Skip to content

Commit 42ac6af

Browse files
PDowneyPDowney
authored
Updates
1 parent 71d5878 commit 42ac6af

1 file changed

Lines changed: 64 additions & 64 deletions

File tree

simple-wp-site-exporter.php

Lines changed: 64 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -1029,31 +1029,31 @@ function sse_check_path_within_base( $real_file_path, $real_base_dir ) {
10291029
$real_file_path = rtrim( $real_file_path, '/' ) . '/';
10301030

10311031
$is_within_base = strpos( $real_file_path, $real_base_dir ) === 0;
1032-
1032+
10331033
if ( ! $is_within_base ) {
1034-
sse_log('Path validation failed - path outside base directory. File: ' . $real_file_path . ', Base: ' . $real_base_dir, 'warning');
1034+
sse_log( 'Path validation failed - path outside base directory. File: ' . $real_file_path . ', Base: ' . $real_base_dir, 'warning' );
10351035
}
1036-
1036+
10371037
return $is_within_base;
10381038
}
10391039

10401040
/**
1041-
* Validate that a file path is within the allowed directory
1041+
* Validate that a file path is within the allowed directory.
10421042
*
1043-
* @param string $file_path The file path to validate
1044-
* @param string $base_dir The base directory that the file should be within
1045-
* @return bool True if the file path is safe, false otherwise
1043+
* @param string $file_path The file path to validate.
1044+
* @param string $base_dir The base directory that the file should be within.
1045+
* @return bool True if the file path is safe, false otherwise.
10461046
*/
1047-
function sse_validate_filepath($file_path, $base_dir) {
1047+
function sse_validate_filepath( $file_path, $base_dir ) {
10481048
// Sanitize and normalize paths to handle different separators and resolve . and ..
10491049
$normalized_file_path = wp_normalize_path( wp_unslash( $file_path ) );
1050-
$normalized_base_dir = wp_normalize_path( $base_dir );
1051-
1052-
// Check for directory traversal attempts
1050+
$normalized_base_dir = wp_normalize_path( $base_dir );
1051+
1052+
// Check for directory traversal attempts.
10531053
if ( ! sse_check_path_traversal( $normalized_file_path ) ) {
10541054
return false;
10551055
}
1056-
1056+
10571057
// Resolve real paths to prevent directory traversal.
10581058
$real_file_path = sse_resolve_file_path( $normalized_file_path );
10591059
$real_base_dir = realpath( $normalized_base_dir );
@@ -1074,24 +1074,24 @@ function sse_validate_filepath($file_path, $base_dir) {
10741074
* @param string $filename The filename to validate.
10751075
* @return array|WP_Error Result array with file data or WP_Error on failure.
10761076
*/
1077-
function sse_validate_export_file_for_download($filename) {
1078-
$basic_validation = sse_validate_basic_export_file($filename);
1079-
if (is_wp_error($basic_validation)) {
1077+
function sse_validate_export_file_for_download( $filename ) {
1078+
$basic_validation = sse_validate_basic_export_file( $filename );
1079+
if ( is_wp_error( $basic_validation ) ) {
10801080
return $basic_validation;
10811081
}
10821082

10831083
global $wp_filesystem;
10841084
$file_path = $basic_validation['filepath'];
10851085

1086-
// Check if file is readable
1086+
// Check if file is readable.
10871087
if ( ! $wp_filesystem->is_readable( $file_path ) ) {
1088-
return new WP_Error('file_not_readable', esc_html__('Export file not readable.', 'simple-wp-site-exporter'));
1088+
return new WP_Error( 'file_not_readable', esc_html__( 'Export file not readable.', 'simple-wp-site-exporter' ) );
10891089
}
1090-
1091-
// Get file size using WP Filesystem
1092-
$file_size = $wp_filesystem->size($file_path);
1090+
1091+
// Get file size using WP Filesystem.
1092+
$file_size = $wp_filesystem->size( $file_path );
10931093
if ( ! $file_size ) {
1094-
return new WP_Error('file_size_error', esc_html__('Could not determine file size.', 'simple-wp-site-exporter'));
1094+
return new WP_Error( 'file_size_error', esc_html__( 'Could not determine file size.', 'simple-wp-site-exporter' ) );
10951095
}
10961096

