Issues in interface.php (master) - Issues in master - humanmade/backupwordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (217)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

functions/interface.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace HM\BackUpWordPress;

/**
 * Displays a row in the manage backups table
 *
 * @param string                 $file
 * @param Scheduled_Backup $schedule
 */
function get_backup_row( $file, Scheduled_Backup $schedule ) {

	$encoded_file = urlencode( base64_encode( $file ) );
	$offset       = get_option( 'gmt_offset' ) * 3600;

	?>

	<tr class="hmbkp_manage_backups_row">

		<th scope="row">
			<?php echo esc_html( date_i18n( get_option( 'date_format' ) . ' - ' . get_option( 'time_format' ), @filemtime( $file ) + $offset ) ); ?>
		</th>

		<td class="code">
			<?php echo esc_html( size_format( @filesize( $file ) ) ); ?>
		</td>

		<td><?php echo esc_html( human_get_type( $file, $schedule ) ); ?></td>

		<td>

			<?php if (  is_path_accessible( Path::get_path() )  ) : ?>
				<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'hmbkp_backup_archive' => $encoded_file, 'hmbkp_schedule_id' => $schedule->get_id(), 'action' => 'hmbkp_request_download_backup' ), admin_url( 'admin-post.php' ) ), 'hmbkp_download_backup', 'hmbkp_download_backup_nonce' ) ); ?>" class="download-action"><?php _e( 'Download', 'backupwordpress' ); ?></a> |
			<?php endif; ?>

			<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'hmbkp_backup_archive' => $encoded_file, 'hmbkp_schedule_id' => $schedule->get_id(), 'action' => 'hmbkp_request_delete_backup' ), admin_url( 'admin-post.php' ) ), 'hmbkp_delete_backup', 'hmbkp_delete_backup_nonce' ) ); ?>" class="delete-action"><?php _e( 'Delete', 'backupwordpress' ); ?></a>

		</td>

	</tr>

<?php }

/**
 * Displays admin notices for various error / warning
 * conditions
 *
 * @return void
 */
function admin_notices() {

	$current_screen = get_current_screen();

	if ( ! isset( $current_screen ) ) {
		return;
	}

	$page = is_multisite() ? HMBKP_ADMIN_PAGE . '-network' : HMBKP_ADMIN_PAGE;
	if ( $current_screen->id !== $page ) {
		return;
	}

	$notices = Notices::get_instance()->get_notices();

	if ( empty( $notices ) ) {
		return;
	}

	ob_start(); ?>

	<?php if ( ! empty( $notices['backup_errors'] ) ) : ?>

		<div id="hmbkp-warning-backup" class="error notice is-dismissible">
			<p>
				<strong><?php _e( 'BackUpWordPress detected issues with your last backup.', 'backupwordpress' ); ?></strong>
			</p>

			<ul>

				<?php foreach ( $notices['backup_errors'] as $notice ) : ?>

					<li><pre><?php echo esc_html( $notice ); ?></pre></li>

				<?php endforeach; ?>

			</ul>

		</div>

	<?php endif; ?>

	<?php if ( ! empty( $notices['server_config'] ) ) : ?>

		<div id="hmbkp-warning-server" class="error notice">

			<ul>

				<?php foreach ( $notices['server_config'] as $notice ) : ?>

					<li><?php echo wp_kses_data( $notice ); ?></li>

				<?php endforeach; ?>

			</ul>

		</div>

	<?php endif; ?>

	<?php $notices = array_filter( $notices );

	if ( ! empty( $notices ) ) : ?>

		<?php foreach ( $notices as $key => $notice_type ) : ?>

			<?php if ( ! ( in_array( $key, array( 'server_config', 'backup_errors' ) ) ) ) : ?>

				<div id="hmbkp-warning-other" class="error notice is-dismissible">

					<?php foreach ( array_unique( $notice_type ) as $msg ) : ?>

						<p><?php echo wp_kses_data( $msg ); ?></p>

					<?php endforeach; ?>

				</div>

			<?php endif; ?>

		<?php endforeach; ?>

	<?php endif; ?>

	<?php echo ob_get_clean();

}
add_action( 'admin_notices', 'HM\BackUpWordPress\admin_notices' );
add_action( 'network_admin_notices', 'HM\BackUpWordPress\admin_notices' );

function set_server_config_notices() {

	$notices = Notices::get_instance();

