CVE-2023-3063: ajax.php in sp-client-document-manager/trunk/classes – WordPress Plugin Repository

1<?php23class spdm_ajax4{5 6 public static function extend_new_user_approve_filter($autologin){7 8 if(class_exists(‘pw_new_user_approve’)){9 $autologin = 0;10 }11 return $autologin;12}13public function extend_new_user_approve_action($user){14 global $errors;15 if(class_exists(‘pw_new_user_approve’)){16 if(get_user_meta($user->ID,’pw_user_status’,true) == ‘pending’){17 echo '<div class="alert alert-info"><strong>Thanks for registering!</strong> Your account is currently pending approval.</strong></div>’; 1819 20 $user_login = $user->user_login;21 $user_email = $user->user_email;22 // The blogname option is escaped with esc_html on the way into the database in sanitize_option23 // we want to reverse this for the plain text arena of emails.24 $blogname = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES );2526 $default_admin_url = admin_url( ‘users.php?s&pw-status-query-submit=Filter&new_user_approve_filter=pending&paged=1’ );27 $admin_url = apply_filters( 'new_user_approve_admin_link’, $default_admin_url );2829 /* send email to admin for approval */30 $message = apply_filters( 'new_user_approve_request_approval_message_default’, pw_new_user_approve::default_notification_message() );3132 $message = str_replace( 'USERNAME’, $user_login, $message );33 $message = str_replace( 'USEREMAIL’, $user_email, $message );34 $message = str_replace( 'SITENAME’, $blogname, $message );35 $message = str_replace( 'SITEURL’, get_option( ‘siteurl’ ), $message );36 $message = str_replace( 'ADMINURL’, $admin_url, $message );3738 $message = apply_filters( 'new_user_approve_request_approval_message’, $message, $user_login, $user_email );3940 $subject = sprintf( __( '[%s] User Approval’, ‘new-user-approve’ ), $blogname );41 $subject = apply_filters( 'new_user_approve_request_approval_subject’, $subject );4243 $to = apply_filters( 'new_user_approve_email_admins’, array( get_option( ‘admin_email’ ) ) );44 $to = array_unique( $to );4546 // send the mail47 wp_mail( $to, $subject,apply_filters('sp_cdm/mail/content’,stripslashes( $message)), pw_new_user_approve::email_message_headers() );48 }49 }50 5152 53}54public function new_user_email($user, $password){55 56 $message = "Thank you for registering on ". get_bloginfo(‘name’).". Here are your login details:57 58 Username: ".$user->user_login."59 Password: ".$password."60 Dashboard: ".cdm_shortcode_url(‘’)."";61 # $headers = 'From: My Name [email protected]' . "\r\n";62 wp_mail($user->user_email, 'Your registration for: '. get_bloginfo(‘name’).’’,apply_filters(‘sp_cdm/mail/content’,stripslashes( $message)), $headers ); 63 64}65 public function remind_user_email($user, $password){66 67 $message = "You reset your password on ". get_bloginfo(‘name’).". Here are your login details:68 69 Username: ".$user->user_login."70 Password: “.$password."71 Dashboard: “.cdm_shortcode_url(‘’)."";72 # $headers = ‘From: My Name [email protected]' . “\r\n";73 wp_mail($user->user_email, 'Reset password: '. get_bloginfo(‘name’).’’,apply_filters('sp_cdm/mail/content’,stripslashes( $message)), $headers ); 74 75}76public function register($vars){77 78foreach($vars as $key=>$var){79 80 $vars[$key] = sanitize_text_field($var); 81 }82 83 if(wp_verify_nonce( $_REQUEST[‘_wpnonce’], $vars[‘action’] ) == false){ 84 echo json_encode(array(‘error’=>’Failed’));85 die();86 }87 88 89if(get_option(‘sp_cdm_recaptcha_enable’) ==1){90 91if(cdm_verify_recpatcha(array('token’=>cdm_var(‘token’), 'action’=>cdm_var(‘action’))) == false){92 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Please verify you are not a bot!</div>’; 93 die();94 }95 96}97if($vars[‘register_password1’] == ‘’ or $vars[‘register_password1’] == ‘’ or $vars[‘register_username’] == ‘’ or $vars[‘register_email’] == ‘’ ){98 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Please fill in all fields!</div>’; 99 100}elseif( is_email($vars[‘register_email’]) == false){101 echo '<div class="alert alert-danger"><strong>ERROR:</strong> ‘.esc_attr($vars[‘register_email’]).’ is not a valid email</div>’; 102}else{103104$username = $vars[‘register_username’];105$password = $vars[‘register_password1’];106$email = $vars[‘register_email’];107$user_id = username_exists( $username );108109 if($vars[‘register_password1’] == $vars[‘register_password2’]){110 111 if ( !$user_id and email_exists($email) == false ) {112 113 114 115 $userdata = array(116 ‘user_login’ => $username,117 ‘user_email’ => $website118);119120121 122 $user_id = wp_create_user( $username,$password , $email );123 $user = get_user_by( 'email’, $email ); 124 wp_set_password( $password,$user->ID );125 126 $this->new_user_email($user, $password);127 128 $login[‘username’] = $user->user_login;129 $login[‘password’] = $password; 130 $autologin = 1;131 132 $autologin = apply_filters('sp_dashboard_register_login_filter’,$autologin);133 do_action('sp_dashboard_register_login_action’,$user);134 135 136 if($autologin == 1){137 $this->login($login);138 }139 140 } else {141 echo '<div class="alert alert-danger"><strong>ERROR:</strong> User already exists!</div>’; 142 }143 }else{ 144 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Passwords do not match!</div>’; 145 }146}147}148 149public function new_password($vars){150 #print_r($vars);151foreach($vars as $key=>$var){152 153 $vars[$key] = sanitize_text_field($var); 154 }155 156 157 if(wp_verify_nonce( $_REQUEST[‘_wpnonce’], $vars[‘action’] ) == false){ 158 echo json_encode(array(‘error’=>’Failed’));159 die();160 }161 if(get_option(‘sp_cdm_recaptcha_enable’) ==1){162 163if(cdm_verify_recpatcha(array('token’=>cdm_var(‘token’), 'action’=>cdm_var(‘action’))) == false){164 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Please verify you are not a bot!