Advanced Access Manager - Version 5.9.9.1

Version Description

Files changed (5) hide show

aam.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	* Plugin Name: Advanced Access Manager
5	* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6	- * Version: 5.9.9
7	* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	* Author URI: https://vasyltech.com
9	* Text Domain: advanced-access-manager


3	/**
4	* Plugin Name: Advanced Access Manager
5	* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6	+ * Version: 5.9.9.1
7	* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	* Author URI: https://vasyltech.com
9	* Text Domain: advanced-access-manager

application/Backend/phtml/extensions.phtml CHANGED Viewed

	@@ -3,7 +3,7 @@
3	<div class="row">
4	<div class="col-xs-12">
5	<p class="aam-info">
6	- <?php echo ~~sprintf(~~AAM_Backend_View_Helper::preparePhrase('By purchasing any of the ~~extensions~~ below, you obtain the license that allows you to install and use our software for ~~live and for~~ one physical WordPress installation only. ~~However you will be able to download new updates for one year from the time of purchase unless you purchased the [Extended version].~~ Exceptions are websites where URL is either [localhost] or starts with [dev.], [staging.], [test.] or [demo.] They are considered as development websites and you can use the purchased license unlimited number of times before it is activated on a production website. [Money back guaranteed] within 10 day from the time of purchase.', 'i', 'i', 'i', 'i', 'i', 'i', 'b')~~, '<a href="https://aamplugin.com/development-package" target="_blank">', '</a>')~~; ?><br/>
7	</p>
8	</div>
9	</div>


3	<div class="row">
4	<div class="col-xs-12">
5	<p class="aam-info">
6	+ <?php echo AAM_Backend_View_Helper::preparePhrase('By purchasing any of the addons below, you obtain the license that allows you to install and use our software for one physical WordPress installation only. Exceptions are websites where URL is either [localhost] or starts with [dev.], [staging.], [test.] or [demo.] They are considered as development websites and you can use the purchased license unlimited number of times before it is activated on a production website. [Money back guaranteed] within 30 day from the time of purchase.', 'i', 'i', 'i', 'i', 'i', 'i', 'b'); ?><br/>
7	</p>
8	</div>
9	</div>

application/Core/Media.php CHANGED Viewed

	@@ -130,19 +130,24 @@ class AAM_Core_Media {
130	$rpath = preg_replace('/\?.*$/', '', $this->request_uri);
131
132	//finally replace the filename with requested filename
133	- $request = str_replace(basename($path), basename($rpath), $path);
134
135	if (empty($mime)) {
136	if (function_exists('mime_content_type')) {
137	$mime = mime_content_type($request);
138	}
139	}
140	-
141	- $~~allowed~~ = ~~'\.~~(~~jpg\|jpeg\|png\|svg\|gif\|ico\|pdf\|doc\|docx\|ppt\|pptx\|pps\|ppsx\|odt\|xls\|xlsx\|psd~~)$';



142	// Props to Ov3rfly report
143	- if (~~preg_match~~($~~allowed~~, $~~request~~)) {
144	@header('Content-Type: ' . (empty($mime) ? $type : $mime));
145	echo file_get_contents($request);


146	}
147	exit;
148	}


130	$rpath = preg_replace('/\?.*$/', '', $this->request_uri);
131
132	//finally replace the filename with requested filename
133	+ $request = realpath(str_replace(basename($path), basename($rpath), $path));
134
135	if (empty($mime)) {
136	if (function_exists('mime_content_type')) {
137	$mime = mime_content_type($request);
138	}
139	}
140	+
141	+ $filetype = wp_check_filetype(basename($request));
142	+ $location = wp_get_upload_dir();
143	+ $upload_dir = (isset($location['basedir']) ? $location['basedir'] : WP_CONTENT_DIR . '/uploads');
144	+
145	// Props to Ov3rfly report
146	+ if (!empty($filetype['ext']) && (strpos($request, realpath($upload_dir)) !== false)) {
147	@header('Content-Type: ' . (empty($mime) ? $type : $mime));
148	echo file_get_contents($request);
149	+ } else {
150	+ http_response_code(403);
151	}
152	exit;
153	}

license.txt ADDED Viewed


1	+ Copyright (C) Vasyl Martyniuk <vasyl@vasyltech.com>
2	+
3	+ This program is free software: you can redistribute it and/or modify
4	+ it under the terms of the GNU General Public License as published by
5	+ the Free Software Foundation, either version 3 of the License, or
6	+ (at your option) any later version.
7	+
8	+ This program is distributed in the hope that it will be useful,
9	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
10	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11	+ GNU General Public License for more details.
12	+
13	+ You should have received a copy of the GNU General Public License
14	+ along with this program. If not, see <https://www.gnu.org/licenses/>.

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: vasyltech
3	Tags: access control, membership, backend menu, user role, restricted content, security, jwt
4	Requires at least: 4.0
5	Tested up to: 5.2.3
6	- Stable tag: 5.9.9
7
8	All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9
	@@ -80,6 +80,10 @@ https://www.youtube.com/watch?v=mj5Xa_Wc16Y
80
81	== Changelog ==
82




83	= 5.9.9 =
84	* Fixed security vulnerability reported by "Props to Ov3rfly"
85	* Added the functionality that checks correctly for the AAM premium plugins updates


3	Tags: access control, membership, backend menu, user role, restricted content, security, jwt
4	Requires at least: 4.0
5	Tested up to: 5.2.3
6	+ Stable tag: 5.9.9.1
7
8	All you need to manage access to you WordPress websites on frontend, backend and API levels for any role, user or visitors.
9

80
81	== Changelog ==
82
83	+ = 5.9.9.1 =
84	+ * Fixed PHP warning associated with media access control
85	+ * Updated verbiage on the Extensions tab.
86	+
87	= 5.9.9 =
88	* Fixed security vulnerability reported by "Props to Ov3rfly"
89	* Added the functionality that checks correctly for the AAM premium plugins updates