Protect uploads - Version 0.4

Version Description

Nothing for now

Download this release

Release Info

Developer alticreation
Plugin Icon 128x128 Protect uploads
Version 0.4
Comparing to
See all releases

Code changes from version 0.3 to 0.4

Files changed (7) hide show
  1. admin/assets/css/protect-uploads-admin.css +0 -23
  2. admin/class-protect-uploads-admin.php +272 -27
  3. admin/views/includes/protect-uploads-admin-sidebar.php +0 -145
  4. admin/views/protect-uploads-admin-settings-page.php +0 -126
  5. includes/class-protect-uploads.php +2 -1
  6. protect-uploads.php +3 -4
  7. readme.txt +8 -10
admin/assets/css/protect-uploads-admin.css DELETED
@@ -1,23 +0,0 @@
1
- .protect-uploads-error {
2
- border: 2px solid #dc3232;
3
- display: inline-block;
4
- padding: 10px;
5
- }
6
- .protect-uploads-success {
7
- border: 1px solid #46b450;
8
- }
9
-
10
- /* container left and right */
11
- .protect-uploads .protect-uploads-main-container {
12
- float: left;
13
- width: 66%;
14
- }
15
- .protect-uploads .protect-uploads-sidebar {
16
- float: left;
17
- width: 31%;
18
- margin-left: 2%;
19
- }
20
-
21
- .protect-uploads-disabled {
22
- opacity: 0.75 !important;
23
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
admin/class-protect-uploads-admin.php CHANGED
@@ -23,9 +23,271 @@ class Alti_ProtectUploads_Admin
23
  add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads <span class="dashicons dashicons-shield-alt" style="font-size:15px;"></span>', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page'));
24
  }
25
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
26
  public function render_settings_page()
27
  {
28
- require plugin_dir_path(__FILE__) . 'views/' . $this->plugin_name . '-admin-settings-page.php';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
29
  }
30
 
31
  public function enqueue_styles()
@@ -55,31 +317,18 @@ class Alti_ProtectUploads_Admin
55
  public function get_uploads_subdirectories()
56
  {
57
 
58
- $directories = scandir(self::get_uploads_dir());
59
- $subs = array(self::get_uploads_dir());
60
-
61
- foreach ($directories as $directory) {
62
-
63
- if (is_dir(self::get_uploads_dir() . '/' . $directory) && !preg_match('/^\.*$/', $directory)) {
64
- $subs[] = self::get_uploads_dir() . '/' . $directory;
65
- $subDirectories = scandir(self::get_uploads_dir() . '/' . $directory);
66
- foreach ($subDirectories as $subDirectory) {
67
- if (is_dir(self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory) && !preg_match('/^\.*$/', $subDirectory)) $subs[] = self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory;
68
- }
69
- }
70
- }
71
- return $subs;
72
  }
73
 
74
- public function save_form($form)
75
  {
76
- if ($form['protection'] == 'index_php') {
77
  $this->create_index();
78
  }
79
- if ($form['protection'] == 'htaccess') {
80
  $this->create_htaccess();
81
  }
82
- if ($form['protection'] == 'remove') {
83
  $this->remove_index();
84
  $this->remove_htaccess();
85
  }
@@ -96,7 +345,7 @@ class Alti_ProtectUploads_Admin
96
  // check if index php does not exists
97
  if (self::check_protective_file('index.php') === false) {
98
 
99
- $indexContent = "<?php // Silence is golden \n // " . self::get_htaccess_identifier() . " \n // https://www.alticreation.com/en/protect-uploads/ \n // date:" . date('d/m/Y') . "\n // .";
100
  $i = 0;
101
  foreach (self::get_uploads_subdirectories() as $subDirectory) {
102
 
@@ -203,13 +452,9 @@ class Alti_ProtectUploads_Admin
203
 
204
  public function get_uploads_root_response_code()
205
  {
206
- $uploads_headers = get_headers(self::get_uploads_url() . '/');
207
- $response = null;
208
- if (is_array($uploads_headers)) {
209
- if (preg_match('/200/', $uploads_headers[0])) $response = 200;
210
- if (preg_match('/403/', $uploads_headers[0])) $response = 403;
211
- }
212
- return $response;
213
  }
214
 
215
  public function get_htaccess_content()
23
  add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads <span class="dashicons dashicons-shield-alt" style="font-size:15px;"></span>', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page'));
24
  }
25
 
