The WP Remote WordPress Plugin - Version 2.7.9.1

Version Description

Download this release

Release Info

Developer jeramynirodha
Plugin Icon 128x128 The WP Remote WordPress Plugin
Version 2.7.9.1
Comparing to
See all releases

Code changes from version 2.7.9 to 2.7.9.1

Files changed (3) hide show
  1. plugin.php +310 -310
  2. readme.txt +246 -242
  3. wprp.api.php +722 -714
plugin.php CHANGED
@@ -1,310 +1,310 @@
1
- <?php
2
-
3
- /*
4
- Plugin Name: WP Remote
5
- Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>. <strong>Deactivate to clear your API Key.</strong>
6
- Version: 2.7.9
7
- Author: maekit
8
- Author URI: https://maek.it/
9
- */
10
-
11
- /* Copyright 2017 maekit (email : hello@maek.it)
12
-
13
- This program is free software; you can redistribute it and/or modify
14
- it under the terms of the GNU General Public License as published by
15
- the Free Software Foundation; either version 2 of the License, or
16
- (at your option) any later version.
17
-
18
- This program is distributed in the hope that it will be useful,
19
- but WITHOUT ANY WARRANTY; without even the implied warranty of
20
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21
- GNU General Public License for more details.
22
-
23
- You should have received a copy of the GNU General Public License
24
- along with this program; if not, write to the Free Software
25
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
- */
27
-
28
- define( 'WPRP_PLUGIN_SLUG', 'wpremote' );
29
- define( 'WPRP_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
30
-
31
- if ( ! defined( 'WPR_URL' ) )
32
- define( 'WPR_URL', 'https://wpremote.com/' );
33
-
34
- if ( ! defined( 'WPR_API_URL' ) )
35
- define( 'WPR_API_URL', 'https://wpremote.com/api/json/' );
36
-
37
- if ( ! defined( 'WPR_LANG_DIR' ) )
38
- define( 'WPR_LANG_DIR', apply_filters( 'wpr_filter_lang_dir', trailingslashit( WPRP_PLUGIN_PATH ) . trailingslashit( 'languages' ) ) );
39
-
40
- // Don't activate on anything less than PHP 5.2.4
41
- if ( version_compare( phpversion(), '5.2.4', '<' ) ) {
42
-
43
- require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
44
- deactivate_plugins( WPRP_PLUGIN_SLUG . '/plugin.php' );
45
-
46
- if ( isset( $_GET['action'] ) && ( $_GET['action'] == 'activate' || $_GET['action'] == 'error_scrape' ) )
47
- die( __( 'WP Remote requires PHP version 5.2.4 or greater.', 'wpremote' ) );
48
-
49
- }
50
-
51
- require_once( WPRP_PLUGIN_PATH . '/wprp.admin.php' );
52
- require_once( WPRP_PLUGIN_PATH . '/wprp.compatability.php' );
53
-
54
- if ( get_option( 'wprp_enable_log' ) )
55
- require_once( WPRP_PLUGIN_PATH . '/wprp.log.php' );
56
-
57
- // Backups require 3.1
58
- if ( version_compare( get_bloginfo( 'version' ), '3.1', '>=' ) ) {
59
-
60
- require_once( WPRP_PLUGIN_PATH . '/wprp.hm.backup.php' );
61
- require_once( WPRP_PLUGIN_PATH . '/wprp.backups.php' );
62
-
63
- }
64
-
65
- /**
66
- * Get a needed URL on the WP Remote site
67
- *
68
- * @param string $uri URI for the URL (optional)
69
- * @return string $url Fully-qualified URL to WP Remote
70
- */
71
- function wprp_get_wpr_url( $uri = '' ) {
72
-
73
- if ( empty( $uri ) )
74
- return WPR_URL;
75
-
76
- $url = rtrim( WPR_URL, '/' );
77
- $uri = trim( $uri, '/' );
78
- return $url . '/' . $uri . '/';
79
- }
80
-
81
- /**
82
- * Catch the API calls and load the API
83
- *
84
- * @return null
85
- */
86
- function wprp_catch_api_call() {
87
-
88
- if ( empty( $_POST['wpr_verify_key'] ) )
89
- return;
90
-
91
- require_once( WPRP_PLUGIN_PATH . '/wprp.integration.php' );
92
- require_once( WPRP_PLUGIN_PATH . '/wprp.plugins.php' );
93
- require_once( WPRP_PLUGIN_PATH . '/wprp.themes.php' );
94
- require_once( WPRP_PLUGIN_PATH . '/wprp.content.php' );
95
-
96
- require_once( WPRP_PLUGIN_PATH . '/wprp.api.php' );
97
-
98
- exit;
99
-
100
- }
101
- add_action( 'init', 'wprp_catch_api_call', 100 );
102
-
103
-
104
- /**
105
- * Check for a bat signal from the mothership
106
- *
107
- * @since 2.7.0
108
- */
109
- function wprp_check_bat_signal() {
110
-
111
- $bat_signal_key = 'wprp_bat_signal';
112
-
113
- if ( false === get_transient( $bat_signal_key ) ) {
114
-
115
- $bat_signal_url = trailingslashit( WPR_URL ) . 'bat-signal/';
116
- $response = wp_remote_get( $bat_signal_url );
117
- $response_body = wp_remote_retrieve_body( $response );
118
- if ( 'destroy the evidence!' == trim( $response_body ) )
119
- delete_option( 'wpr_api_key' );
120
-
121
- // One request per day
122
- set_transient( $bat_signal_key, 'the coast is clear', 60 * 60 * 24 );
123
- }
124
-
125
- }
126
- add_action( 'init', 'wprp_check_bat_signal' );
127
-
128
- /**
129
- * Get the stored WPR API key
130
- *
131
- * @return mixed
132
- */
133
- function wprp_get_api_keys() {
134
- $keys = apply_filters( 'wpr_api_keys', get_option( 'wpr_api_key' ) );
135
- if ( ! empty( $keys ) )
136
- return (array)$keys;
137
- else
138
- return array();
139
- }
140
-
141
- function wprp_plugin_update_check() {
142
-
143
- $plugin_data = get_plugin_data( __FILE__ );
144
-
145
- // define the plugin version
146
- define( 'WPRP_VERSION', $plugin_data['Version'] );
147
-
148
- // Fire the update action
149
- if ( WPRP_VERSION !== get_option( 'wprp_plugin_version' ) )
150
- wprp_update();
151
-
152
- }
153
- add_action( 'admin_init', 'wprp_plugin_update_check' );
154
-
155
- /**
156
- * Run any update code and update the current version in the db
157
- *
158
- * @access public
159
- * @return void
160
- */
161
- function wprp_update() {
162
-
163
- /**
164
- * Remove the old _wpremote_backups directory
165
- */
166
- $uploads_dir = wp_upload_dir();
167
-
168
- $old_wpremote_dir = trailingslashit( $uploads_dir['basedir'] ) . '_wpremote_backups';
169
-
170
- if ( file_exists( $old_wpremote_dir ) )
171
- WPRP_Backups::rmdir_recursive( $old_wpremote_dir );
172
-
173
- // If BackUpWordPress isn't installed then lets just delete the whole backups directory
174
- if ( ! defined( 'HMBKP_PLUGIN_PATH' ) && $path = get_option( 'hmbkp_path' ) ) {
175
-
176
- WPRP_Backups::rmdir_recursive( $path );
177
-
178
- delete_option( 'hmbkp_path' );
179
- delete_option( 'hmbkp_default_path' );
180
- delete_option( 'hmbkp_plugin_version' );
181
-
182
- }
183
-
184
- // Update the version stored in the db
185
- if ( get_option( 'wprp_plugin_version' ) !== WPRP_VERSION )
186
- update_option( 'wprp_plugin_version', WPRP_VERSION );
187
-
188
- }
189
-
190
- function _wprp_upgrade_core() {
191
-
192
- if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS )
193
- return new WP_Error( 'disallow-file-mods', __( "File modification is disabled with the DISALLOW_FILE_MODS constant.", 'wpremote' ) );
194
-
195
- include_once ( ABSPATH . 'wp-admin/includes/admin.php' );
196
- include_once ( ABSPATH . 'wp-admin/includes/upgrade.php' );
197
- include_once ( ABSPATH . 'wp-includes/update.php' );
198
- require_once ( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
199
- require_once WPRP_PLUGIN_PATH . 'inc/class-wprp-core-upgrader-skin.php';
200
-
201
- // check for filesystem access
202
- if ( ! _wpr_check_filesystem_access() )
203
- return new WP_Error( 'filesystem-not-writable', __( 'The filesystem is not writable with the supplied credentials', 'wpremote' ) );
204
-
205
- // force refresh
206
- wp_version_check();
207
-
208
- $updates = get_core_updates();
209
-
210
- if ( is_wp_error( $updates ) || ! $updates )
211
- return new WP_Error( 'no-update-available' );
212
-
213
- $update = reset( $updates );
214
-
215
- if ( ! $update )
216
- return new WP_Error( 'no-update-available' );
217
-
218
- $skin = new WPRP_Core_Upgrader_Skin();
219
-
220
- $upgrader = new Core_Upgrader( $skin );
221
- $result = $upgrader->upgrade($update);
222
-
223
- if ( is_wp_error( $result ) )
224
- return $result;
225
-
226
- global $wp_current_db_version, $wp_db_version;
227
-
228
- // we have to include version.php so $wp_db_version
229
- // will take the version of the updated version of wordpress
230
- require( ABSPATH . WPINC . '/version.php' );
231
-
232
- wp_upgrade();
233
-
234
- return true;
235
- }
236
-
237
- function _wpr_check_filesystem_access() {
238
-
239
- ob_start();
240
- $success = request_filesystem_credentials( '' );
241
- ob_end_clean();
242
-
243
- return (bool) $success;
244
- }
245
-
246
- function _wpr_set_filesystem_credentials( $credentials ) {
247
-
248
- if ( empty( $_POST['filesystem_details'] ) )
249
- return $credentials;
250
-
251
- $_credentials = array(
252
- 'username' => $_POST['filesystem_details']['credentials']['username'],
253
- 'password' => $_POST['filesystem_details']['credentials']['password'],
254
- 'hostname' => $_POST['filesystem_details']['credentials']['hostname'],
255
- 'connection_type' => $_POST['filesystem_details']['method']
256
- );
257
-
258
- // check whether the credentials can be used
259
- if ( ! WP_Filesystem( $_credentials ) ) {
260
- return $credentials;
261
- }
262
-
263
- return $_credentials;
264
- }
265
- add_filter( 'request_filesystem_credentials', '_wpr_set_filesystem_credentials' );
266
-
267
- /**
268
- *
269
- */
270
- function wprp_translations_init() {
271
-
272
- if ( is_admin() ) {
273
-
274
- /** Set unique textdomain string */
275
- $wprp_textdomain = 'wpremote';
276
-
277
- /** The 'plugin_locale' filter is also used by default in load_plugin_textdomain() */
278
- $plugin_locale = apply_filters( 'plugin_locale', get_locale(), $wprp_textdomain );
279
-
280
- /** Set filter for WordPress languages directory */
281
- $wprp_wp_lang_dir = apply_filters(
282
- 'wprp_filter_wp_lang_dir',
283
- trailingslashit( WP_LANG_DIR ) . trailingslashit( 'wp-remote' ) . $wprp_textdomain . '-' . $plugin_locale . '.mo'
284
- );
285
-
286
- /** Translations: First, look in WordPress' "languages" folder = custom & update-secure! */
287
- load_textdomain( $wprp_textdomain, $wprp_wp_lang_dir );
288
-
289
- /** Translations: Secondly, look in plugin's "languages" folder = default */
290
- load_plugin_textdomain( $wprp_textdomain, FALSE, WPR_LANG_DIR );
291
- }
292
- }
293
- add_action( 'plugins_loaded', 'wprp_translations_init' );
294
-
295
- /**
296
- * Format a WP User object into a better
297
- * object for the API
298
- */
299
- function wprp_format_user_obj( $user_obj ) {
300
- $new_user_obj = new stdClass;
301
-
302
- foreach( $user_obj->data as $key => $value ) {
303
- $new_user_obj->$key = $value;
304
- }
305
-
306
- $new_user_obj->roles = $user_obj->roles;
307
- $new_user_obj->caps = $user_obj->caps;
308
-
309
- return $new_user_obj;
310
- }
1
+ <?php
2
+
3
+ /*
4
+ Plugin Name: WP Remote
5
+ Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>. <strong>Deactivate to clear your API Key.</strong>
6
+ Version: 2.7.9.1
7
+ Author: maekit
8
+ Author URI: https://maek.it/
9
+ */
10
+
11
+ /* Copyright 2017 maekit (email : hello@maek.it)
12
+
13
+ This program is free software; you can redistribute it and/or modify
14
+ it under the terms of the GNU General Public License as published by
15
+ the Free Software Foundation; either version 2 of the License, or
16
+ (at your option) any later version.
