* @since 1.50.0 */ namespace AdvancedAds\Admin; defined( 'ABSPATH' ) || exit; /** * Class Updater */ class EDD_Updater { /** * The URL pointing to the custom API endpoint. * * @var string */ private $api_url = ''; /** * Optional data to send with API calls. * * @var array */ private $api_data = []; /** * Path to the plugin file. * * @var string */ private $plugin_file = ''; /** * The plugin basename. * * @var string */ private $name = ''; /** * The plugin slug. * * @var string */ private $slug = ''; /** * The plugin version. * * @var string */ private $version = ''; /** * Whether to override the WordPress.org update check. * * @var bool */ private $wp_override = false; /** * Whether to check for beta versions. * * @var bool */ private $beta = false; /** * The cache key for failed requests. * * @var string */ private $failed_request_cache_key; /** * Class constructor. * * @uses plugin_basename() * @uses hook() * * @param string $_api_url The URL pointing to the custom API endpoint. * @param string $_plugin_file Path to the plugin file. * @param array $_api_data Optional data to send with API calls. */ public function __construct( $_api_url, $_plugin_file, $_api_data = null ) { global $edd_plugin_data; $this->api_url = trailingslashit( $_api_url ); $this->api_data = $_api_data; $this->plugin_file = $_plugin_file; $this->name = plugin_basename( $_plugin_file ); $this->slug = basename( dirname( $_plugin_file ) ); $this->version = $_api_data['version']; $this->wp_override = isset( $_api_data['wp_override'] ) ? (bool) $_api_data['wp_override'] : false; $this->beta = ! empty( $this->api_data['beta'] ) ? true : false; $this->failed_request_cache_key = 'edd_sl_failed_http_' . md5( $this->api_url ); $edd_plugin_data[ $this->slug ] = $this->api_data; /** * Fires after the $edd_plugin_data is setup. * * @since x.x.x * * @param array $edd_plugin_data Array of EDD SL plugin data. */ do_action( 'post_edd_sl_plugin_updater_setup', $edd_plugin_data ); // Set up hooks. $this->init(); } /** * Set up WordPress filters to hook into WP's update process. * * @uses add_filter() * * @return void */ public function init() { add_filter( 'pre_set_site_transient_update_plugins', [ $this, 'check_update' ] ); add_filter( 'plugins_api', [ $this, 'plugins_api_filter' ], 10, 3 ); add_action( 'after_plugin_row', [ $this, 'show_update_notification' ], 10, 2 ); add_action( 'admin_init', [ $this, 'show_changelog' ] ); } /** * Check for Updates at the defined API endpoint and modify the update array. * * This function dives into the update API just when WordPress creates its update array, * then adds a custom API call and injects the custom plugin data retrieved from the API. * It is reassembled from parts of the native WordPress plugin update code. * See wp-includes/update.php line 121 for the original wp_update_plugins() function. * * @uses api_request() * * @param array $_transient_data Update array build by WordPress. * @return array Modified update array with custom plugin data. */ public function check_update( $_transient_data ) { if ( ! is_object( $_transient_data ) ) { $_transient_data = new \stdClass(); } if ( ! empty( $_transient_data->response ) && ! empty( $_transient_data->response[ $this->name ] ) && false === $this->wp_override ) { return $_transient_data; } $current = $this->get_update_transient_data(); if ( false !== $current && is_object( $current ) && isset( $current->new_version ) ) { if ( version_compare( $this->version, $current->new_version, '<' ) ) { $_transient_data->response[ $this->name ] = $current; } else { // Populating the no_update information is required to support auto-updates in WordPress 5.5. $_transient_data->no_update[ $this->name ] = $current; } } $_transient_data->last_checked = time(); $_transient_data->checked[ $this->name ] = $this->version; return $_transient_data; } /** * Get repo API data from store. * Save to cache. * * @return \stdClass */ public function get_repo_api_data() { $version_info = $this->get_cached_version_info(); if ( false === $version_info ) { $version_info = $this->api_request( 'plugin_latest_version', [ 'slug' => $this->slug, 'beta' => $this->beta, ] ); if ( ! $version_info ) { return false; } // This is required for your plugin to support auto-updates in WordPress 5.5. $version_info->plugin = $this->name; $version_info->id = $this->name; $version_info->tested = $this->get_tested_version( $version_info ); if ( ! isset( $version_info->requires ) ) { $version_info->requires = ''; } if ( ! isset( $version_info->requires_php ) ) { $version_info->requires_php = ''; } $this->set_version_info_cache( $version_info ); } return $version_info; } /** * Gets a limited set of data from the API response. * This is used for the update_plugins transient. * * @since 3.8.12 * @return \stdClass|false */ private function get_update_transient_data() { $version_info = $this->get_repo_api_data(); if ( ! $version_info ) { return false; } $limited_data = new \stdClass(); $limited_data->slug = $this->slug; $limited_data->plugin = $this->name; $limited_data->url = $version_info->url ?? ''; $limited_data->package = $version_info->package; $limited_data->icons = $this->convert_object_to_array( $version_info->icons ); $limited_data->banners = $this->convert_object_to_array( $version_info->banners ); $limited_data->new_version = $version_info->new_version; $limited_data->tested = $version_info->tested ?? '6.7'; $limited_data->requires = $version_info->requires ?? '5.7'; $limited_data->requires_php = $version_info->requires_php ?? '7.4'; return $limited_data; } /** * Gets the plugin's tested version. * * @since 1.9.2 * @param object $version_info The version info object. * @return null|string */ private function get_tested_version( $version_info ) { // There is no tested version. if ( empty( $version_info->tested ) ) { return null; } // Strip off extra version data so the result is x.y or x.y.z. list( $current_wp_version ) = explode( '-', get_bloginfo( 'version' ) ); // The tested version is greater than or equal to the current WP version, no need to do anything. if ( version_compare( $version_info->tested, $current_wp_version, '>=' ) ) { return $version_info->tested; } $current_version_parts = explode( '.', $current_wp_version ); $tested_parts = explode( '.', $version_info->tested ); // The current WordPress version is x.y.z, so update the tested version to match it. if ( isset( $current_version_parts[2] ) && $current_version_parts[0] === $tested_parts[0] && $current_version_parts[1] === $tested_parts[1] ) { $tested_parts[2] = $current_version_parts[2]; } return implode( '.', $tested_parts ); } /** * Show the update notification on multisite subsites. * * @param string $file The plugin file. * @param array $plugin The plugin data. */ public function show_update_notification( $file, $plugin ) { // Return early if in the network admin, or if this is not a multisite install. if ( is_network_admin() || ! is_multisite() ) { return; } // Allow single site admins to see that an update is available. if ( ! current_user_can( 'activate_plugins' ) ) { return; } if ( $this->name !== $file ) { return; } // Do not print any message if update does not exist. $update_cache = get_site_transient( 'update_plugins' ); if ( ! isset( $update_cache->response[ $this->name ] ) ) { if ( ! is_object( $update_cache ) ) { $update_cache = new \stdClass(); } $update_cache->response[ $this->name ] = $this->get_repo_api_data(); } // Return early if this plugin isn't in the transient->response or if the site is running the current or newer version of the plugin. if ( empty( $update_cache->response[ $this->name ] ) || version_compare( $this->version, $update_cache->response[ $this->name ]->new_version, '>=' ) ) { return; } printf( '', $this->slug, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped $file, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped in_array( $this->name, $this->get_active_plugins(), true ) ? 'active' : 'inactive' ); echo ''; echo '

'; $changelog_link = ''; if ( ! empty( $update_cache->response[ $this->name ]->sections->changelog ) ) { $changelog_link = add_query_arg( [ 'edd_sl_action' => 'view_plugin_changelog', 'plugin' => rawurlencode( $this->name ), 'slug' => rawurlencode( $this->slug ), 'TB_iframe' => 'true', 'width' => 77, 'height' => 911, ], self_admin_url( 'index.php' ) ); } $update_link = add_query_arg( [ 'action' => 'upgrade-plugin', 'plugin' => rawurlencode( $this->name ), ], self_admin_url( 'update.php' ) ); printf( /* translators: the plugin name. */ esc_html__( 'There is a new version of %1$s available.', 'advanced-ads' ), esc_html( $plugin['Name'] ) ); if ( ! current_user_can( 'update_plugins' ) ) { echo ' '; esc_html_e( 'Contact your network administrator to install the update.', 'advanced-ads' ); } elseif ( empty( $update_cache->response[ $this->name ]->package ) && ! empty( $changelog_link ) ) { echo ' '; printf( /* translators: 1: opening anchor tag, do not translate 2. the new plugin version 3. closing anchor tag, do not translate. */ __( '%1$sView version %2$s details%3$s.', 'advanced-ads' ), // phpcs:ignore '', esc_html( $update_cache->response[ $this->name ]->new_version ), '' ); } elseif ( ! empty( $changelog_link ) ) { echo ' '; printf( __( '%1$sView version %2$s details%3$s or %4$supdate now%5$s.', 'advanced-ads' ), // phpcs:ignore '', esc_html( $update_cache->response[ $this->name ]->new_version ), '', '', '' ); } else { printf( ' %1$s%2$s%3$s', '', esc_html__( 'Update now.', 'advanced-ads' ), '' ); } do_action( "in_plugin_update_message-{$file}", $plugin, $plugin ); echo '

