WP-DBManager - Version 2.74

Version Description

N/A

Download this release

Release Info

Developer GamerZ
Plugin Icon WP-DBManager
Version 2.74
Comparing to
See all releases

Code changes from version 2.73 to 2.74

Files changed (4) hide show
  1. database-backup.php +8 -11
  2. database-manage.php +2 -3
  3. readme.txt +4 -2
  4. wp-dbmanager.php +3 -4
database-backup.php CHANGED
@@ -15,7 +15,6 @@ $backup['date'] = current_time('timestamp');
15
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
16
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
17
  $backup['path'] = $backup_options['path'];
18
- $backup['password'] = str_replace('$', '\$', DB_PASSWORD);
19
  $backup['charset'] = ' --default-character-set="utf8"';
20
 
21
  ### Form Processing
@@ -42,22 +41,20 @@ if(!empty($_POST['do'])) {
42
  if($gzip == 1) {
43
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql.gz';
44
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
45
- $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' | gzip > ' . escapeshellcmd( $brace . $backup['filepath'] . $brace );
46
  } else {
47
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql';
48
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
49
- $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' > ' . escapeshellcmd( $brace . $backup['filepath'] . $brace );
50
  }
51
-
52
- $error = execute_backup($backup['command']);
53
- if(!is_writable($backup['path'])) {
54
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Backup Folder Not Writable.', 'wp-dbmanager'), $current_date).'</p>';
55
- } elseif(filesize($backup['filepath']) == 0) {
56
- unlink($backup['filepath']);
57
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Backup File Size Is 0KB.', 'wp-dbmanager'), $current_date).'</p>';
58
- } elseif(!is_file($backup['filepath'])) {
59
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Invalid Backup File Path.', 'wp-dbmanager'), $current_date).'</p>';
60
- } elseif($error) {
61
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'.', 'wp-dbmanager'), $current_date).'</p>';
62
  } else {
63
  $text = '<p style="color: green;">'.sprintf(__('Database Backed Up Successfully On \'%s\'.', 'wp-dbmanager'), $current_date).'</p>';
@@ -75,7 +72,7 @@ $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql';
75
  $status_count = 0;
76
  $stats_function_disabled = 0;
77
  ?>
78
- <?php if(!empty($text)) { echo '<!-- Last Action --><div id="message" class="updated fade"><p>'.$text.'</p></div>'; } ?>
79
  <!-- Checking Backup Status -->
80
  <div class="wrap">
81
  <h2><?php _e('Backup Database', 'wp-dbmanager'); ?></h2>
15
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
16
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
17
  $backup['path'] = $backup_options['path'];
 
18
  $backup['charset'] = ' --default-character-set="utf8"';
19
 
20
  ### Form Processing
41
  if($gzip == 1) {
42
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql.gz';
43
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
44
+ $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' | gzip > ' . escapeshellcmd( $brace . $backup['filepath'] . $brace );
45
  } else {
46
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql';
47
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
48
+ $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' > ' . escapeshellcmd( $brace . $backup['filepath'] . $brace );
49
  }
50
+ $error = execute_backup( $backup['command'] );
51
+ if(!is_writable( $backup['path'] ) ) {
 
52
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Backup Folder Not Writable.', 'wp-dbmanager'), $current_date).'</p>';
53
+ } elseif( is_file( $backup['filepath'] ) && filesize( $backup['filepath'] ) === 0 ) {
 
54
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Backup File Size Is 0KB.', 'wp-dbmanager'), $current_date).'</p>';
55
+ } elseif( ! is_file( $backup['filepath'] ) ) {
56
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'. Invalid Backup File Path.', 'wp-dbmanager'), $current_date).'</p>';
57
+ } elseif( $error ) {
58
  $text = '<p style="color: red;">'.sprintf(__('Database Failed To Backup On \'%s\'.', 'wp-dbmanager'), $current_date).'</p>';
59
  } else {
60
  $text = '<p style="color: green;">'.sprintf(__('Database Backed Up Successfully On \'%s\'.', 'wp-dbmanager'), $current_date).'</p>';
72
  $status_count = 0;
73
  $stats_function_disabled = 0;
74
  ?>
75
+ <?php if( ! empty( $text ) ) { echo '<div id="message" class="updated">'.$text.'</div>'; } ?>
76
  <!-- Checking Backup Status -->
77
  <div class="wrap">
78
  <h2><?php _e('Backup Database', 'wp-dbmanager'); ?></h2>
database-manage.php CHANGED
@@ -14,7 +14,6 @@ $backup['date'] = current_time('timestamp');
14
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
15
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
16
  $backup['path'] = $backup_options['path'];
17
- $backup['password'] = str_replace('$', '\$', DB_PASSWORD);
18
  $backup['charset'] = ' --default-character-set="utf8"';
19
 
