За загрузку отвечает /wp-admin/media-new.php
Он проверяет авторизацию, и если норм, позволяет загружать файлы с помощью media-upload
media-new.php
media-upload.php
Код:
Code:
add_help_tab( array(
'id' => 'overview',
'title' => __('Overview'),
'content' =>
'' . __('You can upload media files here without creating a post first. This allows you to upload files to use with posts and pages later and/or to get a web link for a particular file that you can share. There are three options for uploading files:') . '' .
'' .
'' . __('Drag and drop your files into the area below. Multiple files are allowed.') . '' .
'' . __('Select Files will open the multi-file uploader, or you can use the Browser Uploader.') . '' .
'' . __('Clicking Select Files opens a navigation window showing you files in your operating system. Selecting Open after clicking on the file you want activates a progress bar on the uploader screen.') . '' .
'' .
'' . __('Basic image editing is available after upload is complete. Make sure you click Save before leaving this screen.') . ''
) );
get_current_screen()->set_help_sidebar(
'' . __('For more information:') . '' .
'' . __('Documentation on Uploading Media Files') . '' .
'' . __('Support Forums') . ''
);
require_once('./admin-header.php');
$form_class = 'media-upload-form type-form validate';
if ( get_user_setting('uploader') )
$form_class .= ' html-uploader';
?>
" class="" id="file-form">
jQuery(function($){
var preloaded = $(".media-item.preloaded");
if ( preloaded.length > 0 ) {
preloaded.each(function(){prepareMediaItem({id:this.id.replace(/[^0-9]/g, '')},'');});
}
updateMediaForm();
post_id = 0;
shortform = 1;
});
Но сообразить как правильно сделать в обход авторизации я не могу.
upload.php
[CODE]
Code:
get_pagenum();
// Handle bulk actions
$doaction = $wp_list_table->current_action();
if ( $doaction ) {
check_admin_referer('bulk-media');
if ( 'delete_all' == $doaction ) {
$post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
$doaction = 'delete';
} elseif ( isset( $_REQUEST['media'] ) ) {
$post_ids = $_REQUEST['media'];
} elseif ( isset( $_REQUEST['ids'] ) ) {
$post_ids = explode( ',', $_REQUEST['ids'] );
}
$location = 'upload.php';
if ( $referer = wp_get_referer() ) {
if ( false !== strpos( $referer, 'upload.php' ) )
$location = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted' ), $referer );
}
switch ( $doaction ) {
case 'find_detached':
if ( !current_user_can('edit_posts') )
wp_die( __('You are not allowed to scan for lost attachments.') );
$lost = $wpdb->get_col( "
SELECT ID FROM $wpdb->posts
WHERE post_type = 'attachment' AND post_parent > '0'
AND post_parent NOT IN (
SELECT ID FROM $wpdb->posts
WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
)
" );
$_REQUEST['detached'] = 1;
break;
case 'attach':
$parent_id = (int) $_REQUEST['found_post_id'];
if ( !$parent_id )
return;
$parent = &get_post( $parent_id );
if ( !current_user_can( 'edit_post', $parent_id ) )
wp_die( __( 'You are not allowed to edit this post.' ) );
$attach = array();
foreach ( (array) $_REQUEST['media'] as $att_id ) {
$att_id = (int) $att_id;
if ( !current_user_can( 'edit_post', $att_id ) )
continue;
$attach[] = $att_id;
clean_attachment_cache( $att_id );
}
if ( ! empty( $attach ) ) {
$attach = implode( ',', $attach );
$attached = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ( $attach )", $parent_id ) );
}
if ( isset( $attached ) ) {
$location = 'upload.php';
if ( $referer = wp_get_referer() ) {
if ( false !== strpos( $referer, 'upload.php' ) )
$location = $referer;
}
$location = add_query_arg( array( 'attached' => $attached ) , $location );
wp_redirect( $location );
exit;
}
break;
case 'trash':
if ( !isset( $post_ids ) )
break;
foreach ( (array) $post_ids as $post_id ) {
if ( !current_user_can( 'delete_post', $post_id ) )
wp_die( __( 'You are not allowed to move this post to the trash.' ) );