'; } /** * Gets the plugins active in a multisite network. * * @return array */ private function get_active_plugins() { $active_plugins = (array) get_option( 'active_plugins' ); $active_network_plugins = (array) get_site_option( 'active_sitewide_plugins' ); return array_merge( $active_plugins, array_keys( $active_network_plugins ) ); } /** * Updates information on the "View version x.x details" page with custom data. * * @uses api_request() * * @param mixed $_data The data originally requested. * @param string $_action The type of information being requested. * @param object $_args Plugin API arguments. * @return object $_data */ public function plugins_api_filter( $_data, $_action = '', $_args = null ) { if ( 'plugin_information' !== $_action ) { return $_data; } if ( ! isset( $_args->slug ) || ( $_args->slug !== $this->slug ) ) { return $_data; } $to_send = [ 'slug' => $this->slug, 'is_ssl' => is_ssl(), 'fields' => [ 'banners' => [], 'reviews' => false, 'icons' => [], ], ]; // Get the transient where we store the api request for this plugin for 24 hours. $edd_api_request_transient = $this->get_cached_version_info(); // If we have no transient-saved value, run the API, set a fresh transient with the API value, and return that value too right now. if ( empty( $edd_api_request_transient ) ) { $api_response = $this->api_request( 'plugin_information', $to_send ); // Expires in 3 hours. $this->set_version_info_cache( $api_response ); if ( false !== $api_response ) { $_data = $api_response; } } else { $_data = $edd_api_request_transient; } // Convert sections into an associative array, since we're getting an object, but Core expects an array. if ( isset( $_data->sections ) && ! is_array( $_data->sections ) ) { $_data->sections = $this->convert_object_to_array( $_data->sections ); } // Convert banners into an associative array, since we're getting an object, but Core expects an array. if ( isset( $_data->banners ) && ! is_array( $_data->banners ) ) { $_data->banners = $this->convert_object_to_array( $_data->banners ); } // Convert icons into an associative array, since we're getting an object, but Core expects an array. if ( isset( $_data->icons ) && ! is_array( $_data->icons ) ) { $_data->icons = $this->convert_object_to_array( $_data->icons ); } // Convert contributors into an associative array, since we're getting an object, but Core expects an array. if ( isset( $_data->contributors ) && ! is_array( $_data->contributors ) ) { $_data->contributors = $this->convert_object_to_array( $_data->contributors ); } if ( ! isset( $_data->plugin ) ) { $_data->plugin = $this->name; } if ( ! isset( $_data->version ) && ! empty( $_data->new_version ) ) { $_data->version = $_data->new_version; } return $_data; } /** * Convert some objects to arrays when injecting data into the update API * * Some data like sections, banners, and icons are expected to be an associative array, however due to the JSON * decoding, they are objects. This method allows us to pass in the object and return an associative array. * * @since 3.6.5 * * @param \stdClass $data The object to convert to an array. * * @return array */ private function convert_object_to_array( $data ) { if ( ! is_array( $data ) && ! is_object( $data ) ) { return []; } $new_data = []; foreach ( $data as $key => $value ) { $new_data[ $key ] = is_object( $value ) ? $this->convert_object_to_array( $value ) : $value; } return $new_data; } /** * Disable SSL verification in order to prevent download update failures * * @param array $args Array of HTTP request arguments. * @param string $url The request URL. * @return object $array */ public function http_request_args( $args, $url ) { if ( strpos( $url, 'https://' ) !== false && strpos( $url, 'edd_action=package_download' ) ) { $args['sslverify'] = $this->verify_ssl(); } return $args; } /** * Calls the API and, if successfull, returns the object delivered by the API. * * @uses get_bloginfo() * @uses wp_remote_post() * @uses is_wp_error() * * @param string $_action The requested action. * @param array $_data Parameters for the API action. * @return false|object|void */ private function api_request( $_action, $_data ) { $data = array_merge( $this->api_data, $_data ); if ( $data['slug'] !== $this->slug ) { return; } // Don't allow a plugin to ping itself. if ( trailingslashit( home_url() ) === $this->api_url ) { return false; } if ( $this->request_recently_failed() ) { return false; } return $this->get_version_from_remote(); } /** * Determines if a request has recently failed. * * @since 1.9.1 * * @return bool */ private function request_recently_failed() { $failed_request_details = get_option( $this->failed_request_cache_key ); // Request has never failed. if ( empty( $failed_request_details ) || ! is_numeric( $failed_request_details ) ) { return false; } /* * Request previously failed, but the timeout has expired. * This means we're allowed to try again. */ if ( time() > $failed_request_details ) { delete_option( $this->failed_request_cache_key ); return false; } return true; } /** * Logs a failed HTTP request for this API URL. * We set a timestamp for 1 hour from now. This prevents future API requests from being * made to this domain for 1 hour. Once the timestamp is in the past, API requests * will be allowed again. This way if the site is down for some reason we don't bombard * it with failed API requests. * * @see EDD_SL_Plugin_Updater::request_recently_failed * * @since 1.9.1 */ private function log_failed_request() { update_option( $this->failed_request_cache_key, strtotime( '+1 hour' ) ); } /** * If available, show the changelog for sites in a multisite install. */ public function show_changelog() { if ( empty( $_REQUEST['edd_sl_action'] ) || 'view_plugin_changelog' !