woocommerce/includes/class-wc-download-handler.php

<?php
/**
 * Download handler
 *
 * Handle digital downloads.
 *
 * @class 		WC_Download_Handler
 * @version		2.1.0
 * @package		WooCommerce/Classes
 * @category	Class
 * @author 		WooThemes
 */
class WC_Download_Handler {

	/**
	 * Constructor
	 */
	public function __construct() {
		add_action( 'init', array( $this, 'download_product' ) );
	}

	/**
	 * Check if we need to download a file and check validity
	 */
	public function download_product() {
		if ( isset( $_GET['download_file'] ) && isset( $_GET['order'] ) && isset( $_GET['email'] ) ) {

			global $wpdb;

			$product_id           = (int) $_GET['download_file'];
			$order_key            = $_GET['order'];
			$email                = sanitize_email( str_replace( ' ', '+', $_GET['email'] ) );
			$download_id          = isset( $_GET['key'] ) ? preg_replace( '/\s+/', ' ', $_GET['key'] ) : '';
			$_product             = get_product( $product_id );

			if ( ! is_email( $email) ) {
				wp_die( __( 'Invalid email address.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
			}

			$query = "
				SELECT order_id,downloads_remaining,user_id,download_count,access_expires,download_id
				FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions
				WHERE user_email = %s
				AND order_key = %s
				AND product_id = %s";

			$args = array(
				$email,
				$order_key,
				$product_id
			);

			if ( $download_id ) {
				// backwards compatibility for existing download URLs
				$query .= " AND download_id = %s";
				$args[] = $download_id;
			}

			$download_result = $wpdb->get_row( $wpdb->prepare( $query, $args ) );

			if ( ! $download_result ) {
				wp_die( __( 'Invalid download.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
			}

			$download_id 			= $download_result->download_id;
			$order_id 				= $download_result->order_id;
			$downloads_remaining 	= $download_result->downloads_remaining;
			$download_count 		= $download_result->download_count;
			$user_id 				= $download_result->user_id;
			$access_expires 		= $download_result->access_expires;

			if ( $user_id && get_option( 'woocommerce_downloads_require_login' ) == 'yes' ) {

				if ( ! is_user_logged_in() ) {
					wp_die( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . esc_url( wp_login_url( get_permalink( wc_get_page_id( 'myaccount' ) ) ) ) . '" class="wc-forward">' . __( 'Login', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ) );
				} elseif ( ! current_user_can( 'download_file', $download_result ) ) {
					wp_die( __( 'This is not your download link.', 'woocommerce' ) );
				}

			}

			if ( ! get_post( $product_id ) ) {
				wp_die( __( 'Product no longer exists.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
			}

			if ( $order_id ) {
				$order = new WC_Order( $order_id );

				if ( ! $order->is_download_permitted() || $order->post_status != 'publish' ) {
					wp_die( __( 'Invalid order.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
				}
			}

			if ( $downloads_remaining == '0' ) {
				wp_die( __( 'Sorry, you have reached your download limit for this file', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
			}

			if ( $access_expires > 0 && strtotime( $access_expires) < current_time( 'timestamp' ) ) {
				wp_die( __( 'Sorry, this download has expired', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
			}

			if ( $downloads_remaining > 0 ) {
				$wpdb->update( $wpdb->prefix . "woocommerce_downloadable_product_permissions", array(
					'downloads_remaining' => $downloads_remaining - 1,
				), array(
					'user_email' 	=> $email,
					'order_key' 	=> $order_key,
					'product_id' 	=> $product_id,
					'download_id' 	=> $download_id
				), array( '%d' ), array( '%s', '%s', '%d', '%s' ) );
			}

			// Count the download
			$wpdb->update( $wpdb->prefix . "woocommerce_downloadable_product_permissions", array(
				'download_count' => $download_count + 1,
			), array(
				'user_email' 	=> $email,
				'order_key' 	=> $order_key,
				'product_id' 	=> $product_id,
				'download_id' 	=> $download_id
			), array( '%d' ), array( '%s', '%s', '%d', '%s' ) );

			// Trigger action
			do_action( 'woocommerce_download_product', $email, $order_key, $product_id, $user_id, $download_id, $order_id );

			// Get the download URL and try to replace the url with a path
			$file_path = $_product->get_file_download_path( $download_id );

