From 969fd22849554f914ed74b75b06b9e66ecbf0aed Mon Sep 17 00:00:00 2001 From: toddlahman Date: Sun, 25 May 2014 14:10:23 -0700 Subject: [PATCH] Confirm buffer is not empty before erasing Confirm file_exists before opening. For PHP 5.3 or earlier, check if safe_mode is active to avoid errors. --- includes/class-wc-download-handler.php | 42 +++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/includes/class-wc-download-handler.php b/includes/class-wc-download-handler.php index be4c38362d9..14258ff891c 100644 --- a/includes/class-wc-download-handler.php +++ b/includes/class-wc-download-handler.php @@ -152,7 +152,7 @@ class WC_Download_Handler { // ...or serve it $remote_file = true; $parsed_file_path = parse_url( $file_path ); - + $wp_uploads = wp_upload_dir(); $wp_uploads_dir = $wp_uploads['basedir']; $wp_uploads_url = $wp_uploads['baseurl']; @@ -186,7 +186,7 @@ class WC_Download_Handler { $file_path = str_replace( site_url( '/', 'http' ), ABSPATH, $file_path ); } elseif ( file_exists( ABSPATH . $file_path ) ) { - + /** Path needs an abspath to work */ $remote_file = false; $file_path = ABSPATH . $file_path; @@ -233,16 +233,19 @@ class WC_Download_Handler { /** * Prevents errors, for example: transfer closed with 3 bytes remaining to read */ - @ob_end_clean(); // Clear the output buffer + if ( ob_get_length() ) { - if ( ob_get_level() ) { + if ( ob_get_level() ) { - $levels = ob_get_level(); + $levels = ob_get_level(); - for ( $i = 0; $i < $levels; $i++ ) { - @ob_end_clean(); // Zip corruption fix + for ( $i = 0; $i < $levels; $i++ ) { + ob_end_clean(); // Zip corruption fix + } + + } else { + ob_end_clean(); // Clear the output buffer } - } if ( $is_IE && is_ssl() ) { @@ -299,9 +302,9 @@ class WC_Download_Handler { } if ( $remote_file ) { - $this->readfile_chunked( $file_path ) or header( 'Location: ' . $file_path ); + $this->readfile_chunked( $file_path ) || header( 'Location: ' . $file_path ); } else { - $this->readfile_chunked( $file_path ) or wp_die( __( 'File not found', 'woocommerce' ) . ' ' . __( 'Go to homepage', 'woocommerce' ) . '' ); + $this->readfile_chunked( $file_path ) || wp_die( __( 'File not found', 'woocommerce' ) . ' ' . __( 'Go to homepage', 'woocommerce' ) . '' ); } exit; @@ -321,16 +324,27 @@ class WC_Download_Handler { $buffer = ''; $cnt = 0; - $handle = @fopen( $file, 'r' ); - if ( $handle === FALSE ) { + if ( file_exists( $file ) ) { + $handle = fopen( $file, 'r' ); + if ( $handle === FALSE ) { + return FALSE; + } + } elseif ( version_compare( PHP_VERSION, '5.4.0', '<' ) && ini_get( 'safe_mode' ) ) { + $handle = @fopen( $file, 'r' ); + if ( $handle === FALSE ) { + return FALSE; + } + } else { return FALSE; } while ( ! feof( $handle ) ) { $buffer = fread( $handle, $chunksize ); echo $buffer; - @ob_flush(); - @flush(); + if ( ob_get_length() ) { + ob_flush(); + flush(); + } if ( $retbytes ) { $cnt += strlen( $buffer );