Version Description
- 12-14-2022 =
- Fixed: An issue with repeating Non-MainWP changes
- Updated: PHP 8.1 compatibility improvements
- Preventative: Multiple security enhancements
Download this release
Release Info
| Developer | mainwp |
| Plugin |  MainWP Child |
| Version | 4.3.1 |
| Comparing to | |
| See all releases | |
Code changes from version 4.3.0.1 to 4.3.1
- class/class-mainwp-backup.php +20 -52
- class/class-mainwp-child-actions.php +1 -1
- class/class-mainwp-child-back-up-buddy.php +4 -4
- class/class-mainwp-child-back-up-wordpress.php +2 -2
- class/class-mainwp-child-branding.php +1 -1
- class/class-mainwp-child-bulk-settings-manager.php +13 -0
- class/class-mainwp-child-cache-purge.php +6 -3
- class/class-mainwp-child-install.php +3 -3
- class/class-mainwp-child-ithemes-security.php +2 -2
- class/class-mainwp-child-pagespeed.php +1 -3
- class/class-mainwp-child-plugins-check.php +2 -1
- class/class-mainwp-child-posts.php +49 -33
- class/class-mainwp-child-themes-check.php +2 -2
- class/class-mainwp-child-timecapsule.php +15 -15
- class/class-mainwp-child-updraft-plus-backups.php +3 -9
- class/class-mainwp-child-users.php +3 -3
- class/class-mainwp-child-wordfence.php +6 -219
- class/class-mainwp-child-wp-rocket.php +1 -1
- class/class-mainwp-child.php +1 -1
- class/class-mainwp-client-report-base.php +1 -1
- class/class-mainwp-client-report.php +2 -2
- class/class-mainwp-clone-install.php +1 -6
- class/class-mainwp-clone.php +0 -3
- class/class-mainwp-custom-post-type.php +2 -5
- class/class-mainwp-helper.php +1 -6
- class/class-mainwp-utility.php +7 -9
- class/class-tar-archiver.php +12 -27
- includes/functions.php +9 -0
- mainwp-child.php +1 -1
- readme.txt +7 -1
class/class-mainwp-backup.php
CHANGED
|
@@ -878,35 +878,17 @@ class MainWP_Backup {
|
|
| 878 |
$themes[] = $entry;
|
| 879 |
}
|
| 880 |
closedir( $fh );
|
| 881 |
-
|
| 882 |
-
|
| 883 |
-
|
| 884 |
-
|
| 885 |
-
|
| 886 |
-
|
| 887 |
-
|
| 888 |
-
|
| 889 |
-
|
| 890 |
-
|
| 891 |
-
|
| 892 |
-
)
|
| 893 |
-
);
|
| 894 |
-
} else {
|
| 895 |
-
$string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Safe requst, required for backwards compatibility.
|
| 896 |
-
serialize( // phpcs:ignore -- Safe requst, required for backwards compatibility.
|
| 897 |
-
array(
|
| 898 |
-
'siteurl' => get_option( 'siteurl' ),
|
| 899 |
-
'home' => get_option( 'home' ),
|
| 900 |
-
'abspath' => ABSPATH,
|
| 901 |
-
'prefix' => $wpdb->prefix,
|
| 902 |
-
'lang' => defined( 'WPLANG' ) ? WPLANG : '',
|
| 903 |
-
'plugins' => $plugins,
|
| 904 |
-
'themes' => $themes,
|
| 905 |
-
)
|
| 906 |
-
)
|
| 907 |
-
);
|
| 908 |
-
}
|
| 909 |
-
|
| 910 |
$this->add_file_from_string_to_zip( 'clone/config.txt', $string );
|
| 911 |
}
|
| 912 |
|
|
@@ -1049,29 +1031,15 @@ class MainWP_Backup {
|
|
| 1049 |
*/
|
| 1050 |
global $wpdb;
|
| 1051 |
|
| 1052 |
-
|
| 1053 |
-
|
| 1054 |
-
|
| 1055 |
-
|
| 1056 |
-
|
| 1057 |
-
|
| 1058 |
-
|
| 1059 |
-
|
| 1060 |
-
|
| 1061 |
-
);
|
| 1062 |
-
} else {
|
| 1063 |
-
$string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Safe requst, required for backwards compatibility.
|
| 1064 |
-
serialize( // phpcs:ignore -- Safe requst, required for backwards compatibility.
|
| 1065 |
-
array(
|
| 1066 |
-
'siteurl' => get_option( 'siteurl' ),
|
| 1067 |
-
'home' => get_option( 'home' ),
|
| 1068 |
-
'abspath' => ABSPATH,
|
| 1069 |
-
'prefix' => $wpdb->prefix,
|
| 1070 |
-
'lang' => WPLANG,
|
| 1071 |
-
)
|
| 1072 |
-
)
|
| 1073 |
-
);
|
| 1074 |
-
}
|
| 1075 |
|
| 1076 |
$this->add_file_from_string_to_pcl_zip( 'clone/config.txt', $string, $filepath );
|
| 1077 |
}
|
| 878 |
$themes[] = $entry;
|
| 879 |
}
|
| 880 |
closedir( $fh );
|
| 881 |
+
$string = wp_json_encode(
|
| 882 |
+
array(
|
| 883 |
+
'siteurl' => get_option( 'siteurl' ),
|
| 884 |
+
'home' => get_option( 'home' ),
|
| 885 |
+
'abspath' => ABSPATH,
|
| 886 |
+
'prefix' => $wpdb->prefix,
|
| 887 |
+
'lang' => defined( 'WPLANG' ) ? WPLANG : '',
|
| 888 |
+
'plugins' => $plugins,
|
| 889 |
+
'themes' => $themes,
|
| 890 |
+
)
|
| 891 |
+
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 892 |
$this->add_file_from_string_to_zip( 'clone/config.txt', $string );
|
| 893 |
}
|
| 894 |
|
| 1031 |
*/
|
| 1032 |
global $wpdb;
|
| 1033 |
|
| 1034 |
+
$string = wp_json_encode(
|
| 1035 |
+
array(
|
| 1036 |
+
'siteurl' => get_option( 'siteurl' ),
|
| 1037 |
+
'home' => get_option( 'home' ),
|
| 1038 |
+
'abspath' => ABSPATH,
|
| 1039 |
+
'prefix' => $wpdb->prefix,
|
| 1040 |
+
'lang' => WPLANG,
|
| 1041 |
+
)
|
| 1042 |
+
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1043 |
|
| 1044 |
$this->add_file_from_string_to_pcl_zip( 'clone/config.txt', $string, $filepath );
|
| 1045 |
}
|
class/class-mainwp-child-actions.php
CHANGED
|
@@ -736,7 +736,7 @@ class MainWP_Child_Actions {
|
|
| 736 |
'meta_data' => $other_meta,
|
| 737 |
'new' => $new_action,
|
| 738 |
);
|
| 739 |
-
$index =
|
| 740 |
$this->update_actions_data( $index, $recordarr );
|
| 741 |
|
| 742 |
if ( 1 === $new_action ) {
|
| 736 |
'meta_data' => $other_meta,
|
| 737 |
'new' => $new_action,
|
| 738 |
);
|
| 739 |
+
$index = time() . rand( 1000, 9999 ); // phpcs:ignore -- ok for index.
|
| 740 |
$this->update_actions_data( $index, $recordarr );
|
| 741 |
|
| 742 |
if ( 1 === $new_action ) {
|
class/class-mainwp-child-back-up-buddy.php
CHANGED
|
@@ -631,7 +631,7 @@ class MainWP_Child_Back_Up_Buddy {
|
|
| 631 |
'backup_nonwp_tables',
|
| 632 |
);
|
| 633 |
|
| 634 |
-
$settings =
|
| 635 |
|
| 636 |
$save_settings = array();
|
| 637 |
|
|
@@ -853,7 +853,7 @@ class MainWP_Child_Back_Up_Buddy {
|
|
| 853 |
*/
|
| 854 |
public function save_scheduled_backup() {
|
| 855 |
$schedule_id = intval( $_POST['schedule_id'] );
|
| 856 |
-
$schedule =
|
| 857 |
|
| 858 |
if ( ! is_array( $schedule ) ) {
|
| 859 |
return array( 'error' => __( 'Invalid schedule data', 'mainwp-child' ) );
|
|
@@ -894,7 +894,7 @@ class MainWP_Child_Back_Up_Buddy {
|
|
| 894 |
*/
|
| 895 |
public function save_profile() {
|
| 896 |
$profile_id = isset( $_POST['profile_id'] ) ? sanitize_text_field( wp_unslash( $_POST['profile_id'] ) ) : 0;
|
| 897 |
-
$profile =
|
| 898 |
|
| 899 |
if ( ! is_array( $profile ) ) {
|
| 900 |
return array( 'error' => __( 'Invalid profile data', 'mainwp-child' ) );
|
|
@@ -2791,7 +2791,7 @@ class MainWP_Child_Back_Up_Buddy {
|
|
| 2791 |
$scan = array();
|
| 2792 |
$continue_2 = false;
|
| 2793 |
} else {
|
| 2794 |
-
$scan = maybe_unserialize( $scan );
|
| 2795 |
}
|
| 2796 |
}
|
| 2797 |
\pb_backupbuddy::$ui->end_metabox();
|
| 631 |
'backup_nonwp_tables',
|
| 632 |
);
|
| 633 |
|
| 634 |
+
$settings = json_decode( base64_decode( wp_unslash( $_POST['options'] ) ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 635 |
|
| 636 |
$save_settings = array();
|
| 637 |
|
| 853 |
*/
|
| 854 |
public function save_scheduled_backup() {
|
| 855 |
$schedule_id = intval( $_POST['schedule_id'] );
|
| 856 |
+
$schedule = json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 857 |
|
| 858 |
if ( ! is_array( $schedule ) ) {
|
| 859 |
return array( 'error' => __( 'Invalid schedule data', 'mainwp-child' ) );
|
| 894 |
*/
|
| 895 |
public function save_profile() {
|
| 896 |
$profile_id = isset( $_POST['profile_id'] ) ? sanitize_text_field( wp_unslash( $_POST['profile_id'] ) ) : 0;
|
| 897 |
+
$profile = json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 898 |
|
| 899 |
if ( ! is_array( $profile ) ) {
|
| 900 |
return array( 'error' => __( 'Invalid profile data', 'mainwp-child' ) );
|
| 2791 |
$scan = array();
|
| 2792 |
$continue_2 = false;
|
| 2793 |
} else {
|
| 2794 |
+
$scan = maybe_unserialize( $scan ); // safe third party scan result.
|
| 2795 |
}
|
| 2796 |
}
|
| 2797 |
\pb_backupbuddy::$ui->end_metabox();
|
class/class-mainwp-child-back-up-wordpress.php
CHANGED
|
@@ -1253,7 +1253,7 @@ class MainWP_Child_Back_Up_WordPress {
|
|
| 1253 |
*/
|
| 1254 |
public function update_schedule() {
|
| 1255 |
$sch_id = isset( $_POST['schedule_id'] ) ? sanitize_text_field( rawurldecode( wp_unslash( $_POST['schedule_id'] ) ) ) : 0;
|
| 1256 |
-
$options = isset( $_POST['options'] ) ?
|
| 1257 |
|
| 1258 |
if ( ! is_array( $options ) || empty( $options ) || empty( $sch_id ) ) {
|
| 1259 |
return array( 'error' => __( 'Schedule data', 'mainwp-child' ) );
|
|
@@ -1311,7 +1311,7 @@ class MainWP_Child_Back_Up_WordPress {
|
|
| 1311 |
* @return array Action result.
|
| 1312 |
*/
|
| 1313 |
public function save_all_schedules() {
|
| 1314 |
-
$schedules = isset( $_POST['all_schedules'] ) ?
|
| 1315 |
|
| 1316 |
if ( ! is_array( $schedules ) || empty( $schedules ) ) {
|
| 1317 |
return array( 'error' => __( 'Schedule data', 'mainwp-child' ) );
|
| 1253 |
*/
|
| 1254 |
public function update_schedule() {
|
| 1255 |
$sch_id = isset( $_POST['schedule_id'] ) ? sanitize_text_field( rawurldecode( wp_unslash( $_POST['schedule_id'] ) ) ) : 0;
|
| 1256 |
+
$options = isset( $_POST['options'] ) ? json_decode( base64_decode( wp_unslash( $_POST['options'] ) ), true ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1257 |
|
| 1258 |
if ( ! is_array( $options ) || empty( $options ) || empty( $sch_id ) ) {
|
| 1259 |
return array( 'error' => __( 'Schedule data', 'mainwp-child' ) );
|
| 1311 |
* @return array Action result.
