Issues in class-plugin.php (master) - Issues in master - humanmade/backupwordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (217)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

classes/class-plugin.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace HM\BackUpWordPress;

/**
 * Class Plugin
 */
final class Plugin {
	const PLUGIN_VERSION = '3.6.2';

	/**
	 * @var Plugin The singleton instance.
	 */
	private static $instance;

	/**
	 * Instantiates a new Plugin object.
	 */
	private function __construct() {
		add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ) );

		$hide_notice = get_site_option( 'hmbkp_hide_info_notice', false );

		if ( ! $hide_notice ) {
			add_action( 'admin_notices', array( $this, 'display_feature_message' ) );
			add_action( 'network_admin_notices', array( $this, 'display_feature_message' ) );
		}

	}

	/**
	 * Insures we always return the same object.
	 *
	 * @return Plugin
	 */
	public static function get_instance() {

		if ( ! ( self::$instance instanceof Plugin ) ) {
			self::$instance = new Plugin();
		}

		return self::$instance;
	}

	/**
	 * Initialize the plugin.
	 */
	public function plugins_loaded() {

		if ( true !== $this->maybe_self_deactivate() ) {

			$this->constants();

			$this->includes();

			$this->hooks();

			$this->text_domain();

			// If we get here, then BWP is loaded
			do_action( 'backupwordpress_loaded' );

		}

	}

	/**
	 * Check plugin requirements.
	 *
	 * @return bool True is fails requirements. False otherwise.
	 */
	public function maybe_self_deactivate() {

		require_once( HMBKP_PLUGIN_PATH . 'classes/class-setup.php' );

		if ( false === \HMBKP_Setup::meets_requirements() ) {

			add_action( 'admin_init', array( '\HMBKP_Setup', 'self_deactivate' ) );

			add_action( 'all_admin_notices', array( '\HMBKP_Setup', 'display_admin_notices' ) );

			return true;

		}

		return false;

	}

	/**
	 * Define all the constants.
	 */
	public function constants() {

		if ( ! defined( 'HMBKP_PLUGIN_SLUG' ) ) {
			define( 'HMBKP_PLUGIN_SLUG', dirname( HMBKP_BASENAME ) );
		}

		if ( ! defined( 'HMBKP_PLUGIN_URL' ) ) {
			define( 'HMBKP_PLUGIN_URL', plugin_dir_url( HMBKP_BASENAME ) );
		}

		if ( ! defined( 'HMBKP_PLUGIN_LANG_DIR' ) ) {
			define( 'HMBKP_PLUGIN_LANG_DIR', apply_filters( 'hmbkp_filter_lang_dir', HMBKP_PLUGIN_SLUG . '/languages/' ) );
		}

		if ( ! defined( 'HMBKP_ADMIN_URL' ) ) {
			$page = is_multisite() ? network_admin_url( 'settings.php' ) : admin_url( 'tools.php' );
			define( 'HMBKP_ADMIN_URL', add_query_arg( 'page', HMBKP_PLUGIN_SLUG, $page ) );
		}

		if ( ! defined( 'HMBKP_ADMIN_PAGE' ) ) {
			$prefix = is_multisite() ? 'settings_page_' : 'tools_page_';

			define( 'HMBKP_ADMIN_PAGE', $prefix . HMBKP_PLUGIN_SLUG );
		}

		define( 'HMBKP_SECURE_KEY', $this->generate_key() );

	}

	/**
	 * Load all BackUpWordPress functions.
	 */
	protected function includes() {

		require_once( HMBKP_PLUGIN_PATH . 'vendor/autoload.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/class-notices.php' );

		// Load Whitelist HTML submodule and admin required functions.
		require_once( HMBKP_PLUGIN_PATH . 'whitelist-html/whitelist-html.php' );
		require_once( HMBKP_PLUGIN_PATH . 'admin/menu.php' );
		require_once( HMBKP_PLUGIN_PATH . 'admin/actions.php' );

