Version Description
- Added fix by Grant K Norwood to address a possible security problem in SQL statements. Thanks Grant!
- Created GitHub repo for this plugin, please feel free to contribute at github.com/mansj/enable-media-replace
Download this release
Release Info
| Developer | MungoBBQ |
| Plugin |  Enable Media Replace |
| Version | 2.9.6 |
| Comparing to | |
| See all releases | |
Code changes from version 2.9.5 to 2.9.6
- enable-media-replace.php +1 -1
- readme.txt +6 -2
- upload.php +26 -7
enable-media-replace.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Enable Media Replace
|
| 4 |
Plugin URI: http://www.mansjonasson.se/enable-media-replace
|
| 5 |
Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
|
| 6 |
-
Version: 2.9.
|
| 7 |
Author: Måns Jonasson
|
| 8 |
Author URI: http://www.mansjonasson.se
|
| 9 |
|
| 3 |
Plugin Name: Enable Media Replace
|
| 4 |
Plugin URI: http://www.mansjonasson.se/enable-media-replace
|
| 5 |
Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
|
| 6 |
+
Version: 2.9.6
|
| 7 |
Author: Måns Jonasson
|
| 8 |
Author URI: http://www.mansjonasson.se
|
| 9 |
|
readme.txt
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
=== Enable Media Replace ===
|
| 2 |
Contributors: mungobbq
|
| 3 |
Tags: admin, attachment, media, files
|
| 4 |
-
Requires at least:
|
| 5 |
-
Tested up to: 3.
|
| 6 |
Stable tag: trunk
|
| 7 |
|
| 8 |
Enables replacing attachment files by simply uploading a new file in the media library edit view.
|
|
@@ -37,6 +37,10 @@ If you want more control over the format used to display the time, you can use t
|
|
| 37 |
|
| 38 |
== Changelog ==
|
| 39 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40 |
= 2.9.5 =
|
| 41 |
* Bug fix for the short code displaying the modification date of a file
|
| 42 |
* Updated all database queries in preparation for WP 3.9
|
| 1 |
=== Enable Media Replace ===
|
| 2 |
Contributors: mungobbq
|
| 3 |
Tags: admin, attachment, media, files
|
| 4 |
+
Requires at least: 3.0
|
| 5 |
+
Tested up to: 3.9.1
|
| 6 |
Stable tag: trunk
|
| 7 |
|
| 8 |
Enables replacing attachment files by simply uploading a new file in the media library edit view.
|
| 37 |
|
| 38 |
== Changelog ==
|
| 39 |
|
| 40 |
+
= 2.9.6 =
|
| 41 |
+
* Added fix by Grant K Norwood to address a possible security problem in SQL statements. Thanks Grant!
|
| 42 |
+
* Created GitHub repo for this plugin, please feel free to contribute at github.com/mansj/enable-media-replace
|
| 43 |
+
|
| 44 |
= 2.9.5 =
|
| 45 |
* Bug fix for the short code displaying the modification date of a file
|
| 46 |
* Updated all database queries in preparation for WP 3.9
|
upload.php
CHANGED
|
@@ -128,24 +128,39 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
|
|
| 128 |
$new_guid = str_replace($current_filename, $new_filename, $current_guid);
|
| 129 |
|
| 130 |
// Update database file name
|
| 131 |
-
$
|
| 132 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
// Update the postmeta file name
|
| 134 |
|
| 135 |
// Get old postmeta _wp_attached_file
|
| 136 |
-
$sql =
|
|
|
|
|
|
|
|
|
|
|
|
|
| 137 |
$old_meta_name = $wpdb->get_row($sql, ARRAY_A);
|
| 138 |
$old_meta_name = $old_meta_name["meta_value"];
|
| 139 |
|
| 140 |
// Make new postmeta _wp_attached_file
|
| 141 |
$new_meta_name = str_replace($current_filename, $new_filename, $old_meta_name);
|
| 142 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
| 143 |
|
| 144 |
// Make thumb and/or update metadata
|
| 145 |
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $new_file) );
|
| 146 |
|
| 147 |
// Search-and-replace filename in post database
|
| 148 |
-
$sql =
|
|
|
|
|
|
|
|
|
|
| 149 |
|
| 150 |
$rs = $wpdb->get_results($sql, ARRAY_A);
|
| 151 |
|
|
@@ -155,7 +170,12 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
|
|
| 155 |
$post_content = $rows["post_content"];
|
| 156 |
$post_content = addslashes(str_replace($current_guid, $new_guid, $post_content));
|
| 157 |
|
| 158 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 159 |
}
|
| 160 |
|
| 161 |
// Trigger possible updates on CDN and other plugins
|
|
@@ -163,7 +183,6 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
|
|
| 163 |
|
| 164 |
}
|
| 165 |
|
| 166 |
-
$returnurl = get_bloginfo("wpurl") . "/wp-admin/upload.php?posted=3";
|
| 167 |
$returnurl = get_bloginfo("wpurl") . "/wp-admin/post.php?post={$_POST["ID"]}&action=edit&message=1";
|
| 168 |
|
| 169 |
// Execute hook actions - thanks rubious for the suggestion!
