From da74fa70006b47a2f125013eecb295e27f2807d9 Mon Sep 17 00:00:00 2001 From: nikitozzzzzzz Date: Fri, 14 Sep 2018 14:39:05 +0300 Subject: [PATCH] - file uploading/downloading fixes; --- includes/class-init.php | 9 ++ includes/core/class-fields.php | 8 +- includes/core/class-files.php | 141 +++++++++++++++++++++++++++ includes/core/class-rewrite.php | 3 + includes/core/class-user.php | 1 - includes/core/um-actions-profile.php | 4 +- includes/core/um-filters-fields.php | 22 ++--- includes/um-short-functions.php | 8 +- readme.txt | 5 +- 9 files changed, 178 insertions(+), 23 deletions(-) diff --git a/includes/class-init.php b/includes/class-init.php index f7673b66..a8daa92d 100644 --- a/includes/class-init.php +++ b/includes/class-init.php @@ -54,6 +54,12 @@ if ( ! class_exists( 'UM' ) ) { public $is_filtering; + /** + * @var + */ + public $permalinks; + + /** * @var array Languages */ @@ -173,6 +179,9 @@ if ( ! class_exists( 'UM' ) ) { * @since 2.0.18 */ function _um_construct() { + if ( get_option( 'permalink_structure' ) ) + $this->permalinks = true; + //register autoloader for include UM classes spl_autoload_register( array( $this, 'um__autoloader' ) ); diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index ef04e75d..c0c3d7c9 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -2232,10 +2232,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; if ($this->field_value( $key, $default, $data )) { if ( ! in_array( $key, array( 'profile_photo', 'cover_photo' ) ) ) { - if (isset( $this->set_mode ) && $this->set_mode == 'register') { + if ( isset( $this->set_mode ) && $this->set_mode == 'register' ) { $imgValue = UM()->uploader()->get_core_temp_url() . "/" . $this->field_value( $key, $default, $data ); } else { - $imgValue = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $this->field_value( $key, $default, $data ); + $imgValue = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) ); } $img = ''; } else { @@ -2289,7 +2289,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if (isset( $data['label'] )) { $output .= $this->field_label( $label, $key, $data ); } - $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload Photo', 'ultimate-member' ); + $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload File', 'ultimate-member' ); $output .= '
'; if ($this->field_value( $key, $default, $data )) { $file_field_value = $this->field_value( $key, $default, $data ); @@ -2310,7 +2310,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $file_url = UM()->uploader()->get_core_temp_url() . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data ); $file_dir = UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data ); } else { - $file_url = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $this->field_value( $key, $default, $data ); + $file_url = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) ); $file_dir = UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data ); } diff --git a/includes/core/class-files.php b/includes/core/class-files.php index 33fbc707..2e28c264 100644 --- a/includes/core/class-files.php +++ b/includes/core/class-files.php @@ -39,6 +39,9 @@ if ( ! class_exists( 'um\core\Files' ) ) { $this->setup_paths(); + //add_action( 'template_redirect', array( &$this, 'file_download' ) ); + add_action( 'template_redirect', array( &$this, 'download_routing' ) ); + $this->fonticon = array( 'pdf' => array('icon' => 'um-faicon-file-pdf-o', 'color' => '#D24D4D' ), 'txt' => array('icon' => 'um-faicon-file-text-o' ), @@ -66,6 +69,144 @@ if ( ! class_exists( 'um\core\Files' ) ) { } + /** + * File download link generate + * + * @param int $form_id + * @param string $field_key + * @param int $user_id + * + * @return string + */ + function get_download_link( $form_id, $field_key, $user_id ) { + $field_key = urlencode( $field_key ); + + if ( UM()->permalinks ) { + $url = get_site_url( get_current_blog_id() ); + $nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' ); + return $url . "/um-download/{$form_id}/{$field_key}/{$user_id}/{$nonce}"; + } else { + $url = get_site_url( get_current_blog_id() ); + $nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' ); + return add_query_arg( array( 'um_action' => 'download', 'um_form' => $form_id, 'um_field' => $field_key, 'um_user' => $user_id, 'um_verify' => $nonce ), $url ); + } + } + + + /** + * @return bool + */ + function download_routing() { + if ( 'download' !