26
+ public function verify_settings_page() {
27
+ if(!isset($_POST['protect-uploads_nonce'])) {
28
+ return;
29
+ }
30
+ if(!wp_verify_nonce($_POST['protect-uploads_nonce'], 'submit_form')) {
31
+ return;
32
+ }
33
+ if(!current_user_can('manage_options')) {
34
+ return;
35
+ }
36
+ if(!check_admin_referer('submit_form', 'protect-uploads_nonce')) {
37
+ return;
38
+ }
39
+ if (isset($_POST['submit']) && isset($_POST['protection'])) {
40
+ $this->save_form(sanitize_text_field($_POST['protection']));
41
+ }
42
+ }
43
+
44
  public function render_settings_page()
45
  {
46
+ ?>
47
+ <div class="wrap <?php echo $this->plugin_name ?>">
48
+ <?php
49
+ echo $this->display_messages();
50
+ ?>
51
+ <h1>Protect Uploads</h1>
52
+ <div class="protect-uploads-main-container">
53
+ <form method="POST" action="">
54
+ <?php wp_nonce_field('submit_form', 'protect-uploads_nonce'); ?>
55
+
56
+ <table class="form-table">
57
+ <tbody>
58
+ <tr>
59
+ <th scope="row">
60
+ <label for=""><?php _e('Status', $this->plugin_name); ?></label>
61
+ </th>
62
+ <td>
63
+ <fieldset>
64
+ <p>
65
+ <strong>
66
+ <?php if ($this->check_uploads_is_protected() === true) { ?>
67
+ <span class="dashicons dashicons-yes-alt" style="color:#46b450"></span> <?php _e('Uploads directory is protected.', $this->plugin_name); ?>
68
+ <?php } else { ?>
69
+ <span style="color:#dc3232" class="dashicons dashicons-dismiss"></span> <?php _e('Uploads directory is not protected!', $this->plugin_name); ?>
70
+ <?php } ?>
71
+ </strong>
72
+ </p>
73
+ <p>
74
+ <?php
75
+ $file_messages = $this->get_uploads_protection_message_array();
76
+ foreach ($file_messages as $file_message) {
77
+ ?>
78
+ <?php echo $file_message; ?> <br />
79
+ <?php
80
+ } ?>
81
+ </p>
82
+ </fieldset>
83
+ </td>
84
+ </tr>
85
+ <tr>
86
+ <th scope="row">
87
+ <label for="size"><?php _e('Protection', $this->plugin_name); ?></label>
88
+ </th>
89
+ <td>
90
+ <fieldset>
91
+ <legend class="screen-reader-text">
92
+ <span><?php _e('Protection', $this->plugin_name); ?></span>
93
+ </legend>
94
+ <?php if ($this->check_uploads_is_protected() === false) { ?>
95
+ <!-- -->
96
+ <label for="protection_1">
97
+ <input type="radio" value="index_php" name="protection" id="protection_1">
98
+ <strong><?php _e('Protect with index.php files', $this->plugin_name); ?></strong>
99
+ <p class="description"><?php _e('Create an index.php file on the root of your uploads directory and subfolders (two levels max).', $this->plugin_name); ?></p>
100
+ </label><br />
101
+ <!-- -->
102
+ <label for="protection_2">
103
+ <input type="radio" value="htaccess" name="protection" id="protection_2">
104
+ <strong><?php _e('Protect with .htaccess file', $this->plugin_name); ?></strong>
105
+ <p class="description"><?php _e('Create .htaccess file at root level of uploads directory and returns 403 code (Forbidden Access).', $this->plugin_name); ?></p>
106
+ </label><br />
107
+ <?php } ?>
108
+ <!-- -->
109
+ <?php if ( $this->check_protective_file_removable() && $this->check_uploads_is_protected() ) { ?>
110
+ <label for="protection_3">
111
+ <input type="radio" value="remove" name="protection" id="protection_3">
112
+ <strong><?php _e('Remove protection files', $this->plugin_name); ?></strong>
113
+ <p>
114
+ <?php if ($this->check_protective_file('index.php') === true) {
115
+ echo '<span class="dashicons dashicons-flag"></span> index.php ';
116
+ _e('will be removed', $this->plugin_name);
117
+ } ?>
118
+ <?php if ($this->check_protective_file('.htaccess') === true) {
119
+ echo '<span class="dashicons dashicons-flag"></span> .htaccess ';
120
+ _e('will be removed', $this->plugin_name);
121
+ } ?>
122
+ </p>
123
+ </label><br />
124
+ <?php } ?>
125
+ <?php if ($this->check_protective_file('index.html') === true) { ?>
126
+ <p class="description">
127
+ <span class="dashicons dashicons-search"></span> <?php _e('A index.html file is already here and has not been created by this plugin. It will not be removed. If you want to use this plugin, you first have to remove manually the index.html file.', $this->plugin_name) ?>
128
+ </p>
129
+ <?php } ?>
130
+ </fieldset>
131
+
132
+ </td>
133
+ </tr>
134
