LiteSpeed Cache - Version 2.9.6

Version Description

Mar 27 2019 =
IAPI: Appended XMP to Preserve EXIF data setting. WebP will now honor this setting. (#902219)
Object Fixed SASL connection with LSMCD.
ESI: Converted ESI URI parameters to JSON; Added ESI validation.
Import: Import/Export will now use JSON format. Please re-export any backed up settings. Previous backup format is no longer recognized.
Media: WebP replacement will honor Role Excludes setting now. (@mfazio26)
Data: Forbid direct visit to const.default.ini.
Utility: Can handle WHM passed in LITESPEED_ERR constant now.
IAPI: Communicate via JSON encoding.
IAPI: IAPI v2.9.6.

Release Info

Developer	hailite
Plugin	LiteSpeed Cache
Version	2.9.6
Comparing to
See all releases

Code changes from version 2.9.5 to 2.9.6

Files changed (19) hide show

admin/tpl/setting/settings_media.php +1 -1
data/.htaccess +3 -0
inc/data.class.php +4 -4
inc/esi.class.php +39 -5
inc/img_optm.class.php +11 -24
inc/import.class.php +3 -3
inc/litespeed-cache.class.php +1 -1
inc/media.class.php +5 -0
inc/object.class.php +3 -0
inc/object.lib.php +1 -1
inc/optimize.class.php +1 -1
inc/utility.class.php +5 -1
includes/litespeed-cache-esi.class.php +39 -5
includes/litespeed-cache-optimize.class.php +1 -1
includes/litespeed-cache-utility.class.php +5 -1
includes/litespeed-cache.class.php +1 -1
languages/litespeed-cache.pot +27 -27
litespeed-cache.php +1 -1
readme.txt +12 -1

admin/tpl/setting/settings_media.php CHANGED Viewed

	@@ -221,7 +221,7 @@ $last_responsive_placeholder_generated = LiteSpeed_Cache_Media::get_summary() ;
221	</tr>
222
223	<tr>
224	- <th class="litespeed-padding-left"><?php echo __( 'Preserve EXIF data', 'litespeed-cache' ) ; ?></th>
225	<td>
226	<?php $this->build_switch( LiteSpeed_Cache_Config::OPT_MEDIA_OPTM_EXIF ) ; ?>
227	<div class="litespeed-desc">


221	</tr>
222
223	<tr>
224	+ <th class="litespeed-padding-left"><?php echo __( 'Preserve EXIF/XMP data', 'litespeed-cache' ) ; ?></th>
225	<td>
226	<?php $this->build_switch( LiteSpeed_Cache_Config::OPT_MEDIA_OPTM_EXIF ) ; ?>
227	<div class="litespeed-desc">

data/.htaccess ADDED Viewed

	@@ -0,0 +1,3 @@


1	+ Order Deny,Allow
2	+
3	+ Deny from All

inc/data.class.php CHANGED Viewed

	@@ -176,7 +176,7 @@ class LiteSpeed_Cache_Data
176	if ( $meta_value_list ) {
177	$max_k = count( $meta_value_list ) - 1 ;
178	foreach ( $meta_value_list as $k => $v ) {
179	- $md52src_list = ~~unserialize~~( $v->meta_value ) ;
180	foreach ( $md52src_list as $md5 => $v2 ) {
181	$f = array(
182	'post_id' => $v->post_id,
	@@ -273,7 +273,7 @@ class LiteSpeed_Cache_Data
273	foreach ( $hashes as $k => $v ) {
274	$f = array(
275	'hash_name' => $k,
276	- 'src' => ~~serialize~~( $v ),
277	'dateline' => time(),
278	'refer' => '',
279	) ;
	@@ -302,7 +302,7 @@ class LiteSpeed_Cache_Data
302	{
303	global $wpdb ;
304
305	- $src = ~~serialize~~( $src ) ;
306	$f = array(
307	'hash_name' => $filename,
308	'src' => $src,
	@@ -335,7 +335,7 @@ class LiteSpeed_Cache_Data
335
336	LiteSpeed_Cache_Log::debug2( '[Data] Loaded hash2src ' . $res ) ;
337
338	- $res = ~~unserialize~~( $res ) ;
339
340	return $res ;
341	}


176	if ( $meta_value_list ) {
177	$max_k = count( $meta_value_list ) - 1 ;
178	foreach ( $meta_value_list as $k => $v ) {
179	+ $md52src_list = maybe_unserialize( $v->meta_value ) ;
180	foreach ( $md52src_list as $md5 => $v2 ) {
181	$f = array(
182	'post_id' => $v->post_id,

273	foreach ( $hashes as $k => $v ) {
274	$f = array(
275	'hash_name' => $k,
276	+ 'src' => json_encode( $v ),
277	'dateline' => time(),
278	'refer' => '',
279	) ;

302	{
303	global $wpdb ;
304
305	+ $src = json_encode( $src ) ;
306	$f = array(
307	'hash_name' => $filename,
308	'src' => $src,

335
336	LiteSpeed_Cache_Log::debug2( '[Data] Loaded hash2src ' . $res ) ;
337
338	+ $res = json_decode( $res, true ) ;
339
340	return $res ;
341	}

inc/esi.class.php CHANGED Viewed

	@@ -345,9 +345,12 @@ class LiteSpeed_Cache_ESI
345	$appended_params[ '_control' ] = $control ;
346	}
347	if ( $params ) {
348	- $appended_params[ self::QS_PARAMS ] = base64_encode( ~~serialize~~( $params ) ) ;
349	}
350



