Merge pull request #582 from BoldGrid/branch-1.15.9

jamesros161 · web-flow · commit 8481f5c814c4 · 2024-01-22T12:35:41.000-05:00
Branch 1.15.9
diff --git a/boldgrid-backup.php b/boldgrid-backup.php
@@ -16,7 +16,7 @@
  *          Plugin Name: Total Upkeep
  *          Plugin URI: https://www.boldgrid.com/boldgrid-backup/
  *          Description: Automated backups, remote backup to Amazon S3 and Google Drive, stop website crashes before they happen and more. Total Upkeep is the backup solution you need.
- *          Version: 1.15.8
+ *          Version: 1.15.9
  *          Author: BoldGrid
  *          Author URI: https://www.boldgrid.com/
  *          License: GPL-2.0+
diff --git a/cli/bgbkup-cli.php b/cli/bgbkup-cli.php
@@ -32,6 +32,17 @@
 	exit( 1 );
 }
 
+/*
+ * We need to ensure that this is only run from the command-line.
+ * Some environments use different SAPI names for CLI, such as 'cli'
+ * or 'cli-server'. Therefore we check for the first three characters.
+ */
+$sapi_type = php_sapi_name();
+
+if ( is_string( $sapi_type ) && 'cli' !== substr( $sapi_type, 0, 3 ) ) {
+	throw new \Exception( 'This script must be run from the command line.' );
+}
+
 require __DIR__ . '/class-info.php';
 require __DIR__ . '/class-site-check.php';
 require __DIR__ . '/class-log.php';
diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Tags: backup, cloud backup, database backup, restore, wordpress backup
 Requires at least: 4.4
 Tested up to: 6.4
 Requires PHP: 5.4
-Stable tag: 1.15.8
+Stable tag: 1.15.9
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -132,6 +132,9 @@ Have a problem? First, take a look at our [Getting Started](https://www.boldgrid
 
 == Changelog ==
 
+= 1.15.9 =
+* Bug Fix: Fixed security issue with bgbkup-cli being executable from the web, when it should only be executable via cli.
+
 = 1.15.8 =
 
 Release date: January 9, 2024
