WordPress Download Manager

Version Description

2022.08.03 =
Fixed an issue with the REQUEST_URI sanitization in modal login form

Release Info

Developer	codename065
Plugin	WordPress Download Manager
Version	3.2.53
Comparing to
See all releases

Code changes from version 3.2.52 to 3.2.53

Files changed (7) hide show

download-manager.php +2 -2
readme.txt +4 -1
src/Package/PackageController.php +11 -11
src/User/Login.php +6 -6
src/User/views/modal-login-form.php +2 -2
src/__/Apply.php +1 -1
src/wpdm-functions.php +1 -1

download-manager.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: https://www.wpdownloadmanager.com/purchases/
5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden, Inc.
7	Author URI: https://www.wpdownloadmanager.com/
8	- Version: 3.2.52
9	Text Domain: download-manager
10	Domain Path: /languages
11	*/
	@@ -39,7 +39,7 @@ use WPDM\Widgets\WidgetController;
39
40	global $WPDM;
41
42	- define('WPDM_VERSION','3.2.52');
43
44	define('WPDM_TEXT_DOMAIN','download-manager');
45


5	Description: Manage, Protect and Track file downloads, and sell digital products from your WordPress site. A complete digital asset management solution.
6	Author: W3 Eden, Inc.
7	Author URI: https://www.wpdownloadmanager.com/
8	+ Version: 3.2.53
9	Text Domain: download-manager
10	Domain Path: /languages
11	*/

39
40	global $WPDM;
41
42	+ define('WPDM_VERSION','3.2.53');
43
44	define('WPDM_TEXT_DOMAIN','download-manager');
45

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: download manager, document management, file manager, digital store, ecomme
5	Requires at least: 5.3
6	Tested up to: 6.0
7	License: GPLv2 or later
8	- Stable tag: 3.2.52
9
10
11	This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.
	@@ -181,6 +181,9 @@ Check download stats and get a push notification when someone downloads, install
181
182	== Changelog ==
183



184	= 3.2.52 - 2022.07.28 =
185	* Fixed an issue with the insert url option
186


5	Requires at least: 5.3
6	Tested up to: 6.0
7	License: GPLv2 or later
8	+ Stable tag: 3.2.53
9
10
11	This File Management & Digital Store plugin will help you to control file downloads & sell digital products from your WP site.

181
182	== Changelog ==
183
184	+ = 3.2.53 - 2022.08.03 =
185	+ * Fixed an issue with the `REQUEST_URI` sanitization in modal login form
186	+
187	= 3.2.52 - 2022.07.28 =
188	* Fixed an issue with the insert url option
189

src/Package/PackageController.php CHANGED Viewed

	@@ -298,14 +298,14 @@ class PackageController extends PackageTemplate {
298	else if ( ! is_user_logged_in() && ! self::userCanAccess( $post_vars['ID'] ) ) {
299	$packurl = get_permalink( $post_vars['ID'] );
300	$loginform = WPDM()->user->login->form( array( 'redirect' => $packurl ) );
301	- $post_vars['download_url'] = WPDM()->user->login->url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']) );
302	$post_vars['download_link'] =
303	$post_vars['download_link_extended'] =
304	$post_vars['download_link_popup'] = stripcslashes( str_replace( array(
305	"[loginform]",
306	"[this_url]",
307	"[package_url]"
308	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), $packurl ), $loginmsg ) );
309	$post_vars['download_link'] =
310	$post_vars['download_link_extended'] =
311	$post_vars['download_link_popup'] = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $post_vars['download_link'];
	@@ -1045,13 +1045,13 @@ class PackageController extends PackageTemplate {
1045	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1046	return 'loginform';
1047	}
1048	- $package['download_url'] = $vars['download_link_extended'] = $vars['download_link_popup'] = home_url( '/wp-login.php?redirect_to=' . urlencode( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']) ) );
1049	$loginmsg = Messages::login_required( $package['ID'] );
1050	$package['download_link'] = stripcslashes( str_replace( array(
1051	"[loginform]",
1052	"[this_url]",
1053	"[package_url]"
1054	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), get_permalink( $package['ID'] ) ), $loginmsg ) );
1055
1056	return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $package['download_link'];
1057
	@@ -1345,25 +1345,25 @@ class PackageController extends PackageTemplate {
1345	//Login is required to download
1346	if ( ! @in_array( 'guest', $access ) && ! is_user_logged_in() ) {
1347
1348	- $loginform = WPDM()->user->login->form( array( 'redirect' => __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']) ) );
1349	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1350	$hide_all_message = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : stripcslashes( str_replace( array(
1351	"[loginform]",
1352	"[this_url]",
1353	"[package_url]"
1354	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), get_permalink( $ID ) ), $loginmsg ) );
1355	if ( $template_type == 'link' ) {
1356	- return "<a href='" . wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']) ) . "' class='btn btn-danger'>" . __( "Login", "download-manager" ) . "</a>";
1357	} else {
1358	return $hide_all_message;
1359	}
1360	}
1361	- $download_url = wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']) );
1362	$download_link = $download_link_extended = $download_link_popup = stripcslashes( str_replace( array(
1363	"[loginform]",
1364	"[this_url]",
1365	"[package_url]"
1366	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), get_permalink( $ID ) ), $loginmsg ) );
1367
1368	return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $download_link;
1369
	@@ -1577,7 +1577,7 @@ class PackageController extends PackageTemplate {
1577	"[loginform]",
1578	"[this_url]",
1579	"[package_url]"
1580	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1581	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1582	return $type == 'page' ? $hide_all_message : '';
1583	}
	@@ -1837,7 +1837,7 @@ class PackageController extends PackageTemplate {
1837	"[loginform]",
1838	"[this_url]",
1839	"[package_url]"
1840	- ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1841
1842	if ( $vars['download_link'] == 'blocked' && $type == 'link' ) {
1843	return "";


