CVE-2023-0295: settings.php in launchpad-by-obox/tags/1.0.13/functions – WordPress Plugin Repository

1<?php class apollo_launchpad_settings2{3 function init() {4 add_action( 'admin_menu’, array(&$this, ‘apollo_menu’));5 add_action( 'admin_init’, array(&$this,6 ‘home_page_order_fallback’));7 add_action( 'admin_init’, array(&$this, ‘apollo_initialize_options’));8 if(isset($_GET[“refresh”]))9 add_action( 'admin_init’, array(&$this,10 ‘clear_options’));11 }1213 function clear_options(){14 $active_tab = isset( $_GET[ ‘tab’ ] ) ? $_GET[ ‘tab’ ] : 'display’;15 delete_option(‘apollo_’.$active_tab.’_options’);16 wp_redirect(“?page=apollo_general_settings&tab=$active_tab”);1718 }1920 function home_page_order_fallback(){21 if(!get_option(“apollo_order_options”)) :22 global $wp_settings_fields;23 foreach ( (array) $wp_settings_fields[‘apollo_order_options’][‘apollo_general_settings’] as $field ) :24 update_option('apollo_order_options’, $field[‘args’]);25 endforeach;26 endif;27 }2829 function apollo_menu() {30 $this->pagehook = add_menu_page( 'Launchpad’,31 'Launchpad’,32 'administrator’,33 'apollo_general_settings’, array(&$this, ‘apollo_display’),34 ‘dashicons-welcome-view-site’ );35 }3637 function buttons(){38 $active_tab = isset( $_GET[ ‘tab’ ] ) ? $_GET[ ‘tab’ ] : ‘display’;39 $html = "";40 $html .=’<a href="’ . get_home_url() . '?apollo=true&TB_iframe=true&width=640&height=632" class="preview thickbox thickbox-preview" title="Be sure to save your settings first">Preview</a>’;41 $html .= ‘<a id="clear" href="?page=apollo_general_settings&tab=’ . $active_tab . ‘&refresh" class="clear-settings">Clear Settings</a>’ ;42 $html .= get_submit_button(“Save Changes", “primary", “submit", false);43 $html = ‘<span>’ . $html . '</span>’;44 return $html;45 }46 function apollo_general_options_callback() {47 echo ‘<p class="top">’ . $this->buttons() . 'Activate your landing page, set the launch date and add your copy. Get started here!</p>’;48 } // end apollo_general_options_callback4950 function apollo_social_options_callback() {51 echo ‘<p class="top">’ . $this->buttons() . 'Enter in your social network URLs. Leave blank to hide the buttons.</p>’;52 } // end apollo_general_options_callback5354 function apollo_theme_options_callback() {55 echo ‘<p class="top">’ . $this->buttons() . 'Setup the look & feel of your launch page. <a href="http://photodune.net/search?ref=obox&tags%5B%5D=background&sales=rank-4">Get some cool backgrounds here.</a></p>’;56 } // end apollo_general_options_callback5758 function apollo_order_options_callback() {59 echo ‘<p class="top">’ . $this->buttons() . 'Dictate the order of the elements on the home page.</p>’;60 } // end apollo_general_options_callback6162 function apollo_css_options_callback() {63 echo ‘<p class="top">’ . $this->buttons() . 'If you want to fully cusomize your landing page, add your custom CSS here.</p>’;64 } // end apollo_general_options_callback65666768 function apollo_display() {69 $tabs = array(70 “display” => “General",71 “theme” => “Look & Feel",72 “social” => “Social Links",73 “order” => “Page Elements Order",74 “css” => “Custom CSS"75 );7677 $active_tab = isset( $_GET[ ‘tab’ ] ) ? $_GET[ ‘tab’ ] : 'display’; ?>7879 <!-- Create a header in the default WordPress ‘wrap’ container -->80 <div class="wrap">81 <?php $theme = wp_get_theme();82 if( ‘layerswp’ != $theme->template ) { ?>83 <div class="promo-layers">84 <h4>Try Layers</h4>85 <p>Setting up a new site? Why not try Layers? A revolutionary site builder specifically for WordPress.</p>86 <iframe width="560” height="315” src="https://www.youtube.com/embed/lRogY6qKBvQ” frameborder="0” allowfullscreen></iframe>87 <p>88 <a href="http://www.layerswp.com/?