· 7 years ago · Jul 21, 2018, 12:06 PM
1<?php defined('ABSPATH') OR die('restricted access');
2
3//@TODO: allow available uploads only
4//@TODO: automatically create playlist of multiple audio and video files
5if ( ! class_exists( 'eXc_Uploader_Class' ) )
6{
7 class eXc_Uploader_Class
8 {
9 private $eXc;
10 private $config = array();
11 private $allowed_mimes = array();
12 private $settings = array();
13 private $types = array( 'image', 'video', 'audio' );
14 private $allowed_post_types = array( 'post', 'exc_image_post', 'exc_video_post', 'exc_audio_post', 'exc_embed_url_post' );
15
16 private $post_type_icons = array( 'post' => 'fa-file-text-o', 'exc_image_post' => 'fa-file-image-o', 'exc_video_post' => 'fa-file-video-o', 'exc_audio_post' => 'fa-file-audio-o', 'exc_embed_url_post' => 'fa fa-link' );
17
18 function __construct( &$eXc )
19 {
20 $this->eXc = $eXc;
21
22 // Load media settings
23 $this->settings = get_option( 'mf_uploader_settings' );
24
25 // Restrict mime types
26 $this->allowed_mimes = exc_kv( $this->settings, 'allowed_mime', $this->types );
27
28 // Normalize the allowed file types
29 $this->allowed_post_types = exc_kv( $this->settings, 'allowed_post_types', $this->allowed_post_types );
30
31 // Ajax filtration
32 add_action( 'wp_ajax_exc_mf_media_filter', array( $this, 'apply_filters' ) );
33 add_action( 'wp_ajax_nopriv_exc_mf_media_filter', array( $this, 'apply_filters' ) );
34
35 //Ajax Users filtration
36 add_action( 'wp_ajax_exc_user_filter', array($this, 'apply_user_filters' ) );
37 add_action( 'wp_ajax_nopriv_exc_user_filter', array($this, 'apply_user_filters' ) );
38
39 add_action( 'wp_ajax_exc_uploader_post_data', array( &$this, 'get_post_data' ) );
40 add_action( 'wp_ajax_nopriv_exc_uploader_post_data', array( &$this, 'get_post_data' ) );
41
42 // Check if media upload is active on frontend
43 if ( exc_kv( $this->settings, 'status' ) != 'on' )
44 {
45 // Automatically destroy this class
46 return $this->eXc->_load_status = false;
47 }
48
49 if ( ( is_admin() && ! exc_is_ajax_request() ) )
50 {
51 add_action( 'load-post.php', array( &$this, 'register_metabox' ), 5 );
52 add_action( 'load-post-new.php', array( &$this, 'register_metabox' ), 5 );
53
54 // Do nothing on backend
55 return;
56 }
57
58 //Load Style and Scripts
59 add_action( 'wp_enqueue_scripts', array( $this, 'js_files' ) );
60
61 //Load Wordpress Helper
62 $this->eXc->load_file( 'functions/wp_helper' );
63
64 // Ajax entry / upload validation
65 add_action( 'wp_ajax_exc_mf_uploader_entry', array( $this, 'save_post' ) );
66 add_action( 'wp_ajax_nopriv_exc_mf_uploader_entry', array( $this, 'save_post' ) );
67
68 // Ajax Twitter Entry / Upload Validation
69 add_action( 'wp_ajax_exc_video_url_uploader_entry', array( $this, 'save_embed_url_post' ) );
70 add_action( 'wp_ajax_nopriv_exc_video_url_uploader_entry', array( $this, 'save_embed_url_post' ) );
71
72 // Delete Attachment
73 add_action( 'wp_ajax_exc_uploader_delete_file', array( $this, 'delete_post_attachments' ) );
74 add_action( 'wp_ajax_nopriv_exc_uploader_delete_file', array( $this, 'delete_post_attachments' ) );
75
76 if ( ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) )
77 {
78 $this->config = $this->eXc->load_config_file( 'uploader/frontend_post' );
79 $this->eXc->load( 'core/form_class' )->prepare_fields( $this->config );
80 }
81
82 //add Post
83 add_action( 'wp_ajax_nopriv_exc_media_upload', array( &$this, 'save_attachment' ) );
84 add_action( 'wp_ajax_exc_media_upload', array( &$this, 'save_attachment' ) );
85
86 add_filter( 'the_content', array( &$this, 'content_filter' ) );
87 }
88
89 private function update_post_metadata( $post_id, $post_data )
90 {
91 // consider all extra fields as meta data
92 if ( isset( $post_data['post_title'] ) )
93 {
94 foreach ( $this->config['_config'] as $k => $v )
95 {
96 if ( ! isset( $post_data[ $k ] ) )
97 {
98 $value = $this->eXc->validation->set_value( $k );
99
100 add_post_meta( $post_id, $k, $value, true ) || update_post_meta( $post_id, $k, $value );
101 }
102 }
103 }
104 }
105
106 public function get_post_data()
107 {
108 if ( ! is_user_logged_in() )
109 {
110 exc_die( esc_html__( 'You must login to access post data.', 'uploader-plugin' ) );
111 }
112
113 $post_id = exc_kv( $_POST, 'post_id' );
114 $secret_key = exc_kv( $_POST, 'secret_key' );
115
116 if ( ! intval( $post_id )
117 || ! current_user_can( 'edit_posts', $post_id ) )
118 {
119 exc_die( esc_html__( 'You do not have permission to access this data.', 'uploader-plugin' ) );
120 }
121
122 $post = get_post( $post_id );
123
124 // Edit only allowed post types
125 if ( empty( $post ) || ! in_array( $post->post_type, $this->allowed_post_types ) )
126 {
127 exc_die( esc_html__( 'Invalid Request, please contact admin for more information.', 'uploader-plugin' ) );
128 }
129
130 $this->config = $this->eXc->load_config_file( 'uploader/frontend_post', array( 'post_id' => $post_id ) );
131
132 // Find all extra fields in meta settings
133 $settings = array();
134
135 $this->eXc->load('core/form_class')->prepare_fields( $this->config );
136 $fields =& $this->eXc->form->get_fields_list( 'uploader_frontend_post' );
137
138 foreach ( $fields as $field )
139 {
140 $fieldname = $field->config['name'];
141
142 if ( property_exists( $post, $fieldname ) )
143 {
144 $value = $post->{ $fieldname };
145
146 if ( $fieldname == 'post_password' )
147 {
148 $value = str_repeat( '*', strlen( $value ) );
149 } elseif ( $fieldname == 'post_content' || $fieldname == 'post_excerpt' )
150 {
151 $value = html_entity_decode( $value );
152 }
153
154 $settings[ $fieldname ] = $value;
155 } elseif( $fieldname == 'post_category' )
156 {
157 $settings[ $fieldname ] = wp_get_post_categories( $post->ID );
158
159 } elseif( $fieldname == 'tags_input' )
160 {
161 $tag_name = array();
162
163 $tags = wp_get_post_terms( $post->ID );
164
165 foreach ( $tags as $tag ) {
166 $tag_name[] = $tag->name;
167 }
168
169 $settings[ $fieldname ] = implode( ', ', $tag_name );
170
171 // $settings[ $fieldname ] = wp_get_post_tags( $post->ID, array( 'fields' => 'all' ) );
172 } else
173 {
174 $value = get_post_meta( $post->ID, $fieldname, true );
175 $settings[ $fieldname ] = $value;
176 }
177 }
178
179 if ( isset( $settings[ 'post_password' ] ) && ! empty( $settings['post_password'] ) ) {
180 $settings['post_status'] = 'protected';
181 }
182
183 $this->eXc->validation->set_data( $settings, TRUE );
184 $this->eXc->load( 'core/form_class' )->prepare_fields( $this->config );
185
186 $this->eXc->form->apply_validation();
187
188 ob_start();
189
190 $this->eXc->form->get_html( $this->config['_config'] );
191 $this->eXc->form->get_form_settings( $this->config['_name'], array( 'action' => 'exc_mf_uploader_entry', 'post_id' => $post_id, 'secret_key' => wp_create_nonce( "exc-media-uploader-$post_id" ) ) );
192
193 $content = ob_get_contents();
194
195 ob_end_clean();
196
197 if ( 'publish' == $post->post_status ) {
198 $preview_link = esc_url( get_permalink( $post->ID ) );
199 } else {
200 $preview_link = set_url_scheme( get_permalink( $post->ID ) );
