WordPress File Upload - Version 2.5.0

Version Description

major redesign of upload algorithm to address upload issues with Safari for Mac and Firefox
files are first checked by server before actually uploaded, in order to avoid uploading of large files that are invalid
modifications to progress bar code to make progress bar smoother
restrict upload of .php files for security reasons
fixed bug not showing correctly userdata fields inside email notifications when using ampersand or other special characters in userdata fields

Release Info

Developer	nickboss
Plugin	WordPress File Upload
Version	2.5.0
Comparing to
See all releases

Code changes from version 2.4.6 to 2.5.0

Files changed (7) hide show

js/wordpress_file_upload_functions.js +139 -39
lib/wfu_admin.php +15 -0
lib/wfu_ajaxactions.php +8 -2
lib/wfu_functions.php +54 -2
lib/wfu_processfiles.php +59 -14
readme.txt +11 -1
wordpress_file_upload.php +2 -2

js/wordpress_file_upload_functions.js CHANGED Viewed

	@@ -43,6 +43,8 @@ function wfu_Check_Browser_Capabilities() {
43	wfu_BrowserCaps.supportsDRAGDROP = (window.FileReader);
44	//check animation
45	wfu_BrowserCaps.supportsAnimation = wfu_check_animation();


46	}
47
48	//wfu_check_animation: function that checks if CSS3 animation is supported
	@@ -314,23 +316,42 @@ function wfu_loadStart(evt) {
314	}
315
316	//wfu_uploadProgress: function to update progress bar
317	- function wfu_uploadProgress(evt) {
318	- ~~var~~ ~~sid~~ = this.xhr~~.shortcode_id;~~




319	var percentComplete = 0;

320	var simplebar = document.getElementById('progressbar_' + sid + '_animation');
321	if (evt.lengthComputable) {
322	- ~~if (this~~.~~xhr.size~~ ~~!= evt.total && evt.total > 0) this.xhr.size~~ = evt.~~total~~;








323	if (simplebar) {
324	var total = 0;
325	var totalloaded = 0;
326	- ~~for (~~var i = ~~0; i < GlobalData~~[~~sid~~]~~.xhrs.length~~; ~~i++) {~~
327	- ~~total~~ += GlobalData[sid].xhrs~~[i]~~.~~size~~;






328	totalloaded += GlobalData[sid].xhrs[i].sizeloaded;
329	- }
330	- percentComplete = Math.round((totalloaded ~~+ evt.loaded - this.xhr.sizeloaded)~~ * 100 / total);
331	simplebar.style.width = percentComplete.toString() + '%';
332	}
333	- ~~this~~.~~xhr.~~sizeloaded = evt.loaded;
334	}
335	else {
336	if (simplebar) simplebar.style.width = '0%';
	@@ -409,7 +430,7 @@ function wfu_send_email_notification(sid, unique_id, params_index, session_token
409	for (var i = 0; i < userdata_count; i++) {
410	params[7 + i] = new Array(2);
411	params[7 + i][0] = 'userdata_' + i;
412	- params[7 + i][1] = document.getElementById('hiddeninput_' + sid + '_userdata_' + i).value;
413	}
414
415	var parameters = '';
	@@ -462,33 +483,46 @@ function wfu_uploadComplete(evt) {
462	var last = false;
463	var upload_params = "";
464	var safe_params = "";

465	var debug_data = "";
466	var success_txt = "wfu_fileupload_success:";
467	var result_data = evt.target.responseText;

468	if (evt.target.responseText != -1) {
469	var txt = evt.target.responseText;
470	var pos = txt.indexOf(success_txt);
471	if ( pos > -1 ) {

472	if (this.debugmode == "true") debug_data = txt.substr(0, pos);
473	result_data = txt.substr(pos + success_txt.length);
474	pos = result_data.indexOf(":");
475	safe_params = result_data.substr(0, pos);
476	upload_params = result_data.substr(pos + 1);
477	}

478	if (debug_data != "") {
479	var title = "";
480	if (this.requesttype == "fileupload") title = ' - File: ' + this.file_id;
481	else if (this.requesttype == "email") title = ' - Email Notification';
482	debug_data = wfu_format_debug_data(debug_data, title);
483	}









484	}
485	-
486	if (upload_params == "" \|\| safe_params == "") {
487	var error_colors = this.fail_colors.split(",");
488	var Params = wfu_Initialize_Params();
489	Params.general.shortcode_id = sid;
490	Params.general.unique_id = this.unique_id;
491	- Params.general.state = 7;
492	Params.general.files_count = (this.requesttype == "fileupload") ? 1 : 0;
493	Params.general.upload_finish_time = this.finish_time;
494	Params.general.fail_message = GlobalData.consts.message_unknown;
	@@ -499,6 +533,7 @@ function wfu_uploadComplete(evt) {
499	Params[0]['bgcolor'] = error_colors[1];
500	Params[0]['borcolor'] = error_colors[2];
501	Params[0]['message_type'] = "error";

502	Params[0]['header'] = this.error_message_header;
503	Params[0]['message'] = GlobalData.consts.message_timelimit;
504	Params[0]['admin_messages'] = this.is_admin == "true" ? GlobalData.consts.message_admin_timelimit : "";
	@@ -515,7 +550,9 @@ function wfu_uploadComplete(evt) {
515	else Params.general.admin_messages.other = this.is_admin == "true" ? Params.general.fail_admin_message : "";
516	}
517	}
518	- ~~// note that upload_params is passed as object, so no need to pass a safe_output string~~


519	last = wfu_ProcessUploadComplete(sid, this.file_id, Params, this.unique_id, this.params_index, this.session_token, "", [this.debugmode, debug_data, this.is_admin]);
520	}
521	else {
	@@ -526,11 +563,13 @@ function wfu_uploadComplete(evt) {
526	wfu_hide_simple_progressbar(sid);
527	wfu_clear(evt.target.shortcode_id);
528	}


529	}
530
531	- //wfu_ProcessUploadComplete: function to perform actions after successfull upload
532	function wfu_ProcessUploadComplete(sid, file_id, upload_params, unique_id, params_index, session_token, safe_output, debug_data) {
533	- //initial checks to process or not the data
534	if (!sid \|\| sid < 0) return;
535	if (upload_params == null \|\| upload_params == "") return;
536	if (unique_id == "") return;
	@@ -539,6 +578,7 @@ function wfu_ProcessUploadComplete(sid, file_id, upload_params, unique_id, param
539	var do_redirect = false;
540
541	if (typeof upload_params === "string") {

