diff --git a/includes/class-init.php b/includes/class-init.php
index f7673b66..a8daa92d 100644
--- a/includes/class-init.php
+++ b/includes/class-init.php
@@ -54,6 +54,12 @@ if ( ! class_exists( 'UM' ) ) {
public $is_filtering;
+ /**
+ * @var
+ */
+ public $permalinks;
+
+
/**
* @var array Languages
*/
@@ -173,6 +179,9 @@ if ( ! class_exists( 'UM' ) ) {
* @since 2.0.18
*/
function _um_construct() {
+ if ( get_option( 'permalink_structure' ) )
+ $this->permalinks = true;
+
//register autoloader for include UM classes
spl_autoload_register( array( $this, 'um__autoloader' ) );
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index ef04e75d..c0c3d7c9 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -2232,10 +2232,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$output .= '
';
if ($this->field_value( $key, $default, $data )) {
if ( ! in_array( $key, array( 'profile_photo', 'cover_photo' ) ) ) {
- if (isset( $this->set_mode ) && $this->set_mode == 'register') {
+ if ( isset( $this->set_mode ) && $this->set_mode == 'register' ) {
$imgValue = UM()->uploader()->get_core_temp_url() . "/" . $this->field_value( $key, $default, $data );
} else {
- $imgValue = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $this->field_value( $key, $default, $data );
+ $imgValue = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) );
}
$img = '

';
} else {
@@ -2289,7 +2289,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if (isset( $data['label'] )) {
$output .= $this->field_label( $label, $key, $data );
}
- $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload Photo', 'ultimate-member' );
+ $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload File', 'ultimate-member' );
$output .= '
';
if ($this->field_value( $key, $default, $data )) {
$file_field_value = $this->field_value( $key, $default, $data );
@@ -2310,7 +2310,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$file_url = UM()->uploader()->get_core_temp_url() . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data );
$file_dir = UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data );
} else {
- $file_url = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $this->field_value( $key, $default, $data );
+ $file_url = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) );
$file_dir = UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data );
}
diff --git a/includes/core/class-files.php b/includes/core/class-files.php
index 33fbc707..2e28c264 100644
--- a/includes/core/class-files.php
+++ b/includes/core/class-files.php
@@ -39,6 +39,9 @@ if ( ! class_exists( 'um\core\Files' ) ) {
$this->setup_paths();
+ //add_action( 'template_redirect', array( &$this, 'file_download' ) );
+ add_action( 'template_redirect', array( &$this, 'download_routing' ) );
+
$this->fonticon = array(
'pdf' => array('icon' => 'um-faicon-file-pdf-o', 'color' => '#D24D4D' ),
'txt' => array('icon' => 'um-faicon-file-text-o' ),
@@ -66,6 +69,144 @@ if ( ! class_exists( 'um\core\Files' ) ) {
}
+ /**
+ * File download link generate
+ *
+ * @param int $form_id
+ * @param string $field_key
+ * @param int $user_id
+ *
+ * @return string
+ */
+ function get_download_link( $form_id, $field_key, $user_id ) {
+ $field_key = urlencode( $field_key );
+
+ if ( UM()->permalinks ) {
+ $url = get_site_url( get_current_blog_id() );
+ $nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' );
+ return $url . "/um-download/{$form_id}/{$field_key}/{$user_id}/{$nonce}";
+ } else {
+ $url = get_site_url( get_current_blog_id() );
+ $nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' );
+ return add_query_arg( array( 'um_action' => 'download', 'um_form' => $form_id, 'um_field' => $field_key, 'um_user' => $user_id, 'um_verify' => $nonce ), $url );
+ }
+ }
+
+
+ /**
+ * @return bool
+ */
+ function download_routing() {
+ if ( 'download' !== get_query_var( 'um_action' ) ) {
+ return false;
+ }
+
+ if ( empty( get_query_var( 'um_form' ) ) ) {
+ return false;
+ }
+
+ $form_id = get_query_var( 'um_form' );
+
+ if ( empty( get_query_var( 'um_field' ) ) ) {
+ return false;
+ }
+ $field_key = urldecode( get_query_var( 'um_field' ) );
