mainwp/mainwp-child
1
0
Fork 0
mirror of https://github.com/mainwp/mainwp-child.git synced 2025-09-01 03:58:07 +08:00
Code Issues Projects Packages Wiki Activity Actions

Fixed: CodeFactor issues

Browse source
This commit is contained in:
Bogdan Rapaić 2020-04-20 19:00:37 +02:00 committed by GitHub
parent e91b1612c4
commit f5f8f6d920
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 62 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

140
class/class-mainwp-child-vulnerability-checker.php
View file

@ -1,7 +1,5 @@
<?php <?php
/**
/*
*
* Credits * Credits
* *
* Plugin-Name: Vulnerability Alerts * Plugin-Name: Vulnerability Alerts
@ -22,7 +20,7 @@ class MainWP_Child_Vulnerability_Checker {
private $wpvulndb_api = 'https://wpvulndb.com/api/v3/'; private $wpvulndb_api = 'https://wpvulndb.com/api/v3/';
private $wpvulndb_token = false; private $wpvulndb_token = false;
static function Instance() { public static function Instance() {
if ( null === self::$instance ) { if ( null === self::$instance ) {
self::$instance = new MainWP_Child_Vulnerability_Checker(); self::$instance = new MainWP_Child_Vulnerability_Checker();
} }
@ -30,12 +28,11 @@ class MainWP_Child_Vulnerability_Checker {
} }
public function __construct() { public function __construct() {
$this->wpvulndb_token = get_option('mainwp_child_wpvulndb_token', ''); $this->wpvulndb_token = get_option( 'mainwp_child_wpvulndb_token', '' );
} }
public function action() { public function action() {
$information = array(); $information = array();
if ( ! empty( $this->wpvulndb_token ) ) { if ( ! empty( $this->wpvulndb_token ) ) {
if ( isset( $_POST['mwp_action'] ) ) { if ( isset( $_POST['mwp_action'] ) ) {
switch ( $_POST['mwp_action'] ) { switch ( $_POST['mwp_action'] ) {
@ -46,15 +43,15 @@ class MainWP_Child_Vulnerability_Checker {
} }
} }
MainWP_Helper::write( $information ); MainWP_Helper::write( $information );
} }
function vulner_recheck() { public function vulner_recheck() {
$result = array(); $result = array();
$force = ( isset($_POST['force']) && ! empty($_POST['force']) ) ? true : false; $force = ( isset( $_POST['force'] ) && ! empty( $_POST['force'] ) ) ? true : false;
$result['plugin'] = $this->check_plugins($force); $result['plugin'] = $this->check_plugins( $force );
$result['wp'] = $this->check_wp($force); $result['wp'] = $this->check_wp( $force );
$result['theme'] = $this->check_themes($force); $result['theme'] = $this->check_themes( $force );
$information = array( $information = array(
'result' => $result, 'result' => $result,
'ok' => 1, 'ok' => 1,
@ -62,73 +59,71 @@ class MainWP_Child_Vulnerability_Checker {
return $information; return $information;
} }
function check_plugins( $force = false ) { public function check_plugins( $force = false ) {
$result = array(); $result = array();
$active_plugins = get_option('active_plugins'); $active_plugins = get_option( 'active_plugins' );
if ( ! empty($active_plugins) ) { if ( ! empty( $active_plugins ) ) {
foreach ( $active_plugins as $plug ) { foreach ( $active_plugins as $plug ) {
$plugin_file = WP_CONTENT_DIR . '/plugins/' . $plug; $plugin_file = WP_CONTENT_DIR . '/plugins/' . $plug;
$plugin_info = get_plugin_data($plugin_file); $plugin_info = get_plugin_data( $plugin_file );
$plugin_version = isset($plugin_info['Version']) ? $plugin_info['Version'] : ''; $plugin_version = isset( $plugin_info['Version'] ) ? $plugin_info['Version'] : '';
$string = explode('/', $plug); $string = explode( '/', $plug );
$plug_vuln = get_transient('mainwp_vulnche_trans_plug_' . $string[0]); $plug_vuln = get_transient( 'mainwp_vulnche_trans_plug_' . $string[0] );
if ( false === $plug_vuln || $force ) { if ( false === $plug_vuln || $force ) {
