WordPress.org
Get WordPress

Plugin Directory

Changeset 3244712


Ignore:
Timestamp:
02/21/2025 09:43:44 PM (13 days ago)
Author:
Katsushi Kawamori
Message:
  • Fix - Sanitize file names when deleting json files.
Location:
moving-contents/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • moving-contents/trunk/lib/class-movingcontentsadmin.php

    r3092627 r3244712  
    8484        if ( $file == $this_plugin ) {
    8585            $links[] = '<a href="' . admin_url( 'admin.php?page=movingcontents' ) . '">Moving Contents</a>';
    86             $links[] = '<a href="' . admin_url( 'admin.php?page=movingcontents-generate-json' ) . '">' . __( 'Export' ) . '</a>';
    87             $links[] = '<a href="' . admin_url( 'admin.php?page=movingcontents-update-db' ) . '">' . __( 'Import' ) . '</a>';
     86            $links[] = '<a href="' . admin_url( 'admin.php?page=movingcontents-generate-json' ) . '">' . __( 'Export', 'moving-contents' ) . '</a>';
     87            $links[] = '<a href="' . admin_url( 'admin.php?page=movingcontents-update-db' ) . '">' . __( 'Import', 'moving-contents' ) . '</a>';
    8888        }
    8989        return $links;
     
    106106        add_submenu_page(
    107107            'movingcontents',
    108             __( 'Export' ),
    109             __( 'Export' ),
     108            __( 'Export', 'moving-contents' ),
     109            __( 'Export', 'moving-contents' ),
    110110            'manage_options',
    111111            'movingcontents-generate-json',
     
    114114        add_submenu_page(
    115115            'movingcontents',
    116             __( 'Import' ),
    117             __( 'Import' ),
     116            __( 'Import', 'moving-contents' ),
     117            __( 'Import', 'moving-contents' ),
    118118            'manage_options',
    119119            'movingcontents-update-db',
     
    130130
    131131        if ( ! current_user_can( 'manage_options' ) ) {
    132             wp_die( esc_html__( 'You do not have sufficient permissions to access this page.' ) );
     132            wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'moving-contents' ) );
    133133        }
    134134
     
    142142                    update_option( 'moving_contents_mail_send', false );
    143143                }
    144                 echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings' ) . ' --> ' . __( 'Changes saved.' ) ) . '</li></ul></div>';
     144                echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings', 'moving-contents' ) . ' --> ' . __( 'Changes saved.', 'moving-contents' ) ) . '</li></ul></div>';
    145145            }
    146146        }
     
    150150                if ( ! empty( $_POST['number_files'] ) ) {
    151151                    update_option( 'moving_contents_number_files', absint( $_POST['number_files'] ) );
    152                     echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings' ) . ' --> ' . __( 'Changes saved.' ) ) . '</li></ul></div>';
     152                    echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings', 'moving-contents' ) . ' --> ' . __( 'Changes saved.', 'moving-contents' ) ) . '</li></ul></div>';
    153153                }
    154154            }
     
    170170                        array(
    171171                            'options' => function ( $value ) {
    172                                 return sanitize_text_field( $value );
     172                                return sanitize_file_name( $value );
    173173                            },
    174174                        )
     
    182182        <div class="wrap">
    183183
    184         <h2>Moving Contents <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" style="text-decoration: none;"><?php esc_html_e( 'Export' ); ?></a>
    185             <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Import' ); ?></a>
     184        <h2>Moving Contents <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" style="text-decoration: none;"><?php esc_html_e( 'Export', 'moving-contents' ); ?></a>
     185            <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Import', 'moving-contents' ); ?></a>
    186186            <?php
    187187            if ( class_exists( 'MovingUsers' ) ) {
     
    207207        <div style="clear: both;"></div>
    208208
    209         <h3><?php esc_html_e( 'Export' ); ?></h3>
     209        <h3><?php esc_html_e( 'Export', 'moving-contents' ); ?></h3>
    210210        <form method="post" action="<?php echo esc_url( $scriptname ); ?>">
    211211        <div style="margin: 5px; padding: 5px;">
     