|
| 1312 |
*/
|
| 1313 |
public function save_all_schedules() {
|
| 1314 |
+
$schedules = isset( $_POST['all_schedules'] ) ? json_decode( base64_decode( wp_unslash( $_POST['all_schedules'] ) ), true ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1315 |
|
| 1316 |
if ( ! is_array( $schedules ) || empty( $schedules ) ) {
|
| 1317 |
return array( 'error' => __( 'Schedule data', 'mainwp-child' ) );
|
class/class-mainwp-child-branding.php
CHANGED
|
@@ -227,7 +227,7 @@ class MainWP_Child_Branding {
|
|
| 227 |
*/
|
| 228 |
public function update_branding() {
|
| 229 |
$information = array();
|
| 230 |
-
$settings = isset( $_POST['settings'] ) ?
|
| 231 |
if ( ! is_array( $settings ) ) {
|
| 232 |
return $information;
|
| 233 |
}
|
| 227 |
*/
|
| 228 |
public function update_branding() {
|
| 229 |
$information = array();
|
| 230 |
+
$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Required for bacwards compatibility.
|
| 231 |
if ( ! is_array( $settings ) ) {
|
| 232 |
return $information;
|
| 233 |
}
|
class/class-mainwp-child-bulk-settings-manager.php
CHANGED
|
@@ -147,6 +147,11 @@ class MainWP_Child_Bulk_Settings_Manager {
|
|
| 147 |
),
|
| 148 |
);
|
| 149 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 150 |
if ( isset( $args['get'] ) ) {
|
| 151 |
$get_args = $args['get'];
|
| 152 |
parse_str( $args['get'], $get_args );
|
|
@@ -159,6 +164,10 @@ class MainWP_Child_Bulk_Settings_Manager {
|
|
| 159 |
$get_args['bulk_settings_manageruse_nonce_key'] = intval( time() );
|
| 160 |
$get_args['bulk_settings_manageruse_nonce_hmac'] = hash_hmac( 'sha256', $get_args['bulk_settings_manageruse_nonce_key'], NONCE_KEY );
|
| 161 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 162 |
$good_nonce = null;
|
| 163 |
if ( isset( $args['nonce'] ) && ! empty( $args['nonce'] ) ) {
|
| 164 |
parse_str( $args['nonce'], $temp_nonce );
|
|
@@ -176,6 +185,10 @@ class MainWP_Child_Bulk_Settings_Manager {
|
|
| 176 |
$temp_post = array_merge( $temp_post, $good_nonce );
|
| 177 |
}
|
| 178 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 179 |
$post_args['body'] = $temp_post;
|
| 180 |
}
|
| 181 |
|
| 147 |
),
|
| 148 |
);
|
| 149 |
|
| 150 |
+
$skip_invalid_nonce = false;
|
| 151 |
+
if ( isset( $_REQUEST['skip_invalid_nonce'] ) && ! empty( $_REQUEST['skip_invalid_nonce'] ) ) {
|
| 152 |
+
$skip_invalid_nonce = true;
|
| 153 |
+
}
|
| 154 |
+
|
| 155 |
if ( isset( $args['get'] ) ) {
|
| 156 |
$get_args = $args['get'];
|
| 157 |
parse_str( $args['get'], $get_args );
|
| 164 |
$get_args['bulk_settings_manageruse_nonce_key'] = intval( time() );
|
| 165 |
$get_args['bulk_settings_manageruse_nonce_hmac'] = hash_hmac( 'sha256', $get_args['bulk_settings_manageruse_nonce_key'], NONCE_KEY );
|
| 166 |
|
| 167 |
+
if ( true === $skip_invalid_nonce ) {
|
| 168 |
+
$get_args['bulk_settings_skip_invalid_nonce'] = $skip_invalid_nonce;
|
| 169 |
+
}
|
| 170 |
+
|
| 171 |
$good_nonce = null;
|
| 172 |
if ( isset( $args['nonce'] ) && ! empty( $args['nonce'] ) ) {
|
| 173 |
parse_str( $args['nonce'], $temp_nonce );
|
| 185 |
$temp_post = array_merge( $temp_post, $good_nonce );
|
| 186 |
}
|
| 187 |
|
| 188 |
+
if ( true === $skip_invalid_nonce ) {
|
| 189 |
+
$temp_post['bulk_settings_skip_invalid_nonce'] = $skip_invalid_nonce;
|
| 190 |
+
}
|
| 191 |
+
|
| 192 |
$post_args['body'] = $temp_post;
|
| 193 |
}
|
| 194 |
|
class/class-mainwp-child-cache-purge.php
CHANGED
|
@@ -80,9 +80,12 @@ class MainWP_Child_Cache_Purge {
|
|
| 80 |
update_option( 'mainwp_child_cloud_flair_enabled', ( $data['cloud_flair_enabled'] ? 1 : 0 ) );
|
| 81 |
|
| 82 |
// Update Cloudflair API Credentials option values.
|
| 83 |
-
|
| 84 |
-
|
| 85 |
-
|
|
|
|
|
|
|
|
|
|
| 86 |
} catch ( \Exception $e ) {
|
| 87 |
error_log( $e->getMessage() ); // phpcs:ignore -- debug mode only.
|
| 88 |
}
|
| 80 |
update_option( 'mainwp_child_cloud_flair_enabled', ( $data['cloud_flair_enabled'] ? 1 : 0 ) );
|
| 81 |
|
| 82 |
// Update Cloudflair API Credentials option values.
|
| 83 |
+
if ( isset( $data['mainwp_cloudflair_email'] ) ) {
|
| 84 |
+
update_option( 'mainwp_cloudflair_email', ( $data['mainwp_cloudflair_email'] ) );
|
| 85 |
+
}
|
| 86 |
+
if ( isset( $data['mainwp_cloudflair_key'] ) ) {
|
| 87 |
+
update_option( 'mainwp_cloudflair_key', ( $data['mainwp_cloudflair_key'] ) );
|
| 88 |
+
}
|
| 89 |
} catch ( \Exception $e ) {
|
| 90 |
error_log( $e->getMessage() ); // phpcs:ignore -- debug mode only.
|
| 91 |
}
|
class/class-mainwp-child-install.php
CHANGED
|
@@ -88,7 +88,7 @@ class MainWP_Child_Install {
|
|
| 88 |
|
| 89 |
foreach ( $plugins as $idx => $plugin ) {
|
| 90 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 91 |
-
$thePlugin = get_plugin_data( $plugin );
|
| 92 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 93 |
if ( 'quotes-collection/quotes-collection.php' == $plugin ) {
|
| 94 |
activate_plugin( $plugin, '', false, true );
|
|
@@ -103,7 +103,7 @@ class MainWP_Child_Install {
|
|
| 103 |
|
| 104 |
foreach ( $plugins as $idx => $plugin ) {
|
| 105 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 106 |
-
$thePlugin = get_plugin_data( $plugin );
|
| 107 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 108 |
deactivate_plugins( $plugin );
|
| 109 |
}
|
|
@@ -171,7 +171,7 @@ class MainWP_Child_Install {
|
|
| 171 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 172 |
if ( isset( $all_plugins[ $plugin ] ) ) {
|
| 173 |
if ( is_plugin_active( $plugin ) ) {
|
| 174 |
-
$thePlugin = get_plugin_data( $plugin );
|
| 175 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 176 |
deactivate_plugins( $plugin );
|
| 177 |
}
|
| 88 |
|
| 89 |
foreach ( $plugins as $idx => $plugin ) {
|
| 90 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 91 |
+
$thePlugin = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
|
| 92 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 93 |
if ( 'quotes-collection/quotes-collection.php' == $plugin ) {
|
| 94 |
activate_plugin( $plugin, '', false, true );
|
| 103 |
|
| 104 |
foreach ( $plugins as $idx => $plugin ) {
|
| 105 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 106 |
+
$thePlugin = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
|
| 107 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 108 |
deactivate_plugins( $plugin );
|
| 109 |
}
|
| 171 |
if ( $plugin !== $mainWPChild->plugin_slug ) {
|
| 172 |
if ( isset( $all_plugins[ $plugin ] ) ) {
|
| 173 |
if ( is_plugin_active( $plugin ) ) {
|
| 174 |
+
$thePlugin = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
|
| 175 |
if ( null !== $thePlugin && '' !== $thePlugin ) {
|
| 176 |
deactivate_plugins( $plugin );
|
| 177 |
}
|
class/class-mainwp-child-ithemes-security.php
CHANGED
|
@@ -365,7 +365,7 @@ class MainWP_Child_IThemes_Security {
|
|
| 365 |
$errors = array();
|
| 366 |
$nbf_settings = array();
|
| 367 |
|
| 368 |
-
$update_settings = isset( $_POST['settings'] ) ?
|
| 369 |
|
| 370 |
foreach ( $update_settings as $module => $settings ) {
|
| 371 |
$do_not_save = false;
|
|
@@ -519,7 +519,7 @@ class MainWP_Child_IThemes_Security {
|
|
| 519 |
* @uses \ITSEC_Modules::activate()
|
| 520 |
*/
|
| 521 |
public static function activate_network_brute_force() {
|
| 522 |
-
$data = isset( $_POST['data'] ) ?
|
| 523 |
$information = array();
|
| 524 |
if ( is_array( $data ) ) {
|
| 525 |
$settings = \ITSEC_Modules::get_settings( 'network-brute-force' );
|
| 365 |
$errors = array();
|
| 366 |
$nbf_settings = array();
|
| 367 |
|
| 368 |
+
$update_settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 369 |
|
| 370 |
foreach ( $update_settings as $module => $settings ) {
|
| 371 |
$do_not_save = false;
|
| 519 |
* @uses \ITSEC_Modules::activate()
|
| 520 |
*/
|
| 521 |
public static function activate_network_brute_force() {
|
| 522 |
+
$data = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 523 |
$information = array();
|
| 524 |
if ( is_array( $data ) ) {
|
| 525 |
$settings = \ITSEC_Modules::get_settings( 'network-brute-force' );
|
class/class-mainwp-child-pagespeed.php
CHANGED
|
@@ -266,11 +266,9 @@ class MainWP_Child_Pagespeed {
|
|
| 266 |
if ( $checkstatus ) {
|
| 267 |
return array( 'result' => 'RUNNING' );
|
| 268 |
}
|
| 269 |
-
|
| 270 |
$information = array();
|
| 271 |
|
| 272 |
-
$settings = isset( $_POST['settings'] ) ? wp_unslash( $_POST['settings'] ) : array();
|
| 273 |
-
$settings = maybe_unserialize( base64_decode( $settings ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for backwards compatibility.
|
| 274 |
|
| 275 |
if ( is_array( $settings ) ) {
|
| 276 |
|
| 266 |
if ( $checkstatus ) {
|
| 267 |
return array( 'result' => 'RUNNING' );
|
| 268 |
}
|
|
|
|
| 269 |
$information = array();
|
| 270 |
|
| 271 |
+
$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for backwards compatibility.
|
|
|
|
| 272 |
|
| 273 |
if ( is_array( $settings ) ) {
|
| 274 |
|
class/class-mainwp-child-plugins-check.php
CHANGED
|
@@ -261,7 +261,8 @@ class MainWP_Child_Plugins_Check {
|
|
| 261 |
|
| 262 |
// If there wasn't a previous cache.
|
| 263 |
if ( false === $all_plugins || ! is_array( $all_plugins ) ) {
|
| 264 |
-
$
|
|
|
|
| 265 |
if ( is_array( $plugins ) ) {
|
| 266 |
foreach ( $plugins as $slug => $plugin ) {
|
| 267 |
if ( isset( $plugin['Name'] ) && ! empty( $plugin['Name'] ) ) {
|
| 261 |
|
| 262 |
// If there wasn't a previous cache.
|
| 263 |
if ( false === $all_plugins || ! is_array( $all_plugins ) ) {
|
| 264 |
+
$all_plugins = array();
|
| 265 |
+
$plugins = get_plugins();
|
| 266 |
if ( is_array( $plugins ) ) {
|
| 267 |
foreach ( $plugins as $slug => $plugin ) {
|
| 268 |
if ( isset( $plugin['Name'] ) && ! empty( $plugin['Name'] ) ) {
|
class/class-mainwp-child-posts.php
CHANGED
|
@@ -357,7 +357,7 @@ class MainWP_Child_Posts {
|
|
| 357 |
|
| 358 |
$extra = array();
|
| 359 |
if ( isset( $_POST['extract_tokens'] ) ) {
|
| 360 |
-
$extra['tokens'] = isset( $_POST['extract_tokens'] ) ?
|
| 361 |
$extra['extract_post_type'] = isset( $_POST['extract_post_type'] ) ? sanitize_text_field( wp_unslash( $_POST['extract_post_type'] ) ) : '';
|
| 362 |
}
|
| 363 |
|
|
@@ -376,16 +376,16 @@ class MainWP_Child_Posts {
|
|
| 376 |
* @uses \MainWP\Child\MainWP_Helper::write()
|
| 377 |
*/
|
| 378 |
public function new_post() {
|
| 379 |
-
$new_post = isset( $_POST['new_post'] ) ?
