Upload file to Woocommerce Order

I’m trying to add File Upload for checkout process. Here is my code:

Add input after order notes

add_filter( 'woocommerce_after_order_notes', 'upload_file_checkout' ); function upload_file_checkout() {      ?>          <p class="form-row" id="image" data-priority="">         <label for="image" class="">Image (JPG, PNG, PDF)</label>         <span class="woocommerce-input-wrapper">         <input type='file' name='image' accept='image/*,.pdf' multiple='false'>         </span>     </p>         <?php } 

Next, update order meta

add_action( 'woocommerce_checkout_update_order_meta', 'checkout_file_update_order_meta' ); function checkout_file_update_order_meta($  order_id) {              if ( isset( $  _POST['image'] ) ) {                  require_once( ABSPATH . 'wp-admin/includes/image.php' );         require_once( ABSPATH . 'wp-admin/includes/file.php' );         require_once( ABSPATH . 'wp-admin/includes/media.php' );                  $  attachment_id = media_handle_upload( 'image', $  order_id );          update_post_meta( $  order_id, '_image', $  attachment_id );      }      } 

And show the result in admin page

add_action( 'woocommerce_admin_order_data_after_billing_address', 'show_new_checkout_field_order', 10, 1 );     function show_new_checkout_field_order( $  order ) {        $  order_id = $  order->get_id();    echo '<p><strong>Image:</strong> ' . get_post_meta( $  order_id, '_image', true ) . '</p>'; } 

But this is not work. How can I fix it?

This is how I see this meta in DB after place an order

enter image description here

Upload Gravity Form files to OneDrive [closed]

I’ve been looking for an away of upload files from Gravity Form direct to the cloud on OneDrive. And so far, I found some codes that could be useful:

 add_filter( 'gform_upload_path', function ( $  path_info, $  form_id ) {         GFCommon::log_debug( "log_upload_path(): path_info for form #{$  form_id} => " . print_r( $  path_info, true ) );               return $  path_info;     }, 1, 2 );       add_filter( 'gform_upload_path', 'change_upload_path', 10, 2 ); function change_upload_path( $  path_info, $  form_id ) {    $  path_info['path'] = '/home/public_html/yourdomainfolder/new/path/';    $  path_info['url'] = 'http://yourdomainhere.com/new/path/';    return $  path_info; }    <?php require_once 'functions.inc.php'; $  token = skydrive_tokenstore::acquire_token(); // Call this function to grab a current access_token, or false if none is available.  if (!$  token) { // If no token, prompt to login. Call skydrive_auth::build_oauth_url() to get the redirect URL.        echo "<div>";        echo "<img src='statics/key-icon.png'>&nbsp";        echo "<a href='" . skydrive_auth::build_oauth_url() . "'>Login with SkyDrive</a></span>";        echo "</div>"; } else {        $  sd = new skydrive($  token);        try {            $  response = $  sd->put_file($  _GET['folderid'], '/file/to/put');            // File was uploaded, return metadata.            print_r($  response);        } catch (Exception $  e) {            // An error occured, print HTTP status code and description.            echo "Error: ".$  e->getMessage();            exit;        } } 

Source: https://docs.gravityforms.com/gform_upload_path/

Instead of my domain path I would like to point it to one folder on Onedrive and if possible, generate a new folder for each upload containing the current WooCommerce order number. I don’t have much experience with PHP so any useful help will be great!

how to split and upload a theme on wordpress?

I have created an account on googiehost and unfortunately the hosting company has limited the file upload size to 2MB. Since the hosting is free on googiehost the hosting provider may not agree to increase the file upload size for just my account. And now i have this Divi theme which is 8 MB in size and i am unable to upload it due to the limit. So i thought off splitting the Divi.zip file into 4 X 2MB chunks which later makes up 8MB(The theme) and then give to any plugin so that it takes all the chunks and extract them to the path where the theme is actually supposed to be installed. So my question is there any plugin as such which does what i want.

How to upload a prepared html page on Google sites?

In order to create an html page using Google sites, there are some tools and templates in the Google sites itself; however, I did not find an option for uploading an html page (site) that has been created already (outside of Google sites).

Is there any possibility for this purpose ?

I tested Embed option, but it is not what I want, as the embedded html will cover only a part the screen …

P.S. This html page is not a part of website, but it is a whole of website. (The website is a single html page.)

Upload Image Remotely from Rest API using JWT Authorization INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE

Trying to upload images into my media gallery programatically from my local machine to webserver.

