Deploying version 3.2.6

deliciousbrains · Jan 11, 2024 · 0049dff · 0049dff
1 parent 5279ecc
commit 0049dff
Show file tree

Hide file tree

Showing 134 changed files with 2,328 additions and 678 deletions.
diff --git a/README.md b/README.md
@@ -3,9 +3,9 @@
 **Contributors:** wpengine, deliciousbrains, ianmjones, eriktorsner, kevinwhoffman, tysonreeder, dalewilliams, lewisia32, mattshaw, aaemnnosttv, a5hleyrich, polevaultweb, bradt, joetan \
 **Tags:** uploads, amazon, s3, amazon s3, digitalocean, digitalocean spaces, google cloud storage, gcs, mirror, admin, media, cdn, cloudfront \
 **Requires at least:** 5.5 \
-**Tested up to:** 6.3 \
+**Tested up to:** 6.4 \
 **Requires PHP:** 7.2 \
-**Stable tag:** 3.2.5 \
+**Stable tag:** 3.2.6 \
 **License:** GPLv3
 
 Copies files to Amazon S3, DigitalOcean Spaces or Google Cloud Storage as they are uploaded to the Media Library. Optionally configure Amazon CloudFront or another CDN for faster delivery.
@@ -103,6 +103,14 @@ This version requires PHP 5.3.3+ and the Amazon Web Services plugin
 
 ## Changelog
 
+### WP Offload Media Lite 3.2.6 - 2024-01-11
+
+* New: WordPress 6.4 compatible
+* New: AWS PHP SDK has been updated to v3.295.8
+* Improvement: Delivery settings check request headers updated to avoid provider's erroneous hot-link protection
+* Bug fix: Corrupted amazonS3_cache records no longer cause a fatal error
+* Bug fix: Safety improved when handling serialized content
+
 ### WP Offload Media Lite 3.2.5 - 2023-08-24
 
 * New: WordPress 6.3 compatible

diff --git a/assets/css/settings.css b/assets/css/settings.css
diff --git a/assets/css/settings.min.css b/assets/css/settings.min.css
diff --git a/classes/amazon-s3-and-cloudfront.php b/classes/amazon-s3-and-cloudfront.php
@@ -4277,9 +4277,13 @@ public function maybe_update_delivery_path( $path, $domain, $timestamp = null )
  *
  * @param string $url
  *
- * @return string
+ * @return string|WP_Error
  */
  public function maybe_remove_query_string( $url ) {
+ if ( ! is_string( $url ) ) {
+ return $url;
+ }
+
  $parts = explode( '?', $url );
 
  return reset( $parts );

diff --git a/classes/as3cf-filter.php b/classes/as3cf-filter.php
@@ -621,8 +621,9 @@ public function get_post_cache( $post = null, $transform_ints = true ) {
  $cache = get_post_meta( $post_id, self::CACHE_KEY, true );
  }
 
- if ( empty( $cache ) ) {
- $cache = array();
+ // Data's not what we expected, reset.
+ if ( empty( $cache ) || ! is_array( $cache ) ) {
+ return array();
  }
 
  if ( ! $transform_ints ) {
@@ -687,7 +688,8 @@ protected function set_option_cache( $data ) {
  protected function maybe_update_post_cache( $to_cache, $post_id = false ) {
  $post_id = AS3CF_Utils::get_post_id( $post_id );
 
- if ( ! $post_id || empty( $to_cache ) ) {
+ // Data's not what we expected, skip it.
+ if ( ! $post_id || empty( $to_cache ) || ! is_array( $to_cache ) ) {
  return;
  }
 
@@ -711,8 +713,9 @@ protected function get_option_cache() {
  $cache = get_option( self::CACHE_KEY, array() );
  }
 
- if ( empty( $cache ) ) {
- $cache = array();
+ // Data's not what we expected, reset.
+ if ( empty( $cache ) || ! is_array( $cache ) ) {
+ return array();
  }
 
  return $cache;
@@ -724,7 +727,8 @@ protected function get_option_cache() {
  * @param array $to_cache
  */
  protected function maybe_update_option_cache( $to_cache ) {
- if ( empty( $to_cache ) ) {
+ // Data's not what we expected, skip it.
+ if ( empty( $to_cache ) || ! is_array( $to_cache ) ) {
  return;
  }
 

diff --git a/classes/as3cf-utils.php b/classes/as3cf-utils.php
@@ -967,7 +967,7 @@ private static function is_broken_serialized( string $data ): bool {
  $broken = false;
 
  if ( is_serialized( $data ) ) {
- $value = @unserialize( $data ); // @phpcs:ignore
+ $value = self::maybe_unserialize( $data );
 
