s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members) - Version 110812

Version Description

Download this release

Release Info

Developer PriMoThemes
Plugin Icon 128x128 s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members)
Version 110812
Comparing to
See all releases

Code changes from version 110731 to 110812

Files changed (3) hide show
  1. includes/classes/files-in.inc.php +34 -34
  2. readme.txt +5 -2
  3. s2member.php +3 -3
includes/classes/files-in.inc.php CHANGED
@@ -15,7 +15,7 @@
15
* @since 3.5
16
*/
17
if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
18
- exit ("Do not access this file directly.");
19
/**/
20
if (!class_exists ("c_ws_plugin__s2member_files_in"))
21
{
@@ -41,7 +41,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
41
{
42
do_action ("ws_plugin__s2member_before_file_download_access", get_defined_vars ());
43
/**/
44
- if (!empty ($_GET["s2member_file_download"])) /* Is this a File Download request? */
45
{
46
$excluded = apply_filters ("ws_plugin__s2member_check_file_download_access_excluded", false, get_defined_vars ());
47
/**/
@@ -54,14 +54,14 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
54
/**/
55
if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
56
{
57
- header ("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
58
- exit ("404: Sorry, file not found. Please contact Support for assistance.");
59
}
60
/**/
61
else if (!empty ($_GET["s2member_file_download_key"]) && !$file_download_key_is_valid) /* Invalid Key? */
62
{
63
- header ("HTTP/1.0 503 Service Temporarily Unavailable"); /* Invalid Download Keys are handled separately. */
64
- exit ("503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.");
65
}
66
/**/
67
else if ($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["membership_options_page"]) /* Is a Membership Options Page configured? */
@@ -72,8 +72,8 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
72
/**/
73
if (($file_download_access_is_allowed = $min_level_4_downloads = c_ws_plugin__s2member_files::min_level_4_downloads ()) === false)
74
{
75
- header ("HTTP/1.0 503 Service Temporarily Unavailable"); /* File downloads are NOT yet configured? */
76
- exit ("503: Sorry, File Downloads are NOT enabled yet. Please contact Support for assistance. If you are the site owner, please configure: `s2Member -> Download Options -> Basic Download Restrictions`.");
77
}
78
/**/
79
else if (!is_object ($user = apply_filters ("ws_plugin__s2member_check_file_download_access_user", ((is_user_logged_in ()) ? wp_get_current_user () : false), get_defined_vars ())) || !($user_id = $user->ID))
@@ -124,7 +124,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
124
{
125
if (strtotime ($file_download_access_log_entry["date"]) < strtotime ("-" . $max_days_logged . " days"))
126
{
127
- unset ($file_download_access_log[$file_download_access_log_entry_key]);
128
$file_download_access_arc[] = $file_download_access_log_entry;
129
}
130
else if (strtotime ($file_download_access_log_entry["date"]) >= strtotime ("-" . $file_downloads["allowed_days"] . " days"))
@@ -152,8 +152,8 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
152
/**/
153
if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
154
{
155
- header ("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
156
- exit ("404: Sorry, file not found. Please contact Support for assistance.");
157
}
158
}
159
/*
@@ -171,7 +171,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
171
$pathinfo = (!$using_amazon_s3_storage) ? pathinfo (($file = $GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"])) : array ();
172
$length = (!$using_amazon_s3_storage && $file) ? filesize ($file) : -1; /* The overall file size, in bytes. */
173
/**/
174
- eval ('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$__v;');
175
do_action ("ws_plugin__s2member_during_file_download_access", get_defined_vars ());
176
unset ($__refs, $__v); /* Unset defined __refs, __v. */
177
/**/
@@ -191,50 +191,50 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
191
$amazon_s3_redirection_url .= "&Expires=" . urlencode ($amazon_s3_file_expires);
192
$amazon_s3_redirection_url .= "&Signature=" . urlencode ($amazon_s3_signature);
193
/**/
194
- wp_redirect ($amazon_s3_redirection_url); /* 302 redirection. */
195
/**/
196
exit (); /* Clean exit. */
197
}
198
/**/
199
else /* Else, using localized storage ( default ). */
200
{
201
- @set_time_limit (0); /* Unlimited. */
202
@ini_set ("zlib.output_compression", 0);
203
/**/
204
- header ("Accept-Ranges: none");
205
- header ("Content-Encoding: none");
206
- header ("Content-Type: " . $mimetype);
207
