From 1dcb245e58deade8d9de7dfbfe9e680a5fb6b510 Mon Sep 17 00:00:00 2001 From: thanghv Date: Fri, 8 May 2020 16:44:48 +0700 Subject: [PATCH] Refactoring --- class/class-mainwp-backup.php | 77 +++++++++++++------ class/class-mainwp-child-back-up-buddy.php | 20 ++--- .../class-mainwp-child-back-up-wordpress.php | 8 +- class/class-mainwp-child-branding.php | 2 +- class/class-mainwp-child-ithemes-security.php | 6 +- class/class-mainwp-child-links-checker.php | 2 +- class/class-mainwp-child-pagespeed.php | 2 +- class/class-mainwp-child-skeleton-key.php | 2 +- class/class-mainwp-child-staging.php | 2 +- class/class-mainwp-child-themes-check.php | 4 +- class/class-mainwp-child-timecapsule.php | 38 ++++----- ...lass-mainwp-child-updraft-plus-backups.php | 18 ++--- .../class-mainwp-child-woocommerce-status.php | 30 ++++---- class/class-mainwp-child-wordfence.php | 18 ++--- class/class-mainwp-child-wp-rocket.php | 2 +- class/class-mainwp-child.php | 56 +++++++------- class/class-mainwp-client-report.php | 6 +- class/class-mainwp-clone-install.php | 10 ++- class/class-mainwp-clone.php | 2 +- class/class-mainwp-custom-post-type.php | 2 +- class/class-mainwp-helper.php | 14 ++-- class/class-mainwp-wordpress-seo.php | 4 +- class/class-tar-archiver.php | 23 +++++- includes/functions.php | 4 +- 24 files changed, 199 insertions(+), 153 deletions(-) diff --git a/class/class-mainwp-backup.php b/class/class-mainwp-backup.php index 92b084b..027eb10 100644 --- a/class/class-mainwp-backup.php +++ b/class/class-mainwp-backup.php @@ -306,20 +306,34 @@ class MainWP_Backup { } closedir( $fh ); // phpcs:enable - - $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - serialize( - array( - 'siteurl' => get_option( 'siteurl' ), - 'home' => get_option( 'home' ), - 'abspath' => ABSPATH, - 'prefix' => $wpdb->prefix, - 'lang' => defined( 'WPLANG' ) ? WPLANG : '', - 'plugins' => $plugins, - 'themes' => $themes, + + if ( defined( 'MAINWP_DEBUG' ) && MAINWP_DEBUG ) { + $string = wp_json_encode( + array( + 'siteurl' => get_option( 'siteurl' ), + 'home' => get_option( 'home' ), + 'abspath' => ABSPATH, + 'prefix' => $wpdb->prefix, + 'lang' => defined( 'WPLANG' ) ? WPLANG : '', + 'plugins' => $plugins, + 'themes' => $themes, + ) + ); + } else { + $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe. + serialize( // phpcs:ignore -- safe + array( + 'siteurl' => get_option( 'siteurl' ), + 'home' => get_option( 'home' ), + 'abspath' => ABSPATH, + 'prefix' => $wpdb->prefix, + 'lang' => defined( 'WPLANG' ) ? WPLANG : '', + 'plugins' => $plugins, + 'themes' => $themes, + ) ) - ) - ); + ); + } $this->add_file_from_string_to_zip( 'clone/config.txt', $string ); } @@ -432,18 +446,31 @@ class MainWP_Backup { $this->zip->create( $backupFolder, PCLZIP_OPT_REMOVE_PATH, $backupFolder ); if ( $addConfig ) { global $wpdb; - $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - serialize( - array( - 'siteurl' => get_option( 'siteurl' ), - 'home' => get_option( 'home' ), - 'abspath' => ABSPATH, - 'prefix' => $wpdb->prefix, - 'lang' => WPLANG, + + if ( defined( 'MAINWP_DEBUG' ) && MAINWP_DEBUG ) { + $string = wp_json_encode( + array( + 'siteurl' => get_option( 'siteurl' ), + 'home' => get_option( 'home' ), + 'abspath' => ABSPATH, + 'prefix' => $wpdb->prefix, + 'lang' => WPLANG, + ) + ); + } else { + $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe. + serialize( // phpcs:ignore -- safe + array( + 'siteurl' => get_option( 'siteurl' ), + 'home' => get_option( 'home' ), + 'abspath' => ABSPATH, + 'prefix' => $wpdb->prefix, + 'lang' => WPLANG, + ) ) - ) - ); - + ); + } + $this->add_file_from_string_to_pcl_zip( 'clone/config.txt', $string, $filepath ); } // Remove backup folder. @@ -613,7 +640,7 @@ class MainWP_Backup { global $wpdb; $db_files = array(); - $tables_db = $wpdb->get_results( 'SHOW TABLES FROM `' . DB_NAME . '`', ARRAY_N ); + $tables_db = $wpdb->get_results( 'SHOW TABLES FROM `' . DB_NAME . '`', ARRAY_N ); // phpcs:ignore -- safe query. foreach ( $tables_db as $curr_table ) { if ( null !== $archiver ) { $archiver->update_pid_file(); diff --git a/class/class-mainwp-child-back-up-buddy.php b/class/class-mainwp-child-back-up-buddy.php index b8d70b6..f4d6df2 100644 --- a/class/class-mainwp-child-back-up-buddy.php +++ b/class/class-mainwp-child-back-up-buddy.php @@ -484,7 +484,7 @@ class MainWP_Child_Back_Up_Buddy { 'backup_nonwp_tables', ); - $settings = unserialize( base64_decode( $_POST['options'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = unserialize( base64_decode( $_POST['options'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $save_settings = array(); @@ -530,7 +530,7 @@ class MainWP_Child_Back_Up_Buddy { global $wpdb; $option = 'pb_' . pb_backupbuddy::settings( 'slug' ); $newOptions = sanitize_option( $option, $newOptions ); - $newOptions = maybe_serialize( $newOptions ); + $newOptions = maybe_serialize( $newOptions ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- third party credit. add_site_option( $option, $newOptions, '', 'no' ); // 'No' prevents autoload if we wont always need the data loaded. $wpdb->update( $wpdb->options, array( 'option_value' => $newOptions ), array( 'option_name' => $option ) ); @@ -648,7 +648,7 @@ class MainWP_Child_Back_Up_Buddy { public function save_scheduled_backup() { $schedule_id = intval( $_POST['schedule_id'] ); - $schedule = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $schedule = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $schedule ) ) { return array( 'error' => __( 'Invalid schedule data', 'mainwp-child' ) ); @@ -681,7 +681,7 @@ class MainWP_Child_Back_Up_Buddy { public function save_profile() { $profile_id = $_POST['profile_id']; - $profile = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $profile = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $profile ) ) { return array( 'error' => __( 'Invalid profile data', 'mainwp-child' ) ); @@ -1180,7 +1180,7 @@ class MainWP_Child_Back_Up_Buddy { if ( is_array( $files ) && ! empty( $files ) ) { // For robustness. Without open_basedir the glob() function returns an empty array for no match. With open_basedir in effect the glob() function returns a boolean false for no match. - $backup_prefix = backupbuddy_core::backup_prefix(); // Backup prefix. To checking that this user can see this backup. + $backup_prefix = backupbuddy_core::backup_prefix(); // To checking that this user can see this backup. foreach ( $files as $file_id => $file ) { if ( ( true === $subsite_mode ) && is_multisite() ) { // If a Network and NOT the superadmin must make sure they can only see the specific subsite backups for security purposes. @@ -2172,7 +2172,7 @@ class MainWP_Child_Back_Up_Buddy { flush(); $scan = wp_remote_get( - 'http://sitecheck.sucuri.net/scanner/?scan=' . urlencode( $url ) . '&serialized&clear=true', + 'http://sitecheck.sucuri.net/scanner/?scan=' . rawurlencode( $url ) . '&serialized&clear=true', array( 'method' => 'GET', 'timeout' => 45, @@ -2745,14 +2745,14 @@ class MainWP_Child_Back_Up_Buddy { if ( 'live' == $destination['type'] ) { $backup_list_temp[ $last_modified ] = array( - array( base64_encode( $file['url'] ), '' . pb_backupbuddy::$format->date( pb_backupbuddy::$format->localize_time( $last_modified ) ) . ' (' . pb_backupbuddy::$format->time_ago( $last_modified ) . ' ago)
