Slider by WD – Responsive Slider - Version 1.1.82

Version Description

  • Fixed: Security issue in filemanager.
Download this release

Release Info

Developer webdorado
Plugin Icon 128x128 Slider by WD – Responsive Slider
Version 1.1.82
Comparing to
See all releases

Code changes from version 1.1.81 to 1.1.82

Files changed (7) hide show
  1. filemanager/UploadHandler.php +4 -14
  2. filemanager/controller.php +312 -242
  3. filemanager/js/default.js +1 -15
  4. filemanager/model.php +173 -196
  5. filemanager/view.php +1 -1
  6. readme.txt +6 -3
  7. slider-wd.php +2 -2
filemanager/UploadHandler.php CHANGED
@@ -52,9 +52,9 @@ class wds_UploadHandler {
52
 
53
  function __construct($options = null, $initialize = true, $error_messages = null) {
54
  $this->options = array(
55
- 'script_url' => $this->get_full_url().'/',
56
- 'upload_dir' => dirname($_SERVER['SCRIPT_FILENAME']).'/files/',
57
- 'upload_url' => $this->get_full_url().'/files/',
58
  'user_dirs' => false,
59
  'mkdir_mode' => 0755,
60
  'param_name' => 'files',
@@ -105,14 +105,6 @@ class wds_UploadHandler {
105
  }
106
  $this->options += array(
107
  'image_versions' => array(
108
- // Uncomment the following to create medium sized images:
109
- /*
110
- 'medium' => array(
111
- 'max_width' => 800,
112
- 'max_height' => 600,
113
- 'jpeg_quality' => 80
114
- ),
115
- */
116
  '.original' => array(
117
  'max_width' => $this->options['max_width'],
118
  'max_height' => $this->options['max_height'],
@@ -560,7 +552,7 @@ class wds_UploadHandler {
560
 
561
  protected function handle_image_file($file_path, $file) {
562
  if ($this->options['orient_image']) {
563
- $this->orient_image($file_path);
564
  }
565
  $failed_versions = array();
566
  foreach($this->options['image_versions'] as $version => $options) {
@@ -645,12 +637,10 @@ class wds_UploadHandler {
645
  $file->type = $type;
646
  $file->url = $this->get_download_url($file->name);
647
  list($img_width, $img_height) = @getimagesize(htmlspecialchars_decode($ex_file, ENT_COMPAT | ENT_QUOTES));
648
-
649
  if ($this->options['max_width'] && $this->options['max_height']) {
650
  // Zip Upload.
651
  $this->create_scaled_image($file->name, 'main', $this->options);
652
  }
653
-
654
  if (is_int($img_width)) {
655
  $this->handle_image_file($ex_file, $file);
656
  }
52
 
53
  function __construct($options = null, $initialize = true, $error_messages = null) {
54
  $this->options = array(
55
+ 'script_url' => $this->get_full_url() . '/',
56
+ 'upload_dir' => dirname($_SERVER['SCRIPT_FILENAME']) . '/files/',
57
+ 'upload_url' => $this->get_full_url() . '/files/',
58
  'user_dirs' => false,
59
  'mkdir_mode' => 0755,
60
  'param_name' => 'files',
105
  }
106
  $this->options += array(
107
  'image_versions' => array(
 
 
 
 
 
 
 
 
108
  '.original' => array(
109
  'max_width' => $this->options['max_width'],
110
  'max_height' => $this->options['max_height'],
552
 
553
  protected function handle_image_file($file_path, $file) {
554
  if ($this->options['orient_image']) {
555
+ $this->orient_image($file_path);
556
  }
557
  $failed_versions = array();
558
  foreach($this->options['image_versions'] as $version => $options) {
637
  $file->type = $type;
638
  $file->url = $this->get_download_url($file->name);
639
  list($img_width, $img_height) = @getimagesize(htmlspecialchars_decode($ex_file, ENT_COMPAT | ENT_QUOTES));
 
640
  if ($this->options['max_width'] && $this->options['max_height']) {
641
  // Zip Upload.
642
  $this->create_scaled_image($file->name, 'main', $this->options);
643
  }
 
644
  if (is_int($img_width)) {
645
  $this->handle_image_file($ex_file, $file);
646
  }
filemanager/controller.php CHANGED
@@ -7,304 +7,374 @@
7
 
8
 
9
  class FilemanagerController {
10
- ////////////////////////////////////////////////////////////////////////////////////////
11
- // Events //
12
- ////////////////////////////////////////////////////////////////////////////////////////
13
- ////////////////////////////////////////////////////////////////////////////////////////
14
- // Constants //
15
- ////////////////////////////////////////////////////////////////////////////////////////
16
- ////////////////////////////////////////////////////////////////////////////////////////
17
- // Variables //
18
- ////////////////////////////////////////////////////////////////////////////////////////
19
- public $uploads_dir;
20
- public $uploads_url;
21
-
22
- ////////////////////////////////////////////////////////////////////////////////////////
23
- // Constructor & Destructor //
24
- ////////////////////////////////////////////////////////////////////////////////////////
25
-
26
- public function __construct() {
27
- global $WD_S_UPLOAD_DIR;
28
- $upload_dir = wp_upload_dir();
29
- $this->uploads_dir = ABSPATH . $WD_S_UPLOAD_DIR;
30
- if (file_exists($this->uploads_dir) == FALSE) {
31
- mkdir($this->uploads_dir);
32
- }
33
- $this->uploads_url = site_url() . '/' . $WD_S_UPLOAD_DIR;
34
- }
35
 
36
- ////////////////////////////////////////////////////////////////////////////////////////
37
- // Public Methods //
38
- ////////////////////////////////////////////////////////////////////////////////////////
39
- public function execute() {
40
- $task = isset($_REQUEST['task']) ? stripslashes(esc_html($_REQUEST['task'])) : 'display';
41
- if (method_exists($this, $task)) {
42
- $this->$task();
43
- }
44
- else {
45
- $this->display();
46
- }
47
  }
 
 
48
 
49
- public function get_uploads_dir() {
50
- return $this->uploads_dir;
 
 
51
  }
52
-
53
- public function get_uploads_url() {
54
- return $this->uploads_url;
55
  }
 
56
 
57
- public function display() {
58
- require_once WD_S_DIR . '/filemanager/model.php';
59
- $model = new FilemanagerModel($this);
60
 
61
- require_once WD_S_DIR . '/filemanager/view.php';
62
- $view = new FilemanagerView($this, $model);
63
- $view->display();
64
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
 
66
- public function make_dir() {
67
- $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', esc_html($_REQUEST['dir'])) : '');
68
- $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
69
- $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
70
 
71
- $new_dir_path = $cur_dir_path . '/' . (isset($_REQUEST['new_dir_name']) ? stripslashes(esc_html(sanitize_file_name($_REQUEST['new_dir_name']))) : '');
72
- $new_dir_path = htmlspecialchars_decode($new_dir_path, ENT_COMPAT | ENT_QUOTES);
 
 
 
 
 
 
73
  $msg = '';
74
- if (file_exists($new_dir_path) == true) {
75
- $msg = "Directory already exists.";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
76
  }
77
- else {
78
- mkdir($new_dir_path);
 
 
 
79
  }
80
- $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
81
- $query_url = add_query_arg(array('action' => 'addImage', 'filemanager_msg' => $msg, 'width' => '650', 'height' => '500', 'task' => 'display', 'extensions' => esc_html($_REQUEST['extensions']), 'callback' => esc_html($_REQUEST['callback']), 'image_for' => esc_html($_REQUEST['image_for']), 'slide_id' => esc_html($_REQUEST['slide_id']), 'dir' => esc_html($_REQUEST['dir']), 'TB_iframe' => '1'), $query_url);
82
- header('Location: ' . $query_url);
83
- exit;
 
84
  }
 
85
 
86
- public function rename_item() {
87
- $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', esc_html($_REQUEST['dir'])) : '');
88
- $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
89
- $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
90
 
91
- $file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
92
- $file_name = $file_names[0];
93
- $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
 
 
 
94
 
95
- $file_new_name = (isset($_REQUEST['file_new_name']) ? stripslashes(esc_html($_REQUEST['file_new_name'])) : '');
96
- $file_new_name = htmlspecialchars_decode($file_new_name, ENT_COMPAT | ENT_QUOTES);
97
 
 
 
 
 
