Plugin URI: http://www.skippy.net/blog/plugins/
Description: On-demand backup of your WordPress database.
Author: Scott Merrill
-Version: 1.7
+Version: 1.8
Author URI: http://www.skippy.net/
Much of this was modified from Mark Ghosh's One Click Backup, which
}
function wpdbBackup() {
-
add_action('wp_cron_daily', array(&$this, 'wp_cron_daily'));
$this->backup_dir = trailingslashit($this->backup_dir);
$this->basename = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__);
if (isset($_POST['do_backup'])) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
switch($_POST['do_backup']) {
case 'backup':
$this->perform_backup();
break;
}
} elseif (isset($_GET['fragment'] )) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
add_action('init', array(&$this, 'init'));
} elseif (isset($_GET['backup'] )) {
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
add_action('init', array(&$this, 'init'));
} else {
add_action('admin_menu', array(&$this, 'admin_menu'));
}
function init() {
- global $user_level;
- get_currentuserinfo();
-
- if ($user_level < 9) die(__('Need higher user level.'));
+ if ( !current_user_can('import') ) die(__('You are not allowed to perform backups.'));
if (isset($_GET['backup'])) {
$via = isset($_GET['via']) ? $_GET['via'] : 'http';
$this->backup_file = $_GET['backup'];
-
+ $this->validate_file($this->backup_file);
+
switch($via) {
case 'smtp':
case 'email':
}
if (isset($_GET['fragment'] )) {
list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+ $this->validate_file($filename);
$this->backup_fragment($table, $segment, $filename);
}
$core_tables = $_POST['core_tables'];
$this->backup_file = $this->db_backup($core_tables, $also_backup);
- if (FALSE !== $backup_file) {
+ if (FALSE !== $this->backup_file) {
if ('smtp' == $_POST['deliver']) {
$this->deliver_backup ($this->backup_file, $_POST['deliver'], $_POST['backup_recipient']);
} elseif ('http' == $_POST['deliver']) {
///////////////////////////////
function admin_menu() {
- add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+ add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
}
function fragment_menu() {
- add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+ add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
}
/////////////////////////////////////////////////////////
return;
} // wp_cron_db_backup
+
+ function validate_file($file) {
+ if (false !== strpos($file, '..'))
+ die(__("Cheatin' uh ?"));
+
+ if (false !== strpos($file, './'))
+ die(__("Cheatin' uh ?"));
+
+ if (':' == substr($file, 1, 1))
+ die(__("Cheatin' uh ?"));
+ }
+
+}
+
+function wpdbBackup_init() {
+ global $mywpdbbackup;
+
+ if ( !current_user_can('import') ) return;
+
+ $mywpdbbackup = new wpdbBackup();
}
-$mywpdbbackup = new wpdbBackup();
+add_action('plugins_loaded', 'wpdbBackup_init');
?>