diff --git a/class/class-mainwp-child-updraft-plus-backups.php b/class/class-mainwp-child-updraft-plus-backups.php index 2c2562e..aeaa77e 100644 --- a/class/class-mainwp-child-updraft-plus-backups.php +++ b/class/class-mainwp-child-updraft-plus-backups.php @@ -1039,34 +1039,44 @@ class MainWP_Child_Updraft_Plus_Backups { private function next_scheduled_backups() { global $updraftplus; - // UNIX timestamp - $next_scheduled_backup = wp_next_scheduled( 'updraft_backup' ); - + $next_scheduled_backup_gmt = $next_scheduled_backup_database_gmt = 0; - if ( $next_scheduled_backup ) { + // UNIX timestamp + $next_scheduled_backup = wp_next_scheduled('updraft_backup'); + if ($next_scheduled_backup) { // Convert to GMT - $next_scheduled_backup_gmt = gmdate( 'Y-m-d H:i:s', $next_scheduled_backup ); + $next_scheduled_backup_gmt = gmdate('Y-m-d H:i:s', $next_scheduled_backup); // Convert to blog time zone - $next_scheduled_backup = get_date_from_gmt( $next_scheduled_backup_gmt, 'D, F j, Y H:i' ); + $next_scheduled_backup = get_date_from_gmt($next_scheduled_backup_gmt, 'D, F j, Y H:i'); +// $next_scheduled_backup = date_i18n('D, F j, Y H:i', $next_scheduled_backup); } else { - $next_scheduled_backup = __( 'Nothing currently scheduled', 'updraftplus' ); + $next_scheduled_backup = __('Nothing currently scheduled', 'updraftplus'); + $files_not_scheduled = true; } - - $next_scheduled_backup_database = wp_next_scheduled( 'updraft_backup_database' ); - if ( UpdraftPlus_Options::get_updraft_option( 'updraft_interval_database', UpdraftPlus_Options::get_updraft_option( 'updraft_interval' ) ) == UpdraftPlus_Options::get_updraft_option( 'updraft_interval' ) ) { - $next_scheduled_backup_database = ( 'Nothing currently scheduled' == $next_scheduled_backup ) ? $next_scheduled_backup : __( 'At the same time as the files backup', 'updraftplus' ); - } else { - if ( $next_scheduled_backup_database ) { - // Convert to GMT - $next_scheduled_backup_database_gmt = gmdate( 'Y-m-d H:i:s', $next_scheduled_backup_database ); - // Convert to blog time zone - $next_scheduled_backup_database = get_date_from_gmt( $next_scheduled_backup_database_gmt, 'D, F j, Y H:i' ); + + $next_scheduled_backup_database = wp_next_scheduled('updraft_backup_database'); + if (UpdraftPlus_Options::get_updraft_option('updraft_interval_database',UpdraftPlus_Options::get_updraft_option('updraft_interval')) == UpdraftPlus_Options::get_updraft_option('updraft_interval')) { + if (isset($files_not_scheduled)) { + $next_scheduled_backup_database = $next_scheduled_backup; + $database_not_scheduled = true; } else { - $next_scheduled_backup_database = __( 'Nothing currently scheduled', 'updraftplus' ); + $next_scheduled_backup_database = __("At the same time as the files backup", 'updraftplus'); + $next_scheduled_backup_database_same_time = true; + } + } else { + if ($next_scheduled_backup_database) { + // Convert to GMT + $next_scheduled_backup_database_gmt = gmdate('Y-m-d H:i:s', $next_scheduled_backup_database); + // Convert to blog time zone + $next_scheduled_backup_database = get_date_from_gmt($next_scheduled_backup_database_gmt, 'D, F j, Y H:i'); +// $next_scheduled_backup_database = date_i18n('D, F j, Y H:i', $next_scheduled_backup_database); + } else { + $next_scheduled_backup_database = __('Nothing currently scheduled', 'updraftplus'); + $database_not_scheduled = true; } } - + $current_timegmt = time(); $current_time = get_date_from_gmt( gmdate( 'Y-m-d H:i:s', $current_timegmt ), 'D, F j, Y H:i' ); @@ -1086,7 +1096,7 @@ class MainWP_Child_Updraft_Plus_Backups { 'n' => $html, 'updraft_backup_disabled' => $backup_disabled, 'nextsched_files_gmt' => $next_scheduled_backup_gmt, - 'nextsched_database_gmt' => $next_scheduled_backup_gmt, + 'nextsched_database_gmt' => $next_scheduled_backup_database_gmt, 'nextsched_current_timegmt' => $current_timegmt, 'nextsched_current_timezone' => $current_time, ); @@ -1095,7 +1105,7 @@ class MainWP_Child_Updraft_Plus_Backups { $out['nextsched_files_timezone'] = $next_scheduled_backup; } - if ( $next_scheduled_backup_gmt ) { + if ( $next_scheduled_backup_database_gmt ) { $out['nextsched_database_timezone'] = $next_scheduled_backup_database; } diff --git a/class/class-mainwp-child-wordfence.php b/class/class-mainwp-child-wordfence.php index 2005b81..be0b098 100644 --- a/class/class-mainwp-child-wordfence.php +++ b/class/class-mainwp-child-wordfence.php @@ -4,7 +4,17 @@ class MainWP_Child_Wordfence { public static $instance = null; public $is_wordfence_installed = false; public $plugin_translate = 'mainwp-child'; - + + const OPTIONS_TYPE_GLOBAL = 'global'; + const OPTIONS_TYPE_FIREWALL = 'firewall'; + const OPTIONS_TYPE_BLOCKING = 'blocking'; + const OPTIONS_TYPE_SCANNER = 'scanner'; + const OPTIONS_TYPE_TWO_FACTOR = 'twofactor'; + const OPTIONS_TYPE_LIVE_TRAFFIC = 'livetraffic'; + const OPTIONS_TYPE_COMMENT_SPAM = 'commentspam'; + const OPTIONS_TYPE_DIAGNOSTICS = 'diagnostics'; + const OPTIONS_TYPE_ALL = 'alloptions'; + public static $options_filter = array( 'alertEmails', 'alertOn_adminLogin', @@ -15,6 +25,7 @@ class MainWP_Child_Wordfence { 'alertOn_lostPasswdForm', 'alertOn_nonAdminLogin', 'alertOn_firstNonAdminLoginOnly', + 'alertOn_wordfenceDeactivated', 'alertOn_update', 'alertOn_warnings', 'alert_maxHourly', @@ -84,10 +95,12 @@ class MainWP_Child_Wordfence { 'maxScanHits_action', 'blockedTime', 'liveTraf_ignorePublishers', + 'liveTraf_displayExpandedRecords', 'liveTraf_ignoreUsers', 'liveTraf_ignoreIPs', 'liveTraf_ignoreUA', 'liveTraf_maxRows', + 'displayTopLevelLiveTraffic', 'whitelisted', 'bannedURLs', 'other_hideWPVersion', @@ -103,7 +116,7 @@ class MainWP_Child_Wordfence { 'disableCookies', 'startScansRemotely', //'disableConfigCaching', - 'addCacheComment', + //'addCacheComment', // removed 'disableCodeExecutionUploads', //'isPaid', "advancedCommentScanning", @@ -120,11 +133,21 @@ class MainWP_Child_Wordfence { 'wafAlertWhitelist', 'wafAlertOnAttacks', //'ajaxWatcherDisabled_front', // do not update those values when save settings - //'ajaxWatcherDisabled_admin' - 'howGetIPs_trusted_proxies', + //'ajaxWatcherDisabled_admin' // those values saved in the ['changes'] in the saveOptions function + 'howGetIPs_trusted_proxies', + 'other_bypassLitespeedNoabort', + 'disableWAFIPBlocking', + 'other_blockBadPOST', + 'displayTopLevelBlocking', + 'betaThreatDefenseFeed', + 'scanType', + 'wafStatus', + 'learningModeGracePeriodEnabled', + 'learningModeGracePeriod' ); - - public static $diagnosticParams = array( + + // for separated saving this values + public static $diagnosticParams = array( //'addCacheComment', 'debugOn', 'startScansRemotely', @@ -132,7 +155,13 @@ class MainWP_Child_Wordfence { //'disableConfigCaching', 'betaThreatDefenseFeed', ); - + + public static $firewall_options_filter = array( + 'wafStatus', + 'learningModeGracePeriodEnabled', + 'learningModeGracePeriod' + ); + static function Instance() { if ( null === MainWP_Child_Wordfence::$instance ) { @@ -186,12 +215,18 @@ class MainWP_Child_Wordfence { case 'kill_scan': $information = $this->kill_scan(); break; + case 'requestScan': + $information = $this->requestScan(); + break; + case 'killScan': + $information = $this->killScan(); + break; case 'set_showhide': $information = $this->set_showhide(); break; case 'get_log': $information = $this->get_log(); - break; + break; case 'update_log': $information = $this->update_log(); break; @@ -201,37 +236,73 @@ class MainWP_Child_Wordfence { case 'load_issues': $information = $this->load_issues(); break; + case 'loadIssues': + $information = $this->ajax_loadIssues_callback(); + break; + case 'load_wafData': + $information = $this->load_wafData(); + break; case 'update_all_issues': $information = $this->update_all_issues(); break; case 'update_issues_status': $information = $this->update_issues_status(); break; + case 'updateIssueStatus': + $information = $this->updateIssueStatus(); + break; case 'delete_issues': $information = $this->delete_issues(); break; case 'bulk_operation': $information = $this->bulk_operation(); break; + case 'bulkOperation': // new + $information = $this->bulkOperation(); + break; case 'delete_file': $information = $this->delete_file(); break; case 'restore_file': $information = $this->restore_file(); break; - case 'save_setting': + case 'save_setting': // to compatible $information = $this->save_setting(); break; + case 'save_settings_new': + $information = $this->save_settings_new(); + break; + case 'saveOptions': + $information = $this->saveOptions(); + break; + case 'recentTraffic': + $information = $this->recentTraffic(); + break; case 'ticker': $information = $this->ticker(); break; case 'reverse_lookup': $information = $this->reverse_lookup(); break; - case 'block_ip': - $information = $this->block_ip(); + case 'block_ip': // old block ip + $information = $this->ajax_blockIP_callback(); break; - case 'unblock_ip': + case 'whois': + $information = $this->whois(); + break; + case 'createBlock': // new version blockIP, blockIPUARange + $information = $this->ajax_createBlock_callback(); + break; + case 'getBlocks': + $information = $this->ajax_getBlocks_callback(); + break; + case 'deleteBlocks': + $information = $this->ajax_deleteBlocks_callback(); + break; + case 'makePermanentBlocks': + $information = $this->ajax_makePermanentBlocks_callback(); + break; + case 'unblock_ip': $information = $this->unblock_ip(); break; case 'load_static_panel': @@ -252,7 +323,10 @@ class MainWP_Child_Wordfence { case "check_falcon_htaccess": $information = $this->checkFalconHtaccess(); break; - case "save_cache_options": + case "checkHtaccess": + $information = $this->checkHtaccess(); + break; + case "save_cache_options": $information = $this->saveCacheOptions(); break; case "clear_page_cache": @@ -276,6 +350,9 @@ class MainWP_Child_Wordfence { case 'update_waf_rules': $information = $this->updateWAFRules(); break; + case 'update_waf_rules_new': + $information = $this->updateWAFRules_New(); + break; case 'save_debugging_config': $information = $this->save_debugging_config(); break; @@ -346,22 +423,183 @@ class MainWP_Child_Wordfence { } MainWP_Helper::write( $information ); } - - private function start_scan() { - $information = array(); - if ( wfUtils::isScanRunning() ) { - $information['error'] = 'SCAN_RUNNING'; - - return $information; - } - $err = wfScanEngine::startScan(); - if ( $err ) { - $information['error'] = htmlentities( $err ); - } else { - $information['result'] = 'SUCCESS'; - } - - return $information; + + + public static function getSectionSettings($section) { + $general_opts = array( + 'scheduleScan', + 'apiKey', + 'autoUpdate', + 'alertEmails', + 'howGetIPs', + 'howGetIPs_trusted_proxies', + 'other_hideWPVersion', + 'disableCodeExecutionUploads', + 'disableCookies', + 'actUpdateInterval', + 'disableCookies', + 'deleteTablesOnDeact', + 'notification_updatesNeeded', + 'notification_securityAlerts', // paid + 'notification_promotions', // paid + 'notification_blogHighlights', // paid + 'notification_productUpdates', // paid + 'notification_scanStatus', + 'alertOn_update', + 'alertOn_wordfenceDeactivated', + 'alertOn_critical', + 'alertOn_warnings', + 'alertOn_block', + 'alertOn_loginLockout', + 'alertOn_lostPasswdForm', + 'alertOn_adminLogin', + 'alertOn_firstAdminLoginOnly', + 'alertOn_nonAdminLogin', + 'alertOn_firstNonAdminLoginOnly', + 'wafAlertOnAttacks', + 'alert_maxHourly', + 'email_summary_enabled', + 'email_summary_interval', + 'email_summary_excluded_directories', + 'email_summary_dashboard_widget_enabled', + 'other_noAnonMemberComments', + 'other_scanComments', + 'advancedCommentScanning' // paid + ); + + $traffic_opts = array( + 'liveTrafficEnabled', + 'liveTraf_ignorePublishers', + 'liveTraf_displayExpandedRecords', + 'liveTraf_ignoreUsers', + 'liveTraf_ignoreIPs', + 'liveTraf_ignoreUA', + 'liveTraf_maxRows', + 'displayTopLevelLiveTraffic' + ); + + $firewall_opts = array( + 'disableWAFIPBlocking', + 'whitelisted', + 'bannedURLs', + 'wafAlertWhitelist', + 'firewallEnabled', + 'blockFakeBots', + 'neverBlockBG', + 'maxGlobalRequests', + 'maxGlobalRequests_action', + 'maxRequestsCrawlers', + 'maxRequestsCrawlers_action', + 'max404Crawlers', + 'max404Crawlers_action', + 'maxRequestsHumans', + 'maxRequestsHumans_action', + 'max404Humans', + 'max404Humans_action', + 'maxScanHits', + 'maxScanHits_action', + 'blockedTime', + 'allowed404s', + 'loginSecurityEnabled', + 'loginSec_maxFailures', + 'loginSec_maxForgotPasswd', + 'loginSec_countFailMins', + 'loginSec_lockoutMins', + 'loginSec_lockInvalidUsers', + 'loginSec_userBlacklist', + 'loginSec_strongPasswds', + 'loginSec_maskLoginErrors', + 'loginSec_blockAdminReg', + 'loginSec_disableAuthorScan', + 'other_blockBadPOST', + 'other_pwStrengthOnUpdate', + 'other_WFNet', + 'wafStatus', + 'learningModeGracePeriodEnabled', + 'learningModeGracePeriod' + ); + + $scan_opts = array( + 'scansEnabled_checkGSB', //paid + 'spamvertizeCheck', //paid + 'checkSpamIP', // paid + 'scansEnabled_checkHowGetIPs', + 'scansEnabled_checkReadableConfig', + 'scansEnabled_suspectedFiles', + 'scansEnabled_core', + 'scansEnabled_themes', + 'scansEnabled_plugins', + 'scansEnabled_coreUnknown', + 'scansEnabled_malware', + 'scansEnabled_fileContents', + 'scansEnabled_fileContentsGSB', + 'scansEnabled_posts', + 'scansEnabled_comments', + 'scansEnabled_suspiciousOptions', + 'scansEnabled_oldVersions', + 'scansEnabled_suspiciousAdminUsers', + 'scansEnabled_passwds', + 'scansEnabled_diskSpace', + 'scansEnabled_dns', + 'other_scanOutside', + 'scansEnabled_scanImages', + 'scansEnabled_highSense', + 'scheduledScansEnabled', + 'lowResourceScansEnabled', + 'scan_maxIssues', + 'scan_maxDuration', + 'maxMem', + 'maxExecutionTime', + 'scan_exclude', + 'scan_include_extra', + 'scanType' + ); + $diagnostics_opts = array( + 'debugOn', + 'startScansRemotely', + 'ssl_verify', + 'betaThreatDefenseFeed' + ); + + $blocking_opts = array( + 'displayTopLevelBlocking', + ); + + $options = array(); + + switch($section) { + case self::OPTIONS_TYPE_GLOBAL: + $options = $general_opts; + break; + case self::OPTIONS_TYPE_LIVE_TRAFFIC: + $options = $traffic_opts; + break; + case self::OPTIONS_TYPE_FIREWALL: + $options = $firewall_opts; + break; + case self::OPTIONS_TYPE_SCANNER: + $options = $scan_opts; + break; + case self::OPTIONS_TYPE_DIAGNOSTICS: + $options = $diagnostics_opts; + break; + case self::OPTIONS_TYPE_BLOCKING: + $options = $blocking_opts; + break; + case self::OPTIONS_TYPE_ALL: + $options = array_merge($general_opts, $traffic_opts, $firewall_opts, $scan_opts, $diagnostics_opts, $blocking_opts); + break; + } + return $options; + } + + + private function start_scan() { + $information = wordfence::ajax_scan_callback(); + if ( is_array($information) && isset($information['ok']) ) + $information['result'] = 'SUCCESS'; + + return $information; } private function kill_scan() { @@ -373,6 +611,14 @@ class MainWP_Child_Wordfence { 'ok' => 1, ); } + + private function requestScan() { + return wordfence::ajax_scan_callback(); + } + + private function killScan() { + return wordfence::ajax_killScan_callback(); + } function set_showhide() { $hide = isset( $_POST['showhide'] ) && ( $_POST['showhide'] === 'hide' ) ? 