201 $preview_link = esc_url( add_query_arg( 'preview', 'true', $preview_link ) );
202 }
203
204 $args = array(
205 'numberposts' => -1,
206 'order' => 'ASC',
207 'post_mime_type' => implode( ', ', $this->allowed_mimes ),
208 'post_parent' => $post->ID,
209 'post_status' => 'inherit',
210 'post_type' => 'attachment',
211 );
212
213 $attachments = get_children( $args );
214
215 $response = array(
216 'form_data' => $content,
217 'featured_image' => get_post_thumbnail_id( $post_id ),
218 'attachments' => array(),
219 'preview_link' => $preview_link,
220 'post_type' => $post->post_type
221 );
222
223 $featured_image_id = get_post_thumbnail_id( $post_id );
224
225 // Keep order
226 $response['attachments'] = array();
227
228 // Custom Layout Settings
229 $metadata = get_post_meta( $post_id, 'mf_layout', TRUE );
230
231 // Keep the metabox order
232 if ( ! empty( $metadata['post_attachments'] ) )
233 {
234 foreach ( $metadata['post_attachments'] as $attachment )
235 {
236 $response['attachments'][ 'attachment-' . $attachment['attachment_id'] ] = array();
237 }
238 }
239
240 foreach ( $attachments as $index => $attachment )
241 {
242 $metadata = wp_get_attachment_metadata( $attachment->ID );
243
244 // @TODO: create the list based on config file
245 $response['attachments'][ 'attachment-' . $attachment->ID ] =
246 array(
247 'id' => $attachment->ID,
248 'attachment_title' => $attachment->post_title,
249 'attachment_content'=> $attachment->post_content,
250 'attachment_source' => exc_kv( $metadata, 'attachment_source' ),
251 'type' => $attachment->post_mime_type,
252 'featured' => ( $featured_image_id == $attachment->ID ) ? "1" : "",
253 'file_date' => sprintf(
254 esc_html_x( 'Submitted: %s', 'Uploader attachment time', 'uploader-plugin' ),
255 get_the_time( get_option( 'date_format' ), $attachment )
256 )
257 );
258 }
259
260 $response['attachments'] = array_filter( $response['attachments'] );
261// printr( $response );
262 exc_success( $response );
263 }
264
265 function save_attachment()
266 {
267 if ( ! is_user_logged_in() )
268 {
269 exc_die( esc_html__('You must login before uploading files.', 'uploader-plugin' ) );
270 }
271
272 $post_id = exc_kv( $_POST, 'post_id' );
273 $secret_key = exc_kv( $_POST, 'secret_key' );
274 $attachment_id = exc_kv( $_POST, 'attachment_file_id' );
275
276 if ( ! intval( $post_id ) || empty( $attachment_id )
277 || ! wp_verify_nonce( $secret_key, "exc-media-uploader-$post_id" )
278 || ! current_user_can( 'edit_posts', $post_id ) )
279 {
280 exc_die( esc_html__( 'You do not have permission to add / edit this post.', 'uploader-plugin' ) );
281 }
282
283 $attachment_config = $this->eXc->load_config_file( 'uploader/attachments' );
284 $db_name = exc_kv( $attachment_config, 'db_name' );
285
286 $attachments_fields = exc_kv( $attachment_config, '_config', array() );
287
288 unset( $attachment_config );
289
290 $attachment_data_fields = array();
291 $is_featured_image = ( ! empty( $_POST[ $attachment_id . '_featured_image'] ) ) ? TRUE : FALSE;
292
293 foreach ( $attachments_fields as $fieldname => $field )
294 {
295 $post_field_name = $attachment_id . '_' . $fieldname;
296
297 $attachment_data_fields[ $post_field_name ] = $fieldname;
298
299 $this->eXc->validation->set_rules( $post_field_name, $field['label'], $field['validation'] );
300 }
301
302 $this->eXc->validation->run();
303
304 if ( count( $this->eXc->validation->errors_array() ) )
305 {
306 exc_die( $this->eXc->validation->errors_array() );
307 }
308
309 // Upload File
310 $file = exc_kv( $_FILES, 'async-upload' );
311
312 // Make sure the file type is allowed
313 // @TODO: add additional condition to make sure the file is not from hackers
314 $type = current( (array) explode( '/', $file['type'] ) );
315
316 $allowed_mimetypes = $this->allowed_mimetype();
317
318 if ( false === in_array( $file['type'], $this->allowed_mimetype() ) )
319 {
320 exc_die(
321 sprintf(
322 __( 'You must upload only supported %s files.', 'uploader-plugin' ),
323 implode( ', ', array_keys( $allowed_mimetypes ) )
324 )
325 );
326 }
327
328 // Check attachment limits
329 if ( ! current_user_can( 'manage_options' ) )
330 {
331 // Get all the attachments
332 $attachments = new WP_QUERY(
333 array(
334 'numberposts' => -1,
335 'post_type' => 'attachment',
336 'post_mime_type' => implode( ', ', $this->allowed_mimes ),
337 'post_parent' => $post_id,
338 'post_status' => 'inherit',
339 )
340 );
341
342 if ( $attachments->found_posts >
343 exc_kv( $this->settings, 'attachments_limit', 5 ) )
344 {
345 exc_die( esc_html__( 'We are sorry but you already reached your maximum attachments limit.', 'uploader-plugin' ) );
346 }
347
348 unset( $attachments );
349 }
350
351 // Upload File
352 $upload = wp_handle_upload( $file, array( 'test_form' => false ) );
353
354 // IOS has auto image rotation bug so fix it
355 if ( 'image' == $type ) {}
356
357 if ( ! isset( $upload['file'] ) )
358 {
359 exc_die(
360 sprintf(
361 __( 'Unable to upload "%s", Possible file upload attack.', 'uploader-plugin' ),
362 $file['name']
363 )
364 );
365 }
366
367 $filename = $upload['file'];
368
369 $attachment = array(
370 'post_mime_type' => $upload['type'],
371 'guid' => $upload['url'],
372 'post_parent' => $post_id,
373 'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $filename ) ),
374 'post_content' => ''
375 );
376
377 $metadata = array();
378
379 // Add attachment id
380 $post_attachment_data = array();
381 $post_attachment_data[ 'attachment_id' ] = 0;
382
383 foreach ( $attachment_data_fields as $post_field_name => $config_field_name )
384 {
385 $value = $this->eXc->validation->set_value( $post_field_name );
386
387 if ( $config_field_name == 'attachment_title' && $value )
388 {
389 $attachment['post_title'] = $value;
390 } elseif ( $config_field_name == 'attachment_content' && $value )
391 {
392 $attachment['post_content'] = $value;
393 } else
394 {
395 $metadata[ $config_field_name ] = $value;
396 }
397
398 $post_attachment_data[ $config_field_name ] = $value;
399 }
400
401 $attachment_id = wp_insert_attachment( $attachment, $filename, $post_id );
402
403 if ( is_wp_error( $attachment_id ) )
404 {
405 $this->removeFile( $upload ); // Remove uploaded file
406 exc_die( sprintf( __( 'There was an error while uploading the image.', 'uploader-plugin' ), $filename ) );
407 }
408
409 $metadata = array_merge( wp_generate_attachment_metadata( $attachment_id, $filename ), (array) $metadata );
410
411 wp_update_attachment_metadata( $attachment_id, $metadata );
412
413 // Update Meta
414 $post_settings = (array) get_post_meta( $post_id, $db_name, TRUE );
415
416 $post_attachment_data[ 'attachment_title' ] = ( $post_attachment_data[ 'attachment_title' ] )
417 ? $post_attachment_data[ 'attachment_title' ]
418 : $attachment['post_title'];
419
420 $post_attachment_data[ 'attachment_id' ] = $attachment_id;
421 $post_attachment_data[ 'attachment_type' ] = 'attachment';
422
423 $post_settings['post_attachments'][] = $post_attachment_data;
424
425 update_post_meta( $post_id, $db_name, $post_settings );
426
427 $post_attachment_data['id'] = $attachment_id;
