WordPress Download Manager - Version 3.2.45

Version Description

  • 2022.06.23 =
  • Internal codebase update
Download this release

Release Info

Developer codename065
Plugin Icon 128x128 WordPress Download Manager
Version 3.2.45
Comparing to
See all releases

Code changes from version 3.2.44 to 3.2.45

download-manager.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.wpdownloadmanager.com/purchases/
5
  Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6
  Author: W3 Eden, Inc.
7
  Author URI: https://www.wpdownloadmanager.com/
8
- Version: 3.2.44
9
  Text Domain: download-manager
10
  Domain Path: /languages
11
  */
5
  Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6
  Author: W3 Eden, Inc.
7
  Author URI: https://www.wpdownloadmanager.com/
8
+ Version: 3.2.45
9
  Text Domain: download-manager
10
  Domain Path: /languages
11
  */
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: download manager, document management, file manager, digital store, ecomme
5
  Requires at least: 5.3
6
  Tested up to: 6.0
7
  License: GPLv2 or later
8
- Stable tag: 3.2.44
9
 
10
 
11
  This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
181
 
182
  == Changelog ==
183
 
 
 
 
184
  = 3.2.44 - 2022.06.23 =
185
  * Improved email template options
186
  * Internal codebase improvements
5
  Requires at least: 5.3
6
  Tested up to: 6.0
7
  License: GPLv2 or later
8
+ Stable tag: 3.2.45
9
 
10
 
11
  This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
181
 
182
  == Changelog ==
183
 
184
+ = 3.2.45 - 2022.06.23 =
185
+ * Internal codebase update
186
+
187
  = 3.2.44 - 2022.06.23 =
188
  * Improved email template options
189
  * Internal codebase improvements
src/Package/PackageController.php CHANGED
@@ -298,14 +298,14 @@ class PackageController extends PackageTemplate {
298
  else if ( ! is_user_logged_in() && ! self::userCanAccess( $post_vars['ID'] ) ) {
299
  $packurl = get_permalink( $post_vars['ID'] );
300
  $loginform = WPDM()->user->login->form( array( 'redirect' => $packurl ) );
301
- $post_vars['download_url'] = WPDM()->user->login->url( $_SERVER['REQUEST_URI'] );
302
  $post_vars['download_link'] =
303
  $post_vars['download_link_extended'] =
304
  $post_vars['download_link_popup'] = stripcslashes( str_replace( array(
305
  "[loginform]",
306
  "[this_url]",
307
  "[package_url]"
308
- ), array( $loginform, $_SERVER['REQUEST_URI'], $packurl ), $loginmsg ) );
309
  $post_vars['download_link'] =
310
  $post_vars['download_link_extended'] =
311
  $post_vars['download_link_popup'] = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $post_vars['download_link'];
@@ -786,7 +786,6 @@ class PackageController extends PackageTemplate {
786
  return;
787
  }
788
  $audios = array();
789
- $nonce = wp_create_nonce( $_SERVER['REQUEST_URI'] );
790
  $audio = $audx = null;
791
  foreach ( $package['files'] as $index => $file ) {
792
  $realpath = file_exists( $file ) ? $file : UPLOAD_DIR . $file;
@@ -1046,13 +1045,13 @@ class PackageController extends PackageTemplate {
1046
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1047
  return 'loginform';
1048
  }
1049
- $package['download_url'] = $vars['download_link_extended'] = $vars['download_link_popup'] = home_url( '/wp-login.php?redirect_to=' . urlencode( $_SERVER['REQUEST_URI'] ) );
1050
  $loginmsg = Messages::login_required( $package['ID'] );
1051
  $package['download_link'] = stripcslashes( str_replace( array(
1052
  "[loginform]",
1053
  "[this_url]",
1054
  "[package_url]"
1055
- ), array( $loginform, $_SERVER['REQUEST_URI'], get_permalink( $package['ID'] ) ), $loginmsg ) );
1056
 
1057
  return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $package['download_link'];
1058
 
@@ -1346,25 +1345,25 @@ class PackageController extends PackageTemplate {
1346
  //Login is required to download
1347
  if ( ! @in_array( 'guest', $access ) && ! is_user_logged_in() ) {
1348
 
1349
- $loginform = WPDM()->user->login->form( array( 'redirect' => $_SERVER['REQUEST_URI'] ) );
1350
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1351
  $hide_all_message = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : stripcslashes( str_replace( array(
1352
  "[loginform]",
1353
  "[this_url]",
1354
  "[package_url]"
1355
- ), array( $loginform, $_SERVER['REQUEST_URI'], get_permalink( $ID ) ), $loginmsg ) );
1356
  if ( $template_type == 'link' ) {
1357
- return "<a href='" . wpdm_login_url( $_SERVER['REQUEST_URI'] ) . "' class='btn btn-danger'>" . __( "Login", "download-manager" ) . "</a>";
1358
  } else {
1359
  return $hide_all_message;
1360
  }
1361
  }
1362
- $download_url = wpdm_login_url( $_SERVER['REQUEST_URI'] );
1363
  $download_link = $download_link_extended = $download_link_popup = stripcslashes( str_replace( array(
1364
  "[loginform]",
1365
  "[this_url]",
1366
  "[package_url]"
1367
- ), array( $loginform, $_SERVER['REQUEST_URI'], get_permalink( $ID ) ), $loginmsg ) );
1368
 
1369
  return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $download_link;
1370
 
@@ -1578,7 +1577,7 @@ class PackageController extends PackageTemplate {
1578
  "[loginform]",
1579
  "[this_url]",
1580
  "[package_url]"
1581
- ), array( $loginform, $_SERVER['REQUEST_URI'], get_permalink( $vars['ID'] ) ), $loginmsg ) );
1582
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1583
  return $type == 'page' ? $hide_all_message : '';
1584
  }
@@ -1838,7 +1837,7 @@ class PackageController extends PackageTemplate {
1838
  "[loginform]",
1839
  "[this_url]",
1840
  "[package_url]"
1841
- ), array( $loginform, $_SERVER['REQUEST_URI'], get_permalink( $vars['ID'] ) ), $loginmsg ) );
1842
 
1843
  if ( $vars['download_link'] == 'blocked' && $type == 'link' ) {
1844
  return "";
298
  else if ( ! is_user_logged_in() && ! self::userCanAccess( $post_vars['ID'] ) ) {
299
  $packurl = get_permalink( $post_vars['ID'] );
300
  $loginform = WPDM()->user->login->form( array( 'redirect' => $packurl ) );
301
+ $post_vars['download_url'] = WPDM()->user->login->url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']) );
302
  $post_vars['download_link'] =
303
  $post_vars['download_link_extended'] =
304
  $post_vars['download_link_popup'] = stripcslashes( str_replace( array(
305
  "[loginform]",
306
  "[this_url]",
307
  "[package_url]"
308
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), $packurl ), $loginmsg ) );
309
  $post_vars['download_link'] =
310
  $post_vars['download_link_extended'] =
311
  $post_vars['download_link_popup'] = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $post_vars['download_link'];
786
  return;
787
  }
788
  $audios = array();
 
789
  $audio = $audx = null;
790
  foreach ( $package['files'] as $index => $file ) {
791
  $realpath = file_exists( $file ) ? $file : UPLOAD_DIR . $file;
1045
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1046
  return 'loginform';
1047
  }
1048
+ $package['download_url'] = $vars['download_link_extended'] = $vars['download_link_popup'] = home_url( '/wp-login.php?redirect_to=' . urlencode( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']) ) );
1049
  $loginmsg = Messages::login_required( $package['ID'] );
1050
  $package['download_link'] = stripcslashes( str_replace( array(
1051
  "[loginform]",
1052
  "[this_url]",
1053
  "[package_url]"
1054
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), get_permalink( $package['ID'] ) ), $loginmsg ) );
1055
 
1056
  return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $package['download_link'];
1057
 
1345
  //Login is required to download
1346
  if ( ! @in_array( 'guest', $access ) && ! is_user_logged_in() ) {
1347
 
1348
+ $loginform = WPDM()->user->login->form( array( 'redirect' => __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']) ) );
1349
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1350
  $hide_all_message = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : stripcslashes( str_replace( array(
1351
  "[loginform]",
1352
  "[this_url]",
1353
  "[package_url]"
1354
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), get_permalink( $ID ) ), $loginmsg ) );
1355
  if ( $template_type == 'link' ) {
1356
+ return "<a href='" . wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']) ) . "' class='btn btn-danger'>" . __( "Login", "download-manager" ) . "</a>";
1357
  } else {
1358
  return $hide_all_message;
1359
  }
1360
  }
1361
+ $download_url = wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']) );
1362
  $download_link = $download_link_extended = $download_link_popup = stripcslashes( str_replace( array(
1363
  "[loginform]",
1364
  "[this_url]",
1365
  "[package_url]"
1366
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), get_permalink( $ID ) ), $loginmsg ) );
1367
 
1368
  return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $download_link;
1369
 
1577
  "[loginform]",
1578
  "[this_url]",
1579
  "[package_url]"
1580
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1581
  if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1582
  return $type == 'page' ? $hide_all_message : '';
1583
  }
1837
  "[loginform]",
1838
  "[this_url]",
1839
  "[package_url]"
1840
+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1841
 
