Skip to:
Content

BuddyPress.org

Changeset 9660


Ignore:
Timestamp:
03/29/2015 06:25:35 PM (5 years ago)
Author:
imath
Message:

Improve the BP_Attachment class

  • abstract the BP_Attachment class, so it must be extended,
  • avoid using get_class_vars( __CLASS__ ) to get the default values in the constructor,
  • sanitize the base_dir if set,
  • make sure the action and file_input parameters are sanitized,
  • use a is_dir() check instead of a file_exists() one when checking if the upload_path exists,
  • use bp_parse_args() in the BP_Attachment->crop() method and include a filter,
  • improve code formatting.

Props DJPaul

See #6278

Location:
trunk/src/bp-core/classes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/classes/class-bp-attachment-avatar.php

    r9623 r9660  
    8686
    8787        // File is of invalid type
    88         } else if ( ! bp_core_check_avatar_type( array( 'file' => $file ) ) ) {
     88        } elseif ( ! bp_core_check_avatar_type( array( 'file' => $file ) ) ) {
    8989            $file['error'] = 10;
    9090        }
  • trunk/src/bp-core/classes/class-bp-attachment.php

    r9622 r9660  
    1717 * @since BuddyPress (2.3.0)
    1818 */
    19 class BP_Attachment {
     19abstract class BP_Attachment {
    2020
    2121    /** Upload properties *****************************************************/
     
    2929
    3030    /**
    31      * Maximum file size in kilobytes
    32      *
    33      * @var int
    34      */
    35     public $original_max_filesize = 0;
    36 
    37     /**
    38      * List of allowed file extensions
    39      * Defaults to get_allowed_mime_types()
    40      *
    41      * @var int
    42      */
    43     public $allowed_mime_types = array();
    44 
    45     /**
    46      * component's upload base directory.
    47      *
    48      * @var string
    49      */
    50     public $base_dir = '';
    51 
    52     /**
    53      * The upload action.
    54      *
    55      * @var string
    56      */
    57     public $action = '';
    58 
    59     /**
    60      * The file input name attribute
    61      *
    62      * @var string
    63      */
    64     public $file_input = '';
    65 
    66     /**
    67      * List of upload errors.
     31     * The default args to be merged with the
     32     * ones passed by the child class
    6833     *
    6934     * @var array
    7035     */
    71     public $upload_error_strings = array();
    72 
    73     /**
    74      * List of required core files
    75      *
    76      * @var array
    77      */
    78     public $required_wp_files = array( 'file' );
     36    protected $default_args = array(
     37        'original_max_filesize' => 0,
     38        'allowed_mime_types'    => array(),
     39        'base_dir'              => '',
     40        'action'                => '',
     41        'file_input'            => '',
     42        'upload_error_strings'  => array(),
     43        'required_wp_files'     => array( 'file' ),
     44    );
    7945
    8046    /**
     
    11480         * a multisite config, the root site fileupload_maxk option
    11581         */
    116         $this->original_max_filesize = (int) wp_max_upload_size();
    117 
    118         $params = bp_parse_args( $args, get_class_vars( __CLASS__ ), $this->action . '_upload_params' );
     82        $this->default_args['original_max_filesize'] = (int) wp_max_upload_size();
     83
     84        $params = bp_parse_args( $args, $this->default_args, $this->action . '_upload_params' );
    11985
    12086        foreach ( $params as $key => $param ) {
    12187            if ( 'upload_error_strings' === $key ) {
    12288                $this->{$key} = $this->set_upload_error_strings( $param );
    123             } else {
     89
     90            // Sanitize the base dir
     91            } elseif ( 'base_dir' === $key ) {
     92                $this->{$key} = sanitize_title( $param );
     93
     94            // Action & File input are already set and sanitized
     95            } elseif ( 'action' !== $key && 'file_input' !== $key ) {
    12496                $this->{$key} = $param;
    12597            }
     
    316288        foreach ( (array) $this->allowed_mime_types as $ext ) {
    317289            foreach ( $wp_mimes as $ext_pattern => $mime ) {
    318                 if ( $ext != '' && strpos( $ext_pattern, $ext ) !== false ) {
     290                if ( $ext !== '' && strpos( $ext_pattern, $ext ) !== false ) {
    319291                    $valid_mimes[$ext_pattern] = $mime;
    320292                }
     
    396368
    397369        // Check if upload path already exists
    398         if ( ! file_exists( $this->upload_path ) ) {
     370        if ( ! is_dir( $this->upload_path ) ) {
    399371
    400372            // If path does not exist, attempt to create it
     
    430402        $wp_error = new WP_Error();
    431403
    432         $r = wp_parse_args( $args, array(
     404        $r = bp_parse_args( $args, array(
    433405            'original_file' => '',
    434406            'crop_x'        => 0,
     
    440412            'src_abs'       => false,
    441413            'dst_file'      => false,
    442         ) );
     414        ), 'bp_attachment_crop_args' );
    443415
    444416        if ( empty( $r['original_file'] ) || ! file_exists( $r['original_file'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.