Last active
October 20, 2016 08:28
-
-
Save matb33/5092416 to your computer and use it in GitHub Desktop.
WordPress plugin that protects resume uploads for the Job Manager plugin (http://pento.net/projects/wordpress-job-manager-plugin/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Create this folder: | |
/wp-content/plugins/job-manager-private-uploads/ | |
Put the two PHP files in there, then activate this plugin via the WordPress admin. | |
NOTE: your WordPress installation should be configured to allow WP_Rewrite to make modifications to the .htaccess file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once "../../../wp-config.php"; | |
require_once "job-manager-private-uploads.php"; | |
if (current_user_can("upload_files")) { | |
$filename = $_GET["f"]; | |
$fullFilename = ABSPATH . $filename; | |
$fileExtension = strtolower(substr(strrchr($filename, "."), 1)); | |
$attachmentFilename = str_replace(JobManagerPrivateUploads::$privacyPrefix, "", $filename); | |
switch ($fileExtension) { | |
case "pdf": $contentType = "application/pdf"; break; | |
case "exe": $contentType = "application/octet-stream"; break; | |
case "zip": $contentType = "application/zip"; break; | |
case "doc": $contentType = "application/msword"; break; | |
case "xls": $contentType = "application/vnd.ms-excel"; break; | |
case "ppt": $contentType = "application/vnd.ms-powerpoint"; break; | |
case "gif": $contentType = "image/gif"; break; | |
case "png": $contentType = "image/png"; break; | |
case "jpeg": | |
case "jpg": $contentType = "image/jpg"; break; | |
default: $contentType = "application/force-download"; | |
} | |
header("Pragma: public"); | |
header("Expires: 0"); | |
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); | |
header("Cache-Control: private", false); | |
header("Content-Type: " . $contentType); | |
header("Content-Disposition: attachment; filename=\"" . basename($attachmentFilename) . "\";"); | |
header("Content-Transfer-Encoding: binary"); | |
header("Content-Length: " . filesize($fullFilename)); | |
readfile($fullFilename); | |
} else { | |
header("HTTP/1.1 403 Forbidden"); | |
echo "<h1>Forbidden</h1>"; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Plugin Name: Job Manager Private Uploads | |
Plugin URI: https://gist.github.com/matb33/5092416 | |
Description: Prevents direct access to files uploaded using the Job Manager plugin (http://pento.net/projects/wordpress-job-manager-plugin/) | |
Version: 1.0 | |
Author: Mathieu Bouchard | |
Author URI: http://www.matb33.me/ | |
License: MIT | |
*/ | |
class JobManagerPrivateUploads { | |
public static $privacyPrefix = "PRIVATE__"; | |
private static $ruleMatch; | |
private static $ruleRedirect; | |
private static $deactivated = false; | |
public static function init() { | |
$uploadDir = wp_upload_dir(); | |
$siteURL1 = site_url("", "http") . "/"; | |
$siteURL2 = site_url("", "https") . "/"; | |
$uploadPath = str_replace($siteURL2, "", str_replace($siteURL1, "", $uploadDir["baseurl"])); | |
$downloadPath = str_replace($siteURL2, "", str_replace($siteURL1, "", plugins_url("download.php", __FILE__))); | |
self::$ruleMatch = $uploadPath . ".*/" . self::$privacyPrefix . ".+$"; | |
self::$ruleRedirect = $downloadPath . "?f=$0"; | |
} | |
private static function add_rewrite_rule() { | |
global $wp_rewrite; | |
$wp_rewrite->non_wp_rules[self::$ruleMatch] = self::$ruleRedirect; | |
} | |
private static function del_rewrite_rule() { | |
global $wp_rewrite; | |
if (array_key_exists(self::$ruleMatch, $wp_rewrite->non_wp_rules)) { | |
unset($wp_rewrite->non_wp_rules[self::$ruleMatch]); | |
} | |
} | |
public static function activate() { | |
global $wp_rewrite; | |
self::add_rewrite_rule(); | |
$wp_rewrite->flush_rules(); | |
} | |
public static function deactivate() { | |
global $wp_rewrite; | |
self::$deactivated = true; | |
self::del_rewrite_rule(); | |
$wp_rewrite->flush_rules(); | |
} | |
public static function wp_handle_upload_prefilter($file) { | |
$options = get_option("jobman_options"); | |
$fields = $options["fields"]; | |
if (count($fields) > 0) { | |
foreach ($fields as $fid => $field) { | |
$key = "jobman-field-" . $fid; | |
if (isset($_FILES[$key])) { | |
if ($_FILES[$key] === $file) { | |
$file["name"] = self::$privacyPrefix . $file["name"]; | |
return $file; | |
} | |
} | |
} | |
} | |
return $file; | |
} | |
public static function generate_rewrite_rules($wp_rewrite) { | |
if (!self::$deactivated) { | |
self::add_rewrite_rule(); | |
} | |
} | |
} | |
JobManagerPrivateUploads::init(); | |
add_filter("wp_handle_upload_prefilter", "JobManagerPrivateUploads::wp_handle_upload_prefilter"); | |
add_filter("generate_rewrite_rules", "JobManagerPrivateUploads::generate_rewrite_rules"); | |
register_activation_hook(__FILE__, "JobManagerPrivateUploads::activate"); | |
register_deactivation_hook(__FILE__, "JobManagerPrivateUploads::deactivate"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Mathieu, can you tell me how to limit the upload file size/upload cv without affect any others upload (only work for job manager). thanks
Rian Barus