diff --git a/class/class-mainwp-child-back-up-buddy.php b/class/class-mainwp-child-back-up-buddy.php
index 48eedea..1cd52af 100644
--- a/class/class-mainwp-child-back-up-buddy.php
+++ b/class/class-mainwp-child-back-up-buddy.php
@@ -2882,7 +2882,7 @@ class MainWP_Child_Back_Up_Buddy {
}
}
- return array( 'result' => json_encode( $stats ) );
+ return array( 'result' => wp_json_encode( $stats ) );
}
public function save_license_settings() {
diff --git a/class/class-mainwp-child-back-wp-up.php b/class/class-mainwp-child-back-wp-up.php
index 6f8f858..9bf9f08 100644
--- a/class/class-mainwp-child-back-wp-up.php
+++ b/class/class-mainwp-child-back-wp-up.php
@@ -1581,6 +1581,7 @@ class MainWP_Child_Back_WP_Up {
}
}
+// phpcs:disable Generic.Files.OneObjectStructurePerFile -- fake class
if ( ! class_exists( 'MainWP_Fake_Wp_Screen' ) ) {
class MainWP_Fake_Wp_Screen {
public $action;
diff --git a/class/class-mainwp-child-server-information.php b/class/class-mainwp-child-server-information.php
index 41a7e9e..5c43e34 100644
--- a/class/class-mainwp-child-server-information.php
+++ b/class/class-mainwp-child-server-information.php
@@ -1448,7 +1448,8 @@ class MainWP_Child_Server_Information {
// we will always have a fragment of a non-complete line.
// keep this in here till we have our next entire line.
$leftover = '';
-
+
+ // phpcs:disable WordPress.WP.AlternativeFunctions -- to custom read file.
$fh = fopen( $path, 'r' );
// go to the end of the file.
fseek( $fh, 0, SEEK_END );
@@ -1486,7 +1487,9 @@ class MainWP_Child_Server_Information {
}
fclose( $fh );
-
+
+ // phpcs:enable
+
// Usually, we will read too many lines, correct that here.
return array_slice( $lines, 0, $line_count );
}
diff --git a/class/class-mainwp-child-updraft-plus-backups.php b/class/class-mainwp-child-updraft-plus-backups.php
index 90e3cfb..01a69c4 100644
--- a/class/class-mainwp-child-updraft-plus-backups.php
+++ b/class/class-mainwp-child-updraft-plus-backups.php
@@ -2468,7 +2468,7 @@ class MainWP_Child_Updraft_Plus_Backups {
'db_unsupported_collate_unique' => $db_unsupported_collate_unique,
'db_collates_found' => $db_collates_found,
);
- $info['addui'] .= '';
+ $info['addui'] .= '';
}
}
}
@@ -3454,7 +3454,7 @@ ENDHERE;
private function close_browser_connection( $txt = '' ) {
if ( isset( $_REQUEST['json_result'] ) && true == $_REQUEST['json_result'] ) :
- $output = json_encode( $txt );
+ $output = wp_json_encode( $txt );
else :
$output = serialize( $txt ); // phpcs:ignore -- to compatible.
endif;
diff --git a/class/class-mainwp-child-vulnerability-checker.php b/class/class-mainwp-child-vulnerability-checker.php
index b57a124..2dd1ffa 100644
--- a/class/class-mainwp-child-vulnerability-checker.php
+++ b/class/class-mainwp-child-vulnerability-checker.php
@@ -104,7 +104,7 @@ class MainWP_Child_Vulnerability_Checker {
if ( 0 == count( $plug_vuln_filter ) ) {
continue;
}
- $plug_vuln = json_encode( $plug_vuln_filter );
+ $plug_vuln = wp_json_encode( $plug_vuln_filter );
} else {
continue;
}
@@ -172,7 +172,7 @@ class MainWP_Child_Vulnerability_Checker {
if ( 0 == count( $th_vuln_filter ) ) {
continue;
}
- $th_vuln = json_encode( $th_vuln_filter );
+ $th_vuln = wp_json_encode( $th_vuln_filter );
} else {
continue;
}
@@ -188,6 +188,8 @@ class MainWP_Child_Vulnerability_Checker {
public function vulnche_get_content( $url ) {
+
+ // phpcs:disable WordPress.WP.AlternativeFunctions -- to custom.