98
  $file_path = $cur_dir_path . '/' . $file_name;
99
  $thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
100
  $original_file_path = $cur_dir_path . '/.original/' . $file_name;
101
-
102
- $msg = '';
103
  if (file_exists($file_path) == false) {
104
- $msg = "File doesn't exist.";
105
  }
106
- elseif (is_dir($file_path) == true) {
107
- if (rename($file_path, $cur_dir_path . '/' . sanitize_file_name($file_new_name)) == false) {
108
- $msg = "Can't rename the file.";
 
109
  }
110
- }
111
- elseif ((strrpos($file_name, '.') !== false)) {
112
- $file_extension = substr($file_name, strrpos($file_name, '.') + 1);
113
- if (rename($file_path, $cur_dir_path . '/' . $file_new_name . '.' . $file_extension) == false) {
114
- $msg = "Can't rename the file.";
115
  }
116
- rename($thumb_file_path, $cur_dir_path . '/thumb/' . $file_new_name . '.' . $file_extension);
117
- rename($original_file_path, $cur_dir_path . '/.original/' . $file_new_name . '.' . $file_extension);
118
- }
119
- else {
120
- $msg = "Can't rename the file.";
121
  }
122
- $_REQUEST['file_names'] = '';
123
- $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
124
- $query_url = add_query_arg(array('action' => 'addImage', 'filemanager_msg' => $msg, 'width' => '650', 'height' => '500', 'task' => 'display', 'extensions' => esc_html($_REQUEST['extensions']), 'callback' => esc_html($_REQUEST['callback']), 'image_for' => esc_html($_REQUEST['image_for']), 'slide_id' => esc_html($_REQUEST['slide_id']), 'dir' => esc_html($_REQUEST['dir']), 'TB_iframe' => '1'), $query_url);
125
- header('Location: ' . $query_url);
126
- exit;
127
  }
 
128
 
129
- public function remove_items() {
130
- $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', ($_REQUEST['dir'])) : '');
131
- $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
132
- $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
 
134
- $file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
 
 
 
135
 
136
- $msg = '';
137
- foreach ($file_names as $file_name) {
138
- $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
139
- $file_path = $cur_dir_path . '/' . $file_name;
140
- $thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
141
- $original_file_path = $cur_dir_path . '/.original/' . $file_name;
142
- if (file_exists($file_path) == false) {
143
- $msg = "Some of the files couldn't be removed.";
144
- }
145
- else {
146
- $this->remove_file_dir($file_path);
147
- if (file_exists($thumb_file_path)) {
148
- $this->remove_file_dir($thumb_file_path);
 
 
 
 
 
 
 
 
 
 
149
  }
150
- if (file_exists($original_file_path)) {
151
- $this->remove_file_dir($original_file_path);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
152
  }
153
- }
154
- }
155
- $_REQUEST['file_names'] = '';
156
- $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
157
- $query_url = add_query_arg(array('action' => 'addImage', 'filemanager_msg' => $msg, 'width' => '650', 'height' => '500', 'task' => 'show_file_manager', 'extensions' => esc_html($_REQUEST['extensions']), 'callback' => esc_html($_REQUEST['callback']), 'image_for' => esc_html($_REQUEST['image_for']), 'slide_id' => esc_html($_REQUEST['slide_id']), 'dir' => esc_html($_REQUEST['dir']), 'TB_iframe' => '1'), $query_url);
158
- header('Location: ' . $query_url);
159
- exit;
160
- }
161
-
162
- public function paste_items() {
163
- $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', ($_REQUEST['dir'])) : '');
164
- $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
165
- $msg = '';
166
 
167
- $file_names = explode('**#**', (isset($_REQUEST['clipboard_files']) ? stripslashes($_REQUEST['clipboard_files']) : ''));
168
- // $src_dir = $_SESSION['clipboard_src'];
169
- $src_dir = (isset($_REQUEST['clipboard_src']) ? stripslashes($_REQUEST['clipboard_src']) : '');
170
- $src_dir = $src_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $src_dir;
171
- $src_dir = htmlspecialchars_decode($src_dir, ENT_COMPAT | ENT_QUOTES);
172
- // $dest_dir = $_SESSION['clipboard_dest'];
173
- $dest_dir = (isset($_REQUEST['clipboard_dest']) ? stripslashes($_REQUEST['clipboard_dest']) : '');
174
- $dest_dir = $dest_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $dest_dir;
175
- $dest_dir = htmlspecialchars_decode($dest_dir, ENT_COMPAT | ENT_QUOTES);
176
-
177
- switch ((isset($_REQUEST['clipboard_task']) ? stripslashes($_REQUEST['clipboard_task']) : '')) {
178
- case 'copy':
179
  foreach ($file_names as $file_name) {
180
  $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
 
181
  $src = $src_dir . '/' . $file_name;
182
- if (file_exists($src) == false) {
183
- $msg = "Failed to copy some of the files.";
184
- $msg = $file_name;
185
- continue;
186
- }
187
  $dest = $dest_dir . '/' . $file_name;
188
  if (!is_dir($src_dir . '/' . $file_name)) {
189
- if (!is_dir($dest_dir . '/thumb')) {
190
- mkdir($dest_dir . '/thumb', 0777);
191
- }
192
  $thumb_src = $src_dir . '/thumb/' . $file_name;
193
  $thumb_dest = $dest_dir . '/thumb/' . $file_name;
194
- if (!is_dir($dest_dir . '/.original')) {
195
- mkdir($dest_dir . '/.original', 0777);
196
  }
197
  $original_src = $src_dir . '/.original/' . $file_name;
198
  $original_dest = $dest_dir . '/.original/' . $file_name;
199
- }
200
- $i = 0;
201
- if (file_exists($dest) == true) {
202
- $path_parts = pathinfo($dest);
203
- while (file_exists($path_parts['dirname'] . '/' . $path_parts['filename'] . '(' . ++$i . ')' . '.' . $path_parts['extension'])) {
204
- }
205
- $dest = $path_parts['dirname'] . '/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
206
- if (!is_dir($src_dir . '/' . $file_name)) {
207
- $thumb_dest = $path_parts['dirname'] . '/thumb/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
208
- $original_dest = $path_parts['dirname'] . '/.original/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
209
  }
210
  }
211
-
212
- if (!$this->copy_file_dir($src, $dest)) {
213
- $msg = "Failed to copy some of the files.";
214
  }
215
  if (!is_dir($src_dir . '/' . $file_name)) {
216
- $this->copy_file_dir($thumb_src, $thumb_dest);
217
- $this->copy_file_dir($original_src, $original_dest);
218
  }
219
  }
220
- break;
221
- case 'cut':
222
- if ($src_dir != $dest_dir) {
223
- foreach ($file_names as $file_name) {
224
- $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
225
- $src = $src_dir . '/' . $file_name;
226
- $dest = $dest_dir . '/' . $file_name;
227
- if (!is_dir($src_dir . '/' . $file_name)) {
228
- $thumb_src = $src_dir . '/thumb/' . $file_name;
229
- $thumb_dest = $dest_dir . '/thumb/' . $file_name;
230
- if (!is_dir($dest_dir . '/thumb')) {
231
- mkdir($dest_dir . '/thumb', 0777);
232
- }
233
- $original_src = $src_dir . '/.original/' . $file_name;
234
- $original_dest = $dest_dir . '/.original/' . $file_name;
235
- if (!is_dir($dest_dir . '/.original')) {
236
- mkdir($dest_dir . '/.original', 0777);
237
- }
238
- }
239
- if ((file_exists($src) == false) || (file_exists($dest) == true) || (!rename($src, $dest))) {
240
- $msg = "Failed to move some of the files.";
241
- }
242
- if (!is_dir($src_dir . '/' . $file_name)) {
243
- rename($thumb_src, $thumb_dest);
244
- rename($original_src, $original_dest);
245
- }
246
- }
247
- }
248
- break;
249
- }
250
- $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
251
- $query_url = add_query_arg(array('action' => 'addImage', 'filemanager_msg' => $msg, 'width' => '650', 'height' => '500', 'task' => 'show_file_manager', 'extensions' => esc_html($_REQUEST['extensions']), 'callback' => esc_html($_REQUEST['callback']), 'image_for' => esc_html($_REQUEST['image_for']), 'slide_id' => esc_html($_REQUEST['slide_id']), 'dir' => esc_html($_REQUEST['dir']), 'TB_iframe' => '1'), $query_url);
252
- header('Location: ' . $query_url);
253
- exit;
254
  }
255
 
