function admin_init() { add_action('core_upgrade_preamble', array($this, 'core_upgrade_preamble')); add_action('admin_action_upgrade-plugin', array($this, 'admin_action_upgrade_pluginortheme')); add_action('admin_action_upgrade-theme', array($this, 'admin_action_upgrade_pluginortheme')); add_action('admin_head', array($this, 'admin_head')); add_filter((is_multisite() ? 'network_admin_' : '') . 'plugin_action_links', array($this, 'plugin_action_links'), 10, 2); add_action('wp_ajax_updraft_download_backup', array($this, 'updraft_download_backup')); add_action('wp_ajax_updraft_ajax', array($this, 'updraft_ajax_handler')); add_action('wp_ajax_plupload_action', array($this, 'plupload_action')); add_action('wp_ajax_plupload_action2', array($this, 'plupload_action2')); global $updraftplus, $wp_version, $pagenow; add_filter('updraftplus_dirlist_others', array($updraftplus, 'backup_others_dirlist')); add_filter('updraftplus_dirlist_uploads', array($updraftplus, 'backup_uploads_dirlist')); // First, the checks that are on all (admin) pages: $service = UpdraftPlus_Options::get_updraft_option('updraft_service'); if (UpdraftPlus_Options::user_can_manage() && ('googledrive' === $service || is_array($service) && in_array('googledrive', $service)) && UpdraftPlus_Options::get_updraft_option('updraft_googledrive_clientid', '') != '' && UpdraftPlus_Options::get_updraft_option('updraft_googledrive_token', '') == '') { add_action('all_admin_notices', array($this, 'show_admin_warning_googledrive')); } if (UpdraftPlus_Options::user_can_manage() && ('dropbox' === $service || is_array($service) && in_array('dropbox', $service)) && UpdraftPlus_Options::get_updraft_option('updraft_dropboxtk_request_token', '') == '') { add_action('all_admin_notices', array($this, 'show_admin_warning_dropbox')); } if (UpdraftPlus_Options::user_can_manage() && $this->disk_space_check(1024 * 1024 * 35) === false) { add_action('all_admin_notices', array($this, 'show_admin_warning_diskspace')); } // Next, the actions that only come on the UpdraftPlus page if ($pagenow != UpdraftPlus_Options::admin_page() || empty($_REQUEST['page']) || 'updraftplus' != $_REQUEST['page']) { return; } if (UpdraftPlus_Options::user_can_manage() && defined('DISABLE_WP_CRON') && DISABLE_WP_CRON == true) { add_action('all_admin_notices', array($this, 'show_admin_warning_disabledcron')); } if (UpdraftPlus_Options::get_updraft_option('updraft_debug_mode')) { @ini_set('display_errors', 1); @error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); add_action('all_admin_notices', array($this, 'show_admin_debug_warning')); } # Avoid false positives, by attempting to raise the limit (as happens when we actually do a backup) @set_time_limit(900); $max_execution_time = (int) @ini_get('max_execution_time'); if ($max_execution_time > 0 && $max_execution_time < 20) { add_action('all_admin_notices', array($this, 'show_admin_warning_execution_time')); } // LiteSpeed has a generic problem with terminating cron jobs if (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false) { if (!is_file(ABSPATH . '.htaccess') || !preg_match('/noabort/i', file_get_contents(ABSPATH . '.htaccess'))) { add_action('all_admin_notices', array($this, 'show_admin_warning_litespeed')); } } if (version_compare($wp_version, '3.2', '<')) { add_action('all_admin_notices', array($this, 'show_admin_warning_wordpressversion')); } wp_enqueue_script('updraftplus-admin-ui', UPDRAFTPLUS_URL . '/includes/updraft-admin-ui.js', array('jquery', 'jquery-ui-dialog', 'plupload-all'), '31'); wp_localize_script('updraftplus-admin-ui', 'updraftlion', array('sendonlyonwarnings' => __('Send a report only when there are warnings/errors', 'updraftplus'), 'wholebackup' => __('When the Email storage method is enabled, also send the entire backup', 'updraftplus'), 'emailsizelimits' => esc_attr(sprintf(__('Be aware that mail servers tend to have size limits; typically around %s Mb; backups larger than any limits will likely not arrive.', 'updraftplus'), '10-20')), 'rescanning' => __('Rescanning (looking for backups that you have uploaded manually into the internal backup store)...', 'updraftplus'), 'enteremailhere' => esc_attr(__('To send to more than one address, separate each address with a comma.', 'updraftplus')), 'excludedeverything' => __('If you exclude both the database and the files, then you have excluded everything!', 'updraftplus'), 'restoreproceeding' => __('The restore operation has begun. Do not press stop or close your browser until it reports itself as having finished.', 'updraftplus'), 'unexpectedresponse' => __('Unexpected response:', 'updraftplus'), 'servererrorcode' => __('The web server returned an error code (try again, or check your web server logs)', 'updraftplus'), 'newuserpass' => __("The new user's RackSpace console password is (this will not be shown again):", 'updraftplus'), 'trying' => __('Trying...', 'updraftplus'), 'calculating' => __('calculating...', 'updraftplus'), 'begunlooking' => __('Begun looking for this entity', 'updraftplus'), 'stilldownloading' => __('Some files are still downloading or being processed - please wait.', 'updraftplus'), 'processing' => __('Processing files - please wait...', 'updraftplus'), 'emptyresponse' => __('Error: the server sent an empty response.', 'updraftplus'), 