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
@@ -199,7 +201,8 @@ class MainWP_Child_Vulnerability_Checker {
$info = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );
-
+ // phpcs:enable
+
if ( false === $output || 200 != $info ) {
$output = null;
}
diff --git a/class/class-mainwp-child-wordfence.php b/class/class-mainwp-child-wordfence.php
index 1e4f8cb..0e4ae91 100644
--- a/class/class-mainwp-child-wordfence.php
+++ b/class/class-mainwp-child-wordfence.php
@@ -840,7 +840,6 @@ class MainWP_Child_Wordfence {
<<= {$interval}
SQL
- // phpcs:enable
);
}
@@ -1541,7 +1540,7 @@ SQL
// Make the API call.
try {
$api = new wfAPI( wfConfig::get( 'apiKey' ), wfUtils::getWPVersion() );
- $res = $api->call( 'export_options', array(), array( 'export' => json_encode( $export ) ) );
+ $res = $api->call( 'export_options', array(), array( 'export' => wp_json_encode( $export ) ) );
if ( $res['ok'] && $res['token'] ) {
return array(
'ok' => 1,
diff --git a/class/class-mainwp-child.php b/class/class-mainwp-child.php
index 0561cc7..3826990 100644
--- a/class/class-mainwp-child.php
+++ b/class/class-mainwp-child.php
@@ -1,7 +1,5 @@
check_security( $action, $query_arg ) ) {
- die( json_encode( array( 'error' => __( 'Invalid request!', 'mainwp-child' ) ) ) );
+ die( wp_json_encode( array( 'error' => __( 'Invalid request!', 'mainwp-child' ) ) ) );
}
if ( isset( $_POST['dts'] ) ) {
@@ -66,7 +66,7 @@ class MainWP_Clone {
// If already processed, just quit!
if ( isset( $ajaxPosts[ $action ] ) && ( $ajaxPosts[ $action ] == $_POST['dts'] ) ) {
- die( json_encode( array( 'error' => __( 'Double request!', 'mainwp-child' ) ) ) );
+ die( wp_json_encode( array( 'error' => __( 'Double request!', 'mainwp-child' ) ) ) );
}
$ajaxPosts[ $action ] = $_POST['dts'];
@@ -1188,7 +1188,7 @@ class MainWP_Clone {
$output = array( 'error' => $e->getMessage() );
}
- die( json_encode( $output ) );
+ die( wp_json_encode( $output ) );
}
public function clone_backup_create_poll() {
@@ -1231,7 +1231,7 @@ class MainWP_Clone {
} catch ( \Exception $e ) {
$output = array( 'error' => $e->getMessage() );
}
- die( json_encode( $output ) );
+ die( wp_json_encode( $output ) );
}
public function clone_backup_download() {
@@ -1328,7 +1328,7 @@ class MainWP_Clone {
$output = array( 'error' => $e->getMessage() );
}
- die( json_encode( $output ) );
+ die( wp_json_encode( $output ) );
}
public function clone_backup_download_poll() {
@@ -1355,7 +1355,7 @@ class MainWP_Clone {
} catch ( \Exception $e ) {
$output = array( 'error' => $e->getMessage() );
}
- die( json_encode( $output ) );
+ die( wp_json_encode( $output ) );
}
public function clone_backup_extract() {
@@ -1484,7 +1484,7 @@ class MainWP_Clone {
} catch ( \Exception $e ) {
$output = array( 'error' => $e->getMessage() );
}
- die( json_encode( $output ) );
+ die( wp_json_encode( $output ) );
}
public static function permalink_changed( $action ) {
diff --git a/class/class-mainwp-custom-post-type.php b/class/class-mainwp-custom-post-type.php
index 0e0bb3d..3693516 100755
--- a/class/class-mainwp-custom-post-type.php
+++ b/class/class-mainwp-custom-post-type.php
@@ -25,7 +25,7 @@ class MainWP_Custom_Post_Type {
}
if ( isset( $_REQUEST['json_result'] ) && $_REQUEST['json_result'] ) {
- $data = json_encode( $data );
+ $data = wp_json_encode( $data );
} else {
$data = serialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions
}
diff --git a/class/class-mainwp-helper.php b/class/class-mainwp-helper.php
index 05f6efb..090e00c 100644
--- a/class/class-mainwp-helper.php
+++ b/class/class-mainwp-helper.php
@@ -623,7 +623,8 @@ class MainWP_Helper {
}
$postdata['json_result'] = true; // forced all response in json format.
-
+
+ // phpcs:disable WordPress.WP.AlternativeFunctions -- to custom.
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
@@ -641,15 +642,14 @@ class MainWP_Helper {
} elseif ( preg_match( '/(.*)<\/mainwp>/', $data, $results ) > 0 ) {
$result = $results[1];
$result_base = base64_decode( $result ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons.
-
$information = json_decode( $result_base, true ); // it is json_encode result.