Using this function here to get the JWT token along with the
WordPress REST API Authentication plugin to initialize JWT:

function get_jwt_token_wp(): ?string {     $  request_url = 'https://example.com/wp-json/api/v1/token';      $  api = curl_init();      $  username = 'admin';     $  password = 'password';     //set the url, POST data     curl_setopt( $  api, CURLOPT_URL, $  request_url );     curl_setopt( $  api, CURLOPT_POST, 1 );     curl_setopt( $  api, CURLOPT_POSTFIELDS, "username=$  username&password=$  password" );     curl_setopt( $  api, CURLOPT_VERBOSE, 1);     curl_setopt( $  api, CURLOPT_RETURNTRANSFER, 1 );      $  server_output = curl_exec ($  api);     printr(curl_getinfo($  api));     if ($  server_output === false) {         die('Error getting JWT token on WordPress for API integration.');     }     $  server_output = json_decode($  server_output);      if ($  server_output === null && json_last_error() !== JSON_ERROR_NONE) {         die('Invalid response getting JWT token on WordPress for API integration.');     }      if (!empty($  server_output->jwt_token)) {         $  jwt_token = $  server_output->jwt_token;         curl_close ($  api);         return $  jwt_token;     } else {         die('Invalid response getting JWT token on WordPress for API integration.');     }     return null; } 

and this function to upload the image

function upload_image_wp( $  path ): array {     $  request_url = 'https://example.com/wp-json/wp/v2/media';      $  image = file_get_contents( $  path );     $  mime_type = mime_content_type( $  path );      $  api = curl_init();      $  username = 'admin';     $  password = 'password';      $  httpheader = array( 'Content-Type: ' . $  mime_type, 'Content-Disposition: attachment; filename="' . basename($  path) . '"', 'Authorization' => 'Bearer ' . WOO_JWT_KEY );      curl_setopt( $  api, CURLOPT_URL, $  request_url );     curl_setopt( $  api, CURLOPT_POST, 1 );     curl_setopt( $  api, CURLOPT_POSTFIELDS, $  image );     curl_setopt( $  api, CURLOPT_HTTPHEADER, $  httpheader );     curl_setopt( $  api, CURLOPT_VERBOSE, 1);     curl_setopt( $  api, CURLOPT_RETURNTRANSFER, 1 );     curl_setopt( $  api, CURLOPT_USERPWD, $  username . ':' . $  password );     $  result = curl_exec( $  api );     printr(curl_getinfo($  api));     curl_close( $  api );     return json_decode( $  result ); } 

with my headers looking something like this:

Array (     [0] => Content-Type: image/gif     [1] => Content-Disposition: attachment; filename="user_loggedin_avatar.gif"     [Authorization] => Bearer eyJhbGciOiJIU..................................... ) 

Is my format wrong? Am I doing something else wrong? I have never worked with JWT authentication before so this has all been new to me.

This is the error I am getting on the return of my call.

object(stdClass)[3]   public 'status' => string 'error' (length=5)   public 'error' => string 'INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE' (length=39)   public 'code' => string '401' (length=3)   public 'error_description' => string 'Authorization header must be type of Bearer Token.' (length=50) 

Unfortunately google isn’t showing much of anything regarding why this error pops up, so I am a bit stuck. Any help greatly appreciated!

Self-XSS From File Upload Name

I encountered this type of vulnerability a couple of times but weren’t able to fully exploit it, need help! This vulnerability is self-xss which is triggered from file names. E.g. If I were to upload a file named ‘[xss-payload].png’, it will be executed as javascript and the window will prompt ‘1’. But it only goes as far as that, the file name stored in the server is randomly generated, therefore this isn’t a stored xss. Is there anyway I could exploit this? The Javascript is executed when uploading the file only. I tried chaining with Clickjacking, but website doesn’t allow iframe. And from what I heard, CSRF is not possible since setting a ‘pre-filled’ file name is not possible when uploading a file. Any idea where I should go with this? Can I chain this with other vulnerabilities? Thank you all.

[XSS-Payload] = Any XSS payload as file name will be executed when uploading the file

E.g. File Name: <img src=x onerror=alert(1)>.png

File Upload Vulnerability SVG

I am currently doing a bug bounty program and was testing the company’s file upload functionality. After meddling with the functionality for a while, I was able to change the extension of the uploaded file to ‘.svg’ using burpsuite. I have read tons of article saying that .svg files is equal to XSS. In my case I was not able to fully upload svg file since the server is checking the content of the file. I have change the ‘Content-Type’ to image/svg and the file is uploaded, but when I change the content of the file with XML Tags, the server denied my upload. I found out that in order for the file to be uploaded successful, the beginning of the content type should be ‘…JFIF’ which is a metadata to describe that the content is JPEG/PNG and is interchangable. I have tried appending the SVG XML tag after the metadata and has successfully uploaded it to the server, but when the image is opened, a square image appeared and my XML tags are not being executed.

Is there any way I could bypass this image content to be able to execute XML? Is there any metada for SVG perhaps?

How do I upload movies for free to my website for watching movies and TV shows? [closed]

So, I want to make my own website for watching movies and TV shows but not in English but in my native language. So I was wondering is it legal to just upload videos from the openload server or some other server to my website without having to pay for an openload account or something or does openload just let me upload their videos for free. It might be a stupid question but I am really not familiar with this subject and if you have any tips for building my movie watching website what would be great. Thanks!!!

DVWA file upload background

I’ve just started in penetration testing with metasploitable and currently trying to learn file upload vulnerability present in DVWA module. I know that somehow upload is preventing files other than images to be uploaded but I don’t understand how. I tried to look page source of ‘upload file’ webpage but I don’t see any javascripts working there. Webpage only refers to a script which also doesn’t seem to have any filters for file being uploaded. Can someone please explain what exactly in the html or JavaScript of webpage is working as a filter?