WP Staging – DB & File Duplicator & Migration - Version 2.9.18

Version Description

  • Fix: Does not sanitise and escape some of its backup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks (XSS) even when the unfiltered_html capability is disallowed (for example in multisite setup) #1825
Download this release

Release Info

Developer ReneHermi
Plugin Icon 128x128 WP Staging – DB & File Duplicator & Migration
Version 2.9.18
Comparing to
See all releases

Code changes from version 2.9.17 to 2.9.18

Files changed (43) hide show
  1. Backend/Administrator.php +12 -131
  2. Backend/Modules/Jobs/Cloning.php +11 -3
  3. Backend/Modules/Jobs/Updating.php +9 -2
  4. Backend/views/_main/header.php +1 -1
  5. Backend/views/backup/free-version.php +1 -17
  6. Backend/views/clone/ajax/custom-directory.php +12 -11
  7. Backend/views/clone/ajax/delete-confirmation.php +7 -7
  8. Backend/views/clone/ajax/external-database.php +7 -5
  9. Backend/views/clone/ajax/mail-setting.php +1 -1
  10. Backend/views/clone/ajax/process-lock.php +1 -5
  11. Backend/views/clone/ajax/scan.php +7 -5
  12. Backend/views/clone/ajax/single-overview.php +18 -14
  13. Backend/views/clone/ajax/start.php +4 -4
  14. Backend/views/clone/ajax/update.php +2 -2
  15. Backend/views/clone/single-site/index.php +1 -1
  16. Backend/views/notices/cache-directory-permission-problem.php +3 -3
  17. Backend/views/notices/directory-listing-could-not-be-prevented.php +1 -1
  18. Backend/views/notices/disabled-items-notice.php +1 -1
  19. Backend/views/notices/logs-directory-permission-problem.php +3 -4
  20. Backend/views/notices/outdated-wp-staging-version.php +1 -1
  21. Backend/views/notices/poll.php +9 -10
  22. Backend/views/notices/vars-directory-permission-problem.php +10 -5
  23. Backend/views/notices/wp-options-missing-pk.php +1 -1
  24. Backend/views/selections/database-tables.php +4 -4
  25. Backend/views/settings/tabs/storages/amazons3-settings.php +9 -5
  26. Backend/views/settings/tabs/storages/googledrive-settings.php +9 -5
  27. Backend/views/settings/tabs/storages/sftp-settings.php +15 -11
  28. Backend/views/templates/exclude-filters/dir-name-exclude-filter.php +2 -1
  29. Backend/views/templates/exclude-filters/file-ext-exclude-filter.php +5 -1
  30. Backend/views/templates/exclude-filters/file-name-exclude-filter.php +2 -1
  31. Backend/views/templates/exclude-filters/file-size-exclude-filter.php +2 -1
  32. Core/Forms/Elements.php +1 -1
  33. Core/WPStaging.php +2 -0
  34. Framework/Facades/Facade.php +107 -0
  35. Framework/Facades/Sanitize.php +19 -0
  36. Framework/Settings/Settings.php +159 -0
  37. Framework/SettingsServiceProvider.php +19 -0
  38. Framework/Utils/Sanitize.php +28 -0
  39. constantsFree.php +1 -1
  40. opcacheBootstrap.php +1 -1
  41. readme.txt +7 -7
  42. vendor_wpstg/autoload/src.php +5 -0
  43. wp-staging.php +1 -1
Backend/Administrator.php CHANGED
@@ -39,7 +39,7 @@ use WPStaging\Backend\Pro\Modules\Jobs\Processing;
39
  use WPStaging\Backend\Pro\Modules\Jobs\Backups\BackupUploadsDir;
40
  use WPStaging\Backend\Pluginmeta\Pluginmeta;
41
  use WPStaging\Framework\Database\SelectedTables;
42
- use WPStaging\Pro\Backup\BackupScheduler;
43
 
44
  /**
45
  * Class Administrator
@@ -80,15 +80,6 @@ class Administrator
80
  */
81
  private $siteInfo;
82
 
83
- /**
84
- * @var array
85
- * All options here will only be stored in the database as integers. Decimal points and separators will be removed
86
- */
87
- private static $integerOptions = [
88
- 'queryLimit',
89
- 'querySRLimit'
90
- ];
91
-
92
  public function __construct()
93
  {
94
  // TODO: Inject using DI
@@ -126,7 +117,6 @@ class Administrator
126
  }
127
 
128
  add_action("admin_menu", [$this, "addMenu"], 10);
129
- add_action("admin_init", [$this, "setOptionFormElements"]);
130
  add_action("admin_init", [$this, "upgrade"]);
131
  add_action("admin_post_wpstg_download_sysinfo", [$this, "systemInfoDownload"]);
132
  add_action("admin_post_wpstg_export", [$this, "export"]);
@@ -206,14 +196,6 @@ class Administrator
206
  $form->sendMail();
207
  }
208
 
209
- /**
210
- * Register options form elements
211
- */
212
- public function setOptionFormElements()
213
- {
214
- register_setting("wpstg_settings", "wpstg_settings", [$this, "sanitizeOptions"]);
215
- }
216
-
217
  /**
218
  * Upgrade routine
219
  * @action admin_init 10 0
@@ -229,62 +211,6 @@ class Administrator
229
  $upgrade->doUpgrade();
230
  }
231
 
232
- /**
233
- * Sanitize options data and delete the cache
234
- * @param array $data
235
- * @return array
236
- */
237
- public function sanitizeOptions($data = [])
238
- {
239
- // is_array() is required otherwise new clone will fail.
240
- $showErrorToggleStagingSiteCloning = false;
241
- if ($this->siteInfo->isStagingSite() && is_array($data)) {
242
- $isStagingCloneable = isset($data['isStagingSiteCloneable']) ? $data['isStagingSiteCloneable'] : 'false';
243
- unset($data['isStagingSiteCloneable']);
244
- $showErrorToggleStagingSiteCloning = !$this->toggleStagingSiteCloning($isStagingCloneable === 'true');
245
- }
246
-
247
- if (WPStaging::isPro() && is_array($data)) {
248
- $sendBackupSchedulesErrorReport = isset($data['schedulesErrorReport']) ? $data['schedulesErrorReport'] : false;
249
- $reportEmail = isset($data['schedulesReportEmail']) ? $data['schedulesReportEmail'] : '';
250
- unset($data['schedulesErrorReport']);
251
- unset($data['wpstg-send-schedules-report-email']);
252
- $this->setBackupScheduleOptions($sendBackupSchedulesErrorReport, $reportEmail);
253
- }
254
-
255
- $sanitized = $this->sanitizeData($data);
256
-
257
- if ($showErrorToggleStagingSiteCloning) {
258
- add_settings_error("wpstg-notices", '', __("Settings updated. But unable to activate/deactivate the site cloneable status!", "wp-staging"), "warning");
259
- } else {
260
- add_settings_error("wpstg-notices", '', __("Settings updated.", "wp-staging"), "updated");
261
- }
262
-
263
- return apply_filters("wpstg-settings", $sanitized, $data);
264
- }
265
-
266
- /**
267
- * @param array $data
268
- * @return array
269
- */
270
- private function sanitizeData($data = [])
271
- {
272
- $sanitized = [];
273
-
274
- foreach ($data as $key => $value) {
275
- if (is_array($value)) {
276
- $sanitized[$key] = $this->sanitizeData($value);
277
- } elseif (in_array($key, self::$integerOptions, true)) {
278
- //Removing comma separators and decimal points
279
- $sanitized[$key] = preg_replace('/\D/', '', htmlspecialchars($value));
280
- } else {
281
- $sanitized[$key] = htmlspecialchars($value);
282
- }
283
- }
284
-
285
- return $sanitized;
286
- }
287
-
288
  /**
289
  * Add Admin Menu(s)
290
  */
@@ -1041,20 +967,20 @@ class Administrator
1041
  }
1042
 
1043
  $cloneId = $_POST["clone"];
1044
- $cloneName = wpstg_urldecode($_POST["cloneName"]);
1045
  $cloneDirectoryName = wpstg_urldecode($_POST["directoryName"]);
1046
  $cloneDirectoryName = preg_replace("#\W+#", '-', strtolower($cloneDirectoryName));
1047
 
1048
- $existingClones[$cloneId]["cloneName"] = stripslashes($cloneName);
1049
- $existingClones[$cloneId]["directoryName"] = stripslashes($cloneDirectoryName);
1050
- $existingClones[$cloneId]["path"] = stripslashes($_POST["path"]);
1051
- $existingClones[$cloneId]["url"] = stripslashes($_POST["url"]);
1052
- $existingClones[$cloneId]["prefix"] = stripslashes($_POST["prefix"]);
1053
- $existingClones[$cloneId]["databaseUser"] = stripslashes($_POST["externalDBUser"]);
1054
- $existingClones[$cloneId]["databasePassword"] = stripslashes($_POST["externalDBPassword"]);
1055
- $existingClones[$cloneId]["databaseDatabase"] = stripslashes($_POST["externalDBDatabase"]);
1056
- $existingClones[$cloneId]["databaseServer"] = stripslashes($_POST["externalDBHost"]);
1057
- $existingClones[$cloneId]["databasePrefix"] = stripslashes($_POST["externalDBPrefix"]);
1058
 
1059
  update_option(Sites::STAGING_SITES_OPTION, $existingClones);
1060
 
@@ -1426,51 +1352,6 @@ class Administrator
1426
  $backup->removeUploadsBackup();
1427
  }
1428
 
1429
- /**
1430
- * Toggle staging site cloning
1431
- *
1432
- * @param bool $isCloneable
1433
- *
1434
- * @return bool
1435
- */
1436
- protected function toggleStagingSiteCloning($isCloneable)
1437
- {
1438
- if ($isCloneable && $this->siteInfo->enableStagingSiteCloning()) {
1439
- return true;
1440
- }
1441
-
1442
- if (!$isCloneable && $this->siteInfo->disableStagingSiteCloning()) {
1443
- return true;
1444
- }
1445
-
1446
- return false;
1447
- }
1448
-
1449
- /**
1450
- * Set backup schedule error reporting options
1451
- *
1452
- * @param bool $sendBackupSchedulesErrorReport
1453
- * @param string $reportEmail
1454
- * @return bool
1455
- */
1456
- protected function setBackupScheduleOptions($sendBackupSchedulesErrorReport, $reportEmail)
1457
- {
1458
- if (!WPStaging::isPro()) {
1459
- return false;
1460
- }
1461
-
1462
- if (!class_exists('WPStaging\Pro\Backup\BackupScheduler')) {
1463
- return false;
1464
- }
1465
-
1466
- $error = !update_option(BackupScheduler::BACKUP_SCHEDULE_ERROR_REPORT_OPTION, $sendBackupSchedulesErrorReport);
1467
- if ($error) {
1468
- return false;
1469
- }
1470
-
1471
- return update_option(BackupScheduler::BACKUP_SCHEDULE_REPORT_EMAIL_OPTION, $reportEmail);
1472
- }
1473
-
1474
  /**
1475
  * Check if Plugin is Pro version
1476
  * @return bool
39
  use WPStaging\Backend\Pro\Modules\Jobs\Backups\BackupUploadsDir;
40
  use WPStaging\Backend\Pluginmeta\Pluginmeta;
41
  use WPStaging\Framework\Database\SelectedTables;
42
+ use WPStaging\Framework\Facades\Sanitize;
43
 
44
  /**
45
  * Class Administrator
80
  */
81
  private $siteInfo;
82
 
 
 
 
 
 
 
 
 
 
83
  public function __construct()
84
  {
85
  // TODO: Inject using DI
117
  }
118
 
119
  add_action("admin_menu", [$this, "addMenu"], 10);
 
120
  add_action("admin_init", [$this, "upgrade"]);
121
  add_action("admin_post_wpstg_download_sysinfo", [$this, "systemInfoDownload"]);
122
  add_action("admin_post_wpstg_export", [$this, "export"]);
196
  $form->sendMail();
197
  }
198
 
 
 
 
 
 
 
 
 
199
  /**
200
  * Upgrade routine
201
  * @action admin_init 10 0
211
  $upgrade->doUpgrade();
212
  }
213
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
214
  /**
215
  * Add Admin Menu(s)
216
  */
967
  }
968
 
969
  $cloneId = $_POST["clone"];
970
+ $cloneName = Sanitize::sanitizeString(wpstg_urldecode($_POST["cloneName"]));
971
  $cloneDirectoryName = wpstg_urldecode($_POST["directoryName"]);
972
  $cloneDirectoryName = preg_replace("#\W+#", '-', strtolower($cloneDirectoryName));
973
 
974
+ $existingClones[$cloneId]["cloneName"] = Sanitize::sanitizeString($cloneName);
975
+ $existingClones[$cloneId]["directoryName"] = Sanitize::sanitizeString($cloneDirectoryName);
976
+ $existingClones[$cloneId]["path"] = Sanitize::sanitizeString($_POST["path"]);
977
+ $existingClones[$cloneId]["url"] = Sanitize::sanitizeString($_POST["url"]);
978
+ $existingClones[$cloneId]["prefix"] = Sanitize::sanitizeString($_POST["prefix"]);
979
+ $existingClones[$cloneId]["databaseUser"] = Sanitize::sanitizeString($_POST["externalDBUser"]);
980
+ $existingClones[$cloneId]["databasePassword"] = Sanitize::sanitizeString($_POST["externalDBPassword"]);
981
+ $existingClones[$cloneId]["databaseDatabase"] = Sanitize::sanitizeString($_POST["externalDBDatabase"]);
982
+ $existingClones[$cloneId]["databaseServer"] = Sanitize::sanitizeString($_POST["externalDBHost"]);
983
+ $existingClones[$cloneId]["databasePrefix"] = Sanitize::sanitizeString($_POST["externalDBPrefix"]);
984
 
985
  update_option(Sites::STAGING_SITES_OPTION, $existingClones);
986
 
1352
  $backup->removeUploadsBackup();
1353
  }
1354
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1355
  /**
1356
  * Check if Plugin is Pro version
1357
  * @return bool
Backend/Modules/Jobs/Cloning.php CHANGED
@@ -11,6 +11,7 @@ use WPStaging\Framework\Database\SelectedTables;
11
  use WPStaging\Framework\Filesystem\Scanning\ScanConst;
12
  use WPStaging\Framework\Security\AccessToken;
13
  use WPStaging\Framework\Staging\Sites;
 
14
  use WPStaging\Framework\Utils\SlashMode;
15
  use WPStaging\Framework\Utils\WpDefaultDirectories;
16
 
@@ -41,6 +42,12 @@ class Cloning extends Job
41
  */
42
  private $errorMessage;
43
 
 
 
 
 
 
 
44
  /**
45
  * Initialize is called in \Job
46
  */
@@ -49,6 +56,7 @@ class Cloning extends Job
49
  $this->db = WPStaging::getInstance()->get("wpdb");
50
  $this->dirUtils = new WpDefaultDirectories();
51
  $this->sitesHelper = new Sites();
 
52
  }
53
 
54
  public function getErrorMessage()
@@ -75,7 +83,7 @@ class Cloning extends Job
75
  // Clone ID -> timestamp (time at which this clone creation initiated)
76
  $this->options->clone = preg_replace("#\W+#", '-', strtolower($_POST["cloneID"]));
77
  // Clone Name -> Site name that user input, if user left it empty it will be Clone ID
78
- $this->options->cloneName = wpstg_urldecode($_POST["cloneName"]);
79
  // The slugified version of Clone Name (to use in directory creation)
80
  $this->options->cloneDirectoryName = $this->sitesHelper->sanitizeDirectoryName($this->options->cloneName);
81
  $result = $this->sitesHelper->isCloneExists($this->options->cloneDirectoryName);
@@ -139,13 +147,13 @@ class Cloning extends Job
139
  // Exclude File Size Rules
140
  $this->options->excludeSizeRules = [];
141
  if (!empty($_POST["excludeSizeRules"])) {
142
- $this->options->excludeSizeRules = explode(',', wpstg_urldecode($_POST["excludeSizeRules"]));
143
  }
144
 
