BackWPup – WordPress Backup Plugin - Version 3.4.2

Version Description

Download this release

Release Info

Developer cocreation
Plugin Icon 128x128 BackWPup – WordPress Backup Plugin
Version 3.4.2
Comparing to
See all releases

Code changes from version 3.4.1 to 3.4.2

Files changed (7) hide show
  1. backwpup.php +3 -18
  2. inc/class-destination-dropbox.php +13 -8
  3. inc/class-file.php +1 -1
  4. inc/class-job.php +25 -16
  5. inc/class-jobtype-wpexp.php +1 -1
  6. inc/class-option.php +18 -16
  7. readme.txt +22 -13
backwpup.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: WordPress Backup Plugin
6
  * Author: Inpsyde GmbH
7
  * Author URI: http://inpsyde.com
8
- * Version: 3.4.1
9
  * Text Domain: backwpup
10
  * Domain Path: /languages/
11
  * Network: true
@@ -130,26 +130,10 @@ if ( ! class_exists( 'BackWPup' ) ) {
130
  );
131
  $rate_us->initiate();
132
 
133
- $now = new DateTime();
134
- $end_discount = new DateTime( '2017-07-06' );
135
- if ( $now < $end_discount ) {
136
- $independence_day = new BackWPup_Admin_Notice(
137
- 'independence_day',
138
- esc_html__( 'Save Now!', 'backwpup' ),
139
- esc_html__( 'https://backwpup.com/?utm_source=BackWPup&utm_campaign=IndependenceDay&utm_medium=Link', 'backwpup' )
140
- );
141
- $independence_day->initiate();
142
- } else {
143
- $beta_tester = new BackWPup_Admin_Notice(
144
- 'beta_tester',
145
- esc_html__( 'Join Us as a Beta Tester', 'backwpup' ),
146
- esc_html__( 'https://backwpup.com/become-backwpup-beta-tester/', 'backwpup' )
147
- );
148
- $beta_tester->initiate();
149
- }
150
  }
151
 
152
  // Phone Home
 
153
  require_once dirname( __FILE__ ) . '/vendor/inpsyde/phone-home-client/inc/autoload.php';
154
  Inpsyde_PhoneHome_FrontController::initialize_for_network(
155
  'BackWPup',
@@ -163,6 +147,7 @@ if ( ! class_exists( 'BackWPup' ) ) {
163
  Inpsyde_PhoneHome_Configuration::SERVER_ADDRESS => 'https://backwpup.com/wp-json',
164
  )
165
  );
 
166
 
167
  }
168
 
5
  * Description: WordPress Backup Plugin
6
  * Author: Inpsyde GmbH
7
  * Author URI: http://inpsyde.com
8
+ * Version: 3.4.2
9
  * Text Domain: backwpup
10
  * Domain Path: /languages/
11
  * Network: true
130
  );
131
  $rate_us->initiate();
132
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
133
  }
134
 
135
  // Phone Home
136
+ /*
137
  require_once dirname( __FILE__ ) . '/vendor/inpsyde/phone-home-client/inc/autoload.php';
138
  Inpsyde_PhoneHome_FrontController::initialize_for_network(
139
  'BackWPup',
147
  Inpsyde_PhoneHome_Configuration::SERVER_ADDRESS => 'https://backwpup.com/wp-json',
148
  )
149
  );
150
+ */
151
 
152
  }
153
 
inc/class-destination-dropbox.php CHANGED
@@ -979,9 +979,14 @@ final class BackWPup_Destination_Dropbox_API {
979
  }
980
  else {
981
  curl_setopt( $ch, CURLOPT_HEADER, true );
982
- $responce = explode( "\r\n\r\n", curl_exec( $ch ), 2 );
983
- if ( ! empty( $responce[1] ) ) {
984
- $output = json_decode( $responce[1], true );
 
 
 
 
 
