WordPress File Upload - Version 3.0.0

Version Description

  • major version number has advanced because an important feature has been added in Pro version (logged users can browse their uploaded files through their Dashboard)
  • several code modifications in file browser to make the plugin more secure against hacking, some functionalities in file browser have slightly changed
  • new file browser cannot edit files that were not uploaded with the plugin and it cannot edit or create folders
  • upload path cannot be outside the wordpress installation root
  • files with extension php, js, pht, php3, php4, php5, phtml, htm, html and htaccess are forbidden for security reasons
Download this release

Release Info

Developer nickboss
Plugin Icon 128x128 WordPress File Upload
Version 3.0.0
Comparing to
See all releases

Code changes from version 2.7.6 to 3.0.0

Files changed (14) hide show
  1. js/wordpress_file_upload_adminfunctions.js +2 -2
  2. languages/wordpress-file-upload-sr_RS.mo +0 -0
  3. languages/wordpress-file-upload-sr_RS.po +142 -32
  4. lib/wfu_admin.php +6 -91
  5. lib/wfu_admin_browser.php +295 -178
  6. lib/wfu_admin_settings.php +90 -0
  7. lib/wfu_ajaxactions.php +22 -11
  8. lib/wfu_constants.php +1 -0
  9. lib/wfu_functions.php +104 -1
  10. lib/wfu_processfiles.php +2 -2
  11. readme.txt +11 -1
  12. release_notes.txt +1 -1
  13. wfu_file_downloader.php +11 -3
  14. wordpress_file_upload.php +2 -1
js/wordpress_file_upload_adminfunctions.js CHANGED
@@ -1,2 +1,2 @@
1
- function wfu_admin_activate_tab(e){for(var t,a,l=document.getElementById("wfu_tab_container"),n=0;n<l.childNodes.length;n++)t=l.childNodes[n],1===t.nodeType&&(a=t.id.substr(8),t.className.indexOf("nav-tab-active")>-1&&(t.className="nav-tab",document.getElementById("wfu_container_"+a).style.display="none"));document.getElementById("wfu_tab_"+e).className="nav-tab nav-tab-active",document.getElementById("wfu_container_"+e).style.display="block"}function wfu_admin_onoff_clicked(e){var t=document.getElementById("wfu_attribute_"+e),a=document.getElementById("wfu_wrapper"),l=document.getElementsByClassName("wfu_shadow_"+e,"div",a),n=document.getElementsByClassName("wfu_shadow_"+e+"_inv","div",a),d="on"==t.className.substr(t.className.length-2);if(d=!d){document.getElementById("wfu_attribute_value_"+e).value="true",t.className="wfu_onoff_container_on";for(var u=0;u<l.length;u++)l[u].style.display="none";for(var u=0;u<n.length;u++)n[u].style.display="block"}else{document.getElementById("wfu_attribute_value_"+e).value="false",t.className="wfu_onoff_container_off";for(var u=0;u<l.length;u++)l[u].style.display="block";for(var u=0;u<n.length;u++)n[u].style.display="none"}wfu_generate_shortcode(),"userdata"==e&&wfu_update_userfield_variables()}function wfu_admin_radio_clicked(e){var t=document.getElementsByName("wfu_radioattribute_"+e),a=document.getElementById("wfu_wrapper"),l=document.getElementsByClassName("wfu_shadow_"+e,"div",a),n=document.getElementsByClassName("wfu_shadow_"+e+"_inv","div",a),d="";for(r=0;r<t.length;r++)t[r].checked&&(d=t[r].value);var u="*"==d.substr(0,1);if(u){d=d.substr(1);for(var r=0;r<l.length;r++)l[r].style.display="none";for(var r=0;r<n.length;r++)n[r].style.display="block"}else{for(var r=0;r<l.length;r++)l[r].style.display="block";for(var r=0;r<n.length;r++)n[r].style.display="none"}document.getElementById("wfu_attribute_value_"+e).value=d,wfu_generate_shortcode()}function wfu_addEventHandler(e,t,a){e.addEventListener?e.addEventListener(t,a,!1):e.attachEvent?e.attachEvent("on"+t,a):e["on"+t]=a}function wfu_attach_separator_dragdrop_events(){for(var e,t=document.getElementById("wfu_placements_container"),a=0;a<t.childNodes.length;a++)e=t.childNodes[a],("wfu_component_separator_hor"==e.className||"wfu_component_separator_ver"==e.className)&&(wfu_addEventHandler(e,"dragenter",wfu_separator_dragenter),wfu_addEventHandler(e,"dragover",wfu_default_dragover),wfu_addEventHandler(e,"dragleave",wfu_separator_dragleave),wfu_addEventHandler(e,"drop",wfu_separator_drop))}function wfu_Attach_Admin_DragDrop_Events(){if(window.FileReader){for(var e,t=document.getElementById("wfu_placements_container"),a=document.getElementById("wfu_componentlist_container"),l=0;l<t.childNodes.length;l++)e=t.childNodes[l],"wfu_component_box"==e.className&&(wfu_addEventHandler(e,"dragstart",wfu_component_dragstart),wfu_addEventHandler(e,"dragend",wfu_component_dragend));for(var l=0;l<a.childNodes.length;l++)if(e=a.childNodes[l],"wfu_component_box_container"==e.className)for(var n=0;n<e.childNodes.length;n++)"wfu_component_box wfu_inbase"==e.childNodes[n].className&&(wfu_addEventHandler(e.childNodes[n],"dragstart",wfu_component_dragstart),wfu_addEventHandler(e.childNodes[n],"dragend",wfu_component_dragend));e=document.getElementById("wfu_componentlist_dragdrop"),wfu_addEventHandler(e,"dragenter",wfu_componentlist_dragenter),wfu_addEventHandler(e,"dragover",wfu_default_dragover),wfu_addEventHandler(e,"dragleave",wfu_componentlist_dragleave),wfu_addEventHandler(e,"drop",wfu_componentlist_drop),wfu_attach_separator_dragdrop_events()}}function wfu_componentlist_dragenter(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;var t=document.getElementById("wfu_componentlist_dragdrop");return-1==t.className.indexOf("wfu_componentlist_dragdrop_dragover")&&(t.className+=" wfu_componentlist_dragdrop_dragover"),!1}function wfu_componentlist_dragleave(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;var t=document.getElementById("wfu_componentlist_dragdrop");return t.className=t.className.replace(" wfu_componentlist_dragdrop_dragover",""),!1}function wfu_componentlist_drop(e){e=e||window.event,e.preventDefault&&e.preventDefault();var t=e.dataTransfer.getData("Component");if(!t)return!1;var a=document.getElementById("wfu_component_box_"+t);a.className="wfu_component_box wfu_inbase",a.style.display="block",document.getElementById("wfu_component_box_container_"+t).appendChild(a);var l=wfu_admin_recreate_placements_text(null,"");return wfu_admin_recreate_placements_panel(l),document.getElementById("wfu_attribute_value_placements").value=l,wfu_generate_shortcode(),!1}function wfu_separator_dragenter(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;if("wfu_component_separator_hor"==e.target.className){var t=document.getElementById("wfu_component_bar_hor");t.style.top=e.target.offsetTop+"px",t.style.display="block"}else if("wfu_component_separator_ver"==e.target.className){var t=document.getElementById("wfu_component_bar_ver");t.style.top=e.target.offsetTop+"px",t.style.left=e.target.offsetLeft+"px",t.style.display="block"}return!1}function wfu_default_dragover(e){return e=e||window.event,e.preventDefault&&e.preventDefault(),!1}function wfu_separator_dragleave(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;if("wfu_component_separator_hor"==e.target.className){var t=document.getElementById("wfu_component_bar_hor");t.style.display="none"}else if("wfu_component_separator_ver"==e.target.className){var t=document.getElementById("wfu_component_bar_ver");t.style.display="none"}return!1}function wfu_separator_drop(e){e=e||window.event,e.preventDefault&&e.preventDefault();var t=e.dataTransfer.getData("Component");if(!t)return!1;var a=document.getElementById("wfu_component_box_"+t);a.style.display="none",a.className="wfu_component_box wfu_inbase",document.getElementById("wfu_component_box_container_"+t).appendChild(a);var l=wfu_admin_recreate_placements_text(e.target,t);return wfu_admin_recreate_placements_panel(l),document.getElementById("wfu_attribute_value_placements").value=l,wfu_generate_shortcode(),!1}function wfu_component_dragstart(e){e=e||window.event,e.dataTransfer.setData("Component",e.target.id.replace("wfu_component_box_","")),-1==e.target.className.indexOf("wfu_component_box_dragged")&&(e.target.className+=" wfu_component_box_dragged",DraggedItem=e.target),e.target.style.zIndex=3;var t=document.getElementById("wfu_componentlist_dragdrop");return t.className="wfu_componentlist_dragdrop wfu_componentlist_dragdrop_dragover",t.style.display="block",!1}function wfu_component_dragend(e){e=e||window.event,DraggedItem=null,e.target.style.zIndex=1;var t=document.getElementById("wfu_componentlist_dragdrop");return t.style.display="none",t.className="wfu_componentlist_dragdrop",e.target.className=e.target.className.replace(" wfu_component_box_dragged",""),document.getElementById("wfu_component_bar_ver").style.display="none",document.getElementById("wfu_component_bar_hor").style.display="none",!1}function wfu_admin_recreate_placements_text(e,t){function a(e){""!=d&&(d+=n),d+=e,n=""}for(var l=document.getElementById("wfu_placements_container"),n="",d="",u=0;u<l.childNodes.length;u++)item=l.childNodes[u],"wfu_component_separator_ver"==item.className?(""==n&&(n="+"),item==e&&(a(t),n="+")):"wfu_component_separator_hor"==item.className?(n="/",item==e&&(a(t),n="/")):"wfu_component_box"==item.className&&a(item.id.replace("wfu_component_box_",""));return d}function wfu_admin_recreate_placements_panel(e){for(var t,a,l,n=document.getElementById("wfu_placements_container"),d="",u=0;u<n.childNodes.length;u++)t=n.childNodes[u],"wfu_component_box"==t.className&&(d=t.id.replace("wfu_component_box_",""),t.style.display="inline-block",t.className="wfu_component_box wfu_inbase",document.getElementById("wfu_component_box_container_"+d).appendChild(t));n.innerHTML="",a=e.split("/");for(var u=0;u<a.length;u++){t=document.createElement("DIV"),t.className="wfu_component_separator_hor",t.setAttribute("draggable",!0),n.appendChild(t),t=document.createElement("DIV"),t.className="wfu_component_separator_ver",t.setAttribute("draggable",!0),n.appendChild(t),l=a[u].split("+");for(var r=0;r<l.length;r++)t=document.getElementById("wfu_component_box_"+l[r]),t&&(n.appendChild(t),t.className="wfu_component_box",t.style.display="inline-block",t=document.createElement("DIV"),t.className="wfu_component_separator_ver",t.setAttribute("draggable",!0),n.appendChild(t))}t=document.createElement("DIV"),t.className="wfu_component_separator_hor",t.setAttribute("draggable",!0),n.appendChild(t),t=document.createElement("DIV"),t.id="wfu_component_bar_hor",t.className="wfu_component_bar_hor",n.appendChild(t),t=document.createElement("DIV"),t.id="wfu_component_bar_ver",t.className="wfu_component_bar_ver",n.appendChild(t),wfu_attach_separator_dragdrop_events()}function wfu_subfolders_input_changed(e){e=e||window.event;var t=e.target,a=t.id.replace("wfu_subfolders_path_","");a=a.replace("wfu_subfolders_label_","");var l=document.getElementById("wfu_attribute_"+a);if(!(l.selectedIndex<0)){var n,d,u=document.getElementById("wfu_subfolders_path_"+a),r=document.getElementById("wfu_subfolders_label_"+a),o=document.getElementById("wfu_subfolders_ok_"+a),_="1"==document.getElementById("wfu_subfolders_isnewitem_"+a).value;if(_)n="",d="";else{var s=l.data;t=s[l.selectedIndex],n=t.path,d=t.label}if(u.value==n&&r.value==d)o.disabled=!0,_||wfu_subfolders_update_nav(a);else{o.disabled=!1;for(var f=document.getElementsByName("wfu_subfolder_nav_"+a),i=0;i<f.length;i++)f[i].disabled=!0}}}function wfu_subfolders_auto_changed(e){var t=document.getElementById("wfu_attribute_"+e),a=document.getElementById("wfu_subfolders_auto_"+e),l=document.getElementById("wfu_subfolders_editable_"+e),n=document.getElementById("wfu_subfolders_manualtext_"+e);if(a.checked){var d=document.getElementById("wfu_attribute_value_"+e).value;"auto"!=d.substr(0,4)&&(n.value=d),l.parentNode.style.display="inline",wfu_apply_value(e,"folderlist","auto"+(l.checked?"+":"")),t.disabled=!0}else t.disabled=!1,l.parentNode.style.display="none",wfu_apply_value(e,"folderlist",n.value)}function wfu_subfolders_up_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;item=a[t.selectedIndex];var l=item.index-1;if(!(0>l)){for(var n=-1,d=t.selectedIndex-1;d>=0;){if(a[d].level==item.level&&a[d].index==l){n=d;break}d--}if(-1!=n){var u=0;for(d=t.selectedIndex+1;d<a.length&&a[d].level>item.level;)u++,d++;a[n].index=item.index,item.index=l,t.data=a.slice(0,n).concat(a.slice(t.selectedIndex,t.selectedIndex+1+u)).concat(a.slice(n,t.selectedIndex)).concat(a.slice(t.selectedIndex+1+u));var r=wfu_update_subfolder_list(e);t.selectedIndex=n,wfu_subfolders_update_toolnav(e),item=t,r!==item.oldVal&&(item.oldVal=r,document.getElementById("wfu_attribute_value_"+e).value=r,wfu_generate_shortcode())}}}}function wfu_subfolders_down_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;item=a[t.selectedIndex];var l=item.index+1,n=-1;for(curind=t.selectedIndex+1;curind<a.length;){if(a[curind].level==item.level){n=curind;break}if(a[curind].level<item.level)break;curind++}if(-1!=n){var d=0;for(curind=n+1;curind<a.length&&a[curind].level>item.level;)d++,curind++;a[n].index=item.index,item.index=l,t.data=a.slice(0,t.selectedIndex).concat(a.slice(n,n+1+d)).concat(a.slice(t.selectedIndex,n)).concat(a.slice(n+1+d));var u=wfu_update_subfolder_list(e);t.selectedIndex=t.selectedIndex+d+1,wfu_subfolders_update_toolnav(e),item=t,u!==item.oldVal&&(item.oldVal=u,document.getElementById("wfu_attribute_value_"+e).value=u,wfu_generate_shortcode())}}}function wfu_subfolders_left_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;for(item=a[t.selectedIndex],curind=t.selectedIndex+1;curind<a.length&&a[curind].level>item.level;)a[curind].level--,curind++;item.level--;var l=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,l!==item.oldVal&&(item.oldVal=l,document.getElementById("wfu_attribute_value_"+e).value=l,wfu_generate_shortcode())}}function wfu_subfolders_right_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;for(item=a[t.selectedIndex],curind=t.selectedIndex+1;curind<a.length&&a[curind].level>item.level;)a[curind].level++,curind++;item.level++;var l=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,l!==item.oldVal&&(item.oldVal=l,document.getElementById("wfu_attribute_value_"+e).value=l,wfu_generate_shortcode())}}function wfu_subfolders_def_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;if(item=a[t.selectedIndex],item.default)item.default=!1;else{for(var l=0;l<a.length;l++)a[l].default=!1;item.default=!0}var n=wfu_update_subfolder_list(e);wfu_subfolders_update_toolnav(e),item=t,n!==item.oldVal&&(item.oldVal=n,document.getElementById("wfu_attribute_value_"+e).value=n,wfu_generate_shortcode())}}function wfu_subfolders_ok_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=document.getElementById("wfu_subfolders_path_"+e),l=document.getElementById("wfu_subfolders_label_"+e);if(""==a.value||""==l.value)return void alert("Path or label cannot be empty!");var n=t.data,d="1"==document.getElementById("wfu_subfolders_isnewitem_"+e).value;if(d){var u=parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+e).value),r={label:l.value,path:a.value,level:u,"default":!1},o=parseInt(document.getElementById("wfu_subfolders_newitemindex_"+e).value);o>=n.length?n.push(r):n.splice(o,0,r)}else item=n[t.selectedIndex],item.path=a.value,item.label=l.value;var _=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,_!==item.oldVal&&(item.oldVal=_,document.getElementById("wfu_attribute_value_"+e).value=_,wfu_generate_shortcode())}}function wfu_subfolders_del_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data;item=a[t.selectedIndex];var l=0;for(curind=t.selectedIndex+1;curind<a.length&&a[curind].level>item.level;)l++,curind++;if(!(l>0)||confirm("Children items will be deleted as well. Proceed?")){a.splice(t.selectedIndex,1+l);var n=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,n!==item.oldVal&&(item.oldVal=n,document.getElementById("wfu_attribute_value_"+e).value=n,wfu_generate_shortcode())}}}function wfu_subfolders_add_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a=t.data,l=t.selectedIndex;item=a[l];var n=t.options,d=document.createElement("option");d.value="",d.innerHTML="",n.add(d,l),t.selectedIndex=l;var u=document.getElementById("wfu_subfolder_tools_"+e),r=document.getElementById("wfu_subfolders_path_"+e),o=document.getElementById("wfu_subfolders_label_"+e),_=document.getElementById("wfu_subfolders_ok_"+e),s=document.getElementById("wfu_subfolders_browse_"+e);u.className="wfu_subfolder_tools_container",o.disabled=!1,_.disabled=!0,document.getElementById("wfu_subfolders_isnewitem_"+e).value="1",document.getElementById("wfu_subfolders_newitemindex_"+e).value=l,document.getElementById("wfu_subfolders_newitemlevel_"+e).value=item.level,document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="",r.disabled=0==item.level,s.disabled=0==item.level,0==item.level?(r.value="{root}",o.value="{upload folder}"):(r.value="",o.value="");for(var f=document.getElementsByName("wfu_subfolder_nav_"+e),i=0;i<f.length;i++)f[i].disabled=!0}}function wfu_subfolders_browse_clicked(e){var t=wfu_GetHttpRequestObject();if(null!=t){var a=null;try{var a=new FormData}catch(l){}if(null!=a){for(var n=document.getElementById("wfu_global_dialog_container"),d=document.getElementById("wfu_subfolders_browser_"+e),u=document.getElementById("wfu_subfolders_browse_"+e),r=document.getElementById("wfu_subfolders_inner_shadow_"+e),o=document.getElementById("wfu_subfolders_browser_msgcont_"+e),_=document.getElementById("wfu_subfolders_browser_msg_"+e),s=document.getElementById("wfu_subfolders_browser_img_"+e),f=document.getElementById("wfu_subfolders_browser_ok_"+e),i=document.getElementById("wfu_subfolders_browser_list_"+e);i.options.length>0;)i.options.remove(0);f.disabled=!0,f.onclick=function(){wfu_folder_browser_cancel_clicked(e)},_.innerHTML="loading folder contents...",s.style.display="inline",o.style.display="block",n.style.display="block",d.style.display="block",d.style.left=u.offsetLeft+u.offsetWidth-d.offsetWidth+"px",d.style.top=u.offsetTop+u.offsetHeight-d.offsetHeight+"px",r.style.display="block",n.onclick=function(){wfu_folder_browser_cancel_clicked(e)};var c=document.getElementById("wfu_attribute_uploadpath").value;"/"==c.substr(c.length-1)&&(c=c.substr(0,c.length-1));var m=wfu_get_relative_path(e).split(","),w=c+m[0];"/"!=w.substr(0)&&(w="/"+w);var g="";2==m.length&&(g=m[1]),a.append("action","wfu_ajax_action_read_subfolders"),a.append("folder1",wfu_plugin_encode_string(w)),a.append("folder2",wfu_plugin_encode_string(g)),t.key=e,t.addEventListener("load",wfu_readfolderComplete,!1),t.addEventListener("error",wfu_readfolderFailed,!1),t.addEventListener("abort",wfu_readfolderCanceled,!1),t.open("POST",AdminParams.wfu_ajax_url),t.send(a)}}}function wfu_readfolderComplete(e){var t=e.target.key,a=document.getElementById("wfu_subfolders_browser_msgcont_"+t),l=document.getElementById("wfu_subfolders_browser_msg_"+t),n=document.getElementById("wfu_subfolders_browser_img_"+t),d=document.getElementById("wfu_subfolders_browser_list_"+t),u=document.getElementById("wfu_subfolders_browser_ok_"+t),r=document.getElementById("wfu_subfolders_path_"+t),o=document.getElementById("wfu_subfolders_label_"+t),_=e.target.responseText;if(-1!=_){var s="wfu_read_subfolders:",f=e.target.responseText.indexOf(s);-1==f&&(f=e.target.responseText.length);var i=(e.target.responseText.substr(0,f),e.target.responseText.substr(f+s.length,e.target.responseText.length-f-s.length));f=i.indexOf(":");var c=i.substr(0,f);if(txt_value=i.substr(f+1,i.length-f-1),"success"==c){for(var m,w=wfu_plugin_decode_string(txt_value),g=w.split(","),p=0,v=0;v<g.length;v++)""!=g[v]&&(m=document.createElement("option"),m.value=g[v],m.innerHTML=g[v].replace("*","&nbsp;&nbsp;&nbsp;"),d.add(m),p++);0==p&&(m=document.createElement("option"),m.value="",m.innerHTML="{empty}",m.disabled=!0,d.add(m)),d.selectedIndex=-1,u.onclick=function(){var e=d.options[d.selectedIndex].value,a=parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+t).value);("*"==e.substr(0,1)||0==a)&&(document.getElementById("wfu_subfolders_newitemlevel_"+t).value=a+1,a>0&&(e=e.substr(1))),r.value=e,o.value=e,wfu_folder_browser_cancel_clicked(t),wfu_subfolders_ok_clicked(t)},a.style.display="none"}else"error"==c?(l.innerHTML=txt_value,n.style.display="none",u.disabled=!1):(l.innerHTML="Unknown error",n.style.display="none",u.disabled=!1)}}function wfu_readfolderFailed(e){var t=e.target.key,a=document.getElementById("wfu_subfolders_browser_msg_"+t),l=document.getElementById("wfu_subfolders_browser_img_"+t),n=document.getElementById("wfu_subfolders_browser_ok_"+t);a.innerHTML="Unknown error",l.style.display="none",n.disabled=!1}function wfu_readfolderCanceled(e){var t=e.target.key,a=document.getElementById("wfu_subfolders_browser_msg_"+t),l=document.getElementById("wfu_subfolders_browser_img_"+t),n=document.getElementById("wfu_subfolders_browser_ok_"+t);a.innerHTML="Unknown error",l.style.display="none",n.disabled=!1}function wfu_subfolders_browser_list_changed(e){var t=document.getElementById("wfu_subfolders_browser_list_"+e),a=document.getElementById("wfu_subfolders_browser_ok_"+e);a.disabled=t.selectedIndex<0}function wfu_folder_browser_cancel_clicked(e){var t=document.getElementById("wfu_global_dialog_container"),a=document.getElementById("wfu_subfolders_browser_"+e),l=(document.getElementById("wfu_subfolders_browse_"+e),document.getElementById("wfu_subfolders_inner_shadow_"+e));t.onclick=null,l.style.display="none",a.style.display="none",t.style.display="none"}function wfu_get_relative_path(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var a,l=t.data,n="1"==document.getElementById("wfu_subfolders_isnewitem_"+e).value;a=n?parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+e).value):l[t.selectedIndex].level;for(var d="/",u=t.selectedIndex-1,r=a;u>=0&&r>1;)l[u].level<r&&(d="/"+l[u].path+d,r=l[u].level),u--;return n&&"1"==document.getElementById("wfu_subfolders_newitemlevel2_"+e).value&&a>0&&t.selectedIndex>0&&(d+=","+l[t.selectedIndex-1].path),d}}function wfu_subfolders_changed(e){wfu_update_subfolder_list(e),wfu_subfolders_update_toolnav(e)}function wfu_subfolders_update_toolnav(e){var t,a,l=document.getElementById("wfu_attribute_"+e),n=document.getElementById("wfu_subfolder_tools_"+e),d=document.getElementById("wfu_subfolders_path_"+e),u=document.getElementById("wfu_subfolders_label_"+e),r=document.getElementById("wfu_subfolders_ok_"+e),o=document.getElementById("wfu_subfolders_browse_"+e),_=document.getElementById("wfu_subfolders_auto_"+e);if(document.getElementById("wfu_subfolders_isnewitem_"+e).value="",document.getElementById("wfu_subfolders_newitemindex_"+e).value="",document.getElementById("wfu_subfolders_newitemlevel_"+e).value="",document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="",null==l.data?(t=wfu_decode_subfolder_list(e),l.data=t):t=l.data,0===l.data.length?(l.className="wfu_select_folders wfu_select_folders_empty",l.options[0].innerHTML=_.checked?"":"press here"):l.className="wfu_select_folders",l.selectedIndex<0)n.className="wfu_subfolder_tools_container wfu_subfolder_tools_disabled",d.disabled=!0,u.disabled=!0,r.disabled=!0,o.disabled=!0,u.value="",d.value="";else if(l.selectedIndex>=l.options.length-1){n.className="wfu_subfolder_tools_container",u.disabled=!1,r.disabled=!0,document.getElementById("wfu_subfolders_isnewitem_"+e).value="1",document.getElementById("wfu_subfolders_newitemindex_"+e).value=t.length;var s;s=0==t.length?0:0==t[t.length-1].level?1:t[t.length-1].level,document.getElementById("wfu_subfolders_newitemlevel_"+e).value=s,document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="1",d.disabled=0==s,o.disabled=!1,0==s?(d.value="{root}",u.value="{upload folder}"):(d.value="",u.value="")}else n.className="wfu_subfolder_tools_container",u.disabled=!1,r.disabled=!0,a=t[l.selectedIndex],d.disabled=0==a.level,o.disabled=0==a.level,u.value=a.label,d.value=a.path;var f=document.getElementsByName("wfu_subfolder_nav_"+e);if(l.selectedIndex<0||l.selectedIndex>=l.options.length-1)for(var i=0;i<f.length;i++)f[i].disabled=!0;else wfu_subfolders_update_nav(e)}function wfu_subfolders_update_nav(e){var t=document.getElementById("wfu_attribute_"+e),a=document.getElementById("wfu_subfolders_up_"+e),l=document.getElementById("wfu_subfolders_down_"+e),n=document.getElementById("wfu_subfolders_left_"+e),d=document.getElementById("wfu_subfolders_right_"+e),u=document.getElementById("wfu_subfolders_add_"+e),r=document.getElementById("wfu_subfolders_def_"+e),o=document.getElementById("wfu_subfolders_del_"+e),_=t.data,s=_[t.selectedIndex];for(a.disabled=s.index<=0,ind=t.selectedIndex+1,nextind=0;ind<_.length;){if(_[ind].level==s.level){nextind=_[ind].index;break}if(_[ind].level<s.level)break;ind++}l.disabled=0==s.level||0==nextind,n.disabled=0==t.selectedIndex&&s.level<1||t.selectedIndex>0&&s.level<=1,prevlevel=t.selectedIndex>=1?_[t.selectedIndex-1].level:0,d.disabled=s.level-prevlevel>0,u.disabled=0==s.level,r.disabled=!1,r.className="button"+(s.default?" wfu_subfolder_nav_pressed":""),o.disabled=!1}function wfu_decode_subfolder(e){var t={label:"",path:"",level:0,"default":!1};e=e.trim();for(var a=0,l=!1;a<e.length&&"*"==e.substr(a,1);)a++;e=e.substr(a,e.length-a),"&"==e.substr(0,1)&&(e=e.substr(1),l=!0),t.level=a,t.default=l;var n=e.split("/");return 1==n.length?(t.path=n[0],t.label=n[0]):n.length>1&&(t.path=n[0],t.label=n[1]),0==a&&(t.path="{root}",""==t.label&&(t.label="{upload folder}")),t}function wfu_decode_subfolder_list(e){for(var t,a=document.getElementById("wfu_attribute_"+e).options,l=Array(),n=["root"],d=[0],u=-1,r=0;r<a.length-1;r++){for(l.push(wfu_decode_subfolder(wfu_plugin_decode_string(a[r].value))),n.length>l[r].level?n[l[r].level]=l[r].path:n.push(l[r].path),t="",j=1;j<=l[r].level;j++)t+=n[j]+"/";l[r].fullpath=t,d.length<=l[r].level&&d.push(0),l[r].index=l[r].level>u?0:d[l[r].level]+1,d[l[r].level]=l[r].index,u=l[r].level}return l}function wfu_update_subfolder_list(e){var t=document.getElementById("wfu_attribute_"+e).options,a=document.getElementById("wfu_attribute_"+e),l=a.data;if(null!=l){var n,d,u="";t.length=l.length+1;for(var r=0;r<l.length;r++){for(n="",d="",j=0;j<l[r].level;j++)n+="*",d+="&nbsp;&nbsp;&nbsp;";l[r].default?(n+="&",t[r].className="wfu_select_folders_option_default"):t[r].className="",n+=l[r].path+"/"+l[r].label,d+=l[r].label,t[r].value=wfu_plugin_encode_string(n),t[r].innerHTML=d,""!