Enable Media Replace - Version 3.2.7

Version Description

Add minimum required php version to run the plugin.
Security: Prevent direct access to php files.
Security: Prevent direct access to directories.
Security: Escape translation strings using esc_attr__() and esc_html__() functions.
Fix RTL issues.

Release Info

Developer	ShortPixel
Plugin	Enable Media Replace
Version	3.2.7
Comparing to
See all releases

Code changes from version 3.2.6 to 3.2.7

Files changed (8) hide show

enable-media-replace.php +9 -5
img/index.php +1 -0
index.php +1 -0
languages/index.php +1 -0
notice.php +4 -5
popup.php +21 -18
readme.txt +10 -2
upload.php +6 -3

enable-media-replace.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Enable Media Replace
4	Plugin URI: http://www.mansjonasson.se/enable-media-replace
5	Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
6	- Version: 3.2.6
7	Author: ShortPixel
8	Author URI: https://shortpixel.com
9
	@@ -23,6 +23,10 @@ http://www.gnu.org/licenses/gpl.html
23	*
24	*/
25




26	if(!defined("S3_UPLOADS_AUTOENABLE")) {
27	define('S3_UPLOADS_AUTOENABLE', true);
28	}
	@@ -58,7 +62,7 @@ function dat_mime_types($mime_types) {
58	* To suppress it in the menu we give it an empty menu title.
59	*/
60	function emr_menu() {
61	- add_submenu_page(NULL, __("Replace media", "enable-media-replace"), '','upload_files', 'enable-media-replace/enable-media-replace', 'emr_options');
62	}
63
64	/**
	@@ -84,7 +88,7 @@ function enable_media_replace( $form_fields, $post ) {
84	$editurl = str_replace("http:", "https:", $editurl);
85	}
86	$link = "href=\"$editurl\"";
87	- $form_fields["enable-media-replace"] = array("label" => __("Replace media", "enable-media-replace"), "input" => "html", "html" => "<p><a class='button-secondary'$link>" . __("Upload a new file", "enable-media-replace") . "</a></p>", "helps" => __("To replace the current file, click the link and upload a replacement.", "enable-media-replace"));
88
89	return $form_fields;
90	}
	@@ -125,7 +129,7 @@ function add_media_action( $actions, $post) {
125	}
126	$link = "href=\"$editurl\"";
127
128	- $newaction['adddata'] = '<a ' . $link . ' aria-label="' . __("Replace media", "enable-media-replace") . '" rel="permalink">' . __("Replace media", "enable-media-replace") . '</a>';
129	return array_merge($actions,$newaction);
130	}
131
	@@ -176,7 +180,7 @@ function ua_admin_date_replaced_media_on_edit_media_screen() {
176	}
177	?>
178	<div class="misc-pub-section curtime">
179	- <span id="timestamp"><?php _e( 'Revised', 'enable-media-replace' ); ?>: <b><?php echo $file_modified_time; ?></b></span>
180	</div>
181	<?php
182	}


3	Plugin Name: Enable Media Replace
4	Plugin URI: http://www.mansjonasson.se/enable-media-replace
5	Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
6	+ Version: 3.2.7
7	Author: ShortPixel
8	Author URI: https://shortpixel.com
9

23	*
24	*/
25
26	+ if ( ! defined( 'ABSPATH' ) ) {
27	+ exit; // Exit if accessed directly.
28	+ }
29	+
30	if(!defined("S3_UPLOADS_AUTOENABLE")) {
31	define('S3_UPLOADS_AUTOENABLE', true);
32	}

62	* To suppress it in the menu we give it an empty menu title.
63	*/
64	function emr_menu() {
65	+ add_submenu_page(NULL, esc_html__("Replace media", "enable-media-replace"), '','upload_files', 'enable-media-replace/enable-media-replace', 'emr_options');
66	}
67
68	/**

88	$editurl = str_replace("http:", "https:", $editurl);
89	}
90	$link = "href=\"$editurl\"";
91	+ $form_fields["enable-media-replace"] = array("label" => esc_html__("Replace media", "enable-media-replace"), "input" => "html", "html" => "<p><a class='button-secondary'$link>" . esc_html__("Upload a new file", "enable-media-replace") . "</a></p>", "helps" => esc_html__("To replace the current file, click the link and upload a replacement.", "enable-media-replace"));
92
93	return $form_fields;
94	}

129	}
130	$link = "href=\"$editurl\"";
131
132	+ $newaction['adddata'] = '<a ' . $link . ' aria-label="' . esc_html__("Replace media", "enable-media-replace") . '" rel="permalink">' . esc_html__("Replace media", "enable-media-replace") . '</a>';
133	return array_merge($actions,$newaction);
134	}
135

