mainwp/mainwp-child
1
0
Fork 0
mirror of https://github.com/mainwp/mainwp-child.git synced 2025-08-31 03:53:15 +08:00
Code Issues Projects Packages Wiki Activity Actions

merge with branch01 + version update

Browse source
This commit is contained in:
ruben- 2016-08-02 19:51:22 +02:00
parent 432bb9dfd8
commit dabaf3c9a9
7 changed files with 1175 additions and 332 deletions
Download patch file Download diff file Expand all files Collapse all files

5
class/class-mainwp-child-back-wp-up.php
View file

@ -1033,7 +1033,10 @@ class MainWP_Child_Back_WP_Up {
$return['tables'] = $tables_temp;
}
if (isset($settings['job_id'])) {
$return['dbdumpexclude'] = BackWPup_Option::get( $settings['job_id'], 'dbdumpexclude' );
}
return array( 'success' => 1, 'return' => $return );
}

653
class/class-mainwp-child-ithemes-security.php
View file

@ -29,13 +29,13 @@ class MainWP_Child_iThemes_Security {
if ( ! class_exists( 'ITSEC_Core' ) || !class_exists('ITSEC_Modules')) {
$information['error'] = 'NO_ITHEME';
MainWP_Helper::write( $information );
}
}
global $mainwp_itsec_modules_path;
$mainwp_itsec_modules_path = ITSEC_Core::get_core_dir() . '/modules/';
MainWP_Helper::update_option( 'mainwp_ithemes_ext_enabled', 'Y', 'yes' );
if ( isset( $_POST['mwp_action'] ) ) {
switch ( $_POST['mwp_action'] ) {
case 'set_showhide':
@ -62,9 +62,9 @@ class MainWP_Child_iThemes_Security {
// case 'api_key':
// $information = $this->api_key();
// break;
// case 'reset_api_key':
// $information = $this->reset_api_key();
// break;
case 'reset_api_key':
$information = $this->reset_api_key();
break;
case 'malware_scan':
$information = $this->malware_scan();
break;
@ -82,19 +82,28 @@ class MainWP_Child_iThemes_Security {
break;
case 'module_status':
$information = $this->update_module_status();
break;
break;
case 'wordpress_salts':
$information = $this->wordpress_salts();
break;
case 'file_permissions':
$information = $this->file_permissions();
break;
case 'reload_backup_exclude':
$information = $this->reload_backup_exclude();
break;
case 'security_site':
$information = $this->security_site();
break;
case 'activate_network_brute_force':
$information = $this->activate_network_brute_force();
break;
}
}
MainWP_Helper::write( $information );
}
function set_showhide() {
function set_showhide() {
$hide = isset( $_POST['showhide'] ) && ( 'hide' === $_POST['showhide'] ) ? 'hide' : '';
MainWP_Helper::update_option( 'mainwp_ithemes_hide_plugin', $hide );
$information['result'] = 'success';
@ -134,52 +143,118 @@ class MainWP_Child_iThemes_Security {
}
function save_settings() {
if ( ! class_exists( 'ITSEC_Lib' ) ) {
require( ITSEC_Core::get_core_dir() . '/core/class-itsec-lib.php' );
}
$_itsec_modules = array(
'global',
'global',
'away-mode',
'backup',
'backup',
'hide-backend',
'ipcheck',
'ban-users',
'brute-force',
'file-change',
'404-detection',
'ipcheck',
'404-detection',
'network-brute-force',
'ssl',
'strong-passwords',
'system-tweaks',
'wordpress-tweaks',
'multisite-tweaks',
'multisite-tweaks',
//'salts',
//'content-directory',
);
);
$require_permalinks = false;
$updated = false;
$errors = array();
$nbf_settings = array();
$update_settings = maybe_unserialize( base64_decode( $_POST['settings'] ) );
foreach($update_settings as $module => $settings) {
if (in_array($module, $_itsec_modules)) {
if ($module == 'wordpress-salts') {
$settings['last_generated'] = ITSEC_Modules::get_setting( 'wordpress-salts', 'last_generated' ); // not update
} else if ($module == 'global') {
$settings['nginx_file'] = ITSEC_Modules::get_setting( 'global', 'nginx_file' ); // not update
$do_not_save = false;
if (in_array($module, $_itsec_modules)) {
if ($module == 'wordpress-salts') {
$settings['last_generated'] = ITSEC_Modules::get_setting( $module, 'last_generated' ); // not update
} else if ($module == 'global') {
$keep_olds = array( 'did_upgrade', 'log_info', 'show_new_dashboard_notice', 'show_security_check' , 'nginx_file' );
foreach($keep_olds as $key) {
$settings[$key] = ITSEC_Modules::get_setting( $module, $key ); // not update
}
if (!isset($settings['log_location']) || empty($settings['log_location']) ) {
$settings['log_location'] = ITSEC_Modules::get_setting( $module, 'log_location' );
} else {
$result = $this->validate_directory('log_location', $settings['log_location']);
if ($result !== true) {
$errors[] = $result;
$settings['log_location'] = ITSEC_Modules::get_setting( $module, 'log_location' ); // no change
}
}
} else if ($module == 'backup') {
if (!isset($settings['location']) || empty($settings['location']) ) {
$settings['location'] = ITSEC_Modules::get_setting( $module, 'location' );
} else {
$result = $this->validate_directory('location', $settings['location']);
if ($result !== true) {
$errors[] = $result;
$settings['location'] = ITSEC_Modules::get_setting( $module, 'location' ); // no change
}
}
if (!isset($settings['exclude']) ) {
$settings['exclude'] = ITSEC_Modules::get_setting( $module, 'exclude' );;
}
} else if ($module == 'hide-backend') {
if (isset($settings['enabled']) && !empty($settings['enabled'])) {
$permalink_structure = get_option( 'permalink_structure', false );
if ( empty( $permalink_structure ) && ! is_multisite() ) {
$errors[] = __( 'You must change <strong>WordPress permalinks</strong> to a setting other than "Plain" in order to use "Hide Backend" feature.', 'better-wp-security' );
$require_permalinks = true;
$do_not_save = true;
}
}
} else if ($module == 'network-brute-force') {
if ( isset( $settings['email'] ) ) {
$result = $this->activate_api_key($settings);
if ($result === false) {
$nbf_settings = $settings;
$errors[] = 'Error: Active iThemes Network Brute Force Protection Api Key';
} else {
$nbf_settings = $result;
}
} else {
$previous_settings = ITSEC_Modules::get_settings( $module );
// update 'enable_ban' field only
if (isset($settings['enable_ban'])) {
$previous_settings['enable_ban'] = $settings['enable_ban'];
$nbf_settings = $previous_settings;
} else {
$do_not_save = true;
$nbf_settings = $previous_settings;
}
}
$settings = $nbf_settings;
}
if ( !$do_not_save ) {
ITSEC_Modules::set_settings( $module, $settings );
$updated = true;
}
ITSEC_Modules::set_settings( $module, $settings );
$updated = true;
}
}
}
require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
$values = array(
'permalink_structure' => get_option( 'permalink_structure' ),
'is_multisite' => is_multisite() ? 1 : 0,
'users_can_register' => get_site_option( 'users_can_register' ) ? 1 : 0,
'server_nginx' => ( ITSEC_Lib::get_server() === 'nginx' ) ? 1 : 0,
'users_can_register' => get_site_option( 'users_can_register' ) ? 1 : 0,
'server_nginx' => ( ITSEC_Lib::get_server() === 'nginx' ) ? 1 : 0,
'has_ssl' => ITSEC_Lib::get_ssl() ? 1 : 0,
'jquery_version' => ITSEC_Modules::get_setting( 'wordpress-tweaks', 'jquery_version' ),
'is_jquery_version_safe'=> ITSEC_Lib::is_jquery_version_safe(),
@ -187,19 +262,109 @@ class MainWP_Child_iThemes_Security {
'config_rules' => ITSEC_Lib_Config_File::get_wp_config(),
'lockouts_host' => $this->get_lockouts( 'host', true ),
'lockouts_user' => $this->get_lockouts( 'user', true ),
'lockouts_username' => $this->get_lockouts( 'username', true )
'lockouts_username' => $this->get_lockouts( 'username', true ),
'default_log_location' => ITSEC_Modules::get_default( 'global', 'log_location' ),
'default_location' => ITSEC_Modules::get_default( 'backup', 'location' ),
'excludable_tables' => $this->get_excludable_tables(),
);
$return = array(
$return = array(
'site_status' => $values
);
if ($updated)
$return['result'] = 'success';
if ($require_permalinks) {
$return['require_permalinks'] = 1;
}
$return['nbf_settings'] = $nbf_settings;
if (!empty($errors)) {
$return['extra_message'] = $errors;
}
if ($updated)
$return['result'] = 'success';
else
$return['error'] = __('Not Updated', 'mainwp-child' );
return $return;
$return['error'] = __('Not Updated', 'mainwp-child' );
return $return;
}
public static function activate_network_brute_force() {
$data = maybe_unserialize( base64_decode( $_POST['data'] ) );
$information = array();
if (is_array($data)) {
$settings = ITSEC_Modules::get_settings( 'network-brute-force' );
$settings['email'] = $data['email'];
$settings['updates_optin'] = $data['updates_optin'];
$settings['api_nag'] = false;
$results = ITSEC_Modules::set_settings( 'network-brute-force', $settings );
if ( is_wp_error( $results ) ) {
$information['error'] = 'Error: Active iThemes Network Brute Force Protection Api Key';
} else if ( $results['saved'] ) {
ITSEC_Modules::activate( 'network-brute-force' );
