[auto] Plugin: wp-super-cache 1.4.8

b1526574 · lechuck · lucha · bb3b1b58 · b1526574 · b1526574
Commit b1526574 authored Jun 03, 2016 by lechuck Committed by lucha Oct 29, 2016
10 changed files
--- a/wp-content/plugins/wp-super-cache/Changelog.txt
+++ b/wp-content/plugins/wp-super-cache/Changelog.txt
+2015-10-08 17:14  donncha
+
+	* wp-cache.php: Don't check if .htaccess already created as the
+	  index check already created it. Props Tigertech. Ref:
+	  https://wordpress.org/support/topic/all-website-pages-downloading-gz-file-after-latest-update?replies=28#post-7494087
+
+2015-09-25 11:20  donncha
+
+	* Changelog.txt: Updated changelog
+
+2015-09-25 10:55  donncha
+
+	* readme.txt, wp-cache.php: Bump version to release 1.4.5 and add
+	  changelog
+
+2015-09-24 15:37  donncha
+
+	* wp-cache-base.php, wp-cache-phase1.php, wp-cache-phase2.php,
+	  wp-cache.php: * Add index.html files and "-index" directives to
+	  stop indexing of directories
+	  * Sanitise input on settings page
+	  * MD5 the cookie, use JSON to encode meta files, and rename them
+	  to .php
+
+2015-09-24 11:37  donncha
+
+	* readme.txt: Changed homepage link and ocaoimh.ie to z9.io
+
+2015-09-24 11:33  donncha
+
+	* readme.txt: Minor update to the description of cache rebuild
+	  feature.
+
+2015-09-24 10:39  donncha
+
+	* wp-cache-phase2.php: Reduce "needs rebuild" time to 10 seconds,
+	  so those pages refresh faster.
+
+2015-08-28 16:28  donncha
+
+	* wp-cache-phase1.php: Because sometimes your editing in HTTPS
+	  while your site is on HTTP. Thanks kraftbj
+
+2015-08-25 21:42  kraftbj
+
+	* wp-cache-phase2.php: Swap post_permalink with get_permalink. Both
+	  are exactly the same and old enough to not impact any users.
+	  post_permalink slated for deprecation in 4.4.
+
+2015-08-10 14:06  donncha
+
+	* wp-cache-phase2.php: Avoid PHP warnings, props @daneodekirk
+
+2015-08-10 13:25  donncha
+
+	* wp-cache.php: Use $wpdb->blogid rather than get_current_blog_id
+	  as the former returns 0 on single site installs. Props
+	  @daneodekirk
+
+2015-07-30 10:13  donncha
+
+	* Changelog.txt, readme.txt: Updated changelog
+
+2015-07-29 13:08  donncha
+
+	* wp-cache-phase2.php: Remove this function call as it's not
+	  defined. Ref:
+	  https://github.com/Automattic/wp-super-cache/commit/4f3229009e5c6c8487dd883910ea076a8e3b7e26
+
+2015-07-27 16:36  kraftbj
+
+	* wp-cache.php: Don't flush settings for expiry time and garbage
+	  collection. See
+	  https://github.com/Automattic/wp-super-cache/pull/49
+
+2015-07-27 16:28  donncha
+
+	* wp-cache-base.php: Remove CacheMeta class as it's not used any
+	  more and caused APC errors. Ref:
+	  https://github.com/Automattic/wp-super-cache/pull/21
+
+2015-07-24 15:21  kraftbj
+
+	* wp-cache.php: Check if listfile isset to prevent PHP warning.
+
+2015-07-23 13:56  donncha
+
+	* wp-cache.php: Remember the settings on the advanced settings page
+	  when submitting the easy settings form. Thanks Jeremy Herve for
+	  the bug report!
+
+2015-07-22 15:52  donncha
+
+	* Changelog.txt, readme.txt: Updated changelog
+
+2015-07-22 11:25  donncha
+
+	* wp-cache-phase2.php: Fixed typo in debug log entry
+
+2015-07-15 11:56  donncha
+
+	* wp-cache.php: * Added uninstall function as well as deactivate
+	  function. The deactivate function does not delete the config file
+	  but it does disable caching because scheduled jobs must be
+	  enabled in the settings page when the config file is used on
+	  activation again.
+	  * Fixed a bug where deactivating the plugin without visiting the