180	}
181	?>
182	<div class="misc-pub-section curtime">
183	+ <span id="timestamp"><?php echo esc_html__( 'Revised', 'enable-media-replace' ); ?>: <b><?php echo $file_modified_time; ?></b></span>
184	</div>
185	<?php
186	}

img/index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

languages/index.php ADDED Viewed

	@@ -0,0 +1 @@


1	+ <?php // Silence is golden

notice.php CHANGED Viewed

	@@ -1,13 +1,13 @@
1	<div class='notice' id='emr-news' style="padding-top: 7px">
2	- <div style="float:right;"><a href="javascript:emrDismissNews()" class="button" style="margin-top:10px;"><?php _e('Dismiss', 'enable-media-replace');?></a></div>
3	- <a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank" style="float: left;margin~~-right~~: 10px;">
4	<img src="<?php echo plugins_url('img/sp.png', __FILE__ ); ?>" class="emr-sp"/>
5	</a>
6	- <h3 style="margin:10px;"><?php _e('Enable Media Replace is now compatible with ShortPixel!','enable-media-replace');?></h3>
7	<p style="margin-bottom:0px;">
8	<?php _e( '<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">ShortPixel</a> is an image optimization plugin and if you have it activated, upon replacing an image in Enable Media Replace, the image will be also automatically optimized.', 'enable-media-replace' ); ?>
9	</p>
10	- <p style="text-align: right;margin-top: 0;">
11	<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">>> <?php _e( 'More info', 'enable-media-replace' ); ?></a>
12	</p>
13	</div>
	@@ -23,4 +23,3 @@
23	});
24	}
25	</script>
26	-


1	<div class='notice' id='emr-news' style="padding-top: 7px">
2	+ <div style="float:<?php echo (is_rtl()) ? 'left' : 'right' ?>;"><a href="javascript:emrDismissNews()" class="button" style="margin-top:10px;"><?php _e('Dismiss', 'enable-media-replace');?></a></div>
3	+ <a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank" style="float: <?php echo (is_rtl()) ? 'right' : 'left' ?>;margin-<?php echo (is_rtl()) ? 'left' : 'right' ?>: 10px;">
4	<img src="<?php echo plugins_url('img/sp.png', __FILE__ ); ?>" class="emr-sp"/>
5	</a>
6	+ <h3 style="margin:10px;"><?php echo esc_html__('Enable Media Replace is now compatible with ShortPixel!','enable-media-replace');?></h3>
7	<p style="margin-bottom:0px;">
8	<?php _e( '<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">ShortPixel</a> is an image optimization plugin and if you have it activated, upon replacing an image in Enable Media Replace, the image will be also automatically optimized.', 'enable-media-replace' ); ?>
9	</p>
10	+ <p style="text-align: <?php echo (is_rtl()) ? 'left' : 'right' ?>;margin-top: 0;">
11	<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">>> <?php _e( 'More info', 'enable-media-replace' ); ?></a>
12	</p>
13	</div>