298	else if ( ! is_user_logged_in() && ! self::userCanAccess( $post_vars['ID'] ) ) {
299	$packurl = get_permalink( $post_vars['ID'] );
300	$loginform = WPDM()->user->login->form( array( 'redirect' => $packurl ) );
301	+ $post_vars['download_url'] = WPDM()->user->login->url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']) );
302	$post_vars['download_link'] =
303	$post_vars['download_link_extended'] =
304	$post_vars['download_link_popup'] = stripcslashes( str_replace( array(
305	"[loginform]",
306	"[this_url]",
307	"[package_url]"
308	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), $packurl ), $loginmsg ) );
309	$post_vars['download_link'] =
310	$post_vars['download_link_extended'] =
311	$post_vars['download_link_popup'] = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $post_vars['download_link'];

1045	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1046	return 'loginform';
1047	}
1048	+ $package['download_url'] = $vars['download_link_extended'] = $vars['download_link_popup'] = home_url( '/wp-login.php?redirect_to=' . urlencode( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']) ) );
1049	$loginmsg = Messages::login_required( $package['ID'] );
1050	$package['download_link'] = stripcslashes( str_replace( array(
1051	"[loginform]",
1052	"[this_url]",
1053	"[package_url]"
1054	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), get_permalink( $package['ID'] ) ), $loginmsg ) );
1055
1056	return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $package['download_link'];
1057

1345	//Login is required to download
1346	if ( ! @in_array( 'guest', $access ) && ! is_user_logged_in() ) {
1347
1348	+ $loginform = WPDM()->user->login->form( array( 'redirect' => __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']) ) );
1349	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1350	$hide_all_message = get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : stripcslashes( str_replace( array(
1351	"[loginform]",
1352	"[this_url]",
1353	"[package_url]"
1354	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), get_permalink( $ID ) ), $loginmsg ) );
1355	if ( $template_type == 'link' ) {
1356	+ return "<a href='" . wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']) ) . "' class='btn btn-danger'>" . __( "Login", "download-manager" ) . "</a>";
1357	} else {
1358	return $hide_all_message;
1359	}
1360	}
1361	+ $download_url = wpdm_login_url( __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']) );
1362	$download_link = $download_link_extended = $download_link_popup = stripcslashes( str_replace( array(
1363	"[loginform]",
1364	"[this_url]",
1365	"[package_url]"
1366	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), get_permalink( $ID ) ), $loginmsg ) );
1367
1368	return get_option( '__wpdm_login_form', 0 ) == 1 ? $loginform : $download_link;
1369

1577	"[loginform]",
1578	"[this_url]",
1579	"[package_url]"
1580	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1581	if ( get_option( '_wpdm_hide_all', 0 ) == 1 ) {
1582	return $type == 'page' ? $hide_all_message : '';
1583	}

1837	"[loginform]",
1838	"[this_url]",
1839	"[package_url]"
1840	+ ), array( $loginform, __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), get_permalink( $vars['ID'] ) ), $loginmsg ) );
1841
1842	if ( $vars['download_link'] == 'blocked' && $type == 'link' ) {
1843	return "";

src/User/Login.php CHANGED Viewed

	@@ -94,12 +94,12 @@ class Login
94	if ($regurl > 0)
95	$regurl = get_permalink($regurl);
96	}
97	- $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
98	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
99	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
100
101	$up = parse_url($log_redirect);
102	- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
103
104	$log_redirect = strip_tags($log_redirect);
105
	@@ -322,12 +322,12 @@ class Login
322	if ($regurl > 0)
323	$regurl = get_permalink($regurl);
324	}
325	- $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
326	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
327	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
328
329	$up = parse_url($log_redirect);
330	- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
331
332	$log_redirect = strip_tags($log_redirect);
333
	@@ -396,12 +396,12 @@ class Login
396	if ($regurl > 0)
397	$regurl = get_permalink($regurl);
398	}
399	- $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
400	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
401	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
402
403	$up = parse_url($log_redirect);
404	- if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']);
405
406	$log_redirect = strip_tags($log_redirect);
407


