--- a/wp/wp-content/plugins/wp-db-backup/wp-db-backup.php Tue Jun 09 11:14:17 2015 +0000
+++ b/wp/wp-content/plugins/wp-db-backup/wp-db-backup.php Mon Oct 14 17:39:30 2019 +0200
@@ -1,13 +1,13 @@
<?php
/*
Plugin Name: WordPress Database Backup
-Plugin URI: http://austinmatzko.com/wordpress-plugins/wp-db-backup/
+Plugin URI: https://github.com/matzko/wp-db-backup
Description: On-demand backup of your WordPress database. Navigate to <a href="edit.php?page=wp-db-backup">Tools → Backup</a> to get started.
-Author: Austin Matzko
+Author: Austin Matzko
Author URI: http://austinmatzko.com/
-Version: 2.2.4
+Version: 2.3.3
-Copyright 2013 Austin Matzko (email : austin at pressedcode.com)
+Copyright 2018 Austin Matzko (email : austin at pressedcode.com)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -24,36 +24,22 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
*/
-/**
- * Change WP_BACKUP_DIR if you want to
- * use a different backup location
- */
-
if ( ! defined('ABSPATH') ) {
die('Please do not load this file directly.');
}
$rand = substr( md5( md5( DB_PASSWORD ) ), -5 );
-global $wpdbb_content_dir, $wpdbb_content_url, $wpdbb_plugin_dir;
+global $wpdbb_content_dir, $wpdbb_content_url;
$wpdbb_content_dir = ( defined('WP_CONTENT_DIR') ) ? WP_CONTENT_DIR : ABSPATH . 'wp-content';
$wpdbb_content_url = ( defined('WP_CONTENT_URL') ) ? WP_CONTENT_URL : get_option('siteurl') . '/wp-content';
-$wpdbb_plugin_dir = ( defined('WP_PLUGIN_DIR') ) ? WP_PLUGIN_DIR : $wpdbb_content_dir . '/plugins';
-
-if ( ! defined('WP_BACKUP_DIR') ) {
- define('WP_BACKUP_DIR', $wpdbb_content_dir . '/backup-' . $rand . '/');
-}
-
-if ( ! defined('WP_BACKUP_URL') ) {
- define('WP_BACKUP_URL', $wpdbb_content_url . '/backup-' . $rand . '/');
-}
if ( ! defined('ROWS_PER_SEGMENT') ) {
define('ROWS_PER_SEGMENT', 100);
}
-/**
- * Set MOD_EVASIVE_OVERRIDE to true
- * and increase MOD_EVASIVE_DELAY
+/**
+ * Set MOD_EVASIVE_OVERRIDE to true
+ * and increase MOD_EVASIVE_DELAY
* if the backup stops prematurely.
*/
// define('MOD_EVASIVE_OVERRIDE', false);
@@ -71,30 +57,30 @@
var $basename;
var $page_url;
var $referer_check_key;
- var $version = '2.1.5-alpha';
+ var $version = '2.3.3';
function module_check() {
$mod_evasive = false;
if ( defined( 'MOD_EVASIVE_OVERRIDE' ) && true === MOD_EVASIVE_OVERRIDE ) return true;
if ( ! defined( 'MOD_EVASIVE_OVERRIDE' ) || false === MOD_EVASIVE_OVERRIDE ) return false;
- if ( function_exists('apache_get_modules') )
- foreach( (array) apache_get_modules() as $mod )
+ if ( function_exists('apache_get_modules') )
+ foreach( (array) apache_get_modules() as $mod )
if ( false !== strpos($mod,'mod_evasive') || false !== strpos($mod,'mod_dosevasive') )
return true;
return false;
}
- function wpdbBackup() {
+ function __construct() {
global $table_prefix, $wpdb;
add_action('wp_ajax_save_backup_time', array(&$this, 'save_backup_time'));
add_action('init', array(&$this, 'init_textdomain'));
add_action('init', array(&$this, 'set_page_url'));
- add_action('load-update-core.php', array(&$this, 'update_notice_action'));
+ add_action('admin_init', array(&$this, 'update_notice_action'));
add_action('wp_db_backup_cron', array(&$this, 'cron_backup'));
add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
add_filter('cron_schedules', array(&$this, 'add_sched_options'));
add_filter('wp_db_b_schedule_choices', array(&$this, 'schedule_choices'));
-
+
$table_prefix = ( isset( $table_prefix ) ) ? $table_prefix : $wpdb->prefix;
$datum = date("Ymd_B");
$this->backup_filename = DB_NAME . "_$table_prefix$datum.sql";
@@ -122,27 +108,29 @@
$this->core_table_names[] = $wpdb->{$name};
}
}
-
- $this->backup_dir = trailingslashit(apply_filters('wp_db_b_backup_dir', WP_BACKUP_DIR));
+
+ $requested_temp_dir = sanitize_text_field($_GET['wp_db_temp_dir']);
+ $this->backup_dir = trailingslashit(apply_filters('wp_db_b_backup_dir', (isset($requested_temp_dir) && is_writable($requested_temp_dir)) ? $requested_temp_dir : get_temp_dir()));
$this->basename = 'wp-db-backup';
-
+
$this->referer_check_key = $this->basename . '-download_' . DB_NAME;
if (isset($_POST['do_backup'])) {