'warnings' => __('Warnings:', 'updraftplus'), 'errors' => __('Errors:', 'updraftplus'), 'jsonnotunderstood' => __('Error: the server sent us a response (JSON) which we did not understand.', 'updraftplus'), 'error' => __('Error:', 'updraftplus'), 'fileready' => __('File ready.', 'updraftplus'), 'youshould' => __('You should:', 'updraftplus'), 'deletefromserver' => __('Delete from your web server', 'updraftplus'), 'downloadtocomputer' => __('Download to your computer', 'updraftplus'), 'andthen' => __('and then, if you wish,', 'updraftplus'), 'notunderstood' => __('Download error: the server sent us a response which we did not understand.', 'updraftplus'), 'requeststart' => __('Requesting start of backup...', 'updraftplus'), 'phpinfo' => __('PHP information', 'updraftplus'), 'delete_old_dirs' => __('Delete Old Directories', 'updraftplus'), 'raw' => __('Raw backup history', 'updraftplus'), 'notarchive' => __('This file does not appear to be an UpdraftPlus backup archive (such files are .zip or .gz files which have a name like: backup_(time)_(site name)_(code)_(type).(zip|gz)). However, UpdraftPlus archives are standard zip/SQL files - so if you are sure that your file has the right format, then you can rename it to match that pattern.', 'updraftplus'), 'makesure' => __('(make sure that you were trying to upload a zip file previously created by UpdraftPlus)', 'updraftplus'), 'uploaderror' => __('Upload error:', 'updraftplus'), 'notdba' => __('This file does not appear to be an UpdraftPlus encrypted database archive (such files are .gz.crypt files which have a name like: backup_(time)_(site name)_(code)_db.crypt.gz).', 'updraftplus'), 'uploaderr' => __('Upload error', 'updraftplus'), 'followlink' => __('Follow this link to attempt decryption and download the database file to your computer.', 'updraftplus'), 'thiskey' => __('This decryption key will be attempted:', 'updraftplus'), 'unknownresp' => __('Unknown server response:', 'updraftplus'), 'ukrespstatus' => __('Unknown server response status:', 'updraftplus'), 'uploaded' => __('The file was uploaded.', 'updraftplus'), 'backupnow' => __('Backup Now', 'updraftplus'), 'cancel' => __('Cancel', 'updraftplus'), 'deletebutton' => __('Delete', 'updraftplus'), 'createbutton' => __('Create', 'updraftplus'), 'close' => __('Close', 'updraftplus'), 'restore' => __('Restore', 'updraftplus'))); }
function admin_init() { add_action('admin_head', array($this, 'admin_head')); add_filter('plugin_action_links', array($this, 'plugin_action_links'), 10, 2); add_action('wp_ajax_updraft_download_backup', array($this, 'updraft_download_backup')); add_action('wp_ajax_updraft_ajax', array($this, 'updraft_ajax_handler')); add_action('wp_ajax_plupload_action', array($this, 'plupload_action')); add_action('wp_ajax_plupload_action2', array($this, 'plupload_action2')); global $updraftplus, $wp_version, $pagenow; add_filter('updraftplus_dirlist_others', array($updraftplus, 'backup_others_dirlist')); // First, the checks that are on all (admin) pages: if (UpdraftPlus_Options::user_can_manage() && UpdraftPlus_Options::get_updraft_option('updraft_service') == "googledrive" && UpdraftPlus_Options::get_updraft_option('updraft_googledrive_clientid', '') != '' && UpdraftPlus_Options::get_updraft_option('updraft_googledrive_token', '') == '') { add_action('admin_notices', array($this, 'show_admin_warning_googledrive')); } if (UpdraftPlus_Options::user_can_manage() && UpdraftPlus_Options::get_updraft_option('updraft_service') == "dropbox" && UpdraftPlus_Options::get_updraft_option('updraft_dropboxtk_request_token', '') == '') { add_action('admin_notices', array($this, 'show_admin_warning_dropbox')); } if (UpdraftPlus_Options::user_can_manage() && $this->disk_space_check(1024 * 1024 * 35) === false) { add_action('admin_notices', array($this, 'show_admin_warning_diskspace')); } // Next, the actions that only come on settings pages // if ($pagenow != 'options-general.php') return; // Next, the actions that only come on the UpdraftPlus page if ($pagenow != 'options-general.php' || !isset($_REQUEST['page']) || 'updraftplus' != $_REQUEST['page']) { return; } if (UpdraftPlus_Options::get_updraft_option('updraft_debug_mode')) { @ini_set('display_errors', 1); @error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); add_action('admin_notices', array($this, 'show_admin_debug_warning')); } // W3 Total Cache's object cache eats transients during cron jobs. Reported to them many times by multiple people. if (defined('W3TC') && W3TC == true) { if (function_exists('w3_instance')) { $modules = w3_instance('W3_ModuleStatus'); if ($modules->is_enabled('objectcache')) { add_action('admin_notices', array($this, 'show_admin_warning_w3_total_cache')); } } } // LiteSpeed has a generic problem with terminating cron jobs if (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false) { if (!is_file(ABSPATH . '.htaccess') || !preg_match('/noabort/i', file_get_contents(ABSPATH . '.htaccess'))) { add_action('admin_notices', array($this, 'show_admin_warning_litespeed')); } } if (version_compare($wp_version, '3.2', '<')) { add_action('admin_notices', array($this, 'show_admin_warning_wordpressversion')); } wp_enqueue_script('jquery'); wp_enqueue_script('jquery-ui-dialog'); wp_enqueue_script('plupload-all'); wp_register_script('updraftplus-plupload', UPDRAFTPLUS_URL . '/includes/ud-plupload.js', array('jquery')); wp_enqueue_script('updraftplus-plupload'); }
