Changeset 2989669 for updraftplus/tags/1.23.11/class-updraftplus.php
- Timestamp:
- 11/06/2023 09:14:01 AM (18 months ago)
- Location:
- updraftplus/tags/1.23.11
- Files:
-
- 1 edited
- 1 copied
-
. (copied) (copied from updraftplus/trunk)
-
class-updraftplus.php (modified) (19 diffs)
Legend:
- Unmodified
- Added
- Removed
-
updraftplus/tags/1.23.11/class-updraftplus.php
r2950683 r2989669 324 324 * @param String|Array $classes - a class, or list of classes. There used to be a second parameter with paths to include; but this is now inferred from $classes; and there's no backwards compatibility problem because sending more parameters than are used is acceptable in PHP. 325 325 * 326 * @return Boolean|WP_Error 326 * @return Boolean|WP_Error Boolean true if the given classes is already included or autoloader is successfully registered, otherwise WP Error 327 327 */ 328 328 public function ensure_phpseclib($classes = array()) { … … 360 360 $phpseclib_dir = UPDRAFTPLUS_DIR.'/vendor/phpseclib/phpseclib/phpseclib'; 361 361 if (false === strpos(get_include_path(), $phpseclib_dir)) set_include_path(get_include_path().PATH_SEPARATOR.$phpseclib_dir); 362 foreach ($classes as $cl) { 363 $path = str_replace('_', '/', $cl); 364 if (!class_exists($cl)) include_once($phpseclib_dir.'/'.$path.'.php'); 365 } 366 362 spl_autoload_register(array($this, 'autoload_phpseclib_class')); 363 if (version_compare(PHP_VERSION, '5.3', '>=')) updraft_try_include_file('includes/phpseclib-migration.php', 'require_once'); 367 364 return $ret; 365 } 366 367 /** 368 * Load phpseclib class automatically. Note that this method is hooked into the PHP's spl_auto_register and this is exclusively used for phpseclib only 369 * 370 * @param String $class A class name that's going to be used for instantiating an object 371 */ 372 public function autoload_phpseclib_class($class) { 373 $phpseclib_dir = UPDRAFTPLUS_DIR.'/vendor/phpseclib/phpseclib/phpseclib'; 374 $class = str_replace(array('\\', '_'), '/', $class); // turn the class name into paths by replacing backslashes and/or underscores from the given class with slashes, this could be a class that uses namespace e.g. phpseclib\Crypt\Rijndael (phpseclib v2) or just a normal class Crypt_Rijndael (phpseclib v1) 375 $class = preg_replace('#^phpseclib/(.+)$#', "$1", $class); // take out the 'phpseclib' if it's found to be existed in the beginning of the class name as we already have the root directory of phpseclib defined in the $phpseclib_dir variable 376 if (file_exists($phpseclib_dir.'/'.$class.'.php') == true) { // check whether the class name that has been transformed into directory paths mathces with one of the phpseclib class files 377 $phpseclib_class_v2 = 'phpseclib\\'.str_replace('/', '\\', $class); 378 $phpseclib_class_v1 = str_replace('/', '_', $class); 379 /** 380 * Here we try to cover all the possibilites 381 * 382 * When running on PHP 5.2, 383 * if there's other plugin that uses manual (include/require) or autoloader (doesn't matter whose autoloader runs first), if the given class has been succesfully included/autoloaded or it already exists then code below will do nothing (no-op) but this means there's a chance that our all phpseclib-related features can still run in this condition because our code still uses the phpseclib v1 class name 384 * if no other plugin nor other autoloder has successfully loaded the given class then we will just do nothing as well as we now use the phpseclib v2 and can only load the given class while it's running on PHP 5.3+ due to the PHP namespace. Normally, this will later throw a PHP "class not found" fatal error 385 * 386 * When running on PHP 5.3+ 387 * if there's other plugin that uses manual (include/require) or autoloader (doesn't matter whose