Changeset 3219647

Timestamp:

01/09/2025 01:02:44 PM (15 months ago)

Author:

raldea89

Message:

Security update

Location:

htaccess-file-editor

Files:

• tags/1.0.20/assets/js/htaccess-file-editor.min.js (modified) (1 diff)
• tags/1.0.20/includes/class-htaccess-file-editor-hooks.php (modified) (2 diffs)
• tags/1.0.20/includes/functions.php (modified) (9 diffs)
• tags/1.0.20/templates/backup-form.php (modified) (1 diff)
• tags/1.0.20/templates/dashboard.php (modified) (1 diff)
• trunk/assets/js/htaccess-file-editor.min.js (modified) (1 diff)
• trunk/includes/class-htaccess-file-editor-hooks.php (modified) (2 diffs)
• trunk/includes/functions.php (modified) (9 diffs)
• trunk/templates/backup-form.php (modified) (1 diff)
• trunk/templates/dashboard.php (modified) (1 diff)

htaccess-file-editor/tags/1.0.20/assets/js/htaccess-file-editor.min.js

@@ -1 @@
-jQuery(document).ready((function(e){wp.codeEditor.initialize(e("#htaccess-file-editor-textarea"),htaccess_file_editor_settings)}));
+jQuery(document).ready(function(e){wp.codeEditor.initialize(e("#htaccess-file-editor-textarea"),htaccess_file_editor_settings)});

htaccess-file-editor/tags/1.0.20/includes/class-htaccess-file-editor-hooks.php

@@ -64 +64 @@
     public function migrate_backup_name() {
         $old_name = 'htaccess.backup';
-        $new_name = '.htaccess-file-editor-bkup';
+        $hash     = sanitize_file_name( substr( wp_generate_password( 10, false ), 0, 5 ) );
+        $new_name = '.htaccess-file-editor-bkup-' . $hash;
         $path     = WP_CONTENT_DIR;
-        // If the new backup file exists, then we don't need to migrate
-        if ( file_exists( $path . '/' . $new_name ) ) {
+        // Retrieve the saved backup name
+        $saved_name = get_option( 'htaccess_file_editor_backup_name' );
+        // If the backup file is saved in the options and exists, then we don't need to migrate
+        if ( $saved_name && file_exists( $path . '/' . $saved_name ) ) {
             return;
         }
+
         // If the old file doesn't exist, then we don't need to migrate
         if ( ! file_exists( $path . '/' . $old_name ) ) {
@@ -80 +84 @@
         WP_Filesystem();
         $wp_filesystem->move( $path . '/' . $old_name, $path . '/' . $new_name );
+        update_option( 'htaccess_file_editor_backup_name', $new_name );
     }
 }

htaccess-file-editor/tags/1.0.20/includes/functions.php

@@ -9 +9 @@
     require_once ABSPATH . '/wp-admin/includes/file.php';
     WP_Filesystem();
-    $WPHE_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+    $saved_name = get_option( 'htaccess_file_editor_backup_name' );
+    // Check if the backup file is saved in the options
+    if ( $saved_name ) {
+        $file_name = $saved_name;
+    } else {
+        $hash      = sanitize_file_name( substr( wp_generate_password( 10, false ), 0, 5 ) );
+        $file_name = '.htaccess-file-editor-bkup-' . $hash;
+    }
+    $WPHE_backup_path = ABSPATH . 'wp-content/' . $file_name;
     $WPHE_orig_path   = ABSPATH . '.htaccess';
     @clearstatcache();
 
-    htaccess_file_editor_create_secure_wpcontent();
+    htaccess_file_editor_create_secure_wpcontent( $file_name );
     if ( file_exists( $WPHE_backup_path ) ) {
-        htaccess_file_editor_delete_backup();
+        htaccess_file_editor_delete_backup( $file_name );
 
         if ( file_exists( ABSPATH . '.htaccess' ) ) {
@@ -35 +43 @@
                 unset( $htaccess_content_orig );
                 unset( $WPHE_success );
+                update_option( 'htaccess_file_editor_backup_name', $file_name );
                 return true;
             }
@@ -64 +73 @@
             unset( $htaccess_content_orig );
             unset( $WPHE_success );
+            update_option( 'htaccess_file_editor_backup_name', $file_name );
             return true;
         }
@@ -75 +85 @@
 