256
- public function import_items() {
257
- $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
258
- $query_url = add_query_arg(array('action' => 'wds_UploadHandler', 'importer_thumb_width' => esc_html($_REQUEST['importer_thumb_width']), 'importer_thumb_height' => esc_html($_REQUEST['importer_thumb_height']), 'callback' => esc_html($_REQUEST['callback']), 'image_for' => esc_html($_REQUEST['image_for']), 'slide_id' => esc_html($_REQUEST['slide_id']), 'file_namesML' => esc_html($_REQUEST['file_namesML']), 'importer_img_width' => esc_html($_REQUEST['importer_img_width']), 'importer_img_height' => esc_html($_REQUEST['importer_img_height']), 'import' => 'true', 'redir' => esc_html($_REQUEST['dir']), 'dir' => $this->get_uploads_dir() . '/' . esc_html($_REQUEST['dir']) . '/'), $query_url);
259
- header('Location: ' . $query_url);
260
- exit;
261
- }
 
 
 
 
 
 
 
 
 
 
 
 
262
 
263
- ////////////////////////////////////////////////////////////////////////////////////////
264
- // Getters & Setters //
265
- ////////////////////////////////////////////////////////////////////////////////////////
266
- ////////////////////////////////////////////////////////////////////////////////////////
267
- // Private Methods //
268
- ////////////////////////////////////////////////////////////////////////////////////////
269
- private function remove_file_dir($del_file_dir) {
270
- if (is_dir($del_file_dir) == true) {
271
- $files_to_remove = scandir($del_file_dir);
272
- foreach ($files_to_remove as $file) {
273
- if ($file != '.' and $file != '..') {
274
- $this->remove_file_dir($del_file_dir . '/' . $file);
275
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
276
  }
277
- rmdir($del_file_dir);
278
- }
279
- else {
280
- unlink($del_file_dir);
281
  }
 
 
 
 
282
  }
 
283
 
284
- private function copy_file_dir($src, $dest) {
285
- if (is_dir($src) == true) {
286
- $dir = opendir($src);
287
- @mkdir($dest);
288
- while (false !== ($file = readdir($dir))) {
289
- if (($file != '.') && ($file != '..')) {
290
- if (is_dir($src . '/' . $file)) {
291
- $this->copy_file_dir($src . '/' . $file, $dest . '/' . $file);
292
- }
293
- else {
294
- copy($src . '/' . $file, $dest . '/' . $file);
295
- }
 
 
296
  }
297
  }
298
- closedir($dir);
299
- return true;
300
- }
301
- else {
302
- return copy($src, $dest);
303
  }
 
 
304
  }
305
-
306
-
307
- ////////////////////////////////////////////////////////////////////////////////////////
308
- // Listeners //
309
- ////////////////////////////////////////////////////////////////////////////////////////
310
- }
7
 
8
 
9
  class FilemanagerController {
10
+ public $uploads_dir;
11
+ public $uploads_url;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
 
13
+ public function __construct() {
14
+ global $WD_S_UPLOAD_DIR;
15
+ $upload_dir = wp_upload_dir();
16
+ $this->uploads_dir = ABSPATH . $WD_S_UPLOAD_DIR;
17
+ if (file_exists($this->uploads_dir) == FALSE) {
18
+ mkdir($this->uploads_dir);
 
 
 
 
 
19
  }
20
+ $this->uploads_url = site_url() . '/' . $WD_S_UPLOAD_DIR;
21
+ }
22
 
23
+ public function execute() {
24
+ $task = isset($_REQUEST['task']) ? stripslashes(esc_html($_REQUEST['task'])) : 'display';
25
+ if (method_exists($this, $task)) {
26
+ $this->$task();
27
  }
28
+ else {
29
+ $this->display();
 
30
  }
31
+ }
32
 
33
+ public function get_uploads_dir() {
34
+ return $this->uploads_dir;
35
+ }
36
 
37
+ public function get_uploads_url() {
38
+ return $this->uploads_url;
39
+ }
40
+
41
+ public function display() {
42
+ require_once WD_S_DIR . '/filemanager/model.php';
43
+ $model = new FilemanagerModel($this);
44
+
45
+ require_once WD_S_DIR . '/filemanager/view.php';
46
+ $view = new FilemanagerView($this, $model);
47
+ $view->display();
48
+ }
49
+
50
+ private function esc_dir($dir) {
51
+ $dir = str_replace('../', '', $dir);
52
+
53
+ return $dir;
54
+ }
55
+
56
+ public function make_dir() {
57
+ $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', esc_html($_REQUEST['dir'])) : '');
58
+ $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
59
+ $input_dir = $this->esc_dir($input_dir);
60
 
61
+ $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
 
 
 
62
 
63
+ $new_dir_path = $cur_dir_path . '/' . (isset($_REQUEST['new_dir_name']) ? stripslashes(esc_html(sanitize_file_name($_REQUEST['new_dir_name']))) : '');
64
+ $new_dir_path = htmlspecialchars_decode($new_dir_path, ENT_COMPAT | ENT_QUOTES);
65
+ $new_dir_path = $this->esc_dir($new_dir_path);
66
+
67
+ if (file_exists($new_dir_path) == true) {
68
+ $msg = __("Directory already exists.", 'wds');
69
+ }
70
+ else {
71
  $msg = '';
72
+ mkdir($new_dir_path);
73
+ }
74
+ $args = array(
75
+ 'action' => 'addImage',
76
+ 'filemanager_msg' => $msg,
77
+ 'width' => '650',
78
+ 'height' => '500',
79
+ 'task' => 'display',
80
+ 'extensions' => esc_html($_REQUEST['extensions']),
81
+ 'callback' => esc_html($_REQUEST['callback']),
82
+ 'image_for' => esc_html($_REQUEST['image_for']),
83
+ 'slide_id' => esc_html($_REQUEST['slide_id']),
84
+ 'dir' => esc_html($_REQUEST['dir']),
85
+ 'TB_iframe' => '1',
86
+ );
87
+ $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
88
+ $query_url = add_query_arg($args, $query_url);
89
+ header('Location: ' . $query_url);
90
+ exit;
91
+ }
92
+
93
+ public function rename_item() {
94
+ $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', esc_html($_REQUEST['dir'])) : '');
95
+ $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
96
+ $input_dir = $this->esc_dir($input_dir);
97
+
98
+ $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
99
+
100
+ $file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
101
+ $file_name = $file_names[0];
102
+ $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
103
+ $file_name = str_replace('../', '', $file_name);
104
+
105
+ $file_new_name = (isset($_REQUEST['file_new_name']) ? stripslashes(esc_html($_REQUEST['file_new_name'])) : '');
106
+ $file_new_name = htmlspecialchars_decode($file_new_name, ENT_COMPAT | ENT_QUOTES);
107
+ $file_new_name = $this->esc_dir($file_new_name);
108
+
109
+ $file_path = $cur_dir_path . '/' . $file_name;
110
+ $thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
111
+ $original_file_path = $cur_dir_path . '/.original/' . $file_name;
112
+
113
+ $msg = '';
114
+
115
+ if (file_exists($file_path) == false) {
116
+ $msg = __("File doesn't exist.", 'wds');
117
+ }
118
+ elseif (is_dir($file_path) == true) {
119
+ if (rename($file_path, $cur_dir_path . '/' . sanitize_file_name($file_new_name)) == false) {
120
+ $msg = __("Can't rename the file.", 'wds');
121
  }
122
+ }
123
+ elseif ((strrpos($file_name, '.') !== false)) {
124
+ $file_extension = substr($file_name, strrpos($file_name, '.') + 1);
125
+ if (rename($file_path, $cur_dir_path . '/' . $file_new_name . '.' . $file_extension) == false) {
126
+ $msg = __("Can't rename the file.", 'wds');
127
  }
128
+ rename($thumb_file_path, $cur_dir_path . '/thumb/' . $file_new_name . '.' . $file_extension);
129
+ rename($original_file_path, $cur_dir_path . '/.original/' . $file_new_name . '.' . $file_extension);
130
+ }
131
+ else {
132
+ $msg = __("Can't rename the file.", 'wds');
133
  }
134
+ $_REQUEST['file_names'] = '';
135
 