=u&&(u+=","),u+=n}return t[l.length].value="",t[l.length].innerHTML="",u}}function wfu_userdata_edit_field(e,t,a){for(var l,n=0;n<e.childNodes.length;n++)l=e.childNodes[n],"INPUT"==l.tagName?"text"==l.type?(l.value=t,wfu_attach_element_handlers(l,wfu_update_userfield_value)):"checkbox"==l.type&&(l.checked=a):"DIV"==l.tagName&&(l.className="wfu_userdata_action")}function wfu_userdata_add_field(e){var t=e.parentNode,a=t.cloneNode(!0);wfu_userdata_edit_field(a,"",!1),t.parentNode.insertBefore(a,t.nextSibling)}function wfu_userdata_remove_field(e){for(var t=e.parentNode,a=t.parentNode,l=null,n=0;n<a.childNodes.length;n++)if(1===a.childNodes[n].nodeType){l=a.childNodes[n];break}if(t!=l){t.parentNode.removeChild(t);for(var n=0;n<l.childNodes.length;n++)if(1===l.childNodes[n].nodeType){wfu_update_userfield_value({target:l.childNodes[n]});break}}}function wfu_generate_shortcode(){for(var e,t=document.getElementById("wfu_attribute_defaults"),a=(document.getElementById("wfu_attribute_values"),""),l="",n="[wordpress_file_upload",d="",u=0;u<t.childNodes.length;u++)e=t.childNodes[u],1===e.nodeType&&(a=e.id.replace("wfu_attribute_default_",""),l=document.getElementById("wfu_attribute_value_"+a).value,e.value!=l&&(d+=" "+a+'="'+l+'"'));n+=d+"]",document.getElementById("wfu_shortcode").value=n,ShortcodeString=d.substr(1),document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode").disabled=wfu_plugin_encode_string(n)==document.getElementById("wfu_shortcode_original_enc").value),Autosave&&wfu_schedule_save_shortcode()}function wfu_update_text_value(e){e=e||window.event;var t=e.target,a=t.id.replace("wfu_attribute_",""),l=t.value;l=l.replace(/(\r\n|\n|\r)/gm,"%n%"),l=l.replace(/\"/gm,"%dq%"),l=l.replace(/\[/gm,"%brl%"),l=l.replace(/\]/gm,"%brr%"),l!==t.oldVal&&(t.oldVal=l,document.getElementById("wfu_attribute_value_"+a).value=l,wfu_generate_shortcode())}function wfu_update_triplecolor_value(e){e=e||window.event;var t=e.target,a=t.id.replace("wfu_attribute_","");a=a.replace("_color",""),a=a.replace("_bgcolor",""),a=a.replace("_borcolor",""),t=document.getElementById("wfu_attribute_"+a+"_color");var l=t.value+","+document.getElementById("wfu_attribute_"+a+"_bgcolor").value+","+document.getElementById("wfu_attribute_"+a+"_borcolor").value;l!==t.oldVal&&(t.oldVal=l,document.getElementById("wfu_attribute_value_"+a).value=l,wfu_generate_shortcode())}function wfu_update_dimension_value(e){e=e||window.event;var t=e.target,a=t.name.replace("wfu_dimension_elements_",""),l=document.getElementsByName(t.name);t=l[0];for(var n="",d="",u=0;u<l.length;u++)d=l[u].id.replace("wfu_attribute_"+a+"_",""),""!=n&&""!=l[u].value&&(n+=", "),""!=l[u].value&&(n+=d+":"+l[u].value);n!==t.oldVal&&(t.oldVal=n,document.getElementById("wfu_attribute_value_"+a).value=n,wfu_generate_shortcode())}function wfu_update_ptext_value(e){e=e||window.event;var t=e.target,a=t.id.replace("wfu_attribute_","");a=a.substr(2);var l=document.getElementById("wfu_attribute_s_"+a).value,n=document.getElementById("wfu_attribute_p_"+a).value,d=l+"/"+n;d!==t.oldVal&&(t.oldVal=d,document.getElementById("wfu_attribute_value_"+a).value=d),wfu_generate_shortcode()}function wfu_update_mchecklist_value(e){var t="",a=(document.getElementById("wfu_attribute_"+e),document.getElementById("wfu_attribute_"+e+"_all"));a.checked?(jQuery("#wfu_attribute_"+e+" input").prop("disabled",!0),jQuery("#wfu_attribute_"+e+" input").prop("checked",!0),t="all"):(jQuery("#wfu_attribute_"+e+" input").prop("disabled",!1),jQuery("#wfu_attribute_"+e+" input").each(function(){jQuery(this).prop("checked")&&(t+=","+jQuery(this).next().html())}),t=t.substr(1)),document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_rolelist_value(e){var t="",a=document.getElementById("wfu_attribute_"+e),l=document.getElementById("wfu_attribute_"+e+"_all");if(l.checked)a.disabled=!0,t="all";else{a.disabled=!1;for(var n=a.options,d=0;d<n.length;d++)n[d].selected&&(""!=t&&(t+=","),t+=n[d].value)}document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_userlist_value(e){var t="",a=document.getElementById("wfu_attribute_"+e),l=document.getElementById("wfu_attribute_"+e+"_guests"),n=document.getElementById("wfu_attribute_"+e+"_all");if(n.checked)a.disabled=!0,l.disabled=!0,t="all";else{a.disabled=!1,l.disabled=!1;for(var d=a.options,u=0;u<d.length;u++)d[u].selected&&(""!=t&&(t+=","),t+=d[u].value);l.checked&&(""!=t&&(t+=","),t+="guests")}document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_userfield_value(e){e=e||window.event;for(var t=e.target,a=t.parentNode,l=a.parentNode,n="",d=!1,u="",r=0;r<l.childNodes.length;r++)if(a=l.childNodes[r],"DIV"===a.tagName){for(var o=0;o<a.childNodes.length;o++)"INPUT"==a.childNodes[o].tagName&&("text"==a.childNodes[o].type?(n=a.childNodes[o].value,0==r&&(t=a.childNodes[o])):"checkbox"==a.childNodes[o].type&&(d=a.childNodes[o].checked));""!=u&&""!=n&&(u+="/"),""!=n&&d&&(u+="*"),""!=n&&(u+=n)}u!==t.oldVal&&(t.oldVal=u,document.getElementById("wfu_attribute_value_userdatalabel").value=u,wfu_generate_shortcode(),wfu_update_userfield_variables())}function wfu_update_userfield_variables(){for(var e=document.getElementById("wfu_attribute_value_userdatalabel").value,t=document.getElementById("wfu_wrapper"),a=document.getElementsByClassName("wfu_shadow_userdata","div",t),l=document.getElementsByName("wfu_userfield_select"),n=0;n<l.length;n++)l[n].style.display="none";if(0!=a.length&&"block"!=a[0].style.display){for(var d='<option style="display:none;">%userdataXXX%</option>',u=e.split("/"),r="",n=1;n<=u.length;n++)r=u[n-1],"*"==r[0]&&(r=r.substr(1)),d+='<option value="%userdata'+n+'%">'+n+": "+r+"</option>";for(var n=0;n<l.length;n++)l[n].innerHTML=d,l[n].style.display="inline-block"}}function wfu_attach_element_handlers(e,t){for(var a=["DOMAttrModified","textInput","input","change","keypress","paste","focus","propertychange"],l=0;l<a.length;l++)wfu_addEventHandler(e,a[l],t)}function wfu_Attach_Admin_Events(e){Autosave=e,wfu_generate_shortcode(),wfu_update_userfield_variables(),wfu_Attach_Admin_DragDrop_Events();for(var t=document.getElementsByName("wfu_text_elements"),a=0;a<t.length;a++)wfu_attach_element_handlers(t[a],wfu_update_text_value);for(var l=document.getElementsByName("wfu_ptext_elements"),a=0;a<l.length;a++)wfu_attach_element_handlers(l[a],wfu_update_ptext_value);for(var n=document.getElementsByName("wfu_triplecolor_elements"),a=0;a<n.length;a++)wfu_attach_element_handlers(n[a],wfu_update_triplecolor_value);for(var d=document.getElementsByName("wfu_dimension_elements_widths"),a=0;a<d.length;a++)wfu_attach_element_handlers(d[a],wfu_update_dimension_value);
2
- d=document.getElementsByName("wfu_dimension_elements_heights");for(var a=0;a<d.length;a++)wfu_attach_element_handlers(d[a],wfu_update_dimension_value);for(var u=document.getElementsByName("wfu_userfield_elements"),a=0;a<u.length;a++)wfu_attach_element_handlers(u[a],wfu_update_userfield_value);for(var r=document.getElementsByName("wfu_subfolder_tools_input"),a=0;a<r.length;a++)wfu_attach_element_handlers(r[a],wfu_subfolders_input_changed);""!=document.getElementById("wfu_shortcode_postid").value&&setTimeout(function(){wfu_check_page_obsolescence()},CheckObsolescenceTimeOut)}function wfu_insert_variable(e){var t=e.className.replace("wfu_variable wfu_variable_",""),a=document.getElementById("wfu_attribute_"+t),l=a.selectionStart,n=a.value;a.value=n.substr(0,l)+e.innerHTML+n.substr(l),wfu_update_text_value({target:a})}function wfu_insert_userfield_variable(e){var t=e.className.replace("wfu_variable wfu_variable_",""),a=document.getElementById("wfu_attribute_"+t),l=a.selectionStart,n=a.value;a.value=n.substr(0,l)+e.value+n.substr(l),e.value="%userdataXXX%",wfu_update_text_value({target:a})}function wfu_GetHttpRequestObject(){var e=null;try{e=new XMLHttpRequest}catch(t){try{e=new ActiveXObject("Msxml2.XMLHTTP")}catch(a){try{e=new ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}}if(null==e&&window.createRequest)try{xmlhttp=window.createRequest()}catch(t){}return e}function wfu_plugin_encode_string(e){var t,a=0,l="",n="";for(a=0;a<e.length;a++)t=e.charCodeAt(a),t>=2048?t=((16773120&t|917504)<<4)+((4032&t|8192)<<2)+(63&t|128):t>=128&&(t=((65472&t|12288)<<2)+(63&t|128)),n=t.toString(16),(1==n.length||3==n.length||5==n.length)&&(n="0"+n),l+=n;return l}function wfu_plugin_decode_string(e){for(var t,a,l=0,n="";l<e.length;)t=parseInt(e.substr(l,2),16),a=128>t?t:224>t?((31&t)<<6)+(63&parseInt(e.substr(l+=2,2),16)):((15&t)<<12)+((63&parseInt(e.substr(l+=2,2),16))<<6)+(63&parseInt(e.substr(l+=2,2),16)),n+=String.fromCharCode(a),l+=2;return n}function wfu_schedule_save_shortcode(){var e=new Date,t=ShortcodeNextSave-e.getTime();null!=ShortcodeTimeOut&&(clearTimeout(ShortcodeTimeOut),ShortcodeTimeOut=null),0>=t?wfu_save_shortcode():ShortcodeTimeOut=setTimeout(function(){wfu_save_shortcode()},t)}function wfu_check_page_obsolescence(){PageObsolete||PageUpdating||""==document.getElementById("wfu_shortcode_postid").value}function wfu_save_shortcode(){if(!PageObsolete){var e=wfu_GetHttpRequestObject();if(null!=e){PageUpdating=!0,document.getElementById("wfu_update_failed_message").style.display="none";var t=AdminParams.wfu_ajax_url;params=new Array(6),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_save_shortcode",params[1]=new Array(2),params[1][0]="shortcode",params[1][1]=wfu_plugin_encode_string(ShortcodeString),params[2]=new Array(2),params[2][0]="shortcode_original",params[2][1]=document.getElementById("wfu_shortcode_original_enc").value,params[3]=new Array(2),params[3][0]="post_id",params[3][1]=document.getElementById("wfu_shortcode_postid").value,params[4]=new Array(2),params[4][0]="post_hash",params[4][1]=document.getElementById("wfu_shortcode_posthash").value,params[5]=new Array(2),params[5][0]="shortcode_position",params[5][1]=document.getElementById("wfu_shortcode_position").value;for(var a="",l=0;l<params.length;l++)a+=(l>0?"&":"")+params[l][0]+"="+encodeURI(params[l][1]);var n=new Date;Autosave?ShortcodeNextSave=n.getTime()+5e3:document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode_wait").style.display="inline"),e.open("POST",t,!0),e.setRequestHeader("Content-type","application/x-www-form-urlencoded"),e.onreadystatechange=function(){if(4==e.readyState&&200==e.status){PageUpdating=!1;var t="wfu_save_shortcode:",a=e.responseText.indexOf(t);-1==a&&(a=e.responseText.length);var l=(e.responseText.substr(0,a),e.responseText.substr(a+t.length,e.responseText.length-a-t.length));a=l.indexOf(":");var d=l.substr(0,a);txt_value=l.substr(a+1,l.length-a-1),"success"==d?(Autosave?(document.getElementById("wfu_save_label").innerHTML="saved",document.getElementById("wfu_save_label").className="wfu_save_label",document.getElementById("wfu_save_label").style.opacity=1,wfu_fadeout_element(300),ShortcodeNextSave=n.getTime()+1e3,null!=ShortcodeTimeOut&&wfu_schedule_save_shortcode()):document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode_wait").style.display="none",document.getElementById("wfu_update_shortcode").disabled=!0,window.plugin_window&&window.plugin_window.location.reload(!0)),""!=document.getElementById("wfu_shortcode_postid").value&&(document.getElementById("wfu_shortcode_original_enc").value=wfu_plugin_encode_string("[wordpress_file_upload "+ShortcodeString+"]"),document.getElementById("wfu_shortcode_posthash").value=txt_value,setTimeout(function(){wfu_check_page_obsolescence()},CheckObsolescenceTimeOut))):(Autosave&&(document.getElementById("wfu_save_label").innerHTML="not saved",document.getElementById("wfu_save_label").className="wfu_save_label_fail",document.getElementById("wfu_save_label").style.opacity=1,wfu_fadeout_element(300)),"fail"==d&&("post_modified"==txt_value?(PageObsolete=!0,document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode").disabled=!0),document.getElementById("wfu_update_rejected_message").style.display="block"):document.getElementById("wfu_update_failed_message").style.display="block"))}},e.send(a)}}}function wfu_adjust_opacity(e){document.getElementById("wfu_save_label").style.opacity=e}function wfu_fadeout_element(e){for(var t=20,a=0,l=0;t>l;l++)a=1-l/t,setTimeout('wfu_adjust_opacity("'+a.toString()+'")',l*e/t);setTimeout('wfu_adjust_opacity("0.0")',l*e/t)}function wfu_apply_value(e,t,a){if("onoff"==t)document.getElementById("wfu_attribute_"+e).className="wfu_onoff_container_"+("true"!=a?"on":"off"),wfu_admin_onoff_clicked(e);else if("text"==t||"ltext"==t||"integer"==t||"float"==t||"mtext"==t||"color"==t){var l=document.getElementById("wfu_attribute_"+e);if(a=a.replace(/\%n\%/gm,"\n"),a=a.replace(/\%dq\%/gm,'"'),a=a.replace(/\%brl\%/gm,"["),a=a.replace(/\%brr\%/gm,"]"),"color"==t){var n=colourNameToHex(a);n||(n=a),jQuery("#wfu_attribute_"+e).wpColorPicker("color",n)}l.value=a,wfu_update_text_value({target:l})}else if("placements"==t)wfu_admin_recreate_placements_panel(a),document.getElementById("wfu_attribute_value_placements").value=a,wfu_generate_shortcode();else if("radio"==t){for(var d=document.getElementsByName("wfu_radioattribute_"+e),u=0;u<d.length;u++)d[u].checked=d[u].value==a||"*"+d[u].value==a;wfu_admin_radio_clicked(e)}else if("ptext"==t){a=a.replace(/\%n\%/gm,"\n"),a=a.replace(/\%dq\%/gm,'"'),a=a.replace(/\%brl\%/gm,"["),a=a.replace(/\%brr\%/gm,"]");var r=a.split("/"),o=r.length<1?"":r[0],_=r.length<2?o:r[1],s=document.getElementById("wfu_attribute_s_"+e);s.value=o;var f=document.getElementById("wfu_attribute_p_"+e);f.value=_,wfu_update_ptext_value({target:s}),wfu_update_ptext_value({target:f})}else if("mchecklist"==t){if(a=a.toLowerCase(),"all"==a)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var i=a.split(","),u=0;u<i.length;u++)i[u]=i[u].trim();jQuery("#wfu_attribute_"+e+" input").each(function(){jQuery(this).prop("checked",i.indexOf(jQuery(this).next().html())>-1)})}wfu_update_mchecklist_value(e)}else if("rolelist"==t){if(a=a.toLowerCase(),"all"==a)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var c=a.split(","),u=0;u<c.length;u++)c[u]=c[u].trim();for(var l=document.getElementById("wfu_attribute_"+e),u=0;u<l.options.length;u++)l.options[u].selected=c.indexOf(l.options[u].value)>-1}wfu_update_rolelist_value(e)}else if("userlist"==t){if(a=a.toLowerCase(),"all"==a)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var m=a.split(","),u=0;u<m.length;u++)m[u]=m[u].trim();for(var l=document.getElementById("wfu_attribute_"+e),u=0;u<l.options.length;u++)l.options[u].selected=m.indexOf(l.options[u].value)>-1;document.getElementById("wfu_attribute_"+e+"_guests").checked=m.indexOf("guests")>-1}wfu_update_userlist_value(e)}else if("dimensions"==t){for(var w,g,p,l,v=a.split(","),b=document.getElementsByName("wfu_dimension_elements_"+e),u=0;u<b.length;u++)b[u].value="";for(var u=0;u<v.length;u++)w=v[u].split(":",2),g=w.length<1?"":w[0],p=w.length<2?g:w[1],l=document.getElementById("wfu_attribute_"+e+"_"+g.trim()),l&&(l.value=p.trim());l=b[0],wfu_update_dimension_value({target:l})}else if("userfields"==t){for(var h,y=a.split("/"),I=Array(),u=0;u<y.length;u++)h="*"==y[u].substr(0,1),h&&(y[u]=y[u].substr(1)),""!=y[u]&&I.push({name:y[u],required:h});for(var E=document.getElementById("wfu_attribute_"+e),B=null,x=Array(),u=0;u<E.childNodes.length;u++)1===E.childNodes[u].nodeType&&(null==B?B=E.childNodes[u]:x.push(E.childNodes[u]));for(var u=0;u<x.length;u++)E.removeChild(x[u]);wfu_userdata_edit_field(B,"",!1);for(var N,k=B,u=0;u<I.length;u++)0==u?wfu_userdata_edit_field(B,I[u].name,I[u].required):(N=k.cloneNode(!0),wfu_userdata_edit_field(N,I[u].name,I[u].required),E.insertBefore(N,k.nextSibling),k=N);for(var l,u=0;u<B.childNodes.length&&(l=B.childNodes[u],"INPUT"!=l.tagName);u++);wfu_update_userfield_value({target:l})}else if("color-triplet"==t){for(var T=a.split(","),u=0;u<T.length;u++)T[u]=T[u].trim();2==T.length?T=[T[0],T[1],"#000000"]:1==T.length?T=[T[0],"#FFFFFF","#000000"]:T.length<3&&(T=["#000000","#FFFFFF","#000000"]);var n=colourNameToHex(T[0]);n||(n=T[0]),jQuery("#wfu_attribute_"+e+"_color").wpColorPicker("color",n);var l=document.getElementById("wfu_attribute_"+e+"_color");l.value=T[0],n=colourNameToHex(T[1]),n||(n=T[1]),jQuery("#wfu_attribute_"+e+"_bgcolor").wpColorPicker("color",n),document.getElementById("wfu_attribute_"+e+"_bgcolor").value=T[1],n=colourNameToHex(T[2]),n||(n=T[2]),jQuery("#wfu_attribute_"+e+"_borcolor").wpColorPicker("color",n),document.getElementById("wfu_attribute_"+e+"_borcolor").value=T[2],wfu_update_triplecolor_value({target:l})}else if("folderlist"==t){for(var i=wfu_parse_folderlist_js(a),H=document.getElementById("wfu_attribute_"+e).options;H.length>0;)H.remove(0);for(var A,j,C,O,D,S,u=0;u<i.path.length;u++){j=i.path[u],"/"==j.substr(j.length,1)&&(j=j.substr(0,j.length-1)),C=j.split("/"),j=C[C.length-1],D=parseInt(i.level[u]),O="",S="";for(var L=0;D>L;L++)O+="&nbsp;&nbsp;&nbsp;",S+="*";O+=i.label[u],i.default[u]&&(S+="&"),S+=""==j?"{root}/"+i.label[u]:j+i.label[u],A=document.createElement("option"),A.className=i.default[u]?"wfu_select_folders_option_default":"",A.value=wfu_plugin_encode_string(S),A.innerHTML=O,H.add(A)}A=document.createElement("option"),A.value="",A.innerHTML="",H.add(A);var V=document.getElementById("wfu_attribute_"+e);V.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),l=V,a!==l.oldVal&&(l.oldVal=a,document.getElementById("wfu_attribute_value_"+e).value=a,wfu_generate_shortcode())}}function wfu_parse_folderlist_js(e){var t=Object();if(t.path=Array(),t.label=Array(),t.level=Array(),t.default=Array(),"auto"==e.substr(0,4))return t;var a=e.split(",");if(0==a.length)return t;if(1==a.length&&""==a[0].trim())return t;for(var l,n,d,u,r,o,_,s=["root"],f=0,i=0,c=-1,m=0;m<a.length;m++){for(l=a[m].trim(),n=0,d="",u=!1;n<l.length&&"*"==l.substr(n,1);)n++,d+="&nbsp;&nbsp;&nbsp;";if(1>=n-f&&(n>0||0==i)&&(l=l.substr(n,l.length-n),"&"==l.substr(0,1)&&(l=l.substr(1),u=!0),subfolder_items=l.split("/"),subfolder_items.length<2&&subfolder_items.push(""),""!=subfolder_items[1]?(r=subfolder_items[0],o=subfolder_items[1]):(r=l,o=l),""!=r)){u&&-1==c?c=t.path.length:u=!1,0==n&&(i=1),s.length>n?s[n]=r:s.push(r),_="";for(var w=1;n>=w;w++)_+=s[w]+"/";t.path.push(_),t.label.push(o),t.level.push(n),t.default.push(u),f=n}}return t}function colourNameToHex(e){var t={aliceblue:"#f0f8ff",antiquewhite:"#faebd7",aqua:"#00ffff",aquamarine:"#7fffd4",azure:"#f0ffff",beige:"#f5f5dc",bisque:"#ffe4c4",black:"#000000",blanchedalmond:"#ffebcd",blue:"#0000ff",blueviolet:"#8a2be2",brown:"#a52a2a",burlywood:"#deb887",cadetblue:"#5f9ea0",chartreuse:"#7fff00",chocolate:"#d2691e",coral:"#ff7f50",cornflowerblue:"#6495ed",cornsilk:"#fff8dc",crimson:"#dc143c",cyan:"#00ffff",darkblue:"#00008b",darkcyan:"#008b8b",darkgoldenrod:"#b8860b",darkgray:"#a9a9a9",darkgreen:"#006400",darkkhaki:"#bdb76b",darkmagenta:"#8b008b",darkolivegreen:"#556b2f",darkorange:"#ff8c00",darkorchid:"#9932cc",darkred:"#8b0000",darksalmon:"#e9967a",darkseagreen:"#8fbc8f",darkslateblue:"#483d8b",darkslategray:"#2f4f4f",darkturquoise:"#00ced1",darkviolet:"#9400d3",deeppink:"#ff1493",deepskyblue:"#00bfff",dimgray:"#696969",dodgerblue:"#1e90ff",firebrick:"#b22222",floralwhite:"#fffaf0",forestgreen:"#228b22",fuchsia:"#ff00ff",gainsboro:"#dcdcdc",ghostwhite:"#f8f8ff",gold:"#ffd700",goldenrod:"#daa520",gray:"#808080",green:"#008000",greenyellow:"#adff2f",honeydew:"#f0fff0",hotpink:"#ff69b4","indianred ":"#cd5c5c","indigo ":"#4b0082",ivory:"#fffff0",khaki:"#f0e68c",lavender:"#e6e6fa",lavenderblush:"#fff0f5",lawngreen:"#7cfc00",lemonchiffon:"#fffacd",lightblue:"#add8e6",lightcoral:"#f08080",lightcyan:"#e0ffff",lightgoldenrodyellow:"#fafad2",lightgrey:"#d3d3d3",lightgreen:"#90ee90",lightpink:"#ffb6c1",lightsalmon:"#ffa07a",lightseagreen:"#20b2aa",lightskyblue:"#87cefa",lightslategray:"#778899",lightsteelblue:"#b0c4de",lightyellow:"#ffffe0",lime:"#00ff00",limegreen:"#32cd32",linen:"#faf0e6",magenta:"#ff00ff",maroon:"#800000",mediumaquamarine:"#66cdaa",mediumblue:"#0000cd",mediumorchid:"#ba55d3",mediumpurple:"#9370d8",mediumseagreen:"#3cb371",mediumslateblue:"#7b68ee",mediumspringgreen:"#00fa9a",mediumturquoise:"#48d1cc",mediumvioletred:"#c71585",midnightblue:"#191970",mintcream:"#f5fffa",mistyrose:"#ffe4e1",moccasin:"#ffe4b5",navajowhite:"#ffdead",navy:"#000080",oldlace:"#fdf5e6",olive:"#808000",olivedrab:"#6b8e23",orange:"#ffa500",orangered:"#ff4500",orchid:"#da70d6",palegoldenrod:"#eee8aa",palegreen:"#98fb98",paleturquoise:"#afeeee",palevioletred:"#d87093",papayawhip:"#ffefd5",peachpuff:"#ffdab9",peru:"#cd853f",pink:"#ffc0cb",plum:"#dda0dd",powderblue:"#b0e0e6",purple:"#800080",red:"#ff0000",rosybrown:"#bc8f8f",royalblue:"#4169e1",saddlebrown:"#8b4513",salmon:"#fa8072",sandybrown:"#f4a460",seagreen:"#2e8b57",seashell:"#fff5ee",sienna:"#a0522d",silver:"#c0c0c0",skyblue:"#87ceeb",slateblue:"#6a5acd",slategray:"#708090",snow:"#fffafa",springgreen:"#00ff7f",steelblue:"#4682b4",tan:"#d2b48c",teal:"#008080",thistle:"#d8bfd8",tomato:"#ff6347",turquoise:"#40e0d0",violet:"#ee82ee",wheat:"#f5deb3",white:"#ffffff",whitesmoke:"#f5f5f5",yellow:"#ffff00",yellowgreen:"#9acd32"};return"undefined"!=typeof t[e.toLowerCase()]?t[e.toLowerCase()]:!1}function wfu_download_file(e,t,a){var l=wfu_GetHttpRequestObject();if(null!=l){var n=AdminParams.wfu_ajax_url;params=new Array(3),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_download_file_invoker",params[1]=new Array(2),params[1][0]="file",params[1][1]=e,params[2]=new Array(2),params[2][0]="nonce",params[2][1]=a;for(var d="",u=0;u<params.length;u++)d+=(u>0?"&":"")+params[u][0]+"="+encodeURI(params[u][1]);l.open("POST",n,!0),l.setRequestHeader("Content-type","application/x-www-form-urlencoded"),l.onreadystatechange=function(){if(4==l.readyState&&200==l.status){var a="wfu_ajax_action_download_file_invoker:",n=l.responseText.indexOf(a);-1==n&&(n=l.responseText.length);var d=(l.responseText.substr(0,n),l.responseText.substr(n+a.length,l.responseText.length-n-a.length));n=d.indexOf(":");var u=d.substr(0,n);if(txt_value=d.substr(n+1,d.length-n-1),"wfu_download_id;"==u.substr(0,16)){var r=u.substr(16),o=document.getElementById("wfu_file_download_container_"+t);o.innerHTML=txt_value,setTimeout("wfu_download_file_monitor('"+e+"', "+t+", '"+r+"')",100)}}},l.send(d)}}function wfu_download_file_monitor(e,t,a){var l=wfu_GetHttpRequestObject();if(null!=l){var n=AdminParams.wfu_ajax_url;params=new Array(3),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_download_file_monitor",params[1]=new Array(2),params[1][0]="file",params[1][1]=e,params[2]=new Array(2),params[2][0]="id",params[2][1]=a;for(var d="",u=0;u<params.length;u++)d+=(u>0?"&":"")+params[u][0]+"="+encodeURI(params[u][1]);l.open("POST",n,!0),l.setRequestHeader("Content-type","application/x-www-form-urlencoded"),l.onreadystatechange=function(){if(4==l.readyState&&200==l.status){var a="wfu_ajax_action_download_file_monitor:",n=l.responseText.indexOf(a);-1==n&&(n=l.responseText.length);var d=(l.responseText.substr(0,n),l.responseText.substr(n+a.length,l.responseText.length-n-a.length));n=d.indexOf(":");var u=d.substr(0,n);if(txt_value=d.substr(n+1,d.length-n-1),"repeat"!=u){var r=document.getElementById("wfu_file_download_container_"+t);r.innerHTML=""}else"repeat"==u&&setTimeout("wfu_download_file_monitor('"+e+"', "+t+", '"+txt_value+"')",100)}},l.send(d)}}function wfu_filedetails_userdata_changed(){for(var e,t,a=document.getElementsByName("wfu_filedetails_userdata"),l=!1,n=0;n<a.length;n++)if(e=document.getElementById(a[n].id.replace("wfu_filedetails_userdata_value_","wfu_filedetails_userdata_default_")),t=document.getElementById(a[n].id.replace("wfu_filedetails_userdata_value_","wfu_filedetails_userdata_")),t.value=a[n].value,a[n].value!=e.value){l=!0;break}document.getElementById("dp_filedetails_submit_fields").disabled=!l}function wfu_Attach_FileDetails_Admin_Events(){for(var e=document.getElementsByName("wfu_filedetails_userdata"),t=0;t<e.length;t++)wfu_attach_element_handlers(e[t],wfu_filedetails_userdata_changed)}var DraggedItem=null,ShortcodeNextSave=0,ShortcodeTimeOut=null,ShortcodeString="",Autosave=!1,PageObsolete=!1,PageUpdating=!1,CheckObsolescenceTimeOut=5e3;jQuery(document).ready(function(e){e(".wfu_color_field").wpColorPicker({change:function(e,t){e.target.value=t.color.toString(),"wfu_text_elements"==e.target.name?wfu_update_text_value(e):"wfu_triplecolor_elements"==e.target.name&&wfu_update_triplecolor_value(e)}})});
1
+ function wfu_admin_activate_tab(e){for(var t,l,d=document.getElementById("wfu_tab_container"),a=0;a<d.childNodes.length;a++)t=d.childNodes[a],1===t.nodeType&&(l=t.id.substr(8),t.className.indexOf("nav-tab-active")>-1&&(t.className="nav-tab",document.getElementById("wfu_container_"+l).style.display="none"));document.getElementById("wfu_tab_"+e).className="nav-tab nav-tab-active",document.getElementById("wfu_container_"+e).style.display="block"}function wfu_admin_onoff_clicked(e){var t=document.getElementById("wfu_attribute_"+e),l=document.getElementById("wfu_wrapper"),d=document.getElementsByClassName("wfu_shadow_"+e,"div",l),a=document.getElementsByClassName("wfu_shadow_"+e+"_inv","div",l),n="on"==t.className.substr(t.className.length-2);if(n=!n){document.getElementById("wfu_attribute_value_"+e).value="true",t.className="wfu_onoff_container_on";for(var u=0;u<d.length;u++)d[u].style.display="none";for(var u=0;u<a.length;u++)a[u].style.display="block"}else{document.getElementById("wfu_attribute_value_"+e).value="false",t.className="wfu_onoff_container_off";for(var u=0;u<d.length;u++)d[u].style.display="block";for(var u=0;u<a.length;u++)a[u].style.display="none"}wfu_generate_shortcode(),"userdata"==e&&wfu_update_userfield_variables()}function wfu_admin_radio_clicked(e){var t=document.getElementsByName("wfu_radioattribute_"+e),l=document.getElementById("wfu_wrapper"),d=document.getElementsByClassName("wfu_shadow_"+e,"div",l),a=document.getElementsByClassName("wfu_shadow_"+e+"_inv","div",l),n="";for(r=0;r<t.length;r++)t[r].checked&&(n=t[r].value);var u="*"==n.substr(0,1);if(u){n=n.substr(1);for(var r=0;r<d.length;r++)d[r].style.display="none";for(var r=0;r<a.length;r++)a[r].style.display="block"}else{for(var r=0;r<d.length;r++)d[r].style.display="block";for(var r=0;r<a.length;r++)a[r].style.display="none"}document.getElementById("wfu_attribute_value_"+e).value=n,wfu_generate_shortcode()}function wfu_addEventHandler(e,t,l){e.addEventListener?e.addEventListener(t,l,!1):e.attachEvent?e.attachEvent("on"+t,l):e["on"+t]=l}function wfu_attach_separator_dragdrop_events(){for(var e,t=document.getElementById("wfu_placements_container"),l=0;l<t.childNodes.length;l++)e=t.childNodes[l],("wfu_component_separator_hor"==e.className||"wfu_component_separator_ver"==e.className)&&(wfu_addEventHandler(e,"dragenter",wfu_separator_dragenter),wfu_addEventHandler(e,"dragover",wfu_default_dragover),wfu_addEventHandler(e,"dragleave",wfu_separator_dragleave),wfu_addEventHandler(e,"drop",wfu_separator_drop))}function wfu_Attach_Admin_DragDrop_Events(){if(window.FileReader){for(var e,t=document.getElementById("wfu_placements_container"),l=document.getElementById("wfu_componentlist_container"),d=0;d<t.childNodes.length;d++)e=t.childNodes[d],"wfu_component_box"==e.className&&(wfu_addEventHandler(e,"dragstart",wfu_component_dragstart),wfu_addEventHandler(e,"dragend",wfu_component_dragend));for(var d=0;d<l.childNodes.length;d++)if(e=l.childNodes[d],"wfu_component_box_container"==e.className)for(var a=0;a<e.childNodes.length;a++)"wfu_component_box wfu_inbase"==e.childNodes[a].className&&(wfu_addEventHandler(e.childNodes[a],"dragstart",wfu_component_dragstart),wfu_addEventHandler(e.childNodes[a],"dragend",wfu_component_dragend));e=document.getElementById("wfu_componentlist_dragdrop"),wfu_addEventHandler(e,"dragenter",wfu_componentlist_dragenter),wfu_addEventHandler(e,"dragover",wfu_default_dragover),wfu_addEventHandler(e,"dragleave",wfu_componentlist_dragleave),wfu_addEventHandler(e,"drop",wfu_componentlist_drop),wfu_attach_separator_dragdrop_events()}}function wfu_componentlist_dragenter(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;var t=document.getElementById("wfu_componentlist_dragdrop");return-1==t.className.indexOf("wfu_componentlist_dragdrop_dragover")&&(t.className+=" wfu_componentlist_dragdrop_dragover"),!1}function wfu_componentlist_dragleave(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;var t=document.getElementById("wfu_componentlist_dragdrop");return t.className=t.className.replace(" wfu_componentlist_dragdrop_dragover",""),!1}function wfu_componentlist_drop(e){e=e||window.event,e.preventDefault&&e.preventDefault();var t=e.dataTransfer.getData("Component");if(!t)return!1;var l=document.getElementById("wfu_component_box_"+t);l.className="wfu_component_box wfu_inbase",l.style.display="block",document.getElementById("wfu_component_box_container_"+t).appendChild(l);var d=wfu_admin_recreate_placements_text(null,"");return wfu_admin_recreate_placements_panel(d),document.getElementById("wfu_attribute_value_placements").value=d,wfu_generate_shortcode(),!1}function wfu_separator_dragenter(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;if("wfu_component_separator_hor"==e.target.className){var t=document.getElementById("wfu_component_bar_hor");t.style.top=e.target.offsetTop+"px",t.style.display="block"}else if("wfu_component_separator_ver"==e.target.className){var t=document.getElementById("wfu_component_bar_ver");t.style.top=e.target.offsetTop+"px",t.style.left=e.target.offsetLeft+"px",t.style.display="block"}return!1}function wfu_default_dragover(e){return e=e||window.event,e.preventDefault&&e.preventDefault(),!1}function wfu_separator_dragleave(e){if(e=e||window.event,e.preventDefault&&e.preventDefault(),!DraggedItem)return!1;if("wfu_component_separator_hor"==e.target.className){var t=document.getElementById("wfu_component_bar_hor");t.style.display="none"}else if("wfu_component_separator_ver"==e.target.className){var t=document.getElementById("wfu_component_bar_ver");t.style.display="none"}return!1}function wfu_separator_drop(e){e=e||window.event,e.preventDefault&&e.preventDefault();var t=e.dataTransfer.getData("Component");if(!t)return!1;var l=document.getElementById("wfu_component_box_"+t);l.style.display="none",l.className="wfu_component_box wfu_inbase",document.getElementById("wfu_component_box_container_"+t).appendChild(l);var d=wfu_admin_recreate_placements_text(e.target,t);return wfu_admin_recreate_placements_panel(d),document.getElementById("wfu_attribute_value_placements").value=d,wfu_generate_shortcode(),!1}function wfu_component_dragstart(e){e=e||window.event,e.dataTransfer.setData("Component",e.target.id.replace("wfu_component_box_","")),-1==e.target.className.indexOf("wfu_component_box_dragged")&&(e.target.className+=" wfu_component_box_dragged",DraggedItem=e.target),e.target.style.zIndex=3;var t=document.getElementById("wfu_componentlist_dragdrop");return t.className="wfu_componentlist_dragdrop wfu_componentlist_dragdrop_dragover",t.style.display="block",!1}function wfu_component_dragend(e){e=e||window.event,DraggedItem=null,e.target.style.zIndex=1;var t=document.getElementById("wfu_componentlist_dragdrop");return t.style.display="none",t.className="wfu_componentlist_dragdrop",e.target.className=e.target.className.replace(" wfu_component_box_dragged",""),document.getElementById("wfu_component_bar_ver").style.display="none",document.getElementById("wfu_component_bar_hor").style.display="none",!1}function wfu_admin_recreate_placements_text(e,t){function l(e){""!=n&&(n+=a),n+=e,a=""}for(var d=document.getElementById("wfu_placements_container"),a="",n="",u=0;u<d.childNodes.length;u++)item=d.childNodes[u],"wfu_component_separator_ver"==item.className?(""==a&&(a="+"),item==e&&(l(t),a="+")):"wfu_component_separator_hor"==item.className?(a="/",item==e&&(l(t),a="/")):"wfu_component_box"==item.className&&l(item.id.replace("wfu_component_box_",""));return n}function wfu_admin_recreate_placements_panel(e){for(var t,l,d,a=document.getElementById("wfu_placements_container"),n="",u=0;u<a.childNodes.length;u++)t=a.childNodes[u],"wfu_component_box"==t.className&&(n=t.id.replace("wfu_component_box_",""),t.style.display="inline-block",t.className="wfu_component_box wfu_inbase",document.getElementById("wfu_component_box_container_"+n).appendChild(t));a.innerHTML="",l=e.split("/");for(var u=0;u<l.length;u++){t=document.createElement("DIV"),t.className="wfu_component_separator_hor",t.setAttribute("draggable",!0),a.appendChild(t),t=document.createElement("DIV"),t.className="wfu_component_separator_ver",t.setAttribute("draggable",!0),a.appendChild(t),d=l[u].split("+");for(var r=0;r<d.length;r++)t=document.getElementById("wfu_component_box_"+d[r]),t&&(a.appendChild(t),t.className="wfu_component_box",t.style.display="inline-block",t=document.createElement("DIV"),t.className="wfu_component_separator_ver",t.setAttribute("draggable",!0),a.appendChild(t))}t=document.createElement("DIV"),t.className="wfu_component_separator_hor",t.setAttribute("draggable",!0),a.appendChild(t),t=document.createElement("DIV"),t.id="wfu_component_bar_hor",t.className="wfu_component_bar_hor",a.appendChild(t),t=document.createElement("DIV"),t.id="wfu_component_bar_ver",t.className="wfu_component_bar_ver",a.appendChild(t),wfu_attach_separator_dragdrop_events()}function wfu_subfolders_input_changed(e){e=e||window.event;var t=e.target,l=t.id.replace("wfu_subfolders_path_","");l=l.replace("wfu_subfolders_label_","");var d=document.getElementById("wfu_attribute_"+l);if(!(d.selectedIndex<0)){var a,n,u=document.getElementById("wfu_subfolders_path_"+l),r=document.getElementById("wfu_subfolders_label_"+l),o=document.getElementById("wfu_subfolders_ok_"+l),_="1"==document.getElementById("wfu_subfolders_isnewitem_"+l).value;if(_)a="",n="";else{var s=d.data;t=s[d.selectedIndex],a=t.path,n=t.label}if(u.value==a&&r.value==n)o.disabled=!0,_||wfu_subfolders_update_nav(l);else{o.disabled=!1;for(var c=document.getElementsByName("wfu_subfolder_nav_"+l),f=0;f<c.length;f++)c[f].disabled=!0}}}function wfu_subfolders_auto_changed(e){var t=document.getElementById("wfu_attribute_"+e),l=document.getElementById("wfu_subfolders_auto_"+e),d=document.getElementById("wfu_subfolders_editable_"+e),a=document.getElementById("wfu_subfolders_manualtext_"+e);if(l.checked){var n=document.getElementById("wfu_attribute_value_"+e).value;"auto"!=n.substr(0,4)&&(a.value=n),d.parentNode.style.display="inline",wfu_apply_value(e,"folderlist","auto"+(d.checked?"+":"")),t.disabled=!0}else t.disabled=!1,d.parentNode.style.display="none",wfu_apply_value(e,"folderlist",a.value)}function wfu_subfolders_up_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;item=l[t.selectedIndex];var d=item.index-1;if(!(0>d)){for(var a=-1,n=t.selectedIndex-1;n>=0;){if(l[n].level==item.level&&l[n].index==d){a=n;break}n--}if(-1!=a){var u=0;for(n=t.selectedIndex+1;n<l.length&&l[n].level>item.level;)u++,n++;l[a].index=item.index,item.index=d,t.data=l.slice(0,a).concat(l.slice(t.selectedIndex,t.selectedIndex+1+u)).concat(l.slice(a,t.selectedIndex)).concat(l.slice(t.selectedIndex+1+u));var r=wfu_update_subfolder_list(e);t.selectedIndex=a,wfu_subfolders_update_toolnav(e),item=t,r!==item.oldVal&&(item.oldVal=r,document.getElementById("wfu_attribute_value_"+e).value=r,wfu_generate_shortcode())}}}}function wfu_subfolders_down_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;item=l[t.selectedIndex];var d=item.index+1,a=-1;for(curind=t.selectedIndex+1;curind<l.length;){if(l[curind].level==item.level){a=curind;break}if(l[curind].level<item.level)break;curind++}if(-1!=a){var n=0;for(curind=a+1;curind<l.length&&l[curind].level>item.level;)n++,curind++;l[a].index=item.index,item.index=d,t.data=l.slice(0,t.selectedIndex).concat(l.slice(a,a+1+n)).concat(l.slice(t.selectedIndex,a)).concat(l.slice(a+1+n));var u=wfu_update_subfolder_list(e);t.selectedIndex=t.selectedIndex+n+1,wfu_subfolders_update_toolnav(e),item=t,u!==item.oldVal&&(item.oldVal=u,document.getElementById("wfu_attribute_value_"+e).value=u,wfu_generate_shortcode())}}}function wfu_subfolders_left_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;for(item=l[t.selectedIndex],curind=t.selectedIndex+1;curind<l.length&&l[curind].level>item.level;)l[curind].level--,curind++;item.level--;var d=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,d!==item.oldVal&&(item.oldVal=d,document.getElementById("wfu_attribute_value_"+e).value=d,wfu_generate_shortcode())}}function wfu_subfolders_right_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;for(item=l[t.selectedIndex],curind=t.selectedIndex+1;curind<l.length&&l[curind].level>item.level;)l[curind].level++,curind++;item.level++;var d=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,d!==item.oldVal&&(item.oldVal=d,document.getElementById("wfu_attribute_value_"+e).value=d,wfu_generate_shortcode())}}function wfu_subfolders_def_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;if(item=l[t.selectedIndex],item.default)item.default=!1;else{for(var d=0;d<l.length;d++)l[d].default=!1;item.default=!0}var a=wfu_update_subfolder_list(e);wfu_subfolders_update_toolnav(e),item=t,a!==item.oldVal&&(item.oldVal=a,document.getElementById("wfu_attribute_value_"+e).value=a,wfu_generate_shortcode())}}function wfu_subfolders_ok_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=document.getElementById("wfu_subfolders_path_"+e),d=document.getElementById("wfu_subfolders_label_"+e);if(""==l.value||""==d.value)return void alert("Path or label cannot be empty!");var a=t.data,n="1"==document.getElementById("wfu_subfolders_isnewitem_"+e).value;if(n){var u=parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+e).value),r={label:d.value,path:l.value,level:u,"default":!1},o=parseInt(document.getElementById("wfu_subfolders_newitemindex_"+e).value);o>=a.length?a.push(r):a.splice(o,0,r)}else item=a[t.selectedIndex],item.path=l.value,item.label=d.value;var _=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,_!==item.oldVal&&(item.oldVal=_,document.getElementById("wfu_attribute_value_"+e).value=_,wfu_generate_shortcode())}}function wfu_subfolders_del_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data;item=l[t.selectedIndex];var d=0;for(curind=t.selectedIndex+1;curind<l.length&&l[curind].level>item.level;)d++,curind++;if(!(d>0)||confirm("Children items will be deleted as well. Proceed?")){l.splice(t.selectedIndex,1+d);var a=wfu_update_subfolder_list(e);t.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),item=t,a!==item.oldVal&&(item.oldVal=a,document.getElementById("wfu_attribute_value_"+e).value=a,wfu_generate_shortcode())}}}function wfu_subfolders_add_clicked(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l=t.data,d=t.selectedIndex;item=l[d];var a=t.options,n=document.createElement("option");n.value="",n.innerHTML="",a.add(n,d),t.selectedIndex=d;var u=document.getElementById("wfu_subfolder_tools_"+e),r=document.getElementById("wfu_subfolders_path_"+e),o=document.getElementById("wfu_subfolders_label_"+e),_=document.getElementById("wfu_subfolders_ok_"+e),s=document.getElementById("wfu_subfolders_browse_"+e);u.className="wfu_subfolder_tools_container",o.disabled=!1,_.disabled=!0,document.getElementById("wfu_subfolders_isnewitem_"+e).value="1",document.getElementById("wfu_subfolders_newitemindex_"+e).value=d,document.getElementById("wfu_subfolders_newitemlevel_"+e).value=item.level,document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="",r.disabled=0==item.level,s.disabled=0==item.level,0==item.level?(r.value="{root}",o.value="{upload folder}"):(r.value="",o.value="");for(var c=document.getElementsByName("wfu_subfolder_nav_"+e),f=0;f<c.length;f++)c[f].disabled=!0}}function wfu_subfolders_browse_clicked(e){var t=wfu_GetHttpRequestObject();if(null!=t){var l=null;try{var l=new FormData}catch(d){}if(null!=l){for(var a=document.getElementById("wfu_global_dialog_container"),n=document.getElementById("wfu_subfolders_browser_"+e),u=document.getElementById("wfu_subfolders_browse_"+e),r=document.getElementById("wfu_subfolders_inner_shadow_"+e),o=document.getElementById("wfu_subfolders_browser_msgcont_"+e),_=document.getElementById("wfu_subfolders_browser_msg_"+e),s=document.getElementById("wfu_subfolders_browser_img_"+e),c=document.getElementById("wfu_subfolders_browser_ok_"+e),f=document.getElementById("wfu_subfolders_browser_list_"+e);f.options.length>0;)f.options.remove(0);c.disabled=!0,c.onclick=function(){wfu_folder_browser_cancel_clicked(e)},_.innerHTML="loading folder contents...",s.style.display="inline",o.style.display="block",a.style.display="block",n.style.display="block",n.style.left=u.offsetLeft+u.offsetWidth-n.offsetWidth+"px",n.style.top=u.offsetTop+u.offsetHeight-n.offsetHeight+"px",r.style.display="block",a.onclick=function(){wfu_folder_browser_cancel_clicked(e)};var i=document.getElementById("wfu_attribute_uploadpath").value;"/"==i.substr(i.length-1)&&(i=i.substr(0,i.length-1));var m=wfu_get_relative_path(e).split(","),w=i+m[0];"/"!=w.substr(0)&&(w="/"+w);var p="";2==m.length&&(p=m[1]),l.append("action","wfu_ajax_action_read_subfolders"),l.append("folder1",wfu_plugin_encode_string(w)),l.append("folder2",wfu_plugin_encode_string(p)),t.key=e,t.addEventListener("load",wfu_readfolderComplete,!1),t.addEventListener("error",wfu_readfolderFailed,!1),t.addEventListener("abort",wfu_readfolderCanceled,!1),t.open("POST",AdminParams.wfu_ajax_url),t.send(l)}}}function wfu_readfolderComplete(e){var t=e.target.key,l=document.getElementById("wfu_subfolders_browser_msgcont_"+t),d=document.getElementById("wfu_subfolders_browser_msg_"+t),a=document.getElementById("wfu_subfolders_browser_img_"+t),n=document.getElementById("wfu_subfolders_browser_list_"+t),u=document.getElementById("wfu_subfolders_browser_ok_"+t),r=document.getElementById("wfu_subfolders_path_"+t),o=document.getElementById("wfu_subfolders_label_"+t),_=e.target.responseText;if(-1!=_){var s="wfu_read_subfolders:",c=e.target.responseText.indexOf(s);-1==c&&(c=e.target.responseText.length);var f=(e.target.responseText.substr(0,c),e.target.responseText.substr(c+s.length,e.target.responseText.length-c-s.length));c=f.indexOf(":");var i=f.substr(0,c);if(txt_value=f.substr(c+1,f.length-c-1),"success"==i){for(var m,w=wfu_plugin_decode_string(txt_value),p=w.split(","),g=0,v=0;v<p.length;v++)""!=p[v]&&(m=document.createElement("option"),m.value=p[v],m.innerHTML=p[v].replace("*","&nbsp;&nbsp;&nbsp;"),n.add(m),g++);0==g&&(m=document.createElement("option"),m.value="",m.innerHTML="{empty}",m.disabled=!0,n.add(m)),n.selectedIndex=-1,u.onclick=function(){var e=n.options[n.selectedIndex].value,l=parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+t).value);("*"==e.substr(0,1)||0==l)&&(document.getElementById("wfu_subfolders_newitemlevel_"+t).value=l+1,l>0&&(e=e.substr(1))),r.value=e,o.value=e,wfu_folder_browser_cancel_clicked(t),wfu_subfolders_ok_clicked(t)},l.style.display="none"}else"error"==i?(d.innerHTML=txt_value,a.style.display="none",u.disabled=!1):(d.innerHTML="Unknown error",a.style.display="none",u.disabled=!1)}}function wfu_readfolderFailed(e){var t=e.target.key,l=document.getElementById("wfu_subfolders_browser_msg_"+t),d=document.getElementById("wfu_subfolders_browser_img_"+t),a=document.getElementById("wfu_subfolders_browser_ok_"+t);l.innerHTML="Unknown error",d.style.display="none",a.disabled=!1}function wfu_readfolderCanceled(e){var t=e.target.key,l=document.getElementById("wfu_subfolders_browser_msg_"+t),d=document.getElementById("wfu_subfolders_browser_img_"+t),a=document.getElementById("wfu_subfolders_browser_ok_"+t);l.innerHTML="Unknown error",d.style.display="none",a.disabled=!1}function wfu_subfolders_browser_list_changed(e){var t=document.getElementById("wfu_subfolders_browser_list_"+e),l=document.getElementById("wfu_subfolders_browser_ok_"+e);l.disabled=t.selectedIndex<0}function wfu_folder_browser_cancel_clicked(e){var t=document.getElementById("wfu_global_dialog_container"),l=document.getElementById("wfu_subfolders_browser_"+e),d=(document.getElementById("wfu_subfolders_browse_"+e),document.getElementById("wfu_subfolders_inner_shadow_"+e));t.onclick=null,d.style.display="none",l.style.display="none",t.style.display="none"}function wfu_get_relative_path(e){var t=document.getElementById("wfu_attribute_"+e);if(!(t.selectedIndex<0)){var l,d=t.data,a="1"==document.getElementById("wfu_subfolders_isnewitem_"+e).value;l=a?parseInt(document.getElementById("wfu_subfolders_newitemlevel_"+e).value):d[t.selectedIndex].level;for(var n="/",u=t.selectedIndex-1,r=l;u>=0&&r>1;)d[u].level<r&&(n="/"+d[u].path+n,r=d[u].level),u--;return a&&"1"==document.getElementById("wfu_subfolders_newitemlevel2_"+e).value&&l>0&&t.selectedIndex>0&&(n+=","+d[t.selectedIndex-1].path),n}}function wfu_subfolders_changed(e){wfu_update_subfolder_list(e),wfu_subfolders_update_toolnav(e)}function wfu_subfolders_update_toolnav(e){var t,l,d=document.getElementById("wfu_attribute_"+e),a=document.getElementById("wfu_subfolder_tools_"+e),n=document.getElementById("wfu_subfolders_path_"+e),u=document.getElementById("wfu_subfolders_label_"+e),r=document.getElementById("wfu_subfolders_ok_"+e),o=document.getElementById("wfu_subfolders_browse_"+e),_=document.getElementById("wfu_subfolders_auto_"+e);if(document.getElementById("wfu_subfolders_isnewitem_"+e).value="",document.getElementById("wfu_subfolders_newitemindex_"+e).value="",document.getElementById("wfu_subfolders_newitemlevel_"+e).value="",document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="",null==d.data?(t=wfu_decode_subfolder_list(e),d.data=t):t=d.data,0===d.data.length?(d.className="wfu_select_folders wfu_select_folders_empty",d.options[0].innerHTML=_.checked?"":"press here"):d.className="wfu_select_folders",d.selectedIndex<0)a.className="wfu_subfolder_tools_container wfu_subfolder_tools_disabled",n.disabled=!0,u.disabled=!0,r.disabled=!0,o.disabled=!0,u.value="",n.value="";else if(d.selectedIndex>=d.options.length-1){a.className="wfu_subfolder_tools_container",u.disabled=!1,r.disabled=!0,document.getElementById("wfu_subfolders_isnewitem_"+e).value="1",document.getElementById("wfu_subfolders_newitemindex_"+e).value=t.length;var s;s=0==t.length?0:0==t[t.length-1].level?1:t[t.length-1].level,document.getElementById("wfu_subfolders_newitemlevel_"+e).value=s,document.getElementById("wfu_subfolders_newitemlevel2_"+e).value="1",n.disabled=0==s,o.disabled=!1,0==s?(n.value="{root}",u.value="{upload folder}"):(n.value="",u.value="")}else a.className="wfu_subfolder_tools_container",u.disabled=!1,r.disabled=!0,l=t[d.selectedIndex],n.disabled=0==l.level,o.disabled=0==l.level,u.value=l.label,n.value=l.path;var c=document.getElementsByName("wfu_subfolder_nav_"+e);if(d.selectedIndex<0||d.selectedIndex>=d.options.length-1)for(var f=0;f<c.length;f++)c[f].disabled=!0;else wfu_subfolders_update_nav(e)}function wfu_subfolders_update_nav(e){var t=document.getElementById("wfu_attribute_"+e),l=document.getElementById("wfu_subfolders_up_"+e),d=document.getElementById("wfu_subfolders_down_"+e),a=document.getElementById("wfu_subfolders_left_"+e),n=document.getElementById("wfu_subfolders_right_"+e),u=document.getElementById("wfu_subfolders_add_"+e),r=document.getElementById("wfu_subfolders_def_"+e),o=document.getElementById("wfu_subfolders_del_"+e),_=t.data,s=_[t.selectedIndex];for(l.disabled=s.index<=0,ind=t.selectedIndex+1,nextind=0;ind<_.length;){if(_[ind].level==s.level){nextind=_[ind].index;break}if(_[ind].level<s.level)break;ind++}d.disabled=0==s.level||0==nextind,a.disabled=0==t.selectedIndex&&s.level<1||t.selectedIndex>0&&s.level<=1,prevlevel=t.selectedIndex>=1?_[t.selectedIndex-1].level:0,n.disabled=s.level-prevlevel>0,u.disabled=0==s.level,r.disabled=!1,r.className="button"+(s.default?" wfu_subfolder_nav_pressed":""),o.disabled=!1}function wfu_decode_subfolder(e){var t={label:"",path:"",level:0,"default":!1};e=e.trim();for(var l=0,d=!1;l<e.length&&"*"==e.substr(l,1);)l++;e=e.substr(l,e.length-l),"&"==e.substr(0,1)&&(e=e.substr(1),d=!0),t.level=l,t.default=d;var a=e.split("/");return 1==a.length?(t.path=a[0],t.label=a[0]):a.length>1&&(t.path=a[0],t.label=a[1]),0==l&&(t.path="{root}",""==t.label&&(t.label="{upload folder}")),t}function wfu_decode_subfolder_list(e){for(var t,l=document.getElementById("wfu_attribute_"+e).options,d=Array(),a=["root"],n=[0],u=-1,r=0;r<l.length-1;r++){for(d.push(wfu_decode_subfolder(wfu_plugin_decode_string(l[r].value))),a.length>d[r].level?a[d[r].level]=d[r].path:a.push(d[r].path),t="",j=1;j<=d[r].level;j++)t+=a[j]+"/";d[r].fullpath=t,n.length<=d[r].level&&n.push(0),d[r].index=d[r].level>u?0:n[d[r].level]+1,n[d[r].level]=d[r].index,u=d[r].level}return d}function wfu_update_subfolder_list(e){var t=document.getElementById("wfu_attribute_"+e).options,l=document.getElementById("wfu_attribute_"+e),d=l.data;if(null!=d){var a,n,u="";t.length=d.length+1;for(var r=0;r<d.length;r++){for(a="",n="",j=0;j<d[r].level;j++)a+="*",n+="&nbsp;&nbsp;&nbsp;";d[r].default?(a+="&",t[r].className="wfu_select_folders_option_default"):t[r].className="",a+=d[r].path+"/"+d[r].label,n+=d[r].label,t[r].value=wfu_plugin_encode_string(a),t[r].innerHTML=n,""!=u&&(u+=","),u+=a}return t[d.length].value="",t[d.length].innerHTML="",u}}function wfu_userdata_edit_field(e,t,l){for(var d,a=0;a<e.childNodes.length;a++)d=e.childNodes[a],"INPUT"==d.tagName?"text"==d.type?(d.value=t,wfu_attach_element_handlers(d,wfu_update_userfield_value)):"checkbox"==d.type&&(d.checked=l):"DIV"==d.tagName&&(d.className="wfu_userdata_action")}function wfu_userdata_add_field(e){var t=e.parentNode,l=t.cloneNode(!0);wfu_userdata_edit_field(l,"",!1),t.parentNode.insertBefore(l,t.nextSibling)}function wfu_userdata_remove_field(e){for(var t=e.parentNode,l=t.parentNode,d=null,a=0;a<l.childNodes.length;a++)if(1===l.childNodes[a].nodeType){d=l.childNodes[a];break}if(t!=d){t.parentNode.removeChild(t);for(var a=0;a<d.childNodes.length;a++)if(1===d.childNodes[a].nodeType){wfu_update_userfield_value({target:d.childNodes[a]});break}}}function wfu_generate_shortcode(){for(var e,t=document.getElementById("wfu_attribute_defaults"),l=(document.getElementById("wfu_attribute_values"),""),d="",a="[wordpress_file_upload",n="",u=0;u<t.childNodes.length;u++)e=t.childNodes[u],1===e.nodeType&&(l=e.id.replace("wfu_attribute_default_",""),d=document.getElementById("wfu_attribute_value_"+l).value,e.value!=d&&(n+=" "+l+'="'+d+'"'));a+=n+"]",document.getElementById("wfu_shortcode").value=a,ShortcodeString=n.substr(1),document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode").disabled=wfu_plugin_encode_string(a)==document.getElementById("wfu_shortcode_original_enc").value),Autosave&&wfu_schedule_save_shortcode()}function wfu_update_text_value(e){e=e||window.event;var t=e.target,l=t.id.replace("wfu_attribute_",""),d=t.value;d=d.replace(/(\r\n|\n|\r)/gm,"%n%"),d=d.replace(/\"/gm,"%dq%"),d=d.replace(/\[/gm,"%brl%"),d=d.replace(/\]/gm,"%brr%"),d!==t.oldVal&&(t.oldVal=d,document.getElementById("wfu_attribute_value_"+l).value=d,wfu_generate_shortcode())}function wfu_update_triplecolor_value(e){e=e||window.event;var t=e.target,l=t.id.replace("wfu_attribute_","");l=l.replace("_color",""),l=l.replace("_bgcolor",""),l=l.replace("_borcolor",""),t=document.getElementById("wfu_attribute_"+l+"_color");var d=t.value+","+document.getElementById("wfu_attribute_"+l+"_bgcolor").value+","+document.getElementById("wfu_attribute_"+l+"_borcolor").value;d!==t.oldVal&&(t.oldVal=d,document.getElementById("wfu_attribute_value_"+l).value=d,wfu_generate_shortcode())}function wfu_update_dimension_value(e){e=e||window.event;var t=e.target,l=t.name.replace("wfu_dimension_elements_",""),d=document.getElementsByName(t.name);t=d[0];for(var a="",n="",u=0;u<d.length;u++)n=d[u].id.replace("wfu_attribute_"+l+"_",""),""!=a&&""!=d[u].value&&(a+=", "),""!=d[u].value&&(a+=n+":"+d[u].value);a!==t.oldVal&&(t.oldVal=a,document.getElementById("wfu_attribute_value_"+l).value=a,wfu_generate_shortcode())}function wfu_update_ptext_value(e){e=e||window.event;var t=e.target,l=t.id.replace("wfu_attribute_","");l=l.substr(2);var d=document.getElementById("wfu_attribute_s_"+l).value,a=document.getElementById("wfu_attribute_p_"+l).value,n=d+"/"+a;n!==t.oldVal&&(t.oldVal=n,document.getElementById("wfu_attribute_value_"+l).value=n),wfu_generate_shortcode()}function wfu_update_mchecklist_value(e){var t="",l=(document.getElementById("wfu_attribute_"+e),document.getElementById("wfu_attribute_"+e+"_all"));l.checked?(jQuery("#wfu_attribute_"+e+" input").prop("disabled",!0),jQuery("#wfu_attribute_"+e+" input").prop("checked",!0),t="all"):(jQuery("#wfu_attribute_"+e+" input").prop("disabled",!1),jQuery("#wfu_attribute_"+e+" input").each(function(){jQuery(this).prop("checked")&&(t+=","+jQuery(this).next().html())}),t=t.substr(1)),document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_rolelist_value(e){var t="",l=document.getElementById("wfu_attribute_"+e),d=document.getElementById("wfu_attribute_"+e+"_all");if(d.checked)l.disabled=!0,t="all";else{l.disabled=!1;for(var a=l.options,n=0;n<a.length;n++)a[n].selected&&(""!=t&&(t+=","),t+=a[n].value)}document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_userlist_value(e){var t="",l=document.getElementById("wfu_attribute_"+e),d=document.getElementById("wfu_attribute_"+e+"_guests"),a=document.getElementById("wfu_attribute_"+e+"_all");if(a.checked)l.disabled=!0,d.disabled=!0,t="all";else{l.disabled=!1,d.disabled=!1;for(var n=l.options,u=0;u<n.length;u++)n[u].selected&&(""!=t&&(t+=","),t+=n[u].value);d.checked&&(""!=t&&(t+=","),t+="guests")}document.getElementById("wfu_attribute_value_"+e).value=t,wfu_generate_shortcode()}function wfu_update_userfield_value(e){e=e||window.event;for(var t=e.target,l=t.parentNode,d=l.parentNode,a="",n=!1,u="",r=0;r<d.childNodes.length;r++)if(l=d.childNodes[r],"DIV"===l.tagName){for(var o=0;o<l.childNodes.length;o++)"INPUT"==l.childNodes[o].tagName&&("text"==l.childNodes[o].type?(a=l.childNodes[o].value,0==r&&(t=l.childNodes[o])):"checkbox"==l.childNodes[o].type&&(n=l.childNodes[o].checked));""!=u&&""!=a&&(u+="/"),""!=a&&n&&(u+="*"),""!=a&&(u+=a)}u!==t.oldVal&&(t.oldVal=u,document.getElementById("wfu_attribute_value_userdatalabel").value=u,wfu_generate_shortcode(),wfu_update_userfield_variables())}function wfu_update_userfield_variables(){for(var e=document.getElementById("wfu_attribute_value_userdatalabel").value,t=document.getElementById("wfu_wrapper"),l=document.getElementsByClassName("wfu_shadow_userdata","div",t),d=document.getElementsByName("wfu_userfield_select"),a=0;a<d.length;a++)d[a].style.display="none";if(0!=l.length&&"block"!=l[0].style.display){for(var n='<option style="display:none;">%userdataXXX%</option>',u=e.split("/"),r="",a=1;a<=u.length;a++)r=u[a-1],"*"==r[0]&&(r=r.substr(1)),n+='<option value="%userdata'+a+'%">'+a+": "+r+"</option>";for(var a=0;a<d.length;a++)d[a].innerHTML=n,d[a].style.display="inline-block"}}function wfu_attach_element_handlers(e,t){for(var l=["DOMAttrModified","textInput","input","change","keypress","paste","focus","propertychange"],d=0;d<l.length;d++)wfu_addEventHandler(e,l[d],t)}function wfu_Attach_Admin_Events(e){Autosave=e,wfu_generate_shortcode(),wfu_update_userfield_variables(),wfu_Attach_Admin_DragDrop_Events();for(var t=document.getElementsByName("wfu_text_elements"),l=0;l<t.length;l++)wfu_attach_element_handlers(t[l],wfu_update_text_value);for(var d=document.getElementsByName("wfu_ptext_elements"),l=0;l<d.length;l++)wfu_attach_element_handlers(d[l],wfu_update_ptext_value);for(var a=document.getElementsByName("wfu_triplecolor_elements"),l=0;l<a.length;l++)wfu_attach_element_handlers(a[l],wfu_update_triplecolor_value);for(var n=document.getElementsByName("wfu_dimension_elements_widths"),l=0;l<n.length;l++)wfu_attach_element_handlers(n[l],wfu_update_dimension_value);
