/** * Creates blank index.php and .htaccess files * * This function runs approximately once per month in order to ensure all folders * have their necessary protection files * * @since 1.1.5 * * @param bool $force * @param bool $method */ function edd_create_protection_files($force = false, $method = false) { if (false === get_transient('edd_check_protection_files') || $force) { $upload_path = edd_get_upload_dir(); // Make sure the /edd folder is created wp_mkdir_p($upload_path); // Top level .htaccess file $rules = edd_get_htaccess_rules($method); if (edd_htaccess_exists()) { $contents = @file_get_contents($upload_path . '/.htaccess'); if ($contents !== $rules || !$contents) { // Update the .htaccess rules if they don't match @file_put_contents($upload_path . '/.htaccess', $rules); } } elseif (wp_is_writable($upload_path)) { // Create the file if it doesn't exist @file_put_contents($upload_path . '/.htaccess', $rules); } // Top level blank index.php if (!file_exists($upload_path . '/index.php') && wp_is_writable($upload_path)) { @file_put_contents($upload_path . '/index.php', '<?php' . PHP_EOL . '// Silence is golden.'); } // Now place index.php files in all sub folders $folders = edd_scan_folders($upload_path); foreach ($folders as $folder) { // Create index.php, if it doesn't exist if (!file_exists($folder . 'index.php') && wp_is_writable($folder)) { @file_put_contents($folder . 'index.php', '<?php' . PHP_EOL . '// Silence is golden.'); } } // Check for the files once per day set_transient('edd_check_protection_files', true, 3600 * 24); } }
/** * Creates blank index.php and .htaccess files * * This function runs approximately once per month in order to ensure all folders * have their necessary protection files * * @since 1.1.5 * @return void */ function edd_create_protection_files($force = false) { if (false === get_transient('edd_check_protection_files') || $force) { $wp_upload_dir = wp_upload_dir(); $upload_path = $wp_upload_dir['basedir'] . '/edd'; wp_mkdir_p($upload_path); // Top level blank index.php if (!file_exists($upload_path . '/index.php')) { @file_put_contents($upload_path . '/index.php', '<?php' . PHP_EOL . '// Silence is golden.'); } // Top level .htaccess file $rules = edd_get_htaccess_rules(); if (file_exists($upload_path . '/.htaccess')) { $contents = @file_get_contents($upload_path . '/.htaccess'); if (false === strpos($contents, $rules) || !$contents) { @file_put_contents($upload_path . '/.htaccess', $rules); } } // Now place index.php files in all sub folders $folders = edd_scan_folders($upload_path); foreach ($folders as $folder) { // Create index.php, if it doesn't exist if (!file_exists($folder . 'index.php')) { @file_put_contents($folder . 'index.php', '<?php' . PHP_EOL . '// Silence is golden.'); } } // Check for the files once per day set_transient('edd_check_protection_files', true, 3600 * 24); } }
/** * Admin Messages * * @since 1.0 * @global $edd_options Array of all the EDD Options * @return void */ function edd_admin_messages() { global $edd_options; if (isset($_GET['edd-message']) && 'discount_added' == $_GET['edd-message'] && current_user_can('manage_shop_discounts')) { add_settings_error('edd-notices', 'edd-discount-added', __('Discount code added.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'discount_add_failed' == $_GET['edd-message'] && current_user_can('manage_shop_discounts')) { add_settings_error('edd-notices', 'edd-discount-add-fail', __('There was a problem adding your discount code, please try again.', 'edd'), 'error'); } if (isset($_GET['edd-message']) && 'discount_exists' == $_GET['edd-message'] && current_user_can('manage_shop_discounts')) { add_settings_error('edd-notices', 'edd-discount-exists', __('A discount with that code already exists, please use a different code.', 'edd'), 'error'); } if (isset($_GET['edd-message']) && 'discount_updated' == $_GET['edd-message'] && current_user_can('manage_shop_discounts')) { add_settings_error('edd-notices', 'edd-discount-updated', __('Discount code updated.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'discount_update_failed' == $_GET['edd-message'] && current_user_can('manage_shop_discounts')) { add_settings_error('edd-notices', 'edd-discount-updated-fail', __('There was a problem updating your discount code, please try again.', 'edd'), 'error'); } if (isset($_GET['edd-message']) && 'payment_deleted' == $_GET['edd-message'] && current_user_can('view_shop_reports')) { add_settings_error('edd-notices', 'edd-payment-deleted', __('The payment has been deleted.