File: /home/plan4ev/public_html/wp-content/plugins/siteorigin-premium/inc/updater.php
<?php
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Allows plugins to use their own update API.
*
* @author Easy Digital Downloads
*
* @version 1.9.2
*/
class SiteOrigin_Premium_Updater {
private $api_url = '';
private $api_data = array();
private $plugin_file = '';
private $name = '';
private $slug = '';
private $version = '';
private $beta = false;
private $wp_override = false;
private $failed_request_cache_key;
private $request_version_info = false;
/**
* Class constructor.
*
* @uses plugin_basename()
* @uses hook()
*
* @param string $_api_url The URL pointing to the custom API endpoint.
* @param string $_plugin_file Path to the plugin file.
* @param array $_api_data Optional data to send with API calls.
*/
public function __construct( $_api_url, $_plugin_file, $_api_data = null ) {
global $edd_plugin_data;
$this->api_url = $_api_url;
$this->api_data = $_api_data;
$this->plugin_file = $_plugin_file;
$this->name = plugin_basename( $_plugin_file );
$this->slug = basename( $_plugin_file, '.php' );
$this->version = $_api_data['version'];
$this->wp_override = isset( $_api_data['wp_override'] ) ? (bool) $_api_data['wp_override'] : false;
$this->beta = ! empty( $this->api_data['beta'] ) ? true : false;
$this->failed_request_cache_key = 'edd_sl_failed_http_' . md5( $this->api_url );
$edd_plugin_data[ $this->slug ] = $this->api_data;
/*
* Fires after the $edd_plugin_data is setup.
*
* @since x.x.x
*
* @param array $edd_plugin_data Array of EDD SL plugin data.
*/
do_action( 'post_edd_sl_plugin_updater_setup', $edd_plugin_data );
// Set up hooks.
$this->init();
}
/**
* Set up WordPress filters to hook into WP's update process.
*
* @uses add_filter()
*
* @return void
*/
public function init() {
add_filter( 'pre_set_site_transient_update_plugins', array( $this, 'check_update' ) );
add_filter( 'plugins_api', array( $this, 'plugins_api_filter' ), 10, 3 );
add_action( 'after_plugin_row', array( $this, 'show_update_notification' ), 10, 2 );
add_action( 'admin_init', array( $this, 'show_changelog' ) );
add_filter( 'upgrader_pre_download', array( $this, 'maybe_shorten_edd_filename' ), 10, 4 );
add_filter( 'auto_update_plugin', array( $this, 'bypass_update_cache' ), 20, 2 );
add_action( 'upgrader_process_complete', array( $this, 'clear_update_cache_after_update' ), 10, 2 );
}
/**
* Check for Updates at the defined API endpoint and modify the update array.
*
* This function dives into the update API just when WordPress creates its update array,
* then adds a custom API call and injects the custom plugin data retrieved from the API.
* It is reassembled from parts of the native WordPress plugin update code.
* See wp-includes/update.php line 121 for the original wp_update_plugins() function.
*
* @uses api_request()
*
* @param array $_transient_data Update array build by WordPress.
*
* @return array Modified update array with custom plugin data.
*/
public function check_update( $_transient_data ) {
global $pagenow;
$check_enabled = apply_filters( 'siteorigin_premium_background_update_check_enabled', true );
$is_updates_page = $pagenow == 'update-core.php';
$is_plugins_updates_page = $pagenow == 'plugins.php' && ! empty( $_GET['plugin_status'] ) && $_GET['plugin_status'] == 'upgrade';
// If check has been disabled using the above filter, just return, unless we're on the updates page or the
// plugins 'Update Available' page.
if (
! $check_enabled &&
! (
$is_updates_page ||
$is_plugins_updates_page
)
) {
return $_transient_data;
}
if ( ! is_object( $_transient_data ) ) {
$_transient_data = new stdClass();
}
if (
! empty( $_transient_data->response ) &&
! empty( $_transient_data->response[ $this->name ] ) &&
false === $this->wp_override
) {
return $_transient_data;
}
// We employ a request based cache here to prevent repeated requests to the API.
if ( empty( $this->request_version_info ) ) {
$cache_key = $this->get_cache_key();
$version_info = $this->get_cached_version_info(
$cache_key,
! empty( $_GET['force-check'] )
);
} else {
$version_info = $this->request_version_info;
}
if (
empty( $this->request_version_info ) &&
false === $version_info
) {
$version_info = $this->api_request( 'plugin_latest_version', array( 'slug' => $this->slug, 'beta' => $this->beta ) );
$this->set_version_info_cache( $version_info );
// To prevent repeated requests, we cache the result for this request.
