mainwp/mainwp-child
1
0
Fork 0
mirror of https://github.com/mainwp/mainwp-child.git synced 2025-08-31 03:53:15 +08:00
Code Issues Projects Packages Wiki Activity Actions

Fixed: CodeFactor issues

Browse source
This commit is contained in:
Bogdan Rapaić 2020-04-20 19:00:37 +02:00 committed by GitHub
parent e91b1612c4
commit f5f8f6d920
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 62 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

140
class/class-mainwp-child-vulnerability-checker.php
View file

@ -1,7 +1,5 @@
<?php
/*
*
/**
* Credits
*
* Plugin-Name: Vulnerability Alerts
@ -22,7 +20,7 @@ class MainWP_Child_Vulnerability_Checker {
private $wpvulndb_api = 'https://wpvulndb.com/api/v3/';
private $wpvulndb_token = false;
static function Instance() {
public static function Instance() {
if ( null === self::$instance ) {
self::$instance = new MainWP_Child_Vulnerability_Checker();
}
@ -30,12 +28,11 @@ class MainWP_Child_Vulnerability_Checker {
}
public function __construct() {
$this->wpvulndb_token = get_option('mainwp_child_wpvulndb_token', '');
$this->wpvulndb_token = get_option( 'mainwp_child_wpvulndb_token', '' );
}
public function action() {
$information = array();
$information = array();
if ( ! empty( $this->wpvulndb_token ) ) {
if ( isset( $_POST['mwp_action'] ) ) {
switch ( $_POST['mwp_action'] ) {
@ -46,15 +43,15 @@ class MainWP_Child_Vulnerability_Checker {
}
}
MainWP_Helper::write( $information );
MainWP_Helper::write( $information );
}
function vulner_recheck() {
public function vulner_recheck() {
$result = array();
$force = ( isset($_POST['force']) && ! empty($_POST['force']) ) ? true : false;
$result['plugin'] = $this->check_plugins($force);
$result['wp'] = $this->check_wp($force);
$result['theme'] = $this->check_themes($force);
$force = ( isset( $_POST['force'] ) && ! empty( $_POST['force'] ) ) ? true : false;
$result['plugin'] = $this->check_plugins( $force );
$result['wp'] = $this->check_wp( $force );
$result['theme'] = $this->check_themes( $force );
$information = array(
'result' => $result,
'ok' => 1,
@ -62,73 +59,71 @@ class MainWP_Child_Vulnerability_Checker {
return $information;
}
function check_plugins( $force = false ) {
public function check_plugins( $force = false ) {
$result = array();
$active_plugins = get_option('active_plugins');
$active_plugins = get_option( 'active_plugins' );
if ( ! empty($active_plugins) ) {
if ( ! empty( $active_plugins ) ) {
foreach ( $active_plugins as $plug ) {
$plugin_file = WP_CONTENT_DIR . '/plugins/' . $plug;
$plugin_info = get_plugin_data($plugin_file);
$plugin_version = isset($plugin_info['Version']) ? $plugin_info['Version'] : '';
$string = explode('/', $plug);
$plug_vuln = get_transient('mainwp_vulnche_trans_plug_' . $string[0]);
$plugin_info = get_plugin_data( $plugin_file );
$plugin_version = isset( $plugin_info['Version'] ) ? $plugin_info['Version'] : '';
$string = explode( '/', $plug );
$plug_vuln = get_transient( 'mainwp_vulnche_trans_plug_' . $string[0] );
if ( false === $plug_vuln || $force ) {
$plug_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'plugins/' . $string[0]);
set_transient('mainwp_vulnche_trans_plug_' . $string[0], $plug_vuln, 1 * DAY_IN_SECONDS);
$plug_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'plugins/' . $string[0] );
set_transient( 'mainwp_vulnche_trans_plug_' . $string[0], $plug_vuln, 1 * DAY_IN_SECONDS );
}
if ( $plug_vuln ) {
$plug_vuln = json_decode($plug_vuln, true);
$plug_vuln = json_decode( $plug_vuln, true );
$plug_vuln_filter = $plug_vuln;
foreach ( $plug_vuln as $slug => $pl_data ) {
if ( isset($pl_data['vulnerabilities']) && count($pl_data['vulnerabilities']) > 0 ) {
if ( isset( $pl_data['vulnerabilities'] ) && count( $pl_data['vulnerabilities'] ) > 0 ) {
$plug_vulner_data = array();
foreach ( $pl_data['vulnerabilities'] as $vuln_data ) {
if ( isset($vuln_data['fixed_in']) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) {
if ( isset( $vuln_data['fixed_in'] ) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) {
continue;
}
$plug_vulner_data[] = $vuln_data;
}
if ( count($plug_vulner_data) == 0 ) {
unset($plug_vuln_filter[ $slug ]);
if ( 0 == count( $plug_vulner_data ) ) {
unset( $plug_vuln_filter[ $slug ] );
} else {
$plug_vuln_filter[ $slug ]['vulnerabilities'] = $plug_vulner_data;
$plug_vuln_filter[ $slug ]['detected_version'] = $plugin_version;
$plug_vuln_filter[ $slug ]['plugin_slug'] = $plug;
}
} else {
unset($plug_vuln_filter[ $slug ]);
unset( $plug_vuln_filter[ $slug ] );
}
}
if ( count($plug_vuln_filter) == 0 ) {
if ( 0 == count( $plug_vuln_filter ) ) {
