Easy Digital Downloads - Version 2.9.17

Version Description

Download this release

Release Info

Developer cklosows
Plugin Icon 128x128 Easy Digital Downloads
Version 2.9.17
Comparing to
See all releases

Code changes from version 2.9.16 to 2.9.17

Files changed (4) hide show
  1. easy-digital-downloads.php +3 -3
  2. includes/api/class-edd-api.php +5 -0
  3. languages/easy-digital-downloads.pot +29 -29
  4. readme.txt +4 -2
easy-digital-downloads.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: The easiest way to sell digital products with WordPress.
6
  * Author: Easy Digital Downloads
7
  * Author URI: https://easydigitaldownloads.com
8
- * Version: 2.9.16
9
  * Text Domain: easy-digital-downloads
10
  * Domain Path: languages
11
  *
@@ -25,7 +25,7 @@
25
  * @package EDD
26
  * @category Core
27
  * @author Pippin Williamson
28
- * @version 2.9.16
29
  */
30
 
31
  // Exit if accessed directly.
@@ -206,7 +206,7 @@ final class Easy_Digital_Downloads {
206
 
207
  // Plugin version.
208
  if ( ! defined( 'EDD_VERSION' ) ) {
209
- define( 'EDD_VERSION', '2.9.16' );
210
  }
211
 
212
  // Plugin Folder Path.
5
  * Description: The easiest way to sell digital products with WordPress.
6
  * Author: Easy Digital Downloads
7
  * Author URI: https://easydigitaldownloads.com
8
+ * Version: 2.9.17
9
  * Text Domain: easy-digital-downloads
10
  * Domain Path: languages
11
  *
25
  * @package EDD
26
  * @category Core
27
  * @author Pippin Williamson
28
+ * @version 2.9.17
29
  */
30
 
31
  // Exit if accessed directly.
206
 
207
  // Plugin version.
208
  if ( ! defined( 'EDD_VERSION' ) ) {
209
+ define( 'EDD_VERSION', '2.9.17' );
210
  }
211
 
212
  // Plugin Folder Path.
includes/api/class-edd-api.php CHANGED
@@ -323,6 +323,11 @@ class EDD_API {
323
  $secret = $this->get_user_secret_key( $user );
324
  $public = urldecode( $wp_query->query_vars['key'] );
325
 
 
 
 
 
 
326
  $valid = $this->check_keys( $secret, $public, $token );
327
  if ( $valid ) {
328
  $this->is_valid_request = true;
323
  $secret = $this->get_user_secret_key( $user );
324
  $public = urldecode( $wp_query->query_vars['key'] );
325
 
326
+ // Verify that if user has secret key or not.
327
+ if ( ! $secret ) {
328
+ $this->invalid_auth();
329
+ }
330
+
331
  $valid = $this->check_keys( $secret, $public, $token );
332
  if ( $valid ) {
333
  $this->is_valid_request = true;
languages/easy-digital-downloads.pot CHANGED
@@ -2,9 +2,9 @@
2
  # This file is distributed under the same license as the Easy Digital Downloads package.
3
  msgid ""
4
  msgstr ""
5
- "Project-Id-Version: Easy Digital Downloads 2.9.16\n"
6
  "Report-Msgid-Bugs-To: https://easydigitaldownloads.com/\n"
7
- "POT-Creation-Date: 2019-06-12 03:55:19+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
@@ -88,8 +88,8 @@ msgstr ""
88
  #: includes/admin/upgrades/upgrade-functions.php:901
89
  #: includes/admin/upgrades/upgrade-functions.php:1029
90
  #: includes/admin/upgrades/upgrade-functions.php:1114
91
- #: includes/api/class-edd-api.php:1969 includes/api/class-edd-api.php:1974
92
- #: includes/api/class-edd-api.php:1986 includes/api/class-edd-api.php:1988
93
  #: includes/cart/class-edd-cart.php:1424 includes/cart/class-edd-cart.php:1438
94
  #: includes/class-edd-license-handler.php:309
95
  #: includes/deprecated-functions.php:517 includes/deprecated-functions.php:532
@@ -554,7 +554,7 @@ msgstr ""
554
  #: includes/admin/import/import-functions.php:31
555
  #: includes/admin/import/import-functions.php:113
556
  #: includes/admin/reporting/export/export-actions.php:23
557
- #: includes/api/class-edd-api.php:1969
558
  #: includes/class-edd-license-handler.php:309
559
  msgid "Nonce verification failed"
560
  msgstr ""
@@ -5154,93 +5154,93 @@ msgstr ""
5154
  msgid "All Prices"
5155
  msgstr ""
5156
 