10971097
$basic_validation['filesize'] = $file_size;
@@ -1104,8 +1104,8 @@ function sse_validate_export_file_for_download($filename) {
11041104
* @param string $filename The filename to validate.
11051105
* @return array|WP_Error Result array with file data or WP_Error on failure.
11061106
*/
1107-
function sse_validate_export_file_for_deletion($filename) {
1108-
return sse_validate_basic_export_file($filename);
1107+
function sse_validate_export_file_for_deletion( $filename ) {
1108+
return sse_validate_basic_export_file( $filename );
11091109
}
11101110

11111111
/**
@@ -1114,27 +1114,27 @@ function sse_validate_export_file_for_deletion($filename) {
11141114
* @param string $filename The filename to validate.
11151115
* @return array|WP_Error Result array with file data or WP_Error on failure.
11161116
*/
1117-
function sse_validate_basic_export_file($filename) {
1118-
$basic_checks = sse_validate_filename_format($filename);
1119-
if (is_wp_error($basic_checks)) {
1117+
function sse_validate_basic_export_file( $filename ) {
1118+
$basic_checks = sse_validate_filename_format( $filename );
1119+
if ( is_wp_error( $basic_checks ) ) {
11201120
return $basic_checks;
11211121
}
1122-
1123-
$path_validation = sse_validate_export_file_path($filename);
1124-
if (is_wp_error($path_validation)) {
1122+
1123+
$path_validation = sse_validate_export_file_path( $filename );
1124+
if ( is_wp_error( $path_validation ) ) {
11251125
return $path_validation;
11261126
}
1127-
1128-
$existence_check = sse_validate_file_existence($path_validation['filepath']);
1129-
if (is_wp_error($existence_check)) {
1127+
1128+
$existence_check = sse_validate_file_existence( $path_validation['filepath'] );
1129+
if ( is_wp_error( $existence_check ) ) {
11301130
return $existence_check;
11311131
}
1132-
1132+
11331133
$referer_check = sse_validate_request_referer();
1134-
if (is_wp_error($referer_check)) {
1134+
if ( is_wp_error( $referer_check ) ) {
11351135
return $referer_check;
11361136
}
1137-
1137+
11381138
return $path_validation;
11391139
}
11401140

@@ -1158,7 +1158,7 @@ function sse_validate_filename_format( $filename ) {
11581158
if ( ! preg_match( '/^site_export_sse_[a-f0-9]{7}_[a-zA-Z0-9_-]+_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}\.zip$/', $filename ) ) {
11591159
return new WP_Error( 'invalid_format', esc_html__( 'Invalid export file format.', 'simple-wp-site-exporter' ) );
11601160
}
1161-
1161+
11621162
return true;
11631163
}
11641164

@@ -1168,17 +1168,17 @@ function sse_validate_filename_format( $filename ) {
11681168
* @param string $filename The filename to validate.
11691169
* @return array|WP_Error Result array with file data or WP_Error on failure.
11701170
*/
1171-
function sse_validate_export_file_path($filename) {
1172-
// Get the full path to the file
1171+
function sse_validate_export_file_path( $filename ) {
1172+
// Get the full path to the file.
11731173
$upload_dir = wp_upload_dir();
11741174
$export_dir = trailingslashit( $upload_dir['basedir'] ) . 'simple-wp-site-exporter-exports';
1175-
$file_path = trailingslashit( $export_dir ) . $filename;
1176-
1177-
// Validate the file path is within our export directory
1175+
$file_path = trailingslashit( $export_dir ) . $filename;
1176+
1177+
// Validate the file path is within our export directory.
11781178
if ( ! sse_validate_filepath( $file_path, $export_dir ) ) {
1179-
return new WP_Error('invalid_path', esc_html__('Invalid file path.', 'simple-wp-site-exporter'));
1179+
return new WP_Error( 'invalid_path', esc_html__( 'Invalid file path.', 'simple-wp-site-exporter' ) );
11801180
}
1181-
1181+
11821182
return array(
11831183
'filepath' => $file_path,
11841184
'filename' => basename( $file_path ),
@@ -1207,7 +1207,7 @@ function sse_validate_file_existence( $file_path ) {
12071207
if ( ! $wp_filesystem->exists( $file_path ) ) {
12081208
return new WP_Error( 'file_not_found', esc_html__( 'Export file not found.', 'simple-wp-site-exporter' ) );
12091209
}
1210-
1210+
12111211
return true;
12121212
}
12131213