136
+ $args = array(
137
+ 'action' => 'addImage',
138
+ 'filemanager_msg' => $msg,
139
+ 'width' => '650',
140
+ 'height' => '500',
141
+ 'task' => 'display',
142
+ 'extensions' => esc_html($_REQUEST['extensions']),
143
+ 'callback' => esc_html($_REQUEST['callback']),
144
+ 'image_for' => esc_html($_REQUEST['image_for']),
145
+ 'slide_id' => esc_html($_REQUEST['slide_id']),
146
+ 'dir' => esc_html($_REQUEST['dir']),
147
+ 'TB_iframe' => '1',
148
+ );
149
+ $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
150
+ $query_url = add_query_arg($args, $query_url);
151
+ header('Location: ' . $query_url);
152
+ exit;
153
+ }
154
 
155
+ public function remove_items() {
156
+ $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', ($_REQUEST['dir'])) : '');
157
+ $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
158
+ $input_dir = $this->esc_dir($input_dir);
159
+
160
+ $cur_dir_path = $input_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $input_dir;
161
 
162
+ $file_names = explode('**#**', (isset($_REQUEST['file_names']) ? stripslashes(esc_html($_REQUEST['file_names'])) : ''));
 
163
 
164
+ $msg = '';
165
+ foreach ($file_names as $file_name) {
166
+ $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
167
+ $file_name = str_replace('../', '', $file_name);
168
  $file_path = $cur_dir_path . '/' . $file_name;
169
  $thumb_file_path = $cur_dir_path . '/thumb/' . $file_name;
170
  $original_file_path = $cur_dir_path . '/.original/' . $file_name;
 
 
171
  if (file_exists($file_path) == false) {
172
+ $msg = __("Some of the files couldn't be removed.", 'wds');
173
  }
174
+ else {
175
+ $this->remove_file_dir($file_path);
176
+ if (file_exists($thumb_file_path)) {
177
+ $this->remove_file_dir($thumb_file_path);
178
  }
179
+ if (file_exists($original_file_path)) {
180
+ $this->remove_file_dir($original_file_path);
 
 
 
181
  }
 
 
 
 
 
182
  }
 
 
 
 
 
183
  }
184
+ $_REQUEST['file_names'] = '';
185
 
186
+ $args = array(
187
+ 'action' => 'addImage',
188
+ 'filemanager_msg' => $msg,
189
+ 'width' => '650',
190
+ 'height' => '500',
191
+ 'task' => 'show_file_manager',
192
+ 'extensions' => esc_html($_REQUEST['extensions']),
193
+ 'callback' => esc_html($_REQUEST['callback']),
194
+ 'image_for' => esc_html($_REQUEST['image_for']),
195
+ 'slide_id' => esc_html($_REQUEST['slide_id']),
196
+ 'dir' => esc_html($_REQUEST['dir']),
197
+ 'TB_iframe' => '1',
198
+ );
199
+ $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
200
+ $query_url = add_query_arg($args, $query_url);
201
+ header('Location: ' . $query_url);
202
+ exit;
203
+ }
204
 
205
+ public function paste_items() {
206
+ $input_dir = (isset($_REQUEST['dir']) ? str_replace('\\', '', ($_REQUEST['dir'])) : '');
207
+ $input_dir = htmlspecialchars_decode($input_dir, ENT_COMPAT | ENT_QUOTES);
208
+ $input_dir = $this->esc_dir($input_dir);
209
 
210
+ $msg = '';
211
+
212
+ $file_names = explode('**#**', (isset($_REQUEST['clipboard_files']) ? stripslashes($_REQUEST['clipboard_files']) : ''));
213
+ $src_dir = (isset($_REQUEST['clipboard_src']) ? stripslashes($_REQUEST['clipboard_src']) : '');
214
+ $src_dir = $src_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $src_dir;
215
+ $src_dir = htmlspecialchars_decode($src_dir, ENT_COMPAT | ENT_QUOTES);
216
+ $src_dir = $this->esc_dir($src_dir);
217
+
218
+ $dest_dir = (isset($_REQUEST['clipboard_dest']) ? stripslashes($_REQUEST['clipboard_dest']) : '');
219
+ $dest_dir = $dest_dir == '' ? $this->uploads_dir : $this->uploads_dir . '/' . $dest_dir;
220
+ $dest_dir = htmlspecialchars_decode($dest_dir, ENT_COMPAT | ENT_QUOTES);
221
+ $dest_dir = $this->esc_dir($dest_dir);
222
+
223
+ switch ((isset($_REQUEST['clipboard_task']) ? stripslashes($_REQUEST['clipboard_task']) : '')) {
224
+ case 'copy':
225
+ foreach ($file_names as $file_name) {
226
+ $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
227
+ $file_name = str_replace('../', '', $file_name);
228
+ $src = $src_dir . '/' . $file_name;
229
+ if (file_exists($src) == false) {
230
+ $msg = __("Failed to copy some of the files.", 'wds');
231
+ $msg .= $file_name;
232
+ continue;
233
  }
234
+ $dest = $dest_dir . '/' . $file_name;
235
+ if (!is_dir($src_dir . '/' . $file_name)) {
236
+ if (!is_dir($dest_dir . '/thumb')) {
237
+ mkdir($dest_dir . '/thumb', 0777);
238
+ }
239
+ $thumb_src = $src_dir . '/thumb/' . $file_name;
240
+ $thumb_dest = $dest_dir . '/thumb/' . $file_name;
241
+ if (!is_dir($dest_dir . '/.original')) {
242
+ mkdir($dest_dir . '/.original', 0777);
243
+ }
244
+ $original_src = $src_dir . '/.original/' . $file_name;
245
+ $original_dest = $dest_dir . '/.original/' . $file_name;
246
+ }
247
+ $i = 0;
248
+ if (file_exists($dest) == true) {
249
+ $path_parts = pathinfo($dest);
250
+ while (file_exists($path_parts['dirname'] . '/' . $path_parts['filename'] . '(' . ++$i . ')' . '.' . $path_parts['extension'])) {
251
+ }
252
+ $dest = $path_parts['dirname'] . '/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
253
+ if (!is_dir($src_dir . '/' . $file_name)) {
254
+ $thumb_dest = $path_parts['dirname'] . '/thumb/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
255
+ $original_dest = $path_parts['dirname'] . '/.original/' . $path_parts['filename'] . '(' . $i . ')' . '.' . $path_parts['extension'];
256
+ }
257
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
258
 
259
+ if (!$this->copy_file_dir($src, $dest)) {
260
+ $msg = __("Failed to copy some of the files.", 'wds');
261
+ }
262
+ if (!is_dir($src_dir . '/' . $file_name)) {
263
+ $this->copy_file_dir($thumb_src, $thumb_dest);
264
+ $this->copy_file_dir($original_src, $original_dest);
265
+ }
266
+ }
267
+ break;
268
+ case 'cut':
269
+ if ($src_dir != $dest_dir) {
 
270
  foreach ($file_names as $file_name) {
271
  $file_name = htmlspecialchars_decode($file_name, ENT_COMPAT | ENT_QUOTES);
272
+ $file_name = str_replace('../', '', $file_name);
273
  $src = $src_dir . '/' . $file_name;
 
 
 
 
 
274
  $dest = $dest_dir . '/' . $file_name;
275
  if (!is_dir($src_dir . '/' . $file_name)) {
 
 
 
276
  $thumb_src = $src_dir . '/thumb/' . $file_name;
277
  $thumb_dest = $dest_dir . '/thumb/' . $file_name;
278
+ if (!is_dir($dest_dir . '/thumb')) {
279
+ mkdir($dest_dir . '/thumb', 0777);
280
  }
281
  $original_src = $src_dir . '/.original/' . $file_name;
282
  $original_dest = $dest_dir . '/.original/' . $file_name;
283
+ if (!is_dir($dest_dir . '/.original')) {
284
+ mkdir($dest_dir . '/.original', 0777);
 
 
 
 
 
 
 
 
285
  }
286
  }
287
+ if ((file_exists($src) == false) || (file_exists($dest) == true) || (!rename($src, $dest))) {
288
+ $msg = __("Failed to move some of the files.", 'wds');
 
289
  }
290
  if (!is_dir($src_dir . '/' . $file_name)) {
291
+ rename($thumb_src, $thumb_dest);
292
+ rename($original_src, $original_dest);
293
  }
294
  }
295
+ }
296
+ break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
297
  }
298
 