' . basename( $file['filename'] ) . '' ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + array( base64_encode( $file['url'] ), '' . pb_backupbuddy::$format->date( pb_backupbuddy::$format->localize_time( $last_modified ) ) . ' (' . pb_backupbuddy::$format->time_ago( $last_modified ) . ' ago)
' . basename( $file['filename'] ) . '' ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. pb_backupbuddy::$format->date( pb_backupbuddy::$format->localize_time( $last_modified ) ) . '
(' . pb_backupbuddy::$format->time_ago( $last_modified ) . ' ago)', pb_backupbuddy::$format->file_size( $size ), backupbuddy_core::pretty_backup_type( $backup_type ), ); } else { $backup_list_temp[ $last_modified ] = array( - array( base64_encode( $file['url'] ), '' . basename( $file['filename'] ) . '' ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + array( base64_encode( $file['url'] ), '' . basename( $file['filename'] ) . '' ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- to compatible http encoding. pb_backupbuddy::$format->date( pb_backupbuddy::$format->localize_time( $last_modified ) ) . '
(' . pb_backupbuddy::$format->time_ago( $last_modified ) . ' ago)', pb_backupbuddy::$format->file_size( $size ), backupbuddy_core::pretty_backup_type( $backup_type ), @@ -2772,7 +2772,7 @@ class MainWP_Child_Back_Up_Buddy { public function copy_file_to_local() { - $file = base64_decode( $_POST['cpy_file'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $file = base64_decode( $_POST['cpy_file'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $destination_id = $_POST['destination_id']; // Load required files. @@ -2809,7 +2809,7 @@ class MainWP_Child_Back_Up_Buddy { $deleteFiles = array(); foreach ( (array) $files as $file ) { - $file = base64_decode( $file ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $file = base64_decode( $file ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $startPos = pb_backupbuddy_destination_stash2::strrpos_count( $file, '/', 2 ) + 1; // next to last slash. $file = substr( $file, $startPos ); diff --git a/class/class-mainwp-child-back-up-wordpress.php b/class/class-mainwp-child-back-up-wordpress.php index d9f1c46..a0d286d 100644 --- a/class/class-mainwp-child-back-up-wordpress.php +++ b/class/class-mainwp-child-back-up-wordpress.php @@ -416,7 +416,7 @@ class MainWP_Child_Back_Up_WordPress { $schedule = new HM\BackUpWordPress\Scheduled_Backup( sanitize_text_field( rawurldecode( $schedule_id ) ) ); - $deleted = $schedule->delete_backup( base64_decode( rawurldecode( $_POST['hmbkp_backuparchive'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $deleted = $schedule->delete_backup( base64_decode( rawurldecode( $_POST['hmbkp_backuparchive'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( is_wp_error( $deleted ) ) { return array( 'error' => $deleted->get_error_message() ); @@ -490,7 +490,7 @@ class MainWP_Child_Back_Up_WordPress { } public function hmbkp_get_backup_row( $file, HM\BackUpWordPress\Scheduled_Backup $schedule ) { - $encoded_file = rawurlencode( base64_encode( $file ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $encoded_file = rawurlencode( base64_encode( $file ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $offset = get_option( 'gmt_offset' ) * 3600; ?> @@ -941,7 +941,7 @@ class MainWP_Child_Back_Up_WordPress { public function update_schedule() { $sch_id = isset( $_POST['schedule_id'] ) ? $_POST['schedule_id'] : 0; $sch_id = sanitize_text_field( rawurldecode( $sch_id ) ); - $options = isset( $_POST['options'] ) ? maybe_unserialize( base64_decode( $_POST['options'] ) ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $options = isset( $_POST['options'] ) ? maybe_unserialize( base64_decode( $_POST['options'] ) ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $options ) || empty( $options ) || empty( $sch_id ) ) { return array( 'error' => __( 'Schedule data', 'mainwp-child' ) ); @@ -992,7 +992,7 @@ class MainWP_Child_Back_Up_WordPress { } public function save_all_schedules() { - $schedules = isset( $_POST['all_schedules'] ) ? maybe_unserialize( base64_decode( $_POST['all_schedules'] ) ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $schedules = isset( $_POST['all_schedules'] ) ? maybe_unserialize( base64_decode( $_POST['all_schedules'] ) ) : false; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $schedules ) || empty( $schedules ) ) { return array( 'error' => __( 'Schedule data', 'mainwp-child' ) ); diff --git a/class/class-mainwp-child-branding.php b/class/class-mainwp-child-branding.php index 957d29d..6548e00 100644 --- a/class/class-mainwp-child-branding.php +++ b/class/class-mainwp-child-branding.php @@ -163,7 +163,7 @@ class MainWP_Child_Branding { public function update_branding() { $information = array(); - $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $settings ) ) { return $information; } diff --git a/class/class-mainwp-child-ithemes-security.php b/class/class-mainwp-child-ithemes-security.php index b149859..52a8542 100644 --- a/class/class-mainwp-child-ithemes-security.php +++ b/class/class-mainwp-child-ithemes-security.php @@ -205,7 +205,7 @@ class MainWP_Child_IThemes_Security { $errors = array(); $nbf_settings = array(); - $update_settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $update_settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. foreach ( $update_settings as $module => $settings ) { $do_not_save = false; @@ -350,7 +350,7 @@ class MainWP_Child_IThemes_Security { } public static function activate_network_brute_force() { - $data = maybe_unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $data = maybe_unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $information = array(); if ( is_array( $data ) ) { $settings = ITSEC_Modules::get_settings( 'network-brute-force' ); @@ -1129,7 +1129,7 @@ class MainWP_Child_IThemes_Security { $query = $wpdb->prepare( 'SHOW TABLES LIKE %s', "{$wpdb->base_prefix}%" ); } - $tables = $wpdb->get_results( $query, ARRAY_N ); + $tables = $wpdb->get_results( $query, ARRAY_N ); // phpcs:ignore -- safe query. $excludes = array(); foreach ( $tables as $table ) { diff --git a/class/class-mainwp-child-links-checker.php b/class/class-mainwp-child-links-checker.php index 9856de3..193a23a 100644 --- a/class/class-mainwp-child-links-checker.php +++ b/class/class-mainwp-child-links-checker.php @@ -437,7 +437,7 @@ class MainWP_Child_Links_Checker { $new_link->link_text = ''; $extra_info['count_instance'] = 0; } - $new_link->extra_info = base64_encode( serialize( $extra_info ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $new_link->extra_info = base64_encode( serialize( $extra_info ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $new_link->synced = 1; $return[] = $new_link; } diff --git a/class/class-mainwp-child-pagespeed.php b/class/class-mainwp-child-pagespeed.php index 4fb7d9f..1cab444 100644 --- a/class/class-mainwp-child-pagespeed.php +++ b/class/class-mainwp-child-pagespeed.php @@ -168,7 +168,7 @@ class MainWP_Child_Pagespeed { $information = array(); $settings = $_POST['settings']; - $settings = maybe_unserialize( base64_decode( $settings ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = maybe_unserialize( base64_decode( $settings ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( is_array( $settings ) ) { diff --git a/class/class-mainwp-child-skeleton-key.php b/class/class-mainwp-child-skeleton-key.php index 12b8c57..2e543f9 100644 --- a/class/class-mainwp-child-skeleton-key.php +++ b/class/class-mainwp-child-skeleton-key.php @@ -140,7 +140,7 @@ class MainWP_Child_Skeleton_Key { $received_content = wp_remote_retrieve_body( $response ); if ( preg_match( '/(.