class-wc-download-handler.php — WooCommerce 3.7.0

woocommerce / includes / class-wc-download-handler.php

woocommerce / includes Last commit date

class-wc-download-handler.php

594 lines

1	<?php
2	/**
3	* Download handler
4	*
5	* Handle digital downloads.
6	*
7	* @package WooCommerce/Classes
8	* @version 2.2.0
9	*/
10
11	defined( 'ABSPATH' ) \|\| exit;
12
13	/**
14	* Download handler class.
15	*/
16	class WC_Download_Handler {
17
18	/**
19	* Hook in methods.
20	*/
21	public static function init() {
22	if ( isset( $_GET['download_file'], $_GET['order'] ) && ( isset( $_GET['email'] ) \|\| isset( $_GET['uid'] ) ) ) { // WPCS: input var ok, CSRF ok.
23	add_action( 'init', array( __CLASS__, 'download_product' ) );
24	}
25	add_action( 'woocommerce_download_file_redirect', array( __CLASS__, 'download_file_redirect' ), 10, 2 );
26	add_action( 'woocommerce_download_file_xsendfile', array( __CLASS__, 'download_file_xsendfile' ), 10, 2 );
27	add_action( 'woocommerce_download_file_force', array( __CLASS__, 'download_file_force' ), 10, 2 );
28	}
29
30	/**
31	* Check if we need to download a file and check validity.
32	*/
33	public static function download_product() {
34	$product_id = absint( $_GET['download_file'] ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.VIP.ValidatedSanitizedInput.InputNotValidated
35	$product = wc_get_product( $product_id );
36	$data_store = WC_Data_Store::load( 'customer-download' );
37
38	if ( ! $product \|\| empty( $_GET['key'] ) \|\| empty( $_GET['order'] ) ) { // WPCS: input var ok, CSRF ok.
39	self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
40	}
41
42	// Fallback, accept email address if it's passed.
43	if ( empty( $_GET['email'] ) && empty( $_GET['uid'] ) ) { // WPCS: input var ok, CSRF ok.
44	self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
45	}
46
47	if ( isset( $_GET['email'] ) ) { // WPCS: input var ok, CSRF ok.
48	$email_address = wp_unslash( $_GET['email'] ); // WPCS: input var ok, CSRF ok, sanitization ok.
49	} else {
50	// Get email address from order to verify hash.
51	$order_id = wc_get_order_id_by_order_key( wc_clean( wp_unslash( $_GET['order'] ) ) ); // WPCS: input var ok, CSRF ok.
52	$order = wc_get_order( $order_id );
53	$email_address = is_a( $order, 'WC_Order' ) ? $order->get_billing_email() : null;
54
55	// Prepare email address hash.
56	$email_hash = function_exists( 'hash' ) ? hash( 'sha256', $email_address ) : sha1( $email_address );
57
58	if ( is_null( $email_address ) \|\| ! hash_equals( wp_unslash( $_GET['uid'] ), $email_hash ) ) { // WPCS: input var ok, CSRF ok, sanitization ok.
59	self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
60	}
61	}
62
63	$download_ids = $data_store->get_downloads(
64	array(
65	'user_email' => sanitize_email( str_replace( ' ', '+', $email_address ) ),
66	'order_key' => wc_clean( wp_unslash( $_GET['order'] ) ), // WPCS: input var ok, CSRF ok.
67	'product_id' => $product_id,
68	'download_id' => wc_clean( preg_replace( '/\s+/', ' ', wp_unslash( $_GET['key'] ) ) ), // WPCS: input var ok, CSRF ok, sanitization ok.
69	'orderby' => 'downloads_remaining',
70	'order' => 'DESC',
71	'limit' => 1,
72	'return' => 'ids',
73	)
74	);
75
76	if ( empty( $download_ids ) ) {
77	self::download_error( __( 'Invalid download link.', 'woocommerce' ) );
78	}
79
80	$download = new WC_Customer_Download( current( $download_ids ) );
81
82	$file_path = $product->get_file_download_path( $download->get_download_id() );
83	$parsed_file_path = self::parse_file_path( $file_path );
84	$download_range = self::get_download_range( @filesize( $parsed_file_path['file_path'] ) ); // @codingStandardsIgnoreLine.
