banner
2 years ago
check
2 years ago
cli
2 years ago
cron
2 years ago
dashboard
2 years ago
database
2 years ago
extracter
2 years ago
htaccess
2 years ago
progress
2 years ago
scanner
2 years ago
staging
2 years ago
uploader
2 years ago
zipper
2 years ago
activation.php
2 years ago
ajax.php
2 years ago
analyst.php
2 years ago
backup-cli.php
2 years ago
backup-heart.php
2 years ago
bypasser.php
2 years ago
cli-handler.php
2 years ago
compatibility.php
2 years ago
config.php
2 years ago
constants.php
2 years ago
initializer.php
2 years ago
logger.php
2 years ago
restore-batching.php
2 years ago
restore-batching.php
67 lines
| 1 | <?php |
| 2 | |
| 3 | // Namespace |
| 4 | namespace BMI\Plugin; |
| 5 | |
| 6 | // Exit on GET access |
| 7 | if (!(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' && isset($_POST['bmi_restore_secret']))) { |
| 8 | echo 'Access denied!'; |
| 9 | exit; |
| 10 | } |
| 11 | |
| 12 | // Double check because why not |
| 13 | if (empty($_POST)) exit; |
| 14 | if (!isset($_POST['bmi_restore_secret'])) exit; |
| 15 | |
| 16 | // Find WordPress Path |
| 17 | function bmi_find_wordpress_base_path() { |
| 18 | |
| 19 | $dir = dirname(__FILE__); |
| 20 | $previous = null; |
| 21 | |
| 22 | do { |
| 23 | |
| 24 | if (file_exists($dir . '/wp-config.php')) return $dir; |
| 25 | if ($previous == $dir) break; |
| 26 | $previous = $dir; |
| 27 | |
| 28 | } while ($dir = dirname($dir)); |
| 29 | |
| 30 | return null; |
| 31 | |
| 32 | } |
| 33 | |
| 34 | // Validate the secret |
| 35 | if (gettype($_POST['bmi_restore_secret']) == 'string' && strlen($_POST['bmi_restore_secret']) == '64') { |
| 36 | |
| 37 | // For now we don't trust the user |
| 38 | $bmi_continue_module = false; |
| 39 | |
| 40 | // Check the secret |
| 41 | $bmi_secret_storage = __DIR__ . '/htaccess/.restore_secret'; |
| 42 | if (file_exists($bmi_secret_storage)) { |
| 43 | $bmi_saved_secret = file_get_contents($bmi_secret_storage); |
| 44 | if ($bmi_saved_secret === $_POST['bmi_restore_secret']) { |
| 45 | $bmi_continue_module = true; |
| 46 | } else exit; |
| 47 | } else exit; |
| 48 | |
| 49 | // Set definition for handler |
| 50 | define('BMI_RESTORE_SECRET', $_POST['bmi_restore_secret']); |
| 51 | define('BMI_POST_CONTINUE_RESTORE', true); |
| 52 | |
| 53 | // Tell WP to not use Themes and set Base Path |
| 54 | define('BASE_PATH', bmi_find_wordpress_base_path() . '/'); |
| 55 | define('WP_USE_THEMES', false); |
| 56 | |
| 57 | // Third time just for sure |
| 58 | if ($bmi_continue_module === true) { |
| 59 | |
| 60 | // Use WP Globals and load WordPress |
| 61 | global $wp, $wp_query, $wp_the_query, $wp_rewrite, $wp_did_header; |
| 62 | require_once BASE_PATH . 'wp-load.php'; |
| 63 | |
| 64 | } |
| 65 | |
| 66 | } |
| 67 |