Merge pull request #109 from deliciousbrains/release-1.4.6

Release 1.4.6

.gitignore

@@ -14,6 +14,7 @@ $RECYCLE.BIN/
 .project
 .metadata
 build/
+builds/
 tmp/
 tests/clover.xml
 

Makefile

@@ -0,0 +1,16 @@
+build-translations:
+ grunt makepot
+
+build-css:
+ grunt cssmin
+
+uglify:
+ grunt uglify
+
+zip:
+ ./build-cfg/build-plugin.sh
+
+package: build-translations build-css uglify zip
+
+publish: build-translations build-css uglify
+ ./build-cfg/build-plugin.sh better-search-replace --publish

README.md

@@ -57,6 +57,10 @@ Upload Method:
 
 ## Changelog ##
 
+### 1.4.6 - April 17, 2024 ###
+* Changed: Serialized text strings are now only deserialized when containing a match, resulting in faster performance
+* Security: Table names are now escaped when displaying search results
+
 ### 1.4.5 - January 18, 2024 ###
 * Security: Unserializing an object during search and replace operations now passes `'allowed_classes' => false` to avoid instantiating the object and potentially running malicious code stored in the database (thanks to Wordfence for responsible disclosure on December 18, 2023 followed by development and testing of the fix by WP Engine)
 * Fix: A regression in version 1.4.4 which caused some search results to be skipped has been fixed to ensure only numeric keyed objects are skipped

README.txt

@@ -95,6 +95,10 @@ More information on moving WordPress can be found [here](http://codex.wordpress.
 
 == Changelog ==
 
+= 1.4.6 - April 17, 2024 =
+* Changed: Serialized text strings are now only deserialized when containing a match, resulting in faster performance
+* Security: Table names are now escaped when displaying search results
+
 = 1.4.5 - January 18, 2024 =
 * Security: Unserializing an object during search and replace operations now passes `'allowed_classes' => false` to avoid instantiating the object and potentially running malicious code stored in the database (thanks to Wordfence for responsible disclosure on December 18, 2023 followed by development and testing of the fix by WP Engine)
 * Fix: A regression in version 1.4.4 which caused some search results to be skipped has been fixed to ensure only numeric keyed objects are skipped

better-search-replace.php

@@ -13,7 +13,7 @@
  * Plugin Name: Better Search Replace
  * Plugin URI: https://bettersearchreplace.com
  * Description: A small plugin for running a search/replace on your WordPress database.
- * Version: 1.4.5
+ * Version: 1.4.6
  * Author: WP Engine
  * Author URI: https://bettersearchreplace.com
  * License: GPL-3.0
@@ -67,7 +67,7 @@ function run_better_search_replace()
  define('BSR_URL', plugin_dir_url(BSR_FILE));
 
  // Defines the current version of the plugin.
- define('BSR_VERSION', '1.4.5');
+ define('BSR_VERSION', '1.4.6');
 
  // Defines the name of the plugin.
  define('BSR_NAME', 'Better Search Replace');

build-cfg/better-search-replace/config.php

@@ -0,0 +1,8 @@
+<?php
+$root_dir = dirname( $parent_dir );
+$src_dir = $root_dir;
+$tmp_dir = $root_dir . '/builds';
+$zip_dir = $tmp_dir;
+$zip_name = 'better-search-replace';
+$main_plugin_file = $src_dir . '/better-search-replace.php';
+$plugin_slug = 'better-search-replace';

build-cfg/better-search-replace/filter

@@ -0,0 +1,11 @@
+- build-cfg
+- builds
+- .gitignore
+- .scruitinizer.yml
+- Gruntfile.js
+- package.json
+- package-lock.json
+- yarn.lock
+- Makefile
+- node_modules
+- CONTRIBUTING.md

build-cfg/better-search-replace/filter.php

@@ -0,0 +1,4 @@
+<?php
+chdir( $root_dir );
+system( 'make' );
+chdir( $src_dir );

build-cfg/better-search-replace/pre-zip.php

@@ -0,0 +1,28 @@
+<?php
+
+if ( ! $publish ) {
+ return;
+}
+
+echo 'Publish to WP.org? (Y/n) ';
+if ( 'Y' == strtoupper( trim( fgets( STDIN ) ) ) ) {
+ system( 'rm -fR svn' ); // Cleanup before checkout to prevent errors
+ system( 'svn co -q http://svn.wp-plugins.org/better-search-replace svn' );
+ system( 'rm -R svn/trunk' );
+ system( 'mkdir svn/trunk' );
+ system( 'mkdir svn/tags/$version' );
+ system( "rsync -r $plugin_slug/* svn/trunk/" );
+ system( "rsync -r $plugin_slug/* svn/tags/$version" );
+ system( 'svn stat svn/ | grep \'^\?\' | awk \'{print $2}\' | xargs -I x svn add x@' );
+ system( 'svn stat svn/ | grep \'^\!\' | awk \'{print $2}\' | xargs -I x svn rm --force x@' );
+ system( 'svn stat svn/' );
+
+ echo 'Commit to WP.org? (Y/n)? ';
+ if ( 'Y' == strtoupper( trim( fgets( STDIN ) ) ) ) {
+ system( "svn ci --username deliciousbrains svn/ -m 'Deploy version $version'" );
+ }
+
+ system( 'rm -fR svn' ); // All done
+}
+
+

