includes/lib/upload/um-file-upload.php

<?php
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) exit;

$dirname = dirname( __FILE__ );
do {
    $dirname = dirname( $dirname );
    $wp_config = "{$dirname}/wp-config.php";
    $wp_load = "{$dirname}/wp-load.php";
}
while( !file_exists( $wp_config ) );

if ( ! file_exists( $wp_load ) ) {
    $dirs = glob( $dirname . '/*' , GLOB_ONLYDIR );

    foreach ( $dirs as $key => $value ) {
        $wp_load = "{$value}/wp-load.php";
        if ( file_exists( $wp_load ) ) {
            break;
        }
    }
}

require_once( $wp_load );

$ret['error'] = null;
$ret = array();

/* commented for enable download files on registration form
 * if ( ! is_user_logged_in() ) {
    $ret['error'] = 'Invalid user';
    die( json_encode( $ret ) );
}*/

$nonce = $_POST['_wpnonce'];
$id = $_POST['key'];
$timestamp = $_POST['timestamp'];

UM()->fields()->set_id = $_POST['set_id'];
UM()->fields()->set_mode = $_POST['set_mode'];

/**
 * UM hook
 *
 * @type filter
 * @title um_file_upload_nonce
 * @description Change File Upload nonce
 * @input_vars
 * [{"var":"$nonce","type":"bool","desc":"Nonce"}]
 * @change_log
 * ["Since: 2.0"]
 * @usage
 * <?php add_filter( 'um_file_upload_nonce', 'function_name', 10, 1 ); ?>
 * @example
 * <?php
 * add_filter( 'um_file_upload_nonce', 'my_file_upload_nonce', 10, 1 );
 * function my_file_upload_nonce( $nonce ) {
 *     // your code here
 *     return $nonce;
 * }
 * ?>
 */
$um_file_upload_nonce = apply_filters( "um_file_upload_nonce", true );

if(  $um_file_upload_nonce  ){
	if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-'.$timestamp  ) && is_user_logged_in()) {
	    // This nonce is not valid.
	    $ret['error'] = 'Invalid nonce';
	    die( json_encode( $ret ) );
	}
}


if(isset($_FILES[$id]['name'])) {

    if(!is_array($_FILES[$id]['name'])) {
	
		$temp = $_FILES[$id]["tmp_name"];

	    /**
	     * UM hook
	     *
	     * @type filter
	     * @title um_upload_file_name
	     * @description Change File Upload nonce
	     * @input_vars
	     * [{"var":"$filename","type":"string","desc":"Filename"},
	     * {"var":"$id","type":"int","desc":"ID"},
	     * {"var":"$name","type":"string","desc":"Name"}]
	     * @change_log
	     * ["Since: 2.0"]
	     * @usage
	     * <?php add_filter( 'um_upload_file_name', 'function_name', 10, 3 ); ?>
	     * @example
	     * <?php
	     * add_filter( 'um_upload_file_name', 'my_upload_file_name', 10, 3 );
	     * function my_upload_file_name( $filename, $id, $name ) {
	     *     // your code here
	     *     return $filename;
	     * }
	     * ?>
	     */
        $file = apply_filters( 'um_upload_file_name', $id . "-" . $_FILES[ $id ]["name"], $id, $_FILES[ $id ]["name"] );
		$file = sanitize_file_name( $file );
		$extension = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) );
		
		$error = UM()->files()->check_file_upload( $temp, $extension, $id );
		if ( $error ){
			$ret['error'] = $error;
		} else {
			$ret[] = UM()->files()->new_file_upload_temp( $temp, $file );
			$ret['icon'] = UM()->files()->get_fonticon_by_ext( $extension );
			$ret['icon_bg'] = UM()->files()->get_fonticon_bg_by_ext( $extension );
			$ret['filename'] = $file;
		}

    }
	
} else {
	$ret['error'] = __('A theme or plugin compatibility issue','ultimate-member');
}
echo json_encode($ret);
first sync 2014-12-15 22:38:07 +02:00			`<?php`
- fixed Transferring a functional from a file to a 'class-files' 2017-12-20 13:21:55 +02:00			`// Exit if accessed directly`
			`if ( ! defined( 'ABSPATH' ) ) exit;`
first sync 2014-12-15 22:38:07 +02:00
Update 1.2.92 2015-05-02 02:49:05 +03:00			`$dirname = dirname( __FILE__ );`
			`do {`
!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`$dirname = dirname( $dirname );`
			`$wp_config = "{$dirname}/wp-config.php";`
			`$wp_load = "{$dirname}/wp-load.php";`
Update 1.2.92 2015-05-02 02:49:05 +03:00			`}`
Fix error missing wp-load.php 2017-06-10 10:11:41 +08:00			`while( !file_exists( $wp_config ) );`

!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`if ( ! file_exists( $wp_load ) ) {`
			`$dirs = glob( $dirname . '/*' , GLOB_ONLYDIR );`
Fix error missing wp-load.php 2017-06-10 10:11:41 +08:00
!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`foreach ( $dirs as $key => $value ) {`
			`$wp_load = "{$value}/wp-load.php";`
			`if ( file_exists( $wp_load ) ) {`
			`break;`
			`}`
			`}`
Fix error missing wp-load.php 2017-06-10 10:11:41 +08:00			`}`

