Version Description
- 2022.07.28 =
- Fixed an issue with the insert url option
Download this release
Release Info
Developer | codename065 |
Plugin | WordPress Download Manager |
Version | 3.2.52 |
Comparing to | |
See all releases |
Code changes from version 3.2.51 to 3.2.52
- download-manager.php +2 -2
- readme.txt +4 -1
- src/Admin/Menu/Packages.php +10 -4
- src/__/FileSystem.php +11 -0
download-manager.php
CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.wpdownloadmanager.com/purchases/
|
|
5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
6 |
Author: W3 Eden, Inc.
|
7 |
Author URI: https://www.wpdownloadmanager.com/
|
8 |
-
Version: 3.2.
|
9 |
Text Domain: download-manager
|
10 |
Domain Path: /languages
|
11 |
*/
|
@@ -39,7 +39,7 @@ use WPDM\Widgets\WidgetController;
|
|
39 |
|
40 |
global $WPDM;
|
41 |
|
42 |
-
define('WPDM_VERSION','3.2.
|
43 |
|
44 |
define('WPDM_TEXT_DOMAIN','download-manager');
|
45 |
|
5 |
Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
|
6 |
Author: W3 Eden, Inc.
|
7 |
Author URI: https://www.wpdownloadmanager.com/
|
8 |
+
Version: 3.2.52
|
9 |
Text Domain: download-manager
|
10 |
Domain Path: /languages
|
11 |
*/
|
39 |
|
40 |
global $WPDM;
|
41 |
|
42 |
+
define('WPDM_VERSION','3.2.52');
|
43 |
|
44 |
define('WPDM_TEXT_DOMAIN','download-manager');
|
45 |
|
readme.txt
CHANGED
@@ -5,7 +5,7 @@ Tags: download manager, document management, file manager, digital store, ecomme
|
|
5 |
Requires at least: 5.3
|
6 |
Tested up to: 6.0
|
7 |
License: GPLv2 or later
|
8 |
-
Stable tag: 3.2.
|
9 |
|
10 |
|
11 |
This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
|
@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
|
|
181 |
|
182 |
== Changelog ==
|
183 |
|
|
|
|
|
|
|
184 |
= 3.2.51 - 2022.07.27 =
|
185 |
* Revalidated attached file to avoid any blocked file type attachment
|
186 |
|
5 |
Requires at least: 5.3
|
6 |
Tested up to: 6.0
|
7 |
License: GPLv2 or later
|
8 |
+
Stable tag: 3.2.52
|
9 |
|
10 |
|
11 |
This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
|
181 |
|
182 |
== Changelog ==
|
183 |
|
184 |
+
= 3.2.52 - 2022.07.28 =
|
185 |
+
* Fixed an issue with the insert url option
|
186 |
+
|
187 |
= 3.2.51 - 2022.07.27 =
|
188 |
* Revalidated attached file to avoid any blocked file type attachment
|
189 |
|
src/Admin/Menu/Packages.php
CHANGED
@@ -66,15 +66,21 @@ class Packages
|
|
66 |
$key_name = "__wpdm_" . $meta_key;
|
67 |
if($meta_key == 'package_size' && (double)$meta_value == 0) $meta_value = "";
|
68 |
if($meta_key == 'files'){
|
69 |
-
$meta_value = array_unique($meta_value);
|
70 |
foreach ($meta_value as &$value){
|
71 |
$value = wpdm_escs($value);
|
72 |
-
if(
|
|
|
|
|
|
|
|
|
|
|
|
|
73 |
}
|
|
|
74 |
} else if($meta_key == 'terms_conditions'){
|
75 |
$meta_value = __::sanitize_var($meta_value, 'kses');
|
76 |
} else
|
77 |
-
$meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value, 'txt'):
|
78 |
update_post_meta($post, $key_name, $meta_value);
|
79 |
}
|
80 |
|
@@ -104,7 +110,7 @@ class Packages
|
|
104 |
check_ajax_referer(NONCE_KEY);
|
105 |
if(!current_user_can('upload_files')) die('-2');
|
106 |
|
107 |
-
$name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?
|
108 |
|
109 |
$ext = FileSystem::fileExt($name);
|
110 |
|
66 |
$key_name = "__wpdm_" . $meta_key;
|
67 |
if($meta_key == 'package_size' && (double)$meta_value == 0) $meta_value = "";
|
68 |
if($meta_key == 'files'){
|
|
|
69 |
foreach ($meta_value as &$value){
|
70 |
$value = wpdm_escs($value);
|
71 |
+
if(!__::is_url($value)) {
|
72 |
+
if(WPDM()->fileSystem->isBlocked($value)) $value = '';
|
73 |
+
$abspath = WPDM()->fileSystem->locateFile( $value );
|
74 |
+
if ( ! WPDM()->fileSystem->allowedPath( $abspath ) ) {
|
75 |
+
$value = '';
|
76 |
+
}
|
77 |
+
}
|
78 |
}
|
79 |
+
$meta_value = array_unique($meta_value);
|
80 |
} else if($meta_key == 'terms_conditions'){
|
81 |
$meta_value = __::sanitize_var($meta_value, 'kses');
|
82 |
} else
|
83 |
+
$meta_value = is_array($meta_value)?wpdm_sanitize_array($meta_value, 'txt'):htmlspecialchars($meta_value);
|
84 |
update_post_meta($post, $key_name, $meta_value);
|
85 |
}
|
86 |
|
110 |
check_ajax_referer(NONCE_KEY);
|
111 |
if(!current_user_can('upload_files')) die('-2');
|
112 |
|
113 |
+
$name = isset($_FILES['package_file']['name']) && !isset($_REQUEST["chunks"])?sanitize_file_name($_FILES['package_file']['name']):wpdm_query_var('name', 'txt');
|
114 |
|
115 |
$ext = FileSystem::fileExt($name);
|
116 |
|
src/__/FileSystem.php
CHANGED
@@ -6,6 +6,8 @@
|
|
6 |
*/
|
7 |
namespace WPDM\__;
|
8 |
|
|
|
|
|
9 |
class FileSystem
|
10 |
{
|
11 |
function __construct()
|
@@ -795,6 +797,8 @@ class FileSystem
|
|
795 |
*/
|
796 |
function isBlocked($filename, $abspath = '')
|
797 |
{
|
|
|
|
|
798 |
$types = $this->getAllowedFileTypes();
|
799 |
|
800 |
if(in_array('*', $types)) return false;
|
@@ -913,4 +917,11 @@ class FileSystem
|
|
913 |
{
|
914 |
return $this->absPath($file);
|
915 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
916 |
}
|
6 |
*/
|
7 |
namespace WPDM\__;
|
8 |
|
9 |
+
use WPDM\AssetManager\AssetManager;
|
10 |
+
|
11 |
class FileSystem
|
12 |
{
|
13 |
function __construct()
|
797 |
*/
|
798 |
function isBlocked($filename, $abspath = '')
|
799 |
{
|
800 |
+
if($filename === '') return true;
|
801 |
+
|
802 |
$types = $this->getAllowedFileTypes();
|
803 |
|
804 |
if(in_array('*', $types)) return false;
|
917 |
{
|
918 |
return $this->absPath($file);
|
919 |
}
|
920 |
+
|
921 |
+
function allowedPath($absPath)
|
922 |
+
{
|
923 |
+
if(!$absPath) return false;
|
924 |
+
if(substr_count($absPath, UPLOAD_DIR) || substr_count($absPath, AssetManager::root())) return true;
|
925 |
+
return false;
|
926 |
+
}
|
927 |
}
|