Plugin Directory


Ignore:
Timestamp:
11/06/2023 09:14:01 AM (18 months ago)
Author:
DavidAnderson
Message:

Release version 1.23.11

Location:
updraftplus/tags/1.23.11
Files:
1 edited
1 copied

Legend:

Unmodified
Added
Removed
  • updraftplus/tags/1.23.11/class-updraftplus.php

    r2950683 r2989669  
    324324     * @param String|Array $classes - a class, or list of classes. There used to be a second parameter with paths to include; but this is now inferred from $classes; and there's no backwards compatibility problem because sending more parameters than are used is acceptable in PHP.
    325325     *
    326      * @return Boolean|WP_Error
     326     * @return Boolean|WP_Error Boolean true if the given classes is already included or autoloader is successfully registered, otherwise WP Error
    327327     */
    328328    public function ensure_phpseclib($classes = array()) {
     
    360360        $phpseclib_dir = UPDRAFTPLUS_DIR.'/vendor/phpseclib/phpseclib/phpseclib';
    361361        if (false === strpos(get_include_path(), $phpseclib_dir)) set_include_path(get_include_path().PATH_SEPARATOR.$phpseclib_dir);
    362         foreach ($classes as $cl) {
    363             $path = str_replace('_', '/', $cl);
    364             if (!class_exists($cl)) include_once($phpseclib_dir.'/'.$path.'.php');
    365         }
    366        
     362        spl_autoload_register(array($this, 'autoload_phpseclib_class'));
     363        if (version_compare(PHP_VERSION, '5.3', '>=')) updraft_try_include_file('includes/phpseclib-migration.php', 'require_once');
    367364        return $ret;
     365    }
     366
     367    /**
     368     * Load phpseclib class automatically. Note that this method is hooked into the PHP's spl_auto_register and this is exclusively used for phpseclib only
     369     *
     370     * @param String $class A class name that's going to be used for instantiating an object
     371     */
     372    public function autoload_phpseclib_class($class) {
     373        $phpseclib_dir = UPDRAFTPLUS_DIR.'/vendor/phpseclib/phpseclib/phpseclib';
     374        $class = str_replace(array('\\', '_'), '/', $class); // turn the class name into paths by replacing backslashes and/or underscores from the given class with slashes, this could be a class that uses namespace e.g. phpseclib\Crypt\Rijndael (phpseclib v2) or just a normal class Crypt_Rijndael (phpseclib v1)
     375        $class = preg_replace('#^phpseclib/(.+)$#', "$1", $class); // take out the 'phpseclib' if it's found to be existed in the beginning of the class name as we already have the root directory of phpseclib defined in the $phpseclib_dir variable
     376        if (file_exists($phpseclib_dir.'/'.$class.'.php') == true) { // check whether the class name that has been transformed into directory paths mathces with one of the phpseclib class files
     377            $phpseclib_class_v2 = 'phpseclib\\'.str_replace('/', '\\', $class);
     378            $phpseclib_class_v1 = str_replace('/', '_', $class);
     379            /**
     380             * Here we try to cover all the possibilites
     381             *
     382             * When running on PHP 5.2,
     383             * if there's other plugin that uses manual (include/require) or autoloader (doesn't matter whose autoloader runs first), if the given class has been succesfully included/autoloaded or it already exists then code below will do nothing (no-op) but this means there's a chance that our all phpseclib-related features can still run in this condition because our code still uses the phpseclib v1 class name
     384             * if no other plugin nor other autoloder has successfully loaded the given class then we will just do nothing as well as we now use the phpseclib v2 and can only load the given class while it's running on PHP 5.3+ due to the PHP namespace. Normally, this will later throw a PHP "class not found" fatal error
     385             *
     386             * When running on PHP 5.3+
     387             * if there's other plugin that uses manual (include/require) or autoloader (doesn't matter whose autoloader runs first), if the given class is a phpseclib v1 class and has been succesfully included/autoloaded or it already exists then we don't do the class aliasing, we just load the phpseclib v2 class namespace of the given class (if not already loaded by others)
     388             * however, if the given class is a phpseclib v1 class and is not yet included/autoloaded or it doesn't exist then we do the class aliasing, only if we have successfully loaded the phpseclib v2 class namespace of the given class or other plugin has already done that (using their own phpseclib library)
     389             * if the given class is phpseclib v2 class namespace then we do the class aliasing only if the phpseclib v1 class has not been loaded yet or doesn't exist and this should be done after phpseclib v2 class has successfully been loaded (doesn't matter what plugin loads it)
     390             */
     391            if (version_compare(PHP_VERSION, '5.3', '>=') && !class_exists($phpseclib_class_v2)) require_once($phpseclib_dir.'/'.$class.'.php');
     392            if (class_exists($phpseclib_class_v2) && !class_exists($phpseclib_class_v1)) class_alias($phpseclib_class_v2, $phpseclib_class_v1); // phpcs:ignore PHPCompatibility.FunctionUse.NewFunctions.class_aliasFound -- the use of class_alias here to make sure that existing classes like `Crypt_Rijndael` (which is now phpseclib/Crypt/Rijndael) can still be used without having to change old class names in several places.
     393        }
    368394    }
    369395
     