+
+ if ( empty( get_query_var( 'um_user' ) ) ) {
+ return false;
+ }
+
+ $user_id = get_query_var( 'um_user' );
+ $user = get_userdata( $user_id );
+
+ if ( empty( $user ) || is_wp_error( $user ) ) {
+ return false;
+ }
+
+ if ( empty( get_query_var( 'um_verify' ) ) ||
+ ! wp_verify_nonce( get_query_var( 'um_verify' ), $user_id . $form_id . 'um-download-nonce' ) ) {
+ return false;
+ }
+
+ um_fetch_user( $user_id );
+ $field_data = get_post_meta( $form_id, '_um_custom_fields', true );
+ if ( empty( $field_data[ $field_key ] ) ) {
+ return false;
+ }
+
+ if ( ! um_can_view_field( $field_data[ $field_key ] ) ) {
+ return false;
+ }
+
+ $field_value = UM()->fields()->field_value( $field_key );
+ if ( empty( $field_value ) ) {
+ return false;
+ }
+
+ $download_type = $field_data[ $field_key ]['type'];
+
+ if ( $download_type === 'file' ) {
+ $this->file_download( $user_id, $field_key, $field_value );
+ } else {
+ $this->image_download( $user_id, $field_key, $field_value );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @param $user_id
+ * @param $field_key
+ * @param $field_value
+ */
+ function image_download( $user_id, $field_key, $field_value ) {
+ $file_path = UM()->uploader()->get_upload_base_dir() . $user_id . DIRECTORY_SEPARATOR . $field_value;
+ $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
+
+ $size = filesize( $file_path );
+ $originalname = $file_info['original_name'];
+ $type = $file_info['type'];
+
+ header('Content-Description: File Transfer');
+ header('Content-Type: ' . $type );
+ header('Content-Disposition: inline; filename="' . $originalname . '"');
+ header('Content-Transfer-Encoding: binary');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Pragma: public');
+ header('Content-Length: ' . $size);
+ readfile( $file_path );
+ exit;
+ }
+
+
+ /**
+ * @param $user_id
+ * @param $field_key
+ * @param $field_value
+ */
+ function file_download( $user_id, $field_key, $field_value ) {
+ $file_path = UM()->uploader()->get_upload_base_dir() . $user_id . DIRECTORY_SEPARATOR . $field_value;
+ $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
+
+ $size = filesize( $file_path );
+ $originalname = $file_info['original_name'];
+ $type = $file_info['type'];
+
+ header('Content-Description: File Transfer');
+ header('Content-Type: ' . $type );
+ header('Content-Disposition: attachment; filename="' . $originalname . '"');
+ header('Content-Transfer-Encoding: binary');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Pragma: public');
+ header('Content-Length: ' . $size);
+ readfile( $file_path );
+ exit;
+ }
+
+
/**
* Remove file by AJAX
*/
diff --git a/includes/core/class-rewrite.php b/includes/core/class-rewrite.php
index 140af7e0..0dc84e11 100644
--- a/includes/core/class-rewrite.php
+++ b/includes/core/class-rewrite.php
@@ -44,6 +44,8 @@ if ( ! class_exists( 'um\core\Rewrite' ) ) {
$public_query_vars[] = 'um_page';
$public_query_vars[] = 'um_action';
+ $public_query_vars[] = 'um_field';
+ $public_query_vars[] = 'um_form';
$public_query_vars[] = 'um_resource';
$public_query_vars[] = 'um_method';
$public_query_vars[] = 'um_verify';
@@ -63,6 +65,7 @@ if ( ! class_exists( 'um\core\Rewrite' ) ) {
$newrules = array();
$newrules['um-api/([^/]+)/([^/]+)/([^/]+)/([^/]+)/?$'] = 'index.php?um_page=api&um_action=$matches[1]&um_resource=$matches[2]&um_method=$matches[3]&um_verify=$matches[4]';
+ $newrules['um-download/([^/]+)/([^/]+)/([^/]+)/([^/]+)/?$'] = 'index.php?um_action=download&um_form=$matches[1]&um_field=$matches[2]&um_user=$matches[3]&um_verify=$matches[4]';
if ( isset( UM()->config()->permalinks['user'] ) ) {
diff --git a/includes/core/class-user.php b/includes/core/class-user.php
index f7f0e933..ebb8fa9c 100644
--- a/includes/core/class-user.php
+++ b/includes/core/class-user.php
@@ -1673,7 +1673,6 @@ if ( ! class_exists( 'um\core\User' ) ) {
// update user
if ( count( $args ) > 1 ) {
-
//if isset roles argument validate role to properly for security reasons
if ( isset( $args['role'] ) ) {
global $wp_roles;