autoloader runs first), if the given class is a phpseclib v1 class and has been succesfully included/autoloaded or it already exists then we don't do the class aliasing, we just load the phpseclib v2 class namespace of the given class (if not already loaded by others) 388 * however, if the given class is a phpseclib v1 class and is not yet included/autoloaded or it doesn't exist then we do the class aliasing, only if we have successfully loaded the phpseclib v2 class namespace of the given class or other plugin has already done that (using their own phpseclib library) 389 * if the given class is phpseclib v2 class namespace then we do the class aliasing only if the phpseclib v1 class has not been loaded yet or doesn't exist and this should be done after phpseclib v2 class has successfully been loaded (doesn't matter what plugin loads it) 390 */ 391 if (version_compare(PHP_VERSION, '5.3', '>=') && !class_exists($phpseclib_class_v2)) require_once($phpseclib_dir.'/'.$class.'.php'); 392 if (class_exists($phpseclib_class_v2) && !class_exists($phpseclib_class_v1)) class_alias($phpseclib_class_v2, $phpseclib_class_v1); // phpcs:ignore PHPCompatibility.FunctionUse.NewFunctions.class_aliasFound -- the use of class_alias here to make sure that existing classes like `Crypt_Rijndael` (which is now phpseclib/Crypt/Rijndael) can still be used without having to change old class names in several places. 393 } 368 394 } 369 395 … … 405 431 flush(); 406 432 if (function_exists('fastcgi_finish_request')) fastcgi_finish_request(); 433 if (function_exists('litespeed_finish_request')) litespeed_finish_request(); 407 434 } 408 435 … … 559 586 // First, basic security check: must be an admin page, with ability to manage options, with the right parameters 560 587 // Also, only on GET because WordPress on the options page repeats parameters sometimes when POST-ing via the _wp_referer field 561 if (isset($_SERVER['REQUEST_METHOD']) && ('GET' == $_SERVER['REQUEST_METHOD'] || 'POST' == $_SERVER['REQUEST_METHOD']) && isset($_GET['action'])) {588 if (isset($_SERVER['REQUEST_METHOD']) && ('GET' == $_SERVER['REQUEST_METHOD'] || 'POST' == $_SERVER['REQUEST_METHOD']) && (isset($_GET['action']) && is_string($_GET['action']))) { 562 589 if (preg_match("/^updraftmethod-([a-z]+)-([a-z]+)$/", $_GET['action'], $matches) && file_exists(UPDRAFTPLUS_DIR.'/methods/'.$matches[1].'.php') && UpdraftPlus_Options::user_can_manage()) { 563 590 $_GET['page'] = 'updraftplus'; … … 567 594 $storage_objects_and_ids = UpdraftPlus_Storage_Methods_Interface::get_storage_objects_and_ids(array($method)); 568 595 569 $instance_id = isset($_GET['updraftplus_instance']) ? $_GET['updraftplus_instance'] : '';570 571 if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['state']) ) {596 $instance_id = (isset($_GET['updraftplus_instance']) && is_string($_GET['updraftplus_instance'])) ? $_GET['updraftplus_instance'] : ''; 597 598 if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['state']) && is_string($_POST['state'])) { 572 599 $state = urldecode($_POST['state']); 573 } elseif (isset($_GET['state']) ) {600 } elseif (isset($_GET['state']) && is_string($_GET['state'])) { 574 601 $state = $_GET['state']; 575 602 } … … 581 608 } 582 609 583 if (isset($storage_objects_and_ids[$method]['instance_settings'][$instance_id])) { 584 if (!preg_match('/^[-A-Z0-9]+$/i', $instance_id)) die('Invalid input.'); 585 $opts = $storage_objects_and_ids[$method]['instance_settings'][$instance_id]; 586 $backup_obj = $storage_objects_and_ids[$method]['object']; 587 $backup_obj->set_options($opts, false, $instance_id); 588 } else { 610 if (!preg_match('/^[-A-Z0-9]+$/i', $instance_id)) die('Invalid input.'); 611 if (empty($storage_objects_and_ids[$method]['instance_settings'][$instance_id])) { 612 error_log("UpdraftPlus::handle_url_actions(): no such instance ID found in settings."); 613 return; 614 } 615 $opts = $storage_objects_and_ids[$method]['instance_settings'][$instance_id]; 616 if (!isset($storage_objects_and_ids[$method]['object']) || !is_object($storage_objects_and_ids[$method]['object'])) { 589 617 updraft_try_include_file('methods/'.