/**
* Process Download
*
* Handles the file download process.
*
* @access private
* @since 1.0
* @return void
*/
function edd_process_download()
{
if (!isset($_GET['download_id']) && isset($_GET['download'])) {
$_GET['download_id'] = $_GET['download'];
}
$args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download_id']) ? (int) $_GET['download_id'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? rawurldecode($_GET['expire']) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'price_id' => isset($_GET['price_id']) ? (int) $_GET['price_id'] : false, 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : '', 'eddfile' => isset($_GET['eddfile']) ? $_GET['eddfile'] : '', 'ttl' => isset($_GET['ttl']) ? $_GET['ttl'] : '', 'token' => isset($_GET['token']) ? $_GET['token'] : ''));
if (!empty($args['eddfile']) && !empty($args['ttl']) && !empty($args['token'])) {
// Validate a signed URL that edd_process_signed_download_urlcontains a token
$args = edd_process_signed_download_url($args);
// Backfill some legacy super globals for backwards compatibility
$_GET['download_id'] = $args['download'];
$_GET['email'] = $args['email'];
$_GET['expire'] = $args['expire'];
$_GET['download_key'] = $args['key'];
$_GET['price_id'] = $args['price_id'];
} elseif (!empty($args['download']) && !empty($args['key']) && !empty($args['email']) && !empty($args['expire']) && isset($args['file_key'])) {
// Validate a legacy URL without a token
$args = edd_process_legacy_download_url($args);
} else {
return;
}
$args['has_access'] = apply_filters('edd_file_download_has_access', $args['has_access'], $args['payment'], $args);
//$args['has_access'] = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false;
if ($args['payment'] && $args['has_access']) {
do_action('edd_process_verified_download', $args['download'], $args['email'], $args['payment'], $args);
// Determine the download method set in settings
$method = edd_get_file_download_method();
// Payment has been verified, setup the download
$download_files = edd_get_download_files($args['download']);
$attachment_id = !empty($download_files[$args['file_key']]['attachment_id']) ? absint($download_files[$args['file_key']]['attachment_id']) : false;
/*
* If we have an attachment ID stored, use get_attached_file() to retrieve absolute URL
* If this fails or returns a relative path, we fail back to our own absolute URL detection
*/
if ($attachment_id && 'attachment' == get_post_type($attachment_id)) {
if ('redirect' == $method) {
$attached_file = wp_get_attachment_url($attachment_id);
} else {
$attached_file = get_attached_file($attachment_id, false);
// Confirm the file exists
if (!file_exists($attached_file)) {
$attached_file = false;
}
}
if ($attached_file) {
$requested_file = $attached_file;
}
}
// If we didn't find a file from the attachment, grab the given URL
if (!isset($requested_file)) {
$requested_file = isset($download_files[$args['file_key']]['file']) ? $download_files[$args['file_key']]['file'] : '';
}
// Allow the file to be altered before any headers are sent
$requested_file = apply_filters('edd_requested_file', $requested_file, $download_files, $args['file_key']);
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/**
* Download method is seto to Redirect in settings but an absolute path was provided
* We need to switch to a direct download in order for the file to download properly
*/
$method = 'direct';
}
/**
* Allow extensions to run actions prior to recording the file download log entry
*
* @since 2.6.14
*/
do_action('edd_process_download_pre_record_log', $requested_file, $args, $method);
// Record this file download in the log
$user_info = array();
$user_info['email'] = $args['email'];
if (is_user_logged_in()) {
$user_data = get_userdata(get_current_user_id());
$user_info['id'] = get_current_user_id();
$user_info['name'] = $user_data->display_name;
}
edd_record_download_in_log($args['download'], $args['file_key'], $user_info, edd_get_ip(), $args['payment'], $args['price_id']);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
@set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime() && version_compare(phpversion(), '5.4', '<')) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
do_action('edd_process_download_headers', $requested_file, $args['download'], $args['email'], $args['payment']);
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\"");
header("Content-Transfer-Encoding: binary");
// If the file isn't locally hosted, process the redirect
if (filter_var($requested_file, FILTER_VALIDATE_URL) && !edd_is_local_file($requested_file)) {
edd_deliver_download($requested_file, true);
exit;
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
edd_deliver_download($requested_file, true);
break;
case 'direct':
default:
$direct = false;
$file_path = $requested_file;
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, content_url()) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(content_url(), WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
} else {
if (strpos($requested_file, set_url_scheme(content_url(), 'https')) !== false) {
/** This is a local file given by an HTTPS URL so we need to figure out the path */
$file_path = str_replace(set_url_scheme(content_url(), 'https'), WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
}
// Set the file size header
header("Content-Length: " . @filesize($file_path));
// Now deliver the file based on the kind of software the server is running / has enabled
if (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif ($direct && (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee'))) {
// We need a path relative to the domain
$file_path = str_ireplace(realpath($_SERVER['DOCUMENT_ROOT']), '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
}
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
edd_deliver_download($requested_file, true);
}
break;
}
edd_die();
} else {
$error_message = __('You do not have permission to download this file', 'easy-digital-downloads');
wp_die(apply_filters('edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'easy-digital-downloads')), __('Error', 'easy-digital-downloads'), array('response' => 403));
}
exit;
}
/**
* The free download process.
