s2Member Framework (Member Roles, Capabilities, Membership, PayPal

Version Description

Release Info

Developer	PriMoThemes
Plugin	s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members)
Version	110812
Comparing to
See all releases

Code changes from version 110731 to 110812

Files changed (3) hide show

includes/classes/files-in.inc.php +34 -34
readme.txt +5 -2
s2member.php +3 -3

includes/classes/files-in.inc.php CHANGED Viewed

	@@ -15,7 +15,7 @@
15	* @since 3.5
16	*/
17	if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
18	- exit ("Do not access this file directly.");
19	/**/
20	if (!class_exists ("c_ws_plugin__s2member_files_in"))
21	{
	@@ -41,7 +41,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
41	{
42	do_action ("ws_plugin__s2member_before_file_download_access", get_defined_vars ());
43	/**/
44	- if (!empty ($_GET["s2member_file_download"])) /* Is ~~this~~ a ~~File~~ ~~Download request? */~~
45	{
46	$excluded = apply_filters ("ws_plugin__s2member_check_file_download_access_excluded", false, get_defined_vars ());
47	/**/
	@@ -54,14 +54,14 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
54	/**/
55	if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
56	{
57	- header ("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
58	- exit ("404: Sorry, file not found. Please contact Support for assistance.");
59	}
60	/**/
61	else if (!empty ($_GET["s2member_file_download_key"]) && !$file_download_key_is_valid) /* Invalid Key? */
62	{
63	- header ("HTTP/1.0 503 Service Temporarily Unavailable"); /* Invalid Download Keys are handled separately. */
64	- exit ("503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.");
65	}
66	/**/
67	else if ($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["membership_options_page"]) /* Is a Membership Options Page configured? */
	@@ -72,8 +72,8 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
72	/**/
73	if (($file_download_access_is_allowed = $min_level_4_downloads = c_ws_plugin__s2member_files::min_level_4_downloads ()) === false)
74	{
75	- header ("HTTP/1.0 503 Service Temporarily Unavailable"); /* File downloads are NOT yet configured? */
76	- exit ("503: Sorry, File Downloads are NOT enabled yet. Please contact Support for assistance. If you are the site owner, please configure: `s2Member -> Download Options -> Basic Download Restrictions`.");
77	}
78	/**/
79	else if (!is_object ($user = apply_filters ("ws_plugin__s2member_check_file_download_access_user", ((is_user_logged_in ()) ? wp_get_current_user () : false), get_defined_vars ())) \|\| !($user_id = $user->ID))
	@@ -124,7 +124,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
124	{
125	if (strtotime ($file_download_access_log_entry["date"]) < strtotime ("-" . $max_days_logged . " days"))
126	{
127	- unset ($file_download_access_log[$file_download_access_log_entry_key]);
128	$file_download_access_arc[] = $file_download_access_log_entry;
129	}
130	else if (strtotime ($file_download_access_log_entry["date"]) >= strtotime ("-" . $file_downloads["allowed_days"] . " days"))
	@@ -152,8 +152,8 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
152	/**/
153	if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
154	{
155	- header ("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
156	- exit ("404: Sorry, file not found. Please contact Support for assistance.");
157	}
158	}
159	/*
	@@ -171,7 +171,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
171	$pathinfo = (!$using_amazon_s3_storage) ? pathinfo (($file = $GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"])) : array ();
172	$length = (!$using_amazon_s3_storage && $file) ? filesize ($file) : -1; /* The overall file size, in bytes. */
173	/**/
174	- eval ('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
175	do_action ("ws_plugin__s2member_during_file_download_access", get_defined_vars ());
176	unset ($__refs, $__v); /* Unset defined __refs, __v. */
177	/**/
	@@ -191,50 +191,50 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
191	$amazon_s3_redirection_url .= "&Expires=" . urlencode ($amazon_s3_file_expires);
192	$amazon_s3_redirection_url .= "&Signature=" . urlencode ($amazon_s3_signature);
193	/**/
194	- wp_redirect ($amazon_s3_redirection_url); /* 302 redirection. */
195	/**/
196	exit (); /* Clean exit. */
197	}
198	/**/
199	else /* Else, using localized storage ( default ). */
200	{
201	- @set_time_limit (0); /* Unlimited. */
202	@ini_set ("zlib.output_compression", 0);
203	/**/
204	- header ("Accept-Ranges: none");
205	- header ("Content-Encoding: none");
206	- header ("Content-Type: " . $mimetype);
207	- header ("Expires: " . gmdate ("D, d M Y H:i:s", strtotime ("-1 week")) . " GMT");
208	- header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
209	- header ("Cache-Control: no-cache, must-revalidate, max-age=0");
210	header ("Cache-Control: post-check=0, pre-check=0", false);
211	- header ("Pragma: no-cache");
212	/**/
213	- header ('Content-Disposition: ' . (($inline) ? "inline" : "attachment") . '; filename="' . $basename . '"');
214	/**/
215	if ($length && apply_filters ("ws_plugin__s2member_stream_file_downloads", true, get_defined_vars ()) && ($stream = fopen ($file, "rb")))
216	{
217	$_stream_w_content_length = (preg_match ("/^win/i", PHP_OS)) ? false : true; /* Windows® IIS does not jive here. */
218	/* Windows® IIS doesn't seem to like it when both `Content-Length` and `Transfer-Encoding: chunked` are sent together. */
219	if (apply_filters ("ws_plugin__s2member_stream_file_downloads_w_content_length", $_stream_w_content_length, get_defined_vars ()))
220	- header ("Content-Length: " . $length);
221	/**/
222	- header ("Transfer-Encoding: chunked"); /* Uses `Transfer-Encoding: chunked` for simulated streaming. */
223	/**/
224	- eval ('while (@ob_end_clean ());'); /* End/clean all output buffers that may or may not exist. */
225	/**/
226	while (!feof ($stream) && ($chunk_size = strlen ($data = fread ($stream, 2097152))))
227	- eval ('echo dechex ($chunk_size) . "\r\n". $data . "\r\n"; @flush ();');
228	/**/
229	- fclose ($stream);
230	/**/
231	- exit ("0\r\n\r\n");
232	}
233	else if ($length) /* Else `file_get_contents()`. */
234	{
235	- header ("Content-Length: " . $length);
236	/**/
237	- exit (file_get_contents ($file));
238	}
239	else
240	exit (); /* Empty file. */
	@@ -271,7 +271,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
271	*/
272	public static function _file_remote_authorization ($user = FALSE)
273	{
274	- eval ('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
275	do_action ("_ws_plugin__s2member_before_file_remote_authorization", get_defined_vars ());
276	unset ($__refs, $__v); /* Unset defined __refs, __v. */
277	/**/
	@@ -281,9 +281,9 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
281	/**/
282	if (empty ($_SERVER["PHP_AUTH_USER"]) \|\| empty ($_SERVER["PHP_AUTH_PW"]) \|\| !user_pass_ok ($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]))
283	{
284	- header ('WWW-Authenticate: Basic realm="Members Only"');
285	- header ("HTTP/1.0 401 Unauthorized");
286	- exit ("Access Denied");
287	}
288	else if (is_object ($_user = new WP_User ($_SERVER["PHP_AUTH_USER"])) && $_user->ID)
289	{


