WordPress Download Manager - Version 3.2.49

Version Description

2022.07.06 =
Fixed several Authenticated Persistent XSS Issues, special thanks to m0ze

Release Info

Developer	codename065
Plugin	WordPress Download Manager
Version	3.2.49
Comparing to
See all releases

Code changes from version 3.2.48 to 3.2.49

Files changed (11) hide show

download-manager.php +2 -2
readme.txt +4 -1
src/Admin/Menu/Packages.php +5 -1
src/Admin/Menu/Templates.php +1 -1
src/Admin/views/metaboxes/lock-options.php +2 -2
src/Admin/views/metaboxes/package-settings.php +1 -1
src/Admin/views/settings/privacy.php +2 -2
src/Admin/views/templates/templates.php +1 -1
src/Package/views/all-packages-shortcode.php +1 -1
src/__/Apply.php +3 -3
src/__/__.php +15 -7

download-manager.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://www.wpdownloadmanager.com/purchases/
5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden, Inc.
7	Author URI: https://www.wpdownloadmanager.com/
8	- Version: 3.2.48
9	Text Domain: download-manager
10	Domain Path: /languages
11	*/
	@@ -39,7 +39,7 @@ use WPDM\Widgets\WidgetController;
39
40	global $WPDM;
41
42	- define('WPDM_VERSION','3.2.48');
43
44	define('WPDM_TEXT_DOMAIN','download-manager');
45


5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden, Inc.
7	Author URI: https://www.wpdownloadmanager.com/
8	+ Version: 3.2.49
9	Text Domain: download-manager
10	Domain Path: /languages
11	*/

39
40	global $WPDM;
41
42	+ define('WPDM_VERSION','3.2.49');
43
44	define('WPDM_TEXT_DOMAIN','download-manager');
45

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: download manager, document management, file manager, digital store, ecomme
5	Requires at least: 5.3
6	Tested up to: 6.0
7	License: GPLv2 or later
8	- Stable tag: 3.2.48
9
10
11	This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
	@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
181
182	== Changelog ==
183



184	= 3.2.48 - 2022.07.03 =
185	* Improved admin UI
186	* Rechecked code and fixed 2 issues with esc attr


5	Requires at least: 5.3
6	Tested up to: 6.0
7	License: GPLv2 or later
8	+ Stable tag: 3.2.49
9
10
11	This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

181
182	== Changelog ==
183
184	+ = 3.2.49 - 2022.07.06 =
185	+ * Fixed several Authenticated Persistent XSS Issues, special thanks to `m0ze`
186	+
187	= 3.2.48 - 2022.07.03 =
188	* Improved admin UI
189	* Rechecked code and fixed 2 issues with esc attr

src/Admin/Menu/Packages.php CHANGED Viewed

	@@ -18,8 +18,10 @@ class Packages
18	'version' => 'txt',
19	'link_label' => 'txt',
20	'package_size' => 'txt',

21	'view_count' => 'int',
22	'download_count' => 'int',

23	);
24
25	function __construct()
	@@ -74,8 +76,10 @@ class Packages
74	foreach ($meta_value as &$value){
75	$value = wpdm_escs($value);
76	}


77	} else
78	- $meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value):~~wpdm_escs~~($meta_value);
79	update_post_meta($post, $key_name, $meta_value);
80	}
81


18	'version' => 'txt',
19	'link_label' => 'txt',
20	'package_size' => 'txt',
21	+ 'page_template' => 'txt',
22	'view_count' => 'int',
23	'download_count' => 'int',
24	+ 'terms_conditions' => 'kses',
25	);
26
27	function __construct()

76	foreach ($meta_value as &$value){
77	$value = wpdm_escs($value);
78	}
79	+ } else if($meta_key == 'terms_conditions'){
80	+ $meta_value = __::sanitize_var($meta_value, 'kses');
81	} else
82	+ $meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value, 'txt'):esc_html($meta_value);
83	update_post_meta($post, $key_name, $meta_value);
84	}
85

src/Admin/Menu/Templates.php CHANGED Viewed

	@@ -214,7 +214,7 @@ class Templates
214	}
215
216	function updateTemplateStatus(){
217	- if(~~!current_user_can(WPDM_ADMIN_CAP)) die(~~'~~error~~');
218	$type = wpdm_query_var('type');
219	$tpldata = maybe_unserialize(get_option("_fm_{$type}_template_status"));
220	$tpldata[wpdm_query_var('template')] = wpdm_query_var('status');