$nbf_settings = ITSEC_Modules::get_settings( 'network-brute-force' );
// ITSEC_Response::set_response( '<p>' . __( 'Your site is now using Network Brute Force Protection.', 'better-wp-security' ) . '</p>' );
}
}
if ($nbf_settings !== null) {
$information['nbf_settings'] = $nbf_settings;
$information['result'] = 'success';
}
return $information;
}
private function validate_directory($name, $folder) {
require_once( ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-directory.php' );
$error = null;
if ( ! ITSEC_Lib_Directory::is_dir( $folder ) ) {
$result = ITSEC_Lib_Directory::create( $folder );
if ( is_wp_error( $result ) ) {
$error = sprintf( _x( 'The directory supplied in %1$s cannot be used as a valid directory. %2$s', '%1$s is the input name. %2$s is the error message.', 'better-wp-security' ), $name, $result->get_error_message() );
}
}
if ( empty( $error ) && ! ITSEC_Lib_Directory::is_writable( $folder ) ) {
$error = sprintf( __( 'The directory supplied in %1$s is not writable. Please select a directory that can be written to.', 'better-wp-security' ), $name );
}
if ( empty( $error ) ) {
ITSEC_Lib_Directory::add_file_listing_protection( $folder );
return true;
} else {
return $error;
}
}
private function activate_api_key($settings) {
global $mainwp_itsec_modules_path;
require_once ( $mainwp_itsec_modules_path . 'ipcheck/utilities.php' );
$key = ITSEC_Network_Brute_Force_Utilities::get_api_key( $settings['email'], $settings['updates_optin'] );
if ( is_wp_error( $key ) ) {
return false;
// $this->set_can_save( false );
// $this->add_error( $key );
} else {
$secret = ITSEC_Network_Brute_Force_Utilities::activate_api_key( $key );
if ( is_wp_error( $secret ) ) {
return false;
// $this->set_can_save( false );
// $this->add_error( $secret );
} else {
$settings['api_key'] = $key;
$settings['api_secret'] = $secret;
$settings['api_nag'] = false;
ITSEC_Response::reload_module( 'network-brute-force' );
}
}
unset( $settings['email'] );
return $settings;
}
function backup_status() {
$status = 0;
if ( ! is_multisite() && class_exists( 'backupbuddy_api' ) && count( backupbuddy_api::getSchedules() ) >= 1 ) {
@ -267,17 +432,17 @@ class MainWP_Child_iThemes_Security {
function backup_db() {
global $itsec_backup, $mainwp_itsec_modules_path;
if ( ! isset( $itsec_backup ) ) {
if ( ! isset( $itsec_backup ) ) {
require_once ( $mainwp_itsec_modules_path . 'backup/class-itsec-backup.php' );
$itsec_backup = new ITSEC_Backup();
$itsec_backup->run();
$itsec_backup->run();
}
$return = array();
$str_error = '';
$result = $itsec_backup->do_backup( true );
$str_error = '';
$result = $itsec_backup->do_backup( true );
if ( is_wp_error( $result ) ) {
$errors = ITSEC_Response::get_error_strings( $result );
@ -285,191 +450,191 @@ class MainWP_Child_iThemes_Security {
foreach ( $errors as $error ) {
$str_error .= $error . '<br />';
}
} else if ( is_string( $result ) ) {
$return['result'] = 'success';
} else if ( is_string( $result ) ) {
$return['result'] = 'success';
$return['message'] = $result;
} else {
$str_error = sprintf( __( 'The backup request returned an unexpected response. It returned a response of type <code>%1$s</code>.', 'better-wp-security' ), gettype( $result ) ) ;
}
if (!empty($str_error)) {
$return['error'] = $str_error;
}
}
return $return;
}
private function wordpress_salts() {
global $mainwp_itsec_modules_path;
global $mainwp_itsec_modules_path;
if ( ! class_exists( 'ITSEC_WordPress_Salts_Utilities' ) ) {
require( $mainwp_itsec_modules_path . 'salts/utilities.php' );
}
$result = ITSEC_WordPress_Salts_Utilities::generate_new_salts();
$str_error = '';
}
$result = ITSEC_WordPress_Salts_Utilities::generate_new_salts();
$str_error = '';
if ( is_wp_error( $result ) ) {
$errors = ITSEC_Response::get_error_strings( $result );
foreach ( $errors as $error ) {
$str_error .= $error . '<br />';
}
} else {
$return['result'] = 'success';
} else {
$return['result'] = 'success';
$return['message'] = __( 'The WordPress salts were successfully regenerated.', 'better-wp-security' ) ;
$last_generated = ITSEC_Core::get_current_time_gmt();
ITSEC_Modules::set_setting( 'wordpress-salts', 'last_generated', $last_generated );
}
}
if (!empty($str_error)) {
$return['error'] = $str_error;
}
return $return;
}
return $return;
}
private function file_permissions() {
require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
private function file_permissions() {
require_once( ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php' );
$wp_upload_dir = ITSEC_Core::get_wp_upload_dir();
$wp_upload_dir = ITSEC_Core::get_wp_upload_dir();
$path_data = array(
array(
ABSPATH,
0755,
),
array(
ABSPATH . WPINC,
0755,
),
array(
ABSPATH . 'wp-admin',
0755,
),
array(
ABSPATH . 'wp-admin/js',
0755,
),
array(
WP_CONTENT_DIR,
0755,
),
array(
get_theme_root(),
0755,
),
array(
WP_PLUGIN_DIR,
0755
),
array(
$wp_upload_dir['basedir'],
0755,
),
array(
ITSEC_Lib_Config_File::get_wp_config_file_path(),
0444,
),
array(
ITSEC_Lib_Config_File::get_server_config_file_path(),
0444,
),
);
$path_data = array(
array(
ABSPATH,
0755,
),
array(
ABSPATH . WPINC,
0755,
),
array(
ABSPATH . 'wp-admin',
0755,
),
array(
ABSPATH . 'wp-admin/js',
0755,
),
array(
WP_CONTENT_DIR,
0755,
),
array(
get_theme_root(),
0755,
),
array(
WP_PLUGIN_DIR,
0755
),
array(
$wp_upload_dir['basedir'],
0755,
),
array(
ITSEC_Lib_Config_File::get_wp_config_file_path(),
0444,
),
array(
ITSEC_Lib_Config_File::get_server_config_file_path(),
0444,
),
);
$rows = array();
$rows = array();
foreach ( $path_data as $path ) {
$row = array();
foreach ( $path_data as $path ) {
$row = array();
list( $path, $suggested_permissions ) = $path;
list( $path, $suggested_permissions ) = $path;
$display_path = preg_replace( '/^' . preg_quote( ABSPATH, '/' ) . '/', '', $path );
$display_path = ltrim( $display_path, '/' );
$display_path = preg_replace( '/^' . preg_quote( ABSPATH, '/' ) . '/', '', $path );
$display_path = ltrim( $display_path, '/' );
if ( empty( $display_path ) ) {
$display_path = '/';
if ( empty( $display_path ) ) {
$display_path = '/';
}
$row[] = $display_path;
$row[] = sprintf( '%o', $suggested_permissions );
$permissions = fileperms( $path ) & 0777;
$row[] = sprintf( '%o', $permissions );
if ( ! $permissions || $permissions != $suggested_permissions ) {
$row[] = __( 'WARNING', 'better-wp-security' );
$row[] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
} else {
$row[] = __( 'OK', 'better-wp-security' );
$row[] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
}
$rows[] = $row;
}
$row[] = $display_path;
$row[] = sprintf( '%o', $suggested_permissions );
$permissions = fileperms( $path ) & 0777;
$row[] = sprintf( '%o', $permissions );
if ( ! $permissions || $permissions != $suggested_permissions ) {
$row[] = __( 'WARNING', 'better-wp-security' );
$row[] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
} else {
$row[] = __( 'OK', 'better-wp-security' );
$row[] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
}
$rows[] = $row;
}
$class = 'entry-row';
$class = 'entry-row';
ob_start();
?>
<p><input type="button" id="itsec-file-permissions-reload_file_permissions" name="file-permissions[reload_file_permissions]" class="button-primary itsec-reload-module" value="<?php _e('Reload File Permissions Details', 'mainwp-child'); ?>"></p>
<table class="widefat">
<thead>
<tr>
<th><?php _e( 'Relative Path', 'better-wp-security' ); ?></th>
<th><?php _e( 'Suggestion', 'better-wp-security' ); ?></th>
<th><?php _e( 'Value', 'better-wp-security' ); ?></th>
<th><?php _e( 'Result', 'better-wp-security' ); ?></th>
<th><?php _e( 'Status', 'better-wp-security' ); ?></th>
</tr>
<tr>
<th><?php _e( 'Relative Path', 'better-wp-security' ); ?></th>
<th><?php _e( 'Suggestion', 'better-wp-security' ); ?></th>
<th><?php _e( 'Value', 'better-wp-security' ); ?></th>
<th><?php _e( 'Result', 'better-wp-security' ); ?></th>
<th><?php _e( 'Status', 'better-wp-security' ); ?></th>
</tr>
</thead>
<tfoot>
<tr>
<th><?php _e( 'Relative Path', 'better-wp-security' ); ?></th>
<th><?php _e( 'Suggestion', 'better-wp-security' ); ?></th>
<th><?php _e( 'Value', 'better-wp-security' ); ?></th>
<th><?php _e( 'Result', 'better-wp-security' ); ?></th>
<th><?php _e( 'Status', 'better-wp-security' ); ?></th>
</tr>
<tr>
<th><?php _e( 'Relative Path', 'better-wp-security' ); ?></th>
<th><?php _e( 'Suggestion', 'better-wp-security' ); ?></th>
<th><?php _e( 'Value', 'better-wp-security' ); ?></th>
<th><?php _e( 'Result', 'better-wp-security' ); ?></th>
<th><?php _e( 'Status', 'better-wp-security' ); ?></th>
</tr>
</tfoot>
<tbody>
<?php foreach ( $rows as $row ) : ?>
