function scoper_maybe_flush_site_rules($new_option_value, $old_option_value)
{
    if ($old_option_value !== $new_option_value) {
        scoper_flush_site_rules();
    }
    return $new_option_value;
}
 function _scoper_activate()
 {
     // set_current_user may have triggered DB setup already
     if (empty($GLOBALS['scoper_db_setup_done'])) {
         require_once dirname(__FILE__) . '/db-setup_rs.php';
         $ver = (array) get_option('scoper_version');
         $db_ver = isset($ver['db_version']) ? $ver['db_version'] : '';
         scoper_db_setup($db_ver);
     }
     require_once dirname(__FILE__) . '/admin/admin_lib_rs.php';
     ScoperAdminLib::sync_wproles();
     scoper_flush_site_rules();
     scoper_expire_file_rules();
 }
function scoper_apply_constants($stored_options)
{
    // If file filtering option is on but the DISABLE constant has been set, turn the option off and regenerate .htaccess
    if (defined('DISABLE_ATTACHMENT_FILTERING') && DISABLE_ATTACHMENT_FILTERING) {
        if (!empty($stored_options['scoper_file_filtering'])) {
            // in this case, we need to both convert the option value to constant value AND trigger .htaccess regeneration
            $stored_options['file_filtering'] = 0;
            update_option('scoper_file_filtering', 0);
            scoper_flush_site_rules();
            scoper_expire_file_rules();
        }
    }
    return $stored_options;
}
Beispiel #4
0
 function admin_head_base()
 {
     if (isset($_POST['rs_defaults'])) {
         // User asked to restore default options, so restore htaccess rule for attachment filtering (if it's not disabled)
         scoper_flush_site_rules();
         scoper_expire_file_rules();
     }
 }
function scoper_version_updated($prev_version)
{
    if (function_exists('wpp_cache_flush')) {
        wpp_cache_flush_all_sites();
    }
    // single-pass do loop to easily skip unnecessary version checks
    do {
        // roles were stored with invalid assign_for value under some conditions
        if (version_compare($prev_version, '1.3.45-beta', '<')) {
            global $wpdb;
            scoper_query("UPDATE {$wpdb->user2role2object_rs} SET assign_for = 'entity' WHERE assign_for = ''");
        }
        // file filtering rules were not written for new attachments if restriction was based solely on category restrictions
        if (version_compare($prev_version, '1.3.29-beta', '<')) {
            scoper_flush_site_rules();
            scoper_expire_file_rules();
        }
        // Delete any roles or restrictions inappropriately stored for attachments, revisions or auto-drafts
        if (version_compare($prev_version, '1.3', '<')) {
            global $wpdb;
            scoper_query("DELETE FROM {$wpdb->user2role2object_rs} WHERE role_type = 'wp' AND scope='blog' AND obj_or_term_id = '0'");
            scoper_sync_wproles();
            scoper_query("DELETE FROM {$wpdb->role_scope_rs} WHERE src_or_tx_name = 'post' AND obj_or_term_id IN ( SELECT ID FROM {$wpdb->posts} WHERE post_type IN ('attachment', 'revision') OR post_status = 'auto-draft' )");
            scoper_query("DELETE FROM {$wpdb->user2role2object_rs} WHERE src_or_tx_name = 'post' AND obj_or_term_id IN ( SELECT ID FROM {$wpdb->posts} WHERE post_type IN ('attachment', 'revision') OR post_status = 'auto-draft' )");
        }
        // 1.3.RC4 changed RS cache path to subfolder, so flush the root-stored cache one last time (only for MU / Multisite due to potentially large # of folders, files)
        if (IS_MU_RS && version_compare($prev_version, '1.3.RC4', '<') && !defined('SKIP_CACHE_MAINT_RS')) {
            global $wpp_object_cache;
            $wpp_object_cache = new WP_Persistent_Object_Cache(false);
            $wpp_object_cache->global_groups = array('');
            // forces use of cache root for this maint operation
            $wpp_object_cache->rm_cache_dir('');
            // will delete any files and folders in cache root except .htaccess
            $wpp_object_cache->cache_enabled = false;
            // avoid further updating cache in this http session
        }
        // 1.2.8 Beta disabled caps for custom post type roles under some circumstances
        if (version_compare($prev_version, '1.2.7', '>') && version_compare($prev_version, '1.2.8', '<')) {
            if ($disabled_role_caps = get_option('scoper_disabled_role_caps')) {
                $okay_role_prefix = array('rs_post', 'rs_page', 'rs_category', 'rs_link', 'rs_ngg');
                foreach (array_keys($disabled_role_caps) as $role_handle) {
                    $role_okay = false;
                    foreach ($okay_role_prefix as $pfx) {
                        if (0 === strpos($role_handle, $pfx)) {
                            $role_okay = true;
                            break;
                        }
                    }
                    if (!$role_okay) {
                        unset($disabled_role_caps[$role_handle]);
                        $_modified = true;
                    }
                }
                if (!empty($_modified)) {
                    update_option('scoper_disabled_role_caps', $disabled_role_caps);
                }
            }
        }
        // changes to taxonomy options storage in 1.1.8
        if (version_compare($prev_version, '1.1.8', '<')) {
            global $wp_taxonomies;
            $enable_tx = get_option('scoper_enable_wp_taxonomies');
            $old_use_term_roles = get_option('scoper_use_term_roles');
            $use_term_roles = array();
            if (is_array($old_use_term_roles)) {
                // convert existing use_term_roles entries to new array key structure
                foreach ($old_use_term_roles as $src_otype => $val) {
                    if (is_array($val)) {
                        // don't do this twice!