</div>’; 165 die();166 }167 168}169 170 if($vars[‘password1’] == ‘’ or $vars[‘password1’] == ‘’){171 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Please fill in all fields!</div>’; 172 }else{173 if($vars[‘password1’] == $vars[‘password2’]){174 175 $user = get_user_by( 'email’, $vars[‘email’] ); 176 wp_set_password( $vars[‘password1’],$user->ID );177 wp_password_change_notification( $user );178 $login[‘username’] = $user->user_login;179 $login[‘password’] = $vars[‘password1’];180 $this->remind_user_email($user, $vars[‘password1’]);181 $this->login($login);182 }else{183 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Passwords do not match!</div>’; 184 }185 }186}187 188public function reset_password($vars){189foreach($vars as $key=>$var){190 191 $vars[$key] = sanitize_text_field($var); 192 }193 if(wp_verify_nonce( $_REQUEST[‘_wpnonce’], $vars[‘action’] ) == false){ 194 echo json_encode(array(‘error’=>’Failed’));195 die();196 }197 198 if(get_option(‘sp_cdm_recaptcha_enable’) ==1){199 200if(cdm_verify_recpatcha(array('token’=>cdm_var(‘token’), 'action’=>cdm_var(‘action’))) == false){201 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Please verify you are not a bot!</div>’; 202 die();203 }204 205}206 $user = get_user_by( 'email’, $vars[‘email’] );207 if($user != false){208 $key = md5($vars[‘email’].’|’.md5(time()));209 set_transient( $key, $vars[‘email’],HOUR_IN_SECONDS );210211 $message = 'Someone has requested a new password click here if you would like to continue to reset your password: '.cdm_shortcode_url(‘key=’.$key.’’).’’;212 # $headers = 'From: My Name [email protected]' . “\r\n";213 add_filter('wp_mail_content_type’, ‘set_html_content_type’);214 wp_mail($vars[‘email’], 'Password Reset’,apply_filters('sp_cdm/mail/content’,stripslashes( $message)), $headers ); 215 remove_filter('wp_mail_content_type’, ‘set_html_content_type’); 216 echo '<div class="alert alert-success">Please check your email to reset your password!</div>’;217 }else{218 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Email Not Found</div>’; 219 }220}221public function logout(){222 223 wp_logout(); 224 echo 'refresh’;225 226 227}228 229public function login($vars){230 foreach($vars as $key=>$var){231 232 $vars[$key] = sanitize_text_field($var); 233 }234 235 236 if(wp_verify_nonce( $_REQUEST[‘_wpnonce’], $vars[‘action’] ) == false){ 237 echo json_encode(array(‘error’=>’Failed’));238 die();239 }240 if(get_option(‘sp_cdm_recaptcha_enable’) ==1){241 $recaptcha = cdm_verify_recpatcha(array('token’=>cdm_var(‘token’), 'action’=>cdm_var(‘action’)));242if($recaptcha == false){243 244 echo '<div class="alert alert-danger"><strong>ERROR:</strong> '.$recaptcha[0].’!</div>’; 245 die();246 }247 248}249 250 #print_r($vars);251 $login = wp_authenticate($vars[‘username’], $vars[‘password’]) ;252 253 if ( is_wp_error( $login ) ) {254 $error_string = $login->get_error_message();255 echo '<div class="alert alert-danger"><strong>ERROR:</strong> Invalid login. <a href="#” class="reset-password">Lost your password?</a></div>’;256}else{257 $user_id = $login->ID;258 wp_set_current_user( $user_id, $user_login );259 wp_set_auth_cookie( $user_id ); 260echo 'refresh’; 261}262 263 264 }265 266 267 function order_by()268 {269 270 $orderby = 'name’;271 272 $orderby = apply_filters('sp_cdm_order_by_ajax’, $orderby);273 274 return $orderby;275 }276 277 function project_dropdown()278 {279 280 if (class_exists(‘spdm_sub_projects’)) {281 echo spdm_sub_projects::project_dropdown_replace();282 } else {283 echo sp_cdm_replace_project_select();284 }285 286 287 288 }289 function view_file($file_id = false)290 {291 292 293 global $wpdb, $current_user, $cdm_comments, $cdm_log, $post;294 $file_info = '’;295 $info_right_column = '’;296 $info_left_column = '’;297 $html = '’;298 if ($file_id == false) {299 $file_id = intval(cdm_var(‘id’));300 }301 302 $uid = $current_user->ID ;303 if(isset($_COOKIE[‘overide_uid’]) && current_user_can(‘sp_cdm_admin_bar’)){304 if($_COOKIE[‘overide_uid’] != ‘’){305 $uid = intval($_COOKIE[‘overide_uid’]);306 }307 }308 do_action('spcdm/view_file’, $file_id);309 310 $file_types = array();311 $r = $wpdb->get_results($wpdb->prepare(“SELECT * FROM " . $wpdb->prefix . “sp_cu where id = %d order by date desc", $file_id), ARRAY_A);312 #if(cdm_is_file_orphan($r[0][‘pid’]) == true){313 # return '<strong>File Orphaned:</strong> Assign this file to a new folder.’;314 315 # }316 #317 if ($r[0][‘recycle’] == 1) {318 return '<strong>Error:</strong> 404 File not found’;319 die();320 }321 322 if (cdm_folder_permissions($r[0][‘pid’]) == 1 or $uid == $r[0][‘uid’] or current_user_can(‘manage_options’) == true or get_option(‘sp_cu_release_the_kraken’) == 1 or !wp_verify_nonce( $_REQUEST[‘_ckey’], ‘cdm-public-download’ )) {323 324 if (current_user_can(‘manage_options’) != true && get_option(‘sp_cu_release_the_kraken’) != 1) {325 if (($r[0][‘pid’] == 0 && $uid != $r[0][‘uid’])) {326 327 $html = 'You do not have access to this file.’;328 return $html;329 }330 }331 332 333 $ext = substr(strrchr($r[0][‘file’], ‘.’), 1);334 $stream_file_types = get_option(‘sp_cu_stream_file_types’);335 if ($stream_file_types != ‘’) {336 $file_types = explode(“,", $stream_file_types);337 }338 $html .= '<div id="view_file_refresh">339340 341342343344 ';345 $html .= '<div class="sp_cu_manage">’;346 347 $html = apply_filters('sp_cdm_view_file_first_add_button’, $html, $r);348 349 350 if (class_exists(‘cdmProductivityUser’)) {351 $cdm_comments = new cdmProductivityUser;352 $html .