145
  // Exclude Glob Rules
146
  $this->options->excludeGlobRules = [];
147
  if (!empty($_POST["excludeGlobRules"])) {
148
- $this->options->excludeGlobRules = explode(',', wpstg_urldecode($_POST["excludeGlobRules"]));
149
  }
150
 
151
  $this->options->uploadsSymlinked = isset($_POST['uploadsSymlinked']) && $_POST['uploadsSymlinked'] === 'true';
11
  use WPStaging\Framework\Filesystem\Scanning\ScanConst;
12
  use WPStaging\Framework\Security\AccessToken;
13
  use WPStaging\Framework\Staging\Sites;
14
+ use WPStaging\Framework\Utils\Sanitize;
15
  use WPStaging\Framework\Utils\SlashMode;
16
  use WPStaging\Framework\Utils\WpDefaultDirectories;
17
 
42
  */
43
  private $errorMessage;
44
 
45
+ /**
46
+ * @var Sanitize
47
+ */
48
+ private $sanitize;
49
+
50
+
51
  /**
52
  * Initialize is called in \Job
53
  */
56
  $this->db = WPStaging::getInstance()->get("wpdb");
57
  $this->dirUtils = new WpDefaultDirectories();
58
  $this->sitesHelper = new Sites();
59
+ $this->sanitize = WPStaging::make(Sanitize::class);
60
  }
61
 
62
  public function getErrorMessage()
83
  // Clone ID -> timestamp (time at which this clone creation initiated)
84
  $this->options->clone = preg_replace("#\W+#", '-', strtolower($_POST["cloneID"]));
85
  // Clone Name -> Site name that user input, if user left it empty it will be Clone ID
86
+ $this->options->cloneName = $this->sanitize->sanitizeString((wpstg_urldecode($_POST["cloneName"])));
87
  // The slugified version of Clone Name (to use in directory creation)
88
  $this->options->cloneDirectoryName = $this->sitesHelper->sanitizeDirectoryName($this->options->cloneName);
89
  $result = $this->sitesHelper->isCloneExists($this->options->cloneDirectoryName);
147
  // Exclude File Size Rules
148
  $this->options->excludeSizeRules = [];
149
  if (!empty($_POST["excludeSizeRules"])) {
150
+ $this->options->excludeSizeRules = array_map([$this->sanitize, 'sanitizeString'], explode(',', wpstg_urldecode($_POST["excludeSizeRules"])));
151
  }
152
 
153
  // Exclude Glob Rules
154
  $this->options->excludeGlobRules = [];
155
  if (!empty($_POST["excludeGlobRules"])) {
156
+ $this->options->excludeGlobRules = array_map([$this->sanitize, 'sanitizeString'], explode(',', wpstg_urldecode($_POST["excludeGlobRules"])));
157
  }
158
 
159
  $this->options->uploadsSymlinked = isset($_POST['uploadsSymlinked']) && $_POST['uploadsSymlinked'] === 'true';
Backend/Modules/Jobs/Updating.php CHANGED
@@ -6,6 +6,7 @@ use WPStaging\Core\WPStaging;
6
  use WPStaging\Core\Utils\Helper;
7
  use WPStaging\Framework\Database\SelectedTables;
8
  use WPStaging\Framework\Filesystem\Scanning\ScanConst;
 
9
  use WPStaging\Framework\Utils\SlashMode;
10
  use WPStaging\Framework\Utils\WpDefaultDirectories;
11
 
@@ -46,6 +47,11 @@ class Updating extends Job
46
  */
47
  private $dirUtils;
48
 
 
 
 
 
 
49
  /**
50
  * Initialize is called in \Job
51
  */
@@ -54,6 +60,7 @@ class Updating extends Job
54
  $this->db = WPStaging::getInstance()->get("wpdb");
55
  $this->mainJob = self::NORMAL_UPDATE;
56
  $this->dirUtils = new WpDefaultDirectories();
 
57
  }
58
 
59
  /**
@@ -206,12 +213,12 @@ class Updating extends Job
206
  // Exclude Glob Rules
207
  $this->options->excludeGlobRules = [];
208
  if (!empty($_POST["excludeGlobRules"])) {
209
- $this->options->excludeGlobRules = explode(',', wpstg_urldecode($_POST["excludeGlobRules"]));
210
  }
211
 
212
  $this->options->excludeSizeRules = [];
213
  if (!empty($_POST["excludeSizeRules"])) {
214
- $this->options->excludeSizeRules = explode(',', wpstg_urldecode($_POST["excludeSizeRules"]));
215
  }
216
 
217
  // Excluded Directories
6
  use WPStaging\Core\Utils\Helper;
7
  use WPStaging\Framework\Database\SelectedTables;
8
  use WPStaging\Framework\Filesystem\Scanning\ScanConst;
9
+ use WPStaging\Framework\Utils\Sanitize;
10
  use WPStaging\Framework\Utils\SlashMode;
11
  use WPStaging\Framework\Utils\WpDefaultDirectories;
12
 
47
  */
48
  private $dirUtils;
49
 
50
+ /**
51
+ * @var Sanitize
52
+ */
53
+ private $sanitize;
54
+
55
  /**
56
  * Initialize is called in \Job
57
  */
60
  $this->db = WPStaging::getInstance()->get("wpdb");
61
  $this->mainJob = self::NORMAL_UPDATE;
62
  $this->dirUtils = new WpDefaultDirectories();
63
+ $this->sanitize = WPStaging::make(Sanitize::class);
64
  }
65
 
66
  /**
213
  // Exclude Glob Rules
214
  $this->options->excludeGlobRules = [];
215
  if (!empty($_POST["excludeGlobRules"])) {
216
+ $this->options->excludeGlobRules = array_map([$this->sanitize, 'sanitizeString'], explode(',', wpstg_urldecode($_POST["excludeGlobRules"])));
217
  }
218
 
219
  $this->options->excludeSizeRules = [];
220
  if (!empty($_POST["excludeSizeRules"])) {
221
+ $this->options->excludeSizeRules = array_map([$this->sanitize, 'sanitizeString'], explode(',', wpstg_urldecode($_POST["excludeSizeRules"])));
222
  }
223
 
224
  // Excluded Directories
Backend/views/_main/header.php CHANGED
@@ -27,7 +27,7 @@
27
  ?>
28
 
29
  <div id="wpstg-update-notify" style="display:<?php echo $display; ?>">
30
- <strong><?php echo sprintf(__("New: WP STAGING PRO v. %s is available.", 'wp-staging'), $latestReleasedVersion); ?></strong><br/>
31
  <?php echo sprintf(__('Important: Please update the plugin before pushing the staging site to production site. <a href="%s" target="_blank">What\'s New?</a>', 'wp-staging'), 'https://wp-staging.com/wp-staging-pro-changelog'); ?>
32
  </div>
33
 
27
  ?>
28
 
29
  <div id="wpstg-update-notify" style="display:<?php echo $display; ?>">
30
+ <strong><?php echo sprintf(__("New: WP STAGING PRO v. %s is available.", 'wp-staging'), esc_html($latestReleasedVersion)); ?></strong><br/>
31
  <?php echo sprintf(__('Important: Please update the plugin before pushing the staging site to production site. <a href="%s" target="_blank">What\'s New?</a>', 'wp-staging'), 'https://wp-staging.com/wp-staging-pro-changelog'); ?>
32
  </div>
33
 
Backend/views/backup/free-version.php CHANGED
@@ -10,23 +10,7 @@
10
  <ul>
11
  <li class="wpstg-clone wpstg-dark-alert">
12
  <p><strong><?php esc_html_e('Backup & Migration is a PRO feature!', 'wp-staging'); ?></strong></p>
13
- <p><?php _e('<a href="https://wp-staging.com/?utm_source=wp-admin&utm_medium=wp-admin&utm_campaign=backup-restore&utm_term=backup-restore" target="_blank" id="wpstg-button-backup-upgrade" class="wpstg-button--primary wpstg-button--cta-red wpstg-border--violet">Unlock</a>', 'wp-staging'); ?></p>
14
  </li>
15
  </ul>
16
  </div>
17
-
18
- <div id="wpstg-did-you-know" style="margin-bottom:12px">
19
- <strong><?php echo sprintf(__('Did you know? You can upload backup files to another website to transfer it. <a href="%s" target="_blank">Read more</a>', 'wp-staging'), 'https://wp-staging.com/docs/how-to-migrate-your-wordpress-site-to-a-new-host/'); ?></strong>
20
- </div>
21
-
22
- <div id="wpstg-step-1">
23
- <button id="wpstg-new-backup" class="wpstg-next-step-link wpstg-blue-primary wpstg-button" disabled>
24
- <?php esc_html_e('Create New Backup', 'wp-staging') ?>
25
- </button>
26
- <button id="wpstg-upload-backup" class="wpstg-next-step-link wpstg-blue-primary wpstg-button wpstg-ml-4" disabled>
27
- <?php esc_html_e('Upload Backup', 'wp-staging') ?>
28
- </button>
29
- <button id="wpstg-manage-backup-schedules" class="wpstg-next-step-link wpstg-blue-primary wpstg-button wpstg-ml-4" disabled>
30
- <?php esc_html_e('Edit Backup Plans', 'wp-staging') ?>
31
- </button>
32
- </div>
10
  <ul>
11
  <li class="wpstg-clone wpstg-dark-alert">
12
  <p><strong><?php esc_html_e('Backup & Migration is a PRO feature!', 'wp-staging'); ?></strong></p>
13
+ <p><?php _e('<a href="https://wp-staging.com/?utm_source=wp-admin&utm_medium=wp-admin&utm_campaign=backup-restore&utm_term=backup-restore" target="_blank" id="wpstg-button-backup-upgrade" class="wpstg-button--primary wpstg-button--cta-red wpstg-border--violet">Get Started</a>', 'wp-staging'); ?></p>
14
  </li>
15
  </ul>
16
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Backend/views/clone/ajax/custom-directory.php CHANGED
@@ -3,6 +3,7 @@
3
  use WPStaging\Core\WPStaging;
4
  use WPStaging\Backend\Modules\SystemInfo;
5
  use WPStaging\Backend\Modules\Jobs\Scan;
 
6
 
7
  /**
8
  * This file is currently being called for the both FREE and PRO version:
@@ -48,10 +49,10 @@ if ($isPro) {
48
  }
49
 
50
  if ($isPro && !empty($options->current) && $options->current !== null) {
51
- $cloneDir = isset($options->existingClones[$options->current]['cloneDir']) ? $options->existingClones[$options->current]['cloneDir'] : '';
52
- $hostname = isset($options->existingClones[$options->current]['url']) ? $options->existingClones[$options->current]['url'] : '';
53
  $customHostname = $hostname;
54
- $directory = isset($options->existingClones[$options->current]['path']) ? $options->existingClones[$options->current]['path'] : '';
55
  $customDir = $directory;
56
  $uploadsSymlinked = isset($options->existingClones[$options->current]['uploadsSymlinked']) && $options->existingClones[$options->current]['uploadsSymlinked'];
57
  $proSettingsDisabled = true;
@@ -62,11 +63,11 @@ if ($isPro && !empty($options->current) && $options->current !== null) {
62
  <label for="wpstg-change-dest"><?php _e('Change Destination'); ?></label>
63
  <input type="checkbox" id="wpstg-change-dest" name="wpstg-change-dest" value="true" class="wpstg-toggle-advance-settings-section" data-id="wpstg-clone-directory" <?php echo $isPro === true ? '' : 'disabled' ?> >
64
  <span class="wpstg--tooltip">
65
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
66
  <span class="wpstg--tooltiptext">
67
  <strong> <?php _e('You can copy the staging site to a custom directory and can use a different hostname.', 'wp-staging'); ?></strong>
68
  <br /> <br />
69
- <?php echo sprintf(__('<strong>Target Directory:</strong> An absolute path like <code>/www/public_html/dev</code>. File permissions should be 755 and it must be writeable by php user <code>%s</code>', 'wp-staging'), (new SystemInfo())->getPHPUser()); ?>
70
  <br /> <br />
71
  <?php _e('<strong>Taget Hostname:</strong> The hostname of the target site, for instance <code>https://subdomain.example.com</code> or <code>https://example.com/staging</code>', 'wp-staging'); ?>
72
  <br /> <br />
@@ -77,25 +78,25 @@ if ($isPro && !empty($options->current) && $options->current !== null) {
77
  <div id="wpstg-clone-directory" <?php echo $isPro === true ? 'style="display: none;"' : '' ?> >
78
  <div class="wpstg-form-group wpstg-text-field">
79
  <label><?php _e('Target Directory: ', 'wp-staging') ?> </label>
80
- <input type="text" class="wpstg-textbox" name="wpstg_clone_dir" id="wpstg_clone_dir" value="<?php echo $customDir; ?>" title="wpstg_clone_dir" placeholder="<?php echo $directory; ?>" autocapitalize="off" <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?> />
81
  <?php if (!$proSettingsDisabled) : ?>
82
  <span class="wpstg-code-segment">
83
  <code>
84
- <a id="wpstg-use-target-dir" data-base-path="<?php echo $directory ?>" data-path="<?php echo $directory ?>" class="wpstg-pointer">
85
  <?php _e('Set Default: ', 'wp-staging') ?>
86
  </a>
87
- <span class="wpstg-use-target-dir--value"><?php echo $directory; ?></span>
88
  </code>
89
  </span>
90
  <?php endif; ?>
91
  </div>
92
  <div class="wpstg-form-group wpstg-text-field">
93
  <label><?php _e('Target Hostname: ') ?> </label>
94
- <input type="text" class="wpstg-textbox" name="wpstg_clone_hostname" id="wpstg_clone_hostname" value="<?php echo $customHostname; ?>" title="wpstg_clone_hostname" placeholder="<?php echo $hostname; ?>" autocapitalize="off" <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?> />
95
  <?php if (!$proSettingsDisabled) : ?>
96
  <span class="wpstg-code-segment">
97
  <code>
98
- <a id="wpstg-use-target-hostname" data-base-uri="<?php echo $hostname ?>" data-uri="<?php echo $hostname ?>" class="wpstg-pointer">
99
  <?php _e('Set Default: ', 'wp-staging') ?>
100
  </a>
101
  <span class="wpstg-use-target-hostname--value"><?php echo get_site_url(); ?></span>
@@ -112,7 +113,7 @@ if ($isPro && !empty($options->current) && $options->current !== null) {
112
  <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?>
113
  <?php echo $uploadsSymlinked === true ? 'checked' : '' ?> />
114
  <span class="wpstg--tooltip">
115
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
116
  <span class="wpstg--tooltiptext">
117
  <?php echo sprintf(__('Activate to symlink the folder %s%s%s to the production site. %s All files including images on the production site\'s uploads folder will be linked to the staging site uploads folder. This will speed up the cloning and pushing process tremendously as no files from the uploads folder are copied between both sites. %s Note: this can lead to mixed and shared content issues if both site loads (custom) stylesheet files from the same uploads folder. %s Using this option means changing images on the staging site will change images on the production site as well. Use this with care! %s', 'wp-staging'), '<code>', $wpDefaultDirectories->getRelativeUploadPath(), '</code>', '<br><br>', '<br><br>', '<br><br><strong>', '</strong>');?>
118
  <br/>
3
  use WPStaging\Core\WPStaging;
4
  use WPStaging\Backend\Modules\SystemInfo;
5
  use WPStaging\Backend\Modules\Jobs\Scan;
6
+ use WPStaging\Framework\Facades\Sanitize;
7
 
8
  /**
9
  * This file is currently being called for the both FREE and PRO version:
49
  }
50
 
