summaryrefslogtreecommitdiffstats
path: root/wp-inst/wp-admin/upload.php
blob: 61c8f218fca5da255d80983ed715e705438a72e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
<?php
require_once('admin.php');

$title = 'Upload Image or File';

require_once('admin-header.php');

if ($user_level == 0) //Checks to see if user has logged in
	die (__("Cheatin' uh ?"));

if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
	die (__("The admin disabled this function"));

if ( !get_settings('fileupload_minlevel') )
	die (__("You are not allowed to upload files"));

$allowed_types = explode(' ', "jpg jpeg png gif");

if ($_POST['submit']) {
	$action = 'upload';
} else {
	$action = '';
}

if (!is_writable(get_settings('fileupload_realpath')))
	$action = 'not-writable';
$action = apply_filters('fileupload_init',$action);
?>

<div class="wrap">

<?php
switch ($action) {
case 'not-writable':
?>
<p><?php printf(__("It doesn't look like you can use the file upload feature at this time because the directory you have specified (<code>%s</code>) doesn't appear to be writable by WordPress. Check the permissions on the directory and for typos."), get_settings('fileupload_realpath')) ?></p>

<?php
break;
case '':
	foreach ($allowed_types as $type) {
		$type_tags[] = "<code>$type</code>";
	}
	$i = implode(', ', $type_tags);
?>
<p><?php printf(__('You can upload files with the extension %1$s as long as they are no larger than %2$s <abbr title="Kilobytes">KB</abbr>. If you&#8217;re an admin you can configure these values under <a href="%3$s">options</a>.'), $i, get_settings('fileupload_maxk'), 'options-misc.php') ?></p>
    <form action="upload.php" method="post" enctype="multipart/form-data">
    <p>
      <label for="img1"><?php _e('File:') ?></label>
      <br />
	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo get_settings('fileupload_maxk') * 1024 ?>" />
    <input type="file" name="img1" id="img1" size="35" class="uploadform" /></p>
    <p>
    <label for="imgdesc"><?php _e('Description:') ?></label><br />
    <input type="text" name="imgdesc" id="imgdesc" size="30" class="uploadform" />
    </p>
	
    <p><?php _e('Create a thumbnail?') ?></p>
    <p>
    <label for="thumbsize_no">
    <input type="radio" name="thumbsize" value="none" checked="checked" id="thumbsize_no" />
    <?php _e('No thanks') ?></label>
    <br />
        <label for="thumbsize_small">
<input type="radio" name="thumbsize" value="small" id="thumbsize_small" />
<?php _e('Small (200px largest side)') ?></label>
        <br />
        <label for="thumbsize_large">
<input type="radio" name="thumbsize" value="large" id="thumbsize_large" />
<?php _e('Large (400px largest side)') ?></label>
        <br />
        <label for="thumbsize_custom">
        <input type="radio" name="thumbsize" value="custom" id="thumbsize_custom" />
<?php _e('Custom size') ?></label>
      : 
      <input type="text" name="imgthumbsizecustom" size="4" />
    <?php _e('px (largest side)') ?>    </p>
	<p><input type="submit" name="submit" value="<?php _e('Upload File') ?>" /></p>
    </form>
</div><?php 
break;
case 'upload':

	$imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );

	$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
	$img1_name = preg_replace('/[^a-z0-9_.]/i', '', $img1_name); 
	$img1_size = $_POST['img1_size'] ? intval($_POST['img1_size']) : intval($_FILES['img1']['size']);

	$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
	$imgdesc = htmlentities2($_POST['imgdesc']);

	$pi = pathinfo($img1_name);
	$imgtype = strtolower($pi['extension']);

	if (in_array($imgtype, $allowed_types) == false)
		die(sprintf(__('File %1$s of type %2$s is not allowed.') , $img1_name, $imgtype));

    if (strlen($imgalt)) {
        $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
        $img1 = $_POST['img1'];
    } else {
        $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
        $img1 = $_FILES['img1']['tmp_name'];
    }
    // do_action rather than apply_filters - becuase there's nothing we can change at this point
    do_action('fileupload_pre',array('filename'=>$pathtofile, 'filesize'=>$img1_size, 'fullpath'=>$pathtofile));

