WP Extra File Types - Version 0.5.1

Version Description

security optimizations
code optimizations

Release Info

Developer	davide.airaghi
Plugin	WP Extra File Types
Version	0.5.1
Comparing to
See all releases

Code changes from version 0.5 to 0.5.1

Files changed (4) hide show

get-mime.php +9 -2
languages.php +6 -6
readme.txt +5 -1
wp-extra-file-types.php +55 -28

get-mime.php CHANGED Viewed

	@@ -1,5 +1,12 @@
1	<?php
2







3	$url = 'https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types';
4
5	$ch = curl_init();
	@@ -172,13 +179,13 @@ foreach ($apache as $ext=>$dati) {
172	}
173	}
174
175	- function ~~doSort~~($a,$b) {
176	if ($a->application < $b->application) return -1;
177	if ($a->application > $b->application) return +1;
178	return 0;
179	}
180
181	- usort($array,'~~doSort~~');
182
183	// print_r($array);die;
184


1	<?php
2
3	+ // check if we are called by command line
4	+ // this tool should to be executed only as as information generator, it's not used directly by the plugin
5	+ $sapi = php_sapi_name();
6	+ if (stripos($sapi,'cli') === false) {
7	+ exit;
8	+ }
9	+
10	$url = 'https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types';
11
12	$ch = curl_init();

179	}
180	}
181
182	+ function WPEFT_doSort($a,$b) {
183	if ($a->application < $b->application) return -1;
184	if ($a->application > $b->application) return +1;
185	return 0;
186	}
187
188	+ usort($array,'WPEFT_doSort');
189
190	// print_r($array);die;
191

languages.php CHANGED Viewed

	@@ -12,11 +12,11 @@ $wpeft_lang=array(
12	'REQUIRED' => 'Required Field',
13	'MSG_REQUIREDS' => 'Custom File Types: all fields required',
14	'TEXT_NO_STRICT' => 'Check only file extensions',
15	- 'TEXT_NO_STRICT_1' => '~~<i>~~to be used ~~<u>~~only~~</u>~~ if you are unable to upload files you have enabled by selecting their type~~</i>~~',
16	'TEXT_SKIP_WP' => 'Skip WordPress checks',
17	- 'TEXT_SKIP_WP_1' => '~~<i>~~to be used ~~<u>~~only~~</u>~~ if you want to manage all the file types by yourself, skipping internal WordPress lists and checks~~</i>~~',
18	'TEXT_GF_HACK' => 'Enable experimental workaround for GravityForms',
19	- 'TEXT_GF_HACK_1' => '~~<i>~~override standard behaviour - ~~<em>~~Beta version~~</em>~~ - WP-Extra-File-Types has been developed to integrate only with Wordpress Media Library~~</i>~~'
20	),
21	'it-IT'=> array(
22	'ADMIN_PAGE_TITLE' => 'Tipi di file aggiuntivi',
	@@ -29,11 +29,11 @@ $wpeft_lang=array(
29	'REQUIRED' => 'Campo obbligatorio',
30	'MSG_REQUIREDS' => 'Altri tipi di file: tutti i campi sono obbligatori',
31	'TEXT_NO_STRICT' => 'Controlla solo estensione dei file',
32	- 'TEXT_NO_STRICT_1' => '~~<i>~~da usare ~~<u>~~solo~~</u>~~ se ci sono problemi con qualche file~~</i>~~',
33	'TEXT_SKIP_WP' => 'Evita controlli interni di WordPress',
34	- 'TEXT_SKIP_WP_1' => '~~<i>~~da usare ~~<u>~~solo~~</u>~~ se si vogliono gestire in totale autonomia i tipi di file, ignorando eventuali liste interne di WordPress~~</i>~~',
35	'TEXT_GF_HACK' => 'Abilita workaround sperimentale per GravityForms',
36	- 'TEXT_GF_HACK_1' => '~~<i>~~sovrascrive filtro ufficiale - ~~<em>~~Versione Beta~~</em>~~ - ufficialmente WP-Extra-File-Types funziona solo con la Media Library di Wordpress~~</i>~~'
37	)
38	);
39


