WordPress File Upload - Version 4.16.4

Version Description

  • sanitized page title in all places where it is retrieved to avoid XSS attacks
Download this release

Release Info

Developer nickboss
Plugin Icon 128x128 WordPress File Upload
Version 4.16.4
Comparing to
See all releases

Code changes from version 4.16.3 to 4.16.4

Files changed (9) hide show
  1. lib/wfu_admin.php +5 -1
  2. lib/wfu_admin_browser.php +1660 -1660
  3. lib/wfu_admin_composer.php +963 -963
  4. lib/wfu_functions.php +20 -1
  5. lib/wfu_processfiles.php +1 -1
  6. readme.txt +7 -1
  7. release_notes.txt +1 -1
  8. wfu_loader.php +1 -1
  9. wordpress_file_upload.php +1 -1
lib/wfu_admin.php CHANGED
@@ -983,6 +983,8 @@ function wfu_manage_instances_of_shortcode($tag, $title, $slug, $inc) {
983
  */
984
  $args = apply_filters("_wfu_get_posts", $args, "manage_instances");
985
  $posts = get_posts($args);
 
 
986
  $wfu_shortcodes = array();
987
  //get shortcode instances from page/posts
988
  foreach ( $posts as $post ) {
@@ -1078,6 +1080,8 @@ function wfu_manage_instances_of_shortcode($tag, $title, $slug, $inc) {
1078
  $type = 'Sidebar';
1079
  $title = $data['sidebar'];
1080
  }
 