+	  settings page causes a fatal error so the plugin can't be
+	  deactivated
+
+2015-07-02 14:19  donncha
+
+	* wp-cache-phase2.php: Minor changes to debugging
+
+2015-07-02 13:58  donncha
+
+	* wp-cache-phase2.php: * prune_super_cache: exit immediately if the
+	  file to be deleted doesn't exist
+	  * Add extra debugging
+
+2015-07-02 12:10  donncha
+
+	* wp-cache-phase2.php: Remove https from the home url as well
+
+2015-07-01 16:37  donncha
+
+	* wp-cache-phase2.php: As so many checks for "should we cache this
+	  page?" were put to the end of page generation the rebuild system
+	  was broken. This fixes it by deleting the rebuild files created
+	  earlier if the current page isn't to be cached (and thus creating
+	  new cache files)
+
+2015-07-01 15:46  donncha
+
+	* wp-cache-phase1.php: Always make sure supercachedirs have
+	  trailing slashes
+
+2015-07-01 15:30  donncha
+
+	* wp-cache-phase1.php: Cache the output of
+	  wp_cache_get_cookies_values() for repeat calls
+
+2015-07-01 14:59  donncha
+
+	* wp-cache-phase1.php: Use the pid to help logging on busy servers
+
+2015-07-01 14:51  donncha
+
+	* plugins/domain-mapping.php: Suercache urls end in slashes
+
+2015-06-23 15:32  kraftbj
+
+	* wp-cache-phase1.php: Check for If-Modified-Since before using it
+	  as it is not always defined.
+
+2015-06-03 02:36  kraftbj
+
+	* advanced-cache.php: Do not display broken messages for XMLRPC,
+	  REST, AJAX requests.
+
+2015-05-15 14:12  kraftbj
+
+	* wp-cache-phase2.php, wp-cache.php: Fix improper site_url usage
+	  * Update site_url to home_url in another e-mail subject
+	  * Use admin_url instead of constructing URL from site_url
+
+2015-05-15 14:08  kraftbj
+
+	* wp-cache.php: Use home_url in Preload Cron e-mails.
+
+2015-05-15 11:13  donncha
+
+	* wp-cache-phase1.php, wp-cache-phase2.php: Revert 1149165 as it's
+	  not needed any more.
+
+2015-05-15 11:02  donncha
+
+	* readme.txt: Bump the tested to version number to 4.2.2
+
+2015-05-13 21:01  kraftbj
+
+	* wp-cache.php: Improve the 1&1 hosting workaround to reduce false
+	  positives.
+
+2015-05-01 13:53  donncha
+
+	* wp-cache.php: Check if it's an array to avoid PHP warning
+
+2015-05-01 13:51  donncha
+
+	* wp-cache-phase2.php: Added some extra debugging
+
+2015-04-29 16:55  kraftbj
+
+	* readme.txt: Condense changelog to keep it nice and short :)
+
+2015-04-29 15:58  kraftbj
+
+	* readme.txt: Update changelog to keep pace with trunk.
+
+2015-04-29 15:45  donncha
+
+	* wp-cache-phase1.php, wp-cache-phase2.php: Check if mb_strlen()
+	  exists before WordPress loads so it doesn't use the limited
+	  mb_strlen compat function in WordPress 4.2. Ref:
+	  https://wordpress.org/support/topic/421-initial-blank-page-load?replies=11
+
+2015-04-28 15:53  kraftbj
+
+	* readme.txt: Add previous commits to readme.txt as a running
+	  changelog to make it easier to compile for next release.
+
+2015-04-28 15:24  kraftbj
+
+	* wp-cache.php: Preload Cron E-mail Updates
+
+2015-04-28 15:17  kraftbj
+
+	* wp-cache.php: Preload only public post types. See
+	  https://github.com/Automattic/wp-super-cache/pull/18
+
+2015-04-21 18:22  kraftbj
+
+	* readme.txt: Tested to tag bump to 4.2
+
+2015-04-07 16:00  donncha
+
+	* wp-cache-phase2.php: Don't disable supercache caching on CRON
+	  requests. Fixes problems clearing front page cache on scheduled
+	  posts
+
+2015-04-04 22:57  donncha
+
+	* wp-cache-phase1.php: Fix the log_message, finally. Props
+	  webaware.
+
+2015-04-04 12:17  donncha
+
+	* Changelog.txt: Updated changelog
+
 2015-04-04 12:13  donncha

