= 2.23.4.26 - 16/May/2023 =
* SECURITY: Fixed a missing nonce combined with a URL sanitisation failure, which could lead to a targetted XSS opportunity (if an attacker persuades a logged-in administrator to both re-authorise their connection to a remote storage (e.g. Dropbox) and then to follow a link personally crafted for their site before re-authorising whilst logged in, he can then store a fixed JavaScript payload in the WP admin area (they would need a further route to use that ability to cause any damage). Because of the need for the administrator to co-operate in multiple steps, this attack is very unlikely (but you should of course still update).
* FIX: DigitalOcean S3-compatible storage does not work with disabled SSL entirely where possible settings.
* FIX: If there was an error or network connectivity issue on first attempt of uploading a plugin/theme file, then the second attempt of uploading the same file would make the file become corrupted thus resulting in installation failure.
* COMPATIBILITY: Suppress htmlspecialchars deprecation warnings on PHP 8.1
* COMPATIBILITY: Suppress some PHP 8.2 deprecation notices from use of ${} style variables, and others from use of dynamic properties
* TWEAK: Handle web hosting company setup that disabled pclose() but not popen()
* TWEAK: All HTTP requests to the Google Drive API now, by default, forces to use HTTP/1.1 version. Also, a constant named UPDRAFTPLUS_GDRIVE_CURL_HTTP_VERSION can be set in the wp-config.php file to change the default HTTP version to another preferred version
* TWEAK: Improve 'move' and 'copy' filesystem functions in restoring directories containing files to a different mount point/partition than where they reside
* TWEAK: Improve files pruning mechanism, by not repeating already-done ones when resuming deletions
* TWEAK: Improve the Handlebars templates of the Google Drive, Dropbox and UpdraftVault remote storage modules by taking PHP code out of them
* TWEAK: Improve widget layout when decrypting a backup
* TWEAK: Remove Boostrap CSS in Restore Wizard and replace with Flexbox CSS
* TWEAK: Add multisite subsites header information to the database backup file that will be used for converting a network subsite to a standalone normal WordPress site
* TWEAK: Add the UpdraftPlus plugin slug header to the database backup file
* TWEAK: Include next-level-up directory path along with deleted folder's name when deleting a folder
* TWEAK: Update seasonal notices
* TWEAK: Make common logic for getting backup history from the database
* TWEAK: Remove usage of the file_get_contents() function from WebDAV remote storage without chunking upload
* TWEAK: Pass through some previously unhandled Dropbox error codes
* TWEAK: Added the "non-core" word to the WordPress database tables excluded warning.
* TWEAK: Remove WordPress core tables from the non-core WordPress database tables excluded list in restoration step 2
* TWEAK: When migrating the www site, the search replace will be performed in database tables on the non-www domain too, and vice versa