985
  }
986
  }
987
  $status = curl_getinfo( $ch );
@@ -992,7 +997,7 @@ final class BackWPup_Destination_Dropbox_API {
992
  // Code 429 = rate limited
993
  if ( $status['http_code'] == 429 ) {
994
  $wait = 0;
995
- if ( preg_match( "/retry-after:\s*(.*?)\r/i", $responce[0], $matches ) ) {
996
  $wait = trim( $matches[1] );
997
  }
998
  //only wait if we get a retry-after header.
@@ -1015,7 +1020,7 @@ final class BackWPup_Destination_Dropbox_API {
1015
  $code = 0;
1016
  }
1017
  elseif ( $status['http_code'] == 400 ) {
1018
- $message = '(400) Bad input parameter: ' . strip_tags( $responce[1] );
1019
  }
1020
  elseif ( $status['http_code'] == 401 ) {
1021
  $message = '(401) Bad or expired token. This can happen if the user or Dropbox revoked or expired an access token. To fix, you should re-authenticate the user.';
@@ -1030,14 +1035,14 @@ final class BackWPup_Destination_Dropbox_API {
1030
  $message = '(' . $status['http_code'] . ') Invalid response.';
1031
  }
1032
  if ( $this->job_object && $this->job_object->is_debug() ) {
1033
- $this->job_object->log( 'Response with header: ' . $responce[0] );
1034
  }
1035
  throw new BackWPup_Destination_Dropbox_API_Request_Exception( $message, $code, null, isset( $output['error'] ) ? $output['error'] : null );
1036
  }
1037
  else {
1038
  curl_close( $ch );
1039
  if ( ! is_array( $output ) ) {
1040
- return $responce[1];
1041
  }
1042
  else {
1043
  return $output;
@@ -1054,7 +1059,7 @@ final class BackWPup_Destination_Dropbox_API {
1054
  */
1055
  private function formatPath( $path ) {
1056
  if ( ! empty( $path ) && substr( $path, 0, 1 ) != '/' ) {
1057
- $path = "/$path";
1058
  }
1059
  elseif ( $path == '/' ) {
1060
  $path = '';
979
  }
980
  else {
981
  curl_setopt( $ch, CURLOPT_HEADER, true );
982
+ $response = curl_exec( $ch );
983
+ if ( stripos( $response, "HTTP/1.0 200 Connection established\r\n\r\n" ) !== false ) {
984
+ $response = str_ireplace( "HTTP/1.0 200 Connection established\r\n\r\n", '', $response );
985
+ }
986
+ $response = explode( "\r\n\r\n", $response, 2 );
987
+
988
+ if ( ! empty( $response[1] ) ) {
989
+ $output = json_decode( $response[1], true );
990
  }
991
  }
992
  $status = curl_getinfo( $ch );
997
  // Code 429 = rate limited
998
  if ( $status['http_code'] == 429 ) {
999
  $wait = 0;
1000
+ if ( preg_match( "/retry-after:\s*(.*?)\r/i", $response[0], $matches ) ) {
1001
  $wait = trim( $matches[1] );
1002
  }
1003
  //only wait if we get a retry-after header.
1020
  $code = 0;
1021
  }
1022
  elseif ( $status['http_code'] == 400 ) {
1023
+ $message = '(400) Bad input parameter: ' . strip_tags( $response[1] );
1024
  }
1025
  elseif ( $status['http_code'] == 401 ) {
1026
  $message = '(401) Bad or expired token. This can happen if the user or Dropbox revoked or expired an access token. To fix, you should re-authenticate the user.';
1035
  $message = '(' . $status['http_code'] . ') Invalid response.';
1036
  }
1037
  if ( $this->job_object && $this->job_object->is_debug() ) {
1038
+ $this->job_object->log( 'Response with header: ' . $response[0] );
1039
  }
1040
  throw new BackWPup_Destination_Dropbox_API_Request_Exception( $message, $code, null, isset( $output['error'] ) ? $output['error'] : null );
1041
  }
1042
  else {
1043
  curl_close( $ch );
1044
  if ( ! is_array( $output ) ) {
1045
+ return $response[1];
1046
  }
1047
  else {
1048
  return $output;
1059
  */
1060
  private function formatPath( $path ) {
1061
  if ( ! empty( $path ) && substr( $path, 0, 1 ) != '/' ) {
1062
+ $path = '/' . rtrim( $path, '/' );
1063
  }
1064
  elseif ( $path == '/' ) {
1065
  $path = '';
inc/class-file.php CHANGED
@@ -48,7 +48,7 @@ class BackWPup_File {
48
  $file = trailingslashit( strtolower( str_replace( '\\', '/', $file ) ) );
49
 
