WordPress/wp-admin/includes/class-file-upload-upgrader.php
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00

133 lines
3.3 KiB
PHP

<?php
/**
* Upgrade API: File_Upload_Upgrader class
*
* @package WordPress
* @subpackage Upgrader
* @since 4.6.0
*/
/**
* Core class used for handling file uploads.
*
* This class handles the upload process and passes it as if it's a local file
* to the Upgrade/Installer functions.
*
* @since 2.8.0
* @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
*/
class File_Upload_Upgrader {
/**
* The full path to the file package.
*
* @since 2.8.0
* @var string $package
*/
public $package;
/**
* The name of the file.
*
* @since 2.8.0
* @var string $filename
*/
public $filename;
/**
* The ID of the attachment post for this file.
*
* @since 3.3.0
* @var int $id
*/
public $id = 0;
/**
* Construct the upgrader for a form.
*
* @since 2.8.0
*
* @param string $form The name of the form the file was uploaded from.
* @param string $urlholder The name of the `GET` parameter that holds the filename.
*/
public function __construct( $form, $urlholder ) {
if ( empty( $_FILES[ $form ]['name'] ) && empty( $_GET[ $urlholder ] ) ) {
wp_die( __( 'Please select a file' ) );
}
//Handle a newly uploaded file, Else assume it's already been uploaded
if ( ! empty( $_FILES ) ) {
$overrides = array(
'test_form' => false,
'test_type' => false,
);
$file = wp_handle_upload( $_FILES[ $form ], $overrides );
if ( isset( $file['error'] ) ) {
wp_die( $file['error'] );
}
$this->filename = $_FILES[ $form ]['name'];
$this->package = $file['file'];
// Construct the object array
$object = array(
'post_title' => $this->filename,
'post_content' => $file['url'],
'post_mime_type' => $file['type'],
'guid' => $file['url'],
'context' => 'upgrader',
'post_status' => 'private',
);
// Save the data.
$this->id = wp_insert_attachment( $object, $file['file'] );
// Schedule a cleanup for 2 hours from now in case of failed installation.
wp_schedule_single_event( time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array( $this->id ) );
} elseif ( is_numeric( $_GET[ $urlholder ] ) ) {
// Numeric Package = previously uploaded file, see above.
$this->id = (int) $_GET[ $urlholder ];
$attachment = get_post( $this->id );
if ( empty( $attachment ) ) {
wp_die( __( 'Please select a file' ) );
}
$this->filename = $attachment->post_title;
$this->package = get_attached_file( $attachment->ID );
} else {
// Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) ) {
wp_die( $uploads['error'] );
}
$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
$this->package = $uploads['basedir'] . '/' . $this->filename;
if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
wp_die( __( 'Please select a file' ) );
}
}
}
/**
* Delete the attachment/uploaded file.
*
* @since 3.2.2
*
* @return bool Whether the cleanup was successful.
*/
public function cleanup() {
if ( $this->id ) {
wp_delete_attachment( $this->id );
} elseif ( file_exists( $this->package ) ) {
return @unlink( $this->package );
}
return true;
}
}