really-simple-ssl
Last commit date
assets
4 weeks ago
core
4 weeks ago
languages
4 weeks ago
lets-encrypt
4 weeks ago
lib
4 weeks ago
mailer
4 weeks ago
modal
4 weeks ago
placeholders
4 weeks ago
progress
4 weeks ago
security
4 weeks ago
settings
4 weeks ago
testssl
4 weeks ago
upgrade
4 weeks ago
.wp-env.json
4 weeks ago
SECURITY.md
4 weeks ago
class-admin.php
4 weeks ago
class-cache.php
4 weeks ago
class-certificate.php
4 weeks ago
class-front-end.php
4 weeks ago
class-installer.php
4 weeks ago
class-mixed-content-fixer.php
4 weeks ago
class-multisite.php
4 weeks ago
class-server.php
4 weeks ago
class-site-health.php
4 weeks ago
class-wp-cli.php
4 weeks ago
compatibility.php
4 weeks ago
force-deactivate.txt
4 weeks ago
functions.php
4 weeks ago
index.php
4 weeks ago
readme.txt
4 weeks ago
rector.php
4 weeks ago
rlrsssl-really-simple-ssl.php
4 weeks ago
rsssl-auto-loader.php
4 weeks ago
sbom.json.gz
4 weeks ago
ssl-test-page.php
4 weeks ago
system-status.php
4 weeks ago
uninstall.php
4 weeks ago
upgrade.php
4 weeks ago
upgrade.php
313 lines
| 1 | <?php |
| 2 | |
| 3 | use RSSSL\Security\RSSSL_Htaccess_File_Manager; |
| 4 | |
| 5 | defined( 'ABSPATH' ) or die(); |
| 6 | |
| 7 | add_action( 'plugins_loaded', 'rsssl_upgrade', 20 ); |
| 8 | function rsssl_upgrade() { |
| 9 | |
| 10 | #only run upgrade check if cron, or if admin. |
| 11 | if ( ! rsssl_admin_logged_in() ) { |
| 12 | return; |
| 13 | } |
| 14 | |
| 15 | $prev_version = get_option( 'rsssl_current_version', false ); |
| 16 | |
| 17 | //no version change, skip upgrade. |
| 18 | if ( $prev_version && version_compare( $prev_version, rsssl_version, '==' ) ) { |
| 19 | return; |
| 20 | } |
| 21 | //dismiss notices that should be dismissed on plugin upgrade |
| 22 | if ( $prev_version && version_compare( $prev_version, rsssl_version, '!=' ) ) { |
| 23 | // $dismiss_options = RSSSL()->admin->get_notices_list( |
| 24 | // array( |
| 25 | // 'dismiss_on_upgrade' => true, |
| 26 | // ) |
| 27 | // ); |
| 28 | $dismiss_options = ['mixed_content_scan']; // Temporary fix for translation issues on plugins_loaded. |
| 29 | foreach ( $dismiss_options as $dismiss_option ) { |
| 30 | if ( !is_string($dismiss_option) ) continue; |
| 31 | update_option( 'rsssl_' . $dismiss_option . '_dismissed', true, false ); |
| 32 | } |
| 33 | delete_transient( 'rsssl_plusone_count' ); |
| 34 | } |
| 35 | |
| 36 | if ( $prev_version && version_compare( $prev_version, '5.1.3', '<=' ) ) { |
| 37 | if ( get_option( 'rsssl_disable_ocsp' ) ) { |
| 38 | $options = get_option( 'rsssl_options_lets-encrypt' ); |
| 39 | $options['disable_ocsp'] = true; |
| 40 | update_option( 'rsssl_options_lets-encrypt', $options, false ); |
| 41 | delete_option( 'rsssl_disable_ocsp' ); |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | if ( $prev_version && version_compare( $prev_version, '5.3.0', '<=' ) ) { |
| 46 | $fileManager = RSSSL_Htaccess_File_Manager::get_instance(); |
| 47 | if ( $fileManager->validate_htaccess_file_path() ) { |
| 48 | $htaccess =$fileManager->get_htaccess_content(); |
| 49 | |
| 50 | // Safely match the legacy pattern: rlrssslReallySimpleSSL rsssl_version[...] |
| 51 | $pattern = '/rlrssslReallySimpleSSL\s+rsssl_version\[[^]]+]/'; |