17
+
18
+ This program is distributed in the hope that it will be useful,
19
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21
+ GNU General Public License for more details.
22
+
23
+ You should have received a copy of the GNU General Public License
24
+ along with this program; if not, write to the Free Software
25
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
+ */
27
+
28
+ define( 'WPRP_PLUGIN_SLUG', 'wpremote' );
29
+ define( 'WPRP_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
30
+
31
+ if ( ! defined( 'WPR_URL' ) )
32
+ define( 'WPR_URL', 'https://wpremote.com/' );
33
+
34
+ if ( ! defined( 'WPR_API_URL' ) )
35
+ define( 'WPR_API_URL', 'https://wpremote.com/api/json/' );
36
+
37
+ if ( ! defined( 'WPR_LANG_DIR' ) )
38
+ define( 'WPR_LANG_DIR', apply_filters( 'wpr_filter_lang_dir', trailingslashit( WPRP_PLUGIN_PATH ) . trailingslashit( 'languages' ) ) );
39
+
40
+ // Don't activate on anything less than PHP 5.2.4
41
+ if ( version_compare( phpversion(), '5.2.4', '<' ) ) {
42
+
43
+ require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
44
+ deactivate_plugins( WPRP_PLUGIN_SLUG . '/plugin.php' );
45
+
46
+ if ( isset( $_GET['action'] ) && ( $_GET['action'] == 'activate' || $_GET['action'] == 'error_scrape' ) )
47
+ die( __( 'WP Remote requires PHP version 5.2.4 or greater.', 'wpremote' ) );
48
+
49
+ }
50
+
51
+ require_once( WPRP_PLUGIN_PATH . '/wprp.admin.php' );
52
+ require_once( WPRP_PLUGIN_PATH . '/wprp.compatability.php' );
53
+
54
+ if ( get_option( 'wprp_enable_log' ) )
55
+ require_once( WPRP_PLUGIN_PATH . '/wprp.log.php' );
56
+
57
+ // Backups require 3.1
58
+ if ( version_compare( get_bloginfo( 'version' ), '3.1', '>=' ) ) {
59
+
60
+ require_once( WPRP_PLUGIN_PATH . '/wprp.hm.backup.php' );
61
+ require_once( WPRP_PLUGIN_PATH . '/wprp.backups.php' );
62
+
63
+ }
64
+
65
+ /**
66
+ * Get a needed URL on the WP Remote site
67
+ *
68
+ * @param string $uri URI for the URL (optional)
69
+ * @return string $url Fully-qualified URL to WP Remote
70
+ */
71
+ function wprp_get_wpr_url( $uri = '' ) {
72
+
73
+ if ( empty( $uri ) )
74
+ return WPR_URL;
75
+
76
+ $url = rtrim( WPR_URL, '/' );
77
+ $uri = trim( $uri, '/' );
78
+ return $url . '/' . $uri . '/';
79
+ }
80
+
81
+ /**
82
+ * Catch the API calls and load the API
83
+ *
84
+ * @return null
85
+ */
86
+ function wprp_catch_api_call() {
87
+
88
+ if ( empty( $_POST['wpr_verify_key'] ) )
89
+ return;
90
+
91
+ require_once( WPRP_PLUGIN_PATH . '/wprp.integration.php' );
92
+ require_once( WPRP_PLUGIN_PATH . '/wprp.plugins.php' );
93
+ require_once( WPRP_PLUGIN_PATH . '/wprp.themes.php' );
94
+ require_once( WPRP_PLUGIN_PATH . '/wprp.content.php' );
95
+
96
+ require_once( WPRP_PLUGIN_PATH . '/wprp.api.php' );
97
+
98
+ exit;
99
+
100
+ }
101
+ add_action( 'init', 'wprp_catch_api_call', 100 );
102
+
103
+
104
+ /**
105
+ * Check for a bat signal from the mothership
106
+ *
107
+ * @since 2.7.0
108
+ */
109
+ function wprp_check_bat_signal() {
110
+
111
+ $bat_signal_key = 'wprp_bat_signal';
112
+
113
+ if ( false === get_transient( $bat_signal_key ) ) {
114
+
115
+ $bat_signal_url = trailingslashit( WPR_URL ) . 'bat-signal/';
116
+ $response = wp_remote_get( $bat_signal_url );
117
+ $response_body = wp_remote_retrieve_body( $response );
118
+ if ( 'destroy the evidence!' == trim( $response_body ) )
119
+ delete_option( 'wpr_api_key' );
120
+
121
+ // One request per day
122
+ set_transient( $bat_signal_key, 'the coast is clear', 60 * 60 * 24 );
123
+ }
124
+
125
+ }
126
+ add_action( 'init', 'wprp_check_bat_signal' );
127
+
128
+ /**
129
+ * Get the stored WPR API key
130
+ *
131
+ * @return mixed
132
+ */
133
+ function wprp_get_api_keys() {
134
+ $keys = apply_filters( 'wpr_api_keys', get_option( 'wpr_api_key' ) );
135
+ if ( ! empty( $keys ) )
136
+ return (array)$keys;
137
+ else
138
+ return array();
139
+ }
140
+
141
+ function wprp_plugin_update_check() {
142
+
143
+ $plugin_data = get_plugin_data( __FILE__ );
144
+
145
+ // define the plugin version
146
+ define( 'WPRP_VERSION', $plugin_data['Version'] );
147
+
148
+ // Fire the update action
149
+ if ( WPRP_VERSION !== get_option( 'wprp_plugin_version' ) )
150
+ wprp_update();
151
+
152
+ }
153
+ add_action( 'admin_init', 'wprp_plugin_update_check' );
154
+
155
+ /**
156
+ * Run any update code and update the current version in the db
157
+ *
158
+ * @access public
159
+ * @return void
160
+ */
161
+ function wprp_update() {
162
+
163
+ /**
164
+ * Remove the old _wpremote_backups directory
165
+ */
166
+ $uploads_dir = wp_upload_dir();
167
+
168
+ $old_wpremote_dir = trailingslashit( $uploads_dir['basedir'] ) . '_wpremote_backups';
169
+
170
+ if ( file_exists( $old_wpremote_dir ) )
171
+ WPRP_Backups::rmdir_recursive( $old_wpremote_dir );
172
+
173
+ // If BackUpWordPress isn't installed then lets just delete the whole backups directory
174
+ if ( ! defined( 'HMBKP_PLUGIN_PATH' ) && $path = get_option( 'hmbkp_path' ) ) {
175
+
176
+ WPRP_Backups::rmdir_recursive( $path );
177
+
178
+ delete_option( 'hmbkp_path' );
179
+ delete_option( 'hmbkp_default_path' );
180
+ delete_option( 'hmbkp_plugin_version' );
181
+
182
+ }
183
+
184
+ // Update the version stored in the db
185
+ if ( get_option( 'wprp_plugin_version' ) !== WPRP_VERSION )
186
+ update_option( 'wprp_plugin_version', WPRP_VERSION );
187
+
188
+ }
189
+
190
+ function _wprp_upgrade_core() {
191
+
192
+ if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS )
193
+ return new WP_Error( 'disallow-file-mods', __( "File modification is disabled with the DISALLOW_FILE_MODS constant.", 'wpremote' ) );
194
+
195
+ include_once ( ABSPATH . 'wp-admin/includes/admin.php' );
196
+ include_once ( ABSPATH . 'wp-admin/includes/upgrade.php' );
197
+ include_once ( ABSPATH . 'wp-includes/update.php' );
198
+ require_once ( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
199
+ require_once WPRP_PLUGIN_PATH . 'inc/class-wprp-core-upgrader-skin.php';
200
+
201
+ // check for filesystem access
202
+ if ( ! _wpr_check_filesystem_access() )
203
+ return new WP_Error( 'filesystem-not-writable', __( 'The filesystem is not writable with the supplied credentials', 'wpremote' ) );
204
+
205
+ // force refresh
206
+ wp_version_check();
207
+
208
+ $updates = get_core_updates();
209
+
210
+ if ( is_wp_error( $updates ) || ! $updates )
211
+ return new WP_Error( 'no-update-available' );
212
+
213
+ $update = reset( $updates );
214
+
215
+ if ( ! $update )
216
+ return new WP_Error( 'no-update-available' );
217
+
218
+ $skin = new WPRP_Core_Upgrader_Skin();
219
+
220
+ $upgrader = new Core_Upgrader( $skin );
221
+ $result = $upgrader->upgrade($update);
222
+
223
+ if ( is_wp_error( $result ) )
224
+ return $result;
225
+
226
+ global $wp_current_db_version, $wp_db_version;
227
+
228
+ // we have to include version.php so $wp_db_version
229
+ // will take the version of the updated version of wordpress
230
+ require( ABSPATH . WPINC . '/version.php' );
231
+
232
+ wp_upgrade();
233
+
234
+ return true;
235
+ }
236
+
237
+ function _wpr_check_filesystem_access() {
238
+
239
+ ob_start();
240
+ $success = request_filesystem_credentials( '' );
241
+ ob_end_clean();
242
+
243
+ return (bool) $success;
244
+ }
245
+
246
+ function _wpr_set_filesystem_credentials( $credentials ) {
247
+
248
+ if ( empty( $_POST['filesystem_details'] ) )
249
+ return $credentials;
250
+
251
+ $_credentials = array(
252
+ 'username' => $_POST['filesystem_details']['credentials']['username'],
253
+ 'password' => $_POST['filesystem_details']['credentials']['password'],
254
+ 'hostname' => $_POST['filesystem_details']['credentials']['hostname'],
255
+ 'connection_type' => $_POST['filesystem_details']['method']
256
+ );
257
+
258
+ // check whether the credentials can be used
259
+ if ( ! WP_Filesystem( $_credentials ) ) {
260
+ return $credentials;
261
+ }
262
+
263
+ return $_credentials;
264
+ }
265
+ add_filter( 'request_filesystem_credentials', '_wpr_set_filesystem_credentials' );
266
+
267
+ /**
268
+ *
269
+ */
270
+ function wprp_translations_init() {
271
+
272
+ if ( is_admin() ) {
273
+
274
+ /** Set unique textdomain string */
275
+ $wprp_textdomain = 'wpremote';
276
+
277
+ /** The 'plugin_locale' filter is also used by default in load_plugin_textdomain() */
278
+ $plugin_locale = apply_filters( 'plugin_locale', get_locale(), $wprp_textdomain );
279
+
280
+ /** Set filter for WordPress languages directory */
281
+ $wprp_wp_lang_dir = apply_filters(
282
+ 'wprp_filter_wp_lang_dir',
283
+ trailingslashit( WP_LANG_DIR ) . trailingslashit( 'wp-remote' ) . $wprp_textdomain . '-' . $plugin_locale . '.mo'
284
+ );
285
+
286
+ /** Translations: First, look in WordPress' "languages" folder = custom & update-secure! */
287
+ load_textdomain( $wprp_textdomain, $wprp_wp_lang_dir );
288
+
289
+ /** Translations: Secondly, look in plugin's "languages" folder = default */
290
+ load_plugin_textdomain( $wprp_textdomain, FALSE, WPR_LANG_DIR );
291
+ }
292
+ }
293
+ add_action( 'plugins_loaded', 'wprp_translations_init' );
294
+
295
+ /**
296
+ * Format a WP User object into a better
297
+ * object for the API
298
+ */
299
+ function wprp_format_user_obj( $user_obj ) {
300
+ $new_user_obj = new stdClass;
301
+
302
+ foreach( $user_obj->data as $key => $value ) {
303
+ $new_user_obj->$key = $value;
304
+ }
305
+
306
+ $new_user_obj->roles = $user_obj->roles;
307
+ $new_user_obj->caps = $user_obj->caps;
308
+
309
+ return $new_user_obj;
310
+ }
readme.txt CHANGED
@@ -1,242 +1,246 @@
1
- === The WP Remote WordPress Plugin ===
2
- Contributors: jeramynirodha, bmett, humanmade, willmot, joehoyle, danielbachhuber, mattheu, pauldewouters, cuvelier, tcrsavage
3
- Tags: wpremote, remote administration, multiple wordpress
4
- Requires at least: 3.0
5
- Tested up to: 4.8.1
6
- Stable tag: 2.7.9
7
-
8
- WP Remote is a free web app that enables you to easily manage all of your WordPress powered sites from one place.