		// Load Backdrop if necessary.
		if ( ! class_exists( 'HM_Backdrop_Task' ) ) {
			require_once( HMBKP_PLUGIN_PATH . 'backdrop/hm-backdrop.php' );
		}

		require_once( HMBKP_PLUGIN_PATH . 'classes/class-requirements.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-requirement.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/class-path.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-excludes.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-site-size.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-utilities.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-status.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database-mysqldump.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database-imysqldump.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file-zip.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file-zip-archive.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup.php' );

		// Load the backup scheduling classes
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-scheduled-backup.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-schedules.php' );

		// Load the core functions
		require_once( HMBKP_PLUGIN_PATH . 'functions/core.php' );
		require_once( HMBKP_PLUGIN_PATH . 'functions/interface.php' );

		// Load the services
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-services.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-service.php' );

		// Load the email service
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-email-service.php' );

		// Load the webhook services
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-webhook-service.php' );
		require_once( HMBKP_PLUGIN_PATH . 'classes/class-wpremote-webhook-service.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/deprecated.php' );

		require_once( HMBKP_PLUGIN_PATH . 'classes/class-extensions.php' );

		// Load the wp cli command
		if ( defined( 'WP_CLI' ) && WP_CLI ) {
			include( HMBKP_PLUGIN_PATH . 'classes/class-backupwordpress-wp-cli-command.php' );
		}

	}

	/**
	 * Hook into WordPress page lifecycle and execute BackUpWordPress functions.
	 */
	public function hooks() {

		add_action( 'activated_plugin', array( $this, 'load_first' ) );

		add_action( 'admin_init', array( $this, 'upgrade' ) );

		add_action( 'admin_init', array( $this, 'init' ) );

		add_action( 'hmbkp_schedule_hook', array( $this, 'schedule_hook_run' ) );

		add_action( 'admin_enqueue_scripts', array( $this, 'scripts' ) );

		add_action( 'admin_footer-' . HMBKP_ADMIN_PAGE, array( $this, 'load_intercom_script' ) );

		add_action( 'admin_enqueue_scripts', array( $this, 'styles' ) );

	}

	/**
	 * Load the Javascript in the admin.
	 *
	 * @param $hook The name of the admin page hook.
	 */
	public function scripts( $hook ) {

		if ( HMBKP_ADMIN_PAGE !== $hook ) {
			return;
		}

		$js_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.min.js';

		// TODO shuold this also support WP_SCRIPT_DEBUG
		if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
			$js_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.js';
		}

		wp_enqueue_script( 'hmbkp', $js_file, array( 'heartbeat' ), sanitize_key( self::PLUGIN_VERSION ) );

		wp_localize_script(
			'hmbkp',
			'hmbkp',
			array(
				'page_slug'                => HMBKP_PLUGIN_SLUG,
				'nonce'                    => wp_create_nonce( 'hmbkp_nonce' ),
				'hmbkp_run_schedule_nonce' => wp_create_nonce( 'hmbkp_run_schedule' ),
				'update'                   => __( 'Update', 'backupwordpress' ),
				'cancel'                   => __( 'Cancel', 'backupwordpress' ),
				'delete_schedule'          => __( 'Are you sure you want to delete this schedule? All of its backups will also be deleted.', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
				'delete_backup'            => __( 'Are you sure you want to delete this backup?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
				'remove_exclude_rule'      => __( 'Are you sure you want to remove this exclude rule?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
				'remove_old_backups'       => __( 'Reducing the number of backups that are stored on this server will cause some of your existing backups to be deleted. Are you sure that\'s what you want?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
			)
		);

	}

	/**
	 * Loads the plugin text domain for translation.
	 * This setup allows a user to just drop his custom translation files into the WordPress language directory
	 * Files will need to be in a subdirectory with the name of the textdomain 'backupwordpress'
	 */
	public function text_domain() {

		// Set unique textdomain string
		$textdomain = 'backupwordpress';