 	* readme.txt: Updated changelog

--- a/wp-content/plugins/wp-super-cache/advanced-cache.php
+++ b/wp-content/plugins/wp-super-cache/advanced-cache.php
@@ -5,8 +5,14 @@ function wpcache_broken_message() {
 	if ( isset( $wp_cache_config_file ) == false )
 		return '';

-	if ( false == strpos( $_SERVER[ 'REQUEST_URI' ], 'wp-admin' ) )
+	$doing_ajax =     defined( 'DOING_AJAX' ) && DOING_AJAX;
+	$xmlrpc_request = defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST;
+	$rest_request =   defined( 'REST_REQUEST' ) && REST_REQUEST;
+
+	$skip_output = ( $doing_ajax || $xmlrpc_request || $rest_request );
+	if ( false == strpos( $_SERVER[ 'REQUEST_URI' ], 'wp-admin' ) && !$skip_output ) {
 		echo "<!-- WP Super Cache is installed but broken. The constant WPCACHEHOME must be set in the file wp-config.php and point at the WP Super Cache plugin directory. -->";
+	}
 }

 if ( false == defined( 'WPCACHEHOME' ) ) {

--- a/wp-content/plugins/wp-super-cache/ossdl-cdn.php
+++ b/wp-content/plugins/wp-super-cache/ossdl-cdn.php
@@ -148,7 +148,7 @@ function scossdl_off_options() {
 	$example_cdn_uri = get_option('ossdl_off_cdn_url') == get_option('siteurl') ? $example_cdn_uri : get_option('ossdl_off_cdn_url');
 	$example_cdn_uri .= '/wp-includes/js/prototype.js';
 	?>
-		<p><?php _e( 'Your website probably uses lots of static files. Image, Javascript and CSS files are usually static files that could just as easily be served from another site or CDN. Therefore this plugin replaces any links in the <code>wp-content</code> and <code>wp-includes</code> directories (except for PHP files) on your site with the URL you provide below. That way you can either copy all the static content to a dedicated host or mirror the files to a CDN by <a href="http://knowledgelayer.softlayer.com/questions/365/How+does+Origin+Pull+work%3F" target="_blank">origin pull</a>.', 'wp-super-cache' ); ?></p>
+		<p><?php _e( 'Your website probably uses lots of static files. Image, Javascript and CSS files are usually static files that could just as easily be served from another site or CDN. Therefore, this plugin replaces any links in the <code>wp-content</code> and <code>wp-includes</code> directories (except for PHP files) on your site with the URL you provide below. That way you can either copy all the static content to a dedicated host or mirror the files to a CDN by <a href="http://knowledgelayer.softlayer.com/questions/365/How+does+Origin+Pull+work%3F" target="_blank">origin pull</a>.', 'wp-super-cache' ); ?></p>
 		<p><?php printf( __( '<strong style="color: red">WARNING:</strong> Test some static urls e.g., %s  to ensure your CDN service is fully working before saving changes.', 'wp-super-cache' ), '<code>' . $example_cdn_uri . '</code>' ); ?></p>
 		<p><?php _e( 'You can define different CDN URLs for each site on a multsite network.', 'wp-super-cache' ); ?></p>
 		<p><form method="post" action="">

--- a/wp-content/plugins/wp-super-cache/plugins/domain-mapping.php
+++ b/wp-content/plugins/wp-super-cache/plugins/domain-mapping.php
@@ -41,7 +41,7 @@ function domain_mapping_supercachedir( $dir ) {

 	$protocol = ( isset( $_SERVER['HTTPS' ] ) && 'on' == strtolower( $_SERVER['HTTPS' ] ) ) ? 'https://' : 'http://';
 	$siteurl = str_replace( $protocol, '', $siteurl );
-	return $cache_path . 'supercache/' . $siteurl;
+	return trailingslashit( $cache_path . 'supercache/' . $siteurl );
 }

 function domain_mapping_actions() {

--- a/wp-content/plugins/wp-super-cache/readme.txt
+++ b/wp-content/plugins/wp-super-cache/readme.txt
 === WP Super Cache ===
-Contributors: donncha, automattic
+Contributors: donncha, automattic, kraftbj
 Tags: performance,caching,wp-cache,wp-super-cache,cache
-Tested up to: 4.2.2
-Stable tag: 1.4.4
+Tested up to: 4.5.2
+Stable tag: 1.4.8
 Requires at least: 3.0

 A very fast caching engine for WordPress that produces static html files.
@@ -46,7 +46,7 @@ If you are not using legacy mode caching consider deleting the contents of the "
 Likewise, preload as many posts as you can and enable "Preload Mode". Garbage collection will still occur but it won't affect the preloaded files. If you don't care about sidebar widgets updating often set the preload interval to 2880 minutes (2 days) so all your posts aren't recached very often. When the preload occurs the cache files for the post being refreshed is deleted and then regenerated. Afterwards a garbage collection of all old files is performed to clean out stale cache files.
 With preloading on cached files will still be deleted when posts are made or edited or comments made.

