malhuda/fictioneer
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 112 Wiki Activity

Add file upload restrictions

Browse Source
This commit is contained in:
Tetrakern 2023-08-13 15:05:54 +02:00
parent 0d38bae9b2
commit 192a2f2a3a
7 changed files with 144 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEVELOPMENT.md
View File

@ -296,9 +296,11 @@ Fictioneer customizes WordPress by using as many standard action and filter hook
| `the_content` | `fictioneer_embed_consent_wrappers`, `fictioneer_add_lightbox_to_post_images`, `fictioneer_add_chapter_paragraph_id`
| `the_password_form` | `fictioneer_password_form`
| `theme_page_templates` | `fictioneer_disallow_page_template_select`
| `upload_size_limit` | `fictioneer_upload_size_limit`
| `user_contactmethods` | `fictioneer_user_contact_methods`
| `user_has_cap` | `fictioneer_edit_only_comments`
| `wp_list_comments_args` | `fictioneer_comment_list_args`
| `wp_handle_upload_prefilter` | `fictioneer_upload_restrictions`
| `wp_is_application_passwords_available` | `__return_false`
| `wp_robots` | `fictioneer_add_noindex_to_robots`
| `wp_sitemaps_enabled` | `__return_false`

6
functions.php
View File

@ -77,6 +77,12 @@ if ( ! defined( 'FICTIONEER_TTS_REGEX' ) ) {
define( 'FICTIONEER_TTS_REGEX', '([.!?:"\'\u201C\u201D])\s+(?=[A-Z"\'\u201C\u201D])' );
}
// String: Default list of allowed mime types for upload restrictions
define(
'FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS',
'image/jpeg, image/png, image/webp, image/avif, image/gif, application/pdf, application/epub+zip, application/rtf, text/plain, image/svg+xml'
);
/*
* Date Strings
*/

67
includes/functions/_roles.php
View File

@ -155,6 +155,8 @@ function fictioneer_setup_roles() {
'fcn_admin_panel_access',
'fcn_adminbar_access',
'fcn_allow_self_delete',
'fcn_upload_limit',
'fcn_upload_restrictions',
// Stories
'read_fcn_story',
'edit_fcn_stories',
@ -215,6 +217,8 @@ function fictioneer_setup_roles() {
'fcn_admin_panel_access',
'fcn_adminbar_access',
'fcn_allow_self_delete',
'fcn_upload_limit',
'fcn_upload_restrictions',
// Stories
'read_fcn_story',
'edit_fcn_stories',
@ -266,6 +270,8 @@ function fictioneer_setup_roles() {
'fcn_admin_panel_access',
'fcn_reduced_profile',
'fcn_allow_self_delete',
'fcn_upload_limit',
'fcn_upload_restrictions',
// Stories
'read_fcn_story',
// Chapters
@ -303,6 +309,8 @@ function fictioneer_add_moderator_role() {
'fcn_admin_panel_access' => true,
'fcn_adminbar_access' => true,
'fcn_edit_only_others_comments' => true,
'fcn_upload_limit' => true,
'fcn_upload_restrictions' => true,
// Stories
'read_fcn_story' => true,
'edit_fcn_stories' => true,
@ -1097,6 +1105,65 @@ if ( ! current_user_can( 'manage_options' ) ) {
add_filter( 'acf/update_value/name=fictioneer_story_sticky', 'fictioneer_acf_prevent_value_update', 9999, 3 );
add_filter( 'acf/pre_render_fields', 'fictioneer_remove_make_sticky_input', 9999 );
}
// === FCN_UPLOAD_LIMIT ======================================================
/**
* Limit the default upload size in MB (minimum 1 MB)
*
* @since 5.6.0
*
* @param int $bytes Default limit value in bytes.
*
* @return int Modified maximum upload file size in bytes.
*/
function fictioneer_upload_size_limit( $bytes ) {
// Setup
$mb = absint( get_option( 'fictioneer_upload_size_limit', 5 ) ?: 5 );
$mb = max( $mb, 1 ); // 1 MB minimum
// Return maximum upload file size
return 1024 * 1024 * $mb;
}
if ( current_user_can( 'fcn_upload_limit' ) ) {
add_filter( 'upload_size_limit', 'fictioneer_upload_size_limit', 9999 );
}
// === FCN_UPLOAD_RESTRICTION ================================================
/**
* Restrict uploaded file types based on allowed MIME types
*
* @since 5.6.0
*
* @param array $file An array of data for a single uploaded file. Has keys
* for 'name', 'type', 'tmp_name', 'error', and 'size'.
*
* @return array Modified array with error message if the MIME type is not allowed.
*/
function fictioneer_upload_restrictions( $file ) {
// Setup
$filetype = wp_check_filetype( $file['name'] );
$mime_type = $filetype['type'];
$allowed = get_option( 'fictioneer_upload_mime_types', FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS ) ?:
FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS;
$allowed = fictioneer_explode_list( $allowed );
// Limit upload file types
if ( ! in_array( $mime_type, $allowed ) ){
$file['error'] = __( 'You are not allowed to upload files of this type.', 'fictioneer' );
}
// Continue filter
return $file;
}
if ( current_user_can( 'fcn_upload_restrictions' ) ) {
add_filter( 'wp_handle_upload_prefilter', 'fictioneer_upload_restrictions', 9999 );
}
}
?>