23	});
24	}
25	</script>

popup.php CHANGED Viewed

	@@ -10,8 +10,11 @@
10	*
11	*/
12



13	if (!current_user_can('upload_files'))
14	- wp_die(__('You do not have permission to upload files.', 'enable-media-replace'));
15
16	global $wpdb;
17
	@@ -38,7 +41,7 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
38	}
39	</style>
40	<div class="wrap">
41	- <h1><?php echo __("Replace Media Upload", "enable-media-replace"); ?></h1>
42
43	<?php
44	$url = admin_url( "upload.php?page=enable-media-replace/enable-media-replace.php&noheader=true&action=media_replace_upload&attachment_id=" . (int) $_GET["attachment_id"]);
	@@ -57,13 +60,13 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
57	$spActive = is_plugin_active('shortpixel-image-optimiser/wp-shortpixel.php');
58	?>
59	<input type="hidden" name="ID" value="<?php echo (int) $_GET["attachment_id"]; ?>" />
60	- <div id="message" class="updated notice notice-success is-dismissible"><p><?php printf( __('NOTE: You are about to replace the media file "%s". There is no undo. Think about it!', "enable-media-replace"), $current_filename ); ?></p></div>
61
62	<?php if(!$spInstalled) {?>
63	- <div style="background: #fff;width: 250px;min-height: 270px;border: 1px solid #ccc;float: right;padding: 15px;~~position: relative;~~margin: 0 0 10px ~~10px~~;">
64	<h3 class="" style="margin-top: 0;text-align: center;">
65	<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">
66	- <?php _e("Optimize your images with ShortPixel, get +50% credits!", "enable-media-replace"); ?>
67	</a>
68	</h3>
69	<div class="" style="text-align: center;">
	@@ -72,23 +75,23 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
72	</a>
73	</div>
74	<div class="" style="margin-bottom: 10px;">
75	- <?php _e("Get more Google love by compressing your site's images! Check out how much ShortPixel can save your site and get +50% credits when signing up as an Enable Media Replace user! Forever!", "enable-media-replace"); ?>
76	</div>
77	- <div class=""><div style="text-align: right;">
78	<a class="button button-primary" id="shortpixel-image-optimiser-info" href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">
79	- <?php _e("More info", "enable-media-replace"); ?></p>
80	</a>
81	</div>
82	</div>
83	</div>
84	<?php } ?>
85
86	- <p><?php echo __("Choose a file to upload from your computer", "enable-media-replace"); ?></p>
87
88	<input type="file" name="userfile" id="userfile" onchange="imageHandle(event);" />
89	<div>
90	- <img src="~~<?=~~ $current_fullpath ?>" width="150px" height="150px" style="object-fit: cover"/>
91	- <img id="previewImage" src="~~http~~://via.placeholder.com/150x150" width="150px" height="150px"/>
92	</div>
93
94	<?php do_action( 'emr_before_replace_type_options' ); ?>
	@@ -96,14 +99,14 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
96	<?php $s3pluginExist = class_exists('S3_Uploads'); ?>
97	<?php if ( apply_filters( 'emr_display_replace_type_options', true ) ) : ?>
98	<?php if ( ! $s3pluginExist) : ?>
99	- <p><?php echo __("Select media replacement type:", "enable-media-replace"); ?></p>
100
101	- <label for="replace_type_1"><input CHECKED id="replace_type_1" type="radio" name="replace_type" value="replace"> <?php echo __("Just replace the file", "enable-media-replace"); ?></label>
102	- <p class="howto"><?php printf( __("Note: This option requires you to upload a file of the same type (%s) as the one you are replacing. The name of the attachment will stay the same (%s) no matter what the file you upload is called.", "enable-media-replace"), $current_filetype, $current_filename ); ?></p>
103
104	<?php endif; ?>
105	<?php if ( apply_filters( 'emr_enable_replace_and_search', true ) ) : ?>
106	- <label for="replace_type_2"><input ~~<?=~~ $s3pluginExist ? 'CHECKED' : '' ?> id="replace_type_2" type="radio" name="replace_type" value="replace_and_search"> <?php echo __("Replace the file, use new file name and update all links", "enable-media-replace"); ?></label>
107	<p class="howto"><?php printf( __("Note: If you check this option, the name and type of the file you are about to upload will replace the old file. All links pointing to the current file (%s) will be updated to point to the new file name.", "enable-media-replace"), $current_filename ); ?></p>
108	<p class="howto"><?php echo __("Please note that if you upload a new image, only embeds/links of the original size image will be replaced in your posts.", "enable-media-replace"); ?></p>
109	<?php endif; ?>
	@@ -114,8 +117,8 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
114	<input type="hidden" name="replace_type" value="replace_and_search" />
115	<?php endif; ?>
116	<?php endif; ?>
117	- <input id="submit" type="submit" class="button button-primary" disabled="disabled" value="<?php echo __("Upload", "enable-media-replace"); ?>" />
118	- <a href="#" class="button" onclick="history.back();"><?php echo __("Cancel", "enable-media-replace"); ?></a>
119	</form>
120	</div>
121	<script>
	@@ -139,7 +142,7 @@ $current_filename = substr($current_filename, (strrpos($current_filename, "/") +
139	preview.removeAttribute("style");
140	}
141	} else {
142	- preview.setAttribute("src", "~~http~~://via.placeholder.com/150x150");
143	}
144	}
145	function enableSubmitButton(file, submit)


10	*
11	*/
12
13	+ if ( ! defined( 'ABSPATH' ) )
14	+ exit; // Exit if accessed directly.
15	+
16	if (!current_user_can('upload_files'))
17	+ wp_die( esc_html__('You do not have permission to upload files.', 'enable-media-replace') );
18
19	global $wpdb;
20

41	}
42	</style>
43	<div class="wrap">
44	+ <h1><?php echo esc_html__("Replace Media Upload", "enable-media-replace"); ?></h1>
45
46	<?php
47	$url = admin_url( "upload.php?page=enable-media-replace/enable-media-replace.php&noheader=true&action=media_replace_upload&attachment_id=" . (int) $_GET["attachment_id"]);

