MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 1.89

Version Description

  • Firewall improvements
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 1.89
Comparing to
See all releases

Code changes from version 1.88 to 1.89

Files changed (12) hide show
  1. admin/main_page.php +1 -1
  2. callback/wings/db.php +3 -0
  3. callback/wings/fw.php +5 -1
  4. callback/wings/info.php +3 -1
  5. fw/config.php +74 -0
  6. fw/fw.php +291 -155
  7. fw/request.php +13 -2
  8. main.php +1 -1
  9. main/db.php +9 -0
  10. malcare.php +1 -1
  11. protect.php +2 -1
  12. readme.txt +3 -0
admin/main_page.php CHANGED
@@ -58,7 +58,7 @@
58
  <select name="purpose" class="bv-input select-purpose" required>
59
  <option value="" hidden>Looking for?</option>
60
  <?php
61
- $signupPurpose = ["Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others"];
62
  foreach($signupPurpose as $value) {
63
  echo "<option value='".$value."'>".$value."</option>";
64
  }
58
  <select name="purpose" class="bv-input select-purpose" required>
59
  <option value="" hidden>Looking for?</option>
60
  <?php
61
+ $signupPurpose = array("Malware Scan", "Malware Clean", "Firewall", "Login Protection", "Others");
62
  foreach($signupPurpose as $value) {
63
  echo "<option value='".$value."'>".$value."</option>";
64
  }
callback/wings/db.php CHANGED
@@ -136,6 +136,9 @@ class BVDBCallback {
136
  case "trttbl":
137
  $bvresp->addStatus("trttbl", $db->truncateBVTable($_REQUEST['name']));
138
  break;
 
 
 
139
  default:
140
  return false;
141
  }
136
  case "trttbl":
137
  $bvresp->addStatus("trttbl", $db->truncateBVTable($_REQUEST['name']));
138
  break;
139
+ case "altrtbl":
140
+ $bvresp->addStatus("altrtbl", $db->alterBVTable($_REQUEST['query'], $_REQUEST['tablename']));
141
+ break;
142
  default:
143
  return false;
144
  }
callback/wings/fw.php CHANGED
@@ -21,6 +21,10 @@ class BVFirewallCallback {
21
  $config->setDisabledRules($_REQUEST['disabled_rules']);
22
  $bvresp->addStatus("disabled_rules", $config->getDisabledRules());
23
  break;
 
 
 
 
24
  case "setrulesmode":
25
  $config->setRulesMode($_REQUEST['rules_mode']);
26
  $bvresp->addStatus("rules_mode", $config->getRulesMode());
@@ -31,4 +35,4 @@ class BVFirewallCallback {
31
  return true;
32
  }
33
  }
34
- endif;
21
  $config->setDisabledRules($_REQUEST['disabled_rules']);
22
  $bvresp->addStatus("disabled_rules", $config->getDisabledRules());
23
  break;
24
+ case "adtrls":
25
+ $config->setAuditRules($_REQUEST['audit_rules']);
26
+ $bvresp->addStatus("audit_rules", $config->getAuditRules());
27
+ break;
28
  case "setrulesmode":
29
  $config->setRulesMode($_REQUEST['rules_mode']);
30
  $bvresp->addStatus("rules_mode", $config->getRulesMode());
35
  return true;
36
  }
37
  }
38
+ endif;
callback/wings/info.php CHANGED
@@ -215,9 +215,11 @@ class BVInfoCallback {
215
  $bvinfo = $bvcb->bvmain->info;
216
  $mode = $bvinfo->getOption('bvfwmode');
217
  $drules = $bvinfo->getOption('bvfwdisabledrules');
 
218
  $rmode = $bvinfo->getOption('bvfwrulesmode');
219
  $config['mode'] = intval($mode ? $mode : 1);
220
  $config['disabled_rules'] = $drules ? $drules : array();
 
221
  $config['rules_mode'] = intval($rmode ? $rmode : 1);
222
  return $config;
223
  }
@@ -289,4 +291,4 @@ class BVInfoCallback {
289
  return true;
290
  }
291
  }
292
- endif;
215
  $bvinfo = $bvcb->bvmain->info;
216
  $mode = $bvinfo->getOption('bvfwmode');
217
  $drules = $bvinfo->getOption('bvfwdisabledrules');
218
+ $arules = $bvinfo->getOption('bvfwauditrules');
219
  $rmode = $bvinfo->getOption('bvfwrulesmode');
220
  $config['mode'] = intval($mode ? $mode : 1);
221
  $config['disabled_rules'] = $drules ? $drules : array();
222
+ $config['audit_rules'] = $arules ? $arules : array();
223
  $config['rules_mode'] = intval($rmode ? $rmode : 1);
224
  return $config;
225
  }
291
  return true;
292
  }
293
  }
294
+ endif;
fw/config.php CHANGED
@@ -2,9 +2,11 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFWConfig')) :
 
5
  class BVFWConfig {
6
  public $bvmain;
7
  public static $requests_table = 'fw_requests';
 
