'; $type_arrow = ''; } else { if ($sort_dir == 'asc') { $type_sort_dir = 'desc'; } else { $type_sort_dir = 'asc'; } $name_sort_dir = 'asc'; $name_arrow = ''; $type_arrow = ''; } // make sure its not possible to put anything malicious in the return function if (isset ($_REQUEST['return_function'])) { if (wp_return_function_ok($_REQUEST['return_function'])) { $return_function = $_REQUEST['return_function']; } else { $return_function = ''; } } else { $return_function = ''; } // init variables $message = ''; $name2 = ''; $width = ''; $height = ''; $fsize = ''; //get the folder for us to look inside, we'll also check that there are no ./ or ../ so that we are only ever looking at folders below the $web_directory, I'm sure there is a more secure way to do this? if (isset ($_GET['folder']) ? $_GET['folder'] : '') { if (wp_dir_name_ok($_GET['folder'])) { $directory = $file_directory.$_GET['folder']; $folderpath = $_GET['folder']; } else { $directory = $file_directory; $folderpath = ''; } } elseif (isset ($_POST['folder']) ? $_POST['folder'] : '') { if (wp_dir_name_ok($_POST['folder'])) { $directory = $file_directory.$_POST['folder']; $folderpath = $_POST['folder']; } else { $directory = $file_directory; $folderpath = ''; } } else { $directory = $file_directory; $folderpath = ''; } // check that it exists if (!file_exists ($directory)) { image_exit('Warning: this directory does not exist: '.$directory.'. Check that you have set IMAGE_FILE_DIRECTORY correctly in config.php. If you are using the set_img_dir function check that the you have set the $trusted_directories array correctly.'); } if ($folderpath != '') { if (substr ($folderpath, strlen ($folderpath) - 1) != '/') { $folderpath.='/'; } } if (substr ($directory, strlen ($directory) - 1) != '/') { $directory.='/'; } // query strings $query_string = '?in_wp='.$in_wp.'&return_function='.$return_function.'&lang='.$lang_include.'&folder='.$folderpath.'&instance_img_dir='.$instance_img_dir.'&sort_by='.$sort_by.'&sort_dir='.$sort_dir; $query_inputs = ' '; /////////////////// // Functions ... // /////////////////// function image_exit($message) { global $lang; echo ' '.$lang['titles']['image'].' '; ?> '.$message.' '; exit; } function display_folders () { global $directory, $folderpath, $lang, $count, $query_string, $rename_directories, $delete_directories, $web_directory, $rename_files, $delete_files, $sort_by, $sort_dir; // build array of data, sort the array, loop through building the list $folderlist = wp_get_folders_in_directory($directory, $sort_by, $sort_dir); $str = ''; $num = count($folderlist); for ($i=0; $i<$num; $i++) { $foldername = $folderlist[$i]['name']; if (!wp_dir_name_ok($foldername)) { continue; } $count += 1; $str .= "

"; if ($rename_directories) { $str .= "\"\" ";} else { $str .= " "; } $str .= "

"; if ($delete_directories) { $str .= "\"\"";} else { $str .= " "; } $str .= "

"; } echo $str; } function display_files () { global $directory, $folderpath, $lang, $count, $query_string, $rename_directories, $delete_directories, $web_directory, $rename_files, $delete_files, $sort_by, $sort_dir; global $image_types; // build array of data, sort the array, loop through building the list $filelist = wp_get_files_in_directory($directory, $sort_by, $sort_dir, $image_types); $str = ''; $num = count($filelist); for ($i=0; $i<$num; $i++) { $filename = $filelist[$i]['name']; if (!wp_file_name_ok($filename)) { continue; } $fsize = wp_filesize($directory.$filename); $extension = strrchr(strtolower($filename),'.'); $icon = $filelist[$i]['icon']; $filetype = $filelist[$i]['type']; $preview = $filelist[$i]['preview']; list ($width, $height) = @getimagesize($directory.$filename); $count += 1; $str .= "

