Latest version blocks pdf file download

Hi Jeff,

the latest version of your plugin (20241017) blocks my PDF download script.

The download URL is for example: /wp-content/plugins/bonsai-ads/download.php?file=bonsai-kampan-189-1730442684.pdf

The download.php script is not doing anything fancy:

// Connect with WordPress
require_once( __DIR__.'/../../../wp-config.php' );
require_once( __DIR__.'/../../../wp-includes/wp-db.php' );
require_once( __DIR__.'/../../../wp-includes/pluggable.php' );

// Download only if it's an admin or advertiser user
if( current_user_can( 'administrator' ) || current_user_can( 'bbads_manager' ) ) {
	
	/* Get file name from the URL */
	$file_name	= esc_attr( $_GET['file'] );
	
	/* Create the full file path */
	$file_path	= PLUGIN_PATH.'/export/'.$file_name;
	$file_url	= PLUGIN_URL.'export/'.$file_name;
	
	/* Check if file exists */
	if( file_exists( $file_path ) ) {
		
		/* Download the file */
		header( "Strict-Transport-Security: max-age=31536000; includeSubDomains" );
		header( "X-Content-Type-Options: nosniff" );
		header( "X-Frame-Options: SAMEORIGIN" );
		header( "Content-Type: application/pdf" );
		header( "Content-Disposition: attachment; filename=" . urlencode( $file_name ) );
		header( "Content-Description: File Transfer" );
		header( "Content-Length: " . filesize( $file_path ) );
		$fp = fopen( $file_path, "r" );
		while( !feof( $fp ) ) {
			echo fread( $fp, 65536 );
			flush(); // essential for large downloads
		} 
		fclose( $fp );
	} else {
		echo "The file does not exist.";
	}
		
} else {
	echo "Nope, you can't do that.";
}

I can confirm that the download works up to and including version 20240629, but stops working with version 20241017 of your plugin. I am not sure what’s changed, or how I can change my download code to make it work again. I would prefer not whitelisting anything, if possible, so I don’t have to bother users of my plugin to do it on each install.

Thank you very much for your help.

Best regards