12	'REQUIRED' => 'Required Field',
13	'MSG_REQUIREDS' => 'Custom File Types: all fields required',
14	'TEXT_NO_STRICT' => 'Check only file extensions',
15	+ 'TEXT_NO_STRICT_1' => 'to be used only if you are unable to upload files you have enabled by selecting their type',
16	'TEXT_SKIP_WP' => 'Skip WordPress checks',
17	+ 'TEXT_SKIP_WP_1' => 'to be used only if you want to manage all the file types by yourself, skipping internal WordPress lists and checks',
18	'TEXT_GF_HACK' => 'Enable experimental workaround for GravityForms',
19	+ 'TEXT_GF_HACK_1' => 'override standard behaviour - Beta version - WP-Extra-File-Types has been developed to integrate only with Wordpress Media Library'
20	),
21	'it-IT'=> array(
22	'ADMIN_PAGE_TITLE' => 'Tipi di file aggiuntivi',

29	'REQUIRED' => 'Campo obbligatorio',
30	'MSG_REQUIREDS' => 'Altri tipi di file: tutti i campi sono obbligatori',
31	'TEXT_NO_STRICT' => 'Controlla solo estensione dei file',
32	+ 'TEXT_NO_STRICT_1' => 'da usare solo se ci sono problemi con qualche file',
33	'TEXT_SKIP_WP' => 'Evita controlli interni di WordPress',
34	+ 'TEXT_SKIP_WP_1' => 'da usare solo se si vogliono gestire in totale autonomia i tipi di file, ignorando eventuali liste interne di WordPress',
35	'TEXT_GF_HACK' => 'Abilita workaround sperimentale per GravityForms',
36	+ 'TEXT_GF_HACK_1' => 'sovrascrive filtro ufficiale - Versione Beta - ufficialmente WP-Extra-File-Types funziona solo con la Media Library di Wordpress'
37	)
38	);
39

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: davide.airaghi
3	Tags: file type, upload, media library
4	Requires at least: 4.0
5	Tested up to: 5.8.2
6	- Stable tag: 0.5
7	License: GPLv2 or later
8	License URI: https://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -22,6 +22,10 @@ supported by the Media Library upload procedure.
22
23	== Changelog ==
24




25	= 0.5 =
26	* adapted to WP 5.8.2
27	* bug fixes


3	Tags: file type, upload, media library
4	Requires at least: 4.0
5	Tested up to: 5.8.2
6	+ Stable tag: 0.5.1
7	License: GPLv2 or later
8	License URI: https://www.gnu.org/licenses/gpl-2.0.html
9

22
23	== Changelog ==
24
25	+ = 0.5.1 =
26	+ * security optimizations
27	+ * code optimizations
28	+
29	= 0.5 =
30	* adapted to WP 5.8.2
31	* bug fixes

wp-extra-file-types.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: WP Extra File Types
4	* Description: Plugin to let you extend the list of allowed file types supported by the Wordpress Media Library.
5	* Plugin URI: http://www.airaghi.net/en/2015/01/02/wordpress-custom-mime-types/
6	- * Version: 0.5
7	* Author: Davide Airaghi
8	* Author URI: http://www.airaghi.net
9	* License: GPLv2 or later
	@@ -18,6 +18,9 @@ class WPEFT {
18	private $is_multisite = false;
19	private $types_list = false;
20



21	public function __construct() {
22	// language
23	require_once( dirname(__FILE__) . DIRECTORY_SEPARATOR . 'languages.php' );
	@@ -42,7 +45,7 @@ class WPEFT {
42
43	private function clean_ext($the_ext) {
44	$the_ext = trim($the_ext);
45	- return ~~str_replace~~(~~array~~(~~'<','>','~~)','('~~),''~~,$the_ext);
46	}
47
48	private function clean_name($name) {
	@@ -54,16 +57,29 @@ class WPEFT {
54	private function clean_mime($mime) {
55	$mime = trim($mime);
56	$mime = strtolower($mime);
57	- ~~$mime~~ ~~= preg_replace~~('#(~~[^a-zA-Z0-9.\-_/]+)#~~','~~',$mime~~);




58	return $mime;
59	}
60










61	private function token($check=false) {
62	if ($check) {
63	- $token = ~~isset~~(~~$_COOKIE[~~'wp-extra-file-types-token'~~]) ? $_COOKIE[~~'~~wp-extra-file-types-token~~'~~] : ''~~;
64	$token = strval($token);
65	- $post = ~~isset~~(~~$_POST[~~'token'~~]) ? $_POST[~~'~~token~~'~~] : ''~~;
66	- $post = strval($post);
67	$_COOKIE['wp-extra-file-types-token'] = '';
68	unset($_COOKIE['wp-extra-file-types-token']);
69	// echo $post.' * '.$token;die;
	@@ -118,7 +134,16 @@ class WPEFT {
118
119	public function admin_page() {
120	if (!current_user_can('manage_options')) { wp_die('Unauthorized'); }
121	- if (isset($_POST['do_save']) && $_POST['do_save']=='1' ~~&& $this->token(true)) {~~