20
 
@@ -44,9 +43,9 @@ if( !empty( $_POST['do'] ) ) {
44
  }
45
  }
46
  if(stristr($database_file, '.gz')) {
47
- $backup['command'] = 'gunzip < ' . escapeshellcmd( $brace . $backup['path'] . '/' . $database_file . $brace ) .' | '. escapeshellcmd( $brace . $backup['mysqlpath'] . $brace ) . ' --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' ' . DB_NAME;
48
  } else {
49
- $backup['command'] = escapeshellcmd( $brace . $backup['mysqlpath'] . $brace ) . ' --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' ' . DB_NAME . ' < '.escapeshellcmd( $brace . $backup['path'] . '/' . $database_file . $brace );
50
  }
51
  if( realpath( $backup['path'] ) === false ) {
52
  $text = '<p style="color: red;">' . sprintf(__('%s is not a valid backup path', 'wp-dbmanager'), stripslashes( $backup['path'] ) ) . '</p>';
14
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
15
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
16
  $backup['path'] = $backup_options['path'];
 
17
  $backup['charset'] = ' --default-character-set="utf8"';
18
 
19
 
43
  }
44
  }
45
  if(stristr($database_file, '.gz')) {
46
+ $backup['command'] = 'gunzip < ' . escapeshellcmd( $brace . $backup['path'] . '/' . $database_file . $brace ) .' | '. escapeshellcmd( $brace . $backup['mysqlpath'] . $brace ) . ' --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' ' . DB_NAME;
47
  } else {
48
+ $backup['command'] = escapeshellcmd( $brace . $backup['mysqlpath'] . $brace ) . ' --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' ' . DB_NAME . ' < '.escapeshellcmd( $brace . $backup['path'] . '/' . $database_file . $brace );
49
  }
50
  if( realpath( $backup['path'] ) === false ) {
51
  $text = '<p style="color: red;">' . sprintf(__('%s is not a valid backup path', 'wp-dbmanager'), stripslashes( $backup['path'] ) ) . '</p>';
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://lesterchan.net/site/donation/
4
  Tags: database, manage, wp-dbmanager, manager, table, optimize, backup, queries, query, drop, empty, tables, table, run, repair, cron, schedule, scheduling, automatic
5
  Requires at least: 3.9
6
  Tested up to: 4.0
7
- Stable tag: 2.73
8
 
9
  Manages your WordPress database.
10
 
@@ -33,11 +33,13 @@ Allows you to optimize database, repair database, backup database, restore datab
33
  * To know about the difference between WP-DBManager and WP-DB-backup, checkout __What is the difference between WP-DBManager and WP-DB-Backup?__ in the [FAQ section](https://wordpress.org/plugins/wp-dbmanager/faq/).
34
 
35
  == Changelog ==
 
 
36
  = Version 2.73 =
37
  * FIXED: Unable to backup/restore database if user database password has certain special characters in them
38
 
39
  = Version 2.72 =
40
- * FIXED: Uses escapeshellcmd() to escape shell commands. Props Larry W. Cashdollari.
41
  * FIXED: Do not allow LOAD_FILE to be run. Props Larry W. Cashdollari.
42
  * FIXED: Uses dbmanager_is_valid_path() to check for mysql and mysqldump path. Fixes arbitrary command injection using backup path. Props Larry W. Cashdollari.
43
  * FIXED: Uses realpath() to check for backup path. Fixes arbitrary command injection using backup path. Props Larry W. Cashdollari.
4
  Tags: database, manage, wp-dbmanager, manager, table, optimize, backup, queries, query, drop, empty, tables, table, run, repair, cron, schedule, scheduling, automatic
5
  Requires at least: 3.9
6
  Tested up to: 4.0
7
+ Stable tag: 2.74
8
 
9
  Manages your WordPress database.
10
 
33
  * To know about the difference between WP-DBManager and WP-DB-backup, checkout __What is the difference between WP-DBManager and WP-DB-Backup?__ in the [FAQ section](https://wordpress.org/plugins/wp-dbmanager/faq/).
34
 
35
  == Changelog ==
36
+ * FIXED: escapeshellarg() already escape $, no need to double escape it
37
+
38
  = Version 2.73 =
39
  * FIXED: Unable to backup/restore database if user database password has certain special characters in them
40
 
41
  = Version 2.72 =
42
+ * FIXED: Use escapeshellcmd() to escape shell commands. Props Larry W. Cashdollari.
43
  * FIXED: Do not allow LOAD_FILE to be run. Props Larry W. Cashdollari.
44
  * FIXED: Uses dbmanager_is_valid_path() to check for mysql and mysqldump path. Fixes arbitrary command injection using backup path. Props Larry W. Cashdollari.
45
  * FIXED: Uses realpath() to check for backup path. Fixes arbitrary command injection using backup path. Props Larry W. Cashdollari.
wp-dbmanager.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP-DBManager
4
  Plugin URI: http://lesterchan.net/portfolio/programming/php/
5
  Description: Manages your WordPress database. Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.
6
- Version: 2.73
7
  Author: Lester 'GaMerZ' Chan
8
  Author URI: http://lesterchan.net
9
  Text Domain: wp-dbmanager
@@ -68,7 +68,6 @@ function cron_dbmanager_backup() {
68
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
69
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
70
  $backup['path'] = $backup_options['path'];
71
- $backup['password'] = str_replace('$', '\$', DB_PASSWORD);
72
  $backup['host'] = DB_HOST;
73
  $backup['port'] = '';
74
  $backup['sock'] = '';
@@ -86,11 +85,11 @@ function cron_dbmanager_backup() {
86
  if(intval($backup_options['backup_gzip']) == 1) {
87
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql.gz';
88
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
89
- $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ).' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' | gzip > '.escapeshellcmd( $brace . $backup['filepath'] . $brace );
90
  } else {
91
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql';
92
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
93
- $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ).' --user=' . escapeshellarg( DB_USER ). ' --password=' . escapeshellarg( $backup['password'] ) . $backup['port'] . $backup['sock'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' > '.escapeshellcmd( $brace . $backup['filepath'] . $brace );
94
  }
95
  execute_backup($backup['command']);
96
  if( ! empty( $backup_email ) )
3
  Plugin Name: WP-DBManager
4
  Plugin URI: http://lesterchan.net/portfolio/programming/php/
5
  Description: Manages your WordPress database. Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database.
6
+ Version: 2.74
7
  Author: Lester 'GaMerZ' Chan
8
  Author URI: http://lesterchan.net
9
  Text Domain: wp-dbmanager
68
  $backup['mysqldumppath'] = $backup_options['mysqldumppath'];
69
  $backup['mysqlpath'] = $backup_options['mysqlpath'];
70
  $backup['path'] = $backup_options['path'];
 
71
  $backup['host'] = DB_HOST;
72
  $backup['port'] = '';
73
  $backup['sock'] = '';
85
  if(intval($backup_options['backup_gzip']) == 1) {
86
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql.gz';
87
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
88
+ $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ).' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' | gzip > '.escapeshellcmd( $brace . $backup['filepath'] . $brace );
89
  } else {
90
  $backup['filename'] = $backup['date'].'_-_'.DB_NAME.'.sql';
91
  $backup['filepath'] = $backup['path'].'/'.$backup['filename'];
92
+ $backup['command'] = escapeshellcmd( $brace . $backup['mysqldumppath'] . $brace ) . ' --force --host=' . escapeshellarg( $backup['host'] ).' --user=' . escapeshellarg( DB_USER ). ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' > '.escapeshellcmd( $brace . $backup['filepath'] . $brace );
93
  }
94
  execute_backup($backup['command']);
95
  if( ! empty( $backup_email ) )