VaultPress - Version 1.5.6

Version Description

Bugfix: Some servers with restrictive security filters make database restores fail.
Feature: Add a new restore method to VaultPress_Database.

Release Info

Developer	thingalon
Plugin	VaultPress
Version	1.5.6
Comparing to
See all releases

Code changes from version 1.5.5 to 1.5.6

Files changed (3) hide show

class.vaultpress-database.php +39 -0
readme.txt +5 -1
vaultpress.php +22 -9

class.vaultpress-database.php CHANGED Viewed

@@ -335,4 +335,43 @@ class VaultPress_Database {
             		return $table;
+            	}
+            }


335
336	return $table;
337	}
338	+
339	+ function restore( $data_file, $md5_sum, $delete = true ) {
340	+ global $wpdb;
341	+ if ( !file_exists( $data_file ) \|\| !is_readable( $data_file ) \|\| !filesize( $data_file ) )
342	+ return array( 'last_error' => 'File does not exist', 'data_file' => $data_file );
343	+ if ( md5_file( $data_file ) !== $md5_sum )
344	+ return array( 'last_error' => 'Checksum mistmatch', 'data_file' => $data_file );
345	+ if ( function_exists( 'exec' ) && ( $mysql = exec( 'which mysql' ) ) ) {
346	+ $details = explode( ':', DB_HOST, 2 );
347	+ $params = array( defined( 'DB_CHARSET' ) && DB_CHARSET ? DB_CHARSET : 'utf8', DB_USER, DB_PASSWORD, $details[0], isset( $details[1] ) ? $details[1] : 3306, DB_NAME, $data_file );
348	+ exec( sprintf( '%s %s', escapeshellcmd( $mysql ), vsprintf( '-A --default-character-set=%s -u%s -p%s -h%s -P%s %s < %s', array_map( 'escapeshellarg', $params ) ) ), $output, $r );
349	+ if ( 0 === $r ) {
350	+ if ( $delete )
351	+ @unlink( $data_file );
352	+ return array( 'affected_rows' => 1, 'data_file' => $data_file, 'mysql_cli' => true );
353	+ }
354	+ }
355	+ $size = filesize( $data_file );
356	+ $fh = fopen( $data_file, 'r' );
357	+ $last_error = false;
358	+ $affected_rows = 0;
359	+ if ( $size == 0 \|\| !is_resource( $fh ) ) {
360	+ if ( $delete )
361	+ @unlink( $data_file );
362	+ return array( 'last_error' => 'Empty file or not readable', 'data_file' => $data_file );
363	+ } else {
364	+ while( !feof( $fh ) ) {
365	+ $query = trim( stream_get_line( $fh, $size, ";\n" ) );
366	+ if ( !empty( $query ) ) {
367	+ $affected_rows += $wpdb->query( $query );
368	+ $last_error = $wpdb->last_error;
369	+ }
370	+ }
371	+ fclose( $fh );
372	+ }
373	+ if ( $delete )
374	+ @unlink( $data_file );
375	+ return array( 'affected_rows' => $affected_rows, 'last_error' => $last_error, 'data_file' => $data_file );
376	+ }
377	}

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
3	Tags: security, malware, virus, backups, scanning
4	Requires at least: 2.9.2
5	Tested up to: 3.8
6	- Stable tag: 1.5.5
7	License: GPLv2
8
9	VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
	@@ -51,6 +51,10 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
53	== Changelog ==




54	= 1.5.2 =
55	* Bugfix: Adding less greedy patterns for cache directories.
56


3	Tags: security, malware, virus, backups, scanning
4	Requires at least: 2.9.2
5	Tested up to: 3.8
6	+ Stable tag: 1.5.6
7	License: GPLv2
8
9	VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.

51	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
53	== Changelog ==
54	+ = 1.5.6 =
55	+ * Bugfix: Some servers with restrictive security filters make database restores fail.
56	+ * Feature: Add a new restore method to VaultPress_Database.
57	+
58	= 1.5.2 =
59	* Bugfix: Adding less greedy patterns for cache directories.
60

vaultpress.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	- * Version: 1.5.5
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+
	@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
18	class VaultPress {
19	var $option_name = 'vaultpress';
20	var $db_version = 3;
21	- var $plugin_version = '1.5.5';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );
	@@ -1273,11 +1273,14 @@ JS;
1273	$http_modules = apache_get_modules();
1274	else
1275	$http_modules = null;
1276	- if ( function_exists( 'apache_get_version' ) )
1277	- $~~httpd~~ = ~~array_shift(~~ explode( ' ', apache_get_version() ) );


1278	}
1279	if ( !$httpd && 0 === stripos( $_SERVER['SERVER_SOFTWARE'], 'Apache' ) ) {
1280	- $~~httpd~~ = ~~array_shift(~~ explode( ' ', $_SERVER['SERVER_SOFTWARE'] ) );