+ <tr>
135
+ <th scope="row">
136
+ <label for=""><?php _e('Check', $this->plugin_name); ?></label>
137
+ </th>
138
+ <td>
139
+ <p><?php _e('Visit your', $this->plugin_name); ?> <a href="<?php echo $this->get_uploads_url(); ?>" target="_blank"><strong><?php _e('uploads directory', $this->plugin_name); ?></strong><span style="text-decoration:none;" class="dashicons dashicons-external"></span></a> <?php _e('to check the current protection', $this->plugin_name); ?>.</p>
140
+ </td>
141
+ </tr>
142
+ <tr>
143
+ <th scope="row">
144
+ <label for=""><?php _e('Support', $this->plugin_name); ?></label>
145
+ </th>
146
+ <td>
147
+ <p><?php _e('Protect Uploads Plugin <a href="https://wordpress.org/support/plugin/protect-uploads/" target="_blank">support page</a>.', $this->plugin_name); ?></p>
148
+ </td>
149
+ </tr>
150
+ <tr>
151
+ <th scope="row">
152
+ </th>
153
+ <td>
154
+ <?php submit_button(__('Update', $this->plugin_name), 'primary') ?>
155
+ </td>
156
+ </tr>
157
+ </tbody>
158
+ </table>
159
+
160
+ </form>
161
+
162
+ </div>
163
+ <div class="alti-watermark-sidebar">
164
+ <div class="alti_promote_widget">
165
+ <div class="alti_promote_title">Like this plugin?</div>
166
+ <p><a target="_blank" class="alti_promote_btn" href="https://wordpress.org/support/view/plugin-reviews/<?php echo $this->plugin_name; ?>?rate=5#postform"><strong>Rate it</strong></a> to show your support!</p>
167
+ </div>
168
+ </div>
169
+
170
+ </div>
171
+
172
+ <style>
173
+ .protect-uploads-error {
174
+ border: 2px solid #dc3232;
175
+ display: inline-block;
176
+ padding: 10px;
177
+ }
178
+ .protect-uploads-success {
179
+ border: 1px solid #46b450;
180
+ }
181
+
182
+ /* container left and right */
183
+ .protect-uploads .protect-uploads-main-container {
184
+ float: left;
185
+ width: 66%;
186
+ }
187
+ .protect-uploads .protect-uploads-sidebar {
188
+ float: left;
189
+ width: 31%;
190
+ margin-left: 2%;
191
+ }
192
+
193
+ .protect-uploads-disabled {
194
+ opacity: 0.75 !important;
195
+ }
196
+ .alti_promote_widget {
197
+ background-color: #fff;
198
+ padding: 10px;
199
+ margin: 15px 0;
200
+ border: 1px solid #E5E5E5;
201
+ position: relative;
202
+ box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
203
+ overflow: hidden;
204
+ }
205
+
206
+ .alti_promote_widget .dashicons {
207
+ color: #238ECB !important;
208
+ }
209
+
210
+ .alti_promote_plugin {
211
+ margin: 5px 0 5px -5px;
212
+ clear: both;
213
+ overflow: hidden;
214
+ font-size: 14px;
215
+ }
216
+
217
+ .alti_promote_plugin a {
218
+ position: relative;
219
+ box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
220
+ float: left;
221
+ display: block;
222
+ margin-right: 5px;
223
+ width: 100%;
224
+ text-decoration: none;
225
+ border: 5px solid transparent;
226
+ }
227
+
228
+ .alti_promote_plugin a:hover {
229
+ background-color: #eee;
230
+ border: 5px solid #eee;
231
+ }
232
+
233
+ .alti_promote_plugin img {
234
+ width: 50px;
235
+ height: 50px;
236
+ margin-right: 10px;
237
+ display: block;
238
+ float: left;
239
+ }
240
+
241
+ .alti_promote_plugin .alti_promote_copy {
242
+ color: #555;
243
+ }
244
+
245
+ .alti_promote_plugin .alti_promote_copy strong {
246
+ display: block;
247
+ color: #333;
248
+ }
249
+
250
+ .alti_promote_title {
251
+ font-size: 1.2em;
252
+ font-weight: bold;
253
+ color: #222;
254
+ margin-bottom: 12.5px;
255
+ }
256
+
257
+ .alti_promote_title span:before {
258
+ color: #222;
259
+ }
260
+
261
+ .alti_promote_btn {
262
+ background: rgba(35, 142, 203, 0.3);
263
+ display: inline-block;
264
+ padding: 2.5px 5px;
265
+ border-radius: 2.5px;
266
+ text-decoration: none;
267
+ color: #333;
268
+ }
269
+
270
+ .alti_promote_paypal {
271
+ color: #021E73;
272
+ font-weight: bold;
273
+ text-shadow: 2px 2px 0 #1189D6;
274
+ display: inline-block;
275
+ background-color: #fff;
276
+ padding: 0 5px;
277
+ border-radius: 15px;
278
+ font-size: 1.2em;
279
+ line-height: 1.3em;
280
+ font-family: sans-serif;
281
+ border: 1px solid #ccc;
282
+ }
283
+
284
+ .alti_promote_paypal_svg svg {
285
+ height: 15px;
286
+ width: 65px;
287
+ vertical-align: middle;
288
+ }
289
+ </style>
290
+ <?php
291
  }
292
 
