diff --git a/_mediavault.php b/_mediavault.php index 771ab55..2b425be 100644 --- a/_mediavault.php +++ b/_mediavault.php @@ -1,13 +1,13 @@ array( - 'description' => __( 'Admin users only', 'media-vault' ), - 'select' => __( 'Admin users', 'media-vault' ), - 'logged_in' => true, - 'run_in_admin' => true, - 'cb' => 'mgjp_mv_check_admin_permission' + 'admin' => array( + 'description' => __('Admin users only', 'media-vault'), + 'select' => __('Admin users', 'media-vault'), + 'logged_in' => true, + 'run_in_admin' => true, + 'cb' => 'mgjp_mv_check_admin_permission', ), - 'author' => array( - 'description' => __( 'The file\'s author', 'media-vault' ), - 'select' => __( 'The file\'s author', 'media-vault' ), - 'logged_in' => true, - 'run_in_admin' => true, - 'cb' => 'mgjp_mv_check_author_permission' + 'author' => array( + 'description' => __('The file\'s author', 'media-vault'), + 'select' => __('The file\'s author', 'media-vault'), + 'logged_in' => true, + 'run_in_admin' => true, + 'cb' => 'mgjp_mv_check_author_permission', ), - 'logged-in' => array( - 'description' => __( 'All logged-in users', 'media-vault' ), - 'select' => __( 'Logged-in users', 'media-vault' ), - 'logged_in' => true, - 'run_in_admin' => false, - 'cb' => false + 'logged-in' => array( + 'description' => __('All logged-in users', 'media-vault'), + 'select' => __('Logged-in users', 'media-vault'), + 'logged_in' => true, + 'run_in_admin' => false, + 'cb' => false, + ), + 'all' => array( + 'description' => __('Anyone', 'media-vault'), + 'select' => __('Anyone', 'media-vault'), + 'logged_in' => false, + 'run_in_admin' => false, + 'cb' => false, ), - 'all' => array( - 'description' => __( 'Anyone', 'media-vault' ), - 'select' => __( 'Anyone', 'media-vault' ), - 'logged_in' => false, - 'run_in_admin' => false, - 'cb' => false - ) ); - -register_activation_hook( __FILE__, 'mgjp_mv_activate' ); -register_deactivation_hook( __FILE__, 'mgjp_mv_deactivate' ); - -add_action( 'plugins_loaded', 'mgjp_mv_textdomain' ); - -add_action( 'init', 'mgjp_mv_check_version' ); - -add_action( 'load-plugins.php', 'mgjp_mv_on_deactivation_request' ); - -if ( get_site_option( 'mgjp_mv_enabled' ) ) { - - add_action( 'init', 'mgjp_mv_handle_file_request', 0 ); - add_action( 'init', 'mgjp_mv_register_shortcodes' ); - - add_action( 'wp_enqueue_media', 'mgjp_mv_attachment_edit_fields_styles_and_scripts' ); - - add_filter( 'mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules' ); - - add_filter( 'upload_dir', 'mgjp_mv_change_upload_directory', 999 ); - - add_filter( 'user_has_cap', 'mgjp_mv_edit_capabilities', 999, 3 ); - - add_filter( 'image_downsize', 'mgjp_mv_replace_protected_image', 999, 3 ); - - if ( is_admin() ) { - - add_action( 'admin_init', 'mgjp_mv_ajax_actions_include', 0 ); - add_action( 'admin_init', 'mgjp_mv_media_vault_options_include' ); - add_action( 'admin_init', 'mgjp_mv_attachment_metabox_include' ); - - add_action( 'load-media-new.php', 'mgjp_mv_media_new_options_include' ); - add_action( 'load-upload.php', 'mgjp_mv_media_library_options_include' ); - - add_filter( 'admin_body_class', 'mgjp_add_mp6_admin_body_class' ); - - add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'mgjp_mv_settings_link' ); - - } - -} else { - - include( plugin_dir_path( __FILE__ ) . 'mv-extra-activation-steps.php' ); - +register_activation_hook(__FILE__, 'mgjp_mv_activate'); +register_deactivation_hook(__FILE__, 'mgjp_mv_deactivate'); + +add_action('plugins_loaded', 'mgjp_mv_textdomain'); + +add_action('init', 'mgjp_mv_check_version'); + +add_action('load-plugins.php', 'mgjp_mv_on_deactivation_request'); + +if (get_site_option('mgjp_mv_enabled')) +{ + + add_action('init', 'mgjp_mv_handle_file_request', 0); + add_action('init', 'mgjp_mv_register_shortcodes'); + + add_action('wp_enqueue_media', 'mgjp_mv_attachment_edit_fields_styles_and_scripts'); + + add_filter('mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules'); + + add_filter('upload_dir', 'mgjp_mv_change_upload_directory', 999); + + add_filter('user_has_cap', 'mgjp_mv_edit_capabilities', 999, 3); + + add_filter('image_downsize', 'mgjp_mv_replace_protected_image', 999, 3); + + if (is_admin()) + { + + add_action('admin_init', 'mgjp_mv_ajax_actions_include', 0); + add_action('admin_init', 'mgjp_mv_media_vault_options_include'); + add_action('admin_init', 'mgjp_mv_attachment_metabox_include'); + + add_action('load-media-new.php', 'mgjp_mv_media_new_options_include'); + add_action('load-upload.php', 'mgjp_mv_media_library_options_include'); + + add_filter('admin_body_class', 'mgjp_add_mp6_admin_body_class'); + + add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'mgjp_mv_settings_link'); + + } + +} +else +{ + + include(plugin_dir_path(__FILE__) . 'mv-extra-activation-steps.php'); + } -if ( get_site_option( 'mgjp_mv_deactivation' ) ) - include( plugin_dir_path( __FILE__ ) . 'mv-extra-deactivation-steps.php' ); - +if (get_site_option('mgjp_mv_deactivation')) +{ + include(plugin_dir_path(__FILE__) . 'mv-extra-deactivation-steps.php'); +} //-----------------------------------------------------------------------// // MEDIA VAULT - PERMISSION CHECKING FUNCTIONS //-----------------------------------------------------------------------// - /** * The 'admin' permission checking callback. * * @since 0.4 */ -function mgjp_mv_check_admin_permission() { - if ( ! current_user_can( 'manage_options' ) ) - return new WP_Error( 'not_admin', __( 'You do not have sufficient permissions to view this file.', 'media-vault' ) ); - - return true; +function mgjp_mv_check_admin_permission() +{ + if (!current_user_can('manage_options')) + { + return new WP_Error('not_admin', __('You do not have sufficient permissions to view this file.', 'media-vault')); + } + + return true; } /** @@ -144,27 +147,31 @@ function mgjp_mv_check_admin_permission() { * * @since 0.4 */ -function mgjp_mv_check_author_permission( $attachment_id ) { - - if ( current_user_can( 'manage_options' ) ) +function mgjp_mv_check_author_permission($attachment_id) +{ + + if (current_user_can('manage_options')) + { + return true; + } + + if (!isset($attachment_id) || empty($attachment_id)) + { + return new WP_Error('no_id', __('There was an error determining this attachment\'s author. Please contact the website administrator.', 'media-vault')); + } + + if (get_current_user_id() != get_post_field('post_author', $attachment_id, 'raw')) + { + return new WP_Error('not_author', __('You do not have sufficient permissions to view this file.', 'media-vault')); + } + return true; - - if ( ! isset( $attachment_id ) || empty( $attachment_id ) ) - return new WP_Error( 'no_id', __( 'There was an error determining this attachment\'s author. Please contact the website administrator.', 'media-vault' ) ); - - if ( get_current_user_id() != get_post_field( 'post_author', $attachment_id, 'raw' ) ) - return new WP_Error( 'not_author', __( 'You do not have sufficient permissions to view this file.', 'media-vault' ) ); - - return true; } - - //-----------------------------------------------------------------------// // MEDIA VAULT - MAIN HOOKED FUNCTIONS //-----------------------------------------------------------------------// - /** * On plugin activation * @@ -172,51 +179,56 @@ function mgjp_mv_check_author_permission( $attachment_id ) { * * @uses _mgjp_mv_activate_local() */ -function mgjp_mv_activate( $network_activating ) { - - global $is_apache; - - if ( $is_apache - && ! is_multisite() - && get_option( 'permalink_structure' ) - && got_mod_rewrite() - && is_writable( get_home_path() . '.htaccess' ) ) { - - // register plugin enabled option - update_site_option( 'mgjp_mv_enabled', true ); - - // Flush rewrite rules to add Media Vault rewrite rules to the - // site's .htaccess file on plugin activation - add_filter( 'mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules' ); - flush_rewrite_rules(); - } - - // register Media Vault's other network-wide options - add_site_option( 'mgjp_mv_version', MGJP_MV_VERSION, '', 'yes' ); - delete_site_option( 'mgjp_mv_deactivation' ); - - if ( ! is_multisite() ) { - - // run the activation function for the single site - _mgjp_mv_activate_local(); - - } else if ( ! wp_is_large_network() ) { - global $wpdb; - - $blog_ids = $wpdb->get_col( "SELECT `blog_id` FROM `$wpdb->blogs`" ); - - // run the activation function for each site in the network - foreach ( $blog_ids as $blog_id ) { - - switch_to_blog( $blog_id ); - _mgjp_mv_activate_local( $blog_id ); - restore_current_blog(); - +function mgjp_mv_activate($network_activating) +{ + + global $is_apache; + + if ($is_apache + && !is_multisite() + && get_option('permalink_structure') + && got_mod_rewrite() + && is_writable(get_home_path() . '.htaccess')) + { + + // register plugin enabled option + update_site_option('mgjp_mv_enabled', true); + + // Flush rewrite rules to add Media Vault rewrite rules to the + // site's .htaccess file on plugin activation + add_filter('mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules'); + flush_rewrite_rules(); + } + + // register Media Vault's other network-wide options + add_site_option('mgjp_mv_version', MGJP_MV_VERSION, '', 'yes'); + delete_site_option('mgjp_mv_deactivation'); + + if (!is_multisite()) + { + + // run the activation function for the single site + _mgjp_mv_activate_local(); + + } + else if (!wp_is_large_network()) + { + global $wpdb; + + $blog_ids = $wpdb->get_col("SELECT `blog_id` FROM `$wpdb->blogs`"); + + // run the activation function for each site in the network + foreach ($blog_ids as $blog_id) + { + + switch_to_blog($blog_id); + _mgjp_mv_activate_local($blog_id); + restore_current_blog(); + + } } - } } - /** * On plugin deactivation * @@ -224,50 +236,54 @@ function mgjp_mv_activate( $network_activating ) { * * @uses mgjp_mv_check_rewrite_rules() */ -function mgjp_mv_deactivate( $network_deactivating ) { - - delete_site_option( 'mgjp_mv_deactivation' ); - delete_site_option( 'mgjp_mv_enabled' ); - - // Flush rewrite rules to remove Media Vault rewrite rules from the - // site's .htaccess file on plugin deactivation - remove_filter( 'mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules' ); - flush_rewrite_rules(); - - if ( ! is_multisite() ) { - - // run the deactivation function for the single site - _mgjp_mv_deactivate_local(); - - } else if ( ! wp_is_large_network() ) { - global $wpdb; - - $blog_ids = $wpdb->get_col( "SELECT `blog_id` FROM `$wpdb->blogs`" ); - - // run the deactivation function for each site in the network - foreach ( $blog_ids as $blog_id ) { - - switch_to_blog( $blog_id ); - _mgjp_mv_deactivate_local( $blog_id ); - restore_current_blog(); - +function mgjp_mv_deactivate($network_deactivating) +{ + + delete_site_option('mgjp_mv_deactivation'); + delete_site_option('mgjp_mv_enabled'); + + // Flush rewrite rules to remove Media Vault rewrite rules from the + // site's .htaccess file on plugin deactivation + remove_filter('mod_rewrite_rules', 'mgjp_mv_add_plugin_rewrite_rules'); + flush_rewrite_rules(); + + if (!is_multisite()) + { + + // run the deactivation function for the single site + _mgjp_mv_deactivate_local(); + + } + else if (!wp_is_large_network()) + { + global $wpdb; + + $blog_ids = $wpdb->get_col("SELECT `blog_id` FROM `$wpdb->blogs`"); + + // run the deactivation function for each site in the network + foreach ($blog_ids as $blog_id) + { + + switch_to_blog($blog_id); + _mgjp_mv_deactivate_local($blog_id); + restore_current_blog(); + + } } - } } - /** * Load the plugin textdomain. * * @since 0.1 */ -function mgjp_mv_textdomain() { - - load_plugin_textdomain( 'media-vault', false, plugin_dir_path( __FILE__ ) . 