Changeset 3364847
- Timestamp:
- 09/20/2025 06:51:34 AM (5 months ago)
- Location:
- wp-downloadmanager/trunk
- Files:
-
- 3 edited
-
download-add.php (modified) (5 diffs)
-
readme.txt (modified) (2 diffs)
-
wp-downloadmanager.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-downloadmanager/trunk/download-add.php
r2343995 r3364847 1 1 <?php 2 2 ### Check Whether User Can Manage Downloads 3 if (!current_user_can('manage_downloads')) {3 if (!current_user_can('manage_downloads')) { 4 4 die('Access Denied'); 5 5 } … … 7 7 8 8 ### Variables Variables Variables 9 $base_name = plugin_basename( 'wp-downloadmanager/download-manager.php');10 $base_page = 'admin.php?page=' .$base_name;9 $base_name = plugin_basename('wp-downloadmanager/download-manager.php'); 10 $base_page = 'admin.php?page=' . $base_name; 11 11 $file_path = get_option('download_path'); 12 $file_categories = get_option( 'download_categories');12 $file_categories = get_option('download_categories'); 13 13 14 14 15 15 ### Form Processing 16 if ( ! empty( $_POST['do'] )) {16 if (! empty($_POST['do'])) { 17 17 check_admin_referer('wp-downloadmanager_add-file'); 18 18 // Decide What To Do 19 switch ( $_POST['do']) {19 switch ($_POST['do']) { 20 20 // Add File 21 21 case __('Add File', 'wp-downloadmanager'): 22 $file_type = ! empty( $_POST['file_type']) ? intval( $_POST['file_type']) : 0;23 switch ($file_type) {22 $file_type = ! empty($_POST['file_type']) ? intval($_POST['file_type']) : 0; 23 switch ($file_type) { 24 24 case 0: 25 $file = ! empty( $_POST['file'] ) ? addslashes( wp_kses_post( trim( $_POST['file'] ) )) : '';25 $file = ! empty($_POST['file']) ? addslashes(wp_kses_post(trim($_POST['file']))) : ''; 26 26 $file = download_rename_file($file_path, $file); 27 $file_size = filesize($file_path .$file);27 $file_size = filesize($file_path . $file); 28 28 break; 29 29 case 1: 30 if ( $_FILES['file_upload']['size'] > get_max_upload_size()) {31 $text = '<p style="color: red;">' .sprintf(__('File Size Too Large. Maximum Size Is %s', 'wp-downloadmanager'), format_filesize(get_max_upload_size())).'</p>';30 if ($_FILES['file_upload']['size'] > get_max_upload_size()) { 31 $text = '<p style="color: red;">' . sprintf(__('File Size Too Large. Maximum Size Is %s', 'wp-downloadmanager'), format_filesize(get_max_upload_size())) . '</p>'; 32 32 break; 33 } else { 34 if(is_uploaded_file($_FILES['file_upload']['tmp_name'])) { 35 $file_upload_to = ! empty( $_POST['file_upload_to'] ) ? $_POST['file_upload_to'] : ''; 36 if( $file_upload_to !== '/' ) { 37 $file_upload_to = $file_upload_to . '/'; 38 } 39 if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path.$file_upload_to.basename($_FILES['file_upload']['name']))) { 40 $file = $file_upload_to.basename($_FILES['file_upload']['name']); 41 $file = download_rename_file($file_path, $file); 42 $file_size = filesize($file_path.$file); 43 } else { 44 $text = '<p style="color: red;">'.__('Error In Uploading File', 'wp-downloadmanager').'</p>'; 45 break; 46 } 33 } 34 $file_name = ! empty($_FILES['file_upload']['name']) ? basename( $_FILES['file_upload']['name'] ) : ''; 35 $validate = wp_check_filetype_and_ext( $_FILES['file_upload']['tmp_name'], $file_name ); 36 if ( $validate['type'] === false ) { 37 $text = '<p style="color: red;">' . __('File type is invalid', 'wp-downloadmanager') . '</p>'; 38 break; 39 } 40 if (is_uploaded_file($_FILES['file_upload']['tmp_name'])) { 41 $file_upload_to = ! empty($_POST['file_upload_to']) ? $_POST['file_upload_to'] : ''; 42 if ($file_upload_to !== '/') { 43 $file_upload_to = $file_upload_to . '/'; 44 } 45 if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $file_path . $file_upload_to . $file_name)) { 46 $file = $file_upload_to . $file_name; 47 $file = download_rename_file($file_path, $file); 48 $file_size = filesize($file_path . $file); 47 49 } else { 48 $text = '<p style="color: red;">' .__('Error In Uploading File', 'wp-downloadmanager').'