From bca98c3a1a8d701cd1116c4f403d67198947667a Mon Sep 17 00:00:00 2001 From: thanghv Date: Tue, 5 May 2020 20:13:38 +0700 Subject: [PATCH] Refactoring --- class/class-mainwp-backup.php | 6 +- class/class-mainwp-child-back-up-buddy.php | 15 +- .../class-mainwp-child-back-up-wordpress.php | 2 + class/class-mainwp-child-back-wp-up.php | 2 + class/class-mainwp-child-branding.php | 15 +- class/class-mainwp-child-db.php | 2 + class/class-mainwp-child-ithemes-security.php | 2 + class/class-mainwp-child-links-checker.php | 2 + class/class-mainwp-child-pagespeed.php | 2 + class/class-mainwp-child-plugins-check.php | 3 + class/class-mainwp-child-robot.php | 34 ---- .../class-mainwp-child-server-information.php | 1 + class/class-mainwp-child-skeleton-key.php | 1 + class/class-mainwp-child-staging.php | 2 + class/class-mainwp-child-themes-check.php | 3 + class/class-mainwp-child-timecapsule.php | 2 + ...lass-mainwp-child-updraft-plus-backups.php | 51 +++--- ...ass-mainwp-child-vulnerability-checker.php | 2 + .../class-mainwp-child-woocommerce-status.php | 2 + class/class-mainwp-child-wordfence.php | 4 +- class/class-mainwp-child-wp-rocket.php | 2 + ...ass-mainwp-child-wpvivid-backuprestore.php | 2 + class/class-mainwp-child.php | 145 ++++-------------- class/class-mainwp-client-report.php | 20 ++- class/class-mainwp-clone-install.php | 10 +- class/class-mainwp-clone.php | 24 ++- class/class-mainwp-custom-post-type.php | 2 + class/class-mainwp-debug.php | 2 + class/class-mainwp-helper.php | 91 ++++++----- class/class-mainwp-keyword-links.php | 2 + class/class-mainwp-security.php | 28 +++- class/class-mainwp-tools.php | 20 --- class/class-mainwp-wordpress-seo.php | 2 + includes/functions.php | 104 +++++++++++++ mainwp-child.php | 18 ++- 35 files changed, 340 insertions(+), 285 deletions(-) delete mode 100644 class/class-mainwp-child-robot.php delete mode 100644 class/class-mainwp-tools.php create mode 100644 includes/functions.php diff --git a/class/class-mainwp-backup.php b/class/class-mainwp-backup.php index aea002f..e51a140 100644 --- a/class/class-mainwp-backup.php +++ b/class/class-mainwp-backup.php @@ -1,5 +1,7 @@ $archivefilePath ) : $db_files ); diff --git a/class/class-mainwp-child-back-up-buddy.php b/class/class-mainwp-child-back-up-buddy.php index 96ddb5c..15288cc 100644 --- a/class/class-mainwp-child-back-up-buddy.php +++ b/class/class-mainwp-child-back-up-buddy.php @@ -12,6 +12,8 @@ * Extension URL: https://mainwp.com/extension/mainwpbuddy/ */ +namespace MainWP\Child; + class MainWP_Child_Back_Up_Buddy { public static $instance = null; public $plugin_translate = 'mainwp-child'; @@ -148,9 +150,12 @@ class MainWP_Child_Back_Up_Buddy { continue; } + $check_finished = false; if ( ( $backup['finish_time'] >= $backup['start_time'] ) && ( 0 != $backup['start_time'] ) ) { - // ok! - } else { + $check_finished = true; + } + + if ( ! $check_finished ) { continue; } @@ -630,7 +635,7 @@ class MainWP_Child_Back_Up_Buddy { return array( 'error' => __( 'Error: not found the backup schedule or invalid data', 'mainwp-child' ) ); } - pb_backupbuddy::alert( 'Manually running scheduled backup "' . pb_backupbuddy::$options['schedules'][ $schedule_id ]['title'] . '" in the background.' . '
' . __( 'Note: If there is no site activity there may be delays between steps in the backup. Access the site or use a 3rd party service, such as a free pinging service, to generate site activity.', 'mainwp-child' ) ); + pb_backupbuddy::alert( 'Manually running scheduled backup "' . pb_backupbuddy::$options['schedules'][ $schedule_id ]['title'] . '" in the background.