293
  public function enqueue_styles()
317
  public function get_uploads_subdirectories()
318
  {
319
 
320
+ return [self::get_uploads_dir()];
 
 
 
 
 
 
 
 
 
 
 
 
 
321
  }
322
 
323
+ public function save_form($protection)
324
  {
325
+ if ($protection == 'index_php') {
326
  $this->create_index();
327
  }
328
+ if ($protection == 'htaccess') {
329
  $this->create_htaccess();
330
  }
331
+ if ($protection == 'remove') {
332
  $this->remove_index();
333
  $this->remove_htaccess();
334
  }
345
  // check if index php does not exists
346
  if (self::check_protective_file('index.php') === false) {
347
 
348
+ $indexContent = "<?php // Silence is golden \n // " . self::get_htaccess_identifier() . " \n // protect-uploads \n // date:" . date('d/m/Y') . "\n // .";
349
  $i = 0;
350
  foreach (self::get_uploads_subdirectories() as $subDirectory) {
351
 
452
 
453
  public function get_uploads_root_response_code()
454
  {
455
+ $response = wp_remote_get( self::get_uploads_url() );
456
+ $code = wp_remote_retrieve_response_code($response);
457
+ return $code;
 
 
 
 
458
  }
459
 
460
  public function get_htaccess_content()
admin/views/includes/protect-uploads-admin-sidebar.php DELETED
@@ -1,145 +0,0 @@
1
- <?php
2
- $get_from = 'protect-uploads';
3
-
4
- $paypal_svg = '
5
- <svg xmlns="http://www.w3.org/2000/svg" width="124" height="33" viewBox="0 0 124 33"><path fill="#253B80" d="M46.21 6.75h-6.838c-.468 0-.866.34-.94.8L35.668 25.09c-.055.346.213.658.564.658h3.266c.468 0 .866-.34.94-.803l.745-4.73c.073-.463.472-.803.94-.803h2.164c4.505 0 7.105-2.18 7.784-6.5.306-1.89.013-3.375-.872-4.415C50.224 7.353 48.5 6.75 46.21 6.75zm.79 6.404c-.374 2.454-2.25 2.454-4.062 2.454h-1.032l.724-4.583c.043-.277.283-.48.563-.48h.473c1.235 0 2.4 0 3.002.703.36.42.47 1.044.332 1.906zM66.654 13.075H63.38c-.28 0-.52.204-.564.48l-.145.917-.228-.332c-.71-1.03-2.29-1.373-3.868-1.373-3.62 0-6.71 2.74-7.312 6.586-.313 1.918.132 3.752 1.22 5.03.998 1.177 2.426 1.667 4.125 1.667 2.916 0 4.533-1.875 4.533-1.875l-.146.91c-.055.348.213.66.562.66h2.95c.47 0 .865-.34.94-.803l1.77-11.21c.055-.344-.212-.657-.562-.657zM62.09 19.45c-.317 1.87-1.802 3.126-3.696 3.126-.95 0-1.71-.305-2.2-.883-.483-.574-.667-1.39-.513-2.3.296-1.856 1.806-3.153 3.67-3.153.93 0 1.687.31 2.185.892.5.59.697 1.41.554 2.317zM84.096 13.075h-3.29c-.315 0-.61.156-.788.417l-4.54 6.686-1.923-6.425c-.12-.402-.492-.678-.912-.678H69.41c-.394 0-.667.384-.542.754l3.625 10.637-3.408 4.81c-.268.38.002.9.465.9h3.287c.312 0 .604-.15.78-.407l10.947-15.8c.262-.378-.007-.895-.468-.895z"/><path fill="#179BD7" d="M94.992 6.75h-6.84c-.467 0-.865.34-.938.8L84.448 25.09c-.055.346.213.658.562.658h3.51c.326 0 .605-.238.656-.562l.785-4.97c.073-.464.472-.804.94-.804h2.163c4.506 0 7.105-2.18 7.785-6.5.307-1.89.012-3.375-.873-4.415-.97-1.142-2.694-1.746-4.983-1.746zm.79 6.404c-.374 2.454-2.25 2.454-4.063 2.454h-1.032l.725-4.583c.043-.277.28-.48.562-.48h.473c1.234 0 2.4 0 3.002.703.36.42.468 1.044.33 1.906zM115.434 13.075h-3.273c-.28 0-.52.204-.56.48l-.146.917-.23-.332c-.71-1.03-2.29-1.373-3.867-1.373-3.62 0-6.71 2.74-7.31 6.586-.313 1.918.13 3.752 1.218 5.03 1 1.177 2.426 1.667 4.125 1.667 2.916 0 4.533-1.875 4.533-1.875l-.146.91c-.055.348.213.66.564.66h2.95c.467 0 .865-.34.938-.803l1.77-11.21c.055-.344-.213-.657-.564-.657zm-4.565 6.374c-.315 1.87-1.802 3.126-3.696 3.126-.95 0-1.71-.305-2.2-.883-.483-.574-.665-1.39-.513-2.3.298-1.856 1.806-3.153 3.67-3.153.93 0 1.687.31 2.185.892.5.59.7 1.41.554 2.317zM119.295 7.23l-2.807 17.858c-.055.346.213.658.562.658h2.822c.47 0 .867-.34.94-.803l2.767-17.536c.054-.346-.214-.66-.563-.66h-3.16c-.28.002-.52.206-.562.483z"/><path fill="#253B80" d="M7.266 29.154l.523-3.322-1.166-.027H1.06L4.928 1.292c.012-.074.05-.143.108-.192.057-.05.13-.076.206-.076h9.38c3.115 0 5.264.648 6.386 1.927.526.6.86 1.228 1.023 