'hide' : ''; @@ -491,41 +737,79 @@ class MainWP_Child_Wordfence { public function get_log() { $information = array(); $wfLog = wordfence::getLog(); - if ( $wfLog ) { + if ( $wfLog ) { $information['events'] = $wfLog->getStatusEvents( 0 ); - $information['summary'] = $wfLog->getSummaryEvents(); + + if (method_exists($wfLog, 'getSummaryEvents')) { + $information['summary'] = $wfLog->getSummaryEvents(); + } else { + $information['summary'] = ''; + } } $information['debugOn'] = wfConfig::get( 'debugOn', false ); $information['timeOffset'] = 3600 * get_option( 'gmt_offset' ); return $information; } - + public function update_log() { return wordfence::ajax_activityLogUpdate_callback(); } public function load_issues() { - $i = new wfIssues(); - $iss = $i->getIssues(); - + $offset = isset($_POST['offset']) ? intval($_POST['offset']) : 0; + $limit = isset($_POST['limit']) ? intval($_POST['limit']) : WORDFENCE_SCAN_ISSUES_PER_PAGE; + + $i = new wfIssues(); + $iss = $i->getIssues($offset, $limit); + $counts = $i->getIssueCounts(); + return array( 'issuesLists' => $iss, - 'summary' => $i->getSummaryItems(), + 'issueCounts' => $counts, 'lastScanCompleted' => wfConfig::get( 'lastScanCompleted' ), 'apiKey' => wfConfig::get( 'apiKey' ), 'isPaid' => wfConfig::get('isPaid'), 'lastscan_timestamp' => $this->get_lastscan(), - 'isNginx' => wfUtils::isNginx() ? 1 : 0, - 'todayAttBlocked' => $this->count_attacks_blocked(1), - 'weekAttBlocked' => $this->count_attacks_blocked(7), - 'monthAttBlocked' => $this->count_attacks_blocked(30), - 'wafData' => $this->_getWAFData() + 'isNginx' => wfUtils::isNginx() ? 1 : 0, + 'todayAttBlocked' => $this->count_attacks_blocked(1), + 'weekAttBlocked' => $this->count_attacks_blocked(7), + 'monthAttBlocked' => $this->count_attacks_blocked(30), + 'wafData' => $this->_getWAFData() ); } + + public static function ajax_loadIssues_callback(){ + $offset = isset($_POST['offset']) ? intval($_POST['offset']) : 0; + $limit = isset($_POST['limit']) ? intval($_POST['limit']) : WORDFENCE_SCAN_ISSUES_PER_PAGE; + + $i = new wfIssues(); + $iss = $i->getIssues($offset, $limit); + $counts = $i->getIssueCounts(); + return array( + 'issuesLists' => $iss, + 'issueCounts' => $counts, + 'lastScanCompleted' => wfConfig::get('lastScanCompleted') + ); + } + + public function load_wafData() { + + $return = array( + 'wafData' => $this->_getWAFData(), + 'ip' => wfUtils::getIP(), + 'ajaxWatcherDisabled_front' => (bool)wfConfig::get('ajaxWatcherDisabled_front'), + 'ajaxWatcherDisabled_admin' => (bool)wfConfig::get('ajaxWatcherDisabled_admin') + ); + + if (class_exists('wfFirewall')) { + $firewall = new wfFirewall(); + $return['isSubDirectoryInstallation'] = $firewall->isSubDirectoryInstallation(); + } + return $return; + } - - public function count_attacks_blocked($maxAgeDays) { + public function count_attacks_blocked($maxAgeDays) { global $wpdb; $interval = 'FLOOR(UNIX_TIMESTAMP(DATE_SUB(NOW(), interval ' . $maxAgeDays . ' day)) / 86400)'; return $wpdb->get_var(<< 1 ); } - function update_issues_status() { + function updateIssueStatus() { + $wfIssues = new wfIssues(); + $status = $_POST['status']; + $issueID = $_POST['id']; + if(! preg_match('/^(?:new|delete|ignoreP|ignoreC)$/', $status)){ + return array('errorMsg' => "An invalid status was specified when trying to update that issue."); + } + $wfIssues->updateIssue($issueID, $status); + wfScanEngine::refreshScanNotification($wfIssues); + + $counts = $wfIssues->getIssueCounts(); + return array( + 'ok' => 1, + 'issueCounts' => $counts, + ); + } + + function update_issues_status() { $wfIssues = new wfIssues(); $status = $_POST['status']; $issueID = $_POST['id']; @@ -671,6 +972,10 @@ SQL } } + function bulkOperation() { + return wordfence::ajax_bulkOperation_callback(); + } + function delete_file() { $issueID = $_POST['issueID']; $wfIssues = new wfIssues(); @@ -771,8 +1076,218 @@ SQL } return $res; } + + function save_settings_new() + { + if (isset($_POST['encrypted'])) + $settings = $this->simple_crypt( 'thisisakey', $_POST['settings'], 'decrypt' ); // to fix pass through sec rules of Dreamhost + else { + $settings = maybe_unserialize( base64_decode( $_POST['settings'] ) ); + } + + $section = isset($_POST['savingSection']) ? $_POST['savingSection'] : ''; + $saving_opts = self::getSectionSettings($section); + + $result = array(); + + if ( is_array( $settings ) && count( $settings ) > 0 && count($saving_opts) > 0 ) { + + $reload = ''; + $opts = $settings; + + // if saving then validate data + if (isset($saving_opts['liveTraf_ignoreUsers'])) { + $validUsers = array(); + $invalidUsers = array(); + foreach ( explode( ',', $opts['liveTraf_ignoreUsers'] ) as $val ) { + $val = trim( $val ); + if ( strlen( $val ) > 0 ) { + if ( get_user_by( 'login', $val ) ) { + $validUsers[] = $val; + } else { + $invalidUsers[] = $val; + } + } + } + if ( count( $invalidUsers ) > 0 ) { + // return array('errorMsg' => "The following users you selected to ignore in live traffic reports are not valid on this system: " . htmlentities(implode(', ', $invalidUsers)) ); + $result['invalid_users'] = htmlentities( implode( ', ', $invalidUsers ) ); + } + if ( count( $validUsers ) > 0 ) { + $opts['liveTraf_ignoreUsers'] = implode( ',', $validUsers ); + } else { + $opts['liveTraf_ignoreUsers'] = ''; + } + } + + // if saving then validate data + if (isset($saving_opts['other_WFNet'])) { + if ( ! $opts['other_WFNet'] ) { + $wfdb = new wfDB(); + global $wpdb; + $p = $wpdb->base_prefix; + $wfdb->queryWrite( "delete from $p" . 'wfBlocks where wfsn=1 and permanent=0' ); + } + } + + $regenerateHtaccess = false; + // if saving then validate data + if (isset($saving_opts['bannedURLs'])) { + if ( wfConfig::get( 'bannedURLs', false ) !