</p>';50 $text = '<p style="color: red;">' . __('Error In Uploading File', 'wp-downloadmanager') . '</p>'; 49 51 break; 50 52 } 53 } else { 54 $text = '<p style="color: red;">' . __('Error In Uploading File', 'wp-downloadmanager') . '</p>'; 55 break; 51 56 } 52 57 break; 53 58 case 2: 54 $file = ! empty( $_POST['file_remote'] ) ? esc_url_raw( $_POST['file_remote']) : '';55 if ( is_file_remote_valid( $file )) {56 $file_size = remote_filesize( $file);59 $file = ! empty($_POST['file_remote']) ? esc_url_raw($_POST['file_remote']) : ''; 60 if (is_file_remote_valid($file)) { 61 $file_size = remote_filesize($file); 57 62 } else { 58 $text = '<p style="color: red;">' . __( 'There Is An Error Parsing Remote File URL', 'wp-downloadmanager') . '</p>';63 $text = '<p style="color: red;">' . __('There Is An Error Parsing Remote File URL', 'wp-downloadmanager') . '</p>'; 59 64 } 60 65 break; 61 66 } 62 if ( empty( $text )) {63 $file_name = ! empty( $_POST['file_name'] ) ? addslashes( wp_kses_post( trim( $_POST['file_name'] ) )) : '';64 if (empty($file_name)) {67 if (empty($text)) { 68 $file_name = ! empty($_POST['file_name']) ? addslashes(wp_kses_post(trim($_POST['file_name']))) : ''; 69 if (empty($file_name)) { 65 70 $file_name = basename($file); 66 71 } 67 $file_des = ! empty( $_POST['file_des'] ) ? addslashes( wp_kses_post( trim( $_POST['file_des'] ) )) : '';68 $file_category = ! empty( $_POST['file_cat'] ) ? intval( $_POST['file_cat']) : 0;69 if (!empty($_POST['file_size'])) {70 $file_size = ! empty( $_POST['file_size'] ) ? intval( $_POST['file_size']) : 0;72 $file_des = ! empty($_POST['file_des']) ? addslashes(wp_kses_post(trim($_POST['file_des']))) : ''; 73 $file_category = ! empty($_POST['file_cat']) ? intval($_POST['file_cat']) : 0; 74 if (!empty($_POST['file_size'])) { 75 $file_size = ! empty($_POST['file_size']) ? intval($_POST['file_size']) : 0; 71 76 } 72 $file_hits = ! empty( $_POST['file_hits'] ) ? intval( $_POST['file_hits']) : 0;73 $file_timestamp_day = ! empty( $_POST['file_timestamp_day'] ) ? intval( $_POST['file_timestamp_day']) : 0;74 $file_timestamp_month = ! empty( $_POST['file_timestamp_month'] ) ? intval( $_POST['file_timestamp_month']) : 0;75 $file_timestamp_year = ! empty( $_POST['file_timestamp_year'] ) ? intval( $_POST['file_timestamp_year']) : 0;76 $file_timestamp_hour = ! empty( $_POST['file_timestamp_hour'] ) ? intval( $_POST['file_timestamp_hour']) : 0;77 $file_timestamp_minute = ! empty( $_POST['file_timestamp_minute'] ) ? intval( $_POST['file_timestamp_minute']) : 0;78 $file_timestamp_second = ! empty( $_POST['file_timestamp_second'] ) ? intval( $_POST['file_timestamp_second']) : 0;77 $file_hits = ! empty($_POST['file_hits']) ? intval($_POST['file_hits']) : 0; 78 $file_timestamp_day = ! empty($_POST['file_timestamp_day']) ? intval($_POST['file_timestamp_day']) : 0; 79 $file_timestamp_month = ! empty($_POST['file_timestamp_month']) ? intval($_POST['file_timestamp_month']) : 0; 80 $file_timestamp_year = ! empty($_POST['file_timestamp_year']) ? intval($_POST['file_timestamp_year']) : 0; 81 $file_timestamp_hour = ! empty($_POST['file_timestamp_hour']) ? intval($_POST['file_timestamp_hour']) : 0; 82 $file_timestamp_minute = ! empty($_POST['file_timestamp_minute']) ? intval($_POST['file_timestamp_minute']) : 0; 83 $file_timestamp_second = ! empty($_POST['file_timestamp_second']) ? intval($_POST['file_timestamp_second']) : 0; 79 84 $file_date = gmmktime($file_timestamp_hour, $file_timestamp_minute, $file_timestamp_second, $file_timestamp_month, $file_timestamp_day, $file_timestamp_year); 80 $file_permission = ! empty( $_POST['file_permission'] ) ? intval( $_POST['file_permission']) : 0;85 $file_permission = ! empty($_POST['file_permission']) ? intval($_POST['file_permission']) : 0; 81 86 $addfile = $wpdb->query("INSERT INTO $wpdb->downloads VALUES (0, '$file', '$file_name', '$file_des', '$file_size', $file_category, '$file_date', '$file_date', '$file_date', $file_hits, $file_permission)"); 82 if (!