214	}
215
216	function updateTemplateStatus(){
217	+ __::isAuthentic('tsnonce', WPDM_PRI_NONCE, WPDM_ADMIN_CAP);
218	$type = wpdm_query_var('type');
219	$tpldata = maybe_unserialize(get_option("_fm_{$type}_template_status"));
220	$tpldata[wpdm_query_var('template')] = wpdm_query_var('status');

src/Admin/views/metaboxes/lock-options.php CHANGED Viewed

	@@ -14,7 +14,7 @@
14	</div>
15	<div class="form-group">
16	<label for="pps_z"><?php echo __( "Terms Title:" , "download-manager" ); ?></label>
17	- <input type="text" class="form-control input-lg" name="file[terms_title]" value="<?php echo ~~esc_html~~(stripslashes(get_post_meta($post->ID,'__wpdm_terms_title', true))); ?>" />
18	</div>
19	<div class="form-group">
20	<label for="pps_z"><?php echo __( "Terms and Conditions:" , "download-manager" ); ?></label>
	@@ -23,7 +23,7 @@
23	?>
24	</div>
25	<label for="pps_z"><?php echo __( "Terms Checkbox Label:" , "download-manager" ); ?></label>
26	- <input type="text" class="form-control input-lg" name="file[terms_check_label]" value="<?php echo ~~esc_html~~(stripslashes(get_post_meta($post->ID,'__wpdm_terms_check_label', true))); ?>" />
27
28
29	</div>


14	</div>
15	<div class="form-group">
16	<label for="pps_z"><?php echo __( "Terms Title:" , "download-manager" ); ?></label>
17	+ <input type="text" class="form-control input-lg" name="file[terms_title]" value="<?php echo esc_attr(stripslashes(get_post_meta($post->ID,'__wpdm_terms_title', true))); ?>" />
18	</div>
19	<div class="form-group">
20	<label for="pps_z"><?php echo __( "Terms and Conditions:" , "download-manager" ); ?></label>

23	?>
24	</div>
25	<label for="pps_z"><?php echo __( "Terms Checkbox Label:" , "download-manager" ); ?></label>
26	+ <input type="text" class="form-control input-lg" name="file[terms_check_label]" value="<?php echo esc_attr(stripslashes(get_post_meta($post->ID,'__wpdm_terms_check_label', true))); ?>" />
27
28
29	</div>

src/Admin/views/metaboxes/package-settings.php CHANGED Viewed

	@@ -26,7 +26,7 @@
26
27	<tr id="link_label_row">
28	<td><?php echo __( "Link Label:" , "download-manager" ); ?></td>
29	- <td><input size="10" type="text" class="form-control input-sm" style="width: 200px" value="<?php echo ~~htmlspecialchars~~(get_post_meta($post->ID,'__wpdm_link_label',true)); ?>" name="file[link_label]" />
30	</td></tr>
31
32	<tr id="stock_row">


26
27	<tr id="link_label_row">
28	<td><?php echo __( "Link Label:" , "download-manager" ); ?></td>
29	+ <td><input size="10" type="text" class="form-control input-sm" style="width: 200px" value="<?php echo esc_attr(get_post_meta($post->ID,'__wpdm_link_label',true)); ?>" name="file[link_label]" />
30	</td></tr>
31
32	<tr id="stock_row">

src/Admin/views/settings/privacy.php CHANGED Viewed

	@@ -54,7 +54,7 @@ do_action("wpdm_privacy_settings_panel");
54	jQuery(function($) {
55	$('#clearCache').on('click', function () {
56	$(this).html('<i class="fa fa-sync fa-spin"></i>');
57	- $.~~get~~(ajaxurl + '~~?action=~~clear_cache', function (res) {
58	$('#clearCache').html('<i class="fa fa-check-circle"></i>')
59	});
60	return false;
	@@ -62,7 +62,7 @@ do_action("wpdm_privacy_settings_panel");
62	$('#clearStats').on('click', function () {
63	if (!confirm('Are you sure?')) return false;
64	$(this).html('<i class="fa fa-sync fa-spin"></i>');
65	- $.~~get~~(ajaxurl + '~~?action=~~clear_stats', function (res) {
66	$('#clearStats').html('<i class="fa fa-check-circle"></i>')
67	});
68	return false;


