Media from FTP - Version 9.88

Version Description

Security measures.

Release Info

Developer	Katsushi Kawamori
Plugin	Media from FTP
Version	9.88
Comparing to
See all releases

Code changes from version 9.87 to 9.88

Files changed (5) hide show

inc/MediaFromFtp.php +22 -1
mediafromftp.php +1 -1
readme.txt +7 -1
req/MediaFromFtpAdmin.php +81 -143
req/MediaFromFtpAjax.php +12 -12

inc/MediaFromFtp.php CHANGED Viewed

@@ -95,7 +95,7 @@ class MediaFromFtp {
             			$ext2typefilter = $cmdoptions['t'];
             		} else {
             			if (!empty($_POST['ext2type'])){
-            -
            				$ext2typefilter = $_POST['ext2type'];
+            			}
+            		}
@@ -1396,6 +1396,27 @@ MEDIAFROMFTP;
+            	}
+            }
             ?>


95	$ext2typefilter = $cmdoptions['t'];
96	} else {
97	if (!empty($_POST['ext2type'])){
98	+ $ext2typefilter = sanitize_text_field($_POST['ext2type']);
99	}
100	}
101

1396
1397	}
1398
1399	+ /* ==================================================
1400	+ * Sanitize Array
1401	+ * @param array $a
1402	+ * @return string $_a
1403	+ * @since 9.88
1404	+ */
1405	+ function sanitize_array($a) {
1406	+
1407	+ $_a = array();
1408	+ foreach($a as $key=>$value) {
1409	+ if ( is_array($value) ) {
1410	+ $_a[$key] = $this->sanitize_array($value);
1411	+ } else {
1412	+ $_a[$key] = htmlspecialchars($value);
1413	+ }
1414	+ }
1415	+
1416	+ return $_a;
1417	+
1418	+ }
1419	+
1420	}
1421
1422	?>

mediafromftp.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Media from FTP
4	Plugin URI: https://wordpress.org/plugins/media-from-ftp/
5	- Version: 9.87
6	Description: Register to media library from files that have been uploaded by FTP.
7	Author: Katsushi Kawamori
8	Author URI: https://riverforest-wp.info/


2	/*
3	Plugin Name: Media from FTP
4	Plugin URI: https://wordpress.org/plugins/media-from-ftp/
5	+ Version: 9.88
6	Description: Register to media library from files that have been uploaded by FTP.
7	Author: Katsushi Kawamori
8	Author URI: https://riverforest-wp.info/

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: files, ftp, import, media, sync, uploads
5	Requires at least: 3.6.0
6	Requires PHP: 5.3.0
7	Tested up to: 4.9
8	- Stable tag: 9.87
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -116,6 +116,9 @@ Register to media library from files that have been uploaded by FTP.
116
117	== Changelog ==
118



119	= 9.87 =
120	Security measures.
121
	@@ -142,6 +145,9 @@ Fixed [PHP Object Injection Vulnerability](https://www.pluginvulnerabilities.com
142
143	== Upgrade Notice ==
144



145	= 9.87 =
146	Security measures.
147


5	Requires at least: 3.6.0
6	Requires PHP: 5.3.0
7	Tested up to: 4.9
8	+ Stable tag: 9.88
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

116
117	== Changelog ==
118
119	+ = 9.88 =
120	+ Security measures.
121	+
122	= 9.87 =
123	Security measures.
124

145
146	== Upgrade Notice ==
147
148	+ = 9.88 =
149	+ Security measures.
150	+
151	= 9.87 =
152	Security measures.
153

req/MediaFromFtpAdmin.php CHANGED Viewed

	@@ -381,15 +381,17 @@ class MediaFromFtpAdmin {
381	if ( $key === 'select_author' \|\| $key === 'mediafromftp_select_author' \|\| $key === 'mediafromftp_xml_file' ) { // skip
382	} else {
383	if ( $_POST[$key] <> -1 ) {
384	- $select_author[$key] = $_POST[$key];
385	}
386	}
387	}
388	- ~~$filename~~ = $_POST['mediafromftp_xml_file'];
389	- $~~mediafromftp~~ = ~~new MediaFromFtp()~~;
390	- ~~echo~~ $mediafromftp~~->make_object~~(~~$filename, $select_author~~);
391	- ~~unset~~($~~mediafromftp~~);
392	- ~~unlink~~($~~filename~~);


393	}
394	}
395	}
	@@ -992,7 +994,7 @@ class MediaFromFtpAdmin {
992	if ( isset($_POST['media_from_ftp_event']) && $_POST['media_from_ftp_event'] ) {
993	if ( check_admin_referer('mff_event', 'media_from_ftp_event') ) {
994	if ( isset($_POST['event-mediafromftp']) && $_POST['event-mediafromftp'] ) {
995	- $events_mediafromftp = $_POST['event-mediafromftp'];
996	$events = get_option( $this->wp_add_on_wpcron_events_name() );
997	$event_names = NULL;
998	foreach ($events_mediafromftp as $key => $event_id ) {
	@@ -1318,12 +1320,26 @@ class MediaFromFtpAdmin {
1318	} else if ( isset($_POST['media_from_ftp_select_author']) && $_POST['media_from_ftp_select_author'] ) {
1319	if ( check_admin_referer('mff_select_author', 'media_from_ftp_select_author') ) {
1320	if ( !empty($_POST['mediafromftp_select_author']) && !empty($_POST['mediafromftp_xml_file']) ) {
1321	- ?>
1322	- <~~h4><?php~~ _e('~~Ready~~ to ~~import.~~ ~~Press~~ ~~the~~ ~~following~~ ~~button~~ to ~~start~~ ~~the~~ ~~import~~.', '~~media-from-ftp~~'); ~~?></h4>~~
1323	- ~~<form method="post" id="medialibraryimport_ajax_update">~~
1324	- <?php ~~submit_button(~~ ~~__('Import'), 'primary', '', FALSE )~~; ?>
1325	- ~~</form>~~
1326	- <?php














1327	}
1328	}
1329	} else {
	@@ -1509,214 +1525,136 @@ class MediaFromFtpAdmin {
1509
1510	switch ($submenu) {
1511	case 1:

1512	if ( !empty($_POST['mediafromftp_datefixed']) ) {
1513	- $datefixed = sanitize_text_field($_POST['mediafromftp_datefixed']);
1514	- } else {
1515	- $datefixed = $mediafromftp_settings['datefixed'];
1516	}


1517	if ( !empty($_POST['mediafromftp_cron_apply']) ) {
1518	- $~~mediafromftp_cron_apply~~ = 1;
1519	} else {
1520	- $~~mediafromftp_cron_apply~~ = FALSE;
1521	}
1522	if ( !empty($_POST['mediafromftp_cron_schedule']) ) {
1523	- $~~mediafromftp_cron_schedule~~ = $_POST['mediafromftp_cron_schedule'];
1524	- } else {
1525	- $mediafromftp_cron_schedule = $mediafromftp_settings['cron']['schedule'];
1526	}
1527	if ( !empty($_POST['mediafromftp_cron_limit_number']) ) {
1528	- $~~mediafromftp_cron_limit_number~~ = intval($_POST['mediafromftp_cron_limit_number']);
1529	} else {
1530	- $~~mediafromftp_cron_limit_number~~ = FALSE;
1531	}
1532	if ( !empty($_POST['mediafromftp_cron_mail_apply']) ) {
1533	- $~~mediafromftp_cron_mail_apply~~ = 1;
1534	} else {
1535	- $~~mediafromftp_cron_mail_apply~~ = FALSE;
1536	}
1537	if ( !empty($_POST['mediafromftp_caption_apply']) ) {
1538	- $~~mediafromftp_caption_apply~~ = 1;
1539	} else {
1540	- $~~mediafromftp_caption_apply~~ = FALSE;
1541	}
1542	if ( !empty($_POST['mediafromftp_exif_text']) ) {
1543	- $exif_text = ~~sanitize_text_field~~($_POST['mediafromftp_exif_text']);
1544	- } else {
1545	- $exif_text = $mediafromftp_settings['caption']['exif_text'];
1546	}
1547	if ( !empty($_POST['mediafromftp_exif_default']) ) {
1548	- $exif_text = '%title% %credit% %camera% %caption% %created_timestamp% %copyright% %aperture% %shutter_speed% %iso% %focal_length% %white_balance%';
1549	}
1550	if ( !empty($_POST['mediafromftp_apply_log']) ) {
1551	- $~~mediafromftp_apply_log~~ = 1;
1552	} else {
1553	- $~~mediafromftp_apply_log~~ = FALSE;
1554	}
1555	if ( !empty($_POST['mediafromftp_search_limit_number']) ) {
1556	if ( ctype_digit($_POST['mediafromftp_search_limit_number']) ) {
1557	$search_limit_number = intval($_POST['mediafromftp_search_limit_number']);

