/** * * Check is folder readable and exists create it if not * add .htaccess or index.html file in folder to prevent directory listing * * @param string $folder the folder to check * @param bool $donotbackup Create a file that the folder will not backuped * * @return string with error message if one */ public static function check_folder($folder, $donotbackup = FALSE) { $folder = BackWPup_File::get_absolute_path($folder); $folder = untrailingslashit($folder); //check that is not home of WP $uploads = BackWPup_File::get_upload_dir(); if ($folder === untrailingslashit(str_replace('\\', '/', ABSPATH)) || $folder === untrailingslashit(str_replace('\\', '/', dirname(ABSPATH))) || $folder === untrailingslashit(str_replace('\\', '/', WP_PLUGIN_DIR)) || $folder === untrailingslashit(str_replace('\\', '/', WP_CONTENT_DIR)) || $folder === untrailingslashit($uploads) || $folder === '/') { return sprintf(__('Folder %1$s not allowed, please use another folder.', 'backwpup'), $folder); } //open base dir check if (!BackWPup_File::is_in_open_basedir($folder)) { return sprintf(__('Folder %1$s is not in open basedir, please use another folder.', 'backwpup'), $folder); } //create folder if it not exists if (!is_dir($folder)) { if (!wp_mkdir_p($folder)) { return sprintf(__('Cannot create folder: %1$s', 'backwpup'), $folder); } } //check is writable dir if (!is_writable($folder)) { return sprintf(__('Folder "%1$s" is not writable', 'backwpup'), $folder); } //create files for securing folder if (get_site_option('backwpup_cfg_protectfolders')) { $server_software = strtolower($_SERVER['SERVER_SOFTWARE']); //IIS if (strstr($server_software, 'microsoft-iis')) { if (!file_exists($folder . '/web.config')) { file_put_contents($folder . '/web.config', "<configuration>" . PHP_EOL . "\t<system.webServer>" . PHP_EOL . "\t\t<authorization>" . PHP_EOL . "\t\t\t<deny users=" * " />" . PHP_EOL . "\t\t</authorization>" . PHP_EOL . "\t</system.webServer>" . PHP_EOL . "</configuration>"); } } elseif (strstr($server_software, 'nginx')) { if (!file_exists($folder . '/index.php')) { file_put_contents($folder . '/index.php', "<?php" . PHP_EOL . "header( \$_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found' );" . PHP_EOL . "header( 'Status: 404 Not Found' );" . PHP_EOL); } } else { if (!file_exists($folder . '/.htaccess')) { file_put_contents($folder . '/.htaccess', "<Files \"*\">" . PHP_EOL . "<IfModule mod_access.c>" . PHP_EOL . "Deny from all" . PHP_EOL . "</IfModule>" . PHP_EOL . "<IfModule !mod_access_compat>" . PHP_EOL . "<IfModule mod_authz_host.c>" . PHP_EOL . "Deny from all" . PHP_EOL . "</IfModule>" . PHP_EOL . "</IfModule>" . PHP_EOL . "<IfModule mod_access_compat>" . PHP_EOL . "Deny from all" . PHP_EOL . "</IfModule>" . PHP_EOL . "</Files>"); } if (!file_exists($folder . '/index.php')) { file_put_contents($folder . '/index.php', "<?php" . PHP_EOL . "header( \$_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found' );" . PHP_EOL . "header( 'Status: 404 Not Found' );" . PHP_EOL); } } } //Create do not backup file for this folder if ($donotbackup && !file_exists($folder . '/.donotbackup')) { file_put_contents($folder . '/.donotbackup', __('BackWPup will not backup folders and its sub folders when this file is inside.', 'backwpup')); } return ''; }
/** * @param $job_object * @return bool */ public function job_run(&$job_object) { $job_object->log(sprintf(__('%d. Trying to make a list of folders to back up …', 'backwpup'), $job_object->steps_data[$job_object->step_working]['STEP_TRY'])); $job_object->substeps_todo = 7; $job_object->temp['folders_to_backup'] = array(); //Folder lists for blog folders $abs_path = realpath(ABSPATH); if ($abs_path && !empty($job_object->job['backuproot']) && $job_object->substeps_done == 0) { $abs_path = trailingslashit(str_replace('\\', '/', $abs_path)); $excludes = $this->get_exclude_dirs($abs_path); foreach ($job_object->job['backuprootexcludedirs'] as $folder) { $excludes[] = trailingslashit($abs_path . $folder); } $this->get_folder_list($job_object, $abs_path, $excludes); } $job_object->substeps_done = 1; $job_object->update_working_data(); $wp_content_dir = realpath(WP_CONTENT_DIR); if ($wp_content_dir && !empty($job_object->job['backupcontent']) && $job_object->substeps_done == 1) { $wp_content_dir = trailingslashit(str_replace('\\', '/', $wp_content_dir)); $excludes = $this->get_exclude_dirs($wp_content_dir); foreach ($job_object->job['backupcontentexcludedirs'] as $folder) { $excludes[] = trailingslashit($wp_content_dir . $folder); } $this->get_folder_list($job_object, $wp_content_dir, $excludes); } $job_object->substeps_done = 2; $job_object->update_working_data(); $wp_plugin_dir = realpath(WP_PLUGIN_DIR); if ($wp_plugin_dir && !empty($job_object->job['backupplugins']) && $job_object->substeps_done == 2) { $wp_plugin_dir = trailingslashit(str_replace('\\', '/', $wp_plugin_dir)); $excludes = $this->get_exclude_dirs($wp_plugin_dir); foreach ($job_object->job['backuppluginsexcludedirs'] as $folder) { $excludes[] = trailingslashit($wp_plugin_dir . $folder); } $this->get_folder_list($job_object, $wp_plugin_dir, $excludes); } $job_object->substeps_done = 3; $job_object->update_working_data(); $theme_root = realpath(get_theme_root()); if ($theme_root && !empty($job_object->job['backupthemes']) && $job_object->substeps_done == 3) { $theme_root = trailingslashit(str_replace('\\', '/', $theme_root)); $excludes = $this->get_exclude_dirs($theme_root); foreach ($job_object->job['backupthemesexcludedirs'] as $folder) { $excludes[] = trailingslashit($theme_root . $folder); } $this->get_folder_list($job_object, $theme_root, $excludes); } $job_object->substeps_done = 4; $job_object->update_working_data(); $upload_dir = realpath(BackWPup_File::get_upload_dir()); if ($upload_dir && !empty($job_object->job['backupuploads']) && $job_object->substeps_done == 4) { $upload_dir = trailingslashit(str_replace('\\', '/', $upload_dir)); $excludes = $this->get_exclude_dirs($upload_dir); foreach ($job_object->job['backupuploadsexcludedirs'] as $folder) { $excludes[] = trailingslashit($upload_dir . $folder); } $this->get_folder_list($job_object, $upload_dir, $excludes); } $job_object->substeps_done = 5; $job_object->update_working_data(); //include dirs if ($job_object->job['dirinclude'] && $job_object->substeps_done == 5) { $dirinclude = explode(',', $job_object->job['dirinclude']); $dirinclude = array_unique($dirinclude); //Crate file list for includes foreach ($dirinclude as $dirincludevalue) { if (is_dir($dirincludevalue)) { $this->get_folder_list($job_object, $dirincludevalue); } } } $job_object->substeps_done = 6; $job_object->update_working_data(); //save folder list $this->folers_to_backup = array_unique($this->folers_to_backup); sort($this->folers_to_backup); $job_object->data_storage('folder', $this->folers_to_backup); $job_object->count_folder = count($this->folers_to_backup); $job_object->update_working_data(); //add extra files if selected if (!empty($job_object->job['backupspecialfiles'])) { if (is_readable(ABSPATH . 'wp-config.php') && empty($job_object->job['backuproot'])) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', ABSPATH . 'wp-config.php'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(ABSPATH . 'wp-config.php'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), 'wp-config.php')); } elseif (BackWPup_File::is_in_open_basedir(dirname(ABSPATH) . '/wp-config.php')) { if (is_readable(dirname(ABSPATH) . '/wp-config.php') && !is_readable(dirname(ABSPATH) . '/wp-settings.php')) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', dirname(ABSPATH) . '/wp-config.php'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(dirname(ABSPATH) . '/wp-config.php'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), 'wp-config.php')); } } if (is_readable(ABSPATH . '.htaccess') && empty($job_object->job['backuproot'])) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', ABSPATH . '.htaccess'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(ABSPATH . '.htaccess'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), '.htaccess')); } if (is_readable(ABSPATH . '.htpasswd') && empty($job_object->job['backuproot'])) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', ABSPATH . '.htpasswd'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(ABSPATH . '.htpasswd'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), '.htpasswd')); } if (is_readable(ABSPATH . 'robots.txt') && empty($job_object->job['backuproot'])) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', ABSPATH . 'robots.txt'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(ABSPATH . 'robots.txt'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), 'robots.txt')); } if (is_readable(ABSPATH . 'favicon.ico') && empty($job_object->job['backuproot'])) { $job_object->additional_files_to_backup[] = str_replace('\\', '/', ABSPATH . 'favicon.ico'); $job_object->count_files++; $job_object->count_filesize = $job_object->count_filesize + @filesize(ABSPATH . 'favicon.ico'); $job_object->log(sprintf(__('Added "%s" to backup file list', 'backwpup'), 'favicon.ico')); } } if ($job_object->count_folder == 0 && count($job_object->additional_files_to_backup) == 0) { $job_object->log(__('No files/folder for the backup.', 'backwpup'), E_USER_WARNING); } elseif ($job_object->count_folder > 1) { $job_object->log(sprintf(__('%1$d folders to backup.', 'backwpup'), $job_object->count_folder)); } $job_object->substeps_done = 7; return TRUE; }