== $_REQUEST['edd_sl_action'] ) { return; } if ( empty( $_REQUEST['plugin'] ) ) { return; } if ( empty( $_REQUEST['slug'] ) || $this->slug !== $_REQUEST['slug'] ) { return; } if ( ! current_user_can( 'update_plugins' ) ) { wp_die( esc_html__( 'You do not have permission to install plugin updates', 'advanced-ads' ), esc_html__( 'Error', 'advanced-ads' ), [ 'response' => 403 ] ); } $version_info = $this->get_repo_api_data(); if ( isset( $version_info->sections ) ) { $sections = $this->convert_object_to_array( $version_info->sections ); if ( ! empty( $sections['changelog'] ) ) { echo '
' . wp_kses_post( $sections['changelog'] ) . '
'; } } exit; } /** * Gets the current version information from the remote site. * * @return array|false */ private function get_version_from_remote() { $api_params = [ 'edd_action' => 'get_version', 'license' => ! empty( $this->api_data['license'] ) ? $this->api_data['license'] : '', 'item_name' => isset( $this->api_data['item_name'] ) ? $this->api_data['item_name'] : false, 'item_id' => isset( $this->api_data['item_id'] ) ? $this->api_data['item_id'] : false, 'version' => isset( $this->api_data['version'] ) ? $this->api_data['version'] : false, 'slug' => $this->slug, 'author' => $this->api_data['author'], 'url' => home_url(), 'beta' => $this->beta, 'php_version' => phpversion(), 'wp_version' => get_bloginfo( 'version' ), ]; /** * Filters the parameters sent in the API request. * * @param array $api_params The array of data sent in the request. * @param array $this->api_data The array of data set up in the class constructor. * @param string $this->plugin_file The full path and filename of the file. */ $api_params = apply_filters( 'edd_sl_plugin_updater_api_params', $api_params, $this->api_data, $this->plugin_file ); $request = wp_remote_post( $this->api_url, [ 'timeout' => 15, 'sslverify' => $this->verify_ssl(), 'body' => $api_params, ] ); if ( is_wp_error( $request ) || ( 200 !== wp_remote_retrieve_response_code( $request ) ) ) { $this->log_failed_request(); return false; } $body = json_decode( wp_remote_retrieve_body( $request ) ); if ( $body && isset( $body->sections ) ) { $body->sections = maybe_unserialize( $body->sections ); } else { $body = false; } if ( $body && isset( $body->banners ) ) { $body->banners = maybe_unserialize( $body->banners ); } if ( $body && isset( $body->icons ) ) { $body->icons = maybe_unserialize( $body->icons ); } if ( ! empty( $body->sections ) ) { foreach ( $body->sections as $key => $section ) { $body->$key = (array) $section; } } return $body; } /** * Get the version info from the cache, if it exists. * * @param string $cache_key The cache key to use. * @return object */ public function get_cached_version_info( $cache_key = '' ) { if ( empty( $cache_key ) ) { $cache_key = $this->get_cache_key(); } $cache = get_option( $cache_key ); // Cache is expired. if ( empty( $cache['timeout'] ) || time() > $cache['timeout'] ) { return false; } // We need to turn the icons into an array, thanks to WP Core forcing these into an object at some point. $cache['value'] = json_decode( $cache['value'] ); if ( ! empty( $cache['value']->icons ) ) { $cache['value']->icons = (array) $cache['value']->icons; } return $cache['value']; } /** * Adds the plugin version information to the database. * * @param string $value The value to store. * @param string $cache_key The cache key to use. */ public function set_version_info_cache( $value = '', $cache_key = '' ) { if ( empty( $cache_key ) ) { $cache_key = $this->get_cache_key(); } $data = [ 'timeout' => strtotime( '+12 hours', time() ), 'value' => wp_json_encode( $value ), ]; update_option( $cache_key, $data, 'no' ); // Delete the duplicate option. delete_option( 'edd_api_request_' . md5( serialize( $this->slug . $this->api_data['license'] . $this->beta ) ) ); } /** * Returns if the SSL of the store should be verified. * * @since 1.6.13 * @return bool */ private function verify_ssl() { return (bool) apply_filters( 'edd_sl_api_request_verify_ssl', true, $this ); } /** * Gets the unique key (option name) for a plugin. * * @since 1.9.0 * @return string */ private function get_cache_key() { $string = $this->slug . $this->api_data['license'] . $this->beta; return 'advads_edd_sl_' . md5( serialize( $string ) ); } }