build-cfg/better-search-replace/version-check.php

@@ -0,0 +1,7 @@
+<?php
+$version_checks = array(
+ "better-search-replace.php" => array(
+ '@Version:\s+(.*)\n@' => 'header',
+ "/define\(\s*'BSR_VERSION',\s*'([^']+)'\s*\);/" => 'constant',
+ ),
+);

build-cfg/build-plugin.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+function usage() {
+ echo "Usage: $0 [ slug1 slug2 ... ]"
+ exit 1
+}
+
+SCRIPT_ARGS="$@"
+PROJECT_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
+PLUGIN_SRC_PATH="$PROJECT_ROOT"
+PLUGIN_BUILDS_PATH="$PROJECT_ROOT/builds"
+PLUGIN_BUILD_CONFIG_PATH="$PROJECT_ROOT/build-cfg"
+PUBLISH=""
+if [[ $* == *--publish* ]]
+then
+ PUBLISH="-p"
+fi
+
+function echog() {
+ echo "$(tput setaf 2)$1$(tput sgr 0)"
+}
+function echor() {
+ echo "$(tput setaf 1)$1$(tput sgr 0)"
+}
+
+function build_plugin() {
+ PLUGIN_DIR="$PLUGIN_BUILD_CONFIG_PATH/$PLUGIN"
+
+ if [[ -d "$PLUGIN_DIR" && ! -L "$PLUGIN_DIR" ]]; then
+ if [ "utils" != "$PLUGIN" ] && [ "common" != "$PLUGIN" ];
+ then
+ VERSION=$(php -f "$PLUGIN_BUILD_CONFIG_PATH/utils/get_plugin_version.php" "$PROJECT_ROOT" $PLUGIN)
+ ZIP_NAME=$(php -f "$PLUGIN_BUILD_CONFIG_PATH/utils/get_plugin_zip_name.php" "$PROJECT_ROOT" $PLUGIN)
+ BUILD_ZIP="$PLUGIN_BUILDS_PATH/$ZIP_NAME-$VERSION.zip";
+
+ if [ -f "$BUILD_ZIP" ]
+ then
+ rm "$BUILD_ZIP"
+ fi
+
+ echog "Building $PLUGIN v$VERSION..."
+ cd "$PLUGIN_BUILD_CONFIG_PATH/$PLUGIN/"
+ "$PLUGIN_BUILDS_PATH/plugin-build" "$VERSION" "$PUBLISH"
+ echog "Plugin built: $BUILD_ZIP"
+ echo "--------------------------"
+ fi
+ else
+ usage
+ fi
+}
+
+cd "$PROJECT_ROOT";
+
+if [[ $SCRIPT_ARGS == *--pro-version* ]]
+then
+ echo $(php -f "$PLUGIN_BUILD_CONFIG_PATH/utils/get_plugin_version.php" "$PROJECT_ROOT" wp-offload-ses)
+ exit;
+fi
+
+if [ -z "${SCRIPT_ARGS}" ]
+then
+ echog "Clearing previously built plugins..."
+ rm -rf "$PLUGIN_BUILDS_PATH"
+fi
+
+if [ ! -d "$PLUGIN_BUILDS_PATH" ]
+then
+ mkdir -p "$PLUGIN_BUILDS_PATH"
+fi
+
+if [ ! -f "$PLUGIN_BUILDS_PATH/plugin-build" -o ! -x "$PLUGIN_BUILDS_PATH/plugin-build" ]
+then
+ echog "Downloading plugin-build script..."
+ curl -sSL https://raw.githubusercontent.com/deliciousbrains/wp-plugin-build/582fdeb3f6d19ae0b1f2bd0da9b48f45c131ac34/plugin-build -o "$PLUGIN_BUILDS_PATH/plugin-build"
+ chmod +x "$PLUGIN_BUILDS_PATH/plugin-build"
+fi
+
+echog "Building plugins..."
+if [ -z "${SCRIPT_ARGS}" ]
+then
+ for PLUGIN_DIR in "$PLUGIN_BUILD_CONFIG_PATH"/*/
+ do
+ PLUGIN=$(basename "$PLUGIN_DIR");
+
+ build_plugin
+ done
+else
+ for PLUGIN in ${SCRIPT_ARGS}
+ do
+ build_plugin
+ done
+fi