9
-
10
- == Description ==
11
-
12
- The WP Remote WordPress Plugin works with [WP Remote](https://wpremote.com/) to enable you to remotely manage all your WordPress sites.
13
-
14
- = Features =
15
-
16
- * Track all your WordPress sites from one place.
17
- * Track the WordPress version each site is running and easily update.
18
- * Track all your plugins and themes and 1 click update them.
19
- * Free to monitor and update an unlimited number of sites.
20
- * Back up your database and files.
21
-
22
- = Support =
23
-
24
- You can email us at support@wpremote.com for support.
25
-
26
- == Installation ==
27
-
28
- 1. Install The WP Remote WordPress Plugin either via the WordPress.org plugin directory, or by uploading the files to your server.
29
- 2. Activate the plugin.
30
- 3. Sign up for an account at wpremote.com and add your site.
31
-
32
- == Frequently Asked Questions ==
33
-
34
- ** I've forgotten my password **
35
- Use the “I’ve forgotten my password” link on the log-in screen to generate an email with a link to reset your password.
36
-
37
- https://wpremote.com/login/lost-password/
38
-
39
- ** How do I fix the “Does not appear to be a valid URL” message? **
40
-
41
- 1. If the domain name has been typed incorrectly:
42
- The easiest way to ensure you have the correct domain name is to open your site in a different browser window and then copy and paste the site address.
43
-
44
- 2. If you have made recent changes to your DNS/Nameservers records:
45
- If this is the case then just give it a little more time and try again later.
46
-
47
- **Where does WP Remote store the Automatic Backup files?**
48
-
49
- Backups are stored on Amazon S3 using AES-256 Server Side Encryption.
50
-
51
- **What if I want to back up my site to another destination?**
52
-
53
- You can also store your backups on your own Amazon S3, Dropbox or you can upload backups to your own server via FTP or SFTP.
54
-
55
- **How do I restore my site from a backup?**
56
-
57
- WP Remote does not provide an automated way to restore your site. We recommend downloading a copy of your backup, unzipping it and then uploading to your site's server via FTP/SSH. Database importing can be done via your PHPMyAdmin interface or a similar tool - Your database backup can be found in the root folder of your downloaded backup zip.
58
-
59
- **Further Support & Feedback**
60
-
61
- General support questions should be posted in the <a href="http://wordpress.org/support/plugin/wpremote">WordPress support forums.</a>
62
-
63
- For development issues, feature requests or anybody wishing to help out with development checkout <a href="https://github.com/humanmade/backupwordpress/">BackUpWordPress on GitHub.</a>
64
-
65
- You can email us at support@wpremote.com for support.
66
-
67
- == Screenshots ==
68
-
69
- 1. The WP Remote dashboard at wpremote.com
70
- 2. See all of the plugins and themes needing update across all Sites in one view.
71
- 3. Download nightly Automatic Backups (Premium feature).
72
-
73
- == Changelog ==
74
-
75
- #### 2.7.9 (22 August 2017)
76
-
77
- * Query DB to find an admin user to run updates
78
-
79
- #### 2.7.8 (20 July 2017)
80
-
81
- * Replaced mysql class and functions with mysqli
82
-
83
- #### 2.7.7 (20 April 2017)
84
-
85
- * Fixed fatal error with backup location
86
-
87
- #### 2.7.6 (18 Sept 2014)
88
-
89
- * Fixed issue with plugins not being reactivated when updated on an MU WordPress install
90
- * Fixed issue with child themes reporting an available update whenever the parent theme has an available update
91
-
92
- #### 2.7.5 (10 Sept 2014)
93
-
94
- * Fixed WordPress 4.0 issues with json_encode of a WP_Error object which would result in malformed responses from the WP_Remote WordPress plugin
95
- * Added FAQ to readme
96
- * Updated incompatible plugins list
97
-
98
- #### 2.7.3 (12 May 2014)
99
-
100
- * Added the ability to return basic content information for the site - post count, user count, plugin count etc.
101
- * Updated contribution guidelines
102
-
103
- #### 2.7.2 (22 January 2014)
104
-
105
- * Misc improvements to the accuracy of the backup restart mechanism.
106
- * Inline styles to insure the API key prompt always appears, even if a theme or plugin may hide admin notices.
107
-
108
- #### 2.7.1 (23 December 2013)
109
-
110
- * Bug fix: Restore plugin and theme installation mechanism.
111
- * Bug fix: On some hosts where `getmypid()` wasn't permitted, the backup process would be prematurely reported as killed.
112
-
113
- #### 2.7.0 (19 November 2013)
114
-
115
- * Improved durability of backups where the backup process can take more than 90 seconds.
116
- * New API support for posts, comments, and fixed support for users (oops).
117
- * Reporting and update integration with premium plugins that support ManageWP's API implementation.
118
- * Plugin, theme, and core updates now respect the `DISALLOW_FILE_MODS` constant.
119
-
120
- #### 2.6.7 (27 October 2013)
121
-
122
- * API improvement: specify database- and file-only backups
123
- * Bug fix: Make the backup download URL accessible on Apache servers again. The protective .htaccess was being generated with the wrong key.
124
-
125
- #### 2.6.6 (23 October 2013)
126
-
127
- * Bug fix: Due to some files moving around, WP Remote wasn't able to properly update the current version of the plugin.
128
-
129
- #### 2.6.5 (23 October 2013)
130
-
131
- * Incorporated a more reliable plugin re-activation process after update.
132
- * Bug fix: Properly delete backup folders for failed backups. Users may want to look inside of `/wp-content/` for any folders named as `*-backups`. If they were created by WP Remote, they can be safely deleted.
133
- * Bug fix: Log the proper fields in history when a new user is created.
134
-
135
- #### 2.6.4 (2 October 2013)
136
-
137
- * Misc API improvements for Premium.
138
- * Bug fix: Disable all premium plugin and theme updates. Causing fatals too often.
139
- * Bug fix: Restore FTP-based core, theme, and plugin updates by properly accessing the passed credentials.
140
-
141
- #### 2.6.3 (10 September 2013)
142
-
143
- * Bug fix: Disabled updating BackupBuddy through WP Remote for BackupBuddy v4.1.1 and greater. BackupBuddy changed its custom update mechanism (as it's a premium plugin), which caused the WP Remote plugin not to function properly.
144
-
145
- #### 2.6.2 (2 September 2013)
146
-
147
- * Bug fix: Reactivating plugin after plugin upgrade.
148
-
149
- #### 2.6.1 (26 August 2013)
150
-
151
- * Add multiple API keys to your WP Remote plugin with a `wpr_api_keys` filter if you'd like to use more than WP Remote account with the site.
152
- * Plugin now supports localization. Please feel free to [submit your translation](http://translate.hmn.md/projects).
153
- * Update `HM Backup` to v2.3
154
- * Bug fix: Properly handle timestamp values in database backups.
155
- * Bug fix: Use super randomized backup directories.
156
-
157
- #### 2.6
158
-
159
- * Change to using better hmac style authentication
160
- * Fix error for sites running =< WordPress 3.1
161
-
162
- #### 2.5
163
-
164
- * Remove BackUpWordPress, backups are now handled by the `HM Backup` class.
165
- * BackUpWordPress can now be used alongside WP Remote without issues.
166
- * Exclude `.git` and `.svn` folders from backups automatically.
167
-
168
- #### 2.4.12 & 2.4.13
169
-
170
- * Upgrade bundled BackUpWordPress to 2.1.3.
171
- * Fix an issue with Download Site on Apache servers.
172
- * Set the correct location for the BackUpWordPress language files.
173
-
174
- #### 2.4.10 + 2.4.11
175
-
176
- * Plugin release shenaningans.
177
-
178
- #### 2.4.9
179
-
180
- * Pull in latest BackUpWordPress which fixes a possible Fatal error caused by `url_shorten` being called outside the admin.
181
-
182
- #### 2.4.8
183
-
184
- * Pull in latest BackUpWordPress which fixes a possible Fatal error caused by misc.php being included to early.
185
-
186
- #### 2.4.7
187
-
188
- * Update to BackUpWordPress 2.1
189
- * Fix an issue that could cause backups to be run when they shouldn't have.
190
- * Only hide the backups menu item if the site doesn't have any non wpremote schedules.
191
- * Hide all BackUpWordPress admin notices.
192
- * Fix the button styles for the save API Key button in WordPress 3.5
193
- * Fix a possible warning in the WP_Filesystem integration, props @tillkruess (github).
194
- * Support for updating the Pagelines premium theme, props @tillkruess (github)
195
-
196
- #### 2.4.6
197
-
198
- * Support for updating the BackupBuddy premium plugin, props @tillkruess (github)
199
-
200
- #### 2.4.1 - 2.4.5
201
-
202
- * Minor bug fixes
203
-
204
- #### 2.4
205
-
206
- * Backups are now powered by BackUpWordPress.
207
- * The BackUpWordPress Plugin can no longer be run alongside WP Remote.
208
- * Show a message if a security plugin is active which could affect WP Remote.
209
- * Emphasise that you can deactivate the plugin to clear your API key.
210
-
211
- #### 2.3.1
212
-
213
- * PHP 5.2.4 compat.
