wp/wp-content/plugins/wp-db-backup/wp-db-backup.php
changeset 7 cf61fcea0001
parent 0 d970ebf37754
child 18 be944660c56a
--- a/wp/wp-content/plugins/wp-db-backup/wp-db-backup.php	Tue Jun 09 11:14:17 2015 +0000
+++ b/wp/wp-content/plugins/wp-db-backup/wp-db-backup.php	Mon Oct 14 17:39:30 2019 +0200
@@ -1,13 +1,13 @@
 <?php
 /*
 Plugin Name: WordPress Database Backup
-Plugin URI: http://austinmatzko.com/wordpress-plugins/wp-db-backup/
+Plugin URI: https://github.com/matzko/wp-db-backup
 Description: On-demand backup of your WordPress database. Navigate to <a href="edit.php?page=wp-db-backup">Tools &rarr; Backup</a> to get started.
-Author: Austin Matzko 
+Author: Austin Matzko
 Author URI: http://austinmatzko.com/
-Version: 2.2.4
+Version: 2.3.3
 
-Copyright 2013  Austin Matzko  (email : austin at pressedcode.com)
+Copyright 2018  Austin Matzko  (email : austin at pressedcode.com)
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -24,36 +24,22 @@
     Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
 */
 
-/**
- * Change WP_BACKUP_DIR if you want to
- * use a different backup location
- */
-
 if ( ! defined('ABSPATH') ) {
 	die('Please do not load this file directly.');
 }
 
 $rand = substr( md5( md5( DB_PASSWORD ) ), -5 );
-global $wpdbb_content_dir, $wpdbb_content_url, $wpdbb_plugin_dir;
+global $wpdbb_content_dir, $wpdbb_content_url;
 $wpdbb_content_dir = ( defined('WP_CONTENT_DIR') ) ? WP_CONTENT_DIR : ABSPATH . 'wp-content';
 $wpdbb_content_url = ( defined('WP_CONTENT_URL') ) ? WP_CONTENT_URL : get_option('siteurl') . '/wp-content';
-$wpdbb_plugin_dir = ( defined('WP_PLUGIN_DIR') ) ? WP_PLUGIN_DIR : $wpdbb_content_dir . '/plugins';
-
-if ( ! defined('WP_BACKUP_DIR') ) {
-	define('WP_BACKUP_DIR', $wpdbb_content_dir . '/backup-' . $rand . '/');
-}
-
-if ( ! defined('WP_BACKUP_URL') ) {
-	define('WP_BACKUP_URL', $wpdbb_content_url . '/backup-' . $rand . '/');
-}
 
 if ( ! defined('ROWS_PER_SEGMENT') ) {
 	define('ROWS_PER_SEGMENT', 100);
 }
 
-/** 
- * Set MOD_EVASIVE_OVERRIDE to true 
- * and increase MOD_EVASIVE_DELAY 
+/**
+ * Set MOD_EVASIVE_OVERRIDE to true
+ * and increase MOD_EVASIVE_DELAY
  * if the backup stops prematurely.
  */
 // define('MOD_EVASIVE_OVERRIDE', false);
@@ -71,30 +57,30 @@
 	var $basename;
 	var $page_url;
 	var $referer_check_key;
-	var $version = '2.1.5-alpha';
+	var $version = '2.3.3';
 
 	function module_check() {
 		$mod_evasive = false;
 		if ( defined( 'MOD_EVASIVE_OVERRIDE' ) && true === MOD_EVASIVE_OVERRIDE ) return true;
 		if ( ! defined( 'MOD_EVASIVE_OVERRIDE' ) || false === MOD_EVASIVE_OVERRIDE ) return false;
-		if ( function_exists('apache_get_modules') ) 
-			foreach( (array) apache_get_modules() as $mod ) 
+		if ( function_exists('apache_get_modules') )
+			foreach( (array) apache_get_modules() as $mod )
 				if ( false !== strpos($mod,'mod_evasive') || false !== strpos($mod,'mod_dosevasive') )
 					return true;
 		return false;
 	}
 
-	function wpdbBackup() {
+	function __construct() {
 		global $table_prefix, $wpdb;
 		add_action('wp_ajax_save_backup_time', array(&$this, 'save_backup_time'));
 		add_action('init', array(&$this, 'init_textdomain'));
 		add_action('init', array(&$this, 'set_page_url'));
-		add_action('load-update-core.php', array(&$this, 'update_notice_action'));
+		add_action('admin_init', array(&$this, 'update_notice_action'));
 		add_action('wp_db_backup_cron', array(&$this, 'cron_backup'));
 		add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
 		add_filter('cron_schedules', array(&$this, 'add_sched_options'));
 		add_filter('wp_db_b_schedule_choices', array(&$this, 'schedule_choices'));
-		
+
 		$table_prefix = ( isset( $table_prefix ) ) ? $table_prefix : $wpdb->prefix;
 		$datum = date("Ymd_B");
 		$this->backup_filename = DB_NAME . "_$table_prefix$datum.sql";
@@ -122,27 +108,29 @@
 				$this->core_table_names[] = $wpdb->{$name};
 			}
 		}
-	
-		$this->backup_dir = trailingslashit(apply_filters('wp_db_b_backup_dir', WP_BACKUP_DIR));
+
+		$requested_temp_dir = sanitize_text_field($_GET['wp_db_temp_dir']);
+		$this->backup_dir = trailingslashit(apply_filters('wp_db_b_backup_dir', (isset($requested_temp_dir) && is_writable($requested_temp_dir)) ? $requested_temp_dir : get_temp_dir()));
 		$this->basename = 'wp-db-backup';
-	
+
 		$this->referer_check_key = $this->basename . '-download_' . DB_NAME;
 		if (isset($_POST['do_backup'])) {
 			$this->wp_secure('fatal');
 			check_admin_referer($this->referer_check_key);
 			$this->can_user_backup('main');
+
 			// save exclude prefs
-
-			$exc_revisions = isset( $_POST['exclude-revisions'] ) ? (array) $_POST['exclude-revisions'] : array();
-			$exc_spam = isset( $_POST['exclude-spam'] ) ? (array) $_POST['exclude-spam'] : array();
-			update_option('wp_db_backup_excs', array('revisions' => $exc_revisions, 'spam' => $exc_spam));
+			update_option('wp_db_backup_excs', array(
+				'revisions' => $this->get_revisions_to_exclude(),
+				'spam' => $this->get_spam_to_exclude()
+			));
 			switch($_POST['do_backup']) {
 			case 'backup':
 				add_action('init', array(&$this, 'perform_backup'));
 				break;
 			case 'fragments':
 				add_action('admin_menu', array(&$this, 'fragment_menu'));
-				break;				
+				break;
 			}
 		} elseif (isset($_GET['fragment'] )) {
 			$this->can_user_backup('frame');
@@ -154,19 +142,19 @@
 			add_action('admin_menu', array(&$this, 'admin_menu'));
 		}
 	}
-	
+
 	function init() {
 		$this->can_user_backup();
 		if (isset($_GET['backup'])) {
-			$via = isset($_GET['via']) ? $_GET['via'] : 'http';
-			
-			$this->backup_file = $_GET['backup'];
+			$via = isset($_GET['via']) ? sanitize_text_field($_GET['via']) : 'http';
+
+			$this->backup_file = sanitize_text_field($_GET['backup']);
 			$this->validate_file($this->backup_file);
 
 			switch($via) {
 			case 'smtp':
 			case 'email':
-				$success = $this->deliver_backup($this->backup_file, 'smtp', $_GET['recipient'], 'frame');
+				$success = $this->deliver_backup($this->backup_file, 'smtp', sanitize_text_field($_GET['recipient']), 'frame');
 				$this->error_display( 'frame' );
 				if ( $success ) {
 					echo '
@@ -175,7 +163,7 @@
 					';
 					echo '
 						alert("' . __('Backup Complete!','wp-db-backup') . '");
-						window.onbeforeunload = null; 
+						window.onbeforeunload = null;
 						</script>
 					';
 				}
@@ -183,7 +171,7 @@
 			default:
 				$success = $this->deliver_backup($this->backup_file, $via);
 				echo $this->error_display( 'frame', false );
-				
+
 				if ( $success ) {
 					echo '
 					<script type="text/javascript">
@@ -195,7 +183,7 @@
 			exit;
 		}
 		if (isset($_GET['fragment'] )) {
-			list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+			list($table, $segment, $filename) = explode(':', sanitize_text_field($_GET['fragment']));
 			$this->validate_file($filename);
 			$this->backup_fragment($table, $segment, $filename);
 		}
@@ -216,26 +204,36 @@
 	}
 
 	/*
-	 * Add a link to back up your database when doing a core upgrade 
+	 * Add a link to back up your database when doing a core upgrade.
 	 */
 	function update_notice_action() {
-		if ( 'upgrade-core' == $_REQUEST['action'] ) :
+		global $pagenow;
+		if (
+			(
+				isset($_REQUEST['action'])
+				&& ('upgrade-core' == $_REQUEST['action'])
+			)
+			|| (
+				!empty($pagenow) && ('update-core.php' == $pagenow)
+			)
+		) :
 			ob_start(array(&$this, 'update_notice'));
 			add_action('admin_footer', create_function('', 'ob_end_flush();'));
 		endif;
 	}
-		function update_notice($text = '') {
-			$pattern = '#(<a href\="' . __('http://codex.wordpress.org/WordPress_Backups') . '">.*?</p>)#';
-			$replace = '$1' . "\n<p>" . sprintf(__('Click <a href="%s" target="_blank">here</a> to back up your database using the WordPress Database Backup plugin. <strong>Note:</strong> WordPress Database Backup does <em>not</em> back up your files, just your database.', 'wp-db-backup'), 'tools.php?page=wp-db-backup') . "</p>\n"; 
-			$text = preg_replace($pattern, $replace, $text);
-			return $text;
-		}
+
+	function update_notice($text = '') {
+		$pattern = '#(<a href\="' . __('http://codex.wordpress.org/WordPress_Backups') . '">.*?</p>)#';
+		$replace = '$1' . "\n<p>" . sprintf(__('Click <a href="%s" target="_blank">here</a> to back up your database using the WordPress Database Backup plugin. <strong>Note:</strong> WordPress Database Backup does <em>not</em> back up your files, just your database.', 'wp-db-backup'), 'tools.php?page=wp-db-backup') . "</p>\n";
+		$text = preg_replace($pattern, $replace, $text);
+		return $text;
+	}
 
 	function build_backup_script() {
 		global $table_prefix, $wpdb;
-	
+
 		echo "<div class='wrap'>";
-		echo 	'<fieldset class="options"><legend>' . __('Progress','wp-db-backup') . '</legend>
+		echo '<fieldset class="options"><legend>' . __('Progress','wp-db-backup') . '</legend>
 			<p><strong>' .
 				__('DO NOT DO THE FOLLOWING AS IT WILL CAUSE YOUR BACKUP TO FAIL:','wp-db-backup').
 			'</strong></p>
@@ -271,18 +269,18 @@
 
 			function backup(table, segment) {
 				var fram = document.getElementById("backuploader");
-				fram.src = "' . $this->page_url . '&fragment=" + table + ":" + segment + ":' . $this->backup_filename . ':";
+				fram.src = "' . $this->page_url . '&fragment=" + table + ":" + segment + ":' . $this->backup_filename . ':&wp_db_temp_dir=' . $this->backup_dir . '";
 			}
-			
+
 			var curStep = 0;
-			
+
 			function nextStep() {
 				backupStep(curStep);
 				curStep++;
 			}
-			
+
 			function finishBackup() {
-				var fram = document.getElementById("backuploader");				
+				var fram = document.getElementById("backuploader");
 				setMeter(100);
 		';
 
@@ -291,48 +289,44 @@
 		case 'http':
 			echo '
 				setProgress("' . __('Preparing download.','wp-db-backup') . '");
-				window.onbeforeunload = null; 
+				window.onbeforeunload = null;
 				fram.src = "' . $download_uri . '";
-				
+
 				setTimeout( function() {
-					var secondFrame = document.createElement("iframe");				
+					var secondFrame = document.createElement("iframe");
 					fram.parentNode.insertBefore(secondFrame, fram);
 					secondFrame.src = "' . $download_uri . '&download-retry=1";
 				}, 30000 );
 			';
 			break;
 		case 'smtp':
-			if ( get_option('wpdb_backup_recip') != $_POST['backup_recipient'] ) {
-				update_option('wpdb_backup_recip', $_POST['backup_recipient'] );
+			$email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+			if ( get_option('wpdb_backup_recip') != $email) {
+				update_option('wpdb_backup_recip', $email);
 			}
 			echo '
-				setProgress("' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $_POST['backup_recipient']) . '");
-				window.onbeforeunload = null; 
-				fram.src = "' . $download_uri . '&via=email&recipient=' . $_POST['backup_recipient'] . '";
+				setProgress("' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $email) . '");
+				window.onbeforeunload = null;
+				fram.src = "' . $download_uri . '&via=email&recipient=' . $email . '";
 			';
 			break;
 		default:
 			echo '
 				setProgress("' . __('Backup Complete!','wp-db-backup') . '");
-				window.onbeforeunload = null; 
+				window.onbeforeunload = null;
 			';
 		}
-		
+
 		echo '
 			}
-			
+
 			function backupStep(step) {
 				switch(step) {
 				case 0: backup("", 0); break;
 		';
-		
-		$also_backup = array();
-		if (isset($_POST['other_tables'])) {
-			$also_backup = $_POST['other_tables'];
-		} else {
-			$also_backup = array();
-		}
-		$core_tables = $_POST['core_tables'];
+
+		$also_backup = $this->get_post_data_array('other_tables');
+		$core_tables = $this->get_post_data_array('core_tables');
 		$tables = array_merge($core_tables, $also_backup);
 		$step_count = 1;
 		foreach ($tables as $table) {
@@ -353,7 +347,7 @@
 			$step_count++;
 		}
 		echo "case {$step_count}: finishBackup(); break;";
-		
+
 		echo '
 				}
 				if(step != 0) setMeter(100 * step / ' . $step_count . ');
@@ -369,9 +363,9 @@
 
 	function backup_fragment($table, $segment, $filename) {
 		global $table_prefix, $wpdb;
-			
+
 		echo "$table:$segment:$filename";
-		
+
 		if($table == '') {
 			$msg = __('Creating backup file...','wp-db-backup');
 		} else {
@@ -381,7 +375,7 @@
 				$msg = sprintf(__('Backing up table \\"%s\\"...','wp-db-backup'), $table);
 			}
 		}
-		
+
 		if (is_writable($this->backup_dir)) {
 			$this->fp = $this->open($this->backup_dir . $filename, 'a');
 			if(!$this->fp) {
@@ -389,7 +383,7 @@
 				$this->error(array('loc' => 'frame', 'kind' => 'fatal', 'msg' =>  __('The backup file could not be saved.  Please check the permissions for writing to your backup directory and try again.','wp-db-backup')));
 			}
 			else {
-				if($table == '') {		
+				if($table == '') {
 					//Begin new backup of MySql
 					$this->stow("# " . __('WordPress MySQL database backup','wp-db-backup') . "\n");
 					$this->stow("#\n");
@@ -405,7 +399,7 @@
 						$this->stow("# --------------------------------------------------------\n");
 						$this->stow("# " . sprintf(__('Table: %s','wp-db-backup'),$this->backquote($table)) . "\n");
 						$this->stow("# --------------------------------------------------------\n");
-					}			
+					}
 					$this->backup_table($table, $segment);
 				}
 			}
@@ -414,7 +408,7 @@
 		}
 
 		if($this->fp) $this->close($this->fp);
-		
+
 		$this->error_display('frame');
 
 		echo '<script type="text/javascript"><!--//
@@ -430,19 +424,20 @@
 		// are we backing up any other tables?
 		$also_backup = array();
 		if (isset($_POST['other_tables']))
-			$also_backup = $_POST['other_tables'];
-		$core_tables = $_POST['core_tables'];
+			$also_backup = sanitize_text_field($_POST['other_tables']);
+		$core_tables = sanitize_text_field($_POST['core_tables']);
 		$this->backup_file = $this->db_backup($core_tables, $also_backup);
 		if (false !== $this->backup_file) {
 			if ('smtp' == $_POST['deliver']) {
-				$this->deliver_backup($this->backup_file, $_POST['deliver'], $_POST['backup_recipient'], 'main');
-				if ( get_option('wpdb_backup_recip') != $_POST['backup_recipient'] ) {
-					update_option('wpdb_backup_recip', $_POST['backup_recipient'] );
+				$email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+				$this->deliver_backup($this->backup_file, sanitize_text_field($_POST['deliver']), $email, 'main');
+				if ( get_option('wpdb_backup_recip') != $email ) {
+					update_option('wpdb_backup_recip', $email );
 				}
 				wp_redirect($this->page_url);
 			} elseif ('http' == $_POST['deliver']) {
 				$download_uri = add_query_arg('backup',$this->backup_file,$this->page_url);
-				wp_redirect($download_uri); 
+				wp_redirect($download_uri);
 				exit;
 			}
 			// we do this to say we're done.
@@ -479,7 +474,7 @@
 							t[k].p[i].id = k + '-table-' + i;
 							t[k].p[i].onkeyup = t[k].p[i].onclick = function(e) {
 								e = e ? e : event;
-								if ( 16  == e.keyCode ) 
+								if ( 16  == e.keyCode )
 									return;
 								var match = /([\w-]*)-table-(\d*)/.exec(this.id);
 								var listname = match[1];
@@ -499,7 +494,7 @@
 				}
 
 				<?php if ( function_exists('wp_schedule_event') ) : // needs to be at least WP 2.1 for ajax ?>
-				if ( 'undefined' == typeof XMLHttpRequest ) 
+				if ( 'undefined' == typeof XMLHttpRequest )
 					var xml = new ActiveXObject( navigator.userAgent.indexOf('MSIE 5') >= 0 ? 'Microsoft.XMLHTTP' : 'Msxml2.XMLHTTP' );
 				else
 					var xml = new XMLHttpRequest();
@@ -508,7 +503,7 @@
 					var timeWrap = document.getElementById('backup-time-wrap');
 					var backupTime = document.getElementById('next-backup-time');
 					if ( !! timeWrap && !! backupTime && ( 1 == <?php
-						echo (int) ( 'en' == strtolower( substr( get_locale(), 0, 2 ) ) );	
+						echo (int) ( 'en' == strtolower( substr( get_locale(), 0, 2 ) ) );
 					?> ) ) {
 						var span = document.createElement('span');
 						span.className = 'submit';
@@ -530,7 +525,7 @@
 					if ( !! saveTButton )
 						saveTButton.onclick = function(e) { saveTime(backupTime, mainText); return false; };
 					if ( !! mainText )
-						mainText.onkeydown = function(e) { 
+						mainText.onkeydown = function(e) {
 							e = e || window.event;
 							if ( 13 == e.keyCode ) {
 								saveTime(backupTime, mainText);
@@ -592,7 +587,7 @@
 					margin-bottom: .5em;
 					padding: 1em;
 				}
-		
+
 				fieldset.options .instructions {
 					font-size: smaller;
 				}
@@ -608,7 +603,7 @@
 					border-top: none;
 				}
 		</style>
-		<?php 
+		<?php
 	}
 
 	function admin_load() {
@@ -638,7 +633,7 @@
 		add_action('load-' . $page_hook, array(&$this, 'admin_load'));
 	}
 
