Migration, Backup, Staging – WPvivid - Version 0.9.53

Version Description

  • Fixed a SQL injection vulnerability.
  • Fixed some bugs in the plugin code and optimized the plugin code.
Download this release

Release Info

Developer wpvivid
Plugin Icon 128x128 Migration, Backup, Staging – WPvivid
Version 0.9.53
Comparing to
See all releases

Code changes from version 0.9.52 to 0.9.53

Files changed (5) hide show
  1. includes/upload-cleaner/class-wpvivid-upload-cleaner-setting.php +12 -0
  2. includes/upload-cleaner/class-wpvivid-uploads-cleaner.php +73 -6
  3. includes/upload-cleaner/class-wpvivid-uploads-scanner.php +6 -8
  4. readme.txt +5 -2
  5. wpvivid-backuprestore.php +2 -2
includes/upload-cleaner/class-wpvivid-upload-cleaner-setting.php CHANGED
@@ -1256,6 +1256,9 @@ class WPvivid_Uploads_Cleaner_Setting
1256
 
1257
  public function get_exclude_files_list()
1258
  {
 
 
 
1259
  try
1260
  {
1261
  if(isset($_POST['file_exclude'])&&!empty($_POST['file_exclude']))
@@ -1298,6 +1301,9 @@ class WPvivid_Uploads_Cleaner_Setting
1298
 
1299
  public function delete_exclude_files()
1300
  {
 
 
 
1301
  try
1302
  {
1303
  $json = $_POST['selected'];
@@ -1343,6 +1349,9 @@ class WPvivid_Uploads_Cleaner_Setting
1343
 
1344
  public function get_post_type_list()
1345
  {
 
 
 
1346
  try
1347
  {
1348
  $default_post_types=array();
@@ -1395,6 +1404,9 @@ class WPvivid_Uploads_Cleaner_Setting
1395
 
1396
  public function delete_post_type()
1397
  {
 
 
 
1398
  try
1399
  {
1400
  $default_post_types=array();
1256
 
1257
  public function get_exclude_files_list()
1258
  {
1259
+ global $wpvivid_plugin;
1260
+ $wpvivid_plugin->ajax_check_security();
1261
+
1262
  try
1263
  {
1264
  if(isset($_POST['file_exclude'])&&!empty($_POST['file_exclude']))
1301
 
1302
  public function delete_exclude_files()
1303
  {
1304
+ global $wpvivid_plugin;
1305
+ $wpvivid_plugin->ajax_check_security();
1306
+
1307
  try
1308
  {
1309
  $json = $_POST['selected'];
1349
 
1350
  public function get_post_type_list()
1351
  {
1352
+ global $wpvivid_plugin;
1353
+ $wpvivid_plugin->ajax_check_security();
1354
+
1355
  try
1356
  {
1357
  $default_post_types=array();
1404
 
1405
  public function delete_post_type()
1406
  {
1407
+ global $wpvivid_plugin;
1408
+ $wpvivid_plugin->ajax_check_security();
1409
+
1410
  try
1411
  {
1412
  $default_post_types=array();
includes/upload-cleaner/class-wpvivid-uploads-cleaner.php CHANGED
@@ -1080,7 +1080,7 @@ class WPvivid_Uploads_Cleaner
1080
  </h1>
1081
  <?php
1082
 
1083
- if(!class_exists('WPvivid_UC_Tab_Page_Container'))
1084
  include_once WPVIVID_PLUGIN_DIR . '/includes/class-wpvivid-tab-page-container.php';
1085
 
1086
  $args['is_parent_tab']=1;
@@ -2310,6 +2310,9 @@ class WPvivid_Uploads_Cleaner
2310
 
2311
  public function start_scan_uploads_files_task()
2312
  {
 
 
 
2313
  set_time_limit(30);
2314
 
2315
  $uploads_scanner=new WPvivid_Uploads_Scanner();
@@ -2359,7 +2362,12 @@ class WPvivid_Uploads_Cleaner
2359
  $start+=$limit;
2360
 
2361
  $result['result']='success';
2362
- $result['percent']=intval(($start/$count)*100);
 
 
 
 
 