- header ("Expires: " . gmdate ("D, d M Y H:i:s", strtotime ("-1 week")) . " GMT");
208
- header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
209
- header ("Cache-Control: no-cache, must-revalidate, max-age=0");
210
header ("Cache-Control: post-check=0, pre-check=0", false);
211
- header ("Pragma: no-cache");
212
/**/
213
- header ('Content-Disposition: ' . (($inline) ? "inline" : "attachment") . '; filename="' . $basename . '"');
214
/**/
215
if ($length && apply_filters ("ws_plugin__s2member_stream_file_downloads", true, get_defined_vars ()) && ($stream = fopen ($file, "rb")))
216
{
217
$_stream_w_content_length = (preg_match ("/^win/i", PHP_OS)) ? false : true; /* Windows® IIS does not jive here. */
218
/* Windows® IIS doesn't seem to like it when both `Content-Length` and `Transfer-Encoding: chunked` are sent together. */
219
if (apply_filters ("ws_plugin__s2member_stream_file_downloads_w_content_length", $_stream_w_content_length, get_defined_vars ()))
220
- header ("Content-Length: " . $length);
221
/**/
222
- header ("Transfer-Encoding: chunked"); /* Uses `Transfer-Encoding: chunked` for simulated streaming. */
223
/**/
224
- eval ('while (@ob_end_clean ());'); /* End/clean all output buffers that may or may not exist. */
225
/**/
226
while (!feof ($stream) && ($chunk_size = strlen ($data = fread ($stream, 2097152))))
227
- eval ('echo dechex ($chunk_size) . "\r\n". $data . "\r\n"; @flush ();');
228
/**/
229
- fclose ($stream);
230
/**/
231
- exit ("0\r\n\r\n");
232
}
233
else if ($length) /* Else `file_get_contents()`. */
234
{
235
- header ("Content-Length: " . $length);
236
/**/
237
- exit (file_get_contents ($file));
238
}
239
else
240
exit (); /* Empty file. */
@@ -271,7 +271,7 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
271
*/
272
public static function _file_remote_authorization ($user = FALSE)
273
{
274
- eval ('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$__v;');
275
do_action ("_ws_plugin__s2member_before_file_remote_authorization", get_defined_vars ());
276
unset ($__refs, $__v); /* Unset defined __refs, __v. */
277
/**/
@@ -281,9 +281,9 @@ if (!class_exists ("c_ws_plugin__s2member_files_in"))
281
/**/
282
if (empty ($_SERVER["PHP_AUTH_USER"]) || empty ($_SERVER["PHP_AUTH_PW"]) || !user_pass_ok ($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]))
283
{
284
- header ('WWW-Authenticate: Basic realm="Members Only"');
285
- header ("HTTP/1.0 401 Unauthorized");
286
- exit ("Access Denied");
287
}
288
else if (is_object ($_user = new WP_User ($_SERVER["PHP_AUTH_USER"])) && $_user->ID)
289
{
15
* @since 3.5
16
*/
17
if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
18
+ exit("Do not access this file directly.");
19
/**/
20
if (!class_exists ("c_ws_plugin__s2member_files_in"))
21
{
41
{
42
do_action ("ws_plugin__s2member_before_file_download_access", get_defined_vars ());
43
/**/
44
+ if (!empty ($_GET["s2member_file_download"]) && strpos ($_GET["s2member_file_download"], "..") === false)
45
{
46
$excluded = apply_filters ("ws_plugin__s2member_check_file_download_access_excluded", false, get_defined_vars ());
47
/**/
54
/**/
55
if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
56
{
57
+ header("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
58
+ exit("404: Sorry, file not found. Please contact Support for assistance.");
59
}
60
/**/
61
else if (!empty ($_GET["s2member_file_download_key"]) && !$file_download_key_is_valid) /* Invalid Key? */
62
{
63
+ header("HTTP/1.0 503 Service Temporarily Unavailable"); /* Invalid Download Keys are handled separately. */
64
+ exit("503 ( Invalid Key ): Sorry, your access to this file has expired. Please contact Support for assistance.");
65
}
66
/**/
67
else if ($GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["membership_options_page"]) /* Is a Membership Options Page configured? */
72
/**/
73
if (($file_download_access_is_allowed = $min_level_4_downloads = c_ws_plugin__s2member_files::min_level_4_downloads ()) === false)
74
{
75
+ header("HTTP/1.0 503 Service Temporarily Unavailable"); /* File downloads are NOT yet configured? */
76
+ exit("503: Sorry, File Downloads are NOT enabled yet. Please contact Support for assistance. If you are the site owner, please configure: `s2Member -> Download Options -> Basic Download Restrictions`.");
77
}
78
/**/
79
else if (!is_object ($user = apply_filters ("ws_plugin__s2member_check_file_download_access_user", ((is_user_logged_in ()) ? wp_get_current_user () : false), get_defined_vars ())) || !($user_id = $user->ID))
124
{
125
if (strtotime ($file_download_access_log_entry["date"]) < strtotime ("-" . $max_days_logged . " days"))