== $opts['bannedURLs'] ) { + $regenerateHtaccess = true; + } + } + + // save the settings + foreach ( $opts as $key => $val ) { + // check saving section fields + if ( in_array( $key, $saving_opts ) ) { + if ( 'apiKey' == $key ) { //Don't save API key yet + continue; + } + + if (in_array( $key, self::$firewall_options_filter ) ) { + wfWAF::getInstance()->getStorageEngine()->setConfig($key, $val); + } else { + wfConfig::set( $key, $val ); // save it + } + } + } + + if ( $regenerateHtaccess && ( wfConfig::get('cacheType') == 'falcon' ) ) { + wfCache::addHtaccessCode('add'); + } + + // if saving then validate data + if (isset($saving_opts['autoUpdate'])) { + if ( '1' === $opts['autoUpdate'] ) { + wfConfig::enableAutoUpdate(); + } else if ( '0' === $opts['autoUpdate'] ) { + wfConfig::disableAutoUpdate(); + } + } + + // if saving then validate data + if (isset($saving_opts['disableCodeExecutionUploads'])) { + if (isset($opts['disableCodeExecutionUploads'])) { + try { + if ( $opts['disableCodeExecutionUploads'] ) { + wfConfig::disableCodeExecutionForUploads(); + } else { + wfConfig::removeCodeExecutionProtectionForUploads(); + } + } catch ( wfConfigException $e ) { + return array( 'error' => $e->getMessage() ); + } + } + } + + // if saving then validate data + if (isset($saving_opts['email_summary_enabled'])) { + if (isset($opts['email_summary_enabled'])) { + if ( ! empty( $opts['email_summary_enabled'] ) ) { + wfConfig::set( 'email_summary_enabled', 1 ); + wfConfig::set( 'email_summary_interval', $opts['email_summary_interval'] ); + wfConfig::set( 'email_summary_excluded_directories', $opts['email_summary_excluded_directories'] ); + wfActivityReport::scheduleCronJob(); + } else { + wfConfig::set( 'email_summary_enabled', 0 ); + wfActivityReport::disableCronJob(); + } + } + } + + // if saving then validate data + if (isset($saving_opts['scheduleScan'])) { + $sch = isset( $opts['scheduleScan'] ) ? $opts['scheduleScan'] : ''; + if ( get_option( 'mainwp_child_wordfence_cron_time' ) !== $sch ) { + update_option( 'mainwp_child_wordfence_cron_time', $sch ); + $sched = wp_next_scheduled( 'mainwp_child_wordfence_cron_scan' ); + if ( false !== $sched ) { + wp_unschedule_event( $sched, 'mainwp_child_wordfence_cron_scan' ); + } + } + } + + // Finished saving settings + ///////////////////// + + + $result['cacheType'] = wfConfig::get( 'cacheType' ); + $result['paidKeyMsg'] = false; + + // if saving then validate data + if (isset($saving_opts['apiKey'])) { + $apiKey = trim( $_POST['apiKey'] ); + if ( ! $apiKey ) { //Empty API key (after trim above), then try to get one. + $api = new wfAPI( '', wfUtils::getWPVersion() ); + try { + $keyData = $api->call( 'get_anon_api_key' ); + if ( $keyData['ok'] && $keyData['apiKey'] ) { + wfConfig::set( 'apiKey', $keyData['apiKey'] ); + wfConfig::set( 'isPaid', 0 ); + $result['apiKey'] = $keyData['apiKey']; + $result['isPaid'] = 0; + $reload = 'reload'; + } else { + throw new Exception( "We could not understand the Wordfence server's response because it did not contain an 'ok' and 'apiKey' element." ); + } + } catch ( Exception $e ) { + $result['error'] = 'Your options have been saved, but we encountered a problem. You left your API key blank, so we tried to get you a free API key from the Wordfence servers. However we encountered a problem fetching the free key: ' . htmlentities( $e->getMessage() ); + + return $result; + } + } else if ( wfConfig::get( 'apiKey' ) !== $apiKey ) { + $api = new wfAPI( $apiKey, wfUtils::getWPVersion() ); + try { + $res = $api->call( 'check_api_key', array(), array() ); + if ( $res['ok'] && isset( $res['isPaid'] ) ) { + wfConfig::set( 'apiKey', $apiKey ); + wfConfig::set( 'isPaid', $res['isPaid'] ); //res['isPaid'] is boolean coming back as JSON and turned back into PHP struct. Assuming JSON to PHP handles bools. + $result['apiKey'] = $apiKey; + $result['isPaid'] = $res['isPaid']; + if ( $res['isPaid'] ) { + $result['paidKeyMsg'] = true; + } + $reload = 'reload'; + } else { + throw new Exception( 'We could not understand the Wordfence API server reply when updating your API key.' ); + } + } catch ( Exception $e ) { + $result['error'] = 'Your options have been saved. However we noticed you changed your API key and we tried to verify it with the Wordfence servers and received an error: ' . htmlentities( $e->getMessage() ); + + return $result; + } + } else { + try { + $api = new wfAPI( $apiKey, wfUtils::getWPVersion() ); + $res = $api->call( 'ping_api_key', array(), array() ); + } catch ( Exception $e ) { + $result['error'] = 'Your options have been saved. However we noticed you do not change your API key and we tried to verify it with the Wordfence servers and received an error: ' . htmlentities( $e->getMessage() ); + + return $result; + } + } + } + + $result['ok'] = 1; + $result['reload'] = $reload; + + return $result; + } else { + $result['error'] = 'Empty settings'; + } + + return $result; + } + + + public static function recentTraffic(){ + return wordfence::ajax_recentTraffic_callback(); + } + function save_setting() { if (isset($_POST['encrypted'])) $settings = $this->simple_crypt( 'thisisakey', $_POST['settings'], 'decrypt' ); // to fix pass through sec rules of Dreamhost @@ -863,18 +1378,14 @@ SQL } $sch = isset( $opts['scheduleScan'] ) ? $opts['scheduleScan'] : ''; - $sync_sch = ( isset( $opts['notsync_scheduleScan'] ) && $opts['notsync_scheduleScan'] ) ? false : true; - - if ($sync_sch) { - if ( get_option( 'mainwp_child_wordfence_cron_time' ) !== $sch ) { - update_option( 'mainwp_child_wordfence_cron_time', $sch ); - $sched = wp_next_scheduled( 'mainwp_child_wordfence_cron_scan' ); - if ( false !== $sched ) { - wp_unschedule_event( $sched, 'mainwp_child_wordfence_cron_scan' ); - } + if ( get_option( 'mainwp_child_wordfence_cron_time' ) !== $sch ) { + update_option( 'mainwp_child_wordfence_cron_time', $sch ); + $sched = wp_next_scheduled( 'mainwp_child_wordfence_cron_scan' ); + if ( false !== $sched ) { + wp_unschedule_event( $sched, 'mainwp_child_wordfence_cron_scan' ); } } - + $result['cacheType'] = wfConfig::get( 'cacheType' ); $result['paidKeyMsg'] = false; $apiKey = trim( $_POST['apiKey'] ); @@ -1032,35 +1543,34 @@ SQL $jsonData['events'] = $events; $jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed $jsonData['cacheType'] = wfConfig::get( 'cacheType' ); - - return $jsonData; + return $jsonData; } - public static function loadLiveTraffic() { - $wfdb = new wfDB(); - $serverTime = $wfdb->querySingle( 'select unix_timestamp()' ); - $return = wordfence::ajax_loadLiveTraffic_callback(); - $return['serverTime'] = $serverTime; - $return['serverMicrotime'] = microtime(true); - return $return; - } - - function whitelistWAFParamKey() { - $return = wordfence::ajax_whitelistWAFParamKey_callback(); - return $return; - } + public static function loadLiveTraffic() { + $wfdb = new wfDB(); + $serverTime = $wfdb->querySingle( 'select unix_timestamp()' ); + $return = wordfence::ajax_loadLiveTraffic_callback(); + $return['serverTime'] = $serverTime; + $return['serverMicrotime'] = microtime(true); + return $return; + } + + function whitelistWAFParamKey() { + $return = wordfence::ajax_whitelistWAFParamKey_callback(); + return $return; + } + + function hideFileHtaccess() { + $return = wordfence::ajax_hideFileHtaccess_callback(); + return $return; + } - function hideFileHtaccess() { - $return = wordfence::ajax_hideFileHtaccess_callback(); - return $return; - } - - public static function fixFPD(){ + public static function fixFPD(){ $return = wordfence::ajax_fixFPD_callback(); return $return; } - public static function disableDirectoryListing() { + public static function disableDirectoryListing() { $return = wordfence::ajax_disableDirectoryListing_callback(); return $return; } @@ -1080,15 +1590,15 @@ SQL return $return; } - public static function revokeAdminUser() { - $return = wordfence::ajax_revokeAdminUser_callback(); - return $return; - } - - public static function clearAllBlocked() { - $return = wordfence::ajax_clearAllBlocked_callback(); - return $return; - } + public static function revokeAdminUser() { + $return = wordfence::ajax_revokeAdminUser_callback(); + return $return; + } + + public static function clearAllBlocked() { + $return = wordfence::ajax_clearAllBlocked_callback(); + return $return; + } public static function permanentlyBlockAllIPs() { $return = wordfence::ajax_permanentlyBlockAllIPs_callback(); @@ -1115,7 +1625,7 @@ SQL return $return; } - public static function saveWAFConfig() { + public static function saveWAFConfig() { $return = wordfence::ajax_saveWAFConfig_callback(); if (is_array($return) && isset($return['data'])) { $return['learningModeGracePeriod'] = wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriod'); @@ -1141,11 +1651,14 @@ SQL $return = wordfence::ajax_updateConfig_callback(); return $return; } + + // credit of Wordfence + private static function _getWAFData($updated = null) { + // custom + if(!class_exists('wfWAF')) + return false; + // end if custom - private static function _getWAFData() { - if(!class_exists('wfWAF')) - return false; - $data['learningMode'] = wfWAF::getInstance()->isInLearningMode(); $data['rules'] = wfWAF::getInstance()->getRules(); /** @var wfWAFRule $rule */ @@ -1189,8 +1702,13 @@ SQL $data['rulesLastUpdated'] = $lastUpdated; } $data['isPaid'] = (bool) wfConfig::get('isPaid', 0); + + if ($updated !