85
86	self::check_order_is_valid( $download );
87	if ( ! $download_range['is_range_request'] ) {
88	// If the remaining download count goes to 0, allow range requests to be able to finish streaming from iOS devices.
89	self::check_downloads_remaining( $download );
90	}
91	self::check_download_expiry( $download );
92	self::check_download_login_required( $download );
93
94	do_action(
95	'woocommerce_download_product',
96	$download->get_user_email(),
97	$download->get_order_key(),
98	$download->get_product_id(),
99	$download->get_user_id(),
100	$download->get_download_id(),
101	$download->get_order_id()
102	);
103	$download->save();
104
105	// Track the download in logs and change remaining/counts.
106	$current_user_id = get_current_user_id();
107	$ip_address = WC_Geolocation::get_ip_address();
108	if ( ! $download_range['is_range_request'] ) {
109	$download->track_download( $current_user_id > 0 ? $current_user_id : null, ! empty( $ip_address ) ? $ip_address : null );
110	}
111
112	self::download( $file_path, $download->get_product_id() );
113	}
114
115	/**
116	* Check if an order is valid for downloading from.
117	*
118	* @param WC_Customer_Download $download Download instance.
119	*/
120	private static function check_order_is_valid( $download ) {
121	if ( $download->get_order_id() ) {
122	$order = wc_get_order( $download->get_order_id() );
123
124	if ( $order && ! $order->is_download_permitted() ) {
125	self::download_error( __( 'Invalid order.', 'woocommerce' ), '', 403 );
126	}
127	}
128	}
129
130	/**
131	* Check if there are downloads remaining.
132	*
133	* @param WC_Customer_Download $download Download instance.
134	*/
135	private static function check_downloads_remaining( $download ) {
136	if ( '' !== $download->get_downloads_remaining() && 0 >= $download->get_downloads_remaining() ) {
137	self::download_error( __( 'Sorry, you have reached your download limit for this file', 'woocommerce' ), '', 403 );
138	}
139	}
140
141	/**
142	* Check if the download has expired.
143	*
144	* @param WC_Customer_Download $download Download instance.
145	*/
146	private static function check_download_expiry( $download ) {
147	if ( ! is_null( $download->get_access_expires() ) && $download->get_access_expires()->getTimestamp() < strtotime( 'midnight', current_time( 'timestamp', true ) ) ) {
148	self::download_error( __( 'Sorry, this download has expired', 'woocommerce' ), '', 403 );
149	}
150	}
151
152	/**
153	* Check if a download requires the user to login first.
154	*
155	* @param WC_Customer_Download $download Download instance.
156	*/
157	private static function check_download_login_required( $download ) {
158	if ( $download->get_user_id() && 'yes' === get_option( 'woocommerce_downloads_require_login' ) ) {
159	if ( ! is_user_logged_in() ) {
160	if ( wc_get_page_id( 'myaccount' ) ) {
161	wp_safe_redirect( add_query_arg( 'wc_error', rawurlencode( __( 'You must be logged in to download files.', 'woocommerce' ) ), wc_get_page_permalink( 'myaccount' ) ) );
162	exit;
163	} else {
164	self::download_error( __( 'You must be logged in to download files.', 'woocommerce' ) . ' <a href="' . esc_url( wp_login_url( wc_get_page_permalink( 'myaccount' ) ) ) . '" class="wc-forward">' . __( 'Login', 'woocommerce' ) . '</a>', __( 'Log in to Download Files', 'woocommerce' ), 403 );
165	}
166	} elseif ( ! current_user_can( 'download_file', $download ) ) {
167	self::download_error( __( 'This is not your download link.', 'woocommerce' ), '', 403 );
168	}
169	}
170	}
171
172	/**
173	* Count download.
174	*
175	* @deprecated unknown
176	* @param array $download_data Download data.
177	*/
178	public static function count_download( $download_data ) {}
179
180	/**
181	* Download a file - hook into init function.
182	*
183	* @param string $file_path URL to file.