| 52 | $replacement = 'Really Simple Security Redirect ' . rsssl_version; |
| 53 | |
| 54 | $updated = preg_replace( $pattern, $replacement, $htaccess ); |
| 55 | $updated = str_replace( 'rlrssslReallySimpleSSL', 'Really Simple Security Redirect', $updated ); |
| 56 | |
| 57 | // Only write if the updated content differs from the current content and is not empty. |
| 58 | if ( $updated !== $htaccess && ! empty( trim( $updated ) ) ) { |
| 59 | // Use an exclusive lock when writing to avoid race conditions with other writers. |
| 60 | file_put_contents( $fileManager->htaccess_file_path, $updated, LOCK_EX ); |
| 61 | } |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | if ( $prev_version && version_compare( $prev_version, '6.0.0', '<' ) ) { |
| 66 | delete_option( 'rsssl_admin_notices' ); |
| 67 | update_option( 'rsssl_show_onboarding', true, false ); |
| 68 | //upgrade both site and network settings |
| 69 | $options = get_option( 'rlrsssl_options' ); |
| 70 | if ( is_multisite() && rsssl_is_networkwide_active() ) { |
| 71 | $new_options = get_site_option( 'rsssl_options', [] ); |
| 72 | } else { |
| 73 | $new_options = get_option( 'rsssl_options', [] ); |
| 74 | } |
| 75 | |
| 76 | $ssl_enabled = isset( $options['ssl_enabled'] ) ? $options['ssl_enabled'] : false; |
| 77 | $new_options['ssl_enabled'] = (bool) $ssl_enabled; |
| 78 | |
| 79 | $autoreplace_insecure_links = isset( $options['autoreplace_insecure_links'] ) ? $options['autoreplace_insecure_links'] : true; |
| 80 | $new_options['mixed_content_fixer'] = (bool) $autoreplace_insecure_links; |
| 81 | |
| 82 | $wp_redirect = isset( $options['wp_redirect'] ) ? $options['wp_redirect'] : false; |
| 83 | $htaccess_redirect = isset( $options['htaccess_redirect'] ) ? $options['htaccess_redirect'] : false; |
| 84 | $redirect = 'none;'; |
| 85 | if ( $htaccess_redirect ) { |
| 86 | $redirect = 'htaccess'; |
| 87 | } elseif ( $wp_redirect ) { |
| 88 | $redirect = 'wp_redirect'; |
| 89 | } |
| 90 | $new_options['redirect'] = sanitize_title( $redirect ); |
| 91 | |
| 92 | $do_not_edit_htaccess = isset( $options['do_not_edit_htaccess'] ) ? $options['do_not_edit_htaccess'] : false; |
| 93 | $new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess; |
| 94 | |
| 95 | $dismiss_all_notices = isset( $options['dismiss_all_notices'] ) ? $options['dismiss_all_notices'] : false; |
| 96 | $new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices; |
| 97 | |
| 98 | $switch_mixed_content_fixer_hook = isset( $options['switch_mixed_content_fixer_hook'] ) ? $options['switch_mixed_content_fixer_hook'] : false; |
| 99 | $new_options['switch_mixed_content_fixer_hook'] = (bool) $switch_mixed_content_fixer_hook; |
| 100 | |
| 101 | delete_option( 'rsssl_upgraded_to_four' ); |
| 102 | |
| 103 | /** |
| 104 | * Multisite |
| 105 | */ |
| 106 | if ( is_multisite() && rsssl_is_networkwide_active() ) { |
| 107 | $network_options = get_site_option( 'rlrsssl_network_options' ); |
| 108 | $enabled_network_wide = isset( $network_options['ssl_enabled_networkwide'] ) ? $network_options['ssl_enabled_networkwide'] : false; |
| 109 | if ( $ssl_enabled && $enabled_network_wide ) { |
| 110 | update_site_option( 'rsssl_network_activation_status', 'completed' ); |
| 111 | } elseif ( $ssl_enabled ) { |
| 112 | //convert entire site to SSL |
| 113 | RSSSL()->multisite->start_ssl_activation(); |
| 114 | } |
| 115 | //ensure this doesn't run again |
| 116 | $network_options['ssl_enabled_networkwide'] = false; |
| 117 | update_site_option( 'rlrsssl_network_options', $network_options ); |
| 118 | |
| 119 | $dismiss_all_notices = isset( $network_options['dismiss_all_notices'] ) ? $network_options['dismiss_all_notices'] : false; |
| 120 | $new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices; |
| 121 | |
| 122 | $wp_redirect = isset( $network_options['wp_redirect'] ) ? $network_options['wp_redirect'] : false; |
| 123 | if ( $wp_redirect ) { |
| 124 | $redirect = 'wp_redirect'; |
| 125 | } |
| 126 | $htaccess_redirect = isset( $network_options['htaccess_redirect'] ) ? $network_options['htaccess_redirect'] : false; |
| 127 | if ( $htaccess_redirect ) { |
| 128 | $redirect = 'htaccess'; |
| 129 | } |
| 130 | $new_options['redirect'] = sanitize_title( $redirect ); |
| 131 | |
| 132 | $do_not_edit_htaccess = isset( $network_options['do_not_edit_htaccess'] ) ? $network_options['do_not_edit_htaccess'] : false; |
| 133 | $new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess; |
| 134 | |
| 135 | $autoreplace_mixed_content = isset( $network_options['autoreplace_mixed_content'] ) ? $network_options['autoreplace_mixed_content'] : false; |
| 136 | $new_options['mixed_content_fixer'] = (bool) $autoreplace_mixed_content; |
| 137 | |
| 138 | //upgrade lets encrypt options |
| 139 | $le_options = get_option( 'rsssl_options_lets-encrypt' ); |
| 140 | $verification_type = get_option( 'rsssl_verification_type' ); |
| 141 | if ( $verification_type ) { |
| 142 | $new_options['verification_type'] = strtolower( sanitize_title( $verification_type ) ); |
| 143 | } |
| 144 | if ( ! empty( $le_options ) ) { |
| 145 | foreach ( $options as $fieldname => $value ) { |
| 146 | $new_options[ $fieldname ] = sanitize_text_field( $value ); |
| 147 | } |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | if ( is_multisite() && rsssl_is_networkwide_active() ) { |
| 152 | update_site_option( 'rsssl_options', $new_options ); |
| 153 | } else { |
| 154 | update_option( 'rsssl_options', $new_options ); |
| 155 | } |
| 156 | update_option( 'rsssl_flush_rewrite_rules', time() ); |
| 157 | } |
| 158 | |
| 159 | #clean up old rest api optimizer on upgrade |
| 160 | if ( $prev_version && version_compare( $prev_version, '6.0.5', '<' ) ) { |
| 161 | if ( file_exists( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' ) ) { |
| 162 | unlink( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' ); |
| 163 | } |
| 164 | } |
| 165 | |
| 166 | #clear notices cache for multisite on upgrade, for the subsite notice |
| 167 | if ( version_compare( $prev_version, '6.0.9', '<' ) ) { |
| 168 | if ( is_multisite() ) { |
| 169 | delete_option( 'rsssl_admin_notices' ); |
| 170 | } |
| 171 | } |
| 172 | |
| 173 | #ensure administrators have the manage_security capability |
| 174 | if ( version_compare( $prev_version, '6.0.10', '<' ) ) { |
| 175 | rsssl_add_manage_security_capability(); |
| 176 | } |
| 177 | |
| 178 | #move notices transient to option, for better persistence |
| 179 | if ( $prev_version && version_compare( $prev_version, '6.0.13', '<' ) ) { |
| 180 | $notices = get_transient( 'rsssl_admin_notices' ); |
| 181 | $plus_ones = get_transient( 'rsssl_plusone_count' ); |
| 182 | update_option( 'rsssl_admin_notices', $notices ); |
| 183 | update_option( 'rsssl_plusone_count', $plus_ones ); |
| 184 | } |
| 185 | |
| 186 | if ( $prev_version && version_compare( $prev_version, '6.2.3', '<' ) ) { |
| 187 | //rsssl_update_option( 'send_notifications_email', 1 ); |
| 188 | //do not use rsssl_update_option as it will load all fields, causing translation issues on plugins_loaded hook. |
| 189 | $options = get_option('rsssl_options', []); |
| 190 | if ( !is_array($options) ) $options = []; |
| 191 | $options['send_notifications_email'] = 1; |
| 192 | update_option( 'rsssl_options', $options); |
| 193 | } |
| 194 | |
| 195 | if ( $prev_version && version_compare( $prev_version, '6.2.4', '<' ) ) { |
| 196 | delete_option( 'rsssl_6_upgrade_completed' ); |
| 197 | } |
| 198 | |
| 199 | if ( $prev_version && version_compare( $prev_version, '7.1.0', '<' ) ) { |
| 200 | do_action( 'rsssl_update_rules' ); |
| 201 | } |
| 202 | |
| 203 | // Update the config to auto prepend |
| 204 | if ( $prev_version && version_compare( $prev_version, '8.0', '<' ) ) { |
| 205 | RSSSL_SECURITY()->firewall_manager->update_wp_config_rule(); |
| 206 | } |
| 207 | //free |
| 208 | if ( $prev_version && version_compare( $prev_version, '8.1.2', '<' ) ) { |
| 209 | do_action('rsssl_update_rules'); |
| 210 | } |
| 211 | |
| 212 | if ( $prev_version && version_compare( $prev_version, '8.3.0', '<' ) ) { |
| 213 | wp_clear_scheduled_hook('rsssl_pro_every_hour_hook'); |
| 214 | wp_clear_scheduled_hook('rsssl_pro_every_day_hook'); |
| 215 | wp_clear_scheduled_hook('rsssl_pro_five_minutes_hook'); |
| 216 | wp_clear_scheduled_hook('rsssl_le_every_week_hook'); |
| 217 | wp_clear_scheduled_hook('rsssl_le_every_day_hook'); |
| 218 | |
| 219 | //split rsssl_key in two options so we can upgrade separately |
| 220 | $key = get_option( 'rsssl_key'); |
| 221 | $site_key = get_site_option( 'rsssl_key'); |
| 222 | if ( $key ) { |
| 223 | update_option( 'rsssl_license_key', $key, false ); |
| 224 | } |
| 225 | if ( $site_key ) { |
| 226 | update_site_option( 'rsssl_le_key', $site_key ); |
| 227 | } |
| 228 | |
| 229 | delete_site_option('rsssl_key'); |
| 230 | delete_option('rsssl_key'); |
| 231 | update_option('rsssl_upgrade_le_key', true, false); |
| 232 | } |
| 233 | |
| 234 | if ( $prev_version && version_compare( $prev_version, '9.0', '<' ) ) { |
| 235 | // Replace Really Simple SSL with Really Simple Security in wp-config.php, .htaccess, |
| 236 | // advanced-headers.php |
| 237 | RSSSL()->admin->update_branding_in_files(); |
| 238 | RSSSL()->admin->clear_admin_notices_cache(); |
| 239 | } |
| 240 | |
| 241 | if ( $prev_version && version_compare( $prev_version, '9.1.1', '<' ) ) { |
| 242 | do_action('rsssl_update_rules'); |
| 243 | } |
| 244 | if ( $prev_version && version_compare( $prev_version, '9.1.1.1', '<=' ) ) { |
| 245 | update_option('rsssl_reset_fix', true, false); |
| 246 | } |
| 247 | |
| 248 | // Fetch Google crawler IP's when Geo Block is enabled |
| 249 | if ( $prev_version && version_compare( $prev_version, '9.3.6', '<=' ) ) { |
| 250 | if ( class_exists( '\RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block' ) ) { |
| 251 | // Trigger action to update rules |
| 252 | do_action( 'rsssl_update_rules' ); |
| 253 | $geo_block = \RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block::get_instance(); |
| 254 | $geo_block->fetch_google_crawler_ips(); |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | // Upgrade .htaccess rules for sites using LiteSpeed cache |
| 259 | if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) { |
| 260 | // Check for LiteSpeed Cache plugin |
| 261 | if ( defined( 'LSCWP_V' ) && LSCWP_V ) { |
| 262 | do_action('rsssl_update_rules'); |
| 263 | } |
| 264 | } |
| 265 | |
| 266 | // Delete the ajax fallback option as it is no longer used. |
| 267 | if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) { |
| 268 | delete_option('rsssl_ajax_fallback_active'); |
| 269 | } |
| 270 | |
| 271 | // Upgrade .htaccess rules for sites using LiteSpeed cache |
| 272 | if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) { |
| 273 | // Check for LiteSpeed Cache plugin |
| 274 | if ( defined( 'LSCWP_V' ) && LSCWP_V ) { |
| 275 | do_action('rsssl_update_rules'); |
| 276 | } |
| 277 | } |
| 278 | |
| 279 | // Clean up old "No Index" marker and replace with clearer |
| 280 | // "Disable directory indexing" marker |
| 281 | if ( $prev_version && version_compare( $prev_version, '9.5.3.1', '<=' ) ) { |
| 282 | $fileManager = RSSSL_Htaccess_File_Manager::get_instance(); |
| 283 | if ( $fileManager->validate_htaccess_file_path() ) { |
| 284 | // Remove the old "No Index" marker if it exists |
| 285 | $fileManager->clear_legacy_rule( 'Really Simple Security No Index' ); |
| 286 | // If the disable_indexing option is enabled, the new marker will be |
| 287 | // added automatically when settings are saved or rules are updated |
| 288 | if ( rsssl_get_option( 'disable_indexing', false ) ) { |
| 289 | do_action('rsssl_update_rules'); |
| 290 | } |
| 291 | } |
| 292 | } |
| 293 | |
| 294 | // Upgrade uploads .htaccess to use IfModule syntax for Apache 2.2/2.4 compatibility. |
| 295 | // Fixes 500 errors on servers without mod_access_compat (Apache 2.4+ default). |
| 296 | if ( $prev_version && version_compare( $prev_version, '9.5.5', '<=' ) ) { |
| 297 | if ( rsssl_get_option( 'block_code_execution_uploads', false ) ) { |
| 298 | rsssl_handle_uploads_htaccess(); |
| 299 | } |
| 300 | } |
| 301 | |
| 302 | //don't clear on each update. |
| 303 | //RSSSL()->admin->clear_admin_notices_cache(); |
| 304 | |
| 305 | //delete in future upgrade. We want to check the review notice dismissed as fallback still. |
| 306 | //delete_option( 'rlrsssl_options' ); |
| 307 | //delete_site_option( 'rlrsssl_network_options' ); |
| 308 | //delete_option( 'rsssl_options_lets-encrypt' ); |
| 309 | update_option( 'rsssl_previous_version', $prev_version, false ); |
| 310 | do_action( 'rsssl_upgrade', $prev_version ); |
| 311 | update_option( 'rsssl_current_version', rsssl_version, false ); |
| 312 | } |
| 313 |