' . __( 'Note: If there is no site activity there may be delays between steps in the backup. Access the site or use a 3rd party service, such as a free pinging service, to generate site activity.', 'mainwp-child' ) ); pb_backupbuddy_cron::_run_scheduled_backup( $schedule_id ); $information['result'] = 'SUCCESS'; @@ -2843,9 +2848,7 @@ class MainWP_Child_Back_Up_Buddy { if ( ( ( 0 == $stats['files_total'] ) || ( $stats['files_sent'] < $stats['files_total'] ) ) && ( 'wait_on_transfers' != $stats['current_function'] ) ) { // ( Files to send not yet calculated OR more remain to send ) AND not on the wait_on_transfers step. $time_since_last_activity = microtime( true ) - $stats['last_periodic_activity']; - if ( $time_since_last_activity < 30 ) { // Don't even bother getting max execution time if it's been less than 30 seconds since run. - // do nothing! - } else { // More than 30 seconds since last activity. + if ( $time_since_last_activity >= 30 ) { // More than 30 seconds since last activity. // Detect max PHP execution time. If TESTED value is higher than PHP value then go with that since we want to err on not overlapping processes here. $detected_execution = backupbuddy_core::detectLikelyHighestExecutionTime(); diff --git a/class/class-mainwp-child-back-up-wordpress.php b/class/class-mainwp-child-back-up-wordpress.php index 70ef252..ee2c7b4 100644 --- a/class/class-mainwp-child-back-up-wordpress.php +++ b/class/class-mainwp-child-back-up-wordpress.php @@ -13,6 +13,8 @@ * Extension URL: https://mainwp.com/extension/backupwordpress/ */ +namespace MainWP\Child; + class MainWP_Child_Back_Up_Wordpress { public static $instance = null; public $is_plugin_installed = false; diff --git a/class/class-mainwp-child-back-wp-up.php b/class/class-mainwp-child-back-wp-up.php index a1dabdd..5d03a1e 100644 --- a/class/class-mainwp-child-back-wp-up.php +++ b/class/class-mainwp-child-back-wp-up.php @@ -13,6 +13,8 @@ * Extension URL: https://mainwp.com/extension/backwpup/ */ +namespace MainWP\Child; + if ( ! defined( 'MAINWP_BACKWPUP_DEVELOPMENT' ) ) { define( 'MAINWP_BACKWPUP_DEVELOPMENT', false ); } diff --git a/class/class-mainwp-child-branding.php b/class/class-mainwp-child-branding.php index 54a4d55..a82d88d 100644 --- a/class/class-mainwp-child-branding.php +++ b/class/class-mainwp-child-branding.php @@ -1,5 +1,7 @@ delete( $files ); } - if ( -1 === $deleted ) { - - } elseif ( false !== $deleted ) { + + if ( -1 !== $deleted && false !== $deleted ) { $remote_deleted = $remote_deleted + count( $files ); - } else { - // Do nothing. } } } @@ -1771,9 +1768,7 @@ class MainWP_Child_Updraft_Plus_Backups { $updraftplus->log( 'Restore failed' ); $updraftplus->list_errors(); - } elseif ( false === $backup_success ) { - - } + } $output = ob_get_clean(); @@ -2701,7 +2696,7 @@ class MainWP_Child_Updraft_Plus_Backups { if ( 'multisite' == $key ) { $info['multisite'] = $val ? true : false; if ( $val ) { - $mess[] = '' . __( 'Site information:', 'updraftplus' ) . ' ' . 'backup is of a WordPress Network'; + $mess[] = '' . __( 'Site information:', 'updraftplus' ) . ' backup is of a WordPress Network'; } } $old_siteinfo[ $key ] = $val; @@ -2780,7 +2775,7 @@ class MainWP_Child_Updraft_Plus_Backups { } if ( $db_charset_forbidden ) { $db_unsupported_charset_unique = array_unique( $db_unsupported_charset ); - $warn[] = sprintf( _n( "The database server that this WordPress site is running on doesn't support the character set (%s) which you are trying to import.", "The database server that this WordPress site is running on doesn't support the character sets (%s) which you are trying to import.", count( $db_unsupported_charset_unique ), 'updraftplus' ), implode( ', ', $db_unsupported_charset_unique ) ) . ' ' . __( 'You can choose another suitable character set instead and continue with the restoration at your own risk.', 'updraftplus' ) . ' ' . __( 'Go here for more information.', 'updraftplus' ) . '' . ' ' . __( 'Go here for more information.', 'updraftplus' ) . ''; + $warn[] = sprintf( _n( "The database server that this WordPress site is running on