1558	if ( $search_limit_number < 100 ) {
1559	- $search_limit_number = 100;
1560	}
1561	} else {
1562	- $search_limit_number = 100000;
1563	}
1564	} else {
1565	- $search_limit_number = 100000;
1566	}
1567	if ( !empty($_POST['mlc_category']) ) {
1568	- $mlcc = implode(',', $_POST['mlc_category']);
1569	} else {
1570	- $mlcc = NULL;
1571	}
1572	if ( !empty($_POST['eml_category']) ) {
1573	- $emlc = implode(',', $_POST['eml_category']);
1574	} else {
1575	- $emlc = NULL;
1576	}
1577	if ( !empty($_POST['mla_category']) ) {
1578	- $mlac = implode(',', $_POST['mla_category']);
1579	} else {
1580	- $mlac = NULL;
1581	}
1582	if ( !empty($_POST['mla_tag']) ) {
1583	- $mlat = implode(',', $_POST['mla_tag']);
1584	} else {
1585	- $mlat = NULL;
1586	}
1587	- $~~mediafromftp_tbl~~ = ~~array(~~
1588	- 'pagemax' => $mediafromftp_settings['pagemax'],
1589	- 'basedir' => $mediafromftp_settings['basedir'],
1590	- 'searchdir' => $mediafromftp_settings['searchdir'],
1591	- 'ext2typefilter' => $mediafromftp_settings['ext2typefilter'],
1592	- 'extfilter' => $mediafromftp_settings['extfilter'],
1593	- 'search_display_metadata' => $mediafromftp_settings['search_display_metadata'],
1594	- 'dateset' => sanitize_text_field($_POST['mediafromftp_dateset']),
1595	- 'datefixed' => $datefixed,
1596	- 'datetimepicker' => $mediafromftp_settings['datetimepicker'],
1597	- 'max_execution_time' => intval($_POST['mediafromftp_max_execution_time']),
1598	- 'character_code' => $_POST['mediafromftp_character_code'],
1599	- 'exclude' => $mediafromftp_settings['exclude'],
1600	- 'thumb_deep_search' => $mediafromftp_settings['thumb_deep_search'],
1601	- 'search_limit_number' => $search_limit_number,
1602	- 'cron' => array(
1603	- 'apply' => $mediafromftp_cron_apply,
1604	- 'schedule' => $mediafromftp_cron_schedule,
1605	- 'limit_number' => $mediafromftp_cron_limit_number,
1606	- 'mail_apply' => $mediafromftp_cron_mail_apply,
1607	- 'mail' => $mediafromftp_settings['cron']['mail'],
1608	- 'user' => $mediafromftp_settings['cron']['user']
1609	- ),
1610	- 'caption' => array(
1611	- 'apply' => $mediafromftp_caption_apply,
1612	- 'exif_text' => $exif_text
1613	- ),
1614	- 'log' => $mediafromftp_apply_log,
1615	- 'mlcc' => $mlcc,
1616	- 'emlc' => $emlc,
1617	- 'mlac' => $mlac,
1618	- 'mlat' => $mlat
1619	- );
1620	- update_option( $this->wp_options_name(), $mediafromftp_tbl );
1621	if ( !empty($_POST['move_yearmonth_folders']) ) {
1622	update_option( 'uploads_use_yearmonth_folders', 1 );
1623	} else {
1624	- update_option( 'uploads_use_yearmonth_folders', '0' );
1625	}
1626	echo '<div class="notice notice-success is-dismissible"><ul><li>'.__('Settings').' --> '.__('Changes saved.').'</li></ul></div>';
1627	break;
1628	case 2:
1629	if (!empty($_POST['mediafromftp_pagemax'])){
1630	- $pagemax = intval($_POST['mediafromftp_pagemax']);
1631	- } else {
1632	- $pagemax = $mediafromftp_settings['pagemax'];
1633	}
1634	if ( !empty($_POST['mediafromftp_datetimepicker']) ) {
1635	- $datetimepicker = ~~intval($_POST['mediafromftp_datetimepicker'])~~;
1636	} else {
1637	- $datetimepicker = 0;
1638	}
1639	- $basedir = $mediafromftp_settings['basedir'];
1640	if (!empty($_POST['searchdir'])){
1641	$searchdir = urldecode($_POST['searchdir']);
1642	if ( strpos( realpath(wp_normalize_path(ABSPATH.$searchdir)), MEDIAFROMFTP_PLUGIN_UPLOAD_DIR) === FALSE ) {
1643	$searchdir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1644	- $basedir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1645	}

1646	} else {
1647	- ~~$searchdir~~ = $mediafromftp_settings['~~searchdir~~'];
1648	- if ( MEDIAFROMFTP_PLUGIN_UPLOAD_PATH ~~<> $basedir ) {~~
1649	- $~~searchdir~~ = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1650	- $basedir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1651	}
1652	}
1653	if (!empty($_POST['ext2type'])){
1654	- $ext2typefilter = $_POST['ext2type'];
1655	} else {
1656	$ext2typefilter = $mediafromftp_settings['ext2typefilter'];
1657	}
1658	if (!empty($_POST['extension'])){
1659	if ( $_POST['extension'] === 'all') {
1660	- $extfilter = 'all';
1661	} else {
1662	if ( $ext2typefilter === 'all' \|\| $ext2typefilter === wp_ext2type($_POST['extension']) ) {
1663	- $extfilter = $_POST['extension'];
1664	} else {
1665	- $extfilter = 'all';
1666	}
1667	}
1668	- } else {
1669	- $extfilter = $mediafromftp_settings['extfilter'];
1670	}