		// The 'plugin_locale' filter is also used by default in load_plugin_textdomain()
		$locale = apply_filters( 'plugin_locale', get_locale(), $textdomain );

		// Set filter for WordPress languages directory
		$hmbkp_wp_lang_dir = apply_filters( 'hmbkp_do_filter_wp_lang_dir', trailingslashit( WP_LANG_DIR ) . trailingslashit( $textdomain ) . $textdomain . '-' . $locale . '.mo' );

		// Translations: First, look in WordPress' "languages" folder = custom & update-secure!
		load_textdomain( $textdomain, $hmbkp_wp_lang_dir );

		// Translations: Secondly, look in plugin's "languages" folder = default
		load_plugin_textdomain( $textdomain, false, HMBKP_PLUGIN_LANG_DIR );

	}

	/**
	 * Determine if we need to run an upgrade routine.
	 */
	public function upgrade() {

		// Fire the update action
		if ( self::PLUGIN_VERSION != get_option( 'hmbkp_plugin_version' ) ) {
			update();
		}

	}

	/**
	 * Runs on every admin page load
	 */
	public function init() {

		// If we have multiple paths for some reason then clean them up
		Path::get_instance()->merge_existing_paths();
	}

	/**
	 * Generate a unique key.
	 *
	 * @return string
	 */
	protected function generate_key() {

		$check = apply_filters( 'hmbkp_generate_key', null );

		if ( null !== $check ) {
			return $check;
		}

		$key = array( ABSPATH, time() );
		$constants = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT', 'SECRET_KEY' );

		foreach ( $constants as $constant ) {
			if ( defined( $constant ) ) {
				$key[] = constant( $constant );
			}
		}

		shuffle( $key );

		return md5( serialize( $key ) );

	}

	/**
	 * Ensure BackUpWordPress is loaded before add-ons, changes the order of the serialized values in the DB field.
	 */
	public function load_first() {

		$active_plugins = get_option( 'active_plugins' );

		$plugin_path = plugin_basename( __FILE__ );

		$key = array_search( $plugin_path, $active_plugins );

		if ( $key > 0 ) {

			array_splice( $active_plugins, $key, 1 );

			array_unshift( $active_plugins, $plugin_path );

			update_option( 'active_plugins', $active_plugins );

		}

	}

	/**
	 * Function to run when the schedule cron fires.
	 *
	 * @param $schedule_id
	 */
	public function schedule_hook_run( $schedule_id ) {

		if ( ! is_backup_possible() ) {
			return;
		}

		$schedules = Schedules::get_instance();
		$schedule  = $schedules->get_schedule( $schedule_id );

		if ( ! $schedule ) {
			return;
		}

		$schedule->run();

	}

	/**
	 * Enqueue the plugin styles.
	 *
	 * @param $hook
	 */
	public function styles( $hook ) {

		if ( 'tools_page_backupwordpress_extensions' !== $hook && HMBKP_ADMIN_PAGE !== $hook ) {
			return;
		}

		$css_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.min.css';

		if ( WP_DEBUG ) {
			$css_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.css';
		}

		wp_enqueue_style( 'backupwordpress', $css_file, false, sanitize_key( self::PLUGIN_VERSION ) );

	}

	/**
	 * Load Intercom and send across user information and server info. Only loaded if the user has opted in.
	 *
	 * @param $hook
	 */
	public function load_intercom_script() {

		if ( ! get_option( 'hmbkp_enable_support' ) ) {
			return;
		}

		$info = array();

		foreach ( Requirements::get_requirement_groups() as $group ) {
			foreach ( Requirements::get_requirements( $group ) as $requirement ) {
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
				$info[ $requirement->name() ] = $requirement->result();
			}
		}

		foreach ( Services::get_services() as $file => $service ) {
			array_merge( $info, call_user_func( array( $service, 'intercom_data' ) ) );
		}

		$current_user = wp_get_current_user();