184	* @param integer $product_id Product ID of the product being downloaded.
185	*/
186	public static function download( $file_path, $product_id ) {
187	if ( ! $file_path ) {
188	self::download_error( __( 'No file defined', 'woocommerce' ) );
189	}
190
191	$filename = basename( $file_path );
192
193	if ( strstr( $filename, '?' ) ) {
194	$filename = current( explode( '?', $filename ) );
195	}
196
197	$filename = apply_filters( 'woocommerce_file_download_filename', $filename, $product_id );
198	$file_download_method = apply_filters( 'woocommerce_file_download_method', get_option( 'woocommerce_file_download_method', 'force' ), $product_id );
199
200	// Add action to prevent issues in IE.
201	add_action( 'nocache_headers', array( __CLASS__, 'ie_nocache_headers_fix' ) );
202
203	// Trigger download via one of the methods.
204	do_action( 'woocommerce_download_file_' . $file_download_method, $file_path, $filename );
205	}
206
207	/**
208	* Redirect to a file to start the download.
209	*
210	* @param string $file_path File path.
211	* @param string $filename File name.
212	*/
213	public static function download_file_redirect( $file_path, $filename = '' ) {
214	header( 'Location: ' . $file_path );
215	exit;
216	}
217
218	/**
219	* Parse file path and see if its remote or local.
220	*
221	* @param string $file_path File path.
222	* @return array
223	*/
224	public static function parse_file_path( $file_path ) {
225	$wp_uploads = wp_upload_dir();
226	$wp_uploads_dir = $wp_uploads['basedir'];
227	$wp_uploads_url = $wp_uploads['baseurl'];
228
229	/**
230	* Replace uploads dir, site url etc with absolute counterparts if we can.
231	* Note the str_replace on site_url is on purpose, so if https is forced
232	* via filters we can still do the string replacement on a HTTP file.
233	*/
234	$replacements = array(
235	$wp_uploads_url => $wp_uploads_dir,
236	network_site_url( '/', 'https' ) => ABSPATH,
237	str_replace( 'https:', 'http:', network_site_url( '/', 'http' ) ) => ABSPATH,
238	site_url( '/', 'https' ) => ABSPATH,
239	str_replace( 'https:', 'http:', site_url( '/', 'http' ) ) => ABSPATH,
240	);
241
242	$file_path = str_replace( array_keys( $replacements ), array_values( $replacements ), $file_path );
243	$parsed_file_path = wp_parse_url( $file_path );
244	$remote_file = true;
245
246	// Paths that begin with '//' are always remote URLs.
247	if ( '//' === substr( $file_path, 0, 2 ) ) {
248	return array(
249	'remote_file' => true,
250	'file_path' => is_ssl() ? 'https:' . $file_path : 'http:' . $file_path,
251	);
252	}
253
254	// See if path needs an abspath prepended to work.
255	if ( file_exists( ABSPATH . $file_path ) ) {
256	$remote_file = false;
257	$file_path = ABSPATH . $file_path;
258
259	} elseif ( '/wp-content' === substr( $file_path, 0, 11 ) ) {
260	$remote_file = false;
261	$file_path = realpath( WP_CONTENT_DIR . substr( $file_path, 11 ) );
262
263	// Check if we have an absolute path.
264	} elseif ( ( ! isset( $parsed_file_path['scheme'] ) \|\| ! in_array( $parsed_file_path['scheme'], array( 'http', 'https', 'ftp' ), true ) ) && isset( $parsed_file_path['path'] ) && file_exists( $parsed_file_path['path'] ) ) {
265	$remote_file = false;
266	$file_path = $parsed_file_path['path'];
267	}
268
269	return array(
270	'remote_file' => $remote_file,
271	'file_path' => $file_path,
272	);
273	}
274
275	/**
276	* Download a file using X-Sendfile, X-Lighttpd-Sendfile, or X-Accel-Redirect if available.
277	*
278	* @param string $file_path File path.
279	* @param string $filename File name.
