-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplugin.php
115 lines (102 loc) · 3.39 KB
/
plugin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
/*
Plugin Name: SpVgg Bayreuth Auto Update
Plugin URI: https://github.com/NLZ-SpVgg-Bayreuth/wordpress-plugin-auto-update
Description: This plugin allows you to update your private plugins from git repositories hosted on GitHub / GitLab / Gitea.
Version: 1.0
Author: Paul Schur
Author URI: https://github.com/pschur
License: GPL2
*/
if (isset($_GET['spvgg-auto-update']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
$packages = require __DIR__.'/config.php';
// Check package
if (!isset($packages[$_GET['spvgg-auto-update']])) {
http_response_code(404);
die('Not Found');
}
# Check key
if (!isset($_SERVER['X-Code']) || !password_verify($_SERVER['X-Code'], $packages[$_GET['spvgg-auto-update']]['code'])) {
http_response_code(403);
die('Forbidden');
}
# Check file
if (!isset($_FILES['file'])) {
http_response_code(400);
die('Bad Request');
}
# Check file extension
$file = $_FILES['file'];
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if ($ext !== 'zip') {
http_response_code(400);
die('Bad Request');
}
# Check file type
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
if ($mime !== 'application/zip') {
http_response_code(400);
die('Bad Request');
}
# Copy file in work directory
$path = $packages[$_GET['spvgg-auto-update']]['path'];
$filename = $path.'/'.uniqid().'.'.$ext;
if (!move_uploaded_file($file['tmp_name'], $filename)) {
http_response_code(500);
die('Internal Server Error');
}
# Unzip file
$zip = new ZipArchive;
if ($zip->open($filename) === TRUE) {
$zip->extractTo($path);
$zip->close();
} else {
http_response_code(500);
die('Internal Server Error');
}
# Remove zip file
unlink($filename);
# Make Backup of current plugin
$backup = $path.'/backup-'.uniqid().'.zip';
$zip = new ZipArchive;
if ($zip->open($backup, ZipArchive::CREATE) === TRUE) {
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
foreach ($files as $file) {
if ($file->isDir()) {
$zip->addEmptyDir(str_replace($path.'/', '', $file.'/'));
} else {
$zip->addFile($file, str_replace($path.'/', '', $file));
}
}
$zip->close();
} else {
http_response_code(500);
die('Internal Server Error');
}
try {
# Copy new files to plugin directory & replace old files
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
foreach ($files as $file) {
if ($file->isFile()) {
$new = str_replace($path.'/', '', $file);
$old = $path.'/'.$new;
if (file_exists($old)) {
unlink($old);
}
copy($file, $old);
}
}
# Remove backup files
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
foreach ($files as $file) {
if ($file->isFile() && preg_match('/backup-[a-z0-9]+\.zip/', $file)) {
unlink($file);
}
}
} catch (\Throwable $th) {
http_response_code(500);
die('Internal Server Error');
}
}