'languages/' ); - +function mgjp_mv_textdomain() +{ + + load_plugin_textdomain('media-vault', false, plugin_dir_path(__FILE__) . 'languages/'); + } - /** * Plugin update handling. Checks current version against * a version number stored in the database and performs any @@ -277,26 +293,32 @@ function mgjp_mv_textdomain() { * * @uses MGJP_MV_Update */ -function mgjp_mv_check_version() { - - $option_key = 'mgjp_mv_version'; - - $version_db = get_site_option( $option_key, '0' ); - - if ( version_compare( $version_db, MGJP_MV_VERSION, 'eq' ) ) - return; - - if ( version_compare( $version_db, MGJP_MV_VERSION, 'gt' ) ) - return update_site_option( $option_key, MGJP_MV_VERSION ); - - include( plugin_dir_path( __FILE__ ) . 'mv-class-update.php' ); - - if ( class_exists( 'MGJP_MV_Update' ) ) - new MGJP_MV_Update( $version_db, MGJP_MV_VERSION, $option_key ); - +function mgjp_mv_check_version() +{ + + $option_key = 'mgjp_mv_version'; + + $version_db = get_site_option($option_key, '0'); + + if (version_compare($version_db, MGJP_MV_VERSION, 'eq')) + { + return; + } + + if (version_compare($version_db, MGJP_MV_VERSION, 'gt')) + { + return update_site_option($option_key, MGJP_MV_VERSION); + } + + include(plugin_dir_path(__FILE__) . 'mv-class-update.php'); + + if (class_exists('MGJP_MV_Update')) + { + new MGJP_MV_Update($version_db, MGJP_MV_VERSION, $option_key); + } + } - /** * Remove Media Vault from the plugins.php deactivation * actions if Media Vault needs extra steps in order @@ -307,52 +329,65 @@ function mgjp_mv_check_version() { * @uses mgjp_mv_get_dirfile() * @uses mgjp_mv_is_deactivation_allowed() */ -function mgjp_mv_on_deactivation_request() { - - if ( in_array( get_site_option( 'mgjp_mv_deactivation' ), array( 'allowed', 'temp' ) ) ) - return; - - $action = isset( $_REQUEST['action'] ) && -1 != $_REQUEST['action'] ? - $_REQUEST['action'] : - ( isset( $_REQUEST['action2'] ) && -1 != $_REQUEST['action2'] ? - $_REQUEST['action2'] : - false - ); - - if ( ! in_array( $action, array( 'deactivate', 'deactivate-selected' ) ) ) - return; - - switch ( $action ) { - case 'deactivate': - if ( ! isset( $_REQUEST['plugin'] ) || mgjp_mv_get_dirfile() != $_REQUEST['plugin'] ) - return; - - if ( mgjp_mv_is_deactivation_allowed() ) - return; - - update_site_option( 'mgjp_mv_deactivation', 'disallowed' ); - - $location = remove_query_arg( array( 'action', 'plugin', '_wpnonce' ), $_SERVER['REQUEST_URI'] ); - wp_redirect( $location ); - exit; - break; - case 'deactivate-selected': - $plugin_dirfile = mgjp_mv_get_dirfile(); - - if ( ! isset( $_POST['checked'] ) || ! in_array( $plugin_dirfile, (array) $_POST['checked'] ) ) +function mgjp_mv_on_deactivation_request() +{ + + if (in_array(get_site_option('mgjp_mv_deactivation'), array('allowed', 'temp'))) + { return; - - if ( mgjp_mv_is_deactivation_allowed() ) + } + + $action = isset($_REQUEST['action']) && -1 != $_REQUEST['action'] ? + $_REQUEST['action'] : + (isset($_REQUEST['action2']) && -1 != $_REQUEST['action2'] ? + $_REQUEST['action2'] : + false + ); + + if (!in_array($action, array('deactivate', 'deactivate-selected'))) + { return; - - update_site_option( 'mgjp_mv_deactivation', 'disallowed' ); - - $_POST['checked'] = array_diff( $_POST['checked'], array( $plugin_dirfile ) ); - break; - } + } + + switch ($action) + { + case 'deactivate': + if (!isset($_REQUEST['plugin']) || mgjp_mv_get_dirfile() != $_REQUEST['plugin']) + { + return; + } + + if (mgjp_mv_is_deactivation_allowed()) + { + return; + } + + update_site_option('mgjp_mv_deactivation', 'disallowed'); + + $location = remove_query_arg(array('action', 'plugin', '_wpnonce'), $_SERVER['REQUEST_URI']); + wp_redirect($location); + exit; + break; + case 'deactivate-selected': + $plugin_dirfile = mgjp_mv_get_dirfile(); + + if (!isset($_POST['checked']) || !in_array($plugin_dirfile, (array)$_POST['checked'])) + { + return; + } + + if (mgjp_mv_is_deactivation_allowed()) + { + return; + } + + update_site_option('mgjp_mv_deactivation', 'disallowed'); + + $_POST['checked'] = array_diff($_POST['checked'], array($plugin_dirfile)); + break; + } } - /** * Trigger protected media uploads file handling function * if 'file' GET parameter is set in URL on wp init @@ -361,48 +396,54 @@ function mgjp_mv_on_deactivation_request() { * * @uses mgjp_mv_get_file() */ -function mgjp_mv_handle_file_request() { - - if ( isset( $_GET['mgjp_mv_file'] ) && ! empty( $_GET['mgjp_mv_file'] ) ) { - - // used by @func mgjp_mv_check_rewrite_rules to verify rewrite rules are - // set and working as intended - if ( isset( $_GET['mgjp_mv_rewrite_test'] ) && $_GET['mgjp_mv_rewrite_test'] ) - die( 'pass' ); - - require( plugin_dir_path( __FILE__ ) . 'mv-file-handler.php' ); - - // Check if force download flag is set - $force_download = isset( $_REQUEST['mgjp_mv_download'] ) ? - $_REQUEST['mgjp_mv_download'] : - ''; - - if ( function_exists( 'mgjp_mv_get_file' ) ) { - mgjp_mv_get_file( $_GET['mgjp_mv_file'], $force_download ); - exit; // This exit is important as all we want to do when a +function mgjp_mv_handle_file_request() +{ + + if (isset($_GET['mgjp_mv_file']) && !empty($_GET['mgjp_mv_file'])) + { + + // used by @func mgjp_mv_check_rewrite_rules to verify rewrite rules are + // set and working as intended + if (isset($_GET['mgjp_mv_rewrite_test']) && $_GET['mgjp_mv_rewrite_test']) + { + die('pass'); + } + + require(plugin_dir_path(__FILE__) . 'mv-file-handler.php'); + + // Check if force download flag is set + $force_download = isset($_REQUEST['mgjp_mv_download']) ? + $_REQUEST['mgjp_mv_download'] : + ''; + + if (function_exists('mgjp_mv_get_file')) + { + mgjp_mv_get_file($_GET['mgjp_mv_file'], $force_download); + exit; // This exit is important as all we want to do when a // media download is requested is to serve it and exit // If it is missing WP will continue serving the page // after the media file, thus breaking it + } } - } } - /** * Register Media Vault Shortcodes * * @since 0.5 */ -function mgjp_mv_register_shortcodes() { - - include( plugin_dir_path( __FILE__ ) . 'mv-shortcodes.php' ); - - if ( function_exists( 'mgjp_mv_download_links_list_shortcode_handler' ) ) - add_shortcode( 'mv_dl_links', 'mgjp_mv_download_links_list_shortcode_handler' ); - +function mgjp_mv_register_shortcodes() +{ + + include(plugin_dir_path(__FILE__) . 'mv-shortcodes.php'); + + if (function_exists('mgjp_mv_download_links_list_shortcode_handler')) + { + add_shortcode('mv_dl_links', 'mgjp_mv_download_links_list_shortcode_handler'); + } + } - /** * Enqueue styles and scripts for Media Vault * attachment edit fields. @@ -411,14 +452,21 @@ function mgjp_mv_register_shortcodes() { * * @since 0.8.8 */ -function mgjp_mv_attachment_edit_fields_styles_and_scripts() { - - wp_enqueue_style( 'mgjp-mv-att-fields-css', plugins_url( 'css/mv-attachment-fields.css', __FILE__ ), 'all', null ); - wp_enqueue_script( 'mgjp-mv-att-fields-js', plugins_url( 'js/min/mv-attachment-fields.min.js', __FILE__ ), array( 'media-editor' ), null, true ); - +function mgjp_mv_attachment_edit_fields_styles_and_scripts() +{ + + wp_enqueue_style('mgjp-mv-att-fields-css', plugins_url('css/mv-attachment-fields.css', __FILE__), 'all', null); + // wp_enqueue_script( 'mgjp-mv-att-fields-js', plugins_url( 'js/min/mv-attachment-fields.min.js', __FILE__ ), array( 'media-editor' ), null, true ); + + wp_enqueue_script('mgjp-mv-att-fields-js', plugins_url('js/min/mv-attachment-fields.min.js', __FILE__), array('media-editor'), null, true); + // Localize the script with new data + $translation_array = array( + 'upl' => wp_upload_dir(), + 'protected_dir' => mgjp_mv_upload_dir() + ); + wp_localize_script( 'mgjp-mv-att-fields-js', 'mgjp_mv_att_fields_js', $translation_array ); } - /** * Add the plugin rewrite rules to the WP rewrite * rules being written in the sitewide .htaccess file @@ -430,14 +478,14 @@ function mgjp_mv_attachment_edit_fields_styles_and_scripts() { * @return string String containing all rewrite rules to be written in htaccess * including Media Vault custom rewrite rules */ -function mgjp_mv_add_plugin_rewrite_rules( $rules ) { - - $pattern = "RewriteRule ^index\.php$ - [L]\n"; - - return str_replace( $pattern, "$pattern\n" . implode( "\n", mgjp_mv_get_the_rewrite_rules() ) . "\n\n", $rules ); +function mgjp_mv_add_plugin_rewrite_rules($rules) +{ + + $pattern = "RewriteRule ^index\.php$ - [L]\n"; + + return str_replace($pattern, "$pattern\n" . implode("\n", mgjp_mv_get_the_rewrite_rules()) . "\n\n", $rules); } - /** * Change upload directory for media uploads to a protected * folder if the 'protected' post/get parameter has been set @@ -449,18 +497,19 @@ function mgjp_mv_add_plugin_rewrite_rules( $rules ) { * @param $param array Array of path info for WP Upload Directory * @return array Array of path info for Media Vault protected directory */ -function mgjp_mv_change_upload_directory( $param ) { - - if ( isset( $_POST['mgjp_mv_protected'] ) && 'on' == $_POST['mgjp_mv_protected'] ) { - $param['subdir'] = mgjp_mv_upload_dir( $param['subdir'], true ); - $param['path'] = $param['basedir'] . $param['subdir']; - $param['url'] = $param['baseurl'] . $param['subdir']; - } - - return $param; +function mgjp_mv_change_upload_directory($param) +{ + + if (isset($_POST['mgjp_mv_protected']) && 'on' == $_POST['mgjp_mv_protected']) + { + $param['subdir'] = mgjp_mv_upload_dir($param['subdir'], true); + $param['path'] = $param['basedir'] . $param['subdir']; + $param['url'] = $param['baseurl'] . $param['subdir']; + } + + return $param; } - /** * Function for the 