/**
* Misc Settings Sanitization
*
* @since 1.6
* @param array $input The value inputted in the field
* @return string $input Sanitizied value
*/
function edd_settings_sanitize_misc($input)
{
global $edd_options;
if (!current_user_can('manage_shop_settings')) {
return $input;
}
if (edd_get_file_download_method() != $input['download_method'] || !edd_htaccess_exists()) {
// Force the .htaccess files to be updated if the Download method was changed.
edd_create_protection_files(true, $input['download_method']);
}
if (!empty($input['enable_sequential']) && !edd_get_option('enable_sequential')) {
// Shows an admin notice about upgrading previous order numbers
EDD()->session->set('upgrade_sequential', '1');
}
return $input;
}
/**
* Retrieve the .htaccess rules to wp-content/uploads/edd/
*
* @since 1.6
*
* @param bool $method
* @return mixed|void The htaccess rules
*/
function edd_get_htaccess_rules($method = false)
{
if (empty($method)) {
$method = edd_get_file_download_method();
}
switch ($method) {
case 'redirect':
// Prevent directory browsing
$rules = "Options -Indexes";
break;
case 'direct':
default:
// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails)
$allowed_filetypes = apply_filters('edd_protected_directory_allowed_filetypes', array('jpg', 'png', 'gif', 'mp3', 'ogg'));
$rules = "Options -Indexes\n";
$rules .= "deny from all\n";
$rules .= "<FilesMatch '\\.(" . implode('|', $allowed_filetypes) . ")\$'>\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Allow from all\n";
$rules .= "</FilesMatch>\n";
break;
}
$rules = apply_filters('edd_protected_directory_htaccess_rules', $rules, $method);
return $rules;
}
/**
* Misc File Download Settings Sanitization
*
* @since 2.5
* @param array $input The value inputted in the field
* @return string $input Sanitizied value
*/
function edd_settings_sanitize_misc_file_downloads($input)
{
if (!current_user_can('manage_shop_settings')) {
return $input;
}
if (edd_get_file_download_method() != $input['download_method'] || !edd_htaccess_exists()) {
// Force the .htaccess files to be updated if the Download method was changed.
edd_create_protection_files(true, $input['download_method']);
}
return $input;
}
/**
* Process Download
*
* Handles the file download process.
*
* @access private
* @since 1.0
* @return void
*/
function edd_process_download()
{
if (!isset($_GET['download_id']) && isset($_GET['download'])) {
$_GET['download_id'] = $_GET['download'];
}
$args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download_id']) ? (int) $_GET['download_id'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? rawurldecode($_GET['expire']) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'price_id' => isset($_GET['price_id']) ? (int) $_GET['price_id'] : false, 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : '', 'eddfile' => isset($_GET['eddfile']) ? $_GET['eddfile'] : '', 'ttl' => isset($_GET['ttl']) ? $_GET['ttl'] : '', 'token' => isset($_GET['token']) ? $_GET['token'] : ''));
if (!empty($args['eddfile']) && !empty($args['ttl']) && !empty($args['token'])) {
// Validate a signed URL that edd_process_signed_download_urlcontains a token
$args = edd_process_signed_download_url($args);
// Backfill some legacy super globals for backwards compatibility
$_GET['download_id'] = $args['download'];
$_GET['email'] = $args['email'];
$_GET['expire'] = $args['expire'];
$_GET['download_key'] = $args['key'];
$_GET['price_id'] = $args['price_id'];
} elseif (!empty($args['download']) && !empty($args['key']) && !empty($args['email']) && !empty($args['expire']) && isset($args['file_key'])) {
// Validate a legacy URL without a token
$args = edd_process_legacy_download_url($args);
} else {
return;
}
$args['has_access'] = apply_filters('edd_file_download_has_access', $args['has_access'], $args['payment'], $args);
//$args['has_access'] = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false;
if ($args['payment'] && $args['has_access']) {
do_action('edd_process_verified_download', $args['download'], $args['email'], $args['payment'], $args);
// Determine the download method set in settings
$method = edd_get_file_download_method();
// Payment has been verified, setup the download
$download_files = edd_get_download_files($args['download']);
$attachment_id = !empty($download_files[$args['file_key']]['attachment_id']) ? absint($download_files[$args['file_key']]['attachment_id']) : false;
/*
* If we have an attachment ID stored, use get_attached_file() to retrieve absolute URL
* If this fails or returns a relative path, we fail back to our own absolute URL detection
*/
if ($attachment_id && 'attachment' == get_post_type($attachment_id)) {