8
 
9
  function __construct($bvmain) {
10
  $this->bvmain = $bvmain;
@@ -15,6 +17,64 @@ class BVFWConfig {
15
  const AUDIT = 2;
16
  const PROTECT = 3;
17
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
18
  public function setMode($mode) {
19
  if (!$mode) {
20
  $this->bvmain->info->deleteOption('bvfwmode');
@@ -39,6 +99,14 @@ class BVFWConfig {
39
  }
40
  }
41
 
 
 
 
 
 
 
 
 
42
  public function getMode() {
43
  $mode = $this->bvmain->info->getOption('bvfwmode');
44
  return intval($mode ? $mode : BVFWConfig::DISABLED);
@@ -54,10 +122,16 @@ class BVFWConfig {
54
  return ($rules ? $rules : array());
55
  }
56
 
 
 
 
 
 
57
  public function clear() {
58
  $this->setMode(false);
59
  $this->setRulesMode(false);
60
  $this->setDisabledRules(false);
 
61
  $this->bvmain->db->dropBVTable(BVFWConfig::$requests_table);
62
  $this->bvmain->info->deleteOption('bvptplug');
63
  return true;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFWConfig')) :
5
+
6
  class BVFWConfig {
7
  public $bvmain;
8
  public static $requests_table = 'fw_requests';
9
+ public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
10
 
11
  function __construct($bvmain) {
12
  $this->bvmain = $bvmain;
17
  const AUDIT = 2;
18
  const PROTECT = 3;
19
 
20
+ #Rule Mode
21
+ const DISABLEDRULE = 1;
22
+ const AUDITRULE = 2;
23
+ const PROTECTRULE = 3;
24
+
25
+ public static function isDisabledRule($mode) {
26
+ return ($mode === BVFWConfig::DISABLEDRULE);
27
+ }
28
+
29
+ public static function isProtectingRule($mode) {
30
+ return ($mode === BVFWConfig::PROTECTRULE);
31
+ }
32
+
33
+ public static function isAuditingRule($mode) {
34
+ return ($mode === BVFWConfig::AUDITRULE);
35
+ }
36
+
37
+ public function isActive() {
38
+ return ($this->getMode() !== BVFWConfig::DISABLED);
39
+ }
40
+
41
+ public function isProtecting() {
42
+ return ($this->getMode() === BVFWConfig::PROTECT);
43
+ }
44
+
45
+ public function isAuditing() {
46
+ return ($this->getMode() === BVFWConfig::AUDIT);
47
+ }
48
+
49
+ public function getRules() {
50
+ $rules = array("audit" => array(), "protect" => array());
51
+ $isAudit = false;
52
+ $rulesMode = $this->getRulesMode();
53
+ if (BVFWConfig::isDisabledRule($rulesMode)) {
54
+ return $rules;
55
+ }
56
+ $isAudit = ($this->isAuditing() || BVFWConfig::isAuditingRule($rulesMode));
57
+ $rulesInfo = array();
58
+ foreach ($this->getAuditRules() as $rule)
59
+ $rulesInfo[$rule] = BVFWConfig::AUDITRULE;
60
+ foreach ($this->getDisabledRules() as $rule)
61
+ $rulesInfo[$rule] = BVFWConfig::DISABLEDRULE;
62
+ foreach (BVFWConfig::$allRules as $rule) {
63
+ if (isset($rulesInfo[$rule])) {
64
+ if (BVFWConfig::isAuditingRule($rulesInfo[$rule])) {
65
+ $rules["audit"][$rule] = BVFWConfig::AUDITRULE;
66
+ }
67
+ } else {
68
+ if ($isAudit) {
69
+ $rules["audit"][$rule] = BVFWConfig::AUDITRULE;
70
+ } else {
71
+ $rules["protect"][$rule] = BVFWConfig::PROTECTRULE;
72
+ }
73
+ }
74
+ }
75
+ return $rules;
76
+ }
77
+
78
  public function setMode($mode) {
79
  if (!$mode) {
80
  $this->bvmain->info->deleteOption('bvfwmode');
99
  }
100
  }
101
 
102
+ public function setAuditRules($rules) {
103
+ if (!$rules) {
104
+ $this->bvmain->info->deleteOption('bvfwauditrules');
105
+ } else {
106
+ $this->bvmain->info->updateOption('bvfwauditrules', $rules);
107
+ }
108
+ }
109
+
110
  public function getMode() {
111
  $mode = $this->bvmain->info->getOption('bvfwmode');
112
  return intval($mode ? $mode : BVFWConfig::DISABLED);
122
  return ($rules ? $rules : array());
123
  }
124
 
