set_upload_button( '.wpbm_btn_upload' ); $wpbm_upload->set_element_insert_url( '.wpbm_file_urls' ); ?> * */ // General Init Class final class WPBM_Upload { public $settings = array( 'upload_button' => '' , 'element_insert_url' => '' , 'wp_media_uploader_params' => array( 'key' => 'wpbm_type', 'value' => 'wpbm_upload' ) // Required for setting OUR Dir for uploading and set it PROTECTED ); // Define only one instance of this class static private $instance = NULL; public static function init() { if ( ! isset( self::$instance ) && ! ( self::$instance instanceof WPBM_Upload ) ) { self::$instance = new WPBM_Upload; add_action( 'admin_footer', array( self::$instance, 'js' ), 50 ); // Load JavaScript Code at the footer of the Admin Panel page. Executed in ALL Admin Menu Pages //TODO: remove this // add_filter( 'posts_where', array( self::$instance, 'wpbm_filter_posts_where' ) ); // add_action('pre_get_posts', array( self::$instance, 'wpbm_pre_get_posts' ) ); // Uncomment these 2 lines, if need to use protected folder // add_filter( 'upload_dir', array( self::$instance, 'filter_upload_dir' ) ); // self::$instance->protect_upload_dir(); } return self::$instance; } /** Get Name of protected DIR name, like wpbm_XXXXX * * @return string */ public function get_protected_dir_name() { $get_protected_dir_name = get_wpbm_option( 'wpbm_protected_directory_name_level1' ); if ( empty( $get_protected_dir_name ) ) { $get_protected_dir_name = 'wpbm_' . wp_generate_password( 20, false, false ); update_wpbm_option( 'wpbm_protected_directory_name_level1', $get_protected_dir_name ); } $get_protected_dir_name = untrailingslashit($get_protected_dir_name); return $get_protected_dir_name; } /** Get all settings or specific setting option * * @param string $key * @return mixed */ public function get_settings( $key = '' ) { if ( '' === $key ) return $this->settings; if ( isset( $this->settings[ $key ] ) ) return $this->settings[ $key ]; else return false; } //TODO: remove this /* function wpbm_pre_get_posts( $query ) { debuge_log( $_POST ); if ( is_admin() || ! $query->is_main_query() ) { return; } $discount = $query->get( 'discount' ); if ( ! empty( $discount ) ) { // unset ref var from $wp_query $query->set( 'discount', null ); global $wp; // unset ref var from $wp unset( $wp->query_vars[ 'discount' ] ); // if in home (because $wp->query_vars is empty) and 'show_on_front' is page if ( empty( $wp->query_vars ) && get_option( 'show_on_front' ) === 'page' ) { // reset and re-parse query vars $wp->query_vars['page_id'] = get_option( 'page_on_front' ); $query->parse_query( $wp->query_vars ); } } } */ //TODO: remove this /** * @param string $where Where clause * @return string $where Modified where clause */ /* function wpbm_filter_posts_where( $where = '' ) { debuge_log( $_POST ); return $where; //debuge( maybe_unserialize( 'a:3:{s:6:"action";s:17:"query-attachments";s:7:"post_id";s:1:"0";s:5:"query";a:4:{s:7:"orderby";s:4:"date";s:5:"order";s:4:"DESC";s:14:"posts_per_page";s:2:"40";s:5:"paged";s:1:"1";}}' )); $media_uploader_params = $this->get_settings( 'wp_media_uploader_params' ); if ( ( isset( $_POST['query'] ) ) && ( isset( $_POST['query'][ $media_uploader_params[ 'key' ] ] ) ) && ( $media_uploader_params[ 'value' ] === $_POST['query'][ $media_uploader_params[ 'key' ] ] ) ) { global $wpdb; $where .= " AND guid LIKE '%".$wpdb->esc_like( untrailingslashit( get_wpbm_option( 'wpbm_protected_directory_name_level1' ) ) )."%'"; } return $where; } */ /** Filters the uploads directory array, * after CLICKING on our Upload Button and USE our wp.media thanks to 'wp_media_uploader_params' * * @param array $uploads Array of upload directory data: array ( [path] => Z:\home\new\www/wp-content/uploads/wpbm_lSJacOT1yVLFnrkqt2xR/2017/04 [url] => http://new/wp-content/uploads/wpbm_lSJacOT1yVLFnrkqt2xR/2017/04 [subdir] => /wpbm_lSJacOT1yVLFnrkqt2xR/2017/04 [basedir] => Z:\home\new\www/wp-content/uploads [baseurl] => http://new/wp-content/uploads [error] => ) *$uploads = apply_filters( 'upload_dir', $cache[ $key ] ); * * @param type $param */ public function filter_upload_dir( $param ) { //TODO: here we can create own TAGs and Versioning directory structure in some way. $media_uploader_params = $this->get_settings( 'wp_media_uploader_params' ); if ( isset( $_POST[ $media_uploader_params[ 'key' ] ] ) && $media_uploader_params[ 'value' ] === $_POST[ $media_uploader_params[ 'key' ] ] ) { $protected_dir_name = $this->get_protected_dir_name(); if ( empty( $param['subdir'] ) ) { $param['path'] = $param['path'] . '/' . $protected_dir_name; $param['url'] = $param['url'] . '/' . $protected_dir_name; $param['subdir'] = '/' . $protected_dir_name; } else { $new_subdir = '/' . $protected_dir_name . $param['subdir']; $param['path'] = str_replace( $param['subdir'], $new_subdir, $param['path'] ); $param['url'] = str_replace( $param['subdir'], $new_subdir, $param['url'] ); $param['subdir'] = str_replace( $param['subdir'], $new_subdir, $param['subdir'] ); } } return $param; } /** Get path to protected dir. * * @return type */ public function get_protected_dir() { // Protected secret name LEVEL 1 $dir_level1 = $this->get_protected_dir_name(); // Install files and folders for uploading files and prevent hotlinking $upload_dir = wp_upload_dir(); return $upload_dir['basedir'] . '/' . $dir_level1; } /** Check and Protect upload folder each time * * May be we need to have 2 folders, like /wpbm_xxxxx/XXXXXXXXXXXXX * for prevent of dir listing at previous stage /wpbm_xxxxx with .htaccess file * * Typical Directory structure * /wp-content/uploads/ * /wpbm_xxxxx {main dir} * /.htaccess (Deny access and deny dir listing) * /.index.php (Silence is golden) * /XXXXXXXXXXXXX (Secret dir for store files) */ function protect_upload_dir() { // Protected secret name LEVEL 1 $dir_level1 = $this->get_protected_dir_name(); // Install files and folders for uploading files and prevent hotlinking $upload_dir = wp_upload_dir(); $files = array( array( 'base' => $upload_dir['basedir'] . '/' . $dir_level1, 'file' => '.htaccess', 'content' => 'Options -Indexes' . "\n" . 'deny from all' ) , array( 'base' => $upload_dir['basedir'] . '/' . $dir_level1, 'file' => 'index.php', 'content' => 'settings['upload_button'] = $jq_selector; } /** Define element for inserting URL of file from wp media * * @param type $jq_selector */ public function set_element_insert_url( $jq_selector ) { $this->settings['element_insert_url'] = $jq_selector; } public function js() { //set JavaScript only if we set upload button $jq_sel_upload_button = $this->get_settings( 'upload_button' ); if ( empty( $jq_sel_upload_button ) ) return; ?> */ function wpbm_upload() { return WPBM_Upload::init(); } wpbm_upload(); // Start