                        break 2;
                    }
                    if (strpos($src_otype, ':')) {
                        $arr_src_otype = explode(':', $src_otype);
                        $src_name = $arr_src_otype[0];
                        if ('post' == $src_name) {
                            $use_term_roles[$src_otype]['category'] = intval($val);
                        } elseif ('link' == $src_name) {
                            $use_term_roles[$src_otype]['link_category'] = intval($val);
                        } elseif ('ngg_gallery' == $src_name) {
                            $use_term_roles[$src_otype]['ngg_album'] = intval($val);
                        }
                        // compat workaround for old versions of Role Scoping for NGG which use old otype option key structure
                    }
                }
            }
            if (is_array($enable_tx)) {
                // Post_tag and custom taxonomies were activated for scoping via enable_wp_taxonomies storage.  Move those entries to use_term_roles instead.
                foreach ($enable_tx as $taxonomy => $val) {
                    if ('post_tag' == $taxonomy) {
                        $use_term_roles['post:post'][$taxonomy] = intval($val);
                    } elseif ($taxonomy && !in_array($taxonomy, array('category', 'link_category'))) {
                        if ($wp_tx = get_taxonomy($taxonomy)) {
                            $object_types = (array) $wp_tx->object_type;
                            foreach ($object_types as $object_type) {
                                $use_term_roles["post:{$object_type}"][$taxonomy] = intval($val);
                            }
                        }
                    }
                }
            }
            if ($use_term_roles) {
                update_option('scoper_use_term_roles', $use_term_roles);
            }
            //delete_option( 'scoper_enable_wp_taxonomies' );
        } else {
            break;
        }
        if (version_compare($prev_version, '1.1', '<')) {
            // htaccess rules modified in v1.1
            scoper_flush_site_rules();
            scoper_expire_file_rules();
            // Option update did not set autoload to no prior to 1.1
            global $wpdb;
            $wpdb->query("UPDATE {$wpdb->options} SET autoload = 'no' WHERE option_name LIKE 'scoper_%' AND option_name != 'scoper_version'");
            // stopped storing needless postmeta data for parent=0 in 1.1
            global $wpdb;
            $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE meta_value = '0' AND meta_key = '_scoper_last_parent'");
        } else {
            break;
        }
        // stopped using rs_get_page_children() in 1.0.8
        if (version_compare($prev_version, '1.0.8', '<')) {
            delete_option('scoper_page_children');
        } else {
            break;
        }
        if (version_compare($prev_version, '1.0.0', '<')) {
            include dirname(__FILE__) . '/update-legacy_rs.php';
            scoper_version_updated_from_legacy($prev_version);
        }
    } while (0);
    // end single-pass version check loop
}
 function &build_blog_file_rules()
 {
     $new_rules = '';
     require_once dirname(__FILE__) . '/analyst_rs.php';
     if (!($attachment_results = ScoperAnalyst::identify_protected_attachments())) {
         return $new_rules;
     }
     global $wpdb;
     require_once dirname(__FILE__) . '/uploads_rs.php';
     $home_root = parse_url(get_option('home'));
     $home_root = trailingslashit($home_root['path']);
     $uploads = scoper_get_upload_info();
     $baseurl = trailingslashit($uploads['baseurl']);
     $arr_url = parse_url($baseurl);
     $rewrite_base = $arr_url['path'];
     $file_keys = array();
     $has_postmeta = array();
     if ($key_results = scoper_get_results("SELECT pm.meta_value, p.guid, p.ID FROM {$wpdb->postmeta} AS pm INNER JOIN {$wpdb->posts} AS p ON p.ID = pm.post_id WHERE pm.meta_key = '_rs_file_key'")) {
         foreach ($key_results as $row) {
             $file_keys[$row->guid] = $row->meta_value;
             $has_postmeta[$row->ID] = $row->meta_value;