1842
  if ( $vars['download_link'] == 'blocked' && $type == 'link' ) {
1843
  return "";
src/User/Login.php CHANGED
@@ -94,12 +94,12 @@ class Login
94
  if ($regurl > 0)
95
  $regurl = get_permalink($regurl);
96
  }
97
- $log_redirect = $_SERVER['REQUEST_URI'];
98
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
99
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
100
 
101
  $up = parse_url($log_redirect);
102
- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = $_SERVER['REQUEST_URI'];
103
 
104
  $log_redirect = strip_tags($log_redirect);
105
 
@@ -322,12 +322,12 @@ class Login
322
  if ($regurl > 0)
323
  $regurl = get_permalink($regurl);
324
  }
325
- $log_redirect = $_SERVER['REQUEST_URI'];
326
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
327
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
328
 
329
  $up = parse_url($log_redirect);
330
- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = $_SERVER['REQUEST_URI'];
331
 
332
  $log_redirect = strip_tags($log_redirect);
333
 
@@ -396,12 +396,12 @@ class Login
396
  if ($regurl > 0)
397
  $regurl = get_permalink($regurl);
398
  }
399
- $log_redirect = $_SERVER['REQUEST_URI'];
400
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
401
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
402
 
403
  $up = parse_url($log_redirect);
404
- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = $_SERVER['REQUEST_URI'];
405
 
406
  $log_redirect = strip_tags($log_redirect);
407
 
94
  if ($regurl > 0)
95
  $regurl = get_permalink($regurl);
96
  }
97
+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
98
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
99
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
100
 
101
  $up = parse_url($log_redirect);
102
+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
103
 
104
  $log_redirect = strip_tags($log_redirect);
105
 
322
  if ($regurl > 0)
323
  $regurl = get_permalink($regurl);
324
  }
325
+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
326
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
327
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
328
 
329
  $up = parse_url($log_redirect);
330
+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
331
 
332
  $log_redirect = strip_tags($log_redirect);
333
 
396
  if ($regurl > 0)
397
  $regurl = get_permalink($regurl);
398
  }
399
+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
400
  if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
401
  if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
402
 
403
  $up = parse_url($log_redirect);
404
+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']);
405
 
406
  $log_redirect = strip_tags($log_redirect);
407
 
src/User/views/modal-login-form.php CHANGED
@@ -82,7 +82,7 @@ if(!defined('ABSPATH')) die(); ?>
82
  <script>
83
  jQuery(function ($) {
84
  var llbl = $('#wpdmloginmodal-submit').html();
85
- var __lm_redirect_to = "<?php echo $_SERVER['REQUEST_URI']; ?>";
86
  var __lm_logo = "<?php echo get_site_icon_url(); ?>";
87
  var $body = $('body');
88
  $('#modalloginform').submit(function () {
82
  <script>
83
  jQuery(function ($) {
84
  var llbl = $('#wpdmloginmodal-submit').html();
85
+ var __lm_redirect_to = "<?php echo \WPDM\__\__::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']); ?>";
86
  var __lm_logo = "<?php echo get_site_icon_url(); ?>";
87
  var $body = $('body');
88
  $('#modalloginform').submit(function () {
src/__/Apply.php CHANGED
@@ -224,7 +224,7 @@ class Apply
224
 
225
  global $wpdb, $current_user, $wp_query;
226
  if (preg_match("/\/wpdmdl\/([\d]+)-([^\/]+)\/(.+)/", $_SERVER['REQUEST_URI'])) {
227
- $uri = trim($_SERVER['REQUEST_URI'], '/');
228
  $download_url_base = get_option('__wpdm_download_url_base', 'download');
229
  $uri = explode("/" . $download_url_base . "/", $uri);
230
  $parts = explode("/", $uri[1]);
@@ -234,7 +234,7 @@ class Apply
234
  $parts = json_decode(base64_decode($parts[1]));
235
  if (is_array($parts)) {
236
  foreach ($parts as $key => $val) {
237
- $_REQUEST[$key] = $_GET[$key] = $val;
238
  }
239
  }
240
  }
224
 
225
  global $wpdb, $current_user, $wp_query;
226
  if (preg_match("/\/wpdmdl\/([\d]+)-([^\/]+)\/(.+)/", $_SERVER['REQUEST_URI'])) {
227
+ $uri = trim(__::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'escs']), '/');
228
  $download_url_base = get_option('__wpdm_download_url_base', 'download');
229
  $uri = explode("/" . $download_url_base . "/", $uri);
230
  $parts = explode("/", $uri[1]);
234
  $parts = json_decode(base64_decode($parts[1]));
235
  if (is_array($parts)) {
236
  foreach ($parts as $key => $val) {
237
+ $_REQUEST[$key] = $_GET[$key] = esc_attr($val);
238
  }
239
  }
240
  }