Changeset 3217196

Timestamp:

01/05/2025 01:35:48 PM (14 months ago)

Author:

MrViSiOn

Message:

Version 1.0.1: Enhanced security in communication with Multi WP platform and bug fixes

Location:

multi-connect

Files:

• . (modified) (2 props)
• tags/1.0.1 (copied) (copied from multi-connect/trunk)
• tags/1.0.1/.editorconfig (modified) (1 diff)
• tags/1.0.1/includes/class-admin.php (modified) (2 diffs)
• tags/1.0.1/includes/class-multi-connect-api.php (modified) (11 diffs)
• tags/1.0.1/includes/public.key (added)
• tags/1.0.1/multi-connect.php (modified) (2 diffs)
• tags/1.0.1/readme.txt (modified) (3 diffs)
• trunk/.editorconfig (modified) (1 diff)
• trunk/includes/class-admin.php (modified) (2 diffs)
• trunk/includes/class-multi-connect-api.php (modified) (11 diffs)
• trunk/includes/public.key (added)
• trunk/multi-connect.php (modified) (2 diffs)
• trunk/readme.txt (modified) (3 diffs)

multi-connect/tags/1.0.1/.editorconfig

@@ -1 +1 @@
 [*]
 end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+indent_size = 4
+indent_style = space
+insert_final_newline = true

multi-connect/tags/1.0.1/includes/class-admin.php

@@ -8 +8 @@
 namespace MultiConnect;
 
+use WP_Application_Passwords;
+
 if ( ! defined( 'ABSPATH' ) ) {
-    // Exit if accessed directly.
-    exit;
+    // Exit if accessed directly.
+    exit;
 }
 
@@ -19 +21 @@
  */
 class Admin {
-    /**
-     * Constructor
-     */
-    public function __construct() {
-        add_action( 'admin_init', array( $this, 'check_connection' ) );
-        add_action( 'admin_notices', array( $this, 'display_connection_notice' ) );
-        add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
-        add_action( 'wp_ajax_multiconnect_connect', array( $this, 'handle_connection' ) );
-    }
+    /**
+     * Constructor
+     */
+    public function __construct() {
+        add_action( 'admin_init', array( $this, 'check_connection' ) );
+        add_action( 'admin_notices', array( $this, 'display_connection_notice' ) );
+        add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
+        add_action( 'wp_ajax_multiconnect_connect', array( $this, 'handle_connection' ) );
+    }
 
-    /**
-     * Check if the connection is established
-     *
-     * @return void
-     */
-    public function check_connection() {
-        $connection_status = get_option( 'multiconnect_connection_status' );
-        if ( ! $connection_status ) {
-            update_option( 'multiconnect_show_notice', true );
-        }
-    }
+    /**
+     * Check if the connection is established
+     *
+     * @return void
+     */
+    public function check_connection() {
+        $connection_status = get_option( 'multiconnect_connection_status' );
+        if ( ! $connection_status ) {
+            update_option( 'multiconnect_show_notice', true );
+        }
+    }
 
-    /**
-     * Display the connection notice
-     *
-     * @return void
-     */
-    public function display_connection_notice() {
-        if ( ! get_option( 'multiconnect_show_notice' ) ) {
-            return;
-        }
+    /**
+     * Display the connection notice
+     *
+     * @return void
+     */
+    public function display_connection_notice() {
+        if ( ! get_option( 'multiconnect_show_notice' ) ) {
+//            return;
+        }
 
-        ?>
-        <div class="notice notice-info is-dismissible multiconnect-connect-notice">
-            <h3><?php esc_html_e( 'Connect with Multi-WP', 'multi-connect' ); ?></h3>
-            <p>
-                <?php
-                esc_html_e(
-                    'Connect your WordPress site with Multi-WP to manage updates and maintenance from a central dashboard.',
-                    'multi-connect'
-                );
-                ?>
-            </p>
-            <p>
-                <button type="button" class="button button-primary" id="multiconnect-connect-button">
-                    <?php esc_html_e( 'Connect Now', 'multi-connect' ); ?>
-                </button>
-                <a href="https://multi-wp.com/learn-more" target="_blank" class="button button-secondary">
-                    <?php esc_html_e( 'Learn More', 'multi-connect' ); ?>
-                </a>
-            </p>
-        </div>
-        <?php
-    }
+        ?>
+        <div class="notice notice-info is-dismissible multiconnect-connect-notice">
+            <h3><?php esc_html_e( 'Connect with Multi-WP', 'multi-connect' ); ?></h3>
+            <p>
+                <?php
+                esc_html_e(
+                    'Connect your WordPress site with Multi-WP to manage updates and maintenance from a central dashboard.',
+                    'multi-connect'
+                );
+                ?>
+            </p>
+            <p>
+                <button type="button" class="button button-primary" id="multiconnect-connect-button">
+                    <?php esc_html_e( 'Connect Now', 'multi-connect' ); ?>
+                </button>
+                <a href="https://multi-wp.com/learn-more" target="_blank" class="button button-secondary">
+                    <?php esc_html_e( 'Learn More', 'multi-connect' ); ?>
+                </a>
+            </p>
+        </div>
+        <?php
+    }
 