== null) { + $data['updated'] = (bool) $updated; + } return $data; } + function reverse_lookup() { $ips = explode( ',', $_POST['ips'] ); @@ -1202,43 +1720,105 @@ SQL return array( 'ok' => 1, 'ips' => $res ); } - function block_ip() { - $IP = trim( $_POST['IP'] ); - $perm = $_POST['perm'] == '1' ? true : false; - if ( ! preg_match( '/^\d+\.\d+\.\d+\.\d+$/', $IP ) ) { - return array( 'err' => 1, 'errorMsg' => 'Please enter a valid IP address to block.' ); - } - if ( wfUtils::getIP() === $IP ) { - return array( 'err' => 1, 'errorMsg' => "You can't block your own IP address." ); - } - if ( wordfence::getLog()->isWhitelisted( $IP ) ) { - return array( - 'err' => 1, - 'errorMsg' => 'The IP address ' . htmlentities( $IP ) . " is whitelisted and can't be blocked or it is in a range of internal IP addresses that Wordfence does not block. You can remove this IP from the whitelist on the Wordfence options page.", - ); - } - if ( wfConfig::get( 'neverBlockBG' ) !== 'treatAsOtherCrawlers' ) { //Either neverBlockVerified or neverBlockUA is selected which means the user doesn't want to block google - if ( wfCrawl::verifyCrawlerPTR( '/googlebot\.com$/i', $IP ) ) { + + public function saveOptions(){ + if (!empty($_POST['changes']) && ($changes = json_decode(stripslashes($_POST['changes']), true)) !== false) { + try { + if (is_array($changes) && isset($changes['whitelistedURLParams']) && isset($changes['whitelistedURLParams']['add'])) { + $user = wp_get_current_user(); + foreach($changes['whitelistedURLParams']['add'] as $key => &$value) : + if (isset($value['data'])) { + + if(isset($value['data']['userID'])) { + $value['data']['userID'] = $user->ID; + } + if(isset($value['data']['username'])) { + $value['data']['username'] = $user->user_login; + } + } + endforeach; + } + + $errors = wfConfig::validate($changes); + + if ($errors !== true) { + if (count($errors) == 1) { + return array( + 'error' => sprintf(__('An error occurred while saving the configuration: %s', 'wordfence'), $errors[0]['error']), + ); + } + else if (count($errors) > 1) { + $compoundMessage = array(); + foreach ($errors as $e) { + $compoundMessage[] = $e['error']; + } + return array( + 'error' => sprintf(__('Errors occurred while saving the configuration: %s', 'wordfence'), implode(', ', $compoundMessage)), + ); + } + + return array( + 'error' => __('Errors occurred while saving the configuration.', 'wordfence'), + ); + } + + wfConfig::save($changes); + return array('success' => true); + } + catch (wfWAFStorageFileException $e) { return array( - 'err' => 1, - 'errorMsg' => "The IP address you're trying to block belongs to Google. Your options are currently set to not block these crawlers. Change this in Wordfence options if you want to manually block Google.", + 'error' => __('An error occurred while saving the configuration.', 'wordfence'), + ); + } + catch (Exception $e) { + return array( + 'error' => $e->getMessage(), ); } } - wordfence::getLog()->blockIP( $IP, $_POST['reason'], false, $perm ); - - return array( 'ok' => 1 ); + + return array( + 'error' => __('No configuration changes were provided to save.', 'wordfence'), + ); + } + + public function ajax_getBlocks_callback(){ + $information = wordfence::ajax_getBlocks_callback(); + return $information; + } + // credit of Wordfence + public function ajax_createBlock_callback() + { + return wordfence::ajax_createBlock_callback(); + } + + public static function ajax_deleteBlocks_callback() { + $information = wordfence::ajax_deleteBlocks_callback(); + return $information; } - + + public static function ajax_makePermanentBlocks_callback() { + $information = wordfence::ajax_makePermanentBlocks_callback(); + return $information; + } + + public function ajax_blockIP_callback(){ + return wordfence::ajax_blockIP_callback(); + } + + // credit of Wordfence + public function whois(){ + return wordfence::ajax_whois_callback(); + } + function unblock_ip() { if ( isset( $_POST['IP'] ) ) { $IP = $_POST['IP']; - wordfence::getLog()->unblockIP( $IP ); - + wfBlock::unblockIP( $IP ); return array( 'ok' => 1 ); } } - + public static function saveCountryBlocking(){ if(! wfConfig::get('isPaid')){ return array('error' => "Sorry but this feature is only available for paid customers."); @@ -1399,6 +1979,22 @@ SQL return array( 'ok' => 1 , 'download_url' => $download_url ); } + public static function checkHtaccess(){ + if(wfUtils::isNginx()){ + return array('nginx' => 1); + } + $file = wfCache::getHtaccessPath(); + if(! $file){ + return array('err' => "We could not find your .htaccess file to modify it."); + } + $fh = @fopen($file, 'r+'); + if(! $fh){ + $err = error_get_last(); + return array('err' => "We found your .htaccess file but could not open it for writing: " . $err['message']); + } + return array('ok' => 1); + } + public static function downloadHtaccess() { if ( ! isset( $_GET['_wpnonce'] ) || empty( $_GET['_wpnonce'] ) ) { die( '-1' ); @@ -1568,209 +2164,305 @@ SQL $themes = wp_get_themes(); $currentTheme = wp_get_theme(); $cols = 3; - + $w = new wfConfig(); - $inEmail = false; - ob_start(); - ?> + $inEmail = false; + ob_start(); -
- > - getResults() as $title => $tests): ?> - +?> +
+ + + getResults() as $title => $tests): + $key = sanitize_key('wf-diagnostics-' . $title); + $hasFailingTest = false; + foreach ($tests['results'] as $result) { + if (!$result['test']) { + $hasFailingTest = true; + break; + } + } + + if ($inEmail): ?> +
+ - + - + - + - - + + + + +
"> array(), 'strong' => array(), 'em' => array(), 'a' => array('href' => true), )) ?> + +
+ +
+ +
+ +
+
+
+
+ + +
+
+
+
+
+
+
+
    + +
  • +
    array(), + 'strong' => array(), + 'em' => array(), + 'a' => array('href' => true), + )) ?>
    + +
    + +
    + +
    • + +
+
+
+ + + + 'REMOTE_ADDR', + 'HTTP_CF_CONNECTING_IP' => 'CF-Connecting-IP', + 'HTTP_X_REAL_IP' => 'X-Real-IP', + 'HTTP_X_FORWARDED_FOR' => 'X-Forwarded-For', + ) as $variable => $label) { + if (!($currentServerVarForIP && $currentServerVarForIP === $variable) && $howGet === $variable) { + $howGetHasErrors = true; + break; + } + } + ?> +
+
+
+
+ + +
+
+
+
+
+
+
+ + > + + + + + + + + + 'REMOTE_ADDR', + 'HTTP_CF_CONNECTING_IP' => 'CF-Connecting-IP', + 'HTTP_X_REAL_IP' => 'X-Real-IP', + 'HTTP_X_FORWARDED_FOR' => 'X-Forwarded-For', + ) as $variable => $label): ?> + + + + + + + - + - - - - - - +