		$info['user_hash']  = hash_hmac( 'sha256', $current_user->user_email, 'fcUEt7Vi4ym5PXdcr2UNpGdgZTEvxX9NJl8YBTxK' );
		$info['email']      = $current_user->user_email;
		$info['created_at'] = strtotime( $current_user->user_registered );
		$info['app_id']     = '7f1l4qyq';
		$info['name']       = $current_user->display_name;
		$info['widget']     = array( 'activator' => '#intercom' ); ?>

		<script id="IntercomSettingsScriptTag">
			window.intercomSettings = <?php echo json_encode( $info ); ?>;
		</script>
		<script>!function(){function e(){var a=c.createElement("script");a.type="text/javascript",a.async=!0,a.src="https://static.intercomcdn.com/intercom.v1.js";var b=c.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)}var a=window,b=a.Intercom;if("function"==typeof b)b("reattach_activator"),b("update",intercomSettings);else{var c=document,d=function(){d.c(arguments)};d.q=[],d.c=function(a){d.q.push(a)},a.Intercom=d,a.attachEvent?a.attachEvent("onload",e):a.addEventListener("load",e,!1)}}();</script>

	<?php }

	public function display_feature_message() {

		$current_screen = get_current_screen();

		if ( ! isset( $current_screen ) ) {
			return;
		}

		$page = is_multisite() ? HMBKP_ADMIN_PAGE . '-network' : HMBKP_ADMIN_PAGE;
		if ( $current_screen->id !== $page ) {
			return;
		}

		/* translators: %1$s and %2$s expand to anchor tags linking to the new extensions page. */
		$info_message = sprintf(
			__( 'Thanks for updating BackUpWordPress, why not check out %1$sour extensions?%2$s', 'backupwordpress' ),
			'<a href="' . esc_url( get_settings_url( HMBKP_PLUGIN_SLUG . '_extensions' ) ) . '">',
			'</a>'
		);
		?>

		<div id="hmbkp-info-message" class="updated notice is-dismissible">

			<p><?php echo wp_kses_post( $info_message ); ?></p>

			<button type="button" class="notice-dismiss"><span class="screen-reader-text"><?php esc_html_e( 'Dismiss this notice.', 'backupwordpress' ); ?></span></button>

		</div>

	<?php }

}

if ( is_multisite() && ! is_main_site() ) {
	return;
}

Plugin::get_instance();


GitHub Access Token became invalid

Issues (217)