if ('redirect' == $method) {
$attached_file = wp_get_attachment_url($attachment_id);
} else {
$attached_file = get_attached_file($attachment_id, false);
// Confirm the file exists
if (!file_exists($attached_file)) {
$attached_file = false;
}
}
if ($attached_file) {
$requested_file = $attached_file;
}
}
// If we didn't find a file from the attachment, grab the given URL
if (!isset($requested_file)) {
$requested_file = isset($download_files[$args['file_key']]['file']) ? $download_files[$args['file_key']]['file'] : '';
}
// Allow the file to be altered before any headers are sent
$requested_file = apply_filters('edd_requested_file', $requested_file, $download_files, $args['file_key']);
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/**
* Download method is seto to Redirect in settings but an absolute path was provided
* We need to switch to a direct download in order for the file to download properly
*/
$method = 'direct';
}
/**
* Allow extensions to run actions prior to recording the file download log entry
*
* @since 2.6.14
*/
do_action('edd_process_download_pre_record_log', $requested_file, $args, $method);
// Record this file download in the log
$user_info = array();
$user_info['email'] = $args['email'];
if (is_user_logged_in()) {
$user_data = get_userdata(get_current_user_id());
$user_info['id'] = get_current_user_id();
$user_info['name'] = $user_data->display_name;
}
edd_record_download_in_log($args['download'], $args['file_key'], $user_info, edd_get_ip(), $args['payment'], $args['price_id']);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
@set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime() && version_compare(phpversion(), '5.4', '<')) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
do_action('edd_process_download_headers', $requested_file, $args['download'], $args['email'], $args['payment']);
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\"");
header("Content-Transfer-Encoding: binary");
// If the file isn't locally hosted, process the redirect
if (filter_var($requested_file, FILTER_VALIDATE_URL) && !edd_is_local_file($requested_file)) {
edd_deliver_download($requested_file, true);
exit;
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
edd_deliver_download($requested_file, true);
break;
case 'direct':
default:
$direct = false;
$file_path = $requested_file;
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, content_url()) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(content_url(), WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
} else {
if (strpos($requested_file, set_url_scheme(content_url(), 'https')) !== false) {
/** This is a local file given by an HTTPS URL so we need to figure out the path */
$file_path = str_replace(set_url_scheme(content_url(), 'https'), WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
}
// Set the file size header
header("Content-Length: " . @filesize($file_path));
// Now deliver the file based on the kind of software the server is running / has enabled
if (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif ($direct && (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee'))) {
// We need a path relative to the domain
$file_path = str_ireplace(realpath($_SERVER['DOCUMENT_ROOT']), '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
}
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
edd_deliver_download($requested_file, true);
}
break;
}
edd_die();
} else {
$error_message = __('You do not have permission to download this file', 'easy-digital-downloads');
wp_die(apply_filters('edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'easy-digital-downloads')), __('Error', 'easy-digital-downloads'), array('response' => 403));
}
exit;
}
/**
* Get system info
*
* @since 2.0
* @access public
* @global object $wpdb Used to query the database using the WordPress Database API
* @global array $edd_options Array of all EDD options
* @return string $return A string containing the info to output
*/
function edd_tools_sysinfo_get()
{
global $wpdb, $edd_options;
if (!class_exists('Browser')) {
require_once EDD_PLUGIN_DIR . 'includes/libraries/browser.php';
}
$browser = new Browser();
// Get theme info
if (get_bloginfo('version') < '3.4') {
$theme_data = get_theme_data(get_stylesheet_directory() . '/style.css');
$theme = $theme_data['Name'] . ' ' . $theme_data['Version'];
} else {
$theme_data = wp_get_theme();
$theme = $theme_data->Name . ' ' . $theme_data->Version;
}
// Try to identify the hosting provider
$host = edd_get_host();
$return = '### Begin System Info ###' . "\n\n";
// Start with the basics...
