Enable Media Replace - Version 2.9.6

Version Description

  • Added fix by Grant K Norwood to address a possible security problem in SQL statements. Thanks Grant!
  • Created GitHub repo for this plugin, please feel free to contribute at github.com/mansj/enable-media-replace
Download this release

Release Info

Developer MungoBBQ
Plugin Icon 128x128 Enable Media Replace
Version 2.9.6
Comparing to
See all releases

Code changes from version 2.9.5 to 2.9.6

Files changed (3) hide show
  1. enable-media-replace.php +1 -1
  2. readme.txt +6 -2
  3. upload.php +26 -7
enable-media-replace.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: Enable Media Replace
4
Plugin URI: http://www.mansjonasson.se/enable-media-replace
5
Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
6
- Version: 2.9.5
7
Author: Måns Jonasson
8
Author URI: http://www.mansjonasson.se
9
3
Plugin Name: Enable Media Replace
4
Plugin URI: http://www.mansjonasson.se/enable-media-replace
5
Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
6
+ Version: 2.9.6
7
Author: Måns Jonasson
8
Author URI: http://www.mansjonasson.se
9
readme.txt CHANGED
@@ -1,8 +1,8 @@
1
=== Enable Media Replace ===
2
Contributors: mungobbq
3
Tags: admin, attachment, media, files
4
- Requires at least: 2.8
5
- Tested up to: 3.8.1
6
Stable tag: trunk
7
8
Enables replacing attachment files by simply uploading a new file in the media library edit view.
@@ -37,6 +37,10 @@ If you want more control over the format used to display the time, you can use t
37
38
== Changelog ==
39
40
= 2.9.5 =
41
* Bug fix for the short code displaying the modification date of a file
42
* Updated all database queries in preparation for WP 3.9
1
=== Enable Media Replace ===
2
Contributors: mungobbq
3
Tags: admin, attachment, media, files
4
+ Requires at least: 3.0
5
+ Tested up to: 3.9.1
6
Stable tag: trunk
7
8
Enables replacing attachment files by simply uploading a new file in the media library edit view.
37
38
== Changelog ==
39
40
+ = 2.9.6 =
41
+ * Added fix by Grant K Norwood to address a possible security problem in SQL statements. Thanks Grant!
42
+ * Created GitHub repo for this plugin, please feel free to contribute at github.com/mansj/enable-media-replace
43
+
44
= 2.9.5 =
45
* Bug fix for the short code displaying the modification date of a file
46
* Updated all database queries in preparation for WP 3.9
upload.php CHANGED
@@ -128,24 +128,39 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
128
$new_guid = str_replace($current_filename, $new_filename, $current_guid);
129
130
// Update database file name
131
- $wpdb->query("UPDATE $table_name SET post_title = '$new_filetitle', post_name = '$new_filetitle', guid = '$new_guid', post_mime_type = '$new_filetype' WHERE ID = '" . (int) $_POST["ID"] . "'");
132
-
133
// Update the postmeta file name
134
135
// Get old postmeta _wp_attached_file
136
- $sql = "SELECT meta_value FROM $postmeta_table_name WHERE meta_key = '_wp_attached_file' AND post_id = '" . (int) $_POST["ID"] . "'";
137
$old_meta_name = $wpdb->get_row($sql, ARRAY_A);
138
$old_meta_name = $old_meta_name["meta_value"];
139
140
// Make new postmeta _wp_attached_file
141
$new_meta_name = str_replace($current_filename, $new_filename, $old_meta_name);
142
- $wpdb->query("UPDATE $postmeta_table_name SET meta_value = '$new_meta_name' WHERE meta_key = '_wp_attached_file' AND post_id = '" . (int) $_POST["ID"] . "'");
143
144
// Make thumb and/or update metadata
145
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $new_file) );
146
147
// Search-and-replace filename in post database
148
- $sql = "SELECT ID, post_content FROM $table_name WHERE post_content LIKE '%$current_guid%'";
149
150
$rs = $wpdb->get_results($sql, ARRAY_A);
151
@@ -155,7 +170,12 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
155
$post_content = $rows["post_content"];
156
$post_content = addslashes(str_replace($current_guid, $new_guid, $post_content));
157
158
- $wpdb->query("UPDATE $table_name SET post_content = '$post_content' WHERE ID = {$rows["ID"]}");
159
}
160
161
// Trigger possible updates on CDN and other plugins
@@ -163,7 +183,6 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
163
164
}
165
166
- $returnurl = get_bloginfo("wpurl") . "/wp-admin/upload.php?posted=3";
167
$returnurl = get_bloginfo("wpurl") . "/wp-admin/post.php?post={$_POST["ID"]}&action=edit&message=1";
168
169
// Execute hook actions - thanks rubious for the suggestion!
128
$new_guid = str_replace($current_filename, $new_filename, $current_guid);
129
130
// Update database file name
131
+ $sql = $wpdb->prepare(
132
+ "UPDATE $table_name SET post_title = '$new_filetitle', post_name = '$new_filetitle', guid = '$new_guid', post_mime_type = '$new_filetype' WHERE ID = %d;",
133
+ (int) $_POST["ID"]
134
+ );
135
+ $wpdb->query($sql);
136
+
137
// Update the postmeta file name
138
139
// Get old postmeta _wp_attached_file
140
+ $sql = $wpdb->prepare(
141
+ "SELECT meta_value FROM $postmeta_table_name WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
142
+ (int) $_POST["ID"]
143
+ );
144
+
145
$old_meta_name = $wpdb->get_row($sql, ARRAY_A);
146
$old_meta_name = $old_meta_name["meta_value"];
147
148
// Make new postmeta _wp_attached_file
149
$new_meta_name = str_replace($current_filename, $new_filename, $old_meta_name);
150
+ $sql = $wpdb->prepare(
151
+ "UPDATE $postmeta_table_name SET meta_value = '$new_meta_name' WHERE meta_key = '_wp_attached_file' AND post_id = %d;",
152
+ (int) $_POST["ID"]
153
+ );
154
+ $wpdb->query($sql);
155
156
// Make thumb and/or update metadata
157
wp_update_attachment_metadata( (int) $_POST["ID"], wp_generate_attachment_metadata( (int) $_POST["ID"], $new_file) );
158
159
// Search-and-replace filename in post database
160
+ $sql = $wpdb->prepare(
161
+ "SELECT ID, post_content FROM $table_name WHERE post_content LIKE %s;",
162
+ '%' . $current_guid . '%'
163
+ );
164
165
$rs = $wpdb->get_results($sql, ARRAY_A);
166
170
$post_content = $rows["post_content"];
171
$post_content = addslashes(str_replace($current_guid, $new_guid, $post_content));
172
173
+ $sql = $wpdb->prepare(
174
+ "UPDATE $table_name SET post_content = '$post_content' WHERE ID = %d;",
175
+ $rows["ID"]
176
+ );
177
+
178
+ $wpdb->query($sql);
179
}
180
181
// Trigger possible updates on CDN and other plugins
183
184
}
185
186
$returnurl = get_bloginfo("wpurl") . "/wp-admin/post.php?post={$_POST["ID"]}&action=edit&message=1";
187
188
// Execute hook actions - thanks rubious for the suggestion!