299
+ $args = array(
300
+ 'action' => 'addImage',
301
+ 'filemanager_msg' => $msg,
302
+ 'width' => '650',
303
+ 'height' => '500',
304
+ 'task' => 'show_file_manager',
305
+ 'extensions' => esc_html($_REQUEST['extensions']),
306
+ 'callback' => esc_html($_REQUEST['callback']),
307
+ 'image_for' => esc_html($_REQUEST['image_for']),
308
+ 'slide_id' => esc_html($_REQUEST['slide_id']),
309
+ 'dir' => $input_dir,
310
+ 'TB_iframe' => '1',
311
+ );
312
+ $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
313
+ $query_url = add_query_arg($args, $query_url);
314
+ header('Location: ' . $query_url);
315
+ exit;
316
+ }
317
 
318
+ public function import_items() {
319
+ $args = array(
320
+ 'action' => 'wds_UploadHandler',
321
+ 'importer_thumb_width' => esc_html($_REQUEST['importer_thumb_width']),
322
+ 'importer_thumb_height' => esc_html($_REQUEST['importer_thumb_height']),
323
+ 'callback' => esc_html($_REQUEST['callback']),
324
+ 'image_for' => esc_html($_REQUEST['image_for']),
325
+ 'slide_id' => esc_html($_REQUEST['slide_id']),
326
+ 'file_namesML' => esc_html($_REQUEST['file_namesML']),
327
+ 'importer_img_width' => esc_html($_REQUEST['importer_img_width']),
328
+ 'importer_img_height' => esc_html($_REQUEST['importer_img_height']),
329
+ 'import' => 'true',
330
+ 'redir' => esc_html($_REQUEST['dir']),
331
+ 'dir' => $this->get_uploads_dir() . '/' . esc_html($_REQUEST['dir']) . '/',
332
+ );
333
+ $query_url = wp_nonce_url(admin_url('admin-ajax.php'), 'addImage', 'nonce_wd');
334
+ $query_url = add_query_arg($args, $query_url);
335
+ header('Location: ' . $query_url);
336
+ exit;
337
+ }
338
+
339
+ private function remove_file_dir($del_file_dir) {
340
+ $del_file_dir = $this->esc_dir($del_file_dir);
341
+
342
+ if (is_dir($del_file_dir) == true) {
343
+ $files_to_remove = scandir($del_file_dir);
344
+ foreach ($files_to_remove as $file) {
345
+ if ($file != '.' and $file != '..') {
346
+ $this->remove_file_dir($del_file_dir . '/' . $file);
347
  }
 
 
 
 
348
  }
349
+ rmdir($del_file_dir);
350
+ }
351
+ else {
352
+ unlink($del_file_dir);
353
  }
354
+ }
355
 
356
+ private function copy_file_dir($src, $dest) {
357
+ $src = $this->esc_dir($src);
358
+ $dest = $this->esc_dir($dest);
359
+
360
+ if (is_dir($src) == true) {
361
+ $dir = opendir($src);
362
+ @mkdir($dest);
363
+ while (false !== ($file = readdir($dir))) {
364
+ if (($file != '.') && ($file != '..')) {
365
+ if (is_dir($src . '/' . $file)) {
366
+ $this->copy_file_dir($src . '/' . $file, $dest . '/' . $file);
367
+ }
368
+ else {
369
+ copy($src . '/' . $file, $dest . '/' . $file);
370
  }
371
  }
 
 
 
 
 
372
  }
373
+ closedir($dir);
374
+ return true;
375
  }
376
+ else {
377
+ return copy($src, $dest);
378
+ }
379
+ }
380
+ }
 
filemanager/js/default.js CHANGED
@@ -11,8 +11,6 @@ var dragFiles;
11
  var isUploading;
12
 
13
  var ajax = true;
14
- var importer_ajax = true;
15
- var media_lib_images = false;
16
 
17
  var all_files_selected = false;
18
  var no_selected_files = [];
@@ -50,7 +48,6 @@ jQuery(document).ready(function () {
50
  filesSelected = [];
51
  dragFiles = [];
52
 
53
- //file manager under system messages
54
  jQuery("#wrapper").css("top", jQuery("#file_manager_message").css("height"));
55
  jQuery(window).resize(function () {
56
  jQuery("#container").css("top", jQuery("#file_manager_message").css("height"));
@@ -94,7 +91,6 @@ function getClipboardFiles() {
94
 
95
  function submit(task, sortBy, sortOrder, itemsView, destDir, fileNewName, newDirName, clipboardTask, clipboardFiles, clipboardSrc, clipboardDest) {
96
  var names_array = [];
97
- var lib_names_array = [];
98
  if (all_files_selected === true) {
99
  for (i in wdb_all_files) {
100
  var index = no_selected_files.indexOf(wdb_all_files[i]["name"]);
@@ -156,7 +152,6 @@ function submit(task, sortBy, sortOrder, itemsView, destDir, fileNewName, newDir
156
  if (itemsView != null) {
157
  jQuery("form[name=adminForm]").find("input[name=items_view]").val(itemsView);
158
  }
159
-
160
  if (destDir != null) {
161
  jQuery("form[name=adminForm]").find("input[name=dir]").val(destDir);
162
  }
@@ -169,7 +164,6 @@ function submit(task, sortBy, sortOrder, itemsView, destDir, fileNewName, newDir
169
  if (newDirName != null) {
170
  jQuery("form[name=adminForm]").find("input[name=new_dir_name]").val(newDirName);
171
  }
172
-
173
  if (clipboardTask != null) {
174
  jQuery("form[name=adminForm]").find("input[name=clipboard_task]").val(clipboardTask);
175
  }
@@ -242,7 +236,7 @@ function submitFiles() {
242
  fileData['filetype'] = jQuery(file_object).attr("filetype");
243
  fileData['date_modified'] = jQuery(file_object).attr("date_modified");
244
  fileData['resolution'] = jQuery(file_object).attr("fileresolution");
245
- filesValid.push(fileData);
246
  }
247
  }
248
  }
@@ -435,18 +429,10 @@ function onFileMOver(event, obj) {
435
  jQuery(obj).addClass("explorer_item_hover");
436
  }
437
 
438
- function onFileMOverML(event, obj) {
439
- jQuery(obj).addClass("importer_item_hover");
440
- }
441
-
442
  function onFileMOut(event, obj) {
443
  jQuery(obj).removeClass("explorer_item_hover");
444
  }
445
 
446
- function onFileMOutML(event, obj) {
447
- jQuery(obj).removeClass("importer_item_hover");
448
- }
449
-
450
  function onFileClick(event, obj) {
451
  jQuery(".explorer_item").removeClass("explorer_item_select");
452
  var objName = jQuery(obj).attr("name");
11
  var isUploading;
12
 
13
  var ajax = true;
 
 
14
 
15
  var all_files_selected = false;
16
  var no_selected_files = [];
48
  filesSelected = [];
49
  dragFiles = [];
50
 
 
51
  jQuery("#wrapper").css("top", jQuery("#file_manager_message").css("height"));
52
  jQuery(window).resize(function () {
53
  jQuery("#container").css("top", jQuery("#file_manager_message").css("height"));
91
 
92
  function submit(task, sortBy, sortOrder, itemsView, destDir, fileNewName, newDirName, clipboardTask, clipboardFiles, clipboardSrc, clipboardDest) {
93
  var names_array = [];
 
94
  if (all_files_selected === true) {
95
  for (i in wdb_all_files) {
96
  var index = no_selected_files.indexOf(wdb_all_files[i]["name"]);
152
  if (itemsView != null) {
153
  jQuery("form[name=adminForm]").find("input[name=items_view]").val(itemsView);
154
  }
 
155
  if (destDir != null) {
156
  jQuery("form[name=adminForm]").find("input[name=dir]").val(destDir);
157
  }
164
  if (newDirName != null) {
165
  jQuery("form[name=adminForm]").find("input[name=new_dir_name]").val(newDirName);
166
  }
 
167
  if (clipboardTask != null) {
168
  jQuery("form[name=adminForm]").find("input[name=clipboard_task]").val(clipboardTask);
169
  }
236
  fileData['filetype'] = jQuery(file_object).attr("filetype");
237
  fileData['date_modified'] = jQuery(file_object).attr("date_modified");
238
  fileData['resolution'] = jQuery(file_object).attr("fileresolution");
239
+ filesValid.push(fileData);
240
  }
241
  }
242
  }
429
  jQuery(obj).addClass("explorer_item_hover");
430
  }
431
 
 
 
 
 
432
  function onFileMOut(event, obj) {
433
  jQuery(obj).removeClass("explorer_item_hover");
434
  }
435
 
 
 
