Changeset 2591047

Timestamp:

08/30/2021 07:44:40 PM (4 years ago)

Author:

rinatkhaziev

Message:

Merge 7f2c9f1cbfdbeef0dba2f32d6c8952484bd861ca

Location:

frontend-uploader/trunk

Files:

• . (modified) (1 prop)
• frontend-uploader.php (modified) (1 diff)
• lib/php/akismet.php (modified) (1 diff)
• readme.md (modified) (2 diffs)
• readme.txt (modified) (11 diffs)

frontend-uploader/trunk/frontend-uploader.php

@@ -5 +5 @@
 Author: Rinat Khaziev, Daniel Bachhuber
 Version: 1.3.2
-Author URI: http://digitallyconscious.com
+Author URI: https://rinat.dev/
 Text Domain: frontend-uploader
+Requires at least: 4.6
+Requires PHP: 7.2
 
 GNU General Public License, Free Software Foundation <http://creativecommons.org/licenses/GPL/2.0/>

frontend-uploader/trunk/lib/php/akismet.php

@@ -22 +22 @@
     // Permalink of the post with upload form, fallback to wp_get_referer()
     // Fallback is used to
-    $content['permalink'] = isset( $_POST['form_post_id'] ) ? get_permalink( sanitize_text_area( $_POST['form_post_id'] ) ) : wp_get_referer();
+    $content['permalink'] = isset( $_POST['form_post_id'] ) ? get_permalink( sanitize_textarea_field( $_POST['form_post_id'] ) ) : wp_get_referer();
 
     // Set required Akismet values

frontend-uploader/trunk/readme.md

@@ -12 +12 @@
 
 1. `git clone https://github.com/rinatkhaziev/wp-frontend-uploader.git` in your WP plugins directory
-1. `git submodule update --init --recursive` in the plugin dir to get dependencies
 1. Activate the plugin
 1. Set the settings
@@ -20 +19 @@
 
 1. Pull as usual
-2. Do `git submodule -q foreach git pull -q origin master` to update submodules
-3. ...
-4. Profit
+2. ...
+3. Profit
 
 ## Developers

frontend-uploader/trunk/readme.txt

@@ -4 +4 @@
 Tags: frontend, image, images, media, uploader, upload, video, audio, photo, photos, picture, pictures, file, user generated content, ugc, frontend upload
 Requires at least: 4.6
-Tested up to: 5.0
+Requires PHP: 7.2
+Tested up to: 5.8
 Stable tag: 1.3.2
 License: GPLv2 or later
@@ -18 +19 @@
 **Security**
 
-Allowing uploads from unauthenticated users is inherently risky. The plugin relies on the core allow list for files. However, we explicitly remove HTML, JS and PHP files even if they're in the allow list. To modify the list of allowed file types please refer to *fu_allowed_mime_types* configuration filter section for additional details.
+Allowing uploads from unauthenticated users is inherently risky. The plugin relies on the core allow list for files. However, we explicitly remove HTML, JS and PHP files even if they're in the allow list. To modify the list of allowed file types and tweak it to your own desire either use the plugin's settings or refer to *fu_allowed_mime_types* configuration filter section for additional details.
+
+For additional protection we recommend enabling file name obfuscation in plugin settings.
 
 = Exploring Customizations =
@@ -24 +27 @@
 * You can modify the submission form as needed, and have users submit posts. Please visit the FAQ page for more information.
 * This plugin can be applied to Posts, Pages, and Custom Post Types. You can enable this via Settings > Frontend Uploader Settings.
-* Form can be used in 3 modes: upload files, submit posts/custom post types, and mixed - submit a post and attach files to it.
-* Form supports following fields: text, textarea, select, radio buttons, and checkboxes
+* Form can be used in three modes:
+    - Submit files
+    - Submit posts/pages/custom post types
+    - Submit a post and attach files to it
+
+* The form supports following fields: text, textarea, select, radio buttons, and checkboxes
 
 **Customizing Your Form with Shortcode Parameters**
@@ -32 +39 @@
 
 At it's most basic form, the shortcode would look like this
-`[fu-upload-form]`
+**[fu-upload-form]**
 
 This will render a default form for media upload that has title, description and upload fields. (See screenshot 2)
@@ -38 +45 @@
 The same shortcode with some customizations would look like this:
 