= ‘<span id="cdm_comment_button_holder">’ . $cdm_comments->button() . '</span>’;353 }354 355 $html = apply_filters('sp_cdm_view_file_add_button’, $html, $r);356 357 $html = apply_filters('cdm/viewfile/top_navigation’, $html, $r);358 359 360 if (get_option(‘sp_cu_js_redirect’) == 1 or in_array($ext, $file_types)) {361 $target = 'target="_blank"’;362 } else {363 $target = ' ';364 }365 366 367 368 $url = cdm_download_file_link(base64_encode($r[0][‘id’] . ‘|’ . $r[0][‘date’] . ‘|’ . $r[0][‘file’]), get_option(‘sp_cu_js_redirect’), $ext, $file_types);369 370 if (strpos($url, ‘href’) === false) {371 $url = ‘href="’ . $url . '"’;372 }373 $download_url = '<a ' . $url . ' title="Download” ><span class="dashicons 374dashicons-arrow-down-alt cdm-dashicons"></span> ' . __(“Download File", “sp-client-document-manager”) . '</a> ';375 376 if (sp_cdm_is_featured_disabled('base’, ‘cdm_disable_download’) != true) {377 $html .= apply_filters('sp_cdm_viewfile_download_url’, $download_url, $r);378 }379 380 381 if (cdm_user_can_delete($uid) == true && cdm_delete_permission($r[0][‘pid’]) == 1 && get_option(‘sp_cu_user_delete_disable’) != 1) {382 $delete_button = ‘383384 <a href="javascript:sp_cu_confirm_delete(\’’ . get_option(‘sp_cu_delete’) . ‘\’,200,\’’ . $r[0][‘id’] . ‘\’);” title="Delete” class="sp-cdm-delete-file” ><span class="dashicons dashicons-no cdm-dashicons"></span> ' . __(“Delete File", “sp-client-document-manager”) . '</a>’;385 $html .= apply_filters('sp_cdm_viewfile_delete_button’, $delete_button, $r);386 }387 388 389 $html .= '<div style="clear:both"></div></div>’;390 391 392 $html .= '<div class="sp-cdm-file-date">’;393 $html = apply_filters('sp_cdm/view_file/before_date’, $html, $r);394 if (sp_cdm_is_featured_disabled(‘base’, ‘view_file_date_id’) == false) {395 $html .= ‘<em>’ . cdm_datetime($r[0][‘date’]) . ' • File ID: #’ . $r[0][‘id’] . ' </em>’;396 }397 $html = apply_filters('sp_cdm/view_file/after_date’, $html, $r);398 $html .= '</div>’;399 400 $html .= '<div class="sp-cdm-file-view-refresh">’;401 $html = apply_filters('sp_cdm/view_file/before_refresh’, $html, $r);402 if (sp_cdm_is_featured_disabled('base’, ‘view_file_refresh_button’) == false) {403 $html .= '<a href="#” class="cdm_refresh_file_view” data-id="’ . $r[0][‘id’] . '"><span class="dashicons dashicons-image-rotate cdm-dashicons"></span> ' . __('Refresh’, ‘sp-client-document-manager’) . '</a>’;404 }405 $html = apply_filters('sp_cdm/view_file/after_refresh’, $html, $r);406 $html .= '</div>’;407 $html .= '408<script type="text/javascript">409410411 if(jQuery.cookie(“viewfile_tab”)){412 413 var active_tab = jQuery.cookie(“viewfile_tab”); 414 415 }else{416 417 var active_tab = 0; 418 }419 console.log(active_tab);420421jQuery(“.viewFileTabs”).responsiveTabs({422 startCollapsed: false,423424 active: active_tab,425 activateState: function(msg){426427 428 }429});430jQuery(function($) {431 $( “.viewFileTabs li a”).on( “click", function() {432 $.cookie(“viewfile_tab", $(this).parent().index(), { expires: 7 , path:"/” }); 433 console.log($(this).parent().index())434 });435});436</script>’;437 438 439 $html = apply_filters('cdm/viewfile/under_date’, $html, $r);440 441 442 443 444 $html .= ‘<div class="viewFileTabs">445446 <ul>447448 <li><a href="#cdm-file-main">’ . __(“File Info", “sp-client-document-manager”) . '</a></li>’;449 $html = apply_filters(‘sp_cdm_view_file_after_file_info_tab’, $html, $r);450 451 if (function_exists(‘sp_cdm_revision_add’) && get_option(‘sp_cu_user_disable_revisions’) != 1) {452 if ($r[0][‘form_id’] == ‘’ or $r[0][‘form_id’] == 0) {453 $html .= ‘<li><a href="#cdm-file-revisions">’ . __(“Revisions", “sp-client-document-manager”) . '</a></li>’;454 }455 }456 if (class_exists(‘cdmProductivityUser’)) {457 if (sp_cdm_is_featured_disabled('premium’, ‘file_comments’) == false) {458 $html .= ‘<li><a href="#cdm-file-comments">’ . __(“Comments", “sp-client-document-manager”) . '</a></li>’;459 }460 }461 if (class_exists(‘cdmProductivityLog’)) {462 if ((get_option(‘sp_cu_log_admin_only’) == 1 && current_user_can(‘manage_options’)) or (get_option(‘sp_cu_log_admin_only’) == 0 or get_option(‘sp_cu_log_admin_only’) == ‘’)) {463 $html .= ‘<li><a href="#cdm-file-log">’ . __(“Download Log", “sp-client-document-manager”) . '</a></li>’;464 }465 }466 467 if (sp_cdm_is_featured_disabled('base’, ‘event_logger’) == false) {468 $html .= ‘<li><a href="#cdm-events-log">’ . __(“Events Log", “sp-client-document-manager”) . '</a></li>’;469 }470 471 $html = apply_filters('sp_cdm_view_file_tab’, $html, $r);472 473 $html .= '</ul>474475 ';476 $html = apply_filters('sp_cdm_view_file_content’, $html, $r);477 478 if (class_exists(‘cdmProductivityUser’)) {479 if (sp_cdm_is_featured_disabled('premium’, ‘file_comments’) == false) {480 $html .= ‘<div id="cdm-file-comments"><div id="cdm_comments_container">’ . $cdm_comments->view($r[0][‘id’]) . '</div></div>’;481 }482 }483 if (class_exists(‘cdmProductivityLog’)) {484 $cdm_log = new cdmProductivityLog;485 $html .= ‘<div id="cdm-file-log">’ . $cdm_log->view($r[0][‘id’]) . '</div>’;486 }487 if (sp_cdm_is_featured_disabled('base’, ‘event_logger’) == false) {488 $html .= ‘<div id="cdm-events-log">’ . cdm_get_event_log($r[0][‘id’], 'file’, 250) . '</div>’;489 }490 491 $html .= '<div id="cdm-file-main">’;492 if (get_option(‘sp_cu_wp_folder’) == ‘’) {493 $wp_con_folder = ‘/’;494 } else {495 $wp_con_folder = get_option(‘sp_cu_wp_folder’);496 }497 //print_r($r);498 499 $ext = substr(strrchr($r[0][‘file’], ‘.’), 1);500 if ($r[0][‘pid’] != 0) {501 $projecter = $wpdb->get_results("SELECT *502503 504505 FROM " . $wpdb->prefix . “sp_cu_project506507 WHERE id = '” . $r[0][‘pid’] . “’508509 “, ARRAY_A);510 $project_title = ‘’ . stripslashes($projecter[0][‘name’]) . '’;511 } else {512 $project_title = ‘’ . __(“None", “sp-client-document-manager”) . '’;513 }514 if ($ext == ‘png’ or $ext == ‘jpg’ or $ext = ‘jpeg’ or $ext = ‘gif’) {515 $icon = ‘<td width="160"><img src="’ . SP_CDM_UPLOADS_DIR_URL . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . '” width="150"></td>’;516 } else {517 $icon = '’;518 }519 $ext = preg_replace('/^.