Version 5.13.2

* [fix] Missing mimetype when uploading banner images * [update] Rollback to v1.1 for clicktracker Javascript
adegans · Jul 13, 2024 · 821481a · 821481a
1 parent f0fd67f
commit 821481a
Showing 13 changed files with 132 additions and 131 deletions.
diff --git a/adrotate-admin-functions.php b/adrotate-admin-functions.php
@@ -258,11 +258,12 @@ function adrotate_ad_is_in_groups($id) {
  Purpose:   Clean up file names of files that are being uploaded.
 -------------------------------------------------------------*/
 function adrotate_sanitize_file_name($filename) {
-    $filename_raw = $filename;
     $special_chars = array('?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', '"', '\'', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}');
+
     $filename = str_replace($special_chars, '', $filename);
     $filename = preg_replace('/[\s-]+/', '-', $filename);
     $filename = strtolower(trim($filename, '.-_'));
+
     return $filename;
 }
 
@@ -365,8 +366,9 @@ function adrotate_dashboard_scripts() {
 function adrotate_notifications_dashboard() {
 	global $current_user;
 
+	$displayname = (strlen($current_user->user_firstname) > 0) ? $current_user->user_firstname : $current_user->display_name;
+
 	if(current_user_can('adrotate_ad_manage')) {
-		$displayname = (strlen($current_user->user_firstname) > 0) ? $current_user->user_firstname : $current_user->display_name;
 		$page = (isset($_GET['page'])) ? $_GET['page'] : '';
 
 		// These only show on AdRotate pages
@@ -432,19 +434,20 @@ function adrotate_notifications_dashboard() {
 
 	if(current_user_can('update_plugins')) {
 		// Finish update
-		// Keep for manual updates
-		$adrotate_db_version = get_option("adrotate_db_version");
-		$adrotate_version = get_option("adrotate_version");
+		$adrotate_db_version = get_option('adrotate_db_version');
+		$adrotate_version = get_option('adrotate_version');
+
 		if($adrotate_db_version['current'] < ADROTATE_DB_VERSION OR $adrotate_version['current'] < ADROTATE_VERSION) {
-			$plugins = get_plugins();
-			$plugin_version = $plugins['adrotate/adrotate.php']['Version'];
-
+			$plugin_version = get_plugins();
+			$plugin_version = $plugin_version['adrotate/adrotate.php']['Version'];
+
+			// Do the update
+			adrotate_finish_upgrade();
+
+			// Thank user for updating
 			echo "<div class=\"ajdg-notification notice\">";
-			echo "	<div class=\"ajdg-notification-logo\" style=\"background-image: url('".plugins_url('/images/notification.png', __FILE__)."');\"><span></span></div>";
-			echo "	<div class=\"ajdg-notification-message\">Thanks for updating <strong>".$displayname."</strong>! You have almost completed updating <strong>AdRotate</strong> to version <strong>".$plugin_version."</strong>!<br />To complete the update <strong>click the button on the right</strong>. This may take a few seconds to complete!<br />For an overview of what has changed take a look at the <a href=\"https://ajdg.solutions/support/adrotate-development/?mtm_campaign=adrotate&mtm_keyword=finish_update_notification\" target=\"_blank\">development page</a> and usually there is an article on <a href=\"https://ajdg.solutions/blog/\" target=\"_blank\">the blog</a> with more information as well.</div>";
-			echo "	<div class=\"ajdg-notification-cta\">";
-			echo "		<a href=\"".wp_nonce_url('admin.php?page=adrotate-settings&tab=maintenance&action=update-db', 'nonce', 'adrotate-nonce')."\" class=\"ajdg-notification-act button-primary update-button\">Finish update</a>";
-			echo "	</div>";
+			echo "	<div class=\"ajdg-notification-logo\" style=\"background-image:url('".plugins_url('/images/notification.png', __FILE__)."');\"><span></span></div>";
+			echo "	<div class=\"ajdg-notification-message\">Hi there <strong>".$displayname."</strong>! You have just updated <strong>AdRotate Professional</strong> to version <strong>".$plugin_version."</strong>!<br />Thanks for staying up-to-date! Your <strong>Database and settings</strong> have been updated to the latest version.<br />For an overview of what has changed take a look at the <a href=\"https://ajdg.solutions/support/adrotate-development/?mtm_campaign=adrotate&mtm_keyword=finish_update_notification\" target=\"_blank\">development page</a> and usually there is an article on <a href=\"https://ajdg.solutions/blog/\" target=\"_blank\">the blog</a> with more information as well.</div>";
 			echo "</div>";
 		}
 	}