			// Download it!
			$this->download( $file_path, $product_id );
		}
	}

	/**
	 * Download a file - hook into init function.
	 */
	public function download( $file_path, $product_id ) {
		global $wpdb, $is_IE;

		$file_download_method = apply_filters( 'woocommerce_file_download_method', get_option( 'woocommerce_file_download_method' ), $product_id );

		if ( ! $file_path ) {
			wp_die( __( 'No file defined', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
		}

		// Redirect to the file...
		if ( $file_download_method == "redirect" ) {
			header( 'Location: ' . $file_path );
			exit;
		}

		// ...or serve it
		$remote_file      = true;
		$parsed_file_path = parse_url( $file_path );
		
		$wp_uploads       = wp_upload_dir();
		$wp_uploads_dir   = $wp_uploads['basedir'];
		$wp_uploads_url   = $wp_uploads['baseurl'];

		if ( ( ! isset( $parsed_file_path['scheme'] ) || ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ) ) ) && isset( $parsed_file_path['path'] ) && file_exists( $parsed_file_path['path'] ) ) {

			/** This is an absolute path */
			$remote_file  = false;

		} elseif( strpos( $file_path, $wp_uploads_url ) !== false ) {

			/** This is a local file given by URL so we need to figure out the path */
			$remote_file  = false;
			$file_path    = str_replace( $wp_uploads_url, $wp_uploads_dir, $file_path );

		} elseif( is_multisite() && ( strpos( $file_path, network_site_url( '/', 'http' ) ) !== false || strpos( $file_path, network_site_url( '/', 'https' ) ) !== false ) ) {

			/** This is a local file outside of wp-content so figure out the path */
			$remote_file = false;
			// Try to replace network url
            $file_path   = str_replace( network_site_url( '/', 'https' ), ABSPATH, $file_path );
            $file_path   = str_replace( network_site_url( '/', 'http' ), ABSPATH, $file_path );
            // Try to replace upload URL
            $file_path   = str_replace( $wp_uploads_url, $wp_uploads_dir, $file_path );

		} elseif( strpos( $file_path, site_url( '/', 'http' ) ) !== false || strpos( $file_path, site_url( '/', 'https' ) ) !== false ) {

			/** This is a local file outside of wp-content so figure out the path */
			$remote_file = false;
			$file_path   = str_replace( site_url( '/', 'https' ), ABSPATH, $file_path );
			$file_path   = str_replace( site_url( '/', 'http' ), ABSPATH, $file_path );

		} elseif ( file_exists( ABSPATH . $file_path ) ) {
			
			/** Path needs an abspath to work */
			$remote_file = false;
			$file_path   = ABSPATH . $file_path;
		}

		if ( ! $remote_file ) {
			// Remove Query String
			if ( strstr( $file_path, '?' ) ) {
				$file_path = current( explode( '?', $file_path ) );
			}

			// Run realpath
			$file_path = realpath( $file_path );
		}

		// Get extension and type
		$file_extension  = strtolower( substr( strrchr( $file_path, "." ), 1 ) );
		$ctype           = "application/force-download";

		foreach ( get_allowed_mime_types() as $mime => $type ) {
			$mimes = explode( '|', $mime );
			if ( in_array( $file_extension, $mimes ) ) {
				$ctype = $type;
				break;
			}
		}

		// Start setting headers
		if ( ! ini_get('safe_mode') ) {
			@set_time_limit(0);
		}

		if ( function_exists( 'get_magic_quotes_runtime' ) && get_magic_quotes_runtime() ) {
			@set_magic_quotes_runtime(0);
		}

		if ( function_exists( 'apache_setenv' ) ) {
			@apache_setenv( 'no-gzip', 1 );
		}

		@session_write_close();
		@ini_set( 'zlib.output_compression', 'Off' );

		/**
		 * Prevents errors, for example: transfer closed with 3 bytes remaining to read
		 */
		@ob_end_clean(); // Clear the output buffer

		if ( ob_get_level() ) {

			$levels = ob_get_level();

			for ( $i = 0; $i < $levels; $i++ ) {
				@ob_end_clean(); // Zip corruption fix
			}

		}

		if ( $is_IE && is_ssl() ) {
			// IE bug prevents download via SSL when Cache Control and Pragma no-cache headers set.
			header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
			header( 'Cache-Control: private' );
		} else {
			nocache_headers();
		}

		$filename = basename( $file_path );

		if ( strstr( $filename, '?' ) ) {
			$filename = current( explode( '?', $filename ) );
		}

