Export WordPress data to XML/CSV - Version 0.9.1

Version Description

  • critical security fix - stopping non-logged in users from accessing adminInit http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/
Download this release

Release Info

Developer soflyy
Plugin Icon 128x128 Export WordPress data to XML/CSV
Version 0.9.1
Comparing to
See all releases

Code changes from version 0.9.0 to 0.9.1

Files changed (2) hide show
  1. plugin.php +49 -27
  2. readme.txt +5 -2
plugin.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: WP All Export
4
Plugin URI: http://wordpress.org/plugins/wp-all-export/
5
Description: The most powerful solution for exporting WordPress data to an XML file.
6
- Version: 0.9.0
7
Author: Soflyy
8
*/
9
@@ -28,7 +28,7 @@ define('PMXE_ROOT_URL', rtrim(plugin_dir_url(__FILE__), '/'));
28
*/
29
define('PMXE_PREFIX', 'pmxe_');
30
31
- define('PMXE_VERSION', '0.9.0');
32
33
define('PMXE_EDITION', 'free');
34
@@ -281,42 +281,64 @@ final class PMXE_Plugin {
281
throw new Exception('There is no previousely buffered content to display.');
282
}
283
} else {
284
- $controllerName = preg_replace('%(^' . preg_quote(self::PREFIX, '%') . '|_).%e', 'strtoupper("$0")', str_replace('-', '_', $page)); // capitalize prefix and first letters of class name parts
285
$actionName = str_replace('-', '_', $action);
286
if (method_exists($controllerName, $actionName)) {
287
- $this->_admin_current_screen = (object)array(
288
- 'id' => $controllerName,
289
- 'base' => $controllerName,
290
- 'action' => $actionName,
291
- 'is_ajax' => isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest',
292
- 'is_network' => is_network_admin(),
293
- 'is_user' => is_user_admin(),
294
- );
295
- add_filter('current_screen', array($this, 'getAdminCurrentScreen'));
296
- add_filter('admin_body_class', create_function('', 'return "' . PMXE_Plugin::PREFIX . 'plugin";'));
297
-
298
- $controller = new $controllerName();
299
- if ( ! $controller instanceof PMXE_Controller_Admin) {
300
- throw new Exception("Administration page `$page` matches to a wrong controller type.");
301
- }
302
303
- if ($this->_admin_current_screen->is_ajax) { // ajax request
304
- $controller->$action();
305
- do_action('pmxe_action_after');
306
- die(); // stop processing since we want to output only what controller is randered, nothing in addition
307
- } elseif ( ! $controller->isInline) {
308
- ob_start();
309
- $controller->$action();
310
- $buffer = ob_get_clean();
311
} else {
312
- $buffer_callback = array($controller, $action);
313
}
314
} else { // redirect to dashboard if requested page and/or action don't exist
315
wp_redirect(admin_url()); die();
316
}
317
}
318
}
319
320
protected $_admin_current_screen = NULL;
321
public function getAdminCurrentScreen()
322
{
3
Plugin Name: WP All Export
4
Plugin URI: http://wordpress.org/plugins/wp-all-export/
5
Description: The most powerful solution for exporting WordPress data to an XML file.
6
+ Version: 0.9.1
7
Author: Soflyy
8
*/
9
28
*/
29
define('PMXE_PREFIX', 'pmxe_');
30
31
+ define('PMXE_VERSION', '0.9.1');
32
33
define('PMXE_EDITION', 'free');
34
281
throw new Exception('There is no previousely buffered content to display.');
282
}
283
} else {
284
+
285
+ // capitalize prefix and first letters of class name parts
286
+ if (function_exists('preg_replace_callback')){
287
+ $controllerName = preg_replace_callback('%(^' . preg_quote(self::PREFIX, '%') . '|_).%', array($this, "replace_callback"),str_replace('-', '_', $page));
288
+ }
289
+ else{
290
+ $controllerName = preg_replace('%(^' . preg_quote(self::PREFIX, '%') . '|_).%e', 'strtoupper("$0")', str_replace('-', '_', $page));
291
+ }
292
+
293
$actionName = str_replace('-', '_', $action);
294
if (method_exists($controllerName, $actionName)) {
295
296
+ if ( ! get_current_user_id() or ! current_user_can('manage_options')) {
297
+ // This nonce is not valid.
298
+ die( 'Security check' );
299
+
300
} else {
301
+
302
+ $this->_admin_current_screen = (object)array(
303
+ 'id' => $controllerName,
304
+ 'base' => $controllerName,
305
+ 'action' => $actionName,
306
+ 'is_ajax' => isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest',
307
+ 'is_network' => is_network_admin(),
308
+ 'is_user' => is_user_admin(),
309
+ );
310
+ add_filter('current_screen', array($this, 'getAdminCurrentScreen'));
311
+ add_filter('admin_body_class', create_function('', 'return "' . PMXE_Plugin::PREFIX . 'plugin";'));
312
+
313
+ $controller = new $controllerName();
314
+ if ( ! $controller instanceof PMXE_Controller_Admin) {
315
+ throw new Exception("Administration page `$page` matches to a wrong controller type.");
316
+ }
317
+
318
+ if ($this->_admin_current_screen->is_ajax) { // ajax request
319
+ $controller->$action();
320
+ do_action('pmxe_action_after');
321
+ die(); // stop processing since we want to output only what controller is randered, nothing in addition
322
+ } elseif ( ! $controller->isInline) {
323
+ ob_start();
324
+ $controller->$action();
325
+ $buffer = ob_get_clean();
326
+ } else {
327
+ $buffer_callback = array($controller, $action);
328
+ }
329
+
330
}
331
+
332
} else { // redirect to dashboard if requested page and/or action don't exist
333
wp_redirect(admin_url()); die();
334
}
335
}
336
}
337
338
+ public function replace_callback($matches){
339
+ return strtoupper($matches[0]);
340
+ }
341
+
342
protected $_admin_current_screen = NULL;
343
public function getAdminCurrentScreen()
344
{
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: soflyy
3
Tags: wordpress, xml, csv, datafeed, export
4
Requires at least: 3.6.1
5
- Tested up to: 3.8
6
- Stable tag: 0.9.0
7
8
ALPHA: WP All Export makes it easy to export WordPress data into an XML file.
9
@@ -37,5 +37,8 @@ Either: -
37
38
== Changelog ==
39
40
= 0.9 =
41
* Initial release on WordPress.org.
2
Contributors: soflyy
3
Tags: wordpress, xml, csv, datafeed, export
4
Requires at least: 3.6.1
5
+ Tested up to: 4.1
6
+ Stable tag: 0.9.1
7
8
ALPHA: WP All Export makes it easy to export WordPress data into an XML file.
9
37
38
== Changelog ==
39
40
+ = 0.9.1 =
41
+ * critical security fix - stopping non-logged in users from accessing adminInit http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/
42
+
43
= 0.9 =
44
* Initial release on WordPress.org.