 
-function htaccess_file_editor_create_secure_wpcontent() {
+function htaccess_file_editor_create_secure_wpcontent( $file_name = false ) {
+    if ( ! $file_name ) {
+        return false;
+    }
     $htaccess_file_editor_secure_path = ABSPATH . 'wp-content/.htaccess';
     $htaccess_file_editor_secure_text = '
 # Htaccess File Editor - Secure backups
-<files .htaccess-file-editor-bkup>
+<files ' . $file_name . '>
 order allow,deny
 deny from all
@@ -91 +104 @@
 
         if ( $htaccess_file_editor_secure_content !== false ) {
-            if ( strpos( $htaccess_file_editor_secure_content, '<files .htaccess-file-editor-bkup>' ) === false ) {
+            if ( strpos( $htaccess_file_editor_secure_content, '<files ' . $file_name . '>' ) === false ) {
                 unset( $htaccess_file_editor_secure_content );
                 $htaccess_file_editor_create_sec = $wp_filesystem->put_contents( ABSPATH . 'wp-content/.htaccess', $htaccess_file_editor_secure_text );
@@ -125 +138 @@
 
 function htaccess_file_editor_restore_backup() {
-    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+    $file_name = get_option( 'htaccess_file_editor_backup_name' );
+    if ( ! $file_name ) {
+        return false;
+    }
+    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/' . $file_name;
     $WPHE_orig_path                   = ABSPATH . '.htaccess';
     @clearstatcache();
@@ -152 +169 @@
             return $htaccess_file_editor_htaccess_content_backup;
         } else {
-            htaccess_file_editor_delete_backup();
+            htaccess_file_editor_delete_backup( $file_name );
             unset( $htaccess_file_editor_success );
             unset( $htaccess_file_editor_htaccess_content_backup );
@@ -163 +180 @@
 
 
-function htaccess_file_editor_delete_backup() {
-    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+function htaccess_file_editor_delete_backup( $file_name = false ) {
+
+    if ( ! $file_name ) {
+        $file_name = get_option( 'htaccess_file_editor_backup_name' );
+        if ( ! $file_name ) {
+            return false;
+        }
+    }
+    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/' . $file_name;
     @clearstatcache();
 
@@ -184 +208 @@
             return false;
         } else {
-            unset( $htaccess_file_editor_backup_path );
-            return true;
-        }
-    } else {
+            delete_option( 'htaccess_file_editor_backup_name' );
+            unset( $htaccess_file_editor_backup_path );
+            return true;
+        }
+    } else {
+        delete_option( 'htaccess_file_editor_backup_name' );
         unset( $htaccess_file_editor_backup_path );
         return true;

htaccess-file-editor/tags/1.0.20/templates/backup-form.php

@@ -1 +1 @@
 <?php
-if (file_exists(ABSPATH . 'wp-content/.htaccess-file-editor-bkup')) {
+$file_name = get_option('htaccess_file_editor_backup_name');
+
+if ($file_name && file_exists(ABSPATH . 'wp-content/' . $file_name)) {
     echo '<div class="postbox htaccess-file-editor-box" style="background: #FFEECE;">';
     ?>

htaccess-file-editor/tags/1.0.20/templates/dashboard.php

@@ -9 +9 @@
 require_once ABSPATH . '/wp-admin/includes/file.php';
 WP_Filesystem();
-$htaccess_file_editor_backup_path = WP_CONTENT_URL . '/.htaccess-file-editor-bkup';
+$file_name = get_option( 'htaccess_file_editor_backup_name' );
+$htaccess_file_editor_backup_path = WP_CONTENT_URL . '/' . $file_name;
 $htaccess_file_editor_origin_path = ABSPATH . '.htaccess';
 ?>

htaccess-file-editor/trunk/assets/js/htaccess-file-editor.min.js

@@ -1 @@
-jQuery(document).ready((function(e){wp.codeEditor.initialize(e("#htaccess-file-editor-textarea"),htaccess_file_editor_settings)}));
+jQuery(document).ready(function(e){wp.codeEditor.initialize(e("#htaccess-file-editor-textarea"),htaccess_file_editor_settings)});

htaccess-file-editor/trunk/includes/class-htaccess-file-editor-hooks.php

@@ -64 +64 @@
     public function migrate_backup_name() {
         $old_name = 'htaccess.backup';
-        $new_name = '.htaccess-file-editor-bkup';
+        $hash     = sanitize_file_name( substr( wp_generate_password( 10, false ), 0, 5 ) );
+        $new_name = '.htaccess-file-editor-bkup-' . $hash;
         $path     = WP_CONTENT_DIR;
-        // If the new backup file exists, then we don't need to migrate
-        if ( file_exists( $path . '/' . $new_name ) ) {
+        // Retrieve the saved backup name
+        $saved_name = get_option( 'htaccess_file_editor_backup_name' );
+        // If the backup file is saved in the options and exists, then we don't need to migrate
+        if ( $saved_name && file_exists( $path . '/' . $saved_name ) ) {
             return;
         }
+
         // If the old file doesn't exist, then we don't need to migrate
         if ( ! file_exists( $path . '/' . $old_name ) ) {
@@ -80 +84 @@
         WP_Filesystem();
         $wp_filesystem->move( $path . '/' . $old_name, $path . '/' . $new_name );
+        update_option( 'htaccess_file_editor_backup_name', $new_name );
     }
 }

htaccess-file-editor/trunk/includes/functions.php

@@ -9 +9 @@
     require_once ABSPATH . '/wp-admin/includes/file.php';
     WP_Filesystem();
-    $WPHE_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+    $saved_name = get_option( 'htaccess_file_editor_backup_name' );
+    // Check if the backup file is saved in the options
+    if ( $saved_name ) {
+        $file_name = $saved_name;
+    } else {
+        $hash      = sanitize_file_name( substr( wp_generate_password( 10, false ), 0, 5 ) );
+        $file_name = '.htaccess-file-editor-bkup-' . $hash;
+    }
+    $WPHE_backup_path = ABSPATH . 'wp-content/' . $file_name;
     $WPHE_orig_path   = ABSPATH . '.htaccess';
     @clearstatcache();
 