2
+ n=document.getElementsByName("wfu_dimension_elements_heights");for(var l=0;l<n.length;l++)wfu_attach_element_handlers(n[l],wfu_update_dimension_value);for(var u=document.getElementsByName("wfu_userfield_elements"),l=0;l<u.length;l++)wfu_attach_element_handlers(u[l],wfu_update_userfield_value);for(var r=document.getElementsByName("wfu_subfolder_tools_input"),l=0;l<r.length;l++)wfu_attach_element_handlers(r[l],wfu_subfolders_input_changed);""!=document.getElementById("wfu_shortcode_postid").value&&setTimeout(function(){wfu_check_page_obsolescence()},CheckObsolescenceTimeOut)}function wfu_insert_variable(e){var t=e.className.replace("wfu_variable wfu_variable_",""),l=document.getElementById("wfu_attribute_"+t),d=l.selectionStart,a=l.value;l.value=a.substr(0,d)+e.innerHTML+a.substr(d),wfu_update_text_value({target:l})}function wfu_insert_userfield_variable(e){var t=e.className.replace("wfu_variable wfu_variable_",""),l=document.getElementById("wfu_attribute_"+t),d=l.selectionStart,a=l.value;l.value=a.substr(0,d)+e.value+a.substr(d),e.value="%userdataXXX%",wfu_update_text_value({target:l})}function wfu_GetHttpRequestObject(){var e=null;try{e=new XMLHttpRequest}catch(t){try{e=new ActiveXObject("Msxml2.XMLHTTP")}catch(l){try{e=new ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}}if(null==e&&window.createRequest)try{xmlhttp=window.createRequest()}catch(t){}return e}function wfu_plugin_encode_string(e){var t,l=0,d="",a="";for(l=0;l<e.length;l++)t=e.charCodeAt(l),t>=2048?t=((16773120&t|917504)<<4)+((4032&t|8192)<<2)+(63&t|128):t>=128&&(t=((65472&t|12288)<<2)+(63&t|128)),a=t.toString(16),(1==a.length||3==a.length||5==a.length)&&(a="0"+a),d+=a;return d}function wfu_plugin_decode_string(e){for(var t,l,d=0,a="";d<e.length;)t=parseInt(e.substr(d,2),16),l=128>t?t:224>t?((31&t)<<6)+(63&parseInt(e.substr(d+=2,2),16)):((15&t)<<12)+((63&parseInt(e.substr(d+=2,2),16))<<6)+(63&parseInt(e.substr(d+=2,2),16)),a+=String.fromCharCode(l),d+=2;return a}function wfu_schedule_save_shortcode(){var e=new Date,t=ShortcodeNextSave-e.getTime();null!=ShortcodeTimeOut&&(clearTimeout(ShortcodeTimeOut),ShortcodeTimeOut=null),0>=t?wfu_save_shortcode():ShortcodeTimeOut=setTimeout(function(){wfu_save_shortcode()},t)}function wfu_check_page_obsolescence(){PageObsolete||PageUpdating||""==document.getElementById("wfu_shortcode_postid").value}function wfu_save_shortcode(){if(!PageObsolete){var e=wfu_GetHttpRequestObject();if(null!=e){PageUpdating=!0,document.getElementById("wfu_update_failed_message").style.display="none";var t=AdminParams.wfu_ajax_url;params=new Array(6),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_save_shortcode",params[1]=new Array(2),params[1][0]="shortcode",params[1][1]=wfu_plugin_encode_string(ShortcodeString),params[2]=new Array(2),params[2][0]="shortcode_original",params[2][1]=document.getElementById("wfu_shortcode_original_enc").value,params[3]=new Array(2),params[3][0]="post_id",params[3][1]=document.getElementById("wfu_shortcode_postid").value,params[4]=new Array(2),params[4][0]="post_hash",params[4][1]=document.getElementById("wfu_shortcode_posthash").value,params[5]=new Array(2),params[5][0]="shortcode_position",params[5][1]=document.getElementById("wfu_shortcode_position").value;for(var l="",d=0;d<params.length;d++)l+=(d>0?"&":"")+params[d][0]+"="+encodeURI(params[d][1]);var a=new Date;Autosave?ShortcodeNextSave=a.getTime()+5e3:document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode_wait").style.display="inline"),e.open("POST",t,!0),e.setRequestHeader("Content-type","application/x-www-form-urlencoded"),e.onreadystatechange=function(){if(4==e.readyState&&200==e.status){PageUpdating=!1;var t="wfu_save_shortcode:",l=e.responseText.indexOf(t);-1==l&&(l=e.responseText.length);var d=(e.responseText.substr(0,l),e.responseText.substr(l+t.length,e.responseText.length-l-t.length));l=d.indexOf(":");var n=d.substr(0,l);txt_value=d.substr(l+1,d.length-l-1),"success"==n?(Autosave?(document.getElementById("wfu_save_label").innerHTML="saved",document.getElementById("wfu_save_label").className="wfu_save_label",document.getElementById("wfu_save_label").style.opacity=1,wfu_fadeout_element(300),ShortcodeNextSave=a.getTime()+1e3,null!=ShortcodeTimeOut&&wfu_schedule_save_shortcode()):document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode_wait").style.display="none",document.getElementById("wfu_update_shortcode").disabled=!0,window.plugin_window&&window.plugin_window.location.reload(!0)),""!=document.getElementById("wfu_shortcode_postid").value&&(document.getElementById("wfu_shortcode_original_enc").value=wfu_plugin_encode_string("[wordpress_file_upload "+ShortcodeString+"]"),document.getElementById("wfu_shortcode_posthash").value=txt_value,setTimeout(function(){wfu_check_page_obsolescence()},CheckObsolescenceTimeOut))):(Autosave&&(document.getElementById("wfu_save_label").innerHTML="not saved",document.getElementById("wfu_save_label").className="wfu_save_label_fail",document.getElementById("wfu_save_label").style.opacity=1,wfu_fadeout_element(300)),"fail"==n&&("post_modified"==txt_value?(PageObsolete=!0,document.getElementById("wfu_update_shortcode")&&(document.getElementById("wfu_update_shortcode").disabled=!0),document.getElementById("wfu_update_rejected_message").style.display="block"):document.getElementById("wfu_update_failed_message").style.display="block"))}},e.send(l)}}}function wfu_adjust_opacity(e){document.getElementById("wfu_save_label").style.opacity=e}function wfu_fadeout_element(e){for(var t=20,l=0,d=0;t>d;d++)l=1-d/t,setTimeout('wfu_adjust_opacity("'+l.toString()+'")',d*e/t);setTimeout('wfu_adjust_opacity("0.0")',d*e/t)}function wfu_apply_value(e,t,l){if("onoff"==t)document.getElementById("wfu_attribute_"+e).className="wfu_onoff_container_"+("true"!=l?"on":"off"),wfu_admin_onoff_clicked(e);else if("text"==t||"ltext"==t||"integer"==t||"float"==t||"mtext"==t||"color"==t){var d=document.getElementById("wfu_attribute_"+e);if(l=l.replace(/\%n\%/gm,"\n"),l=l.replace(/\%dq\%/gm,'"'),l=l.replace(/\%brl\%/gm,"["),l=l.replace(/\%brr\%/gm,"]"),"color"==t){var a=colourNameToHex(l);a||(a=l),jQuery("#wfu_attribute_"+e).wpColorPicker("color",a)}d.value=l,wfu_update_text_value({target:d})}else if("placements"==t)wfu_admin_recreate_placements_panel(l),document.getElementById("wfu_attribute_value_placements").value=l,wfu_generate_shortcode();else if("radio"==t){for(var n=document.getElementsByName("wfu_radioattribute_"+e),u=0;u<n.length;u++)n[u].checked=n[u].value==l||"*"+n[u].value==l;wfu_admin_radio_clicked(e)}else if("ptext"==t){l=l.replace(/\%n\%/gm,"\n"),l=l.replace(/\%dq\%/gm,'"'),l=l.replace(/\%brl\%/gm,"["),l=l.replace(/\%brr\%/gm,"]");var r=l.split("/"),o=r.length<1?"":r[0],_=r.length<2?o:r[1],s=document.getElementById("wfu_attribute_s_"+e);s.value=o;var c=document.getElementById("wfu_attribute_p_"+e);c.value=_,wfu_update_ptext_value({target:s}),wfu_update_ptext_value({target:c})}else if("mchecklist"==t){if(l=l.toLowerCase(),"all"==l)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var f=l.split(","),u=0;u<f.length;u++)f[u]=f[u].trim();jQuery("#wfu_attribute_"+e+" input").each(function(){jQuery(this).prop("checked",f.indexOf(jQuery(this).next().html())>-1)})}wfu_update_mchecklist_value(e)}else if("rolelist"==t){if(l=l.toLowerCase(),"all"==l)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var i=l.split(","),u=0;u<i.length;u++)i[u]=i[u].trim();for(var d=document.getElementById("wfu_attribute_"+e),u=0;u<d.options.length;u++)d.options[u].selected=i.indexOf(d.options[u].value)>-1}wfu_update_rolelist_value(e)}else if("userlist"==t){if(l=l.toLowerCase(),"all"==l)document.getElementById("wfu_attribute_"+e+"_all").checked=!0;else{document.getElementById("wfu_attribute_"+e+"_all").checked=!1;for(var m=l.split(","),u=0;u<m.length;u++)m[u]=m[u].trim();for(var d=document.getElementById("wfu_attribute_"+e),u=0;u<d.options.length;u++)d.options[u].selected=m.indexOf(d.options[u].value)>-1;document.getElementById("wfu_attribute_"+e+"_guests").checked=m.indexOf("guests")>-1}wfu_update_userlist_value(e)}else if("dimensions"==t){for(var w,p,g,d,v=l.split(","),b=document.getElementsByName("wfu_dimension_elements_"+e),u=0;u<b.length;u++)b[u].value="";for(var u=0;u<v.length;u++)w=v[u].split(":",2),p=w.length<1?"":w[0],g=w.length<2?p:w[1],d=document.getElementById("wfu_attribute_"+e+"_"+p.trim()),d&&(d.value=g.trim());d=b[0],wfu_update_dimension_value({target:d})}else if("userfields"==t){for(var h,y=l.split("/"),I=Array(),u=0;u<y.length;u++)h="*"==y[u].substr(0,1),h&&(y[u]=y[u].substr(1)),""!=y[u]&&I.push({name:y[u],required:h});for(var E=document.getElementById("wfu_attribute_"+e),k=null,B=Array(),u=0;u<E.childNodes.length;u++)1===E.childNodes[u].nodeType&&(null==k?k=E.childNodes[u]:B.push(E.childNodes[u]));for(var u=0;u<B.length;u++)E.removeChild(B[u]);wfu_userdata_edit_field(k,"",!1);for(var x,N=k,u=0;u<I.length;u++)0==u?wfu_userdata_edit_field(k,I[u].name,I[u].required):(x=N.cloneNode(!0),wfu_userdata_edit_field(x,I[u].name,I[u].required),E.insertBefore(x,N.nextSibling),N=x);for(var d,u=0;u<k.childNodes.length&&(d=k.childNodes[u],"INPUT"!=d.tagName);u++);wfu_update_userfield_value({target:d})}else if("color-triplet"==t){for(var T=l.split(","),u=0;u<T.length;u++)T[u]=T[u].trim();2==T.length?T=[T[0],T[1],"#000000"]:1==T.length?T=[T[0],"#FFFFFF","#000000"]:T.length<3&&(T=["#000000","#FFFFFF","#000000"]);var a=colourNameToHex(T[0]);a||(a=T[0]),jQuery("#wfu_attribute_"+e+"_color").wpColorPicker("color",a);var d=document.getElementById("wfu_attribute_"+e+"_color");d.value=T[0],a=colourNameToHex(T[1]),a||(a=T[1]),jQuery("#wfu_attribute_"+e+"_bgcolor").wpColorPicker("color",a),document.getElementById("wfu_attribute_"+e+"_bgcolor").value=T[1],a=colourNameToHex(T[2]),a||(a=T[2]),jQuery("#wfu_attribute_"+e+"_borcolor").wpColorPicker("color",a),document.getElementById("wfu_attribute_"+e+"_borcolor").value=T[2],wfu_update_triplecolor_value({target:d})}else if("folderlist"==t){for(var f=wfu_parse_folderlist_js(l),H=document.getElementById("wfu_attribute_"+e).options;H.length>0;)H.remove(0);for(var A,O,j,C,D,S,u=0;u<f.path.length;u++){O=f.path[u],"/"==O.substr(O.length,1)&&(O=O.substr(0,O.length-1)),j=O.split("/"),O=j[j.length-1],D=parseInt(f.level[u]),C="",S="";for(var L=0;D>L;L++)C+="&nbsp;&nbsp;&nbsp;",S+="*";C+=f.label[u],f.default[u]&&(S+="&"),S+=""==O?"{root}/"+f.label[u]:O+f.label[u],A=document.createElement("option"),A.className=f.default[u]?"wfu_select_folders_option_default":"",A.value=wfu_plugin_encode_string(S),A.innerHTML=C,H.add(A)}A=document.createElement("option"),A.value="",A.innerHTML="",H.add(A);var V=document.getElementById("wfu_attribute_"+e);V.data=wfu_decode_subfolder_list(e),wfu_subfolders_update_toolnav(e),d=V,l!==d.oldVal&&(d.oldVal=l,document.getElementById("wfu_attribute_value_"+e).value=l,wfu_generate_shortcode())}}function wfu_parse_folderlist_js(e){var t=Object();if(t.path=Array(),t.label=Array(),t.level=Array(),t.default=Array(),"auto"==e.substr(0,4))return t;var l=e.split(",");if(0==l.length)return t;if(1==l.length&&""==l[0].trim())return t;for(var d,a,n,u,r,o,_,s=["root"],c=0,f=0,i=-1,m=0;m<l.length;m++){for(d=l[m].trim(),a=0,n="",u=!1;a<d.length&&"*"==d.substr(a,1);)a++,n+="&nbsp;&nbsp;&nbsp;";if(1>=a-c&&(a>0||0==f)&&(d=d.substr(a,d.length-a),"&"==d.substr(0,1)&&(d=d.substr(1),u=!0),subfolder_items=d.split("/"),subfolder_items.length<2&&subfolder_items.push(""),""!=subfolder_items[1]?(r=subfolder_items[0],o=subfolder_items[1]):(r=d,o=d),""!=r)){u&&-1==i?i=t.path.length:u=!1,0==a&&(f=1),s.length>a?s[a]=r:s.push(r),_="";for(var w=1;a>=w;w++)_+=s[w]+"/";t.path.push(_),t.label.push(o),t.level.push(a),t.default.push(u),c=a}}return t}function colourNameToHex(e){var t={aliceblue:"#f0f8ff",antiquewhite:"#faebd7",aqua:"#00ffff",aquamarine:"#7fffd4",azure:"#f0ffff",beige:"#f5f5dc",bisque:"#ffe4c4",black:"#000000",blanchedalmond:"#ffebcd",blue:"#0000ff",blueviolet:"#8a2be2",brown:"#a52a2a",burlywood:"#deb887",cadetblue:"#5f9ea0",chartreuse:"#7fff00",chocolate:"#d2691e",coral:"#ff7f50",cornflowerblue:"#6495ed",cornsilk:"#fff8dc",crimson:"#dc143c",cyan:"#00ffff",darkblue:"#00008b",darkcyan:"#008b8b",darkgoldenrod:"#b8860b",darkgray:"#a9a9a9",darkgreen:"#006400",darkkhaki:"#bdb76b",darkmagenta:"#8b008b",darkolivegreen:"#556b2f",darkorange:"#ff8c00",darkorchid:"#9932cc",darkred:"#8b0000",darksalmon:"#e9967a",darkseagreen:"#8fbc8f",darkslateblue:"#483d8b",darkslategray:"#2f4f4f",darkturquoise:"#00ced1",darkviolet:"#9400d3",deeppink:"#ff1493",deepskyblue:"#00bfff",dimgray:"#696969",dodgerblue:"#1e90ff",firebrick:"#b22222",floralwhite:"#fffaf0",forestgreen:"#228b22",fuchsia:"#ff00ff",gainsboro:"#dcdcdc",ghostwhite:"#f8f8ff",gold:"#ffd700",goldenrod:"#daa520",gray:"#808080",green:"#008000",greenyellow:"#adff2f",honeydew:"#f0fff0",hotpink:"#ff69b4","indianred ":"#cd5c5c","indigo ":"#4b0082",ivory:"#fffff0",khaki:"#f0e68c",lavender:"#e6e6fa",lavenderblush:"#fff0f5",lawngreen:"#7cfc00",lemonchiffon:"#fffacd",lightblue:"#add8e6",lightcoral:"#f08080",lightcyan:"#e0ffff",lightgoldenrodyellow:"#fafad2",lightgrey:"#d3d3d3",lightgreen:"#90ee90",lightpink:"#ffb6c1",lightsalmon:"#ffa07a",lightseagreen:"#20b2aa",lightskyblue:"#87cefa",lightslategray:"#778899",lightsteelblue:"#b0c4de",lightyellow:"#ffffe0",lime:"#00ff00",limegreen:"#32cd32",linen:"#faf0e6",magenta:"#ff00ff",maroon:"#800000",mediumaquamarine:"#66cdaa",mediumblue:"#0000cd",mediumorchid:"#ba55d3",mediumpurple:"#9370d8",mediumseagreen:"#3cb371",mediumslateblue:"#7b68ee",mediumspringgreen:"#00fa9a",mediumturquoise:"#48d1cc",mediumvioletred:"#c71585",midnightblue:"#191970",mintcream:"#f5fffa",mistyrose:"#ffe4e1",moccasin:"#ffe4b5",navajowhite:"#ffdead",navy:"#000080",oldlace:"#fdf5e6",olive:"#808000",olivedrab:"#6b8e23",orange:"#ffa500",orangered:"#ff4500",orchid:"#da70d6",palegoldenrod:"#eee8aa",palegreen:"#98fb98",paleturquoise:"#afeeee",palevioletred:"#d87093",papayawhip:"#ffefd5",peachpuff:"#ffdab9",peru:"#cd853f",pink:"#ffc0cb",plum:"#dda0dd",powderblue:"#b0e0e6",purple:"#800080",red:"#ff0000",rosybrown:"#bc8f8f",royalblue:"#4169e1",saddlebrown:"#8b4513",salmon:"#fa8072",sandybrown:"#f4a460",seagreen:"#2e8b57",seashell:"#fff5ee",sienna:"#a0522d",silver:"#c0c0c0",skyblue:"#87ceeb",slateblue:"#6a5acd",slategray:"#708090",snow:"#fffafa",springgreen:"#00ff7f",steelblue:"#4682b4",tan:"#d2b48c",teal:"#008080",thistle:"#d8bfd8",tomato:"#ff6347",turquoise:"#40e0d0",violet:"#ee82ee",wheat:"#f5deb3",white:"#ffffff",whitesmoke:"#f5f5f5",yellow:"#ffff00",yellowgreen:"#9acd32"};return"undefined"!=typeof t[e.toLowerCase()]?t[e.toLowerCase()]:!1}function wfu_download_file(e,t,l){var d=wfu_GetHttpRequestObject();if(null!=d){var a=AdminParams.wfu_ajax_url;params=new Array(3),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_download_file_invoker",params[1]=new Array(2),params[1][0]="file",params[1][1]=e,params[2]=new Array(2),params[2][0]="nonce",params[2][1]=l;for(var n="",u=0;u<params.length;u++)n+=(u>0?"&":"")+params[u][0]+"="+encodeURI(params[u][1]);d.open("POST",a,!0),d.setRequestHeader("Content-type","application/x-www-form-urlencoded"),d.onreadystatechange=function(){if(4==d.readyState&&200==d.status){var l="wfu_ajax_action_download_file_invoker:",a=d.responseText.indexOf(l);-1==a&&(a=d.responseText.length);var n=(d.responseText.substr(0,a),d.responseText.substr(a+l.length,d.responseText.length-a-l.length));a=n.indexOf(":");var u=n.substr(0,a);if(txt_value=n.substr(a+1,n.length-a-1),"wfu_download_id;"==u.substr(0,16)){var r=u.substr(16),o=document.getElementById("wfu_file_download_container_"+t);o.innerHTML=txt_value,setTimeout("wfu_download_file_monitor('"+e+"', "+t+", '"+r+"')",100)}}},d.send(n)}}function wfu_download_file_monitor(e,t,l){var d=wfu_GetHttpRequestObject();if(null!=d){var a=AdminParams.wfu_ajax_url;params=new Array(3),params[0]=new Array(2),params[0][0]="action",params[0][1]="wfu_ajax_action_download_file_monitor",params[1]=new Array(2),params[1][0]="file",params[1][1]=e,params[2]=new Array(2),params[2][0]="id",params[2][1]=l;for(var n="",u=0;u<params.length;u++)n+=(u>0?"&":"")+params[u][0]+"="+encodeURI(params[u][1]);d.open("POST",a,!0),d.setRequestHeader("Content-type","application/x-www-form-urlencoded"),d.onreadystatechange=function(){if(4==d.readyState&&200==d.status){var l="wfu_ajax_action_download_file_monitor:",a=d.responseText.indexOf(l);-1==a&&(a=d.responseText.length);var n=(d.responseText.substr(0,a),d.responseText.substr(a+l.length,d.responseText.length-a-l.length));a=n.indexOf(":");var u=n.substr(0,a);if(txt_value=n.substr(a+1,n.length-a-1),"repeat"!=u){var r=document.getElementById("wfu_file_download_container_"+t);r.innerHTML=""}else"repeat"==u&&setTimeout("wfu_download_file_monitor('"+e+"', "+t+", '"+txt_value+"')",100)}},d.send(n)}}function wfu_filedetails_userdata_changed(){for(var e,t,l=document.getElementsByName("wfu_filedetails_userdata"),d=!1,a=0;a<l.length;a++)if(e=document.getElementById(l[a].id.replace("wfu_filedetails_userdata_value_","wfu_filedetails_userdata_default_")),t=document.getElementById(l[a].id.replace("wfu_filedetails_userdata_value_","wfu_filedetails_userdata_")),t.value=l[a].value,l[a].value!=e.value){d=!0;break}document.getElementById("dp_filedetails_submit_fields").disabled=!d}function wfu_Attach_FileDetails_Admin_Events(){for(var e=document.getElementsByName("wfu_filedetails_userdata"),t=0;t<e.length;t++)wfu_attach_element_handlers(e[t],wfu_filedetails_userdata_changed)}function wfu_update_browserpermission_option(e,t){var l=document.getElementById("wfu_fbperm_users"),d=document.getElementById("wfu_fbperm_roles"),a=document.getElementById("wfu_fbperm_"+e+"_"+t+"_view"),n=document.getElementById("wfu_fbperm_"+e+"_"+t+"_dl"),u=document.getElementById("wfu_fbperm_"+e+"_"+t+"_edit"),r=document.getElementById("wfu_fbperm_"+e+"_"+t+"_del");if("role"==e){if("0"==t){n.checked=a.checked&&n.checked,u.checked=a.checked&&u.checked,r.checked=a.checked&&r.checked,n.disabled=!a.checked,u.disabled=!a.checked,r.disabled=!a.checked;for(var o=d.value.split(","),_=0;_<o.length;_++){var s=o[_].indexOf("["),c=o[_].substr(0,s);"0"!=c&&wfu_update_browserpermission_option("role",c)}var f=(a.checked?"v":"")+(n.checked?"d":"")+(u.checked?"e":"")+(r.checked?"l":"");d.value=d.value.replace(/^0\[\w*\]/,"0["+f+"]")}else if("administrator"!=t){var i=document.getElementById("wfu_fbperm_role_"+t+"_row"),m=document.getElementById("wfu_fbperm_role_"+t+"_def"),w=document.getElementById("wfu_fbperm_role_0_view"),p=document.getElementById("wfu_fbperm_role_0_dl"),g=document.getElementById("wfu_fbperm_role_0_edit"),v=document.getElementById("wfu_fbperm_role_0_del");a.checked=m.checked?w.checked:a.checked,i.style.fontWeight=m.checked?"":"bold",n.checked=m.checked?p.checked:a.checked&&n.checked,u.checked=m.checked?g.checked:a.checked&&u.checked,r.checked=m.checked?v.checked:a.checked&&r.checked,a.disabled=m.checked,n.disabled=m.checked||!a.checked,u.disabled=m.checked||!a.checked,r.disabled=m.checked||!a.checked;var f=m.checked?"":"D"+(a.checked?"v":"")+(n.checked?"d":"")+(u.checked?"e":"")+(r.checked?"l":"");d.value=d.value.replace(new RegExp(","+t+"\\[\\w*\\]"),","+t+"["+f+"]")}for(var b=l.value.split(","),_=0;_<b.length;_++){var s=b[_].indexOf("["),h=b[_].substr(0,s);"0"!=h&&wfu_update_browserpermission_option("user",h)}}else if("user"==e){var y=document.getElementById("wfu_fbperm_user_"+t+"_role");if("0"==t){a.checked=y.checked?!1:a.checked,n.checked=y.checked?!1:a.checked&&n.checked,u.checked=y.checked?!1:a.checked&&u.checked,r.checked=y.checked?!1:a.checked&&r.checked,a.disabled=y.checked,n.disabled=y.checked||!a.checked,u.disabled=y.checked||!a.checked,r.disabled=y.checked||!a.checked,a.indeterminate=y.checked,n.indeterminate=y.checked,u.indeterminate=y.checked,r.indeterminate=y.checked;for(var b=l.value.split(","),_=0;_<b.length;_++){var s=b[_].indexOf("["),h=b[_].substr(0,s);"0"!=h&&wfu_update_browserpermission_option("user",h)}var f=y.checked?"":"R"+(a.checked?"v":"")+(n.checked?"d":"")+(u.checked?"e":"")+(r.checked?"l":"");l.value=l.value.replace(/^0\[\w*\]/,"0["+f+"]")}else{var I=document.getElementById("wfu_fbperm_user_"+t+"_roles").value.split(",");if(1==I.length&&""==I[0]&&(I=Array()),I.indexOf("administrator")<0){var i=document.getElementById("wfu_fbperm_user_"+t+"_row"),m=document.getElementById("wfu_fbperm_user_"+t+"_def"),E=document.getElementById("wfu_fbperm_user_0_role"),w=document.getElementById("wfu_fbperm_user_0_view"),p=document.getElementById("wfu_fbperm_user_0_dl"),g=document.getElementById("wfu_fbperm_user_0_edit"),v=document.getElementById("wfu_fbperm_user_0_del");if(I.length>0)for(var k=!1,B=!1,x=!1,N=!1,_=0;_<I.length;_++)k=k||document.getElementById("wfu_fbperm_role_"+I[_]+"_view").checked,B=k&&(B||document.getElementById("wfu_fbperm_role_"+I[_]+"_dl").checked),x=k&&(x||document.getElementById("wfu_fbperm_role_"+I[_]+"_edit").checked),N=k&&(N||document.getElementById("wfu_fbperm_role_"+I[_]+"_del").checked);else var k=document.getElementById("wfu_fbperm_role_0_view"),B=document.getElementById("wfu_fbperm_role_0_dl"),x=document.getElementById("wfu_fbperm_role_0_edit"),N=document.getElementById("wfu_fbperm_role_0_del");i.style.fontWeight=m.checked?"":"bold",y.checked=m.checked?E.checked:y.checked,a.checked=m.checked?E.checked?k:w.checked:y.checked?k:a.checked,n.checked=m.checked?E.checked?B:p.checked:y.checked?B:a.checked&&n.checked,u.checked=m.checked?E.checked?x:g.checked:y.checked?x:a.checked&&u.checked,r.checked=m.checked?E.checked?N:v.checked:y.checked?N:a.checked&&r.checked,y.disabled=m.checked,a.disabled=m.checked||y.checked,n.disabled=m.checked||y.checked||!a.checked,u.disabled=m.checked||y.checked||!a.checked,r.disabled=m.checked||y.checked||!a.checked;var f=m.checked?"":"D"+(y.checked?"":"R"+(a.checked?"v":"")+(n.checked?"d":"")+(u.checked?"e":"")+(r.checked?"l":""));l.value=l.value.replace(new RegExp(","+t+"\\[\\w*\\]"),","+t+"["+f+"]")}}}}var DraggedItem=null,ShortcodeNextSave=0,ShortcodeTimeOut=null,ShortcodeString="",Autosave=!1,PageObsolete=!1,PageUpdating=!1,CheckObsolescenceTimeOut=5e3;jQuery(document).ready(function(e){e(".wfu_color_field").wpColorPicker({change:function(e,t){e.target.value=t.color.toString(),"wfu_text_elements"==e.target.name?wfu_update_text_value(e):"wfu_triplecolor_elements"==e.target.name&&wfu_update_triplecolor_value(e)}})});
languages/wordpress-file-upload-sr_RS.mo CHANGED
Binary file
languages/wordpress-file-upload-sr_RS.po CHANGED
@@ -2,8 +2,8 @@ msgid ""
2
  msgstr ""
3
  "Project-Id-Version: Wordpress File Upload\n"
4
  "Report-Msgid-Bugs-To: \n"
5
- "POT-Creation-Date: 2015-06-05 18:46+0200\n"
6
- "PO-Revision-Date: 2015-06-05 18:46+0200\n"
7
  "Last-Translator: Borisa Djuraskovic <borisad@webhostinghub.com>\n"
8
  "Language-Team: Iptanus Team <info@iptanus.com>\n"
9
  "Language: sr\n"
@@ -414,13 +414,19 @@ msgstr "Datoteka testfile 2 poruka administratora"
414
 