542	upload_params = wfu_plugin_decode_string(upload_params.replace(/^\s+\|\s+$/g,""));
543	var Params = null;
544	try { Params = JSON.parse(upload_params); }
	@@ -582,6 +622,7 @@ function wfu_ProcessUploadComplete(sid, file_id, upload_params, unique_id, param
582	var message_table = document.getElementById('wfu_messageblock_' + sid);
583
584	// initialize UploadStates object, if not already initialized and if message box is activated

585	var UploadStates_Ok = true;
586	if (!UploadStates[sid] && message_table) {
587	var upload_states = document.getElementById('wfu_messageblock_header_' + sid + '_states').value;
	@@ -1046,23 +1087,34 @@ function wfu_HTML5UploadFile(sid, JSONtext, session_token) {
1046	}
1047
1048	function wfu_HTML5UploadFile_cont(sid, JSONobj, session_token, other_params) {
1049	- function sendfile~~(ind,~~ file) {



1050	// initialise AJAX and FormData objects
1051	var xhr = wfu_GetHttpRequestObject();
1052	- if ~~(xhr~~ == ~~null~~) ~~return~~;

1053	var fd = null;

1054	try {
1055	var fd = new FormData();

1056	}
1057	catch(e) {}
1058	- if (fd == null) return;
1059
1060	// define POST parameters
1061	- fd.append("uploadedfile_" + sid + suffice, file);



1062	fd.append("action", "wfu_ajax_action");
1063	fd.append("uniqueuploadid_" + sid, unique_upload_id);
1064	fd.append("params_index", JSONobj.params_index);
1065	fd.append("subdir_sel_index", subdir_sel_index);


1066	fd.append("session_token", session_token);
1067	fd.append("unique_id", rand_str);
1068	var userdata_count = wfu_get_userdata_count(sid);
	@@ -1070,12 +1122,19 @@ function wfu_HTML5UploadFile_cont(sid, JSONobj, session_token, other_params) {
1070	fd.append("hiddeninput_" + sid + "_userdata_" + ii, document.getElementById('hiddeninput_' + sid + '_userdata_' + ii).value);
1071
1072	// define variables
1073	- GlobalData[sid].xhrs.push(xhr);
1074	var d = new Date();
1075	xhr.shortcode_id = sid;
1076	xhr.requesttype = "fileupload";
1077	xhr.file_id = ind + 1;
1078	- ~~xhr.size~~ = ~~file.size;~~







1079	xhr.sizeloaded = 0;
1080	xhr.unique_id = rand_str;
1081	xhr.params_index = JSONobj.params_index;
	@@ -1087,27 +1146,67 @@ function wfu_HTML5UploadFile_cont(sid, JSONobj, session_token, other_params) {
1087	// xhr.error_message_header = GlobalData.consts.message_header.replace(/%username%/g, "no data");
1088	xhr.error_message_header = JSONobj.error_header.replace(/%username%/g, "no data");
1089	xhr.error_message_header = xhr.error_message_header.replace(/%useremail%/g, "no data");
1090	- xhr.error_message_header = xhr.error_message_header.replace(/%filename%/g, ~~file~~.name);
1091	- xhr.error_message_header = xhr.error_message_header.replace(/%filepath%/g, ~~file~~.name);
1092	xhr.error_message_failed = GlobalData.consts.message_failed;
1093	xhr.error_message_cancelled = GlobalData.consts.message_cancelled;
1094	xhr.error_adminmessage_unknown = GlobalData.consts.adminmessage_unknown.replace(/%username%/g, "no data");
1095	xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%useremail%/g, "no data");
1096	- xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%filename%/g, ~~file~~.name);
1097	- xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%filepath%/g, ~~file~~.name);
1098	-
1099	- ~~xhr.upload.xhr~~ = ~~xhr;~~
1100	-
1101	- // ~~event listeners~~
1102	- ~~xhr~~.~~upload.addEventListener~~("~~loadstart~~", ~~wfu_loadStart, false~~);
1103	- ~~xhr~~.~~upload.addEventListener~~("~~progress~~", ~~wfu_uploadProgress, false~~);
1104	- ~~xhr~~.~~addEventListener~~("~~load~~", ~~wfu_uploadComplete, false~~);
1105	- ~~xhr~~.~~addEventListener~~("~~error~~", ~~wfu_uploadFailed~~, false);
1106	- ~~xhr~~.~~addEventListener~~(~~"abort", wfu_uploadCanceled, false~~);
1107	-
1108	- ~~xhr.open("POST", GlobalData.consts.ajax_url);~~
1109	- ~~xhr.send~~(fd);






























1110	inc ++;










1111	}
1112	// get index of subdirectory if subdirectory dropdown list is activated
1113	var subdir_sel_index = -1;
	@@ -1158,9 +1257,10 @@ function wfu_HTML5UploadFile_cont(sid, JSONobj, session_token, other_params) {
1158	wfu_ProcessUploadComplete(sid, 0, Params, rand_str, JSONobj.params_index, session_token, "", ["false", "", "false"]);
1159
1160	var inc = 0;
1161	- ~~for (~~var i = 0; ~~i < farr.length; i++) {~~
1162	- ~~sendfile(~~i, ~~farr[i])~~;
1163	- }

1164	}
1165
1166	//wfu_get_userdata_count: get number of userdata fields


43	wfu_BrowserCaps.supportsDRAGDROP = (window.FileReader);
44	//check animation
45	wfu_BrowserCaps.supportsAnimation = wfu_check_animation();
46	+ //check if browser is Safari
47	+ wfu_BrowserCaps.isSafari = (navigator.userAgent.indexOf('Safari') != -1 && navigator.userAgent.indexOf('Chrome') == -1);
48	}
49
50	//wfu_check_animation: function that checks if CSS3 animation is supported

316	}
317
318	//wfu_uploadProgress: function to update progress bar
319	+ function wfu_uploadProgress(evt, sid, xhrid, debugmode) {
320	+ if (debugmode && typeof this.xhr == "undefined") {
321	+ console.log("total="+evt.total+", loaded="+evt.loaded);
322	+ console.log(this);
323	+ }
324	+ var this_xhr = GlobalData[sid].xhrs[xhrid];
325	var percentComplete = 0;
326	+ var delta = 0;
327	var simplebar = document.getElementById('progressbar_' + sid + '_animation');
328	if (evt.lengthComputable) {
329	+ this_xhr.sizeloaded = evt.loaded;
330	+ if (this_xhr.size < evt.total && evt.total > 0) {
331	+ delta = evt.total - this_xhr.size;
332	+ this_xhr.size += delta;
333	+ for (var i = 0; i < GlobalData[sid].xhrs.length; i++)
334	+ if (GlobalData[sid].xhrs[i].file_id == this_xhr.file_id) {
335	+ GlobalData[sid].xhrs[i].totalsize += delta;
336	+ }
337	+ }
338	if (simplebar) {
339	var total = 0;
340	var totalloaded = 0;
341	+ var totals = [];
342	+ for (var i = 0; i < GlobalData[sid].xhrs.length; i++)
343	+ totals[GlobalData[sid].xhrs[i].file_id] = 0;
344	+ for (var i = 0; i < GlobalData[sid].xhrs.length; i++)
345	+ totals[GlobalData[sid].xhrs[i].file_id] = Math.max(GlobalData[sid].xhrs[i].totalsize, totals[GlobalData[sid].xhrs[i].file_id]);
346	+ for (var i = 0; i < totals.length; i++)
347	+ if (typeof totals[i] != "undefined") total += totals[i];
348	+ for (var i = 0; i < GlobalData[sid].xhrs.length; i++)
349	totalloaded += GlobalData[sid].xhrs[i].sizeloaded;
350	+ // percentComplete = Math.round((totalloaded + evt.loaded - this_xhr.sizeloaded) * 100 / total);
351	+ percentComplete = Math.round(totalloaded * 100 / total);
352	simplebar.style.width = percentComplete.toString() + '%';
353	}
354	+ // this_xhr.sizeloaded = evt.loaded;
355	}
356	else {
357	if (simplebar) simplebar.style.width = '0%';

430	for (var i = 0; i < userdata_count; i++) {
431	params[7 + i] = new Array(2);
432	params[7 + i][0] = 'userdata_' + i;
433	+ params[7 + i][1] = wfu_plugin_encode_string(document.getElementById('hiddeninput_' + sid + '_userdata_' + i).value);
434	}
435
436	var parameters = '';

483	var last = false;
484	var upload_params = "";
485	var safe_params = "";
486	+ var file_status = "unknown";
487	var debug_data = "";
488	var success_txt = "wfu_fileupload_success:";
489	var result_data = evt.target.responseText;
490	+ //process response from server
491	if (evt.target.responseText != -1) {
492	var txt = evt.target.responseText;
493	var pos = txt.indexOf(success_txt);
494	if ( pos > -1 ) {
495	+ //extract parts of response text
496	if (this.debugmode == "true") debug_data = txt.substr(0, pos);
497	result_data = txt.substr(pos + success_txt.length);
498	pos = result_data.indexOf(":");
499	safe_params = result_data.substr(0, pos);
500	upload_params = result_data.substr(pos + 1);
501	}
502	+ //format debug data, if they exist
503	if (debug_data != "") {
504	var title = "";
505	if (this.requesttype == "fileupload") title = ' - File: ' + this.file_id;
506	else if (this.requesttype == "email") title = ' - Email Notification';
507	debug_data = wfu_format_debug_data(debug_data, title);
508	}
509	+ //extract file status from safe params if they exist
510	+ if (safe_params != "") {
511	+ var safe_parts = safe_params.split(";");
512	+ //for ajax uploads there should be only one file processed each time
513	+ if (parseInt(safe_parts[2]) == 1) {
514	+ var filedata = safe_parts[3].split(",");
515	+ file_status = wfu_plugin_decode_string(filedata[0]);
516	+ }
517	+ }
518	}
519	+ //if the response text does not contain upload data then fill the Params structure with the minimum required error info
520	if (upload_params == "" \|\| safe_params == "") {
521	var error_colors = this.fail_colors.split(",");
522	var Params = wfu_Initialize_Params();
523	Params.general.shortcode_id = sid;
524	Params.general.unique_id = this.unique_id;
525	+ Params.general.state = 7; //it indicates that no files were uploaded
526	Params.general.files_count = (this.requesttype == "fileupload") ? 1 : 0;
527	Params.general.upload_finish_time = this.finish_time;
528	Params.general.fail_message = GlobalData.consts.message_unknown;

533	Params[0]['bgcolor'] = error_colors[1];
534	Params[0]['borcolor'] = error_colors[2];
535	Params[0]['message_type'] = "error";
536	+ file_status = "error";
537	Params[0]['header'] = this.error_message_header;
538	Params[0]['message'] = GlobalData.consts.message_timelimit;
539	Params[0]['admin_messages'] = this.is_admin == "true" ? GlobalData.consts.message_admin_timelimit : "";

550	else Params.general.admin_messages.other = this.is_admin == "true" ? Params.general.fail_admin_message : "";
551	}
552	}
553	+ }
554	+ if (upload_params == "" \|\| safe_params == "") {
555	+ // upload_params is passed as object, so no need to pass a safe_output string
556	last = wfu_ProcessUploadComplete(sid, this.file_id, Params, this.unique_id, this.params_index, this.session_token, "", [this.debugmode, debug_data, this.is_admin]);
557	}
558	else {

563	wfu_hide_simple_progressbar(sid);
564	wfu_clear(evt.target.shortcode_id);
565	}
566	+ if (evt.target.return_status)
567	+ return file_status;
568	}
569
570	+ // wfu_ProcessUploadComplete: function to perform actions after successfull upload
571	function wfu_ProcessUploadComplete(sid, file_id, upload_params, unique_id, params_index, session_token, safe_output, debug_data) {
572	+ // initial checks to process or not the data
573	if (!sid \|\| sid < 0) return;
574	if (upload_params == null \|\| upload_params == "") return;
575	if (unique_id == "") return;

578	var do_redirect = false;
579
580	if (typeof upload_params === "string") {
581	+ // if upload_params is a string, then it comes from a normal upload process and must be decoded
582	upload_params = wfu_plugin_decode_string(upload_params.replace(/^\s+\|\s+$/g,""));
583	var Params = null;
584	try { Params = JSON.parse(upload_params); }

622	var message_table = document.getElementById('wfu_messageblock_' + sid);
623
624	// initialize UploadStates object, if not already initialized and if message box is activated
625	+ // UploadStates object contain information about formatting of messages depending on upload state
626	var UploadStates_Ok = true;
627	if (!UploadStates[sid] && message_table) {
628	var upload_states = document.getElementById('wfu_messageblock_header_' + sid + '_states').value;

1087	}
1088
1089	function wfu_HTML5UploadFile_cont(sid, JSONobj, session_token, other_params) {
1090	+ //inner function sendfile sends file data to the server using ajax
1091	+ function sendfile(ind, file, only_check, force_close_connection) {
1092	+ //initialize return status, used in case of synchronous call
1093	+ ret_status = true;
1094	// initialise AJAX and FormData objects
1095	var xhr = wfu_GetHttpRequestObject();
1096	+ var xhr_close_connection = wfu_GetHttpRequestObject();
1097	+ if (xhr == null \|\| xhr_close_connection == null) return;
1098	var fd = null;
1099	+ var fd_close_connection = null;
1100	try {
1101	var fd = new FormData();
1102	+ var fd_close_connection = new FormData();
1103	}
1104	catch(e) {}
1105	+ if (fd == null \|\| fd_close_connection == null) return;
1106
1107	// define POST parameters
1108	+ if (!only_check) fd.append("uploadedfile_" + sid + suffice, file);
1109	+ fd.append("uploadedfile_" + sid + "_index", ind);
1110	+ fd.append("uploadedfile_" + sid + "_name", wfu_plugin_encode_string(farr[ind].name));
1111	+ fd.append("uploadedfile_" + sid + "_size", farr[ind].size);
1112	fd.append("action", "wfu_ajax_action");
1113	fd.append("uniqueuploadid_" + sid, unique_upload_id);
1114	fd.append("params_index", JSONobj.params_index);
1115	fd.append("subdir_sel_index", subdir_sel_index);
1116	+ if (only_check) fd.append("only_check", "1");
1117	+ else fd.append("only_check", "0");
1118	fd.append("session_token", session_token);
1119	fd.append("unique_id", rand_str);
1120	var userdata_count = wfu_get_userdata_count(sid);

1122	fd.append("hiddeninput_" + sid + "_userdata_" + ii, document.getElementById('hiddeninput_' + sid + '_userdata_' + ii).value);
1123
1124	// define variables
1125	+ var xhrid = GlobalData[sid].xhrs.push(xhr) - 1;
1126	var d = new Date();
1127	xhr.shortcode_id = sid;
1128	xhr.requesttype = "fileupload";
1129	xhr.file_id = ind + 1;
1130	+ if (only_check) {
1131	+ xhr.size = 0;
1132	+ xhr.totalsize = 0;
1133	+ }
1134	+ else {
1135	+ xhr.size = file.size;
1136	+ xhr.totalsize = farr[ind].size;
1137	+ }
1138	xhr.sizeloaded = 0;
1139	xhr.unique_id = rand_str;
1140	xhr.params_index = JSONobj.params_index;

1146	// xhr.error_message_header = GlobalData.consts.message_header.replace(/%username%/g, "no data");
1147	xhr.error_message_header = JSONobj.error_header.replace(/%username%/g, "no data");
1148	xhr.error_message_header = xhr.error_message_header.replace(/%useremail%/g, "no data");
1149	+ xhr.error_message_header = xhr.error_message_header.replace(/%filename%/g, farr[ind].name);
1150	+ xhr.error_message_header = xhr.error_message_header.replace(/%filepath%/g, farr[ind].name);
1151	xhr.error_message_failed = GlobalData.consts.message_failed;
1152	xhr.error_message_cancelled = GlobalData.consts.message_cancelled;
1153	xhr.error_adminmessage_unknown = GlobalData.consts.adminmessage_unknown.replace(/%username%/g, "no data");
1154	xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%useremail%/g, "no data");
1155	+ xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%filename%/g, farr[ind].name);
1156	+ xhr.error_adminmessage_unknown = xhr.error_adminmessage_unknown.replace(/%filepath%/g, farr[ind].name);
1157	+ //when using Safari a synchronous call must be executed before upload to close previous connection,
1158	+ //in order to address an issue of Safari with file caching
1159	+ if (force_close_connection) {
1160	+ fd_close_connection.append("action", "wfu_ajax_action");
1161	+ fd_close_connection.append("params_index", JSONobj.params_index);
1162	+ fd_close_connection.append("session_token", session_token);
1163	+ fd_close_connection.append("force_connection_close", "1");
1164	+ xhr_close_connection.open("POST", GlobalData.consts.ajax_url, false);
1165	+ xhr_close_connection.send(fd_close_connection);
1166	+ ret_status = (xhr_close_connection.responseText == "success");
1167	+ }
1168	+ if (ret_status) {
1169	+ if (!only_check) {
1170	+ xhr.upload.xhr = xhr;
1171	+ xhr.upload.dummy = 1;
1172	+ // event listeners
1173	+ xhr.upload.addEventListener("loadstart", wfu_loadStart, false);
1174	+ xhr.upload.addEventListener("progress", new Function("evt", "wfu_uploadProgress(evt, " + sid + ", " + xhrid + ", " + JSONobj.debugmode + ");"), false);
1175	+ xhr.addEventListener("load", wfu_uploadComplete, false);
1176	+ xhr.addEventListener("error", wfu_uploadFailed, false);
1177	+ xhr.addEventListener("abort", wfu_uploadCanceled, false);
1178	+
1179	+ xhr.open("POST", GlobalData.consts.ajax_url, true);
1180	+ xhr.send(fd);
1181	+ }
1182	+ else {
1183	+ xhr.addEventListener("load", function(evt) {
1184	+ evt = {target:{responseText:evt.target.responseText, shortcode_id:sid, return_status:true}};
1185	+ var file_status = wfu_uploadComplete.call(xhr, evt);
1186	+ ret_status = (file_status == "success" \|\| file_status == "warning");
1187	+ if (ret_status) {
1188	+ sendfile(ind, file, false, false);
1189	+ }
1190	+ }, false);
1191	+ xhr.open("POST", GlobalData.consts.ajax_url, true);
1192	+ xhr.send(fd);
1193	+ }
1194	+ }
1195	+ else {
1196	+ var evt = {target:{responseText:"", shortcode_id:sid}};
1197	+ wfu_uploadComplete.call(xhr, evt);
1198	+ }
1199	inc ++;
1200	+ return ret_status;
1201	+ }
1202	+ //inner function process_next_file prepares and dispatches files in a sequential manner,
1203	+ //every function is executed from its previous using timeouts in order to allow rendering
1204	+ //of graphics in between, such as progress bars
1205	+ function process_next_file() {
1206	+ sendfile(i, farr[i], true, false);
1207	+ //continue to next file, if exists
1208	+ i++;
1209	+ if(i < farr.length) setTimeout(process_next_file, 100);
1210	}
1211	// get index of subdirectory if subdirectory dropdown list is activated
1212	var subdir_sel_index = -1;