1.918.17.724.172 1.59.006 2.644l-.012.077v.675l.526.298c.443.235.795.504 1.065.812.45.513.74 1.165.864 1.938.126.795.084 1.74-.124 2.812-.24 1.232-.628 2.305-1.152 3.183-.482.81-1.096 1.48-1.825 2-.697.494-1.524.87-2.46 1.11-.905.235-1.938.354-3.07.354h-.73c-.523 0-1.03.188-1.428.525-.4.344-.663.814-.744 1.328l-.055.3-.924 5.854-.043.214c-.01.068-.03.102-.058.125-.026.02-.062.034-.097.034H7.266z"/><path fill="#179BD7" d="M23.048 7.667c-.028.18-.06.362-.096.55-1.237 6.35-5.47 8.545-10.874 8.545H9.326c-.66 0-1.218.48-1.32 1.132l-1.41 8.936-.4 2.533c-.066.428.264.814.696.814h4.88c.58 0 1.07-.42 1.16-.99l.05-.248.918-5.833.06-.32c.09-.572.58-.992 1.16-.992h.73c4.728 0 8.43-1.92 9.512-7.476.452-2.322.218-4.26-.978-5.623-.362-.41-.81-.752-1.336-1.03z"/><path fill="#222D65" d="M21.754 7.15c-.19-.054-.384-.104-.584-.15-.2-.043-.407-.082-.62-.116-.74-.12-1.554-.177-2.425-.177h-7.352c-.18 0-.353.04-.507.115-.34.163-.59.484-.652.877L8.05 17.604l-.045.29c.103-.653.66-1.133 1.32-1.133h2.753c5.405 0 9.637-2.195 10.874-8.545.037-.188.068-.37.096-.55-.313-.166-.652-.308-1.017-.43-.09-.03-.182-.058-.276-.086z"/><path fill="#253B80" d="M9.614 7.7c.06-.394.313-.715.652-.877.155-.074.326-.115.507-.115h7.352c.87 0 1.684.057 2.426.177.213.034.42.073.62.117.2.045.395.095.584.15.094.028.187.057.278.086.365.12.704.264 1.017.43.367-2.348-.004-3.946-1.273-5.393C20.377.682 17.853 0 14.622 0h-9.38c-.66 0-1.223.48-1.325 1.133L.01 25.898c-.077.49.3.932.795.932h5.79l1.455-9.225L9.614 7.7z"/></svg>
6
- ';
7
- ?>
8
- <style>
9
- .alti_promote_widget {
10
- background-color: #fff;
11
- padding: 10px;
12
- margin: 15px 0;
13
- border: 1px solid #E5E5E5;
14
- position: relative;
15
- box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
16
- overflow: hidden;
17
- }
18
-
19
- .alti_promote_widget .dashicons {
20
- color: #238ECB !important;
21
- }
22
-
23
- .alti_promote_plugin {
24
- margin: 5px 0 5px -5px;
25
- clear: both;
26
- overflow: hidden;
27
- font-size: 14px;
28
- }
29
-
30
- .alti_promote_plugin a {
31
- position: relative;
32
- box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
33
- float: left;
34
- display: block;
35
- margin-right: 5px;
36
- width: 100%;
37
- text-decoration: none;
38
- border: 5px solid transparent;
39
- }
40
-
41
- .alti_promote_plugin a:hover {
42
- background-color: #eee;
43
- border: 5px solid #eee;
44
- }
45
-
46
- .alti_promote_plugin img {
47
- width: 50px;
48
- height: 50px;
49
- margin-right: 10px;
50
- display: block;
51
- float: left;
52
- }
53
-
54
- .alti_promote_plugin .alti_promote_copy {
55
- color: #555;
56
- }
57
-
58
- .alti_promote_plugin .alti_promote_copy strong {
59
- display: block;
60
- color: #333;
61
- }
62
-
63
- .alti_promote_title {
64
- font-size: 1.2em;
65
- font-weight: bold;
66
- color: #222;
67
- margin-bottom: 12.5px;
68
- }
69
-
70
- .alti_promote_title span:before {
71
- color: #222;
72
- }
73
-
74
- .alti_promote_btn {
75
- background: rgba(35, 142, 203, 0.3);
76
- display: inline-block;
77
- padding: 2.5px 5px;
78
- border-radius: 2.5px;
79
- text-decoration: none;
80
- color: #333;
81
- }
82
-
83
- .alti_promote_paypal {
84
- color: #021E73;
85
- font-weight: bold;
86
- text-shadow: 2px 2px 0 #1189D6;
87
- display: inline-block;
88
- background-color: #fff;
89
- padding: 0 5px;
90
- border-radius: 15px;
91
- font-size: 1.2em;
92
- line-height: 1.3em;
93
- font-family: sans-serif;
94
- border: 1px solid #ccc;
95
- }
96
-
97
- .alti_promote_paypal_svg svg {
98
- height: 15px;
99
- width: 65px;
100
- vertical-align: middle;
101
- }
102
- </style>
103
- <div class="alti-watermark-sidebar">
104
- <div class="alti_promote_widget">
105
- <div class="alti_promote_title">Like this plugin?</div>
106
- <p><a target="_blank" class="alti_promote_btn" href="https://wordpress.org/support/view/plugin-reviews/<?php echo $get_from; ?>?rate=5#postform"><strong>Rate it</strong></a> to show your support!</p>
107
- <p><a target="_blank" class="alti_promote_btn" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9S74KTRCZCLRE&item_name=<?php echo $get_from; ?>&no_note=0&no_shipping=1&currency_code=USD"><strong>Donate</strong> <span class="alti_promote_paypal_svg"><?php echo $paypal_svg; ?></span></a> to encourage me updating this plugin!</p>
108
- </div>
109
- <div class="alti_promote_widget">
110
- <div class="alti_promote_title">Discover more useful plugins</div>
111
- <?php $related_plugins = array(
112
- array(
113
- 'protect-uploads',
114
- 'Protect Uploads',
115
- 'Helps you protect your uploads folder.'
116
- ),
117
- array(
118
- 'alti-watermark',
119
- 'Watermark',
120
- 'Add watermark on your images.'
121
- ),
122
- array(
123
- 'altibox',
124
- 'Altibox',
125
- 'Add a minimalist lightbox viewer.'
126
- ),
127
- ); ?>
128
- <?php foreach ($related_plugins as $related_plugin): ?>
129
- <?php if( $related_plugin[0] != $get_from ) { ?>
130
- <div class="alti_promote_plugin">
131
- <a href="plugin-install.php?tab=search&type=term&s=<?php echo urlencode($related_plugin[0]); ?>" title="<?php echo $related_plugin[1]; ?>"><img src="https://plugins.svn.wordpress.org/<?php echo $related_plugin[0]; ?>/assets/icon-128x128.png" alt="<?php echo $related_plugin[1]; ?>">
132
- <div class="alti_promote_copy">
133
- <strong><?php echo $related_plugin[1]; ?></strong>
134
- <?php echo $related_plugin[2]; ?>
135
- </div>
136
- </a>
137
- </div>
138
- <?php } ?>
139
- <?php endforeach ?>
140
- </div>
141
- <div class="alti_promote_widget">
142
- <div class="alti_promote_title">Developed by</div>
143
- <a href="https://www.alticreation.com?utm_source=wp_plugin&utm_medium=logo_sidebar&utm_campaign=<?php echo $get_from; ?>"><img src="http://alticreation.com/logos/alticreation_color_01.png" alt="alticreation"></a>
144
- </div>
145
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
admin/views/protect-uploads-admin-settings-page.php DELETED
@@ -1,126 +0,0 @@
1
- <div class="wrap <?php echo $this->plugin_name ?>">
2
- <?php
3
- $plugin = new Alti_ProtectUploads_Admin($this->plugin_name, $this->version);
4
- if (isset($_POST['submit']) && isset($_POST['protection']) && check_admin_referer('submit_form', 'protect-uploads' . '_nonce')) {
5
- $plugin->save_form($_POST);
6
- }
7
- echo $plugin->display_messages();
8
- ?>
9
- <h1>Protect Uploads</h1>
10
- <div class="protect-uploads-main-container">
11
- <form method="POST" enctype="multipart/form-data">
12
- <?php wp_nonce_field('submit_form', 'protect-uploads' . '_nonce'); ?>
13
-
14
- <table class="form-table">
15
- <tbody>
16
- <tr>
17
- <th scope="row">
18
- <label for=""><?php _e('Status', $this->plugin_name); ?></label>
19
- </th>
20
- <td>
21
- <fieldset>
22
- <p>
23
- <strong>
24
- <?php if ($this->check_uploads_is_protected() === true) { ?>
25
- <span class="dashicons dashicons-yes-alt" style="color:#46b450"></span> <?php _e('Uploads directory is protected.', $this->plugin_name); ?>
26
- <?php } else { ?>
27
- <span style="color:#dc3232" class="dashicons dashicons-dismiss"></span> <?php _e('Uploads directory is not protected!', $this->plugin_name); ?>
28
- <?php } ?>
29
- </strong>
30
- </p>
31
- <p>
32
- <?php
33
- $file_messages = $this->get_uploads_protection_message_array();
34
- foreach ($file_messages as $file_message) {
35
- ?>
36
- <?php echo $file_message; ?> <br />
37
- <?php
38
- } ?>
39
- </p>
40
- </fieldset>
41
- </td>
42
- </tr>
43
- <tr>
44
- <th scope="row">
45
- <label for="size"><?php _e('Protection', $this->plugin_name); ?></label>
46
- </th>
47
- <td>
48
- <fieldset>
49
- <legend class="screen-reader-text">
50
- <span><?php _e('Protection', $this->plugin_name); ?></span>
51
- </legend>
52
- <?php if ($this->check_uploads_is_protected() === false) { ?>
53
- <!-- -->
54
- <label for="protection_1">
55
- <input type="radio" value="index_php" name="protection" id="protection_1">
56
- <strong><?php _e('Protect with index.php files', $this->plugin_name); ?></strong>
57
- <p class="description"><?php _e('Create an index.php file on the root of your uploads directory and subfolders (two levels max).', $this->plugin_name); ?></p>
58
- </label><br />
59
- <!-- -->
60
- <label for="protection_2">
61
- <input type="radio" value="htaccess" name="protection" id="protection_2">
62
- <strong><?php _e('Protect with .htaccess file', $this->plugin_name); ?></strong>
63
- <p class="description"><?php _e('Create .htaccess file at root level of uploads directory and returns 403 code (Forbidden Access).', $this->plugin_name); ?></p>
64
- </label><br />
65
- <?php } ?>
66
- <!-- -->
67
- <?php if ( $this->check_protective_file_removable() && $this->check_uploads_is_protected() ) { ?>
68
- <label for="protection_3">
69
- <input type="radio" value="remove" name="protection" id="protection_3">
70
- <strong><?php _e('Remove protection files', $this->plugin_name); ?></strong>
71
- <p>
72
- <?php if ($this->check_protective_file('index.php') === true) {
73
- echo '<span class="dashicons dashicons-flag"></span> index.php ';
74
- _e('will be removed', $this->plugin_name);
75
- } ?>
76
- <?php if ($this->check_protective_file('.htaccess') === true) {
77
- echo '<span class="dashicons dashicons-flag"></span> .htaccess ';
78
- _e('will be removed', $this->plugin_name);
79
- } ?>
80
- </p>
81
- </label><br />
82
- <?php } ?>
83
- <?php if ($this->check_protective_file('index.html') === true) { ?>
84
- <p class="description">
85
- <span class="dashicons dashicons-search"></span> <?php _e('A index.html file is already here and has not been created by this plugin. It will not be removed. If you want to use this plugin, you first have to remove manually the index.html file.', $this->plugin_name) ?>
86
- </p>
87
- <?php } ?>
88
- </fieldset>
89
-
90
- </td>
91
- </tr>
92
- <tr>
93
- <th scope="row">
94
- <label for=""><?php _e('Check', $this->plugin_name); ?></label>
95
- </th>
96
- <td>
97
- <p><?php _e('Visit your', $this->plugin_name); ?> <a href="<?php echo $this->get_uploads_url(); ?>" target="_blank"><strong><?php _e('uploads directory', $this->plugin_name); ?></strong><span style="text-decoration:none;" class="dashicons dashicons-external"></span></a> <?php _e('to check the current protection', $this->plugin_name); ?>.</p>
98
- </td>
99
- </tr>
100
- <tr>
101
- <th scope="row">
102
- <label for=""><?php _e('Support', $this->plugin_name); ?></label>
103
- </th>
104
- <td>
105
- <p><?php _e('Protect Uploads Plugin <a href="https://www.alticreation.com/en/protect-uploads/" target="_blank">support page</a>.', $this->plugin_name); ?></p>
106
- <p><?php _e('This plugin is compatible with the <span class="dashicons dashicons-awards"></span> <a href="https://www.alticreation.com/en/alti-watermark/" target="_blank">Watermark Plugin</a>.', $this->plugin_name); ?></p>
107
- <p class="description"><?php _e('To do so, you have to: 1. Install the Watermark Plugin 2. Then choose your settings in this page and Update.', $this->plugin_name); ?></p>
108
- </td>
109
- </tr>
110
- <tr>
111
- <th scope="row">
112
- </th>
113
- <td>
114
- <input type="submit" id="submit" value="<?php _e('Update', $this->plugin_name); ?>" name="submit" class="button button-primary">
115
- </td>
116
- </tr>
117
- </tbody>
118
- </table>
119
-
120
- </form>
121
-
122
- </div>
123
-
124
- <?php require_once dirname(__FILE__) . '/includes/protect-uploads-admin-sidebar.php'; ?>
125
-
126
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
includes/class-protect-uploads.php CHANGED
@@ -9,7 +9,7 @@ class Alti_ProtectUploads
9
 