$this->wp_secure('fatal');
check_admin_referer($this->referer_check_key);
$this->can_user_backup('main');
+
// save exclude prefs
-
- $exc_revisions = isset( $_POST['exclude-revisions'] ) ? (array) $_POST['exclude-revisions'] : array();
- $exc_spam = isset( $_POST['exclude-spam'] ) ? (array) $_POST['exclude-spam'] : array();
- update_option('wp_db_backup_excs', array('revisions' => $exc_revisions, 'spam' => $exc_spam));
+ update_option('wp_db_backup_excs', array(
+ 'revisions' => $this->get_revisions_to_exclude(),
+ 'spam' => $this->get_spam_to_exclude()
+ ));
switch($_POST['do_backup']) {
case 'backup':
add_action('init', array(&$this, 'perform_backup'));
break;
case 'fragments':
add_action('admin_menu', array(&$this, 'fragment_menu'));
- break;
+ break;
}
} elseif (isset($_GET['fragment'] )) {
$this->can_user_backup('frame');
@@ -154,19 +142,19 @@
add_action('admin_menu', array(&$this, 'admin_menu'));
}
}
-
+
function init() {
$this->can_user_backup();
if (isset($_GET['backup'])) {
- $via = isset($_GET['via']) ? $_GET['via'] : 'http';
-
- $this->backup_file = $_GET['backup'];
+ $via = isset($_GET['via']) ? sanitize_text_field($_GET['via']) : 'http';
+
+ $this->backup_file = sanitize_text_field($_GET['backup']);
$this->validate_file($this->backup_file);
switch($via) {
case 'smtp':
case 'email':
- $success = $this->deliver_backup($this->backup_file, 'smtp', $_GET['recipient'], 'frame');
+ $success = $this->deliver_backup($this->backup_file, 'smtp', sanitize_text_field($_GET['recipient']), 'frame');
$this->error_display( 'frame' );
if ( $success ) {
echo '
@@ -175,7 +163,7 @@
';
echo '
alert("' . __('Backup Complete!','wp-db-backup') . '");
- window.onbeforeunload = null;
+ window.onbeforeunload = null;
</script>
';
}
@@ -183,7 +171,7 @@
default:
$success = $this->deliver_backup($this->backup_file, $via);
echo $this->error_display( 'frame', false );
-
+
if ( $success ) {
echo '
<script type="text/javascript">
@@ -195,7 +183,7 @@
exit;
}
if (isset($_GET['fragment'] )) {
- list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+ list($table, $segment, $filename) = explode(':', sanitize_text_field($_GET['fragment']));
$this->validate_file($filename);
$this->backup_fragment($table, $segment, $filename);
}
@@ -216,26 +204,36 @@
}
/*
- * Add a link to back up your database when doing a core upgrade
+ * Add a link to back up your database when doing a core upgrade.
*/
function update_notice_action() {
- if ( 'upgrade-core' == $_REQUEST['action'] ) :
+ global $pagenow;
+ if (
+ (
+ isset($_REQUEST['action'])
+ && ('upgrade-core' == $_REQUEST['action'])
+ )
+ || (
+ !empty($pagenow) && ('update-core.php' == $pagenow)
+ )
+ ) :
ob_start(array(&$this, 'update_notice'));
add_action('admin_footer', create_function('', 'ob_end_flush();'));
endif;
}
- function update_notice($text = '') {
- $pattern = '#(<a href\="' . __('http://codex.wordpress.org/WordPress_Backups') . '">.*?</p>)#';
- $replace = '$1' . "\n<p>" . sprintf(__('Click <a href="%s" target="_blank">here</a> to back up your database using the WordPress Database Backup plugin. <strong>Note:</strong> WordPress Database Backup does <em>not</em> back up your files, just your database.', 'wp-db-backup'), 'tools.php?page=wp-db-backup') . "</p>\n";
- $text = preg_replace($pattern, $replace, $text);
- return $text;
- }
+
+ function update_notice($text = '') {
+ $pattern = '#(<a href\="' . __('http://codex.wordpress.org/WordPress_Backups') . '">.*?</p>)#';
+ $replace = '$1' . "\n<p>" . sprintf(__('Click <a href="%s" target="_blank">here</a> to back up your database using the WordPress Database Backup plugin. <strong>Note:</strong> WordPress Database Backup does <em>not</em> back up your files, just your database.', 'wp-db-backup'), 'tools.php?page=wp-db-backup') . "</p>\n";
+ $text = preg_replace($pattern, $replace, $text);
+ return $text;
+ }
function build_backup_script() {
global $table_prefix, $wpdb;
-
+
echo "<div class='wrap'>";
- echo '<fieldset class="options"><legend>' . __('Progress','wp-db-backup') . '</legend>
+ echo '<fieldset class="options"><legend>' . __('Progress','wp-db-backup') . '</legend>
<p><strong>' .