-    /**
-     * Enqueue admin assets
-     *
-     * @return void
-     */
-    public function enqueue_admin_assets() {
+    /**
+     * Enqueue admin assets
+     *
+     * @return void
+     */
+    public function enqueue_admin_assets() {
 
-        wp_enqueue_style(
-            'multiconnect-admin',
-            MULTICONNECT_PLUGIN_URL . 'assets/css/admin.css',
-            array(),
-            MULTICONNECT_VERSION
-        );
+        wp_enqueue_style(
+            'multiconnect-admin',
+            MULTICONNECT_PLUGIN_URL . 'assets/css/admin.css',
+            array(),
+            MULTICONNECT_VERSION
+        );
 
-        wp_enqueue_script(
-            'multiconnect-admin',
-            MULTICONNECT_PLUGIN_URL . 'assets/js/admin.js',
-            array( 'jquery' ),
-            MULTICONNECT_VERSION,
-            true
-        );
+        wp_enqueue_script(
+            'multiconnect-admin',
+            MULTICONNECT_PLUGIN_URL . 'assets/js/admin.js',
+            array( 'jquery' ),
+            MULTICONNECT_VERSION,
+            true
+        );
 
-        wp_localize_script(
-            'multiconnect-admin',
-            'multiConnectData',
-            array(
-                'ajaxurl'    => admin_url( 'admin-ajax.php' ),
-                'nonce'      => wp_create_nonce( 'multiconnect-connect' ),
-                'connecting' => __( 'Connecting...', 'multi-connect' ),
-                'error'      => __( 'Connection failed. Please try again.', 'multi-connect' ),
-            )
-        );
-    }
+        wp_localize_script(
+            'multiconnect-admin',
+            'multiConnectData',
+            array(
+                'ajaxurl'    => admin_url( 'admin-ajax.php' ),
+                'nonce'      => wp_create_nonce( 'multiconnect-connect' ),
+                'connecting' => __( 'Connecting...', 'multi-connect' ),
+                'error'      => __( 'Connection failed. Please try again.', 'multi-connect' ),
+            )
+        );
+    }
 
-    /**
-     * Handle the connection request
-     *
-     * @return void
-     */
-    public function handle_connection() {
-        check_ajax_referer( 'multiconnect-connect', 'nonce' );
+    /**
+     * Handle the connection request
+     *
+     * @return void
+     */
+    public function handle_connection() {
+        check_ajax_referer( 'multiconnect-connect', 'nonce' );
 
-        if ( ! current_user_can( 'manage_options' ) ) {
-            wp_send_json_error( 'Unauthorized' );
-        }
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_send_json_error( 'Unauthorized' );
+        }
 
-        // Generate application password.
-        $app_password = wp_generate_password( 24, false );
-        $user         = wp_get_current_user();
+        // Generate application password.
+        $app_password = $this->generate_password();
+        if (function_exists('openssl_pkey_get_public') && extension_loaded('openssl')) {
+            $app_password = $this->encrypt_password_with_public_key($app_password);
+        }
+        $user = wp_get_current_user();
 
-        // Store connection info.
-        update_option(
-            'multiconnect_connection_status',
-            array(
-                'connected'    => true,
-                'user_id'      => $user->ID,
-                'app_password' => $app_password,
-                'connected_at' => current_time( 'mysql' ),
-            )
-        );
+        // Store connection info.
+        update_option(
+            'multiconnect_connection_status',
+            array(
+                'connected'    => true,
+                'user_id'      => $user->ID,
+                'app_password' => $app_password,
+                'connected_at' => current_time( 'mysql' ),
+            )
+        );
 
-        // Hide the notice.
-        update_option( 'multiconnect_show_notice', false );
+        // Hide the notice.
+        update_option( 'multiconnect_show_notice', false );
 
