diff --git a/includes/admin/core/list-tables/emails-list-table.php b/includes/admin/core/list-tables/emails-list-table.php index 0321b934..87bcc5c3 100644 --- a/includes/admin/core/list-tables/emails-list-table.php +++ b/includes/admin/core/list-tables/emails-list-table.php @@ -14,7 +14,7 @@ if ( ! empty( $_GET['_wp_http_referer'] ) ) { } if ( ! class_exists( 'WP_List_Table' ) ) { - require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' ); + require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php'; } diff --git a/includes/admin/core/packages/2.1.3-beta3/functions.php b/includes/admin/core/packages/2.1.3-beta3/functions.php index 9609ce10..7f5de7f1 100644 --- a/includes/admin/core/packages/2.1.3-beta3/functions.php +++ b/includes/admin/core/packages/2.1.3-beta3/functions.php @@ -140,7 +140,7 @@ KEY meta_key_indx (um_key), KEY meta_value_indx (um_value(191)) ) $charset_collate;"; - require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); + require_once ABSPATH . 'wp-admin/includes/upgrade.php'; dbDelta( $sql ); update_option( 'um_last_version_upgrade', '2.1.3-beta3' ); diff --git a/includes/core/class-ajax-common.php b/includes/core/class-ajax-common.php index be2abe0d..9517db0a 100644 --- a/includes/core/class-ajax-common.php +++ b/includes/core/class-ajax-common.php @@ -49,13 +49,13 @@ if ( ! class_exists( 'um\core\AJAX_Common' ) ) { add_action( 'wp_ajax_um_remove_file', array( UM()->files(), 'ajax_remove_file' ) ); add_action( 'wp_ajax_nopriv_um_remove_file', array( UM()->files(), 'ajax_remove_file' ) ); - add_action( 'wp_ajax_nopriv_um_fileupload', array( UM()->files(), 'ajax_file_upload' ) ); + add_action( 'wp_ajax_nopriv_um_fileupload', array( UM()->files(), 'ajax_file_upload' ) ); // Enabled files uploading on registration form. add_action( 'wp_ajax_um_fileupload', array( UM()->files(), 'ajax_file_upload' ) ); - add_action( 'wp_ajax_nopriv_um_imageupload', array( UM()->files(), 'ajax_image_upload' ) ); + add_action( 'wp_ajax_nopriv_um_imageupload', array( UM()->files(), 'ajax_image_upload' ) ); // Enabled image uploading on registration form. add_action( 'wp_ajax_um_imageupload', array( UM()->files(), 'ajax_image_upload' ) ); - add_action( 'wp_ajax_nopriv_um_resize_image', array( UM()->files(), 'ajax_resize_image' ) ); + add_action( 'wp_ajax_nopriv_um_resize_image', array( UM()->files(), 'ajax_resize_image' ) ); // Enabled image resize on registration form. add_action( 'wp_ajax_um_resize_image', array( UM()->files(), 'ajax_resize_image' ) ); add_action( 'wp_ajax_nopriv_um_get_members', array( UM()->member_directory(), 'ajax_get_members' ) ); diff --git a/includes/core/class-files.php b/includes/core/class-files.php index 200849e5..00f7d16b 100644 --- a/includes/core/class-files.php +++ b/includes/core/class-files.php @@ -1,6 +1,8 @@ roles()->um_current_user_can( 'edit', $user_id ) ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit this user', 'ultimate-member' ) ) ); + } - UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; - UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; + if ( $user_id && ! is_user_logged_in() ) { + wp_send_json_error( esc_js( __( 'Please login to edit this user', 'ultimate-member' ) ) ); + } - if ( 'register' !== UM()->fields()->set_mode && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { - $ret['error'] = esc_js( __( 'You have no permission to edit this user', 'ultimate-member' ) ); - wp_send_json_error( $ret ); + $form_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; + $mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; + + UM()->fields()->set_id = $form_id; + UM()->fields()->set_mode = $mode; + + if ( ! is_user_logged_in() && 'profile' === $mode ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit user profile', 'ultimate-member' ) ) ); + } + + if ( null !