__('DO NOT DO THE FOLLOWING AS IT WILL CAUSE YOUR BACKUP TO FAIL:','wp-db-backup').
'</strong></p>
@@ -271,18 +269,18 @@
function backup(table, segment) {
var fram = document.getElementById("backuploader");
- fram.src = "' . $this->page_url . '&fragment=" + table + ":" + segment + ":' . $this->backup_filename . ':";
+ fram.src = "' . $this->page_url . '&fragment=" + table + ":" + segment + ":' . $this->backup_filename . ':&wp_db_temp_dir=' . $this->backup_dir . '";
}
-
+
var curStep = 0;
-
+
function nextStep() {
backupStep(curStep);
curStep++;
}
-
+
function finishBackup() {
- var fram = document.getElementById("backuploader");
+ var fram = document.getElementById("backuploader");
setMeter(100);
';
@@ -291,48 +289,44 @@
case 'http':
echo '
setProgress("' . __('Preparing download.','wp-db-backup') . '");
- window.onbeforeunload = null;
+ window.onbeforeunload = null;
fram.src = "' . $download_uri . '";
-
+
setTimeout( function() {
- var secondFrame = document.createElement("iframe");
+ var secondFrame = document.createElement("iframe");
fram.parentNode.insertBefore(secondFrame, fram);
secondFrame.src = "' . $download_uri . '&download-retry=1";
}, 30000 );
';
break;
case 'smtp':
- if ( get_option('wpdb_backup_recip') != $_POST['backup_recipient'] ) {
- update_option('wpdb_backup_recip', $_POST['backup_recipient'] );
+ $email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+ if ( get_option('wpdb_backup_recip') != $email) {
+ update_option('wpdb_backup_recip', $email);
}
echo '
- setProgress("' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $_POST['backup_recipient']) . '");
- window.onbeforeunload = null;
- fram.src = "' . $download_uri . '&via=email&recipient=' . $_POST['backup_recipient'] . '";
+ setProgress("' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $email) . '");
+ window.onbeforeunload = null;
+ fram.src = "' . $download_uri . '&via=email&recipient=' . $email . '";
';
break;
default:
echo '
setProgress("' . __('Backup Complete!','wp-db-backup') . '");
- window.onbeforeunload = null;
+ window.onbeforeunload = null;
';
}
-
+
echo '
}
-
+
function backupStep(step) {
switch(step) {
case 0: backup("", 0); break;
';
-
- $also_backup = array();
- if (isset($_POST['other_tables'])) {
- $also_backup = $_POST['other_tables'];
- } else {
- $also_backup = array();
- }
- $core_tables = $_POST['core_tables'];
+
+ $also_backup = $this->get_post_data_array('other_tables');
+ $core_tables = $this->get_post_data_array('core_tables');
$tables = array_merge($core_tables, $also_backup);
$step_count = 1;
foreach ($tables as $table) {
@@ -353,7 +347,7 @@
$step_count++;
}
echo "case {$step_count}: finishBackup(); break;";
-
+
echo '
}
if(step != 0) setMeter(100 * step / ' . $step_count . ');
@@ -369,9 +363,9 @@
function backup_fragment($table, $segment, $filename) {
global $table_prefix, $wpdb;
-
+
echo "$table:$segment:$filename";
-
+
if($table == '') {
$msg = __('Creating backup file...','wp-db-backup');
} else {
@@ -381,7 +375,7 @@
$msg = sprintf(__('Backing up table \\"%s\\"...','wp-db-backup'), $table);
}
}
-
+
if (is_writable($this->backup_dir)) {
$this->fp = $this->open($this->backup_dir . $filename, 'a');
if(!$this->fp) {
@@ -389,7 +383,7 @@
$this->error(array('loc' => 'frame', 'kind' => 'fatal', 'msg' => __('The backup file could not be saved. Please check the permissions for writing to your backup directory and try again.','wp-db-backup')));
}
else {
- if($table == '') {
+ if($table == '') {
//Begin new backup of MySql
$this->stow("# " . __('WordPress MySQL database backup','wp-db-backup') . "\n");
$this->stow("#\n");
@@ -405,7 +399,7 @@
$this->stow("# --------------------------------------------------------\n");
$this->stow("# " . sprintf(__('Table: %s','wp-db-backup'),$this->backquote($table)) . "\n");
$this->stow("# --------------------------------------------------------\n");
- }
+ }
$this->backup_table($table, $segment);
}
}
@@ -414,7 +408,7 @@
}
if($this->fp) $this->close($this->fp);
-
+
$this->error_display('frame');
echo '<script type="text/javascript"><!--//
@@ -430,19 +424,20 @@
// are we backing up any other tables?
$also_backup = array();
if (isset($_POST['other_tables']))
- $also_backup = $_POST['other_tables'];
- $core_tables = $_POST['core_tables'];
+ $also_backup = sanitize_text_field($_POST['other_tables']);
+ $core_tables = sanitize_text_field($_POST['core_tables']);
$this->backup_file = $this->db_backup($core_tables, $also_backup);
if (false !== $this->backup_file) {
if ('smtp' == $_POST['deliver']) {
- $this->deliver_backup($this->backup_file, $_POST['deliver'], $_POST['backup_recipient'], 'main');
- if ( get_option('wpdb_backup_recip') != $_POST['backup_recipient'] ) {
- update_option('wpdb_backup_recip', $_POST['backup_recipient'] );
+ $email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+ $this->deliver_backup($this->backup_file, sanitize_text_field($_POST['deliver']), $email, 'main');
+ if ( get_option('wpdb_backup_recip') != $email ) {
+ update_option('wpdb_backup_recip', $email );
}
wp_redirect($this->page_url);
} elseif ('http' == $_POST['deliver']) {
$download_uri = add_query_arg('backup',$this->backup_file,$this->page_url);
- wp_redirect($download_uri);
+ wp_redirect($download_uri);
exit;
}
// we do this to say we're done.
@@ -479,7 +474,7 @@
t[k].p[i].id = k + '-table-' + i;
t[k].p[i].onkeyup = t[k].p[i].onclick = function(e) {
e = e ? e : event;
- if ( 16 == e.keyCode )
+ if ( 16 == e.keyCode )
return;
var match = /([\w-]*)-table-(\d*)/.exec(this.id);
var listname = match[1];
@@ -499,7 +494,7 @@
}
<?php if ( function_exists('wp_schedule_event') ) : // needs to be at least WP 2.1 for ajax ?>
- if ( 'undefined' == typeof XMLHttpRequest )
+ if ( 'undefined' == typeof XMLHttpRequest )
var xml = new ActiveXObject( navigator.userAgent.indexOf('MSIE 5') >= 0 ? 'Microsoft.XMLHTTP' : 'Msxml2.XMLHTTP' );
else
var xml = new XMLHttpRequest();
@@ -508,7 +503,7 @@
var timeWrap = document.getElementById('backup-time-wrap');
var backupTime = document.getElementById('next-backup-time');
if ( !! timeWrap && !! backupTime && ( 1 == <?php
- echo (int) ( 'en' == strtolower( substr( get_locale(), 0, 2 ) ) );
+ echo (int) ( 'en' == strtolower( substr( get_locale(), 0, 2 ) ) );
?> ) ) {
var span = document.createElement('span');
span.className = 'submit';
@@ -530,7 +525,7 @@
if ( !! saveTButton )
saveTButton.onclick = function(e) { saveTime(backupTime, mainText); return false; };
if ( !! mainText )
- mainText.onkeydown = function(e) {
+ mainText.onkeydown = function(e) {
e = e || window.event;
if ( 13 == e.keyCode ) {
saveTime(backupTime, mainText);
@@ -592,7 +587,7 @@
margin-bottom: .5em;
padding: 1em;
}
-
+
fieldset.options .instructions {
font-size: smaller;
}
@@ -608,7 +603,7 @@
border-top: none;
}
</style>
- <?php
+ <?php
}
function admin_load() {
@@ -638,7 +633,7 @@
add_action('load-' . $page_hook, array(&$this, 'admin_load'));
}
- /**
+ /**
* Add WP-DB-Backup-specific help options to the 2.7 =< WP contextual help menu
* @return string The text of the help menu.