public function handle_url_actions() { // First, basic security check: must be an admin page, with ability to manage options, with the right parameters // Also, only on GET because WordPress on the options page repeats parameters sometimes when POST-ing via the _wp_referer field if (isset($_SERVER['REQUEST_METHOD']) && 'GET' == $_SERVER['REQUEST_METHOD'] && isset($_GET['action'])) { if (preg_match("/^updraftmethod-([a-z]+)-([a-z]+)\$/", $_GET['action'], $matches) && file_exists(UPDRAFTPLUS_DIR . '/methods/' . $matches[1] . '.php') && UpdraftPlus_Options::user_can_manage()) { $_GET['page'] = 'updraftplus'; $_REQUEST['page'] = 'updraftplus'; $method = $matches[1]; require_once UPDRAFTPLUS_DIR . '/methods/' . $method . '.php'; $call_class = "UpdraftPlus_BackupModule_" . $method; $call_method = "action_" . $matches[2]; $backup_obj = new $call_class(); add_action('http_request_args', array($this, 'modify_http_options')); try { if (method_exists($backup_obj, $call_method)) { call_user_func(array($backup_obj, $call_method)); } elseif (method_exists($backup_obj, 'action_handler')) { call_user_func(array($backup_obj, 'action_handler'), $matches[2]); } } catch (Exception $e) { $this->log(sprintf(__("%s error: %s", 'updraftplus'), $method, $e->getMessage() . ' (' . $e->getCode() . ')', 'error')); } remove_action('http_request_args', array($this, 'modify_http_options')); } elseif (isset($_GET['page']) && $_GET['page'] == 'updraftplus' && $_GET['action'] == 'downloadlog' && isset($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}\$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) { // No WordPress nonce is needed here or for the next, since the backup is already nonce-based $updraft_dir = $this->backups_dir_location(); $log_file = $updraft_dir . '/log.' . $_GET['updraftplus_backup_nonce'] . '.txt'; if (is_readable($log_file)) { header('Content-type: text/plain'); if (!empty($_GET['force_download'])) { header('Content-Disposition: attachment; filename="' . basename($log_file) . '"'); } readfile($log_file); exit; } else { add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablelog')); } } elseif (isset($_GET['page']) && $_GET['page'] == 'updraftplus' && $_GET['action'] == 'downloadfile' && isset($_GET['updraftplus_file']) && preg_match('/^backup_([\\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\\.(gz\\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) { $updraft_dir = $this->backups_dir_location(); $spool_file = $updraft_dir . '/' . basename($_GET['updraftplus_file']); if (is_readable($spool_file)) { $dkey = isset($_GET['decrypt_key']) ? $_GET['decrypt_key'] : ""; $this->spool_file('db', $spool_file, $dkey); exit; } else { add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablefile')); } } } }
public function updraft_ajax_savesettings() { global $updraftplus; if (empty($_POST) || empty($_POST['subaction']) || 'savesettings' != $_POST['subaction'] || !isset($_POST['nonce']) || !is_user_logged_in() || !UpdraftPlus_Options::user_can_manage() || !wp_verify_nonce($_POST['nonce'], 'updraftplus-settings-nonce')) { die('Security check'); } if (empty($_POST['settings']) || !is_string($_POST['settings'])) { die('Invalid data'); } parse_str($_POST['settings'], $posted_settings); // We now have $posted_settings as an array echo json_encode($this->save_settings($posted_settings)); die; }
public function plupload_action2() { @set_time_limit(900); global $updraftplus; if (!UpdraftPlus_Options::user_can_manage()) { exit; } check_ajax_referer('updraft-uploader'); $updraft_dir = $updraftplus->backups_dir_location(); if (!is_writable($updraft_dir)) { exit; } add_filter('upload_dir', array($this, 'upload_dir')); add_filter('sanitize_file_name', array($this, 'sanitize_file_name')); // handle file upload $farray = array('test_form' => true, 'action' => 'plupload_action2'); $farray['test_type'] = false; $farray['ext'] = 'crypt'; $farray['type'] = 'application/octet-stream'; if (isset($_POST['chunks'])) { // $farray['ext'] = 'zip'; // $farray['type'] = 'application/zip'; } else { $farray['unique_filename_callback'] = array($this, 'unique_filename_callback'); } $status = wp_handle_upload($_FILES['async-upload'], $farray); remove_filter('upload_dir', array($this, 'upload_dir')); remove_filter('sanitize_file_name', array($this, 'sanitize_file_name')); if (isset($status['error'])) { echo 'ERROR:' . $status['error']; exit; } // If this was the chunk, then we should instead be concatenating onto the final file if (isset($_POST['chunks']) && isset($_POST['chunk']) && preg_match('/^[0-9]+$/', $_POST['chunk'])) { $final_file = basename($_POST['name']); rename($status['file'], $updraft_dir . '/' . $final_file . '.' . $_POST['chunk'] . '.zip.tmp'); $status['file'] = $updraft_dir . '/' . $final_file . '.' . $_POST['chunk'] . '.zip.tmp'; // Final chunk? If so, then stich it all back together if ($_POST['chunk'] == $_POST['chunks'] - 1) { if ($wh = fopen($updraft_dir . '/' . $final_file, 'wb')) { for ($i = 0; $i < $_POST['chunks']; $i++) { $rf = $updraft_dir . '/' . $final_file . '.' . $i . '.zip.tmp'; if ($rh = fopen($rf, 'rb')) { while ($line = fread($rh, 32768)) { fwrite($wh, $line); } fclose($rh); @unlink($rf); } } fclose($wh); $status['file'] = $updraft_dir . '/' . $final_file; } } } if (!isset($_POST['chunks']) || isset($_POST['chunk']) && $_POST['chunk'] == $_POST['chunks'] - 1) { $file = basename($status['file']); if (!preg_match('/^backup_([\\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?\\.(gz\\.crypt)$/i', $file)) { @unlink($status['file']); echo 'ERROR:' . __('Bad filename format - this does not look like an encrypted database file created by UpdraftPlus', 'updraftplus'); exit; } } // send the uploaded file url in response // echo 'OK:'.$status['url']; echo 'OK:' . $file; exit; }
