-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy pathupgrade.php
More file actions
312 lines (265 loc) · 12.4 KB
/
upgrade.php
File metadata and controls
312 lines (265 loc) · 12.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
<?php
use RSSSL\Security\RSSSL_Htaccess_File_Manager;
defined( 'ABSPATH' ) or die();
add_action( 'plugins_loaded', 'rsssl_upgrade', 20 );
function rsssl_upgrade() {
#only run upgrade check if cron, or if admin.
if ( ! rsssl_admin_logged_in() ) {
return;
}
$prev_version = get_option( 'rsssl_current_version', false );
//no version change, skip upgrade.
if ( $prev_version && version_compare( $prev_version, rsssl_version, '==' ) ) {
return;
}
//dismiss notices that should be dismissed on plugin upgrade
if ( $prev_version && version_compare( $prev_version, rsssl_version, '!=' ) ) {
// $dismiss_options = RSSSL()->admin->get_notices_list(
// array(
// 'dismiss_on_upgrade' => true,
// )
// );
$dismiss_options = ['mixed_content_scan']; // Temporary fix for translation issues on plugins_loaded.
foreach ( $dismiss_options as $dismiss_option ) {
if ( !is_string($dismiss_option) ) continue;
update_option( 'rsssl_' . $dismiss_option . '_dismissed', true, false );
}
delete_transient( 'rsssl_plusone_count' );
}
if ( $prev_version && version_compare( $prev_version, '5.1.3', '<=' ) ) {
if ( get_option( 'rsssl_disable_ocsp' ) ) {
$options = get_option( 'rsssl_options_lets-encrypt' );
$options['disable_ocsp'] = true;
update_option( 'rsssl_options_lets-encrypt', $options, false );
delete_option( 'rsssl_disable_ocsp' );
}
}
if ( $prev_version && version_compare( $prev_version, '5.3.0', '<=' ) ) {
$fileManager = RSSSL_Htaccess_File_Manager::get_instance();
if ( $fileManager->validate_htaccess_file_path() ) {
$htaccess =$fileManager->get_htaccess_content();
// Safely match the legacy pattern: rlrssslReallySimpleSSL rsssl_version[...]
$pattern = '/rlrssslReallySimpleSSL\s+rsssl_version\[[^]]+]/';
$replacement = 'Really Simple Security Redirect ' . rsssl_version;
$updated = preg_replace( $pattern, $replacement, $htaccess );
$updated = str_replace( 'rlrssslReallySimpleSSL', 'Really Simple Security Redirect', $updated );
// Only write if the updated content differs from the current content and is not empty.
if ( $updated !== $htaccess && ! empty( trim( $updated ) ) ) {
// Use an exclusive lock when writing to avoid race conditions with other writers.
file_put_contents( $fileManager->htaccess_file_path, $updated, LOCK_EX );
}
}
}
if ( $prev_version && version_compare( $prev_version, '6.0.0', '<' ) ) {
delete_option( 'rsssl_admin_notices' );
update_option( 'rsssl_show_onboarding', true, false );
//upgrade both site and network settings
$options = get_option( 'rlrsssl_options' );
if ( is_multisite() && rsssl_is_networkwide_active() ) {
$new_options = get_site_option( 'rsssl_options', [] );
} else {
$new_options = get_option( 'rsssl_options', [] );
}
$ssl_enabled = isset( $options['ssl_enabled'] ) ? $options['ssl_enabled'] : false;
$new_options['ssl_enabled'] = (bool) $ssl_enabled;
$autoreplace_insecure_links = isset( $options['autoreplace_insecure_links'] ) ? $options['autoreplace_insecure_links'] : true;
$new_options['mixed_content_fixer'] = (bool) $autoreplace_insecure_links;
$wp_redirect = isset( $options['wp_redirect'] ) ? $options['wp_redirect'] : false;
$htaccess_redirect = isset( $options['htaccess_redirect'] ) ? $options['htaccess_redirect'] : false;
$redirect = 'none;';
if ( $htaccess_redirect ) {
$redirect = 'htaccess';
} elseif ( $wp_redirect ) {
$redirect = 'wp_redirect';
}
$new_options['redirect'] = sanitize_title( $redirect );
$do_not_edit_htaccess = isset( $options['do_not_edit_htaccess'] ) ? $options['do_not_edit_htaccess'] : false;
$new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess;
$dismiss_all_notices = isset( $options['dismiss_all_notices'] ) ? $options['dismiss_all_notices'] : false;
