WordPress File Upload - Version 4.3.2

Version Description

fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a closing bracket ']' symbol

Release Info

Developer	nickboss
Plugin	WordPress File Upload
Version	4.3.2
Comparing to
See all releases

Code changes from version 4.3.1 to 4.3.2

Files changed (11) hide show

js/wordpress_file_upload_functions.js +3 -3
lib/wfu_admin.php +3 -3
lib/wfu_admin_browser.php +16 -10
lib/wfu_ajaxactions.php +29 -29
lib/wfu_blocks.php +0 -1
lib/wfu_functions.php +54 -12
lib/wfu_processfiles.php +35 -16
readme.txt +7 -1
release_notes.txt +1 -1
wfu_file_downloader.php +8 -8
wordpress_file_upload.php +17 -13

js/wordpress_file_upload_functions.js CHANGED Viewed

	@@ -91,9 +91,9 @@ sid).value=adminerrorcode;else document.getElementById("adminerrorcodes_"+sid).v
91	{});for(var prop in params_obj)if(params_obj.hasOwnProperty(prop))pass_params+="&"+prop+"="+params_obj[prop];var d=new Date;var url=GlobalData.consts.ajax_url+"?action=wfu_ajax_action_ask_server&wfu_uploader_nonce="+document.getElementById("wfu_uploader_nonce_"+sid).value+"&sid="+sid+"&unique_id="+unique_id+"&start_time="+d.getTime()+"&session_token="+GlobalData.WFU[sid].session+pass_params;var xmlhttp=wfu_GetHttpRequestObject();if(xmlhttp==null){var i=document.createElement("iframe");if(i){i.style.display=
92	"none";i.src=url;document.body.appendChild(i);i.onload=function(){process_function(i.contentDocument.body.innerHTML)};return}else{wfu_Code_Objects[sid].do_action("not_supported");return}}xmlhttp.open("GET",url,true);xmlhttp.onreadystatechange=function(){if(xmlhttp.readyState==4)if(xmlhttp.status==200)process_function(xmlhttp.responseText);else{alert(GlobalData.consts.remoteserver_noresult);wfu_Code_Objects[sid].do_action("askserver_noresult")}};xmlhttp.send(null)}
93	Code_Initializators[Code_Initializators.length]=function(sid){var CBUV_Code_Objects={};CBUV_Code_Objects.pre_start_ask_server=function(attr,has_filters){if(attr)return attr;var sid=this.sid;return has_filters=="true"};CBUV_Code_Objects.askserver_pass_params=function(params){var sid=this.sid;var farr=wfu_get_filelist(sid);var filenames="";var filesizes="";for(var i=0;i<farr.length;i++){if(i>0){filenames+=";";filesizes+=";"}filenames+=wfu_plugin_encode_string(farr[i].name);filesizes+=farr[i].size}params.filenames=
94	- filenames;params.filesizes=filesizes;return params};CBUV_Code_Objects.askserver_success=function(response,mode){var sid=this.sid;var upload_status="success";var txt_match=response.match(/CBUVJS\[(.?)\]/);var txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!="")eval(txt_header)};CBUV_Code_Objects.askserver_error=function(response,mode){var sid=this.sid;var upload_status="error";var txt_match=response.match(/CBUVJS\[(.?)\]/);var txt_header=~~txt_match?typeof txt_match[1]!=~~
95	- "undefined"?txt_match[1]:"":"";if(txt_header!="")eval(txt_header);txt_match=response.match(/CBUV\[(.*?)\]/);txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!=""){var Params=wfu_Initialize_Params();GlobalData[sid]={};Params.general.shortcode_id=sid;Params.general.message=txt_header;Params.general.state=12;wfu_ProcessUploadComplete(sid,0,Params,"no-ajax","",[false,null,false]);wfu_clear(sid)}};CBUV_Code_Objects.after_upload=~~function(response){var sid=this.sid;var txt_match=~~
96	- response.match(/CBUVJS\[(.*?)\]/);var txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!="")eval(txt_header)};return CBUV_Code_Objects};function wfu_filesselected(sid){var WFU=GlobalData.WFU[sid];var farr=wfu_get_filelist(sid);if(farr.length==0&&!WFU.allownofile&&!!WFU.textbox_exist)WFU.textbox.update("nofile");return farr.length}
97	function wfu_check_required_userdata(sid,prompt){var WFU=GlobalData.WFU[sid];var userdata_count=wfu_get_userdata_count(sid);var req_empty=false;for(var i=0;i<userdata_count;i++){WFU.userdata.props[i].store();var error_message="";if(WFU.userdata.props[i].required)error_message=WFU.userdata.codes[i].empty();if(error_message===""&&WFU.userdata.codes[i].validate!=null&&WFU.userdata.props[i].validate)error_message=WFU.userdata.codes[i].validate();if(error_message!==""){if(prompt)WFU.userdata.prompt(WFU.userdata.props[i],
98	error_message);req_empty=true}}return!req_empty}
99	function wfu_HTML5UploadFile(sid){var WFU=GlobalData.WFU[sid];if(!wfu_BrowserCaps.supportsAJAX){wfu_redirect_to_classic(sid,1,1);return}if(!wfu_BrowserCaps.supportsHTML5){wfu_redirect_to_classic(sid,1,2);return}var xhr=wfu_GetHttpRequestObject();if(xhr==null)return;var numfiles=wfu_filesselected(sid);if(numfiles==0&&!WFU.allownofile)return;if(numfiles==0)wfu_selectbutton_clicked(sid);if(!!WFU.subfolders_exist&&numfiles>0&&!WFU.subfolders.check()){if(WFU.singlebutton)wfu_clear_files(sid);return}var numpasses=


91	{});for(var prop in params_obj)if(params_obj.hasOwnProperty(prop))pass_params+="&"+prop+"="+params_obj[prop];var d=new Date;var url=GlobalData.consts.ajax_url+"?action=wfu_ajax_action_ask_server&wfu_uploader_nonce="+document.getElementById("wfu_uploader_nonce_"+sid).value+"&sid="+sid+"&unique_id="+unique_id+"&start_time="+d.getTime()+"&session_token="+GlobalData.WFU[sid].session+pass_params;var xmlhttp=wfu_GetHttpRequestObject();if(xmlhttp==null){var i=document.createElement("iframe");if(i){i.style.display=
92	"none";i.src=url;document.body.appendChild(i);i.onload=function(){process_function(i.contentDocument.body.innerHTML)};return}else{wfu_Code_Objects[sid].do_action("not_supported");return}}xmlhttp.open("GET",url,true);xmlhttp.onreadystatechange=function(){if(xmlhttp.readyState==4)if(xmlhttp.status==200)process_function(xmlhttp.responseText);else{alert(GlobalData.consts.remoteserver_noresult);wfu_Code_Objects[sid].do_action("askserver_noresult")}};xmlhttp.send(null)}
93	Code_Initializators[Code_Initializators.length]=function(sid){var CBUV_Code_Objects={};CBUV_Code_Objects.pre_start_ask_server=function(attr,has_filters){if(attr)return attr;var sid=this.sid;return has_filters=="true"};CBUV_Code_Objects.askserver_pass_params=function(params){var sid=this.sid;var farr=wfu_get_filelist(sid);var filenames="";var filesizes="";for(var i=0;i<farr.length;i++){if(i>0){filenames+=";";filesizes+=";"}filenames+=wfu_plugin_encode_string(farr[i].name);filesizes+=farr[i].size}params.filenames=
94	+ filenames;params.filesizes=filesizes;return params};CBUV_Code_Objects.askserver_success=function(response,mode){var sid=this.sid;var upload_status="success";var txt_match=response.match(/CBUVJS\[(.?)\]/);var txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!="")eval(wfu_plugin_decode_string(txt_header))};CBUV_Code_Objects.askserver_error=function(response,mode){var sid=this.sid;var upload_status="error";var txt_match=response.match(/CBUVJS\[(.?)\]/);var txt_header=
95	+ txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!="")eval(wfu_plugin_decode_string(txt_header));txt_match=response.match(/CBUV\[(.*?)\]/);txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!=""){var Params=wfu_Initialize_Params();GlobalData[sid]={};Params.general.shortcode_id=sid;Params.general.message=txt_header;Params.general.state=12;wfu_ProcessUploadComplete(sid,0,Params,"no-ajax","",[false,null,false]);wfu_clear(sid)}};CBUV_Code_Objects.after_upload=
96	+ function(response){var sid=this.sid;var txt_match=response.match(/CBUVJS\[(.*?)\]/);var txt_header=txt_match?typeof txt_match[1]!="undefined"?txt_match[1]:"":"";if(txt_header!="")eval(wfu_plugin_decode_string(txt_header))};return CBUV_Code_Objects};function wfu_filesselected(sid){var WFU=GlobalData.WFU[sid];var farr=wfu_get_filelist(sid);if(farr.length==0&&!WFU.allownofile&&!!WFU.textbox_exist)WFU.textbox.update("nofile");return farr.length}
97	function wfu_check_required_userdata(sid,prompt){var WFU=GlobalData.WFU[sid];var userdata_count=wfu_get_userdata_count(sid);var req_empty=false;for(var i=0;i<userdata_count;i++){WFU.userdata.props[i].store();var error_message="";if(WFU.userdata.props[i].required)error_message=WFU.userdata.codes[i].empty();if(error_message===""&&WFU.userdata.codes[i].validate!=null&&WFU.userdata.props[i].validate)error_message=WFU.userdata.codes[i].validate();if(error_message!==""){if(prompt)WFU.userdata.prompt(WFU.userdata.props[i],
98	error_message);req_empty=true}}return!req_empty}
99	function wfu_HTML5UploadFile(sid){var WFU=GlobalData.WFU[sid];if(!wfu_BrowserCaps.supportsAJAX){wfu_redirect_to_classic(sid,1,1);return}if(!wfu_BrowserCaps.supportsHTML5){wfu_redirect_to_classic(sid,1,2);return}var xhr=wfu_GetHttpRequestObject();if(xhr==null)return;var numfiles=wfu_filesselected(sid);if(numfiles==0&&!WFU.allownofile)return;if(numfiles==0)wfu_selectbutton_clicked(sid);if(!!WFU.subfolders_exist&&numfiles>0&&!WFU.subfolders.check()){if(WFU.singlebutton)wfu_clear_files(sid);return}var numpasses=

