X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8f374b7233bc2815ccc387e448d208c5434eb961..febc815b2c9d85be5717da9e8d164bd2daa97e31:/wp-admin/media-upload.php diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php index 6246176b..5f87301e 100644 --- a/wp-admin/media-upload.php +++ b/wp-admin/media-upload.php @@ -13,10 +13,11 @@ if ( ! isset( $_GET['inline'] ) ) define( 'IFRAME_REQUEST' , true ); /** Load WordPress Administration Bootstrap */ -require_once('./admin.php'); +require_once( dirname( __FILE__ ) . '/admin.php' ); -if (!current_user_can('upload_files')) - wp_die(__('You do not have permission to upload files.')); +if ( ! current_user_can( 'upload_files' ) ) { + wp_die( __( 'Sorry, you are not allowed to upload files.' ), 403 ); +} wp_enqueue_script('plupload-handlers'); wp_enqueue_script('image-edit'); @@ -30,118 +31,82 @@ wp_enqueue_script( 'media-gallery' ); $ID = isset($ID) ? (int) $ID : 0; $post_id = isset($post_id)? (int) $post_id : 0; -// Require an ID for the edit screen -if ( isset($action) && $action == 'edit' && !$ID ) - wp_die( __( 'Cheatin’ uh?' ) ); - -if ( isset($_GET['inline']) ) { - $errors = array(); - - if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - - if ( isset($_POST['html-upload']) && !empty($_FILES) ) { - check_admin_referer('media-form'); - // Upload File button was clicked - $id = media_handle_upload('async-upload', $_REQUEST['post_id']); - unset($_FILES); - if ( is_wp_error($id) ) { - $errors['upload_error'] = $id; - $id = false; - } - } - - if ( isset($_GET['upload-page-form']) ) { - $errors = array_merge($errors, (array) media_upload_form_handler()); - - $location = 'upload.php'; - if ( $errors ) - $location .= '?message=3'; - - wp_redirect( admin_url($location) ); - exit; - } - - if ( isset( $_REQUEST['post_id'] ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - - $title = __('Upload New Media'); - $parent_file = 'upload.php'; - get_current_screen()->add_help_tab( array( - 'id' => 'overview', - 'title' => __('Overview'), - 'content' => - '

' . __('You can upload media files here without creating a post first. This allows you to upload files to use with posts and pages later and/or to get a web link for a particular file that you can share. There are three options for uploading files:') . '

' . - '' . - '

' . __('Basic image editing is available after upload is complete. Make sure you click Save before leaving this screen.') . '

' - ) ); - get_current_screen()->set_help_sidebar( - '

' . __('For more information:') . '

' . - '

' . __('Documentation on Uploading Media Files') . '

' . - '

' . __('Support Forums') . '

' +// Require an ID for the edit screen. +if ( isset( $action ) && $action == 'edit' && !$ID ) { + wp_die( + '

' . __( 'Cheatin’ uh?' ) . '

' . + '

' . __( 'Invalid item ID.' ) . '

', + 403 ); +} - require_once('./admin-header.php'); - - $form_class = 'media-upload-form type-form validate'; - - if ( get_user_setting('uploader') ) - $form_class .= ' html-uploader'; - ?> -
- -

- -
- - - - - - -
- -
-
- -' . __( 'Cheatin’ uh?' ) . '' . + '

' . __( 'Sorry, you are not allowed to edit this item.' ) . '

', + 403 + ); +} +// Upload type: image, video, file, ..? +if ( isset($_GET['type']) ) { + $type = strval($_GET['type']); } else { - if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) - wp_die( __( 'Cheatin’ uh?' ) ); - - // upload type: image, video, file, ..? - if ( isset($_GET['type']) ) - $type = strval($_GET['type']); - else - $type = apply_filters('media_upload_default_type', 'file'); - - // tab: gallery, library, or type-specific - if ( isset($_GET['tab']) ) - $tab = strval($_GET['tab']); - else - $tab = apply_filters('media_upload_default_tab', 'type'); + /** + * Filters the default media upload type in the legacy (pre-3.5.0) media popup. + * + * @since 2.5.0 + * + * @param string $type The default media upload type. Possible values include + * 'image', 'audio', 'video', 'file', etc. Default 'file'. + */ + $type = apply_filters( 'media_upload_default_type', 'file' ); +} - $body_id = 'media-upload'; +// Tab: gallery, library, or type-specific. +if ( isset($_GET['tab']) ) { + $tab = strval($_GET['tab']); +} else { + /** + * Filters the default tab in the legacy (pre-3.5.0) media popup. + * + * @since 2.5.0 + * + * @param string $type The default media popup tab. Default 'type' (From Computer). + */ + $tab = apply_filters( 'media_upload_default_tab', 'type' ); +} - // let the action code decide how to handle the request - if ( $tab == 'type' || $tab == 'type_url' || ! array_key_exists( $tab , media_upload_tabs() ) ) - do_action("media_upload_$type"); - else - do_action("media_upload_$tab"); +$body_id = 'media-upload'; + +// Let the action code decide how to handle the request. +if ( $tab == 'type' || $tab == 'type_url' || ! array_key_exists( $tab , media_upload_tabs() ) ) { + /** + * Fires inside specific upload-type views in the legacy (pre-3.5.0) + * media popup based on the current tab. + * + * The dynamic portion of the hook name, `$type`, refers to the specific + * media upload type. Possible values include 'image', 'audio', 'video', + * 'file', etc. + * + * The hook only fires if the current `$tab` is 'type' (From Computer), + * 'type_url' (From URL), or, if the tab does not exist (i.e., has not + * been registered via the {@see 'media_upload_tabs'} filter. + * + * @since 2.5.0 + */ + do_action( "media_upload_$type" ); +} else { + /** + * Fires inside limited and specific upload-tab views in the legacy + * (pre-3.5.0) media popup. + * + * The dynamic portion of the hook name, `$tab`, refers to the specific + * media upload tab. Possible values include 'library' (Media Library), + * or any custom tab registered via the {@see 'media_upload_tabs'} filter. + * + * @since 2.5.0 + */ + do_action( "media_upload_$tab" ); } +