351	/**
352	* Escape potential chars
353	* @since 2.9.4
	@@ -388,6 +391,31 @@ class LiteSpeed_Cache_ESI
388	return $output ;
389	}
390

























391	/**
392	* Parses the request parameters on an ESI request
393	*
	@@ -407,10 +435,7 @@ class LiteSpeed_Cache_ESI
407
408	LiteSpeed_Cache_Log::debug2( '[ESI] parms', $unencrypted ) ;
409	// $unencoded = urldecode($unencrypted) ; no need to do this as $_GET is already parsed
410	- $params = ~~unserialize~~( $unencrypted ) ;
411	- if ( $params === false ) {
412	- return false ;
413	- }
414
415	return $params ;
416	}
	@@ -423,6 +448,15 @@ class LiteSpeed_Cache_ESI
423	*/
424	public function load_esi_block()
425	{









426	$params = $this->_parse_esi_param() ;
427
428	if ( defined( 'LSCWP_LOG' ) ) {


345	$appended_params[ '_control' ] = $control ;
346	}
347	if ( $params ) {
348	+ $appended_params[ self::QS_PARAMS ] = base64_encode( json_encode( $params ) ) ;
349	}
350
351	+ // Append hash
352	+ $appended_params[ '_hash' ] = self::_gen_esi_md5( $appended_params ) ;
353	+
354	/**
355	* Escape potential chars
356	* @since 2.9.4

391	return $output ;
392	}
393
394	+ /**
395	+ * Generate ESI hash md5
396	+ *
397	+ * @since 2.9.6
398	+ * @access private
399	+ */
400	+ private static function _gen_esi_md5( $params )
401	+ {
402	+ $keys = array(
403	+ self::QS_ACTION,
404	+ '_control',
405	+ self::QS_PARAMS,
406	+ ) ;
407	+
408	+ $str = '' ;
409	+ foreach ( $keys as $v ) {
410	+ if ( isset( $params[ $v ] ) && is_string( $params[ $v ] ) ) {
411	+ $str .= $params[ $v ] ;
412	+ }
413	+ }
414	+ LiteSpeed_Cache_Log::debug2( '[ESI] md5_string=' . $str ) ;
415	+
416	+ return md5( LiteSpeed_Cache::config( LiteSpeed_Cache_Config::HASH ) . $str ) ;
417	+ }
418	+
419	/**
420	* Parses the request parameters on an ESI request
421	*

435
436	LiteSpeed_Cache_Log::debug2( '[ESI] parms', $unencrypted ) ;
437	// $unencoded = urldecode($unencrypted) ; no need to do this as $_GET is already parsed
438	+ $params = json_decode( $unencrypted, true ) ;



439
440	return $params ;
441	}

448	*/
449	public function load_esi_block()
450	{
451	+ /**
452	+ * Validate if is a legal ESI req
453	+ * @since 2.9.6
454	+ */
455	+ if ( empty( $_GET[ '_hash' ] ) \|\| self::_gen_esi_md5( $_GET ) != $_GET[ '_hash' ] ) {
456	+ LiteSpeed_Cache_Log::debug( '[ESI] ❌ Failed to validate _hash' ) ;
457	+ return ;
458	+ }
459	+
460	$params = $this->_parse_esi_param() ;
461
462	if ( defined( 'LSCWP_LOG' ) ) {

inc/img_optm.class.php CHANGED Viewed

	@@ -751,7 +751,7 @@ class LiteSpeed_Cache_Img_Optm
751	) ;
752	// Init optm_info for the first one
753	if ( ! empty( $v->b_meta_id ) ) {
754	- foreach ( ~~unserialize~~( $v->b_optm_info ) as $k2 => $v2 ) {
755	$postmeta_info[ $v->post_id ][ 'meta_info' ][ $k2 ] += $v2 ;
756	}
757	}
	@@ -786,7 +786,7 @@ class LiteSpeed_Cache_Img_Optm
786
787	// Update status and data
788	$q = "UPDATE $this->_table_img_optm SET optm_status = %s, target_saved = %d, webp_saved = %d, server_info = %s WHERE id = %d " ;
789	- $wpdb->query( $wpdb->prepare( $q, array( $status, $target_saved, $webp_saved, ~~serialize~~( $server_info ), $v->id ) ) ) ;
790
791	// Update child images ( same md5 files )
792	$q = "UPDATE $this->_table_img_optm SET optm_status = %s, target_saved = %d, webp_saved = %d WHERE root_id = %d " ;
	@@ -900,7 +900,7 @@ class LiteSpeed_Cache_Img_Optm
900	*/
901	private function _parse_notify_data()
902	{
903	- $notified_data = ~~unserialize~~( base64_decode( $_POST[ 'data' ] ) ) ;
904	if ( empty( $notified_data ) \|\| ! is_array( $notified_data ) ) {
905	LiteSpeed_Cache_Log::debug( '[Img_Optm] ❌ notify exit: no notified data' ) ;
906	exit( json_encode( 'no notified data' ) ) ;
	@@ -1013,20 +1013,13 @@ class LiteSpeed_Cache_Img_Optm
1013	* This is only for v2.4.2- data
1014	* @see https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:cache:lscwp:image-optimization:2-4-2-upgrade
1015	*/
1016	- ~~try{~~
1017	- if ( ! $~~row_img->~~server_info ) {
1018	- ~~throw new Exception~~( 'No ~~server~~ ~~info~~ in ~~this notification~~' ) ;
1019	- }
1020	-
1021	- $server_info = unserialize( $row_img->server_info ) ;
1022	- $server = $server_info[ 'server' ] ;
1023	-
1024	- } catch( \Exception $ex ) {
1025	- LiteSpeed_Cache_Log::debug( '[Img_Optm] Failed to unserialize server_info.' ) ;
1026
1027	$msg = sprintf(
1028	__( 'LSCWP %1$s has simplified the image pulling process. Please %2$s, or resend the pull notification this one time only. After that, the process will be automated.', 'litespeed-cache' ),
1029	- 'v2.4.2',
1030	LiteSpeed_Cache_GUI::img_optm_clean_up_unfinished()
1031	) ;
1032
	@@ -1036,6 +1029,7 @@ class LiteSpeed_Cache_Img_Optm
1036
1037	return ;
1038	}