$return .= '-- Site Info' . "\n\n";
$return .= 'Site URL: ' . site_url() . "\n";
$return .= 'Home URL: ' . home_url() . "\n";
$return .= 'Multisite: ' . (is_multisite() ? 'Yes' : 'No') . "\n";
$return = apply_filters('edd_sysinfo_after_site_info', $return);
// Can we determine the site's host?
if ($host) {
$return .= "\n" . '-- Hosting Provider' . "\n\n";
$return .= 'Host: ' . $host . "\n";
$return = apply_filters('edd_sysinfo_after_host_info', $return);
}
// The local users' browser information, handled by the Browser class
$return .= "\n" . '-- User Browser' . "\n\n";
$return .= $browser;
$return = apply_filters('edd_sysinfo_after_user_browser', $return);
// WordPress configuration
$return .= "\n" . '-- WordPress Configuration' . "\n\n";
$return .= 'Version: ' . get_bloginfo('version') . "\n";
$return .= 'Language: ' . (defined('WPLANG') && WPLANG ? WPLANG : 'en_US') . "\n";
$return .= 'Permalink Structure: ' . (get_option('permalink_structure') ? get_option('permalink_structure') : 'Default') . "\n";
$return .= 'Active Theme: ' . $theme . "\n";
$return .= 'Show On Front: ' . get_option('show_on_front') . "\n";
// Only show page specs if frontpage is set to 'page'
if (get_option('show_on_front') == 'page') {
$front_page_id = get_option('page_on_front');
$blog_page_id = get_option('page_for_posts');
$return .= 'Page On Front: ' . ($front_page_id != 0 ? get_the_title($front_page_id) . ' (#' . $front_page_id . ')' : 'Unset') . "\n";
$return .= 'Page For Posts: ' . ($blog_page_id != 0 ? get_the_title($blog_page_id) . ' (#' . $blog_page_id . ')' : 'Unset') . "\n";
}
// Make sure wp_remote_post() is working
$request['cmd'] = '_notify-validate';
$params = array('sslverify' => false, 'timeout' => 60, 'user-agent' => 'EDD/' . EDD_VERSION, 'body' => $request);
$response = wp_remote_post('https://www.paypal.com/cgi-bin/webscr', $params);
if (!is_wp_error($response) && $response['response']['code'] >= 200 && $response['response']['code'] < 300) {
$WP_REMOTE_POST = 'wp_remote_post() works';
} else {
$WP_REMOTE_POST = 'wp_remote_post() does not work';
}
$return .= 'Remote Post: ' . $WP_REMOTE_POST . "\n";
$return .= 'Table Prefix: ' . 'Length: ' . strlen($wpdb->prefix) . ' Status: ' . (strlen($wpdb->prefix) > 16 ? 'ERROR: Too long' : 'Acceptable') . "\n";
$return .= 'WP_DEBUG: ' . (defined('WP_DEBUG') ? WP_DEBUG ? 'Enabled' : 'Disabled' : 'Not set') . "\n";
$return .= 'Memory Limit: ' . WP_MEMORY_LIMIT . "\n";
$return .= 'Registered Post Stati: ' . implode(', ', get_post_stati()) . "\n";
$return = apply_filters('edd_sysinfo_after_wordpress_config', $return);
// EDD configuration
$return .= "\n" . '-- EDD Configuration' . "\n\n";
$return .= 'Version: ' . EDD_VERSION . "\n";
$return .= 'Upgraded From: ' . get_option('edd_version_upgraded_from', 'None') . "\n";
$return .= 'Test Mode: ' . (edd_is_test_mode() ? "Enabled\n" : "Disabled\n");
$return .= 'Ajax: ' . (!edd_is_ajax_disabled() ? "Enabled\n" : "Disabled\n");
$return .= 'Guest Checkout: ' . (edd_no_guest_checkout() ? "Disabled\n" : "Enabled\n");
$return .= 'Symlinks: ' . (apply_filters('edd_symlink_file_downloads', isset($edd_options['symlink_file_downloads'])) && function_exists('symlink') ? "Enabled\n" : "Disabled\n");
$return .= 'Download Method: ' . ucfirst(edd_get_file_download_method()) . "\n";
$return .= 'Currency Code: ' . edd_get_currency() . "\n";
$return .= 'Currency Position: ' . edd_get_option('currency_position', 'before') . "\n";
