upgrade.php — Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.4.0

really-simple-ssl / upgrade.php

really-simple-ssl Last commit date

assets 11 months ago languages 11 months ago lets-encrypt 1 year ago lib 1 year ago mailer 1 year ago modal 11 months ago onboarding 1 year ago placeholders 1 year ago progress 1 year ago security 11 months ago settings 11 months ago testssl 5 years ago upgrade 1 year ago class-admin.php 1 year ago class-cache.php 2 years ago class-certificate.php 2 years ago class-front-end.php 1 year ago class-installer.php 1 year ago class-mixed-content-fixer.php 3 years ago class-multisite.php 1 year ago class-server.php 1 year ago class-site-health.php 1 year ago class-wp-cli.php 11 months ago compatibility.php 1 year ago force-deactivate.txt 1 year ago functions.php 1 year ago index.php 2 years ago readme.txt 11 months ago rector.php 1 year ago rlrsssl-really-simple-ssl.php 11 months ago rsssl-auto-loader.php 1 year ago security.md 2 years ago ssl-test-page.php 2 years ago system-status.php 1 year ago uninstall.php 1 year ago upgrade.php 11 months ago

upgrade.php

258 lines

1	<?php
2	defined( 'ABSPATH' ) or die();
3
4	add_action( 'plugins_loaded', 'rsssl_upgrade', 20 );
5	function rsssl_upgrade() {
6
7	#only run upgrade check if cron, or if admin.
8	if ( ! rsssl_admin_logged_in() ) {
9	return;
10	}
11
12	$prev_version = get_option( 'rsssl_current_version', false );
13
14	//no version change, skip upgrade.
15	if ( $prev_version && version_compare( $prev_version, rsssl_version, '==' ) ) {
16	return;
17	}
18	//dismiss notices that should be dismissed on plugin upgrade
19	if ( $prev_version && version_compare( $prev_version, rsssl_version, '!=' ) ) {
20	// $dismiss_options = RSSSL()->admin->get_notices_list(
21	// array(
22	// 'dismiss_on_upgrade' => true,
23	// )
24	// );
25	$dismiss_options = ['mixed_content_scan']; // Temporary fix for translation issues on plugins_loaded.
26	foreach ( $dismiss_options as $dismiss_option ) {
27	if ( !is_string($dismiss_option) ) continue;
28	update_option( 'rsssl_' . $dismiss_option . '_dismissed', true, false );
29	}
30	delete_transient( 'rsssl_plusone_count' );
31	}
32
33	if ( $prev_version && version_compare( $prev_version, '5.1.3', '<=' ) ) {
34	if ( get_option( 'rsssl_disable_ocsp' ) ) {
35	$options = get_option( 'rsssl_options_lets-encrypt' );
36	$options['disable_ocsp'] = true;
37	update_option( 'rsssl_options_lets-encrypt', $options, false );
38	delete_option( 'rsssl_disable_ocsp' );
39	}
40	}
41
42	if ( $prev_version && version_compare( $prev_version, '5.3.0', '<=' ) ) {
43	if ( file_exists( RSSSL()->admin->htaccess_file() ) && is_writable( RSSSL()->admin->htaccess_file() ) ) {
44	$htaccess = file_get_contents( RSSSL()->admin->htaccess_file() );
45	$pattern_start = '/rlrssslReallySimpleSSL rsssl_version\[.*.]/';
46	if ( preg_match_all( $pattern_start, $htaccess ) ) {
47	$htaccess = preg_replace( $pattern_start, 'Really Simple Security Redirect ' . rsssl_version, $htaccess );
48	$htaccess = str_replace( 'rlrssslReallySimpleSSL', 'Really Simple Security Redirect', $htaccess );
49	file_put_contents( RSSSL()->admin->htaccess_file(), $htaccess );
50	}
51	}
52	}
53
54	if ( $prev_version && version_compare( $prev_version, '6.0.0', '<' ) ) {
55	delete_option( 'rsssl_admin_notices' );
56	update_option( 'rsssl_show_onboarding', true, false );
57	//upgrade both site and network settings
58	$options = get_option( 'rlrsssl_options' );
59	if ( is_multisite() && rsssl_is_networkwide_active() ) {
60	$new_options = get_site_option( 'rsssl_options', [] );
61	} else {
62	$new_options = get_option( 'rsssl_options', [] );
63	}
64
65	$ssl_enabled = isset( $options['ssl_enabled'] ) ? $options['ssl_enabled'] : false;
66	$new_options['ssl_enabled'] = (bool) $ssl_enabled;
67
68	$autoreplace_insecure_links = isset( $options['autoreplace_insecure_links'] ) ? $options['autoreplace_insecure_links'] : true;
69	$new_options['mixed_content_fixer'] = (bool) $autoreplace_insecure_links;