51
  if ($isPro && !empty($options->current) && $options->current !== null) {
52
+ $cloneDir = isset($options->existingClones[$options->current]['cloneDir']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['cloneDir']) : '';
53
+ $hostname = isset($options->existingClones[$options->current]['url']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['url']) : '';
54
  $customHostname = $hostname;
55
+ $directory = isset($options->existingClones[$options->current]['path']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['path']) : '';
56
  $customDir = $directory;
57
  $uploadsSymlinked = isset($options->existingClones[$options->current]['uploadsSymlinked']) && $options->existingClones[$options->current]['uploadsSymlinked'];
58
  $proSettingsDisabled = true;
63
  <label for="wpstg-change-dest"><?php _e('Change Destination'); ?></label>
64
  <input type="checkbox" id="wpstg-change-dest" name="wpstg-change-dest" value="true" class="wpstg-toggle-advance-settings-section" data-id="wpstg-clone-directory" <?php echo $isPro === true ? '' : 'disabled' ?> >
65
  <span class="wpstg--tooltip">
66
+ <img class="wpstg--dashicons" src="<?php echo esc_url($scan->getInfoIcon()); ?>" alt="info" />
67
  <span class="wpstg--tooltiptext">
68
  <strong> <?php _e('You can copy the staging site to a custom directory and can use a different hostname.', 'wp-staging'); ?></strong>
69
  <br /> <br />
70
+ <?php echo sprintf(__('<strong>Target Directory:</strong> An absolute path like <code>/www/public_html/dev</code>. File permissions should be 755 and it must be writeable by php user <code>%s</code>', 'wp-staging'), esc_html((new SystemInfo())->getPHPUser())); ?>
71
  <br /> <br />
72
  <?php _e('<strong>Taget Hostname:</strong> The hostname of the target site, for instance <code>https://subdomain.example.com</code> or <code>https://example.com/staging</code>', 'wp-staging'); ?>
73
  <br /> <br />
78
  <div id="wpstg-clone-directory" <?php echo $isPro === true ? 'style="display: none;"' : '' ?> >
79
  <div class="wpstg-form-group wpstg-text-field">
80
  <label><?php _e('Target Directory: ', 'wp-staging') ?> </label>
81
+ <input type="text" class="wpstg-textbox" name="wpstg_clone_dir" id="wpstg_clone_dir" value="<?php echo esc_attr($customDir); ?>" title="wpstg_clone_dir" placeholder="<?php echo esc_attr($directory); ?>" autocapitalize="off" <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?> />
82
  <?php if (!$proSettingsDisabled) : ?>
83
  <span class="wpstg-code-segment">
84
  <code>
85
+ <a id="wpstg-use-target-dir" data-base-path="<?php echo esc_attr($directory) ?>" data-path="<?php echo esc_attr($directory) ?>" class="wpstg-pointer">
86
  <?php _e('Set Default: ', 'wp-staging') ?>
87
  </a>
88
+ <span class="wpstg-use-target-dir--value"><?php echo esc_attr($directory); ?></span>
89
  </code>
90
  </span>
91
  <?php endif; ?>
92
  </div>
93
  <div class="wpstg-form-group wpstg-text-field">
94
  <label><?php _e('Target Hostname: ') ?> </label>
95
+ <input type="text" class="wpstg-textbox" name="wpstg_clone_hostname" id="wpstg_clone_hostname" value="<?php echo esc_attr($customHostname); ?>" title="wpstg_clone_hostname" placeholder="<?php echo esc_attr($hostname); ?>" autocapitalize="off" <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?> />
96
  <?php if (!$proSettingsDisabled) : ?>
97
  <span class="wpstg-code-segment">
98
  <code>
99
+ <a id="wpstg-use-target-hostname" data-base-uri="<?php echo esc_attr($hostname) ?>" data-uri="<?php echo esc_attr($hostname) ?>" class="wpstg-pointer">
100
  <?php _e('Set Default: ', 'wp-staging') ?>
101
  </a>
102
  <span class="wpstg-use-target-hostname--value"><?php echo get_site_url(); ?></span>
113
  <?php echo $proSettingsDisabled === true ? 'disabled' : '' ?>
114
  <?php echo $uploadsSymlinked === true ? 'checked' : '' ?> />
115
  <span class="wpstg--tooltip">
116
+ <img class="wpstg--dashicons" src="<?php echo esc_attr($scan->getInfoIcon()); ?>" alt="info" />
117
  <span class="wpstg--tooltiptext">
118
  <?php echo sprintf(__('Activate to symlink the folder %s%s%s to the production site. %s All files including images on the production site\'s uploads folder will be linked to the staging site uploads folder. This will speed up the cloning and pushing process tremendously as no files from the uploads folder are copied between both sites. %s Note: this can lead to mixed and shared content issues if both site loads (custom) stylesheet files from the same uploads folder. %s Using this option means changing images on the staging site will change images on the production site as well. Use this with care! %s', 'wp-staging'), '<code>', $wpDefaultDirectories->getRelativeUploadPath(), '</code>', '<br><br>', '<br><br>', '<br><br><strong>', '</strong>');?>
119
  <br/>
Backend/views/clone/ajax/delete-confirmation.php CHANGED
@@ -29,7 +29,7 @@ if ($isDatabaseConnected) { ?>
29
  <?php _e('Database Location:', 'wp-staging'); ?>
30
  <code>
31
  <?php
32
- $database = empty($clone->databaseDatabase) ? $dbname . "</code> (Production Database)" : $clone->databaseDatabase . "</code> (Separate Database)";
33
  echo $database;
34
  ?>
35
 
@@ -40,7 +40,7 @@ if ($isDatabaseConnected) { ?>
40
  <?php if (!$isDatabaseConnected) { ?>
41
  <div class="wpstg-notice-alert wpstg-failed">
42
  <h4 class="wpstg-mb-0"><?php _e('Error: Can not connect to external database: ', 'wp-staging');
43
- echo $clone->databaseDatabase; ?></h4>
44
  <ul class="wpstg-mb-0">
45
  <li><?php _e('This can happen if the password of the external database has been changed or if the database was deleted', 'wp-staging') ?></li>
46
  <li><?php _e('You can still delete this staging site but deleting this site will not delete any table or database. You will have to delete them manually if they exist.', 'wp-staging') ?></li>
@@ -71,11 +71,11 @@ if ($isDatabaseConnected) { ?>
71
  <div class="wpstg-db-table">
72
  <label>
73
  <?php $checkedProperty = (strpos($table->name, $clone->prefix) === 0) ? 'checked' : ''; ?>
74
- <input class="wpstg-db-table-checkboxes" type="checkbox" name="<?php echo $table->name?>" <?php echo $checkedProperty ?>>
75
  <?php echo $table->name?>
76
  </label>
77
  <span class="wpstg-size-info">
78
- <?php echo isset($table->size) ? $table->size : '';?>
79
  </span>
80
  </div>
81
  <?php endforeach ?>
@@ -102,8 +102,8 @@ if ($isDatabaseConnected) { ?>
102
  <div class="wpstg-dir">
103
  <label>
104
  <input id="deleteDirectory" type="checkbox" class="wpstg-check-dir" name="deleteDirectory" value="1" checked data-deletepath="<?php echo urlencode($clone->path);?>">
105
- <?php echo $clone->path;?>
106
- <span class="wpstg-size-info"><?php echo isset($clone->size) ? $clone->size : ''; ?></span>
107
  </label>
108
  </div>
109
  </div>
@@ -114,6 +114,6 @@ if ($isDatabaseConnected) { ?>
114
  <?php _e("Cancel", "wp-staging")?>
115
  </a>
116
 
117
- <a href="#" class="wpstg-button--primary wpstg-button--red" style="margin-left:5px;" id="wpstg-remove-clone" data-clone="<?php echo $clone->name?>">
118
  <?php echo __("Delete", "wp-staging")?>
119
  </a>
29
  <?php _e('Database Location:', 'wp-staging'); ?>
30
  <code>
31
  <?php
32
+ $database = empty($clone->databaseDatabase) ? esc_html($dbname) . "</code> (Production Database)" : esc_html($clone->databaseDatabase) . "</code> (Separate Database)";
33
  echo $database;
34
  ?>
35
 
40
  <?php if (!$isDatabaseConnected) { ?>
41
  <div class="wpstg-notice-alert wpstg-failed">
42
  <h4 class="wpstg-mb-0"><?php _e('Error: Can not connect to external database: ', 'wp-staging');
43
+ echo esc_html($clone->databaseDatabase); ?></h4>
44
  <ul class="wpstg-mb-0">
45
  <li><?php _e('This can happen if the password of the external database has been changed or if the database was deleted', 'wp-staging') ?></li>
46
  <li><?php _e('You can still delete this staging site but deleting this site will not delete any table or database. You will have to delete them manually if they exist.', 'wp-staging') ?></li>
71
  <div class="wpstg-db-table">
72
  <label>
73
  <?php $checkedProperty = (strpos($table->name, $clone->prefix) === 0) ? 'checked' : ''; ?>
74
+ <input class="wpstg-db-table-checkboxes" type="checkbox" name="<?php echo esc_attr($table->name); ?>" <?php echo $checkedProperty ?>>
75
  <?php echo $table->name?>
76
  </label>
77
  <span class="wpstg-size-info">
78
+ <?php echo isset($table->size) ? esc_html($table->size) : '';?>
79
  </span>
80
  </div>
81
  <?php endforeach ?>
102
  <div class="wpstg-dir">
103
  <label>
104
  <input id="deleteDirectory" type="checkbox" class="wpstg-check-dir" name="deleteDirectory" value="1" checked data-deletepath="<?php echo urlencode($clone->path);?>">
105
+ <?php echo esc_html($clone->path);?>
106
+ <span class="wpstg-size-info"><?php echo isset($clone->size) ? esc_html($clone->size) : ''; ?></span>
107
  </label>
108
  </div>
109
  </div>
114
  <?php _e("Cancel", "wp-staging")?>
115
  </a>
116
 
117
+ <a href="#" class="wpstg-button--primary wpstg-button--red" style="margin-left:5px;" id="wpstg-remove-clone" data-clone="<?php echo esc_attr($clone->name); ?>">
118
  <?php echo __("Delete", "wp-staging")?>
119
  </a>
Backend/views/clone/ajax/external-database.php CHANGED
@@ -12,6 +12,8 @@
12
  * @see \WPStaging\Backend\Modules\Jobs\Scan::start For details on $options.
13
  */
14
 
 
 
15
  $database = '';
16
  $username = '';
17
  $password = '';
@@ -24,10 +26,10 @@ if (!$isPro) {
24
  }
25
 
26
  if ($isPro && !empty($options->current) && $options->current !== null) {
27
- $database = isset($options->existingClones[$options->current]['databaseDatabase']) ? $options->existingClones[$options->current]['databaseDatabase'] : '';
28
- $username = isset($options->existingClones[$options->current]['databaseUser']) ? $options->existingClones[$options->current]['databaseUser'] : '';
29
- $prefix = isset($options->existingClones[$options->current]['databasePrefix']) ? $options->existingClones[$options->current]['databasePrefix'] : '';
30
- $server = isset($options->existingClones[$options->current]['databaseServer']) ? $options->existingClones[$options->current]['databaseServer'] : '';
31
  $isDisabled = true;
32
  $password = '*********';
33
  }
@@ -43,7 +45,7 @@ if ($isPro && !empty($options->current) && $options->current !== null) {
43
  <label for="wpstg-ext-db"><?php _e('Change Database'); ?></label>
44
  <input type="checkbox" id="wpstg-ext-db" name="wpstg-ext-db" value="true" class="wpstg-toggle-advance-settings-section" data-id="wpstg-external-db-section" <?php echo $isPro === true ? '' : 'disabled' ?> >
45
  <span class="wpstg--tooltip">
46
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
47
  <span class="wpstg--tooltiptext">
48
  <?php _e('You can clone the staging site into a separate database. The Database must be created manually in advance before starting the cloning proccess.<br/><br/><strong>Note:</strong> If there are already tables with the same database prefix and name in this database, the cloning process will be aborted without any further asking!', 'wp-staging'); ?>
49
  </span>
12
  * @see \WPStaging\Backend\Modules\Jobs\Scan::start For details on $options.
13
  */
14
 
15
+ use WPStaging\Framework\Facades\Sanitize;
16
+
17
  $database = '';
18
  $username = '';
19
  $password = '';
26
  }
27
 
28
  if ($isPro && !empty($options->current) && $options->current !== null) {
29
+ $database = isset($options->existingClones[$options->current]['databaseDatabase']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['databaseDatabase']) : '';
30
+ $username = isset($options->existingClones[$options->current]['databaseUser']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['databaseUser']) : '';
31
+ $prefix = isset($options->existingClones[$options->current]['databasePrefix']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['databasePrefix']) : '';
32
+ $server = isset($options->existingClones[$options->current]['databaseServer']) ? Sanitize::sanitizeString($options->existingClones[$options->current]['databaseServer']) : '';
33
  $isDisabled = true;
34
  $password = '*********';
35
  }
45
  <label for="wpstg-ext-db"><?php _e('Change Database'); ?></label>
46
  <input type="checkbox" id="wpstg-ext-db" name="wpstg-ext-db" value="true" class="wpstg-toggle-advance-settings-section" data-id="wpstg-external-db-section" <?php echo $isPro === true ? '' : 'disabled' ?> >
47
  <span class="wpstg--tooltip">
48
+ <img class="wpstg--dashicons" src="<?php echo esc_attr($scan->getInfoIcon()); ?>" alt="info" />
49
  <span class="wpstg--tooltiptext">
50
  <?php _e('You can clone the staging site into a separate database. The Database must be created manually in advance before starting the cloning proccess.<br/><br/><strong>Note:</strong> If there are already tables with the same database prefix and name in this database, the cloning process will be aborted without any further asking!', 'wp-staging'); ?>
51
  </span>
Backend/views/clone/ajax/mail-setting.php CHANGED
@@ -40,7 +40,7 @@ if ($isPro && !empty($options->current)) {
40
  <label for="wpstg_allow_emails"><?php _e('Allow Emails Sending'); ?></label>
41
  <input type="checkbox" id="wpstg_allow_emails" name="wpstg_allow_emails" value="true" <?php echo $emailsAllowed === true ? 'checked' : '' ?> <?php echo $settingsEnabled === false ? 'disabled' : '' ?> />
42
  <span class="wpstg--tooltip">
43
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
44
  <span class="wpstg--tooltiptext">
45
  <?php _e('Allow emails sending for this staging site.', 'wp-staging'); ?>
46
  <br /> <br />
40
  <label for="wpstg_allow_emails"><?php _e('Allow Emails Sending'); ?></label>
41
  <input type="checkbox" id="wpstg_allow_emails" name="wpstg_allow_emails" value="true" <?php echo $emailsAllowed === true ? 'checked' : '' ?> <?php echo $settingsEnabled === false ? 'disabled' : '' ?> />
42
  <span class="wpstg--tooltip">
43
+ <img class="wpstg--dashicons" src="<?php echo esc_attr($scan->getInfoIcon()); ?>" alt="info" />
44
  <span class="wpstg--tooltiptext">
45
  <?php _e('Allow emails sending for this staging site.', 'wp-staging'); ?>
46
  <br /> <br />
Backend/views/clone/ajax/process-lock.php CHANGED
@@ -1,6 +1,5 @@
1
 
2
- <h3><?php echo $message; ?></h3>
3
-
4
 
5
  <button type="button" class="wpstg-prev-step-link wpstg-link-btn button-primary wpstg-button">
6
  <?php _e("Back", "wp-staging") ?>
@@ -9,6 +8,3 @@
9
  <button type="button" id="wpstg-restart-cloning" class="wpstg-link-btn button-primary wpstg-button">
10
  <?php echo __("Stop other process", "wp-staging")?>
11
  </button>
12
-
13
-
14
-
1
 
2
+ <h3><?php echo esc_html($message); ?></h3>
 
3
 
4
  <button type="button" class="wpstg-prev-step-link wpstg-link-btn button-primary wpstg-button">
5
  <?php _e("Back", "wp-staging") ?>
8
  <button type="button" id="wpstg-restart-cloning" class="wpstg-link-btn button-primary wpstg-button">
9
  <?php echo __("Stop other process", "wp-staging")?>
10
  </button>
 
 
 
Backend/views/clone/ajax/scan.php CHANGED
@@ -1,5 +1,5 @@
1
-
2
  <?php
 
3
  /**
4
  * @see \WPStaging\Backend\Administrator::ajaxCloneScan Context where this is included.
5
  *
@@ -10,6 +10,8 @@
10
  * @see \WPStaging\Backend\Modules\Jobs\Scan::start For details on $options.
11
  */
12
 
 
 
