VaultPress - Version 1.6

Version Description

  • Bugfix: Better handling for Multisite table prefixes.
  • Bugfix: Do not use the deprecated wpdb::escape() method.
Download this release

Release Info

Developer thingalon
Plugin Icon 128x128 VaultPress
Version 1.6
Comparing to
See all releases

Code changes from version 1.5.9 to 1.6

Files changed (3) hide show
  1. class.vaultpress-database.php +11 -11
  2. readme.txt +5 -1
  3. vaultpress.php +5 -5
class.vaultpress-database.php CHANGED
@@ -27,7 +27,7 @@ class VaultPress_Database {
27
  global $wpdb;
28
  if ( !$this->table )
29
  return false;
30
- $table = $wpdb->escape( $this->table );
31
  $results = $wpdb->get_row( "SHOW CREATE TABLE `$table`" );
32
  $want = 'Create Table';
33
  if ( $results )
@@ -39,7 +39,7 @@ class VaultPress_Database {
39
  global $wpdb;
40
  if ( !$this->table )
41
  return false;
42
- $table = $wpdb->escape( $this->table );
43
  return $wpdb->get_results( "EXPLAIN `$table`" );
44
  }
45
 
@@ -49,7 +49,7 @@ class VaultPress_Database {
49
  return false;
50
  if ( !$this->table )
51
  return false;
52
- $table = $wpdb->escape( $this->table );
53
  $diff = array();
54
  foreach ( $signatures as $where => $signature ) {
55
  $pksig = md5( $where );
@@ -73,8 +73,8 @@ class VaultPress_Database {
73
  return false;
74
  if ( !$this->table )
75
  return false;
76
- $table = $wpdb->escape( $this->table );
77
- $column = $wpdb->escape( array_shift( $columns ) );
78
  return $wpdb->get_var( "SELECT COUNT( $column ) FROM `$table`" );
79
  }
80
 
@@ -108,7 +108,7 @@ class VaultPress_Database {
108
  return false;
109
  if ( !$this->table )
110
  return false;
111
- $table = $wpdb->escape( $this->table );
112
  $limitsql = '';
113
  $offsetsql = '';
114
  $wheresql = '';
@@ -135,8 +135,8 @@ class VaultPress_Database {
135
  $keys = array();
136
  $vals = array();
137
  foreach ( get_object_vars( $row ) as $i => $v ) {
138
- $keys[] = sprintf( "`%s`", $wpdb->escape( $i ) );
139
- $vals[] = sprintf( "'%s'", $wpdb->escape( $v ) );
140
  if ( !in_array( $i, $columns ) )
141
  unset( $row->$i );
142
  }
@@ -156,7 +156,7 @@ class VaultPress_Database {
156
  return false;
157
 
158
  foreach ( array_keys( (array)$data ) as $key )
159
- $keys[] = sprintf( "`%s`", $wpdb->escape( $key ) );
160
  foreach ( (array)$data as $key => $val ) {
161
  if ( null === $val ) {
162
  $vals[] = 'NULL';
@@ -172,8 +172,8 @@ class VaultPress_Database {
172
  // do not add quotes to numeric types.
173
  $vals[] = $val;
174
  } else {
175
- $val = $wpdb->escape( $val );
176
- // Escape characters that aren't escaped by $wpdb->escape(): \n, \r, etc.
177
  $val = str_replace( array( "\x0a", "\x0d", "\x1a" ), array( '\n', '\r', '\Z' ), $val );
178
  $vals[] = sprintf( "'%s'", $val );
179
  }
27
  global $wpdb;
28
  if ( !$this->table )
29
  return false;
30
+ $table = esc_sql( $this->table );
31
  $results = $wpdb->get_row( "SHOW CREATE TABLE `$table`" );
32
  $want = 'Create Table';
33
  if ( $results )
39
  global $wpdb;
40
  if ( !$this->table )
41
  return false;
42
+ $table = esc_sql( $this->table );
43
  return $wpdb->get_results( "EXPLAIN `$table`" );
44
  }
45
 
49
  return false;
50
  if ( !$this->table )
51
  return false;
52
+ $table = esc_sql( $this->table );
53
  $diff = array();
54
  foreach ( $signatures as $where => $signature ) {
55
  $pksig = md5( $where );
73
  return false;
74
  if ( !$this->table )
75
  return false;
76
+ $table = esc_sql( $this->table );
77
+ $column = esc_sql( array_shift( $columns ) );
78
  return $wpdb->get_var( "SELECT COUNT( $column ) FROM `$table`" );
79
  }
80
 