doesn't support the character set (%s) which you are trying to import.", "The database server that this WordPress site is running on doesn't support the character sets (%s) which you are trying to import.", count( $db_unsupported_charset_unique ), 'updraftplus' ), implode( ', ', $db_unsupported_charset_unique ) ) . ' ' . __( 'You can choose another suitable character set instead and continue with the restoration at your own risk.', 'updraftplus' ) . ' ' . __( 'Go here for more information.', 'updraftplus' ) . ' ' . __( 'Go here for more information.', 'updraftplus' ) . ''; $db_supported_character_sets = array_keys( $db_supported_character_sets ); $similar_type_charset = UpdraftPlus_Manipulation_Functions::get_matching_str_from_array_elems( $db_unsupported_charset_unique, $db_supported_character_sets, true ); if ( empty( $similar_type_charset ) ) { @@ -3050,11 +3045,9 @@ class MainWP_Child_Updraft_Plus_Backups { $backup['service'] = array( $backup['service'] ); } foreach ( $backup['service'] as $service ) { - if ( 'none' === $service || '' === $service || ( is_array( $service ) && ( empty( $service ) || array( 'none' ) === $service || array( '' ) === $service ) ) ) { - // Do nothing. - } else { + $emptyCheck = ( 'none' === $service || '' === $service || ( is_array( $service ) && ( empty( $service ) || array( 'none' ) === $service || array( '' ) === $service ) ) ); + if ( ! empty( $emptyCheck ) ) { $remote_storage = ( 'remotesend' === $service ) ? __( 'remote site', 'updraftplus' ) : $updraftplus->backup_methods[ $service ]; - $service_title = '
' . esc_attr( sprintf( __( 'Remote storage: %s', 'updraftplus' ), $remote_storage ) ); } } @@ -3183,7 +3176,7 @@ ENDHERE; - ENDHERE; +ENDHERE; return $ret; } @@ -3301,7 +3294,7 @@ ENDHERE; - ENDHERE; +ENDHERE; return $ret; } @@ -3323,7 +3316,7 @@ ENDHERE; - ENDHERE; +ENDHERE; return $ret; } diff --git a/class/class-mainwp-child-vulnerability-checker.php b/class/class-mainwp-child-vulnerability-checker.php index 68bb516..cdc18ed 100644 --- a/class/class-mainwp-child-vulnerability-checker.php +++ b/class/class-mainwp-child-vulnerability-checker.php @@ -13,6 +13,8 @@ * Extension URL: https://mainwp.com/extension/vulnerability-checker/ */ +namespace MainWP\Child; + class MainWP_Child_Vulnerability_Checker { public static $instance = null; diff --git a/class/class-mainwp-child-woocommerce-status.php b/class/class-mainwp-child-woocommerce-status.php index 72a8d3f..c029d42 100644 --- a/class/class-mainwp-child-woocommerce-status.php +++ b/class/class-mainwp-child-woocommerce-status.php @@ -11,6 +11,8 @@ * Extension URL: https://mainwp.com/extension/woocommerce-status/ */ +namespace MainWP\Child; + class MainWP_Child_WooCommerce_Status { public static $instance = null; diff --git a/class/class-mainwp-child-wordfence.php b/class/class-mainwp-child-wordfence.php index 399df99..3c6d38e 100644 --- a/class/class-mainwp-child-wordfence.php +++ b/class/class-mainwp-child-wordfence.php @@ -11,6 +11,8 @@ * Extension URL: https://mainwp.com/extension/wordfence/ */ +namespace MainWP\Child; + class MainWP_Child_Wordfence { public static $instance = null; public $is_wordfence_installed = false; @@ -836,7 +838,7 @@ class MainWP_Child_Wordfence { return $wpdb->get_var( <<= {$interval} - SQL +SQL ); } diff --git a/class/class-mainwp-child-wp-rocket.php b/class/class-mainwp-child-wp-rocket.php index 1f36588..f5227eb 100644 --- a/class/class-mainwp-child-wp-rocket.php +++ b/class/class-mainwp-child-wp-rocket.php @@ -12,6 +12,8 @@ * Extension URL: https://mainwp.com/extension/rocket/ */ +namespace MainWP\Child; + class MainWP_Child_WP_Rocket { public static $instance = null; public $is_plugin_installed = false; diff --git a/class/class-mainwp-child-wpvivid-backuprestore.php b/class/class-mainwp-child-wpvivid-backuprestore.php index 3867681..60145c7 100644 --- a/class/class-mainwp-child-wpvivid-backuprestore.php +++ b/class/class-mainwp-child-wpvivid-backuprestore.php @@ -1,5 +1,7 @@ = $skeleton_keyuse_nonce_key && $skeleton_keycurrent_time <= ( $skeleton_keyuse_nonce_key + 30 ) ) { - - if ( strcmp( $skeleton_keyuse_nonce_hmac, hash_hmac( 'sha256', $skeleton_keyuse_nonce_key, NONCE_KEY ) ) === 0 ) { - - if ( ! function_exists( 'wp_verify_nonce' ) ) : - - /** - * Verify that correct nonce was used with time limit. - * - * The user is given an amount of time to use the token, so therefore, since the - * UID and $action remain the same, the independent variable is the time. - * - * @since 2.0.3 - * - * @param string $nonce Nonce that was used in the form to verify - * @param string|int $action Should give context to what is taking place and be the same when nonce was created. - * - * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between - * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. - */ - function wp_verify_nonce( $nonce, $action = - 1 ) { - $nonce = (string) $nonce; - $user = wp_get_current_user(); - $uid = (int) $user->ID; - if ( ! $uid ) { - /** - * Filter whether the user who generated the nonce is logged out. - * - * @since 3.5.0 - * - * @param int $uid ID of the nonce-owning user. - * @param string $action The nonce action. - */ - $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); - } - - if ( empty( $nonce ) ) { - - // To fix verify nonce conflict #1. - // this is fake post field to fix some conflict of wp_verify_nonce(). - // just return false to unverify nonce, does not exit. - if ( isset( $_POST[ $action ] ) && ( 'mainwp-bsm-unverify-nonce' == $_POST[ $action ] ) ) { - return false; - } - - // to help tracing the conflict verify nonce with other plugins. - ob_start(); - debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); - $stackTrace = "\n" . ob_get_clean(); - die( '' . base64_encode( json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - } - - // To fix verify nonce conflict #2. - // this is fake nonce to fix some conflict of wp_verify_nonce(). - // just return false to unverify nonce, does not exit. - if ( 'mainwp-bsm-unverify-nonce' == $nonce ) { - return false; - } - - $token = wp_get_session_token(); - $i = wp_nonce_tick(); - - // Nonce generated 0-12 hours ago. - $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), - 12, 10 ); - if ( hash_equals( $expected, $nonce ) ) { - return 1; - } - - // Nonce generated 12-24 hours ago. - $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), - 12, 10 ); - if ( hash_equals( $expected, $nonce ) ) { - return 2; - } - - // To fix verify nonce conflict #3. - // this is fake post field to fix some conflict of wp_verify_nonce(). - // just return false to unverify nonce, does not exit. - if ( isset( $_POST[ $action ] ) && ( 'mainwp-bsm-unverify-nonce' == $_POST[ $action ] ) ) { - return false; - } - - ob_start(); - debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); - $stackTrace = "\n" . ob_get_clean(); - - // Invalid nonce. - die( '' . base64_encode( json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. - } - endif; - } - } -} - class MainWP_Child { public static $version = '4.0.7.1'; private $update_version = '1.5'; @@ -492,9 +393,9 @@ class MainWP_Child { return; } session_write_close(); - @header( 'Content-Type: text/html; charset=' . get_bloginfo( 'charset' ), true ); - @header( 'X-Robots-Tag: noindex, nofollow', true ); - @header( 'X-MainWP-Child-Version: ' . self::$version, true ); + header( 'Content-Type: text/html; charset=' . get_bloginfo( 'charset' ), true ); + header( 'X-Robots-Tag: noindex, nofollow', true ); + header( 'X-MainWP-Child-Version: ' . self::$version, true ); nocache_headers(); if ( 'test' == $_GET['mainwp_child_run'] ) { die( 'MainWP Test' ); @@ -673,7 +574,7 @@ class MainWP_Child { $settingsPage = add_submenu_page( 'options-general.php', $child_menu_title, $child_menu_title, 'manage_options', 'mainwp_child_tab', array( &$this, 'render_pages' ) ); - add_action( 'admin_print_scripts-' . $settingsPage, array( 'MainWP_Clone', 'print_scripts' ) ); + add_action( 'admin_print_scripts-' . $settingsPage, array( MainWP_Clone::get_class_name(), 'print_scripts' ) ); $subpageargs = array( 'child_slug' => 'options-general.php', 'branding' => ( null === self::$brandingTitle ) ? 