'user_has_cap' WP Core filter. Checks the permissions set * on an attachment before making it available to a user to edit/delete/read. @@ -476,30 +525,36 @@ function mgjp_mv_change_upload_directory( $param ) { * @return array @param $allcaps unchanged if user permitted to access post * @return array @param $allcaps with capability @param $cap[0] set to false */ -function mgjp_mv_edit_capabilities( $allcaps, $cap, $args ) { - - $disallowed_caps = array( - 'edit_post', - 'delete_post', - 'read_post' - ); - - if ( ! in_array( $args[0], $disallowed_caps ) ) - return $allcaps; - - if ( ! isset( $args[2] ) ) - return $allcaps; - - // check if user is permitted to access the post - if ( mgjp_mv_check_user_permitted( $args[2] ) ) +function mgjp_mv_edit_capabilities($allcaps, $cap, $args) +{ + + $disallowed_caps = array( + 'edit_post', + 'delete_post', + 'read_post', + ); + + if (!in_array($args[0], $disallowed_caps)) + { + return $allcaps; + } + + if (!isset($args[2])) + { + return $allcaps; + } + + // check if user is permitted to access the post + if (mgjp_mv_check_user_permitted($args[2])) + { + return $allcaps; + } + + $allcaps[$cap[0]] = false; + return $allcaps; - - $allcaps[$cap[0]] = false; - - return $allcaps; } - /** * Replace requested image with a Media Vault place-holder * if the user is not permitted to view them @@ -515,109 +570,121 @@ function mgjp_mv_edit_capabilities( $allcaps, $cap, $args ) { * [2] string height of the Media Vault replacement image * [3] bool whether the url is for a resized image or not */ -function mgjp_mv_replace_protected_image( $img, $attachment_id, $size ) { - - $ir = get_option( 'mgjp_mv_ir' ); - - if ( ! isset( $ir['is_on'] ) || ! $ir['is_on'] ) - return $img; - - $upload_dir = wp_upload_dir(); - - if ( isset( $img[0] ) && 0 !== strpos( ltrim( $img[0], $upload_dir['baseurl'] ), mgjp_mv_upload_dir( '/', true ) ) ) - return $img; - - if ( mgjp_mv_check_user_permitted( $attachment_id ) ) - return $img; - - if ( isset( $ir['id'] ) && ! mgjp_mv_is_protected( $ir['id'] ) ) { - - remove_filter( 'image_downsize', 'mgjp_mv_replace_protected_image', 999, 3 ); - $placeholder = wp_get_attachment_image_src( $ir['id'], $size ); - add_filter( 'image_downsize', 'mgjp_mv_replace_protected_image', 999, 3 ); - - return $placeholder; - - } else { - - list( $width, $height ) = image_constrain_size_for_editor( 1024, 1024, $size ); - - return array( - plugins_url( 'imgs/media-vault-ir.jpg', __FILE__ ), - $width, - $height, - false - ); - - } +function mgjp_mv_replace_protected_image($img, $attachment_id, $size) +{ + + $ir = get_option('mgjp_mv_ir'); + + if (!isset($ir['is_on']) || !$ir['is_on']) + { + return $img; + } + + $upload_dir = wp_upload_dir(); + + if (isset($img[0]) && 0 !== strpos(ltrim($img[0], $upload_dir['baseurl']), mgjp_mv_upload_dir('/', true))) + { + return $img; + } + + if (mgjp_mv_check_user_permitted($attachment_id)) + { + return $img; + } + + if (isset($ir['id']) && !mgjp_mv_is_protected($ir['id'])) + { + + remove_filter('image_downsize', 'mgjp_mv_replace_protected_image', 999, 3); + $placeholder = wp_get_attachment_image_src($ir['id'], $size); + add_filter('image_downsize', 'mgjp_mv_replace_protected_image', 999, 3); + + return $placeholder; + + } + else + { + + list($width, $height) = image_constrain_size_for_editor(1024, 1024, $size); + + return array( + plugins_url('imgs/media-vault-ir.jpg', __FILE__), + $width, + $height, + false, + ); + + } } - /** * Include the Media Vault custom AJAX actions * * @since 0.8 */ -function mgjp_mv_ajax_actions_include() { - - if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) - include( plugin_dir_path( __FILE__ ) . 'mv-ajax-actions.php' ); - +function mgjp_mv_ajax_actions_include() +{ + + if (defined('DOING_AJAX') && DOING_AJAX) + { + include(plugin_dir_path(__FILE__) . 'mv-ajax-actions.php'); + + } + } - /** * Include the plugin's general settings * * @since 0.4 */ -function mgjp_mv_media_vault_options_include() { - - include( plugin_dir_path( __FILE__ ) . 'mv-options-media-vault.php' ); - +function mgjp_mv_media_vault_options_include() +{ + + include(plugin_dir_path(__FILE__) . 'mv-options-media-vault.php'); + } - /** * Include the custom attachment metabox functions * * @since 0.7.1 */ -function mgjp_mv_attachment_metabox_include() { - - include( plugin_dir_path( __FILE__ ) . 'mv-metaboxes.php' ); - +function mgjp_mv_attachment_metabox_include() +{ + + include(plugin_dir_path(__FILE__) . 'mv-metaboxes.php'); + } - /** * Include the options for protected media uploads * on the 'media-new.php' admin page * * @since 0.2 */ -function mgjp_mv_media_new_options_include() { - - include( plugin_dir_path( __FILE__ ) . 'mv-options-media-new.php' ); - +function mgjp_mv_media_new_options_include() +{ + + include(plugin_dir_path(__FILE__) . 'mv-options-media-new.php'); + } - /** * Include the options for protected media uploads * on the 'upload.php' (Media Library) admin page * * @since 0.3 */ -function mgjp_mv_media_library_options_include() { - - include( plugin_dir_path( __FILE__ ) . 'mv-options-media-library.php' ); - +function mgjp_mv_media_library_options_include() +{ + + include(plugin_dir_path(__FILE__) . 'mv-options-media-library.php'); + } - /** - * Add Media Vault flag to enable + * Add Media Vault flag to enable * Media Vault mp6 styles for WP 3.8+ * * @since 0.8.7 @@ -625,19 +692,22 @@ function mgjp_mv_media_library_options_include() { * @param $classes string admin body classes * @return string admin body classes */ -if ( ! function_exists( 'mgjp_add_mp6_admin_body_class' ) ) { - function mgjp_add_mp6_admin_body_class( $classes ) { - - global $wp_version; - - if ( version_compare( '3.7.5', $wp_version, '>' ) ) - return $classes; - - return $classes . ' mgjp_mp6 '; - } +if (!function_exists('mgjp_add_mp6_admin_body_class')) +{ + function mgjp_add_mp6_admin_body_class($classes) + { + + global $wp_version; + + if (version_compare('3.7.5', $wp_version, '>')) + { + return $classes; + } + + return $classes . ' mgjp_mp6 '; + } } - /** * Add Media Vault settings link on plugins manager page * @@ -646,24 +716,22 @@ function mgjp_add_mp6_admin_body_class( $classes ) { * @param $links array Array of links associated with plugin * @return array Array of links associated with plugin plus settings link */ -function mgjp_mv_settings_link( $links ) { - - $settings_link = '' - . esc_html__( 'Settings', 'media-vault' ) - . ''; - - array_push( $links, $settings_link ); - - return $links; +function mgjp_mv_settings_link($links) +{ + + $settings_link = '' + . esc_html__('Settings', 'media-vault') + . ''; + + array_push($links, $settings_link); + + return $links; } - - //-----------------------------------------------------------------------// // MEDIA VAULT - GENERAL FUNCTIONS //-----------------------------------------------------------------------// - /** * Media Vault internal Activation function for a single * blog install or for each blog site @@ -674,20 +742,20 @@ function mgjp_mv_settings_link( $links ) { * @uses mgjp_mv_default_options() * @uses mgjp_mv_load_placeholder_image() */ -function _mgjp_mv_activate_local( $blog_id = 0 ) { - - // register Media Vault options to the local options table - add_option( 'mgjp_mv_default_permission', 'logged-in', '', 'yes' ); - - add_option( 'mgjp_mv_options', mgjp_mv_default_options(), '', 'no' ); - add_option( 'mgjp_mv_ir', array( 'is_on' => true ), '', 'no' ); - - mgjp_mv_load_placeholder_image(); - - do_action( 'mgjp_mv_activated_local', $blog_id ); +function _mgjp_mv_activate_local($blog_id = 0) +{ + + // register Media Vault options to the local options table + add_option('mgjp_mv_default_permission', 'logged-in', '', 'yes'); + + add_option('mgjp_mv_options', mgjp_mv_default_options(), '', 'no'); + add_option('mgjp_mv_ir', array('is_on' => true), '', 'no'); + + mgjp_mv_load_placeholder_image(); + + do_action('mgjp_mv_activated_local', $blog_id); } - /** * Checks whether Media Vault requires extra * deactivation steps before it can be correctly @@ -698,25 +766,31 @@ function _mgjp_mv_activate_local( $blog_id = 0 ) { * @return bool true * false */ -function mgjp_mv_is_deactivation_allowed() { - - if ( 'temp' === get_site_option( 'mgjp_mv_deactivation' ) ) - return true; - - global $is_apache; - if ( $is_apache - && ! is_multisite() - && get_option( 'permalink_structure' ) - && is_writable( get_home_path() . '.htaccess' ) ) - return true; - - if ( ! mgjp_mv_check_rewrite_rules( true ) ) - return true; - - return false; +function mgjp_mv_is_deactivation_allowed() +{ + + if ('temp' === get_site_option('mgjp_mv_deactivation')) + { + return true; + } + + global $is_apache; + if ($is_apache + && !is_multisite() + && get_option('permalink_structure') + && is_writable(get_home_path() . '.htaccess')) + { + return true; + } + + if (!mgjp_mv_check_rewrite_rules(true)) + { + return true; + } + + return false; } - /** * Media Vault internal Deactivation function for a single * blog install or for each blog site @@ -724,17 +798,19 @@ function mgjp_mv_is_deactivation_allowed() { * * @since 0.8.5 */ -function _mgjp_mv_deactivate_local( $blog_id = 0 ) { - - // unload default placeholder image if it exists - $ir = get_option( 'mgjp_mv_ir' ); - if ( isset( $ir['default'] ) && wp_attachment_is_image( $ir['default'] ) ) - wp_delete_attachment( $ir['default'], true ); - - do_action( 'mgjp_mv_deactivated_local', $blog_id ); +function _mgjp_mv_deactivate_local($blog_id = 0) +{ + + // unload default placeholder image if it exists + $ir = get_option('mgjp_mv_ir'); + if (isset($ir['default']) && wp_attachment_is_image($ir['default'])) + { + wp_delete_attachment($ir['default'], true); + } + + do_action('mgjp_mv_deactivated_local', $blog_id); } - /** * Return the relative "Path to plugin file with plugin data" * @@ -742,18 +818,18 @@ function _mgjp_mv_deactivate_local( $blog_id = 0 ) { * * @return string */ -function mgjp_mv_get_dirfile() { - - $plugin_dir = explode( '/', plugin_basename( __FILE__ ) ); - $plugin_dir = $plugin_dir[0]; - - $plugin_file = array_keys( get_plugins( "/$plugin_dir" ) ); - $plugin_file = $plugin_file[0]; - - return "$plugin_dir/$plugin_file"; +function mgjp_mv_get_dirfile() +{ + + $plugin_dir = explode('/', plugin_basename(__FILE__)); + $plugin_dir = $plugin_dir[0]; + + $plugin_file = array_keys(get_plugins("/$plugin_dir")); + $plugin_file = $plugin_file[0]; + + return "$plugin_dir/$plugin_file"; } - /** * Return the Media Vault protected upload folder * @@ -763,20 +839,20 @@ function mgjp_mv_get_dirfile() { * @param $in_url bool set to true if slash before protected folder dirname is desired * @return string Media Vault protected upload folder relative to WP uploads folder */ -function mgjp_mv_upload_dir( $path = '', $in_url = false ) { - - $dirpath = $in_url ? '/' : ''; - $dirpath .