Security Analysis no vulnerabilities found

classes/class-plugin.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace HM\BackUpWordPress;
4
5		/**
6		* Class Plugin
7		*/
8		final class Plugin {
9		const PLUGIN_VERSION = '3.6.2';
10
11		/**
12		* @var Plugin The singleton instance.
13		*/
14		private static $instance;
15
16		/**
17		* Instantiates a new Plugin object.
18		*/
19		private function __construct() {
20		add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ) );
21
22		$hide_notice = get_site_option( 'hmbkp_hide_info_notice', false );
23
24		if ( ! $hide_notice ) {
25		add_action( 'admin_notices', array( $this, 'display_feature_message' ) );
26		add_action( 'network_admin_notices', array( $this, 'display_feature_message' ) );
27		}
28
29		}
30
31		/**
32		* Insures we always return the same object.
33		*
34		* @return Plugin
35		*/
36		public static function get_instance() {
37
38		if ( ! ( self::$instance instanceof Plugin ) ) {
39		self::$instance = new Plugin();
40		}
41
42		return self::$instance;
43		}
44
45		/**
46		* Initialize the plugin.
47		*/
48		public function plugins_loaded() {
49
50		if ( true !== $this->maybe_self_deactivate() ) {
51
52		$this->constants();
53
54		$this->includes();
55
56		$this->hooks();
57
58		$this->text_domain();
59
60		// If we get here, then BWP is loaded
61		do_action( 'backupwordpress_loaded' );
62
63		}
64
65		}
66
67		/**
68		* Check plugin requirements.
69		*
70		* @return bool True is fails requirements. False otherwise.
71		*/
72		public function maybe_self_deactivate() {
73
74		require_once( HMBKP_PLUGIN_PATH . 'classes/class-setup.php' );
75
76	View Code Duplication	if ( false === \HMBKP_Setup::meets_requirements() ) {
77
78		add_action( 'admin_init', array( '\HMBKP_Setup', 'self_deactivate' ) );
79
80		add_action( 'all_admin_notices', array( '\HMBKP_Setup', 'display_admin_notices' ) );
81
82		return true;
83
84		}
85
86		return false;
87
88		}
89
90		/**
91		* Define all the constants.
92		*/
93		public function constants() {
94
95		if ( ! defined( 'HMBKP_PLUGIN_SLUG' ) ) {
96		define( 'HMBKP_PLUGIN_SLUG', dirname( HMBKP_BASENAME ) );
97		}
98
99		if ( ! defined( 'HMBKP_PLUGIN_URL' ) ) {
100		define( 'HMBKP_PLUGIN_URL', plugin_dir_url( HMBKP_BASENAME ) );
101		}
102
103		if ( ! defined( 'HMBKP_PLUGIN_LANG_DIR' ) ) {
104		define( 'HMBKP_PLUGIN_LANG_DIR', apply_filters( 'hmbkp_filter_lang_dir', HMBKP_PLUGIN_SLUG . '/languages/' ) );
105		}
106
107		if ( ! defined( 'HMBKP_ADMIN_URL' ) ) {
108		$page = is_multisite() ? network_admin_url( 'settings.php' ) : admin_url( 'tools.php' );
109		define( 'HMBKP_ADMIN_URL', add_query_arg( 'page', HMBKP_PLUGIN_SLUG, $page ) );
110		}
111
112		if ( ! defined( 'HMBKP_ADMIN_PAGE' ) ) {
113		$prefix = is_multisite() ? 'settings_page_' : 'tools_page_';
114
115		define( 'HMBKP_ADMIN_PAGE', $prefix . HMBKP_PLUGIN_SLUG );
116		}
117
118		define( 'HMBKP_SECURE_KEY', $this->generate_key() );
119
120		}
121
122		/**
123		* Load all BackUpWordPress functions.
124		*/
125		protected function includes() {
126
127		require_once( HMBKP_PLUGIN_PATH . 'vendor/autoload.php' );
128
129		require_once( HMBKP_PLUGIN_PATH . 'classes/class-notices.php' );
130
131		// Load Whitelist HTML submodule and admin required functions.
132		require_once( HMBKP_PLUGIN_PATH . 'whitelist-html/whitelist-html.php' );
133		require_once( HMBKP_PLUGIN_PATH . 'admin/menu.php' );
134		require_once( HMBKP_PLUGIN_PATH . 'admin/actions.php' );
135
136		// Load Backdrop if necessary.
137		if ( ! class_exists( 'HM_Backdrop_Task' ) ) {
138		require_once( HMBKP_PLUGIN_PATH . 'backdrop/hm-backdrop.php' );
139		}
140
141		require_once( HMBKP_PLUGIN_PATH . 'classes/class-requirements.php' );
142		require_once( HMBKP_PLUGIN_PATH . 'classes/class-requirement.php' );
143
144		require_once( HMBKP_PLUGIN_PATH . 'classes/class-path.php' );