-	/** 
+	/**
 	 * Add WP-DB-Backup-specific help options to the 2.7 =< WP contextual help menu
 	 * @return string The text of the help menu.
 	 */
@@ -674,7 +669,7 @@
 		if ($is_like) $a_string = str_replace('\\', '\\\\\\\\', $a_string);
 		else $a_string = str_replace('\\', '\\\\', $a_string);
 		return str_replace('\'', '\\\'', $a_string);
-	} 
+	}
 
 	/**
 	 * Add backquotes to tables and db-names in
@@ -685,7 +680,7 @@
 			if (is_array($a_name)) {
 				$result = array();
 				reset($a_name);
-				while(list($key, $val) = each($a_name)) 
+				while(list($key, $val) = each($a_name))
 					$result[$key] = '`' . $val . '`';
 				return $result;
 			} else {
@@ -694,7 +689,7 @@
 		} else {
 			return $a_name;
 		}
-	} 
+	}
 
 	function open($filename = '', $mode = 'w') {
 		if ('' == $filename) return false;
@@ -715,14 +710,14 @@
 		if(false === @fwrite($this->fp, $query_line))
 			$this->error(__('There was an error writing a line to the backup script:','wp-db-backup') . '  ' . $query_line . '  ' . $php_errormsg);
 	}
-	
+
 	/**
 	 * Logs any error messages
 	 * @param array $args
 	 * @return bool
 	 */
 	function error($args = array()) {
-		if ( is_string( $args ) ) 
+		if ( is_string( $args ) )
 			$args = array('msg' => $args);
 		$args = array_merge( array('loc' => 'main', 'kind' => 'warn', 'msg' => ''), $args);
 		$this->errors[$args['kind']][] = $args['msg'];
@@ -732,7 +727,7 @@
 	}
 
 	/**
-	 * Displays error messages 
+	 * Displays error messages
 	 * @param array $errs
 	 * @param string $loc
 	 * @return string
@@ -748,7 +743,7 @@
 		if ( 10 == count( $err_list ) )
 			$err_list[9] = __('Subsequent errors have been omitted from this log.','wp-db-backup');
 		$wrap = ( 'frame' == $loc ) ? "<script type=\"text/javascript\">\n var msgList = ''; \n %1\$s \n if ( msgList ) alert(msgList); \n </script>" : '%1$s';
-		$line = ( 'frame' == $loc ) ? 
+		$line = ( 'frame' == $loc ) ?
 			"try{ window.parent.addError('%1\$s'); } catch(e) { msgList += ' %1\$s';}\n" :
 			"%1\$s<br />\n";
 		foreach( (array) $err_list as $err )
@@ -768,8 +763,8 @@
 	 * Taken partially from phpMyAdmin and partially from
 	 * Alain Wolf, Zurich - Switzerland
 	 * Website: http://restkultur.ch/personal/wolf/scripts/db_backup/
-	
-	 * Modified by Scott Merrill (http://www.skippy.net/) 
+
+	 * Modified by Scott Merrill (http://www.skippy.net/)
 	 * to use the WordPress $wpdb object
 	 * @param string $table
 	 * @param string $segment
@@ -783,7 +778,7 @@
 			$this->error(__('Error getting table details','wp-db-backup') . ": $table");
 			return false;
 		}
-	
+
 		if(($segment == 'none') || ($segment == 0)) {
 			// Add SQL statement to drop existing table
 			$this->stow("\n\n");
@@ -792,7 +787,7 @@
 			$this->stow("#\n");
 			$this->stow("\n");
 			$this->stow("DROP TABLE IF EXISTS " . $this->backquote($table) . ";\n");
-			
+
 			// Table structure
 			// Comment in SQL-file
 			$this->stow("\n\n");
@@ -800,7 +795,7 @@
 			$this->stow("# " . sprintf(__('Table structure of table %s','wp-db-backup'),$this->backquote($table)) . "\n");
 			$this->stow("#\n");
 			$this->stow("\n");
-			
+
 			$create_table = $wpdb->get_results("SHOW CREATE TABLE $table", ARRAY_N);
 			if (false === $create_table) {
 				$err_msg = sprintf(__('Error with SHOW CREATE TABLE for %s.','wp-db-backup'), $table);
@@ -808,20 +803,20 @@
 				$this->stow("#\n# $err_msg\n#\n");
 			}
 			$this->stow($create_table[0][1] . ' ;');
-			
+
 			if (false === $table_structure) {
 				$err_msg = sprintf(__('Error getting table structure of %s','wp-db-backup'), $table);
 				$this->error($err_msg);
 				$this->stow("#\n# $err_msg\n#\n");
 			}
-		
+
 			// Comment in SQL-file
 			$this->stow("\n\n");
 			$this->stow("#\n");
 			$this->stow('# ' . sprintf(__('Data contents of table %s','wp-db-backup'),$this->backquote($table)) . "\n");
 			$this->stow("#\n");
 		}
-		
+
 		if(($segment == 'none') || ($segment >= 0)) {
 			$defs = array();
 			$ints = array();
@@ -835,10 +830,10 @@
 						$ints[strtolower($struct->Field)] = "1";
 				}
 			}
-			
-			
+
+
 			// Batch by $row_inc
-			
+
 			if($segment == 'none') {
 				$row_start = 0;
 				$row_inc = ROWS_PER_SEGMENT;
@@ -846,8 +841,8 @@
 				$row_start = $segment * ROWS_PER_SEGMENT;
 				$row_inc = ROWS_PER_SEGMENT;
 			}
-			
-			do {	
+
+			do {
 				// don't include extra stuff, if so requested
 				$excs = (array) get_option('wp_db_backup_excs');
 				$where = '';
@@ -856,11 +851,11 @@
 				} elseif ( is_array($excs['revisions'] ) && in_array($table, $excs['revisions']) ) {
 					$where = ' WHERE post_type != "revision"';
 				}
-				
+
 				if ( !ini_get('safe_mode')) @set_time_limit(15*60);
 				$table_data = $wpdb->get_results("SELECT * FROM $table $where LIMIT {$row_start}, {$row_inc}", ARRAY_A);
 
