file_upload_dir . '/index.php')) { |
| 117 | ppress_create_index_file($file_upload_dir); |
| 118 | } |
| 119 | |
| 120 | // preserve file from temporary directory |
| 121 | $success = move_uploaded_file($file["tmp_name"], $file_upload_dir . $file_name); |
| 122 | |
| 123 | if ( ! $success) { |
| 124 | return new WP_Error ('save_error', |
| 125 | sprintf(__("Unable to save %s, please try again.", 'wp-user-avatar'), $file_name)); |
| 126 | } |
| 127 | |
| 128 | // set proper permissions on the new file |
| 129 | chmod($file_upload_dir . $file_name, 0644); |
| 130 | |
| 131 | /** |
| 132 | * Fires after file have been saved |
| 133 | * |
| 134 | * @param string $file_name uploaded image url |
| 135 | */ |
| 136 | do_action('ppress_after_saving_file', $file_name, $file_upload_dir); |
| 137 | |
| 138 | return $file_name; |
| 139 | } |
| 140 | |
| 141 | /** |
| 142 | * Error message of file upload converted from errorCode to readable message. |
| 143 | * |
| 144 | * @param int $code |
| 145 | * |
| 146 | * @return string |
| 147 | */ |
| 148 | public static function codeToMessage($code) |
| 149 | { |
| 150 | switch ($code) { |
| 151 | case UPLOAD_ERR_INI_SIZE: |
| 152 | $message = __("The uploaded file exceeds the upload_max_filesize directive in php.ini", 'wp-user-avatar'); |
| 153 | break; |
| 154 | case UPLOAD_ERR_FORM_SIZE: |
| 155 | $message = __("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form", 'wp-user-avatar'); |
| 156 | break; |
| 157 | case UPLOAD_ERR_PARTIAL: |
| 158 | $message = __("The uploaded file was only partially uploaded", 'wp-user-avatar'); |
| 159 | break; |
| 160 | case UPLOAD_ERR_NO_FILE: |
| 161 | $message = __("No file was uploaded", 'wp-user-avatar'); |
| 162 | break; |
| 163 | case UPLOAD_ERR_NO_TMP_DIR: |
| 164 | $message = __("Missing a temporary folder", 'wp-user-avatar'); |
| 165 | break; |
| 166 | case UPLOAD_ERR_CANT_WRITE: |
| 167 | $message = __("Failed to write file to disk", 'wp-user-avatar'); |
| 168 | break; |
| 169 | case UPLOAD_ERR_EXTENSION: |
| 170 | $message = __("File upload stopped by extension", 'wp-user-avatar'); |
| 171 | break; |
| 172 | |
| 173 | default: |
| 174 | $message = "Unknown upload error"; |
| 175 | break; |
| 176 | } |
| 177 | |
| 178 | return $message; |
| 179 | } |
| 180 | |
| 181 | |
| 182 | /** |
| 183 | * @param array $file_array global $_File['field_key'] of the file. |
| 184 | * @param string $error_message |
| 185 | */ |
| 186 | public static function error_file_logger($file_array, $error_message) |
| 187 | { |
| 188 | $error = $error_message . ' => ' . json_encode($file_array); |
| 189 | |
| 190 | ppress_log_error($error); |
| 191 | } |
| 192 | } |