lib/wfu_admin.php CHANGED Viewed

	@@ -238,10 +238,10 @@ function wordpress_file_upload_manage_dashboard() {
238	$echo_str = wfu_manage_settings();
239	}
240	elseif ( $action == 'add_shortcode' && $postid != "" && $nonce != "" && $tag != "" ) {
241	- if ( ~~$_SESSION[~~'wfu_add_shortcode_ticket_for_'.$tag] != $nonce ) $echo_str = wfu_manage_mainmenu();
242	elseif ( wfu_add_shortcode($postid, $tag) ) $echo_str = wfu_manage_mainmenu();
243	else $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_ADD_SHORTCODE_REJECTED);
244	- ~~$_SESSION[~~'wfu_add_shortcode_ticket'] = 'noticket';
245	}
246	elseif ( $action == 'edit_shortcode' && $data_enc != "" && $tag != "" ) {
247	$data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));
	@@ -559,7 +559,7 @@ function wfu_manage_instances_of_shortcode($tag, $title, $slug, $inc) {
559	$echo_str .= "\n\t\t\t\t".'<option value="'.$item['id'].'">'.str_repeat(' ', 4 * $item['level']).( $item['status'] == 1 ? '[Private]' : ( $item['status'] == 2 ? '[Draft]' : '' ) ).$item['title'].'</option>';
560	$echo_str .= "\n\t\t\t".'</select><br />';
561	$add_shortcode_ticket = wfu_create_random_string(16);
562	- ~~$_SESSION[~~'wfu_add_shortcode_ticket_for_'.$tag] = $add_shortcode_ticket;
563	$echo_str .= "\n\t\t".'<button id="wfu_add_plugin_ok_'.$inc.'" style="float:right; margin: 0 2px 0 4px;" disabled="disabled" onclick="document.getElementById(\'wfu_add_plugin_'.$inc.'_overlay\').style.display = \'block\'; window.location = \''.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=add_shortcode&tag='.$tag.'&postid=\' + (document.getElementById(\'wfu_page_type_'.$inc.'\').value == \'page\' ? document.getElementById(\'wfu_page_list_'.$inc.'\').value : document.getElementById(\'wfu_post_list_'.$inc.'\').value) + \'&nonce='.$add_shortcode_ticket.'\';">Ok</button>';
564	$echo_str .= "\n\t\t".'<button style="float:right;" onclick="document.getElementById(\'wfu_page_type_'.$inc.'\').value = \'page\'; document.getElementById(\'wfu_page_list_'.$inc.'\').value = \'\'; document.getElementById(\'wfu_post_list_'.$inc.'\').value = \'\'; document.getElementById(\'wfu_add_plugin_'.$inc.'\').style.display = \'none\'; document.getElementById(\'wfu_add_plugin_button_'.$inc.'\').style.display = \'inline-block\';">Cancel</button>';
565	$echo_str .= "\n\t\t".'</div>';


238	$echo_str = wfu_manage_settings();
239	}
240	elseif ( $action == 'add_shortcode' && $postid != "" && $nonce != "" && $tag != "" ) {
241	+ if ( WFU_USVAR('wfu_add_shortcode_ticket_for_'.$tag) != $nonce ) $echo_str = wfu_manage_mainmenu();
242	elseif ( wfu_add_shortcode($postid, $tag) ) $echo_str = wfu_manage_mainmenu();
243	else $echo_str = wfu_manage_mainmenu(WFU_DASHBOARD_ADD_SHORTCODE_REJECTED);
244	+ WFU_USVAR_store('wfu_add_shortcode_ticket', 'noticket');
245	}
246	elseif ( $action == 'edit_shortcode' && $data_enc != "" && $tag != "" ) {
247	$data = wfu_decode_array_from_string(wfu_get_shortcode_data_from_safe($data_enc));

559	$echo_str .= "\n\t\t\t\t".'<option value="'.$item['id'].'">'.str_repeat(' ', 4 * $item['level']).( $item['status'] == 1 ? '[Private]' : ( $item['status'] == 2 ? '[Draft]' : '' ) ).$item['title'].'</option>';
560	$echo_str .= "\n\t\t\t".'</select><br />';
561	$add_shortcode_ticket = wfu_create_random_string(16);
562	+ WFU_USVAR_store('wfu_add_shortcode_ticket_for_'.$tag, $add_shortcode_ticket);
563	$echo_str .= "\n\t\t".'<button id="wfu_add_plugin_ok_'.$inc.'" style="float:right; margin: 0 2px 0 4px;" disabled="disabled" onclick="document.getElementById(\'wfu_add_plugin_'.$inc.'_overlay\').style.display = \'block\'; window.location = \''.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=add_shortcode&tag='.$tag.'&postid=\' + (document.getElementById(\'wfu_page_type_'.$inc.'\').value == \'page\' ? document.getElementById(\'wfu_page_list_'.$inc.'\').value : document.getElementById(\'wfu_post_list_'.$inc.'\').value) + \'&nonce='.$add_shortcode_ticket.'\';">Ok</button>';
564	$echo_str .= "\n\t\t".'<button style="float:right;" onclick="document.getElementById(\'wfu_page_type_'.$inc.'\').value = \'page\'; document.getElementById(\'wfu_page_list_'.$inc.'\').value = \'\'; document.getElementById(\'wfu_post_list_'.$inc.'\').value = \'\'; document.getElementById(\'wfu_add_plugin_'.$inc.'\').style.display = \'none\'; document.getElementById(\'wfu_add_plugin_button_'.$inc.'\').style.display = \'inline-block\';">Cancel</button>';
565	$echo_str .= "\n\t\t".'</div>';

lib/wfu_admin_browser.php CHANGED Viewed

	@@ -11,7 +11,7 @@ function wfu_browse_files($basedir_code) {
11	//first decode basedir_code
12	$basedir = wfu_get_filepath_from_safe($basedir_code);
13	//clean session array holding dir and file paths if it is too big
14	- if ( ~~isset~~(~~$_SESSION[~~'wfu_filepath_safe_storage']) && count(~~$_SESSION[~~'wfu_filepath_safe_storage']) > WFU_VAR("WFU_PHP_ARRAY_MAXLEN") ) ~~$_SESSION[~~'wfu_filepath_safe_storage'] = array();
15
16	//extract sort info from basedir
17	$sort = "";
	@@ -388,9 +388,10 @@ function wfu_rename_file_prompt($file_code, $type, $error) {
388
389	$echo_str = "\n".'<div class="wrap">';
390	if ( $error ) {
391	- $~~newname~~ = ~~$_SESSION[~~'wfu_rename_file'~~]['newname']~~;

392	$echo_str .= "\n\t".'<div class="error">';
393	- $echo_str .= "\n\t\t".'<p>'~~.$_SESSION[~~'wfu_rename_file_error'].'</p>';
394	$echo_str .= "\n\t".'</div>';
395	}
396	$echo_str .= "\n\t".'<div style="margin-top:20px;">';
	@@ -454,8 +455,10 @@ function wfu_rename_file($file_code, $type) {
454	}
455	}
456	if ( $error != "" ) {
457	- ~~$_SESSION[~~'wfu_rename_file_error'] = $error;
458	- $~~_SESSION['wfu_rename_file']['newname']~~ = ~~preg_replace~~(~~"/[^A-Za-z0-9_.#\-$]/", "", $_POST[~~'~~wfu_newname~~']);


459	}
460	return ( $error == "" );
461	}
	@@ -577,9 +580,10 @@ function wfu_create_dir_prompt($dir_code, $error) {
577
578	$echo_str = "\n".'<div class="wrap">';
579	if ( $error ) {
580	- $~~newname~~ = ~~$_SESSION[~~'wfu_create_dir'~~]['newname']~~;

581	$echo_str .= "\n\t".'<div class="error">';
582	- $echo_str .= "\n\t\t".'<p>'~~.$_SESSION[~~'wfu_create_dir_error'].'</p>';
583	$echo_str .= "\n\t".'</div>';
584	}
585	$echo_str .= "\n\t".'<div style="margin-top:20px;">';
	@@ -623,8 +627,10 @@ function wfu_create_dir($dir_code) {
623	}
624	}
625	if ( $error != "" ) {
626	- ~~$_SESSION[~~'wfu_create_dir_error'] = $error;
627	- $~~_SESSION['wfu_create_dir']['newname']~~ = ~~preg_replace~~(~~"/[^A-Za-z0-9_.#\-$]/", "", $_POST[~~'~~wfu_newname~~']);


628	}
629	return ( $error == "" );
630	}
	@@ -750,7 +756,7 @@ function wfu_file_details($file_code, $errorstatus) {
750	$echo_str = '<div class="regev_wrap">';
751	if ( $errorstatus == 'error' ) {
752	$echo_str .= "\n\t".'<div class="error">';
753	- $echo_str .= "\n\t\t".'<p>'~~.$_SESSION[~~'wfu_filedetails_error'].'</p>';
754	$echo_str .= "\n\t".'</div>';
755	}
756	//show file detais