-				$entries = 'INSERT INTO ' . $this->backquote($table) . ' VALUES (';	
+				$entries = 'INSERT INTO ' . $this->backquote($table) . ' VALUES (';
 				//    \x08\\x09, not required
 				$search = array("\x00", "\x0a", "\x0d", "\x1a");
 				$replace = array('\0', '\n', '\r', '\Z');
@@ -868,7 +863,7 @@
 					foreach ($table_data as $row) {
 						$values = array();
 						foreach ($row as $key => $value) {
-							if ($ints[strtolower($key)]) {
+							if ( !empty($ints[strtolower($key)]) ) {
 								// make sure there are no blank spots in the insert syntax,
 								// yet try to avoid quotation marks around integers
 								$value = ( null === $value || '' === $value) ? $defs[strtolower($key)] : $value;
@@ -883,7 +878,7 @@
 				}
 			} while((count($table_data) > 0) and ($segment=='none'));
 		}
-		
+
 		if(($segment == 'none') || ($segment < 0)) {
 			// Create footer/closing comment in SQL-file
 			$this->stow("\n");
@@ -893,10 +888,10 @@
 			$this->stow("\n");
 		}
 	} // end backup_table()
-	
+
 	function db_backup($core_tables, $other_tables) {
 		global $table_prefix, $wpdb;
-		
+
 		if (is_writable($this->backup_dir)) {
 			$this->fp = $this->open($this->backup_dir . $this->backup_filename);
 			if(!$this->fp) {
@@ -907,7 +902,7 @@
 			$this->error(__('The backup directory is not writeable!','wp-db-backup'));
 			return false;
 		}
-		
+
 		//Begin new backup of MySql
 		$this->stow("# " . __('WordPress MySQL database backup','wp-db-backup') . "\n");
 		$this->stow("#\n");
@@ -915,12 +910,12 @@
 		$this->stow("# " . sprintf(__('Hostname: %s','wp-db-backup'),DB_HOST) . "\n");
 		$this->stow("# " . sprintf(__('Database: %s','wp-db-backup'),$this->backquote(DB_NAME)) . "\n");
 		$this->stow("# --------------------------------------------------------\n");
-		
+
 			if ( (is_array($other_tables)) && (count($other_tables) > 0) )
 			$tables = array_merge($core_tables, $other_tables);
 		else
 			$tables = $core_tables;
-		
+
 		foreach ($tables as $table) {
 			// Increase script execution time-limit to 15 min for every table.
 			if ( !ini_get('safe_mode')) @set_time_limit(15*60);
@@ -930,15 +925,15 @@
 			$this->stow("# --------------------------------------------------------\n");
 			$this->backup_table($table);
 		}
-				
+
 		$this->close($this->fp);
-		
+
 		if (count($this->errors)) {
 			return false;
 		} else {
 			return $this->backup_filename;
 		}
-		
+
 	} //wp_db_backup
 
 	/**
@@ -966,12 +961,9 @@
 
 		// try to use phpmailer directly (WP 2.2+)
 		if ( is_object( $phpmailer ) && ( strtolower(get_class( $phpmailer )) == 'phpmailer' ) ) {
-			
+
 			// Get the site domain and get rid of www.
-			$sitename = strtolower( $_SERVER['SERVER_NAME'] );
-			if ( substr( $sitename, 0, 4 ) == 'www.' ) {
-				$sitename = substr( $sitename, 4 );
-			}
+			$sitename = $this->get_sitename();
 			$from_email = 'wordpress@' . $sitename;
 			$from_name = 'WordPress';
 
@@ -994,7 +986,7 @@
 			$phpmailer->Subject = $subject;
 
 			do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
-			
+
 			$result = @$phpmailer->Send();
 
 		// old-style: build the headers directly
@@ -1002,18 +994,18 @@
 			$randomish = md5(time());
 			$boundary = "==WPBACKUP-$randomish";
 			$fp = fopen($diskfile,"rb");
-			$file = fread($fp,filesize($diskfile)); 
+			$file = fread($fp,filesize($diskfile));
 			$this->close($fp);
-			
+
 			$data = chunk_split(base64_encode($file));
-			
+
 			$headers .= "MIME-Version: 1.0\n";
-			$headers = 'From: wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME'])) . "\n";
+			$headers = 'From: wordpress@' . preg_replace('#^www\.#', '', sanitize_text_field(strtolower($_SERVER['SERVER_NAME']))) . "\n";
 			$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\"\n";
-		
+
 			// Add a multipart boundary above the plain message
 			$message = "This is a multi-part message in MIME format.\n\n" .
-		        	"--{$boundary}\n" .
+				"--{$boundary}\n" .
 				"Content-Type: text/plain; charset=\"" . get_bloginfo('charset') . "\"\n" .
 				"Content-Transfer-Encoding: 7bit\n\n" .
 				$message . "\n\n";
@@ -1027,7 +1019,7 @@
 				"Content-Transfer-Encoding: base64\n\n" .
 				$data . "\n\n" .
 				"--{$boundary}--\n";
-			
+
 			$result = @wp_mail($to, $subject, $message, $headers);
 		}
 		return $result;
@@ -1036,7 +1028,7 @@
 
 	function deliver_backup($filename = '', $delivery = 'http', $recipient = '', $location = 'main') {
 		if ('' == $filename) { return false; }
-		
+
 		$diskfile = $this->backup_dir . $filename;
 		$gz_diskfile = "{$diskfile}.gz";
 