122	// save !!!
123	if (!isset($_POST['ext']) \|\| !is_array($_POST['ext'])) {
124	update_option('wpeft_types','none');
	@@ -131,6 +156,7 @@ class WPEFT {
131	}
132	$array = array();
133	foreach ($_POST['ext'] as $the_ext) {

134	$the_ext = $this->clean_ext($the_ext);
135	$array[ $the_ext ] = $info['.'.$the_ext];
136	}
	@@ -142,10 +168,11 @@ class WPEFT {
142	if (isset($_POST['custom_d'])) {
143	$custom = array();
144	foreach ($_POST['custom_d'] as $k=>$description) {
145	- $description = ~~$this->clean_name~~(trim($description));

146	if ($description != '') {
147	- $ext = $this->clean_ext(trim($_POST['custom_e'][$k]));
148	- $mime = $this->clean_mime(trim($_POST['custom_m'][$k]));
149	if ($ext=='' \|\| $mime=='') { continue; }
150	if (strpos($mime,'/')===false) { $mime = 'application/octet-stream'; }
151	if (!substr($ext,0,1)=='.') { $ext = '.'.$ext; }
	@@ -239,24 +266,24 @@ class WPEFT {
239	<p><?php echo htmlentities($this->lang['TEXT_CHOOSE']);?></p>
240	<form method="post" action="options-general.php?page=wp-extra-file-types-page" name="wpeft_form" onsubmit="return checkExt()">
241	<input type="hidden" name="do_save" value="1" />
242	- <input type="hidden" name="token" value="<?php echo $token; ?>" />
243	<?php settings_fields( 'wp-extra-file-types-page' ); ?>
244	<?php do_settings_sections( 'wp-extra-file-types-page' ); ?>
245	- <table>
246	<tr>
247	- <td valign="top"><?php echo $this->lang['TEXT_NO_STRICT'];?></td>
248	<td valign="top"> </td>
249	- <td valign="top"><input type="checkbox" name="no_strict" <?php if ($nostrict) { echo 'checked="checked" '; } ?>> <?php echo $this->lang['TEXT_NO_STRICT_1'];?></td>
250	</tr>
251	<tr>
252	- <td valign="top"><?php echo $this->lang['TEXT_SKIP_WP'];?></td>
253	<td valign="top"> </td>
254	- <td valign="top"><input type="checkbox" name="no_wp" <?php if ($nowp) { echo 'checked="checked" '; } ?>> <?php echo $this->lang['TEXT_SKIP_WP_1'];?></td>
255	</tr>
256	<tr>
257	- <td valign="top"><?php echo $this->lang['TEXT_GF_HACK'];?></td>
258	<td valign="top"> </td>
259	- <td valign="top"><input type="checkbox" name="gf_hack" <?php if ($gf_hack) { echo 'checked="checked" '; } ?>> <?php echo $this->lang['TEXT_GF_HACK_1'];?></td>
260	</tr>
261	<tr>
262	<td colspan="3">
	@@ -274,10 +301,10 @@ class WPEFT {
274	if (''==$ext0) { continue; }
275	?>
276	<tr class="<?php echo $class;?>">
277	- <td valign="top"><?php echo $type->application;?></td>
278	- <td valign="top"><?php echo $ext;?></td>
279	<td valign="top">
280	- <input type="checkbox" name="ext[]" value="<?php echo $ext0;?>" <?php if (in_array($ext0,$exts)) echo 'checked="checked"'; ?> >
281	</td>
282	</tr>
283	<?php
	@@ -296,7 +323,7 @@ class WPEFT {
296	for (i=0;i<m;i++) {
297	el = els[i];
298	if (el.name.match(/^custom\_/) && el.value=='') {
299	- alert("<?php echo ~~str_replace~~(~~'"','',$~~this->lang['MSG_REQUIREDS']); ?>");
300	return false;
301	}
302	}
	@@ -331,18 +358,18 @@ class WPEFT {
331	x.parentNode.removeChild(x);
332	}
333	</script>
334	- <p><b><?php echo ~~htmlentities~~($this->lang['ADD_EXTRAS']); ?></b> <input type="button" value="+" onclick="addExt('','','',true)" /></p>
335	<table id="wpeft_ext_table" border="1">
336	<tr>
337	- <td><?php echo ~~htmlentities~~($this->lang['DESCRIPTION']); ?> (*)</td>
338	- <td><?php echo ~~htmlentities~~($this->lang['EXTENSION']); ?> (*)</td>
339	- <td><?php echo ~~htmlentities~~($this->lang['MIME_TYPE']); ?> (*)</td>
340	<td> </td>
341	</tr>
342	</table>
343	- (*) <?php echo ~~htmlentities~~($this->lang['REQUIRED']); ?><br><br>
344	<?php foreach ($custom as $element) { ?>
345	- <script>addExt("<?php echo ~~str_replace~~(~~'"','',$~~element['description']); ?>","<?php echo ~~str_replace~~(~~'"','',$~~element['extension']); ?>","<?php echo ~~str_replace~~(~~'"','',$~~element['mime']);?>");</script>
346	<?php } ?>
347	<?php submit_button(); ?>
348	</form>


