Download Monitor - Version 4.5.98

Version Description

Files changed (5) hide show

changelog.txt CHANGED Viewed


1	+ = 4.5.98 - 08.09.2022 =
2	+ Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
3	+
4	= 4.5.97 - 23.08.2022 =
5	Fixed: Class naming error
6

download-monitor.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Download Monitor
4	Plugin URI: https://www.download-monitor.com
5	Description: A full solution for managing and selling downloadable files, monitoring downloads and outputting download links and file information on your WordPress powered site.
6	- Version: 4.5.97
7	Author: WPChill
8	Author URI: https://wpchill.com
9	Requires at least: 5.4
	@@ -33,7 +33,7 @@ if ( ! defined( 'ABSPATH' ) ) {
33	} // Exit if accessed directly
34
35	// Define DLM Version
36	- define( 'DLM_VERSION', '4.5.97' );
37
38	// Define DLM FILE
39	define( 'DLM_PLUGIN_FILE', __FILE__ );


3	Plugin Name: Download Monitor
4	Plugin URI: https://www.download-monitor.com
5	Description: A full solution for managing and selling downloadable files, monitoring downloads and outputting download links and file information on your WordPress powered site.
6	+ Version: 4.5.98
7	Author: WPChill
8	Author URI: https://wpchill.com
9	Requires at least: 5.4

33	} // Exit if accessed directly
34
35	// Define DLM Version
36	+ define( 'DLM_VERSION', '4.5.98' );
37
38	// Define DLM FILE
39	define( 'DLM_PLUGIN_FILE', __FILE__ );

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: wpchill, silkalns, barrykooij, mikejolley
3	Tags: download manager, document management, file manager, digital store, ecommerce, document management plugin, download monitor, download counter, password protection, download protection, password, protect downloads, tracker, sell, shop, ecommerce, paypal
4	Requires at least: 5.4
5	Tested up to: 6.0
6	- Stable tag: 4.5.97
7	License: GPLv3
8	Text Domain: -
9	Requires PHP: 5.6
	@@ -121,6 +121,9 @@ More documentation can be found in our [Knowledge Base](https://www.download-mon
121
122	== Changelog ==
123



124	= 4.5.97 - 23.08.2022 =
125	Fixed: Class naming error
126


3	Tags: download manager, document management, file manager, digital store, ecommerce, document management plugin, download monitor, download counter, password protection, download protection, password, protect downloads, tracker, sell, shop, ecommerce, paypal
4	Requires at least: 5.4
5	Tested up to: 6.0
6	+ Stable tag: 4.5.98
7	License: GPLv3
8	Text Domain: -
9	Requires PHP: 5.6

121
122	== Changelog ==
123
124	+ = 4.5.98 - 08.09.2022 =
125	+ Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
126	+
127	= 4.5.97 - 23.08.2022 =
128	Fixed: Class naming error
129

src/DownloadHandler.php CHANGED Viewed

	@@ -719,6 +719,7 @@ class DLM_Download_Handler {
719	* @return mixed
720	*/
721	public function readfile_chunked( $file, $retbytes = true, $range = false ) {

722	$chunksize = 1 * ( 1024 * 1024 );
723	$buffer = '';
724	$cnt = 0;


719	* @return mixed
720	*/
721	public function readfile_chunked( $file, $retbytes = true, $range = false ) {
722	+
723	$chunksize = 1 * ( 1024 * 1024 );
724	$buffer = '';
725	$cnt = 0;

src/FileManager.php CHANGED Viewed

	@@ -257,8 +257,8 @@ class DLM_File_Manager {
257	* Return the secured file path or url of the downloadable file. Should not let restricted files or out of root files to be downloaded.
258	*
259	* @param string $file The file path/url
260	- * @param bool $relative Wheter or not to return a relative path. Default is false
261	- *
262	* @return array The secured file path/url and restriction status
263	* @since 4.5.9
264	*/
	@@ -271,6 +271,16 @@ class DLM_File_Manager {
271
272	list( $file_path, $remote_file ) = $this->parse_file_path( $file );
273










274	// If the file is remote, return the file path. If the file is not located on local server, return the file path.
275	// This is available even if the file is one of the restricted files below. The plugin will let the user download the file,
276	// but the file will be empty, with a 404 error or an error message.
	@@ -359,7 +369,7 @@ class DLM_File_Manager {
359	*
360	* @param string $file_path The current path of the file
361	* @param array $allowed_paths The allowed paths of the files
362	- *
363	* @return string The correct path of the file
364	* @since 4.5.92
365	*/


257	* Return the secured file path or url of the downloadable file. Should not let restricted files or out of root files to be downloaded.
258	*
259	* @param string $file The file path/url
260	+ * @param bool $relative Wheter or not to return a relative path. Default is false
261	+ *
262	* @return array The secured file path/url and restriction status
263	* @since 4.5.9
264	*/

271
272	list( $file_path, $remote_file ) = $this->parse_file_path( $file );
273
274	+ // Let's see if the file path is dirty
275	+ $file_scheme = parse_url( $file_path, PHP_URL_SCHEME );
276	+ // Default defined URL schemes
277	+ $allowed_schemes = array( 'http', 'https', 'ftp', 'ftps' );
278	+
279	+ if ( ! is_null( $file_scheme ) && ! in_array( $file_scheme, $allowed_schemes ) ) {
280	+ $restriction = true;
281	+ return array( $file_path, $remote_file, $restriction );
282	+ }
283	+
284	// If the file is remote, return the file path. If the file is not located on local server, return the file path.
285	// This is available even if the file is one of the restricted files below. The plugin will let the user download the file,
286	// but the file will be empty, with a 404 error or an error message.

369	*
370	* @param string $file_path The current path of the file
371	* @param array $allowed_paths The allowed paths of the files
372	+ *
373	* @return string The correct path of the file
374	* @since 4.5.92
375	*/