From 23714c161ee974a4393da35476ce0d7d58d02472 Mon Sep 17 00:00:00 2001 From: Aleksei Tikhomirov Date: Thu, 4 Sep 2025 23:26:49 +0300 Subject: [PATCH] download fix --- includes/LicOrder.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/includes/LicOrder.php b/includes/LicOrder.php index 12a79fb..6ee9ab0 100644 --- a/includes/LicOrder.php +++ b/includes/LicOrder.php @@ -1,6 +1,7 @@ download_package(); + if (isset($_GET['package_slug'], $_GET['uid'])) { + LicOrder::download_package(); } } @@ -418,7 +419,7 @@ final class LicOrder 'order_id' => $lic['txn_id'], 'lic_id' => $lic['id'] ]; - return get_site_url().'?'.http_build_query($args); + return get_home_url().'?'.http_build_query($args); } /** @@ -428,13 +429,17 @@ final class LicOrder */ public static function download_package(): void { + error_log('Download package initiated'); + error_log('GET params: ' . print_r($_GET, true)); + $user_id = absint($_GET['uid']); $package_slug = $_GET['package_slug']; $order_id = (absint($_GET['order_id'])); $lic_id = (absint($_GET['lic_id'])); - if (empty($user_id)) { // WPCS: input var ok, CSRF ok. - self::download_error(__('Invalid download link.', 'woocommerce')); + if (empty($user_id) || get_current_user_id() !== $user_id ) { + error_log('User ID mismatch: current='.get_current_user_id().' vs requested='.$user_id); + self::download_error(__('Invalid download link. Or access denied.', 'woocommerce')); } if (!is_user_logged_in()) { @@ -448,6 +453,11 @@ final class LicOrder $lic_manager = new License_API(); $lic = $lic_manager->read(['id' => $lic_id]); + if (!$lic || empty($lic->package_slug)) { + error_log('License not found or invalid: ' . $lic_id); + self::download_error(__('Invalid license.'), '', 403); + } + if (strtotime('midnight', time()) > strtotime($lic->date_expiry)) { self::download_error(__('Sorry, this download has expired', 'woocommerce'), '', 403); }