415
  #: lib/wfu_constants.php:131
416
  msgid ""
 
 
 
 
 
 
417
  "Failed to edit the shortcode because the contents of the page changed. Try "
418
  "again to edit the shortcode."
419
  msgstr ""
420
  "Neuspešno uređivanje shortcode-a zbog izmene sadržaja stranice. Pokušajte "
421
  "ponovo da uredite shortcode."
422
 
423
- #: lib/wfu_constants.php:132
424
  msgid ""
425
  "Failed to delete the shortcode because the contents of the page changed. Try "
426
  "again to delete it."
@@ -428,7 +434,7 @@ msgstr ""
428
  "Neuspešno brisanje shortcode-a zbog izmene sadržaja stranice. Pokušajte "
429
  "ponovo da ga obrišete."
430
 
431
- #: lib/wfu_constants.php:133
432
  msgid ""
433
  "The page containing the shortcode has been modified and it is no longer "
434
  "valid. Please go back to reload the shortcode."
@@ -436,7 +442,7 @@ msgstr ""
436
  "Stranica koja sadrži shortcode je izmenjena i više nije validna. Vratite se "
437
  "da ponovo učitate shortcode."
438
 
439
- #: lib/wfu_constants.php:134
440
  msgid ""
441
  "Failed to update the shortcode because the contents of the page changed. Go "
442
  "back to reload the shortcode."
@@ -444,7 +450,7 @@ msgstr ""
444
  "Neuspešno ažuriranje shortcode-a zbog izmene sadržaja stranice. Vratite se "
445
  "da ponovo učitate shortcode."
446
 
447
- #: lib/wfu_constants.php:135
448
  msgid ""
449
  "Failed to update the shortcode. Please try again. If the problem persists, "
450
  "go back and reload the shortcode."
@@ -452,7 +458,7 @@ msgstr ""
452
  "Neuspešno ažuriranje shortcode-a. Pokušajte ponovo. Ako se problem ne reši, "
453
  "vratite se i opet učitajte shortcode."
454
 
455
- #: lib/wfu_constants.php:138
456
  msgid ""
457
  "Insert variable %userid% inside text. It will be replaced by the id of the "
458
  "current user."
@@ -460,7 +466,7 @@ msgstr ""
460
  "Unesite promenljivu %idkorisnika% u tekst. Biće zamenjena id-jem tekućeg "
461
  "korisnika."
462
 
463
- #: lib/wfu_constants.php:139
464
  msgid ""
465
  "Insert variable %username% inside text. It will be replaced by the username "
466
  "of the current user."
@@ -468,7 +474,7 @@ msgstr ""
468
  "Unesite promenljivu %korisničko ime% u tekst. Biće zamenjena korisničkim "
469
  "imenom tekućeg korisnika."
470
 
471
- #: lib/wfu_constants.php:140
472
  msgid ""
473
  "Insert variable %useremail% inside text. It will be replaced by the email of "
474
  "the current user."
@@ -476,7 +482,7 @@ msgstr ""
476
  "Unesite promenljivu %mailkorisnika% u tekst. Biće zamenjena mail-om tekućeg "
477
  "korisnika."
478
 
479
- #: lib/wfu_constants.php:141
480
  msgid ""
481
  "Insert variable %filename% inside text. It will be replaced by the filename "
482
  "of the uploaded file."
@@ -484,7 +490,7 @@ msgstr ""
484
  "Unesite promenljivu %nazivdatoteke% u tekst. Biće zamenjena nazivom "
485
  "otpremljene datoteke."
486
 
487
- #: lib/wfu_constants.php:142
488
  msgid ""
489
  "Insert variable %filepath% inside text. It will be replaced by the full "
490
  "filepath of the uploaded file."
@@ -492,7 +498,7 @@ msgstr ""
492
  "Unesite promenljivu %putanjadatoteke% u tekst. Biće zamenjena celom putanjom "
493
  "otpremljene datoteke."
494
 
495
- #: lib/wfu_constants.php:143
496
  msgid ""
497
  "Insert variable %blogid% inside text. It will be replaced by the blog id of "
498
  "the website."
@@ -500,7 +506,7 @@ msgstr ""
500
  "Unesite promenljivu %idbloga% u tekst. Biće zamenjena id-jem bloga web site-"
501
  "a."
502
 
503
- #: lib/wfu_constants.php:144
504
  msgid ""
505
  "Insert variable %pageid% inside text. It will be replaced by the id of the "
506
  "current page."
@@ -508,7 +514,7 @@ msgstr ""
508
  "Unesite promenljivu %idstranice% u tekst. Biće zamenjena id-jem tekuće "
509
  "stranice."
510
 
511
- #: lib/wfu_constants.php:145
512
  msgid ""
513
  "Insert variable %pagetitle% inside text. It will be replaced by the title of "
514
  "the current page."
@@ -516,7 +522,7 @@ msgstr ""
516
  "Unesite promenljivu %naslovstranice% u tekst. Biće zamenjena naslovom tekuće "
517
  "stranice."
518
 
519
- #: lib/wfu_constants.php:146
520
  msgid ""
521
  "Insert variable %userdataXXX% inside text. Select the user field from the "
522
  "drop-down list. It will be replaced by the value that the user entered in "
@@ -525,70 +531,174 @@ msgstr ""
525
  "Unesite promenljivu %korisnički podaciXXX%. Odaberite korisničko polje iz "
526
  "opadajuće liste. Biće zamenjena vrednošću koju je korisnik uneo u ovo polje."
527
 
528
- #: lib/wfu_constants.php:147
529
  msgid "Insert variable %n% inside text to denote a line change."
530
  msgstr "Unesite promenljivu %n% u tekst kako biste označili promenu reda."
531
 
532
- #: lib/wfu_constants.php:150
533
  msgid "Upload in progress"
534
  msgstr "Otpremanje u toku"
535
 
536
- #: lib/wfu_constants.php:151
537
  msgid "Upload in progress with warnings!"
538
  msgstr "Otpremanje sa upozorenjima u toku!"
539
 
540
- #: lib/wfu_constants.php:152
541
  msgid "Upload in progress but some files already failed!"
542
  msgstr "Otpremanje u toku, ali neke datoteke već nisu uspešno otpremljene!"
543
 
544
- #: lib/wfu_constants.php:153
545
  msgid "Upload in progress but no files uploaded so far!"
546
  msgstr "Otpremanje u toku, ali do sada nisu otpremljene nikakve datoteke!"
547
 
548
- #: lib/wfu_constants.php:154
549
  msgid "All files uploaded successfully"
550
  msgstr "Sve datoteke uspešno su otpremljene"
551
 
552
- #: lib/wfu_constants.php:155
553
  msgid "All files uploaded successfully but there are warnings!"
554
  msgstr "Sve datoteke uspešno su otpremljene, ali postoje upozorenja!"
555
 
556
- #: lib/wfu_constants.php:156
557
  msgid "File uploaded successfully but there are warnings!"
558
  msgstr "Datoteka je uspešno otpremljena, ali postoje upozorenja!"
559
 
560
- #: lib/wfu_constants.php:157
561
  msgid "Some files failed to upload!"
562
  msgstr "Neke datoteke nisu otpremljene!"
563
 
564
- #: lib/wfu_constants.php:158
565
  msgid "All files failed to upload"
566
  msgstr "Nijedna datoteka nije otpremljena"
567
 
568
- #: lib/wfu_constants.php:159
569
  msgid "File failed to upload"
570
  msgstr "Datoteka nije uspešno otpremljena"
571
 
572
- #: lib/wfu_constants.php:160
573
  msgid "There are no files to upload!"
574
  msgstr "Nema datoteka za otpremanje"
575
 
576
- #: lib/wfu_constants.php:161
577
  msgid "Test upload message"
578
  msgstr "Testiraj poruku za otpremanje"
579
 
580
- #: lib/wfu_constants.php:162
581
  msgid "JSON parse warning!"
582
  msgstr "Upozorenje za JSON parsiranje!"
583
 
584
- #: lib/wfu_constants.php:163
585
  msgid "please wait while redirecting..."
586
  msgstr "Molimo sačekajte preusmeravanje..."
587
 
588
- #: lib/wfu_constants.php:164
589
  msgid "Open visual shortcode editor in new window"
590
  msgstr "Otvori vizuelni shortcode uređivač u novom prozoru"
591
 
592
- #: lib/wfu_constants.php:165
593
  msgid "loading visual editor"
594
  msgstr "učitavanje vizuelnog uređivača"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  msgstr ""
3
  "Project-Id-Version: Wordpress File Upload\n"
4
  "Report-Msgid-Bugs-To: \n"
5
+ "POT-Creation-Date: 2015-07-01 20:13+0200\n"
6
+ "PO-Revision-Date: 2015-07-01 20:13+0200\n"
7
  "Last-Translator: Borisa Djuraskovic <borisad@webhostinghub.com>\n"
8
  "Language-Team: Iptanus Team <info@iptanus.com>\n"
9
  "Language: sr\n"
414
 
415
  #: lib/wfu_constants.php:131
416
  msgid ""
417
+ "Failed to add the shortcode to the page/post. Please try again. If the "
418
+ "message persists, contact administrator."
419
+ msgstr ""
420
+
421
+ #: lib/wfu_constants.php:132
422
+ msgid ""
423
  "Failed to edit the shortcode because the contents of the page changed. Try "
424
  "again to edit the shortcode."
425
  msgstr ""
426
  "Neuspešno uređivanje shortcode-a zbog izmene sadržaja stranice. Pokušajte "
427
  "ponovo da uredite shortcode."
428
 
429
+ #: lib/wfu_constants.php:133
430
  msgid ""
431
  "Failed to delete the shortcode because the contents of the page changed. Try "
432
  "again to delete it."
434
  "Neuspešno brisanje shortcode-a zbog izmene sadržaja stranice. Pokušajte "
435
  "ponovo da ga obrišete."
436
 
437
+ #: lib/wfu_constants.php:134
438
  msgid ""
439
  "The page containing the shortcode has been modified and it is no longer "
440
  "valid. Please go back to reload the shortcode."
442
  "Stranica koja sadrži shortcode je izmenjena i više nije validna. Vratite se "
443
  "da ponovo učitate shortcode."
444
 
445
+ #: lib/wfu_constants.php:135
446
  msgid ""
447
  "Failed to update the shortcode because the contents of the page changed. Go "
448
  "back to reload the shortcode."
450
  "Neuspešno ažuriranje shortcode-a zbog izmene sadržaja stranice. Vratite se "
451
  "da ponovo učitate shortcode."
452
 
453
+ #: lib/wfu_constants.php:136
454
  msgid ""
455
  "Failed to update the shortcode. Please try again. If the problem persists, "
456
  "go back and reload the shortcode."
458
  "Neuspešno ažuriranje shortcode-a. Pokušajte ponovo. Ako se problem ne reši, "
459
  "vratite se i opet učitajte shortcode."
460
 
461
+ #: lib/wfu_constants.php:139
462
  msgid ""
463
  "Insert variable %userid% inside text. It will be replaced by the id of the "
464
  "current user."
466
  "Unesite promenljivu %idkorisnika% u tekst. Biće zamenjena id-jem tekućeg "
467
  "korisnika."
468
 
469
+ #: lib/wfu_constants.php:140
470
  msgid ""
471
  "Insert variable %username% inside text. It will be replaced by the username "
472
  "of the current user."
474
  "Unesite promenljivu %korisničko ime% u tekst. Biće zamenjena korisničkim "
475
  "imenom tekućeg korisnika."
476
 
477
+ #: lib/wfu_constants.php:141
478
  msgid ""
479
  "Insert variable %useremail% inside text. It will be replaced by the email of "
480
  "the current user."
482
  "Unesite promenljivu %mailkorisnika% u tekst. Biće zamenjena mail-om tekućeg "
483
  "korisnika."
484
 
485
+ #: lib/wfu_constants.php:142
486
  msgid ""
487
  "Insert variable %filename% inside text. It will be replaced by the filename "
488
  "of the uploaded file."
490
  "Unesite promenljivu %nazivdatoteke% u tekst. Biće zamenjena nazivom "
491
  "otpremljene datoteke."
492
 
493
+ #: lib/wfu_constants.php:143
494
  msgid ""
495
  "Insert variable %filepath% inside text. It will be replaced by the full "
496
  "filepath of the uploaded file."
498
  "Unesite promenljivu %putanjadatoteke% u tekst. Biće zamenjena celom putanjom "
499
  "otpremljene datoteke."
500
 
501
+ #: lib/wfu_constants.php:144
502
  msgid ""
503
  "Insert variable %blogid% inside text. It will be replaced by the blog id of "
504
  "the website."
506
  "Unesite promenljivu %idbloga% u tekst. Biće zamenjena id-jem bloga web site-"
507
  "a."
508
 
509
+ #: lib/wfu_constants.php:145
510
  msgid ""
511
  "Insert variable %pageid% inside text. It will be replaced by the id of the "
512
  "current page."
514
  "Unesite promenljivu %idstranice% u tekst. Biće zamenjena id-jem tekuće "
515
  "stranice."
516
 
517
+ #: lib/wfu_constants.php:146
518
  msgid ""
519
  "Insert variable %pagetitle% inside text. It will be replaced by the title of "
520
  "the current page."
522
  "Unesite promenljivu %naslovstranice% u tekst. Biće zamenjena naslovom tekuće "
523
  "stranice."
524
 
525
+ #: lib/wfu_constants.php:147
526
  msgid ""
527
  "Insert variable %userdataXXX% inside text. Select the user field from the "
528
  "drop-down list. It will be replaced by the value that the user entered in "
531
  "Unesite promenljivu %korisnički podaciXXX%. Odaberite korisničko polje iz "
532
  "opadajuće liste. Biće zamenjena vrednošću koju je korisnik uneo u ovo polje."
533
 
534
+ #: lib/wfu_constants.php:148
535
  msgid "Insert variable %n% inside text to denote a line change."
536
  msgstr "Unesite promenljivu %n% u tekst kako biste označili promenu reda."
537
 
538
+ #: lib/wfu_constants.php:151
539
  msgid "Upload in progress"
540
  msgstr "Otpremanje u toku"
541
 
542
+ #: lib/wfu_constants.php:152
543
  msgid "Upload in progress with warnings!"
544
  msgstr "Otpremanje sa upozorenjima u toku!"
545
 
546
+ #: lib/wfu_constants.php:153
547
  msgid "Upload in progress but some files already failed!"
548
  msgstr "Otpremanje u toku, ali neke datoteke već nisu uspešno otpremljene!"
549
 
550
+ #: lib/wfu_constants.php:154
551
  msgid "Upload in progress but no files uploaded so far!"
552
  msgstr "Otpremanje u toku, ali do sada nisu otpremljene nikakve datoteke!"
553
 
554
+ #: lib/wfu_constants.php:155
555
  msgid "All files uploaded successfully"
556
  msgstr "Sve datoteke uspešno su otpremljene"
557
 
558
+ #: lib/wfu_constants.php:156
559
  msgid "All files uploaded successfully but there are warnings!"
560
  msgstr "Sve datoteke uspešno su otpremljene, ali postoje upozorenja!"
561
 
562
+ #: lib/wfu_constants.php:157
563
  msgid "File uploaded successfully but there are warnings!"
564
  msgstr "Datoteka je uspešno otpremljena, ali postoje upozorenja!"
565
 
566
+ #: lib/wfu_constants.php:158
567
  msgid "Some files failed to upload!"
568
  msgstr "Neke datoteke nisu otpremljene!"
569
 
570
+ #: lib/wfu_constants.php:159
571
  msgid "All files failed to upload"
572
  msgstr "Nijedna datoteka nije otpremljena"
573
 
574
+ #: lib/wfu_constants.php:160
575
  msgid "File failed to upload"
576
  msgstr "Datoteka nije uspešno otpremljena"
577
 
578
+ #: lib/wfu_constants.php:161
579
  msgid "There are no files to upload!"
580
  msgstr "Nema datoteka za otpremanje"
581
 
582
+ #: lib/wfu_constants.php:162
583
  msgid "Test upload message"
584
  msgstr "Testiraj poruku za otpremanje"
585
 
586
+ #: lib/wfu_constants.php:163
587
  msgid "JSON parse warning!"
588
  msgstr "Upozorenje za JSON parsiranje!"
589
 
590
+ #: lib/wfu_constants.php:164
591
  msgid "please wait while redirecting..."
592
  msgstr "Molimo sačekajte preusmeravanje..."
593
 
594
+ #: lib/wfu_constants.php:165
595
  msgid "Open visual shortcode editor in new window"
596
  msgstr "Otvori vizuelni shortcode uređivač u novom prozoru"
597
 
598
+ #: lib/wfu_constants.php:166
599
  msgid "loading visual editor"
600
  msgstr "učitavanje vizuelnog uređivača"
601
+
602
+ #~ msgid "Please fill in the above words: "
603
+ #~ msgstr "Popunite sledećim rečima:"
604
+
605
+ #~ msgid ""
606
+ #~ "ERROR: Captcha not supported! You have an old PHP version. Upgrade your "
607
+ #~ "PHP or use RecaptchaV2 (no account)."
608
+ #~ msgstr ""
609
+ #~ "GREŠKA: Captcha nije podržana! Imate staru PHP verziju. Nadogradite svoj "
610
+ #~ "PHP ili koristite RecaptchaV2 (bez naloga)."
611
+
612
+ #~ msgid "ERROR: No site key. Please contact administrator!"
613
+ #~ msgstr "GREŠKA: Nema ključa site-a. Obratite se administratoru."
614
+
615
+ #~ msgid ""
616
+ #~ "ERROR: No site key defined! Please go to the plugin settings in Dashboard "
617
+ #~ "to define Google Recaptcha keys."
618
+ #~ msgstr ""
619
+ #~ "GREŠKA: Ključ site-a nije određen. Idite na kontrolnu tablu podešavanja "
620
+ #~ "plugin-a da biste odredili Google Recaptcha ključeve."
621
+
622
+ #~ msgid "Bad captcha image!"
623
+ #~ msgstr "Loša captcha slika!"
624
+
625
+ #~ msgid "No input!"
626
+ #~ msgstr "Nema unosa!"
627
+
628
+ #~ msgid "Captcha not completed!"
629
+ #~ msgstr "Captcha nije kompletan!"
630
+
631
+ #~ msgid "Wrong captcha!"
632
+ #~ msgstr "Pogrešan captcha!"
633
+
634
+ #~ msgid "Error refreshing captcha!"
635
+ #~ msgstr "Greška u osvežavanju captcha!"
636
+
637
+ #~ msgid "Unknown captcha error!"
638
+ #~ msgstr "Nepoznata captcha greška!"
639
+
640
+ #~ msgid "Captcha not supported by your browser!"
641
+ #~ msgstr "Vaš pretraživač ne podržava captcha!"
642
+
643
+ #~ msgid "the secret parameter is missing"
644
+ #~ msgstr "nedostaje tajni parametar"
645
+
646
+ #~ msgid "the secret parameter is invalid or malformed"
647
+ #~ msgstr "tajni parametar je nevažeći ili loše formulisan"
648
+
649
+ #~ msgid "the response parameter is missing"
650
+ #~ msgstr "nedostaje parametar odgovora "
651
+
652
+ #~ msgid "the response parameter is invalid or malformed"
653
+ #~ msgstr "parametar odgovora je nevažeći ili loše formulisan"
654
+
655
+ #~ msgid "Please do not use drag drop due to an internal problem."
656
+ #~ msgstr ""
657
+ #~ "Molimo vas da ne koristite prevlačenje i pozicioniranje zbog internog "
658
+ #~ "problema."
659
+
660
+ #~ msgid "Error during chunked upload. Unique ID empty in chunk %d"
661
+ #~ msgstr ""
662
+ #~ "Došlo je do greške prilikom parcijalnog otpremanja. Jedinstveni ID u "
663
+ #~ "jedinici memorije %d"
664
+
665
+ #~ msgid "Chunked upload is not allowed!"
666
+ #~ msgstr "Parcijalno otpremanje nije dozvoljeno!"
667
+
668
+ #~ msgid "Chunked upload aborted due to error in previous chunk!"
669
+ #~ msgstr ""
670
+ #~ "Parcijalno otpremanje prekinuto je zbog greške u prethodnoj jedinici "
671
+ #~ "memorije!"
672
+
673
+ #~ msgid "Chunked upload failed, final file could not be created!"
674
+ #~ msgstr ""
675
+ #~ "Otpremanje u jedinici memorije neuspelo, konačna datoteka ne može se "
676
+ #~ "kreirati!"
677
+
678
+ #~ msgid "Could not write file chuck to destination on chunk %d"
679
+ #~ msgstr ""
680
+ #~ "Ne može se napisati jedinica memorije datoteke u jedinici memorije %d. "
681
+
682
+ #~ msgid "Could not enlarge destination file on chunk %d"
683
+ #~ msgstr "Ne može se uvećati odredišna datoteka u jedinici memorije %d."
684
+
685
+ #~ msgid "Could not open file handles on chunk %d"
686
+ #~ msgstr "Ne mogu se otvoriti opisi datoteke u jedinici memorije %d"
687
+
688
+ #~ msgid "checking captcha..."
689
+ #~ msgstr "captcha se proverava..."
690
+
691
+ #~ msgid "refreshing..."
692
+ #~ msgstr "osvežava se..."
693
+
694
+ #~ msgid "correct captcha"
695
+ #~ msgstr "ispravi captcha"
696
+
697
+ #~ msgid "click to continue the upload"
698
+ #~ msgstr "kliknite da biste nastavili otpremanje"
699
+
700
+ #~ msgid "Clear file list?"
701
+ #~ msgstr "Obriši listu datoteke?"
702
+
703
+ #~ msgid "DROP HERE"
704
+ #~ msgstr "POZICIONIRAJ OVDE"
lib/wfu_admin.php CHANGED
@@ -3,7 +3,8 @@
3
  function wordpress_file_upload_admin_init() {
4
  $uri = $_SERVER['REQUEST_URI'];
5
  wp_register_style( 'myPluginStylesheet', plugins_url('stylesheet.css', __FILE__) );
6
- if ( is_admin() && strpos($uri, "options-general.php") !== false ) {
 
7
  wp_register_style('wordpress-file-upload-admin-style', WPFILEUPLOAD_DIR.'css/wordpress_file_upload_adminstyle.css',false,'1.0','all');
8
  wp_register_script('wordpress_file_upload_admin_script', WPFILEUPLOAD_DIR.'js/wordpress_file_upload_adminfunctions.js', array( 'wp-color-picker' ), false, true);
9
  wp_register_script('wordpress_file_upload_classname_script', WPFILEUPLOAD_DIR.'js/getElementsByClassName-1.0.1.js');
@@ -11,13 +12,14 @@ function wordpress_file_upload_admin_init() {
11
  }
12
 
13
  function wordpress_file_upload_add_admin_pages() {
14
- $page_hook_suffix = add_options_page('Wordpress File Upload', 'Wordpress File Upload', 'manage_options', 'wordpress_file_upload', 'wordpress_file_upload_manage_dashboard');
15
- add_action('admin_print_scripts-'.$page_hook_suffix, 'wfu_enqueue_admin_scripts');
16
  }
17
 
18
  function wfu_enqueue_admin_scripts() {
19
  $uri = $_SERVER['REQUEST_URI'];
20
- if ( is_admin() && strpos($uri, "options-general.php") !== false ) {
 
21
  wp_enqueue_style('wordpress-file-upload-admin-style');
22
  wp_enqueue_style( 'wp-color-picker' );
23
  wp_enqueue_script('wordpress_file_upload_admin_script');
@@ -566,91 +568,4 @@ function wfu_delete_shortcode($data) {
566
  return $res;
567
  }
568
 