|
| 380 |
-
$post_custom = isset( $_POST['post_custom'] ) ?
|
| 381 |
$post_category = isset( $_POST['post_category'] ) ? rawurldecode( base64_decode( wp_unslash( $_POST['post_category'] ) ) ) : null; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 382 |
$post_tags = isset( $new_post['post_tags'] ) ? rawurldecode( $new_post['post_tags'] ) : null;
|
| 383 |
-
$post_featured_image = isset( $_POST['post_featured_image'] ) ? base64_decode( wp_unslash( $_POST['post_featured_image'] ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 384 |
-
$upload_dir = isset( $_POST['mainwp_upload_dir'] ) ?
|
| 385 |
|
| 386 |
$others = array();
|
| 387 |
-
if ( isset( $_POST['featured_image_data'] )
|
| 388 |
-
$others['featured_image_data'] = ! empty( $_POST['featured_image_data'] ) ?
|
| 389 |
}
|
| 390 |
|
| 391 |
$res = $this->create_post( $new_post, $post_custom, $post_category, $post_featured_image, $upload_dir, $post_tags, $others );
|
|
@@ -462,7 +462,7 @@ class MainWP_Child_Posts {
|
|
| 462 |
} elseif ( 'restore' === $action ) {
|
| 463 |
wp_untrash_post( $postId );
|
| 464 |
} elseif ( 'update_meta' === $action ) {
|
| 465 |
-
$values = isset( $_POST['values'] ) ?
|
| 466 |
$meta_key = $values['meta_key'];
|
| 467 |
$meta_value = $values['meta_value'];
|
| 468 |
$check_prev = $values['check_prev'];
|
|
@@ -500,7 +500,7 @@ class MainWP_Child_Posts {
|
|
| 500 |
*
|
| 501 |
* @return array|bool Return $post_data or FALSE on failure.
|
| 502 |
*/
|
| 503 |
-
|
| 504 |
$post = get_post( $id );
|
| 505 |
if ( $post ) {
|
| 506 |
$categoryObjects = get_the_category( $post->ID );
|
|
@@ -575,13 +575,26 @@ class MainWP_Child_Posts {
|
|
| 575 |
require_once ABSPATH . 'wp-admin/includes/post.php';
|
| 576 |
wp_set_post_lock( $id );
|
| 577 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 578 |
$post_data = array(
|
| 579 |
-
'new_post' => base64_encode(
|
| 580 |
-
'post_custom' => base64_encode(
|
| 581 |
'post_category' => base64_encode( $post_category ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 582 |
'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 583 |
-
'post_gallery_images' => base64_encode(
|
| 584 |
-
'child_upload_dir' => base64_encode(
|
| 585 |
);
|
| 586 |
return $post_data;
|
| 587 |
|
|
@@ -596,7 +609,7 @@ class MainWP_Child_Posts {
|
|
| 596 |
*
|
| 597 |
* @return array|bool Return $post_data or FALSE on failure.
|
| 598 |
*/
|
| 599 |
-
|
| 600 |
$post = get_post( $id );
|
| 601 |
if ( $post ) {
|
| 602 |
$post_custom = get_post_custom( $id );
|
|
@@ -647,12 +660,25 @@ class MainWP_Child_Posts {
|
|
| 647 |
require_once ABSPATH . 'wp-admin/includes/post.php';
|
| 648 |
wp_set_post_lock( $id );
|
| 649 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 650 |
$post_data = array(
|
| 651 |
-
'new_post' => base64_encode(
|
| 652 |
-
'post_custom' => base64_encode(
|
| 653 |
'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 654 |
-
'post_gallery_images' => base64_encode(
|
| 655 |
-
'child_upload_dir' => base64_encode(
|
| 656 |
);
|
| 657 |
return $post_data;
|
| 658 |
}
|
|
@@ -1101,7 +1127,7 @@ class MainWP_Child_Posts {
|
|
| 1101 |
if ( preg_match_all( '/\[gallery[^\]]+ids=\"(.*?)\"[^\]]*\]/ix', $new_post['post_content'], $matches, PREG_SET_ORDER ) ) {
|
| 1102 |
$replaceAttachedIds = array();
|
| 1103 |
if ( isset( $_POST['post_gallery_images'] ) ) {
|
| 1104 |
-
$post_gallery_images = isset( $_POST['post_gallery_images'] ) ?
|
| 1105 |
if ( is_array( $post_gallery_images ) ) {
|
| 1106 |
foreach ( $post_gallery_images as $gallery ) {
|
| 1107 |
if ( isset( $gallery['src'] ) ) {
|
|
@@ -1189,7 +1215,7 @@ class MainWP_Child_Posts {
|
|
| 1189 |
$random_privelege = isset( $post_custom['_saved_draft_random_privelege'] ) ? $post_custom['_saved_draft_random_privelege'] : null;
|
| 1190 |
$random_privelege = is_array( $random_privelege ) ? current( $random_privelege ) : null;
|
| 1191 |
$random_privelege_base = base64_decode( $random_privelege ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1192 |
-
$random_privelege =
|
| 1193 |
|
| 1194 |
if ( is_array( $random_privelege ) && count( $random_privelege ) > 0 ) {
|
| 1195 |
$random_post_authors = array();
|
|
@@ -1349,20 +1375,10 @@ class MainWP_Child_Posts {
|
|
| 1349 |
if ( ! $seo_ext_activated ) {
|
| 1350 |
// if WordPress SEO plugin is not activated do not save yoast post meta.
|
| 1351 |
if ( false === strpos( $meta_key, '_yoast_wpseo_' ) ) {
|
| 1352 |
-
if ( is_serialized( $meta_value ) ) {
|
| 1353 |
-
$meta_value = unserialize( $meta_value ); // phpcs:ignore -- compatible.
|
| 1354 |
-
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1355 |
-
} else {
|
| 1356 |
-
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1357 |
-
}
|
| 1358 |
-
}
|
| 1359 |
-
} else {
|
| 1360 |
-
if ( is_serialized( $meta_value ) ) {
|
| 1361 |
-
$meta_value = unserialize( $meta_value ); // phpcs:ignore -- compatible.
|
| 1362 |
-
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1363 |
-
} else {
|
| 1364 |
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1365 |
}
|
|
|
|
|
|
|
| 1366 |
}
|
| 1367 |
}
|
| 1368 |
} elseif ( '_sticky' === $meta_key ) {
|
|
@@ -1435,7 +1451,7 @@ class MainWP_Child_Posts {
|
|
| 1435 |
if ( null !== $upload ) {
|
| 1436 |
update_post_meta( $new_post_id, '_thumbnail_id', $upload['id'] ); // Add the thumbnail to the post!
|
| 1437 |
$featured_image_exist = true;
|
| 1438 |
-
if ( isset( $others['featured_image_data'] ) ) {
|
| 1439 |
$_image_data = $others['featured_image_data'];
|
| 1440 |
update_post_meta( $upload['id'], '_wp_attachment_image_alt', $_image_data['alt'] );
|
| 1441 |
wp_update_post(
|
| 357 |
|
| 358 |
$extra = array();
|
| 359 |
if ( isset( $_POST['extract_tokens'] ) ) {
|
| 360 |
+
$extra['tokens'] = isset( $_POST['extract_tokens'] ) ? json_decode( base64_decode( wp_unslash( $_POST['extract_tokens'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 361 |
$extra['extract_post_type'] = isset( $_POST['extract_post_type'] ) ? sanitize_text_field( wp_unslash( $_POST['extract_post_type'] ) ) : '';
|
| 362 |
}
|
| 363 |
|
| 376 |
* @uses \MainWP\Child\MainWP_Helper::write()
|
| 377 |
*/
|
| 378 |
public function new_post() {
|
| 379 |
+
$new_post = isset( $_POST['new_post'] ) ? json_decode( base64_decode( wp_unslash( $_POST['new_post'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 380 |
+
$post_custom = isset( $_POST['post_custom'] ) ? json_decode( base64_decode( wp_unslash( $_POST['post_custom'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 381 |
$post_category = isset( $_POST['post_category'] ) ? rawurldecode( base64_decode( wp_unslash( $_POST['post_category'] ) ) ) : null; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 382 |
$post_tags = isset( $new_post['post_tags'] ) ? rawurldecode( $new_post['post_tags'] ) : null;
|
| 383 |
+
$post_featured_image = isset( $_POST['post_featured_image'] ) && ! empty( $_POST['post_featured_image'] ) ? base64_decode( wp_unslash( $_POST['post_featured_image'] ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 384 |
+
$upload_dir = isset( $_POST['mainwp_upload_dir'] ) ? json_decode( base64_decode( wp_unslash( $_POST['mainwp_upload_dir'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 385 |
|
| 386 |
$others = array();
|
| 387 |
+
if ( isset( $_POST['featured_image_data'] ) ) {
|
| 388 |
+
$others['featured_image_data'] = ! empty( $_POST['featured_image_data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['featured_image_data'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 389 |
}
|
| 390 |
|
| 391 |
$res = $this->create_post( $new_post, $post_custom, $post_category, $post_featured_image, $upload_dir, $post_tags, $others );
|
| 462 |
} elseif ( 'restore' === $action ) {
|
| 463 |
wp_untrash_post( $postId );
|
| 464 |
} elseif ( 'update_meta' === $action ) {
|
| 465 |
+
$values = isset( $_POST['values'] ) ? json_decode( base64_decode( wp_unslash( $_POST['values'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 466 |
$meta_key = $values['meta_key'];
|
| 467 |
$meta_value = $values['meta_value'];
|
| 468 |
$check_prev = $values['check_prev'];
|
| 500 |
*
|
| 501 |
* @return array|bool Return $post_data or FALSE on failure.
|
| 502 |
*/
|
| 503 |
+
private function get_post_edit( $id ) {
|
| 504 |
$post = get_post( $id );
|
| 505 |
if ( $post ) {
|
| 506 |
$categoryObjects = get_the_category( $post->ID );
|
| 575 |
require_once ABSPATH . 'wp-admin/includes/post.php';
|
| 576 |
wp_set_post_lock( $id );
|
| 577 |
|
| 578 |
+
// prepare $post_custom values.
|
| 579 |
+
$new_post_custom = array();
|
| 580 |
+
foreach ( $post_custom as $meta_key => $meta_values ) {
|
| 581 |
+
$new_meta_values = array();
|
| 582 |
+
foreach ( $meta_values as $key_value => $meta_value ) {
|
| 583 |
+
if ( is_serialized( $meta_value ) ) {
|
| 584 |
+
$meta_value = unserialize( $meta_value ); // phpcs:ignore -- safe internal value.
|
| 585 |
+
}
|
| 586 |
+
$new_meta_values[ $key_value ] = $meta_value;
|
| 587 |
+
}
|
| 588 |
+
$new_post_custom[ $meta_key ] = $new_meta_values;
|
| 589 |
+
}
|
| 590 |
+
|
| 591 |
$post_data = array(
|
| 592 |
+
'new_post' => base64_encode( wp_json_encode( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 593 |
+
'post_custom' => base64_encode( wp_json_encode( $new_post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 594 |
'post_category' => base64_encode( $post_category ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 595 |
'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 596 |
+
'post_gallery_images' => base64_encode( wp_json_encode( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 597 |
+
'child_upload_dir' => base64_encode( wp_json_encode( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 598 |
);
|
| 599 |
return $post_data;
|
| 600 |
|
| 609 |
*
|
| 610 |
* @return array|bool Return $post_data or FALSE on failure.
|
| 611 |
*/
|
| 612 |
+
private function get_page_edit( $id ) {
|
| 613 |
$post = get_post( $id );
|
| 614 |
if ( $post ) {
|
| 615 |
$post_custom = get_post_custom( $id );
|
| 660 |
require_once ABSPATH . 'wp-admin/includes/post.php';
|
| 661 |
wp_set_post_lock( $id );
|
| 662 |
|
| 663 |
+
// prepare $post_custom values.
|
| 664 |
+
$new_post_custom = array();
|
| 665 |
+
foreach ( $post_custom as $meta_key => $meta_values ) {
|
| 666 |
+
$new_meta_values = array();
|
| 667 |
+
foreach ( $meta_values as $key_value => $meta_value ) {
|
| 668 |
+
if ( is_serialized( $meta_value ) ) {
|
| 669 |
+
$meta_value = unserialize( $meta_value ); // phpcs:ignore -- safe internal value.