1257	wfu_ProcessUploadComplete(sid, 0, Params, rand_str, JSONobj.params_index, session_token, "", ["false", "", "false"]);
1258
1259	var inc = 0;
1260	+ var ret_status = true;
1261	+ var i = 0;
1262	+ var fprops = [];
1263	+ setTimeout(process_next_file, 100);
1264	}
1265
1266	//wfu_get_userdata_count: get number of userdata fields

lib/wfu_admin.php CHANGED Viewed

@@ -210,6 +210,21 @@ function wfu_manage_settings($message = '') {
             	$echo_str .= "\n\t\t\t\t\t\t".'<label style="font-weight:bold; cursor:default;">'.$cur_version.'</label>';
             	$echo_str .= "\n\t\t\t\t\t".'</td>';
             	$echo_str .= "\n\t\t\t\t\t".'<td style="vertical-align:top;">';
             	$echo_str .= "\n\t\t\t\t\t".'</td>';
             	$echo_str .= "\n\t\t\t\t".'</tr>';
             	$echo_str .= "\n\t\t\t".'</tbody>';


210	$echo_str .= "\n\t\t\t\t\t\t".'<label style="font-weight:bold; cursor:default;">'.$cur_version.'</label>';
211	$echo_str .= "\n\t\t\t\t\t".'</td>';
212	$echo_str .= "\n\t\t\t\t\t".'<td style="vertical-align:top;">';
213	+ $lat_version = wfu_get_latest_version();
214	+ echo $lat_version;
215	+ $ret = wfu_compare_versions($cur_version, $lat_version);
216	+ if ( $ret['status'] && $ret['result'] == 'lower' ) {
217	+ $echo_str .= "\n\t\t\t\t\t\t".'<div style="display:inline-block; background-color:bisque; padding:0 0 0 4px; border-left:3px solid lightcoral;">';
218	+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label style="cursor:default;">Version <strong>'.$lat_version.'</strong> of the plugin is available. Go to Plugins page of your Dashboard to update to the latest version.</label>';
219	+ if ( $ret['custom'] ) $echo_str .= '<label style="cursor:default; color: purple;"> <em>Please note that you are using a custom version of the plugin. If you upgrade to the newest version, custom changes will be lost.</em></label>';
220	+ $echo_str .= "\n\t\t\t\t\t\t".'</div>';
221	+ }
222	+ elseif ( $ret['status'] && $ret['result'] == 'equal' ) {
223	+ $echo_str .= "\n\t\t\t\t\t\t".'<div style="display:inline-block; background-color:rgb(220,255,220); padding:0 0 0 4px; border-left:3px solid limegreen;">';
224	+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label style="cursor:default;">You have the latest version.</label>';
225	+ if ( $ret['custom'] ) $echo_str .= '<label style="cursor:default; color: purple;"> <em>(Please note that your version is custom)</em></label>';
226	+ $echo_str .= "\n\t\t\t\t\t\t".'</div>';
227	+ }
228	$echo_str .= "\n\t\t\t\t\t".'</td>';
229	$echo_str .= "\n\t\t\t\t".'</tr>';
230	$echo_str .= "\n\t\t\t".'</tbody>';

lib/wfu_ajaxactions.php CHANGED Viewed

	@@ -43,7 +43,7 @@ function wfu_ajax_action_send_email_notification() {
43	// prepare user data
44	$userdata_fields = $params["userdata_fields"];
45	foreach ( $userdata_fields as $userdata_key => $userdata_field )
46	- $userdata_fields[$userdata_key]["value"] = ( isset($_POST['userdata_'.$userdata_key]) ? $_POST['userdata_'.$userdata_key] : "" );
47
48	$send_error = wfu_send_notification_email($user, $_POST['only_filename_list'], $_POST['target_path_list'], $_POST['attachment_list'], $userdata_fields, $params);
49
	@@ -64,7 +64,7 @@ function wfu_ajax_action_send_email_notification() {
64	function wfu_ajax_action_callback() {
65	$user = wp_get_current_user();
66	$arr = wfu_get_params_fields_from_index($_POST['params_index']);
67	- //check ~~referer~~ using server sessions to avoid CSRF attacks
68	if ( $_SESSION["wfu_token_".$arr['shortcode_id']] != $_POST['session_token'] ) {
69	echo "Session failed!<br/><br/>Session Data:<br/>";
70	print_r(wfu_sanitize($_SESSION));
	@@ -82,6 +82,12 @@ function wfu_ajax_action_callback() {
82	print_r(wfu_sanitize($arr));
83	die();
84	}






85
86	$params_str = get_option('wfu_params_'.$arr['unique_id']);
87	$params = wfu_decode_array_from_string($params_str);


43	// prepare user data
44	$userdata_fields = $params["userdata_fields"];
45	foreach ( $userdata_fields as $userdata_key => $userdata_field )
46	+ $userdata_fields[$userdata_key]["value"] = ( isset($_POST['userdata_'.$userdata_key]) ? wfu_plugin_decode_string($_POST['userdata_'.$userdata_key]) : "" );
47
48	$send_error = wfu_send_notification_email($user, $_POST['only_filename_list'], $_POST['target_path_list'], $_POST['attachment_list'], $userdata_fields, $params);
49

64	function wfu_ajax_action_callback() {
65	$user = wp_get_current_user();
66	$arr = wfu_get_params_fields_from_index($_POST['params_index']);
67	+ //check referrer using server sessions to avoid CSRF attacks
68	if ( $_SESSION["wfu_token_".$arr['shortcode_id']] != $_POST['session_token'] ) {
69	echo "Session failed!<br/><br/>Session Data:<br/>";
70	print_r(wfu_sanitize($_SESSION));

82	print_r(wfu_sanitize($arr));
83	die();
84	}
85	+
86	+ //the first pass to this callback script is for closing the previous connection_aborted
87	+ if ( $_POST["force_connection_close"] === "1" ) {
88	+ header("Connection: Close");
89	+ die("success");
90	+ }
91
92	$params_str = get_option('wfu_params_'.$arr['unique_id']);
93	$params = wfu_decode_array_from_string($params_str);

lib/wfu_functions.php CHANGED Viewed

@@ -242,6 +242,58 @@ function wfu_get_plugin_version() {
             	return $plugin_data['Version'];
+            }
             //********************* Directory Functions ************************************************************************************************
@@ -920,8 +972,8 @@ function wfu_send_notification_email($user, $only_filename_list, $target_path_li
             		array_push($search, '/%userdata'.$ind.'%/');
             		array_push($replace, $userdata_field["value"]);
+            	}
-            -
            	$notifysubject =  preg_replace($search, $replace, $params["notifysubject"]);
-            -
            	$notifymessage =  preg_replace($search, $replace, $params["notifymessage"]);
             	if ( $params["attachfile"] == "true" ) {
             		$attachments = explode(",", $attachment_list);
             		$notify_sent = wp_mail($notifyrecipients, $notifysubject, $notifymessage, $notifyheaders, $attachments);