 
1081
  $data_enc = wfu_safe_store_shortcode_data(wfu_encode_array_to_string($data));
1082
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="var actions=document.getElementsByName(\'wfu_shortcode_actions_'.$inc.'\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_shortcode_actions_'.$inc.'_'.$i.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_shortcode_actions_'.$inc.'\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
1083
  $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="ID">';
@@ -1318,7 +1322,7 @@ function wfu_delete_shortcode_prompt($data_enc) {
1318
  $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deleteshortcode" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1319
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="deleteshortcode">';
1320
  $echo_str .= "\n\t\t".'<input type="hidden" name="data" value="'.$data_enc.'">';
1321
- $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete shortcode for <strong>'.get_post_type($postid).' "'.get_the_title($postid).'" ('.$postid.') Position '.$data['position'].'</strong> ?</label><br/>';
1322
  $echo_str .= "\n\t\t".'<p class="submit">';
1323
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
1324
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
983
  */
984
  $args = apply_filters("_wfu_get_posts", $args, "manage_instances");
985
  $posts = get_posts($args);
986
+ // sanitize posts (post titles) to avoid XSS attacks through the title
987
+ wfu_sanitize_posts($posts);
988
  $wfu_shortcodes = array();
989
  //get shortcode instances from page/posts
990
  foreach ( $posts as $post ) {
1080
  $type = 'Sidebar';
1081
  $title = $data['sidebar'];
1082
  }
1083
+ // sanitize title
1084
+ $title = sanitize_text_field($title);
1085
  $data_enc = wfu_safe_store_shortcode_data(wfu_encode_array_to_string($data));
1086
  $echo_str .= "\n\t\t\t\t".'<tr onmouseover="var actions=document.getElementsByName(\'wfu_shortcode_actions_'.$inc.'\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_shortcode_actions_'.$inc.'_'.$i.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_shortcode_actions_'.$inc.'\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
1087
  $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="ID">';
1322
  $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deleteshortcode" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1323
  $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="deleteshortcode">';
1324
  $echo_str .= "\n\t\t".'<input type="hidden" name="data" value="'.$data_enc.'">';
1325
+ $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete shortcode for <strong>'.get_post_type($postid).' "'.sanitize_text_field(get_the_title($postid)).'" ('.$postid.') Position '.$data['position'].'</strong> ?</label><br/>';
1326
  $echo_str .= "\n\t\t".'<p class="submit">';
1327
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
1328
  $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
lib/wfu_admin_browser.php CHANGED
@@ -1,1661 +1,1661 @@
1
- <?php
2
-
3
- /**
4
- * File Browser Page in Dashboard Area of Plugin
5
- *
6
- * This file contains functions related to File Browser page of plugin's
7
- * Dashboard area.
8
- *
9
- * @link /lib/wfu_admin_browser.php
10
- *
11
- * @package WordPress File Upload Plugin
12
- * @subpackage Core Components
13
- * @since 3.7.1
14
- */
15
-
16
- /**
17
- * Display the File Browser Page.
18
- *
19
- * This function displays the File Browser page of the plugin's Dashboard area.
20
- *
21
- * @since 2.2.1
22
- *
23
- * @param string $basedir_code A code string corresponding to the folder to be
24
- * displayed.
25
- * @param integer $page Optional. The page to display in case folder contents
26
- * are paginated.
27
- * @param bool $only_table_rows Optional. Return only the HTML code of the table
28
- * rows.
29
- *
30
- * @return string The HTML output of the plugin's File Browser Dashboard page.
31
- */
32
- function wfu_browse_files($basedir_code, $page = -1, $only_table_rows = false) {
33
- $siteurl = site_url();
34
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
35
- $user = wp_get_current_user();
36
- //store session variables for use from the downloader
37
-
38
- if ( !current_user_can( 'manage_options' ) ) return;
39
-
40
- //first decode basedir_code
41
- $basedir = wfu_get_filepath_from_safe($basedir_code);
42
- //clean session array holding dir and file paths if it is too big
43
- if ( WFU_USVAR_exists('wfu_filepath_safe_storage') && count(WFU_USVAR('wfu_filepath_safe_storage')) > WFU_VAR("WFU_PHP_ARRAY_MAXLEN") ) WFU_USVAR_store('wfu_filepath_safe_storage', array());
44
-
45
- //basedir may also contain information about the sorting of the displayed
46
- //elements, as well as a filename that needs to be located and get focus on
47
- //the browser;
48
- //sorting information is enclosed in double brackets: [[sort_info]]
49
- //filename information is enclosed in double braces: {{filename}}
50
- $sort = "";
51
- $located_file = "";
52
- $located_file_found = false;
53
- $filter = "";
54
- if ( $basedir !== false ) {
55
- $ret = wfu_extract_sortdata_from_path($basedir);
56
- $basedir = $ret['path'];
57
- $sort = $ret['sort'];
58
- $located_file = $ret['file'];
59
- $filter = $ret['filter'];
60
- }
61
- if ( $sort == "" ) $sort = 'name';
62
- if ( substr($sort, 0, 1) == '-' ) $order = SORT_DESC;
63
- else $order = SORT_ASC;
64
- //if page is not -1, then do not locate a file
65
- if ( $located_file != "" && $page > -1 ) $located_file = "";
66
- //adjust page to be larger than zero
67
- if ( $page < 1 ) $page = 1;
68
-
69
- //adjust basedir to have a standard format
70
- if ( $basedir !== false ) {
71
- if ( substr($basedir, -1) != '/' ) $basedir .= '/';
72
- if ( substr($basedir, 0, 1) == '/' ) $basedir = substr($basedir, 1);
73
- //calculate the absolute path of basedir knowing that basedir is relative to website root
74
- $basedir = wfu_path_rel2abs($basedir);
75
- if ( !wfu_file_exists($basedir, "wfu_browse_files") ) $basedir = false;
76
- }
77
- //set basedit to default value if empty
78
- if ( $basedir === false ) {
79
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
80
- $basedir = ( isset($plugin_options['basedir']) ? $plugin_options['basedir'] : "" );
81
- $temp_params = array( 'uploadpath' => $basedir, 'accessmethod' => 'normal', 'ftpinfo' => '', 'useftpdomain' => 'false' );
82
- $basedir = wfu_upload_plugin_full_path($temp_params);
83
- }
84
- //find relative dir
85
- $reldir = str_replace(wfu_abspath(), "root/", $basedir);
86
- //save dir route to an array
87
- $parts = explode('/', $reldir);
88
- $route = array();
89
- $prev = "";
90
- foreach ( $parts as $part ) {
91
- $part = trim($part);
92
- if ( $part != "" ) {
93
- // if ( $part == 'root' && $prev == "" ) $prev = wfu_abspath();
94
- if ( $part == 'root' && $prev == "" ) $prev = "";
95
- else $prev .= $part.'/';
96
- array_push($route, array( 'item' => $part, 'path' => $prev ));
97
- }
98
- }
99
- //calculate upper directory
100
- $updir = substr($basedir, 0, -1);
101
- $delim_pos = strrpos($updir, '/');
102
- if ( $delim_pos !== false ) $updir = substr($updir, 0, $delim_pos + 1);
103
-
104
- //define referer (with sort data) to point to this url for use by the elements
105
- $referer = $siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$basedir_code;
106
- $referer_code = wfu_safe_store_filepath($referer.'[['.$sort.']]');
107
- //define header parameters that can be later used when defining file actions
108
- $header_params = array();
109
-
110
- //find contents of current folder taking into account pagination, if it is
111
- //activated; contents are found following an optimized procedure as follows:
112
- // 1. all dirs and files are found and stored in separate arrays
113
- // 2. if pagination is activated then it is checked if there are any dirs
114
- // in the current page
115
- // 3. if dir sorting is name then dirs are sorted
116
- // 4. if dir sorting is date then stat is called for all dirs and then they
117
- // are sorted
118
- // 5. if pagination is activated then dirs array is sliced to keep only the
119
- // ones belonging to the current page and then stat is called if it has
120
- // not already been called
121
- // 6. if there is room in the page for showing files, then files are also
122
- // processed
123
- // 7. if file sorting is name then files are sorted
124
- // 8. if file sorting is date or size then stat is called for all files and
125
- // then they are sorted
126
- // 9. if file sorting is user then db record is retrieved for all files and
127
- // then they are sorted
128
- // 10. if pagination is activated then files array is sliced to keep only
129
- // the ones fitting in the page; then stat is called and/or db record is
130
- // retrieved
131
- //first calculate dirs and files arrays
132
- $dirlist = array();
133
- $dirlist_include = true;
134
- $dirlist_perpage = array();
135
- $dirstat_ok = false;
136
- $filelist = array();
137
- $filestat_ok = false;
138
- $filerec_ok = false;
139
- if ( $handle = opendir($basedir) ) {
140
- $blacklist = array('.', '..');
141
- while ( false !== ($file = readdir($handle)) )
142
- if ( !in_array($file, $blacklist) ) {
143
- $filepath = $basedir.$file;
144
- if ( is_dir($filepath) ) array_push($dirlist, array( 'name' => $file, 'fullpath' => $filepath ));
145
- else array_push($filelist, array( 'name' => $file, 'fullpath' => $filepath ));
146
- }
147
- closedir($handle);
148
- }
149
- $dirlist_count = count($dirlist);
150
- $filelist_count = count($filelist);
151
- //get pagination details and determine if any dirs will be shown
152
- $maxrows = (int)WFU_VAR("WFU_ADMINBROWSER_TABLE_MAXROWS");
153
- $files_total = $dirlist_count + $filelist_count;
154
- if ( $maxrows > 0 ) {
155
- $pages = max(ceil($files_total / $maxrows), 1);
156
- if ( $page > $pages ) $page = $pages;
157
- //if first item index passes number of dirs then do not include dirs
158
- if ( ($page - 1) * $maxrows >= $dirlist_count ) $dirlist_include = false;
159
- //if a filename has been defined to get focus, then $dirlist_include
160
- //needs to be true in order to calculate the dirs of every page
161
- if ( $located_file != "" ) $dirlist_include = true;
162
- }
163
- //process dirs if they are included in page
164
- if ( $dirlist_include ) {
165
- //adjust sort details
166
- $dirsort = ( substr($sort, -4) == 'date' ? 'mdate' : substr($sort, -4) );
167
- $dirorder = $order;
168
- if ( $dirsort == 'size' ) { $dirsort = 'name'; $dirorder = SORT_ASC; }
169
- if ( $dirsort == 'user' ) { $dirsort = 'name'; $dirorder = SORT_ASC; }
170
- switch ( $dirsort ) {
171
- case "name": $dirsort .= ":s"; break;
172
- case "mdate": $dirsort .= ":n"; break;
173
- }
174
- //if dir sort is mdate or if a file needs to be located then first
175
- //calculate stat
176
- if ( substr($dirsort, 0, 5) == 'mdate' || $located_file != "" ) {
177
- foreach ( $dirlist as &$dir ) {
178
- $stat = wfu_stat($dir['fullpath'], "wfu_browse_files:1");
179
- $dir['mdate'] = $stat['mtime'];
180
- }
181
- unset($dir);
182
- $dirstat_ok = true;
183
- }
184
- //sort dirs
185
- $dirlist = wfu_array_sort($dirlist, $dirsort, $dirorder);
186
- //if pagination is activated then slice dirs array to keep only the
187
- //items belonging in the current page
188
- if ( $maxrows > 0 ) {
189
- //before slicing we store the items in $dirlist_perpage array
190
- $i = $maxrows;
191
- $ipage = 0;
192
- foreach ( $dirlist as $dir ) {
193
- if ( $i >= $maxrows ) {
194
- $i = 0;
195
- $ipage ++;
196
- $dirlist_perpage[$ipage] = array();
197
- }
198
- array_push($dirlist_perpage[$ipage], $dir);
199
- $i ++;
200
- }
201
- //now we slice $dirlist
202
- $dirlist = array_slice($dirlist, ($page - 1) * $maxrows, $maxrows);
203
- }
204
- //calculate stat for the remaining dirs array, if it has not already
205
- //been done
206
- if ( !$dirstat_ok ) {
207
- foreach ( $dirlist as &$dir ) {
208
- $stat = wfu_stat($dir['fullpath'], "wfu_browse_files:2");
209
- $dir['mdate'] = $stat['mtime'];
210
- }
211
- unset($dir);
212
- }
213
- }
214
- else $dirlist = array();
215
- //determine if any files will be included in page; in case pagination is
216
- //activated then the remaining places need to be more than zero
217
- $files_included = ( $maxrows > 0 ? ( $maxrows - count($dirlist) > 0 ) : true );
218
- //if a filename has been defined to get focus, then $files_included
219
- //needs to be true in order to re-calculate the page
220
- if ( $located_file != "" ) $files_included = true;
221
- if ( $files_included ) {
222
- //adjust sort details
223
- $filesort = ( substr($sort, -4) == 'date' ? 'mdate' : substr($sort, -4) );
224
- switch ( $filesort ) {
225
- case "name": $filesort .= ":s"; break;
226
- case "size": $filesort .= ":n"; break;
227
- case "mdate": $filesort .= ":n"; break;
228
- case "user": $filesort .= ":s"; break;
229
- }
230
- //if file sort is size or mdate then first calculate stat
231
- if ( substr($filesort, 0, 4) == 'size' || substr($filesort, 0, 5) == 'mdate' ) {
232
- foreach ( $filelist as &$file ) {
233
- $stat = wfu_stat($file['fullpath'], "wfu_browse_files:3");
234
- $file['size'] = $stat['size'];
235
- $file['mdate'] = $stat['mtime'];
236
- }
237
- unset($file);
238
- $filestat_ok = true;
239
- }
240
- //if file sort is user then first calculate db records
241
- elseif ( substr($filesort, 0, 4) == 'user' ) {
242
- foreach ( $filelist as &$file ) {
243
- //find relative file record in database together with user data;
244
- //if the file is php, then file record is null meaning that the file
245
- //can only be viewed; if file record is not found then the file can
246
- //again only be viewed
247
- if ( preg_match("/\.php$/", $file['fullpath']) ) $filerec = null;
248
- else $filerec = wfu_get_file_rec($file['fullpath'], true);
249
- //find user who uploaded the file
250
- $username = ( $filerec != null ? wfu_get_username_by_id($filerec->uploaduserid) : '' );
251
- $file['user'] = $username;
252
- $file['filedata'] = $filerec;
253
- }
254
- unset($file);
255
- $filerec_ok = true;
256
- }
257
- //sort files
258
- $filelist = wfu_array_sort($filelist, $filesort, $order);
259
- //if pagination is activated and a file needs to receive focus, then we
260
- //need to calculate the page where the file is shown
261
- if ( $maxrows > 0 && $located_file != "" ) {
262
- $i = $dirlist_count;
263
- foreach ( $filelist as $key => $file ) {
264
- if ( $file['name'] == $located_file ) {
265
- $located_file_found = true;
266
- $filelist[$key]['highlighted'] = 1;
267
- break;
268
- }
269
- $i ++;
270
- }
271
- if ( $located_file_found ) {
272
- $page = floor( $i / $maxrows ) + 1;
273
- if ( isset($dirlist_perpage[$page]) ) $dirlist = $dirlist_perpage[$page];
274
- else $dirlist = array();
275
- }
276
- }
277
- //if pagination is activated then slice files array to keep only the items
278
- //belonging in the current page
279
- if ( $maxrows > 0 )
280
- $filelist = array_slice($filelist, max(($page - 1) * $maxrows - $dirlist_count, 0), $maxrows - count($dirlist));
281
- if ( !$filestat_ok || !$filerec_ok ) {
282
- foreach ( $filelist as &$file ) {
283
- if ( !$filestat_ok ) {
284
- $stat = wfu_stat($file['fullpath'], "wfu_browse_files:4");
285
- $file['size'] = $stat['size'];
286
- $file['mdate'] = $stat['mtime'];
287
- }
288
- if ( !$filerec_ok ) {
289
- if ( preg_match("/\.php$/", $file['fullpath']) ) $filerec = null;
290
- else $filerec = wfu_get_file_rec($file['fullpath'], true);
291
- $username = ( $filerec != null ? wfu_get_username_by_id($filerec->uploaduserid) : '' );
292
- $file['user'] = $username;
293
- $file['filedata'] = $filerec;
294
- }
295
- }
296
- unset($file);
297
- }
298
- }
299
- else $filelist = array();
300
-
301
- //start html output
302
- $echo_str = "";
303
- if ( !$only_table_rows ) {
304
- $echo_str .= "\n".'<div class="wrap">';
305
- $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
306
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
307
- $echo_str .= wfu_generate_dashboard_menu("\n\t\t", "File Browser");
308
- $echo_str .= "\n\t".'<div>';
309
- $echo_str .= "\n\t\t".'<span><strong>Location:</strong> </span>';
310
- foreach ( $route as $item ) {
311
- // store dir path that we need to pass to other functions in session, instead of exposing it in the url
312
- $dir_code = wfu_safe_store_filepath($item['path']);
313
- $echo_str .= '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">'.$item['item'].'</a>';
314
- $echo_str .= '<span>/</span>';
315
- }
316
- //file browser header
317
- $echo_str .= "\n\t".'</div>';
318
- // $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.$sort.']]');
319
- // $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=create_dir&dir='.$dir_code.'" class="button" title="create folder" style="margin-top:6px">Create folder</a>';
320
- $echo_str .= "\n\t".'<div style="margin-top:10px; position:relative;">';
321
- $echo_str .= wfu_add_loading_overlay("\n\t\t", "adminbrowser");
322
- $adminbrowser_nonce = wp_create_nonce( 'wfu-adminbrowser-page' );
323
- $echo_str .= "\n\t\t".'<div class="wfu_adminbrowser_header" style="width: 100%;">';
324
- $bulkactions = array(
325
- array( "name" => "move", "title" => "Move" ),
326
- array( "name" => "delete", "title" => "Delete" ),
327
- array( "name" => "include", "title" => "Include" )
328
- );
329
- $echo_str .= wfu_add_bulkactions_header("\n\t\t\t", "adminbrowser", $bulkactions);
330
- if ( $maxrows > 0 ) {
331
- $echo_str .= wfu_add_pagination_header("\n\t\t\t", "adminbrowser", $page, $pages, $adminbrowser_nonce);
332
- }
333
- $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_action_url" type="hidden" value="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" />';
334
- $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_code" type="hidden" value="'.$basedir_code.'" />';
335
- $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_referer" type="hidden" value="'.$referer_code.'" />';
336
- $echo_str .= "\n\t\t\t".'<input id="wfu_download_file_nonce" type="hidden" value="'.wp_create_nonce('wfu_download_file_invoker').'" />';
337
- $echo_str .= "\n\t\t\t".'<input id="wfu_include_file_nonce" type="hidden" value="'.wp_create_nonce('wfu_include_file').'" />';
338
- $echo_str .= "\n\t\t".'</div>';
339
- $echo_str .= "\n\t\t".'<table id="wfu_adminbrowser_table" class="wfu-adminbrowser wp-list-table widefat fixed striped">';
340
- $echo_str .= "\n\t\t\t".'<thead>';
341
- $echo_str .= "\n\t\t\t\t".'<tr>';
342
- $echo_str .= "\n\t\t\t\t\t".'<td scope="col" width="5%" class="manage-column check-column">';
343
- $echo_str .= "\n\t\t\t\t\t\t".'<input id="wfu_select_all_visible" type="checkbox" onchange="wfu_adminbrowser_select_all_visible_changed();" style="-webkit-appearance:checkbox;" />';
344
- $echo_str .= "\n\t\t\t\t\t".'</td>';
345
- $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="25%" class="manage-column column-primary">';
346
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? '-name' : 'name' ) : 'name' ).']]');
347
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Name'.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
348
- $echo_str .= "\n\t\t\t\t\t".'</th>';
349
- $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" class="manage-column">';
350
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? '-size' : 'size' ) : 'size' ).']]');
351
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Size'.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
352
- $echo_str .= "\n\t\t\t\t\t".'</th>';
353
- $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="20%" class="manage-column">';
354
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? '-date' : 'date' ) : 'date' ).']]');
355
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Date'.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
356
- $echo_str .= "\n\t\t\t\t\t".'</th>';
357
- $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" class="manage-column">';
358
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? '-user' : 'user' ) : 'user' ).']]');
359
- $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Uploaded By'.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
360
- $echo_str .= "\n\t\t\t\t\t".'</th>';
361
- $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" class="manage-column">';
362
- $echo_str .= "\n\t\t\t\t\t\t".'<label>User Data</label>';
363
- $echo_str .= "\n\t\t\t\t\t".'</th>';
364
- $echo_str .= "\n\t\t\t\t".'</tr>';
365
- $echo_str .= "\n\t\t\t".'</thead>';
366
- $echo_str .= "\n\t\t\t".'<tbody>';
367
- }
368
-
369
- //show subfolders first
370
- if ( $reldir != "root/" ) {
371
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($updir));
372
- $echo_str .= "\n\t\t\t\t".'<tr>';
373
- $echo_str .= "\n\t\t\t\t\t".'<th class="check-column"><input type="checkbox" disabled="disabled" /></th>';
374
- $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
375
- $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="go up">..</a>';
376
- $echo_str .= "\n\t\t\t\t\t".'</td>';
377
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size"> </td>';
378
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date"> </td>';
379
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By"> </td>';
380
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data"> </td>';
381
- $echo_str .= "\n\t\t\t\t".'</tr>';
382
- }
383
- $ii = 1;
384
- foreach ( $dirlist as $dir ) {
385
- $dir_code = wfu_prepare_to_batch_safe_store_filepath(wfu_path_abs2rel($dir['fullpath']).'[['.$sort.']]');
386
- $echo_str .= "\n\t\t\t\t".'<tr onmouseover="var actions=document.getElementsByName(\'wfu_dir_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_dir_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_dir_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
387
- $echo_str .= "\n\t\t\t\t\t".'<th class="check-column"><input type="checkbox" disabled="disabled" /></th>';
388
- $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
389
- $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="'.$dir['name'].'">'.$dir['name'].'</a>';
390
- $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_dir_actions_'.$ii.'" name="wfu_dir_actions" style="visibility:hidden;">';
391
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
392
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
393
- $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
394
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
395
- // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
396
- // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_dir&file='.$dir_code.'" title="Rename this folder">Rename</a>';
397
- // $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
398
- // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
399
- // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
400
- // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_dir&file='.$dir_code.'" title="Delete this folder">Delete</a>';
401
- // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
402
- $echo_str .= "\n\t\t\t\t\t\t".'</div>';
403
- $echo_str .= "\n\t\t\t\t\t\t".'<button type="button" class="toggle-row"><span class="screen-reader-text">Show more details</span></button>';
404
- $echo_str .= "\n\t\t\t\t\t".'</td>';
405
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size"> </td>';
406
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date">'.get_date_from_gmt(date("Y-m-d H:i:s", $dir['mdate']), "d/m/Y H:i:s").'</td>';
407
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By"> </td>';
408
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data"> </td>';
409
- $echo_str .= "\n\t\t\t\t".'</tr>';
410
- $ii ++;
411
- }
412
- //store dir paths to safe
413
- wfu_batch_safe_store_filepaths();
414
- //show contained files
415
- foreach ( $filelist as $file ) {
416
- $is_included = ( $file['filedata'] != null );
417
- $can_be_included = ( $plugin_options['includeotherfiles'] == "1" ) && !wfu_file_extension_blacklisted($file['name']);
418
- $highlighted = ( isset($file['highlighted']) && $file['highlighted'] == 1 );
419
- $file_code = '';
420
- if ( $is_included || $can_be_included ) $file_code = wfu_prepare_to_batch_safe_store_filepath(wfu_path_abs2rel($file['fullpath']).'[['.$sort.']]');
421
- $echo_str .= "\n\t\t\t\t".'<tr '.( $highlighted ? 'class="wfu-highlighted" ' : '' ).'onmouseover="var actions=document.getElementsByName(\'wfu_file_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_file_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_file_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
422
- $echo_str .= "\n\t\t\t\t\t".'<th class="check-column">';
423
- if ( $is_included || $can_be_included ) $echo_str .= "\n\t\t\t\t\t\t".'<input class="wfu_selectors'.( $is_included ? ' wfu_included' : '' ).' wfu_selcode_'.$file_code.'" type="checkbox" onchange="wfu_adminbrowser_selector_changed(this);" />';
424
- else $echo_str .= "\n\t\t\t\t\t\t".'<input type="checkbox" disabled="disabled" />';
425
- $echo_str .= "\n\t\t\t\t\t".'</th>';
426
- $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
427
- if ( $is_included || $can_be_included )
428
- $echo_str .= "\n\t\t\t\t\t\t".'<a id="wfu_file_link_'.$ii.'" class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file_code.'" title="View and edit file details" style="font-weight:normal;'.( $is_included ? '' : ' display:none;' ).'">'.$file['name'].'</a>';
429
- if ( !$is_included )
430
- $echo_str .= "\n\t\t\t\t\t\t".'<span id="wfu_file_flat_'.$ii.'">'.$file['name'].'</span>';
431
- //set additional $file properties for generating file actions
432
- $file["index"] = $ii;
433
- $file["code"] = $file_code;
434
- $file["referer_code"] = $referer_code;
435
- $file_actions = wfu_adminbrowser_file_actions($file, $header_params);
436
- $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_actions_'.$ii.'" name="wfu_file_actions" style="visibility:hidden;">';
437
- if ( $is_included || $can_be_included ) {
438
- $echo_str .= "\n\t\t\t\t\t\t\t".'<div id="wfu_file_is_included_actions_'.$ii.'" style="display:'.( $is_included ? 'block' : 'none' ).';">';
439
- //add file actions for files already included
440
- $array_keys = array_keys($file_actions["is_included"]);
441
- $lastkey = array_pop($array_keys);
442
- foreach ( $file_actions["is_included"] as $key => $action ) {
443
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<span>';
444
- foreach ( $action as $line )
445
- $echo_str .= "\n\t\t\t\t\t\t\t\t\t".$line;
446
- if ( $key != $lastkey ) $echo_str .= "\n\t\t\t\t\t\t\t\t\t".' | ';
447
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'</span>';
448
- }
449
- $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
450
- $echo_str .= "\n\t\t\t\t\t\t\t".'<div id="wfu_file_can_be_included_actions_'.$ii.'" style="display:'.( $is_included ? 'none' : 'block' ).';">';
451
- //add file actions for files that can be included
452
- $array_keys = array_keys($file_actions["can_be_included"]);
453
- $lastkey = array_pop($array_keys);
454
- foreach ( $file_actions["can_be_included"] as $key => $action ) {
455
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<span>';
456
- foreach ( $action as $line )
457
- $echo_str .= "\n\t\t\t\t\t\t\t\t\t".$line;
458
- if ( $key != $lastkey ) $echo_str .= "\n\t\t\t\t\t\t\t\t\t".' | ';
459
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'</span>';
460
- }
461
- $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
462
- }
463
- else {
464
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
465
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
466
- $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
467
- $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
468
- }
469
- $echo_str .= "\n\t\t\t\t\t\t".'</div>';
470
- $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_download_container_'.$ii.'" style="display: none;"></div>';
471
- $echo_str .= "\n\t\t\t\t\t\t".'<button type="button" class="toggle-row"><span class="screen-reader-text">Show more details</span></button>';
472
- $echo_str .= "\n\t\t\t\t\t".'</td>';
473
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size">'.$file['size'].'</td>';
474
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date">'.get_date_from_gmt(date("Y-m-d H:i:s", $file['mdate']), "d/m/Y H:i:s").'</td>';
475
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By">'.$file['user'].'</td>';
476
- $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data">';
477
- if ( $is_included ) {
478
- if ( is_array($file['filedata']->userdata) && count($file['filedata']->userdata) > 0 ) {
479
- $echo_str .= "\n\t\t\t\t\t\t".'<select multiple="multiple" style="width:100%; height:40px; background:none; font-size:small;">';
480
- foreach ( $file['filedata']->userdata as $userdata )
481
- $echo_str .= "\n\t\t\t\t\t\t\t".'<option>'.$userdata->property.': '.$userdata->propvalue.'</option>';
482
- $echo_str .= "\n\t\t\t\t\t\t".'</select>';
483
- }
484
- }
485
- $echo_str .= "\n\t\t\t\t\t".'</td>';
486
- $echo_str .= "\n\t\t\t\t".'</tr>';
487
- $ii ++;
488
- }
489
- //store file paths to safe
490
- wfu_batch_safe_store_filepaths();
491
-
492
- if ( !$only_table_rows ) {
493
- $echo_str .= "\n\t\t\t".'</tbody>';
494
- $echo_str .= "\n\t\t".'</table>';
495
- $echo_str .= "\n\t\t".'<iframe id="wfu_download_frame" style="display: none;"></iframe>';
496
- $echo_str .= "\n\t".'</div>';
497
- $echo_str .= "\n\t".'</div>';
498
- $echo_str .= "\n".'</div>';
499
- }
500
- if ( $located_file_found ) {
501
- $handler = 'function() { wfu_focus_table_on_highlighted_file("wfu_adminbrowser_table"); }';
502
- $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
503
- }
504
-
505
- return $echo_str;
506
- }
507
-
508
- /**
509
- * Add Actions to Displayed Files.
510
- *
511
- * This function sets the actions that can be applied on the displayed files.
512
- * Filters can customize these actions.
513
- *
514
- * @since 4.1.0
515
- *
516
- * @param array $file An array containing properties of the file.
517
- * @param array $params An array of custom parameters to pass to file actions
518
- * filter.
519
- *
520
- * @return array An array of actions that can be executed on the file.
521
- */
522
- function wfu_adminbrowser_file_actions($file, $params) {
523
- $siteurl = site_url();
524
- $actions = array(
525
- "is_included" => array(),
526
- "can_be_included" => array()
527
- );
528
- //add file actions if file is already included
529
- $actions["is_included"] += array(
530
- array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file["code"].'" title="View and edit file details">Details</a>' ),
531
- array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_file&file='.$file["code"].'" title="Rename this file">Rename</a>' ),
532
- array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=move_file&file='.$file["code"].'" title="Move this file">Move</a>' ),
533
- array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_file&file='.$file["code"].'&referer='.$file["referer_code"].'" title="Delete this file">Delete</a>' ),
534
- array( '<a href="javascript:wfu_download_file(\''.$file["code"].'\', '.$file["index"].');" title="Download this file">Download</a>' )
535
- );
536
- //add file actions if file can be included
537
- $actions["can_be_included"] += array(
538
- array(
539
- '<a id="wfu_include_file_'.$file["index"].'_a" href="javascript:wfu_include_file(\''.$file["code"].'\', '.$file["index"].');" title="Include file in plugin\'s database">Include File</a>',
540
- '<img id="wfu_include_file_'.$file["index"].'_img" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_LOADING.'" style="width:12px; display:none;" />',
541
- '<input id="wfu_include_file_'.$file["index"].'_inpfail" type="hidden" value="File could not be included!" />'
542
- )
543
- );
544
-
545
- return $actions;
546
- }
547
-
548
- /**
549
- * Check if User Owns a File.
550
- *
551
- * This function checks if a user is the owner of a specific file. It will
552
- * return true if the user in an administrator.
553
- *
554
- * @since 3.8.5
555
- *
556
- * @param integer $userid The ID of the user to check.
557
- * @param object $filerec The database record of the file.
558
- *
559
- * @return bool True if the user owns the file, false otherwise.
560
- */
561
- function wfu_user_owns_file($userid, $filerec) {
562
- if ( 0 == $userid )
563
- return false;
564
- if ( current_user_can('manage_options') ) return true;
565
- return false;
566
- }
567
-
568
- /**
569
- * Check if Current User Owns a File.
570
- *
571
- * This function checks if the current user is the owner of a specific file. It
572
- * will first check if the file extension is valid.
573
- *
574
- * @since 3.0.0
575
- *
576
- * @param string $filepath The full path of the file to check.
577
- * @param object $filerec Optional. The db record of the file, if available.
578
- *
579
- * @return bool True if the user owns the file, false otherwise.
580
- */
581
- function wfu_current_user_owes_file($filepath, $filerec = null) {
582
- //first check if file has a restricted extension; for security reasons some
583
- //file extensions cannot be owned
584
- if ( wfu_file_extension_blacklisted($filepath) ) return false;
585
- //then get file data from database, if exist
586
- if ( $filerec == null ) $filerec = wfu_get_file_rec($filepath, false);
587
- if ( $filerec == null ) return false;
588
-
589
- $user = wp_get_current_user();
590
- return wfu_user_owns_file($user->ID, $filerec);
591
- }
592
-
593
- /**
594
- * Check if Current User is Allowed to Execute an Action on a File.
595
- *
596
- * This function checks if the current user is allowed to execute a specific
597
- * action on a file.
598
- *
599
- * @since 2.4.1
600
- *
601
- * @param string $action A file action to check.
602
- * @param string $filepath The full path of the file to check.
603
- *
604
- * @return object|null Returns the current WP_User object if current user is
605
- * allowed to execute the action on the file or null otherwise.
606
- */
607
- function wfu_current_user_allowed_action($action, $filepath) {
608
- //first get file data from database, if exist
609
- $filerec = wfu_get_file_rec($filepath, false);
610
-
611
- $user = wp_get_current_user();
612
- if ( 0 == $user->ID ) return null;
613
- else $is_admin = current_user_can('manage_options');
614
- if ( !$is_admin ) {
615
- return null;
616
- }
617
- return $user;
618
- }
619
-
620
- /**
621
- * Check if User is Allowed to Execute an Action on a File.
622
- *
623
- * This function checks if a user is allowed to execute a specific action on a
624
- * file.
625
- *
626
- * @since 2.6.0
627
- *
628
- * @param string $action A file action to check.
629
- * @param string $filepath The full path of the file to check.
630
- * @param integer $userid The ID of the user to check.
631
- *
632
- * @return bool|null Returns true if current user is allowed to execute the
633
- * action on the file or null otherwise.
634
- */
635
- function wfu_current_user_allowed_action_remote($action, $filepath, $userid) {
636
- //first get file data from database, if exist
637
- $filerec = wfu_get_file_rec($filepath, false);
638
-
639
- if ( 0 == $userid ) return null;
640
- else $is_admin = user_can($userid, 'manage_options');
641
- if ( !$is_admin ) {
642
- return null;
643
- }
644
- return true;
645
- }
646
-
647
- /**
648
- * Confirm Renaming of File.
649
- *
650
- * This function shows a page to confirm renaming of a file.
651
- *
652
- * @since 2.2.1
653
- *
654
- * @param string $file_code A code corresponding to the file/dir to be renamed.
655
- * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
656
- * @param string $error An error message to show on top of the page in case an
657
- * error occured during renaming.
658
- *
659
- * @return string The HTML code of the confirmation page.
660
- */
661
- function wfu_rename_file_prompt($file_code, $type, $error) {
662
- if ( $type == 'dir' ) return;
663
-
664
- $siteurl = site_url();
665
-
666
- $is_admin = current_user_can( 'manage_options' );
667
- //check if user is allowed to view file details
668
- if ( !$is_admin ) {
669
- return;
670
- }
671
- $file_code = wfu_sanitize_code($file_code);
672
- $dec_file = wfu_get_filepath_from_safe($file_code);
673
- if ( $dec_file === false ) return;
674
-
675
- //first extract sort info from dec_file
676
- $ret = wfu_extract_sortdata_from_path($dec_file);
677
- $dec_file = wfu_path_rel2abs($ret['path']);
678
- if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
679
-
680
- //check if user is allowed to perform this action
681
- if ( !wfu_current_user_owes_file($dec_file) ) return;
682
-
683
- $parts = pathinfo($dec_file);
684
- $newname = $parts['basename'];
685
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($parts['dirname']).'[['.$ret['sort'].']]');
686
-
687
- $echo_str = "\n".'<div class="wrap">';
688
- if ( $error ) {
689
- $rename_file = WFU_USVAR('wfu_rename_file');
690
- $newname = $rename_file['newname'];
691
- $echo_str .= "\n\t".'<div class="error">';
692
- $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_rename_file_error').'</p>';
693
- $echo_str .= "\n\t".'</div>';
694
- }
695
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
696
- if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
697
- $echo_str .= "\n\t".'</div>';
698
- $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Rename '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
699
- if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="renamefile" id="renamefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
700
- $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="rename'.( $type == 'dir' ? 'dir' : 'file' ).'">';
701
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
702
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code.'">';
703
- if ( $type == 'dir' ) $echo_str .= "\n\t\t".'<label>Enter new name for folder <strong>'.$dec_file.'</strong></label><br/>';
704
- elseif ( $is_admin ) $echo_str .= "\n\t\t".'<label>Enter new filename for file <strong>'.$dec_file.'</strong></label><br/>';
705
- $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
706
- $echo_str .= "\n\t\t".'<p class="submit">';
707
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Rename">';
708
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
709
- $echo_str .= "\n\t\t".'</p>';
710
- $echo_str .= "\n\t".'</form>';
711
- $echo_str .= "\n".'</div>';
712
- return $echo_str;
713
- }
714
-
715
- /**
716
- * Confirm Moving of File.
717
- *
718
- * This function shows a page to confirm moving of a file to a new location.
719
- *
720
- * @since 4.10.3
721
- *
722
- * @param string $file_code A code corresponding to the file to be moved.
723
- * @param string $error An error message to show on top of the page in case an
724
- * error occured during move.
725
- *
726
- * @return string The HTML code of the confirmation page.
727
- */
728
- function wfu_move_file_prompt($file_code, $error) {
729
- $siteurl = site_url();
730
-
731
- $is_admin = current_user_can( 'manage_options' );
732
- //check if user is allowed to view file details
733
- if ( !$is_admin ) return;
734
-
735
- if ( !is_array($file_code) ) $file_code = array( $file_code );
736
- $names = array();
737
- foreach ( $file_code as $index => $code ) {
738
- $file_code[$index] = wfu_sanitize_code($code);
739
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
740
- if ( $dec_file === false ) unset($file_code[$index]);
741
- else {
742
- //first extract sort info from dec_file
743
- $ret = wfu_extract_sortdata_from_path($dec_file);
744
- $dec_file = $ret['path'];
745
- $parts = pathinfo($dec_file);
746
- array_push($names, $parts['basename']);
747
- }
748
- }
749
- if ( count($file_code) == 0 ) return;
750
- $file_code_list = "list:".implode(",", $file_code);
751
-
752
- $newpath = $parts['dirname'];
753
- $replacefiles = "";
754
- $dir_code = wfu_safe_store_filepath($parts['dirname'].'[['.$ret['sort'].']]');
755
-
756
- $echo_str = "\n".'<div class="wrap">';
757
- if ( $error ) {
758
- $move_file = WFU_USVAR('wfu_move_file');
759
- $newpath = $move_file['newpath'];
760
- $replacefiles = $move_file['replacefiles'];
761
- $echo_str .= "\n\t".'<div class="error">';
762
- $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_move_file_error').'</p>';
763
- $echo_str .= "\n\t".'</div>';
764
- }
765
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
766
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
767
- $echo_str .= "\n\t".'</div>';
768
- $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Move File</h2>';
769
- $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="movefile" id="movefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
770
- $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="movefile">';
771
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
772
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
773
- if ( count($names) == 1 )
774
- $echo_str .= "\n\t\t".'<label style="display:inline-block; margin-bottom:1em;">Enter destination folder for file <strong>'.$dec_file.'</strong></label><br/>';
775
- else {
776
- $echo_str .= "\n\t\t".'<label>Enter destination folder for files:</label><br/>';
777
- $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
778
- foreach ( $names as $name )
779
- $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
780
- $echo_str .= "\n\t\t".'</ul>';
781
- }
782
- $echo_str .= "\n\t\t".'<input name="wfu_newpath" id="wfu_newpath" type="text" value="'.$newpath.'" style="width:50%;" />';
783
- $echo_str .= "\n\t\t".'<p>';
784
- $echo_str .= "\n\t\t\t".'<label>Replace files with the same filename at destination:</label><br />';
785
- $echo_str .= "\n\t\t\t".'<input name="wfu_replace" id="wfu_replace_yes" type="radio" value="yes"'.( $replacefiles == "yes" ? ' checked="checked"' : '' ).' /><label for="wfu_replace_yes">Yes</label>';
786
- $echo_str .= "\n\t\t\t".'<input name="wfu_replace" id="wfu_replace_no" type="radio" value="no"'.( $replacefiles == "no" ? ' checked="checked"' : '' ).' style="margin-left:1em;" /><label for="wfu_replace_no">No</label>';
787
- $echo_str .= "\n\t\t".'</p>';
788
- $echo_str .= "\n\t\t".'<p class="submit">';
789
- $echo_str .= "\n\t\t\t".'<input type="button" class="button-primary" name="submitBtn" value="Move" onclick="if (!document.getElementById(\'wfu_replace_yes\').checked && !document.getElementById(\'wfu_replace_no\').checked) alert(\'Please select if files in destination with the same filename will be replaced or not!\'); else this.form.submit();" />';
790
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submitBtn" value="Cancel" />';
791
- $echo_str .= "\n\t\t".'</p>';
792
- $echo_str .= "\n\t".'</form>';
793
- $echo_str .= "\n".'</div>';
794
- return $echo_str;
795
- }
796
-
797
- /**
798
- * Execute Renaming of File.
799
- *
800
- * This function renames a file.
801
- *
802
- * @since 2.2.1
803
- *
804
- * @param string $file_code A code corresponding to the file/dir to be renamed.
805
- * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
806
- *
807
- * @return bool True if renaming of file succeeded, false otherwise.
808
- */
809
- function wfu_rename_file($file_code, $type) {
810
- if ( $type == 'dir' ) return;
811
-
812
- $user = wp_get_current_user();
813
- $is_admin = current_user_can( 'manage_options' );
814
- //check if user is allowed to view file details
815
- if ( !$is_admin ) {
816
- return;
817
- }
818
- $file_code = wfu_sanitize_code($file_code);
819
- $dec_file = wfu_get_filepath_from_safe($file_code);
820
- if ( $dec_file === false ) return;
821
-
822
- $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
823
- if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
824
- if ( !wfu_file_exists($dec_file, "wfu_rename_file:1") ) return;
825
-
826
- //check if user is allowed to perform this action
827
- if ( !wfu_current_user_owes_file($dec_file) ) return;
828
-
829
- $parts = pathinfo($dec_file);
830
- $error = "";
831
- if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
832
- if ( $_POST['submit'] == "Rename" && $_POST['wfu_newname'] != $parts['basename'] ) {
833
- $new_file = $parts['dirname'].'/'.$_POST['wfu_newname'];
834
- if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New '.( $type == 'dir' ? 'folder ' : 'file' ).'name cannot be empty!';
835
- elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
836
- elseif ( substr($_POST['wfu_newname'], -1 - strlen($parts['extension'])) != '.'.$parts['extension'] ) $error = 'Error: new and old file name extensions must be identical! Please correct.';
837
- elseif ( wfu_file_extension_blacklisted($_POST['wfu_newname']) ) $error = 'Error: the new file name has an extension that is forbidden for security reasons. Please correct.';
838
- elseif ( wfu_file_exists($new_file, "wfu_rename_file:2") ) $error = 'Error: The '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
839
- else {
840
- //pre-log rename action
841
- if ( $type == 'file' ) $retid = wfu_log_action('rename:'.$new_file, $dec_file, $user->ID, '', 0, 0, '', null);
842
- //perform rename action
843
- if ( rename($dec_file, $new_file) == false ) $error = 'Error: Rename of '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$parts['basename'].'</strong> failed!';
844
- //revert log action if file was not renamed
845
- if ( $type == 'file' && !wfu_file_exists($new_file, "wfu_rename_file:3") ) wfu_revert_log_action($retid);
846
- }
847
- }
848
- }
849
- if ( $error != "" ) {
850
- WFU_USVAR_store('wfu_rename_file_error', $error);
851
- $rename_file = WFU_USVAR('wfu_rename_file');
852
- $rename_file['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
853
- WFU_USVAR_store('wfu_rename_file', $rename_file);
854
- }
855
- return ( $error == "" );
856
- }
857
-
858
- /**
859
- * Execute Moving of File.
860
- *
861
- * This function moves a file to another location.
862
- *
863
- * @since 4.10.3
864
- *
865
- * @param string $file_code A code corresponding to the file to be moved.
866
- *
867
- * @return bool True if move of file succeeded, false otherwise.
868
- */
869
- function wfu_move_file($file_code) {
870
- $user = wp_get_current_user();
871
- $is_admin = current_user_can( 'manage_options' );
872
- //check if user is allowed to view file details
873
- if ( !$is_admin ) return;
874
-
875
- if ( !is_array($file_code) ) $file_code = array( $file_code );
876
- $dec_files = array();
877
- foreach ( $file_code as $index => $code ) {
878
- $file_code[$index] = wfu_sanitize_code($code);
879
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
880
- if ( $dec_file !== false ) {
881
- $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
882
- array_push($dec_files, $dec_file);
883
- }
884
- }
885
- if ( count($dec_files) == 0 ) return;
886
-
887
- $parts = pathinfo($dec_files[0]);
888
- $error = "";
889
- $regex = "/([^A-Za-z0-9\-._~!$&'()*+,;=:@#\/\\\\%]|%[^A-Fa-f0-9][^A-Fa-f0-9]|%[A-Fa-f0-9][^A-Fa-f0-9]|%[^A-Fa-f0-9][A-Fa-f0-9]|%.?$)/";
890
- if ( isset($_POST['wfu_newpath']) && isset($_POST['wfu_replace']) ) {
891
- $oldpath = $parts['dirname'];
892
- if ( substr($oldpath, -1) != '/' ) $oldpath = $oldpath.'/';
893
- $newpath = preg_replace($regex, "", $_POST['wfu_newpath']);
894
- if ( substr($newpath, 0, 1) != '/' ) $newpath = '/'.$newpath;
895
- $newpath = realpath(wfu_path_rel2abs($newpath));
896
- if ( substr($newpath, -1) != '/' ) $newpath = $newpath.'/';
897
- $replacefiles = ( $_POST['wfu_replace'] == 'yes' ? 'yes' : ( $_POST['wfu_replace'] == 'no' ? 'no' : '' ) );
898
- if ( trim($_POST['wfu_newpath']) == "" ) $error = 'Error: Destination path cannot be empty!';
899
- elseif ( $newpath == $oldpath ) $error = 'Error: Destination path is the same as source path!';
900
- elseif ( preg_match($regex, $_POST['wfu_newpath']) ) $error = 'Error: path contained invalid characters that were stripped off! Please try again.';
901
- elseif ( !wfu_file_exists($newpath, "wfu_move_file:1") ) $error = 'Error: Destination folder <strong>'.$_POST['wfu_newpath'].'</strong> does not exist!';
902
- elseif ( $replacefiles == "" ) $error = 'Error: Invalid selection about replacing files with same filename at destination!';
903
- else {
904
- foreach ( $dec_files as $dec_file ) {
905
- if ( wfu_file_exists($dec_file, "wfu_move_file:2") ) {
906
- $new_file = $newpath.wfu_basename($dec_file);
907
- if ( !wfu_file_exists($new_file, "wfu_move_file:3") || $replacefiles == "yes" ) {
908
- //pre-log move action
909
- $retid = wfu_log_action('move:'.$new_file, $dec_file, $user->ID, '', 0, 0, '', null);
910
- //perform move action
911
- if ( @rename($dec_file, $new_file) === false || !wfu_file_exists($new_file, "wfu_move_file:4") ) {
912
- wfu_revert_log_action($retid);
913
- }
914
- }
915
- }
916
- }
917
- }
918
- }
919
- if ( $error != "" ) {
920
- WFU_USVAR_store('wfu_move_file_error', $error);
921
- $move_file = WFU_USVAR('wfu_move_file');
922
- $move_file['newpath'] = preg_replace($regex, "", $_POST['wfu_newpath']);
923
- $move_file['replacefiles'] = $replacefiles;
924
- WFU_USVAR_store('wfu_move_file', $move_file);
925
- }
926
- return ( $error == "" );
927
- }
928
-
929
- /**
930
- * Confirm Deletion of File.
931
- *
932
- * This function shows a page to confirm deletion of a file.
933
- *
934
- * @since 2.2.1
935
- *
936
- * @param string $file_code A code corresponding to the file/dir to be deleted.
937
- * @param string $type Delete dir or file. Can take the values 'dir' or 'file'.
938
- * @param string $referer The page that initiated the deletion of the file.
939
- *
940
- * @return string The HTML code of the confirmation page.
941
- */
942
- function wfu_delete_file_prompt($file_code, $type, $referer) {
943
- if ( $type == 'dir' ) return;
944
-
945
- $siteurl = site_url();
946
-
947
- $is_admin = current_user_can( 'manage_options' );
948
- //check if user is allowed to view file details
949
- if ( !$is_admin ) {
950
- return;
951
- }
952
- if ( !is_array($file_code) ) $file_code = array( $file_code );
953
- $names = array();
954
- foreach ( $file_code as $index => $code ) {
955
- $file_code[$index] = wfu_sanitize_code($code);
956
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
957
- if ( $dec_file === false ) unset($file_code[$index]);
958
- else {
959
- //first extract sort info from dec_file
960
- $ret = wfu_extract_sortdata_from_path($dec_file);
961
- $dec_file = wfu_path_rel2abs($ret['path']);
962
- if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
963
- //check if user is allowed to perform this action
964
- if ( !wfu_current_user_owes_file($dec_file) ) unset($file_code[$index]);
965
- else {
966
- $parts = pathinfo($dec_file);
967
- array_push($names, $parts['basename']);
968
- }
969
- }
970
- }
971
- if ( count($file_code) == 0 ) return;
972
- $file_code_list = "list:".implode(",", $file_code);
973
-
974
- $referer_url = wfu_get_filepath_from_safe(wfu_sanitize_code($referer));
975
- $ret = wfu_extract_sortdata_from_path($referer_url);
976
- $referer_url = $ret['path'];
977
-
978
- $echo_str = "\n".'<div class="wrap">';
979
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
980
- if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$referer_url.'" class="button" title="go back">Go back</a>';
981
- $echo_str .= "\n\t".'</div>';
982
- $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Delete '.( $type == 'dir' ? 'Folder' : 'File'.( count($names) == 1 ? '' : 's' ) ).'</h2>';
983
- if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deletefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
984
- $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="delete'.( $type == 'dir' ? 'dir' : 'file' ).'">';
985
- $echo_str .= "\n\t\t".'<input type="hidden" name="referer" value="'.$referer.'">';
986
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
987
- if ( count($names) == 1 )
988
- $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$names[0].'</strong>?</label><br/>';
989
- else {
990
- $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'files' ).':';
991
- $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
992
- foreach ( $names as $name )
993
- $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
994
- $echo_str .= "\n\t\t".'</ul>';
995
- }
996
- $echo_str .= "\n\t\t".'<p class="submit">';
997
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
998
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
999
- $echo_str .= "\n\t\t".'</p>';
1000
- $echo_str .= "\n\t".'</form>';
1001
- $echo_str .= "\n".'</div>';
1002
- return $echo_str;
1003
- }
1004
-
1005
- /**
1006
- * Execute Deletion of File.
1007
- *
1008
- * This function deletes a file.
1009
- *
1010
- * @since 2.2.1
1011
- *
1012
- * @param string $file_code A code corresponding to the file/dir to be deleted.
1013
- * @param string $type Delete dir or file. Can take the values 'dir' or 'file'.
1014
- *
1015
- * @return bool True if deletion of file succeeded, false otherwise.
1016
- */
1017
- function wfu_delete_file($file_code, $type) {
1018
- if ( $type == 'dir' ) return;
1019
-
1020
- $user = wp_get_current_user();
1021
- $is_admin = current_user_can( 'manage_options' );
1022
- //check if user is allowed to view file details
1023
- if ( !$is_admin ) {
1024
- return;
1025
- }
1026
- if ( !is_array($file_code) ) $file_code = array( $file_code );
1027
- $dec_files = array();
1028
- foreach ( $file_code as $index => $code ) {
1029
- $file_code[$index] = wfu_sanitize_code($code);
1030
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1031
- if ( $dec_file !== false ) {
1032
- $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1033
- if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
1034
- //check if user is allowed to perform this action
1035
- if ( wfu_current_user_owes_file($dec_file) ) array_push($dec_files, $dec_file);
1036
- }
1037
- }
1038
- if ( count($dec_files) == 0 ) return;
1039
-
1040
- if ( isset($_POST['submit']) ) {
1041
- if ( $_POST['submit'] == "Delete" ) {
1042
- foreach ( $dec_files as $dec_file ) {
1043
- //pre-log delete action
1044
- if ( $type == 'file' ) wfu_delete_file_execute($dec_file, $user->ID);
1045
- elseif ( $type == 'dir' && $dec_file != "" ) wfu_delTree($dec_file);
1046
- }
1047
- }
1048
- }
1049
- return true;
1050
- }
1051
-
1052
- /**
1053
- * Confirm Creation of a Directory.
1054
- *
1055
- * This function shows a page to confirm creation of a directory.
1056
- *
1057
- * @since 2.2.1
1058
- *
1059
- * @param string $dir_code A code corresponding to the dir to be created.
1060
- * @param string $error An error message to show on top of the page in case an
1061
- * error occured during creation.
1062
- *
1063
- * @return string The HTML code of the confirmation page.
1064
- */
1065
- function wfu_create_dir_prompt($dir_code, $error) {
1066
- return;
1067
-
1068
- $siteurl = site_url();
1069
-
1070
- if ( !current_user_can( 'manage_options' ) ) return;
1071
-
1072
- $dir_code = wfu_sanitize_code($dir_code);
1073
- $dec_dir = wfu_get_filepath_from_safe($dir_code);
1074
- if ( $dec_dir === false ) return;
1075
-
1076
- //first extract sort info from dec_dir
1077
- $ret = wfu_extract_sortdata_from_path($dec_dir);
1078
- $dec_dir = wfu_path_rel2abs($ret['path']);
1079
- if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
1080
- $newname = '';
1081
-
1082
- $echo_str = "\n".'<div class="wrap">';
1083
- if ( $error ) {
1084
- $create_dir = WFU_USVAR('wfu_create_dir');
1085
- $newname = $create_dir['newname'];
1086
- $echo_str .= "\n\t".'<div class="error">';
1087
- $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_create_dir_error').'</p>';
1088
- $echo_str .= "\n\t".'</div>';
1089
- }
1090
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
1091
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
1092
- $echo_str .= "\n\t".'</div>';
1093
- $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Create Folder</h2>';
1094
- $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="createdir" id="createdir" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1095
- $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="createdir">';
1096
- $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
1097
- $echo_str .= "\n\t\t".'<label>Enter the name of the new folder inside <strong>'.$dec_dir.'</strong></label><br/>';
1098
- $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
1099
- $echo_str .= "\n\t\t".'<p class="submit">';
1100
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Create">';
1101
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
1102
- $echo_str .= "\n\t\t".'</p>';
1103
- $echo_str .= "\n\t".'</form>';
1104
- $echo_str .= "\n".'</div>';
1105
- return $echo_str;
1106
- }
1107
-
1108
- /**
1109
- * Execute Creation of Directory.
1110
- *
1111
- * This function creates a new directory.
1112
- *
1113
- * @since 2.2.1
1114
- *
1115
- * @param string $dir_code A code corresponding to the dir to be created.
1116
- *
1117
- * @return bool True if creation of dir succeeded, false otherwise.
1118
- */
1119
- function wfu_create_dir($dir_code) {
1120
- return;
1121
-
1122
- if ( !current_user_can( 'manage_options' ) ) return;
1123
-
1124
- $dir_code = wfu_sanitize_code($dir_code);
1125
- $dec_dir = wfu_get_filepath_from_safe($dir_code);
1126
- if ( $dec_dir === false ) return;
1127
-
1128
- $dec_dir = wfu_path_rel2abs(wfu_flatten_path($dec_dir));
1129
- if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
1130
- if ( !wfu_file_exists($dec_dir, "wfu_create_dir:1") ) return;
1131
- $error = "";
1132
- if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
1133
- if ( $_POST['submit'] == "Create" ) {
1134
- $new_dir = $dec_dir.$_POST['wfu_newname'];
1135
- if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New folder name cannot be empty!';
1136
- elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
1137
- elseif ( wfu_file_exists($new_dir, "wfu_create_dir:2") ) $error = 'Error: The folder <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
1138
- elseif ( mkdir($new_dir) == false ) $error = 'Error: Creation of folder <strong>'.$_POST['wfu_newname'].'</strong> failed!';
1139
- }
1140
- }
1141
- if ( $error != "" ) {
1142
- WFU_USVAR_store('wfu_create_dir_error', $error);
1143
- $create_dir = WFU_USVAR('wfu_create_dir');
1144
- $create_dir['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
1145
- WFU_USVAR_store('wfu_create_dir', $create_dir);
1146
- }
1147
- return ( $error == "" );
1148
- }
1149
-
1150
- /**
1151
- * Confirm Inclusion of File in Plugin's Database.
1152
- *
1153
- * This function shows a page to confirm inclusion of a file in plugin's
1154
- * database.
1155
- *
1156
- * @since 3.8.5
1157
- *
1158
- * @param string $file_code A code corresponding to the file to be included.
1159
- * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
1160
- * @param string $referer The page that initiated the inclusion of the file.
1161
- *
1162
- * @return string The HTML code of the confirmation page.
1163
- */
1164
- function wfu_include_file_prompt($file_code, $referer) {
1165
- if ( !current_user_can( 'manage_options' ) ) return;
1166
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
1167
- if ( $plugin_options['includeotherfiles'] != "1" ) return;
1168
-
1169
- $siteurl = site_url();
1170
- if ( !is_array($file_code) ) $file_code = array( $file_code );
1171
- $names = array();
1172
- foreach ( $file_code as $index => $code ) {
1173
- $file_code[$index] = wfu_sanitize_code($code);
1174
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1175
- if ( $dec_file === false ) unset($file_code[$index]);
1176
- else {
1177
- $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1178
- //do not include file if it has a forbidden extention or it is already included
1179
- if ( wfu_file_extension_blacklisted(wfu_basename($dec_file)) || wfu_get_file_rec($dec_file, false) != null )
1180
- unset($file_code[$index]);
1181
- else array_push($names, wfu_basename($dec_file));
1182
- }
1183
- }
1184
- if ( count($file_code) == 0 ) return;
1185
- $file_code_list = "list:".implode(",", $file_code);
1186
-
1187
- $referer_url = wfu_get_filepath_from_safe(wfu_sanitize_code($referer));
1188
- $ret = wfu_extract_sortdata_from_path($referer_url);
1189
- $referer_url = $ret['path'];
1190
-
1191
- $echo_str = "\n".'<div class="wrap">';
1192
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
1193
- $echo_str .= "\n\t\t".'<a href="'.$referer_url.'" class="button" title="go back">Go back</a>';
1194
- $echo_str .= "\n\t".'</div>';
1195
- $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Include File'.( count($names) == 1 ? '' : 's' ).'</h2>';
1196
- $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="includefile" id="includefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1197
- $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="includefile">';
1198
- $echo_str .= "\n\t\t".'<input type="hidden" name="referer" value="'.$referer.'">';
1199
- $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
1200
- if ( count($names) == 1 )
1201
- $echo_str .= "\n\t\t".'<label>Are you sure that you want to include file <strong>'.$names[0].'</strong>?</label><br/>';
1202
- else {
1203
- $echo_str .= "\n\t\t".'<label>Are you sure that you want to include files:';
1204
- $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
1205
- foreach ( $names as $name )
1206
- $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
1207
- $echo_str .= "\n\t\t".'</ul>';
1208
- }
1209
- $echo_str .= "\n\t\t".'<p class="submit">';
1210
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Include">';
1211
- $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
1212
- $echo_str .= "\n\t\t".'</p>';
1213
- $echo_str .= "\n\t".'</form>';
1214
- $echo_str .= "\n".'</div>';
1215
- return $echo_str;
1216
- }
1217
-
1218
- /**
1219
- * Execute Inclusion of File in Plugin's Database.
1220
- *
1221
- * This function includes a file in plugin's database.
1222
- *
1223
- * @since 3.8.5
1224
- *
1225
- * @param string $file_code A code corresponding to the file to be included.
1226
- *
1227
- * @return bool True if inclusion of file succeeded, false otherwise.
1228
- */
1229
- function wfu_include_file($file_code) {
1230
- if ( !current_user_can( 'manage_options' ) ) return;
1231
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
1232
- if ( $plugin_options['includeotherfiles'] != "1" ) return;
1233
-
1234
- if ( !is_array($file_code) ) $file_code = array( $file_code );
1235
- $dec_files = array();
1236
- foreach ( $file_code as $index => $code ) {
1237
- $file_code[$index] = wfu_sanitize_code($code);
1238
- $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1239
- if ( $dec_file !== false ) {
1240
- $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1241
- //include file if it does not have a forbidden extention and it not already included
1242
- if ( !wfu_file_extension_blacklisted(wfu_basename($dec_file)) && wfu_get_file_rec($dec_file, false) == null )
1243
- array_push($dec_files, $dec_file);
1244
- }
1245
- }
1246
- if ( count($dec_files) == 0 ) return;
1247
-
1248
- $user = wp_get_current_user();
1249
- if ( isset($_POST['submit']) ) {
1250
- if ( $_POST['submit'] == "Include" ) {
1251
- foreach ( $dec_files as $dec_file )
1252
- $fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
1253
- }
1254
- }
1255
- return true;
1256
- }
1257
-
1258
- /**
1259
- * Show File Details Page.
1260
- *
1261
- * This function shows a page displaying details of the uploaded file.
1262
- *
1263
- * @since 2.4.1
1264
- *
1265
- * @param string $file_code A code corresponding to the file to be included.
1266
- * @param string $errorstatus Error status. If it has the value 'error' then an
1267
- * error will be shown on top of the page.
1268
- * @param string $invoker Optional. The page URL that initiated file details
1269
- * page.
1270
- *
1271
- * @return string The HTML code of File Details page.
1272
- */
1273