125
+ public function getAuditRules() {
126
+ $rules = $this->bvmain->info->getOption('bvfwauditrules');
127
+ return ($rules ? $rules : array());
128
+ }
129
+
130
  public function clear() {
131
  $this->setMode(false);
132
  $this->setRulesMode(false);
133
  $this->setDisabledRules(false);
134
+ $this->setAuditRules(false);
135
  $this->bvmain->db->dropBVTable(BVFWConfig::$requests_table);
136
  $this->bvmain->info->deleteOption('bvptplug');
137
  return true;
fw/fw.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFW')) :
5
-
6
  require_once dirname( __FILE__ ) . '/config.php';
7
  require_once dirname( __FILE__ ) . '/request.php';
8
  require_once dirname( __FILE__ ) . './../ipstore.php';
@@ -14,40 +14,41 @@ class BVFW {
14
  public $ipstore;
15
  public $category;
16
  public $logger;
17
- #all rule id will also come under this
18
-
19
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
- @@HOSTNAME|
21
- ALTER|ANALYZE|ASENSITIVE|
22
- BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
23
- CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
24
- DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
25
- EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
26
- FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
27
- GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
28
- IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
29
- JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
30
- MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
31
- NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
32
- PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
33
- RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
34
- SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
35
- TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
36
- UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
37
- VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
38
- const XSSREGEX = '/(?:
39
- #tags
40
- (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
41
- #protocols
42
- (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
43
- #css expression
44
- (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
45
- #css properties
46
- (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
47
- #properties
48
- (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
49
- )/ix';
50
-
 
51
  public function __construct($bvmain, $ip) {
52
  $this->bvmain = $bvmain;
53
  $this->config = new BVFWConfig($this->bvmain);
@@ -57,8 +58,8 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
57
  }
58
 
59
  public function init() {
60
- if ($this->isActive()) {
61
- $this->execute();
62
  }
63
  add_action('clear_fw_config', array($this->config, 'clear'));
64
  }
@@ -75,27 +76,17 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
75
  }
76
  }
77
 
78
- public function isActive() {
79
- return ($this->config->getMode() !== BVFWConfig::DISABLED);
80
- }
81
-
82
- public function isProtecting() {
83
- return ($this->config->getMode() === BVFWConfig::PROTECT);
84
- }
85
-
86
- public function terminateRequest($category = null) {
87
- if ($category)
88
- $this->request->setCategory($category);
89
  $this->request->setStatus(BVRequest::BLOCKED);
90
  $this->request->setRespCode(403);
91
- if ($this->isProtecting()) {
92
- header("Cache-Control: no-cache, no-store, must-revalidate");
93
- header("Pragma: no-cache");
94
- header("Expires: 0");
95
- header('HTTP/1.0 403 Forbidden');
96
- $this->log();
97
- $brandname = $this->bvmain->getBrandName();
98
- die("
99
  <div style='height: 98vh;'>
100
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
101
  <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
@@ -104,8 +95,6 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
104
  </div>
105
  </div>
106
  ");
107
- exit;
108
- }
109
  }
110
 
111
  public function isBlacklistedIP() {
@@ -126,12 +115,16 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
126
  }
127
 
128
  public function execute() {
129
- $this->initLogger();
130
  if (!$this->canBypassFirewall()) {
131
- if ($this->isBlacklistedIP()) {
132
- $this->terminateRequest(BVRequest::BLACKLISTED);
133
- } else {
134
- $this->evaluateRules();
 
 
 
 
 
135
  }
136
  }
137
  }
@@ -143,14 +136,35 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
143
  return null;
144
  }
145
 
146
- public function match($pattern, $subject) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
147
  if (is_array($subject)) {
148
  foreach ($subject as $val) {
149
- return $this->match($pattern, $val);
150
  }
151
- return false;
152
  } else {
153
- return preg_match((string) $pattern, (string) $subject, $matches) > 0;
 
154
  }
155
  }
156
 
@@ -159,14 +173,15 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
159
  }
160
 
161
  public function getLength($val) {
162
- return strlen(is_array($val) ? join('', $val) : (string) $val);
163
- }
164
-
165
- public function contains($pattern, $subject) {
166
- if (is_array($pattern)) {
167
- return in_array($pattern, $subject, true);
 
 
168
  }
169
- return strpos((string) $subject, (string) $pattern) !== false;
170
  }
171
 
172
  public function equals($value, $subject) {
@@ -177,104 +192,225 @@ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|
177
  return $value != $subject;
178
  }
179
 
180
- public function evaluateRules() {
181
- if ($this->config->getRulesMode() == BVFWConfig::DISABLED)
182
  return false;
183
-
184
- $request = $this->request;
185
- $disabledRules = $this->config->getDisabledRules();
186
- if (!in_array(108, $disabledRules, true)) {
187
- if ($this->match(BVFW::XSSREGEX, $request->getQueryString()))
188
- $this->terminateRequest(108);
189
  }
190
- if (!in_array(112, $disabledRules, true)) {
191
- if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $request->getPath()) &&
192
- (($this->equals('revslider_show_image', $request->getQueryString('action')) && $this->match('/\\.php$/i', $request->getQueryString('img'))) or
193
- ($this->equals('revslider_show_image', $request->getBody('action')) && $this->match('/\\.php$/i', $request->getQueryString('img')))))
194
- $this->terminateRequest(112);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
195
  }
196
- if (!in_array(114, $disabledRules, true)) {
197
- if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getBody()) or
198
- $this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $request->getQueryString()))
199
- $this->terminateRequest(114);
 