*/
@@ -674,7 +669,7 @@
if ($is_like) $a_string = str_replace('\\', '\\\\\\\\', $a_string);
else $a_string = str_replace('\\', '\\\\', $a_string);
return str_replace('\'', '\\\'', $a_string);
- }
+ }
/**
* Add backquotes to tables and db-names in
@@ -685,7 +680,7 @@
if (is_array($a_name)) {
$result = array();
reset($a_name);
- while(list($key, $val) = each($a_name))
+ while(list($key, $val) = each($a_name))
$result[$key] = '`' . $val . '`';
return $result;
} else {
@@ -694,7 +689,7 @@
} else {
return $a_name;
}
- }
+ }
function open($filename = '', $mode = 'w') {
if ('' == $filename) return false;
@@ -715,14 +710,14 @@
if(false === @fwrite($this->fp, $query_line))
$this->error(__('There was an error writing a line to the backup script:','wp-db-backup') . ' ' . $query_line . ' ' . $php_errormsg);
}
-
+
/**
* Logs any error messages
* @param array $args
* @return bool
*/
function error($args = array()) {
- if ( is_string( $args ) )
+ if ( is_string( $args ) )
$args = array('msg' => $args);
$args = array_merge( array('loc' => 'main', 'kind' => 'warn', 'msg' => ''), $args);
$this->errors[$args['kind']][] = $args['msg'];
@@ -732,7 +727,7 @@
}
/**
- * Displays error messages
+ * Displays error messages
* @param array $errs
* @param string $loc
* @return string
@@ -748,7 +743,7 @@
if ( 10 == count( $err_list ) )
$err_list[9] = __('Subsequent errors have been omitted from this log.','wp-db-backup');
$wrap = ( 'frame' == $loc ) ? "<script type=\"text/javascript\">\n var msgList = ''; \n %1\$s \n if ( msgList ) alert(msgList); \n </script>" : '%1$s';
- $line = ( 'frame' == $loc ) ?
+ $line = ( 'frame' == $loc ) ?
"try{ window.parent.addError('%1\$s'); } catch(e) { msgList += ' %1\$s';}\n" :
"%1\$s<br />\n";
foreach( (array) $err_list as $err )
@@ -768,8 +763,8 @@
* Taken partially from phpMyAdmin and partially from
* Alain Wolf, Zurich - Switzerland
* Website: http://restkultur.ch/personal/wolf/scripts/db_backup/
-
- * Modified by Scott Merrill (http://www.skippy.net/)
+
+ * Modified by Scott Merrill (http://www.skippy.net/)
* to use the WordPress $wpdb object
* @param string $table
* @param string $segment
@@ -783,7 +778,7 @@
$this->error(__('Error getting table details','wp-db-backup') . ": $table");
return false;
}
-
+
if(($segment == 'none') || ($segment == 0)) {
// Add SQL statement to drop existing table
$this->stow("\n\n");
@@ -792,7 +787,7 @@
$this->stow("#\n");
$this->stow("\n");
$this->stow("DROP TABLE IF EXISTS " . $this->backquote($table) . ";\n");
-
+
// Table structure
// Comment in SQL-file
$this->stow("\n\n");
@@ -800,7 +795,7 @@
$this->stow("# " . sprintf(__('Table structure of table %s','wp-db-backup'),$this->backquote($table)) . "\n");
$this->stow("#\n");
$this->stow("\n");
-
+
$create_table = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_N);
if (false === $create_table) {
$err_msg = sprintf(__('Error with SHOW CREATE TABLE for %s.','wp-db-backup'), $table);
@@ -808,20 +803,20 @@
$this->stow("#\n# $err_msg\n#\n");
}
$this->stow($create_table[0][1] . ' ;');
-
+
if (false === $table_structure) {
$err_msg = sprintf(__('Error getting table structure of %s','wp-db-backup'), $table);
$this->error($err_msg);
$this->stow("#\n# $err_msg\n#\n");
}
-
+
// Comment in SQL-file
$this->stow("\n\n");
$this->stow("#\n");
$this->stow('# ' . sprintf(__('Data contents of table %s','wp-db-backup'),$this->backquote($table)) . "\n");
$this->stow("#\n");
}
-
+
if(($segment == 'none') || ($segment >= 0)) {
$defs = array();
$ints = array();
@@ -835,10 +830,10 @@
$ints[strtolower($struct->Field)] = "1";
}
}
-
-
+
+
// Batch by $row_inc
-
+
if($segment == 'none') {
$row_start = 0;
$row_inc = ROWS_PER_SEGMENT;
@@ -846,8 +841,8 @@
$row_start = $segment * ROWS_PER_SEGMENT;
$row_inc = ROWS_PER_SEGMENT;
}
-
- do {
+
+ do {
// don't include extra stuff, if so requested
$excs = (array) get_option('wp_db_backup_excs');
$where = '';
@@ -856,11 +851,11 @@
} elseif ( is_array($excs['revisions'] ) && in_array($table, $excs['revisions']) ) {