13
  $isPro = defined('WPSTGPRO_VERSION');
14
  ?>
15
  <label id="wpstg-clone-label" for="wpstg-new-clone">
@@ -17,7 +19,7 @@ $isPro = defined('WPSTGPRO_VERSION');
17
  placeholder="<?php _e('Enter Site Name (Optional)', 'wp-staging') ?>"
18
  data-clone="<?php echo $options->current; ?>"
19
  <?php if ($options->current !== null) {
20
- $siteName = isset($options->currentClone['cloneName']) ? $options->currentClone['cloneName'] : $options->currentClone['directoryName'];
21
  echo ' value="' . $siteName . '"';
22
  echo " disabled='disabled'";
23
  } ?> />
@@ -90,7 +92,7 @@ if ($options->current !== null && $options->mainJob === 'updating') {
90
  <label for="wpstg-clean-plugins-themes"><?php _e('Clean Plugins/Themes'); ?></label>
91
  <input type="checkbox" id="wpstg-clean-plugins-themes" name="wpstg-clean-plugins-themes" value="true">
92
  <span class="wpstg--tooltip">
93
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
94
  <span class="wpstg--tooltiptext">
95
  <?php _e('Delete all plugins & themes on staging site before starting copy process.', 'wp-staging'); ?>
96
  </span>
@@ -100,7 +102,7 @@ if ($options->current !== null && $options->mainJob === 'updating') {
100
  <label for="wpstg-clean-uploads"><?php _e('Clean Uploads'); ?></label>
101
  <input type="checkbox" id="wpstg-clean-uploads" name="wpstg-clean-uploads" value="true">
102
  <span class="wpstg--tooltip">
103
- <img class="wpstg--dashicons" src="<?php echo $scan->getInfoIcon(); ?>" alt="info" />
104
  <span class="wpstg--tooltiptext">
105
  <?php _e('Delete entire folder wp-content/uploads on staging site including all images before starting copy process.', 'wp-staging'); ?>
106
  <?php echo ($uploadsSymlinked ? "<br/><br/><b>" . __("Note: This option is disabled as uploads directory is symlinked", "wp-staging") . "</b>" : '') ?>
@@ -128,6 +130,6 @@ if ($options->current !== null && $options->mainJob === 'updating') {
128
  }
129
  ?>
130
 
131
- <button type="button" id="<?php echo $btnId; ?>" class="wpstg-next-step-link wpstg-button--primary wpstg-button--blue" data-action="<?php echo $action; ?>"><?php echo $label; ?></button>
132
 
133
  <a href="#" id="wpstg-check-space"><?php _e('Check required disk space', 'wp-staging'); ?></a>
 
1
  <?php
2
+
3
  /**
4
  * @see \WPStaging\Backend\Administrator::ajaxCloneScan Context where this is included.
5
  *
10
  * @see \WPStaging\Backend\Modules\Jobs\Scan::start For details on $options.
11
  */
12
 
13
+ use WPStaging\Framework\Facades\Sanitize;
14
+
15
  $isPro = defined('WPSTGPRO_VERSION');
16
  ?>
17
  <label id="wpstg-clone-label" for="wpstg-new-clone">
19
  placeholder="<?php _e('Enter Site Name (Optional)', 'wp-staging') ?>"
20
  data-clone="<?php echo $options->current; ?>"
21
  <?php if ($options->current !== null) {
22
+ $siteName = isset($options->currentClone['cloneName']) ? Sanitize::sanitizeString(wpstg_urldecode($options->currentClone['cloneName'])) : $options->currentClone['directoryName'];
23
  echo ' value="' . $siteName . '"';
24
  echo " disabled='disabled'";
25
  } ?> />
92
  <label for="wpstg-clean-plugins-themes"><?php _e('Clean Plugins/Themes'); ?></label>
93
  <input type="checkbox" id="wpstg-clean-plugins-themes" name="wpstg-clean-plugins-themes" value="true">
94
  <span class="wpstg--tooltip">
95
+ <img class="wpstg--dashicons" src="<?php echo esc_attr($scan->getInfoIcon()); ?>" alt="info" />
96
  <span class="wpstg--tooltiptext">
97
  <?php _e('Delete all plugins & themes on staging site before starting copy process.', 'wp-staging'); ?>
98
  </span>
102
  <label for="wpstg-clean-uploads"><?php _e('Clean Uploads'); ?></label>
103
  <input type="checkbox" id="wpstg-clean-uploads" name="wpstg-clean-uploads" value="true">
104
  <span class="wpstg--tooltip">
105
+ <img class="wpstg--dashicons" src="<?php echo esc_attr($scan->getInfoIcon()); ?>" alt="info" />
106
  <span class="wpstg--tooltiptext">
107
  <?php _e('Delete entire folder wp-content/uploads on staging site including all images before starting copy process.', 'wp-staging'); ?>
108
  <?php echo ($uploadsSymlinked ? "<br/><br/><b>" . __("Note: This option is disabled as uploads directory is symlinked", "wp-staging") . "</b>" : '') ?>
130
  }
131
  ?>
132
 
133
+ <button type="button" id="<?php echo esc_attr($btnId); ?>" class="wpstg-next-step-link wpstg-button--primary wpstg-button--blue" data-action="<?php echo esc_attr($action); ?>"><?php echo esc_html($label); ?></button>
134
 
135
  <a href="#" id="wpstg-check-space"><?php _e('Check required disk space', 'wp-staging'); ?></a>
Backend/views/clone/ajax/single-overview.php CHANGED
@@ -1,4 +1,5 @@
1
  <?php
 
2
  /**
3
  * @see \WPStaging\Backend\Administrator::ajaxOverview
4
  *
@@ -6,6 +7,9 @@
6
  * @var string $iconPath
7
  * @var $license
8
  */
 
 
 
9
  ?>
10
  <div id="wpstg-step-1">
11
  <button id="wpstg-new-clone" class="wpstg-next-step-link wpstg-blue-primary wpstg-button" data-action="wpstg_scanning">
@@ -20,15 +24,15 @@
20
  <?php _e("Your Staging Sites:", "wp-staging") ?>
21
  </h3>
22
  <?php foreach ($availableClones as $cloneID => $data) : ?>
23
- <div id="<?php echo $data['directoryName']; ?>" data-clone-id="<?php echo $cloneID; ?>" class="wpstg-clone">
24
- <?php $urlLogin = $data["url"]; ?>
25
  <div class="wpstg-clone-header">
26
  <a href="<?php echo $urlLogin ?>" class="wpstg-clone-title" target="_blank">
27
- <?php echo isset($data["cloneName"]) ? $data["cloneName"] : $data["directoryName"]; ?>
28
  </a>
29
  <?php if (is_multisite()) { ?>
30
  <div class="wpstg-clone-labels">
31
- <span class="wpstg-clone-label"><?php echo $data['networkClone'] ? __('Network', 'wp-staging') : __('Site', 'wp-staging') ?></span>
32
  </div>
33
  <?php } ?>
34
  <div class="wpstg-clone-actions">
@@ -44,13 +48,13 @@
44
  <a href="<?php echo $urlLogin ?>" class="wpstg-open-clone wpstg-clone-action" target="_blank" title="<?php echo __("Open the staging site in a new tab", "wp-staging") ?>">
45
  <?php _e("Open", "wp-staging"); ?>
46
  </a>
47
- <a href="#" class="wpstg-execute-clone wpstg-clone-action" data-clone="<?php echo $cloneID ?>" title="<?php echo __("Update and overwrite this clone with files and database tables selected on the next page. This will not replace nor modify the wp-config.php on the staging site!", "wp-staging") ?>">
48
  <?php _e("Update", "wp-staging"); ?>
49
  </a>
50
- <a href="#" class="wpstg-reset-clone wpstg-clone-action" data-clone="<?php echo $cloneID ?>" data-network="<?php echo is_multisite() && $data['networkClone'] ? 'yes' : 'no' ?>" title="<?php echo __("Replace this clone with the production site completely. This includes replacing the wp-config.php and all files and data. Confirm to proceed on the next page.", "wp-staging") ?>">
51
  <?php _e("Reset", "wp-staging"); ?>
52
  </a>
53
- <a href="#" class="wpstg-remove-clone wpstg-clone-action" data-clone="<?php echo $cloneID ?>" title="<?php echo __("Delete this clone. Select specific folders and database tables in the next step.", "wp-staging") ?>">
54
  <?php _e("Delete", "wp-staging"); ?>
55
  </a>
56
  <?php
@@ -66,7 +70,7 @@
66
  $dbname = ! empty($data['databaseDatabase']) ? $data['databaseDatabase'] : DB_NAME;
67
  $prefix = ! empty($data['prefix']) ? $data['prefix'] : '';
68
  $cloneDir = ! empty($data['path']) ? $data['path'] : '';
69
- $url = ! empty($data['url']) ? sprintf('<a href="%1$s" target="_blank">%1$s</a>', $data['url']) : '';
70
  $datetime = ! empty($data['datetime']) ? get_date_from_gmt(date("Y-m-d H:i:s", $data['datetime']), "D, d M Y H:i:s T") : '&nbsp;&nbsp;&nbsp;';
71
  $owner = ! empty($data['ownerId']) ? get_userdata($data['ownerId']) : null;
72
  $ownerName = ! empty($owner->user_login) ? $owner->user_login : 'N/A';
@@ -88,19 +92,19 @@
88
  }
89
 
90
 
91
- echo sprintf(__('Database: <span class="wpstg-bold">%s</span>', 'wp-staging'), $dbname);
92
  echo '</br>';
93
- echo sprintf(__('Database Prefix: <span class="wpstg-bold">%s</span>', 'wp-staging'), $prefix);
94
  echo '</br>';
95
- echo sprintf(__('Directory: <span class="wpstg-bold">%s</span>', 'wp-staging'), $cloneDir);
96
  echo '</br>';
97
  echo sprintf(__('URL: <span class="wpstg-bold">%s</span>', 'wp-staging'), $url);
98
  echo '</br>';
99
- echo sprintf(__('Created By: <span class="wpstg-bold">%s</span>', 'wp-staging'), $ownerName);
100
  echo '</br>';
101
  echo $status;
102
  echo '</br>';
103
- echo sprintf(__('Updated: <span>%s</span>', 'wp-staging'), $datetime);
104
 
105
  // Todo: Remove in future versions
106
  if (function_exists('do_action_deprecated')) {
@@ -119,7 +123,7 @@
119
  <?php endif ?>
120
 
121
  <div id="wpstg-no-staging-site-results" class="wpstg-clone" <?php echo $availableClones !== [] ? 'style="display: none;"' : '' ?> >
122
- <img class="wpstg--dashicons" src="<?php echo $iconPath; ?>" alt="cloud">
123
  <div class="no-staging-site-found-text">
124
  <?php _e('No Staging Site found. Create your first Staging Site above!', 'wp-staging'); ?>
125
  </div>
1
  <?php
2
+
3
  /**
4
  * @see \WPStaging\Backend\Administrator::ajaxOverview
5
  *
7
  * @var string $iconPath
8
  * @var $license
9
  */
10
+
11
+ use WPStaging\Framework\Facades\Sanitize;
12
+
13
  ?>
14
  <div id="wpstg-step-1">
15
  <button id="wpstg-new-clone" class="wpstg-next-step-link wpstg-blue-primary wpstg-button" data-action="wpstg_scanning">
24
  <?php _e("Your Staging Sites:", "wp-staging") ?>
25
  </h3>
26
  <?php foreach ($availableClones as $cloneID => $data) : ?>
27
+ <div id="<?php echo Sanitize::sanitizeString($data['directoryName']); ?>" data-clone-id="<?php echo esc_attr($cloneID); ?>" class="wpstg-clone">
28
+ <?php $urlLogin = esc_url($data["url"]); ?>
29
  <div class="wpstg-clone-header">
30
  <a href="<?php echo $urlLogin ?>" class="wpstg-clone-title" target="_blank">
31
+ <?php echo isset($data["cloneName"]) ? Sanitize::sanitizeString($data["cloneName"]) : Sanitize::sanitizeString($data["directoryName"]); ?>
32
  </a>
33
  <?php if (is_multisite()) { ?>
34
  <div class="wpstg-clone-labels">
35
+ <span class="wpstg-clone-label"><?php echo Sanitize::sanitizeString($data['networkClone']) ? __('Network', 'wp-staging') : __('Site', 'wp-staging') ?></span>
36
  </div>
37
  <?php } ?>
38
  <div class="wpstg-clone-actions">
48
  <a href="<?php echo $urlLogin ?>" class="wpstg-open-clone wpstg-clone-action" target="_blank" title="<?php echo __("Open the staging site in a new tab", "wp-staging") ?>">
49
  <?php _e("Open", "wp-staging"); ?>
50
  </a>
51
+ <a href="#" class="wpstg-execute-clone wpstg-clone-action" data-clone="<?php echo esc_attr($cloneID) ?>" title="<?php echo __("Update and overwrite this clone with files and database tables selected on the next page. This will not replace nor modify the wp-config.php on the staging site!", "wp-staging") ?>">
52
  <?php _e("Update", "wp-staging"); ?>
53
  </a>
54
+ <a href="#" class="wpstg-reset-clone wpstg-clone-action" data-clone="<?php echo esc_attr($cloneID) ?>" data-network="<?php echo is_multisite() && $data['networkClone'] ? 'yes' : 'no' ?>" title="<?php echo __("Replace this clone with the production site completely. This includes replacing the wp-config.php and all files and data. Confirm to proceed on the next page.", "wp-staging") ?>">
55
  <?php _e("Reset", "wp-staging"); ?>
56
  </a>
57
+ <a href="#" class="wpstg-remove-clone wpstg-clone-action" data-clone="<?php echo esc_attr($cloneID) ?>" title="<?php echo __("Delete this clone. Select specific folders and database tables in the next step.", "wp-staging") ?>">
58
  <?php _e("Delete", "wp-staging"); ?>
59
  </a>
60
  <?php
70
  $dbname = ! empty($data['databaseDatabase']) ? $data['databaseDatabase'] : DB_NAME;
71
  $prefix = ! empty($data['prefix']) ? $data['prefix'] : '';
72
  $cloneDir = ! empty($data['path']) ? $data['path'] : '';
73
+ $url = ! empty($data['url']) ? sprintf('<a href="%1$s" target="_blank">%1$s</a>', esc_url($data['url'])) : '';
74
  $datetime = ! empty($data['datetime']) ? get_date_from_gmt(date("Y-m-d H:i:s", $data['datetime']), "D, d M Y H:i:s T") : '&nbsp;&nbsp;&nbsp;';
75
  $owner = ! empty($data['ownerId']) ? get_userdata($data['ownerId']) : null;
76
  $ownerName = ! empty($owner->user_login) ? $owner->user_login : 'N/A';
92
  }
93
 
94
 
95
+ echo sprintf(__('Database: <span class="wpstg-bold">%s</span>', 'wp-staging'), esc_html($dbname));
96
  echo '</br>';
97
+ echo sprintf(__('Database Prefix: <span class="wpstg-bold">%s</span>', 'wp-staging'), esc_html($prefix));
98
  echo '</br>';
99
+ echo sprintf(__('Directory: <span class="wpstg-bold">%s</span>', 'wp-staging'), esc_html($cloneDir));
100
  echo '</br>';
101
  echo sprintf(__('URL: <span class="wpstg-bold">%s</span>', 'wp-staging'), $url);
102
  echo '</br>';
103
+ echo sprintf(__('Created By: <span class="wpstg-bold">%s</span>', 'wp-staging'), esc_html($ownerName));
104
  echo '</br>';
105
  echo $status;
106
  echo '</br>';
107
+ echo sprintf(__('Updated: <span>%s</span>', 'wp-staging'), esc_html($datetime));
108
 
109
  // Todo: Remove in future versions
110
  if (function_exists('do_action_deprecated')) {
123
  <?php endif ?>
124
 
125
  <div id="wpstg-no-staging-site-results" class="wpstg-clone" <?php echo $availableClones !== [] ? 'style="display: none;"' : '' ?> >
126
+ <img class="wpstg--dashicons" src="<?php echo esc_url($iconPath); ?>" alt="cloud">
127
  <div class="no-staging-site-found-text">
128
  <?php _e('No Staging Site found. Create your first Staging Site above!', 'wp-staging'); ?>
129
  </div>
Backend/views/clone/ajax/start.php CHANGED
@@ -27,7 +27,7 @@
27
  <?php echo __("Resume", "wp-staging")?>
28
  </button>
29
 