*\./’, ‘’, $r[0][‘file’]);520 $images_arr = array(521 "jpg",522 “png",523 “jpeg",524 “gif",525 “bmp"526 );527 528 529 530 if (get_option(‘sp_cu_user_projects_thumbs_pdf’) == 1 && class_exists(‘imagick’)) {531 532 $info = new Imagick();533 $formats = $info->queryFormats();534 535 } else {536 $formats = array();537 }538 539 540 541 if (in_array(strtolower($ext), $images_arr)) {542 if (get_option(‘sp_cu_overide_upload_path’) != ‘’ && get_option(‘sp_cu_overide_upload_url’) == ‘’) {543 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/package_labled.png">’;544 } else {545 $img = ‘<img src="’ . sp_cdm_thumbnail(‘’ . SP_CDM_UPLOADS_DIR_URL . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . NULL, 250) . '">’;546 }547 548 549 } elseif (strtolower($ext) == ‘mp3’) {550 $img = ‘<div class="wp-video">551 <!–[if lt IE 9]><script>document.createElement(\’video\’);</script><![endif]–>552 <audio %s controls="controls” class="wp-video-shortcode” preload="metadata” style="width:100%">553 <source type="audio/mpeg” src="’ . SP_CDM_UPLOADS_DIR_URL . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . '” />554 </audio></div>’;555 556 557 } elseif (strtolower($ext) == ‘mp4’) {558 $img = '<div style="width:100%” class="wp-video">559 <!–[if lt IE 9]><script>document.createElement(\’video\’);</script><![endif]–>560 <video %s controls="controls” class="wp-video-shortcode” preload="metadata” style="width:100%">561 <source type="video/mp4” src="’ . SP_CDM_UPLOADS_DIR_URL . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . '” />562 </video></div>’;563 564 } elseif ($ext == ‘xls’ or $ext == ‘xlsx’) {565 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/microsoft_office_excel.png">’;566 } elseif ($ext == ‘doc’ or $ext == ‘docx’) {567 568 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/microsoft_office_word.png">’;569 } elseif ($ext == ‘pub’ or $ext == ‘pubx’) {570 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/microsoft_office_publisher.png">’;571 } elseif ($ext == ‘ppt’ or $ext == ‘pptx’) {572 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/microsoft_office_powerpoint.png">’;573 } elseif ($ext == ‘adb’ or $ext == ‘accdb’) {574 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/microsoft_office_access.png">’;575 } elseif (in_array(strtoupper($ext), $formats)) {576 if (file_exists(‘’ . SP_CDM_UPLOADS_DIR . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . ‘_big.png’)) {577 $img = ‘<img src="’ . SP_CDM_UPLOADS_DIR_URL . ‘’ . $r[0][‘uid’] . ‘/’ . $r[0][‘file’] . '_big.png” width="250">’;578 } else {579 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/adobe.png">’;580 }581 } elseif ($ext == ‘pdf’ or $ext == ‘xod’) {582 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/adobe.png">’;583 } else {584 $img = ‘<img src="’ . SP_CDM_PLUGIN_URL . 'images/package_labled.png">’;585 }586 587 $img = apply_filters('sp_cdm_viewfile_image’, $img, $r[0]);588 589 $file_info .= '590591 592593 <div id="sp_cu_viewfile">594595 596597 598599 600601 <div class="sp_cu_item">602603 604605 <div class="cdm-two-column"><div class="l-column">’;606 607 $info_left_column .= '608<a ' . $target . ' ' . cdm_download_file_link(base64_encode($r[0][‘id’] . ‘|’ . $r[0][‘date’] . ‘|’ . $r[0][‘file’]), get_option(‘sp_cu_js_redirect’), $ext, $file_types) . ' title="Download” style="margin-right:15px” >609610611’ . $img . '612613</a>614615’;616 617 618 $info_left_column = apply_filters('sp_cdm_viewfile_replace_file_info’, $info_left_column, $r);619 $file_info .= $info_left_column;620 621 622 $file_info .= '</div><div class="r-column">’;623 if (sp_cdm_is_featured_disabled('base’, ‘view_file_name’) == false) {624 $info_right_column .= ‘<div class="sp_su_project">625 626 <strong>’ . __("File Name", “sp-client-document-manager”) . ': </strong> ' . stripslashes($r[0][‘name’]) . '<br>627 628 629 </div>’;630 }631 if (sp_cdm_is_featured_disabled('base’, ‘view_file_owner’) == false) {632 633 if ($r[0][‘uid’] == $current_user->ID) {634 $info_right_column .= ‘<div class="sp_su_project">635 636 <strong>’ . __("File Owner", “sp-client-document-manager”) . ': </strong> ' . __('You own this file’, ‘sp-client-document-manager’) . '<br>637 638 639 </div>’;640 } else {641 $owner = get_userdata($r[0][‘uid’]);642 $info_right_column .= ‘<div class="sp_su_project">643 644 <strong>’ . __("File Owner", “sp-client-document-manager”) . ': </strong> ' . apply_filters('sp_cdm/file/owner_name’, $owner->display_name, $r[0]) . '<br>645 646 647 </div>’;648 }649 }650 if (sp_cdm_is_featured_disabled(‘base’, ‘view_folder_name’) == false) {651 $info_right_column .= ‘<div class="sp_su_project">652 653 <strong>’ . sp_cdm_folder_name() . ' #’ . $r[0][‘uid’] . ‘: </strong>’ . $project_title . '654 655 </div>’;656 }657 if (sp_cdm_is_featured_disabled('base’, ‘view_file_type’) == false) {658 $info_right_column .= ‘<div class="sp_su_project">659 660 <strong>’ . __("File Type ", “sp-client-document-manager”) . ‘: </strong>’ . $ext . '661 662 </div>’;663 }664 if (sp_cdm_is_featured_disabled('base’, ‘view_file_size’) == false) {665 $info_right_column .= ‘<div class="sp_su_project">666 667 <strong>’ . __("File Size ", “sp-client-document-manager”) . ‘: </strong>’ . _cdm_file_size($r[0]) . ' 668 669 </div>670 ';671 }672 $extra_file_info = '’;673 $info_right_column .= apply_filters('sp_cdm_file_view_info’, $extra_file_info, $r[0]);674 675 676 if (class_exists(‘sp_premium_license’)) {677 678 if ($r[0][‘cid’] != ‘’ && $r[0][‘cid’] != 0) {679 680 681 682 }683 684 }685 if ($r[0][‘tags’] != “”) {686 $info_right_column .= ‘687688<div class="sp_su_notes">689690<strong>’ . __("Tags ", “sp-client-document-manager”) . ': </strong> ' . stripslashes($r[0][‘tags’]) . ‘691692</div>’;693 }694 695 if ($r[0][‘notes’] != “”) {696 $info_right_column .