         }
     }
     $new_rules = "<IfModule mod_rewrite.c>\n";
     $new_rules .= "RewriteEngine On\n";
     $new_rules .= "RewriteBase {$rewrite_base}\n\n";
     $main_rewrite_rule = "RewriteRule ^(.*) {$home_root}index.php?attachment=\$1&rs_rewrite=1 [NC,L]\n";
     $htaccess_urls = array();
     foreach ($attachment_results as $row) {
         if (false !== strpos($row->guid, $baseurl)) {
             // no need to include any attachments which are not in the uploads folder
             if (!empty($file_keys[$row->guid])) {
                 $key = $file_keys[$row->guid];
             } else {
                 $key = urlencode(str_replace('.', '', uniqid(strval(rand()), true)));
                 $file_keys[$row->guid] = $key;
             }
             if (!isset($has_postmeta[$row->ID]) || $key != $has_postmeta[$row->ID]) {
                 update_post_meta($row->ID, "_rs_file_key", $key);
             }
             if (isset($htaccess_urls[$row->guid])) {
                 // if a file is attached to multiple protected posts, use a single rewrite rule for it
                 continue;
             }
             $htaccess_urls[$row->guid] = true;
             $rel_path = str_replace($baseurl, '', $row->guid);
             // escape spaces
             $file_path = str_replace(' ', '\\s', $rel_path);
             // escape horiz tabs (yes, at least one user has them in filenames)
             $file_path = str_replace(chr(9), '\\t', $file_path);
             // strip out all other nonprintable characters.  Affected files will not be filtered, but we avoid 500 error.  Possible TODO: advisory in file attachment utility
             $file_path = preg_replace('/[\\x00-\\x1f\\x7f]/', '', $file_path);
             // escape all other regular expression operator characters
             $file_path = preg_replace('/[\\^\\$\\.\\+\\[\\]\\(\\)\\{\\}]/', '\\\\$0', $file_path);
             $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$file_path}" . "\$ [NC]\n";
             $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
             $new_rules .= $main_rewrite_rule;
             if ($pos_ext = strrpos($file_path, '\\.')) {
                 $thumb_path = substr($file_path, 0, $pos_ext);
                 $ext = substr($file_path, $pos_ext + 2);
                 $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9]{2,4}x[0-9]{2,4}\\.' . $ext . "\$ [NC]\n";
                 $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
                 $new_rules .= $main_rewrite_rule;
                 // if resized image file(s) exist, include rules for them
                 $guid_pos_ext = strrpos($rel_path, '.');
                 $pattern = $uploads['path'] . '/' . substr($rel_path, 0, $guid_pos_ext) . '-??????????????' . substr($rel_path, $guid_pos_ext);
                 if (glob($pattern)) {
                     $new_rules .= "RewriteCond %{REQUEST_URI} ^(.*)/{$thumb_path}" . '-[0-9,a-f]{14}\\.' . $ext . "\$ [NC]\n";
                     $new_rules .= "RewriteCond %{QUERY_STRING} !^(.*)rs_file_key={$key}(.*)\n";
                     $new_rules .= $main_rewrite_rule;
                 }
             }
         }
     }
     // end foreach protected attachment
     if (IS_MU_RS) {
         global $blog_id;
         $file_filtered_sites = (array) get_site_option('scoper_file_filtered_sites');
         if (!in_array($blog_id, $file_filtered_sites)) {
             // this site needs a file redirect rule in root .htaccess
             scoper_flush_site_rules();
         }
         if (defined('SCOPER_MU_FILE_PROCESSING')) {
             // unless SCOPER_MU_FILE_PROCESSING is defined (indicating blogs.php has been modified for compatibility), blogs.php processing will be bypassed for all files
             $content_path = trailingslashit(str_replace($strip_path, '', str_replace('\\', '/', WP_CONTENT_DIR)));
             $new_rules .= "\n# Default WordPress cache handling\n";
             $new_rules .= "RewriteRule ^(.*) {$content_path}blogs.php?file=\$1 [L]\n";
         }
     }
     $new_rules .= "</IfModule>\n";
     return $new_rules;
 }