WordPress Download Manager

Version Description

Files changed (8) hide show

download-manager.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: Download Manager
4	Plugin URI: https://www.wpdownloadmanager.com/pricing/
5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden
7	- Version: 3.1.07
8	Author URI: https://www.wpdownloadmanager.com/
9	Text Domain: download-manager
10	Domain Path: /languages
	@@ -106,7 +106,7 @@ class WordPressDownloadManager{
106
107	function __construct(){
108
109	- define('WPDM_Version','3.1.07');
110
111	register_activation_hook(__FILE__, array($this, 'Install'));
112


4	Plugin URI: https://www.wpdownloadmanager.com/pricing/
5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden
7	+ Version: 3.1.08
8	Author URI: https://www.wpdownloadmanager.com/
9	Text Domain: download-manager
10	Domain Path: /languages

106
107	function __construct(){
108
109	+ define('WPDM_Version','3.1.08');
110
111	register_activation_hook(__FILE__, array($this, 'Install'));
112

libs/class.Apply.php CHANGED Viewed

	@@ -144,7 +144,7 @@ class Apply {
144	global $wp_query, $post, $wpdb;
145	if (!isset($_POST['wpdm_login'])) return;
146
147	- $shortcode_params = Crypt::decrypt(wpdm_query_var('__phash'));
148
149	$login_try = (int)Session::get('login_try');
150	$login_try++;
	@@ -222,7 +222,7 @@ class Apply {
222	if (!isset($_POST['wpdm_reg'])) return;
223
224
225	- $shortcode_params = Crypt::decrypt(wpdm_query_var('__phash'));
226
227	if (!is_array($shortcode_params)) $shortcode_params = array();
228


144	global $wp_query, $post, $wpdb;
145	if (!isset($_POST['wpdm_login'])) return;
146
147	+ $shortcode_params = (array)Crypt::decrypt(wpdm_query_var('__phash'));
148
149	$login_try = (int)Session::get('login_try');
150	$login_try++;

222	if (!isset($_POST['wpdm_reg'])) return;
223
224
225	+ $shortcode_params = (array)Crypt::decrypt(wpdm_query_var('__phash'));
226
227	if (!is_array($shortcode_params)) $shortcode_params = array();
228

libs/class.Session.php CHANGED Viewed

	@@ -23,8 +23,11 @@ class Session
23
24	if(file_exists(WPDM_CACHE_DIR."session-{$deviceID}.txt")) {
25	$data = file_get_contents(WPDM_CACHE_DIR . "session-{$deviceID}.txt");
26	- $data = Crypt::decrypt($data);
27	if(!is_array($data)) $data = array();



28	} else {
29	$data = array();
30	}
	@@ -46,7 +49,7 @@ class Session
46	static function get($name){
47	if(!isset(self::$data[self::$deviceID], self::$data[self::$deviceID][$name])) return null;
48	$_value = self::$data[self::$deviceID][$name];
49	- if(count($_value) == 0) return null;
50	extract($_value);
51	if(isset($expire) && $expire < time()) {
52	unset(self::$data[$name]);


23
24	if(file_exists(WPDM_CACHE_DIR."session-{$deviceID}.txt")) {
25	$data = file_get_contents(WPDM_CACHE_DIR . "session-{$deviceID}.txt");
26	+ $data = (array)Crypt::decrypt($data);
27	if(!is_array($data)) $data = array();
28	+ foreach ($data as &$item){
29	+ if(is_object($item)) $item = (array)$item;
30	+ }
31	} else {
32	$data = array();
33	}

49	static function get($name){
50	if(!isset(self::$data[self::$deviceID], self::$data[self::$deviceID][$name])) return null;
51	$_value = self::$data[self::$deviceID][$name];
52	+ if(!is_array($_value) \|\| count($_value) == 0) return null;
53	extract($_value);
54	if(isset($expire) && $expire < time()) {
55	unset(self::$data[$name]);

libs/class.TempStorage.php CHANGED Viewed

	@@ -20,7 +20,7 @@ class TempStorage
20	{
21	if(file_exists(WPDM_CACHE_DIR.'/temp-storage.txt')) {
22	$data = file_get_contents(WPDM_CACHE_DIR . '/temp-storage.txt');
23	- $data = Crypt::decrypt($data);
24	if(!is_array($data)) $data = array();
25	} else {
26	$data = array();