<tr class="<?php echo $class; ?>">
<?php foreach ( $row as $column ) : ?>
<td><?php echo $column; ?></td>
<?php endforeach; ?>
</tr>
<?php $class = ( 'entry-row' === $class ) ? 'entry-row alternate' : 'entry-row'; ?>
<?php endforeach; ?>
<?php foreach ( $rows as $row ) : ?>
<tr class="<?php echo $class; ?>">
<?php foreach ( $row as $column ) : ?>
<td><?php echo $column; ?></td>
<?php endforeach; ?>
</tr>
<?php $class = ( 'entry-row' === $class ) ? 'entry-row alternate' : 'entry-row'; ?>
<?php endforeach; ?>
</tbody>
</table>
<br />
<?php
<?php
$html = ob_get_clean();
return array('html' => $html);
}
public function file_change() {
global $mainwp_itsec_modules_path;
global $mainwp_itsec_modules_path;
if ( ! class_exists( 'ITSEC_File_Change_Scanner' ) ) {
require_once( $mainwp_itsec_modules_path . 'file-change/scanner.php' );
}
}
$result = ITSEC_File_Change_Scanner::run_scan( false );
if ($result === false || $result === true || $result === -1) {
$return['result'] = 'success';
$return['scan_result'] = $result;
}
return $return;
$return['scan_result'] = $result;
}
return $return;
}
function admin_user() {
$settings = $_POST['settings'];
$settings = $_POST['settings'];
if (!is_array($settings))
$settings = array();
$new_username = isset( $settings['new_username'] ) ? $settings['new_username'] : '';
$change_id = isset( $settings['change_id'] ) && $settings['change_id'] ? true : false;
//load utility functions
if ( ! class_exists( 'ITSEC_Lib' ) ) {
global $itsec_globals;
@ -482,8 +647,8 @@ class MainWP_Child_iThemes_Security {
if ( strlen( $new_username ) >= 1 && ! $username_exists ) {
$msg = __( 'Admin user already changes.', 'mainwp-child' );
}
if ( true === $change_id && ! $user_id_exists ) {
if ( true === $change_id && ! $user_id_exists ) {
if ( ! empty( $msg ) ) {
$msg .= '<br/>';
}
@ -520,7 +685,7 @@ class MainWP_Child_iThemes_Security {
global $wpdb;
$itsec_files = ITSEC_Core::get_itsec_files();
if ( $itsec_files->get_file_lock( 'admin_user' ) ) { //make sure it isn't already running
//sanitize the username
@ -539,7 +704,7 @@ class MainWP_Child_iThemes_Security {
//query main user table
$wpdb->query( "UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql( $new_user ) . "' WHERE user_login='admin';" );
if ( is_multisite() ) { //process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb->get_var( 'SELECT meta_value FROM `' . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
@ -568,7 +733,7 @@ class MainWP_Child_iThemes_Security {
if ( true === $id ) { //change the user id
$wpdb->query( 'DELETE FROM `' . $wpdb->users . '` WHERE ID = 1;' );
$wpdb->insert( $wpdb->users, array(
'user_login' => $user_login,
'user_pass' => $user_object->user_pass,
@ -639,14 +804,14 @@ class MainWP_Child_iThemes_Security {
return $rules_array;
}
public function change_database_prefix() {
global $mainwp_itsec_modules_path;
global $mainwp_itsec_modules_path;
require_once( $mainwp_itsec_modules_path . 'database-prefix/utility.php' );
$str_error = '';
$return = array();
if ( isset( $_POST['change_prefix'] ) && 'yes' === $_POST['change_prefix'] ) {
$result = ITSEC_Database_Prefix_Utility::change_database_prefix();
$return = $result['errors'];
@ -658,18 +823,18 @@ class MainWP_Child_iThemes_Security {
}
}
}
ITSEC_Response::reload_module( 'database-prefix' );
if ( false === $result['new_prefix'] ) {
$return['error'] = $str_error;
} else {
$return['result'] = 'success';
$return['message'] = sprintf( __( 'The database table prefix was successfully changed to <code>%1$s</code>.', 'better-wp-security' ), $result['new_prefix'] );
}
}
return $return;
}
return $return;
}
public function api_key() {
@ -689,54 +854,53 @@ class MainWP_Child_iThemes_Security {
}
public function reset_api_key() {
$settings = get_site_option( 'itsec_ipcheck' );
if ( ! is_array( $settings ) ) {
$settings = array();
}
unset( $settings['api_key'] );
unset( $settings['api_s'] );
unset( $settings['email'] );
unset( $settings['reset'] );
$defaults = ITSEC_Modules::get_defaults( 'network-brute-force' );
$results = ITSEC_Modules::set_settings( 'network-brute-force', $defaults );
$return = array();
if ( update_site_option( 'itsec_ipcheck', $settings ) ) {
$return['result'] = 'success';
} else {
$return['result'] = 'nochange';
ITSEC_Response::set_response( $results['saved'] );
ITSEC_Response::add_errors( $results['errors'] );
ITSEC_Response::add_messages( $results['messages'] );
$information = array();
if ( $results['saved'] ) {
$information['result'] = 'success';
$information['nbf_settings'] = ITSEC_Modules::get_settings( 'network-brute-force');
} else if ( empty( $results['errors'] ) ) {
$information['error_reset_api'] = 1;
}
return $return;
return $information;
}
public function malware_scan() {
global $mainwp_itsec_modules_path;
if ( ! class_exists( 'ITSEC_Malware_Scanner' ) ) {
require_once( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scanner.php' );
require_once( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scan-results-template.php' );
require_once( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scan-results-template.php' );
}
$response = array();
if ( ! ITSEC_Core::current_user_can_manage() ) {
$response['error'] = 'The currently logged in user does not have sufficient permissions to run this scan.';
} else {
$results = ITSEC_Malware_Scanner::scan();
$response['html'] = ITSEC_Malware_Scan_Results_Template::get_html( $results, true );
}
}
return $response;
}
public function malware_get_scan_results() {
global $mainwp_itsec_modules_path;
if ( ! class_exists( 'ITSEC_Malware_Scanner' ) ) {
require_once( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scanner.php' );
require_once( $mainwp_itsec_modules_path . 'malware/class-itsec-malware-scan-results-template.php' );
}
}
$response = array();
$results= ITSEC_Malware_Scanner::scan();
$response['html'] = ITSEC_Malware_Scan_Results_Template::get_html( $results, true );
$results= ITSEC_Malware_Scanner::scan();
$response['html'] = ITSEC_Malware_Scan_Results_Template::get_html( $results, true );
return $response;
}
@ -867,37 +1031,76 @@ class MainWP_Child_iThemes_Security {
add_settings_error( 'itsec', esc_attr( 'settings_updated' ), $message, $type );
}
// $site_status = array(
// 'username_admin_exists' => username_exists( 'admin' ) ? 1 : 0,
// 'user_id1_exists' => ITSEC_Lib::user_id_exists( 1 ) ? 1 : 0,
// 'backup' => $this->backup_status(),
// 'permalink_structure' => get_option( 'permalink_structure' ),
// 'is_multisite' => is_multisite() ? 1 : 0,
// 'users_can_register' => get_site_option( 'users_can_register' ) ? 1 : 0,
// 'force_ssl_login' => ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN === true ) ? 1 : 0,
// 'force_ssl_admin' => ( defined( 'FORCE_SSL_ADMIN' ) && FORCE_SSL_ADMIN === true ) ? 1 : 0,
// 'server_nginx' => ( 'nginx' === ITSEC_Lib::get_server() ) ? 1 : 0,
// 'lockouts_host' => $this->get_lockouts( 'host', true ),
// 'lockouts_user' => $this->get_lockouts( 'user', true ),
// 'lockouts_username' => $this->get_lockouts( 'username', true ),
// );
return array(
'result' => 'success',
// 'site_status' => $site_status,
);
}
public function update_module_status() {
$active_modules = $_POST['active_modules'];
if (!is_array($active_modules))
$active_modules = array();
update_site_option( 'itsec_active_modules', $active_modules );
return array('result' => 'success');
}
private function reload_backup_exclude( ) {
return array(
'exclude' => ITSEC_Modules::get_setting( 'backup', 'exclude' ),
'excludable_tables' => $this->get_excludable_tables(),
'result' => 'success'
);
}
private function get_excludable_tables( ) {
global $wpdb;
$all_sites = ITSEC_Modules::get_setting( 'backup', 'all_sites' );
$ignored_tables = array(
'commentmeta',
'comments',
'links',
'options',
'postmeta',
'posts',
'term_relationships',
'term_taxonomy',
'terms',
'usermeta',
'users',
);
if ( $all_sites ) {
$query = 'SHOW_TABLES';
} else {
$query = $wpdb->prepare( 'SHOW TABLES LIKE %s', "{$wpdb->base_prefix}%" );
}
$tables = $wpdb->get_results( $query, ARRAY_N );
$excludes = array();
foreach ( $tables as $table ) {
$short_table = substr( $table[0], strlen( $wpdb->prefix ) );
if ( in_array( $short_table, $ignored_tables ) ) {
continue;
}
$excludes[$short_table] = $table[0];
}
return $excludes ;
}
private function security_site() {
global $mainwp_itsec_modules_path;
require_once( $mainwp_itsec_modules_path . 'security-check/scanner.php' );
ITSEC_Security_Check_Scanner::run();
$response = ITSEC_Response::get_response();
return array('result' => 'success' , 'response' => $response);
}
}