	$messages = array();

	if ( ! is_dir( Path::get_path() ) ) {
		$messages[] = sprintf( __( 'The backups directory can\'t be created because your %s directory isn\'t writable. Please create the folder manually.', 'backupwordpress' ), '<code>' . esc_html( dirname( Path::get_path() ) ) . '</code>' );
	}

	if ( is_dir( Path::get_path() ) && ! wp_is_writable( Path::get_path() ) ) {
		$messages[] = __( 'The backups directory isn\'t writable. Please fix the permissions.', 'backupwordpress' );
	}

	if ( Backup_Utilities::is_safe_mode_on() ) {
		$messages[] = sprintf( __( '%1$s is running in %2$s, please contact your host and ask them to disable it. BackUpWordPress may not work correctly whilst %3$s is on.', 'backupwordpress' ), '<code>PHP</code>', sprintf( '<a href="%1$s">%2$s</a>', __( 'http://php.net/manual/en/features.safe-mode.php', 'backupwordpress' ), __( 'Safe Mode', 'backupwordpress' ) ), '<code>' . __( 'Safe Mode', 'backupwordpress' ) . '</code>' );
	}

	if ( defined( 'HMBKP_PATH' ) && HMBKP_PATH ) {

		// Suppress open_basedir warning https://bugs.php.net/bug.php?id=53041
		if ( ! path_in_php_open_basedir( HMBKP_PATH ) ) {
			$messages[] = sprintf( __( 'Your server has an %1$s restriction in effect and your custom backups directory (%2$s) is not within the allowed path(s): (%3$s).', 'backupwordpress' ), '<code>open_basedir</code>', '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( @ini_get( 'open_basedir' ) ) . '</code>' );

		} elseif ( ! file_exists( HMBKP_PATH ) ) {
			$messages[] = sprintf( __( 'Your custom path does not exist', 'backupwordpress' ) );

		} else {

			if ( ! is_dir( HMBKP_PATH ) ) {
				$messages[] = sprintf( __( 'Your custom backups directory %1$s doesn\'t exist and can\'t be created, your backups will be saved to %2$s instead.', 'backupwordpress' ), '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( Path::get_path() ) . '</code>' );
			}

			if ( is_dir( HMBKP_PATH ) && ! wp_is_writable( HMBKP_PATH ) ) {
				$messages[] = sprintf( __( 'Your custom backups directory %1$s isn\'t writable, new backups will be saved to %2$s instead.', 'backupwordpress' ), '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( Path::get_path() ) . '</code>' );

			}
		}
	}

	if ( ! is_readable( Path::get_root() ) ) {
		$messages[] = sprintf( __( 'Your site root path %s isn\'t readable.', 'backupwordpress' ), '<code>' . Path::get_root() . '</code>' );
	}

	if ( ! Requirement_Mysqldump_Command_Path::test() && ! Requirement_PDO::test() ) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		$messages[] = sprintf( __( 'Your site cannot be backed up because your server doesn\'t support %1$s or %2$s. Please contact your host and ask them to enable them.', 'backupwordpress' ), '<code>mysqldump</code>', '<code>PDO::mysql</code>' );
	}

	if ( ! Requirement_Zip_Command_Path::test() && ! Requirement_Zip_Archive::test() ) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		$messages[] = sprintf( __( 'Your site cannot be backed up because your server doesn\'t support %1$s or %2$s. Please contact your host and ask them to enable them.', 'backupwordpress' ), '<code>zip</code>', '<code>ZipArchive</code>' );
	}

	if ( disk_space_low() ) {
		$messages[] = sprintf( __( 'Your server only has %s of disk space left which probably isn\'t enough to complete a backup. Try deleting some existing backups or other files to free up space.', 'backupwordpress' ), '<code>' . size_format( disk_free_space( Path::get_path() ) ) . '</code>' );
	}

	if ( count( $messages ) > 0 ) {
		$notices->set_notices( 'server_config', $messages, false );
	}

}
add_action( 'admin_init', 'HM\BackUpWordPress\set_server_config_notices' );

/**
 * Hook in an change the plugin description when BackUpWordPress is activated
 *
 * @param array $plugins
 * @return array $plugins
 */
function plugin_row( $plugins ) {

	$menu = is_multisite() ? 'Settings' : 'Tools';

	if ( isset( $plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ] ) ) {
		$plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ]['Description'] = str_replace( 'Once activated you\'ll find me under <strong>' . $menu . ' &rarr; Backups</strong>', 'Find me under <strong><a href="' . esc_url( get_settings_url() ) . '">' . $menu . ' &rarr; Backups</a></strong>', $plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ]['Description'] );
	}

	return $plugins;

}

add_filter( 'all_plugins', 'HM\BackUpWordPress\plugin_row', 10 );