5157
- #: includes/api/class-edd-api-v2.php:166 includes/api/class-edd-api.php:1115
5158
- #: includes/api/class-edd-api.php:1298 includes/api/class-edd-api.php:1415
5159
  msgid "Product %s not found!"
5160
  msgstr ""
5161
 
5162
- #: includes/api/class-edd-api-v2.php:240 includes/api/class-edd-api.php:1220
5163
- #: includes/api/class-edd-api.php:1315
5164
  msgid "The end date must be later than the start date!"
5165
  msgstr ""
5166
 
5167
- #: includes/api/class-edd-api-v2.php:341 includes/api/class-edd-api.php:1057
5168
  msgid "Customer %s not found!"
5169
  msgstr ""
5170
 
5171
- #: includes/api/class-edd-api-v2.php:346 includes/api/class-edd-api.php:1062
5172
  msgid "No customers found!"
5173
  msgstr ""
5174
 
5175
- #: includes/api/class-edd-api.php:456
5176
  msgid "You must specify both a token and API key!"
5177
  msgstr ""
5178
 
5179
- #: includes/api/class-edd-api.php:473
5180
  msgid "Your request could not be authenticated!"
5181
  msgstr ""
5182
 
5183
- #: includes/api/class-edd-api.php:491
5184
  msgid "Invalid API key!"
5185
  msgstr ""
5186
 
5187
- #: includes/api/class-edd-api.php:507
5188
  msgid "Invalid API version!"
5189
  msgstr ""
5190
 
5191
- #: includes/api/class-edd-api.php:682
5192
  msgid "Invalid query!"
5193
  msgstr ""
5194
 
5195
- #: includes/api/class-edd-api.php:1225 includes/api/class-edd-api.php:1320
5196
  msgid "Invalid or no date range specified!"
5197
  msgstr ""
5198
 
5199
- #: includes/api/class-edd-api.php:1265 includes/api/class-edd-api.php:1384
5200
  msgid "There was an error retrieving earnings."
5201
  msgstr ""
5202
 
5203
- #: includes/api/class-edd-api.php:1559
5204
  msgid "No discounts found!"
5205
  msgstr ""
5206
 
5207
- #: includes/api/class-edd-api.php:1606
5208
  msgid "Discount %s not found!"
5209
  msgstr ""
5210
 
5211
- #: includes/api/class-edd-api.php:1678
5212
  msgid "No download logs found!"
5213
  msgstr ""
5214
 
5215
- #: includes/api/class-edd-api.php:1934 includes/user-functions.php:1072
5216
  msgid "Easy Digital Downloads API Keys"
5217
  msgstr ""
5218
 
5219
- #: includes/api/class-edd-api.php:1943 includes/user-functions.php:1077
5220
  msgid "Generate API Key"
5221
  msgstr ""
5222
 
5223
- #: includes/api/class-edd-api.php:1945 includes/user-functions.php:1079
5224
  msgid "Public key:"
5225
  msgstr ""
5226
 
5227
- #: includes/api/class-edd-api.php:1946 includes/user-functions.php:1080
5228
  msgid "Secret key:"
5229
  msgstr ""
5230
 
