Bypass .htaccess when using download_url

You can inject a made-up referer into WordPress’ HTTP request by filtering pre_http_request. All you need is a simple class like this (untested!):

class FakeWpReferer
{
    private $referer;

    private $url;

    private $is_regex;

    /**
     * @param string $referer
     * @param string $url URL to fake the referer for.
     * @param bool   $is_regex Is $url a regular expression?
     */
    public function __construct( $referer, $url, $is_regex = FALSE )
    {
        $this->referer  = $referer;
        $this->url      = $url;
        $this->is_regex = $is_regex;
    }

    /**
     * @wp-hook pre_http_request
     * @param   array $args
     *
     * @return array
     */
    public function inject( array $args, $url )
    {
        if ( $this->match_url( $url ) )
            $args['headers']['Referer'] = $this->referer;

        return $args;
    }

    /**
     * @param string $request_url
     *
     * @return bool
     */
    private function match_url( $request_url )
    {
        if ( ! $this->is_regex )
            return $request_url === $this->url;

        return (bool) preg_match( $this->url, $request_url );
    }
}

And then register it as a filter:

$fake = new FakeWpReferer(
    'http://example.co.uk/client-area',
    '~^http://www.example.co.uk/uploads/~',
    TRUE
);
add_filter( 'pre_http_request', [ $fake, 'inject' ], 10, 2 );

Then you can use download_url(), and WordPress will use your custom referer. Be aware that everyone else can fake referers too, so your “protection” isn’t really one.

Related Posts:

  1. Loading index.php contents which located outside blog folder for post single page
  2. Simple seo-friendly custom $_GET url rewrite with htaccess
  3. Redirect homepage /page/1/ to /blog/page/1/
  4. Getting a 500 Internal Server Error on Laravel 5+ Ubuntu 14.04
  5. How to create custom 401, 403 and 500 error pages?
  6. PHP – redirect https to http and www to non-www
  7. How can I run a .php file located in my site’s root folder?
  8. Fix 403 error on WordPress multisite network using subdomains
  9. Can I write ‘RewriteCond’ using ‘functions.php’?
  10. How to redirect all 404 in a WordPress subdirectory to the index.php of subdirectory?
  11. WordPress multisite causing Error 101 (net::ERR_CONNECTION_RESET): Unknown error [duplicate]
  12. How to run multiple websites from single WordPress setup
  13. Using PHP in a Stylesheet (possibly a “.htaccess” problem?)
  14. How to override .htaccess with new rules without ftp or edit it manual
  15. WordPress-site can be reached on x.x.x.x/index.php – but not directly on the IP without index.php
  16. Change the actual (or viewable) WordPress directory structure
  17. Add htaccess rules with insert_with_markers at beginning of htaccess
  18. Cannot get media type from ‘x-mapp-php5’
  19. How to rewrite URL with PHP variables with htaccess to a normal looking URL?
  20. How to change home or site url using action hooks or filter?
  21. Apache Fallback instead of add_rewrite_rule
  22. 3 blogs same installation, without WP MU
  23. Two Different Links for Same Product – WooCommerce [closed]
  24. Was told to change the .htacess file form .html to .php so this would work properly
  25. How to change redirection route to a php page for making it only accessible by logged-in members?
  26. how to combine wordpress htaccess on my root domain + php on subfolder
  27. subdirectory index.php is not working
  28. custom url rewrite for wordpress
  29. WP & Server Speed [Teacher Question]
  30. How can I hide that I Use WordPress (with W3 Total Cache)
  31. WordPress add_rewrite_rules for custom URLs ending in .html
  32. Troll the hackers by redirecting them
  33. Seo Friendly Filter URLs
  34. How to allow download url redirection only if user logged in WordPress site?
  35. How to disable all logins except Network login in WordPress Multi site?
  36. Removing files programmatically
  37. Is it possible to restrict files from your wordpress uploads (not logged-in users or guest)?
  38. How do I add my PHP app to a WordPress page whilst keeping semantic URLs?
  39. Why is home page content not displaying with this rewrite rule?
  40. Modifying WP URL handing code?
  41. Disable category RSS Feeds on WordPress blog with PHP
  42. Prevent Buddypress Rewrite Rules on Non-Buddypress pages/posts
  43. How to make Subdomain work for product_tag?
  44. How to serve WordPress folder over subdomain?
  45. Pages from admin dasboard missing after site migration
  46. Rewrite rule not working, but only when parameter is text
  47. Internal Server Errors – Moving working multi-site install to my localhost
  48. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  49. How come there is no error if I upgrade WordPress core after locking .htaccess permissions to 644?
  50. How to block access to a folder inside of wp-content for non logged in users?
  51. WordPress Redirect / Add_Rewrite_Rule – Non Index.php Page
  52. How to change query string with pretty URL in WordPress using .htaccess file
  53. Upload images from one server to an other in wordpress
  54. Problem with ajax request and directory structure after site migration
  55. How can I add “.html” to the end of a single URL on a WordPress website?
  56. Resource 404 error on multisite subdirectory install
  57. redirect 301 with special character like WIX site “#!”
  58. 301 redirect from webpage to wordpress page in the same root
  59. Rewrite /keyword1+keyword2.html to search page | .htaccess
  60. Enabling XSendFile causes 404 for images on WordPress Multisite / Network
  61. how to exclude admin page from add_rewrite_rule in wordpress
  62. WordPress rewrite question
  63. Why I can download any file except PHP files from a URL but I can download any from another site?
  64. 3 domains, 1 wordpress install, redirecting and changing domains on live site
  65. How to use multiple 404 Error Pages in WordPress
  66. Increase Upload Size with htaccess | MAMP
  67. Using register_activation_hook in classes
  68. Hide a menu-item and its submenus and display a ‘Log in’ link if the user is logged out
  69. Result of Custom WP_Query appears on 404 Page (but result are found!)
  70. Is it recommended to pass some data to scripts in `wp_enqueue_scripts`?
  71. if file_exists not working with wp_enqueue_style
  72. WordPress WP_Query() Not working properly
  73. My Own layout in WooCommerce pages [closed]
  74. Ajax call return 404
  75. How to add specific meta tags to head of cart and checkout pages in woocommerce?
  76. Royalty-Free Sliders used in theme development
  77. Custom Pagination is Broken
  78. Local WordPress with WAMP downloads files out of Nowhere
  79. Errors being created by admin-ajax.php
  80. Posts are not looping through correctly
  81. form $_post action value gets truncated after it passes through two forms
  82. How to echo the_title from an array of posts?
  83. WordPress -> If Is Role Subscriber Show Image?
  84. Using color schemes with Color Picker
  85. My single.php page skips the first div tag
  86. PHP call_user_func_array() error
  87. Redirect after login depending on the URL
  88. Searching a custom WP table and displaying results in an HTML table
  89. Obtain wordpress user role
  90. Shortcode’s output to use as other shortcode’s parameter
  91. How to hook into the subscriber /wp-admin/index.php page?
  92. What syntax is this? “{{post.price}}”
  93. Retrieving specific images from Media Library
  94. direct query to post_meta table
  95. Pass php to database in JQuery: With AJAX?
  96. WP Simple Fields – Single repeatable field inside repeatable field group
  97. Path for contact form file
  98. WP plugin updates [duplicate]
  99. Custom Archive Page
  100. Upgrade wordpress core programmatically with PHP [closed]

Leave a Comment