/**
 * Get the human readable backup type in.
 *
 * @access public
 * @param string                 $type
 * @param Scheduled_Backup $schedule (default: null)
 * @return string
 */
function human_get_type( $type, Scheduled_Backup $schedule = null ) {

	if ( strpos( $type, 'complete' ) !== false ) {
		return __( 'Database and Files', 'backupwordpress' );
	}

	if ( strpos( $type, 'file' ) !== false ) {
		return __( 'Files', 'backupwordpress' );
	}

	if ( strpos( $type, 'database' ) !== false ) {
		return __( 'Database', 'backupwordpress' );
	}

	if ( ! is_null( $schedule ) ) {
		return human_get_type( $schedule->get_type() );
	}

	return __( 'Legacy', 'backupwordpress' );

}

/**
 * Display the row of actions for a schedule
 *
 * @access public
 * @param Scheduled_Backup $schedule
 * @return void
 */
function schedule_status( Scheduled_Backup $schedule, $echo = true ) {

	$status = new Backup_Status( $schedule->get_id() );

	ob_start(); ?>

	<span class="hmbkp-status"<?php if ( $status->get_status() ) { ?> title="<?php printf( __( 'Started %s ago', 'backupwordpress' ), human_time_diff( $status->get_start_time() ) ); ?>"<?php } ?>>
		<?php echo $status->get_status() ? wp_kses_data( $status->get_status() ) : __( 'Starting backup...', 'backupwordpress' ); ?>
		<a href="<?php echo admin_action_url( 'request_cancel_backup', array( 'hmbkp_schedule_id' => $schedule->get_id() ) ); ?>"><?php _e( 'cancel', 'backupwordpress' ); ?></a>
	</span>

	<?php $output = ob_get_clean();

	if ( ! $echo ) {
		return $output;
	}

	echo $output;

}

function backups_number( Scheduled_Backup $schedule ) {

	$number = count( $schedule->get_backups() );

	if ( 0 === $number ) {
		$output = sprintf( __( 'No backups completed', 'backupwordpress' ) );
	} else {
		$output = sprintf( _nx( 'One backup completed', '%1$s backups completed', $number, 'backups count', 'backupwordpress' ), number_format_i18n( $number ) );
	}

	echo apply_filters( 'hmbkp_backups_number', $output, $number );
}

function translated_schedule_title( $slug, $title ) {

	$titles = array(
		'complete-hourly'      => esc_html__( 'Complete Hourly', 'backupwordpress' ),
		'file-hourly'          => esc_html__( 'File Hourly', 'backupwordpress' ),
		'database-hourly'      => esc_html__( 'Database Hourly', 'backupwordpress' ),
		'complete-twicedaily'  => esc_html__( 'Complete Twice Daily', 'backupwordpress' ),
		'file-twicedaily'      => esc_html__( 'File Twice Daily', 'backupwordpress' ),
		'database-twicedaily'  => esc_html__( 'Database Twice Daily', 'backupwordpress' ),
		'complete-daily'       => esc_html__( 'Complete Daily', 'backupwordpress' ),
		'file-daily'           => esc_html__( 'File Daily', 'backupwordpress' ),
		'database-daily'       => esc_html__( 'Database Daily', 'backupwordpress' ),
		'complete-weekly'      => esc_html__( 'Complete Weekly', 'backupwordpress' ),
		'file-weekly'          => esc_html__( 'File Weekly', 'backupwordpress' ),
		'database-weekly'      => esc_html__( 'Database Weekly', 'backupwordpress' ),
		'complete-fortnightly' => esc_html__( 'Complete Every Two Weeks', 'backupwordpress' ),
		'file-fortnightly'     => esc_html__( 'File Every Two Weeks', 'backupwordpress' ),
		'database-fortnightly' => esc_html__( 'Database Every Two Weeks', 'backupwordpress' ),
		'complete-monthly'     => esc_html__( 'Complete Monthly', 'backupwordpress' ),
		'file-monthly'         => esc_html__( 'File Monthly', 'backupwordpress' ),
		'database-monthly'     => esc_html__( 'Database Monthly', 'backupwordpress' ),
		'complete-manually'    => esc_html__( 'Complete Manually', 'backupwordpress' ),
		'file-manually'        => esc_html__( 'File Manually', 'backupwordpress' ),
		'database-manually'    => esc_html__( 'Database Manually', 'backupwordpress' ),
	);

	if ( isset( $titles[ $slug ] ) ) {
		return $titles[ $slug ];
	}

	return $title;

}

function get_settings_url( $slug = HMBKP_PLUGIN_SLUG ) {

	$url = is_multisite() ? network_admin_url( 'settings.php?page=' . $slug ) : admin_url( 'tools.php?page=' . $slug );

	schedules::get_instance()->refresh_schedules();

	if ( ! empty( $_REQUEST['hmbkp_schedule_id'] ) && schedules::get_instance()->get_schedule( sanitize_text_field( $_REQUEST['hmbkp_schedule_id'] ) ) ) {
		$url = add_query_arg( 'hmbkp_schedule_id', sanitize_text_field( $_REQUEST['hmbkp_schedule_id'] ), $url );
	}

	return $url;