|
| 670 |
+
}
|
| 671 |
+
$new_meta_values[ $key_value ] = $meta_value;
|
| 672 |
+
}
|
| 673 |
+
$new_post_custom[ $meta_key ] = $new_meta_values;
|
| 674 |
+
}
|
| 675 |
+
|
| 676 |
$post_data = array(
|
| 677 |
+
'new_post' => base64_encode( wp_json_encode( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 678 |
+
'post_custom' => base64_encode( wp_json_encode( $new_post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 679 |
'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 680 |
+
'post_gallery_images' => base64_encode( wp_json_encode( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 681 |
+
'child_upload_dir' => base64_encode( wp_json_encode( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 682 |
);
|
| 683 |
return $post_data;
|
| 684 |
}
|
| 1127 |
if ( preg_match_all( '/\[gallery[^\]]+ids=\"(.*?)\"[^\]]*\]/ix', $new_post['post_content'], $matches, PREG_SET_ORDER ) ) {
|
| 1128 |
$replaceAttachedIds = array();
|
| 1129 |
if ( isset( $_POST['post_gallery_images'] ) ) {
|
| 1130 |
+
$post_gallery_images = isset( $_POST['post_gallery_images'] ) ? json_decode( base64_decode( wp_unslash( $_POST['post_gallery_images'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1131 |
if ( is_array( $post_gallery_images ) ) {
|
| 1132 |
foreach ( $post_gallery_images as $gallery ) {
|
| 1133 |
if ( isset( $gallery['src'] ) ) {
|
| 1215 |
$random_privelege = isset( $post_custom['_saved_draft_random_privelege'] ) ? $post_custom['_saved_draft_random_privelege'] : null;
|
| 1216 |
$random_privelege = is_array( $random_privelege ) ? current( $random_privelege ) : null;
|
| 1217 |
$random_privelege_base = base64_decode( $random_privelege ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1218 |
+
$random_privelege = json_decode( $random_privelege_base, true );
|
| 1219 |
|
| 1220 |
if ( is_array( $random_privelege ) && count( $random_privelege ) > 0 ) {
|
| 1221 |
$random_post_authors = array();
|
| 1375 |
if ( ! $seo_ext_activated ) {
|
| 1376 |
// if WordPress SEO plugin is not activated do not save yoast post meta.
|
| 1377 |
if ( false === strpos( $meta_key, '_yoast_wpseo_' ) ) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1378 |
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1379 |
}
|
| 1380 |
+
} else {
|
| 1381 |
+
update_post_meta( $new_post_id, $meta_key, $meta_value );
|
| 1382 |
}
|
| 1383 |
}
|
| 1384 |
} elseif ( '_sticky' === $meta_key ) {
|
| 1451 |
if ( null !== $upload ) {
|
| 1452 |
update_post_meta( $new_post_id, '_thumbnail_id', $upload['id'] ); // Add the thumbnail to the post!
|
| 1453 |
$featured_image_exist = true;
|
| 1454 |
+
if ( isset( $others['featured_image_data'] ) && ! empty( $others['featured_image_data'] ) ) {
|
| 1455 |
$_image_data = $others['featured_image_data'];
|
| 1456 |
update_post_meta( $upload['id'], '_wp_attachment_image_alt', $_image_data['alt'] );
|
| 1457 |
wp_update_post(
|
class/class-mainwp-child-themes-check.php
CHANGED
|
@@ -265,7 +265,7 @@ class MainWP_Child_Themes_Check {
|
|
| 265 |
}
|
| 266 |
|
| 267 |
// Deserialize the response.
|
| 268 |
-
$obj = maybe_unserialize( $body ); // phpcs:ignore -- to compatible with third party.
|
| 269 |
|
| 270 |
$now = new \DateTime();
|
| 271 |
|
|
@@ -330,7 +330,7 @@ class MainWP_Child_Themes_Check {
|
|
| 330 |
$http_args = array(
|
| 331 |
'body' => array(
|
| 332 |
'action' => 'theme_information',
|
| 333 |
-
'request' => serialize( $args ), // phpcs:ignore -- third party
|
| 334 |
),
|
| 335 |
);
|
| 336 |
|
| 265 |
}
|
| 266 |
|
| 267 |
// Deserialize the response.
|
| 268 |
+
$obj = maybe_unserialize( $body ); // phpcs:ignore -- to compatible with third party, it's safe.
|
| 269 |
|
| 270 |
$now = new \DateTime();
|
| 271 |
|
| 330 |
$http_args = array(
|
| 331 |
'body' => array(
|
| 332 |
'action' => 'theme_information',
|
| 333 |
+
'request' => serialize( $args ), // phpcs:ignore -- third party compatible.
|
| 334 |
),
|
| 335 |
);
|
| 336 |
|
class/class-mainwp-child-timecapsule.php
CHANGED
|
@@ -524,13 +524,13 @@ class MainWP_Child_Timecapsule {
|
|
| 524 |
$cron_status = $config->get_option( 'wptc_own_cron_status' );
|
| 525 |
|
| 526 |
if ( ! empty( $cron_status ) ) {
|
| 527 |
-
$return_array['wptc_own_cron_status'] = unserialize( $cron_status ); // phpcs:ignore --
|
| 528 |
$return_array['wptc_own_cron_status_notified'] = (int) $config->get_option( 'wptc_own_cron_status_notified' );
|
| 529 |
}
|
| 530 |
|
| 531 |
$start_backups_failed_server = $config->get_option( 'start_backups_failed_server' );
|
| 532 |
if ( ! empty( $start_backups_failed_server ) ) {
|
| 533 |
-
$return_array['start_backups_failed_server'] = unserialize( $start_backups_failed_server ); // phpcs:ignore --
|
| 534 |
$config->set_option( 'start_backups_failed_server', false );
|
| 535 |
}
|
| 536 |
|
|
@@ -570,7 +570,7 @@ class MainWP_Child_Timecapsule {
|
|
| 570 |
$status = array();
|
| 571 |
$cron_status = $config->get_option( 'wptc_own_cron_status' );
|
| 572 |
if ( ! empty( $cron_status ) ) {
|
| 573 |
-
$cron_status = unserialize( $cron_status ); // phpcs:ignore --
|
| 574 |
|
| 575 |
if ( 'success' == $cron_status['status'] ) {
|
| 576 |
$status['status'] = 'success';
|
|
@@ -661,7 +661,7 @@ class MainWP_Child_Timecapsule {
|
|
| 661 |
*/
|
| 662 |
public function get_logs_rows() {
|
| 663 |
$result = $this->prepare_items();
|
| 664 |
-
$result['display_rows'] = base64_encode(
|
| 665 |
return $result;
|
| 666 |
}
|
| 667 |
|
|
@@ -846,7 +846,7 @@ class MainWP_Child_Timecapsule {
|
|
| 846 |
}
|
| 847 |
}
|
| 848 |
$html .= '<tr class="act-tr">';
|
| 849 |
-
$Ldata = unserialize( $rec->log_data ); // phpcs:ignore --
|
| 850 |
$user_time = \WPTC_Factory::get( 'config' )->cnvt_UTC_to_usrTime( $Ldata['log_time'] );
|
| 851 |
\WPTC_Factory::get( 'processed-files' )->modify_schedule_backup_time( $user_time );
|
| 852 |
$user_tz_now = date( 'M d, Y @ g:i:s a', $user_time ); // phpcs:ignore -- required to achieve desired results, pull request solutions appreciated.
|
|
@@ -904,7 +904,7 @@ class MainWP_Child_Timecapsule {
|
|
| 904 |
$detailed = '';
|
| 905 |
$timezone = \WPTC_Factory::get( 'config' )->get_option( 'wptc_timezone' );
|
| 906 |
foreach ( $sub_records as $srec ) {
|
| 907 |
-
$Moredata = unserialize( $srec->log_data ); // phpcs:ignore --
|
| 908 |
$user_tmz = new \DateTime( '@' . $Moredata['log_time'], new \DateTimeZone( date_default_timezone_get() ) );
|
| 909 |
$user_tmz->setTimeZone( new \DateTimeZone( $timezone ) );
|
| 910 |
$user_tmz_now = $user_tmz->format( 'M d @ g:i:s a' );
|
|
@@ -1625,7 +1625,7 @@ class MainWP_Child_Timecapsule {
|
|
| 1625 |
);
|
| 1626 |
}
|
| 1627 |
|
| 1628 |
-
$data = isset( $_POST['data'] ) ?
|
| 1629 |
|
| 1630 |
$tabName = isset( $_POST['tabname'] ) ? sanitize_text_field( wp_unslash( $_POST['tabname'] ) ) : '';
|
| 1631 |
$is_general = isset( $_POST['is_general'] ) ? sanitize_text_field( wp_unslash( $_POST['is_general'] ) ) : '';
|
|
@@ -1695,8 +1695,8 @@ class MainWP_Child_Timecapsule {
|
|
| 1695 |
private function save_settings_backup_auto_tab( $config, $data, $is_general ) {
|
| 1696 |
$config->set_option( 'backup_before_update_setting', $data['backup_before_update_setting'] );
|
| 1697 |
$current = $config->get_option( 'wptc_auto_update_settings' );
|
| 1698 |
-
$current = unserialize( $current ); // phpcs:ignore --
|
| 1699 |
-
$new = unserialize( $data['wptc_auto_update_settings'] ); // phpcs:ignore --
|
| 1700 |
$current['update_settings']['status'] = $new['update_settings']['status'];
|
| 1701 |
$current['update_settings']['schedule']['enabled'] = $new['update_settings']['schedule']['enabled'];
|
| 1702 |
$current['update_settings']['schedule']['time'] = $new['update_settings']['schedule']['time'];
|
|
@@ -1718,7 +1718,7 @@ class MainWP_Child_Timecapsule {
|
|
| 1718 |
$current['update_settings']['themes']['included'] = array();
|
| 1719 |
}
|
| 1720 |
}
|
| 1721 |
-
$config->set_option( 'wptc_auto_update_settings', serialize( $current ) ); // phpcs:ignore --
|
| 1722 |
}
|
| 1723 |
|
| 1724 |
/**
|
|
@@ -1730,8 +1730,8 @@ class MainWP_Child_Timecapsule {
|
|
| 1730 |
*/
|
| 1731 |
private function save_settings_vulns_update_tab( $config, $data, $is_general ) {
|
| 1732 |
$current = $config->get_option( 'vulns_settings' );
|
| 1733 |
-
$current = unserialize( $current ); // phpcs:ignore --
|
| 1734 |
-
$new = unserialize( $data['vulns_settings'] ); // phpcs:ignore --
|
| 1735 |
|
| 1736 |
$current['status'] = $new['status'];
|
| 1737 |
$current['core']['status'] = $new['core']['status'];
|
|
@@ -1754,7 +1754,7 @@ class MainWP_Child_Timecapsule {
|
|
| 1754 |
|
| 1755 |
wptc_log( $included_plugins, '--------$included_plugins--------' );
|
| 1756 |
|
| 1757 |
-
$current['plugins']['excluded'] = serialize( $included_plugins ); // phpcs:ignore --
|
| 1758 |
|
| 1759 |
$vulns_themes_included = ! empty( $new['themes']['vulns_themes_included'] ) ? $new['themes']['vulns_themes_included'] : array();
|
| 1760 |
|
|
@@ -1765,9 +1765,9 @@ class MainWP_Child_Timecapsule {
|
|
| 1765 |
}
|
| 1766 |
|
| 1767 |
$included_themes = $this->filter_themes( $themes_include_array );
|
| 1768 |
-
$current['themes']['excluded'] = serialize( $included_themes ); // phpcs:ignore --
|
| 1769 |
}
|
| 1770 |
-
$config->set_option( 'vulns_settings', serialize( $current ) ); // phpcs:ignore --
|
| 1771 |
}
|
| 1772 |
|
| 1773 |
/**
|
| 524 |
$cron_status = $config->get_option( 'wptc_own_cron_status' );
|
| 525 |
|
| 526 |
if ( ! empty( $cron_status ) ) {
|
| 527 |
+
$return_array['wptc_own_cron_status'] = unserialize( $cron_status ); // phpcs:ignore -- safe internal value, third party.
|
| 528 |
$return_array['wptc_own_cron_status_notified'] = (int) $config->get_option( 'wptc_own_cron_status_notified' );
|
| 529 |
}
|
| 530 |
|
| 531 |
$start_backups_failed_server = $config->get_option( 'start_backups_failed_server' );
|
| 532 |
if ( ! empty( $start_backups_failed_server ) ) {
|
| 533 |
+
$return_array['start_backups_failed_server'] = unserialize( $start_backups_failed_server ); // phpcs:ignore -- safe internal value, third party.
|
| 534 |
$config->set_option( 'start_backups_failed_server', false );
|
| 535 |
}
|
| 536 |
|
| 570 |
$status = array();
|
| 571 |
$cron_status = $config->get_option( 'wptc_own_cron_status' );
|
| 572 |
if ( ! empty( $cron_status ) ) {
|
| 573 |
+
$cron_status = unserialize( $cron_status ); // phpcs:ignore -- safe internal value, third party.