== $user_id && 'register' === $mode ) { + wp_send_json_error( esc_js( __( 'User has to be empty on registration', 'ultimate-member' ) ) ); + } + + $form_post = get_post( $form_id ); + // Invalid post ID. Maybe post doesn't exist. + if ( empty( $form_post ) ) { + wp_send_json_error( esc_js( __( 'Invalid form ID', 'ultimate-member' ) ) ); + } + + if ( 'um_form' !== $form_post->post_type ) { + wp_send_json_error( esc_js( __( 'Invalid form post type', 'ultimate-member' ) ) ); + } + + $form_status = get_post_status( $form_id ); + if ( 'publish' !== $form_status ) { + wp_send_json_error( esc_js( __( 'Invalid form status', 'ultimate-member' ) ) ); + } + + $post_data = UM()->query()->post_data( $form_id ); + if ( ! array_key_exists( 'mode', $post_data ) || $mode !== $post_data['mode'] ) { + wp_send_json_error( esc_js( __( 'Invalid form type', 'ultimate-member' ) ) ); + } + + // For profiles only. + if ( 'profile' === $mode && ! empty( $post_data['use_custom_settings'] ) && ! empty( $post_data['role'] ) ) { + // Option "Apply custom settings to this form". Option "Make this profile form role-specific". + // Show the first Profile Form with role selected, don't show profile forms below the page with other role-specific setting. + $current_user_roles = UM()->roles()->get_all_user_roles( $user_id ); + if ( empty( $current_user_roles ) ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit this user through this form', 'ultimate-member' ) ) ); + } + + if ( is_array( $post_data['role'] ) ) { + if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit this user through this form', 'ultimate-member' ) ) ); + } + } elseif ( ! in_array( $post_data['role'], $current_user_roles, true ) ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit this user through this form', 'ultimate-member' ) ) ); + } + } + + $key = sanitize_text_field( $_REQUEST['key'] ); + + if ( ! array_key_exists( 'custom_fields', $post_data ) || empty( $post_data['custom_fields'] ) ) { + wp_send_json_error( esc_js( __( 'Invalid form fields', 'ultimate-member' ) ) ); + } + + $custom_fields = maybe_unserialize( $post_data['custom_fields'] ); + if ( ! is_array( $custom_fields ) || ! array_key_exists( $key, $custom_fields ) ) { + if ( ! ( 'profile' === $mode && in_array( $key, array( 'cover_photo', 'profile_photo' ), true ) ) ) { + wp_send_json_error( esc_js( __( 'Invalid field metakey', 'ultimate-member' ) ) ); + } + } + + if ( empty( $custom_fields[ $key ]['crop'] ) && ! in_array( $key, array( 'cover_photo', 'profile_photo' ), true ) ) { + wp_send_json_error( esc_js( __( 'This field doesn\'t support image crop', 'ultimate-member' ) ) ); + } + + if ( 'profile' === $mode && ! um_can_edit_field( $custom_fields[ $key ] ) ) { + wp_send_json_error( esc_js( __( 'You have no permission to edit this field', 'ultimate-member' ) ) ); } $src = esc_url_raw( $_REQUEST['src'] ); @@ -340,6 +412,8 @@ if ( ! class_exists( 'um\core\Files' ) ) { wp_send_json_error( esc_js( __( 'Invalid file ownership', 'ultimate-member' ) ) ); } + $coord = sanitize_text_field( $_REQUEST['coord'] ); + UM()->uploader()->replace_upload_dir = true; $output = UM()->uploader()->resize_image( $image_path, $src, $key, $user_id, $coord ); @@ -354,166 +428,309 @@ if ( ! class_exists( 'um\core\Files' ) ) { /** * Image upload by AJAX * - * @throws \Exception + * @throws Exception */ - function ajax_image_upload() { + public function ajax_image_upload() { $ret['error'] = null; - $ret = array(); - - $id = sanitize_text_field( $_POST['key'] ); - $timestamp = absint( $_POST['timestamp'] ); - $nonce = sanitize_text_field( $_POST['_wpnonce'] ); - $user_id = empty( $_POST['user_id'] ) ? get_current_user_id() : absint( $_POST['user_id'] ); - - UM()->fields()->set_id = absint( $_POST['set_id'] ); - UM()->fields()->set_mode = sanitize_key( $_POST['set_mode'] ); - - if ( UM()->fields()->set_mode != 'register' && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { - $ret['error'] = __( 'You have no permission to edit this user', 'ultimate-member' ); - wp_send_json_error( $ret ); - } + $ret = array(); /** - * UM hook + * Filters image upload checking nonce. * - * @type filter - * @title um_image_upload_nonce - * @description Change Image Upload nonce - * @input_vars - * [{"var":"$nonce","type":"bool","desc":"Nonce"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Disable checking nonce on image upload. + * function my_image_upload_nonce( $verify_nonce ) { * // your code here - * return $nonce; + * $verify_nonce = false; + * return $verify_nonce; * } - * ?> + * add_filter( 'um_image_upload_nonce', 'my_image_upload_nonce' ); */ $um_image_upload_nonce = apply_filters( 'um_image_upload_nonce', true ); - if ( $um_image_upload_nonce ) { + $timestamp = absint( $_POST['timestamp'] ); + $nonce = sanitize_text_field( $_POST['_wpnonce'] ); if ( ! wp_verify_nonce( $nonce, "um_upload_nonce-{$timestamp}" ) && is_user_logged_in() ) { // This nonce is not valid. - $ret['error'] = __( 'Invalid nonce', 'ultimate-member' ); + $ret['error'] = esc_html__( 'Invalid nonce', 'ultimate-member' ); wp_send_json_error( $ret ); } } + $user_id = empty( $_POST['user_id'] ) ? null : absint( $_POST['user_id'] ); + if ( $user_id && is_user_logged_in() && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( $user_id && ! is_user_logged_in() ) { + $ret['error'] = esc_html__( 'Please login to edit this user', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $form_id = absint( $_POST['set_id'] ); + $mode = sanitize_key( $_POST['set_mode'] ); + + UM()->fields()->set_id = $form_id; + UM()->fields()->set_mode = $mode; + + if ( ! is_user_logged_in() && 'profile' === $mode ) { + $ret['error'] = esc_html__( 'You have no permission to edit user profile', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( null !== $user_id && 'register' === $mode ) { + $ret['error'] = esc_html__( 'User has to be empty on registration', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $form_post = get_post( $form_id ); + // Invalid post ID. Maybe post doesn't exist. + if ( empty( $form_post ) ) { + $ret['error'] = esc_html__( 'Invalid form ID', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( 'um_form' !== $form_post->post_type ) { + $ret['error'] = esc_html__( 'Invalid form post type', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $form_status = get_post_status( $form_id ); + if ( 'publish' !== $form_status ) { + $ret['error'] = esc_html__( 'Invalid form status', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $post_data = UM()->query()->post_data( $form_id ); + if ( ! array_key_exists( 'mode', $post_data ) || $mode !== $post_data['mode'] ) { + $ret['error'] = esc_html__( 'Invalid form type', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + // For profiles only. + if ( 'profile' === $mode && ! empty( $post_data['use_custom_settings'] ) && ! empty( $post_data['role'] ) ) { + // Option "Apply custom settings to this form". Option "Make this profile form role-specific". + // Show the first Profile Form with role selected, don't show profile forms below the page with other role-specific setting. + $current_user_roles = UM()->roles()->get_all_user_roles( $user_id ); + if ( empty( $current_user_roles ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( is_array( $post_data['role'] ) ) { + if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + } elseif ( ! in_array( $post_data['role'], $current_user_roles, true ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + } + + $id = sanitize_text_field( $_POST['key'] ); + + if ( ! array_key_exists( 'custom_fields', $post_data ) || empty( $post_data['custom_fields'] ) ) { + $ret['error'] = esc_html__( 'Invalid form fields', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $custom_fields = maybe_unserialize( $post_data['custom_fields'] ); + if ( ! is_array( $custom_fields ) || ! array_key_exists( $id, $custom_fields ) ) { + if ( ! ( 'profile' === $mode && in_array( $id, array( 'cover_photo', 'profile_photo' ), true ) ) ) { + $ret['error'] = esc_html__( 'Invalid field metakey', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + } + + if ( 'profile' === $mode && ! um_can_edit_field( $custom_fields[ $id ] ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this field', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + if ( isset( $_FILES[ $id ]['name'] ) ) { - if ( ! is_array( $_FILES[ $id ]['name'] ) ) { - UM()->uploader()->replace_upload_dir = true; + $uploaded = UM()->uploader()->upload_image( $_FILES[ $id ], $user_id, $id ); + UM()->uploader()->replace_upload_dir = false; + if ( isset( $uploaded['error'] ) ) { $ret['error'] = $uploaded['error']; } else { $ret[] = $uploaded['handle_upload']; } - } - } else { - $ret['error'] = __( 'A theme or plugin compatibility issue', 'ultimate-member' ); + $ret['error'] = esc_html__( 'A theme or plugin compatibility issue', 'ultimate-member' ); } + wp_send_json_success( $ret ); } - /** * File upload by AJAX + * + * @throws Exception */ - function ajax_file_upload() { + public function ajax_file_upload() { $ret['error'] = null; - $ret = array(); - - /* commented for enable download files on registration form - * if ( ! is_user_logged_in() ) { - $ret['error'] = 'Invalid user'; - die( json_encode( $ret ) ); - }*/ - - $nonce = sanitize_text_field( $_POST['_wpnonce'] ); - $id = sanitize_text_field( $_POST['key'] ); - $timestamp = absint( $_POST['timestamp'] ); - - UM()->fields()->set_id = absint( $_POST['set_id'] ); - UM()->fields()->set_mode = sanitize_key( $_POST['set_mode'] ); + $ret = array(); /** - * UM hook + * Filters file upload checking nonce. * - * @type filter - * @title um_file_upload_nonce - * @description Change File Upload nonce - * @input_vars - * [{"var":"$nonce","type":"bool","desc":"Nonce"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Disable checking nonce on file upload. + * function my_file_upload_nonce( $verify_nonce ) { * // your code here - * return $nonce; + * $verify_nonce = false; + * return $verify_nonce; * } - * ?> + * add_filter( 'um_file_upload_nonce', 'my_file_upload_nonce' ); */ - $um_file_upload_nonce = apply_filters("um_file_upload_nonce", true ); + $um_file_upload_nonce = apply_filters( 'um_file_upload_nonce', true ); + if ( $um_file_upload_nonce ) { + $nonce = sanitize_text_field( $_POST['_wpnonce'] ); + $timestamp = absint( $_POST['timestamp'] ); - if ( $um_file_upload_nonce ) { - if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-'.$timestamp ) && is_user_logged_in() ) { + if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-' . $timestamp ) && is_user_logged_in() ) { // This nonce is not valid. - $ret['error'] = 'Invalid nonce'; + $ret['error'] = esc_html__( 'Invalid nonce', 'ultimate-member' ); wp_send_json_error( $ret ); - } } + $user_id = empty( $_POST['user_id'] ) ? null : absint( $_POST['user_id'] ); + if ( $user_id && is_user_logged_in() && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user', 'ultimate-member' ); + wp_send_json_error( $ret ); + } - if( isset( $_FILES[ $id ]['name'] ) ) { + if ( $user_id && ! is_user_logged_in() ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user', 'ultimate-member' ); + wp_send_json_error( $ret ); + } - if ( ! is_array( $_FILES[ $id ]['name'] ) ) { + $form_id = absint( $_POST['set_id'] ); + $mode = sanitize_key( $_POST['set_mode'] ); - $user_id = absint( $_POST['user_id'] ); + UM()->fields()->set_id = $form_id; + UM()->fields()->set_mode = $mode; - UM()->uploader()->replace_upload_dir = true; - $uploaded = UM()->uploader()->upload_file( $_FILES[ $id ], $user_id, $id ); - UM()->uploader()->replace_upload_dir = false; - if ( isset( $uploaded['error'] ) ){ + if ( ! is_user_logged_in() && 'profile' === $mode ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user', 'ultimate-member' ); + wp_send_json_error( $ret ); + } - $ret['error'] = $uploaded['error']; + if ( null !== $user_id && 'register' === $mode ) { + $ret['error'] = esc_html__( 'User has to be empty on registration', 'ultimate-member' ); + wp_send_json_error( $ret ); + } - } else { + $form_post = get_post( $form_id ); + // Invalid post ID. Maybe post doesn't exist. + if ( empty( $form_post ) ) { + $ret['error'] = esc_html__( 'Invalid form ID', 'ultimate-member' ); + wp_send_json_error( $ret ); + } - $uploaded_file = $uploaded['handle_upload']; - $ret['url'] = $uploaded_file['file_info']['name']; - $ret['icon'] = UM()->files()->get_fonticon_by_ext( $uploaded_file['file_info']['ext'] ); - $ret['icon_bg'] = UM()->files()->get_fonticon_bg_by_ext( $uploaded_file['file_info']['ext'] ); - $ret['filename'] = $uploaded_file['file_info']['basename']; - $ret['original_name'] = $uploaded_file['file_info']['original_name']; + if ( 'um_form' !== $form_post->post_type ) { + $ret['error'] = esc_html__( 'Invalid form post type', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + $form_status = get_post_status( $form_id ); + if ( 'publish' !== $form_status ) { + $ret['error'] = esc_html__( 'Invalid form status', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $post_data = UM()->query()->post_data( $form_id ); + if ( ! array_key_exists( 'mode', $post_data ) || $mode !== $post_data['mode'] ) { + $ret['error'] = esc_html__( 'Invalid form type', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + // For profiles only. + if ( 'profile' === $mode && ! empty( $post_data['use_custom_settings'] ) && ! empty( $post_data['role'] ) ) { + // Option "Apply custom settings to this form". Option "Make this profile form role-specific". + // Show the first Profile Form with role selected, don't show profile forms below the page with other role-specific setting. + $current_user_roles = UM()->roles()->get_all_user_roles( $user_id ); + if ( empty( $current_user_roles ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( is_array( $post_data['role'] ) ) { + if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); } - + } elseif ( ! in_array( $post_data['role'], $current_user_roles, true ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); + wp_send_json_error( $ret ); } - - } else { - $ret['error'] = __('A theme or plugin compatibility issue','ultimate-member'); } + $id = sanitize_text_field( $_POST['key'] ); + + if ( ! array_key_exists( 'custom_fields', $post_data ) || empty( $post_data['custom_fields'] ) ) { + $ret['error'] = esc_html__( 'Invalid form fields', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + $custom_fields = maybe_unserialize( $post_data['custom_fields'] ); + if ( ! is_array( $custom_fields ) || ! array_key_exists( $id, $custom_fields ) ) { + $ret['error'] = esc_html__( 'Invalid field metakey', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( 'profile' === $mode && ! um_can_edit_field( $custom_fields[ $id ] ) ) { + $ret['error'] = esc_html__( 'You have no permission to edit this field', 'ultimate-member' ); + wp_send_json_error( $ret ); + } + + if ( isset( $_FILES[ $id ]['name'] ) ) { + if ( ! is_array( $_FILES[ $id ]['name'] ) ) { + UM()->uploader()->replace_upload_dir = true; + + $uploaded = UM()->uploader()->upload_file( $_FILES[ $id ], $user_id, $id ); + + UM()->uploader()->replace_upload_dir = false; + + if ( isset( $uploaded['error'] ) ) { + $ret['error'] = $uploaded['error']; + } else { + $uploaded_file = $uploaded['handle_upload']; + $ret['url'] = $uploaded_file['file_info']['name']; + $ret['icon'] = UM()->files()->get_fonticon_by_ext( $uploaded_file['file_info']['ext'] ); + $ret['icon_bg'] = UM()->files()->get_fonticon_bg_by_ext( $uploaded_file['file_info']['ext'] ); + $ret['filename'] = $uploaded_file['file_info']['basename']; + $ret['original_name'] = $uploaded_file['file_info']['original_name']; + } + } + } else { + $ret['error'] = esc_html__( 'A theme or plugin compatibility issue', 'ultimate-member' ); + } wp_send_json_success( $ret ); } - /** * Allowed image types * diff --git a/includes/core/class-plugin-updater.php b/includes/core/class-plugin-updater.php index 5945d673..a4082b76 100644 --- a/includes/core/class-plugin-updater.php +++ b/includes/core/class-plugin-updater.php @@ -250,7 +250,7 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) { return; } - require_once( ABSPATH . 