Merge pull request #9717 from awesomemotive/release/3.2.10

Adding EDD 3.2.10

easy-digital-downloads.php

@@ -5,7 +5,7 @@
  * Description: The easiest way to sell digital products with WordPress.
  * Author: Easy Digital Downloads
  * Author URI: https://easydigitaldownloads.com
- * Version: 3.2.9
+ * Version: 3.2.10
  * Text Domain: easy-digital-downloads
  * Domain Path: /languages
  * Requires at least: 5.8
@@ -27,7 +27,7 @@
  * @package EDD
  * @category Core
  * @author Easy Digital Downloads
- * @version 3.2.9
+ * @version 3.2.10
  */
 
 // Exit if accessed directly.

includes/admin/upgrades/v3/class-data-migrator.php

@@ -7,10 +7,13 @@
  * @license     http://opensource.org/licenses/gpl-2.0.php GNU Public License
  * @since       3.0
  */
+
 namespace EDD\Admin\Upgrades\v3;
 
-// Exit if accessed directly
-defined( 'ABSPATH' ) || exit;
+// Exit if accessed directly.
+defined( 'ABSPATH' ) || exit; // @codeCoverageIgnore
+
+use EDD\Utils\Data\Serializer;
 
 /**
  * Data_Migrator Class.
@@ -429,20 +432,23 @@ public static function order_notes( $data = null ) {
 		}
 	}
 
+	/**
+	 * Orders.
+	 *
+	 * @since 3.0
+	 * @param object $data Data to migrate.
+	 */
 	public static function orders( $data = null ) {
 
 		// Bail if no data passed.
 		if ( ! $data ) {
 			return false;
 		}
 
-		/** Create a new order ***************************************/
-		global $wpdb;
-
-		// Get's all the post meta for this payment.
+		// Gets all the post meta for this payment.
 		$meta = get_post_custom( $data->ID );
 
-		$payment_meta = maybe_unserialize( $meta['_edd_payment_meta'][0] );
+		$payment_meta = Serializer::maybe_unserialize( $meta['_edd_payment_meta'][0] );
 		$user_info    = isset( $payment_meta['user_info'] ) ? maybe_unserialize( $payment_meta['user_info'] ) : array();
 
 		// It is possible that for some reason the entire unserialized array is invalid, so before trying to use it, let's just verify we got an array back.
@@ -1573,16 +1579,10 @@ private static function normalize_cart_details( $cart_details ) {
 	 * Given that some data quite possible has bad serialization, we need to possibly fix the bad serialization.
 	 *
 	 * @since 3.0.0
-	 *
-	 * @param $data
-	 *
+	 * @param mixed $data The data to fix.
 	 * @return mixed
 	 */
 	public static function fix_possible_serialization( $data ) {
-		if ( ! is_array( $data ) && is_string( $data ) ) {
-			$data = substr_replace( $data, 'a', 0, 1 );
-		}
-
-		return $data;
+		return Serializer::fix_possible_serialization( $data );
 	}
 }

includes/admin/upload-functions.php

@@ -9,8 +9,8 @@
  * @since       1.0
  */
 
-// Exit if accessed directly
-defined( 'ABSPATH' ) || exit;
+// Exit if accessed directly.
+defined( 'ABSPATH' ) || exit; // @codeCoverageIgnore
 
 /**
  * Change Downloads Upload Directory
@@ -22,21 +22,22 @@
  * provides protection to anything uploaded to it.
  *
  * @since 1.0
- * @global $pagenow
+ * @since 3.2.10 The function hooks into the wp_handle_upload_prefilter action.
+ * @param array $file
  * @return void
  */
-function edd_change_downloads_upload_dir() {
-	global $pagenow;
-
-	if ( ! empty( $_REQUEST['post_id'] ) && ( 'async-upload.php' == $pagenow || 'media-upload.php' == $pagenow ) ) {
-		if ( 'download' == get_post_type( $_REQUEST['post_id'] ) ) {
-			edd_create_protection_files( true );
-			add_filter( 'upload_dir', 'edd_set_upload_dir' );
-		}
+function edd_change_downloads_upload_dir( $file = array() ) {
+	if ( empty( $_REQUEST['post_id'] ) ) {
+		return $file;
+	}
+	if ( 'download' === get_post_type( $_REQUEST['post_id'] ) ) {
+		delete_transient( 'edd_check_protection_files' );
+		add_filter( 'upload_dir', 'edd_set_upload_dir' );
 	}
-}
-add_action( 'admin_init', 'edd_change_downloads_upload_dir', 999 );
 
+	return $file;
+}
+add_filter( 'wp_handle_upload_prefilter', 'edd_change_downloads_upload_dir', 5 );
 
