WordPress Backup and Migrate Plugin – Backup Guard - Version 1.4.0

Version Description

  • Plugin security improvements
Download this release

Release Info

Developer BackupGuard
Plugin Icon 128x128 WordPress Backup and Migrate Plugin – Backup Guard
Version 1.4.0
Comparing to
See all releases

Code changes from version 1.3.9 to 1.4.0

Files changed (5) hide show
  1. BackupGuard.php +9 -2
  2. README.txt +4 -1
  3. backup.php +2 -2
  4. public/ajax/modalImport.php +1 -1
  5. public/js/sgcloud.js +2 -1
BackupGuard.php CHANGED
@@ -281,7 +281,7 @@ function enqueue_backup_guard_scripts($hook)
281
  }
282
  echo 'SG_AJAX_REQUEST_FREQUENCY = "'.$sgAjaxRequestFrequency.'";';
283
  echo 'function getAjaxUrl(url) {'.
284
- 'if (url==="cloudDropbox" || url==="cloudGdrive" || url==="cloudOneDrive") return "'.admin_url('admin-post.php?action=backup_guard_').'"+url;'.
285
  'return "'.admin_url('admin-ajax.php').'";}</script>';
286
 
287
  wp_enqueue_media();
@@ -337,7 +337,9 @@ function backup_guard_create_schedule()
337
  function backup_guard_get_manual_modal()
338
  {
339
  check_ajax_referer('backupGuardAjaxNonce', 'token');
340
- require_once(SG_PUBLIC_AJAX_PATH.'modalManualBackup.php');
 
 
341
  exit();
342
  }
343
 
@@ -510,6 +512,7 @@ function backup_guard_cloud_oneDrive()
510
 
511
  function backup_guard_import_key_file()
512
  {
 
513
  require_once(SG_PUBLIC_AJAX_PATH.'importKeyFile.php');
514
  }
515
 
@@ -573,6 +576,7 @@ function backup_guard_check_restore_creation()
573
 
574
  function backup_guard_cloud_dropbox()
575
  {
 
576
  require_once(SG_PUBLIC_AJAX_PATH.'cloudDropbox.php');
577
  }
578
 
@@ -583,11 +587,13 @@ function backup_guard_cloud_ftp()
583
 
584
  function backup_guard_cloud_amazon()
585
  {
 
586
  require_once(SG_PUBLIC_AJAX_PATH.'cloudAmazon.php');
587
  }
588
 
589
  function backup_guard_cloud_gdrive()
590
  {
 
591
  require_once(SG_PUBLIC_AJAX_PATH.'cloudGdrive.php');
592
  }
593
 
@@ -621,6 +627,7 @@ function backup_guard_get_running_actions()
621
 
622
  function backup_guard_get_import_backup()
623
  {
 
624
  require_once(SG_PUBLIC_AJAX_PATH.'importBackup.php');
625
  }
626
 
281
  }
282
  echo 'SG_AJAX_REQUEST_FREQUENCY = "'.$sgAjaxRequestFrequency.'";';
283
  echo 'function getAjaxUrl(url) {'.
284
+ 'if (url==="cloudDropbox" || url==="cloudGdrive" || url==="cloudOneDrive") return "'.admin_url('admin-post.php?action=backup_guard_').'"+url+"&token='.wp_create_nonce('backupGuardAjaxNonce').'";'.
285
  'return "'.admin_url('admin-ajax.php').'";}</script>';
286
 
287
  wp_enqueue_media();
337
  function backup_guard_get_manual_modal()
338
  {
339
  check_ajax_referer('backupGuardAjaxNonce', 'token');
340
+ if (is_admin()) {
341
+ require_once(SG_PUBLIC_AJAX_PATH.'modalManualBackup.php');
342
+ }
343
  exit();
344
  }
345
 
512
 
513
  function backup_guard_import_key_file()
514
  {
515
+ check_ajax_referer('backupGuardAjaxNonce', 'token');
516
  require_once(SG_PUBLIC_AJAX_PATH.'importKeyFile.php');
517
  }
518
 
576
 
577
  function backup_guard_cloud_dropbox()
578
  {
579
+ check_ajax_referer('backupGuardAjaxNonce', 'token');
580
  require_once(SG_PUBLIC_AJAX_PATH.'cloudDropbox.php');
581
  }
582
 
587
 
588
  function backup_guard_cloud_amazon()
589
  {
590
+ check_ajax_referer('backupGuardAjaxNonce', 'token');
591
  require_once(SG_PUBLIC_AJAX_PATH.'cloudAmazon.php');
592
  }
593
 
594
  function backup_guard_cloud_gdrive()
595
  {
596
+ check_ajax_referer('backupGuardAjaxNonce', 'token');
597
  require_once(SG_PUBLIC_AJAX_PATH.'cloudGdrive.php');
598
  }
599
 
627
 
628
  function backup_guard_get_import_backup()
629
  {
630
+ check_ajax_referer('backupGuardAjaxNonce', 'token');
631
  require_once(SG_PUBLIC_AJAX_PATH.'importBackup.php');
632
  }
633
 
