Plugin Directory

Changeset 504380 for relocate-upload


Ignore:
Timestamp:
02/13/2012 04:45:45 PM (13 years ago)
Author:
alanft
Message:

version 0.20, proper WP ajax action, closing security hole

Location:
relocate-upload
Files:
2 edited
4 copied

Legend:

Unmodified
Added
Removed
  • relocate-upload/tags/0.20/readme.txt

    r142130 r504380  
    22Contributors: alanft
    33Tags: admin, upload, folder, relocate
    4 Requires at least: 2.6
    5 Tested up to: 2.8.2
    6 Stable tag: 0.14
     4Requires at least: 2.8
     5Tested up to: 3.3.1
     6Stable tag: 0.20
    77
    88Wordpress uploads media to one pre-set folder. Relocate Upload lets you switch media to other folders.
     
    3636
    3737== Changelog ==
     380.20 - Adopted proper 'wp_ajax_' action, to close off a major security issue.
     39
    38400.14 - Many small fixes (check for existing files, database prefix bug fix, jquery enqueue, 2.8 media library update, path 'fixing')
    3941
  • relocate-upload/tags/0.20/relocate-upload.php

    r142130 r504380  
    55Description: Moves uploads to special folders
    66Author: Alan Trewartha
    7 Version: 0.14
     7Version: 0.20
    88Author URI: http://freakytrigger.co.uk/author/alan/
    99*/
     
    1212define('SERVER_DOC_ROOT', $GLOBALS['_SERVER']['DOCUMENT_ROOT']);
    1313
     14if( is_admin() )
     15{
     16    add_action('wp_ajax_relocate_upload', 'relocate_upload_js_action');
     17}
    1418
    1519// Move folder request handled when called by GET AJAX
    16 if (isset($_GET['ru_folder']))
    17 {   // WP setup and function access
    18     define('WP_USE_THEMES', false);
    19     require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter
     20function relocate_upload_js_action()
     21{   global $wpdb;
     22    if (!isset($_GET['ru_folder'])) exit;
    2023    check_admin_referer('ru_request_move');
    21     global $wpdb;
    22 
    2324
    2425    // find default path
     
    9596    {   jQuery($element).attr({disabled: true});
    9697        jQuery($element).siblings("span").html(' Moving...');
    97         jQuery.get(
    98             "<?php echo WP_CONTENT_URL."/plugins/relocate-upload/relocate-upload.php"; ?>",
     98        jQuery.get(ajaxurl,
    9999            {   ru_folder: $element.selectedIndex,
    100100                       id: $element.getAttribute('media_id'),
    101                  _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>',
    102                   abspath: '<?php echo ABSPATH ?>'
     101                   action: 'relocate_upload',
     102                 _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>'
    103103            },
    104104            function(data)
  • relocate-upload/trunk/readme.txt

    r142130 r504380  
    22Contributors: alanft
    33Tags: admin, upload, folder, relocate
    4 Requires at least: 2.6
    5 Tested up to: 2.8.2
    6 Stable tag: 0.14
     4Requires at least: 2.8
     5Tested up to: 3.3.1
     6Stable tag: 0.20
    77
    88Wordpress uploads media to one pre-set folder. Relocate Upload lets you switch media to other folders.
     
    3636
    3737== Changelog ==
     380.20 - Adopted proper 'wp_ajax_' action, to close off a major security issue.
     39
    38400.14 - Many small fixes (check for existing files, database prefix bug fix, jquery enqueue, 2.8 media library update, path 'fixing')
    3941
  • relocate-upload/trunk/relocate-upload.php

    r142130 r504380  
    55Description: Moves uploads to special folders
    66Author: Alan Trewartha
    7 Version: 0.14
     7Version: 0.20
    88Author URI: http://freakytrigger.co.uk/author/alan/
    99*/
     
    1212define('SERVER_DOC_ROOT', $GLOBALS['_SERVER']['DOCUMENT_ROOT']);
    1313
     14if( is_admin() )
     15{
     16    add_action('wp_ajax_relocate_upload', 'relocate_upload_js_action');
     17}
    1418
    1519// Move folder request handled when called by GET AJAX
    16 if (isset($_GET['ru_folder']))
    17 {   // WP setup and function access
    18     define('WP_USE_THEMES', false);
    19     require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter
     20function relocate_upload_js_action()
     21{   global $wpdb;
     22    if (!isset($_GET['ru_folder'])) exit;
    2023    check_admin_referer('ru_request_move');
    21     global $wpdb;
    22 
    2324
    2425    // find default path
     
    9596    {   jQuery($element).attr({disabled: true});
    9697        jQuery($element).siblings("span").html(' Moving...');
    97         jQuery.get(
    98             "<?php echo WP_CONTENT_URL."/plugins/relocate-upload/relocate-upload.php"; ?>",
     98        jQuery.get(ajaxurl,
    9999            {   ru_folder: $element.selectedIndex,
    100100                       id: $element.getAttribute('media_id'),
    101                  _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>',
    102                   abspath: '<?php echo ABSPATH ?>'
     101                   action: 'relocate_upload',
     102                 _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>'
    103103            },
    104104            function(data)
Note: See TracChangeset for help on using the changeset viewer.