&utm_source=launchpad&utm_medium=cta&utm_campaign=Launchpad20%Layers20%Promo” target="_blank">Layers</a> is a revolutionary new site builder that makes creating beautiful, responsive websites, fast, fun and easy.89 </p>90 <a class="go-to-layers” href="http://www.layerswp.com/?&utm_source=launchpad&utm_medium=cta&utm_campaign=Launchpad20%Layers20%Promo” target="_blank">Find out more</a>91 </div>92 <?php } ?>93 <div class="lp-settings-section">9495 <h2>Launchpad</h2>96 <?php settings_errors(); ?>97 <h2 class="nav-tab-wrapper">98 <?php foreach($tabs as $tab => $label) : ?>99 <a href="?page=apollo_general_settings&tab=<?php echo $tab; ?>” class="nav-tab <?php echo $active_tab == $tab ? ‘nav-tab-active’ : '’; ?>"><?php echo $label; ?></a>100 <?php endforeach; ?>101 </h2>102103 <form method="post" action="options.php" enctype="multipart/form-data" class="launchpad-form">104 <?php do_settings_sections( ‘apollo_’.$active_tab.’_options’ ); ?>105 <?php settings_fields(‘apollo_’.$active_tab.’_options’); ?>106 <p><?php echo $this->buttons(); ?></p>107 </form>108 </div>109110 </div><!-- /.wrap -->111 <?php112 }113114 function apollo_initialize_options() {115 $apollo = new apollo_launchpad();116 $template = $apollo->template();117 $templateuri = $apollo->template_uri();118119 // If the theme options don’t exist, create them.120 if(!get_option(‘apollo_display_options’)) :121 add_option(‘apollo_display_options’);122 endif; // First, we register a section. This is necessary since all future options must belong to a123124 add_settings_section(125 'apollo_general_settings’, // Page on which to add this section of options126 'Launchpad Options’, // Title to be displayed on the administration page127 array(&$this, ‘apollo_general_options_callback’), // Callback used to render the description of the section128 ‘apollo_display_options’ // ID used to identify this section and with which to register options129 );130131 add_settings_field(132 'active’,133 'Activate Launchpad’,134 array( &$this, ‘apollo_input’),135 'apollo_display_options’,136 'apollo_general_settings’,137 array(138 ‘name’ => 'active’,139 ‘type’ => 'checkbox’,140 ‘default’ => 0,141 )142 );143144 add_settings_field(145 'launchdate’,146 'Launch Date’, array(&$this, ‘apollo_input’),147 'apollo_display_options’,148 'apollo_general_settings’,149 array(150 ‘name’ => 'launchdate’,151 ‘type’ => 'date’,152 ‘default’ => date( “Y/m/d G:i:s", current_time(‘timestamp’) ),153 ‘excerpt’ => ‘When does your site launch? Server time is: <em>’ . current_time( get_option( ‘date_format’ ) . ' ' . get_option( ‘time_format’ ) ) . ‘</em> <a href="’ . admin_url( ‘options-general.php’ ) . '” target="_blank">(Edit)</a>’154 )155 );156157 add_settings_field(158 'automatic_launch’,159 'Automatic Launch’, array(&$this, ‘apollo_input’),160 'apollo_display_options’,161 'apollo_general_settings’,162 array(163 ‘name’ => 'automatic_launch’,164 ‘type’ => 'checkbox’,165 ‘default’ => 0,166 ‘excerpt’ => 'Check this ON to automatically disable the plugin after the launch date.’167 )168 );169170 add_settings_field(171 'display_tagline’,172 'Display Site Tagline’, array(&$this, ‘apollo_input’),173 'apollo_display_options’,174 'apollo_general_settings’,175 array(176 ‘name’ => 'display_tagline’,177 ‘type’ => 'checkbox’,178 ‘default’ => 1,179 )180 );181182 add_settings_field(183 'title’,184 'Introduction Title’, array(&$this, ‘apollo_input’),185 'apollo_display_options’,186 'apollo_general_settings’,187 array(188 ‘name’ => 'title’,189 ‘type’ => 'text’,190 ‘default’ => 'Welcome!’191 )192 );193194 add_settings_field(195 'intro’,196 'Introduction Copy’, array(&$this, ‘apollo_input’),197 'apollo_display_options’,198 'apollo_general_settings’,199 array(200 ‘name’ => 