- function wfu_file_details($file_code, $errorstatus, $invoker = '') {
1274
- $siteurl = site_url();
1275
- $allow_obsolete = false;
1276
- $file_exists = true;
1277
- $file_belongs = true;
1278
- $admin_can_edit = true;
1279
-
1280
- //if $file_code starts with 'byID:', then it contains a db record ID and not
1281
- //a file path; in this case we show the properties of the specific record
1282
- //and all linked ones, even if it is obsolete; this is only allowed for
1283
- //admins
1284
- if ( substr($file_code, 0, 5) == "byID:" ) {
1285
- $allow_obsolete = true;
1286
- $file_code = substr($file_code, 5);
1287
- }
1288
-
1289
- $user = wp_get_current_user();
1290
- $is_admin = current_user_can( 'manage_options' );
1291
- //check if user is allowed to view file details
1292
- if ( !$is_admin ) {
1293
- if ( $allow_obsolete ) return;
1294
- return;
1295
- }
1296
- if ( $allow_obsolete ) {
1297
- $file_code = wfu_sanitize_int($file_code);
1298
- $initialrec = wfu_get_file_rec_from_id($file_code, true);
1299
- if ( $initialrec == null ) return;
1300
-
1301
- //get all associated file records
1302
- $filerecs = wfu_get_rec_new_history($initialrec->idlog);
1303
- //get the latest record of this upload
1304
- $filerec = $filerecs[count($filerecs) - 1];
1305
- $filerec->userdata = $initialrec->userdata;
1306
-
1307
- $filepath = wfu_path_rel2abs($filerec->filepath);
1308
- //in the case of $allow_obsolete we need to check if the file exists and
1309
- //if it belongs to the current record
1310
- $latestrec = wfu_get_file_rec($filepath, true);
1311
- $file_exists = ( $latestrec != null );
1312
- $file_belongs = ( $file_exists && $latestrec->idlog == $filerec->idlog );
1313
- $admin_can_edit = $file_exists;
1314
-
1315
- //extract file parts and file properties
1316
- $parts = pathinfo($filepath);
1317
- if ( $file_exists ) $stat = wfu_stat($filepath, "wfu_file_details:1");
1318
- else $stat['mtime'] = '';
1319
- }
1320
- else {
1321
- $file_code = wfu_sanitize_code($file_code);
1322
- $dec_file = wfu_get_filepath_from_safe($file_code);
1323
- if ( $dec_file === false ) return;
1324
-
1325
- //extract file browser data from $file variable
1326
- $ret = wfu_extract_sortdata_from_path($dec_file);
1327
- $filepath = wfu_path_rel2abs($ret['path']);
1328
-
1329
- //check if user is allowed to perform this action
1330
- if ( !wfu_current_user_owes_file($filepath) ) return;
1331
-
1332
- //get file data from database with user data
1333
- $filerec = wfu_get_file_rec($filepath, true);
1334
- if ( $filerec == null ) return;
1335
-
1336
- //extract sort info and construct contained dir
1337
- $parts = pathinfo($filepath);
1338
- $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($parts['dirname']).'[['.$ret['sort'].']]');
1339
-
1340
- $stat = wfu_stat($filepath, "wfu_file_details:2");
1341
- }
1342
-
1343
- $echo_str = '<div class="regev_wrap">';
1344
- if ( $errorstatus == 'error' ) {
1345
- $echo_str .= "\n\t".'<div class="error">';
1346
- $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_filedetails_error').'</p>';
1347
- $echo_str .= "\n\t".'</div>';
1348
- }
1349
- //show file details
1350
- $echo_str .= "\n\t".'<h2>Details of File: '.$parts['basename'].'</h2>';
1351
- if ( !$file_exists ) {
1352
- $echo_str .= "\n\t\t".'<div class="notice notice-warning">';
1353
- $echo_str .= "\n\t\t\t".'<p>File does not exist on the server anymore!</p>';
1354
- $echo_str .= "\n\t\t".'</div>';
1355
- }
1356
- elseif ( !$file_belongs ) {
1357
- $echo_str .= "\n\t\t".'<div class="notice notice-warning">';
1358
- $echo_str .= "\n\t\t\t".'<p>This record is old. The file is associated with another record.</p>';
1359
- $echo_str .= "\n\t\t".'</div>';
1360
- }
1361
- $echo_str .= "\n\t".'<div style="margin-top:10px;">';
1362
- if ( $is_admin ) {
1363
- $invoker_action = ( $invoker == '' ? false : wfu_get_browser_params_from_safe($invoker) );
1364
- $goback_action = ( $invoker_action === false ? 'file_browser&dir='.$dir_code : $invoker_action );
1365
- if ( substr($goback_action, 0, 18) == "wfu_uploaded_files" )
1366
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/admin.php?page='.$goback_action.'" class="button" title="go back">Go back</a>';
1367
- elseif ( $goback_action != "no_referer" )
1368
- $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action='.$goback_action.'" class="button" title="go back">Go back</a>';
1369
- $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editfiledetails" id="editfiledetails" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_filedetails" class="validate">';
1370
- }
1371
- $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Upload Details</h3>';
1372
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_filedetails" />';
1373
- //$echo_str .= "\n\t\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
1374
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="invoker" value="'.$invoker.'">';
1375
- $echo_str .= "\n\t\t\t".'<input type="hidden" name="file" value="'.( $allow_obsolete ? 'byID:'.$file_code : $file_code ).'">';
1376
- $echo_str .= "\n\t\t\t".'<table class="form-table">';
1377
- $echo_str .= "\n\t\t\t\t".'<tbody>';
1378
- if ( $is_admin ) {
1379
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1380
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1381
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Full Path</label>';
1382
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1383
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1384
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filepath.'" readonly="readonly" style="width:50%;" />';
1385
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1386
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1387
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1388
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1389
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded By User</label>';
1390
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1391
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1392
- $echo_str .= "\n\t\t\t\t\t\t\t".'<select id="wfu_filedetails_users" disabled="disabled">';
1393
- //get all users
1394
- $args = array();
1395
- /**
1396
- * Filter Arguments for Getting List of Users.
1397
- *
1398
- * This filter allows to customize the arguments passed to get_users()
1399
- * function to get a list of users. By default the plugin will get a
1400
- * list of all users. If the website contains too many users this
1401
- * operation may take time and delay loading of the page. So this filter
1402
- * can be used to optimize this operation.
1403
- *
1404
- * @since 4.11.0
1405
- *
1406
- * @param array $args Arguments to retrieve users.
1407
- * @param string $operation A parameter designating in which operation
1408
- * the filter is used.
1409
- */
1410
- $args = apply_filters("_wfu_get_users", $args, "edit_file_details");
1411
- $users = get_users($args);
1412
- foreach ( $users as $userid => $user )
1413
- $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="'.$user->ID.'"'.( $filerec->uploaduserid == $user->ID ? ' selected="selected"' : '' ).'>'.$user->display_name.' ('.$user->user_login.')</option>';
1414
- $echo_str .= "\n\t\t\t\t\t\t\t".'</select>';
1415
- if ( $admin_can_edit ) {
1416
- $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_change" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = false; this.style.display = \'none\'; document.getElementById(\'btn_ok\').style.display = \'inline-block\'; document.getElementById(\'btn_cancel\').style.display = \'inline-block\'; return false;"'.( $is_admin ? '' : ' style="display:none;"' ).'>Change User</a>';
1417
- $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_ok" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = true; document.getElementById(\'btn_change\').style.display = \'inline-block\'; this.style.display=\'none\'; document.getElementById(\'btn_cancel\').style.display = \'none\'; document.getElementById(\'wfu_filedetails_userid\').value = document.getElementById(\'wfu_filedetails_users\').value; wfu_filedetails_changed(); return false;" style="display:none;">Ok</a>';
1418
- $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_cancel" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = true; document.getElementById(\'btn_change\').style.display = \'inline-block\'; this.style.display=\'none\'; document.getElementById(\'btn_ok\').style.display = \'none\'; document.getElementById(\'wfu_filedetails_users\').value = document.getElementById(\'wfu_filedetails_userid\').value; return false;" style="display:none;">Cancel</a>';
1419
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="hidden" id="wfu_filedetails_userid" name="wfu_filedetails_userid" value="'.$filerec->uploaduserid.'" />';
1420
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="hidden" id="wfu_filedetails_userid_default" value="'.$filerec->uploaduserid.'" />';
1421
- }
1422
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1423
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1424
- }
1425
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1426
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1427
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Size</label>';
1428
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1429
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1430
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filerec->filesize.'" readonly="readonly" style="width:auto;" />';
1431
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1432
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1433
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1434
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1435
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Date</label>';
1436
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1437
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1438
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.( $file_exists ? get_date_from_gmt(date("Y-m-d H:i:s", $stat['mtime']), "d/m/Y H:i:s") : '' ).'" readonly="readonly" style="width:auto;" />';
1439
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1440
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1441
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1442
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1443
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded From Page</label>';
1444
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1445
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1446
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.get_the_title($filerec->pageid).' ('.$filerec->pageid.')'.'" readonly="readonly" style="width:50%;" />';
1447
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1448
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1449
- if ( $is_admin ) {
1450
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1451
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1452
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Upload Plugin ID</label>';
1453
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1454
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1455
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filerec->sid.'" readonly="readonly" style="width:auto;" />';
1456
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1457
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1458
- }
1459
- $echo_str .= "\n\t\t\t\t".'</tbody>';
1460
- $echo_str .= "\n\t\t\t".'</table>';
1461
- if ( $is_admin ) {
1462
- //show history details
1463
- $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">File History</h3>';
1464
- $echo_str .= "\n\t\t\t".'<table class="form-table">';
1465
- $echo_str .= "\n\t\t\t\t".'<tbody>';
1466
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1467
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1468
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label></label>';
1469
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1470
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1471
- //read all linked older records
1472
- $filerecs = wfu_get_rec_old_history($filerec->idlog);
1473
- //construct report from db records
1474
- $rep = '';
1475
- foreach ( $filerecs as $rec ) {
1476
- $username = wfu_get_username_by_id($rec->userid);
1477
- $fileparts = pathinfo($rec->filepath);
1478
- if ( $rep != '' ) $rep .= "<br />";
1479
- $rep .= '<strong>['.get_date_from_gmt($rec->date_from).']</strong> ';
1480
- if ( $rec->action == 'upload' )
1481
- $rep .= 'File uploaded at <strong>'.$fileparts['dirname'].'</strong> with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1482
- elseif ( $rec->action == 'include' )
1483
- $rep .= 'File included in database at <strong>'.$fileparts['dirname'].'</strong> with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1484
- elseif ( $rec->action == 'download' )
1485
- $rep .= 'File downloaded by user <strong>'.$username.'</strong>';
1486
- elseif ( $rec->action == 'rename' )
1487
- $rep .= 'File renamed to <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1488
- elseif ( $rec->action == 'move' )
1489
- $rep .= 'File moved to <strong>'.$fileparts['dirname'].'</strong> by user <strong>'.$username.'</strong>';
1490
- elseif ( $rec->action == 'delete' )
1491
- $rep .= 'File deleted by user <strong>'.$username.'</strong>';
1492
- elseif ( $rec->action == 'modify' )
1493
- $rep .= 'File userdata modified by user <strong>'.$username.'</strong>';
1494
- elseif ( $rec->action == 'changeuser' )
1495
- $rep .= 'File upload user modified by user <strong>'.$username.'</strong>';
1496
- }
1497
- $echo_str .= "\n\t\t\t\t\t\t\t".'<div style="border:1px solid #dfdfdf; border-radius:3px; width:50%; overflow:scroll; padding:6px; height:100px; background-color:#eee;">';
1498
- $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="white-space:nowrap;">'.$rep.'</span>';
1499
- $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
1500
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1501
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1502
- $echo_str .= "\n\t\t\t\t".'</tbody>';
1503
- $echo_str .= "\n\t\t\t".'</table>';
1504
- }
1505
-
1506
- $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">User Data Details</h3>';
1507
- $echo_str .= "\n\t\t\t".'<table class="form-table">';
1508
- $echo_str .= "\n\t\t\t\t".'<tbody>';
1509
- if ( is_array($filerec->userdata) && count($filerec->userdata) > 0 ) {
1510
- foreach ( $filerec->userdata as $userdata ) {
1511
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1512
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1513
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>'.$userdata->property.'</label>';
1514
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1515
- $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1516
- // $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" type="text"'.( $is_admin ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'" />';
1517
- $echo_str .= "\n\t\t\t\t\t\t\t".'<textarea id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" '.( ($is_admin && $admin_can_edit) ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'">'.$userdata->propvalue.'</textarea>';
1518
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_default_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
1519
- $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_'.$userdata->propkey.'" name="wfu_filedetails_userdata_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
1520
- $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1521
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1522
- }
1523
- }
1524
- else {
1525
- $echo_str .= "\n\t\t\t\t\t".'<tr>';
1526
- $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1527
- $echo_str .= "\n\t\t\t\t\t\t\t".'<label>No user data</label>';
1528
- $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1529
- $echo_str .= "\n\t\t\t\t\t\t".'<td></td>';
1530
- $echo_str .= "\n\t\t\t\t\t".'</tr>';
1531
- }
1532
- $echo_str .= "\n\t\t\t\t".'</tbody>';
1533
- $echo_str .= "\n\t\t\t".'</table>';
1534
- if ( ($is_admin && $admin_can_edit) ) {
1535
- $echo_str .= "\n\t\t\t".'<p class="submit">';
1536
- $echo_str .= "\n\t\t\t\t".'<input id="dp_filedetails_submit_fields" type="submit" class="button-primary" name="submit" value="Update" disabled="disabled" />';
1537
- $echo_str .= "\n\t\t\t".'</p>';
1538
- }
1539
- $echo_str .= "\n\t\t".'</form>';
1540
- $echo_str .= "\n\t".'</div>';
1541
- $handler = 'function() { wfu_Attach_FileDetails_Admin_Events(); }';
1542
- $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
1543
- $echo_str .= '</div>';
1544
-
1545
- return $echo_str;
1546
- }
1547
-
1548
- /**
1549
- * Change File Details.
1550
- *
1551
- * This function modifies the database record of an uploaded file, as well as
1552
- * any associated user data field records.
1553
- *
1554
- * @since 2.4.1
1555
- *
1556
- * @param string $file_code A code corresponding to the file to be modified.
1557
- *
1558
- * @return bool True if modification of file succeeded, false otherwise.
1559
- */
1560
- function wfu_edit_filedetails($file_code) {
1561
- global $wpdb;
1562
- $table_name2 = $wpdb->prefix . "wfu_userdata";
1563
- $allow_obsolete = false;
1564
-
1565
- if ( substr($file_code, 0, 5) == "byID:" ) {
1566
- $allow_obsolete = true;
1567
- $file_code = substr($file_code, 5);
1568
- }
1569
-
1570
- $user = wp_get_current_user();
1571
- $is_admin = current_user_can( 'manage_options' );
1572
- //check if user is allowed to view file details
1573
- if ( !$is_admin ) {
1574
- if ( $allow_obsolete ) return;
1575
- return;
1576
- }
1577
- if ( $allow_obsolete ) {
1578
- $file_code = wfu_sanitize_int($file_code);
1579
- $initialrec = wfu_get_file_rec_from_id($file_code, true);
1580
- if ( $initialrec == null ) return;
1581
-
1582
- //get all associated file records
1583
- $filerecs = wfu_get_rec_new_history($initialrec->idlog);
1584
- //get the latest record of this upload
1585
- $filerec = $filerecs[count($filerecs) - 1];
1586
- $filerec->userdata = $initialrec->userdata;
1587
-
1588
- $filepath = wfu_path_rel2abs($filerec->filepath);
1589
- $latestrec = wfu_get_file_rec($filepath, true);
1590
- //if $latestrec is null then this means that file does not exist
1591
- if ( $latestrec == null ) return;
1592
- //if the record is obsolete then do not proceed
1593
- if ( $latestrec->idlog != $filerec->idlog ) return;
1594
- }
1595
- else {
1596
- $file_code = wfu_sanitize_code($file_code);
1597
- $dec_file = wfu_get_filepath_from_safe($file_code);
1598
- if ( $dec_file === false ) return;
1599
-
1600
- $filepath = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1601
-
1602
- //check if user is allowed to perform this action
1603
- if ( !wfu_current_user_owes_file($filepath) ) return;
1604
-
1605
- //get file data from database with user data
1606
- $filerec = wfu_get_file_rec($filepath, true);
1607
- if ( $filerec == null ) return;
1608
- }
1609
-
1610
- if ( isset($_POST['submit']) ) {
1611
- if ( $_POST['submit'] == "Update" ) {
1612
- if ( !is_array($filerec->userdata) ) $filerec->userdata = array();
1613
- //check for errors
1614
- $is_error = false;
1615
- foreach ( $filerec->userdata as $userdata ) {
1616
- if ( !isset($_POST['wfu_filedetails_userdata_'.$userdata->propkey]) ) {
1617
- $is_error = true;
1618
- break;
1619
- }
1620
- }
1621
- if ( !$is_error ) {
1622
- $now_date = date('Y-m-d H:i:s');
1623
- $userdata_count = 0;
1624
- foreach ( $filerec->userdata as $userdata ) {
1625
- $userdata_count ++;
1626
- //make existing userdata record obsolete
1627
- $wpdb->update($table_name2,
1628
- array( 'date_to' => $now_date ),
1629
- array( 'uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey ),
1630
- array( '%s' ),
1631
- array( '%s', '%s' )
1632
- );
1633
- //insert new userdata record
1634
- $wpdb->insert($table_name2,
1635
- array(
1636
- 'uploadid' => $userdata->uploadid,
1637
- 'property' => $userdata->property,
1638
- 'propkey' => $userdata->propkey,
1639
- 'propvalue' => $_POST['wfu_filedetails_userdata_'.$userdata->propkey],
1640
- 'date_from' => $now_date,
1641
- 'date_to' => 0
1642
- ),
1643
- array(
1644
- '%s',
1645
- '%s',
1646
- '%d',
1647
- '%s',
1648
- '%s',
1649
- '%s'
1650
- )
1651
- );
1652
- }
1653
- if ( $userdata_count > 0 ) wfu_log_action('modify:'.$now_date, $filepath, $user->ID, '', 0, 0, '', null);
1654
- }
1655
- if ( isset($_POST['wfu_filedetails_userid']) && $_POST['wfu_filedetails_userid'] != $filerec->uploaduserid ) {
1656
- wfu_log_action('changeuser:'.$_POST['wfu_filedetails_userid'], $filepath, $user->ID, '', 0, 0, '', null);
1657
- }
1658
- }
1659
- }
1660
- return true;
1661
  }
1
+ <?php
2
+
3
+ /**
4
+ * File Browser Page in Dashboard Area of Plugin
5
+ *
6
+ * This file contains functions related to File Browser page of plugin's
7
+ * Dashboard area.
8
+ *
9
+ * @link /lib/wfu_admin_browser.php
10
+ *
11
+ * @package WordPress File Upload Plugin
12
+ * @subpackage Core Components
13
+ * @since 3.7.1
14
+ */
15
+
16
+ /**
17
+ * Display the File Browser Page.
18
+ *
19
+ * This function displays the File Browser page of the plugin's Dashboard area.
20
+ *
21
+ * @since 2.2.1
22
+ *
23
+ * @param string $basedir_code A code string corresponding to the folder to be
24
+ * displayed.
25
+ * @param integer $page Optional. The page to display in case folder contents
26
+ * are paginated.
27
+ * @param bool $only_table_rows Optional. Return only the HTML code of the table
28
+ * rows.
29
+ *
30
+ * @return string The HTML output of the plugin's File Browser Dashboard page.
31
+ */
32
+ function wfu_browse_files($basedir_code, $page = -1, $only_table_rows = false) {
33
+ $siteurl = site_url();
34
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
35
+ $user = wp_get_current_user();
36
+ //store session variables for use from the downloader
37
+
38
+ if ( !current_user_can( 'manage_options' ) ) return;
39
+
40
+ //first decode basedir_code
41
+ $basedir = wfu_get_filepath_from_safe($basedir_code);
42
+ //clean session array holding dir and file paths if it is too big
43
+ if ( WFU_USVAR_exists('wfu_filepath_safe_storage') && count(WFU_USVAR('wfu_filepath_safe_storage')) > WFU_VAR("WFU_PHP_ARRAY_MAXLEN") ) WFU_USVAR_store('wfu_filepath_safe_storage', array());
44
+
45
+ //basedir may also contain information about the sorting of the displayed
46
+ //elements, as well as a filename that needs to be located and get focus on
47
+ //the browser;
48
+ //sorting information is enclosed in double brackets: [[sort_info]]
49
+ //filename information is enclosed in double braces: {{filename}}
50
+ $sort = "";
51
+ $located_file = "";
52
+ $located_file_found = false;
53
+ $filter = "";
54
+ if ( $basedir !== false ) {
55
+ $ret = wfu_extract_sortdata_from_path($basedir);
56
+ $basedir = $ret['path'];
57
+ $sort = $ret['sort'];
58
+ $located_file = $ret['file'];
59
+ $filter = $ret['filter'];
60
+ }
61
+ if ( $sort == "" ) $sort = 'name';
62
+ if ( substr($sort, 0, 1) == '-' ) $order = SORT_DESC;
63
+ else $order = SORT_ASC;
64
+ //if page is not -1, then do not locate a file
65
+ if ( $located_file != "" && $page > -1 ) $located_file = "";
66
+ //adjust page to be larger than zero
67
+ if ( $page < 1 ) $page = 1;
68
+
69
+ //adjust basedir to have a standard format
70
+ if ( $basedir !== false ) {
71
+ if ( substr($basedir, -1) != '/' ) $basedir .= '/';
72
+ if ( substr($basedir, 0, 1) == '/' ) $basedir = substr($basedir, 1);
73
+ //calculate the absolute path of basedir knowing that basedir is relative to website root
74
+ $basedir = wfu_path_rel2abs($basedir);
75
+ if ( !wfu_file_exists($basedir, "wfu_browse_files") ) $basedir = false;
76
+ }
77
+ //set basedit to default value if empty
78
+ if ( $basedir === false ) {
79
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
80
+ $basedir = ( isset($plugin_options['basedir']) ? $plugin_options['basedir'] : "" );
81
+ $temp_params = array( 'uploadpath' => $basedir, 'accessmethod' => 'normal', 'ftpinfo' => '', 'useftpdomain' => 'false' );
82
+ $basedir = wfu_upload_plugin_full_path($temp_params);
83
+ }
84
+ //find relative dir
85
+ $reldir = str_replace(wfu_abspath(), "root/", $basedir);
86
+ //save dir route to an array
87
+ $parts = explode('/', $reldir);
88
+ $route = array();
89
+ $prev = "";
90
+ foreach ( $parts as $part ) {
91
+ $part = trim($part);
92
+ if ( $part != "" ) {
93
+ // if ( $part == 'root' && $prev == "" ) $prev = wfu_abspath();
94
+ if ( $part == 'root' && $prev == "" ) $prev = "";
95
+ else $prev .= $part.'/';
96
+ array_push($route, array( 'item' => $part, 'path' => $prev ));
97
+ }
98
+ }
99
+ //calculate upper directory
100
+ $updir = substr($basedir, 0, -1);
101
+ $delim_pos = strrpos($updir, '/');
102
+ if ( $delim_pos !== false ) $updir = substr($updir, 0, $delim_pos + 1);
103
+
104
+ //define referer (with sort data) to point to this url for use by the elements
105
+ $referer = $siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$basedir_code;
106
+ $referer_code = wfu_safe_store_filepath($referer.'[['.$sort.']]');
107
+ //define header parameters that can be later used when defining file actions
108
+ $header_params = array();
109
+
110
+ //find contents of current folder taking into account pagination, if it is
111
+ //activated; contents are found following an optimized procedure as follows:
112
+ // 1. all dirs and files are found and stored in separate arrays
113
+ // 2. if pagination is activated then it is checked if there are any dirs
114
+ // in the current page
115
+ // 3. if dir sorting is name then dirs are sorted
116
+ // 4. if dir sorting is date then stat is called for all dirs and then they
117
+ // are sorted
118
+ // 5. if pagination is activated then dirs array is sliced to keep only the
119
+ // ones belonging to the current page and then stat is called if it has
120
+ // not already been called
121
+ // 6. if there is room in the page for showing files, then files are also
122
+ // processed
123
+ // 7. if file sorting is name then files are sorted
124
+ // 8. if file sorting is date or size then stat is called for all files and
125
+ // then they are sorted
126
+ // 9. if file sorting is user then db record is retrieved for all files and
127
+ // then they are sorted
128
+ // 10. if pagination is activated then files array is sliced to keep only
129
+ // the ones fitting in the page; then stat is called and/or db record is
130
+ // retrieved
131
+ //first calculate dirs and files arrays
132
+ $dirlist = array();
133
+ $dirlist_include = true;
134
+ $dirlist_perpage = array();
135
+ $dirstat_ok = false;
136
+ $filelist = array();
137
+ $filestat_ok = false;
138
+ $filerec_ok = false;
139
+ if ( $handle = opendir($basedir) ) {
140
+ $blacklist = array('.', '..');
141
+ while ( false !== ($file = readdir($handle)) )
142
+ if ( !in_array($file, $blacklist) ) {
143
+ $filepath = $basedir.$file;
144
+ if ( is_dir($filepath) ) array_push($dirlist, array( 'name' => $file, 'fullpath' => $filepath ));
145
+ else array_push($filelist, array( 'name' => $file, 'fullpath' => $filepath ));
146
+ }
147
+ closedir($handle);
148
+ }
149
+ $dirlist_count = count($dirlist);
150
+ $filelist_count = count($filelist);
151
+ //get pagination details and determine if any dirs will be shown
152
+ $maxrows = (int)WFU_VAR("WFU_ADMINBROWSER_TABLE_MAXROWS");
153
+ $files_total = $dirlist_count + $filelist_count;
154
+ if ( $maxrows > 0 ) {
155
+ $pages = max(ceil($files_total / $maxrows), 1);
156
+ if ( $page > $pages ) $page = $pages;
157
+ //if first item index passes number of dirs then do not include dirs
158
+ if ( ($page - 1) * $maxrows >= $dirlist_count ) $dirlist_include = false;
159
+ //if a filename has been defined to get focus, then $dirlist_include
160
+ //needs to be true in order to calculate the dirs of every page
161
+ if ( $located_file != "" ) $dirlist_include = true;
162
+ }
163
+ //process dirs if they are included in page
164
+ if ( $dirlist_include ) {
165
+ //adjust sort details
166
+ $dirsort = ( substr($sort, -4) == 'date' ? 'mdate' : substr($sort, -4) );
167
+ $dirorder = $order;
168
+ if ( $dirsort == 'size' ) { $dirsort = 'name'; $dirorder = SORT_ASC; }
169
+ if ( $dirsort == 'user' ) { $dirsort = 'name'; $dirorder = SORT_ASC; }
170
+ switch ( $dirsort ) {
171
+ case "name": $dirsort .= ":s"; break;
172
+ case "mdate": $dirsort .= ":n"; break;
173
+ }
174
+ //if dir sort is mdate or if a file needs to be located then first
175
+ //calculate stat
176
+ if ( substr($dirsort, 0, 5) == 'mdate' || $located_file != "" ) {
177
+ foreach ( $dirlist as &$dir ) {
178
+ $stat = wfu_stat($dir['fullpath'], "wfu_browse_files:1");
179
+ $dir['mdate'] = $stat['mtime'];
180
+ }
181
+ unset($dir);
182
+ $dirstat_ok = true;
183
+ }
184
+ //sort dirs
185
+ $dirlist = wfu_array_sort($dirlist, $dirsort, $dirorder);
186
+ //if pagination is activated then slice dirs array to keep only the
187
+ //items belonging in the current page
188
+ if ( $maxrows > 0 ) {
189
+ //before slicing we store the items in $dirlist_perpage array
190
+ $i = $maxrows;
191
+ $ipage = 0;
192
+ foreach ( $dirlist as $dir ) {
193
+ if ( $i >= $maxrows ) {
194
+ $i = 0;
195
+ $ipage ++;
196
+ $dirlist_perpage[$ipage] = array();
197
+ }
198
+ array_push($dirlist_perpage[$ipage], $dir);
199
+ $i ++;
200
+ }
201
+ //now we slice $dirlist
202
+ $dirlist = array_slice($dirlist, ($page - 1) * $maxrows, $maxrows);
203
+ }
204
+ //calculate stat for the remaining dirs array, if it has not already
205
+ //been done
206
+ if ( !$dirstat_ok ) {
207
+ foreach ( $dirlist as &$dir ) {
208
+ $stat = wfu_stat($dir['fullpath'], "wfu_browse_files:2");
209
+ $dir['mdate'] = $stat['mtime'];
210
+ }
211
+ unset($dir);
212
+ }
213
+ }
214
+ else $dirlist = array();
215
+ //determine if any files will be included in page; in case pagination is
216
+ //activated then the remaining places need to be more than zero
217
+ $files_included = ( $maxrows > 0 ? ( $maxrows - count($dirlist) > 0 ) : true );
218
+ //if a filename has been defined to get focus, then $files_included
219
+ //needs to be true in order to re-calculate the page
220
+ if ( $located_file != "" ) $files_included = true;
221
+ if ( $files_included ) {
222
+ //adjust sort details
223
+ $filesort = ( substr($sort, -4) == 'date' ? 'mdate' : substr($sort, -4) );
224
+ switch ( $filesort ) {
225
+ case "name": $filesort .= ":s"; break;
226
+ case "size": $filesort .= ":n"; break;
227
+ case "mdate": $filesort .= ":n"; break;
228
+ case "user": $filesort .= ":s"; break;
229
+ }
230
+ //if file sort is size or mdate then first calculate stat
231
+ if ( substr($filesort, 0, 4) == 'size' || substr($filesort, 0, 5) == 'mdate' ) {
232
+ foreach ( $filelist as &$file ) {
233
+ $stat = wfu_stat($file['fullpath'], "wfu_browse_files:3");
234
+ $file['size'] = $stat['size'];
235
+ $file['mdate'] = $stat['mtime'];
236
+ }
237
+ unset($file);
238
+ $filestat_ok = true;
239
+ }
240
+ //if file sort is user then first calculate db records
241
+ elseif ( substr($filesort, 0, 4) == 'user' ) {
242
+ foreach ( $filelist as &$file ) {
243
+ //find relative file record in database together with user data;
244
+ //if the file is php, then file record is null meaning that the file
245
+ //can only be viewed; if file record is not found then the file can
246
+ //again only be viewed
247
+ if ( preg_match("/\.php$/", $file['fullpath']) ) $filerec = null;
248
+ else $filerec = wfu_get_file_rec($file['fullpath'], true);
249
+ //find user who uploaded the file
250
+ $username = ( $filerec != null ? wfu_get_username_by_id($filerec->uploaduserid) : '' );
251
+ $file['user'] = $username;
252
+ $file['filedata'] = $filerec;
253
+ }
254
+ unset($file);
255
+ $filerec_ok = true;
256
+ }
257
+ //sort files
258
+ $filelist = wfu_array_sort($filelist, $filesort, $order);
259
+ //if pagination is activated and a file needs to receive focus, then we
260
+ //need to calculate the page where the file is shown
261
+ if ( $maxrows > 0 && $located_file != "" ) {
262
+ $i = $dirlist_count;
263
+ foreach ( $filelist as $key => $file ) {
264
+ if ( $file['name'] == $located_file ) {
265
+ $located_file_found = true;
266
+ $filelist[$key]['highlighted'] = 1;
267
+ break;
268
+ }
269
+ $i ++;
270
+ }
271
+ if ( $located_file_found ) {
272
+ $page = floor( $i / $maxrows ) + 1;
273
+ if ( isset($dirlist_perpage[$page]) ) $dirlist = $dirlist_perpage[$page];
274
+ else $dirlist = array();
275
+ }
276
+ }
277
+ //if pagination is activated then slice files array to keep only the items
278
+ //belonging in the current page
279
+ if ( $maxrows > 0 )
280
+ $filelist = array_slice($filelist, max(($page - 1) * $maxrows - $dirlist_count, 0), $maxrows - count($dirlist));
281
+ if ( !$filestat_ok || !$filerec_ok ) {
282
+ foreach ( $filelist as &$file ) {
283
+ if ( !$filestat_ok ) {
284
+ $stat = wfu_stat($file['fullpath'], "wfu_browse_files:4");
285
+ $file['size'] = $stat['size'];
286
+ $file['mdate'] = $stat['mtime'];
287
+ }
288
+ if ( !$filerec_ok ) {
289
+ if ( preg_match("/\.php$/", $file['fullpath']) ) $filerec = null;
290
+ else $filerec = wfu_get_file_rec($file['fullpath'], true);
291
+ $username = ( $filerec != null ? wfu_get_username_by_id($filerec->uploaduserid) : '' );
292
+ $file['user'] = $username;
293
+ $file['filedata'] = $filerec;
294
+ }
295
+ }
296
+ unset($file);
297
+ }
298
+ }
299
+ else $filelist = array();
300
+
301
+ //start html output
302
+ $echo_str = "";
303
+ if ( !$only_table_rows ) {
304
+ $echo_str .= "\n".'<div class="wrap">';
305
+ $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
306
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
307
+ $echo_str .= wfu_generate_dashboard_menu("\n\t\t", "File Browser");
308
+ $echo_str .= "\n\t".'<div>';
309
+ $echo_str .= "\n\t\t".'<span><strong>Location:</strong> </span>';
310
+ foreach ( $route as $item ) {
311
+ // store dir path that we need to pass to other functions in session, instead of exposing it in the url
312
+ $dir_code = wfu_safe_store_filepath($item['path']);
313
+ $echo_str .= '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">'.$item['item'].'</a>';
314
+ $echo_str .= '<span>/</span>';
315
+ }
316
+ //file browser header
317
+ $echo_str .= "\n\t".'</div>';
318
+ // $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.$sort.']]');
319
+ // $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=create_dir&dir='.$dir_code.'" class="button" title="create folder" style="margin-top:6px">Create folder</a>';
320
+ $echo_str .= "\n\t".'<div style="margin-top:10px; position:relative;">';
321
+ $echo_str .= wfu_add_loading_overlay("\n\t\t", "adminbrowser");
322
+ $adminbrowser_nonce = wp_create_nonce( 'wfu-adminbrowser-page' );
323
+ $echo_str .= "\n\t\t".'<div class="wfu_adminbrowser_header" style="width: 100%;">';
324
+ $bulkactions = array(
325
+ array( "name" => "move", "title" => "Move" ),
326
+ array( "name" => "delete", "title" => "Delete" ),
327
+ array( "name" => "include", "title" => "Include" )
328
+ );
329
+ $echo_str .= wfu_add_bulkactions_header("\n\t\t\t", "adminbrowser", $bulkactions);
330
+ if ( $maxrows > 0 ) {
331
+ $echo_str .= wfu_add_pagination_header("\n\t\t\t", "adminbrowser", $page, $pages, $adminbrowser_nonce);
332
+ }
333
+ $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_action_url" type="hidden" value="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" />';
334
+ $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_code" type="hidden" value="'.$basedir_code.'" />';
335
+ $echo_str .= "\n\t\t\t".'<input id="wfu_adminbrowser_referer" type="hidden" value="'.$referer_code.'" />';
336
+ $echo_str .= "\n\t\t\t".'<input id="wfu_download_file_nonce" type="hidden" value="'.wp_create_nonce('wfu_download_file_invoker').'" />';
337
+ $echo_str .= "\n\t\t\t".'<input id="wfu_include_file_nonce" type="hidden" value="'.wp_create_nonce('wfu_include_file').'" />';
338
+ $echo_str .= "\n\t\t".'</div>';
339
+ $echo_str .= "\n\t\t".'<table id="wfu_adminbrowser_table" class="wfu-adminbrowser wp-list-table widefat fixed striped">';
340
+ $echo_str .= "\n\t\t\t".'<thead>';
341
+ $echo_str .= "\n\t\t\t\t".'<tr>';
342
+ $echo_str .= "\n\t\t\t\t\t".'<td scope="col" width="5%" class="manage-column check-column">';
343
+ $echo_str .= "\n\t\t\t\t\t\t".'<input id="wfu_select_all_visible" type="checkbox" onchange="wfu_adminbrowser_select_all_visible_changed();" style="-webkit-appearance:checkbox;" />';
344
+ $echo_str .= "\n\t\t\t\t\t".'</td>';
345
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="25%" class="manage-column column-primary">';
346
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? '-name' : 'name' ) : 'name' ).']]');
347
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Name'.( substr($sort, -4) == 'name' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
348
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
349
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" class="manage-column">';
350
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? '-size' : 'size' ) : 'size' ).']]');
351
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Size'.( substr($sort, -4) == 'size' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
352
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
353
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="20%" class="manage-column">';
354
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? '-date' : 'date' ) : 'date' ).']]');
355
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Date'.( substr($sort, -4) == 'date' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
356
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
357
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="10%" class="manage-column">';
358
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($basedir).'[['.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? '-user' : 'user' ) : 'user' ).']]');
359
+ $echo_str .= "\n\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'">Uploaded By'.( substr($sort, -4) == 'user' ? ( $order == SORT_ASC ? ' &uarr;' : ' &darr;' ) : '' ).'</a>';
360
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
361
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="col" width="30%" class="manage-column">';
362
+ $echo_str .= "\n\t\t\t\t\t\t".'<label>User Data</label>';
363
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
364
+ $echo_str .= "\n\t\t\t\t".'</tr>';
365
+ $echo_str .= "\n\t\t\t".'</thead>';
366
+ $echo_str .= "\n\t\t\t".'<tbody>';
367
+ }
368
+
369
+ //show subfolders first
370
+ if ( $reldir != "root/" ) {
371
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($updir));
372
+ $echo_str .= "\n\t\t\t\t".'<tr>';
373
+ $echo_str .= "\n\t\t\t\t\t".'<th class="check-column"><input type="checkbox" disabled="disabled" /></th>';
374
+ $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
375
+ $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="go up">..</a>';
376
+ $echo_str .= "\n\t\t\t\t\t".'</td>';
377
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size"> </td>';
378
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date"> </td>';
379
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By"> </td>';
380
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data"> </td>';
381
+ $echo_str .= "\n\t\t\t\t".'</tr>';
382
+ }
383
+ $ii = 1;
384
+ foreach ( $dirlist as $dir ) {
385
+ $dir_code = wfu_prepare_to_batch_safe_store_filepath(wfu_path_abs2rel($dir['fullpath']).'[['.$sort.']]');
386
+ $echo_str .= "\n\t\t\t\t".'<tr onmouseover="var actions=document.getElementsByName(\'wfu_dir_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_dir_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_dir_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
387
+ $echo_str .= "\n\t\t\t\t\t".'<th class="check-column"><input type="checkbox" disabled="disabled" /></th>';
388
+ $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
389
+ $echo_str .= "\n\t\t\t\t\t\t".'<a class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir='.$dir_code.'" title="'.$dir['name'].'">'.$dir['name'].'</a>';
390
+ $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_dir_actions_'.$ii.'" name="wfu_dir_actions" style="visibility:hidden;">';
391
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
392
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
393
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
394
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
395
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
396
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_dir&file='.$dir_code.'" title="Rename this folder">Rename</a>';
397
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
398
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
399
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'<span>';
400
+ // $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_dir&file='.$dir_code.'" title="Delete this folder">Delete</a>';
401
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
402
+ $echo_str .= "\n\t\t\t\t\t\t".'</div>';
403
+ $echo_str .= "\n\t\t\t\t\t\t".'<button type="button" class="toggle-row"><span class="screen-reader-text">Show more details</span></button>';
404
+ $echo_str .= "\n\t\t\t\t\t".'</td>';
405
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size"> </td>';
406
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date">'.get_date_from_gmt(date("Y-m-d H:i:s", $dir['mdate']), "d/m/Y H:i:s").'</td>';
407
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By"> </td>';
408
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data"> </td>';
409
+ $echo_str .= "\n\t\t\t\t".'</tr>';
410
+ $ii ++;
411
+ }
412
+ //store dir paths to safe
413
+ wfu_batch_safe_store_filepaths();
414
+ //show contained files
415
+ foreach ( $filelist as $file ) {
416
+ $is_included = ( $file['filedata'] != null );
417
+ $can_be_included = ( $plugin_options['includeotherfiles'] == "1" ) && !wfu_file_extension_blacklisted($file['name']);
418
+ $highlighted = ( isset($file['highlighted']) && $file['highlighted'] == 1 );
419
+ $file_code = '';
420
+ if ( $is_included || $can_be_included ) $file_code = wfu_prepare_to_batch_safe_store_filepath(wfu_path_abs2rel($file['fullpath']).'[['.$sort.']]');
421
+ $echo_str .= "\n\t\t\t\t".'<tr '.( $highlighted ? 'class="wfu-highlighted" ' : '' ).'onmouseover="var actions=document.getElementsByName(\'wfu_file_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';} document.getElementById(\'wfu_file_actions_'.$ii.'\').style.visibility=\'visible\'" onmouseout="var actions=document.getElementsByName(\'wfu_file_actions\'); for (var i=0; i<actions.length; i++) {actions[i].style.visibility=\'hidden\';}">';
422
+ $echo_str .= "\n\t\t\t\t\t".'<th class="check-column">';
423
+ if ( $is_included || $can_be_included ) $echo_str .= "\n\t\t\t\t\t\t".'<input class="wfu_selectors'.( $is_included ? ' wfu_included' : '' ).' wfu_selcode_'.$file_code.'" type="checkbox" onchange="wfu_adminbrowser_selector_changed(this);" />';
424
+ else $echo_str .= "\n\t\t\t\t\t\t".'<input type="checkbox" disabled="disabled" />';
425
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
426
+ $echo_str .= "\n\t\t\t\t\t".'<td class="column-primary" data-colname="Name">';
427
+ if ( $is_included || $can_be_included )
428
+ $echo_str .= "\n\t\t\t\t\t\t".'<a id="wfu_file_link_'.$ii.'" class="row-title" href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file_code.'" title="View and edit file details" style="font-weight:normal;'.( $is_included ? '' : ' display:none;' ).'">'.$file['name'].'</a>';
429
+ if ( !$is_included )
430
+ $echo_str .= "\n\t\t\t\t\t\t".'<span id="wfu_file_flat_'.$ii.'">'.$file['name'].'</span>';
431
+ //set additional $file properties for generating file actions
432
+ $file["index"] = $ii;
433
+ $file["code"] = $file_code;
434
+ $file["referer_code"] = $referer_code;
435
+ $file_actions = wfu_adminbrowser_file_actions($file, $header_params);
436
+ $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_actions_'.$ii.'" name="wfu_file_actions" style="visibility:hidden;">';
437
+ if ( $is_included || $can_be_included ) {
438
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<div id="wfu_file_is_included_actions_'.$ii.'" style="display:'.( $is_included ? 'block' : 'none' ).';">';
439
+ //add file actions for files already included
440
+ $array_keys = array_keys($file_actions["is_included"]);
441
+ $lastkey = array_pop($array_keys);
442
+ foreach ( $file_actions["is_included"] as $key => $action ) {
443
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<span>';
444
+ foreach ( $action as $line )
445
+ $echo_str .= "\n\t\t\t\t\t\t\t\t\t".$line;
446
+ if ( $key != $lastkey ) $echo_str .= "\n\t\t\t\t\t\t\t\t\t".' | ';
447
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'</span>';
448
+ }
449
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
450
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<div id="wfu_file_can_be_included_actions_'.$ii.'" style="display:'.( $is_included ? 'none' : 'block' ).';">';
451
+ //add file actions for files that can be included
452
+ $array_keys = array_keys($file_actions["can_be_included"]);
453
+ $lastkey = array_pop($array_keys);
454
+ foreach ( $file_actions["can_be_included"] as $key => $action ) {
455
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<span>';
456
+ foreach ( $action as $line )
457
+ $echo_str .= "\n\t\t\t\t\t\t\t\t\t".$line;
458
+ if ( $key != $lastkey ) $echo_str .= "\n\t\t\t\t\t\t\t\t\t".' | ';
459
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'</span>';
460
+ }
461
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
462
+ }
463
+ else {
464
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="visibility:hidden;">';
465
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_browser&dir=">Noaction</a>';
466
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".' | ';
467
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</span>';
468
+ }
469
+ $echo_str .= "\n\t\t\t\t\t\t".'</div>';
470
+ $echo_str .= "\n\t\t\t\t\t\t".'<div id="wfu_file_download_container_'.$ii.'" style="display: none;"></div>';
471
+ $echo_str .= "\n\t\t\t\t\t\t".'<button type="button" class="toggle-row"><span class="screen-reader-text">Show more details</span></button>';
472
+ $echo_str .= "\n\t\t\t\t\t".'</td>';
473
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Size">'.$file['size'].'</td>';
474
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Date">'.get_date_from_gmt(date("Y-m-d H:i:s", $file['mdate']), "d/m/Y H:i:s").'</td>';
475
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="Uploaded By">'.$file['user'].'</td>';
476
+ $echo_str .= "\n\t\t\t\t\t".'<td data-colname="User Data">';
477
+ if ( $is_included ) {
478
+ if ( is_array($file['filedata']->userdata) && count($file['filedata']->userdata) > 0 ) {
479
+ $echo_str .= "\n\t\t\t\t\t\t".'<select multiple="multiple" style="width:100%; height:40px; background:none; font-size:small;">';
480
+ foreach ( $file['filedata']->userdata as $userdata )
481
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<option>'.$userdata->property.': '.$userdata->propvalue.'</option>';
482
+ $echo_str .= "\n\t\t\t\t\t\t".'</select>';
483
+ }
484
+ }
485
+ $echo_str .= "\n\t\t\t\t\t".'</td>';
486
+ $echo_str .= "\n\t\t\t\t".'</tr>';
487
+ $ii ++;
488
+ }
489
+ //store file paths to safe
490
+ wfu_batch_safe_store_filepaths();
491
+
492
+ if ( !$only_table_rows ) {
493
+ $echo_str .= "\n\t\t\t".'</tbody>';
494
+ $echo_str .= "\n\t\t".'</table>';
495
+ $echo_str .= "\n\t\t".'<iframe id="wfu_download_frame" style="display: none;"></iframe>';
496
+ $echo_str .= "\n\t".'</div>';
497
+ $echo_str .= "\n\t".'</div>';
498
+ $echo_str .= "\n".'</div>';
499
+ }
500
+ if ( $located_file_found ) {
501
+ $handler = 'function() { wfu_focus_table_on_highlighted_file("wfu_adminbrowser_table"); }';
502
+ $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
503
+ }
504
+
505
+ return $echo_str;
506
+ }
507
+
508
+ /**
509
+ * Add Actions to Displayed Files.
510
+ *
511
+ * This function sets the actions that can be applied on the displayed files.
512
+ * Filters can customize these actions.
513
+ *
514
+ * @since 4.1.0
515
+ *
516
+ * @param array $file An array containing properties of the file.
517
+ * @param array $params An array of custom parameters to pass to file actions
518
+ * filter.
519
+ *
520
+ * @return array An array of actions that can be executed on the file.
521
+ */
522
+ function wfu_adminbrowser_file_actions($file, $params) {
523
+ $siteurl = site_url();
524
+ $actions = array(
525
+ "is_included" => array(),
526
+ "can_be_included" => array()
527
+ );
528
+ //add file actions if file is already included
529
+ $actions["is_included"] += array(
530
+ array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=file_details&file='.$file["code"].'" title="View and edit file details">Details</a>' ),
531
+ array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=rename_file&file='.$file["code"].'" title="Rename this file">Rename</a>' ),
532
+ array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=move_file&file='.$file["code"].'" title="Move this file">Move</a>' ),
533
+ array( '<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=delete_file&file='.$file["code"].'&referer='.$file["referer_code"].'" title="Delete this file">Delete</a>' ),
534
+ array( '<a href="javascript:wfu_download_file(\''.$file["code"].'\', '.$file["index"].');" title="Download this file">Download</a>' )
535
+ );
536
+ //add file actions if file can be included
537
+ $actions["can_be_included"] += array(
538
+ array(
539
+ '<a id="wfu_include_file_'.$file["index"].'_a" href="javascript:wfu_include_file(\''.$file["code"].'\', '.$file["index"].');" title="Include file in plugin\'s database">Include File</a>',
540
+ '<img id="wfu_include_file_'.$file["index"].'_img" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_LOADING.'" style="width:12px; display:none;" />',
541
+ '<input id="wfu_include_file_'.$file["index"].'_inpfail" type="hidden" value="File could not be included!" />'
542
+ )
543
+ );
544
+
545
+ return $actions;
546
+ }
547
+
548
+ /**
549
+ * Check if User Owns a File.
550
+ *
551
+ * This function checks if a user is the owner of a specific file. It will
552
+ * return true if the user in an administrator.
553
+ *
554
+ * @since 3.8.5
555
+ *
556
+ * @param integer $userid The ID of the user to check.
557
+ * @param object $filerec The database record of the file.
558
+ *
559
+ * @return bool True if the user owns the file, false otherwise.
560
+ */
561
+ function wfu_user_owns_file($userid, $filerec) {
562
+ if ( 0 == $userid )
563
+ return false;
564
+ if ( current_user_can('manage_options') ) return true;
565
+ return false;
566
+ }
567
+
568
+ /**
569
+ * Check if Current User Owns a File.
570
+ *
571
+ * This function checks if the current user is the owner of a specific file. It
572
+ * will first check if the file extension is valid.
573
+ *
574
+ * @since 3.0.0
575
+ *
576
+ * @param string $filepath The full path of the file to check.
577
+ * @param object $filerec Optional. The db record of the file, if available.
578
+ *
579
+ * @return bool True if the user owns the file, false otherwise.
580
+ */
581
+ function wfu_current_user_owes_file($filepath, $filerec = null) {
582
+ //first check if file has a restricted extension; for security reasons some
583
+ //file extensions cannot be owned
584
+ if ( wfu_file_extension_blacklisted($filepath) ) return false;
585
+ //then get file data from database, if exist
586
+ if ( $filerec == null ) $filerec = wfu_get_file_rec($filepath, false);
587
+ if ( $filerec == null ) return false;
588
+
589
+ $user = wp_get_current_user();
590
+ return wfu_user_owns_file($user->ID, $filerec);
591
+ }
592
+
593
+ /**
594
+ * Check if Current User is Allowed to Execute an Action on a File.
595
+ *
596
+ * This function checks if the current user is allowed to execute a specific
597
+ * action on a file.
598
+ *
599
+ * @since 2.4.1
600
+ *
601
+ * @param string $action A file action to check.
602
+ * @param string $filepath The full path of the file to check.
603
+ *
604
+ * @return object|null Returns the current WP_User object if current user is
605
+ * allowed to execute the action on the file or null otherwise.
606
+ */
607
+ function wfu_current_user_allowed_action($action, $filepath) {
608
+ //first get file data from database, if exist
609
+ $filerec = wfu_get_file_rec($filepath, false);
610
+
611
+ $user = wp_get_current_user();
612
+ if ( 0 == $user->ID ) return null;
613
+ else $is_admin = current_user_can('manage_options');
614
+ if ( !$is_admin ) {
615
+ return null;
616
+ }
617
+ return $user;
618
+ }
619
+
620
+ /**
621
+ * Check if User is Allowed to Execute an Action on a File.
622
+ *
623
+ * This function checks if a user is allowed to execute a specific action on a
624
+ * file.
625
+ *
626
+ * @since 2.6.0
627
+ *
628
+ * @param string $action A file action to check.
629
+ * @param string $filepath The full path of the file to check.
630
+ * @param integer $userid The ID of the user to check.
631
+ *
632
+ * @return bool|null Returns true if current user is allowed to execute the
633
+ * action on the file or null otherwise.
634
+ */
635
+ function wfu_current_user_allowed_action_remote($action, $filepath, $userid) {
636
+ //first get file data from database, if exist
637
+ $filerec = wfu_get_file_rec($filepath, false);
638
+
639
+ if ( 0 == $userid ) return null;
640
+ else $is_admin = user_can($userid, 'manage_options');
641
+ if ( !$is_admin ) {
642
+ return null;
643
+ }
644
+ return true;
645
+ }
646
+
647
+ /**
648
+ * Confirm Renaming of File.
649
+ *
650
+ * This function shows a page to confirm renaming of a file.
651
+ *
652
+ * @since 2.2.1
653
+ *
654
+ * @param string $file_code A code corresponding to the file/dir to be renamed.
655
+ * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
656
+ * @param string $error An error message to show on top of the page in case an
657
+ * error occured during renaming.
658
+ *
659
+ * @return string The HTML code of the confirmation page.
660
+ */
661
+ function wfu_rename_file_prompt($file_code, $type, $error) {
662
+ if ( $type == 'dir' ) return;
663
+
664
+ $siteurl = site_url();
665
+
666
+ $is_admin = current_user_can( 'manage_options' );
667
+ //check if user is allowed to view file details
668
+ if ( !$is_admin ) {
669
+ return;
670
+ }
671
+ $file_code = wfu_sanitize_code($file_code);
672
+ $dec_file = wfu_get_filepath_from_safe($file_code);
673
+ if ( $dec_file === false ) return;
674
+
675
+ //first extract sort info from dec_file
676
+ $ret = wfu_extract_sortdata_from_path($dec_file);
677
+ $dec_file = wfu_path_rel2abs($ret['path']);
678
+ if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
679
+
680
+ //check if user is allowed to perform this action
681
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
682
+
683
+ $parts = pathinfo($dec_file);
684
+ $newname = $parts['basename'];
685
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($parts['dirname']).'[['.$ret['sort'].']]');
686
+
687
+ $echo_str = "\n".'<div class="wrap">';
688
+ if ( $error ) {
689
+ $rename_file = WFU_USVAR('wfu_rename_file');
690
+ $newname = $rename_file['newname'];
691
+ $echo_str .= "\n\t".'<div class="error">';
692
+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_rename_file_error').'</p>';
693
+ $echo_str .= "\n\t".'</div>';
694
+ }
695
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
696
+ if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
697
+ $echo_str .= "\n\t".'</div>';
698
+ $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Rename '.( $type == 'dir' ? 'Folder' : 'File' ).'</h2>';
699
+ if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="renamefile" id="renamefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
700
+ $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="rename'.( $type == 'dir' ? 'dir' : 'file' ).'">';
701
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
702
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code.'">';
703
+ if ( $type == 'dir' ) $echo_str .= "\n\t\t".'<label>Enter new name for folder <strong>'.$dec_file.'</strong></label><br/>';
704
+ elseif ( $is_admin ) $echo_str .= "\n\t\t".'<label>Enter new filename for file <strong>'.$dec_file.'</strong></label><br/>';
705
+ $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
706
+ $echo_str .= "\n\t\t".'<p class="submit">';
707
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Rename">';
708
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
709
+ $echo_str .= "\n\t\t".'</p>';
710
+ $echo_str .= "\n\t".'</form>';
711
+ $echo_str .= "\n".'</div>';
712
+ return $echo_str;
713
+ }
714
+
715
+ /**
716
+ * Confirm Moving of File.
717
+ *
718
+ * This function shows a page to confirm moving of a file to a new location.
719
+ *
720
+ * @since 4.10.3
721
+ *
722
+ * @param string $file_code A code corresponding to the file to be moved.
723
+ * @param string $error An error message to show on top of the page in case an
724
+ * error occured during move.
725
+ *
726
+ * @return string The HTML code of the confirmation page.
727
+ */
728
+ function wfu_move_file_prompt($file_code, $error) {
729
+ $siteurl = site_url();
730
+
731
+ $is_admin = current_user_can( 'manage_options' );
732
+ //check if user is allowed to view file details
733
+ if ( !$is_admin ) return;
734
+
735
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
736
+ $names = array();
737
+ foreach ( $file_code as $index => $code ) {
738
+ $file_code[$index] = wfu_sanitize_code($code);
739
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
740
+ if ( $dec_file === false ) unset($file_code[$index]);
741
+ else {
742
+ //first extract sort info from dec_file
743
+ $ret = wfu_extract_sortdata_from_path($dec_file);
744
+ $dec_file = $ret['path'];
745
+ $parts = pathinfo($dec_file);
746
+ array_push($names, $parts['basename']);
747
+ }
748
+ }
749
+ if ( count($file_code) == 0 ) return;
750
+ $file_code_list = "list:".implode(",", $file_code);
751
+
752
+ $newpath = $parts['dirname'];
753
+ $replacefiles = "";
754
+ $dir_code = wfu_safe_store_filepath($parts['dirname'].'[['.$ret['sort'].']]');
755
+
756
+ $echo_str = "\n".'<div class="wrap">';
757
+ if ( $error ) {
758
+ $move_file = WFU_USVAR('wfu_move_file');
759
+ $newpath = $move_file['newpath'];
760
+ $replacefiles = $move_file['replacefiles'];
761
+ $echo_str .= "\n\t".'<div class="error">';
762
+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_move_file_error').'</p>';
763
+ $echo_str .= "\n\t".'</div>';
764
+ }
765
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
766
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
767
+ $echo_str .= "\n\t".'</div>';
768
+ $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Move File</h2>';
769
+ $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="movefile" id="movefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
770
+ $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="movefile">';
771
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
772
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
773
+ if ( count($names) == 1 )
774
+ $echo_str .= "\n\t\t".'<label style="display:inline-block; margin-bottom:1em;">Enter destination folder for file <strong>'.$dec_file.'</strong></label><br/>';
775
+ else {
776
+ $echo_str .= "\n\t\t".'<label>Enter destination folder for files:</label><br/>';
777
+ $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
778
+ foreach ( $names as $name )
779
+ $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
780
+ $echo_str .= "\n\t\t".'</ul>';
781
+ }
782
+ $echo_str .= "\n\t\t".'<input name="wfu_newpath" id="wfu_newpath" type="text" value="'.$newpath.'" style="width:50%;" />';
783
+ $echo_str .= "\n\t\t".'<p>';
784
+ $echo_str .= "\n\t\t\t".'<label>Replace files with the same filename at destination:</label><br />';
785
+ $echo_str .= "\n\t\t\t".'<input name="wfu_replace" id="wfu_replace_yes" type="radio" value="yes"'.( $replacefiles == "yes" ? ' checked="checked"' : '' ).' /><label for="wfu_replace_yes">Yes</label>';
786
+ $echo_str .= "\n\t\t\t".'<input name="wfu_replace" id="wfu_replace_no" type="radio" value="no"'.( $replacefiles == "no" ? ' checked="checked"' : '' ).' style="margin-left:1em;" /><label for="wfu_replace_no">No</label>';
787
+ $echo_str .= "\n\t\t".'</p>';
788
+ $echo_str .= "\n\t\t".'<p class="submit">';
789
+ $echo_str .= "\n\t\t\t".'<input type="button" class="button-primary" name="submitBtn" value="Move" onclick="if (!document.getElementById(\'wfu_replace_yes\').checked && !document.getElementById(\'wfu_replace_no\').checked) alert(\'Please select if files in destination with the same filename will be replaced or not!\'); else this.form.submit();" />';
790
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submitBtn" value="Cancel" />';
791
+ $echo_str .= "\n\t\t".'</p>';
792
+ $echo_str .= "\n\t".'</form>';
793
+ $echo_str .= "\n".'</div>';
794
+ return $echo_str;
795
+ }
796
+
797
+ /**
798
+ * Execute Renaming of File.
799
+ *
800
+ * This function renames a file.
801
+ *
802
+ * @since 2.2.1
803
+ *
804
+ * @param string $file_code A code corresponding to the file/dir to be renamed.
805
+ * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
806
+ *
807
+ * @return bool True if renaming of file succeeded, false otherwise.
808
+ */
809
+ function wfu_rename_file($file_code, $type) {
810
+ if ( $type == 'dir' ) return;
811
+
812
+ $user = wp_get_current_user();
813
+ $is_admin = current_user_can( 'manage_options' );
814
+ //check if user is allowed to view file details
815
+ if ( !$is_admin ) {
816
+ return;
817
+ }
818
+ $file_code = wfu_sanitize_code($file_code);
819
+ $dec_file = wfu_get_filepath_from_safe($file_code);
820
+ if ( $dec_file === false ) return;
821
+
822
+ $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
823
+ if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
824
+ if ( !wfu_file_exists($dec_file, "wfu_rename_file:1") ) return;
825
+
826
+ //check if user is allowed to perform this action
827
+ if ( !wfu_current_user_owes_file($dec_file) ) return;
828
+
829
+ $parts = pathinfo($dec_file);
830
+ $error = "";
831
+ if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
832
+ if ( $_POST['submit'] == "Rename" && $_POST['wfu_newname'] != $parts['basename'] ) {
833
+ $new_file = $parts['dirname'].'/'.$_POST['wfu_newname'];
834
+ if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New '.( $type == 'dir' ? 'folder ' : 'file' ).'name cannot be empty!';
835
+ elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
836
+ elseif ( substr($_POST['wfu_newname'], -1 - strlen($parts['extension'])) != '.'.$parts['extension'] ) $error = 'Error: new and old file name extensions must be identical! Please correct.';
837
+ elseif ( wfu_file_extension_blacklisted($_POST['wfu_newname']) ) $error = 'Error: the new file name has an extension that is forbidden for security reasons. Please correct.';
838
+ elseif ( wfu_file_exists($new_file, "wfu_rename_file:2") ) $error = 'Error: The '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
839
+ else {
840
+ //pre-log rename action
841
+ if ( $type == 'file' ) $retid = wfu_log_action('rename:'.$new_file, $dec_file, $user->ID, '', 0, 0, '', null);
842
+ //perform rename action
843
+ if ( rename($dec_file, $new_file) == false ) $error = 'Error: Rename of '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$parts['basename'].'</strong> failed!';
844
+ //revert log action if file was not renamed
845
+ if ( $type == 'file' && !wfu_file_exists($new_file, "wfu_rename_file:3") ) wfu_revert_log_action($retid);
846
+ }
847
+ }
848
+ }
849
+ if ( $error != "" ) {
850
+ WFU_USVAR_store('wfu_rename_file_error', $error);
851
+ $rename_file = WFU_USVAR('wfu_rename_file');
852