-See the [WP Super Cache homepage](http://ocaoimh.ie/wp-super-cache/) for further information. [Developer documentation](http://ocaoimh.ie/wp-super-cache-developers/) is also available for those who need to interact with the cache or write plugins.
+See the [WP Super Cache homepage](https://wordpress.org/plugins/wp-super-cache/) for further information. [Developer documentation](http://z9.io/wp-super-cache-developers/) is also available for those who need to interact with the cache or write plugins.

 There's a [GIT repository](https://github.com/Automattic/wp-super-cache) too if you want to contribute a patch.

@@ -58,10 +58,36 @@ The cache directory, usually wp-content/cache/ is only for temporary files. Do n

 == Upgrade Notice ==

-= 1.4.4 =
-Security release fixing an XSS bug in the settings page, and fix for fatal error in output handler.
+= 1.4.8 =
+Removed malware URL in a code comment.

 == Changelog ==
+
+= 1.4.8 =
+* Removed malware URL in a code comment. (harmless to operation of plugin but gets flagged by A/V software)
+* Updated translation file.
+
+= 1.4.7 =
+* Update the settings page for WordPress 4.4. layout changes.
+
+= 1.4.6 =
+* Generate the file cache/.htaccess even when one exists so gzip rules are created and gzipped pages are served correctly. Props Tigertech. https://wordpress.org/support/topic/all-website-pages-downloading-gz-file-after-latest-update?replies=36#post-7494087
+
+= 1.4.5 =
+* Enhancement: Only preload public post types. Props webaware.
+* Added an uninstall function that deletes the config file. Deactivate function doesn't delete it any more.
+* Possible to deactivate the plugin without visiting the settings page now.
+* Fixed the cache rebuild system. Rebuild files now survive longer than the request that generate them.
+* Minor optimisations: prune_super_cache() exits immediately if the file doesn't exist. The output of wp_cache_get_cookies_values() is now cached.
+* Added PHP pid to the debug log to aid debugging.
+* Various small bug fixes.
+* Fixed reset of expiry time and GC settings when updating advanced settings.
+* Removed CacheMeta class to avoid APC errors. It's not used any more.
+* Fixed reset of advanced settings when using "easy" settings page.
+* Fixed XSS in settings page.
+* Hide cache files when servers display directory indexes.
+* Prevent PHP object injection through use of serialize().
+
 = 1.4.4 =
 * Fixed fatal error in output handler if GET parameters present in query. Props webaware.
 * Fixed debug log. It wasn't logging the right message.
@@ -409,7 +435,7 @@ There are 2 ways of doing this. You can use Javascript to draw the part of the p

 WP Super Cache 1.4 introduced a cacheaction filter called wpsc_cachedata. The cached page to be displayed goes through this filter and allows modification of the page. If the page contains a placeholder tag the filter can be used to replace that tag with your dynamically generated html.
 The function that hooks on to the wpsc_cachedata filter should be put in a file in the WP Super Cache plugins folder unless you use the late_init feature. An example plugin is included. Edit [dynamic-cache-test.php](http://svn.wp-plugins.org/wp-super-cache/trunk/plugins/dynamic-cache-test.php) to see the example code.
-There are two example functions there. There's a simple function that replaces a string (or tag) you define when the cached page is served. The other example function uses an output buffer to generate the dynamic content. Due to a limitation in how PHP works the output buffer code MUST run before the wpsc_cachedata filter is hit, at least for when a page is cached. It doesn't matter when serving cached pages. See [this post](http://ocaoimh.ie/y/6j) for a more technical and longer explanation.
+There are two example functions there. There's a simple function that replaces a string (or tag) you define when the cached page is served. The other example function uses an output buffer to generate the dynamic content. Due to a limitation in how PHP works the output buffer code MUST run before the wpsc_cachedata filter is hit, at least for when a page is cached. It doesn't matter when serving cached pages. See [this post](http://z9.io/y/6j) for a more technical and longer explanation.
 To execute WordPress functions you must enable the 'Late init' feature on the advanced settings page.

