All-in-One WP Migration - Version 7.2

Version Description

Fixed

  • Use a nonce when checking for updates
Download this release

Release Info

Developer bangelov
Plugin Icon 128x128 All-in-One WP Migration
Version 7.2
Comparing to
See all releases

Code changes from version 7.1 to 7.2

Files changed (7) hide show
  1. all-in-one-wp-migration.php +1 -1
  2. constants.php +1 -1
  3. lib/controller/class-ai1wm-main-controller.php +6 -4
  4. lib/controller/class-ai1wm-updater-controller.php +21 -19
  5. lib/model/class-ai1wm-compatibility.php +1 -1
  6. lib/model/class-ai1wm-updater.php +1 -1
  7. readme.txt +6 -1
all-in-one-wp-migration.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
6
  * Author: ServMask
7
  * Author URI: https://servmask.com/
8
- * Version: 7.1
9
  * Text Domain: all-in-one-wp-migration
10
  * Domain Path: /languages
11
  * Network: True
5
  * Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
6
  * Author: ServMask
7
  * Author URI: https://servmask.com/
8
+ * Version: 7.2
9
  * Text Domain: all-in-one-wp-migration
10
  * Domain Path: /languages
11
  * Network: True
constants.php CHANGED
@@ -35,7 +35,7 @@ define( 'AI1WM_DEBUG', false );
35
  // ==================
36
  // = Plugin Version =
37
  // ==================
38
- define( 'AI1WM_VERSION', '7.1' );
39
 
40
  // ===============
41
  // = Plugin Name =
35
  // ==================
36
  // = Plugin Version =
37
  // ==================
38
+ define( 'AI1WM_VERSION', '7.2' );
39
 
40
  // ===============
41
  // = Plugin Name =
lib/controller/class-ai1wm-main-controller.php CHANGED
@@ -970,7 +970,7 @@ class Ai1wm_Main_Controller {
970
 
971
  wp_localize_script( 'ai1wm_updater', 'ai1wm_updater', array(
972
  'ajax' => array(
973
- 'url' => wp_make_link_relative( admin_url( 'admin-ajax.php?action=ai1wm_updater' ) ),
974
  ),
975
  ) );
976
 
@@ -1012,9 +1012,11 @@ class Ai1wm_Main_Controller {
1012
  }
1013
 
1014
  // Check for updates
1015
- if ( isset( $_GET['ai1wm_updater'] ) ) {
1016
- if ( current_user_can( 'update_plugins' ) ) {
1017
- Ai1wm_Updater::check_for_updates();
 
 
1018
  }
1019
  }
1020
  }
970
 
971
  wp_localize_script( 'ai1wm_updater', 'ai1wm_updater', array(
972
  'ajax' => array(
973
+ 'url' => wp_make_link_relative( add_query_arg( array( 'ai1wm_nonce' => wp_create_nonce( 'ai1wm_updater' ) ), admin_url( 'admin-ajax.php?action=ai1wm_updater' ) ) ),
974
  ),
975
  ) );
976
 
1012
  }
1013
 
1014
  // Check for updates
1015
+ if ( isset( $_GET['ai1wm_check_for_updates'] ) ) {
1016
+ if ( check_admin_referer( 'ai1wm_check_for_updates', 'ai1wm_nonce' ) ) {
1017
+ if ( current_user_can( 'update_plugins' ) ) {
1018
+ Ai1wm_Updater::check_for_updates();
1019
+ }
1020
  }
1021
  }
1022
  }
lib/controller/class-ai1wm-updater-controller.php CHANGED
@@ -57,30 +57,32 @@ class Ai1wm_Updater_Controller {
57
  }
58
 
59
  public static function updater( $params = array() ) {
60
- ai1wm_setup_environment();
 
61
 
62
- // Set params
63
- if ( empty( $params ) ) {
64
- $params = stripslashes_deep( $_POST );
65
- }
66
 
67
- // Set uuid
68
- $uuid = null;
69
- if ( isset( $params['ai1wm_uuid'] ) ) {
70
- $uuid = trim( $params['ai1wm_uuid'] );
71
- }
72
 
73
- // Set extension
74
- $extension = null;
75
- if ( isset( $params['ai1wm_extension'] ) ) {
76
- $extension = trim( $params['ai1wm_extension'] );
77
- }
78
 
79
- $extensions = Ai1wm_Extensions::get();
80
 
81
- // Verify whether extension exists
82
- if ( isset( $extensions[ $extension ] ) ) {
83
- update_option( $extensions[ $extension ]['key'], $uuid );
 
84
  }
85
  }
86
  }
57
  }
58
 
59
  public static function updater( $params = array() ) {
60
+ if ( check_ajax_referer( 'ai1wm_updater', 'ai1wm_nonce' ) ) {
61
+ ai1wm_setup_environment();
62
 
63
+ // Set params
64
+ if ( empty( $params ) ) {
65
+ $params = stripslashes_deep( $_POST );
66
+ }
67
 
68
+ // Set uuid
69
+ $uuid = null;
70
+ if ( isset( $params['ai1wm_uuid'] ) ) {
71
+ $uuid = trim( $params['ai1wm_uuid'] );
72
+ }
73
 
74
+ // Set extension
75
+ $extension = null;
76
+ if ( isset( $params['ai1wm_extension'] ) ) {
77
+ $extension = trim( $params['ai1wm_extension'] );
78
+ }
79
 
80
+ $extensions = Ai1wm_Extensions::get();
81
 
82
+ // Verify whether extension exists
83
+ if ( isset( $extensions[ $extension ] ) ) {
84
+ update_option( $extensions[ $extension ]['key'], $uuid );
85
+ }
86
  }
87
  }
88
  }
lib/model/class-ai1wm-compatibility.php CHANGED
@@ -39,7 +39,7 @@ class Ai1wm_Compatibility {
39
  }
40
 
41
  // Get updater URL
42
- $updater_url = add_query_arg( array( 'ai1wm_updater' => 1 ), network_admin_url( 'plugins.php' ) );
43
 
44
  // If no extension is used, update everything that is available
45
  if ( empty( $extensions ) ) {
39
  }
40
 
41
  // Get updater URL
42
+ $updater_url = add_query_arg( array( 'ai1wm_check_for_updates' => 1, 'ai1wm_nonce' => wp_create_nonce( 'ai1wm_check_for_updates' ) ), network_admin_url( 'plugins.php' ) );
43
 
44
  // If no extension is used, update everything that is available
45
  if ( empty( $extensions ) ) {
lib/model/class-ai1wm-updater.php CHANGED
@@ -171,7 +171,7 @@ class Ai1wm_Updater {
171
  if ( $file === $extension['basename'] ) {
172
 
173
  // Get updater URL
174
- $updater_url = add_query_arg( array( 'ai1wm_updater' => 1 ), network_admin_url( 'plugins.php' ) );
175
 
176
  // Check Purchase ID
177
  if ( get_option( $extension['key'] ) ) {
171
  if ( $file === $extension['basename'] ) {
172
 
173
  // Get updater URL
174
+ $updater_url = add_query_arg( array( 'ai1wm_check_for_updates' => 1, 'ai1wm_nonce' => wp_create_nonce( 'ai1wm_check_for_updates' ) ), network_admin_url( 'plugins.php' ) );
175
 
176
  // Check Purchase ID
177
  if ( get_option( $extension['key'] ) ) {
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: move, transfer, copy, migrate, backup, clone, restore, db migration, wordp
4
  Requires at least: 3.3
5
  Tested up to: 5.2
6
  Requires PHP: 5.2.17
7
- Stable tag: 7.1
8
  License: GPLv2 or later
9
 
10
  Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
@@ -108,6 +108,11 @@ Alternatively you can download the plugin using the download button on this page
108
  All-in-One WP Migration **asks for your consent** to collect **requester's email address** when filling plugin's contact form. [GDPR Compliant Privacy Policy](https://www.iubenda.com/privacy-policy/946881)
109
 
110
  == Changelog ==
 
 
 
 
 
111
  = 7.1 =
112
  **Fixed**
113
 
4
  Requires at least: 3.3
5
  Tested up to: 5.2
6
  Requires PHP: 5.2.17
7
+ Stable tag: 7.2
8
  License: GPLv2 or later
9
 
10
  Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
108
  All-in-One WP Migration **asks for your consent** to collect **requester's email address** when filling plugin's contact form. [GDPR Compliant Privacy Policy](https://www.iubenda.com/privacy-policy/946881)
109
 
110
  == Changelog ==
111
+ = 7.2 =
112
+ **Fixed**
113
+
114
+ * Use a nonce when checking for updates
115
+
116
  = 7.1 =
117
  **Fixed**
118