fork download
  1. <?php
  2. /**
  3.  * upload.php
  4.  *
  5.  * Copyright 2009, Moxiecode Systems AB
  6.  * Released under GPL License.
  7.  *
  8.  * License: http://www.plupload.com/license
  9.  * Contributing: http://www.plupload.com/contributing
  10.  */
  11.  
  12. // HTTP headers for no cache etc
  13. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  14. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  15. header("Cache-Control: no-store, no-cache, must-revalidate");
  16. header("Cache-Control: post-check=0, pre-check=0", false);
  17. header("Pragma: no-cache");
  18.  
  19. // Settings
  20. //$targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
  21. //$targetDir = 'uploads/';
  22.  
  23. $start_path = "../wp-load.php";
  24. $di=0;
  25. while(!file_exists($start_path) && $di < 12){
  26. $start_path = "../".$start_path;
  27. $di++;
  28. }
  29. if(!file_exists($start_path) || !@include( $start_path )) throw new Exception("Failed to include 'wp-load.php'");
  30. $upload_dir = wp_upload_dir();
  31. $targetDir = $upload_dir['path'].'/';
  32.  
  33. $cleanupTargetDir = true; // Remove old files
  34. $maxFileAge = 5 * 3600; // Temp file age in seconds
  35.  
  36. // 5 minutes execution time
  37. @set_time_limit(5 * 60);
  38.  
  39. // Uncomment this one to fake upload time
  40. // usleep(5000);
  41.  
  42. // Get parameters
  43. $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
  44. $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
  45. $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
  46.  
  47. // Clean the fileName for security reasons
  48. $fileName = preg_replace('/[^\w\._]+/', '_', $fileName);
  49.  
  50. // Make sure the fileName is unique but only if chunking is disabled
  51. if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
  52. $ext = strrpos($fileName, '.');
  53. $fileName_a = substr($fileName, 0, $ext);
  54. $fileName_b = substr($fileName, $ext);
  55.  
  56. $count = 1;
  57. while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b))
  58. $count++;
  59.  
  60. $fileName = $fileName_a . '_' . $count . $fileName_b;
  61. }
  62.  
  63. $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
  64.  
  65. // Create target dir
  66. if (!file_exists($targetDir))
  67. @mkdir($targetDir);
  68.  
  69. // Remove old temp files
  70. if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
  71. while (($file = readdir($dir)) !== false) {
  72. $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
  73.  
  74. // Remove temp file if it is older than the max age and is not the current file
  75. if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part")) {
  76. @unlink($tmpfilePath);
  77. }
  78. }
  79.  
  80. closedir($dir);
  81. } else
  82. die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
  83.  
  84.  
  85. // Look for the content type header
  86. if (isset($_SERVER["HTTP_CONTENT_TYPE"]))
  87. $contentType = $_SERVER["HTTP_CONTENT_TYPE"];
  88.  
  89. if (isset($_SERVER["CONTENT_TYPE"]))
  90. $contentType = $_SERVER["CONTENT_TYPE"];
  91.  
  92. // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
  93. if (strpos($contentType, "multipart") !== false) {
  94. if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
  95. // Open temp file
  96. $out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
  97. if ($out) {
  98. // Read binary input stream and append it to temp file
  99. $in = fopen($_FILES['file']['tmp_name'], "rb");
  100.  
  101. if ($in) {
  102. while ($buff = fread($in, 4096))
  103. fwrite($out, $buff);
  104. } else
  105. die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  106. fclose($in);
  107. fclose($out);
  108. @unlink($_FILES['file']['tmp_name']);
  109. } else
  110. die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
  111. } else
  112. die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
  113. } else {
  114. // Open temp file
  115. $out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
  116. if ($out) {
  117. // Read binary input stream and append it to temp file
  118. $in = fopen("php://input", "rb");
  119.  
  120. if ($in) {
  121. while ($buff = fread($in, 4096))
  122. fwrite($out, $buff);
  123. } else
  124. die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  125.  
  126. fclose($in);
  127. fclose($out);
  128. } else
  129. die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
  130. }
  131.  
  132. // Check if file has been uploaded
  133. if (!$chunks || $chunk == $chunks - 1) {
  134. // Strip the temp .part suffix off
  135. rename("{$filePath}.part", $filePath);
  136. }
  137.  
  138.  
  139. // Return JSON-RPC response
  140. die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
  141.  
  142. ?>
Runtime error #stdin #stdout 0.02s 13064KB
stdin
Standard input is empty
stdout
Fatal error: Uncaught exception 'Exception' with message 'Failed to include 'wp-load.php'' in /home/sAHBeS/prog.php:29
Stack trace:
#0 {main}
  thrown in /home/sAHBeS/prog.php on line 29