1039
1040	$local_file = $this->wp_upload_dir[ 'basedir' ] . '/' . $row_img->src ;
1041
	@@ -1269,15 +1263,8 @@ class LiteSpeed_Cache_Img_Optm
1269	return false ;
1270	}
1271
1272	- if ( ~~function_exists~~( ~~'is_serialized' ) && ! is_serialized(~~ $v->meta_value ) ~~) {~~
1273	- ~~LiteSpeed_Cache_Log::debug~~( ~~'[Img_Optm]~~ ~~bypassed~~ ~~parsing meta due to wrong~~ meta_value: ~~pid~~ ~~' . $v->post_id~~ ) ;
1274	- return false ;
1275	- }
1276	-
1277	- try {
1278	- $meta_value = @unserialize( $v->meta_value ) ;
1279	- }
1280	- catch ( \Exception $e ) {
1281	LiteSpeed_Cache_Log::debug( '[Img_Optm] bypassed parsing meta due to meta_value not json: pid ' . $v->post_id ) ;
1282	return false ;
1283	}
	@@ -1487,7 +1474,7 @@ class LiteSpeed_Cache_Img_Optm
1487	$this->tmp_path = pathinfo( $meta_value[ 'file' ], PATHINFO_DIRNAME ) . '/' ;
1488
1489	// ls optimized meta
1490	- $optm_meta = $optm_data_list[ $v->post_id ] = ~~unserialize~~( $v->cmeta_value ) ;
1491	$optm_list = array() ;
1492	foreach ( $optm_meta as $md5 => $optm_row ) {
1493	$optm_list[] = $optm_row[ 0 ] ;


751	) ;
752	// Init optm_info for the first one
753	if ( ! empty( $v->b_meta_id ) ) {
754	+ foreach ( maybe_unserialize( $v->b_optm_info ) as $k2 => $v2 ) {
755	$postmeta_info[ $v->post_id ][ 'meta_info' ][ $k2 ] += $v2 ;
756	}
757	}

786
787	// Update status and data
788	$q = "UPDATE $this->_table_img_optm SET optm_status = %s, target_saved = %d, webp_saved = %d, server_info = %s WHERE id = %d " ;
789	+ $wpdb->query( $wpdb->prepare( $q, array( $status, $target_saved, $webp_saved, json_encode( $server_info ), $v->id ) ) ) ;
790
791	// Update child images ( same md5 files )
792	$q = "UPDATE $this->_table_img_optm SET optm_status = %s, target_saved = %d, webp_saved = %d WHERE root_id = %d " ;

900	*/
901	private function _parse_notify_data()
902	{
903	+ $notified_data = json_decode( base64_decode( $_POST[ 'data' ] ), true ) ;
904	if ( empty( $notified_data ) \|\| ! is_array( $notified_data ) ) {
905	LiteSpeed_Cache_Log::debug( '[Img_Optm] ❌ notify exit: no notified data' ) ;
906	exit( json_encode( 'no notified data' ) ) ;

1013	* This is only for v2.4.2- data
1014	* @see https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:cache:lscwp:image-optimization:2-4-2-upgrade
1015	*/
1016	+ $server_info = json_decode( $row_img->server_info, true ) ;
1017	+ if ( empty( $server_info[ 'server' ] ) ) {
1018	+ LiteSpeed_Cache_Log::debug( '[Img_Optm] Failed to decode server_info.' ) ;







1019
1020	$msg = sprintf(
1021	__( 'LSCWP %1$s has simplified the image pulling process. Please %2$s, or resend the pull notification this one time only. After that, the process will be automated.', 'litespeed-cache' ),
1022	+ 'v2.9.6',
1023	LiteSpeed_Cache_GUI::img_optm_clean_up_unfinished()
1024	) ;
1025

1029
1030	return ;
1031	}
1032	+ $server = $server_info[ 'server' ] ;
1033
1034	$local_file = $this->wp_upload_dir[ 'basedir' ] . '/' . $row_img->src ;
1035

1263	return false ;
1264	}
1265
1266	+ $meta_value = @maybe_unserialize( $v->meta_value ) ;
1267	+ if ( ! is_array( $meta_value ) ) {







1268	LiteSpeed_Cache_Log::debug( '[Img_Optm] bypassed parsing meta due to meta_value not json: pid ' . $v->post_id ) ;
1269	return false ;
1270	}