public function options_printpage() { if (!UpdraftPlus_Options::user_can_manage()) { wp_die(__('You do not have sufficient permissions to access this page.')); } $options = $this->options->get_option(UDADDONS2_SLUG . '_options'); $user_and_pass_at_top = empty($options['email']) ? true : false; $title = htmlspecialchars($this->title); $mother = $this->mother; echo <<<ENDHERE \t<div class="wrap"> \t\t ENDHERE; $enter_credentials_begin = UpdraftPlus_Options::options_form_begin('', false); if (is_multisite()) { $enter_credentials_begin .= '<input type="hidden" name="action" value="update">'; } $interested = htmlspecialchars(__('Interested in knowing about your UpdraftPlus.Com password security? Read about it here.', 'updraftplus')); $connect = htmlspecialchars(__('Connect', 'updraftplus')); $enter_credentials_end = <<<ENDHERE \t\t\t<p style="margin-left: 258px;"> \t\t\t\t<input id="ud_connectsubmit" type="submit" class="button-primary" value="{$connect}" /> \t\t\t</p> \t\t\t<p style="margin-left: 258px; font-size: 70%"><em><a href="http://updraftplus.com/faqs/tell-me-about-my-updraftplus-com-account/">{$interested}</a></em></p> \t\t</form> ENDHERE; global $updraftplus_addons2; // $this->connected = (!empty($options['email']) && !empty($options['password'])) ? $updraftplus_addons2->connection_status() : false; $this->connected = !empty($options['email']) ? $updraftplus_addons2->connection_status() : false; if (true !== $this->connected) { if (is_wp_error($this->connected)) { $connection_errors = array(); foreach ($this->connected->get_error_messages() as $key => $msg) { $connection_errors[] = $msg; } } else { if (!empty($options['email']) && !empty($options['password'])) { $connection_errors = array(__('An unknown error occurred when trying to connect to UpdraftPlus.Com', 'updraftplus')); } } $this->connected = false; } if ($this->connected) { echo '<p style="clear: both; float: left;">' . __('You are presently <strong>connected</strong> to an UpdraftPlus.Com account.', 'updraftplus'); echo ' <a href="#" onclick="jQuery(\'#ud_connectsubmit\').click();">' . __('If you bought new add-ons, then follow this link to refresh your connection', 'updraftplus') . '</a>.'; if (!empty($options['password'])) { echo ' ' . __("Note that after you have claimed your add-ons, you can remove your password (but not the email address) from the settings below, without affecting this site's access to updates.", 'updraftplus'); } } else { // $oval = is_object($this->plug_updatechecker) ? get_site_option($this->plug_updatechecker->optionName, null) : null; // // Detect the case where the password has been removed // if (is_object($oval) && !empty($oval->lastCheck) && time()-$oval->lastCheck < 86400*8) { // } else { echo "<p>" . __('You are presently <strong>not connected</strong> to an UpdraftPlus.Com account.', 'updraftplus'); // } } echo '</p>'; if (isset($connection_errors)) { echo '<div class="error"><p><strong>' . __('Errors occurred when trying to connect to UpdraftPlus.Com:', 'updraftplus') . '</strong></p><ul>'; foreach ($connection_errors as $err) { echo '<li style="list-style:disc inside;">' . $err . '</li>'; } echo '</ul></div>'; } global $updraftplus_addons2; $sid = $updraftplus_addons2->siteid(); $home_url = home_url(); // Enumerate possible unclaimed/re-claimable purchases, and what should be active on this site $unclaimed_available = array(); $assigned = array(); $have_all = false; if ($this->connected && isset($updraftplus_addons2->user_addons) && is_array($updraftplus_addons2->user_addons)) { foreach ($updraftplus_addons2->user_addons as $akey => $addon) { // Keys: site, sitedescription, key, status if (isset($addon['status']) && 'active' == $addon['status'] && isset($addon['site']) && ('unclaimed' == $addon['site'] || 'unlimited' == $addon['site'])) { $key = $addon['key']; $unclaimed_available[$key] = array('eid' => $akey, 'status' => 'available'); } elseif (isset($addon['status']) && 'active' == $addon['status'] && isset($addon['site']) && $addon['site'] == $sid) { $key = $addon['key']; $assigned[$key] = $akey; if ('all' == $key) { $have_all = true; } } elseif (isset($addon['sitedescription']) && ($home_url === $addon['sitedescription'] || 0 === strpos($addon['sitedescription'], $home_url . ' - '))) { # Is assigned to a site with the same URL as this one - allow a reclaim $key = $addon['key']; $unclaimed_available[$key] = array('eid' => $akey, 'status' => 'reclaimable'); } } } if (!$this->connected) { $this->show_credentials_form($enter_credentials_begin, $enter_credentials_end); } $email = isset($options['email']) ? $options['email'] : ''; $pass = isset($options['password']) ? base64_encode($options['password']) : ''; $sn = base64_encode(get_bloginfo('name')); $su = base64_encode($home_url); $ourpageslug = UDADDONS2_PAGESLUG; $mother = $this->mother; //$href = (is_multisite()) ? 