$this->request_version_info = $version_info;
// It's been three hours since the last license check.
do_action( 'siteorigin_premium_update_check' );
}
if ( ! is_object( $version_info ) ) {
return $_transient_data;
}
$version_info->version = $this->version;
$version_info->current_version = $this->version;
$version_info->id = $this->name;
$version_info->version = $this->version;
$version_info->tested = $this->get_tested_version( $version_info );
$version_info->plugin = $this->name;
if (
isset( $version_info->new_version ) &&
version_compare( $this->version, $version_info->new_version, '<' )
) {
$_transient_data->response[ $this->name ] = $version_info;
} else {
// Required for automatic updates.
$_transient_data->no_update[ $this->name ] = $version_info;
}
$_transient_data->last_checked = time();
$_transient_data->checked[ $this->name ] = $this->version;
return $_transient_data;
}
/**
* Bypass the update cache during automatic updates.
*
* @param bool $update The current update status.
* @param object $item The plugin object.
* @return bool The updated update status.
*/
public function bypass_update_cache( $update, $item ) {
if ( $item->slug !== $this->slug ) {
return $update;
}
// This will only ever be needed during a cron.
$doing_cron = defined( 'DOING_CRON' ) && DOING_CRON;
if ( ! $doing_cron ) {
return $update;
}
// Check if this plugin is set to automatically update.
$auto_updates = (array) get_site_option( 'auto_update_plugins', array() );
if ( ! in_array( $this->name, $auto_updates ) ) {
return $update;
}
// Check if we already know about an update.
$version_info = $this->get_cached_version_info();
if (
! empty( $version_info->new_version ) &&
version_compare( $this->version, $version_info->new_version, '<' )
) {
return true;
}
$version_info = $this->get_repo_api_data( true );
if ( ! $version_info ) {
// If we were unable to fetch the latest data, We have to give up.
return false;
}
// Compare the version from the cache with the latest version.
if ( version_compare( $this->version, $version_info->new_version, '<' ) ) {
return true;
}
return $update;
}
/**
* Get repo API data from store.
* Save to cache.
*
* @return \stdClass
*/
public function get_repo_api_data( $force = false ) {
$version_info = $this->get_cached_version_info( '', $force );
if ( false === $version_info ) {
$version_info = $this->api_request(
'plugin_latest_version',
array(
'slug' => $this->slug,
'beta' => $this->beta,
)
);
if ( ! $version_info ) {
return false;
}
// This is required for your plugin to support auto-updates in WordPress 5.5.
$version_info->plugin = $this->name;
$version_info->current_version = $this->version;
$version_info->id = $this->name;
$version_info->tested = $this->get_tested_version( $version_info );
$this->set_version_info_cache( $version_info );
}
return $version_info;
}
/**
* Gets the plugin's tested version.
*
* @since 1.9.2
*
* @param object $version_info
*
* @return string|null
*/
private function get_tested_version( $version_info ) {
// There is no tested version.
if ( empty( $version_info->tested ) ) {
return null;
}
// Strip off extra version data so the result is x.y or x.y.z.
list( $current_wp_version ) = explode( '-', get_bloginfo( 'version' ) );
// The tested version is greater than or equal to the current WP version, no need to do anything.
if ( version_compare( $version_info->tested, $current_wp_version, '>=' ) ) {
return $version_info->tested;
}
$current_version_parts = explode( '.', $current_wp_version );
$tested_parts = explode( '.', $version_info->tested );
// The current WordPress version is x.y.z, so update the tested version to match it.
if ( isset( $current_version_parts[2] ) && $current_version_parts[0] === $tested_parts[0] && $current_version_parts[1] === $tested_parts[1] ) {
$tested_parts[2] = $current_version_parts[2];
}
return implode( '.', $tested_parts );
}
/**
* Show the update notification on multisite subsites.