569
- function wfu_manage_settings($message = '') {
570
- if ( !current_user_can( 'manage_options' ) ) return wfu_shortcode_composer();
571
-
572
- $siteurl = site_url();
573
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
574
-
575
- $echo_str = '<div class="wrap">';
576
- $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
577
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
578
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=manage_mainmenu" class="button" title="go back">Go to Main Menu</a>';
579
- $echo_str .= "\n\t\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">Settings</h2>';
580
- $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editsettings" id="editsettings" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_settings" class="validate">';
581
- $nonce = wp_nonce_field('wfu_edit_admin_settings', '_wpnonce', false, false);
582
- $nonce_ref = wp_referer_field(false);
583
- $echo_str .= "\n\t\t\t".$nonce;
584
- $echo_str .= "\n\t\t\t".$nonce_ref;
585
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_settings">';
586
- $echo_str .= "\n\t\t\t".'<table class="form-table">';
587
- $echo_str .= "\n\t\t\t\t".'<tbody>';
588
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
589
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
590
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_hashfiles">Hash Files</label>';
591
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
592
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
593
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input name="wfu_hashfiles" id="wfu_hashfiles" type="checkbox"'.($plugin_options['hashfiles'] == '1' ? ' checked="checked"' : '' ).' style="width:auto;" /> Enables better control of uploaded files, but slows down performance when uploaded files are larger than 100MBytes';
594
- $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.($plugin_options['hashfiles'] == '1' ? 'Yes' : 'No' ).'</strong></p>';
595
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
596
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
597
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
598
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
599
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_basedir">Base Directory</label>';
600
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
601
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
602
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input name="wfu_basedir" id="wfu_basedir" type="text" value="'.$plugin_options['basedir'].'" />';
603
- $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.$plugin_options['basedir'].'</strong></p>';
604
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
605
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
606
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
607
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
608
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_postmethod">Post Method</label>';
609
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
610
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
611
- $echo_str .= "\n\t\t\t\t\t\t\t".'<select name="wfu_postmethod" id="wfu_postmethod" value="'.$plugin_options['postmethod'].'">';
612
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="fopen"'.( $plugin_options['postmethod'] == 'fopen' || $plugin_options['postmethod'] == '' ? ' selected="selected"' : '' ).'>Using fopen (default)</option>';
613
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="curl"'.( $plugin_options['postmethod'] == 'curl' ? ' selected="selected"' : '' ).'>Using cURL</option>';
614
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="socket"'.( $plugin_options['postmethod'] == 'socket' ? ' selected="selected"' : '' ).'>Using Sockets</option>';
615
- $echo_str .= "\n\t\t\t\t\t\t\t".'</select>';
616
- $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.( $plugin_options['postmethod'] == 'fopen' || $plugin_options['postmethod'] == '' ? 'Using fopen' : ( $plugin_options['postmethod'] == 'curl' ? 'Using cURL' : 'Using Sockets' ) ).'</strong></p>';
617
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
618
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
619
- $echo_str .= "\n\t\t\t\t".'</tbody>';
620
- $echo_str .= "\n\t\t\t".'</table>';
621
- $echo_str .= "\n\t\t\t".'<p class="submit">';
622
- $echo_str .= "\n\t\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Update" />';
623
- $echo_str .= "\n\t\t\t".'</p>';
624
- $echo_str .= "\n\t\t".'</form>';
625
- $echo_str .= "\n\t".'</div>';
626
- $echo_str .= "\n".'</div>';
627
-
628
- echo $echo_str;
629
- }
630
-
631
- function wfu_update_settings() {
632
- if ( !current_user_can( 'manage_options' ) ) return;
633
- if ( !check_admin_referer('wfu_edit_admin_settings') ) return;
634
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
635
- $new_plugin_options = array();
636
-
637
- // $enabled = ( isset($_POST['wfu_enabled']) ? ( $_POST['wfu_enabled'] == "on" ? 1 : 0 ) : 0 );
638
- $hashfiles = ( isset($_POST['wfu_hashfiles']) ? ( $_POST['wfu_hashfiles'] == "on" ? 1 : 0 ) : 0 );
639
- if ( isset($_POST['wfu_basedir']) && isset($_POST['wfu_postmethod']) && isset($_POST['submit']) ) {
640
- if ( $_POST['submit'] == "Update" ) {
641
- $new_plugin_options['version'] = '1.0';
642
- $new_plugin_options['shortcode'] = $plugin_options['shortcode'];
643
- $new_plugin_options['hashfiles'] = $hashfiles;
644
- $new_plugin_options['basedir'] = $_POST['wfu_basedir'];
645
- $new_plugin_options['postmethod'] = $_POST['wfu_postmethod'];
646
- $encoded_options = wfu_encode_plugin_options($new_plugin_options);
647
- update_option( "wordpress_file_upload_options", $encoded_options );
648
- if ( $new_plugin_options['hashfiles'] == '1' && $plugin_options['hashfiles'] != '1' )
649
- wfu_reassign_hashes();
650
- }
651
- }
652
-
653
- return true;
654
- }
655
-
656
  ?>
3
  function wordpress_file_upload_admin_init() {
4
  $uri = $_SERVER['REQUEST_URI'];
5
  wp_register_style( 'myPluginStylesheet', plugins_url('stylesheet.css', __FILE__) );
6
+ $is_admin = current_user_can( 'manage_options' );
7
+ if ( is_admin() && ( ( $is_admin && strpos($uri, "options-general.php") !== false ) ) ) {
8
  wp_register_style('wordpress-file-upload-admin-style', WPFILEUPLOAD_DIR.'css/wordpress_file_upload_adminstyle.css',false,'1.0','all');
9
  wp_register_script('wordpress_file_upload_admin_script', WPFILEUPLOAD_DIR.'js/wordpress_file_upload_adminfunctions.js', array( 'wp-color-picker' ), false, true);
10
  wp_register_script('wordpress_file_upload_classname_script', WPFILEUPLOAD_DIR.'js/getElementsByClassName-1.0.1.js');
12
  }
13
 
14
  function wordpress_file_upload_add_admin_pages() {
15
+ if ( current_user_can( 'manage_options' ) ) $page_hook_suffix = add_options_page('Wordpress File Upload', 'Wordpress File Upload', 'manage_options', 'wordpress_file_upload', 'wordpress_file_upload_manage_dashboard');
16
+ if ( $page_hook_suffix !== false ) add_action('admin_print_scripts-'.$page_hook_suffix, 'wfu_enqueue_admin_scripts');
17
  }
18
 
19
  function wfu_enqueue_admin_scripts() {
20
  $uri = $_SERVER['REQUEST_URI'];
21
+ $is_admin = current_user_can( 'manage_options' );
22
+ if ( is_admin() && ( ( $is_admin && strpos($uri, "options-general.php") !== false ) ) ) {
23
  wp_enqueue_style('wordpress-file-upload-admin-style');
24
  wp_enqueue_style( 'wp-color-picker' );
25
  wp_enqueue_script('wordpress_file_upload_admin_script');
568
  return $res;
569
  }
570
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
571
  ?>
lib/wfu_admin_browser.php CHANGED
@@ -1,29 +1,38 @@
1
  <?php
2
 
3
- function wfu_browse_files($basedir) {
4
  $siteurl = site_url();
5
  $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
6
  $user = wp_get_current_user();
7
  //store session variables for use from the downloader
8
 
9
  if ( !current_user_can( 'manage_options' ) ) return;
10
- //first decode basedir
11
- $basedir = wfu_plugin_decode_string($basedir);
12
- //then extract sort info from basedir
13
- $ret = wfu_extract_sortdata_from_path($basedir);
14
- $basedir = $ret['path'];
15
- $sort = $ret['sort'];
 
 
 
 
 
 
16
  if ( $sort == "" ) $sort = 'name';
17
  if ( substr($sort, 0, 1) == '-' ) $order = SORT_DESC;
18
  else $order = SORT_ASC;
19
 
20
  //adjust basedir to have a standard format
21
- if ( $basedir != "" ) {
22
  if ( substr($basedir, -1) != '/' ) $basedir .= '/';
23
- if ( !file_exists($basedir) ) $basedir = "";
 
 
 
24
  }
25
  //set basedit to default value if empty
26
- if ( $basedir == "" ) {
27
  $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
28
  $basedir = ( isset($plugin_options['basedir']) ? $plugin_options['basedir'] : "" );
29
  $temp_params = array( 'uploadpath' => $basedir, 'accessmethod' => 'normal', 'ftpinfo' => '', 'useftpdomain' => 'false' );
@@ -38,7 +47,8 @@ function wfu_browse_files($basedir) {
38
  foreach ( $parts as $part ) {
39
  $part = trim($part);
40
  if ( $part != "" ) {
41
- if ( $part == 'root' && $prev == "" ) $prev = ABSPATH;
 
42
  else $prev .= $part.'/';
43
  array_push($route, array( 'item' => $part, 'path' => $prev ));
44
  }
@@ -57,31 +67,34 @@ function wfu_browse_files($basedir) {
57
  $echo_str .= "\n\t".'<div>';
58
  $echo_str .= "\n\t\t".'<span><strong>Location:</strong> </span>';
59
  foreach ( $route as $item ) {
60
- $echo_str .= '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.wfu_plugin_encode_string($item['path']).'">'.$item['item'].'</a>';
 
 
61
  $echo_str .= '<span>/</span>';
62
  }
63
  //file browser header
64
  $echo_str .= "\n\t".'</div>';
65
- $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=create_dir&dir='.wfu_plugin_encode_string($basedir.'[['.$sort.']]').'" class="button" title="create folder" style="margin-top:6px">Create folder</a>';
 
66
  $echo_str .= "\n\t".'<div style="margin-top:10px;">';
67
  $echo_str .= "\n\t\t".'<table class="widefat">';
68
  $echo_str .= "\n\t\t\t".'<thead>';
69
  $echo_str .= "\n\t\t\t\t".'<tr>';
70
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" style="text-align:left;">';
71
- $enc_dir = wfu_plugin_encode_string($basedir.'[['.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? '-name' : 'name' ) : 'name' ).']]');
72
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'">Name'.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
73
  $echo_str .= "\n\t\t\t\t\t".'</th>';
74
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" style="text-align:right;">';
75
- $enc_dir = wfu_plugin_encode_string($basedir.'[['.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? '-size' : 'size' ) : 'size' ).']]');
76
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'">Size'.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
77
  $echo_str .= "\n\t\t\t\t\t".'</th>';
78
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="20%" style="text-align:left;">';
79
- $enc_dir = wfu_plugin_encode_string($basedir.'[['.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? '-date' : 'date' ) : 'date' ).']]');
80
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'">Date'.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
81
  $echo_str .= "\n\t\t\t\t\t".'</th>';
82
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" style="text-align:center;">';
83
- $enc_dir = wfu_plugin_encode_string($basedir.'[['.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? '-user' : 'user' ) : 'user' ).']]');
84
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'">Uploaded By'.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
85
  $echo_str .= "\n\t\t\t\t\t".'</th>';
86
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" style="text-align:left;">';
87
  $echo_str .= "\n\t\t\t\t\t\t".'<label>User Data</label>';
@@ -103,8 +116,11 @@ function wfu_browse_files($basedir) {
103
  array_push($dirlist, array( 'name' => $file, 'fullpath' => $filepath, 'mdate' => $stat['mtime'] ));
104
  }
105
  else {
106
- //find relative file record in database together with user data
107
- $filerec = wfu_get_file_rec($filepath, true);
 
 
 
108
  //find user who uploaded the file
109
  $username = '';
110
  if ( $filerec != null ) $username = wfu_get_username_by_id($filerec->uploaduserid);
@@ -123,10 +139,10 @@ function wfu_browse_files($basedir) {
123
 
124
  //show subfolders first
125
  if ( $reldir != "root/" ) {
126
- $enc_dir = wfu_plugin_encode_string($updir);
127
  $echo_str .= "\n\t\t\t\t".'<tr>';
128
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
129
- $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'" title="go up">..</a>';
130
  $echo_str .= "\n\t\t\t\t\t".'</td>';
131
  $echo_str .= "\n\t\t\t\t\t".'<td width="10%" style="padding: 5px 5px 5px 10px; text-align:right;"> </td>';
132
  $echo_str .= "\n\t\t\t\t\t".'<td width="20%" style="padding: 5px 5px 5px 10px; text-align:left;"> </td>';
@@ -136,18 +152,22 @@ function wfu_browse_files($basedir) {
136
  }
137
  $ii = 1;
138
  foreach ( $dirlist as $dir ) {
139
- $enc_dir = wfu_plugin_encode_string($dir['fullpath'].'[['.$sort.']]');
140
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="for (i in document.getElementsByName(\'wfu_dir_actions\')){document.getElementsByName(\'wfu_dir_actions\').item(i).style.visibility=\'hidden\';} document.getElementById(\'wfu_dir_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="for (i in document.getElementsByName(\'wfu_dir_actions\')){document.getElementsByName(\'wfu_dir_actions\').item(i).style.visibility=\'hidden\';}">';
141
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
142
- $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$enc_dir.'" title="'.$dir['name'].'">'.$dir['name'].'</a>';
143
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_dir_actions_'.$ii.'" name="wfu_dir_actions" style="visibility:hidden;">';
144
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
145
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_dir&file='.$enc_dir.'" title="Rename this folder">Rename</a>';
146
  $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
147
  $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
148
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
149
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_dir&file='.$enc_dir.'" title="Delete this folder">Delete</a>';
150
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
 
 
 
 
151
  $echo_str .= "\n\t\t\t\t\t\t".'</div>';
152
  $echo_str .= "\n\t\t\t\t\t".'</td>';
153
  $echo_str .= "\n\t\t\t\t\t".'<td width="10%" style="padding: 5px 5px 5px 10px; text-align:right;"> </td>';
@@ -159,31 +179,37 @@ function wfu_browse_files($basedir) {
159
  }
160
  //show contained files
161
  foreach ( $filelist as $file ) {
162
- $enc_file = wfu_plugin_encode_string($file['fullpath'].'[['.$sort.']]');
163
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="for (i in document.getElementsByName(\'wfu_file_actions\')){document.getElementsByName(\'wfu_file_actions\').item(i).style.visibility=\'hidden\';} document.getElementById(\'wfu_file_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="for (i in document.getElementsByName(\'wfu_file_actions\')){document.getElementsByName(\'wfu_file_actions\').item(i).style.visibility=\'hidden\';}">';
164
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
165
  if ( $file['filedata'] != null )
166
- $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$enc_file.'" title="View and edit file details" style="font-weight:normal;">'.$file['name'].'</a>';
167
  else
168
  $echo_str .= "\n\t\t\t\t\t\t".'<span>'.$file['name'].'</span>';
169
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_actions_'.$ii.'" name="wfu_file_actions" style="visibility:hidden;">';
170
  if ( $file['filedata'] != null ) {
171
  $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
172
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$enc_file.'" title="View and edit file details">Details</a>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
173
  $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
174
  $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
175
  }
176
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
177
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_file&file='.$enc_file.'" title="Rename this file">Rename</a>';
178
- $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
179
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
180
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
181
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_file&file='.$enc_file.'" title="Delete this file">Delete</a>';
182
- $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
183
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
184
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
185
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="javascript:wfu_download_file(\''.wfu_plugin_encode_string($file['fullpath']).'\', '.$ii.', \''.wp_create_nonce('wfu_download_file_invoker').'\');" title="Download this file">Download</a>';
186
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
187
  $echo_str .= "\n\t\t\t\t\t\t".'</div>';
188
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_download_container_'.$ii.'" style="display: block;"></div>';
189
  $echo_str .= "\n\t\t\t\t\t".'</td>';
@@ -212,6 +238,19 @@ function wfu_browse_files($basedir) {
212
  return $echo_str;
213
  }
214
 
 
 
 
 
 
 
 
 
 
 
 
 
 
215
  function wfu_current_user_allowed_action($action, $filepath) {
216
  //first get file data from database, if exist
217
  $filerec = wfu_get_file_rec($filepath, false);
@@ -220,7 +259,7 @@ function wfu_current_user_allowed_action($action, $filepath) {
220
  if ( 0 == $user->ID ) return null;
221
  else $is_admin = current_user_can('manage_options');
222
  if ( !$is_admin ) {
223
- return null;
224
  }
225
  return $user;
226
  }
@@ -237,21 +276,31 @@ function wfu_current_user_allowed_action_remote($action, $filepath, $userid) {
237
  return true;
238
  }
239
 
240
- function wfu_rename_file_prompt($file, $type, $error) {
 
 
241
  $siteurl = site_url();
242
 
243
- $dec_file = wfu_plugin_decode_string($file);
 
 
 
 
 
 
 
 
244
  //first extract sort info from dec_file
245
  $ret = wfu_extract_sortdata_from_path($dec_file);
246
- $dec_file = $ret['path'];
247
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
248
 
249
  //check if user is allowed to perform this action
250
- if ( wfu_current_user_allowed_action('rename', $dec_file) == null ) return;
251
 
252
  $parts = pathinfo($dec_file);
253
  $newname = $parts['basename'];
254
- $enc_dir = wfu_plugin_encode_string($parts['dirname'].'[['.$ret['sort'].']]');
255
 
256
  $echo_str = "\n".'<div class="wrap">';
257
  if ( $error ) {
@@ -261,15 +310,15 @@ function wfu_rename_file_prompt($file, $type, $error) {
261
  $echo_str .= "\n\t".'</div>';
262
  }
263
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
264
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$enc_dir.'" class="button" title="go back">Go back</a>';
265
  $echo_str .= "\n\t".'</div>';
266
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Rename '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
267
- $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="renamefile" id="renamefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
268
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="rename'.( $type == 'dir' ? 'dir' : 'file' ).'">';
269
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$enc_dir.'">';
270
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file.'">';
271
  if ( $type == 'dir' ) $echo_str .= "\n\t\t".'<label>Enter new name for folder <strong>'.$dec_file.'</strong></label><br/>';
272
- else $echo_str .= "\n\t\t".'<label>Enter new filename for file <strong>'.$dec_file.'</strong></label><br/>';
273
  $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
274
  $echo_str .= "\n\t\t".'<p class="submit">';
275
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Rename">';
@@ -280,15 +329,25 @@ function wfu_rename_file_prompt($file, $type, $error) {
280
  return $echo_str;
281
  }
282
 
283
- function wfu_rename_file($file, $type) {
284
- $dec_file = wfu_plugin_decode_string($file);
285
- $dec_file = wfu_flatten_path($dec_file);
 
 
 
 
 
 
 
 
 
 
 
286
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
287
- if ( !file_exists($dec_file) ) return wfu_browse_files();
288
 
289
  //check if user is allowed to perform this action
290
- $user = wfu_current_user_allowed_action('rename', $dec_file);
291
- if ( $user == null ) return;
292
 
293
  $parts = pathinfo($dec_file);
294
  $error = "";
@@ -298,7 +357,9 @@ function wfu_rename_file($file, $type) {
298
  $relativepath = str_replace(ABSPATH, '', $new_file);
299
  if ( substr($relativepath, 0, 1) != '/' ) $relativepath = '/'.$relativepath;
300
  if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New '.( $type == 'dir' ? 'folder ' : 'file' ).'name cannot be empty!';
301
- elseif ( preg_match("/[^A-Za-z0-9.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contains invalid characters! Please correct.';
 
 
302
  elseif ( file_exists($new_file) ) $error = 'Error: The '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
303
  else {
304
  //pre-log rename action
@@ -312,35 +373,45 @@ function wfu_rename_file($file, $type) {
312
  }
313
  if ( $error != "" ) {
314
  $_SESSION['wfu_rename_file_error'] = $error;
315
- $_SESSION['wfu_rename_file']['newname'] = $_POST['wfu_newname'];
316
  }
317
  return ( $error == "" );
318
  }
319
 
320
- function wfu_delete_file_prompt($file, $type) {
 
 
321
  $siteurl = site_url();
322
 
323
- $dec_file = wfu_plugin_decode_string($file);
 
 
 
 
 
 
 
 
324
  //first extract sort info from dec_file
325
  $ret = wfu_extract_sortdata_from_path($dec_file);
326
- $dec_file = $ret['path'];
327
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
328
 
329
  //check if user is allowed to perform this action
330
- if ( wfu_current_user_allowed_action('delete', $dec_file) == null ) return;
331
 
332
  $parts = pathinfo($dec_file);
333
- $enc_dir = wfu_plugin_encode_string($parts['dirname'].'[['.$ret['sort'].']]');
334
 
335
  $echo_str = "\n".'<div class="wrap">';
336
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
337
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$enc_dir.'" class="button" title="go back">Go back</a>';
338
  $echo_str .= "\n\t".'</div>';
339
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Delete '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
340
- $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deletefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
341
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="delete'.( $type == 'dir' ? 'dir' : 'file' ).'">';
342
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$enc_dir.'">';
343
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file.'">';
344
  $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$parts['basename'].'</strong>?</label><br/>';
345
  $echo_str .= "\n\t\t".'<p class="submit">';
346
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
@@ -351,14 +422,24 @@ function wfu_delete_file_prompt($file, $type) {
351
  return $echo_str;
352
  }
353
 
354
- function wfu_delete_file($file, $type) {
355
- $dec_file = wfu_plugin_decode_string($file);
356
- $dec_file = wfu_flatten_path($dec_file);
 
 
 
 
 
 
 
 
 
 
 
357
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
358
 
359
  //check if user is allowed to perform this action
360
- $user = wfu_current_user_allowed_action('delete', $dec_file);
361
- if ( $user == null ) return;
362
 
363
  if ( isset($_POST['submit']) ) {
364
  if ( $_POST['submit'] == "Delete" ) {
@@ -373,15 +454,20 @@ function wfu_delete_file($file, $type) {
373
  return true;
374
  }
375
 
376
- function wfu_create_dir_prompt($dir, $error) {
 
 
377
  $siteurl = site_url();
378
 
379
  if ( !current_user_can( 'manage_options' ) ) return;
380
 
381
- $dec_dir = wfu_plugin_decode_string($dir);
 
 
 
382
  //first extract sort info from dec_dir
383
  $ret = wfu_extract_sortdata_from_path($dec_dir);
384
- $dec_dir = $ret['path'];
385
  if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
386
  $newname = '';
387
 
@@ -393,12 +479,12 @@ function wfu_create_dir_prompt($dir, $error) {
393
  $echo_str .= "\n\t".'</div>';
394
  }
395
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
396
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir.'" class="button" title="go back">Go back</a>';
397
  $echo_str .= "\n\t".'</div>';
398
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Create Folder</h2>';
399
  $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="createdir" id="createdir" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
400
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="createdir">';
401
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir.'">';
402
  $echo_str .= "\n\t\t".'<label>Enter the name of the new folder inside <strong>'.$dec_dir.'</strong></label><br/>';
403
  $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
404
  $echo_str .= "\n\t\t".'<p class="submit">';
@@ -410,54 +496,67 @@ function wfu_create_dir_prompt($dir, $error) {
410
  return $echo_str;
411
  }
412
 
413
- function wfu_create_dir($dir) {
 
 
414
  if ( !current_user_can( 'manage_options' ) ) return;
415
 
416
- $dec_dir = wfu_plugin_decode_string($dir);
417
- $dec_dir = wfu_flatten_path($dec_dir);
 
 
 
418
  if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
419
- if ( !file_exists($dec_dir) ) return wfu_browse_files();
420
  $error = "";
421
  if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
422
  if ( $_POST['submit'] == "Create" ) {
423
  $new_dir = $dec_dir.$_POST['wfu_newname'];
424
  if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New folder name cannot be empty!';
425
- elseif ( preg_match("/[^A-Za-z0-9.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contains invalid characters! Please correct.';
426
  elseif ( file_exists($new_dir) ) $error = 'Error: The folder <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
427
  elseif ( mkdir($new_dir) == false ) $error = 'Error: Creation of folder <strong>'.$_POST['wfu_newname'].'</strong> failed!';
428
  }
429
  }
430
  if ( $error != "" ) {
431
  $_SESSION['wfu_create_dir_error'] = $error;
432
- $_SESSION['wfu_create_dir']['newname'] = $_POST['wfu_newname'];
433
  }
434
  return ( $error == "" );
435
  }
436
 
437
- function wfu_file_details($file, $errorstatus) {
438
  global $wpdb;
439
  $table_name1 = $wpdb->prefix . "wfu_log";
440
  $siteurl = site_url();
441
 
 
 
 
 
 
 
 
 
 
 
442
  //extract file browser data from $file variable
443
- $dec_file = wfu_plugin_decode_string($file);
444
  $ret = wfu_extract_sortdata_from_path($dec_file);
445
- $filepath = $ret['path'];
 
 
 
446
 
447
  //get file data from database with user data
448
  $filedata = wfu_get_file_rec($filepath, true);
449
  if ( $filedata == null ) return;
450
 
451
- //check if user is allowed to perform this action
452
- $user = wfu_current_user_allowed_action('details', $filepath);
453
- if ( $user == null ) return;
454
-
455
  //get the username of the uploader
456
  $uploadername = wfu_get_username_by_id($filedata->uploaduserid);
457
 
458
  //extract sort info and construct contained dir
459
  $parts = pathinfo($filepath);
460
- $enc_dir = wfu_plugin_encode_string($parts['dirname'].'[['.$ret['sort'].']]');
461
 
462
  $stat = stat($filepath);
463
 
@@ -470,30 +569,34 @@ function wfu_file_details($file, $errorstatus) {
470
  //show file detais
471
  $echo_str .= "\n\t".'<h2>Detais of File: '.$parts['basename'].'</h2>';
472
  $echo_str .= "\n\t".'<div style="margin-top:10px;">';
473
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$enc_dir.'" class="button" title="go back">Go back</a>';
474
- $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editfiledetails" id="editfiledetails" method="post" action="/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_filedetails" class="validate">';
 
 
475
  $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Upload Details</h3>';
476
  $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_filedetails" />';
477
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="dir" value="'.$enc_dir.'">';
478
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="file" value="'.$file.'">';
479
  $echo_str .= "\n\t\t\t".'<table class="form-table">';
480
  $echo_str .= "\n\t\t\t\t".'<tbody>';
481
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
482
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
483
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Full Path</label>';
484
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
485
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
486
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filepath.'" readonly="readonly" />';
487
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
488
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
489
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
490
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
491
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded From User</label>';
492
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
493
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
494
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$uploadername.'" readonly="readonly" style="width:auto;" />';
495
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
496
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
 
 
497
  $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
498
  $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
499
  $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Size</label>';
@@ -518,59 +621,63 @@ function wfu_file_details($file, $errorstatus) {
518
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.get_the_title($filedata->pageid).' ('.$filedata->pageid.')'.'" readonly="readonly" style="width:50%;" />';
519
  $echo_str .= "\n\t\t\t\t\t\t".'</td>';
520
  $echo_str .= "\n\t\t\t\t\t".'</tr>';
521
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
522
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
523
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Upload Plugin ID</label>';
524
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
525
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
526
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filedata->sid.'" readonly="readonly" style="width:auto;" />';
527
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
528
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
529
- $echo_str .= "\n\t\t\t\t".'</tbody>';
530
- $echo_str .= "\n\t\t\t".'</table>';
531
- //show history details
532
- $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">File History</h3>';
533
- $echo_str .= "\n\t\t\t".'<table class="form-table">';
534
- $echo_str .= "\n\t\t\t\t".'<tbody>';
535
- $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
536
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
537
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label></label>';
538
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
539
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
540
- //read all linked records
541
- $filerecs = array();
542
- array_push($filerecs, $filedata);
543
- $currec = $filedata;
544
- while ( $currec->linkedto > 0 ) {
545
- $currec = $wpdb->get_row('SELECT * FROM '.$table_name1.' WHERE idlog = '.$currec->linkedto);
546
- if ( $currec != null ) array_push($filerecs, $currec);
547
- else break;
548
- }
549
- //construct report from db records
550
- $rep = '';
551
- foreach ( $filerecs as $filerec ) {
552
- $username = wfu_get_username_by_id($filerec->userid);
553
- $fileparts = pathinfo($filerec->filepath);
554
- if ( $rep != '' ) $rep .= "<br />";
555
- $rep .= '<strong>['.$filerec->date_from.']</strong> ';
556
- if ( $filerec->action == 'upload' )
557
- $rep .= 'File uploaded with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
558
- elseif ( $filerec->action == 'download' )
559
- $rep .= 'File downloaded by user <strong>'.$username.'</strong>';
560
- elseif ( $filerec->action == 'rename' )
561
- $rep .= 'File renamed to <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
562
- elseif ( $filerec->action == 'delete' )
563
- $rep .= 'File deleted by user <strong>'.$username.'</strong>';
564
- elseif ( $filerec->action == 'modify' )
565
- $rep .= 'File userdata modified by user <strong>'.$username.'</strong>';
566
- }
567
- $echo_str .= "\n\t\t\t\t\t\t\t".'<div style="border:1px solid #dfdfdf; border-radius:3px; width:50%; overflow:scroll; padding:6px; height:100px; background-color:#eee;">';
568
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="white-space:nowrap;">'.$rep.'</span>';
569
- $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
570
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
571
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
572
  $echo_str .= "\n\t\t\t\t".'</tbody>';
573
  $echo_str .= "\n\t\t\t".'</table>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
574
 
575
  $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">User Data Details</h3>';
576
  $echo_str .= "\n\t\t\t".'<table class="form-table">';
@@ -582,7 +689,7 @@ function wfu_file_details($file, $errorstatus) {
582
  $echo_str .= "\n\t\t\t\t\t\t\t".'<label>'.$userdata->property.'</label>';
583
  $echo_str .= "\n\t\t\t\t\t\t".'</th>';
584
  $echo_str .= "\n\t\t\t\t\t\t".'<td>';
585
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" type="text" value="'.$userdata->propvalue.'" />';
586
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_default_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
587
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_'.$userdata->propkey.'" name="wfu_filedetails_userdata_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
588
  $echo_str .= "\n\t\t\t\t\t\t".'</td>';
@@ -599,9 +706,11 @@ function wfu_file_details($file, $errorstatus) {
599
  }
600
  $echo_str .= "\n\t\t\t\t".'</tbody>';
601
  $echo_str .= "\n\t\t\t".'</table>';
602
- $echo_str .= "\n\t\t\t".'<p class="submit">';
603
- $echo_str .= "\n\t\t\t\t".'<input id="dp_filedetails_submit_fields" type="submit" class="button-primary" name="submit" value="Update" disabled="disabled" />';
604
- $echo_str .= "\n\t\t\t".'</p>';
 
