- review ajax_resize_image();

This commit is contained in:
Mykyta Synelnikov
2023-06-26 14:55:17 +03:00
parent d7c94b8015
commit bf5c6a6d04
+14 -17
View File
@@ -1,12 +1,12 @@
<?php
namespace um\core;
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) exit;
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
if ( ! class_exists( 'um\core\Files' ) ) {
/**
* Class Files
* @package um\core
@@ -313,36 +313,34 @@ if ( ! class_exists( 'um\core\Files' ) ) {
}
}
/**
* Resize image AJAX handler
*/
public function ajax_resize_image() {
UM()->check_ajax_nonce();
$data = $_REQUEST; // phpcs:ignore WordPress.Security.NonceVerification
if ( ! isset( $data['src'] ) || ! isset( $data['coord'] ) ) {
// phpcs:disable WordPress.Security.NonceVerification -- verified by the `check_ajax_nonce()`
if ( ! isset( $_REQUEST['src'], $_REQUEST['coord'], $_REQUEST['key'] ) ) {
wp_send_json_error( esc_js( __( 'Invalid parameters', 'ultimate-member' ) ) );
}
$coord_n = substr_count( $data['coord'], ',' );
$coord_n = substr_count( $_REQUEST['coord'], ',' );
if ( 3 !== $coord_n ) {
wp_send_json_error( esc_js( __( 'Invalid coordinates', 'ultimate-member' ) ) );
}
$user_id = empty( $data['user_id'] ) ? get_current_user_id() : absint( $data['user_id'] );
$key = sanitize_text_field( $_REQUEST['key'] );
$coord = sanitize_text_field( $_REQUEST['coord'] );
$user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : absint( $_REQUEST['user_id'] );
UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; // phpcs:ignore WordPress.Security.NonceVerification
UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; // phpcs:ignore WordPress.Security.NonceVerification
UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null;
UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null;
if ( 'register' !== UM()->fields()->set_mode && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
$ret['error'] = esc_js( __( 'You have no permission to edit this user', 'ultimate-member' ) );
wp_send_json_error( $ret );
}
$src = esc_url_raw( $data['src'] );
$src = esc_url_raw( $_REQUEST['src'] );
$image_path = um_is_file_owner( $src, $user_id, true );
if ( ! $image_path ) {
wp_send_json_error( esc_js( __( 'Invalid file ownership', 'ultimate-member' ) ) );
@@ -350,16 +348,15 @@ if ( ! class_exists( 'um\core\Files' ) ) {
UM()->uploader()->replace_upload_dir = true;
$output = UM()->uploader()->resize_image( $image_path, $src, sanitize_text_field( $data['key'] ), $user_id, sanitize_text_field( $data['coord'] ) );
$output = UM()->uploader()->resize_image( $image_path, $src, $key, $user_id, $coord );
UM()->uploader()->replace_upload_dir = false;
delete_option( "um_cache_userdata_{$user_id}" );
// phpcs:enable WordPress.Security.NonceVerification -- verified by the `check_ajax_nonce()`
wp_send_json_success( $output );
}
/**
* Image upload by AJAX
*