+ $rename_file['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
853
+ WFU_USVAR_store('wfu_rename_file', $rename_file);
854
+ }
855
+ return ( $error == "" );
856
+ }
857
+
858
+ /**
859
+ * Execute Moving of File.
860
+ *
861
+ * This function moves a file to another location.
862
+ *
863
+ * @since 4.10.3
864
+ *
865
+ * @param string $file_code A code corresponding to the file to be moved.
866
+ *
867
+ * @return bool True if move of file succeeded, false otherwise.
868
+ */
869
+ function wfu_move_file($file_code) {
870
+ $user = wp_get_current_user();
871
+ $is_admin = current_user_can( 'manage_options' );
872
+ //check if user is allowed to view file details
873
+ if ( !$is_admin ) return;
874
+
875
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
876
+ $dec_files = array();
877
+ foreach ( $file_code as $index => $code ) {
878
+ $file_code[$index] = wfu_sanitize_code($code);
879
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
880
+ if ( $dec_file !== false ) {
881
+ $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
882
+ array_push($dec_files, $dec_file);
883
+ }
884
+ }
885
+ if ( count($dec_files) == 0 ) return;
886
+
887
+ $parts = pathinfo($dec_files[0]);
888
+ $error = "";
889
+ $regex = "/([^A-Za-z0-9\-._~!$&'()*+,;=:@#\/\\\\%]|%[^A-Fa-f0-9][^A-Fa-f0-9]|%[A-Fa-f0-9][^A-Fa-f0-9]|%[^A-Fa-f0-9][A-Fa-f0-9]|%.?$)/";
890
+ if ( isset($_POST['wfu_newpath']) && isset($_POST['wfu_replace']) ) {
891
+ $oldpath = $parts['dirname'];
892
+ if ( substr($oldpath, -1) != '/' ) $oldpath = $oldpath.'/';
893
+ $newpath = preg_replace($regex, "", $_POST['wfu_newpath']);
894
+ if ( substr($newpath, 0, 1) != '/' ) $newpath = '/'.$newpath;
895
+ $newpath = realpath(wfu_path_rel2abs($newpath));
896
+ if ( substr($newpath, -1) != '/' ) $newpath = $newpath.'/';
897
+ $replacefiles = ( $_POST['wfu_replace'] == 'yes' ? 'yes' : ( $_POST['wfu_replace'] == 'no' ? 'no' : '' ) );
898
+ if ( trim($_POST['wfu_newpath']) == "" ) $error = 'Error: Destination path cannot be empty!';
899
+ elseif ( $newpath == $oldpath ) $error = 'Error: Destination path is the same as source path!';
900
+ elseif ( preg_match($regex, $_POST['wfu_newpath']) ) $error = 'Error: path contained invalid characters that were stripped off! Please try again.';
901
+ elseif ( !wfu_file_exists($newpath, "wfu_move_file:1") ) $error = 'Error: Destination folder <strong>'.$_POST['wfu_newpath'].'</strong> does not exist!';
902
+ elseif ( $replacefiles == "" ) $error = 'Error: Invalid selection about replacing files with same filename at destination!';
903
+ else {
904
+ foreach ( $dec_files as $dec_file ) {
905
+ if ( wfu_file_exists($dec_file, "wfu_move_file:2") ) {
906
+ $new_file = $newpath.wfu_basename($dec_file);
907
+ if ( !wfu_file_exists($new_file, "wfu_move_file:3") || $replacefiles == "yes" ) {
908
+ //pre-log move action
909
+ $retid = wfu_log_action('move:'.$new_file, $dec_file, $user->ID, '', 0, 0, '', null);
910
+ //perform move action
911
+ if ( @rename($dec_file, $new_file) === false || !wfu_file_exists($new_file, "wfu_move_file:4") ) {
912
+ wfu_revert_log_action($retid);
913
+ }
914
+ }
915
+ }
916
+ }
917
+ }
918
+ }
919
+ if ( $error != "" ) {
920
+ WFU_USVAR_store('wfu_move_file_error', $error);
921
+ $move_file = WFU_USVAR('wfu_move_file');
922
+ $move_file['newpath'] = preg_replace($regex, "", $_POST['wfu_newpath']);
923
+ $move_file['replacefiles'] = $replacefiles;
924
+ WFU_USVAR_store('wfu_move_file', $move_file);
925
+ }
926
+ return ( $error == "" );
927
+ }
928
+
929
+ /**
930
+ * Confirm Deletion of File.
931
+ *
932
+ * This function shows a page to confirm deletion of a file.
933
+ *
934
+ * @since 2.2.1
935
+ *
936
+ * @param string $file_code A code corresponding to the file/dir to be deleted.
937
+ * @param string $type Delete dir or file. Can take the values 'dir' or 'file'.
938
+ * @param string $referer The page that initiated the deletion of the file.
939
+ *
940
+ * @return string The HTML code of the confirmation page.
941
+ */
942
+ function wfu_delete_file_prompt($file_code, $type, $referer) {
943
+ if ( $type == 'dir' ) return;
944
+
945
+ $siteurl = site_url();
946
+
947
+ $is_admin = current_user_can( 'manage_options' );
948
+ //check if user is allowed to view file details
949
+ if ( !$is_admin ) {
950
+ return;
951
+ }
952
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
953
+ $names = array();
954
+ foreach ( $file_code as $index => $code ) {
955
+ $file_code[$index] = wfu_sanitize_code($code);
956
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
957
+ if ( $dec_file === false ) unset($file_code[$index]);
958
+ else {
959
+ //first extract sort info from dec_file
960
+ $ret = wfu_extract_sortdata_from_path($dec_file);
961
+ $dec_file = wfu_path_rel2abs($ret['path']);
962
+ if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
963
+ //check if user is allowed to perform this action
964
+ if ( !wfu_current_user_owes_file($dec_file) ) unset($file_code[$index]);
965
+ else {
966
+ $parts = pathinfo($dec_file);
967
+ array_push($names, $parts['basename']);
968
+ }
969
+ }
970
+ }
971
+ if ( count($file_code) == 0 ) return;
972
+ $file_code_list = "list:".implode(",", $file_code);
973
+
974
+ $referer_url = wfu_get_filepath_from_safe(wfu_sanitize_code($referer));
975
+ $ret = wfu_extract_sortdata_from_path($referer_url);
976
+ $referer_url = $ret['path'];
977
+
978
+ $echo_str = "\n".'<div class="wrap">';
979
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
980
+ if ( $is_admin ) $echo_str .= "\n\t\t".'<a href="'.$referer_url.'" class="button" title="go back">Go back</a>';
981
+ $echo_str .= "\n\t".'</div>';
982
+ $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Delete '.( $type == 'dir' ? 'Folder' : 'File'.( count($names) == 1 ? '' : 's' ) ).'</h2>';
983
+ if ( $is_admin ) $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="deletefile" id="deletefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
984
+ $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="delete'.( $type == 'dir' ? 'dir' : 'file' ).'">';
985
+ $echo_str .= "\n\t\t".'<input type="hidden" name="referer" value="'.$referer.'">';
986
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
987
+ if ( count($names) == 1 )
988
+ $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'file' ).' <strong>'.$names[0].'</strong>?</label><br/>';
989
+ else {
990
+ $echo_str .= "\n\t\t".'<label>Are you sure that you want to delete '.( $type == 'dir' ? 'folder' : 'files' ).':';
991
+ $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
992
+ foreach ( $names as $name )
993
+ $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
994
+ $echo_str .= "\n\t\t".'</ul>';
995
+ }
996
+ $echo_str .= "\n\t\t".'<p class="submit">';
997
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Delete">';
998
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
999
+ $echo_str .= "\n\t\t".'</p>';
1000
+ $echo_str .= "\n\t".'</form>';
1001
+ $echo_str .= "\n".'</div>';
1002
+ return $echo_str;
1003
+ }
1004
+
1005
+ /**
1006
+ * Execute Deletion of File.
1007
+ *
1008
+ * This function deletes a file.
1009
+ *
1010
+ * @since 2.2.1
1011
+ *
1012
+ * @param string $file_code A code corresponding to the file/dir to be deleted.
1013
+ * @param string $type Delete dir or file. Can take the values 'dir' or 'file'.
1014
+ *
1015
+ * @return bool True if deletion of file succeeded, false otherwise.
1016
+ */
1017
+ function wfu_delete_file($file_code, $type) {
1018
+ if ( $type == 'dir' ) return;
1019
+
1020
+ $user = wp_get_current_user();
1021
+ $is_admin = current_user_can( 'manage_options' );
1022
+ //check if user is allowed to view file details
1023
+ if ( !$is_admin ) {
1024
+ return;
1025
+ }
1026
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
1027
+ $dec_files = array();
1028
+ foreach ( $file_code as $index => $code ) {
1029
+ $file_code[$index] = wfu_sanitize_code($code);
1030
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1031
+ if ( $dec_file !== false ) {
1032
+ $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1033
+ if ( $type == 'dir' && substr($dec_file, -1) == '/' ) $dec_file = substr($dec_file, 0, -1);
1034
+ //check if user is allowed to perform this action
1035
+ if ( wfu_current_user_owes_file($dec_file) ) array_push($dec_files, $dec_file);
1036
+ }
1037
+ }
1038
+ if ( count($dec_files) == 0 ) return;
1039
+
1040
+ if ( isset($_POST['submit']) ) {
1041
+ if ( $_POST['submit'] == "Delete" ) {
1042
+ foreach ( $dec_files as $dec_file ) {
1043
+ //pre-log delete action
1044
+ if ( $type == 'file' ) wfu_delete_file_execute($dec_file, $user->ID);
1045
+ elseif ( $type == 'dir' && $dec_file != "" ) wfu_delTree($dec_file);
1046
+ }
1047
+ }
1048
+ }
1049
+ return true;
1050
+ }
1051
+
1052
+ /**
1053
+ * Confirm Creation of a Directory.
1054
+ *
1055
+ * This function shows a page to confirm creation of a directory.
1056
+ *
1057
+ * @since 2.2.1
1058
+ *
1059
+ * @param string $dir_code A code corresponding to the dir to be created.
1060
+ * @param string $error An error message to show on top of the page in case an
1061
+ * error occured during creation.
1062
+ *
1063
+ * @return string The HTML code of the confirmation page.
1064
+ */
1065
+ function wfu_create_dir_prompt($dir_code, $error) {
1066
+ return;
1067
+
1068
+ $siteurl = site_url();
1069
+
1070
+ if ( !current_user_can( 'manage_options' ) ) return;
1071
+
1072
+ $dir_code = wfu_sanitize_code($dir_code);
1073
+ $dec_dir = wfu_get_filepath_from_safe($dir_code);
1074
+ if ( $dec_dir === false ) return;
1075
+
1076
+ //first extract sort info from dec_dir
1077
+ $ret = wfu_extract_sortdata_from_path($dec_dir);
1078
+ $dec_dir = wfu_path_rel2abs($ret['path']);
1079
+ if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
1080
+ $newname = '';
1081
+
1082
+ $echo_str = "\n".'<div class="wrap">';
1083
+ if ( $error ) {
1084
+ $create_dir = WFU_USVAR('wfu_create_dir');
1085
+ $newname = $create_dir['newname'];
1086
+ $echo_str .= "\n\t".'<div class="error">';
1087
+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_create_dir_error').'</p>';
1088
+ $echo_str .= "\n\t".'</div>';
1089
+ }
1090
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
1091
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=file_browser&dir='.$dir_code.'" class="button" title="go back">Go back</a>';
1092
+ $echo_str .= "\n\t".'</div>';
1093
+ $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Create Folder</h2>';
1094
+ $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="createdir" id="createdir" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1095
+ $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="createdir">';
1096
+ $echo_str .= "\n\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
1097
+ $echo_str .= "\n\t\t".'<label>Enter the name of the new folder inside <strong>'.$dec_dir.'</strong></label><br/>';
1098
+ $echo_str .= "\n\t\t".'<input name="wfu_newname" id="wfu_newname" type="text" value="'.$newname.'" style="width:50%;" />';
1099
+ $echo_str .= "\n\t\t".'<p class="submit">';
1100
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Create">';
1101
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
1102
+ $echo_str .= "\n\t\t".'</p>';
1103
+ $echo_str .= "\n\t".'</form>';
1104
+ $echo_str .= "\n".'</div>';
1105
+ return $echo_str;
1106
+ }
1107
+
1108
+ /**
1109
+ * Execute Creation of Directory.
1110
+ *
1111
+ * This function creates a new directory.
1112
+ *
1113
+ * @since 2.2.1
1114
+ *
1115
+ * @param string $dir_code A code corresponding to the dir to be created.
1116
+ *
1117
+ * @return bool True if creation of dir succeeded, false otherwise.
1118
+ */
1119
+ function wfu_create_dir($dir_code) {
1120
+ return;
1121
+
1122
+ if ( !current_user_can( 'manage_options' ) ) return;
1123
+
1124
+ $dir_code = wfu_sanitize_code($dir_code);
1125
+ $dec_dir = wfu_get_filepath_from_safe($dir_code);
1126
+ if ( $dec_dir === false ) return;
1127
+
1128
+ $dec_dir = wfu_path_rel2abs(wfu_flatten_path($dec_dir));
1129
+ if ( substr($dec_dir, -1) != '/' ) $dec_dir .= '/';
1130
+ if ( !wfu_file_exists($dec_dir, "wfu_create_dir:1") ) return;
1131
+ $error = "";
1132
+ if ( isset($_POST['wfu_newname']) && isset($_POST['submit']) ) {
1133
+ if ( $_POST['submit'] == "Create" ) {
1134
+ $new_dir = $dec_dir.$_POST['wfu_newname'];
1135
+ if ( $_POST['wfu_newname'] == "" ) $error = 'Error: New folder name cannot be empty!';
1136
+ elseif ( preg_match("/[^A-Za-z0-9_.#\-$]/", $_POST['wfu_newname']) ) $error = 'Error: name contained invalid characters that were stripped off! Please try again.';
1137
+ elseif ( wfu_file_exists($new_dir, "wfu_create_dir:2") ) $error = 'Error: The folder <strong>'.$_POST['wfu_newname'].'</strong> already exists! Please choose another one.';
1138
+ elseif ( mkdir($new_dir) == false ) $error = 'Error: Creation of folder <strong>'.$_POST['wfu_newname'].'</strong> failed!';
1139
+ }
1140
+ }
1141
+ if ( $error != "" ) {
1142
+ WFU_USVAR_store('wfu_create_dir_error', $error);
1143
+ $create_dir = WFU_USVAR('wfu_create_dir');
1144
+ $create_dir['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
1145
+ WFU_USVAR_store('wfu_create_dir', $create_dir);
1146
+ }
1147
+ return ( $error == "" );
1148
+ }
1149
+
1150
+ /**
1151
+ * Confirm Inclusion of File in Plugin's Database.
1152
+ *
1153
+ * This function shows a page to confirm inclusion of a file in plugin's
1154
+ * database.
1155
+ *
1156
+ * @since 3.8.5
1157
+ *
1158
+ * @param string $file_code A code corresponding to the file to be included.
1159
+ * @param string $type Rename dir or file. Can take the values 'dir' or 'file'.
1160
+ * @param string $referer The page that initiated the inclusion of the file.
1161
+ *
1162
+ * @return string The HTML code of the confirmation page.
1163
+ */
1164
+ function wfu_include_file_prompt($file_code, $referer) {
1165
+ if ( !current_user_can( 'manage_options' ) ) return;
1166
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
1167
+ if ( $plugin_options['includeotherfiles'] != "1" ) return;
1168
+
1169
+ $siteurl = site_url();
1170
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
1171
+ $names = array();
1172
+ foreach ( $file_code as $index => $code ) {
1173
+ $file_code[$index] = wfu_sanitize_code($code);
1174
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1175
+ if ( $dec_file === false ) unset($file_code[$index]);
1176
+ else {
1177
+ $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1178
+ //do not include file if it has a forbidden extention or it is already included
1179
+ if ( wfu_file_extension_blacklisted(wfu_basename($dec_file)) || wfu_get_file_rec($dec_file, false) != null )
1180
+ unset($file_code[$index]);
1181
+ else array_push($names, wfu_basename($dec_file));
1182
+ }
1183
+ }
1184
+ if ( count($file_code) == 0 ) return;
1185
+ $file_code_list = "list:".implode(",", $file_code);
1186
+
1187
+ $referer_url = wfu_get_filepath_from_safe(wfu_sanitize_code($referer));
1188
+ $ret = wfu_extract_sortdata_from_path($referer_url);
1189
+ $referer_url = $ret['path'];
1190
+
1191
+ $echo_str = "\n".'<div class="wrap">';
1192
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
1193
+ $echo_str .= "\n\t\t".'<a href="'.$referer_url.'" class="button" title="go back">Go back</a>';
1194
+ $echo_str .= "\n\t".'</div>';
1195
+ $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px;">Include File'.( count($names) == 1 ? '' : 's' ).'</h2>';
1196
+ $echo_str .= "\n\t".'<form enctype="multipart/form-data" name="includefile" id="includefile" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload" class="validate">';
1197
+ $echo_str .= "\n\t\t".'<input type="hidden" name="action" value="includefile">';
1198
+ $echo_str .= "\n\t\t".'<input type="hidden" name="referer" value="'.$referer.'">';
1199
+ $echo_str .= "\n\t\t".'<input type="hidden" name="file" value="'.$file_code_list.'">';
1200
+ if ( count($names) == 1 )
1201
+ $echo_str .= "\n\t\t".'<label>Are you sure that you want to include file <strong>'.$names[0].'</strong>?</label><br/>';
1202
+ else {
1203
+ $echo_str .= "\n\t\t".'<label>Are you sure that you want to include files:';
1204
+ $echo_str .= "\n\t\t".'<ul style="padding-left: 20px; list-style: initial;">';
1205
+ foreach ( $names as $name )
1206
+ $echo_str .= "\n\t\t\t".'<li><strong>'.$name.'</strong></li>';
1207
+ $echo_str .= "\n\t\t".'</ul>';
1208
+ }
1209
+ $echo_str .= "\n\t\t".'<p class="submit">';
1210
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Include">';
1211
+ $echo_str .= "\n\t\t\t".'<input type="submit" class="button-primary" name="submit" value="Cancel">';
1212
+ $echo_str .= "\n\t\t".'</p>';
1213
+ $echo_str .= "\n\t".'</form>';
1214
+ $echo_str .= "\n".'</div>';
1215
+ return $echo_str;
1216
+ }
1217
+
1218
+ /**
1219
+ * Execute Inclusion of File in Plugin's Database.
1220
+ *
1221
+ * This function includes a file in plugin's database.
1222
+ *
1223
+ * @since 3.8.5
1224
+ *
1225
+ * @param string $file_code A code corresponding to the file to be included.
1226
+ *
1227
+ * @return bool True if inclusion of file succeeded, false otherwise.
1228
+ */
1229
+ function wfu_include_file($file_code) {
1230
+ if ( !current_user_can( 'manage_options' ) ) return;
1231
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
1232
+ if ( $plugin_options['includeotherfiles'] != "1" ) return;
1233
+
1234
+ if ( !is_array($file_code) ) $file_code = array( $file_code );
1235
+ $dec_files = array();
1236
+ foreach ( $file_code as $index => $code ) {
1237
+ $file_code[$index] = wfu_sanitize_code($code);
1238
+ $dec_file = wfu_get_filepath_from_safe($file_code[$index]);
1239
+ if ( $dec_file !== false ) {
1240
+ $dec_file = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1241
+ //include file if it does not have a forbidden extention and it not already included
1242
+ if ( !wfu_file_extension_blacklisted(wfu_basename($dec_file)) && wfu_get_file_rec($dec_file, false) == null )
1243
+ array_push($dec_files, $dec_file);
1244
+ }
1245
+ }
1246
+ if ( count($dec_files) == 0 ) return;
1247
+
1248
+ $user = wp_get_current_user();
1249
+ if ( isset($_POST['submit']) ) {
1250
+ if ( $_POST['submit'] == "Include" ) {
1251
+ foreach ( $dec_files as $dec_file )
1252
+ $fileid = wfu_log_action('include', $dec_file, $user->ID, '', '', get_current_blog_id(), '', null);
1253
+ }
1254
+ }
1255
+ return true;
1256
+ }
1257
+
1258
+ /**
1259
+ * Show File Details Page.
1260
+ *
1261
+ * This function shows a page displaying details of the uploaded file.
1262
+ *
1263
+ * @since 2.4.1
1264
+ *
1265
+ * @param string $file_code A code corresponding to the file to be included.
1266
+ * @param string $errorstatus Error status. If it has the value 'error' then an
1267
+ * error will be shown on top of the page.
1268
+ * @param string $invoker Optional. The page URL that initiated file details
1269
+ * page.
1270
+ *
1271
+ * @return string The HTML code of File Details page.
1272
+ */
1273
+ function wfu_file_details($file_code, $errorstatus, $invoker = '') {
1274
+ $siteurl = site_url();
1275
+ $allow_obsolete = false;
1276
+ $file_exists = true;
1277
+ $file_belongs = true;
1278
+ $admin_can_edit = true;
1279
+
1280
+ //if $file_code starts with 'byID:', then it contains a db record ID and not
1281
+ //a file path; in this case we show the properties of the specific record
1282
+ //and all linked ones, even if it is obsolete; this is only allowed for
1283
+ //admins
1284
+ if ( substr($file_code, 0, 5) == "byID:" ) {
1285
+ $allow_obsolete = true;
1286
+ $file_code = substr($file_code, 5);
1287
+ }
1288
+
1289
+ $user = wp_get_current_user();
1290
+ $is_admin = current_user_can( 'manage_options' );
1291
+ //check if user is allowed to view file details
1292
+ if ( !$is_admin ) {
1293
+ if ( $allow_obsolete ) return;
1294
+ return;
1295
+ }
1296
+ if ( $allow_obsolete ) {
1297
+ $file_code = wfu_sanitize_int($file_code);
1298
+ $initialrec = wfu_get_file_rec_from_id($file_code, true);
1299
+ if ( $initialrec == null ) return;
1300
+
1301
+ //get all associated file records
1302
+ $filerecs = wfu_get_rec_new_history($initialrec->idlog);
1303
+ //get the latest record of this upload
1304
+ $filerec = $filerecs[count($filerecs) - 1];
1305
+ $filerec->userdata = $initialrec->userdata;
1306
+
1307
+ $filepath = wfu_path_rel2abs($filerec->filepath);
1308
+ //in the case of $allow_obsolete we need to check if the file exists and
1309
+ //if it belongs to the current record
1310
+ $latestrec = wfu_get_file_rec($filepath, true);
1311
+ $file_exists = ( $latestrec != null );
1312
+ $file_belongs = ( $file_exists && $latestrec->idlog == $filerec->idlog );
1313
+ $admin_can_edit = $file_exists;
1314
+
1315
+ //extract file parts and file properties
1316
+ $parts = pathinfo($filepath);
1317
+ if ( $file_exists ) $stat = wfu_stat($filepath, "wfu_file_details:1");
1318
+ else $stat['mtime'] = '';
1319
+ }
1320
+ else {
1321
+ $file_code = wfu_sanitize_code($file_code);
1322
+ $dec_file = wfu_get_filepath_from_safe($file_code);
1323
+ if ( $dec_file === false ) return;
1324
+
1325
+ //extract file browser data from $file variable
1326
+ $ret = wfu_extract_sortdata_from_path($dec_file);
1327
+ $filepath = wfu_path_rel2abs($ret['path']);
1328
+
1329
+ //check if user is allowed to perform this action
1330
+ if ( !wfu_current_user_owes_file($filepath) ) return;
1331
+
1332
+ //get file data from database with user data
1333
+ $filerec = wfu_get_file_rec($filepath, true);
1334
+ if ( $filerec == null ) return;
1335
+
1336
+ //extract sort info and construct contained dir
1337
+ $parts = pathinfo($filepath);
1338
+ $dir_code = wfu_safe_store_filepath(wfu_path_abs2rel($parts['dirname']).'[['.$ret['sort'].']]');
1339
+
1340
+ $stat = wfu_stat($filepath, "wfu_file_details:2");
1341
+ }
1342
+
1343
+ $echo_str = '<div class="regev_wrap">';
1344
+ if ( $errorstatus == 'error' ) {
1345
+ $echo_str .= "\n\t".'<div class="error">';
1346
+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_filedetails_error').'</p>';
1347
+ $echo_str .= "\n\t".'</div>';
1348
+ }
1349
+ //show file details
1350
+ $echo_str .= "\n\t".'<h2>Details of File: '.$parts['basename'].'</h2>';
1351
+ if ( !$file_exists ) {
1352
+ $echo_str .= "\n\t\t".'<div class="notice notice-warning">';
1353
+ $echo_str .= "\n\t\t\t".'<p>File does not exist on the server anymore!</p>';
1354
+ $echo_str .= "\n\t\t".'</div>';
1355
+ }
1356
+ elseif ( !$file_belongs ) {
1357
+ $echo_str .= "\n\t\t".'<div class="notice notice-warning">';
1358
+ $echo_str .= "\n\t\t\t".'<p>This record is old. The file is associated with another record.</p>';
1359
+ $echo_str .= "\n\t\t".'</div>';
1360
+ }
1361
+ $echo_str .= "\n\t".'<div style="margin-top:10px;">';
1362
+ if ( $is_admin ) {
1363
+ $invoker_action = ( $invoker == '' ? false : wfu_get_browser_params_from_safe($invoker) );
1364
+ $goback_action = ( $invoker_action === false ? 'file_browser&dir='.$dir_code : $invoker_action );
1365
+ if ( substr($goback_action, 0, 18) == "wfu_uploaded_files" )
1366
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/admin.php?page='.$goback_action.'" class="button" title="go back">Go back</a>';
1367
+ elseif ( $goback_action != "no_referer" )
1368
+ $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action='.$goback_action.'" class="button" title="go back">Go back</a>';
1369
+ $echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editfiledetails" id="editfiledetails" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=edit_filedetails" class="validate">';
1370
+ }
1371
+ $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Upload Details</h3>';
1372
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_filedetails" />';
1373
+ //$echo_str .= "\n\t\t\t".'<input type="hidden" name="dir" value="'.$dir_code.'">';
1374
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="invoker" value="'.$invoker.'">';
1375
+ $echo_str .= "\n\t\t\t".'<input type="hidden" name="file" value="'.( $allow_obsolete ? 'byID:'.$file_code : $file_code ).'">';
1376
+ $echo_str .= "\n\t\t\t".'<table class="form-table">';
1377
+ $echo_str .= "\n\t\t\t\t".'<tbody>';
1378
+ if ( $is_admin ) {
1379
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1380
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1381
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Full Path</label>';
1382
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1383
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1384
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filepath.'" readonly="readonly" style="width:50%;" />';
1385
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1386
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1387
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1388
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1389
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded By User</label>';
1390
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1391
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1392
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<select id="wfu_filedetails_users" disabled="disabled">';
1393
+ //get all users
1394
+ $args = array();
1395
+ /**
1396
+ * Filter Arguments for Getting List of Users.
1397
+ *
1398
+ * This filter allows to customize the arguments passed to get_users()
1399
+ * function to get a list of users. By default the plugin will get a
1400
+ * list of all users. If the website contains too many users this
1401
+ * operation may take time and delay loading of the page. So this filter
1402
+ * can be used to optimize this operation.
1403
+ *
1404
+ * @since 4.11.0
1405
+ *
1406
+ * @param array $args Arguments to retrieve users.
1407
+ * @param string $operation A parameter designating in which operation
1408
+ * the filter is used.
1409
+ */
1410
+ $args = apply_filters("_wfu_get_users", $args, "edit_file_details");
1411
+ $users = get_users($args);
1412
+ foreach ( $users as $userid => $user )
1413
+ $echo_str .= "\n\t\t\t\t\t\t\t\t".'<option value="'.$user->ID.'"'.( $filerec->uploaduserid == $user->ID ? ' selected="selected"' : '' ).'>'.$user->display_name.' ('.$user->user_login.')</option>';
1414
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</select>';
1415
+ if ( $admin_can_edit ) {
1416
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_change" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = false; this.style.display = \'none\'; document.getElementById(\'btn_ok\').style.display = \'inline-block\'; document.getElementById(\'btn_cancel\').style.display = \'inline-block\'; return false;"'.( $is_admin ? '' : ' style="display:none;"' ).'>Change User</a>';
1417
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_ok" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = true; document.getElementById(\'btn_change\').style.display = \'inline-block\'; this.style.display=\'none\'; document.getElementById(\'btn_cancel\').style.display = \'none\'; document.getElementById(\'wfu_filedetails_userid\').value = document.getElementById(\'wfu_filedetails_users\').value; wfu_filedetails_changed(); return false;" style="display:none;">Ok</a>';
1418
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<a class="button" id="btn_cancel" href="" onclick="document.getElementById(\'wfu_filedetails_users\').disabled = true; document.getElementById(\'btn_change\').style.display = \'inline-block\'; this.style.display=\'none\'; document.getElementById(\'btn_ok\').style.display = \'none\'; document.getElementById(\'wfu_filedetails_users\').value = document.getElementById(\'wfu_filedetails_userid\').value; return false;" style="display:none;">Cancel</a>';
1419
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="hidden" id="wfu_filedetails_userid" name="wfu_filedetails_userid" value="'.$filerec->uploaduserid.'" />';
1420
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="hidden" id="wfu_filedetails_userid_default" value="'.$filerec->uploaduserid.'" />';
1421
+ }
1422
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1423
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1424
+ }
1425
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1426
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1427
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Size</label>';
1428
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1429
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1430
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filerec->filesize.'" readonly="readonly" style="width:auto;" />';
1431
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1432
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1433
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1434
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1435
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>File Date</label>';
1436
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1437
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1438
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.( $file_exists ? get_date_from_gmt(date("Y-m-d H:i:s", $stat['mtime']), "d/m/Y H:i:s") : '' ).'" readonly="readonly" style="width:auto;" />';
1439
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1440
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1441
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1442
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1443
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Uploaded From Page</label>';
1444
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1445
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1446
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.sanitize_text_field(get_the_title($filerec->pageid)).' ('.$filerec->pageid.')'.'" readonly="readonly" style="width:50%;" />';
1447
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1448
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1449
+ if ( $is_admin ) {
1450
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1451
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1452
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>Upload Plugin ID</label>';
1453
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1454
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1455
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input type="text" value="'.$filerec->sid.'" readonly="readonly" style="width:auto;" />';
1456
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1457
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1458
+ }
1459
+ $echo_str .= "\n\t\t\t\t".'</tbody>';
1460
+ $echo_str .= "\n\t\t\t".'</table>';
1461
+ if ( $is_admin ) {
1462
+ //show history details
1463
+ $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">File History</h3>';
1464
+ $echo_str .= "\n\t\t\t".'<table class="form-table">';
1465
+ $echo_str .= "\n\t\t\t\t".'<tbody>';
1466
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1467
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1468
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label></label>';
1469
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1470
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1471
+ //read all linked older records
1472
+ $filerecs = wfu_get_rec_old_history($filerec->idlog);
1473
+ //construct report from db records
1474
+ $rep = '';
1475
+ foreach ( $filerecs as $rec ) {
1476
+ $username = wfu_get_username_by_id($rec->userid);
1477
+ $fileparts = pathinfo($rec->filepath);
1478
+ if ( $rep != '' ) $rep .= "<br />";
1479
+ $rep .= '<strong>['.get_date_from_gmt($rec->date_from).']</strong> ';
1480
+ if ( $rec->action == 'upload' )
1481
+ $rep .= 'File uploaded at <strong>'.$fileparts['dirname'].'</strong> with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1482
+ elseif ( $rec->action == 'include' )
1483
+ $rep .= 'File included in database at <strong>'.$fileparts['dirname'].'</strong> with name <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1484
+ elseif ( $rec->action == 'download' )
1485
+ $rep .= 'File downloaded by user <strong>'.$username.'</strong>';
1486
+ elseif ( $rec->action == 'rename' )
1487
+ $rep .= 'File renamed to <strong>'.$fileparts['basename'].'</strong> by user <strong>'.$username.'</strong>';
1488
+ elseif ( $rec->action == 'move' )
1489
+ $rep .= 'File moved to <strong>'.$fileparts['dirname'].'</strong> by user <strong>'.$username.'</strong>';
1490
+ elseif ( $rec->action == 'delete' )
1491
+ $rep .= 'File deleted by user <strong>'.$username.'</strong>';
1492
+ elseif ( $rec->action == 'modify' )
1493
+ $rep .= 'File userdata modified by user <strong>'.$username.'</strong>';
1494
+ elseif ( $rec->action == 'changeuser' )
1495
+ $rep .= 'File upload user modified by user <strong>'.$username.'</strong>';
1496
+ }
1497
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<div style="border:1px solid #dfdfdf; border-radius:3px; width:50%; overflow:scroll; padding:6px; height:100px; background-color:#eee;">';
1498
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<span style="white-space:nowrap;">'.$rep.'</span>';
1499
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</div>';
1500
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1501
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1502
+ $echo_str .= "\n\t\t\t\t".'</tbody>';
1503
+ $echo_str .= "\n\t\t\t".'</table>';
1504
+ }
1505
+
1506
+ $echo_str .= "\n\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">User Data Details</h3>';
1507
+ $echo_str .= "\n\t\t\t".'<table class="form-table">';
1508
+ $echo_str .= "\n\t\t\t\t".'<tbody>';
1509
+ if ( is_array($filerec->userdata) && count($filerec->userdata) > 0 ) {
1510
+ foreach ( $filerec->userdata as $userdata ) {
1511
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1512
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1513
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>'.$userdata->property.'</label>';
1514
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1515
+ $echo_str .= "\n\t\t\t\t\t\t".'<td>';
1516
+ // $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" type="text"'.( $is_admin ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'" />';
1517
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<textarea id="wfu_filedetails_userdata_value_'.$userdata->propkey.'" name="wfu_filedetails_userdata" '.( ($is_admin && $admin_can_edit) ? '' : ' readonly="readonly"' ).' value="'.$userdata->propvalue.'">'.$userdata->propvalue.'</textarea>';
1518
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_default_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
1519
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<input id="wfu_filedetails_userdata_'.$userdata->propkey.'" name="wfu_filedetails_userdata_'.$userdata->propkey.'" type="hidden" value="'.$userdata->propvalue.'" />';
1520
+ $echo_str .= "\n\t\t\t\t\t\t".'</td>';
1521
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1522
+ }
1523
+ }
1524
+ else {
1525
+ $echo_str .= "\n\t\t\t\t\t".'<tr>';
1526
+ $echo_str .= "\n\t\t\t\t\t\t".'<th scope="row">';
1527
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<label>No user data</label>';
1528
+ $echo_str .= "\n\t\t\t\t\t\t".'</th>';
1529
+ $echo_str .= "\n\t\t\t\t\t\t".'<td></td>';
1530
+ $echo_str .= "\n\t\t\t\t\t".'</tr>';
1531
+ }
1532
+ $echo_str .= "\n\t\t\t\t".'</tbody>';
1533
+ $echo_str .= "\n\t\t\t".'</table>';
1534
+ if ( ($is_admin && $admin_can_edit) ) {
1535
+ $echo_str .= "\n\t\t\t".'<p class="submit">';
1536
+ $echo_str .= "\n\t\t\t\t".'<input id="dp_filedetails_submit_fields" type="submit" class="button-primary" name="submit" value="Update" disabled="disabled" />';
1537
+ $echo_str .= "\n\t\t\t".'</p>';
1538
+ }
1539
+ $echo_str .= "\n\t\t".'</form>';
1540
+ $echo_str .= "\n\t".'</div>';
1541
+ $handler = 'function() { wfu_Attach_FileDetails_Admin_Events(); }';
1542
+ $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
1543
+ $echo_str .= '</div>';
1544
+
1545
+ return $echo_str;
1546
+ }
1547
+
1548
+ /**
1549
+ * Change File Details.
1550
+ *
1551
+ * This function modifies the database record of an uploaded file, as well as
1552
+ * any associated user data field records.
1553
+ *
1554
+ * @since 2.4.1
1555
+ *
1556
+ * @param string $file_code A code corresponding to the file to be modified.
1557
+ *
1558
+ * @return bool True if modification of file succeeded, false otherwise.
1559
+ */
1560
+ function wfu_edit_filedetails($file_code) {
1561
+ global $wpdb;
1562
+ $table_name2 = $wpdb->prefix . "wfu_userdata";
1563
+ $allow_obsolete = false;
1564
+
1565
+ if ( substr($file_code, 0, 5) == "byID:" ) {
1566
+ $allow_obsolete = true;
1567
+ $file_code = substr($file_code, 5);
1568
+ }
1569
+
1570
+ $user = wp_get_current_user();
1571
+ $is_admin = current_user_can( 'manage_options' );
1572
+ //check if user is allowed to view file details
1573
+ if ( !$is_admin ) {
1574
+ if ( $allow_obsolete ) return;
1575
+ return;
1576
+ }
1577
+ if ( $allow_obsolete ) {
1578
+ $file_code = wfu_sanitize_int($file_code);
1579
+ $initialrec = wfu_get_file_rec_from_id($file_code, true);
1580
+ if ( $initialrec == null ) return;
1581
+
1582
+ //get all associated file records
1583
+ $filerecs = wfu_get_rec_new_history($initialrec->idlog);
1584
+ //get the latest record of this upload
1585
+ $filerec = $filerecs[count($filerecs) - 1];
1586
+ $filerec->userdata = $initialrec->userdata;
1587
+
1588
+ $filepath = wfu_path_rel2abs($filerec->filepath);
1589
+ $latestrec = wfu_get_file_rec($filepath, true);
1590
+ //if $latestrec is null then this means that file does not exist
1591
+ if ( $latestrec == null ) return;
1592
+ //if the record is obsolete then do not proceed
1593
+ if ( $latestrec->idlog != $filerec->idlog ) return;
1594
+ }
1595
+ else {
1596
+ $file_code = wfu_sanitize_code($file_code);
1597
+ $dec_file = wfu_get_filepath_from_safe($file_code);
1598
+ if ( $dec_file === false ) return;
1599
+
1600
+ $filepath = wfu_path_rel2abs(wfu_flatten_path($dec_file));
1601
+
1602
+ //check if user is allowed to perform this action
1603
+ if ( !wfu_current_user_owes_file($filepath) ) return;
1604
+
1605
+ //get file data from database with user data
1606
+ $filerec = wfu_get_file_rec($filepath, true);
1607
+ if ( $filerec == null ) return;
1608
+ }
1609
+
1610
+ if ( isset($_POST['submit']) ) {
1611
+ if ( $_POST['submit'] == "Update" ) {
1612
+ if ( !is_array($filerec->userdata) ) $filerec->userdata = array();
1613
+ //check for errors
1614
+ $is_error = false;
1615
+ foreach ( $filerec->userdata as $userdata ) {
1616
+ if ( !isset($_POST['wfu_filedetails_userdata_'.$userdata->propkey]) ) {
1617
+ $is_error = true;
1618
+ break;
1619
+ }
1620
+ }
1621
+ if ( !$is_error ) {
1622
+ $now_date = date('Y-m-d H:i:s');
1623
+ $userdata_count = 0;
1624
+ foreach ( $filerec->userdata as $userdata ) {
1625
+ $userdata_count ++;
1626
+ //make existing userdata record obsolete
1627
+ $wpdb->update($table_name2,
1628
+ array( 'date_to' => $now_date ),
1629
+ array( 'uploadid' => $userdata->uploadid, 'propkey' => $userdata->propkey ),
1630
+ array( '%s' ),
1631
+ array( '%s', '%s' )
1632
+ );
1633
+ //insert new userdata record
1634
+ $wpdb->insert($table_name2,
1635
+ array(
1636
+ 'uploadid' => $userdata->uploadid,
1637
+ 'property' => $userdata->property,
1638
+ 'propkey' => $userdata->propkey,
1639
+ 'propvalue' => $_POST['wfu_filedetails_userdata_'.$userdata->propkey],
1640
+ 'date_from' => $now_date,
1641
+ 'date_to' => 0
1642
+ ),
1643
+ array(
1644
+ '%s',
1645
+ '%s',
1646
+ '%d',
1647
+ '%s',
1648
+ '%s',
1649
+ '%s'
1650
+ )
1651
+ );
1652
+ }
1653
+ if ( $userdata_count > 0 ) wfu_log_action('modify:'.$now_date, $filepath, $user->ID, '', 0, 0, '', null);
1654
+ }
1655
+ if ( isset($_POST['wfu_filedetails_userid']) && $_POST['wfu_filedetails_userid'] != $filerec->uploaduserid ) {
1656
+ wfu_log_action('changeuser:'.$_POST['wfu_filedetails_userid'], $filepath, $user->ID, '', 0, 0, '', null);
1657
+ }
1658
+ }
1659
+ }
1660
+ return true;
1661
  }
lib/wfu_admin_composer.php CHANGED
@@ -1,964 +1,964 @@
1
- <?php
2
-
3
- /**
4
- * Shortcode Composer Page
5
- *
6
- * This file contains functions related to the shortcode composer page of the
7
- * plugin. The shortcode composer is a visual editor of the plugin's shortcodes
8
- * so that they can be configured easily by administrators.
9
- *
10
- * @link /lib/wfu_admin_composer.php
11
- *
12
- * @package WordPress File Upload Plugin
13
- * @subpackage Core Components
14
- * @since 2.4.1
15
- */
16
-
17
- /**
18
- * Display the Shortcode Composer.
19
- *
20
- * This function displays the shortcode composer for a specific shortcode.
21
- *
22
- * @since 2.1.2
23
- *
24
- * @param string|array $data Optional. If this function was called for an
25
- * existing shortcode, this param holds data of the shortcode. If it was
26
- * called for a new shortcode, it contains an empty string.
27
- * @param string $shortcode_tag Optional. The shortcode tag.
28
- * @param string $referer Optional. The page that called this function.
29
- *
30
- * @return string The HTML output of the shortcode composer.
31
- */
32
- function wfu_shortcode_composer($data = '', $shortcode_tag = 'wordpress_file_upload', $referer = 'page') {
33
- global $wp_roles;
34
- $siteurl = site_url();
35
-
36
- $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
37
- $components = wfu_component_definitions();
38
- if ( $shortcode_tag == 'wordpress_file_upload' ) {
39
- $plugin_title = "Uploader";
40
- $cats = wfu_category_definitions();
41
- $defs = wfu_attribute_definitions();
42
- //remove personaldata category if Personal Data are not activated in
43
- //plugin's Settings
44
- if ($plugin_options["personaldata"] != "1" && isset($cats["personaldata"])) unset($cats["personaldata"]);
45
- }
46
- else {
47
- $plugin_title = "Browser";
48
- $cats = wfu_browser_category_definitions();
49
- $defs = wfu_browser_attribute_definitions();
50
- }
51
-
52
- if ( $data == "" ) {
53
- $shortcode = $plugin_options['shortcode'];
54
- $shortcode_full = '['.$shortcode_tag.' '.$shortcode.']';
55
- $postid = "";
56
- $postname = "";
57
- $posttype = "";
58
- $posthash = "";
59
- $shortcode_position = -1;
60
- $widgetid = "";
61
- $sidebar = "";
62
- $autosave = true;
63
- }
64
- else {
65
- $shortcode = trim(substr($data['shortcode'], strlen('['.$shortcode_tag), -1));
66
- $shortcode_full = $data['shortcode'];
67
- $postid = $data['post_id'];
68
- $postname = get_the_title($postid);
69
- $posttype_obj = get_post_type_object(get_post_type($postid));
70
- $posttype = ( $posttype_obj ? $posttype_obj->labels->singular_name : "" );
71
- $posthash = $data['post_hash'];
72
- $shortcode_position = $data['position'];
73
- $widgetid = ( isset($data['widgetid']) ? $data['widgetid'] : "" );
74
- $sidebar = ( isset($data['sidebar']) ? $data['sidebar'] : "" );
75
- $autosave = false;
76
- }
77
-
78
- // index $components
79
- $components_indexed = array();
80
- foreach ( $components as $component ) $components_indexed[$component['id']] = $component;
81
- // complete defs array and index dependencies
82
- $governors = array();
83
- $shortcode_attrs = wfu_shortcode_string_to_array($shortcode);
84
- //replace old attribute definitions with new ones
85
- $shortcode_attrs = wfu_old_to_new_attributes($shortcode_attrs);
86
- $shortcode_id = '';
87
- foreach ( $defs as $key => $def ) {
88
- $attr = $def['attribute'];
89
- $defs[$key]['default'] = $def['value'];
90
- //'flat' property keeps the original attribute, because 'attribute'
91
- //property will change for defs that their occurrence is higher than 1
92
- $defs[$key]['flat'] = $attr;
93
- if ( array_key_exists($attr, $shortcode_attrs) ) $defs[$key]['value'] = $shortcode_attrs[$attr];
94
- $subblock_active = false;
95
- //detect if the dependencies of this attribute will be disabled or not
96
- if ( ( $def['type'] == "onoff" && $defs[$key]['value'] == "true" ) ||
97
- ( $def['type'] == "radio" && in_array("*".$defs[$key]['value'], $def['listitems']) ) )
98
- $subblock_active = true;
99
- // assign dependencies if exist
100
- if ( $def['dependencies'] != null )
101
- foreach ( $def['dependencies'] as $dependency ) {
102
- if ( substr($dependency, 0, 1) == "!" ) //invert state for this dependency if an exclamation mark is defined
103
- $governors[substr($dependency, 1)] = array( 'attribute' => $attr, 'active' => !$subblock_active, 'inv' => '_inv' );
104
- else
105
- $governors[$dependency] = array( 'attribute' => $attr, 'active' => $subblock_active, 'inv' => '' );
106
- }
107
- if ( $attr == 'uploadid' || $attr == 'browserid' ) $shortcode_id = $defs[$key]['value'];
108
- }
109
-
110
- //check if attributes need to be generated more than once because their governor is a component field that appears more than once in placements attribute
111
- $key = 0;
112
- while ( $key < count($defs) ) {
113
- $defs[$key]['additional_values'] = array();
114
- $def = $defs[$key];
115
- $attr = $def['attribute'];
116
- //check if this attribute needs to be generated more than once
117
- if ( array_key_exists($attr, $governors) ) $governor = $governors[$attr]['attribute'];
118
- else $governor = "";
119
- if ( $governor != "" && isset($components_indexed[$governor]) && $components_indexed[$governor]['multiplacements'] && isset($shortcode_attrs['placements']) ) {
120
- //count how many occurrences of the governor attribute appear inside placements attribute
121
- $occurrences = 0;
122
- $sections = explode("/", $shortcode_attrs['placements']);
123
- foreach ( $sections as $section ) {
124
- $items_in_section = explode("+", trim($section));
125
- foreach ( $items_in_section as $item )
126
- if ( trim($item) == $governor ) $occurrences++;
127
- }
128
- //add indexed attributes if there is more than one occurrence
129
- for ( $ii = 2; $ii <= $occurrences; $ii++ ) {
130
- $def2 = $def;
131
- $def2['attribute'] .= $ii;
132
- $def2['name'] .= ' ('.$ii.')';
133
- if ( array_key_exists($def2['attribute'], $shortcode_attrs) )
134
- $def2['value'] = $shortcode_attrs[$def2['attribute']];
135
- else $def2['value'] = $def2['default'];
136
- array_splice($defs, $key + 1, 0, array($def2));
137
- $key++;
138
- }
139
- //check if the shortcode contains additional indexed definitions and store them in 'additional_values'
140
- $ii = max(1, $occurrences) + 1;
141
- while ( array_key_exists($attr.$ii, $shortcode_attrs) ) {
142
- $defs[$key]['additional_values'][$ii] = $shortcode_attrs[$attr.$ii];
143
- $ii++;
144
- }
145
- }
146
- $key++;
147
- }
148
-
149
- $echo_str = '<div id="wfu_wrapper" class="wrap">';
150
- $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
151
- $echo_str .= "\n\t".'<div id="wfu_page_obsolete_message" class="error" style="display:none;">';
152
- $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_PAGE_OBSOLETE.'</p>';
153
- $echo_str .= "\n\t".'</div>';
154
- $echo_str .= "\n\t".'<div id="wfu_update_rejected_message" class="error" style="display:none;">';
155
- $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_UPDATE_SHORTCODE_REJECTED.'</p>';
156
- $echo_str .= "\n\t".'</div>';
157
- $echo_str .= "\n\t".'<div id="wfu_update_failed_message" class="error" style="display:none;">';
158
- $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_UPDATE_SHORTCODE_FAILED.'</p>';
159
- $echo_str .= "\n\t".'</div>';
160
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
161
- if ( $referer == "dashboard" ) $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=manage_mainmenu" class="button" title="go back">Go to Main Menu</a>';
162
- $echo_str .= "\n\t".'</div>';
163
- if ( $widgetid == "" ) $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">'.( $data == "" ? 'Test' : $posttype.' <strong>'.$postname.'</strong>' ).': Shortcode Composer for '.$plugin_title.' <strong>ID '.$shortcode_id.'</strong></h2>';
164
- else $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">Sidebar <strong>'.$sidebar.'</strong>: Shortcode Composer for Uploader <strong>ID '.$shortcode_id.'</strong></h2>';
165
- $echo_str .= "\n\t".'<div style="margin-top:10px; display:inline-block;">';
166
- if ( $data != "") $echo_str .= "\n\t\t".'<input id="wfu_update_shortcode" type="button" value="Update" class="button-primary" disabled="disabled" onclick="wfu_save_shortcode()" /><span id="wfu_update_shortcode_wait" class="spinner" style="float:right; display:none;"></span>';
167
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_original_enc" type="hidden" value="'.wfu_plugin_encode_string($shortcode_full).'" />';
168
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_tag" type="hidden" value="'.$shortcode_tag.'" />';
169
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_postid" type="hidden" value="'.$postid.'" />';
170
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_posthash" type="hidden" value="'.$posthash.'" />';
171
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_position" type="hidden" value="'.$shortcode_position.'" />';
172
- $echo_str .= "\n\t\t".'<input id="wfu_shortcode_widgetid" type="hidden" value="'.$widgetid.'" />';
173
- $echo_str .= "\n\t".'</div>';
174
- $echo_str .= "\n\t".'<div style="margin-top:20px;">';
175
- $echo_str .= "\n\t\t".'<div class="wfu_shortcode_container">';
176
- $echo_str .= "\n\t\t\t".'<span><strong>Generated Shortcode</strong></span>';
177
- $echo_str .= "\n\t\t\t".'<span id="wfu_save_label" class="wfu_save_label">saved</span>';
178
- $echo_str .= "\n\t\t\t".'<textarea id="wfu_shortcode" class="wfu_shortcode" rows="5">['.$shortcode_tag.']</textarea>';
179
- $echo_str .= "\n\t\t\t".'<div id="wfu_attribute_defaults" style="display:none;">';
180
- // remove hidden attributes from defs array
181
- foreach ( $defs as $key => $def ) if ( $def['type'] == "hidden" ) unset($defs[$key]);
182
- foreach ( $defs as $def )
183
- $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_default_'.$def['attribute'].'" type="hidden" value="'.$def['default'].'" />';
184
- $echo_str .= "\n\t\t\t".'</div>';
185
- $echo_str .= "\n\t\t\t".'<div id="wfu_attribute_values" style="display:none;">';
186
- foreach ( $defs as $def ) {
187
- $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_value_'.$def['attribute'].'" type="hidden" value="'.$def['value'].'" />';
188
- //add additional values, if exist
189
- foreach( $def['additional_values'] as $key => $val )
190
- $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_value_'.$def['attribute'].$key.'" type="hidden" value="'.$val.'" />';
191
- }
192
- $echo_str .= "\n\t\t\t".'</div>';
193
- $echo_str .= "\n\t\t".'</div>';
194
- $echo_str .= "\n\t".'</div>';
195
- $echo_str .= "\n\t".'<h3 id="wfu_tab_container" class="nav-tab-wrapper">';
196
- $is_first = true;
197
- foreach ( $cats as $key => $cat ) {
198
- $echo_str .= "\n\t\t".'<a id="wfu_tab_'.$key.'" class="nav-tab'.( $is_first ? ' nav-tab-active' : '' ).'" href="javascript: wfu_admin_activate_tab(\''.$key.'\');">'.$cat.'</a>';
199
- $is_first = false;
200
- }
201
- $echo_str .= "\n\t".'</h3>';
202
-
203
- $prevcat = "";
204
- $prevsubcat = "";
205
- $is_first = true;
206
- $block_open = false;
207
- $subblock_open = false;
208
- foreach ( $defs as $def ) {
209
- $attr = $def['attribute'];
210
- //check if this attribute depends on other
211
- if ( !array_key_exists($attr, $governors) ) $governors[$attr] = "";
212
- if ( $governors[$attr] != "" ) $governor = $governors[$attr];
213
- else $governor = array( 'attribute' => "independent", 'active' => true, 'inv' => '' );
214
-
215
- //close previous blocks
216
- if ( $def['parent'] == "" ) {
217
- if ( $subblock_open ) {
218
- $echo_str .= "\n\t\t\t\t\t\t\t".'</tbody>';
219
- $echo_str .= "\n\t\t\t\t\t\t".'</table>';
220
- $subblock_open = false;
221
- }
222
- if ( $block_open ) {
223
- $echo_str .= "\n\t\t\t\t\t".'</div></td>';
224
- $echo_str .= "\n\t\t\t\t".'</tr>';
225
- $block_open = false;
226
- }
227
- }
228
- //check if new category must be generated
229
- if ( $def['category'] != $prevcat ) {
230
- if ( $prevcat != "" ) {
231
- $echo_str .= "\n\t\t\t".'</tbody>';
232
- $echo_str .= "\n\t\t".'</table>';
233
- $echo_str .= "\n\t".'</div>';
234
- }
235
- $prevcat = $def['category'];
236
- $prevsubcat = "";
237
- $echo_str .= "\n\t".'<div id="wfu_container_'.$prevcat.'" class="wfu_container"'.( $is_first ? '' : ' style="display:none;"' ).'">';
238
- $echo_str .= "\n\t\t".'<table class="form-table wfu_main_table">';
239
- $echo_str .= "\n\t\t\t".'<thead><tr><th></th><td></td><td></td></tr></thead>';
240
- $echo_str .= "\n\t\t\t".'<tbody>';
241
- $is_first = false;
242
- }
243
- //check if new sub-category must be generated
244
- if ( $def['subcategory'] != $prevsubcat ) {
245
- $prevsubcat = $def['subcategory'];
246
- $echo_str .= "\n\t\t\t\t".'<tr class="wfu_subcategory">';
247
- $echo_str .= "\n\t\t\t\t\t".'<th scope="row" colspan="3">';
248
- $echo_str .= "\n\t\t\t\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 10px;">'.$prevsubcat.'</h3>';
249
- $echo_str .= "\n\t\t\t\t\t".'</th>';
250
- $echo_str .= "\n\t\t\t\t".'</tr>';
251
- }
252
- //draw attribute element
253
- if ( $def['parent'] == "" ) {
254
- $dlp = "\n\t\t\t\t";
255
- }
256
- else {
257
- if ( !$subblock_open ) {
258
- $echo_str .= "\n\t\t\t\t\t\t".'<div class="wfu_shadow wfu_shadow_'.$def['parent'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
259
- $echo_str .= "\n\t\t\t\t\t\t".'<table class="form-table wfu_inner_table" style="margin:0;">';
260
- $echo_str .= "\n\t\t\t\t\t\t\t".'<tbody>';
261
- }
262
- $dlp = "\n\t\t\t\t\t\t\t\t";
263
- }
264
- $echo_str .= $dlp.'<tr>';
265
- $echo_str .= $dlp."\t".'<th scope="row"><div class="wfu_td_div">';
266
- if ( $def['parent'] == "" ) $echo_str .= $dlp."\t\t".'<div class="wfu_shadow wfu_shadow_'.$governor['attribute'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
267
- $echo_str .= $dlp."\t\t".'<div class="wfu_restore_container" title="Double-click to restore defaults setting"><img src="'.WFU_IMAGE_ADMIN_RESTOREDEFAULT.'" ondblclick="wfu_apply_value(\''.$attr.'\', \''.$def['type'].'\', \''.$def['default'].'\');" /></div>';
268
- $echo_str .= $dlp."\t\t".'<label for="wfu_attribute_'.$attr.'">'.$def['name'].'</label>';
269
- $echo_str .= $dlp."\t\t".'<input type="hidden" name="wfu_attribute_governor_'.$governor['attribute'].'" class="wfu_attribute_governor" value="'.$attr.'" />';
270
- $echo_str .= $dlp."\t\t".'<div class="wfu_help_container" title="'.$def['help'].'"><img src="'.WFU_IMAGE_ADMIN_HELP.'" /></div>';
271
- $echo_str .= $dlp."\t".'</div></th>';
272
- $echo_str .= $dlp."\t".'<td style="vertical-align:top;"><div class="wfu_td_div">';
273
- if ( $def['parent'] == "" ) $echo_str .= $dlp."\t\t".'<div class="wfu_shadow wfu_shadow_'.$governor['attribute'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
274
- if ( $def['type'] == "onoff" ) {
275
- $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_onoff_container_'.( $def['value'] == "true" ? "on" : "off" ).'" onclick="wfu_admin_onoff_clicked(\''.$attr.'\');">';
276
- $echo_str .= $dlp."\t\t\t".'<div class="wfu_onoff_slider"></div>';
277
- $echo_str .= $dlp."\t\t\t".'<span class="wfu_onoff_text">ON</span>';
278
- $echo_str .= $dlp."\t\t\t".'<span class="wfu_onoff_text">OFF</span>';
279
- $echo_str .= $dlp."\t\t".'</div>';
280
- }
281
- elseif ( $def['type'] == "text" ) {
282
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
283
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" style="display:block;" />';
284
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
285
- }
286
- elseif ( $def['type'] == "placements" ) {
287
- $components_used = array();
288
- foreach ( $components as $component ) $components_used[$component['id']] = 0;
289
- $centered_content = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div></div>';
290
- $centered_content_multi = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div><div class="wfu_component_box_index">YYY</div></div>';
291
- $echo_str .= $dlp."\t\t".'<div class="wfu_placements_wrapper">';
292
- $echo_str .= $dlp."\t\t\t".'<div id="wfu_placements_container" class="wfu_placements_container">';
293
- $itemplaces = explode("/", $def['value']);
294
- foreach ( $itemplaces as $section ) {
295
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_hor"></div>';
296
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_ver"></div>';
297
- $items_in_section = explode("+", trim($section));
298
- $section_array = array( );
299
- foreach ( $items_in_section as $item_in_section ) {
300
- if ( key_exists($item_in_section, $components_indexed) ) {
301
- if ( $components_indexed[$item_in_section]['multiplacements'] || $components_used[$item_in_section] == 0 ) {
302
- $components_used[$item_in_section] ++;
303
- if ( $components_indexed[$item_in_section]['multiplacements'] ) {
304
- $multi_index = $components_used[$item_in_section];
305
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_'.$item_in_section.'_'.$multi_index.'" class="wfu_component_box" draggable="true" title="'.$components_indexed[$item_in_section]['help'].'">'.str_replace(array("XXX", "YYY"), array($components_indexed[$item_in_section]['name'], $multi_index), $centered_content_multi).'</div>';
306
- }
307
- else
308
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_'.$item_in_section.'_0" class="wfu_component_box" draggable="true" title="'.$components_indexed[$item_in_section]['help'].'">'.str_replace("XXX", $components_indexed[$item_in_section]['name'], $centered_content).'</div>';
309
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_ver"></div>';
310
- }
311
- }
312
- }
313
- }
314
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_hor"></div>';
315
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_bar_hor" class="wfu_component_bar_hor"></div>';
316
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_bar_ver" class="wfu_component_bar_ver"></div>';
317
- $echo_str .= $dlp."\t\t\t".'</div>';
318
- $echo_str .= $dlp."\t\t\t".'<div id="wfu_componentlist_container" class="wfu_componentlist_container">';
319
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_componentlist_dragdrop" class="wfu_componentlist_dragdrop" style="display:none;"></div>';
320
- $ii = 1;
321
- foreach ( $components as $component ) {
322
- $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_container_'.$component['id'].'" class="wfu_component_box_container">';
323
- $echo_str .= $dlp."\t\t\t\t\t".'<div class="wfu_component_box_base">'.str_replace("XXX", $component['name'], $centered_content).'</div>';
324
- if ( $component['multiplacements'] ) {
325
- $multi_index = $components_used[$component['id']] + 1;
326
- $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_component_box_'.$component['id'].'_'.$multi_index.'" class="wfu_component_box wfu_inbase" draggable="true" title="'.$component['help'].'">'.str_replace(array("XXX", "YYY"), array($component['name'], $multi_index), $centered_content_multi).'</div>';
327
- }
328
- elseif ( $components_used[$component['id']] == 0 )
329
- $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_component_box_'.$component['id'].'_0" class="wfu_component_box wfu_inbase" draggable="true" title="'.$component['help'].'">'.str_replace("XXX", $component['name'], $centered_content).'</div>';
330
- $echo_str .= $dlp."\t\t\t\t".'</div>'.( ($ii++) % 3 == 0 ? '<br />' : '' );
331
- }
332
- $echo_str .= $dlp."\t\t\t".'</div>';
333
- $echo_str .= $dlp."\t\t".'</div>';
334
- }
335
- elseif ( $def['type'] == "ltext" ) {
336
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
337
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" class="wfu_long_text" value="'.$val.'" />';
338
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
339
- }
340
- elseif ( $def['type'] == "integer" ) {
341
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
342
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="number" name="wfu_text_elements" class="wfu_short_text" min="1" value="'.$val.'" />';
343
- if ( isset($def['listitems']['unit']) ) $echo_str .= $dlp."\t\t".'<label> '.$def['listitems']['unit'].'</label>';
344
- }
345
- elseif ( $def['type'] == "float" ) {
346
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
347
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="number" name="wfu_text_elements" class="wfu_short_text" step="any" min="0" value="'.$val.'" />';
348
- if ( isset($def['listitems']['unit']) ) $echo_str .= $dlp."\t\t".'<label> '.$def['listitems']['unit'].'</label>';
349
- }
350
- elseif ( $def['type'] == "date" ) {
351
- $val = $def['value'];
352
- $echo_str .= $dlp."\t\t".'<div class="wfu_date_container"><input id="wfu_attribute_'.$attr.'" type="text" value="'.$val.'" readonly style="padding-right:16px; background-color:white; width:auto;" /><img class="wfu_datereset_button" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL.'" onclick="var f = document.getElementById(\'wfu_attribute_'.$attr.'\'); f.value = \'\'; wfu_update_date_value({target:f});" /></div><label style="font-size:smaller; margin-left:4px;">format: YYYY-MM-DD</label>';
353
- $echo_str .= wfu_inject_js_code('jQuery(function() {jQuery("#wfu_attribute_'.$attr.'").datepicker({dateFormat: "yy-mm-dd", onClose: function(date, picker) {wfu_update_date_value({target:this});}});});');
354
- }
355
- elseif ( $def['type'] == "radio" ) {
356
- $echo_str .= $dlp."\t\t";
357
- $ii = 0;
358
- foreach ( $def['listitems'] as $item )
359
- $echo_str .= '<input name="wfu_radioattribute_'.$attr.'" type="radio" value="'.$item.'" '.( $item == $def['value'] || $item == "*".$def['value'] ? 'checked="checked" ' : '' ).'style="width:auto; margin:0px 2px 0px '.( ($ii++) == 0 ? '0px' : '8px' ).';" onchange="wfu_admin_radio_clicked(\''.$attr.'\');" />'.( $item[0] == "*" ? substr($item, 1) : $item );
360
- // $echo_str .= '<input type="button" class="button" value="empty" style="width:auto; margin:-2px 0px 0px 8px;" />';
361
- }
362
- elseif ( $def['type'] == "ptext" ) {
363
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
364
- $parts = explode("/", $val);
365
- $singular = $parts[0];
366
- if ( count($parts) < 2 ) $plural = $singular;
367
- else $plural = $parts[1];
368
- $echo_str .= $dlp."\t\t".'<span class="wfu_ptext_span">Singular</span><input id="wfu_attribute_s_'.$attr.'" type="text" name="wfu_ptext_elements" value="'.$singular.'" />';
369
- if ( $def['variables'] != null ) if ( count($def['variables']) > 0 ) $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">&nbsp;</span>';
370
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_s_'.$attr);
371
- $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">Plural</span><input id="wfu_attribute_p_'.$attr.'" type="text" name="wfu_ptext_elements" value="'.$plural.'" />';
372
- if ( $def['variables'] != null ) if ( count($def['variables']) > 0 ) $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">&nbsp;</span>';
373
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_p_'.$attr, $dlp);
374
- }
375
- elseif ( $def['type'] == "mtext" ) {
376
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
377
- $echo_str .= $dlp."\t\t".'<textarea id="wfu_attribute_'.$attr.'" name="wfu_text_elements" rows="5">'.$val.'</textarea>';
378
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
379
- }
380
- elseif ( $def['type'] == "ftpinfo" ) {
381
- $val = $def['value'];
382
- $ftpinfo = wfu_decode_ftpinfo($val);
383
- $error_class = ( $ftpinfo["error"] ? ' ftpinfo_error' : '' );
384
- $echo_str .= $dlp."\t\t".'<div class="ftpinfo_header">';
385
- $echo_str .= $dlp."\t\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_ftpinfobase_elements" class="ftpinfo_text'.$error_class.'" value="'.$val.'" />';
386
- $echo_str .= $dlp."\t\t\t".'<button class="ftpinfo_btn" onclick="wfu_ftpinfotool_toggle();">Edit</button>';
387
- $echo_str .= $dlp."\t\t".'</div>';
388
- $echo_str .= $dlp."\t\t".'<div class="ftpinfo_tool hidden">';
389
- $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Username</label><input type="text" id="ftpinfo_username" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["username"].'" /><br />';
