set_upload_button( '.opsd_btn_upload' ); $opsd_upload->set_element_insert_url( '.opsd_file_urls' ); ?> * */ // General Init Class final class OPSD_Upload { public $settings = array( 'upload_button' => '' , 'element_insert_url' => '' , 'wp_media_uploader_params' => array( 'key' => 'opsd_type', 'value' => 'opsd_upload' ) // Required for setting OUR Dir for uploading and set it PROTECTED ); // Define only one instance of this class static private $instance = NULL; public static function init() { if ( ! isset( self::$instance ) && ! ( self::$instance instanceof OPSD_Upload ) ) { self::$instance = new OPSD_Upload; add_filter( 'upload_dir', array( self::$instance, 'filter_upload_dir' ) ); add_action( 'admin_footer', array( self::$instance, 'js' ), 50 ); // Load JavaScript Code at the footer of the Admin Panel page. Executed in ALL Admin Menu Pages //TODO: remove this // add_filter( 'posts_where', array( self::$instance, 'opsd_filter_posts_where' ) ); // add_action('pre_get_posts', array( self::$instance, 'opsd_pre_get_posts' ) ); self::$instance->protect_upload_dir(); } return self::$instance; } /** Get Name of protected DIR name, like opsd_XXXXX * * @return string */ public function get_protected_dir_name() { $get_protected_dir_name = get_opsd_option( 'opsd_protected_directory_name_level1' ); if ( empty( $get_protected_dir_name ) ) { $get_protected_dir_name = 'opsd_' . wp_generate_password( 20, false, false ); update_opsd_option( 'opsd_protected_directory_name_level1', $get_protected_dir_name ); } $get_protected_dir_name = untrailingslashit($get_protected_dir_name); return $get_protected_dir_name; } /** Get all settings or specific setting option * * @param string $key * @return mixed */ public function get_settings( $key = '' ) { if ( '' === $key ) return $this->settings; if ( isset( $this->settings[ $key ] ) ) return $this->settings[ $key ]; else return false; } //TODO: remove this /* function opsd_pre_get_posts( $query ) { debuge_log( $_POST ); if ( is_admin() || ! $query->is_main_query() ) { return; } $discount = $query->get( 'discount' ); if ( ! empty( $discount ) ) { // unset ref var from $wp_query $query->set( 'discount', null ); global $wp; // unset ref var from $wp unset( $wp->query_vars[ 'discount' ] ); // if in home (because $wp->query_vars is empty) and 'show_on_front' is page if ( empty( $wp->query_vars ) && get_option( 'show_on_front' ) === 'page' ) { // reset and re-parse query vars $wp->query_vars['page_id'] = get_option( 'page_on_front' ); $query->parse_query( $wp->query_vars ); } } } */ //TODO: remove this /** * @param string $where Where clause * @return string $where Modified where clause */ /* function opsd_filter_posts_where( $where = '' ) { debuge_log( $_POST ); return $where; //debuge( maybe_unserialize( 'a:3:{s:6:"action";s:17:"query-attachments";s:7:"post_id";s:1:"0";s:5:"query";a:4:{s:7:"orderby";s:4:"date";s:5:"order";s:4:"DESC";s:14:"posts_per_page";s:2:"40";s:5:"paged";s:1:"1";}}' )); $media_uploader_params = $this->get_settings( 'wp_media_uploader_params' ); if ( ( isset( $_POST['query'] ) ) && ( isset( $_POST['query'][ $media_uploader_params[ 'key' ] ] ) ) && ( $media_uploader_params[ 'value' ] === $_POST['query'][ $media_uploader_params[ 'key' ] ] ) ) { global $wpdb; $where .= " AND guid LIKE '%".$wpdb->esc_like( untrailingslashit( get_opsd_option( 'opsd_protected_directory_name_level1' ) ) )."%'"; } return $where; } */ /** Filters the uploads directory array, * after CLICKING on our Upload Button and USE our wp.media thanks to 'wp_media_uploader_params' * * @param array $uploads Array of upload directory data: array ( [path] => Z:\home\new\www/wp-content/uploads/opsd_lSJacOT1yVLFnrkqt2xR/2017/04 [url] => http://new/wp-content/uploads/opsd_lSJacOT1yVLFnrkqt2xR/2017/04 [subdir] => /opsd_lSJacOT1yVLFnrkqt2xR/2017/04 [basedir] => Z:\home\new\www/wp-content/uploads [baseurl] => http://new/wp-content/uploads [error] => ) *$uploads = apply_filters( 'upload_dir', $cache[ $key ] ); * * @param type $param */ public function filter_upload_dir( $param ) { //TODO: here we can create own TAGs and Versioning directory structure in some way. $media_uploader_params = $this->get_settings( 'wp_media_uploader_params' ); if ( isset( $_POST[ $media_uploader_params[ 'key' ] ] ) && $media_uploader_params[ 'value' ] === $_POST[ $media_uploader_params[ 'key' ] ] ) { $protected_dir_name = $this->get_protected_dir_name(); if ( empty( $param['subdir'] ) ) { $param['path'] = $param['path'] . '/' . $protected_dir_name; $param['url'] = $param['url'] . '/' . $protected_dir_name; $param['subdir'] = '/' . $protected_dir_name; } else { $new_subdir = '/' . $protected_dir_name . $param['subdir']; $param['path'] = str_replace( $param['subdir'], $new_subdir, $param['path'] ); $param['url'] = str_replace( $param['subdir'], $new_subdir, $param['url'] ); $param['subdir'] = str_replace( $param['subdir'], $new_subdir, $param['subdir'] ); } } return $param; } /** Get path to protected dir. * * @return type */ public function get_protected_dir() { // Protected secret name LEVEL 1 $dir_level1 = $this->get_protected_dir_name(); // Install files and folders for uploading files and prevent hotlinking $upload_dir = wp_upload_dir(); return $upload_dir['basedir'] . '/' . $dir_level1; } /** Check and Protect upload folder each time * * May be we need to have 2 folders, like /opsd_xxxxx/XXXXXXXXXXXXX * for prevent of dir listing at previous stage /opsd_xxxxx with .htaccess file * * Typical Directory structure * /wp-content/uploads/ * /opsd_xxxxx {main dir} * /.htaccess (Deny access and deny dir listing) * /.index.php (Silence is golden) * /XXXXXXXXXXXXX (Secret dir for store files) */ function protect_upload_dir() { // Protected secret name LEVEL 1 $dir_level1 = $this->get_protected_dir_name(); // Install files and folders for uploading files and prevent hotlinking $upload_dir = wp_upload_dir(); $files = array( array( 'base' => $upload_dir['basedir'] . '/' . $dir_level1, 'file' => '.htaccess', 'content' => 'Options -Indexes' . "\n" . 'deny from all' ) , array( 'base' => $upload_dir['basedir'] . '/' . $dir_level1, 'file' => 'index.php', 'content' => 'settings['upload_button'] = $jq_selector; } /** Define element for inserting URL of file from wp media * * @param type $jq_selector */ public function set_element_insert_url( $jq_selector ) { $this->settings['element_insert_url'] = $jq_selector; } public function js() { //set JavaScript only if we set upload button $jq_sel_upload_button = $this->get_settings( 'upload_button' ); if ( empty( $jq_sel_upload_button ) ) return; ?> */ function opsd_upload() { return OPSD_Upload::init(); } opsd_upload(); // Start /** Add Version Number Field to Attachment Section of Media Window * * @param array $form_fields * @param obj $post * @return array */ function opsd_add_attachment_version_num_field( $form_fields, $post ) { $field_value = get_post_meta( $post->ID, 'opsd_version_num', true ); $form_fields[ 'opsd_version_num' ] = array( 'value' => $field_value ? $field_value : '', 'label' => __( 'Vesion' ), //'helps' => __( 'Set version number' ) ); return $form_fields; } add_filter( 'attachment_fields_to_edit', 'opsd_add_attachment_version_num_field', 10, 2 ); /** Save Version Number as meta key relative specific attachment. * * @param type $attachment_id */ function opsd_save_attachment_version_num( $attachment_id ) { if ( isset( $_REQUEST[ 'attachments' ][ $attachment_id ][ 'opsd_version_num' ] ) ) { $version_num = wp_kses_post( trim( stripslashes( $_REQUEST[ 'attachments' ][ $attachment_id ][ 'opsd_version_num' ] ) ) ); update_post_meta( $attachment_id, 'opsd_version_num', $version_num ); } } add_action( 'edit_attachment', 'opsd_save_attachment_version_num' ); /** Get Meta key "Version Number" e.g. 'opsd_version_num' when fetching data about attachment * * Filters the attachment data prepared for JavaScript. * * @since 3.5.0 * * @param array $response Array of prepared attachment data. * @param int|object $attachment Attachment ID or object. * @param array $meta Array of attachment meta data. */ function opsd_wp_prepare_attachment_for_js( $response, $attachment, $meta ){ if ( is_object( $attachment ) ) $attachment_id = $attachment->ID; else $attachment_id = $attachment; $field_value = get_post_meta( $attachment_id, 'opsd_version_num', true ); $response[ 'opsd_version_num' ] = $field_value; return $response; } add_filter('wp_prepare_attachment_for_js', 'opsd_wp_prepare_attachment_for_js' , 10, 3 ); /* we have in WP function sanitize_file_name( $filename ) * filename altering: * * so product.bl.zip become product.bl_.zip * * * * Loop over any intermediate extensions. Postfix them with a trailing underscore * if they are a 2 - 5 character long alpha string not in the extension whitelist. foreach ( (array) $parts as $part) { $filename .= '.' . $part; if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) { $allowed = false; foreach ( $mimes as $ext_preg => $mime_match ) { $ext_preg = '!^(' . $ext_preg . ')$!i'; if ( preg_match( $ext_preg, $part ) ) { $allowed = true; break; } } if ( !$allowed ) $filename .= '_'; } } */ function opsd_sanitize_file_name( $filename, $filename_raw ) { /* $filename, $filename_raw, $_REQUEST [0] => product.bl_.zip [1] => secure-downloads.bl.zip [2] => Array ( [name] => secure-downloads.bl.zip [post_id] => 0 [_wpnonce] => 90049ce803 [type] => [tab] => [short] => 1 ) */ return $filename; } // add_filter( 'sanitize_file_name', 'opsd_sanitize_file_name', 10, 2 );