 /**
  * Creates blank index.php and .htaccess files
@@ -46,42 +47,59 @@ function edd_change_downloads_upload_dir() {
  *
  * @since 1.1.5
  *
- * @param bool $force
- * @param bool $method
+ * @param bool $force  Whether to force the creation of the protection files.
+ * @param bool $method The method used to download files.
  */
 function edd_create_protection_files( $force = false, $method = false ) {
+	$file_system = EDD\Utils\FileSystem::get_fs();
 	if ( false === get_transient( 'edd_check_protection_files' ) || $force ) {
 
 		$upload_path = edd_get_upload_dir();
 
-		// Top level .htaccess file
+		// Check if the main upload path is writable.
+		$upload_path_writeable = wp_is_writable( $upload_path );
+
+		// Top level .htaccess file.
 		$rules = edd_get_htaccess_rules( $method );
 		if ( edd_htaccess_exists() ) {
-			$contents = @file_get_contents( $upload_path . '/.htaccess' );
+			$contents = $file_system->get_contents( $upload_path . '/.htaccess' );
 			if ( $contents !== $rules || ! $contents ) {
-				// Update the .htaccess rules if they don't match
-				@file_put_contents( $upload_path . '/.htaccess', $rules );
+				// Update the .htaccess rules if they don't match.
+				$file_system->put_contents( $upload_path . '/.htaccess', $rules );
 			}
-		} elseif ( wp_is_writable( $upload_path ) ) {
-			// Create the file if it doesn't exist
-			@file_put_contents( $upload_path . '/.htaccess', $rules );
+		} elseif ( $upload_path_writeable ) {
+			// Create the file if it doesn't exist.
+			$file_system->put_contents( $upload_path . '/.htaccess', $rules );
 		}
 
-		// Top level blank index.php
-		if ( ! file_exists( $upload_path . '/index.php' ) && wp_is_writable( $upload_path ) ) {
-			@file_put_contents( $upload_path . '/index.php', '<?php' . PHP_EOL . '// Silence is golden.' );
+		// Top level blank index.php.
+		if ( $upload_path_writeable && ! file_exists( $upload_path . '/index.php' ) ) {
+			$file_system->put_contents( $upload_path . '/index.php', '<?php' . PHP_EOL . '// Silence is golden.' );
 		}
 
-		// Now place index.php files in all sub folders
+		if ( $upload_path_writeable && ! file_exists( $upload_path . '/index.html' ) ) {
+			$file_system->put_contents( $upload_path . '/index.html', '' );
+		}
+
+		// Now place index.php files in all sub folders.
 		$folders = edd_scan_folders( $upload_path );
 		foreach ( $folders as $folder ) {
-			// Create index.php, if it doesn't exist
-			if ( ! file_exists( $folder . 'index.php' ) && wp_is_writable( $folder ) ) {
-				@file_put_contents( $folder . 'index.php', '<?php' . PHP_EOL . '// Silence is golden.' );
+			// Continue if the folder is not writable.
+			if ( ! wp_is_writable( $folder ) ) {
+				continue;
+			}
+
+			// Create index.php, if it doesn't exist.
+			if ( ! file_exists( $folder . 'index.php' ) ) {
+				$file_system->put_contents( $folder . 'index.php', '<?php' . PHP_EOL . '// Silence is golden.' );
+			}
+
+			if ( ! file_exists( $folder . 'index.html' ) ) {
+				$file_system->put_contents( $folder . 'index.html', '' );
 			}
 		}
 
-		// Check for the files once per day
+		// Check for the files once per day.
 		set_transient( 'edd_check_protection_files', true, DAY_IN_SECONDS );
 	}
 }
@@ -103,40 +121,24 @@ function edd_htaccess_exists() {
  * Scans all folders inside of /uploads/edd
  *
  * @since 1.1.5
+ * @since 3.2.10 Switched to using glob() for better performance and accuracy.
  *
- * @param string $path   Path to scan
- * @param array  $return Results of previous recursion
+ * @param string $path   Path to scan.
+ * @param array  $return Results of previous recursion (Deprecated in 3.2.10).
  *
  * @return array $return List of files inside directory
  */
 function edd_scan_folders( $path = '', $return = array() ) {
-	$path  = ( $path === '' ) ? dirname( __FILE__ ) : $path;
-	$lists = @scandir( $path );
-
-	// Bail early if nothing to scan
-	if ( empty( $lists ) ) {
-		return $return;
-	}
+	$path = ! empty( $path ) ? $path : __DIR__;
 