5231
- #: includes/api/class-edd-api.php:1947 includes/user-functions.php:1081
5232
  msgid "Token:"
5233
  msgstr ""
5234
 
5235
- #: includes/api/class-edd-api.php:1949 includes/user-functions.php:1083
5236
  msgid "Revoke API Keys"
5237
  msgstr ""
5238
 
5239
- #: includes/api/class-edd-api.php:1974
5240
  msgid "User ID Required"
5241
  msgstr ""
5242
 
5243
- #: includes/api/class-edd-api.php:1986 includes/api/class-edd-api.php:1988
5244
  msgid "You do not have permission to %s API keys for this user"
5245
  msgstr ""
5246
 
2
  # This file is distributed under the same license as the Easy Digital Downloads package.
3
  msgid ""
4
  msgstr ""
5
+ "Project-Id-Version: Easy Digital Downloads 2.9.17\n"
6
  "Report-Msgid-Bugs-To: https://easydigitaldownloads.com/\n"
7
+ "POT-Creation-Date: 2019-10-03 00:58:43+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
88
  #: includes/admin/upgrades/upgrade-functions.php:901
89
  #: includes/admin/upgrades/upgrade-functions.php:1029
90
  #: includes/admin/upgrades/upgrade-functions.php:1114
91
+ #: includes/api/class-edd-api.php:1974 includes/api/class-edd-api.php:1979
92
+ #: includes/api/class-edd-api.php:1991 includes/api/class-edd-api.php:1993
93
  #: includes/cart/class-edd-cart.php:1424 includes/cart/class-edd-cart.php:1438
94
  #: includes/class-edd-license-handler.php:309
95
  #: includes/deprecated-functions.php:517 includes/deprecated-functions.php:532
554
  #: includes/admin/import/import-functions.php:31
555
  #: includes/admin/import/import-functions.php:113
556
  #: includes/admin/reporting/export/export-actions.php:23
557
+ #: includes/api/class-edd-api.php:1974
558
  #: includes/class-edd-license-handler.php:309
559
  msgid "Nonce verification failed"
560
  msgstr ""
5154
  msgid "All Prices"
5155
  msgstr ""
5156
 
5157
+ #: includes/api/class-edd-api-v2.php:166 includes/api/class-edd-api.php:1120
5158
+ #: includes/api/class-edd-api.php:1303 includes/api/class-edd-api.php:1420
5159
  msgid "Product %s not found!"
5160
  msgstr ""
5161
 
5162
+ #: includes/api/class-edd-api-v2.php:240 includes/api/class-edd-api.php:1225
5163
+ #: includes/api/class-edd-api.php:1320
5164
  msgid "The end date must be later than the start date!"
5165
  msgstr ""
5166
 
5167
+ #: includes/api/class-edd-api-v2.php:341 includes/api/class-edd-api.php:1062
5168
  msgid "Customer %s not found!"
5169
  msgstr ""
5170
 
5171
+ #: includes/api/class-edd-api-v2.php:346 includes/api/class-edd-api.php:1067
5172
  msgid "No customers found!"
5173
  msgstr ""
5174
 
5175
+ #: includes/api/class-edd-api.php:461
5176
  msgid "You must specify both a token and API key!"
5177
  msgstr ""
5178
 
5179
+ #: includes/api/class-edd-api.php:478
5180
  msgid "Your request could not be authenticated!"
5181
  msgstr ""
5182
 
5183
+ #: includes/api/class-edd-api.php:496
5184
  msgid "Invalid API key!"
5185
  msgstr ""
5186
 
5187
+ #: includes/api/class-edd-api.php:512
5188
  msgid "Invalid API version!"
5189
  msgstr ""
5190
 
5191
+ #: includes/api/class-edd-api.php:687
5192
  msgid "Invalid query!"
5193
  msgstr ""
5194
 
