media-upload.php (3570B)
1 <?php 2 /** 3 * Manage media uploaded file. 4 * 5 * There are many filters in here for media. Plugins can extend functionality 6 * by hooking into the filters. 7 * 8 * @package WordPress 9 * @subpackage Administration 10 */ 11 12 if ( ! isset( $_GET['inline'] ) ) { 13 define( 'IFRAME_REQUEST', true ); 14 } 15 16 /** Load WordPress Administration Bootstrap */ 17 require_once __DIR__ . '/admin.php'; 18 19 if ( ! current_user_can( 'upload_files' ) ) { 20 wp_die( __( 'Sorry, you are not allowed to upload files.' ), 403 ); 21 } 22 23 wp_enqueue_script( 'plupload-handlers' ); 24 wp_enqueue_script( 'image-edit' ); 25 wp_enqueue_script( 'set-post-thumbnail' ); 26 wp_enqueue_style( 'imgareaselect' ); 27 wp_enqueue_script( 'media-gallery' ); 28 29 header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) ); 30 31 // IDs should be integers. 32 $ID = isset( $ID ) ? (int) $ID : 0; // phpcs:ignore WordPress.NamingConventions.ValidVariableName 33 $post_id = isset( $post_id ) ? (int) $post_id : 0; 34 35 // Require an ID for the edit screen. 36 if ( isset( $action ) && 'edit' === $action && ! $ID ) { // phpcs:ignore WordPress.NamingConventions.ValidVariableName 37 wp_die( 38 '<h1>' . __( 'Something went wrong.' ) . '</h1>' . 39 '<p>' . __( 'Invalid item ID.' ) . '</p>', 40 403 41 ); 42 } 43 44 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post', $_REQUEST['post_id'] ) ) { 45 wp_die( 46 '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' . 47 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 48 403 49 ); 50 } 51 52 // Upload type: image, video, file, ...? 53 if ( isset( $_GET['type'] ) ) { 54 $type = (string) $_GET['type']; 55 } else { 56 /** 57 * Filters the default media upload type in the legacy (pre-3.5.0) media popup. 58 * 59 * @since 2.5.0 60 * 61 * @param string $type The default media upload type. Possible values include 62 * 'image', 'audio', 'video', 'file', etc. Default 'file'. 63 */ 64 $type = apply_filters( 'media_upload_default_type', 'file' ); 65 } 66 67 // Tab: gallery, library, or type-specific. 68 if ( isset( $_GET['tab'] ) ) { 69 $tab = (string) $_GET['tab']; 70 } else { 71 /** 72 * Filters the default tab in the legacy (pre-3.5.0) media popup. 73 * 74 * @since 2.5.0 75 * 76 * @param string $tab The default media popup tab. Default 'type' (From Computer). 77 */ 78 $tab = apply_filters( 'media_upload_default_tab', 'type' ); 79 } 80 81 $body_id = 'media-upload'; 82 83 // Let the action code decide how to handle the request. 84 if ( 'type' === $tab || 'type_url' === $tab || ! array_key_exists( $tab, media_upload_tabs() ) ) { 85 /** 86 * Fires inside specific upload-type views in the legacy (pre-3.5.0) 87 * media popup based on the current tab. 88 * 89 * The dynamic portion of the hook name, `$type`, refers to the specific 90 * media upload type. 91 * 92 * The hook only fires if the current `$tab` is 'type' (From Computer), 93 * 'type_url' (From URL), or, if the tab does not exist (i.e., has not 94 * been registered via the {@see 'media_upload_tabs'} filter. 95 * 96 * Possible hook names include: 97 * 98 * - `media_upload_audio` 99 * - `media_upload_file` 100 * - `media_upload_image` 101 * - `media_upload_video` 102 * 103 * @since 2.5.0 104 */ 105 do_action( "media_upload_{$type}" ); 106 } else { 107 /** 108 * Fires inside limited and specific upload-tab views in the legacy 109 * (pre-3.5.0) media popup. 110 * 111 * The dynamic portion of the hook name, `$tab`, refers to the specific 112 * media upload tab. Possible values include 'library' (Media Library), 113 * or any custom tab registered via the {@see 'media_upload_tabs'} filter. 114 * 115 * @since 2.5.0 116 */ 117 do_action( "media_upload_{$tab}" ); 118 } 119