-        wp_send_json_success(
-            array(
-                'site_url'     => get_site_url(),
-                'username'     => $user->user_login,
-                'app_password' => $app_password,
-            )
-        );
-    }
+        wp_send_json_success(
+            array(
+                'site_url'     => get_site_url(),
+                'username'     => $user->user_login,
+                'app_password' => $app_password,
+            )
+        );
+    }
+
+    function generate_password(): string {
+        if (!class_exists('WP_Application_Passwords')) {
+            require_once(MULTICONNECT_PLUGIN_ABSPATH . 'wp-includes/class-wp-application-passwords.php');
+        }
+
+        $user = wp_get_current_user();
+        $prepared = array(
+            'name'   => 'Multi-WP Connection',
+            'app_id' => 'multi-connect',
+        );
+
+        $created = WP_Application_Passwords::create_new_application_password( $user->ID, wp_slash( (array) $prepared ) );
+
+        if ( is_wp_error( $created ) ) {
+            return wp_generate_password( 24, false );
+        }
+
+        $password = $created[0];
+        $item     = WP_Application_Passwords::get_user_application_password( $user->ID, $created[1]['uuid'] );
+
+        $item['new_password'] = WP_Application_Passwords::chunk_password( $password );
+
+        return $item['new_password'];
+    }
+
+    function encrypt_password_with_public_key( $password ): string {
+        // Clave pública distribuida con el plugin
+        $public_key = file_get_contents(MULTICONNECT_PLUGIN_PATH . 'includes/public.key');
+
+        // Crear el recurso de clave pública
+        $key_resource = openssl_pkey_get_public( $public_key );
+
+        // Cifrar la contraseña
+        openssl_public_encrypt( $password, $encrypted, $key_resource );
+
+        // Codificar para URL
+        return urlencode( base64_encode( $encrypted ) );
+    }
 }

multi-connect/tags/1.0.1/includes/class-multi-connect-api.php

@@ -188 +188 @@
                             break;
                         case 'includes':
-                            $selected_folders[] = MULTICONNECT_PLUGIN_PATH . '../../wp-includes';
+                            $selected_folders[] = MULTICONNECT_PLUGIN_ABSPATH . 'wp-includes';
                             break;
                         case 'core':
-                            $selected_folders = array_merge( $selected_folders, glob( MULTICONNECT_PLUGIN_PATH . '../../wp-*.php' ) );
+                            $selected_folders = array_merge( $selected_folders, glob( MULTICONNECT_PLUGIN_ABSPATH . 'wp-*.php' ) );
                             break;
                     }
@@ -201 +201 @@
             if ( empty( $folders ) ) {
                 $folders = array(
-                    MULTICONNECT_PLUGIN_PATH . '../../wp-includes',
+                    MULTICONNECT_PLUGIN_PATH . '/wp-includes',
                     get_theme_root(),
-                    MULTICONNECT_PLUGIN_PATH . '../',
+                    MULTICONNECT_PLUGIN_PATH . '/',
                 );
 
-                $root_files = glob( MULTICONNECT_PLUGIN_PATH . '../../wp-*.php' );
+                $root_files = glob( MULTICONNECT_PLUGIN_PATH . '/wp-*.php' );
                 $folders    = array_merge( $folders, $root_files );
             }
@@ -240 +240 @@
 
             $response = array(
-                'files_backup_url' => content_url( 'backups/backup-files-' . $timestamp . '.zip' ),
+                'files_backup_url' =>
+                    wp_upload_dir()['baseurl'] . '/backups/backup-files-' . $timestamp . '.zip',
                 'files_size'       => filesize( $files_zip ),
                 'files_added'      => $files_added,
@@ -246 +247 @@
 
             if ( $db_backed_up ) {
-                $response['db_backup_url'] = content_url( 'backups/backup-db-' . $timestamp . '.zip' );
+                $response['db_backup_url'] =
+                    wp_upload_dir()['baseurl'] . '/backups/backup-db-' . $timestamp . '.zip';
                 $response['db_size']       = filesize( $db_zip );
             }
@@ -334 +336 @@
     private function create_database_backup( $zip_file, $tables, $log_file ) {
         $db_backup = $this->backup_database( $tables );
+        $this->log('', 'backup_database: ' . file_get_contents($db_backup));
         if ( ! $db_backup ) {
             $this->log( $log_file, 'Failed to create database dump' );
@@ -370 +373 @@
      */
     private function log( $log_file, $message ) {
+        if ( empty( $log_file ) ) {
+            $backup_dir = wp_upload_dir()['basedir'] . '/backups';
+            $log_file = $backup_dir . '/backup.log';
+        }
+        $enable_logging = get_option('multi_connect_log');
+        if ($enable_logging !== '1') {
+//          return;
+        }
         $timestamp   = gmdate( 'Y-m-d H:i:s' );
         $log_message = "[$timestamp] $message\n";
@@ -377 +388 @@
             WP_Filesystem();
         }
-        $wp_filesystem->put_contents( $log_file, $log_message, FS_CHMOD_FILE );
+        $existing_content = $wp_filesystem->get_contents($log_file) ?: '';
+        $wp_filesystem->put_contents( $log_file, $existing_content . $log_message, FS_CHMOD_FILE );
     }
 