== get_query_var( 'um_action' ) ) { + return false; + } + + if ( empty( get_query_var( 'um_form' ) ) ) { + return false; + } + + $form_id = get_query_var( 'um_form' ); + + if ( empty( get_query_var( 'um_field' ) ) ) { + return false; + } + $field_key = urldecode( get_query_var( 'um_field' ) ); + + if ( empty( get_query_var( 'um_user' ) ) ) { + return false; + } + + $user_id = get_query_var( 'um_user' ); + $user = get_userdata( $user_id ); + + if ( empty( $user ) || is_wp_error( $user ) ) { + return false; + } + + if ( empty( get_query_var( 'um_verify' ) ) || + ! wp_verify_nonce( get_query_var( 'um_verify' ), $user_id . $form_id . 'um-download-nonce' ) ) { + return false; + } + + um_fetch_user( $user_id ); + $field_data = get_post_meta( $form_id, '_um_custom_fields', true ); + if ( empty( $field_data[ $field_key ] ) ) { + return false; + } + + if ( ! um_can_view_field( $field_data[ $field_key ] ) ) { + return false; + } + + $field_value = UM()->fields()->field_value( $field_key ); + if ( empty( $field_value ) ) { + return false; + } + + $download_type = $field_data[ $field_key ]['type']; + + if ( $download_type === 'file' ) { + $this->file_download( $user_id, $field_key, $field_value ); + } else { + $this->image_download( $user_id, $field_key, $field_value ); + } + + return false; + } + + + /** + * @param $user_id + * @param $field_key + * @param $field_value + */ + function image_download( $user_id, $field_key, $field_value ) { + $file_path = UM()->uploader()->get_upload_base_dir() . $user_id . DIRECTORY_SEPARATOR . $field_value; + $file_info = get_user_meta( $user_id, $field_key . "_metadata", true ); + + $size = filesize( $file_path ); + $originalname = $file_info['original_name']; + $type = $file_info['type']; + + header('Content-Description: File Transfer'); + header('Content-Type: ' . $type ); + header('Content-Disposition: inline; filename="' . $originalname . '"'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Length: ' . $size); + readfile( $file_path ); + exit; + } + + + /** + * @param $user_id + * @param $field_key + * @param $field_value + */ + function file_download( $user_id, $field_key, $field_value ) { + $file_path = UM()->uploader()->get_upload_base_dir() . $user_id . DIRECTORY_SEPARATOR . $field_value; + $file_info = get_user_meta( $user_id, $field_key . "_metadata", true ); + + $size = filesize( $file_path ); + $originalname = $file_info['original_name']; + $type = $file_info['type']; + + header('Content-Description: File Transfer'); + header('Content-Type: ' . $type ); + header('Content-Disposition: attachment; filename="' . $originalname . '"'); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Length: ' . $size); + readfile( $file_path ); + exit; + } + + /** * Remove file by AJAX */ diff --git a/includes/core/class-rewrite.php b/includes/core/class-rewrite.php index 140af7e0..0dc84e11 100644 --- a/includes/core/class-rewrite.php +++ b/includes/core/class-rewrite.php @@ -44,6 +44,8 @@ if ( ! class_exists( 'um\core\Rewrite' ) ) { $public_query_vars[] = 'um_page'; $public_query_vars[] = 'um_action'; + $public_query_vars[] = 'um_field'; + $public_query_vars[] = 'um_form'; $public_query_vars[] = 'um_resource'; $public_query_vars[] = 'um_method'; $public_query_vars[] = 'um_verify'; @@ -63,6 +65,7 @@ if ( ! class_exists( 'um\core\Rewrite' ) ) { $newrules = array(); $newrules['um-api/([^/]+)/([^/]+)/([^/]+)/([^/]+)/?$'] = 'index.php?um_page=api&um_action=$matches[1]&um_resource=$matches[2]&um_method=$matches[3]&um_verify=$matches[4]'; + $newrules['um-download/([^/]+)/([^/]+)/([^/]+)/([^/]+)/?