145		require_once( HMBKP_PLUGIN_PATH . 'classes/class-excludes.php' );
146		require_once( HMBKP_PLUGIN_PATH . 'classes/class-site-size.php' );
147
148		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-utilities.php' );
149		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-status.php' );
150
151		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine.php' );
152
153		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database.php' );
154		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database-mysqldump.php' );
155		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-database-imysqldump.php' );
156
157		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file.php' );
158		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file-zip.php' );
159		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup-engine-file-zip-archive.php' );
160
161		require_once( HMBKP_PLUGIN_PATH . 'classes/backup/class-backup.php' );
162
163		// Load the backup scheduling classes
164		require_once( HMBKP_PLUGIN_PATH . 'classes/class-scheduled-backup.php' );
165		require_once( HMBKP_PLUGIN_PATH . 'classes/class-schedules.php' );
166
167		// Load the core functions
168		require_once( HMBKP_PLUGIN_PATH . 'functions/core.php' );
169		require_once( HMBKP_PLUGIN_PATH . 'functions/interface.php' );
170
171		// Load the services
172		require_once( HMBKP_PLUGIN_PATH . 'classes/class-services.php' );
173		require_once( HMBKP_PLUGIN_PATH . 'classes/class-service.php' );
174
175		// Load the email service
176		require_once( HMBKP_PLUGIN_PATH . 'classes/class-email-service.php' );
177
178		// Load the webhook services
179		require_once( HMBKP_PLUGIN_PATH . 'classes/class-webhook-service.php' );
180		require_once( HMBKP_PLUGIN_PATH . 'classes/class-wpremote-webhook-service.php' );
181
182		require_once( HMBKP_PLUGIN_PATH . 'classes/deprecated.php' );
183
184		require_once( HMBKP_PLUGIN_PATH . 'classes/class-extensions.php' );
185
186		// Load the wp cli command
187		if ( defined( 'WP_CLI' ) && WP_CLI ) {
188		include( HMBKP_PLUGIN_PATH . 'classes/class-backupwordpress-wp-cli-command.php' );
189		}
190
191		}
192
193		/**
194		* Hook into WordPress page lifecycle and execute BackUpWordPress functions.
195		*/
196		public function hooks() {
197
198		add_action( 'activated_plugin', array( $this, 'load_first' ) );
199
200		add_action( 'admin_init', array( $this, 'upgrade' ) );
201
202		add_action( 'admin_init', array( $this, 'init' ) );
203
204		add_action( 'hmbkp_schedule_hook', array( $this, 'schedule_hook_run' ) );
205
206		add_action( 'admin_enqueue_scripts', array( $this, 'scripts' ) );
207
208		add_action( 'admin_footer-' . HMBKP_ADMIN_PAGE, array( $this, 'load_intercom_script' ) );
209
210		add_action( 'admin_enqueue_scripts', array( $this, 'styles' ) );
211
212		}
213
214		/**
215		* Load the Javascript in the admin.
216		*
217		* @param $hook The name of the admin page hook.
218		*/
219		public function scripts( $hook ) {
220
221		if ( HMBKP_ADMIN_PAGE !== $hook ) {
222		return;
223		}
224
225		$js_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.min.js';
226
227		// TODO shuold this also support WP_SCRIPT_DEBUG
228		if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
229		$js_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.js';
230		}
231
232		wp_enqueue_script( 'hmbkp', $js_file, array( 'heartbeat' ), sanitize_key( self::PLUGIN_VERSION ) );
233
234		wp_localize_script(
235		'hmbkp',
236		'hmbkp',
237		array(
238		'page_slug' => HMBKP_PLUGIN_SLUG,
239		'nonce' => wp_create_nonce( 'hmbkp_nonce' ),
240		'hmbkp_run_schedule_nonce' => wp_create_nonce( 'hmbkp_run_schedule' ),
241		'update' => __( 'Update', 'backupwordpress' ),
242		'cancel' => __( 'Cancel', 'backupwordpress' ),
243		'delete_schedule' => __( 'Are you sure you want to delete this schedule? All of its backups will also be deleted.', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