280	*/
281	public static function download_file_xsendfile( $file_path, $filename ) {
282	$parsed_file_path = self::parse_file_path( $file_path );
283
284	if ( function_exists( 'apache_get_modules' ) && in_array( 'mod_xsendfile', apache_get_modules(), true ) ) {
285	self::download_headers( $parsed_file_path['file_path'], $filename );
286	$filepath = apply_filters( 'woocommerce_download_file_xsendfile_file_path', $parsed_file_path['file_path'], $file_path, $filename, $parsed_file_path );
287	header( 'X-Sendfile: ' . $filepath );
288	exit;
289	} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'lighttpd' ) ) {
290	self::download_headers( $parsed_file_path['file_path'], $filename );
291	$filepath = apply_filters( 'woocommerce_download_file_xsendfile_lighttpd_file_path', $parsed_file_path['file_path'], $file_path, $filename, $parsed_file_path );
292	header( 'X-Lighttpd-Sendfile: ' . $filepath );
293	exit;
294	} elseif ( stristr( getenv( 'SERVER_SOFTWARE' ), 'nginx' ) \|\| stristr( getenv( 'SERVER_SOFTWARE' ), 'cherokee' ) ) {
295	self::download_headers( $parsed_file_path['file_path'], $filename );
296	$xsendfile_path = trim( preg_replace( '`^' . str_replace( '\\', '/', getcwd() ) . '`', '', $parsed_file_path['file_path'] ), '/' );
297	$xsendfile_path = apply_filters( 'woocommerce_download_file_xsendfile_x_accel_redirect_file_path', $xsendfile_path, $file_path, $filename, $parsed_file_path );
298	header( "X-Accel-Redirect: /$xsendfile_path" );
299	exit;
300	}
301
302	// Fallback.
303	self::download_file_force( $file_path, $filename );
304	}
305
306	/**
307	* Parse the HTTP_RANGE request from iOS devices.
308	* Does not support multi-range requests.
309	*
310	* @param int $file_size Size of file in bytes.
311	* @return array {
312	* Information about range download request: beginning and length of
313	* file chunk, whether the range is valid/supported and whether the request is a range request.
314	*
315	* @type int $start Byte offset of the beginning of the range. Default 0.
316	* @type int $length Length of the requested file chunk in bytes. Optional.
317	* @type bool $is_range_valid Whether the requested range is a valid and supported range.
318	* @type bool $is_range_request Whether the request is a range request.
319	* }
320	*/
321	protected static function get_download_range( $file_size ) {
322	$start = 0;
323	$download_range = array(
324	'start' => $start,
325	'is_range_valid' => false,
326	'is_range_request' => false,
327	);
328
329	if ( ! $file_size ) {
330	return $download_range;
331	}
332
333	$end = $file_size - 1;
334	$download_range['length'] = $file_size;
335
336	if ( isset( $_SERVER['HTTP_RANGE'] ) ) { // @codingStandardsIgnoreLine.
337	$http_range = sanitize_text_field( wp_unslash( $_SERVER['HTTP_RANGE'] ) ); // WPCS: input var ok.
338	$download_range['is_range_request'] = true;
339
340	$c_start = $start;
341	$c_end = $end;
342	// Extract the range string.
343	list( , $range ) = explode( '=', $http_range, 2 );
344	// Make sure the client hasn't sent us a multibyte range.
345	if ( strpos( $range, ',' ) !== false ) {
346	return $download_range;
347	}
348
349	/*
350	* If the range starts with an '-' we start from the beginning.
351	* If not, we forward the file pointer
352	* and make sure to get the end byte if specified.
353	*/
354	if ( '-' === $range[0] ) {
355	// The n-number of the last bytes is requested.
356	$c_start = $file_size - substr( $range, 1 );
357	} else {
358	$range = explode( '-', $range );
359	$c_start = ( isset( $range[0] ) && is_numeric( $range[0] ) ) ? (int) $range[0] : 0;
360	$c_end = ( isset( $range[1] ) && is_numeric( $range[1] ) ) ? (int) $range[1] : $file_size;
361	}
362
363	/*
364	* Check the range and make sure it's treated according to the specs: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html.
365	* End bytes can not be larger than $end.
366	*/
367	$c_end = ( $c_end > $end ) ? $end : $c_end;
368	// Validate the requested range and return an error if it's not correct.