  if ( false === $value && serialize( false ) !== $data ) {
  $broken = true;
@@ -1045,5 +1045,20 @@ private static function is_json( string $value ): bool {
 
  return $is_json;
  }
+
+ /**
+ * Maybe unserialize data, but not if an object.
+ *
+ * @param mixed $data
+ *
+ * @return mixed
+ */
+ public static function maybe_unserialize( $data ) {
+ if ( is_serialized( $data ) ) {
+ return @unserialize( $data, array( 'allowed_classes' => false ) ); // @phpcs:ignore
+ }
+
+ return $data;
+ }
  }
 }
diff --git a/classes/integrations/advanced-custom-fields.php b/classes/integrations/advanced-custom-fields.php
@@ -3,6 +3,7 @@
 namespace DeliciousBrains\WP_Offload_Media\Integrations;
 
 use AS3CF_Error;
+use AS3CF_Utils;
 use DeliciousBrains\WP_Offload_Media\Items\Media_Library_Item;
 use DeliciousBrains\WP_Offload_Media\Items\Remove_Local_Handler;
 use Exception;
@@ -186,7 +187,7 @@ public function maybe_remove_original_after_download() {
  */
  public function acf_load_config( array $config ): array {
  try {
- $filtered_config = unserialize( $this->as3cf->filter_local->filter_post( serialize( $config ) ) );
+ $filtered_config = AS3CF_Utils::maybe_unserialize( $this->as3cf->filter_local->filter_post( serialize( $config ) ) );
  } catch ( Exception $e ) {
  AS3CF_Error::log( __METHOD__ . ' ' . $e->getMessage() );
 

diff --git a/classes/items/item.php b/classes/items/item.php
@@ -748,7 +748,7 @@ protected static function create( $object, $add_to_object_cache = false ) {
  $extra_info = array();
 
  if ( ! empty( $object->extra_info ) ) {
- $extra_info = unserialize( $object->extra_info );
+ $extra_info = AS3CF_Utils::maybe_unserialize( $object->extra_info );
  static::maybe_update_extra_info( $extra_info, $object->source_id, $object->is_private );
  }
 

diff --git a/classes/settings/delivery-check.php b/classes/settings/delivery-check.php
@@ -105,7 +105,12 @@ public function test_public_file_access(): AS3CF_Result {
  );
  }
 
- $url = $this->as3cf_item->get_provider_url();
+ $url = $this->as3cf_item->get_provider_url();
+
+ if ( is_wp_error( $url ) ) {
+ return new AS3CF_Result( Validator_Interface::AS3CF_STATUS_MESSAGE_ERROR, $url->get_error_message() );
+ }
+
  $this->domain = AS3CF_Utils::parse_url( $url, PHP_URL_HOST );
 
  try {
@@ -144,8 +149,7 @@ public function test_private_file_access(): AS3CF_Result {
 
  try {
  $this->check_dns_resolution();
- $response = wp_remote_get( $url );
-
+ $response = $this->dispatch_request( $url );
  $this->check_response_code( (int) wp_remote_retrieve_response_code( $response ) );
  } catch ( Exception $e ) {
  return new AS3CF_Result( Validator_Interface::AS3CF_STATUS_MESSAGE_ERROR, $e->getMessage() );
@@ -171,8 +175,13 @@ public function test_private_file_access_unsigned(): AS3CF_Result {
  // Remove the signing parameters from the URL.
  $url = $this->as3cf->maybe_remove_query_string( $this->as3cf_item->get_provider_url() );
 
+ if ( is_wp_error( $url ) ) {
+ return new AS3CF_Result( Validator_Interface::AS3CF_STATUS_MESSAGE_ERROR, $url->get_error_message() );
+ }
+
  try {
- $response = wp_remote_get( $url );
+ $this->check_dns_resolution();
+ $response = $this->dispatch_request( $url );
 
  // This should throw in an exception.
  $this->check_response_code( (int) wp_remote_retrieve_response_code( $response ) );

diff --git a/classes/settings/domain-check.php b/classes/settings/domain-check.php
@@ -282,8 +282,12 @@ protected function dispatch_request( string $url ): array {
  */
  'sslverify' => apply_filters( 'as3cf_assets_pull_test_endpoint_sslverify', true, $this->domain ),
 
- // Make sure WordPress knows this is a REST-API request.
- 'headers' => array( 'content-type' => 'application/json' ),
+ // Make sure headers work for various services.
+ 'headers' => array(
+ 'accept' => '*/*',
+ 'user-agent' => 'wp-offload-media',
+ 'referer' => home_url(),
+ ),
  ) );
 
  if ( is_wp_error( $response ) ) {