'intro’,201 ‘type’ => 'memo’,202 ‘excerpt’ => 'We are launching a new site very soon! Be sure to return later.’203 )204 );205206 add_settings_field(207 'video’,208 'Intro Video’, array(&$this, ‘apollo_input’),209 'apollo_display_options’,210 'apollo_general_settings’,211 array(212 ‘name’ => 'video’,213 ‘type’ => 'text’,214 ‘excerpt’ => 'If you have a video, enter it\’s URL here.’215 )216 );217218 add_settings_field(219 'subscription_embed’,220 'Newsletter Embed Code’, array(&$this, ‘apollo_input’),221 'apollo_display_options’,222 'apollo_general_settings’,223 array(224 ‘name’ => 'subscription_embed’,225 ‘type’ => 'memo’,226 ‘excerpt’ => 'Newsletter signup form embed code.’227 )228 );229230231 add_settings_field(232 'show_obox_logo’,233 'Display Obox Logo’, array(&$this, ‘apollo_input’),234 'apollo_display_options’,235 'apollo_general_settings’,236 array(237 ‘name’ => 'show_obox_logo’,238 ‘type’ => 'checkbox’,239 ‘excerpt’ => 'Display the Obox logo, creators of The Launchpad, in your footer.’240 )241 );242243 add_settings_field(244 'copyright_text’,245 'Footer Copyright Text’, array(&$this, ‘apollo_input’),246 'apollo_display_options’,247 'apollo_general_settings’,248 array(249 ‘name’ => 'copyright_text’,250 ‘type’ => 'text’,251 ‘default’ => ‘Copyright ' . get_bloginfo(“name”).’ ' .date( ‘Y’ ). '. ', 'Enter in your custom copyright text for the site\’s footer.’252 )253 );254255 $role_options = array();256 $editable_roles = get_editable_roles();257258 foreach ( $editable_roles as $role => $details ) :259 $name = translate_user_role($details[‘name’] );260 $role_options[$name] = esc_attr($role);261 endforeach;262263 add_settings_field(264 'role’,265 'Minimum User Rights’, array(&$this, ‘apollo_input’),266 'apollo_display_options’,267 'apollo_general_settings’,268 array(269 ‘name’ => 'role’,270 ‘type’ => 'select’,271 ‘default’ => 'administrator’,272 ‘excerpt’ => 'Select which users are able to access the front end site.’,273 ‘options’ => $role_options274 )275 );276277 // Finally, we register the fields with WordPress278 register_setting(279 'apollo_display_options’,280 'apollo_display_options’, array(&$this, ‘handle_form’)281 );282283 add_settings_section(284 'apollo_general_settings’, // Page on which to add this section of options285 'Social Link Options’, // Title to be displayed on the administration page286 array(&$this, ‘apollo_social_options_callback’), // Callback used to render the description of the section287 ‘apollo_social_options’ // ID used to identify this section and with which to register options288 );289290 add_settings_field(291 'facebook’,292 'Facebook’, array(&$this, ‘apollo_input’),293 'apollo_social_options’,294 'apollo_general_settings’,295 array(296 ‘name’ => 'facebook’,297 ‘type’ => 'text’298 )299 );300301 add_settings_field(302 'vimeo’,303 'Vimeo’, array(&$this, ‘apollo_input’),304 'apollo_social_options’,305 'apollo_general_settings’,306 array(307 ‘name’ => 'vimeo’,308 ‘type’ => 'text’309 )310 );311312 add_settings_field(313 'tumblr’,314 'Tumblr’, array(&$this, ‘apollo_input’),315 'apollo_social_options’,316 'apollo_general_settings’,317 array(318 ‘name’ => 'tumblr’,319 ‘type’ => 'text’320 )321 );322323 add_settings_field(324 'wordpress’,325 'Wordpress’, array(&$this, ‘apollo_input’),326 'apollo_social_options’,327 'apollo_general_settings’,328 array(329 ‘name’ => 'wordpress’,330 ‘type’ => 'text’331 )332 );333334 add_settings_field(335 'twitter’,336 'Twitter’, array(&$this, ‘apollo_input’),337 'apollo_social_options’,338 'apollo_general_settings’,339 array(340 ‘name’ => 'twitter’,341 ‘type’ => 'text’342 )343 );344345 // Finally, we register the fields with WordPress346 register_setting(347 'apollo_social_options’,348 