162
class/class-mainwp-child-links-checker.php
View file

@ -27,6 +27,9 @@ class MainWP_Child_Links_Checker {
case 'sync_data':
$information = $this->sync_data();
break;
case 'sync_links_data':
$information = $this->sync_links_data();
break;
case 'edit_link':
$information = $this->edit_link();
break;
@ -77,22 +80,14 @@ class MainWP_Child_Links_Checker {
}
function save_settings() {
$information = array();
$information['result'] = 'NOTCHANGE';
$new_check_threshold = intval( $_POST['check_threshold'] );
if ( update_option( 'mainwp_child_blc_max_number_of_links', intval( $_POST['max_number_of_links'] ) ) ) {
$information['result'] = 'SUCCESS';
}
if ( $new_check_threshold > 0 ) {
$information = array();
$check_threshold = intval( $_POST['check_threshold'] );
if ( $check_threshold > 0 ) {
$conf = blc_get_configuration();
$conf->options['check_threshold'] = $new_check_threshold;
if ( $conf->save_options() ) {
$information['result'] = 'SUCCESS';
}
$conf->options['check_threshold'] = $check_threshold;
$conf->save_options();
}
$information['result'] = 'SUCCESS';
return $information;
}
@ -179,29 +174,74 @@ class MainWP_Child_Links_Checker {
return $information;
}
function sync_data( $strategy = '' ) {
function sync_data( $strategy = '' ) {
$information = array();
$data = array();
$data = $this->get_count_links();
// $max_results = isset($_POST['max_results']) ? intval($_POST['max_results']) : 50;
// $params = array( array( 'load_instances' => true ),
// 'max_results' => $max_results
// );
//$data['link_data'] = $this->do_sync_links_data($params);
$information['data'] = $data;
return $information;
}
function sync_links_data() {
$blc_link_query = blcLinkQuery::getInstance();
$total = $blc_link_query->get_filter_links( 'all', array( 'count_only' => true ) );
$max_results = isset($_POST['max_results']) ? intval($_POST['max_results']) : 50;
$offset = isset($_POST['offset']) ? intval($_POST['offset']) : 0;
$params = array(
array( 'load_instances' => true ),
'max_results' => $max_results
);
if (empty($offset)) {
$first_sync = true;
} else {
$params['offset'] = $offset;
}
$link_data = $this->do_sync_links_data($params);
$information = array('links_data' => $link_data);
if ($first_sync) {
$information['data'] = $this->get_count_links();
}
if ($total > $offset + $max_results ) {
$information['sync_offset'] = $offset + $max_results;
} else {
$information['last_sync'] = 1;
}
$information['result'] = 'success';
return $information;
}
function get_count_links() {
$data = array();
$blc_link_query = blcLinkQuery::getInstance();
$data['broken'] = $blc_link_query->get_filter_links( 'broken', array( 'count_only' => true ) );
$data['redirects'] = $blc_link_query->get_filter_links( 'redirects', array( 'count_only' => true ) );
$data['dismissed'] = $blc_link_query->get_filter_links( 'dismissed', array( 'count_only' => true ) );
$data['warning'] = $blc_link_query->get_filter_links( 'warning', array( 'count_only' => true ) );
$data['all'] = $blc_link_query->get_filter_links( 'all', array( 'count_only' => true ) );
$data['link_data'] = self::sync_link_data();
$information['data'] = $data;
return $information;
return $data;
}
static function sync_link_data() {
$max_results = get_option( 'mainwp_child_blc_max_number_of_links', 50 );
$params = array( array( 'load_instances' => true ) );
if ( ! empty( $max_results ) ) {
$params['max_results'] = $max_results;
}
function do_sync_links_data($params) {
$links = blc_get_links( $params );
$get_fields = array(
$filter_fields = array(
'link_id',
'url',
'being_checked',
@ -214,6 +254,7 @@ class MainWP_Child_Links_Checker {
'redirect_count',
'final_url',
'broken',
'warning',
'first_failure',
'last_success',
'may_recheck',
@ -222,10 +263,10 @@ class MainWP_Child_Links_Checker {
'dismissed',
'status_text',
'status_code',
'log',
'log'
);
$return = '';
$site_id = $_POST['site_id'];
$blc_option = get_option( 'wsblc_options' );
if ( is_string( $blc_option ) && ! empty( $blc_option ) ) {
@ -234,28 +275,29 @@ class MainWP_Child_Links_Checker {
if ( is_array( $links ) ) {
foreach ( $links as $link ) {
$lnk = new stdClass();
foreach ( $get_fields as $field ) {
$lnk->$field = $link->$field;
$new_link = new stdClass();
foreach ( $filter_fields as $field ) {
$new_link->$field = $link->$field;
}
if ( ! empty( $link->post_date ) ) {
$lnk->post_date = $link->post_date;
$extra_info = array();
if ( ! empty( $link->post_date ) ) {
$extra_info['post_date'] = $link->post_date;
}
$days_broken = 0;
if ( $link->broken ) {
//Add a highlight to broken links that appear to be permanently broken
$days_broken = intval( ( time() - $link->first_failure ) / ( 3600 * 24 ) );
if ( $days_broken >= $blc_option['failure_duration_threshold'] ) {
$lnk->permanently_broken = 1;
if ( $blc_option['highlight_permanent_failures'] ) {
$lnk->permanently_broken_highlight = 1;
$extra_info['permanently_broken'] = 1;
if ( $blc_option['highlight_permanent_failures'] ) {
$extra_info['permanently_broken_highlight'] = 1;
}
}
}
$lnk->days_broken = $days_broken;
}
$extra_info['days_broken'] = $days_broken;
$instances = false;
$get_link = new blcLink( intval( $link->link_id ) );
@ -266,16 +308,16 @@ class MainWP_Child_Links_Checker {
if ( ! empty( $instances ) ) {
$first_instance = reset( $instances );
$lnk->link_text = $first_instance->ui_get_link_text();
$lnk->count_instance = count( $instances );
$new_link->link_text = $first_instance->ui_get_link_text();
$extra_info['count_instance'] = count( $instances );
$container = $first_instance->get_container();
/** @var blcContainer $container */
$lnk->container = $container;
if ( ! empty( $container ) /* && ($container instanceof blcAnyPostContainer) */ ) {
$lnk->container_type = $container->container_type;
$lnk->container_id = $container->container_id;
$lnk->source_data = MainWP_Child_Links_Checker::Instance()->ui_get_source( $container, $first_instance->container_field );
$extra_info['container_type'] = $container->container_type;
$extra_info['container_id'] = $container->container_id;
$extra_info['source_data'] = $this->ui_get_source( $container, $first_instance->container_field );
}
$can_edit_text = false;
@ -302,16 +344,16 @@ class MainWP_Child_Links_Checker {
$link_text = key( $link_texts );
$data_link_text = esc_attr( $link_text );
}
$lnk->data_link_text = $data_link_text;
$lnk->can_edit_url = $can_edit_url;
$lnk->can_edit_text = $can_edit_text;
} else {
$lnk->link_text = '';
$lnk->count_instance = 0;
$extra_info['data_link_text'] = $data_link_text;
$extra_info['can_edit_url'] = $can_edit_url;
$extra_info['can_edit_text'] = $can_edit_text;
} else {
$new_link->link_text = '';
$extra_info['count_instance'] = 0;
}
$lnk->site_id = $site_id;
$return[] = $lnk;
$new_link->extra_info = base64_encode(serialize($extra_info));
$new_link->synced = 1;
$return[] = $new_link;
}
} else {
return '';