30
- <button type="button" id="wpstg-show-log-button" class="button" data-clone="<?php echo $cloning->getOptions()->clone?>" style="margin-top: 5px;display:none;">
31
  <?php _e('Display working log', 'wp-staging')?>
32
  </button>
33
 
@@ -41,7 +41,7 @@
41
  $subDirectory = str_replace(get_home_path(), '', ABSPATH);
42
  $helper = new \WPStaging\Core\Utils\Helper();
43
  $url = $helper->getHomeUrl() . str_replace('/', '', $subDirectory);
44
- echo sprintf(__('WP STAGING successfully created a staging site in a sub-directory of your main site accessable from:<br><strong><a href="%1$s" target="_blank" id="wpstg-clone-url-1">%1$s</a></strong>', 'wp-staging'), $url);
45
  ?>
46
  <br>
47
  <br>
@@ -79,11 +79,11 @@
79
  <p>
80
  <?php _e('To make it more clear when you work on the staging site WP Staging changed the color of the admin bar:', 'wp-staging') ?>
81
  <br><br>
82
- <img src="<?php echo $this->assets->getAssetsUrl("img/admin_dashboard.png") ?>">
83
  <br>
84
  <?php _e('On the front page the site name also changed to', 'wp-staging') ?> <br>
85
  <strong class="wpstg-font-italic">
86
- "STAGING - <span class="wpstg-clone-name"><?php echo get_bloginfo("name")?></span>"
87
  </strong>.
88
  </p>
89
  </li>
27
  <?php echo __("Resume", "wp-staging")?>
28
  </button>
29
 
30
+ <button type="button" id="wpstg-show-log-button" class="button" data-clone="<?php echo esc_attr($cloning->getOptions()->clone) ?>" style="margin-top: 5px;display:none;">
31
  <?php _e('Display working log', 'wp-staging')?>
32
  </button>
33
 
41
  $subDirectory = str_replace(get_home_path(), '', ABSPATH);
42
  $helper = new \WPStaging\Core\Utils\Helper();
43
  $url = $helper->getHomeUrl() . str_replace('/', '', $subDirectory);
44
+ echo sprintf(__('WP STAGING successfully created a staging site in a sub-directory of your main site accessable from:<br><strong><a href="%1$s" target="_blank" id="wpstg-clone-url-1">%1$s</a></strong>', 'wp-staging'), esc_attr($url));
45
  ?>
46
  <br>
47
  <br>
79
  <p>
80
  <?php _e('To make it more clear when you work on the staging site WP Staging changed the color of the admin bar:', 'wp-staging') ?>
81
  <br><br>
82
+ <img src="<?php echo esc_url($this->assets->getAssetsUrl("img/admin_dashboard.png")) ?>">
83
  <br>
84
  <?php _e('On the front page the site name also changed to', 'wp-staging') ?> <br>
85
  <strong class="wpstg-font-italic">
86
+ "STAGING - <span class="wpstg-clone-name"><?php echo esc_html(get_bloginfo("name")) ?></span>"
87
  </strong>.
88
  </p>
89
  </li>
Backend/views/clone/ajax/update.php CHANGED
@@ -24,7 +24,7 @@
24
  <?php _e("Back", "wp-staging") ?>
25
  </button>
26
 
27
- <button type="button" id="wpstg-cancel-cloning-update" data-job="<?php echo $cloning->getOptions()->mainJob; ?>" class="wpstg-link-btn wpstg-button--primary wpstg-button--red">
28
  <?php
29
  if ($cloning->getOptions()->mainJob === 'resetting') {
30
  _e("Cancel Reset", "wp-staging");
@@ -34,7 +34,7 @@
34
  ?>
35
  </button>
36
 
37
- <button type="button" id="wpstg-show-log-button" class="button" data-clone="<?php echo $cloning->getOptions()->clone?>" style="margin-top: 5px;display:none;">
38
  <?php _e('Display working log', 'wp-staging')?>
39
  </button>
40
 
24
  <?php _e("Back", "wp-staging") ?>
25
  </button>
26
 
27
+ <button type="button" id="wpstg-cancel-cloning-update" data-job="<?php echo esc_attr($cloning->getOptions()->mainJob); ?>" class="wpstg-link-btn wpstg-button--primary wpstg-button--red">
28
  <?php
29
  if ($cloning->getOptions()->mainJob === 'resetting') {
30
  _e("Cancel Reset", "wp-staging");
34
  ?>
35
  </button>
36
 
37
+ <button type="button" id="wpstg-show-log-button" class="button" data-clone="<?php echo esc_attr($cloning->getOptions()->clone) ?>" style="margin-top: 5px;display:none;">
38
  <?php _e('Display working log', 'wp-staging')?>
39
  </button>
40
 
Backend/views/clone/single-site/index.php CHANGED
@@ -35,7 +35,7 @@
35
  </span>
36
  </div>
37
  <a href="https://wp-staging.com/?utm_source=tryout&utm_medium=plugin&utm_campaign=tryout&utm_term=tryout" target="_new">
38
- <img id="wpstg-sidebar--banner" src="<?php echo $this->assets->getAssetsUrl('img/wp-staging274x463-1.png'); ?>">
39
  </a>
40
  </div>
41
  <?php } ?>
35
  </span>
36
  </div>
37
  <a href="https://wp-staging.com/?utm_source=tryout&utm_medium=plugin&utm_campaign=tryout&utm_term=tryout" target="_new">
38
+ <img id="wpstg-sidebar--banner" src="<?php echo esc_url($this->assets->getAssetsUrl('img/wp-staging274x463-1.png')); ?>">
39
  </a>
40
  </div>
41
  <?php } ?>
Backend/views/notices/cache-directory-permission-problem.php CHANGED
@@ -5,10 +5,10 @@
5
  */
6
  ?>
7
  <div class="notice notice-error">
8
- <p><strong>WP STAGING - Folder Permission error. </strong>
9
  <br>
10
- The folder <code><?php echo $cacheDir; ?></code> is not write and/or readable.
11
  <br>
12
- Check if this folder exists! Folder permissions should be chmod 755 or higher.
13
  </p>
14
  </div>
5
  */
6
  ?>
7
  <div class="notice notice-error">
8
+ <p><strong><?php _e('WP STAGING - Folder Permission error.', 'wp-staging'); ?></strong>
9
  <br>
10
+ <?php echo sprintf(esc_html__('The folder %s is not write and/or readable.', 'wp-staging'), '<code>' . esc_html($cacheDir) . '</code>'); ?>
11
  <br>
12
+ <?php _e('Check if this folder exists! Folder permissions should be chmod 755 or higher.', 'wp-staging'); ?>
13
  </p>
14
  </div>
Backend/views/notices/directory-listing-could-not-be-prevented.php CHANGED
@@ -11,5 +11,5 @@
11
  <?php _e('Following the best development practices, WP STAGING tries to prevent directory listing on it\'s own directories
12
  that might contain sensitive data. This warning tells you that we could not prevent directory listing on one
13
  of the directories.'); ?>
14
- <?php echo !empty($directoryListingErrors) ? implode('<br>', esc_html($directoryListingErrors)) : ''; ?></p>
15
  </div>
11
  <?php _e('Following the best development practices, WP STAGING tries to prevent directory listing on it\'s own directories
12
  that might contain sensitive data. This warning tells you that we could not prevent directory listing on one
13
  of the directories.'); ?>
14
+ <?php echo !empty($directoryListingErrors) ? wp_kses(implode('<br>', $directoryListingErrors), ['br']) : ''; ?></p>
15
  </div>
Backend/views/notices/disabled-items-notice.php CHANGED
@@ -38,7 +38,7 @@ use WPStaging\Backend\Notices\Notices;
38
  <?php _e('Excluded the following plugins:', 'wp-staging') ?>
39
  <ul style="margin-left: 0px; margin-top: 4px;">
40
  <?php foreach ($excludedPlugins as $excludedPlugin) : ?>
41
- <li> <span style="font-size: 13px;">➜</span> <?php echo $excludedPlugin; ?></li>
42
  <?php endforeach; ?>
43
  </ul>
44
  </li>
38
  <?php _e('Excluded the following plugins:', 'wp-staging') ?>
39
  <ul style="margin-left: 0px; margin-top: 4px;">
40
  <?php foreach ($excludedPlugins as $excludedPlugin) : ?>
41
+ <li> <span style="font-size: 13px;">➜</span> <?php echo esc_html($excludedPlugin); ?></li>
42
  <?php endforeach; ?>
43
  </ul>
44
  </li>
Backend/views/notices/logs-directory-permission-problem.php CHANGED
@@ -5,11 +5,10 @@
5
  */
6
  ?>
7
  <div class="notice notice-error">
8
- <p>
9
- <strong>WP STAGING - Folder Permission error.</strong>
10
  <br>
11
- The folder <code><?php echo $logsDir; ?></code> is not write and/or readable.
12
  <br>
13
- Check if this folder exists! Folder permissions should be chmod 755 or higher.
14
  </p>
15
  </div>
5
  */
6
  ?>
7
  <div class="notice notice-error">
8
+ <p><strong><?php _e('WP STAGING - Folder Permission error.', 'wp-staging'); ?></strong>
 
9
  <br>
10
+ <?php echo sprintf(esc_html__('The folder %s is not write and/or readable.', 'wp-staging'), '<code>' . esc_html($logsDir) . '</code>'); ?>
11
  <br>
12
+ <?php _e('Check if this folder exists! Folder permissions should be chmod 755 or higher.', 'wp-staging'); ?>
13
  </p>
14
  </div>
Backend/views/notices/outdated-wp-staging-version.php CHANGED
@@ -7,6 +7,6 @@
7
  <div class="wpstg-version-outdated-notice notice notice-error">
8
  <p>
9
  <strong><?php _e('WP STAGING - Version Outdated.', 'wp-staging'); ?></strong> <br/>
10
- <?php echo sprintf(__('WP STAGING v%s is outdated. Please <a href="%s">update</a> to latest version %s to make sure the plugin works with your WordPress version.', 'wp-staging'), $this->getCurrentWpstgVersion(), admin_url('plugins.php'), $this->getLatestWpstgVersion()); ?>
11
  </p>
12
  </div>
7
  <div class="wpstg-version-outdated-notice notice notice-error">
8
  <p>
9
  <strong><?php _e('WP STAGING - Version Outdated.', 'wp-staging'); ?></strong> <br/>
10
+ <?php echo sprintf(__('WP STAGING v%s is outdated. Please <a href="%s">update</a> to latest version %s to make sure the plugin works with your WordPress version.', 'wp-staging'), esc_html($this->getCurrentWpstgVersion()), admin_url('plugins.php'), esc_html($this->getLatestWpstgVersion())); ?>
11
  </p>
12
  </div>
Backend/views/notices/poll.php CHANGED
@@ -1,37 +1,36 @@
1
  <div class="wpstg_poll update-nag wpstg-box-shadow">
2
  <p>
3
- Great, You are using <strong>WP Staging</strong> for a while.
4
- Hope you are happy with it.
5
 
6
  <br><br>
7
 
8
- Are you interested in copying changes from WPStaging staging site back to your live site?
9
 
10
  <br><br>
11
 
12
- Click on the <a href="https://docs.google.com/forms/d/e/1FAIpQLScZ-dO5WffV3xObn16LwG05tr1HrADD_8L4wbTxPHqoPssVcg/viewform?c=0&w=1&usp=mail_form_link" target="_blank"><i>Yes, i am interested</i></a>
13
- Button and fill out the poll!
14
 
15
  <br>
16
 
17
- It only takes one (1) minute of your time - I promise!
18
 
19
  <br><br>
20
 
21
- Cheers,
22
 
23
  <br>
24
 
25
- René
26
  <ul>
27
  <li class="wpstg-float-left">
28
  <a href="https://docs.google.com/forms/d/e/1FAIpQLScZ-dO5WffV3xObn16LwG05tr1HrADD_8L4wbTxPHqoPssVcg/viewform?c=0&w=1&usp=mail_form_link" class="thankyou button button-primary" target="_new" title="Yes, i am interested" style="color: #ffffff;font-weight: normal;margin-right:10px;float:left;">
29
- Yes, i am interested
30
  </a>
31
  </li>
32
  <li>
33
  <a href="javascript:void(0);" data-url="<?php echo admin_url("admin-ajax.php")?>" class="wpstg_hide_poll" title="Close It" style="vertical-align:middle;">
34
- Do Not Ask Again
35
  </a>
36
  </li>
37
  </ul>
1
  <div class="wpstg_poll update-nag wpstg-box-shadow">
2
  <p>
3
+ <?php sprintf(__('Great, You are using %s for a while.', 'wp-staging'), "<strong>WP Staging</strong>"); ?>
4
+ <?php _e('Hope you are happy with it.', 'wp-staging'); ?>
5
 
6
  <br><br>
7
 
8
+ <?php _e('Are you interested in copying changes from WPStaging staging site back to your live site?', 'wp-staging'); ?>
9
 
10
  <br><br>
11
 
12
+ <?php sprintf(__('Click on the %s Button and fill out the poll!', 'wp-staging'), "<a href='https://docs.google.com/forms/d/e/1FAIpQLScZ-dO5WffV3xObn16LwG05tr1HrADD_8L4wbTxPHqoPssVcg/viewform?c=0&w=1&usp=mail_form_link' target='_blank'><i>" . __('Yes, i am interested', 'wp-staging') . "</i></a>"); ?>
 
13
 
14
  <br>
15
 
16
+ <?php _e('It only takes one (1) minute of your time - I promise!', 'wp-staging'); ?>
17
 
18
  <br><br>
19
 
20
+ <?php _e('Cheers,', 'wp-staging'); ?>
21
 
22
  <br>
23
 
24
+ <?php _e('René', 'wp-staging'); ?>
25
  <ul>
26
  <li class="wpstg-float-left">
27
  <a href="https://docs.google.com/forms/d/e/1FAIpQLScZ-dO5WffV3xObn16LwG05tr1HrADD_8L4wbTxPHqoPssVcg/viewform?c=0&w=1&usp=mail_form_link" class="thankyou button button-primary" target="_new" title="Yes, i am interested" style="color: #ffffff;font-weight: normal;margin-right:10px;float:left;">
28
+ <?php _e('Yes, i am interested', 'wp-staging'); ?>
29
  </a>
30
  </li>
31
  <li>
32
  <a href="javascript:void(0);" data-url="<?php echo admin_url("admin-ajax.php")?>" class="wpstg_hide_poll" title="Close It" style="vertical-align:middle;">
33
+ <?php _e('Do Not Ask Again', 'wp-staging'); ?>
34
  </a>
35
  </li>
36
  </ul>
Backend/views/notices/vars-directory-permission-problem.php CHANGED
@@ -1,9 +1,14 @@
 
 
 
 
 
 
1
  <div class="notice notice-error">
2
- <p>
3
- <strong>WP STAGING - Folder Permission error. </strong>
4
  <br>
5
- The folder <code><?php echo "{$varsDirectory}"?></code> is not write and/or readable.
6
  <br>
7
- Check if this folder exists! Folder permissions should be chmod 755 or 777.
8
  </p>
9
- </div>
1
+ <?php
2
+ /**
3
+ * @var string $varsDirectory
4
+ * @see \WPStaging\Backend\Notices\Notices::messages
5
+ */
6
+ ?>
7
  <div class="notice notice-error">
8
+ <p><strong><?php _e('WP STAGING - Folder Permission error.', 'wp-staging'); ?></strong>
 