= '_mediavault'; - $dirpath .= $path; - - return $dirpath; - +function mgjp_mv_upload_dir($path = '', $in_url = false) +{ + + $dirpath = $in_url ? '/' : ''; + $dirpath .= '_mediavault'; + $dirpath .= $path; + + return $dirpath; + } - /** * Generate the rewrite rules to reroute requests for - * media uploads within protected folders and requests + * media uploads within protected folders and requests * for media uploads with the `safeforce` download flag * set, to the file-handling script. Even supporting * WP Multisite. @@ -787,52 +863,62 @@ function mgjp_mv_upload_dir( $path = '', $in_url = false ) { * @return array Array of strings of each line of the * plugin's custom rewrite rules. */ -function mgjp_mv_get_the_rewrite_rules() { - - $upload = wp_upload_dir(); - $uploads_path = str_replace( home_url( '/' ), '', $upload['baseurl'] ); - - // if is multisite add allowance for '/sites/ID' folders in uploads path - if ( is_multisite() ) - $uploads_path .= '(?:/sites/[0-9]+)?'; - - // if multisite is on sub-directory mode add allowance for the site's - // sub-directory in the rewrite regex - if ( is_multisite() && ! is_subdomain_install() ) - $uploads_path = '(?:[_0-9a-zA-Z-]+/)?' . $uploads_path; - - $old_path_protected = $uploads_path . '(' . mgjp_mv_upload_dir( '/.*\.\w+)$', true ); - $old_path_downloads = $uploads_path . '(/.*\.\w+)$'; - - $rewrite_rules = array( - '# Media Vault Rewrite Rules', - 'RewriteRule ^' . $old_path_protected . ' index.php?mgjp_mv_file=$1 [QSA,L]', - 'RewriteCond %{QUERY_STRING} ^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$', - 'RewriteRule ^' . $old_path_downloads . ' index.php?mgjp_mv_file=$1 [QSA,L]', - '# Media Vault Rewrite Rules End' - ); - - // if pretty permalinks not enabled then produce the code necessary for the user to manually - // add the rules to .htaccess - if ( ! is_multisite() && ! get_option( 'permalink_structure' ) ) { - $home_root = parse_url( home_url() ); - if ( isset( $home_root['path'] ) ) - $home_root = trailingslashit( $home_root['path'] ); - else - $home_root = '/'; - - array_splice( $rewrite_rules, 1, 0, array( - '', - 'RewriteEngine On', - 'RewriteBase ' . $home_root - ) ); - array_splice( $rewrite_rules, -1, 0, array( - '' - ) ); - } - - return apply_filters( 'mgjp_mv_get_rewrite_rules', $rewrite_rules ); - +function mgjp_mv_get_the_rewrite_rules() +{ + + $upload = wp_upload_dir(); + $uploads_path = str_replace(home_url('/'), '', $upload['baseurl']); + + // if is multisite add allowance for '/sites/ID' folders in uploads path + if (is_multisite()) + { + $uploads_path .= '(?:/sites/[0-9]+)?'; + } + + // if multisite is on sub-directory mode add allowance for the site's + // sub-directory in the rewrite regex + if (is_multisite() && !is_subdomain_install()) + { + $uploads_path = '(?:[_0-9a-zA-Z-]+/)?' . $uploads_path; + } + + $old_path_protected = $uploads_path . '(' . mgjp_mv_upload_dir('/.*\.\w+)$', true); + $old_path_downloads = $uploads_path . '(/.*\.\w+)$'; + + $rewrite_rules = array( + '# Media Vault Rewrite Rules', + 'RewriteRule ^' . $old_path_protected . ' index.php?mgjp_mv_file=$1 [QSA,L]', + 'RewriteCond %{QUERY_STRING} ^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$', + 'RewriteRule ^' . $old_path_downloads . ' index.php?mgjp_mv_file=$1 [QSA,L]', + '# Media Vault Rewrite Rules End', + ); + + // if pretty permalinks not enabled then produce the code necessary for the user to manually + // add the rules to .htaccess + if (!is_multisite() && !get_option('permalink_structure')) + { + $home_root = parse_url(home_url()); + if (isset($home_root['path'])) + { + $home_root = trailingslashit($home_root['path']); + } + else + { + $home_root = '/'; + } + + array_splice($rewrite_rules, 1, 0, array( + '', + 'RewriteEngine On', + 'RewriteBase ' . $home_root, + )); + array_splice($rewrite_rules, -1, 0, array( + '', + )); + } + + return apply_filters('mgjp_mv_get_rewrite_rules', $rewrite_rules); + } /** @@ -845,43 +931,50 @@ function mgjp_mv_get_the_rewrite_rules() { * @uses mgjp_mv_upload_dir() * @return bool */ -function mgjp_mv_check_rewrite_rules( $deactivation = false ) { - - $upload_dir = wp_upload_dir(); - - $protected_test = mgjp_mv_upload_dir( '/mgjp_mv_rewrite_test.txt?mgjp_mv_rewrite_test=1', true ); - $downloads_test = '/mgjp_mv_rewrite_test.txt?mgjp_mv_download=safeforce&mgjp_mv_rewrite_test=1'; - - $checks = array( - $upload_dir['baseurl'] . $protected_test, - $upload_dir['baseurl'] . $downloads_test - ); - - $checks = apply_filters( 'mgjp_mv_rewrite_rule_check_urls', $checks ); - - $checks_passed = true; - foreach ( $checks as $check_url ) { - - $check = wp_remote_get( $check_url ); - - if ( is_wp_error( $check ) - || ! isset( $check['response']['code'] ) || 200 != $check['response']['code'] - || ! isset( $check['body'] ) || 'pass' != $check['body'] ) - $checks_passed = false; - else - $checks_passed = true; - - if ( ( ! $deactivation && ! $checks_passed ) || ( $deactivation && $checks_passed ) ) - break; - } - - return $checks_passed; - +function mgjp_mv_check_rewrite_rules($deactivation = false) +{ + + $upload_dir = wp_upload_dir(); + + $protected_test = mgjp_mv_upload_dir('/mgjp_mv_rewrite_test.txt?mgjp_mv_rewrite_test=1', true); + $downloads_test = '/mgjp_mv_rewrite_test.txt?mgjp_mv_download=safeforce&mgjp_mv_rewrite_test=1'; + + $checks = array( + $upload_dir['baseurl'] . $protected_test, + $upload_dir['baseurl'] . $downloads_test, + ); + + $checks = apply_filters('mgjp_mv_rewrite_rule_check_urls', $checks); + + $checks_passed = true; + foreach ($checks as $check_url) + { + + $check = wp_remote_get($check_url); + + if (is_wp_error($check) + || !isset($check['response']['code']) || 200 != $check['response']['code'] + || !isset($check['body']) || 'pass' != $check['body']) + { + $checks_passed = false; + } + else + { + $checks_passed = true; + } + + if ((!$deactivation && !$checks_passed) || ($deactivation && $checks_passed)) + { + break; + } + } + + return $checks_passed; + } - /** - * Adds the default Media Vault place-holder image to the + * Adds the default Media Vault place-holder image to the * Media Library and saves the id of the attachment created * in the 'mgjp_mv_ir' option in the options table * @@ -891,71 +984,79 @@ function mgjp_mv_check_rewrite_rules( $deactivation = false ) { * @return bool true on success * @return bool false on failure to load image */ -function mgjp_mv_load_placeholder_image( $restore_orig = false ) { - - $ir = get_option( 'mgjp_mv_ir' ); - - // if placeholder image already exists return its attachment ID - if ( isset( $ir['id'] ) && wp_attachment_is_image( $ir['id'] ) && ! $restore_orig ) - return $ir['id']; - - // if original placeholder is loaded no need to - // reload it. Set it as placeholder and return its ID - if ( isset( $ir['default'] ) && wp_attachment_is_image( $ir['default'] ) ) { - $ir['id'] = $ir['default']; - update_option( 'mgjp_mv_ir', $ir ); - return $ir['id']; - } - - require_once( ABSPATH . 'wp-admin/includes/file.php' ); - require_once( ABSPATH . 'wp-admin/includes/media.php' ); - require_once( ABSPATH . 'wp-admin/includes/image.php' ); - - $tmp = download_url( plugins_url( 'imgs/media-vault-ir.jpg', __FILE__ ) ); - - if ( is_wp_error( $tmp ) ) { - @ unlink( $tmp ); - return false; - } - - $file_array = array( - 'name' => 'media-vault-ir.jpg', - 'tmp_name' => $tmp - ); - - $post_data['post_date_gmt'] = $post_data['post_date'] = '1988-01-31 12:00:00'; - - $id = media_handle_sideload( - $file_array, - 0, - __( 'Do Not Delete, Media Vault Place-holder Image' , 'media-vault' ), - $post_data - ); - - if ( is_wp_error( $id ) ) { - @ unlink( $tmp ); - return false; - } - - $ir['default'] = $id; - $ir['id'] = $id; - - update_option( 'mgjp_mv_ir', $ir ); - - return $id; +function mgjp_mv_load_placeholder_image($restore_orig = false) +{ + + $ir = get_option('mgjp_mv_ir'); + + // if placeholder image already exists return its attachment ID + if (isset($ir['id']) && wp_attachment_is_image($ir['id']) && !$restore_orig) + { + return $ir['id']; + } + + // if original placeholder is loaded no need to + // reload it. Set it as placeholder and return its ID + if (isset($ir['default']) && wp_attachment_is_image($ir['default'])) + { + $ir['id'] = $ir['default']; + update_option('mgjp_mv_ir', $ir); + + return $ir['id']; + } + + require_once(ABSPATH . 'wp-admin/includes/file.php'); + require_once(ABSPATH . 'wp-admin/includes/media.php'); + require_once(ABSPATH . 'wp-admin/includes/image.php'); + + $tmp = download_url(plugins_url('imgs/media-vault-ir.jpg', __FILE__)); + + if (is_wp_error($tmp)) + { + @ unlink($tmp); + + return false; + } + + $file_array = array( + 'name' => 'media-vault-ir.jpg', + 'tmp_name' => $tmp, + ); + + $post_data['post_date_gmt'] = $post_data['post_date'] = '1988-01-31 12:00:00'; + + $id = media_handle_sideload( + $file_array, + 0, + __('Do Not Delete, Media Vault Place-holder Image', 'media-vault'), + $post_data + ); + + if (is_wp_error($id)) + { + @ unlink($tmp); + + return false; + } + + $ir['default'] = $id; + $ir['id'] = $id; + + update_option('mgjp_mv_ir', $ir); + + return $id; } - /** * Check if an attachment is protected with Media Vault. * - * A file is protected by media vault if and only if - * it is in the Media Vault Protected Directory within + * A file is protected by media vault if and only if + * it is in the Media Vault Protected Directory within * the WordPress Uploads Directory. * ( eg: wp-content/uploads/_mediavault/../filename.ext ) * * If a file is in the protected directory and no permission - * meta is detected for the file, the default permission is + * meta is detected for the file, the default permission is * used to check if the user is allowed access. * * So to check if an attachment is protected by Media Vault we @@ -967,23 +1068,22 @@ function mgjp_mv_load_placeholder_image( $restore_orig = false ) { * @uses mgjp_mv_upload_dir() * @param $attachment_id int the id of the attachment we want to check */ -function mgjp_mv_is_protected( $attachment_id ) { - - // Get the base file path relative to the WordPress Uploads Directory - $file = get_post_meta( $attachment_id, '_wp_attached_file', true ); - - // Check if the path begins with the Media Vault Protected Directory - // Therefore check if the attachment's files are in the protected directory - if ( 0 === stripos( $file, mgjp_mv_upload_dir( '/' ) ) ) - return true; - - return false; +function mgjp_mv_is_protected($attachment_id) +{ + + // Get the base file path relative to the WordPress Uploads Directory + $file = get_post_meta($attachment_id, '_wp_attached_file', true); + + // Check if the path begins with the Media Vault Protected Directory + // Therefore check if the attachment's files are in the protected directory + if (0 === stripos($file, mgjp_mv_upload_dir('/'))) + { + return true; + } + + return false; } - - - - /** * Adds a permission to the Media Vault permissions array * @@ -1000,26 +1100,34 @@ function mgjp_mv_is_protected( $attachment_id ) { * Function MUST return TRUE if access permitted to file and FALSE or WP_Error if access denied * @return bool false on failure, true on success */ -function mgjp_mv_add_permission( $name, $args ) { - - $allowed_keys = array( 'description', 'select', 'logged_in', 'run_in_admin', 'cb' ); - - $safe_args = array(); - foreach ( $allowed_keys as $key ) { - if ( isset( $args[$key] ) ) - $safe_args[$key] = $args[$key]; - } - - if ( count( $allowed_keys ) !