mainwp/mainwp-child
1
0
Fork 0
mirror of https://github.com/mainwp/mainwp-child.git synced 2025-09-05 09:19:53 +08:00
Code Issues Projects Packages Wiki Activity Actions

merge branch01 + fix invalid security fix for admin user

Browse source
This commit is contained in:
ruben- 2016-12-29 22:19:20 +01:00
parent fef2de881b
commit 2e89454786
5 changed files with 84 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
class/class-mainwp-child-skeleton-key.php
View file

@ -58,7 +58,7 @@ class MainWP_Child_Skeleton_Key {
$url = '/' . $_POST['url'];
$expiration = time() + 300;
$expiration = time() + 600;
$manager = WP_Session_Tokens::get_instance( $current_user->ID );
$token = $manager->create( $expiration );

1
class/class-mainwp-child-wp-rocket.php
View file

@ -305,6 +305,7 @@ class MainWP_Child_WP_Rocket {
'minify_html' => 0,
'minify_html_inline_css' => 0,
'minify_html_inline_js' => 0,
'remove_query_strings' => 0,
'dns_prefetch' => 0,
'cdn' => 0,
'cdn_cnames' => array(),

73
class/class-mainwp-child.php
View file

@ -148,6 +148,7 @@ class MainWP_Child {
'skeleton_key' => 'skeleton_key',
'custom_post_type' => 'custom_post_type',
'backup_buddy' => 'backup_buddy',
'get_site_icon' => 'get_site_icon'
);
private $FTP_ERROR = 'Failed! Please, add FTP details for automatic updates.';
@ -3141,7 +3142,7 @@ class MainWP_Child {
$information['php_reporting'] = ( ! MainWP_Security::remove_php_reporting_ok() ? 'N' : 'Y' );
$information['versions'] = ( ! MainWP_Security::remove_scripts_version_ok() || ! MainWP_Security::remove_styles_version_ok() || ! MainWP_Security::remove_generator_version_ok()
? 'N' : 'Y' );
$information['admin'] = ( ! MainWP_Security::admin_user_ok() ? 'N' : 'Y' );
$information['admin'] = ( MainWP_Security::admin_user_ok() ? 'Y' : 'N' );
$information['readme'] = ( MainWP_Security::remove_readme_ok() ? 'Y' : 'N' );
MainWP_Helper::write( $information );
@ -3520,22 +3521,74 @@ class MainWP_Child {
return $information;
}
function get_favicon() {
$favi = '';
function get_site_icon() {
$information = array();
$url = $this->get_favicon( true );
if ( !empty( $url ) )
$information['faviIconUrl'] = $url;
MainWP_Helper::write( $information );
}
function get_favicon( $parse_page = false ) {
$favi_url = '';
$favi = ''; // to compatible
$site_url = get_option( 'siteurl' );
if ( substr( $site_url, - 1 ) != '/' ) {
$site_url .= '/';
}
if ( function_exists( 'get_site_icon_url' ) && has_site_icon() ) {
$favi = get_site_icon_url();
$favi = $favi_url = get_site_icon_url();
}
if ( empty( $favi ) ) {
if ( file_exists( ABSPATH . 'favicon.ico' ) ) {
$favi = 'favicon.ico';
} else if ( file_exists( ABSPATH . 'favicon.png' ) ) {
$favi = 'favicon.png';
}
if ( file_exists( ABSPATH . 'favicon.ico' ) ) {
$favi = 'favicon.ico';
} else if ( file_exists( ABSPATH . 'favicon.png' ) ) {
$favi = 'favicon.png';
}
if ( !empty( $favi ) ) {
$favi_url = $site_url . $favi;
}
}
return $favi;
if ($parse_page) {
// try to parse page
if (empty($favi_url)) {
$request = wp_remote_get( $site_url, array( 'timeout' => 50 ) );
$favi = '';
if ( is_array( $request ) && isset( $request['body'] ) ) {
// to fix bug
$preg_str1 = '/(<link\s+(?:[^\>]*)(?:rel="shortcut\s+icon"\s*)(?:[^>]*)?href="([^"]+)"(?:[^>]*)?>)/is';
$preg_str2 = '/(<link\s+(?:[^\>]*)(?:rel="(?:shortcut\s+)?icon"\s*)(?:[^>]*)?href="([^"]+)"(?:[^>]*)?>)/is';
if ( preg_match( $preg_str1, $request['body'], $matches ) ) {
$favi = $matches[2];
} else if ( preg_match( $preg_str2, $request['body'], $matches ) ) {
$favi = $matches[2];
}
}
if ( !empty( $favi ) ){
if ( false === strpos( $favi, 'http' ) ) {
$favi_url = $site_url . $favi;
} else {
$favi_url = $favi;
}
}
}
if ( !empty( $favi_url ) ) {
return $favi_url;
} else {
return false;
}
} else {
return $favi_url;
}
}
function scanDir( $pDir, $pLvl ) {

14
class/class-mainwp-client-report.php
View file

@ -87,6 +87,9 @@ class MainWP_Client_Report {
case 'set_showhide':
$information = $this->set_showhide();
break;
case 'save_settings':
$information = $this->save_settings();
break;
}
}
MainWP_Helper::write( $information );
@ -652,7 +655,6 @@ class MainWP_Client_Report {
}
$record_id = $record->ID;
$meta_key = $data;
if ( 3 === self::$streamVersionNumber && 'author_meta' === $meta_key ) {
@ -688,6 +690,16 @@ class MainWP_Client_Report {
return $information;
}
function save_settings() {
$settings = isset( $_POST['settings'] ) ? $_POST['settings'] : array();
$report_settings = get_option( 'mainwp_wp_stream', array() );
$report_settings['general_records_ttl'] = $settings['records_ttl'];
$report_settings['general_period_of_time'] = $settings['period_of_time'];
update_option('mainwp_wp_stream', $report_settings);
$information['result'] = 'success';
return $information;
}
public function creport_init() {
if ( get_option( 'mainwp_creport_ext_branding_enabled' ) !== 'Y' ) {
return;

7
class/class-mainwp-security.php
View file

@ -388,8 +388,13 @@ class MainWP_Security {
//Admin user name is not admin
public static function admin_user_ok() {
$user = get_user_by( 'login', 'admin' );
if ( ! $user ) return true;
return ! ( $user && ( 10 === $user->wp_user_level || ( isset( $user->user_level ) && 10 === $user->user_level ) ) );
if ( 10 !== $user->wp_user_level && ( ! isset( $user->user_level ) || 10 !== $user->user_level ) && ! user_can( $user, 'level_10' ) ) {
return true;
}
return false;
}
public static function update_security_option( $key, $value ) {