54	jQuery(function($) {
55	$('#clearCache').on('click', function () {
56	$(this).html('<i class="fa fa-sync fa-spin"></i>');
57	+ $.post(ajaxurl, {action : 'clear_cache', ccnonce: '<?= wp_create_nonce(WPDM_PRI_NONCE) ?>'}, function (res) {
58	$('#clearCache').html('<i class="fa fa-check-circle"></i>')
59	});
60	return false;

62	$('#clearStats').on('click', function () {
63	if (!confirm('Are you sure?')) return false;
64	$(this).html('<i class="fa fa-sync fa-spin"></i>');
65	+ $.post(ajaxurl, {action : 'clear_stats', csnonce: '<?= wp_create_nonce(WPDM_PRI_NONCE) ?>'}, function (res) {
66	$('#clearStats').html('<i class="fa fa-check-circle"></i>')
67	});
68	return false;

src/Admin/views/templates/templates.php CHANGED Viewed

	@@ -169,7 +169,7 @@ require_once __DIR__.'/header.php';
169	var v = $(this).data('value');
170	var c = '.'+$(this).data('id');
171	var $this = this;
172	- $.post(ajaxurl, {action: 'update_template_status', template: $(this).data('id'), type: '<?php echo $ttype; ?>', status: v}, function (res) {
173	$(c).removeClass('btn-danger').removeClass('btn-success').addClass('btn-secondary');
174	if(v==1)
175	$($this).addClass('btn-success').removeClass('btn-secondary');


169	var v = $(this).data('value');
170	var c = '.'+$(this).data('id');
171	var $this = this;
172	+ $.post(ajaxurl, {action: 'update_template_status', template: $(this).data('id'), type: '<?php echo $ttype; ?>', status: v, tsnonce: '<?= wp_create_nonce(WPDM_PRI_NONCE) ?>'}, function (res) {
173	$(c).removeClass('btn-danger').removeClass('btn-success').addClass('btn-secondary');
174	if(v==1)
175	$($this).addClass('btn-success').removeClass('btn-secondary');

src/Package/views/all-packages-shortcode.php CHANGED Viewed

	@@ -285,7 +285,7 @@ if(isset($params['jstable']) && $params['jstable']==1):
285	$data['download_url'] = '';
286	$data['download_link'] = WPDM()->package->downloadLink($data['ID'], 0, array('template_type' => 'link'));
287	$data = apply_filters("wpdm_after_prepare_package_data", $data);
288	- $download_link = ~~htmlspecialchars_decode(~~$data['download_link']);
289	if (function_exists('wpdmpp_effective_price') && wpdmpp_effective_price($data['ID']) > 0)
290	$download_link = wpdmpp_waytocart($data, 'btn-primary');
291


285	$data['download_url'] = '';
286	$data['download_link'] = WPDM()->package->downloadLink($data['ID'], 0, array('template_type' => 'link'));
287	$data = apply_filters("wpdm_after_prepare_package_data", $data);
288	+ $download_link = $data['download_link'];
289	if (function_exists('wpdmpp_effective_price') && wpdmpp_effective_price($data['ID']) > 0)
290	$download_link = wpdmpp_waytocart($data, 'btn-primary');
291

src/__/Apply.php CHANGED Viewed

	@@ -456,7 +456,7 @@ class Apply
456	*/
457	function clearCache()
458	{
459	- if (~~!current_user_can(~~'~~manage_options~~')) ~~die('You~~ ~~are not authorized!~~');
460	FileSystem::deleteFiles(WPDM_CACHE_DIR, false);
461	FileSystem::deleteFiles(WPDM_CACHE_DIR . 'pdfthumbs/', false);
462	global $wpdb;
	@@ -470,8 +470,8 @@ class Apply
470	*/
471	function clearStats()
472	{
473	- if (~~!current_user_can(~~'manage_options')~~) return~~;
474	- global $wpdb;
475	$wpdb->query('truncate table ' . $wpdb->prefix . 'ahm_download_stats');
476	$wpdb->query('truncate table ' . $wpdb->prefix . 'ahm_user_download_counts');
477	$wpdb->query("delete from {$wpdb->prefix}postmeta where meta_key='__wpdmx_user_download_count'");


