installed plugin Easy Digital Downloads version 3.1.0.3

2022-11-27 15:03:07 +00:00
parent 555673545b
commit c5dce2cec6
1200 changed files with 238970 additions and 0 deletions
--- a/wp-content/plugins/easy-digital-downloads/includes/class-edd-session.php
+++ b/wp-content/plugins/easy-digital-downloads/includes/class-edd-session.php
@ -0,0 +1,426 @@
+<?php
+/**
+ * EDD Session
+ *
+ * This is a wrapper class for WP_Session / PHP $_SESSION and handles the storage of cart items, purchase sessions, etc
+ *
+ * @package     EDD
+ * @subpackage  Classes/Session
+ * @copyright   Copyright (c) 2018, Easy Digital Downloads, LLC
+ * @license     http://opensource.org/licenses/gpl-2.0.php GNU Public License
+ * @since       1.5
+ */
+
+// Exit if accessed directly
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * EDD_Session Class
+ *
+ * @since 1.5
+ */
+class EDD_Session {
+
+	/**
+	 * Holds our session data.
+	 *
+	 * @var array
+	 * @access private
+	 * @since 1.5
+	 */
+	private $session;
+
+	/**
+	 * Whether to use PHP $_SESSION or WP_Session.
+	 *
+	 * @var bool
+	 * @access private
+	 * @since 1.5,1
+	 */
+	private $use_php_sessions = false;
+
+	/**
+	 * Session index prefix
+	 *
+	 * @var string
+	 * @access private
+	 * @since 2.3
+	 */
+	private $prefix = '';
+
+	/**
+	 * Constructor.
+	 *
+	 * Defines our WP_Session constants, includes the necessary libraries and
+	 * retrieves the WP Session instance.
+	 *
+	 * @since 1.5
+	 */
+	public function __construct() {
+		$this->use_php_sessions = $this->use_php_sessions();
+
+		if ( $this->use_php_sessions ) {
+			if ( is_multisite() ) {
+				$this->prefix = '_' . get_current_blog_id();
+			}
+
+			// Use PHP SESSION (must be enabled via the EDD_USE_PHP_SESSIONS constant)
+			add_action( 'init', array( $this, 'maybe_start_session' ), -2 );
+		} else {
+			if ( ! $this->should_start_session() ) {
+				return;
+			}
+
+			// Use WP_Session (default)
+			if ( ! defined( 'WP_SESSION_COOKIE' ) ) {
+				define( 'WP_SESSION_COOKIE', 'edd_wp_session' );
+			}
+
+			if ( ! class_exists( 'Recursive_ArrayAccess' ) ) {
+				require_once EDD_PLUGIN_DIR . 'includes/libraries/class-recursive-arrayaccess.php';
+			}
+
+			if ( ! class_exists( 'WP_Session' ) ) {
+				require_once EDD_PLUGIN_DIR . 'includes/libraries/class-wp-session.php';
+				require_once EDD_PLUGIN_DIR . 'includes/libraries/wp-session.php';
+			}
+
+			add_filter( 'wp_session_expiration_variant', array( $this, 'set_expiration_variant_time' ), 99999 );
+			add_filter( 'wp_session_expiration',         array( $this, 'set_expiration_time'         ), 99999 );
+		}
+
+		// Based off our session handling, we need to use different hooks and priorities.
+		if ( empty( $this->session ) && ! $this->use_php_sessions ) {
+			$hook     = 'plugins_loaded';
+			$priority = 10;
+		} else {
+			$hook     = 'init';
+			$priority = -1;
+		}
+
+		add_action( $hook, array( $this, 'init' ), $priority );
+	}
+
+	/**
+	 * Setup the WP_Session instance.
+	 *
+	 * @since 1.5
+	 */
+	public function init() {
+		if ( $this->use_php_sessions ) {
+			$key           = 'edd' . $this->prefix;
+			$this->session = isset( $_SESSION[ $key ] ) && is_array( $_SESSION[ $key ] )
+				? $_SESSION[ $key ]
+				: array();
+		} else {
+			$this->session = WP_Session::get_instance();
+		}
+
+		$use_cookie = $this->use_cart_cookie();
+		$cart       = $this->get( 'edd_cart'     );
+		$purchase   = $this->get( 'edd_purchase' );
+
+		if ( $use_cookie ) {
+			if ( ! empty( $cart ) || ! empty( $purchase ) ) {
+				$this->set_cart_cookie();
+			} else {
+				$this->set_cart_cookie( false );
+			}
+		}
+
+		return $this->session;
+	}
+
+	/**
+	 * Retrieve session ID.