    217217            <input type="checkbox" name="mail_send" value="1" <?php checked( get_option( 'moving_contents_mail_send' ), true ); ?>>
    218218            <?php esc_html_e( 'Send the exported JSON file by e-mail', 'moving-contents' ); ?>
    219             <?php submit_button( __( 'Change' ), 'large', 'Jsonmailsend', false, array( 'style' => 'vertical-align: middle;' ) ); ?>
     219            <?php submit_button( __( 'Change', 'moving-contents' ), 'large', 'Jsonmailsend', false, array( 'style' => 'vertical-align: middle;' ) ); ?>
    220220            </div>
    221             <?php submit_button( __( 'Export as JSON' ), 'large', 'Cjson', true ); ?>
     221            <?php submit_button( __( 'Export as JSON', 'moving-contents' ), 'large', 'Cjson', true ); ?>
    222222        </div>
    223223        <?php
     
    229229            <?php esc_html_e( 'Number of latest files to keep', 'moving-contents' ); ?> :
    230230            <input type="number" name="number_files" value="<?php echo esc_attr( get_option( 'moving_contents_number_files', 5 ) ); ?>" min="1" max="100" step="1" style="width: 70px;" />
    231             <?php submit_button( __( 'Change' ), 'large', 'Cnumber', false ); ?>
    232             <?php submit_button( __( 'Delete' ), 'large', 'Djson', true ); ?>
     231            <?php submit_button( __( 'Change', 'moving-contents' ), 'large', 'Cnumber', false ); ?>
     232            <?php submit_button( __( 'Delete', 'moving-contents' ), 'large', 'Djson', true ); ?>
    233233            <table border=1 cellspacing="0" cellpadding="5" bordercolor="#000000" style="border-collapse: collapse;">
    234234            <tr>
    235             <th><?php esc_html_e( 'Delete' ); ?></th>
    236             <th><?php esc_html_e( 'Name' ); ?></th>
    237             <th><?php esc_html_e( 'Date/time' ); ?></th>
    238             <th><?php esc_html_e( 'Size' ); ?></th>
    239             <th><?php esc_html_e( 'Action' ); ?></th>
     235            <th><?php esc_html_e( 'Delete', 'moving-contents' ); ?></th>
     236            <th><?php esc_html_e( 'Name', 'moving-contents' ); ?></th>
     237            <th><?php esc_html_e( 'Date/time', 'moving-contents' ); ?></th>
     238            <th><?php esc_html_e( 'Size', 'moving-contents' ); ?></th>
     239            <th><?php esc_html_e( 'Action', 'moving-contents' ); ?></th>
    240240            </tr>
    241241            <?php
     
    266266                    </td>
    267267                    <td>
    268                     <button type="button" class="button button-large" onclick="location.href='<?php echo esc_url( $json_fileurl ); ?>'"><?php esc_html_e( 'View' ); ?></button>
     268                    <button type="button" class="button button-large" onclick="location.href='<?php echo esc_url( $json_fileurl ); ?>'"><?php esc_html_e( 'View', 'moving-contents' ); ?></button>
    269269                    &nbsp;
    270270                    <a href="<?php echo esc_url( $json_fileurl ); ?>" download="<?php echo esc_attr( $value ); ?>"><button type="button" class="button button-large"><?php esc_html_e( 'Download', 'moving-contents' ); ?></button></a>
     
    276276            ?>
    277277            </table>
    278             <?php submit_button( __( 'Delete' ), 'large', 'Djson', true ); ?>
     278            <?php submit_button( __( 'Delete', 'moving-contents' ), 'large', 'Djson', true ); ?>
    279279            </div>
    280280            <?php
     
    296296
    297297        if ( ! current_user_can( 'manage_options' ) ) {
    298             wp_die( esc_html__( 'You do not have sufficient permissions to access this page.' ) );
     298            wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'moving-contents' ) );
    299299        }
    300300
     
    310310        if ( isset( $_SERVER['CONTENT_LENGTH'] ) && ! empty( $_SERVER['CONTENT_LENGTH'] ) ) {
    311311            if ( 0 < $max_upload_size && $max_upload_size < intval( $_SERVER['CONTENT_LENGTH'] ) ) {
    312                 echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'This is larger than the maximum size. Please try another.' ) . '</li></ul></div>';
     312                echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'This is larger than the maximum size. Please try another.', 'moving-contents' ) . '</li></ul></div>';
    313313            }
    314314        }
     
    318318                if ( ! empty( $_POST['max_execution_time'] ) ) {
    319319                    update_option( 'moving_contents_max_execution_time', absint( $_POST['max_execution_time'] ) );
    320                     echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings' ) . ' --> ' . __( 'Changes saved.' ) ) . '</li></ul></div>';
     320                    echo '<div class="notice notice-success is-dismissible"><ul><li>' . esc_html( __( 'Settings', 'moving-contents' ) . ' --> ' . __( 'Changes saved.', 'moving-contents' ) ) . '</li></ul></div>';
    321321                }
    322322            }
     
