[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Upgrade API: File_Upload_Upgrader class
   4   *
   5   * @package WordPress
   6   * @subpackage Upgrader
   7   * @since 4.6.0
   8   */
   9  
  10  /**
  11   * Core class used for handling file uploads.
  12   *
  13   * This class handles the upload process and passes it as if it's a local file
  14   * to the Upgrade/Installer functions.
  15   *
  16   * @since 2.8.0
  17   * @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
  18   */
  19  #[AllowDynamicProperties]
  20  class File_Upload_Upgrader {
  21  
  22      /**
  23       * The full path to the file package.
  24       *
  25       * @since 2.8.0
  26       * @var string $package
  27       */
  28      public $package;
  29  
  30      /**
  31       * The name of the file.
  32       *
  33       * @since 2.8.0
  34       * @var string $filename
  35       */
  36      public $filename;
  37  
  38      /**
  39       * The ID of the attachment post for this file.
  40       *
  41       * @since 3.3.0
  42       * @var int $id
  43       */
  44      public $id = 0;
  45  
  46      /**
  47       * Construct the upgrader for a form.
  48       *
  49       * @since 2.8.0
  50       *
  51       * @param string $form      The name of the form the file was uploaded from.
  52       * @param string $urlholder The name of the `GET` parameter that holds the filename.
  53       */
  54  	public function __construct( $form, $urlholder ) {
  55  
  56          if ( empty( $_FILES[ $form ]['name'] ) && empty( $_GET[ $urlholder ] ) ) {
  57              wp_die( __( 'Please select a file' ) );
  58          }
  59  
  60          // Handle a newly uploaded file. Else, assume it's already been uploaded.
  61          if ( ! empty( $_FILES ) ) {
  62              $overrides = array(
  63                  'test_form' => false,
  64                  'test_type' => false,
  65              );
  66              $file      = wp_handle_upload( $_FILES[ $form ], $overrides );
  67  
  68              if ( isset( $file['error'] ) ) {
  69                  wp_die( $file['error'] );
  70              }
  71  
  72              if ( 'pluginzip' === $form || 'themezip' === $form ) {
  73                  if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
  74                      wp_delete_file( $file['file'] );
  75  
  76                      if ( 'pluginzip' === $form ) {
  77                          $plugins_page = sprintf(
  78                              '<a href="%s">%s</a>',
  79                              self_admin_url( 'plugin-install.php' ),
  80                              __( 'Return to the Plugin Installer' )
  81                          );
  82                          wp_die( __( 'Incompatible Archive.' ) . '<br />' . $plugins_page );
  83                      }
  84  
  85                      if ( 'themezip' === $form ) {
  86                          $themes_page = sprintf(
  87                              '<a href="%s" target="_parent">%s</a>',
  88                              self_admin_url( 'theme-install.php' ),
  89                              __( 'Return to the Theme Installer' )
  90                          );
  91                          wp_die( __( 'Incompatible Archive.' ) . '<br />' . $themes_page );
  92                      }
  93                  }
  94              }
  95  
  96              $this->filename = $_FILES[ $form ]['name'];
  97              $this->package  = $file['file'];
  98  
  99              // Construct the attachment array.
 100              $attachment = array(
 101                  'post_title'     => $this->filename,
 102                  'post_content'   => $file['url'],
 103                  'post_mime_type' => $file['type'],
 104                  'guid'           => $file['url'],
 105                  'context'        => 'upgrader',
 106                  'post_status'    => 'private',
 107              );
 108  
 109              // Save the data.
 110              $this->id = wp_insert_attachment( $attachment, $file['file'] );
 111  
 112              // Schedule a cleanup for 2 hours from now in case of failed installation.
 113              wp_schedule_single_event( time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array( $this->id ) );
 114  
 115          } elseif ( is_numeric( $_GET[ $urlholder ] ) ) {
 116              // Numeric Package = previously uploaded file, see above.
 117              $this->id   = (int) $_GET[ $urlholder ];
 118              $attachment = get_post( $this->id );
 119              if ( empty( $attachment ) ) {
 120                  wp_die( __( 'Please select a file' ) );
 121              }
 122  
 123              $this->filename = $attachment->post_title;
 124              $this->package  = get_attached_file( $attachment->ID );
 125          } else {
 126              // Else, It's set to something, Back compat for plugins using the old (pre-3.3) File_Uploader handler.
 127              $uploads = wp_upload_dir();
 128              if ( ! ( $uploads && false === $uploads['error'] ) ) {
 129                  wp_die( $uploads['error'] );
 130              }
 131  
 132              $this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 133              $this->package  = $uploads['basedir'] . '/' . $this->filename;
 134  
 135              if ( ! str_starts_with( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
 136                  wp_die( __( 'Please select a file' ) );
 137              }
 138          }
 139      }
 140  
 141      /**
 142       * Deletes the attachment/uploaded file.
 143       *
 144       * @since 3.2.2
 145       *
 146       * @return bool Whether the cleanup was successful.
 147       */
 148  	public function cleanup() {
 149          if ( $this->id ) {
 150              wp_delete_attachment( $this->id );
 151  
 152          } elseif ( file_exists( $this->package ) ) {
 153              return @unlink( $this->package );
 154          }
 155  
 156          return true;
 157      }
 158  }