'MainWP' : self::$brandingTitle, @@ -4400,7 +4301,10 @@ class MainWP_Child { } } - $maxPages = MAINWP_CHILD_NR_OF_PAGES; + $maxPages = 50; + if ( defined( 'MAINWP_CHILD_NR_OF_PAGES' ) ) + $maxPages = MAINWP_CHILD_NR_OF_PAGES; + if ( isset( $_POST['maxRecords'] ) ) { $maxPages = $_POST['maxRecords']; } @@ -4448,7 +4352,10 @@ class MainWP_Child { } } - $maxComments = MAINWP_CHILD_NR_OF_COMMENTS; + $maxComments = 50; + if ( defined( 'MAINWP_CHILD_NR_OF_COMMENTS' ) ) + $maxComments = MAINWP_CHILD_NR_OF_COMMENTS; // to compatible. + if ( isset( $_POST['maxRecords'] ) ) { $maxComments = $_POST['maxRecords']; } @@ -5267,15 +5174,15 @@ class MainWP_Child { // log time. $time = MainWP_Helper::clean( date( 'F jS Y, h:ia', time() ) ); - $mail = '
' . 'TIME: ' . $time . '
' . - '
' . '*404: ' . $request . '
' . - '
' . 'SITE: ' . $site . '
' . - '
' . 'REFERRER: ' . $referer . '
' . - '
' . 'QUERY STRING: ' . $string . '
' . - '
' . 'REMOTE ADDRESS: ' . $address . '
' . - '
' . 'REMOTE IDENTITY: ' . $remote . '
' . - '
' . 'USER AGENT: ' . $agent . '
'; - $mail = '
404 alert
' . $mail; + $mail = '
404 alert
' . + '
TIME: ' . $time . '
' . + '
*404: ' . $request . '
' . + '
SITE: ' . $site . '
' . + '
REFERRER: ' . $referer . '
' . + '
QUERY STRING: ' . $string . '
' . + '
REMOTE ADDRESS: ' . $address . '
' . + '
REMOTE IDENTITY: ' . $remote . '
' . + '
USER AGENT: ' . $agent . '
'; wp_mail( $email, 'MainWP - 404 Alert: ' . $blog, @@ -5304,7 +5211,7 @@ class MainWP_Child { } $code = stripslashes( $_POST['code'] ); if ( 'run_snippet' === $action ) { - $information = MainWP_Tools::execute_snippet( $code ); + $information = MainWP_Helper::execute_snippet( $code ); } elseif ( 'save_snippet' === $action ) { $type = $_POST['type']; $slug = $_POST['slug']; @@ -5391,7 +5298,7 @@ class MainWP_Child { $snippets = get_option( 'mainwp_ext_code_snippets' ); if ( is_array( $snippets ) && count( $snippets ) > 0 ) { foreach ( $snippets as $code ) { - MainWP_Tools::execute_snippet( $code ); + MainWP_Helper::execute_snippet( $code ); } } } diff --git a/class/class-mainwp-client-report.php b/class/class-mainwp-client-report.php index c59a13f..f1f854a 100644 --- a/class/class-mainwp-client-report.php +++ b/class/class-mainwp-client-report.php @@ -1,5 +1,7 @@ ID, $skip_records ) ) { continue; } @@ -625,21 +627,25 @@ class MainWP_Client_Report { continue; } + $valid_context = false; + if ( 'comments' == $context ) { $comment_contexts = array( 'post', 'page' ); if ( ! in_array( $record->context, $comment_contexts ) ) { continue; } + $valid_context = true; } elseif ( 'menus' == $context ) { - // ok, pass, don't check context. + $valid_context = true; // ok, pass, don't check context. } elseif ( 'editor' == $record->connector ) { - // ok, pass, checked above. + $valid_context = true; // ok, pass, checked above. } elseif ( 'media' == $connector && 'media' == $record->connector ) { - // ok, pass, do not check context. + $valid_context = true; // ok, pass, do not check context. } elseif ( 'widgets' == $connector && 'widgets' == $record->connector ) { - // ok, pass, don't check context. - // - } elseif ( strtolower( $record->context ) !== $context ) { + $valid_context = true; // ok, pass, don't check context. + } + + if ( ! $valid_context || strtolower( $record->context ) !== $context ) { continue; } diff --git a/class/class-mainwp-clone-install.php b/class/class-mainwp-clone-install.php index d2dd418..f64eba3 100644 --- a/class/class-mainwp-clone-install.php +++ b/class/class-mainwp-clone-install.php @@ -1,5 +1,7 @@ archiver ) { - + return false; } elseif ( $this->checkZipConsole() ) { - // skip. + return false; } elseif ( $this->checkZipSupport() ) { $zip = new ZipArchive(); $zipRes = $zip->open( $this->file ); @@ -111,7 +113,7 @@ class MainWP_Clone_Install { return $this->archiver->file_exists( $file ); } elseif ( $this->checkZipConsole() ) { - // skip. + return false; } elseif ( $this->checkZipSupport() ) { $zip = new ZipArchive(); $zipRes = $zip->open( $this->file ); @@ -371,7 +373,9 @@ class MainWP_Clone_Install { return $content; } else { + if ( $this->checkZipConsole() ) { + return false; } elseif ( $this->checkZipSupport() ) { $zip = new ZipArchive(); $zipRes = $zip->open( $this->file ); diff --git a/class/class-mainwp-clone.php b/class/class-mainwp-clone.php index 5d8ac73..f3ba63d 100644 --- a/class/class-mainwp-clone.php +++ b/class/class-mainwp-clone.php @@ -1,9 +1,23 @@ query( 'jquery-ui-core' ); $version = $ui->ver; if ( MainWP_Helper::startsWith( $version, '1.10' ) ) { - wp_enqueue_style( 'jquery-ui-style', plugins_url( '/css/1.10.4/jquery-ui.min.css', dirname( __FILE__ ) ), array(), null, 'all' ); + wp_enqueue_style( 'jquery-ui-style', plugins_url( '/css/1.10.4/jquery-ui.min.css', dirname( __FILE__ ) ), array(), '1.10', 'all' ); } else { - wp_enqueue_style( 'jquery-ui-style', plugins_url( '/css/1.11.1/jquery-ui.min.css', dirname( __FILE__ ) ), array(), null, 'all' ); + wp_enqueue_style( 'jquery-ui-style', plugins_url( '/css/1.11.1/jquery-ui.min.css', dirname( __FILE__ ) ), array(), '1.11', 'all' ); } } @@ -116,7 +130,7 @@ class MainWP_Clone { } $uploadedfile = $_FILES['file']; $upload_overrides = array( 'test_form' => false ); - add_filter( 'upload_mimes', array( 'MainWP_Clone', 'upload_mimes' ) ); + add_filter( 'upload_mimes', array( MainWP_Clone::get_class_name(), 'upload_mimes' ) ); $movefile = wp_handle_upload( $uploadedfile, $upload_overrides ); if ( $movefile ) { $uploadFile = str_replace( ABSPATH, '', $movefile['file'] ); diff --git a/class/class-mainwp-custom-post-type.php b/class/class-mainwp-custom-post-type.php index e913fb1..08177bb 100755 --- a/class/class-mainwp-custom-post-type.php +++ b/class/class-mainwp-custom-post-type.php @@ -1,5 +1,7 @@ ID; // Set up a new post (adding addition information). - $is_robot_post = false; - if ( isset( $_POST['isMainWPRobot'] ) && ! empty( $_POST['isMainWPRobot'] ) ) { - $is_robot_post = true; - } - $post_author = isset( $new_post['post_author'] ) ? $new_post['post_author'] : $current_uid; - if ( $is_robot_post ) { - if ( 1 === $post_author ) { - $new_post['post_author'] = $current_uid; - } elseif ( ! is_numeric( $post_author ) ) { - $user_author = get_user_by( 'login', $post_author ); - if ( $user_author ) { - $post_author = $user_author->ID; - } else { - $length = 12; - $include_standard_special_chars = false; - $random_password = wp_generate_password( $length, $include_standard_special_chars ); - $post_author = wp_create_user( $post_author, $random_password, $post_author . '@asdf.com' ); - } - } - } elseif ( isset( $new_post['custom_post_author'] ) && ! empty( $new_post['custom_post_author'] ) ) { + + if ( isset( $new_post['custom_post_author'] ) && ! empty( $new_post['custom_post_author'] ) ) { $_author = get_user_by( 'login', $new_post['custom_post_author'] ); if ( ! empty( $_author ) ) { $new_post['post_author'] = $_author->ID; @@ -444,14 +428,13 @@ class MainWP_Helper { $post_author = ! empty( $post_author ) ? $post_author : $current_uid; $new_post['post_author'] = $post_author; - $is_ezine_post = ! empty( $post_custom['_ezine_post_article_source'] ) ? true : false; $terms = isset( $new_post['_ezin_post_category'] ) ? $new_post['_ezin_post_category'] : false; unset( $new_post['_ezin_post_category'] ); $is_post_plus = isset( $post_custom['_mainwp_post_plus'] ) ? true : false; $wp_error = null; - if ( $is_ezine_post || $is_post_plus ) { + if ( $is_post_plus ) { if ( isset( $new_post['post_date_gmt'] ) && ! empty( $new_post['post_date_gmt'] ) && '0000-00-00 00:00:00' != $new_post['post_date_gmt'] ) { $post_date_timestamp = strtotime( $new_post['post_date_gmt'] ) + get_option( 'gmt_offset' ) * 60 * 60; $new_post['post_date'] = date( 'Y-m-d H:i:s', $post_date_timestamp ); @@ -485,7 +468,7 @@ class MainWP_Helper { // Search for all the images added to the new post. Some images have a href tag to click to navigate to the image.. we need to replace this too. $foundMatches = preg_match_all( '/(]+href=\"(.*?)\"[^>]*>)?(\/]*src=\"((.*?)