All-in-One WP Migration - Version 7.1

Version Description

Fixed

  • Allow only users with export an import capability to see the list of backups. This issue was introduced in version 7.0 (Thanks to Ed from siliconforks for reporting)
Download this release

Release Info

Developer yani.iliev
Plugin Icon 128x128 All-in-One WP Migration
Version 7.1
Comparing to
See all releases

Code changes from version 7.0 to 7.1

Files changed (6) hide show
  1. all-in-one-wp-migration.php +1 -1
  2. constants.php +1 -1
  3. lib/controller/class-ai1wm-backups-controller.php +35 -3
  4. lib/controller/class-ai1wm-main-controller.php +2 -0
  5. lib/view/assets/javascript/backups.min.js +3 -2
  6. readme.txt +6 -1
all-in-one-wp-migration.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
6
  * Author: ServMask
7
  * Author URI: https://servmask.com/
8
- * Version: 7.0
9
  * Text Domain: all-in-one-wp-migration
10
  * Domain Path: /languages
11
  * Network: True
5
  * Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
6
  * Author: ServMask
7
  * Author URI: https://servmask.com/
8
+ * Version: 7.1
9
  * Text Domain: all-in-one-wp-migration
10
  * Domain Path: /languages
11
  * Network: True
constants.php CHANGED
@@ -35,7 +35,7 @@ define( 'AI1WM_DEBUG', false );
35
  // ==================
36
  // = Plugin Version =
37
  // ==================
38
- define( 'AI1WM_VERSION', '7.0' );
39
 
40
  // ===============
41
  // = Plugin Name =
35
  // ==================
36
  // = Plugin Version =
37
  // ==================
38
+ define( 'AI1WM_VERSION', '7.1' );
39
 
40
  // ===============
41
  // = Plugin Name =
lib/controller/class-ai1wm-backups-controller.php CHANGED
@@ -93,12 +93,25 @@ class Ai1wm_Backups_Controller {
93
  public static function add_label( $params = array() ) {
94
  ai1wm_setup_environment();
95
 
96
- $backups_labels = get_option( AI1WM_BACKUPS_LABELS, array() );
97
-
98
  if ( empty( $params ) ) {
99
  $params = stripslashes_deep( $_POST );
100
  }
101
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  if ( empty( $params['backup_label'] ) ) {
103
  unset( $backups_labels[ trim( $params['backup_name'] ) ] );
104
 
@@ -123,7 +136,26 @@ class Ai1wm_Backups_Controller {
123
  exit;
124
  }
125
 
126
- public static function backup_list() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
127
  $model = new Ai1wm_Backups;
128
 
129
  Ai1wm_Template::render(
93
  public static function add_label( $params = array() ) {
94
  ai1wm_setup_environment();
95
 
 
 
96
  if ( empty( $params ) ) {
97
  $params = stripslashes_deep( $_POST );
98
  }
99
 
100
+ // Set secret key
101
+ $secret_key = null;
102
+ if ( isset( $params['secret_key'] ) ) {
103
+ $secret_key = trim( $params['secret_key'] );
104
+ }
105
+
106
+ try {
107
+ // Ensure that unauthorized people cannot access add_label action
108
+ ai1wm_verify_secret_key( $secret_key );
109
+ } catch ( Ai1wm_Not_Valid_Secret_Key_Exception $e ) {
110
+ exit;
111
+ }
112
+
113
+ $backups_labels = get_option( AI1WM_BACKUPS_LABELS, array() );
114
+
115
  if ( empty( $params['backup_label'] ) ) {
116
  unset( $backups_labels[ trim( $params['backup_name'] ) ] );
117
 
136
  exit;
137
  }
138
 
139
+ public static function backup_list( $params = array() ) {
140
+ ai1wm_setup_environment();
141
+
142
+ if ( empty( $params ) ) {
143
+ $params = stripslashes_deep( $_GET );
144
+ }
145
+
146
+ // Set secret key
147
+ $secret_key = null;
148
+ if ( isset( $params['secret_key'] ) ) {
149
+ $secret_key = trim( $params['secret_key'] );
150
+ }
151
+
152
+ try {
153
+ // Ensure that unauthorized people cannot access backup_list action
154
+ ai1wm_verify_secret_key( $secret_key );
155
+ } catch ( Ai1wm_Not_Valid_Secret_Key_Exception $e ) {
156
+ exit;
157
+ }
158
+
159
  $model = new Ai1wm_Backups;
160
 
161
  Ai1wm_Template::render(
lib/controller/class-ai1wm-main-controller.php CHANGED
@@ -1032,6 +1032,8 @@ class Ai1wm_Main_Controller {
1032
  add_action( 'wp_ajax_nopriv_ai1wm_backups', 'Ai1wm_Backups_Controller::delete' );
1033
  add_action( 'wp_ajax_nopriv_ai1wm_feedback', 'Ai1wm_Feedback_Controller::feedback' );
1034
  add_action( 'wp_ajax_nopriv_ai1wm_report', 'Ai1wm_Report_Controller::report' );
 