 
 
436
  function onFileClick(event, obj) {
437
  jQuery(".explorer_item").removeClass("explorer_item_select");
438
  var objName = jQuery(obj).attr("name");
filemanager/model.php CHANGED
@@ -9,224 +9,201 @@ $p_dir;
9
  $s_order;
10
 
11
  class FilemanagerModel {
12
- ////////////////////////////////////////////////////////////////////////////////////////
13
- // Events //
14
- ////////////////////////////////////////////////////////////////////////////////////////
15
- ////////////////////////////////////////////////////////////////////////////////////////
16
- // Constants //
17
- ////////////////////////////////////////////////////////////////////////////////////////
18
- ////////////////////////////////////////////////////////////////////////////////////////
19
- // Variables //
20
- ////////////////////////////////////////////////////////////////////////////////////////
21
- private $controller;
22
- private $element_load_count = 30;
23
- ////////////////////////////////////////////////////////////////////////////////////////
24
- // Constructor & Destructor //
25
- ////////////////////////////////////////////////////////////////////////////////////////
26
- public function __construct($controller) {
27
- $this->controller = $controller;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
-
30
- ////////////////////////////////////////////////////////////////////////////////////////
31
- // Public Methods //
32
- ////////////////////////////////////////////////////////////////////////////////////////
33
- public function get_file_manager_data() {
34
- $session_data = array();
35
- $session_data['sort_by'] = $this->get_from_session('sort_by', 'date_modified');
36
- $session_data['sort_order'] = $this->get_from_session('sort_order', 'desc');
37
- $session_data['items_view'] = $this->get_from_session('items_view', 'thumbs');
38
- $session_data['clipboard_task'] = $this->get_from_session('clipboard_task', '');
39
- $session_data['clipboard_files'] = $this->get_from_session('clipboard_files', '');
40
- $session_data['clipboard_src'] = $this->get_from_session('clipboard_src', '');
41
- $session_data['clipboard_dest'] = $this->get_from_session('clipboard_dest', '');
42
-
43
- $data = array();
44
- $data['session_data'] = $session_data;
45
- $data['path_components'] = $this->get_path_components();
46
- $data['dir'] = $this->controller->get_uploads_dir() . (isset($_REQUEST['dir']) ? esc_html($_REQUEST['dir']) : '');
47
- $get_files_data = $this->get_files($session_data['sort_by'], $session_data['sort_order']);
48
- $data['files'] = $get_files_data['files'];
49
- $data['files_count'] = $get_files_data['files_count'];
50
- $data['all_files'] = $get_files_data['all_files'];
51
- $data['element_load_count'] = $this->element_load_count;
52
- $data['extensions'] = (isset($_REQUEST['extensions']) ? esc_html($_REQUEST['extensions']) : '');
53
- $data['callback'] = (isset($_REQUEST['callback']) ? esc_html($_REQUEST['callback']) : '');
54
- $data['image_for'] = (isset($_REQUEST['image_for']) ? esc_html($_REQUEST['image_for']) : '');
55
- $data['slide_id'] = (isset($_REQUEST['slide_id']) ? esc_html($_REQUEST['slide_id']) : '');
56
-
57
- return $data;
58
  }
59
-
60
- ////////////////////////////////////////////////////////////////////////////////////////
61
- // Getters & Setters //
62
- ////////////////////////////////////////////////////////////////////////////////////////
63
- ////////////////////////////////////////////////////////////////////////////////////////
64
- // Private Methods //
65
- ////////////////////////////////////////////////////////////////////////////////////////
66
- private function get_from_session($key, $default) {
67
- if (isset($_REQUEST[$key])) {
68
- $_REQUEST[$key] = stripslashes($_REQUEST[$key]);
69
- }
70
- else {
71
- $_REQUEST[$key] = stripslashes($default);
 
 
 
 
72
  }
73
- return esc_html(stripslashes($_REQUEST[$key]));
74
- }
75
-
76
- public function get_path_components() {
77
- $dir_names = explode('/', (isset($_REQUEST['dir']) ? esc_html($_REQUEST['dir']) : ''));
78
- $path = '';
79
-
80
- $components = array();
81
  $component = array();
82
- global $WD_S_UPLOAD_DIR;
83
- $component['name'] = $WD_S_UPLOAD_DIR;
84
  $component['path'] = $path;
85
  $components[] = $component;
86
- for ($i = 0; $i < count($dir_names); $i++) {
87
- $dir_name = $dir_names[$i];
88
- if ($dir_name == '') {
89
- continue;
90
- }
91
- $path .= (($path == '') ? $dir_name : '/' . $dir_name);
92
- $component = array();
93
- $component['name'] = $dir_name;
94
- $component['path'] = $path;
95
- $components[] = $component;
 
 
 
 
 
 
 
96
  }
97
- return $components;
98
  }
 
99
 
100
- function get_files($sort_by, $sort_order) {
101
- $icons_dir_path = WD_S_DIR . '/filemanager/images/file_icons';
102
- $icons_dir_url = WD_S_URL . '/filemanager/images/file_icons';
103
- $valid_types = explode(',', isset($_REQUEST['extensions']) ? strtolower(esc_html($_REQUEST['extensions'])) : '*');
104
- $image_for = isset($_REQUEST['image_for']) ? esc_html($_REQUEST['image_for']) : '';
105
- $dir = (isset($_REQUEST['dir']) ? '/' . htmlspecialchars_decode(stripslashes(esc_html($_REQUEST['dir'])), ENT_COMPAT | ENT_QUOTES) : '');
106
- $parent_dir = $this->controller->get_uploads_dir() . $dir;
107
- $parent_dir_url = $this->controller->get_uploads_url() . $dir;
108
-
109
- if ($image_for == 'nav_right_but' || $image_for == 'nav_right_hov_but' || $image_for == 'nav_left_but' || $image_for == 'nav_left_hov_but') {
110
- if (!is_dir($parent_dir)) {
111
- mkdir($parent_dir, 0777);
112
- }
113
  }
114
- $file_names = $this->get_sorted_file_names($parent_dir, $sort_by, $sort_order);
115
-
116
- $dirs = array();
117
- $files = array();
118
- foreach ($file_names as $file_name) {
119
- if (($file_name == '.') || ($file_name == '..') || ($file_name == 'thumb') || ($file_name == '.original')) {
120
- continue;
121
- }
122
- if (is_dir($parent_dir . '/' . $file_name) == TRUE) {
123
- $file = array();
124
- $file['is_dir'] = TRUE;
125
- $file['name'] = $file_name;
126
- $file['filename'] = str_replace("_", " ", $file_name);
127
- $file['type'] = '';
128
- $file['thumb'] = $icons_dir_url . '/dir.png';
129
- $file['icon'] = $icons_dir_url . '/dir.png';
130
- $file['size'] = '';
131
- $file['date_modified'] = '';
132
- $file['resolution'] = '';
133
- $dirs[] = $file;
 
 
 
 
134
  }
135
- else {
136
- $file = array();
137
- $file['is_dir'] = FALSE;
138
- $file['name'] = $file_name;
139
- $filename = substr($file_name, 0, strrpos($file_name, '.'));
140
- $file['filename'] = str_replace("_", " ", $filename);
141
- $file_extension = explode('.', $file_name);
142
- $file['type'] = strtolower(end($file_extension));
143
- $icon = $icons_dir_url . '/' . $file['type'] . '.png';
144
- if (file_exists($icons_dir_path . '/' . $file['type'] . '.png') == FALSE) {
145
- $icon = $icons_dir_url . '/' . '_blank.png';
146
- }
147
- $file['thumb'] = $this->is_img($file['type']) ? $parent_dir_url . '/thumb/' . $file_name : $icon;
148
- $file['icon'] = $icon;
149
- if (($valid_types[0] != '*') && (in_array($file['type'], $valid_types) == FALSE)) {
150
- continue;
151
- }
152
- $file_size_kb = (int)(filesize($parent_dir . '/' . $file_name) / 1024);
153
- // $file_size_mb = (int)($file_size_kb / 1024);
154
- // $file['size'] = $file_size_kb < 1024 ? (string)$file_size_kb . 'KB' : (string)$file_size_mb . 'MB';
155
- $file['size'] = $file_size_kb . ' KB';
156
- $file['date_modified'] = date('d F Y, H:i', filemtime($parent_dir . '/' . $file_name));
157
- $image_info = getimagesize(htmlspecialchars_decode($parent_dir . '/' . $file_name, ENT_COMPAT | ENT_QUOTES));
158
- $file['resolution'] = $this->is_img($file['type']) ? $image_info[0] . ' x ' . $image_info[1] . ' px' : '';
159
- $files[] = $file;
160
  }
 