244		'delete_backup' => __( 'Are you sure you want to delete this backup?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
245		'remove_exclude_rule' => __( 'Are you sure you want to remove this exclude rule?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
246		'remove_old_backups' => __( 'Reducing the number of backups that are stored on this server will cause some of your existing backups to be deleted. Are you sure that\'s what you want?', 'backupwordpress' ) . "\n\n" . __( '\'Cancel\' to go back, \'OK\' to delete.', 'backupwordpress' ) . "\n",
247		)
248		);
249
250		}
251
252		/**
253		* Loads the plugin text domain for translation.
254		* This setup allows a user to just drop his custom translation files into the WordPress language directory
255		* Files will need to be in a subdirectory with the name of the textdomain 'backupwordpress'
256		*/
257		public function text_domain() {
258
259		// Set unique textdomain string
260		$textdomain = 'backupwordpress';
261
262		// The 'plugin_locale' filter is also used by default in load_plugin_textdomain()
263		$locale = apply_filters( 'plugin_locale', get_locale(), $textdomain );
264
265		// Set filter for WordPress languages directory
266		$hmbkp_wp_lang_dir = apply_filters( 'hmbkp_do_filter_wp_lang_dir', trailingslashit( WP_LANG_DIR ) . trailingslashit( $textdomain ) . $textdomain . '-' . $locale . '.mo' );
267
268		// Translations: First, look in WordPress' "languages" folder = custom & update-secure!
269		load_textdomain( $textdomain, $hmbkp_wp_lang_dir );
270
271		// Translations: Secondly, look in plugin's "languages" folder = default
272		load_plugin_textdomain( $textdomain, false, HMBKP_PLUGIN_LANG_DIR );
273
274		}
275
276		/**
277		* Determine if we need to run an upgrade routine.
278		*/
279		public function upgrade() {
280
281		// Fire the update action
282		if ( self::PLUGIN_VERSION != get_option( 'hmbkp_plugin_version' ) ) {
283		update();
284		}
285
286		}
287
288		/**
289		* Runs on every admin page load
290		*/
291		public function init() {
292
293		// If we have multiple paths for some reason then clean them up
294		Path::get_instance()->merge_existing_paths();
295		}
296
297		/**
298		* Generate a unique key.
299		*
300		* @return string
301		*/
302		protected function generate_key() {
303
304		$check = apply_filters( 'hmbkp_generate_key', null );
305
306		if ( null !== $check ) {
307		return $check;
308		}
309
310		$key = array( ABSPATH, time() );
311		$constants = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT', 'SECRET_KEY' );
312
313		foreach ( $constants as $constant ) {
314		if ( defined( $constant ) ) {
315		$key[] = constant( $constant );
316		}
317		}
318
319		shuffle( $key );
320
321		return md5( serialize( $key ) );
322
323		}
324
325		/**
326		* Ensure BackUpWordPress is loaded before add-ons, changes the order of the serialized values in the DB field.
327		*/
328		public function load_first() {
329
330		$active_plugins = get_option( 'active_plugins' );
331
332		$plugin_path = plugin_basename( __FILE__ );
333
334		$key = array_search( $plugin_path, $active_plugins );
335
336		if ( $key > 0 ) {
337
338		array_splice( $active_plugins, $key, 1 );
339
340		array_unshift( $active_plugins, $plugin_path );
341
342		update_option( 'active_plugins', $active_plugins );
343
344		}
345
346		}
347
348		/**
349		* Function to run when the schedule cron fires.
350		*
351		* @param $schedule_id
352		*/
353		public function schedule_hook_run( $schedule_id ) {
354
355		if ( ! is_backup_possible() ) {
356		return;
357		}
358
359		$schedules = Schedules::get_instance();
360		$schedule = $schedules->get_schedule( $schedule_id );
361
362		if ( ! $schedule ) {
363		return;
364		}
365
366		$schedule->run();
367
368		}
369
370		/**