*)<\/mainwp>/', $received_content, $received_result ) > 0 ) { - $received_content_mainwp = json_decode( base64_decode( $received_result[1] ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $received_content_mainwp = json_decode( base64_decode( $received_result[1] ), true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( isset( $received_content_mainwp['error'] ) ) { return array( 'error' => $received_content_mainwp['error'] ); } diff --git a/class/class-mainwp-child-staging.php b/class/class-mainwp-child-staging.php index d5ef69b..ba7524d 100644 --- a/class/class-mainwp-child-staging.php +++ b/class/class-mainwp-child-staging.php @@ -196,7 +196,7 @@ class MainWP_Child_Staging { $options = $scan->getOptions(); $return = array( - 'options' => serialize( $options ), + 'options' => serialize( $options ), // phpcs:ignore -- to compatible http encoding. 'directoryListing' => $scan->directoryListing(), 'prefix' => WPStaging\WPStaging::getTablePrefix(), ); diff --git a/class/class-mainwp-child-themes-check.php b/class/class-mainwp-child-themes-check.php index ba7592e..301d793 100644 --- a/class/class-mainwp-child-themes-check.php +++ b/class/class-mainwp-child-themes-check.php @@ -165,7 +165,7 @@ class MainWP_Child_Themes_Check { } // Deserialize the response. - $obj = maybe_unserialize( $body ); + $obj = maybe_unserialize( $body ); // phpcs:ignore -- to compatible with third party. $now = new \DateTime(); @@ -227,7 +227,7 @@ class MainWP_Child_Themes_Check { $http_args = array( 'body' => array( 'action' => 'theme_information', - 'request' => serialize( $args ), + 'request' => serialize( $args ), // phpcs:ignore -- third party credit. ), ); diff --git a/class/class-mainwp-child-timecapsule.php b/class/class-mainwp-child-timecapsule.php index 7b9242c..853c818 100644 --- a/class/class-mainwp-child-timecapsule.php +++ b/class/class-mainwp-child-timecapsule.php @@ -341,13 +341,13 @@ class MainWP_Child_Timecapsule { $cron_status = $config->get_option( 'wptc_own_cron_status' ); if ( ! empty( $cron_status ) ) { - $return_array['wptc_own_cron_status'] = unserialize( $cron_status ); + $return_array['wptc_own_cron_status'] = unserialize( $cron_status ); // phpcs:ignore -- third party credit. $return_array['wptc_own_cron_status_notified'] = (int) $config->get_option( 'wptc_own_cron_status_notified' ); } $start_backups_failed_server = $config->get_option( 'start_backups_failed_server' ); if ( ! empty( $start_backups_failed_server ) ) { - $return_array['start_backups_failed_server'] = unserialize( $start_backups_failed_server ); + $return_array['start_backups_failed_server'] = unserialize( $start_backups_failed_server ); // phpcs:ignore -- third party credit. $config->set_option( 'start_backups_failed_server', false ); } @@ -380,7 +380,7 @@ class MainWP_Child_Timecapsule { $status = array(); $cron_status = $config->get_option( 'wptc_own_cron_status' ); if ( ! empty( $cron_status ) ) { - $cron_status = unserialize( $cron_status ); + $cron_status = unserialize( $cron_status ); // phpcs:ignore -- third party credit. if ( 'success' == $cron_status['status'] ) { $status['status'] = 'success'; @@ -441,7 +441,7 @@ class MainWP_Child_Timecapsule { public function get_logs_rows() { $result = $this->prepare_items(); - $result['display_rows'] = base64_encode( serialize( $this->get_display_rows( $result['items'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $result['display_rows'] = base64_encode( serialize( $this->get_display_rows( $result['items'] ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. return $result; } @@ -523,7 +523,7 @@ class MainWP_Child_Timecapsule { $current_limit = WPTC_Factory::get( 'config' )->get_option( 'activity_log_lazy_load_limit' ); $to_limit = $from_limit + $current_limit; - $sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT %d, %d", $action_id, $from_limit, $current_limit ) ); + $sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id = %s AND show_user = 1 ORDER BY id DESC LIMIT %d, %d", $action_id, $from_limit, $current_limit ) ); $row_count = count( $sub_records ); @@ -560,7 +560,7 @@ class MainWP_Child_Timecapsule { $more_logs = false; $load_more = false; if ( '' != $rec->action_id ) { - $sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id='%s' AND show_user = 1 ORDER BY id DESC LIMIT 0, %d", $rec->action_id, $limit ) ); + $sub_records = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->base_prefix . "wptc_activity_log WHERE action_id= %s AND show_user = 1 ORDER BY id DESC LIMIT 0, %d", $rec->action_id, $limit ) ); $row_count = count( $sub_records ); if ( $row_count == $limit ) { $load_more = true; @@ -578,7 +578,7 @@ class MainWP_Child_Timecapsule { } } $html .= ''; - $Ldata = unserialize( $rec->log_data ); + $Ldata = unserialize( $rec->log_data ); // phpcs:ignore -- third party credit. $user_time = WPTC_Factory::get( 'config' )->cnvt_UTC_to_usrTime( $Ldata['log_time'] ); WPTC_Factory::get( 'processed-files' )->modify_schedule_backup_time( $user_time ); $user_tz_now = date( 'M d, Y @ g:i:s a', $user_time ); // phpcs:ignore -- local time. @@ -628,7 +628,7 @@ class MainWP_Child_Timecapsule { $detailed = ''; $timezone = WPTC_Factory::get( 'config' )->get_option( 'wptc_timezone' ); foreach ( $sub_records as $srec ) { - $Moredata = unserialize( $srec->log_data ); + $Moredata = unserialize( $srec->log_data ); // phpcs:ignore -- third party credit. $user_tmz = new DateTime( '@' . $Moredata['log_time'], new DateTimeZone( date_default_timezone_get() ) ); $user_tmz->setTimeZone( new DateTimeZone( $timezone ) ); $user_tmz_now = $user_tmz->format( 'M d @ g:i:s a' ); @@ -791,8 +791,8 @@ class MainWP_Child_Timecapsule { $config = WPTC_Base_Factory::get( 'Wptc_InitialSetup_Config' ); $options = WPTC_Factory::get( 'config' ); - $config->set_option( 'wptc_main_acc_email_temp', base64_encode( $email ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - $config->set_option( 'wptc_main_acc_pwd_temp', base64_encode( md5( trim( wp_unslash( $pwd ) ) ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $config->set_option( 'wptc_main_acc_email_temp', base64_encode( $email ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + $config->set_option( 'wptc_main_acc_pwd_temp', base64_encode( md5( trim( wp_unslash( $pwd ) ) ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $config->set_option( 'wptc_token', false ); $options->request_service( @@ -941,7 +941,7 @@ class MainWP_Child_Timecapsule { ); } - $data = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $data = unserialize( base64_decode( $_POST['data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $tabName = $_POST['tabname']; $is_general = $_POST['is_general']; @@ -984,8 +984,8 @@ class MainWP_Child_Timecapsule { $config->set_option( 'backup_before_update_setting', $data['backup_before_update_setting'] ); $current = $config->get_option( 'wptc_auto_update_settings' ); - $current = unserialize( $current ); - $new = unserialize( $data['wptc_auto_update_settings'] ); + $current = unserialize( $current ); // phpcs:ignore -- third party credit. + $new = unserialize( $data['wptc_auto_update_settings'] ); // phpcs:ignore -- third party credit. $current['update_settings']['status'] = $new['update_settings']['status']; $current['update_settings']['schedule']['enabled'] = $new['update_settings']['schedule']['enabled']; @@ -1008,13 +1008,13 @@ class MainWP_Child_Timecapsule { $current['update_settings']['themes']['included'] = array(); } } - $config->set_option( 'wptc_auto_update_settings', serialize( $current ) ); + $config->set_option( 'wptc_auto_update_settings', serialize( $current ) ); // phpcs:ignore -- third party credit. $saved = true; } elseif ( 'vulns_update' == $tabName ) { $current = $config->get_option( 'vulns_settings' ); - $current = unserialize( $current ); - $new = unserialize( $data['vulns_settings'] ); + $current = unserialize( $current ); // phpcs:ignore -- third party credit. + $new = unserialize( $data['vulns_settings'] ); // phpcs:ignore -- third party credit. $current['status'] = $new['status']; $current['core']['status'] = $new['core']['status']; @@ -1037,7 +1037,7 @@ class MainWP_Child_Timecapsule { wptc_log( $included_plugins, '--------$included_plugins--------' ); - $current['plugins']['excluded'] = serialize( $included_plugins ); + $current['plugins']['excluded'] = serialize( $included_plugins ); // phpcs:ignore -- third party credit. $vulns_themes_included = ! empty( $new['themes']['vulns_themes_included'] ) ? $new['themes']['vulns_themes_included'] : array(); @@ -1048,9 +1048,9 @@ class MainWP_Child_Timecapsule { } $included_themes = $this->filter_themes( $themes_include_array ); - $current['themes']['excluded'] = serialize( $included_themes ); + $current['themes']['excluded'] = serialize( $included_themes ); // phpcs:ignore -- third party credit. } - $config->set_option( 'vulns_settings', serialize( $current ) ); + $config->set_option( 'vulns_settings', serialize( $current ) ); // phpcs:ignore -- third party credit. $saved = true; diff --git a/class/class-mainwp-child-updraft-plus-backups.php b/class/class-mainwp-child-updraft-plus-backups.php index 12fab95..3f5fee7 100644 --- a/class/class-mainwp-child-updraft-plus-backups.php +++ b/class/class-mainwp-child-updraft-plus-backups.php @@ -255,7 +255,7 @@ class MainWP_Child_Updraft_Plus_Backups { if ( is_wp_error( $connect ) ) { $response['e'] = $connect->get_error_message(); $response['code'] = $connect->get_error_code(); - $response['data'] = serialize( $connect->get_error_data() ); + $response['data'] = serialize( $connect->get_error_data() ); // phpcs:ignore -- third party credit. } } return $response; @@ -303,9 +303,9 @@ class MainWP_Child_Updraft_Plus_Backups { 'timeout' => 20, 'body' => array( 'e' => $email, - 'p' => base64_encode( $password ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + 'p' => base64_encode( $password ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. 'sid' => $updraftplus->siteid(), - 'su' => base64_encode( home_url() ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + 'su' => base64_encode( home_url() ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. ), ) ); @@ -390,7 +390,7 @@ class MainWP_Child_Updraft_Plus_Backups { $post_body = array( 'e' => (string) $vault_settings['email'], 'sid' => $updraftplus->siteid(), - 'su' => base64_encode( home_url() ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + 'su' => base64_encode( home_url() ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. ); if ( ! empty( $vault_settings['token'] ) ) { @@ -421,7 +421,7 @@ class MainWP_Child_Updraft_Plus_Backups { } public function save_settings() { - $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $keys_filter = $this->get_settings_keys(); @@ -675,7 +675,7 @@ class MainWP_Child_Updraft_Plus_Backups { } } - $addons_options = maybe_unserialize( base64_decode( $_POST['addons_options'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $addons_options = maybe_unserialize( base64_decode( $_POST['addons_options'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $addons_options ) ) { $addons_options = array(); } @@ -2538,7 +2538,7 @@ class MainWP_Child_Updraft_Plus_Backups { return false; } // Double-gzipped? - if ( 'H4sI' !== base64_encode( $bytes ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + if ( 'H4sI' !== base64_encode( $bytes ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( 0 === gzseek( $dbhandle, 0 ) ) { return $dbhandle; } else { @@ -3456,10 +3456,10 @@ ENDHERE; if ( isset( $_REQUEST['json_result'] ) && true == $_REQUEST['json_result'] ) : $output = json_encode( $txt ); else : - $output = serialize( $txt ); + $output = serialize( $txt ); // phpcs:ignore -- to compatible. endif; - $txt = '' . base64_encode( $output ) . ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $txt = '' . base64_encode( $output ) . ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. // Close browser connection so that it can resume AJAX polling. header( 'Content-Length: ' . ( ( ! empty( $txt ) ) ? strlen( $txt ) : '0' ) ); header( 'Connection: close' ); diff --git a/class/class-mainwp-child-woocommerce-status.php b/class/class-mainwp-child-woocommerce-status.php index 4e1532d..675f50f 100644 --- a/class/class-mainwp-child-woocommerce-status.php +++ b/class/class-mainwp-child-woocommerce-status.php @@ -72,7 +72,7 @@ class MainWP_Child_WooCommerce_Status { // Get sales. $sales = $wpdb->get_var( - $wpdb->prepare( // phpcs:ignore -- safe query. + $wpdb->prepare( "SELECT SUM( postmeta.meta_value ) FROM {$wpdb->posts} as posts LEFT JOIN {$wpdb->term_relationships} AS rel ON posts.ID=rel.object_ID LEFT JOIN {$wpdb->term_taxonomy} AS tax USING( term_taxonomy_id ) @@ -81,12 +81,12 @@ class MainWP_Child_WooCommerce_Status { WHERE posts.post_type = 'shop_order' AND posts.post_status = 'publish' AND tax.taxonomy = 'shop_order_status' - AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) - AND postmeta.meta_key = '_order_total' + AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) " . // phpcs:ignore -- safe query. + " AND postmeta.meta_key = '_order_total' AND posts.post_date >= %s AND posts.post_date <= %s", - date( 'Y-m-01' ), - date( 'Y-m-d H:i:s' ) + date( 'Y-m-01' ), // phpcs:ignore -- local time. + date( 'Y-m-d H:i:s' ) // phpcs:ignore -- local time. ) ); @@ -104,16 +104,16 @@ class MainWP_Child_WooCommerce_Status { WHERE posts.post_type = 'shop_order' AND posts.post_status = 'publish' AND tax.taxonomy = 'shop_order_status' - AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) - AND order_item_meta.meta_key = '_qty' + AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) " . // phpcs:ignore -- safe query. + " AND order_item_meta.meta_key = '_qty' AND order_item_meta_2.meta_key = '_product_id' AND posts.post_date >= %s AND posts.post_date <= %s GROUP BY product_id ORDER BY qty DESC LIMIT 1", - date( 'Y-m-01', $start_date ), - date( 'Y-m-d H:i:s', $end_date ) + date( 'Y-m-01' ), // phpcs:ignore -- local time. + date( 'Y-m-d H:i:s' ) // phpcs:ignore -- local time. ) ); @@ -179,8 +179,8 @@ class MainWP_Child_WooCommerce_Status { WHERE posts.post_type = 'shop_order' AND posts.post_status = 'publish' AND tax.taxonomy = 'shop_order_status' - AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) - AND postmeta.meta_key = '_order_total' + AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) " . // phpcs:ignore -- safe query. + " AND postmeta.meta_key = '_order_total' AND posts.post_date >= STR_TO_DATE(" . $wpdb->prepare( '%s', $start_date ) . ", '%Y-%m-%d %H:%i:%s') AND posts.post_date <= STR_TO_DATE(" . $wpdb->prepare( '%s', $end_date ) . ", '%Y-%m-%d %H:%i:%s')" ); @@ -198,8 +198,8 @@ class MainWP_Child_WooCommerce_Status { WHERE posts.post_type = 'shop_order' AND posts.post_status = 'publish' AND tax.taxonomy = 'shop_order_status' - AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) - AND order_item_meta.meta_key = '_qty' + AND term.slug IN ( '" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "' ) " . // phpcs:ignore -- safe query. + " AND order_item_meta.meta_key = '_qty' AND order_item_meta_2.meta_key = '_product_id' AND posts.post_date >= STR_TO_DATE(" . $wpdb->prepare( '%s', $start_date ) . ", '%Y-%m-%d %H:%i:%s' ) AND posts.post_date <= STR_TO_DATE(" . $wpdb->prepare( '%s', $end_date ) . ", '%Y-%m-%d %H:%i:%s' ) @@ -222,11 +222,11 @@ class MainWP_Child_WooCommerce_Status { $query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$stock}' AND CAST(postmeta.meta_value AS SIGNED) > '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) )"; - $lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); + $lowinstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); //phpcs:ignore -- safe query. $query_from = "FROM {$wpdb->posts} as posts INNER JOIN {$wpdb->postmeta} AS postmeta ON posts.ID = postmeta.post_id INNER JOIN {$wpdb->postmeta} AS postmeta2 ON posts.ID = postmeta2.post_id WHERE 1=1 AND posts.post_type IN ('product', 'product_variation') AND posts.post_status = 'publish' AND ( postmeta.meta_key = '_stock' AND CAST(postmeta.meta_value AS SIGNED) <= '{$nostock}' AND postmeta.meta_value != '' ) AND ( ( postmeta2.meta_key = '_manage_stock' AND postmeta2.meta_value = 'yes' ) OR ( posts.post_type = 'product_variation' ) )"; - $outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); + $outofstock_count = absint( $wpdb->get_var( "SELECT COUNT( DISTINCT posts.ID ) {$query_from};" ) ); //phpcs:ignore -- safe query. $data = array( 'sales' => $sales, diff --git a/class/class-mainwp-child-wordfence.php b/class/class-mainwp-child-wordfence.php index 81334b9..ee9d830 100644 --- a/class/class-mainwp-child-wordfence.php +++ b/class/class-mainwp-child-wordfence.php @@ -1082,7 +1082,7 @@ SQL public function simple_crypt( $key, $data, $action = 'encrypt' ) { $res = ''; if ( 'encrypt' == $action ) { - $string = base64_encode( serialize( $data ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $string = base64_encode( serialize( $data ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } else { $string = $data; } @@ -1099,7 +1099,7 @@ SQL } if ( 'encrypt' !== $action ) { - $res = unserialize( base64_decode( $res ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $res = unserialize( base64_decode( $res ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } return $res; } @@ -1108,7 +1108,7 @@ SQL if ( isset( $_POST['encrypted'] ) ) { $settings = $this->simple_crypt( 'thisisakey', $_POST['settings'], 'decrypt' ); // fix pass through sec rules of Dreamhost! } else { - $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } $section = isset( $_POST['savingSection'] ) ? $_POST['savingSection'] : ''; @@ -1371,7 +1371,7 @@ SQL if ( isset( $_POST['encrypted'] ) ) { $settings = $this->simple_crypt( 'thisisakey', $_POST['settings'], 'decrypt' ); // to fix pass through sec rules of Dreamhost! } else { - $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } if ( is_array( $settings ) && count( $settings ) > 0 ) { @@ -2263,7 +2263,7 @@ SQL public static function add_cache_exclusion() { $ex = wfConfig::get( 'cacheExclusions', false ); if ( $ex ) { - $ex = unserialize( $ex ); + $ex = unserialize( $ex ); // phpcs:ignore -- third party credit. } else { $ex = array(); } @@ -2276,7 +2276,7 @@ SQL 'id' => $_POST['id'], ); } - wfConfig::set( 'cacheExclusions', serialize( $ex ) ); + wfConfig::set( 'cacheExclusions', serialize( $ex ) ); // phpcs:ignore -- third party credit. wfCache::scheduleCacheClear(); if ( wfConfig::get( 'cacheType', false ) == 'falcon' && preg_match( '/^(?:uac|uaeq|cc)$/', $_POST['patternType'] ) ) { if ( wfCache::addHtaccessCode( 'add' ) ) { @@ -2297,7 +2297,7 @@ SQL if ( ! $ex ) { return array( 'ex' => false ); } - $ex = unserialize( $ex ); + $ex = unserialize( $ex ); // phpcs:ignore -- third party credit. return array( 'ok' => 1, 'ex' => $ex, @@ -2310,7 +2310,7 @@ SQL if ( ! $ex ) { return array( 'ok' => 1 ); } - $ex = unserialize( $ex ); + $ex = unserialize( $ex ); // phpcs:ignore -- third party credit. $rewriteHtaccess = false; $removed = false; $count_ex = count( $ex ); @@ -2330,7 +2330,7 @@ SQL return $return; } - wfConfig::set( 'cacheExclusions', serialize( $ex ) ); + wfConfig::set( 'cacheExclusions', serialize( $ex ) ); // phpcs:ignore -- third party credit. if ( $rewriteHtaccess && wfCache::addHtaccessCode( 'add' ) ) { $return['errorMsg'] = "We removed that rule but could not rewrite your .htaccess file. You're going to have to manually remove this rule from your .htaccess file. Please reload this page now."; return $return; diff --git a/class/class-mainwp-child-wp-rocket.php b/class/class-mainwp-child-wp-rocket.php index e3d965c..9f5346b 100644 --- a/class/class-mainwp-child-wp-rocket.php +++ b/class/class-mainwp-child-wp-rocket.php @@ -371,7 +371,7 @@ class MainWP_Child_WP_Rocket { } public function save_settings() { - $options = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $options = maybe_unserialize( base64_decode( $_POST['settings'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $options ) || empty( $options ) ) { return array( 'error' => 'INVALID_OPTIONS' ); } diff --git a/class/class-mainwp-child.php b/class/class-mainwp-child.php index a203a4e..be4e64f 100644 --- a/class/class-mainwp-child.php +++ b/class/class-mainwp-child.php @@ -1288,7 +1288,7 @@ class MainWP_Child { // to support open not wp-admin url. $open_location = isset( $_REQUEST['open_location'] ) ? $_REQUEST['open_location'] : ''; if ( ! empty( $open_location ) ) { - $open_location = base64_decode( $open_location ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $open_location = base64_decode( $open_location ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $_vars = MainWP_Helper::parse_query( $open_location ); $_path = wp_parse_url( $open_location, PHP_URL_PATH ); if ( isset( $_vars['_mwpNoneName'] ) && isset( $_vars['_mwpNoneValue'] ) ) { @@ -1484,7 +1484,7 @@ class MainWP_Child { $nossl_key = get_option( 'mainwp_child_nossl_key' ); $auth = hash_equals( md5( $func . $nonce . $nossl_key ), base64_decode( $signature ) ); // // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } else { - $auth = openssl_verify( $func . $nonce, base64_decode( $signature ), base64_decode( get_option( 'mainwp_child_pubkey' ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $auth = openssl_verify( $func . $nonce, base64_decode( $signature ), base64_decode( get_option( 'mainwp_child_pubkey' ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( 1 !== $auth ) { $auth = false; } @@ -1537,7 +1537,7 @@ class MainWP_Child { public function http_request_reject_unsafe_urls( $r, $url ) { $r['reject_unsafe_urls'] = false; if ( isset( $_POST['wpadmin_user'] ) && ! empty( $_POST['wpadmin_user'] ) && isset( $_POST['wpadmin_passwd'] ) && ! empty( $_POST['wpadmin_passwd'] ) ) { - $auth = base64_encode( $_POST['wpadmin_user'] . ':' . $_POST['wpadmin_passwd'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $auth = base64_encode( $_POST['wpadmin_user'] . ':' . $_POST['wpadmin_passwd'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $r['headers']['Authorization'] = "Basic $auth"; } return $r; @@ -2250,7 +2250,7 @@ class MainWP_Child { } } - MainWP_Helper::update_option( 'mainwp_child_pubkey', base64_encode( $_POST['pubkey'] ), 'yes' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + MainWP_Helper::update_option( 'mainwp_child_pubkey', base64_encode( $_POST['pubkey'] ), 'yes' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. MainWP_Helper::update_option( 'mainwp_child_server', $_POST['server'] ); // Save the public key. MainWP_Helper::update_option( 'mainwp_child_nonce', 0 ); // Save the nonce. @@ -2273,20 +2273,20 @@ class MainWP_Child { } public function new_post() { - $new_post = maybe_unserialize( base64_decode( $_POST['new_post'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - $post_custom = maybe_unserialize( base64_decode( $_POST['post_custom'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - $post_category = rawurldecode( isset( $_POST['post_category'] ) ? base64_decode( $_POST['post_category'] ) : null ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $new_post = maybe_unserialize( base64_decode( $_POST['new_post'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + $post_custom = maybe_unserialize( base64_decode( $_POST['post_custom'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + $post_category = rawurldecode( isset( $_POST['post_category'] ) ? base64_decode( $_POST['post_category'] ) : null ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $post_tags = rawurldecode( isset( $new_post['post_tags'] ) ? $new_post['post_tags'] : null ); - $post_featured_image = base64_decode( $_POST['post_featured_image'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - $upload_dir = maybe_unserialize( base64_decode( $_POST['mainwp_upload_dir'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $post_featured_image = base64_decode( $_POST['post_featured_image'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + $upload_dir = maybe_unserialize( base64_decode( $_POST['mainwp_upload_dir'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( isset( $_POST['_ezin_post_category'] ) ) { - $new_post['_ezin_post_category'] = maybe_unserialize( base64_decode( $_POST['_ezin_post_category'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $new_post['_ezin_post_category'] = maybe_unserialize( base64_decode( $_POST['_ezin_post_category'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } $others = array(); if ( isset( $_POST['featured_image_data'] ) && ! empty( $_POST['featured_image_data'] ) ) { - $others['featured_image_data'] = unserialize( base64_decode( $_POST['featured_image_data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $others['featured_image_data'] = unserialize( base64_decode( $_POST['featured_image_data'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } $res = MainWP_Helper::create_post( $new_post, $post_custom, $post_category, $post_featured_image, $upload_dir, $post_tags, $others ); @@ -2354,7 +2354,7 @@ class MainWP_Child { } elseif ( 'restore' === $action ) { wp_untrash_post( $postId ); } elseif ( 'update_meta' === $action ) { - $values = maybe_unserialize( base64_decode( $_POST['values'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $values = maybe_unserialize( base64_decode( $_POST['values'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $meta_key = $values['meta_key']; $meta_value = $values['meta_value']; $check_prev = $values['check_prev']; @@ -2459,12 +2459,12 @@ class MainWP_Child { wp_set_post_lock( $id ); $post_data = array( - 'new_post' => base64_encode( serialize( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_custom' => base64_encode( serialize( $post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_category' => base64_encode( $post_category ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_gallery_images' => base64_encode( serialize( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'child_upload_dir' => base64_encode( serialize( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + 'new_post' => base64_encode( serialize( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_custom' => base64_encode( serialize( $post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_category' => base64_encode( $post_category ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_gallery_images' => base64_encode( serialize( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'child_upload_dir' => base64_encode( serialize( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. ); return $post_data; @@ -2523,11 +2523,11 @@ class MainWP_Child { wp_set_post_lock( $id ); $post_data = array( - 'new_post' => base64_encode( serialize( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_custom' => base64_encode( serialize( $post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'post_gallery_images' => base64_encode( serialize( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - 'child_upload_dir' => base64_encode( serialize( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + 'new_post' => base64_encode( serialize( $new_post ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_custom' => base64_encode( serialize( $post_custom ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_featured_image' => base64_encode( $post_featured_image ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'post_gallery_images' => base64_encode( serialize( $post_gallery_images ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + 'child_upload_dir' => base64_encode( serialize( $child_upload_dir ) ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. ); return $post_data; } @@ -2845,7 +2845,7 @@ class MainWP_Child { public function new_admin_password() { - $new_password = maybe_unserialize( base64_decode( $_POST['new_password'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $new_password = maybe_unserialize( base64_decode( $_POST['new_password'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $user = get_user_by( 'login', $_POST['user'] ); require_once ABSPATH . WPINC . '/registration.php'; @@ -2868,7 +2868,7 @@ class MainWP_Child { } public function new_user() { - $new_user = maybe_unserialize( base64_decode( $_POST['new_user'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $new_user = maybe_unserialize( base64_decode( $_POST['new_user'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $send_password = $_POST['send_password']; if ( isset( $new_user['role'] ) ) { if ( ! get_role( $new_user['role'] ) ) { @@ -4097,7 +4097,7 @@ class MainWP_Child { public function insert_comment() { $postId = $_POST['id']; - $comments = maybe_unserialize( base64_decode( $_POST['comments'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $comments = maybe_unserialize( base64_decode( $_POST['comments'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $ids = array(); foreach ( $comments as $comment ) { $ids[] = wp_insert_comment( @@ -4223,7 +4223,7 @@ class MainWP_Child { $extra = array(); if ( isset( $_POST['extract_tokens'] ) ) { - $extra['tokens'] = maybe_unserialize( base64_decode( $_POST['extract_tokens'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $extra['tokens'] = maybe_unserialize( base64_decode( $_POST['extract_tokens'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $extra['extract_post_type'] = $_POST['extract_post_type']; } @@ -5216,7 +5216,7 @@ class MainWP_Child { public function uploader_action() { - $file_url = base64_decode( $_POST['url'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $file_url = base64_decode( $_POST['url'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $path = $_POST['path']; $filename = $_POST['filename']; $information = array(); diff --git a/class/class-mainwp-client-report.php b/class/class-mainwp-client-report.php index d0cd43c..efe2328 100644 --- a/class/class-mainwp-client-report.php +++ b/class/class-mainwp-client-report.php @@ -218,12 +218,12 @@ class MainWP_Client_Report { 'ip', ); - $sections = isset( $_POST['sections'] ) ? maybe_unserialize( base64_decode( $_POST['sections'] ) ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $sections = isset( $_POST['sections'] ) ? maybe_unserialize( base64_decode( $_POST['sections'] ) ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $sections ) ) { $sections = array(); } - $other_tokens = isset( $_POST['other_tokens'] ) ? maybe_unserialize( base64_decode( $_POST['other_tokens'] ) ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $other_tokens = isset( $_POST['other_tokens'] ) ? maybe_unserialize( base64_decode( $_POST['other_tokens'] ) ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( ! is_array( $other_tokens ) ) { $other_tokens = array(); } @@ -773,7 +773,7 @@ class MainWP_Client_Report { if ( 'sucuri_scan' === $context ) { $scan_data = $this->get_stream_meta_data( $record, 'scan_data' ); if ( ! empty( $scan_data ) ) { - $scan_data = maybe_unserialize( base64_decode( $scan_data ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $scan_data = maybe_unserialize( base64_decode( $scan_data ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( is_array( $scan_data ) ) { $blacklisted = $scan_data['blacklisted']; diff --git a/class/class-mainwp-clone-install.php b/class/class-mainwp-clone-install.php index ea0c623..e88b5ee 100644 --- a/class/class-mainwp-clone-install.php +++ b/class/class-mainwp-clone-install.php @@ -137,7 +137,11 @@ class MainWP_Clone_Install { if ( false === $configContents ) { throw new \Exception( __( 'Cant read configuration file from the backup.', 'mainwp-child' ) ); } - $this->config = maybe_unserialize( base64_decode( $configContents ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + if ( defined( 'MAINWP_DEBUG' ) && MAINWP_DEBUG ) { + $this->config = wp_json_decode( $configContents ); + } else { + $this->config = maybe_unserialize( base64_decode( $configContents ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe. + } if ( isset( $this->config['plugins'] ) ) { MainWP_Helper::update_option( 'mainwp_temp_clone_plugins', $this->config['plugins'] ); @@ -189,9 +193,9 @@ class MainWP_Clone_Install { $var = $wpdb->get_var( $wpdb->prepare( 'SELECT option_value FROM ' . $this->config['prefix'] . 'options WHERE option_name = %s', $name ) ); // phpcs:ignore -- safe query. if ( null === $var ) { - $wpdb->query( $wpdb->prepare( 'INSERT INTO ' . $this->config['prefix'] . 'options (`option_name`, `option_value`) VALUES (%s, %s)', $name, MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ) ) ); + $wpdb->query( $wpdb->prepare( 'INSERT INTO ' . $this->config['prefix'] . 'options (`option_name`, `option_value`) VALUES (%s, %s)', $name, MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ) ) ); // phpcs:ignore -- safe query. } else { - $wpdb->query( $wpdb->prepare( 'UPDATE ' . $this->config['prefix'] . 'options SET option_value = %s WHERE option_name = %s', MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ), $name ) ); + $wpdb->query( $wpdb->prepare( 'UPDATE ' . $this->config['prefix'] . 