9
class/class-mainwp-child-updraft-plus-backups.php
View file

@ -384,6 +384,15 @@ class MainWP_Child_Updraft_Plus_Backups {
$opts['secret'] = $settings[ $key ]['secret'];
$opts['folder'] = $settings[ $key ]['folder'];
UpdraftPlus_Options::update_updraft_option( $key, $opts );
} else if ( 'updraft_googlecloud' === $key ) {
$opts = UpdraftPlus_Options::get_updraft_option( $key );
$opts['clientid'] = $settings[ $key ]['clientid'];
$opts['secret'] = $settings[ $key ]['secret'];
$opts['project_id'] = $settings[ $key ]['project_id'];
$opts['bucket_path'] = $settings[ $key ]['bucket_path'];
$opts['storage_class'] = $settings[ $key ]['storage_class'];
$opts['bucket_location'] = $settings[ $key ]['bucket_location'];
UpdraftPlus_Options::update_updraft_option( $key, $opts );
} else if ( 'updraft_onedrive' === $key ) {
$opts = UpdraftPlus_Options::get_updraft_option( 'updraft_onedrive' );
$opts['clientid'] = $settings[ $key ]['clientid'];

659
class/class-mainwp-child-wordfence.php
View file

@ -1,8 +1,7 @@
<?php
class MainWP_Child_Wordfence {
public static $instance = null;
private static $wfLog = false;
public static $instance = null;
public $is_wordfence_installed = false;
public $plugin_translate = 'mainwp-child';
@ -20,7 +19,7 @@ class MainWP_Child_Wordfence {
'autoUpdate',
'firewallEnabled',
'howGetIPs',
'liveTrafficEnabled',
'liveTrafficEnabled',
'loginSec_blockAdminReg',
'loginSec_countFailMins',
'loginSec_disableAuthorScan',
@ -34,16 +33,18 @@ class MainWP_Child_Wordfence {
'loginSecurityEnabled',
'other_scanOutside',
'scan_exclude',
'scansEnabled_checkReadableConfig',
'scansEnabled_comments',
'scansEnabled_core',
'scansEnabled_diskSpace',
'scansEnabled_dns',
'scansEnabled_fileContents',
'scansEnabled_database',
'scan_include_extra',
'scansEnabled_heartbleed',
'scansEnabled_highSense',
'scansEnabled_malware',
'scansEnabled_oldVersions',
"scansEnabled_suspiciousAdminUsers",
'scansEnabled_passwds',
'scansEnabled_plugins',
'scansEnabled_posts',
@ -71,6 +72,7 @@ class MainWP_Child_Wordfence {
'liveTraf_ignoreUsers',
'liveTraf_ignoreIPs',
'liveTraf_ignoreUA',
'liveTraf_maxRows',
'whitelisted',
'bannedURLs',
'other_hideWPVersion',
@ -99,8 +101,19 @@ class MainWP_Child_Wordfence {
'email_summary_interval',
'email_summary_excluded_directories',
'allowed404s',
//'ajaxWatcherDisabled_front', // do not update those values when save settings
//'ajaxWatcherDisabled_admin'
);
public static $diagnosticParams = array(
'addCacheComment',
'debugOn',
'startScansRemotely',
'ssl_verify',
'disableConfigCaching',
'betaThreatDefenseFeed',
);
static function Instance() {
if ( null === MainWP_Child_Wordfence::$instance ) {
@ -235,10 +248,76 @@ class MainWP_Child_Wordfence {
case "remove_cache_exclusion":
$information = $this->removeCacheExclusion();
break;
case 'get_diagnostics':
$information = $this->getDiagnostics();
break;
case 'update_waf_rules':
$information = $this->updateWAFRules();
break;
case 'save_debugging_config':
$information = $this->save_debugging_config();
break;
case 'load_live_traffic':
$information = $this->loadLiveTraffic();
break;
case 'white_list_waf':
$information = $this->whitelistWAFParamKey();
break;
case 'hide_file_htaccess':
$information = $this->hideFileHtaccess();
break;
case 'fix_fpd':
$information = $this->fixFPD();
break;
case 'disable_directory_listing':
$information = $this->disableDirectoryListing();
break;
case 'delete_database_option':
$information = $this->deleteDatabaseOption();
break;
case 'delete_admin_user':
$information = $this->deleteAdminUser();
break;
case 'revoke_admin_user':
$information = $this->revokeAdminUser();
break;
case 'clear_all_blocked':
$information = $this->clearAllBlocked();
break;
case 'permanently_block_all_ips':
$information = $this->permanentlyBlockAllIPs();
break;
case 'unlockout_ip':
$information = $this->unlockOutIP();
break;
case 'unblock_range':
$information = $this->unblockRange();
break;
case 'block_ip_ua_range':
$information = $this->blockIPUARange();
break;
case 'load_block_ranges':
$information = $this->loadBlockRanges();
break;
case 'save_waf_config':
$information = $this->saveWAFConfig();
break;
case 'whitelist_bulk_delete':
$information = $this->whitelistBulkDelete();
break;
case 'whitelist_bulk_enable':
$information = $this->whitelistBulkEnable();
break;
case 'whitelist_bulk_disable':
$information = $this->whitelistBulkDisable();
break;
case 'update_config':
$information = $this->updateConfig();
break;
}
}
MainWP_Helper::write( $information );
}
}
private function start_scan() {
$information = array();
@ -328,7 +407,7 @@ class MainWP_Child_Wordfence {
public function get_log() {
$information = array();
$wfLog = self::getLog();
$wfLog = wordfence::getLog();
if ( $wfLog ) {
$information['events'] = $wfLog->getStatusEvents( 0 );
$information['summary'] = $wfLog->getSummaryEvents();
@ -339,15 +418,6 @@ class MainWP_Child_Wordfence {
return $information;
}
private static function getLog() {
if ( ! self::$wfLog ) {
$wfLog = new wfLog( wfConfig::get( 'apiKey' ), wfUtils::getWPVersion() );
self::$wfLog = $wfLog;
}
return self::$wfLog;
}
public function update_log() {
return wordfence::ajax_activityLogUpdate_callback();
}
@ -356,14 +426,15 @@ class MainWP_Child_Wordfence {
$i = new wfIssues();
$iss = $i->getIssues();
//error_log("wp-ajax: " . wp_create_nonce('wp-ajax'));
return array(
'issuesLists' => $iss,
'summary' => $i->getSummaryItems(),
'lastScanCompleted' => wfConfig::get( 'lastScanCompleted' ),
'apiKey' => wfConfig::get( 'apiKey' ),
'isPaid' => wfConfig::get('isPaid'),
'lastscan_timestamp' => $this->get_lastscan()
'lastscan_timestamp' => $this->get_lastscan(),
'isNginx' => wfUtils::isNginx() ? 1 : 0,
'wafData' => $this->_getWAFData()
);
}
@ -756,7 +827,7 @@ class MainWP_Child_Wordfence {
}
$result['ok'] = 1;
$result['reload'] = $reload;
return $result;
}
}
@ -826,13 +897,15 @@ class MainWP_Child_Wordfence {
$p = $wpdb->base_prefix;
$serverTime = $wfdb->querySingle( 'select unix_timestamp()' );
$issues = new wfIssues();
$jsonData = array(
'serverTime' => $serverTime,
'serverMicrotime' => microtime(true),
'msg' => $wfdb->querySingle( "select msg from $p" . 'wfStatus where level < 3 order by ctime desc limit 1' ),
);
$events = array();
$alsoGet = $_POST['alsoGet'];
$alsoGet = $_POST['alsoGet'];
if ( preg_match( '/^logList_(404|hit|human|ruser|crawler|gCrawler|loginLogout)$/', $alsoGet, $m ) ) {
$type = $m[1];
$newestEventTime = $_POST['otherParams'];
@ -840,18 +913,20 @@ class MainWP_Child_Wordfence {
if ( 'loginLogout' === $type ) {
$listType = 'logins';
}
$events = self::getLog()->getHits( $listType, $type, $newestEventTime );
$events = wordfence::getLog()->getHits( $listType, $type, $newestEventTime );
} else if ( 'perfStats' === $alsoGet ) {
$newestEventTime = $_POST['otherParams'];
$events = self::getLog()->getPerfStats( $newestEventTime );
}
/*
$longest = 0;
foreach($events as $e){
$length = $e['domainLookupEnd'] + $e['connectEnd'] + $e['responseStart'] + $e['responseEnd'] + $e['domReady'] + $e['loaded'];
$longest = $length > $longest ? $length : $longest;
}
*/
$events = wordfence::getLog()->getPerfStats( $newestEventTime );
} else if ($alsoGet == 'liveTraffic') {
if (get_site_option('wordfence_syncAttackDataAttempts') > 10) {
wordfence::syncAttackData(false);
}
$results = wordfence::ajax_loadLiveTraffic_callback();
$events = $results['data'];
if (isset($results['sql'])) {
$jsonData['sql'] = $results['sql'];
}
}
$jsonData['events'] = $events;
$jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed
$jsonData['cacheType'] = wfConfig::get( 'cacheType' );
@ -859,6 +934,154 @@ class MainWP_Child_Wordfence {
return $jsonData;
}
public static function loadLiveTraffic() {
$wfdb = new wfDB();
$serverTime = $wfdb->querySingle( 'select unix_timestamp()' );
$return = wordfence::ajax_loadLiveTraffic_callback();
$return['serverTime'] = $serverTime;
$return['serverMicrotime'] = microtime(true);
return $return;
}
function whitelistWAFParamKey() {
$return = wordfence::ajax_whitelistWAFParamKey_callback();
return $return;
}
function hideFileHtaccess() {
$return = wordfence::ajax_hideFileHtaccess_callback();
return $return;
}
public static function fixFPD(){
$return = wordfence::ajax_fixFPD_callback();
return $return;
}
public static function disableDirectoryListing() {
$return = wordfence::ajax_disableDirectoryListing_callback();
return $return;
}
public static function deleteDatabaseOption() {
$return = wordfence::ajax_deleteDatabaseOption_callback();
return $return;
}
public static function deleteAdminUser() {
$return = wordfence::ajax_deleteAdminUser_callback();
return $return;
}
public static function revokeAdminUser() {