15	* @since 3.5
16	*/
17	if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
18	+ exit("Do not access this file directly.");
19	/**/
20	if (!class_exists ("c_ws_plugin__s2member_files_in"))
21	{

41	{
42	do_action ("ws_plugin__s2member_before_file_download_access", get_defined_vars ());
43	/**/
44	+ if (!empty ($_GET["s2member_file_download"]) && strpos ($_GET["s2member_file_download"], "..") === false)
45	{
46	$excluded = apply_filters ("ws_plugin__s2member_check_file_download_access_excluded", false, get_defined_vars ());
47	/**/

54	/**/
55	if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
56	{
57	+ header("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
58	+ exit("404: Sorry, file not found. Please contact Support for assistance.");
59	}
60	/**/
61	else if (!empty ($_GET["s2member_file_download_key"]) && !$file_download_key_is_valid) /* Invalid Key? */
62	{
63	+ header("HTTP/1.0 503 Service Temporarily Unavailable"); /* Invalid Download Keys are handled separately. */
64	+ exit("503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.");
65	}
66	/**/
67	else if ($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["membership_options_page"]) /* Is a Membership Options Page configured? */

72	/**/
73	if (($file_download_access_is_allowed = $min_level_4_downloads = c_ws_plugin__s2member_files::min_level_4_downloads ()) === false)
74	{
75	+ header("HTTP/1.0 503 Service Temporarily Unavailable"); /* File downloads are NOT yet configured? */
76	+ exit("503: Sorry, File Downloads are NOT enabled yet. Please contact Support for assistance. If you are the site owner, please configure: `s2Member -> Download Options -> Basic Download Restrictions`.");
77	}
78	/**/
79	else if (!is_object ($user = apply_filters ("ws_plugin__s2member_check_file_download_access_user", ((is_user_logged_in ()) ? wp_get_current_user () : false), get_defined_vars ())) \|\| !($user_id = $user->ID))