3	* Plugin Name: WP Extra File Types
4	* Description: Plugin to let you extend the list of allowed file types supported by the Wordpress Media Library.
5	* Plugin URI: http://www.airaghi.net/en/2015/01/02/wordpress-custom-mime-types/
6	+ * Version: 0.5.1
7	* Author: Davide Airaghi
8	* Author URI: http://www.airaghi.net
9	* License: GPLv2 or later

18	private $is_multisite = false;
19	private $types_list = false;
20
21	+ const NONCE_FIELD = '_wpnonce';
22	+ const NONCE_ACTION = 'wp-extra-file-types-page-options';
23	+
24	public function __construct() {
25	// language
26	require_once( dirname(__FILE__) . DIRECTORY_SEPARATOR . 'languages.php' );

45
46	private function clean_ext($the_ext) {
47	$the_ext = trim($the_ext);
48	+ return preg_replace('#([^a-zA-Z0-9_.\-]+)#','',$the_ext);
49	}
50
51	private function clean_name($name) {

57	private function clean_mime($mime) {
58	$mime = trim($mime);
59	$mime = strtolower($mime);
60	+ if (function_exists('sanitize_mime_type')) {
61	+ $mime = sanitize_mime_type($mime);
62	+ } else {
63	+ $mime = preg_replace('#([^a-zA-Z0-9.\-_/]+)#','',$mime);
64	+ }
65	return $mime;
66	}
67
68	+ private function getPost($name,$val='') {
69	+ $val = isset($_POST[$name]) ? sanitize_text_field($_POST[$name]) : sanitize_text_field($val);
70	+ return $val;
71	+ }
72	+
73	+ private function getCookie($name,$val='') {
74	+ $val = isset($_COOKIE[$name]) ? sanitize_text_field($_COOKIE[$name]) : sanitize_text_field($val);
75	+ return $val;
76	+ }
77	+
78	private function token($check=false) {
79	if ($check) {
80	+ $token = $this->getCookie('wp-extra-file-types-token','');
81	$token = strval($token);
82	+ $post = $this->getPost('token','');

83	$_COOKIE['wp-extra-file-types-token'] = '';
84	unset($_COOKIE['wp-extra-file-types-token']);
85	// echo $post.' * '.$token;die;

134
135	public function admin_page() {
136	if (!current_user_can('manage_options')) { wp_die('Unauthorized'); }
137	+ $ok_do_save = isset($_POST['do_save']) && $_POST['do_save']=='1';
138	+ $ok_token = false;
139	+ $ok_nonce = false;
140	+ if ($ok_do_save) {
141	+ $ok_token = $this->token(true);
142	+ $nonce = isset($_REQUEST[self::NONCE_FIELD]) ? $_REQUEST[self::NONCE_FIELD] : '';
143	+ $ok_nonce = wp_verify_nonce( $nonce , self::NONCE_ACTION);
144	+ // echo '<pre>'; print_r($_REQUEST); echo ' \| '.intval($ok_do_save).' * '.intval($ok_token).' * '.intval($ok_nonce).' * '.$nonce.' \| ';die;
145	+ }
146	+ if ($ok_do_save && $ok_token && $ok_nonce) {
147	// save !!!
148	if (!isset($_POST['ext']) \|\| !is_array($_POST['ext'])) {
149	update_option('wpeft_types','none');

156	}
157	$array = array();
158	foreach ($_POST['ext'] as $the_ext) {
159	+ $the_ext = sanitize_text_field($the_ext);
160	$the_ext = $this->clean_ext($the_ext);
161	$array[ $the_ext ] = $info['.'.$the_ext];
162	}