*
* @param string $file
* @param array $plugin
*/
public function show_update_notification( $file, $plugin ) {
// Return early if in the network admin, or if this is not a multisite install.
if ( is_network_admin() || ! is_multisite() ) {
return;
}
// Allow single site admins to see that an update is available.
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
if ( $this->name !== $file ) {
return;
}
// Do not print any message if update does not exist.
$update_cache = get_site_transient( 'update_plugins' );
if ( ! isset( $update_cache->response[ $this->name ] ) ) {
if ( ! is_object( $update_cache ) ) {
$update_cache = new stdClass();
}
$update_cache->response[ $this->name ] = $this->get_repo_api_data();
}
// Return early if this plugin isn't in the transient->response or if the site is running the current or newer version of the plugin.
if ( empty( $update_cache->response[ $this->name ] ) || version_compare( $this->version, $update_cache->response[ $this->name ]->new_version, '>=' ) ) {
return;
}
printf(
'<tr class="plugin-update-tr %3$s" id="%1$s-update" data-slug="%1$s" data-plugin="%2$s">',
$this->slug,
$file,
in_array( $this->name, $this->get_active_plugins(), true ) ? 'active' : 'inactive'
);
echo '<td colspan="3" class="plugin-update colspanchange">';
echo '<div class="update-message notice inline notice-warning notice-alt"><p>';
$changelog_link = '';
if ( ! empty( $update_cache->response[ $this->name ]->sections->changelog ) ) {
$changelog_link = add_query_arg(
array(
'edd_sl_action' => 'view_plugin_changelog',
'plugin' => urlencode( $this->name ),
'slug' => urlencode( $this->slug ),
'TB_iframe' => 'true',
'width' => 77,
'height' => 911,
),
self_admin_url( 'index.php' )
);
}
$update_link = add_query_arg(
array(
'action' => 'upgrade-plugin',
'plugin' => urlencode( $this->name ),
),
self_admin_url( 'update.php' )
);
printf(
/* translators: the plugin name. */
esc_html__( 'There is a new version of %1$s available.', 'siteorigin-premium' ),
esc_html( $plugin['Name'] )
);
if ( ! current_user_can( 'update_plugins' ) ) {
echo ' ';
esc_html_e( 'Contact your network administrator to install the update.', 'siteorigin-premium' );
} elseif ( empty( $update_cache->response[ $this->name ]->package ) && ! empty( $changelog_link ) ) {
echo ' ';
printf(
/* translators: 1. opening anchor tag, do not translate 2. the new plugin version 3. closing anchor tag, do not translate. */
__( '%1$sView version %2$s details%3$s.', 'siteorigin-premium' ),
'<a target="_blank" class="thickbox open-plugin-details-modal" href="' . esc_url( $changelog_link ) . '">',
esc_html( $update_cache->response[ $this->name ]->new_version ),
'</a>'
);
} elseif ( ! empty( $changelog_link ) ) {
echo ' ';
printf(
__( '%1$sView version %2$s details%3$s or %4$supdate now%5$s.', 'siteorigin-premium' ),
'<a target="_blank" class="thickbox open-plugin-details-modal" href="' . esc_url( $changelog_link ) . '">',
esc_html( $update_cache->response[ $this->name ]->new_version ),
'</a>',
'<a target="_blank" class="update-link" href="' . esc_url( wp_nonce_url( $update_link, 'upgrade-plugin_' . $file ) ) . '">',
'</a>'
);
} else {
printf(
' %1$s%2$s%3$s',
'<a target="_blank" class="update-link" href="' . esc_url( wp_nonce_url( $update_link, 'upgrade-plugin_' . $file ) ) . '">',
esc_html__( 'Update now.', 'siteorigin-premium' ),
'</a>'
);
}
do_action( "in_plugin_update_message-{$file}", $plugin, $plugin );
echo '</p></div></td></tr>';
}
/**
* Gets the plugins active in a multisite network.
*
* @return array
*/
private function get_active_plugins() {
$active_plugins = (array) get_option( 'active_plugins' );
$active_network_plugins = (array) get_site_option( 'active_sitewide_plugins' );
return array_merge( $active_plugins, array_keys( $active_network_plugins ) );
}
/**
* Updates information on the "View version x.x details" page with custom data.
