mainwp-child/class/class-mainwp-child-vulnerability-checker.php

<?php

class MainWP_Child_Vulnerability_Checker {
    
    public static $instance = null;
    
    static function Instance() {
            if ( null === MainWP_Child_Vulnerability_Checker::$instance ) {
                    MainWP_Child_Vulnerability_Checker::$instance = new MainWP_Child_Vulnerability_Checker();
            }
            return MainWP_Child_Vulnerability_Checker::$instance;
    }

    public function __construct() {		                
                          
    }

    public function action() {
            $information = array();		
            if (get_option( 'mainwp_vulnerability_ext_enabled' ) !== 'Y')
                MainWP_Helper::update_option( 'mainwp_vulnerability_ext_enabled', 'Y' );	

            if ( isset( $_POST['mwp_action'] ) ) {
                    switch ( $_POST['mwp_action'] ) {
                            case 'vulner_recheck':
                                $information = $this->vulner_recheck();
                            break;      
                    }
            }
            MainWP_Helper::write( $information );
    }
                
    function vulner_recheck(){
            $result = array();
            $force = (isset($_POST['force']) && !empty($_POST['force'])) ? true : false;
            $result['plugin'] = $this->check_plugins($force);           
            $result['wp'] = $this->check_wp($force);
            $result['theme'] = $this->check_themes($force);
            $information = array( 'result' => $result, 'ok' => 1);                         
            return $information;
    }       
       
    function check_plugins($force = false){             
            $result = array();
            $active_plugins = get_option('active_plugins');  
            
            if( !empty($active_plugins) ){                
                foreach($active_plugins as $plug){
                    
                    $plugin_file = WP_CONTENT_DIR . '/plugins/' . $plug;
                    $plugin_info = get_plugin_data($plugin_file);   
                    $plugin_version = isset($plugin_info['Version']) ? $plugin_info['Version'] : '';                    
                    $string = explode('/',$plug);                    
                    $plug_vuln = get_transient('mainwp_vulnche_trans_plug_'.$string[0]);
                    if(false === $plug_vuln || $force) {
                        $plug_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/plugins/' . $string[0]);
                        set_transient('mainwp_vulnche_trans_plug_'.$string[0],$plug_vuln, 1 * DAY_IN_SECONDS);
                    }
                    if ($plug_vuln) {
                        $plug_vuln = json_decode($plug_vuln, true);  
                        $plug_vuln_filter = $plug_vuln;

                        foreach ($plug_vuln as $slug => $pl_data) {
                            if (isset($pl_data['vulnerabilities']) && count($pl_data['vulnerabilities']) > 0) {                                
                                $plug_vulner_data = array();
                                foreach($pl_data['vulnerabilities'] as $vuln_data) {
                                    if ( isset($vuln_data['fixed_in']) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) {
                                        continue;
                                    }
                                    $plug_vulner_data[] = $vuln_data;
                                }

                                if(count($plug_vulner_data) == 0) {
                                    unset($plug_vuln_filter[$slug]);
                                } else {
                                    $plug_vuln_filter[$slug]['vulnerabilities'] = $plug_vulner_data;
                                }

                            } else {
                                unset($plug_vuln_filter[$slug]);
                            }

                        }

                        if (count($plug_vuln_filter) == 0) {
                            continue;
                        }                         
                        $plug_vuln = json_encode($plug_vuln_filter); 
                        
                    } else {
                        continue;
                    }                    
                    $result[$plug] = $plug_vuln;                    
                }
            }
            return $result;
    }
        
    function check_wp($force = false){            
            $wp_vuln = get_transient('mainwp_vulnche_trans_wp_json');
            $wp_version = str_replace('.', '', get_bloginfo('version'));            
            if(false === $wp_vuln || $force) {                
                $wp_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/wordpresses/' . $wp_version);
                set_transient('mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS);
            }             
            return $wp_vuln;
    }
        
    function check_themes($force = false){
        
        require_once( ABSPATH . 'wp-admin/includes/misc.php' );
        require_once( ABSPATH . 'wp-admin/includes/theme.php' );
        
        if ( current_user_can( 'switch_themes' ) ) {
            $themes = wp_prepare_themes_for_js();
        } else {
            $themes = wp_prepare_themes_for_js( array( wp_get_theme() ) );
        }          
        wp_reset_vars( array( 'theme', 'search' ) );        
        $result = array();                  
        if(!empty($themes)){            
            foreach($themes as $th){
                if(empty($th['parent'])) {
                    $th_vuln = get_transient('mainwp_vulnche_trans_theme_' . $th['id']);
                    if (false === $th_vuln || $force) {
                        $th_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/themes/' . $th['id']);
                        set_transient('mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS);
                    }
                    
                    if ($th_vuln) {
                        $th_vuln = json_decode($th_vuln, true);
                        $th_vuln_filter = $th_vuln;                        
                        foreach ($th_vuln as $slug => $th_data) {
                            if (isset($th_data['vulnerabilities']) && count($th_data['vulnerabilities']) > 0) {
                                
