WordPress Download Manager - Version 3.2.52

Version Description

  • 2022.07.28 =
  • Fixed an issue with the insert url option
Download this release

Release Info

Developer codename065
Plugin Icon 128x128 WordPress Download Manager
Version 3.2.52
Comparing to
See all releases

Code changes from version 3.2.51 to 3.2.52

Files changed (4) hide show
  1. download-manager.php +2 -2
  2. readme.txt +4 -1
  3. src/Admin/Menu/Packages.php +10 -4
  4. src/__/FileSystem.php +11 -0
download-manager.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.wpdownloadmanager.com/purchases/
5
  Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6
  Author: W3 Eden, Inc.
7
  Author URI: https://www.wpdownloadmanager.com/
8
- Version: 3.2.51
9
  Text Domain: download-manager
10
  Domain Path: /languages
11
  */
@@ -39,7 +39,7 @@ use WPDM\Widgets\WidgetController;
39
 
40
  global $WPDM;
41
 
42
- define('WPDM_VERSION','3.2.51');
43
 
44
  define('WPDM_TEXT_DOMAIN','download-manager');
45
 
5
  Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6
  Author: W3 Eden, Inc.
7
  Author URI: https://www.wpdownloadmanager.com/
8
+ Version: 3.2.52
9
  Text Domain: download-manager
10
  Domain Path: /languages
11
  */
39
 
40
  global $WPDM;
41
 
42
+ define('WPDM_VERSION','3.2.52');
43
 
44
  define('WPDM_TEXT_DOMAIN','download-manager');
45
 
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: download manager, document management, file manager, digital store, ecomme
5
  Requires at least: 5.3
6
  Tested up to: 6.0
7
  License: GPLv2 or later
8
- Stable tag: 3.2.51
9
 
10
 
11
  This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
181
 
182
  == Changelog ==
183
 
 
 
 
184
  = 3.2.51 - 2022.07.27 =
185
  * Revalidated attached file to avoid any blocked file type attachment
186
 
5
  Requires at least: 5.3
6
  Tested up to: 6.0
7
  License: GPLv2 or later
8
+ Stable tag: 3.2.52
9
 
10
 
11
  This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
181
 
182
  == Changelog ==
183
 
184
+ = 3.2.52 - 2022.07.28 =
185
+ * Fixed an issue with the insert url option
186
+
187
  = 3.2.51 - 2022.07.27 =
188
  * Revalidated attached file to avoid any blocked file type attachment
189
 
src/Admin/Menu/Packages.php CHANGED
@@ -66,15 +66,21 @@ class Packages
66
  $key_name = "__wpdm_" . $meta_key;
67
  if($meta_key == 'package_size' && (double)$meta_value == 0) $meta_value = "";
68
  if($meta_key == 'files'){
69
- $meta_value = array_unique($meta_value);
70
  foreach ($meta_value as &$value){
71
  $value = wpdm_escs($value);
72
- if(WPDM()->fileSystem->isBlocked($value)) $value = '';
 
 
 
 
 
 
73
  }
 
74
  } else if($meta_key == 'terms_conditions'){
75
  $meta_value = __::sanitize_var($meta_value, 'kses');
76
  } else
77
- $meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value, 'txt'):esc_html($meta_value);
78
  update_post_meta($post, $key_name, $meta_value);
79
  }
80
 
@@ -104,7 +110,7 @@ class Packages
104
  check_ajax_referer(NONCE_KEY);
105
  if(!current_user_can('upload_files')) die('-2');
106
 
107
- $name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?sanitize_text_field($_FILES['package_file']['name']):wpdm_query_var('name', 'txt');
108
 
109
  $ext = FileSystem::fileExt($name);
110
 
66
  $key_name = "__wpdm_" . $meta_key;
67
  if($meta_key == 'package_size' && (double)$meta_value == 0) $meta_value = "";
68
  if($meta_key == 'files'){
 
69
  foreach ($meta_value as &$value){
70
  $value = wpdm_escs($value);
71
+ if(!__::is_url($value)) {
72
+ if(WPDM()->fileSystem->isBlocked($value)) $value = '';
73
+ $abspath = WPDM()->fileSystem->locateFile( $value );
74
+ if ( ! WPDM()->fileSystem->allowedPath( $abspath ) ) {
75
+ $value = '';
76
+ }
77
+ }
78
  }
79
+ $meta_value = array_unique($meta_value);
80
  } else if($meta_key == 'terms_conditions'){
81
  $meta_value = __::sanitize_var($meta_value, 'kses');
82
  } else
83
+ $meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value, 'txt'):htmlspecialchars($meta_value);
84
  update_post_meta($post, $key_name, $meta_value);
85
  }
86
 
110
  check_ajax_referer(NONCE_KEY);
111
  if(!current_user_can('upload_files')) die('-2');
112
 
113
+ $name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?sanitize_file_name($_FILES['package_file']['name']):wpdm_query_var('name', 'txt');
114
 
115
  $ext = FileSystem::fileExt($name);
116
 
src/__/FileSystem.php CHANGED
@@ -6,6 +6,8 @@
6
  */
7
  namespace WPDM\__;
8
 
 
 
9
  class FileSystem
10
  {
11
  function __construct()
@@ -795,6 +797,8 @@ class FileSystem
795
  */
796
  function isBlocked($filename, $abspath = '')
797
  {
 
 
798
  $types = $this->getAllowedFileTypes();
799
 
800
  if(in_array('*', $types)) return false;
@@ -913,4 +917,11 @@ class FileSystem
913
  {
914
  return $this->absPath($file);
915
  }
 
 
 
 
 
 
 
916
  }
6
  */
7
  namespace WPDM\__;
8
 
9
+ use WPDM\AssetManager\AssetManager;
10
+
11
  class FileSystem
12
  {
13
  function __construct()
797
  */
798
  function isBlocked($filename, $abspath = '')
799
  {
800
+ if($filename === '') return true;
801
+
802
  $types = $this->getAllowedFileTypes();
803
 
804
  if(in_array('*', $types)) return false;
917
  {
918
  return $this->absPath($file);
919
  }
920
+
921
+ function allowedPath($absPath)
922
+ {
923
+ if(!$absPath) return false;
924
+ if(substr_count($absPath, UPLOAD_DIR) || substr_count($absPath, AssetManager::root())) return true;
925
+ return false;
926
+ }
927
  }