Skip to content

Commit

Permalink
Version 5.13.2
Browse files Browse the repository at this point in the history
* [fix] Missing mimetype when uploading banner images
* [update] Rollback to v1.1 for clicktracker Javascript
adegans committed Jul 13, 2024

Verified

This commit was signed with the committer’s verified signature. The key has expired.
bajtos Miroslav Bajtoš
1 parent f0fd67f commit 821481a
Showing 13 changed files with 132 additions and 131 deletions.
29 changes: 16 additions & 13 deletions adrotate-admin-functions.php
Original file line number Diff line number Diff line change
@@ -258,11 +258,12 @@ function adrotate_ad_is_in_groups($id) {
Purpose: Clean up file names of files that are being uploaded.
-------------------------------------------------------------*/
function adrotate_sanitize_file_name($filename) {
$filename_raw = $filename;
$special_chars = array('?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', '"', '\'', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}');

$filename = str_replace($special_chars, '', $filename);
$filename = preg_replace('/[\s-]+/', '-', $filename);
$filename = strtolower(trim($filename, '.-_'));

return $filename;
}

@@ -365,8 +366,9 @@ function adrotate_dashboard_scripts() {
function adrotate_notifications_dashboard() {
global $current_user;

$displayname = (strlen($current_user->user_firstname) > 0) ? $current_user->user_firstname : $current_user->display_name;

if(current_user_can('adrotate_ad_manage')) {
$displayname = (strlen($current_user->user_firstname) > 0) ? $current_user->user_firstname : $current_user->display_name;
$page = (isset($_GET['page'])) ? $_GET['page'] : '';

// These only show on AdRotate pages
@@ -432,19 +434,20 @@ function adrotate_notifications_dashboard() {

if(current_user_can('update_plugins')) {
// Finish update
// Keep for manual updates
$adrotate_db_version = get_option("adrotate_db_version");
$adrotate_version = get_option("adrotate_version");
$adrotate_db_version = get_option('adrotate_db_version');
$adrotate_version = get_option('adrotate_version');

if($adrotate_db_version['current'] < ADROTATE_DB_VERSION OR $adrotate_version['current'] < ADROTATE_VERSION) {
$plugins = get_plugins();
$plugin_version = $plugins['adrotate/adrotate.php']['Version'];

$plugin_version = get_plugins();
$plugin_version = $plugin_version['adrotate/adrotate.php']['Version'];

// Do the update
adrotate_finish_upgrade();

// Thank user for updating
echo "<div class=\"ajdg-notification notice\">";
echo " <div class=\"ajdg-notification-logo\" style=\"background-image: url('".plugins_url('/images/notification.png', __FILE__)."');\"><span></span></div>";
echo " <div class=\"ajdg-notification-message\">Thanks for updating <strong>".$displayname."</strong>! You have almost completed updating <strong>AdRotate</strong> to version <strong>".$plugin_version."</strong>!<br />To complete the update <strong>click the button on the right</strong>. This may take a few seconds to complete!<br />For an overview of what has changed take a look at the <a href=\"https://ajdg.solutions/support/adrotate-development/?mtm_campaign=adrotate&mtm_keyword=finish_update_notification\" target=\"_blank\">development page</a> and usually there is an article on <a href=\"https://ajdg.solutions/blog/\" target=\"_blank\">the blog</a> with more information as well.</div>";
echo " <div class=\"ajdg-notification-cta\">";
echo " <a href=\"".wp_nonce_url('admin.php?page=adrotate-settings&tab=maintenance&action=update-db', 'nonce', 'adrotate-nonce')."\" class=\"ajdg-notification-act button-primary update-button\">Finish update</a>";
echo " </div>";
echo " <div class=\"ajdg-notification-logo\" style=\"background-image:url('".plugins_url('/images/notification.png', __FILE__)."');\"><span></span></div>";
echo " <div class=\"ajdg-notification-message\">Hi there <strong>".$displayname."</strong>! You have just updated <strong>AdRotate Professional</strong> to version <strong>".$plugin_version."</strong>!<br />Thanks for staying up-to-date! Your <strong>Database and settings</strong> have been updated to the latest version.<br />For an overview of what has changed take a look at the <a href=\"https://ajdg.solutions/support/adrotate-development/?mtm_campaign=adrotate&mtm_keyword=finish_update_notification\" target=\"_blank\">development page</a> and usually there is an article on <a href=\"https://ajdg.solutions/blog/\" target=\"_blank\">the blog</a> with more information as well.</div>";
echo "</div>";
}
}
49 changes: 29 additions & 20 deletions adrotate-admin-manage.php
Original file line number Diff line number Diff line change
@@ -416,56 +416,65 @@ function adrotate_insert_group() {
Purpose: Prepare input form on saving new or updated banners
-------------------------------------------------------------*/
function adrotate_insert_media() {
global $wpdb, $adrotate_config;
global $adrotate_config;