    343343                        $filetype = wp_check_filetype( $filename );
    344344                        if ( ! $filetype['ext'] && ! current_user_can( 'unfiltered_upload' ) ) {
    345                             echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Sorry, this file type is not permitted for security reasons.' ) . '</li></ul></div>';
     345                            echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Sorry, this file type is not permitted for security reasons.', 'moving-contents' ) . '</li></ul></div>';
    346346                        } else {
    347347                            $filetype2 = wp_check_filetype( $filename, array( $filetype['ext'] => $mimetype ) );
     
    392392                                    wp_delete_file( $json_file );
    393393                                } else {
    394                                     echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Could not copy file.' ) . '</li></ul></div>';
     394                                    echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Could not copy file.', 'moving-contents' ) . '</li></ul></div>';
    395395                                }
    396396                            } else {
    397                                 echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Sorry, this file type is not permitted for security reasons.' ) . '</li></ul></div>';
     397                                echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'Sorry, this file type is not permitted for security reasons.', 'moving-contents' ) . '</li></ul></div>';
    398398                            }
    399399                        }
    400400                    } else {
    401                         echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'No such file exists! Double check the name and try again.' ) . '</li></ul></div>';
     401                        echo '<div class="notice notice-error is-dismissible"><ul><li>' . esc_html__( 'No such file exists! Double check the name and try again.', 'moving-contents' ) . '</li></ul></div>';
    402402                    }
    403403                }
     
    408408        <div class="wrap">
    409409
    410         <h2>Moving Contents <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" style="text-decoration: none;"><?php esc_html_e( 'Import' ); ?></a>
    411             <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Export' ); ?></a>
     410        <h2>Moving Contents <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" style="text-decoration: none;"><?php esc_html_e( 'Import', 'moving-contents' ); ?></a>
     411            <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Export', 'moving-contents' ); ?></a>
    412412            <?php
    413413            if ( class_exists( 'MovingUsers' ) ) {
     
    444444            <form method="post" action="<?php echo esc_url( $scriptname ); ?>" enctype="multipart/form-data">
    445445            <?php wp_nonce_field( 'mc_file_load', 'movingcontents_import_file_load' ); ?>
    446             <strong><?php esc_html_e( 'Database' ); ?></strong>
     446            <strong><?php esc_html_e( 'Database', 'moving-contents' ); ?></strong>
    447447                <div style="margin: 5px; padding: 5px;">
    448448                <input type="checkbox" name="all_clear" value="1" checked="checked" />
     
    451451                </div>
    452452            <hr>
    453             <strong><?php esc_html_e( 'User' ); ?></strong>
     453            <strong><?php esc_html_e( 'User', 'moving-contents' ); ?></strong>
    454454                <div style="margin: 5px; padding: 5px;">
    455455                <input type="checkbox" name="current_user_id" value="1" />
     
    464464            <table border=1 cellspacing="0" cellpadding="5" bordercolor="#000000" style="border-collapse: collapse;">
    465465            <tr>
    466             <th><?php echo esc_html( __( 'Original site', 'moving-contents' ) . '[' . __( 'User' ) . ' ID' ); ?>]</th>
    467             <th><?php echo esc_html( __( 'Current site', 'moving-contents' ) . '[' . __( 'Username' ) . ' : ' . __( 'User' ) . ' ID' ); ?>]</th>
     466            <th><?php echo esc_html( __( 'Original site', 'moving-contents' ) . '[' . __( 'User', 'moving-contents' ) . ' ID' ); ?>]</th>
     467            <th><?php echo esc_html( __( 'Current site', 'moving-contents' ) . '[' . __( 'Username', 'moving-contents' ) . ' : ' . __( 'User', 'moving-contents' ) . ' ID' ); ?>]</th>
    468468            </tr>
    469469            <?php
     
    496496            <hr>
    497497
    498             <strong><?php esc_html_e( 'Content' ); ?></strong>
     498            <strong><?php esc_html_e( 'Content', 'moving-contents' ); ?></strong>
    499499            <div style="margin: 5px; padding: 5px;">
    500500            <?php esc_html_e( 'Replace all URLs in the content as follows.', 'moving-contents' ); ?>
     
    536536                    <p class="description">
    537537                    <?php echo wp_kses_post( $max_execution_time_text ); ?>:<input type="number" step="1" min="1" max="9999" style="width: 80px;" name="max_execution_time" value="<?php echo esc_attr( $max_execution_time ); ?>" />
    538                     <?php submit_button( __( 'Change' ), 'large', 'C_max_execution_time', false ); ?>
     538                    <?php submit_button( __( 'Change', 'moving-contents' ), 'large', 'C_max_execution_time', false ); ?>
    539539                    </p>
    540540                    <?php
     
