PluginProbe ʕ •ᴥ•ʔ
Presto Player / 4.1.1
Presto Player v4.1.1
4.3.0 4.2.4 4.2.3 4.2.2 4.2.0 4.2.1 trunk 1.10.0 1.10.1 1.10.2 1.11.0 1.12.0 1.13.0 1.14.0 1.14.1 1.5.10 1.5.11 1.5.12 1.5.13 1.5.14 1.5.15 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.10 1.6.11 1.6.12 1.6.13 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.8.0 1.8.1 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.2.0 2.2.1 2.2.2 2.2.3 2.2.3-beta1 2.3.0 2.3.1 2.3.2 2.3.3 3.0.0 3.0.0-beta1 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.1.0 3.1.1 3.1.2 3.1.3 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6 4.0.7 4.0.8 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4
presto-player / inc / Attachment.php
presto-player / inc Last commit date
Blocks 6 months ago Contracts 1 year ago Database 4 months ago Integrations 3 months ago Libraries 3 months ago Models 3 months ago Seeds 1 year ago Services 3 months ago Support 4 months ago config 4 months ago lib 4 months ago Activator.php 1 year ago Attachment.php 4 months ago Controller.php 1 year ago Core.php 1 year ago Deactivator.php 1 year ago Factory.php 3 months ago Files.php 1 year ago Playlist.php 1 year ago Plugin.php 9 months ago Requirements.php 1 year ago support.php 1 year ago
Attachment.php
260 lines
1 <?php
2
3 namespace PrestoPlayer;
4
5 use PrestoPlayer\Services\AdminNotices;
6 use PrestoPlayer\Services\Streamer;
7
8 class Attachment {
9
10 protected $is_premium;
11
12 public function __construct( $is_premium = false ) {
13 $this->is_premium = $is_premium;
14 }
15
16 public function register() {
17 if ( $this->is_premium ) {
18 add_action( 'admin_notices', array( $this, 'checkServer' ) );
19 }
20 add_action( 'wp_get_attachment_url', array( $this, 'replaceLink' ), 10, 2 );
21 add_action( 'query_vars', array( $this, 'addQueryVars' ) );
22 add_action( 'generate_rewrite_rules', array( $this, 'customRewriteRules' ) );
23 add_action( 'template_redirect', array( $this, 'loadVirtualPage' ) );
24 add_action( 'wp_ajax_presto_player_load_user_video', array( $this, 'refreshAjaxTempSecurityUser' ) );
25
26 return $this;
27 }
28
29 public function refreshAjaxTempSecurityUser( $action ) {
30 if ( empty( $_POST['type'] ) ) {
31 wp_send_json_error( 'type not set' );
32 }
33
34 if ( ! defined( 'DOING_AJAX' ) && ! is_user_logged_in() ) {
35 wp_redirect( home_url() );
36 exit();
37 }
38
39 check_ajax_referer( 'presto_player' );
40
41 if ( $_POST['type'] === 'private-hosted' ) {
42 if ( isset( $_POST['id'] ) ) {
43 $post_id = (int) $_POST['id'];
44 $this->setVideoTransient( (int) $post_id );
45 wp_send_json_success( $this->getSrc( (int) $post_id, true ) );
46 }
47 }
48
49 if ( ! $this->is_premium ) {
50 wp_send_json_success();
51 return;
52 }
53
54 wp_send_json_success();
55 }
56
57 public function getTransientKey() {
58 if ( ! function_exists( 'wp_get_current_user' ) ) {
59 return '';
60 }
61 $current_user = \wp_get_current_user();
62 return 'presto-player-user-' . $current_user->ID;
63 }
64
65 /**
66 * Adds query vars for rewrites
67 *
68 * @param array $query_vars
69 * @return array
70 */
71 public function addQueryVars( $query_vars ) {
72 $query_vars[] = 'presto-player-video';
73 $query_vars[] = 'presto-player-token';
74 return $query_vars;
75 }
76
77 /**
78 * Add custom rewrite rules
79 *
80 * @param \WP_Rewrite $wp_rewrite
81 * @return void
82 */
83 public function customRewriteRules( $wp_rewrite ) {
84 $wp_rewrite->rules = array_merge(
85 array( 'video-src/([^/]*)/(\d+)/?$' => 'index.php?presto-player-token=$matches[1]&presto-player-video=$matches[2]' ),
86 $wp_rewrite->rules
87 );
88 }
89
90 /**
91 * Load virtual template to stream video by id
92 */
93 public function loadVirtualPage() {
94 // get video attachment id
95 $video_id = intval( get_query_var( 'presto-player-video' ) );
96 // get the token
97 $token = sanitize_text_field( get_query_var( 'presto-player-token' ) );
98
99 if ( $video_id && $token ) {
100 if ( ! is_user_logged_in() ) {
101 wp_die( 'Access denied! :(', 'Access Denied', array( 'response' => 403 ) );
102 }
103 $this->checkAndLoadStream( wp_get_current_user(), $video_id, $token );
104 die;
105 }
106 }
107
108 /**
109 * Check the server
110 *
111 * @return void
112 */
113 public function checkServer() {
114 // check for nginx
115 $notice_name = 'nginx_rules';
116 $server_software = isset( $_SERVER['SERVER_SOFTWARE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_SOFTWARE'] ) ) : false;
117 if ( ! stristr( $server_software, 'nginx' ) ) {
118 return;
119 }
120
121 if ( current_user_can( 'install_plugins' ) && ! AdminNotices::isDismissed( $notice_name ) ) {
122 $this->showNotice( $notice_name );
123 }
124 }
125
126 public function showNotice( $notice_name ) {
127 ob_start(); ?>
128
129 <div class="error">
130 <h3>Presto Player</h3>
131 <p><?php printf( __( 'The video files in the %s folder are not currently protected due to your site running on NGINX.', 'presto-player' ), '<strong>presto-player-private</strong>' ); ?></p>
132 <p><?php _e( 'If you plan on using private video, you will want to protect this directory. To protect them, you must add a firewall rule as explained in <a href="https://prestoplayer.com/protecting-videos-with-nginx" target="_blank">this guide</a>.', 'presto-player' ); ?></p>
133 <p><?php _e( 'If you have already added the rule, you may safely dismiss this notice', 'presto-player' ); ?></p>
134 <p><a href="
135 <?php
136 echo esc_url(
137 add_query_arg(
138 array(
139 'presto_action' => 'dismiss_notices',
140 'presto_notice' => $notice_name,
141 '_wpnonce' => wp_create_nonce( 'presto-dismiss-notice' ),
142 )
143 )
144 );
145 ?>
146 "><?php _e( 'Dismiss Notice', 'presto-player' ); ?></a></p>
147 </div>
148
149 <?php
150 echo ob_get_clean();
151 }
152
153 /**
154 * Sets the transient for video access
155 * Sets this for 24 hours
156 *
157 * @param integer $post_id
158 * @return void
159 */
160 public function setVideoTransient( $post_id ) {
161 $videos = (array) get_transient( $this->getTransientKey() );
162 $videos[] = sanitize_text_field( $post_id );
163
164 // set temporary user transient for access for 1 hour
165 set_transient( $this->getTransientKey(), array_filter( array_unique( $videos ) ), 24 * HOUR_IN_SECONDS );
166 }
167
168 public static function getSrc( $id, $private = false ) {
169 if ( $private ) {
170 return self::getPrivateSrc( $id );
171 }
172 return wp_get_attachment_url( $id );
173 }
174
175 public static function getPublicSrc( $id ) {
176 global $presto_override_private_url;
177 $old = $presto_override_private_url;
178 $presto_override_private_url = true;
179 $url = wp_get_attachment_url( $id );
180 $presto_override_private_url = $old;
181 return $url;
182 }
183
184 public static function isPrivate( $id ) {
185 return strpos( wp_get_attachment_url( $id ), 'video-src' );
186 }
187
188 public static function getPrivateSrc( $id ) {
189 if ( ! function_exists( 'wp_create_nonce' ) ) {
190 return '';
191 }
192 // set temporary user transient for access for 1 hour
193 ( new self() )->setVideoTransient( $id );
194 if ( ! get_option( 'permalink_structure' ) ) {
195 return sprintf( site_url( '?presto-player-video=%d&presto-player-token=%s' ), $id, wp_create_nonce( 'presto-player-user-token' ) );
196 }
197 return sprintf( site_url( 'video-src/%s/%d' ), wp_create_nonce( 'presto-player-user-token' ), $id );
198 }
199
200 /**
201 * Replaces attachment link
202 *
203 * @param [type] $url
204 * @param [type] $post_id
205 * @return void
206 */
207 public function replaceLink( $url, $post_id ) {
208 global $presto_override_private_url;
209
210 // only replace for our folder
211 if ( ! stristr( $url, 'presto-player-private' ) ) {
212 return $url;
213 }
214
215 if ( ! $presto_override_private_url ) {
216 return self::getPrivateSrc( $post_id );
217 } else {
218 return $url;
219 }
220 }
221
222 /**
223 * Check and load stream through PHP
224 *
225 * @param \WP_User $current_user
226 * @param integer $attachment_id
227 * @param string $token
228 * @return void
229 */
230 public function checkAndLoadStream( $current_user, $attachment_id, $token ) {
231 $security_token = isset( $token ) ? wp_verify_nonce( $token, 'presto-player-user-token' ) : false;
232 $temp_security_user = get_transient( $this->getTransientKey() );
233
234 /**
235 * Start video stream with the correct video SRC only in case of pass security rules
236 */
237 if ( $security_token && $temp_security_user && $attachment_id > 0 && in_array( $attachment_id, $temp_security_user ) ) {
238 $video_file = get_attached_file( $attachment_id );
239 $file_type = wp_check_filetype( $video_file );
240
241 /**
242 * Start video stream to show the video
243 */
244 $video_stream = new Streamer( $video_file, $file_type['type'] );
245 $video_stream->start();
246 exit();
247 } else {
248
249 /**
250 * Alert user about the misconduct by accessing directly
251 */
252 $message = sprintf(
253 __( 'Sorry %1$s! Access to this video is not allowed. An administrator will be informed.', 'presto-player' ),
254 ucfirst( $current_user->display_name )
255 );
256 wp_die( $message, __( 'Forbidden', 'presto-player' ), 403 );
257 }
258 }
259 }
260