$return = wordfence::ajax_revokeAdminUser_callback();
return $return;
}
public static function clearAllBlocked() {
$return = wordfence::ajax_clearAllBlocked_callback();
return $return;
}
public static function permanentlyBlockAllIPs() {
$return = wordfence::ajax_permanentlyBlockAllIPs_callback();
return $return;
}
public static function unlockOutIP() {
$return = wordfence::ajax_unlockOutIP_callback();
return $return;
}
public static function unblockRange() {
$return = wordfence::ajax_unblockRange_callback();
return $return;
}
public static function blockIPUARange() {
$return = wordfence::ajax_blockIPUARange_callback();
return $return;
}
public static function loadBlockRanges() {
$return = wordfence::ajax_loadBlockRanges_callback();
return $return;
}
public static function saveWAFConfig() {
$return = wordfence::ajax_saveWAFConfig_callback();
if (is_array($return) && isset($return['data'])) {
$return['learningModeGracePeriod'] = wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriod');
}
return $return;
}
public static function whitelistBulkDelete() {
$return = wordfence::ajax_whitelistBulkDelete_callback();
return $return;
}
public static function whitelistBulkEnable() {
$return = wordfence::ajax_whitelistBulkEnable_callback();
return $return;
}
public static function whitelistBulkDisable() {
$return = wordfence::ajax_whitelistBulkDisable_callback();
return $return;
}
public static function updateConfig() {
$return = wordfence::ajax_updateConfig_callback();
return $return;
}
private static function _getWAFData() {
$data['learningMode'] = wfWAF::getInstance()->isInLearningMode();
$data['rules'] = wfWAF::getInstance()->getRules();
/** @var wfWAFRule $rule */
foreach ($data['rules'] as $ruleID => $rule) {
$data['rules'][$ruleID] = $rule->toArray();
}
$whitelistedURLParams = wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams', array());
$data['whitelistedURLParams'] = array();
foreach ($whitelistedURLParams as $urlParamKey => $rules) {
list($path, $paramKey) = explode('|', $urlParamKey);
$whitelistData = null;
foreach ($rules as $ruleID => $whitelistedData) {
if ($whitelistData === null) {
$whitelistData = $whitelistedData;
continue;
}
if ($ruleID === 'all') {
$whitelistData = $whitelistedData;
break;
}
}
if (is_array($whitelistData) && array_key_exists('userID', $whitelistData) && function_exists('get_user_by')) {
$user = get_user_by('id', $whitelistData['userID']);
if ($user) {
$whitelistData['username'] = $user->user_login;
}
}
$data['whitelistedURLParams'][] = array(
'path' => $path,
'paramKey' => $paramKey,
'ruleID' => array_keys($rules),
'data' => $whitelistData,
);
}
$data['disabledRules'] = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules');
if ($lastUpdated = wfWAF::getInstance()->getStorageEngine()->getConfig('rulesLastUpdated')) {
$data['rulesLastUpdated'] = $lastUpdated;
}
$data['isPaid'] = (bool) wfConfig::get('isPaid', 0);
return $data;
}
function reverse_lookup() {
$ips = explode( ',', $_POST['ips'] );
$res = array();
@ -878,7 +1101,7 @@ class MainWP_Child_Wordfence {
if ( wfUtils::getIP() === $IP ) {
return array( 'err' => 1, 'errorMsg' => "You can't block your own IP address." );
}
if ( self::getLog()->isWhitelisted( $IP ) ) {
if ( wordfence::getLog()->isWhitelisted( $IP ) ) {
return array(
'err' => 1,
'errorMsg' => 'The IP address ' . htmlentities( $IP ) . " is whitelisted and can't be blocked or it is in a range of internal IP addresses that Wordfence does not block. You can remove this IP from the whitelist on the Wordfence options page.",
@ -892,7 +1115,7 @@ class MainWP_Child_Wordfence {
);
}
}
self::getLog()->blockIP( $IP, $_POST['reason'], false, $perm );
wordfence::getLog()->blockIP( $IP, $_POST['reason'], false, $perm );
return array( 'ok' => 1 );
}
@ -900,7 +1123,7 @@ class MainWP_Child_Wordfence {
function unblock_ip() {
if ( isset( $_POST['IP'] ) ) {
$IP = $_POST['IP'];
self::getLog()->unblockIP( $IP );
wordfence::getLog()->unblockIP( $IP );
return array( 'ok' => 1 );
}
@ -908,7 +1131,7 @@ class MainWP_Child_Wordfence {
public function load_static_panel() {
$mode = $_POST['mode'];
$wfLog = self::getLog();
$wfLog = wordfence::getLog();
if ( 'topScanners' === $mode || 'topLeechers' === $mode ) {
$results = $wfLog->getLeechers( $mode );
} else if ( 'blockedIPs' === $mode ) {
@ -1207,4 +1430,372 @@ class MainWP_Child_Wordfence {
$return['ok'] = 1;
return $return;
}
public function getDiagnostics() {
$diagnostic = new wfDiagnostic;
$plugins = get_plugins();
$activePlugins = array_flip(get_option('active_plugins'));
$activeNetworkPlugins = is_multisite() ? array_flip(wp_get_active_network_plugins()) : array();
$muPlugins = get_mu_plugins();
$themes = wp_get_themes();
$currentTheme = wp_get_theme();
$cols = 3;
$w = new wfConfig();
$inEmail = false;
ob_start();
?>
<form id="wfConfigForm">
<table class="wf-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<?php foreach ($diagnostic->getResults() as $title => $tests): ?>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>"><?php echo esc_html($title) ?></th>
</tr>
</tbody>
<tbody>
<?php foreach ($tests as $result): ?>
<tr>
<td style="width: 75%;"
colspan="<?php echo $cols - 1 ?>"><?php echo wp_kses($result['label'], array(
'code' => array(),
'strong' => array(),
'em' => array(),
'a' => array('href' => true),
)) ?></td>
<?php if ($result['test']): ?>
<td class="success"><?php echo esc_html($result['message']) ?></td>
<?php else: ?>
<td class="error"><?php echo esc_html($result['message']) ?></td>
<?php endif ?>
</tr>
<?php endforeach ?>
</tbody>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<?php endforeach ?>
<tbody class="thead">
<tr>
<th>IPs</th>
<th>Value</th>
<th>Used</th>
</tr>
</tbody>
<tbody>
<?php
$howGet = wfConfig::get('howGetIPs', false);
list($currentIP, $currentServerVarForIP) = wfUtils::getIPAndServerVarible();
foreach (array(
'REMOTE_ADDR' => 'REMOTE_ADDR',
'HTTP_CF_CONNECTING_IP' => 'CF-Connecting-IP',
'HTTP_X_REAL_IP' => 'X-Real-IP',
'HTTP_X_FORWARDED_FOR' => 'X-Forwarded-For',
) as $variable => $label): ?>
<tr>
<td><?php echo $label ?></td>
<td><?php echo esc_html(array_key_exists($variable, $_SERVER) ? $_SERVER[$variable] : '(not set)') ?></td>
<?php if ($currentServerVarForIP && $currentServerVarForIP === $variable): ?>
<td class="success">In use</td>
<?php elseif ($howGet === $variable): ?>
<td class="error">Configured, but not valid</td>
<?php else: ?>
<td></td>
<?php endif ?>
</tr>
<?php endforeach ?>
</tbody>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>">WordPress</th>
</tr>
</tbody>
<tbody>
<?php
require(ABSPATH . 'wp-includes/version.php');
$postRevisions = (defined('WP_POST_REVISIONS') ? WP_POST_REVISIONS : true);
$wordPressValues = array(
'WordPress Version' => array('description' => '', 'value' => $wp_version),
'WP_DEBUG' => array('description' => 'WordPress debug mode', 'value' => (defined('WP_DEBUG') && WP_DEBUG ? 'On' : 'Off')),
'WP_DEBUG_LOG' => array('description' => 'WordPress error logging override', 'value' => defined('WP_DEBUG_LOG') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'),
'WP_DEBUG_DISPLAY' => array('description' => 'WordPress error display override', 'value' => defined('WP_DEBUG_DISPLAY') ? (WP_DEBUG_LOG ? 'Enabled' : 'Disabled') : '(not set)'),
'SCRIPT_DEBUG' => array('description' => 'WordPress script debug mode', 'value' => (defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? 'On' : 'Off')),
'SAVEQUERIES' => array('description' => 'WordPress query debug mode', 'value' => (defined('SAVEQUERIES') && SAVEQUERIES ? 'On' : 'Off')),
'DB_CHARSET' => 'Database character set',
'DB_COLLATE' => 'Database collation',
'WP_SITEURL' => 'Explicitly set site URL',
'WP_HOME' => 'Explicitly set blog URL',
'WP_CONTENT_DIR' => array('description' => '"wp-content" folder is in default location', 'value' => (realpath(WP_CONTENT_DIR) === realpath(ABSPATH . 'wp-content') ? 'Yes' : 'No')),
'WP_CONTENT_URL' => 'URL to the "wp-content" folder',
'WP_PLUGIN_DIR' => array('description' => '"plugins" folder is in default location', 'value' => (realpath(WP_PLUGIN_DIR) === realpath(ABSPATH . 'wp-content/plugins') ? 'Yes' : 'No')),
'WP_LANG_DIR' => array('description' => '"languages" folder is in default location', 'value' => (realpath(WP_LANG_DIR) === realpath(ABSPATH . 'wp-content/languages') ? 'Yes' : 'No')),
'WPLANG' => 'Language choice',
'UPLOADS' => 'Custom upload folder location',
'TEMPLATEPATH' => array('description' => 'Theme template folder override', 'value' => (defined('TEMPLATEPATH') && realpath(get_template_directory()) !== realpath(TEMPLATEPATH) ? 'Overridden' : '(not set)')),
