Merge pull request #30804 from woocommerce/revert/downloads-path-tweak
Revert/downloads path tweak
This commit is contained in:
jonathansadowski
GitHub
commit
8cdccb1af5
|
|
@ -1,5 +1,20 @@
|
|||
== Changelog ==
|
||||
|
||||
= 5.7.1 2021-09-23 =
|
||||
|
||||
**WooCommerce**
|
||||
|
||||
* Dev - Revert Download filepaths changes.
|
||||
|
||||
**WooCommerce Admin - 2.6.5**
|
||||
|
||||
- Fix: Add filters to get new hidden options #7698
|
||||
|
||||
**WooCommerce Blocks - 5.7.2**
|
||||
|
||||
- Fix - Infinite recursion when removing an attribute filter from the Active filters block. #4816
|
||||
- Fix - Fix Product Search block displaying incorrectly. #4740
|
||||
|
||||
= 5.7.0 2021-09-21 =
|
||||
|
||||
**WooCommerce**
|
||||
|
|
|
|||
|
|
@ -241,11 +241,6 @@ class WC_Download_Handler {
|
|||
* @param string $filename File name.
|
||||
*/
|
||||
public static function download_file_redirect( $file_path, $filename = '' ) {
|
||||
$parsed_file_path = self::parse_file_path( $file_path );
|
||||
$file_path = $parsed_file_path['file_path'];
|
||||
if ( ! $parsed_file_path['remote_file'] ) {
|
||||
$file_path = trim( preg_replace( '`^' . str_replace( '\\', '/', getcwd() ) . '`', '', $file_path ), '/' );
|
||||
}
|
||||
header( 'Location: ' . $file_path );
|
||||
exit;
|
||||
}
|
||||
|
|
@ -274,10 +269,9 @@ class WC_Download_Handler {
|
|||
str_replace( 'https:', 'http:', site_url( '/', 'http' ) ) => ABSPATH,
|
||||
);
|
||||
|
||||
$count = 0;
|
||||
$file_path = str_replace( array_keys( $replacements ), array_values( $replacements ), $file_path, $count );
|
||||
$file_path = str_replace( array_keys( $replacements ), array_values( $replacements ), $file_path );
|
||||
$parsed_file_path = wp_parse_url( $file_path );
|
||||
$remote_file = null === $count || 0 === $count; // Remote file only if there were no replacements.
|
||||
$remote_file = true;
|
||||
|
||||
// Paths that begin with '//' are always remote URLs.
|
||||
if ( '//' === substr( $file_path, 0, 2 ) ) {
|
||||
|
|
@ -297,7 +291,7 @@ class WC_Download_Handler {
|
|||
$file_path = realpath( WP_CONTENT_DIR . substr( $file_path, 11 ) );
|
||||
|
||||
// Check if we have an absolute path.
|
||||
} elseif ( ( ! isset( $parsed_file_path['scheme'] ) || ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ), true ) ) && isset( $parsed_file_path['path'] ) ) {
|
||||
} elseif ( ( ! isset( $parsed_file_path['scheme'] ) || ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ), true ) ) && isset( $parsed_file_path['path'] ) && file_exists( $parsed_file_path['path'] ) ) {
|
||||
$remote_file = false;
|
||||
$file_path = $parsed_file_path['path'];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -95,16 +95,22 @@ class WC_Product_Download implements ArrayAccess {
|
|||
* @return boolean
|
||||
*/
|
||||
public function is_allowed_filetype() {
|
||||
$file_path = $this->get_file();
|
||||
$parsed_file_path = WC_Download_Handler::parse_file_path( $file_path );
|
||||
$file_path = $this->get_file();
|
||||
|
||||
// File types for URL-based files located on the server should get validated.