                                $th_vulner_data = array();
                                foreach($th_data['vulnerabilities'] as $vuln_data) {
                                    if (empty($vuln_data))
                                        continue;
                                    
                                    if ( isset($vuln_data['fixed_in']) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {
                                        continue;
                                    }
                                    
                                    $th_vulner_data[] = $vuln_data;
                                }
                                
                                if(count($th_vulner_data) == 0) {
                                    unset($th_vuln_filter[$slug]);
                                } else {
                                    $th_vuln_filter[$slug]['vulnerabilities'] = $th_vulner_data;
                                }                                
                            } else {
                                unset($th_vuln_filter[$slug]);
                            }                            
                        }       
                        
                        if (count($th_vuln_filter) == 0) {
                            continue;
                        }   
                        
                        $th_vuln = json_encode($th_vuln_filter);
                    } else {
                        continue;
                    }
                    
                    $result[$th['id']]['vulner_data'] = $th_vuln;
                    $result[$th['id']]['name'] = $th['name'];
                    $result[$th['id']]['author'] = $th['author'];                                      
                }
            }
        }
        return $result;
    }

    
    function vulnche_get_content ($url) {
        
        $ch = curl_init();
     
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_USERAGENT, $this->get_random_user_agent());
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
    
        $output = curl_exec($ch);
        $info = curl_getinfo($ch, CURLINFO_HTTP_CODE);
       
        curl_close($ch);
        if ($output === false || $info != 200) {
            $output = null;
        }
        return $output;
    }
    
        
    function get_random_user_agent ( ) {
        
        $someUA = array (
            "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1",
            "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0",
            "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.18 Safari/525.19",
            "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13",
            "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
            "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.40607)",
            "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322)",
            "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 3.1; Alexa Toolbar; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
            "Mozilla/45.0 (compatible; MSIE 6.0; Windows NT 5.1)",
            "Mozilla/4.08 (compatible; MSIE 6.0; Windows NT 5.1)",
            "Mozilla/4.01 (compatible; MSIE 6.0; Windows NT 5.1)"
        );
        
        srand((double)microtime()*1000000);
        
        return $someUA[rand(0,count($someUA)-1)];
    }


}
merge with branch01 + version update 2017-02-22 21:39:22 +01:00			`<?php`

			`class MainWP_Child_Vulnerability_Checker {`

			`public static $instance = null;`

			`static function Instance() {`
			`if ( null === MainWP_Child_Vulnerability_Checker::$instance ) {`
			`MainWP_Child_Vulnerability_Checker::$instance = new MainWP_Child_Vulnerability_Checker();`
			`}`
			`return MainWP_Child_Vulnerability_Checker::$instance;`
			`}`

			`public function __construct() {`

			`}`

			`public function action() {`
			`$information = array();`
			`if (get_option( 'mainwp_vulnerability_ext_enabled' ) !== 'Y')`
			`MainWP_Helper::update_option( 'mainwp_vulnerability_ext_enabled', 'Y' );`

			`if ( isset( $_POST['mwp_action'] ) ) {`
			`switch ( $_POST['mwp_action'] ) {`
			`case 'vulner_recheck':`
			`$information = $this->vulner_recheck();`
			`break;`
			`}`
			`}`
			`MainWP_Helper::write( $information );`
			`}`

			`function vulner_recheck(){`
			`$result = array();`
			`$force = (isset($_POST['force']) && !empty($_POST['force'])) ? true : false;`
			`$result['plugin'] = $this->check_plugins($force);`
			`$result['wp'] = $this->check_wp($force);`
			`$result['theme'] = $this->check_themes($force);`
			`$information = array( 'result' => $result, 'ok' => 1);`
			`return $information;`
			`}`

			`function check_plugins($force = false){`
			`$result = array();`
			`$active_plugins = get_option('active_plugins');`

			`if( !empty($active_plugins) ){`
			`foreach($active_plugins as $plug){`

			`$plugin_file = WP_CONTENT_DIR . '/plugins/' . $plug;`
			`$plugin_info = get_plugin_data($plugin_file);`
			`$plugin_version = isset($plugin_info['Version']) ? $plugin_info['Version'] : '';`
			`$string = explode('/',$plug);`
			`$plug_vuln = get_transient('mainwp_vulnche_trans_plug_'.$string[0]);`
			`if(false === $plug_vuln \|\| $force) {`
			`$plug_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/plugins/' . $string[0]);`
			`set_transient('mainwp_vulnche_trans_plug_'.$string[0],$plug_vuln, 1 * DAY_IN_SECONDS);`
			`}`
			`if ($plug_vuln) {`
			`$plug_vuln = json_decode($plug_vuln, true);`
			`$plug_vuln_filter = $plug_vuln;`

			`foreach ($plug_vuln as $slug => $pl_data) {`
			`if (isset($pl_data['vulnerabilities']) && count($pl_data['vulnerabilities']) > 0) {`
			`$plug_vulner_data = array();`
			`foreach($pl_data['vulnerabilities'] as $vuln_data) {`
			`if ( isset($vuln_data['fixed_in']) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) {`
			`continue;`
			`}`
			`$plug_vulner_data[] = $vuln_data;`
			`}`