456	*/
457	function clearCache()
458	{
459	+ __::isAuthentic('ccnonce', WPDM_PRI_NONCE, 'manage_options');
460	FileSystem::deleteFiles(WPDM_CACHE_DIR, false);
461	FileSystem::deleteFiles(WPDM_CACHE_DIR . 'pdfthumbs/', false);
462	global $wpdb;

470	*/
471	function clearStats()
472	{
473	+ __::isAuthentic('csnonce', WPDM_PRI_NONCE, 'manage_options');
474	+ global $wpdb;
475	$wpdb->query('truncate table ' . $wpdb->prefix . 'ahm_download_stats');
476	$wpdb->query('truncate table ' . $wpdb->prefix . 'ahm_user_download_counts');
477	$wpdb->query("delete from {$wpdb->prefix}postmeta where meta_key='__wpdmx_user_download_count'");

src/__/__.php CHANGED Viewed

	@@ -226,7 +226,7 @@ class __
226	* @param string $sanitize
227	* @return array\|float\|int\|mixed\|string\|string[]\|null
228	*/
229	- static function sanitize_var($value, $sanitize = '~~kses~~')
230	{
231	if (is_array($value))
232	return __::sanitize_array($value, $sanitize);
	@@ -235,20 +235,29 @@ class __
235	case 'int':
236	case 'num':
237	return (int)$value;
238	- ~~break;~~
239	case 'double':
240	case 'float':
241	return (double)($value);
242	- ~~break;~~

243	case 'txt':
244	case 'str':
245	- $value = ~~sanitize_text_field~~($value);




246	break;

247	case 'kses':
248	$allowedtags = wp_kses_allowed_html();
249	$allowedtags['div'] = array('class' => true);
250	$allowedtags['strong'] = array('class' => true);
251	$allowedtags['b'] = array('class' => true);



252	$allowedtags['i'] = array('class' => true);
253	$allowedtags['a'] = array('class' => true, 'href' => true);
254	$value = wp_kses($value, $allowedtags);
	@@ -260,9 +269,7 @@ class __
260	case 'txts':
261	$value = sanitize_textarea_field($value);
262	break;
263	- ~~case 'esc_html':~~
264	- $value = esc_html($value);
265	- break;
266	case 'url':
267	$value = esc_url_raw($value);
268	break;
	@@ -283,6 +290,7 @@ class __
283	case 'html':
284
285	break;

286	default:
287	$value = esc_sql(esc_attr($value));
288	break;


226	* @param string $sanitize
227	* @return array\|float\|int\|mixed\|string\|string[]\|null
228	*/
229	+ static function sanitize_var($value, $sanitize = '')
230	{
231	if (is_array($value))
232	return __::sanitize_array($value, $sanitize);

235	case 'int':
236	case 'num':
237	return (int)$value;
238	+
239	case 'double':
240	case 'float':
241	return (double)($value);
242	+
243	+ case 'esc_html':
244	case 'txt':
245	case 'str':
246	+ $value = esc_html($value);
247	+ break;
248	+
249	+ case 'esc_attr':
250	+ $value = esc_attr($value);
251	break;
252	+
253	case 'kses':
254	$allowedtags = wp_kses_allowed_html();
255	$allowedtags['div'] = array('class' => true);
256	$allowedtags['strong'] = array('class' => true);
257	$allowedtags['b'] = array('class' => true);
258	+ $allowedtags['ul'] = array('class' => false);
259	+ $allowedtags['ol'] = array('class' => false);
260	+ $allowedtags['li'] = array('class' => false);
261	$allowedtags['i'] = array('class' => true);
262	$allowedtags['a'] = array('class' => true, 'href' => true);
263	$value = wp_kses($value, $allowedtags);

269	case 'txts':
270	$value = sanitize_textarea_field($value);
271	break;
272	+


273	case 'url':
274	$value = esc_url_raw($value);
275	break;

290	case 'html':
291
292	break;
293	+
294	default:
295	$value = esc_sql(esc_attr($value));
296	break;