|
| 574 |
|
| 575 |
if ( 'success' == $cron_status['status'] ) {
|
| 576 |
$status['status'] = 'success';
|
| 661 |
*/
|
| 662 |
public function get_logs_rows() {
|
| 663 |
$result = $this->prepare_items();
|
| 664 |
+
$result['display_rows'] = base64_encode( wp_json_encode( $this->get_display_rows( $result['items'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for the backwards compatibility.
|
| 665 |
return $result;
|
| 666 |
}
|
| 667 |
|
| 846 |
}
|
| 847 |
}
|
| 848 |
$html .= '<tr class="act-tr">';
|
| 849 |
+
$Ldata = unserialize( $rec->log_data ); // phpcs:ignore -- safe internal value, third party.
|
| 850 |
$user_time = \WPTC_Factory::get( 'config' )->cnvt_UTC_to_usrTime( $Ldata['log_time'] );
|
| 851 |
\WPTC_Factory::get( 'processed-files' )->modify_schedule_backup_time( $user_time );
|
| 852 |
$user_tz_now = date( 'M d, Y @ g:i:s a', $user_time ); // phpcs:ignore -- required to achieve desired results, pull request solutions appreciated.
|
| 904 |
$detailed = '';
|
| 905 |
$timezone = \WPTC_Factory::get( 'config' )->get_option( 'wptc_timezone' );
|
| 906 |
foreach ( $sub_records as $srec ) {
|
| 907 |
+
$Moredata = unserialize( $srec->log_data ); // phpcs:ignore -- safe internal value, third party.
|
| 908 |
$user_tmz = new \DateTime( '@' . $Moredata['log_time'], new \DateTimeZone( date_default_timezone_get() ) );
|
| 909 |
$user_tmz->setTimeZone( new \DateTimeZone( $timezone ) );
|
| 910 |
$user_tmz_now = $user_tmz->format( 'M d @ g:i:s a' );
|
| 1625 |
);
|
| 1626 |
}
|
| 1627 |
|
| 1628 |
+
$data = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for the backwards compatibility.
|
| 1629 |
|
| 1630 |
$tabName = isset( $_POST['tabname'] ) ? sanitize_text_field( wp_unslash( $_POST['tabname'] ) ) : '';
|
| 1631 |
$is_general = isset( $_POST['is_general'] ) ? sanitize_text_field( wp_unslash( $_POST['is_general'] ) ) : '';
|
| 1695 |
private function save_settings_backup_auto_tab( $config, $data, $is_general ) {
|
| 1696 |
$config->set_option( 'backup_before_update_setting', $data['backup_before_update_setting'] );
|
| 1697 |
$current = $config->get_option( 'wptc_auto_update_settings' );
|
| 1698 |
+
$current = unserialize( $current ); // phpcs:ignore -- safe internal value, third party.
|
| 1699 |
+
$new = unserialize( $data['wptc_auto_update_settings'] ); // phpcs:ignore -- safe internal value, third party.
|
| 1700 |
$current['update_settings']['status'] = $new['update_settings']['status'];
|
| 1701 |
$current['update_settings']['schedule']['enabled'] = $new['update_settings']['schedule']['enabled'];
|
| 1702 |
$current['update_settings']['schedule']['time'] = $new['update_settings']['schedule']['time'];
|
| 1718 |
$current['update_settings']['themes']['included'] = array();
|
| 1719 |
}
|
| 1720 |
}
|
| 1721 |
+
$config->set_option( 'wptc_auto_update_settings', serialize( $current ) ); // phpcs:ignore -- safe internal value.
|
| 1722 |
}
|
| 1723 |
|
| 1724 |
/**
|
| 1730 |
*/
|
| 1731 |
private function save_settings_vulns_update_tab( $config, $data, $is_general ) {
|
| 1732 |
$current = $config->get_option( 'vulns_settings' );
|
| 1733 |
+
$current = unserialize( $current ); // phpcs:ignore -- safe internal value, third party.
|
| 1734 |
+
$new = unserialize( $data['vulns_settings'] ); // phpcs:ignore -- safe internal value, third party.
|
| 1735 |
|
| 1736 |
$current['status'] = $new['status'];
|
| 1737 |
$current['core']['status'] = $new['core']['status'];
|
| 1754 |
|
| 1755 |
wptc_log( $included_plugins, '--------$included_plugins--------' );
|
| 1756 |
|
| 1757 |
+
$current['plugins']['excluded'] = serialize( $included_plugins ); // phpcs:ignore -- safe internal value, third party.
|
| 1758 |
|
| 1759 |
$vulns_themes_included = ! empty( $new['themes']['vulns_themes_included'] ) ? $new['themes']['vulns_themes_included'] : array();
|
| 1760 |
|
| 1765 |
}
|
| 1766 |
|
| 1767 |
$included_themes = $this->filter_themes( $themes_include_array );
|
| 1768 |
+
$current['themes']['excluded'] = serialize( $included_themes ); // phpcs:ignore -- safe internal value, third party.
|
| 1769 |
}
|
| 1770 |
+
$config->set_option( 'vulns_settings', serialize( $current ) ); // phpcs:ignore -- safe internal value, third party.
|
| 1771 |
}
|
| 1772 |
|
| 1773 |
/**
|
class/class-mainwp-child-updraft-plus-backups.php
CHANGED
|
@@ -579,7 +579,7 @@ class MainWP_Child_Updraft_Plus_Backups {
|
|
| 579 |
* @uses $updraftplus::schedule_backup_database()
|
| 580 |
*/
|
| 581 |
public function save_settings() {
|
| 582 |
-
$settings = isset( $_POST['settings'] ) ?
|
| 583 |
|
| 584 |
$keys_filter = $this->get_settings_keys();
|
| 585 |
|
|
@@ -858,7 +858,7 @@ class MainWP_Child_Updraft_Plus_Backups {
|
|
| 858 |
}
|
| 859 |
}
|
| 860 |
|
| 861 |
-
$addons_options = isset( $_POST['addons_options'] ) ?
|
| 862 |
if ( ! is_array( $addons_options ) ) {
|
| 863 |
$addons_options = array();
|
| 864 |
}
|
|
@@ -4227,13 +4227,7 @@ ENDHERE;
|
|
| 4227 |
* @param string $txt Return Base64 Encoded output.
|
| 4228 |
*/
|
| 4229 |
public function close_browser_connection($txt = '') {
|
| 4230 |
-
|
| 4231 |
-
if ( isset( $_REQUEST['json_result'] ) && true == $_REQUEST['json_result'] ) :
|
| 4232 |
-
$output = wp_json_encode( $txt );
|
| 4233 |
-
else :
|
| 4234 |
-
$output = serialize( $txt ); // phpcs:ignore -- to compatible.
|
| 4235 |
-
endif;
|
| 4236 |
-
|
| 4237 |
$txt = '<mainwp>' . base64_encode( $output ) . '</mainwp>'; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 4238 |
|
| 4239 |
// Close browser connection so that it can resume AJAX polling
|
| 579 |
* @uses $updraftplus::schedule_backup_database()
|
| 580 |
*/
|
| 581 |
public function save_settings() {
|
| 582 |
+
$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 583 |
|
| 584 |
$keys_filter = $this->get_settings_keys();
|
| 585 |
|
| 858 |
}
|
| 859 |
}
|
| 860 |
|
| 861 |
+
$addons_options = isset( $_POST['addons_options'] ) ? json_decode( base64_decode( wp_unslash( $_POST['addons_options'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 862 |
if ( ! is_array( $addons_options ) ) {
|
| 863 |
$addons_options = array();
|
| 864 |
}
|
| 4227 |
* @param string $txt Return Base64 Encoded output.
|
| 4228 |
*/
|
| 4229 |
public function close_browser_connection($txt = '') {
|
| 4230 |
+
$output = wp_json_encode( $txt );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4231 |
$txt = '<mainwp>' . base64_encode( $output ) . '</mainwp>'; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 4232 |
|
| 4233 |
// Close browser connection so that it can resume AJAX polling
|
class/class-mainwp-child-users.php
CHANGED
|
@@ -483,7 +483,7 @@ class MainWP_Child_Users {
|
|
| 483 |
* @uses \MainWP\Child\MainWP_Helper::instance()->error()
|
| 484 |
*/
|
| 485 |
public function new_admin_password() {
|
| 486 |
-
$new_password = isset( $_POST['new_password'] ) ?
|
| 487 |
|
| 488 |
$user = null;
|
| 489 |
$uname = isset( $_POST['user'] ) ? wp_unslash( $_POST['user'] ) : '';
|
|
@@ -500,7 +500,7 @@ class MainWP_Child_Users {
|
|
| 500 |
$id = wp_update_user(
|
| 501 |
array(
|
| 502 |
'ID' => $user->ID,
|
| 503 |
-
'user_pass' => $new_password
|
| 504 |
)
|
| 505 |
);
|
| 506 |
if ( $id !== $user->ID ) {
|
|
@@ -522,7 +522,7 @@ class MainWP_Child_Users {
|
|
| 522 |
* @uses \MainWP\Child\MainWP_Helper::instance()->error()
|
| 523 |
*/
|
| 524 |
public function new_user() {
|
| 525 |
-
$new_user = isset( $_POST['new_user'] ) ?
|
| 526 |
$send_password = isset( $_POST['send_password'] ) ? sanitize_text_field( wp_unslash( $_POST['send_password'] ) ) : '';
|
| 527 |
if ( isset( $new_user['role'] ) ) {
|
| 528 |
if ( ! get_role( $new_user['role'] ) ) {
|
| 483 |
* @uses \MainWP\Child\MainWP_Helper::instance()->error()
|
| 484 |
*/
|
| 485 |
public function new_admin_password() {
|
| 486 |
+
$new_password = isset( $_POST['new_password'] ) ? base64_decode( wp_unslash( $_POST['new_password'] ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 487 |
|
| 488 |
$user = null;
|
| 489 |
$uname = isset( $_POST['user'] ) ? wp_unslash( $_POST['user'] ) : '';
|
| 500 |
$id = wp_update_user(
|
| 501 |
array(
|
| 502 |
'ID' => $user->ID,
|
| 503 |
+
'user_pass' => $new_password,
|
| 504 |
)
|
| 505 |
);
|
| 506 |
if ( $id !== $user->ID ) {
|
| 522 |
* @uses \MainWP\Child\MainWP_Helper::instance()->error()
|
| 523 |
*/
|
| 524 |
public function new_user() {
|
| 525 |
+
$new_user = isset( $_POST['new_user'] ) ? json_decode( base64_decode( wp_unslash( $_POST['new_user'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 526 |
$send_password = isset( $_POST['send_password'] ) ? sanitize_text_field( wp_unslash( $_POST['send_password'] ) ) : '';
|
| 527 |
if ( isset( $new_user['role'] ) ) {
|
| 528 |
if ( ! get_role( $new_user['role'] ) ) {
|
class/class-mainwp-child-wordfence.php
CHANGED
|
@@ -605,9 +605,6 @@ class MainWP_Child_Wordfence {
|
|
| 605 |
case 'restore_file':
|
| 606 |
$information = $this->restore_file();
|
| 607 |
break;
|
| 608 |
-
case 'save_setting':
|
| 609 |
-
$information = $this->save_setting();
|
| 610 |
-
break;
|
| 611 |
case 'save_settings_new':
|
| 612 |
$information = $this->save_settings_new();
|
| 613 |
break;
|
|
@@ -1503,52 +1500,12 @@ SQL
|
|
| 1503 |
);
|
| 1504 |
}
|
| 1505 |
|
| 1506 |
-
/**
|
| 1507 |
-
* Method simple_crypt()
|
| 1508 |
-
*
|
| 1509 |
-
* Encrypt or decrypt data.
|
| 1510 |
-
*
|
| 1511 |
-
* @param string $key Contains the cryption key.
|
| 1512 |
-
* @param array $data Array containing data that needs to be encrypted or decrypted.
|
| 1513 |
-
* @param string $action Contains preferred action, encrypt or decrypt.
|
| 1514 |
-
*
|
| 1515 |
-
* @used-by save_settings_new() Save new Wordfence settigns.
|
| 1516 |
-
* @used-by save_settings() Save Wordfence settigns.
|
| 1517 |
-
*
|
| 1518 |
-
* @return string Encrypted or decrypted data.
|
| 1519 |
-
*/
|
| 1520 |
-
public function simple_crypt( $key, $data, $action = 'encrypt' ) {
|
| 1521 |
-
$res = '';
|
| 1522 |
-
if ( 'encrypt' == $action ) {
|
| 1523 |
-
$string = base64_encode( serialize( $data ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Required for backwards compatibility.