124	{
125	if (strtotime ($file_download_access_log_entry["date"]) < strtotime ("-" . $max_days_logged . " days"))
126	{
127	+ unset($file_download_access_log[$file_download_access_log_entry_key]);
128	$file_download_access_arc[] = $file_download_access_log_entry;
129	}
130	else if (strtotime ($file_download_access_log_entry["date"]) >= strtotime ("-" . $file_downloads["allowed_days"] . " days"))

152	/**/
153	if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
154	{
155	+ header("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
156	+ exit("404: Sorry, file not found. Please contact Support for assistance.");
157	}
158	}
159	/*

171	$pathinfo = (!$using_amazon_s3_storage) ? pathinfo (($file = $GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"])) : array ();
172	$length = (!$using_amazon_s3_storage && $file) ? filesize ($file) : -1; /* The overall file size, in bytes. */
173	/**/
174	+ eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
175	do_action ("ws_plugin__s2member_during_file_download_access", get_defined_vars ());
176	unset ($__refs, $__v); /* Unset defined __refs, __v. */
177	/**/

191	$amazon_s3_redirection_url .= "&Expires=" . urlencode ($amazon_s3_file_expires);
192	$amazon_s3_redirection_url .= "&Signature=" . urlencode ($amazon_s3_signature);
193	/**/
194	+ wp_redirect($amazon_s3_redirection_url); /* 302 redirection. */
195	/**/
196	exit (); /* Clean exit. */
197	}
198	/**/
199	else /* Else, using localized storage ( default ). */
200	{
201	+ @set_time_limit(0); /* Unlimited. */
202	@ini_set ("zlib.output_compression", 0);
203	/**/
204	+ header("Accept-Ranges: none");
205	+ header("Content-Encoding: none");
206	+ header("Content-Type: " . $mimetype);
207	+ header("Expires: " . gmdate ("D, d M Y H:i:s", strtotime ("-1 week")) . " GMT");
208	+ header("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
209	+ header("Cache-Control: no-cache, must-revalidate, max-age=0");
210	header ("Cache-Control: post-check=0, pre-check=0", false);
211	+ header("Pragma: no-cache");
212	/**/
213	+ header('Content-Disposition: ' . (($inline) ? "inline" : "attachment") . '; filename="' . $basename . '"');
214	/**/
215	if ($length && apply_filters ("ws_plugin__s2member_stream_file_downloads", true, get_defined_vars ()) && ($stream = fopen ($file, "rb")))
216	{
217	$_stream_w_content_length = (preg_match ("/^win/i", PHP_OS)) ? false : true; /* Windows® IIS does not jive here. */
218	/* Windows® IIS doesn't seem to like it when both `Content-Length` and `Transfer-Encoding: chunked` are sent together. */
219	if (apply_filters ("ws_plugin__s2member_stream_file_downloads_w_content_length", $_stream_w_content_length, get_defined_vars ()))
220	+ header("Content-Length: " . $length);
221	/**/
222	+ header("Transfer-Encoding: chunked"); /* Uses `Transfer-Encoding: chunked` for simulated streaming. */
223	/**/
224	+ eval('while (@ob_end_clean ());'); /* End/clean all output buffers that may or may not exist. */
225	/**/
226	while (!feof ($stream) && ($chunk_size = strlen ($data = fread ($stream, 2097152))))
227	+ eval('echo dechex ($chunk_size) . "\r\n". $data . "\r\n"; @flush ();');
228	/**/
229	+ fclose($stream);
230	/**/
231	+ exit("0\r\n\r\n");
232	}
233	else if ($length) /* Else `file_get_contents()`. */
234	{
235	+ header("Content-Length: " . $length);
236	/**/
237	+ exit(file_get_contents ($file));
238	}
239	else
240	exit (); /* Empty file. */

271	*/
272	public static function _file_remote_authorization ($user = FALSE)
273	{
274	+ eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$$__v;');
275	do_action ("_ws_plugin__s2member_before_file_remote_authorization", get_defined_vars ());
276	unset ($__refs, $__v); /* Unset defined __refs, __v. */
277	/**/