}

/**
 * Add an error message to the array of messages.
 *
 * @param $error_message
 */
function add_settings_error( $error_message ) {

	$hmbkp_settings_errors = get_transient( 'hmbkp_settings_errors' );

	// If it doesnt exist, create.
	if ( ! $hmbkp_settings_errors ) {
		set_transient( 'hmbkp_settings_errors', (array) $error_message );
	} else {
		set_transient( 'hmbkp_settings_errors', array_unique( array_merge( $hmbkp_settings_errors, (array) $error_message ) ) );
	}

}

/**
 * Back compat version of add_settings_error
 *
 * @deprecated 3.4 add_settings_error()
 */
function hmbkp_add_settings_error( $error_message ) {
	_deprecated_function( __FUNCTION__, '3.4', 'add_settings_error()' );
	add_settings_error( $error_message );
}

/**
 * Fetch the form submission errors for display.
 *
 * @return mixed
 */
function get_settings_errors() {
	return get_transient( 'hmbkp_settings_errors' );
}

/**
 * Clear all error messages.
 *
 * @return bool
 */
function clear_settings_errors() {
	return delete_transient( 'hmbkp_settings_errors' );
}

function path_in_php_open_basedir( $path, $ini_get = 'ini_get' ) {

	$open_basedir = @call_user_func( $ini_get, 'open_basedir' );

	if ( ! $open_basedir ) {
		return true;
	}

	$open_basedir_paths = array_map( 'trim', explode( PATH_SEPARATOR, $open_basedir ) );

	if ( ! $open_basedir_paths ) {

		return true;
	}

	// Is path in the open_basedir allowed paths?
	if ( in_array( $path, $open_basedir_paths ) ) {
		return true;
	}

	// Is path a subdirectory of one of the allowed paths?
	foreach ( $open_basedir_paths as $basedir_path ) {
		if ( 0 === strpos( $path, $basedir_path ) ) {
			return true;
		}
	}

	return false;

}

/**
 * Check if two filesizes are of the same size format
 *
 * E.g. 22 MB and 44 MB are both MB so return true. Whereas
 * 22 KB and 12 TB are not so return false.
 *
 * @param  int  $size
 * @param  int  $other_size
 *
 * @return boolean             Whether the two filesizes are of the same magnitude
 */
function is_same_size_format( $size, $other_size ) {

	if ( ! is_int( $size ) || ! is_int( $other_size ) ) {
		return false;
	}

	return preg_replace( '/[0-9]+/', '', size_format( $size ) ) === preg_replace( '/[0-9]+/', '', size_format( $other_size ) );
}

/**
 * Check whether the server is low on disk space.
 *
 * @return bool Whether there's less disk space less than 2 * the entire size of the site.
 */
function disk_space_low( $backup_size = false ) {

	$disk_space = @disk_free_space( Path::get_path() );

	if ( ! $disk_space ) {
		return false;
	}

	if ( ! $backup_size ) {

		$site_size = new Site_Size( 'complete', new Excludes() );

		if ( ! $site_size->is_site_size_cached() ) {
			return false;
		}

		$backup_size = $site_size->get_site_size() * 2;

	}

	return $backup_size >= $disk_space;

}


GitHub Access Token became invalid

Issues (217)