390
- $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Password</label><input type="text" id="ftpinfo_password" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["password"].'" /><br />';
391
- $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">FTP Domain</label><input type="text" id="ftpinfo_domain" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["ftpdomain"].'" /><br />';
392
- $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Port</label><input type="text" id="ftpinfo_port" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["port"].'" /><br />';
393
- $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Use SFTP</label><input type="checkbox" id="ftpinfo_sftp" name="wfu_ftpinfotool_elements" class="ftpinfo_checkbox'.$error_class.'"'.( $ftpinfo["data"]["sftp"] ? " checked" : "" ).' />';
394
- $echo_str .= $dlp."\t\t".'</div>';
395
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
396
- }
397
- elseif ( $def['type'] == "folderlist" ) {
398
- $echo_str .= $dlp."\t\t".'<div id="wfu_subfolders_inner_shadow_'.$attr.'" class="wfu_subfolders_inner_shadow" style="display:none;"></div>';
399
- $subfolders = wfu_parse_folderlist($def['value']);
400
- $poptitle = "Populate list automatically with the first-level subfolders of the path defined in uploadpath";
401
- $edittitle = "Allow the user to type the subfolder and filter the list during typing";
402
- $echo_str .= $dlp."\t\t".'<input type="checkbox" id="wfu_subfolders_auto_'.$attr.'"'.( substr($def['value'], 0, 4) == "auto" ? ' checked="checked"' : '' ).' onchange="wfu_subfolders_auto_changed(\''.$attr.'\');" title="'.$poptitle.'" /><label for="wfu_subfolders_auto_'.$attr.'" title="'.$poptitle.'"> Auto-populate list</label>';
403
- $echo_str .= $dlp."\t\t".'<div style="display:'.( substr($def['value'], 0, 4) == "auto" ? 'inline' : 'none' ).'; padding:0; margin:0 0 0 30px; background:none; border:none;"><input type="checkbox" id="wfu_subfolders_editable_'.$attr.'"'.( substr($def['value'], 0, 5) == "auto+" ? ' checked="checked"' : '' ).' onchange="wfu_subfolders_auto_changed(\''.$attr.'\');" title="'.$edittitle.'" /><label for="wfu_subfolders_editable_'.$attr.'" title="'.$edittitle.'"> List is editable</label></div><br />';
404
- $echo_str .= $dlp."\t\t".'<input type="hidden" id="wfu_subfolders_manualtext_'.$attr.'" value="'.( substr($def['value'], 0, 4) == "auto" ? "" : $def['value'] ).'" />';
405
- $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'" class="wfu_select_folders'.( count($subfolders['path']) == 0 ? ' wfu_select_folders_empty' : '' ).'" size="7"'.( substr($def['value'], 0, 4) == "auto" ? ' disabled="disabled"' : '' ).' onchange="wfu_subfolders_changed(\''.$attr.'\');">';
406
- foreach ($subfolders['path'] as $ind => $subfolder) {
407
- if ( substr($subfolder, -1) == '/' ) $subfolder = substr($subfolder, 0, -1);
408
- $subfolder_raw = explode('/', $subfolder);
409
- $subfolder = $subfolder_raw[count($subfolder_raw) - 1];
410
- $text = str_repeat("&nbsp;&nbsp;&nbsp;", intval($subfolders['level'][$ind])).$subfolders['label'][$ind];
411
- $subvalue = str_repeat("*", intval($subfolders['level'][$ind])).( $subfolders['default'][$ind] ? '&' : '' ).( $subfolder == "" ? '{root}' : $subfolder ).'/'.$subfolders['label'][$ind];
412
- $echo_str .= $dlp."\t\t\t".'<option class="'.( $subfolders['default'][$ind] ? 'wfu_select_folders_option_default' : '' ).'" value="'.wfu_plugin_encode_string($subvalue).'">'.$text.'</option>';
413
- }
414
- $echo_str .= $dlp."\t\t\t".'<option value="">'.( substr($def['value'], 0, 4) != "auto" && count($subfolders['path']) == 0 ? 'press here' : '' ).'</option>';
415
- $echo_str .= $dlp."\t\t".'</select>';
416
- $echo_str .= $dlp."\t\t".'<div id="wfu_subfolder_nav_'.$attr.'" class="wfu_subfolder_nav_container">';
417
- $echo_str .= $dlp."\t\t\t".'<table class="wfu_subfolder_nav"><tbody>';
418
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_up_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" disabled="disabled" title="move item up" onclick="wfu_subfolders_up_clicked(\''.$attr.'\');">&uarr;</button></tr></td>';
419
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_left_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it parent" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_left_clicked(\''.$attr.'\');">&larr;</button>';
420
- $echo_str .= $dlp."\t\t\t\t".'<button id="wfu_subfolders_right_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it child" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_right_clicked(\''.$attr.'\');">&rarr;</button></tr></td>';
421
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_down_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="move item down" disabled="disabled" onclick="wfu_subfolders_down_clicked(\''.$attr.'\');">&darr;</button></tr></td>';
422
- $echo_str .= $dlp."\t\t\t\t".'<tr><td style="line-height:0;"><button class="button" style="visibility:hidden; height:10px;"></button></tr></td>';
423
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_add_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="add new item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_add_clicked(\''.$attr.'\');">+</button></tr></td>';
424
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_def_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it default" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_def_clicked(\''.$attr.'\');">&diams;</button></tr></td>';
425
- $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_del_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="delete item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_del_clicked(\''.$attr.'\');">-</button></tr></td>';
426
- $echo_str .= $dlp."\t\t\t".'</tbody></table>';
427
- $echo_str .= $dlp."\t\t".'</div>';
428
- $echo_str .= $dlp."\t\t".'<div id="wfu_subfolder_tools_'.$attr.'" class="wfu_subfolder_tools_container wfu_subfolder_tools_disabled">';
429
- $echo_str .= $dlp."\t\t\t".'<table class="wfu_subfolder_tools"><tbody><tr>';
430
- $echo_str .= $dlp."\t\t\t\t".'<td style="width:40%;">';
431
- $echo_str .= $dlp."\t\t\t\t\t".'<label>Label</label>';
432
- $echo_str .= $dlp."\t\t\t\t\t".'<input id="wfu_subfolders_label_'.$attr.'" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
433
- $echo_str .= $dlp."\t\t\t\t".'</td>';
434
- $echo_str .= $dlp."\t\t\t\t".'<td style="width:60%;"><div style="padding-right:36px;">';
435
- $echo_str .= $dlp."\t\t\t\t\t".'<label>Path</label>';
436
- $echo_str .= $dlp."\t\t\t\t\t".'<input id="wfu_subfolders_path_'.$attr.'" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
437
- $echo_str .= $dlp."\t\t\t\t\t".'<button id="wfu_subfolders_browse_'.$attr.'" class="button" title="browse folders" style="right:18px;" disabled="disabled" onclick="wfu_subfolders_browse_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_BROWSE.'" ></button>';
438
- $echo_str .= $dlp."\t\t\t\t\t".'<button id="wfu_subfolders_ok_'.$attr.'" class="button" title="save changes" style="right:0px;" disabled="disabled" onclick="wfu_subfolders_ok_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_OK.'" ></button>';
439
- // file browser dialog
440
- $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_subfolders_browser_'.$attr.'" class="wfu_subfolders_browser_container" style="display:none;">';
441
- $echo_str .= $dlp."\t\t\t\t\t\t".'<table><tbody>';
442
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td style="height:15px;">';
443
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
444
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<label>Folder Browser</label>';
445
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button class="button wfu_folder_browser_cancel" onclick="wfu_folder_browser_cancel_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL.'" ></button>';
446
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
447
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
448
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td style="height:106px;">';
449
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
450
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<select id="wfu_subfolders_browser_list_'.$attr.'" size="2" onchange="wfu_subfolders_browser_list_changed(\''.$attr.'\');">';
451
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value</option>';
452
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value2</option>';
453
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value3</option>';
454
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'</select>';
455
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<div id="wfu_subfolders_browser_msgcont_'.$attr.'" class="wfu_folder_browser_loading_container" style="padding-top:40px;">';
456
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<label id="wfu_subfolders_browser_msg_'.$attr.'" style="margin-bottom:4px;">loading folder contents...</label>';
457
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<img id="wfu_subfolders_browser_img_'.$attr.'" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_LOADING.'" ></button>';
458
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'</div>';
459
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
460
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
461
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td align="right" style="height:15px;">';
462
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
463
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button class="button" onclick="wfu_folder_browser_cancel_clicked(\''.$attr.'\');">Cancel</button>';
464
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button id="wfu_subfolders_browser_ok_'.$attr.'" class="button">Ok</button>';
465
- $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
466
- $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
467
- $echo_str .= $dlp."\t\t\t\t\t\t".'</tbody></table>';
468
- $echo_str .= $dlp."\t\t\t\t\t".'</div>';
469
-
470
- $echo_str .= $dlp."\t\t\t\t".'</div></td>';
471
- $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
472
- $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_isnewitem_'.$attr.'" type="hidden" value="" />';
473
- $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemindex_'.$attr.'" type="hidden" value="" />';
474
- $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemlevel_'.$attr.'" type="hidden" value="" />';
475
- $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemlevel2_'.$attr.'" type="hidden" value="" />';
476
- $echo_str .= $dlp."\t\t".'</div>';
477
- }
478
- elseif ( $def['type'] == "mchecklist" ) {
479
- $help_count = 0;
480
- foreach ( $def['listitems'] as $key => $item ) {
481
- $parts = explode("/", $item);
482
- if ( count($parts) == 1 ) {
483
- $items[$key]['id'] = $item;
484
- $items[$key]['help'] = '';
485
- }
486
- else {
487
- $items[$key]['id'] = $parts[0];
488
- $items[$key]['help'] = $parts[1];
489
- $help_count ++;
490
- }
491
- }
492
- $def['value'] = strtolower($def['value']);
493
- if ( $def['value'] == "all" ) $selected = array();
494
- else $selected = explode(",", $def['value']);
495
- foreach ( $selected as $key => $item ) $selected[$key] = trim($item);
496
- $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_mchecklist_container">';
497
- $is_first = true;
498
- foreach ( $items as $key => $item ) {
499
- if ( !$is_first ) $echo_str .= "<br />";
500
- $is_first = false;
501
- $echo_str .= $dlp."\t\t\t".'<div class="wfu_mchecklist_item"><input id="wfu_attribute_'.$attr.'_'.$key.'" type="checkbox"'.( $def['value'] == "all" || in_array($item['id'], $selected) ? ' checked="checked"' : '' ).( $def['value'] == "all" ? ' disabled="disabled"' : '' ).' onchange="wfu_update_mchecklist_value(\''.$attr.'\');" /><label for="wfu_attribute_'.$attr.'_'.$key.'">'.$item['id'].'</label>';
502
- if ( $item['help'] != '' ) $echo_str .= '<div class="wfu_help_container" title="'.$item['help'].'"><img src="'.WFU_IMAGE_ADMIN_HELP.'" /></div>';
503
- $echo_str .= '</div>';
504
- }
505
- $echo_str .= $dlp."\t\t".'</div>';
506
- $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'_optionhelp" class="wfu_help_container" title="" style="display:none; position:absolute;"><img src="'.WFU_IMAGE_ADMIN_HELP.'" style="visibility:visible;" /></div>';
507
- $echo_str .= $dlp."\t\t".'<div class="wfu_mchecklist_checkall"><input id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_mchecklist_value(\''.$attr.'\');"'.( $def['value'] == "all" ? ' checked="checked"' : '' ).' /> Select all</div>';
508
- }
509
- elseif ( $def['type'] == "rolelist" ) {
510
- $roles = $wp_roles->get_names();
511
- $selected = explode(",", $def['value']);
512
- $default_administrator = ( is_array($def['listitems']) && in_array('default_administrator', $def['listitems']) );
513
- if ( in_array('all', $selected) ) $rolesselected = ( $default_administrator ? array("administrator") : array( ) );
514
- else $rolesselected = $selected;
515
- foreach ( $selected as $key => $item ) $selected[$key] = trim($item);
516
- $echo_str .= $dlp."\t\t".'<table class="wfu_rolelist_container"><tbody><tr><td>';
517
- $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.count($roles).'" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
518
- foreach ( $roles as $roleid => $rolename )
519
- $echo_str .= $dlp."\t\t\t".'<option value="'.$roleid.'"'.( in_array($roleid, $rolesselected) ? ' selected="selected"' : '' ).'>'.$rolename.'</option>';
520
- $echo_str .= $dlp."\t\t".'</select>';
521
- $echo_str .= $dlp."\t\t".'</td><td>';
522
- $echo_str .= $dlp."\t\t".'<div class="wfu_rolelist_checkbtn"><input class="'.( $default_administrator ? 'wfu_default_administrator' : '' ).'" id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div><br />';
523
- $echo_str .= $dlp."\t\t".'<div class="wfu_rolelist_checkbtn"><input id="wfu_attribute_'.$attr.'_guests" type="checkbox" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array("guests", $selected) ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_guests"> Include guests</label></div>';
524
- $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
525
- }
526
- elseif ( $def['type'] == "userlist" ) {
527
- $args = array();
528
- /** This filter is documented in lib/wfu_admin_browser.php */
529
- $args = apply_filters("_wfu_get_users", $args, "shortcode_composer");
530
- $users = get_users($args);
531
- $selected = explode(",", $def['value']);
532
- $default_0 = ( is_array($def['listitems']) && in_array('default_0', $def['listitems']) );
533
- if ( in_array('all', $selected) ) $usersselected = ( $default_0 ? array($users[0]->user_login) : array( ) );
534
- else $usersselected = $selected;
535
- $only_current = false;
536
- $echo_str .= $dlp."\t\t".'<table class="wfu_userlist_container"><tbody><tr>';
537
- if ( is_array($def['listitems']) && in_array('include_current', $def['listitems']) ) {
538
- $only_current = ( $def['value'] == 'current' );
539
- if ( $only_current ) $usersselected = ( $default_0 ? array($users[0]->user_login) : array( ) );
540
- $echo_str .= $dlp."\t\t".'<td colspan="2"><div class="wfu_userlist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current User</label></div>';
541
- $echo_str .= $dlp."\t\t".'</td></tr><tr>';
542
- }
543
- $echo_str .= $dlp."\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($users), 10).'" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
544
- foreach ( $users as $userid => $user )
545
- $echo_str .= $dlp."\t\t\t".'<option value="'.$user->user_login.'"'.( in_array($user->user_login, $usersselected) ? ' selected="selected"' : '' ).'>'.$user->display_name.' ('.$user->user_login.')</option>';
546
- $echo_str .= $dlp."\t\t".'</select>';
547
- $echo_str .= $dlp."\t\t".'</td><td>';
548
- $echo_str .= $dlp."\t\t".'<div class="wfu_userlist_checkbtn"><input class="'.( $default_0 ? 'wfu_default_0' : '' ).'" id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div><br />';
549
- $echo_str .= $dlp."\t\t".'<div class="wfu_userlist_checkbtn"><input id="wfu_attribute_'.$attr.'_guests" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( in_array("guests", $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_guests"> Include guests</label></div>';
550
- $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
551
- }
552
- elseif ( $def['type'] == "postlist" ) {
553
- $processed = false;
554
- if ( is_array($def['listitems']) ) {
555
- $has_current = in_array('include_current', $def['listitems']);
556
- if ( $has_current ) unset($def['listitems'][array_search('include_current', $def['listitems'])]);
557
- foreach ( $def['listitems'] as $post_type ) {
558
- // if a post type cannot be found then we reset the list so that it is not processed at all
559
- if ( get_post_type_object( $post_type ) == null ) {
560
- $def['listitems'] = array();
561
- break;
562
- }
563
- }
564
- if ( count($def['listitems']) > 0 ) {
565
- $selected = explode(",", $def['value']);
566
- $only_current = false;
567
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'_postlist" type="hidden" value="'.implode(",", $def['listitems']).'" />';
568
- $echo_str .= $dlp."\t\t".'<table class="wfu_postlist_container"><tbody><tr>';
569
- if ( $has_current ) {
570
- $only_current = ( $def['value'] == 'current' );
571
- if ( $only_current ) $sselected = array();
572
- $echo_str .= $dlp."\t\t".'<td colspan="'.count($def['listitems']).'"><div class="wfu_postlist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current Post/Page</label></div>';
573
- $echo_str .= $dlp."\t\t".'</td></tr><tr>';
574
- }
575
- $postargs = array( 'post_type' => $def['listitems'], 'post_status' => "publish,private,draft", 'posts_per_page' => -1 );
576
- /** This filter is documented in lib/wfu_admin.php */
577
- $postargs = apply_filters("_wfu_get_posts", $postargs, "visual_editor");
578
- $posts = get_posts($postargs);
579
- $list = wfu_construct_post_list($posts);
580
- $td_width = (int)(100 / count($def['listitems']));
581
- foreach ( $def['listitems'] as $post_type ) {
582
- $flatlist = wfu_flatten_post_list($list[$post_type]);
583
- $postobj = get_post_type_object( $post_type );
584
- $echo_str .= $dlp."\t\t".'<td style="width:'.$td_width.'%;"><div class="wfu_postlist_header"><label>'.$postobj->label.'</label><div class="wfu_postlist_selectall"><input id="wfu_attribute_'.$attr.'_all_'.$post_type.'" type="checkbox" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( in_array('all', $selected) || in_array('all'.$post_type, $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all_'.$post_type.'"> Select all</label></div></div>';
585
- $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'_'.$post_type.'" multiple="multiple" size="'.min(count($flatlist), 10).'" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) || in_array('all'.$post_type, $selected) ? ' disabled="disabled"' : '' ).' style="width:100%; overflow:auto;">';
586
- foreach ( $flatlist as $item )
587
- $echo_str .= $dlp."\t\t\t".'<option value="'.$item['id'].'"'.( in_array($item['id'], $selected) ? ' selected="selected"' : '' ).'>'.str_repeat('&nbsp;', 4 * $item['level']).( $item['status'] == 1 ? '[Private]' : ( $item['status'] == 2 ? '[Draft]' : '' ) ).$item['title'].'</option>';
588
- $echo_str .= $dlp."\t\t".'</select></td>';
589
- }
590
- $echo_str .= $dlp."\t\t".'</tr></tbody></table>';
591
- $processed = true;
592
- }
593
- }
594
- if ( !$processed ) {
595
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
596
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" />';
597
- }
598
- }
599
- elseif ( $def['type'] == "bloglist" ) {
600
- if ( function_exists('wp_get_sites') ) {
601
- $blogs = wp_get_sites( );
602
- $selected = explode(",", $def['value']);
603
- if ( in_array('all', $selected) ) $blogsselected = array( );
604
- else $blogsselected = $selected;
605
- $only_current = false;
606
- $echo_str .= $dlp."\t\t".'<table class="wfu_bloglist_container"><tbody><tr>';
607
- if ( is_array($def['listitems']) && in_array('include_current', $def['listitems']) ) {
608
- $only_current = ( $def['value'] == 'current' );
609
- if ( $only_current ) $blogsselected = array( );
610
- $echo_str .= $dlp."\t\t".'<td colspan="2"><div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current Site</label></div>';
611
- $echo_str .= $dlp."\t\t".'</td></tr><tr>';
612
- }
613
- $echo_str .= $dlp."\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($blogs), 10).'" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
614
- foreach ( $blogs as $blog )
615
- $echo_str .= $dlp."\t\t\t".'<option value="'.$blog->blog_id.'"'.( in_array($blog->blog_id, $blogsselected) ? ' selected="selected"' : '' ).'>'.$blog->path.'</option>';
616
- $echo_str .= $dlp."\t\t".'</select>';
617
- $echo_str .= $dlp."\t\t".'</td><td>';
618
- $echo_str .= $dlp."\t\t".'<div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div>';
619
- $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
620
- }
621
- else {
622
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
623
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" />';
624
- }
625
- }
626
- elseif ( $def['type'] == "stringmatch" ) {
627
- $matchfield = "";
628
- $matchcriterion = "equal to";
629
- $matchvalue = "";
630
- preg_match('/^field:(.*?);\s*criterion:(.*?)\s*;\s*value:(.*)$/', $def['value'], $matches);
631
- if ( count($matches) == 4 ) {
632
- $matchfield = $matches[1];
633
- $matchcriterion = $matches[2];
634
- $matchvalue = $matches[3];
635
- }
636
- // $echo_str .= $dlp."\t\t".'<div style="white-space:nowrap;">';
637
- $echo_str .= $dlp."\t\t".'<table class="wfu_stringmatch_container"><tbody><tr>';
638
- $echo_str .= $dlp."\t\t".'<td style="width:40%; white-space:nowrap;"><label>Field </label><input id="wfu_attribute_'.$attr.'_matchfield" type="text" name="wfu_stringmatch_elements" value="'.$matchfield.'" style="width:auto;" /></td>';
639
- $echo_str .= $dlp."\t\t".'<td style="width:30%;"><select id="wfu_attribute_'.$attr.'_matchcriterion" value="'.$matchcriterion.'" onchange="wfu_update_stringmatch_value(\''.$attr.'\');">';
640
- $echo_str .= $dlp."\t\t\t".'<option value="equal to"'.( $matchcriterion == "equal to" ? 'selected="selected"' : '' ).'>equal to</option>';
641
- $echo_str .= $dlp."\t\t\t".'<option value="starts with"'.( $matchcriterion == "starts with" ? 'selected="selected"' : '' ).'>starts with</option>';
642
- $echo_str .= $dlp."\t\t\t".'<option value="ends with"'.( $matchcriterion == "ends with" ? 'selected="selected"' : '' ).'>ends with</option>';
643
- $echo_str .= $dlp."\t\t\t".'<option value="contains"'.( $matchcriterion == "contains" ? 'selected="selected"' : '' ).'>contains</option>';
644
- $echo_str .= $dlp."\t\t\t".'<option value="not equal to"'.( $matchcriterion == "not equal to" ? 'selected="selected"' : '' ).'>not equal to</option>';
645
- $echo_str .= $dlp."\t\t\t".'<option value="does not start with"'.( $matchcriterion == "does not start with" ? 'selected="selected"' : '' ).'>does not start with</option>';
646
- $echo_str .= $dlp."\t\t\t".'<option value="does not end with"'.( $matchcriterion == "does not end with" ? 'selected="selected"' : '' ).'>does not end with</option>';
647
- $echo_str .= $dlp."\t\t\t".'<option value="does not contain"'.( $matchcriterion == "does not contain" ? 'selected="selected"' : '' ).'>does not contain</option>';
648
- $echo_str .= $dlp."\t\t".'</select></td>';
649
- $echo_str .= $dlp."\t\t".'<td style="width:30%;"><input id="wfu_attribute_'.$attr.'_matchvalue" type="text" name="wfu_stringmatch_elements" value="'.$matchvalue.'" style="width:auto;" /></td>';
650
- $echo_str .= $dlp."\t\t".'</tr></tbody></table>';
651
- // $echo_str .= $dlp."\t\t".'</div>';
652
- }
653
- elseif ( $def['type'] == "columns" ) {
654
- $selected = explode(",", $def['value']);
655
- if ( count($selected) == 1 && $selected[0] == "" ) $selected = array();
656
- $selected_flat = array();
657
- foreach ( $selected as $ind => $item ) $selected_flat[$ind] = preg_replace("/(:|\/).*$/", "", $item);
658
- $echo_str .= $dlp."\t".'<table class="wfu_columns_container"><tbody><tr>';
659
- $echo_str .= $dlp."\t\t\t".'<td style="width:45%;"><label class="wfu_columns_listtitle">Available Columns</label></td>';
660
- $echo_str .= $dlp."\t\t\t".'<td style="width:55%"><label class="wfu_columns_listtitle">Displayed Columns</label></td></tr><tr>';
661
- $echo_str .= $dlp."\t\t".'<td style="width:45%;">';
662
- $echo_str .= $dlp."\t\t\t".'<table class="wfu_columns_container" style="table-layout:fixed; width:100%;"><tbody><tr>';
663
- $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_sourcelist" multiple="multiple" size="'.min(count($def['listitems']), 10).'" style="width:100%; overflow:auto;">';
664
- $itemprops = array();
665
- foreach ( $def['listitems'] as $item ) {
666
- $item_required = ( substr($item, 0, 1) == "*" );
667
- if ( $item_required ) $item = substr($item, 1);
668
- $item_parts = explode("/", $item, 3);
669
- $item_name = $item_parts[0];
670
- $item_label = "";
671
- $item_title = "";
672
- if ( count($item_parts) > 1 ) $item_label = $item_parts[1];
673
- if ( count($item_parts) == 3 ) $item_title = $item_parts[2];
674
- $item_parts = explode(":", $item_name, 2);
675
- $item_name = $item_parts[0];
676
- if ( count($item_parts) == 1 ) $item_sort = "";
677
- else $item_sort = $item_parts[1];
678
- if ( $item_label == "" ) $item_label = $item_name;
679
- if ( $item_title == "" ) $item_title = $item_label;
680
- $itemprops[$item_name] = array( 'label' => $item_label, 'title' => $item_title, 'required' => $item_required, 'sortable' => ( $item_name == "custom" || $item_sort != "" ), 'sorttype' => $item_sort );
681
- $val = $item_name.":".$item_sort."/".$item_title;
682
- $echo_str .= $dlp."\t\t\t\t\t".'<option value="'.$val.'"'.( $item_required ? ' class="wfu_columns_item_required"' : '' ).' onclick="wfu_columns_itemclicked(this, \''.$attr.'\');">'.$item_label.'</option>';
683
- }
684
- foreach ( $itemprops as $item_name => $prop )
685
- if ( $prop['required'] && !in_array($item_name, $selected_flat) )
686
- array_splice($selected, 0, 0, array( $item_name ));
687
- $selprops = array();
688
- foreach ( $selected as $item ) {
689
- $item_parts = explode("/", $item, 2);
690
- $item_name = $item_parts[0];
691
- if ( count($item_parts) == 1 ) $item_title = "";
692
- else $item_title = $item_parts[1];
693
- $item_parts = explode(":", $item_name, 2);
694
- $item_name = $item_parts[0];
695
- $flat_name = preg_replace("/^custom[0-9]+$/", "custom", $item_name);
696
- if ( $item_name != "custom" && isset($itemprops[$flat_name]) ) {
697
- $prop = $itemprops[$flat_name];
698
- if ( count($item_parts) == 1 ) $item_sort = ( $flat_name == "custom" ? "+-s" : ( $prop['sortable'] ? "-+".$prop['sorttype'] : "" ) );
699
- elseif ( $flat_name == "custom" ) $item_sort = "+".($item_parts[1] == "" ? "-s" : "+".$item_parts[1]);
700
- else $item_sort = ( $prop['sortable'] ? "-".($item_parts[1] == "" ? "-" : "+").$prop['sorttype'].substr($item_parts[1], 1, 1) : "" );
701
- if ( $item_title == "" ) $item_title = $prop['title'];
702
- array_push($selprops, array( 'name' => $item_name, 'label' => $prop['label'], 'title' => $item_title, 'required' => $prop['required'], 'sorttype' => $item_sort ));
703
- }
704
- }
705
- $echo_str .= $dlp."\t\t\t\t".'</select></td>';
706
- $echo_str .= $dlp."\t\t\t\t".'<td style="width:30px; padding:0 6px;"><button class="wfu_columns_addbutton" title="add column" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'add\');" style="width:100%;">&gt;&gt;</button></td>';
707
- $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
708
- $echo_str .= $dlp."\t\t".'</td>';
709
- $echo_str .= $dlp."\t\t".'<td style="width:55%">';
710
- $echo_str .= $dlp."\t\t\t".'<table class="wfu_columns_container" style="table-layout:fixed; width:100%;"><tbody><tr>';
711
- $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($def['listitems']), 10).'" onchange="wfu_update_columns(\''.$attr.'\');" style="width:100%; overflow:auto;">';
712
- foreach ( $selprops as $prop ) {
713
- $val = $prop['name'].":".$prop['sorttype']."/".$prop['label']."/".$prop['title'];
714
- $echo_str .= $dlp."\t\t\t\t\t".'<option value="'.$val.'"'.( $prop['required'] ? ' class="wfu_columns_item_required"' : '' ).' onclick="wfu_columns_itemclicked(this, \''.$attr.'\');">'.$prop['label'].( $prop['title'] != "" && $prop['title'] != $prop['label'] ? " (".$prop['title'].")" : "" ).'</option>';
715
- }
716
- $echo_str .= $dlp."\t\t\t\t".'</select></td>';
717
- $echo_str .= $dlp."\t\t\t\t".'<td style="width:30px; padding:0 6px;">';
718
- $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="move up" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'up\');" style="width:100%;">&#8593;</button>';
719
- $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="remove" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'del\');" style="width:100%;">-</button>';
720
- $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="move down" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'down\');" style="width:100%;">&#8595;</button>';
721
- $echo_str .= $dlp."\t\t\t\t".'</td>';
722
- $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
723
- $echo_str .= $dlp."\t\t\t".'<label class="wfu_columns_listtitle" style="margin-top:6px; display:block;">Column Properties</label>';
724
- $echo_str .= $dlp."\t\t\t".'<table id="wfu_attribute_'.$attr.'_columnprops_container" class="wfu_columnprops_container wfu_columnprops_container_disabled"><tbody>';
725
- $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_title_label">Title</label></td>';
726
- $echo_str .= $dlp."\t\t\t\t".'<td><input type="text" id="wfu_attribute_'.$attr.'_columnprops_title" name="wfu_columnprops_elements" value="" style="width:100%;" disabled="disabled" /></td></tr>';
727
- $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px; white-space:nowrap;"><label id="wfu_attribute_'.$attr.'_columnprops_id_label">Field ID</label></td>';
728
- $echo_str .= $dlp."\t\t\t\t".'<td><input type="number" id="wfu_attribute_'.$attr.'_columnprops_id" name="wfu_columnprops_elements" min="1" value="" style="width:100%;" disabled="disabled" /></td></tr>';
729
- $echo_str .= $dlp."\t\t\t\t".'<tr><td colspan="2"><input type="checkbox" id="wfu_attribute_'.$attr.'_columnprops_sort" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled" /><label id="wfu_attribute_'.$attr.'_columnprops_sort_label" for="wfu_attribute_'.$attr.'_columnprops_sort">Sortable</label></td></tr>';
730
- $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_sorttype_label" style="white-space:nowrap;">Sort As</label></td>';
731
- $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_columnprops_sorttype" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled"><option value=""></option><option value="s">String</option><option value="n">Integer</option></select></td></tr>';
732
- $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_defaultsort_label" style="white-space:nowrap;">Default Sort</label></td>';
733
- $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_columnprops_defaultsort" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled"><option value=" "></option><option value="+">Ascending</option><option value="-">Descending</option></select></td></tr>';
734
- $echo_str .= $dlp."\t\t\t".'</tbody></table>';
735
- $echo_str .= $dlp."\t\t".'</td>';
736
- $echo_str .= $dlp."\t".'</tr></tbody></table>';
737
-
738
- }
739
- elseif ( $def['type'] == "dimensions" ) {
740
- $vals_arr = explode(",", $def['value']);
741
- $vals = array();
742
- foreach ( $vals_arr as $val_raw ) {
743
- if ( trim($val_raw) != "" ) {
744
- list($val_id, $val) = explode(":", $val_raw);
745
- $vals[trim($val_id)] = trim($val);
746
- }
747
- }
748
- $dims = array();
749
- foreach ( $components as $comp ) {
750
- if ( $comp['dimensions'] == null ) $dims[$comp['id']] = $comp['name'];
751
- else foreach ( $comp['dimensions'] as $dimraw ) {
752
- list($dim_id, $dim_name) = explode("/", $dimraw);
753
- $dims[$dim_id] = $dim_name;
754
- }
755
- }
756
- foreach ( $dims as $dim_id => $dim_name ) {
757
- if ( !array_key_exists($dim_id, $vals) ) $vals[$dim_id] = "";
758
- $echo_str .= $dlp."\t\t".'<span style="display:inline-block; width:130px;">'.$dim_name.'</span><input id="wfu_attribute_'.$attr.'_'.$dim_id.'" type="text" name="wfu_dimension_elements_'.$attr.'" class="wfu_short_text" value="'.$vals[$dim_id].'" /><br />';
759
- }
760
- }
761
- elseif ( $def['type'] == "userfields" ) {
762
- $fields_arr = explode("/", $def['value']);
763
- $fields = array();
764
- foreach ( $fields_arr as $field_raw ) {
765
- $is_req = ( substr($field_raw, 0, 1) == "*" );
766
- if ( $is_req ) $field_raw = substr($field_raw, 1);
767
- if ( $field_raw != "" ) array_push($fields, array( "name" => $field_raw, "required" => $is_req ));
768
- }
769
- if ( count($fields) == 0 ) array_push($fields, array( "name" => "", "required" => false ));
770
- $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_userdata_container">';
771
- foreach ( $fields as $field ) {
772
- $echo_str .= $dlp."\t\t\t".'<div class="wfu_userdata_line">';
773
- $echo_str .= $dlp."\t\t\t\t".'<input type="text" name="wfu_userfield_elements" value="'.$field['name'].'" />';
774
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_userdata_action" onclick="wfu_userdata_add_field(this);"><img src="'.WFU_IMAGE_ADMIN_USERDATA_ADD.'" ></div>';
775
- $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_userdata_action wfu_userdata_action_disabled" onclick="wfu_userdata_remove_field(this);"><img src="'.WFU_IMAGE_ADMIN_USERDATA_REMOVE.'" ></div>';
776
- $echo_str .= $dlp."\t\t\t\t".'<input type="checkbox"'.( $field['required'] ? 'checked="checked"' : '' ).' onchange="wfu_update_userfield_value({target:this});" />';
777
- $echo_str .= $dlp."\t\t\t\t".'<span>Required</span>';
778
- $echo_str .= $dlp."\t\t\t".'</div>';
779
- }
780
- $echo_str .= $dlp."\t\t".'</div>';
781
- }
782
- elseif ( $def['type'] == "formfields" ) {
783
- //find occurrence index of this attribute and total occrrence length
784
- $flat = $def['flat'];
785
- $attr_occur_index = 0;
786
- $attr_occur_length = 0;
787
- $all_attributes = array();
788
- foreach ( $defs as $def2 ) {
789
- if ( $def2['flat'] == $flat ) {
790
- $attr_occur_length ++;
791
- array_push($all_attributes, $def2['attribute']);
792
- if ( $def2['attribute'] == $attr ) $attr_occur_index = $attr_occur_length;
793
- }
794
- }
795
- //get field type definitions
796
- $fielddefs_array = $def['listitems'];
797
- foreach ( $fielddefs_array as $fielddef ) $fielddefs[$fielddef['type']] = $fielddef;
798
- //initialize editable field properties
799
- $fieldprops_basic = array('label', 'required', 'donotautocomplete', 'validate', 'typehook', 'labelposition', 'hintposition', 'default', 'data', 'group', 'format');
800
- $fieldprops_default = array ( "type" => "text", "label" => "", "labelposition" => "left", "required" => false, "donotautocomplete" => false, "validate" => false, "default" => "", "data" => "", "group" => "", "format" => "", "hintposition" => "right", "typehook" => false );
801
- //parse shortcode attribute to $fields
802
- $fields = wfu_parse_userdata_attribute($def['value']);
803
- $labelpositions = array("none", "top", "right", "bottom", "left", "placeholder");
804
- $hintpositions = array("none", "inline", "top", "right", "bottom", "left");
805
- if ( count($fields) == 0 ) array_push($fields, $fieldprops_default);
806
- //set html template variable
807
- $template = $dlp."\t\t\t\t".'<table class="wfu_formdata_props_table"><tbody>';
808
- $template .= $dlp."\t\t\t\t".'<tr><td colspan="2"><label class="wfu_formdata_label">Type</label><select id="wfu_formfield_[[key]]_type" value="[[t]]" onchange="wfu_formdata_type_changed(\'[[key]]\');">';
809
- foreach( $fielddefs as $item ) $template .= $dlp."\t\t\t\t\t".'<option value="'.$item['type'].'"[[type_'.$item['type'].'_selected]]>'.$item['type_description'].'</option>';
810
- $template .= $dlp."\t\t\t\t".'</select></td><td>';
811
- $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_add" onclick="wfu_formdata_add_field(\'[[key]]\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_ADD.'" ></div>';
812
- $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_remove[[remove_disabled]]" onclick="wfu_formdata_remove_field(\'[[key]]\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_REMOVE.'" ></div>';
813
- $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_up[[up_disabled]]" onclick="wfu_formdata_move_field(\'[[key]]\', \'up\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_UP.'" ></div>';
814
- $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_down[[down_disabled]]" onclick="wfu_formdata_move_field(\'[[key]]\', \'down\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_DOWN.'" ></div></td></tr>';
815
- $template .= $dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[label_hint]]">[[label_label]]</label></td><td><input type="text" id="wfu_formfield_[[key]]_label" name="wfu_formfield_elements" value="[[label]]" /></td><td></td></tr>';
816
- $labelpos_options = "";
817
- foreach ( $labelpositions as $pos ) $labelpos_options .= '<option value="'.$pos.'"[[labelposition_'.$pos.'_selected]]>'.$pos.'</option>';
818
- $template .= '[[S->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_labelposition" title="[[labelposition_hint]]">Label Position</label></td><td><select id="wfu_formfield_[[key]]_labelposition" value="[[s]]" title="[[labelposition_hint]]" onchange="wfu_update_formfield_value({target:this});">'.$labelpos_options.'</select></td><td></td></tr>[[<-S]]';
819
- $template .= '[[R->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_required" type="checkbox"[[r->]] checked="checked"[[<-r]] title="[[required_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_required" title="[[required_hint]]"> Required</label></td><td></td></tr>[[<-R]]';
820
- $template .= '[[A->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_donotautocomplete" type="checkbox"[[a->]] checked="checked"[[<-a]] title="[[donotautocomplete_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_donotautocomplete" title="[[donotautocomplete_hint]]"> Do not autocomplete</label></td><td></td></tr>[[<-A]]';
821
- $template .= '[[V->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_validate" type="checkbox"[[v->]] checked="checked"[[<-v]] title="[[validate_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_validate" title="[[validate_hint]]"> Validate</label></td><td></td></tr>[[<-V]]';
822
- $hint_options = "";
823
- foreach ( $hintpositions as $pos ) $hint_options .= '<option value="'.$pos.'"[[hintposition_'.$pos.'_selected]]>'.$pos.'</option>';
824
- $template .= '[[P->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[hintposition_hint]]">Hint Position</label></td><td><select id="wfu_formfield_[[key]]_hintposition" value="[[p]]" title="[[hintposition_hint]]" onchange="wfu_update_formfield_value({target:this});">'.$hint_options.'</select></td><td></td></tr>[[<-P]]';
825
- $template .= '[[H->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_typehook" type="checkbox"[[h->]] checked="checked"[[<-h]] title="[[typehook_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_typehook" title="[[typehook_hint]]"> Type hook</label></td><td></td></tr>[[<-H]]';
826
- $template .= '[[D->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[default_hint]]">Default</label></td><td><input id="wfu_formfield_[[key]]_default" type="text" name="wfu_formfield_elements" value="[[d]]" title="[[default_hint]]" /></td><td></td></tr>[[<-D]]';
827
- $template .= '[[L->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[data_hint]]">[[data_label]]</label></td><td><input id="wfu_formfield_[[key]]_data" type="text" name="wfu_formfield_elements" value="[[l]]" title="[[data_hint]]" /></td><td></td></tr>[[<-L]]';
828
- $template .= '[[G->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[group_hint]]">Group ID</label></td><td><input id="wfu_formfield_[[key]]_group" type="text" name="wfu_formfield_elements" value="[[g]]" title="[[group_hint]]" /></td><td></td></tr>[[<-G]]';
829
- $template .= '[[F->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[format_hint]]">Format</label></td><td><input id="wfu_formfield_[[key]]_format" type="text" name="wfu_formfield_elements" value="[[f]]" title="[[format_hint]]" /></td><td></td></tr>[[<-F]]';
830
- $template .= $dlp."\t\t\t\t".'</tbody></table>';
831
- //draw html elements
832
- $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_formdata_container">';
833
- $echo_str .= $dlp."\t\t\t".'<input type="hidden" class="wfu_formdata_all_attributes" value="'.implode(",", $all_attributes).'" />';
834
- $echo_str .= $dlp."\t\t\t".'<div id="wfu_attribute_'.$attr.'_codeadd" style="display:none;">';
835
- //pass template and type props to client javascript variable and then erase the code
836
- $echo_str .= $dlp."\t\t\t\t".'<script type="text/javascript">';
837
- $echo_str .= $dlp."\t\t\t\t\t".'var wfu_attribute_'.$attr.'_formtemplate = "'.wfu_plugin_encode_string($template).'";';
838
- $echo_str .= $dlp."\t\t\t\t\t".'var wfu_attribute_'.$attr.'_typeprops = {};';
839
- $fielddef_array = array();
840
- foreach( $fielddefs as $item ) array_push($fielddef_array, $item['type']);
841
- //prepare storage of field definitions to browser context
842
- $echo_str .= $dlp."\t\t\t\t\t".'wfu_attribute_'.$attr.'_typeprops[0] = \''.implode(",", $fielddef_array).'\'';
843
- foreach( $fielddefs as $item ) {
844
- $typeprops = array();
845
- foreach ( $fieldprops_basic as $prop ) {
846
- array_push($typeprops, $prop.': \''.$item[$prop].'\'');
847
- array_push($typeprops, $prop.'_hint: \''.$item[$prop.'_hint'].'\'');
848
- }
849
- array_push($typeprops, 'label_label: \''.$item['label_label'].'\'');
850
- array_push($typeprops, 'data_label: \''.$item['data_label'].'\'');
851
- $echo_str .= $dlp."\t\t\t\t\t".'wfu_attribute_'.$attr.'_typeprops["'.$item['type'].'"] = {'.implode(", ", $typeprops).'};';
852
- }
853
- $echo_str .= $dlp."\t\t\t\t\t".'var self = document.getElementById("wfu_attribute_'.$attr.'_codeadd"); self.parentNode.removeChild(self);';
854
- $echo_str .= $dlp."\t\t\t\t".'</script>';
855
- $echo_str .= $dlp."\t\t\t".'</div>';
856
- $i = 1;
857
- foreach ( $fields as $field ) {
858
- $ind = wfu_create_random_string(4);
859
- $key = $attr."_".$ind;
860
- $fielddef = $fielddefs[$field["type"]];
861
- $echo_str .= $dlp."\t\t\t".'<div id="wfu_formfield_'.$key.'_container" class="wfu_formdata_line_container">';
862
- //generate html elements from template, replacing variables where applicable
863
- $from_template = str_replace(array('[[key]]', '[[t]]', '[[label]]', '[[s]]', '[[d]]', '[[l]]', '[[label_label]]', '[[data_label]]', '[[g]]', '[[f]]', '[[p]]'), array($key, $field['type'], $field['label'], $field['labelposition'], $field['default'], $field['data'], $fielddef['label_label'], $fielddef['data_label'], $field['group'], $field['format'], $field['hintposition']), $template);
864
- foreach ( $fieldprops_basic as $prop ) $from_template = str_replace('[['.$prop.'_hint]]', str_replace('\r\n', "\r\n", $fielddef[$prop.'_hint']), $from_template);
865
- foreach( $fielddefs as $item ) $from_template = str_replace('[[type_'.$item['type'].'_selected]]', ( $item['type'] == $field['type'] ? ' selected = "selected"' : '' ), $from_template);
866
- foreach( $labelpositions as $pos ) $from_template = str_replace('[[labelposition_'.$pos.'_selected]]', ( $pos == $field['labelposition'] ? ' selected = "selected"' : '' ), $from_template);
867
- foreach( $hintpositions as $pos ) $from_template = str_replace('[[hintposition_'.$pos.'_selected]]', ( $pos == $field['hintposition'] ? ' selected = "selected"' : '' ), $from_template);
868
- $from_template = str_replace('[[remove_disabled]]', ( count($fields) <= 1 ? ' wfu_formdata_action_disabled' : '' ), $from_template);
869
- $from_template = str_replace('[[up_disabled]]', ( ( $attr_occur_index == 1 && $i == 1 ) ? ' wfu_formdata_action_disabled' : '' ), $from_template);
870
- $from_template = str_replace('[[down_disabled]]', ( ( $attr_occur_index == $attr_occur_length && $i == count($fields) ) ? ' wfu_formdata_action_disabled' : '' ), $from_template);
871
- //adjust checkbox field values
872
- $from_template = preg_replace('/\[\[r\-\>\]\]'.( $field['required'] ? '|' : '.*' ).'\[\[\<\-r\]\]/', '', $from_template);
873
- $from_template = preg_replace('/\[\[a\-\>\]\]'.( $field['donotautocomplete'] ? '|' : '.*' ).'\[\[\<\-a\]\]/', '', $from_template);
874
- $from_template = preg_replace('/\[\[v\-\>\]\]'.( $field['validate'] ? '|' : '.*' ).'\[\[\<\-v\]\]/', '', $from_template);
875
- $from_template = preg_replace('/\[\[h\-\>\]\]'.( $field['typehook'] ? '|' : '.*' ).'\[\[\<\-h\]\]/', '', $from_template);
876
- //adjust visibility of properties
877
- $from_template = preg_replace('/\[\[S\-\>\]\]'.( substr($fielddef["labelposition"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-S\]\]/s', '', $from_template);
878
- $from_template = preg_replace('/\[\[R\-\>\]\]'.( substr($fielddef["required"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-R\]\]/s', '', $from_template);
879
- $from_template = preg_replace('/\[\[A\-\>\]\]'.( substr($fielddef["donotautocomplete"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-A\]\]/s', '', $from_template);
880
- $from_template = preg_replace('/\[\[V\-\>\]\]'.( substr($fielddef["validate"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-V\]\]/s', '', $from_template);
881
- $from_template = preg_replace('/\[\[P\-\>\]\]'.( substr($fielddef["hintposition"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-P\]\]/s', '', $from_template);
882
- $from_template = preg_replace('/\[\[H\-\>\]\]'.( substr($fielddef["typehook"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-H\]\]/s', '', $from_template);
883
- $from_template = preg_replace('/\[\[D\-\>\]\]'.( substr($fielddef["default"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-D\]\]/s', '', $from_template);
884
- $from_template = preg_replace('/\[\[L\-\>\]\]'.( substr($fielddef["data"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-L\]\]/s', '', $from_template);
885
- $from_template = preg_replace('/\[\[G\-\>\]\]'.( substr($fielddef["group"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-G\]\]/s', '', $from_template);
886
- $from_template = preg_replace('/\[\[F\-\>\]\]'.( substr($fielddef["format"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-F\]\]/s', '', $from_template);
887
- $echo_str .= $from_template;
888
- $echo_str .= $dlp."\t\t\t".'</div>';
889
- $i++;
890
- }
891
- $echo_str .= $dlp."\t\t".'</div>';
892
- }
893
- elseif ( $def['type'] == "color" ) {
894
- $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
895
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" class="wfu_color_field" value="'.$val.'" />';
896
- }
897
- elseif ( $def['type'] == "color-triplet" ) {
898
- $triplet = explode(",", $def['value']);
899
- foreach ( $triplet as $key => $item ) $triplet[$key] = trim($item);
900
- if ( count($triplet) == 2 ) $triplet = array( $triplet[0], $triplet[1], "#000000");
901
- elseif ( count($triplet) == 1 ) $triplet = array( $triplet[0], "#FFFFFF", "#000000");
902
- elseif ( count($triplet) < 3 ) $triplet = array( "#000000", "#FFFFFF", "#000000");
903
- $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Text Color</label><input id="wfu_attribute_'.$attr.'_color" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[0].'" /></div>';
904
- $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Background Color</label><input id="wfu_attribute_'.$attr.'_bgcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[1].'" /></div>';
905
- $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Border Color</label><input id="wfu_attribute_'.$attr.'_borcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[2].'" /></div>';
906
- }
907
- else {
908
- $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$def['value'].'" />';
909
- if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
910
- }
911
- $echo_str .= $dlp."\t".'</div></td>';
912
- if ( $def['parent'] == "" ) {
913
- $echo_str .= $dlp."\t".'<td style="position:relative; vertical-align:top; padding:0;"><div class="wfu_td_div">';
914
- $block_open = false;
915
- }
916
- else {
917
- $echo_str .= $dlp.'</tr>';
918
- $subblock_open = true;
919
- }
920
- }
921
- if ( $subblock_open ) {
922
- $echo_str .= "\n\t\t\t\t\t\t".'</div>';
923
- }
924
- if ( $block_open ) {
925
- $echo_str .= "\n\t\t\t\t\t".'</div></td>';
926
- $echo_str .= "\n\t\t\t\t".'</tr>';
927
- }
928
- $echo_str .= "\n\t\t\t".'</tbody>';
929
- $echo_str .= "\n\t\t".'</table>';
930
- $echo_str .= "\n\t".'</div>';
931
- $echo_str .= "\n\t".'<div id="wfu_global_dialog_container" class="wfu_global_dialog_container">';
932
- $echo_str .= "\n\t".'</div>';
933
- $handler = 'function() { wfu_Attach_Admin_Events('.( $data == "" ? 'true' : 'false' ).'); }';
934
- $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
935
- $echo_str .= "\n".'</div>';
936
- // $echo_str .= "\n\t".'<div style="margin-top:10px;">';
937
- // $echo_str .= "\n\t\t".'<label>Final shortcode text</label>';
938
- // $echo_str .= "\n\t".'</div>';
939
-
940
- echo $echo_str;
941
- }
942
-
943
- /**
944
- * Insert Variables in an Attribute.
945
- *
946
- * This function generates the HTML code of the variables that are shown below
947
- * the attribute which they refer to.
948
- *
949
- * @since 2.1.3
950
- *
951
- * @param array $variables. The array of variables to display below the
952
- * attribute.
953
- * @param string $class A class name to set in the elements of the generated
954
- * HTML code.
955
- *
956
- * @return string The HTML output of the variables.
957
- */
958
- function wfu_insert_variables($variables, $class) {
959
- $ret = "";
960
- foreach ( $variables as $variable )
961
- if ( $variable == "%userdataXXX%" ) $ret .= "\t\t".'<select class="'.$class.'" name="wfu_formfield_select" title="'.constant("WFU_VARIABLE_TITLE_".strtoupper(str_replace("%", "", $variable))).'" onchange="wfu_insert_userfield_variable(this);"><option style="display:none;">%userdataXXX%</option></select>';
962
- elseif ( $variable != "%n%" && $variable != "%dq%" && $variable != "%brl%" && $variable != "%brr%" ) $ret .= "\t\t".'<span class="'.$class.'" title="'.constant("WFU_VARIABLE_TITLE_".strtoupper(str_replace("%", "", $variable))).'" ondblclick="wfu_insert_variable(this);">'.$variable.'</span>';
963
- return $ret;
964
  }
1
+ <?php
2
+
3
+ /**
4
+ * Shortcode Composer Page
5
+ *
6
+ * This file contains functions related to the shortcode composer page of the
7
+ * plugin. The shortcode composer is a visual editor of the plugin's shortcodes
8
+ * so that they can be configured easily by administrators.
9
+ *
10
+ * @link /lib/wfu_admin_composer.php
11
+ *
12
+ * @package WordPress File Upload Plugin
13
+ * @subpackage Core Components
14
+ * @since 2.4.1
15
+ */
16
+
17
+ /**
18
+ * Display the Shortcode Composer.
19
+ *
20
+ * This function displays the shortcode composer for a specific shortcode.
21
+ *
22
+ * @since 2.1.2
23
+ *
24
+ * @param string|array $data Optional. If this function was called for an
25
+ * existing shortcode, this param holds data of the shortcode. If it was
26
+ * called for a new shortcode, it contains an empty string.
27
+ * @param string $shortcode_tag Optional. The shortcode tag.
28
+ * @param string $referer Optional. The page that called this function.
29
+ *
30
+ * @return string The HTML output of the shortcode composer.
31
+ */
32
+ function wfu_shortcode_composer($data = '', $shortcode_tag = 'wordpress_file_upload', $referer = 'page') {
33
+ global $wp_roles;
34
+ $siteurl = site_url();
35
+
36
+ $plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
37
+ $components = wfu_component_definitions();
38
+ if ( $shortcode_tag == 'wordpress_file_upload' ) {
39
+ $plugin_title = "Uploader";
40
+ $cats = wfu_category_definitions();
41
+ $defs = wfu_attribute_definitions();
42
+ //remove personaldata category if Personal Data are not activated in
43
+ //plugin's Settings
44
+ if ($plugin_options["personaldata"] != "1" && isset($cats["personaldata"])) unset($cats["personaldata"]);
45
+ }
46
+ else {
47
+ $plugin_title = "Browser";
48
+ $cats = wfu_browser_category_definitions();
49
+ $defs = wfu_browser_attribute_definitions();
50
+ }
51
+
52
+ if ( $data == "" ) {
53
+ $shortcode = $plugin_options['shortcode'];
54
+ $shortcode_full = '['.$shortcode_tag.' '.$shortcode.']';
55
+ $postid = "";
56
+ $postname = "";
57
+ $posttype = "";
58
+ $posthash = "";
59
+ $shortcode_position = -1;
60
+ $widgetid = "";
61
+ $sidebar = "";
62
+ $autosave = true;
63
+ }
64
+ else {
65
+ $shortcode = trim(substr($data['shortcode'], strlen('['.$shortcode_tag), -1));
66
+ $shortcode_full = $data['shortcode'];
67
+ $postid = $data['post_id'];
68
+ $postname = sanitize_text_field(get_the_title($postid));
69
+ $posttype_obj = get_post_type_object(get_post_type($postid));
70
+ $posttype = ( $posttype_obj ? $posttype_obj->labels->singular_name : "" );
71
+ $posthash = $data['post_hash'];
72
+ $shortcode_position = $data['position'];
73
+ $widgetid = ( isset($data['widgetid']) ? $data['widgetid'] : "" );
74
+ $sidebar = ( isset($data['sidebar']) ? $data['sidebar'] : "" );
75
+ $autosave = false;
76
+ }
77
+
78
+ // index $components
79
+ $components_indexed = array();
80
+ foreach ( $components as $component ) $components_indexed[$component['id']] = $component;
81
+ // complete defs array and index dependencies
82
+ $governors = array();
83
+ $shortcode_attrs = wfu_shortcode_string_to_array($shortcode);
84
+ //replace old attribute definitions with new ones
85
+ $shortcode_attrs = wfu_old_to_new_attributes($shortcode_attrs);
86
+ $shortcode_id = '';
87
+ foreach ( $defs as $key => $def ) {
88
+ $attr = $def['attribute'];
89
+ $defs[$key]['default'] = $def['value'];
90
+ //'flat' property keeps the original attribute, because 'attribute'
91
+ //property will change for defs that their occurrence is higher than 1
92
+ $defs[$key]['flat'] = $attr;
93
+ if ( array_key_exists($attr, $shortcode_attrs) ) $defs[$key]['value'] = $shortcode_attrs[$attr];
94
+ $subblock_active = false;
95
+ //detect if the dependencies of this attribute will be disabled or not
96
+ if ( ( $def['type'] == "onoff" && $defs[$key]['value'] == "true" ) ||
97
+ ( $def['type'] == "radio" && in_array("*".$defs[$key]['value'], $def['listitems']) ) )
98
+ $subblock_active = true;
99
+ // assign dependencies if exist
100
+ if ( $def['dependencies'] != null )
101
+ foreach ( $def['dependencies'] as $dependency ) {
102
+ if ( substr($dependency, 0, 1) == "!" ) //invert state for this dependency if an exclamation mark is defined
103
+ $governors[substr($dependency, 1)] = array( 'attribute' => $attr, 'active' => !$subblock_active, 'inv' => '_inv' );
104
+ else
105
+ $governors[$dependency] = array( 'attribute' => $attr, 'active' => $subblock_active, 'inv' => '' );
106
+ }
107
+ if ( $attr == 'uploadid' || $attr == 'browserid' ) $shortcode_id = $defs[$key]['value'];
108
+ }
109
+
110
+ //check if attributes need to be generated more than once because their governor is a component field that appears more than once in placements attribute
111
+ $key = 0;
112
+ while ( $key < count($defs) ) {
113
+ $defs[$key]['additional_values'] = array();
114
+ $def = $defs[$key];
115
+ $attr = $def['attribute'];
116
+ //check if this attribute needs to be generated more than once
117
+ if ( array_key_exists($attr, $governors) ) $governor = $governors[$attr]['attribute'];
118
+ else $governor = "";
119
+ if ( $governor != "" && isset($components_indexed[$governor]) && $components_indexed[$governor]['multiplacements'] && isset($shortcode_attrs['placements']) ) {
120
+ //count how many occurrences of the governor attribute appear inside placements attribute
121
+ $occurrences = 0;
122
+ $sections = explode("/", $shortcode_attrs['placements']);
123
+ foreach ( $sections as $section ) {
124
+ $items_in_section = explode("+", trim($section));
125
+ foreach ( $items_in_section as $item )
126
+ if ( trim($item) == $governor ) $occurrences++;
127
+ }
128
+ //add indexed attributes if there is more than one occurrence
129
+ for ( $ii = 2; $ii <= $occurrences; $ii++ ) {
130
+ $def2 = $def;
131
+ $def2['attribute'] .= $ii;
132
+ $def2['name'] .= ' ('.$ii.')';
133
+ if ( array_key_exists($def2['attribute'], $shortcode_attrs) )
134
+ $def2['value'] = $shortcode_attrs[$def2['attribute']];
135
+ else $def2['value'] = $def2['default'];
136
+ array_splice($defs, $key + 1, 0, array($def2));
137
+ $key++;
138
+ }
139
+ //check if the shortcode contains additional indexed definitions and store them in 'additional_values'
140
+ $ii = max(1, $occurrences) + 1;
141
+ while ( array_key_exists($attr.$ii, $shortcode_attrs) ) {
142
+ $defs[$key]['additional_values'][$ii] = $shortcode_attrs[$attr.$ii];
143
+ $ii++;
144
+ }
145
+ }
146
+ $key++;
147
+ }
148
+
149
+ $echo_str = '<div id="wfu_wrapper" class="wrap">';
150
+ $echo_str .= "\n\t".'<h2>Wordpress File Upload Control Panel</h2>';
151
+ $echo_str .= "\n\t".'<div id="wfu_page_obsolete_message" class="error" style="display:none;">';
152
+ $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_PAGE_OBSOLETE.'</p>';
153
+ $echo_str .= "\n\t".'</div>';
154
+ $echo_str .= "\n\t".'<div id="wfu_update_rejected_message" class="error" style="display:none;">';
155
+ $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_UPDATE_SHORTCODE_REJECTED.'</p>';
156
+ $echo_str .= "\n\t".'</div>';
157
+ $echo_str .= "\n\t".'<div id="wfu_update_failed_message" class="error" style="display:none;">';
158
+ $echo_str .= "\n\t\t".'<p>'.WFU_DASHBOARD_UPDATE_SHORTCODE_FAILED.'</p>';
159
+ $echo_str .= "\n\t".'</div>';
160
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
161
+ if ( $referer == "dashboard" ) $echo_str .= "\n\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&amp;action=manage_mainmenu" class="button" title="go back">Go to Main Menu</a>';
162
+ $echo_str .= "\n\t".'</div>';
163
+ if ( $widgetid == "" ) $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">'.( $data == "" ? 'Test' : $posttype.' <strong>'.$postname.'</strong>' ).': Shortcode Composer for '.$plugin_title.' <strong>ID '.$shortcode_id.'</strong></h2>';
164
+ else $echo_str .= "\n\t".'<h2 style="margin-bottom: 10px; margin-top: 20px;">Sidebar <strong>'.$sidebar.'</strong>: Shortcode Composer for Uploader <strong>ID '.$shortcode_id.'</strong></h2>';
165
+ $echo_str .= "\n\t".'<div style="margin-top:10px; display:inline-block;">';
166
+ if ( $data != "") $echo_str .= "\n\t\t".'<input id="wfu_update_shortcode" type="button" value="Update" class="button-primary" disabled="disabled" onclick="wfu_save_shortcode()" /><span id="wfu_update_shortcode_wait" class="spinner" style="float:right; display:none;"></span>';
167
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_original_enc" type="hidden" value="'.wfu_plugin_encode_string($shortcode_full).'" />';
168
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_tag" type="hidden" value="'.$shortcode_tag.'" />';
169
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_postid" type="hidden" value="'.$postid.'" />';
170
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_posthash" type="hidden" value="'.$posthash.'" />';
171
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_position" type="hidden" value="'.$shortcode_position.'" />';
172
+ $echo_str .= "\n\t\t".'<input id="wfu_shortcode_widgetid" type="hidden" value="'.$widgetid.'" />';
173
+ $echo_str .= "\n\t".'</div>';
174
+ $echo_str .= "\n\t".'<div style="margin-top:20px;">';
175
+ $echo_str .= "\n\t\t".'<div class="wfu_shortcode_container">';
176
+ $echo_str .= "\n\t\t\t".'<span><strong>Generated Shortcode</strong></span>';
177
+ $echo_str .= "\n\t\t\t".'<span id="wfu_save_label" class="wfu_save_label">saved</span>';
178
+ $echo_str .= "\n\t\t\t".'<textarea id="wfu_shortcode" class="wfu_shortcode" rows="5">['.$shortcode_tag.']</textarea>';
179
+ $echo_str .= "\n\t\t\t".'<div id="wfu_attribute_defaults" style="display:none;">';
180
+ // remove hidden attributes from defs array
181
+ foreach ( $defs as $key => $def ) if ( $def['type'] == "hidden" ) unset($defs[$key]);
182
+ foreach ( $defs as $def )
183
+ $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_default_'.$def['attribute'].'" type="hidden" value="'.$def['default'].'" />';
184
+ $echo_str .= "\n\t\t\t".'</div>';
185
+ $echo_str .= "\n\t\t\t".'<div id="wfu_attribute_values" style="display:none;">';
186
+ foreach ( $defs as $def ) {
187
+ $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_value_'.$def['attribute'].'" type="hidden" value="'.$def['value'].'" />';
188
+ //add additional values, if exist
189
+ foreach( $def['additional_values'] as $key => $val )
190
+ $echo_str .= "\n\t\t\t\t".'<input id="wfu_attribute_value_'.$def['attribute'].$key.'" type="hidden" value="'.$val.'" />';
191
+ }
192
+ $echo_str .= "\n\t\t\t".'</div>';
193
+ $echo_str .= "\n\t\t".'</div>';
194
+ $echo_str .= "\n\t".'</div>';
195
+ $echo_str .= "\n\t".'<h3 id="wfu_tab_container" class="nav-tab-wrapper">';
196
+ $is_first = true;
197
+ foreach ( $cats as $key => $cat ) {
198
+ $echo_str .= "\n\t\t".'<a id="wfu_tab_'.$key.'" class="nav-tab'.( $is_first ? ' nav-tab-active' : '' ).'" href="javascript: wfu_admin_activate_tab(\''.$key.'\');">'.$cat.'</a>';
199
+ $is_first = false;
200
+ }
201
+ $echo_str .= "\n\t".'</h3>';
202
+
203
+ $prevcat = "";
204
+ $prevsubcat = "";
205
+ $is_first = true;
206
+ $block_open = false;
207
+ $subblock_open = false;
208
+ foreach ( $defs as $def ) {
209
+ $attr = $def['attribute'];
210
+ //check if this attribute depends on other
211
+ if ( !array_key_exists($attr, $governors) ) $governors[$attr] = "";
212
+ if ( $governors[$attr] != "" ) $governor = $governors[$attr];
213
+ else $governor = array( 'attribute' => "independent", 'active' => true, 'inv' => '' );
214
+
215
+ //close previous blocks
216
+ if ( $def['parent'] == "" ) {
217
+ if ( $subblock_open ) {
218
+ $echo_str .= "\n\t\t\t\t\t\t\t".'</tbody>';
219
+ $echo_str .= "\n\t\t\t\t\t\t".'</table>';
220
+ $subblock_open = false;
221
+ }
222
+ if ( $block_open ) {
223
+ $echo_str .= "\n\t\t\t\t\t".'</div></td>';
224
+ $echo_str .= "\n\t\t\t\t".'</tr>';
225
+ $block_open = false;
226
+ }
227
+ }
228
+ //check if new category must be generated
229
+ if ( $def['category'] != $prevcat ) {
230
+ if ( $prevcat != "" ) {
231
+ $echo_str .= "\n\t\t\t".'</tbody>';
232
+ $echo_str .= "\n\t\t".'</table>';
233
+ $echo_str .= "\n\t".'</div>';
234
+ }
235
+ $prevcat = $def['category'];
236
+ $prevsubcat = "";
237
+ $echo_str .= "\n\t".'<div id="wfu_container_'.$prevcat.'" class="wfu_container"'.( $is_first ? '' : ' style="display:none;"' ).'">';
238
+ $echo_str .= "\n\t\t".'<table class="form-table wfu_main_table">';
239
+ $echo_str .= "\n\t\t\t".'<thead><tr><th></th><td></td><td></td></tr></thead>';
240
+ $echo_str .= "\n\t\t\t".'<tbody>';
241
+ $is_first = false;
242
+ }
243
+ //check if new sub-category must be generated
244
+ if ( $def['subcategory'] != $prevsubcat ) {
245
+ $prevsubcat = $def['subcategory'];
246
+ $echo_str .= "\n\t\t\t\t".'<tr class="wfu_subcategory">';
247
+ $echo_str .= "\n\t\t\t\t\t".'<th scope="row" colspan="3">';
248
+ $echo_str .= "\n\t\t\t\t\t\t".'<h3 style="margin-bottom: 10px; margin-top: 10px;">'.$prevsubcat.'</h3>';
249
+ $echo_str .= "\n\t\t\t\t\t".'</th>';
250
+ $echo_str .= "\n\t\t\t\t".'</tr>';
251
+ }
252
+ //draw attribute element
253
+ if ( $def['parent'] == "" ) {
254
+ $dlp = "\n\t\t\t\t";
255
+ }
256
+ else {
257
+ if ( !$subblock_open ) {
258
+ $echo_str .= "\n\t\t\t\t\t\t".'<div class="wfu_shadow wfu_shadow_'.$def['parent'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
259