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index dd3f2ef4..30b89ac6 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -229,9 +229,9 @@ function um_user_edit_profile( $args ) {
}
if ( isset( $args['submitted'][ $key ] ) ) {
-
if ( isset( $fields[ $key ]['type'] ) && in_array( $fields[ $key ]['type'], array( 'image', 'file' ) ) &&
- ( um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) ) {
+ ( /*um_is_file_owner( UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $args['submitted'][ $key ], um_user( 'ID' ) ) ||*/
+ um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) ) {
$files[ $key ] = $args['submitted'][ $key ];
diff --git a/includes/core/um-filters-fields.php b/includes/core/um-filters-fields.php
index ba9ab4a3..ef5dce38 100644
--- a/includes/core/um-filters-fields.php
+++ b/includes/core/um-filters-fields.php
@@ -223,26 +223,26 @@ add_filter( 'um_profile_field_filter_hook__date', 'um_profile_field_filter_hook_
* @return string
*/
function um_profile_field_filter_hook__file( $value, $data ) {
- $uri = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $value;
$file_type = wp_check_filetype( $value );
-
+ $uri = UM()->files()->get_download_link( UM()->fields()->set_id, $data['metakey'], um_user( 'ID' ) );
+
if ( ! file_exists( UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $value ) ) {
- $value = __('This file has been removed.','ultimate-member');
+ $value = __( 'This file has been removed.', 'ultimate-member' );
} else {
- $file_info = um_user( $data['metakey']."_metadata" );
- if( isset( $file_info['original_name'] ) && ! empty( $file_info['original_name'] ) ){
+ $file_info = um_user( $data['metakey'] . "_metadata" );
+ if ( ! empty( $file_info['original_name'] ) ) {
$value = $file_info['original_name'];
}
$value = '
';
}
-
+
return $value;
}
add_filter( 'um_profile_field_filter_hook__file', 'um_profile_field_filter_hook__file', 99, 2 );
@@ -257,15 +257,15 @@ add_filter( 'um_profile_field_filter_hook__file', 'um_profile_field_filter_hook_
* @return string
*/
function um_profile_field_filter_hook__image( $value, $data ) {
- $uri = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $value;
- $title = ( isset( $data['title'] ) ) ? $data['title'] : __('Untitled photo');
+ $uri = UM()->files()->get_download_link( UM()->fields()->set_id, $data['metakey'], um_user( 'ID' ) );
+ $title = ( isset( $data['title'] ) ) ? $data['title'] : __( 'Untitled photo', 'ultimate-member' );
// if value is an image tag
if( preg_match( '/\

';
+ $value = '
';
} else if ( file_exists( UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $value ) ) {
- $value = '
';
+ $value = '
 . ')
';
} else {
$value = '';
}
diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php
index fa803945..784bbfba 100644
--- a/includes/um-short-functions.php
+++ b/includes/um-short-functions.php
@@ -790,7 +790,7 @@ function um_is_file_owner( $url, $user_id = null, $image_path = false ) {
$filename = wp_basename( parse_url( $url, PHP_URL_PATH ) );
- $file = $user_basedir . '/' . $filename;
+ $file = $user_basedir . DIRECTORY_SEPARATOR . $filename;
if ( file_exists( $file ) ) {
if ( $image_path ) {
return $file;
@@ -2186,8 +2186,10 @@ function um_user( $data, $attrs = null ) {
case 'submitted':
$array = um_profile( $data );
- if (empty( $array )) return '';
- $array = unserialize( $array );
+ if ( empty( $array ) ) {
+ return '';
+ }
+ $array = maybe_unserialize( $array );
return $array;
break;
diff --git a/readme.txt b/readme.txt
index c192d2ca..9da98c96 100644
--- a/readme.txt
+++ b/readme.txt
@@ -6,7 +6,7 @@ Donate link:
Tags: community, member, membership, user-profile, user-registration
Requires at least: 4.7
Tested up to: 4.9
-Stable tag: 2.0.25
+Stable tag: 2.0.26
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -131,11 +131,12 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
= Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
-= 2.0.26: August 29, 2018 =
+= 2.0.26: September 17, 2018 =
* Bugfixes:
- File/Image email placeholders after registration form submitting
- File/Image forms fields values on submit/edit
+ - Fixed multisite file/image upload process
= 2.0.25: August 20, 2018 =