Security Analysis no vulnerabilities found

functions/interface.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace HM\BackUpWordPress;
4
5		/**
6		* Displays a row in the manage backups table
7		*
8		* @param string $file
9		* @param Scheduled_Backup $schedule
10		*/
11		function get_backup_row( $file, Scheduled_Backup $schedule ) {
12
13		$encoded_file = urlencode( base64_encode( $file ) );
14		$offset = get_option( 'gmt_offset' ) * 3600;
15
16		?>
17
18		<tr class="hmbkp_manage_backups_row">
19
20		<th scope="row">
21		<?php echo esc_html( date_i18n( get_option( 'date_format' ) . ' - ' . get_option( 'time_format' ), @filemtime( $file ) + $offset ) ); ?>
22		</th>
23
24		<td class="code">
25		<?php echo esc_html( size_format( @filesize( $file ) ) ); ?>
26		</td>
27
28		<td><?php echo esc_html( human_get_type( $file, $schedule ) ); ?></td>
29
30		<td>
31
32	View Code Duplication	<?php if ( is_path_accessible( Path::get_path() ) ) : ?>
33		<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'hmbkp_backup_archive' => $encoded_file, 'hmbkp_schedule_id' => $schedule->get_id(), 'action' => 'hmbkp_request_download_backup' ), admin_url( 'admin-post.php' ) ), 'hmbkp_download_backup', 'hmbkp_download_backup_nonce' ) ); ?>" class="download-action"><?php _e( 'Download', 'backupwordpress' ); ?></a> \|
34		<?php endif; ?>
35
36		<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'hmbkp_backup_archive' => $encoded_file, 'hmbkp_schedule_id' => $schedule->get_id(), 'action' => 'hmbkp_request_delete_backup' ), admin_url( 'admin-post.php' ) ), 'hmbkp_delete_backup', 'hmbkp_delete_backup_nonce' ) ); ?>" class="delete-action"><?php _e( 'Delete', 'backupwordpress' ); ?></a>
37
38		</td>
39
40		</tr>
41
42		<?php }
43
44		/**
45		* Displays admin notices for various error / warning
46		* conditions
47		*
48		* @return void
49		*/
50		function admin_notices() {
51
52		$current_screen = get_current_screen();
53
54		if ( ! isset( $current_screen ) ) {
55		return;
56		}
57
58		$page = is_multisite() ? HMBKP_ADMIN_PAGE . '-network' : HMBKP_ADMIN_PAGE;
59		if ( $current_screen->id !== $page ) {
60		return;
61		}
62
63		$notices = Notices::get_instance()->get_notices();
64
65		if ( empty( $notices ) ) {
66		return;
67		}
68
69		ob_start(); ?>
70
71		<?php if ( ! empty( $notices['backup_errors'] ) ) : ?>
72
73		<div id="hmbkp-warning-backup" class="error notice is-dismissible">
74		<p>
75		<strong><?php _e( 'BackUpWordPress detected issues with your last backup.', 'backupwordpress' ); ?></strong>
76		</p>
77
78		<ul>
79
80		<?php foreach ( $notices['backup_errors'] as $notice ) : ?>
81
82		<li><pre><?php echo esc_html( $notice ); ?></pre></li>
83
84		<?php endforeach; ?>
85
86		</ul>
87
88		</div>
89
90		<?php endif; ?>
91
92		<?php if ( ! empty( $notices['server_config'] ) ) : ?>
93
94		<div id="hmbkp-warning-server" class="error notice">
95
96		<ul>
97
98		<?php foreach ( $notices['server_config'] as $notice ) : ?>
99
100		<li><?php echo wp_kses_data( $notice ); ?></li>
101
102		<?php endforeach; ?>
103
104		</ul>
105
106		</div>
107
108		<?php endif; ?>
109
110		<?php $notices = array_filter( $notices );
111
112		if ( ! empty( $notices ) ) : ?>
113
114		<?php foreach ( $notices as $key => $notice_type ) : ?>
115
116		<?php if ( ! ( in_array( $key, array( 'server_config', 'backup_errors' ) ) ) ) : ?>
117
118		<div id="hmbkp-warning-other" class="error notice is-dismissible">
119
120		<?php foreach ( array_unique( $notice_type ) as $msg ) : ?>
121
122		<p><?php echo wp_kses_data( $msg ); ?></p>
123
124		<?php endforeach; ?>
125
126		</div>
127
128		<?php endif; ?>
129
130		<?php endforeach; ?>
131
132		<?php endif; ?>
133
134		<?php echo ob_get_clean();
135
136		}
137		add_action( 'admin_notices', 'HM\BackUpWordPress\admin_notices' );
138		add_action( 'network_admin_notices', 'HM\BackUpWordPress\admin_notices' );
139
140		function set_server_config_notices() {
141
142		$notices = Notices::get_instance();
143
144		$messages = array();
145
146		if ( ! is_dir( Path::get_path() ) ) {
147		$messages[] = sprintf( __( 'The backups directory can\'t be created because your %s directory isn\'t writable. Please create the folder manually.', 'backupwordpress' ), '<code>' . esc_html( dirname( Path::get_path() ) ) . '</code>' );
148		}
149
150		if ( is_dir( Path::get_path() ) && ! wp_is_writable( Path::get_path() ) ) {