\"\"$filename

$filetype

"; if ($rename_files) { $str .= ("\"\" ");} else { $str .= " "; } $str .= "

"; if ($delete_files) { $str .= "\"\"";} else { $str .= " "; } $str .= "

"; } if ($count ==0) { $str .= ''.$lang['no_files'].''; } echo $str; } //////////////// // actions... // //////////////// if ((isset ($_GET['file']) ? $_GET['file'] : '') && (wp_file_name_ok($_GET['file']))) { if (isset ($_GET['action']) ? $_GET['action'] : '') { // delete file or directory if (($_GET['action']=='delete') && ($delete_files)) { if (@wp_delete_file($directory.$_GET['file'])) { $message='

'.wp_var_replace($lang['file_deleted'], array('file'=>$_GET['file'], 'folder' => $web_directory.$folderpath)).'

'; } else { image_exit ('

 

'.wp_var_replace($lang['cannot_delete'], array('file'=>$_GET['file'])).' '.$lang['check_directory_permission'].'

'); } } // rename if (($_GET['action']=='rename') && ($rename_files || $rename_directories) && (!isset($_GET['name']))) { $filename = str_replace(strrchr($_GET['file'],'.'), '', $_GET['file']); image_exit ('

 

'.wp_var_replace($lang['enter_new_filename'],array('file'=>$_GET['file'])).'

'.strrchr($_GET['file'],'.').'

'.$query_inputs.'  

'); } if (($_GET['action']=='rename') && ($rename_files || $rename_directories) && (isset($_GET['name']) ? $_GET['name'] : '')) { if (!wp_file_name_ok($_GET['name'])) { image_exit ('

 

'.$lang['bad_file_name'].'

'); } elseif (file_exists ($directory.$_GET['name'].strrchr($_GET['file'],'.'))) { image_exit ('

 

'.$lang['file_already_exists'].'

'); } elseif (@rename($directory.$_GET['file'], $directory.$_GET['name'].strrchr($_GET['file'],'.'))) { $message='

'.wp_var_replace($lang['file_renamed'],array('file'=>$_GET['file'],'name'=>$_GET['name'].strrchr($_GET['file'],'.'))).'

'; } else { image_exit ('

 

'.wp_var_replace($lang['could_not_rename'],array('file'=>$_GET['file'],'name'=>$_GET['name'].strrchr($_GET['file'],'.'))).' '.$lang['check_directory_permission'].'

'); } } } } if (isset ($_GET['action']) ? $_GET['action'] : '') { // create directory if (($_GET['action']=='create_dir') && ($create_directories) && (!isset($_GET['dir_name']))) { image_exit('

 

'.$lang['enter_dirname_for_new_dir'].'

'.$query_inputs.'  

'); } if (($_GET['action']=='create_dir') && ($create_directories) && (isset($_GET['dir_name']) ? $_GET['dir_name'] : '')) { if (!wp_file_name_ok($_GET['dir_name'])) { image_exit ('

 

'.$lang['bad_file_name'].'

'); } else if (file_exists($directory.$_GET['dir_name'])) { image_exit ('

 

'.$lang['file_already_exists'].'

'); } elseif (@wp_create_dir($directory.$_GET['dir_name'])) { $message='

'.wp_var_replace($lang['file_created'],array('file'=>$_GET['dir_name'],'folder'=>$web_directory.$folderpath)).'

'; } else { image_exit ('

 

'.$lang['dir_not_created'].' '.$lang['check_directory_permission'].'

'); } } } if ((isset($_POST['ok_to_overwrite']) ? $_POST['ok_to_overwrite'] : '') && ($overwrite)) { if (($_POST['ok_to_overwrite'] == $lang['yes']) && (isset($_POST['image_field']) ? $_POST['image_field'] : '') && (wp_file_name_ok($_POST['image_field']))) { if (is_file($directory.$_POST['image_field'])) { wp_delete_file($directory.$_POST['image_field']); if (rename($directory.$_POST['image_field'].'.TEMP', $directory.$_POST['image_field'])) { $message= '

'.$lang['file_uploaded1'].'