428 $post_attachment_data['type'] = $upload['type'];
429 $post_attachment_data['file_date'] = esc_html_x( 'Submitted: Today', 'Uploader attachment time', 'uploader-plugin' );
430
431 // If this post has no featured image and this is image then set it as featured image
432 // @TODO: give users option to set the post thumbnail
433 if ( $is_featured_image && $type == 'image' )
434 {
435 set_post_thumbnail( $post_id, $attachment_id );
436
437 $post_attachment_data[ 'featured' ] = 1;
438 }
439
440 unset( $post_attachment_data[ 'attachment_id' ] );
441
442 wp_send_json_success( array( $attachment_id => $post_attachment_data ) );
443 }
444
445 function allowed_mimetype()
446 {
447 //@TODO: Move this code to method
448 $wp_allowed_mimes = get_allowed_mime_types();
449
450 if ( ! is_array( $this->allowed_mimes ) ) {
451 $this->allowed_mimes = array( $this->allowed_mimes );
452 }
453
454 $allowed_mimes = array();
455
456 foreach ( $this->allowed_mimes as $mime ) {
457
458 if ( empty( $mime ) ) {
459 continue;
460 }
461
462 // Fix for Chrome uploaded audio mp3
463 if ( $mime == 'audio' )
464 {
465 $allowed_mimes[ 'mp3' ] = 'audio/mp3';
466 }
467
468 $is_mime = strstr($mime, '/');
469
470 foreach ( $wp_allowed_mimes as $k => $v ) {
471
472 if ( $is_mime ) {
473
474 if ( $v == $mime ) {
475
476 $allowed_mimes[ $k ] = $v;
477 break;
478 }
479
480 } elseif ( false !== strstr($v, $mime . '/') ) {
481 $allowed_mimes[ $k ] = $v;
482 }
483 }
484
485 }
486
487 return $allowed_mimes;
488 }
489
490 function save_post()
491 {
492 if ( ! is_user_logged_in() )
493 {
494 exc_die( __('You must register before uploading files.', 'uploader-plugin' ) );
495 }
496
497 $post_id = exc_kv( $_POST, 'post_id', 0 );
498 $secret_key = exc_kv( $_POST, 'secret_key' );
499
500 $this->config = $this->eXc->load_config_file( 'uploader/frontend_post', array( 'post_id' => $post_id ) );
501 $this->eXc->load( 'core/form_class' )->prepare_fields( $this->config );
502
503 if ( ! is_numeric( $post_id )
504 || ! wp_verify_nonce( $secret_key, "exc-media-uploader-$post_id" )
505 || ( $post_id && ! current_user_can( 'edit_posts', $post_id ) ) )
506 {
507 exc_die( __( 'You do not have permission to add / edit this post.', 'uploader-plugin' ) );
508 }
509
510 // Display Form Errors
511 if ( $errors = $this->eXc->validation->errors_array() )
512 {
513 exc_die( $errors );
514 }
515
516 // Quick Hack for POST ID
517 if ( $post_id )
518 {
519 $_POST['ID'] = $post_id;
520
521 } else // new post?
522 {
523 // check if the post type is allowed
524 $post_type = exc_kv( $_POST, 'post_type' );
525
526 if ( ! in_array( $post_type, $this->allowed_post_types ) )
527 {
528 exc_die( esc_html__( 'Invalid post type, please refresh page and try again.', 'uploader-plugin' ) );
529 }
530
531 // Additional Security to make sure the allowed post type is available
532 if ( ! post_type_exists( $post_type ) )
533 {
534 exc_die(
535 sprintf(
536 __( '%s posts are not supported.', 'uploader-plugin' ),
537 exc_to_text( $post_type )
538 )
539 );
540 }
541
542 if ( ! current_user_can( 'manage_options' ) ) // check post limits, if not admin
543 {
544 if ( exc_count_user_posts( get_current_user_ID(), $this->allowed_post_types, array( 'publish', 'private', 'pending', 'draft' ) ) >
545 exc_kv( $this->settings, 'posts_limit', 10 ) )
546 {
547 exc_die( esc_html__( 'We are sorry but you already reached your maximum posts limit.', 'uploader-plugin' ) );
548 }
549 }
550 }
551
552 $post_data = array();
553
554 $fields =& $this->eXc->form->get_fields_list( 'uploader/frontend_post' );
555
556 foreach ( $fields as $field )
557 {
558 $post_data[ $field->config['name'] ] = $field->set_value();
559 }
560
561 // normalize post data
562 $post_data = $this->normalize_post_data( $_POST );
563
564 // We already checked that user has permission to edit this post
565 if ( $post_id )
566 {
567 // Make sure that we are not going to update the post_type
568 unset( $post_data['post_type'] );
569
570 if ( ! empty( $_POST['attachments'] ) && $attachments = json_decode( stripslashes( $_POST['attachments'] ), TRUE ) )
571 {
572 $attachment_config = $this->eXc->load_config_file( 'uploader/attachments' );
573 $db_name = exc_kv( $attachment_config, 'db_name' );
574
575 $attachments_fields = exc_kv( $attachment_config, '_config', array() );
576
577 unset( $attachment_config );
578
579 // Hack Post
580 $copy_field_data = $this->eXc->validation->_field_data;
581
582 $_POST = array();
583 $this->eXc->validation->_field_data = array();
584
585 // Hack post data
586 $hack_post_data = array();
587 $attachments_data = array();
588
589 foreach ( $attachments as $attachment_id => $attachment )
590 {
591 if ( ! empty ( $attachment['attachment_id'] ) && intval( $attachment['attachment_id'] )
592 && ! empty( $attachment['attachment_data'] ) )
593 {
594 foreach ( (array) $attachment['attachment_data'] as $data_key => $data_value )
595 {
596 $hack_post_data[ $data_key ] = $data_value;
597 $attachments_data[ $attachment['attachment_id'] ][ $data_key ] = $data_value;
598 }
599
600 } else
601 {
602 // Automatically remove invalid requests
603 unset( $attachments[ $attachment_id ] );
604 }
605 }
606
607 $this->eXc->validation->set_data( $hack_post_data, TRUE );
608
609 $attachments = $attachments_data;
610
611 // Reduce memory load
612 unset( $attachments_data );
613 unset( $hack_post_data );
614
615 // Data Validation
616 $data_fields = array();
617 $featured_image_id = 0;
618
619 foreach ( $attachments as $attachment_id => $attachment )
620 {
621 if ( ! $featured_image_id && ! empty( $attachment[ $attachment_id . '_featured_image'] ) )
622 {
623 $featured_image_id = $attachment_id;
624 }
625
626 foreach ( $attachments_fields as $fieldname => $field )
627 {
628 $post_field_name = $attachment_id . '_' . $fieldname;
629 $data_fields[ $attachment_id ][ $post_field_name ] = $fieldname;
630
631 $this->eXc->validation->set_rules( $attachment_id . '_' . $fieldname, $field['label'], $field['validation'] );
632 }
633 }
634
635 $this->eXc->validation->run();
636
637 if ( count( $this->eXc->validation->errors_array() ) )
638 {
639 exc_die( $this->eXc->validation->errors_array() );
640
641 } else
642 {
643 // Make sure that the attachment is a part of the parent post
644 $args = array(
645 'numberposts' => -1,
646 'order' => 'ASC',
647 'post_mime_type' => implode( ', ', $this->allowed_mimes ),
648 'post_parent' => $post_id,
649 'post_status' => 'inherit',
650 'post_type' => 'attachment',
651 'post__in' => array_keys( $data_fields ),
652 'orderby' => 'post__in'
653 );
654
655 $attachments_posts = get_children( $args );
656 $post_attachment_data = array();
657 $index = 0;
658
659 foreach ( (array) $attachments_posts as $attachment )
660 {
661 $postdata = array();
662 $metadata = array();
663
664 $post_type = current( explode( '/', $attachment->post_mime_type ) );
665
666 if ( $featured_image_id == $attachment->ID )
667 {
668 if ( $post_type == 'image' )
669 {
670 set_post_thumbnail( $post_id, $featured_image_id );
671 }
672 }
673
674 // Add attachment id
675 $post_attachment_data[ $index ][ 'attachment_id' ] = $attachment->ID;