11	//first decode basedir_code
12	$basedir = wfu_get_filepath_from_safe($basedir_code);
13	//clean session array holding dir and file paths if it is too big
14	+ if ( WFU_USVAR_exists('wfu_filepath_safe_storage') && count(WFU_USVAR('wfu_filepath_safe_storage')) > WFU_VAR("WFU_PHP_ARRAY_MAXLEN") ) WFU_USVAR_store('wfu_filepath_safe_storage', array());
15
16	//extract sort info from basedir
17	$sort = "";

388
389	$echo_str = "\n".'<div class="wrap">';
390	if ( $error ) {
391	+ $rename_file = WFU_USVAR('wfu_rename_file');
392	+ $newname = $rename_file['newname'];
393	$echo_str .= "\n\t".'<div class="error">';
394	+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_rename_file_error').'</p>';
395	$echo_str .= "\n\t".'</div>';
396	}
397	$echo_str .= "\n\t".'<div style="margin-top:20px;">';

455	}
456	}
457	if ( $error != "" ) {
458	+ WFU_USVAR_store('wfu_rename_file_error', $error);
459	+ $rename_file = WFU_USVAR('wfu_rename_file');
460	+ $rename_file['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
461	+ WFU_USVAR_store('wfu_rename_file', $rename_file);
462	}
463	return ( $error == "" );
464	}

580
581	$echo_str = "\n".'<div class="wrap">';
582	if ( $error ) {
583	+ $create_dir = WFU_USVAR('wfu_create_dir');
584	+ $newname = $create_dir['newname'];
585	$echo_str .= "\n\t".'<div class="error">';
586	+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_create_dir_error').'</p>';
587	$echo_str .= "\n\t".'</div>';
588	}
589	$echo_str .= "\n\t".'<div style="margin-top:20px;">';

627	}
628	}
629	if ( $error != "" ) {
630	+ WFU_USVAR_store('wfu_create_dir_error', $error);
631	+ $create_dir = WFU_USVAR('wfu_create_dir');
632	+ $create_dir['newname'] = preg_replace("/[^A-Za-z0-9_.#\-$]/", "", $_POST['wfu_newname']);
633	+ WFU_USVAR_store('wfu_create_dir', $create_dir);
634	}
635	return ( $error == "" );
636	}

756	$echo_str = '<div class="regev_wrap">';
757	if ( $errorstatus == 'error' ) {
758	$echo_str .= "\n\t".'<div class="error">';
759	+ $echo_str .= "\n\t\t".'<p>'.WFU_USVAR('wfu_filedetails_error').'</p>';
760	$echo_str .= "\n\t".'</div>';
761	}
762	//show file detais

lib/wfu_ajaxactions.php CHANGED Viewed

	@@ -13,7 +13,7 @@ function wfu_ajax_action_send_email_notification() {
13	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
14	//check referer using server sessions to avoid CSRF attacks
15	$sid = $arr['shortcode_id'];
16	- if ( ~~$_SESSION[~~"wfu_token_".$sid] != $session_token ) die();
17	if ( $user->user_login != $arr['user_login'] ) die();
18
19	$params_str = get_option('wfu_params_'.$arr['unique_id']);
	@@ -29,9 +29,9 @@ function wfu_ajax_action_send_email_notification() {
29	//retrieve the list of uploaded files from session
30	$target_path_list = array();
31	$all_files_count = 0;
32	- if ( ~~isset~~(~~$_SESSION[~~"filedata_".$uniqueid]) && is_array(~~$_SESSION[~~"filedata_".$uniqueid]) ) {
33	- $all_files_count = count(~~$_SESSION[~~"filedata_".$uniqueid]);
34	- foreach ( ~~$_SESSION[~~"filedata_".$uniqueid] as $file ) {
35	if ( $file["upload_result"] == "success" \|\| $file["upload_result"] == "warning" )
36	array_push($target_path_list, $file["filepath"]);
37	}
	@@ -75,7 +75,7 @@ function wfu_ajax_action_send_email_notification() {
75	$userdata_fields[$userdata_key]["value"] = "";
76	//then retrieve userdata from session if files exist
77	if ( $all_files_count > 0 ) {
78	- foreach ( ~~$_SESSION[~~"filedata_".$uniqueid] as $file ) {
79	if ( isset($file["user_data"]) ) {
80	$userdata_fields = array();
81	foreach ( $file["user_data"] as $userdata_key => $userdata_field )
	@@ -127,7 +127,7 @@ function wfu_ajax_action_ask_server() {
127	if ( $session_token == "" ) die();
128	//check referrer using Wordpress nonces and server sessions to avoid CSRF attacks
129	check_ajax_referer( 'wfu-uploader-nonce', 'wfu_uploader_nonce' );
130	- if ( ~~$_SESSION[~~"wfu_token_".$sid] != $session_token ) die();
131
132	//prepare parameters for before-upload filters
133	$ret = array( "status" => "", "echo" => "" );
	@@ -158,7 +158,7 @@ function wfu_ajax_action_ask_server() {
158	$ret["status"] = "error";
159	$echo_str .= "CBUV[".$changable_data["error_message"]."]";
160	}
161	- if ( $changable_data["js_script"] != "" ) $echo_str .= "CBUVJS[".$changable_data["js_script"]."]";
162	}
163	//then execute internal filters of extensions
164	$ret = apply_filters("_wfu_before_upload", $ret, $attr);
	@@ -168,8 +168,8 @@ function wfu_ajax_action_ask_server() {
168	if ( $ret["status"] == "" ) $ret["status"] = "die";
169	//create an internal flag stored in session regarding the status of this
170	//upload, that will be used to verify or not the upload
171	- if ( $ret["status"] == "success" ) ~~$_SESSION[~~"wfu_uploadstatus_".$attr["unique_id"]] = 1;
172	- else ~~$_SESSION[~~"wfu_uploadstatus_".$attr["unique_id"]] = 0;
173
174	if ( $ret["status"] == "success" \|\| $ret["status"] == "error" )
175	echo "wfu_askserver_".$ret["status"].":".$echo_str;
	@@ -188,10 +188,10 @@ function wfu_ajax_action_cancel_upload() {
188	if ( $session_token == "" ) die();
189	//check referrer using Wordpress nonces and server sessions to avoid CSRF attacks
190	check_ajax_referer( 'wfu-uploader-nonce', 'wfu_uploader_nonce' );
191	- if ( ~~$_SESSION[~~"wfu_token_".$sid] != $session_token ) die();
192
193	//setting status to 0 denotes cancelling of the upload
194	- ~~$_SESSION[~~"wfu_uploadstatus_".$unique_id] = 0;
195
196	die("success");
197	}
	@@ -216,9 +216,9 @@ function wfu_ajax_action_callback() {
216	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
217	$sid = $arr['shortcode_id'];
218	//check referrer using server sessions to avoid CSRF attacks
219	- if ( ~~$_SESSION[~~"wfu_token_".$sid] != $session_token ) {
220	$echo_str = "Session failed!<br/><br/>Session Data:<br/>";
221	- $echo_str .= print_r(wfu_sanitize(~~$_SESSION~~), true);
222	$echo_str .= "<br/><br/>Post Data:<br/>";
223	$echo_str .= print_r(wfu_sanitize($_POST), true);
224	$echo_str .= 'force_errorabort_code';
	@@ -251,14 +251,14 @@ function wfu_ajax_action_callback() {
251	//if before upload actions have been executed and they have rejected the
252	//upload, but for some reason (hack attempt) the upload continued, then
253	//terminate it
254	- if ( ~~isset~~(~~$_SESSION[~~"wfu_uploadstatus_".$unique_id]) && ~~$_SESSION[~~"wfu_uploadstatus_".$unique_id] == 0 ) die('force_errorabort_code');
255
256	//if upload has finished then perform post upload actions
257	if ( isset($_POST["upload_finished"]) && $_POST["upload_finished"] === "1" ) {
258	$echo_str = "";
259	//execute after upload filters
260	$ret = wfu_execute_after_upload_filters($sid, $unique_id);
261	- if ( $ret["js_script"] != "" ) $echo_str = "CBUVJS[".$ret["js_script"]."]";
262	die($echo_str);
263	}
264
	@@ -272,14 +272,14 @@ function wfu_ajax_action_callback() {
272	if ( $ret["status"] == "die" ) die($ret["echo"]);
273
274	//if this is the first pass of an upload attempt then perform pre-upload actions
275	- if ( !~~isset~~(~~$_SESSION[~~'wfu_upload_first_pass_'.$unique_id]) \|\| ~~$_SESSION[~~'wfu_upload_first_pass_'.$unique_id] != 'true' ) {
276	- ~~$_SESSION[~~'wfu_upload_first_pass_'.$unique_id] = 'true';
277	}
278
279	if ( !isset($_POST["subdir_sel_index"]) ) die();
280	$subdir_sel_index = sanitize_text_field( $_POST["subdir_sel_index"] );
281	$params['subdir_selection_index'] = $subdir_sel_index;
282	- ~~$_SESSION[~~'wfu_check_refresh_'.$params["uploadid"]] = 'do not process';
283
284	$wfu_process_file_array = wfu_process_files($params, 'ajax');
285	// extract safe_output from wfu_process_file_array and pass it as separate part of the response text
	@@ -544,18 +544,18 @@ function wfu_ajax_action_download_file_invoker() {
544	//generate download unique id to monitor this download
545	$download_id = wfu_create_random_string(16);
546	//store download status of this download
547	- ~~$_SESSION[~~'wfu_download_status_'.$download_id] = 'starting';
548	//generate download ticket which expires in 30sec and store it in session
549	//it will be used as security measure for the downloader script, which runs outside Wordpress environment
550	- ~~$_SESSION[~~'wfu_download_ticket_'.$download_id] = time() + 30;
551	//generate download monitor ticket which expires in 30sec and store it in session
552	//it will be used as security measure for the monitor script that will check download status
553	- ~~$_SESSION[~~'wfu_download_monitor_ticket_'.$download_id] = time() + 30;
554
555	//store translatable strings to session so that they can be used by a script
556	//that runs outside Wordpress environment
557	- ~~$_SESSION[~~'wfu_browser_downloadfile_notexist'] = ( isset($_POST['browser']) ? WFU_BROWSER_DOWNLOADFILE_NOTEXIST : 'File does not exist!' );
558	- ~~$_SESSION[~~'wfu_browser_downloadfile_failed'] = ( isset($_POST['browser']) ? WFU_BROWSER_DOWNLOADFILE_FAILED : 'Could not download file!' );
559
560	//this routine returns a dynamically created iframe element, that will call the actual download script;
561	//the actual download script runs outside Wordpress environment in order to ensure that no php warnings
	@@ -577,9 +577,9 @@ function wfu_ajax_action_download_file_monitor() {
577	$id = wfu_sanitize_code($id);
578
579	//ensure that this is not a CSRF attack by checking validity of a security ticket
580	- if ( !~~isset~~(~~$_SESSION[~~'wfu_download_monitor_ticket_'.$id]) \|\| time() > ~~$_SESSION[~~'wfu_download_monitor_ticket_'.$id] ) die();
581	//destroy monitor ticket so it cannot be used again
582	- ~~unset~~(~~$_SESSION[~~'wfu_download_monitor_ticket_'.$id]);
583
584	//initiate loop of 30secs to check the download status of the file;
585	//the download status is controlled by the actual download script;
	@@ -589,7 +589,7 @@ function wfu_ajax_action_download_file_monitor() {
589	$end_time = time() + 30;
590	$upload_ended = false;
591	while ( time() < $end_time ) {
592	- $upload_ended = ( ~~isset~~(~~$_SESSION[~~'wfu_download_status_'.$id]) ? ( ~~$_SESSION[~~'wfu_download_status_'.$id] == 'downloaded' \|\| ~~$_SESSION[~~'wfu_download_status_'.$id] == 'failed' ? true : false ) : false );
593	if ( $upload_ended ) break;
594	usleep(100);
595	}
	@@ -601,11 +601,11 @@ function wfu_ajax_action_download_file_monitor() {
601	if ( $filepath === false ) die();
602	$filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
603	wfu_log_action('download', $filepath, $user->ID, '', 0, 0, '', null);
604	- die(apply_filters('_wfu_ajax_action_download_file_monitor', 'wfu_ajax_action_download_file_monitor:'~~.$_SESSION[~~'wfu_download_status_'.$id].':'));
605	}
606	else {
607	//regenerate monitor ticket
608	- ~~$_SESSION[~~'wfu_download_monitor_ticket_'.$id] = time() + 30;
609	die(apply_filters('_wfu_ajax_action_download_file_monitor', 'wfu_ajax_action_download_file_monitor:repeat:'.$id));
610	}
611	}
	@@ -665,7 +665,7 @@ function wfu_ajax_action_notify_wpfilebase() {
665
666	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
667	//check referer using server sessions to avoid CSRF attacks
668	- if ( ~~$_SESSION[~~"wfu_token_".$arr['shortcode_id']] != $session_token ) die();
669
670	do_action('wpfilebase_sync');
671