 = How do I use WordPress functions in cached dynamic pages? =
@@ -427,7 +453,7 @@ WordPress deletes the plugin folder when it updates a plugin. This is the same w

 = What does the Cache Rebuild feature do? =

-When a visitor leaves a comment the cached file for that page is deleted and the next visitor recreates the cached page. A page takes time to load so what happens if it receives 100 visitors during this time? There won't be a cached page so WordPress will serve a fresh page for each user and the plugin will try to create a cached page for each of those 100 visitors causing a huge load on your server. This feature stops this happening. The cached page is not cleared when a comment is left. It is marked for rebuilding instead. The next visitor will regenerate the cached page while the old page is served to the other 99 visitors. The page is eventually loaded by the first visitor and the cached page updated. See [this post](http://ocaoimh.ie/2009/01/23/wp-super-cache-089/) for more.
+When a visitor leaves a comment the cached file for that page is deleted and the next visitor recreates the cached page. A page takes time to load so what happens if it receives 100 visitors during this time? There won't be a cached page so WordPress will serve a fresh page for each user and the plugin will try to create a cached page for each of those 100 visitors causing a huge load on your server. This feature stops this happening. The cached page is not cleared when a comment is left. It is marked for rebuilding instead. The next visitor within the next 10 seconds will regenerate the cached page while the old page is served to the other 99 visitors. The page is eventually loaded by the first visitor and the cached page updated. See [this post](http://z9.io/2009/01/23/wp-super-cache-089/) for more.

 = Why doesn't the plugin cache requests by search engine bots by default? =

@@ -452,7 +478,7 @@ Try the Cacheability Engine at http://www.ircache.net/cgi-bin/cacheability.py or

 = How should I best use the utm_source tracking tools in Google Analytics with this plugin? =

-That tracking adds a query string to each url linked from various sources like Twitter and feedreaders. Unfortunately it stops pages being supercached. See [Joost's comment here](http://ocaoimh.ie/remove-unused-utmsource-urls/#comment-672813) for how to turn it into an anchor tag which can be supercached.
+That tracking adds a query string to each url linked from various sources like Twitter and feedreaders. Unfortunately it stops pages being supercached. See [Joost's comment here](http://z9.io/remove-unused-utmsource-urls/#comment-672813) for how to turn it into an anchor tag which can be supercached.

 = The plugin complains that wp-content is writable! htdocs is writable! =

@@ -556,13 +582,13 @@ There is one regular WordPress filter too. Use the "do_createsupercache" filter
 to customize the checks made before caching. The filter accepts one parameter. 
 The output of WP-Cache's wp_cache_get_cookies_values() function.

-See plugins/searchengine.php as an example I use for my [No Adverts for Friends](http://ocaoimh.ie/no-adverts-for-friends/) plugin.
+See plugins/searchengine.php as an example I use for my [No Adverts for Friends](http://z9.io/no-adverts-for-friends/) plugin.

 == Links ==
 [WP Widget Cache](http://wordpress.org/plugins/wp-widget-cache/) is another caching plugin for WordPress. This plugin caches the output of widgets and may significantly speed up dynamic page generation times.

 == Updates ==
-Updates to the plugin will be posted here, to [Holy Shmoly!](http://ocaoimh.ie/) and the [WP Super Cache homepage](http://ocaoimh.ie/wp-super-cache/) will always link to the newest version.
+Updates to the plugin will be posted here, to [Holy Shmoly!](http://z9.io/) and the [WP Super Cache homepage](https://wordpress.org/plugins/wp-super-cache/) will always link to the newest version.

 == Thanks ==
 I would sincerely like to thank [John Pozadzides](http://onemansblog.com/) for giving me the idea for this, for writing the "How it works" section and for testing the plugin through 2 front page appearances on digg.com

--- a/wp-content/plugins/wp-super-cache/wp-cache-base.php
+++ b/wp-content/plugins/wp-super-cache/wp-cache-base.php
 <?php
 $known_headers = array("Last-Modified", "Expires", "Content-Type", "Content-type", "X-Pingback", "ETag", "Cache-Control", "Pragma");

-if (!class_exists('CacheMeta')) {
-	class CacheMeta {
-		var $dynamic = false;
-		var $headers = array();
-		var $uri = '';
-		var $post = 0;
-	}
-}
-
 $WPSC_HTTP_HOST = htmlentities( $_SERVER[ 'HTTP_HOST' ] );