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'email_sent' == $_GET['edd-message'] && current_user_can('view_shop_reports')) { add_settings_error('edd-notices', 'edd-payment-sent', __('The purchase receipt has been resent.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'payment-note-deleted' == $_GET['edd-message'] && current_user_can('view_shop_reports')) { add_settings_error('edd-notices', 'edd-payment-note-deleted', __('The payment note has been deleted.', 'edd'), 'updated'); } if (isset($_GET['page']) && 'edd-payment-history' == $_GET['page'] && current_user_can('view_shop_reports') && edd_is_test_mode()) { add_settings_error('edd-notices', 'edd-payment-sent', sprintf(__('Note: Test Mode is enabled, only test payments are shown below. <a href="%s">Settings</a>.', 'edd'), admin_url('edit.php?post_type=download&page=edd-settings')), 'updated'); } if ((empty($edd_options['purchase_page']) || 'trash' == get_post_status($edd_options['purchase_page'])) && current_user_can('edit_pages') && !get_user_meta(get_current_user_id(), '_edd_set_checkout_dismissed')) { echo '<div class="error">'; echo '<p>' . sprintf(__('No checkout page has been configured. Visit <a href="%s">Settings</a> to set one.', 'edd'), admin_url('edit.php?post_type=download&page=edd-settings')) . '</p>'; echo '<p><a href="' . add_query_arg(array('edd_action' => 'dismiss_notices', 'edd_notice' => 'set_checkout')) . '">' . __('Dismiss Notice', 'edd') . '</a></p>'; echo '</div>'; } if (isset($_GET['edd-message']) && 'settings-imported' == $_GET['edd-message'] && current_user_can('manage_shop_settings')) { add_settings_error('edd-notices', 'edd-settings-imported', __('The settings have been imported.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'note-added' == $_GET['edd-message'] && current_user_can('edit_shop_payments')) { add_settings_error('edd-notices', 'edd-note-added', __('The payment note has been added successfully.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'payment-updated' == $_GET['edd-message'] && current_user_can('edit_shop_payments')) { add_settings_error('edd-notices', 'edd-payment-updated', __('The payment has been successfully updated.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'api-key-generated' == $_GET['edd-message'] && current_user_can('manage_shop_settings')) { add_settings_error('edd-notices', 'edd-api-key-generated', __('API keys successfully generated.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'api-key-exists' == $_GET['edd-message'] && current_user_can('manage_shop_settings')) { add_settings_error('edd-notices', 'edd-api-key-exists', __('The specified user already has API keys.', 'edd'), 'error'); } if (isset($_GET['edd-message']) && 'api-key-regenerated' == $_GET['edd-message'] && current_user_can('manage_shop_settings')) { add_settings_error('edd-notices', 'edd-api-key-regenerated', __('API keys successfully regenerated.', 'edd'), 'updated'); } if (isset($_GET['edd-message']) && 'api-key-revoked' == $_GET['edd-message'] && current_user_can('manage_shop_settings')) { add_settings_error('edd-notices', 'edd-api-key-revoked', __('API keys successfully revoked.', 'edd'), 'updated'); } if (!edd_htaccess_exists() && !get_user_meta(get_current_user_id(), '_edd_htaccess_missing_dismissed', true)) { if (!stristr($_SERVER['SERVER_SOFTWARE'], 'apache')) { return; } // Bail if we aren't using Apache... nginx doesn't use htaccess! echo '<div class="error">'; echo '<p>' . sprintf(__('The Easy Digital Downloads .htaccess file is missing from <strong>%s</strong>!', 'edd'), edd_get_upload_dir()) . '</p>'; echo '<p>' . sprintf(__('First, please resave the Misc settings tab a few times. If this warning continues to appear, create a file called ".htaccess" in the <strong>%s</strong> directory, and copy the following into it:', 'edd'), edd_get_upload_dir()) . '</p>'; echo '<p><pre>' . edd_get_htaccess_rules() . '</pre>'; echo '<p><a href="' . add_query_arg(array('edd_action' => 'dismiss_notices', 'edd_notice' => 'htaccess_missing')) . '">' . __('Dismiss Notice', 'edd') . '</a></p>'; echo '</div>'; } settings_errors('edd-notices'); }