9
  <br>
10
+ <?php echo sprintf(esc_html__('The folder %s is not write and/or readable.', 'wp-staging'), '<code>' . esc_html($varsDirectory) . '</code>'); ?>
11
  <br>
12
+ <?php _e('Check if this folder exists! Folder permissions should be chmod 755 or 777.', 'wp-staging'); ?>
13
  </p>
14
+ </div>
Backend/views/notices/wp-options-missing-pk.php CHANGED
@@ -6,7 +6,7 @@
6
  ?>
7
  <div class="notice notice-error">
8
  <p>
9
- <strong><?php echo sprintf(__('WP STAGING - Your table %s has no primary key index.', 'wp-staging'), $optionTable)?></strong>
10
  <br>
11
  <?php _e('This is a serious issue and needs to be fixed as soon as possible. The longer you wait, the harder it gets to repair it and can make your site inaccessible at worst. We recommend fixing it right now! This error has either been caused by a person with access to the database or by another plugin. You should not do any changes to your site until this is fixed.', 'wp-staging') ?>
12
  </p>
6
  ?>
7
  <div class="notice notice-error">
8
  <p>
9
+ <strong><?php echo sprintf(__('WP STAGING - The table %s has no primary key index.', 'wp-staging'), $optionTable)?></strong>
10
  <br>
11
  <?php _e('This is a serious issue and needs to be fixed as soon as possible. The longer you wait, the harder it gets to repair it and can make your site inaccessible at worst. We recommend fixing it right now! This error has either been caused by a person with access to the database or by another plugin. You should not do any changes to your site until this is fixed.', 'wp-staging') ?>
12
  </p>
Backend/views/selections/database-tables.php CHANGED
@@ -19,7 +19,7 @@
19
  </p>
20
  <div class="wpstg-my-10px">
21
  <a href="#" class="wpstg-button-unselect button"><?php _e('Unselect All', 'wp-staging'); ?></a>
22
- <a href="#" class="wpstg-button-select button"> <?php echo $dbPrefix ?> </a>
23
  </div>
24
  <select multiple="multiple" id="wpstg_select_tables_cloning">
25
  <?php
@@ -31,14 +31,14 @@
31
 
32
  $attributes .= in_array($table->name, $options->clonedTables) ? "disabled" : '';
33
  ?>
34
- <option class="wpstg-db-table" value="<?php echo $table->name ?>" name="<?php echo $table->name ?>" <?php echo $attributes ?>>
35
- <?php echo $table->name ?> - <?php echo size_format($table->size, 2) ?>
36
  </option>
37
  <?php endforeach ?>
38
  </select>
39
  <div class="wpstg-mt-10px">
40
  <a href="#" class="wpstg-button-unselect button"> <?php _e('Unselect All', 'wp-staging'); ?> </a>
41
- <a href="#" class="wpstg-button-select button"> <?php echo $dbPrefix; ?> </a>
42
  </div>
43
  <p>
44
  <?php _e("You can select multiple tables. Press left mouse button & move or press STRG+Left mouse button. (Apple: ⌘+Left Mouse Button)", "wp-staging"); ?>
19
  </p>
20
  <div class="wpstg-my-10px">
21
  <a href="#" class="wpstg-button-unselect button"><?php _e('Unselect All', 'wp-staging'); ?></a>
22
+ <a href="#" class="wpstg-button-select button"> <?php echo esc_html($dbPrefix) ?> </a>
23
  </div>
24
  <select multiple="multiple" id="wpstg_select_tables_cloning">
25
  <?php
31
 
32
  $attributes .= in_array($table->name, $options->clonedTables) ? "disabled" : '';
33
  ?>
34
+ <option class="wpstg-db-table" value="<?php echo esc_attr($table->name) ?>" name="<?php echo esc_attr($table->name) ?>" <?php echo $attributes ?>>
35
+ <?php echo esc_html($table->name) ?> - <?php echo esc_html(size_format($table->size, 2)) ?>
36
  </option>
37
  <?php endforeach ?>
38
  </select>
39
  <div class="wpstg-mt-10px">
40
  <a href="#" class="wpstg-button-unselect button"> <?php _e('Unselect All', 'wp-staging'); ?> </a>
41
+ <a href="#" class="wpstg-button-select button"> <?php echo esc_html($dbPrefix); ?> </a>
42
  </div>
43
  <p>
44
  <?php _e("You can select multiple tables. Press left mouse button & move or press STRG+Left mouse button. (Apple: ⌘+Left Mouse Button)", "wp-staging"); ?>
Backend/views/settings/tabs/storages/amazons3-settings.php CHANGED
@@ -1,7 +1,11 @@
1
  <?php
 
2
  /**
3
  * @var string $providerId
4
  */
 
 
 
5
  ?>
6
  <fieldset>
7
  <?php
@@ -9,11 +13,11 @@
9
  $amazonS3Storage = \WPStaging\Core\WPStaging::make(\WPStaging\Pro\Backup\Storage\Storages\Amazon\S3::class);
10
  $isStorageAuthenticated = $amazonS3Storage->isAuthenticated();
11
  $options = $amazonS3Storage->getOptions();
12
- $accessKey = empty($options['accessKey']) ? '' : $options['accessKey'];
13
- $secretKey = empty($options['secretKey']) ? '' : $options['secretKey'];
14
- $region = empty($options['region']) ? '' : $options['region'];
15
- $maxBackupsToKeep = empty($options['maxBackupsToKeep']) ? 2 : $options['maxBackupsToKeep'];
16
- $location = empty($options['location']) ? '' : $options['location'];
17
  ?>
18
  <p>
19
  <strong class="wpstg-fs-14"><?php _e('Amazon S3', 'wp-staging'); ?></strong>
1
  <?php
2
+
3
  /**
4
  * @var string $providerId
5
  */
6
+
7
+ use WPStaging\Framework\Facades\Sanitize;
8
+
9
  ?>
10
  <fieldset>
11
  <?php
13
  $amazonS3Storage = \WPStaging\Core\WPStaging::make(\WPStaging\Pro\Backup\Storage\Storages\Amazon\S3::class);
14
  $isStorageAuthenticated = $amazonS3Storage->isAuthenticated();
15
  $options = $amazonS3Storage->getOptions();
16
+ $accessKey = empty($options['accessKey']) ? '' : Sanitize::sanitizeString($options['accessKey']);
17
+ $secretKey = empty($options['secretKey']) ? '' : Sanitize::sanitizeString($options['secretKey']);
18
+ $region = empty($options['region']) ? '' : Sanitize::sanitizeString($options['region']);
19
+ $maxBackupsToKeep = empty($options['maxBackupsToKeep']) ? 2 : Sanitize::sanitizeInt($options['maxBackupsToKeep']);
20
+ $location = empty($options['location']) ? '' : Sanitize::sanitizeString($options['location']);
21
  ?>
22
  <p>
23
  <strong class="wpstg-fs-14"><?php _e('Amazon S3', 'wp-staging'); ?></strong>
Backend/views/settings/tabs/storages/googledrive-settings.php CHANGED
@@ -1,7 +1,11 @@
1
  <?php
 
2
  /**
3
  * @var string $providerId
4
  */
 
 
 
5
  ?>
6
  <fieldset>
7
  <?php
@@ -10,11 +14,11 @@
10
  $isGoogleDriveAuthenticated = $googleDriveStorage->isAuthenticated();
11
  $options = $googleDriveStorage->getOptions();
12
 
13
- $maxBackupsToKeep = isset($options['maxBackupsToKeep']) ? $options['maxBackupsToKeep'] : 2;
14
- $folderName = isset($options['folderName']) ? $options['folderName'] : \WPStaging\Pro\Backup\Storage\Storages\GoogleDrive\Auth::FOLDER_NAME;
15
 
16
- $googleClientId = isset($options['googleClientId']) ? $options['googleClientId'] : '';
17
- $googleClientSecret = isset($options['googleClientSecret']) ? $options['googleClientSecret'] : '';
18
  $defaultApiAuthorizeURL = add_query_arg(
19
  [
20
  'action' => 'wpstg-googledrive-api-auth',
@@ -22,7 +26,7 @@
22
  network_admin_url('admin-post.php')
23
  );
24
 
25
- $googleRedirectURI = isset($options['googleRedirectURI']) ? $options['googleRedirectURI'] : $defaultApiAuthorizeURL;
26
  ?>
27
  <p>
28
  <strong class="wpstg-fs-14"> <?php _e('Google Drive', 'wp-staging'); ?></strong>
1
  <?php
2
+
3
  /**
4
  * @var string $providerId
5
  */
6
+
7
+ use WPStaging\Framework\Facades\Sanitize;
8
+
9
  ?>
10
  <fieldset>
11
  <?php
14
  $isGoogleDriveAuthenticated = $googleDriveStorage->isAuthenticated();
15
  $options = $googleDriveStorage->getOptions();
16
 
17
+ $maxBackupsToKeep = isset($options['maxBackupsToKeep']) ? Sanitize::sanitizeInt($options['maxBackupsToKeep']) : 2;
18
+ $folderName = isset($options['folderName']) ? Sanitize::sanitizeString($options['folderName']) : \WPStaging\Pro\Backup\Storage\Storages\GoogleDrive\Auth::FOLDER_NAME;
19
 
20
+ $googleClientId = isset($options['googleClientId']) ? Sanitize::sanitizeString($options['googleClientId']) : '';
21
+ $googleClientSecret = isset($options['googleClientSecret']) ? Sanitize::sanitizeString($options['googleClientSecret']) : '';
22
  $defaultApiAuthorizeURL = add_query_arg(
23
  [
24
  'action' => 'wpstg-googledrive-api-auth',
26
  network_admin_url('admin-post.php')
27
  );
28
 
29
+ $googleRedirectURI = isset($options['googleRedirectURI']) ? Sanitize::sanitizeString($options['googleRedirectURI']) : $defaultApiAuthorizeURL;
30
  ?>
31
  <p>
32
  <strong class="wpstg-fs-14"> <?php _e('Google Drive', 'wp-staging'); ?></strong>
Backend/views/settings/tabs/storages/sftp-settings.php CHANGED
@@ -1,24 +1,28 @@
1
  <?php
 
2
  /**
3
  * @var string $providerId
4
  */
 
 
 
5
  ?>
6
  <fieldset>
7
  <?php
8
  /** @var \WPStaging\Pro\Backup\Storage\Storages\SFTP\Auth */
9
  $storage = \WPStaging\Core\WPStaging::make(\WPStaging\Pro\Backup\Storage\Storages\SFTP\Auth::class);
10
  $options = $storage->getOptions();
11
- $ftpType = !empty($options['ftpType']) ? $options['ftpType'] : 'ftp';
12
- $host = !empty($options['host']) ? $options['host'] : '';
13
- $port = !empty($options['port']) ? $options['port'] : '';
14
- $username = !empty($options['username']) ? $options['username'] : '';
15
- $password = !empty($options['password']) ? $options['password'] : '';
16
- $ssl = isset($options['ssl']) ? $options['ssl'] : false;
17
- $passive = isset($options['passive']) ? $options['passive'] : false;
18
- $privateKey = !empty($options['key']) ? $options['key'] : '';
19
- $passphrase = !empty($options['passphrase']) ? $options['passphrase'] : '';
20
- $maxBackupsToKeep = isset($options['maxBackupsToKeep']) ? $options['maxBackupsToKeep'] : 2;
21
- $location = isset($options['location']) ? $options['location'] : '';
22
  ?>
23
  <p>
24
  <strong class="wpstg-fs-14"> <?php _e('FTP/SFTP', 'wp-staging'); ?></strong>
1
  <?php
2
+
3
  /**
4
  * @var string $providerId
5
  */
6
+
7
+ use WPStaging\Framework\Facades\Sanitize;
8
+
9
  ?>
10
  <fieldset>
11
  <?php
12
  /** @var \WPStaging\Pro\Backup\Storage\Storages\SFTP\Auth */
13
  $storage = \WPStaging\Core\WPStaging::make(\WPStaging\Pro\Backup\Storage\Storages\SFTP\Auth::class);
14
  $options = $storage->getOptions();
15
+ $ftpType = !empty($options['ftpType']) ? Sanitize::sanitizeString($options['ftpType']) : 'ftp';
16
+ $host = !empty($options['host']) ? Sanitize::sanitizeString($options['host']) : '';
17
+ $port = !empty($options['port']) ? Sanitize::sanitizeString($options['port']) : '';
18
+ $username = !empty($options['username']) ? Sanitize::sanitizeString($options['username']) : '';
19
+ $password = !empty($options['password']) ? Sanitize::sanitizeString($options['password']) : '';
20
+ $ssl = isset($options['ssl']) ? Sanitize::sanitizeBool($options['ssl']) : false;
21
+ $passive = isset($options['passive']) ? Sanitize::sanitizeBool($options['passive']) : false;
22
+ $privateKey = !empty($options['key']) ? Sanitize::sanitizeString($options['key']) : '';
23
+ $passphrase = !empty($options['passphrase']) ? Sanitize::sanitizeString($options['passphrase']) : '';
24
+ $maxBackupsToKeep = isset($options['maxBackupsToKeep']) ? Sanitize::sanitizeInt($options['maxBackupsToKeep']) : 2;
25
+ $location = isset($options['location']) ? Sanitize::sanitizeString($options['location']) : '';
26
  ?>
27
  <p>
28
  <strong class="wpstg-fs-14"> <?php _e('FTP/SFTP', 'wp-staging'); ?></strong>
Backend/views/templates/exclude-filters/dir-name-exclude-filter.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
 
 
3
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
4
 
5
  /**
@@ -18,7 +19,7 @@ use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
18
  <option value="<?php echo ExcludeFilter::NAME_EXACT_MATCHES ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_EXACT_MATCHES ? 'selected' : '' ?>><?php _e('EXACT MATCHES', 'wp-staging') ?></option>
19
  <option value="<?php echo ExcludeFilter::NAME_CONTAINS ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_CONTAINS ? 'selected' : '' ?>><?php _e('CONTAINS', 'wp-staging') ?></option>
20
  </select>
21
- <input type="text" class="wpstg-exclude-rule-input" name="wpstgDirNameExcludeRulePath[]" value="<?php echo isset($name) ? $name : '' ?>" />
22
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
23
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
24
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude folders by name. For example to exclude all folder with name node_modules, select %s and type %s in the input box.', 'wp-staging'), '<code class="wpstg-code">' . __('EXACT MATCHES', 'wp-staging') . '</code>', '<code class="wpstg-code">node_modules</code>') ?>
1
  <?php
2
 
3
+ use WPStaging\Framework\Facades\Sanitize;
4
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
5
 
6
  /**
19
  <option value="<?php echo ExcludeFilter::NAME_EXACT_MATCHES ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_EXACT_MATCHES ? 'selected' : '' ?>><?php _e('EXACT MATCHES', 'wp-staging') ?></option>
20
  <option value="<?php echo ExcludeFilter::NAME_CONTAINS ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_CONTAINS ? 'selected' : '' ?>><?php _e('CONTAINS', 'wp-staging') ?></option>
21
  </select>
22
+ <input type="text" class="wpstg-exclude-rule-input" name="wpstgDirNameExcludeRulePath[]" value="<?php echo isset($name) ? Sanitize::sanitizeString($name) : '' ?>" />
23
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
24
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
25
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude folders by name. For example to exclude all folder with name node_modules, select %s and type %s in the input box.', 'wp-staging'), '<code class="wpstg-code">' . __('EXACT MATCHES', 'wp-staging') . '</code>', '<code class="wpstg-code">node_modules</code>') ?>
Backend/views/templates/exclude-filters/file-ext-exclude-filter.php CHANGED
@@ -1,14 +1,18 @@
1
  <?php
 
2
  /**
3
  * @var string $extension
4
  *
5
  * @see \WPStaging\Framework\Filesystem\Filters\ExcludeFilter::renderExclude For details on $extension.
6
  */
 
 
 
7
  ?>
8
  <tr>
9
  <td class="wpstg-exclude-filter-name-column"><?php _e('File Extension', 'wp-staging') ?></td>
10
  <td class="wpstg-exclude-filter-exclusion-column">
11
- <input type="text" name='wpstgFileExtExcludeRule[]' class="wpstg-exclude-rule-input file-ext" value="<?php echo isset($extension) ? $extension : '' ?>" />
12
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
13
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
14
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude files by extension. For example to exclude zip files, type %s to exclude all zip files.', 'wp-staging'), '<code class="wpstg-code">zip</code>') ?> </p>
1
  <?php
2
+
3
  /**
4
  * @var string $extension
5
  *
6
  * @see \WPStaging\Framework\Filesystem\Filters\ExcludeFilter::renderExclude For details on $extension.
7
  */
8
+
9
+ use WPStaging\Framework\Facades\Sanitize;
10
+
11
  ?>
12
  <tr>
13
  <td class="wpstg-exclude-filter-name-column"><?php _e('File Extension', 'wp-staging') ?></td>
14
  <td class="wpstg-exclude-filter-exclusion-column">
15
+ <input type="text" name='wpstgFileExtExcludeRule[]' class="wpstg-exclude-rule-input file-ext" value="<?php echo isset($extension) ? Sanitize::sanitizeString($extension) : '' ?>" />
16
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
17
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
18
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude files by extension. For example to exclude zip files, type %s to exclude all zip files.', 'wp-staging'), '<code class="wpstg-code">zip</code>') ?> </p>
Backend/views/templates/exclude-filters/file-name-exclude-filter.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
 