== count( $safe_args ) ) - return false; - - global $mgjp_mv_permissions; - if ( isset( $mgjp_mv_permissions[$name] ) ) - return false; - - $mgjp_mv_permissions[$name] = $safe_args; - - return true; +function mgjp_mv_add_permission($name, $args) +{ + + $allowed_keys = array('description', 'select', 'logged_in', 'run_in_admin', 'cb'); + + $safe_args = array(); + foreach ($allowed_keys as $key) + { + if (isset($args[$key])) + { + $safe_args[$key] = $args[$key]; + } + } + + if (count($allowed_keys) !== count($safe_args)) + { + return false; + } + + global $mgjp_mv_permissions; + if (isset($mgjp_mv_permissions[$name])) + { + return false; + } + + $mgjp_mv_permissions[$name] = $safe_args; + + return true; } /** @@ -1032,11 +1140,12 @@ function mgjp_mv_add_permission( $name, $args ) { * @uses $mgjp_mv_permissions * @return array Array of Media Vault file access permissions */ -function mgjp_mv_get_the_permissions() { - - global $mgjp_mv_permissions; - - return apply_filters( 'mgjp_mv_edit_permissions', $mgjp_mv_permissions ); +function mgjp_mv_get_the_permissions() +{ + + global $mgjp_mv_permissions; + + return apply_filters('mgjp_mv_edit_permissions', $mgjp_mv_permissions); } /** @@ -1049,16 +1158,19 @@ function mgjp_mv_get_the_permissions() { * @return bool false if attachment is not protected * @return string the permission name-id set for this attachment if it is protected */ -function mgjp_mv_get_the_permission( $attachment_id, $meta_only = false ) { - - if ( ! mgjp_mv_is_protected( $attachment_id ) ) - return false; - - $permission = get_post_meta( $attachment_id, '_mgjp_mv_permission', true ); - - return empty( $permission ) && ! $meta_only ? - get_option( 'mgjp_mv_default_permission', 'logged-in' ) : - $permission; +function mgjp_mv_get_the_permission($attachment_id, $meta_only = false) +{ + + if (!mgjp_mv_is_protected($attachment_id)) + { + return false; + } + + $permission = get_post_meta($attachment_id, '_mgjp_mv_permission', true); + + return empty($permission) && !$meta_only ? + get_option('mgjp_mv_default_permission', 'logged-in') : + $permission; } /** @@ -1073,46 +1185,60 @@ function mgjp_mv_get_the_permission( $attachment_id, $meta_only = false ) { * @return bool True if current user access permitted * @return bool False if current user access denied */ -function mgjp_mv_check_user_permitted( $attachment_id ) { - - // check if attachment has protection and permissions set on it - if ( ! $permission = mgjp_mv_get_the_permission( $attachment_id ) ) - return true; - - $permissions = mgjp_mv_get_the_permissions(); - - // check if permission set on attachment is valid - if ( ! isset( $permissions[$permission] ) ) - return false; // it is better to fail safely than to reveal something we should not - - // check if permission check is set to need not run in admin - if ( is_admin() && isset( $permissions[$permission]['run_in_admin'] ) && ! $permissions[$permission]['run_in_admin'] ) - return true; - - // check if permission check is set to need the user to be logged in. if it is check if he is logged in - if ( ! isset( $permissions[$permission]['logged_in'] ) || ( $permissions[$permission]['logged_in'] && ! is_user_logged_in() ) ) - return false; - - // check if permission callback is set to false - if ( isset( $permissions[$permission]['cb'] ) && false === $permissions[$permission]['cb'] ) - return true; - - // if not false (above), check if permission callback is valid, fail safely if it is not - if ( ! is_callable( $permissions[$permission]['cb'] ) ) +function mgjp_mv_check_user_permitted($attachment_id) +{ + + // check if attachment has protection and permissions set on it + if (!$permission = mgjp_mv_get_the_permission($attachment_id)) + { + return true; + } + + $permissions = mgjp_mv_get_the_permissions(); + + // check if permission set on attachment is valid + if (!isset($permissions[$permission])) + { + return false; + } // it is better to fail safely than to reveal something we should not + + // check if permission check is set to need not run in admin + if (is_admin() && isset($permissions[$permission]['run_in_admin']) && !$permissions[$permission]['run_in_admin']) + { + return true; + } + + // check if permission check is set to need the user to be logged in. if it is check if he is logged in + if (!isset($permissions[$permission]['logged_in']) || ($permissions[$permission]['logged_in'] && !is_user_logged_in())) + { + return false; + } + + // check if permission callback is set to false + if (isset($permissions[$permission]['cb']) && false === $permissions[$permission]['cb']) + { + return true; + } + + // if not false (above), check if permission callback is valid, fail safely if it is not + if (!is_callable($permissions[$permission]['cb'])) + { + return false; + } + + // perform the defined permission check callback on the user for this attachment + // function MUST return true if the user is allowed access + $permission_check = call_user_func($permissions[$permission]['cb'], $attachment_id); + + // if there are no errors permit access + if (true === $permission_check) + { + return true; + } + return false; - - // perform the defined permission check callback on the user for this attachment - // function MUST return true if the user is allowed access - $permission_check = call_user_func( $permissions[$permission]['cb'], $attachment_id ); - - // if there are no errors permit access - if ( true === $permission_check ) - return true; - - return false; } - /** * Moves attachment files to Media Vault protected * directory in the WP uploads folder @@ -1124,23 +1250,29 @@ function mgjp_mv_check_user_permitted( $attachment_id ) { * @return object WP_Error with error txt from mgjp_move_attachment_files() on failure * @return bool true on success */ -function mgjp_mv_move_attachment_to_protected( $attachment_id ) { - - $file = get_post_meta( $attachment_id, '_wp_attached_file', true ); - - // check if files are already in the Media Vault protected folder - if ( 0 === stripos( $file, mgjp_mv_upload_dir( '/' ) ) ) - return true; - - $reldir = dirname( $file ); - if ( in_array( $reldir, array( '\\', '/', '.' ), true ) ) - $reldir = ''; - - $new_reldir = path_join( mgjp_mv_upload_dir(), $reldir ); - - require_once( plugin_dir_path( __FILE__ ) . 'includes/mgjp-functions.php' ); - - return mgjp_move_attachment_files( $attachment_id, $new_reldir ); +function mgjp_mv_move_attachment_to_protected($attachment_id) +{ + +// mgjp_mv_fix_meta_file($attachment_id); + $file = get_post_meta($attachment_id, '_wp_attached_file', true); + + // check if files are already in the Media Vault protected folder + if (0 === stripos($file, mgjp_mv_upload_dir('/'))) + { + return true; + } + + $reldir = dirname($file); + if (in_array($reldir, array('\\', '/', '.'), true)) + { + $reldir = ''; + } + + $new_reldir = path_join(mgjp_mv_upload_dir(), $reldir); + + require_once(plugin_dir_path(__FILE__) . 'includes/mgjp-functions.php'); + + return mgjp_move_attachment_files($attachment_id, $new_reldir); } /** @@ -1154,22 +1286,24 @@ function mgjp_mv_move_attachment_to_protected( $attachment_id ) { * @return object WP_Error with error txt from mgjp_mv_move_attachment_files() on failure * @return bool true on move success */ -function mgjp_mv_move_attachment_from_protected( $attachment_id ) { - - $file = get_post_meta( $attachment_id, '_wp_attached_file', true ); - - // check if files are already not in the Media Vault protected folder - if ( 0 !== stripos( $file, mgjp_mv_upload_dir( '/' ) ) ) - return true; - - $new_reldir = ltrim( dirname( $file ), mgjp_mv_upload_dir( '/' ) ); - - require_once( plugin_dir_path( __FILE__ ) . 'includes/mgjp-functions.php' ); - - return mgjp_move_attachment_files( $attachment_id, $new_reldir ); +function mgjp_mv_move_attachment_from_protected($attachment_id) +{ + + $file = get_post_meta($attachment_id, '_wp_attached_file', true); + + // check if files are already not in the Media Vault protected folder + if (0 !== stripos($file, mgjp_mv_upload_dir('/'))) + { + return true; + } + + $new_reldir = ltrim(dirname($file), mgjp_mv_upload_dir('/')); + + require_once(plugin_dir_path(__FILE__) . 'includes/mgjp-functions.php'); + + return mgjp_move_attachment_files($attachment_id, $new_reldir); } - /** * Return attachment file download url * @@ -1181,22 +1315,26 @@ function mgjp_mv_move_attachment_from_protected( $attachment_id ) { * @return string full filepath to attachment file of specified size with Media Vault force download * query parameter set */ -function mgjp_mv_get_attachment_download_url( $attachment_id, $size = null ) { - - if ( 'attachment' !== get_post_type( $attachment_id ) ) - return new WP_Error( 'not_attachment', sprintf( __( 'The post type of the post with ID %d, is not %s.', 'media-vault' ), $attachment_id, '\'attachment\'' ) ); - - $query_arg = array( 'mgjp_mv_download' => 'safeforce' ); - - if ( ! wp_attachment_is_image( $attachment_id ) || ! isset( $size ) ) - return add_query_arg( $query_arg, wp_get_attachment_url( $attachment_id ) ); - - $image = wp_get_attachment_image_src( $attachment_id, $size ); - - return add_query_arg( $query_arg, $image[0] ); +function mgjp_mv_get_attachment_download_url($attachment_id, $size = null) +{ + + if ('attachment' !== get_post_type($attachment_id)) + { + return new WP_Error('not_attachment', sprintf(__('The post type of the post with ID %d, is not %s.', 'media-vault'), $attachment_id, '\'attachment\'')); + } + + $query_arg = array('mgjp_mv_download' => 'safeforce'); + + if (!wp_attachment_is_image($attachment_id) || !isset($size)) + { + return add_query_arg($query_arg, wp_get_attachment_url($attachment_id)); + } + + $image = wp_get_attachment_image_src($attachment_id, $size); + + return add_query_arg($query_arg, $image[0]); } - /** * Return plugin default options * @@ -1205,17 +1343,17 @@ function mgjp_mv_get_attachment_download_url( $attachment_id, $size = null ) { * @uses apply_filters() provides hook to modify default plugin options * @return array Array of Media Vault options */ -function mgjp_mv_default_options() { - - $options = array( - 'default_upload_protection' => 'off' // possible values 'on' && 'off' - ); - - return apply_filters( 'mgjp_mv_default_options', $options ); - +function mgjp_mv_default_options() +{ + + $options = array( + 'default_upload_protection' => 'off' // possible values 'on' && 'off' + ); + + return apply_filters('mgjp_mv_default_options', $options); + } - /** * Echo Media Vault Custom * admin notice @@ -1226,46 +1364,68 @@ function mgjp_mv_default_options() { * @param $link array (optional) [link] link * [text] link text */ -function mgjp_mv_admin_notice( $desc, $links = null ) { - - wp_enqueue_style( 'mgjp-mv-admin-notice', plugins_url( 'css/mv-admin-notice.css', __FILE__ ), 'all', null ); - - ?> +function mgjp_mv_admin_notice($desc, $links = null) +{ + + wp_enqueue_style('mgjp-mv-admin-notice', plugins_url('css/mv-admin-notice.css', __FILE__), 'all', null); + + ?>