676 $post_attachment_data[ $index ][ 'attachment_type' ] = 'attachment';
677
678 foreach ( $data_fields[ $attachment->ID ] as $post_field_name => $config_field_name )
679 {
680 $value = $this->eXc->validation->set_value( $post_field_name );
681
682 // @NOTE: update attachment core data only if the attachment belongs to this post
683 if ( $post_id == $attachment->post_parent )
684 {
685 if ( $config_field_name == 'attachment_title' && $value )
686 {
687 $postdata[ 'post_title' ] = $value;
688 } elseif ( $config_field_name == 'attachment_content' && $value )
689 {
690 $postdata[ 'post_content' ] = $value;
691 } else
692 {
693 $metadata[ $config_field_name ] = $value;
694 }
695 }
696
697 $post_attachment_data[ $index ][ $config_field_name ] = $value;
698 }
699
700 // Update attachment ID
701 if ( ! empty( $postdata ) )
702 {
703 $postdata['ID'] = $attachment->ID;
704
705 wp_update_post( $postdata );
706 }
707
708 if ( ! empty( $metadata ) )
709 {
710 $metadata = wp_parse_args( $metadata, (array) wp_get_attachment_metadata( $attachment->ID ) );
711
712 wp_update_attachment_metadata( $attachment->ID, $metadata );
713 }
714
715 $index++;
716 }
717
718 if ( $db_name )
719 {
720 $post_settings = (array) get_post_meta( $post_id, $db_name, TRUE );
721 $post_settings['post_attachments'] = $post_attachment_data;
722
723 update_post_meta( $post_id, $db_name, $post_settings );
724 }
725 }
726 }
727
728 $post_id = wp_update_post( $post_data, TRUE );
729
730 $this->eXc->validation->_field_data = $copy_field_data;
731 } else
732 {
733 $post_id = wp_insert_post( $post_data, TRUE );
734 }
735
736 if ( is_wp_error( $post_id ) )
737 {
738 wp_die( $post_id->get_error_messages() );
739 }
740
741 $this->update_post_metadata( $post_id, $post_data );
742
743 if ( ! add_post_meta( $post_id, 'license', $post_data['license'], true ) ) {
744 update_post_meta( $post_id, 'license', $post_data['license'] );
745 }
746
747 if ( 'publish' == $post_data['post_status'] ) {
748 $preview_link = esc_url( get_permalink( $post_id ) );
749 } else {
750 $preview_link = set_url_scheme( get_permalink( $post_id ) );
751 $preview_link = add_query_arg( 'preview', 'true', $preview_link );
752 }
753
754 wp_send_json_success(
755 array(
756 'post_id' => $post_id,
757 'secret_key'=> wp_create_nonce( "exc-media-uploader-$post_id" ),
758 'link' => $preview_link
759 )
760 );
761 }
762
763 function save_embed_url_post()
764 {
765 if ( ! is_user_logged_in() )
766 {
767 exc_die( __('You must register before uploading files.', 'uploader-plugin' ) );
768 }
769
770 $post_id = exc_kv( $_POST, 'post_id', 0 );
771 $secret_key = exc_kv( $_POST, 'secret_key' );
772
773 $this->config = $this->eXc->load_config_file( 'uploader/embed_url_post', array( 'post_id' => $post_id ) );
774 $this->eXc->load( 'core/form_class' )->prepare_fields( $this->config );
775
776 if ( ! is_numeric( $post_id )
777 || ! wp_verify_nonce( $secret_key, "exc-video-url-post-$post_id" )
778 || ( $post_id && ! current_user_can( 'edit_posts', $post_id ) ) )
779 {
780 exc_die( esc_html__( 'You do not have permission to add / edit this post.', 'uploader-plugin' ) );
781 }
782
783 // Display Form Errors
784 if ( $errors = $this->eXc->validation->errors_array() ) {
785 exc_die( $errors );
786 }
787
788 // Quick Hack for POST ID
789 if ( $post_id ) {
790 $_POST['ID'] = $post_id;
791 } else {
792
793 // check if the post type is allowed
794 $post_type = exc_kv( $_POST, 'post_type' );
795
796 if ( ! in_array( $post_type, $this->allowed_post_types ) ) {
797 exc_die( esc_html__( 'Invalid post type, please refresh page and try again.', 'uploader-plugin' ) );
798 }
799
800 // Additional Security to make sure the allowed post type is available
801 if ( ! post_type_exists( $post_type ) ) {
802 exc_die(
803 sprintf(
804 __( '%s posts are not supported.', 'uploader-plugin' ),
805 exc_to_text( $post_type )
806 )
807 );
808 }
809
810 if ( ! current_user_can( 'manage_options' ) ) // check post limits, if not admin
811 {
812 if ( exc_count_user_posts( get_current_user_ID(), $this->allowed_post_types, array( 'publish', 'private', 'pending', 'draft' ) ) >
813 exc_kv( $this->settings, 'posts_limit', 10 ) )
814 {
815 exc_die( __( 'We are sorry but you already reached your maximum posts limit.', 'uploader-plugin' ) );
816 }
817 }
818 }
819
820 $post_data = array();
821
822 $fields =& $this->eXc->form->get_fields_list( 'uploader/embed_url_post' );
823
824 foreach ( $fields as $field )
825 {
826 $post_data[ $field->config['name'] ] = $field->set_value();
827 }
828
829 if ( isset( $_POST['title'] ) ) {
830 $_POST['post_title'] = $_POST['title'];
831 }
832
833 if ( isset( $_POST['description'] ) ) {
834 $_POST['post_content'] = $_POST['description'];
835 }
836
837 // normalize post data
838 $post_data = $this->normalize_post_data( $_POST );
839
840 if ( $post_id ) {
841
842 // Make sure that we are not going to update the post_type
843 unset( $post_data['post_type'] );
844
845 $post_data['post_status'] = get_post_status( $post_id );
846
847 if ( ! empty( $_POST['attachments'] ) && $attachments = json_decode( stripslashes( $_POST['attachments'] ), TRUE ) )
848 {
849 $attachment_config = $this->eXc->load_config_file( 'uploader/attachments' );
850 $db_name = exc_kv( $attachment_config, 'db_name' );
851
852 $attachments_fields = exc_kv( $attachment_config, '_config', array() );
853
854 unset( $attachment_config );
855
856 // Hack Post
857 $copy_field_data = $this->eXc->validation->_field_data;
858
859 $_POST = array();
860 $this->eXc->validation->_field_data = array();
861
862 // Hack post data
863 $hack_post_data = array();
864 $attachments_data = array();
865
866 foreach ( $attachments as $attachment_id => $attachment )
867 {
868 if ( ! empty ( $attachment['attachment_id'] ) && intval( $attachment['attachment_id'] )
869 && ! empty( $attachment['attachment_data'] ) )
870 {
871 foreach ( (array) $attachment['attachment_data'] as $data_key => $data_value )
872 {
873 $hack_post_data[ $data_key ] = $data_value;
874 $attachments_data[ $attachment['attachment_id'] ][ $data_key ] = $data_value;
875 }
876
877 } else
878 {
879 // Automatically remove invalid requests
880 unset( $attachments[ $attachment_id ] );
881 }
882 }
883
884 $this->eXc->validation->set_data( $hack_post_data, TRUE );
885
886 $attachments = $attachments_data;
887
888 // Reduce memory load
889 unset( $attachments_data );
890 unset( $hack_post_data );
891
892 // Data Validation
893 $data_fields = array();
894 $featured_image_id = 0;
895
896 foreach ( $attachments as $attachment_id => $attachment )
897 {
898 if ( ! $featured_image_id && ! empty( $attachment[ $attachment_id . '_featured_image'] ) )
899 {
900 $featured_image_id = $attachment_id;
901 }
902
903 foreach ( $attachments_fields as $fieldname => $field )
904 {
905 $post_field_name = $attachment_id . '_' . $fieldname;
906 $data_fields[ $attachment_id ][ $post_field_name ] = $fieldname;
907
908 $this->eXc->validation->set_rules( $attachment_id . '_' . $fieldname, $field['label'], $field['validation'] );
909 }
910 }
911
912 $this->eXc->validation->run();
913