'apollo_social_options’, array(&$this, ‘handle_form’)349 );350351 add_settings_section(352 'apollo_general_settings’, // Page on which to add this section of options353 'Theme & Display Options’, // Title to be displayed on the administration page354 array(&$this, ‘apollo_theme_options_callback’), // Callback used to render the description of the section355 ‘apollo_theme_options’ // ID used to identify this section and with which to register options356 );357358 add_settings_field(359 'theme’,360 'Theme’, array(&$this, ‘apollo_input’),361 'apollo_theme_options’,362 'apollo_general_settings’,363 array(364 ‘name’ => 'theme’,365 ‘type’ => 'select’,366 ‘options’ => array(367 “Grunge” => “grunge",368 “Minimal” => “minimal",369 “Slick Gloss” => “slick-gloss"370 )371 )372 );373 add_settings_field(374 'font’,375 'Font’, array(&$this, ‘apollo_input’),376 'apollo_theme_options’,377 'apollo_general_settings’,378 array(379 ‘name’ => 'font’,380 ‘type’ => 'select’,381 ‘options’ => array(382 "-- Theme Default --" => “",383 “Sans Serif” => “sans-serif-style",384 “Serif Sans Serif” => “serif-sans-style",385 “Serif” => “serif-style"386 )387 )388 );389390 add_settings_field(391 'typekit’,392 'Typekit ID’, array(&$this, ‘apollo_input’),393 'apollo_theme_options’,394 'apollo_general_settings’,395 array(396 ‘name’ => 'typekit’,397 ‘type’ => 'text’,398 ‘excerpt’ => 'Enter in the Typekit Kit ID for your custom font.’399 )400 );401402 add_settings_field(403 'logo’,404 'Logo’, array(&$this, ‘apollo_input’),405 'apollo_theme_options’,406 'apollo_general_settings’,407 array(408 ‘name’ => 'logo’,409 ‘type’ => 'file’,410 ‘options’ => array()411 )412 );413414 add_settings_field(415 'background’,416 'Background’,417 array(&$this, ‘apollo_input’),418 'apollo_theme_options’,419 'apollo_general_settings’,420 array(421 ‘name’ => 'background’,422 ‘type’ => 'file’,423 ‘options’ => array(424 “Blue Haze” => $templateuri."/".$template."/images/bg/2co-bg.jpg",425 “aurorarain” => $templateuri."/".$template."/images/bg/aurorarain.jpg",426 “beachsunset” => $templateuri."/".$template."/images/bg/beachsunset.jpg",427 “california” => $templateuri."/".$template."/images/bg/california.jpg",428 “deepwater” => $templateuri."/".$template."/images/bg/deepwater.jpg",429 “dusksky” => $templateuri."/".$template."/images/bg/dusksky.jpg",430 “field” => $templateuri."/".$template."/images/bg/field.jpg",431 “meadow” => $templateuri."/".$template."/images/bg/meadow.jpg",432 “nightsky” => $templateuri."/".$template."/images/bg/nightsky.jpg",433 “rocky” => $templateuri."/".$template."/images/bg/rocky.jpg",434 “silentshore” => $templateuri."/".$template."/images/bg/silentshore.jpg",435 “texture” => $templateuri."/".$template."/images/bg/texture.jpg"436 )437 )438 );439440 // Finally, we register the fields with WordPress441 register_setting(442 'apollo_theme_options’,443 'apollo_theme_options’, array(&$this, ‘handle_form’)444 );445446 add_settings_section(447 'apollo_general_settings’, // Page on which to add this section of options448 'Home Page Order’, // Title to be displayed on the administration page449 array(&$this, ‘apollo_order_options_callback’), // Callback used to render the description of the section450 ‘apollo_order_options’ // ID used to identify this section and with which to register options451 );452453 add_settings_field(454 'order’,455 'Click and drag the blocks to order them on your landing page’, array(&$this, ‘apollo_order’),456 'apollo_order_options’,457 'apollo_general_settings’,458 array(459 ‘count-down-timer’ => 'Count Down Timer’,460 ‘video’ => 'Video’,461 ‘welcome’ => 'Secondary Title & Intro’,462 ‘subs-form’ => 'Email Subscription Form’,463 ‘social-links’ => 'Social Links’464 )465 ); // Finally, we