 
 
 
200
  }
201
- if (!in_array(115, $disabledRules, true)) {
202
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) && ($this->equals('update-plugin', $request->getBody('action')) or
203
- $this->equals('update-plugin', $request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $request->getBody()) or
204
- ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $request->getQueryString()))))
205
- $this->terminateRequest(115);
 
206
  }
207
- if (!in_array(132, $disabledRules, true)) {
208
- if (($this->equals('Y', $request->getBody('kentopvc_hidden'))) &&
209
- ((!$this->match('/^1?$/', $request->getBody('kento_pvc_hide'))) or
210
- (!$this->match('/^1?$/', $request->getBody('kento_pvc_uniq'))) or
211
- (!$this->match('/^1?$/', $request->getBody('kento_pvc_posttype'))) or
212
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_today_text'))) or
213
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_total_text'))) or
214
- ($this->match(BVFW::XSSREGEX, $request->getBody('kento_pvc_numbers_lang')))))
215
- $this->terminateRequest(132);
216
  }
217
- if (!in_array(133, $disabledRules, true)) {
218
- if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $request->getPath())) or
219
- ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $request->getPath()))) &&
220
- ((($this->getLength($request->getBody('src')) > 0) &&
221
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $request->getBody('src')))) or
222
- (($this->getLength($request->getQueryString('src'))) &&
223
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $request->getQueryString('src'))))))
224
- $this->terminateRequest(133);
 
225
  }
226
- if (!in_array(145, $disabledRules, true)) {
227
- if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $request->getHeader('User-Agent'))) &&
228
- ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))) or
229
- (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $request->getHeader('Referer'))) &&
230
- ($this->match(BVFW::XSSREGEX, $request->getHeader('User-Agent')))))
231
- $this->terminateRequest(145);
 
232
  }
233
- if (!in_array(146, $disabledRules, true)) {
234
- if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $request->getPath()))
235
- $this->terminateRequest(146);
 
 
 
 
 
236
  }
237
- if (!in_array(155, $disabledRules, true)) {
238
- if (($this->match(BVFW::XSSREGEX, $request->getHeader('Client-IP'))) or
239
- ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Forwarded'))) or
240
- ($this->match(BVFW::XSSREGEX, $request->getHeader('X-Cluster-Client-IP'))) or
241
- ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded-For'))) or
242
- ($this->match(BVFW::XSSREGEX, $request->getHeader('Forwarded'))))
243
- $this->terminateRequest(155);
 
244
  }
245
- if (!in_array(156, $disabledRules, true)) {
246
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename')) or
247
- (($this->match(BVFW::SQLIREGEX, $request->getBody('umm_user'))) or
248
- ($this->match(BVFW::SQLIREGEX, $request->getQueryString('umm_user')))))
249
- $this->terminateRequest(156);
 
 
 
 
 
250
  }
251
- if (!in_array(165, $disabledRules, true)) {
252
- if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $request->getCookies('ecwid_oauth_state')))
253
- $this->terminateRequest(165);
 
 
 
 
 
 
 
 
 
254
  }
255
- if (!in_array(167, $disabledRules, true)) {
256
- if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $request->getFileNames())) &&
257
- ($this->getLength($request->getBody('save_bepro_listing')) > 0))
258
- $this->terminateRequest(167);
 
 
 
 
 
 
259
  }
260
- if (!in_array(168, $disabledRules, true)) {
261
- if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('script_filename'))) &&
262
- ($this->equals('master-slider', $request->getQueryString('page'))) &&
263
- ($this->getLength($request->getBody('page')) > 0) &&
264
- ($this->notEquals('master-slider', $request->getBody('page'))))
265
- $this->terminateRequest(168);
 
 
 
 
266
  }
267
- if (!in_array(169, $disabledRules, true)) {
268
- if (($this->equals('fancybox-for-wordpress', $request->getQueryString('page'))) &&
269
- ($this->match(BVFW::XSSREGEX, $request->getBody('mfbfw'))))
270
- $this->terminateRequest(169);
 
 
 
 
 
271
  }
272
- if (!in_array(171, $disabledRules, true)) {
273
- if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $request->getPath())) or
274
- ($this->match('#/wp/v\\d+/posts/#i', $request->getQueryString('rest_route')))) &&
275
- ($this->match('/[^0-9]/', $request->getQueryString('id'))))
276
- $this->terminateRequest(171);
 
 
 
 
 
