<?php
/**
* upload.php
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://w...content-available-to-author-only...d.com/license
* Contributing: http://w...content-available-to-author-only...d.com/contributing
*/
// HTTP headers for no cache etc
header ( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" ) ; header ( "Last-Modified: " . gmdate ( "D, d M Y H:i:s" ) . " GMT" ) ; header ( "Cache-Control: no-store, no-cache, must-revalidate" ) ; header ( "Cache-Control: post-check=0, pre-check=0" , false ) ;
// Settings
//$targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
//$targetDir = 'uploads/';
$start_path = "../wp-load.php" ;
$di = 0 ;
$start_path = "../" . $start_path ;
$di ++;
}
if ( ! file_exists ( $start_path ) || !@ include ( $start_path ) ) throw new Exception
( "Failed to include 'wp-load.php'" ) ; $upload_dir = wp_upload_dir( ) ;
$targetDir = $upload_dir [ 'path' ] . '/' ;
$cleanupTargetDir = true ; // Remove old files
$maxFileAge = 5 * 3600 ; // Temp file age in seconds
// 5 minutes execution time
// Uncomment this one to fake upload time
// usleep(5000);
// Get parameters
$chunk = isset ( $_REQUEST [ "chunk" ] ) ?
intval ( $_REQUEST [ "chunk" ] ) : 0 ; $chunks = isset ( $_REQUEST [ "chunks" ] ) ?
intval ( $_REQUEST [ "chunks" ] ) : 0 ; $fileName = isset ( $_REQUEST [ "name" ] ) ?
$_REQUEST [ "name" ] : '' ;
// Clean the fileName for security reasons
// Make sure the fileName is unique but only if chunking is disabled
if ( $chunks < 2 && file_exists ( $targetDir . DIRECTORY_SEPARATOR . $fileName ) ) { $fileName_a = substr ( $fileName , 0 , $ext ) ; $fileName_b = substr ( $fileName , $ext ) ;
$count = 1 ;
while ( file_exists ( $targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b ) ) $count ++;
$fileName = $fileName_a . '_' . $count . $fileName_b ;
}
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName ;
// Create target dir
// Remove old temp files
if ( $cleanupTargetDir && is_dir ( $targetDir ) && ( $dir = opendir ( $targetDir ) ) ) { while ( ( $file = readdir ( $dir ) ) !== false ) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file ;
// Remove temp file if it is older than the max age and is not the current file
if ( preg_match ( '/\.part$/' , $file ) && ( filemtime ( $tmpfilePath ) < time ( ) - $maxFileAge ) && ( $tmpfilePath != "{$filePath} .part" ) ) { }
}
} else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}' ) ;
// Look for the content type header
if ( isset ( $_SERVER [ "HTTP_CONTENT_TYPE" ] ) ) $contentType = $_SERVER [ "HTTP_CONTENT_TYPE" ] ;
if ( isset ( $_SERVER [ "CONTENT_TYPE" ] ) ) $contentType = $_SERVER [ "CONTENT_TYPE" ] ;
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if ( strpos ( $contentType , "multipart" ) !== false ) { // Open temp file
$out = fopen ( "{$filePath} .part" , $chunk == 0 ?
"wb" : "ab" ) ; if ( $out ) {
// Read binary input stream and append it to temp file
$in = fopen ( $_FILES [ 'file' ] [ 'tmp_name' ] , "rb" ) ;
if ( $in ) {
while ( $buff = fread ( $in , 4096 ) ) } else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ) ; @ unlink ( $_FILES [ 'file' ] [ 'tmp_name' ] ) ; } else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ) ; } else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}' ) ; } else {
// Open temp file
$out = fopen ( "{$filePath} .part" , $chunk == 0 ?