-	// Loop through directory items
-	foreach ( $lists as $f ) {
-		$dir = $path . DIRECTORY_SEPARATOR . $f;
+	// Get the main directories in the root of the directory we're scanning.
+	$upload_root_dirs = glob( $path . '/*', GLOB_ONLYDIR | GLOB_NOSORT | GLOB_MARK );
 
-		// Skip if not a directory
-		if ( ! is_dir( $dir ) || ( $f === "." ) || ( $f === ".." ) ) {
-			continue;
-		}
-
-		// Maybe add directory to return array
-		if ( ! in_array( $dir, $return, true ) ) {
-			$return[] = trailingslashit( $dir );
-		}
-
-		// Recursively scan
-		edd_scan_folders( $dir, $return );
-	}
+	// Now get all the recursive directories.
+	$upload_sub_dirs = glob( $path . '/*/**', GLOB_ONLYDIR | GLOB_NOSORT | GLOB_MARK );
 
-	return $return;
+	// Merge the two arrays together, and avoid any possible duplicates.
+	return array_unique( array_merge( $upload_root_dirs, $upload_sub_dirs ) );
 }
 
 /**
@@ -155,21 +157,21 @@ function edd_get_htaccess_rules( $method = false ) {
 
 	switch ( $method ) {
 
-		case 'redirect' :
-			// Prevent directory browsing
-			$rules = "Options -Indexes";
+		case 'redirect':
+			// Prevent directory browsing.
+			$rules = 'Options -Indexes';
 			break;
 
-		case 'direct' :
-		default :
-			// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails)
+		case 'direct':
+		default:
+			// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails).
 			$allowed_filetypes = apply_filters( 'edd_protected_directory_allowed_filetypes', array( 'jpg', 'jpeg', 'png', 'gif', 'mp3', 'ogg', 'webp' ) );
-			$rules = "Options -Indexes\n";
-			$rules .= "deny from all\n";
-			$rules .= "<FilesMatch '\.(" . implode( '|', $allowed_filetypes ) . ")$'>\n";
-			    $rules .= "Order Allow,Deny\n";
-			    $rules .= "Allow from all\n";
-			$rules .= "</FilesMatch>\n";
+			$rules             = "Options -Indexes\n";
+			$rules            .= "deny from all\n";
+			$rules            .= "<FilesMatch '\.(" . implode( '|', $allowed_filetypes ) . ")$'>\n";
+				$rules        .= "Order Allow,Deny\n";
+				$rules        .= "Allow from all\n";
+			$rules            .= "</FilesMatch>\n";
 			break;
 	}
 

includes/blocks/includes/orders/orders.php

@@ -106,7 +106,11 @@ function orders( $block_attributes = array() ) {
  */
 function confirmation( $block_attributes = array() ) {
 	$session = Functions\get_purchase_session();
-	if ( empty( $session['purchase_key'] ) ) {
+	$order   = false;
+	if ( ! empty( $session['purchase_key'] ) ) {
+		$order = edd_get_order_by( 'payment_key', $session['purchase_key'] );
+	}
+	if ( ! $order ) {
 		if ( Helpers\is_block_editor() ) {
 			return '<p class="edd-alert edd-alert-info">' . esc_html( __( 'To view a sample confirmation screen, you need to have at least one order in your store.', 'easy-digital-downloads' ) ) . '</p>';
 		}
@@ -133,7 +137,6 @@ function confirmation( $block_attributes = array() ) {
 	?>
 	<div class="<?php echo esc_attr( implode( ' ', array_filter( $classes ) ) ); ?>">
 		<?php
-		$order                  = edd_get_order_by( 'payment_key', $session['purchase_key'] );
 		$edd_receipt_args['id'] = $order->id;
 		include EDD_BLOCKS_DIR . 'views/orders/receipt-items.php';
 		include EDD_BLOCKS_DIR . 'views/orders/totals.php';
@@ -168,9 +171,10 @@ function receipt( $block_attributes = array() ) {
 		)
 	);
 	$payment_key      = Functions\get_payment_key();
+	$order            = edd_get_order_by( 'payment_key', $payment_key );
 
-	// No key found.
-	if ( ! $payment_key ) {
+	// No order found.
+	if ( ! $order ) {
 		if ( Helpers\is_block_editor() ) {
 			return '<p class="edd-alert edd-alert-info">' . esc_html( __( 'To view a sample receipt, you need to have at least one order in your store.', 'easy-digital-downloads' ) ) . '</p>';
 		}
@@ -181,7 +185,6 @@ function receipt( $block_attributes = array() ) {
 	ob_start();
 	edd_print_errors();
 
-	$order         = edd_get_order_by( 'payment_key', $payment_key );
 	$user_can_view = edd_can_view_receipt( $order );
 	if ( ! $user_can_view ) {
 		show_no_access_message( $order );