214
-
215
- #### 2.3
216
-
217
- * WP_Filesystem support for servers which don't allow PHP direct filesystem access.
218
- * Support for monitoring and updating Gravity Forms.
219
-
220
- #### 2.2.5
221
-
222
- * Implemented API call for Core updates
223
-
224
- #### 2.2.4
225
-
226
- * Fixed excludes for backups directories
227
- * Started on remote core upgrades
228
- * Fix memory limit in WP 3.1
229
-
230
- #### 2.2.3
231
-
232
- * Use WPR_HM_Backup instead of HM_Backup (fixes compatibilty with backupwordpress)
233
-
234
- #### 2.2
235
-
236
- * Start keeping a changelog of plugin changes
237
- * Pass home_url, site_url and admin_url to WP Remote instead of guessing at them, fixes issues with the urls being wrong for non-standard WordPress installs
238
- * Better error message when you have the wrong API key entered.
239
-
240
- ## Contribution guidelines ##
241
-
242
- see https://github.com/humanmade/WP-Remote-WordPress-Plugin/blob/master/CONTRIBUTING.md
 
 
 
 
1
+ === The WP Remote WordPress Plugin ===
2
+ Contributors: jeramynirodha, bmett, humanmade, willmot, joehoyle, danielbachhuber, mattheu, pauldewouters, cuvelier, tcrsavage
3
+ Tags: wpremote, remote administration, multiple wordpress
4
+ Requires at least: 3.0
5
+ Tested up to: 4.8.1
6
+ Stable tag: 2.7.9.1
7
+
8
+ WP Remote is a free web app that enables you to easily manage all of your WordPress powered sites from one place.
9
+
10
+ == Description ==
11
+
12
+ The WP Remote WordPress Plugin works with [WP Remote](https://wpremote.com/) to enable you to remotely manage all your WordPress sites.
13
+
14
+ = Features =
15
+
16
+ * Track all your WordPress sites from one place.
17
+ * Track the WordPress version each site is running and easily update.
18
+ * Track all your plugins and themes and 1 click update them.
19
+ * Free to monitor and update an unlimited number of sites.
20
+ * Back up your database and files.
21
+
22
+ = Support =
23
+
24
+ You can email us at support@wpremote.com for support.
25
+
26
+ == Installation ==
27
+
28
+ 1. Install The WP Remote WordPress Plugin either via the WordPress.org plugin directory, or by uploading the files to your server.
29
+ 2. Activate the plugin.
30
+ 3. Sign up for an account at wpremote.com and add your site.
31
+
32
+ == Frequently Asked Questions ==
33
+
34
+ ** I've forgotten my password **
35
+ Use the “I’ve forgotten my password” link on the log-in screen to generate an email with a link to reset your password.
36
+
37
+ https://wpremote.com/login/lost-password/
38
+
39
+ ** How do I fix the “Does not appear to be a valid URL” message? **
40
+
41
+ 1. If the domain name has been typed incorrectly:
42
+ The easiest way to ensure you have the correct domain name is to open your site in a different browser window and then copy and paste the site address.
43
+
44
+ 2. If you have made recent changes to your DNS/Nameservers records:
45
+ If this is the case then just give it a little more time and try again later.
46
+
47
+ **Where does WP Remote store the Automatic Backup files?**
48
+
49
+ Backups are stored on Amazon S3 using AES-256 Server Side Encryption.
50
+
51
+ **What if I want to back up my site to another destination?**
52
+
53
+ You can also store your backups on your own Amazon S3, Dropbox or you can upload backups to your own server via FTP or SFTP.
54
+
55
+ **How do I restore my site from a backup?**
56
+
57
+ WP Remote does not provide an automated way to restore your site. We recommend downloading a copy of your backup, unzipping it and then uploading to your site's server via FTP/SSH. Database importing can be done via your PHPMyAdmin interface or a similar tool - Your database backup can be found in the root folder of your downloaded backup zip.
58
+
59
+ **Further Support & Feedback**
60
+
61
+ General support questions should be posted in the <a href="http://wordpress.org/support/plugin/wpremote">WordPress support forums.</a>
62
+
63
+ For development issues, feature requests or anybody wishing to help out with development checkout <a href="https://github.com/humanmade/backupwordpress/">BackUpWordPress on GitHub.</a>
64
+
65
+ You can email us at support@wpremote.com for support.
66
+
67
+ == Screenshots ==
68
+
69
+ 1. The WP Remote dashboard at wpremote.com
70
+ 2. See all of the plugins and themes needing update across all Sites in one view.
71
+ 3. Download nightly Automatic Backups (Premium feature).
72
+
73
+ == Changelog ==
74
+
75
+ #### 2.7.9.1 (22 August 2017)
76
+
77
+ * Add Fallback method for when current user isn't found
78
+
79
+ #### 2.7.9 (22 August 2017)
80
+
81
+ * Query DB to find an admin user to run updates
82
+
83
+ #### 2.7.8 (20 July 2017)
84
+
85
+ * Replaced mysql class and functions with mysqli
86
+
87
+ #### 2.7.7 (20 April 2017)
88
+
89
+ * Fixed fatal error with backup location
90
+
91
+ #### 2.7.6 (18 Sept 2014)
92
+
93
+ * Fixed issue with plugins not being reactivated when updated on an MU WordPress install
94
+ * Fixed issue with child themes reporting an available update whenever the parent theme has an available update
95
+
96
+ #### 2.7.5 (10 Sept 2014)
97
+
98
+ * Fixed WordPress 4.0 issues with json_encode of a WP_Error object which would result in malformed responses from the WP_Remote WordPress plugin
99
+ * Added FAQ to readme
100
+ * Updated incompatible plugins list
101
+
102
+ #### 2.7.3 (12 May 2014)
103
+
104
+ * Added the ability to return basic content information for the site - post count, user count, plugin count etc.
105
+ * Updated contribution guidelines
106
+
107
+ #### 2.7.2 (22 January 2014)
108
+
109
+ * Misc improvements to the accuracy of the backup restart mechanism.
110
+ * Inline styles to insure the API key prompt always appears, even if a theme or plugin may hide admin notices.
111
+
112
+ #### 2.7.1 (23 December 2013)
113
+
114
+ * Bug fix: Restore plugin and theme installation mechanism.
115
+ * Bug fix: On some hosts where `getmypid()` wasn't permitted, the backup process would be prematurely reported as killed.
116
+
117
+ #### 2.7.0 (19 November 2013)
118
+
119
+ * Improved durability of backups where the backup process can take more than 90 seconds.
120
+ * New API support for posts, comments, and fixed support for users (oops).
121
+ * Reporting and update integration with premium plugins that support ManageWP's API implementation.
122
+ * Plugin, theme, and core updates now respect the `DISALLOW_FILE_MODS` constant.
123
+
124
+ #### 2.6.7 (27 October 2013)
125
+
126
+ * API improvement: specify database- and file-only backups
127
+ * Bug fix: Make the backup download URL accessible on Apache servers again. The protective .htaccess was being generated with the wrong key.
128
+
129
+ #### 2.6.6 (23 October 2013)
130
+
131
+ * Bug fix: Due to some files moving around, WP Remote wasn't able to properly update the current version of the plugin.
132
+
133
+ #### 2.6.5 (23 October 2013)
134
+
135
+ * Incorporated a more reliable plugin re-activation process after update.
136
+ * Bug fix: Properly delete backup folders for failed backups. Users may want to look inside of `/wp-content/` for any folders named as `*-backups`. If they were created by WP Remote, they can be safely deleted.
137
+ * Bug fix: Log the proper fields in history when a new user is created.
138
+
139
+ #### 2.6.4 (2 October 2013)
140
+
141
+ * Misc API improvements for Premium.
142
+ * Bug fix: Disable all premium plugin and theme updates. Causing fatals too often.
143
+ * Bug fix: Restore FTP-based core, theme, and plugin updates by properly accessing the passed credentials.
144
+
145
+ #### 2.6.3 (10 September 2013)
146
+
147
+ * Bug fix: Disabled updating BackupBuddy through WP Remote for BackupBuddy v4.1.1 and greater. BackupBuddy changed its custom update mechanism (as it's a premium plugin), which caused the WP Remote plugin not to function properly.
148
+
149
+ #### 2.6.2 (2 September 2013)
150
+
151
+ * Bug fix: Reactivating plugin after plugin upgrade.
152
+
153
+ #### 2.6.1 (26 August 2013)
154
+
155
+ * Add multiple API keys to your WP Remote plugin with a `wpr_api_keys` filter if you'd like to use more than WP Remote account with the site.
156
+ * Plugin now supports localization. Please feel free to [submit your translation](http://translate.hmn.md/projects).
157
+ * Update `HM Backup` to v2.3
158
+ * Bug fix: Properly handle timestamp values in database backups.
159
+ * Bug fix: Use super randomized backup directories.
160
+
161
+ #### 2.6
162
+
163
+ * Change to using better hmac style authentication
164
+ * Fix error for sites running =< WordPress 3.1
165
+
166
+ #### 2.5
167
+
168
+ * Remove BackUpWordPress, backups are now handled by the `HM Backup` class.
169
+ * BackUpWordPress can now be used alongside WP Remote without issues.
170
+ * Exclude `.git` and `.svn` folders from backups automatically.
171
+
172
+ #### 2.4.12 & 2.4.13
173
+
174
+ * Upgrade bundled BackUpWordPress to 2.1.3.
175
+ * Fix an issue with Download Site on Apache servers.
176
+ * Set the correct location for the BackUpWordPress language files.
177
+
178
+ #### 2.4.10 + 2.4.11
179
+
180
+ * Plugin release shenaningans.
181
+
182
+ #### 2.4.9
183
+
184
+ * Pull in latest BackUpWordPress which fixes a possible Fatal error caused by `url_shorten` being called outside the admin.
185
+
186
+ #### 2.4.8
187
+
188
+ * Pull in latest BackUpWordPress which fixes a possible Fatal error caused by misc.php being included to early.
189
+
190
+ #### 2.4.7
191
+
192
+ * Update to BackUpWordPress 2.1
193
+ * Fix an issue that could cause backups to be run when they shouldn't have.
194
+ * Only hide the backups menu item if the site doesn't have any non wpremote schedules.
195
+ * Hide all BackUpWordPress admin notices.
196
+ * Fix the button styles for the save API Key button in WordPress 3.5
197
+ * Fix a possible warning in the WP_Filesystem integration, props @tillkruess (github).
198
+ * Support for updating the Pagelines premium theme, props @tillkruess (github)
199
+
200
+ #### 2.4.6
201
+
202
+ * Support for updating the BackupBuddy premium plugin, props @tillkruess (github)
203
+
204
+ #### 2.4.1 - 2.4.5
205
+
206
+ * Minor bug fixes
207
+
208
+ #### 2.4
209
+
210
+ * Backups are now powered by BackUpWordPress.
211
+ * The BackUpWordPress Plugin can no longer be run alongside WP Remote.
212
+ * Show a message if a security plugin is active which could affect WP Remote.
213
+ * Emphasise that you can deactivate the plugin to clear your API key.
214
+
215
+ #### 2.3.1
216
+
217
+ * PHP 5.2.4 compat.
218
+
219
+ #### 2.3
220
+
221
+ * WP_Filesystem support for servers which don't allow PHP direct filesystem access.
222
+ * Support for monitoring and updating Gravity Forms.
