PluginProbe ʕ •ᴥ•ʔ
Presto Player / 1.5.7
Presto Player v1.5.7
4.3.0 4.2.4 4.2.3 4.2.2 4.2.0 4.2.1 trunk 1.10.0 1.10.1 1.10.2 1.11.0 1.12.0 1.13.0 1.14.0 1.14.1 1.5.10 1.5.11 1.5.12 1.5.13 1.5.14 1.5.15 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.10 1.6.11 1.6.12 1.6.13 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.8.0 1.8.1 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.2.0 2.2.1 2.2.2 2.2.3 2.2.3-beta1 2.3.0 2.3.1 2.3.2 2.3.3 3.0.0 3.0.0-beta1 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.1.0 3.1.1 3.1.2 3.1.3 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6 4.0.7 4.0.8 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4
presto-player / inc / Attachment.php
presto-player / inc Last commit date
Blocks 4 years ago Contracts 5 years ago Database 5 years ago Integrations 4 years ago Libraries 5 years ago Models 5 years ago Seeds 5 years ago Services 4 years ago Support 5 years ago config 5 years ago Activator.php 5 years ago Attachment.php 5 years ago Controller.php 5 years ago Core.php 5 years ago Factory.php 5 years ago Files.php 5 years ago Plugin.php 5 years ago Requirements.php 5 years ago support.php 5 years ago
Attachment.php
256 lines
1 <?php
2
3 namespace PrestoPlayer;
4
5 use PrestoPlayer\Services\AdminNotices;
6 use PrestoPlayer\Services\VideoStreamer;
7
8 class Attachment
9 {
10 protected $is_premium;
11
12 public function __construct($is_premium = false)
13 {
14 $this->is_premium = $is_premium;
15 }
16
17 public function register()
18 {
19 if ($this->is_premium) {
20 add_action('admin_notices', [$this, 'checkServer']);
21 }
22 add_action('wp_get_attachment_url', [$this, 'replaceLink'], 10, 2);
23 add_action('query_vars', [$this, 'addQueryVars']);
24 add_action('generate_rewrite_rules', [$this, 'customRewriteRules']);
25 add_action('template_redirect', [$this, 'loadVirtualPage']);
26 add_action('wp_ajax_presto_player_load_user_video', [$this, 'refreshAjaxTempSecurityUser']);
27
28 return $this;
29 }
30
31 public function refreshAjaxTempSecurityUser($action)
32 {
33 if (empty($_POST['type'])) {
34 wp_send_json_error('type not set');
35 }
36
37 if (!defined('DOING_AJAX') && !is_user_logged_in()) {
38 wp_redirect(home_url());
39 exit();
40 }
41
42 check_ajax_referer('presto_player');
43
44 if ($_POST['type'] === 'private-hosted') {
45 if (isset($_POST['id'])) {
46 $post_id = (int) $_POST['id'];
47 $this->setVideoTransient((int)$post_id);
48 wp_send_json_success($this->getSrc((int)$post_id, true));
49 }
50 }
51
52 if (!$this->is_premium) {
53 wp_send_json_success();
54 return;
55 }
56
57 wp_send_json_success();
58 }
59
60 public function getTransientKey()
61 {
62 $current_user = wp_get_current_user();
63 return 'presto-player-user-' . $current_user->ID;
64 }
65
66 /**
67 * Adds query vars for rewrites
68 *
69 * @param array $query_vars
70 * @return array
71 */
72 public function addQueryVars($query_vars)
73 {
74 $query_vars[] = 'presto-player-video';
75 $query_vars[] = 'presto-player-token';
76 return $query_vars;
77 }
78
79 /**
80 * Add custom rewrite rules
81 *
82 * @param \WP_Rewrite $wp_rewrite
83 * @return void
84 */
85 public function customRewriteRules($wp_rewrite)
86 {
87 $wp_rewrite->rules = array_merge(
88 ['video-src/([^/]*)/(\d+)/?$' => 'index.php?presto-player-token=$matches[1]&presto-player-video=$matches[2]'],
89 $wp_rewrite->rules
90 );
91 }
92
93 /**
94 * Load virtual template to stream video by id
95 */
96 public function loadVirtualPage()
97 {
98 // get video attachment id
99 $video_id = intval(get_query_var('presto-player-video'));
100 // get the token
101 $token = sanitize_text_field(get_query_var('presto-player-token'));
102
103 if ($video_id && $token) {
104 if (!is_user_logged_in()) {
105 wp_die('Access denied! :(', 'Access Denied', ['response' => 403]);
106 }
107 $this->checkAndLoadStream(wp_get_current_user(), $video_id, $token);
108 die;
109 }
110 }
111
112 /**
113 * Check the server
114 *
115 * @return void
116 */
117 public function checkServer()
118 {
119 // check for nginx
120 $notice_name = 'nginx_rules';
121 $server_software = isset($_SERVER['SERVER_SOFTWARE']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE'])) : false;
122 if (!stristr($server_software, 'nginx')) {
123 return;
124 }
125
126 if (current_user_can('install_plugins') && !AdminNotices::isDismissed($notice_name)) {
127 $this->showNotice($notice_name);
128 }
129 }
130
131 public function showNotice($notice_name)
132 {
133 ob_start(); ?>
134
135 <div class="error">
136 <h3>Presto Player</h3>
137 <p><?php printf(__('The video files in the %s folder are not currently protected due to your site running on NGINX.', 'presto-player'), '<strong>presto-player-private</strong>'); ?></p>
138 <p><?php _e('If you plan on using private video, you will want to protect this directory. To protect them, you must add a firewall rule as explained in <a href="https://prestoplayer.com/protecting-videos-with-nginx" target="_blank">this guide</a>.', 'presto-player'); ?></p>
139 <p><?php _e('If you have already added the rule, you may safely dismiss this notice', 'presto-player'); ?></p>
140 <p><a href="<?php echo esc_url(add_query_arg(array('presto_action' => 'dismiss_notices', 'presto_notice' => $notice_name))); ?>"><?php _e('Dismiss Notice', 'presto-player'); ?></a></p>
141 </div>
142
143 <?php echo ob_get_clean();
144 }
145
146 /**
147 * Sets the transient for video access
148 * Sets this for 24 hours
149 *
150 * @param integer $post_id
151 * @return void
152 */
153 public function setVideoTransient($post_id)
154 {
155 $videos = (array) get_transient($this->getTransientKey());
156 $videos[] = sanitize_text_field($post_id);
157
158 // set temporary user transient for access for 1 hour
159 set_transient($this->getTransientKey(), array_filter(array_unique($videos)), 24 * HOUR_IN_SECONDS);
160 }
161
162 public static function getSrc($id, $private = false)
163 {
164 if ($private) {
165 return self::getPrivateSrc($id);
166 }
167 return wp_get_attachment_url($id);
168 }
169
170 public static function getPublicSrc($id)
171 {
172 global $presto_override_private_url;
173 $old = $presto_override_private_url;
174 $presto_override_private_url = true;
175 $url = wp_get_attachment_url($id);
176 $presto_override_private_url = $old;
177 return $url;
178 }
179
180 public static function isPrivate($id)
181 {
182 return strpos(wp_get_attachment_url($id), 'video-src');
183 }
184
185 public static function getPrivateSrc($id)
186 {
187 // set temporary user transient for access for 1 hour
188 (new self())->setVideoTransient($id);
189 if (!get_option('permalink_structure')) {
190 return sprintf(site_url('?presto-player-video=%d&presto-player-token=%s'), $id, wp_create_nonce('presto-player-user-token'));
191 }
192 return sprintf(site_url('video-src/%s/%d'), wp_create_nonce('presto-player-user-token'), $id);
193 }
194
195 /**
196 * Replaces attachment link
197 *
198 * @param [type] $url
199 * @param [type] $post_id
200 * @return void
201 */
202 public function replaceLink($url, $post_id)
203 {
204 global $presto_override_private_url;
205
206 // only replace for our folder
207 if (!stristr($url, 'presto-player-private')) {
208 return $url;
209 }
210
211 if (!$presto_override_private_url) {
212 return self::getPrivateSrc($post_id);
213 } else {
214 return $url;
215 }
216 }
217
218 /**
219 * Check and load stream through PHP
220 *
221 * @param \WP_User $current_user
222 * @param integer $attachment_id
223 * @param string $token
224 * @return void
225 */
226 public function checkAndLoadStream($current_user, $attachment_id, $token)
227 {
228 $security_token = isset($token) ? wp_verify_nonce($token, 'presto-player-user-token') : false;
229 $temp_security_user = get_transient($this->getTransientKey());
230
231 /**
232 * Start video stream with the correct video SRC only in case of pass security rules
233 */
234 if ($security_token && $temp_security_user && $attachment_id > 0 && in_array($attachment_id, $temp_security_user)) {
235 $video_file = get_attached_file($attachment_id);
236
237 /**
238 * Start video stream to show the video
239 */
240 $video_stream = new VideoStreamer($video_file);
241 $video_stream->start();
242 exit();
243 } else {
244
245 /**
246 * Alert user about the misconduct by accessing directly
247 */
248 $message = sprintf(
249 __('Sorry %1$s! Access to this video is not allowed. An administrator will be informed.', 'presto-player'),
250 ucfirst($current_user->display_name)
251 );
252 wp_die($message, __('Forbidden', 'presto-player'), 403);
253 }
254 }
255 }
256