function upload_handler()
{
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return new Jetpack_Error(405, get_status_header_desc(405), 405);
}
$user = wp_authenticate('', '');
if (!$user || is_wp_error($user)) {
return new Jetpack_Error(403, get_status_header_desc(403), 403);
}
wp_set_current_user($user->ID);
if (!current_user_can('upload_files')) {
return new Jetpack_Error('cannot_upload_files', 'User does not have permission to upload files', 403);
}
if (empty($_FILES)) {
return new Jetpack_Error('no_files_uploaded', 'No files were uploaded: nothing to process', 400);
}
foreach (array_keys($_FILES) as $files_key) {
if (!isset($_POST["_jetpack_file_hmac_{$files_key}"])) {
return new Jetpack_Error('missing_hmac', 'An HMAC for one or more files is missing', 400);
}
}
$media_keys = array_keys($_FILES['media']);
$token = Jetpack_Data::get_access_token(get_current_user_id());
if (!$token || is_wp_error($token)) {
return new Jetpack_Error('unknown_token', 'Unknown Jetpack token', 403);
}
$uploaded_files = array();
$global_post = isset($GLOBALS['post']) ? $GLOBALS['post'] : null;
unset($GLOBALS['post']);
foreach ($_FILES['media']['name'] as $index => $name) {
$file = array();
foreach ($media_keys as $media_key) {
$file[$media_key] = $_FILES['media'][$media_key][$index];
}
list($hmac_provided, $salt) = explode(':', $_POST['_jetpack_file_hmac_media'][$index]);
$hmac_file = hash_hmac_file('sha1', $file['tmp_name'], $salt . $token->secret);
if ($hmac_provided !== $hmac_file) {
$uploaded_files[$index] = (object) array('error' => 'invalid_hmac', 'error_description' => 'The corresponding HMAC for this file does not match');
continue;
}
$_FILES['.jetpack.upload.'] = $file;
$post_id = isset($_POST['post_id'][$index]) ? absint($_POST['post_id'][$index]) : 0;
if (!current_user_can('edit_post', $post_id)) {
$post_id = 0;
}
$attachment_id = media_handle_upload('.jetpack.upload.', $post_id, array(), array('action' => 'jetpack_upload_file'));
if (!$attachment_id) {
$uploaded_files[$index] = (object) array('error' => 'unknown', 'error_description' => 'An unknown problem occurred processing the upload on the Jetpack site');
} elseif (is_wp_error($attachment_id)) {
$uploaded_files[$index] = (object) array('error' => 'attachment_' . $attachment_id->get_error_code(), 'error_description' => $attachment_id->get_error_message());
} else {
$attachment = get_post($attachment_id);
$uploaded_files[$index] = (object) array('id' => (string) $attachment_id, 'file' => $attachment->post_title, 'url' => wp_get_attachment_url($attachment_id), 'type' => $attachment->post_mime_type, 'meta' => wp_get_attachment_metadata($attachment_id));
// Zip files uploads are not supported unless they are done for installation purposed
// lets delete them in case something goes wrong in this whole process
if ('application/zip' === $attachment->post_mime_type) {
// Schedule a cleanup for 2 hours from now in case of failed install.
wp_schedule_single_event(time() + 2 * HOUR_IN_SECONDS, 'upgrader_scheduled_cleanup', array($attachment_id));
}
}
}
if (!is_null($global_post)) {
$GLOBALS['post'] = $global_post;
}
return $uploaded_files;
}