本文整理汇总了PHP中GFForms::add_security_files方法的典型用法代码示例。如果您正苦于以下问题:PHP GFForms::add_security_files方法的具体用法?PHP GFForms::add_security_files怎么用?PHP GFForms::add_security_files使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类GFForms的用法示例。
在下文中一共展示了GFForms::add_security_files方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: upload
public static function upload()
{
GFCommon::log_debug('GFAsyncUpload::upload(): Starting.');
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
status_header(404);
die;
}
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();
nocache_headers();
status_header(200);
// If the file is bigger than the server can accept then the form_id might not arrive.
// This might happen if the file is bigger than the max post size ini setting.
// Validation in the browser reduces the risk of this happening.
if (!isset($_REQUEST['form_id'])) {
GFCommon::log_debug('GFAsyncUpload::upload(): File upload aborted because the form_id was not found. The file may have been bigger than the max post size ini setting.');
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
$form_id = absint($_REQUEST['form_id']);
$form_unique_id = rgpost('gform_unique_id');
$form = GFAPI::get_form($form_id);
if (empty($form) || !$form['is_active']) {
die;
}
if (rgar($form, 'requireLogin')) {
if (!is_user_logged_in()) {
die;
}
check_admin_referer('gform_file_upload_' . $form_id, '_gform_file_upload_nonce_' . $form_id);
}
if (!ctype_alnum($form_unique_id)) {
die;
}
$target_dir = GFFormsModel::get_upload_path($form_id) . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR;
if (!is_dir($target_dir)) {
if (!wp_mkdir_p($target_dir)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Couldn't create the tmp folder: " . $target_dir);
self::die_error(500, __('Failed to upload file.', 'gravityforms'));
}
}
$time = current_time('mysql');
$y = substr($time, 0, 4);
$m = substr($time, 5, 2);
//adding index.html files to all subfolders
if (!file_exists(GFFormsModel::get_upload_root() . '/index.html')) {
GFForms::add_security_files();
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . '/index.html')) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id));
} else {
if (!file_exists(GFFormsModel::get_upload_path($form_id) . "/{$y}/index.html")) {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}");
} else {
GFCommon::recursive_add_index_file(GFFormsModel::get_upload_path($form_id) . "/{$y}/{$m}");
}
}
}
if (!file_exists($target_dir . '/index.html')) {
GFCommon::recursive_add_index_file($target_dir);
}
$uploaded_filename = $_FILES['file']['name'];
$file_name = isset($_REQUEST['name']) ? $_REQUEST['name'] : '';
$field_id = rgpost('field_id');
$field_id = absint($field_id);
$field = GFFormsModel::get_field($form, $field_id);
if (empty($field) || GFFormsModel::get_input_type($field) != 'fileupload') {
die;
}
$file_name = sanitize_file_name($file_name);
$uploaded_filename = sanitize_file_name($uploaded_filename);
$allowed_extensions = !empty($field->allowedExtensions) ? GFCommon::clean_extensions(explode(',', strtolower($field->allowedExtensions))) : array();
$max_upload_size_in_bytes = $field->maxFileSize > 0 ? $field->maxFileSize * 1048576 : wp_max_upload_size();
$max_upload_size_in_mb = $max_upload_size_in_bytes / 1048576;
if ($_FILES['file']['size'] > 0 && $_FILES['file']['size'] > $max_upload_size_in_bytes) {
self::die_error(104, sprintf(__('File exceeds size limit. Maximum file size: %dMB', 'gravityforms'), $max_upload_size_in_mb));
}
if (GFCommon::file_name_has_disallowed_extension($file_name) || GFCommon::file_name_has_disallowed_extension($uploaded_filename)) {
GFCommon::log_debug("GFAsyncUpload::upload(): Illegal file extension: {$file_name}");
self::die_error(104, __('The uploaded file type is not allowed.', 'gravityforms'));
}
if (!empty($allowed_extensions)) {
if (!GFCommon::match_file_extension($file_name, $allowed_extensions) || !GFCommon::match_file_extension($uploaded_filename, $allowed_extensions)) {
GFCommon::log_debug("GFAsyncUpload::upload(): The uploaded file type is not allowed: {$file_name}");
self::die_error(104, sprintf(__('The uploaded file type is not allowed. Must be one of the following: %s', 'gravityforms'), strtolower($field['allowedExtensions'])));
}
}
$whitelisting_disabled = apply_filters('gform_file_upload_whitelisting_disabled', false);
if (empty($allowed_extensions) && !$whitelisting_disabled) {
// Whitelist the file type
$valid_uploaded_filename = GFCommon::check_type_and_ext($_FILES['file'], $uploaded_filename);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_uploaded_filename->get_error_code(), $valid_uploaded_filename->get_error_message());
}
$valid_file_name = GFCommon::check_type_and_ext($_FILES['file'], $file_name);
if (is_wp_error($valid_uploaded_filename)) {
self::die_error($valid_file_name->get_error_code(), $valid_file_name->get_error_message());
}
}
$tmp_file_name = $form_unique_id . '_input_' . $field_id . '_' . $file_name;
$tmp_file_name = sanitize_file_name($tmp_file_name);
//.........这里部分代码省略.........