168	if (isset($_POST['custom_d'])) {
169	$custom = array();
170	foreach ($_POST['custom_d'] as $k=>$description) {
171	+ $description = sanitize_text_field(trim($description));
172	+ $description = $this->clean_name($description);
173	if ($description != '') {
174	+ $ext = $this->clean_ext(sanitize_text_field(trim($_POST['custom_e'][$k])));
175	+ $mime = $this->clean_mime(sanitize_text_field(trim($_POST['custom_m'][$k])));
176	if ($ext=='' \|\| $mime=='') { continue; }
177	if (strpos($mime,'/')===false) { $mime = 'application/octet-stream'; }
178	if (!substr($ext,0,1)=='.') { $ext = '.'.$ext; }

266	<p><?php echo htmlentities($this->lang['TEXT_CHOOSE']);?></p>
267	<form method="post" action="options-general.php?page=wp-extra-file-types-page" name="wpeft_form" onsubmit="return checkExt()">
268	<input type="hidden" name="do_save" value="1" />
269	+ <input type="hidden" name="token" value="<?php echo esc_attr($token); ?>" />
270	<?php settings_fields( 'wp-extra-file-types-page' ); ?>
271	<?php do_settings_sections( 'wp-extra-file-types-page' ); ?>
272	+ <table>
273	<tr>
274	+ <td valign="top"><?php echo esc_html($this->lang['TEXT_NO_STRICT']);?></td>
275	<td valign="top"> </td>
276	+ <td valign="top"><input type="checkbox" name="no_strict" <?php if ($nostrict) { echo 'checked="checked" '; } ?>> <?php echo esc_html($this->lang['TEXT_NO_STRICT_1']);?></td>
277	</tr>
278	<tr>
279	+ <td valign="top"><?php echo esc_html($this->lang['TEXT_SKIP_WP']);?></td>
280	<td valign="top"> </td>
281	+ <td valign="top"><input type="checkbox" name="no_wp" <?php if ($nowp) { echo 'checked="checked" '; } ?>> <?php echo esc_html($this->lang['TEXT_SKIP_WP_1']);?></td>
282	</tr>
283	<tr>
284	+ <td valign="top"><?php echo esc_html($this->lang['TEXT_GF_HACK']);?></td>
285	<td valign="top"> </td>
286	+ <td valign="top"><input type="checkbox" name="gf_hack" <?php if ($gf_hack) { echo 'checked="checked" '; } ?>> <?php echo esc_html($this->lang['TEXT_GF_HACK_1']);?></td>
287	</tr>
288	<tr>
289	<td colspan="3">

301	if (''==$ext0) { continue; }
302	?>
303	<tr class="<?php echo $class;?>">
304	+ <td valign="top"><?php echo esc_html($type->application);?></td>
305	+ <td valign="top"><?php echo esc_html($ext);?></td>
306	<td valign="top">
307	+ <input type="checkbox" name="ext[]" value="<?php echo esc_attr($ext0);?>" <?php if (in_array($ext0,$exts)) echo 'checked="checked"'; ?> >
308	</td>
309	</tr>
310	<?php

323	for (i=0;i<m;i++) {
324	el = els[i];
325	if (el.name.match(/^custom\_/) && el.value=='') {
326	+ alert('<?php echo esc_js($this->lang['MSG_REQUIREDS']); ?>');
327	return false;
328	}
329	}

358	x.parentNode.removeChild(x);
359	}
360	</script>
361	+ <p><b><?php echo esc_html($this->lang['ADD_EXTRAS']); ?></b> <input type="button" value="+" onclick="addExt('','','',true)" /></p>
362	<table id="wpeft_ext_table" border="1">
363	<tr>
364	+ <td><?php echo esc_html($this->lang['DESCRIPTION']); ?> (*)</td>
365	+ <td><?php echo esc_html($this->lang['EXTENSION']); ?> (*)</td>
366	+ <td><?php echo esc_html($this->lang['MIME_TYPE']); ?> (*)</td>
367	<td> </td>
368	</tr>
369	</table>
370	+ (*) <?php echo esc_html($this->lang['REQUIRED']); ?><br><br>
371	<?php foreach ($custom as $element) { ?>
372	+ <script>addExt('<?php echo esc_js($element['description']); ?>','<?php echo esc_js($element['extension']); ?>','<?php echo esc_js($element['mime']);?>');</script>
373	<?php } ?>
374	<?php submit_button(); ?>
375	</form>