$return .= 'Decimal Separator: ' . edd_get_option('decimal_separator', '.') . "\n";
$return .= 'Thousands Separator: ' . edd_get_option('thousands_separator', ',') . "\n";
$return = apply_filters('edd_sysinfo_after_edd_config', $return);
// EDD pages
$return .= "\n" . '-- EDD Page Configuration' . "\n\n";
$return .= 'Checkout: ' . (!empty($edd_options['purchase_page']) ? "Valid\n" : "Invalid\n");
$return .= 'Checkout Page: ' . (!empty($edd_options['purchase_page']) ? get_permalink($edd_options['purchase_page']) . "\n" : "Unset\n");
$return .= 'Success Page: ' . (!empty($edd_options['success_page']) ? get_permalink($edd_options['success_page']) . "\n" : "Unset\n");
$return .= 'Failure Page: ' . (!empty($edd_options['failure_page']) ? get_permalink($edd_options['failure_page']) . "\n" : "Unset\n");
$return .= 'Downloads Slug: ' . (defined('EDD_SLUG') ? '/' . EDD_SLUG . "\n" : "/downloads\n");
$return = apply_filters('edd_sysinfo_after_edd_pages', $return);
// EDD gateways
$return .= "\n" . '-- EDD Gateway Configuration' . "\n\n";
$active_gateways = edd_get_enabled_payment_gateways();
if ($active_gateways) {
$default_gateway_is_active = edd_is_gateway_active(edd_get_default_gateway());
if ($default_gateway_is_active) {
$default_gateway = edd_get_default_gateway();
$default_gateway = $active_gateways[$default_gateway]['admin_label'];
} else {
$default_gateway = 'Test Payment';
}
$gateways = array();
foreach ($active_gateways as $gateway) {
$gateways[] = $gateway['admin_label'];
}
$return .= 'Enabled Gateways: ' . implode(', ', $gateways) . "\n";
$return .= 'Default Gateway: ' . $default_gateway . "\n";
} else {
$return .= 'Enabled Gateways: None' . "\n";
}
$return = apply_filters('edd_sysinfo_after_edd_gateways', $return);
// EDD Taxes
$return .= "\n" . '-- EDD Tax Configuration' . "\n\n";
$return .= 'Taxes: ' . (edd_use_taxes() ? "Enabled\n" : "Disabled\n");
$return .= 'Tax Rate: ' . edd_get_tax_rate() * 100 . "\n";
$return .= 'Display On Checkout: ' . (!empty($edd_options['checkout_include_tax']) ? "Displayed\n" : "Not Displayed\n");
$return .= 'Prices Include Tax: ' . (edd_prices_include_tax() ? "Yes\n" : "No\n");
$rates = edd_get_tax_rates();
if (!empty($rates)) {
$return .= 'Country / State Rates: ' . "\n";
foreach ($rates as $rate) {
$return .= ' Country: ' . $rate['country'] . ', State: ' . $rate['state'] . ', Rate: ' . $rate['rate'] . "\n";
}
}
$return = apply_filters('edd_sysinfo_after_edd_taxes', $return);
// EDD Templates
$dir = get_stylesheet_directory() . '/edd_templates/*';
if (is_dir($dir) && count(glob("{$dir}/*")) !== 0) {
$return .= "\n" . '-- EDD Template Overrides' . "\n\n";
foreach (glob($dir) as $file) {
$return .= 'Filename: ' . basename($file) . "\n";
}
$return = apply_filters('edd_sysinfo_after_edd_templates', $return);
}
// WordPress active plugins
$return .= "\n" . '-- WordPress Active Plugins' . "\n\n";
$plugins = get_plugins();
$active_plugins = get_option('active_plugins', array());
foreach ($plugins as $plugin_path => $plugin) {
if (!in_array($plugin_path, $active_plugins)) {
continue;
}
$return .= $plugin['Name'] . ': ' . $plugin['Version'] . "\n";
}
$return = apply_filters('edd_sysinfo_after_wordpress_plugins', $return);
// WordPress inactive plugins
$return .= "\n" . '-- WordPress Inactive Plugins' . "\n\n";
foreach ($plugins as $plugin_path => $plugin) {
if (in_array($plugin_path, $active_plugins)) {