'wp-admin/includes/plugin.php' ); + require_once ABSPATH . 'wp-admin/includes/plugin.php'; $api_params = array( 'edd_action' => 'check_licenses', diff --git a/includes/core/class-uploader.php b/includes/core/class-uploader.php index 9ef60e96..01d695da 100644 --- a/includes/core/class-uploader.php +++ b/includes/core/class-uploader.php @@ -3,6 +3,8 @@ namespace um\core; // Exit if accessed directly +use Exception; + if ( ! defined( 'ABSPATH' ) ) exit; @@ -300,13 +302,13 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { * @since 2.0.22 * * @return array - * @throws \Exception + * @throws Exception */ public function upload_image( $uploadedfile, $user_id = null, $field_key = '', $upload_type = 'stream_photo' ) { $response = array(); if ( ! function_exists( 'wp_handle_upload' ) ) { - require_once( ABSPATH . 'wp-admin/includes/file.php' ); + require_once ABSPATH . 'wp-admin/includes/file.php'; } if ( empty( $field_key ) ) { @@ -323,7 +325,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { $this->user_id = $user_id; } - if ( in_array( $field_key, array( 'profile_photo', 'cover_photo' ) ) ) { + if ( in_array( $field_key, array( 'profile_photo', 'cover_photo' ), true ) ) { $this->upload_image_type = $field_key; } @@ -510,19 +512,20 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { /** * Upload Files * + * @since 2.0.22 + * * @param $uploadedfile * @param int|null $user_id * @param string $field_key * - * @since 2.0.22 - * * @return array + * @throws Exception */ public function upload_file( $uploadedfile, $user_id = null, $field_key = '' ) { $response = array(); if ( ! function_exists( 'wp_handle_upload' ) ) { - require_once( ABSPATH . 'wp-admin/includes/file.php' ); + require_once ABSPATH . 'wp-admin/includes/file.php'; } $this->field_key = $field_key; @@ -535,19 +538,19 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { $field_data = UM()->fields()->get_field( $field_key ); - $field_allowed_file_types = explode(",", $field_data['allowed_types'] ); + $field_allowed_file_types = explode( ',', $field_data['allowed_types'] ); $allowed_file_mimes = array(); foreach ( $field_allowed_file_types as $a ) { - $atype = wp_check_filetype( "test.{$a}" ); + $atype = wp_check_filetype( "test.{$a}" ); $allowed_file_mimes[ $atype['ext'] ] = $atype['type']; } $upload_overrides = array( - 'test_form' => false, - 'mimes' => apply_filters( 'um_uploader_allowed_file_mimes', $allowed_file_mimes ), - 'unique_filename_callback' => array( $this, 'unique_filename' ), + 'test_form' => false, + 'mimes' => apply_filters( 'um_uploader_allowed_file_mimes', $allowed_file_mimes ), + 'unique_filename_callback' => array( $this, 'unique_filename' ), ); $upload_overrides = apply_filters( "um_file_upload_handler_overrides__{$field_key}", $upload_overrides ); @@ -556,9 +559,9 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { if ( isset( $movefile['error'] ) ) { /* - * Error generated by _wp_handle_upload() - * @see _wp_handle_upload() in wp-admin/includes/file.php - */ + * Error generated by _wp_handle_upload() + * @see _wp_handle_upload() in wp-admin/includes/file.php + */ $response['error'] = $movefile['error']; } else { @@ -574,7 +577,6 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { $movefile['file_info']['size'] = filesize( $movefile['file'] ); $movefile['file_info']['size_format'] = size_format( $movefile['file_info']['size'] ); - /** * UM hook * @@ -690,7 +692,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { $error = null; if ( ! function_exists( 'wp_get_image_editor' ) ) { - require_once( ABSPATH . 'wp-admin/includes/media.php' ); + require_once ABSPATH . 'wp-admin/includes/media.php'; } $image = wp_get_image_editor( $file ); @@ -814,7 +816,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) { $error = null; if ( ! function_exists( 'wp_get_image_editor' ) ) { - require_once( ABSPATH . 'wp-admin/includes/media.php' ); + require_once ABSPATH . 'wp-admin/includes/media.php'; } $file_type = wp_check_filetype( $file );