50
  foreach ( $open_base_dirs as $open_base_dir ) {
51
- if ( empty( $open_base_dir ) ) {
52
  continue;
53
  }
54
  $open_base_dir = realpath( $open_base_dir );
48
  $file = trailingslashit( strtolower( str_replace( '\\', '/', $file ) ) );
49
 
50
  foreach ( $open_base_dirs as $open_base_dir ) {
51
+ if ( empty( $open_base_dir ) || ! realpath( $open_base_dir ) ) {
52
  continue;
53
  }
54
  $open_base_dir = realpath( $open_base_dir );
inc/class-job.php CHANGED
@@ -628,8 +628,22 @@ final class BackWPup_Job {
628
  * @return bool
629
  */
630
  public function owns_backup_archive( $file ) {
631
- $prefix = BackWPup_Option::get_archive_name_prefix( $this->job['jobid'] );
632
- return substr( basename( $file ), 0, strlen( $prefix ) ) == $prefix;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
633
  }
634
 
635
 
@@ -2510,20 +2524,15 @@ final class BackWPup_Job {
2510
  '([0-5][0-9])',
2511
  '([0-5][0-9])'
2512
  );
2513
-
2514
- $regex = "/^" .
2515
- str_replace(
2516
- $datevars,
2517
- $dateregex,
2518
- preg_quote(
2519
- self::sanitize_file_name(
2520
- BackWPup_Option::normalize_archive_name(
2521
- $this->job['archivename'],
2522
- $this->job['jobid']
2523
- )
2524
- )
2525
- )
2526
- ) . "$/i";
2527
 
2528
  preg_match( $regex, $filename, $matches );
2529
  if ( ! empty( $matches[0] ) && $matches[0] === $filename ) {
628
  * @return bool
629
  */
630
  public function owns_backup_archive( $file ) {
631
+ $parts = explode( '_', $file );
632
+ if ( $parts[0] != 'backwpup' ) {
633
+ return false;
634
+ }
635
+
636
+ $data = base_convert( $parts[1], 36, 16 );
637
+
638
+ if ( strpos( $data, BackWPup::get_plugin_data( 'hash' ) ) === false ) {
639
+ return false;
640
+ }
641
+
642
+ if ( intval( substr( $data, -2 ) ) != $this->job['jobid'] ) {
643
+ return false;
644
+ }
645
+
646
+ return true;
647
  }
648
 
649
 
2524
  '([0-5][0-9])',
2525
  '([0-5][0-9])'
2526
  );
2527
+
2528
+ $regex_part = self::sanitize_file_name(
2529
+ BackWPup_Option::normalize_archive_name( $this->job['archivename'],
2530
+ $this->job['jobid'] ) );
2531
+ $regex_part = preg_quote( $regex_part );
2532
+ $regex_part = str_replace( $datevars, $dateregex, $regex_part );
2533
+ $regex_part = preg_replace( '/^backwpup_[^_]+_/', 'backwpup_[^_]+_', $regex_part );
2534
+
2535
+ $regex = "/^" . $regex_part . "$/i";
 
 
 
 
 
2536
 
2537
  preg_match( $regex, $filename, $matches );
2538
  if ( ! empty( $matches[0] ) && $matches[0] === $filename ) {
inc/class-jobtype-wpexp.php CHANGED
@@ -408,7 +408,7 @@ class BackWPup_JobType_WPEXP extends BackWPup_JobTypes {
408
  $old_value = NULL;
409
  if ( function_exists( 'libxml_disable_entity_loader' ) )
410
  $old_value = libxml_disable_entity_loader( TRUE );
411
- $success = $dom->loadXML( file_get_contents( $job_object->steps_data[ $job_object->step_working ]['wpexportfile'] ) );
412
  if ( ! is_null( $old_value ) )
413
  libxml_disable_entity_loader( $old_value );
414
 