$'] = 'index.php?um_action=download&um_form=$matches[1]&um_field=$matches[2]&um_user=$matches[3]&um_verify=$matches[4]'; if ( isset( UM()->config()->permalinks['user'] ) ) { diff --git a/includes/core/class-user.php b/includes/core/class-user.php index f7f0e933..ebb8fa9c 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1673,7 +1673,6 @@ if ( ! class_exists( 'um\core\User' ) ) { // update user if ( count( $args ) > 1 ) { - //if isset roles argument validate role to properly for security reasons if ( isset( $args['role'] ) ) { global $wp_roles; diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index dd3f2ef4..30b89ac6 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -229,9 +229,9 @@ function um_user_edit_profile( $args ) { } if ( isset( $args['submitted'][ $key ] ) ) { - if ( isset( $fields[ $key ]['type'] ) && in_array( $fields[ $key ]['type'], array( 'image', 'file' ) ) && - ( um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) ) { + ( /*um_is_file_owner( UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $args['submitted'][ $key ], um_user( 'ID' ) ) ||*/ + um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) ) { $files[ $key ] = $args['submitted'][ $key ]; diff --git a/includes/core/um-filters-fields.php b/includes/core/um-filters-fields.php index ba9ab4a3..ef5dce38 100644 --- a/includes/core/um-filters-fields.php +++ b/includes/core/um-filters-fields.php @@ -223,26 +223,26 @@ add_filter( 'um_profile_field_filter_hook__date', 'um_profile_field_filter_hook_ * @return string */ function um_profile_field_filter_hook__file( $value, $data ) { - $uri = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $value; $file_type = wp_check_filetype( $value ); - + $uri = UM()->files()->get_download_link( UM()->fields()->set_id, $data['metakey'], um_user( 'ID' ) ); + if ( ! file_exists( UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $value ) ) { - $value = __('This file has been removed.','ultimate-member'); + $value = __( 'This file has been removed.', 'ultimate-member' ); } else { - $file_info = um_user( $data['metakey']."_metadata" ); - if( isset( $file_info['original_name'] ) && ! empty( $file_info['original_name'] ) ){ + $file_info = um_user( $data['metakey'] . "_metadata" ); + if ( ! empty( $file_info['original_name'] ) ) { $value = $file_info['original_name']; } $value = ''; } - + return $value; } add_filter( 'um_profile_field_filter_hook__file', 'um_profile_field_filter_hook__file', 99, 2 ); @@ -257,15 +257,15 @@ add_filter( 'um_profile_field_filter_hook__file', 'um_profile_field_filter_hook_ * @return string */ function um_profile_field_filter_hook__image( $value, $data ) { - $uri = UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $value; - $title = ( isset( $data['title'] ) ) ? $data['title'] : __('Untitled photo'); + $uri = UM()->files()->get_download_link( UM()->fields()->set_id, $data['metakey'], um_user( 'ID' ) ); + $title = ( isset( $data['title'] ) ) ? $data['title'] : __( 'Untitled photo', 'ultimate-member' ); // if value is an image tag if( preg_match( '/\'.$title.'
'; + $value = '
' . esc_attr( $title ) . '
'; } else if ( file_exists( UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $value ) ) { - $value = '
'.$title.'
'; + $value = '
' . esc_attr( $title ) . '
'; } else { $value = ''; } diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index fa803945..784bbfba 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -790,7 +790,7 @@ function um_is_file_owner( $url, $user_id = null, $image_path = false ) { $filename = wp_basename( parse_url( $url, PHP_URL_PATH ) ); - $file = $user_basedir . '/' . $filename; + $file = $user_basedir . DIRECTORY_SEPARATOR . $filename; if ( file_exists( $file ) ) { if ( $image_path ) { return $file; @@ -2186,8 +2186,10 @@ function um_user( $data, $attrs = null ) { case 'submitted': $array = um_profile( $data ); - if (empty( $array )) return ''; - $array = unserialize( $array ); + if ( empty( $array ) ) { + return ''; + } + $array = maybe_unserialize( $array ); return $array; break; diff --git a/readme.txt b/readme.txt index c192d2ca..9da98c96 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ Donate link: Tags: community, member, membership, user-profile, user-registration Requires at least: 4.7 Tested up to: 4.9 -Stable tag: 2.0.25 +Stable tag: 2.0.26 License: GNU Version 2 or Any Later Version License URI: http://www.gnu.org/licenses/gpl-3.0.txt @@ -131,11 +131,12 @@ The plugin works with popular caching plugins by automatically excluding Ultimat = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin = -= 2.0.26: August 29, 2018 = += 2.0.26: September 17, 2018 = * Bugfixes: - File/Image email placeholders after registration form submitting - File/Image forms fields values on submit/edit + - Fixed multisite file/image upload process = 2.0.25: August 20, 2018 =