'STYLESHEETPATH' => array('description' => 'Theme stylesheet folder override', 'value' => (defined('STYLESHEETPATH') && realpath(get_stylesheet_directory()) !== realpath(STYLESHEETPATH) ? 'Overridden' : '(not set)')),
'AUTOSAVE_INTERVAL' => 'Post editing automatic saving interval',
'WP_POST_REVISIONS' => array('description' => 'Post revisions saved by WordPress', 'value' => is_numeric($postRevisions) ? $postRevisions : ($postRevisions ? 'Unlimited' : 'None')),
'COOKIE_DOMAIN' => 'WordPress cookie domain',
'COOKIEPATH' => 'WordPress cookie path',
'SITECOOKIEPATH' => 'WordPress site cookie path',
'ADMIN_COOKIE_PATH' => 'WordPress admin cookie path',
'PLUGINS_COOKIE_PATH' => 'WordPress plugins cookie path',
'WP_ALLOW_MULTISITE' => array('description' => 'Multisite/network ability enabled', 'value' => (defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE ? 'Yes' : 'No')),
'NOBLOGREDIRECT' => 'URL redirected to if the visitor tries to access a nonexistent blog',
'CONCATENATE_SCRIPTS' => array('description' => 'Concatenate JavaScript files', 'value' => (defined('CONCATENATE_SCRIPTS') && CONCATENATE_SCRIPTS ? 'Yes' : 'No')),
'WP_MEMORY_LIMIT' => 'WordPress memory limit',
'WP_MAX_MEMORY_LIMIT' => 'Administrative memory limit',
'WP_CACHE' => array('description' => 'Built-in caching', 'value' => (defined('WP_CACHE') && WP_CACHE ? 'Enabled' : 'Disabled')),
'CUSTOM_USER_TABLE' => array('description' => 'Custom "users" table', 'value' => (defined('CUSTOM_USER_TABLE') ? 'Set' : '(not set)')),
'CUSTOM_USER_META_TABLE' => array('description' => 'Custom "usermeta" table', 'value' => (defined('CUSTOM_USER_META_TABLE') ? 'Set' : '(not set)')),
'FS_CHMOD_DIR' => array('description' => 'Overridden permissions for a new folder', 'value' => defined('FS_CHMOD_DIR') ? decoct(FS_CHMOD_DIR) : '(not set)'),
'FS_CHMOD_FILE' => array('description' => 'Overridden permissions for a new file', 'value' => defined('FS_CHMOD_FILE') ? decoct(FS_CHMOD_FILE) : '(not set)'),
'ALTERNATE_WP_CRON' => array('description' => 'Alternate WP cron', 'value' => (defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON ? 'Enabled' : 'Disabled')),
'DISABLE_WP_CRON' => array('description' => 'WP cron status', 'value' => (defined('DISABLE_WP_CRON') && DISABLE_WP_CRON ? 'Disabled' : 'Enabled')),
'WP_CRON_LOCK_TIMEOUT' => 'Cron running frequency lock',
'EMPTY_TRASH_DAYS' => array('description' => 'Interval the trash is automatically emptied at in days', 'value' => (EMPTY_TRASH_DAYS > 0 ? EMPTY_TRASH_DAYS : 'Never')),
'WP_ALLOW_REPAIR' => array('description' => 'Automatic database repair', 'value' => (defined('WP_ALLOW_REPAIR') && WP_ALLOW_REPAIR ? 'Enabled' : 'Disabled')),
'DO_NOT_UPGRADE_GLOBAL_TABLES' => array('description' => 'Do not upgrade global tables', 'value' => (defined('DO_NOT_UPGRADE_GLOBAL_TABLES') && DO_NOT_UPGRADE_GLOBAL_TABLES ? 'Yes' : 'No')),
'DISALLOW_FILE_EDIT' => array('description' => 'Disallow plugin/theme editing', 'value' => (defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? 'Yes' : 'No')),
'DISALLOW_FILE_MOD' => array('description' => 'Disallow plugin/theme update and installation', 'value' => (defined('DISALLOW_FILE_MOD') && DISALLOW_FILE_MOD ? 'Yes' : 'No')),
'IMAGE_EDIT_OVERWRITE' => array('description' => 'Overwrite image edits when restoring the original', 'value' => (defined('IMAGE_EDIT_OVERWRITE') && IMAGE_EDIT_OVERWRITE ? 'Yes' : 'No')),
'FORCE_SSL_ADMIN' => array('description' => 'Force SSL for administrative logins', 'value' => (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN ? 'Yes' : 'No')),
'WP_HTTP_BLOCK_EXTERNAL' => array('description' => 'Block external URL requests', 'value' => (defined('WP_HTTP_BLOCK_EXTERNAL') && WP_HTTP_BLOCK_EXTERNAL ? 'Yes' : 'No')),
'WP_ACCESSIBLE_HOSTS' => 'Whitelisted hosts',
'WP_AUTO_UPDATE_CORE' => array('description' => 'Automatic WP Core updates', 'value' => defined('WP_AUTO_UPDATE_CORE') ? (is_bool(WP_AUTO_UPDATE_CORE) ? (WP_AUTO_UPDATE_CORE ? 'Everything' : 'None') : WP_AUTO_UPDATE_CORE) : 'Default'),
);
foreach ($wordPressValues as $settingName => $settingData):
$escapedName = esc_html($settingName);
$escapedDescription = '';
$escapedValue = '(not set)';
if (is_array($settingData)) {
$escapedDescription = esc_html($settingData['description']);
if (isset($settingData['value'])) {
$escapedValue = esc_html($settingData['value']);
}
}
else {
$escapedDescription = esc_html($settingData);
if (defined($settingName)) {
$escapedValue = esc_html(constant($settingName));
}
}
?>
<tr>
<td><strong><?php echo $escapedName ?></strong></td>
<td><?php echo $escapedDescription ?></td>
<td><?php echo $escapedValue ?></td>
</tr>
<?php endforeach ?>
</tbody>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>">WordPress Plugins</th>
</tr>
</tbody>
<tbody>
<?php foreach ($plugins as $plugin => $pluginData): ?>
<tr>
<td colspan="<?php echo $cols - 1 ?>"><strong><?php echo esc_html($pluginData['Name']) ?></strong>
<?php if (!empty($pluginData['Version'])): ?>
- Version <?php echo esc_html($pluginData['Version']) ?>
<?php endif ?>
</td>
<?php if (array_key_exists(trailingslashit(WP_PLUGIN_DIR) . $plugin, $activeNetworkPlugins)): ?>
<td class="success">Network Activated</td>
<?php elseif (array_key_exists($plugin, $activePlugins)): ?>
<td class="success">Active</td>
<?php else: ?>
<td class="inactive">Inactive</td>
<?php endif ?>
</tr>
<?php endforeach ?>
</tbody>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>">Must-Use WordPress Plugins</th>
</tr>
</tbody>
<?php if (!empty($muPlugins)): ?>
<tbody>
<?php foreach ($muPlugins as $plugin => $pluginData): ?>
<tr>
<td colspan="<?php echo $cols - 1 ?>">
<strong><?php echo esc_html($pluginData['Name']) ?></strong>
<?php if (!empty($pluginData['Version'])): ?>
- Version <?php echo esc_html($pluginData['Version']) ?>
<?php endif ?>
</td>
<td class="success">Active</td>
</tr>
<?php endforeach ?>
</tbody>
<?php else: ?>
<tbody>
<tr>
<td colspan="<?php echo $cols ?>">No MU-Plugins</td>
</tr>
</tbody>
<?php endif ?>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>">Themes</th>
</tr>
</tbody>
<?php if (!empty($themes)): ?>
<tbody>
<?php foreach ($themes as $theme => $themeData): ?>
<tr>
<td colspan="<?php echo $cols - 1 ?>">
<strong><?php echo esc_html($themeData['Name']) ?></strong>
Version <?php echo esc_html($themeData['Version']) ?></td>
<?php if ($currentTheme instanceof WP_Theme && $theme === $currentTheme->get_stylesheet()): ?>
<td class="success">Active</td>
<?php else: ?>
<td class="inactive">Inactive</td>
<?php endif ?>
</tr>
<?php endforeach ?>
</tbody>
<?php else: ?>
<tbody>
<tr>
<td colspan="<?php echo $cols ?>">No MU-Plugins</td>
</tr>
</tbody>
<?php endif ?>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $cols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $cols ?>">Cron Jobs</th>
</tr>
</tbody>
<tbody>
<?php
$cron = _get_cron_array();
foreach ($cron as $timestamp => $values) {
if (is_array($values)) {
foreach ($values as $cron_job => $v) {
if (is_numeric($timestamp)) {
?>
<tr>
<td colspan="<?php echo $cols - 1 ?>"><?php echo esc_html(date('r', $timestamp)) ?></td>
<td><?php echo esc_html($cron_job) ?></td>
</tr>
<?php
}
}
}
}
?>
</tbody>
</table>
<?php
$wfdb = new wfDB();
$q = $wfdb->querySelect("show table status");
if ($q):
$databaseCols = count($q[0]);
?>
<div style="max-width: 100%; overflow: auto; padding: 1px;">
<table class="wf-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<tbody class="empty-row">
<tr>
<td colspan="<?php echo $databaseCols ?>"></td>
</tr>
</tbody>
<tbody class="thead">
<tr>
<th colspan="<?php echo $databaseCols ?>">Database Tables</th>
</tr>
</tbody>
<tbody class="thead thead-subhead" style="font-size: 85%">
<?php
$val = array_shift($q);
?>
<tr>
<?php foreach ($val as $tkey => $tval): ?>
<th><?php echo esc_html($tkey) ?></th>
<?php endforeach; ?>
</tr>
</tbody>
<tbody style="font-size: 85%">
<?php
foreach ($q as $val): ?>
<tr>
<?php foreach ($val as $tkey => $tval): ?>
<td><?php echo esc_html($tval) ?></td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif ?>
</form>
</div>
<?php
$html = ob_get_clean();
return array('ok' => 1, 'html' => $html);
}
public static function updateWAFRules() {
$event = new wfWAFCronFetchRulesEvent(time() - 2);
$event->setWaf(wfWAF::getInstance());
$event->fire();
$isPaid = (bool) wfConfig::get('isPaid', 0);
//return self::_getWAFData();
return array('ok' => 1, 'isPaid' => $isPaid );
}
public static function save_debugging_config() {
$settings = $_POST['settings'];
foreach (self::$diagnosticParams as $param) {
if (isset($settings[$param])) {
wfConfig::set( $param, $settings[$param] );
}
}
return array('ok' => 1 );
}
}