369	if ( $c_start > $c_end \|\| $c_start > $file_size - 1 \|\| $c_end >= $file_size ) {
370	return $download_range;
371	}
372	$start = $c_start;
373	$end = $c_end;
374	$length = $end - $start + 1;
375
376	$download_range['start'] = $start;
377	$download_range['length'] = $length;
378	$download_range['is_range_valid'] = true;
379	}
380	return $download_range;
381	}
382
383	/**
384	* Force download - this is the default method.
385	*
386	* @param string $file_path File path.
387	* @param string $filename File name.
388	*/
389	public static function download_file_force( $file_path, $filename ) {
390	$parsed_file_path = self::parse_file_path( $file_path );
391	$download_range = self::get_download_range( @filesize( $parsed_file_path['file_path'] ) ); // @codingStandardsIgnoreLine.
392
393	self::download_headers( $parsed_file_path['file_path'], $filename, $download_range );
394
395	$start = isset( $download_range['start'] ) ? $download_range['start'] : 0;
396	$length = isset( $download_range['length'] ) ? $download_range['length'] : 0;
397	if ( ! self::readfile_chunked( $parsed_file_path['file_path'], $start, $length ) ) {
398	if ( $parsed_file_path['remote_file'] ) {
399	self::download_file_redirect( $file_path );
400	} else {
401	self::download_error( __( 'File not found', 'woocommerce' ) );
402	}
403	}
404
405	exit;
406	}
407
408	/**
409	* Get content type of a download.
410	*
411	* @param string $file_path File path.
412	* @return string
413	*/
414	private static function get_download_content_type( $file_path ) {
415	$file_extension = strtolower( substr( strrchr( $file_path, '.' ), 1 ) );
416	$ctype = 'application/force-download';
417
418	foreach ( get_allowed_mime_types() as $mime => $type ) {
419	$mimes = explode( '\|', $mime );
420	if ( in_array( $file_extension, $mimes, true ) ) {
421	$ctype = $type;
422	break;
423	}
424	}
425
426	return $ctype;
427	}
428
429	/**
430	* Set headers for the download.
431	*
432	* @param string $file_path File path.
433	* @param string $filename File name.
434	* @param array $download_range Array containing info about range download request (see {@see get_download_range} for structure).
435	*/
436	private static function download_headers( $file_path, $filename, $download_range = array() ) {
437	self::check_server_config();
438	self::clean_buffers();
439	wc_nocache_headers();
440
441	header( 'X-Robots-Tag: noindex, nofollow', true );
442	header( 'Content-Type: ' . self::get_download_content_type( $file_path ) );
443	header( 'Content-Description: File Transfer' );
444	header( 'Content-Disposition: attachment; filename="' . $filename . '";' );
445	header( 'Content-Transfer-Encoding: binary' );
446
447	$file_size = @filesize( $file_path ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
448	if ( ! $file_size ) {
449	return;
450	}
451
452	if ( isset( $download_range['is_range_request'] ) && true === $download_range['is_range_request'] ) {
453	if ( false === $download_range['is_range_valid'] ) {
454	header( 'HTTP/1.1 416 Requested Range Not Satisfiable' );
455	header( 'Content-Range: bytes 0-' . ( $file_size - 1 ) . '/' . $file_size );
456	exit;
457	}
458
459	$start = $download_range['start'];
460	$end = $download_range['start'] + $download_range['length'] - 1;
461	$length = $download_range['length'];
462
463	header( 'HTTP/1.1 206 Partial Content' );
464	header( "Accept-Ranges: 0-$file_size" );
465	header( "Content-Range: bytes $start-$end/$file_size" );
466	header( "Content-Length: $length" );
467	} else {
468	header( 'Content-Length: ' . $file_size );
469	}
470	}
471
472	/**
473	* Check and set certain server config variables to ensure downloads work as intended.