+ $echo_str .= "\n\t\t\t\t\t\t".'<table class="form-table wfu_inner_table" style="margin:0;">';
260
+ $echo_str .= "\n\t\t\t\t\t\t\t".'<tbody>';
261
+ }
262
+ $dlp = "\n\t\t\t\t\t\t\t\t";
263
+ }
264
+ $echo_str .= $dlp.'<tr>';
265
+ $echo_str .= $dlp."\t".'<th scope="row"><div class="wfu_td_div">';
266
+ if ( $def['parent'] == "" ) $echo_str .= $dlp."\t\t".'<div class="wfu_shadow wfu_shadow_'.$governor['attribute'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
267
+ $echo_str .= $dlp."\t\t".'<div class="wfu_restore_container" title="Double-click to restore defaults setting"><img src="'.WFU_IMAGE_ADMIN_RESTOREDEFAULT.'" ondblclick="wfu_apply_value(\''.$attr.'\', \''.$def['type'].'\', \''.$def['default'].'\');" /></div>';
268
+ $echo_str .= $dlp."\t\t".'<label for="wfu_attribute_'.$attr.'">'.$def['name'].'</label>';
269
+ $echo_str .= $dlp."\t\t".'<input type="hidden" name="wfu_attribute_governor_'.$governor['attribute'].'" class="wfu_attribute_governor" value="'.$attr.'" />';
270
+ $echo_str .= $dlp."\t\t".'<div class="wfu_help_container" title="'.$def['help'].'"><img src="'.WFU_IMAGE_ADMIN_HELP.'" /></div>';
271
+ $echo_str .= $dlp."\t".'</div></th>';
272
+ $echo_str .= $dlp."\t".'<td style="vertical-align:top;"><div class="wfu_td_div">';
273
+ if ( $def['parent'] == "" ) $echo_str .= $dlp."\t\t".'<div class="wfu_shadow wfu_shadow_'.$governor['attribute'].$governor['inv'].'" style="display:'.( $governor['active'] ? 'none' : 'block' ).';"></div>';
274
+ if ( $def['type'] == "onoff" ) {
275
+ $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_onoff_container_'.( $def['value'] == "true" ? "on" : "off" ).'" onclick="wfu_admin_onoff_clicked(\''.$attr.'\');">';
276
+ $echo_str .= $dlp."\t\t\t".'<div class="wfu_onoff_slider"></div>';
277
+ $echo_str .= $dlp."\t\t\t".'<span class="wfu_onoff_text">ON</span>';
278
+ $echo_str .= $dlp."\t\t\t".'<span class="wfu_onoff_text">OFF</span>';
279
+ $echo_str .= $dlp."\t\t".'</div>';
280
+ }
281
+ elseif ( $def['type'] == "text" ) {
282
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
283
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" style="display:block;" />';
284
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
285
+ }
286
+ elseif ( $def['type'] == "placements" ) {
287
+ $components_used = array();
288
+ foreach ( $components as $component ) $components_used[$component['id']] = 0;
289
+ $centered_content = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div></div>';
290
+ $centered_content_multi = '<div class="wfu_component_box_inner"><div class="wfu_component_box_label">XXX</div><div class="wfu_component_box_index">YYY</div></div>';
291
+ $echo_str .= $dlp."\t\t".'<div class="wfu_placements_wrapper">';
292
+ $echo_str .= $dlp."\t\t\t".'<div id="wfu_placements_container" class="wfu_placements_container">';
293
+ $itemplaces = explode("/", $def['value']);
294
+ foreach ( $itemplaces as $section ) {
295
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_hor"></div>';
296
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_ver"></div>';
297
+ $items_in_section = explode("+", trim($section));
298
+ $section_array = array( );
299
+ foreach ( $items_in_section as $item_in_section ) {
300
+ if ( key_exists($item_in_section, $components_indexed) ) {
301
+ if ( $components_indexed[$item_in_section]['multiplacements'] || $components_used[$item_in_section] == 0 ) {
302
+ $components_used[$item_in_section] ++;
303
+ if ( $components_indexed[$item_in_section]['multiplacements'] ) {
304
+ $multi_index = $components_used[$item_in_section];
305
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_'.$item_in_section.'_'.$multi_index.'" class="wfu_component_box" draggable="true" title="'.$components_indexed[$item_in_section]['help'].'">'.str_replace(array("XXX", "YYY"), array($components_indexed[$item_in_section]['name'], $multi_index), $centered_content_multi).'</div>';
306
+ }
307
+ else
308
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_'.$item_in_section.'_0" class="wfu_component_box" draggable="true" title="'.$components_indexed[$item_in_section]['help'].'">'.str_replace("XXX", $components_indexed[$item_in_section]['name'], $centered_content).'</div>';
309
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_ver"></div>';
310
+ }
311
+ }
312
+ }
313
+ }
314
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_component_separator_hor"></div>';
315
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_bar_hor" class="wfu_component_bar_hor"></div>';
316
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_bar_ver" class="wfu_component_bar_ver"></div>';
317
+ $echo_str .= $dlp."\t\t\t".'</div>';
318
+ $echo_str .= $dlp."\t\t\t".'<div id="wfu_componentlist_container" class="wfu_componentlist_container">';
319
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_componentlist_dragdrop" class="wfu_componentlist_dragdrop" style="display:none;"></div>';
320
+ $ii = 1;
321
+ foreach ( $components as $component ) {
322
+ $echo_str .= $dlp."\t\t\t\t".'<div id="wfu_component_box_container_'.$component['id'].'" class="wfu_component_box_container">';
323
+ $echo_str .= $dlp."\t\t\t\t\t".'<div class="wfu_component_box_base">'.str_replace("XXX", $component['name'], $centered_content).'</div>';
324
+ if ( $component['multiplacements'] ) {
325
+ $multi_index = $components_used[$component['id']] + 1;
326
+ $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_component_box_'.$component['id'].'_'.$multi_index.'" class="wfu_component_box wfu_inbase" draggable="true" title="'.$component['help'].'">'.str_replace(array("XXX", "YYY"), array($component['name'], $multi_index), $centered_content_multi).'</div>';
327
+ }
328
+ elseif ( $components_used[$component['id']] == 0 )
329
+ $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_component_box_'.$component['id'].'_0" class="wfu_component_box wfu_inbase" draggable="true" title="'.$component['help'].'">'.str_replace("XXX", $component['name'], $centered_content).'</div>';
330
+ $echo_str .= $dlp."\t\t\t\t".'</div>'.( ($ii++) % 3 == 0 ? '<br />' : '' );
331
+ }
332
+ $echo_str .= $dlp."\t\t\t".'</div>';
333
+ $echo_str .= $dlp."\t\t".'</div>';
334
+ }
335
+ elseif ( $def['type'] == "ltext" ) {
336
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
337
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" class="wfu_long_text" value="'.$val.'" />';
338
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
339
+ }
340
+ elseif ( $def['type'] == "integer" ) {
341
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
342
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="number" name="wfu_text_elements" class="wfu_short_text" min="1" value="'.$val.'" />';
343
+ if ( isset($def['listitems']['unit']) ) $echo_str .= $dlp."\t\t".'<label> '.$def['listitems']['unit'].'</label>';
344
+ }
345
+ elseif ( $def['type'] == "float" ) {
346
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
347
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="number" name="wfu_text_elements" class="wfu_short_text" step="any" min="0" value="'.$val.'" />';
348
+ if ( isset($def['listitems']['unit']) ) $echo_str .= $dlp."\t\t".'<label> '.$def['listitems']['unit'].'</label>';
349
+ }
350
+ elseif ( $def['type'] == "date" ) {
351
+ $val = $def['value'];
352
+ $echo_str .= $dlp."\t\t".'<div class="wfu_date_container"><input id="wfu_attribute_'.$attr.'" type="text" value="'.$val.'" readonly style="padding-right:16px; background-color:white; width:auto;" /><img class="wfu_datereset_button" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL.'" onclick="var f = document.getElementById(\'wfu_attribute_'.$attr.'\'); f.value = \'\'; wfu_update_date_value({target:f});" /></div><label style="font-size:smaller; margin-left:4px;">format: YYYY-MM-DD</label>';
353
+ $echo_str .= wfu_inject_js_code('jQuery(function() {jQuery("#wfu_attribute_'.$attr.'").datepicker({dateFormat: "yy-mm-dd", onClose: function(date, picker) {wfu_update_date_value({target:this});}});});');
354
+ }
355
+ elseif ( $def['type'] == "radio" ) {
356
+ $echo_str .= $dlp."\t\t";
357
+ $ii = 0;
358
+ foreach ( $def['listitems'] as $item )
359
+ $echo_str .= '<input name="wfu_radioattribute_'.$attr.'" type="radio" value="'.$item.'" '.( $item == $def['value'] || $item == "*".$def['value'] ? 'checked="checked" ' : '' ).'style="width:auto; margin:0px 2px 0px '.( ($ii++) == 0 ? '0px' : '8px' ).';" onchange="wfu_admin_radio_clicked(\''.$attr.'\');" />'.( $item[0] == "*" ? substr($item, 1) : $item );
360
+ // $echo_str .= '<input type="button" class="button" value="empty" style="width:auto; margin:-2px 0px 0px 8px;" />';
361
+ }
362
+ elseif ( $def['type'] == "ptext" ) {
363
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
364
+ $parts = explode("/", $val);
365
+ $singular = $parts[0];
366
+ if ( count($parts) < 2 ) $plural = $singular;
367
+ else $plural = $parts[1];
368
+ $echo_str .= $dlp."\t\t".'<span class="wfu_ptext_span">Singular</span><input id="wfu_attribute_s_'.$attr.'" type="text" name="wfu_ptext_elements" value="'.$singular.'" />';
369
+ if ( $def['variables'] != null ) if ( count($def['variables']) > 0 ) $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">&nbsp;</span>';
370
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_s_'.$attr);
371
+ $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">Plural</span><input id="wfu_attribute_p_'.$attr.'" type="text" name="wfu_ptext_elements" value="'.$plural.'" />';
372
+ if ( $def['variables'] != null ) if ( count($def['variables']) > 0 ) $echo_str .= $dlp."\t\t".'<br /><span class="wfu_ptext_span">&nbsp;</span>';
373
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_p_'.$attr, $dlp);
374
+ }
375
+ elseif ( $def['type'] == "mtext" ) {
376
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
377
+ $echo_str .= $dlp."\t\t".'<textarea id="wfu_attribute_'.$attr.'" name="wfu_text_elements" rows="5">'.$val.'</textarea>';
378
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
379
+ }
380
+ elseif ( $def['type'] == "ftpinfo" ) {
381
+ $val = $def['value'];
382
+ $ftpinfo = wfu_decode_ftpinfo($val);
383
+ $error_class = ( $ftpinfo["error"] ? ' ftpinfo_error' : '' );
384
+ $echo_str .= $dlp."\t\t".'<div class="ftpinfo_header">';
385
+ $echo_str .= $dlp."\t\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_ftpinfobase_elements" class="ftpinfo_text'.$error_class.'" value="'.$val.'" />';
386
+ $echo_str .= $dlp."\t\t\t".'<button class="ftpinfo_btn" onclick="wfu_ftpinfotool_toggle();">Edit</button>';
387
+ $echo_str .= $dlp."\t\t".'</div>';
388
+ $echo_str .= $dlp."\t\t".'<div class="ftpinfo_tool hidden">';
389
+ $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Username</label><input type="text" id="ftpinfo_username" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["username"].'" /><br />';
390
+ $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Password</label><input type="text" id="ftpinfo_password" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["password"].'" /><br />';
391
+ $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">FTP Domain</label><input type="text" id="ftpinfo_domain" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["ftpdomain"].'" /><br />';
392
+ $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Port</label><input type="text" id="ftpinfo_port" name="wfu_ftpinfotool_elements" class="ftpinfo_value'.$error_class.'" value="'.$ftpinfo["data"]["port"].'" /><br />';
393
+ $echo_str .= $dlp."\t\t\t".'<label class="ftpinfo_label">Use SFTP</label><input type="checkbox" id="ftpinfo_sftp" name="wfu_ftpinfotool_elements" class="ftpinfo_checkbox'.$error_class.'"'.( $ftpinfo["data"]["sftp"] ? " checked" : "" ).' />';
394
+ $echo_str .= $dlp."\t\t".'</div>';
395
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
396
+ }
397
+ elseif ( $def['type'] == "folderlist" ) {
398
+ $echo_str .= $dlp."\t\t".'<div id="wfu_subfolders_inner_shadow_'.$attr.'" class="wfu_subfolders_inner_shadow" style="display:none;"></div>';
399
+ $subfolders = wfu_parse_folderlist($def['value']);
400
+ $poptitle = "Populate list automatically with the first-level subfolders of the path defined in uploadpath";
401
+ $edittitle = "Allow the user to type the subfolder and filter the list during typing";
402
+ $echo_str .= $dlp."\t\t".'<input type="checkbox" id="wfu_subfolders_auto_'.$attr.'"'.( substr($def['value'], 0, 4) == "auto" ? ' checked="checked"' : '' ).' onchange="wfu_subfolders_auto_changed(\''.$attr.'\');" title="'.$poptitle.'" /><label for="wfu_subfolders_auto_'.$attr.'" title="'.$poptitle.'"> Auto-populate list</label>';
403
+ $echo_str .= $dlp."\t\t".'<div style="display:'.( substr($def['value'], 0, 4) == "auto" ? 'inline' : 'none' ).'; padding:0; margin:0 0 0 30px; background:none; border:none;"><input type="checkbox" id="wfu_subfolders_editable_'.$attr.'"'.( substr($def['value'], 0, 5) == "auto+" ? ' checked="checked"' : '' ).' onchange="wfu_subfolders_auto_changed(\''.$attr.'\');" title="'.$edittitle.'" /><label for="wfu_subfolders_editable_'.$attr.'" title="'.$edittitle.'"> List is editable</label></div><br />';
404
+ $echo_str .= $dlp."\t\t".'<input type="hidden" id="wfu_subfolders_manualtext_'.$attr.'" value="'.( substr($def['value'], 0, 4) == "auto" ? "" : $def['value'] ).'" />';
405
+ $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'" class="wfu_select_folders'.( count($subfolders['path']) == 0 ? ' wfu_select_folders_empty' : '' ).'" size="7"'.( substr($def['value'], 0, 4) == "auto" ? ' disabled="disabled"' : '' ).' onchange="wfu_subfolders_changed(\''.$attr.'\');">';
406
+ foreach ($subfolders['path'] as $ind => $subfolder) {
407
+ if ( substr($subfolder, -1) == '/' ) $subfolder = substr($subfolder, 0, -1);
408
+ $subfolder_raw = explode('/', $subfolder);
409
+ $subfolder = $subfolder_raw[count($subfolder_raw) - 1];
410
+ $text = str_repeat("&nbsp;&nbsp;&nbsp;", intval($subfolders['level'][$ind])).$subfolders['label'][$ind];
411
+ $subvalue = str_repeat("*", intval($subfolders['level'][$ind])).( $subfolders['default'][$ind] ? '&' : '' ).( $subfolder == "" ? '{root}' : $subfolder ).'/'.$subfolders['label'][$ind];
412
+ $echo_str .= $dlp."\t\t\t".'<option class="'.( $subfolders['default'][$ind] ? 'wfu_select_folders_option_default' : '' ).'" value="'.wfu_plugin_encode_string($subvalue).'">'.$text.'</option>';
413
+ }
414
+ $echo_str .= $dlp."\t\t\t".'<option value="">'.( substr($def['value'], 0, 4) != "auto" && count($subfolders['path']) == 0 ? 'press here' : '' ).'</option>';
415
+ $echo_str .= $dlp."\t\t".'</select>';
416
+ $echo_str .= $dlp."\t\t".'<div id="wfu_subfolder_nav_'.$attr.'" class="wfu_subfolder_nav_container">';
417
+ $echo_str .= $dlp."\t\t\t".'<table class="wfu_subfolder_nav"><tbody>';
418
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_up_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" disabled="disabled" title="move item up" onclick="wfu_subfolders_up_clicked(\''.$attr.'\');">&uarr;</button></tr></td>';
419
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_left_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it parent" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_left_clicked(\''.$attr.'\');">&larr;</button>';
420
+ $echo_str .= $dlp."\t\t\t\t".'<button id="wfu_subfolders_right_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it child" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_right_clicked(\''.$attr.'\');">&rarr;</button></tr></td>';
421
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_down_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="move item down" disabled="disabled" onclick="wfu_subfolders_down_clicked(\''.$attr.'\');">&darr;</button></tr></td>';
422
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td style="line-height:0;"><button class="button" style="visibility:hidden; height:10px;"></button></tr></td>';
423
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_add_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="add new item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_add_clicked(\''.$attr.'\');">+</button></tr></td>';
424
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_def_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="make it default" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_def_clicked(\''.$attr.'\');">&diams;</button></tr></td>';
425
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td><button id="wfu_subfolders_del_'.$attr.'" name="wfu_subfolder_nav_'.$attr.'" class="button" title="delete item" disabled="disabled" style="height:14px;" onclick="wfu_subfolders_del_clicked(\''.$attr.'\');">-</button></tr></td>';
426
+ $echo_str .= $dlp."\t\t\t".'</tbody></table>';
427
+ $echo_str .= $dlp."\t\t".'</div>';
428
+ $echo_str .= $dlp."\t\t".'<div id="wfu_subfolder_tools_'.$attr.'" class="wfu_subfolder_tools_container wfu_subfolder_tools_disabled">';
429
+ $echo_str .= $dlp."\t\t\t".'<table class="wfu_subfolder_tools"><tbody><tr>';
430
+ $echo_str .= $dlp."\t\t\t\t".'<td style="width:40%;">';
431
+ $echo_str .= $dlp."\t\t\t\t\t".'<label>Label</label>';
432
+ $echo_str .= $dlp."\t\t\t\t\t".'<input id="wfu_subfolders_label_'.$attr.'" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
433
+ $echo_str .= $dlp."\t\t\t\t".'</td>';
434
+ $echo_str .= $dlp."\t\t\t\t".'<td style="width:60%;"><div style="padding-right:36px;">';
435
+ $echo_str .= $dlp."\t\t\t\t\t".'<label>Path</label>';
436
+ $echo_str .= $dlp."\t\t\t\t\t".'<input id="wfu_subfolders_path_'.$attr.'" name="wfu_subfolder_tools_input" type="text" disabled="disabled" />';
437
+ $echo_str .= $dlp."\t\t\t\t\t".'<button id="wfu_subfolders_browse_'.$attr.'" class="button" title="browse folders" style="right:18px;" disabled="disabled" onclick="wfu_subfolders_browse_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_BROWSE.'" ></button>';
438
+ $echo_str .= $dlp."\t\t\t\t\t".'<button id="wfu_subfolders_ok_'.$attr.'" class="button" title="save changes" style="right:0px;" disabled="disabled" onclick="wfu_subfolders_ok_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_OK.'" ></button>';
439
+ // file browser dialog
440
+ $echo_str .= $dlp."\t\t\t\t\t".'<div id="wfu_subfolders_browser_'.$attr.'" class="wfu_subfolders_browser_container" style="display:none;">';
441
+ $echo_str .= $dlp."\t\t\t\t\t\t".'<table><tbody>';
442
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td style="height:15px;">';
443
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
444
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<label>Folder Browser</label>';
445
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button class="button wfu_folder_browser_cancel" onclick="wfu_folder_browser_cancel_clicked(\''.$attr.'\');"><img src="'.WFU_IMAGE_ADMIN_SUBFOLDER_CANCEL.'" ></button>';
446
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
447
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
448
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td style="height:106px;">';
449
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
450
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<select id="wfu_subfolders_browser_list_'.$attr.'" size="2" onchange="wfu_subfolders_browser_list_changed(\''.$attr.'\');">';
451
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value</option>';
452
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value2</option>';
453
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<option>Value3</option>';
454
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'</select>';
455
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<div id="wfu_subfolders_browser_msgcont_'.$attr.'" class="wfu_folder_browser_loading_container" style="padding-top:40px;">';
456
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<label id="wfu_subfolders_browser_msg_'.$attr.'" style="margin-bottom:4px;">loading folder contents...</label>';
457
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t\t".'<img id="wfu_subfolders_browser_img_'.$attr.'" src="'.WFU_IMAGE_ADMIN_SUBFOLDER_LOADING.'" ></button>';
458
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'</div>';
459
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
460
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
461
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'<tr><td align="right" style="height:15px;">';
462
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'<div>';
463
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button class="button" onclick="wfu_folder_browser_cancel_clicked(\''.$attr.'\');">Cancel</button>';
464
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t\t".'<button id="wfu_subfolders_browser_ok_'.$attr.'" class="button">Ok</button>';
465
+ $echo_str .= $dlp."\t\t\t\t\t\t\t\t".'</div>';
466
+ $echo_str .= $dlp."\t\t\t\t\t\t\t".'</td></tr>';
467
+ $echo_str .= $dlp."\t\t\t\t\t\t".'</tbody></table>';
468
+ $echo_str .= $dlp."\t\t\t\t\t".'</div>';
469
+
470
+ $echo_str .= $dlp."\t\t\t\t".'</div></td>';
471
+ $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
472
+ $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_isnewitem_'.$attr.'" type="hidden" value="" />';
473
+ $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemindex_'.$attr.'" type="hidden" value="" />';
474
+ $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemlevel_'.$attr.'" type="hidden" value="" />';
475
+ $echo_str .= $dlp."\t\t\t".'<input id="wfu_subfolders_newitemlevel2_'.$attr.'" type="hidden" value="" />';
476
+ $echo_str .= $dlp."\t\t".'</div>';
477
+ }
478
+ elseif ( $def['type'] == "mchecklist" ) {
479
+ $help_count = 0;
480
+ foreach ( $def['listitems'] as $key => $item ) {
481
+ $parts = explode("/", $item);
482
+ if ( count($parts) == 1 ) {
483
+ $items[$key]['id'] = $item;
484
+ $items[$key]['help'] = '';
485
+ }
486
+ else {
487
+ $items[$key]['id'] = $parts[0];
488
+ $items[$key]['help'] = $parts[1];
489
+ $help_count ++;
490
+ }
491
+ }
492
+ $def['value'] = strtolower($def['value']);
493
+ if ( $def['value'] == "all" ) $selected = array();
494
+ else $selected = explode(",", $def['value']);
495
+ foreach ( $selected as $key => $item ) $selected[$key] = trim($item);
496
+ $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_mchecklist_container">';
497
+ $is_first = true;
498
+ foreach ( $items as $key => $item ) {
499
+ if ( !$is_first ) $echo_str .= "<br />";
500
+ $is_first = false;
501
+ $echo_str .= $dlp."\t\t\t".'<div class="wfu_mchecklist_item"><input id="wfu_attribute_'.$attr.'_'.$key.'" type="checkbox"'.( $def['value'] == "all" || in_array($item['id'], $selected) ? ' checked="checked"' : '' ).( $def['value'] == "all" ? ' disabled="disabled"' : '' ).' onchange="wfu_update_mchecklist_value(\''.$attr.'\');" /><label for="wfu_attribute_'.$attr.'_'.$key.'">'.$item['id'].'</label>';
502
+ if ( $item['help'] != '' ) $echo_str .= '<div class="wfu_help_container" title="'.$item['help'].'"><img src="'.WFU_IMAGE_ADMIN_HELP.'" /></div>';
503
+ $echo_str .= '</div>';
504
+ }
505
+ $echo_str .= $dlp."\t\t".'</div>';
506
+ $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'_optionhelp" class="wfu_help_container" title="" style="display:none; position:absolute;"><img src="'.WFU_IMAGE_ADMIN_HELP.'" style="visibility:visible;" /></div>';
507
+ $echo_str .= $dlp."\t\t".'<div class="wfu_mchecklist_checkall"><input id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_mchecklist_value(\''.$attr.'\');"'.( $def['value'] == "all" ? ' checked="checked"' : '' ).' /> Select all</div>';
508
+ }
509
+ elseif ( $def['type'] == "rolelist" ) {
510
+ $roles = $wp_roles->get_names();
511
+ $selected = explode(",", $def['value']);
512
+ $default_administrator = ( is_array($def['listitems']) && in_array('default_administrator', $def['listitems']) );
513
+ if ( in_array('all', $selected) ) $rolesselected = ( $default_administrator ? array("administrator") : array( ) );
514
+ else $rolesselected = $selected;
515
+ foreach ( $selected as $key => $item ) $selected[$key] = trim($item);
516
+ $echo_str .= $dlp."\t\t".'<table class="wfu_rolelist_container"><tbody><tr><td>';
517
+ $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.count($roles).'" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
518
+ foreach ( $roles as $roleid => $rolename )
519
+ $echo_str .= $dlp."\t\t\t".'<option value="'.$roleid.'"'.( in_array($roleid, $rolesselected) ? ' selected="selected"' : '' ).'>'.$rolename.'</option>';
520
+ $echo_str .= $dlp."\t\t".'</select>';
521
+ $echo_str .= $dlp."\t\t".'</td><td>';
522
+ $echo_str .= $dlp."\t\t".'<div class="wfu_rolelist_checkbtn"><input class="'.( $default_administrator ? 'wfu_default_administrator' : '' ).'" id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div><br />';
523
+ $echo_str .= $dlp."\t\t".'<div class="wfu_rolelist_checkbtn"><input id="wfu_attribute_'.$attr.'_guests" type="checkbox" onchange="wfu_update_rolelist_value(\''.$attr.'\');"'.( in_array("guests", $selected) ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_guests"> Include guests</label></div>';
524
+ $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
525
+ }
526
+ elseif ( $def['type'] == "userlist" ) {
527
+ $args = array();
528
+ /** This filter is documented in lib/wfu_admin_browser.php */
529
+ $args = apply_filters("_wfu_get_users", $args, "shortcode_composer");
530
+ $users = get_users($args);
531
+ $selected = explode(",", $def['value']);
532
+ $default_0 = ( is_array($def['listitems']) && in_array('default_0', $def['listitems']) );
533
+ if ( in_array('all', $selected) ) $usersselected = ( $default_0 ? array($users[0]->user_login) : array( ) );
534
+ else $usersselected = $selected;
535
+ $only_current = false;
536
+ $echo_str .= $dlp."\t\t".'<table class="wfu_userlist_container"><tbody><tr>';
537
+ if ( is_array($def['listitems']) && in_array('include_current', $def['listitems']) ) {
538
+ $only_current = ( $def['value'] == 'current' );
539
+ if ( $only_current ) $usersselected = ( $default_0 ? array($users[0]->user_login) : array( ) );
540
+ $echo_str .= $dlp."\t\t".'<td colspan="2"><div class="wfu_userlist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current User</label></div>';
541
+ $echo_str .= $dlp."\t\t".'</td></tr><tr>';
542
+ }
543
+ $echo_str .= $dlp."\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($users), 10).'" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
544
+ foreach ( $users as $userid => $user )
545
+ $echo_str .= $dlp."\t\t\t".'<option value="'.$user->user_login.'"'.( in_array($user->user_login, $usersselected) ? ' selected="selected"' : '' ).'>'.$user->display_name.' ('.$user->user_login.')</option>';
546
+ $echo_str .= $dlp."\t\t".'</select>';
547
+ $echo_str .= $dlp."\t\t".'</td><td>';
548
+ $echo_str .= $dlp."\t\t".'<div class="wfu_userlist_checkbtn"><input class="'.( $default_0 ? 'wfu_default_0' : '' ).'" id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div><br />';
549
+ $echo_str .= $dlp."\t\t".'<div class="wfu_userlist_checkbtn"><input id="wfu_attribute_'.$attr.'_guests" type="checkbox" onchange="wfu_update_userlist_value(\''.$attr.'\');"'.( in_array("guests", $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_guests"> Include guests</label></div>';
550
+ $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
551
+ }
552
+ elseif ( $def['type'] == "postlist" ) {
553
+ $processed = false;
554
+ if ( is_array($def['listitems']) ) {
555
+ $has_current = in_array('include_current', $def['listitems']);
556
+ if ( $has_current ) unset($def['listitems'][array_search('include_current', $def['listitems'])]);
557
+ foreach ( $def['listitems'] as $post_type ) {
558
+ // if a post type cannot be found then we reset the list so that it is not processed at all
559
+ if ( get_post_type_object( $post_type ) == null ) {
560
+ $def['listitems'] = array();
561
+ break;
562
+ }
563
+ }
564
+ if ( count($def['listitems']) > 0 ) {
565
+ $selected = explode(",", $def['value']);
566
+ $only_current = false;
567
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'_postlist" type="hidden" value="'.implode(",", $def['listitems']).'" />';
568
+ $echo_str .= $dlp."\t\t".'<table class="wfu_postlist_container"><tbody><tr>';
569
+ if ( $has_current ) {
570
+ $only_current = ( $def['value'] == 'current' );
571
+ if ( $only_current ) $sselected = array();
572
+ $echo_str .= $dlp."\t\t".'<td colspan="'.count($def['listitems']).'"><div class="wfu_postlist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current Post/Page</label></div>';
573
+ $echo_str .= $dlp."\t\t".'</td></tr><tr>';
574
+ }
575
+ $postargs = array( 'post_type' => $def['listitems'], 'post_status' => "publish,private,draft", 'posts_per_page' => -1 );
576
+ /** This filter is documented in lib/wfu_admin.php */
577
+ $postargs = apply_filters("_wfu_get_posts", $postargs, "visual_editor");
578
+ $posts = get_posts($postargs);
579
+ $list = wfu_construct_post_list($posts);
580
+ $td_width = (int)(100 / count($def['listitems']));
581
+ foreach ( $def['listitems'] as $post_type ) {
582
+ $flatlist = wfu_flatten_post_list($list[$post_type]);
583
+ $postobj = get_post_type_object( $post_type );
584
+ $echo_str .= $dlp."\t\t".'<td style="width:'.$td_width.'%;"><div class="wfu_postlist_header"><label>'.$postobj->label.'</label><div class="wfu_postlist_selectall"><input id="wfu_attribute_'.$attr.'_all_'.$post_type.'" type="checkbox" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( in_array('all', $selected) || in_array('all'.$post_type, $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all_'.$post_type.'"> Select all</label></div></div>';
585
+ $echo_str .= $dlp."\t\t".'<select id="wfu_attribute_'.$attr.'_'.$post_type.'" multiple="multiple" size="'.min(count($flatlist), 10).'" onchange="wfu_update_postlist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) || in_array('all'.$post_type, $selected) ? ' disabled="disabled"' : '' ).' style="width:100%; overflow:auto;">';
586
+ foreach ( $flatlist as $item )
587
+ $echo_str .= $dlp."\t\t\t".'<option value="'.$item['id'].'"'.( in_array($item['id'], $selected) ? ' selected="selected"' : '' ).'>'.str_repeat('&nbsp;', 4 * $item['level']).( $item['status'] == 1 ? '[Private]' : ( $item['status'] == 2 ? '[Draft]' : '' ) ).$item['title'].'</option>';
588
+ $echo_str .= $dlp."\t\t".'</select></td>';
589
+ }
590
+ $echo_str .= $dlp."\t\t".'</tr></tbody></table>';
591
+ $processed = true;
592
+ }
593
+ }
594
+ if ( !$processed ) {
595
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
596
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" />';
597
+ }
598
+ }
599
+ elseif ( $def['type'] == "bloglist" ) {
600
+ if ( function_exists('wp_get_sites') ) {
601
+ $blogs = wp_get_sites( );
602
+ $selected = explode(",", $def['value']);
603
+ if ( in_array('all', $selected) ) $blogsselected = array( );
604
+ else $blogsselected = $selected;
605
+ $only_current = false;
606
+ $echo_str .= $dlp."\t\t".'<table class="wfu_bloglist_container"><tbody><tr>';
607
+ if ( is_array($def['listitems']) && in_array('include_current', $def['listitems']) ) {
608
+ $only_current = ( $def['value'] == 'current' );
609
+ if ( $only_current ) $blogsselected = array( );
610
+ $echo_str .= $dlp."\t\t".'<td colspan="2"><div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_'.$attr.'_current" type="checkbox" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( $only_current ? ' checked="checked"' : '' ).' /><label for="wfu_attribute_'.$attr.'_current"> Only From Current Site</label></div>';
611
+ $echo_str .= $dlp."\t\t".'</td></tr><tr>';
612
+ }
613
+ $echo_str .= $dlp."\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($blogs), 10).'" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( $only_current || in_array('all', $selected) ? ' disabled="disabled"' : '' ).'>';
614
+ foreach ( $blogs as $blog )
615
+ $echo_str .= $dlp."\t\t\t".'<option value="'.$blog->blog_id.'"'.( in_array($blog->blog_id, $blogsselected) ? ' selected="selected"' : '' ).'>'.$blog->path.'</option>';
616
+ $echo_str .= $dlp."\t\t".'</select>';
617
+ $echo_str .= $dlp."\t\t".'</td><td>';
618
+ $echo_str .= $dlp."\t\t".'<div class="wfu_bloglist_checkbtn"><input id="wfu_attribute_'.$attr.'_all" type="checkbox" onchange="wfu_update_bloglist_value(\''.$attr.'\');"'.( in_array('all', $selected) ? ' checked="checked"' : '' ).( $only_current ? ' disabled="disabled"' : '' ).' /><label for="wfu_attribute_'.$attr.'_all"> Select all</label></div>';
619
+ $echo_str .= $dlp."\t\t".'</td></tr></tbody></table>';
620
+ }
621
+ else {
622
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
623
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$val.'" />';
624
+ }
625
+ }
626
+ elseif ( $def['type'] == "stringmatch" ) {
627
+ $matchfield = "";
628
+ $matchcriterion = "equal to";
629
+ $matchvalue = "";
630
+ preg_match('/^field:(.*?);\s*criterion:(.*?)\s*;\s*value:(.*)$/', $def['value'], $matches);
631
+ if ( count($matches) == 4 ) {
632
+ $matchfield = $matches[1];
633
+ $matchcriterion = $matches[2];
634
+ $matchvalue = $matches[3];
635
+ }
636
+ // $echo_str .= $dlp."\t\t".'<div style="white-space:nowrap;">';
637
+ $echo_str .= $dlp."\t\t".'<table class="wfu_stringmatch_container"><tbody><tr>';
638
+ $echo_str .= $dlp."\t\t".'<td style="width:40%; white-space:nowrap;"><label>Field </label><input id="wfu_attribute_'.$attr.'_matchfield" type="text" name="wfu_stringmatch_elements" value="'.$matchfield.'" style="width:auto;" /></td>';
639
+ $echo_str .= $dlp."\t\t".'<td style="width:30%;"><select id="wfu_attribute_'.$attr.'_matchcriterion" value="'.$matchcriterion.'" onchange="wfu_update_stringmatch_value(\''.$attr.'\');">';
640
+ $echo_str .= $dlp."\t\t\t".'<option value="equal to"'.( $matchcriterion == "equal to" ? 'selected="selected"' : '' ).'>equal to</option>';
641
+ $echo_str .= $dlp."\t\t\t".'<option value="starts with"'.( $matchcriterion == "starts with" ? 'selected="selected"' : '' ).'>starts with</option>';
642
+ $echo_str .= $dlp."\t\t\t".'<option value="ends with"'.( $matchcriterion == "ends with" ? 'selected="selected"' : '' ).'>ends with</option>';
643
+ $echo_str .= $dlp."\t\t\t".'<option value="contains"'.( $matchcriterion == "contains" ? 'selected="selected"' : '' ).'>contains</option>';
644
+ $echo_str .= $dlp."\t\t\t".'<option value="not equal to"'.( $matchcriterion == "not equal to" ? 'selected="selected"' : '' ).'>not equal to</option>';
645
+ $echo_str .= $dlp."\t\t\t".'<option value="does not start with"'.( $matchcriterion == "does not start with" ? 'selected="selected"' : '' ).'>does not start with</option>';
646
+ $echo_str .= $dlp."\t\t\t".'<option value="does not end with"'.( $matchcriterion == "does not end with" ? 'selected="selected"' : '' ).'>does not end with</option>';
647
+ $echo_str .= $dlp."\t\t\t".'<option value="does not contain"'.( $matchcriterion == "does not contain" ? 'selected="selected"' : '' ).'>does not contain</option>';
648
+ $echo_str .= $dlp."\t\t".'</select></td>';
649
+ $echo_str .= $dlp."\t\t".'<td style="width:30%;"><input id="wfu_attribute_'.$attr.'_matchvalue" type="text" name="wfu_stringmatch_elements" value="'.$matchvalue.'" style="width:auto;" /></td>';
650
+ $echo_str .= $dlp."\t\t".'</tr></tbody></table>';
651
+ // $echo_str .= $dlp."\t\t".'</div>';
652
+ }
653
+ elseif ( $def['type'] == "columns" ) {
654
+ $selected = explode(",", $def['value']);
655
+ if ( count($selected) == 1 && $selected[0] == "" ) $selected = array();
656
+ $selected_flat = array();
657
+ foreach ( $selected as $ind => $item ) $selected_flat[$ind] = preg_replace("/(:|\/).*$/", "", $item);
658
+ $echo_str .= $dlp."\t".'<table class="wfu_columns_container"><tbody><tr>';
659
+ $echo_str .= $dlp."\t\t\t".'<td style="width:45%;"><label class="wfu_columns_listtitle">Available Columns</label></td>';
660
+ $echo_str .= $dlp."\t\t\t".'<td style="width:55%"><label class="wfu_columns_listtitle">Displayed Columns</label></td></tr><tr>';
661
+ $echo_str .= $dlp."\t\t".'<td style="width:45%;">';
662
+ $echo_str .= $dlp."\t\t\t".'<table class="wfu_columns_container" style="table-layout:fixed; width:100%;"><tbody><tr>';
663
+ $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_sourcelist" multiple="multiple" size="'.min(count($def['listitems']), 10).'" style="width:100%; overflow:auto;">';
664
+ $itemprops = array();
665
+ foreach ( $def['listitems'] as $item ) {
666
+ $item_required = ( substr($item, 0, 1) == "*" );
667
+ if ( $item_required ) $item = substr($item, 1);
668
+ $item_parts = explode("/", $item, 3);
669
+ $item_name = $item_parts[0];
670
+ $item_label = "";
671
+ $item_title = "";
672
+ if ( count($item_parts) > 1 ) $item_label = $item_parts[1];
673
+ if ( count($item_parts) == 3 ) $item_title = $item_parts[2];
674
+ $item_parts = explode(":", $item_name, 2);
675
+ $item_name = $item_parts[0];
676
+ if ( count($item_parts) == 1 ) $item_sort = "";
677
+ else $item_sort = $item_parts[1];
678
+ if ( $item_label == "" ) $item_label = $item_name;
679
+ if ( $item_title == "" ) $item_title = $item_label;
680
+ $itemprops[$item_name] = array( 'label' => $item_label, 'title' => $item_title, 'required' => $item_required, 'sortable' => ( $item_name == "custom" || $item_sort != "" ), 'sorttype' => $item_sort );
681
+ $val = $item_name.":".$item_sort."/".$item_title;
682
+ $echo_str .= $dlp."\t\t\t\t\t".'<option value="'.$val.'"'.( $item_required ? ' class="wfu_columns_item_required"' : '' ).' onclick="wfu_columns_itemclicked(this, \''.$attr.'\');">'.$item_label.'</option>';
683
+ }
684
+ foreach ( $itemprops as $item_name => $prop )
685
+ if ( $prop['required'] && !in_array($item_name, $selected_flat) )
686
+ array_splice($selected, 0, 0, array( $item_name ));
687
+ $selprops = array();
688
+ foreach ( $selected as $item ) {
689
+ $item_parts = explode("/", $item, 2);
690
+ $item_name = $item_parts[0];
691
+ if ( count($item_parts) == 1 ) $item_title = "";
692
+ else $item_title = $item_parts[1];
693
+ $item_parts = explode(":", $item_name, 2);
694
+ $item_name = $item_parts[0];
695
+ $flat_name = preg_replace("/^custom[0-9]+$/", "custom", $item_name);
696
+ if ( $item_name != "custom" && isset($itemprops[$flat_name]) ) {
697
+ $prop = $itemprops[$flat_name];
698
+ if ( count($item_parts) == 1 ) $item_sort = ( $flat_name == "custom" ? "+-s" : ( $prop['sortable'] ? "-+".$prop['sorttype'] : "" ) );
699
+ elseif ( $flat_name == "custom" ) $item_sort = "+".($item_parts[1] == "" ? "-s" : "+".$item_parts[1]);
700
+ else $item_sort = ( $prop['sortable'] ? "-".($item_parts[1] == "" ? "-" : "+").$prop['sorttype'].substr($item_parts[1], 1, 1) : "" );
701
+ if ( $item_title == "" ) $item_title = $prop['title'];
702
+ array_push($selprops, array( 'name' => $item_name, 'label' => $prop['label'], 'title' => $item_title, 'required' => $prop['required'], 'sorttype' => $item_sort ));
703
+ }
704
+ }
705
+ $echo_str .= $dlp."\t\t\t\t".'</select></td>';
706
+ $echo_str .= $dlp."\t\t\t\t".'<td style="width:30px; padding:0 6px;"><button class="wfu_columns_addbutton" title="add column" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'add\');" style="width:100%;">&gt;&gt;</button></td>';
707
+ $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
708
+ $echo_str .= $dlp."\t\t".'</td>';
709
+ $echo_str .= $dlp."\t\t".'<td style="width:55%">';
710
+ $echo_str .= $dlp."\t\t\t".'<table class="wfu_columns_container" style="table-layout:fixed; width:100%;"><tbody><tr>';
711
+ $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'" multiple="multiple" size="'.min(count($def['listitems']), 10).'" onchange="wfu_update_columns(\''.$attr.'\');" style="width:100%; overflow:auto;">';
712
+ foreach ( $selprops as $prop ) {
713
+ $val = $prop['name'].":".$prop['sorttype']."/".$prop['label']."/".$prop['title'];
714
+ $echo_str .= $dlp."\t\t\t\t\t".'<option value="'.$val.'"'.( $prop['required'] ? ' class="wfu_columns_item_required"' : '' ).' onclick="wfu_columns_itemclicked(this, \''.$attr.'\');">'.$prop['label'].( $prop['title'] != "" && $prop['title'] != $prop['label'] ? " (".$prop['title'].")" : "" ).'</option>';
715
+ }
716
+ $echo_str .= $dlp."\t\t\t\t".'</select></td>';
717
+ $echo_str .= $dlp."\t\t\t\t".'<td style="width:30px; padding:0 6px;">';
718
+ $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="move up" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'up\');" style="width:100%;">&#8593;</button>';
719
+ $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="remove" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'del\');" style="width:100%;">-</button>';
720
+ $echo_str .= $dlp."\t\t\t\t\t".'<button class="wfu_columns_addbutton" title="move down" onclick="wfu_columns_buttonaction(\''.$attr.'\', \'down\');" style="width:100%;">&#8595;</button>';
721
+ $echo_str .= $dlp."\t\t\t\t".'</td>';
722
+ $echo_str .= $dlp."\t\t\t".'</tr></tbody></table>';
723
+ $echo_str .= $dlp."\t\t\t".'<label class="wfu_columns_listtitle" style="margin-top:6px; display:block;">Column Properties</label>';
724
+ $echo_str .= $dlp."\t\t\t".'<table id="wfu_attribute_'.$attr.'_columnprops_container" class="wfu_columnprops_container wfu_columnprops_container_disabled"><tbody>';
725
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_title_label">Title</label></td>';
726
+ $echo_str .= $dlp."\t\t\t\t".'<td><input type="text" id="wfu_attribute_'.$attr.'_columnprops_title" name="wfu_columnprops_elements" value="" style="width:100%;" disabled="disabled" /></td></tr>';
727
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px; white-space:nowrap;"><label id="wfu_attribute_'.$attr.'_columnprops_id_label">Field ID</label></td>';
728
+ $echo_str .= $dlp."\t\t\t\t".'<td><input type="number" id="wfu_attribute_'.$attr.'_columnprops_id" name="wfu_columnprops_elements" min="1" value="" style="width:100%;" disabled="disabled" /></td></tr>';
729
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td colspan="2"><input type="checkbox" id="wfu_attribute_'.$attr.'_columnprops_sort" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled" /><label id="wfu_attribute_'.$attr.'_columnprops_sort_label" for="wfu_attribute_'.$attr.'_columnprops_sort">Sortable</label></td></tr>';
730
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_sorttype_label" style="white-space:nowrap;">Sort As</label></td>';
731
+ $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_columnprops_sorttype" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled"><option value=""></option><option value="s">String</option><option value="n">Integer</option></select></td></tr>';
732
+ $echo_str .= $dlp."\t\t\t\t".'<tr><td style="width:1%; padding-right:10px;"><label id="wfu_attribute_'.$attr.'_columnprops_defaultsort_label" style="white-space:nowrap;">Default Sort</label></td>';
733
+ $echo_str .= $dlp."\t\t\t\t".'<td><select id="wfu_attribute_'.$attr.'_columnprops_defaultsort" value="" onchange="wfu_columnprops_element_changed({target:this});" disabled="disabled"><option value=" "></option><option value="+">Ascending</option><option value="-">Descending</option></select></td></tr>';
734
+ $echo_str .= $dlp."\t\t\t".'</tbody></table>';
735
+ $echo_str .= $dlp."\t\t".'</td>';
736
+ $echo_str .= $dlp."\t".'</tr></tbody></table>';
737
+
738
+ }
739
+ elseif ( $def['type'] == "dimensions" ) {
740
+ $vals_arr = explode(",", $def['value']);
741
+ $vals = array();
742
+ foreach ( $vals_arr as $val_raw ) {
743
+ if ( trim($val_raw) != "" ) {
744
+ list($val_id, $val) = explode(":", $val_raw);
745
+ $vals[trim($val_id)] = trim($val);
746
+ }
747
+ }
748
+ $dims = array();
749
+ foreach ( $components as $comp ) {
750
+ if ( $comp['dimensions'] == null ) $dims[$comp['id']] = $comp['name'];
751
+ else foreach ( $comp['dimensions'] as $dimraw ) {
752
+ list($dim_id, $dim_name) = explode("/", $dimraw);
753
+ $dims[$dim_id] = $dim_name;
754
+ }
755
+ }
756
+ foreach ( $dims as $dim_id => $dim_name ) {
757
+ if ( !array_key_exists($dim_id, $vals) ) $vals[$dim_id] = "";
758
+ $echo_str .= $dlp."\t\t".'<span style="display:inline-block; width:130px;">'.$dim_name.'</span><input id="wfu_attribute_'.$attr.'_'.$dim_id.'" type="text" name="wfu_dimension_elements_'.$attr.'" class="wfu_short_text" value="'.$vals[$dim_id].'" /><br />';
759
+ }
760
+ }
761
+ elseif ( $def['type'] == "userfields" ) {
762
+ $fields_arr = explode("/", $def['value']);
763
+ $fields = array();
764
+ foreach ( $fields_arr as $field_raw ) {
765
+ $is_req = ( substr($field_raw, 0, 1) == "*" );
766
+ if ( $is_req ) $field_raw = substr($field_raw, 1);
767
+ if ( $field_raw != "" ) array_push($fields, array( "name" => $field_raw, "required" => $is_req ));
768
+ }
769
+ if ( count($fields) == 0 ) array_push($fields, array( "name" => "", "required" => false ));
770
+ $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_userdata_container">';
771
+ foreach ( $fields as $field ) {
772
+ $echo_str .= $dlp."\t\t\t".'<div class="wfu_userdata_line">';
773
+ $echo_str .= $dlp."\t\t\t\t".'<input type="text" name="wfu_userfield_elements" value="'.$field['name'].'" />';
774
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_userdata_action" onclick="wfu_userdata_add_field(this);"><img src="'.WFU_IMAGE_ADMIN_USERDATA_ADD.'" ></div>';
775
+ $echo_str .= $dlp."\t\t\t\t".'<div class="wfu_userdata_action wfu_userdata_action_disabled" onclick="wfu_userdata_remove_field(this);"><img src="'.WFU_IMAGE_ADMIN_USERDATA_REMOVE.'" ></div>';
776
+ $echo_str .= $dlp."\t\t\t\t".'<input type="checkbox"'.( $field['required'] ? 'checked="checked"' : '' ).' onchange="wfu_update_userfield_value({target:this});" />';
777
+ $echo_str .= $dlp."\t\t\t\t".'<span>Required</span>';
778
+ $echo_str .= $dlp."\t\t\t".'</div>';
779
+ }
780
+ $echo_str .= $dlp."\t\t".'</div>';
781
+ }
782
+ elseif ( $def['type'] == "formfields" ) {
783
+ //find occurrence index of this attribute and total occrrence length
784
+ $flat = $def['flat'];
785
+ $attr_occur_index = 0;
786
+ $attr_occur_length = 0;
787
+ $all_attributes = array();
788
+ foreach ( $defs as $def2 ) {
789
+ if ( $def2['flat'] == $flat ) {
790
+ $attr_occur_length ++;
791
+ array_push($all_attributes, $def2['attribute']);
792
+ if ( $def2['attribute'] == $attr ) $attr_occur_index = $attr_occur_length;
793
+ }
794
+ }
795
+ //get field type definitions
796
+ $fielddefs_array = $def['listitems'];
797
+ foreach ( $fielddefs_array as $fielddef ) $fielddefs[$fielddef['type']] = $fielddef;
798
+ //initialize editable field properties
799
+ $fieldprops_basic = array('label', 'required', 'donotautocomplete', 'validate', 'typehook', 'labelposition', 'hintposition', 'default', 'data', 'group', 'format');
800
+ $fieldprops_default = array ( "type" => "text", "label" => "", "labelposition" => "left", "required" => false, "donotautocomplete" => false, "validate" => false, "default" => "", "data" => "", "group" => "", "format" => "", "hintposition" => "right", "typehook" => false );
801
+ //parse shortcode attribute to $fields
802
+ $fields = wfu_parse_userdata_attribute($def['value']);
803
+ $labelpositions = array("none", "top", "right", "bottom", "left", "placeholder");
804
+ $hintpositions = array("none", "inline", "top", "right", "bottom", "left");
805
+ if ( count($fields) == 0 ) array_push($fields, $fieldprops_default);
806
+ //set html template variable
807
+ $template = $dlp."\t\t\t\t".'<table class="wfu_formdata_props_table"><tbody>';
808
+ $template .= $dlp."\t\t\t\t".'<tr><td colspan="2"><label class="wfu_formdata_label">Type</label><select id="wfu_formfield_[[key]]_type" value="[[t]]" onchange="wfu_formdata_type_changed(\'[[key]]\');">';
809
+ foreach( $fielddefs as $item ) $template .= $dlp."\t\t\t\t\t".'<option value="'.$item['type'].'"[[type_'.$item['type'].'_selected]]>'.$item['type_description'].'</option>';
810
+ $template .= $dlp."\t\t\t\t".'</select></td><td>';
811
+ $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_add" onclick="wfu_formdata_add_field(\'[[key]]\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_ADD.'" ></div>';
812
+ $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_remove[[remove_disabled]]" onclick="wfu_formdata_remove_field(\'[[key]]\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_REMOVE.'" ></div>';
813
+ $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_up[[up_disabled]]" onclick="wfu_formdata_move_field(\'[[key]]\', \'up\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_UP.'" ></div>';
814
+ $template .= $dlp."\t\t\t\t".'<div class="wfu_formdata_action wfu_formdata_action_down[[down_disabled]]" onclick="wfu_formdata_move_field(\'[[key]]\', \'down\');"><img src="'.WFU_IMAGE_ADMIN_USERDATA_DOWN.'" ></div></td></tr>';
815
+ $template .= $dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[label_hint]]">[[label_label]]</label></td><td><input type="text" id="wfu_formfield_[[key]]_label" name="wfu_formfield_elements" value="[[label]]" /></td><td></td></tr>';
816
+ $labelpos_options = "";
817
+ foreach ( $labelpositions as $pos ) $labelpos_options .= '<option value="'.$pos.'"[[labelposition_'.$pos.'_selected]]>'.$pos.'</option>';
818
+ $template .= '[[S->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_labelposition" title="[[labelposition_hint]]">Label Position</label></td><td><select id="wfu_formfield_[[key]]_labelposition" value="[[s]]" title="[[labelposition_hint]]" onchange="wfu_update_formfield_value({target:this});">'.$labelpos_options.'</select></td><td></td></tr>[[<-S]]';
819
+ $template .= '[[R->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_required" type="checkbox"[[r->]] checked="checked"[[<-r]] title="[[required_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_required" title="[[required_hint]]"> Required</label></td><td></td></tr>[[<-R]]';
820
+ $template .= '[[A->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_donotautocomplete" type="checkbox"[[a->]] checked="checked"[[<-a]] title="[[donotautocomplete_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_donotautocomplete" title="[[donotautocomplete_hint]]"> Do not autocomplete</label></td><td></td></tr>[[<-A]]';
821
+ $template .= '[[V->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_validate" type="checkbox"[[v->]] checked="checked"[[<-v]] title="[[validate_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_validate" title="[[validate_hint]]"> Validate</label></td><td></td></tr>[[<-V]]';
822
+ $hint_options = "";
823
+ foreach ( $hintpositions as $pos ) $hint_options .= '<option value="'.$pos.'"[[hintposition_'.$pos.'_selected]]>'.$pos.'</option>';
824
+ $template .= '[[P->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[hintposition_hint]]">Hint Position</label></td><td><select id="wfu_formfield_[[key]]_hintposition" value="[[p]]" title="[[hintposition_hint]]" onchange="wfu_update_formfield_value({target:this});">'.$hint_options.'</select></td><td></td></tr>[[<-P]]';
825
+ $template .= '[[H->]]'.$dlp."\t\t\t\t".'<tr><td colspan="2" class="wfu_formdata_props"><input id="wfu_formfield_[[key]]_typehook" type="checkbox"[[h->]] checked="checked"[[<-h]] title="[[typehook_hint]]" onchange="wfu_update_formfield_value({target:this});" /><label for="wfu_formfield_[[key]]_typehook" title="[[typehook_hint]]"> Type hook</label></td><td></td></tr>[[<-H]]';
826
+ $template .= '[[D->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[default_hint]]">Default</label></td><td><input id="wfu_formfield_[[key]]_default" type="text" name="wfu_formfield_elements" value="[[d]]" title="[[default_hint]]" /></td><td></td></tr>[[<-D]]';
827
+ $template .= '[[L->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[data_hint]]">[[data_label]]</label></td><td><input id="wfu_formfield_[[key]]_data" type="text" name="wfu_formfield_elements" value="[[l]]" title="[[data_hint]]" /></td><td></td></tr>[[<-L]]';
828
+ $template .= '[[G->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[group_hint]]">Group ID</label></td><td><input id="wfu_formfield_[[key]]_group" type="text" name="wfu_formfield_elements" value="[[g]]" title="[[group_hint]]" /></td><td></td></tr>[[<-G]]';
829
+ $template .= '[[F->]]'.$dlp."\t\t\t\t".'<tr><td class="wfu_formdata_props"><label class="wfu_formdata_label" title="[[format_hint]]">Format</label></td><td><input id="wfu_formfield_[[key]]_format" type="text" name="wfu_formfield_elements" value="[[f]]" title="[[format_hint]]" /></td><td></td></tr>[[<-F]]';
830
+ $template .= $dlp."\t\t\t\t".'</tbody></table>';
831
+ //draw html elements
832
+ $echo_str .= $dlp."\t\t".'<div id="wfu_attribute_'.$attr.'" class="wfu_formdata_container">';
833
+ $echo_str .= $dlp."\t\t\t".'<input type="hidden" class="wfu_formdata_all_attributes" value="'.implode(",", $all_attributes).'" />';
834
+ $echo_str .= $dlp."\t\t\t".'<div id="wfu_attribute_'.$attr.'_codeadd" style="display:none;">';
835
+ //pass template and type props to client javascript variable and then erase the code
836
+ $echo_str .= $dlp."\t\t\t\t".'<script type="text/javascript">';
837
+ $echo_str .= $dlp."\t\t\t\t\t".'var wfu_attribute_'.$attr.'_formtemplate = "'.wfu_plugin_encode_string($template).'";';
838
+ $echo_str .= $dlp."\t\t\t\t\t".'var wfu_attribute_'.$attr.'_typeprops = {};';
839
+ $fielddef_array = array();
840
+ foreach( $fielddefs as $item ) array_push($fielddef_array, $item['type']);
841
+ //prepare storage of field definitions to browser context
842
+ $echo_str .= $dlp."\t\t\t\t\t".'wfu_attribute_'.$attr.'_typeprops[0] = \''.implode(",", $fielddef_array).'\'';
843
+ foreach( $fielddefs as $item ) {
844
+ $typeprops = array();
845
+ foreach ( $fieldprops_basic as $prop ) {
846
+ array_push($typeprops, $prop.': \''.$item[$prop].'\'');
847
+ array_push($typeprops, $prop.'_hint: \''.$item[$prop.'_hint'].'\'');
848
+ }
849
+ array_push($typeprops, 'label_label: \''.$item['label_label'].'\'');
850
+ array_push($typeprops, 'data_label: \''.$item['data_label'].'\'');
851
+ $echo_str .= $dlp."\t\t\t\t\t".'wfu_attribute_'.$attr.'_typeprops["'.$item['type'].'"] = {'.implode(", ", $typeprops).'};';
852
+ }
853
+ $echo_str .= $dlp."\t\t\t\t\t".'var self = document.getElementById("wfu_attribute_'.$attr.'_codeadd"); self.parentNode.removeChild(self);';
854
+ $echo_str .= $dlp."\t\t\t\t".'</script>';
855
+ $echo_str .= $dlp."\t\t\t".'</div>';
856
+ $i = 1;
857
+ foreach ( $fields as $field ) {
858
+ $ind = wfu_create_random_string(4);
859
+ $key = $attr."_".$ind;
860
+ $fielddef = $fielddefs[$field["type"]];
861
+ $echo_str .= $dlp."\t\t\t".'<div id="wfu_formfield_'.$key.'_container" class="wfu_formdata_line_container">';
862
+ //generate html elements from template, replacing variables where applicable
863
+ $from_template = str_replace(array('[[key]]', '[[t]]', '[[label]]', '[[s]]', '[[d]]', '[[l]]', '[[label_label]]', '[[data_label]]', '[[g]]', '[[f]]', '[[p]]'), array($key, $field['type'], $field['label'], $field['labelposition'], $field['default'], $field['data'], $fielddef['label_label'], $fielddef['data_label'], $field['group'], $field['format'], $field['hintposition']), $template);
864
+ foreach ( $fieldprops_basic as $prop ) $from_template = str_replace('[['.$prop.'_hint]]', str_replace('\r\n', "\r\n", $fielddef[$prop.'_hint']), $from_template);
865
+ foreach( $fielddefs as $item ) $from_template = str_replace('[[type_'.$item['type'].'_selected]]', ( $item['type'] == $field['type'] ? ' selected = "selected"' : '' ), $from_template);
866
+ foreach( $labelpositions as $pos ) $from_template = str_replace('[[labelposition_'.$pos.'_selected]]', ( $pos == $field['labelposition'] ? ' selected = "selected"' : '' ), $from_template);
867
+ foreach( $hintpositions as $pos ) $from_template = str_replace('[[hintposition_'.$pos.'_selected]]', ( $pos == $field['hintposition'] ? ' selected = "selected"' : '' ), $from_template);
868
+ $from_template = str_replace('[[remove_disabled]]', ( count($fields) <= 1 ? ' wfu_formdata_action_disabled' : '' ), $from_template);
869
+ $from_template = str_replace('[[up_disabled]]', ( ( $attr_occur_index == 1 && $i == 1 ) ? ' wfu_formdata_action_disabled' : '' ), $from_template);
870
+ $from_template = str_replace('[[down_disabled]]', ( ( $attr_occur_index == $attr_occur_length && $i == count($fields) ) ? ' wfu_formdata_action_disabled' : '' ), $from_template);
871
+ //adjust checkbox field values
872
+ $from_template = preg_replace('/\[\[r\-\>\]\]'.( $field['required'] ? '|' : '.*' ).'\[\[\<\-r\]\]/', '', $from_template);
873
+ $from_template = preg_replace('/\[\[a\-\>\]\]'.( $field['donotautocomplete'] ? '|' : '.*' ).'\[\[\<\-a\]\]/', '', $from_template);
874
+ $from_template = preg_replace('/\[\[v\-\>\]\]'.( $field['validate'] ? '|' : '.*' ).'\[\[\<\-v\]\]/', '', $from_template);
875
+ $from_template = preg_replace('/\[\[h\-\>\]\]'.( $field['typehook'] ? '|' : '.*' ).'\[\[\<\-h\]\]/', '', $from_template);
876
+ //adjust visibility of properties
877
+ $from_template = preg_replace('/\[\[S\-\>\]\]'.( substr($fielddef["labelposition"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-S\]\]/s', '', $from_template);
878
+ $from_template = preg_replace('/\[\[R\-\>\]\]'.( substr($fielddef["required"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-R\]\]/s', '', $from_template);
879
+ $from_template = preg_replace('/\[\[A\-\>\]\]'.( substr($fielddef["donotautocomplete"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-A\]\]/s', '', $from_template);
880
+ $from_template = preg_replace('/\[\[V\-\>\]\]'.( substr($fielddef["validate"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-V\]\]/s', '', $from_template);
881
+ $from_template = preg_replace('/\[\[P\-\>\]\]'.( substr($fielddef["hintposition"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-P\]\]/s', '', $from_template);
882
+ $from_template = preg_replace('/\[\[H\-\>\]\]'.( substr($fielddef["typehook"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-H\]\]/s', '', $from_template);
883
+ $from_template = preg_replace('/\[\[D\-\>\]\]'.( substr($fielddef["default"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-D\]\]/s', '', $from_template);
884
+ $from_template = preg_replace('/\[\[L\-\>\]\]'.( substr($fielddef["data"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-L\]\]/s', '', $from_template);
885
+ $from_template = preg_replace('/\[\[G\-\>\]\]'.( substr($fielddef["group"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-G\]\]/s', '', $from_template);
886
+ $from_template = preg_replace('/\[\[F\-\>\]\]'.( substr($fielddef["format"], 0, 4) == "show" ? '|' : '.*' ).'\[\[\<\-F\]\]/s', '', $from_template);
887
+ $echo_str .= $from_template;
888
+ $echo_str .= $dlp."\t\t\t".'</div>';
889
+ $i++;
890
+ }
891
+ $echo_str .= $dlp."\t\t".'</div>';
892
+ }
893
+ elseif ( $def['type'] == "color" ) {
894
+ $val = str_replace(array( "%n%", "%dq%", "%brl%", "%brr%" ), array( "\n", "&quot;", "[", "]" ), $def['value']);
895
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" class="wfu_color_field" value="'.$val.'" />';
896
+ }
897
+ elseif ( $def['type'] == "color-triplet" ) {
898
+ $triplet = explode(",", $def['value']);
899
+ foreach ( $triplet as $key => $item ) $triplet[$key] = trim($item);
900
+ if ( count($triplet) == 2 ) $triplet = array( $triplet[0], $triplet[1], "#000000");
901
+ elseif ( count($triplet) == 1 ) $triplet = array( $triplet[0], "#FFFFFF", "#000000");
902
+ elseif ( count($triplet) < 3 ) $triplet = array( "#000000", "#FFFFFF", "#000000");
903
+ $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Text Color</label><input id="wfu_attribute_'.$attr.'_color" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[0].'" /></div>';
904
+ $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Background Color</label><input id="wfu_attribute_'.$attr.'_bgcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[1].'" /></div>';
905
+ $echo_str .= $dlp."\t\t".'<div class="wfu_color_container"><label style="display:inline-block; width:120px; margin-top:-16px;">Border Color</label><input id="wfu_attribute_'.$attr.'_borcolor" type="text" class="wfu_color_field" name="wfu_triplecolor_elements" value="'.$triplet[2].'" /></div>';
906
+ }
907
+ else {
908
+ $echo_str .= $dlp."\t\t".'<input id="wfu_attribute_'.$attr.'" type="text" name="wfu_text_elements" value="'.$def['value'].'" />';
909
+ if ( $def['variables'] != null ) $echo_str .= $dlp.wfu_insert_variables($def['variables'], 'wfu_variable wfu_variable_'.$attr);
910
+ }
911
+ $echo_str .= $dlp."\t".'</div></td>';
912
+ if ( $def['parent'] == "" ) {
913
+ $echo_str .= $dlp."\t".'<td style="position:relative; vertical-align:top; padding:0;"><div class="wfu_td_div">';
914
+ $block_open = false;
915
+ }
916
+ else {
917
+ $echo_str .= $dlp.'</tr>';
918
+ $subblock_open = true;
919
+ }
920
+ }
921
+ if ( $subblock_open ) {
922
+ $echo_str .= "\n\t\t\t\t\t\t".'</div>';
923
+ }
924
+ if ( $block_open ) {
925
+ $echo_str .= "\n\t\t\t\t\t".'</div></td>';
926
+ $echo_str .= "\n\t\t\t\t".'</tr>';
927
+ }
928
+ $echo_str .= "\n\t\t\t".'</tbody>';
929
+ $echo_str .= "\n\t\t".'</table>';
930
+ $echo_str .= "\n\t".'</div>';
931
+ $echo_str .= "\n\t".'<div id="wfu_global_dialog_container" class="wfu_global_dialog_container">';
932
+ $echo_str .= "\n\t".'</div>';
933
+ $handler = 'function() { wfu_Attach_Admin_Events('.( $data == "" ? 'true' : 'false' ).'); }';
934
+ $echo_str .= "\n\t".'<script type="text/javascript">if(window.addEventListener) { window.addEventListener("load", '.$handler.', false); } else if(window.attachEvent) { window.attachEvent("onload", '.$handler.'); } else { window["onload"] = '.$handler.'; }</script>';
935
+ $echo_str .= "\n".'</div>';
936
+ // $echo_str .= "\n\t".'<div style="margin-top:10px;">';
937
+ // $echo_str .= "\n\t\t".'<label>Final shortcode text</label>';
938
+ // $echo_str .= "\n\t".'</div>';
939
+
940
+ echo $echo_str;
941
+ }
942
+
943
+ /**
944
+ * Insert Variables in an Attribute.
945
+ *
946
+ * This function generates the HTML code of the variables that are shown below
947
+ * the attribute which they refer to.
948
+ *
949
+ * @since 2.1.3
950
+ *
951
+ * @param array $variables. The array of variables to display below the
952
+ * attribute.
953
+ * @param string $class A class name to set in the elements of the generated
954
+ * HTML code.
955
+ *
956
+ * @return string The HTML output of the variables.
957
+ */
958
+ function wfu_insert_variables($variables, $class) {
959
+ $ret = "";
960
+ foreach ( $variables as $variable )
961
+ if ( $variable == "%userdataXXX%" ) $ret .= "\t\t".'<select class="'.$class.'" name="wfu_formfield_select" title="'.constant("WFU_VARIABLE_TITLE_".strtoupper(str_replace("%", "", $variable))).'" onchange="wfu_insert_userfield_variable(this);"><option style="display:none;">%userdataXXX%</option></select>';
962
+ elseif ( $variable != "%n%" && $variable != "%dq%" && $variable != "%brl%" && $variable != "%brr%" ) $ret .= "\t\t".'<span class="'.$class.'" title="'.constant("WFU_VARIABLE_TITLE_".strtoupper(str_replace("%", "", $variable))).'" ondblclick="wfu_insert_variable(this);">'.$variable.'</span>';
963
+ return $ret;
964
  }
lib/wfu_functions.php CHANGED
@@ -774,6 +774,25 @@ function wfu_sanitize_shortcode_array($attrs, $shortcode_tag) {
774
  return $sanitized_attrs;
775
  }
776
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
777
  /**
778
  * Escape a Variable.
779
  *
@@ -5886,7 +5905,7 @@ function wfu_send_notification_email($user, $uploaded_file_paths, $userdata_fiel
5886
  $replace = array ("\n", "\"", "[", "]");
5887
  $notifyheaders = preg_replace($search, $replace, $notifyheaders);
5888
  $search = array ('/%username%/', '/%useremail%/', '/%filename%/', '/%filepath%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/', '/%n%/', '/%dq%/', '/%brl%/', '/%brr%/');
5889
- $replace = array ($user_login, ( $user_email == "" ? "no email" : $user_email ), $only_filename_list, $target_path_list, $blog_id, $params["pageid"], get_the_title($params["pageid"]), "\n", "\"", "[", "]");
5890
  foreach ( $userdata_fields as $userdata_key => $userdata_field ) {
5891
  $ind = 1 + $userdata_key;
5892
  array_push($search, '/%userdata'.$ind.'%/');
774
  return $sanitized_attrs;
775
  }
776
 