"wb" : "ab" ) ; if ( $out ) {
// Read binary input stream and append it to temp file
$in = fopen ( "php://input" , "rb" ) ;
if ( $in ) {
while ( $buff = fread ( $in , 4096 ) ) } else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}' ) ;
} else
die ( '{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}' ) ; }
// Check if file has been uploaded
if ( ! $chunks || $chunk == $chunks - 1 ) {
// Strip the temp .part suffix off
rename ( "{$filePath} .part" , $filePath ) ; }
// Return JSON-RPC response
die ( '{"jsonrpc" : "2.0", "result" : null, "id" : "id"}' ) ;
?>
PD9waHAgCi8qKgogKiB1cGxvYWQucGhwCiAqCiAqIENvcHlyaWdodCAyMDA5LCBNb3hpZWNvZGUgU3lzdGVtcyBBQgogKiBSZWxlYXNlZCB1bmRlciBHUEwgTGljZW5zZS4KICoKICogTGljZW5zZTogaHR0cDovL3cuLi5jb250ZW50LWF2YWlsYWJsZS10by1hdXRob3Itb25seS4uLmQuY29tL2xpY2Vuc2UKICogQ29udHJpYnV0aW5nOiBodHRwOi8vdy4uLmNvbnRlbnQtYXZhaWxhYmxlLXRvLWF1dGhvci1vbmx5Li4uZC5jb20vY29udHJpYnV0aW5nCiAqLwoKLy8gSFRUUCBoZWFkZXJzIGZvciBubyBjYWNoZSBldGMKaGVhZGVyKCJFeHBpcmVzOiBNb24sIDI2IEp1bCAxOTk3IDA1OjAwOjAwIEdNVCIpOwpoZWFkZXIoIkxhc3QtTW9kaWZpZWQ6ICIgLiBnbWRhdGUoIkQsIGQgTSBZIEg6aTpzIikgLiAiIEdNVCIpOwpoZWFkZXIoIkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlLCBuby1jYWNoZSwgbXVzdC1yZXZhbGlkYXRlIik7CmhlYWRlcigiQ2FjaGUtQ29udHJvbDogcG9zdC1jaGVjaz0wLCBwcmUtY2hlY2s9MCIsIGZhbHNlKTsKaGVhZGVyKCJQcmFnbWE6IG5vLWNhY2hlIik7CgovLyBTZXR0aW5ncwovLyR0YXJnZXREaXIgPSBpbmlfZ2V0KCJ1cGxvYWRfdG1wX2RpciIpIC4gRElSRUNUT1JZX1NFUEFSQVRPUiAuICJwbHVwbG9hZCI7Ci8vJHRhcmdldERpciA9ICd1cGxvYWRzLyc7Cgokc3RhcnRfcGF0aCA9ICIuLi93cC1sb2FkLnBocCI7CiRkaT0wOwp3aGlsZSghZmlsZV9leGlzdHMoJHN0YXJ0X3BhdGgpICYmICRkaSA8IDEyKXsKCSRzdGFydF9wYXRoID0gIi4uLyIuJHN0YXJ0X3BhdGg7CgkkZGkrKzsKfQppZighZmlsZV9leGlzdHMoJHN0YXJ0X3BhdGgpIHx8ICFAaW5jbHVkZSggJHN0YXJ0X3BhdGggKSkgdGhyb3cgbmV3IEV4Y2VwdGlvbigiRmFpbGVkIHRvIGluY2x1ZGUgJ3dwLWxvYWQucGhwJyIpOwokdXBsb2FkX2RpciA9IHdwX3VwbG9hZF9kaXIoKTsKJHRhcmdldERpciA9ICR1cGxvYWRfZGlyWydwYXRoJ10uJy8nOwoKJGNsZWFudXBUYXJnZXREaXIgPSB0cnVlOyAvLyBSZW1vdmUgb2xkIGZpbGVzCiRtYXhGaWxlQWdlID0gNSAqIDM2MDA7IC8vIFRlbXAgZmlsZSBhZ2UgaW4gc2Vjb25kcwoKLy8gNSBtaW51dGVzIGV4ZWN1dGlvbiB0aW1lCkBzZXRfdGltZV9saW1pdCg1ICogNjApOwoKLy8gVW5jb21tZW50IHRoaXMgb25lIHRvIGZha2UgdXBsb2FkIHRpbWUKLy8gdXNsZWVwKDUwMDApOwoKLy8gR2V0IHBhcmFtZXRlcnMKJGNodW5rID0gaXNzZXQoJF9SRVFVRVNUWyJjaHVuayJdKSA/IGludHZhbCgkX1JFUVVFU1RbImNodW5rIl0pIDogMDsKJGNodW5rcyA9IGlzc2V0KCRfUkVRVUVTVFsiY2h1bmtzIl0pID8gaW50dmFsKCRfUkVRVUVTVFsiY2h1bmtzIl0pIDogMDsKJGZpbGVOYW1lID0gaXNzZXQoJF9SRVFVRVNUWyJuYW1lIl0pID8gJF9SRVFVRVNUWyJuYW1lIl0gOiAnJzsKCi8vIENsZWFuIHRoZSBmaWxlTmFtZSBmb3Igc2VjdXJpdHkgcmVhc29ucwokZmlsZU5hbWUgPSBwcmVnX3JlcGxhY2UoJy9bXlx3XC5fXSsvJywgJ18nLCAkZmlsZU5hbWUpOwoKLy8gTWFrZSBzdXJlIHRoZSBmaWxlTmFtZSBpcyB1bmlxdWUgYnV0IG9ubHkgaWYgY2h1bmtpbmcgaXMgZGlzYWJsZWQKaWYgKCRjaHVua3MgPCAyICYmIGZpbGVfZXhpc3RzKCR0YXJnZXREaXIgLiBESVJFQ1RPUllfU0VQQVJBVE9SIC4gJGZpbGVOYW1lKSkgewoJJGV4dCA9IHN0cnJwb3MoJGZpbGVOYW1lLCAnLicpOwoJJGZpbGVOYW1lX2EgPSBzdWJzdHIoJGZpbGVOYW1lLCAwLCAkZXh0KTsKCSRmaWxlTmFtZV9iID0gc3Vic3RyKCRmaWxlTmFtZSwgJGV4dCk7CgoJJGNvdW50ID0gMTsKCXdoaWxlIChmaWxlX2V4aXN0cygkdGFyZ2V0RGlyIC4gRElSRUNUT1JZX1NFUEFSQVRPUiAuICRmaWxlTmFtZV9hIC4gJ18nIC4gJGNvdW50IC4gJGZpbGVOYW1lX2IpKQoJCSRjb3VudCsrOwoKCSRmaWxlTmFtZSA9ICRmaWxlTmFtZV9hIC4gJ18nIC4gJGNvdW50IC4gJGZpbGVOYW1lX2I7Cn0KCiRmaWxlUGF0aCA9ICR0YXJnZXREaXIgLiBESVJFQ1RPUllfU0VQQVJBVE9SIC4gJGZpbGVOYW1lOwoKLy8gQ3JlYXRlIHRhcmdldCBkaXIKaWYgKCFmaWxlX2V4aXN0cygkdGFyZ2V0RGlyKSkKCUBta2RpcigkdGFyZ2V0RGlyKTsKCi8vIFJlbW92ZSBvbGQgdGVtcCBmaWxlcwkKaWYgKCRjbGVhbnVwVGFyZ2V0RGlyICYmIGlzX2RpcigkdGFyZ2V0RGlyKSAmJiAoJGRpciA9IG9wZW5kaXIoJHRhcmdldERpcikpKSB7Cgl3aGlsZSAoKCRmaWxlID0gcmVhZGRpcigkZGlyKSkgIT09IGZhbHNlKSB7CgkJJHRtcGZpbGVQYXRoID0gJHRhcmdldERpciAuIERJUkVDVE9SWV9TRVBBUkFUT1IgLiAkZmlsZTsKCgkJLy8gUmVtb3ZlIHRlbXAgZmlsZSBpZiBpdCBpcyBvbGRlciB0aGFuIHRoZSBtYXggYWdlIGFuZCBpcyBub3QgdGhlIGN1cnJlbnQgZmlsZQoJCWlmIChwcmVnX21hdGNoKCcvXC5wYXJ0JC8nLCAkZmlsZSkgJiYgKGZpbGVtdGltZSgkdG1wZmlsZVBhdGgpIDwgdGltZSgpIC0gJG1heEZpbGVBZ2UpICYmICgkdG1wZmlsZVBhdGggIT0gInskZmlsZVBhdGh9LnBhcnQiKSkgewoJCQlAdW5saW5rKCR0bXBmaWxlUGF0aCk7CgkJfQoJfQoKCWNsb3NlZGlyKCRkaXIpOwp9IGVsc2UKCWRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAiZXJyb3IiIDogeyJjb2RlIjogMTAwLCAibWVzc2FnZSI6ICJGYWlsZWQgdG8gb3BlbiB0ZW1wIGRpcmVjdG9yeS4ifSwgImlkIiA6ICJpZCJ9Jyk7CgkKCi8vIExvb2sgZm9yIHRoZSBjb250ZW50IHR5cGUgaGVhZGVyCmlmIChpc3NldCgkX1NFUlZFUlsiSFRUUF9DT05URU5UX1RZUEUiXSkpCgkkY29udGVudFR5cGUgPSAkX1NFUlZFUlsiSFRUUF9DT05URU5UX1RZUEUiXTsKCmlmIChpc3NldCgkX1NFUlZFUlsiQ09OVEVOVF9UWVBFIl0pKQoJJGNvbnRlbnRUeXBlID0gJF9TRVJWRVJbIkNPTlRFTlRfVFlQRSJdOwoKLy8gSGFuZGxlIG5vbiBtdWx0aXBhcnQgdXBsb2FkcyBvbGRlciBXZWJLaXQgdmVyc2lvbnMgZGlkbid0IHN1cHBvcnQgbXVsdGlwYXJ0IGluIEhUTUw1CmlmIChzdHJwb3MoJGNvbnRlbnRUeXBlLCAibXVsdGlwYXJ0IikgIT09IGZhbHNlKSB7CglpZiAoaXNzZXQoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddKSAmJiBpc191cGxvYWRlZF9maWxlKCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSkpIHsKCQkvLyBPcGVuIHRlbXAgZmlsZQoJCSRvdXQgPSBmb3BlbigieyRmaWxlUGF0aH0ucGFydCIsICRjaHVuayA9PSAwID8gIndiIiA6ICJhYiIpOwoJCWlmICgkb3V0KSB7CgkJCS8vIFJlYWQgYmluYXJ5IGlucHV0IHN0cmVhbSBhbmQgYXBwZW5kIGl0IHRvIHRlbXAgZmlsZQoJCQkkaW4gPSBmb3BlbigkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICJyYiIpOwoKCQkJaWYgKCRpbikgewoJCQkJd2hpbGUgKCRidWZmID0gZnJlYWQoJGluLCA0MDk2KSkKCQkJCQlmd3JpdGUoJG91dCwgJGJ1ZmYpOwoJCQl9IGVsc2UKCQkJCWRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAiZXJyb3IiIDogeyJjb2RlIjogMTAxLCAibWVzc2FnZSI6ICJGYWlsZWQgdG8gb3BlbiBpbnB1dCBzdHJlYW0uIn0sICJpZCIgOiAiaWQifScpOwoJCQlmY2xvc2UoJGluKTsKCQkJZmNsb3NlKCRvdXQpOwoJCQlAdW5saW5rKCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSk7CgkJfSBlbHNlCgkJCWRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAiZXJyb3IiIDogeyJjb2RlIjogMTAyLCAibWVzc2FnZSI6ICJGYWlsZWQgdG8gb3BlbiBvdXRwdXQgc3RyZWFtLiJ9LCAiaWQiIDogImlkIn0nKTsKCX0gZWxzZQoJCWRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAiZXJyb3IiIDogeyJjb2RlIjogMTAzLCAibWVzc2FnZSI6ICJGYWlsZWQgdG8gbW92ZSB1cGxvYWRlZCBmaWxlLiJ9LCAiaWQiIDogImlkIn0nKTsKfSBlbHNlIHsKCS8vIE9wZW4gdGVtcCBmaWxlCgkkb3V0ID0gZm9wZW4oInskZmlsZVBhdGh9LnBhcnQiLCAkY2h1bmsgPT0gMCA/ICJ3YiIgOiAiYWIiKTsKCWlmICgkb3V0KSB7CgkJLy8gUmVhZCBiaW5hcnkgaW5wdXQgc3RyZWFtIGFuZCBhcHBlbmQgaXQgdG8gdGVtcCBmaWxlCgkJJGluID0gZm9wZW4oInBocDovL2lucHV0IiwgInJiIik7CgoJCWlmICgkaW4pIHsKCQkJd2hpbGUgKCRidWZmID0gZnJlYWQoJGluLCA0MDk2KSkKCQkJCWZ3cml0ZSgkb3V0LCAkYnVmZik7CgkJfSBlbHNlCgkJCWRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAiZXJyb3IiIDogeyJjb2RlIjogMTAxLCAibWVzc2FnZSI6ICJGYWlsZWQgdG8gb3BlbiBpbnB1dCBzdHJlYW0uIn0sICJpZCIgOiAiaWQifScpOwoKCQlmY2xvc2UoJGluKTsKCQlmY2xvc2UoJG91dCk7Cgl9IGVsc2UKCQlkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMiwgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG9wZW4gb3V0cHV0IHN0cmVhbS4ifSwgImlkIiA6ICJpZCJ9Jyk7Cn0KCi8vIENoZWNrIGlmIGZpbGUgaGFzIGJlZW4gdXBsb2FkZWQKaWYgKCEkY2h1bmtzIHx8ICRjaHVuayA9PSAkY2h1bmtzIC0gMSkgewoJLy8gU3RyaXAgdGhlIHRlbXAgLnBhcnQgc3VmZml4IG9mZiAKCXJlbmFtZSgieyRmaWxlUGF0aH0ucGFydCIsICRmaWxlUGF0aCk7Cn0KCgovLyBSZXR1cm4gSlNPTi1SUEMgcmVzcG9uc2UKZGllKCd7Impzb25ycGMiIDogIjIuMCIsICJyZXN1bHQiIDogbnVsbCwgImlkIiA6ICJpZCJ9Jyk7Cgo/Pg==