• Christian Roth

    (@christiangoyippi)


    Hi, I just recognized that it is no longer possible to enter a Backup Directory URL beginning with a slash. That means you can only save backups in your WP folder, not longer next to your WP folder or on a different location on your server.

    If I submit “/my/path/to/a/backup/directory” it will be altered into “my/path/to/a/backup/directory”.

    I think the bug is in the function edit_form_post_save in the file inc/class-destination-folder.php.

    All the best
    Christian

Viewing 9 replies - 1 through 9 (of 9 total)
  • nakase89

    (@nakase89)

    僕も4.0.1にバージョンを上げてから同じことが起こっています。

    Thread Starter Christian Roth

    (@christiangoyippi)

    Hi, the problem is the use of the function normalizePath() in line 94 (inc/class-destination-folder.php). The function will explode the path into an array by the slash character. This will create an empty first array value and this empty value will be remove/ignored in line 316.

    Please integrate a check if the path starts with a slash. As I said before, otherwise I can only save backups into the WP folder and not next to the WP folder.

    All the best
    Christian

    Hi, I have the same problem. the log files are ok but the zip files not. The / on the url is delete…

    janwill

    Plugin Support BWU support

    (@duongcuong96)

    Hi @christiangoyippi,

    I have reported the team about that, but i’m not sure if this is a bug since maybe it’s a security step to prevent BWU from accessing folders outside of WordPress installation.

    But will let you know about that after I got response from team.

    Thank you for reporting!

    Thread Starter Christian Roth

    (@christiangoyippi)

    Hi, thanks for your response. It might be a security step but then please make the result filterable, so that there is a possibility to ignore the security step if you want to store the backup next to the WP folder.

    For example inc/class-destination-folder.php, line 325

    return apply_filters('adjust_normalized_path', implode('/', $normalized), $normalized, $path);

    Then I could adjust that result:

    function custom_normalized_path($normalized_path, $normalized, $path) {
        if (str_starts_with($path, '/') && !str_starts_with($normalized_path, '/')) {
            $normalized_path = '/' . $normalized_path;
        }
    
        return $normalized_path;
    }
    add_filter('adjust_normalized_path', 'custom_normalized_path', 10, 3);

    All the best
    Christian

    +1

    p.s. if it’s a security measure then why are logs allowed?

    • This reply was modified 6 months, 3 weeks ago by sokratesagogo.
    Matthias Baier

    (@ma_wordpressorg)

    My question too.
    I have configured some backups like this and fear, they will break to work. But it seems like a new feature. I had only one job failing. The other ones seem unaffected. But I have to check everything.
    Will already created jobs vanish?

    +1

    This circumstance is really unpleasant. I have always backed up outside the WordPress folder to have an additional level of security in case WordPress was attacked. Unfortunately, this is no longer possible.
    Please implement a choice whether it should be possible or not to start the path to the backup folder with / or ../../.

    • This reply was modified 2 months, 2 weeks ago by skonebeke.
    • This reply was modified 2 months, 2 weeks ago by skonebeke.

    As long as this behavior has not been changed, I use a workaround. First I install an old version 3.9, set up the backup path with / or ../../ and then update to the latest version.
    https://github.com/wp-media/backwpup/releases

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.