223
+
224
+ #### 2.2.5
225
+
226
+ * Implemented API call for Core updates
227
+
228
+ #### 2.2.4
229
+
230
+ * Fixed excludes for backups directories
231
+ * Started on remote core upgrades
232
+ * Fix memory limit in WP 3.1
233
+
234
+ #### 2.2.3
235
+
236
+ * Use WPR_HM_Backup instead of HM_Backup (fixes compatibilty with backupwordpress)
237
+
238
+ #### 2.2
239
+
240
+ * Start keeping a changelog of plugin changes
241
+ * Pass home_url, site_url and admin_url to WP Remote instead of guessing at them, fixes issues with the urls being wrong for non-standard WordPress installs
242
+ * Better error message when you have the wrong API key entered.
243
+
244
+ ## Contribution guidelines ##
245
+
246
+ see https://github.com/humanmade/WP-Remote-WordPress-Plugin/blob/master/CONTRIBUTING.md
wprp.api.php CHANGED
@@ -1,714 +1,722 @@
1
- <?php
2
-
3
- class WPR_API_Request {
4
-
5
- static $actions = array();
6
- static $args = array();
7
-
8
- static function verify_request() {
9
-
10
- // Check the API Key
11
- if ( ! wprp_get_api_keys() ) {
12
-
13
- echo json_encode( 'blank-api-key' );
14
- exit;
15
-
16
- } elseif ( isset( $_POST['wpr_verify_key'] ) ) {
17
-
18
- $verify = $_POST['wpr_verify_key'];
19
- unset( $_POST['wpr_verify_key'] );
20
-
21
- $hash = self::generate_hashes( $_POST );
22
-
23
- if ( ! in_array( $verify, $hash, true ) ) {
24
- echo json_encode( 'bad-verify-key' );
25
- exit;
26
- }
27
-
28
- if ( (int) $_POST['timestamp'] > time() + 360 || (int) $_POST['timestamp'] < time() - 360 ) {
29
- echo json_encode( 'bad-timstamp' );
30
- exit;
31
- }
32
-
33
- self::$actions = $_POST['actions'];
34
- self::$args = $_POST;
35
-
36
-
37
- } else {
38
- exit;
39
- }
40
-
41
- return true;
42
-
43
- }
44
-
45
- static function generate_hashes( $vars ) {
46
-
47
- $api_key = wprp_get_api_keys();
48
- if ( ! $api_key )
49
- return array();
50
-
51
- $hashes = array();
52
- foreach( $api_key as $key ) {
53
- $hashes[] = hash_hmac( 'sha256', serialize( $vars ), $key );
54
- }
55
- return $hashes;
56
-
57
- }
58
-
59
- static function get_actions() {
60
- return self::$actions;
61
- }
62
-
63
- static function get_args() {
64
- return self::$args;
65
- }
66
-
67
- static function get_arg( $arg ) {
68
- return ( isset( self::$args[$arg] ) ) ? self::$args[$arg] : null;
69
- }
70
- }
71
-
72
- WPR_API_Request::verify_request();
73
-
74
- // disable logging for anythign done in API requests
75
- if ( class_exists( 'WPRP_Log' ) )
76
- WPRP_Log::get_instance()->disable_logging();
77
-
78
- // Disable error_reporting so they don't break the json request
79
- if ( ! defined( 'WP_DEBUG' ) || ! WP_DEBUG )
80
- error_reporting( 0 );
81
-
82
- // Temp hack so our requests to verify file size are signed.
83
- global $wprp_noauth_nonce;
84
- $wprp_noauth_nonce = wp_create_nonce( 'wprp_calculate_backup_size' );
85
-
86
- // Log in as admin
87
- $users_query = new WP_User_Query( array(
88
- 'role' => 'administrator',
89
- 'orderby' => 'ID'
90
- ) );
91
- foreach ($users_query->get_results() as $user) {
92
- if (!$user) continue;
93
- wp_set_current_user( $user->ID );
94
- break;
95
- }
96
-
97
- include_once ( ABSPATH . 'wp-admin/includes/admin.php' );
98
-
99
- $actions = array();
100
-
101
- foreach( WPR_API_Request::get_actions() as $action ) {
102
-
103
- // TODO Instead should just fire actions which we hook into.
104
- // TODO should namespace api methods?
105
- switch( $action ) {
106
-
107
- // TODO should be dynamic
108
- case 'get_plugin_version' :
109
-
110
- $actions[$action] = '1.1';
111
-
112
- break;
113
-
114
- case 'get_filesystem_method' :
115
-
116
- $actions[$action] = get_filesystem_method();
117
-
118
- break;
119
-
120
- case 'get_supported_filesystem_methods' :
121
-
122
- $actions[$action] = array();
123
-
124
- if ( extension_loaded( 'ftp' ) || extension_loaded( 'sockets' ) || function_exists( 'fsockopen' ) )
125
- $actions[$action][] = 'ftp';
126
-
127
- if ( extension_loaded( 'ftp' ) )
128
- $actions[$action][] = 'ftps';
129
-
130
- if ( extension_loaded( 'ssh2' ) && function_exists( 'stream_get_contents' ) )
131
- $actions[$action][] = 'ssh';
132
-
133
- break;
134
-
135
- case 'get_wp_version' :
136
-
137
- global $wp_version;
138
-
139
- $actions[$action] = (string) $wp_version;
140
-
141
- break;
142
-
143
- case 'get_constants':
144
-
145
- $constants = array();
146
- if ( is_array( WPR_API_Request::get_arg( 'constants' ) ) ) {
147
-
148
- foreach( WPR_API_Request::get_arg( 'constants' ) as $constant ) {
149
- if ( defined( $constant ) )
150
- $constants[$constant] = constant( $constant );
151
- else
152
- $constants[$constant] = null;
153
- }
154
-
155
- }
156
- $actions[$action] = $constants;
157
-
158
- break;
159
-
160
- case 'upgrade_core' :
161
-
162
- $actions[$action] = _wprp_upgrade_core();
163
-
164
- break;
165
-
166
- case 'get_plugins' :
167
-
168
- $actions[$action] = _wprp_get_plugins();
169
-
170
- break;
171
-
172
- case 'update_plugin' :
173
- case 'upgrade_plugin' :
174
-
175
- $api_args = array(
176
- 'zip_url' => esc_url_raw( WPR_API_Request::get_arg( 'zip_url' ) ),
177
- );
178
- $actions[$action] = _wprp_update_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ), $api_args );
179
-
180
- break;
181
-
182
- case 'install_plugin' :
183
-
184
- $api_args = array(
185
- 'version' => sanitize_text_field( WPR_API_Request::get_arg( 'version' ) ),
186
- );
187
- $actions[$action] = _wprp_install_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ), $api_args );
188
-
189
- break;
190
-
191
- case 'activate_plugin' :
192
-
193
- $actions[$action] = _wprp_activate_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
194
-
195
- break;
196
-
197
- case 'deactivate_plugin' :
198
-
199
- $actions[$action] = _wprp_deactivate_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
200
-
201
- break;
202
-
203
- case 'uninstall_plugin' :
204
-
205
- $actions[$action] = _wprp_uninstall_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
206
-
207
- break;
208
-
209
- case 'get_themes' :
210
-
211
- $actions[$action] = _wprp_get_themes();
212
-
213
- break;
214
-
215
- case 'install_theme':
216
-
217
- $api_args = array(
218
- 'version' => sanitize_text_field( WPR_API_Request::get_arg( 'version' ) ),
219
- );
220
- $actions[$action] = _wprp_install_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ), $api_args );
221
-
222
- break;
223
-
224
- case 'activate_theme':
225
-
226
- $actions[$action] = _wprp_activate_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
227
-
228
- break;
229
-
230
- case 'update_theme' :
231
- case 'upgrade_theme' : // 'upgrade' is deprecated
232
-
233
- $actions[$action] = _wprp_update_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
234
-
235
- break;
236
-
237
- case 'delete_theme':
238
-
239
- $actions[$action] = _wprp_delete_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
240
-
241
- break;
242
-
243
- case 'do_backup' :
244
-
245
- if ( in_array( WPR_API_Request::get_arg( 'backup_type' ), array( 'complete', 'database', 'file' ) ) )
246
- WPRP_Backups::get_instance()->set_type( WPR_API_Request::get_arg( 'backup_type' ) );
247
-
248
- if ( WPR_API_Request::get_arg( 'backup_approach' ) && 'file_manifest' == WPR_API_Request::get_arg( 'backup_approach' ) )
249
- WPRP_Backups::get_instance()->set_is_using_file_manifest( true );
250
-
251
- $actions[$action] = WPRP_Backups::get_instance()->do_backup();
252
-
253
- break;
254
-
255
- case 'get_backup' :
256
-
257
- $actions[$action] = WPRP_Backups::get_instance()->get_backup();
258
-
259
- break;
260
-
261
- case 'delete_backup' :
262
-
263
- $actions[$action] = WPRP_Backups::get_instance()->cleanup();
264
-
265
- break;
266
-
267
- case 'backup_heartbeat' :
268
-
269
- WPRP_Backups::get_instance()->set_is_using_file_manifest( true );
270
-
271
- if ( in_array( WPR_API_Request::get_arg( 'backup_type' ), array( 'complete', 'database', 'file' ) ) )
272
- WPRP_Backups::get_instance()->set_type( WPR_API_Request::get_arg( 'backup_type' ) );
273
-
274
- $actions[$action] = WPRP_Backups::get_instance()->backup_heartbeat();
275
-
276
- break;
277
-
278
- case 'supports_backups' :
279
-
280
- $actions[$action] = true;
281
-
282
- break;
283
-
284
- case 'get_site_info' :
285
-
286
- $actions[$action] = array(
287
- 'site_url' => get_site_url(),
288
- 'home_url' => get_home_url(),
289
- 'admin_url' => get_admin_url(),
290
- 'backups' => function_exists( '_wprp_get_backups_info' ) ? _wprp_get_backups_info() : array(),
291
- 'web_host' => _wprp_integration_get_web_host(),
292
- 'summary' => _wprp_get_content_summary(),
293
- );
294
-
295
- break;
296
-
297
- case 'get_option':
298
-
299
- $actions[$action] = get_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ) );
300
-
301
- break;
302
-
303
- case 'update_option':
304
-
305
- $actions[$action] = update_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ), WPR_API_Request::get_arg( 'option_value' ) );
306
-
307
- break;
308
-
309
- case 'delete_option':
310
-
311
- $actions[$action] = delete_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ) );
312
-
313
- break;
314
-
315
- case 'get_posts':
316
-
317
- $arg_keys = array(
318
- /** Author **/
319
- 'author',
320
- 'author_name',
321
- 'author__in',
322
- 'author__not_in',
323
-
324
- /** Category **/
325
- 'cat',
326
- 'category_name',
327
- 'category__and',
328
- 'category__in',
329
- 'category__not_in',
330
-
331
- /** Tag **/
332
- 'tag',
333
- 'tag_id',
334
- 'tag__and',
335
- 'tag__in',
336
- 'tag__not_in',
337
- 'tag_slug__and',
338
- 'tag_slug__in',
339
-
340
- /** Search **/
341
- 's',
342
-
343
- /** Post Attributes **/
344
- 'name',
345
- 'pagename',
346
- 'post_parent',
347
- 'post_parent__in',
348
- 'post_parent__not_in',
349
- 'post__in',
350
- 'post__not_in',
351
- 'post_status',
352
- 'post_type',
353
-
354
- /** Order / Pagination / Etc. **/
355
- 'order',
356
- 'orderby',
357
- 'nopaging',
358
- 'posts_per_page',
359
- 'offset',
360
- 'paged',
361
- 'page',
362
- 'ignore_sticky_posts',
363
- );
364
- $args = array();
365
- foreach( $arg_keys as $arg_key ) {
366
- // Note: WP_Query() supports validation / sanitization
367
- if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
368
- $args[$arg_key] = $value;
369
- }
370
-
371
- $query = new WP_Query;
372
- $query->query( $args );
373
- $actions[$action] = $query->posts;
374
-
375
- break;
376
-
377
- case 'get_post':
378
- case 'delete_post':
379
-
380
- $post_id = (int)WPR_API_Request::get_arg( 'post_id' );
381
- $post = get_post( $post_id );
382
-
383
- if ( ! $post ) {
384
- $actions[$action] = new WP_Error( 'missing-post', __( "No post found.", 'wpremote' ) );
385