60	$spActive = is_plugin_active('shortpixel-image-optimiser/wp-shortpixel.php');
61	?>
62	<input type="hidden" name="ID" value="<?php echo (int) $_GET["attachment_id"]; ?>" />
63	+ <div id="message" class="updated notice notice-success is-dismissible"><p><?php printf( esc_html__('NOTE: You are about to replace the media file "%s". There is no undo. Think about it!', "enable-media-replace"), $current_filename ); ?></p></div>
64
65	<?php if(!$spInstalled) {?>
66	+ <div style="background: #fff;width: 250px;min-height: 270px;border: 1px solid #ccc;float: <?php echo (is_rtl()) ? 'left' : 'right' ?>;padding: 15px;margin: 0 0 10px;">
67	<h3 class="" style="margin-top: 0;text-align: center;">
68	<a href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">
69	+ <?php echo esc_html__("Optimize your images with ShortPixel, get +50% credits!", "enable-media-replace"); ?>
70	</a>
71	</h3>
72	<div class="" style="text-align: center;">

75	</a>
76	</div>
77	<div class="" style="margin-bottom: 10px;">
78	+ <?php echo esc_html__("Get more Google love by compressing your site's images! Check out how much ShortPixel can save your site and get +50% credits when signing up as an Enable Media Replace user! Forever!", "enable-media-replace"); ?>
79	</div>
80	+ <div class=""><div style="text-align: <?php echo (is_rtl()) ? 'left' : 'right' ?>;">
81	<a class="button button-primary" id="shortpixel-image-optimiser-info" href="https://shortpixel.com/wp/af/VKG6LYN28044" target="_blank">
82	+ <?php echo esc_html__("More info", "enable-media-replace"); ?></p>
83	</a>
84	</div>
85	</div>
86	</div>
87	<?php } ?>
88
89	+ <p><?php echo esc_html__("Choose a file to upload from your computer", "enable-media-replace"); ?></p>
90
91	<input type="file" name="userfile" id="userfile" onchange="imageHandle(event);" />
92	<div>
93	+ <img src="<?php echo $current_fullpath ?>" width="150px" height="150px" style="object-fit: cover"/>
94	+ <img id="previewImage" src="https://via.placeholder.com/150x150" width="150px" height="150px"/>
95	</div>
96
97	<?php do_action( 'emr_before_replace_type_options' ); ?>

99	<?php $s3pluginExist = class_exists('S3_Uploads'); ?>
100	<?php if ( apply_filters( 'emr_display_replace_type_options', true ) ) : ?>
101	<?php if ( ! $s3pluginExist) : ?>
102	+ <p><?php echo esc_html__("Select media replacement type:", "enable-media-replace"); ?></p>
103
104	+ <label for="replace_type_1"><input CHECKED id="replace_type_1" type="radio" name="replace_type" value="replace"> <?php echo esc_html__("Just replace the file", "enable-media-replace"); ?></label>
105	+ <p class="howto"><?php printf( esc_html__("Note: This option requires you to upload a file of the same type (%s) as the one you are replacing. The name of the attachment will stay the same (%s) no matter what the file you upload is called.", "enable-media-replace"), $current_filetype, $current_filename ); ?></p>
106
107	<?php endif; ?>
108	<?php if ( apply_filters( 'emr_enable_replace_and_search', true ) ) : ?>
109	+ <label for="replace_type_2"><input <?php echo $s3pluginExist ? 'CHECKED' : '' ?> id="replace_type_2" type="radio" name="replace_type" value="replace_and_search"> <?php echo __("Replace the file, use new file name and update all links", "enable-media-replace"); ?></label>
110	<p class="howto"><?php printf( __("Note: If you check this option, the name and type of the file you are about to upload will replace the old file. All links pointing to the current file (%s) will be updated to point to the new file name.", "enable-media-replace"), $current_filename ); ?></p>
111	<p class="howto"><?php echo __("Please note that if you upload a new image, only embeds/links of the original size image will be replaced in your posts.", "enable-media-replace"); ?></p>
112	<?php endif; ?>

117	<input type="hidden" name="replace_type" value="replace_and_search" />
118	<?php endif; ?>
119	<?php endif; ?>
120	+ <input id="submit" type="submit" class="button button-primary" disabled="disabled" value="<?php echo esc_attr__("Upload", "enable-media-replace"); ?>" />
121	+ <a href="#" class="button" onclick="history.back();"><?php echo esc_html__("Cancel", "enable-media-replace"); ?></a>
122	</form>
123	</div>
124	<script>