20	{
21	if(file_exists(WPDM_CACHE_DIR.'/temp-storage.txt')) {
22	$data = file_get_contents(WPDM_CACHE_DIR . '/temp-storage.txt');
23	+ $data = (array)Crypt::decrypt($data);
24	if(!is_array($data)) $data = array();
25	} else {
26	$data = array();

libs/class.UserProfile.php CHANGED Viewed

	@@ -70,13 +70,13 @@ class UserProfile
70
71
72	function downloads(){
73	- $params = Crypt::decrypt(wpdm_query_var('__scp'));
74	$params['author'] = wpdm_query_var('__pu', 'int');
75	echo WPDM()->shortCode->packages($params);
76	}
77
78	function favourites(){
79	- $params = Crypt::decrypt(wpdm_query_var('__scp'));
80	$myfavs = maybe_unserialize(get_user_meta(wpdm_query_var('__pu', 'int'), '__wpdm_favs', true));
81	$params['post__in'] = implode(",", $myfavs);
82	echo WPDM()->shortCode->packages($params);


70
71
72	function downloads(){
73	+ $params = (array)Crypt::decrypt(wpdm_query_var('__scp'));
74	$params['author'] = wpdm_query_var('__pu', 'int');
75	echo WPDM()->shortCode->packages($params);
76	}
77
78	function favourites(){
79	+ $params = (array)Crypt::decrypt(wpdm_query_var('__scp'));
80	$myfavs = maybe_unserialize(get_user_meta(wpdm_query_var('__pu', 'int'), '__wpdm_favs', true));
81	$params['post__in'] = implode(",", $myfavs);
82	echo WPDM()->shortCode->packages($params);

readme.txt CHANGED Viewed

	@@ -179,6 +179,9 @@ Check download stats and get a push notification when someone downloads, install
179
180	== Changelog ==
181



182	= 3.1.07 =
183	* Fixed a security issue ( Thanks to Austin Turecek, security research from Flashpoint )
184


179
180	== Changelog ==
181
182	+ = 3.1.08 =
183	+ * Fixed an issue with the login form parameter handling
184	+
185	= 3.1.07 =
186	* Fixed a security issue ( Thanks to Austin Turecek, security research from Flashpoint )
187

tpls/wpdm-login-form.php CHANGED Viewed

	@@ -35,7 +35,7 @@ if(!defined('ABSPATH')) die();
35	?></div>
36
37
38	- <?php if(isset($params['note_before'])) { ?>
39	<div class="alert alert-info alert-note-before mb-3" >
40	<?php echo $params['note_before']; ?>
41	</div>
	@@ -44,7 +44,7 @@ if(!defined('ABSPATH')) die();
44	<?php echo \WPDM\libs\User::signinForm($params); ?>
45
46
47	- <?php if(isset($params['note_after'])) { ?>
48	<div class="alert alert-info alter-note-after mb-3" >
49	<?php echo $params['note_after']; ?>
50	</div>


35	?></div>
36
37
38	+ <?php if(isset($params['note_before']) && $params['note_before'] !== '') { ?>
39	<div class="alert alert-info alert-note-before mb-3" >
40	<?php echo $params['note_before']; ?>
41	</div>

44	<?php echo \WPDM\libs\User::signinForm($params); ?>
45
46
47	+ <?php if(isset($params['note_after']) && $params['note_after'] !== '') { ?>
48	<div class="alert alert-info alter-note-after mb-3" >
49	<?php echo $params['note_after']; ?>
50	</div>

tpls3/wpdm-login-form.php CHANGED Viewed

	@@ -43,7 +43,7 @@ if(!defined('ABSPATH')) die();
43	</div>
44	<?php } ?>
45
46	- <?php if(isset($params['note_before'])) { ?>
47	<div class="alert alert-info alert-note-before mb-3" >
48	<?php echo $params['note_before']; ?>
49	</div>
	@@ -84,7 +84,7 @@ if(!defined('ABSPATH')) die();
84	<style> #reCaptchaLock iframe { transform: scaleX(1.23); margin-left: 33px; } </style>
85	<?php } ?>
86
87	- <?php if(isset($params['note_after'])) { ?>
88	<div class="alert alert-info alter-note-after mb-3" >
89	<?php echo $params['note_after']; ?>
90	</div>


43	</div>
44	<?php } ?>
45
46	+ <?php if(isset($params['note_before']) && $params['note_before'] !== '') { ?>
47	<div class="alert alert-info alert-note-before mb-3" >
48	<?php echo $params['note_before']; ?>
49	</div>

84	<style> #reCaptchaLock iframe { transform: scaleX(1.23); margin-left: 33px; } </style>
85	<?php } ?>
86
87	+ <?php if(isset($params['note_after']) && $params['note_after'] !== '') { ?>
88	<div class="alert alert-info alter-note-after mb-3" >
89	<?php echo $params['note_after']; ?>
90	</div>