= ‘697698<div class="sp_su_notes">699700<strong>’ . __("Notes “, “sp-client-document-manager”) . ': </strong> ' . stripslashes($r[0][‘notes’]) . '701702</div>’;703 }704 705 if (class_exists(‘sp_premium_license’)) {706 707 if (sp_cdm_get_form_fields($r[0][‘id’]) != ‘’) {708 $info_right_column .= '709 710 <div class="sp_su_notes">711 712 ' . sp_cdm_get_form_fields($r[0][‘id’]) . '713 714 </div>’;715 }716 }717 718 719 $info_right_column = apply_filters('sp_cdm_view_file_notes’, $info_right_column, $r);720 $file_info .= $info_right_column;721 $file_info .= '722723 724725726727728</div><div style="clear:both"></div>729730 </div></div>’;731 732 $file_info = apply_filters('sp_cdm_viewfile_replace_file_infos’, $file_info, $r, $info_left_column, $info_right_column);733 $html .= $file_info;734 735 $html .= '</div></div>736737 738739 740741 </div>742743 744745 746747 748749 </div>750751 ';752 753 $html = apply_filters('sp_cdm_viewfile’, $html, $r);754 } else {755 $html = ‘You do not have access to this file.’;756 }757 return $html;758 }759 function delete_file($file_id = false)760 {761 762 global $wpdb, $current_user;763 if (!is_user_logged_in()) {764 echo ‘Not loggeed in’;765 exit;766 }767 768 if ($file_id == false) {769 $file_id = sanitize_text_field(cdm_var(‘file_id’));770 if ($file_id != NULL) {771 $file_id = $file_id;772 } else {773 $file_id = sanitize_text_field(cdm_var(‘dlg-delete-file’));774 }775 }776 $r = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu where id = %d order by date desc", $file_id), ARRAY_A);777 778 779 if ((($current_user->ID == $r[0][‘uid’] or cdmFindLockedGroup($current_user->ID, $r[0][‘uid’]) == true) && get_option(‘sp_cu_user_delete_disable’) != 1) or current_user_can(‘manage_options’)) {780 781 782 cdm_recycle(‘file’, $file_id);783 784 785 } else {786 787 echo ‘File Ownership error’;788 }789 }790 function get_file_info()791 {792 global $wpdb, $current_user;793 if (!is_user_logged_in())794 exit;795 header(‘Cache-Control: no-cache, must-revalidate’);796 header(‘Expires: Mon, 26 Jul 1997 05:00:00 GMT’);797 header(‘Content-type: application/json’);798 $r = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . “sp_cu where id = %d", sanitize_text_field(cdm_var(‘id’))), ARRAY_A);799 return str_replace(array(800 '[',801 ']‘802 ), ‘’, htmlspecialchars(json_encode($r[0]), ENT_NOQUOTES));803 }804 805 806 function remove_cat($id = false)807 {808 global $wpdb, $current_user;809 810 811 $user = get_userdata($current_user->ID);812 if (!is_user_logged_in())813 exit;814 if ($id != false) {815 $project_id = $id;816 } else {817 $project_id = cdm_var(‘id’);818 }819 820 $r = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where id = %d ", $project_id), ARRAY_A);821 822 823 if ((($current_user->ID == $r[0][‘uid’] or cdmFindLockedGroup($current_user->ID, $r[0][‘uid’]) == true) && get_option(‘sp_cu_user_delete_disable’) != 1) or current_user_can(‘manage_options’) or cdm_folder_permissions($project_id) == 1) {824 825 826 827 #delete this projects files828 $f = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu where pid = %d ", $project_id), ARRAY_A);829 830 for ($j = 0; $j < count($f); $j++) {831 832 cdm_recycle(‘file’, $f[$j][‘id’]);833 #$this->delete_file($f[$j][‘id’]);834 835 #$this->remove_cat($id);836 }837 838 #find and remove sub folders839 $p = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where parent = %d “, $project_id), ARRAY_A);840 for ($i = 0; $i < count($p); $i++) {841 842 $this->remove_cat($p[$i][‘id’]);843 #cdm_recycle('folder’,$p[$i][‘id’]);844 }845 #delete the project846 #sp_cdm_write_log(‘Recycled folder: ‘.$r[0][‘name’].’’);847 #$wpdb->query($wpdb->prepare("DELETE FROM " . $wpdb->prefix . “sp_cu_project WHERE id = %d",$project_id )); 848 849 cdm_recycle('folder’, $project_id);850 sp_cdm_write_log(‘’ . $user->display_name . ' Recycled Folder: ' . $r[0][‘name’] . ‘’);851 } else {852 sp_cdm_write_log('Error: ' . $user->display_name . ' Failed recycling folder: ' . $r[0][‘name’] . ‘’);853 }854 855 cdm_delete_cache();856 857 }858 function save_cat()859 {860 861 global $wpdb, $current_user;862 if (!is_user_logged_in()) {863 echo ‘Error: Not logged in.’;864 exit;865 }866 867 $insert[‘name’] = sanitize_text_field(cdm_var(‘name’));868 869 $pid = intval(cdm_cookie(‘pid’));870 if ($pid == ‘’) {871 $pid = 0;872 }873 874 if (cdm_var(‘id’) != “”) {875 $where[‘id’] = sanitize_text_field(cdm_var(‘id’));876 $wpdb->update(“” . $wpdb->prefix . “sp_cu_project", $insert, $where);877 do_action(‘sp_cdm/save_folder’, $where[‘id’], $insert);878 echo ‘’ . __(sprintf(“Updated %s Name", sp_cdm_folder_name()), “sp-client-document-manager”) . ‘: ' . esc_attr($insert[‘name’]) . ‘’;879 cdm_delete_cache();880 exit;881 } else {882 $insert[‘uid’] = sanitize_text_field(cdm_var(‘uid’));883 $insert[‘parent’] = sanitize_text_field($pid);884 foreach ($insert as $key => $value) {885 if (is_null($value)) {886 unset($insert[$key]);887 }888 }889 $wpdb->insert(“” . $wpdb->prefix . "sp_cu_project", $insert);890 do_action(‘sp_cdm/save_folder’, $wpdb->insert_id, $insert);891 892 cdm_delete_cache();893 exit;894 }895 896 echo ‘Error!’;897 }898 function file_list()899 {900 global $wpdb, $current_user;901 if (!is_user_logged_in())902 exit;903 if (function_exists(‘cdmFindGroups’)) {904 $find_groups = cdmFindGroups(sanitize_text_field(cdm_var(‘uid’)), 1);905 }906 907 908 $pid = intval(cdm_var(‘pid’));909 if (intval(cdm_var(‘pid’)) == ‘’) {910 911 $pid = 0;912 913 }914 915 916 917 918 919 920 921 if (cdm_var(‘search’) != “”) {922 $search_project .= " AND " . $wpdb->prefix . “sp_cu_project.name LIKE '%” . sanitize_text_field(cdm_var(‘search’)) . "%’ ";923 } else {924 if ($pid == ‘’ or $pid == ‘undefined’) {925 $search_project .= " AND " . $wpdb->prefix . "sp_cu_project.parent = ‘0’ ";926 } else {927 $search_project .