1671	if (isset($_POST['search_display_metadata'])){
1672	- $search_display_metadata = $_POST['search_display_metadata'];
1673	- } else {
1674	- $search_display_metadata = $mediafromftp_settings['search_display_metadata'];
1675	}
1676	if (!empty($_POST['mediafromftp_exclude'])){
1677	- $~~mediafromftp_exclude~~ = stripslashes($_POST['mediafromftp_exclude']);
1678	- } else {
1679	- $mediafromftp_exclude = $mediafromftp_settings['exclude'];
1680	}
1681	if (isset($_POST['mediafromftp_thumb_deep_search'])){
1682	- $~~mediafromftp_thumb_deep_search~~ = $_POST['mediafromftp_thumb_deep_search'];
1683	- } else {
1684	- $mediafromftp_thumb_deep_search = $mediafromftp_settings['thumb_deep_search'];
1685	}
1686	- $~~mediafromftp_tbl~~ = ~~array(~~
1687	- 'pagemax' => $pagemax,
1688	- 'basedir' => $basedir,
1689	- 'searchdir' => $searchdir,
1690	- 'ext2typefilter' => $ext2typefilter,
1691	- 'extfilter' => $extfilter,
1692	- 'search_display_metadata' => $search_display_metadata,
1693	- 'dateset' => $mediafromftp_settings['dateset'],
1694	- 'datefixed' => $mediafromftp_settings['datefixed'],
1695	- 'datetimepicker' => $datetimepicker,
1696	- 'max_execution_time' => $mediafromftp_settings['max_execution_time'],
1697	- 'character_code' => $mediafromftp_settings['character_code'],
1698	- 'exclude' => $mediafromftp_exclude,
1699	- 'thumb_deep_search' => $mediafromftp_thumb_deep_search,
1700	- 'search_limit_number' => $mediafromftp_settings['search_limit_number'],
1701	- 'cron' => array(
1702	- 'apply' => $mediafromftp_settings['cron']['apply'],
1703	- 'schedule' => $mediafromftp_settings['cron']['schedule'],
1704	- 'limit_number' => $mediafromftp_settings['cron']['limit_number'],
1705	- 'mail_apply' => $mediafromftp_settings['cron']['mail_apply'],
1706	- 'mail' => $mediafromftp_settings['cron']['mail'],
1707	- 'user' => $mediafromftp_settings['cron']['user']
1708	- ),
1709	- 'caption' => array(
1710	- 'apply' => $mediafromftp_settings['caption']['apply'],
1711	- 'exif_text' => $mediafromftp_settings['caption']['exif_text']
1712	- ),
1713	- 'log' => $mediafromftp_settings['log'],
1714	- 'mlcc' => $mediafromftp_settings['mlcc'],
1715	- 'emlc' => $mediafromftp_settings['emlc'],
1716	- 'mlac' => $mediafromftp_settings['mlac'],
1717	- 'mlat' => $mediafromftp_settings['mlat']
1718	- );
1719	- update_option( $this->wp_options_name(), $mediafromftp_tbl );
1720	break;
1721	case 3:
1722	if ( !empty($_POST['mediafromftp_clear_cash']) ) {
	@@ -1734,13 +1672,13 @@ class MediaFromFtpAdmin {
1734	if ( !empty($_POST['mediafromftp_run_cron']) ) {
1735	$mediafromftp_cron_events = get_option( $this->wp_add_on_wpcron_events_name() );
1736	if ( !empty($_POST['cron-run']) ) {
1737	- $option_name = $_POST['cron-run'];
1738	echo $mediafromftpaddonwpcron->CronRun($option_name);
1739	} elseif ( !empty($_POST['cron-start']) ) {
1740	- $option_name = $_POST['cron-start'];
1741	echo $mediafromftpaddonwpcron->CronRunStart($option_name);
1742	} elseif ( !empty($_POST['cron-stop']) ) {
1743	- $option_name = $_POST['cron-stop'];
1744	echo $mediafromftpaddonwpcron->CronRunStop($option_name);
1745	}
1746	}
	@@ -1770,7 +1708,7 @@ class MediaFromFtpAdmin {
1770	// for media-from-ftp-add-on-wpcron
1771	if ( !empty($_POST['mediafromftp_add_schedule_delete']) ) {
1772	if ( !empty($_POST['mediafromftp_cron_schedule_delete']) ) {
1773	- $delete_keys = $_POST['mediafromftp_cron_schedule_delete'];
1774	$mediafromftp_cron_intervals_tbl = get_option( 'mediafromftp_event_intervals' );
1775	foreach ( $delete_keys as $key ) {
1776	unset($mediafromftp_cron_intervals_tbl[$key]);