		$filename = apply_filters( 'woocommerce_file_download_filename', $filename, $product_id );

		header( "X-Robots-Tag: noindex, nofollow", true );
		header( "Content-Type: " . $ctype );
		header( "Content-Description: File Transfer" );
		header( "Content-Disposition: attachment; filename=\"" . $filename . "\";" );
		header( "Content-Transfer-Encoding: binary" );

        if ( $size = @filesize( $file_path ) ) {
        	header( "Content-Length: " . $size );
        }

		if ( $file_download_method == 'xsendfile' ) {

			// Path fix - kudos to Jason Judge
         	if ( getcwd() ) {
         		$file_path = trim( preg_replace( '`^' . str_replace( '\\', '/', getcwd() ) . '`' , '', $file_path ), '/' );
         	}

            header( "Content-Disposition: attachment; filename=\"" . $filename . "\";" );

            if ( function_exists( 'apache_get_modules' ) && in_array( 'mod_xsendfile', apache_get_modules() ) ) {

            	header("X-Sendfile: $file_path");
            	exit;

            } elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'lighttpd' ) ) {

            	header( "X-Lighttpd-Sendfile: $file_path" );
            	exit;

            } elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'nginx' ) || stristr( getenv( 'SERVER_SOFTWARE' ), 'cherokee' ) ) {

            	header( "X-Accel-Redirect: /$file_path" );
            	exit;

            }
        }

        if ( $remote_file ) {
        	$this->readfile_chunked( $file_path ) or header( 'Location: ' . $file_path );
        } else {
        	$this->readfile_chunked( $file_path ) or wp_die( __( 'File not found', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );
        }

        exit;
	}

	/**
	 * readfile_chunked
	 * Reads file in chunks so big downloads are possible without changing PHP.INI - http://codeigniter.com/wiki/Download_helper_for_large_files/
	 * @param    string $file
	 * @param    bool   $retbytes return bytes of file
	 * @return bool|int
	 * @todo Meaning of the return value? Last return is status of fclose?
	 */
	public static function readfile_chunked( $file, $retbytes = true ) {

		$chunksize = 1 * ( 1024 * 1024 );
		$buffer = '';
		$cnt = 0;

		$handle = @fopen( $file, 'r' );
		if ( $handle === FALSE ) {
			return FALSE;
		}

		while ( ! feof( $handle ) ) {
			$buffer = fread( $handle, $chunksize );
			echo $buffer;
			@ob_flush();
			@flush();

			if ( $retbytes ) {
				$cnt += strlen( $buffer );
			}
		}

		$status = fclose( $handle );

		if ( $retbytes && $status ) {
			return $cnt;
		}

		return $status;
	}
}

new WC_Download_Handler();
Function refactoring. 2013-08-09 16:11:15 +00:00			`<?php`
			`/**`
			`* Download handler`
			`*`
			`* Handle digital downloads.`
			`*`
			`* @class WC_Download_Handler`
			`* @version 2.1.0`
			`* @package WooCommerce/Classes`
			`* @category Class`
			`* @author WooThemes`
			`*/`
			`class WC_Download_Handler {`

			`/**`
			`* Constructor`
			`*/`
			`public function __construct() {`
			`add_action( 'init', array( $this, 'download_product' ) );`
			`}`

			`/**`
			`* Check if we need to download a file and check validity`
			`*/`
			`public function download_product() {`
			`if ( isset( $_GET['download_file'] ) && isset( $_GET['order'] ) && isset( $_GET['email'] ) ) {`

Tweak download handler Closes #3394. 2013-08-13 13:53:55 +00:00			`global $wpdb;`
Function refactoring. 2013-08-09 16:11:15 +00:00
Removed urldecode from $_GET and $_REQUEST The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. See Notes: http://us1.php.net/manual/en/function.urldecode.php 2014-01-26 09:19:17 +00:00			`$product_id = (int) $_GET['download_file'];`
			`$order_key = $_GET['order'];`
			`$email = sanitize_email( str_replace( ' ', '+', $_GET['email'] ) );`
			`$download_id = isset( $_GET['key'] ) ? preg_replace( '/\s+/', ' ', $_GET['key'] ) : '';`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$_product = get_product( $product_id );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! is_email( $email) ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Invalid email address.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`$query = "`
			`SELECT order_id,downloads_remaining,user_id,download_count,access_expires,download_id`
			`FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions`
			`WHERE user_email = %s`
			`AND order_key = %s`
			`AND product_id = %s";`