151		$messages[] = __( 'The backups directory isn\'t writable. Please fix the permissions.', 'backupwordpress' );
152		}
153
154		if ( Backup_Utilities::is_safe_mode_on() ) {
155		$messages[] = sprintf( __( '%1$s is running in %2$s, please contact your host and ask them to disable it. BackUpWordPress may not work correctly whilst %3$s is on.', 'backupwordpress' ), '<code>PHP</code>', sprintf( '<a href="%1$s">%2$s</a>', __( 'http://php.net/manual/en/features.safe-mode.php', 'backupwordpress' ), __( 'Safe Mode', 'backupwordpress' ) ), '<code>' . __( 'Safe Mode', 'backupwordpress' ) . '</code>' );
156		}
157
158		if ( defined( 'HMBKP_PATH' ) && HMBKP_PATH ) {
159
160		// Suppress open_basedir warning https://bugs.php.net/bug.php?id=53041
161		if ( ! path_in_php_open_basedir( HMBKP_PATH ) ) {
162		$messages[] = sprintf( __( 'Your server has an %1$s restriction in effect and your custom backups directory (%2$s) is not within the allowed path(s): (%3$s).', 'backupwordpress' ), '<code>open_basedir</code>', '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( @ini_get( 'open_basedir' ) ) . '</code>' );
163
164		} elseif ( ! file_exists( HMBKP_PATH ) ) {
165		$messages[] = sprintf( __( 'Your custom path does not exist', 'backupwordpress' ) );
166
167		} else {
168
169	View Code Duplication	if ( ! is_dir( HMBKP_PATH ) ) {
170		$messages[] = sprintf( __( 'Your custom backups directory %1$s doesn\'t exist and can\'t be created, your backups will be saved to %2$s instead.', 'backupwordpress' ), '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( Path::get_path() ) . '</code>' );
171		}
172
173	View Code Duplication	if ( is_dir( HMBKP_PATH ) && ! wp_is_writable( HMBKP_PATH ) ) {
174		$messages[] = sprintf( __( 'Your custom backups directory %1$s isn\'t writable, new backups will be saved to %2$s instead.', 'backupwordpress' ), '<code>' . esc_html( HMBKP_PATH ) . '</code>', '<code>' . esc_html( Path::get_path() ) . '</code>' );
175
176		}
177		}
178		}
179
180		if ( ! is_readable( Path::get_root() ) ) {
181		$messages[] = sprintf( __( 'Your site root path %s isn\'t readable.', 'backupwordpress' ), '<code>' . Path::get_root() . '</code>' );
182		}
183
184		if ( ! Requirement_Mysqldump_Command_Path::test() && ! Requirement_PDO::test() ) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-23 23:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `\HM\BackUpWordPress\Requ...mp_Command_Path::test()` of type `string\|false` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history... Bug Best Practice introduced 2016-01-23 23:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `\HM\BackUpWordPress\Requirement_PDO::test()` of type `string\|false` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
185		$messages[] = sprintf( __( 'Your site cannot be backed up because your server doesn\'t support %1$s or %2$s. Please contact your host and ask them to enable them.', 'backupwordpress' ), '<code>mysqldump</code>', '<code>PDO::mysql</code>' );
186		}
187
188		if ( ! Requirement_Zip_Command_Path::test() && ! Requirement_Zip_Archive::test() ) {
		0 ignored issues – show Bug Best Practice introduced 2016-03-11 23:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `\HM\BackUpWordPress\Requ...ip_Command_Path::test()` of type `string\|false` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
189		$messages[] = sprintf( __( 'Your site cannot be backed up because your server doesn\'t support %1$s or %2$s. Please contact your host and ask them to enable them.', 'backupwordpress' ), '<code>zip</code>', '<code>ZipArchive</code>' );
190		}
191
192		if ( disk_space_low() ) {
193		$messages[] = sprintf( __( 'Your server only has %s of disk space left which probably isn\'t enough to complete a backup. Try deleting some existing backups or other files to free up space.', 'backupwordpress' ), '<code>' . size_format( disk_free_space( Path::get_path() ) ) . '</code>' );
194		}
195
196		if ( count( $messages ) > 0 ) {
197		$notices->set_notices( 'server_config', $messages, false );
198		}
199
200		}
201		add_action( 'admin_init', 'HM\BackUpWordPress\set_server_config_notices' );
202
203		/**
204		* Hook in an change the plugin description when BackUpWordPress is activated
205		*
206		* @param array $plugins
207		* @return array $plugins
208		*/
209		function plugin_row( $plugins ) {
210
211		$menu = is_multisite() ? 'Settings' : 'Tools';
212
213		if ( isset( $plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ] ) ) {