-
return $information;
} elseif ( '' === $data ) {
throw new \Exception( __( 'Something went wrong while contacting the child site. Please check if there is an error on the child site. This error could also be caused by trying to clone or restore a site to large for your server settings.', 'mainwp-child' ) );
} else {
throw new \Exception( __( 'Child plugin is disabled or the security key is incorrect. Please resync with your main installation.', 'mainwp-child' ) );
}
+ // phpcs:enable
}
diff --git a/class/class-mainwp-security.php b/class/class-mainwp-security.php
index db53b74..809b6a5 100644
--- a/class/class-mainwp-security.php
+++ b/class/class-mainwp-security.php
@@ -46,27 +46,32 @@ class MainWP_Security {
}
public static function prevent_listing_ok() {
- self::init_listing_directories();
+
+ global $wp_filesystem;
+ MainWP_Helper::get_wp_filesystem();
+
+ self::init_listing_directories();
foreach ( self::$listingDirectories as $directory ) {
$file = $directory . DIRECTORY_SEPARATOR . 'index.php';
- if ( ! file_exists( $file ) ) {
+ if ( ! $wp_filesystem->exists( $file ) ) {
return false;
}
}
-
return true;
}
public static function prevent_listing() {
self::init_listing_directories();
+
+ global $wp_filesystem;
+ MainWP_Helper::get_wp_filesystem();
+
foreach ( self::$listingDirectories as $directory ) {
$file = $directory . DIRECTORY_SEPARATOR . 'index.php';
- if ( ! file_exists( $file ) ) {
- $h = fopen( $file, 'w' );
- fwrite( $h, "exists( $file ) ) {
+ $wp_filesystem->put_contents( $file, "put_contents( $file, "header(\$_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden' );\n" );
+ $wp_filesystem->put_contents( $file, "die( '403 Forbidden' );\n" );
}
}
}
@@ -111,25 +116,6 @@ class MainWP_Security {
}
}
- // File permissions not secure.
- private static $permission_checks = null;
-
- private static function init_permission_checks() {
- if ( null === self::$permission_checks ) {
- self::$permission_checks = array(
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . '../' => '0755',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . '../wp-includes' => '0755',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . '../.htaccess' => '0644',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'index.php' => '0644',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'js/' => '0755',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'themes' => '0755',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'plugins' => '0755',
- WP_CONTENT_DIR . DIRECTORY_SEPARATOR . '../wp-admin' => '0755',
- WP_CONTENT_DIR => '0755',
- );
- }
- }
-
// Database error reporting turned on/off.
public static function remove_database_reporting_ok() {
global $wpdb;
@@ -223,23 +209,19 @@ class MainWP_Security {
}
public static function remove_readme( $force = false ) {
-
// to prevent remove readme.html file on WPE hosts.
if ( MainWP_Helper::is_wp_engine() ) {
return true;
}
-
+ MainWP_Helper::get_wp_filesystem();
+ global $wp_filesystem;
if ( $force || self::get_security_option( 'readme' ) ) {
- if ( file_exists( ABSPATH . 'readme.html' ) ) {
- if ( ! unlink( ABSPATH . 'readme.html' ) ) {
- MainWP_Helper::get_wp_filesystem();
- global $wp_filesystem;
- if ( ! empty( $wp_filesystem ) ) {
- $wp_filesystem->delete( ABSPATH . 'readme.html' );
- if ( file_exists( ABSPATH . 'readme.html' ) ) {
- // prevent repeat delete.
- self::update_security_option( 'readme', false );
- }
+ if ( $wp_filesystem->exists( ABSPATH . 'readme.html' ) ) {
+ if ( ! unlink( ABSPATH . 'readme.html' ) ) {
+ $wp_filesystem->delete( ABSPATH . 'readme.html' );
+ if ( $wp_filesystem->exists( ABSPATH . 'readme.html' ) ) {
+ // prevent repeat delete.
+ self::update_security_option( 'readme', false );
}
}
}
diff --git a/includes/functions.php b/includes/functions.php
index ef7254f..a5132cc 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -59,7 +59,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus
ob_start();
debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); // phpcs:ignore -- debug feature.
$stackTrace = "\n" . ob_get_clean();
- die( '' . base64_encode( json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons.
+ die( '' . base64_encode( wp_json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons.
}
// To fix verify nonce conflict #2.
@@ -96,7 +96,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus
$stackTrace = "\n" . ob_get_clean();
// Invalid nonce.
- die( '' . base64_encode( json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons.
+ die( '' . base64_encode( wp_json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for begin reasons.
}
endif;
}