13	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
14	//check referer using server sessions to avoid CSRF attacks
15	$sid = $arr['shortcode_id'];
16	+ if ( WFU_USVAR("wfu_token_".$sid) != $session_token ) die();
17	if ( $user->user_login != $arr['user_login'] ) die();
18
19	$params_str = get_option('wfu_params_'.$arr['unique_id']);

29	//retrieve the list of uploaded files from session
30	$target_path_list = array();
31	$all_files_count = 0;
32	+ if ( WFU_USVAR_exists("filedata_".$uniqueid) && is_array(WFU_USVAR("filedata_".$uniqueid)) ) {
33	+ $all_files_count = count(WFU_USVAR("filedata_".$uniqueid));
34	+ foreach ( WFU_USVAR("filedata_".$uniqueid) as $file ) {
35	if ( $file["upload_result"] == "success" \|\| $file["upload_result"] == "warning" )
36	array_push($target_path_list, $file["filepath"]);
37	}

75	$userdata_fields[$userdata_key]["value"] = "";
76	//then retrieve userdata from session if files exist
77	if ( $all_files_count > 0 ) {
78	+ foreach ( WFU_USVAR("filedata_".$uniqueid) as $file ) {
79	if ( isset($file["user_data"]) ) {
80	$userdata_fields = array();
81	foreach ( $file["user_data"] as $userdata_key => $userdata_field )

127	if ( $session_token == "" ) die();
128	//check referrer using Wordpress nonces and server sessions to avoid CSRF attacks
129	check_ajax_referer( 'wfu-uploader-nonce', 'wfu_uploader_nonce' );
130	+ if ( WFU_USVAR("wfu_token_".$sid) != $session_token ) die();
131
132	//prepare parameters for before-upload filters
133	$ret = array( "status" => "", "echo" => "" );

158	$ret["status"] = "error";
159	$echo_str .= "CBUV[".$changable_data["error_message"]."]";
160	}
161	+ if ( $changable_data["js_script"] != "" ) $echo_str .= "CBUVJS[".wfu_plugin_encode_string($changable_data["js_script"])."]";
162	}
163	//then execute internal filters of extensions
164	$ret = apply_filters("_wfu_before_upload", $ret, $attr);

168	if ( $ret["status"] == "" ) $ret["status"] = "die";
169	//create an internal flag stored in session regarding the status of this
170	//upload, that will be used to verify or not the upload
171	+ if ( $ret["status"] == "success" ) WFU_USVAR_store("wfu_uploadstatus_".$attr["unique_id"], 1);
172	+ else WFU_USVAR_store("wfu_uploadstatus_".$attr["unique_id"], 0);
173
174	if ( $ret["status"] == "success" \|\| $ret["status"] == "error" )
175	echo "wfu_askserver_".$ret["status"].":".$echo_str;

188	if ( $session_token == "" ) die();
189	//check referrer using Wordpress nonces and server sessions to avoid CSRF attacks
190	check_ajax_referer( 'wfu-uploader-nonce', 'wfu_uploader_nonce' );
191	+ if ( WFU_USVAR("wfu_token_".$sid) != $session_token ) die();
192
193	//setting status to 0 denotes cancelling of the upload
194	+ WFU_USVAR_store("wfu_uploadstatus_".$unique_id, 0);
195
196	die("success");
197	}

216	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
217	$sid = $arr['shortcode_id'];
218	//check referrer using server sessions to avoid CSRF attacks
219	+ if ( WFU_USVAR("wfu_token_".$sid) != $session_token ) {
220	$echo_str = "Session failed!<br/><br/>Session Data:<br/>";
221	+ $echo_str .= print_r(wfu_sanitize(WFU_USALL()), true);
222	$echo_str .= "<br/><br/>Post Data:<br/>";
223	$echo_str .= print_r(wfu_sanitize($_POST), true);
224	$echo_str .= 'force_errorabort_code';

251	//if before upload actions have been executed and they have rejected the
252	//upload, but for some reason (hack attempt) the upload continued, then
253	//terminate it
254	+ if ( WFU_USVAR_exists("wfu_uploadstatus_".$unique_id) && WFU_USVAR("wfu_uploadstatus_".$unique_id) == 0 ) die('force_errorabort_code');
255
256	//if upload has finished then perform post upload actions
257	if ( isset($_POST["upload_finished"]) && $_POST["upload_finished"] === "1" ) {
258	$echo_str = "";
259	//execute after upload filters
260	$ret = wfu_execute_after_upload_filters($sid, $unique_id);
261	+ if ( $ret["js_script"] != "" ) $echo_str = "CBUVJS[".wfu_plugin_encode_string($ret["js_script"])."]";
262	die($echo_str);
263	}
264

272	if ( $ret["status"] == "die" ) die($ret["echo"]);
273
274	//if this is the first pass of an upload attempt then perform pre-upload actions
275	+ if ( !WFU_USVAR_exists('wfu_upload_first_pass_'.$unique_id) \|\| WFU_USVAR('wfu_upload_first_pass_'.$unique_id) != 'true' ) {
276	+ WFU_USVAR_store('wfu_upload_first_pass_'.$unique_id, 'true');
277	}
278
279	if ( !isset($_POST["subdir_sel_index"]) ) die();
280	$subdir_sel_index = sanitize_text_field( $_POST["subdir_sel_index"] );
281	$params['subdir_selection_index'] = $subdir_sel_index;
282	+ WFU_USVAR_store('wfu_check_refresh_'.$params["uploadid"], 'do not process');
283
284	$wfu_process_file_array = wfu_process_files($params, 'ajax');
285	// extract safe_output from wfu_process_file_array and pass it as separate part of the response text