$where = ' WHERE post_type != "revision"';
}
-
+
if ( !ini_get('safe_mode')) @set_time_limit(15*60);
$table_data = $wpdb->get_results("SELECT * FROM $table $where LIMIT {$row_start}, {$row_inc}", ARRAY_A);
- $entries = 'INSERT INTO ' . $this->backquote($table) . ' VALUES (';
+ $entries = 'INSERT INTO ' . $this->backquote($table) . ' VALUES (';
// \x08\\x09, not required
$search = array("\x00", "\x0a", "\x0d", "\x1a");
$replace = array('\0', '\n', '\r', '\Z');
@@ -868,7 +863,7 @@
foreach ($table_data as $row) {
$values = array();
foreach ($row as $key => $value) {
- if ($ints[strtolower($key)]) {
+ if ( !empty($ints[strtolower($key)]) ) {
// make sure there are no blank spots in the insert syntax,
// yet try to avoid quotation marks around integers
$value = ( null === $value || '' === $value) ? $defs[strtolower($key)] : $value;
@@ -883,7 +878,7 @@
}
} while((count($table_data) > 0) and ($segment=='none'));
}
-
+
if(($segment == 'none') || ($segment < 0)) {
// Create footer/closing comment in SQL-file
$this->stow("\n");
@@ -893,10 +888,10 @@
$this->stow("\n");
}
} // end backup_table()
-
+
function db_backup($core_tables, $other_tables) {
global $table_prefix, $wpdb;
-
+
if (is_writable($this->backup_dir)) {
$this->fp = $this->open($this->backup_dir . $this->backup_filename);
if(!$this->fp) {
@@ -907,7 +902,7 @@
$this->error(__('The backup directory is not writeable!','wp-db-backup'));
return false;
}
-
+
//Begin new backup of MySql
$this->stow("# " . __('WordPress MySQL database backup','wp-db-backup') . "\n");
$this->stow("#\n");
@@ -915,12 +910,12 @@
$this->stow("# " . sprintf(__('Hostname: %s','wp-db-backup'),DB_HOST) . "\n");
$this->stow("# " . sprintf(__('Database: %s','wp-db-backup'),$this->backquote(DB_NAME)) . "\n");
$this->stow("# --------------------------------------------------------\n");
-
+
if ( (is_array($other_tables)) && (count($other_tables) > 0) )
$tables = array_merge($core_tables, $other_tables);
else
$tables = $core_tables;
-
+
foreach ($tables as $table) {
// Increase script execution time-limit to 15 min for every table.
if ( !ini_get('safe_mode')) @set_time_limit(15*60);
@@ -930,15 +925,15 @@
$this->stow("# --------------------------------------------------------\n");
$this->backup_table($table);
}
-
+
$this->close($this->fp);
-
+
if (count($this->errors)) {
return false;
} else {
return $this->backup_filename;
}
-
+
} //wp_db_backup
/**
@@ -966,12 +961,9 @@
// try to use phpmailer directly (WP 2.2+)
if ( is_object( $phpmailer ) && ( strtolower(get_class( $phpmailer )) == 'phpmailer' ) ) {
-
+
// Get the site domain and get rid of www.
- $sitename = strtolower( $_SERVER['SERVER_NAME'] );
- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
- $sitename = substr( $sitename, 4 );
- }
+ $sitename = $this->get_sitename();
$from_email = 'wordpress@' . $sitename;
$from_name = 'WordPress';
@@ -994,7 +986,7 @@
$phpmailer->Subject = $subject;
do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
-
+
$result = @$phpmailer->Send();
// old-style: build the headers directly
@@ -1002,18 +994,18 @@
$randomish = md5(time());
$boundary = "==WPBACKUP-$randomish";
$fp = fopen($diskfile,"rb");
- $file = fread($fp,filesize($diskfile));
+ $file = fread($fp,filesize($diskfile));
$this->close($fp);
-
+
$data = chunk_split(base64_encode($file));
-
+
$headers .= "MIME-Version: 1.0\n";
- $headers = 'From: wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME'])) . "\n";
+ $headers = 'From: wordpress@' . preg_replace('#^www\.#', '', sanitize_text_field(strtolower($_SERVER['SERVER_NAME']))) . "\n";
$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\"\n";
-
+
// Add a multipart boundary above the plain message
$message = "This is a multi-part message in MIME format.\n\n" .
- "--{$boundary}\n" .
+ "--{$boundary}\n" .
"Content-Type: text/plain; charset=\"" . get_bloginfo('charset') . "\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" .
$message . "\n\n";
@@ -1027,7 +1019,7 @@
"Content-Transfer-Encoding: base64\n\n" .
$data . "\n\n" .