-`[fu-upload-form class="html-wrapper-class"
-form_layout="media" title="Upload your media"]
-[input type="text" name="post_title" id="title"
-class="required" description="Title"]
-[textarea name="post_content" class="textarea"
-id="my-textarea" description="Description (optional)"]
-[input type="file" name="photo" id="my-photo-submission"
-class="required" description="Your Photo" multiple="multiple"]
-[input type="submit" class="btn" value="Submit"]
+`[fu-upload-form class="html-wrapper-class" form_layout="media" title="Upload your media"]
+
+    [input type="text" name="post_title" id="title"
+     class="required" description="Title"]
+
+    [textarea name="post_content" class="textarea"
+     id="my-textarea" description="Description (optional)"]
+
+    [input type="file" name="photo" id="my-photo-submission"
+     class="required" description="Your Photo" multiple="multiple"]
+
+    [input type="submit" class="btn" value="Submit"]
 [/fu-upload-form]`
 
 As you can see, form elements are represented by shortcodes: [input], [textarea], [radio], [checkboxes], [file]. Each of them has a set of attributes, e.g. `id, class, name, value, values, type, description, minlength, maxlength. Please refer to "Form Elements" section of this readme for more details on elements and their attributes.
 
-= Main shortcode: [fu-upload-form] =
+## Main shortcode: [fu-upload-form] ##
 
 The main shortcode, it has many important parameters that modify form behavior.
 
-In the following example we are creating a form with title "Upload your story and image". The form will allow to submit a custom post type *story* with an image which is going to be automatically inserted at the end of the story. The story will have a category with ID 1. On successful submission user will be redirected to http://example.com/success-page/
-
-`[fu-upload-form form_layout="post_media" title="Upload your story and image"
-class="my-class validate" post_type="story" append_to_post="true"
-success_page="http://example.com/success-page/" category="1" ][/fu-upload-form]`
-
-**The list of all parameters for [fu-upload-form]**
-
-*form_layout*
+In the following example we are creating a form with title "Upload your story and image". The form will allow to submit a custom post type *story* with a file which is going to be automatically inserted at the end of the story. The story will have a category with ID 1. On successful submission user will be redirected to http://example.com/success-page/
+
+`[fu-upload-form
+    form_layout="post_media"
+    title="Upload your story and image"
+    class="my-class validate"
+    post_type="story"
+    append_to_post="true"
+    success_page="http://example.com/success-page/"
+    category="1"
+][/fu-upload-form]`
+
+### The list of all parameters for [fu-upload-form] ###
+
+**form_layout**
 
 This determines whether the form is saved as a post/custom post type (‘post’), as a media file (`media`), or as a post with images (`post_media`).  Default value is `media`.
-Example:
+
+Example:
+
 `[fu-upload-form form_layout=”post”]`
 
-*title*
+**title**
 
 Add this *[fu-upload-form]* shortcode, and this will be the Headline that will be displayed before the form.
-Example:
-`fu-upload-form class="your-class" title="Upload your media"]`
-
-*class*
+
+Example:
+
+`[fu-upload-form class="your-class" title="Upload your media"]`
+
+**class**
 
 HTML class of the form, defaults to 'validate'. If you want your form being validated - do not remove validate class. If you would like to item to be required before a user can submit, you can set it to ‘required.’
-Example:
+
+Example:
+
 `[input type="text" name="post_title" id="title" class="required"]`
 
-*post_type*
-
-Any post whitelisted in settings post type. Defaults to 'post'.
-Example:
+**post_type**
+
+Set the post type of the upload to one in the plugin settings Allow list. Defaults to 'post'.
+
+Example:
+
 `[fu-upload-form post_type="my-custom-post-type-slug"]`
 
-*append_to_post*
-
-Automatically insert images into uploaded post *(true or false)*
-
-*success_page*
+**append_to_post**
+
+Automatically insert images into the uploaded post content *(true or false)*
+
+Example:
+
+`[fu-upload-form append_to_post="true"]`
+
+
+**success_page**
 
 URL to redirect on successful submission, defaults to the URL where the form is being displayed. For security reasons this should be an URL on your site (no external links). You can use `[fu-upload-response]` shortcode to display success/error messages on the redirect page.
 
-*category*
+Example:
+
+`[fu-upload-form success_page="https://example.com/thank-you-for-your-submission/"]`
+
+**category**
 
 ID of category the post should be attached (only in post or post+media mode).
 
-*post_id*
+Example:
+
+`[fu-upload-form category="1"]`
+
+**post_id**
 
 ID of the post the image should be attached to. Defaults to the post ID of the post the shortcode is on.
 
