jpgninja · July 1, 2020 19:27
diff --git a/wp-process-uploaded-image.php b/wp-process-uploaded-image.php
 /**
 * Process profile edit submissions.
 */
 function process_edit_profile_submission() {

 	// Verify nonce, redirect, and exit.
 	$bad_nonce = ( ! isset( $_POST['cc_profile_edit_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['cc_profile_edit_nonce'] ), 'cc_profile_edit' ) );
 	if ( $bad_nonce ) {
 		// Flash error message.
 		$flash_msg = [
 			'state'   => 'error',
 			'message' => 'Invalid security token, please try again.',
 		];
 		Flash\add_message( $flash_msg );

 		// Redirect.
 		wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
 		exit;
 	}

 	// Setup our member.
 	$user      = wp_get_current_user();
 	$member    = get_member( $user );
 	$post_data = array_map( 'trim', wp_unslash( $_POST ) );

 	// Check we have a valid Birthday date.
 	if ( ! empty( $post_data['date_of_birth'] ) ) {
 		$dob       = explode( '-', $post_data['date_of_birth'] ); // Break.
 		$valid_dob = ( ( 3 === count( $dob ) ) && checkdate( $dob[1], $dob[2], $dob[0] ) );

 		if ( ! $valid_dob ) {
 			// Flash error message.
 			$flash_msg = [
 				'state'   => 'error',
 				'message' => '🤔 Um, that\'s not a valid date for your birthday. Want to try again?',
 			];
 			Flash\add_message( $flash_msg );

 			// Redirect.
 			wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
 			exit;
 		}

 		// Calculate age.
 		$dob = new DateTime( sprintf( "%d-%d-%d", $dob[0], $dob[1], $dob[2] ) );
 		$today = new DateTime('now');
 		$age = date_diff( $today, $dob );
 		$is_minor = ( $age->y < AGE_RESTRICTION );
 		if ( $is_minor ) {
 			// Error message.
 			// Redirect.
 			wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
 			exit;
 		}
 	}

 	// Image handling.
 	if ( isset( $_FILES['file'] ) && ( 0 < $_FILES['file']['size'] ) ) {
 		$_FILES['file']['name'] = sanitize_file_name( wp_unslash( $_FILES['file']['name'] ) );
 		$image_id               = save_uploaded_profile_image( wp_unslash( $_FILES['file'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput

 		$post_data['image_id'] = $image_id;
 	}

 	// Format the data in preparation for the DB.
 	// Setup our vars.
 	$member_data = format_form_data( $post_data );

 	// Store data.
 	$stored = store_member_data( $user, $member_data );

 	if ( false === $stored ) {

 		// Error: Flash message & redirect.
 		// Redirect & exit.
 		wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
 		exit;

 	} else {

 		// Success.
    // Redirect & exit.
 		wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
 		exit;
 	}

 	// Continue.
 	return $member_data;
 }


 /**
 * Save submitted image on profile page.
 *
 * @param array $file Is a file from form upload.
 */
 function save_uploaded_profile_image( $file = '' ) {
 	global $post_id;

 	// Default error messaging & redirect.
 	$img_upload_failed_msg_args = [
 		'state'   => 'error',
 		'message' => 'Wierd&hellip; we never got that pic, could you try again?',
 	];
 	$redirect_url               = get_permalink( get_page_by_path( 'profile' ) );

 	// No image provided.
 	if ( ! is_array( $file ) ) {
 		// Redirect.
 		wp_safe_redirect( $redirect_url );
 		exit;
 	}

 	// Allowed image types.
 	$allowed_filetypes = [
 		'image/jpeg',
 		'image/gif',
 		'image/png',
 	];

 	// Setup image checks.
 	$file['name']    = sanitize_file_name( $file['name'] );
 	$max_filesize    = 1 * MB_IN_BYTES; // File size in bytes (~ 1MB).
 	$image_exists    = isset( $file['size'] );
 	$image_not_empty = ( $file['size'] > 0 );

 	// Check if there's an image.
 	if ( $image_exists && $image_not_empty ) {

 		// Setup conditions.
 		$filetype_ok = in_array( sanitize_text_field( $file['type'] ), $allowed_filetypes, true );
 		$filesize_ok = ( (int) $file['size'] <= $max_filesize );

 		// Check filetype.
 		if ( ! $filetype_ok ) {
 			// Error.
 			// Redirect.
 			wp_safe_redirect( $redirect_url );
 			exit;
 		}

 		// Check filesize.
 		if ( ! $filesize_ok ) {
 			// Set Flash message.
 			$img_upload_failed_msg_args['message'] = 'Woah&hellip; that file type was too big, could you try something smaller than a megabyte?';
 			Flash\add_message( $img_upload_failed_msg_args );

 			// Redirect.
 			wp_safe_redirect( $redirect_url );
 			exit;
 		}

 		// Check conditions.
 		if ( $filetype_ok && $filesize_ok ) {
 			// These files need to be included as dependencies when on the front end.
 			require_once ABSPATH . 'wp-admin/includes/image.php';
 			require_once ABSPATH . 'wp-admin/includes/file.php';
 			require_once ABSPATH . 'wp-admin/includes/media.php';

 			// Let WordPress handle the upload.
 			$attachment_id = media_handle_upload( 'file', $post_id );

 			if ( is_wp_error( $attachment_id ) || ( empty( $attachment_id ) ) ) {
 				// There was an error uploading the image.
 				$img_upload_failed_msg_args['message'] = $attachment_id->get_error_message();

 				// Set Flash message.
 				Flash\add_message( $img_upload_failed_msg_args );

 				// Redirect.
 				wp_safe_redirect( $redirect_url );
 				exit;