2363
  $result['total_posts']=$start;
2364
  $result['scanned_posts']=$count;
2365
  $result['descript']='Scanning files from posts';
@@ -2417,14 +2425,27 @@ class WPvivid_Uploads_Cleaner
2417
 
2418
  public function scan_uploads_files_from_post()
2419
  {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2420
  set_time_limit(30);
2421
 
2422
  $uploads_scanner=new WPvivid_Uploads_Scanner();
2423
 
2424
  $count=$uploads_scanner->get_post_count();
2425
 
2426
- $start=intval($_POST['start']);
2427
-
2428
  $limit=min(get_option('wpvivid_uc_scan_limit',20),$count);
2429
 
2430
  $posts=$uploads_scanner->get_posts($start,$limit);
@@ -2525,6 +2546,9 @@ class WPvivid_Uploads_Cleaner
2525
 
2526
  public function start_unused_files_task()
2527
  {
 
 
 
2528
  set_time_limit(30);
2529
 
2530
  $uploads_scanner=new WPvivid_Uploads_Scanner();
@@ -2587,6 +2611,9 @@ class WPvivid_Uploads_Cleaner
2587
 
2588
  public function unused_files_task()
2589
  {
 
 
 
2590
  set_time_limit(30);
2591
 
2592
  $uploads_scanner=new WPvivid_Uploads_Scanner();
@@ -2772,14 +2799,23 @@ class WPvivid_Uploads_Cleaner
2772
 
2773
  public function add_exclude_files()
2774
  {
 
 
 
2775
  $json = $_POST['selected'];
2776
  $json = stripslashes($json);
2777
  $json = json_decode($json, true);
2778
 
2779
  $selected_list=$json['selected'];
2780
 
 
 
 
 
 
 
2781
  $scanner=new WPvivid_Uploads_Scanner();
2782
- $files=$scanner->get_selected_files_list($selected_list);
2783
 
2784
  $list=new WPvivid_Unused_Upload_Files_List();
2785
 
@@ -2828,12 +2864,16 @@ class WPvivid_Uploads_Cleaner
2828
 
2829
  public function get_result_list()
2830
  {
 
 
 
2831
  try
2832
  {
2833
  $search='';
2834
  if(isset($_POST['search']))
2835
  {
2836
  $search=$_POST['search'];
 
2837
  }
2838
 
2839
  $folder='';
@@ -2883,6 +2923,9 @@ class WPvivid_Uploads_Cleaner
2883
 
2884
  public function isolate_selected_image()
2885
  {
 
 
 
2886
  try
2887
  {
2888
  $json = $_POST['selected'];
@@ -2890,9 +2933,14 @@ class WPvivid_Uploads_Cleaner
2890
  $json = json_decode($json, true);
2891
 
2892
  $selected_list=$json['selected'];
 
 
 
 
 
2893
 
2894
  $scanner=new WPvivid_Uploads_Scanner();
2895
- $files=$scanner->get_selected_files_list($selected_list);
2896
 
2897
  if($files===false||empty($files))
2898
  {
@@ -2971,6 +3019,9 @@ class WPvivid_Uploads_Cleaner
2971
 
2972
  public function start_isolate_all_image()
2973
  {
 
 
 
2974
  try
2975
  {
2976
  $search='';
@@ -3040,6 +3091,9 @@ class WPvivid_Uploads_Cleaner
3040
 
3041
  public function isolate_all_image()
3042
  {
 
 
 
3043
  try
3044
  {
3045
  $search='';
@@ -3117,6 +3171,9 @@ class WPvivid_Uploads_Cleaner
3117
 
3118
  public function get_iso_list()
3119
  {
 
 
 
3120
  try
3121
  {
3122
  $search='';
@@ -3173,6 +3230,9 @@ class WPvivid_Uploads_Cleaner
3173
 
3174
  public function delete_selected_image()
3175
  {
 
 
 
3176
  try
3177
  {
3178
  $json = $_POST['selected'];
@@ -3231,6 +3291,8 @@ class WPvivid_Uploads_Cleaner
3231
 
3232
  public function delete_all_image()
3233
  {
 
 
3234
  try
3235
  {
3236
  $search='';
@@ -3283,6 +3345,9 @@ class WPvivid_Uploads_Cleaner
3283
  //restore_selected_image
3284
  public function restore_selected_image()
3285
  {
 