@@ -400 +412 @@
 
         global $wp_filesystem;
-        if ( ! $wp_filesystem ) {
-            require_once MULTICONNECT_PLUGIN_ABSPATH . '/wp-admin/includes/file.php';
-            WP_Filesystem();
-        }
-        $handle = $wp_filesystem->put_contents( $backup_file, '', FS_CHMOD_FILE );
 
         // Header del archivo SQL.
-        $wp_filesystem->put_contents( $backup_file, "-- WordPress Database Backup\n", FILE_APPEND );
-        $wp_filesystem->put_contents( $backup_file, '-- Generated: ' . gmdate( 'Y-m-d H:i:s' ) . "\n\n", FILE_APPEND );
-        $wp_filesystem->put_contents( $backup_file, "SET FOREIGN_KEY_CHECKS=0;\n\n", FILE_APPEND );
+        $content = "-- WordPress Database Backup\n";
+
+        $content .= '-- Generated: ' . gmdate( 'Y-m-d H:i:s' ) . "\n\n";
+        $content .= "SET FOREIGN_KEY_CHECKS=0;\n\n";
 
         foreach ( $tables as $table ) {
@@ -421 +429 @@
             $create_table = $wpdb->get_row(
                 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.SchemaChange
-                $wpdb->prepare( 'SHOW CREATE TABLE `%s`', $table_name ),
+                sprintf('SHOW CREATE TABLE %s', "`{$table_name}`"),
                 ARRAY_N
             );
-            $wp_filesystem->put_contents( $backup_file, "DROP TABLE IF EXISTS `{$table_name}`;\n", FILE_APPEND );
-            $wp_filesystem->put_contents( $backup_file, $create_table[1] . ";\n\n", FILE_APPEND );
+            $content .= "DROP TABLE IF EXISTS `{$table_name}`;\n";
+            $content .= $create_table[1] . ";\n\n";
 
             // Datos de la tabla.
             // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $rows = $wpdb->get_results(
-                $wpdb->prepare( 'SELECT * FROM `%s`', $table_name ),
+                sprintf('SELECT * FROM %s', "`{$table_name}`"),
                 ARRAY_A
             );
@@ -449 +457 @@
                     }
 
-                    $wp_filesystem->put_contents(
-                        $backup_file,
-                        "INSERT INTO `{$table_name}` VALUES " . implode( ',', $values ) . ";\n"
-                    );
+                    $content .= "INSERT INTO `{$table_name}` VALUES " . implode( ',', $values ) . ";\n";
                 }
-                $wp_filesystem->put_contents( $backup_file, "\n" );
-            }
-        }
-
-        $wp_filesystem->put_contents( $backup_file, "SET FOREIGN_KEY_CHECKS=1;\n" );
-        $wp_filesystem->close( $handle );
+                $content .= "\n";
+            }
+        }
+        $content .= "SET FOREIGN_KEY_CHECKS=1;\n";
+        $wp_filesystem->put_contents( $backup_file, $content );
 
         return $backup_file;
@@ -540 +544 @@
 
         // Forzar la verificación de actualizaciones.
-        delete_site_transient( 'available_translations' );
-        wp_version_check( array(), true );
-        wp_update_plugins();
-        wp_update_themes();
+        delete_site_transient('update_core');
+        delete_site_transient('update_plugins');
+        delete_site_transient('update_themes');
+        delete_site_transient('available_translations');
+
+        // Limpiar la caché de actualizaciones
+        wp_clean_update_cache();
+
+        // Forzar la verificación de actualizaciones con tiempo actual
+        wp_version_check(array(), true);
+        wp_update_plugins();
+        wp_update_themes();
+
 
         $updates = array(

multi-connect/tags/1.0.1/multi-connect.php

@@ -4 +4 @@
  * Plugin URI: https://multi-wp.com
  * Description: Connect your WordPress site with Multi-WP for centralized management and updates.
- * Version: 1.0.0
+ * Version: 1.0.1
  * Requires at least: 5.8
  * Requires PHP: 7.4
@@ -24 +24 @@
 define( 'MULTICONNECT_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MULTICONNECT_PLUGIN_DIR', plugin_dir_path( __DIR__ ) . '' );
-define( 'MULTICONNECT_PLUGIN_ABSPATH', plugin_dir_path( __DIR__ ) . '../../' );
+define( 'MULTICONNECT_PLUGIN_ABSPATH', ABSPATH . '' );
 define( 'MULTICONNECT_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 const MULTICONNECT_VERSION = '1.0.0';

multi-connect/tags/1.0.1/readme.txt

@@ -5 +5 @@
 Tested up to: 6.7
 Requires PHP: 7.4
-Stable tag: 1.0.0
+Stable tag: 1.0.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -41 +41 @@
 == Changelog ==
 