142	preview.removeAttribute("style");
143	}
144	} else {
145	+ preview.setAttribute("src", "https://via.placeholder.com/150x150");
146	}
147	}
148	function enableSubmitButton(file, submit)

readme.txt CHANGED Viewed

	@@ -4,6 +4,7 @@ Donate link: https://www.paypal.me/resizeImage
4	Tags: replace, attachment, media, files, replace image, replace jpg, change media, replace media, image, file
5	Requires at least: 4.0
6	Tested up to: 4.9

7	Stable tag: trunk
8
9	Easily replace any attached image/file by simply uploading a new file in the Media Library edit view - a real time saver!
	@@ -46,10 +47,17 @@ If you want more control over the format used to display the time, you can use t
46
47	== Changelog ==
48







49	= 3.2.6 =
50	* no more 404 error if no image was selected when trying to replace it
51	* added preview so you can check the image being replaced and also the image that's being replaced with
52	- * .dat files can be replaced (functionality ~~accidetanly~~ removed in the previous version)
53	* added compatibility with S3 upload plugin
54	* when an image is replaced the date is also updated
55
	@@ -255,6 +263,6 @@ Second, if the file really looks unchanged, make sure WordPress has write permis
255	3. The upload options.
256	4. Get the file ID in the edit file URL
257
258	- == Wishlist / Coming ~~attractons~~ ==
259
260	Do you have suggestions? Feel free to contact ShortPixel <a href="https://shortpixel.com/contact" target="_blank">here</a>


4	Tags: replace, attachment, media, files, replace image, replace jpg, change media, replace media, image, file
5	Requires at least: 4.0
6	Tested up to: 4.9
7	+ Requires PHP: 5.4
8	Stable tag: trunk
9
10	Easily replace any attached image/file by simply uploading a new file in the Media Library edit view - a real time saver!

47
48	== Changelog ==
49
50	+ = 3.2.7 =
51	+ * Add minimum required php version to run the plugin.
52	+ * Security: Prevent direct access to php files.
53	+ * Security: Prevent direct access to directories.
54	+ * Security: Escape translation strings using `esc_attr__()` and `esc_html__()` functions.
55	+ * Fix RTL issues.
56	+
57	= 3.2.6 =
58	* no more 404 error if no image was selected when trying to replace it
59	* added preview so you can check the image being replaced and also the image that's being replaced with
60	+ * .dat files can be replaced (functionality accidentally removed in the previous version)
61	* added compatibility with S3 upload plugin
62	* when an image is replaced the date is also updated
63

263	3. The upload options.
264	4. Get the file ID in the edit file URL
265
266	+ == Wishlist / Coming attractions ==
267
268	Do you have suggestions? Feel free to contact ShortPixel <a href="https://shortpixel.com/contact" target="_blank">here</a>

upload.php CHANGED Viewed

	@@ -1,6 +1,9 @@
1	<?php



2	if (!current_user_can('upload_files'))
3	- wp_die(__('You do not have permission to upload files.', 'enable-media-replace'));
4
5	// Define DB table names
6	global $wpdb;
	@@ -29,7 +32,7 @@ function emr_delete_current_files( $current_file, $metadta = null ) {
29	}
30	else {
31	// File exists, but has wrong permissions. Let the user know.
32	- printf(__('The file %1$s can not be deleted by the web server, most likely because the permissions on the file are wrong.', "enable-media-replace"), $current_file);
33	exit;
34	}
35	}
	@@ -225,7 +228,7 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
225	$filedata = wp_check_filetype_and_ext($_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["name"]);
226
227	if ($filedata["ext"] == "") {
228	- echo __("File type does not meet security guidelines. Try another.", 'enable-media-replace');
229	exit;
230	}
231


1	<?php
2	+ if ( ! defined( 'ABSPATH' ) )
3	+ exit; // Exit if accessed directly.
4	+
5	if (!current_user_can('upload_files'))
6	+ wp_die( esc_html__('You do not have permission to upload files.', 'enable-media-replace') );
7
8	// Define DB table names
9	global $wpdb;

32	}
33	else {
34	// File exists, but has wrong permissions. Let the user know.
35	+ printf( esc_html__('The file %1$s can not be deleted by the web server, most likely because the permissions on the file are wrong.', "enable-media-replace"), $current_file);
36	exit;
37	}
38	}

228	$filedata = wp_check_filetype_and_ext($_FILES["userfile"]["tmp_name"], $_FILES["userfile"]["name"]);
229
230	if ($filedata["ext"] == "") {
231	+ echo esc_html__("File type does not meet security guidelines. Try another.", 'enable-media-replace');
232	exit;
233	}
234