 			} else {
 				// Success!
 				add_post_meta( $post_id, 'post_image', $attachment_id, true );

 				return $attachment_id;
 			}
 		}
 	}
 }
	/**
	* Process profile edit submissions.
	*/
	function process_edit_profile_submission() {

	// Verify nonce, redirect, and exit.
	$bad_nonce = ( ! isset( $_POST['cc_profile_edit_nonce'] ) \|\| ! wp_verify_nonce( sanitize_key( $_POST['cc_profile_edit_nonce'] ), 'cc_profile_edit' ) );
	if ( $bad_nonce ) {
	// Flash error message.
	$flash_msg = [
	'state' => 'error',
	'message' => 'Invalid security token, please try again.',
	];
	Flash\add_message( $flash_msg );

	// Redirect.
	wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
	exit;
	}

	// Setup our member.
	$user = wp_get_current_user();
	$member = get_member( $user );
	$post_data = array_map( 'trim', wp_unslash( $_POST ) );

	// Check we have a valid Birthday date.
	if ( ! empty( $post_data['date_of_birth'] ) ) {
	$dob = explode( '-', $post_data['date_of_birth'] ); // Break.
	$valid_dob = ( ( 3 === count( $dob ) ) && checkdate( $dob[1], $dob[2], $dob[0] ) );

	if ( ! $valid_dob ) {
	// Flash error message.
	$flash_msg = [
	'state' => 'error',
	'message' => '🤔 Um, that\'s not a valid date for your birthday. Want to try again?',
	];
	Flash\add_message( $flash_msg );

	// Redirect.
	wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
	exit;
	}

	// Calculate age.
	$dob = new DateTime( sprintf( "%d-%d-%d", $dob[0], $dob[1], $dob[2] ) );
	$today = new DateTime('now');
	$age = date_diff( $today, $dob );
	$is_minor = ( $age->y < AGE_RESTRICTION );
	if ( $is_minor ) {
	// Error message.
	// Redirect.
	wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
	exit;
	}
	}

	// Image handling.
	if ( isset( $_FILES['file'] ) && ( 0 < $_FILES['file']['size'] ) ) {
	$_FILES['file']['name'] = sanitize_file_name( wp_unslash( $_FILES['file']['name'] ) );
	$image_id = save_uploaded_profile_image( wp_unslash( $_FILES['file'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput

	$post_data['image_id'] = $image_id;
	}

	// Format the data in preparation for the DB.
	// Setup our vars.
	$member_data = format_form_data( $post_data );

	// Store data.
	$stored = store_member_data( $user, $member_data );

	if ( false === $stored ) {

	// Error: Flash message & redirect.
	// Redirect & exit.
	wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
	exit;

	} else {

	// Success.
	// Redirect & exit.
	wp_safe_redirect( get_permalink( get_page_by_path( 'profile' ) ) );
	exit;
	}

	// Continue.
	return $member_data;
	}


	/**
	* Save submitted image on profile page.
	*
	* @param array $file Is a file from form upload.
	*/
	function save_uploaded_profile_image( $file = '' ) {
	global $post_id;

	// Default error messaging & redirect.
	$img_upload_failed_msg_args = [
	'state' => 'error',
	'message' => 'Wierd… we never got that pic, could you try again?',
	];
	$redirect_url = get_permalink( get_page_by_path( 'profile' ) );

	// No image provided.
	if ( ! is_array( $file ) ) {
	// Redirect.
	wp_safe_redirect( $redirect_url );
	exit;
	}

	// Allowed image types.
	$allowed_filetypes = [
	'image/jpeg',
	'image/gif',
	'image/png',
	];

	// Setup image checks.
	$file['name'] = sanitize_file_name( $file['name'] );
	$max_filesize = 1 * MB_IN_BYTES; // File size in bytes (~ 1MB).
	$image_exists = isset( $file['size'] );
	$image_not_empty = ( $file['size'] > 0 );

	// Check if there's an image.
	if ( $image_exists && $image_not_empty ) {

	// Setup conditions.
	$filetype_ok = in_array( sanitize_text_field( $file['type'] ), $allowed_filetypes, true );
	$filesize_ok = ( (int) $file['size'] <= $max_filesize );

	// Check filetype.
	if ( ! $filetype_ok ) {
	// Error.
	// Redirect.
	wp_safe_redirect( $redirect_url );
	exit;
	}

	// Check filesize.
	if ( ! $filesize_ok ) {
	// Set Flash message.
	$img_upload_failed_msg_args['message'] = 'Woah… that file type was too big, could you try something smaller than a megabyte?';
	Flash\add_message( $img_upload_failed_msg_args );

	// Redirect.
	wp_safe_redirect( $redirect_url );
	exit;
	}

	// Check conditions.
	if ( $filetype_ok && $filesize_ok ) {
	// These files need to be included as dependencies when on the front end.
	require_once ABSPATH . 'wp-admin/includes/image.php';
	require_once ABSPATH . 'wp-admin/includes/file.php';
	require_once ABSPATH . 'wp-admin/includes/media.php';

	// Let WordPress handle the upload.
	$attachment_id = media_handle_upload( 'file', $post_id );

	if ( is_wp_error( $attachment_id ) \|\| ( empty( $attachment_id ) ) ) {
	// There was an error uploading the image.
	$img_upload_failed_msg_args['message'] = $attachment_id->get_error_message();

	// Set Flash message.
	Flash\add_message( $img_upload_failed_msg_args );

	// Redirect.
	wp_safe_redirect( $redirect_url );
	exit;

	} else {
	// Success!
	add_post_meta( $post_id, 'post_image', $attachment_id, true );

	return $attachment_id;
	}
	}
	}
	}