IPsValueUsed
$i) { + foreach ($trustedProxies as $proxy) { + if (!empty($proxy)) { + if (wfUtils::subnetContainsIP($proxy, $i) && $index < count($items) - 1) { + $output = esc_html($i) . ', ' . $output; + continue 2; + } + } + } + + if (!$markedSelectedAddress) { + $output = '' . esc_html($i) . ', ' . $output; + $markedSelectedAddress = true; + } else { + $output = esc_html($i) . ', ' . $output; + } + } + + echo substr($output, 0, -2); + } else { + echo esc_html($_SERVER[$variable]); + } + } + ?>In useConfigured, but not valid
- - - IPs - Value - Used - - - - 'REMOTE_ADDR', - 'HTTP_CF_CONNECTING_IP' => 'CF-Connecting-IP', - 'HTTP_X_REAL_IP' => 'X-Real-IP', - 'HTTP_X_FORWARDED_FOR' => 'X-Forwarded-For', - ) as $variable => $label): ?> - - - - - In use - - Configured, but not valid - - - - - - - - - - - +
+
- - - WordPress - - - - array('description' => '', 'value' => $wp_version), - 'WP_DEBUG' => array('description' => 'WordPress debug mode', 'value' => (defined('WP_DEBUG') && WP_DEBUG ? 'On' : 'Off')), - 'WP_DEBUG_LOG' => array('description' => 'WordPress error logging override', 'value' => defined('WP_DEBUG_LOG') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'), - 'WP_DEBUG_DISPLAY' => array('description' => 'WordPress error display override', 'value' => defined('WP_DEBUG_DISPLAY') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'), - 'SCRIPT_DEBUG' => array('description' => 'WordPress script debug mode', 'value' => (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? 'On' : 'Off')), - 'SAVEQUERIES' => array('description' => 'WordPress query debug mode', 'value' => (defined('SAVEQUERIES') && SAVEQUERIES ? 'On' : 'Off')), - 'DB_CHARSET' => 'Database character set', - 'DB_COLLATE' => 'Database collation', - 'WP_SITEURL' => 'Explicitly set site URL', - 'WP_HOME' => 'Explicitly set blog URL', - 'WP_CONTENT_DIR' => array('description' => '"wp-content" folder is in default location', 'value' => (realpath(WP_CONTENT_DIR) === realpath(ABSPATH . 'wp-content') ? 'Yes' : 'No')), - 'WP_CONTENT_URL' => 'URL to the "wp-content" folder', - 'WP_PLUGIN_DIR' => array('description' => '"plugins" folder is in default location', 'value' => (realpath(WP_PLUGIN_DIR) === realpath(ABSPATH . 'wp-content/plugins') ? 'Yes' : 'No')), - 'WP_LANG_DIR' => array('description' => '"languages" folder is in default location', 'value' => (realpath(WP_LANG_DIR) === realpath(ABSPATH . 'wp-content/languages') ? 'Yes' : 'No')), - 'WPLANG' => 'Language choice', - 'UPLOADS' => 'Custom upload folder location', - 'TEMPLATEPATH' => array('description' => 'Theme template folder override', 'value' => (defined('TEMPLATEPATH') && realpath(get_template_directory()) !== realpath(TEMPLATEPATH) ? 'Overridden' : '(not set)')), - 'STYLESHEETPATH' => array('description' => 'Theme stylesheet folder override', 'value' => (defined('STYLESHEETPATH') && realpath(get_stylesheet_directory()) !== realpath(STYLESHEETPATH) ? 'Overridden' : '(not set)')), - 'AUTOSAVE_INTERVAL' => 'Post editing automatic saving interval', - 'WP_POST_REVISIONS' => array('description' => 'Post revisions saved by WordPress', 'value' => is_numeric($postRevisions) ? $postRevisions : ($postRevisions ? 'Unlimited' : 'None')), - 'COOKIE_DOMAIN' => 'WordPress cookie domain', - 'COOKIEPATH' => 'WordPress cookie path', - 'SITECOOKIEPATH' => 'WordPress site cookie path', - 'ADMIN_COOKIE_PATH' => 'WordPress admin cookie path', - 'PLUGINS_COOKIE_PATH' => 'WordPress plugins cookie path', - 'WP_ALLOW_MULTISITE' => array('description' => 'Multisite/network ability enabled', 'value' => (defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE ? 'Yes' : 'No')), - 'NOBLOGREDIRECT' => 'URL redirected to if the visitor tries to access a nonexistent blog', - 'CONCATENATE_SCRIPTS' => array('description' => 'Concatenate JavaScript files', 'value' => (defined('CONCATENATE_SCRIPTS') && CONCATENATE_SCRIPTS ? 'Yes' : 'No')), - 'WP_MEMORY_LIMIT' => 'WordPress memory limit', - 'WP_MAX_MEMORY_LIMIT' => 'Administrative memory limit', - 'WP_CACHE' => array('description' => 'Built-in caching', 'value' => (defined('WP_CACHE') && WP_CACHE ? 'Enabled' : 'Disabled')), - 'CUSTOM_USER_TABLE' => array('description' => 'Custom "users" table', 'value' => (defined('CUSTOM_USER_TABLE') ? 'Set' : '(not set)')), - 'CUSTOM_USER_META_TABLE' => array('description' => 'Custom "usermeta" table', 'value' => (defined('CUSTOM_USER_META_TABLE') ? 'Set' : '(not set)')), - 'FS_CHMOD_DIR' => array('description' => 'Overridden permissions for a new folder', 'value' => defined('FS_CHMOD_DIR') ? decoct(FS_CHMOD_DIR) : '(not set)'), - 'FS_CHMOD_FILE' => array('description' => 'Overridden permissions for a new file', 'value' => defined('FS_CHMOD_FILE') ? decoct(FS_CHMOD_FILE) : '(not set)'), - 'ALTERNATE_WP_CRON' => array('description' => 'Alternate WP cron', 'value' => (defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON ? 'Enabled' : 'Disabled')), - 'DISABLE_WP_CRON' => array('description' => 'WP cron status', 'value' => (defined('DISABLE_WP_CRON') && DISABLE_WP_CRON ? 'Disabled' : 'Enabled')), - 'WP_CRON_LOCK_TIMEOUT' => 'Cron running frequency lock', - 'EMPTY_TRASH_DAYS' => array('description' => 'Interval the trash is automatically emptied at in days', 'value' => (EMPTY_TRASH_DAYS > 0 ? EMPTY_TRASH_DAYS : 'Never')), - 'WP_ALLOW_REPAIR' => array('description' => 'Automatic database repair', 'value' => (defined('WP_ALLOW_REPAIR') && WP_ALLOW_REPAIR ? 'Enabled' : 'Disabled')), - 'DO_NOT_UPGRADE_GLOBAL_TABLES' => array('description' => 'Do not upgrade global tables', 'value' => (defined('DO_NOT_UPGRADE_GLOBAL_TABLES') && DO_NOT_UPGRADE_GLOBAL_TABLES ? 'Yes' : 'No')), - 'DISALLOW_FILE_EDIT' => array('description' => 'Disallow plugin/theme editing', 'value' => (defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? 'Yes' : 'No')), - 'DISALLOW_FILE_MOD' => array('description' => 'Disallow plugin/theme update and installation', 'value' => (defined('DISALLOW_FILE_MOD') && DISALLOW_FILE_MOD ? 'Yes' : 'No')), - 'IMAGE_EDIT_OVERWRITE' => array('description' => 'Overwrite image edits when restoring the original', 'value' => (defined('IMAGE_EDIT_OVERWRITE') && IMAGE_EDIT_OVERWRITE ? 'Yes' : 'No')), - 'FORCE_SSL_ADMIN' => array('description' => 'Force SSL for administrative logins', 'value' => (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN ? 'Yes' : 'No')), - 'WP_HTTP_BLOCK_EXTERNAL' => array('description' => 'Block external URL requests', 'value' => (defined('WP_HTTP_BLOCK_EXTERNAL') && WP_HTTP_BLOCK_EXTERNAL ? 'Yes' : 'No')), - 'WP_ACCESSIBLE_HOSTS' => 'Whitelisted hosts', - 'WP_AUTO_UPDATE_CORE' => array('description' => 'Automatic WP Core updates', 'value' => defined('WP_AUTO_UPDATE_CORE') ? (is_bool(WP_AUTO_UPDATE_CORE) ? (WP_AUTO_UPDATE_CORE ? 'Everything' : 'None') : WP_AUTO_UPDATE_CORE) : 'Default'), - ); - - foreach ($wordPressValues as $settingName => $settingData): - $escapedName = esc_html($settingName); - $escapedDescription = ''; - $escapedValue = '(not set)'; - if (is_array($settingData)) { - $escapedDescription = esc_html($settingData['description']); - if (isset($settingData['value'])) { - $escapedValue = esc_html($settingData['value']); - } - } - else { - $escapedDescription = esc_html($settingData); - if (defined($settingName)) { - $escapedValue = esc_html(constant($settingName)); - } - } - ?> - - - - - - - - - - - - - - - - WordPress Plugins - - - - $pluginData): ?> - - - - - Version - - - - Network Activated - - Active - - Inactive - - - - - - - - - - - - - Must-Use WordPress Plugins - - - +