(png|gif|jpg|jpeg))\")/ix', $new_post['post_content'], $matches, PREG_SET_ORDER ); - if ( ( $foundMatches > 0 || ( $is_robot_post && isset( $wpr_options['wpr_save_images'] ) && 'Yes' === $wpr_options['wpr_save_images'] ) ) && ( ! $is_ezine_post ) ) { + if ( $foundMatches > 0 ) { // We found images, now to download them so we can start balbal. foreach ( $matches as $match ) { $hrefLink = $match[2]; @@ -682,8 +665,7 @@ class MainWP_Helper { $not_allowed[] = '_saved_draft_random_publish_date'; $not_allowed[] = '_saved_draft_publish_date_from'; $not_allowed[] = '_saved_draft_publish_date_to'; - $not_allowed[] = '_post_to_only_existing_categories'; - $not_allowed[] = '_mainwp_robot_post_comments'; + $not_allowed[] = '_post_to_only_existing_categories'; $not_allowed[] = '_mainwp_edit_post_site_id'; $not_allowed[] = '_mainwp_edit_post_id'; $not_allowed[] = '_edit_post_status'; @@ -857,12 +839,6 @@ class MainWP_Helper { ); } - // MainWP Robot. - if ( $is_robot_post ) { - $all_comments = $post_custom['_mainwp_robot_post_comments']; - MainWP_Child_Robot::Instance()->wpr_insertcomments( $new_post_id, $all_comments ); - } - // unlock if edit post. if ( $edit_post_id ) { update_post_meta( $edit_post_id, '_edit_lock', '' ); @@ -1055,11 +1031,8 @@ class MainWP_Helper { public static function clean( $string ) { $string = trim( $string ); $string = htmlentities( $string, ENT_QUOTES ); - $string = str_replace( "\n", '
', $string ); - if ( get_magic_quotes_gpc() ) { - $string = stripslashes( $string ); - } - + $string = str_replace( "\n", '
', $string ); + $string = stripslashes( $string ); return $string; } @@ -1312,40 +1285,48 @@ class MainWP_Helper { } public static function get_lasttime_backup( $by ) { + if ( 'backupwp' == $by ) { $by = 'backupwordpress'; } + + $activated = true; switch ( $by ) { case 'backupbuddy': if ( ! is_plugin_active( 'backupbuddy/backupbuddy.php' ) && ! is_plugin_active( 'Backupbuddy/backupbuddy.php' ) ) { - return 0; + $activated = false; } break; case 'backupwordpress': if ( ! is_plugin_active( 'backupwordpress/backupwordpress.php' ) ) { - return 0; + $activated = false; } break; case 'backwpup': if ( ! is_plugin_active( 'backwpup/backwpup.php' ) && ! is_plugin_active( 'backwpup-pro/backwpup.php' ) ) { - return 0; + $activated = false; } break; case 'updraftplus': if ( ! is_plugin_active( 'updraftplus/updraftplus.php' ) ) { - return 0; + $activated = false; } break; case 'wptimecapsule': if ( ! is_plugin_active( 'wp-time-capsule/wp-time-capsule.php' ) ) { - return 0; + $activated = false; } break; default: - return 0; + $activated = false; break; } + + if ( ! $activated ) + return 0; + return get_option( 'mainwp_lasttime_backup_' . $by, 0 ); + } @@ -1749,4 +1730,30 @@ class MainWP_Helper { } } + /** + * Method execute_snippet() + * + * Execute snippet code + * + * @param string $code The code * + * + * @return array result + */ + public static function execute_snippet( $code ) { + ob_start(); + $result = eval( $code ); // phpcs:ignore Squiz.PHP.Eval -- eval() used safely. + $output = ob_get_contents(); + ob_end_clean(); + $return = array(); + $error = error_get_last(); + if ( ( false === $result ) && $error ) { + $return['status'] = 'FAIL'; + $return['result'] = $error['message']; + } else { + $return['status'] = 'SUCCESS'; + $return['result'] = $output; + } + return $return; + } + } diff --git a/class/class-mainwp-keyword-links.php b/class/class-mainwp-keyword-links.php index 4b421a1..93bd0b8 100644 --- a/class/class-mainwp-keyword-links.php +++ b/class/class-mainwp-keyword-links.php @@ -1,5 +1,7 @@ = $skeleton_keyuse_nonce_key && $skeleton_keycurrent_time <= ( $skeleton_keyuse_nonce_key + 30 ) ) { + + if ( strcmp( $skeleton_keyuse_nonce_hmac, hash_hmac( 'sha256', $skeleton_keyuse_nonce_key, NONCE_KEY ) ) === 0 ) { + + if ( ! function_exists( 'wp_verify_nonce' ) ) : + + /** + * Verify that correct nonce was used with time limit. + * + * The user is given an amount of time to use the token, so therefore, since the + * UID and $action remain the same, the independent variable is the time. + * + * @since 2.0.3 + * + * @param string $nonce Nonce that was used in the form to verify + * @param string|int $action Should give context to what is taking place and be the same when nonce