mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
Merge remote-tracking branch 'remotes/origin/fix/security_file_upload'
This commit is contained in:
nikitozzzzzzz
@@ -79,8 +79,8 @@ if ( ! class_exists( 'Enqueue' ) ) {
|
|||||||
// enqueue styles
|
// enqueue styles
|
||||||
$localize_data = apply_filters( 'um_enqueue_localize_data', array(
|
$localize_data = apply_filters( 'um_enqueue_localize_data', array(
|
||||||
'ajaxurl' => admin_url( 'admin-ajax.php' ),
|
'ajaxurl' => admin_url( 'admin-ajax.php' ),
|
||||||
'fileupload' => um_url . 'includes/lib/upload/um-file-upload.php',
|
'fileupload' => UM()->get_ajax_route( 'um\core\Files', 'ajax_file_upload' ),
|
||||||
'imageupload' => um_url . 'includes/lib/upload/um-image-upload.php',
|
'imageupload' => UM()->get_ajax_route( 'um\core\Files', 'ajax_image_upload' ),
|
||||||
'remove_file' => UM()->get_ajax_route( 'um\core\Files', 'ajax_remove_file' ),
|
'remove_file' => UM()->get_ajax_route( 'um\core\Files', 'ajax_remove_file' ),
|
||||||
'delete_profile_photo' => UM()->get_ajax_route( 'um\core\Profile', 'ajax_delete_profile_photo' ),
|
'delete_profile_photo' => UM()->get_ajax_route( 'um\core\Profile', 'ajax_delete_profile_photo' ),
|
||||||
'delete_cover_photo' => UM()->get_ajax_route( 'um\core\Profile', 'ajax_delete_cover_photo' ),
|
'delete_cover_photo' => UM()->get_ajax_route( 'um\core\Profile', 'ajax_delete_cover_photo' ),
|
||||||
|
|||||||
@@ -743,5 +743,109 @@ if ( ! class_exists( 'Files' ) ) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function ajax_image_upload(){
|
||||||
|
$ret['error'] = null;
|
||||||
|
$ret = array();
|
||||||
|
|
||||||
|
$id = $_POST['key'];
|
||||||
|
$timestamp = $_POST['timestamp'];
|
||||||
|
$nonce = $_POST['_wpnonce'];
|
||||||
|
|
||||||
|
UM()->fields()->set_id = $_POST['set_id'];
|
||||||
|
UM()->fields()->set_mode = $_POST['set_mode'];
|
||||||
|
|
||||||
|
$um_image_upload_nonce = apply_filters("um_image_upload_nonce", true );
|
||||||
|
|
||||||
|
if( $um_image_upload_nonce ){
|
||||||
|
if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-'.$timestamp ) && is_user_logged_in() ) {
|
||||||
|
// This nonce is not valid.
|
||||||
|
$ret['error'] = 'Invalid nonce';
|
||||||
|
die( json_encode( $ret ) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_FILES[$id]['name'])) {
|
||||||
|
|
||||||
|
if(!is_array($_FILES[$id]['name'])) {
|
||||||
|
|
||||||
|
$temp = $_FILES[$id]["tmp_name"];
|
||||||
|
$file = $id."-".$_FILES[$id]["name"];
|
||||||
|
$file = sanitize_file_name($file);
|
||||||
|
$ext = strtolower( pathinfo($file, PATHINFO_EXTENSION) );
|
||||||
|
|
||||||
|
$error = UM()->files()->check_image_upload( $temp, $id );
|
||||||
|
if ( $error ){
|
||||||
|
|
||||||
|
$ret['error'] = $error;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$file = "stream_photo_".md5($file)."_".uniqid().".".$ext;
|
||||||
|
$ret[ ] = UM()->files()->new_image_upload_temp( $temp, $file, UM()->options()->get('image_compression') );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$ret['error'] = __('A theme or plugin compatibility issue','ultimate-member');
|
||||||
|
}
|
||||||
|
echo json_encode($ret);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
function ajax_file_upload(){
|
||||||
|
$ret['error'] = null;
|
||||||
|
$ret = array();
|
||||||
|
|
||||||
|
/* commented for enable download files on registration form
|
||||||
|
* if ( ! is_user_logged_in() ) {
|
||||||
|
$ret['error'] = 'Invalid user';
|
||||||
|
die( json_encode( $ret ) );
|
||||||
|
}*/
|
||||||
|
|
||||||
|
$nonce = $_POST['_wpnonce'];
|
||||||
|
$id = $_POST['key'];
|
||||||
|
$timestamp = $_POST['timestamp'];
|
||||||
|
|
||||||
|
UM()->fields()->set_id = $_POST['set_id'];
|
||||||
|
UM()->fields()->set_mode = $_POST['set_mode'];
|
||||||
|
|
||||||
|
$um_file_upload_nonce = apply_filters("um_file_upload_nonce", true );
|
||||||
|
|
||||||
|
if( $um_file_upload_nonce ){
|
||||||
|
if ( ! wp_verify_nonce( $nonce, 'um_upload_nonce-'.$timestamp ) && is_user_logged_in()) {
|
||||||
|
// This nonce is not valid.
|
||||||
|
$ret['error'] = 'Invalid nonce';
|
||||||
|
die( json_encode( $ret ) );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_FILES[$id]['name'])) {
|
||||||
|
|
||||||
|
if(!is_array($_FILES[$id]['name'])) {
|
||||||
|
|
||||||
|
$temp = $_FILES[$id]["tmp_name"];
|
||||||
|
$file = apply_filters('um_upload_file_name',$id."-".$_FILES[$id]["name"],$id,$_FILES[$id]["name"]);
|
||||||
|
$file = sanitize_file_name($file);
|
||||||
|
$extension = strtolower( pathinfo($file, PATHINFO_EXTENSION) );
|
||||||
|
|
||||||
|
$error = UM()->files()->check_file_upload( $temp, $extension, $id );
|
||||||
|
if ( $error ){
|
||||||
|
$ret['error'] = $error;
|
||||||
|
} else {
|
||||||
|
$ret[] = UM()->files()->new_file_upload_temp( $temp, $file );
|
||||||
|
$ret['icon'] = UM()->files()->get_fonticon_by_ext( $extension );
|
||||||
|
$ret['icon_bg'] = UM()->files()->get_fonticon_bg_by_ext( $extension );
|
||||||
|
$ret['filename'] = $file;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$ret['error'] = __('A theme or plugin compatibility issue','ultimate-member');
|
||||||
|
}
|
||||||
|
echo json_encode($ret);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,4 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
|
// Exit if accessed directly
|
||||||
|
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||||
|
|
||||||
$dirname = dirname( __FILE__ );
|
$dirname = dirname( __FILE__ );
|
||||||
do {
|
do {
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
|
// Exit if accessed directly
|
||||||
|
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||||
|
|
||||||
$dirname = dirname( __FILE__ );
|
$dirname = dirname( __FILE__ );
|
||||||
do {
|
do {
|
||||||
|
|||||||
Reference in New Issue
Block a user