wp-admin/includes/class-file-upload-upgrader.php

   1 <?php
   2 /**
   3  * Upgrade API: File_Upload_Upgrader class
   4  *
   5  * @package WordPress
   6  * @subpackage Upgrader
   7  * @since 4.6.0
   8  */
   9
  10 /**
  11  * Core class used for handling file uploads.
  12  *
  13  * This class handles the upload process and passes it as if it's a local file
  14  * to the Upgrade/Installer functions.
  15  *
  16  * @since 2.8.0
  17  * @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
  18  */
  19 class File_Upload_Upgrader {
  20
  21         /**
  22          * The full path to the file package.
  23          *
  24          * @since 2.8.0
  25          * @access public
  26          * @var string $package
  27          */
  28         public $package;
  29
  30         /**
  31          * The name of the file.
  32          *
  33          * @since 2.8.0
  34          * @access public
  35          * @var string $filename
  36          */
  37         public $filename;
  38
  39         /**
  40          * The ID of the attachment post for this file.
  41          *
  42          * @since 3.3.0
  43          * @access public
  44          * @var int $id
  45          */
  46         public $id = 0;
  47
  48         /**
  49          * Construct the upgrader for a form.
  50          *
  51          * @since 2.8.0
  52          * @access public
  53          *
  54          * @param string $form      The name of the form the file was uploaded from.
  55          * @param string $urlholder The name of the `GET` parameter that holds the filename.
  56          */
  57         public function __construct( $form, $urlholder ) {
  58
  59                 if ( empty($_FILES[$form]['name']) && empty($_GET[$urlholder]) )
  60                         wp_die(__('Please select a file'));
  61
  62                 //Handle a newly uploaded file, Else assume it's already been uploaded
  63                 if ( ! empty($_FILES) ) {
  64                         $overrides = array( 'test_form' => false, 'test_type' => false );
  65                         $file = wp_handle_upload( $_FILES[$form], $overrides );
  66
  67                         if ( isset( $file['error'] ) )
  68                                 wp_die( $file['error'] );
  69
  70                         $this->filename = $_FILES[$form]['name'];
  71                         $this->package = $file['file'];
  72
  73                         // Construct the object array
  74                         $object = array(
  75                                 'post_title' => $this->filename,
  76                                 'post_content' => $file['url'],
  77                                 'post_mime_type' => $file['type'],
  78                                 'guid' => $file['url'],
  79                                 'context' => 'upgrader',
  80                                 'post_status' => 'private'
  81                         );
  82
  83                         // Save the data.
  84                         $this->id = wp_insert_attachment( $object, $file['file'] );
  85
  86                         // Schedule a cleanup for 2 hours from now in case of failed install.
  87                         wp_schedule_single_event( time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array( $this->id ) );
  88
  89                 } elseif ( is_numeric( $_GET[$urlholder] ) ) {
  90                         // Numeric Package = previously uploaded file, see above.
  91                         $this->id = (int) $_GET[$urlholder];
  92                         $attachment = get_post( $this->id );
  93                         if ( empty($attachment) )
  94                                 wp_die(__('Please select a file'));
  95
  96                         $this->filename = $attachment->post_title;
  97                         $this->package = get_attached_file( $attachment->ID );
  98                 } else {
  99                         // Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
 100                         if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
 101                                 wp_die( $uploads['error'] );
 102
 103                         $this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 104                         $this->package = $uploads['basedir'] . '/' . $this->filename;
 105
 106                         if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
 107                                 wp_die( __( 'Please select a file' ) );
 108                         }
 109                 }
 110         }
 111
 112         /**
 113          * Delete the attachment/uploaded file.
 114          *
 115          * @since 3.2.2
 116          * @access public
 117          *
 118          * @return bool Whether the cleanup was successful.
 119          */
 120         public function cleanup() {
 121                 if ( $this->id )
 122                         wp_delete_attachment( $this->id );
 123
 124                 elseif ( file_exists( $this->package ) )
 125                         return @unlink( $this->package );
 126
 127                 return true;
 128         }
 129 }