381	if ( $key === 'select_author' \|\| $key === 'mediafromftp_select_author' \|\| $key === 'mediafromftp_xml_file' ) { // skip
382	} else {
383	if ( $_POST[$key] <> -1 ) {
384	+ $select_author[$key] = intval($_POST[$key]);
385	}
386	}
387	}
388	+ if ( !validate_file($_POST['mediafromftp_xml_file']) ){
389	+ $filename = $_POST['mediafromftp_xml_file'];
390	+ $mediafromftp = new MediaFromFtp();
391	+ echo $mediafromftp->make_object($filename, $select_author);
392	+ unset($mediafromftp);
393	+ unlink($filename);
394	+ }
395	}
396	}
397	}

994	if ( isset($_POST['media_from_ftp_event']) && $_POST['media_from_ftp_event'] ) {
995	if ( check_admin_referer('mff_event', 'media_from_ftp_event') ) {
996	if ( isset($_POST['event-mediafromftp']) && $_POST['event-mediafromftp'] ) {
997	+ $events_mediafromftp = $mediafromftp->sanitize_array($_POST['event-mediafromftp']);
998	$events = get_option( $this->wp_add_on_wpcron_events_name() );
999	$event_names = NULL;
1000	foreach ($events_mediafromftp as $key => $event_id ) {

1320	} else if ( isset($_POST['media_from_ftp_select_author']) && $_POST['media_from_ftp_select_author'] ) {
1321	if ( check_admin_referer('mff_select_author', 'media_from_ftp_select_author') ) {
1322	if ( !empty($_POST['mediafromftp_select_author']) && !empty($_POST['mediafromftp_xml_file']) ) {
1323	+ if ( validate_file($_POST['mediafromftp_xml_file']) ){
1324	+ echo '<div class="notice notice-error is-dismissible"><ul><li>'.__('No such file exists! Double check the name and try again.').'</li></ul></div>';
1325	+ ?>
1326	+ <form method="post" action="<?php echo $scriptname; ?>" enctype="multipart/form-data">
1327	+ <?php wp_nonce_field('mff_file_load', 'media_from_ftp_file_load'); ?>
1328	+ <h4><?php _e('Select File'); ?>[WordPress eXtended RSS (WXR)(.xml)]</h4>
1329	+ <div><input name="filename" type="file" size="80" /></div>
1330	+ <div>
1331	+ <?php submit_button( __('File Load', 'media-from-ftp'), 'large', '', FALSE ); ?>
1332	+ </div>
1333	+ </form>
1334	+ <?php
1335	+ } else {
1336	+ ?>
1337	+ <h4><?php _e('Ready to import. Press the following button to start the import.', 'media-from-ftp'); ?></h4>
1338	+ <form method="post" id="medialibraryimport_ajax_update">
1339	+ <?php submit_button( __('Import'), 'primary', '', FALSE ); ?>
1340	+ </form>
1341	+ <?php
1342	+ }
1343	}
1344	}
1345	} else {

1525
1526	switch ($submenu) {
1527	case 1:
1528	+ $mediafromftp_settings['dateset'] = sanitize_text_field($_POST['mediafromftp_dateset']);
1529	if ( !empty($_POST['mediafromftp_datefixed']) ) {
1530	+ $mediafromftp_settings['datefixed'] = sanitize_text_field($_POST['mediafromftp_datefixed']);


1531	}
1532	+ $mediafromftp_settings['max_execution_time'] = intval($_POST['mediafromftp_max_execution_time']);
1533	+ $mediafromftp_settings['character_code'] = sanitize_text_field($_POST['mediafromftp_character_code']);
1534	if ( !empty($_POST['mediafromftp_cron_apply']) ) {
1535	+ $mediafromftp_settings['cron']['apply'] = 1;
1536	} else {
1537	+ $mediafromftp_settings['cron']['apply'] = FALSE;
1538	}
1539	if ( !empty($_POST['mediafromftp_cron_schedule']) ) {
1540	+ $mediafromftp_settings['cron']['schedule'] = sanitize_text_field($_POST['mediafromftp_cron_schedule']);


1541	}
1542	if ( !empty($_POST['mediafromftp_cron_limit_number']) ) {
1543	+ $mediafromftp_settings['cron']['limit_number'] = intval($_POST['mediafromftp_cron_limit_number']);
1544	} else {
1545	+ $mediafromftp_settings['cron']['limit_number'] = FALSE;
1546	}
1547	if ( !empty($_POST['mediafromftp_cron_mail_apply']) ) {
1548	+ $mediafromftp_settings['cron']['mail_apply'] = 1;
1549	} else {
1550	+ $mediafromftp_settings['cron']['mail_apply'] = FALSE;
1551	}
1552	if ( !empty($_POST['mediafromftp_caption_apply']) ) {
1553	+ $mediafromftp_settings['caption']['apply'] = 1;
1554	} else {
1555	+ $mediafromftp_settings['caption']['apply'] = FALSE;
1556	}
1557	if ( !empty($_POST['mediafromftp_exif_text']) ) {
1558	+ $mediafromftp_settings['caption']['exif_text'] = htmlspecialchars($_POST['mediafromftp_exif_text']);