94	if ($regurl > 0)
95	$regurl = get_permalink($regurl);
96	}
97	+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
98	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
99	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
100
101	$up = parse_url($log_redirect);
102	+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
103
104	$log_redirect = strip_tags($log_redirect);
105

322	if ($regurl > 0)
323	$regurl = get_permalink($regurl);
324	}
325	+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
326	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
327	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
328
329	$up = parse_url($log_redirect);
330	+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
331
332	$log_redirect = strip_tags($log_redirect);
333

396	if ($regurl > 0)
397	$regurl = get_permalink($regurl);
398	}
399	+ $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
400	if (isset($params['redirect'])) $log_redirect = esc_url_raw($params['redirect']);
401	if (isset($_GET['redirect_to'])) $log_redirect = esc_url_raw($_GET['redirect_to']);
402
403	$up = parse_url($log_redirect);
404	+ if (isset($up['host']) && $up['host'] != $_SERVER['SERVER_NAME']) $log_redirect = __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']);
405
406	$log_redirect = strip_tags($log_redirect);
407

src/User/views/modal-login-form.php CHANGED Viewed

	@@ -39,7 +39,7 @@ if(!defined('ABSPATH')) die(); ?>
39
40
41
42	- <input type="hidden" name="redirect_to" id="wpdm_modal_login_redirect_to" value="<?php ~~echo $_SERVER['REQUEST_URI']~~; ?>" />
43
44	<div class="row">
45	<div class="col-lg-12">
	@@ -82,7 +82,7 @@ if(!defined('ABSPATH')) die(); ?>
82	<script>
83	jQuery(function ($) {
84	var llbl = $('#wpdmloginmodal-submit').html();
85	- var __lm_redirect_to = "<?php echo \WPDM\__\__::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']); ?>";
86	var __lm_logo = "<?php echo get_site_icon_url(); ?>";
87	var $body = $('body');
88	$('#modalloginform').submit(function () {


39
40
41
42	+ <input type="hidden" name="redirect_to" id="wpdm_modal_login_redirect_to" value="<?php the_permalink(); ?>" />
43
44	<div class="row">
45	<div class="col-lg-12">

82	<script>
83	jQuery(function ($) {
84	var llbl = $('#wpdmloginmodal-submit').html();
85	+ var __lm_redirect_to = "<?php echo \WPDM\__\__::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']); ?>";
86	var __lm_logo = "<?php echo get_site_icon_url(); ?>";
87	var $body = $('body');
88	$('#modalloginform').submit(function () {

src/__/Apply.php CHANGED Viewed

	@@ -224,7 +224,7 @@ class Apply
224
225	global $wpdb, $current_user, $wp_query;
226	if (preg_match("/\/wpdmdl\/([\d]+)-([^\/]+)\/(.+)/", $_SERVER['REQUEST_URI'])) {
227	- $uri = trim(__::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~']), '/');
228	$download_url_base = get_option('__wpdm_download_url_base', 'download');
229	$uri = explode("/" . $download_url_base . "/", $uri);
230	$parts = explode("/", $uri[1]);


224
225	global $wpdb, $current_user, $wp_query;
226	if (preg_match("/\/wpdmdl\/([\d]+)-([^\/]+)\/(.+)/", $_SERVER['REQUEST_URI'])) {
227	+ $uri = trim(__::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt']), '/');
228	$download_url_base = get_option('__wpdm_download_url_base', 'download');
229	$uri = explode("/" . $download_url_base . "/", $uri);
230	$parts = explode("/", $uri[1]);

src/wpdm-functions.php CHANGED Viewed

	@@ -660,7 +660,7 @@ function wpdm_fetch_template($template, $vars, $type = 'link')
660	*/
661	function wpdm_loginform()
662	{
663	- return wpdm_login_form(array('redirect' => __::valueof($_SERVER, 'REQUEST_URI', ['validate' => '~~escs~~'])));
664	}
665
666


660	*/
661	function wpdm_loginform()
662	{
663	+ return wpdm_login_form(array('redirect' => __::valueof($_SERVER, 'REQUEST_URI', ['validate' => 'txt'])));
664	}
665
666

WordPress Download Manager - Version 3.2.53

Version Description

Release Info

Code changes from version 3.2.52 to 3.2.53