$method.'.php', 'include_once'); 590 618 $call_class = "UpdraftPlus_BackupModule_".$method; 619 if (!class_exists($call_class)) die(htmlspecialchars($call_class)." class couldn't be found"); 591 620 $backup_obj = new $call_class; 592 } 621 } else { 622 $backup_obj = $storage_objects_and_ids[$method]['object']; 623 } 624 $backup_obj->set_options($opts, false, $instance_id); 593 625 594 626 $this->register_wp_http_option_hooks(); … … 602 634 } 603 635 $this->register_wp_http_option_hooks(false); 604 } elseif (isset($_GET['page']) && 'updraftplus' == $_GET['page'] && 'downloadlog' == $_GET['action'] && isset($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) {636 } elseif (isset($_GET['page']) && 'updraftplus' === $_GET['page'] && 'downloadlog' === $_GET['action'] && isset($_GET['updraftplus_backup_nonce']) && is_string($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) { 605 637 // No WordPress nonce is needed here or for the next, since the backup is already nonce-based 606 638 $updraft_dir = $this->backups_dir_location(); … … 614 646 add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablelog')); 615 647 } 616 } elseif (isset($_GET['page']) && 'updraftplus' == $_GET['page'] && 'downloadfile' == $_GET['action'] && isset($_GET['updraftplus_file']) && preg_match('/^backup_([\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\.(gz\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) {648 } elseif (isset($_GET['page']) && 'updraftplus' === $_GET['page'] && 'downloadfile' == $_GET['action'] && isset($_GET['updraftplus_file']) && is_string($_GET['updraftplus_file']) && preg_match('/^backup_([\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\.(gz\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) { 617 649 // Though this (venerable) code uses the action 'downloadfile', in fact, it's not that general: it's just for downloading a decrypted copy of encrypted databases, and nothing else 618 650 $updraft_dir = $this->backups_dir_location(); … … 620 652 $spool_file = $updraft_dir.'/'.basename($file); 621 653 if (is_readable($spool_file)) { 622 $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : '';654 $dkey = (isset($_GET['decrypt_key']) && is_string($_GET['decrypt_key'])) ? stripslashes($_GET['decrypt_key']) : ''; 623 655 $this->spool_file($spool_file, $dkey); 624 656 exit; … … 626 658 add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablefile')); 627 659 } 628 } elseif ('updraftplus_spool_file' == $_GET['action'] && !empty($_GET['what']) && !empty($_GET['backup_timestamp']) && is_numeric($_GET['backup_timestamp']) && UpdraftPlus_Options::user_can_manage()) {660 } elseif ('updraftplus_spool_file' === $_GET['action'] && !empty($_GET['what']) && !empty($_GET['backup_timestamp']) && is_numeric($_GET['backup_timestamp']) && UpdraftPlus_Options::user_can_manage()) { 629 661 // At some point, it may be worth merging this with the previous section 630 662 $updraft_dir = $this->backups_dir_location(); … … 632 664 $findex = isset($_GET['findex']) ? (int) $_GET['findex'] : 0; 633 665 $backup_timestamp = $_GET['backup_timestamp']; 634 $what = $_GET['what'];666 $what = (string) $_GET['what']; 635 667 636 668 $backup_set = UpdraftPlus_Backup_History::get_history($backup_timestamp); … … 655 687 } 656 688 657 $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : "";689 $dkey = (isset($_GET['decrypt_key']) && is_string($_GET['decrypt_key'])) ? stripslashes($_GET['decrypt_key']) : ""; 658 690 659 691 $this->spool_file($updraft_dir.'