			`if(count($plug_vulner_data) == 0) {`
			`unset($plug_vuln_filter[$slug]);`
			`} else {`
			`$plug_vuln_filter[$slug]['vulnerabilities'] = $plug_vulner_data;`
			`}`

			`} else {`
			`unset($plug_vuln_filter[$slug]);`
			`}`

			`}`

			`if (count($plug_vuln_filter) == 0) {`
			`continue;`
			`}`
			`$plug_vuln = json_encode($plug_vuln_filter);`

			`} else {`
			`continue;`
			`}`
			`$result[$plug] = $plug_vuln;`
			`}`
			`}`
			`return $result;`
			`}`

			`function check_wp($force = false){`
			`$wp_vuln = get_transient('mainwp_vulnche_trans_wp_json');`
			`$wp_version = str_replace('.', '', get_bloginfo('version'));`
			`if(false === $wp_vuln \|\| $force) {`
			`$wp_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/wordpresses/' . $wp_version);`
			`set_transient('mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS);`
			`}`
			`return $wp_vuln;`
			`}`

			`function check_themes($force = false){`

			`require_once( ABSPATH . 'wp-admin/includes/misc.php' );`
			`require_once( ABSPATH . 'wp-admin/includes/theme.php' );`

			`if ( current_user_can( 'switch_themes' ) ) {`
			`$themes = wp_prepare_themes_for_js();`
			`} else {`
			`$themes = wp_prepare_themes_for_js( array( wp_get_theme() ) );`
			`}`
			`wp_reset_vars( array( 'theme', 'search' ) );`
			`$result = array();`
			`if(!empty($themes)){`
			`foreach($themes as $th){`
			`if(empty($th['parent'])) {`
			`$th_vuln = get_transient('mainwp_vulnche_trans_theme_' . $th['id']);`
			`if (false === $th_vuln \|\| $force) {`
			`$th_vuln = $this->vulnche_get_content('https://wpvulndb.com/api/v2/themes/' . $th['id']);`
			`set_transient('mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS);`
			`}`

			`if ($th_vuln) {`
			`$th_vuln = json_decode($th_vuln, true);`
			`$th_vuln_filter = $th_vuln;`
			`foreach ($th_vuln as $slug => $th_data) {`
			`if (isset($th_data['vulnerabilities']) && count($th_data['vulnerabilities']) > 0) {`

			`$th_vulner_data = array();`
			`foreach($th_data['vulnerabilities'] as $vuln_data) {`
			`if (empty($vuln_data))`
			`continue;`

			`if ( isset($vuln_data['fixed_in']) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {`
			`continue;`
			`}`

			`$th_vulner_data[] = $vuln_data;`
			`}`

			`if(count($th_vulner_data) == 0) {`
			`unset($th_vuln_filter[$slug]);`
			`} else {`
			`$th_vuln_filter[$slug]['vulnerabilities'] = $th_vulner_data;`
			`}`
			`} else {`
			`unset($th_vuln_filter[$slug]);`
			`}`
			`}`

			`if (count($th_vuln_filter) == 0) {`
			`continue;`
			`}`

			`$th_vuln = json_encode($th_vuln_filter);`
			`} else {`
			`continue;`
			`}`

			`$result[$th['id']]['vulner_data'] = $th_vuln;`
			`$result[$th['id']]['name'] = $th['name'];`
			`$result[$th['id']]['author'] = $th['author'];`
			`}`
			`}`
			`}`
			`return $result;`
			`}`


			`function vulnche_get_content ($url) {`

			`$ch = curl_init();`

			`curl_setopt($ch, CURLOPT_URL, $url);`
			`curl_setopt($ch, CURLOPT_HEADER, 0);`
			`curl_setopt($ch, CURLOPT_USERAGENT, $this->get_random_user_agent());`
			`curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);`

			`$output = curl_exec($ch);`
			`$info = curl_getinfo($ch, CURLINFO_HTTP_CODE);`

			`curl_close($ch);`
			`if ($output === false \|\| $info != 200) {`
			`$output = null;`
			`}`
			`return $output;`
			`}`


			`function get_random_user_agent ( ) {`

			`$someUA = array (`
			`"Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1",`
			`"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0",`
			`"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.18 Safari/525.19",`
			`"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13",`
			`"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",`
			`"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.40607)",`
			`"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322)",`
			`"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 3.1; Alexa Toolbar; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",`
			`"Mozilla/45.0 (compatible; MSIE 6.0; Windows NT 5.1)",`
			`"Mozilla/4.08 (compatible; MSIE 6.0; Windows NT 5.1)",`
			`"Mozilla/4.01 (compatible; MSIE 6.0; Windows NT 5.1)"`
			`);`

			`srand((double)microtime()*1000000);`

			`return $someUA[rand(0,count($someUA)-1)];`
			`}`


			`}`