			`$args = array(`
			`$email,`
			`$order_key,`
			`$product_id`
			`);`

			`if ( $download_id ) {`
			`// backwards compatibility for existing download URLs`
			`$query .= " AND download_id = %s";`
			`$args[] = $download_id;`
			`}`

			`$download_result = $wpdb->get_row( $wpdb->prepare( $query, $args ) );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! $download_result ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Invalid download.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`$download_id = $download_result->download_id;`
			`$order_id = $download_result->order_id;`
			`$downloads_remaining = $download_result->downloads_remaining;`
			`$download_count = $download_result->download_count;`
			`$user_id = $download_result->user_id;`
			`$access_expires = $download_result->access_expires;`

			`if ( $user_id && get_option( 'woocommerce_downloads_require_login' ) == 'yes' ) {`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! is_user_logged_in() ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . esc_url( wp_login_url( get_permalink( wc_get_page_id( 'myaccount' ) ) ) ) . '" class="wc-forward">' . __( 'Login', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ) );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`} elseif ( ! current_user_can( 'download_file', $download_result ) ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`wp_die( __( 'This is not your download link.', 'woocommerce' ) );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`}`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! get_post( $product_id ) ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Product no longer exists.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`if ( $order_id ) {`
			`$order = new WC_Order( $order_id );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! $order->is_download_permitted() \|\| $order->post_status != 'publish' ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Invalid order.', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00			`}`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $downloads_remaining == '0' ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Sorry, you have reached your download limit for this file', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $access_expires > 0 && strtotime( $access_expires) < current_time( 'timestamp' ) ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'Sorry, this download has expired', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`if ( $downloads_remaining > 0 ) {`
			`$wpdb->update( $wpdb->prefix . "woocommerce_downloadable_product_permissions", array(`
			`'downloads_remaining' => $downloads_remaining - 1,`
			`), array(`
			`'user_email' => $email,`
			`'order_key' => $order_key,`
			`'product_id' => $product_id,`
			`'download_id' => $download_id`
			`), array( '%d' ), array( '%s', '%s', '%d', '%s' ) );`
			`}`

			`// Count the download`
			`$wpdb->update( $wpdb->prefix . "woocommerce_downloadable_product_permissions", array(`
			`'download_count' => $download_count + 1,`
			`), array(`
			`'user_email' => $email,`
			`'order_key' => $order_key,`
			`'product_id' => $product_id,`
			`'download_id' => $download_id`
			`), array( '%d' ), array( '%s', '%s', '%d', '%s' ) );`

			`// Trigger action`
			`do_action( 'woocommerce_download_product', $email, $order_key, $product_id, $user_id, $download_id, $order_id );`

			`// Get the download URL and try to replace the url with a path`
			`$file_path = $_product->get_file_download_path( $download_id );`

			`// Download it!`
Tweak download handler Closes #3394. 2013-08-13 13:53:55 +00:00			`$this->download( $file_path, $product_id );`
Function refactoring. 2013-08-09 16:11:15 +00:00			`}`
			`}`

			`/**`
			`* Download a file - hook into init function.`
			`*/`
Tweak download handler Closes #3394. 2013-08-13 13:53:55 +00:00			`public function download( $file_path, $product_id ) {`
			`global $wpdb, $is_IE;`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`$file_download_method = apply_filters( 'woocommerce_file_download_method', get_option( 'woocommerce_file_download_method' ), $product_id );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! $file_path ) {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`wp_die( __( 'No file defined', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`// Redirect to the file...`
			`if ( $file_download_method == "redirect" ) {`
			`header( 'Location: ' . $file_path );`
			`exit;`
			`}`

			`// ...or serve it`
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`$remote_file = true;`
			`$parsed_file_path = parse_url( $file_path );`

			`$wp_uploads = wp_upload_dir();`
			`$wp_uploads_dir = $wp_uploads['basedir'];`
			`$wp_uploads_url = $wp_uploads['baseurl'];`