1281	if ( isset( $_POST['apache_modules'] ) && $_POST['apache_modules'] == 1 )
1282	$http_modules = 'unknown';
1283	else
	@@ -1465,7 +1468,8 @@ JS;
1465	$bdb->attach( base64_decode( $_POST['table'] ), $parse_create_table );
1466	}
1467
1468	- ~~switch~~ ( ~~array_pop(~~ explode( ':', $_GET['action'] ) ~~) ) {~~

1469	case 'diff':
1470	if ( !$signatures ) die( 'naughty naughty' );
1471	// encoded because mod_security sees this as an SQL injection attack
	@@ -1490,7 +1494,8 @@ JS;
1490	if ( isset( $_POST['table'] ) )
1491	$bdb->attach( base64_decode( $_POST['table'] ) );
1492
1493	- ~~switch~~ ( ~~array_pop(~~ explode( ':', $_GET['action'] ) ~~) ) {~~

1494	default:
1495	die( "naughty naughty" );
1496	case 'tables':
	@@ -1501,6 +1506,12 @@ JS;
1501	$this->response( $bdb->show_create() );
1502	}
1503	break;






1504	case 'themes:active':
1505	$this->response( get_option( 'current_theme' ) );
1506	case 'plugins:active':
	@@ -1512,7 +1523,8 @@ JS;
1512	case 'plugins:stat': case 'uploads:stat': case 'themes:stat': case 'content:stat': case 'root:stat':
1513	case 'plugins:get': case 'uploads:get': case 'themes:get': case 'content:get': case 'root:get':
1514
1515	- $~~bfs->want(~~ ~~array_shift(~~ explode( ':', $_GET['action'] ) ~~) )~~;

1516
1517	if ( isset( $_POST['path'] ) )
1518	$path = $_POST['path'];
	@@ -1552,7 +1564,8 @@ JS;
1552	else
1553	$full_list = false;
1554
1555	- ~~switch~~ ( ~~array_pop(~~ explode( ':', $_GET['action'] ) ~~) ) {~~

1556	default:
1557	die( "naughty naughty" );
1558	case 'checksum':


3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	+ * Version: 1.5.6
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+

18	class VaultPress {
19	var $option_name = 'vaultpress';
20	var $db_version = 3;
21	+ var $plugin_version = '1.5.6';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );

1273	$http_modules = apache_get_modules();
1274	else
1275	$http_modules = null;
1276	+ if ( function_exists( 'apache_get_version' ) ) {
1277	+ $version_pieces = explode( ' ', apache_get_version() );
1278	+ $httpd = array_shift( $version_pieces );
1279	+ }
1280	}
1281	if ( !$httpd && 0 === stripos( $_SERVER['SERVER_SOFTWARE'], 'Apache' ) ) {
1282	+ $software_pieces = explode( ' ', $_SERVER['SERVER_SOFTWARE'] );
1283	+ $httpd = array_shift( $software_pieces );
1284	if ( isset( $_POST['apache_modules'] ) && $_POST['apache_modules'] == 1 )
1285	$http_modules = 'unknown';
1286	else

1468	$bdb->attach( base64_decode( $_POST['table'] ), $parse_create_table );
1469	}
1470
1471	+ $action_pieces = explode( ':', $_GET['action'] );
1472	+ switch ( array_pop( $action_pieces ) ) {
1473	case 'diff':
1474	if ( !$signatures ) die( 'naughty naughty' );
1475	// encoded because mod_security sees this as an SQL injection attack

1494	if ( isset( $_POST['table'] ) )
1495	$bdb->attach( base64_decode( $_POST['table'] ) );
1496
1497	+ $action_pieces = explode( ':', $_GET['action'] );
1498	+ switch ( array_pop( $action_pieces ) ) {
1499	default:
1500	die( "naughty naughty" );
1501	case 'tables':

1506	$this->response( $bdb->show_create() );
1507	}
1508	break;
1509	+ case 'db:restore':
1510	+ if ( !empty( $_POST['path'] ) && !empty( $_POST['hash'] ) ) {
1511	+ $delete = !isset( $_POST['remove'] ) \|\| $_POST['remove'] && 'false' !== $_POST['remove'];
1512	+ $this->response( $bdb->restore( $_POST['path'], $_POST['hash'], $delete ) );
1513	+ }
1514	+ break;
1515	case 'themes:active':
1516	$this->response( get_option( 'current_theme' ) );
1517	case 'plugins:active':

1523	case 'plugins:stat': case 'uploads:stat': case 'themes:stat': case 'content:stat': case 'root:stat':
1524	case 'plugins:get': case 'uploads:get': case 'themes:get': case 'content:get': case 'root:get':
1525
1526	+ $action_pieces = explode( ':', $_GET['action'] );
1527	+ $bfs->want( array_shift( $action_pieces ) );
1528
1529	if ( isset( $_POST['path'] ) )
1530	$path = $_POST['path'];

1564	else
1565	$full_list = false;
1566
1567	+ $action_pieces = explode( ':', $_GET['action'] );
1568	+ switch ( array_pop( $action_pieces ) ) {
1569	default:
1570	die( "naughty naughty" );
1571	case 'checksum':