ugosinhache

If you think I am interested in hacking anyone site you are totally on the wrong way, “Sir”.

My good faith was clearly shown when I promptly fixed another security issue as soon as another user – ShinePHP – kindly reported about it.

Its curious to see how the effort one puts trying to make others life easier can be misunderstood by someone.

About the “myEASYrestore.ini” file
I created the .ini file only to make the restore tool able to edit the wp-config.php file while migrating to a different server (and make users life easier).

The .ini file is promptly removed after the restore process is successfully completed.

I have now fixed this issue (since version 0.1.0) by changing the .ini file name to myEASYrestore_ini.php and adding the following code in the first line:
<?php return; ?>

This way nobody can see its contents anymore.

If anyone thinks that after this modification there is still a security issue just let me know and I will edit the code to make the new ini file optional.

About “notifying the developer who uses the plugin”
Again, there must be something in the code that I have inserted in good faith and that this “Sir” is getting the wrong way.

Simply let me know what part of the code is notifying me and I will promptly remove it.

About your behaviour
You are the one in bad faith not me! Your way to comment my effort (released to everyone for free!) make me think you fall in one of the following categories:

1. you are totally immature
2. you are envious
3. you wrote a similar plugin but nobody wants it

Next time you like to comment anyone else work I warmly suggest you to use a different attitude: if you really think I am trying to hack other’s sites by publishing open source code in this kind of environment it is totally clear that, between us, the idiot is surely not me…

hola,

es un server de desarrollo? el tu sistema personal o es un hosting provider?

creo que non tiene derechos por escribir en el directorio / var / www / vhosts / mylinux.es

puede probar a crear el directorio myeasybackup_data a mano?

cd /var/www/vhosts/mylinux.es
mkdir myeasybackup_data
chmod 0777 myeasybackup_data

despuedes debaria trabajar…

si quere mas info por favor contactame con el form disponible en el sito del plugin: https://myeasywp.com

desculpe por el retardo y por mi espanol ??
hasta luego

Hi,

sorry for the delay and thank you Paramjit for the nice words!

I just updated the restore tool with version 0.0.8 and added some instructions about how to restore.

Let’s suppose your domain is: https://example.com and the server loads its data from the folder /public_html/my-example

In such conditions you can upload the data set to the /public_html/my-site folder.

Here following the full instructions:

1. Use the included upload tool, by clicking on the briefcase with the arrow poiting to the top.
2. Once the data set upload is complete, in your browser navigate to the host where you uploaded the data set, for example:
https://example.com/myEASYrestore.php
3. Choose the .zip file you like to decompress and click on the “Decompress the selected data set” icon – the one showing the briefcase with an arrow pointing to a folder
4. Once the data set is decompressed, scroll the page to end where you will find a section called “MySQL exported data sets” with a list of the included databases, usually one file with the extension .sql
5. Click on the .sql file name to select it.
6. Fill the form – you can change the tables prefix as well as the references to the old host, if needed.
7. Select both the “Remove the MySQL exported file .sql” and “Remove this page” checkboxes to remove the MySQL exported file and the restore tool – note: selected files will be removed only if the tables will successfully updated.
8. Click on the “Publish the MySQL tables on this server” icon – the one representing a small server.

If you need further help please get in touch by email at info [at] myeasywp [dot] com
or use the contact form on the myEASY official site.

best regards

your are right, but I needed to avoid the ‘headers already sent’ issue, so had to directly load the page ??

Hi Zune,

you did nothing wrong! The problem arises as “safe mode” is enabled on your server.

On my development server I have PHP 5.2.10 running in an Linux/Ubuntu environment.

As stated in the php.ini file:

<br />
; Safe Mode<br />
;<br />
; NOTE: this is considered a "broken" security measure.<br />
;       Applications relying on this feature will not recieve full<br />
;       support by the security team.  For more information please<br />
;       see /usr/share/doc/php5-common/README.Debian.security<br />
;<br />
safe_mode = Off<br />

How to turn off safe mode:

1. Email your hosting company
and ask them if they will turn this setting off for you. It depends on their company policies, if they will comply.

2. Connect to your server via SSH and use an editor such as NANO to edit your php.ini file manually. Once you have the php.ini file open, look for “safe_mode” and change the value to off for this setting like shown on the above example.
Save the file and exit.

I hope this information helps, if you need a clue for a more secure hosting provider please write me at info [at] myeasywp [dot] com

BTW safe_mode is deprecated since PHP 5.3.0 and will not be included in PHP 6

should be fixed right now (version 0.0.4)

As far as I can see on the PHP site it does not state it is not supported anymore, at least not for PHP 5.

Anyways, version 0.0.4, uses the Linux command ‘zip’ to compress; on Windows servers you still need ZipArchive.

Thanks

Hi,

the second warning is a consequence of the first.

I decided to use mysqldump to get the better compatibility and speed; to use mysqldump I need to place a system call…

Can you try to ask your hosting provider to enable system()? I guess that even if I use other, similar, PHP commands (like, for example, exec, passthru) the issue will remain.

May I ask you the url of your hosting provider? Just to have a look at their offers and, possibly, suggest a better one.

Thank you

ok, will fix the “C:” issue in the next version.

hmmm, not sure its a good idea.

My feeling is that it should be outside the wordpress directory, at the same level, for two reasons:

• when you backup the wordpress directory you do not download all the previous backups
• leaving myeasybackup_data out the wordpress directory will prevent anyone trying to guess the backup file name trying to download it from a browser

However the myeasybackup_data directory should be created, I guess the apache user does not have enough privileges to do so in your setup.

If you confirm that you can manually create the directory where you better like, I can update the code to let you set an option to save the backup path so that everything should work.

Please let me know by email at info [at] myeasywp [dot] com

best regards

Hi,

going to release version 0.0.3 in the next 15 minutes. Added the following code at the beginning of meb_download.php

<br />
$tmp = explode('://', $_SERVER['HTTP_REFERER']);<br />
$path = explode('/', $tmp[1]);<br />
$referer = $path[0];<br />
if(	($_SERVER['HTTP_HOST'] != $_SERVER['SERVER_NAME'])<br />
		||<br />
	($_SERVER['HTTP_HOST'] != $referer)<br />
		||<br />
	($_SERVER['SERVER_NAME'] != $referer) )<br />
{<br />
	return;<br />
}<br />

that should fix the issue, can you please confirm?

Thanks

Thank you Sir!

Just uploaded an update that, when running the plugin, will show some useful info about how to install the ZipArchive class.

Pending on the donations I may develop an update that will not require the ZipArchive class. However, as not having that class installed may mean that the server configuration is a bit too old, for the moment I like better to concentrate fixing issues and improving this and the other plugins of the myEASY serie.

Please rate my plugins to support me!

Thank you for posting, I hope to be able to make WordPress users life easier!