PluginProbe ʕ •ᴥ•ʔ
Presto Player / 3.0.2
Presto Player v3.0.2
4.3.0 4.2.4 4.2.3 4.2.2 4.2.0 4.2.1 trunk 1.10.0 1.10.1 1.10.2 1.11.0 1.12.0 1.13.0 1.14.0 1.14.1 1.5.10 1.5.11 1.5.12 1.5.13 1.5.14 1.5.15 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.10 1.6.11 1.6.12 1.6.13 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.8.0 1.8.1 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.2.0 2.2.1 2.2.2 2.2.3 2.2.3-beta1 2.3.0 2.3.1 2.3.2 2.3.3 3.0.0 3.0.0-beta1 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.1.0 3.1.1 3.1.2 3.1.3 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6 4.0.7 4.0.8 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4
presto-player / inc / Attachment.php
presto-player / inc Last commit date
Blocks 2 years ago Contracts 5 years ago Database 2 years ago Integrations 1 year ago Libraries 5 years ago Models 2 years ago Seeds 4 years ago Services 1 year ago Support 2 years ago config 2 years ago Activator.php 5 years ago Attachment.php 4 years ago Controller.php 5 years ago Core.php 5 years ago Deactivator.php 2 years ago Factory.php 2 years ago Files.php 5 years ago Playlist.php 2 years ago Plugin.php 5 years ago Requirements.php 4 years ago support.php 2 years ago
Attachment.php
261 lines
1 <?php
2
3 namespace PrestoPlayer;
4
5 use PrestoPlayer\Services\AdminNotices;
6 use PrestoPlayer\Services\Streamer;
7
8 class Attachment
9 {
10 protected $is_premium;
11
12 public function __construct($is_premium = false)
13 {
14 $this->is_premium = $is_premium;
15 }
16
17 public function register()
18 {
19 if ($this->is_premium) {
20 add_action('admin_notices', [$this, 'checkServer']);
21 }
22 add_action('wp_get_attachment_url', [$this, 'replaceLink'], 10, 2);
23 add_action('query_vars', [$this, 'addQueryVars']);
24 add_action('generate_rewrite_rules', [$this, 'customRewriteRules']);
25 add_action('template_redirect', [$this, 'loadVirtualPage']);
26 add_action('wp_ajax_presto_player_load_user_video', [$this, 'refreshAjaxTempSecurityUser']);
27
28 return $this;
29 }
30
31 public function refreshAjaxTempSecurityUser($action)
32 {
33 if (empty($_POST['type'])) {
34 wp_send_json_error('type not set');
35 }
36
37 if (!defined('DOING_AJAX') && !is_user_logged_in()) {
38 wp_redirect(home_url());
39 exit();
40 }
41
42 check_ajax_referer('presto_player');
43
44 if ($_POST['type'] === 'private-hosted') {
45 if (isset($_POST['id'])) {
46 $post_id = (int) $_POST['id'];
47 $this->setVideoTransient((int)$post_id);
48 wp_send_json_success($this->getSrc((int)$post_id, true));
49 }
50 }
51
52 if (!$this->is_premium) {
53 wp_send_json_success();
54 return;
55 }
56
57 wp_send_json_success();
58 }
59
60 public function getTransientKey()
61 {
62 if (!function_exists('wp_get_current_user')) {
63 return '';
64 }
65 $current_user = \wp_get_current_user();
66 return 'presto-player-user-' . $current_user->ID;
67 }
68
69 /**
70 * Adds query vars for rewrites
71 *
72 * @param array $query_vars
73 * @return array
74 */
75 public function addQueryVars($query_vars)
76 {
77 $query_vars[] = 'presto-player-video';
78 $query_vars[] = 'presto-player-token';
79 return $query_vars;
80 }
81
82 /**
83 * Add custom rewrite rules
84 *
85 * @param \WP_Rewrite $wp_rewrite
86 * @return void
87 */
88 public function customRewriteRules($wp_rewrite)
89 {
90 $wp_rewrite->rules = array_merge(
91 ['video-src/([^/]*)/(\d+)/?$' => 'index.php?presto-player-token=$matches[1]&presto-player-video=$matches[2]'],
92 $wp_rewrite->rules
93 );
94 }
95
96 /**
97 * Load virtual template to stream video by id
98 */
99 public function loadVirtualPage()
100 {
101 // get video attachment id
102 $video_id = intval(get_query_var('presto-player-video'));
103 // get the token
104 $token = sanitize_text_field(get_query_var('presto-player-token'));
105
106 if ($video_id && $token) {
107 if (!is_user_logged_in()) {
108 wp_die('Access denied! :(', 'Access Denied', ['response' => 403]);
109 }
110 $this->checkAndLoadStream(wp_get_current_user(), $video_id, $token);
111 die;
112 }
113 }
114
115 /**
116 * Check the server
117 *
118 * @return void
119 */
120 public function checkServer()
121 {
122 // check for nginx
123 $notice_name = 'nginx_rules';
124 $server_software = isset($_SERVER['SERVER_SOFTWARE']) ? sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE'])) : false;
125 if (!stristr($server_software, 'nginx')) {
126 return;
127 }
128
129 if (current_user_can('install_plugins') && !AdminNotices::isDismissed($notice_name)) {
130 $this->showNotice($notice_name);
131 }
132 }
133
134 public function showNotice($notice_name)
135 {
136 ob_start(); ?>
137
138 <div class="error">
139 <h3>Presto Player</h3>
140 <p><?php printf(__('The video files in the %s folder are not currently protected due to your site running on NGINX.', 'presto-player'), '<strong>presto-player-private</strong>'); ?></p>
141 <p><?php _e('If you plan on using private video, you will want to protect this directory. To protect them, you must add a firewall rule as explained in <a href="https://prestoplayer.com/protecting-videos-with-nginx" target="_blank">this guide</a>.', 'presto-player'); ?></p>
142 <p><?php _e('If you have already added the rule, you may safely dismiss this notice', 'presto-player'); ?></p>
143 <p><a href="<?php echo esc_url(add_query_arg(array('presto_action' => 'dismiss_notices', 'presto_notice' => $notice_name))); ?>"><?php _e('Dismiss Notice', 'presto-player'); ?></a></p>
144 </div>
145
146 <?php echo ob_get_clean();
147 }
148
149 /**
150 * Sets the transient for video access
151 * Sets this for 24 hours
152 *
153 * @param integer $post_id
154 * @return void
155 */
156 public function setVideoTransient($post_id)
157 {
158 $videos = (array) get_transient($this->getTransientKey());
159 $videos[] = sanitize_text_field($post_id);
160
161 // set temporary user transient for access for 1 hour
162 set_transient($this->getTransientKey(), array_filter(array_unique($videos)), 24 * HOUR_IN_SECONDS);
163 }
164
165 public static function getSrc($id, $private = false)
166 {
167 if ($private) {
168 return self::getPrivateSrc($id);
169 }
170 return wp_get_attachment_url($id);
171 }
172
173 public static function getPublicSrc($id)
174 {
175 global $presto_override_private_url;
176 $old = $presto_override_private_url;
177 $presto_override_private_url = true;
178 $url = wp_get_attachment_url($id);
179 $presto_override_private_url = $old;
180 return $url;
181 }
182
183 public static function isPrivate($id)
184 {
185 return strpos(wp_get_attachment_url($id), 'video-src');
186 }
187
188 public static function getPrivateSrc($id)
189 {
190 if (!function_exists('wp_create_nonce')) return '';
191 // set temporary user transient for access for 1 hour
192 (new self())->setVideoTransient($id);
193 if (!get_option('permalink_structure')) {
194 return sprintf(site_url('?presto-player-video=%d&presto-player-token=%s'), $id, wp_create_nonce('presto-player-user-token'));
195 }
196 return sprintf(site_url('video-src/%s/%d'), wp_create_nonce('presto-player-user-token'), $id);
197 }
198
199 /**
200 * Replaces attachment link
201 *
202 * @param [type] $url
203 * @param [type] $post_id
204 * @return void
205 */
206 public function replaceLink($url, $post_id)
207 {
208 global $presto_override_private_url;
209
210 // only replace for our folder
211 if (!stristr($url, 'presto-player-private')) {
212 return $url;
213 }
214
215 if (!$presto_override_private_url) {
216 return self::getPrivateSrc($post_id);
217 } else {
218 return $url;
219 }
220 }
221
222 /**
223 * Check and load stream through PHP
224 *
225 * @param \WP_User $current_user
226 * @param integer $attachment_id
227 * @param string $token
228 * @return void
229 */
230 public function checkAndLoadStream($current_user, $attachment_id, $token)
231 {
232 $security_token = isset($token) ? wp_verify_nonce($token, 'presto-player-user-token') : false;
233 $temp_security_user = get_transient($this->getTransientKey());
234
235 /**
236 * Start video stream with the correct video SRC only in case of pass security rules
237 */
238 if ($security_token && $temp_security_user && $attachment_id > 0 && in_array($attachment_id, $temp_security_user)) {
239 $video_file = get_attached_file($attachment_id);
240 $file_type = wp_check_filetype($video_file);
241
242 /**
243 * Start video stream to show the video
244 */
245 $video_stream = new Streamer($video_file, $file_type['type']);
246 $video_stream->start();
247 exit();
248 } else {
249
250 /**
251 * Alert user about the misconduct by accessing directly
252 */
253 $message = sprintf(
254 __('Sorry %1$s! Access to this video is not allowed. An administrator will be informed.', 'presto-player'),
255 ucfirst($current_user->display_name)
256 );
257 wp_die($message, __('Forbidden', 'presto-player'), 403);
258 }
259 }
260 }
261