= " AND " . $wpdb->prefix . “sp_cu_project.parent = '” . $pid . "’ ";928 }929 }930 if (get_option(‘sp_cu_hide_project’) == 1) {931 932 933 $r_projects_query = "SELECT " . $wpdb->prefix . "sp_cu.name,934935 " . $wpdb->prefix . "sp_cu.id,936937 " . $wpdb->prefix . "sp_cu.pid ,938939 " . $wpdb->prefix . "sp_cu.uid,940941 " . $wpdb->prefix . "sp_cu.parent,942943 " . $wpdb->prefix . "sp_cu_project.name AS project_name,944945 " . $wpdb->prefix . "sp_cu_project.parent946947 948949 FROM " . $wpdb->prefix . "sp_cu 950951 LEFT JOIN " . $wpdb->prefix . "sp_cu_project ON " . $wpdb->prefix . "sp_cu.pid = " . $wpdb->prefix . "sp_cu_project.id952953 WHERE (" . $wpdb->prefix . “sp_cu.uid = '” . sanitize_text_field(cdm_var(‘uid’)) . "’ " . $find_groups . ")954955 AND pid != 0956957 AND " . $wpdb->prefix . "sp_cu.parent = 0 958 959 AND " . $wpdb->prefix . "sp_cu_project.recycle = 0 960961 " . $sub_projects . "";962 963 if ($pid == 0 or $pid == ‘’) {964 $r_projects_query = apply_filters(‘sp_cdm_projects_query’, $r_projects_query, sanitize_text_field(cdm_var(‘uid’)));965 }966 967 $r_projects_query .= " " . $search_project . "968 969 GROUP BY pid970971 ORDER by date desc";972 if (get_option(‘sp_cu_release_the_kraken’) == 1) {973 unset($r_projects_query);974 $r_projects_query = "SELECT 975 " . $wpdb->prefix . "sp_cu_project.id,976977 " . $wpdb->prefix . "sp_cu_project.id AS pid,978979 " . $wpdb->prefix . "sp_cu_project.uid,980981 " . $wpdb->prefix . "sp_cu_project.name AS project_name,982983 " . $wpdb->prefix . "sp_cu_project.parent984 FROM " . $wpdb->prefix . "sp_cu_project985 WHERE id != ‘’986 987 " . $search_project . " AND recycle = 0 ORDER by name988";989 }990 991 $r_projects = $wpdb->get_results($r_projects_query, ARRAY_A);992 } else {993 994 995 $r_projects_groups_addon = apply_filters(‘sp_cdm_projects_query’, $r_projects_groups_addon, sanitize_text_field(cdm_var(‘uid’)));996 997 $r_projects_query = "SELECT 998999 " . $wpdb->prefix . "sp_cu_project.id,10001001 " . $wpdb->prefix . "sp_cu_project.id AS pid,10021003 " . $wpdb->prefix . "sp_cu_project.uid,10041005 " . $wpdb->prefix . "sp_cu_project.name AS project_name,10061007 " . $wpdb->prefix . "sp_cu_project.parent10081009 10101011 FROM " . $wpdb->prefix . "sp_cu_project10121013 WHERE (" . $wpdb->prefix . “sp_cu_project.uid = '” . sanitize_text_field(cdm_var(‘uid’)) . "’ " . $find_groups . " " . $r_projects_groups_addon . ") 10141015 10161017 " . $search_project . "10181019 ";1020 1021 $r_projects_query .= "1022 AND recycle = 0 1023 ORDER by name";1024 1025 1026 1027 if (get_option(‘sp_cu_release_the_kraken’) == 1) {1028 unset($r_projects_query);1029 $r_projects_query = "SELECT 1030 " . $wpdb->prefix . "sp_cu_project.id,10311032 " . $wpdb->prefix . "sp_cu_project.id AS pid,10331034 " . $wpdb->prefix . "sp_cu_project.uid,10351036 " . $wpdb->prefix . "sp_cu_project.name AS project_name,10371038 " . $wpdb->prefix . “sp_cu_project.parent1039 FROM " . $wpdb->prefix . “sp_cu_project1040 WHERE id != '’1041 AND recycle = 0 1042 1043 " . $search_project . " ORDER by name1044";1045 }1046 1047 $r_projects_query = apply_filters('sp_cdm_project_query_final’, $r_projects_query);1048 $r_projects = $wpdb->get_results($r_projects_query, ARRAY_A);1049 }1050 echo '<div id="dlg_cdm_file_list">10511052 <table border="0” cellpadding="0” cellspacing="0">10531054 <thead>’;1055 if ($pid == ‘’) {1056 $jscriptpid = "’’";1057 } else {1058 $jscriptpid = “’” . $pid . “’";1059 }1060 echo '<tr>’;1061 1062 do_action(‘spdm_file_list_column_before_sort’);1063 1064 echo '<th></th>10651066 <th class="cdm_file_info” style="text-align:left"><a href="javascript:sp_cdm_sort(\’name\’,’ . $jscriptpid . ')">’ . __("Name", “sp-client-document-manager”) . ‘</a></th>10671068 <th class="cdm_file_date"><a href="javascript:sp_cdm_sort(\’date\’,’ . $jscriptpid . ')">’ . __(“Date", “sp-client-document-manager”) . ‘</a></th>10691070 10711072 <th class="cdm_file_type">’ . __(“Type", “sp-client-document-manager”) . ‘</th> 10731074 </tr> 10751076 10771078 ‘;1079 1080 1081 1082 if (($pid != “0” && $pid != ‘’) && ((get_option(‘sp_cu_user_projects’) == 1 && get_option(‘sp_cu_user_projects_modify’) != 1) or current_user_can(‘manage_options’))) {1083 $r_project_info = $wpdb->get_results($wpdb->prepare(“SELECT * FROM " . $wpdb->prefix . “sp_cu_project where id = %d", $pid), ARRAY_A);1084 1085 if ($r_project_info[0][‘uid’] == cdm_var(‘uid’)) {1086 echo '<tr>10871088 10891090 <th colspan="4” style="text-align:right">10911092 <div style="padding-right:10px">’;1093 1094 echo ‘<a href="javascript:sp_cu_dialog(\’#edit_category_’ . $pid . ‘\’,550,130)"><img src="’ . SP_CDM_PLUGIN_URL . ‘images/application_edit.png"> ' . __(“Edit", “sp-client-document-manager”) . ' ' . sp_cdm_folder_name() . ' ' . __(“Name", “sp-client-document-manager”) . '</a> 1095 <a href="#” class="sp-cdm-delete-category” data-id="’ . $pid . '” style="margin-left:20px"> <img src="’ . SP_CDM_PLUGIN_URL . ‘images/delete_small.png"> ' . __(“Remove", “sp-client-document-manager”) . ' ' . sp_cdm_folder_name() . '</a>’;1096 1097 1098 do_action('cdm/ajax/folder/navigation’, $pid);1099 1100 1101 1102 echo ‘<div style="display:none"> 11031104 11051106 11071108 11091110 <div id="delete_category_’ . $pid . '” title="’ . __(“Delete Category?", “sp-client-document-manager”) . '">11111112 <p><span class="ui-icon ui-icon-alert” style="float:left; margin:0 7px 20px 0;"></span>’ . __(“Are you sure you would like to delete this category? Doing so will remove all files related to this category.", “sp-client-document-manager”) . ‘</p>11131114 </div>1115111611171118 11191120 11211122 <div id="edit_category_’ . $pid . ‘"> 11231124 11251126 ' . sp_cdm_folder_name() . ' ' . __(“Name", “sp-client-document-manager”) . ‘: <input value="’ . esc_attr(stripslashes($r_project_info[0][‘name’])) . '” id="edit_project_name_’ . intval($pid) . '” type="text” name="name” style="width:200px !important"> 11271128 <input type="submit” value="’ . __(“Save", “sp-client-document-manager”) . ' ' . sp_cdm_folder_name() . '” class="sp-cdm-save-category” data-id="’ . $pid . '">11291130 11311132 </div>11331134 11351136 11371138 11391140 </div>11411142 11431144 11451146 </th>11471148 11491150 </tr> 11511152 11531154 ‘;1155 }1156 }1157 echo ‘</thead><tbody>’;1158 if ($pid != 0) {1159 $query_project = $wpdb->get_results($wpdb->prepare("SELECT *11601161 11621163 11641165 FROM " . $wpdb->prefix . "sp_cu_project11661167 WHERE id = %d11681169 11701171 “, $pid), ARRAY_A);1172 echo '<tr >’;1173 1174 do_action(‘spdm_file_list_column_before_folder_back’);1175 1176 echo '<td class="cdm_file_icon ext_directory” onclick="sp_cdm_load_project(' . intval($query_project[0][‘parent’]) . ')“></td>11771178 <td class="cdm_file_info” onclick="sp_cdm_load_project(' . intval($query_project[0][‘parent’]) . ')">« ' . __(“Go Back", “sp-client-document-manager”) . '</td>11791180 <td class="cdm_file_date” onclick="sp_cdm_load_project(' . intval($query_project[0][‘parent’]) . ')“> </td>11811182 11831184 <td class="cdm_file_type” onclick="sp_cdm_load_project(' . intval($query_project[0][‘parent’]) . ')">’ . __(“Folder", “sp-client-document-manager”) . '</td> 11851186 </tr> 11871188 ';1189 }1190 if (count($r_projects) > 0) {1191 for ($i = 0; $i < count($r_projects); $i++) {1192 if ($r_projects[$i][‘project_name’] != “”) {1193 echo '<tr >1194’;1195 do_action('spdm_file_list_column_before_folder’, $r_projects[$i][‘pid’]);1196 echo '1197 <td class="cdm_file_icon ext_directory” onclick="sp_cdm_load_project(' . intval($r_projects[$i][‘pid’]) . ')“></td>11981199 <td class="cdm_file_info” onclick="sp_cdm_load_project(' . intval($r_projects[$i][‘pid’]) . ')">’ . esc_attr(stripslashes($r_projects[$i][‘project_name’])) . '</td>12001201 <td class="cdm_file_date” onclick="sp_cdm_load_project(' . intval($r_projects[$i][‘pid’]) . ')“> </td>12021203 12041205 <td class="cdm_file_type">Folder</td> 12061207 </tr> 12081209 ';1210 }1211 }1212 }1213 if (cdm_var(‘sort’) == ‘’) {1214 $sort = $this->order_by();1215 1216 } else {1217 $sort = cdm_var(‘sort’);1218 }1219 1220 1221 if ($pid == “” or $pid == “0” or $pid == “undefined” or $pid == “null”) {1222 if (cdm_var(‘search’) != “”) {1223 $search_file .= " AND (name LIKE '%” . sanitize_text_field(cdm_var(‘search’)) . "%’ or tags LIKE '%” . sanitize_text_field(cdm_var(‘search’)) . "%’) ";1224 $r_projects_groups_addon_search = str_replace("wp_sp_cu_project.id", "pid", $r_projects_groups_addon);1225 } else {1226 $search_file .= " AND pid = 0 AND parent = 0 ";1227 }1228 $search_file = apply_filters("sp_cdm_file_search_query", $search_file, $pid);1229 $r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . “sp_cu where (uid = '” . cdm_var(‘uid’) . "’ " . $r_projects_groups_addon_search . ") " . $search_file . " order by " . $sort . " “, ARRAY_A);1230 1231 } else {1232 if (cdm_var(‘search’) != “”) {1233 $search_file .= " AND (name LIKE '%” . sanitize_text_field(cdm_var(‘search’)) . "%’ or tags LIKE '%” . sanitize_text_field(cdm_var(‘search’)) . "%’) ";1234 } else {1235 $search_file .= " AND parent = 0 ";1236 }1237 $search_file = apply_filters("sp_cdm_file_search_query", $search_file, $pid);1238 $r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . “sp_cu where (pid = '” . $pid . "’) " . $search_file . " order by " . $sort . " “, ARRAY_A);1239 1240 }1241 1242 1243 if (get_option(‘sp_cu_release_the_kraken’) == 1) {1244 unset($r);1245 1246 1247 1248 1249 1250 if (cdm_var(‘search’) == “”) {1251 1252 $search_file .= " AND (pid = '” . $pid . "’) ";1253 }1254 $search_file = apply_filters("sp_cdm_file_search_query", $search_file, $pid);1255 $query = "SELECT * FROM " . $wpdb->prefix . "sp_cu where id != ‘’ " . $search_file . " and parent = 0 order by " . $sort . " “;1256 //echo $query ;1257 $r = $wpdb->get_results($query, ARRAY_A);1258 1259 1260 }1261 1262 for ($i = 0; $i < count($r); $i++) {1263 $ext = preg_replace(‘/^.*\./’, ‘’, $r[$i][‘file’]);1264 $r_cat = $wpdb->get_results("SELECT name FROM " . $wpdb->prefix . “sp_cu_cats where id = '” . $r[$i][‘cid’] . "’ “, ARRAY_A);1265 if ($r_cat[0][‘name’] == ‘’) {1266 $cat = stripslashes($r_cat[0][‘name’]);1267 } else {1268 $cat = '’;1269 }1270 if (cdm_var(‘search’) != “” && sp_cdm_get_project_name($r[$i][‘pid’]) != false) {1271 $project_name = ' <em>(' . sp_cdm_folder_name() . ': ' . sp_cdm_get_project_name($r[$i][‘pid’]) . ')</em> ';1272 } else {1273 $project_name = '’;1274 }1275 echo '<tr >1276 ';1277 do_action('spdm_file_list_column_before_file’, $r[$i][‘id’]);1278 1279 1280 if (get_option(‘sp_cu_file_direct_access’) == 1) {1281 $file_link = ‘window.open(\’’ . cdm_download_file_link(base64_encode($r[$i][‘id’] . ‘|’ . $r[$i][‘date’] . ‘|’ . $r[$i][‘file’]), get_option(‘sp_cu_js_redirect’)) . ‘\’)';1282 ;1283 } else {1284 $file_link = 'cdmViewFile(' . $r[$i][‘id’] . ')';1285 }1286 if (cdm_file_permissions($r[$i][‘pid’]) == 1) {1287 $file_link = apply_filters('spcdm/file_list/link’, $file_link, $r[$i]);1288 echo ‘1289 <td class="cdm_file_icon ext_’ . $ext . '” onclick="cdmViewFile(' . $r[$i][‘id’] . ')“></td>12901291 <td class="cdm_file_info” onclick="’ . $file_link . ‘">’ . stripslashes($r[$i][‘name’]) . ' ' . $project_name . '</td>12921293 <td class="cdm_file_date” onclick="’ . $file_link . ‘">’ . cdm_datetime($r[$i][‘date’]) . '</td>1294129512961297 <td class="cdm_file_type” onclick="’ . $file_link . ‘">’ . $ext . '</td> 12981299 </tr> 13001301 ';1302 }1303 }1304 echo '</tbody></table><div style="clear:both"></div></div>’;1305 }1306 1307 function sub_folders($id, $main, $zip)1308 {1309 global $wpdb, $current_user;1310 1311 $folders = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where parent = %d and recycle = 0", sanitize_text_field($id)), ARRAY_A);1312 1313 #echo "SELECT * FROM " . $wpdb->prefix . "sp_cu_project where parent = $id ";1314 #print_r($folders);1315 if (count($folders) > 0) {1316 1317 for ($j = 0; $j < count($folders); $j++) {1318 $dir = spdm_ajax::get_folder_structure($folders[$j][‘id’]);1319 $zip->addDirectory($dir);1320 $main = $dir;1321 1322 $r = spdm_ajax::folder_files($folders[$j][‘id’]);1323 // print_r($r);1324 for ($i = 0; $i < count($r); $i++) {1325 1326 $dir = ‘’ . SP_CDM_UPLOADS_DIR . ‘’ . $r[$i][‘uid’] . '/’;1327 # echo $main.’