-
- - - - -
- - - - - - - +
- - -
- - -
-
-
- array(), 'strong' => array() ), false ); ?> + + + +
+ + + + + + + + + + +
+ + +
+
+
+ array(), 'strong' => array()), false); ?> +
+
-
-
-
+
- - +/** + * @param $attachment_id + */ +function mgjp_mv_fix_meta_file($attachment_id) +{ + if (!is_numeric($attachment_id)) + { + return; + } + + $post = (array)get_post($attachment_id); + + $upload_dir = wp_upload_dir(); + + // re-check if the file path is empty + $file = get_post_meta($attachment_id, '_wp_attached_file', true); + if (strlen($file) < 4 && isset($post['guid'])) + { + $guid = str_replace($upload_dir['baseurl'] . '/', '', $post['guid']); + update_post_meta($attachment_id, '_wp_attached_file', $guid); + } +} \ No newline at end of file diff --git a/includes/mgjp-functions.php b/includes/mgjp-functions.php index 2d4555a..dbd99e6 100644 --- a/includes/mgjp-functions.php +++ b/includes/mgjp-functions.php @@ -57,6 +57,7 @@ function mgjp_wp_relative_upload_path( $path ) { * @param $new_reldir string the new path to the attachment relative to the WP uploads directory * @return object | bool Returns WP_Error on failure and True on success */ + if ( ! function_exists( 'mgjp_move_attachment_files' ) ) { function mgjp_move_attachment_files( $attachment_id, $new_reldir ) { @@ -108,9 +109,9 @@ function mgjp_move_attachment_files( $attachment_id, $new_reldir ) { ) ); - // Get all filenames for all attached files + // If image! Get all filenames for all attached files $intermediate_sizes = array(); - if ( is_array( $meta['sizes'] ) ) { + if (isset($meta['sizes']) && is_array( $meta['sizes'] ) ) { foreach ( $meta['sizes'] as $size ) { $intermediate_sizes[] = $size['file']; } @@ -144,7 +145,7 @@ function mgjp_move_attachment_files( $attachment_id, $new_reldir ) { // prep for filename conflict script $orig_filename = pathinfo( $orig_basename ); - $orig_filename = $orig_filename['filename']; + $orig_filename = $orig_filename['filename'];// filename without extension $conflict = true; $number = 1; $separator = '#'; @@ -206,11 +207,17 @@ function mgjp_move_attachment_files( $attachment_id, $new_reldir ) { // Update all attachment filepaths in database to point to the new location - // $new_basenames[0] should always be the basename of the file // from '_wp_attached_media' with the new conflict free filename + if(!is_array($meta)){ + $meta = array(); + } + $meta['file'] = path_join( $new_reldir, $new_basenames[0] ); - update_post_meta( $attachment_id, '_wp_attached_file', $meta['file'] ); + + if(strlen($meta['file']) > 4){ + update_post_meta( $attachment_id, '_wp_attached_file', $meta['file'] ); + } // if $new_basenames != $old_basenames we must update the // original basename used in the guid as well as the metadata @@ -248,11 +255,20 @@ function mgjp_move_attachment_files( $attachment_id, $new_reldir ) { } update_post_meta( $attachment_id, '_wp_attachment_metadata', $meta ); + + // Save to find later instead of post_name + update_post_meta( $attachment_id, '_wp_attachment_filename', $orig_filename ); - $guid = path_join( $new_fulldir, $orig_basename ); // should I be updating the GUID? the Codex says I should + // should I be updating the GUID? the Codex says I should + $guid = path_join( $new_fulldir, $orig_basename ); +// dd(array( 'ID' => $attachment_id, 'guid' => $guid, 'post_name' => $orig_filename )); // just in case someone wants to disable updating the guid: // for attachments. - if ( apply_filters( 'mgjp_update_guid_on_attachment_files_move', true ) ) - wp_update_post( array( 'ID' => $attachment_id, 'guid' => $guid ) ); + if ( apply_filters( 'mgjp_update_guid_on_attachment_files_move', true ) ){ + wp_update_post( array( + 'ID' => $attachment_id, + 'guid' => $guid, + ) ); + } // NOT IMPLEMENTED YET: If $rewrite_whole_db flag is set, sanely search through database for instances of @@ -287,6 +303,4 @@ function wpst_mv_restrict_only_for_subscribers() { return true; return false; -} - -?> \ No newline at end of file +} \ No newline at end of file diff --git a/js/min/mv-attachment-fields.min.js b/js/min/mv-attachment-fields.min.js index a8bd953..861fc2c 100644 --- a/js/min/mv-attachment-fields.min.js +++ b/js/min/mv-attachment-fields.min.js @@ -1 +1 @@ -!function(e){var t,i,n={};e("body").on("mgjpMvLoaded","#mgjp_mv_attachment_fields",function(o,s){t=s,i=e("#mgjp_mv_attachment_permissions_field"),n.hasOwnProperty(t)&&e(this).find(".mgjp_mv_protection_toggle, .mgjp_mv_permission_select").each(function(){n[t].hasOwnProperty(this.name)&&("checkbox"===this.type?this.checked=n[t][this.name]:this.value=n[t][this.name])}),e(this).find(".mgjp_mv_protection_toggle").trigger("change","mvJustLoaded")}).on("change",".mgjp_mv_protection_toggle",function(e,t){duration="mvJustLoaded"!==t?400:0,this.checked?i.slideDown(duration):i.slideUp(duration)}).on("change",".mgjp_mv_protection_toggle, .mgjp_mv_permission_select",function(e,i){"mvJustLoaded"!==i&&(n.hasOwnProperty(t)||(n[t]={}),n[t][this.name]="checkbox"===this.type?this.checked:this.value)})}(jQuery); \ No newline at end of file +!function(e){var t,i,n=mgjp_mv_att_fields_js,a={};e("body").on("mgjpMvLoaded","#mgjp_mv_attachment_fields",function(n,o){t=o,i=e("#mgjp_mv_attachment_permissions_field"),a.hasOwnProperty(t)&&e(this).find(".mgjp_mv_protection_toggle, .mgjp_mv_permission_select").each(function(){a[t].hasOwnProperty(this.name)&&("checkbox"===this.type?this.checked=a[t][this.name]:this.value=a[t][this.name])}),e(this).find(".mgjp_mv_protection_toggle").trigger("change","mvJustLoaded")}).on("change",".mgjp_mv_protection_toggle",function(t,a){duration="mvJustLoaded"!==a?400:0;var o=e("label[data-setting=url] input");if(this.checked){if(i.slideDown(duration),-1===o.val().indexOf(n.protected_dir)){var s=o.val().replace(n.upl.baseurl+"/",""),r=n.upl.baseurl+"/"+n.protected_dir+"/"+s;o.val(r)}}else i.slideUp(duration),o.val().indexOf(n.protected_dir)>-1&&o.val(o.val().replace(n.protected_dir+"/",""))}).on("change",".mgjp_mv_protection_toggle, .mgjp_mv_permission_select",function(e,i){"mvJustLoaded"!==i&&(a.hasOwnProperty(t)||(a[t]={}),a[t][this.name]="checkbox"===this.type?this.checked:this.value)})}(jQuery); \ No newline at end of file diff --git a/js/mv-attachment-fields.js b/js/mv-attachment-fields.js index 38ca982..e3fe6a2 100644 --- a/js/mv-attachment-fields.js +++ b/js/mv-attachment-fields.js @@ -1,46 +1,60 @@ (function ($) { - var vals = {}, - postId, permissionsField; - - $('body') - - .on('mgjpMvLoaded', '#mgjp_mv_attachment_fields', function (event, id) { - postId = id; - permissionsField = $('#mgjp_mv_attachment_permissions_field'); - - if (vals.hasOwnProperty(postId)) { - $(this).find('.mgjp_mv_protection_toggle, .mgjp_mv_permission_select').each(function () { - if (!vals[postId].hasOwnProperty(this.name)) - return; - - if ('checkbox' === this.type) - this.checked = vals[postId][this.name]; - else - this.value = vals[postId][this.name]; + var d = mgjp_mv_att_fields_js, + vals = {}, + postId, permissionsField; + + + $('body') + + .on('mgjpMvLoaded', '#mgjp_mv_attachment_fields', function (event, id) { + postId = id; + permissionsField = $('#mgjp_mv_attachment_permissions_field'); + + if (vals.hasOwnProperty(postId)) { + $(this).find('.mgjp_mv_protection_toggle, .mgjp_mv_permission_select').each(function () { + if (!vals[postId].hasOwnProperty(this.name)) + return; + + if ('checkbox' === this.type) + this.checked = vals[postId][this.name]; + else + this.value = vals[postId][this.name]; + }); + } + + $(this).find('.mgjp_mv_protection_toggle').trigger('change', 'mvJustLoaded'); + }) + + .on('change', '.mgjp_mv_protection_toggle', function (event, justLoaded) { + duration = 'mvJustLoaded' !== justLoaded ? 400 : 0; + + var $url = $('label[data-setting=url] input'); + + if (this.checked){ + permissionsField.slideDown(duration); + if($url.val().indexOf(d.protected_dir) === -1){ + var end = $url.val().replace(d.upl.baseurl+'/', ''); + var final = d.upl.baseurl+'/'+d.protected_dir+'/'+end; + $url.val(final) + } + } + else { + permissionsField.slideUp(duration); + if($url.val().indexOf(d.protected_dir) > -1){ + $url.val($url.val().replace(d.protected_dir+'/', '')) + } + } + }) + + .on('change', '.mgjp_mv_protection_toggle, .mgjp_mv_permission_select', function (event, justLoaded) { + if ('mvJustLoaded' === justLoaded) + return; + + if (!vals.hasOwnProperty(postId)) + vals[postId] = {}; + + vals[postId][this.name] = 'checkbox' === this.type ? this.checked : this.value; }); - } - - $(this).find('.mgjp_mv_protection_toggle').trigger('change', 'mvJustLoaded'); - }) - - .on('change', '.mgjp_mv_protection_toggle', function (event, justLoaded) { - duration = 'mvJustLoaded' !== justLoaded ? 