 
277
  }
 
278
  }
279
  }
280
  endif;
2
 
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVFW')) :
5
+
6
  require_once dirname( __FILE__ ) . '/config.php';
7
  require_once dirname( __FILE__ ) . '/request.php';
8
  require_once dirname( __FILE__ ) . './../ipstore.php';
14
  public $ipstore;
15
  public $category;
16
  public $logger;
17
+ private $currRuleInfo;
18
+
19
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
+ @@HOSTNAME|
21
+ ALTER|ANALYZE|ASENSITIVE|
22
+ BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
23
+ CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
24
+ DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
25
+ EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
26
+ FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
27
+ GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
28
+ IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
29
+ JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
30
+ MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
31
+ NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
32
+ PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
33
+ RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
34
+ SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
35
+ TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
36
+ UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
37
+ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
38
+
39
+ const XSSREGEX = '/(?:
40
+ #tags
41
+ (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
42
+ #protocols
43
+ (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
44
+ #css expression
45
+ (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
46
+ #css properties
47
+ (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
48
+ #properties
49
+ (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
50
+ )/ix';
51
+
52
  public function __construct($bvmain, $ip) {
53
  $this->bvmain = $bvmain;
54
  $this->config = new BVFWConfig($this->bvmain);
58
  }
59
 
60
  public function init() {
61
+ if ($this->config->isActive()) {
62
+ $this->initLogger();
63
  }
64
  add_action('clear_fw_config', array($this->config, 'clear'));
65
  }
76
  }
77
  }
78
 
79
+ public function terminateRequest($category = BVRequest::NORMAL) {
80
+ $this->request->setCategory($category);
 
 
 
 
 
 
 
 
 
81
  $this->request->setStatus(BVRequest::BLOCKED);
82
  $this->request->setRespCode(403);
83
+ $this->log();
84
+ header("Cache-Control: no-cache, no-store, must-revalidate");
85
+ header("Pragma: no-cache");
86
+ header("Expires: 0");
87
+ header('HTTP/1.0 403 Forbidden');
88
+ $brandname = $this->bvmain->getBrandName();
89
+ die("
 
90
  <div style='height: 98vh;'>
91
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
92
  <div><p><img src=".plugins_url('../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
95
  </div>
96
  </div>
97
  ");
 
 
98
  }
99
 
100
  public function isBlacklistedIP() {
115
  }
116
 
117
  public function execute() {
 
118
  if (!$this->canBypassFirewall()) {
119
+ $rules = $this->config->getRules();
120
+ $this->matchRules($rules["audit"]);
121
+ if ($this->config->isProtecting()) {
122
+ if ($this->isBlacklistedIP()) {
123
+ $this->terminateRequest(BVRequest::BLACKLISTED);
124
+ }
125
+ if ($this->matchRules($rules["protect"], true)) {
126
+ $this->terminateRequest();
127
+ }
128
  }
129
  }
130
  }
136
  return null;
137
  }
138
 
139
+ public function match($pattern, $subject, $key = NULL) {
140
+ if (is_array($subject)) {
141
+ foreach ($subject as $k => $v) {
142
+ $k = ($key !== NULL) ? $key.'-'.$k : NULL;
143
+ if ($this->match($pattern, $v, $k)) {
144
+ return true;
145
+ }
146
+ }
147
+ } else {
148
+ if (preg_match((string) $pattern, (string) $subject) > 0) {
149
+ if ($key !== NULL) {
150
+ $this->currRuleInfo[$key] = $this->getLength($subject);
151
+ }
152
+ return true;
153
+ }
154
+ }
155
+ return false;
156
+ }
157
+
158
+ public function matchCount($pattern, $subject) {
159
+ $count = 0;
160
  if (is_array($subject)) {
161
  foreach ($subject as $val) {
162
+ $count += $this->matchCount($pattern, $val);
163
  }
164
+ return $count;
165
  } else {
166
+ $count = preg_match_all((string) $pattern, (string) $subject, $matches);
167
+ return ($count === false ? 0 : $count);
168
  }
169
  }
170
 
173
  }
174
 
175
  public function getLength($val) {
176
+ $length = 0;
177
+ if (is_array($val)) {
178
+ foreach ($val as $v) {
179
+ $length += $this->getLength($v);
180
+ }
181
+ return $length;
182
+ } else {
183
+ return strlen((string) $val);
184
  }
 
185
  }
186
 
187
  public function equals($value, $subject) {
192
  return $value != $subject;
193
  }
194
 
195
+ public function matchRules($rules = array(), $isProtect = false) {
196
+ if (empty($rules)) {
197
  return false;
 
 
 
 
 