408
  $old_value = NULL;
409
  if ( function_exists( 'libxml_disable_entity_loader' ) )
410
  $old_value = libxml_disable_entity_loader( TRUE );
411
+ $success = $dom->loadXML( file_get_contents( $job_object->steps_data[ $job_object->step_working ]['wpexportfile'] ), LIBXML_PARSEHUGE );
412
  if ( ! is_null( $old_value ) )
413
  libxml_disable_entity_loader( $old_value );
414
 
inc/class-option.php CHANGED
@@ -328,33 +328,33 @@ final class BackWPup_Option {
328
  */
329
  public static function normalize_archive_name( $archive_name, $jobid ) {
330
  $hash = BackWPup::get_plugin_data( 'hash' );
 
 
331
 
332
  // If name starts with 'backwpup', then we can try to parse
333
  if ( substr( $archive_name, 0, 8 ) == 'backwpup' ) {
334
  $parts = explode( '_', $archive_name );
335
-
336
- // Format = [hash][jobid]
337
- if ( preg_match( '/^' . preg_quote( $hash ) . '(\d{2,})?$/', $parts[1], $matches ) ) {
338
- // Was job id included?
339
- if ( ! isset( $matches[1] ) ) {
340
- // Append the job id
341
- $parts[1] .= sprintf( '%02d', $jobid );
342
- }
343
- elseif ( $matches[1] != $jobid ) {
344
- // This isn't the job ID you're looking for
345
- // So fix, append the correct one
346
- $parts[1] = $hash . sprintf( '%02d', $jobid );
347
- }
348
  }
349
  else {
350
  // Hash not included, so insert
351
- array_splice( $parts, 1, 0, $hash . sprintf( '%02d', $jobid ) );
 
352
  }
353
  return implode( '_', $parts );
354
  }
355
  else {
356
  // But otherwise, just prepend required format
357
- return "backwpup_$hash" . sprintf( '%02d', $jobid ) . '_' . $archive_name;
 
 
358
  }
359
  }
360
 
@@ -366,7 +366,9 @@ final class BackWPup_Option {
366
  * @return string
367
  */
368
  public static function get_archive_name_prefix( $jobid ) {
369
- return 'backwpup_' . BackWPup::get_plugin_data( 'hash' ) . sprintf( '%02d', $jobid ) . '_';
 
 
370
  }
371
 
372
  }
328
  */
329
  public static function normalize_archive_name( $archive_name, $jobid ) {
330
  $hash = BackWPup::get_plugin_data( 'hash' );
331
+ $prefix = dechex( mt_rand( 0, 255 ) );
332
+ $suffix = dechex( mt_rand( 0, 255 ) );
333
 
334
  // If name starts with 'backwpup', then we can try to parse
335
  if ( substr( $archive_name, 0, 8 ) == 'backwpup' ) {
336
  $parts = explode( '_', $archive_name );
337
+
338
+ // Decode hash part
339
+ if ( strpos( $parts[1], $hash ) === false ) {
340
+ $parts[1] = base_convert($parts[1], 36, 16);
341
+ }
342
+ if ( strpos( $parts[1], $hash ) !== false ) {
343
+ $parts[1] = sprintf( '%s%s%s%02d', $prefix, $hash, $suffix, $jobid );
344
+ $parts[1] = base_convert( $parts[1], 16, 36 );
 
 
 
 
 
345
  }
346
  else {
347
  // Hash not included, so insert
348
+ array_splice( $parts, 1, 0,
349
+ base_convert( sprintf( '%s%s%s%02d', $prefix, $hash, $suffix, $jobid ), 16, 36 ) );
350
  }
351
  return implode( '_', $parts );
352
  }
353
  else {
354
  // But otherwise, just prepend required format
355
+ return 'backwpup_' .
356
+ base_convert( "{$prefix}{$hash}{$suffix}" . sprintf( '%02d', $jobid ), 16, 36 ) .
357
+ '_' . $archive_name;
358
  }
359
  }
360
 