242	return $plugin_data['Version'];
243	}
244
245	+ function wfu_get_latest_version() {
246	+ include( ABSPATH . WPINC . '/version.php' );
247	+ $plugin_name = plugin_basename( WPFILEUPLOAD_PLUGINFILE );
248	+ $plugins = array( $plugin_name => get_plugin_data(WPFILEUPLOAD_PLUGINFILE, false, false) );
249	+ $plugins[$plugin_name]['Version'] = '1.0.0';
250	+ $active = array( $plugin_name );
251	+ $to_send = (object) compact('plugins', 'active');
252	+ $options = array(
253	+ 'timeout' => 30,
254	+ 'body' => array( 'plugins' => serialize( $to_send ) ),
255	+ 'user-agent' => 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' )
256	+ );
257	+ $url = 'http://api.wordpress.org/plugins/update-check/1.0/';
258	+ $raw_response = wp_remote_post( $url, $options );
259	+ if ( is_wp_error( $raw_response ) \|\| 200 != wp_remote_retrieve_response_code( $raw_response ) ) return '';
260	+ $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
261	+ if ( false === $response ) return '';
262	+ if ( !is_array($response) ) return '';
263	+ if ( count($response) < 1 ) return '';
264	+ if ( !isset($response[$plugin_name]->new_version) ) return '';
265	+ return $response[$plugin_name]->new_version;
266	+ }
267	+
268	+ function wfu_compare_versions($current, $latest) {
269	+ $ret['status'] = true;
270	+ $ret['custom'] = false;
271	+ $ret['result'] = 'equal';
272	+ $res = preg_match('/^([0-9])\.([0-9])\.([0-9])(.)/', $current, $cur_data);
273	+ if ( !$res \|\| count($cur_data) < 5 )
274	+ return array( 'status' => false, 'custom' => false, 'result' => 'current version invalid' );
275	+ if ( $cur_data[1] == '' \|\| $cur_data[2] == '' \|\| $cur_data[3] == '' )
276	+ return array( 'status' => false, 'custom' => false, 'result' => 'current version invalid' );
277	+ $custom = ( $cur_data[4] != '' );
278	+ $res = preg_match('/^([0-9])\.([0-9])\.([0-9]*)/', $latest, $lat_data);
279	+ if ( !$res \|\| count($lat_data) < 4 )
280	+ return array( 'status' => false, 'custom' => $custom, 'result' => 'latest version invalid' );
281	+ if ( $lat_data[1] == '' \|\| $lat_data[2] == '' \|\| $lat_data[3] == '' )
282	+ return array( 'status' => false, 'custom' => $custom, 'result' => 'latest version invalid' );
283	+ if ( intval($cur_data[1]) < intval($lat_data[1]) )
284	+ return array( 'status' => true, 'custom' => $custom, 'result' => 'lower' );
285	+ elseif ( intval($cur_data[1]) > intval($lat_data[1]) )
286	+ return array( 'status' => false, 'custom' => $custom, 'result' => 'current version invalid' );
287	+ if ( intval($cur_data[2]) < intval($lat_data[2]) )
288	+ return array( 'status' => true, 'custom' => $custom, 'result' => 'lower' );
289	+ elseif ( intval($cur_data[2]) > intval($lat_data[2]) )
290	+ return array( 'status' => false, 'custom' => $custom, 'result' => 'current version invalid' );
291	+ if ( intval($cur_data[3]) < intval($lat_data[3]) )
292	+ return array( 'status' => true, 'custom' => $custom, 'result' => 'lower' );
293	+ elseif ( intval($cur_data[3]) > intval($lat_data[3]) )
294	+ return array( 'status' => false, 'custom' => $custom, 'result' => 'current version invalid' );
295	+ return array( 'status' => true, 'custom' => $custom, 'result' => 'equal' );
296	+ }
297
298	//******************* Directory Functions **********************************************************************************************
299

972	array_push($search, '/%userdata'.$ind.'%/');
973	array_push($replace, $userdata_field["value"]);
974	}
975	+ $notifysubject = preg_replace($search, $replace, $params["notifysubject"]);
976	+ $notifymessage = preg_replace($search, $replace, $params["notifymessage"]);
977	if ( $params["attachfile"] == "true" ) {
978	$attachments = explode(",", $attachment_list);
979	$notify_sent = wp_mail($notifyrecipients, $notifysubject, $notifymessage, $notifyheaders, $attachments);

lib/wfu_processfiles.php CHANGED Viewed

	@@ -14,6 +14,8 @@ function wfu_process_files($params, $method) {
14	$is_admin = current_user_can('manage_options');
15	}
16	$uniqueuploadid = ( isset($_POST['uniqueuploadid_'.$sid]) ? $_POST['uniqueuploadid_'.$sid] : "" );


17
18	$suppress_admin_messages = ( $params["adminmessages"] != "true" \|\| !$is_admin );
19	$success_count = 0;
	@@ -70,11 +72,24 @@ function wfu_process_files($params, $method) {
70	/* notify admin if this is a redirection caused because the browser of the user could not handle AJAX upload */
71	$params_output_array["general"]['admin_messages']['other'] = $params['adminerrors'];
72
73	- if ( isset($_FILES[$uploadedfile]['error']) ) {
74	- $files_count = 1;









75	}
76	else $files_count = 0;
77	$params_output_array["general"]['files_count'] = $files_count;




78
79	/* append userdata fields to upload path */
80	$search = array ( );
	@@ -108,11 +123,19 @@ function wfu_process_files($params, $method) {
108	$file_output['message_type'] = "";
109	$file_output['admin_messages'] = "";
110
111	- /* ~~generate~~ ~~unique~~ id ~~for~~ ~~each~~ ~~file~~ in ~~order~~ to ~~use~~ it in ~~filter~~ ~~actions~~ ~~for~~ ~~identifying~~ ~~each~~ ~~separate~~ file */
112	- $~~file_unique_id~~ = ~~wfu_create_random_string(20)~~;






113
114	/* Get uploaded file size in Mbytes */
115	$upload_file_size = filesize($fileprops['tmp_name']) / 1024 / 1024;