@@ -1061,9 +1053,9 @@
 				}
 				$diskfile = $gz_diskfile;
 				$filename = "{$filename}.gz";
-			
+
 			/**
-			 * Try to compress to gzip, if available 
+			 * Try to compress to gzip, if available
 			 */
 			} else {
 				if ( function_exists('gzencode') ) {
@@ -1083,7 +1075,7 @@
 				}
 			}
 			/*
-			 * 
+			 *
 			 */
 		} elseif ( file_exists( $gz_diskfile ) && empty( $_GET['download-retry'] ) ) {
 			$diskfile = $gz_diskfile;
@@ -1092,7 +1084,7 @@
 
 		if ('http' == $delivery) {
 			if ( ! file_exists( $diskfile ) ) {
-				if ( empty( $_GET['download-retry'] ) ) { 
+				if ( empty( $_GET['download-retry'] ) ) {
 					$this->error(array('kind' => 'fatal', 'msg' => sprintf(__('File not found:%s','wp-db-backup'), "&nbsp;<strong>$filename</strong><br />") . '<br /><a href="' . $this->page_url . '">' . __('Return to Backup','wp-db-backup') . '</a>'));
 				} else {
 					return true;
@@ -1125,7 +1117,7 @@
 					$err = error_get_last();
 					$msg .= $err['message'];
 				} else {
-					$msg .= __('ERROR: The mail application has failed to deliver the backup.','wp-db-backup'); 
+					$msg .= __('ERROR: The mail application has failed to deliver the backup.','wp-db-backup');
 				}
 				$this->error(array('kind' => 'fatal', 'loc' => $location, 'msg' => $msg));
 			} else {
@@ -1136,37 +1128,35 @@
 		}
 		return $success;
 	}
-	
+
 	function backup_menu() {
 		global $table_prefix, $wpdb;
 		$feedback = '';
 		$whoops = false;
-		
+
 		// did we just do a backup?  If so, let's report the status
 		if ( $this->backup_complete ) {
 			$feedback = '<div class="updated wp-db-backup-updated"><p>' . __('Backup Successful','wp-db-backup') . '!';
 			$file = $this->backup_file;
 			switch($_POST['deliver']) {
 			case 'http':
-				$feedback .= '<br />' . sprintf(__('Your backup file: <a href="%1s">%2s</a> should begin downloading shortly.','wp-db-backup'), WP_BACKUP_URL . "{$this->backup_file}", $this->backup_file);
+				$feedback .= '<br />' . sprintf(__('Your backup file: %2s should begin downloading shortly.','wp-db-backup'), "{$this->backup_file}", $this->backup_file);
 				break;
 			case 'smtp':
-				if (! is_email($_POST['backup_recipient'])) {
+				$email = sanitize_text_field(wp_unslash($_POST['backup_recipient']));
+				if (! is_email($email)) {
 					$feedback .= get_option('admin_email');
 				} else {
-					$feedback .= $_POST['backup_recipient'];
+					$feedback .= $email;
 				}
 				$feedback = '<br />' . sprintf(__('Your backup has been emailed to %s','wp-db-backup'), $feedback);
 				break;
-			case 'none':
-				$feedback .= '<br />' . __('Your backup file has been saved on the server. If you would like to download it now, right click and select "Save As"','wp-db-backup');
-				$feedback .= ':<br /> <a href="' . WP_BACKUP_URL . "$file\">$file</a> : " . sprintf(__('%s bytes','wp-db-backup'), filesize($this->backup_dir . $file));
 			}
 			$feedback .= '</p></div>';
 		}
-	
+
 		// security check
-		$this->wp_secure();  
+		$this->wp_secure();
 
 		if (count($this->errors)) {
 			$feedback .= '<div class="updated wp-db-backup-updated error"><p><strong>' . __('The following errors were reported:','wp-db-backup') . '</strong></p>';
@@ -1175,14 +1165,14 @@
 		}
 
 		// did we just save options for wp-cron?
-		if ( (function_exists('wp_schedule_event') || function_exists('wp_cron_init')) 
+		if ( (function_exists('wp_schedule_event') || function_exists('wp_cron_init'))
 			&& isset($_POST['wp_cron_backup_options']) ) :
 			do_action('wp_db_b_update_cron_options');
 			if ( function_exists('wp_schedule_event') ) {
 				wp_clear_scheduled_hook( 'wp_db_backup_cron' ); // unschedule previous
 				$scheds = (array) wp_get_schedules();
-				$name = strval($_POST['wp_cron_schedule']);
-				$interval = ( isset($scheds[$name]['interval']) ) ? 
+				$name = sanitize_text_field(strval($_POST['wp_cron_schedule']));
+				$interval = ( isset($scheds[$name]['interval']) ) ?
 					(int) $scheds[$name]['interval'] : 0;
 				update_option('wp_cron_backup_schedule', $name, false);
 				if ( 0 !== $interval ) {
@@ -1192,28 +1182,28 @@
 			else {
 				update_option('wp_cron_backup_schedule', intval($_POST['cron_schedule']), false);
 			}
-			update_option('wp_cron_backup_tables', isset( $_POST['wp_cron_backup_tables'] ) ? $_POST['wp_cron_backup_tables'] : array() );
+			update_option('wp_cron_backup_tables', $this->get_submitted_tables_to_backup_in_cron());
 			if (is_email($_POST['cron_backup_recipient'])) {
-				update_option('wp_cron_backup_recipient', $_POST['cron_backup_recipient'], false);
+				update_option('wp_cron_backup_recipient', sanitize_text_field($_POST['cron_backup_recipient']), false);
 			}
 			$feedback .= '<div class="updated wp-db-backup-updated"><p>' . __('Scheduled Backup Options Saved!','wp-db-backup') . '</p></div>';
 		endif;
-		
+
 		$other_tables = array();
 		$also_backup = array();
-	
-		// Get complete db table list	
+
+		// Get complete db table list
 		$all_tables = $wpdb->get_results("SHOW TABLES", ARRAY_N);
 		$all_tables = array_map(create_function('$a', 'return $a[0];'), $all_tables);
 		// Get list of WP tables that actually exist in this DB (for 1.6 compat!)
 		$wp_backup_default_tables = array_intersect($all_tables, $this->core_table_names);
 		// Get list of non-WP tables
 		$other_tables = array_diff($all_tables, $wp_backup_default_tables);
-		
+
 		if ('' != $feedback)
 			echo $feedback;
 
-		if ( ! $this->wp_secure() ) 	
+		if ( ! $this->wp_secure() )
 			return;
 
 		// Give the new dirs the same perms as wp-content.
@@ -1230,26 +1220,26 @@
 		} elseif ( !is_writable($this->backup_dir) && ! @chmod($this->backup_dir, $dir_perms) ) {
 			?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p>
 			<p><?php printf(__('Using your FTP client, try to set the backup directory&rsquo;s write permission to %1$s or %2$s: %3$s', 'wp-db-backup'), '<code>777</code>', '<code>a+w</code>', '<code>' . $this->backup_dir . '</code>'); ?>
-			</p></div><?php 
+			</p></div><?php
 			$whoops = true;
 		} else {
 			$this->fp = $this->open($this->backup_dir . 'test' );
-			if( $this->fp ) { 
+			if( $this->fp ) {
 				$this->close($this->fp);
 				@unlink($this->backup_dir . 'test' );
 			// the directory is not writable probably due to safe mode
 			} else {
-				?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p><?php 
+				?><div class="updated wp-db-backup-updated error"><p><?php _e('WARNING: Your backup directory is <strong>NOT</strong> writable! We cannot create the backup files.','wp-db-backup'); ?></p><?php
 				if( ini_get('safe_mode') ){
-					?><p><?php _e('This problem seems to be caused by your server&rsquo;s <code>safe_mode</code> file ownership restrictions, which limit what files web applications like WordPress can create.', 'wp-db-backup'); ?></p><?php 
+					?><p><?php _e('This problem seems to be caused by your server&rsquo;s <code>safe_mode</code> file ownership restrictions, which limit what files web applications like WordPress can create.', 'wp-db-backup'); ?></p><?php
 				}
 				?><?php printf(__('You can try to correct this problem by using your FTP client to delete and then re-create the backup directory: %s', 'wp-db-backup'), '<code>' . $this->backup_dir . '</code>');
-				?></div><?php 
+				?></div><?php
 				$whoops = true;
 			}
 		}
 
-		
+
 
 		if ( !file_exists($this->backup_dir . 'index.php') )
 			@ touch($this->backup_dir . 'index.php');
@@ -1275,8 +1265,8 @@
 		?></ul>
 		</div>
 		<div class="tables-list extra-tables" id="extra-tables-list">
-		<?php 
-		if (count($other_tables) > 0) { 
+		<?php
+		if (count($other_tables) > 0) {
 			?>
 			<h4><?php _e('You may choose to include any of the following tables:','wp-db-backup'); ?></h4>
 			<ul>
@@ -1284,22 +1274,17 @@
 			foreach ($other_tables as $table) {
 				?>
 				<li><label><input type="checkbox" name="other_tables[]" value="<?php echo $table; ?>" /> <code><?php echo $table; ?></code></label>
-				<?php 
+				<?php
 			}
-			?></ul><?php 
+			?></ul><?php
 		}
 		?></div>
 		</fieldset>
-		
+
 		<fieldset class="options">
 			<legend><?php _e('Backup Options','wp-db-backup'); ?></legend>
 			<p><?php  _e('What to do with the backup file:','wp-db-backup'); ?></p>
 			<ul>
-			<li><label for="do_save">
-				<input type="radio" id="do_save" name="deliver" value="none" style="border:none;" />
-				<?php _e('Save to server','wp-db-backup'); 
-				echo " (<code>" . $this->backup_dir . "</code>)"; ?>
-			</label></li>
 			<li><label for="do_download">
 				<input type="radio" checked="checked" id="do_download" name="deliver" value="http" style="border:none;" />
 				<?php _e('Download to your computer','wp-db-backup'); ?>
@@ -1307,7 +1292,7 @@
 			<li><label for="do_email">
 				<input type="radio" name="deliver" id="do_email" value="smtp" style="border:none;" />
 				<?php _e('Email backup to:','wp-db-backup'); ?>
-				<input type="text" name="backup_recipient" size="20" value="<?php 
+				<input type="text" name="backup_recipient" size="20" value="<?php
 					$backup_recip = get_option('wpdb_backup_recip');
 					if ( empty( $backup_recip ) ) {
 						$backup_recip = get_option('admin_email');
@@ -1317,7 +1302,7 @@
 			</label></li>
 			</ul>
 			<?php if ( ! $whoops ) : ?>
-			<input type="hidden" name="do_backup" id="do_backup" value="backup" /> 
+			<input type="hidden" name="do_backup" id="do_backup" value="backup" />
 			<p class="submit">
 				<input type="submit" name="submit" onclick="document.getElementById('do_backup').value='fragments';" value="<?php _e('Backup now!','wp-db-backup'); ?>" />
 			</p>
@@ -1327,9 +1312,9 @@
 		</fieldset>
 		<?php do_action('wp_db_b_backup_opts'); ?>
 		</form>
-		
+
 		<?php
-		// this stuff only displays if some sort of wp-cron is available 
+		// this stuff only displays if some sort of wp-cron is available
 		$cron = ( function_exists('wp_schedule_event') ) ? true : false; // wp-cron in WP 2.1+
 		$cron_old = ( function_exists('wp_cron_init') && ! $cron ) ? true : false; // wp-cron plugin by Skippy
 		if ( $cron_old || $cron ) :
@@ -1342,17 +1327,17 @@
 					<p id="backup-time-wrap">
 					<?php printf(__('Next Backup: %s','wp-db-backup'), '<span id="next-backup-time">' . gmdate($datetime, $next_cron + (get_option('gmt_offset') * 3600)) . '</span>'); ?>
 					</p>
-					<?php 
+					<?php
 				endif;
 			elseif ( $cron_old ) :
-				?><p><?php printf(__('Last WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600))); ?><br /><?php 
-				printf(__('Next WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, (get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600) + 86400))); ?></p><?php 
+				?><p><?php printf(__('Last WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600))); ?><br /><?php
+				printf(__('Next WP-Cron Daily Execution: %s','wp-db-backup'), gmdate($datetime, (get_option('wp_cron_daily_lastrun') + (get_option('gmt_offset') * 3600) + 86400))); ?></p><?php
 			endif;
 			?><form method="post" action="">
 			<?php if ( function_exists('wp_nonce_field') ) wp_nonce_field($this->referer_check_key); ?>
 			<div class="tables-list">
 			<h4><?php _e('Schedule: ','wp-db-backup'); ?></h4>
-			<?php 
+			<?php
 			if ( $cron_old ) :
 				$wp_cron_backup_schedule = get_option('wp_cron_backup_schedule');
 				$schedule = array(0 => __('None','wp-db-backup'), 1 => __('Daily','wp-db-backup'));
@@ -1393,14 +1378,14 @@
 			echo '<input type="hidden" name="wp_cron_backup_options" value="SET" /></form>';
 			echo '</fieldset>';
 		endif; // end of wp_cron (legacy) section
-		
+
 		echo '</div><!-- .wrap -->';
-		
+
 	} // end wp_backup_menu()
 