 
 
 
 
 
 
 
161
  }
162
-
163
- // $result = $sort_order == 'asc' ? array_merge($dirs, $files) : array_merge($files, $dirs);
164
- $result = array_merge($dirs, $files);
165
- $files_count = count($result);
166
- $all_files = $result;
167
- $result = array_slice($result, 0, $this->element_load_count, true);
168
- return array("files" => $result, "all_files" => $all_files, "files_count" => $files_count);
169
  }
170
 
171
- private function get_sorted_file_names($parent_dir, $sort_by, $sort_order) {
172
- $file_names = scandir($parent_dir);
 
 
 
 
 
173
 
174
- global $p_dir;
175
- global $s_order;
176
 
177
- $p_dir = $parent_dir;
178
- $s_order = $sort_order;
179
 
180
- function sort_by_size ($a, $b) {
181
- global $p_dir;
182
- global $s_order;
183
 
184
- $size_of_a = filesize($p_dir . '/' . $a);
185
- $size_of_b = filesize($p_dir . '/' . $b);
186
- return $s_order == 'asc' ? $size_of_a > $size_of_b : $size_of_a < $size_of_b;
187
- }
188
 
189
- function sort_by_date($a, $b) {
190
- global $p_dir;
191
- global $s_order;
 
192
 
193
- $m_time_a = filemtime($p_dir . '/' . $a);
194
- $m_time_b = filemtime($p_dir . '/' . $b);
195
- return $s_order == 'asc' ? $m_time_a > $m_time_b : $m_time_a < $m_time_b;
196
- }
197
 
198
- switch ($sort_by) {
199
- case 'name':
200
- natcasesort($file_names);
201
- if ($sort_order == 'desc') {
202
- $file_names = array_reverse($file_names);
203
- }
204
- break;
205
- case 'size':
206
- usort($file_names, 'sort_by_size');
207
- break;
208
- case 'date_modified':
209
- usort($file_names, 'sort_by_date');
210
- break;
211
- }
212
- return $file_names;
213
  }
214
 
215
- private function is_img($file_type) {
216
- switch ($file_type) {
217
- case 'jpg':
218
- case 'jpeg':
219
- case 'png':
220
- case 'bmp':
221
- case 'gif':
222
- return true;
223
- break;
224
- }
225
- return false;
 
 
226
  }
227
-
228
-
229
- ////////////////////////////////////////////////////////////////////////////////////////
230
- // Listeners //
231
- ////////////////////////////////////////////////////////////////////////////////////////
232
- }
 
 
 
 
 
 
 
 
 
 
9
  $s_order;
10
 
11
  class FilemanagerModel {
12
+ private $controller;
13
+ private $element_load_count = 100;
14
+
15
+ public function __construct($controller) {
16
+ $this->controller = $controller;
17
+ }
18
+
19
+ public function get_file_manager_data() {
20
+ $session_data = array();
21
+ $session_data['sort_by'] = $this->get_from_session('sort_by', 'date_modified');
22
+ $session_data['sort_order'] = $this->get_from_session('sort_order', 'desc');
23
+ $session_data['items_view'] = $this->get_from_session('items_view', 'thumbs');
24
+ $session_data['clipboard_task'] = $this->get_from_session('clipboard_task', '');
25
+ $session_data['clipboard_files'] = $this->get_from_session('clipboard_files', '');
26
+ $session_data['clipboard_src'] = $this->get_from_session('clipboard_src', '');
27
+ $session_data['clipboard_dest'] = $this->get_from_session('clipboard_dest', '');
28
+
29
+ $data = array();
30
+ $data['session_data'] = $session_data;
31
+ $data['path_components'] = $this->get_path_components();
32
+ $data['dir'] = $this->controller->get_uploads_dir() . (isset($_REQUEST['dir']) ? esc_html($_REQUEST['dir']) : '');
33
+ $data['dir'] = str_replace('../', '', $data['dir']);
34
+ $get_files_data = $this->get_files($session_data['sort_by'], $session_data['sort_order']);
35
+ $data['files'] = $get_files_data['files'];
36
+ $data['files_count'] = $get_files_data['files_count'];
37
+ $data['all_files'] = $get_files_data['all_files'];
38
+ $data['element_load_count'] = $this->element_load_count;
39
+ $data['extensions'] = (isset($_REQUEST['extensions']) ? esc_html($_REQUEST['extensions']) : '');
40
+ $data['callback'] = (isset($_REQUEST['callback']) ? esc_html($_REQUEST['callback']) : '');
41
+ $data['image_for'] = (isset($_REQUEST['image_for']) ? esc_html($_REQUEST['image_for']) : '');
42
+ $data['slide_id'] = (isset($_REQUEST['slide_id']) ? esc_html($_REQUEST['slide_id']) : '');
43
+
44
+ return $data;
45
+ }
46
+
47
+ private function get_from_session($key, $default) {
48
+ if (isset($_REQUEST[$key])) {
49
+ $_REQUEST[$key] = stripslashes($_REQUEST[$key]);
50
  }
51
+ else {
52
+ $_REQUEST[$key] = stripslashes($default);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  }
54
+ return esc_html(stripslashes($_REQUEST[$key]));
55
+ }
56
+
57
+ public function get_path_components() {
58
+ $dir_names = explode('/', (isset($_REQUEST['dir']) ? str_replace('../', '', esc_html($_REQUEST['dir'])) : ''));
59
+ $path = '';
60
+
61
+ $components = array();
62
+ $component = array();
63
+ global $WD_S_UPLOAD_DIR;
64
+ $component['name'] = $WD_S_UPLOAD_DIR;
65
+ $component['path'] = $path;
66
+ $components[] = $component;
67
+ for ($i = 0; $i < count($dir_names); $i++) {
68
+ $dir_name = $dir_names[$i];
69
+ if ($dir_name == '') {
70
+ continue;
71
  }
72
+ $path .= (($path == '') ? $dir_name : '/' . $dir_name);
 
 
 
 
 
 
 
73
  $component = array();
74
+ $component['name'] = $dir_name;
 
75
  $component['path'] = $path;
76
  $components[] = $component;
77
+ }
78
+ return $components;
79
+ }
80
+
81
+ function get_files($sort_by, $sort_order) {
82
+ $icons_dir_path = WD_S_DIR . '/filemanager/images/file_icons';
83
+ $icons_dir_url = WD_S_URL . '/filemanager/images/file_icons';
84
+ $valid_types = explode(',', isset($_REQUEST['extensions']) ? strtolower(esc_html($_REQUEST['extensions'])) : '*');
85
+ $image_for = isset($_REQUEST['image_for']) ? esc_html($_REQUEST['image_for']) : '';
86
+ $dir = (isset($_REQUEST['dir']) ? '/' . htmlspecialchars_decode(stripslashes(esc_html(str_replace('../', '', $_REQUEST['dir']))), ENT_COMPAT | ENT_QUOTES) : '');
87
+ $parent_dir = $this->controller->get_uploads_dir() . $dir;
88
+ $parent_dir = str_replace('../', '', $parent_dir);
89
+ $parent_dir_url = $this->controller->get_uploads_url() . $dir;
90
+
91
+ if ($image_for == 'nav_right_but' || $image_for == 'nav_right_hov_but' || $image_for == 'nav_left_but' || $image_for == 'nav_left_hov_but') {
92
+ if (!is_dir($parent_dir)) {
93
+ mkdir($parent_dir, 0777);
94
  }
 
95
  }
96
+ $file_names = $this->get_sorted_file_names($parent_dir, $sort_by, $sort_order);
97
 
98
+ $dirs = array();
99
+ $files = array();
100
+ foreach ($file_names as $file_name) {
101
+ if (($file_name == '.') || ($file_name == '..') || ($file_name == 'thumb') || ($file_name == '.original')) {
102
+ continue;
 
 
 
 
 
 
 