116
117	if ( $upload_file_size > 0 ) {
118
	@@ -120,19 +143,34 @@ function wfu_process_files($params, $method) {
120	any filename or userdata modifications or reject the upload of the file by setting error_message item
121	of $ret_data array to a non-empty value */
122	$filter_error_message = '';
123	- if ( $file_unique_id != '' ) {
124	$target_path = wfu_upload_plugin_full_path($params).$fileprops['name'];
125	$changable_data['file_path'] = $target_path;
126	$changable_data['user_data'] = $userdata_fields;
127	$changable_data['error_message'] = $filter_error_message;
128	$additional_data['file_unique_id'] = $file_unique_id;
129	$additional_data['file_size'] = filesize($fileprops['tmp_name']);


130	$additional_data['user_id'] = $user->ID;
131	$additional_data['page_id'] = $params["pageid"];
132	$ret_data = apply_filters('wfu_before_file_check', $changable_data, $additional_data);
133	$fileprops['name'] = str_replace(wfu_upload_plugin_full_path($params), '', $ret_data['file_path']);
134	$userdata_fields = $ret_data['user_data'];
135	$filter_error_message = $ret_data['error_message'];













136	}
137	if ( $filter_error_message != '' ) {
138	$file_output['message_type'] = "error";
	@@ -155,13 +193,14 @@ function wfu_process_files($params, $method) {
155	}
156	}
157
158	- /* File name control */
159	- ~~foreach~~ ($~~allowed_patterns~~ as ~~$allowed_pattern~~) {
160	- if ( ~~wfu_upload_plugin_wildcard_match(~~ $allowed_pattern~~, $fileprops['name']~~) ) {
161	- $~~allowed_file_ok~~ = ~~true;~~
162	- ~~break~~ ;


163	}
164	- }
165
166	/* File size control */
167	if ( $upload_file_size <= $params["maxsize"] ) {
	@@ -204,7 +243,10 @@ function wfu_process_files($params, $method) {
204	// if ( $upload_path_ok and $allowed_file_ok and $size_file_ok ) {
205	if ( $file_output['message_type'] != "error" ) {
206
207	- if ( ~~is_uploaded_file(~~$~~fileprops['tmp_name'])~~ ) {



208	$file_copied = false;
209	$message_processed = false;
210	$source_path = $fileprops['tmp_name'];
	@@ -410,8 +452,8 @@ function wfu_process_files($params, $method) {
410	/* suppress again any admin messages if user is not administrator or adminmessages is not activated */
411	if ( $suppress_admin_messages ) $file_output['admin_messages'] = "";
412
413	- /* set success status of the file, to be used for medialink */
414	- $file_finished_successfully = ( $file_output['message_type'] == "success" \|\| $file_output['message_type'] == "warning" );
415
416	$params_output_array[0] = $file_output;
417
	@@ -438,6 +480,9 @@ function wfu_process_files($params, $method) {
438	}
439	}
440



441	$somefiles_Ok = ( ( $warning_count + $success_count ) > 0 );
442	$allfiles_Ok = ( $somefiles_Ok && ( $error_count == 0 ) );
443


14	$is_admin = current_user_can('manage_options');
15	}
16	$uniqueuploadid = ( isset($_POST['uniqueuploadid_'.$sid]) ? $_POST['uniqueuploadid_'.$sid] : "" );
17	+ // determine if this routine is only for checking the file
18	+ $only_check = ( isset($_POST['only_check']) ? ( $_POST['only_check'] == "1" ) : false );
19
20	$suppress_admin_messages = ( $params["adminmessages"] != "true" \|\| !$is_admin );
21	$success_count = 0;

72	/* notify admin if this is a redirection caused because the browser of the user could not handle AJAX upload */
73	$params_output_array["general"]['admin_messages']['other'] = $params['adminerrors'];
74
75	+ if ( isset($_FILES[$uploadedfile]['error']) \|\| $only_check ) {
76	+ $files_count = 1;
77	+ // in case of checking of file, then the $_FILES variable has not been set because no file has been uploaded,
78	+ // so we set it manually in order to allow the routine to continue
79	+ if ( $only_check ) {
80	+ $_FILES[$uploadedfile]['name'] = wfu_plugin_decode_string($_POST[$uploadedfile.'_name']);
81	+ $_FILES[$uploadedfile]['type'] = 'any';
82	+ $_FILES[$uploadedfile]['tmp_name'] = 'any';
83	+ $_FILES[$uploadedfile]['error'] = '';
84	+ $_FILES[$uploadedfile]['size'] = $_POST[$uploadedfile.'_size'];
85	+ }
86	}
87	else $files_count = 0;
88	$params_output_array["general"]['files_count'] = $files_count;
89	+ // index of uploaded file in case of ajax uploads (in ajax uploads only one file is uploaded in every ajax call)
90	+ // the index is used to store any file data in session variables, in case the file is uploaded in two or more passes
91	+ // (like the case were in the first pass it is only checked)
92	+ $single_file_index = ( isset($_POST[$uploadedfile.'_index']) ? $_POST[$uploadedfile.'_index'] : -1 );
93
94	/* append userdata fields to upload path */
95	$search = array ( );

123	$file_output['message_type'] = "";
124	$file_output['admin_messages'] = "";
125
126	+ // determine if file data have been saved to session variables, due to a previous pass of this file
127	+ $file_map = "filedata_".$unique_id."_".$single_file_index;
128	+ // retrieve unique id of the file, used in filter actions for identifying each separate file
129	+ $file_unique_id = ( isset($_SESSION[$file_map]) ? $_SESSION[$file_map]['file_unique_id'] : '' );
130	+ $filedata_previously_defined = ( $file_unique_id != '' );
131	+ /* generate unique id for each file for use in filter actions if it has not been previously defined */
132	+ if ( !$filedata_previously_defined )
133	+ $file_unique_id = wfu_create_random_string(20);
134
135	/* Get uploaded file size in Mbytes */
136	$upload_file_size = filesize($fileprops['tmp_name']) / 1024 / 1024;
137	+ // correct file size in case of checking of file otherwise $upload_file_size will be zero and the routine will fail
138	+ if ( $only_check ) $upload_file_size = $fileprops['size'] / 1024 / 1024;
139
140	if ( $upload_file_size > 0 ) {
141