17
class/class-mainwp-child.php
View file

@ -84,7 +84,7 @@ if ( isset( $_GET['skeleton_keyuse_nonce_key'] ) && isset( $_GET['skeleton_keyus
}
class MainWP_Child {
public static $version = '3.1.5';
public static $version = '3.1.6';
private $update_version = '1.3';
private $callableFunctions = array(
@ -146,8 +146,7 @@ class MainWP_Child {
'wp_rocket' => 'wp_rocket',
'settings_tools' => 'settings_tools',
'skeleton_key' => 'skeleton_key',
'custom_post_type' => 'custom_post_type',
//'backup_buddy' => 'backup_buddy'
'custom_post_type' => 'custom_post_type'
);
private $FTP_ERROR = 'Failed, please add FTP details for automatic upgrades.';
@ -1250,7 +1249,7 @@ class MainWP_Child {
MainWP_Child_Back_WP_Up::Instance()->init();
// MainWP_Child_Back_Up_Buddy::Instance()->init();
//Call the function required
if ( $auth && isset( $_POST['function'] ) && isset( $this->callableFunctions[ $_POST['function'] ] ) ) {
define( 'DOING_CRON', true );
@ -3197,11 +3196,11 @@ class MainWP_Child {
$tokens = array();
if ( is_array( $extra ) && isset( $extra['tokens'] ) ) {
$tokens = $extra['tokens'];
if ( 1 === $extra['extract_post_type'] ) {
if ( 1 == $extra['extract_post_type'] ) {
$args['post_type'] = 'post';
} else if ( 2 === $extra['extract_post_type'] ) {
} else if ( 2 == $extra['extract_post_type'] ) {
$args['post_type'] = 'page';
} else if ( 3 === $extra['extract_post_type'] ) {
} else if ( 3 == $extra['extract_post_type'] ) {
$args['post_type'] = array( 'post', 'page' );
}
}
@ -4637,10 +4636,6 @@ class MainWP_Child {
MainWP_Child_Skeleton_Key::Instance()->action();
}
// function backup_buddy() {
// MainWP_Child_Back_Up_Buddy::Instance()->action();
// }
function custom_post_type() {
MainWP_Custom_Post_Type::Instance()->action();
}

2
mainwp-child.php
View file

@ -6,7 +6,7 @@
Author: MainWP
Author URI: http://mainwp.com
Text Domain: mainwp-child
Version: 3.1.6-alpha
Version: 3.1.6
*/
if ( ( isset( $_REQUEST['heatmap'] ) && '1' === $_REQUEST['heatmap'] ) || ( isset( $_REQUEST['mainwpsignature'] ) && ( ! empty( $_REQUEST['mainwpsignature'] ) ) ) ) {
header( 'X-Frame-Options: ALLOWALL' );