Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3209338

Timestamp:

12/17/2024 04:22:20 PM (15 months ago)

Author:

databasebackup

Message:

updates

Location:

wp-database-backup/tags/7.4/includes

Files:

: 4 edited

admin/class-wpdb-admin.php (modified) (2 diffs)
admin/cron-create-full-backup-incremental.php (modified) (1 diff)
admin/cron-create-full-backup.php (modified) (1 diff)
features.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

wp-database-backup/tags/7.4/includes/admin/class-wpdb-admin.php

-                      r3209256
+                      r3209338
                         } else {
                             update_option( 'wp_db_backup_enable_auto_upgrade', 0 , false);
+                        }
-                        if ( isset( $_POST['wp_db_backup_enable_htaccess'] ) ) {
-                            update_option( 'wp_db_backup_enable_htaccess', 1 , false);
-                        } else {
-                            update_option( 'wp_db_backup_enable_htaccess', 0 , false);
-                            $path_info = wp_upload_dir();
-                            if ( file_exists( $path_info['basedir'] . '/db-backup/.htaccess' ) ) {
-                                wp_delete_file( $path_info['basedir'] . '/db-backup/.htaccess' );
+                            }
+                        }
 …
         // Added htaccess file 08-05-2015 for prevent directory listing.
         // Fixed Vulnerability 22-06-2016 for prevent direct download.
+        if ( 1 === (int) get_option( 'wp_db_backup_enable_htaccess' ) ) {
+                $htaccess_content = '# BEGIN Backup Folder Protection
+                    <IfModule mod_rewrite.c>
+                    RewriteEngine On
+                    RewriteCond %{REQUEST_FILENAME} -f
+                    RewriteRule ^.*$ - [F,L]
+                    </IfModule>
+                    # END Backup Folder Protection';
+                $htaccess_content = '# Disable public access to this folder
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>';
                 $wp_filesystem->put_contents( $path_info['basedir'] . '/db-backup/.htaccess', $htaccess_content, FS_CHMOD_FILE );
+        }
         // Begin : Generate SQL DUMP and save to file database.sql.
         $wp_site_name = preg_replace('/[^\p{L}\p{M}]+/u', '_', get_bloginfo('name'));

wp-database-backup/tags/7.4/includes/admin/cron-create-full-backup-incremental.php

-                      r3209256
+                      r3209338
             //Fixed Vulnerability 22-06-2016 for prevent direct download
             //fclose(fopen($path_info['basedir'] . '/' . WPDB_BACKUPS_DIR .'/.htaccess', $htassesText));
+            $htaccess_content = " # BEGIN Backup Folder Protection
+  <IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteCond %{REQUEST_FILENAME} -f
+    RewriteRule ^.*$ - [F,L]
+  </IfModule>
+  # END Backup Folder Protection";
+            $htaccess_content = "# Disable public access to this folder
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>";
             wpdbbkp_write_file_contents($path_info['basedir']  . '/' . WPDB_BACKUPS_DIR . '/.htaccess',$htaccess_content);

wp-database-backup/tags/7.4/includes/admin/cron-create-full-backup.php

-                      r3209256
+                      r3209338
             //added htaccess file 08-05-2015 for prevent directory listing
             //Fixed Vulnerability 22-06-2016 for prevent direct download
+            $htaccess_content = "# BEGIN Backup Folder Protection
+<IfModule mod_rewrite.c>
+  RewriteEngine On
+  RewriteCond %{REQUEST_FILENAME} -f
+  RewriteRule ^.*$ - [F,L]
+            $htaccess_content = "# Disable public access to this folder
+<IfModule mod_authz_core.c>
+    Require all denied
 </IfModule>
+# END Backup Folder Protection";
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>";
             wpdbbkp_write_file_contents($path_info['basedir']  . '/' . WPDB_BACKUPS_DIR . '/.htaccess',$htaccess_content);

wp-database-backup/tags/7.4/includes/features.php

-                      r3209256
+                      r3209338
     $htaccess_content = "
 # BEGIN Backup Folder Protection
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} -f
+RewriteRule ^.*$ - [F,L]
+# Disable public access to this folder
+<IfModule mod_authz_core.c>
+    Require all denied
 </IfModule>
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
 # END Backup Folder Protection
 ";

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3209338

Legend:

wp-database-backup/tags/7.4/includes/admin/class-wpdb-admin.php

wp-database-backup/tags/7.4/includes/admin/cron-create-full-backup-incremental.php

wp-database-backup/tags/7.4/includes/admin/cron-create-full-backup.php

wp-database-backup/tags/7.4/includes/features.php

Download in other formats: