Version Description
Fixed
- Fix a flaw in which the admin user has the ability to remove files other than backups
Download this release
Release Info
| Developer | bangelov |
| Plugin |  All-in-One WP Migration |
| Version | 7.59 |
| Comparing to | |
| See all releases | |
Code changes from version 7.58 to 7.59
- all-in-one-wp-migration.php +1 -1
- constants.php +1 -1
- functions.php +14 -2
- lib/model/class-ai1wm-backups.php +1 -1
- readme.txt +6 -1
all-in-one-wp-migration.php
CHANGED
|
@@ -5,7 +5,7 @@
|
|
| 5 |
* Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
|
| 6 |
* Author: ServMask
|
| 7 |
* Author URI: https://servmask.com/
|
| 8 |
-
* Version: 7.
|
| 9 |
* Text Domain: all-in-one-wp-migration
|
| 10 |
* Domain Path: /languages
|
| 11 |
* Network: True
|
| 5 |
* Description: Migration tool for all your blog data. Import or Export your blog content with a single click.
|
| 6 |
* Author: ServMask
|
| 7 |
* Author URI: https://servmask.com/
|
| 8 |
+
* Version: 7.59
|
| 9 |
* Text Domain: all-in-one-wp-migration
|
| 10 |
* Domain Path: /languages
|
| 11 |
* Network: True
|
constants.php
CHANGED
|
@@ -35,7 +35,7 @@ define( 'AI1WM_DEBUG', false );
|
|
| 35 |
// ==================
|
| 36 |
// = Plugin Version =
|
| 37 |
// ==================
|
| 38 |
-
define( 'AI1WM_VERSION', '7.
|
| 39 |
|
| 40 |
// ===============
|
| 41 |
// = Plugin Name =
|
| 35 |
// ==================
|
| 36 |
// = Plugin Version =
|
| 37 |
// ==================
|
| 38 |
+
define( 'AI1WM_VERSION', '7.59' );
|
| 39 |
|
| 40 |
// ===============
|
| 41 |
// = Plugin Name =
|
functions.php
CHANGED
|
@@ -59,13 +59,25 @@ function ai1wm_backup_path( $params ) {
|
|
| 59 |
}
|
| 60 |
|
| 61 |
// Validate archive path
|
| 62 |
-
if (
|
| 63 |
throw new Ai1wm_Archive_Exception( __( 'Invalid archive path. <a href="https://help.servmask.com/knowledgebase/invalid-archive-path/" target="_blank">Technical details</a>', AI1WM_PLUGIN_NAME ) );
|
| 64 |
}
|
| 65 |
|
| 66 |
return AI1WM_BACKUPS_PATH . DIRECTORY_SEPARATOR . $params['archive'];
|
| 67 |
}
|
| 68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 69 |
/**
|
| 70 |
* Get archive absolute path
|
| 71 |
*
|
|
@@ -78,7 +90,7 @@ function ai1wm_archive_path( $params ) {
|
|
| 78 |
}
|
| 79 |
|
| 80 |
// Validate archive path
|
| 81 |
-
if (
|
| 82 |
throw new Ai1wm_Archive_Exception( __( 'Invalid archive path. <a href="https://help.servmask.com/knowledgebase/invalid-archive-path/" target="_blank">Technical details</a>', AI1WM_PLUGIN_NAME ) );
|
| 83 |
}
|
| 84 |
|
| 59 |
}
|
| 60 |
|
| 61 |
// Validate archive path
|
| 62 |
+
if ( ai1wm_validate_file( $params['archive'] ) !== 0 ) {
|
| 63 |
throw new Ai1wm_Archive_Exception( __( 'Invalid archive path. <a href="https://help.servmask.com/knowledgebase/invalid-archive-path/" target="_blank">Technical details</a>', AI1WM_PLUGIN_NAME ) );
|
| 64 |
}
|
| 65 |
|
| 66 |
return AI1WM_BACKUPS_PATH . DIRECTORY_SEPARATOR . $params['archive'];
|
| 67 |
}
|
| 68 |
|
| 69 |
+
/**
|
| 70 |
+
* Validates a file name and path against an allowed set of rules
|
| 71 |
+
*
|
| 72 |
+
* @param string $file File path
|
| 73 |
+
* @param array $allowed_files Array of allowed files
|
| 74 |
+
* @return integer
|
| 75 |
+
*/
|
| 76 |
+
function ai1wm_validate_file( $file, $allowed_files = array() ) {
|
| 77 |
+
$file = str_replace( '\\', '/', $file );
|
| 78 |
+
return validate_file( $file, $allowed_files );
|
| 79 |
+
}
|
| 80 |
+
|
| 81 |
/**
|
| 82 |
* Get archive absolute path
|
| 83 |
*
|
| 90 |
}
|
| 91 |
|
| 92 |
// Validate archive path
|
| 93 |
+
if ( ai1wm_validate_file( $params['archive'] ) !== 0 ) {
|
| 94 |
throw new Ai1wm_Archive_Exception( __( 'Invalid archive path. <a href="https://help.servmask.com/knowledgebase/invalid-archive-path/" target="_blank">Technical details</a>', AI1WM_PLUGIN_NAME ) );
|
| 95 |
}
|
| 96 |
|
lib/model/class-ai1wm-backups.php
CHANGED
|
@@ -101,7 +101,7 @@ class Ai1wm_Backups {
|
|
| 101 |
* @return boolean
|
| 102 |
*/
|
| 103 |
public static function delete_file( $file ) {
|
| 104 |
-
if (
|
| 105 |
return @unlink( ai1wm_backup_path( array( 'archive' => $file ) ) );
|
| 106 |
}
|
| 107 |
}
|
| 101 |
* @return boolean
|
| 102 |
*/
|
| 103 |
public static function delete_file( $file ) {
|
| 104 |
+
if ( ai1wm_is_filename_supported( $file ) ) {
|
| 105 |
return @unlink( ai1wm_backup_path( array( 'archive' => $file ) ) );
|
| 106 |
}
|
| 107 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: move, transfer, copy, migrate, backup, clone, restore, db migration, wordp
|
|
| 4 |
Requires at least: 3.3
|
| 5 |
Tested up to: 5.9
|
| 6 |
Requires PHP: 5.2.17
|
| 7 |
-
Stable tag: 7.
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
|
|
@@ -89,6 +89,11 @@ All-in-One WP Migration is in full compliance with General Data Protection Regul
|
|
| 89 |
See our [GDPR Compliant Privacy Policy here](https://www.iubenda.com/privacy-policy/946881).
|
| 90 |
|
| 91 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 92 |
= 7.58 =
|
| 93 |
**Changed**
|
| 94 |
|
| 4 |
Requires at least: 3.3
|
| 5 |
Tested up to: 5.9
|
| 6 |
Requires PHP: 5.2.17
|
| 7 |
+
Stable tag: 7.59
|
| 8 |
License: GPLv2 or later
|
| 9 |
|
| 10 |
Move, transfer, copy, migrate, and backup a site with 1-click. Quick, easy, and reliable.
|
| 89 |
See our [GDPR Compliant Privacy Policy here](https://www.iubenda.com/privacy-policy/946881).
|
| 90 |
|
| 91 |
== Changelog ==
|
| 92 |
+
= 7.59 =
|
| 93 |
+
**Fixed**
|
| 94 |
+
|
| 95 |
+
* Fix a flaw in which the admin user has the ability to remove files other than backups
|
| 96 |
+
|
| 97 |
= 7.58 =
|
| 98 |
**Changed**
|
| 99 |
|