/’.$r[$i][‘file’];1328 do_action('cdm/zip/before_add_file’, $r[$i]);1329 $zip->addFile(spdm_ajax::get_file($dir . $r[$i][‘file’]), $main . ‘’ . $r[$i][‘file’], @filectime($dir . $r[$i][‘file’]));1330 do_action('cdm/zip/after_add_file’, $r[$i]);1331 unset($dir);1332 1333 1334 1335 }1336 spdm_ajax::sub_folders($folders[$j][‘id’], $main, $zip);1337 1338 }1339 1340 1341 }1342 1343 1344 }1345 public static function folder_files($id)1346 {1347 global $wpdb, $current_user;1348 if (!is_user_logged_in())1349 exit;1350 $r_project = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu where pid = %d and recycle = 0", sanitize_text_field($id)), ARRAY_A);1351 1352 return $r_project;1353 1354 }1355 public static function folder_name($id)1356 {1357 global $wpdb, $current_user;1358 if (!is_user_logged_in())1359 exit;1360 $r_project = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where id = %d", sanitize_text_field($id)), ARRAY_A);1361 1362 return stripslashes($r_project[0][‘name’]);1363 }1364 public static function get_folder_structure($pid)1365 {1366 1367 global $wpdb, $current_user;1368 if (!is_user_logged_in())1369 exit;1370 $array = array_reverse(spdm_ajax::get_structure($pid));1371 1372 1373 foreach ($array as $id => $name) {1374 1375 $folder .= ‘’ . $name . '/’;1376 }1377 return $folder;1378 }1379 function get_structure($pid, $folder_structure = array())1380 {1381 global $wpdb, $current_user;1382 if (!is_user_logged_in())1383 exit;1384 1385 $r = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where id = %d and recycle = 0", sanitize_text_field($pid)), ARRAY_A);1386 $folder_structure[$r[0][‘id’]] = spdm_ajax::folder_name($r[0][‘id’]);1387 if ($r[0][‘parent’] == 0) {1388 $folder_structure[$r[0][‘id’]] = spdm_ajax::folder_name($r[0][‘id’]);1389 } else {1390 1391 $s = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where id = %d and recycle = 0", $r[0][‘parent’]), ARRAY_A);1392 $folder_structure[$s[0][‘id’]] = spdm_ajax::folder_name($s[0][‘id’]);1393 $folder_structure = spdm_ajax::get_structure($r[0][‘parent’], $folder_structure);1394 1395 1396 1397 1398 }1399 1400 1401 return $folder_structure;1402 }1403 function get_file($file)1404 {1405 1406 $filename = $file;1407 $handle = fopen($filename, “r”);1408 $contents = fread($handle, filesize($filename));1409 fclose($handle);1410 return $contents;1411 1412 }1413 1414 1415 function vendor_replace_vars($message, $post)1416 {1417 1418 $message = str_replace('[file]', $post[‘links’], $message);1419 $message = str_replace('[notes]', $post[‘vendor-message’], $message);1420 $message = wpautop($message);1421 return $message;1422 1423 }1424 function email_vendor()1425 {1426 1427 if (wp_verify_nonce(cdm_var(‘cdm_nonce’), ‘cdm_nonce’) == false) {1428 exit(‘Security Error’);1429 }1430 1431 1432 global $wpdb, $current_user;1433 if (count(cdm_var(‘vendor_email’)) == 0) {1434 echo ‘<p style="color:red;font-weight:bold">’ . __("Please select at least one file!", “sp-client-document-manager”) . '</p>’;1435 } else {1436 1437 1438 $files = cdm_var(‘vendor_email’);1439 $how_many = count($files);1440 1441 $format = implode(', ', $files);1442 1443 $query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "sp_cu WHERE id IN (" . $format . ")", $format);1444 1445 $r = $wpdb->get_results($query, ARRAY_A);1446 1447 for ($i = 0; $i < count($r); $i++) {1448 if ($r[$i][‘name’] == “”) {1449 $name = $r[$i][‘file’];1450 } else {1451 $name = $r[$i][‘name’];1452 }1453 1454 if ($r[$i][‘name’] == ‘’) {1455 $filename = $r[$i][‘file’];1456 } else {1457 $filename = $r[$i][‘name’];1458 }1459 $attachment_links .= '<a ' . cdm_download_file_link(base64_encode($r[$i][‘id’] . ‘|’ . $r[$i][‘date’] . ‘|’ . $r[$i][‘file’]), get_option(‘sp_cu_js_redirect’)) . ‘>’ . $filename . '</a><br>’;1460 $attachment_array[$i] = ‘’ . SP_CDM_UPLOADS_DIR . ‘’ . $r[$i][‘uid’] . ‘/’ . $r[$i][‘file’] . '’;1461 }1462 1463 1464 1465 if (cdm_var(‘vendor_attach’) == 3) {1466 $attachments = $attachment_array;1467 $links .= $attachment_links;1468 } elseif (cdm_var(‘vendor_attach’) == 1) {1469 $attachments = $attachment_array;1470 } else {1471 $links .= $attachment_links;1472 }1473 1474 $post[‘links’] = $links;1475 $post[‘vendor-message’] = sanitize_text_field(cdm_var(‘vendor-message’));1476 $to = sanitize_text_field(cdm_var(‘vendor’));1477 $message = spdm_ajax::vendor_replace_vars(get_option(‘sp_cu_vendor_email’), $post);1478 $subject = spdm_ajax::vendor_replace_vars(get_option(‘sp_cu_vendor_email_subject’), $post);1479 $headers = apply_filters('sp_cdm/mail/headers’, $headers, wp_get_current_user(), $to, $subject, $message);1480 //$headers = apply_filters('spcdm_admin_email_headers’,$headers,$post, $uid);1481 if (get_option(‘sp_cu_vendor_email’) != “”) {1482 add_filter('wp_mail_content_type’, ‘set_html_content_type’);1483 wp_mail(sanitize_text_field(cdm_var(‘vendor’)), strip_tags($subject), $message, $headers, $attachments);1484 remove_filter('wp_mail_content_type’, ‘set_html_content_type’);1485 1486 do_action('sp_cdm_email_send’, 'sp_cu_vendor_email’, $r[0][‘id’], $post, $uid, $to, $subject, $message, $headers, $attachments);1487 }1488 1489 1490 echo ‘<p style="color:green;font-weight:bold">’ . __("Files Sent to", “sp-client-document-manager”) . ' ' . cdm_var(‘vendor’) . '</p>’;1491 }1492 }1493}1494$spcdm_ajax = new spdm_ajax;