Ajax
2 years ago
BackgroundProcessing
2 years ago
Dto
2 years ago
Entity
2 years ago
Exceptions
3 years ago
Job
2 years ago
Request
2 years ago
Service
2 years ago
Storage
3 years ago
Task
2 years ago
AfterRestore.php
3 years ago
BackupDeleter.php
3 years ago
BackupDownload.php
3 years ago
BackupProcessLock.php
3 years ago
BackupRepairer.php
3 years ago
BackupScheduler.php
3 years ago
BackupServiceProvider.php
2 years ago
BackupValidator.php
3 years ago
WithBackupIdentifier.php
3 years ago
wpstgBackupHeader.txt
3 years ago
BackupDownload.php
58 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Backup; |
| 4 | |
| 5 | use WPStaging\Core\WPStaging; |
| 6 | use WPStaging\Framework\Facades\Sanitize; |
| 7 | use WPStaging\Framework\Security\Capabilities; |
| 8 | use WPStaging\Backup\Service\BackupsFinder; |
| 9 | |
| 10 | class BackupDownload |
| 11 | { |
| 12 | public function listenDownload() |
| 13 | { |
| 14 | // Early bail: Not a download request. |
| 15 | if (!isset($_GET['wpstgBackupDownloadMd5'])) { |
| 16 | return; |
| 17 | } |
| 18 | |
| 19 | // Early bail: Not enough access to download. |
| 20 | if (!current_user_can((new Capabilities())->manageWPSTG())) { |
| 21 | die('Not enough access.'); |
| 22 | } |
| 23 | |
| 24 | // Early bail: Invalid nonce, request does not come from expected context. |
| 25 | if (!isset($_GET['wpstgBackupDownloadNonce']) || !wp_verify_nonce($_GET['wpstgBackupDownloadNonce'], 'wpstg_download_nonce')) { |
| 26 | die('Invalid nonce.'); |
| 27 | } |
| 28 | |
| 29 | // Early bail: Invalid MD5. |
| 30 | $wpstgMd5 = Sanitize::sanitizeString($_GET['wpstgBackupDownloadMd5']); |
| 31 | if (!isset($_GET['wpstgBackupDownloadMd5']) || !preg_match('/^[a-f0-9]{32}$/', $wpstgMd5)) { |
| 32 | die('Invalid MD5.'); |
| 33 | } |
| 34 | |
| 35 | try { |
| 36 | // Not using DI here since this runs on every request, so it can early bail without building dependencies. |
| 37 | $backup = WPStaging::getInstance()->getContainer()->make(BackupsFinder::class)->findBackupByMd5Hash($wpstgMd5); |
| 38 | } catch (\Exception $e) { |
| 39 | die($e->getMessage()); |
| 40 | } |
| 41 | |
| 42 | // Clean the outbut buffer to avoid issues with the file content |
| 43 | while (ob_get_level() > 0) { |
| 44 | ob_end_clean(); |
| 45 | } |
| 46 | |
| 47 | header('Content-Description: File Transfer'); |
| 48 | header('Content-Type: application/octet-stream'); |
| 49 | header('Content-Disposition: attachment; filename="' . $backup->getBasename() . '"'); |
| 50 | header('Expires: 0'); |
| 51 | header('Cache-Control: must-revalidate'); |
| 52 | header('Pragma: public'); |
| 53 | header('Content-Length: ' . $backup->getSize()); |
| 54 | readfile($backup->getPathname()); |
| 55 | exit; |
| 56 | } |
| 57 | } |
| 58 |