Version Description
- 2021.05.05 =
- Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
Download this release
Release Info
| Developer | codename065 |
| Plugin |  WordPress Download Manager |
| Version | 3.1.25 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.24 to 3.1.25
- admin/menus/class.Packages.php +8 -3
- download-manager.php +2 -2
- libs/class.Package.php +1 -1
- readme.txt +3 -0
- wpdm-functions.php +1 -6
admin/menus/class.Packages.php
CHANGED
|
@@ -83,10 +83,15 @@ class Packages
|
|
| 83 |
|
| 84 |
$name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?$_FILES['package_file']['name']:$_REQUEST['name'];
|
| 85 |
$name = esc_attr($name);
|
| 86 |
-
$
|
| 87 |
-
$ext = end($
|
| 88 |
$ext = strtolower($ext);
|
| 89 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 90 |
|
| 91 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
| 92 |
@unlink(UPLOAD_DIR.$name);
|
| 83 |
|
| 84 |
$name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?$_FILES['package_file']['name']:$_REQUEST['name'];
|
| 85 |
$name = esc_attr($name);
|
| 86 |
+
$_exts = explode('.', $name);
|
| 87 |
+
$ext = end($_exts);
|
| 88 |
$ext = strtolower($ext);
|
| 89 |
+
array_shift($_exts);
|
| 90 |
+
$_found = array_intersect($_exts, wpdm_get_allowed_file_types());
|
| 91 |
+
|
| 92 |
+
if($_exts !== $_found) die('-3');
|
| 93 |
+
|
| 94 |
+
//if(!in_array($ext, wpdm_get_allowed_file_types())) die('-3');
|
| 95 |
|
| 96 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
| 97 |
@unlink(UPLOAD_DIR.$name);
|
download-manager.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Download Manager
|
|
| 4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
| 5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
| 6 |
Author: W3 Eden
|
| 7 |
-
Version: 3.1.
|
| 8 |
Author URI: https://www.wpdownloadmanager.com/
|
| 9 |
Text Domain: download-manager
|
| 10 |
Domain Path: /languages
|
|
@@ -108,7 +108,7 @@ class WordPressDownloadManager{
|
|
| 108 |
|
| 109 |
function __construct(){
|
| 110 |
|
| 111 |
-
define('WPDM_Version','3.1.
|
| 112 |
|
| 113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
| 114 |
|
| 4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
| 5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
| 6 |
Author: W3 Eden
|
| 7 |
+
Version: 3.1.25
|
| 8 |
Author URI: https://www.wpdownloadmanager.com/
|
| 9 |
Text Domain: download-manager
|
| 10 |
Domain Path: /languages
|
| 108 |
|
| 109 |
function __construct(){
|
| 110 |
|
| 111 |
+
define('WPDM_Version','3.1.25');
|
| 112 |
|
| 113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
| 114 |
|
libs/class.Package.php
CHANGED
|
@@ -1071,7 +1071,7 @@ class Package {
|
|
| 1071 |
if(isset($templates[$template]) && isset($templates[$template]['content'])) $template = $templates[$template]['content'];
|
| 1072 |
else
|
| 1073 |
if(!strpos(strip_tags($template), "]")){
|
| 1074 |
-
$template =
|
| 1075 |
$ltpldir = get_stylesheet_directory().'/download-manager/'.$type.'-templates/';
|
| 1076 |
$pthemeltpldir = get_template_directory().'/download-manager/'.$type.'-templates/';
|
| 1077 |
|
| 1071 |
if(isset($templates[$template]) && isset($templates[$template]['content'])) $template = $templates[$template]['content'];
|
| 1072 |
else
|
| 1073 |
if(!strpos(strip_tags($template), "]")){
|
| 1074 |
+
$template = wp_basename($template);
|
| 1075 |
$ltpldir = get_stylesheet_directory().'/download-manager/'.$type.'-templates/';
|
| 1076 |
$pthemeltpldir = get_template_directory().'/download-manager/'.$type.'-templates/';
|
| 1077 |
|
readme.txt
CHANGED
|
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
|
|
| 181 |
|
| 182 |
== Changelog ==
|
| 183 |
|
|
|
|
|
|
|
|
|
|
| 184 |
= 3.1.24 - 2021.05.01 =
|
| 185 |
* Fixed an issue with user downoad count table creation
|
| 186 |
* Fixed and issue with stats filtering options
|
| 181 |
|
| 182 |
== Changelog ==
|
| 183 |
|
| 184 |
+
= 3.1.25 - 2021.05.05 =
|
| 185 |
+
* Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
|
| 186 |
+
|
| 187 |
= 3.1.24 - 2021.05.01 =
|
| 188 |
* Fixed an issue with user downoad count table creation
|
| 189 |
* Fixed and issue with stats filtering options
|
wpdm-functions.php
CHANGED
|
@@ -891,12 +891,7 @@ TBR;
|
|
| 891 |
*/
|
| 892 |
function wpdm_basename($file)
|
| 893 |
{
|
| 894 |
-
|
| 895 |
-
$basename = explode("\\", $file);
|
| 896 |
-
else
|
| 897 |
-
$basename = explode("/", $file);
|
| 898 |
-
$basename = end($basename);
|
| 899 |
-
return $basename;
|
| 900 |
}
|
| 901 |
|
| 902 |
|
| 891 |
*/
|
| 892 |
function wpdm_basename($file)
|
| 893 |
{
|
| 894 |
+
return wp_basename($file);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 895 |
}
|
| 896 |
|
| 897 |
|