|
| 1524 |
-
} else {
|
| 1525 |
-
$string = $data;
|
| 1526 |
-
}
|
| 1527 |
-
$string_lenght = strlen( $string );
|
| 1528 |
-
for ( $i = 0; $i < $string_lenght; $i++ ) {
|
| 1529 |
-
$c = ord( substr( $string, $i ) );
|
| 1530 |
-
if ( 'encrypt' == $action ) {
|
| 1531 |
-
$c += ord( substr( $key, ( ( $i + 1 ) % strlen( $key ) ) ) );
|
| 1532 |
-
$res .= chr( $c & 0xFF );
|
| 1533 |
-
} else {
|
| 1534 |
-
$c -= ord( substr( $key, ( ( $i + 1 ) % strlen( $key ) ) ) );
|
| 1535 |
-
$res .= chr( abs( $c ) & 0xFF );
|
| 1536 |
-
}
|
| 1537 |
-
}
|
| 1538 |
-
|
| 1539 |
-
if ( 'encrypt' !== $action ) {
|
| 1540 |
-
$res = unserialize( base64_decode( $res ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Required for backwards compatibility.
|
| 1541 |
-
}
|
| 1542 |
-
return $res;
|
| 1543 |
-
}
|
| 1544 |
|
| 1545 |
/**
|
| 1546 |
* Method save_settings_new()
|
| 1547 |
*
|
| 1548 |
* Save new Wordfence settings.
|
| 1549 |
*
|
| 1550 |
-
* @uses simple_crypt() Encrypt or decrypt data.
|
| 1551 |
-
*
|
| 1552 |
* @used-by MainWP_Child_Wordfence::actions() Fire off certain Wordfence plugin actions.
|
| 1553 |
*
|
| 1554 |
* @throws \Exception Error message.
|
|
@@ -1556,12 +1513,9 @@ SQL
|
|
| 1556 |
* @return array Action result.
|
| 1557 |
*/
|
| 1558 |
public function save_settings_new() {
|
| 1559 |
-
|
| 1560 |
-
|
| 1561 |
-
|
| 1562 |
-
$settings = isset( $_POST['settings'] ) ? maybe_unserialize( base64_decode( wp_unslash( $_POST['settings'] ) ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Required for backwards compatibility.
|
| 1563 |
-
}
|
| 1564 |
-
|
| 1565 |
$section = isset( $_POST['savingSection'] ) ? sanitize_text_field( wp_unslash( $_POST['savingSection'] ) ) : '';
|
| 1566 |
$saving_opts = self::get_section_settings( $section );
|
| 1567 |
|
|
@@ -1842,173 +1796,6 @@ SQL
|
|
| 1842 |
return \wordfence::ajax_recentTraffic_callback();
|
| 1843 |
}
|
| 1844 |
|
| 1845 |
-
/**
|
| 1846 |
-
* Method save_settings()
|
| 1847 |
-
*
|
| 1848 |
-
* Save Wordfence settings.
|
| 1849 |
-
*
|
| 1850 |
-
* @uses simple_crypt() Encrypt or decrypt data.
|
| 1851 |
-
*
|
| 1852 |
-
* @used-by MainWP_Child_Wordfence::actions() Fire off certain Wordfence plugin actions.
|
| 1853 |
-
*
|
| 1854 |
-
* @throws \Exception Error message.
|
| 1855 |
-
*
|
| 1856 |
-
* @return array Action result.
|
| 1857 |
-
*/
|
| 1858 |
-
public function save_setting() {
|
| 1859 |
-
if ( isset( $_POST['encrypted'] ) ) {
|
| 1860 |
-
$settings = $this->simple_crypt( 'thisisakey', $_POST['settings'], 'decrypt' ); // to fix pass through sec rules of Dreamhost!
|
| 1861 |
-
} else {
|
| 1862 |
-
$settings = isset( $_POST['settings'] ) ? maybe_unserialize( base64_decode( wp_unslash( $_POST['settings'] ) ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 1863 |
-
}
|
| 1864 |
-
|
| 1865 |
-
if ( is_array( $settings ) && count( $settings ) > 0 ) {
|
| 1866 |
-
$result = array();
|
| 1867 |
-
$reload = '';
|
| 1868 |
-
$opts = $settings;
|
| 1869 |
-
$validUsers = array();
|
| 1870 |
-
$invalidUsers = array();
|
| 1871 |
-
foreach ( explode( ',', $opts['liveTraf_ignoreUsers'] ) as $val ) {
|
| 1872 |
-
$val = trim( $val );
|
| 1873 |
-
if ( strlen( $val ) > 0 ) {
|
| 1874 |
-
if ( get_user_by( 'login', $val ) ) {
|
| 1875 |
-
$validUsers[] = $val;
|
| 1876 |
-
} else {
|
| 1877 |
-
$invalidUsers[] = $val;
|
| 1878 |
-
}
|
| 1879 |
-
}
|
| 1880 |
-
}
|
| 1881 |
-
|
| 1882 |
-
if ( count( $invalidUsers ) > 0 ) {
|
| 1883 |
-
$result['invalid_users'] = htmlentities( implode( ', ', $invalidUsers ) );
|
| 1884 |
-
}
|
| 1885 |
-
|
| 1886 |
-
if ( count( $validUsers ) > 0 ) {
|
| 1887 |
-
$opts['liveTraf_ignoreUsers'] = implode( ',', $validUsers );
|
| 1888 |
-
} else {
|
| 1889 |
-
$opts['liveTraf_ignoreUsers'] = '';
|
| 1890 |
-
}
|
| 1891 |
-
|
| 1892 |
-
if ( ! $opts['other_WFNet'] ) {
|
| 1893 |
-
$wfdb = new \wfDB();
|
| 1894 |
-
$table_wfBlocks7 = \wfDB::networkTable( 'wfBlocks7' );
|
| 1895 |
-
$wfdb->queryWrite( "delete from {$table_wfBlocks7} where wfsn=1 and permanent=0" );
|
| 1896 |
-
}
|
| 1897 |
-
|
| 1898 |
-
$regenerateHtaccess = false;
|
| 1899 |
-
if ( \wfConfig::get( 'bannedURLs', false ) !== $opts['bannedURLs'] ) {
|
| 1900 |
-
$regenerateHtaccess = true;
|
| 1901 |
-
}
|
| 1902 |
-
|
| 1903 |
-
foreach ( $opts as $key => $val ) {
|
| 1904 |
-
if ( in_array( $key, self::$options_filter ) ) {
|
| 1905 |
-
if ( 'apiKey' !== $key ) { // Don't save API key yet!
|
| 1906 |
-
\wfConfig::set( $key, $val );
|
| 1907 |
-
}
|
| 1908 |
-
}
|
| 1909 |
-
}
|
| 1910 |
-
|
| 1911 |
-
if ( $regenerateHtaccess && ( 'falcon' == \wfConfig::get( 'cacheType' ) ) ) {
|
| 1912 |
-
\wfCache::addHtaccessCode( 'add' );
|
| 1913 |
-
}
|
| 1914 |
-
|
| 1915 |
-
if ( '1' === $opts['autoUpdate'] ) {
|
| 1916 |
-
\wfConfig::enableAutoUpdate();
|
| 1917 |
-
} elseif ( '0' === $opts['autoUpdate'] ) {
|
| 1918 |
-
\wfConfig::disableAutoUpdate();
|
| 1919 |
-
}
|
| 1920 |
-
|
| 1921 |
-
if ( isset( $opts['disableCodeExecutionUploads'] ) ) {
|
| 1922 |
-
try {
|
| 1923 |
-
if ( $opts['disableCodeExecutionUploads'] ) {
|
| 1924 |
-
\wfConfig::disableCodeExecutionForUploads();
|
| 1925 |
-
} else {
|
| 1926 |
-
\wfConfig::removeCodeExecutionProtectionForUploads();
|
| 1927 |
-
}
|
| 1928 |
-
} catch ( \wfConfig\Exception $e ) {
|
| 1929 |
-
return array( 'error' => $e->getMessage() );
|
| 1930 |
-
}
|
| 1931 |
-
}
|
| 1932 |
-
|
| 1933 |
-
if ( isset( $opts['email_summary_enabled'] ) ) {
|
| 1934 |
-
if ( ! empty( $opts['email_summary_enabled'] ) ) {
|
| 1935 |
-
\wfConfig::set( 'email_summary_enabled', 1 );
|
| 1936 |
-
\wfConfig::set( 'email_summary_interval', $opts['email_summary_interval'] );
|
| 1937 |
-
\wfConfig::set( 'email_summary_excluded_directories', $opts['email_summary_excluded_directories'] );
|
| 1938 |
-
\wfActivityReport::scheduleCronJob();
|
| 1939 |
-
} else {
|
| 1940 |
-
\wfConfig::set( 'email_summary_enabled', 0 );
|
| 1941 |
-
\wfActivityReport::disableCronJob();
|
| 1942 |
-
}
|
| 1943 |
-
}
|
| 1944 |
-
|
| 1945 |
-
$sch = isset( $opts['scheduleScan'] ) ? $opts['scheduleScan'] : '';
|
| 1946 |
-
if ( get_option( 'mainwp_child_wordfence_cron_time' ) !== $sch ) {
|
| 1947 |
-
update_option( 'mainwp_child_wordfence_cron_time', $sch );
|
| 1948 |
-
$sched = wp_next_scheduled( 'mainwp_child_wordfence_cron_scan' );
|
| 1949 |
-
if ( false !== $sched ) {
|
| 1950 |
-
wp_unschedule_event( $sched, 'mainwp_child_wordfence_cron_scan' );
|
| 1951 |
-
}
|
| 1952 |
-
}
|
| 1953 |
-
|
| 1954 |
-
$result['cacheType'] = \wfConfig::get( 'cacheType' );
|
| 1955 |
-
$result['paidKeyMsg'] = false;
|
| 1956 |
-
$apiKey = trim( $_POST['apiKey'] );
|
| 1957 |
-
if ( ! $apiKey ) { // Empty API key (after trim above), then try to get one.
|
| 1958 |
-
$api = new \wfAPI( '', \wfUtils::getWPVersion() );
|
| 1959 |
-
try {
|
| 1960 |
-
$keyData = $api->call( 'get_anon_api_key' );
|
| 1961 |
-
if ( $keyData['ok'] && $keyData['apiKey'] ) {
|
| 1962 |
-
\wfConfig::set( 'apiKey', $keyData['apiKey'] );
|
| 1963 |
-
\wfConfig::set( 'isPaid', 0 );
|
| 1964 |
-
$result['apiKey'] = $keyData['apiKey'];
|
| 1965 |
-
$result['isPaid'] = 0;
|
| 1966 |
-
$reload = 'reload';
|
| 1967 |
-
} else {
|
| 1968 |
-
throw new \Exception( "We could not understand the Wordfence server's response because it did not contain an 'ok' and 'apiKey' element." );
|
| 1969 |
-
}
|
| 1970 |
-
} catch ( \Exception $e ) {
|
| 1971 |
-
$result['error'] = 'Your options have been saved, but we encountered a problem. You left your API key blank, so we tried to get you a free API key from the Wordfence servers. However we encountered a problem fetching the free key: ' . htmlentities( $e->getMessage() );
|
| 1972 |
-
|
| 1973 |
-
return $result;
|
| 1974 |
-
}
|
| 1975 |
-
} elseif ( \wfConfig::get( 'apiKey' ) !== $apiKey ) {
|
| 1976 |
-
$api = new \wfAPI( $apiKey, \wfUtils::getWPVersion() );
|
| 1977 |
-
try {
|
| 1978 |
-
$res = $api->call( 'check_api_key', array(), array() );
|
| 1979 |
-
if ( $res['ok'] && isset( $res['isPaid'] ) ) {
|
| 1980 |
-
\wfConfig::set( 'apiKey', $apiKey );
|
| 1981 |
-
\wfConfig::set( 'isPaid', $res['isPaid'] ); // res['isPaid'] is boolean coming back as JSON and turned back into PHP struct. Assuming JSON to PHP handles bools.
|
| 1982 |
-
$result['apiKey'] = $apiKey;
|
| 1983 |
-
$result['isPaid'] = $res['isPaid'];
|
| 1984 |
-
if ( $res['isPaid'] ) {
|
| 1985 |
-
$result['paidKeyMsg'] = true;
|
| 1986 |
-
}
|
| 1987 |
-
$reload = 'reload';
|
| 1988 |
-
} else {
|
| 1989 |
-
throw new \Exception( 'We could not understand the Wordfence API server reply when updating your API key.' );
|
| 1990 |
-
}
|
| 1991 |
-
} catch ( \Exception $e ) {
|
| 1992 |
-
$result['error'] = 'Your options have been saved. However we noticed you changed your API key and we tried to verify it with the Wordfence servers and received an error: ' . htmlentities( $e->getMessage() );
|
| 1993 |
-
|
| 1994 |
-
return $result;
|
| 1995 |
-
}
|
| 1996 |
-
} else {
|
| 1997 |
-
try {
|
| 1998 |
-
$api = new \wfAPI( $apiKey, \wfUtils::getWPVersion() );
|
| 1999 |
-
$res = $api->call( 'ping_api_key', array(), array() );
|
| 2000 |
-
} catch ( \Exception $e ) {
|
| 2001 |
-
$result['error'] = 'Your options have been saved. However we noticed you do not change your API key and we tried to verify it with the Wordfence servers and received an error: ' . htmlentities( $e->getMessage() );
|
| 2002 |
-
|
| 2003 |
-
return $result;
|
| 2004 |
-
}
|
| 2005 |
-
}
|
| 2006 |
-
$result['ok'] = 1;
|
| 2007 |
-
$result['reload'] = $reload;
|
| 2008 |
-
|
| 2009 |
-
return $result;
|
| 2010 |
-
}
|
| 2011 |
-
}
|
| 2012 |
|
| 2013 |
/**
|
| 2014 |
* Method export_settings()
|
|
@@ -3163,7 +2950,7 @@ SQL
|
|
| 3163 |
public static function add_cache_exclusion() {
|
| 3164 |
$ex = \wfConfig::get( 'cacheExclusions', false );
|
| 3165 |
if ( $ex ) {
|
| 3166 |
-
$ex = unserialize( $ex ); // phpcs:ignore -- third party credit.
