Version Description
- 2021.05.07 =
- Improved file type validation function
Download this release
Release Info
Developer | codename065 |
Plugin | WordPress Download Manager |
Version | 3.1.26 |
Comparing to | |
See all releases |
Code changes from version 3.1.25 to 3.1.26
- admin/menus/class.Packages.php +4 -1
- download-manager.php +2 -2
- libs/class.FileSystem.php +11 -3
- readme.txt +3 -0
- wpdm-core.php +5 -1
admin/menus/class.Packages.php
CHANGED
@@ -89,10 +89,13 @@ class Packages
|
|
89 |
array_shift($_exts);
|
90 |
$_found = array_intersect($_exts, wpdm_get_allowed_file_types());
|
91 |
|
92 |
-
if($_exts !== $_found) die('-3');
|
93 |
|
94 |
//if(!in_array($ext, wpdm_get_allowed_file_types())) die('-3');
|
95 |
|
|
|
|
|
|
|
96 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
97 |
@unlink(UPLOAD_DIR.$name);
|
98 |
}
|
89 |
array_shift($_exts);
|
90 |
$_found = array_intersect($_exts, wpdm_get_allowed_file_types());
|
91 |
|
92 |
+
//if($_exts !== $_found) die('-3');
|
93 |
|
94 |
//if(!in_array($ext, wpdm_get_allowed_file_types())) die('-3');
|
95 |
|
96 |
+
//Validate file type
|
97 |
+
if(WPDM()->fileSystem->isBlocked($name, $_FILES['package_file']['tmp_name'])) die('-3');
|
98 |
+
|
99 |
if(file_exists(UPLOAD_DIR.$name) && get_option('__wpdm_overwrrite_file',0) == 1){
|
100 |
@unlink(UPLOAD_DIR.$name);
|
101 |
}
|
download-manager.php
CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Download Manager
|
|
4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
6 |
Author: W3 Eden
|
7 |
-
Version: 3.1.
|
8 |
Author URI: https://www.wpdownloadmanager.com/
|
9 |
Text Domain: download-manager
|
10 |
Domain Path: /languages
|
@@ -108,7 +108,7 @@ class WordPressDownloadManager{
|
|
108 |
|
109 |
function __construct(){
|
110 |
|
111 |
-
define('WPDM_Version','3.1.
|
112 |
|
113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
114 |
|
4 |
Plugin URI: https://www.wpdownloadmanager.com/pricing/
|
5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
6 |
Author: W3 Eden
|
7 |
+
Version: 3.1.26
|
8 |
Author URI: https://www.wpdownloadmanager.com/
|
9 |
Text Domain: download-manager
|
10 |
Domain Path: /languages
|
108 |
|
109 |
function __construct(){
|
110 |
|
111 |
+
define('WPDM_Version','3.1.26');
|
112 |
|
113 |
register_activation_hook(__FILE__, array($this, 'Install'));
|
114 |
|
libs/class.FileSystem.php
CHANGED
@@ -55,7 +55,7 @@ class FileSystem
|
|
55 |
die();
|
56 |
}
|
57 |
|
58 |
-
if (WPDM()->fileSystem->isBlocked($filepath)) \WPDM_Messages::error("Invalid File Type ({$filename})!", 1);
|
59 |
|
60 |
$content_type = function_exists('mime_content_type') ? mime_content_type($filepath) : self::mime_type($filepath);
|
61 |
|
@@ -710,10 +710,18 @@ class FileSystem
|
|
710 |
* @param $filename
|
711 |
* @return bool
|
712 |
*/
|
713 |
-
function isBlocked($filename)
|
714 |
{
|
715 |
$types = wpdm_get_allowed_file_types();
|
716 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
717 |
return !in_array($ext, $types);
|
718 |
}
|
719 |
|
55 |
die();
|
56 |
}
|
57 |
|
58 |
+
if (WPDM()->fileSystem->isBlocked($filename, $filepath)) \WPDM_Messages::error("Invalid File Type ({$filename})!", 1);
|
59 |
|
60 |
$content_type = function_exists('mime_content_type') ? mime_content_type($filepath) : self::mime_type($filepath);
|
61 |
|
710 |
* @param $filename
|
711 |
* @return bool
|
712 |
*/
|
713 |
+
function isBlocked($filename, $abspath = '')
|
714 |
{
|
715 |
$types = wpdm_get_allowed_file_types();
|
716 |
+
|
717 |
+
if(in_array('*', $types)) return false;
|
718 |
+
|
719 |
+
if($abspath && file_exists($abspath)) {
|
720 |
+
$fileinfo = wp_check_filetype_and_ext($abspath, $filename);
|
721 |
+
$ext = wpdm_valueof($fileinfo,'ext');
|
722 |
+
} else {
|
723 |
+
$ext = self::fileExt($filename);
|
724 |
+
}
|
725 |
return !in_array($ext, $types);
|
726 |
}
|
727 |
|
readme.txt
CHANGED
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
|
|
181 |
|
182 |
== Changelog ==
|
183 |
|
|
|
|
|
|
|
184 |
= 3.1.25 - 2021.05.05 =
|
185 |
* Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
|
186 |
|
181 |
|
182 |
== Changelog ==
|
183 |
|
184 |
+
= 3.1.26 - 2021.05.07 =
|
185 |
+
* Improved file type validation function
|
186 |
+
|
187 |
= 3.1.25 - 2021.05.05 =
|
188 |
* Fixed an security issue with link/page template file path, thanks for Wordfence for pointing the issue.
|
189 |
|
wpdm-core.php
CHANGED
@@ -329,7 +329,11 @@ function wpdm_get_allowed_file_types()
|
|
329 |
$wp_allowed_file_exts = str_replace("|", ",", $wp_allowed_file_exts);
|
330 |
$allowed_file_types = $wp_allowed_file_exts;
|
331 |
}
|
332 |
-
|
|
|
|
|
|
|
|
|
333 |
}
|
334 |
|
335 |
|
329 |
$wp_allowed_file_exts = str_replace("|", ",", $wp_allowed_file_exts);
|
330 |
$allowed_file_types = $wp_allowed_file_exts;
|
331 |
}
|
332 |
+
$types = explode(",", $allowed_file_types);
|
333 |
+
foreach ($types as &$type){
|
334 |
+
$type = trim($type);
|
335 |
+
}
|
336 |
+
return $types;
|
337 |
}
|
338 |
|
339 |
|