 
3
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
4
 
5
  /**
@@ -18,7 +19,7 @@ use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
18
  <option value="<?php echo ExcludeFilter::NAME_EXACT_MATCHES ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_EXACT_MATCHES ? 'selected' : '' ?>><?php _e('EXACT MATCHES', 'wp-staging') ?></option>
19
  <option value="<?php echo ExcludeFilter::NAME_CONTAINS ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_CONTAINS ? 'selected' : '' ?>><?php _e('CONTAINS', 'wp-staging') ?></option>
20
  </select>
21
- <input type="text" class="wpstg-exclude-rule-input" name="wpstgFileNameExcludeRulePath[]" value="<?php echo isset($name) ? $name : '' ?>" />
22
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
23
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
24
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude files by name. For example to exclude all files which have %s at the end of the name, select %s and type %s in the input box.', 'wp-staging'), '<code class="wpstg-code">-class</code>', '<code class="wpstg-code">' . __('ENDS WITH', 'wp-staging') . '</code>', '<code class="wpstg-code">-class</code>') ?>
1
  <?php
2
 
3
+ use WPStaging\Framework\Facades\Sanitize;
4
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
5
 
6
  /**
19
  <option value="<?php echo ExcludeFilter::NAME_EXACT_MATCHES ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_EXACT_MATCHES ? 'selected' : '' ?>><?php _e('EXACT MATCHES', 'wp-staging') ?></option>
20
  <option value="<?php echo ExcludeFilter::NAME_CONTAINS ?>" <?php echo isset($rule) && $rule === ExcludeFilter::NAME_CONTAINS ? 'selected' : '' ?>><?php _e('CONTAINS', 'wp-staging') ?></option>
21
  </select>
22
+ <input type="text" class="wpstg-exclude-rule-input" name="wpstgFileNameExcludeRulePath[]" value="<?php echo isset($name) ? Sanitize::sanitizeString($name) : '' ?>" />
23
  <div class="wpstg--tooltip wpstg--exclude-rules--tooltip">
24
  <button class="wpstg-exclusion-rule-info" type="button">i</button>
25
  <p class="wpstg--tooltiptext has-top-arrow"><?php echo sprintf(__('Exclude files by name. For example to exclude all files which have %s at the end of the name, select %s and type %s in the input box.', 'wp-staging'), '<code class="wpstg-code">-class</code>', '<code class="wpstg-code">' . __('ENDS WITH', 'wp-staging') . '</code>', '<code class="wpstg-code">-class</code>') ?>
Backend/views/templates/exclude-filters/file-size-exclude-filter.php CHANGED
@@ -1,5 +1,6 @@
1
  <?php
2
 
 
3
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
4
 
5
  /**
@@ -18,7 +19,7 @@ use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
18
  <option value="<?php echo ExcludeFilter::SIZE_GREATER_THAN ?>" <?php echo isset($comparison) && $comparison === ExcludeFilter::SIZE_GREATER_THAN ? "selected" : '' ?>><?php _e('GREATER THAN', 'wp-staging') ?></option>
19
  <option value="<?php echo ExcludeFilter::SIZE_EQUAL_TO ?>" <?php echo isset($comparison) && $comparison === ExcludeFilter::SIZE_EQUAL_TO ? "selected" : '' ?>><?php _e('EXACT', 'wp-staging') ?></option>
20
  </select>
21
- <input type="number" class="wpstg-exclude-rule-input wpstg-file-size-exclude-input" name="wpstgFileSizeExcludeRuleSize[]" <?php echo isset($bytes) ? "value='$bytes'" : '' ?> />
22
  <select class="wpstg-exclude-rule-input wpstg-file-size-exclude-select-small" name="wpstgFileSizeExcludeRuleByte[]">
23
  <option value="<?php echo ExcludeFilter::SIZE_KB ?>" <?php echo isset($size) && strpos($size, ExcludeFilter::SIZE_KB) !== false ? "selected" : '' ?>>KB</option>
24
  <option value="<?php echo ExcludeFilter::SIZE_MB ?>" <?php echo isset($size) && strpos($size, ExcludeFilter::SIZE_MB) !== false ? "selected" : '' ?>>MB</option>
1
  <?php
2
 
3
+ use WPStaging\Framework\Facades\Sanitize;
4
  use WPStaging\Framework\Filesystem\Filters\ExcludeFilter;
5
 
6
  /**
19
  <option value="<?php echo ExcludeFilter::SIZE_GREATER_THAN ?>" <?php echo isset($comparison) && $comparison === ExcludeFilter::SIZE_GREATER_THAN ? "selected" : '' ?>><?php _e('GREATER THAN', 'wp-staging') ?></option>
20
  <option value="<?php echo ExcludeFilter::SIZE_EQUAL_TO ?>" <?php echo isset($comparison) && $comparison === ExcludeFilter::SIZE_EQUAL_TO ? "selected" : '' ?>><?php _e('EXACT', 'wp-staging') ?></option>
21
  </select>
22
+ <input type="number" class="wpstg-exclude-rule-input wpstg-file-size-exclude-input" name="wpstgFileSizeExcludeRuleSize[]" value="<?php echo isset($bytes) ? Sanitize::sanitizeInt($bytes) : '0' ?>" />
23
  <select class="wpstg-exclude-rule-input wpstg-file-size-exclude-select-small" name="wpstgFileSizeExcludeRuleByte[]">
24
  <option value="<?php echo ExcludeFilter::SIZE_KB ?>" <?php echo isset($size) && strpos($size, ExcludeFilter::SIZE_KB) !== false ? "selected" : '' ?>>KB</option>
25
  <option value="<?php echo ExcludeFilter::SIZE_MB ?>" <?php echo isset($size) && strpos($size, ExcludeFilter::SIZE_MB) !== false ? "selected" : '' ?>>MB</option>
Core/Forms/Elements.php CHANGED
@@ -178,7 +178,7 @@ abstract class Elements implements InterfaceElement
178
  */
179
  public function setDefault($value)
180
  {
181
- $this->default = $value;
182
 
183
  return $this;
184
  }
178
  */
179
  public function setDefault($value)
180
  {
181
+ $this->default = esc_attr__($value);
182
 
183
  return $this;
184
  }
Core/WPStaging.php CHANGED
@@ -14,6 +14,7 @@ use WPStaging\Framework\DI\Container;
14
  use WPStaging\Framework\Filesystem\DirectoryListing;
15
  use WPStaging\Framework\Filesystem\Filesystem;
16
  use WPStaging\Framework\Permalinks\PermalinksPurge;
 
17
  use WPStaging\Framework\Staging\FirstRun;
18
  use WPStaging\Frontend\Frontend;
19
  use WPStaging\Frontend\FrontendServiceProvider;
@@ -72,6 +73,7 @@ final class WPStaging
72
 
73
  $this->container->register(CommonServiceProvider::class);
74
  $this->container->register(AssetServiceProvider::class);
 
75
 
76
  $this->cloneSiteFirstRun();
77
 
14
  use WPStaging\Framework\Filesystem\DirectoryListing;
15
  use WPStaging\Framework\Filesystem\Filesystem;
16
  use WPStaging\Framework\Permalinks\PermalinksPurge;
17
+ use WPStaging\Framework\SettingsServiceProvider;
18
  use WPStaging\Framework\Staging\FirstRun;
19
  use WPStaging\Frontend\Frontend;
20
  use WPStaging\Frontend\FrontendServiceProvider;
73
 
74
  $this->container->register(CommonServiceProvider::class);
75
  $this->container->register(AssetServiceProvider::class);
76
+ $this->container->register(SettingsServiceProvider::class);
77
 
78
  $this->cloneSiteFirstRun();
79
 
Framework/Facades/Facade.php ADDED
@@ -0,0 +1,107 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ namespace WPStaging\Framework\Facades;
4
+
5
+ use Exception;
6
+ use ReflectionMethod;
7
+ use RuntimeException;
8
+ use WPStaging\Core\WPStaging;
9
+
10
+ /**
11
+ * Class Facade
12
+ *
13
+ * As the name suggest it works and behaves as a Laravel Facade but without the mockery
14
+ * It still has swapInstance static method to make mocking easy
15
+ *
16
+ * @package WPStaging\Framework\Facades
17
+ */
18
+ abstract class Facade
19
+ {
20
+ protected static $facadeInstance = null;
21
+
22
+ /**
23
+ * Caution: Use in testing Only
24
+ * It replace the current instance with the given instance and return old instance
25
+ * @param self $instance
26
+ * @return self
27
+ * @throws RuntimeException
28
+ */
29
+ public static function swapInstance($instance)
30
+ {
31
+ $oldInstance = static::$facadeInstance;
32
+ static::setInstance($instance);
33
+ return $oldInstance;
34
+ }
35
+
36
+ /**
37
+ * Caution: Use in testing Only
38
+ * @param self $instance
39
+ * @throws RuntimeException
40
+ */
41
+ public static function setInstance($instance)
42
+ {
43
+ $class = static::getFacadeAccessor();
44
+ if ($instance instanceof $class) {
45
+ static::$facadeInstance = $instance;
46
+ return;
47
+ }
48
+
49
+ throw new RuntimeException('Given instance is not an instance of ' . $class);
50
+ }
51
+
52
+ /**
53
+ * @param string $method
54
+ * @param array $args
55
+ * @return mixed
56
+ */
57
+ public static function __callStatic($method, $args)
58
+ {
59
+ $instance = static::getInstance();
60
+
61
+ if ($instance === null) {
62
+ throw new RuntimeException('A facade instance cannot be created!');
63
+ }
64
+
65
+ if (!method_exists($instance, $method)) {
66
+ throw new RuntimeException('Method does not exists!');
67
+ }
68
+
69
+ $reflection = new ReflectionMethod($instance, $method);
70
+ if (!$reflection->isPublic()) {
71
+ throw new RuntimeException('Can only call a public method!');
72
+ }
73
+
74
+ return $instance->$method(...$args);
75
+ }
76
+
77
+ protected static function createInstance()
78
+ {
79
+ try {
80
+ static::$facadeInstance = WPStaging::make(static::getFacadeAccessor());
81
+ } catch (Exception $ex) {
82
+ static::$facadeInstance = null;
83
+ }
84
+ }
85
+
86
+ /** @return self */
87
+ protected static function getInstance()
88
+ {
89
+ if (static::$facadeInstance === null) {
90
+ static::createInstance();
91
+ }
92
+
93
+ return static::$facadeInstance;
94
+ }
95
+
96
+ /**
97
+ * Get the registered name of the component.
98
+ *
99
+ * @return string
100
+ *
101
+ * @throws RuntimeException
102
+ */
103
+ protected static function getFacadeAccessor()
104
+ {
105
+ throw new RuntimeException('Facade does not implement getFacadeAccessor method.');
106
+ }
107
+ }
Framework/Facades/Sanitize.php ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ namespace WPStaging\Framework\Facades;
4
+
5
+ use WPStaging\Framework\Utils\Sanitize as UtilsSanitize;
6
+
7
+ /**
8
+ * @method static string sanitizeString(mixed $value)
9
+ * @method static int|string sanitizeInt(mixed $value)
10
+ * @method static bool sanitizeBool(mixed $value)
11
+ * @method static string sanitizeEmail(mixed $value)
12
+ */
13
+ class Sanitize extends Facade
14
+ {
15
+ protected static function getFacadeAccessor()
16
+ {
17
+ return UtilsSanitize::class;
18
+ }
19
+ }
Framework/Settings/Settings.php ADDED
@@ -0,0 +1,159 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ namespace WPStaging\Framework\Settings;
4
+
5
+ use WPStaging\Core\WPStaging;
6
+ use WPStaging\Framework\SiteInfo;
7
+ use WPStaging\Framework\Utils\Sanitize;
8
+ use WPStaging\Pro\Backup\BackupScheduler;
9
+
10
+ class Settings
11
+ {
12
+ /**
13
+ * @var array
14
+ * Sanitize the options to escape from XSS
15
+ */
16
+ private $optionsToSanitize = [
17
+ 'queryLimit' => 'sanitizeInt',
18
+ 'querySRLimit' => 'sanitizeInt',
19
+ 'fileLimit' => 'sanitizeInt',
20
+ 'maxFileSize' => 'sanitizeInt',
21
+ 'batchSize' => 'sanitizeInt',
22
+ 'delayRequest' => 'sanitizeInt',
23
+ 'cpuLoad' => 'sanitizeString',
24
+ 'unInstallOnDelete' => 'sanitizeBool',
25
+ 'optimizer' => 'sanitizeBool',
26
+ 'disableAdminLogin' => 'sanitizeBool',
27
+ 'keepPermalinks' => 'sanitizeBool',
28
+ 'checkDirectorySize' => 'sanitizeBool',
29
+ 'debugMode' => 'sanitizeBool',
30
+ 'schedulesErrorReport' => 'sanitizeBool',
31
+ 'schedulesReportEmail' => 'sanitizeEmail',
32
+ ];
33
+
34
+ /**
35
+ * @var SiteInfo
36
+ */
37
+ private $siteInfo;
38
+
39
+ /**
40
+ * @var Sanitize
41
+ */
42
+ private $sanitize;
43
+
44
+ public function __construct(SiteInfo $siteInfo, Sanitize $sanitize)
45
+ {
46
+ $this->siteInfo = $siteInfo;
47
+ $this->sanitize = $sanitize;
48
+ }
49
+
50
+ public function registerSettings()
51
+ {
52
+ register_setting("wpstg_settings", "wpstg_settings", [$this, "sanitizeOptions"]);
53
+ }
54
+
55
+ /**
56
+ * Sanitize options data and delete the cache
57
+ * @param array $data
58
+ * @return array
59
+ */
60
+ public function sanitizeOptions($data = [])
61
+ {
62
+ // is_array() is required otherwise new clone will fail.
63
+ $showErrorToggleStagingSiteCloning = false;
64
+ if ($this->siteInfo->isStagingSite() && is_array($data)) {
65
+ $isStagingCloneable = isset($data['isStagingSiteCloneable']) ? $data['isStagingSiteCloneable'] : 'false';
66
+ unset($data['isStagingSiteCloneable']);
67
+ $showErrorToggleStagingSiteCloning = !$this->toggleStagingSiteCloning($isStagingCloneable === 'true');
68
+ }
69
+
70
+ if (WPStaging::isPro() && is_array($data)) {
71
+ $sendBackupSchedulesErrorReport = isset($data['schedulesErrorReport']) ? $data['schedulesErrorReport'] : false;
72
+ $reportEmail = isset($data['schedulesReportEmail']) ? $data['schedulesReportEmail'] : '';
73
+ unset($data['schedulesErrorReport']);
74
+ unset($data['wpstg-send-schedules-report-email']);
75
+ $this->setBackupScheduleOptions($sendBackupSchedulesErrorReport, $reportEmail);
76
+ }
77
+
78
+ $sanitized = $this->sanitizeData($data);
79
+
80
+ if ($showErrorToggleStagingSiteCloning) {
81
+ add_settings_error("wpstg-notices", '', __("Settings updated. But unable to activate/deactivate the site cloneable status!", "wp-staging"), "warning");
82
+ } else {
83
+ add_settings_error("wpstg-notices", '', __("Settings updated.", "wp-staging"), "updated");
84
+ }
85
+
86
+ return apply_filters("wpstg-settings", $sanitized, $data);
87
+ }
88
+
89
+ /**
90
+ * @param array $data
91
+ * @return array
92
+ */
93
+ protected function sanitizeData($data = [])
94
+ {
95
+ $sanitized = [];
96
+
97
+ foreach ($data as $key => $value) {
98
+ if (is_array($value)) {
99
+ $sanitized[$key] = $this->sanitizeData($value);
100
+ continue;
101
+ }
102
+
103
+ $val = htmlspecialchars($value);
104
+ if (array_key_exists($key, $this->optionsToSanitize)) {
105
+ $sanitizeMethod = $this->optionsToSanitize[$key];
106
+ $val = $this->sanitize->$sanitizeMethod($val);
107
+ }
108
+
109
+ $sanitized[$key] = wp_filter_nohtml_kses($val);
110
+ }
111
+
112
+ return $sanitized;
113
+ }
114
+
115
+ /**
116
+ * Toggle staging site cloning
117
+ *
118
+ * @param bool $isCloneable
119
+ *
120
+ * @return bool
121
+ */
122
+ protected function toggleStagingSiteCloning($isCloneable)
123
+ {
124
+ if ($isCloneable && $this->siteInfo->enableStagingSiteCloning()) {
125
+ return true;
126
+ }
127
+
128
+ if (!$isCloneable && $this->siteInfo->disableStagingSiteCloning()) {
129
+ return true;
130
+ }
131
+
132
+ return false;
133
+ }
134
+
135
+ /**
136
+ * Set backup schedule error reporting options
137
+ *
138
+ * @param bool $sendBackupSchedulesErrorReport
139
+ * @param string $reportEmail
140
+ * @return bool
141
+ */
142
+ protected function setBackupScheduleOptions($sendBackupSchedulesErrorReport, $reportEmail)
143
+ {
144
+ if (!WPStaging::isPro()) {
145
+ return false;
146
+ }
147
+
148
+ if (!class_exists('WPStaging\Pro\Backup\BackupScheduler')) {
149
+ return false;
150
+ }
151
+
152
+ $error = !update_option(BackupScheduler::BACKUP_SCHEDULE_ERROR_REPORT_OPTION, $sendBackupSchedulesErrorReport);
153
+ if ($error) {
154
+ return false;
155
+ }
156
+
157
+ return update_option(BackupScheduler::BACKUP_SCHEDULE_REPORT_EMAIL_OPTION, $reportEmail);
158
+ }
159
+ }
Framework/SettingsServiceProvider.php ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ namespace WPStaging\Framework;
4
+
5
+ use WPStaging\Framework\Settings\Settings;
6
+ use WPStaging\Framework\DI\ServiceProvider;
7
+
8
+ class SettingsServiceProvider extends ServiceProvider
9
+ {
10
+ protected function registerClasses()
11
+ {
12
+ $this->container->singleton(Settings::class);
13
+ }
14
+
15
+ protected function addHooks()
16
+ {
17
+ add_action('admin_init', $this->container->callback(Settings::class, 'registerSettings'), 100, 1);
18
+ }
19
+ }
Framework/Utils/Sanitize.php ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ namespace WPStaging\Framework\Utils;
4
+
5
+ class Sanitize
6
+ {
7
+ public function sanitizeString($value)
8
+ {
9
+ return htmlspecialchars($value);
10
+ }
11
+
12
+ public function sanitizeInt($value)
13
+ {
14
+ return filter_var($value, FILTER_VALIDATE_INT);
15
+ }
16
+
17
+ public function sanitizeBool($value)
18
+ {
19
+ // FILTER_VALIDATE_BOOL is alias of FILTER_VALIDATE_BOOLEAN and was introduced in PHP 8.0 but php.net say that we use the BOOL variant,
20
+ // See if we should use like this or just use the BOOLEAN variant?
21
+ return filter_var($value, defined('FILTER_VALIDATE_BOOL') ? FILTER_VALIDATE_BOOL : FILTER_VALIDATE_BOOLEAN);
22
+ }
23
+
24
+ public function sanitizeEmail($value)
25
+ {
26
+ return filter_var($value, FILTER_VALIDATE_EMAIL);
27
+ }
28
+ }
constantsFree.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  // WP STAGING version number
4
  if (!defined('WPSTG_VERSION')) {
5
- define('WPSTG_VERSION', '2.9.17');
6
  }
7
 