- break;
386
- }
387
-
388
- if ( 'get_post' == $action ) {
389
-
390
- $actions[$action] = $post;
391
-
392
- } else if ( 'delete_post' == $action ) {
393
-
394
- $actions[$action] = wp_delete_post( $post_id );
395
-
396
- }
397
-
398
- break;
399
-
400
- case 'create_post':
401
- case 'update_post':
402
-
403
- $arg_keys = array(
404
- 'menu_order',
405
- 'comment_status',
406
- 'ping_status',
407
- 'post_author',
408
- 'post_content',
409
- 'post_date',
410
- 'post_date_gmt',
411
- 'post_excerpt',
412
- 'post_name',
413
- 'post_parent',
414
- 'post_password',
415
- 'post_status',
416
- 'post_title',
417
- 'post_type',
418
- 'tags_input',
419
- );
420
- $args = array();
421
- foreach( $arg_keys as $arg_key ) {
422
- // Note: wp_update_post() supports validation / sanitization
423
- if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
424
- $args[$arg_key] = $value;
425
- }
426
-
427
- if ( 'create_post' == $action ) {
428
-
429
- if ( $post_id = wp_insert_post( $args ) )
430
- $actions[$action] = get_post( $post_id );
431
- else
432
- $actions[$action] = new WP_Error( 'create-post', __( "Error creating post.", 'wpremote' ) );
433
-
434
- } else if ( 'update_post' == $action ) {
435
-
436
- $args['ID'] = (int)WPR_API_Request::get_arg( 'post_id' );
437
-
438
- if ( ! get_post( $args['ID'] ) ) {
439
- $actions[$action] = new WP_Error( 'missing-post', __( "No post found.", 'wpremote' ) );
440
- break;
441
- }
442
-
443
- if ( wp_update_post( $args ) )
444
- $actions[$action] = get_post( $args['ID'] );
445
- else
446
- $actions[$action] = new WP_Error( 'update-post', __( "Error updating post.", 'wpremote' ) );
447
-
448
- }
449
-
450
- break;
451
-
452
- case 'get_metadata':
453
-
454
- $actions[$action] = get_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), false );
455
-
456
- break;
457
-
458
- case 'add_metadata':
459
-
460
- $actions[$action] = add_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), WPR_API_Request::get_arg( 'meta_value' ) );
461
-
462
- break;
463
-
464
- case 'update_metadata':
465
-
466
- $actions[$action] = update_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), WPR_API_Request::get_arg( 'meta_value' ) );
467
-
468
- break;
469
-
470
- case 'delete_metadata':
471
-
472
- $actions[$action] = delete_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ) );
473
-
474
- break;
475
-
476
- case 'get_comments':
477
-
478
- $arg_keys = array(
479
- 'status',
480
- 'orderby',
481
- 'order',
482
- 'post_id',
483
- );
484
- $args = array();
485
- foreach( $arg_keys as $arg_key ) {
486
- // Note: get_comments() supports validation / sanitization
487
- if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
488
- $args[$arg_key] = $value;
489
- }
490
- $actions[$action] = get_comments( $args );
491
-
492
- break;
493
-
494
- case 'get_comment':
495
- case 'delete_comment':
496
-
497
- $comment_id = (int)WPR_API_Request::get_arg( 'comment_id' );
498
- $comment = get_comment( $comment_id );
499
-
500
- if ( ! $comment ) {
501
- $actions[$action] = new WP_Error( 'missing-comment', __( "No comment found.", 'wpremote' ) );
502
- break;
503
- }
504
-
505
- if ( 'get_comment' == $action ) {
506
-
507
- $actions[$action] = $comment;
508
-
509
- } else if ( 'delete_comment' == $action ) {
510
-
511
- $actions[$action] = wp_delete_comment( $comment_id );
512
-
513
- }
514
-
515
- break;
516
-
517
- case 'create_comment':
518
- case 'update_comment':
519
-
520
- $arg_keys = array(
521
- 'comment_post_ID',
522
- 'comment_author',
523
- 'comment_author_email',
524
- 'comment_author_url',
525
- 'comment_date',
526
- 'comment_date_gmt',
527
- 'comment_content',
528
- 'comment_approved',
529
- 'comment_type',
530
- 'comment_parent',
531
- 'user_id'
532
- );
533
- $args = array();
534
- foreach( $arg_keys as $arg_key ) {
535
- // Note: wp_update_comment() supports validation / sanitization
536
- if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
537
- $args[$arg_key] = $value;
538
- }
539
-
540
- if ( 'create_comment' == $action ) {
541
-
542
- if ( $comment_id = wp_insert_comment( $args ) )
543
- $actions[$action] = get_comment( $comment_id );
544
- else
545
- $actions[$action] = new WP_Error( 'create-comment', __( "Error creating comment.", 'wpremote' ) );
546
-
547
- } else if ( 'update_comment' == $action ) {
548
-
549
- $args['comment_ID'] = (int)WPR_API_Request::get_arg( 'comment_id' );
550
-
551
- if ( ! get_comment( $args['comment_ID'] ) ) {
552
- $actions[$action] = new WP_Error( 'missing-comment', __( "No comment found.", 'wpremote' ) );
553
- break;
554
- }
555
-
556
- if ( wp_update_comment( $args ) )
557
- $actions[$action] = get_comment( $args['comment_ID'] );
558
- else
559
- $actions[$action] = new WP_Error( 'update-comment', __( "Error updating comment.", 'wpremote' ) );
560
-
561
- }
562
-
563
- break;
564
-
565
- case 'get_users':
566
-
567
- $arg_keys = array(
568
- 'include',
569
- 'exclude',
570
- 'search',
571
- 'orderby',
572
- 'order',
573
- 'offset',
574
- 'number',
575
- );
576
- $args = array();
577
- foreach( $arg_keys as $arg_key ) {
578
- // Note: get_users() supports validation / sanitization
579
- if ( $value = WPR_API_Request::get_arg( $arg_key ) )
580
- $args[$arg_key] = $value;
581
- }
582
-
583
- $users = array_map( 'wprp_format_user_obj', get_users( $args ) );
584
- $actions[$action] = $users;
585
-
586
- break;
587
-
588
- case 'get_user':
589
- case 'update_user':
590
- case 'delete_user':
591
-
592
- $user_id = (int)WPR_API_Request::get_arg( 'user_id' );
593
- $user = get_user_by( 'id', $user_id );
594
-
595
- if ( ! $user ) {
596
- $actions[$action] = new WP_Error( 'missing-user', "No user found." );
597
- break;
598
- }
599
-
600
- require_once ABSPATH . '/wp-admin/includes/user.php';
601
-
602
- if ( 'get_user' == $action ) {
603
-
604
- $actions[$action] = wprp_format_user_obj( $user );
605
-
606
- } else if ( 'update_user' == $action ) {
607
-
608
- $fields = array(
609
- 'user_email',
610
- 'display_name',
611
- 'first_name',
612
- 'last_name',
613
- 'user_nicename',
614
- 'user_pass',
615
- 'user_url',
616
- 'description'
617
- );
618
- $args = array();
619
- foreach( $fields as $field ) {
620
- // Note: wp_update_user() handles sanitization / validation
621
- if ( null !== ( $value = WPR_API_Request::get_arg( $field ) ) )
622
- $args[$field] = $value;
623
- }
624
- $args['ID'] = $user->ID;
625
- $ret = wp_update_user( $args );
626
- if ( is_wp_error( $ret ) )
627
- $actions[$action] = $ret;
628
- else
629
- $actions[$action] = wprp_format_user_obj( get_user_by( 'id', $ret ) );
630
-
631
- } else if ( 'delete_user' == $action ) {
632
-
633
- $actions[$action] = wp_delete_user( $user->ID );
634
-
635
- }
636
-
637
-
638
- break;
639
-
640
- case 'create_user':
641
-
642
- $args = array(
643
- // Note: wp_insert_user() handles sanitization / validation
644
- 'user_login' => WPR_API_Request::get_arg( 'user_login' ),
645
- 'user_email' => WPR_API_Request::get_arg( 'user_email' ),
646
- 'role' => get_option('default_role'),
647
- 'user_pass' => false,
648
- 'user_registered' => strftime( "%F %T", time() ),
649
- 'display_name' => false,
650
- );
651
- foreach( $args as $key => $value ) {
652
- // Note: wp_insert_user() handles sanitization / validation
653
- if ( null !== ( $new_value = WPR_API_Request::get_arg( $key ) ) )
654
- $args[$key] = $new_value;
655
- }
656
-
657
- if ( ! $args['user_pass'] ) {
658
- $args['user_pass'] = wp_generate_password();
659
- }
660
-
661
- $user_id = wp_insert_user( $args );
662
-
663
- if ( is_wp_error( $user_id ) ) {
664
- $actions[$action] = array( 'status' => 'error', 'error' => $user_id->get_error_message() );
665
- } else {
666
- $actions[$action] = wprp_format_user_obj( get_user_by( 'id', $user_id ) );
667
- }
668
-
669
- break;
670
-
671
- case 'enable_log' :
672
- update_option( 'wprp_enable_log', true );
673
- $actions[$action] = true;
674
- break;
675
-
676
- case 'disable_log' :
677
- delete_option( 'wprp_enable_log' );
678
- $actions[$action] = true;
679
- break;
680
-
681
- case 'get_log' :
682
-
683
- if ( class_exists( 'WPRP_Log' ) ) {
684
- $actions[$action] = WPRP_Log::get_instance()->get_items();
685
- WPRP_Log::get_instance()->delete_items();
686
- } else {
687
- $actions[$action] = new WP_Error( 'log-not-enabled', 'Logging is not enabled' );
688
- }
689
-
690
- break;
691
-
692
- default :
693
-
694
- $actions[$action] = 'not-implemented';
695
-
696
- break;
697
-
698
- }
699
-
700
- }
701
-
702
- foreach ( $actions as $key => $action ) {
703
-
704
- if ( is_wp_error( $action ) ) {
705
-
706
- $actions[$key] = (object) array(
707
- 'errors' => $action->errors
708
- );
709
- }
710
- }
711
-
712
- echo json_encode( $actions );
713
-
714
- exit;
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class WPR_API_Request {
4
+
5
+ static $actions = array();
6
+ static $args = array();
7
+
8
+ static function verify_request() {
9
+
10
+ // Check the API Key
11
+ if ( ! wprp_get_api_keys() ) {
12
+
13
+ echo json_encode( 'blank-api-key' );
14
+ exit;
15
+
16
+ } elseif ( isset( $_POST['wpr_verify_key'] ) ) {
17
+
18
+ $verify = $_POST['wpr_verify_key'];
19
+ unset( $_POST['wpr_verify_key'] );
20
+
21
+ $hash = self::generate_hashes( $_POST );
22
+
23
+ if ( ! in_array( $verify, $hash, true ) ) {
24
+ echo json_encode( 'bad-verify-key' );
25
+ exit;
26
+ }
27
+
28
+ if ( (int) $_POST['timestamp'] > time() + 360 || (int) $_POST['timestamp'] < time() - 360 ) {
29
+ echo json_encode( 'bad-timstamp' );
30
+ exit;
31
+ }
32
+
33
+ self::$actions = $_POST['actions'];
34
+ self::$args = $_POST;
35
+
36
+
37
+ } else {
38
+ exit;
39
+ }
40
+
41
+ return true;
42
+
43
+ }
44
+
45
+ static function generate_hashes( $vars ) {
46
+
47
+ $api_key = wprp_get_api_keys();
48
+ if ( ! $api_key )
49
+ return array();
50
+
51
+ $hashes = array();
52
+ foreach( $api_key as $key ) {
53
+ $hashes[] = hash_hmac( 'sha256', serialize( $vars ), $key );
54
+ }
55
+ return $hashes;
56
+
57
+ }
58
+
59
+ static function get_actions() {
60
+ return self::$actions;
61
+ }
62
+
63
+ static function get_args() {
64
+ return self::$args;
65
+ }
66
+
67
+ static function get_arg( $arg ) {
68
+ return ( isset( self::$args[$arg] ) ) ? self::$args[$arg] : null;
69
+ }
70
+ }
71
+
72
+ WPR_API_Request::verify_request();
73
+
74
+ // disable logging for anythign done in API requests
75
+ if ( class_exists( 'WPRP_Log' ) )
76
+ WPRP_Log::get_instance()->disable_logging();
77
+
78
+ // Disable error_reporting so they don't break the json request
79
+ if ( ! defined( 'WP_DEBUG' ) || ! WP_DEBUG )
80
+ error_reporting( 0 );
81
+
82
+ // Temp hack so our requests to verify file size are signed.