Update 1.2.92 2015-05-02 02:49:05 +03:00			`require_once( $wp_load );`
Fix upload form with nonce 2016-06-17 11:39:04 +08:00
			`$ret['error'] = null;`
			`$ret = array();`

- fixed files uploading (by Denis); 2017-10-16 15:49:40 +03:00			`/* commented for enable download files on registration form`
			`* if ( ! is_user_logged_in() ) {`
- fixed vulnerabilities; 2017-08-07 16:30:12 +03:00			`$ret['error'] = 'Invalid user';`
			`die( json_encode( $ret ) );`
- fixed files uploading (by Denis); 2017-10-16 15:49:40 +03:00			`}*/`
- fixed vulnerabilities; 2017-08-07 16:30:12 +03:00
Fix upload form with nonce 2016-06-17 11:39:04 +08:00			`$nonce = $_POST['_wpnonce'];`
first sync 2014-12-15 22:38:07 +02:00			`$id = $_POST['key'];`
Fix upload form with nonce 2016-06-17 11:39:04 +08:00			`$timestamp = $_POST['timestamp'];`

!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`UM()->fields()->set_id = $_POST['set_id'];`
			`UM()->fields()->set_mode = $_POST['set_mode'];`
first sync 2014-12-15 22:38:07 +02:00
- made hooks documentation; 2018-03-02 09:55:49 +02:00			`/**`
			`* UM hook`
			`*`
			`* @type filter`
			`* @title um_file_upload_nonce`
			`* @description Change File Upload nonce`
			`* @input_vars`
			`* [{"var":"$nonce","type":"bool","desc":"Nonce"}]`
			`* @change_log`
			`* ["Since: 2.0"]`
			`* @usage`
			`* <?php add_filter( 'um_file_upload_nonce', 'function_name', 10, 1 ); ?>`
			`* @example`
			`* <?php`
			`* add_filter( 'um_file_upload_nonce', 'my_file_upload_nonce', 10, 1 );`
			`* function my_file_upload_nonce( $nonce ) {`
			`* // your code here`
			`* return $nonce;`
			`* }`
			`* ?>`
			`*/`
			`$um_file_upload_nonce = apply_filters( "um_file_upload_nonce", true );`
Add new filters for image and file upload nonce 2016-09-07 20:49:39 +08:00
			`if( $um_file_upload_nonce ){`
			`if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-'.$timestamp ) && is_user_logged_in()) {`
			`// This nonce is not valid.`
			`$ret['error'] = 'Invalid nonce';`
			`die( json_encode( $ret ) );`
			`}`
Fix upload form with nonce 2016-06-17 11:39:04 +08:00			`}`


first sync 2014-12-15 22:38:07 +02:00
			`if(isset($_FILES[$id]['name'])) {`

			`if(!is_array($_FILES[$id]['name'])) {`

			`$temp = $_FILES[$id]["tmp_name"];`
- made hooks documentation; 2018-03-02 09:55:49 +02:00
			`/**`
			`* UM hook`
			`*`
			`* @type filter`
			`* @title um_upload_file_name`
			`* @description Change File Upload nonce`
			`* @input_vars`
			`* [{"var":"$filename","type":"string","desc":"Filename"},`
			`* {"var":"$id","type":"int","desc":"ID"},`
			`* {"var":"$name","type":"string","desc":"Name"}]`
			`* @change_log`
			`* ["Since: 2.0"]`
			`* @usage`
			`* <?php add_filter( 'um_upload_file_name', 'function_name', 10, 3 ); ?>`
			`* @example`
			`* <?php`
			`* add_filter( 'um_upload_file_name', 'my_upload_file_name', 10, 3 );`
			`* function my_upload_file_name( $filename, $id, $name ) {`
			`* // your code here`
			`* return $filename;`
			`* }`
			`* ?>`
			`*/`
			`$file = apply_filters( 'um_upload_file_name', $id . "-" . $_FILES[ $id ]["name"], $id, $_FILES[ $id ]["name"] );`
			`$file = sanitize_file_name( $file );`
			`$extension = strtolower( pathinfo( $file, PATHINFO_EXTENSION ) );`
first sync 2014-12-15 22:38:07 +02:00
!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`$error = UM()->files()->check_file_upload( $temp, $extension, $id );`
first sync 2014-12-15 22:38:07 +02:00			`if ( $error ){`
			`$ret['error'] = $error;`
			`} else {`
!!! IMPORTANT 2.0 version before upgrade please run full backup of your site !!! 2017-07-26 14:57:52 +03:00			`$ret[] = UM()->files()->new_file_upload_temp( $temp, $file );`
			`$ret['icon'] = UM()->files()->get_fonticon_by_ext( $extension );`
			`$ret['icon_bg'] = UM()->files()->get_fonticon_bg_by_ext( $extension );`
first sync 2014-12-15 22:38:07 +02:00			`$ret['filename'] = $file;`
			`}`

			`}`

Update 1.0.85 2015-03-14 23:39:33 +02:00			`} else {`
Fx text domain slug for wp.org translation compatibility 2017-06-06 22:37:55 +08:00			`$ret['error'] = __('A theme or plugin compatibility issue','ultimate-member');`
first sync 2014-12-15 22:38:07 +02:00			`}`
Update um-file-upload.php 2017-01-19 02:45:56 -07:00			`echo json_encode($ret);`