register the fields with WordPress466467 $this->home_page_order_fallback();468 register_setting(469 'apollo_order_options’,470 'apollo_order_options’, array(&$this, ‘handle_form’)471 );472473 add_settings_section(474 'apollo_general_settings’, // Page on which to add this section of options475 'Custom CSS’, // Title to be displayed on the administration page476 array(&$this, ‘apollo_css_options_callback’), // Callback used to render the description of the section477 ‘apollo_css_options’ // ID used to identify this section and with which to register options478 );479480 add_settings_field(481 'css’,482 'Custom CSS’, array(&$this, ‘apollo_input’),483 'apollo_css_options’,484 'apollo_general_settings’,485 array(486 ‘name’ => 'css’,487 ‘type’ => 'memo’488 )489 );490 register_setting(491 'apollo_css_options’,492 'apollo_css_options’, array(&$this, ‘handle_form’)493 );494495 }496497 function apollo_order( $order_options ){498499 $active_order = get_option(“apollo_order_options”);500501 if( empty( $active_order ) ) $active_order = $order_options;502503 $active = '’;504 $inactive = '’; ?>505506 <h2 class="home-page-order"><?php _e( 'Active’, ‘launchpad’ ); ?></h2>507 <ul class="home-page-order">508 <?php foreach( $active_order as $value => $label ) :509510 if( array_key_exists( $value , $active_order ) ) : ?>511 <li>512 <label for="<?php echo esc_attr( $value ); ?>">513 <?php echo $label; ?>514 <input disabled type="checkbox” id="<?php echo esc_attr( $value ); ?>” name="apollo_order_options[<?php echo esc_attr( $value ); ?>]" checked="checked” value="<?php echo esc_attr( $label ); ?>” />515 </label>516 </li>517 <?php endif;518519 endforeach; ?>520 </ul>521522 <?php if( count( $order_options ) != count( $active_order ) ) : ?>523 <h2 class="home-page-order"><?php _e( 'In-Active’, ‘launchpad’ ); ?></h2>524 <ul class="home-page-order">525 <?php foreach( $order_options as $value => $label ) :526527 if( !array_key_exists( $value , $active_order ) ) : ?>528 <li>529 <label for="<?php echo esc_attr( $value ); ?>">530 <?php echo $label; ?>531 <input disabled type="checkbox” id="<?php echo esc_attr( $value ); ?>” name="apollo_order_options[<?php echo esc_attr( $value ); ?>]" value="<?php echo esc_attr( $label ); ?>” />532 </label>533 </li>534 <?php endif;535536 endforeach; ?>537 </ul>538 <?php endif;539540 }541542 function apollo_input( $args ) {543544 // First, we read the options collection545 $active_tab = isset( $_GET[ ‘tab’ ] ) ? $_GET[ ‘tab’ ] : 'display’;546 $option = 'apollo_’.$active_tab.’_options’;547 $options = get_option($option);548 $label = “";549 $id = ( isset( $args[ ‘name’ ] ) ? $args[ ‘name’ ] : ‘’ );550 $type = ( isset( $args[ ‘type’ ] ) ? $args[ ‘type’ ] : ‘’ );551 $default = ( isset( $args[ ‘default’ ] ) ? $args[ ‘default’ ] : ‘’ );552 $excerpt = ( isset( $args[ ‘excerpt’ ] ) ? $args[ ‘excerpt’ ] : ‘’ );553554555 if( $type == “checkbox” && isset( $options[ $id ] ) ) :556 $value = TRUE;557 elseif( isset( $options[ $id ] ) ) :558 $value = $options[ $id ];559 else :560 $value = $default;561 endif;562563 if ($type == “checkbox”) :564565 $checked = '’;566567 if( isset( $options[ $id ] ) ) $checked = 'checked="checked"’; ?>568569 <input disabled type="checkbox” id="<?php echo $id; ?>" name="<?php echo $option; ?>[<?php echo $id; ?>]" <?php echo $checked; ?> />570 <?php elseif ($type == “file”) :571572 $checked = '’;573 $count = 0;574 $selected = 0;575 $images = “";576 $uploaded = array();577 $uploadclass=’’;578579 $uploaded = get_posts(580 array(581 ‘post_type’ => 'attachment’,582 ‘meta_key’ => '_apollo_related_image’,583 ‘meta_value’ => $id,584 ‘orderby’ => 'none’,585 ‘nopaging’ => true586 ) );587588 if( $value != “” ){589 $checked = 'checked="checked"’;590 } else {591 $uploadclass=’no_display’;592 } ?