 
103
  }
104
+ if (is_dir($parent_dir . '/' . $file_name) == TRUE) {
105
+ $file = array();
106
+ $file['is_dir'] = TRUE;
107
+ $file['name'] = $file_name;
108
+ $file['filename'] = str_replace("_", " ", $file_name);
109
+ $file['type'] = '';
110
+ $file['thumb'] = $icons_dir_url . '/dir.png';
111
+ $file['icon'] = $icons_dir_url . '/dir.png';
112
+ $file['size'] = '';
113
+ $file['date_modified'] = '';
114
+ $file['resolution'] = '';
115
+ $dirs[] = $file;
116
+ }
117
+ else {
118
+ $file = array();
119
+ $file['is_dir'] = FALSE;
120
+ $file['name'] = $file_name;
121
+ $filename = substr($file_name, 0, strrpos($file_name, '.'));
122
+ $file['filename'] = str_replace("_", " ", $filename);
123
+ $file_extension = explode('.', $file_name);
124
+ $file['type'] = strtolower(end($file_extension));
125
+ $icon = $icons_dir_url . '/' . $file['type'] . '.png';
126
+ if (file_exists($icons_dir_path . '/' . $file['type'] . '.png') == FALSE) {
127
+ $icon = $icons_dir_url . '/' . '_blank.png';
128
  }
129
+ $file['thumb'] = $this->is_img($file['type']) ? $parent_dir_url . '/thumb/' . $file_name : $icon;
130
+ $file['icon'] = $icon;
131
+ if (($valid_types[0] != '*') && (in_array($file['type'], $valid_types) == FALSE)) {
132
+ continue;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
  }
134
+ $file_size_kb = (int)(filesize($parent_dir . '/' . $file_name) / 1024);
135
+ // $file_size_mb = (int)($file_size_kb / 1024);
136
+ // $file['size'] = $file_size_kb < 1024 ? (string)$file_size_kb . 'KB' : (string)$file_size_mb . 'MB';
137
+ $file['size'] = $file_size_kb . ' KB';
138
+ $file['date_modified'] = date('d F Y, H:i', filemtime($parent_dir . '/' . $file_name));
139
+ $image_info = getimagesize(htmlspecialchars_decode($parent_dir . '/' . $file_name, ENT_COMPAT | ENT_QUOTES));
140
+ $file['resolution'] = $this->is_img($file['type']) ? $image_info[0] . ' x ' . $image_info[1] . ' px' : '';
141
+ $files[] = $file;
142
  }
 
 
 
 
 
 
 
143
  }
144
 
145
+ // $result = $sort_order == 'asc' ? array_merge($dirs, $files) : array_merge($files, $dirs);
146
+ $result = array_merge($dirs, $files);
147
+ $files_count = count($result);
148
+ $all_files = $result;
149
+ $result = array_slice($result, 0, $this->element_load_count, true);
150
+ return array("files" => $result, "all_files" => $all_files, "files_count" => $files_count);
151
+ }
152
 
153
+ private function get_sorted_file_names($parent_dir, $sort_by, $sort_order) {
154
+ $file_names = scandir($parent_dir);
155
 
156
+ global $p_dir;
157
+ global $s_order;
158
 
159
+ $p_dir = $parent_dir;
160
+ $s_order = $sort_order;
 
161
 
162
+ function sort_by_size ($a, $b) {
163
+ global $p_dir;
164
+ global $s_order;
 
165
 
166
+ $size_of_a = filesize($p_dir . '/' . $a);
167
+ $size_of_b = filesize($p_dir . '/' . $b);
168
+ return $s_order == 'asc' ? $size_of_a > $size_of_b : $size_of_a < $size_of_b;
169
+ }
170
 
171
+ function sort_by_date($a, $b) {
172
+ global $p_dir;
173
+ global $s_order;
 
174
 
175
+ $m_time_a = filemtime($p_dir . '/' . $a);
176
+ $m_time_b = filemtime($p_dir . '/' . $b);
177
+ return $s_order == 'asc' ? $m_time_a > $m_time_b : $m_time_a < $m_time_b;
 
 
 
 
 
 
 
 
 
 
 
 
178
  }
179
 
180
+ switch ($sort_by) {
181
+ case 'name':
182
+ natcasesort($file_names);
183
+ if ($sort_order == 'desc') {
184
+ $file_names = array_reverse($file_names);
185
+ }
186
+ break;
187
+ case 'size':
188
+ usort($file_names, 'sort_by_size');
189
+ break;
190
+ case 'date_modified':
191
+ usort($file_names, 'sort_by_date');
192
+ break;
193
  }
194
+ return $file_names;
195
+ }
196
+
197
+ private function is_img($file_type) {
198
+ switch ($file_type) {
199
+ case 'jpg':
200
+ case 'jpeg':
201
+ case 'png':
202
+ case 'bmp':
203
+ case 'gif':
204
+ return true;
205
+ break;
206
+ }
207
+ return false;
208
+ }
209
+ }
filemanager/view.php CHANGED
@@ -190,7 +190,7 @@ class FilemanagerView {
190
  </div>
191
  <div id="explorer_body_wrapper">
192
  <div id="explorer_body_container">
193
- <div id="explorer_body" data-files_count="<?php echo $file_manager_data["files_count"];?>">
194
  <?php
195
  foreach ($file_manager_data['files'] as $key => $file) {
196
  $file['name'] = esc_html($file['name']);
190
  </div>
191
  <div id="explorer_body_wrapper">
192
  <div id="explorer_body_container">
193
+ <div id="explorer_body" data-files_count="<?php echo $file_manager_data["files_count"]; ?>">
194
  <?php
195
  foreach ($file_manager_data['files'] as $key => $file) {
196
  $file['name'] = esc_html($file['name']);
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
- === Slider by WD Responsive Slider for WordPress ===
2
  Contributors: webdorado
3
  Donate link: https://web-dorado.com/products/wordpress-slider-plugin.html
4
  Tags: responsive slider, slider, slideshow, wordpress slider, image slider, gallery slider, images slider, Photo Slider, post slider, slider plugin
5
  Requires at least: 3.4
6
- Tested up to: 4.7
7
- Stable tag: 1.1.81
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -129,6 +129,9 @@ After downloading the ZIP file of the slider plugin,
129
 
130
  == Changelog ==
131
 
 
 
 
132
  = 1.1.81 =
133
  * Fixed: Uninstall.
134
  * Fixed: Youtube video autoplay in some case.
1
+ === Slider by WD - Responsive Slider for WordPress ===
2
  Contributors: webdorado
3
  Donate link: https://web-dorado.com/products/wordpress-slider-plugin.html
4
  Tags: responsive slider, slider, slideshow, wordpress slider, image slider, gallery slider, images slider, Photo Slider, post slider, slider plugin
5
  Requires at least: 3.4
6
+ Tested up to: 4.8
7
+ Stable tag: 1.1.82
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
129
 
130
  == Changelog ==
131
 
132
+ = 1.1.82 =
133
+ * Fixed: Security issue in filemanager.
134
+
135
  = 1.1.81 =
136
  * Fixed: Uninstall.
137
  * Fixed: Youtube video autoplay in some case.
slider-wd.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Slider WD
5
  * Plugin URI: https://web-dorado.com/products/wordpress-slider-plugin.html
6
  * Description: This is a responsive plugin, which allows adding sliders to your posts/pages and to custom location. It uses large number of transition effects and supports various types of layers.
7
- * Version: 1.1.81
8
  * Author: WebDorado
9
  * Author URI: https://web-dorado.com/
10
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
@@ -14,7 +14,7 @@ define('WD_S_NAME', plugin_basename(dirname(__FILE__)));
14
  define('WD_S_DIR', WP_PLUGIN_DIR . "/" . WD_S_NAME);
15
  define('WD_S_URL', plugins_url(WD_S_NAME));
16
 
17
- define('WD_S_VERSION', '1.1.81');
18
 
19
  function wds_use_home_url() {
20
  $home_url = str_replace("http://", "", home_url());
4
  * Plugin Name: Slider WD
5
  * Plugin URI: https://web-dorado.com/products/wordpress-slider-plugin.html
6
  * Description: This is a responsive plugin, which allows adding sliders to your posts/pages and to custom location. It uses large number of transition effects and supports various types of layers.
7
+ * Version: 1.1.82
8
  * Author: WebDorado
9
  * Author URI: https://web-dorado.com/
10
  * License: GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
14
  define('WD_S_DIR', WP_PLUGIN_DIR . "/" . WD_S_NAME);
15
  define('WD_S_URL', plugins_url(WD_S_NAME));
16
 
17
+ define('WD_S_VERSION', '1.1.82');
18
 
19
  function wds_use_home_url() {
20
  $home_url = str_replace("http://", "", home_url());