    // makes sure not to upload duplicates, rename duplicates
    $i = 1;
    $pathtofile2 = $pathtofile;
    $tmppathtofile = $pathtofile2;
    $img2_name = $img1_name;

    while ( file_exists($pathtofile2) ) {
        $pos = strpos( strtolower($tmppathtofile), '.' . trim($imgtype) );
        $pathtofile_start = substr($tmppathtofile, 0, $pos);
        $pathtofile2 = $pathtofile_start.'_'.zeroise($i++, 2).'.'.trim($imgtype);
        $img2_name = explode('/', $pathtofile2);
        $img2_name = $img2_name[count($img2_name)-1];
    }

    if (file_exists($pathtofile) && !strlen($imgalt)) {
        $i = explode(' ', get_settings('fileupload_allowedtypes'));
        $i = implode(', ',array_slice($i, 1, count($i)-2));
        $moved = move_uploaded_file($img1, $pathtofile2);
        // if move_uploaded_file() fails, try copy()
        if (!$moved) {
            $moved = copy($img1, $pathtofile2);
        }
        if (!$moved) {
            die(sprintf(__("Couldn't upload your file to %s."), $pathtofile2));
        } else {
			chmod($pathtofile2, 0666);
            @unlink($img1);
        }

	// 
    
    // duplicate-renaming function contributed by Gary Lawrence Murphy
    ?>
    <p><strong><?php __('Duplicate File?') ?></strong></p>
    <p><b><em><?php printf(__("The filename '%s' already exists!"), $img1_name); ?></em></b></p>
    <p> <?php printf(__("Filename '%1\$s' moved to '%2\$s'"), $img1, "$pathtofile2 - $img2_name") ?></p>
    <p><?php _e('Confirm or rename:') ?></p>
    <form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo  get_settings('fileupload_maxk') *1024 ?>" />
    <input type="hidden" name="img1_type" value="<?php echo $img1_type;?>" />
    <input type="hidden" name="img1_name" value="<?php echo $img2_name;?>" />
    <input type="hidden" name="img1_size" value="<?php echo $img1_size;?>" />
    <input type="hidden" name="img1" value="<?php echo $pathtofile2;?>" />
    <input type="hidden" name="thumbsize" value="<?php echo $_REQUEST['thumbsize'];?>" />
    <input type="hidden" name="imgthumbsizecustom" value="<?php echo $_REQUEST['imgthumbsizecustom'];?>" />
    <?php _e('Alternate name:') ?><br /><input type="text" name="imgalt" size="30" class="uploadform" value="<?php echo $img2_name;?>" /><br />
    <br />
    <?php _e('Description:') ?><br /><input type="text" name="imgdesc" size="30" class="uploadform" value="<?php echo $imgdesc;?>" />
    <br />
    <input type="submit" name="submit" value="<?php _e('Rename') ?>" class="search" />
    </form>
</div>
<?php 

require('admin-footer.php');
die();

    }

    if (!strlen($imgalt)) {
        @$moved = move_uploaded_file($img1, $pathtofile); //Path to your images directory, chmod the dir to 777
        // move_uploaded_file() can fail if open_basedir in PHP.INI doesn't
        // include your tmp directory. Try copy instead?
        if(!$moved) {
            $moved = copy($img1, $pathtofile);
        }
        // Still couldn't get it. Give up.
        if (!$moved) {
            die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
        } else {
			chmod($pathtofile, 0666);
            @unlink($img1);
        }
        
    } else {
        rename($img1, $pathtofile)
        or die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
    }
    
    if($_POST['thumbsize'] != 'none' ) {
        if($_POST['thumbsize'] == 'small') {
            $max_side = 200;
        }
        elseif($_POST['thumbsize'] == 'large') {
            $max_side = 400;
        }
        elseif($_POST['thumbsize'] == 'custom') {
            $max_side = intval($_POST['imgthumbsizecustom']);
        }
        
        $result = wp_create_thumbnail($pathtofile, $max_side, NULL);
        if($result != 1) {
            print $result;
        }
    }

// Defined as a filter - because we might want to change the name
$img1_name = apply_filters('fileupload_post',$img1_name);    
if ( ereg('image/',$img1_type) )
	$piece_of_code = "<img src='" . get_settings('fileupload_url') ."/$img1_name' alt='$imgdesc' />";
else
	$piece_of_code = "<a href='". get_settings('fileupload_url') . "/$img1_name' title='$imgdesc'>$imgdesc</a>";

$piece_of_code = htmlspecialchars( $piece_of_code );
?>

<h3><?php _e('File uploaded!') ?></h3>
<p><?php printf(__("Your file <code>%s</code> was uploaded successfully!"), $img1_name); ?></p>
<p><?php _e('Here&#8217;s the code to display it:') ?></p>
<p><code><?php echo $piece_of_code; ?></code>
</p>
<p><strong><?php _e('Image Details') ?></strong>: <br />
Name:
<?php echo $img1_name; ?>
<br />
<?php _e('Size:') ?>
<?php echo round($img1_size / 1024, 2); ?> <?php _e('<abbr title="Kilobyte">KB</abbr>') ?><br />
<?php _e('Type:') ?>
<?php echo $img1_type; ?>
</p>
</div>
<p><a href="upload.php"><?php _e('Upload another') ?></a></p>
<?php
break;
}
include('admin-footer.php');
?>