777
+ /**
778
+ * Sanitize Posts.
779
+ *
780
+ * This function sanitizes a list of posts. For the moment, only the title is
781
+ * necessary to be sanitized.
782
+ *
783
+ * @since 4.16.4
784
+ *
785
+ * @redeclarable
786
+ *
787
+ * @param array $posts The list of posts.
788
+ */
789
+ function wfu_sanitize_posts($posts) {
790
+ $a = func_get_args(); $a = WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out); if (isset($out['vars'])) foreach($out['vars'] as $p => $v) $$p = $v; switch($a) { case 'R': return $out['output']; break; case 'D': die($out['output']); }
791
+ foreach ( $posts as $ind => $post ) {
792
+ $posts[$ind]->post_title = sanitize_text_field($post->post_title);
793
+ }
794
+ }
795
+
796
  /**
797
  * Escape a Variable.
798
  *
5905
  $replace = array ("\n", "\"", "[", "]");
5906
  $notifyheaders = preg_replace($search, $replace, $notifyheaders);
5907
  $search = array ('/%username%/', '/%useremail%/', '/%filename%/', '/%filepath%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/', '/%n%/', '/%dq%/', '/%brl%/', '/%brr%/');
5908
+ $replace = array ($user_login, ( $user_email == "" ? "no email" : $user_email ), $only_filename_list, $target_path_list, $blog_id, $params["pageid"], sanitize_text_field(get_the_title($params["pageid"])), "\n", "\"", "[", "]");
5909
  foreach ( $userdata_fields as $userdata_key => $userdata_field ) {
5910
  $ind = 1 + $userdata_key;
5911
  array_push($search, '/%userdata'.$ind.'%/');
lib/wfu_processfiles.php CHANGED
@@ -163,7 +163,7 @@ function wfu_process_files($params, $method) {
163
  if ( $file_name == "video" ) $file_name = $params["videoname"];
164
  else $file_name = $params["imagename"];
165
  $search = array ('/%userid%/', '/%username%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/');
166
- $replace = array ($user_id, $user_login, $params['blogid'], $params['pageid'], get_the_title($params['pageid']));
167
  foreach ( $userdata_fields as $userdata_key => $userdata_field ) {
168
  $ind = 1 + $userdata_key;
169
  array_push($search, '/%userdata'.$ind.'%/');
163
  if ( $file_name == "video" ) $file_name = $params["videoname"];
164
  else $file_name = $params["imagename"];
165
  $search = array ('/%userid%/', '/%username%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/');
166
+ $replace = array ($user_id, $user_login, $params['blogid'], $params['pageid'], sanitize_text_field(get_the_title($params['pageid'])));
167
  foreach ( $userdata_fields as $userdata_key => $userdata_field ) {
168
  $ind = 1 + $userdata_key;
169
  array_push($search, '/%userdata'.$ind.'%/');
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: nickboss
3
  Donate link: http://www.iptanus.com/support/wordpress-file-upload
4
  Tags: file, upload, ajax, form, page, post, sidebar, responsive, widget, webcam, ftp
5
  Requires at least: 2.9.2
6
- Tested up to: 5.9
7
  Stable tag: "trunk"
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -149,6 +149,9 @@ There is an option in plugin's settings in Dashboard to relax the CSS rules, so
149
 