*
* @uses api_request()
*
* @param mixed $_data
* @param string $_action
* @param object $_args
*
* @return object $_data
*/
public function plugins_api_filter( $_data, $_action = '', $_args = null ) {
if ( 'plugin_information' !== $_action ) {
return $_data;
}
if ( ! isset( $_args->slug ) || ( $_args->slug !== $this->slug ) ) {
return $_data;
}
$to_send = array(
'slug' => $this->slug,
'is_ssl' => is_ssl(),
'fields' => array(
'banners' => array(),
'reviews' => false,
'icons' => array(),
),
);
$cache_key = 'siteorigin_premium_plugin_info_' . md5( serialize( $this->slug . $this->api_data['license'] . $this->beta ) );
// Get the transient where we store the api request for this plugin for 24 hours
$edd_api_request_transient = $this->get_cached_version_info( $cache_key );
//If we have no transient-saved value, run the API, set a fresh transient with the API value, and return that value too right now.
if ( empty( $edd_api_request_transient ) ) {
$api_response = $this->api_request( 'plugin_information', $to_send );
// Expires in 3 hours
$this->set_version_info_cache( $api_response, $cache_key );
if ( false !== $api_response ) {
$_data = $api_response;
}
} else {
$_data = $edd_api_request_transient;
}
// Convert sections into an associative array, since we're getting an object, but Core expects an array.
if ( isset( $_data->sections ) && ! is_array( $_data->sections ) ) {
$_data->sections = $this->convert_object_to_array( $_data->sections );
}
// Convert banners into an associative array, since we're getting an object, but Core expects an array.
if ( isset( $_data->banners ) && ! is_array( $_data->banners ) ) {
$_data->banners = $this->convert_object_to_array( $_data->banners );
}
// Convert icons into an associative array, since we're getting an object, but Core expects an array.
if ( isset( $_data->icons ) && ! is_array( $_data->icons ) ) {
$_data->icons = $this->convert_object_to_array( $_data->icons );
}
// Convert contributors into an associative array, since we're getting an object, but Core expects an array.
if ( isset( $_data->contributors ) && ! is_array( $_data->contributors ) ) {
$_data->contributors = $this->convert_object_to_array( $_data->contributors );
}
if ( ! isset( $_data->plugin ) ) {
$_data->plugin = $this->name;
}
// Set the version property to the current installed version.
// This prevents WordPress warnings when comparing versions.
if ( ! isset( $_data->version ) ) {
$_data->version = $this->version;
}
return $_data;
}
/**
* Convert some objects to arrays when injecting data into the update API
*
* Some data like sections, banners, and icons are expected to be an associative array, however due to the JSON
* decoding, they are objects. This method allows us to pass in the object and return an associative array.
*
* @since 3.6.5
*
* @param stdClass $data
*
* @return array
*/
private function convert_object_to_array( $data ) {
$new_data = array();
foreach ( $data as $key => $value ) {
$new_data[ $key ] = $value;
}
return $new_data;
}
/**
* Disable SSL verification in order to prevent download update failures
*
* @param array $args
* @param string $url
*
* @return object $array
*/
public function http_request_args( $args, $url ) {
if ( strpos( $url, 'https://' ) !== false && strpos( $url, 'edd_action=package_download' ) ) {
$args['sslverify'] = $this->verify_ssl();
}
return $args;
}
/**
* Calls the API and, if successful, returns the object delivered by the API.
*
* @uses get_bloginfo()
* @uses wp_remote_get()
* @uses is_wp_error()
*
* @param string $_action The requested action.
* @param array $_data Parameters for the API action.
*
* @return false|object|void
*/
private function api_request( $_action, $_data ) {
$data = array_merge( $this->api_data, $_data );
if ( $data['slug'] !== $this->slug ) {
return;
}
// Don't allow a plugin to ping itself,
if ( home_url() === $this->api_url ) {
return false;
}
if ( $this->request_recently_failed() ) {
return false;
}
return $this->get_version_from_remote();
}
/**
* Determines if a request has recently failed.