 // We want to be able to identify each blog in a WordPress MU install
@@ -21,7 +12,7 @@ if ( defined( 'VHOST' ) || ( defined( 'WP_ALLOW_MULTISITE' ) && constant( 'WP_AL
 	} else {
 		if ( isset( $base ) == false )
 			$base = '';
-		$request_uri = preg_replace('/[ <>\'\"\r\n\t\(\)]/', '', str_replace( '..', '', $_SERVER['REQUEST_URI'] ) );
+		$request_uri = str_replace( '..', '', preg_replace('/[ <>\'\"\r\n\t\(\)]/', '', $_SERVER['REQUEST_URI'] ) );
 		if( strpos( $request_uri, '/', 1 ) ) {
 			if( $base == '/' ) {
 				$blogcacheid = substr( $request_uri, 1, strpos( $request_uri, '/', 1 ) - 1 );

--- a/wp-content/plugins/wp-super-cache/wp-cache-phase1.php
+++ b/wp-content/plugins/wp-super-cache/wp-cache-phase1.php
@@ -111,8 +111,8 @@ function wp_super_cache_init() {
 	$key = $blogcacheid . md5( $wp_cache_key );
 	$wp_cache_key = $blogcacheid . $wp_cache_key;

-	$cache_filename = $file_prefix . $key . '.html';
-	$meta_file = $file_prefix . $key . '.meta';
+	$cache_filename = $file_prefix . $key . '.php';
+	$meta_file = $file_prefix . $key . '.php';
 	$cache_file = realpath( $blog_cache_dir . $cache_filename );
 	$meta_pathname = realpath( $blog_cache_dir . 'meta/' . $meta_file );
 	return compact( 'key', 'cache_filename', 'meta_file', 'cache_file', 'meta_pathname' );
@@ -131,13 +131,13 @@ function wp_cache_serve_cache_file() {
 	}

 	if ( $wp_cache_no_cache_for_get && false == empty( $_GET ) ) {
-		wp_cache_debug( "Non empty GET request. Caching disabled on settings page. " . serialize( $_GET ), 1 );
+		wp_cache_debug( "Non empty GET request. Caching disabled on settings page. " . json_encode( $_GET ), 1 );
 		return false;
 	}

 	if ( $wp_cache_object_cache && wp_cache_get_cookies_values() == '' ) {
 		if ( !empty( $_GET ) ) {
-			wp_cache_debug( "Non empty GET request. Not serving request from object cache. " . serialize( $_GET ), 1 );
+			wp_cache_debug( "Non empty GET request. Not serving request from object cache. " . json_encode( $_GET ), 1 );
 			return false;
 		}

@@ -148,14 +148,14 @@ function wp_cache_serve_cache_file() {
 			$meta_filename .= ".gz";
 		}
 		$cache = wp_cache_get( $oc_key, 'supercache' );
-		$meta = unserialize( wp_cache_get( $meta_filename, 'supercache' ) );
+		$meta = json_decode( wp_cache_get( $meta_filename, 'supercache' ), true );
 		if ( is_array( $meta ) == false ) {
 			wp_cache_debug( "Meta array from object cache corrupt. Ignoring cache.", 1 );
 			return true;
 		}
 	} elseif ( file_exists( $cache_file ) ) {
 		wp_cache_debug( "wp-cache file exists: $cache_file", 5 );
-		if ( !( $meta = unserialize( @file_get_contents( $meta_pathname) ) ) ) {
+		if ( !( $meta = json_decode( wp_cache_get_legacy_cache( $meta_pathname ), true ) ) ) {
 			wp_cache_debug( "couldn't load wp-cache meta file", 5 );
 			return true;
 		}
@@ -173,7 +173,7 @@ function wp_cache_serve_cache_file() {
 			wp_cache_debug( "No Super Cache file found for current URL: $file" );
 			return false;
 		} elseif ( false == empty( $_GET ) ) {
-			wp_cache_debug( "GET array not empty. Cannot serve a supercache file. " . serialize( $_GET ) );
+			wp_cache_debug( "GET array not empty. Cannot serve a supercache file. " . json_encode( $_GET ) );
 			return false;
 		} elseif ( wp_cache_get_cookies_values() != '' ) {
 			wp_cache_debug( "Cookies found. Cannot serve a supercache file. " . wp_cache_get_cookies_values() );
@@ -232,7 +232,7 @@ function wp_cache_serve_cache_file() {
 			if ( $wp_cache_mfunc_enabled == 0 && $wp_supercache_304 ) {
 				if ( function_exists( 'apache_request_headers' ) ) {
 					$request = apache_request_headers();
-					$remote_mod_time = $request[ 'If-Modified-Since' ];
+					$remote_mod_time = ( isset ( $request[ 'If-Modified-Since' ] ) ) ? $request[ 'If-Modified-Since' ] : 0;
 				} else {
 					if ( isset( $_SERVER[ 'HTTP_IF_MODIFIED_SINCE' ] ) )
 						$remote_mod_time = $_SERVER[ 'HTTP_IF_MODIFIED_SINCE' ];
@@ -294,7 +294,7 @@ function wp_cache_serve_cache_file() {
 			wp_cache_debug( "Serving wp-cache dynamic file", 5 );
 			if ( $ungzip ) {
 				// attempt to uncompress the cached file just in case it's gzipped
-				$cache = file_get_contents( $cache_file );
+				$cache = wp_cache_get_legacy_cache( $cache_file );
 				$uncompressed = @gzuncompress( $cache );
 				if ( $uncompressed ) {
 					wp_cache_debug( "Uncompressed gzipped cache file from wp-cache", 1 );
@@ -304,12 +304,12 @@ function wp_cache_serve_cache_file() {
 					echo do_cacheaction( 'wpsc_cachedata', $cache );
 				}
 			} else {
-				echo do_cacheaction( 'wpsc_cachedata', file_get_contents( $cache_file ) );
+				echo do_cacheaction( 'wpsc_cachedata', wp_cache_get_legacy_cache( $cache_file ) );
 			}
 		} else {
 			wp_cache_debug( "Serving wp-cache static file", 5 );
 			if ( $ungzip ) {
-				$cache = file_get_contents( $cache_file );
+				$cache = wp_cache_get_legacy_cache( $cache_file );
 				$uncompressed = gzuncompress( $cache );
 				if ( $uncompressed ) {
 					wp_cache_debug( "Uncompressed gzipped cache file from wp-cache", 1 );
@@ -318,7 +318,7 @@ function wp_cache_serve_cache_file() {
 					echo $cache;
 				}
 			} else {
-				readfile( $cache_file );
+				echo( wp_cache_get_legacy_cache( $cache_file ) );
 			}
 		}
 		wp_cache_debug( "exit request", 5 );
@@ -326,6 +326,10 @@ function wp_cache_serve_cache_file() {
 	}
 }