914 if ( count( $this->eXc->validation->errors_array() ) )
915 {
916 exc_die( $this->eXc->validation->errors_array() );
917
918 } else
919 {
920 // Make sure that the attachment is a part of the parent post
921 $args = array(
922 'numberposts' => -1,
923 'order' => 'ASC',
924 'post_mime_type' => implode( ', ', $this->allowed_mimes ),
925 'post_parent' => $post_id,
926 'post_status' => 'inherit',
927 'post_type' => 'attachment',
928 'post__in' => array_keys( $data_fields ),
929 'orderby' => 'post__in'
930 );
931
932 $attachments_posts = get_children( $args );
933 $post_attachment_data = array();
934 $index = 0;
935
936 foreach ( (array) $attachments_posts as $attachment )
937 {
938 $postdata = array();
939 $metadata = array();
940
941 $post_type = current( explode( '/', $attachment->post_mime_type ) );
942
943 if ( $featured_image_id == $attachment->ID )
944 {
945 if ( $post_type == 'image' )
946 {
947 set_post_thumbnail( $post_id, $featured_image_id );
948 }
949 }
950
951 // Add attachment id
952 $post_attachment_data[ $index ][ 'attachment_id' ] = $attachment->ID;
953 $post_attachment_data[ $index ][ 'attachment_type' ] = 'attachment';
954
955 foreach ( $data_fields[ $attachment->ID ] as $post_field_name => $config_field_name )
956 {
957 $value = $this->eXc->validation->set_value( $post_field_name );
958
959 // @NOTE: update attachment core data only if the attachment belongs to this post
960 if ( $post_id == $attachment->post_parent )
961 {
962 if ( $config_field_name == 'attachment_title' && $value )
963 {
964 $postdata[ 'post_title' ] = $value;
965 } elseif ( $config_field_name == 'attachment_content' && $value )
966 {
967 $postdata[ 'post_content' ] = $value;
968 } else
969 {
970 $metadata[ $config_field_name ] = $value;
971 }
972 }
973
974 $post_attachment_data[ $index ][ $config_field_name ] = $value;
975 }
976
977 // Update attachment ID
978 if ( ! empty( $postdata ) )
979 {
980 $postdata['ID'] = $attachment->ID;
981
982 wp_update_post( $postdata );
983 }
984
985 if ( ! empty( $metadata ) )
986 {
987 $metadata = wp_parse_args( $metadata, (array) wp_get_attachment_metadata( $attachment->ID ) );
988
989 wp_update_attachment_metadata( $attachment->ID, $metadata );
990 }
991
992 $index++;
993 }
994
995 if ( $db_name )
996 {
997 $post_settings = (array) get_post_meta( $post_id, $db_name, TRUE );
998 $post_settings['post_attachments'] = $post_attachment_data;
999
1000 update_post_meta( $post_id, $db_name, $post_settings );
1001 }
1002 }
1003 }
1004
1005 $post_id = wp_update_post( $post_data, TRUE );
1006
1007 $this->eXc->validation->_field_data = $copy_field_data;
1008 } else {
1009 $post_id = wp_insert_post( $post_data, TRUE );
1010 }
1011
1012 if ( is_wp_error( $post_id ) ) {
1013 wp_die( $post_id->get_error_messages() );
1014 }
1015
1016 $this->update_post_metadata( $post_id, $post_data );
1017
1018 $mf_embed_url = array();
1019
1020 if ( isset( $_POST['video_url'] ) && ! empty( $_POST['video_url'] ) ) {
1021
1022 $mf_embed_url = array( 'video_url' => $_POST['video_url'] );
1023
1024 if ( add_post_meta( $post_id, 'mf_embed_url', $mf_embed_url, true ) ) {
1025 update_post_meta( $post_id, 'mf_embed_url', $mf_embed_url );
1026 }
1027 }
1028
1029 if ( 'publish' == $post_data['post_status'] ) {
1030 $preview_link = esc_url( get_permalink( $post_id ) );
1031 } else {
1032 $preview_link = set_url_scheme( get_permalink( $post_id ) );
1033 $preview_link = add_query_arg( 'preview', 'true', $preview_link );
1034 }
1035
1036 wp_send_json_success(
1037 array(
1038 'post_id' => $post_id,
1039 'secret_key'=> wp_create_nonce( "exc-media-uploader-$post_id" ),
1040 'link' => $preview_link
1041 )
1042 );
1043 }
1044
1045 function delete_post_attachments()
1046 {
1047 // @TODO: Nonce Verification
1048 if ( ! is_user_logged_in() )
1049 {
1050 exc_die( __('You must register to preform this action.', 'uploader-plugin' ) );
1051 }
1052
1053 $attachment_id = exc_kv( $_POST, 'id' );
1054
1055 if ( ! intval( $attachment_id )
1056 || FALSE === get_post_status( $attachment_id ) || ! current_user_can( 'delete_post', $attachment_id ) )
1057 {
1058 exc_die( esc_html__( 'Invalid Request, please contact admin for more information.', 'uploader-plugin' ) );
1059 }
1060
1061 $post = get_post( $attachment_id );
1062
1063 if ( empty( $post ) || 'attachment' != $post->post_type || ! $post->post_parent )
1064 {
1065 exc_die( esc_html__( 'Invalid Request, please contact admin for more information.', 'uploader-plugin' ) );
1066 }
1067
1068 // Make sure the user is not deleting the featured image
1069 $type = current( explode( '/', $post->post_mime_type ) );
1070
1071 if ( 'image' == $type &&
1072 'on' == exc_kv( $this->settings, 'featured_image')
1073 && intval( $post->post_parent ) )
1074 {
1075 $thumbnail_id = get_post_thumbnail_id( $post->post_parent );
1076
1077 if ( $thumbnail_id == $attachment_id )
1078 {
1079 exc_die( esc_html__('You cannot delete featured image without selecting another image as featured.', 'uploader-plugin' ) );
1080 }
1081 }
1082
1083 if ( false === wp_delete_attachment( $attachment_id ) )
1084 {
1085 exc_die( esc_html__( "An unknown error has been occured, please try again or contact admin", 'uploader-plugin' ) );
1086 }
1087
1088 // Delete from the list as well
1089 $metadata = get_post_meta( $post->post_parent, 'mf_layout', TRUE );
1090 $post_attachments = (array) exc_kv( $metadata, 'post_attachments' );
1091
1092 foreach ( $post_attachments as $index => $attachment )
1093 {
1094 if ( isset( $attachment['attachment_id'] ) &&
1095 $attachment['attachment_id'] == $post->ID )
1096 {
1097 unset( $post_attachments[ $index ] );
1098 }
1099 }
1100
1101 $metadata['post_attachments'] = array_values( $post_attachments );
1102
1103 update_post_meta( $post->post_parent, 'mf_layout', $metadata );
1104
1105 wp_send_json_success();
1106 }
1107
1108 function js_files()
1109 {
1110 wp_register_script( 'exc-plupload', get_template_directory_uri() . '/js/uploader.min.js',
1111 array( 'underscore', 'wp-ajax-response', 'plupload-all', 'jquery-ui-sortable' ), '1.2', true );
1112
1113 $allowed_files = str_replace('|', ',', implode( (array) array_keys( $this->allowed_mimetype() ), ',') );
1114
1115 $current_user_posts = exc_count_user_posts( get_current_user_ID(), $this->allowed_post_types, array( 'publish', 'private', 'pending' ) );
1116 $post_limit = ( ! current_user_can('manage_options') ) ? ( exc_kv( $this->settings, 'posts_limit', 10 ) - $current_user_posts ) : 0;
1117
1118 $allowed_post_types = $this->get_allowed_post_types_array();
1119
1120 $upload_settings = array(
1121 'settings' =>
1122 array(
1123 'runtimes' => 'html5,silverlight,flash,html4',
1124 'file_data_name' => 'async-upload',
1125 'browse_button' => 'exc-media-upload-primary-btn',
1126 'multiple_queues' => true,
1127 'max_file_size' => exc_kv( $this->settings, 'max_file_size', wp_max_upload_size() ) . 'b',
1128 'url' => admin_url('admin-ajax.php'),
1129 'flash_swf_url' => includes_url('js/plupload/plupload.flash.swf'),
1130 'silverlight_xap_url' => includes_url('js/plupload/plupload.silverlight.xap'),
1131 'multipart' => true,
