Skip to content

Commit 371d142

Browse files
PDowneyPDowney
authored
Update
1 parent e58eaa1 commit 371d142

2 files changed

Lines changed: 5 additions & 4 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Simple WP Site Exporter
22

3-
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d81efac1703c4d3b8b998d2587cd696b)](https://app.codacy.com/gh/EngineScript/Simple-WP-Site-Exporter/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)
3+
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/82faf62ae1df432b89df2d6808b756ea)](https://app.codacy.com/gh/EngineScript/Simple-WP-Site-Exporter/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)
44
[![License](https://img.shields.io/badge/License-GPL%20v3-green.svg?logo=gnu)](https://www.gnu.org/licenses/gpl-3.0.html)
55
[![WordPress Compatible](https://img.shields.io/badge/WordPress-6.0%2B-blue.svg?logo=wordpress)](https://wordpress.org/)
66
[![PHP Compatible](https://img.shields.io/badge/PHP-7.4%2B-purple.svg?logo=php)](https://www.php.net/)

simple-wp-site-exporter.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -410,7 +410,8 @@ function sse_export_database( $export_dir ) {
410410
escapeshellarg(ABSPATH) // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.escapeshellarg_escapeshellarg -- Required for shell command security
411411
);
412412

413-
$output = shell_exec($command . ' 2>&1');
413+
$output = shell_exec($command . ' 2>&1'); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec -- Required for WP-CLI database export: all parameters are validated and escaped with escapeshellarg()
414+
414415

415416
if ( ! file_exists( $db_filepath ) || filesize( $db_filepath ) <= 0 ) { // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_exists_file_exists -- Validating WP-CLI export success
416417
$error_message = ! empty($output) ? trim($output) : 'WP-CLI command failed silently.';
@@ -1509,7 +1510,7 @@ function sse_serve_file_download( $fileData ) {
15091510
*/
15101511
function sse_get_safe_wp_cli_path() {
15111512
// First try to get WP-CLI path
1512-
$wp_cli_path = trim( shell_exec( 'which wp 2>/dev/null' ) );
1513+
$wp_cli_path = trim( shell_exec( 'which wp 2>/dev/null' ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec -- Required for WP-CLI path discovery: uses system 'which' command with constant parameters
15131514

15141515
$basic_validation = sse_validate_wp_cli_path($wp_cli_path);
15151516
if (is_wp_error($basic_validation)) {
@@ -1581,7 +1582,7 @@ function sse_validate_wp_cli_security($wp_cli_path) {
15811582
*/
15821583
function sse_verify_wp_cli_binary($wp_cli_path) {
15831584
// Additional security: verify it's actually WP-CLI by running --version
1584-
$version_check = shell_exec( escapeshellarg( $wp_cli_path ) . ' --version 2>/dev/null' );
1585+
$version_check = shell_exec( escapeshellarg( $wp_cli_path ) . ' --version 2>/dev/null' ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec -- Required for WP-CLI binary verification: path is validated and escaped with escapeshellarg()
15851586
if ( empty( $version_check ) || strpos( $version_check, 'WP-CLI' ) === false ) {
15861587
return new WP_Error( 'wp_cli_invalid_binary', __( 'Detected file is not a valid WP-CLI executable.', 'Simple-WP-Site-Exporter' ) );
15871588
}

0 commit comments

Comments
 (0)