+function wp_cache_get_legacy_cache( $cache_file ) {
+	return substr( @file_get_contents( $cache_file ), 15 );
+}
+
 if(defined('DOING_CRON')) {
 	extract( wp_super_cache_init() );
 	return true;
@@ -357,7 +361,13 @@ function wp_cache_late_loader() {
 }

 function wp_cache_get_cookies_values() {
-	$string = '';
+	static $string = '';
+
+	if ( $string != '' ) {
+		wp_cache_debug( "wp_cache_get_cookies_values: cached: $string" );
+		return $string;
+	}
+
 	$regex = "/^wp-postpass|^comment_author_";
 	if ( defined( 'LOGGED_IN_COOKIE' ) )
 		$regex .= "|^" . preg_quote( constant( 'LOGGED_IN_COOKIE' ) );
@@ -375,6 +385,10 @@ function wp_cache_get_cookies_values() {

 	// If you use this hook, make sure you update your .htaccess rules with the same conditions
 	$string = do_cacheaction( 'wp_cache_get_cookies_values', $string );
+	if ( $string != '' )
+		$string = md5( $string );
+
+	wp_cache_debug( "wp_cache_get_cookies_values: return: $string", 5 );
 	return $string;
 }

@@ -506,11 +520,11 @@ function wp_cache_debug( $message, $level = 1 ) {
 		return false;

 	// Log message: Date URI Message
-	$log_messase = date('H:i:s') . " {$_SERVER['REQUEST_URI']} {$message}\n\r";
+	$log_message = date('H:i:s') . " " . getmypid() . " {$_SERVER['REQUEST_URI']} {$message}\n\r";
 	// path to the log file in the cache folder
 	$log_file = $cache_path . str_replace('/', '', str_replace('..', '', $wp_cache_debug_log));

-	error_log( $message, 3, $log_file );
+	error_log( $log_message, 3, $log_file );
 }