1559	}
1560	if ( !empty($_POST['mediafromftp_exif_default']) ) {
1561	+ $mediafromftp_settings['caption']['exif_text'] = '%title% %credit% %camera% %caption% %created_timestamp% %copyright% %aperture% %shutter_speed% %iso% %focal_length% %white_balance%';
1562	}
1563	if ( !empty($_POST['mediafromftp_apply_log']) ) {
1564	+ $mediafromftp_settings['log'] = 1;
1565	} else {
1566	+ $mediafromftp_settings['log'] = FALSE;
1567	}
1568	if ( !empty($_POST['mediafromftp_search_limit_number']) ) {
1569	if ( ctype_digit($_POST['mediafromftp_search_limit_number']) ) {
1570	$search_limit_number = intval($_POST['mediafromftp_search_limit_number']);
1571	+ $mediafromftp_settings['search_limit_number'] = $search_limit_number;
1572	if ( $search_limit_number < 100 ) {
1573	+ $mediafromftp_settings['search_limit_number'] = 100;
1574	}
1575	} else {
1576	+ $mediafromftp_settings['search_limit_number'] = 100000;
1577	}
1578	} else {
1579	+ $mediafromftp_settings['search_limit_number'] = 100000;
1580	}
1581	if ( !empty($_POST['mlc_category']) ) {
1582	+ $mediafromftp_settings['mlcc'] = implode(',', sanitize_text_field($_POST['mlc_category']));
1583	} else {
1584	+ $mediafromftp_settings['mlcc'] = NULL;
1585	}
1586	if ( !empty($_POST['eml_category']) ) {
1587	+ $mediafromftp_settings['emlc'] = implode(',', sanitize_text_field($_POST['eml_category']));
1588	} else {
1589	+ $mediafromftp_settings['emlc'] = NULL;
1590	}
1591	if ( !empty($_POST['mla_category']) ) {
1592	+ $mediafromftp_settings['mlac'] = implode(',', sanitize_text_field($_POST['mla_category']));
1593	} else {
1594	+ $mediafromftp_settings['mlac'] = NULL;
1595	}
1596	if ( !empty($_POST['mla_tag']) ) {
1597	+ $mediafromftp_settings['mlat'] = implode(',', sanitize_text_field($_POST['mla_tag']));
1598	} else {
1599	+ $mediafromftp_settings['mlat'] = NULL;
1600	}
1601	+ update_option( $this->wp_options_name(), $mediafromftp_settings );

































1602	if ( !empty($_POST['move_yearmonth_folders']) ) {
1603	update_option( 'uploads_use_yearmonth_folders', 1 );
1604	} else {
1605	+ update_option( 'uploads_use_yearmonth_folders', 0 );
1606	}
1607	echo '<div class="notice notice-success is-dismissible"><ul><li>'.__('Settings').' --> '.__('Changes saved.').'</li></ul></div>';
1608	break;
1609	case 2:
1610	if (!empty($_POST['mediafromftp_pagemax'])){
1611	+ $mediafromftp_settings['pagemax'] = intval($_POST['mediafromftp_pagemax']);


1612	}
1613	if ( !empty($_POST['mediafromftp_datetimepicker']) ) {
1614	+ $mediafromftp_settings['datetimepicker'] = 1;
1615	} else {
1616	+ $mediafromftp_settings['datetimepicker'] = 0;
1617	}

1618	if (!empty($_POST['searchdir'])){
1619	$searchdir = urldecode($_POST['searchdir']);
1620	if ( strpos( realpath(wp_normalize_path(ABSPATH.$searchdir)), MEDIAFROMFTP_PLUGIN_UPLOAD_DIR) === FALSE ) {
1621	$searchdir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1622	+ $mediafromftp_settings['basedir'] = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1623	}
1624	+ $mediafromftp_settings['searchdir'] = $searchdir;
1625	} else {
1626	+ if ( MEDIAFROMFTP_PLUGIN_UPLOAD_PATH <> $mediafromftp_settings['basedir'] ) {
1627	+ $mediafromftp_settings['searchdir'] = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
1628	+ $mediafromftp_settings['basedir'] = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;

1629	}
1630	}
1631	if (!empty($_POST['ext2type'])){
1632	+ $ext2typefilter = sanitize_text_field($_POST['ext2type']);
1633	} else {
1634	$ext2typefilter = $mediafromftp_settings['ext2typefilter'];
1635	}
1636	if (!empty($_POST['extension'])){
1637	if ( $_POST['extension'] === 'all') {
1638	+ $mediafromftp_settings['extfilter'] = 'all';
1639	} else {
1640	if ( $ext2typefilter === 'all' \|\| $ext2typefilter === wp_ext2type($_POST['extension']) ) {
1641	+ $mediafromftp_settings['extfilter'] = sanitize_text_field($_POST['extension']);
1642	} else {
1643	+ $mediafromftp_settings['extfilter'] = 'all';
1644	}
1645	}