"--{$boundary}--\n";
-
+
$result = @wp_mail($to, $subject, $message, $headers);
}
return $result;
@@ -1036,7 +1028,7 @@
function deliver_backup($filename = '', $delivery = 'http', $recipient = '', $location = 'main') {
if ('' == $filename) { return false; }
-
+
$diskfile = $this->backup_dir . $filename;
$gz_diskfile = "{$diskfile}.gz";
@@ -1061,9 +1053,9 @@
}
$diskfile = $gz_diskfile;
$filename = "{$filename}.gz";
-
+
/**
- * Try to compress to gzip, if available
+ * Try to compress to gzip, if available
*/
} else {
if ( function_exists('gzencode') ) {
@@ -1083,7 +1075,7 @@
}
}
/*
- *
+ *
*/
} elseif ( file_exists( $gz_diskfile ) && empty( $_GET['download-retry'] ) ) {
$diskfile = $gz_diskfile;
@@ -1092,7 +1084,7 @@
if ('http' == $delivery) {
if ( ! file_exists( $diskfile ) ) {
- if ( empty( $_GET['download-retry'] ) ) {
+ if ( empty( $_GET['download-retry'] ) ) {
$this->error(array('kind' => 'fatal', 'msg' => sprintf(__('File not found:%s','wp-db-backup'), " <strong>$filename</strong><br />") . '<br /><a href="' . $this->page_url . '">' . __('Return to Backup','wp-db-backup') . '</a>'));
} else {
return true;
@@ -1125,7 +1117,7 @@
$err = error_get_last();
$msg .= $err['message'];
} else {
- $msg .= __('ERROR: The mail application has failed to deliver the backup.','wp-db-backup');
+ $msg .= __('ERROR: The mail application has failed to deliver the backup.','wp-db-backup');
}
$this->error(array('kind' => 'fatal', 'loc' => $location, 'msg' => $msg));
} else {
@@ -1136,37 +1128,35 @@
}
return $success;
}
-
+
function backup_menu() {
global $table_prefix, $wpdb;
$feedback = '';
$whoops = false;
-
+
// did we just do a backup? If so, let's report the status
if ( $this->backup_complete ) {
$feedback = '<div class="updated wp-db-backup-updated"><p>' . __('Backup Successful','wp-db-backup') . '!';
$file = $this->backup_file;
switch($_POST['deliver']) {
case 'http':
- $feedback .= '<br />' . sprintf(__('Your backup file: <a href="%1s">%2s</a> should begin downloading shortly.','wp-db-backup'), WP_BACKUP_URL . "{$this->backup_file}", $this->backup_file);
+ $feedback .= '<br />' . sprintf(__('Your backup file: %2s should begin downloading shortly.','wp-db-backup'), "{$this->backup_file}", $this->backup_file);
break;
case 'smtp':
- if (! is_email($_POST['backup_recipient'])) {
+ $email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+ if (! is_email($email)) {
$feedback .= get_option('admin_email');
} else {
- $feedback .= $_POST['backup_recipient'];
+ $feedback .= $email;
}
$feedback = '<br />' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $feedback);
break;
- case 'none':
- $feedback .= '<br />' . __('Your backup file has been saved on the server. If you would like to download it now, right click and select "Save As"','wp-db-backup');
- $feedback .= ':<br /> <a href="' . WP_BACKUP_URL . "$file\">$file</a> : " . sprintf(__('%s bytes','wp-db-backup'), filesize($this->backup_dir . $file));
}
$feedback .= '</p></div>';
}
-
+
// security check
- $this->wp_secure();
+ $this->wp_secure();
if (count($this->errors)) {
$feedback .= '<div class="updated wp-db-backup-updated error"><p><strong>' . __('The following errors were reported:','wp-db-backup') . '</strong></p>';
@@ -1175,14 +1165,14 @@
}
// did we just save options for wp-cron?
- if ( (function_exists('wp_schedule_event') || function_exists('wp_cron_init'))
+ if ( (function_exists('wp_schedule_event') || function_exists('wp_cron_init'))
&& isset($_POST['wp_cron_backup_options']) ) :
do_action('wp_db_b_update_cron_options');
if ( function_exists('wp_schedule_event') ) {
wp_clear_scheduled_hook( 'wp_db_backup_cron' ); // unschedule previous
$scheds = (array) wp_get_schedules();
- $name = strval($_POST['wp_cron_schedule']);
- $interval = ( isset($scheds[$name]['interval']) ) ?
+ $name = sanitize_text_field(strval($_POST['wp_cron_schedule']));
+ $interval = ( isset($scheds[$name]['interval']) ) ?
(int) $scheds[$name]['interval'] : 0;
update_option('wp_cron_backup_schedule', $name, false);
if ( 0 !== $interval ) {
@@ -1192,28 +1182,28 @@
else {
update_option('wp_cron_backup_schedule', intval($_POST['cron_schedule']), false);
}
- update_option('wp_cron_backup_tables', isset( $_POST['wp_cron_backup_tables'] ) ? $_POST['wp_cron_backup_tables'] : array() );
+ update_option('wp_cron_backup_tables', $this->get_submitted_tables_to_backup_in_cron());
if (is_email($_POST['cron_backup_recipient'])) {
- update_option('wp_cron_backup_recipient', $_POST['cron_backup_recipient'], false);
+ update_option('wp_cron_backup_recipient', sanitize_text_field($_POST['cron_backup_recipient']), false);
}
$feedback .= '<div class="updated wp-db-backup-updated"><p>' . __('Scheduled Backup Options Saved!','wp-db-backup') . '</p></div>';
endif;
-
+
$other_tables = array();
$also_backup = array();
-
- // Get complete db table list
+
+ // Get complete db table list
$all_tables = $wpdb->get_results("SHOW TABLES", ARRAY_N);
$all_tables = array_map(create_function('$a', 'return $a[0];'), $all_tables);
// Get list of WP tables that actually exist in this DB (for 1.6 compat!)
$wp_backup_default_tables = array_intersect($all_tables, $this->core_table_names);
// Get list of non-WP tables
$other_tables = array_diff($all_tables, $wp_backup_default_tables);
-
+
if ('' != $feedback)
echo $feedback;
- if ( ! $this->wp_secure() )
+ if ( ! $this->wp_secure() )
return;
// Give the new dirs the same perms as wp-content.