 
1035
 
1036
  // Private actions
1037
  add_action( 'wp_ajax_ai1wm_export', 'Ai1wm_Export_Controller::export' );
1032
  add_action( 'wp_ajax_nopriv_ai1wm_backups', 'Ai1wm_Backups_Controller::delete' );
1033
  add_action( 'wp_ajax_nopriv_ai1wm_feedback', 'Ai1wm_Feedback_Controller::feedback' );
1034
  add_action( 'wp_ajax_nopriv_ai1wm_report', 'Ai1wm_Report_Controller::report' );
1035
+ add_action( 'wp_ajax_nopriv_ai1wm_add_backup_label', 'Ai1wm_Backups_Controller::add_label' );
1036
+ add_action( 'wp_ajax_nopriv_ai1wm_backup_list', 'Ai1wm_Backups_Controller::backup_list' );
1037
 
1038
  // Private actions
1039
  add_action( 'wp_ajax_ai1wm_export', 'Ai1wm_Export_Controller::export' );
lib/view/assets/javascript/backups.min.js CHANGED
@@ -1767,7 +1767,8 @@ jQuery(document).ready(function ($) {
1767
  dataType: 'json',
1768
  data: {
1769
  'backup_name': input.parents('tr').find('.ai1wm-backup-filename').text().trim(),
1770
- 'backup_label': input.val()
 
1771
  },
1772
  dataFilter: function dataFilter(data, type) {
1773
  return Ai1wm.Util.json(data);
@@ -1827,7 +1828,7 @@ jQuery(document).ready(function ($) {
1827
  $('#ai1wm-backups-list').prepend('\n\t\t\t\t\t\t<p class="ai1wm-spinner-paragraph">\n\t\t\t\t\t\t\t<span class="spinner">' + ai1wm_locale.refresh_backup_list + '</span>\n\t\t\t\t\t\t</p>\n\t\t\t\t\t');
1828
  }
1829
 
1830
- $.get(ai1wm_backups.ajax.backup_list).done(function (data) {
1831
  $('#ai1wm-backups-list').html(data);
1832
  }).fail(function (jqXHR, textStatus, textError) {
1833
  alert(ai1wm_locale.unable_to_refresh_backups_list + textError);
1767
  dataType: 'json',
1768
  data: {
1769
  'backup_name': input.parents('tr').find('.ai1wm-backup-filename').text().trim(),
1770
+ 'backup_label': input.val(),
1771
+ 'secret_key': ai1wm_backups.secret_key
1772
  },
1773
  dataFilter: function dataFilter(data, type) {
1774
  return Ai1wm.Util.json(data);
1828
  $('#ai1wm-backups-list').prepend('\n\t\t\t\t\t\t<p class="ai1wm-spinner-paragraph">\n\t\t\t\t\t\t\t<span class="spinner">' + ai1wm_locale.refresh_backup_list + '</span>\n\t\t\t\t\t\t</p>\n\t\t\t\t\t');
1829
  }
1830
 
1831
+ $.get(ai1wm_backups.ajax.backup_list, { secret_key: ai1wm_backups.secret_key }).done(function (data) {
1832
  $('#ai1wm-backups-list').html(data);
1833
  }).fail(function (jqXHR, textStatus, textError) {
1834
  alert(ai1wm_locale.unable_to_refresh_backups_list + textError);
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: move, transfer, copy, migrate, backup, clone, restore, db migration, wordp
4
  Requires at least: 3.3
5
  Tested up to: 5.2
6
  Requires PHP: 5.2.17
7
- Stable tag: 7.0
8
  License: GPLv2 or later
9
 
10
  Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
@@ -108,6 +108,11 @@ Alternatively you can download the plugin using the download button on this page
108
  All-in-One WP Migration **asks for your consent** to collect **requester's email address** when filling plugin's contact form. [GDPR Compliant Privacy Policy](https://www.iubenda.com/privacy-policy/946881)
109
 
110
  == Changelog ==
 
 
 
 
 
111
  = 7.0 =
112
  **Added**
113
 
4
  Requires at least: 3.3
5
  Tested up to: 5.2
6
  Requires PHP: 5.2.17
7
+ Stable tag: 7.1
8
  License: GPLv2 or later
9
 
10
  Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
108
  All-in-One WP Migration **asks for your consent** to collect **requester's email address** when filling plugin's contact form. [GDPR Compliant Privacy Policy](https://www.iubenda.com/privacy-policy/946881)
109
 
110
  == Changelog ==
111
+ = 7.1 =
112
+ **Fixed**
113
+
114
+ * Allow only users with export an import capability to see the list of backups. This issue was introduced in version 7.0 (Thanks to Ed from siliconforks for reporting)
115
+
116
  = 7.0 =
117
  **Added**
118