/** * Generate a token for a URL and match it against the existing token to make * sure the URL hasn't been tampered with. * * @since 2.3 * * @param string $url URL to test. * @return bool */ function edd_validate_url_token($url = '') { $ret = false; $parts = parse_url($url); if (isset($parts['query'])) { wp_parse_str($parts['query'], $query_args); if (isset($query_args['ttl']) && current_time('timestamp') > $query_args['ttl']) { wp_die(apply_filters('edd_download_link_expired_text', __('Sorry but your download link has expired.', 'easy-digital-downloads')), __('Error', 'easy-digital-downloads'), array('response' => 403)); } if (isset($query_args['token']) && $query_args['token'] == edd_get_download_token($url)) { $ret = true; } } return apply_filters('edd_validate_url_token', $ret, $url, $query_args); }
/** * Generate a token for a URL and match it against the existing token to make * sure the URL hasn't been tampered with. * * @since 2.3 * * @param string $url URL to test. * @return bool */ function edd_validate_url_token($url = '') { $ret = false; $parts = parse_url($url); if (isset($parts['query'])) { wp_parse_str($parts['query'], $query_args); // These are the only URL parameters that are allowed to affect the token validation $allowed = apply_filters('edd_url_token_allowed_params', array('eddfile', 'file', 'ttl', 'token')); // Parameters that will be removed from the URL before testing the token $remove = array(); foreach ($query_args as $key => $value) { if (false === in_array($key, $allowed)) { $remove[] = $key; } } if (!empty($remove)) { $url = remove_query_arg($remove, $url); } if (isset($query_args['ttl']) && current_time('timestamp') > $query_args['ttl']) { wp_die(apply_filters('edd_download_link_expired_text', __('Sorry but your download link has expired.', 'easy-digital-downloads')), __('Error', 'easy-digital-downloads'), array('response' => 403)); } if (isset($query_args['token']) && $query_args['token'] == edd_get_download_token($url)) { $ret = true; } } return apply_filters('edd_validate_url_token', $ret, $url, $query_args); }