/'.basename($filename), $dkey); … … 2066 2098 * This important function returns a list of file entities that can potentially be backed up (subject to users settings), and optionally further meta-data about them 2067 2099 * 2068 * @param boolean $include_others 2069 * @param boolean $full_info 2070 * @return array 2100 * @param boolean $include_others Whether to include "Others" in the list of entities to backup. 2101 * @param boolean $full_info Whether to include additional metadata about each entity. 2102 * 2103 * @return array An associative array containing information about the backupable file entities. 2071 2104 */ 2072 2105 public function get_backupable_file_entities($include_others = true, $full_info = false) { … … 2078 2111 'plugins' => array('path' => untrailingslashit(WP_PLUGIN_DIR), 'description' => __('Plugins', 'updraftplus'), 'singular_description' => __('Plugin', 'updraftplus')), 2079 2112 'themes' => array('path' => WP_CONTENT_DIR.'/themes', 'description' => __('Themes', 'updraftplus'), 'singular_description' => __('Theme', 'updraftplus')), 2080 'uploads' => array('path' => untrailingslashit($wp_upload_dir['basedir']), 'description' => __('Uploads', 'updraftplus')) 2113 'uploads' => array('path' => untrailingslashit($wp_upload_dir['basedir']), 'description' => __('Uploads', 'updraftplus')), 2114 'mu-plugins' => array('path' => WPMU_PLUGIN_DIR, 'description' => __('Must-use plugins', 'updraftplus')) 2081 2115 ); 2082 2116 } else { … … 2084 2118 'plugins' => untrailingslashit(WP_PLUGIN_DIR), 2085 2119 'themes' => WP_CONTENT_DIR.'/themes', 2086 'uploads' => untrailingslashit($wp_upload_dir['basedir']) 2120 'uploads' => untrailingslashit($wp_upload_dir['basedir']), 2121 'mu-plugins' => WPMU_PLUGIN_DIR 2087 2122 ); 2088 2123 } … … 3045 3080 * @return Boolean|Void - as for UpdraftPlus::boot_backup() 3046 3081 */ 3047 public function backup_all($options ) {3082 public function backup_all($options = array()) { 3048 3083 $skip_cloud = empty($options['nocloud']) ? false : true; 3049 3084 return $this->boot_backup(1, 1, false, false, $skip_cloud ? 'none' : false, $options); … … 3056 3091 * @return Boolean|Void - as for UpdraftPlus::boot_backup() 3057 3092 */ 3058 public function backupnow_files($options ) {3093 public function backupnow_files($options = array()) { 3059 3094 $skip_cloud = empty($options['nocloud']) ? false : true; 3060 3095 return $this->boot_backup(1, 0, false, false, $skip_cloud ? 'none' : false, $options); … … 3067 3102 * @return Boolean|Void - as for UpdraftPlus::boot_backup() 3068 3103 */ 3069 public function backupnow_database($options ) {3104 public function backupnow_database($options = array()) { 3070 3105 $skip_cloud = empty($options['nocloud']) ? false : true; 3071 3106 return $this->boot_backup(0, 1, false, false, ($skip_cloud) ? 'none' : false, $options); … … 4708 4743 4709 4744 if ($allow_cache && !empty($this->backup_dir)) return $this->backup_dir; 4710 4711 $updraft_dir = untrailingslashit(UpdraftPlus_Options::get_updraft_option('updraft_dir')); 4745 $updraft_dir = UpdraftPlus_Options::get_updraft_option('updraft_dir'); 4746 if (!is_string($updraft_dir)) $updraft_dir = ''; 4747 $updraft_dir = untrailingslashit($updraft_dir); 4748 4712 4749 // When newly installing, if someone had (e.g.) wp-content/updraft in their database from a previous, deleted pre-1.7.18 install but had removed the updraft directory before re-installing, without this fix they'd end up with wp-content/wp-content/updraft. 4713 4750 if (preg_match('/^wp-content\/(.*)$/', $updraft_dir, $matches) && ABSPATH.'wp-content' === WP_CONTENT_DIR) {
Note: See TracChangeset
for help on using the changeset viewer.