if(wp_verify_nonce($_POST['adrotate_nonce'], 'adrotate_save_media')) {
if(current_user_can('adrotate_ad_manage')) {

if($_FILES['adrotate_image']['size'] > 0 AND $_FILES['adrotate_image']['size'] <= 512000) {
$file_path = WP_CONTENT_DIR.'/'.esc_attr($_POST['adrotate_image_location']).'/';
$file = explode('.', adrotate_sanitize_file_name($_FILES['adrotate_image']['name']));
$file_name = implode('.', $file);
$file_extension = array_pop($file);
$file_mimetype = mime_content_type($_FILES['adrotate_image']['tmp_name']);
$file_path = WP_CONTENT_DIR."/".esc_attr($_POST['adrotate_image_location'])."/";

$file = pathinfo(adrotate_sanitize_file_name($_FILES['adrotate_image']['name']));
$file['mimetype'] = mime_content_type($_FILES['adrotate_image']['tmp_name']);

// Everyone can upload these
$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'svg', 'webp');
$allowed_mimetypes = array('image/jpg', 'image/pjpeg', 'image/jpeg', 'image/gif', 'image/png', 'image/svg', 'image/webp');
$allowed_mimetypes = array('image/jpg', 'image/jpeg', 'image/gif', 'image/png', 'image/svg', 'image/webp');

if(current_user_can('unfiltered_html')) {
// Higher level and enabled users can also upload these.
$allowed_extensions = array_merge($allowed_extensions, array('html', 'htm', 'js', 'zip'));
$allowed_mimetypes = array_merge($allowed_mimetypes, array('text/html', 'text/htm', 'application/x-javascript', 'application/javascript', 'text/javascript', 'application/zip'));
}

if(in_array($file_extension, $allowed_extensions) AND in_array($file_mimetype, $allowed_mimetypes)) {
if(in_array($file['extension'], $allowed_extensions) AND in_array($file['mimetype'], $allowed_mimetypes)) {
if ($_FILES['adrotate_image']['error'] > 0) {
if($_FILES['adrotate_image']['error'] == 1 OR $_FILES['adrotate_image']['error'] == 2) $errorcode = 511;
else if($_FILES['adrotate_image']['error'] == 3) $errorcode = 506;
else if($_FILES['adrotate_image']['error'] == 4) $errorcode = 506;
else if($_FILES['adrotate_image']['error'] == 6 OR $_FILES['adrotate_image']['error'] == 7) $errorcode = 506;
else $errorcode = '';
if($_FILES['adrotate_image']['error'] == 1 OR $_FILES['adrotate_image']['error'] == 2) {
$errorcode = 511;
} else if($_FILES['adrotate_image']['error'] == 3) {
$errorcode = 506;
} else if($_FILES['adrotate_image']['error'] == 4) {
$errorcode = 506;
} else if($_FILES['adrotate_image']['error'] == 6 OR $_FILES['adrotate_image']['error'] == 7) {
$errorcode = 506;
} else {
$errorcode = '';
}

adrotate_return('adrotate-media', $errorcode); // Other error
} else {
if(!move_uploaded_file($_FILES['adrotate_image']['tmp_name'], $file_path.$file_name)) {
if(!move_uploaded_file($_FILES['adrotate_image']['tmp_name'], $file_path.$file['basename'])) {
adrotate_return('adrotate-media', 506); // Upload error
}

if($file_mimetype == 'application/zip' AND $file_extension == 'zip') {
if(($file['mimetype'] == 'application/zip' OR $file['mimetype'] == 'application/zip-compressed' OR $file['mimetype'] == 'application/x-zip-compressed') AND $file['extension'] == 'zip') {
require_once(ABSPATH .'/wp-admin/includes/file.php');