150
  == Changelog ==
151
 
 
 
 
152
  = 4.16.3 =
153
  * improved sanitization and escaping of shortcode attributes to avoid XSS attacks
154
  * file type .svg moved to blacklist to avoid XSS attacks coming from scripts inside SVG files
@@ -917,6 +920,9 @@ Initial version.
917
 
918
  == Upgrade Notice ==
919
 
 
 
 
920
  = 4.16.3 =
921
  Regular update to fix some bugs and address some security issues.
922
 
3
  Donate link: http://www.iptanus.com/support/wordpress-file-upload
4
  Tags: file, upload, ajax, form, page, post, sidebar, responsive, widget, webcam, ftp
5
  Requires at least: 2.9.2
6
+ Tested up to: 5.9.3
7
  Stable tag: "trunk"
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
149
 
150
  == Changelog ==
151
 
152
+ = 4.16.4 =
153
+ * sanitized page title in all places where it is retrieved to avoid XSS attacks
154
+
155
  = 4.16.3 =
156
  * improved sanitization and escaping of shortcode attributes to avoid XSS attacks
157
  * file type .svg moved to blacklist to avoid XSS attacks coming from scripts inside SVG files
920
 
921
  == Upgrade Notice ==
922
 
923
+ = 4.16.4 =
924
+ Minor update to address some security issues.
925
+
926
  = 4.16.3 =
927
  Regular update to fix some bugs and address some security issues.
928
 
release_notes.txt CHANGED
@@ -1,3 +1,3 @@
1
- <!-- --><span><strong>Version 4.16.3</strong> is a regular update that introduces minor bug fixes and security patches in order to improve protection against XSS and directory traversal attacks.<br /><br />
2
  For more details about this version's changes please visit the <strong>Release Notes</strong> of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
3
  <!-- -->
1
+ <!-- --><span><strong>Version 4.16.4</strong> is a minor update that improves protection against XSS attacks coming through the post/page title.<br /><br />
2
  For more details about this version's changes please visit the <strong>Release Notes</strong> of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
3
  <!-- -->
wfu_loader.php CHANGED
@@ -422,7 +422,7 @@ function wordpress_file_upload_function($incomingfromhandler) {
422
  $search = array ('/%userid%/', '/%username%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/');
423
  if ( is_user_logged_in() ) $username = $user->user_login;
424
  else $username = "guests";
425
- $replace = array ($user->ID, $username, $blog_id, $post->ID, get_the_title($post->ID));
426
  $params["uploadpath"] = preg_replace($search, $replace, $params["uploadpath"]);
427
 
428
  /* Determine if userdata fields have been defined */
422
  $search = array ('/%userid%/', '/%username%/', '/%blogid%/', '/%pageid%/', '/%pagetitle%/');
423
  if ( is_user_logged_in() ) $username = $user->user_login;
424
  else $username = "guests";
425
+ $replace = array ($user->ID, $username, $blog_id, $post->ID, sanitize_text_field(get_the_title($post->ID)));
426
  $params["uploadpath"] = preg_replace($search, $replace, $params["uploadpath"]);
427
 
428
  /* Determine if userdata fields have been defined */
wordpress_file_upload.php CHANGED
@@ -3,7 +3,7 @@
3
  /*
4
  Plugin URI: https://www.iptanus.com/support/wordpress-file-upload
5
  Description: Simple interface to upload files from a page.
6
- Version: 4.16.3
7
  Author: Nickolas Bossinas
8
  Author URI: https://www.iptanus.com/nickolas
9
  Text Domain: wp-file-upload
3
  /*
4
  Plugin URI: https://www.iptanus.com/support/wordpress-file-upload
5
  Description: Simple interface to upload files from a page.
6
+ Version: 4.16.4
7
  Author: Nickolas Bossinas
8
  Author URI: https://www.iptanus.com/nickolas
9
  Text Domain: wp-file-upload