1132 'urlstream_upload' => true,
1133 'sortable' => true,
1134
1135 'rename' => ( exc_kv( $this->settings, 'rename' ) == 'on' ) ? true : false,
1136 'prevent_duplicates' => ( exc_kv( $this->settings, 'prevent_duplicates' ) == 'on' ) ? true : false,
1137 'filters' => array(
1138 array(
1139 'title' => _x( 'Allowed Media Files', 'media upload', 'uploader-plugin'),
1140 'extensions' => $allowed_files,
1141 ),
1142 ),
1143
1144 'multipart_params' => array(
1145 'action' => 'exc_media_upload',
1146 ),
1147
1148 'wp' => array(
1149 'post_limit' => $post_limit,
1150 'attachments_limit' => ( ! current_user_can('manage_options') ) ? exc_kv( $this->settings, 'attachments_limit', 5 ) : 0,
1151 'featured_image' => ( exc_kv($this->settings, 'featured_image') == 'on') ? true : false,
1152 'allowed_post_types'=> $allowed_post_types,
1153 'on_success' => exc_kv( $this->settings, 'form_save', 'default' )
1154 ),
1155 ),
1156
1157 'noimage' => get_template_directory_uri() . '/images/no-image.png',
1158
1159 'i18n' => array(
1160 'messages' => array( 'File size error.' => esc_html__( 'File Size Error.', 'uploader-plugin' ) ),
1161 'modal' => array(
1162 'frameTitle' => esc_html_x( 'Media Uploader', 'Extracoding Uploader', 'uploader-plugin' ),
1163 'attachmentPanelHeading' => esc_html_x( 'Your Attachments', 'Extracoding Uploader', 'uploader-plugin' ),
1164 ),
1165
1166 'buttons' => array(
1167 'cancel' => esc_html_x( 'Cancel', 'Extracoding Uploader', 'uploader-plugin'),
1168 'delete' => esc_html_x( 'Delete', 'Extracoding Uploader', 'uploader-plugin'),
1169 'attachFiles' => esc_html_x( 'Attach Files', 'Extracoding Uploader', 'uploader-plugin'),
1170 'markFeatured' => esc_html_x( 'Mark Featured', 'Extracoding Uploader', 'uploader-plugin'),
1171 'createPlaylist'=> esc_html_x( 'Make Playlist', 'Extracoding Uploader', 'uploader-plugin'),
1172 'createList' => esc_html_x( 'Create List', 'Extracoding Uploader', 'uploader-plugin'),
1173 'featured' => esc_html_x( 'Featured Image', 'Extracoding Uploader', 'uploader-plugin'),
1174 'preview' => esc_html_x( 'Preview', 'Extracoding Uploader', 'uploader-plugin'),
1175 'save' => esc_html_x( 'Save Changes', 'Extracoding Uploader', 'uploader-plugin'),
1176 'saveDraft' => esc_html_x( 'Save Draft', 'Extracoding Uploader', 'uploader-plugin'),
1177 ),
1178
1179 'uploader' => array(
1180 'unknownError' => esc_html_x( 'An unknown error has been occured please try again.', 'Extracoding Uploader', 'uploader-plugin' ),
1181 'success' => esc_html_x( 'File uploaded Successfully.', 'Extracoding Uploader', 'uploader-plugin' ),
1182 'progress' => esc_html_x( 'Uploading %s', 'Extracoding Uploader', 'uploader-plugin' ),
1183 'cancel' => esc_html_x( '%s:- was removed successfully from uploader que.', 'Extracoding Uploader', 'uploader-plugin' ),
1184 'confirmDelete' => esc_html_x( 'Are you sure, you want to delete this file?.', 'Extracoding Uploader', 'uploader-plugin' ),
1185 'updateSuccess' => esc_html_x( 'Post updated successfully.', 'Extracoding Uploader', 'uploader-plugin'),
1186 'submittedToday'=> esc_html_x( 'Submitted: Today', 'Extracoding Uploader', 'uploader-plugin' )
1187 ),
1188
1189 'required' => array(
1190 'featuredImage' => esc_html_x( 'You must have to upload atleast one image.', 'Extracoding Uploader', 'uploader-plugin' ),
1191 'login' => sprintf( __( 'You must login to upload files, %s to login now.', 'uploader-plugin' ),
1192 '<a href="' . $_SERVER['REQUEST_URI'] . '#login">' . esc_html_x( 'Click here', 'Extracoding uploader', 'uploader-plugin' ) . '</a>'
1193 )
1194 ),
1195
1196 'requiredFeaturedImage' => esc_html__( 'You must have to upload atleast one image.', 'uploader-plugin' ),
1197
1198 'frameTitle' => esc_html__( 'Media Uploader', 'uploader-plugin' ),
1199 'frameHeadingSingular' => esc_html__( '%d file currently uploading.', 'uploader-plugin' ),
1200 'frameHeadingPlural' => esc_html__( '%d files currently uploading.', 'uploader-plugin' ),
1201 'featuredImage' => esc_html__( 'Please upload atleast one featured image.', 'uploader-plugin' ),
1202 'postLimit' => esc_html__( 'You can upload maximum %d files.', 'uploader-plugin' ),
1203 'attachmentLimit' => esc_html__( 'You can attach maximum %d files.', 'uploader-plugin' ),
1204 'unknownError' => esc_html__( 'An unknown error has occured please try again.', 'uploader-plugin' ),
1205 'settingsError' => esc_html__( 'The settings of file "%s" are missing.', 'uploader-plugin' ),
1206 'fileAddedSingular' => esc_html__( '%d new file added successfully.', 'uploader-plugin' ),
1207 'fileAddedPlural' => esc_html__( '%d new files added successfully.', 'uploader-plugin' ),
1208 'processing' => esc_html__( 'processing...', 'uploader-plugin' ),
1209 'uploading' => esc_html__( 'Uploading %s', 'uploader-plugin' ),
1210 'attachmentUpload' => esc_html__( 'Uploading attachment file %s', 'uploader-plugin' ),
1211 'fileDeleted' => esc_html__( '%s:- is removed successfully.', 'uploader-plugin' ),
1212 'uploaded' => esc_html__( 'File uploaded Successfully.', 'uploader-plugin' ),
1213 'attachmentQue' => esc_html__( 'Waiting for attachments.', 'uploader-plugin' ),
1214 'loginMessage' => sprintf( __( 'You must login to upload files, %s to login now.', 'uploader-plugin' ),
1215 '<a href="' . $_SERVER['REQUEST_URI'] . '#login">' . _x( 'Click here', 'extracoding uploader', 'uploader-plugin' ) . '</a>'
1216 )
1217 ),
1218
1219 );
1220
1221 wp_localize_script( 'exc-plupload', 'exc_plupload', $upload_settings );
1222 }
1223
1224 function apply_user_filters()
1225 {
1226 $query_id = ( isset( $_POST['query_id'] ) ) ? $_POST['query_id'] : '';
1227
1228 $user_data = array();
1229
1230 if ( isset( $_POST['sort_users'] ) )
1231 {
1232 switch( $_POST['sort_users'] )
1233 {
1234 case "most-appriciated":
1235 $user_data['orderby'] = 'appreciations';
1236 break;
1237
1238 case "most-viewed":
1239 $user_data['meta_key'] = '_exc_media_views';
1240 $user_data['orderby'] = 'meta_value';
1241 break;
1242
1243 case "most-discussed":
1244 $user_data['orderby'] = 'comment_count';
1245 break;
1246
1247 case "most-recent":
1248 $user_data['orderby'] = 'ID';
1249 break;
1250
1251 default:
1252
1253 if ( in_array( $user_data['meta_key'], array( 'most-appriciated', 'most-viewed', 'most-discussed', 'most-recent' ) ) )
1254 {
1255 $user_data['meta_key'] = '';
1256 }
1257
1258 $user_data['orderby'] = 'post_count';
1259 break;
1260 }
1261 }
1262
1263 $user_data['offset'] = $_POST['offset'];
1264
1265 // Order
1266 if ( isset( $_POST['order'] ) )
1267 {
1268 $user_data['order'] = ( strtolower( $_POST['order'] ) == 'asc' ) ? 'ASC' : 'DESC';
1269 }
1270
1271 // search query
1272 if ( isset( $_POST['s'] ) )
1273 {
1274 $user_data['s'] = $_POST['s'];
1275 }
1276
1277 //template
1278 if ( isset( $_POST['active_view'] ) ) {
1279 $user_data['active_view'] = ( $_POST['active_view'] == 'list' ) ? 'list' : 'grid';
1280 }
1281
1282 exc_mf_user_query( $user_data );
1283 }
1284
1285 function apply_filters()
1286 {
1287 $invalid_request = true;
1288
1289 if ( ! empty( $_POST["pk"] ) ) {
1290
1291 $query_id = $_POST["pk"];
1292 $user_data = get_transient( "exc_media_query_{$query_id}" );