-*suppress_default_fields*
+Example:
+
+`[fu-upload-form post_id="103037"]`
+
+**suppress_default_fields**
 
 Override global setting for supressing default form fields *(true or false)*.
-Example:
+
+Example:
+
 `[fu-upload-form suppress_default_fields="true"] ... inner shortcodes omitted... [/fu-upload-form]`
 
-
-= Form Elements =
-
-Following are form elements you can use, please refer to *Field Attributes* section for more details on what attributes can be used.
+### Form Elements ###
+
+The following are form elements you can use, please refer to *Field Attributes* section for more details on what attributes can be used.
 
 Text box for one line of text:
+
 `[input type="text" name="post_title" class="my-class" ]`
 
 Text box for multiple lines of text:
+
 `[textarea name="post_content" class="my-text-area"]`
 
 File upload field:
+
 `[input type="file" name="my-file"]`
 
 Set of checkboxes:
+
 `[checkboxes name="fruits" values="value:Description,124:Banana,cherry:Cherry"]`
 
 Set of radio buttons:
+
 `[radio name="fruit" class="checkboxes" description="Pick a fruit" values="value:Description,124:Banana,cherry:Cherry"]`
 
 Select:
+
 `[select name="select-fruit" class="select" description="Pick a fruit" values="apple:Apple,banana:Banana,cherry:Cherry"]`
 
 Submit button:
+
 `[input type="submit" class="btn" value="Submit"]`
 
 Recaptcha:
+
 `[recaptcha]`
 
 **Field Attributes**
 
-`id` - id of element
-
-`name` - name of element
-
-`class` - extra classes you want to add
-
-`type` - text or file or submit
-
-`required` - This attribute specifies that the user must fill in a value before submitting a form.
-
-`minlength` - minimum amount of characters for field value
-
-`maxlength` - maximum amount of characters for field value
-
-`min` - The minimum (numeric or date-time) value for this item, which must not be greater than its maximum (max attribute) value.
-
-`max` - The maximum (numeric or date-time) value for this item, which must not be less than its minimum (min attribute) value.
-
-`multiple` - allow multiple file uploads (only for file inputs)
-
-`placeholder` - A hint to the user of what can be entered in the control.
-
-`readonly` - This attribute indicates that the user cannot modify the value of the control.
-
-`disabled` - This Boolean attribute indicates that the form control is not available for interaction
-
-`value` - input value
-
-`description` - input label
-
-`help` - input help text displayed underneath
-
-`values` - multiple option inputs (checkboxes,select,radio) values in format *value:description, another_value:anotherdescription*
-
-`wysiwyg_enabled` - enable TinyMCE for textareas
+Please refer to the excellent [MDN reference](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#input_types "") for input attributes. Generally speaking, any HTML5 attribute should be supported.
+
+* **id** - id of element
+
+* **name** - name of element
+
+* **class** - extra classes you want to add
+
+* **type** - text or file or submit
+
+* **required** - This attribute specifies that the user must fill in a value before submitting a form.
+
+* **minlength** - minimum amount of characters for field value
+
+* **maxlength** - maximum amount of characters for field value
+
+* **min** - The minimum (numeric or date-time) value for this item, which must not be greater than its maximum (max attribute) value.
+
+* **max** - The maximum (numeric or date-time) value for this item, which must not be less than its minimum (min attribute) value.
+
+* **multiple** - allow multiple file uploads (only for file inputs)
+
+* **placeholder** - A hint to the user of what can be entered in the control.
+
+* **readonly** - This attribute indicates that the user cannot modify the value of the control.
+
+* **disabled** - This Boolean attribute indicates that the form control is not available for interaction
+
+* **value** - input value
+
+* **description** - input label
+
+* **help** - input help text displayed underneath
+
+* **values** - Comma-separated values for the multiple option inputs (checkboxes, select, radio)  in the format of **value:description, another_value:anotherdescription**
+
+* **wysiwyg_enabled** - enable TinyMCE for textareas.
 
 
@@ -180 +232 @@
 
 Please make sure to read this readme including FAQ section before posting in support forum.
-
 
 **Development**
@@ -234 +285 @@
 
 = Are other filetypes supported? =
-In addition to the WordPress whitelisted file types, Frontend Uploader also supports uploading of Microsoft Office and Adobe files, as well as various video and audio files. You can enable these file types via Settings > Frontend Uploader Settings.
+
+By default every file type that WordPress allows to upload except HTML and JS are enabled.
+However, you can tweak what's allowed in the Options -> Frontend Uploader Settings.
+If you want to handle some other file type please refer to **fu_allowed_mime_types** filter section.
 