continue;
}
$return .= $plugin['Name'] . ': ' . $plugin['Version'] . "\n";
}
$return = apply_filters('edd_sysinfo_after_wordpress_plugins_inactive', $return);
if (is_multisite()) {
// WordPress Multisite active plugins
$return .= "\n" . '-- Network Active Plugins' . "\n\n";
$plugins = wp_get_active_network_plugins();
$active_plugins = get_site_option('active_sitewide_plugins', array());
foreach ($plugins as $plugin_path) {
$plugin_base = plugin_basename($plugin_path);
if (!array_key_exists($plugin_base, $active_plugins)) {
continue;
}
$plugin = get_plugin_data($plugin_path);
$return .= $plugin['Name'] . ': ' . $plugin['Version'] . "\n";
}
$return = apply_filters('edd_sysinfo_after_wordpress_ms_plugins', $return);
}
// Server configuration (really just versioning)
$return .= "\n" . '-- Webserver Configuration' . "\n\n";
$return .= 'PHP Version: ' . PHP_VERSION . "\n";
$return .= 'MySQL Version: ' . $wpdb->db_version() . "\n";
$return .= 'Webserver Info: ' . $_SERVER['SERVER_SOFTWARE'] . "\n";
$return = apply_filters('edd_sysinfo_after_webserver_config', $return);
// PHP configs... now we're getting to the important stuff
$return .= "\n" . '-- PHP Configuration' . "\n\n";
$return .= 'Safe Mode: ' . (ini_get('safe_mode') ? 'Enabled' : 'Disabled' . "\n");
$return .= 'Memory Limit: ' . ini_get('memory_limit') . "\n";
$return .= 'Upload Max Size: ' . ini_get('upload_max_filesize') . "\n";
$return .= 'Post Max Size: ' . ini_get('post_max_size') . "\n";
$return .= 'Upload Max Filesize: ' . ini_get('upload_max_filesize') . "\n";
$return .= 'Time Limit: ' . ini_get('max_execution_time') . "\n";
$return .= 'Max Input Vars: ' . ini_get('max_input_vars') . "\n";
$return .= 'Display Errors: ' . (ini_get('display_errors') ? 'On (' . ini_get('display_errors') . ')' : 'N/A') . "\n";
$return = apply_filters('edd_sysinfo_after_php_config', $return);
// PHP extensions and such
$return .= "\n" . '-- PHP Extensions' . "\n\n";
$return .= 'cURL: ' . (function_exists('curl_init') ? 'Supported' : 'Not Supported') . "\n";
$return .= 'fsockopen: ' . (function_exists('fsockopen') ? 'Supported' : 'Not Supported') . "\n";
$return .= 'SOAP Client: ' . (class_exists('SoapClient') ? 'Installed' : 'Not Installed') . "\n";
$return .= 'Suhosin: ' . (extension_loaded('suhosin') ? 'Installed' : 'Not Installed') . "\n";
$return = apply_filters('edd_sysinfo_after_php_ext', $return);
// Session stuff
$return .= "\n" . '-- Session Configuration' . "\n\n";
$return .= 'EDD Use Sessions: ' . (defined('EDD_USE_PHP_SESSIONS') && EDD_USE_PHP_SESSIONS ? 'Enforced' : (EDD()->session->use_php_sessions() ? 'Enabled' : 'Disabled')) . "\n";
$return .= 'Session: ' . (isset($_SESSION) ? 'Enabled' : 'Disabled') . "\n";
// The rest of this is only relevant is session is enabled
if (isset($_SESSION)) {
$return .= 'Session Name: ' . esc_html(ini_get('session.name')) . "\n";
$return .= 'Cookie Path: ' . esc_html(ini_get('session.cookie_path')) . "\n";
$return .= 'Save Path: ' . esc_html(ini_get('session.save_path')) . "\n";
$return .= 'Use Cookies: ' . (ini_get('session.use_cookies') ? 'On' : 'Off') . "\n";
$return .= 'Use Only Cookies: ' . (ini_get('session.use_only_cookies') ? 'On' : 'Off') . "\n";
}
$return = apply_filters('edd_sysinfo_after_session_config', $return);
$return .= "\n" . '### End System Info ###';
return $return;
}
/**
* Process add-on Downloads
*
* Handles the file download process for add-ons.