1293
1294 if ( ! empty( $user_data ) ) {
1295 $invalid_request = false;
1296 }
1297 }
1298
1299 if ( $invalid_request )
1300 {
1301 exc_page_error( 'Page Expired',
1302 __( 'Sorry, it seems that you may recently logged in or logged out and that\'s why the page was expired, please refresh it and try again.', 'uploader-plugin' )
1303 );
1304
1305 }
1306
1307 if ( ! isset( $_POST['offset'] ) || ! is_numeric( $_POST['offset'] ) ) {
1308 $_POST['offset'] = $user_data['offset'];
1309 }
1310
1311 $user_data['offset'] = $_POST['offset'];
1312
1313 //Post type
1314 if ( isset( $_POST['post_type'] ) ) {
1315
1316 $post_type = $_POST['post_type'];
1317
1318 if ( $post_type == 'any' ) {
1319 unset( $user_data['post_type'] );
1320 } else {
1321 if ( ! in_array( $post_type, $this->allowed_post_types ) ) {
1322 exc_die( esc_html__("Invalid request, Possible hacking attempt!", 'uploader-plugin') );
1323 }
1324
1325 $user_data['post_type'] = $post_type;
1326 }
1327 }
1328
1329 // Paged
1330 if ( isset( $_POST['paged'] ) ) {
1331 $user_data['paged'] = ( is_numeric( $_POST['paged'] ) ) ? $_POST['paged'] : 0;
1332 }
1333
1334 //category
1335 if ( isset( $_POST['cat'] ) ) {
1336 $user_data['cat'] = $_POST['cat'];
1337 }
1338
1339 //template
1340 if ( isset( $_POST['active_view'] ) ) {
1341 $user_data['active_view'] = ( $_POST['active_view'] == 'list' ) ? 'list' : 'grid';
1342 }
1343
1344 //search query
1345 if ( isset( $_POST['s'] ) ) {
1346 $user_data['s'] = esc_attr( $_POST['s'] );
1347 }
1348
1349 $user_data["_cache_query"] = false;
1350 $user_data['post_status'] = 'publish';
1351
1352 exc_media_query( $user_data );
1353 }
1354
1355 public function get_option()
1356 {
1357 return $this->settings;
1358 }
1359
1360 public function register_metabox()
1361 {
1362 $typenow = exc_kv( $GLOBALS, 'typenow' );
1363
1364 if ( in_array( $typenow, $this->allowed_post_types ) )
1365 {
1366 add_filter( 'exc_config_array_metaboxes_layout_settings', array( &$this, 'extend_metabox_fields' ) );
1367 }
1368 }
1369
1370 public function extend_metabox_fields( $options )
1371 {
1372 $this->eXc->html->load_js_args( 'exc-dynamic-fields', $this->eXc->system_url('views/js/fields/dynamic-fields.js'), array( 'jquery-ui-sortable', 'exc-uploader-field' ) )
1373 ->inline_js( 'exc-uploader-field', $this->edit_page_custom_js(), array( 'exc-file-clickable' ), true );
1374
1375 add_filter( 'exc_before_meta_update', array( &$this, 'update_attachment_metadata' ) );
1376
1377 return $options;
1378 }
1379
1380 public function update_attachment_metadata( $settings )
1381 {
1382 if ( empty( $settings['post_attachments'] ) )
1383 {
1384 return $settings;
1385 }
1386
1387 foreach ( $settings['post_attachments'] as $index => $attachment_data )
1388 {
1389 $invalid_request = TRUE;
1390
1391 $attachment_type = exc_kv( $attachment_data, 'attachment_type' );
1392
1393 switch ( $attachment_type )
1394 {
1395 case "attachment" :
1396
1397 $attachment_id = ( ! empty( $attachment_data['attachment_id'] ) ) ? current( (array) $attachment_data['attachment_id'] ) : 0;
1398
1399 if ( ! intval( $attachment_id ) )
1400 {
1401 break;
1402 }
1403
1404 // @TODO: make only one request with post__in option
1405 $post = get_post( $attachment_id );
1406
1407 if ( ! $post || ! $post->post_type == 'attachment'
1408 || ! $post->post_mime_type )
1409 {
1410 break;
1411 }
1412
1413 wp_reset_postdata();
1414
1415 $post_type = current( (array) explode('/', $post->post_mime_type ) );
1416
1417 // Keep the post type record
1418 $settings['post_attachments'][ $index ]['_media_type'] = $post_type;
1419 $settings['post_attachments'][ $index ]['_post_parent'] = $post->post_parent;
1420
1421 // @TODO: use wordpress native functionality to retrive these links
1422 $settings['post_attachments'][ $index ]['_guid'] = $post->guid;
1423 $settings['post_attachments'][ $index ]['attachment_id'] = $post->ID;
1424
1425 // Mark as valid request
1426 $invalid_request = FALSE;
1427
1428 break;
1429
1430 case "video_playlist" :
1431 case "audio_playlist" :
1432
1433 $playlist_ids = exc_kv( $attachment_data, 'attachment_id' );
1434
1435 if ( empty( $playlist_ids ) )
1436 {
1437 break;
1438 }
1439
1440 $posts = get_posts(
1441 array(
1442 'ignore_sticky_posts' => 1,
1443 'post_type' => 'attachment',
1444 'post__in' => $playlist_ids,
1445 'orderby' => 'post__in',
1446 'posts_per_page' => -1
1447 )
1448 );
1449
1450 $allowed_mime_type = ( strstr( $attachment_type, 'video' ) ) ? 'video' : 'audio';
1451
1452 $playlist_ids = array();
1453
1454 foreach ( (array) $posts as $post )
1455 {
1456 $post_mime_type = current( (array) explode( '/', $post->post_mime_type ) );
1457
1458 if ( $allowed_mime_type == $post_mime_type )
1459 {
1460 $playlist_ids[] = $post->ID;
1461 }
1462 }
1463
1464 $settings['post_attachments'][ $index ]['attachment_id'] = $playlist_ids;
1465 $settings['post_attachments'][ $index ]['_media_type'] = $attachment_type;
1466
1467 wp_reset_postdata();
1468
1469 $invalid_request = FALSE;
1470
1471 break;
1472 }
1473
1474 if ( TRUE === $invalid_request )
1475 {
1476 // Automatically delete invalid settings
1477 unset( $settings['post_attachments'][ $index ] );
1478 }
1479 }
1480
1481 return $settings;
1482 }
1483
1484 private function normalize_post_data( $data = array() )
1485 {
1486 //@TODO: wordpress has built-in functionlity to handle post data, so remove this method
1487 $args = array(
1488 'ID' => '', // Are you updating an existing post?
1489 'post_content' => '', // The full text of the post.
1490 'post_name' => '', // The name (slug) for your post
1491 'post_title' => '', // The title of your post.
1492 'post_status' => 'draft', // Default 'draft'.
1493 'post_type' => 'post', // Default 'post'.
1494 'post_author' => '', // The user ID number of the author. Default is the current user ID.
1495 'ping_status' => '', // Pingbacks or trackbacks allowed. Default is the option 'default_ping_status'.
1496 'post_parent' => '', // Sets the parent of the new post, if any. Default 0.
1497 'menu_order' => '', // If new post is a page, sets the order in which it should appear in supported menus. Default 0.
1498 'to_ping' => '',// Space or carriage return-separated list of URLs to ping. Default empty string.
1499 'pinged' => '',// Space or carriage return-separated list of URLs that have been pinged. Default empty string.
1500 'post_password' => '', // Password for post, if any. Default empty string.
1501 'guid' => '', //Skip this and let Wordpress handle it, usually.
1502 'post_content_filtered' => '', // Skip this and let Wordpress handle it, usually.
1503 'post_excerpt' => '', // For all your post excerpt needs.
1504 'post_date' => '', // The time post was made.
1505 'post_date_gmt' => '', // The time post was made, in GMT.
1506 'comment_status' => '', // Default is the option 'default_comment_status', or 'closed'.
1507 'post_category' => '', // Default empty.
1508 'tags_input' => '', // Default empty.
1509 'tax_input' => '', // For custom taxonomies. Default empty.
1510 'page_template' => '', // Requires name of template file, eg template.php. Default empty.