 
 
3286
  try
3287
  {
3288
  $json = $_POST['selected'];
@@ -3340,6 +3405,8 @@ class WPvivid_Uploads_Cleaner
3340
 
3341
  public function restore_all_image()
3342
  {
 
 
3343
  try
3344
  {
3345
  $search='';
1080
  </h1>
1081
  <?php
1082
 
1083
+ if(!class_exists('WPvivid_Tab_Page_Container'))
1084
  include_once WPVIVID_PLUGIN_DIR . '/includes/class-wpvivid-tab-page-container.php';
1085
 
1086
  $args['is_parent_tab']=1;
2310
 
2311
  public function start_scan_uploads_files_task()
2312
  {
2313
+ global $wpvivid_plugin;
2314
+ $wpvivid_plugin->ajax_check_security();
2315
+
2316
  set_time_limit(30);
2317
 
2318
  $uploads_scanner=new WPvivid_Uploads_Scanner();
2362
  $start+=$limit;
2363
 
2364
  $result['result']='success';
2365
+ if($count == 0){
2366
+ $result['percent']=0;
2367
+ }
2368
+ else{
2369
+ $result['percent']=intval(($start/$count)*100);
2370
+ }
2371
  $result['total_posts']=$start;
2372
  $result['scanned_posts']=$count;
2373
  $result['descript']='Scanning files from posts';
2425
 
2426
  public function scan_uploads_files_from_post()
2427
  {
2428
+ global $wpvivid_plugin;
2429
+ $wpvivid_plugin->ajax_check_security();
2430
+
2431
+ if(!isset($_POST['start']))
2432
+ {
2433
+ die();
2434
+ }
2435
+
2436
+ $start=intval($_POST['start']);
2437
+
2438
+ if(!is_int($start))
2439
+ {
2440
+ die();
2441
+ }
2442
+
2443
  set_time_limit(30);
2444
 
2445
  $uploads_scanner=new WPvivid_Uploads_Scanner();
2446
 
2447
  $count=$uploads_scanner->get_post_count();
2448
 
 
 
2449
  $limit=min(get_option('wpvivid_uc_scan_limit',20),$count);
2450
 
2451
  $posts=$uploads_scanner->get_posts($start,$limit);
2546
 
2547
  public function start_unused_files_task()
2548
  {
2549
+ global $wpvivid_plugin;
2550
+ $wpvivid_plugin->ajax_check_security();
2551
+
2552
  set_time_limit(30);
2553
 
2554
  $uploads_scanner=new WPvivid_Uploads_Scanner();
2611
 
2612
  public function unused_files_task()
2613
  {
2614
+ global $wpvivid_plugin;
2615
+ $wpvivid_plugin->ajax_check_security();
2616
+
2617
  set_time_limit(30);
2618
 
2619
  $uploads_scanner=new WPvivid_Uploads_Scanner();
2799
 
2800
  public function add_exclude_files()
2801
  {
2802
+ global $wpvivid_plugin;
2803
+ $wpvivid_plugin->ajax_check_security();
2804
+
2805
  $json = $_POST['selected'];
2806
  $json = stripslashes($json);
2807
  $json = json_decode($json, true);
2808
 
2809
  $selected_list=$json['selected'];
2810
 
2811
+ $sanitize_list=array();
2812
+ foreach ($selected_list as $item)
2813
+ {
2814
+ $sanitize_list[]=intval($item);
2815
+ }
2816
+
2817
  $scanner=new WPvivid_Uploads_Scanner();
2818
+ $files=$scanner->get_selected_files_list($sanitize_list);
2819
 
2820
  $list=new WPvivid_Unused_Upload_Files_List();
2821
 
2864
 
2865
  public function get_result_list()
2866
  {
2867
+ global $wpvivid_plugin;
2868
+ $wpvivid_plugin->ajax_check_security();
2869
+
2870
  try
2871
  {
2872
  $search='';
2873
  if(isset($_POST['search']))
2874
  {
2875
  $search=$_POST['search'];
2876
+
2877
  }
2878
 