23
includes/functions/_wordpress_mods.php
View File

@ -998,4 +998,27 @@ if ( get_option( 'fictioneer_disable_all_widgets' ) ) {
add_action( 'widgets_init', 'fictioneer_disable_widgets', 99 );
}
// =============================================================================
// EXTEND ALLOWED FILE TYPES
// =============================================================================
/**
* Extend the list of allowed types for file uploads
*
* @since Fictioneer 5.6.0
*
* @param array $mimes Key-value pairs of file extensions and their MIME types.
*
* @return array Updated MIME types array.
*/
function fictioneer_extend_allowed_upload_types( $mimes ) {
$mimes['svg'] = 'image/svg+xml';
$mimes['epub'] = 'application/epub+zip';
$mimes['avif'] = 'image/avif';
return $mimes;
}
add_filter( 'upload_mimes', 'fictioneer_extend_allowed_upload_types' );
?>

15
includes/functions/settings/_register_settings.php
View File

@ -693,6 +693,13 @@ define( 'FICTIONEER_OPTIONS', array(
'sanitize_callback' => 'fictioneer_sanitize_integer',
'label' => __( 'Minutes a comment can be edited. -1 for no limit.', 'fictioneer' ),
'default' => 15
),
'fictioneer_upload_size_limit' => array(
'name' => 'fictioneer_upload_size_limit',
'group' => 'fictioneer-settings-general-group',
'sanitize_callback' => 'fictioneer_sanitize_integer',
'label' => __( '<span>Limit file uploads to</span> %s <span>MB or less for user roles with the "Upload Limit" restriction.</span>', 'fictioneer' ),
'default' => 5
)
),
'strings' => array(
@ -863,6 +870,14 @@ define( 'FICTIONEER_OPTIONS', array(
'label' => __( 'Contact Form Receivers (one email address per line)', 'fictioneer' ),
'default' => '',
'placeholder' => ''
),
'fictioneer_upload_mime_types' => array(
'name' => 'fictioneer_upload_mime_types',
'group' => 'fictioneer-settings-general-group',
'sanitize_callback' => 'sanitize_textarea_field',
'label' => __( 'Comma-separated list of allowed <a href="%s" target="_blank" rel="noreferrer">mime types</a> for user roles with the "Upload Restriction".', 'fictioneer' ),
'default' => FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS,
'placeholder' => FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS
)
)
));

29
includes/functions/settings/_settings_page_general.php
View File

@ -775,7 +775,7 @@
<input name="fictioneer_cookie_banner" type="checkbox" id="fictioneer_cookie_banner" <?php echo checked( 1, get_option( 'fictioneer_cookie_banner' ), false ); ?> value="1">
<div>
<span><?php echo FICTIONEER_OPTIONS['booleans']['fictioneer_cookie_banner']['label']; ?></span>
<p class="sub-label"><?php _e( "Shows a generic cookie consent banner and activates the <code>fictioneer_get_consent()</code> theme function that returns either false, 'necessary', or 'full'.", 'fictioneer' ) ?></p>
<p class="sub-label"><?php _e( "Shows a generic cookie consent banner and activates the <code>fictioneer_get_consent()</code> theme function that returns either false, \"necessary\", or \"full\".", 'fictioneer' ) ?></p>
</div>
</label>
@ -783,6 +783,33 @@
</div>
</div>
<div class="card">
<div class="card-wrapper">
<h3 class="card-header"><?php _e( 'File Uploads', 'fictioneer' ) ?></h3>
<div class="card-content">
<div class="text-input-inline row"><?php
printf(
FICTIONEER_OPTIONS['integers']['fictioneer_upload_size_limit']['label'],
'<input name="fictioneer_upload_size_limit" type="text" id="fictioneer_upload_size_limit" value="' . esc_attr( get_option( 'fictioneer_upload_size_limit', 5 ) ?: 5 ) . '" style="font-family: Consolas, Monaco, monospace; font-size: 87.5%;" class="text-center" size="5" placeholder="5">'
)
?></div>
<div class="textarea row">
<?php
$mime_types = get_option( 'fictioneer_upload_mime_types', FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS ) ?: FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS;
?>
<textarea name="fictioneer_upload_mime_types" id="fictioneer_upload_mime_types" rows="4" style="height: 100px;" placeholder="<?php echo FICTIONEER_DEFAULT_UPLOAD_MIME_TYPE_RESTRICTIONS; ?>"><?php echo $mime_types; ?></textarea>
<p class="sub-label"><?php printf(
FICTIONEER_OPTIONS['strings']['fictioneer_upload_mime_types']['label'],
'https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types'
); ?></p>
</div>
</div>
</div>
</div>
<div class="card">
<div class="card-wrapper">
<h3 class="card-header"><?php _e( 'Compatibility', 'fictioneer' ) ?></h3>

4
includes/functions/settings/_settings_page_roles.php
View File

@ -26,7 +26,9 @@ $editor_caps = array(
$restrictions = array(
'fcn_reduced_profile',
'fcn_edit_only_others_comments'
'fcn_edit_only_others_comments',
'fcn_upload_limit',
'fcn_upload_restrictions'
);
$admin_caps = array(