126
{
127
+ unset($file_download_access_log[$file_download_access_log_entry_key]);
128
$file_download_access_arc[] = $file_download_access_log_entry;
129
}
130
else if (strtotime ($file_download_access_log_entry["date"]) >= strtotime ("-" . $file_downloads["allowed_days"] . " days"))
152
/**/
153
if (!$using_amazon_s3_storage && !file_exists ($GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"]))
154
{
155
+ header("HTTP/1.0 404 Not Found"); /* The file does NOT even exist. */
156
+ exit("404: Sorry, file not found. Please contact Support for assistance.");
157
}
158
}
159
/*
171
$pathinfo = (!$using_amazon_s3_storage) ? pathinfo (($file = $GLOBALS["WS_PLUGIN__"]["s2member"]["c"]["files_dir"] . "/" . $_GET["s2member_file_download"])) : array ();
172
$length = (!$using_amazon_s3_storage && $file) ? filesize ($file) : -1; /* The overall file size, in bytes. */
173
/**/
174
+ eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$__v;');
175
do_action ("ws_plugin__s2member_during_file_download_access", get_defined_vars ());
176
unset ($__refs, $__v); /* Unset defined __refs, __v. */
177
/**/
191
$amazon_s3_redirection_url .= "&Expires=" . urlencode ($amazon_s3_file_expires);
192
$amazon_s3_redirection_url .= "&Signature=" . urlencode ($amazon_s3_signature);
193
/**/
194
+ wp_redirect($amazon_s3_redirection_url); /* 302 redirection. */
195
/**/
196
exit (); /* Clean exit. */
197
}
198
/**/
199
else /* Else, using localized storage ( default ). */
200
{
201
+ @set_time_limit(0); /* Unlimited. */
202
@ini_set ("zlib.output_compression", 0);
203
/**/
204
+ header("Accept-Ranges: none");
205
+ header("Content-Encoding: none");
206
+ header("Content-Type: " . $mimetype);
207
+ header("Expires: " . gmdate ("D, d M Y H:i:s", strtotime ("-1 week")) . " GMT");
208
+ header("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
209
+ header("Cache-Control: no-cache, must-revalidate, max-age=0");
210
header ("Cache-Control: post-check=0, pre-check=0", false);
211
+ header("Pragma: no-cache");
212
/**/
213
+ header('Content-Disposition: ' . (($inline) ? "inline" : "attachment") . '; filename="' . $basename . '"');
214
/**/
215
if ($length && apply_filters ("ws_plugin__s2member_stream_file_downloads", true, get_defined_vars ()) && ($stream = fopen ($file, "rb")))
216
{
217
$_stream_w_content_length = (preg_match ("/^win/i", PHP_OS)) ? false : true; /* Windows® IIS does not jive here. */
218
/* Windows® IIS doesn't seem to like it when both `Content-Length` and `Transfer-Encoding: chunked` are sent together. */
219
if (apply_filters ("ws_plugin__s2member_stream_file_downloads_w_content_length", $_stream_w_content_length, get_defined_vars ()))
220
+ header("Content-Length: " . $length);
221
/**/
222
+ header("Transfer-Encoding: chunked"); /* Uses `Transfer-Encoding: chunked` for simulated streaming. */
223
/**/
224
+ eval('while (@ob_end_clean ());'); /* End/clean all output buffers that may or may not exist. */
225
/**/
226
while (!feof ($stream) && ($chunk_size = strlen ($data = fread ($stream, 2097152))))
227
+ eval('echo dechex ($chunk_size) . "\r\n". $data . "\r\n"; @flush ();');
228
/**/
229
+ fclose($stream);
230
/**/
231
+ exit("0\r\n\r\n");
232
}
233
else if ($length) /* Else `file_get_contents()`. */
234
{
235
+ header("Content-Length: " . $length);
236
/**/
237
+ exit(file_get_contents ($file));
238
}
239
else
240
exit (); /* Empty file. */
271
*/
272
public static function _file_remote_authorization ($user = FALSE)
273
{
274
+ eval('foreach(array_keys(get_defined_vars())as$__v)$__refs[$__v]=&$__v;');
275
do_action ("_ws_plugin__s2member_before_file_remote_authorization", get_defined_vars ());
276
unset ($__refs, $__v); /* Unset defined __refs, __v. */
277
/**/
281
/**/
282
if (empty ($_SERVER["PHP_AUTH_USER"]) || empty ($_SERVER["PHP_AUTH_PW"]) || !user_pass_ok ($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]))
283
{
284
+ header('WWW-Authenticate: Basic realm="Members Only"');
285
+ header("HTTP/1.0 401 Unauthorized");
286
+ exit("Access Denied");
287
}
288
else if (is_object ($_user = new WP_User ($_SERVER["PHP_AUTH_USER"])) && $_user->ID)
289
{
readme.txt CHANGED
@@ -1,7 +1,7 @@
1
=== s2Member® ( Membership w/ PayPal® ) ===
2
3
- Version: 110731
4
- Stable tag: 110731
5
Framework: WS-P-110523
6
7
SSL Compatible: yes
@@ -161,6 +161,9 @@ Please visit s2Member.com for [video tutorials](http://www.s2member.com/videos/)
161
162
== Changelog ==
163
164
= v110731 =
165
* **(s2Member) Bug fix / Multisite.** In the Multisite (Config) panel, s2Member was not properly displaying the number of Blogs allowed at Level #0, in some cases.