@@ -1230,26 +1220,26 @@
} elseif ( !is_writable($this->backup_dir) && ! @chmod($this->backup_dir, $dir_perms) ) {
?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p>
<p><?php printf(__('Using your FTP client, try to set the backup directory’s write permission to %1$s or %2$s: %3$s', 'wp-db-backup'), '<code>777</code>', '<code>a+w</code>', '<code>' . $this->backup_dir . '</code>'); ?>
- </p></div><?php
+ </p></div><?php
$whoops = true;
} else {
$this->fp = $this->open($this->backup_dir . 'test' );
- if( $this->fp ) {
+ if( $this->fp ) {
$this->close($this->fp);
@unlink($this->backup_dir . 'test' );
// the directory is not writable probably due to safe mode
} else {
- ?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p><?php
+ ?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p><?php
if( ini_get('safe_mode') ){
- ?><p><?php _e('This problem seems to be caused by your server’s <code>safe_mode</code> file ownership restrictions, which limit what files web applications like WordPress can create.', 'wp-db-backup'); ?></p><?php
+ ?><p><?php _e('This problem seems to be caused by your server’s <code>safe_mode</code> file ownership restrictions, which limit what files web applications like WordPress can create.', 'wp-db-backup'); ?></p><?php
}
?><?php printf(__('You can try to correct this problem by using your FTP client to delete and then re-create the backup directory: %s', 'wp-db-backup'), '<code>' . $this->backup_dir . '</code>');
- ?></div><?php
+ ?></div><?php
$whoops = true;
}
}
-
+
if ( !file_exists($this->backup_dir . 'index.php') )
@ touch($this->backup_dir . 'index.php');
@@ -1275,8 +1265,8 @@
?></ul>
</div>
<div class="tables-list extra-tables" id="extra-tables-list">
- <?php
- if (count($other_tables) > 0) {
+ <?php
+ if (count($other_tables) > 0) {
?>
<h4><?php _e('You may choose to include any of the following tables:','wp-db-backup'); ?></h4>
<ul>
@@ -1284,22 +1274,17 @@
foreach ($other_tables as $table) {
?>
<li><label><input type="checkbox" name="other_tables[]" value="<?php echo $table; ?>" /> <code><?php echo $table; ?></code></label>
- <?php
+ <?php
}
- ?></ul><?php
+ ?></ul><?php
}
?></div>
</fieldset>
-
+
<fieldset class="options">
<legend><?php _e('Backup Options','wp-db-backup'); ?></legend>
<p><?php _e('What to do with the backup file:','wp-db-backup'); ?></p>
<ul>
- <li><label for="do_save">
- <input type="radio" id="do_save" name="deliver" value="none" style="border:none;" />
- <?php _e('Save to server','wp-db-backup');
- echo " (<code>" . $this->backup_dir . "</code>)"; ?>
- </label></li>
<li><label for="do_download">
<input type="radio" checked="checked" id="do_download" name="deliver" value="http" style="border:none;" />
<?php _e('Download to your computer','wp-db-backup'); ?>
@@ -1307,7 +1292,7 @@
<li><label for="do_email">
<input type="radio" name="deliver" id="do_email" value="smtp" style="border:none;" />
<?php _e('Email backup to:','wp-db-backup'); ?>
- <input type="text" name="backup_recipient" size="20" value="<?php
+ <input type="text" name="backup_recipient" size="20" value="<?php
$backup_recip = get_option('wpdb_backup_recip');
if ( empty( $backup_recip ) ) {
$backup_recip = get_option('admin_email');
@@ -1317,7 +1302,7 @@
</label></li>
</ul>
<?php if ( ! $whoops ) : ?>
- <input type="hidden" name="do_backup" id="do_backup" value="backup" />
+ <input type="hidden" name="do_backup" id="do_backup" value="backup" />
<p class="submit">
<input type="submit" name="submit" onclick="document.getElementById('do_backup').value='fragments';" value="<?php _e('Backup now!','wp-db-backup'); ?>" />
</p>
@@ -1327,9 +1312,9 @@
</fieldset>
<?php do_action('wp_db_b_backup_opts'); ?>
</form>
-
+
<?php
- // this stuff only displays if some sort of wp-cron is available
+ // this stuff only displays if some sort of wp-cron is available
$cron = ( function_exists('wp_schedule_event') ) ? true : false; // wp-cron in WP 2.1+
$cron_old = ( function_exists('wp_cron_init') && ! $cron ) ? true : false; // wp-cron plugin by Skippy
if ( $cron_old || $cron ) :
@@ -1342,17 +1327,17 @@
<p id="backup-time-wrap">
<?php printf(__('Next Backup: %s','wp-db-backup'), '<span id="next-backup-time">' . gmdate($datetime, $next_cron + (get_option('gmt_offset') * 3600)) . '</span>'); ?>
</p>
- <?php
+ <?php
endif;
elseif ( $cron_old ) :
- ?><p><?php printf(__('Last WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600))); ?><br /><?php
- printf(__('Next WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, (get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600) + 86400))); ?></p><?php
+ ?><p><?php printf(__('Last WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600))); ?><br /><?php
+ printf(__('Next WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, (get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600) + 86400))); ?></p><?php
endif;
?><form method="post" action="">
<?php if ( function_exists('wp_nonce_field') ) wp_nonce_field($this->referer_check_key); ?>
<div class="tables-list">
<h4><?php _e('Schedule: ','wp-db-backup'); ?></h4>
- <?php
+ <?php