    405431        flush();
    406432        if (function_exists('fastcgi_finish_request')) fastcgi_finish_request();
     433        if (function_exists('litespeed_finish_request')) litespeed_finish_request();
    407434    }
    408435
     
    559586        // First, basic security check: must be an admin page, with ability to manage options, with the right parameters
    560587        // Also, only on GET because WordPress on the options page repeats parameters sometimes when POST-ing via the _wp_referer field
    561         if (isset($_SERVER['REQUEST_METHOD']) && ('GET' == $_SERVER['REQUEST_METHOD'] || 'POST' == $_SERVER['REQUEST_METHOD']) && isset($_GET['action'])) {
     588        if (isset($_SERVER['REQUEST_METHOD']) && ('GET' == $_SERVER['REQUEST_METHOD'] || 'POST' == $_SERVER['REQUEST_METHOD']) && (isset($_GET['action']) && is_string($_GET['action']))) {
    562589            if (preg_match("/^updraftmethod-([a-z]+)-([a-z]+)$/", $_GET['action'], $matches) && file_exists(UPDRAFTPLUS_DIR.'/methods/'.$matches[1].'.php') && UpdraftPlus_Options::user_can_manage()) {
    563590                $_GET['page'] = 'updraftplus';
     
    567594                $storage_objects_and_ids = UpdraftPlus_Storage_Methods_Interface::get_storage_objects_and_ids(array($method));
    568595
    569                 $instance_id = isset($_GET['updraftplus_instance']) ? $_GET['updraftplus_instance'] : '';
    570        
    571                 if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['state'])) {
     596                $instance_id = (isset($_GET['updraftplus_instance']) && is_string($_GET['updraftplus_instance'])) ? $_GET['updraftplus_instance'] : '';
     597       
     598                if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['state']) && is_string($_POST['state'])) {
    572599                    $state = urldecode($_POST['state']);
    573                 } elseif (isset($_GET['state'])) {
     600                } elseif (isset($_GET['state']) && is_string($_GET['state'])) {
    574601                    $state = $_GET['state'];
    575602                }
     