1511 );
1512
1513 $post_args = array();
1514
1515 foreach ( $data as $k => $v ) {
1516
1517 if ( isset( $args[ $k ] ) ) {
1518 $post_args[ $k ] = $v;
1519 }
1520 }
1521
1522 $post_args['post_title'] = wp_strip_all_tags( $post_args['post_title'] );
1523
1524 //status should be pending or private only
1525 $post_args['post_status'] = ( $post_args['post_status'] == 'private' ) ? 'private' :
1526 exc_kv( $this->settings, 'post_status', 'pending' );
1527
1528 $post_args['license'] = ( $_POST['license'] ) ? $_POST['license'] : '';
1529
1530 $post_args['post_category'] = ( ! is_array( $post_args['post_category'] ) ) ? array( $post_args['post_category'] ) : $post_args['post_category'];
1531
1532 return $post_args;
1533 }
1534
1535 private function removeFile( $upload )
1536 {
1537 if( ! isset($upload['file']) )
1538 {
1539 return;
1540 }
1541
1542 @unlink($upload['file']);
1543 }
1544
1545 private function normalize_array($files)
1546 {
1547 $output = array();
1548
1549 foreach ( $files as $key => $list )
1550 {
1551 foreach ( $list as $index => $value )
1552 {
1553 $output[ $index ][ $key ] = $value;
1554 }
1555 }
1556
1557 return $output;
1558 }
1559
1560 public function get_allowed_post_types()
1561 {
1562 return $this->allowed_post_types;
1563 }
1564
1565 public function get_allowed_post_types_array()
1566 {
1567 $allowed_post_types = array();
1568
1569 foreach ( $this->allowed_post_types as $post_type )
1570 {
1571 $label = ( $post_type == 'post' ) ? _x('Article', 'extracoding uploader', 'uploader-plugin') : exc_to_text( str_replace( array('exc_', '_post'), '', $post_type ) );
1572 $icon = ( isset( $this->post_type_icons[ $post_type ] ) ) ? $this->post_type_icons[ $post_type ] : 'fa-file-text-o';
1573
1574 $allowed_post_types[] = array( 'label' => esc_html__( $label, 'uploader-plugin' ), 'type' => $post_type, 'icon' => $icon );
1575 }
1576
1577 return $allowed_post_types;
1578 }
1579
1580 public function content_filter( $content )
1581 {
1582 global $wp_query;
1583
1584 if ( ! ( $wp_query->is_main_query() && $wp_query->in_the_loop )
1585 || ! is_singular() )
1586 {
1587 return $content;
1588 }
1589
1590 if ( post_password_required() )
1591 {
1592 return $content;
1593 }
1594
1595 $post_id = get_the_ID();
1596
1597 $settings = get_post_meta( $post_id, 'mf_layout', TRUE );
1598
1599 $post_type = get_post_type();
1600
1601 // $content = get_the_post_thumbnail( $post_id, 'uploader-single-feauted-image' ) . $content;
1602
1603 $video_url = get_post_meta( $post_id, 'video_url', TRUE );
1604
1605 if ( $video_url ) {
1606 $content = wp_oembed_get( $video_url ) . $content;
1607 }
1608
1609 // OLD data support will be Depreciated in future
1610 if ( empty( $settings['post_attachments'] ) )
1611 {
1612 if ( 'exc_audio_post' == $post_type )
1613 {
1614 $content = $this->eXc->load('core/audio_class')->content_filter( $content );
1615
1616 } elseif ( 'exc_video_post' == $post_type )
1617 {
1618 $content = $this->eXc->load('core/video_class')->content_filter( $content );
1619 } elseif ( 'exc_image_post' == $post_type )
1620 {
1621 $content = $this->eXc->load('core/image_class')->content_filter( $content );
1622 }
1623
1624 return $content;
1625 }
1626
1627 // @TODO: cache the code and re-cache it only if the post is updated
1628
1629 // Validate Data
1630 $settings = $this->update_attachment_metadata( $settings );
1631
1632 // Attach Media
1633 foreach ( (array) $settings['post_attachments'] as $index => $attachment_data )
1634 {
1635 $media_type = exc_kv( $attachment_data, '_media_type' );
1636
1637 $settings['post_attachments'][ $index ]['attachment_html'] = '';
1638
1639 switch ( $media_type )
1640 {
1641 case "audio" :
1642 $settings['post_attachments'][ $index ]['attachment_html'] =
1643 wp_audio_shortcode(
1644 array(
1645 'src' => $attachment_data['_guid'],
1646 'autoplay' => false,
1647 'preload' => 'none'
1648 )
1649 );
1650 break;
1651
1652 case "video" :
1653 $settings['post_attachments'][ $index ]['attachment_html'] =
1654 wp_video_shortcode(
1655 array(
1656 'src' => $attachment_data['_guid'],
1657 'autoplay' => false,
1658 'width' => 980,
1659 'height' => 735,
1660 'preload' => 'none'
1661 )
1662 );
1663 break;
1664
1665 case "image" :
1666 // @TODO: give option in backend so user can select the image size
1667 $settings['post_attachments'][ $index ]['attachment_html'] = wp_get_attachment_image( $attachment_data['attachment_id'], 'full', false );
1668 break;
1669 case "video_playlist" :
1670 case "audio_playlist" :
1671
1672 if ( ! empty( $attachment_data['attachment_id'] ) )
1673 {
1674 $playlist_ids = implode( ', ', $attachment_data['attachment_id'] );
1675
1676 $type = ( $media_type == 'audio_playlist' ) ? 'audio' : 'video';
1677
1678 $settings['post_attachments'][ $index ]['attachment_html'] = $this->eXc->audio->skin_playlist( '[playlist type="' . $type . '" ids="' . $playlist_ids . '"]', array( 'ids' => $playlist_ids ), $playlist_ids );
1679 }
1680
1681 break;
1682
1683 case "default" :
1684 // Automatically unset unsupport format
1685 unset( $settings['post_attachments'][ $index ] );
1686 break;
1687 }
1688 }
1689
1690 $content .= exc_load_template( 'modules/content-attachments', array( 'attachments' => $settings['post_attachments'] ), TRUE );
1691
1692 return $content;
1693 }
1694
1695 private function rotation_fix( $uploaded_file )
1696 {
1697 $exif = read_exif_data( $uploaded_file['file'] );
1698
1699 //We're only interested in the orientation
1700 $exif_orientation = isset( $exif['Orientation'] ) ? $exif['Orientation'] : 0;
1701
1702 $rotateImage = 0;
1703
1704 if (6 == $exif_orientation) {
1705
1706 $rotateImage = 90;
1707 $imageOrientation = 1;
1708
1709 } elseif (3 == $exif_orientation) {
1710
1711 $rotateImage = 180;
1712 $imageOrientation = 1;
1713
1714 } elseif (8 == $exif_orientation) {
1715 $rotateImage = 270;
1716 $imageOrientation = 1;
1717 }
1718
1719 if ($rotateImage) {
1720
1721 if ( class_exists('Imagick') ) {
1722 $imagick = new Imagick();
1723 $imagick->readImage($uploaded_file['file']);
1724 $imagick->rotateImage(new ImagickPixel(), $rotateImage);
1725 $imagick->setImageOrientation($imageOrientation);
1726 $imagick->writeImage($uploaded_file['file']);
1727 $imagick->clear();
1728 $imagick->destroy();
1729
1730 } else {
1731
1732 $rotateImage = -$rotateImage;
1733
1734 switch ($uploaded_file['type']) {
1735
1736 case 'image/jpeg':
1737 $source = imagecreatefromjpeg($uploaded_file['file']);
1738 $rotate = imagerotate($source, $rotateImage, 0);
1739 imagejpeg($rotate, $uploaded_file['file']);
1740 break;
1741
1742 case 'image/png':
1743 $source = imagecreatefrompng($uploaded_file['file']);
1744 $rotate = imagerotate($source, $rotateImage, 0);
1745 imagepng($rotate, $uploaded_file['file']);
1746 break;
1747
1748 case 'image/gif':
1749 $source = imagecreatefromgif($uploaded_file['file']);
1750 $rotate = imagerotate($source, $rotateImage, 0);
1751 imagegif($rotate, $uploaded_file['file']);
1752 break;
1753
1754 }
1755 }
1756 }
1757 // The image orientation is fixed, pass it back for further processing
1758 return $uploaded_file;
1759 }
1760
1761 private function edit_page_custom_js()
1762 {
1763 return '
1764 $( document ).on("click", ".exc-clickable-wrapper > .exc-clickable", function(e){
1765 var $this = $( this ),
1766 mimeTypes = $this.data("mime-types"),
1767 uploadLimit = $this.data("upload-limit");
1768
1769 if ( mimeTypes.length ) {
1770
1771 var uploadBtn = $this.parents(".panel-body:first").find(".exc-media-uploader");
1772 uploadBtn.attr({"data-mime-types": mimeTypes, "data-upload-limit": uploadLimit });
1773
1774 uploadBtn.trigger( "change" );
1775 }
1776 });
1777
1778 $( document ).on("exc-dynamic-add_row", function( e, row ){
1779 row.find(".exc-clickable-wrapper > .exc-clickable").trigger("click");
1780 });
1781 ';
1782 }
1783 }
1784}