1646	}
1647	+ $mediafromftp_settings['ext2typefilter'] = $ext2typefilter;
1648	if (isset($_POST['search_display_metadata'])){
1649	+ $mediafromftp_settings['search_display_metadata'] = sanitize_text_field($_POST['search_display_metadata']);


1650	}
1651	if (!empty($_POST['mediafromftp_exclude'])){
1652	+ $mediafromftp_settings['exclude'] = sanitize_text_field(stripslashes($_POST['mediafromftp_exclude']));


1653	}
1654	if (isset($_POST['mediafromftp_thumb_deep_search'])){
1655	+ $mediafromftp_settings['thumb_deep_search'] = sanitize_text_field($_POST['mediafromftp_thumb_deep_search']);


1656	}
1657	+ update_option( $this->wp_options_name(), $mediafromftp_settings );

































1658	break;
1659	case 3:
1660	if ( !empty($_POST['mediafromftp_clear_cash']) ) {

1672	if ( !empty($_POST['mediafromftp_run_cron']) ) {
1673	$mediafromftp_cron_events = get_option( $this->wp_add_on_wpcron_events_name() );
1674	if ( !empty($_POST['cron-run']) ) {
1675	+ $option_name = sanitize_text_field($_POST['cron-run']);
1676	echo $mediafromftpaddonwpcron->CronRun($option_name);
1677	} elseif ( !empty($_POST['cron-start']) ) {
1678	+ $option_name = sanitize_text_field($_POST['cron-start']);
1679	echo $mediafromftpaddonwpcron->CronRunStart($option_name);
1680	} elseif ( !empty($_POST['cron-stop']) ) {
1681	+ $option_name = sanitize_text_field($_POST['cron-stop']);
1682	echo $mediafromftpaddonwpcron->CronRunStop($option_name);
1683	}
1684	}

1708	// for media-from-ftp-add-on-wpcron
1709	if ( !empty($_POST['mediafromftp_add_schedule_delete']) ) {
1710	if ( !empty($_POST['mediafromftp_cron_schedule_delete']) ) {
1711	+ $delete_keys = $mediafromftp->sanitize_array($_POST['mediafromftp_cron_schedule_delete']);
1712	$mediafromftp_cron_intervals_tbl = get_option( 'mediafromftp_event_intervals' );
1713	foreach ( $delete_keys as $key ) {
1714	unset($mediafromftp_cron_intervals_tbl[$key]);

req/MediaFromFtpAjax.php CHANGED Viewed

	@@ -59,17 +59,17 @@ class MediaFromFtpAjax {
59	if ( isset( $_REQUEST['nonce'] ) && wp_verify_nonce( $_REQUEST['nonce'], $action1 ) ) {
60	if ( current_user_can( 'upload_files' ) ) {
61	$maxcount = intval($_POST["maxcount"]);
62	- $new_url_attach = $_POST["new_url"];
63	- $new_url_datetime = $_POST["new_datetime"];
64	$new_url_mlccategory = NULL;
65	$new_url_emlcategory = NULL;
66	$new_url_mlacategory = NULL;
67	$new_url_mlatags = NULL;
68	if ( $this->is_add_on_activate['category'] ) {
69	- $new_url_mlccategory = $_POST["new_mlccategory"];
70	- $new_url_emlcategory = $_POST["new_emlcategory"];
71	- $new_url_mlacategory = $_POST["new_mlacategory"];
72	- $new_url_mlatags = $_POST["new_mlatags"];
73	}
74
75	$mediafromftpadmin = new MediaFromFtpAdmin();
	@@ -149,7 +149,7 @@ class MediaFromFtpAjax {
149	function mediafromftp_message_callback(){
150
151	$error_count = intval($_POST["error_count"]);
152	- $error_update = $_POST["error_update"];
153	$success_count = intval($_POST["success_count"]);
154
155	$output_html = NULL;
	@@ -177,7 +177,7 @@ class MediaFromFtpAjax {
177	$action2 = 'mediafromftp-import-ajax-action';
178	if ( isset( $_REQUEST['nonce'] ) && wp_verify_nonce( $_REQUEST['nonce'], $action2 ) ) {
179	if ( current_user_can( 'upload_files' ) ) {
180	- $file = $_POST["file"];
181	$filepath = str_replace(MEDIAFROMFTP_PLUGIN_UPLOAD_DIR.'/' , '', $file);
182	if ( is_file($file) ) {
183	if ( !empty($_POST["db_array"]) ) {
	@@ -198,13 +198,13 @@ class MediaFromFtpAjax {
198	$wpdb->insert( $table_meta_name, $db_meta_array );
199	}
200	if ( !empty($_POST["db_thumbnail_id"]) ) {
201	- update_post_meta( $db_array['ID'], '_thumbnail_id', intval($_POST["db_thumbnail_id"]) );
202	}
203	if ( !empty($_POST["db_cover_hash"]) ) {
204	- update_post_meta( $db_array['ID'], '_cover_hash', sanitize_text_field($_POST["db_cover_hash"]) );
205	}
206	if ( !empty($_POST["db_wp_attachment_image_alt"]) ) {
207	- update_post_meta( $db_array['ID'], '_wp_attachment_image_alt', sanitize_text_field($_POST["db_wp_attachment_image_alt"]) );
208	}
209	$msg = 'success_db';
210	$output_html = $msg.','.'<div>'.__('Media').': <a href="'.get_permalink($db_array['ID']).'" target="_blank" style="text-decoration: none; color: green;">'.$this->esc_title($db_array['post_title']).'</a>: '.'<a href="'.MEDIAFROMFTP_PLUGIN_UPLOAD_URL.'/'.$filepath.'" target="_blank" style="text-decoration: none;">'.$filepath.'</a></div>';
	@@ -238,7 +238,7 @@ class MediaFromFtpAjax {
238	function mediafromftp_medialibraryimport_message_callback(){
239
240	$error_count = intval($_POST["error_count"]);
241	- $error_update = $_POST["error_update"];
242	$success_count = intval($_POST["success_count"]);
243	$db_success_count = intval($_POST["db_success_count"]);
244