 	function get_sched() {
 		$options = array_keys( (array) wp_get_schedules() );
-		$freq = get_option('wp_cron_backup_schedule'); 
+		$freq = get_option('wp_cron_backup_schedule');
 		$freq = ( in_array( $freq , $options ) ) ? $freq : 'never';
 		return $freq;
 	}
@@ -1430,14 +1415,14 @@
 		$menu .= '</ul>';
 		return $menu;
 	} // end schedule_choices()
-	
+
 	function wp_cron_daily() { // for legacy cron plugin
 		$schedule = intval(get_option('wp_cron_backup_schedule'));
 		// If scheduled backup is disabled
 		if (0 == $schedule)
 		        return;
 		else return $this->cron_backup();
-	} 
+	}
 
 	function cron_backup() {
 		global $table_prefix, $wpdb;
@@ -1447,7 +1432,7 @@
 		$other_tables = get_option('wp_cron_backup_tables');
 		$recipient = get_option('wp_cron_backup_recipient');
 		$backup_file = $this->db_backup($core_tables, $other_tables);
-		if (false !== $backup_file) 
+		if (false !== $backup_file)
 			return $this->deliver_backup($backup_file, 'smtp', $recipient, 'main');
 		else return false;
 	}
@@ -1458,7 +1443,7 @@
 	}
 
 	/**
-	 * Checks that WordPress has sufficient security measures 
+	 * Checks that WordPress has sufficient security measures
 	 * @param string $kind
 	 * @return bool
 	 */
@@ -1483,7 +1468,7 @@
 			return false;
 		if ( ( $this->wp_secure('fatal', $loc) ) && current_user_can('import') )
 			$can = $this->verify_nonce($_REQUEST['_wpnonce'], $this->referer_check_key, $loc);
-		if ( false == $can ) 
+		if ( false == $can )
 			$this->error(array('loc' => $loc, 'kind' => 'fatal', 'msg' => __('You are not allowed to perform backups.','wp-db-backup')));
 		return $can;
 	}
@@ -1498,26 +1483,115 @@
 	function verify_nonce($rec = '', $nonce = 'X', $loc = 'main') {
 		if ( wp_verify_nonce($rec, $nonce) )
 			return true;
-		else 
+		else
 			$this->error(array('loc' => $loc, 'kind' => 'fatal', 'msg' => sprintf(__('There appears to be an unauthorized attempt from this site to access your database located at %1s.  The attempt has been halted.','wp-db-backup'),get_option('home'))));
 	}
 
 	/**
-	 * Check whether a file to be downloaded is  
+	 * Check whether a file to be downloaded is
 	 * surreptitiously trying to download a non-backup file
 	 * @param string $file
 	 * @return null
-	 */ 
+	 */
 	function validate_file($file) {
 		if ( (false !== strpos($file, '..')) || (false !== strpos($file, './')) || (':' == substr($file, 1, 1)) )
 			$this->error(array('kind' => 'fatal', 'loc' => 'frame', 'msg' => __("Cheatin' uh ?",'wp-db-backup')));
 	}
 
+	/**
+	 * Get the sitename by query $_SERVER['SERVER_NAME']. 
+	 * If it is not set, then use site_url() instead
+	 * @return string
+	 */
+	function get_sitename() {
+		$sitename='';
+		if ( isset($_SERVER['SERVER_NAME']) ) {
+			$sitename = strtolower( sanitize_text_field( $_SERVER['SERVER_NAME'] ) );
+		} else {
+			if ( function_exists('site_url') ) {
+				// site_url() was added since 3.0.0
+				// force http scheme so we can easily get rid of leading http://
+				$sitename = strtolower( site_url( '', 'http' ) );
+				$sitename = substr( $sitename, 7 );
+			} else {
+				// try to be compatible with versions < 3.0.0
+				$sitename = strtolower( get_option( 'siteurl' ) );
+				if ( substr( $sitename, 0, 7 ) == 'http://' ) {
+					$sitename = substr( $sitename, 7 );
+				} elseif ( substr( $sitename, 0, 8 ) == 'https://' ) {
+					$sitename = substr( $sitename, 8 );
+				}
+			}
+		}
+		// get rid of www
+		if ( substr( $sitename, 0, 4 ) == 'www.' ) {
+			$sitename = substr( $sitename, 4 );
+		}
+		return $sitename;
+	}
+
+
+	/**
+	 * Sanitize an array of content.
+	 *
+	 * @param array $array_of_data
+	 *
+	 * @return array
+	 */
+	function sanitize_array($array_to_sanitize) {
+		$sanitized = array();
+		foreach ( $array_to_sanitize as $key => $value ) {
+			$sanitized[$key] = sanitize_text_field($value);
+		}
+		return $sanitized;
+	}
+
+	/**
+	 * Get a sanitized array of submitted $_POST values
+	 *
+	 * @param string $post_key The key of the $_POST array.
+	 *
+	 * @return array
+	 */
+	function get_post_data_array($post_key) {
+		$sanitized_data = array();
+		if (isset( $_POST[$post_key] )) {
+			$sanitized_data = (array) $_POST[$post_key];
+		}
+		return $this->sanitize_array($sanitized_data);
+	}
+
+	/**
+	 * Get the revisions to exclude.
+	 *
+	 * @return array
+	 */
+	function get_revisions_to_exclude() {
+		return $this->get_post_data_array('exclude-revisions');
+	}
+
+	/**
+	 * Get the spam to exclude.
+	 *
+	 * @return array
+	 */
+	function get_spam_to_exclude() {
+		return $this->get_post_data_array('exclude-spam');
+	}
+
+	/**
+	 * Get the submitted tables to backup.
+	 *
+	 * @return array
+	 */
+	function get_submitted_tables_to_backup_in_cron() {
+		return $this->get_post_data_array('wp_cron_backup_tables');
+	}
 }
 
 function wpdbBackup_init() {
 	global $mywpdbbackup;
-	$mywpdbbackup = new wpdbBackup(); 	
+	$mywpdbbackup = new wpdbBackup();
 }
 
 add_action('plugins_loaded', 'wpdbBackup_init');