 
198
  }
199
+ if (isset($rules[108])) {
200
+ $this->currRuleInfo = array();
201
+ if ($this->match(BVFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
202
+ $this->request->updateRulesInfo(108, $this->currRuleInfo);
203
+ if ($isProtect) return true;
204
+ }
205
+ }
206
+ if (isset($rules[112])) {
207
+ $this->currRuleInfo = array();
208
+ if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $this->request->getPath()) &&
209
+ (($this->equals('revslider_show_image', $this->request->getQueryString('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")) or
210
+ ($this->equals('revslider_show_image', $this->request->getBody('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")))) {
211
+ $this->request->updateRulesInfo(112, $this->currRuleInfo);
212
+ if ($isProtect) return true;
213
+ }
214
+ }
215
+ if (isset($rules[114])) {
216
+ $this->currRuleInfo = array();
217
+ if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getBody(), "BODY") or
218
+ $this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getQueryString(), "GET")) {
219
+ $this->request->updateRulesInfo(114, $this->currRuleInfo);
220
+ if ($isProtect) return true;
221
+ }
222
+ }
223
+ if (isset($rules[115])) {
224
+ $this->currRuleInfo = array();
225
+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) &&
226
+ ($this->equals('update-plugin', $this->request->getBody('action')) or $this->equals('update-plugin', $this->request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getBody(), "BODY") or
227
+ ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getQueryString(), "GET")))) {
228
+ $this->request->updateRulesInfo(115, $this->currRuleInfo);
229
+ if ($isProtect) return true;
230
+ }
231
+ }
232
+ if (isset($rules[132])) {
233
+ $this->currRuleInfo = array();
234
+ if (($this->equals('Y', $this->request->getBody('kentopvc_hidden'))) &&
235
+ ((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
236
+ (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
237
+ (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
238
+ ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
239
+ ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
240
+ ($this->match(BVFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
241
+ $this->request->updateRulesInfo(132, $this->currRuleInfo);
242
+ if ($isProtect) return true;
243
+ }
244
+ }
245
+ if (isset($rules[133])) {
246
+ $this->currRuleInfo = array();
247
+ if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $this->request->getPath())) or
248
+ ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $this->request->getPath()))) &&
249
+ ((($this->getLength($this->request->getBody('src')) > 0) &&
250
+ (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getBody('src'), "src"))) or
251
+ (($this->getLength($this->request->getQueryString('src'))) &&
252
+ (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getQueryString('src'), "src"))))) {
253
+ $this->request->updateRulesInfo(133, $this->currRuleInfo);
254
+ if ($isProtect) return true;
255
+ }
256
+ }
257
+ if (isset($rules[145])) {
258
+ $this->currRuleInfo = array();
259
+ if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
260
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
261
+ (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
262
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
263
+ $this->request->updateRulesInfo(145, $this->currRuleInfo);
264
+ if ($isProtect) return true;
265
+ }
266
+ }
267
+ if (isset($rules[146])) {
268
+ $this->currRuleInfo = array();
269
+ if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $this->request->getPath())) {
270
+ $this->request->updateRulesInfo(146, $this->currRuleInfo);
271
+ if ($isProtect) return true;
272
+ }
273
+ }
274
+ if (isset($rules[155])) {
275
+ $this->currRuleInfo = array();
276
+ if (($this->match(BVFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
277
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
278
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
279
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
280
+ ($this->match(BVFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
281
+ $this->request->updateRulesInfo(155, $this->currRuleInfo);
282
+ if ($isProtect) return true;
283
+ }
284
  }
285
+ if (isset($rules[156])) {
286
+ $this->currRuleInfo = array();
287
+ if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
288
+ (($this->match(BVFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
289
+ ($this->match(BVFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
290
+ $this->request->updateRulesInfo(156, $this->currRuleInfo);
291
+ if ($isProtect) return true;
292
+ }
293
  }
294
+ if (isset($rules[165])) {
295
+ $this->currRuleInfo = array();
296
+ if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $this->request->getCookies('ecwid_oauth_state'), "ecwid_oauth_state")) {
297
+ $this->request->updateRulesInfo(165, $this->currRuleInfo);
298
+ if ($isProtect) return true;
299
+ }
300
  }
301
+ if (isset($rules[167])) {
302
+ $this->currRuleInfo = array();
303
+ if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $this->request->getFileNames())) &&
304
+ ($this->getLength($this->request->getBody('save_bepro_listing')) > 0)) {
305
+ $this->request->updateRulesInfo(167, $this->currRuleInfo);
306
+ if ($isProtect) return true;
307
+ }
 