*
* Modified from:
* /includes/process-download.php -> edd_process_download()
* Modifed parts:
* Stripping the purchase validation process.
*
* @return void
*/
function vp_edd_fd_process_download()
{
global $edd_options;
$valid = true;
$payment = -1;
$download = isset($_GET['did']) ? (int) $_GET['did'] : '';
$expire = isset($_GET['expire']) ? base64_decode(rawurldecode($_GET['expire'])) : '';
$file_key = isset($_GET['file']) ? (int) $_GET['file'] : '';
// if( $download === '' || $email === '' || $file_key === '' )
if ($download === '' || $file_key === '') {
return false;
}
// make sure user logged in
$must_logged_in = isset($edd_options['vp_edd_fd_must_logged_in']) ? $edd_options['vp_edd_fd_must_logged_in'] : false;
if ($must_logged_in) {
if (!is_user_logged_in()) {
$valid = false;
}
}
// Make sure the link hasn't expired
if (current_time('timestamp') > $expire) {
wp_die(apply_filters('edd_download_link_expired_text', __('Sorry but your download link has expired.', 'edd')), __('Error', 'edd'));
}
// Check to see if the file download limit has been reached
if (edd_is_file_at_download_limit($download, -1, $file_key)) {
wp_die(apply_filters('edd_download_limit_reached_text', __('Sorry but you have hit your download limit for this file.', 'edd')), __('Error', 'edd'));
}
if ($valid) {
// setup the download
$download_files = edd_get_download_files($download);
$requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file'], $download_files, $file_key);
// gather user data
$user_info = array();
if ($must_logged_in) {
global $user_ID;
$user_data = get_userdata($user_ID);
$user_info['email'] = $user_data->user_email;
$user_info['id'] = $user_ID;
$user_info['name'] = $user_data->display_name;
} else {
$user_info['email'] = 'anonymous';
$user_info['id'] = 'anonymous';
}
edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), $payment);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";");
header("Content-Transfer-Encoding: binary");
$file_path = realpath($requested_file);
if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false && file_exists($file_path)) {
/** This is an absolute path */
edd_deliver_download($file_path);
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL */
$upload_dir = wp_upload_dir();
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
if (file_exists($file_path)) {
edd_deliver_download($file_path);
} else {
// Absolute path couldn't be discovered so send straight to the file URL
header("Location: " . $requested_file);
}
} else {
// This is a remote file
header("Location: " . $requested_file);
}
}
exit;
} else {
wp_die(apply_filters('edd_deny_download_message', __('You do not have permission to download this file.', 'vp_edd_fd')), __('Error', 'edd'));
}
exit;
}
/**
* Process Download
*
* Handles the file download process.
*
* @access private
* @since 1.0
* @return void
*/
function edd_process_download()
{
$args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download']) ? (int) $_GET['download'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? base64_decode(rawurldecode($_GET['expire'])) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : ''));
if ($args['download'] === '' || $args['email'] === '' || $args['file_key'] === '') {
return false;
}
extract($args);
$payment = edd_verify_download_link($download, $key, $email, $expire, $file_key);
// Defaulting this to true for now because the method below doesn't work well
$has_access = apply_filters('edd_file_download_has_access', true, $payment, $args);
//$has_access = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false;
if ($payment && $has_access) {
do_action('edd_process_verified_download', $download, $email);
// payment has been verified, setup the download
$download_files = edd_get_download_files($download);
$requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file']);
$user_info = array();
$user_info['email'] = $email;
if (is_user_logged_in()) {
global $user_ID;
$user_data = get_userdata($user_ID);
$user_info['id'] = $user_ID;
$user_info['name'] = $user_data->display_name;
}
edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), $payment);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
@ob_end_clean();
if (ob_get_level()) {
@ob_end_clean();
}
// Zip corruption fix
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";");
header("Content-Transfer-Encoding: binary");
if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false) {
// this is an absolute path
$requested_file = realpath($requested_file);
if (file_exists($requested_file)) {
if ($size = @filesize($requested_file)) {
header("Content-Length: " . $size);
}
@edd_readfile_chunked($requested_file);
} else {
wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error', 'edd'));
}
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
// This is a local file given by URL
$upload_dir = wp_upload_dir();
$requested_file = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$requested_file = realpath($requested_file);
if (file_exists($requested_file)) {
if ($size = @filesize($requested_file)) {
header("Content-Length: " . $size);
}
@edd_readfile_chunked($requested_file);
} else {
wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error', 'edd'));
}
} else {
// This is a remote file
header("Location: " . $requested_file);
}
}
exit;
} else {
$error_message = __('You do not have permission to download this file', 'edd');
wp_die(apply_filters('edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'edd')));
}
exit;
}
/**
* Process add-on Downloads
*
* Handles the file download process for add-ons.
*
* @access private
* @since 1.1
* @return void
*/
function affwp_process_add_on_download()
{
if (!isset($_GET['add_on'])) {
return;
}
if (!is_user_logged_in()) {
return;
}
$add_on = absint($_GET['add_on']);
if ('download' != get_post_type($add_on)) {
return;
}
$has_ultimate_license = in_array(3, affwp_get_users_price_ids());
$has_professional_license = in_array(2, affwp_get_users_price_ids());
if (!($has_ultimate_license || $has_professional_license)) {
wp_die('You need either an Ultimate or Professional license to download this add-on', 'Error', array('response' => 403));
}
$user_info = array();
$user_data = get_userdata(get_current_user_id());
$user_info['email'] = $user_data->user_email;
$user_info['id'] = $user_data->ID;
$user_info['name'] = $user_data->display_name;
edd_record_download_in_log($add_on, 0, $user_info, edd_get_ip(), 0, 0);
$download_files = edd_get_download_files($add_on);
$requested_file = $download_files[0]['file'];
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . basename($requested_file) . "\"");
header("Content-Transfer-Encoding: binary");
$method = edd_get_file_download_method();
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
header("Location: " . $requested_file);
break;
case 'direct':
default:
$direct = false;
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
// Now deliver the file based on the kind of software the server is running / has enabled
if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) {
header("X-Sendfile: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee')) {
// We need a path relative to the domain
$file_path = str_ireplace($_SERVER['DOCUMENT_ROOT'], '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
} else {
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
header("Location: " . $requested_file);
}
}
break;
}
edd_die();
exit;
}
/**
* Deliver the file download
*
* @since 3.2.4
* @return void
*/
public function process_package_download()
{
if (isset($_GET['key']) && isset($_GET['id']) && isset($_GET['license']) && isset($_GET['expires'])) {
$id = absint(urldecode($_GET['id']));
$hash = urldecode($_GET['key']);
$license = sanitize_text_field(urldecode($_GET['license']));
$expires = is_numeric($_GET['expires']) ? $_GET['expires'] : urldecode(base64_decode($_GET['expires']));
do_action('edd_sl_before_package_download', $id, $hash, $license, $expires);
if (time() > $expires) {
wp_die(__('Your download link has expired', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
if (empty($license)) {
wp_die(__('No license key provided', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
if (!edd_software_licensing()->is_download_id_valid_for_license($id, $license)) {
wp_die(__('Invalid license supplied', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
$requested_file = $this->get_download_package($id, $license, $hash, $expires);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";");
header("Content-Transfer-Encoding: binary");
$method = edd_get_file_download_method();
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/**
* Download method is set to to Redirect in settings but an absolute path was provided
* We need to switch to a direct download in order for the file to download properly
*/
$method = 'direct';
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
header("Location: " . $requested_file);
break;
case 'direct':
default:
$direct = false;
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
// Now deliver the file based on the kind of software the server is running / has enabled
if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) {
header("X-Sendfile: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee')) {
// We need a path relative to the domain
$file_path = str_ireplace($_SERVER['DOCUMENT_ROOT'], '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
}
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
header("Location: " . $requested_file);
}
break;
}
edd_die();
} else {
wp_die(__('You do not have permission to download this file', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
exit;
}