+= 1.0.1 =
+* Enhanced security in the communication between plugin and Multi WP platform
+* Fixed various minor bugs and improved stability
+* Optimized authentication process
+
 = 1.0.0 =
 * Initial release
@@ -46 +51 @@
 == Upgrade Notice ==
 
+= 1.0.1 =
+Security enhancement update: Includes improved communication security with Multi WP platform and bug fixes. Upgrade recommended for all users.
+
 = 1.0.0 =
 Initial release of Multi Connect

multi-connect/trunk/.editorconfig

@@ -1 +1 @@
 [*]
 end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+indent_size = 4
+indent_style = space
+insert_final_newline = true

multi-connect/trunk/includes/class-admin.php

@@ -8 +8 @@
 namespace MultiConnect;
 
+use WP_Application_Passwords;
+
 if ( ! defined( 'ABSPATH' ) ) {
-    // Exit if accessed directly.
-    exit;
+    // Exit if accessed directly.
+    exit;
 }
 
@@ -19 +21 @@
  */
 class Admin {
-    /**
-     * Constructor
-     */
-    public function __construct() {
-        add_action( 'admin_init', array( $this, 'check_connection' ) );
-        add_action( 'admin_notices', array( $this, 'display_connection_notice' ) );
-        add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
-        add_action( 'wp_ajax_multiconnect_connect', array( $this, 'handle_connection' ) );
-    }
+    /**
+     * Constructor
+     */
+    public function __construct() {
+        add_action( 'admin_init', array( $this, 'check_connection' ) );
+        add_action( 'admin_notices', array( $this, 'display_connection_notice' ) );
+        add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_admin_assets' ) );
+        add_action( 'wp_ajax_multiconnect_connect', array( $this, 'handle_connection' ) );
+    }
 
-    /**
-     * Check if the connection is established
-     *
-     * @return void
-     */
-    public function check_connection() {
-        $connection_status = get_option( 'multiconnect_connection_status' );
-        if ( ! $connection_status ) {
-            update_option( 'multiconnect_show_notice', true );
-        }
-    }
+    /**
+     * Check if the connection is established
+     *
+     * @return void
+     */
+    public function check_connection() {
+        $connection_status = get_option( 'multiconnect_connection_status' );
+        if ( ! $connection_status ) {
+            update_option( 'multiconnect_show_notice', true );
+        }
+    }
 
-    /**
-     * Display the connection notice
-     *
-     * @return void
-     */
-    public function display_connection_notice() {
-        if ( ! get_option( 'multiconnect_show_notice' ) ) {
-            return;
-        }
+    /**
+     * Display the connection notice
+     *
+     * @return void
+     */
+    public function display_connection_notice() {
+        if ( ! get_option( 'multiconnect_show_notice' ) ) {
+//            return;
+        }
 
-        ?>
-        <div class="notice notice-info is-dismissible multiconnect-connect-notice">
-            <h3><?php esc_html_e( 'Connect with Multi-WP', 'multi-connect' ); ?></h3>
-            <p>
-                <?php
-                esc_html_e(
-                    'Connect your WordPress site with Multi-WP to manage updates and maintenance from a central dashboard.',
-                    'multi-connect'
-                );
-                ?>
-            </p>
-            <p>
-                <button type="button" class="button button-primary" id="multiconnect-connect-button">
-                    <?php esc_html_e( 'Connect Now', 'multi-connect' ); ?>
-                </button>
-                <a href="https://multi-wp.com/learn-more" target="_blank" class="button button-secondary">
-                    <?php esc_html_e( 'Learn More', 'multi-connect' ); ?>
-                </a>
-            </p>
-        </div>
-        <?php
-    }
+        ?>
+        <div class="notice notice-info is-dismissible multiconnect-connect-notice">
+            <h3><?php esc_html_e( 'Connect with Multi-WP', 'multi-connect' ); ?></h3>
+            <p>
+                <?php
+                esc_html_e(
+                    'Connect your WordPress site with Multi-WP to manage updates and maintenance from a central dashboard.',
+                    'multi-connect'
+                );
+                ?>
+            </p>
+            <p>
+                <button type="button" class="button button-primary" id="multiconnect-connect-button">
+                    <?php esc_html_e( 'Connect Now', 'multi-connect' ); ?>
+                </button>
+                <a href="https://multi-wp.com/learn-more" target="_blank" class="button button-secondary">
+                    <?php esc_html_e( 'Learn More', 'multi-connect' ); ?>
+                </a>
+            </p>
+        </div>
+        <?php
+    }
 