$plug_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'plugins/' . $string[0]); $plug_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'plugins/' . $string[0] );
set_transient('mainwp_vulnche_trans_plug_' . $string[0], $plug_vuln, 1 * DAY_IN_SECONDS); set_transient( 'mainwp_vulnche_trans_plug_' . $string[0], $plug_vuln, 1 * DAY_IN_SECONDS );
} }
if ( $plug_vuln ) { if ( $plug_vuln ) {
$plug_vuln = json_decode($plug_vuln, true); $plug_vuln = json_decode( $plug_vuln, true );
$plug_vuln_filter = $plug_vuln; $plug_vuln_filter = $plug_vuln;
foreach ( $plug_vuln as $slug => $pl_data ) { foreach ( $plug_vuln as $slug => $pl_data ) {
if ( isset($pl_data['vulnerabilities']) && count($pl_data['vulnerabilities']) > 0 ) { if ( isset( $pl_data['vulnerabilities'] ) && count( $pl_data['vulnerabilities'] ) > 0 ) {
$plug_vulner_data = array(); $plug_vulner_data = array();
foreach ( $pl_data['vulnerabilities'] as $vuln_data ) { foreach ( $pl_data['vulnerabilities'] as $vuln_data ) {
if ( isset($vuln_data['fixed_in']) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) { if ( isset( $vuln_data['fixed_in'] ) && version_compare( $plugin_version, $vuln_data['fixed_in'] ) >= 0 ) {
continue; continue;
} }
$plug_vulner_data[] = $vuln_data; $plug_vulner_data[] = $vuln_data;
} }
if ( count($plug_vulner_data) == 0 ) { if ( 0 == count( $plug_vulner_data ) ) {
unset($plug_vuln_filter[ $slug ]); unset( $plug_vuln_filter[ $slug ] );
} else { } else {
$plug_vuln_filter[ $slug ]['vulnerabilities'] = $plug_vulner_data; $plug_vuln_filter[ $slug ]['vulnerabilities'] = $plug_vulner_data;
$plug_vuln_filter[ $slug ]['detected_version'] = $plugin_version; $plug_vuln_filter[ $slug ]['detected_version'] = $plugin_version;
$plug_vuln_filter[ $slug ]['plugin_slug'] = $plug; $plug_vuln_filter[ $slug ]['plugin_slug'] = $plug;
} }
} else { } else {
unset($plug_vuln_filter[ $slug ]); unset( $plug_vuln_filter[ $slug ] );
} }
} }
if ( count($plug_vuln_filter) == 0 ) { if ( 0 == count( $plug_vuln_filter ) ) {
continue; continue;
} }
$plug_vuln = json_encode($plug_vuln_filter); $plug_vuln = json_encode( $plug_vuln_filter );
} else { } else {
continue; continue;
} }
$result[ $plug ] = $plug_vuln; $result[ $plug ] = $plug_vuln;
} }
} }
return $result; return $result;
} }
function check_wp( $force = false ) { public function check_wp( $force = false ) {
$wp_vuln = get_transient('mainwp_vulnche_trans_wp_json'); $wp_vuln = get_transient( 'mainwp_vulnche_trans_wp_json' );
$wp_version = str_replace('.', '', get_bloginfo('version')); $wp_version = str_replace( '.', '', get_bloginfo( 'version' ) );
if ( false === $wp_vuln || $force ) { if ( false === $wp_vuln || $force ) {
$wp_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'wordpresses/' . $wp_version); $wp_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'wordpresses/' . $wp_version );
set_transient('mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS); set_transient( 'mainwp_vulnche_trans_wp_json', $wp_vuln, 1 * DAY_IN_SECONDS );
} }
return $wp_vuln; return $wp_vuln;
} }
function check_themes( $force = false ) { public function check_themes( $force = false ) {
require_once ABSPATH . 'wp-admin/includes/misc.php'; require_once ABSPATH . 'wp-admin/includes/misc.php';
require_once ABSPATH . 'wp-admin/includes/theme.php'; require_once ABSPATH . 'wp-admin/includes/theme.php';
@ -140,53 +135,46 @@ class MainWP_Child_Vulnerability_Checker {
} }
wp_reset_vars( array( 'theme', 'search' ) ); wp_reset_vars( array( 'theme', 'search' ) );
$result = array(); $result = array();
if ( ! empty($themes) ) { if ( ! empty( $themes ) ) {
foreach ( $themes as $th ) { foreach ( $themes as $th ) {
if ( empty($th['parent']) ) { if ( empty( $th['parent'] ) ) {
$th_vuln = get_transient('mainwp_vulnche_trans_theme_' . $th['id']); $th_vuln = get_transient( 'mainwp_vulnche_trans_theme_' . $th['id'] );