*
* @since 1.9.1
*
* @return bool
*/
private function request_recently_failed() {
$failed_request_details = get_option( $this->failed_request_cache_key );
// Request has never failed.
if ( empty( $failed_request_details ) || ! is_numeric( $failed_request_details ) ) {
return false;
}
/*
* Request previously failed, but the timeout has expired.
* This means we're allowed to try again.
*/
if ( time() > $failed_request_details ) {
delete_option( $this->failed_request_cache_key );
return false;
}
return true;
}
/**
* Logs a failed HTTP request for this API URL.
* We set a timestamp for 1 hour from now. This prevents future API requests from being
* made to this domain for 1 hour. Once the timestamp is in the past, API requests
* will be allowed again. This way if the site is down for some reason we don't bombard
* it with failed API requests.
*
* @see EDD_SL_Plugin_Updater::request_recently_failed
* @since 1.9.1
*/
private function log_failed_request() {
update_option( $this->failed_request_cache_key, strtotime( '+1 hour' ) );
}
public function show_changelog() {
if ( empty( $_REQUEST['edd_sl_action'] ) || 'view_plugin_changelog' !== $_REQUEST['edd_sl_action'] ) {
return;
}
if ( empty( $_REQUEST['plugin'] ) ) {
return;
}
if ( empty( $_REQUEST['slug'] ) || $this->slug !== $_REQUEST['slug'] ) {
return;
}
if ( ! current_user_can( 'update_plugins' ) ) {
wp_die( esc_html__( 'You do not have permission to install plugin updates', 'siteorigin-premium' ), esc_html__( 'Error', 'siteorigin-premium' ), array( 'response' => 403 ) );
}
$version_info = $this->get_repo_api_data();
if ( isset( $version_info->sections ) ) {
$sections = $this->convert_object_to_array( $version_info->sections );
if ( ! empty( $sections['changelog'] ) ) {
echo '<div style="background:#fff;padding:10px;">' . wp_kses_post( $sections['changelog'] ) . '</div>';
}
}
exit;
}
/**
* Gets the current version information from the remote site.
*
* @return array|false
*/
private function get_version_from_remote() {
$api_params = array(
'edd_action' => 'get_version',
'license' => ! empty( $this->api_data['license'] ) ? $this->api_data['license'] : '',
'item_name' => isset( $this->api_data['item_name'] ) ? $this->api_data['item_name'] : false,
'item_id' => isset( $this->api_data['item_id'] ) ? $this->api_data['item_id'] : false,
'version' => isset( $this->api_data['version'] ) ? $this->api_data['version'] : false,
'slug' => $this->slug,
'author' => $this->api_data['author'],
'url' => home_url(),
'beta' => $this->beta,
'php_version' => phpversion(),
'wp_version' => get_bloginfo( 'version' ),
);
/**
* Filters the parameters sent in the API request.
*
* @param array $api_params The array of data sent in the request.
* @param array $this->api_data The array of data set up in the class constructor.
* @param string $this->plugin_file The full path and filename of the file.
*/
$api_params = apply_filters( 'edd_sl_plugin_updater_api_params', $api_params, $this->api_data, $this->plugin_file );
// Used to help with debugging on our side.
if ( get_option( 'siteorigin_premium_ua_debug', false ) ) {
$api_params['user-agent'] = 'SiteOrigin Debug';
}
$request = wp_remote_post(
$this->api_url,
array(
'timeout' => 15,
'sslverify' => $this->verify_ssl(),
'body' => $api_params,
)
);
if ( is_wp_error( $request ) || ( 200 !== wp_remote_retrieve_response_code( $request ) ) ) {
$this->log_failed_request();
return false;
}
$request = json_decode( wp_remote_retrieve_body( $request ) );
if ( $request && isset( $request->sections ) ) {
$request->sections = maybe_unserialize( $request->sections );
} else {
$request = false;
}
if ( $request && isset( $request->banners ) ) {
$request->banners = maybe_unserialize( $request->banners );
}
if ( $request && isset( $request->icons ) ) {
$request->icons = maybe_unserialize( $request->icons );
}
if ( ! empty( $request->sections ) ) {
foreach ( $request->sections as $key => $section ) {
$request->$key = (array) $section;
}
}
return $request;
}
public function get_cached_version_info( $cache_key = '', $force = false ) {
if ( $force ) {
return false;
}
if ( empty( $cache_key ) ) {
$cache_key = $this->get_cache_key();
}
$version = get_transient( $cache_key );
if ( empty( $version ) ) {
return false;
}
// We need to turn the icons into an array, thanks to WP Core forcing these into an object at some point.