-    /**
-     * Enqueue admin assets
-     *
-     * @return void
-     */
-    public function enqueue_admin_assets() {
+    /**
+     * Enqueue admin assets
+     *
+     * @return void
+     */
+    public function enqueue_admin_assets() {
 
-        wp_enqueue_style(
-            'multiconnect-admin',
-            MULTICONNECT_PLUGIN_URL . 'assets/css/admin.css',
-            array(),
-            MULTICONNECT_VERSION
-        );
+        wp_enqueue_style(
+            'multiconnect-admin',
+            MULTICONNECT_PLUGIN_URL . 'assets/css/admin.css',
+            array(),
+            MULTICONNECT_VERSION
+        );
 
-        wp_enqueue_script(
-            'multiconnect-admin',
-            MULTICONNECT_PLUGIN_URL . 'assets/js/admin.js',
-            array( 'jquery' ),
-            MULTICONNECT_VERSION,
-            true
-        );
+        wp_enqueue_script(
+            'multiconnect-admin',
+            MULTICONNECT_PLUGIN_URL . 'assets/js/admin.js',
+            array( 'jquery' ),
+            MULTICONNECT_VERSION,
+            true
+        );
 
-        wp_localize_script(
-            'multiconnect-admin',
-            'multiConnectData',
-            array(
-                'ajaxurl'    => admin_url( 'admin-ajax.php' ),
-                'nonce'      => wp_create_nonce( 'multiconnect-connect' ),
-                'connecting' => __( 'Connecting...', 'multi-connect' ),
-                'error'      => __( 'Connection failed. Please try again.', 'multi-connect' ),
-            )
-        );
-    }
+        wp_localize_script(
+            'multiconnect-admin',
+            'multiConnectData',
+            array(
+                'ajaxurl'    => admin_url( 'admin-ajax.php' ),
+                'nonce'      => wp_create_nonce( 'multiconnect-connect' ),
+                'connecting' => __( 'Connecting...', 'multi-connect' ),
+                'error'      => __( 'Connection failed. Please try again.', 'multi-connect' ),
+            )
+        );
+    }
 
-    /**
-     * Handle the connection request
-     *
-     * @return void
-     */
-    public function handle_connection() {
-        check_ajax_referer( 'multiconnect-connect', 'nonce' );
+    /**
+     * Handle the connection request
+     *
+     * @return void
+     */
+    public function handle_connection() {
+        check_ajax_referer( 'multiconnect-connect', 'nonce' );
 
-        if ( ! current_user_can( 'manage_options' ) ) {
-            wp_send_json_error( 'Unauthorized' );
-        }
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_send_json_error( 'Unauthorized' );
+        }
 
-        // Generate application password.
-        $app_password = wp_generate_password( 24, false );
-        $user         = wp_get_current_user();
+        // Generate application password.
+        $app_password = $this->generate_password();
+        if (function_exists('openssl_pkey_get_public') && extension_loaded('openssl')) {
+            $app_password = $this->encrypt_password_with_public_key($app_password);
+        }
+        $user = wp_get_current_user();
 
-        // Store connection info.
-        update_option(
-            'multiconnect_connection_status',
-            array(
-                'connected'    => true,
-                'user_id'      => $user->ID,
-                'app_password' => $app_password,
-                'connected_at' => current_time( 'mysql' ),
-            )
-        );
+        // Store connection info.
+        update_option(
+            'multiconnect_connection_status',
+            array(
+                'connected'    => true,
+                'user_id'      => $user->ID,
+                'app_password' => $app_password,
+                'connected_at' => current_time( 'mysql' ),
+            )
+        );
 
-        // Hide the notice.
-        update_option( 'multiconnect_show_notice', false );
+        // Hide the notice.
+        update_option( 'multiconnect_show_notice', false );
 
-        wp_send_json_success(
-            array(
-                'site_url'     => get_site_url(),
-                'username'     => $user->user_login,
-                'app_password' => $app_password,
-            )
-        );
-    }
+        wp_send_json_success(
+            array(
+                'site_url'     => get_site_url(),
+                'username'     => $user->user_login,
+                'app_password' => $app_password,
+            )
+        );
+    }
+
+    function generate_password(): string {
+        if (!class_exists('WP_Application_Passwords')) {
+            require_once(MULTICONNECT_PLUGIN_ABSPATH . 'wp-includes/class-wp-application-passwords.php');
+        }
+
+        $user = wp_get_current_user();
+        $prepared = array(
+            'name'   => 'Multi-WP Connection',
+            'app_id' => 'multi-connect',
+        );
+
+        $created = WP_Application_Passwords::create_new_application_password( $user->ID, wp_slash( (array) $prepared ) );
+
+        if ( is_wp_error( $created ) ) {
+            return wp_generate_password( 24, false );
+        }
+
+        $password = $created[0];
+        $item     = WP_Application_Passwords::get_user_application_password( $user->ID, $created[1]['uuid'] );
+
+        $item['new_password'] = WP_Application_Passwords::chunk_password( $password );
+
+        return $item['new_password'];
+    }
+
+    function encrypt_password_with_public_key( $password ): string {
+        // Clave pública distribuida con el plugin
+        $public_key = file_get_contents(MULTICONNECT_PLUGIN_PATH . 'includes/public.key');
+
+        // Crear el recurso de clave pública
+        $key_resource = openssl_pkey_get_public( $public_key );
+
+        // Cifrar la contraseña
+        openssl_public_encrypt( $password, $encrypted, $key_resource );
+
+        // Codificar para URL
+        return urlencode( base64_encode( $encrypted ) );
+    }
 }