474	*/
475	private static function check_server_config() {
476	wc_set_time_limit( 0 );
477	if ( function_exists( 'get_magic_quotes_runtime' ) && get_magic_quotes_runtime() && version_compare( phpversion(), '5.4', '<' ) ) {
478	set_magic_quotes_runtime( 0 ); // @codingStandardsIgnoreLine
479	}
480	if ( function_exists( 'apache_setenv' ) ) {
481	@apache_setenv( 'no-gzip', 1 ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_apache_setenv
482	}
483	@ini_set( 'zlib.output_compression', 'Off' ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_ini_set
484	@session_write_close(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.VIP.SessionFunctionsUsage.session_session_write_close
485	}
486
487	/**
488	* Clean all output buffers.
489	*
490	* Can prevent errors, for example: transfer closed with 3 bytes remaining to read.
491	*/
492	private static function clean_buffers() {
493	if ( ob_get_level() ) {
494	$levels = ob_get_level();
495	for ( $i = 0; $i < $levels; $i++ ) {
496	@ob_end_clean(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
497	}
498	} else {
499	@ob_end_clean(); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
500	}
501	}
502
503	/**
504	* Read file chunked.
505	*
506	* Reads file in chunks so big downloads are possible without changing PHP.INI - http://codeigniter.com/wiki/Download_helper_for_large_files/.
507	*
508	* @param string $file File.
509	* @param int $start Byte offset/position of the beginning from which to read from the file.
510	* @param int $length Length of the chunk to be read from the file in bytes, 0 means full file.
511	* @return bool Success or fail
512	*/
513	public static function readfile_chunked( $file, $start = 0, $length = 0 ) {
514	if ( ! defined( 'WC_CHUNK_SIZE' ) ) {
515	define( 'WC_CHUNK_SIZE', 1024 * 1024 );
516	}
517	$handle = @fopen( $file, 'r' ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_system_read_fopen
518
519	if ( false === $handle ) {
520	return false;
521	}
522
523	if ( ! $length ) {
524	$length = @filesize( $file ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
525	}
526
527	$read_length = (int) WC_CHUNK_SIZE;
528
529	if ( $length ) {
530	$end = $start + $length - 1;
531
532	@fseek( $handle, $start ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
533	$p = @ftell( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
534
535	while ( ! @feof( $handle ) && $p <= $end ) { // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
536	// Don't run past the end of file.
537	if ( $p + $read_length > $end ) {
538	$read_length = $end - $p + 1;
539	}
540
541	echo @fread( $handle, $read_length ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.XSS.EscapeOutput.OutputNotEscaped, WordPress.WP.AlternativeFunctions.file_system_read_fread
542	$p = @ftell( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
543
544	if ( ob_get_length() ) {
545	ob_flush();
546	flush();
547	}
548	}
549	} else {
550	while ( ! @feof( $handle ) ) { // @codingStandardsIgnoreLine.
551	echo @fread( $handle, $read_length ); // @codingStandardsIgnoreLine.
552	if ( ob_get_length() ) {
553	ob_flush();
554	flush();
555	}
556	}
557	}
558
559	return @fclose( $handle ); // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_system_read_fclose
560	}
561
562	/**
563	* Filter headers for IE to fix issues over SSL.
564	*
565	* IE bug prevents download via SSL when Cache Control and Pragma no-cache headers set.
566	*
567	* @param array $headers HTTP headers.
568	* @return array
569	*/
570	public static function ie_nocache_headers_fix( $headers ) {
571	if ( is_ssl() && ! empty( $GLOBALS['is_IE'] ) ) {
572	$headers['Cache-Control'] = 'private';
573	unset( $headers['Pragma'] );
574	}
575	return $headers;
576	}
577
578	/**
579	* Die with an error message if the download fails.
580	*
581	* @param string $message Error message.
582	* @param string $title Error title.
583	* @param integer $status Error status.
584	*/
585	private static function download_error( $message, $title = '', $status = 404 ) {
586	if ( ! strstr( $message, '<a ' ) ) {
587	$message .= ' <a href="' . esc_url( wc_get_page_permalink( 'shop' ) ) . '" class="wc-forward">' . esc_html__( 'Go to shop', 'woocommerce' ) . '</a>';
588	}
589	wp_die( $message, $title, array( 'response' => $status ) ); // WPCS: XSS ok.
590	}
591	}
592
593	WC_Download_Handler::init();
594