366
  * @return string
367
  */
368
  public static function get_archive_name_prefix( $jobid ) {
369
+ return 'backwpup_' .
370
+ base_convert( dechex( mt_rand( 0, 255 ) ) . BackWPup::get_plugin_data( 'hash' ) .
371
+ dechex( mt_rand( 0, 255 ) ) . sprintf( '%02d', $jobid ), 16, 36 ) . '_';
372
  }
373
 
374
  }
readme.txt CHANGED
@@ -1,21 +1,18 @@
1
  === BackWPup - WordPress Backup Plugin ===
2
- Contributors: inpsyde, cocreation, danielhuesken, Bueltge, nullbyte, duongcuong96
3
  Tags: Amazon, Amazon S3, back up, backup, chinese, cloud, cloud files, database, db backup, dropbox, dump, file, french, ftp, ftps, german, migrate, multisite, russian, schedule, sftp, storage, S3, time, upload, xml
4
  Requires at least: 3.9
5
- Tested up to: 4.8
6
- Stable tag: 3.4.1
 
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
10
  Schedule complete automatic backups of your WordPress installation. Decide which content will be stored (Dropbox, S3…). This is the free version
11
 
12
- == Independence Day Sale ==
13
-
14
- Get your 30% Independence Day discount for BackWPup Pro! Only available until July 5th, 2017. [Save Now](https://backwpup.com/)
15
-
16
  == Description ==
17
 
18
- The **backup plugin** **[BackWPup](http://backwpup.com/)** can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like **Dropbox**, **S3**, **FTP** and many more, see list below. With a single backup .zip file you are able to easily restore an installation. Please understand: this free version will not be supported as good as the [BackWPup Pro version](http://backwpup.com). With our premium version you get first class support and more features.
19
 
20
 
21
  * Database Backup *(needs mysqli)*
@@ -36,10 +33,10 @@ The **backup plugin** **[BackWPup](http://backwpup.com/)** can be used to save y
36
  * PRO: Store backup to Google Drive *(needs PHP 5.3.3, curl)*
37
  * Send logs and backups by email
38
  * Multi-site support only as network admin
39
- * Pro version and support available - [BackWPup Pro](http://backwpup.com)
40
 
41
  = Requirements =
42
- * WordPress 3.9 and PHP 5.3 required!
43
  * To use the Plugin with full functionality PHP 5.3.3 with mysqli, FTP,gz, bz2, ZipArchive and curl is needed.
44
  * Plugin functions that don't work because of your server settings, will not be displayed in admin area.
45
 
@@ -53,9 +50,9 @@ https://www.youtube.com/watch?v=pECMkLE27QQ&w=532&rel=0
53
 
54
  **Remember: The most expensive backup is the one you never did! And please test your backups!**
55
 
56
- Get the [BackWPup Pro](http://backwpup.com) Version with more features.
57
 
58
- **Made by [Inpsyde](http://inpsyde.com) &middot; We love WordPress**
59
 
60
  == Frequently Asked Questions ==
61
 
@@ -104,7 +101,7 @@ Please set CHMOD 775 on the /wp-content/ directory and refresh the BackWPup dash
104
 
105
 
106
  = How do I restore a backup? =
107
- Up to now, there is no feature in BackWPup to restore a backup. But we are eagerly working on a restore functionality, which is in beta right now. If you like to participate to test the restore feature, please [write an email](mailto:info@inpsyde.com). Meanwhile you can follow [these instructions from the WordPress Codex](http://codex.wordpress.org/Restoring_Your_Database_From_Backup) or [this tutorial (also Codex)](http://codex.wordpress.org/WordPress_Backups) for more detailed information on cPanel, Plesk, vDeck and others.
108
 
109
 
110
  = When I edit a job the Files tab loads forever. =
@@ -161,6 +158,18 @@ Yes. You need to have writing access to the wp-config.php file (usually residing
161
  [You can find a detailed tutorial in the BackWPup documentation.](http://docs.backwpup.com/article/118-install-backwpup)
162
 
163
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
164
  = Version 3.4.1 =
165
  * Check if file is dot to prevent open_basedir warning.
166
  * Only display Dropbox upload progress in debug mode.
1
  === BackWPup - WordPress Backup Plugin ===
2
+ Contributors: inpsyde, cocreation, danielhuesken, Bueltge, nullbyte
3
  Tags: Amazon, Amazon S3, back up, backup, chinese, cloud, cloud files, database, db backup, dropbox, dump, file, french, ftp, ftps, german, migrate, multisite, russian, schedule, sftp, storage, S3, time, upload, xml
4
  Requires at least: 3.9
5
+ Tested up to: 4.8.2
6
+ Requires PHP: 5.3
7
+ Stable tag: 3.4.2
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
11
  Schedule complete automatic backups of your WordPress installation. Decide which content will be stored (Dropbox, S3…). This is the free version
12
 
 
 
 
 
13
  == Description ==
14
 
15
+ The **backup plugin** **[BackWPup](https://backwpup.com/)** can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like **Dropbox**, **S3**, **FTP** and many more, see list below. With a single backup .zip file you are able to easily restore an installation. Please understand: this free version will not be supported as good as the [BackWPup Pro version](https://backwpup.com). With our premium version you get first class support and more features.
16
 
17
 
18
  * Database Backup *(needs mysqli)*
33
  * PRO: Store backup to Google Drive *(needs PHP 5.3.3, curl)*
34
  * Send logs and backups by email
35
  * Multi-site support only as network admin
36
+ * Pro version and support available - [BackWPup Pro](https://backwpup.com)
37
 
38
  = Requirements =
39
+ * WordPress 3.9 and PHP 5.3 required! (read more about [recommended php version and why you should switch to modern php](https://inpsyde.com/en/wordpress-recommended-php-version-update-php))
40
  * To use the Plugin with full functionality PHP 5.3.3 with mysqli, FTP,gz, bz2, ZipArchive and curl is needed.
41
  * Plugin functions that don't work because of your server settings, will not be displayed in admin area.
42
 
50
 
51
  **Remember: The most expensive backup is the one you never did! And please test your backups!**
52
 
53
+ Get the [BackWPup Pro](https://backwpup.com) Version with more features.
54
 
55
+ **Made by [Inpsyde](https://inpsyde.com) &middot; We love WordPress**
56
 
57
  == Frequently Asked Questions ==
58
 
101
 
102
 
103
  = How do I restore a backup? =
104
+ Up to now, there is no feature in BackWPup to restore a backup. But we are eagerly working on a restore functionality, which is in beta right now. If you like to participate to test the restore feature, please [write an email](mailto:betatest@backwpup.com). Meanwhile you can follow [these instructions from the BackWPup documentation](http://docs.backwpup.com/article/127-how-to-restore-a-wordpress-backup) or [this tutorial (from WordPress Codex)](http://codex.wordpress.org/WordPress_Backups) for more detailed information on cPanel, Plesk, vDeck and others.
105
 
106
 
107
  = When I edit a job the Files tab loads forever. =
158
  [You can find a detailed tutorial in the BackWPup documentation.](http://docs.backwpup.com/article/118-install-backwpup)
159
 
160
  == Changelog ==
161
+ = Version 3.4.2 =
162
+ * Fixed: Security issue to prevent backups from being seen by others.
163
+ * Fixed: Only one admin notice shown at a time.
164
+ * Improved: Better support for large XML files.
165
+ * Fixed: Remove user roles on uninstall.
166
+ * Fixed: S3 parse URL issue
167
+ * Fixed: open_basedir warning from looking for mysqldump
168
+ * Fixed: Dropbox sync fails because of case sensitivity
169
+ * Fixed: Dropbox sync sometimes deletes synced files
170
+ * Fixed: Dropbox fails when user uses proxy
171
+ * Improved: German formal and chinese translation for PRO
172
+
173
  = Version 3.4.1 =
174
  * Check if file is dot to prevent open_basedir warning.
175
  * Only display Dropbox upload progress in debug mode.