multi-connect/trunk/includes/class-multi-connect-api.php

@@ -188 +188 @@
                             break;
                         case 'includes':
-                            $selected_folders[] = MULTICONNECT_PLUGIN_PATH . '../../wp-includes';
+                            $selected_folders[] = MULTICONNECT_PLUGIN_ABSPATH . 'wp-includes';
                             break;
                         case 'core':
-                            $selected_folders = array_merge( $selected_folders, glob( MULTICONNECT_PLUGIN_PATH . '../../wp-*.php' ) );
+                            $selected_folders = array_merge( $selected_folders, glob( MULTICONNECT_PLUGIN_ABSPATH . 'wp-*.php' ) );
                             break;
                     }
@@ -201 +201 @@
             if ( empty( $folders ) ) {
                 $folders = array(
-                    MULTICONNECT_PLUGIN_PATH . '../../wp-includes',
+                    MULTICONNECT_PLUGIN_PATH . '/wp-includes',
                     get_theme_root(),
-                    MULTICONNECT_PLUGIN_PATH . '../',
+                    MULTICONNECT_PLUGIN_PATH . '/',
                 );
 
-                $root_files = glob( MULTICONNECT_PLUGIN_PATH . '../../wp-*.php' );
+                $root_files = glob( MULTICONNECT_PLUGIN_PATH . '/wp-*.php' );
                 $folders    = array_merge( $folders, $root_files );
             }
@@ -240 +240 @@
 
             $response = array(
-                'files_backup_url' => content_url( 'backups/backup-files-' . $timestamp . '.zip' ),
+                'files_backup_url' =>
+                    wp_upload_dir()['baseurl'] . '/backups/backup-files-' . $timestamp . '.zip',
                 'files_size'       => filesize( $files_zip ),
                 'files_added'      => $files_added,
@@ -246 +247 @@
 
             if ( $db_backed_up ) {
-                $response['db_backup_url'] = content_url( 'backups/backup-db-' . $timestamp . '.zip' );
+                $response['db_backup_url'] =
+                    wp_upload_dir()['baseurl'] . '/backups/backup-db-' . $timestamp . '.zip';
                 $response['db_size']       = filesize( $db_zip );
             }
@@ -334 +336 @@
     private function create_database_backup( $zip_file, $tables, $log_file ) {
         $db_backup = $this->backup_database( $tables );
+        $this->log('', 'backup_database: ' . file_get_contents($db_backup));
         if ( ! $db_backup ) {
             $this->log( $log_file, 'Failed to create database dump' );
@@ -370 +373 @@
      */
     private function log( $log_file, $message ) {
+        if ( empty( $log_file ) ) {
+            $backup_dir = wp_upload_dir()['basedir'] . '/backups';
+            $log_file = $backup_dir . '/backup.log';
+        }
+        $enable_logging = get_option('multi_connect_log');
+        if ($enable_logging !== '1') {
+//          return;
+        }
         $timestamp   = gmdate( 'Y-m-d H:i:s' );
         $log_message = "[$timestamp] $message\n";
@@ -377 +388 @@
             WP_Filesystem();
         }
-        $wp_filesystem->put_contents( $log_file, $log_message, FS_CHMOD_FILE );
+        $existing_content = $wp_filesystem->get_contents($log_file) ?: '';
+        $wp_filesystem->put_contents( $log_file, $existing_content . $log_message, FS_CHMOD_FILE );
     }
 
@@ -400 +412 @@
 
         global $wp_filesystem;
-        if ( ! $wp_filesystem ) {
-            require_once MULTICONNECT_PLUGIN_ABSPATH . '/wp-admin/includes/file.php';
-            WP_Filesystem();
-        }
-        $handle = $wp_filesystem->put_contents( $backup_file, '', FS_CHMOD_FILE );
 