1474	$this->tmp_path = pathinfo( $meta_value[ 'file' ], PATHINFO_DIRNAME ) . '/' ;
1475
1476	// ls optimized meta
1477	+ $optm_meta = $optm_data_list[ $v->post_id ] = maybe_unserialize( $v->cmeta_value ) ;
1478	$optm_list = array() ;
1479	foreach ( $optm_meta as $md5 => $optm_row ) {
1480	$optm_list[] = $optm_row[ 0 ] ;

inc/import.class.php CHANGED Viewed

	@@ -97,7 +97,7 @@ class LiteSpeed_Cache_Import
97	$data[ $v ] = get_option( $v ) ;// Here doesn't need the default_item value so no need to call `LiteSpeed_Cache_Config::get_instance()->get_item()`
98	}
99
100	- $data = base64_encode( ~~serialize~~( $data ) ) ;
101
102	if ( $only_data_return ) {
103	return $data ;
	@@ -168,8 +168,8 @@ class LiteSpeed_Cache_Import
168	}
169
170	try {
171	- $data = ~~unserialize~~( base64_decode( $data ) ) ;
172	- } catch ( Exception $ex ) {
173	LiteSpeed_Cache_Log::debug( 'Import: Failed to parse serialized data' ) ;
174	return false ;
175	}


97	$data[ $v ] = get_option( $v ) ;// Here doesn't need the default_item value so no need to call `LiteSpeed_Cache_Config::get_instance()->get_item()`
98	}
99
100	+ $data = base64_encode( json_encode( $data ) ) ;
101
102	if ( $only_data_return ) {
103	return $data ;

168	}
169
170	try {
171	+ $data = json_decode( base64_decode( $data ), true ) ;
172	+ } catch ( \Exception $ex ) {
173	LiteSpeed_Cache_Log::debug( 'Import: Failed to parse serialized data' ) ;
174	return false ;
175	}

inc/litespeed-cache.class.php CHANGED Viewed

	@@ -26,7 +26,7 @@ class LiteSpeed_Cache
26	const NAME = 'LiteSpeed Cache' ;
27	const PLUGIN_NAME = 'litespeed-cache' ;
28	const PLUGIN_FILE = 'litespeed-cache/litespeed-cache.php' ;
29	- const PLUGIN_VERSION = '2.9.5' ;
30
31	const PAGE_EDIT_HTACCESS = 'lscache-edit-htaccess' ;
32


26	const NAME = 'LiteSpeed Cache' ;
27	const PLUGIN_NAME = 'litespeed-cache' ;
28	const PLUGIN_FILE = 'litespeed-cache/litespeed-cache.php' ;
29	+ const PLUGIN_VERSION = '2.9.6' ;
30
31	const PAGE_EDIT_HTACCESS = 'lscache-edit-htaccess' ;
32

inc/media.class.php CHANGED Viewed

	@@ -93,6 +93,11 @@ class LiteSpeed_Cache_Media
93	return false ;
94	}
95





96	return true ;
97	}
98


93	return false ;
94	}
95
96	+ if ( $result = LiteSpeed_Cache_Config::get_instance()->in_exclude_optimization_roles() ) {
97	+ LiteSpeed_Cache_Log::debug( '[Media] ⛑️ bypass: hit Role Excludes setting: ' . $result ) ;
98	+ return false ;
99	+ }
100	+
101	return true ;
102	}
103

inc/object.class.php CHANGED Viewed

	@@ -342,9 +342,12 @@ class LiteSpeed_Cache_Object
342	/**
343	* Add SASL auth
344	* @since 1.8.1

345	*/
346	if ( $this->_cfg_user && $this->_cfg_pswd && method_exists( $this->_conn, 'setSaslAuthData' ) && ini_get( 'memcached.use_sasl' ) ) {
347	$this->_conn->setSaslAuthData( $this->_cfg_user, $this->_cfg_pswd ) ;


348	}
349
350	// Check connection


342	/**
343	* Add SASL auth
344	* @since 1.8.1
345	+ * @since 2.9.6 Fixed SASL connection @see https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:lsmcd:new_sasl
346	*/
347	if ( $this->_cfg_user && $this->_cfg_pswd && method_exists( $this->_conn, 'setSaslAuthData' ) && ini_get( 'memcached.use_sasl' ) ) {
348	$this->_conn->setSaslAuthData( $this->_cfg_user, $this->_cfg_pswd ) ;
349	+ $this->_conn->setOption( Memcached::OPT_BINARY_PROTOCOL, true ) ;
350	+ $this->_conn->setOption( Memcached::OPT_COMPRESSION, false ) ;
351	}
352
353	// Check connection

inc/object.lib.php CHANGED Viewed

	@@ -250,7 +250,7 @@ class WP_Object_Cache
250	$v = $this->_object_cache->get( $final_key ) ;
251
252	if ( $v !== null ) {
253	- $v = @~~unserialize~~( $v ) ;
254	}
255
256	// To be compatible with false val


250	$v = $this->_object_cache->get( $final_key ) ;
251
252	if ( $v !== null ) {
253	+ $v = @maybe_unserialize( $v ) ;
254	}
255
256	// To be compatible with false val

inc/optimize.class.php CHANGED Viewed

	@@ -889,7 +889,7 @@ class LiteSpeed_Cache_Optimize
889
890	$purge_timestamp = get_option( LiteSpeed_Cache_Config::ITEM_TIMESTAMP_PURGE_CSS ) ?: '' ;
891
892	- $hash = md5( ~~serialize~~( $src ) . $purge_timestamp ) ;
893
894	$short = substr( $hash, -5 ) ;
895


889
890	$purge_timestamp = get_option( LiteSpeed_Cache_Config::ITEM_TIMESTAMP_PURGE_CSS ) ?: '' ;
891
892	+ $hash = md5( json_encode( $src ) . $purge_timestamp ) ;
893
894	$short = substr( $hash, -5 ) ;
895

inc/utility.class.php CHANGED Viewed

	@@ -64,6 +64,10 @@ class LiteSpeed_Cache_Utility
64	// Check latest stable version allowed to upgrade
65	$url = 'https://wp.api.litespeedtech.com/auto_upgrade_v?v=' . LiteSpeed_Cache::PLUGIN_VERSION . '&src=' . $src ;
66