+
+
+
+ + +
+
+
+
+
+
+
+ > - $pluginData): ?> + array('description' => '', 'value' => $wp_version), + 'WP_DEBUG' => array('description' => 'WordPress debug mode', 'value' => (defined('WP_DEBUG') && WP_DEBUG ? 'On' : 'Off')), + 'WP_DEBUG_LOG' => array('description' => 'WordPress error logging override', 'value' => defined('WP_DEBUG_LOG') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'), + 'WP_DEBUG_DISPLAY' => array('description' => 'WordPress error display override', 'value' => defined('WP_DEBUG_DISPLAY') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'), + 'SCRIPT_DEBUG' => array('description' => 'WordPress script debug mode', 'value' => (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? 'On' : 'Off')), + 'SAVEQUERIES' => array('description' => 'WordPress query debug mode', 'value' => (defined('SAVEQUERIES') && SAVEQUERIES ? 'On' : 'Off')), + 'DB_CHARSET' => 'Database character set', + 'DB_COLLATE' => 'Database collation', + 'WP_SITEURL' => 'Explicitly set site URL', + 'WP_HOME' => 'Explicitly set blog URL', + 'WP_CONTENT_DIR' => array('description' => '"wp-content" folder is in default location', 'value' => (realpath(WP_CONTENT_DIR) === realpath(ABSPATH . 'wp-content') ? 'Yes' : 'No')), + 'WP_CONTENT_URL' => 'URL to the "wp-content" folder', + 'WP_PLUGIN_DIR' => array('description' => '"plugins" folder is in default location', 'value' => (realpath(WP_PLUGIN_DIR) === realpath(ABSPATH . 'wp-content/plugins') ? 'Yes' : 'No')), + 'WP_LANG_DIR' => array('description' => '"languages" folder is in default location', 'value' => (realpath(WP_LANG_DIR) === realpath(ABSPATH . 'wp-content/languages') ? 'Yes' : 'No')), + 'WPLANG' => 'Language choice', + 'UPLOADS' => 'Custom upload folder location', + 'TEMPLATEPATH' => array('description' => 'Theme template folder override', 'value' => (defined('TEMPLATEPATH') && realpath(get_template_directory()) !== realpath(TEMPLATEPATH) ? 'Overridden' : '(not set)')), + 'STYLESHEETPATH' => array('description' => 'Theme stylesheet folder override', 'value' => (defined('STYLESHEETPATH') && realpath(get_stylesheet_directory()) !== realpath(STYLESHEETPATH) ? 'Overridden' : '(not set)')), + 'AUTOSAVE_INTERVAL' => 'Post editing automatic saving interval', + 'WP_POST_REVISIONS' => array('description' => 'Post revisions saved by WordPress', 'value' => is_numeric($postRevisions) ? $postRevisions : ($postRevisions ? 'Unlimited' : 'None')), + 'COOKIE_DOMAIN' => 'WordPress cookie domain', + 'COOKIEPATH' => 'WordPress cookie path', + 'SITECOOKIEPATH' => 'WordPress site cookie path', + 'ADMIN_COOKIE_PATH' => 'WordPress admin cookie path', + 'PLUGINS_COOKIE_PATH' => 'WordPress plugins cookie path', + 'WP_ALLOW_MULTISITE' => array('description' => 'Multisite/network ability enabled', 'value' => (defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE ? 'Yes' : 'No')), + 'NOBLOGREDIRECT' => 'URL redirected to if the visitor tries to access a nonexistent blog', + 'CONCATENATE_SCRIPTS' => array('description' => 'Concatenate JavaScript files', 'value' => (defined('CONCATENATE_SCRIPTS') && CONCATENATE_SCRIPTS ? 'Yes' : 'No')), + 'WP_MEMORY_LIMIT' => 'WordPress memory limit', + 'WP_MAX_MEMORY_LIMIT' => 'Administrative memory limit', + 'WP_CACHE' => array('description' => 'Built-in caching', 'value' => (defined('WP_CACHE') && WP_CACHE ? 'Enabled' : 'Disabled')), + 'CUSTOM_USER_TABLE' => array('description' => 'Custom "users" table', 'value' => (defined('CUSTOM_USER_TABLE') ? 'Set' : '(not set)')), + 'CUSTOM_USER_META_TABLE' => array('description' => 'Custom "usermeta" table', 'value' => (defined('CUSTOM_USER_META_TABLE') ? 'Set' : '(not set)')), + 'FS_CHMOD_DIR' => array('description' => 'Overridden permissions for a new folder', 'value' => defined('FS_CHMOD_DIR') ? decoct(FS_CHMOD_DIR) : '(not set)'), + 'FS_CHMOD_FILE' => array('description' => 'Overridden permissions for a new file', 'value' => defined('FS_CHMOD_FILE') ? decoct(FS_CHMOD_FILE) : '(not set)'), + 'ALTERNATE_WP_CRON' => array('description' => 'Alternate WP cron', 'value' => (defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON ? 'Enabled' : 'Disabled')), + 'DISABLE_WP_CRON' => array('description' => 'WP cron status', 'value' => (defined('DISABLE_WP_CRON') && DISABLE_WP_CRON ? 'Disabled' : 'Enabled')), + 'WP_CRON_LOCK_TIMEOUT' => 'Cron running frequency lock', + 'EMPTY_TRASH_DAYS' => array('description' => 'Interval the trash is automatically emptied at in days', 'value' => (EMPTY_TRASH_DAYS > 0 ? EMPTY_TRASH_DAYS : 'Never')), + 'WP_ALLOW_REPAIR' => array('description' => 'Automatic database repair', 'value' => (defined('WP_ALLOW_REPAIR') && WP_ALLOW_REPAIR ? 'Enabled' : 'Disabled')), + 'DO_NOT_UPGRADE_GLOBAL_TABLES' => array('description' => 'Do not upgrade global tables', 'value' => (defined('DO_NOT_UPGRADE_GLOBAL_TABLES') && DO_NOT_UPGRADE_GLOBAL_TABLES ? 'Yes' : 'No')), + 'DISALLOW_FILE_EDIT' => array('description' => 'Disallow plugin/theme editing', 'value' => (defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? 'Yes' : 'No')), + 'DISALLOW_FILE_MODS' => array('description' => 'Disallow plugin/theme update and installation', 'value' => (defined('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ? 'Yes' : 'No')), + 'IMAGE_EDIT_OVERWRITE' => array('description' => 'Overwrite image edits when restoring the original', 'value' => (defined('IMAGE_EDIT_OVERWRITE') && IMAGE_EDIT_OVERWRITE ? 'Yes' : 'No')), + 'FORCE_SSL_ADMIN' => array('description' => 'Force SSL for administrative logins', 'value' => (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN ? 'Yes' : 'No')), + 'WP_HTTP_BLOCK_EXTERNAL' => array('description' => 'Block external URL requests', 'value' => (defined('WP_HTTP_BLOCK_EXTERNAL') && WP_HTTP_BLOCK_EXTERNAL ? 'Yes' : 'No')), + 'WP_ACCESSIBLE_HOSTS' => 'Whitelisted hosts', + 'WP_AUTO_UPDATE_CORE' => array('description' => 'Automatic WP Core updates', 'value' => defined('WP_AUTO_UPDATE_CORE') ? (is_bool(WP_AUTO_UPDATE_CORE) ? (WP_AUTO_UPDATE_CORE ? 'Everything' : 'None') : WP_AUTO_UPDATE_CORE) : 'Default'), + 'WP_PROXY_HOST' => array('description' => 'Hostname for a proxy server', 'value' => defined('WP_PROXY_HOST') ? WP_PROXY_HOST : '(not set)'), + 'WP_PROXY_PORT' => array('description' => 'Port for a proxy server', 'value' => defined('WP_PROXY_PORT') ? WP_PROXY_PORT : '(not set)'), + ); + + foreach ($wordPressValues as $settingName => $settingData): + $escapedName = esc_html($settingName); + $escapedDescription = ''; + $escapedValue = '(not set)'; + if (is_array($settingData)) { + $escapedDescription = esc_html($settingData['description']); + if (isset($settingData['value'])) { + $escapedValue = esc_html($settingData['value']); + } + } else { + $escapedDescription = esc_html($settingData); + if (defined($settingName)) { + $escapedValue = esc_html(constant($settingName)); + } + } + ?> + + + + + + + +
+
+
+ +
+
+
+
+ + +
+
+
+
+
+
+
+ > + + $pluginData): ?> - - - - - - - - - - - - - - - - - - - - - - - - - - $themeData): ?> - - - get_stylesheet()): ?> - + + + + - + - +