|
| 3167 |
} else {
|
| 3168 |
$ex = array();
|
| 3169 |
}
|
|
@@ -3206,7 +2993,7 @@ SQL
|
|
| 3206 |
if ( ! $ex ) {
|
| 3207 |
return array( 'ex' => false );
|
| 3208 |
}
|
| 3209 |
-
$ex = unserialize( $ex ); // phpcs:ignore -- third party
|
| 3210 |
return array(
|
| 3211 |
'ok' => 1,
|
| 3212 |
'ex' => $ex,
|
|
@@ -3228,7 +3015,7 @@ SQL
|
|
| 3228 |
if ( ! $ex ) {
|
| 3229 |
return array( 'ok' => 1 );
|
| 3230 |
}
|
| 3231 |
-
$ex = unserialize( $ex ); // phpcs:ignore -- third party
|
| 3232 |
$rewriteHtaccess = false;
|
| 3233 |
$removed = false;
|
| 3234 |
$count_ex = count( $ex );
|
| 605 |
case 'restore_file':
|
| 606 |
$information = $this->restore_file();
|
| 607 |
break;
|
|
|
|
|
|
|
|
|
|
| 608 |
case 'save_settings_new':
|
| 609 |
$information = $this->save_settings_new();
|
| 610 |
break;
|
| 1500 |
);
|
| 1501 |
}
|
| 1502 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1503 |
|
| 1504 |
/**
|
| 1505 |
* Method save_settings_new()
|
| 1506 |
*
|
| 1507 |
* Save new Wordfence settings.
|
| 1508 |
*
|
|
|
|
|
|
|
| 1509 |
* @used-by MainWP_Child_Wordfence::actions() Fire off certain Wordfence plugin actions.
|
| 1510 |
*
|
| 1511 |
* @throws \Exception Error message.
|
| 1513 |
* @return array Action result.
|
| 1514 |
*/
|
| 1515 |
public function save_settings_new() {
|
| 1516 |
+
|
| 1517 |
+
$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] )), true ) : array(); // phpcs:ignore -- custom fix to pass through security rules of Dreamhost.
|
| 1518 |
+
|
|
|
|
|
|
|
|
|
|
| 1519 |
$section = isset( $_POST['savingSection'] ) ? sanitize_text_field( wp_unslash( $_POST['savingSection'] ) ) : '';
|
| 1520 |
$saving_opts = self::get_section_settings( $section );
|
| 1521 |
|
| 1796 |
return \wordfence::ajax_recentTraffic_callback();
|
| 1797 |
}
|
| 1798 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1799 |
|
| 1800 |
/**
|
| 1801 |
* Method export_settings()
|
| 2950 |
public static function add_cache_exclusion() {
|
| 2951 |
$ex = \wfConfig::get( 'cacheExclusions', false );
|
| 2952 |
if ( $ex ) {
|
| 2953 |
+
$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party credit.
|
| 2954 |
} else {
|
| 2955 |
$ex = array();
|
| 2956 |
}
|
| 2993 |
if ( ! $ex ) {
|
| 2994 |
return array( 'ex' => false );
|
| 2995 |
}
|
| 2996 |
+
$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party.
|
| 2997 |
return array(
|
| 2998 |
'ok' => 1,
|
| 2999 |
'ex' => $ex,
|
| 3015 |
if ( ! $ex ) {
|
| 3016 |
return array( 'ok' => 1 );
|
| 3017 |
}
|
| 3018 |
+
$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party.
|
| 3019 |
$rewriteHtaccess = false;
|
| 3020 |
$removed = false;
|
| 3021 |
$count_ex = count( $ex );
|
class/class-mainwp-child-wp-rocket.php
CHANGED
|
@@ -670,7 +670,7 @@ class MainWP_Child_WP_Rocket {
|
|
| 670 |
* @return array Action result.
|
| 671 |
*/
|
| 672 |
public function save_settings() {
|
| 673 |
-
$options = isset( $_POST['settings'] ) ?
|
| 674 |
if ( ! is_array( $options ) || empty( $options ) ) {
|
| 675 |
return array( 'error' => 'INVALID_OPTIONS' );
|
| 676 |
}
|
| 670 |
* @return array Action result.
|
| 671 |
*/
|
| 672 |
public function save_settings() {
|
| 673 |
+
$options = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 674 |
if ( ! is_array( $options ) || empty( $options ) ) {
|
| 675 |
return array( 'error' => 'INVALID_OPTIONS' );
|
| 676 |
}
|
class/class-mainwp-child.php
CHANGED
|
@@ -33,7 +33,7 @@ class MainWP_Child {
|
|
| 33 |
*
|
| 34 |
* @var string MainWP Child plugin version.
|
| 35 |
*/
|
| 36 |
-
public static $version = '4.3.
|
| 37 |
|
| 38 |
/**
|
| 39 |
* Private variable containing the latest MainWP Child update version.
|
| 33 |
*
|
| 34 |
* @var string MainWP Child plugin version.
|
| 35 |
*/
|
| 36 |
+
public static $version = '4.3.1';
|
| 37 |
|
| 38 |
/**
|
| 39 |
* Private variable containing the latest MainWP Child update version.
|
class/class-mainwp-client-report-base.php
CHANGED
|
@@ -895,7 +895,7 @@ class MainWP_Client_Report_Base {
|
|
| 895 |
$tok_value = '';
|
| 896 |
$scan_data = $this->get_stream_meta_data( $record, 'scan_data' );
|
| 897 |
if ( ! empty( $scan_data ) ) {
|
| 898 |
-
$scan_data =
|
| 899 |
if ( is_array( $scan_data ) ) {
|
| 900 |
|
| 901 |
$blacklisted = $scan_data['blacklisted'];
|
| 895 |
$tok_value = '';
|
| 896 |
$scan_data = $this->get_stream_meta_data( $record, 'scan_data' );
|
| 897 |
if ( ! empty( $scan_data ) ) {
|
| 898 |
+
$scan_data = json_decode( base64_decode( $scan_data ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for backwards compatibility.
|
| 899 |
if ( is_array( $scan_data ) ) {
|
| 900 |
|
| 901 |
$blacklisted = $scan_data['blacklisted'];
|
class/class-mainwp-client-report.php
CHANGED
|
@@ -204,12 +204,12 @@ class MainWP_Client_Report extends MainWP_Client_Report_Base {
|
|
| 204 |
*/
|
| 205 |
public function get_stream() {
|
| 206 |
|
| 207 |
-
$sections = isset( $_POST['sections'] ) ?
|
| 208 |
if ( ! is_array( $sections ) ) {
|
| 209 |
$sections = array();
|
| 210 |
}
|
| 211 |
|
| 212 |
-
$other_tokens = isset( $_POST['other_tokens'] ) ?
|
| 213 |
if ( ! is_array( $other_tokens ) ) {
|
| 214 |
$other_tokens = array();
|
| 215 |
}
|
| 204 |
*/
|
| 205 |
public function get_stream() {
|
| 206 |
|
| 207 |
+
$sections = isset( $_POST['sections'] ) ? json_decode( base64_decode( wp_unslash( $_POST['sections'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 208 |
if ( ! is_array( $sections ) ) {
|
| 209 |
$sections = array();
|
| 210 |
}
|
| 211 |
|
| 212 |
+
$other_tokens = isset( $_POST['other_tokens'] ) ? json_decode( base64_decode( wp_unslash( $_POST['other_tokens'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 213 |
if ( ! is_array( $other_tokens ) ) {
|
| 214 |
$other_tokens = array();
|
| 215 |
}
|
class/class-mainwp-clone-install.php
CHANGED
|
@@ -220,12 +220,7 @@ class MainWP_Clone_Install {
|
|
| 220 |
if ( false === $configContents ) {
|
| 221 |
throw new \Exception( __( 'Cant read configuration file from the backup.', 'mainwp-child' ) );
|
| 222 |
}
|
| 223 |
-
|
| 224 |
-
$this->config = wp_json_decode( $configContents );
|
| 225 |
-
} else {
|
| 226 |
-
$this->config = maybe_unserialize( base64_decode( $configContents ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe.
|
| 227 |
-
}
|
| 228 |
-
|
| 229 |
if ( isset( $this->config['plugins'] ) ) {
|
| 230 |
MainWP_Helper::update_option( 'mainwp_temp_clone_plugins', $this->config['plugins'] );
|
| 231 |
}
|
| 220 |
if ( false === $configContents ) {
|
| 221 |
throw new \Exception( __( 'Cant read configuration file from the backup.', 'mainwp-child' ) );
|
| 222 |
}
|
| 223 |
+
$this->config = wp_json_decode( $configContents );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 224 |
if ( isset( $this->config['plugins'] ) ) {
|
| 225 |
MainWP_Helper::update_option( 'mainwp_temp_clone_plugins', $this->config['plugins'] );
|
| 226 |
}
|
class/class-mainwp-clone.php
CHANGED
|
@@ -423,7 +423,6 @@ class MainWP_Clone {
|
|
| 423 |
'f' => $rand,
|
| 424 |
'wpversion' => $wp_version,
|
| 425 |
'zipmethod' => $method,
|
| 426 |
-
'json_result' => true,
|
| 427 |
)
|
| 428 |
);
|
| 429 |
|
|
@@ -483,7 +482,6 @@ class MainWP_Clone {
|
|
| 483 |
'cloneFunc' => 'createCloneBackupPoll',
|
| 484 |
'key' => $key,
|
| 485 |
'f' => $rand,
|
| 486 |
-
'json_result' => true,
|
| 487 |
)
|
| 488 |
);
|
| 489 |
|
|
@@ -595,7 +593,6 @@ class MainWP_Clone {
|
|
| 595 |
'cloneFunc' => 'deleteCloneBackup',
|
| 596 |
'key' => $siteToClone['extauth'],
|
| 597 |
'f' => $file,
|
| 598 |
-
'json_result' => true,
|
| 599 |
)
|
| 600 |
);
|
| 601 |
}
|
| 423 |
'f' => $rand,
|
| 424 |
'wpversion' => $wp_version,
|
| 425 |
'zipmethod' => $method,
|
|
|
|
| 426 |
)
|
| 427 |
);
|
| 428 |
|
| 482 |
'cloneFunc' => 'createCloneBackupPoll',
|
| 483 |
'key' => $key,
|
| 484 |
'f' => $rand,
|
|
|
|
| 485 |
)
|
| 486 |
);
|
| 487 |
|
| 593 |
'cloneFunc' => 'deleteCloneBackup',
|
| 594 |
'key' => $siteToClone['extauth'],
|
| 595 |
'f' => $file,
|
|
|
|
| 596 |
)
|
| 597 |
);
|
| 598 |
}
|
class/class-mainwp-custom-post-type.php
CHANGED
|
@@ -64,11 +64,8 @@ class MainWP_Custom_Post_Type {
|
|
| 64 |
$data = self::$information;
|
| 65 |
}
|
| 66 |
|
| 67 |
-
|
| 68 |
-
|
| 69 |
-
} else {
|
| 70 |
-
$data = serialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- Required to achieve desired results, pull request solutions appreciated.
|
| 71 |
-
}
|
| 72 |
die( '<mainwp>' . base64_encode( $data ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for backwards compatibility.
|
| 73 |
}
|
| 74 |
|
| 64 |
$data = self::$information;
|
| 65 |
}
|
| 66 |
|
| 67 |
+
$data = wp_json_encode( $data );
|
| 68 |
+
|
|
|
|
|
|
|
|
|
|
| 69 |
die( '<mainwp>' . base64_encode( $data ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode required for backwards compatibility.
|
| 70 |
}
|
| 71 |
|
class/class-mainwp-helper.php
CHANGED
|
@@ -56,12 +56,7 @@ class MainWP_Helper {
|
|
| 56 |
* @param mixed $value Contains information to be written.