67	$response = wp_remote_get( $url, array( 'timeout' => 15 ) ) ;
68	if ( ! is_array( $response ) \|\| empty( $response[ 'body' ] ) ) {
69	return false ;
	@@ -254,7 +258,7 @@ class LiteSpeed_Cache_Utility
254	return $arr ;
255	}
256
257	- return base64_encode( ~~serialize~~( $arr ) ) ;
258	}
259
260	/**


64	// Check latest stable version allowed to upgrade
65	$url = 'https://wp.api.litespeedtech.com/auto_upgrade_v?v=' . LiteSpeed_Cache::PLUGIN_VERSION . '&src=' . $src ;
66
67	+ if ( defined( 'LITESPEED_ERR' ) ) {
68	+ $url .= '&err=' . base64_encode( ! is_string( LITESPEED_ERR ) ? json_encode( LITESPEED_ERR ) : LITESPEED_ERR ) ;
69	+ }
70	+
71	$response = wp_remote_get( $url, array( 'timeout' => 15 ) ) ;
72	if ( ! is_array( $response ) \|\| empty( $response[ 'body' ] ) ) {
73	return false ;

258	return $arr ;
259	}
260
261	+ return base64_encode( json_encode( $arr ) ) ;
262	}
263
264	/**

includes/litespeed-cache-esi.class.php CHANGED Viewed

	@@ -345,9 +345,12 @@ class LiteSpeed_Cache_ESI
345	$appended_params[ '_control' ] = $control ;
346	}
347	if ( $params ) {
348	- $appended_params[ self::QS_PARAMS ] = base64_encode( ~~serialize~~( $params ) ) ;
349	}
350



351	/**
352	* Escape potential chars
353	* @since 2.9.4
	@@ -388,6 +391,31 @@ class LiteSpeed_Cache_ESI
388	return $output ;
389	}
390

























391	/**
392	* Parses the request parameters on an ESI request
393	*
	@@ -407,10 +435,7 @@ class LiteSpeed_Cache_ESI
407
408	LiteSpeed_Cache_Log::debug2( '[ESI] parms', $unencrypted ) ;
409	// $unencoded = urldecode($unencrypted) ; no need to do this as $_GET is already parsed
410	- $params = ~~unserialize~~( $unencrypted ) ;
411	- if ( $params === false ) {
412	- return false ;
413	- }
414
415	return $params ;
416	}
	@@ -423,6 +448,15 @@ class LiteSpeed_Cache_ESI
423	*/
424	public function load_esi_block()
425	{









426	$params = $this->_parse_esi_param() ;
427
428	if ( defined( 'LSCWP_LOG' ) ) {


345	$appended_params[ '_control' ] = $control ;
346	}
347	if ( $params ) {
348	+ $appended_params[ self::QS_PARAMS ] = base64_encode( json_encode( $params ) ) ;
349	}
350
351	+ // Append hash
352	+ $appended_params[ '_hash' ] = self::_gen_esi_md5( $appended_params ) ;
353	+
354	/**
355	* Escape potential chars
356	* @since 2.9.4

391	return $output ;
392	}
393
394	+ /**
395	+ * Generate ESI hash md5
396	+ *
397	+ * @since 2.9.6
398	+ * @access private
399	+ */
400	+ private static function _gen_esi_md5( $params )
401	+ {
402	+ $keys = array(
403	+ self::QS_ACTION,
404	+ '_control',
405	+ self::QS_PARAMS,
406	+ ) ;
407	+
408	+ $str = '' ;
409	+ foreach ( $keys as $v ) {
410	+ if ( isset( $params[ $v ] ) && is_string( $params[ $v ] ) ) {
411	+ $str .= $params[ $v ] ;
412	+ }
413	+ }
414	+ LiteSpeed_Cache_Log::debug2( '[ESI] md5_string=' . $str ) ;
415	+
416	+ return md5( LiteSpeed_Cache::config( LiteSpeed_Cache_Config::HASH ) . $str ) ;
417	+ }
418	+
419	/**
420	* Parses the request parameters on an ESI request
421	*

435
436	LiteSpeed_Cache_Log::debug2( '[ESI] parms', $unencrypted ) ;
437	// $unencoded = urldecode($unencrypted) ; no need to do this as $_GET is already parsed
438	+ $params = json_decode( $unencrypted, true ) ;



439
440	return $params ;
441	}

448	*/
449	public function load_esi_block()
450	{
451	+ /**
452	+ * Validate if is a legal ESI req
453	+ * @since 2.9.6
454	+ */
455	+ if ( empty( $_GET[ '_hash' ] ) \|\| self::_gen_esi_md5( $_GET ) != $_GET[ '_hash' ] ) {
456	+ LiteSpeed_Cache_Log::debug( '[ESI] ❌ Failed to validate _hash' ) ;
457	+ return ;
458	+ }
459	+
460	$params = $this->_parse_esi_param() ;
461
462	if ( defined( 'LSCWP_LOG' ) ) {

includes/litespeed-cache-optimize.class.php CHANGED Viewed

	@@ -889,7 +889,7 @@ class LiteSpeed_Cache_Optimize
889
890	$purge_timestamp = get_option( LiteSpeed_Cache_Config::ITEM_TIMESTAMP_PURGE_CSS ) ?: '' ;
891
892	- $hash = md5( ~~serialize~~( $src ) . $purge_timestamp ) ;
893
894	$short = substr( $hash, -5 ) ;
895