@@ -1778,128 +2470,289 @@ SQL - Version Active
No MU-Plugins
Themes
- - Version ActiveNetwork ActivatedActive InactiveInactive
+
+
+
+
+
+
+ + +
+
+
+
+
+
+
+ > + + + $pluginData): ?> + + + + + + + + + + + + + + +
+ + + - Version + + Active
No MU-Plugins
+
+
+
+
+
+
+ + +
+
+
+
+
+
+
+ > + + + $themeData): ?> + + + get_stylesheet()): ?> + + + + + + + + + + + + + + + +
+ + Version ActiveInactive
No Themes
+
+
+
+
+
+
+ + +
+
+
+
+
+
+
+ > - - - - + - - - - - - - - - - - - - $values) { - if (is_array($values)) { - foreach ($values as $cron_job => $v) { - if (is_numeric($timestamp)) { - ?> - - - - - $values) { + if (is_array($values)) { + foreach ($values as $cron_job => $v) { + if (is_numeric($timestamp)) { + ?> + + + + + - -
No MU-Plugins
Cron Jobs
- querySelect("show table status"); - if ($q): - $databaseCols = count($q[0]); - ?> + ?> + + +
+
+ + querySelect('SELECT SQL_CALC_FOUND_ROWS TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA=DATABASE() ORDER BY TABLE_NAME ASC LIMIT 250'); + $total = $wfdb->querySingle('SELECT FOUND_ROWS()'); + foreach ($tables as &$t) { + $t = "'" . esc_sql($t['TABLE_NAME']) . "'"; + } + unset($t); + $q = $wfdb->querySelect("SHOW TABLE STATUS WHERE Name IN (" . implode(',', $tables) . ')'); + if ($q): + $databaseCols = count($q[0]); + ?> +
+
+
+
+ + +
+
+
+
+
+
+
+
+ > + + + + $tval): ?> + + + + + + + + $tval): ?> + + + + = 250) { + ?> + + + + + + +
and more
+
+ +
+
+ +
+
+
+
+ + +
+
+
+
+
+
+
- > - - - - - - - - - - +
Database Tables
> - - $tval): ?> - - + + + $errorLogs = wfErrorLogHandler::getErrorLogs(); + if (count($errorLogs) < 1): ?> - $tval): ?> - - + - + $readable): ?> + + + + +
FileDownload
No log files found.
Download' : 'Requires downloading from the server directly'); ?>
- - +
+
+ + + + 1, 'html' => $html); @@ -1914,13 +2767,20 @@ SQL //return self::_getWAFData(); return array('ok' => 1, 'isPaid' => $isPaid ); } + + public static function updateWAFRules_New() { + $event = new wfWAFCronFetchRulesEvent(time() - 2); + $event->setWaf(wfWAF::getInstance()); + $success = $event->fire(); + + return self::_getWAFData($success); + } public static function save_debugging_config() { $settings = $_POST['settings']; foreach (self::$diagnosticParams as $param) { if (isset($settings[$param])) { - wfConfig::set( $param, $settings[$param] ); - + wfConfig::set( $param, $settings[$param] ); } } return array('ok' => 1 ); diff --git a/class/class-mainwp-child.php b/class/class-mainwp-child.php index f549ea6..6feb262 100644 --- a/class/class-mainwp-child.php +++ b/class/class-mainwp-child.php @@ -84,7 +84,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus } class MainWP_Child { - public static $version = '3.4.5'; + public static $version = '3.4.6'; private $update_version = '1.3'; private $callableFunctions = array( @@ -471,13 +471,16 @@ class MainWP_Child { if ( ! get_option( 'mainwp_child_pubkey' ) && MainWP_Helper::isAdmin() && is_admin() ) { $child_name = ( $this->branding_robust === 'MainWP' ) ? 'MainWP Child' : $this->branding_robust; $msg = '

'; - $msg .= __( 'Attention!', 'mainwp-child' ); + $msg .= __( 'Attention!', 'mainwp-child' ); $msg .= '

'; - $msg .= __( 'Please add this site to your ', 'mainwp-child' ) . $this->branding_robust . __( ' Dashboard NOW or deactivate the ', 'mainwp-child' ) . $child_name . __( ' plugin until you are ready to do so to avoid unexpected security issues.','mainwp-child' ); + $msg .= __( 'Please add this site to your ', 'mainwp-child' ) . $this->branding_robust . __( ' Dashboard NOW or deactivate the ', 'mainwp-child' ) . $child_name . __( ' plugin until you are ready to connect this site to your Dashboard in order to avoid unexpected security issues.','mainwp-child' ); $msg .= '

'; + $msg .= '

'; + $msg .= __( 'If you are not sure how to add this site to your Dashboard, please review these instructions.', 'mainwp-child' ); + $msg .= '

'; if ( ! MainWP_Child_Branding::is_branding() ) { $msg .= '

'; - $msg .= __( 'You can also turn on the unique security ID option in ', 'mainwp-child' ) . $this->branding_robust . __( ' settings if you would like extra security and additional time to add this site to your Dashboard.
Find out more in this help document How do I use the child unique security ID?', 'mainwp-child' ); + $msg .= __( 'You can also turn on the unique security ID option in ', 'mainwp-child' ) . $this->branding_robust . __( ' settings if you would like extra security and additional time to add this site to your Dashboard.
Find out more in this help document How do I use the child unique security ID?', 'mainwp-child' ); $msg .= '

'; } $msg .= '
'; diff --git a/class/class-mainwp-clone-install.php b/class/class-mainwp-clone-install.php index 361e266..a75badd 100644 --- a/class/class-mainwp-clone-install.php +++ b/class/class-mainwp-clone-install.php @@ -647,12 +647,14 @@ class MainWP_Clone_Install { * * @return array The original array with all elements replaced as needed. */ + + /* Fixed serialize issue */ function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false ) { // some unseriliased data cannot be re-serialised eg. SimpleXMLElements try { - if ( is_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) { + if ( is_string( $data ) && is_serialized( $data ) && !is_serialized_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) { $data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true ); } elseif ( is_array( $data ) ) { $_tmp = array(); @@ -664,13 +666,19 @@ class MainWP_Clone_Install { unset( $_tmp ); } elseif ( is_object( $data ) ) { $_tmp = $data; - - foreach ( $data as $key => $value ) { + $props = get_object_vars( $data ); + foreach ( $props as $key => $value ) { $_tmp->{$key} = $this->recursive_unserialize_replace( $from, $to, $value, false ); } $data = $_tmp; unset( $_tmp ); + } elseif (is_serialized_string($data) && is_serialized($data)) { + // TODO: apply solution like phpmyadmin project have! + if ( ($data = @unserialize( $data )) !== false ) { + $data = str_replace( $from, $to, $data ); + $data = serialize( $data ); + } } else { if ( is_string( $data ) ) { $data = str_replace( $from, $to, $data ); diff --git a/class/class-mainwp-helper.php b/class/class-mainwp-helper.php index 2687eae..61a53c2 100644 --- a/class/class-mainwp-helper.php +++ b/class/class-mainwp-helper.php @@ -1281,8 +1281,9 @@ class MainWP_Helper { * Credit to the : wp-filters-extras */ -function remove_filters_with_method_name( $hook_name = '', $method_name = '', $priority = 0 ) { - global $wp_filter; +static function remove_filters_with_method_name( $hook_name = '', $method_name = '', $priority = 0 ) { + + global $wp_filter; // Take only filters on right hook name and priority if ( ! isset( $wp_filter[ $hook_name ][ $priority ] ) || ! is_array( $wp_filter[ $hook_name ][ $priority ] ) ) { return false; diff --git a/mainwp-child.php b/mainwp-child.php index 50c65ed..dc1d0ce 100644 --- a/mainwp-child.php +++ b/mainwp-child.php @@ -6,7 +6,7 @@ Author: MainWP Author URI: https://mainwp.com Text Domain: mainwp-child - Version: 3.4.5 + Version: 3.4.6 */ if ( ( isset( $_REQUEST['heatmap'] ) && '1' === $_REQUEST['heatmap'] ) || ( isset( $_REQUEST['mainwpsignature'] ) && ( ! empty( $_REQUEST['mainwpsignature'] ) ) ) ) { header( 'X-Frame-Options: ALLOWALL' );