'; } else { wp_delete_file($directory.$_POST['image_field'].'.TEMP'); image_exit ('

 

'.$lang['upload_failed'].' '.$lang['check_directory_permission'].'

'); } } else { wp_delete_file($directory.$_POST['image_field'].'.TEMP'); image_exit ('

 

'.$lang['dir_exists'].'

'); } } elseif ($_POST['ok_to_overwrite'] == $lang['cancel']) { wp_delete_file($directory.$_POST['image_field'].'.TEMP'); } else { $message.= '

'.$lang['copy_error'].'

'; } } // upload files if (isset($_FILES['image_field']) ? $_FILES['image_field'] : '') { if (is_uploaded_file($_FILES['image_field']['tmp_name'])) { $extension = strrchr(strtolower($_FILES['image_field']['name']),'.'); // check filetype against accepted files if (!wp_extension_ok($extension, $image_types)) { image_exit ('

 

'.wp_var_replace($lang['bad_filetype'],array('filetypes'=>$image_types)).'

'); break; } if ($_FILES['image_field']['size'] >= $max_file_size) { image_exit ('

 

'.wp_var_replace($lang['file_too_large'],array('max_size'=>($max_file_size/1000))).'

'); } else { list ($width, $height) = @getimagesize($_FILES['image_field']['tmp_name']); if (($width > $max_image_width) || ($height > $max_image_height)) { image_exit ('

 

'.wp_var_replace($lang['dimensions_too_large'],array('width'=>$max_image_width,'height'=>$max_image_height)).'

'); } else { $name=$_FILES['image_field']['name']; // somepeople like to spit out an error if file have bad characters, I prefer to quetly rename their file. $name = str_replace( array('/','\\','?','&','%','#','~',':','<','>','*','+','@','"',"'",'|',"\r","\n","\t") , '', $name); $name = str_replace(' ', '_', $name); if (empty($name)) { $name = 'Untitled'.$extension; } $just_file_name = $name; if ($name != $_FILES['image_field']['name']) { $extra_message = wp_var_replace($lang['but_was_renamed'],array('name'=>$name)); } else { $extra_message = ''; } //used later to populate the dialoge with the image they have just uploaded: $name2 = $folderpath.$name; $fsize = wp_convert_fsize($_FILES['image_field']['size']); $name=$directory.$name; if (file_exists($name)) { if ($overwrite) { @move_uploaded_file($_FILES['image_field']['tmp_name'], $name.'.TEMP'); if (defined('FILE_CHMOD_MODE')) { if (FILE_CHMOD_MODE) { @chmod($name, FILE_CHMOD_MODE); } } image_exit ('

 

'.$query_inputs.'

'.$lang['should_i_overwrite'].'

'); } else { image_exit ('

 

'.$query_inputs.'

'.$lang['no_overwrite_permission'].'

'); } } elseif (@move_uploaded_file($_FILES['image_field']['tmp_name'], $name)) { // make sure we will be able to delete and re-name this file later if (defined('FILE_CHMOD_MODE')) { if (FILE_CHMOD_MODE) { @chmod($name, FILE_CHMOD_MODE); } } $message= '

'.wp_var_replace($lang['file_uploaded2'],array('file'=>$_FILES['image_field']['name'])).' '.$extra_message.'

'; } else { image_exit ('

 

'.wp_var_replace($lang['upload_failed2'],array('file'=>$_FILES['image_field']['name'])).' '.$lang['check_directory_permission'].'

'); } } } } } ?> <?php echo $lang['titles']['image']; ?> '; } else { echo ' '; } ?>




<?php echo $lang['up_one_level']; ?>

<?php echo $lang['new_folder']; ?>    

 

 

 

$max_file_size/1000,'max_width'=>$max_image_width,'max_height'=>$max_image_height)) ?>