Version Description
- 25 Mar 2015 =
- Added support for openssl signing.
Download this release
Release Info
| Developer | briancolinger |
| Plugin |  VaultPress |
| Version | 1.7.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.7.0 to 1.7.1
- readme.txt +5 -2
- vaultpress.php +34 -4
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
-
Tested up to: 4.
|
| 6 |
-
Stable tag: 1.7.
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
|
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 54 |
= 1.7.0 - 9 Jan 2015 =
|
| 55 |
* Added an option to disable calls to php_uname, as some hosts don't allow them.
|
| 56 |
|
| 2 |
Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
+
Tested up to: 4.2
|
| 6 |
+
Stable tag: 1.7.1
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
| 54 |
+
= 1.7.1 - 25 Mar 2015 =
|
| 55 |
+
* Added support for openssl signing.
|
| 56 |
+
|
| 57 |
= 1.7.0 - 9 Jan 2015 =
|
| 58 |
* Added an option to disable calls to php_uname, as some hosts don't allow them.
|
| 59 |
|
vaultpress.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
-
* Version: 1.7.
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
|
@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
|
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
var $db_version = 4;
|
| 21 |
-
var $plugin_version = '1.7.
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
|
@@ -934,12 +934,19 @@ class VaultPress {
|
|
| 934 |
return '*';
|
| 935 |
}
|
| 936 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 937 |
function ai_ping_next() {
|
| 938 |
global $wpdb;
|
| 939 |
$name = "_vp_ai_ping";
|
| 940 |
-
$
|
| 941 |
-
|
|
|
|
| 942 |
return false;
|
|
|
|
| 943 |
return $wpdb->insert_id;
|
| 944 |
}
|
| 945 |
|
|
@@ -1814,6 +1821,21 @@ JS;
|
|
| 1814 |
unset( $post['_REPEATED'] );
|
| 1815 |
ksort( $post );
|
| 1816 |
$to_sign = serialize( array( 'uri' => $uri, 'post' => $post ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1817 |
$signature = $this->sign_string( $to_sign, $secret, $sig[1] );
|
| 1818 |
if ( $sig[0] === $signature )
|
| 1819 |
return true;
|
|
@@ -1950,6 +1972,14 @@ JS;
|
|
| 1950 |
return hash_hmac( 'sha1', "$string:$salt", $secret );
|
| 1951 |
}
|
| 1952 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1953 |
function response( $response, $raw = false ) {
|
| 1954 |
// "re" -- "Response Encoding"
|
| 1955 |
if ( !empty( $_GET['re'] ) )
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
+
* Version: 1.7.1
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
var $db_version = 4;
|
| 21 |
+
var $plugin_version = '1.7.1';
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
| 934 |
return '*';
|
| 935 |
}
|
| 936 |
|
| 937 |
+
/**
|
| 938 |
+
* Use an option ID to ensure a unique ping ID for the site.
|
| 939 |
+
*
|
| 940 |
+
* @return int|false The new ping number. False, if there was an error.
|
| 941 |
+
*/
|
| 942 |
function ai_ping_next() {
|
| 943 |
global $wpdb;
|
| 944 |
$name = "_vp_ai_ping";
|
| 945 |
+
$wpdb->query( $wpdb->prepare( "DELETE FROM `$wpdb->options` WHERE `option_name` = %s;", $name ) );
|
| 946 |
+
$success = $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->options` (`option_name`, `option_value`, `autoload`) VALUES (%s, '', 'no')", $name ) );
|
| 947 |
+
if ( ! $success ) {
|
| 948 |
return false;
|
| 949 |
+
}
|
| 950 |
return $wpdb->insert_id;
|
| 951 |
}
|
| 952 |
|
| 1821 |
unset( $post['_REPEATED'] );
|
| 1822 |
ksort( $post );
|
| 1823 |
$to_sign = serialize( array( 'uri' => $uri, 'post' => $post ) );
|
| 1824 |
+
|
| 1825 |
+
if ( $this->can_use_openssl() ) {
|
| 1826 |
+
$sslsig = '';
|
| 1827 |
+
if ( isset( $post['sslsig'] ) ) {
|
| 1828 |
+
$sslsig = $post['sslsig'];
|
| 1829 |
+
unset( $post['sslsig'] );
|
| 1830 |
+
}
|
| 1831 |
+
if ( openssl_verify( serialize( array( 'uri' => $uri, 'post' => $post ) ), base64_decode( $sslsig ), $this->get_option( 'public_key' ) ) ) {
|
| 1832 |
+
return true;
|
| 1833 |
+
} else {
|
| 1834 |
+
$__vp_validate_error = array( 'error' => 'invalid_signed_data' );
|
| 1835 |
+
return false;
|
| 1836 |
+
}
|
| 1837 |
+
}
|
| 1838 |
+
|
| 1839 |
$signature = $this->sign_string( $to_sign, $secret, $sig[1] );
|
| 1840 |
if ( $sig[0] === $signature )
|
| 1841 |
return true;
|
| 1972 |
return hash_hmac( 'sha1', "$string:$salt", $secret );
|
| 1973 |
}
|
| 1974 |
|
| 1975 |
+
function can_use_openssl() {
|
| 1976 |
+
if ( !function_exists( 'openssl_verify' ) )
|
| 1977 |
+
return false;
|
| 1978 |
+
if ( 1 !== (int) $this->get_option( 'use_openssl_signing' ) )
|
| 1979 |
+
return false;
|
| 1980 |
+
return true;
|
| 1981 |
+
}
|
| 1982 |
+
|
| 1983 |
function response( $response, $raw = false ) {
|
| 1984 |
// "re" -- "Response Encoding"
|
| 1985 |
if ( !empty( $_GET['re'] ) )
|