'settings.php' : 'options-general.php'; $href = UpdraftPlus_Options::admin_page_url(); if (count($unclaimed_available) > 0) { $nonce = wp_create_nonce('udmanager-nonce'); $pleasewait = htmlspecialchars(__('Please wait whilst we make the claim...', 'updraftplus')); $notgranted = esc_js(__('Claim not granted - perhaps you have already used this purchase somewhere else?', 'updraftplus')); $notgrantedlogin = esc_js(__('Claim not granted - your account login details were wrong', 'updraftplus')); $ukresponse = esc_js(__('An unknown response was received. Response was:', 'updraftplus')); echo <<<ENDHERE \t\t<div id="udm_pleasewait" class="updated" style="border: 1px solid; padding: 10px; margin-top: 10px; margin-bottom: 10px; clear: both; float: left; display:none;"><strong>{$pleasewait}</strong></div> \t\t<script type="text/javascript"> \t\t\tfunction udm_claim(key) { \t\t\t\tvar data = { \t\t\t\t\t\taction: 'udaddons_claimaddon', \t\t\t\t\t\tnonce: '{$nonce}', \t\t\t\t\t\tkey: key \t\t\t\t}; \t\t\t\tjQuery('#udm_pleasewait').fadeIn(); \t\t\t\tjQuery.post(ajaxurl, data, function(response) { \t\t\t\t\tif ('ERR' == response) { \t\t\t\t\t\talert("{$notgranted}"); \t\t\t\t\t} else if (response == 'OK') { \t\t\t\t\t\twindow.location.href = '{$href}?page={$ourpageslug}&udm_refresh=1&udm_clearcred=1&tab=addons'; \t\t\t\t\t} else if (response == 'BADAUTH') { \t\t\t\t\t\talert("{$notgrantedlogin}"); \t\t\t\t\t} else { \t\t\t\t\t\talert("{$ukresponse} "+response); \t\t\t\t\t} \t\t\t\t\tjQuery('#udm_pleasewait').fadeOut(); \t\t\t\t}); \t\t\t} \t\t</script> ENDHERE; } $this->update_js = ''; echo '<h3 style="clear:left; margin-top: 10px;">' . __('UpdraftPlus Addons', 'updraftplus') . '</h3><div>'; $addons = $updraftplus_addons2->get_available_addons(); $this->plugin_update_url = 'update-core.php'; # Can we get a direct update URL? $updates_available = get_site_transient('update_plugins'); if (is_object($updates_available) && isset($updates_available->response) && isset($updraftplus_addons2->plug_updatechecker) && isset($updraftplus_addons2->plug_updatechecker->pluginFile) && isset($updates_available->response[$updraftplus_addons2->plug_updatechecker->pluginFile])) { $file = $updraftplus_addons2->plug_updatechecker->pluginFile; $this->plugin_update_url = wp_nonce_url(self_admin_url('update.php?action=upgrade-plugin&updraftplus_noautobackup=1&plugin=') . $file, 'upgrade-plugin_' . $file); $this->update_js = '<script>jQuery(document).ready(function() { jQuery(\'#updraftaddons_updatewarning\').html(\'' . __('An update containing your addons is available for UpdraftPlus - please follow this link to get it.', 'updraftplus') . '\') });</script>'; } $first = ''; $second = ''; $third = ''; if (is_array($addons)) { foreach ($addons as $key => $addon) { extract($addon); if (empty($addon['latestversion'])) { $latestversion = false; } if (empty($addon['installedversion'])) { $installedversion = false; } if (empty($addon['installed']) && $installedversion == false) { $installed = false; } $unclaimed = isset($unclaimed_available[$key]) ? $unclaimed_available[$key] : false; $is_assigned = isset($assigned[$key]) ? $assigned[$key] : false; $box = $this->addonbox($key, $name, $shopurl, $description, trim($installedversion), trim($latestversion), $installed, $unclaimed, $is_assigned, $have_all); if ($is_assigned) { $first .= $box; } elseif (!empty($unclaimed)) { $second .= $box; } else { $third .= $box; } } } else { echo "<em>" . __('An error occurred when trying to retrieve your add-ons.', 'updraftplus') . "</em>"; } echo $first . $second . $third; echo <<<ENDHERE \t\t</div> ENDHERE; echo $this->update_js; // TODO: Show their support package, if any - ? if (is_array($updraftplus_addons2->user_support)) { // Keys: } echo '<h3>' . __('UpdraftPlus Support', 'updraftplus') . '</h3> <ul> <li style="list-style:disc inside;">' . __('Need to get support?', 'updraftplus') . ' <a href="' . $mother . '/support/">' . __('Go here', 'updraftplus') . "</a>.</li>\n</ul>"; if ($this->connected) { echo "<hr>"; $this->show_credentials_form($enter_credentials_begin, $enter_credentials_end); } echo '</div>'; }
public function admin_menu() { global $pagenow; # Do we want to display a notice about the upcoming or past expiry of their UpdraftPlus subscription? if (!empty($this->plug_updatechecker) && !empty($this->plug_updatechecker->optionName) && current_user_can('update_plugins')) { #(!is_multisite() && 'options-general.php' == $pagenow) || (is_multisite() && 'settings.php' == $pagenow) || if ('plugins.php' == $pagenow || 'update-core.php' == $pagenow || ('options-general.php' == $pagenow || 'admin.php' == $pagenow) && !empty($_REQUEST['page']) && 'updraftplus' == $_REQUEST['page']) { $do_expiry_check = true; $dismiss = ''; } elseif (is_admin()) { $dismissed_until = UpdraftPlus_Options::get_updraft_option('updraftplus_dismissedexpiry', 0); if ($dismissed_until <= time()) { $do_expiry_check = true; $dismiss = '<div style="float:right; position: relative; top:-24px;" class="ud-expiry-dismiss"><a href="#" onclick="jQuery(\'.ud-expiry-dismiss\').parent().slideUp(); jQuery.post(ajaxurl, {action: \'updraft_ajax\', subaction: \'dismissexpiry\', nonce: \'' . wp_create_nonce('updraftplus-credentialtest-nonce') . '\' });">' . sprintf(__('Dismiss from main dashboard (for %s weeks)', 'updraftplus'), 2) . '</a></div>'; } } } $oval = is_object($this->plug_updatechecker) ? get_site_option($this->plug_updatechecker->optionName, null) : null; $updateskey = 'x-spm-expiry'; $supportkey = 'x-spm-support-expiry'; $yourversionkey = 'x-spm-yourversion-tested'; if (is_object($oval) && !empty($oval->update) && is_object($oval->update) && !empty($oval->update->{$yourversionkey}) && UpdraftPlus_Options::user_can_manage() && (!defined('UPDRAFTPLUS_DISABLECOMPATNOTICE') || true != UPDRAFTPLUS_DISABLECOMPATNOTICE)) { // Prevent false-positives if (file_exists(UPDRAFTPLUS_DIR . '/readme.txt') && ($fp = fopen(UPDRAFTPLUS_DIR . '/readme.txt', 'r'))) { $file_data = fread($fp, 1024); if (preg_match("/^Tested up to: (\\d+\\.\\d+).*(\r|\n)/", $file_data, $matches)) { $readme_says = $matches[1]; } fclose($fp); } global $wp_version; include ABSPATH . WPINC . '/version.php'; $compare_wp_version = preg_match('/^(\\d+\\.\\d+)\\..*$/', $wp_version, $wmatches) ? $wmatches[1] : $wp_version; $compare_tested_version = $oval->update->{$yourversionkey}; if (!empty($readme_says) && version_compare($readme_says, $compare_tested_version, '>')) { $compare_tested_version = $readme_says; } #$compare_tested_version = (preg_match('/^(\d+\.\d+)\.*$/', $oval->update->$yourversionkey, $wmatches)) ? $wmatches[1] : $oval->update->$yourversionkey; if (version_compare($compare_wp_version, $compare_tested_version, '>')) { $this->admin_notices['yourversiontested'] = '<strong>' . __('Warning', 'updraftplus') . ':</strong> ' . sprintf(__('The installed version of UpdraftPlus Backup/Restore has not been tested on your version of WordPress (%s).', 'updraftplus'), $wp_version) . ' ' . sprintf(__('It has been tested up to version %s.', 'updraftplus'), $compare_tested_version) . ' <a href="https://updraftplus.com/seeing-warning-versions-wordpress-updraftplus-tested/">' . __('You should update UpdraftPlus to make sure that you have a version that has been tested for compatibility.', 'updraftplus') . '</a>'; } } if (!empty($do_expiry_check) && is_object($oval) && !empty($oval->update) && is_object($oval->update) && !empty($oval->update->{$updateskey})) { if (preg_match('/(^|)expired_?(\\d+)?(,|$)/', $oval->update->{$updateskey}, $matches)) { if (empty($matches[2])) { $this->admin_notices['updatesexpired'] = __('Your paid access to UpdraftPlus updates for this site has expired. You will no longer receive updates to UpdraftPlus.', 'updraftplus') . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To regain access to updates (including future features and compatibility with future WordPress releases) and support, please renew.', 'updraftplus') . '</a>' . $dismiss; } else { $this->admin_notices['updatesexpired'] = sprintf(__('Your paid access to UpdraftPlus updates for %s add-ons on this site has expired.', 'updraftplus'), $matches[2]) . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To regain access to updates (including future features and compatibility with future WordPress releases) and support, please renew.', 'updraftplus') . '</a>' . $dismiss; } } if (preg_match('/(^|,)soonpartial_(\\d+)_(\\d+)($|,)/', $oval->update->{$updateskey}, $matches)) { $this->admin_notices['updatesexpiringsoon'] = sprintf(__('Your paid access to UpdraftPlus updates for %s of the %s add-ons on this site will soon expire.', 'updraftplus'), $matches[2], $matches[3]) . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To retain your access, and maintain access to updates (including future features and compatibility with future WordPress releases) and support, please renew.', 'updraftplus') . '</a>' . $dismiss; } elseif (preg_match('/(^|,)soon($|,)/', $oval->update->{$updateskey})) { $this->admin_notices['updatesexpiringsoon'] = __('Your paid access to UpdraftPlus updates for this site will soon expire.', 'updraftplus') . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To retain your access, and maintain access to updates (including future features and compatibility with future WordPress releases) and support, please renew.', 'updraftplus') . '</a>' . $dismiss; } } elseif (!empty($do_expiry_check) && is_object($oval) && !empty($oval->update) && is_object($oval->update) && !empty($oval->update->{$supportkey})) { if ('expired' == $oval->update->{$supportkey}) { $this->admin_notices['supportexpired'] = __('Your paid access to UpdraftPlus support has expired.', 'updraftplus') . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To regain your access, please renew.', 'updraftplus') . '</a>' . $dismiss; } elseif ('soon' == $oval->update->{$supportkey}) { $this->admin_notices['supportsoonexpiring'] = __('Your paid access to UpdraftPlus support will soon expire.', 'updraftplus') . ' <a href="https://updraftplus.com/renewing-updraftplus-purchase/">' . __('To maintain your access to support, please renew.', 'updraftplus') . '</a>' . $dismiss; } } add_action('all_admin_notices', array($this, 'admin_notices')); if (!function_exists('is_plugin_active')) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; } if (is_plugin_active('updraftplus-addons/updraftplus-addons.php')) { deactivate_plugins('updraftplus-addons/updraftplus-addons.php'); if (('options-general.php' == $pagenow || 'settings.php' == $pagenow) && !empty($_REQUEST['page']) && 'updraftplus-addons' == $_REQUEST['page']) { wp_redirect($this->addons_admin_url()); exit; } // Do nothing more this time to avoid duplication return; } elseif (is_dir(WP_PLUGIN_DIR . '/updraftplus-addons') && current_user_can('delete_plugins')) { # Exists, but not active - nag them if (!is_multisite() && 'options-general.php' == $pagenow || is_multisite() && 'settings.php' == $pagenow || 'plugins.php' == $pagenow) { add_action('all_admin_notices', array($this, 'deinstall_udaddons')); } } if (class_exists('UpdraftPlusAddons')) { return; } // Refresh, if specifically requested if ('options-general.php' == $pagenow || is_multisite() && 'settings.php' == $pagenow && isset($_GET['udm_refresh'])) { if ($this->plug_updatechecker) { $this->plug_updatechecker->checkForUpdates(); } } require_once UDADDONS2_DIR . '/options.php'; $this->options = new UpdraftPlusAddOns_Options2($this->slug, __('UpdraftPlus Addons', 'updraftplus'), $this->url); }
public function get_fragment($fragment) { if (false === ($updraftplus_admin = $this->_load_ud_admin()) || false === ($updraftplus = $this->_load_ud())) { return $this->_generic_error_response('no_updraftplus'); } if (!UpdraftPlus_Options::user_can_manage()) { return $this->_generic_error_response('updraftplus_permission_denied'); } if (is_array($fragment)) { $data = $fragment['data']; $fragment = $fragment['fragment']; } $error = false; switch ($fragment) { case 's3_new_api_user_form': ob_start(); do_action('updraft_s3_print_new_api_user_form', false); $output = ob_get_contents(); ob_end_clean(); break; case 'backupnow_modal_contents': $updraft_dir = $updraftplus->backups_dir_location(); if (!$updraftplus->really_is_writable($updraft_dir)) { $output = array('error' => true, 'html' => __("The 'Backup Now' button is disabled as your backup directory is not writable (go to the 'Settings' tab and find the relevant option).", 'updraftplus')); } else { $output = array('html' => $updraftplus_admin->backupnow_modal_contents()); } break; case 'panel_download_and_restore': $backup_history = UpdraftPlus_Options::get_updraft_option('updraft_backup_history'); if (empty($backup_history)) { $updraftplus->rebuild_backup_history(); $backup_history = UpdraftPlus_Options::get_updraft_option('updraft_backup_history'); } $backup_history = is_array($backup_history) ? $backup_history : array(); $output = $updraftplus_admin->settings_downloading_and_restoring($backup_history, true, $data); break; case 'disk_usage': $output = $updraftplus_admin->get_disk_space_used($data); break; default: // We just return a code - translation is done on the other side $output = 'ud_get_fragment_could_not_return'; $error = true; break; } if (empty($error)) { return $this->_response(array('output' => $output)); } else { return $this->_generic_error_response('get_fragment_error', $output); } }
public function updraft_ajax_importsettings() { global $updraftplus; if (empty($_POST) || empty($_POST['subaction']) || 'importsettings' != $_POST['subaction'] || !isset($_POST['nonce']) || !is_user_logged_in() || !UpdraftPlus_Options::user_can_manage() || !wp_verify_nonce($_POST['nonce'], 'updraftplus-settings-nonce')) { die('Security check'); } if (empty($_POST['settings']) || !is_string($_POST['settings'])) { die('Invalid data'); } $this->import_settings($_POST); }
public function handle_url_actions() { // First, basic security check: must be an admin page, with ability to manage options, with the right parameters // Also, only on GET because WordPress on the options page repeats parameters sometimes when POST-ing via the _wp_referer field if (isset($_SERVER['REQUEST_METHOD']) && 'GET' == $_SERVER['REQUEST_METHOD'] && isset($_GET['action'])) { if (preg_match("/^updraftmethod-([a-z]+)-([a-z]+)\$/", $_GET['action'], $matches) && file_exists(UPDRAFTPLUS_DIR . '/methods/' . $matches[1] . '.php') && UpdraftPlus_Options::user_can_manage()) { $_GET['page'] = 'updraftplus'; $_REQUEST['page'] = 'updraftplus'; $method = $matches[1]; require_once UPDRAFTPLUS_DIR . '/methods/' . $method . '.php'; $call_class = "UpdraftPlus_BackupModule_" . $method; $call_method = "action_" . $matches[2]; $backup_obj = new $call_class(); add_action('http_request_args', array($this, 'modify_http_options')); try { if (method_exists($backup_obj, $call_method)) { call_user_func(array($backup_obj, $call_method)); } elseif (method_exists($backup_obj, 'action_handler')) { call_user_func(array($backup_obj, 'action_handler'), $matches[2]); } } catch (Exception $e) { $this->log(sprintf(__("%s error: %s", 'updraftplus'), $method, $e->getMessage() . ' (' . $e->getCode() . ')', 'error')); } remove_action('http_request_args', array($this, 'modify_http_options')); } elseif (isset($_GET['page']) && $_GET['page'] == 'updraftplus' && $_GET['action'] == 'downloadlog' && isset($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}\$/", $_GET['updraftplus_backup_nonce']) && UpdraftPlus_Options::user_can_manage()) { // No WordPress nonce is needed here or for the next, since the backup is already nonce-based $updraft_dir = $this->backups_dir_location(); $log_file = $updraft_dir . '/log.' . $_GET['updraftplus_backup_nonce'] . '.txt'; if (is_readable($log_file)) { header('Content-type: text/plain'); if (!empty($_GET['force_download'])) { header('Content-Disposition: attachment; filename="' . basename($log_file) . '"'); } readfile($log_file); exit; } else { add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablelog')); } } elseif (isset($_GET['page']) && $_GET['page'] == 'updraftplus' && $_GET['action'] == 'downloadfile' && isset($_GET['updraftplus_file']) && preg_match('/^backup_([\\-0-9]{15})_.