 
308
  }
309
+ if (isset($rules[168])) {
310
+ $this->currRuleInfo = array();
311
+ if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME'))) &&
312
+ ($this->equals('master-slider', $this->request->getQueryString('page'))) &&
313
+ ($this->getLength($this->request->getBody('page')) > 0) &&
314
+ ($this->notEquals('master-slider', $this->request->getBody('page')))) {
315
+ $this->request->updateRulesInfo(168, $this->currRuleInfo);
316
+ if ($isProtect) return true;
317
+ }
318
  }
319
+ if (isset($rules[169])) {
320
+ $this->currRuleInfo = array();
321
+ if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
322
+ ($this->match(BVFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
323
+ $this->request->updateRulesInfo(169, $this->currRuleInfo);
324
+ if ($isProtect) return true;
325
+ }
326
  }
327
+ if (isset($rules[171])) {
328
+ $this->currRuleInfo = array();
329
+ if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $this->request->getPath())) or
330
+ ($this->match('#/wp/v\\d+/posts/#i', $this->request->getQueryString('rest_route'), "rest_route"))) &&
331
+ ($this->match('/[^0-9]/', $this->request->getQueryString('id'), "id"))) {
332
+ $this->request->updateRulesInfo(171, $this->currRuleInfo);
333
+ if ($isProtect) return true;
334
+ }
335
  }
336
+ if (isset($rules[172])) {
337
+ $this->currRuleInfo = array();
338
+ $pattern = '`\b(?i:(?:conf(?:ig(?:ur(?:e|ation)|\.inc|_global)?)?)|settings?(?:\.?inc)?)\.php$`';
339
+ if ((($this->match($pattern, $this->getServerValue('SCRIPT_FILENAME'), "SCRIPT_FILENAME")) or
340
+ ($this->match($pattern, $this->request->getQueryString(), "GET")))) {
341
+ $this->request->updateRulesInfo(172, $this->currRuleInfo);
342
+ if ($isProtect) return true;
343
+ }
344
  }
345
+ if (isset($rules[173])) {
346
+ $this->currRuleInfo = array();
347
+ $pattern = '`(?:\.{2}[\/]+)`';
348
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
349
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
350
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
351
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "HEADER")))) {
352
+ $this->request->updateRulesInfo(173, $this->currRuleInfo);
353
+ if ($isProtect) return true;
354
+ }
355
  }
356
+ if (isset($rules[174])) {
357
+ $this->currRuleInfo = array();
358
+ $pattern = '`\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
359
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
360
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
361
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
362
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
363
+ ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")) or
364
+ ($this->match($pattern, $this->getServerValue('PATH_INFO'), "PATH_INFO")))) {
365
+ $this->request->updateRulesInfo(174, $this->currRuleInfo);
366
+ if ($isProtect) return true;
367
+ }
368
  }
369
+ if (isset($rules[175])) {
370
+ $this->currRuleInfo = array();
371
+ $pattern = '`\\b(?i:eval)\\s*\\(\\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\\s*\\(`';
372
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
373
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
374
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
375
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
376
+ $this->request->updateRulesInfo(175, $this->currRuleInfo);
377
+ if ($isProtect) return true;
378
+ }
379
  }
380
+ if (isset($rules[176])) {
381
+ $this->currRuleInfo = array();
382
+ $pattern = '`(?:<\\?(?![Xx][Mm][Ll]).*?(?:\\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|(?:ex|im)plode|file(?:_get_contents)?|fsockopen|function_exists|gzinflate|move_uploaded_file|passthru|[ep]reg_replace|phpinfo|stripslashes|strrev|substr|system|(?:shell_)?exec)\\s*(?:/\\*.+?\\*/\\s*)?\\())|#!/(?:usr|bin)/.+?\\s|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
383
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
384
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
385
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
386
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
387
+ $this->request->updateRulesInfo(176, $this->currRuleInfo);
388
+ if ($isProtect) return true;
389
+ }
390
  }
391
+ if (isset($rules[177])) {
392
+ $this->currRuleInfo = array();
393
+ if ((($this->matchCount(BVFW::SQLIREGEX, $this->request->getBody()) > 2) or
394
+ ($this->matchCount(BVFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
395
+ ($this->matchCount(BVFW::SQLIREGEX, $this->request->getCookies()) > 2) or
396
+ ($this->matchCount(BVFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
397
+ $this->request->updateRulesInfo(177, $this->currRuleInfo);
398
+ if ($isProtect) return true;
399
+ }
400
  }
401
+ if (isset($rules[178])) {
402
+ $this->currRuleInfo = array();
403
+ $pattern = '`(?: \\W(?:background(-image)?|-moz-binding)\\s*:[^}]*?\\burl\\s*\\([^)]+?(https?:)?//\\w|<(?i:applet|div|embed|form|i?frame(?:set)?|i(?:mg|sindex)|link|m(?:eta|arquee)|object|script|textarea)\\b.*=.*?>|\\bdocument\\s*\\.\\s*(?:body|cookie|domain|location|open|write(?:ln)?)\\b|\\blocation\\s*\\.\\s*(?:href|replace)\\b|\\bwindow\\s*\\.\\s*(?:open|location)\\b|\\b(?:alert|confirm|eval|expression|prompt|set(?:Timeout|Interval)|String\\s*\\.\\s*fromCharCode|\\.\\s*substr)\\b\\s*\\(.*?\\)|(?i)<\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>.*?<\\s*/\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>|(?i)<[a-z].+?\\bon[a-z]{3,29}\\b\\s*=.{5}|(?i)<.+?\\bon[a-z]{3,29}\\b\\s*=\\s*[\'"](?!\\s*return false\\b).*?[\'"].+?>|(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>|<.+?(?i)\\b(?:href|(?:form)?action|background|code|data|location|name|poster|src|value)\\s*=\\s*[\'"]?(?:(?:f|ht)tps?:)?//\\w+\\.\\w|\\batob\\s*(?:[\'"\\x60]\\s*\\]\\s*)?\\(\\s*([\'"\\x60])[a-zA-Z0-9/+=]+\\1\\s*\\)|<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?> |<x:script\\b.*?>.*?</x:script.*?>|\\+A(?:Dw|ACIAPgA8)-.+?\\+AD4(?:APAAi)?-|[{}+[\\]\\s]\\+\\s*\\[\\s*]\\s*\\)\\s*\\[[{!}+[\\]\\s]|(?i)<[a-z]+/[a-z]+.+?=.+?>|\\[\\s*\\]\\s*\\[\\s*[\'"\\x60]filter[\'"\\x60]\\s*\\]\\s*\\[\\s*[\'"\\x60]constructor[\'"\\x60]\\s*\\]\\s*\\(\\s*|\\b(?:document|window|this)\\s*\\[.+?\\]\\s*[\\[(]|(?:(?:\\b(?:self|this|top|window)\\s*\\[.+?\\]|\\(\\s*(?:alert|confirm|eval|expression|prompt)\\s*\\)|\\[.*?\\]\\s*\\.\\s*find)|(?:\\.\\s*(?:re(?:ject|place)|constructor)))\\s*\\(.*?\\)|\\b(\\w+)\\s*=\\s*(?:alert|confirm|eval|expression|prompt)\\s*[;,]\\1\\s*\\(.*?\\))`';
404
+ if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
405
+ ($this->match($pattern, $this->request->getQueryString(), "GET")) or
406
+ ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
407
+ ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
408
+ ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")))) {
409
+ $this->request->updateRulesInfo(178, $this->currRuleInfo);
410
+ if ($isProtect) return true;
411
+ }
412
  }
413
+ return false;
414
  }
415
  }
416
  endif;
fw/request.php CHANGED
@@ -17,7 +17,7 @@ class BVRequest {
17
  private $cookies;
18
  private $respcode;
19
  private $status;
20
-
21
  #status
22
  const ALLOWED = 1;
23
  const BLOCKED = 2;
@@ -35,6 +35,7 @@ class BVRequest {
35
  $method = '';
36
  $path = '';
37
  $this->ip = $ip;
 