if ( $cron_old ) :
$wp_cron_backup_schedule = get_option('wp_cron_backup_schedule');
$schedule = array(0 => __('None','wp-db-backup'), 1 => __('Daily','wp-db-backup'));
@@ -1393,14 +1378,14 @@
echo '<input type="hidden" name="wp_cron_backup_options" value="SET" /></form>';
echo '</fieldset>';
endif; // end of wp_cron (legacy) section
-
+
echo '</div><!-- .wrap -->';
-
+
} // end wp_backup_menu()
function get_sched() {
$options = array_keys( (array) wp_get_schedules() );
- $freq = get_option('wp_cron_backup_schedule');
+ $freq = get_option('wp_cron_backup_schedule');
$freq = ( in_array( $freq , $options ) ) ? $freq : 'never';
return $freq;
}
@@ -1430,14 +1415,14 @@
$menu .= '</ul>';
return $menu;
} // end schedule_choices()
-
+
function wp_cron_daily() { // for legacy cron plugin
$schedule = intval(get_option('wp_cron_backup_schedule'));
// If scheduled backup is disabled
if (0 == $schedule)
return;
else return $this->cron_backup();
- }
+ }
function cron_backup() {
global $table_prefix, $wpdb;
@@ -1447,7 +1432,7 @@
$other_tables = get_option('wp_cron_backup_tables');
$recipient = get_option('wp_cron_backup_recipient');
$backup_file = $this->db_backup($core_tables, $other_tables);
- if (false !== $backup_file)
+ if (false !== $backup_file)
return $this->deliver_backup($backup_file, 'smtp', $recipient, 'main');
else return false;
}
@@ -1458,7 +1443,7 @@
}
/**
- * Checks that WordPress has sufficient security measures
+ * Checks that WordPress has sufficient security measures
* @param string $kind
* @return bool
*/
@@ -1483,7 +1468,7 @@
return false;
if ( ( $this->wp_secure('fatal', $loc) ) && current_user_can('import') )
$can = $this->verify_nonce($_REQUEST['_wpnonce'], $this->referer_check_key, $loc);
- if ( false == $can )
+ if ( false == $can )
$this->error(array('loc' => $loc, 'kind' => 'fatal', 'msg' => __('You are not allowed to perform backups.','wp-db-backup')));
return $can;
}
@@ -1498,26 +1483,115 @@
function verify_nonce($rec = '', $nonce = 'X', $loc = 'main') {
if ( wp_verify_nonce($rec, $nonce) )
return true;
- else
+ else
$this->error(array('loc' => $loc, 'kind' => 'fatal', 'msg' => sprintf(__('There appears to be an unauthorized attempt from this site to access your database located at %1s. The attempt has been halted.','wp-db-backup'),get_option('home'))));
}
/**
- * Check whether a file to be downloaded is
+ * Check whether a file to be downloaded is
* surreptitiously trying to download a non-backup file
* @param string $file
* @return null
- */
+ */
function validate_file($file) {
if ( (false !== strpos($file, '..')) || (false !== strpos($file, './')) || (':' == substr($file, 1, 1)) )
$this->error(array('kind' => 'fatal', 'loc' => 'frame', 'msg' => __("Cheatin' uh ?",'wp-db-backup')));
}
+ /**
+ * Get the sitename by query $_SERVER['SERVER_NAME'].
+ * If it is not set, then use site_url() instead
+ * @return string
+ */
+ function get_sitename() {
+ $sitename='';
+ if ( isset($_SERVER['SERVER_NAME']) ) {
+ $sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );
+ } else {
+ if ( function_exists('site_url') ) {
+ // site_url() was added since 3.0.0
+ // force http scheme so we can easily get rid of leading http://
+ $sitename = strtolower( site_url( '', 'http' ) );
+ $sitename = substr( $sitename, 7 );
+ } else {
+ // try to be compatible with versions < 3.0.0
+ $sitename = strtolower( get_option( 'siteurl' ) );
+ if ( substr( $sitename, 0, 7 ) == 'http://' ) {
+ $sitename = substr( $sitename, 7 );
+ } elseif ( substr( $sitename, 0, 8 ) == 'https://' ) {
+ $sitename = substr( $sitename, 8 );
+ }
+ }
+ }
+ // get rid of www
+ if ( substr( $sitename, 0, 4 ) == 'www.' ) {
+ $sitename = substr( $sitename, 4 );
+ }
+ return $sitename;
+ }
+
+
+ /**
+ * Sanitize an array of content.
+ *
+ * @param array $array_of_data
+ *
+ * @return array
+ */
+ function sanitize_array($array_to_sanitize) {
+ $sanitized = array();
+ foreach ( $array_to_sanitize as $key => $value ) {
+ $sanitized[$key] = sanitize_text_field($value);
+ }
+ return $sanitized;
+ }
+
+ /**
+ * Get a sanitized array of submitted $_POST values
+ *
+ * @param string $post_key The key of the $_POST array.
+ *
+ * @return array
+ */
+ function get_post_data_array($post_key) {
+ $sanitized_data = array();
+ if (isset( $_POST[$post_key] )) {
+ $sanitized_data = (array) $_POST[$post_key];
+ }
+ return $this->sanitize_array($sanitized_data);
+ }
+
+ /**
+ * Get the revisions to exclude.
+ *
+ * @return array
+ */
+ function get_revisions_to_exclude() {
+ return $this->get_post_data_array('exclude-revisions');
+ }
+
+ /**
+ * Get the spam to exclude.
+ *
+ * @return array
+ */
+ function get_spam_to_exclude() {
+ return $this->get_post_data_array('exclude-spam');
+ }
+
+ /**
+ * Get the submitted tables to backup.
+ *
+ * @return array
+ */
+ function get_submitted_tables_to_backup_in_cron() {
+ return $this->get_post_data_array('wp_cron_backup_tables');
+ }
}
function wpdbBackup_init() {
global $mywpdbbackup;
- $mywpdbbackup = new wpdbBackup();
+ $mywpdbbackup = new wpdbBackup();
}
add_action('plugins_loaded', 'wpdbBackup_init');