143	any filename or userdata modifications or reject the upload of the file by setting error_message item
144	of $ret_data array to a non-empty value */
145	$filter_error_message = '';
146	+ if ( $file_unique_id != '' && !$filedata_previously_defined ) {
147	$target_path = wfu_upload_plugin_full_path($params).$fileprops['name'];
148	$changable_data['file_path'] = $target_path;
149	$changable_data['user_data'] = $userdata_fields;
150	$changable_data['error_message'] = $filter_error_message;
151	$additional_data['file_unique_id'] = $file_unique_id;
152	$additional_data['file_size'] = filesize($fileprops['tmp_name']);
153	+ // correct file size in case of checking of file
154	+ if ( $only_check ) $additional_data['file_size'] = $fileprops['size'];
155	$additional_data['user_id'] = $user->ID;
156	$additional_data['page_id'] = $params["pageid"];
157	$ret_data = apply_filters('wfu_before_file_check', $changable_data, $additional_data);
158	$fileprops['name'] = str_replace(wfu_upload_plugin_full_path($params), '', $ret_data['file_path']);
159	$userdata_fields = $ret_data['user_data'];
160	$filter_error_message = $ret_data['error_message'];
161	+ // if this is a file check, which means that a second pass of the file will follow, then we do not want to
162	+ // apply the filters again, so we store the changable data to session variables for this specific file
163	+ if ( $only_check ) {
164	+ $_SESSION[$file_map]['file_unique_id'] = $file_unique_id;
165	+ $_SESSION[$file_map]['filename'] = $fileprops['name'];
166	+ $_SESSION[$file_map]['userdata'] = $userdata_fields;
167	+ }
168	+ }
169	+ // if this is a second pass of the file, because a first pass with file checking was done before, then retrieve
170	+ // file data that may have previously changed because of application of filters
171	+ if ( $filedata_previously_defined ) {
172	+ $fileprops['name'] = $_SESSION[$file_map]['filename'];
173	+ $userdata_fields = $_SESSION[$file_map]['userdata'];
174	}
175	if ( $filter_error_message != '' ) {
176	$file_output['message_type'] = "error";

193	}
194	}
195
196	+ /* File name control, reject files with .php extension for security reasons */
197	+ if ( strtolower(substr($fileprops['name'], -4)) != ".php" )
198	+ foreach ($allowed_patterns as $allowed_pattern) {
199	+ if ( wfu_upload_plugin_wildcard_match( $allowed_pattern, $fileprops['name']) ) {
200	+ $allowed_file_ok = true;
201	+ break ;
202	+ }
203	}

204
205	/* File size control */
206	if ( $upload_file_size <= $params["maxsize"] ) {

243	// if ( $upload_path_ok and $allowed_file_ok and $size_file_ok ) {
244	if ( $file_output['message_type'] != "error" ) {
245
246	+ if ( $only_check ) {
247	+ $file_copied = true;
248	+ }
249	+ elseif ( is_uploaded_file($fileprops['tmp_name']) ) {
250	$file_copied = false;
251	$message_processed = false;
252	$source_path = $fileprops['tmp_name'];

452	/* suppress again any admin messages if user is not administrator or adminmessages is not activated */
453	if ( $suppress_admin_messages ) $file_output['admin_messages'] = "";
454
455	+ /* set success status of the file, to be used for medialink and post actions */
456	+ $file_finished_successfully = ( !$only_check && ( $file_output['message_type'] == "success" \|\| $file_output['message_type'] == "warning" ) );
457
458	$params_output_array[0] = $file_output;
459

480	}
481	}
482
483	+ // in case of file check set files_count to 0 in order to denote that the file was not really uploaded
484	+ if ( $only_check ) $params_output_array["general"]['files_count'] = 0;
485	+
486	$somefiles_Ok = ( ( $warning_count + $success_count ) > 0 );
487	$allfiles_Ok = ( $somefiles_Ok && ( $error_count == 0 ) );
488

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: nickboss
3	Donate link: http://www.iptanus.com/support/wordpress-file-upload
4	Tags: upload, upload file, upload files, multiple, multiple upload, multiple uploads, captcha, progress bar, form, ajax, directory, HTML5, filelist, gallery, image gallery, browser, file browser, gallery, image gallery, shortcode, logging, file logging
5	Requires at least: 2.9.2
6	- Tested up to: 3.9.1
7	Stable tag: "trunk"
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -110,6 +110,13 @@ Administrators can view and manage the uploaded files from the File Browser that
110
111	== Changelog ==
112







113	= 2.4.6 =
114	* variables %blogid%, %pageid% and %pagetitle% added in email notifications and subject and %dq% in subject
115	* corrected bug that was breaking Shortcode Composer when using more than ten attributes
	@@ -326,6 +333,9 @@ Initial version.
326
327	== Upgrade Notice ==
328



329	= 2.4.6 =
330	Important upgrade to address some bugs.
331


3	Donate link: http://www.iptanus.com/support/wordpress-file-upload
4	Tags: upload, upload file, upload files, multiple, multiple upload, multiple uploads, captcha, progress bar, form, ajax, directory, HTML5, filelist, gallery, image gallery, browser, file browser, gallery, image gallery, shortcode, logging, file logging
5	Requires at least: 2.9.2
6	+ Tested up to: 4.1.0
7	Stable tag: "trunk"
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

110
111	== Changelog ==
112
113	+ = 2.5.0 =
114	+ * major redesign of upload algorithm to address upload issues with Safari for Mac and Firefox
115	+ * files are first checked by server before actually uploaded, in order to avoid uploading of large files that are invalid
116	+ * modifications to progress bar code to make progress bar smoother
117	+ * restrict upload of .php files for security reasons
118	+ * fixed bug not showing correctly userdata fields inside email notifications when using ampersand or other special characters in userdata fields
119	+
120	= 2.4.6 =
121	* variables %blogid%, %pageid% and %pagetitle% added in email notifications and subject and %dq% in subject
122	* corrected bug that was breaking Shortcode Composer when using more than ten attributes

333
334	== Upgrade Notice ==
335
336	+ = 2.5.0 =
337	+ Important upgrade to address some bugs.
338	+
339	= 2.4.6 =
340	Important upgrade to address some bugs.
341

wordpress_file_upload.php CHANGED Viewed

	@@ -4,14 +4,14 @@ session_start();
4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	- Version: 2.4.6
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/
11
12	/*
13	Wordpress File Upload (Wordpress Plugin)
14	- Copyright (C) 2010-~~2014~~ Nickolas Bossinas
15	Contact me at http://www.iptanus.com
16
17	This program is free software: you can redistribute it and/or modify


4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	+ Version: 2.5.0
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/
11
12	/*
13	Wordpress File Upload (Wordpress Plugin)
14	+ Copyright (C) 2010-2015 Nickolas Bossinas
15	Contact me at http://www.iptanus.com
16
17	This program is free software: you can redistribute it and/or modify