|
| 128 |
$new_guid = str_replace($current_filename, $new_filename, $current_guid);
|
| 129 |
|
| 130 |
// Update database file name
|
| 131 |
+
$sql = $wpdb->prepare(
|
| 132 |
+
"UPDATE $table_name SET post_title = '$new_filetitle', post_name = '$new_filetitle', guid = '$new_guid', post_mime_type = '$new_filetype' WHERE ID = %d;",
|
| 133 |
+
(int) $_POST["ID"]
|
| 134 |
+
);
|
| 135 |
+
$wpdb->query($sql);
|
| 136 |
+
|
| 137 |
// Update the postmeta file name
|
| 138 |
|
| 139 |
// Get old postmeta _wp_attached_file
|
| 140 |
+
$sql = $wpdb->prepare(
|
| 141 |
+
"SELECT meta_value FROM $postmeta_table_name WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
|
| 142 |
+
(int) $_POST["ID"]
|
| 143 |
+
);
|
| 144 |
+
|
| 145 |
$old_meta_name = $wpdb->get_row($sql, ARRAY_A);
|
| 146 |
$old_meta_name = $old_meta_name["meta_value"];
|
| 147 |
|
| 148 |
// Make new postmeta _wp_attached_file
|
| 149 |
$new_meta_name = str_replace($current_filename, $new_filename, $old_meta_name);
|
| 150 |
+
$sql = $wpdb->prepare(
|
| 151 |
+
"UPDATE $postmeta_table_name SET meta_value = '$new_meta_name' WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
|
| 152 |
+
(int) $_POST["ID"]
|
| 153 |
+
);
|
| 154 |
+
$wpdb->query($sql);
|
| 155 |
|
| 156 |
// Make thumb and/or update metadata
|
| 157 |
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $new_file) );
|
| 158 |
|
| 159 |
// Search-and-replace filename in post database
|
| 160 |
+
$sql = $wpdb->prepare(
|
| 161 |
+
"SELECT ID, post_content FROM $table_name WHERE post_content LIKE %s;",
|
| 162 |
+
'%' . $current_guid . '%'
|
| 163 |
+
);
|
| 164 |
|
| 165 |
$rs = $wpdb->get_results($sql, ARRAY_A);
|
| 166 |
|
| 170 |
$post_content = $rows["post_content"];
|
| 171 |
$post_content = addslashes(str_replace($current_guid, $new_guid, $post_content));
|
| 172 |
|
| 173 |
+
$sql = $wpdb->prepare(
|
| 174 |
+
"UPDATE $table_name SET post_content = '$post_content' WHERE ID = %d;",
|
| 175 |
+
$rows["ID"]
|
| 176 |
+
);
|
| 177 |
+
|
| 178 |
+
$wpdb->query($sql);
|
| 179 |
}
|
| 180 |
|
| 181 |
// Trigger possible updates on CDN and other plugins
|
| 183 |
|
| 184 |
}
|
| 185 |
|
|
|
|
| 186 |
$returnurl = get_bloginfo("wpurl") . "/wp-admin/post.php?post={$_POST["ID"]}&action=edit&message=1";
|
| 187 |
|
| 188 |
// Execute hook actions - thanks rubious for the suggestion!
|