$addfile) {83 $text = '<p style="color: red;">' .sprintf(__('Error In Adding File \'%s (%s)\'', 'wp-downloadmanager'), $file_name, $file).'</p>';87 if (!$addfile) { 88 $text = '<p style="color: red;">' . sprintf(__('Error In Adding File \'%s (%s)\'', 'wp-downloadmanager'), $file_name, $file) . '</p>'; 84 89 } else { 85 90 $file_id = intval($wpdb->insert_id); 86 $text = '<p style="color: green;">' .sprintf(__('File \'%s (%s) (ID: %s)\' Added Successfully', 'wp-downloadmanager'), $file_name, $file, $file_id).'</p>';91 $text = '<p style="color: green;">' . sprintf(__('File \'%s (%s) (ID: %s)\' Added Successfully', 'wp-downloadmanager'), $file_name, $file, $file_id) . '</p>'; 87 92 } 88 93 } … … 91 96 } 92 97 ?> 93 <?php if(!empty($text)) { echo '<!-- Last Action --><div id="message" class="updated fade"><p>'.stripslashes($text).'</p></div>'; } ?> 98 <?php if (!empty($text)) { 99 echo '<!-- Last Action --><div id="message" class="updated fade"><p>' . stripslashes($text) . '</p></div>'; 100 } ?> 94 101 <!-- Add A File --> 95 <form method="post" action="<?php echo admin_url('admin.php?page=' .plugin_basename(__FILE__)); ?>" enctype="multipart/form-data">102 <form method="post" action="<?php echo admin_url('admin.php?page=' . plugin_basename(__FILE__)); ?>" enctype="multipart/form-data"> 96 103 <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo get_max_upload_size(); ?>" /> 97 104 <?php wp_nonce_field('wp-downloadmanager_add-file'); ?> … … 136 143 <select name="file_cat" size="1"> 137 144 <?php 138 for ($i=0; $i<sizeof($file_categories); $i++) {139 if (!empty($file_categories[$i])) {140 echo '<option value="' .$i.'">'.$file_categories[$i].'</option>'."\n";145 for ($i = 0; $i < sizeof($file_categories); $i++) { 146 if (!empty($file_categories[$i])) { 147 echo '<option value="' . $i . '">' . $file_categories[$i] . '</option>' . "\n"; 141 148 } 142 149 } … … 169 176 <option value="10"><?php _e('At Least Administrator Role', 'wp-downloadmanager'); ?></option> 170 177 </select> 178 <p> 179 <?php _e('Note: While role-based authentication is enforced, users who directly guess the file URL may still be able to access the file without authorization.', 'wp-downloadmanager'); ?> 180 </p> 171 181 </td> 172 182 </tr> 173 183 <tr> 174 <td colspan="2" align="center"><input type="submit" name="do" value="<?php _e('Add File', 'wp-downloadmanager'); ?>" 184 <td colspan="2" align="center"><input type="submit" name="do" value="<?php _e('Add File', 'wp-downloadmanager'); ?>" class="button" /> <input type="button" name="cancel" value="<?php _e('Cancel', 'wp-downloadmanager'); ?>" class="button" onclick="javascript:history.go(-1)" /></td> 175 185 </tr> 176 186 </table> -
wp-downloadmanager/trunk/readme.txt
r3294467 r3364847 5 5 Requires at least: 4.0 6 6 Tested up to: 6.8 7 Stable tag: 1.6 8.117 Stable tag: 1.69 8 8 License: GPLv2 9 9 … … 59 59 60 60 ## Changelog 61 ### Version 1.69 62 * FIXED: Only allow certain files to be uploaded based on `wp_check_filetype_and_ext()` 63 64 ### Version 1.68.12 65 * FIXED: Add a warning to let user know that if any users manage to guess the direct file URI, he will be able to download the file as well. 66 61 67 ### Version 1.68.11 62 68 * FIXED: Ensure that Download Path starts only with your wp-content folder for additional security. -
wp-downloadmanager/trunk/wp-downloadmanager.php
r3294467 r3364847 4 4 Plugin URI: https://lesterchan.net/portfolio/programming/php/ 5 5 Description: Adds a simple download manager to your WordPress blog. 6 Version: 1.6 8.116 Version: 1.69 7 7 Author: Lester 'GaMerZ' Chan 8 8 Author URI: https://lesterchan.net … … 31 31 32 32 ### Version 33 define( 'WP_DOWNLOADMANAGER_VERSION', '1.6 8.11' );33 define( 'WP_DOWNLOADMANAGER_VERSION', '1.69' ); 34 34 35 35 ### Create text domain for translations
Note: See TracChangeset
for help on using the changeset viewer.