59	if ( isset( $_REQUEST['nonce'] ) && wp_verify_nonce( $_REQUEST['nonce'], $action1 ) ) {
60	if ( current_user_can( 'upload_files' ) ) {
61	$maxcount = intval($_POST["maxcount"]);
62	+ $new_url_attach = sanitize_text_field($_POST["new_url"]);
63	+ $new_url_datetime = sanitize_text_field($_POST["new_datetime"]);
64	$new_url_mlccategory = NULL;
65	$new_url_emlcategory = NULL;
66	$new_url_mlacategory = NULL;
67	$new_url_mlatags = NULL;
68	if ( $this->is_add_on_activate['category'] ) {
69	+ $new_url_mlccategory = sanitize_text_field($_POST["new_mlccategory"]);
70	+ $new_url_emlcategory = sanitize_text_field($_POST["new_emlcategory"]);
71	+ $new_url_mlacategory = sanitize_text_field($_POST["new_mlacategory"]);
72	+ $new_url_mlatags = sanitize_text_field($_POST["new_mlatags"]);
73	}
74
75	$mediafromftpadmin = new MediaFromFtpAdmin();

149	function mediafromftp_message_callback(){
150
151	$error_count = intval($_POST["error_count"]);
152	+ $error_update = sanitize_text_field($_POST["error_update"]);
153	$success_count = intval($_POST["success_count"]);
154
155	$output_html = NULL;

177	$action2 = 'mediafromftp-import-ajax-action';
178	if ( isset( $_REQUEST['nonce'] ) && wp_verify_nonce( $_REQUEST['nonce'], $action2 ) ) {
179	if ( current_user_can( 'upload_files' ) ) {
180	+ $file = sanitize_text_field($_POST["file"]);
181	$filepath = str_replace(MEDIAFROMFTP_PLUGIN_UPLOAD_DIR.'/' , '', $file);
182	if ( is_file($file) ) {
183	if ( !empty($_POST["db_array"]) ) {

198	$wpdb->insert( $table_meta_name, $db_meta_array );
199	}
200	if ( !empty($_POST["db_thumbnail_id"]) ) {
201	+ update_post_meta( intval($db_array['ID']), '_thumbnail_id', intval($_POST["db_thumbnail_id"]) );
202	}
203	if ( !empty($_POST["db_cover_hash"]) ) {
204	+ update_post_meta( intval($db_array['ID']), '_cover_hash', sanitize_text_field($_POST["db_cover_hash"]) );
205	}
206	if ( !empty($_POST["db_wp_attachment_image_alt"]) ) {
207	+ update_post_meta( intval($db_array['ID']), '_wp_attachment_image_alt', sanitize_text_field($_POST["db_wp_attachment_image_alt"]) );
208	}
209	$msg = 'success_db';
210	$output_html = $msg.','.'<div>'.__('Media').': <a href="'.get_permalink($db_array['ID']).'" target="_blank" style="text-decoration: none; color: green;">'.$this->esc_title($db_array['post_title']).'</a>: '.'<a href="'.MEDIAFROMFTP_PLUGIN_UPLOAD_URL.'/'.$filepath.'" target="_blank" style="text-decoration: none;">'.$filepath.'</a></div>';

238	function mediafromftp_medialibraryimport_message_callback(){
239
240	$error_count = intval($_POST["error_count"]);
241	+ $error_update = sanitize_text_field($_POST["error_update"]);
242	$success_count = intval($_POST["success_count"]);
243	$db_success_count = intval($_POST["db_success_count"]);
244