8
  // Compatible up to WordPress Version
2
 
3
  // WP STAGING version number
4
  if (!defined('WPSTG_VERSION')) {
5
+ define('WPSTG_VERSION', '2.9.18');
6
  }
7
 
8
  // Compatible up to WordPress Version
opcacheBootstrap.php CHANGED
@@ -45,7 +45,7 @@ if (!$canInvalidate) {
45
  *
46
  * We use the "Version" from the headers of the main file of the plugin to compare.
47
  */
48
- $runtimeVersionDifferentFromBuildVersion = get_file_data($pluginFilePath, ['Version' => 'Version'])['Version'] !== '2.9.17';
49
  $lastCheckHappenedAfterInterval = current_time('timestamp') > (int)get_site_transient('wpstg.bootstrap.opcache.lastCleared') + 5 * MINUTE_IN_SECONDS;
50
 
51
  $shouldClearOpCache = apply_filters('wpstg.bootstrap.opcache.shouldClear', $runtimeVersionDifferentFromBuildVersion && $lastCheckHappenedAfterInterval);
45
  *
46
  * We use the "Version" from the headers of the main file of the plugin to compare.
47
  */
48
+ $runtimeVersionDifferentFromBuildVersion = get_file_data($pluginFilePath, ['Version' => 'Version'])['Version'] !== '2.9.18';
49
  $lastCheckHappenedAfterInterval = current_time('timestamp') > (int)get_site_transient('wpstg.bootstrap.opcache.lastCleared') + 5 * MINUTE_IN_SECONDS;
50
 
51
  $shouldClearOpCache = apply_filters('wpstg.bootstrap.opcache.shouldClear', $runtimeVersionDifferentFromBuildVersion && $lastCheckHappenedAfterInterval);
readme.txt CHANGED
@@ -9,7 +9,7 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
  Tags: backup, backup plugin, database backup, wordpress backup, migrate, backup wordpress, backups
10
  Requires at least: 3.6+
11
  Tested up to: 6.0
12
- Stable tag: 2.9.17
13
  Requires PHP: 5.6
14
 
15
  Backup & Duplicator Plugin - Clone, backup, move, duplicate & migrate websites to staging, backup, and development sites for authorized users only.
@@ -259,9 +259,12 @@ please open a [support request](https://wp-staging.com/support/ "Support Request
259
 
260
  == Changelog ==
261
 
 
 
 
262
  = 2.9.17 =
263
  * New: Support up to WordPress 6.0.1
264
- * Fix: Important update! Deselecting all tables does not lead to exclusion of tables as expected, but leads to selection of all tables. Thus all tables are copied and possibly overwritten instead of deselected. Applies to new cloning, UPDATE and RESET of a staging page. That can lead to data loss in the staging site. An update is strongly recommended!. #1814
265
  * Fix: Can not upload backup file to google drive if the google api returns incorrect value for available storage size (negative value). This sometimes happens for Google workspace accounts and does not affect all users. #1799
266
  * Fix: Plugin wps-hide-login could not be excluded during cloning process, preventing users from log in to the staging site #1812
267
 
@@ -538,8 +541,5 @@ WP STAGING Backup & Cloning | Full changelog:
538
 
539
  == Upgrade Notice ==
540
 
541
- = 2.9.17 =
542
- * New: Support up to WordPress 6.0.1
543
- * Fix: Important update! Deselecting all tables does not lead to exclusion of tables as expected, but leads to selection of all tables. Thus all tables are copied and possibly overwritten instead of deselected. Applies to new cloning, UPDATE and RESET of a staging page. That can lead to data loss in the staging site. An update is strongly recommended!. #1814
544
- * Fix: Can not upload backup file to google drive if the google api returns incorrect value for available storage size (negative value). This sometimes happens for Google workspace accounts and does not affect all users. #1799
545
- * Fix: Plugin wps-hide-login could not be excluded during cloning process, preventing users from log in to the staging site #1812
9
  Tags: backup, backup plugin, database backup, wordpress backup, migrate, backup wordpress, backups
10
  Requires at least: 3.6+
11
  Tested up to: 6.0
12
+ Stable tag: 2.9.18
13
  Requires PHP: 5.6
14
 
15
  Backup & Duplicator Plugin - Clone, backup, move, duplicate & migrate websites to staging, backup, and development sites for authorized users only.
259
 
260
  == Changelog ==
261
 
262
+ = 2.9.18 =
263
+ * Fix: Does not sanitise and escape some of its backup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks (XSS) even when the unfiltered_html capability is disallowed (for example in multisite setup) #1825
264
+
265
  = 2.9.17 =
266
  * New: Support up to WordPress 6.0.1
267
+ * Fix: Important update! Deselecting all tables does not lead to exclusion of tables as expected, but leads to selection of all tables. Thus all tables are copied and possibly overwritten instead of deselected. Applies to new cloning, UPDATE and RESET of a staging page. That can lead to data loss in the staging site. An update is strongly recommended! The problem appeared for the first time in version 4.2.8. #1814
268
  * Fix: Can not upload backup file to google drive if the google api returns incorrect value for available storage size (negative value). This sometimes happens for Google workspace accounts and does not affect all users. #1799
269
  * Fix: Plugin wps-hide-login could not be excluded during cloning process, preventing users from log in to the staging site #1812
270
 
541
 
542
  == Upgrade Notice ==
543
 
544
+ = 2.9.18 =
545
+ * Fix: Does not sanitise and escape some of its backup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks (XSS) even when the unfiltered_html capability is disallowed (for example in multisite setup) #1825
 
 
 
vendor_wpstg/autoload/src.php CHANGED
@@ -884,6 +884,8 @@ return array(
884
  'WPStaging\\Framework\\Exceptions\\IOException' => $baseDir . '/Framework/Exceptions/IOException.php',
885
  'WPStaging\\Framework\\Exceptions\\LabelOutOfBoundsException' => $baseDir . '/Framework/Exceptions/LabelOutOfBoundsException.php',
886
  'WPStaging\\Framework\\Exceptions\\WPStagingException' => $baseDir . '/Framework/Exceptions/WPStagingException.php',
 
 
887
  'WPStaging\\Framework\\Filesystem\\DebugLogReader' => $baseDir . '/Framework/Filesystem/DebugLogReader.php',
888
  'WPStaging\\Framework\\Filesystem\\DirectoryListing' => $baseDir . '/Framework/Filesystem/DirectoryListing.php',
889
  'WPStaging\\Framework\\Filesystem\\DiskWriteCheck' => $baseDir . '/Framework/Filesystem/DiskWriteCheck.php',
@@ -928,6 +930,8 @@ return array(
928
  'WPStaging\\Framework\\Security\\Auth' => $baseDir . '/Framework/Security/Auth.php',
929
  'WPStaging\\Framework\\Security\\Capabilities' => $baseDir . '/Framework/Security/Capabilities.php',
930
  'WPStaging\\Framework\\Security\\Nonce' => $baseDir . '/Framework/Security/Nonce.php',
 
 
931
  'WPStaging\\Framework\\SiteInfo' => $baseDir . '/Framework/SiteInfo.php',
932
  'WPStaging\\Framework\\Staging\\CloneOptions' => $baseDir . '/Framework/Staging/CloneOptions.php',
933
  'WPStaging\\Framework\\Staging\\FirstRun' => $baseDir . '/Framework/Staging/FirstRun.php',
@@ -954,6 +958,7 @@ return array(
954
  'WPStaging\\Framework\\Utils\\Cache\\BufferedCache' => $baseDir . '/Framework/Utils/Cache/BufferedCache.php',
955
  'WPStaging\\Framework\\Utils\\Cache\\Cache' => $baseDir . '/Framework/Utils/Cache/Cache.php',
956
  'WPStaging\\Framework\\Utils\\Math' => $baseDir . '/Framework/Utils/Math.php',
 
957
  'WPStaging\\Framework\\Utils\\SlashMode' => $baseDir . '/Framework/Utils/SlashMode.php',
958
  'WPStaging\\Framework\\Utils\\Strings' => $baseDir . '/Framework/Utils/Strings.php',
959
  'WPStaging\\Framework\\Utils\\ThirdParty\\Glob' => $baseDir . '/Framework/Utils/ThirdParty/Glob.php',
884
  'WPStaging\\Framework\\Exceptions\\IOException' => $baseDir . '/Framework/Exceptions/IOException.php',
885
  'WPStaging\\Framework\\Exceptions\\LabelOutOfBoundsException' => $baseDir . '/Framework/Exceptions/LabelOutOfBoundsException.php',
886
  'WPStaging\\Framework\\Exceptions\\WPStagingException' => $baseDir . '/Framework/Exceptions/WPStagingException.php',
887
+ 'WPStaging\\Framework\\Facades\\Facade' => $baseDir . '/Framework/Facades/Facade.php',
888
+ 'WPStaging\\Framework\\Facades\\Sanitize' => $baseDir . '/Framework/Facades/Sanitize.php',
889
  'WPStaging\\Framework\\Filesystem\\DebugLogReader' => $baseDir . '/Framework/Filesystem/DebugLogReader.php',
890
  'WPStaging\\Framework\\Filesystem\\DirectoryListing' => $baseDir . '/Framework/Filesystem/DirectoryListing.php',
891
  'WPStaging\\Framework\\Filesystem\\DiskWriteCheck' => $baseDir . '/Framework/Filesystem/DiskWriteCheck.php',
930
  'WPStaging\\Framework\\Security\\Auth' => $baseDir . '/Framework/Security/Auth.php',
931
  'WPStaging\\Framework\\Security\\Capabilities' => $baseDir . '/Framework/Security/Capabilities.php',
932
  'WPStaging\\Framework\\Security\\Nonce' => $baseDir . '/Framework/Security/Nonce.php',
933
+ 'WPStaging\\Framework\\SettingsServiceProvider' => $baseDir . '/Framework/SettingsServiceProvider.php',
934
+ 'WPStaging\\Framework\\Settings\\Settings' => $baseDir . '/Framework/Settings/Settings.php',
935
  'WPStaging\\Framework\\SiteInfo' => $baseDir . '/Framework/SiteInfo.php',
936
  'WPStaging\\Framework\\Staging\\CloneOptions' => $baseDir . '/Framework/Staging/CloneOptions.php',
937
  'WPStaging\\Framework\\Staging\\FirstRun' => $baseDir . '/Framework/Staging/FirstRun.php',
958
  'WPStaging\\Framework\\Utils\\Cache\\BufferedCache' => $baseDir . '/Framework/Utils/Cache/BufferedCache.php',
959
  'WPStaging\\Framework\\Utils\\Cache\\Cache' => $baseDir . '/Framework/Utils/Cache/Cache.php',
960
  'WPStaging\\Framework\\Utils\\Math' => $baseDir . '/Framework/Utils/Math.php',
961
+ 'WPStaging\\Framework\\Utils\\Sanitize' => $baseDir . '/Framework/Utils/Sanitize.php',
962
  'WPStaging\\Framework\\Utils\\SlashMode' => $baseDir . '/Framework/Utils/SlashMode.php',
963
  'WPStaging\\Framework\\Utils\\Strings' => $baseDir . '/Framework/Utils/Strings.php',
964
  'WPStaging\\Framework\\Utils\\ThirdParty\\Glob' => $baseDir . '/Framework/Utils/ThirdParty/Glob.php',
wp-staging.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Backup Duplicator & Migration - WP STAGING
5
  * Plugin URI: https://wordpress.org/plugins/wp-staging
6
  * Description: Backup & Duplicator Plugin - Clone, backup, move, duplicate & migrate websites to staging, backup, and development sites for authorized users only.
7
- * Version: 2.9.17
8
  * Requires at least: 3.6+
9
  * Requires PHP: 5.6
10
  * Author: WP-STAGING, WPStagingBackup
4
  * Plugin Name: Backup Duplicator & Migration - WP STAGING
5
  * Plugin URI: https://wordpress.org/plugins/wp-staging
6
  * Description: Backup & Duplicator Plugin - Clone, backup, move, duplicate & migrate websites to staging, backup, and development sites for authorized users only.
7
+ * Version: 2.9.18
8
  * Requires at least: 3.6+
9
  * Requires PHP: 5.6
10
  * Author: WP-STAGING, WPStagingBackup