Export WordPress data to XML/CSV

Version Description

critical security fix - stopping non-logged in users from accessing adminInit http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/

Release Info

Developer	soflyy
Plugin	Export WordPress data to XML/CSV
Version	0.9.1
Comparing to
See all releases

Code changes from version 0.9.0 to 0.9.1

Files changed (2) hide show

plugin.php +49 -27
readme.txt +5 -2

plugin.php CHANGED Viewed

@@ -3,7 +3,7 @@
             Plugin Name: WP All Export
             Plugin URI: http://wordpress.org/plugins/wp-all-export/
             Description: The most powerful solution for exporting WordPress data to an XML file.
-            -
            Version: 0.9.0
             Author: Soflyy
             */
@@ -28,7 +28,7 @@ define('PMXE_ROOT_URL', rtrim(plugin_dir_url(__FILE__), '/'));
              */
             define('PMXE_PREFIX', 'pmxe_');
-            -
            define('PMXE_VERSION', '0.9.0');
             define('PMXE_EDITION', 'free');
@@ -281,42 +281,64 @@ final class PMXE_Plugin {
             				throw new Exception('There is no previousely buffered content to display.');
+            			}
             		} else {
-            -
            			$controllerName =  preg_replace('%(^' . preg_quote(self::PREFIX, '%') . '|_).%e', 'strtoupper("$0")', str_replace('-', '_', $page)); // capitalize prefix and first letters of class name parts
             			$actionName = str_replace('-', '_', $action);
             			if (method_exists($controllerName, $actionName)) {
-            -
            				$this->_admin_current_screen = (object)array(
-            -
            					'id' => $controllerName,
-            -
            					'base' => $controllerName,
-            -
            					'action' => $actionName,
-            -
            					'is_ajax' => isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest',
-            -
            					'is_network' => is_network_admin(),
-            -
            					'is_user' => is_user_admin(),
-            -
            				);
-            -
            				add_filter('current_screen', array($this, 'getAdminCurrentScreen'));
-            -
            				add_filter('admin_body_class', create_function('', 'return "' . PMXE_Plugin::PREFIX . 'plugin";'));
-            -
-            -
            				$controller = new $controllerName();
-            -
            				if ( ! $controller instanceof PMXE_Controller_Admin) {
-            -
            					throw new Exception("Administration page `$page` matches to a wrong controller type.");
-            -
            				}
-            -
            				if ($this->_admin_current_screen->is_ajax) { // ajax request
-            -
            					$controller->$action();
-            -
            					do_action('pmxe_action_after');
-            -
            					die(); // stop processing since we want to output only what controller is randered, nothing in addition
-            -
            				} elseif ( ! $controller->isInline) {
-            -
            					ob_start();
-            -
            					$controller->$action();
-            -
            					$buffer = ob_get_clean();
             				} else {
-            -
            					$buffer_callback = array($controller, $action);
+            				}
             			} else { // redirect to dashboard if requested page and/or action don't exist
             				wp_redirect(admin_url()); die();
+            			}
+            		}
+            	}
             	protected $_admin_current_screen = NULL;
             	public function getAdminCurrentScreen()
+            	{


3	Plugin Name: WP All Export
4	Plugin URI: http://wordpress.org/plugins/wp-all-export/
5	Description: The most powerful solution for exporting WordPress data to an XML file.
6	+ Version: 0.9.1
7	Author: Soflyy
8	*/
9

28	*/
29	define('PMXE_PREFIX', 'pmxe_');
30
31	+ define('PMXE_VERSION', '0.9.1');
32
33	define('PMXE_EDITION', 'free');
34

281	throw new Exception('There is no previousely buffered content to display.');
282	}
283	} else {
284	+
285	+ // capitalize prefix and first letters of class name parts
286	+ if (function_exists('preg_replace_callback')){
287	+ $controllerName = preg_replace_callback('%(^' . preg_quote(self::PREFIX, '%') . '\|_).%', array($this, "replace_callback"),str_replace('-', '_', $page));
288	+ }
289	+ else{
290	+ $controllerName = preg_replace('%(^' . preg_quote(self::PREFIX, '%') . '\|_).%e', 'strtoupper("$0")', str_replace('-', '_', $page));
291	+ }
292	+
293	$actionName = str_replace('-', '_', $action);
294	if (method_exists($controllerName, $actionName)) {















295
296	+ if ( ! get_current_user_id() or ! current_user_can('manage_options')) {
297	+ // This nonce is not valid.
298	+ die( 'Security check' );
299	+




300	} else {
301	+
302	+ $this->_admin_current_screen = (object)array(
303	+ 'id' => $controllerName,
304	+ 'base' => $controllerName,
305	+ 'action' => $actionName,
306	+ 'is_ajax' => isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest',
307	+ 'is_network' => is_network_admin(),
308	+ 'is_user' => is_user_admin(),
309	+ );
310	+ add_filter('current_screen', array($this, 'getAdminCurrentScreen'));
311	+ add_filter('admin_body_class', create_function('', 'return "' . PMXE_Plugin::PREFIX . 'plugin";'));
312	+
313	+ $controller = new $controllerName();
314	+ if ( ! $controller instanceof PMXE_Controller_Admin) {
315	+ throw new Exception("Administration page `$page` matches to a wrong controller type.");
316	+ }
317	+
318	+ if ($this->_admin_current_screen->is_ajax) { // ajax request
319	+ $controller->$action();
320	+ do_action('pmxe_action_after');
321	+ die(); // stop processing since we want to output only what controller is randered, nothing in addition
322	+ } elseif ( ! $controller->isInline) {
323	+ ob_start();
324	+ $controller->$action();
325	+ $buffer = ob_get_clean();
326	+ } else {
327	+ $buffer_callback = array($controller, $action);
328	+ }
329	+
330	}
331	+
332	} else { // redirect to dashboard if requested page and/or action don't exist
333	wp_redirect(admin_url()); die();
334	}
335	}
336	}
337
338	+ public function replace_callback($matches){
339	+ return strtoupper($matches[0]);
340	+ }
341	+
342	protected $_admin_current_screen = NULL;
343	public function getAdminCurrentScreen()
344	{

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: soflyy
3	Tags: wordpress, xml, csv, datafeed, export
4	Requires at least: 3.6.1
5	- Tested up to: 3.8
6	- Stable tag: 0.9.0
7
8	ALPHA: WP All Export makes it easy to export WordPress data into an XML file.
9
	@@ -37,5 +37,8 @@ Either: -
37
38	== Changelog ==
39



40	= 0.9 =
41	* Initial release on WordPress.org.


2	Contributors: soflyy
3	Tags: wordpress, xml, csv, datafeed, export
4	Requires at least: 3.6.1
5	+ Tested up to: 4.1
6	+ Stable tag: 0.9.1
7
8	ALPHA: WP All Export makes it easy to export WordPress data into an XML file.
9

37
38	== Changelog ==
39
40	+ = 0.9.1 =
41	+ * critical security fix - stopping non-logged in users from accessing adminInit http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/
42	+
43	= 0.9 =
44	* Initial release on WordPress.org.

Export WordPress data to XML/CSV - Version 0.9.1

Version Description

Release Info

Code changes from version 0.9.0 to 0.9.1