544	//generate download unique id to monitor this download
545	$download_id = wfu_create_random_string(16);
546	//store download status of this download
547	+ WFU_USVAR_store('wfu_download_status_'.$download_id, 'starting');
548	//generate download ticket which expires in 30sec and store it in session
549	//it will be used as security measure for the downloader script, which runs outside Wordpress environment
550	+ WFU_USVAR_store('wfu_download_ticket_'.$download_id, time() + 30);
551	//generate download monitor ticket which expires in 30sec and store it in session
552	//it will be used as security measure for the monitor script that will check download status
553	+ WFU_USVAR_store('wfu_download_monitor_ticket_'.$download_id, time() + 30);
554
555	//store translatable strings to session so that they can be used by a script
556	//that runs outside Wordpress environment
557	+ WFU_USVAR_store('wfu_browser_downloadfile_notexist', ( isset($_POST['browser']) ? WFU_BROWSER_DOWNLOADFILE_NOTEXIST : 'File does not exist!' ));
558	+ WFU_USVAR_store('wfu_browser_downloadfile_failed', ( isset($_POST['browser']) ? WFU_BROWSER_DOWNLOADFILE_FAILED : 'Could not download file!' ));
559
560	//this routine returns a dynamically created iframe element, that will call the actual download script;
561	//the actual download script runs outside Wordpress environment in order to ensure that no php warnings

577	$id = wfu_sanitize_code($id);
578
579	//ensure that this is not a CSRF attack by checking validity of a security ticket
580	+ if ( !WFU_USVAR_exists('wfu_download_monitor_ticket_'.$id) \|\| time() > WFU_USVAR('wfu_download_monitor_ticket_'.$id) ) die();
581	//destroy monitor ticket so it cannot be used again
582	+ WFU_USVAR_unset('wfu_download_monitor_ticket_'.$id);
583
584	//initiate loop of 30secs to check the download status of the file;
585	//the download status is controlled by the actual download script;

589	$end_time = time() + 30;
590	$upload_ended = false;
591	while ( time() < $end_time ) {
592	+ $upload_ended = ( WFU_USVAR_exists('wfu_download_status_'.$id) ? ( WFU_USVAR('wfu_download_status_'.$id) == 'downloaded' \|\| WFU_USVAR('wfu_download_status_'.$id) == 'failed' ? true : false ) : false );
593	if ( $upload_ended ) break;
594	usleep(100);
595	}

601	if ( $filepath === false ) die();
602	$filepath = wfu_path_rel2abs(wfu_flatten_path($filepath));
603	wfu_log_action('download', $filepath, $user->ID, '', 0, 0, '', null);
604	+ die(apply_filters('_wfu_ajax_action_download_file_monitor', 'wfu_ajax_action_download_file_monitor:'.WFU_USVAR('wfu_download_status_'.$id).':'));
605	}
606	else {
607	//regenerate monitor ticket
608	+ WFU_USVAR_store('wfu_download_monitor_ticket_'.$id, time() + 30);
609	die(apply_filters('_wfu_ajax_action_download_file_monitor', 'wfu_ajax_action_download_file_monitor:repeat:'.$id));
610	}
611	}

665
666	$arr = wfu_get_params_fields_from_index($params_index, $session_token);
667	//check referer using server sessions to avoid CSRF attacks
668	+ if ( WFU_USVAR("wfu_token_".$arr['shortcode_id']) != $session_token ) die();
669
670	do_action('wpfilebase_sync');
671

lib/wfu_blocks.php CHANGED Viewed

	@@ -75,7 +75,6 @@ function wfu_prepare_subfolders_block($params, $additional_params, $occurrence_i
75	if ( $data["show_subfolders"] && !$data["testmode"] ) {
76	if ( substr($params["subfoldertree"], 0, 4) == "auto" ) {
77	$upload_directory = wfu_upload_plugin_full_path($params);
78	- wfu_debug_log($upload_directory."\n");
79	$dirtree = wfu_getTree($upload_directory);
80	foreach ( $dirtree as &$dir ) $dir = '*'.$dir;
81	$params["subfoldertree"] = implode(',', $dirtree);


75	if ( $data["show_subfolders"] && !$data["testmode"] ) {
76	if ( substr($params["subfoldertree"], 0, 4) == "auto" ) {
77	$upload_directory = wfu_upload_plugin_full_path($params);

78	$dirtree = wfu_getTree($upload_directory);
79	foreach ( $dirtree as &$dir ) $dir = '*'.$dir;
80	$params["subfoldertree"] = implode(',', $dirtree);

lib/wfu_functions.php CHANGED Viewed

	@@ -913,7 +913,9 @@ function wfu_debug_log($message) {
913
914	function wfu_safe_store_filepath($path) {
915	$code = wfu_create_random_string(16);
916	- $~~_SESSION[~~'wfu_filepath_safe_storage'~~][$code]~~ = ~~$path~~;


917	return $code;
918	}
919
	@@ -922,8 +924,10 @@ function wfu_get_filepath_from_safe($code) {
922	$code = wfu_sanitize_code($code);
923	if ( $code == "" ) return false;
924	//return filepath from session variable, if exists
925	- if ( !~~isset~~(~~$_SESSION[~~'wfu_filepath_safe_storage'~~][$code]~~) ) return false;
926	- ~~return~~ ~~$_SESSION[~~'wfu_filepath_safe_storage'~~][$code]~~;


927	}
928
929	function wfu_file_extension_restricted($filename) {
	@@ -1864,7 +1868,7 @@ function wfu_get_params_fields_from_index($params_index, $session_token = "") {
1864	foreach ( $index_match as $value ) {
1865	list($fields['unique_id'], $fields['page_id'], $fields['shortcode_id'], $fields['user_login']) = explode("\|\|", $value);
1866	$sid = $fields['shortcode_id'];
1867	- if ( ~~isset~~(~~$_SESSION[~~"wfu_token_".$sid]) && ~~$_SESSION[~~"wfu_token_".$sid] == $session_token ) {
1868	$found = true;
1869	break;
1870	}
	@@ -1877,7 +1881,9 @@ function wfu_get_params_fields_from_index($params_index, $session_token = "") {
1877
1878	function wfu_safe_store_shortcode_data($data) {
1879	$code = wfu_create_random_string(16);
1880	- $~~_SESSION[~~'wfu_shortcode_data_safe_storage'~~][$code]~~ = ~~$data~~;


1881	return $code;
1882	}
1883
	@@ -1886,8 +1892,10 @@ function wfu_get_shortcode_data_from_safe($code) {
1886	$code = wfu_sanitize_code($code);
1887	if ( $code == "" ) return '';
1888	//return shortcode data from session variable, if exists
1889	- if ( !~~isset~~(~~$_SESSION[~~'wfu_shortcode_data_safe_storage'~~][$code]~~) ) return '';
1890	- ~~return~~ ~~$_SESSION[~~'wfu_shortcode_data_safe_storage'~~][$code]~~;


1891	}
1892
1893	function wfu_clear_shortcode_data_from_safe($code) {
	@@ -1895,8 +1903,11 @@ function wfu_clear_shortcode_data_from_safe($code) {
1895	$code = wfu_sanitize_code($code);
1896	if ( $code == "" ) return;
1897	//clear shortcode data from session variable, if exists
1898	- if ( !~~isset~~(~~$_SESSION[~~'wfu_shortcode_data_safe_storage'~~][$code]~~) ) return;
1899	- ~~unset~~(~~$_SESSION[~~'wfu_shortcode_data_safe_storage'~~][$code]~~);



1900	}
1901
1902	function wfu_decode_dimensions($dimensions_str) {
	@@ -2330,6 +2341,33 @@ function wfu_parse_userdata_attribute($value){
2330	return $fields;
2331	}
2332



























2333	//******************* Javascript Related Functions **************************************************************************************************
2334
2335	// function wfu_inject_js_code generates html code for injecting js code and then erase the trace
	@@ -2344,7 +2382,9 @@ function wfu_inject_js_code($code){
2344
2345	function wfu_safe_store_browser_params($params) {
2346	$code = wfu_create_random_string(16);
2347	- $~~_SESSION[~~'wfu_browser_actions_safe_storage'~~][$code]~~ = ~~$params~~;


2348	return $code;
2349	}
2350
	@@ -2353,8 +2393,10 @@ function wfu_get_browser_params_from_safe($code) {
2353	$code = wfu_sanitize_code($code);
2354	if ( $code == "" ) return false;
2355	//return params from session variable, if exists
2356	- if ( !~~isset~~(~~$_SESSION[~~'wfu_browser_actions_safe_storage'~~][$code]~~) ) return false;
2357	- ~~return~~ ~~$_SESSION[~~'wfu_browser_actions_safe_storage'~~][$code]~~;


2358	}
2359
2360	//******************* POST/GET Requests Functions **************************************************************************************************


913
914	function wfu_safe_store_filepath($path) {
915	$code = wfu_create_random_string(16);
916	+ $safe_storage = ( WFU_USVAR_exists('wfu_filepath_safe_storage') ? WFU_USVAR('wfu_filepath_safe_storage') : array() );
917	+ $safe_storage[$code] = $path;
918	+ WFU_USVAR_store('wfu_filepath_safe_storage', $safe_storage);
919	return $code;
920	}
921

924	$code = wfu_sanitize_code($code);
925	if ( $code == "" ) return false;
926	//return filepath from session variable, if exists
927	+ if ( !WFU_USVAR_exists('wfu_filepath_safe_storage') ) return false;
928	+ $safe_storage = WFU_USVAR('wfu_filepath_safe_storage');
929	+ if ( !isset($safe_storage[$code]) ) return false;
930	+ return $safe_storage[$code];
931	}
932
933	function wfu_file_extension_restricted($filename) {