889
890	$purge_timestamp = get_option( LiteSpeed_Cache_Config::ITEM_TIMESTAMP_PURGE_CSS ) ?: '' ;
891
892	+ $hash = md5( json_encode( $src ) . $purge_timestamp ) ;
893
894	$short = substr( $hash, -5 ) ;
895

includes/litespeed-cache-utility.class.php CHANGED Viewed

	@@ -64,6 +64,10 @@ class LiteSpeed_Cache_Utility
64	// Check latest stable version allowed to upgrade
65	$url = 'https://wp.api.litespeedtech.com/auto_upgrade_v?v=' . LiteSpeed_Cache::PLUGIN_VERSION . '&src=' . $src ;
66




67	$response = wp_remote_get( $url, array( 'timeout' => 15 ) ) ;
68	if ( ! is_array( $response ) \|\| empty( $response[ 'body' ] ) ) {
69	return false ;
	@@ -254,7 +258,7 @@ class LiteSpeed_Cache_Utility
254	return $arr ;
255	}
256
257	- return base64_encode( ~~serialize~~( $arr ) ) ;
258	}
259
260	/**


64	// Check latest stable version allowed to upgrade
65	$url = 'https://wp.api.litespeedtech.com/auto_upgrade_v?v=' . LiteSpeed_Cache::PLUGIN_VERSION . '&src=' . $src ;
66
67	+ if ( defined( 'LITESPEED_ERR' ) ) {
68	+ $url .= '&err=' . base64_encode( ! is_string( LITESPEED_ERR ) ? json_encode( LITESPEED_ERR ) : LITESPEED_ERR ) ;
69	+ }
70	+
71	$response = wp_remote_get( $url, array( 'timeout' => 15 ) ) ;
72	if ( ! is_array( $response ) \|\| empty( $response[ 'body' ] ) ) {
73	return false ;

258	return $arr ;
259	}
260
261	+ return base64_encode( json_encode( $arr ) ) ;
262	}
263
264	/**

includes/litespeed-cache.class.php CHANGED Viewed

	@@ -26,7 +26,7 @@ class LiteSpeed_Cache
26	const NAME = 'LiteSpeed Cache' ;
27	const PLUGIN_NAME = 'litespeed-cache' ;
28	const PLUGIN_FILE = 'litespeed-cache/litespeed-cache.php' ;
29	- const PLUGIN_VERSION = '2.9.5' ;
30
31	const PAGE_EDIT_HTACCESS = 'lscache-edit-htaccess' ;
32


26	const NAME = 'LiteSpeed Cache' ;
27	const PLUGIN_NAME = 'litespeed-cache' ;
28	const PLUGIN_FILE = 'litespeed-cache/litespeed-cache.php' ;
29	+ const PLUGIN_VERSION = '2.9.6' ;
30
31	const PAGE_EDIT_HTACCESS = 'lscache-edit-htaccess' ;
32