 = Where does the user submitted content go? =
@@ -245 +299 @@
 
 
-= I want to be allow users to upload mp3, psd, or any other file restricted by default. =
-You are able to do that within Frontend Uploader Settings admin page. The settings there cover the most popular extensions/MIME-types.
-The trick is that the same file might have several different mime-types based on setup of server/client.
-If you're experiencing any issues, you can set WP_DEBUG to true in your wp-config.php or put
-`add_filter( 'fu_is_debug', '__return_true' );` in your theme's functions.php to see what MIME-types you are having troubles with.
-
-[FileExt](http://filext.com/) is a good place to find MIME-types for specific file extension.
-
-Let's say we want to be able to upload 3gp media files.
-
-First we look up all MIME-types for 3gp: http://filext.com/file-extension/3gp
-
-Now that we have all possible MIME-types for .3gp, we can allow the files to be uploaded.
-
-Following code whitelists 3gp files, if it makes sense to you, you can modify it for other extensions/mime-types.
-If it confuses you, please don't hesitate to post on support forum.
+= I want to allow users to upload a file type that's not listed in the plugin settings. =
+
+By default we rely on [wp_get_mime_types](https://developer.wordpress.org/reference/functions/wp_get_mime_types/) function to populate the values for the allow list.
+
+It covers the absolute majority of widely used file formats, but let's say you want to allow uploading a source file of a program written in [Pascal](https://en.wikipedia.org/wiki/Pascal_(programming_language).
+It can be using either **.pas`** or **.p**
+It can have MIME type of `text/pascal` or `text/x-pascal`
+
+[FileExt](http://filext.com/) is a good place to find out more about the file types, but, unfortunately it stopped showing MIME-types somewhere between the first and current version of this readme.
+
+So we'll have to resort to a search engine and query for "PAS MIME-type". As said earlier, those files can have two MIME-types.
+
+Now comes the tricky part, WordPress expects the mime types defined in a particular format of a regex pattern for extensions as an array key and MIME-type as a value.
+
+Needless to say, associative array keys are unique, so we need to apply a little trick:
+
+`$mime_types['p|pas'] = 'text/pascal';
+$mime_types['pas|p'] = 'text/x-pascal';`
+
+This way we can side-step the unique key requirement while handling both of the MIME-types.
+
 Put this in your theme's functions.php
+
 `add_filter( 'fu_allowed_mime_types', 'my_fu_allowed_mime_types' );
 function my_fu_allowed_mime_types( $mime_types ) {
-    // Array of 3gp mime types
-    // From http://filext.com (there might be more)
-    $mimes = array( 'audio/3gpp', 'video/3gpp' );
-    // Iterate through all mime types and add this specific mime to allow it
-    foreach( $mimes as $mime ) {
-        // Preserve the mime_type
-        $orig_mime = $mime;
-        // Leave only alphanumeric characters (needed for unique array key)
-        preg_replace("/[^0-9a-zA-Z ]/", "", $mime );
-        // Workaround for unique array keys
-        // If you-re going to modify it for your files
-        // Don't forget to change extension in array key
-        // E.g. $mime_types['pdf|pdf_' . $mime ] = $orig_mime
-        $mime_types['3gp|3gp_' . $mime ] = $orig_mime;
-    }
+    $mime_types['p|pas'] = 'text/pascal';
+    $mime_types['pas|p'] = 'text/x-pascal';
+
     return $mime_types;
 }`
 
+Unfortunately, that's not all. Sometimes, depending on a server configuration you might get unexpected results for certain file extensions.
+If you’re experiencing any issues, you can set WP_DEBUG to true in your wp-config.php or put
+
+`add_filter( ‘fu_is_debug’, ‘__return_true’ );`
+
+in your theme’s functions.php to see what MIME-types you are having troubles with.
+
 = What about spam protection? =
 The plugin supports Akismet (must be installed and configured properly) and Recaptcha. Just enable it in plugin settings.
@@ -290 +345 @@
 
 By default Frontend Uploader could be managed with 'edit_posts' capability, if you want to change permissions, this is the right filter
+
 `add_filter( 'fu_manage_permissions', create_function( '$cap', 'return "edit_others_posts"; ) );`
 
@@ -345 +401 @@
 == Changelog ==
 
+= 1.3.3 (Aug 28, 2021) =
+* Re-worked the way file type allow list works
+* Readme formatting updates to hopefully make it clearer
+
 = 1.3.2 (Nov 2, 2018) =
 * Bugfix: allow multiple forms to be properly validated if they're rendered on the same page.
@@ -538 +598 @@
 
 * Initial release and poorly written readme
+
+ == Upgrade Notice ==
+
+ As of 1.3.3 the minimum requirement for PHP is bumped to 7.0, it reached the end of life on 10 Jan 2019, so if, somehow, you're still running it you should upgrade.