10
  public function __construct()
11
  {
12
- $this->version = '0.3';
13
  $this->plugin_name = 'protect-uploads';
14
  $this->load_dependencies();
15
  $this->set_locale();
@@ -47,6 +47,7 @@ class Alti_ProtectUploads
47
  $plugin_admin = new Alti_ProtectUploads_Admin($this->get_plugin_name(), $this->get_version());
48
 
49
  $this->loader->add_action('admin_menu', $plugin_admin, 'add_submenu_page');
 
50
  $this->loader->add_filter('plugin_action_links_' . $this->get_plugin_name() . '/' . $this->get_plugin_name() . '.php', $plugin_admin, 'add_settings_link');
51
  $this->loader->add_action('admin_enqueue_scripts', $plugin_admin, 'enqueue_styles');
52
  }
9
 
10
  public function __construct()
11
  {
12
+ $this->version = '0.4';
13
  $this->plugin_name = 'protect-uploads';
14
  $this->load_dependencies();
15
  $this->set_locale();
47
  $plugin_admin = new Alti_ProtectUploads_Admin($this->get_plugin_name(), $this->get_version());
48
 
49
  $this->loader->add_action('admin_menu', $plugin_admin, 'add_submenu_page');
50
+ $this->loader->add_action('admin_init', $plugin_admin, 'verify_settings_page');
51
  $this->loader->add_filter('plugin_action_links_' . $this->get_plugin_name() . '/' . $this->get_plugin_name() . '.php', $plugin_admin, 'add_settings_link');
52
  $this->loader->add_action('admin_enqueue_scripts', $plugin_admin, 'enqueue_styles');
53
  }
protect-uploads.php CHANGED
@@ -1,11 +1,10 @@
1
  <?php
2
  /**
3
  * Plugin Name: Protect Uploads
4
- * Plugin URI: https://www.alticreation.com/en/protect-uploads/
5
  * Description: Protect your uploads directory. Avoid browsing of your uploads directory by adding a htaccess file or an index.php file.
6
- * Version: 0.3
7
- * Author: Alexis Blondin
8
- * Author URI: https://www.alticreation.com
9
  * License: GPL-2.0+
10
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
11
  * Text Domain: protect-uploads
1
  <?php
2
  /**
3
  * Plugin Name: Protect Uploads
4
+ * Plugin URI: https://wordpress.org/support/plugin/protect-uploads/
5
  * Description: Protect your uploads directory. Avoid browsing of your uploads directory by adding a htaccess file or an index.php file.
6
+ * Version: 0.4
7
+ * Author: alticreation
 
8
  * License: GPL-2.0+
9
  * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
10
  * Text Domain: protect-uploads
readme.txt CHANGED
@@ -1,15 +1,14 @@
1
  === Protect uploads ===
2
  Contributors: alticreation
3
- Donate link: https://www.alticreation.com/en/protect-uploads/
4
  Tags: uploads, protection, images protection, browsing images, uploads folder, image folder, avoid browsing folder, hide uploads, prevent uploads browsing, prevent images browsing, protect library, library
5
  Requires at least: 3.0.1
6
- Tested up to: 5.4.1
7
- Requires PHP: 5.0
8
- Stable tag: 0.3
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
12
- Protect your uploads directory to people who want to browse it. Avoid browsing of your uploads directory by adding a htaccess or index.php file.
13
 
14
  == Description ==
15
 
@@ -24,8 +23,6 @@ Available languages :
24
  * Español
25
  * Italian (thanks to Marko97)
26
 
27
- For support, please visit [protect uploads plugin](https://www.alticreation.com/en/protect-uploads/ "protect uploads plugin for Wordpress by alticreation")
28
-
29
  == Installation ==
30
 
31
  1. Upload `protect-uploads` folder to the `/wp-content/plugins/` directory
@@ -35,9 +32,6 @@ Note : GD library is needed and being able to create a .htaccess file in uploads
35
 
36
  == Frequently Asked Questions ==
37
 
38
- = Support =
39
- You can ask question and read documentation at [protect uploads plugin](https://www.alticreation.com/en/protect-uploads/ "protect uploads plugin for Wordpress by alticreation")
40
-
41
  == Screenshots ==
42
 
43
  1. Administration Page for the plugin.
@@ -63,3 +57,7 @@ Nothing for now
63
  * Remove option value managing current protection status.
64
  * Reorganizing code and making it more modular and simple.
65
  * Remove useless pieces.
 
 
 
 
1
  === Protect uploads ===
2
  Contributors: alticreation
 
3
  Tags: uploads, protection, images protection, browsing images, uploads folder, image folder, avoid browsing folder, hide uploads, prevent uploads browsing, prevent images browsing, protect library, library
4
  Requires at least: 3.0.1
5
+ Tested up to: 6.0.1
6
+ Requires PHP: 7.0
7
+ Stable tag: 0.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
11
+ Protect your uploads directory from people who want to browse it. Avoid browsing of your uploads directory by adding a htaccess or index.php file.
12
 
13
  == Description ==
14
 
23
  * Español
24
  * Italian (thanks to Marko97)
25
 
 
 
26
  == Installation ==
27
 
28
  1. Upload `protect-uploads` folder to the `/wp-content/plugins/` directory
32
 
33
  == Frequently Asked Questions ==
34
 
 
 
 
35
  == Screenshots ==
36
 
37
  1. Administration Page for the plugin.
57
  * Remove option value managing current protection status.
58
  * Reorganizing code and making it more modular and simple.
59
  * Remove useless pieces.
60
+
61
+ = 0.4 =
62
+ * Fix potential security issues.
63
+ * Remove recursive loop that creates indexes.