70
71	$wp_redirect = isset( $options['wp_redirect'] ) ? $options['wp_redirect'] : false;
72	$htaccess_redirect = isset( $options['htaccess_redirect'] ) ? $options['htaccess_redirect'] : false;
73	$redirect = 'none;';
74	if ( $htaccess_redirect ) {
75	$redirect = 'htaccess';
76	} elseif ( $wp_redirect ) {
77	$redirect = 'wp_redirect';
78	}
79	$new_options['redirect'] = sanitize_title( $redirect );
80
81	$do_not_edit_htaccess = isset( $options['do_not_edit_htaccess'] ) ? $options['do_not_edit_htaccess'] : false;
82	$new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess;
83
84	$dismiss_all_notices = isset( $options['dismiss_all_notices'] ) ? $options['dismiss_all_notices'] : false;
85	$new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices;
86
87	$switch_mixed_content_fixer_hook = isset( $options['switch_mixed_content_fixer_hook'] ) ? $options['switch_mixed_content_fixer_hook'] : false;
88	$new_options['switch_mixed_content_fixer_hook'] = (bool) $switch_mixed_content_fixer_hook;
89
90	delete_option( 'rsssl_upgraded_to_four' );
91
92	/**
93	* Multisite
94	*/
95	if ( is_multisite() && rsssl_is_networkwide_active() ) {
96	$network_options = get_site_option( 'rlrsssl_network_options' );
97	$enabled_network_wide = isset( $network_options['ssl_enabled_networkwide'] ) ? $network_options['ssl_enabled_networkwide'] : false;
98	if ( $ssl_enabled && $enabled_network_wide ) {
99	update_site_option( 'rsssl_network_activation_status', 'completed' );
100	} elseif ( $ssl_enabled ) {
101	//convert entire site to SSL
102	RSSSL()->multisite->start_ssl_activation();
103	}
104	//ensure this doesn't run again
105	$network_options['ssl_enabled_networkwide'] = false;
106	update_site_option( 'rlrsssl_network_options', $network_options );
107
108	$dismiss_all_notices = isset( $network_options['dismiss_all_notices'] ) ? $network_options['dismiss_all_notices'] : false;
109	$new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices;
110
111	$wp_redirect = isset( $network_options['wp_redirect'] ) ? $network_options['wp_redirect'] : false;
112	if ( $wp_redirect ) {
113	$redirect = 'wp_redirect';
114	}
115	$htaccess_redirect = isset( $network_options['htaccess_redirect'] ) ? $network_options['htaccess_redirect'] : false;
116	if ( $htaccess_redirect ) {
117	$redirect = 'htaccess';
118	}
119	$new_options['redirect'] = sanitize_title( $redirect );
120
121	$do_not_edit_htaccess = isset( $network_options['do_not_edit_htaccess'] ) ? $network_options['do_not_edit_htaccess'] : false;
122	$new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess;
123
124	$autoreplace_mixed_content = isset( $network_options['autoreplace_mixed_content'] ) ? $network_options['autoreplace_mixed_content'] : false;
125	$new_options['mixed_content_fixer'] = (bool) $autoreplace_mixed_content;
126
127	//upgrade lets encrypt options
128	$le_options = get_option( 'rsssl_options_lets-encrypt' );
129	$verification_type = get_option( 'rsssl_verification_type' );
130	if ( $verification_type ) {
131	$new_options['verification_type'] = strtolower( sanitize_title( $verification_type ) );
132	}
133	if ( ! empty( $le_options ) ) {
134	foreach ( $options as $fieldname => $value ) {
135	$new_options[ $fieldname ] = sanitize_text_field( $value );
136	}
137	}
138	}
139
140	if ( is_multisite() && rsssl_is_networkwide_active() ) {
141	update_site_option( 'rsssl_options', $new_options );
142	} else {
143	update_option( 'rsssl_options', $new_options );
144	}
145	update_option( 'rsssl_flush_rewrite_rules', time() );
146	}
147
148	#clean up old rest api optimizer on upgrade
149	if ( $prev_version && version_compare( $prev_version, '6.0.5', '<' ) ) {
150	if ( file_exists( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' ) ) {
151	unlink( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' );
152	}
153	}
154
155	#clear notices cache for multisite on upgrade, for the subsite notice
156	if ( version_compare( $prev_version, '6.0.9', '<' ) ) {
157	if ( is_multisite() ) {