2879
  $folder='';
2923
 
2924
  public function isolate_selected_image()
2925
  {
2926
+ global $wpvivid_plugin;
2927
+ $wpvivid_plugin->ajax_check_security();
2928
+
2929
  try
2930
  {
2931
  $json = $_POST['selected'];
2933
  $json = json_decode($json, true);
2934
 
2935
  $selected_list=$json['selected'];
2936
+ $sanitize_list=array();
2937
+ foreach ($selected_list as $item)
2938
+ {
2939
+ $sanitize_list[]=intval($item);
2940
+ }
2941
 
2942
  $scanner=new WPvivid_Uploads_Scanner();
2943
+ $files=$scanner->get_selected_files_list($sanitize_list);
2944
 
2945
  if($files===false||empty($files))
2946
  {
3019
 
3020
  public function start_isolate_all_image()
3021
  {
3022
+ global $wpvivid_plugin;
3023
+ $wpvivid_plugin->ajax_check_security();
3024
+
3025
  try
3026
  {
3027
  $search='';
3091
 
3092
  public function isolate_all_image()
3093
  {
3094
+ global $wpvivid_plugin;
3095
+ $wpvivid_plugin->ajax_check_security();
3096
+
3097
  try
3098
  {
3099
  $search='';
3171
 
3172
  public function get_iso_list()
3173
  {
3174
+ global $wpvivid_plugin;
3175
+ $wpvivid_plugin->ajax_check_security();
3176
+
3177
  try
3178
  {
3179
  $search='';
3230
 
3231
  public function delete_selected_image()
3232
  {
3233
+ global $wpvivid_plugin;
3234
+ $wpvivid_plugin->ajax_check_security();
3235
+
3236
  try
3237
  {
3238
  $json = $_POST['selected'];
3291
 
3292
  public function delete_all_image()
3293
  {
3294
+ global $wpvivid_plugin;
3295
+ $wpvivid_plugin->ajax_check_security();
3296
  try
3297
  {
3298
  $search='';
3345
  //restore_selected_image
3346
  public function restore_selected_image()
3347
  {
3348
+ global $wpvivid_plugin;
3349
+ $wpvivid_plugin->ajax_check_security();
3350
+
3351
  try
3352
  {
3353
  $json = $_POST['selected'];
3405
 
3406
  public function restore_all_image()
3407
  {
3408
+ global $wpvivid_plugin;
3409
+ $wpvivid_plugin->ajax_check_security();
3410
  try
3411
  {
3412
  $search='';
includes/upload-cleaner/class-wpvivid-uploads-scanner.php CHANGED
@@ -384,7 +384,7 @@ class WPvivid_Uploads_Scanner
384
 
385
  $post_status="post_status NOT IN ('inherit', 'trash', 'auto-draft')";
386
 
387
- $query="SELECT COUNT(*) FROM $wpdb->posts WHERE $post_types AND $post_status";
388
 
389
  $result=$wpdb->get_results($query,ARRAY_N);
390
 
@@ -1369,10 +1369,10 @@ class WPvivid_Uploads_Scanner
1369
  }
1370
 
1371
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
1372
- $sql="SELECT * FROM $table ".$where;
1373
 
1374
- $result=$wpdb->get_results($sql,ARRAY_A);
1375
- return $result;
 
1376
  }
1377
 
1378
  public function get_scan_result_count()
@@ -1450,8 +1450,7 @@ class WPvivid_Uploads_Scanner
1450
  $ids=implode(",",$selected_list);
1451
 
1452
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
1453
- $sql="SELECT * FROM $table WHERE `id` IN ($ids)";
1454
-
1455
  $result=$wpdb->get_results($sql,ARRAY_A);
1456
  if($result)
1457
  {
@@ -1516,8 +1515,7 @@ class WPvivid_Uploads_Scanner
1516
  //LIMIT
1517
 
1518
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
1519
- $sql="SELECT * FROM $table ".$where;
1520
-
1521
  $result=$wpdb->get_results($sql,ARRAY_A);
1522
  if($result)
1523
  {
384
 
385
  $post_status="post_status NOT IN ('inherit', 'trash', 'auto-draft')";
386
 
387
+ $query=$wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE $post_types AND %s",$post_status);
388
 