			`if ( ( ! isset( $parsed_file_path['scheme'] ) \|\| ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ) ) ) && isset( $parsed_file_path['path'] ) && file_exists( $parsed_file_path['path'] ) ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`/** This is an absolute path */`
			`$remote_file = false;`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`} elseif( strpos( $file_path, $wp_uploads_url ) !== false ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`/** This is a local file given by URL so we need to figure out the path */`
			`$remote_file = false;`
			`$file_path = str_replace( $wp_uploads_url, $wp_uploads_dir, $file_path );`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`} elseif( is_multisite() && ( strpos( $file_path, network_site_url( '/', 'http' ) ) !== false \|\| strpos( $file_path, network_site_url( '/', 'https' ) ) !== false ) ) {`

			`/** This is a local file outside of wp-content so figure out the path */`
			`$remote_file = false;`
Function refactoring. 2013-08-09 16:11:15 +00:00			`// Try to replace network url`
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`$file_path = str_replace( network_site_url( '/', 'https' ), ABSPATH, $file_path );`
			`$file_path = str_replace( network_site_url( '/', 'http' ), ABSPATH, $file_path );`
			`// Try to replace upload URL`
			`$file_path = str_replace( $wp_uploads_url, $wp_uploads_dir, $file_path );`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`} elseif( strpos( $file_path, site_url( '/', 'http' ) ) !== false \|\| strpos( $file_path, site_url( '/', 'https' ) ) !== false ) {`

			`/** This is a local file outside of wp-content so figure out the path */`
			`$remote_file = false;`
			`$file_path = str_replace( site_url( '/', 'https' ), ABSPATH, $file_path );`
			`$file_path = str_replace( site_url( '/', 'http' ), ABSPATH, $file_path );`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`} elseif ( file_exists( ABSPATH . $file_path ) ) {`

			`/** Path needs an abspath to work */`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$remote_file = false;`
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`$file_path = ABSPATH . $file_path;`
			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`if ( ! $remote_file ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`// Remove Query String`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( strstr( $file_path, '?' ) ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$file_path = current( explode( '?', $file_path ) );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`// Run realpath`
			`$file_path = realpath( $file_path );`
Function refactoring. 2013-08-09 16:11:15 +00:00			`}`

cleaned up download handler, use network_site_url instead of network_admin_url for multisite 2014-04-07 14:09:11 +00:00			`// Get extension and type`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$file_extension = strtolower( substr( strrchr( $file_path, "." ), 1 ) );`
			`$ctype = "application/force-download";`

			`foreach ( get_allowed_mime_types() as $mime => $type ) {`
			`$mimes = explode( '\|', $mime );`
			`if ( in_array( $file_extension, $mimes ) ) {`
			`$ctype = $type;`
			`break;`
			`}`
			`}`

			`// Start setting headers`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( ! ini_get('safe_mode') ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`@set_time_limit(0);`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( function_exists( 'get_magic_quotes_runtime' ) && get_magic_quotes_runtime() ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`@set_magic_quotes_runtime(0);`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( function_exists( 'apache_setenv' ) ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`@apache_setenv( 'no-gzip', 1 );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`@session_write_close();`
			`@ini_set( 'zlib.output_compression', 'Off' );`

Revert back to ob_end_clean to fix errors ob_clean does not turn off output buffering as ob_end_clean does. On some hosts ob_clean results in an error like: transfer closed with 3 bytes remaining to read. ob_end_clean fixes this. 2013-12-19 09:14:39 +00:00			`/**`
			`* Prevents errors, for example: transfer closed with 3 bytes remaining to read`
			`*/`
			`@ob_end_clean(); // Clear the output buffer`

			`if ( ob_get_level() ) {`
improved ob_end_clean for download handler 2014-01-03 02:35:17 +00:00
			`$levels = ob_get_level();`

			`for ( $i = 0; $i < $levels; $i++ ) {`
			`@ob_end_clean(); // Zip corruption fix`
			`}`

Revert back to ob_end_clean to fix errors ob_clean does not turn off output buffering as ob_end_clean does. On some hosts ob_clean results in an error like: transfer closed with 3 bytes remaining to read. ob_end_clean fixes this. 2013-12-19 09:14:39 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`if ( $is_IE && is_ssl() ) {`
			`// IE bug prevents download via SSL when Cache Control and Pragma no-cache headers set.`
			`header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );`
			`header( 'Cache-Control: private' );`
			`} else {`
			`nocache_headers();`
			`}`