158	delete_option( 'rsssl_admin_notices' );
159	}
160	}
161
162	#ensure administrators have the manage_security capability
163	if ( version_compare( $prev_version, '6.0.10', '<' ) ) {
164	rsssl_add_manage_security_capability();
165	}
166
167	#move notices transient to option, for better persistence
168	if ( $prev_version && version_compare( $prev_version, '6.0.13', '<' ) ) {
169	$notices = get_transient( 'rsssl_admin_notices' );
170	$plus_ones = get_transient( 'rsssl_plusone_count' );
171	update_option( 'rsssl_admin_notices', $notices );
172	update_option( 'rsssl_plusone_count', $plus_ones );
173	}
174
175	if ( $prev_version && version_compare( $prev_version, '6.2.3', '<' ) ) {
176	//rsssl_update_option( 'send_notifications_email', 1 );
177	//do not use rsssl_update_option as it will load all fields, causing translation issues on plugins_loaded hook.
178	$options = get_option('rsssl_options', []);
179	if ( !is_array($options) ) $options = [];
180	$options['send_notifications_email'] = 1;
181	update_option( 'rsssl_options', $options);
182	}
183
184	if ( $prev_version && version_compare( $prev_version, '6.2.4', '<' ) ) {
185	delete_option( 'rsssl_6_upgrade_completed' );
186	}
187
188	if ( $prev_version && version_compare( $prev_version, '7.1.0', '<' ) ) {
189	do_action( 'rsssl_update_rules' );
190	}
191
192	// Update the config to auto prepend
193	if ( $prev_version && version_compare( $prev_version, '8.0', '<' ) ) {
194	RSSSL_SECURITY()->firewall_manager->update_wp_config_rule();
195	}
196	//free
197	if ( $prev_version && version_compare( $prev_version, '8.1.2', '<' ) ) {
198	do_action('rsssl_update_rules');
199	}
200
201	if ( $prev_version && version_compare( $prev_version, '8.3.0', '<' ) ) {
202	wp_clear_scheduled_hook('rsssl_pro_every_hour_hook');
203	wp_clear_scheduled_hook('rsssl_pro_every_day_hook');
204	wp_clear_scheduled_hook('rsssl_pro_five_minutes_hook');
205	wp_clear_scheduled_hook('rsssl_le_every_week_hook');
206	wp_clear_scheduled_hook('rsssl_le_every_day_hook');
207
208	//split rsssl_key in two options so we can upgrade separately
209	$key = get_option( 'rsssl_key');
210	$site_key = get_site_option( 'rsssl_key');
211	if ( $key ) {
212	update_option( 'rsssl_license_key', $key, false );
213	}
214	if ( $site_key ) {
215	update_site_option( 'rsssl_le_key', $site_key );
216	}
217
218	delete_site_option('rsssl_key');
219	delete_option('rsssl_key');
220	update_option('rsssl_upgrade_le_key', true, false);
221	}
222
223	if ( $prev_version && version_compare( $prev_version, '9.0', '<' ) ) {
224	// Replace Really Simple SSL with Really Simple Security in wp-config.php, .htaccess,
225	// advanced-headers.php
226	RSSSL()->admin->update_branding_in_files();
227	RSSSL()->admin->clear_admin_notices_cache();
228	}
229
230	if ( $prev_version && version_compare( $prev_version, '9.1.1', '<' ) ) {
231	do_action('rsssl_update_rules');
232	}
233	if ( $prev_version && version_compare( $prev_version, '9.1.1.1', '<=' ) ) {
234	update_option('rsssl_reset_fix', true, false);
235	}
236
237	// Fetch Google crawler IP's when Geo Block is enabled
238	if ( $prev_version && version_compare( $prev_version, '9.3.6', '<=' ) ) {
239	if ( class_exists( '\RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block' ) ) {
240	// Trigger action to update rules
241	do_action( 'rsssl_update_rules' );
242	$geo_block = \RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block::get_instance();
243	$geo_block->fetch_google_crawler_ips();
244	}
245	}
246
247	//don't clear on each update.
248	//RSSSL()->admin->clear_admin_notices_cache();
249
250	//delete in future upgrade. We want to check the review notice dismissed as fallback still.
251	//delete_option( 'rlrsssl_options' );
252	//delete_site_option( 'rlrsssl_network_options' );
253	//delete_option( 'rsssl_options_lets-encrypt' );
254	update_option( 'rsssl_previous_version', $prev_version, false );
255	do_action( 'rsssl_upgrade', $prev_version );
256	update_option( 'rsssl_current_version', rsssl_version, false );
257	}
258