was created. + * + * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between + * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. + */ + function wp_verify_nonce( $nonce, $action = - 1 ) { + $nonce = (string) $nonce; + $user = wp_get_current_user(); + $uid = (int) $user->ID; + if ( ! $uid ) { + /** + * Filter whether the user who generated the nonce is logged out. + * + * @since 3.5.0 + * + * @param int $uid ID of the nonce-owning user. + * @param string $action The nonce action. + */ + $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); + } + + if ( empty( $nonce ) ) { + + // To fix verify nonce conflict #1. + // this is fake post field to fix some conflict of wp_verify_nonce(). + // just return false to unverify nonce, does not exit. + if ( isset( $_POST[ $action ] ) && ( 'mainwp-bsm-unverify-nonce' == $_POST[ $action ] ) ) { + return false; + } + + // to help tracing the conflict verify nonce with other plugins. + ob_start(); + debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); + $stackTrace = "\n" . ob_get_clean(); + die( '' . base64_encode( json_encode( array( 'error' => 'You dont send nonce: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + } + + // To fix verify nonce conflict #2. + // this is fake nonce to fix some conflict of wp_verify_nonce(). + // just return false to unverify nonce, does not exit. + if ( 'mainwp-bsm-unverify-nonce' == $nonce ) { + return false; + } + + $token = wp_get_session_token(); + $i = wp_nonce_tick(); + + // Nonce generated 0-12 hours ago. + $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), - 12, 10 ); + if ( hash_equals( $expected, $nonce ) ) { + return 1; + } + + // Nonce generated 12-24 hours ago. + $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), - 12, 10 ); + if ( hash_equals( $expected, $nonce ) ) { + return 2; + } + + // To fix verify nonce conflict #3. + // this is fake post field to fix some conflict of wp_verify_nonce(). + // just return false to unverify nonce, does not exit. + if ( isset( $_POST[ $action ] ) && ( 'mainwp-bsm-unverify-nonce' == $_POST[ $action ] ) ) { + return false; + } + + ob_start(); + debug_print_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ); + $stackTrace = "\n" . ob_get_clean(); + + // Invalid nonce. + die( '' . base64_encode( json_encode( array( 'error' => 'Invalid nonce! Try to use: ' . $action . '
Trace: ' . $stackTrace ) ) ) . '' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_encode function is used for benign reasons. + } + endif; + } + } +} \ No newline at end of file diff --git a/mainwp-child.php b/mainwp-child.php index d2ca678..b1ff69f 100644 --- a/mainwp-child.php +++ b/mainwp-child.php @@ -16,11 +16,25 @@ if ( ! defined( 'MAINWP_CHILD_FILE' ) ) { define( 'MAINWP_CHILD_FILE', __FILE__ ); } +if ( ! defined( 'MAINWP_CHILD_PLUGIN_DIR' ) ) { + define( 'MAINWP_CHILD_PLUGIN_DIR', plugin_dir_path( MAINWP_CHILD_FILE ) ); +} + if ( ! defined( 'MAINWP_CHILD_URL' ) ) { define( 'MAINWP_CHILD_URL', plugin_dir_url( MAINWP_CHILD_FILE ) ); } function mainwp_child_autoload( $class_name ) { + + if ( 0 !== strpos( $class_name, 'MainWP\Child' ) ) + return; + + // trip the namespace prefix: MainWP\Child\ . + $class_name = substr( $class_name, 13 ); + if ( 0 !== strpos( $class_name, 'MainWP_' ) ) { + return; + } + $autoload_dir = \trailingslashit( dirname( __FILE__ ) . '/class' ); $autoload_path = sprintf( '%sclass-%s.php', $autoload_dir, strtolower( str_replace( '_', '-', $class_name ) ) ); @@ -33,6 +47,8 @@ if ( function_exists( 'spl_autoload_register' ) ) { spl_autoload_register( 'mainwp_child_autoload' ); } -$mainWPChild = new MainWP_Child( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . plugin_basename( __FILE__ ) ); +require_once MAINWP_CHILD_PLUGIN_DIR . 'includes' . DIRECTORY_SEPARATOR . 'functions.php'; + +$mainWPChild = new MainWP\Child\MainWP_Child( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . plugin_basename( __FILE__ ) ); register_activation_hook( __FILE__, array( $mainWPChild, 'activation' ) ); register_deactivation_hook( __FILE__, array( $mainWPChild, 'deactivation' ) );