1868	foreach ( $index_match as $value ) {
1869	list($fields['unique_id'], $fields['page_id'], $fields['shortcode_id'], $fields['user_login']) = explode("\|\|", $value);
1870	$sid = $fields['shortcode_id'];
1871	+ if ( WFU_USVAR_exists("wfu_token_".$sid) && WFU_USVAR("wfu_token_".$sid) == $session_token ) {
1872	$found = true;
1873	break;
1874	}

1881
1882	function wfu_safe_store_shortcode_data($data) {
1883	$code = wfu_create_random_string(16);
1884	+ $safe_storage = ( WFU_USVAR_exists('wfu_shortcode_data_safe_storage') ? WFU_USVAR('wfu_shortcode_data_safe_storage') : array() );
1885	+ $safe_storage[$code] = $data;
1886	+ WFU_USVAR_store('wfu_shortcode_data_safe_storage', $safe_storage);
1887	return $code;
1888	}
1889

1892	$code = wfu_sanitize_code($code);
1893	if ( $code == "" ) return '';
1894	//return shortcode data from session variable, if exists
1895	+ if ( !WFU_USVAR_exists('wfu_shortcode_data_safe_storage') ) return '';
1896	+ $safe_storage = WFU_USVAR('wfu_shortcode_data_safe_storage');
1897	+ if ( !isset($safe_storage[$code]) ) return '';
1898	+ return $safe_storage[$code];
1899	}
1900
1901	function wfu_clear_shortcode_data_from_safe($code) {

1903	$code = wfu_sanitize_code($code);
1904	if ( $code == "" ) return;
1905	//clear shortcode data from session variable, if exists
1906	+ if ( !WFU_USVAR_exists('wfu_shortcode_data_safe_storage') ) return;
1907	+ $safe_storage = WFU_USVAR('wfu_shortcode_data_safe_storage');
1908	+ if ( !isset($safe_storage[$code]) ) return;
1909	+ unset($safe_storage[$code]);
1910	+ WFU_USVAR_store('wfu_shortcode_data_safe_storage', $safe_storage);
1911	}
1912
1913	function wfu_decode_dimensions($dimensions_str) {

2341	return $fields;
2342	}
2343
2344	+ //******************* User State Functions **************************************************************************************************
2345	+
2346	+ function WFU_USVAR_exists($var) {
2347	+ $a = func_get_args(); switch(WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out)) { case 'X': break; case 'R': return $out; break; case 'D': die($out); break; }
2348	+ return isset($_SESSION[$var]);
2349	+ }
2350	+
2351	+ function WFU_USVAR($var) {
2352	+ $a = func_get_args(); switch(WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out)) { case 'X': break; case 'R': return $out; break; case 'D': die($out); break; }
2353	+ return $_SESSION[$var];
2354	+ }
2355	+
2356	+ function WFU_USALL() {
2357	+ $a = func_get_args(); switch(WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out)) { case 'X': break; case 'R': return $out; break; case 'D': die($out); break; }
2358	+ return $_SESSION;
2359	+ }
2360	+
2361	+ function WFU_USVAR_store($var, $value) {
2362	+ $a = func_get_args(); switch(WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out)) { case 'X': break; case 'R': return $out; break; case 'D': die($out); break; }
2363	+ $_SESSION[$var] = $value;
2364	+ }
2365	+
2366	+ function WFU_USVAR_unset($var) {
2367	+ $a = func_get_args(); switch(WFU_FUNCTION_HOOK(__FUNCTION__, $a, $out)) { case 'X': break; case 'R': return $out; break; case 'D': die($out); break; }
2368	+ unset($_SESSION[$var]);
2369	+ }
2370	+
2371	//******************* Javascript Related Functions **************************************************************************************************
2372
2373	// function wfu_inject_js_code generates html code for injecting js code and then erase the trace

2382
2383	function wfu_safe_store_browser_params($params) {
2384	$code = wfu_create_random_string(16);
2385	+ $safe_storage = ( WFU_USVAR_exists('wfu_browser_actions_safe_storage') ? WFU_USVAR('wfu_browser_actions_safe_storage') : array() );
2386	+ $safe_storage[$code] = $params;
2387	+ WFU_USVAR_store('wfu_browser_actions_safe_storage', $safe_storage);
2388	return $code;
2389	}
2390

2393	$code = wfu_sanitize_code($code);
2394	if ( $code == "" ) return false;
2395	//return params from session variable, if exists
2396	+ if ( !WFU_USVAR_exists('wfu_browser_actions_safe_storage') ) return false;
2397	+ $safe_storage = WFU_USVAR('wfu_browser_actions_safe_storage');
2398	+ if ( !isset($safe_storage[$code]) ) return false;
2399	+ return $safe_storage[$code];
2400	}
2401
2402	//******************* POST/GET Requests Functions **************************************************************************************************

lib/wfu_processfiles.php CHANGED Viewed

	@@ -167,7 +167,11 @@ function wfu_process_files($params, $method) {
167	// determine if file data have been saved to session variables, due to a previous pass of this file
168	$file_map = "filedata_".$unique_id."_".$real_file_index;
169	// retrieve unique id of the file, used in filter actions for identifying each separate file
170	- ~~$file_unique_id~~ = ( ~~isset~~($~~_SESSION[$~~file_map]) ? ~~$_SESSION[$file_map]['file_unique_id'] : '' );~~




171	$filedata_previously_defined = ( $file_unique_id != '' );
172	/* generate unique id for each file for use in filter actions if it has not been previously defined */
173	if ( !$filedata_previously_defined )
	@@ -202,12 +206,14 @@ function wfu_process_files($params, $method) {
202	/* store file data and upload result to filedata session array
203	for use by after_upload filters */
204	if ( !$nofileupload ) {
205	- if ( !~~isset~~(~~$_SESSION[~~"filedata_".$unique_id]) ) ~~$_SESSION[~~"filedata_".$unique_id] = array();
206	- $~~_SESSION[~~"filedata_".$unique_id~~][$real_file_index] = array(~~

207	"file_unique_id" => $file_unique_id,
208	"original_filename" => $only_filename,
209	"filesize" => $filesize,
210	);

211	}
212	// prepare parameters for wfu_before_file_check filter
213	// if this is a no file upload the prepare parameters for
	@@ -234,17 +240,20 @@ function wfu_process_files($params, $method) {
234	// filters again, so we store the changable data to session
235	// variables for this specific file
236	if ( $only_check && !$nofileupload ) {
237	- $~~_SESSION[$file_map]['file_unique_id']~~ = $~~file_unique_id~~;
238	- $~~_SESSION~~[~~$file_map][~~'~~filepath~~'] = $~~target_path~~;
239	- $~~_SESSION~~[~~$file_map][~~'~~userdata~~'] = $~~userdata_fields~~;


240	}
241	}
242	// if this is a second pass of the file, because a first pass with file checking was done before, then retrieve
243	// file data that may have previously changed because of application of filters
244	if ( $filedata_previously_defined ) {
245	- $~~target_path~~ = $~~_SESSION[$~~file_map~~]['filepath']~~;

246	$only_filename = wfu_basename($target_path);
247	- $userdata_fields = $~~_SESSION~~[~~$file_map][~~'userdata'];
248	}
249	if ( $filter_error_message != '' ) {
250	//errorabort flag designates that file will be aborted and no resuming will be attempted
	@@ -394,7 +403,9 @@ function wfu_process_files($params, $method) {
394	previous filter wfu_before_file_check, corresponding them to the unique file id */
395	if ( $file_unique_id != '' ) {
396	$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
397	- $~~_SESSION[$file_map]['filepath']~~ = $~~target_path~~;


398	}
399	//recalculate $only_filename in case it changed with wfu_before_file_upload filter
400	$only_filename = wfu_basename($target_path);
	@@ -457,7 +468,9 @@ function wfu_process_files($params, $method) {
457	previous filter wfu_before_file_check, corresponding them to the unique file id */
458	if ( $file_unique_id != '' ) {
459	$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
460	- $~~_SESSION[$file_map]['filepath']~~ = $~~target_path~~;


461	}
462	//recalculate $only_filename in case it changed with wfu_before_file_upload filter
463	$only_filename = wfu_basename($target_path);
	@@ -708,12 +721,18 @@ function wfu_process_files($params, $method) {
708
709	/* store final file data and upload result to filemap session array for
710	use by after_upload filters */
711	- if ( ( $file_finished_successfully \|\| $file_finished_unsuccessfully ) && ~~isset($_SESSION["filedata_".$unique_id][$real_file_index]) &&~~ !$ignore_server_actions && !$nofileupload ) {
712	- ~~$_SESSION[~~"filedata_".$unique_id~~][$real_file_index]["filepath"]~~ = ~~$target_path;~~
713	- $~~_SESSION[~~"filedata_".$unique_id~~][$real_file_index]["user_data"] = $userdata_fields~~;
714	- $~~_SESSION~~[~~"filedata_".$unique_id][~~$real_file_index]~~["upload_result"]~~ = ~~$file_output['message_type'];~~
715	- $~~_SESSION~~[~~"filedata_".$unique_id][~~$real_file_index]["~~message~~"] = $~~file_output['message']~~;
716	- $~~_SESSION~~[~~"filedata_".$unique_id][~~$real_file_index]["~~admin_messages~~"] = $~~file_output['admin_messages']~~;






