13 if ( ! defined( 'WP_ADMIN' ) ) { |
13 if ( ! defined( 'WP_ADMIN' ) ) { |
14 define( 'WP_ADMIN', true ); |
14 define( 'WP_ADMIN', true ); |
15 } |
15 } |
16 |
16 |
17 if ( defined( 'ABSPATH' ) ) { |
17 if ( defined( 'ABSPATH' ) ) { |
18 require_once( ABSPATH . 'wp-load.php' ); |
18 require_once ABSPATH . 'wp-load.php'; |
19 } else { |
19 } else { |
20 require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); |
20 require_once dirname( __DIR__ ) . '/wp-load.php'; |
21 } |
21 } |
22 |
22 |
23 require_once( ABSPATH . 'wp-admin/admin.php' ); |
23 require_once ABSPATH . 'wp-admin/admin.php'; |
24 |
24 |
25 header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) ); |
25 header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) ); |
26 |
26 |
27 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { |
27 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { |
28 include( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); |
28 require ABSPATH . 'wp-admin/includes/ajax-actions.php'; |
29 |
29 |
30 send_nosniff_header(); |
30 send_nosniff_header(); |
31 nocache_headers(); |
31 nocache_headers(); |
32 |
32 |
33 wp_ajax_upload_attachment(); |
33 wp_ajax_upload_attachment(); |
36 |
36 |
37 if ( ! current_user_can( 'upload_files' ) ) { |
37 if ( ! current_user_can( 'upload_files' ) ) { |
38 wp_die( __( 'Sorry, you are not allowed to upload files.' ) ); |
38 wp_die( __( 'Sorry, you are not allowed to upload files.' ) ); |
39 } |
39 } |
40 |
40 |
41 // just fetch the detail form for that attachment |
41 // Just fetch the detail form for that attachment. |
42 if ( isset( $_REQUEST['attachment_id'] ) && ( $id = intval( $_REQUEST['attachment_id'] ) ) && $_REQUEST['fetch'] ) { |
42 if ( isset( $_REQUEST['attachment_id'] ) && intval( $_REQUEST['attachment_id'] ) && $_REQUEST['fetch'] ) { |
|
43 $id = intval( $_REQUEST['attachment_id'] ); |
43 $post = get_post( $id ); |
44 $post = get_post( $id ); |
44 if ( 'attachment' != $post->post_type ) { |
45 if ( 'attachment' !== $post->post_type ) { |
45 wp_die( __( 'Invalid post type.' ) ); |
46 wp_die( __( 'Invalid post type.' ) ); |
46 } |
|
47 if ( ! current_user_can( 'edit_post', $id ) ) { |
|
48 wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); |
|
49 } |
47 } |
50 |
48 |
51 switch ( $_REQUEST['fetch'] ) { |
49 switch ( $_REQUEST['fetch'] ) { |
52 case 3: |
50 case 3: |
53 if ( $thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true ) ) { |
51 $thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true ); |
|
52 if ( $thumb_url ) { |
54 echo '<img class="pinkynail" src="' . esc_url( $thumb_url[0] ) . '" alt="" />'; |
53 echo '<img class="pinkynail" src="' . esc_url( $thumb_url[0] ) . '" alt="" />'; |
55 } |
54 } |
56 echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>'; |
55 if ( current_user_can( 'edit_post', $id ) ) { |
|
56 echo '<a class="edit-attachment" href="' . esc_url( get_edit_post_link( $id ) ) . '" target="_blank">' . _x( 'Edit', 'media item' ) . '</a>'; |
|
57 } else { |
|
58 echo '<span class="edit-attachment">' . _x( 'Success', 'media item' ) . '</span>'; |
|
59 } |
57 |
60 |
58 // Title shouldn't ever be empty, but use filename just in case. |
61 // Title shouldn't ever be empty, but use filename just in case. |
59 $file = get_attached_file( $post->ID ); |
62 $file = get_attached_file( $post->ID ); |
60 $title = $post->post_title ? $post->post_title : wp_basename( $file ); |
63 $title = $post->post_title ? $post->post_title : wp_basename( $file ); |
61 echo '<div class="filename new"><span class="title">' . esc_html( wp_html_excerpt( $title, 60, '…' ) ) . '</span></div>'; |
64 echo '<div class="filename new"><span class="title">' . esc_html( wp_html_excerpt( $title, 60, '…' ) ) . '</span></div>'; |
88 } |
91 } |
89 } |
92 } |
90 |
93 |
91 $id = media_handle_upload( 'async-upload', $post_id ); |
94 $id = media_handle_upload( 'async-upload', $post_id ); |
92 if ( is_wp_error( $id ) ) { |
95 if ( is_wp_error( $id ) ) { |
93 echo '<div class="error-div error"> |
96 printf( |
94 <button type="button" class="dismiss button-link" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __( 'Dismiss' ) . '</button> |
97 '<div class="error-div error">%s <strong>%s</strong><br />%s</div>', |
95 <strong>' . sprintf( __( '“%s” has failed to upload.' ), esc_html( $_FILES['async-upload']['name'] ) ) . '</strong><br />' . |
98 sprintf( |
96 esc_html( $id->get_error_message() ) . '</div>'; |
99 '<button type="button" class="dismiss button-link" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">%s</button>', |
|
100 __( 'Dismiss' ) |
|
101 ), |
|
102 sprintf( |
|
103 /* translators: %s: Name of the file that failed to upload. */ |
|
104 __( '“%s” has failed to upload.' ), |
|
105 esc_html( $_FILES['async-upload']['name'] ) |
|
106 ), |
|
107 esc_html( $id->get_error_message() ) |
|
108 ); |
97 exit; |
109 exit; |
98 } |
110 } |
99 |
111 |
100 if ( $_REQUEST['short'] ) { |
112 if ( $_REQUEST['short'] ) { |
101 // Short form response - attachment ID only. |
113 // Short form response - attachment ID only. |
102 echo $id; |
114 echo $id; |
103 } else { |
115 } else { |
104 // Long form response - big chunk of html. |
116 // Long form response - big chunk of HTML. |
105 $type = $_REQUEST['type']; |
117 $type = $_REQUEST['type']; |
106 |
118 |
107 /** |
119 /** |
108 * Filters the returned ID of an uploaded attachment. |
120 * Filters the returned ID of an uploaded attachment. |
109 * |
121 * |