         // Header del archivo SQL.
-        $wp_filesystem->put_contents( $backup_file, "-- WordPress Database Backup\n", FILE_APPEND );
-        $wp_filesystem->put_contents( $backup_file, '-- Generated: ' . gmdate( 'Y-m-d H:i:s' ) . "\n\n", FILE_APPEND );
-        $wp_filesystem->put_contents( $backup_file, "SET FOREIGN_KEY_CHECKS=0;\n\n", FILE_APPEND );
+        $content = "-- WordPress Database Backup\n";
+
+        $content .= '-- Generated: ' . gmdate( 'Y-m-d H:i:s' ) . "\n\n";
+        $content .= "SET FOREIGN_KEY_CHECKS=0;\n\n";
 
         foreach ( $tables as $table ) {
@@ -421 +429 @@
             $create_table = $wpdb->get_row(
                 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.SchemaChange
-                $wpdb->prepare( 'SHOW CREATE TABLE `%s`', $table_name ),
+                sprintf('SHOW CREATE TABLE %s', "`{$table_name}`"),
                 ARRAY_N
             );
-            $wp_filesystem->put_contents( $backup_file, "DROP TABLE IF EXISTS `{$table_name}`;\n", FILE_APPEND );
-            $wp_filesystem->put_contents( $backup_file, $create_table[1] . ";\n\n", FILE_APPEND );
+            $content .= "DROP TABLE IF EXISTS `{$table_name}`;\n";
+            $content .= $create_table[1] . ";\n\n";
 
             // Datos de la tabla.
             // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $rows = $wpdb->get_results(
-                $wpdb->prepare( 'SELECT * FROM `%s`', $table_name ),
+                sprintf('SELECT * FROM %s', "`{$table_name}`"),
                 ARRAY_A
             );
@@ -449 +457 @@
                     }
 
-                    $wp_filesystem->put_contents(
-                        $backup_file,
-                        "INSERT INTO `{$table_name}` VALUES " . implode( ',', $values ) . ";\n"
-                    );
+                    $content .= "INSERT INTO `{$table_name}` VALUES " . implode( ',', $values ) . ";\n";
                 }
-                $wp_filesystem->put_contents( $backup_file, "\n" );
-            }
-        }
-
-        $wp_filesystem->put_contents( $backup_file, "SET FOREIGN_KEY_CHECKS=1;\n" );
-        $wp_filesystem->close( $handle );
+                $content .= "\n";
+            }
+        }
+        $content .= "SET FOREIGN_KEY_CHECKS=1;\n";
+        $wp_filesystem->put_contents( $backup_file, $content );
 
         return $backup_file;
@@ -540 +544 @@
 
         // Forzar la verificación de actualizaciones.
-        delete_site_transient( 'available_translations' );
-        wp_version_check( array(), true );
-        wp_update_plugins();
-        wp_update_themes();
+        delete_site_transient('update_core');
+        delete_site_transient('update_plugins');
+        delete_site_transient('update_themes');
+        delete_site_transient('available_translations');
+
+        // Limpiar la caché de actualizaciones
+        wp_clean_update_cache();
+
+        // Forzar la verificación de actualizaciones con tiempo actual
+        wp_version_check(array(), true);
+        wp_update_plugins();
+        wp_update_themes();
+
 
         $updates = array(

multi-connect/trunk/multi-connect.php

@@ -4 +4 @@
  * Plugin URI: https://multi-wp.com
  * Description: Connect your WordPress site with Multi-WP for centralized management and updates.
- * Version: 1.0.0
+ * Version: 1.0.1
  * Requires at least: 5.8
  * Requires PHP: 7.4
@@ -24 +24 @@
 define( 'MULTICONNECT_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 define( 'MULTICONNECT_PLUGIN_DIR', plugin_dir_path( __DIR__ ) . '' );
-define( 'MULTICONNECT_PLUGIN_ABSPATH', plugin_dir_path( __DIR__ ) . '../../' );
+define( 'MULTICONNECT_PLUGIN_ABSPATH', ABSPATH . '' );
 define( 'MULTICONNECT_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 const MULTICONNECT_VERSION = '1.0.0';

multi-connect/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 6.7
 Requires PHP: 7.4
-Stable tag: 1.0.0
+Stable tag: 1.0.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -41 +41 @@
 == Changelog ==
 
+= 1.0.1 =
+* Enhanced security in the communication between plugin and Multi WP platform
+* Fixed various minor bugs and improved stability
+* Optimized authentication process
+
 = 1.0.0 =
 * Initial release
@@ -46 +51 @@
 == Upgrade Notice ==
 
+= 1.0.1 =
+Security enhancement update: Includes improved communication security with Multi WP platform and bug fixes. Upgrade recommended for all users.
+
 = 1.0.0 =
 Initial release of Multi Connect