Version Description
- 2021.05.07 =
- Improved file type validation function
Download this release
Release Info
| Developer | codename065 |
| Plugin |  WordPress Download Manager |
| Version | 3.1.26 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.25 to 3.1.26
- admin/menus/class.Packages.php +4 -1
- download-manager.php +2 -2
- libs/class.FileSystem.php +11 -3
- readme.txt +3 -0
- wpdm-core.php +5 -1
admin/menus/class.Packages.php
CHANGED
|
@@ -89,10 +89,13 @@ class Packages
|
|
| 89 |
array_shift($_exts);
|
| 90 |
$_found = array_intersect($_exts, wpdm_get_allowed_file_types());
|
| 91 |
|
| 92 |
-
if($_exts !== $_found) die('-3');
|
| 93 |
|
| 94 |
//if(!in_array($ext, wpdm_get_allowed_file_types())) die('-3');
|
| 95 |
|
|
|
|
|
|
|
|
|
|
| 96 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
| 97 |
@unlink(UPLOAD_DIR.$name);
|
| 98 |
}
|
| 89 |
array_shift($_exts);
|
| 90 |
$_found = array_intersect($_exts, wpdm_get_allowed_file_types());
|
| 91 |
|
| 92 |
+
//if($_exts !== $_found) die('-3');
|
| 93 |
|
| 94 |
//if(!in_array($ext, wpdm_get_allowed_file_types())) die('-3');
|
| 95 |
|
| 96 |
+
//Validate file type
|
| 97 |
+
if(WPDM()->fileSystem->isBlocked($name, $_FILES['package_file']['tmp_name'])) die('-3');
|
| 98 |
+
|
| 99 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
| 100 |
@unlink(UPLOAD_DIR.$name);
|
| 101 |
}
|
download-manager.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Download Manager
|
|
| 4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
| 5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
| 6 |
Author: W3 Eden
|
| 7 |
-
Version: 3.1.
|
| 8 |
Author URI: https://www.wpdownloadmanager.com/
|
| 9 |
Text Domain: download-manager
|
| 10 |
Domain Path: /languages
|
|
@@ -108,7 +108,7 @@ class WordPressDownloadManager{
|
|
| 108 |
|
| 109 |
function __construct(){
|
| 110 |
|
| 111 |
-
define('WPDM_Version','3.1.
|
| 112 |
|
| 113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
| 114 |
|
| 4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
| 5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
| 6 |
Author: W3 Eden
|
| 7 |
+
Version: 3.1.26
|
| 8 |
Author URI: https://www.wpdownloadmanager.com/
|
| 9 |
Text Domain: download-manager
|
| 10 |
Domain Path: /languages
|
| 108 |
|
| 109 |
function __construct(){
|
| 110 |
|
| 111 |
+
define('WPDM_Version','3.1.26');
|
| 112 |
|
| 113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
| 114 |
|
libs/class.FileSystem.php
CHANGED
|
@@ -55,7 +55,7 @@ class FileSystem
|
|
| 55 |
die();
|
| 56 |
}
|
| 57 |
|
| 58 |
-
if (WPDM()->fileSystem->isBlocked($filepath)) \WPDM_Messages::error("Invalid File Type ({$filename})!", 1);
|
| 59 |
|
| 60 |
$content_type = function_exists('mime_content_type') ? mime_content_type($filepath) : self::mime_type($filepath);
|
| 61 |
|
|
@@ -710,10 +710,18 @@ class FileSystem
|
|
| 710 |
* @param $filename
|
| 711 |
* @return bool
|
| 712 |
*/
|
| 713 |
-
function isBlocked($filename)
|
| 714 |
{
|
| 715 |
$types = wpdm_get_allowed_file_types();
|
| 716 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 717 |
return !in_array($ext, $types);
|
| 718 |
}
|
| 719 |
|
| 55 |
die();
|
| 56 |
}
|
| 57 |
|
| 58 |
+
if (WPDM()->fileSystem->isBlocked($filename, $filepath)) \WPDM_Messages::error("Invalid File Type ({$filename})!", 1);
|
| 59 |
|
| 60 |
$content_type = function_exists('mime_content_type') ? mime_content_type($filepath) : self::mime_type($filepath);
|
| 61 |
|
| 710 |
* @param $filename
|
| 711 |
* @return bool
|
| 712 |
*/
|
| 713 |
+
function isBlocked($filename, $abspath = '')
|
| 714 |
{
|
| 715 |
$types = wpdm_get_allowed_file_types();
|
| 716 |
+
|
| 717 |
+
if(in_array('*', $types)) return false;
|
| 718 |
+
|
| 719 |
+
if($abspath && file_exists($abspath)) {
|
| 720 |
+
$fileinfo = wp_check_filetype_and_ext($abspath, $filename);
|
| 721 |
+
$ext = wpdm_valueof($fileinfo,'ext');
|
| 722 |
+
} else {
|
| 723 |
+
$ext = self::fileExt($filename);
|
| 724 |
+
}
|
| 725 |
return !in_array($ext, $types);
|
| 726 |
}
|
| 727 |
|
readme.txt
CHANGED
|
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
|
|
| 181 |
|
| 182 |
== Changelog ==
|
| 183 |
|
|
|
|
|
|
|
|
|
|
| 184 |
= 3.1.25 - 2021.05.05 =
|
| 185 |
* Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
|
| 186 |
|
| 181 |
|
| 182 |
== Changelog ==
|
| 183 |
|
| 184 |
+
= 3.1.26 - 2021.05.07 =
|
| 185 |
+
* Improved file type validation function
|
| 186 |
+
|
| 187 |
= 3.1.25 - 2021.05.05 =
|
| 188 |
* Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
|
| 189 |
|
wpdm-core.php
CHANGED
|
@@ -329,7 +329,11 @@ function wpdm_get_allowed_file_types()
|
|
| 329 |
$wp_allowed_file_exts = str_replace("|", ",", $wp_allowed_file_exts);
|
| 330 |
$allowed_file_types = $wp_allowed_file_exts;
|
| 331 |
}
|
| 332 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 333 |
}
|
| 334 |
|
| 335 |
|
| 329 |
$wp_allowed_file_exts = str_replace("|", ",", $wp_allowed_file_exts);
|
| 330 |
$allowed_file_types = $wp_allowed_file_exts;
|
| 331 |
}
|
| 332 |
+
$types = explode(",", $allowed_file_types);
|
| 333 |
+
foreach ($types as &$type){
|
| 334 |
+
$type = trim($type);
|
| 335 |
+
}
|
| 336 |
+
return $types;
|
| 337 |
}
|
| 338 |
|
| 339 |
|