*_([0-9a-f]{12})-db([0-9]+)?+\\.(gz\\.crypt)$/i', $_GET['updraftplus_file']) && UpdraftPlus_Options::user_can_manage()) { // Though this (venerable) code uses the action 'downloadfile', in fact, it's not that general: it's just for downloading a decrypted copy of encrypted databases, and nothing else $updraft_dir = $this->backups_dir_location(); $file = $_GET['updraftplus_file']; $spool_file = $updraft_dir . '/' . basename($file); if (is_readable($spool_file)) { $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : ''; $this->spool_file($spool_file, $dkey); exit; } else { add_action('all_admin_notices', array($this, 'show_admin_warning_unreadablefile')); } } elseif ($_GET['action'] == 'updraftplus_spool_file' && !empty($_GET['what']) && !empty($_GET['backup_timestamp']) && is_numeric($_GET['backup_timestamp']) && UpdraftPlus_Options::user_can_manage()) { // At some point, it may be worth merging this with the previous section $updraft_dir = $this->backups_dir_location(); $findex = isset($_GET['findex']) ? (int) $_GET['findex'] : 0; $backup_timestamp = $_GET['backup_timestamp']; $what = $_GET['what']; $backup_history = UpdraftPlus_Options::get_updraft_option('updraft_backup_history'); $filename = null; if (isset($backup_history[$backup_timestamp])) { if ('db' != substr($what, 0, 2)) { $backupable_entities = $this->get_backupable_file_entities(); if (!isset($backupable_entities[$what])) { $filename = false; } } if (false !== $filename && isset($backup_history[$backup_timestamp][$what])) { if (is_string($backup_history[$backup_timestamp][$what]) && 0 == $findex) { $filename = $backup_history[$backup_timestamp][$what]; } elseif (isset($backup_history[$backup_timestamp][$what][$findex])) { $filename = $backup_history[$backup_timestamp][$what][$findex]; } } } if (empty($filename) || !is_readable($updraft_dir . '/' . basename($filename))) { echo json_encode(array('result' => __('UpdraftPlus notice:', 'updraftplus') . ' ' . __('The given file was not found, or could not be read.', 'updraftplus'))); exit; } $dkey = isset($_GET['decrypt_key']) ? stripslashes($_GET['decrypt_key']) : ""; $this->spool_file($updraft_dir . '/' . basename($filename), $dkey); exit; } } }
function handle_url_actions() { // First, basic security check: must be an admin page, with ability to manage options, with the right parameters // Also, only on GET because WordPress on the options page repeats parameters sometimes when POST-ing via the _wp_referer field if (isset($_SERVER['REQUEST_METHOD']) && 'GET' == $_SERVER['REQUEST_METHOD'] && UpdraftPlus_Options::user_can_manage() && isset($_GET['page']) && $_GET['page'] == 'updraftplus' && isset($_GET['action'])) { if (preg_match("/^updraftmethod-([a-z]+)-([a-z]+)\$/", $_GET['action'], $matches) && file_exists(UPDRAFTPLUS_DIR . '/methods/' . $matches[1] . '.php')) { $method = $matches[1]; require_once UPDRAFTPLUS_DIR . '/methods/' . $method . '.php'; $call_class = "UpdraftPlus_BackupModule_" . $method; $call_method = "action_" . $matches[2]; add_action('http_api_curl', array($this, 'add_curl_capath')); if (method_exists($call_class, $call_method)) { call_user_func(array($call_class, $call_method)); } remove_action('http_api_curl', array($this, 'add_curl_capath')); } elseif ($_GET['action'] == 'downloadlog' && isset($_GET['updraftplus_backup_nonce']) && preg_match("/^[0-9a-f]{12}\$/", $_GET['updraftplus_backup_nonce'])) { // No WordPress nonce is needed here or for the next, since the backup is already nonce-based $updraft_dir = $this->backups_dir_location(); $log_file = $updraft_dir . '/log.' . $_GET['updraftplus_backup_nonce'] . '.txt'; if (is_readable($log_file)) { header('Content-type: text/plain'); readfile($log_file); exit; } else { add_action('admin_notices', array($this, 'show_admin_warning_unreadablelog')); } } elseif ($_GET['action'] == 'downloadfile' && isset($_GET['updraftplus_file']) && preg_match('/^backup_([\\-0-9]{15})_.*_([0-9a-f]{12})-[\\-a-z]+\\.(gz\\.crypt)$/i', $_GET['updraftplus_file'])) { $updraft_dir = $this->backups_dir_location(); $spool_file = $updraft_dir . '/' . basename($_GET['updraftplus_file']); if (is_readable($spool_file)) { $dkey = isset($_GET['decrypt_key']) ? $_GET['decrypt_key'] : ""; $this->spool_file('db', $spool_file, $dkey); exit; } else { add_action('admin_notices', array($this, 'show_admin_warning_unreadablefile')); } } } }
public function update_wpmu_options($value) { if (!UpdraftPlus_Options::user_can_manage()) { return; } $options = $this->addons2_get_option(UDADDONS2_SLUG . '_options'); if (!is_array($options)) { $options = array(); } $options['email'] = isset($value['email']) ? $value['email'] : ''; $options['password'] = isset($value['password']) ? $value['password'] : ''; $options = $this->options_validate($options); $this->addons2_update_option(UDADDONS2_SLUG . '_options', $options); return true; }