Filter the filename Closes #5074 2014-03-14 10:04:41 +00:00			`$filename = basename( $file_path );`
Function refactoring. 2013-08-09 16:11:15 +00:00
Filter the filename Closes #5074 2014-03-14 10:04:41 +00:00			`if ( strstr( $filename, '?' ) ) {`
			`$filename = current( explode( '?', $filename ) );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
Filter the filename Closes #5074 2014-03-14 10:04:41 +00:00			`$filename = apply_filters( 'woocommerce_file_download_filename', $filename, $product_id );`

Incorrect "Robots: none" tag? https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag 2013-11-14 12:40:33 +00:00			`header( "X-Robots-Tag: noindex, nofollow", true );`
Function refactoring. 2013-08-09 16:11:15 +00:00			`header( "Content-Type: " . $ctype );`
			`header( "Content-Description: File Transfer" );`
Filter the filename Closes #5074 2014-03-14 10:04:41 +00:00			`header( "Content-Disposition: attachment; filename=\"" . $filename . "\";" );`
Function refactoring. 2013-08-09 16:11:15 +00:00			`header( "Content-Transfer-Encoding: binary" );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $size = @filesize( $file_path ) ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`header( "Content-Length: " . $size );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`if ( $file_download_method == 'xsendfile' ) {`

			`// Path fix - kudos to Jason Judge`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( getcwd() ) {`
Convert back to forward slashes in getcwd closes #4112. @tivnet, can you confirm? I don't have windows. 2013-11-18 11:20:31 +00:00			$file_path = trim( preg_replace( '`^' . str_replace( '\\', '/', getcwd() ) . '`' , '', $file_path ), '/' );
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
Filter the filename Closes #5074 2014-03-14 10:04:41 +00:00			`header( "Content-Disposition: attachment; filename=\"" . $filename . "\";" );`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`if ( function_exists( 'apache_get_modules' ) && in_array( 'mod_xsendfile', apache_get_modules() ) ) {`

			`header("X-Sendfile: $file_path");`
			`exit;`

			`} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'lighttpd' ) ) {`

			`header( "X-Lighttpd-Sendfile: $file_path" );`
			`exit;`

			`} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'nginx' ) \|\| stristr( getenv( 'SERVER_SOFTWARE' ), 'cherokee' ) ) {`

			`header( "X-Accel-Redirect: /$file_path" );`
			`exit;`

			`}`
			`}`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $remote_file ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$this->readfile_chunked( $file_path ) or header( 'Location: ' . $file_path );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`} else {`
replace a few missed →'s. closes #4350 2013-12-12 13:41:58 +00:00			`$this->readfile_chunked( $file_path ) or wp_die( __( 'File not found', 'woocommerce' ) . ' <a href="' . esc_url( home_url() ) . '" class="wc-forward">' . __( 'Go to homepage', 'woocommerce' ) . '</a>' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`exit;`
			`}`

			`/**`
			`* readfile_chunked`
			`* Reads file in chunks so big downloads are possible without changing PHP.INI - http://codeigniter.com/wiki/Download_helper_for_large_files/`
PhpDocs and TODO comments 2013-11-28 16:49:30 +00:00			`* @param string $file`
			`* @param bool $retbytes return bytes of file`
			`* @return bool\|int`
			`* @todo Meaning of the return value? Last return is status of fclose?`
Function refactoring. 2013-08-09 16:11:15 +00:00			`*/`
			`public static function readfile_chunked( $file, $retbytes = true ) {`

			`$chunksize = 1 * ( 1024 * 1024 );`
			`$buffer = '';`
			`$cnt = 0;`

			`$handle = @fopen( $file, 'r' );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $handle === FALSE ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`return FALSE;`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`while ( ! feof( $handle ) ) {`
			`$buffer = fread( $handle, $chunksize );`
			`echo $buffer;`
Suppress errors in download handler Closes #5042 2014-03-05 09:30:12 +00:00			`@ob_flush();`
			`@flush();`
Function refactoring. 2013-08-09 16:11:15 +00:00
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $retbytes ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`$cnt += strlen( $buffer );`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00			`}`

			`$status = fclose( $handle );`

Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`if ( $retbytes && $status ) {`
Function refactoring. 2013-08-09 16:11:15 +00:00			`return $cnt;`
Coding standards, mostly braces 2014-02-26 11:54:16 +00:00			`}`
Function refactoring. 2013-08-09 16:11:15 +00:00
			`return $status;`
			`}`
			`}`

escape download handler URLs 2013-11-26 15:27:46 +00:00			`new WC_Download_Handler();`