WPSDK/v-wordpress-plugin-updater
2
0
Fork 0
mirror of https://github.com/djav1985/v-wordpress-plugin-updater.git synced 2025-08-18 18:27:53 +08:00
Code Issues Packages Activity Actions
v-wordpress-plugin-updater/update-api/classes/forms/PlFormHandler.php

113 lines
4.1 KiB
PHP
Raw Normal View History

modified: .gitignore modified: README.md modified: mu-plugin/v-sys-plugin-updater-mu.php modified: mu-plugin/v-sys-plugin-updater.php modified: mu-plugin/v-sys-theme-updater.php deleted: update-api/app/forms/home-forms.php deleted: update-api/app/forms/plupdate-forms.php deleted: update-api/app/forms/thupdate-forms.php deleted: update-api/app/helpers/home-helper.php deleted: update-api/app/helpers/logs-helper.php deleted: update-api/app/helpers/plupdate-helper.php deleted: update-api/app/helpers/thupdate-helper.php new file: update-api/classes/forms/HomeFormHandler.php new file: update-api/classes/forms/PlFormHandler.php new file: update-api/classes/forms/ThFormHandler.php new file: update-api/classes/helpers/HomeHelper.php new file: update-api/classes/helpers/LogsHelper.php new file: update-api/classes/helpers/PlHelper.php new file: update-api/classes/helpers/ThHelper.php new file: update-api/classes/util/security.php modified: update-api/lib/auth-lib.php new file: update-api/lib/class-lib.php modified: update-api/lib/load-lib.php deleted: update-api/lib/waf-lib.php modified: update-api/public/.htaccess new file: update-api/public/api.php modified: update-api/public/assets/css/login.css modified: update-api/public/assets/css/mobile.css deleted: update-api/public/assets/css/pages.css modified: update-api/public/assets/css/styles.css modified: update-api/public/index.php modified: update-api/public/login.php deleted: update-api/public/plugins/api.php deleted: update-api/public/plugins/download.php deleted: update-api/public/themes/api.php deleted: update-api/public/themes/download.php renamed: update-api/app/pages/home.php -> update-api/views/home.php renamed: update-api/app/pages/logs.php -> update-api/views/logs.php renamed: update-api/app/pages/plupdate.php -> update-api/views/plupdate.php renamed: update-api/app/pages/thupdate.php -> update-api/views/thupdate.php
2025-06-29 14:59:47 -04:00
<?php
/*
* Project: Update API
* Author: Vontainment
* URL: https://vontainment.com
* File: PluginUpdateFormHandler.php
* Description: WordPress Update API
*/
namespace UpdateApi\forms;
use UpdateApi\util\Security;
class PlFormHandler
{
public function handleRequest()
{
if (
$_SERVER['REQUEST_METHOD'] === 'POST'
&& isset($_POST['csrf_token'], $_SESSION['csrf_token'])
&& $_POST['csrf_token'] === $_SESSION['csrf_token']
) {
// Sanitize POST and FILES inputs
if (isset($_FILES['plugin_file'])) {
$this->uploadPluginFiles();
} elseif (isset($_POST['delete_plugin'])) {
$plugin_name = isset($_POST['plugin_name']) ? Security::sanitizeInput($_POST['plugin_name']) : null;
$this->deletePlugin($plugin_name);
} else {
die('Invalid form action.');
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
die('Invalid CSRF token.');
}
}
private function uploadPluginFiles()
{
$allowed_extensions = ['zip'];
$total_files = count($_FILES['plugin_file']['name']);
for ($i = 0; $i < $total_files; $i++) {
$file_name = isset($_FILES['plugin_file']['name'][$i])
? Security::sanitizeInput($_FILES['plugin_file']['name'][$i])
: '';
$file_tmp = isset($_FILES['plugin_file']['tmp_name'][$i])
? $_FILES['plugin_file']['tmp_name'][$i]
: '';
$file_size = isset($_FILES['plugin_file']['size'][$i])
? filter_var($_FILES['plugin_file']['size'][$i], FILTER_VALIDATE_INT)
: 0;
$file_error = isset($_FILES['plugin_file']['error'][$i])
? filter_var($_FILES['plugin_file']['error'][$i], FILTER_VALIDATE_INT)
: UPLOAD_ERR_NO_FILE;
$file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
$plugin_slug = explode("_", $file_name)[0];
$existing_plugins = glob(PLUGINS_DIR . '/' . $plugin_slug . '_*');
foreach ($existing_plugins as $plugin) {
if (is_file($plugin)) {
unlink($plugin);
}
}
if ($file_error !== UPLOAD_ERR_OK || !in_array($file_extension, $allowed_extensions)) {
echo '<script>'
. 'alert("Error uploading: '
. htmlspecialchars($file_name, ENT_QUOTES, 'UTF-8')
. '. Only .zip files are allowed.");'
. 'window.location.href = "/plupdate";'
. '</script>';
exit;
}
$plugin_path = PLUGINS_DIR . '/' . $file_name;
if (move_uploaded_file($file_tmp, $plugin_path)) {
echo '<script>'
. 'alert("'
. htmlspecialchars($file_name, ENT_QUOTES, 'UTF-8')
. ' uploaded successfully.");'
. 'window.location.href = "/plupdate";'
. '</script>';
} else {
echo '<script>'
. 'alert("Error uploading: '
. htmlspecialchars($file_name, ENT_QUOTES, 'UTF-8')
. '");'
. 'window.location.href = "/plupdate";'
. '</script>';
}
}
}
private function deletePlugin($plugin_name)
{
$plugin_name = Security::sanitizeInput($plugin_name);
$plugin_path = PLUGINS_DIR . '/' . $plugin_name;
if (file_exists($plugin_path)) {
if (unlink($plugin_path)) {
echo '<script>'
. 'alert("Plugin deleted successfully!");'
. 'window.location.href = "/plupdate";'
. '</script>';
} else {
echo '<script>'
. 'alert("Failed to delete plugin file. Please try again.");'
. 'window.location.href = "/plupdate";'
. '</script>';
}
}
}
}
Reference in a new issue Copy permalink