$version = json_decode( $version );
if ( ! empty( $version->icons ) ) {
$version->icons = (array) $version->icons;
}
return $version;
}
/**
* Clears the update cache after an update.
* This will prevent a situation where the plugin could be updated again.
*
* @param object $upgrader_object
* @param array $options
*/
public function clear_update_cache_after_update( $upgrader_object, $options ) {
if (
'update' !== $options['action'] ||
'plugin' !== $options['type']
) {
return;
}
// If the current site is a Multisite, it's possible there's no active plugins.
if (
empty( $options['plugins'] ) ||
! is_array( $options['plugins'] )
) {
return;
}
foreach ( $options['plugins'] as $plugin ) {
if ( $this->name === $plugin ) {
$cache_key = $this->get_cache_key();
delete_transient( $cache_key );
}
}
}
/**
* Sets the version information cache, and stores it for 3 hours.
*
* @param mixed $value The value to be cached.
* @param string $cache_key The cache key.
* @return void
*/
public function set_version_info_cache( $value = '', $cache_key = '' ) {
if ( empty( $cache_key ) ) {
$cache_key = $this->get_cache_key();
}
set_transient( $cache_key, wp_json_encode( $value ), 3 * HOUR_IN_SECONDS );
}
/**
* Returns if the SSL of the store should be verified.
*
* @since 1.6.13
*
* @return bool
*/
private function verify_ssl() {
return (bool) apply_filters( 'edd_sl_api_request_verify_ssl', true, $this );
}
/**
* Gets the unique key (option name) for a plugin.
*
* @since 1.9.0
*
* @return string
*/
private function get_cache_key() {
$string = $this->slug . $this->api_data['license'] . $this->beta;
return 'siteorigin_premium_updater_' . md5( serialize( $string ) );
}
// Truncate EDD filename to prevent issues with updating on windows - Resolve #67
// From this gist: https://gist.github.com/spivurno/d7a93ab4920c4fa88bad0e5177b45ba1 by David Smith (https://gist.github.com/spivurno)
public function maybe_shorten_edd_filename( $return, $package ) {
if ( strpos( $package, '/edd-sl/package_download/' ) !== false ) {
add_filter( 'wp_unique_filename', array( $this, 'shorten_edd_filename' ), 10, 2 );
}
return $return;
}
public function shorten_edd_filename( $filename, $ext ) {
$filename = substr( $filename, 0, 50 ) . $ext;
remove_filter( 'wp_unique_filename', array( $this, 'shorten_edd_filename' ), 10 );
return $filename;
}
}
/**
* Create a more friendly error message for unauthorized errors.
*
* @return mixed
*/
function siteorigin_premium_updater_http_response_debug( $response, $args, $url ) {
if (
// Check that we have a response.
isset( $response['response'] ) &&
is_array( $response['response'] ) &&
// Check that the response is a 401.
isset( $response['response']['code'] ) &&
$response['response']['code'] == 401 &&
// Check that it comes from our server.
strpos( $url, SiteOrigin_Premium_EDD_Actions::EDD_ACTIONS_HOST ) !== false &&
strpos( $url, 'package_download' ) !== false
) {
// Extract values from token.
$url_parts = parse_url( $url );
$paths = array_values( explode( '/', $url_parts['path'] ) );
$token = end( $paths );
$values = explode( ':', base64_decode( $token ) );
if ( count( $values ) !== 6 ) {
$response['response']['message'] = __( 'Invalid token supplied', 'siteorigin-premium' );
return $response;
}
// This could also be an actual check_license response with the above vars!
$response['response']['message'] = sprintf(
__( 'License key expired or not activated for this URL. Please contact %s for help.', 'siteorigin-premium' ),
'<a href="mailto:support@siteorigin.com" target="_blank">support@siteorigin.com</a>'
);
}
return $response;
}
add_filter( 'http_response', 'siteorigin_premium_updater_http_response_debug', 10, 3 );