281	/**/
282	if (empty ($_SERVER["PHP_AUTH_USER"]) \|\| empty ($_SERVER["PHP_AUTH_PW"]) \|\| !user_pass_ok ($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]))
283	{
284	+ header('WWW-Authenticate: Basic realm="Members Only"');
285	+ header("HTTP/1.0 401 Unauthorized");
286	+ exit("Access Denied");
287	}
288	else if (is_object ($_user = new WP_User ($_SERVER["PHP_AUTH_USER"])) && $_user->ID)
289	{

readme.txt CHANGED Viewed

	@@ -1,7 +1,7 @@
1	=== s2Member® ( Membership w/ PayPal® ) ===
2
3	- Version: ~~110731~~
4	- Stable tag: ~~110731~~
5	Framework: WS-P-110523
6
7	SSL Compatible: yes
	@@ -161,6 +161,9 @@ Please visit s2Member.com for [video tutorials](http://www.s2member.com/videos/)
161
162	== Changelog ==
163



164	= v110731 =
165	* (s2Member) Bug fix / Multisite. In the Multisite (Config) panel, s2Member was not properly displaying the number of Blogs allowed at Level #0, in some cases.
166	* (s2Member Pro) Update / ClickBank®. s2Member Pro has been updated to better support ClickBank's policy on Thank-You Pages. s2Member now provides a link on the ClickBank Return-Page where Customers may contact your support department, and a message regarding charges on a Customer's bank statement appearing as `CLKBANK*COM`. This is mandatory for all ClickBank® integrations. ClickBank® will not approve your Products without this information on the Thank-You Page integrated with s2Member. In addition, s2Member now makes it possible to customize your Thank-You Page for ClickBank®. For further details, please check your Dashboard, under: `s2Member -> ClickBank® Options -> Thank-You Page`. If you have attempted to use temporary hacks of your own in order to avoid issues with ClickBank® policy in this regard, we suggest that you remove those hacks, and instead work with the new features introduced in this release of s2Member Pro. If you need assistance, please use the s2Member forums.


1	=== s2Member® ( Membership w/ PayPal® ) ===
2
3	+ Version: 110812
4	+ Stable tag: 110812
5	Framework: WS-P-110523
6
7	SSL Compatible: yes

161
162	== Changelog ==
163
164	+ = v110812 =
165	+ * (s2Member) Security fix. This release addresses an important security vulnerability in previous releases of the s2Member Framework ( i.e. the free version of s2Member ). Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits.
166	+
167	= v110731 =
168	* (s2Member) Bug fix / Multisite. In the Multisite (Config) panel, s2Member was not properly displaying the number of Blogs allowed at Level #0, in some cases.
169	* (s2Member Pro) Update / ClickBank®. s2Member Pro has been updated to better support ClickBank's policy on Thank-You Pages. s2Member now provides a link on the ClickBank Return-Page where Customers may contact your support department, and a message regarding charges on a Customer's bank statement appearing as `CLKBANK*COM`. This is mandatory for all ClickBank® integrations. ClickBank® will not approve your Products without this information on the Thank-You Page integrated with s2Member. In addition, s2Member now makes it possible to customize your Thank-You Page for ClickBank®. For further details, please check your Dashboard, under: `s2Member -> ClickBank® Options -> Thank-You Page`. If you have attempted to use temporary hacks of your own in order to avoid issues with ClickBank® policy in this regard, we suggest that you remove those hacks, and instead work with the new features introduced in this release of s2Member Pro. If you need assistance, please use the s2Member forums.

s2member.php CHANGED Viewed

	@@ -19,8 +19,8 @@
19	*/
20	/* -- This section for WordPress® parsing. ------------------------------------------------------------------------------
21
22	- Version: ~~110731~~
23	- Stable tag: ~~110731~~
24	Framework: WS-P-110523
25
26	SSL Compatible: yes
	@@ -72,7 +72,7 @@ if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
72	* @var str
73	*/
74	if (!defined ("WS_PLUGIN__S2MEMBER_VERSION"))
75	- define ("WS_PLUGIN__S2MEMBER_VERSION", "~~110731~~");
76	/**
77	* Minimum PHP version required to run s2Member.
78	*


19	*/
20	/* -- This section for WordPress® parsing. ------------------------------------------------------------------------------
21
22	+ Version: 110812
23	+ Stable tag: 110812
24	Framework: WS-P-110523
25
26	SSL Compatible: yes

72	* @var str
73	*/
74	if (!defined ("WS_PLUGIN__S2MEMBER_VERSION"))
75	+ define ("WS_PLUGIN__S2MEMBER_VERSION", "110812");
76	/**
77	* Minimum PHP version required to run s2Member.
78	*

s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) - Version 110812

Version Description

Release Info

Code changes from version 110731 to 110812