Version Description
- 12.09.2022 = Fixed: Restricted schemes ( #1035)
Download this release
Release Info
| Developer | raldea89 |
| Plugin |  Download Monitor |
| Version | 4.5.99 |
| Comparing to | |
| See all releases | |
Code changes from version 4.5.98 to 4.5.99
- changelog.txt +3 -0
- download-monitor.php +2 -2
- readme.txt +4 -1
- src/FileManager.php +10 -3
changelog.txt
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
|
|
|
|
|
|
|
|
| 1 |
= 4.5.98 - 08.09.2022 =
|
| 2 |
Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
|
| 3 |
|
| 1 |
+
= 4.5.99 - 12.09.2022 =
|
| 2 |
+
Fixed: Restricted schemes ( [#1035](https://github.com/WPChill/download-monitor/issues/1035))
|
| 3 |
+
|
| 4 |
= 4.5.98 - 08.09.2022 =
|
| 5 |
Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
|
| 6 |
|
download-monitor.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Download Monitor
|
| 4 |
Plugin URI: https://www.download-monitor.com
|
| 5 |
Description: A full solution for managing and selling downloadable files, monitoring downloads and outputting download links and file information on your WordPress powered site.
|
| 6 |
-
Version: 4.5.
|
| 7 |
Author: WPChill
|
| 8 |
Author URI: https://wpchill.com
|
| 9 |
Requires at least: 5.4
|
|
@@ -33,7 +33,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 33 |
} // Exit if accessed directly
|
| 34 |
|
| 35 |
// Define DLM Version
|
| 36 |
-
define( 'DLM_VERSION', '4.5.
|
| 37 |
|
| 38 |
// Define DLM FILE
|
| 39 |
define( 'DLM_PLUGIN_FILE', __FILE__ );
|
| 3 |
Plugin Name: Download Monitor
|
| 4 |
Plugin URI: https://www.download-monitor.com
|
| 5 |
Description: A full solution for managing and selling downloadable files, monitoring downloads and outputting download links and file information on your WordPress powered site.
|
| 6 |
+
Version: 4.5.99
|
| 7 |
Author: WPChill
|
| 8 |
Author URI: https://wpchill.com
|
| 9 |
Requires at least: 5.4
|
| 33 |
} // Exit if accessed directly
|
| 34 |
|
| 35 |
// Define DLM Version
|
| 36 |
+
define( 'DLM_VERSION', '4.5.99' );
|
| 37 |
|
| 38 |
// Define DLM FILE
|
| 39 |
define( 'DLM_PLUGIN_FILE', __FILE__ );
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: wpchill, silkalns, barrykooij, mikejolley
|
|
| 3 |
Tags: download manager, document management, file manager, digital store, ecommerce, document management plugin, download monitor, download counter, password protection, download protection, password, protect downloads, tracker, sell, shop, ecommerce, paypal
|
| 4 |
Requires at least: 5.4
|
| 5 |
Tested up to: 6.0
|
| 6 |
-
Stable tag: 4.5.
|
| 7 |
License: GPLv3
|
| 8 |
Text Domain: -
|
| 9 |
Requires PHP: 5.6
|
|
@@ -121,6 +121,9 @@ More documentation can be found in our [Knowledge Base](https://www.download-mon
|
|
| 121 |
|
| 122 |
== Changelog ==
|
| 123 |
|
|
|
|
|
|
|
|
|
|
| 124 |
= 4.5.98 - 08.09.2022 =
|
| 125 |
Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
|
| 126 |
|
| 3 |
Tags: download manager, document management, file manager, digital store, ecommerce, document management plugin, download monitor, download counter, password protection, download protection, password, protect downloads, tracker, sell, shop, ecommerce, paypal
|
| 4 |
Requires at least: 5.4
|
| 5 |
Tested up to: 6.0
|
| 6 |
+
Stable tag: 4.5.99
|
| 7 |
License: GPLv3
|
| 8 |
Text Domain: -
|
| 9 |
Requires PHP: 5.6
|
| 121 |
|
| 122 |
== Changelog ==
|
| 123 |
|
| 124 |
+
= 4.5.99 - 12.09.2022 =
|
| 125 |
+
Fixed: Restricted schemes ( [#1035](https://github.com/WPChill/download-monitor/issues/1035))
|
| 126 |
+
|
| 127 |
= 4.5.98 - 08.09.2022 =
|
| 128 |
Fixed: Un-approved file download bug/security issue ( [#1021](https://github.com/WPChill/download-monitor/issues/1021) )
|
| 129 |
|
src/FileManager.php
CHANGED
|
@@ -273,10 +273,17 @@ class DLM_File_Manager {
|
|
| 273 |
|
| 274 |
// Let's see if the file path is dirty
|
| 275 |
$file_scheme = parse_url( $file_path, PHP_URL_SCHEME );
|
| 276 |
-
// Default
|
| 277 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 278 |
|
| 279 |
-
if (
|
| 280 |
$restriction = true;
|
| 281 |
return array( $file_path, $remote_file, $restriction );
|
| 282 |
}
|
| 273 |
|
| 274 |
// Let's see if the file path is dirty
|
| 275 |
$file_scheme = parse_url( $file_path, PHP_URL_SCHEME );
|
| 276 |
+
// Default restricted URL schemes
|
| 277 |
+
$restricted_schemes = array( 'php' );
|
| 278 |
+
$restricted_schemes = array_merge(
|
| 279 |
+
$restricted_schemes,
|
| 280 |
+
apply_filters(
|
| 281 |
+
'dlm_restricted_schemes',
|
| 282 |
+
array()
|
| 283 |
+
)
|
| 284 |
+
);
|
| 285 |
|
| 286 |
+
if ( in_array( $file_scheme, $restricted_schemes ) ) {
|
| 287 |
$restriction = true;
|
| 288 |
return array( $file_path, $remote_file, $restriction );
|
| 289 |
}
|