@@ -1217,33 +1217,33 @@ function sse_validate_file_existence( $file_path ) {
12171217
* @return true|WP_Error True on success, WP_Error on failure.
12181218
*/
12191219
function sse_validate_request_referer() {
1220-
// Add referer check for request validation
1220+
// Add referer check for request validation.
12211221
$referer = wp_get_referer();
12221222
if ( ! $referer || strpos( $referer, admin_url() ) !== 0 ) {
1223-
return new WP_Error('invalid_request_source', esc_html__('Invalid request source.', 'simple-wp-site-exporter'));
1223+
return new WP_Error( 'invalid_request_source', esc_html__( 'Invalid request source.', 'simple-wp-site-exporter' ) );
12241224
}
1225-
1225+
12261226
return true;
12271227
}
12281228

12291229
/**
1230-
* Validate export download request parameters
1230+
* Validate export download request parameters.
12311231
*
1232-
* @param string $filename The filename to validate
1233-
* @return array|WP_Error Result array with file path and size or WP_Error on failure
1232+
* @param string $filename The filename to validate.
1233+
* @return array|WP_Error Result array with file path and size or WP_Error on failure.
12341234
*/
1235-
function sse_validate_download_request($filename) {
1236-
return sse_validate_export_file_for_download($filename);
1235+
function sse_validate_download_request( $filename ) {
1236+
return sse_validate_export_file_for_download( $filename );
12371237
}
12381238

12391239
/**
1240-
* Validate file deletion request
1240+
* Validate file deletion request.
12411241
*
1242-
* @param string $filename The filename to validate
1243-
* @return array|WP_Error Result array with file path or WP_Error on failure
1242+
* @param string $filename The filename to validate.
1243+
* @return array|WP_Error Result array with file path or WP_Error on failure.
12441244
*/
1245-
function sse_validate_file_deletion($filename) {
1246-
return sse_validate_export_file_for_deletion($filename);
1245+
function sse_validate_file_deletion( $filename ) {
1246+
return sse_validate_export_file_for_deletion( $filename );
12471247
}
12481248

12491249
// --- Secure Download Handler ---
@@ -1354,17 +1354,17 @@ function () {
13541354
* @return bool True if request is within rate limits, false otherwise.
13551355
*/
13561356
function sse_check_download_rate_limit() {
1357-
$user_id = get_current_user_id();
1357+
$user_id = get_current_user_id();
13581358
$rate_limit_key = 'sse_download_rate_limit_' . $user_id;
1359-
$current_time = time();
1360-
1359+
$current_time = time();
1360+
13611361
$last_download = get_transient( $rate_limit_key );
1362-
1363-
// Allow one download per minute per user
1362+
1363+
// Allow one download per minute per user.
13641364
if ( false !== $last_download && is_numeric( $last_download ) && ( $current_time - $last_download ) < 60 ) {
13651365
return false;
13661366
}
1367-
1367+
13681368
set_transient( $rate_limit_key, $current_time, 60 );
13691369
return true;
13701370
}
@@ -1477,7 +1477,7 @@ function sse_set_download_headers( $filename, $filesize ) {
14771477
* @param string $filepath The file path to validate.
14781478
* @return bool True if file passes security checks, false otherwise.
14791479
*/
1480-
function sse_validate_file_output_security($filepath) {
1480+
function sse_validate_file_output_security( $filepath ) {
14811481
// Security: Final validation before file output to prevent SSRF
14821482
$allowed_extensions = array( 'zip', 'sql' );
14831483
$file_extension = strtolower( pathinfo( $filepath, PATHINFO_EXTENSION ) );

0 commit comments

Comments
 (0)