WordPress/wp-admin/includes/class-file-upload-upgrader.php
Drew Jaynes 1a28ec87e1 Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41161


git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:40:43 +00:00

125 lines
3.2 KiB
PHP

<?php
/**
* Upgrade API: File_Upload_Upgrader class
*
* @package WordPress
* @subpackage Upgrader
* @since 4.6.0
*/
/**
* Core class used for handling file uploads.
*
* This class handles the upload process and passes it as if it's a local file
* to the Upgrade/Installer functions.
*
* @since 2.8.0
* @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
*/
class File_Upload_Upgrader {
/**
* The full path to the file package.
*
* @since 2.8.0
* @var string $package
*/
public $package;
/**
* The name of the file.
*
* @since 2.8.0
* @var string $filename
*/
public $filename;
/**
* The ID of the attachment post for this file.
*
* @since 3.3.0
* @var int $id
*/
public $id = 0;
/**
* Construct the upgrader for a form.
*
* @since 2.8.0
*
* @param string $form The name of the form the file was uploaded from.
* @param string $urlholder The name of the `GET` parameter that holds the filename.
*/
public function __construct( $form, $urlholder ) {
if ( empty($_FILES[$form]['name']) && empty($_GET[$urlholder]) )
wp_die(__('Please select a file'));
//Handle a newly uploaded file, Else assume it's already been uploaded
if ( ! empty($_FILES) ) {
$overrides = array( 'test_form' => false, 'test_type' => false );
$file = wp_handle_upload( $_FILES[$form], $overrides );
if ( isset( $file['error'] ) )
wp_die( $file['error'] );
$this->filename = $_FILES[$form]['name'];
$this->package = $file['file'];
// Construct the object array
$object = array(
'post_title' => $this->filename,
'post_content' => $file['url'],
'post_mime_type' => $file['type'],
'guid' => $file['url'],
'context' => 'upgrader',
'post_status' => 'private'
);
// Save the data.
$this->id = wp_insert_attachment( $object, $file['file'] );
// Schedule a cleanup for 2 hours from now in case of failed install.
wp_schedule_single_event( time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array( $this->id ) );
} elseif ( is_numeric( $_GET[$urlholder] ) ) {
// Numeric Package = previously uploaded file, see above.
$this->id = (int) $_GET[$urlholder];
$attachment = get_post( $this->id );
if ( empty($attachment) )
wp_die(__('Please select a file'));
$this->filename = $attachment->post_title;
$this->package = get_attached_file( $attachment->ID );
} else {
// Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
wp_die( $uploads['error'] );
$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
$this->package = $uploads['basedir'] . '/' . $this->filename;
if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
wp_die( __( 'Please select a file' ) );
}
}
}
/**
* Delete the attachment/uploaded file.
*
* @since 3.2.2
*
* @return bool Whether the cleanup was successful.
*/
public function cleanup() {
if ( $this->id )
wp_delete_attachment( $this->id );
elseif ( file_exists( $this->package ) )
return @unlink( $this->package );
return true;
}
}