/** * Show relevant notices * * @since 2.3 */ public function show_notices() { $notices = array('updated' => array(), 'error' => array()); // Global (non-action-based) messages if (edd_get_option('purchase_page', '') == '' || 'trash' == get_post_status(edd_get_option('purchase_page', '')) && current_user_can('edit_pages') && !get_user_meta(get_current_user_id(), '_edd_set_checkout_dismissed')) { echo '<div class="error">'; echo '<p>' . sprintf(__('No checkout page has been configured. Visit <a href="%s">Settings</a> to set one.', 'easy-digital-downloads'), admin_url('edit.php?post_type=download&page=edd-settings')) . '</p>'; echo '<p><a href="' . add_query_arg(array('edd_action' => 'dismiss_notices', 'edd_notice' => 'set_checkout')) . '">' . __('Dismiss Notice', 'easy-digital-downloads') . '</a></p>'; echo '</div>'; } if (isset($_GET['page']) && 'edd-payment-history' == $_GET['page'] && current_user_can('view_shop_reports') && edd_is_test_mode()) { $notices['updated']['edd-payment-history-test-mode'] = sprintf(__('Note: Test Mode is enabled, only test payments are shown below. <a href="%s">Settings</a>.', 'easy-digital-downloads'), admin_url('edit.php?post_type=download&page=edd-settings')); } if (stristr($_SERVER['SERVER_SOFTWARE'], 'nginx') && !get_user_meta(get_current_user_id(), '_edd_nginx_redirect_dismissed', true) && current_user_can('manage_shop_settings')) { echo '<div class="error">'; echo '<p>' . sprintf(__('The download files in <strong>%s</strong> are not currently protected due to your site running on NGINX.', 'easy-digital-downloads'), edd_get_upload_dir()) . '</p>'; echo '<p>' . __('To protect them, you must add a redirect rule as explained in <a href="http://docs.easydigitaldownloads.com/article/682-protected-download-files-on-nginx">this guide</a>.', 'easy-digital-downloads') . '</p>'; echo '<p>' . __('If you have already added the redirect rule, you may safely dismiss this notice', 'easy-digital-downloads') . '</p>'; echo '<p><a href="' . add_query_arg(array('edd_action' => 'dismiss_notices', 'edd_notice' => 'nginx_redirect')) . '">' . __('Dismiss Notice', 'easy-digital-downloads') . '</a></p>'; echo '</div>'; } if (!edd_htaccess_exists() && !get_user_meta(get_current_user_id(), '_edd_htaccess_missing_dismissed', true) && current_user_can('manage_shop_settings')) { if (!stristr($_SERVER['SERVER_SOFTWARE'], 'apache')) { return; } // Bail if we aren't using Apache... nginx doesn't use htaccess! echo '<div class="error">'; echo '<p>' . sprintf(__('The Easy Digital Downloads .htaccess file is missing from <strong>%s</strong>!', 'easy-digital-downloads'), edd_get_upload_dir()) . '</p>'; echo '<p>' . sprintf(__('First, please resave the Misc settings tab a few times. If this warning continues to appear, create a file called ".htaccess" in the <strong>%s</strong> directory, and copy the following into it:', 'easy-digital-downloads'), edd_get_upload_dir()) . '</p>'; echo '<p><pre>' . edd_get_htaccess_rules() . '</pre>'; echo '<p><a href="' . add_query_arg(array('edd_action' => 'dismiss_notices', 'edd_notice' => 'htaccess_missing')) . '">' . __('Dismiss Notice', 'easy-digital-downloads') . '</a></p>'; echo '</div>'; } /* Commented out per https://github.com/easydigitaldownloads/Easy-Digital-Downloads/issues/3475 if( ! edd_test_ajax_works() && ! get_user_meta( get_current_user_id(), '_edd_admin_ajax_inaccessible_dismissed', true ) && current_user_can( 'manage_shop_settings' ) ) { echo '<div class="error">'; echo '<p>' . __( 'Your site appears to be blocking the WordPress ajax interface. This may causes issues with your store.', 'easy-digital-downloads' ) . '</p>'; echo '<p>' . sprintf( __( 'Please see <a href="%s" target="_blank">this reference</a> for possible solutions.', 'easy-digital-downloads' ), 'https://easydigitaldownloads.com/docs/admin-ajax-blocked' ) . '</p>'; echo '<p><a href="' . add_query_arg( array( 'edd_action' => 'dismiss_notices', 'edd_notice' => 'admin_ajax_inaccessible' ) ) . '">' . __( 'Dismiss Notice', 'easy-digital-downloads' ) . '</a></p>'; echo '</div>'; } */ if (isset($_GET['edd-message'])) { // Shop discounts errors if (current_user_can('manage_shop_discounts')) { switch ($_GET['edd-message']) { case 'discount_added': $notices['updated']['edd-discount-added'] = __('Discount code added.', 'easy-digital-downloads'); break; case 'discount_add_failed': $notices['error']['edd-discount-add-fail'] = __('There was a problem adding your discount code, please try again.', 'easy-digital-downloads'); break; case 'discount_exists': $notices['error']['edd-discount-exists'] = __('A discount with that code already exists, please