 
605
  $echo_str .= "\n\t\t".'</form>';
606
  $echo_str .= "\n\t".'</div>';
607
  $handler = 'function() { wfu_Attach_FileDetails_Admin_Events(); }';
@@ -611,16 +720,24 @@ function wfu_file_details($file, $errorstatus) {
611
  return $echo_str;
612
  }
613
 
614
- function wfu_edit_filedetails($file) {
615
  global $wpdb;
616
  $table_name2 = $wpdb->prefix . "wfu_userdata";
617
 
618
- $dec_file = wfu_plugin_decode_string($file);
619
- $dec_file = wfu_flatten_path($dec_file);
 
 
 
 
 
 
 
 
 
620
 
621
  //check if user is allowed to perform this action
622
- $user = wfu_current_user_allowed_action('modify', $dec_file);
623
- if ( $user == null ) return;
624
 
625
  //get file data from database with user data
626
  $filedata = wfu_get_file_rec($dec_file, true);
1
  <?php
2
 
3
+ function wfu_browse_files($basedir_code) {
4
  $siteurl = site_url();
5
  $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
6
  $user = wp_get_current_user();
7
  //store session variables for use from the downloader
8
 
9
  if ( !current_user_can( 'manage_options' ) ) return;
10
+
11
+ //first decode basedir_code
12
+ $basedir = wfu_get_filepath_from_safe($basedir_code);
13
+ //clean session array holding dir and file paths if it is too big
14
+ if ( isset($_SESSION['wfu_filepath_safe_storage']) && count($_SESSION['wfu_filepath_safe_storage']) > WFU_PHP_ARRAY_MAXLEN ) $_SESSION['wfu_filepath_safe_storage'] = array();
15
+
16
+ //extract sort info from basedir
17
+ if ( $basedir !== false ) {
18
+ $ret = wfu_extract_sortdata_from_path($basedir);
19
+ $basedir = $ret['path'];
20
+ $sort = $ret['sort'];
21
+ }
22
  if ( $sort == "" ) $sort = 'name';
23
  if ( substr($sort, 0, 1) == '-' ) $order = SORT_DESC;
24
  else $order = SORT_ASC;
25
 
26
  //adjust basedir to have a standard format
27
+ if ( $basedir !== false ) {
28
  if ( substr($basedir, -1) != '/' ) $basedir .= '/';
29
+ if ( substr($basedir, 0, 1) == '/' ) $basedir = substr($basedir, 1);
30
+ //calculate the absolute path of basedir knowing that basedir is relative to website root
31
+ $basedir = ABSPATH.$basedir;
32
+ if ( !file_exists($basedir) ) $basedir = false;
33
  }
34
  //set basedit to default value if empty
35
+ if ( $basedir === false ) {
36
  $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
37
  $basedir = ( isset($plugin_options['basedir']) ? $plugin_options['basedir'] : "" );
38
  $temp_params = array( 'uploadpath' => $basedir, 'accessmethod' => 'normal', 'ftpinfo' => '', 'useftpdomain' => 'false' );
47
  foreach ( $parts as $part ) {
48
  $part = trim($part);
49
  if ( $part != "" ) {
50
+ // if ( $part == 'root' && $prev == "" ) $prev = ABSPATH;
51
+ if ( $part == 'root' && $prev == "" ) $prev = "";
52
  else $prev .= $part.'/';
53
  array_push($route, array( 'item' => $part, 'path' => $prev ));
54
  }
67
  $echo_str .= "\n\t".'<div>';
68
  $echo_str .= "\n\t\t".'<span><strong>Location:</strong> </span>';
69
  foreach ( $route as $item ) {
70
+ // store dir path that we need to pass to other functions in session, instead of exposing it in the url
71
+ $dir_code = wfu_safe_store_filepath($item['path']);
72
+ $echo_str .= '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">'.$item['item'].'</a>';
73
  $echo_str .= '<span>/</span>';
74
  }
75
  //file browser header
76
  $echo_str .= "\n\t".'</div>';
77
+ // $dir_code = wfu_safe_store_filepath(substr($basedir, strlen(ABSPATH)).'[['.$sort.']]');
78
+ // $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=create_dir&dir='.$dir_code.'" class="button" title="create folder" style="margin-top:6px">Create folder</a>';
79
  $echo_str .= "\n\t".'<div style="margin-top:10px;">';
80
  $echo_str .= "\n\t\t".'<table class="widefat">';
81
  $echo_str .= "\n\t\t\t".'<thead>';
82
  $echo_str .= "\n\t\t\t\t".'<tr>';
83
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" style="text-align:left;">';
84
+ $dir_code = wfu_safe_store_filepath(substr($basedir, strlen(ABSPATH)).'[['.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? '-name' : 'name' ) : 'name' ).']]');
85
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Name'.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
86
  $echo_str .= "\n\t\t\t\t\t".'</th>';
87
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" style="text-align:right;">';
88
+ $dir_code = wfu_safe_store_filepath(substr($basedir, strlen(ABSPATH)).'[['.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? '-size' : 'size' ) : 'size' ).']]');
89
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Size'.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
90
  $echo_str .= "\n\t\t\t\t\t".'</th>';
91
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="20%" style="text-align:left;">';
92
+ $dir_code = wfu_safe_store_filepath(substr($basedir, strlen(ABSPATH)).'[['.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? '-date' : 'date' ) : 'date' ).']]');
93
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Date'.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
94
  $echo_str .= "\n\t\t\t\t\t".'</th>';
95
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" style="text-align:center;">';
96
+ $dir_code = wfu_safe_store_filepath(substr($basedir, strlen(ABSPATH)).'[['.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? '-user' : 'user' ) : 'user' ).']]');
97
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Uploaded By'.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
98
  $echo_str .= "\n\t\t\t\t\t".'</th>';
99
  $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" style="text-align:left;">';
100
  $echo_str .= "\n\t\t\t\t\t\t".'<label>User Data</label>';
116
  array_push($dirlist, array( 'name' => $file, 'fullpath' => $filepath, 'mdate' => $stat['mtime'] ));
117
  }
118
  else {
119
+ //find relative file record in database together with user data;
120
+ //if the file is php, then file record is null meaning that the file can only be viewed
121
+ //if file record is not found then the file can only be viewed
122
+ if ( preg_match("/\.php$/", $filepath) ) $filerec = null;
123
+ else $filerec = wfu_get_file_rec($filepath, true);
124
  //find user who uploaded the file
125
  $username = '';
126
  if ( $filerec != null ) $username = wfu_get_username_by_id($filerec->uploaduserid);
139
 
140
  //show subfolders first
141
  if ( $reldir != "root/" ) {
142
+ $dir_code = wfu_safe_store_filepath(substr($updir, strlen(ABSPATH)));
143
  $echo_str .= "\n\t\t\t\t".'<tr>';
144
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
145
+ $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="go up">..</a>';
146
  $echo_str .= "\n\t\t\t\t\t".'</td>';
147
  $echo_str .= "\n\t\t\t\t\t".'<td width="10%" style="padding: 5px 5px 5px 10px; text-align:right;"> </td>';
148
  $echo_str .= "\n\t\t\t\t\t".'<td width="20%" style="padding: 5px 5px 5px 10px; text-align:left;"> </td>';
152
  }
153
  $ii = 1;
154
  foreach ( $dirlist as $dir ) {
155
+ $dir_code = wfu_safe_store_filepath(substr($dir['fullpath'], strlen(ABSPATH)).'[['.$sort.']]');
156
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="for (i in document.getElementsByName(\'wfu_dir_actions\')){document.getElementsByName(\'wfu_dir_actions\').item(i).style.visibility=\'hidden\';} document.getElementById(\'wfu_dir_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="for (i in document.getElementsByName(\'wfu_dir_actions\')){document.getElementsByName(\'wfu_dir_actions\').item(i).style.visibility=\'hidden\';}">';
157
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
158
+ $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="'.$dir['name'].'">'.$dir['name'].'</a>';
159
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_dir_actions_'.$ii.'" name="wfu_dir_actions" style="visibility:hidden;">';
160
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
161
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
162
  $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
163
  $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
164
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
165
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_dir&file='.$dir_code.'" title="Rename this folder">Rename</a>';
166
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
167
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
168
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
169
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_dir&file='.$dir_code.'" title="Delete this folder">Delete</a>';
170
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
171
  $echo_str .= "\n\t\t\t\t\t\t".'</div>';
172
  $echo_str .= "\n\t\t\t\t\t".'</td>';
173
  $echo_str .= "\n\t\t\t\t\t".'<td width="10%" style="padding: 5px 5px 5px 10px; text-align:right;"> </td>';
179
  }
180
  //show contained files
181
  foreach ( $filelist as $file ) {
182
+ if ( $file['filedata'] != null ) $file_code = wfu_safe_store_filepath(substr($file['fullpath'], strlen(ABSPATH)).'[['.$sort.']]');
183
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="for (i in document.getElementsByName(\'wfu_file_actions\')){document.getElementsByName(\'wfu_file_actions\').item(i).style.visibility=\'hidden\';} document.getElementById(\'wfu_file_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="for (i in document.getElementsByName(\'wfu_file_actions\')){document.getElementsByName(\'wfu_file_actions\').item(i).style.visibility=\'hidden\';}">';
184
  $echo_str .= "\n\t\t\t\t\t".'<td width="30%" style="padding: 5px 5px 5px 10px; text-align:left;">';
185
  if ( $file['filedata'] != null )
186
+ $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file_code.'" title="View and edit file details" style="font-weight:normal;">'.$file['name'].'</a>';
187
  else
188
  $echo_str .= "\n\t\t\t\t\t\t".'<span>'.$file['name'].'</span>';
189
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_actions_'.$ii.'" name="wfu_file_actions" style="visibility:hidden;">';
190
  if ( $file['filedata'] != null ) {
191
  $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
192
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file_code.'" title="View and edit file details">Details</a>';
193
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
194
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
195
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
196
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_file&file='.$file_code.'" title="Rename this file">Rename</a>';
197
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
198
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
199
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
200
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_file&file='.$file_code.'" title="Delete this file">Delete</a>';
201
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
202
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
203
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
204
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="javascript:wfu_download_file(\''.$file_code.'\', '.$ii.', \''.wp_create_nonce('wfu_download_file_invoker').'\');" title="Download this file">Download</a>';
205
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
206
+ }
207
+ else {
208
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
209
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
210
  $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
211
  $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
212
  }
 
 
 
 
 
 
 
 
 
 
 
213
  $echo_str .= "\n\t\t\t\t\t\t".'</div>';
214
  $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_download_container_'.$ii.'" style="display: block;"></div>';
215
  $echo_str .= "\n\t\t\t\t\t".'</td>';
238
  return $echo_str;
239
  }
240
 
241
+ function wfu_current_user_owes_file($filepath) {
242
+ //first check if file is php; for security reasons php files cannot be owned
243
+ if ( preg_match("/\.php$/", $filepath) ) return false;
244
+ //then get file data from database, if exist
245
+ $filerec = wfu_get_file_rec($filepath, false);
246
+ if ( $filerec == null ) return false;
247
+
248
+ $user = wp_get_current_user();
249
+ if ( 0 == $user->ID ) return false;
250
+ if ( current_user_can('manage_options') ) return true;
251
+ return false;
252
+ }
253
+
254
  function wfu_current_user_allowed_action($action, $filepath) {
255
  //first get file data from database, if exist
256
  $filerec = wfu_get_file_rec($filepath, false);
259
  if ( 0 == $user->ID ) return null;
260
  else $is_admin = current_user_can('manage_options');
261
  if ( !$is_admin ) {
262
+ return null;
263
  }
264
  return $user;
265
  }
276
  return true;
277
  }
278
 
279
+ function wfu_rename_file_prompt($file_code, $type, $error) {
280
+ if ( $type == 'dir' ) return;
281
+
282
  $siteurl = site_url();
283
 
284
+ $is_admin = current_user_can( 'manage_options' );
285
+ //check if user is allowed to view file details
286
+ if ( !$is_admin ) {
287
+ return;
288
+ }
289
+ $file_code = wfu_sanitize_code($file_code);
290
+ $dec_file = wfu_get_filepath_from_safe($file_code);
291
+ if ( $dec_file === false ) return;
292
+
293
  //first extract sort info from dec_file
294
  $ret = wfu_extract_sortdata_from_path($dec_file);
295
+ $dec_file = ABSPATH.$ret['path'];
296
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
297
 
298
  //check if user is allowed to perform this action
299
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
300
 
301
  $parts = pathinfo($dec_file);
302
  $newname = $parts['basename'];
303
+ $dir_code = wfu_safe_store_filepath(substr($parts['dirname'], strlen(ABSPATH)).'[['.$ret['sort'].']]');
304
 
305
  $echo_str = "\n".'<div class="wrap">';
306
  if ( $error ) {
310
  $echo_str .= "\n\t".'</div>';
311
  }
312
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
313
+ if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
314
  $echo_str .= "\n\t".'</div>';
315
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Rename '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
316
+ if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="renamefile" id="renamefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
317
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="rename'.( $type == 'dir' ? 'dir' : 'file' ).'">';
318
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
319
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code.'">';
320
  if ( $type == 'dir' ) $echo_str .= "\n\t\t".'<label>Enter new name for folder <strong>'.$dec_file.'</strong></label><br/>';
321
+ elseif ( $is_admin ) $echo_str .= "\n\t\t".'<label>Enter new filename for file <strong>'.$dec_file.'</strong></label><br/>';
322
  $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
323
  $echo_str .= "\n\t\t".'<p class="submit">';
324
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Rename">';
329
  return $echo_str;
330
  }
331
 
332
+ function wfu_rename_file($file_code, $type) {
333
+ if ( $type == 'dir' ) return;
334
+
335
+ $user = wp_get_current_user();
336
+ $is_admin = current_user_can( 'manage_options' );
337
+ //check if user is allowed to view file details
338
+ if ( !$is_admin ) {
339
+ return;
340
+ }
341
+ $file_code = wfu_sanitize_code($file_code);
342
+ $dec_file = wfu_get_filepath_from_safe($file_code);
343
+ if ( $dec_file === false ) return;
344
+
345
+ $dec_file = ABSPATH.wfu_flatten_path($dec_file);
346
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
347
+ if ( !file_exists($dec_file) ) return;
348
 
349
  //check if user is allowed to perform this action
350
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
 
351
 
352
  $parts = pathinfo($dec_file);
353
  $error = "";
357
  $relativepath = str_replace(ABSPATH, '', $new_file);
358
  if ( substr($relativepath, 0, 1) != '/' ) $relativepath = '/'.$relativepath;
359
  if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New '.( $type == 'dir' ? 'folder ' : 'file' ).'name cannot be empty!';
360
+ elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
361
+ elseif ( substr($_POST['wfu_newname'], -1 - strlen($parts['extension'])) != '.'.$parts['extension'] ) $error = 'Error: new and old file name extensions must be identical! Please correct.';
362
+ elseif ( wfu_file_extension_restricted($_POST['wfu_newname']) ) $error = 'Error: the new file name has an extension that is forbidden for security reasons. Please correct.';
363
  elseif ( file_exists($new_file) ) $error = 'Error: The '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
364
  else {
365
  //pre-log rename action
373
  }
374
  if ( $error != "" ) {
375
  $_SESSION['wfu_rename_file_error'] = $error;
376
+ $_SESSION['wfu_rename_file']['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
377
  }
378
  return ( $error == "" );
379
  }
380
 
381
+ function wfu_delete_file_prompt($file_code, $type) {
382
+ if ( $type == 'dir' ) return;
383
+
384
  $siteurl = site_url();
385
 
386
+ $is_admin = current_user_can( 'manage_options' );
387
+ //check if user is allowed to view file details
388
+ if ( !$is_admin ) {
389
+ return;
390
+ }
391
+ $file_code = wfu_sanitize_code($file_code);
392
+ $dec_file = wfu_get_filepath_from_safe($file_code);
393
+ if ( $dec_file === false ) return;
394
+
395
  //first extract sort info from dec_file
396
  $ret = wfu_extract_sortdata_from_path($dec_file);
397
+ $dec_file = ABSPATH.$ret['path'];
398
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
399
 
400
  //check if user is allowed to perform this action
401
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
402
 
403
  $parts = pathinfo($dec_file);
404
+ $dir_code = wfu_safe_store_filepath(substr($parts['dirname'], strlen(ABSPATH)).'[['.$ret['sort'].']]');
405
 
406
  $echo_str = "\n".'<div class="wrap">';
407
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
408
+ if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
409
  $echo_str .= "\n\t".'</div>';
410
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Delete '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
411
+ if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deletefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
412
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="delete'.( $type == 'dir' ? 'dir' : 'file' ).'">';
413
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
414
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code.'">';
415
  $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$parts['basename'].'</strong>?</label><br/>';
416
  $echo_str .= "\n\t\t".'<p class="submit">';
417
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
422
  return $echo_str;
423
  }
424
 
425
+ function wfu_delete_file($file_code, $type) {
426
+ if ( $type == 'dir' ) return;
427
+
428
+ $user = wp_get_current_user();
429
+ $is_admin = current_user_can( 'manage_options' );
430
+ //check if user is allowed to view file details
431
+ if ( !$is_admin ) {
432
+ return;
433
+ }
434
+ $file_code = wfu_sanitize_code($file_code);
435
+ $dec_file = wfu_get_filepath_from_safe($file_code);
436
+ if ( $dec_file === false ) return;
437
+
438
+ $dec_file = ABSPATH.wfu_flatten_path($dec_file);
439
  if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
440
 
441
  //check if user is allowed to perform this action
442
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
 
443
 
444
  if ( isset($_POST['submit']) ) {
445
  if ( $_POST['submit'] == "Delete" ) {
454
  return true;
455
  }
456
 
457
+ function wfu_create_dir_prompt($dir_code, $error) {
458
+ return;
459
+
460
  $siteurl = site_url();
461
 
462
  if ( !current_user_can( 'manage_options' ) ) return;
463
 
464
+ $dir_code = wfu_sanitize_code($dir_code);
465
+ $dec_dir = wfu_get_filepath_from_safe($dir_code);
466
+ if ( $dec_dir === false ) return;
467
+
468
  //first extract sort info from dec_dir
469
  $ret = wfu_extract_sortdata_from_path($dec_dir);
470
+ $dec_dir = ABSPATH.$ret['path'];
471
  if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
472
  $newname = '';
473
 
479
  $echo_str .= "\n\t".'</div>';
480
  }
481
  $echo_str .= "\n\t".'<div style="margin-top:20px;">';
482
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
483
  $echo_str .= "\n\t".'</div>';
484
  $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Create Folder</h2>';
485
  $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="createdir" id="createdir" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
486
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="createdir">';
487
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
488
  $echo_str .= "\n\t\t".'<label>Enter the name of the new folder inside <strong>'.$dec_dir.'</strong></label><br/>';
489
  $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
490
  $echo_str .= "\n\t\t".'<p class="submit">';
496
  return $echo_str;
497
  }
498
 
499
+ function wfu_create_dir($dir_code) {
500
+ return;
501
+
502
  if ( !current_user_can( 'manage_options' ) ) return;
503
 
504
+ $dir_code = wfu_sanitize_code($dir_code);
505
+ $dec_dir = wfu_get_filepath_from_safe($dir_code);
506
+ if ( $dec_dir === false ) return;
507
+
508
+ $dec_dir = ABSPATH.wfu_flatten_path($dec_dir);
509
  if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
510
+ if ( !file_exists($dec_dir) ) return;
511
  $error = "";
512
  if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
513
  if ( $_POST['submit'] == "Create" ) {
514
  $new_dir = $dec_dir.$_POST['wfu_newname'];
515
  if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New folder name cannot be empty!';
516
+ elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
517
  elseif ( file_exists($new_dir) ) $error = 'Error: The folder <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
518
  elseif ( mkdir($new_dir) == false ) $error = 'Error: Creation of folder <strong>'.$_POST['wfu_newname'].'</strong> failed!';
519
  }
520
  }
521
  if ( $error != "" ) {
522
  $_SESSION['wfu_create_dir_error'] = $error;
523
+ $_SESSION['wfu_create_dir']['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
524
  }
525
  return ( $error == "" );
526
  }
527
 
528
+ function wfu_file_details($file_code, $errorstatus) {
529
  global $wpdb;
530
  $table_name1 = $wpdb->prefix . "wfu_log";
531
  $siteurl = site_url();
532
 
533
+ $user = wp_get_current_user();
534
+ $is_admin = current_user_can( 'manage_options' );
535
+ //check if user is allowed to view file details
536
+ if ( !$is_admin ) {
537
+ return;
538
+ }
539
+ $file_code = wfu_sanitize_code($file_code);
540
+ $dec_file = wfu_get_filepath_from_safe($file_code);
541
+ if ( $dec_file === false ) return;
542
+
543
  //extract file browser data from $file variable
 
544
  $ret = wfu_extract_sortdata_from_path($dec_file);
545
+ $filepath = ABSPATH.$ret['path'];
546
+
547
+ //check if user is allowed to perform this action
548
+ if ( !wfu_current_user_owes_file($filepath) ) return;
549
 
550
  //get file data from database with user data
551
  $filedata = wfu_get_file_rec($filepath, true);
552
  if ( $filedata == null ) return;
553
 
 
 
 
 
554
  //get the username of the uploader
555
  $uploadername = wfu_get_username_by_id($filedata->uploaduserid);
556
 
557
  //extract sort info and construct contained dir
558
  $parts = pathinfo($filepath);
559
+ $dir_code = wfu_safe_store_filepath(substr($parts['dirname'], strlen(ABSPATH)).'[['.$ret['sort'].']]');
560
 
561
  $stat = stat($filepath);
562
 
569
  //show file detais
570
  $echo_str .= "\n\t".'<h2>Detais of File: '.$parts['basename'].'</h2>';
571
  $echo_str .= "\n\t".'<div style="margin-top:10px;">';
572
+ if ( $is_admin ) {
573
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
574
+ $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editfiledetails" id="editfiledetails" method="post" action="/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_filedetails" class="validate">';
575
+ }
576
  $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Upload Details</h3>';
577
  $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_filedetails" />';
578
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
579
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="file" value="'.$file_code.'">';
580
  $echo_str .= "\n\t\t\t".'<table class="form-table">';
581
  $echo_str .= "\n\t\t\t\t".'<tbody>';
582
+ if ( $is_admin ) {
583
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
584
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
585
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Full Path</label>';
586
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
587
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
588
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filepath.'" readonly="readonly" />';
589
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
590
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
591
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
592
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
593
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded From User</label>';
594
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
595
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
596
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$uploadername.'" readonly="readonly" style="width:auto;" />';
597
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
598
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
599
+ }
600
  $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
601
  $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
602
  $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Size</label>';
621
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.get_the_title($filedata->pageid).' ('.$filedata->pageid.')'.'" readonly="readonly" style="width:50%;" />';
622
  $echo_str .= "\n\t\t\t\t\t\t".'</td>';
623
  $echo_str .= "\n\t\t\t\t\t".'</tr>';
624
+ if ( $is_admin ) {
625
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
626
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
627
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Upload Plugin ID</label>';
628
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
629
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
630
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filedata->sid.'" readonly="readonly" style="width:auto;" />';
631
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
632
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
633
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
634
  $echo_str .= "\n\t\t\t\t".'</tbody>';
635
  $echo_str .= "\n\t\t\t".'</table>';
636
+ if ( $is_admin ) {
637
+ //show history details
638
+ $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">File History</h3>';
639
+ $echo_str .= "\n\t\t\t".'<table class="form-table">';
640
+ $echo_str .= "\n\t\t\t\t".'<tbody>';
641
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
642
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
643
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label></label>';
644
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
645
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
646
+ //read all linked records
647
+ $filerecs = array();
648
+ array_push($filerecs, $filedata);
649
+ $currec = $filedata;
650
+ while ( $currec->linkedto > 0 ) {
651
+ $currec = $wpdb->get_row('SELECT * FROM '.$table_name1.' WHERE idlog = '.$currec->linkedto);
652
+ if ( $currec != null ) array_push($filerecs, $currec);
653
+ else break;
654
+ }
655
+ //construct report from db records
656
+ $rep = '';
657
+ foreach ( $filerecs as $filerec ) {
658
+ $username = wfu_get_username_by_id($filerec->userid);
659
+ $fileparts = pathinfo($filerec->filepath);
660
+ if ( $rep != '' ) $rep .= "<br />";
661
+ $rep .= '<strong>['.$filerec->date_from.']</strong> ';
662
+ if ( $filerec->action == 'upload' )
663
+ $rep .= 'File uploaded with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
664
+ elseif ( $filerec->action == 'download' )
665
+ $rep .= 'File downloaded by user <strong>'.$username.'</strong>';
666
+ elseif ( $filerec->action == 'rename' )
667
+ $rep .= 'File renamed to <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
668
+ elseif ( $filerec->action == 'delete' )
669
+ $rep .= 'File deleted by user <strong>'.$username.'</strong>';
670
+ elseif ( $filerec->action == 'modify' )
671
+ $rep .= 'File userdata modified by user <strong>'.$username.'</strong>';
672
+ }
673
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<div style="border:1px solid #dfdfdf; border-radius:3px; width:50%; overflow:scroll; padding:6px; height:100px; background-color:#eee;">';
674
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="white-space:nowrap;">'.$rep.'</span>';
675
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
676
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
677
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
678
+ $echo_str .= "\n\t\t\t\t".'</tbody>';
679
+ $echo_str .= "\n\t\t\t".'</table>';
680
+ }
681
 
682
  $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">User Data Details</h3>';
683
  $echo_str .= "\n\t\t\t".'<table class="form-table">';
689
  $echo_str .= "\n\t\t\t\t\t\t\t".'<label>'.$userdata->property.'</label>';
690
  $echo_str .= "\n\t\t\t\t\t\t".'</th>';
691
  $echo_str .= "\n\t\t\t\t\t\t".'<td>';
692
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" type="text"'.( $is_admin ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'" />';
693
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_default_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
694
  $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_'.$userdata->propkey.'" name="wfu_filedetails_userdata_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
695
  $echo_str .= "\n\t\t\t\t\t\t".'</td>';
706
  }
707
  $echo_str .= "\n\t\t\t\t".'</tbody>';
708
  $echo_str .= "\n\t\t\t".'</table>';
709
+ if ( $is_admin ) {
710
+ $echo_str .= "\n\t\t\t".'<p class="submit">';
711
+ $echo_str .= "\n\t\t\t\t".'<input id="dp_filedetails_submit_fields" type="submit" class="button-primary" name="submit" value="Update" disabled="disabled" />';
712
+ $echo_str .= "\n\t\t\t".'</p>';
713
+ }
714
  $echo_str .= "\n\t\t".'</form>';
715
  $echo_str .= "\n\t".'</div>';
716
  $handler = 'function() { wfu_Attach_FileDetails_Admin_Events(); }';
720
  return $echo_str;
721
  }
722
 
723
+ function wfu_edit_filedetails($file_code) {
724
  global $wpdb;
725
  $table_name2 = $wpdb->prefix . "wfu_userdata";
726
 
727
+ $user = wp_get_current_user();
728
+ $is_admin = current_user_can( 'manage_options' );
729
+ //check if user is allowed to view file details
730
+ if ( !$is_admin ) {
731
+ return;
732
+ }
733
+ $file_code = wfu_sanitize_code($file_code);
734
+ $dec_file = wfu_get_filepath_from_safe($file_code);
735
+ if ( $dec_file === false ) return;
736
+
737
+ $dec_file = ABSPATH.wfu_flatten_path($dec_file);
738
 
739
  //check if user is allowed to perform this action
740
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
 