400 : 0; - - if (this.checked) - permissionsField.slideDown(duration); - else - permissionsField.slideUp(duration); - }) - - .on('change', '.mgjp_mv_protection_toggle, .mgjp_mv_permission_select', function (event, justLoaded) { - if ('mvJustLoaded' === justLoaded) - return; - - if (!vals.hasOwnProperty(postId)) - vals[postId] = {}; - - vals[postId][this.name] = 'checkbox' === this.type ? this.checked : this.value; - }); }(jQuery)); \ No newline at end of file diff --git a/mv-ajax-actions.php b/mv-ajax-actions.php index 62cf3b5..37502b0 100644 --- a/mv-ajax-actions.php +++ b/mv-ajax-actions.php @@ -9,15 +9,14 @@ * @license GPL-3.0+ */ - // forbid direct calls to this file without wp ajax constants -if ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) { - header( 'Status: 403 Forbidden' ); - header( 'HTTP/1.1 403 Forbidden' ); - exit(); +if (!defined('DOING_AJAX') || !DOING_AJAX) +{ + header('Status: 403 Forbidden'); + header('HTTP/1.1 403 Forbidden'); + exit(); } - /** * Get the HTML image element of an attachment via AJAX * @@ -26,51 +25,59 @@ * @return string HTML image element of attachment file, * if there is any, otherwise return 0 */ -function mgjp_mv_get_attachment_image() { - - $id = isset( $_GET['id'] ) ? absint( $_GET['id'] ) : ''; - $size = isset( $_GET['size'] ) ? $_GET['size'] : 'thumbnail'; - $icon = isset( $_GET['icon'] ) ? ! ! $_GET['icon'] : false; - $args = isset( $_GET['args'] ) ? $_GET['args'] : null; - - $html = wp_get_attachment_image( $id, $size, $icon, $args ); - if ( empty( $html ) ) - wp_die( -1 ); - - wp_die( $html ); +function mgjp_mv_get_attachment_image() +{ + + $id = isset($_GET['id']) ? absint($_GET['id']) : ''; + $size = isset($_GET['size']) ? $_GET['size'] : 'thumbnail'; + $icon = isset($_GET['icon']) ? !!$_GET['icon'] : false; + $args = isset($_GET['args']) ? $_GET['args'] : null; + + $html = wp_get_attachment_image($id, $size, $icon, $args); + if (empty($html)) + { + wp_die(-1); + } + + wp_die($html); } -add_action( 'wp_ajax_mgjp_mv_get_attachment_image', 'mgjp_mv_get_attachment_image' ); +add_action('wp_ajax_mgjp_mv_get_attachment_image', 'mgjp_mv_get_attachment_image'); /** * Attempt to restore the default placeholder image * * @since 0.8 * - * @return array [0] - * [1] + * @return array [0] + * [1] */ -function mgjp_mv_restore_default_placeholder_image() { - - if ( ! current_user_can( 'manage_options' ) || ! current_user_can( 'upload_files' ) ) - wp_die( -1 ); - - check_ajax_referer( 'mgjp_mv_ir_restore_default', 'nonce' ); - - $size = isset( $_POST['size'] ) ? $_POST['size']: 'thumbnail'; - $args = isset( $_GET['args'] ) ? $_GET['args'] : null; - - $ir_id = mgjp_mv_load_placeholder_image( true ); - if ( ! $ir_id ) - wp_die( -1 ); - - wp_die( json_encode( array( - 'id' => $ir_id, - 'img' => wp_get_attachment_image( $ir_id, $size, false, $args ) - ) ) ); +function mgjp_mv_restore_default_placeholder_image() +{ + + if (!current_user_can('manage_options') || !current_user_can('upload_files')) + { + wp_die(-1); + } + + check_ajax_referer('mgjp_mv_ir_restore_default', 'nonce'); + + $size = isset($_POST['size']) ? $_POST['size'] : 'thumbnail'; + $args = isset($_GET['args']) ? $_GET['args'] : null; + + $ir_id = mgjp_mv_load_placeholder_image(true); + if (!$ir_id) + { + wp_die(-1); + } + + wp_die(json_encode(array( + 'id' => $ir_id, + 'img' => wp_get_attachment_image($ir_id, $size, false, $args), + ))); } -add_action( 'wp_ajax_mgjp_mv_restore_default_placeholder_image', 'mgjp_mv_restore_default_placeholder_image' ); +add_action('wp_ajax_mgjp_mv_restore_default_placeholder_image', 'mgjp_mv_restore_default_placeholder_image'); /** * Render the Media Vault attachment edit fields in @@ -83,79 +90,165 @@ function mgjp_mv_restore_default_placeholder_image() { * @return array if called in the Media Modal, adds a Media Vault field * to the attachment fields to edit array */ -function mgjp_mv_add_attachment_edit_fields( $form_fields, $post ) { +function mgjp_mv_add_attachment_edit_fields($form_fields, $post) +{ + + // only add the field to the Media Upload Modal, and not the attachment + // edit page, we have the Media Vault Protection Settings metabox for + // that job + if (get_current_screen() !== null) + { + return $form_fields; + } + + $permission = get_post_meta($post->ID, '_mgjp_mv_permission', true); + + $permissions = mgjp_mv_get_the_permissions(); + + if (empty($permission) || !isset($permissions[$permission])) + { + $permission = 'default'; + } + + $default = array( + 'default' => array( + 'select' => __('Use Default Setting', 'media-vault'), + ), + ); + $permissions = $default + $permissions; + + ob_start(); ?> - // only add the field to the Media Upload Modal, and not the attachment - // edit page, we have the Media Vault Protection Settings metabox for - // that job - if ( get_current_screen() !== null ) - return $form_fields; + - $permission = get_post_meta( $post->ID, '_mgjp_mv_permission', true ); + - $permissions = mgjp_mv_get_the_permissions(); + - if ( empty( $permission ) || ! isset( $permissions[$permission] ) ) - $permission = 'default'; + - +

- + -

- + -

+ - + + + ID; ?>][mgjp_mv_permission_select]" name="attachments[ID; ?>][mgjp_mv_permission_select]"> +function mgjp_mv_add_attachment_edit_fields_2($form_fields, $post) +{ + + // only add the field to the Media Upload Modal, and not the attachment + // edit page, we have the Media Vault Protection Settings metabox for + // that job + if (get_current_screen() !== null) + { + return $form_fields; + } + + $permission = get_post_meta($post->ID, '_mgjp_mv_permission', true); + + $permissions = mgjp_mv_get_the_permissions(); + + if (empty($permission) || !isset($permissions[$permission])) + { + $permission = 'default'; + } + + $default = array( + 'default' => array( + 'select' => __('Use Default Setting', 'media-vault'), + ), + ); + $permissions = $default + $permissions; + + ob_start(); + ?> + +

- $data ) : ?> - - - + - +

- + - ID; ?>][mgjp_mv_permission_select]" + name="attachments[ID; ?>][mgjp_mv_permission_select]"> + + $data) : ?> + + - $form_fields['mgjp_mv_permission_fields']['tr'] = ob_get_clean(); + - return $form_fields; +

+ + + +
+ \ No newline at end of file +add_filter('attachment_fields_to_save', 'mgjp_mv_save_attachment_edit_fields', 10, 2); diff --git a/mv-class-update.php b/mv-class-update.php index 2ef6070..07e8caf 100644 --- a/mv-class-update.php +++ b/mv-class-update.php @@ -196,6 +196,3 @@ function update_085() { } } // END of class MGJP_MV_Update - - -?> \ No newline at end of file diff --git a/mv-extra-activation-steps.php b/mv-extra-activation-steps.php index 89199a7..0eb4408 100644 --- a/mv-extra-activation-steps.php +++ b/mv-extra-activation-steps.php @@ -248,6 +248,4 @@ function mgjp_mv_render_extra_activation_steps_page() {
\ No newline at end of file +} \ No newline at end of file diff --git a/mv-file-handler.php b/mv-file-handler.php index 7d89723..2d95148 100644 --- a/mv-file-handler.php +++ b/mv-file-handler.php @@ -8,8 +8,6 @@ * @author Max G J Panas * @license GPL-3.0+ */ - - /** * Helper function to get attachment by name @@ -18,19 +16,46 @@ * * @param string $post_name Filename */ -if( ! ( function_exists( 'mgjp_get_attachment_by_post_name' ) ) ) { - function mgjp_get_attachment_by_post_name( $post_name ) { - $args = array( +if (!(function_exists('mgjp_get_attachment_by_post_name'))) +{ + function mgjp_get_attachment_by_post_name($post_name) + { + + // First, try to get by '_wp_attachment_filename' meta + $args = array( 'posts_per_page' => 1, 'post_type' => 'attachment', - 'name' => trim ( $post_name ), + 'post_status' => 'any', + 'orderby' => 'ID', + 'order' => 'desc', + 'meta_key' => '_wp_attachment_filename', + 'meta_value' => $post_name, ); - $get_attachment = new WP_Query( $args ); - - if ( $get_attachment->posts[0] ) + $get_attachment = new WP_Query($args); + + if ($get_attachment->posts[0]) + { return $get_attachment->posts[0]; - else - return false; + } + + // Fails, try post_name too + $args = array( + 'posts_per_page' => 1, + 'post_status' => 'any', + 'orderby' => 'ID', + 'order' => 'desc', + 'post_type' => 'attachment', + 'name' => trim($post_name), + ); + $get_attachment = new WP_Query($args); + + if ($get_attachment->posts[0]) + { + return $get_attachment->posts[0]; + } + + return false; + } } @@ -47,182 +72,230 @@ function mgjp_get_attachment_by_post_name( $post_name ) { * @param string $rel_file Filesystem path or filename, must be relative to the WP uploads folder * @param string $action Force Download Flag, only acceptable value is 'safeforce' */ -function mgjp_mv_get_file( $rel_file, $action = '' ) { - - // $rel_file = path to the file to view/download, - // relative to the WP uploads folder - // (eg:'/media-vault/2013/10/media-vault-150x150.jpg') - - $upload_dir = wp_upload_dir(); - - // only files in the WP uploads directory are allowed to be accessed: - $file = rtrim( $upload_dir['basedir'], '/' ) . str_replace( '..', '', isset( $rel_file ) ? $rel_file : '' ); - - //---Basic Checks----------------------------------------------------// - - if ( ! $upload_dir['basedir'] || ! is_file( $file ) ) { - status_header( 404 ); - wp_die( '404. File not found. '.$upload_dir['basedir']." ".$file ); - } - - $mime = wp_check_filetype( $file ); // Check filetype against allowed filetypes - - if ( isset( $mime['type'] ) && $mime['type'] ) { - $mimetype = $mime['type']; - } else { - status_header( 403 ); - wp_die( __( '403. Forbidden.
You cannot directly access files of this type in this directory on this server. Please contact the website administrator.' ) ); - } - - //---Permission Checks-----------------------------------------------// - - $file_info = pathinfo( $rel_file ); - - // check if file is protected by checking - // if it is in the protected folder before - // doing any permission checks - if ( 0 === stripos( $file_info['dirname'] . '/', mgjp_mv_upload_dir( '/', true ) ) ) { - - // disable caching of this page by caching plugins ------// - if ( ! defined( 'DONOTCACHEPAGE' ) ) - define( 'DONOTCACHEPAGE', 1 ); - - if ( ! defined( 'DONOTCACHEOBJECT' ) ) - define( 'DONOTCACHEOBJECT', 1 ); - - if ( ! defined( 'DONOTMINIFY' ) ) - define( 'DONOTMINIFY', 1 ); - - //-------------------------------------------------------// - - // try and get attachment id from url -------------------// - - $attachment = mgjp_get_attachment_by_post_name( $file_info['filename'] ); - - if ( ! $attachment ){ - status_header( 404 ); - wp_die( '404. File not found. '.$upload_dir['basedir']." ".$file ); - } - - $attachment_id = $attachment->ID; - - if ( ! $permission = mgjp_mv_get_the_permission( $attachment_id ) ) - $permission = get_option( 'mgjp_mv_default_permission', 'logged-in' ); - - $permissions = mgjp_mv_get_the_permissions(); - - // permission set up error detection - $standard_error_txt = ' ' . esc_html__( 'Therefore for safety and privacy reasons this file is unavailable. Please contact the website administrator.', 'media-vault' ) . '

←' . esc_html__( 'Return to homepage', 'media-vault' ) .'