use a different code.', 'easy-digital-downloads'); break; case 'discount_updated': $notices['updated']['edd-discount-updated'] = __('Discount code updated.', 'easy-digital-downloads'); break; case 'discount_update_failed': $notices['error']['edd-discount-updated-fail'] = __('There was a problem updating your discount code, please try again.', 'easy-digital-downloads'); break; } } // Shop reports errors if (current_user_can('view_shop_reports')) { switch ($_GET['edd-message']) { case 'payment_deleted': $notices['updated']['edd-payment-deleted'] = __('The payment has been deleted.', 'easy-digital-downloads'); break; case 'email_sent': $notices['updated']['edd-payment-sent'] = __('The purchase receipt has been resent.', 'easy-digital-downloads'); break; case 'payment-note-deleted': $notices['updated']['edd-payment-note-deleted'] = __('The payment note has been deleted.', 'easy-digital-downloads'); break; } } // Shop settings errors if (current_user_can('manage_shop_settings')) { switch ($_GET['edd-message']) { case 'settings-imported': $notices['updated']['edd-settings-imported'] = __('The settings have been imported.', 'easy-digital-downloads'); break; case 'api-key-generated': $notices['updated']['edd-api-key-generated'] = __('API keys successfully generated.', 'easy-digital-downloads'); break; case 'api-key-exists': $notices['error']['edd-api-key-exists'] = __('The specified user already has API keys.', 'easy-digital-downloads'); break; case 'api-key-regenerated': $notices['updated']['edd-api-key-regenerated'] = __('API keys successfully regenerated.', 'easy-digital-downloads'); break; case 'api-key-revoked': $notices['updated']['edd-api-key-revoked'] = __('API keys successfully revoked.', 'easy-digital-downloads'); break; } } // Shop payments errors if (current_user_can('edit_shop_payments')) { switch ($_GET['edd-message']) { case 'note-added': $notices['updated']['edd-note-added'] = __('The payment note has been added successfully.', 'easy-digital-downloads'); break; case 'payment-updated': $notices['updated']['edd-payment-updated'] = __('The payment has been successfully updated.', 'easy-digital-downloads'); break; } } // Customer Notices if (current_user_can('edit_shop_payments')) { switch ($_GET['edd-message']) { case 'customer-deleted': $notices['updated']['edd-customer-deleted'] = __('Customer successfully deleted', 'easy-digital-downloads'); break; case 'user-verified': $notices['updated']['edd-user-verified'] = __('User successfully verified', 'easy-digital-downloads'); break; } } } if (count($notices['updated']) > 0) { foreach ($notices['updated'] as $notice => $message) { add_settings_error('edd-notices', $notice, $message, 'updated'); } } if (count($notices['error']) > 0) { foreach ($notices['error'] as $notice => $message) { add_settings_error('edd-notices', $notice, $message, 'error'); } } settings_errors('edd-notices'); }
/** * Display our editor * * @access public * @since 1.0.0 * @return void */ public function htaccess_editor() { $contents = edd_get_option('htaccess_rules', false); if (!$contents) { $contents = edd_get_htaccess_rules(); } else { $contents = html_entity_decode(stripslashes($contents)); } ?> <div class="postbox"> <h3><span><?php _e('Edit htaccess', 'edd-htaccess-editor'); ?> </span></h3> <div class="inside"> <?php if (!stristr($_SERVER['SERVER_SOFTWARE'], 'apache')) { ?> <p><?php _e('The htaccess editor is only useful with the Apache webserver!', 'edd-htaccess-editor'); ?> </p> <?php } else { ?> <form method="post" action="<?php echo admin_url('edit.php?post_type=download&page=edd-tools&tab=general'); ?> "> <p> <textarea name="htaccess_contents" rows="10" class="large-text"><?php echo $contents; ?> </textarea> <span class="description"><?php _e('<strong>Warning!</strong> Incorrectly modifying your htaccess file could result in unexpected site behavior.', 'edd-htaccess-editor'); ?> </span> </p> <p> <input type="hidden" name="edd_action" value="save_htaccess_file" /> <?php wp_nonce_field('edd_save_htaccess_nonce', 'edd_save_htaccess_nonce'); ?> <?php submit_button(__('Save', 'edd-htaccess-editor'), 'secondary', 'submit', false); ?> <a href="<?php echo esc_url(add_query_arg(array('edd-action' => 'reset_htaccess_file'))); ?> " class="button secondary-button" style="color: #ff0000;"><?php _e('Reset htaccess file', 'edd-htaccess-editor'); ?> </a> </p> </form> <?php } ?> </div><!-- .inside --> </div><!-- .postbox --> <?php }