languages/litespeed-cache.pot CHANGED Viewed

	@@ -2,9 +2,9 @@
2	# This file is distributed under the same license as the LiteSpeed Cache package.
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: LiteSpeed Cache 2.9.5\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/litespeed-cache\n"
7	- "POT-Creation-Date: 2019-03-14 17:35:45+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=UTF-8\n"
10	"Content-Transfer-Encoding: 8bit\n"
	@@ -848,7 +848,7 @@ msgstr ""
848	msgid "Are you sure to reset all settings to default settings?"
849	msgstr ""
850
851	- #: admin/tpl/import_export.php:61 inc/media.class.php:~~241~~
852	msgid "Reset"
853	msgstr ""
854
	@@ -860,7 +860,7 @@ msgstr ""
860	msgid "Rate %s on %s"
861	msgstr ""
862
863	- #. #-#-#-#-# litespeed-cache.pot (LiteSpeed Cache 2.9.5) #-#-#-#-#
864	#. Plugin Name of the plugin/theme
865	#: admin/tpl/inc/admin_footer.php:6
866	#: admin/tpl/inc/banner_promo.new_version.php:56 inc/gui.class.php:477
	@@ -3402,7 +3402,7 @@ msgid ""
3402	msgstr ""
3403
3404	#: admin/tpl/setting/settings_media.php:224
3405	- msgid "Preserve EXIF data"
3406	msgstr ""
3407
3408	#: admin/tpl/setting/settings_media.php:228
	@@ -4153,8 +4153,8 @@ msgstr ""
4153	msgid "Communicated with LiteSpeed Image Optimization Server successfully."
4154	msgstr ""
4155
4156	- #: inc/img_optm.class.php:167 inc/img_optm.class.php:~~1464~~
4157	- #: inc/img_optm.class.php:~~1529~~
4158	msgid "No image found."
4159	msgstr ""
4160
	@@ -4178,48 +4178,48 @@ msgstr ""
4178	msgid "Failed to parse data from LiteSpeed IAPI server: %s"
4179	msgstr ""
4180
4181	- #: inc/img_optm.class.php:~~1028~~
4182	msgid ""
4183	"LSCWP %1$s has simplified the image pulling process. Please %2$s, or resend "
4184	"the pull notification this one time only. After that, the process will be "
4185	"automated."
4186	msgstr ""
4187
4188	- #: inc/img_optm.class.php:~~1353~~
4189	msgid "Destroy unfinished data successfully."
4190	msgstr ""
4191
4192	- #: inc/img_optm.class.php:~~1567~~
4193	msgid ""
4194	"Pushed %1$s groups with %2$s images to LiteSpeed optimization server, "
4195	"accepted %3$s groups with %4$s images."
4196	msgstr ""
4197
4198	- #: inc/img_optm.class.php:~~1743~~
4199	msgid "Removed %1$s images and saved %2$s successfully."
4200	msgstr ""
4201
4202	- #: inc/img_optm.class.php:~~1938~~
4203	msgid "Switched images successfully."
4204	msgstr ""
4205
4206	- #: inc/img_optm.class.php:~~1969~~
4207	msgid "Disabled WebP file successfully."
4208	msgstr ""
4209
4210	- #: inc/img_optm.class.php:~~1975~~
4211	msgid "Enabled WebP file successfully."
4212	msgstr ""
4213
4214	- #: inc/img_optm.class.php:~~1991~~
4215	msgid "Restored original file successfully."
4216	msgstr ""
4217
4218	- #: inc/img_optm.class.php:~~1998~~
4219	msgid "Switched to optimized file successfully."
4220	msgstr ""
4221
4222	- #: inc/img_optm.class.php:~~2058~~
4223	msgid "Reset the optimized data successfully."
4224	msgstr ""
4225
	@@ -4247,31 +4247,31 @@ msgstr ""
4247	msgid "Notified LiteSpeed Web Server to purge the list."
4248	msgstr ""
4249
4250	- #: inc/media.class.php:~~147~~
4251	msgid "LiteSpeed Optimization"
4252	msgstr ""
4253
4254	- #: inc/media.class.php:~~173~~
4255	msgid "WebP saved %s"
4256	msgstr ""
4257
4258	- #: inc/media.class.php:~~180~~
4259	msgid "Click to Disable WebP"
4260	msgstr ""
4261
4262	- #: inc/media.class.php:~~185~~
4263	msgid "Click to Enable WebP"
4264	msgstr ""
4265
4266	- #: inc/media.class.php:~~206~~
4267	msgid "Original saved %s"
4268	msgstr ""
4269
4270	- #: inc/media.class.php:~~217~~
4271	msgid "Click to Restore Original File"
4272	msgstr ""
4273
4274	- #: inc/media.class.php:~~222~~
4275	msgid "Click to Switch To Optimized File"
4276	msgstr ""
4277
	@@ -4347,15 +4347,15 @@ msgstr ""
4347	msgid "LiteSpeed Cache Custom Cron Crawler"
4348	msgstr ""
4349
4350	- #: inc/utility.class.php:~~235~~ includes/litespeed-cache-utility.class.php:~~235~~
4351	msgid "just now"
4352	msgstr ""
4353
4354	- #: inc/utility.class.php:~~235~~ includes/litespeed-cache-utility.class.php:~~235~~
4355	msgid "right now"
4356	msgstr ""
4357
4358	- #: inc/utility.class.php:~~238~~ includes/litespeed-cache-utility.class.php:~~238~~
4359	msgid " %s ago"
4360	msgstr ""
4361


2	# This file is distributed under the same license as the LiteSpeed Cache package.
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: LiteSpeed Cache 2.9.6\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/litespeed-cache\n"
7	+ "POT-Creation-Date: 2019-03-27 17:42:04+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=UTF-8\n"
10	"Content-Transfer-Encoding: 8bit\n"

848	msgid "Are you sure to reset all settings to default settings?"
849	msgstr ""
850
851	+ #: admin/tpl/import_export.php:61 inc/media.class.php:246
852	msgid "Reset"
853	msgstr ""
854

860	msgid "Rate %s on %s"
861	msgstr ""
862
863	+ #. #-#-#-#-# litespeed-cache.pot (LiteSpeed Cache 2.9.6) #-#-#-#-#
864	#. Plugin Name of the plugin/theme
865	#: admin/tpl/inc/admin_footer.php:6
866	#: admin/tpl/inc/banner_promo.new_version.php:56 inc/gui.class.php:477

3402	msgstr ""
3403
3404	#: admin/tpl/setting/settings_media.php:224
3405	+ msgid "Preserve EXIF/XMP data"
3406	msgstr ""
3407
3408	#: admin/tpl/setting/settings_media.php:228

4153	msgid "Communicated with LiteSpeed Image Optimization Server successfully."
4154	msgstr ""
4155
4156	+ #: inc/img_optm.class.php:167 inc/img_optm.class.php:1451
4157	+ #: inc/img_optm.class.php:1516
4158	msgid "No image found."
4159	msgstr ""
4160

4178	msgid "Failed to parse data from LiteSpeed IAPI server: %s"
4179	msgstr ""
4180
4181	+ #: inc/img_optm.class.php:1021
4182	msgid ""
4183	"LSCWP %1$s has simplified the image pulling process. Please %2$s, or resend "
4184	"the pull notification this one time only. After that, the process will be "
4185	"automated."
4186	msgstr ""
4187
4188	+ #: inc/img_optm.class.php:1340
4189	msgid "Destroy unfinished data successfully."
4190	msgstr ""
4191
4192	+ #: inc/img_optm.class.php:1554
4193	msgid ""
4194	"Pushed %1$s groups with %2$s images to LiteSpeed optimization server, "
4195	"accepted %3$s groups with %4$s images."
4196	msgstr ""
4197
4198	+ #: inc/img_optm.class.php:1730
4199	msgid "Removed %1$s images and saved %2$s successfully."
4200	msgstr ""
4201
4202	+ #: inc/img_optm.class.php:1925
4203	msgid "Switched images successfully."
4204	msgstr ""
4205
4206	+ #: inc/img_optm.class.php:1956
4207	msgid "Disabled WebP file successfully."
4208	msgstr ""
4209
4210	+ #: inc/img_optm.class.php:1962
4211	msgid "Enabled WebP file successfully."
4212	msgstr ""
4213
4214	+ #: inc/img_optm.class.php:1978
4215	msgid "Restored original file successfully."
4216	msgstr ""
4217
4218	+ #: inc/img_optm.class.php:1985
4219	msgid "Switched to optimized file successfully."
4220	msgstr ""
4221
4222	+ #: inc/img_optm.class.php:2045
4223	msgid "Reset the optimized data successfully."
4224	msgstr ""
4225