build-cfg/utils/get_plugin_version.php

@@ -0,0 +1,47 @@
+<?php
+echo get_version( $argv[1], $argv[2] );
+
+function get_version( $project_dir, $plugin_slug ) {
+ $project_dir = trim( $project_dir );
+ $parent_dir = $project_dir . '/build-cfg/';
+ $config = $project_dir . '/build-cfg/' . $plugin_slug . '/config.php';
+ include $config;
+ $version_check_hook = $project_dir . '/build-cfg/' . $plugin_slug . '/version-check.php';
+
+ if ( file_exists( $version_check_hook ) ) {
+ include $version_check_hook;
+
+ //$messages = '';
+
+ foreach ( $version_checks as $file => $regexes ) {
+ $file = "$src_dir/$file";
+
+ if ( ! file_exists( $file ) ) {
+ $messages .= "Whoa! Couldn't find $file\n";
+ continue;
+ }
+
+ $file_content = file_get_contents( $file );
+
+ if ( ! $file_content ) {
+ $messages .= "Whoa! Could not read contents of $file\n";
+ continue;
+ }
+
+ foreach ( $regexes as $regex => $context ) {
+ if ( ! preg_match( $regex, $file_content, $matches ) ) {
+ $messages .= "Whoa! Couldn't find $context version number in $file\n";
+ continue;
+ }
+
+ if ( isset( $matches[1] ) ) {
+ return $matches[1];
+ }
+ }
+ }
+ }
+
+ echo $messages;
+
+ return false;
+}

build-cfg/utils/get_plugin_zip_name.php

@@ -0,0 +1,19 @@
+<?php
+echo get_zip_name( $argv[1], $argv[2] );
+
+function get_zip_name( $project_dir, $plugin ) {
+ $project_dir = trim( $project_dir );
+ $parent_dir = $project_dir . '/build-cfg/';
+ $config = $project_dir . '/build-cfg/' . $plugin . '/config.php';
+ $zip_name = false;
+ include $config;
+ if ( ! file_exists( $config ) ) {
+ return $plugin;
+ }
+
+ if ( ! $zip_name ) {
+ $zip_name = $plugin;
+ }
+
+ return $zip_name;
+}

includes/class-bsr-admin.php

@@ -218,7 +218,7 @@ public function load_details() {
  $time = $report['end'] - $report['start'];
 
  if ( $report['change'] != 0 ) {
- $report['change'] = '<a class="tooltip">' . $report['change'] . '</a>';
+ $report['change'] = '<a class="tooltip">' . esc_html( $report['change'] ). '</a>';
 
  $upgrade_link = sprintf(
  __( '<a href="%s" target="_blank">UPGRADE</a> to view details on the exact changes that will be made.', 'better-search-replace'),
@@ -229,10 +229,10 @@ public function load_details() {
  }
 
  if ( $report['updates'] != 0 ) {
- $report['updates'] = '<strong>' . $report['updates'] . '</strong>';
+ $report['updates'] = '<strong>' . esc_html( $report['updates'] ) . '</strong>';
  }
 
- echo '<tr><td class="bsr-first">' . $table_name . '</td><td class="bsr-second">' . $report['change'] . '</td><td class="bsr-third">' . $report['updates'] . '</td><td class="bsr-fourth">' . round( $time, 3 ) . __( ' seconds', 'better-search-replace' ) . '</td></tr>';
+ echo '<tr><td class="bsr-first">' . esc_html( $table_name ) . '</td><td class="bsr-second">' . $report['change'] . '</td><td class="bsr-third">' . $report['updates'] . '</td><td class="bsr-fourth">' . round( $time, 3 ) . __( ' seconds', 'better-search-replace' ) . '</td></tr>';
  }
  ?>
  </tbody>

includes/class-bsr-db.php

@@ -330,6 +330,11 @@ public function srdb( $table, $page, $args ) {
  */
  public function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false, $case_insensitive = false ) {
  try {
+ // If search string doesn't exist in data, do an early return.
+ if ( is_string( $data ) && false === strpos( $data, $from ) ) {
+ return $data;
+ }
+
  if ( is_string( $data ) && ! is_serialized_string( $data ) && ( $unserialized = $this->unserialize( $data ) ) !== false ) {
  $data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true, $case_insensitive );
  }

languages/better-search-replace.pot

@@ -2,10 +2,10 @@
 # This file is distributed under the GPL-3.0.
 msgid ""
 msgstr ""
-"Project-Id-Version: Better Search Replace 1.4.5\n"
+"Project-Id-Version: Better Search Replace 1.4.6\n"
 "Report-Msgid-Bugs-To: "
 "http://wordpress.org/support/plugin/better-search-replace\n"
-"POT-Creation-Date: 2024-01-18 18:42:09+00:00\n"
+"POT-Creation-Date: 2024-04-16 13:49:24+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"