|
||||
$is_file_on_server = ! $parsed_file_path['remote_file'];
|
||||
$is_file_on_server = false;
|
||||
if ( false !== stripos( $file_path, network_site_url( '/', 'https' ) ) ||
|
||||
false !== stripos( $file_path, network_site_url( '/', 'http' ) ) ||
|
||||
false !== stripos( $file_path, site_url( '/', 'https' ) ) ||
|
||||
false !== stripos( $file_path, site_url( '/', 'http' ) )
|
||||
) {
|
||||
$is_file_on_server = true;
|
||||
}
|
||||
|
||||
if ( ! $is_file_on_server && 'relative' !== $this->get_type_of_file_path() ) {
|
||||
return true;
|
||||
}
|
||||
return ( ! $is_file_on_server && ! $this->get_file_extension() ) || in_array( $this->get_file_type(), $this->get_allowed_mime_types(), true );
|
||||
return ! $this->get_file_extension() || in_array( $this->get_file_type(), $this->get_allowed_mime_types(), true );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -171,7 +177,6 @@ class WC_Product_Download implements ArrayAccess {
|
|||
if ( preg_match( '#^//+(/[^/].+)$#i', $value, $matches ) ) {
|
||||
$value = $matches[1];
|
||||
}
|
||||
|
||||
switch ( $this->get_type_of_file_path( $value ) ) {
|
||||
case 'absolute':
|
||||
$this->data['file'] = esc_url_raw( $value );
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ Tags: e-commerce, store, sales, sell, woo, shop, cart, checkout, downloadable, d
|
|||
Requires at least: 5.6
|
||||
Tested up to: 5.8
|
||||
Requires PHP: 7.0
|
||||
Stable tag: 5.7.0
|
||||
Stable tag: 5.7.1
|
||||
License: GPLv3
|
||||
License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
||||
|
||||
|
|
|
|||
|
|
@ -152,7 +152,7 @@ class WC_Tests_Customer_Functions extends WC_Unit_Test_Case {
|
|||
|
||||
// Test download permissions.
|
||||
$prod_download = new WC_Product_Download();
|
||||
$prod_download->set_file( WC_ABSPATH . 'assets/images/help.png' );
|
||||
$prod_download->set_file( plugin_dir_url( __FILE__ ) . '/assets/images/help.png' );
|
||||
$prod_download->set_id( 'download' );
|
||||
|
||||
$product = new WC_Product_Simple();
|
||||
|
|
@ -382,7 +382,7 @@ class WC_Tests_Customer_Functions extends WC_Unit_Test_Case {
|
|||
$customer_id = wc_create_new_customer( 'test@example.com', 'testuser', 'testpassword' );
|
||||
|
||||
$prod_download = new WC_Product_Download();
|
||||
$prod_download->set_file( WC_ABSPATH . 'assets/images/help.png' );
|
||||
$prod_download->set_file( plugin_dir_url( __FILE__ ) . '/assets/images/help.png' );
|
||||
$prod_download->set_id( 1 );
|
||||
|
||||
$product = new WC_Product_Simple();
|
||||
|
|
|
|||
|
|
@ -1,50 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Class WC_Product_Download_Test.
|
||||
*/
|
||||
class WC_Product_Download_Test extends WC_Unit_Test_Case {
|
||||
|
||||
/**
|
||||
* Helper utitility to get mocked object of WC_Product_Download class.
|
||||
*
|
||||
* @return WC_Product_Download
|
||||
*/
|
||||
public function get_sut_with_get_file() {
|
||||
return $this->getMockBuilder( WC_Product_Download::class )
|
||||
->setMethods( array( 'get_file' ) )
|
||||
->getMock();
|
||||
}
|
||||
|
||||
/**
|
||||
* Test when file appears remote but is local.
|
||||
*/
|
||||
public function test_is_allowed_filetype_when_file_with_false_query_params() {
|
||||
$download = $this->get_sut_with_get_file();
|
||||
$payload = trailingslashit( site_url( '/' ) ) . 'non_exists/?/../../wp-config.php';
|
||||
$download->method( 'get_file' )->willReturn( $payload );
|
||||
$this->assertFalse( $download->is_allowed_filetype() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test when file appears remote, but is local and tries to appear remote by having characters to be stripped by esc_url_raw.
|
||||
*/
|
||||
public function test_is_allowed_filetype_when_file_with_quote_and_false_query_params() {
|
||||
$download = $this->get_sut_with_get_file();
|
||||
$payload = trailingslashit( site_url( '/' ) ) . '"non_exists/?/../../foo.php';
|
||||
$download->method( 'get_file' )->willReturn( $payload );
|
||||
$this->assertFalse( $download->is_allowed_filetype() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Test when file has invalid scheme.
|
||||
*/
|
||||
public function test_is_allowed_filetype_when_file_with_url_escapable_scheme() {
|
||||
$download = $this->get_sut_with_get_file();
|
||||
$payload = trailingslashit( site_url( '/' ) );
|
||||
$payload = str_replace( 'http', 'http;', $payload );
|
||||
$payload = trailingslashit( $payload ) . 'wp-config.php?/../../foo'; // http;//example.com/wp-config.php?/../../foo.
|
||||
$download->method( 'get_file' )->willReturn( $payload );
|
||||
$this->assertFalse( $download->is_allowed_filetype() );
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue