PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.0.1
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.0.1
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Backup / BackupDownload.php
wp-staging / Backup Last commit date
Ajax 2 years ago BackgroundProcessing 2 years ago Dto 2 years ago Entity 2 years ago Exceptions 3 years ago Job 2 years ago Request 2 years ago Service 2 years ago Storage 3 years ago Task 2 years ago AfterRestore.php 3 years ago BackupDeleter.php 3 years ago BackupDownload.php 3 years ago BackupProcessLock.php 3 years ago BackupRepairer.php 3 years ago BackupScheduler.php 3 years ago BackupServiceProvider.php 2 years ago BackupValidator.php 3 years ago WithBackupIdentifier.php 3 years ago wpstgBackupHeader.txt 3 years ago
BackupDownload.php
58 lines
1 <?php
2
3 namespace WPStaging\Backup;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Facades\Sanitize;
7 use WPStaging\Framework\Security\Capabilities;
8 use WPStaging\Backup\Service\BackupsFinder;
9
10 class BackupDownload
11 {
12 public function listenDownload()
13 {
14 // Early bail: Not a download request.
15 if (!isset($_GET['wpstgBackupDownloadMd5'])) {
16 return;
17 }
18
19 // Early bail: Not enough access to download.
20 if (!current_user_can((new Capabilities())->manageWPSTG())) {
21 die('Not enough access.');
22 }
23
24 // Early bail: Invalid nonce, request does not come from expected context.
25 if (!isset($_GET['wpstgBackupDownloadNonce']) || !wp_verify_nonce($_GET['wpstgBackupDownloadNonce'], 'wpstg_download_nonce')) {
26 die('Invalid nonce.');
27 }
28
29 // Early bail: Invalid MD5.
30 $wpstgMd5 = Sanitize::sanitizeString($_GET['wpstgBackupDownloadMd5']);
31 if (!isset($_GET['wpstgBackupDownloadMd5']) || !preg_match('/^[a-f0-9]{32}$/', $wpstgMd5)) {
32 die('Invalid MD5.');
33 }
34
35 try {
36 // Not using DI here since this runs on every request, so it can early bail without building dependencies.
37 $backup = WPStaging::getInstance()->getContainer()->make(BackupsFinder::class)->findBackupByMd5Hash($wpstgMd5);
38 } catch (\Exception $e) {
39 die($e->getMessage());
40 }
41
42 // Clean the outbut buffer to avoid issues with the file content
43 while (ob_get_level() > 0) {
44 ob_end_clean();
45 }
46
47 header('Content-Description: File Transfer');
48 header('Content-Type: application/octet-stream');
49 header('Content-Disposition: attachment; filename="' . $backup->getBasename() . '"');
50 header('Expires: 0');
51 header('Cache-Control: must-revalidate');
52 header('Pragma: public');
53 header('Content-Length: ' . $backup->getSize());
54 readfile($backup->getPathname());
55 exit;
56 }
57 }
58