4247	msgid "Notified LiteSpeed Web Server to purge the list."
4248	msgstr ""
4249
4250	+ #: inc/media.class.php:152
4251	msgid "LiteSpeed Optimization"
4252	msgstr ""
4253
4254	+ #: inc/media.class.php:178
4255	msgid "WebP saved %s"
4256	msgstr ""
4257
4258	+ #: inc/media.class.php:185
4259	msgid "Click to Disable WebP"
4260	msgstr ""
4261
4262	+ #: inc/media.class.php:190
4263	msgid "Click to Enable WebP"
4264	msgstr ""
4265
4266	+ #: inc/media.class.php:211
4267	msgid "Original saved %s"
4268	msgstr ""
4269
4270	+ #: inc/media.class.php:222
4271	msgid "Click to Restore Original File"
4272	msgstr ""
4273
4274	+ #: inc/media.class.php:227
4275	msgid "Click to Switch To Optimized File"
4276	msgstr ""
4277

4347	msgid "LiteSpeed Cache Custom Cron Crawler"
4348	msgstr ""
4349
4350	+ #: inc/utility.class.php:239 includes/litespeed-cache-utility.class.php:239
4351	msgid "just now"
4352	msgstr ""
4353
4354	+ #: inc/utility.class.php:239 includes/litespeed-cache-utility.class.php:239
4355	msgid "right now"
4356	msgstr ""
4357
4358	+ #: inc/utility.class.php:242 includes/litespeed-cache-utility.class.php:242
4359	msgid " %s ago"
4360	msgstr ""
4361

litespeed-cache.php CHANGED Viewed

	@@ -15,7 +15,7 @@
15	* Plugin Name: LiteSpeed Cache
16	* Plugin URI: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
17	* Description: High-performance page caching and site optimization from LiteSpeed
18	- * Version: 2.9.5
19	* Author: LiteSpeed Technologies
20	* Author URI: https://www.litespeedtech.com
21	* License: GPLv3


15	* Plugin Name: LiteSpeed Cache
16	* Plugin URI: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
17	* Description: High-performance page caching and site optimization from LiteSpeed
18	+ * Version: 2.9.6
19	* Author: LiteSpeed Technologies
20	* Author URI: https://www.litespeedtech.com
21	* License: GPLv3

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: LiteSpeedTech
3	Tags: caching, optimize, performance, pagespeed, seo, speed, image optimize, compress, object cache, redis, memcached, database cleaner
4	Requires at least: 4.0
5	Tested up to: 5.1.1
6	- Stable tag: 2.9.5
7	License: GPLv3
8	License URI: http://www.gnu.org/licenses/gpl.html
9
	@@ -284,6 +284,17 @@ Click on the `Advanced View` link at the top of the page, and several more tabs
284
285	== Changelog ==
286











287	= 2.9.5 - Mar 14 2019 =
288	* 🌱 Auto convert default WordPress nonce to ESI to avoid expiration.
289	* 🌱 <strong>API</strong>: Ability to easily convert custom nonce to ESI by registering `LiteSpeed_Cache_API::nonce_action`.


3	Tags: caching, optimize, performance, pagespeed, seo, speed, image optimize, compress, object cache, redis, memcached, database cleaner
4	Requires at least: 4.0
5	Tested up to: 5.1.1
6	+ Stable tag: 2.9.6
7	License: GPLv3
8	License URI: http://www.gnu.org/licenses/gpl.html
9

284
285	== Changelog ==
286
287	+ = 2.9.6 - Mar 27 2019 =
288	+ * 🌱<strong>IAPI</strong>: Appended XMP to `Preserve EXIF data` setting. WebP will now honor this setting. (#902219)
289	+ * <strong>Object</script> Fixed SASL connection with LSMCD.
290	+ * <strong>ESI</strong>: Converted ESI URI parameters to JSON; Added ESI validation.
291	+ * <strong>Import</strong>: Import/Export will now use JSON format. <strong>Please re-export any backed up settings. Previous backup format is no longer recognized.</strong>
292	+ * <strong>Media</strong>: WebP replacement will honor `Role Excludes` setting now. (@mfazio26)
293	+ * <strong>Data</strong>: Forbid direct visit to const.default.ini.
294	+ * <strong>Utility</strong>: Can handle WHM passed in `LITESPEED_ERR` constant now.
295	+ * <strong>IAPI</strong>: Communicate via JSON encoding.
296	+ * <strong>IAPI</strong>: IAPI v2.9.6.
297	+
298	= 2.9.5 - Mar 14 2019 =
299	* 🌱 Auto convert default WordPress nonce to ESI to avoid expiration.
300	* 🌱 <strong>API</strong>: Ability to easily convert custom nonce to ESI by registering `LiteSpeed_Cache_API::nonce_action`.