1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php
/**
* Manage media uploaded file.
*
* There are many filters in here for media. Plugins can extend functionality
* by hooking into the filters.
*
* @package WordPress
* @subpackage Administration
*/
if ( ! isset( $_GET['inline'] ) ) {
define( 'IFRAME_REQUEST', true );
}
/** Load WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';
if ( ! current_user_can( 'upload_files' ) ) {
wp_die( __( 'Sorry, you are not allowed to upload files.' ), 403 );
}
wp_enqueue_script( 'plupload-handlers' );
wp_enqueue_script( 'image-edit' );
wp_enqueue_script( 'set-post-thumbnail' );
wp_enqueue_style( 'imgareaselect' );
wp_enqueue_script( 'media-gallery' );
header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
// IDs should be integers.
$ID = isset( $ID ) ? (int) $ID : 0; // phpcs:ignore WordPress.NamingConventions.ValidVariableName
$post_id = isset( $post_id ) ? (int) $post_id : 0;
// Require an ID for the edit screen.
if ( isset( $action ) && 'edit' === $action && ! $ID ) { // phpcs:ignore WordPress.NamingConventions.ValidVariableName
wp_die(
'<h1>' . __( 'Something went wrong.' ) . '</h1>' .
'<p>' . __( 'Invalid item ID.' ) . '</p>',
403
);
}
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post', $_REQUEST['post_id'] ) ) {
wp_die(
'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
'<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',
403
);
}
// Upload type: image, video, file, ...?
if ( isset( $_GET['type'] ) ) {
$type = (string) $_GET['type'];
} else {
/**
* Filters the default media upload type in the legacy (pre-3.5.0) media popup.
*
* @since 2.5.0
*
* @param string $type The default media upload type. Possible values include
* 'image', 'audio', 'video', 'file', etc. Default 'file'.
*/
$type = apply_filters( 'media_upload_default_type', 'file' );
}
// Tab: gallery, library, or type-specific.
if ( isset( $_GET['tab'] ) ) {
$tab = (string) $_GET['tab'];
} else {
/**
* Filters the default tab in the legacy (pre-3.5.0) media popup.
*
* @since 2.5.0
*
* @param string $tab The default media popup tab. Default 'type' (From Computer).
*/
$tab = apply_filters( 'media_upload_default_tab', 'type' );
}
$body_id = 'media-upload';
// Let the action code decide how to handle the request.
if ( 'type' === $tab || 'type_url' === $tab || ! array_key_exists( $tab, media_upload_tabs() ) ) {
/**
* Fires inside specific upload-type views in the legacy (pre-3.5.0)
* media popup based on the current tab.
*
* The dynamic portion of the hook name, `$type`, refers to the specific
* media upload type.
*
* The hook only fires if the current `$tab` is 'type' (From Computer),
* 'type_url' (From URL), or, if the tab does not exist (i.e., has not
* been registered via the {@see 'media_upload_tabs'} filter.
*
* Possible hook names include:
*
* - `media_upload_audio`
* - `media_upload_file`
* - `media_upload_image`
* - `media_upload_video`
*
* @since 2.5.0
*/
do_action( "media_upload_{$type}" );
} else {
/**
* Fires inside limited and specific upload-tab views in the legacy
* (pre-3.5.0) media popup.
*
* The dynamic portion of the hook name, `$tab`, refers to the specific
* media upload tab. Possible values include 'library' (Media Library),
* or any custom tab registered via the {@see 'media_upload_tabs'} filter.
*
* @since 2.5.0
*/
do_action( "media_upload_{$tab}" );
}
|