diff --git a/adrotate-admin-manage.php b/adrotate-admin-manage.php
@@ -416,56 +416,65 @@ function adrotate_insert_group() {
  Purpose:   Prepare input form on saving new or updated banners
 -------------------------------------------------------------*/
 function adrotate_insert_media() {
-	global $wpdb, $adrotate_config;
+	global $adrotate_config;
 
 	if(wp_verify_nonce($_POST['adrotate_nonce'], 'adrotate_save_media')) {
 		if(current_user_can('adrotate_ad_manage')) {
+
 			if($_FILES['adrotate_image']['size'] > 0 AND $_FILES['adrotate_image']['size'] <= 512000) {
-				$file_path = WP_CONTENT_DIR.'/'.esc_attr($_POST['adrotate_image_location']).'/';
-				$file = explode('.', adrotate_sanitize_file_name($_FILES['adrotate_image']['name']));
-				$file_name = implode('.', $file);
-				$file_extension = array_pop($file);
-				$file_mimetype = mime_content_type($_FILES['adrotate_image']['tmp_name']);
+				$file_path = WP_CONTENT_DIR."/".esc_attr($_POST['adrotate_image_location'])."/";
 
+				$file = pathinfo(adrotate_sanitize_file_name($_FILES['adrotate_image']['name']));
+				$file['mimetype'] = mime_content_type($_FILES['adrotate_image']['tmp_name']);
+
+				// Everyone can upload these
 				$allowed_extensions = array('jpg', 'jpeg', 'gif', 'png', 'svg', 'webp');
-				$allowed_mimetypes = array('image/jpg', 'image/pjpeg', 'image/jpeg', 'image/gif', 'image/png', 'image/svg', 'image/webp');
+				$allowed_mimetypes = array('image/jpg', 'image/jpeg', 'image/gif', 'image/png', 'image/svg', 'image/webp');
 
 				if(current_user_can('unfiltered_html')) {
+					// Higher level and enabled users can also upload these.
 					$allowed_extensions = array_merge($allowed_extensions, array('html', 'htm', 'js', 'zip'));
 					$allowed_mimetypes = array_merge($allowed_mimetypes, array('text/html', 'text/htm', 'application/x-javascript', 'application/javascript', 'text/javascript', 'application/zip'));
 				}
 
-				if(in_array($file_extension, $allowed_extensions) AND in_array($file_mimetype, $allowed_mimetypes)) {
+				if(in_array($file['extension'], $allowed_extensions) AND in_array($file['mimetype'], $allowed_mimetypes)) {
 					if ($_FILES['adrotate_image']['error'] > 0) {
-						if($_FILES['adrotate_image']['error'] == 1 OR $_FILES['adrotate_image']['error'] == 2) $errorcode = 511;
-						else if($_FILES['adrotate_image']['error'] == 3) $errorcode = 506;
-						else if($_FILES['adrotate_image']['error'] == 4) $errorcode = 506;
-						else if($_FILES['adrotate_image']['error'] == 6 OR $_FILES['adrotate_image']['error'] == 7) $errorcode = 506;
-						else $errorcode = '';
+						if($_FILES['adrotate_image']['error'] == 1 OR $_FILES['adrotate_image']['error'] == 2) {
+							$errorcode = 511;
+						} else if($_FILES['adrotate_image']['error'] == 3) {
+							$errorcode = 506;
+						} else if($_FILES['adrotate_image']['error'] == 4) {
+							$errorcode = 506;
+						} else if($_FILES['adrotate_image']['error'] == 6 OR $_FILES['adrotate_image']['error'] == 7) {
+							$errorcode = 506;
+						} else {
+							$errorcode = '';
+						}
+
 						adrotate_return('adrotate-media', $errorcode); // Other error
 					} else {
-						if(!move_uploaded_file($_FILES['adrotate_image']['tmp_name'], $file_path.$file_name)) {
+						if(!move_uploaded_file($_FILES['adrotate_image']['tmp_name'], $file_path.$file['basename'])) {
 							adrotate_return('adrotate-media', 506); // Upload error
 						}
 