-    htaccess_file_editor_create_secure_wpcontent();
+    htaccess_file_editor_create_secure_wpcontent( $file_name );
     if ( file_exists( $WPHE_backup_path ) ) {
-        htaccess_file_editor_delete_backup();
+        htaccess_file_editor_delete_backup( $file_name );
 
         if ( file_exists( ABSPATH . '.htaccess' ) ) {
@@ -35 +43 @@
                 unset( $htaccess_content_orig );
                 unset( $WPHE_success );
+                update_option( 'htaccess_file_editor_backup_name', $file_name );
                 return true;
             }
@@ -64 +73 @@
             unset( $htaccess_content_orig );
             unset( $WPHE_success );
+            update_option( 'htaccess_file_editor_backup_name', $file_name );
             return true;
         }
@@ -75 +85 @@
 
 
-function htaccess_file_editor_create_secure_wpcontent() {
+function htaccess_file_editor_create_secure_wpcontent( $file_name = false ) {
+    if ( ! $file_name ) {
+        return false;
+    }
     $htaccess_file_editor_secure_path = ABSPATH . 'wp-content/.htaccess';
     $htaccess_file_editor_secure_text = '
 # Htaccess File Editor - Secure backups
-<files .htaccess-file-editor-bkup>
+<files ' . $file_name . '>
 order allow,deny
 deny from all
@@ -91 +104 @@
 
         if ( $htaccess_file_editor_secure_content !== false ) {
-            if ( strpos( $htaccess_file_editor_secure_content, '<files .htaccess-file-editor-bkup>' ) === false ) {
+            if ( strpos( $htaccess_file_editor_secure_content, '<files ' . $file_name . '>' ) === false ) {
                 unset( $htaccess_file_editor_secure_content );
                 $htaccess_file_editor_create_sec = $wp_filesystem->put_contents( ABSPATH . 'wp-content/.htaccess', $htaccess_file_editor_secure_text );
@@ -125 +138 @@
 
 function htaccess_file_editor_restore_backup() {
-    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+    $file_name = get_option( 'htaccess_file_editor_backup_name' );
+    if ( ! $file_name ) {
+        return false;
+    }
+    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/' . $file_name;
     $WPHE_orig_path                   = ABSPATH . '.htaccess';
     @clearstatcache();
@@ -152 +169 @@
             return $htaccess_file_editor_htaccess_content_backup;
         } else {
-            htaccess_file_editor_delete_backup();
+            htaccess_file_editor_delete_backup( $file_name );
             unset( $htaccess_file_editor_success );
             unset( $htaccess_file_editor_htaccess_content_backup );
@@ -163 +180 @@
 
 
-function htaccess_file_editor_delete_backup() {
-    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/.htaccess-file-editor-bkup';
+function htaccess_file_editor_delete_backup( $file_name = false ) {
+
+    if ( ! $file_name ) {
+        $file_name = get_option( 'htaccess_file_editor_backup_name' );
+        if ( ! $file_name ) {
+            return false;
+        }
+    }
+    $htaccess_file_editor_backup_path = ABSPATH . 'wp-content/' . $file_name;
     @clearstatcache();
 
@@ -184 +208 @@
             return false;
         } else {
-            unset( $htaccess_file_editor_backup_path );
-            return true;
-        }
-    } else {
+            delete_option( 'htaccess_file_editor_backup_name' );
+            unset( $htaccess_file_editor_backup_path );
+            return true;
+        }
+    } else {
+        delete_option( 'htaccess_file_editor_backup_name' );
         unset( $htaccess_file_editor_backup_path );
         return true;

htaccess-file-editor/trunk/templates/backup-form.php

@@ -1 +1 @@
 <?php
-if (file_exists(ABSPATH . 'wp-content/.htaccess-file-editor-bkup')) {
+$file_name = get_option('htaccess_file_editor_backup_name');
+
+if ($file_name && file_exists(ABSPATH . 'wp-content/' . $file_name)) {
     echo '<div class="postbox htaccess-file-editor-box" style="background: #FFEECE;">';
     ?>

htaccess-file-editor/trunk/templates/dashboard.php

@@ -9 +9 @@
 require_once ABSPATH . '/wp-admin/includes/file.php';
 WP_Filesystem();
-$htaccess_file_editor_backup_path = WP_CONTENT_URL . '/.htaccess-file-editor-bkup';
+$file_name = get_option( 'htaccess_file_editor_backup_name' );
+$htaccess_file_editor_backup_path = WP_CONTENT_URL . '/' . $file_name;
 $htaccess_file_editor_origin_path = ABSPATH . '.htaccess';
 ?>