    554554            <?php
    555555            /* translators: Maximum upload file size */
    556             echo esc_html( sprintf( __( 'Maximum upload file size: %s.' ), $limit_str ) );
     556            echo esc_html( sprintf( __( 'Maximum upload file size: %s.', 'moving-contents' ), $limit_str ) );
    557557            ?>
    558558            </div>
     
    576576
    577577        if ( ! current_user_can( 'manage_options' ) ) {
    578             wp_die( esc_html__( 'You do not have sufficient permissions to access this page.' ) );
     578            wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'moving-contents' ) );
    579579        }
    580580
     
    583583
    584584        <h2>Moving Contents
    585             <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Export' ); ?></a>
    586             <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Import' ); ?></a>
     585            <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-generate-json' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Export', 'moving-contents' ); ?></a>
     586            <a href="<?php echo esc_url( admin_url( 'admin.php?page=movingcontents-update-db' ) ); ?>" class="page-title-action"><?php esc_html_e( 'Import', 'moving-contents' ); ?></a>
    587587            <?php
    588588            if ( class_exists( 'MovingUsers' ) ) {
     
    652652            }
    653653        }
    654         $plugin_version = __( 'Version:' ) . ' ' . $plugin_ver_num;
     654        $plugin_version = __( 'Version:', 'moving-contents' ) . ' ' . $plugin_ver_num;
    655655        /* translators: FAQ Link & Slug */
    656656        $faq       = sprintf( __( 'https://wordpress.org/plugins/%s/faq', 'moving-contents' ), $slug );
     
    673673        <?php
    674674        /* translators: Plugin translation link */
    675         echo esc_html( sprintf( __( 'Translations for %s' ), $plugin_name ) );
     675        echo esc_html( sprintf( __( 'Translations for %s', 'moving-contents' ), $plugin_name ) );
    676676        ?>
    677677        </a> | <a style="text-decoration: none;" href="<?php echo esc_url( $facebook ); ?>" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-facebook"></span></a> | <a style="text-decoration: none;" href="<?php echo esc_url( $twitter ); ?>" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-twitter"></span></a> | <a style="text-decoration: none;" href="<?php echo esc_url( $youtube ); ?>" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-video-alt3"></span></a>
     
    682682        <h3><?php esc_html_e( 'Please make a donation if you like my work or would like to further the development of this plugin.', 'moving-contents' ); ?></h3>
    683683        <div style="text-align: right; margin: 5px; padding: 5px;"><span style="padding: 3px; color: #ffffff; background-color: #008000">Plugin Author</span> <span style="font-weight: bold;">Katsushi Kawamori</span></div>
    684         <button type="button" style="margin: 5px; padding: 5px;" onclick="window.open('<?php echo esc_url( $donate ); ?>')"><?php esc_html_e( 'Donate to this plugin &#187;' ); ?></button>
     684        <button type="button" style="margin: 5px; padding: 5px;" onclick="window.open('<?php echo esc_url( $donate ); ?>')"><?php esc_html_e( 'Donate to this plugin &#187;', 'moving-contents' ); ?></button>
    685685        </div>
    686686

  • moving-contents/trunk/movingcontents.php

    r3092627 r3244712  
    44 * Plugin URI:  https://wordpress.org/plugins/moving-contents/
    55 * Description: Supports the transfer of Contents between servers.
    6  * Version:     1.11
     6 * Version:     1.12
    77 * Author:      Katsushi Kawamori
    88 * Author URI:  https://riverforest-wp.info/

  • moving-contents/trunk/readme.txt

    r3182717 r3244712  
    66Requires PHP: 8.0
    77Tested up to: 6.7
    8 Stable tag: 1.11
     8Stable tag: 1.12
    99License: GPLv2 or later
    1010License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    5858== Changelog ==
    5959
     60= [1.12] 2025/02/22 =
     61* Fix - Sanitize file names when deleting json files.
     62
    6063= [1.11] 2024/05/26 =
    6164* Fix - Fixed problem with import files not being copied.
     
    9699= 1.00 =
    97100Initial release.
     101
     102== Upgrade Notice ==
     103
     104= 1.12 =
     105Security measures.
     106
     107= 1.00 =
     108Initial release.
     109
Note: See TracChangeset for help on using the changeset viewer.