 function wp_cache_user_agent_is_rejected() {
@@ -535,7 +549,7 @@ function get_supercache_dir( $blog_id = 0 ) {
 	} else {
 		$home = get_blog_option( $blog_id, 'home' );
 	}
-	return apply_filters( 'wp_super_cache_supercachedir', $cache_path . 'supercache/' . trailingslashit( strtolower( preg_replace( '/:.*$/', '', str_replace( 'http://', '', str_replace( 'https://', '', $home ) ) ) ) ) );
+	return trailingslashit( apply_filters( 'wp_super_cache_supercachedir', $cache_path . 'supercache/' . trailingslashit( strtolower( preg_replace( '/:.*$/', '', str_replace( 'http://', '', str_replace( 'https://', '', $home ) ) ) ) ) ) );
 }
 function get_current_url_supercache_dir( $post_id = 0 ) {
 	global $cached_direct_pages, $cache_path, $wp_cache_request_uri, $WPSC_HTTP_HOST, $wp_cache_home_path;
@@ -566,13 +580,10 @@ function get_current_url_supercache_dir( $post_id = 0 ) {
 					$uri = '';
 				}
 			} else {
-				if ( isset( $_SERVER[ 'HTTPS' ] ) )
-					$protocol = ( 'on' == strtolower( $_SERVER[ 'HTTPS' ] ) ) ? 'https://' : 'http://';
-				else
-					$protocol = 'http://';
-				wp_cache_debug( "get_current_url_supercache_dir: Removing SERVER_NAME ({$WPSC_HTTP_HOST}) and $protocol from permalink ($permalink). Is the url right?", 1 );
+				wp_cache_debug( "get_current_url_supercache_dir: Removing SERVER_NAME ({$WPSC_HTTP_HOST}) from permalink ($permalink). Is the url right?", 1 );
 				$uri = str_replace( $WPSC_HTTP_HOST, '', $permalink );
-				$uri = str_replace( $protocol, '', $uri );
+				$uri = str_replace( 'http://', '', $uri );
+				$uri = str_replace( 'https://', '', $uri );
 			}
 		} else {
 			$uri = str_replace( $site_url, '', $permalink );
@@ -582,8 +593,7 @@ function get_current_url_supercache_dir( $post_id = 0 ) {
 	} else {
 		$uri = strtolower( $wp_cache_request_uri );
 	}
-	$uri = preg_replace('/[ <>\'\"\r\n\t\(\)]/', '', str_replace( '/index.php', '/', str_replace( '..', '', preg_replace("/(\?.*)?$/", '', $uri ) ) ) );
-	$uri = str_replace( '\\', '', $uri );
+	$uri = wpsc_deep_replace( array( '..', '\\', 'index.php', ), preg_replace( '/[ <>\'\"\r\n\t\(\)]/', '', preg_replace( "/(\?.*)?$/", '', $uri ) ) );
 	$dir = preg_replace( '/:.*$/', '',  $WPSC_HTTP_HOST ) . $uri; // To avoid XSS attacks
 	if ( function_exists( "apply_filters" ) ) {
 		$dir = apply_filters( 'supercache_dir', $dir );
@@ -594,7 +604,7 @@ function get_current_url_supercache_dir( $post_id = 0 ) {
 	if( is_array( $cached_direct_pages ) && in_array( $_SERVER[ 'REQUEST_URI' ], $cached_direct_pages ) ) {
 		$dir = ABSPATH . $uri . '/';
 	}
-	$dir = str_replace( '//', '/', $dir );
+	$dir = str_replace( '..', '', str_replace( '//', '/', $dir ) );
 	wp_cache_debug( "supercache dir: $dir", 5 );
 	if ( $DONOTREMEMBER == 0 )
 		$saved_supercache_dir[ $post_id ] = $dir;
@@ -602,7 +612,11 @@ function get_current_url_supercache_dir( $post_id = 0 ) {
 }

 function get_all_supercache_filenames( $dir = '' ) {
-	global $wp_cache_mobile_enabled;
+	global $wp_cache_mobile_enabled, $cache_path;
+
+	$dir = realpath( $dir );
+	if ( substr( $dir, 0, strlen( $cache_path ) ) != $cache_path )
+		return array();

 	$filenames = array( 'index.html', 'index-https.html', 'index.html.php' );

@@ -696,4 +710,33 @@ function wp_supercache_cache_for_admins() {
 	}
 }

+/* returns true/false depending on location of $dir. */
+function wp_cache_confirm_delete( $dir ) {
+	global $cache_path, $blog_cache_dir;
+	// don't allow cache_path, blog cache dir, blog meta dir, supercache.
+	$dir = realpath( $dir );
+	if ( 
+		$dir == $cache_path || 
+		$dir == $blog_cache_dir ||
+		$dir == $blog_cache_dir . "meta/" ||
+		$dir == $cache_path . "supercache"
+	) {
+		return false;
+	} else {
+		return true;
+	}
+}
+
+// copy of _deep_replace() to be used before WordPress loads
+function wpsc_deep_replace( $search, $subject ) {
+	$subject = (string) $subject;
+
+	$count = 1;
+	while ( $count ) {
+		$subject = str_replace( $search, '', $subject, $count );
+	}