*
* @access private
* @since 1.1
* @return void
*/
function affwp_process_add_on_download()
{
if (!isset($_GET['add_on'])) {
return;
}
if (!is_user_logged_in()) {
return;
}
$add_on = absint($_GET['add_on']);
if ('download' != get_post_type($add_on)) {
return;
}
$has_ultimate_license = in_array(3, affwp_get_users_price_ids());
$has_professional_license = in_array(2, affwp_get_users_price_ids());
if (!($has_ultimate_license || $has_professional_license)) {
wp_die('You need either an Ultimate or Professional license to download this add-on', 'Error', array('response' => 403));
}
$user_info = array();
$user_data = get_userdata(get_current_user_id());
$user_info['email'] = $user_data->user_email;
$user_info['id'] = $user_data->ID;
$user_info['name'] = $user_data->display_name;
edd_record_download_in_log($add_on, 0, $user_info, edd_get_ip(), 0, 0);
$download_files = edd_get_download_files($add_on);
$requested_file = $download_files[0]['file'];
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . basename($requested_file) . "\"");
header("Content-Transfer-Encoding: binary");
$method = edd_get_file_download_method();
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
header("Location: " . $requested_file);
break;
case 'direct':
default:
$direct = false;
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
// Now deliver the file based on the kind of software the server is running / has enabled
if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) {
header("X-Sendfile: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee')) {
// We need a path relative to the domain
$file_path = str_ireplace($_SERVER['DOCUMENT_ROOT'], '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
} else {
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
header("Location: " . $requested_file);
}
}
break;
}
edd_die();
exit;
}
/**
* Retrieve the .htaccess rules to wp-content/uploads/edd/
*
* @since 1.6
* @return string The htaccess rules
*/
function edd_get_htaccess_rules()
{
$method = edd_get_file_download_method();
switch ($method) {
case 'redirect':
// Prevent directory browsing
$rules = "Options -Indexes";
break;
case 'direct':
default:
// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails)
$rules = "Options -Indexes\n";
$rules .= "deny from all\n";
$rules .= "<FilesMatch '\\.(jpg|png|gif)\$'>\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Allow from all\n";
$rules .= "</FilesMatch>\n";
break;
}
$rules = apply_filters('edd_protected_directory_htaccess_rules', $rules);
return $rules;
}
/**
* Process Download
*
* Handles the file download process.