continue;
}
$plug_vuln = json_encode($plug_vuln_filter);
$plug_vuln = json_encode( $plug_vuln_filter );
} else {
continue;
}
$result[ $plug ] = $plug_vuln;
}
}
return $result;
return $result;
}
function check_wp( $force = false ) {
$wp_vuln = get_transient('mainwp_vulnche_trans_wp_json');
$wp_version = str_replace('.', '', get_bloginfo('version'));
public function check_wp( $force = false ) {
$wp_vuln = get_transient( 'mainwp_vulnche_trans_wp_json' );
$wp_version = str_replace( '.', '', get_bloginfo( 'version' ) );
if ( false === $wp_vuln || $force ) {
$wp_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'wordpresses/' . $wp_version);
set_transient('mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS);
$wp_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'wordpresses/' . $wp_version );
set_transient( 'mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS );
}
return $wp_vuln;
return $wp_vuln;
}
function check_themes( $force = false ) {
public function check_themes( $force = false ) {
require_once ABSPATH . 'wp-admin/includes/misc.php';
require_once ABSPATH . 'wp-admin/includes/theme.php';
@ -140,53 +135,46 @@ class MainWP_Child_Vulnerability_Checker {
}
wp_reset_vars( array( 'theme', 'search' ) );
$result = array();
if ( ! empty($themes) ) {
if ( ! empty( $themes ) ) {
foreach ( $themes as $th ) {
if ( empty($th['parent']) ) {
$th_vuln = get_transient('mainwp_vulnche_trans_theme_' . $th['id']);
if ( empty( $th['parent'] ) ) {
$th_vuln = get_transient( 'mainwp_vulnche_trans_theme_' . $th['id'] );
if ( false === $th_vuln || $force ) {
$th_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'themes/' . $th['id']);
set_transient('mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS);
$th_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'themes/' . $th['id'] );
set_transient( 'mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS );
}
if ( $th_vuln ) {
$th_vuln = json_decode($th_vuln, true);
$th_vuln = json_decode( $th_vuln, true );
$th_vuln_filter = $th_vuln;
foreach ( $th_vuln as $slug => $th_data ) {
if ( isset($th_data['vulnerabilities']) && count($th_data['vulnerabilities']) > 0 ) {
if ( isset( $th_data['vulnerabilities'] ) && count( $th_data['vulnerabilities'] ) > 0 ) {
$th_vulner_data = array();
foreach ( $th_data['vulnerabilities'] as $vuln_data ) {
if ( empty($vuln_data) ) {
if ( empty( $vuln_data ) ) {
continue;
}
if ( isset($vuln_data['fixed_in']) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {
if ( isset( $vuln_data['fixed_in'] ) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {
continue;
}
$th_vulner_data[] = $vuln_data;
}
if ( count($th_vulner_data) == 0 ) {
unset($th_vuln_filter[ $slug ]);
if ( 0 == count( $th_vulner_data ) ) {
unset( $th_vuln_filter[ $slug ] );
} else {
$th_vuln_filter[ $slug ]['vulnerabilities'] = $th_vulner_data;
}
} else {
unset($th_vuln_filter[ $slug ]);
unset( $th_vuln_filter[ $slug ] );
}
}
if ( count($th_vuln_filter) == 0 ) {
if ( 0 == count( $th_vuln_filter ) ) {
continue;
}
$th_vuln = json_encode($th_vuln_filter);
$th_vuln = json_encode( $th_vuln_filter );
} else {
continue;
}
$result[ $th['id'] ]['vulner_data'] = $th_vuln;
$result[ $th['id'] ]['name'] = $th['name'];
$result[ $th['id'] ]['author'] = $th['author'];
@ -198,29 +186,26 @@ class MainWP_Child_Vulnerability_Checker {
}
function vulnche_get_content( $url ) {
public function vulnche_get_content( $url ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Authorization: Token token=' . $this->wpvulndb_token ) );
curl_setopt( $ch, CURLOPT_USERAGENT, $this->get_random_user_agent() );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization: Token token=' . $this->wpvulndb_token ));
curl_setopt($ch, CURLOPT_USERAGENT, $this->get_random_user_agent());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec( $ch );
$info = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
$output = curl_exec($ch);
$info = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close( $ch );
curl_close($ch);
if ( $output === false || $info != 200 ) {
if ( false === $output || 200 != $info ) {
$output = null;
}
return $output;
}
function get_random_user_agent() {
public function get_random_user_agent() {
$someUA = array(
'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0',
@ -235,11 +220,10 @@ class MainWP_Child_Vulnerability_Checker {
'Mozilla/4.01 (compatible; MSIE 6.0; Windows NT 5.1)',
);
srand( (float) microtime() * 1000000);
srand( (float) microtime() * 1000000 );
return $someUA[ rand(0, count($someUA) - 1) ];
return $someUA[ rand( 0, count( $someUA ) - 1 ) ];
}
}