371		* Enqueue the plugin styles.
372		*
373		* @param $hook
374		*/
375		public function styles( $hook ) {
376
377		if ( 'tools_page_backupwordpress_extensions' !== $hook && HMBKP_ADMIN_PAGE !== $hook ) {
378		return;
379		}
380
381		$css_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.min.css';
382
383		if ( WP_DEBUG ) {
384		$css_file = HMBKP_PLUGIN_URL . 'assets/hmbkp.css';
385		}
386
387		wp_enqueue_style( 'backupwordpress', $css_file, false, sanitize_key( self::PLUGIN_VERSION ) );
388
389		}
390
391		/**
392		* Load Intercom and send across user information and server info. Only loaded if the user has opted in.
393		*
394		* @param $hook
395		*/
396		public function load_intercom_script() {
397
398		if ( ! get_option( 'hmbkp_enable_support' ) ) {
399		return;
400		}
401
402		$info = array();
403
404		foreach ( Requirements::get_requirement_groups() as $group ) {
405		foreach ( Requirements::get_requirements( $group ) as $requirement ) {
		0 ignored issues – show Documentation introduced 2015-11-21 01:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$group` is of type `integer\|string`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
406		$info[ $requirement->name() ] = $requirement->result();
407		}
408		}
409
410		foreach ( Services::get_services() as $file => $service ) {
411		array_merge( $info, call_user_func( array( $service, 'intercom_data' ) ) );
412		}
413
414		$current_user = wp_get_current_user();
415
416		$info['user_hash'] = hash_hmac( 'sha256', $current_user->user_email, 'fcUEt7Vi4ym5PXdcr2UNpGdgZTEvxX9NJl8YBTxK' );
417		$info['email'] = $current_user->user_email;
418		$info['created_at'] = strtotime( $current_user->user_registered );
419		$info['app_id'] = '7f1l4qyq';
420		$info['name'] = $current_user->display_name;
421		$info['widget'] = array( 'activator' => '#intercom' ); ?>
422
423		<script id="IntercomSettingsScriptTag">
424		window.intercomSettings = <?php echo json_encode( $info ); ?>;
425		</script>
426		<script>!function(){function e(){var a=c.createElement("script");a.type="text/javascript",a.async=!0,a.src="https://static.intercomcdn.com/intercom.v1.js";var b=c.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)}var a=window,b=a.Intercom;if("function"==typeof b)b("reattach_activator"),b("update",intercomSettings);else{var c=document,d=function(){d.c(arguments)};d.q=[],d.c=function(a){d.q.push(a)},a.Intercom=d,a.attachEvent?a.attachEvent("onload",e):a.addEventListener("load",e,!1)}}();</script>
427
428		<?php }
429
430		public function display_feature_message() {
431
432		$current_screen = get_current_screen();
433
434		if ( ! isset( $current_screen ) ) {
435		return;
436		}
437
438		$page = is_multisite() ? HMBKP_ADMIN_PAGE . '-network' : HMBKP_ADMIN_PAGE;
439		if ( $current_screen->id !== $page ) {
440		return;
441		}
442
443		/* translators: %1$s and %2$s expand to anchor tags linking to the new extensions page. */
444		$info_message = sprintf(
445		__( 'Thanks for updating BackUpWordPress, why not check out %1$sour extensions?%2$s', 'backupwordpress' ),
446		'<a href="' . esc_url( get_settings_url( HMBKP_PLUGIN_SLUG . '_extensions' ) ) . '">',
447		'</a>'
448		);
449		?>
450
451		<div id="hmbkp-info-message" class="updated notice is-dismissible">
452
453		<p><?php echo wp_kses_post( $info_message ); ?></p>
454
455		<button type="button" class="notice-dismiss"><span class="screen-reader-text"><?php esc_html_e( 'Dismiss this notice.', 'backupwordpress' ); ?></span></button>
456
457		</div>
458
459		<?php }
460
461		}
462
463		if ( is_multisite() && ! is_main_site() ) {
464		return;
465		}
466
467		Plugin::get_instance();
468

humanmade / backupwordpress

GitHub Access Token became invalid

Issues (217)

Security Analysis no vulnerabilities found

classes/class-plugin.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like