389
  $result=$wpdb->get_results($query,ARRAY_N);
390
 
1369
  }
1370
 
1371
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
 
1372
 
1373
+ $sql=esc_sql("SELECT * FROM `$table` ".$where);
1374
+
1375
+ return $wpdb->get_results($sql,ARRAY_A);
1376
  }
1377
 
1378
  public function get_scan_result_count()
1450
  $ids=implode(",",$selected_list);
1451
 
1452
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
1453
+ $sql=$wpdb->prepare("SELECT * FROM $table WHERE `id` IN (%s)",$ids);
 
1454
  $result=$wpdb->get_results($sql,ARRAY_A);
1455
  if($result)
1456
  {
1515
  //LIMIT
1516
 
1517
  $table = $wpdb->prefix . "wpvivid_unused_uploads_files";
1518
+ $sql=esc_sql("SELECT * FROM $table ".$where);
 
1519
  $result=$wpdb->get_results($sql,ARRAY_A);
1520
  if($result)
1521
  {
readme.txt CHANGED
@@ -2,9 +2,9 @@
2
  Contributors: wpvivid
3
  Tags: move, clone, migrate, cleaner, backup, restore, auto backup, cloud backup
4
  Requires at least: 4.5
5
- Tested up to: 5.7
6
  Requires PHP: 5.3
7
- Stable tag: 0.9.52
8
  License: GPLv3 or later
9
  License URI: https://www.gnu.org/licenses/gpl-3.0.en.html
10
 
@@ -187,6 +187,9 @@ Thank you for translating WPvivid Backup Plugin to your languages!
187
  * [Daniel Wilczkowiak](https://profiles.wordpress.org/virtual03/) (German)
188
 
189
  == Changelog ==
 
 
 
190
  = 0.9.52 =
191
  - Fixed a fatal error occurred during website transfer in some cases.
192
  - Fixed some bugs in the plugin code.
2
  Contributors: wpvivid
3
  Tags: move, clone, migrate, cleaner, backup, restore, auto backup, cloud backup
4
  Requires at least: 4.5
5
+ Tested up to: 5.7.1
6
  Requires PHP: 5.3
7
+ Stable tag: 0.9.53
8
  License: GPLv3 or later
9
  License URI: https://www.gnu.org/licenses/gpl-3.0.en.html
10
 
187
  * [Daniel Wilczkowiak](https://profiles.wordpress.org/virtual03/) (German)
188
 
189
  == Changelog ==
190
+ = 0.9.53 =
191
+ - Fixed a SQL injection vulnerability.
192
+ - Fixed some bugs in the plugin code and optimized the plugin code.
193
  = 0.9.52 =
194
  - Fixed a fatal error occurred during website transfer in some cases.
195
  - Fixed some bugs in the plugin code.
wpvivid-backuprestore.php CHANGED
@@ -7,7 +7,7 @@
7
  * @wordpress-plugin
8
  * Plugin Name: WPvivid Backup Plugin
9
  * Description: Clone or copy WP sites then move or migrate them to new host (new domain), schedule backups, transfer backups to leading remote storage. All in one.
10
- * Version: 0.9.52
11
  * Author: WPvivid Team
12
  * Author URI: https://wpvivid.com
13
  * License: GPL-3.0+
@@ -21,7 +21,7 @@ if ( ! defined( 'WPINC' ) ) {
21
  die;
22
  }
23
 
24
- define( 'WPVIVID_PLUGIN_VERSION', '0.9.52' );
25
  //
26
  define('WPVIVID_RESTORE_INIT','init');
27
  define('WPVIVID_RESTORE_READY','ready');
7
  * @wordpress-plugin
8
  * Plugin Name: WPvivid Backup Plugin
9
  * Description: Clone or copy WP sites then move or migrate them to new host (new domain), schedule backups, transfer backups to leading remote storage. All in one.
10
+ * Version: 0.9.53
11
  * Author: WPvivid Team
12
  * Author URI: https://wpvivid.com
13
  * License: GPL-3.0+
21
  die;
22
  }
23
 
24
+ define( 'WPVIVID_PLUGIN_VERSION', '0.9.53' );
25
  //
26
  define('WPVIVID_RESTORE_INIT','init');
27
  define('WPVIVID_RESTORE_READY','ready');