741
 
742
  //get file data from database with user data
743
  $filedata = wfu_get_file_rec($dec_file, true);
lib/wfu_admin_settings.php ADDED
@@ -0,0 +1,90 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function wfu_manage_settings($message = '') {
3
+ global $wp_roles;
4
+ if ( !current_user_can( 'manage_options' ) ) return wfu_shortcode_composer();
5
+
6
+ $siteurl = site_url();
7
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
8
+
9
+ $echo_str = '<div class="wrap">';
10
+ $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
11
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
12
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=manage_mainmenu" class="button" title="go back">Go to Main Menu</a>';
13
+ $echo_str .= "\n\t\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">Settings</h2>';
14
+ $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editsettings" id="editsettings" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_settings" class="validate">';
15
+ $nonce = wp_nonce_field('wfu_edit_admin_settings', '_wpnonce', false, false);
16
+ $nonce_ref = wp_referer_field(false);
17
+ $echo_str .= "\n\t\t\t".$nonce;
18
+ $echo_str .= "\n\t\t\t".$nonce_ref;
19
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_settings">';
20
+ $echo_str .= "\n\t\t\t".'<table class="form-table">';
21
+ $echo_str .= "\n\t\t\t\t".'<tbody>';
22
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
23
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
24
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_hashfiles">Hash Files</label>';
25
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
26
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
27
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input name="wfu_hashfiles" id="wfu_hashfiles" type="checkbox"'.($plugin_options['hashfiles'] == '1' ? ' checked="checked"' : '' ).' style="width:auto;" /> Enables better control of uploaded files, but slows down performance when uploaded files are larger than 100MBytes';
28
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.($plugin_options['hashfiles'] == '1' ? 'Yes' : 'No' ).'</strong></p>';
29
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
30
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
31
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
32
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
33
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_basedir">Base Directory</label>';
34
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
35
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
36
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input name="wfu_basedir" id="wfu_basedir" type="text" value="'.$plugin_options['basedir'].'" />';
37
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.$plugin_options['basedir'].'</strong></p>';
38
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
39
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
40
+ $echo_str .= "\n\t\t\t\t\t".'<tr class="form-field">';
41
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
42
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label for="wfu_postmethod">Post Method</label>';
43
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
44
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
45
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<select name="wfu_postmethod" id="wfu_postmethod" value="'.$plugin_options['postmethod'].'">';
46
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="fopen"'.( $plugin_options['postmethod'] == 'fopen' || $plugin_options['postmethod'] == '' ? ' selected="selected"' : '' ).'>Using fopen (default)</option>';
47
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="curl"'.( $plugin_options['postmethod'] == 'curl' ? ' selected="selected"' : '' ).'>Using cURL</option>';
48
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="socket"'.( $plugin_options['postmethod'] == 'socket' ? ' selected="selected"' : '' ).'>Using Sockets</option>';
49
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</select>';
50
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<p style="cursor: text; font-size:9px; padding: 0px; margin: 0px; width: 95%; color: #AAAAAA;">Current value: <strong>'.( $plugin_options['postmethod'] == 'fopen' || $plugin_options['postmethod'] == '' ? 'Using fopen' : ( $plugin_options['postmethod'] == 'curl' ? 'Using cURL' : 'Using Sockets' ) ).'</strong></p>';
51
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
52
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
53
+ $echo_str .= "\n\t\t\t\t".'</tbody>';
54
+ $echo_str .= "\n\t\t\t".'</table>';
55
+ $echo_str .= "\n\t\t\t".'<p class="submit">';
56
+ $echo_str .= "\n\t\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Update" />';
57
+ $echo_str .= "\n\t\t\t".'</p>';
58
+ $echo_str .= "\n\t\t".'</form>';
59
+ $echo_str .= "\n\t".'</div>';
60
+ $echo_str .= "\n".'</div>';
61
+
62
+ echo $echo_str;
63
+ }
64
+
65
+ function wfu_update_settings() {
66
+ if ( !current_user_can( 'manage_options' ) ) return;
67
+ if ( !check_admin_referer('wfu_edit_admin_settings') ) return;
68
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
69
+ $new_plugin_options = array();
70
+
71
+ // $enabled = ( isset($_POST['wfu_enabled']) ? ( $_POST['wfu_enabled'] == "on" ? 1 : 0 ) : 0 );
72
+ $hashfiles = ( isset($_POST['wfu_hashfiles']) ? ( $_POST['wfu_hashfiles'] == "on" ? 1 : 0 ) : 0 );
73
+ if ( isset($_POST['wfu_basedir']) && isset($_POST['wfu_postmethod']) && isset($_POST['submit']) ) {
74
+ if ( $_POST['submit'] == "Update" ) {
75
+ $new_plugin_options['version'] = '1.0';
76
+ $new_plugin_options['shortcode'] = $plugin_options['shortcode'];
77
+ $new_plugin_options['hashfiles'] = $hashfiles;
78
+ $new_plugin_options['basedir'] = $_POST['wfu_basedir'];
79
+ $new_plugin_options['postmethod'] = $_POST['wfu_postmethod'];
80
+ $encoded_options = wfu_encode_plugin_options($new_plugin_options);
81
+ update_option( "wordpress_file_upload_options", $encoded_options );
82
+ if ( $new_plugin_options['hashfiles'] == '1' && $plugin_options['hashfiles'] != '1' )
83
+ wfu_reassign_hashes();
84
+ }
85
+ }
86
+
87
+ return true;
88
+ }
89
+
90
+ ?>
lib/wfu_ajaxactions.php CHANGED
@@ -276,18 +276,26 @@ function wfu_ajax_action_read_subfolders() {
276
  }
277
 
278
  function wfu_ajax_action_download_file_invoker() {
279
- $file_enc = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
280
  $nonce = (isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : ''));
281
- if ( $file_enc == '' || $nonce == '' ) die();
282
 
283
  //security check to avoid CSRF attacks
284
  if ( !wp_verify_nonce($nonce, 'wfu_download_file_invoker') ) die();
285
 
286
- $filepath = wfu_plugin_decode_string($file_enc);
287
-
288
- //check if user is allowed to perform this action
289
- $user_allowed = wfu_current_user_allowed_action('download', $filepath);
290
- if ( $user_allowed == null ) die();
 
 
 
 
 
 
 
 
291
 
292
  //generate download unique id to monitor this download
293
  $download_id = wfu_create_random_string(16);
@@ -305,18 +313,18 @@ function wfu_ajax_action_download_file_invoker() {
305
  //or echo from other plugins is generated, that could scramble the downloaded file;
306
  //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
307
  //by the time it is consumed by the download script, so it cannot be used again
308
- $response = '<iframe src="'.WFU_DOWNLOADER_URL.'?file='.$file_enc.'&ticket='.$download_id.'" style="display: none;"></iframe>';
309
 
310
  die('wfu_ajax_action_download_file_invoker:wfu_download_id;'.$download_id.':'.$response);
311
  }
312
 
313
  function wfu_ajax_action_download_file_monitor() {
314
- $file_enc = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
315
  $id = (isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : ''));
316
  if ( $file_enc == '' || $id == '' ) die();
317
 
318
  //ensure that this is not a CSRF attack by checking validity of a security ticket
319
- if ( !isset($_SESSION['wfu_download_monitor_ticket_'.$id]) || time() > $_SESSION['wfu_download_monitor_ticket_'.$id] ) die('pass');
320
  //destroy monitor ticket so it cannot be used again
321
  unset($_SESSION['wfu_download_monitor_ticket_'.$id]);
322
 
@@ -335,7 +343,10 @@ function wfu_ajax_action_download_file_monitor() {
335
 
336
  if ( $upload_ended ) {
337
  $user = wp_get_current_user();
338
- $filepath = wfu_plugin_decode_string($file_enc);
 
 
 
339
  wfu_log_action('download', $filepath, $user->ID, '', 0, '', null);
340
  die('wfu_ajax_action_download_file_monitor:'.$_SESSION['wfu_download_status_'.$id].':');
341
  }
276
  }
277
 
278
  function wfu_ajax_action_download_file_invoker() {
279
+ $file_code = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
280
  $nonce = (isset($_POST['nonce']) ? $_POST['nonce'] : (isset($_GET['nonce']) ? $_GET['nonce'] : ''));
281
+ if ( $file_code == '' || $nonce == '' ) die();
282
 
283
  //security check to avoid CSRF attacks
284
  if ( !wp_verify_nonce($nonce, 'wfu_download_file_invoker') ) die();
285
 
286
+ //check if user is allowed to download files
287
+ if ( !current_user_can( 'manage_options' ) ) {
288
+ die();
289
+ }
290
+
291
+ // $filepath = wfu_plugin_decode_string($file_code);
292
+ $file_code = wfu_sanitize_code($file_code);
293
+ $filepath = wfu_get_filepath_from_safe($file_code);
294
+ if ( $filepath === false ) die();
295
+ $filepath = ABSPATH.wfu_flatten_path($filepath);
296
+
297
+ //check if user is allowed to perform this action on this file
298
+ if ( !wfu_current_user_owes_file($filepath) ) die();
299
 
300
  //generate download unique id to monitor this download
301
  $download_id = wfu_create_random_string(16);
313
  //or echo from other plugins is generated, that could scramble the downloaded file;
314
  //a ticket, similar to nonces, is passed to the download script to check that it is not a CSRF attack; moreover,the ticket is destroyed
315
  //by the time it is consumed by the download script, so it cannot be used again
316
+ $response = '<iframe src="'.WFU_DOWNLOADER_URL.'?file='.$file_code.'&ticket='.$download_id.'" style="display: none;"></iframe>';
317
 
318
  die('wfu_ajax_action_download_file_invoker:wfu_download_id;'.$download_id.':'.$response);
319
  }
320
 
321
  function wfu_ajax_action_download_file_monitor() {
322
+ $file_code = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
323
  $id = (isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : ''));
324
  if ( $file_enc == '' || $id == '' ) die();
325
 
326
  //ensure that this is not a CSRF attack by checking validity of a security ticket
327
+ if ( !isset($_SESSION['wfu_download_monitor_ticket_'.$id]) || time() > $_SESSION['wfu_download_monitor_ticket_'.$id] ) die();
328
  //destroy monitor ticket so it cannot be used again
329
  unset($_SESSION['wfu_download_monitor_ticket_'.$id]);
330
 
343
 
344
  if ( $upload_ended ) {
345
  $user = wp_get_current_user();
346
+ // $filepath = wfu_plugin_decode_string($file_code);
347
+ $filepath = wfu_get_filepath_from_safe($file_code);
348
+ if ( $filepath === false ) die();
349
+ $filepath = wfu_flatten_path($filepath);
350
  wfu_log_action('download', $filepath, $user->ID, '', 0, '', null);
351
  die('wfu_ajax_action_download_file_monitor:'.$_SESSION['wfu_download_status_'.$id].':');
352
  }
lib/wfu_constants.php CHANGED
@@ -168,6 +168,7 @@ DEFINE("WFU_MAX_TIME_LIMIT", ini_get("max_input_time"));
168
  DEFINE("WFU_RESPONSE_URL", $siteurl.WPFILEUPLOAD_DIR."wfu_response.php");
169
  DEFINE("WFU_AJAX_URL", $siteurl."/wp-admin/admin-ajax.php");
170
  DEFINE("WFU_DOWNLOADER_URL", $siteurl.WPFILEUPLOAD_DIR."wfu_file_downloader.php");
 
171
  DEFINE("WFU_PRO_VERSION_URL", 'http://www.iptanus.com/product/wordpress-file-upload-pro/');
172
 
173
  //define colors
168
  DEFINE("WFU_RESPONSE_URL", $siteurl.WPFILEUPLOAD_DIR."wfu_response.php");
169
  DEFINE("WFU_AJAX_URL", $siteurl."/wp-admin/admin-ajax.php");
170
  DEFINE("WFU_DOWNLOADER_URL", $siteurl.WPFILEUPLOAD_DIR."wfu_file_downloader.php");
171
+ DEFINE("WFU_PHP_ARRAY_MAXLEN", '10000');
172
  DEFINE("WFU_PRO_VERSION_URL", 'http://www.iptanus.com/product/wordpress-file-upload-pro/');
173
 
174
  //define colors
lib/wfu_functions.php CHANGED
@@ -81,6 +81,10 @@ function wfu_html_output($output) {
81
  return str_replace(array("\t", " "), "&nbsp;", $output);
82
  }
83
 
 
 
 
 
84
  //********************* Array Functions ****************************************************************************************************
85
 
86
  function wfu_encode_array_to_string($arr) {
@@ -242,7 +246,8 @@ function wfu_encode_plugin_options($plugin_options) {
242
  $encoded_options .= 'basedir='.wfu_plugin_encode_string($plugin_options['basedir']).';';
243
  $encoded_options .= 'postmethod='.$plugin_options['postmethod'].';';
244
  $encoded_options .= 'captcha_sitekey='.wfu_plugin_encode_string($plugin_options['captcha_sitekey']).';';
245
- $encoded_options .= 'captcha_secretkey='.wfu_plugin_encode_string($plugin_options['captcha_secretkey']);
 
246
  return $encoded_options;
247
  }
248
 
@@ -254,6 +259,8 @@ function wfu_decode_plugin_options($encoded_options) {
254
  list($item_key, $item_value) = explode("=", $decoded_item, 2);
255
  if ( $item_key == 'shortcode' || $item_key == 'basedir' || $item_key == 'captcha_sitekey' || $item_key == 'captcha_secretkey' )
256
  $plugin_options[$item_key] = wfu_plugin_decode_string($item_value);
 
 
257
  else
258
  $plugin_options[$item_key] = $item_value;
259
  }
@@ -335,6 +342,8 @@ function wfu_upload_plugin_full_path( $params ) {
335
  $path = $params["uploadpath"];
336
  if ( $params["accessmethod"]=='ftp' && $params["ftpinfo"] != '' && $params["useftpdomain"] == "true" ) {
337
  $ftpdata_flat = str_replace(array('\:', '\@'), array('\_', '\_'), $params["ftpinfo"]);
 
 
338
  $pos1 = strpos($ftpdata_flat, ":");
339
  $pos2 = strpos($ftpdata_flat, "@");
340
  if ( $pos1 && $pos2 && $pos2 > $pos1 ) {
@@ -353,6 +362,8 @@ function wfu_upload_plugin_full_path( $params ) {
353
  $start_folder = ABSPATH;
354
  $path = substr($path, 2, strlen($path) - 2);
355
  }
 
 
356
  if ( substr($path, 0, 1) == "/" ) $path = substr($path, 1, strlen($path) - 1);
357
  if ( substr($path, -1, 1) == "/" ) $path = substr($path, 0, strlen($path) - 1);
358
  $full_upload_path = $start_folder;
@@ -574,6 +585,35 @@ function wfu_debug_log($message) {
574
  file_put_contents($logpath, $message, FILE_APPEND);
575
  }
576
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
577
  //********************* User Functions *****************************************************************************************************
578
 
579
  function wfu_get_user_role($user, $param_roles) {
@@ -599,6 +639,24 @@ function wfu_get_user_role($user, $param_roles) {
599
  return $result_role;
600
  }
601
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
602
  //*********************** DB Functions *****************************************************************************************************
603
 
604
  //log action to database
@@ -975,6 +1033,51 @@ function wfu_sync_database() {
975
  return $obsolete_count;
976
  }
977
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
978
  //********************* Shortcode Options Functions ****************************************************************************************
979
 
980
  function wfu_generate_current_params_index($shortcode_id, $user_login) {
81
  return str_replace(array("\t", " "), "&nbsp;", $output);
82
  }
83
 
84
+ function wfu_sanitize_code($code) {
85
+ return preg_replace("/[^A-Za-z0-9]/", "", $code);
86
+ }
87
+
88
  //********************* Array Functions ****************************************************************************************************
89
 
90
  function wfu_encode_array_to_string($arr) {
246
  $encoded_options .= 'basedir='.wfu_plugin_encode_string($plugin_options['basedir']).';';
247
  $encoded_options .= 'postmethod='.$plugin_options['postmethod'].';';
248
  $encoded_options .= 'captcha_sitekey='.wfu_plugin_encode_string($plugin_options['captcha_sitekey']).';';
249
+ $encoded_options .= 'captcha_secretkey='.wfu_plugin_encode_string($plugin_options['captcha_secretkey']).';';
250
+ $encoded_options .= 'browser_permissions='.wfu_encode_array_to_string($plugin_options['browser_permissions']);
251
  return $encoded_options;
252
  }
253
 
259
  list($item_key, $item_value) = explode("=", $decoded_item, 2);
260
  if ( $item_key == 'shortcode' || $item_key == 'basedir' || $item_key == 'captcha_sitekey' || $item_key == 'captcha_secretkey' )
261
  $plugin_options[$item_key] = wfu_plugin_decode_string($item_value);
262
+ elseif ( $item_key == 'browser_permissions' )
263
+ $plugin_options[$item_key] = wfu_decode_array_from_string($item_value);
264
  else
265
  $plugin_options[$item_key] = $item_value;
266
  }
342
  $path = $params["uploadpath"];
343
  if ( $params["accessmethod"]=='ftp' && $params["ftpinfo"] != '' && $params["useftpdomain"] == "true" ) {
344
  $ftpdata_flat = str_replace(array('\:', '\@'), array('\_', '\_'), $params["ftpinfo"]);
345
+ //remove parent folder symbol (..) in path so that the path does not go outside host
346
+ $ftpdata_flat = str_replace('..', '', $ftpdata_flat);
347
  $pos1 = strpos($ftpdata_flat, ":");
348
  $pos2 = strpos($ftpdata_flat, "@");
349
  if ( $pos1 && $pos2 && $pos2 > $pos1 ) {
362
  $start_folder = ABSPATH;
363
  $path = substr($path, 2, strlen($path) - 2);
364
  }
365
+ //remove additional parent folder symbols (..) in path so that the path does not go outside the $start_folder
366
+ $path = str_replace('..', '', $path);
367
  if ( substr($path, 0, 1) == "/" ) $path = substr($path, 1, strlen($path) - 1);
368
  if ( substr($path, -1, 1) == "/" ) $path = substr($path, 0, strlen($path) - 1);
369
  $full_upload_path = $start_folder;
585
  file_put_contents($logpath, $message, FILE_APPEND);
586
  }
587
 
588
+ function wfu_safe_store_filepath($path) {
589
+ $code = wfu_create_random_string(16);
590
+ $_SESSION['wfu_filepath_safe_storage'][$code] = $path;
591
+ return $code;
592
+ }
593
+
594
+ function wfu_get_filepath_from_safe($code) {
595
+ //sanitize $code
596
+ $code = wfu_sanitize_code($code);
597
+ //return filepath from session variable, if exists
598
+ if ( !isset($_SESSION['wfu_filepath_safe_storage'][$code]) ) return false;
599
+ return $_SESSION['wfu_filepath_safe_storage'][$code];
600
+ }
601
+
602
+ function wfu_file_extension_restricted($filename) {
603
+ return (
604
+ substr($filename, -4) == ".php" ||
605
+ substr($filename, -3) == ".js" ||
606
+ substr($filename, -4) == ".pht" ||
607
+ substr($filename, -5) == ".php3" ||
608
+ substr($filename, -5) == ".php4" ||
609
+ substr($filename, -5) == ".php5" ||
610
+ substr($filename, -6) == ".phtml" ||
611
+ substr($filename, -4) == ".htm" ||
612
+ substr($filename, -5) == ".html" ||
613
+ substr($filename, -9) == ".htaccess"
614
+ );
615
+ }
616
+
617
  //********************* User Functions *****************************************************************************************************
618
 
619
  function wfu_get_user_role($user, $param_roles) {
639
  return $result_role;
640
  }
641
 
642
+ function wfu_get_user_valid_role_names($user) {
643
+ global $wp_roles;
644
+
645
+ $result_roles = array();
646
+ if ( !empty( $user->roles ) && is_array( $user->roles ) ) {
647
+ /* get all valid roles */
648
+ $roles = $wp_roles->get_names();
649
+ /* Go through the array of the roles of the current user */
650
+ foreach ( $user->roles as $user_role ) {
651
+ $user_role = strtolower($user_role);
652
+ /* If one role of the current user matches to the roles allowed to upload */
653
+ if ( in_array($user_role, array_keys($roles)) ) array_push($result_roles, $user_role);
654
+ }
655
+ }
656
+
657
+ return $result_roles;
658
+ }
659
+
660
  //*********************** DB Functions *****************************************************************************************************
661
 
662
  //log action to database
1033
  return $obsolete_count;
1034
  }
1035
 
1036
+ function wfu_get_recs_of_user($userid) {
1037
+ global $wpdb;
1038
+ $table_name1 = $wpdb->prefix . "wfu_log";
1039
+ $table_name2 = $wpdb->prefix . "wfu_userdata";
1040
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
1041
+
1042
+ $filerecs = $wpdb->get_results('SELECT * FROM '.$table_name1.' WHERE action <> \'other\' AND uploaduserid = '.$userid.' AND date_to = 0');
1043
+ $out = array();
1044
+ foreach( $filerecs as $filerec ) {
1045
+ $obsolete = true;
1046
+ //calculate full file path
1047
+ $filepath = ABSPATH;
1048
+ if ( substr($filepath, -1) == '/' ) $filepath = substr($filepath, 0, -1);
1049
+ $filepath .= $filerec->filepath;
1050
+ if ( file_exists($filepath) ) {
1051
+ if ( $plugin_options['hashfiles'] == '1' ) {
1052
+ $filehash = md5_file($filepath);
1053
+ if ( $filehash == $filerec->filehash ) $obsolete = false;
1054
+ }
1055
+ else {
1056
+ $filesize = filesize($filepath);
1057
+ if ( $filesize == $filerec->filesize ) $obsolete = false;
1058
+ }
1059
+ }
1060
+ if ( $obsolete ) {
1061
+ $now_date = date('Y-m-d H:i:s');
1062
+ //make previous record obsolete
1063
+ $wpdb->update($table_name1,
1064
+ array( 'date_to' => $now_date ),
1065
+ array( 'idlog' => $filerec->idlog ),
1066
+ array( '%s' ),
1067
+ array( '%d' )
1068
+ );
1069
+ }
1070
+ else {
1071
+ $filerec->userdata = null;
1072
+ if ( $filerec->uploadid != '' )
1073
+ $filerec->userdata = $wpdb->get_results('SELECT * FROM '.$table_name2.' WHERE uploadid = \''.$filerec->uploadid.'\' AND date_to = 0');
1074
+ array_push($out, $filerec);
1075
+ }
1076
+ }
1077
+
1078
+ return $out;
1079
+ }
1080
+
1081
  //********************* Shortcode Options Functions ****************************************************************************************
1082
 
1083
  function wfu_generate_current_params_index($shortcode_id, $user_login) {
lib/wfu_processfiles.php CHANGED
@@ -230,8 +230,8 @@ function wfu_process_files($params, $method) {
230
  }
231
  }
232
 
233
- /* File name control, reject files with .php and .js extension for security reasons */
234
- if ( strtolower(substr($only_filename, -4)) != ".php" && strtolower(substr($only_filename, -3)) != ".js" )
235
  foreach ($allowed_patterns as $allowed_pattern) {
236
  if ( wfu_upload_plugin_wildcard_match( $allowed_pattern, $only_filename) ) {
237
  $allowed_file_ok = true;
230
  }
231
  }
232
 
233
+ /* File name control, reject files with .php, .js (and other) extensions for security reasons */
234
+ if ( !wfu_file_extension_restricted(strtolower($only_filename)) )
235
  foreach ($allowed_patterns as $allowed_pattern) {
236
  if ( wfu_upload_plugin_wildcard_match( $allowed_pattern, $only_filename) ) {
237
  $allowed_file_ok = true;
readme.txt CHANGED
@@ -37,7 +37,7 @@ The characteristics of the plugin are:
37
  * It supports filters and actions before and after file upload, so that programmers can extend the plugin and make it cooperate with other plugins.
38
  * It contains a visual editor for customizing the plugin easily and without any knowledge of shortcodes or programming
39
  * It supports logging of upload events or management of files, which can be viewed by admins through the Dashboard.
40
- * It includes a file browser in the Dashboard, from where admins can view the uploaded file and manage them.
41
 
42
  The plugin is translated in the following languages:
43
 
@@ -127,6 +127,13 @@ In the free version the upload will fail. However in the Pro version the upload
127
 
128
  == Changelog ==
129
 
 
 
 
 
 
 
 
130
  = 2.7.6 =
131
  * added functionality in Dashboard to add the plugin to a page automatically
132
  * fixed bug that was not showing the Shortcode Composer because the plugin could not find the plugin instance when the shortcode was nested in other shortcodes
@@ -437,6 +444,9 @@ Initial version.
437
 
438
  == Upgrade Notice ==
439
 
 
 
 
440
  = 2.7.6 =
441
  Upgrade to add some new features and address some bugs.
442
 
37
  * It supports filters and actions before and after file upload, so that programmers can extend the plugin and make it cooperate with other plugins.
38
  * It contains a visual editor for customizing the plugin easily and without any knowledge of shortcodes or programming
39
  * It supports logging of upload events or management of files, which can be viewed by admins through the Dashboard.
40
+ * It includes a file browser in the Dashboard, from where admins can view the uploaded files and manage them.
41
 
42
  The plugin is translated in the following languages:
43
 
127
 
128
  == Changelog ==
129
 
130
+ = 3.0.0 =
131
+ * major version number has advanced because an important feature has been added in Pro version (logged users can browse their uploaded files through their Dashboard)
132
+ * several code modifications in file browser to make the plugin more secure against hacking, some functionalities in file browser have slightly changed
133
+ * new file browser cannot edit files that were not uploaded with the plugin and it cannot edit or create folders
134
+ * upload path cannot be outside the wordpress installation root
135
+ * files with extension php, js, pht, php3, php4, php5, phtml, htm, html and htaccess are forbidden for security reasons
136
+
137
  = 2.7.6 =
138
  * added functionality in Dashboard to add the plugin to a page automatically
139
  * fixed bug that was not showing the Shortcode Composer because the plugin could not find the plugin instance when the shortcode was nested in other shortcodes
444
 
445
  == Upgrade Notice ==
446
 
447
+ = 3.0.0 =
448
+ Upgrade to increase protection against hacking.
449
+
450
  = 2.7.6 =
451
  Upgrade to add some new features and address some bugs.
452
 
release_notes.txt CHANGED
@@ -1 +1 @@
1
- <span><strong>Latest release notes: </strong>This version makes the plugin easier, even for people that do not have knowledge on how to use shortcodes. A button has been added in Plugin Instances below that can be used to add the plugin to a page or post quickly. What it does is that it inserts the plugin's shortcode at the beginning of the selected page or post. Furthermore, a bug was corrected where administrators could not open the Shortcode Composer or they could not see the plugin instance they created. This problem happened when the shortcode was added inside another shortcode or with some visual page editors.</span>
1
+ <span><strong>Latest release notes: </strong>Major version number of the plugin has advanced to <strong>3</strong><!-- --> introducing some changes to the <strong>security policy</strong> of the plugin, so that it becomes more protected to hackers and malicious code. The file browser that is included in Dashboard for administrators displays all subdirectories and files existing inside the website root directory, as before. However, now, subdirectories cannot be created, renamed or deleted. In addition, only the files uploaded using the plugin can be edited, renamed, deleted or downloaded.</span>
wfu_file_downloader.php CHANGED
@@ -4,15 +4,23 @@ include_once( dirname(__FILE__).'/lib/wfu_functions.php' );
4
  wfu_download_file();
5
 
6
  function wfu_download_file() {
7
- $file_enc = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
8
  $ticket = (isset($_POST['ticket']) ? $_POST['ticket'] : (isset($_GET['ticket']) ? $_GET['ticket'] : ''));
9
- if ( $file_enc == '' || $ticket == '' ) die();
10
  //if download ticket does not exist or is expired die
11
  if ( !isset($_SESSION['wfu_download_ticket_'.$ticket]) || time() > $_SESSION['wfu_download_ticket_'.$ticket] ) die();
12
  //destroy ticket so it cannot be used again
13
  unset($_SESSION['wfu_download_ticket_'.$ticket]);
14
 
15
- $filepath = wfu_plugin_decode_string($file_enc);
 
 
 
 
 
 
 
 
16
  //check that file exists
17
  if ( !file_exists($filepath) ) {
18
  $_SESSION['wfu_download_status_'.$ticket] = 'failed';
4
  wfu_download_file();
5
 
6
  function wfu_download_file() {
7
+ $file_code = (isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : ''));
8
  $ticket = (isset($_POST['ticket']) ? $_POST['ticket'] : (isset($_GET['ticket']) ? $_GET['ticket'] : ''));
9
+ if ( $file_code == '' || $ticket == '' ) die();
10
  //if download ticket does not exist or is expired die
11
  if ( !isset($_SESSION['wfu_download_ticket_'.$ticket]) || time() > $_SESSION['wfu_download_ticket_'.$ticket] ) die();
12
  //destroy ticket so it cannot be used again
13
  unset($_SESSION['wfu_download_ticket_'.$ticket]);
14
 
15
+ // $filepath = wfu_plugin_decode_string($file_code);
16
+ $filepath = wfu_get_filepath_from_safe($file_code);
17
+ if ( $filepath === false ) die();
18
+ $filepath = $_SESSION['wfu_ABSPATH'].wfu_flatten_path($filepath);
19
+ //reject download of php files for security reasons
20
+ if ( preg_match("/\.php$/", $filepath) ) {
21
+ $_SESSION['wfu_download_status_'.$ticket] = 'failed';
22
+ die('<script language="javascript">alert("Error! File is forbidden for security reasons.");</script>');
23
+ }
24
  //check that file exists
25
  if ( !file_exists($filepath) ) {
26
  $_SESSION['wfu_download_status_'.$ticket] = 'failed';
wordpress_file_upload.php CHANGED
@@ -4,7 +4,7 @@ if( !session_id() ) { session_start(); }
4
  /*
5
  Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6
  Description: Simple interface to upload files from a page.
7
- Version: 2.7.6
8
  Author: Nickolas Bossinas
9
  Author URI: http://www.iptanus.com
10
  */
@@ -39,6 +39,7 @@ if ( strpos($uri, 'wp-login.php') !== false ) return;
39
  DEFINE("WPFILEUPLOAD_PLUGINFILE", __FILE__);
40
  DEFINE("WPFILEUPLOAD_DIR", '/'.PLUGINDIR .'/'.dirname(plugin_basename (__FILE__)).'/');
41
  DEFINE("ABSWPFILEUPLOAD_DIR", ABSPATH.WPFILEUPLOAD_DIR);
 
42
  add_shortcode("wordpress_file_upload", "wordpress_file_upload_handler");
43
  load_plugin_textdomain('wordpress-file-upload', false, dirname(plugin_basename (__FILE__)).'/languages');
44
  /* load styles and scripts for front pages */
4
  /*
5
  Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6
  Description: Simple interface to upload files from a page.
7
+ Version: 3.0.0
8
  Author: Nickolas Bossinas
9
  Author URI: http://www.iptanus.com
10
  */
39
  DEFINE("WPFILEUPLOAD_PLUGINFILE", __FILE__);
40
  DEFINE("WPFILEUPLOAD_DIR", '/'.PLUGINDIR .'/'.dirname(plugin_basename (__FILE__)).'/');
41
  DEFINE("ABSWPFILEUPLOAD_DIR", ABSPATH.WPFILEUPLOAD_DIR);
42
+ $_SESSION['wfu_ABSPATH'] = ABSPATH;
43
  add_shortcode("wordpress_file_upload", "wordpress_file_upload_handler");
44
  load_plugin_textdomain('wordpress-file-upload', false, dirname(plugin_basename (__FILE__)).'/languages');
45
  /* load styles and scripts for front pages */