214		$plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ]['Description'] = str_replace( 'Once activated you\'ll find me under <strong>' . $menu . ' → Backups</strong>', 'Find me under <strong><a href="' . esc_url( get_settings_url() ) . '">' . $menu . ' → Backups</a></strong>', $plugins[ HMBKP_PLUGIN_SLUG . '/backupwordpress.php' ]['Description'] );
215		}
216
217		return $plugins;
218
219		}
220
221		add_filter( 'all_plugins', 'HM\BackUpWordPress\plugin_row', 10 );
222
223		/**
224		* Get the human readable backup type in.
225		*
226		* @access public
227		* @param string $type
228		* @param Scheduled_Backup $schedule (default: null)
229		* @return string
230		*/
231		function human_get_type( $type, Scheduled_Backup $schedule = null ) {
232
233		if ( strpos( $type, 'complete' ) !== false ) {
234		return __( 'Database and Files', 'backupwordpress' );
235		}
236
237		if ( strpos( $type, 'file' ) !== false ) {
238		return __( 'Files', 'backupwordpress' );
239		}
240
241		if ( strpos( $type, 'database' ) !== false ) {
242		return __( 'Database', 'backupwordpress' );
243		}
244
245		if ( ! is_null( $schedule ) ) {
246		return human_get_type( $schedule->get_type() );
247		}
248
249		return __( 'Legacy', 'backupwordpress' );
250
251		}
252
253		/**
254		* Display the row of actions for a schedule
255		*
256		* @access public
257		* @param Scheduled_Backup $schedule
258		* @return void
259		*/
260		function schedule_status( Scheduled_Backup $schedule, $echo = true ) {
261
262		$status = new Backup_Status( $schedule->get_id() );
263
264		ob_start(); ?>
265
266		<span class="hmbkp-status"<?php if ( $status->get_status() ) { ?> title="<?php printf( __( 'Started %s ago', 'backupwordpress' ), human_time_diff( $status->get_start_time() ) ); ?>"<?php } ?>>
267		<?php echo $status->get_status() ? wp_kses_data( $status->get_status() ) : __( 'Starting backup...', 'backupwordpress' ); ?>
268		<a href="<?php echo admin_action_url( 'request_cancel_backup', array( 'hmbkp_schedule_id' => $schedule->get_id() ) ); ?>"><?php _e( 'cancel', 'backupwordpress' ); ?></a>
269		</span>
270
271		<?php $output = ob_get_clean();
272
273		if ( ! $echo ) {
274		return $output;
275		}
276
277		echo $output;
278
279		}
280
281		function backups_number( Scheduled_Backup $schedule ) {
282
283		$number = count( $schedule->get_backups() );
284
285		if ( 0 === $number ) {
286		$output = sprintf( __( 'No backups completed', 'backupwordpress' ) );
287		} else {
288		$output = sprintf( _nx( 'One backup completed', '%1$s backups completed', $number, 'backups count', 'backupwordpress' ), number_format_i18n( $number ) );
289		}
290
291		echo apply_filters( 'hmbkp_backups_number', $output, $number );
292		}
293
294		function translated_schedule_title( $slug, $title ) {
295
296		$titles = array(
297		'complete-hourly' => esc_html__( 'Complete Hourly', 'backupwordpress' ),
298		'file-hourly' => esc_html__( 'File Hourly', 'backupwordpress' ),
299		'database-hourly' => esc_html__( 'Database Hourly', 'backupwordpress' ),
300		'complete-twicedaily' => esc_html__( 'Complete Twice Daily', 'backupwordpress' ),
301		'file-twicedaily' => esc_html__( 'File Twice Daily', 'backupwordpress' ),
302		'database-twicedaily' => esc_html__( 'Database Twice Daily', 'backupwordpress' ),
303		'complete-daily' => esc_html__( 'Complete Daily', 'backupwordpress' ),
304		'file-daily' => esc_html__( 'File Daily', 'backupwordpress' ),
305		'database-daily' => esc_html__( 'Database Daily', 'backupwordpress' ),
306		'complete-weekly' => esc_html__( 'Complete Weekly', 'backupwordpress' ),
307		'file-weekly' => esc_html__( 'File Weekly', 'backupwordpress' ),
308		'database-weekly' => esc_html__( 'Database Weekly', 'backupwordpress' ),
309		'complete-fortnightly' => esc_html__( 'Complete Every Two Weeks', 'backupwordpress' ),
310		'file-fortnightly' => esc_html__( 'File Every Two Weeks', 'backupwordpress' ),
311		'database-fortnightly' => esc_html__( 'Database Every Two Weeks', 'backupwordpress' ),
312		'complete-monthly' => esc_html__( 'Complete Monthly', 'backupwordpress' ),
313		'file-monthly' => esc_html__( 'File Monthly', 'backupwordpress' ),
314		'database-monthly' => esc_html__( 'Database Monthly', 'backupwordpress' ),
315		'complete-manually' => esc_html__( 'Complete Manually', 'backupwordpress' ),
316		'file-manually' => esc_html__( 'File Manually', 'backupwordpress' ),