*
* @access private
* @since 1.0
* @return void
*/
function edd_process_download()
{
$args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download']) ? (int) $_GET['download'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? base64_decode(rawurldecode($_GET['expire'])) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'price_id' => isset($_GET['price_id']) ? (int) $_GET['price_id'] : false, 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : ''));
if ($args['download'] === '' || $args['email'] === '' || $args['file_key'] === '') {
return false;
}
extract($args);
$payment = edd_verify_download_link($download, $key, $email, $expire, $file_key);
// Defaulting this to true for now because the method below doesn't work well
$has_access = apply_filters('edd_file_download_has_access', true, $payment, $args);
//$has_access = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false;
if ($payment && $has_access) {
do_action('edd_process_verified_download', $download, $email);
// Payment has been verified, setup the download
$download_files = edd_get_download_files($download);
$requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file'], $download_files, $file_key);
$user_info = array();
$user_info['email'] = $email;
if (is_user_logged_in()) {
global $user_ID;
$user_data = get_userdata($user_ID);
$user_info['id'] = $user_ID;
$user_info['name'] = $user_data->display_name;
}
edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), $payment);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";");
header("Content-Transfer-Encoding: binary");
$method = edd_get_file_download_method();
switch ($method) {
case 'redirect':
// Redirect straight to the file
header("Location: " . $requested_file);
break;
case 'direct':
default:
$file_path = realpath($requested_file);
if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false && file_exists($file_path)) {
/** This is an absolute path */
edd_deliver_download($file_path);
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$upload_dir = wp_upload_dir();
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
edd_deliver_download($file_path);
} else {
// This is a remote file, but since we are using the Direct method, we have to simply redirect to it
header("Location: " . $requested_file);
}
}
break;
}
edd_die();
} else {
$error_message = __('You do not have permission to download this file', 'edd');
wp_die(apply_filters(' edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'edd')));
}
exit;
}
/**
* Deliver the file download
*
* @since 3.2.4
* @return void
*/
public function process_package_download()
{
if (isset($_GET['key']) && isset($_GET['id']) && isset($_GET['license']) && isset($_GET['expires'])) {
$id = absint(urldecode($_GET['id']));
$hash = urldecode($_GET['key']);
$license = sanitize_text_field(urldecode($_GET['license']));
$expires = is_numeric($_GET['expires']) ? $_GET['expires'] : urldecode(base64_decode($_GET['expires']));
do_action('edd_sl_before_package_download', $id, $hash, $license, $expires);
if (time() > $expires) {
wp_die(__('Your download link has expired', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
if (empty($license)) {
wp_die(__('No license key provided', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
if (!edd_software_licensing()->is_download_id_valid_for_license($id, $license)) {
wp_die(__('Invalid license supplied', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
$requested_file = $this->get_download_package($id, $license, $hash, $expires);
$file_extension = edd_get_file_extension($requested_file);
$ctype = edd_get_file_ctype($file_extension);
if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) {
set_time_limit(0);
}
if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) {
set_magic_quotes_runtime(0);
}
@session_write_close();
if (function_exists('apache_setenv')) {
@apache_setenv('no-gzip', 1);
}
@ini_set('zlib.output_compression', 'Off');
nocache_headers();
header("Robots: none");
header("Content-Type: " . $ctype . "");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";");
header("Content-Transfer-Encoding: binary");
$method = edd_get_file_download_method();
if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) {
// If X-Sendfile is selected but is not supported, fallback to Direct
$method = 'direct';
}
$file_details = parse_url($requested_file);
$schemes = array('http', 'https');
// Direct URL schemes
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/**
* Download method is set to to Redirect in settings but an absolute path was provided
* We need to switch to a direct download in order for the file to download properly
*/
$method = 'direct';
}
switch ($method) {
case 'redirect':
// Redirect straight to the file
header("Location: " . $requested_file);
break;
case 'direct':
default:
$direct = false;
if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) {
/** This is an absolute path */
$direct = true;
$file_path = $requested_file;
} else {
if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) {
/**
* This is a local file given by URL so we need to figure out the path
* UPLOADS is always relative to ABSPATH
* site_url() is the URL to where WordPress is installed
*/
$file_path = str_replace(site_url(), '', $requested_file);
$file_path = realpath(ABSPATH . $file_path);
$direct = true;
} else {
if (strpos($requested_file, WP_CONTENT_URL) !== false) {
/** This is a local file given by URL so we need to figure out the path */
$file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file);
$file_path = realpath($file_path);
$direct = true;
}
}
}
// Now deliver the file based on the kind of software the server is running / has enabled
if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) {
header("X-Sendfile: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) {
header("X-LIGHTTPD-send-file: {$file_path}");
} elseif (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee')) {
// We need a path relative to the domain
$file_path = str_ireplace($_SERVER['DOCUMENT_ROOT'], '', $file_path);
header("X-Accel-Redirect: /{$file_path}");
}
if ($direct) {
edd_deliver_download($file_path);
} else {
// The file supplied does not have a discoverable absolute path
header("Location: " . $requested_file);
}
break;
}
edd_die();
} else {
wp_die(__('You do not have permission to download this file', 'edd_sl'), __('Error', 'edd_sl'), array('response' => 401));
}
exit;
}