717	}
718	}
719


167	// determine if file data have been saved to session variables, due to a previous pass of this file
168	$file_map = "filedata_".$unique_id."_".$real_file_index;
169	// retrieve unique id of the file, used in filter actions for identifying each separate file
170	+ if ( WFU_USVAR_exists($file_map) ) {
171	+ $file_map_arr = WFU_USVAR($file_map);
172	+ $file_unique_id = $file_map_arr['file_unique_id'];
173	+ }
174	+ else $file_unique_id = '';
175	$filedata_previously_defined = ( $file_unique_id != '' );
176	/* generate unique id for each file for use in filter actions if it has not been previously defined */
177	if ( !$filedata_previously_defined )

206	/* store file data and upload result to filedata session array
207	for use by after_upload filters */
208	if ( !$nofileupload ) {
209	+ if ( !WFU_USVAR_exists("filedata_".$unique_id) ) WFU_USVAR_store("filedata_".$unique_id, array());
210	+ $filedata_id = WFU_USVAR("filedata_".$unique_id);
211	+ $filedata_id[$real_file_index] = array(
212	"file_unique_id" => $file_unique_id,
213	"original_filename" => $only_filename,
214	"filesize" => $filesize,
215	);
216	+ WFU_USVAR_store("filedata_".$unique_id, $filedata_id);
217	}
218	// prepare parameters for wfu_before_file_check filter
219	// if this is a no file upload the prepare parameters for

240	// filters again, so we store the changable data to session
241	// variables for this specific file
242	if ( $only_check && !$nofileupload ) {
243	+ $file_map_arr = WFU_USVAR($file_map);
244	+ $file_map_arr['file_unique_id'] = $file_unique_id;
245	+ $file_map_arr['filepath'] = $target_path;
246	+ $file_map_arr['userdata'] = $userdata_fields;
247	+ WFU_USVAR_store($file_map, $file_map_arr);
248	}
249	}
250	// if this is a second pass of the file, because a first pass with file checking was done before, then retrieve
251	// file data that may have previously changed because of application of filters
252	if ( $filedata_previously_defined ) {
253	+ $file_map_arr = WFU_USVAR($file_map);
254	+ $target_path = $file_map_arr['filepath'];
255	$only_filename = wfu_basename($target_path);
256	+ $userdata_fields = $file_map_arr['userdata'];
257	}
258	if ( $filter_error_message != '' ) {
259	//errorabort flag designates that file will be aborted and no resuming will be attempted

403	previous filter wfu_before_file_check, corresponding them to the unique file id */
404	if ( $file_unique_id != '' ) {
405	$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
406	+ $file_map_arr = WFU_USVAR($file_map);
407	+ $file_map_arr['filepath'] = $target_path;
408	+ WFU_USVAR_store($file_map, $file_map_arr);
409	}
410	//recalculate $only_filename in case it changed with wfu_before_file_upload filter
411	$only_filename = wfu_basename($target_path);

468	previous filter wfu_before_file_check, corresponding them to the unique file id */
469	if ( $file_unique_id != '' ) {
470	$target_path = apply_filters('wfu_before_file_upload', $target_path, $file_unique_id);
471	+ $file_map_arr = WFU_USVAR($file_map);
472	+ $file_map_arr['filepath'] = $target_path;
473	+ WFU_USVAR_store($file_map, $file_map_arr);
474	}
475	//recalculate $only_filename in case it changed with wfu_before_file_upload filter
476	$only_filename = wfu_basename($target_path);

721
722	/* store final file data and upload result to filemap session array for
723	use by after_upload filters */
724	+ if ( ( $file_finished_successfully \|\| $file_finished_unsuccessfully ) && !$ignore_server_actions && !$nofileupload ) {
725	+ if ( WFU_USVAR_exists("filedata_".$unique_id) ) {
726	+ $filedata_id = WFU_USVAR("filedata_".$unique_id);
727	+ if ( isset($filedata_id[$real_file_index]) ) {
728	+ $filedata_id[$real_file_index]["filepath"] = $target_path;
729	+ $filedata_id[$real_file_index]["user_data"] = $userdata_fields;
730	+ $filedata_id[$real_file_index]["upload_result"] = $file_output['message_type'];
731	+ $filedata_id[$real_file_index]["message"] = $file_output['message'];
732	+ $filedata_id[$real_file_index]["admin_messages"] = $file_output['admin_messages'];
733	+ WFU_USVAR_store("filedata_".$unique_id, $filedata_id);
734	+ }
735	+ }
736	}
737	}
738

readme.txt CHANGED Viewed

	@@ -146,6 +146,9 @@ There is an option in plugin's settings in Dashboard to relax the CSS rules, so
146
147	== Changelog ==
148



149	= 4.3.1 =
150	* added placeholder option in available label positions of additional fields; label will be the placeholder attribute of the field
151
	@@ -729,7 +732,10 @@ Initial version.
729
730	== Upgrade Notice ==
731
732	- = 4.3.0 =



733	Minor update to introduce a new feature.
734
735	= 4.3.0 =


146
147	== Changelog ==
148
149	+ = 4.3.2 =
150	+ * fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a closing bracket ']' symbol
151	+
152	= 4.3.1 =
153	* added placeholder option in available label positions of additional fields; label will be the placeholder attribute of the field
154

732
733	== Upgrade Notice ==
734
735	+ = 4.3.2 =
736	+ Minor update to fix some bugs.
737	+
738	+ = 4.3.1 =
739	Minor update to introduce a new feature.
740
741	= 4.3.0 =

release_notes.txt CHANGED Viewed

	@@ -1,2 +1,2 @@
1	- <!-- --><span>Version 4.3.1 is a minor update. ~~The~~ ~~only~~ ~~new~~ feature introduced in the Free version is addition of placeholder option in available label positions of <strong>Additional Fields</strong>. When selected, the label text will be shown as <strong>placeholder</strong> of the field.<br/><br/>For ~~more~~ details about this version's changes please visit the Release Notes of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
2	<!-- -->


1	+ <!-- --><span>Version 4.3.2 is a minor update that fixes some bugs.<br/><br/>For details about this version's changes please visit the Release Notes of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
2	<!-- -->

wfu_file_downloader.php CHANGED Viewed

	@@ -11,9 +11,9 @@ function wfu_download_file() {
11
12	$ticket = wfu_sanitize_code($ticket);
13	//if download ticket does not exist or is expired die
14	- if ( !~~isset~~(~~$_SESSION[~~'wfu_download_ticket_'.$ticket]) \|\| time() > ~~$_SESSION[~~'wfu_download_ticket_'.$ticket] ) die();
15	//destroy ticket so it cannot be used again
16	- ~~unset~~(~~$_SESSION[~~'wfu_download_ticket_'.$ticket]);
17
18	$file_code = wfu_sanitize_code($file_code);
19	//if file_code starts with exportdata, then this is a request for export of
	@@ -30,14 +30,14 @@ function wfu_download_file() {
30	if ( $filepath === false ) die();
31	$filepath = wfu_flatten_path($filepath);
32	if ( substr($filepath, 0, 1) == "/" ) $filepath = substr($filepath, 1);
33	- $filepath = ( substr($filepath, 0, 6) == 'ftp://' \|\| substr($filepath, 0, 7) == 'ftps://' \|\| substr($filepath, 0, 7) == 'sftp://' ? $filepath : ~~$_SESSION[~~'wfu_ABSPATH'].$filepath );
34	$disposition_name = wfu_basename($filepath);
35	$delete_file = false;
36	}
37	//check that file exists
38	if ( !file_exists($filepath) ) {
39	- ~~$_SESSION[~~'wfu_download_status_'.$ticket] = 'failed';
40	- die('<script language="javascript">alert("'.( ~~isset~~(~~$_SESSION[~~'wfu_browser_downloadfile_notexist']) ? ~~$_SESSION[~~'wfu_browser_downloadfile_notexist'] : 'File does not exist!' ).'");</script>');
41	}
42	//get mime type
43
	@@ -70,12 +70,12 @@ function wfu_download_file() {
70	if ( $delete_file ) unset($filepath);
71
72	if ( !$failed ) {
73	- ~~$_SESSION[~~'wfu_download_status_'.$ticket] = 'downloaded';
74	die();
75	}
76	else {
77	- ~~$_SESSION[~~'wfu_download_status_'.$ticket] = 'failed';
78	- die('<script language="javascript">alert("'.( ~~isset~~(~~$_SESSION[~~'wfu_browser_downloadfile_failed']) ? ~~$_SESSION[~~'wfu_browser_downloadfile_failed'] : 'Could not download file!' ).'");</script>');
79	}
80	}
81


11
12	$ticket = wfu_sanitize_code($ticket);
13	//if download ticket does not exist or is expired die
14	+ if ( !WFU_USVAR_exists('wfu_download_ticket_'.$ticket) \|\| time() > WFU_USVAR('wfu_download_ticket_'.$ticket) ) die();
15	//destroy ticket so it cannot be used again
16	+ WFU_USVAR_unset('wfu_download_ticket_'.$ticket);
17
18	$file_code = wfu_sanitize_code($file_code);
19	//if file_code starts with exportdata, then this is a request for export of

30	if ( $filepath === false ) die();
31	$filepath = wfu_flatten_path($filepath);
32	if ( substr($filepath, 0, 1) == "/" ) $filepath = substr($filepath, 1);
33	+ $filepath = ( substr($filepath, 0, 6) == 'ftp://' \|\| substr($filepath, 0, 7) == 'ftps://' \|\| substr($filepath, 0, 7) == 'sftp://' ? $filepath : WFU_USVAR('wfu_ABSPATH').$filepath );
34	$disposition_name = wfu_basename($filepath);
35	$delete_file = false;
36	}
37	//check that file exists
38	if ( !file_exists($filepath) ) {
39	+ WFU_USVAR_store('wfu_download_status_'.$ticket, 'failed');
40	+ die('<script language="javascript">alert("'.( WFU_USVAR_exists('wfu_browser_downloadfile_notexist') ? WFU_USVAR('wfu_browser_downloadfile_notexist') : 'File does not exist!' ).'");</script>');
41	}
42	//get mime type
43

70	if ( $delete_file ) unset($filepath);
71
72	if ( !$failed ) {
73	+ WFU_USVAR_store('wfu_download_status_'.$ticket, 'downloaded');
74	die();
75	}
76	else {
77	+ WFU_USVAR_store('wfu_download_status_'.$ticket, 'failed');
78	+ die('<script language="javascript">alert("'.( WFU_USVAR_exists('wfu_browser_downloadfile_failed') ? WFU_USVAR('wfu_browser_downloadfile_failed') : 'Could not download file!' ).'");</script>');
79	}
80	}
81

wordpress_file_upload.php CHANGED Viewed

	@@ -4,7 +4,7 @@ if( !session_id() ) { session_start(); }
4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	- Version: 4.3.1
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/
	@@ -82,7 +82,7 @@ add_action('wp_ajax_wfu_ajax_action_update_envar', 'wfu_ajax_action_update_envar
82	add_action('wp_ajax_wfu_ajax_action_transfer_command', 'wfu_ajax_action_transfer_command');
83	wfu_include_lib();
84	//add abspath for use by downloader
85	- ~~$_SESSION[~~'wfu_ABSPATH'] = wfu_abspath();
86	//widget
87	add_action( 'widgets_init', 'register_wfu_widget' );
88	//Media editor custom properties
	@@ -184,8 +184,9 @@ function wordpress_file_upload_function($incomingfromhandler) {
184	$params["pageid"] = $post->ID;
185	$params["blogid"] = $blog_id;
186
187	- ~~if ( !isset(~~$~~_SESSION['wfu_token_'.$sid])~~ \|\| ~~$_SESSION[~~'wfu_token_'.$sid~~] == "" )~~
188	- $~~_SESSION['wfu_token_'.$sid]~~ = ~~uniqid~~(~~mt_rand(~~), ~~TRUE~~);

189	//store the server environment (32 or 64bit) for use when checking file size limits
190	$params["php_env"] = wfu_get_server_environment();
191
	@@ -206,7 +207,7 @@ function wordpress_file_upload_function($incomingfromhandler) {
206	$init_params["shortcode_id"] = $sid;
207	$init_params["shortcode_tag"] = $shortcode_tag;
208	$init_params["container_id"] = $shortcode_tag.'_block_'.$sid;
209	- $init_params["session"] = $~~_SESSION['wfu_token_'.$sid]~~;
210	$init_params["testmode"] = ( $params["testmode"] == "true" );
211	$init_params["widgetid"] = $params["widgetid"];
212	//add allow no file flag
	@@ -409,14 +410,15 @@ function wordpress_file_upload_function($incomingfromhandler) {
409	// The plugin uses sessions in order to detect if the page was loaded due to file upload or
410	// because the user pressed the Refresh button (or F5) of the page.
411	// In the second case we do not want to perform any file upload, so we abort the rest of the script.
412	- ~~if ( !isset(~~$~~_SESSION['wfu_check_refresh_'.$sid])~~ \|\| ~~$_SESSION[~~'wfu_check_refresh_'.$sid~~] != "form button pressed" ) {~~
413	- $~~_SESSION['wfu_check_refresh_'.$sid]~~ = ~~'do~~ ~~not~~ ~~process';~~

414	$wordpress_file_upload_output .= wfu_post_plugin_actions($params);
415	$wordpress_file_upload_output = apply_filters("_wfu_file_upload_output", $wordpress_file_upload_output, $params);
416	return $wordpress_file_upload_output."\n";
417	}
418	- $~~_SESSION['wfu_check_refresh_'.$sid]~~ = 'do not process';
419	- $params["upload_start_time"] = ~~$_SESSION[~~'wfu_start_time_'.$sid];
420
421	// The plugin uses two ways to upload the file:
422	// - The first one uses classic functionality of an HTML form (highest compatibility with browsers but few capabilities).
	@@ -460,7 +462,8 @@ function wordpress_file_upload_function($incomingfromhandler) {
460
461	//in case that that the upload has been cancelled then proceed
462	//accordingly to notify the user
463	- ~~if ( isset(~~$~~_SESSION["wfu_uploadstatus_".$unique_id])~~ && ~~$_SESSION[~~"wfu_uploadstatus_".$unique_id~~] == 0 ) {~~

464	$safe_output = "17;".WFU_VAR("WFU_DEFAULTMESSAGECOLORS").";0";
465	$wfu_process_file_array_str = " ";
466	$js_script_enc = "";
	@@ -544,8 +547,8 @@ function wfu_classic_before_upload_handler($ret, $attr) {
544	}
545	if ( $ret["status"] != "error" ) {
546	$ret["status"] = "success";
547	- ~~$_SESSION[~~'wfu_check_refresh_'.$sid] = 'form button pressed';
548	- ~~$_SESSION[~~'wfu_start_time_'.$sid] = $start_time;
549	}
550	return $ret;
551	}
	@@ -554,7 +557,8 @@ function wfu_execute_after_upload_filters($sid, $unique_id) {
554	//apply internal filters from extensions
555	$ret = array( "echo" => "" );
556	$files = array();
557	- ~~if ( isset(~~$~~_SESSION["filedata_".$unique_id])~~ ~~) $files~~ = ~~$_SESSION[~~"filedata_".$unique_id];

558	$attr = array( "sid" => $sid, "unique_id" => $unique_id, "files" => $files );
559	$ret = apply_filters("_wfu_after_upload", $ret, $attr);
560	//then apply any custom filters created by admin


4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	+ Version: 4.3.2
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/

82	add_action('wp_ajax_wfu_ajax_action_transfer_command', 'wfu_ajax_action_transfer_command');
83	wfu_include_lib();
84	//add abspath for use by downloader
85	+ WFU_USVAR_store('wfu_ABSPATH', wfu_abspath());
86	//widget
87	add_action( 'widgets_init', 'register_wfu_widget' );
88	//Media editor custom properties

184	$params["pageid"] = $post->ID;
185	$params["blogid"] = $blog_id;
186
187	+ $token_sid = 'wfu_token_'.$sid;
188	+ if ( !WFU_USVAR_exists($token_sid) \|\| WFU_USVAR($token_sid) == "" )
189	+ WFU_USVAR_store($token_sid, uniqid(mt_rand(), TRUE));
190	//store the server environment (32 or 64bit) for use when checking file size limits
191	$params["php_env"] = wfu_get_server_environment();
192

207	$init_params["shortcode_id"] = $sid;
208	$init_params["shortcode_tag"] = $shortcode_tag;
209	$init_params["container_id"] = $shortcode_tag.'_block_'.$sid;
210	+ $init_params["session"] = WFU_USVAR($token_sid);
211	$init_params["testmode"] = ( $params["testmode"] == "true" );
212	$init_params["widgetid"] = $params["widgetid"];
213	//add allow no file flag

410	// The plugin uses sessions in order to detect if the page was loaded due to file upload or
411	// because the user pressed the Refresh button (or F5) of the page.
412	// In the second case we do not want to perform any file upload, so we abort the rest of the script.
413	+ $check_refresh_sid = 'wfu_check_refresh_'.$sid;
414	+ if ( !WFU_USVAR_exists($check_refresh_sid) \|\| WFU_USVAR($check_refresh_sid) != "form button pressed" ) {
415	+ WFU_USVAR_store($check_refresh_sid, 'do not process');
416	$wordpress_file_upload_output .= wfu_post_plugin_actions($params);
417	$wordpress_file_upload_output = apply_filters("_wfu_file_upload_output", $wordpress_file_upload_output, $params);
418	return $wordpress_file_upload_output."\n";
419	}
420	+ WFU_USVAR_store($check_refresh_sid, 'do not process');
421	+ $params["upload_start_time"] = WFU_USVAR('wfu_start_time_'.$sid);
422
423	// The plugin uses two ways to upload the file:
424	// - The first one uses classic functionality of an HTML form (highest compatibility with browsers but few capabilities).

462
463	//in case that that the upload has been cancelled then proceed
464	//accordingly to notify the user
465	+ $uploadstatus_id = "wfu_uploadstatus_".$unique_id;
466	+ if ( WFU_USVAR_exists($uploadstatus_id) && WFU_USVAR($uploadstatus_id) == 0 ) {
467	$safe_output = "17;".WFU_VAR("WFU_DEFAULTMESSAGECOLORS").";0";
468	$wfu_process_file_array_str = " ";
469	$js_script_enc = "";

547	}
548	if ( $ret["status"] != "error" ) {
549	$ret["status"] = "success";
550	+ WFU_USVAR_store('wfu_check_refresh_'.$sid, 'form button pressed');
551	+ WFU_USVAR_store('wfu_start_time_'.$sid, $start_time);
552	}
553	return $ret;
554	}

557	//apply internal filters from extensions
558	$ret = array( "echo" => "" );
559	$files = array();
560	+ $filedata_id = "filedata_".$unique_id;
561	+ if ( WFU_USVAR_exists($filedata_id) ) $files = WFU_USVAR($filedata_id);
562	$attr = array( "sid" => $sid, "unique_id" => $unique_id, "files" => $files );
563	$ret = apply_filters("_wfu_after_upload", $ret, $attr);
564	//then apply any custom filters created by admin