forked from hunk/Magic-Fields
-
Notifications
You must be signed in to change notification settings - Fork 0
/
MF_GetFile.php
128 lines (103 loc) · 3.51 KB
/
MF_GetFile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
class MF_GetFile {
/**
* Constructor
*/
public function __construct() {
add_action( 'wp_ajax_mf_get_file', array( $this, 'getFile' ) );
}
function getFile() {
global $mf_domain;
check_ajax_referer( 'nonce_url_file', 'nonce_url_file');
if( !( is_user_logged_in() && current_user_can('upload_files') ) ) {
echo json_encode(
array(
'success' => false,
'error' => "You don't have permission to upload files, contact to the administrator for more information!",$mf_domain
)
);
wp_die();
}
if ( !isset($_POST['upload_url']) && empty($_POST['upload_url']) ) {
echo json_encode(
array(
'success' => false,
'error' => __("Url missing or empty",$mf_domain)
)
);
wp_die();
}
if (!$this->isValidUrl($_POST['upload_url'])) {
echo json_encode(
array(
'success' => false,
'error' => __("not a valid url format",$mf_domain)
)
);
wp_die();
}
if ( ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
// file was send from browser
$_POST['upload_url'] = esc_url($_POST['upload_url']);
$filename = $this->downloadFile();
if ($filename == false) {
$result_msg = '<span class="mf-upload-error">'.__("Upload Unsuccessful",$mf_domain).'!</span>';
} else {
$result_msg = '<span class="mf-upload-success">'.__("Successful upload",$mf_domain).'!</span>' ;
}
if($filename){
echo json_encode(array('success'=>true, 'msg' => $result_msg."*".$filename));
}else{
echo json_encode(array('success'=>true, 'msg' => $result_msg."*"."None"));
}
wp_die();
}
function isValidUrl($url) {
$check = preg_replace(
'#((https?|ftp)://(\S*?\.\S*?))([\s)\[\]{},;"\':<]|\.\s|$)#i',
"'<a href=\"$1\" target=\"_blank\">$3</a>$4'",
$url
);
return $check;
}
function downloadFile(){
global $mf_domain, $wpdb;
$url = $_POST['upload_url'];
$allowedExtensions = array("pdf", "doc", "xls", "ppt", "txt", "jpeg", "psd", "jpg", "gif", "png", "docx", "pptx", "xslx", "pps", "zip", "gz", "gzip", "mp3", "aac", "mp4", "wav", "wma", "aif", "aiff", "ogg", "flv", "f4v", "mov", "avi", "mkv", "xvid", "divx","gpx");
$path = pathinfo($url);
$ext = $path['extension'];
if(!in_array(strtolower($ext), $allowedExtensions)){
echo json_encode(
array(
'success'=>false,
'error' => _("Invalid file extension",$mf_domain)
)
);
wp_die();
}
//Retrieve file
if ($fp_source = @fopen($url, 'rb')) {
//Get target filename
$exploded_url = explode('.', $url);
$ext = array_pop( $exploded_url );
$input_name = filter_var($_POST["input_name"], FILTER_SANITIZE_SPECIAL_CHARS);
$filename = time() . '_' . str_replace( 'rc_cwp_meta_', '', $input_name) . '.' . $ext;
$directory = MF_FILES_PATH;
$fp_dest = @fopen($directory . $filename,"wb");
if ($fp_dest == false) return false;
while(!feof($fp_source)) {
set_time_limit(30);
$readData = fread($fp_source, 1024*2);
fwrite($fp_dest,$readData);
}
fclose($fp_source);
fclose($fp_dest);
return $filename;
}
return false;
}
}
$mf_get_file = new MF_GetFile();