83
+ global $wprp_noauth_nonce;
84
+ $wprp_noauth_nonce = wp_create_nonce( 'wprp_calculate_backup_size' );
85
+
86
+ // Log in as admin
87
+ $users_query = new WP_User_Query( array(
88
+ 'role' => 'administrator',
89
+ 'orderby' => 'ID'
90
+ ) );
91
+ wp_set_current_user(1);
92
+ if ($users_query->get_total()) {
93
+ foreach ($users_query->get_results() as $user) {
94
+ if (!$user) {
95
+ continue;
96
+ }
97
+ wp_set_current_user($user->ID);
98
+ break;
99
+ }
100
+ if (empty(wp_get_current_user())) {
101
+ wp_set_current_user(1);
102
+ }
103
+ }
104
+
105
+ include_once ( ABSPATH . 'wp-admin/includes/admin.php' );
106
+
107
+ $actions = array();
108
+
109
+ foreach( WPR_API_Request::get_actions() as $action ) {
110
+
111
+ // TODO Instead should just fire actions which we hook into.
112
+ // TODO should namespace api methods?
113
+ switch( $action ) {
114
+
115
+ // TODO should be dynamic
116
+ case 'get_plugin_version' :
117
+
118
+ $actions[$action] = '1.1';
119
+
120
+ break;
121
+
122
+ case 'get_filesystem_method' :
123
+
124
+ $actions[$action] = get_filesystem_method();
125
+
126
+ break;
127
+
128
+ case 'get_supported_filesystem_methods' :
129
+
130
+ $actions[$action] = array();
131
+
132
+ if ( extension_loaded( 'ftp' ) || extension_loaded( 'sockets' ) || function_exists( 'fsockopen' ) )
133
+ $actions[$action][] = 'ftp';
134
+
135
+ if ( extension_loaded( 'ftp' ) )
136
+ $actions[$action][] = 'ftps';
137
+
138
+ if ( extension_loaded( 'ssh2' ) && function_exists( 'stream_get_contents' ) )
139
+ $actions[$action][] = 'ssh';
140
+
141
+ break;
142
+
143
+ case 'get_wp_version' :
144
+
145
+ global $wp_version;
146
+
147
+ $actions[$action] = (string) $wp_version;
148
+
149
+ break;
150
+
151
+ case 'get_constants':
152
+
153
+ $constants = array();
154
+ if ( is_array( WPR_API_Request::get_arg( 'constants' ) ) ) {
155
+
156
+ foreach( WPR_API_Request::get_arg( 'constants' ) as $constant ) {
157
+ if ( defined( $constant ) )
158
+ $constants[$constant] = constant( $constant );
159
+ else
160
+ $constants[$constant] = null;
161
+ }
162
+
163
+ }
164
+ $actions[$action] = $constants;
165
+
166
+ break;
167
+
168
+ case 'upgrade_core' :
169
+
170
+ $actions[$action] = _wprp_upgrade_core();
171
+
172
+ break;
173
+
174
+ case 'get_plugins' :
175
+
176
+ $actions[$action] = _wprp_get_plugins();
177
+
178
+ break;
179
+
180
+ case 'update_plugin' :
181
+ case 'upgrade_plugin' :
182
+
183
+ $api_args = array(
184
+ 'zip_url' => esc_url_raw( WPR_API_Request::get_arg( 'zip_url' ) ),
185
+ );
186
+ $actions[$action] = _wprp_update_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ), $api_args );
187
+
188
+ break;
189
+
190
+ case 'install_plugin' :
191
+
192
+ $api_args = array(
193
+ 'version' => sanitize_text_field( WPR_API_Request::get_arg( 'version' ) ),
194
+ );
195
+ $actions[$action] = _wprp_install_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ), $api_args );
196
+
197
+ break;
198
+
199
+ case 'activate_plugin' :
200
+
201
+ $actions[$action] = _wprp_activate_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
202
+
203
+ break;
204
+
205
+ case 'deactivate_plugin' :
206
+
207
+ $actions[$action] = _wprp_deactivate_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
208
+
209
+ break;
210
+
211
+ case 'uninstall_plugin' :
212
+
213
+ $actions[$action] = _wprp_uninstall_plugin( sanitize_text_field( WPR_API_Request::get_arg( 'plugin' ) ) );
214
+
215
+ break;
216
+
217
+ case 'get_themes' :
218
+
219
+ $actions[$action] = _wprp_get_themes();
220
+
221
+ break;
222
+
223
+ case 'install_theme':
224
+
225
+ $api_args = array(
226
+ 'version' => sanitize_text_field( WPR_API_Request::get_arg( 'version' ) ),
227
+ );
228
+ $actions[$action] = _wprp_install_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ), $api_args );
229
+
230
+ break;
231
+
232
+ case 'activate_theme':
233
+
234
+ $actions[$action] = _wprp_activate_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
235
+
236
+ break;
237
+
238
+ case 'update_theme' :
239
+ case 'upgrade_theme' : // 'upgrade' is deprecated
240
+
241
+ $actions[$action] = _wprp_update_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
242
+
243
+ break;
244
+
245
+ case 'delete_theme':
246
+
247
+ $actions[$action] = _wprp_delete_theme( sanitize_text_field( WPR_API_Request::get_arg( 'theme' ) ) );
248
+
249
+ break;
250
+
251
+ case 'do_backup' :
252
+
253
+ if ( in_array( WPR_API_Request::get_arg( 'backup_type' ), array( 'complete', 'database', 'file' ) ) )
254
+ WPRP_Backups::get_instance()->set_type( WPR_API_Request::get_arg( 'backup_type' ) );
255
+
256
+ if ( WPR_API_Request::get_arg( 'backup_approach' ) && 'file_manifest' == WPR_API_Request::get_arg( 'backup_approach' ) )
257
+ WPRP_Backups::get_instance()->set_is_using_file_manifest( true );
258
+
259
+ $actions[$action] = WPRP_Backups::get_instance()->do_backup();
260
+
261
+ break;
262
+
263
+ case 'get_backup' :
264
+
265
+ $actions[$action] = WPRP_Backups::get_instance()->get_backup();
266
+
267
+ break;
268
+
269
+ case 'delete_backup' :
270
+
271
+ $actions[$action] = WPRP_Backups::get_instance()->cleanup();
272
+
273
+ break;
274
+
275
+ case 'backup_heartbeat' :
276
+
277
+ WPRP_Backups::get_instance()->set_is_using_file_manifest( true );
278
+
279
+ if ( in_array( WPR_API_Request::get_arg( 'backup_type' ), array( 'complete', 'database', 'file' ) ) )
280
+ WPRP_Backups::get_instance()->set_type( WPR_API_Request::get_arg( 'backup_type' ) );
281
+
282
+ $actions[$action] = WPRP_Backups::get_instance()->backup_heartbeat();
283
+
284
+ break;
285
+
286
+ case 'supports_backups' :
287
+
288
+ $actions[$action] = true;
289
+
290
+ break;
291
+
292
+ case 'get_site_info' :
293
+
294
+ $actions[$action] = array(
295
+ 'site_url' => get_site_url(),
296
+ 'home_url' => get_home_url(),
297
+ 'admin_url' => get_admin_url(),
298
+ 'backups' => function_exists( '_wprp_get_backups_info' ) ? _wprp_get_backups_info() : array(),
299
+ 'web_host' => _wprp_integration_get_web_host(),
300
+ 'summary' => _wprp_get_content_summary(),
301
+ );
302
+
303
+ break;
304
+
305
+ case 'get_option':
306
+
307
+ $actions[$action] = get_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ) );
308
+
309
+ break;
310
+
311
+ case 'update_option':
312
+
313
+ $actions[$action] = update_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ), WPR_API_Request::get_arg( 'option_value' ) );
314
+
315
+ break;
316
+
317
+ case 'delete_option':
318
+
319
+ $actions[$action] = delete_option( sanitize_text_field( WPR_API_Request::get_arg( 'option_name' ) ) );
320
+
321
+ break;
322
+
323
+ case 'get_posts':
324
+
325
+ $arg_keys = array(
326
+ /** Author **/
327
+ 'author',
328
+ 'author_name',
329
+ 'author__in',
330
+ 'author__not_in',
331
+
332
+ /** Category **/
333
+ 'cat',
334
+ 'category_name',
335
+ 'category__and',
336
+ 'category__in',
337
+ 'category__not_in',
338
+
339
+ /** Tag **/
340
+ 'tag',
341
+ 'tag_id',
342
+ 'tag__and',
343
+ 'tag__in',
344
+ 'tag__not_in',
345
+ 'tag_slug__and',
346
+ 'tag_slug__in',
347
+
348
+ /** Search **/
349
+ 's',
350
+
351
+ /** Post Attributes **/
352
+ 'name',
353
+ 'pagename',
354
+ 'post_parent',
355
+ 'post_parent__in',
356
+ 'post_parent__not_in',
357
+ 'post__in',
358
+ 'post__not_in',
359
+ 'post_status',
360
+ 'post_type',
361
+
362
+ /** Order / Pagination / Etc. **/
363
+ 'order',
364
+ 'orderby',
365
+ 'nopaging',
366
+ 'posts_per_page',
367
+ 'offset',
368
+ 'paged',
369
+ 'page',
370
+ 'ignore_sticky_posts',
371
+ );
372
+ $args = array();
373
+ foreach( $arg_keys as $arg_key ) {
374
+ // Note: WP_Query() supports validation / sanitization
375
+ if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
376
+ $args[$arg_key] = $value;
377
+ }
378
+
379
+ $query = new WP_Query;
380
+ $query->query( $args );
381
+ $actions[$action] = $query->posts;
382
+
383
+ break;
384
+
385
+ case 'get_post':
386
+ case 'delete_post':
387
+
388
+ $post_id = (int)WPR_API_Request::get_arg( 'post_id' );
389
+ $post = get_post( $post_id );
390
+
391
+ if ( ! $post ) {
392
+ $actions[$action] = new WP_Error( 'missing-post', __( "No post found.", 'wpremote' ) );
393
+ break;
394
+ }
395
+
396
+ if ( 'get_post' == $action ) {
397
+
398
+ $actions[$action] = $post;
399
+
400
+ } else if ( 'delete_post' == $action ) {
401
+
402
+ $actions[$action] = wp_delete_post( $post_id );
403
+
404
+ }
405
+
406
+ break;
407
+
408
+ case 'create_post':
409
+ case 'update_post':
410
+
411
+ $arg_keys = array(
412
+ 'menu_order',
413
+ 'comment_status',
414
+ 'ping_status',
415
+ 'post_author',
416
+ 'post_content',
417
+ 'post_date',
418
+ 'post_date_gmt',
419
+ 'post_excerpt',
420
+ 'post_name',
421
+ 'post_parent',
422
+ 'post_password',
423
+ 'post_status',
424
+ 'post_title',
425
+ 'post_type',
426
+ 'tags_input',
427
+ );
428
+ $args = array();
429
+ foreach( $arg_keys as $arg_key ) {
430
+ // Note: wp_update_post() supports validation / sanitization
431
+ if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
432
+ $args[$arg_key] = $value;
433
+ }
434
+
435
+ if ( 'create_post' == $action ) {
436
+
437
+ if ( $post_id = wp_insert_post( $args ) )
438
+ $actions[$action] = get_post( $post_id );
439
+ else
440
+ $actions[$action] = new WP_Error( 'create-post', __( "Error creating post.", 'wpremote' ) );
441
+
442
+ } else if ( 'update_post' == $action ) {
443
+
444
+ $args['ID'] = (int)WPR_API_Request::get_arg( 'post_id' );
445
+
446
+ if ( ! get_post( $args['ID'] ) ) {
447
+ $actions[$action] = new WP_Error( 'missing-post', __( "No post found.", 'wpremote' ) );
448
+ break;
449
+ }
450
+
451
+ if ( wp_update_post( $args ) )
452
+ $actions[$action] = get_post( $args['ID'] );
453
+ else
454
+ $actions[$action] = new WP_Error( 'update-post', __( "Error updating post.", 'wpremote' ) );
455
+
456
+ }
457
+
458
+ break;
459
+
460
+ case 'get_metadata':
461
+
462
+ $actions[$action] = get_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), false );
463
+
464
+ break;
465
+
466
+ case 'add_metadata':
467
+
468
+ $actions[$action] = add_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), WPR_API_Request::get_arg( 'meta_value' ) );
469
+
470
+ break;
471
+
472
+ case 'update_metadata':
473
+
474
+ $actions[$action] = update_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ), WPR_API_Request::get_arg( 'meta_value' ) );
475
+
476
+ break;
477
+
478
+ case 'delete_metadata':
479
+
480
+ $actions[$action] = delete_metadata( WPR_API_Request::get_arg( 'meta_type' ), WPR_API_Request::get_arg( 'object_id' ), WPR_API_Request::get_arg( 'meta_key' ) );
481
+
482
+ break;
483
+
484
+ case 'get_comments':
485
+
486
+ $arg_keys = array(
487
+ 'status',
488
+ 'orderby',
489
+ 'order',
490
+ 'post_id',
491
+ );
492
+ $args = array();
493
+ foreach( $arg_keys as $arg_key ) {
494
+ // Note: get_comments() supports validation / sanitization
495
+ if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
496
+ $args[$arg_key] = $value;
497
+ }
498
+ $actions[$action] = get_comments( $args );
499
+
500
+ break;
501
+
502
+ case 'get_comment':
503
+ case 'delete_comment':
504
+
505
+ $comment_id = (int)WPR_API_Request::get_arg( 'comment_id' );
506
+ $comment = get_comment( $comment_id );
507
+
508
+ if ( ! $comment ) {
509
+ $actions[$action] = new WP_Error( 'missing-comment', __( "No comment found.", 'wpremote' ) );
510
+ break;
511
+ }
512
+
513
+ if ( 'get_comment' == $action ) {
514
+
515
+ $actions[$action] = $comment;
516
+
517
+ } else if ( 'delete_comment' == $action ) {
518
+
519
+ $actions[$action] = wp_delete_comment( $comment_id );
520
+
521
+ }
522
+
523
+ break;
524
+
525
+ case 'create_comment':
526
+ case 'update_comment':
527
+
528
+ $arg_keys = array(
529
+ 'comment_post_ID',
530
+ 'comment_author',
531
+ 'comment_author_email',
532
+ 'comment_author_url',
533
+ 'comment_date',
534
+ 'comment_date_gmt',
535
+ 'comment_content',
536
+ 'comment_approved',
537
+ 'comment_type',
538
+ 'comment_parent',
539
+ 'user_id'
540
+ );
541
+ $args = array();
542
+ foreach( $arg_keys as $arg_key ) {
543
+ // Note: wp_update_comment() supports validation / sanitization
544
+ if ( null !== ( $value = WPR_API_Request::get_arg( $arg_key ) ) )
545
+ $args[$arg_key] = $value;
546
+ }
547
+
548
+ if ( 'create_comment' == $action ) {
549
+
550
+ if ( $comment_id = wp_insert_comment( $args ) )
551
+ $actions[$action] = get_comment( $comment_id );
552
+ else
553
+ $actions[$action] = new WP_Error( 'create-comment', __( "Error creating comment.", 'wpremote' ) );
554
+
555
+ } else if ( 'update_comment' == $action ) {
556
+
557
+ $args['comment_ID'] = (int)WPR_API_Request::get_arg( 'comment_id' );
558
+
559
+ if ( ! get_comment( $args['comment_ID'] ) ) {
560
+ $actions[$action] = new WP_Error( 'missing-comment', __( "No comment found.", 'wpremote' ) );
561
+ break;
562
+ }
563
+
564
+ if ( wp_update_comment( $args ) )
565
+ $actions[$action] = get_comment( $args['comment_ID'] );
566
+ else
567
+ $actions[$action] = new WP_Error( 'update-comment', __( "Error updating comment.", 'wpremote' ) );
568
+
569
+ }
570
+
571
+ break;
572
+
573
+ case 'get_users':
574
+
575
+ $arg_keys = array(
576
+ 'include',
577
+ 'exclude',
578
+ 'search',
579
+ 'orderby',
580
+ 'order',
581
+ 'offset',
582
+ 'number',
583
+ );
584
+ $args = array();
585
+ foreach( $arg_keys as $arg_key ) {
586
+ // Note: get_users() supports validation / sanitization
587
+ if ( $value = WPR_API_Request::get_arg( $arg_key ) )
588
+ $args[$arg_key] = $value;
589
+ }
590
+
591
+ $users = array_map( 'wprp_format_user_obj', get_users( $args ) );
592
+ $actions[$action] = $users;
593
+
594
+ break;
595
+
596
+ case 'get_user':
597
+ case 'update_user':
598
+ case 'delete_user':
599
+
600
+ $user_id = (int)WPR_API_Request::get_arg( 'user_id' );
601
+ $user = get_user_by( 'id', $user_id );
602
+
603
+ if ( ! $user ) {
604
+ $actions[$action] = new WP_Error( 'missing-user', "No user found." );
605
+ break;
606
+ }
607
+
608
+ require_once ABSPATH . '/wp-admin/includes/user.php';
609
+
610
+ if ( 'get_user' == $action ) {
611
+
612
+ $actions[$action] = wprp_format_user_obj( $user );
613
+
614
+ } else if ( 'update_user' == $action ) {
615
+
616
+ $fields = array(
617
+ 'user_email',
618
+ 'display_name',
619
+ 'first_name',
620
+ 'last_name',
621
+ 'user_nicename',
622
+ 'user_pass',
623
+ 'user_url',
624
+ 'description'
625
+ );
626
+ $args = array();
627
+ foreach( $fields as $field ) {
628
+ // Note: wp_update_user() handles sanitization / validation
629
+ if ( null !== ( $value = WPR_API_Request::get_arg( $field ) ) )
630
+ $args[$field] = $value;
631
+ }
632
+ $args['ID'] = $user->ID;
633
+ $ret = wp_update_user( $args );
634
+ if ( is_wp_error( $ret ) )
635
+ $actions[$action] = $ret;
636
+ else
637
+ $actions[$action] = wprp_format_user_obj( get_user_by( 'id', $ret ) );
638
+
639
+ } else if ( 'delete_user' == $action ) {
640
+
641
+ $actions[$action] = wp_delete_user( $user->ID );
642
+
643
+ }
644
+
645
+
646
+ break;
647
+
648
+ case 'create_user':
649
+
650
+ $args = array(
651
+ // Note: wp_insert_user() handles sanitization / validation
652
+ 'user_login' => WPR_API_Request::get_arg( 'user_login' ),
653
+ 'user_email' => WPR_API_Request::get_arg( 'user_email' ),
654
+ 'role' => get_option('default_role'),
655
+ 'user_pass' => false,
656
+ 'user_registered' => strftime( "%F %T", time() ),
657
+ 'display_name' => false,
658
+ );
659
+ foreach( $args as $key => $value ) {
660
+ // Note: wp_insert_user() handles sanitization / validation
661
+ if ( null !== ( $new_value = WPR_API_Request::get_arg( $key ) ) )
662
+ $args[$key] = $new_value;
663
+ }
664
+
665
+ if ( ! $args['user_pass'] ) {
666
+ $args['user_pass'] = wp_generate_password();
667
+ }
668
+
669
+ $user_id = wp_insert_user( $args );
670
+
671
+ if ( is_wp_error( $user_id ) ) {
672
+ $actions[$action] = array( 'status' => 'error', 'error' => $user_id->get_error_message() );
673
+ } else {
674
+ $actions[$action] = wprp_format_user_obj( get_user_by( 'id', $user_id ) );
675
+ }
676
+
677
+ break;
678
+
679
+ case 'enable_log' :
680
+ update_option( 'wprp_enable_log', true );
681
+ $actions[$action] = true;
682
+ break;
683
+
684
+ case 'disable_log' :
685
+ delete_option( 'wprp_enable_log' );
686
+ $actions[$action] = true;
687
+ break;
688
+
689
+ case 'get_log' :
690
+
691
+ if ( class_exists( 'WPRP_Log' ) ) {
692
+ $actions[$action] = WPRP_Log::get_instance()->get_items();
693
+ WPRP_Log::get_instance()->delete_items();
694
+ } else {
695
+ $actions[$action] = new WP_Error( 'log-not-enabled', 'Logging is not enabled' );
696
+ }
697
+
698
+ break;
699
+
700
+ default :
701
+
702
+ $actions[$action] = 'not-implemented';
703
+
704
+ break;
705
+
706
+ }
707
+
708
+ }
709
+
710
+ foreach ( $actions as $key => $action ) {
711
+
712
+ if ( is_wp_error( $action ) ) {
713
+
714
+ $actions[$key] = (object) array(
715
+ 'errors' => $action->errors
716
+ );
717
+ }
718
+ }
719
+
720
+ echo json_encode( $actions );
721
+
722
+ exit;