: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in
class Alti_ProtectUploads_Admin
private $messages = array();
public function __construct($plugin_name, $version)
$this->plugin_name = $plugin_name;
$this->version = $version;
public function get_plugin_name()
return $this->plugin_name;
public function add_submenu_page()
add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads <span class="dashicons dashicons-shield-alt" style="font-size:15px;"></span>', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page'));
public function render_settings_page()
require plugin_dir_path(__FILE__) . 'views/' . $this->plugin_name . '-admin-settings-page.php';
public function enqueue_styles()
wp_enqueue_style($this->plugin_name, plugin_dir_url(__FILE__) . 'assets/css/protect-uploads-admin.css', array(), $this->version, 'all');
public function add_settings_link($links)
$settings_link = '<a href="upload.php?page=' . $this->plugin_name . '-settings-page">' . __('Settings') . '</a>';
array_unshift($links, $settings_link);
public function get_uploads_dir()
$uploads_dir = wp_upload_dir();
return $uploads_dir['basedir'];
public function get_uploads_url()
$uploads_dir = wp_upload_dir();
return $uploads_dir['baseurl'];
public function get_uploads_subdirectories()
$directories = scandir(self::get_uploads_dir());
$subs = array(self::get_uploads_dir());
foreach ($directories as $directory) {
if (is_dir(self::get_uploads_dir() . '/' . $directory) && !preg_match('/^\.*$/', $directory)) {
$subs[] = self::get_uploads_dir() . '/' . $directory;
$subDirectories = scandir(self::get_uploads_dir() . '/' . $directory);
foreach ($subDirectories as $subDirectory) {
if (is_dir(self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory) && !preg_match('/^\.*$/', $subDirectory)) $subs[] = self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory;
public function save_form($form)
if ($form['protection'] == 'index_php') {
if ($form['protection'] == 'htaccess') {
$this->create_htaccess();
if ($form['protection'] == 'remove') {
$this->remove_htaccess();
// used to check if the current htaccess has been generated by the plugin
public function get_htaccess_identifier()
return "[plugin_name=" . $this->plugin_name . "]";
public function create_index()
// check if index php does not exists
if (self::check_protective_file('index.php') === false) {
$indexContent = "<?php // Silence is golden \n // " . self::get_htaccess_identifier() . " \n // https://www.alticreation.com/en/protect-uploads/ \n // date:" . date('d/m/Y') . "\n // .";
foreach (self::get_uploads_subdirectories() as $subDirectory) {
if (!file_put_contents($subDirectory . '/' . 'index.php', $indexContent)) {
self::register_message('Impossible to create or modified the index.php file in ' . $subDirectory, 'error');
if ($i == count(self::get_uploads_subdirectories())) {
self::register_message('The index.php file has been created in main folder and subfolders (two levels max).');
// if index php already exists
self::register_message('The index.php file already exists', 'error');
public function create_htaccess()
// Content for htaccess file
$date = date('Y-m-d H:i.s');
$htaccessContent = "\n# BEGIN " . $this->get_plugin_name() . " Plugin\n";
$htaccessContent .= "\tOptions -Indexes\n";
$htaccessContent .= "# [date={$date}] [php={$phpv}] " . self::get_htaccess_identifier() . " [version={$this->version}]\n";
$htaccessContent .= "# END " . $this->get_plugin_name() . " Plugin\n";
// if htaccess does NOT exist yet
if (self::check_protective_file('.htaccess') === false) {
// try to create and save the new htaccess file
if (!file_put_contents(self::get_uploads_dir() . '/' . '.htaccess', $htaccessContent)) {
self::register_message('Impossible to create or modified the htaccess file.', 'error');
self::register_message('The htaccess file has been created.');
// if content added to existing htaccess
if (file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, FILE_APPEND | LOCK_EX)) {
self::register_message('The htaccess file has been updated.');
self::register_message('The existing htaccess file couldn\'t be updated. Please check file permissions.', 'error');
public function remove_index()
foreach (self::get_uploads_subdirectories() as $subDirectory) {
if (file_exists($subDirectory . '/index.php')) {
unlink($subDirectory . '/index.php');
if ($i == count(self::get_uploads_subdirectories())) {
self::register_message('The index.php file(s) have(has) been deleted.');
public function remove_htaccess()
if (file_exists(self::get_uploads_dir() . '/.htaccess')) {
$htaccessContent = file_get_contents(self::get_uploads_dir() . '/.htaccess');
$htaccessContent = preg_replace('/(# BEGIN protect-uploads Plugin)(.*?)(# END protect-uploads Plugin)/is', '', $htaccessContent);
file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, LOCK_EX);
// if htaccess is empty, we remove it.
if (strlen(preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "", file_get_contents(self::get_uploads_dir() . '/.htaccess'))) == 0) {
unlink(self::get_uploads_dir() . '/.htaccess');
self::register_message('The htaccess file has been updated.');
public function get_protective_files_array()
$uploads_files = ['index.php', 'index.html', '.htaccess'];
foreach ($uploads_files as $file) {
if (file_exists(self::get_uploads_dir() . '/' . $file)) {
public function check_protective_file($file)
if (in_array($file, self::get_protective_files_array())) {
public function get_uploads_root_response_code()
$uploads_headers = get_headers(self::get_uploads_url() . '/');
if (is_array($uploads_headers)) {
if (preg_match('/200/', $uploads_headers[0])) $response = 200;
if (preg_match('/403/', $uploads_headers[0])) $response = 403;
public function get_htaccess_content()
return file_get_contents(self::get_uploads_dir() . '/.htaccess');
public function check_htaccess_is_self_generated()
if (self::check_protective_file('.htaccess') && preg_match('/' . self::get_htaccess_identifier() . '/', self::get_htaccess_content())) {
public function check_uploads_is_protected()
foreach (self::get_protective_files_array() as $file) {
if ($file === 'index.html') {
if ($file === 'index.php') {
if ($file === '.htaccess' && self::get_uploads_root_response_code() === 200) {
if (self::get_uploads_root_response_code() === 403) {
public function check_protective_file_removable() {
if( self::check_protective_file('index.html') ) {
elseif( self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403 ) {
public function get_uploads_protection_message_array()
foreach (self::get_protective_files_array() as $file) {
if ($file === '.htaccess' && self::get_uploads_root_response_code() === 403) {
$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('.htaccess file is present and access to uploads directory returns 403 code.', $this->plugin_name);
if ($file === 'index.php') {
$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('index.php file is present.', $this->plugin_name);
if ($file === 'index.html') {
$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('index.html file is present.', $this->plugin_name);
if (self::check_protective_file('.htaccess') === true && self::get_uploads_root_response_code() === 200) {
$response[] = '<span class="dashicons dashicons-search"></span> ' . __('.htaccess file is present but not protecting uploads directory.', $this->plugin_name);
if (self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403) {
$response[] = '<span class="dashicons dashicons-yes"></span> ' . __('Access to uploads directory is protected (403) with a global .htaccess or another global declaration.', $this->plugin_name);
public function check_apache()
if (!function_exists('apache_get_modules')) {
self::register_message('The Protect Uploads plugin cannot work without Apache. Yourself or your web host has to activate this module.');
public function register_message($message, $type = 'updated', $id = 0)
$this->messages['apache'][] = array(
'message' => __($message, $this->plugin_name),
public function display_messages()
foreach ($this->messages as $name => $messages) {
foreach ($messages as $message) {
return '<div id="message" class="' . $message['type'] . '"><p>' . $message['message'] . '</p></div>';
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