+	 *
+	 * @since 1.6
+	 *
+	 * @return string Session ID
+	 */
+	public function get_id() {
+		return $this->session->session_id;
+	}
+
+	/**
+	 * Retrieve a session variable.
+	 *
+	 * @since 1.5
+	 *
+	 * @param string $key Session key.
+	 * @return mixed Session variable.
+	 */
+	public function get( $key ) {
+		$key    = sanitize_key( $key );
+		$return = false;
+
+		if ( isset( $this->session[ $key ] ) && ! empty( $this->session[ $key ] ) ) {
+			preg_match( '/[oO]\s*:\s*\d+\s*:\s*"\s*(?!(?i)(stdClass))/', $this->session[ $key ], $matches );
+
+			if ( ! empty( $matches ) ) {
+				$this->set( $key, null );
+				return false;
+			}
+
+			if ( is_numeric( $this->session[ $key ] ) ) {
+				$return = $this->session[ $key ];
+			} else {
+				$maybe_json = json_decode( $this->session[ $key ] );
+
+				// Since json_last_error is PHP 5.3+, we have to rely on a `null` value for failing to parse JSON.
+				if ( is_null( $maybe_json ) ) {
+					$is_serialized = is_serialized( $this->session[ $key ] );
+					if ( $is_serialized ) {
+						$value = @unserialize( $this->session[ $key ] );
+						$this->set( $key, (array) $value );
+						$return = $value;
+					} else {
+						$return = $this->session[ $key ];
+					}
+				} else {
+					$return = json_decode( $this->session[ $key ], true );
+				}
+			}
+		}
+
+		return $return;
+	}
+
+	/**
+	 * Set a session variable.
+	 *
+	 * @since 1.5
+	 *
+	 * @param string           $key   Session key.
+	 * @param int|string|array $value Session variable.
+	 *
+	 * @return mixed Session variable
+	 */
+	public function set( $key, $value ) {
+		$key = sanitize_key( $key );
+
+		if ( is_array( $value ) ) {
+			$this->session[ $key ] = wp_json_encode( $value );
+		} else {
+			$this->session[ $key ] = esc_attr( $value );
+		}
+
+		if ( $this->use_php_sessions ) {
+			$_SESSION[ 'edd' . $this->prefix ] = $this->session;
+		}
+
+		return $this->session[ $key ];
+	}
+
+	/**
+	 * Set a cookie to identify whether the cart is empty or not.
+	 *
+	 * This is for hosts and caching plugins to identify if caching should be disabled.
+	 *
+	 * @since 1.8
+	 *
+	 * @param bool $set Whether to set or destroy. Default true.
+	 */
+	public function set_cart_cookie( $set = true ) {
+
+		// Bail if headers already sent.
+		if ( headers_sent() ) {
+			return;
+		}
+
+		if ( $set ) {
+			@setcookie( 'edd_items_in_cart', '1', time() + 30 * 60, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
+		} elseif ( isset( $_COOKIE['edd_items_in_cart'] ) ) {
+			@setcookie( 'edd_items_in_cart', '', time() - 3600, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
+		}
+	}
+
+	/**
+	 * Force the cookie expiration variant time to 23 hours.
+	 *
+	 * @since 2.0
+	 * @since 3.0 Set default value of $exp parameter to 1 as it is unused.
+	 *
+	 * @param int $exp Default expiration (1 hour).
+	 * @return int Cookie expiration variant time.
+	 */
+	public function set_expiration_variant_time( $exp = 1 ) {
+		return HOUR_IN_SECONDS * 23;
+	}
+
+	/**
+	 * Force the cookie expiration time to 24 hours.
+	 *
+	 * @since 1.9
+	 * @since 3.0 Set default value of $exp parameter to 1 as it is unused.
+	 *
+	 * @param int $exp Default expiration (1 hour).
+	 * @return int Cookie expiration time.
+	 */
+	public function set_expiration_time( $exp = 1 ) {
+		return HOUR_IN_SECONDS * 24;
+	}
+
+	/**
+	 * Starts a new session if one hasn't started yet.
+	 *
+	 * Checks to see if the server supports PHP sessions
+	 * or if the EDD_USE_PHP_SESSIONS constant is defined
+	 *
+	 * @since 2.1
+	 * @return bool $ret True if we are using PHP sessions, false otherwise.
+	 */
+	public function use_php_sessions() {
+
+		// Set default return value to false.
+		$ret = false;
+
+		// If the database variable is already set, no need to run autodetection.