317		'database-manually' => esc_html__( 'Database Manually', 'backupwordpress' ),
318		);
319
320		if ( isset( $titles[ $slug ] ) ) {
321		return $titles[ $slug ];
322		}
323
324		return $title;
325
326		}
327
328		function get_settings_url( $slug = HMBKP_PLUGIN_SLUG ) {
329
330		$url = is_multisite() ? network_admin_url( 'settings.php?page=' . $slug ) : admin_url( 'tools.php?page=' . $slug );
331
332		schedules::get_instance()->refresh_schedules();
333
334		if ( ! empty( $_REQUEST['hmbkp_schedule_id'] ) && schedules::get_instance()->get_schedule( sanitize_text_field( $_REQUEST['hmbkp_schedule_id'] ) ) ) {
335		$url = add_query_arg( 'hmbkp_schedule_id', sanitize_text_field( $_REQUEST['hmbkp_schedule_id'] ), $url );
336		}
337
338		return $url;
339
340		}
341
342		/**
343		* Add an error message to the array of messages.
344		*
345		* @param $error_message
346		*/
347		function add_settings_error( $error_message ) {
348
349		$hmbkp_settings_errors = get_transient( 'hmbkp_settings_errors' );
350
351		// If it doesnt exist, create.
352		if ( ! $hmbkp_settings_errors ) {
353		set_transient( 'hmbkp_settings_errors', (array) $error_message );
354		} else {
355		set_transient( 'hmbkp_settings_errors', array_unique( array_merge( $hmbkp_settings_errors, (array) $error_message ) ) );
356		}
357
358		}
359
360		/**
361		* Back compat version of add_settings_error
362		*
363		* @deprecated 3.4 add_settings_error()
364		*/
365		function hmbkp_add_settings_error( $error_message ) {
366		_deprecated_function( __FUNCTION__, '3.4', 'add_settings_error()' );
367		add_settings_error( $error_message );
368		}
369
370		/**
371		* Fetch the form submission errors for display.
372		*
373		* @return mixed
374		*/
375		function get_settings_errors() {
376		return get_transient( 'hmbkp_settings_errors' );
377		}
378
379		/**
380		* Clear all error messages.
381		*
382		* @return bool
383		*/
384		function clear_settings_errors() {
385		return delete_transient( 'hmbkp_settings_errors' );
386		}
387
388		function path_in_php_open_basedir( $path, $ini_get = 'ini_get' ) {
389
390		$open_basedir = @call_user_func( $ini_get, 'open_basedir' );
391
392		if ( ! $open_basedir ) {
393		return true;
394		}
395
396		$open_basedir_paths = array_map( 'trim', explode( PATH_SEPARATOR, $open_basedir ) );
397
398		if ( ! $open_basedir_paths ) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-23 23:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$open_basedir_paths` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
399		return true;
400		}
401
402		// Is path in the open_basedir allowed paths?
403		if ( in_array( $path, $open_basedir_paths ) ) {
404		return true;
405		}
406
407		// Is path a subdirectory of one of the allowed paths?
408		foreach ( $open_basedir_paths as $basedir_path ) {
409		if ( 0 === strpos( $path, $basedir_path ) ) {
410		return true;
411		}
412		}
413
414		return false;
415
416		}
417
418		/**
419		* Check if two filesizes are of the same size format
420		*
421		* E.g. 22 MB and 44 MB are both MB so return true. Whereas
422		* 22 KB and 12 TB are not so return false.
423		*
424		* @param int $size
425		* @param int $other_size
426		*
427		* @return boolean Whether the two filesizes are of the same magnitude
428		*/
429		function is_same_size_format( $size, $other_size ) {
430
431		if ( ! is_int( $size ) \|\| ! is_int( $other_size ) ) {
432		return false;
433		}
434
435		return preg_replace( '/[0-9]+/', '', size_format( $size ) ) === preg_replace( '/[0-9]+/', '', size_format( $other_size ) );
436		}
437
438		/**
439		* Check whether the server is low on disk space.
440		*
441		* @return bool Whether there's less disk space less than 2 * the entire size of the site.
442		*/
443		function disk_space_low( $backup_size = false ) {
444
445		$disk_space = @disk_free_space( Path::get_path() );
446
447		if ( ! $disk_space ) {
448		return false;
449		}
450
451		if ( ! $backup_size ) {
452
453		$site_size = new Site_Size( 'complete', new Excludes() );
454
455		if ( ! $site_size->is_site_size_cached() ) {
456		return false;
457		}
458
459		$backup_size = $site_size->get_site_size() * 2;
460
461		}
462
463		return $backup_size >= $disk_space;
464
465		}
466

humanmade / backupwordpress

GitHub Access Token became invalid

Issues (217)

Security Analysis no vulnerabilities found

functions/interface.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like