108
  return false;
109
  if ( !$this->table )
110
  return false;
111
+ $table = esc_sql( $this->table );
112
  $limitsql = '';
113
  $offsetsql = '';
114
  $wheresql = '';
135
  $keys = array();
136
  $vals = array();
137
  foreach ( get_object_vars( $row ) as $i => $v ) {
138
+ $keys[] = sprintf( "`%s`", esc_sql( $i ) );
139
+ $vals[] = sprintf( "'%s'", esc_sql( $v ) );
140
  if ( !in_array( $i, $columns ) )
141
  unset( $row->$i );
142
  }
156
  return false;
157
 
158
  foreach ( array_keys( (array)$data ) as $key )
159
+ $keys[] = sprintf( "`%s`", esc_sql( $key ) );
160
  foreach ( (array)$data as $key => $val ) {
161
  if ( null === $val ) {
162
  $vals[] = 'NULL';
172
  // do not add quotes to numeric types.
173
  $vals[] = $val;
174
  } else {
175
+ $val = esc_sql( $val );
176
+ // Escape characters that aren't escaped by esc_sql(): \n, \r, etc.
177
  $val = str_replace( array( "\x0a", "\x0d", "\x1a" ), array( '\n', '\r', '\Z' ), $val );
178
  $vals[] = sprintf( "'%s'", $val );
179
  }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
3
  Tags: security, malware, virus, backups, scanning
4
  Requires at least: 2.9.2
5
  Tested up to: 3.9.1
6
- Stable tag: 1.5.9
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
@@ -51,6 +51,10 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
 
 
 
 
54
  = 1.5.9 =
55
  * Feature: If available, use command line md5sum and sha1sum to get checksums for large files.
56
 
3
  Tags: security, malware, virus, backups, scanning
4
  Requires at least: 2.9.2
5
  Tested up to: 3.9.1
6
+ Stable tag: 1.6
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
+ = 1.6 =
55
+ * Bugfix: Better handling for Multisite table prefixes.
56
+ * Bugfix: Do not use the deprecated wpdb::escape() method.
57
+
58
  = 1.5.9 =
59
  * Feature: If available, use command line md5sum and sha1sum to get checksums for large files.
60
 
vaultpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
- * Version: 1.5.9
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
  var $db_version = 3;
21
- var $plugin_version = '1.5.9';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
@@ -1317,7 +1317,7 @@ JS;
1317
  continue;
1318
  }
1319
 
1320
- $table = str_replace( $wpdb->prefix, '', $row->Name );
1321
 
1322
  if ( !$this->is_main_site() && $tprefix == $wpdb->prefix ) {
1323
  if ( in_array( $table, $ms_global_tables ) )
@@ -1335,10 +1335,10 @@ JS;
1335
 
1336
  if ( $this->is_main_site() ) {
1337
  foreach ( (array) $ms_global_tables as $ms_global_table ) {
1338
- $ms_table_status = $wpdb->get_row( $wpdb->prepare( "SHOW TABLE STATUS LIKE %s", $tprefix . $ms_global_table ) );
1339
  if ( !$ms_table_status )
1340
  continue;
1341
- $table = substr( $ms_table_status->Name, strlen( $tprefix ) );
1342
  $tinfo[$table] = array();
1343
  foreach ( (array) $ms_table_status as $i => $v )
1344
  $tinfo[$table][$i] = $v;
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
+ * Version: 1.6
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
  var $db_version = 3;
21
+ var $plugin_version = '1.6';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
1317
  continue;
1318
  }
1319
 
1320
+ $table = preg_replace( '/^' . preg_quote( $wpdb->prefix ) . '/', '', $row->Name );
1321
 
1322
  if ( !$this->is_main_site() && $tprefix == $wpdb->prefix ) {
1323
  if ( in_array( $table, $ms_global_tables ) )
1335
 
1336
  if ( $this->is_main_site() ) {
1337
  foreach ( (array) $ms_global_tables as $ms_global_table ) {
1338
+ $ms_table_status = $wpdb->get_row( $wpdb->prepare( "SHOW TABLE STATUS LIKE %s", $wpdb->base_prefix . $ms_global_table ) );
1339
  if ( !$ms_table_status )
1340
  continue;
1341
+ $table = substr( $ms_table_status->Name, strlen( $wpdb->base_prefix ) );
1342
  $tinfo[$table] = array();
1343
  foreach ( (array) $ms_table_status as $i => $v )
1344
  $tinfo[$table][$i] = $v;