+		$edd_use_php_sessions = (bool) get_option( 'edd_use_php_sessions' );
+
+		if ( ! $edd_use_php_sessions ) {
+
+			// Attempt to detect if the server supports PHP sessions
+			if ( function_exists( 'session_start' ) ) {
+				$this->set( 'edd_use_php_sessions', 1 );
+
+				if ( $this->get( 'edd_use_php_sessions' ) ) {
+					$ret = true;
+
+					// Set the database option
+					update_option( 'edd_use_php_sessions', true );
+				}
+			}
+		} else {
+			$ret = $edd_use_php_sessions;
+		}
+
+		// Enable or disable PHP Sessions based on the EDD_USE_PHP_SESSIONS constant.
+		if ( defined( 'EDD_USE_PHP_SESSIONS' ) && EDD_USE_PHP_SESSIONS ) {
+			$ret = true;
+		} else if ( defined( 'EDD_USE_PHP_SESSIONS' ) && ! EDD_USE_PHP_SESSIONS ) {
+			$ret = false;
+		}
+
+		// Filter & return.
+		return (bool) apply_filters( 'edd_use_php_sessions', $ret );
+	}
+
+	/**
+	 * Determines if a user has set the EDD_USE_CART_COOKIE.
+	 *
+	 * @since 2.5
+	 *
+	 * @return bool If the store should use the edd_items_in_cart cookie to help avoid caching
+	 */
+	public function use_cart_cookie() {
+
+		// Set default return value to true.
+		$ret = true;
+
+		if ( defined( 'EDD_USE_CART_COOKIE' ) && ! EDD_USE_CART_COOKIE ) {
+			$ret = false;
+		}
+
+		// Filter & return.
+		return (bool) apply_filters( 'edd_use_cart_cookie', $ret );
+	}
+
+	/**
+	 * Determines if we should start sessions.
+	 *
+	 * @since 2.5.11
+	 *
+	 * @return bool True if sessions should start, false otherwise.
+	 */
+	public function should_start_session() {
+
+		// Set default return value to true.
+		$start_session = true;
+
+		if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
+			$blacklist = $this->get_blacklist();
+			$uri       = ltrim( $_SERVER['REQUEST_URI'], '/' );
+			$uri       = untrailingslashit( $uri );
+
+			if ( in_array( $uri, $blacklist, true ) ) {
+				$start_session = false;
+			}
+
+			if ( false !== strpos( $uri, 'feed=' ) ) {
+				$start_session = false;
+			}
+
+			// We do not want to start sessions in the admin unless we're processing an ajax request.
+			if ( is_admin() && false === strpos( $uri, 'wp-admin/admin-ajax.php' ) ) {
+				$start_session = false;
+			}
+
+			// Starting sessions while saving the file editor can break the save process, so don't start.
+			if ( false !== strpos( $uri, 'wp_scrape_key' ) ) {
+				$start_session = false;
+			}
+		}
+
+		// Filter & return.
+		return (bool) apply_filters( 'edd_start_session', $start_session );
+	}
+
+	/**
+	 * Retrieve the URI blacklist.
+	 *
+	 * These are the URIs where we never start sessions.
+	 *
+	 * @since 2.5.11
+	 *
+	 * @return array URI blacklist.
+	 */
+	public function get_blacklist() {
+		$blacklist = apply_filters( 'edd_session_start_uri_blacklist', array(
+			'feed',
+			'feed/rss',
+			'feed/rss2',
+			'feed/rdf',
+			'feed/atom',
+			'comments/feed'
+		) );
+
+		// Look to see if WordPress is in a sub folder or this is a network site that uses sub folders
+		$folder = str_replace( network_home_url(), '', get_site_url() );
+
+		if ( ! empty( $folder ) ) {
+			foreach ( $blacklist as $path ) {
+				$blacklist[] = $folder . '/' . $path;
+			}
+		}
+
+		return $blacklist;
+	}
+
+	/**
+	 * Starts a new session if one hasn't started yet.
+	 *
+	 * @since 2.1.3
+	 */
+	public function maybe_start_session() {
+
+		// Bail if should not start session.
+		if ( ! $this->should_start_session() ) {
+			return;
+		}
+
+		// Bail if headers already sent.
+		if ( headers_sent() ) {
+			return;
+		}
+
+		// Start if old version of PHP & no session ID exists.
+		if ( version_compare( PHP_VERSION, '5.4', '<' ) && ! session_id() ) {
+			session_start();
+
+		// Start if modern PHP and session-status is not active.
+		} elseif ( defined( 'PHP_SESSION_ACTIVE' ) && ( session_status() !== PHP_SESSION_ACTIVE ) ) {
+			session_start();
+		}
+	}
+}