>593594 <input disabled id="clear-<?php echo $id; ?>” data-input-key="<?php echo $id; ?>" name="" type="checkbox" <?php echo $checked; ?> />595 <label class="clear" for="clear-<?php echo $id; ?>">596 <?php _e( 'Enable’, ‘launchpad’ ); ?> <?php echo $id; ?>597 </label>598599 <div id="<?php echo $id; ?>-list" class="clear <?php echo $uploadclass; ?>">600 <input disabled type="file" id="upload-<?php echo $id; ?>" name="<?php echo $id; ?>_file" />601 <input disabled id="no-<?php echo $id; ?>" name="<?php echo $option; ?>[<?php echo $id; ?>]" type="radio" value="" <?php echo $checked; ?> class="no_display" />602 <div class="available-headers">603 <ul>604 <?php if(!empty($uploaded)) :605 foreach($uploaded as $image) :606 $full = wp_get_attachment_url($image->ID, “full”);607 $thumb = wp_get_attachment_url($image->ID, “thumb”);608 $checked = “";609 $class = “";610 if($value == $full){611 $checked = 'checked="checked"’;612 $class = ' active’;613 $selected = $count;614 } ?>615616 <li class="default-header <?php echo $class; ?>">617 <input disabled id="<?php echo $id; ?>-<?php echo $image->ID; ?>” name="<?php echo $option; ?>[<?php echo $id; ?>]" type="radio” value="<?php echo $full; ?>" <?php echo $checked; ?> class="no_display" />618 <label for="<?php echo $id; ?>-<?php echo $image->ID; ?>">619 <img src="<?php echo esc_attr( $thumb ); ?>" alt="" title="" />620 </label>621 </li>622 <?php $count++;623 endforeach;624625 endif;626627 if(isset($args[ ‘options’ ])) :628 foreach($args[ ‘options’ ] as $image => $path) :629 $checked = “";630 $class = “";631 if($value == $path){632 $checked = 'checked="checked"’;633 $class = ' active’;634 $selected = $count;635 } ?>636 <li class="default-header <?php echo $class; ?>">637 <input disabled id="<?php echo $id; ?>-<?php echo $image; ?>” name="<?php echo $option; ?>[<?php echo $id; ?>]" type="radio” value="<?php echo $path; ?>" <?php echo $checked; ?> class="no_display" />638 <label for="<?php echo $id; ?>-<?php echo $image; ?>">639 <img src="<?php echo str_replace(“bg/", “bg/thumbs/", $path); ?>” alt="” title="" width="150" />640 </label>641 </li>642 <?php $count++;643 endforeach;644645 endif; ?>646 </ul>647 </div>648 </div>649 <?php elseif ($type == “memo”) : ?>650651 <textarea disabled id="<?php echo $id; ?>" name="<?php echo $option; ?>[<?php echo $id; ?>]" cols="50" rows="5"><?php echo $value; ?></textarea>652 <?php elseif ($type == “select”) :653 $options = $args[ ‘options’ ]; ?>654655 <select disabled id="<?php echo $id; ?>" name="<?php echo $option; ?>[<?php echo $id; ?>]“>656 <?php if( isset( $options ) ) :657 foreach($options as $option => $option_value) :658 $selected = '’;659660 if($value == $option_value) $selected = 'selected="selected"’; ?>661662 <option value="<?php echo $option_value; ?>” <?php echo $selected; ?>><?php echo $option; ?></option>663 <?php endforeach;664 endif; ?>665 </select>666 <?php else : ?>667668 <input disabled type="text" id="<?php echo $id; ?>" name="<?php echo $option; ?>[<?php echo $id; ?>]" value="<?php echo $value; ?>" />669 <?php endif;670671 if(!empty($excerpt)) : ?>672 <label for="<?php echo $id; ?>"><?php echo $excerpt; ?></label>673 <?php endif; ?>674 <?php }675 function handle_form($input){676677 $newinput = $input;678 $files = $_FILES;679 foreach($files as $input => $values) :680 if(!empty($values[“name”])) :681 $id = media_handle_upload($input, 0);682 $attachment = wp_get_attachment_image_src( $id, “full”);683 $option = str_replace("_file", "", $input);684685 update_post_meta($id, '_apollo_related_image’, $option);686687 $newinput[$option] = $attachment[0];688 endif;689 endforeach;690 return $newinput;691 }692}