README.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://backup-guard.com/products/backup-wordpress
6
  Tags: backup, wordpress backup plugin, backup plugin, database backup, migrate, back up
7
  Requires at least: 3.8
8
  Tested up to: 5.4.2
9
- Stable tag: 1.3.9
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -157,6 +157,9 @@ When you are facing an issue of any kind with any of our products, the first thi
157
  6. Site backup customization
158
 
159
  == Changelog ==
 
 
 
160
  = 1.3.9 =
161
  * Admin side bug fixed
162
 
6
  Tags: backup, wordpress backup plugin, backup plugin, database backup, migrate, back up
7
  Requires at least: 3.8
8
  Tested up to: 5.4.2
9
+ Stable tag: 1.4.0
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
157
  6. Site backup customization
158
 
159
  == Changelog ==
160
+ = 1.4.0 =
161
+ * Plugin security improvements
162
+
163
  = 1.3.9 =
164
  * Admin side bug fixed
165
 
backup.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Backup
5
  * Plugin URI: https://backup-guard.com/products/backup-wordpress
6
  * Description: Backup Guard is the most complete site backup and restore plugin. We offer the easiest way to backup, restore or migrate your site. You can backup your files, database or both.
7
- * Version: 1.3.9
8
  * Author: BackupGuard
9
  * Author URI: https://backup-guard.com/products/backup-wordpress
10
  * License: GPL-2.0+
@@ -16,7 +16,7 @@ if (function_exists('activate_backup_guard')) {
16
  }
17
 
18
  if (!defined('SG_BACKUP_GUARD_VERSION')) {
19
- define('SG_BACKUP_GUARD_VERSION', '1.3.9');
20
  }
21
 
22
  if (!defined('SG_BACKUP_GUARD_MAIN_FILE')) {
4
  * Plugin Name: Backup
5
  * Plugin URI: https://backup-guard.com/products/backup-wordpress
6
  * Description: Backup Guard is the most complete site backup and restore plugin. We offer the easiest way to backup, restore or migrate your site. You can backup your files, database or both.
7
+ * Version: 1.4.0
8
  * Author: BackupGuard
9
  * Author URI: https://backup-guard.com/products/backup-wordpress
10
  * License: GPL-2.0+
16
  }
17
 
18
  if (!defined('SG_BACKUP_GUARD_VERSION')) {
19
+ define('SG_BACKUP_GUARD_VERSION', '1.4.0');
20
  }
21
 
22
  if (!defined('SG_BACKUP_GUARD_MAIN_FILE')) {
public/ajax/modalImport.php CHANGED
@@ -64,7 +64,7 @@
64
  <div class="col-lg-3">
65
  <span class="input-group-btn">
66
  <span class="btn btn-primary btn-file backup-browse-btn">
67
- <?php _backupGuardT('Browse')?>&hellip; <input class="sg-backup-upload-input" type="file" name="files[]" data-url="<?php echo admin_url('admin-ajax.php')."?action=backup_guard_importBackup" ?>" data-max-file-size="<?php echo backupGuardConvertToBytes($maxUploadSize.'B'); ?>">
68
  </span>
69
  </span>
70
  </div>
64
  <div class="col-lg-3">
65
  <span class="input-group-btn">
66
  <span class="btn btn-primary btn-file backup-browse-btn">
67
+ <?php _backupGuardT('Browse')?>&hellip; <input class="sg-backup-upload-input" type="file" name="files[]" data-url="<?php echo admin_url('admin-ajax.php')."?action=backup_guard_importBackup&token=".wp_create_nonce('backupGuardAjaxNonce') ?>" data-max-file-size="<?php echo backupGuardConvertToBytes($maxUploadSize.'B'); ?>">
68
  </span>
69
  </span>
70
  </div>
public/js/sgcloud.js CHANGED
@@ -47,6 +47,7 @@ sgBackup.importKeyFile = function(isFileSelected){
47
 
48
  var ajaxHandler = new sgRequestHandler(url, sguploadFile, {
49
  contentType: false,
 
50
  cache: false,
51
  xhr: function() { // Custom XMLHttpRequest
52
  var myXhr = jQuery.ajaxSettings.xhr();
@@ -117,7 +118,7 @@ sgBackup.initCloudSwitchButtons = function(){
117
  }
118
  }
119
  else {
120
- var ajaxHandler = new sgRequestHandler(url, {cancel: true});
121
  ajaxHandler.callback = function(response){
122
  jQuery('.sg-'+storage+'-user').remove();
123
  };
47
 
48
  var ajaxHandler = new sgRequestHandler(url, sguploadFile, {
49
  contentType: false,
50
+ token: BG_BACKUP_STRINGS.nonce,
51
  cache: false,
52
  xhr: function() { // Custom XMLHttpRequest
53
  var myXhr = jQuery.ajaxSettings.xhr();
118
  }
119
  }
120
  else {
121
+ var ajaxHandler = new sgRequestHandler(url, {cancel: true,token: BG_BACKUP_STRINGS.nonce });
122
  ajaxHandler.callback = function(response){
123
  jQuery('.sg-'+storage+'-user').remove();
124
  };