-						if($file_mimetype == 'application/zip' AND $file_extension == 'zip') {
+						if(($file['mimetype'] == 'application/zip' OR $file['mimetype'] == 'application/zip-compressed' OR $file['mimetype'] == 'application/x-zip-compressed') AND $file['extension'] == 'zip') {
 							require_once(ABSPATH .'/wp-admin/includes/file.php');
 
 							$creds = request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', false, $file_path, null);
 						    if(!WP_Filesystem($creds)) {
-								request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', true, $file_path, null);
+								$creds = request_filesystem_credentials(wp_nonce_url('admin.php?page=adrotate-media'), '', true, $file_path, null);
 							}
 
-							$unzipfile = unzip_file($file_path.$file_name.'.'.$file_extension, $file_path.$file_name);
+							$unzipfile = unzip_file($file_path.$file['basename'], $file_path.$file['filename']);
 							if(is_wp_error($unzipfile)) {
-								adrotate_return('adrotate-media', 512); // Can not unzip file
+								adrotate_return('adrotate-media', 512, array('error' => $unzipfile->get_error_message())); // Can not unzip file
 							}
 
 							// Delete unwanted files
-							adrotate_clean_folder_contents($file_path.$file_name);
+							adrotate_clean_folder_contents($file_path.$file['filename']);
 
 							// Delete the uploaded zip
-							adrotate_unlink($file_name.'.'.$file_extension);
+							adrotate_unlink($file['basename']);
 						}
 
 						adrotate_return('adrotate-media', 202); // Success

diff --git a/adrotate-output.php b/adrotate-output.php
@@ -583,13 +583,13 @@ function adrotate_scripts() {
 	}
 
 	if(get_option('adrotate_dynamic_required') > 0) {
-		wp_enqueue_script('adrotate-dyngroup', plugins_url('/library/jquery.dyngroup.js', __FILE__), false, null, $in_footer);
+		wp_enqueue_script('adrotate-groups', plugins_url('/library/jquery.groups.js', __FILE__), false, null, $in_footer);
 	}
 
 	if($adrotate_config['stats'] == 1) {
-		wp_enqueue_script('adrotate-clicktracker', plugins_url('/library/clicker.js', __FILE__), false, null, $in_footer);
-		wp_localize_script('adrotate-clicktracker', 'click_object', array('ajax_url' => admin_url('admin-ajax.php')));
-		wp_localize_script('adrotate-dyngroup', 'impression_object', array('ajax_url' => admin_url( 'admin-ajax.php')));
+		wp_enqueue_script('adrotate-clicker', plugins_url('/library/jquery.clicker.js', __FILE__), false, null, $in_footer);
+		wp_localize_script('adrotate-clicker', 'click_object', array('ajax_url' => admin_url('admin-ajax.php')));
+		wp_localize_script('adrotate-groups', 'impression_object', array('ajax_url' => admin_url('admin-ajax.php')));
 	}
 
 	if(!$in_footer) {

diff --git a/adrotate-setup.php b/adrotate-setup.php
@@ -67,7 +67,7 @@ function adrotate_activate_setup() {
 		adrotate_database_install();
 		adrotate_dummy_data();
 		adrotate_check_config();
-		adrotate_check_cron_schedules();
+		adrotate_check_schedules();
 
 		// Set the capabilities for the administrator
 		$role = get_role('administrator');
@@ -211,10 +211,10 @@ function adrotate_uninstall_setup() {
 }
 
 /*-------------------------------------------------------------
- Name:      adrotate_check_cron_schedules
+ Name:      adrotate_check_schedules
  Purpose:   Set or reset maintenance schedules for AdRotate
 -------------------------------------------------------------*/
-function adrotate_check_cron_schedules() {
+function adrotate_check_schedules() {
 	$firstrun = adrotate_date_start('day');
 	if(!wp_next_scheduled('adrotate_empty_trackerdata')) { // Periodically clean trackerdata
 		wp_schedule_event($firstrun + 1800, 'twicedaily', 'adrotate_empty_trackerdata');
@@ -496,7 +496,7 @@ function adrotate_finish_upgrade() {
 	}
 
 	adrotate_check_config();
-	adrotate_check_cron_schedules();
+	adrotate_check_schedules();
 	adrotate_evaluate_ads();
 }
 
@@ -627,7 +627,7 @@ function adrotate_core_upgrade() {
 
 	// 4.1
 	if($adrotate_version['current'] < 389) {
-		adrotate_check_cron_schedules();
+		adrotate_check_schedules();
 	}
 
 	// 4.4