X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/5aa86a9053fb0fa15846bb60aac2fb8fdfff524a..refs/tags/wordpress-3.5.2:/wp-admin/includes/file.php diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index bf4ac85d..96b6db45 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -1,6 +1,8 @@ values to override default variables with extract( $overrides, EXTR_OVERWRITE ). + * @param string $time Optional. Time formatted in 'yyyy/mm'. * @return array On success, returns an associative array of file attributes. On failure, returns $overrides['upload_error_handler'](&$file, $message ) or array( 'error'=>$message ). */ function wp_handle_upload( &$file, $overrides = false, $time = null ) { @@ -240,7 +243,7 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) { // You may define your own function and pass the name in $overrides['upload_error_handler'] $upload_error_handler = 'wp_handle_upload_error'; - // You may have had one or more 'wp_handle_upload_prefilter' functions error out the file. Handle that gracefully. + // You may have had one or more 'wp_handle_upload_prefilter' functions error out the file. Handle that gracefully. if ( isset( $file['error'] ) && !is_numeric( $file['error'] ) && $file['error'] ) return $upload_error_handler( $file, $file['error'] ); @@ -323,30 +326,16 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) { $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback ); - $tmp_file = wp_tempnam($filename); - // Move the file to the uploads dir - if ( false === @ move_uploaded_file( $file['tmp_name'], $tmp_file ) ) - return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); - - // If a resize was requested, perform the resize. - $image_resize = isset( $_POST['image_resize'] ) && 'true' == $_POST['image_resize']; - $do_resize = apply_filters( 'wp_upload_resize', $image_resize ); - $size = @getimagesize( $tmp_file ); - if ( $do_resize && $size ) { - $old_temp = $tmp_file; - $tmp_file = image_resize( $tmp_file, (int) get_option('large_size_w'), (int) get_option('large_size_h'), 0, 'resized'); - if ( ! is_wp_error($tmp_file) ) { - unlink($old_temp); - } else { - $tmp_file = $old_temp; - } - } - - // Copy the temporary file into its destination $new_file = $uploads['path'] . "/$filename"; - copy( $tmp_file, $new_file ); - unlink($tmp_file); + if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) { + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + else + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); + } // Set correct file permissions $stat = stat( dirname( $new_file )); @@ -364,7 +353,7 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) { /** * Handle sideloads, which is the process of retrieving a media item from another server instead of - * a traditional media upload. This process involves sanitizing the filename, checking extensions + * a traditional media upload. This process involves sanitizing the filename, checking extensions * for mime type, and moving the file to the appropriate directory within the uploads directory. * * @since 2.6.0 @@ -377,9 +366,10 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) { * @uses wp_unique_filename * @param array $file an array similar to that of a PHP $_FILES POST array * @param array $overrides Optional. An associative array of names=>values to override default variables with extract( $overrides, EXTR_OVERWRITE ). + * @param string $time Optional. Time formatted in 'yyyy/mm'. * @return array On success, returns an associative array of file attributes. On failure, returns $overrides['upload_error_handler'](&$file, $message ) or array( 'error'=>$message ). */ -function wp_handle_sideload( &$file, $overrides = false ) { +function wp_handle_sideload( &$file, $overrides = false, $time = null ) { // The default error handler. if (! function_exists( 'wp_handle_upload_error' ) ) { function wp_handle_upload_error( &$file, $message ) { @@ -456,7 +446,7 @@ function wp_handle_sideload( &$file, $overrides = false ) { } // A writable uploads dir will pass this test. Again, there's no point overriding this one. - if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) ) + if ( ! ( ( $uploads = wp_upload_dir( $time ) ) && false === $uploads['error'] ) ) return $upload_error_handler( $file, $uploads['error'] ); $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback ); @@ -468,7 +458,11 @@ function wp_handle_sideload( &$file, $overrides = false ) { // Move the file to the uploads dir $new_file = $uploads['path'] . "/$filename"; if ( false === @ rename( $file['tmp_name'], $new_file ) ) { - return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + else + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); } // Set correct file permissions @@ -486,7 +480,7 @@ function wp_handle_sideload( &$file, $overrides = false ) { /** * Downloads a url to a local temporary file using the WordPress HTTP Class. - * Please note, That the calling function must unlink() the file. + * Please note, That the calling function must unlink() the file. * * @since 2.5.0 * @@ -503,7 +497,7 @@ function download_url( $url, $timeout = 300 ) { if ( ! $tmpfname ) return new WP_Error('http_no_file', __('Could not create Temporary file.')); - $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) ); + $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) ); if ( is_wp_error( $response ) ) { unlink( $tmpfname ); @@ -648,7 +642,7 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) { return new WP_Error('extract_failed', __('Could not extract file from archive.'), $info['name']); if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) ) - return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['filename']); + return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['name']); } $z->close(); @@ -884,7 +878,7 @@ function get_filesystem_method($args = array(), $context = false) { } /** - * Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. + * Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. * All chosen/entered details are saved, Excluding the Password. * * Hostnames may be in the form of hostname:portnumber (eg: wordpress.org:2467) to specify an alternate FTP/SSH port. @@ -896,7 +890,7 @@ function get_filesystem_method($args = array(), $context = false) { * @param string $form_post the URL to post the form to * @param string $type the chosen Filesystem method in use * @param boolean $error if the current request has failed to connect - * @param string $context The directory which is needed access to, The write-test will be performed on this directory by get_filesystem_method() + * @param string $context The directory which is needed access to, The write-test will be performed on this directory by get_filesystem_method() * @param string $extra_fields Extra POST fields which should be checked for to be included in the post. * @return boolean False on failure. True on success. */ @@ -1075,5 +1069,3 @@ submit_button( __( 'Proceed' ), 'button', 'upgrade' );