Version Description
- Fixed PHP warning associated with media access control
- Updated verbiage on the Extensions tab.
Download this release
Release Info
Developer | vasyltech |
Plugin | Advanced Access Manager |
Version | 5.9.9.1 |
Comparing to | |
See all releases |
Code changes from version 5.9.9 to 5.9.9.1
- aam.php +1 -1
- application/Backend/phtml/extensions.phtml +1 -1
- application/Core/Media.php +9 -4
- license.txt +14 -0
- readme.txt +5 -1
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
-
* Version: 5.9.9
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
+
* Version: 5.9.9.1
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
application/Backend/phtml/extensions.phtml
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
<div class="row">
|
4 |
<div class="col-xs-12">
|
5 |
<p class="aam-info">
|
6 |
-
<?php echo
|
7 |
</p>
|
8 |
</div>
|
9 |
</div>
|
3 |
<div class="row">
|
4 |
<div class="col-xs-12">
|
5 |
<p class="aam-info">
|
6 |
+
<?php echo AAM_Backend_View_Helper::preparePhrase('By purchasing any of the addons below, you obtain the license that allows you to install and use our software for one physical WordPress installation only. Exceptions are websites where URL is either [localhost] or starts with [dev.], [staging.], [test.] or [demo.] They are considered as development websites and you can use the purchased license unlimited number of times before it is activated on a production website. [Money back guaranteed] within 30 day from the time of purchase.', 'i', 'i', 'i', 'i', 'i', 'i', 'b'); ?><br/>
|
7 |
</p>
|
8 |
</div>
|
9 |
</div>
|
application/Core/Media.php
CHANGED
@@ -130,19 +130,24 @@ class AAM_Core_Media {
|
|
130 |
$rpath = preg_replace('/\?.*$/', '', $this->request_uri);
|
131 |
|
132 |
//finally replace the filename with requested filename
|
133 |
-
$request = str_replace(basename($path), basename($rpath), $path);
|
134 |
|
135 |
if (empty($mime)) {
|
136 |
if (function_exists('mime_content_type')) {
|
137 |
$mime = mime_content_type($request);
|
138 |
}
|
139 |
}
|
140 |
-
|
141 |
-
$
|
|
|
|
|
|
|
142 |
// Props to Ov3rfly report
|
143 |
-
if (
|
144 |
@header('Content-Type: ' . (empty($mime) ? $type : $mime));
|
145 |
echo file_get_contents($request);
|
|
|
|
|
146 |
}
|
147 |
exit;
|
148 |
}
|
130 |
$rpath = preg_replace('/\?.*$/', '', $this->request_uri);
|
131 |
|
132 |
//finally replace the filename with requested filename
|
133 |
+
$request = realpath(str_replace(basename($path), basename($rpath), $path));
|
134 |
|
135 |
if (empty($mime)) {
|
136 |
if (function_exists('mime_content_type')) {
|
137 |
$mime = mime_content_type($request);
|
138 |
}
|
139 |
}
|
140 |
+
|
141 |
+
$filetype = wp_check_filetype(basename($request));
|
142 |
+
$location = wp_get_upload_dir();
|
143 |
+
$upload_dir = (isset($location['basedir']) ? $location['basedir'] : WP_CONTENT_DIR . '/uploads');
|
144 |
+
|
145 |
// Props to Ov3rfly report
|
146 |
+
if (!empty($filetype['ext']) && (strpos($request, realpath($upload_dir)) !== false)) {
|
147 |
@header('Content-Type: ' . (empty($mime) ? $type : $mime));
|
148 |
echo file_get_contents($request);
|
149 |
+
} else {
|
150 |
+
http_response_code(403);
|
151 |
}
|
152 |
exit;
|
153 |
}
|
license.txt
ADDED
@@ -0,0 +1,14 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
Copyright (C) Vasyl Martyniuk <vasyl@vasyltech.com>
|
2 |
+
|
3 |
+
This program is free software: you can redistribute it and/or modify
|
4 |
+
it under the terms of the GNU General Public License as published by
|
5 |
+
the Free Software Foundation, either version 3 of the License, or
|
6 |
+
(at your option) any later version.
|
7 |
+
|
8 |
+
This program is distributed in the hope that it will be useful,
|
9 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
10 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
11 |
+
GNU General Public License for more details.
|
12 |
+
|
13 |
+
You should have received a copy of the GNU General Public License
|
14 |
+
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: vasyltech
|
|
3 |
Tags: access control, membership, backend menu, user role, restricted content, security, jwt
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 5.2.3
|
6 |
-
Stable tag: 5.9.9
|
7 |
|
8 |
All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
|
9 |
|
@@ -80,6 +80,10 @@ https://www.youtube.com/watch?v=mj5Xa_Wc16Y
|
|
80 |
|
81 |
== Changelog ==
|
82 |
|
|
|
|
|
|
|
|
|
83 |
= 5.9.9 =
|
84 |
* Fixed security vulnerability reported by "Props to Ov3rfly"
|
85 |
* Added the functionality that checks correctly for the AAM premium plugins updates
|
3 |
Tags: access control, membership, backend menu, user role, restricted content, security, jwt
|
4 |
Requires at least: 4.0
|
5 |
Tested up to: 5.2.3
|
6 |
+
Stable tag: 5.9.9.1
|
7 |
|
8 |
All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
|
9 |
|
80 |
|
81 |
== Changelog ==
|
82 |
|
83 |
+
= 5.9.9.1 =
|
84 |
+
* Fixed PHP warning associated with media access control
|
85 |
+
* Updated verbiage on the Extensions tab.
|
86 |
+
|
87 |
= 5.9.9 =
|
88 |
* Fixed security vulnerability reported by "Props to Ov3rfly"
|
89 |
* Added the functionality that checks correctly for the AAM premium plugins updates
|