$creds = request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', false, $file_path, null);
if(!WP_Filesystem($creds)) {
request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', true, $file_path, null);
$creds = request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', true, $file_path, null);
}

$unzipfile = unzip_file($file_path.$file_name.'.'.$file_extension, $file_path.$file_name);
$unzipfile = unzip_file($file_path.$file['basename'], $file_path.$file['filename']);
if(is_wp_error($unzipfile)) {
adrotate_return('adrotate-media', 512); // Can not unzip file
adrotate_return('adrotate-media', 512, array('error' => $unzipfile->get_error_message())); // Can not unzip file
}

// Delete unwanted files
adrotate_clean_folder_contents($file_path.$file_name);
adrotate_clean_folder_contents($file_path.$file['filename']);

// Delete the uploaded zip
adrotate_unlink($file_name.'.'.$file_extension);
adrotate_unlink($file['basename']);
}

adrotate_return('adrotate-media', 202); // Success
8 changes: 4 additions & 4 deletions adrotate-output.php
Original file line number Diff line number Diff line change
@@ -583,13 +583,13 @@ function adrotate_scripts() {
}

if(get_option('adrotate_dynamic_required') > 0) {
wp_enqueue_script('adrotate-dyngroup', plugins_url('/library/jquery.dyngroup.js', __FILE__), false, null, $in_footer);
wp_enqueue_script('adrotate-groups', plugins_url('/library/jquery.groups.js', __FILE__), false, null, $in_footer);
}

if($adrotate_config['stats'] == 1) {
wp_enqueue_script('adrotate-clicktracker', plugins_url('/library/clicker.js', __FILE__), false, null, $in_footer);
wp_localize_script('adrotate-clicktracker', 'click_object', array('ajax_url' => admin_url('admin-ajax.php')));
wp_localize_script('adrotate-dyngroup', 'impression_object', array('ajax_url' => admin_url( 'admin-ajax.php')));
wp_enqueue_script('adrotate-clicker', plugins_url('/library/jquery.clicker.js', __FILE__), false, null, $in_footer);
wp_localize_script('adrotate-clicker', 'click_object', array('ajax_url' => admin_url('admin-ajax.php')));
wp_localize_script('adrotate-groups', 'impression_object', array('ajax_url' => admin_url('admin-ajax.php')));
}

if(!$in_footer) {
10 changes: 5 additions & 5 deletions adrotate-setup.php
Original file line number Diff line number Diff line change
@@ -67,7 +67,7 @@ function adrotate_activate_setup() {
adrotate_database_install();
adrotate_dummy_data();
adrotate_check_config();
adrotate_check_cron_schedules();
adrotate_check_schedules();

// Set the capabilities for the administrator
$role = get_role('administrator');
@@ -211,10 +211,10 @@ function adrotate_uninstall_setup() {
}

/*-------------------------------------------------------------
Name: adrotate_check_cron_schedules
Name: adrotate_check_schedules
Purpose: Set or reset maintenance schedules for AdRotate
-------------------------------------------------------------*/
function adrotate_check_cron_schedules() {
function adrotate_check_schedules() {
$firstrun = adrotate_date_start('day');
if(!wp_next_scheduled('adrotate_empty_trackerdata')) { // Periodically clean trackerdata
wp_schedule_event($firstrun + 1800, 'twicedaily', 'adrotate_empty_trackerdata');
@@ -496,7 +496,7 @@ function adrotate_finish_upgrade() {
}

adrotate_check_config();
adrotate_check_cron_schedules();
adrotate_check_schedules();
adrotate_evaluate_ads();
}

@@ -627,7 +627,7 @@ function adrotate_core_upgrade() {

// 4.1
if($adrotate_version['current'] < 389) {
adrotate_check_cron_schedules();
adrotate_check_schedules();
}

// 4.4
Loading

0 comments on commit 821481a

Please sign in to comment.