166
* **(s2Member Pro) Update / ClickBank®.** s2Member Pro has been updated to better support ClickBank's policy on Thank-You Pages. s2Member now provides a link on the ClickBank Return-Page where Customers may contact your support department, and a message regarding charges on a Customer's bank statement appearing as `CLKBANK*COM`. This is mandatory for all ClickBank® integrations. ClickBank® will not approve your Products without this information on the Thank-You Page integrated with s2Member. In addition, s2Member now makes it possible to customize your Thank-You Page for ClickBank®. For further details, please check your Dashboard, under: `s2Member -> ClickBank® Options -> Thank-You Page`. If you have attempted to use temporary hacks of your own in order to avoid issues with ClickBank® policy in this regard, we suggest that you remove those hacks, and instead work with the new features introduced in this release of s2Member Pro. If you need assistance, please use the s2Member forums.
1
=== s2Member® ( Membership w/ PayPal® ) ===
2
3
+ Version: 110812
4
+ Stable tag: 110812
5
Framework: WS-P-110523
6
7
SSL Compatible: yes
161
162
== Changelog ==
163
164
+ = v110812 =
165
+ * **(s2Member) Security fix.** This release addresses an important security vulnerability in previous releases of the s2Member Framework *( i.e. the free version of s2Member )*. Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits.
166
+
167
= v110731 =
168
* **(s2Member) Bug fix / Multisite.** In the Multisite (Config) panel, s2Member was not properly displaying the number of Blogs allowed at Level #0, in some cases.
169
* **(s2Member Pro) Update / ClickBank®.** s2Member Pro has been updated to better support ClickBank's policy on Thank-You Pages. s2Member now provides a link on the ClickBank Return-Page where Customers may contact your support department, and a message regarding charges on a Customer's bank statement appearing as `CLKBANK*COM`. This is mandatory for all ClickBank® integrations. ClickBank® will not approve your Products without this information on the Thank-You Page integrated with s2Member. In addition, s2Member now makes it possible to customize your Thank-You Page for ClickBank®. For further details, please check your Dashboard, under: `s2Member -> ClickBank® Options -> Thank-You Page`. If you have attempted to use temporary hacks of your own in order to avoid issues with ClickBank® policy in this regard, we suggest that you remove those hacks, and instead work with the new features introduced in this release of s2Member Pro. If you need assistance, please use the s2Member forums.
s2member.php CHANGED
@@ -19,8 +19,8 @@
19
*/
20
/* -- This section for WordPress® parsing. ------------------------------------------------------------------------------
21
22
- Version: 110731
23
- Stable tag: 110731
24
Framework: WS-P-110523
25
26
SSL Compatible: yes
@@ -72,7 +72,7 @@ if (realpath (__FILE__) === realpath ($_SERVER["SCRIPT_FILENAME"]))
72
* @var str
73
*/
74
if (!defined ("WS_PLUGIN__S2MEMBER_VERSION"))
75
- define ("WS_PLUGIN__S2MEMBER_VERSION", "110731");
76
/**
77
* Minimum PHP version required to run s2Member.
78
*
19
*/
20
/* -- This section for WordPress® parsing. ------------------------------------------------------------------------------
21
22
+ Version: 110812
23
+ Stable tag: 110812
24
Framework: WS-P-110523
25
26
SSL Compatible: yes
72
* @var str
73
*/
74
if (!defined ("WS_PLUGIN__S2MEMBER_VERSION"))
75
+ define ("WS_PLUGIN__S2MEMBER_VERSION", "110812");
76
/**
77
* Minimum PHP version required to run s2Member.
78
*