$new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices;
$switch_mixed_content_fixer_hook = isset( $options['switch_mixed_content_fixer_hook'] ) ? $options['switch_mixed_content_fixer_hook'] : false;
$new_options['switch_mixed_content_fixer_hook'] = (bool) $switch_mixed_content_fixer_hook;
delete_option( 'rsssl_upgraded_to_four' );
/**
* Multisite
*/
if ( is_multisite() && rsssl_is_networkwide_active() ) {
$network_options = get_site_option( 'rlrsssl_network_options' );
$enabled_network_wide = isset( $network_options['ssl_enabled_networkwide'] ) ? $network_options['ssl_enabled_networkwide'] : false;
if ( $ssl_enabled && $enabled_network_wide ) {
update_site_option( 'rsssl_network_activation_status', 'completed' );
} elseif ( $ssl_enabled ) {
//convert entire site to SSL
RSSSL()->multisite->start_ssl_activation();
}
//ensure this doesn't run again
$network_options['ssl_enabled_networkwide'] = false;
update_site_option( 'rlrsssl_network_options', $network_options );
$dismiss_all_notices = isset( $network_options['dismiss_all_notices'] ) ? $network_options['dismiss_all_notices'] : false;
$new_options['dismiss_all_notices'] = (bool) $dismiss_all_notices;
$wp_redirect = isset( $network_options['wp_redirect'] ) ? $network_options['wp_redirect'] : false;
if ( $wp_redirect ) {
$redirect = 'wp_redirect';
}
$htaccess_redirect = isset( $network_options['htaccess_redirect'] ) ? $network_options['htaccess_redirect'] : false;
if ( $htaccess_redirect ) {
$redirect = 'htaccess';
}
$new_options['redirect'] = sanitize_title( $redirect );
$do_not_edit_htaccess = isset( $network_options['do_not_edit_htaccess'] ) ? $network_options['do_not_edit_htaccess'] : false;
$new_options['do_not_edit_htaccess'] = (bool) $do_not_edit_htaccess;
$autoreplace_mixed_content = isset( $network_options['autoreplace_mixed_content'] ) ? $network_options['autoreplace_mixed_content'] : false;
$new_options['mixed_content_fixer'] = (bool) $autoreplace_mixed_content;
//upgrade lets encrypt options
$le_options = get_option( 'rsssl_options_lets-encrypt' );
$verification_type = get_option( 'rsssl_verification_type' );
if ( $verification_type ) {
$new_options['verification_type'] = strtolower( sanitize_title( $verification_type ) );
}
if ( ! empty( $le_options ) ) {
foreach ( $options as $fieldname => $value ) {
$new_options[ $fieldname ] = sanitize_text_field( $value );
}
}
}
if ( is_multisite() && rsssl_is_networkwide_active() ) {
update_site_option( 'rsssl_options', $new_options );
} else {
update_option( 'rsssl_options', $new_options );
}
update_option( 'rsssl_flush_rewrite_rules', time() );
}
#clean up old rest api optimizer on upgrade
if ( $prev_version && version_compare( $prev_version, '6.0.5', '<' ) ) {
if ( file_exists( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' ) ) {
unlink( trailingslashit( WPMU_PLUGIN_DIR ) . 'rsssl_rest_api_optimizer.php' );
}
}
#clear notices cache for multisite on upgrade, for the subsite notice
if ( version_compare( $prev_version, '6.0.9', '<' ) ) {
if ( is_multisite() ) {
delete_option( 'rsssl_admin_notices' );
}
}
#ensure administrators have the manage_security capability
if ( version_compare( $prev_version, '6.0.10', '<' ) ) {
rsssl_add_manage_security_capability();
}
#move notices transient to option, for better persistence
if ( $prev_version && version_compare( $prev_version, '6.0.13', '<' ) ) {
$notices = get_transient( 'rsssl_admin_notices' );
$plus_ones = get_transient( 'rsssl_plusone_count' );
update_option( 'rsssl_admin_notices', $notices );
update_option( 'rsssl_plusone_count', $plus_ones );
}
if ( $prev_version && version_compare( $prev_version, '6.2.3', '<' ) ) {
//rsssl_update_option( 'send_notifications_email', 1 );
//do not use rsssl_update_option as it will load all fields, causing translation issues on plugins_loaded hook.