    581608                }
    582609               
    583                 if (isset($storage_objects_and_ids[$method]['instance_settings'][$instance_id])) {
    584                     if (!preg_match('/^[-A-Z0-9]+$/i', $instance_id)) die('Invalid input.');
    585                     $opts = $storage_objects_and_ids[$method]['instance_settings'][$instance_id];
    586                     $backup_obj = $storage_objects_and_ids[$method]['object'];
    587                     $backup_obj->set_options($opts, false, $instance_id);
    588                 } else {
     610                if (!preg_match('/^[-A-Z0-9]+$/i', $instance_id)) die('Invalid input.');
     611                if (empty($storage_objects_and_ids[$method]['instance_settings'][$instance_id])) {
     612                    error_log("UpdraftPlus::handle_url_actions(): no such instance ID found in settings.");
     613                    return;
     614                }
     615                $opts = $storage_objects_and_ids[$method]['instance_settings'][$instance_id];
     616                if (!isset($storage_objects_and_ids[$method]['object']) || !is_object($storage_objects_and_ids[$method]['object'])) {
    589617                    updraft_try_include_file('methods/'.$method.'.php', 'include_once');
    590618                    $call_class = "UpdraftPlus_BackupModule_".$method;
     619                    if (!class_exists($call_class)) die(htmlspecialchars($call_class)." class couldn't be found");
    591620                    $backup_obj = new $call_class;
    592                 }
     621                } else {
     622                    $backup_obj = $storage_objects_and_ids[$method]['object'];
     623                }
     624                $backup_obj->set_options($opts, false, $instance_id);
    593625               
    594626                $this->register_wp_http_option_hooks();
     
    602634                }
    603635                $this->register_wp_http_option_hooks(false);
    604             } elseif (isset($_GET['page']) && 'updraftplus' == $_GET['page'] && 'downloadlog' == $_GET['action'] && isset($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) {
     636            } elseif (isset($_GET['page']) && 'updraftplus' === $_GET['page'] && 'downloadlog' === $_GET['action'] && isset($_GET['updraftplus_backup_nonce']) && is_string($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) {
    605637                // No WordPress nonce is needed here or for the next, since the backup is already nonce-based
    606638                $updraft_dir = $this->backups_dir_location();
     
    614646                    add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablelog'));
    615647                }
    616             } elseif (isset($_GET['page']) && 'updraftplus' == $_GET['page'] && 'downloadfile' == $_GET['action'] && isset($_GET['updraftplus_file']) && preg_match('/^backup_([\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\.(gz\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) {
     648            } elseif (isset($_GET['page']) && 'updraftplus' === $_GET['page'] && 'downloadfile' == $_GET['action'] && isset($_GET['updraftplus_file']) && is_string($_GET['updraftplus_file']) && preg_match('/^backup_([\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\.(gz\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) {
    617649                // Though this (venerable) code uses the action 'downloadfile', in fact, it's not that general: it's just for downloading a decrypted copy of encrypted databases, and nothing else
    618650                $updraft_dir = $this->backups_dir_location();
     
    620652                $spool_file = $updraft_dir.'/'.basename($file);
    621653                if (is_readable($spool_file)) {
    622                     $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : '';
     654                    $dkey = (isset($_GET['decrypt_key']) && is_string($_GET['decrypt_key'])) ? stripslashes($_GET['decrypt_key']) : '';
    623655                    $this->spool_file($spool_file, $dkey);
    624656                    exit;
     
    626658                    add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablefile'));
    627659                }
    628             } elseif ('updraftplus_spool_file' == $_GET['action'] && !empty($_GET['what']) && !empty($_GET['backup_timestamp']) && is_numeric($_GET['backup_timestamp']) && UpdraftPlus_Options::user_can_manage()) {
     660            } elseif ('updraftplus_spool_file' === $_GET['action'] && !empty($_GET['what']) && !empty($_GET['backup_timestamp']) && is_numeric($_GET['backup_timestamp']) && UpdraftPlus_Options::user_can_manage()) {
    629661                // At some point, it may be worth merging this with the previous section
    630662                $updraft_dir = $this->backups_dir_location();
     
    632664                $findex = isset($_GET['findex']) ? (int) $_GET['findex'] : 0;
    633665                $backup_timestamp = $_GET['backup_timestamp'];
    634                 $what = $_GET['what'];
     666                $what = (string) $_GET['what'];
    635667               
    636668                $backup_set = UpdraftPlus_Backup_History::get_history($backup_timestamp);
     
    655687                }
    656688               
    657                 $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : "";
     689                $dkey = (isset($_GET['decrypt_key']) && is_string($_GET['decrypt_key'])) ? stripslashes($_GET['decrypt_key']) : "";
    658690               
    659691                $this->spool_file($updraft_dir.'/'.basename($filename), $dkey);
     