'options SET option_value = %s WHERE option_name = %s', MainWP_Child_DB::real_escape_string( maybe_serialize( $value ) ), $name ) ); // phpcs:ignore -- safe query. } } diff --git a/class/class-mainwp-clone.php b/class/class-mainwp-clone.php index a80dec5..ef111a9 100644 --- a/class/class-mainwp-clone.php +++ b/class/class-mainwp-clone.php @@ -1255,7 +1255,7 @@ class MainWP_Clone { $url = $siteToClone['url']; $key = $siteToClone['extauth']; - $url = trailingslashit( $url ) . '?cloneFunc=dl&key=' . urlencode( $key ) . '&f=' . $file; + $url = trailingslashit( $url ) . '?cloneFunc=dl&key=' . rawurlencode( $key ) . '&f=' . $file; } else { $url = $file; } diff --git a/class/class-mainwp-custom-post-type.php b/class/class-mainwp-custom-post-type.php index 26177e0..0e0bb3d 100755 --- a/class/class-mainwp-custom-post-type.php +++ b/class/class-mainwp-custom-post-type.php @@ -29,7 +29,7 @@ class MainWP_Custom_Post_Type { } else { $data = serialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions } - die( '' . base64_encode( $data ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + die( '' . base64_encode( $data ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } register_shutdown_function( 'mainwp_custom_post_type_handle_fatal_error' ); diff --git a/class/class-mainwp-helper.php b/class/class-mainwp-helper.php index dba58f3..a1779d5 100644 --- a/class/class-mainwp-helper.php +++ b/class/class-mainwp-helper.php @@ -20,7 +20,7 @@ class MainWP_Helper { $output = serialize( $val ); // phpcs:ignore -- to compatible. endif; - die( '' . base64_encode( $output ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + die( '' . base64_encode( $output ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- to compatible with http encoding. } public static function json_valid_check( $data ) { @@ -94,7 +94,7 @@ class MainWP_Helper { $output = serialize( $val ); // phpcs:ignore -- to compatible. endif; - $output = '' . base64_encode( $output ) . ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $output = '' . base64_encode( $output ) . ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. // Close browser connection so that it can resume AJAX polling. header( 'Content-Length: ' . strlen( $output ) ); header( 'Connection: close' ); @@ -319,7 +319,7 @@ class MainWP_Helper { if ( $full_guid ) { return $wpdb->get_results( $wpdb->prepare( "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid = %s", $filename ) ); } - return $wpdb->get_results( $wpdb->prepare( "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid LIKE '%/%s'", $filename ) ); + return $wpdb->get_results( $wpdb->prepare( "SELECT ID,guid FROM $wpdb->posts WHERE post_type = 'attachment' AND guid LIKE %s", '%/' . $wpdb->esc_like( $filename ) ) ); } public static function upload_file( $file_url, $path, $file_name ) { @@ -517,7 +517,7 @@ class MainWP_Helper { if ( preg_match_all( '/\[gallery[^\]]+ids=\"(.*?)\"[^\]]*\]/ix', $new_post['post_content'], $matches, PREG_SET_ORDER ) ) { $replaceAttachedIds = array(); if ( isset( $_POST['post_gallery_images'] ) ) { - $post_gallery_images = unserialize( base64_decode( $_POST['post_gallery_images'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $post_gallery_images = unserialize( base64_decode( $_POST['post_gallery_images'] ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. if ( is_array( $post_gallery_images ) ) { foreach ( $post_gallery_images as $gallery ) { if ( isset( $gallery['src'] ) ) { @@ -695,7 +695,7 @@ class MainWP_Helper { } } elseif ( '_sticky' === $meta_key ) { foreach ( $meta_values as $meta_value ) { - if ( 'sticky' === base64_decode( $meta_value ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + if ( 'sticky' === base64_decode( $meta_value ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. stick_post( $new_post_id ); } } @@ -786,7 +786,7 @@ class MainWP_Helper { if ( $is_post_plus ) { $random_privelege = isset( $post_custom['_saved_draft_random_privelege'] ) ? $post_custom['_saved_draft_random_privelege'] : null; $random_privelege = is_array( $random_privelege ) ? current( $random_privelege ) : null; - $random_privelege_base = base64_decode( $random_privelege ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $random_privelege_base = base64_decode( $random_privelege ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $random_privelege = maybe_unserialize( $random_privelege_base ); if ( is_array( $random_privelege ) && count( $random_privelege ) > 0 ) { @@ -1087,7 +1087,7 @@ class MainWP_Helper { throw new \Exception( 'Http Error: ' . $err ); } elseif ( preg_match( '/(.*)<\/mainwp>/', $data, $results ) > 0 ) { $result = $results[1]; - $result_base = base64_decode( $result ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $result_base = base64_decode( $result ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $information = json_decode( $result_base, true ); // it is json_encode result. diff --git a/class/class-mainwp-wordpress-seo.php b/class/class-mainwp-wordpress-seo.php index b4a754a..0ce0f26 100644 --- a/class/class-mainwp-wordpress-seo.php +++ b/class/class-mainwp-wordpress-seo.php @@ -53,7 +53,7 @@ class MainWP_WordPress_SEO { public function import_settings() { if ( isset( $_POST['file_url'] ) ) { - $file_url = base64_decode( $_POST['file_url'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $file_url = base64_decode( $_POST['file_url'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $temporary_file = ''; global $mainWPChild; try { @@ -79,7 +79,7 @@ class MainWP_WordPress_SEO { } } elseif ( isset( $_POST['settings'] ) ) { try { - $settings = base64_decode( $_POST['settings'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + $settings = base64_decode( $_POST['settings'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. $options = parse_ini_string( $settings, true, INI_SCANNER_RAW ); if ( is_array( $options ) && array() !== $options ) { diff --git a/class/class-tar-archiver.php b/class/class-tar-archiver.php index 5a089a5..f304d9e 100644 --- a/class/class-tar-archiver.php +++ b/class/class-tar-archiver.php @@ -237,8 +237,8 @@ class Tar_Archiver { } closedir( $fh ); - $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - serialize( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions + if ( defined( 'MAINWP_DEBUG' ) && MAINWP_DEBUG ) { + $string = wp_json_encode( array( 'siteurl' => get_option( 'siteurl' ), 'home' => get_option( 'home' ), @@ -247,9 +247,24 @@ class Tar_Archiver { 'lang' => get_bloginfo( 'language' ), 'plugins' => $plugins, 'themes' => $themes, + ) + ); + } else { + $string = base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. + serialize( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions + array( + 'siteurl' => get_option( 'siteurl' ), + 'home' => get_option( 'home' ), + 'abspath' => ABSPATH, + 'prefix' => $wpdb->prefix, + 'lang' => get_bloginfo( 'language' ), + 'plugins' => $plugins, + 'themes' => $themes, + ) ) - ) - ); + ); + } + $this->add_empty_directory( 'clone', 0, 0, 0, time() ); $this->add_file_from_string( 'clone/config.txt', $string ); diff --git a/includes/functions.php b/includes/functions.php index c9ff7f8..ef7254f 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -59,7 +59,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus ob_start(); debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature. $stackTrace = "\n" . ob_get_clean(); - die( '' . base64_encode( json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + die( '' . base64_encode( json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } // To fix verify nonce conflict #2. @@ -96,7 +96,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus $stackTrace = "\n" . ob_get_clean(); // Invalid nonce. - die( '' . base64_encode( json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + die( '' . base64_encode( json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons. } endif; }