$options = get_option('rsssl_options', []);
if ( !is_array($options) ) $options = [];
$options['send_notifications_email'] = 1;
update_option( 'rsssl_options', $options);
}
if ( $prev_version && version_compare( $prev_version, '6.2.4', '<' ) ) {
delete_option( 'rsssl_6_upgrade_completed' );
}
if ( $prev_version && version_compare( $prev_version, '7.1.0', '<' ) ) {
do_action( 'rsssl_update_rules' );
}
// Update the config to auto prepend
if ( $prev_version && version_compare( $prev_version, '8.0', '<' ) ) {
RSSSL_SECURITY()->firewall_manager->update_wp_config_rule();
}
//free
if ( $prev_version && version_compare( $prev_version, '8.1.2', '<' ) ) {
do_action('rsssl_update_rules');
}
if ( $prev_version && version_compare( $prev_version, '8.3.0', '<' ) ) {
wp_clear_scheduled_hook('rsssl_pro_every_hour_hook');
wp_clear_scheduled_hook('rsssl_pro_every_day_hook');
wp_clear_scheduled_hook('rsssl_pro_five_minutes_hook');
wp_clear_scheduled_hook('rsssl_le_every_week_hook');
wp_clear_scheduled_hook('rsssl_le_every_day_hook');
//split rsssl_key in two options so we can upgrade separately
$key = get_option( 'rsssl_key');
$site_key = get_site_option( 'rsssl_key');
if ( $key ) {
update_option( 'rsssl_license_key', $key, false );
}
if ( $site_key ) {
update_site_option( 'rsssl_le_key', $site_key );
}
delete_site_option('rsssl_key');
delete_option('rsssl_key');
update_option('rsssl_upgrade_le_key', true, false);
}
if ( $prev_version && version_compare( $prev_version, '9.0', '<' ) ) {
// Replace Really Simple SSL with Really Simple Security in wp-config.php, .htaccess,
// advanced-headers.php
RSSSL()->admin->update_branding_in_files();
RSSSL()->admin->clear_admin_notices_cache();
}
if ( $prev_version && version_compare( $prev_version, '9.1.1', '<' ) ) {
do_action('rsssl_update_rules');
}
if ( $prev_version && version_compare( $prev_version, '9.1.1.1', '<=' ) ) {
update_option('rsssl_reset_fix', true, false);
}
// Fetch Google crawler IP's when Geo Block is enabled
if ( $prev_version && version_compare( $prev_version, '9.3.6', '<=' ) ) {
if ( class_exists( '\RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block' ) ) {
// Trigger action to update rules
do_action( 'rsssl_update_rules' );
$geo_block = \RSSSL\Pro\Security\WordPress\Rsssl_Geo_Block::get_instance();
$geo_block->fetch_google_crawler_ips();
}
}
// Upgrade .htaccess rules for sites using LiteSpeed cache
if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) {
// Check for LiteSpeed Cache plugin
if ( defined( 'LSCWP_V' ) && LSCWP_V ) {
do_action('rsssl_update_rules');
}
}
// Delete the ajax fallback option as it is no longer used.
if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) {
delete_option('rsssl_ajax_fallback_active');
}
// Upgrade .htaccess rules for sites using LiteSpeed cache
if ( $prev_version && version_compare( $prev_version, '9.4.2.1', '<=' ) ) {
// Check for LiteSpeed Cache plugin
if ( defined( 'LSCWP_V' ) && LSCWP_V ) {
do_action('rsssl_update_rules');
}
}
// Clean up old "No Index" marker and replace with clearer
// "Disable directory indexing" marker
if ( $prev_version && version_compare( $prev_version, '9.5.3.1', '<=' ) ) {
$fileManager = RSSSL_Htaccess_File_Manager::get_instance();
if ( $fileManager->validate_htaccess_file_path() ) {
// Remove the old "No Index" marker if it exists
$fileManager->clear_legacy_rule( 'Really Simple Security No Index' );
// If the disable_indexing option is enabled, the new marker will be
// added automatically when settings are saved or rules are updated
if ( rsssl_get_option( 'disable_indexing', false ) ) {
do_action('rsssl_update_rules');
}
}
}
// Upgrade uploads .htaccess to use IfModule syntax for Apache 2.2/2.4 compatibility.
// Fixes 500 errors on servers without mod_access_compat (Apache 2.4+ default).
if ( $prev_version && version_compare( $prev_version, '9.5.5', '<=' ) ) {
if ( rsssl_get_option( 'block_code_execution_uploads', false ) ) {
rsssl_handle_uploads_htaccess();
}
}
//don't clear on each update.
//RSSSL()->admin->clear_admin_notices_cache();
//delete in future upgrade. We want to check the review notice dismissed as fallback still.
//delete_option( 'rlrsssl_options' );
//delete_site_option( 'rlrsssl_network_options' );
//delete_option( 'rsssl_options_lets-encrypt' );
update_option( 'rsssl_previous_version', $prev_version, false );
do_action( 'rsssl_upgrade', $prev_version );
update_option( 'rsssl_current_version', rsssl_version, false );
}