    20662098     * This important function returns a list of file entities that can potentially be backed up (subject to users settings), and optionally further meta-data about them
    20672099     *
    2068      * @param  boolean $include_others
    2069      * @param  boolean $full_info
    2070      * @return array
     2100     * @param boolean $include_others Whether to include "Others" in the list of entities to backup.
     2101     * @param boolean $full_info      Whether to include additional metadata about each entity.
     2102     *
     2103     * @return array An associative array containing information about the backupable file entities.
    20712104     */
    20722105    public function get_backupable_file_entities($include_others = true, $full_info = false) {
     
    20782111                'plugins' => array('path' => untrailingslashit(WP_PLUGIN_DIR), 'description' => __('Plugins', 'updraftplus'), 'singular_description' => __('Plugin', 'updraftplus')),
    20792112                'themes' => array('path' => WP_CONTENT_DIR.'/themes', 'description' => __('Themes', 'updraftplus'), 'singular_description' => __('Theme', 'updraftplus')),
    2080                 'uploads' => array('path' => untrailingslashit($wp_upload_dir['basedir']), 'description' => __('Uploads', 'updraftplus'))
     2113                'uploads' => array('path' => untrailingslashit($wp_upload_dir['basedir']), 'description' => __('Uploads', 'updraftplus')),
     2114                'mu-plugins' => array('path' => WPMU_PLUGIN_DIR, 'description' => __('Must-use plugins', 'updraftplus'))
    20812115            );
    20822116        } else {
     
    20842118                'plugins' => untrailingslashit(WP_PLUGIN_DIR),
    20852119                'themes' => WP_CONTENT_DIR.'/themes',
    2086                 'uploads' => untrailingslashit($wp_upload_dir['basedir'])
     2120                'uploads' => untrailingslashit($wp_upload_dir['basedir']),
     2121                'mu-plugins' => WPMU_PLUGIN_DIR
    20872122            );
    20882123        }
     
    30453080     * @return Boolean|Void - as for UpdraftPlus::boot_backup()
    30463081     */
    3047     public function backup_all($options) {
     3082    public function backup_all($options = array()) {
    30483083        $skip_cloud = empty($options['nocloud']) ? false : true;
    30493084        return $this->boot_backup(1, 1, false, false, $skip_cloud ? 'none' : false, $options);
     
    30563091     * @return Boolean|Void - as for UpdraftPlus::boot_backup()
    30573092     */
    3058     public function backupnow_files($options) {
     3093    public function backupnow_files($options = array()) {
    30593094        $skip_cloud = empty($options['nocloud']) ? false : true;
    30603095        return $this->boot_backup(1, 0, false, false, $skip_cloud ? 'none' : false, $options);
     
    30673102     * @return Boolean|Void - as for UpdraftPlus::boot_backup()
    30683103     */
    3069     public function backupnow_database($options) {
     3104    public function backupnow_database($options = array()) {
    30703105        $skip_cloud = empty($options['nocloud']) ? false : true;
    30713106        return $this->boot_backup(0, 1, false, false, ($skip_cloud) ? 'none' : false, $options);
     
    47084743
    47094744        if ($allow_cache && !empty($this->backup_dir)) return $this->backup_dir;
    4710 
    4711         $updraft_dir = untrailingslashit(UpdraftPlus_Options::get_updraft_option('updraft_dir'));
     4745        $updraft_dir = UpdraftPlus_Options::get_updraft_option('updraft_dir');
     4746        if (!is_string($updraft_dir)) $updraft_dir = '';
     4747        $updraft_dir = untrailingslashit($updraft_dir);
     4748
    47124749        // When newly installing, if someone had (e.g.) wp-content/updraft in their database from a previous, deleted pre-1.7.18 install but had removed the updraft directory before re-installing, without this fix they'd end up with wp-content/wp-content/updraft.
    47134750        if (preg_match('/^wp-content\/(.*)$/', $updraft_dir, $matches) && ABSPATH.'wp-content' === WP_CONTENT_DIR) {
Note: See TracChangeset for help on using the changeset viewer.