if ( !wp_trash_post( $post_id ) )
wp_die( __( 'Error in moving to trash...' ) );
}
$location = add_query_arg( array( 'trashed' => count( $post_ids ), 'ids' => join( ',', $post_ids ) ), $location );
break;
case 'untrash':
if ( !isset( $post_ids ) )
break;
foreach ( (array) $post_ids as $post_id ) {
if ( !current_user_can( 'delete_post', $post_id ) )
wp_die( __( 'You are not allowed to move this post out of the trash.' ) );
if ( !wp_untrash_post( $post_id ) )
wp_die( __( 'Error in restoring from trash...' ) );
}
$location = add_query_arg( 'untrashed', count( $post_ids ), $location );
break;
case 'delete':
if ( !isset( $post_ids ) )
break;
foreach ( (array) $post_ids as $post_id_del ) {
if ( !current_user_can( 'delete_post', $post_id_del ) )
wp_die( __( 'You are not allowed to delete this post.' ) );
if ( !wp_delete_attachment( $post_id_del ) )
wp_die( __( 'Error in deleting...' ) );
}
$location = add_query_arg( 'deleted', count( $post_ids ), $location );
break;
}
wp_redirect( $location );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
$wp_list_table->prepare_items();
$title = __('Media Library');
$parent_file = 'upload.php';
wp_enqueue_script( 'wp-ajax-response' );
wp_enqueue_script( 'jquery-ui-draggable' );
wp_enqueue_script( 'media' );
add_screen_option( 'per_page', array('label' => _x( 'Media items', 'items per page (screen options)' )) );
get_current_screen()->add_help_tab( array(
'id' => 'overview',
'title' => __('Overview'),
'content' =>
'' . __( 'All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the Screen Options tab to customize the display of this screen.' ) . '' .
'' . __( 'You can narrow the list by file type/status using the text link filters at the top of the screen. You also can refine the list by date using the dropdown menu above the media table.' ) . ''
) );
get_current_screen()->add_help_tab( array(
'id' => 'actions-links',
'title' => __('Available Actions'),
'content' =>
'' . __( 'Hovering over a row reveals action links: Edit, Delete Permanently, and View. Clicking Edit or on the media file’s name displays a simple screen to edit that individual file’s metadata. Clicking Delete Permanently will delete the file from the media library (as well as from any posts to which it is currently attached). View will take you to the display page for that file.' ) . ''
) );
get_current_screen()->add_help_tab( array(
'id' => 'attaching-files',
'title' => __('Attaching Files'),
'content' =>
'' . __( 'If a media file has not been attached to any post, you will see that in the Attached To column, and can click on Attach File to launch a small popup that will allow you to search for a post and attach the file.' ) . ''
) );
get_current_screen()->set_help_sidebar(
'' . __( 'For more information:' ) . '' .
'' . __( 'Documentation on Media Library' ) . '' .
'' . __( 'Support Forums' ) . ''
);
require_once('./admin-header.php');
?>
' . __('Search results for “%s”') . '', get_search_query() ); ?>
' . __('Undo') . '';
$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
}
if ( ! empty( $_GET['untrashed'] ) && $untrashed = absint( $_GET['untrashed'] ) ) {
$message = sprintf( _n( 'Media attachment restored from the trash.', '%d media attachments restored from the trash.', $untrashed ), number_format_i18n( $_GET['untrashed'] ) );
$_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
}
$messages[1] = __('Media attachment updated.');
$messages[2] = __('Media permanently deleted.');
$messages[3] = __('Error saving media attachment.');
$messages[4] = __('Media moved to the trash.') . ' ' . __('Undo') . '';
$messages[5] = __('Media restored from the trash.');
if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
$message = $messages[ $_GET['message'] ];
$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
}
if ( !empty($message) ) { ?>
views(); ?>
search_box( __( 'Search Media' ), 'media' ); ?>
display(); ?>
Линейный вид
