Prevent ms-files.php accessing protected downloads when multisite is enabled

2012-03-13 16:59:21 +00:00 · 2012-03-13 16:59:21 +00:00 · 4b315dd7ff
parent af2aa81eb8
commit 4b315dd7ff
3 changed files with 27 additions and 0 deletions
--- a/admin/woocommerce-admin-functions.php
+++ b/admin/woocommerce-admin-functions.php
@ -26,6 +26,8 @@ function woocomerce_check_download_folder_protection() {
 			unlink( $downloads_url . '/.htaccess' );
 		endif;
 		
+		flush_rewrite_rules( true );
+		
 	else :
 		
 		// Force method - protect, add rules to the htaccess file
@ -36,8 +38,30 @@ function woocomerce_check_download_folder_protection() {
 			endif;
 		endif;
 		
+		flush_rewrite_rules( true );
+		
 	endif;
 } 
+
+/**
+ * Protect downlodas from ms-files.php in multisite
+ */
+function woocommerce_ms_protect_download_rewite_rules( $rewrite ) {
+    global $wp_rewrite;
+    
+    $download_method	= get_option('woocommerce_file_download_method');
+    
+    if (!is_multisite() || $download_method=='redirect') return $rewrite;
+	
+	$rule  = "\n# WooCommerce Rules - Protect Files from ms-files.php\n\n";
+	$rule .= "<IfModule mod_rewrite.c>\n";
+	$rule .= "RewriteEngine On\n";
+	$rule .= "RewriteCond %{QUERY_STRING} file=woocommerce_uploads/ [NC]\n";
+	$rule .= "RewriteRule /ms-files.php$ - [F]\n";
+	$rule .= "</IfModule>\n\n";
+
+	return $rule . $rewrite;
+}
 
 /**
 * Deleting products sync
--- a/admin/woocommerce-admin-hooks.php
+++ b/admin/woocommerce-admin-hooks.php
@ -16,6 +16,7 @@ add_action('delete_post', 'woocommerce_delete_product_sync', 10);
 add_action('admin_init', 'woocommerce_preview_emails');
 add_action('admin_init', 'woocommerce_prevent_admin_access');
 add_action('woocommerce_settings_saved', 'woocomerce_check_download_folder_protection');
+add_filter('mod_rewrite_rules', 'woocommerce_ms_protect_download_rewite_rules');

 /** Filters ***************************************************************/

--- a/readme.txt
+++ b/readme.txt
@ -167,6 +167,8 @@ Yes you can! Join in on our [GitHub repository](http://github.com/woothemes/wooc
 * Upsells/cross sells interface
 * Danish translation by Frederik Svarre
 * Single product title template file now hooked in
+* variation menu_order for organisation (drag and drop)
+* Prevent ms-files.php accessing protected downloads when multisite is enabled

 = 1.5.1 - 08/03/2012 =
 * Persistent (logged-in) customer carts (thanks dominic-p)