if ( false === $th_vuln || $force ) { if ( false === $th_vuln || $force ) {
$th_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'themes/' . $th['id']); $th_vuln = $this->vulnche_get_content( $this->wpvulndb_api . 'themes/' . $th['id'] );
set_transient('mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS); set_transient( 'mainwp_vulnche_trans_theme_' . $th['id'], $th_vuln, 1 * DAY_IN_SECONDS );
} }
if ( $th_vuln ) { if ( $th_vuln ) {
$th_vuln = json_decode($th_vuln, true); $th_vuln = json_decode( $th_vuln, true );
$th_vuln_filter = $th_vuln; $th_vuln_filter = $th_vuln;
foreach ( $th_vuln as $slug => $th_data ) { foreach ( $th_vuln as $slug => $th_data ) {
if ( isset($th_data['vulnerabilities']) && count($th_data['vulnerabilities']) > 0 ) { if ( isset( $th_data['vulnerabilities'] ) && count( $th_data['vulnerabilities'] ) > 0 ) {
$th_vulner_data = array(); $th_vulner_data = array();
foreach ( $th_data['vulnerabilities'] as $vuln_data ) { foreach ( $th_data['vulnerabilities'] as $vuln_data ) {
if ( empty($vuln_data) ) { if ( empty( $vuln_data ) ) {
continue; continue;
} }
if ( isset( $vuln_data['fixed_in'] ) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {
if ( isset($vuln_data['fixed_in']) && version_compare( $th['version'], $vuln_data['fixed_in'] ) >= 0 ) {
continue; continue;
} }
$th_vulner_data[] = $vuln_data; $th_vulner_data[] = $vuln_data;
} }
if ( 0 == count( $th_vulner_data ) ) {
if ( count($th_vulner_data) == 0 ) { unset( $th_vuln_filter[ $slug ] );
unset($th_vuln_filter[ $slug ]);
} else { } else {
$th_vuln_filter[ $slug ]['vulnerabilities'] = $th_vulner_data; $th_vuln_filter[ $slug ]['vulnerabilities'] = $th_vulner_data;
} }
} else { } else {
unset($th_vuln_filter[ $slug ]); unset( $th_vuln_filter[ $slug ] );
} }
} }
if ( 0 == count( $th_vuln_filter ) ) {
if ( count($th_vuln_filter) == 0 ) {
continue; continue;
} }
$th_vuln = json_encode( $th_vuln_filter );
$th_vuln = json_encode($th_vuln_filter);
} else { } else {
continue; continue;
} }
$result[ $th['id'] ]['vulner_data'] = $th_vuln; $result[ $th['id'] ]['vulner_data'] = $th_vuln;
$result[ $th['id'] ]['name'] = $th['name']; $result[ $th['id'] ]['name'] = $th['name'];
$result[ $th['id'] ]['author'] = $th['author']; $result[ $th['id'] ]['author'] = $th['author'];
@ -198,29 +186,26 @@ class MainWP_Child_Vulnerability_Checker {
} }
function vulnche_get_content( $url ) { public function vulnche_get_content( $url ) {
$ch = curl_init(); $ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Authorization: Token token=' . $this->wpvulndb_token ) );
curl_setopt( $ch, CURLOPT_USERAGENT, $this->get_random_user_agent() );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt($ch, CURLOPT_URL, $url); $output = curl_exec( $ch );
curl_setopt($ch, CURLOPT_HEADER, 0); $info = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization: Token token=' . $this->wpvulndb_token ));
curl_setopt($ch, CURLOPT_USERAGENT, $this->get_random_user_agent());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch); curl_close( $ch );
$info = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); if ( false === $output || 200 != $info ) {
if ( $output === false || $info != 200 ) {
$output = null; $output = null;
} }
return $output; return $output;
} }
public function get_random_user_agent() {
function get_random_user_agent() {
$someUA = array( $someUA = array(
'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0',
@ -235,11 +220,10 @@ class MainWP_Child_Vulnerability_Checker {
'Mozilla/4.01 (compatible; MSIE 6.0; Windows NT 5.1)', 'Mozilla/4.01 (compatible; MSIE 6.0; Windows NT 5.1)',
); );
srand( (float) microtime() * 1000000); srand( (float) microtime() * 1000000 );
return $someUA[ rand(0, count($someUA) - 1) ]; return $someUA[ rand( 0, count( $someUA ) - 1 ) ];
} }
} }