PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.8.0
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.8.0
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Backup / BackupDownload.php
wp-staging / Backup Last commit date
Ajax 1 year ago BackgroundProcessing 1 year ago Dto 1 year ago Entity 1 year ago Exceptions 1 year ago Interfaces 2 years ago Job 1 year ago Request 2 years ago Service 1 year ago Storage 2 years ago Task 1 year ago AfterRestore.php 3 years ago BackupDeleter.php 1 year ago BackupDownload.php 2 years ago BackupFileIndex.php 1 year ago BackupHeader.php 2 years ago BackupProcessLock.php 2 years ago BackupRepairer.php 3 years ago BackupRetentionHandler.php 2 years ago BackupScheduler.php 1 year ago BackupServiceProvider.php 2 years ago BackupValidator.php 1 year ago FileHeader.php 1 year ago FileHeaderAttribute.php 2 years ago WithBackupIdentifier.php 1 year ago wpstgBackupHeader.txt 3 years ago
BackupDownload.php
85 lines
1 <?php
2
3 namespace WPStaging\Backup;
4
5 use WPStaging\Core\WPStaging;
6 use WPStaging\Framework\Facades\Sanitize;
7 use WPStaging\Framework\Security\Capabilities;
8 use WPStaging\Backup\Service\BackupsFinder;
9 use WPStaging\Framework\Adapter\Directory;
10
11 class BackupDownload
12 {
13 /**
14 * @todo seems to be unused. Can we delete it?
15 * @return void
16 */
17 public function listenDownload()
18 {
19 // Early bail: Not a download request.
20 if (!isset($_GET['wpstgBackupDownloadMd5'])) {
21 return;
22 }
23
24 // Early bail: Not enough access to download.
25 if (!current_user_can((new Capabilities())->manageWPSTG())) {
26 die('Not enough access.');
27 }
28
29 // Early bail: Invalid nonce, request does not come from expected context.
30 if (!isset($_GET['wpstgBackupDownloadNonce']) || !wp_verify_nonce($_GET['wpstgBackupDownloadNonce'], 'wpstg_download_nonce')) {
31 die('Invalid nonce.');
32 }
33
34 // Early bail: Invalid MD5.
35 $wpstgMd5 = Sanitize::sanitizeString($_GET['wpstgBackupDownloadMd5']);
36 if (!isset($_GET['wpstgBackupDownloadMd5']) || !preg_match('/^[a-f0-9]{32}$/', $wpstgMd5)) {
37 die('Invalid MD5.');
38 }
39
40 try {
41 // Not using DI here since this runs on every request, so it can early bail without building dependencies.
42 $backup = WPStaging::getInstance()->getContainer()->make(BackupsFinder::class)->findBackupByMd5Hash($wpstgMd5);
43 } catch (\Exception $e) {
44 die($e->getMessage());
45 }
46
47 // Clean the outbut buffer to avoid issues with the file content
48 while (ob_get_level() > 0) {
49 ob_end_clean();
50 }
51
52 header('Content-Description: File Transfer');
53 header('Content-Type: application/octet-stream');
54 header('Content-Disposition: attachment; filename="' . $backup->getBasename() . '"');
55 header('Expires: 0');
56 header('Cache-Control: must-revalidate');
57 header('Pragma: public');
58 header('Content-Length: ' . $backup->getSize());
59 readfile($backup->getPathname());
60 exit;
61 }
62
63 /**
64 * @return void
65 */
66 public function deleteUnfinishedDownloads()
67 {
68 $dir = WPStaging::make(Directory::class)->getDownloadsDirectory();
69 if (!is_dir($dir)) {
70 return;
71 }
72
73 $extension = ".wpstg"; // Extension of the file created when download starts.
74 if ($dh = opendir($dir)) {
75 while (($file = readdir($dh)) !== false) {
76 if (strpos($file, $extension) !== false) {
77 unlink($dir . '/' . $file);
78 }
79 }
80
81 closedir($dh);
82 }
83 }
84 }
85