5195
+ #: includes/api/class-edd-api.php:1230 includes/api/class-edd-api.php:1325
5196
  msgid "Invalid or no date range specified!"
5197
  msgstr ""
5198
 
5199
+ #: includes/api/class-edd-api.php:1270 includes/api/class-edd-api.php:1389
5200
  msgid "There was an error retrieving earnings."
5201
  msgstr ""
5202
 
5203
+ #: includes/api/class-edd-api.php:1564
5204
  msgid "No discounts found!"
5205
  msgstr ""
5206
 
5207
+ #: includes/api/class-edd-api.php:1611
5208
  msgid "Discount %s not found!"
5209
  msgstr ""
5210
 
5211
+ #: includes/api/class-edd-api.php:1683
5212
  msgid "No download logs found!"
5213
  msgstr ""
5214
 
5215
+ #: includes/api/class-edd-api.php:1939 includes/user-functions.php:1072
5216
  msgid "Easy Digital Downloads API Keys"
5217
  msgstr ""
5218
 
5219
+ #: includes/api/class-edd-api.php:1948 includes/user-functions.php:1077
5220
  msgid "Generate API Key"
5221
  msgstr ""
5222
 
5223
+ #: includes/api/class-edd-api.php:1950 includes/user-functions.php:1079
5224
  msgid "Public key:"
5225
  msgstr ""
5226
 
5227
+ #: includes/api/class-edd-api.php:1951 includes/user-functions.php:1080
5228
  msgid "Secret key:"
5229
  msgstr ""
5230
 
5231
+ #: includes/api/class-edd-api.php:1952 includes/user-functions.php:1081
5232
  msgid "Token:"
5233
  msgstr ""
5234
 
5235
+ #: includes/api/class-edd-api.php:1954 includes/user-functions.php:1083
5236
  msgid "Revoke API Keys"
5237
  msgstr ""
5238
 
5239
+ #: includes/api/class-edd-api.php:1979
5240
  msgid "User ID Required"
5241
  msgstr ""
5242
 
5243
+ #: includes/api/class-edd-api.php:1991 includes/api/class-edd-api.php:1993
5244
  msgid "You do not have permission to %s API keys for this user"
5245
  msgstr ""
5246
 
readme.txt CHANGED
@@ -5,8 +5,8 @@ Contributors: easydigitaldownloads, mordauk, sunnyratilal, chriscct7, section214
5
  Donate link: https://easydigitaldownloads.com/donate/
6
  Tags: ecommerce, e-commerce, sell, downloads, store, paypal, checkout, shop
7
  Requires at least: 4.4
8
- Tested up to: 5.2.1
9
- Stable Tag: 2.9.16
10
  License: GNU Version 2 or Any Later Version
11
 
12
  The easiest way to sell digital products with WordPress.
@@ -188,6 +188,8 @@ Yes. Easy Digital Downloads also includes default support for Amazon Payments an
188
  9. Checkout screen
189
 
190
  == Changelog ==
 
 
191
 
192
  = 2.9.16, June 11, 2019 =
193
  * Security Fix: Prevent a stored XSS (Cross Site Scripting) attempt on the IP addresses for logs.
5
  Donate link: https://easydigitaldownloads.com/donate/
6
  Tags: ecommerce, e-commerce, sell, downloads, store, paypal, checkout, shop
7
  Requires at least: 4.4
8
+ Tested up to: 5.2.3
9
+ Stable Tag: 2.9.17
10
  License: GNU Version 2 or Any Later Version
11
 
12
  The easiest way to sell digital products with WordPress.
188
  9. Checkout screen
189
 
190
  == Changelog ==
191
+ = 2.9.17, October 2, 2019 =
192
+ * Security Fix: Prevent an authentication bypass to the EDD REST API when no API keys exist.
193
 
194
  = 2.9.16, June 11, 2019 =
195
  * Security Fix: Prevent a stored XSS (Cross Site Scripting) attempt on the IP addresses for logs.