|
| 57 |
*/
|
| 58 |
public static function write( $value ) {
|
| 59 |
-
|
| 60 |
-
$output = wp_json_encode( $value );
|
| 61 |
-
else :
|
| 62 |
-
$output = serialize( $value ); // phpcs:ignore -- Required for backwards compatibility.
|
| 63 |
-
endif;
|
| 64 |
-
|
| 65 |
die( '<mainwp>' . base64_encode( $output ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for backwards compatibility.
|
| 66 |
}
|
| 67 |
|
| 56 |
* @param mixed $value Contains information to be written.
|
| 57 |
*/
|
| 58 |
public static function write( $value ) {
|
| 59 |
+
$output = wp_json_encode( $value );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 |
die( '<mainwp>' . base64_encode( $output ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for backwards compatibility.
|
| 61 |
}
|
| 62 |
|
class/class-mainwp-utility.php
CHANGED
|
@@ -526,8 +526,6 @@ class MainWP_Utility {
|
|
| 526 |
$postdata = array();
|
| 527 |
}
|
| 528 |
|
| 529 |
-
$postdata['json_result'] = true; // forced all response in json format.
|
| 530 |
-
|
| 531 |
// phpcs:disable WordPress.WP.AlternativeFunctions -- Custom functions required to achieve desired results, pull request solutions appreciated.
|
| 532 |
$ch = curl_init();
|
| 533 |
curl_setopt( $ch, CURLOPT_URL, $url );
|
|
@@ -616,12 +614,7 @@ class MainWP_Utility {
|
|
| 616 |
* @param array $val Array containing connection information.
|
| 617 |
*/
|
| 618 |
public static function close_connection( $val = null ) {
|
| 619 |
-
|
| 620 |
-
$output = wp_json_encode( $val );
|
| 621 |
-
else :
|
| 622 |
-
$output = serialize( $val ); // phpcs:ignore -- Required for backwards compatibility.
|
| 623 |
-
endif;
|
| 624 |
-
|
| 625 |
$output = '<mainwp>' . base64_encode( $output ) . '</mainwp>'; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for backwards compatibility.
|
| 626 |
// Close browser connection so that it can resume AJAX polling.
|
| 627 |
header( 'Content-Length: ' . strlen( $output ) );
|
|
@@ -737,6 +730,9 @@ class MainWP_Utility {
|
|
| 737 |
if ( ! empty( $from ) ) {
|
| 738 |
$headers .= 'From: "' . $from . '" <' . $from . ">\r\n";
|
| 739 |
}
|
|
|
|
|
|
|
|
|
|
| 740 |
$mail .= "<p>Support Email from: <a href='" . site_url() . "'>" . site_url() . "</a></p>\r\n\r\n";
|
| 741 |
$mail .= '<p>Sent from WordPress page: ' . ( ! empty( $from_page ) ? "<a href='" . esc_url( $from_page ) . "'>" . esc_url( $from_page ) . "</a></p>\r\n\r\n" : '' );
|
| 742 |
$mail .= '<p>Client Email: ' . $current_user->user_email . " </p>\r\n\r\n";
|
|
@@ -900,7 +896,9 @@ class MainWP_Utility {
|
|
| 900 |
$roles = array();
|
| 901 |
|
| 902 |
foreach ( $wp_roles->get_names() as $role => $label ) {
|
| 903 |
-
|
|
|
|
|
|
|
| 904 |
}
|
| 905 |
|
| 906 |
return $roles;
|
| 526 |
$postdata = array();
|
| 527 |
}
|
| 528 |
|
|
|
|
|
|
|
| 529 |
// phpcs:disable WordPress.WP.AlternativeFunctions -- Custom functions required to achieve desired results, pull request solutions appreciated.
|
| 530 |
$ch = curl_init();
|
| 531 |
curl_setopt( $ch, CURLOPT_URL, $url );
|
| 614 |
* @param array $val Array containing connection information.
|
| 615 |
*/
|
| 616 |
public static function close_connection( $val = null ) {
|
| 617 |
+
$output = wp_json_encode( $val );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 618 |
$output = '<mainwp>' . base64_encode( $output ) . '</mainwp>'; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for backwards compatibility.
|
| 619 |
// Close browser connection so that it can resume AJAX polling.
|
| 620 |
header( 'Content-Length: ' . strlen( $output ) );
|
| 730 |
if ( ! empty( $from ) ) {
|
| 731 |
$headers .= 'From: "' . $from . '" <' . $from . ">\r\n";
|
| 732 |
}
|
| 733 |
+
|
| 734 |
+
$headers = apply_filters( 'mainwp_child_contact_support_mail_headers', $headers, $email, $from );
|
| 735 |
+
|
| 736 |
$mail .= "<p>Support Email from: <a href='" . site_url() . "'>" . site_url() . "</a></p>\r\n\r\n";
|
| 737 |
$mail .= '<p>Sent from WordPress page: ' . ( ! empty( $from_page ) ? "<a href='" . esc_url( $from_page ) . "'>" . esc_url( $from_page ) . "</a></p>\r\n\r\n" : '' );
|
| 738 |
$mail .= '<p>Client Email: ' . $current_user->user_email . " </p>\r\n\r\n";
|
| 896 |
$roles = array();
|
| 897 |
|
| 898 |
foreach ( $wp_roles->get_names() as $role => $label ) {
|
| 899 |
+
if ( is_string( $label ) ) {
|
| 900 |
+
$roles[ $role ] = translate_user_role( $label );
|
| 901 |
+
}
|
| 902 |
}
|
| 903 |
|
| 904 |
return $roles;
|
class/class-tar-archiver.php
CHANGED
|
@@ -488,33 +488,18 @@ class Tar_Archiver {
|
|
| 488 |
}
|
| 489 |
closedir( $fh );
|
| 490 |
|
| 491 |
-
|
| 492 |
-
|
| 493 |
-
|
| 494 |
-
|
| 495 |
-
|
| 496 |
-
|
| 497 |
-
|
| 498 |
-
|
| 499 |
-
|
| 500 |
-
|
| 501 |
-
|
| 502 |
-
|
| 503 |
-
} else {
|
| 504 |
-
$string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 505 |
-
serialize( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions
|
| 506 |
-
array(
|
| 507 |
-
'siteurl' => get_option( 'siteurl' ),
|
| 508 |
-
'home' => get_option( 'home' ),
|
| 509 |
-
'abspath' => ABSPATH,
|
| 510 |
-
'prefix' => $wpdb->prefix,
|
| 511 |
-
'lang' => get_bloginfo( 'language' ),
|
| 512 |
-
'plugins' => $plugins,
|
| 513 |
-
'themes' => $themes,
|
| 514 |
-
)
|
| 515 |
-
)
|
| 516 |
-
);
|
| 517 |
-
}
|
| 518 |
return $string;
|
| 519 |
}
|
| 520 |
|
| 488 |
}
|
| 489 |
closedir( $fh );
|
| 490 |
|
| 491 |
+
$string = wp_json_encode(
|
| 492 |
+
array(
|
| 493 |
+
'siteurl' => get_option( 'siteurl' ),
|
| 494 |
+
'home' => get_option( 'home' ),
|
| 495 |
+
'abspath' => ABSPATH,
|
| 496 |
+
'prefix' => $wpdb->prefix,
|
| 497 |
+
'lang' => get_bloginfo( 'language' ),
|
| 498 |
+
'plugins' => $plugins,
|
| 499 |
+
'themes' => $themes,
|
| 500 |
+
)
|
| 501 |
+
);
|
| 502 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 503 |
return $string;
|
| 504 |
}
|
| 505 |
|
includes/functions.php
CHANGED
|
@@ -61,6 +61,11 @@ if ( isset( $_GET['bulk_settings_manageruse_nonce_key'] ) && isset( $_GET['bulk_
|
|
| 61 |
ob_start();
|
| 62 |
debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature.
|
| 63 |
$stackTrace = "\n" . ob_get_clean();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 64 |
die( '<mainwp>' . base64_encode( wp_json_encode( array( 'error' => 'You dont send nonce: ' . $action . '<br/>Trace: ' . $stackTrace ) ) ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 65 |
}
|
| 66 |
|
|
@@ -101,6 +106,10 @@ if ( isset( $_GET['bulk_settings_manageruse_nonce_key'] ) && isset( $_GET['bulk_
|
|
| 101 |
debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature.
|
| 102 |
$stackTrace = "\n" . ob_get_clean();
|
| 103 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 104 |
// Invalid nonce.
|
| 105 |
die( '<mainwp>' . base64_encode( wp_json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '<br/>Trace: ' . $stackTrace ) ) ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 106 |
}
|
| 61 |
ob_start();
|
| 62 |
debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature.
|
| 63 |
$stackTrace = "\n" . ob_get_clean();
|
| 64 |
+
|
| 65 |
+
// Invalid nonce.
|
| 66 |
+
if ( isset( $_REQUEST['bulk_settings_skip_invalid_nonce'] ) && ! empty( $_REQUEST['bulk_settings_skip_invalid_nonce'] ) ) {
|
| 67 |
+
return false;
|
| 68 |
+
}
|
| 69 |
die( '<mainwp>' . base64_encode( wp_json_encode( array( 'error' => 'You dont send nonce: ' . $action . '<br/>Trace: ' . $stackTrace ) ) ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 70 |
}
|
| 71 |
|
| 106 |
debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature.
|
| 107 |
$stackTrace = "\n" . ob_get_clean();
|
| 108 |
|
| 109 |
+
// Invalid nonce.
|
| 110 |
+
if ( isset( $_REQUEST['bulk_settings_skip_invalid_nonce'] ) && ! empty( $_REQUEST['bulk_settings_skip_invalid_nonce'] ) ) {
|
| 111 |
+
return false;
|
| 112 |
+
}
|
| 113 |
// Invalid nonce.
|
| 114 |
die( '<mainwp>' . base64_encode( wp_json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '<br/>Trace: ' . $stackTrace ) ) ) . '</mainwp>' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for http encode compatible..
|
| 115 |
}
|
mainwp-child.php
CHANGED
|
@@ -12,7 +12,7 @@
|
|
| 12 |
* Author: MainWP
|
| 13 |
* Author URI: https://mainwp.com
|
| 14 |
* Text Domain: mainwp-child
|
| 15 |
-
* Version: 4.3.
|
| 16 |
* Requires at least: 5.4
|
| 17 |
* Requires PHP: 7.0
|
| 18 |
*/
|
| 12 |
* Author: MainWP
|
| 13 |
* Author URI: https://mainwp.com
|
| 14 |
* Text Domain: mainwp-child
|
| 15 |
+
* Version: 4.3.1
|
| 16 |
* Requires at least: 5.4
|
| 17 |
* Requires PHP: 7.0
|
| 18 |
*/
|
readme.txt
CHANGED
|
@@ -7,7 +7,7 @@ Plugin URI: https://mainwp.com
|
|
| 7 |
Requires at least: 5.4
|
| 8 |
Tested up to: 6.1.1
|
| 9 |
Requires PHP: 7.0
|
| 10 |
-
Stable tag: 4.3.
|
| 11 |
License: GPLv3 or later
|
| 12 |
License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
| 13 |
|
|
@@ -143,9 +143,15 @@ Sure we have a quick FAQ with a lot more questions and answers [here](https://ma
|
|
| 143 |
7. Manage Posts Screen
|
| 144 |
8. MainWP Settings Screen
|
| 145 |
9. Global Dashboard Screen
|
|
|
|
| 146 |
|
| 147 |
== Changelog ==
|
| 148 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 149 |
= 4.3.0.1 - 11-24-2022 =
|
| 150 |
* Fixed: An issue with logging Non-MainWP changes for the connected admin user
|
| 151 |
* Removed: Unused DB field
|
| 7 |
Requires at least: 5.4
|
| 8 |
Tested up to: 6.1.1
|
| 9 |
Requires PHP: 7.0
|
| 10 |
+
Stable tag: 4.3.1
|
| 11 |
License: GPLv3 or later
|
| 12 |
License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
| 13 |
|
| 143 |
7. Manage Posts Screen
|
| 144 |
8. MainWP Settings Screen
|
| 145 |
9. Global Dashboard Screen
|
| 146 |
+
10. Manage Clients Screen
|
| 147 |
|
| 148 |
== Changelog ==
|
| 149 |
|
| 150 |
+
= 4.3.1 - 12-14-2022 =
|
| 151 |
+
* Fixed: An issue with repeating Non-MainWP changes
|
| 152 |
+
* Updated: PHP 8.1 compatibility improvements
|
| 153 |
+
* Preventative: Multiple security enhancements
|
| 154 |
+
|
| 155 |
= 4.3.0.1 - 11-24-2022 =
|
| 156 |
* Fixed: An issue with logging Non-MainWP changes for the connected admin user
|
| 157 |
* Removed: Unused DB field
|