'; - - if ( ! isset( $permissions[$permission] ) ) - wp_die( __( 'The permissions set for this file are not recognized.', 'media-vault' ) . $standard_error_txt ); - - if ( ! isset( $permissions[$permission]['logged_in'] ) ) - $errors[] = 'logged_in'; - if ( ! isset( $permissions[$permission]['cb'] ) ) - $errors[] = 'cb'; - if ( isset( $errors ) ) { - $error_txt = __( 'The permissions set for this file have left the following important parameters undefined:', 'media-vault' ) - . '' - . '

' . $standard_error_txt . '

'; - wp_die( $error_txt ); +function mgjp_mv_get_file($rel_file, $action = '') +{ + + // $rel_file = path to the file to view/download, + // relative to the WP uploads folder + // (eg:'/media-vault/2013/10/media-vault-150x150.jpg') + + $upload_dir = wp_upload_dir(); + + // only files in the WP uploads directory are allowed to be accessed: + $file = rtrim($upload_dir['basedir'], '/') . str_replace('..', '', isset($rel_file) ? $rel_file : ''); + + //---Basic Checks----------------------------------------------------// + + if (!$upload_dir['basedir'] || !is_file($file)) + { + status_header(404); + wp_die('404. File not found. ' . $upload_dir['basedir'] . " " . $file); } - - if ( $permissions[$permission]['logged_in'] ) - is_user_logged_in() || auth_redirect(); // using is_user_logged_in is lighter than using just auth_redirect - - if ( false !== $permissions[$permission]['cb'] ) { - - if ( ! is_callable( $permissions[$permission]['cb'] ) ) - wp_die( __( 'The permission checking function set in this file\'s permissions is not callable.', 'media-vault' ) . $standard_error_txt ); - - $permission_check = call_user_func_array( $permissions[$permission]['cb'], array( $attachment_id, $rel_file, $file ) ); - - if ( is_wp_error( $permission_check ) ) - wp_die( $permission_check->get_error_message() . $standard_error_txt ); - - if ( true !== $permission_check ) - wp_die( __( 'You do not have sufficient permissions to view this file.', 'media-vault' ) . $standard_error_txt ); + + $mime = wp_check_filetype($file); // Check filetype against allowed filetypes + + if (isset($mime['type']) && $mime['type']) + { + $mimetype = $mime['type']; } - - } // end of permission checks - - //-------------------------------------------------------------------// - - //header( 'Content-Type: ' . $mimetype ); // always send this - if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) - header( 'Content-Length: ' . filesize( $file ) ); - if ( 'safeforce' !== $action ) { - //Force PDF Download - if ($mimetype !== "application/pdf"){ - //--OPEN FILE IN BROWSER functions-------------// - header( 'Content-Type: application/octet-stream' ); - $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) ); - $etag = '"' . md5( $last_modified ) . '"'; - header( "Last-Modified: $last_modified GMT" ); - header( 'ETag: ' . $etag ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); // HTTP 1.1. - header( 'Pragma: no-cache' ); // HTTP 1.0. - header( 'Expires: Thu, 01 Dec 1994 16:00:00 GMT' ); // Proxies - header( 'Content-Disposition: attachment; filename="' . $file_info['basename'] . '";' ); - header( 'Content-Transfer-Encoding: binary' ); - - // Support for Conditional GET - $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; - - if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) - $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; - - $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ); - // If string is empty, return 0. If not, attempt to parse into a timestamp - $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; - - // Make a timestamp for our most recent modification... - $modified_timestamp = strtotime( $last_modified ); - - if ( ( $client_last_modified && $client_etag ) - ? ( ( $client_modified_timestamp >= $modified_timestamp ) && ( $client_etag == $etag ) ) - : ( ( $client_modified_timestamp >= $modified_timestamp ) || ( $client_etag == $etag ) ) - ) { - status_header( 304 ); - exit; - } - } else { - header( 'Content-Type: application/octet-stream' ); - // required for IE, otherwise Content-disposition is ignored - if( ini_get( 'zlib.output_compression' ) ) - ini_set( 'zlib.output_compression', 'Off' ); - - header( 'Pragma: public' ); // required - header( 'Expires: 0' ); - header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' ); - header( 'Cache-Control: private', false ); // required for certain browsers - header( 'Content-Disposition: attachment; filename="' . $file_info['basename'] . '";' ); - header( 'Content-Transfer-Encoding: binary' ); - } - - } else { - //--FORCE DOWNLOAD Functions-----------------------// - - // required for IE, otherwise Content-disposition is ignored - if( ini_get( 'zlib.output_compression' ) ) - ini_set( 'zlib.output_compression', 'Off' ); - - header( 'Pragma: public' ); // required - header( 'Expires: 0' ); - header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' ); - header( 'Cache-Control: private', false ); // required for certain browsers - header( 'Content-Disposition: attachment; filename="' . $file_info['basename'] . '";' ); - header( 'Content-Transfer-Encoding: binary' ); - - } - - // If we made it this far, just serve the file - if ( ob_get_length() ) - ob_clean(); - - flush(); - - readfile( $file ); - exit; -} + else + { + status_header(403); + wp_die(__('403. Forbidden.
You cannot directly access files of this type in this directory on this server. Please contact the website administrator.')); + } + + //---Permission Checks-----------------------------------------------// + + $file_info = pathinfo($rel_file); + + // check if file is protected by checking + // if it is in the protected folder before + // doing any permission checks + if (0 === stripos($file_info['dirname'] . '/', mgjp_mv_upload_dir('/', true))) + { + + // disable caching of this page by caching plugins ------// + if (!defined('DONOTCACHEPAGE')) + { + define('DONOTCACHEPAGE', 1); + } + + if (!defined('DONOTCACHEOBJECT')) + { + define('DONOTCACHEOBJECT', 1); + } + + if (!defined('DONOTMINIFY')) + { + define('DONOTMINIFY', 1); + } + + //-------------------------------------------------------// + + // try and get attachment id from url -------------------// + + $attachment = mgjp_get_attachment_by_post_name($file_info['filename']); + + if (!$attachment) + { + status_header(404); + wp_die('404. File not found. ' . $upload_dir['basedir'] . " " . $file); + } + + $attachment_id = $attachment->ID; + + if (!$permission = mgjp_mv_get_the_permission($attachment_id)) + { + $permission = get_option('mgjp_mv_default_permission', 'logged-in'); + } + + $permissions = mgjp_mv_get_the_permissions(); + + // permission set up error detection + $standard_error_txt = ' ' . esc_html__('Therefore for safety and privacy reasons this file is unavailable. Please contact the website administrator.', 'media-vault') . '

←' . esc_html__('Return to homepage', 'media-vault') . '

'; + + if (!isset($permissions[$permission])) + { + wp_die(__('The permissions set for this file are not recognized.', 'media-vault') . $standard_error_txt); + } + + if (!isset($permissions[$permission]['logged_in'])) + { + $errors[] = 'logged_in'; + } + if (!isset($permissions[$permission]['cb'])) + { + $errors[] = 'cb'; + } + if (isset($errors)) + { + $error_txt = __('The permissions set for this file have left the following important parameters undefined:', 'media-vault') + . '' + . '

' . $standard_error_txt . '

'; + wp_die($error_txt); + } + + if ($permissions[$permission]['logged_in']) + { + is_user_logged_in() || auth_redirect(); + } // using is_user_logged_in is lighter than using just auth_redirect + + if (false !== $permissions[$permission]['cb']) + { + + if (!is_callable($permissions[$permission]['cb'])) + { + wp_die(__('The permission checking function set in this file\'s permissions is not callable.', 'media-vault') . $standard_error_txt); + } + + $permission_check = call_user_func_array($permissions[$permission]['cb'], array($attachment_id, $rel_file, $file)); + + if (is_wp_error($permission_check)) + { + wp_die($permission_check->get_error_message() . $standard_error_txt); + } + + if (true !== $permission_check) + { + wp_die(__('You do not have sufficient permissions to view this file.', 'media-vault') . $standard_error_txt); + } + } + + } // end of permission checks + + //-------------------------------------------------------------------// + + //header( 'Content-Type: ' . $mimetype ); // always send this + if (false === strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS')) + { + header('Content-Length: ' . filesize($file)); + } + if ('safeforce' !== $action) + { + //Force PDF Download + if ($mimetype !== "application/pdf") + { + //--OPEN FILE IN BROWSER functions-------------// + header('Content-Type: application/octet-stream'); + $last_modified = gmdate('D, d M Y H:i:s', filemtime($file)); + $etag = '"' . md5($last_modified) . '"'; + header("Last-Modified: $last_modified GMT"); + header('ETag: ' . $etag); + header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP 1.1. + header('Pragma: no-cache'); // HTTP 1.0. + header('Expires: Thu, 01 Dec 1994 16:00:00 GMT'); // Proxies + header('Content-Disposition: attachment; filename="' . $file_info['basename'] . '";'); + header('Content-Transfer-Encoding: binary'); + + // Support for Conditional GET + $client_etag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : false; + + if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) + { + $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; + } + + $client_last_modified = trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); + // If string is empty, return 0. If not, attempt to parse into a timestamp + $client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0; + + // Make a timestamp for our most recent modification... + $modified_timestamp = strtotime($last_modified); + + if (($client_last_modified && $client_etag) + ? (($client_modified_timestamp >= $modified_timestamp) && ($client_etag == $etag)) + : (($client_modified_timestamp >= $modified_timestamp) || ($client_etag == $etag)) + ) + { + status_header(304); + exit; + } + } + else + { + header('Content-Type: application/octet-stream'); + // required for IE, otherwise Content-disposition is ignored + if (ini_get('zlib.output_compression')) + { + ini_set('zlib.output_compression', 'Off'); + } + + header('Pragma: public'); // required + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Cache-Control: private', false); // required for certain browsers + header('Content-Disposition: attachment; filename="' . $file_info['basename'] . '";'); + header('Content-Transfer-Encoding: binary'); + } + + } + else + { + //--FORCE DOWNLOAD Functions-----------------------// + + // required for IE, otherwise Content-disposition is ignored + if (ini_get('zlib.output_compression')) + { + ini_set('zlib.output_compression', 'Off'); + } + + header('Pragma: public'); // required + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Cache-Control: private', false); // required for certain browsers + header('Content-Disposition: attachment; filename="' . $file_info['basename'] . '";'); + header('Content-Transfer-Encoding: binary'); + + } + + // If we made it this far, just serve the file + if (ob_get_length()) + { + ob_clean(); + } + + flush(); + + readfile($file); + exit; +} \ No newline at end of file diff --git a/mv-metaboxes.php b/mv-metaboxes.php index d7a85fe..aa54187 100644 --- a/mv-metaboxes.php +++ b/mv-metaboxes.php @@ -174,5 +174,3 @@ function mgjp_mv_save_attachment_metabox_data( $attachment_id ) { } } add_action( 'edit_attachment', 'mgjp_mv_save_attachment_metabox_data' ); - -?> \ No newline at end of file diff --git a/mv-options-media-new.php b/mv-options-media-new.php index a4bc479..3f9ac0e 100644 --- a/mv-options-media-new.php +++ b/mv-options-media-new.php @@ -134,6 +134,4 @@ function mgjp_mv_render_media_new_options_message_box() { \ No newline at end of file +add_action( 'pre-plupload-upload-ui', 'mgjp_mv_render_media_new_options_message_box' ); \ No newline at end of file diff --git a/mv-options-media-vault.php b/mv-options-media-vault.php index bfe3ed5..985b7c5 100644 --- a/mv-options-media-vault.php +++ b/mv-options-media-vault.php @@ -304,6 +304,4 @@ function mgjp_mv_options_media_enqueue_scripts() { wp_enqueue_script( 'mgjp-image-selector', plugins_url( 'js/min/mv-image-selector.min.js', __FILE__ ), array( 'jquery', 'json2' ), null, true ); } -add_action( 'admin_enqueue_scripts', 'mgjp_mv_options_media_enqueue_scripts' ); - -?> \ No newline at end of file +add_action( 'admin_enqueue_scripts', 'mgjp_mv_options_media_enqueue_scripts' ); \ No newline at end of file diff --git a/mv-shortcodes.php b/mv-shortcodes.php index a2c072c..80e2da5 100644 --- a/mv-shortcodes.php +++ b/mv-shortcodes.php @@ -83,6 +83,4 @@ function mgjp_mv_download_links_list_shortcode_handler( $atts ) { \ No newline at end of file +} \ No newline at end of file diff --git a/readme.txt b/readme.txt index 5236536..74e4965 100644 --- a/readme.txt +++ b/readme.txt @@ -1,12 +1,14 @@ === Media Vault === -Contributors: Max GJP -Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6KFT65LQXEHFQ -Tags: media, security, protection, attachments, downloads, download links, powerful, shortcode, flexible, simple, uploads, images, multisite, files, links, private, documents -Requires at least: 3.5.0 -Tested up to: 3.8.1 -Stable tag: 0.8.13 +Plugin Name: Media Vault (BB) +Plugin URI: https://github.com/bruno-barros/wordpress-plugin-media-vault +Description: Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder. +Network: true +Text Domain: media-vault +Domain Path: /languages +Version: 0.9.0 +Author: Bruno Barros +Author URI: http://maxpanas.com License: GPLv3 or later -License URI: http://www.gnu.org/licenses/gpl-3.0.html Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder. @@ -88,6 +90,12 @@ This question was recently asked and answered in [this support thread](https://w == Changelog == += 0.9.0 = +* Fixed $meta array could me string and breaks file name. +* On mgjp_get_attachment_by_post_name() the way it finds the attachment based on the filename is totally unsure if you apply a filter when process upload. Now stores a metadata '_wp_attachment_filename' to match the filename and fallback to the previous behavior. +* Remove closing PHP tag to prevent to send unexpected data to the browser. +* On media popup, when changing the secure rule updates the URL dynamically. + = 0.8.13 = * Fixed vulnerability in `mv-file-handler.php` allowing authenticated users access to other users files.