38
  $this->setRespCode(200);
39
  $this->setCategory(BVRequest::NORMAL);
40
  $this->setStatus(BVRequest::ALLOWED);
@@ -149,7 +150,15 @@ class BVRequest {
149
  public function setUri($uri) {
150
  $this->uri = $uri;
151
  }
 
 
 
 
152
 
 
 
 
 
153
  public function getStatus() {
154
  return $this->status;
155
  }
@@ -170,6 +179,7 @@ class BVRequest {
170
  $querystr = (strlen($querystr) > 512) ? maybe_serialize(array("bv_over_size" => true)) : $querystr;
171
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
172
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
 
173
  $data = array(
174
  "path" => $this->getPath(),
175
  "filenames" => maybe_serialize($this->getFileNames()),
@@ -182,7 +192,8 @@ class BVRequest {
182
  "resp_code" => $this->getRespCode(),
183
  "referer" => $referer,
184
  "status" => $this->getStatus(),
185
- "category" => $this->getCategory()
 
186
  );
187
  return $data;
188
  }
17
  private $cookies;
18
  private $respcode;
19
  private $status;
20
+ private $rulesInfo;
21
  #status
22
  const ALLOWED = 1;
23
  const BLOCKED = 2;
35
  $method = '';
36
  $path = '';
37
  $this->ip = $ip;
38
+ $this->rulesInfo = array();
39
  $this->setRespCode(200);
40
  $this->setCategory(BVRequest::NORMAL);
41
  $this->setStatus(BVRequest::ALLOWED);
150
  public function setUri($uri) {
151
  $this->uri = $uri;
152
  }
153
+
154
+ public function updateRulesInfo($key, $value) {
155
+ $this->rulesInfo[$key] = $value;
156
+ }
157
 
158
+ public function getRulesInfo() {
159
+ return $this->rulesInfo;
160
+ }
161
+
162
  public function getStatus() {
163
  return $this->status;
164
  }
179
  $querystr = (strlen($querystr) > 512) ? maybe_serialize(array("bv_over_size" => true)) : $querystr;
180
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
181
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
182
+ $rules_info = maybe_serialize($this->getRulesInfo());
183
  $data = array(
184
  "path" => $this->getPath(),
185
  "filenames" => maybe_serialize($this->getFileNames()),
192
  "resp_code" => $this->getRespCode(),
193
  "referer" => $referer,
194
  "status" => $this->getStatus(),
195
+ "category" => $this->getCategory(),
196
+ "rules_info" => $rules_info
197
  );
198
  return $data;
199
  }
main.php CHANGED
@@ -8,7 +8,7 @@ require_once dirname( __FILE__ ) . '/main/auth.php';
8
  require_once dirname( __FILE__ ) . '/main/db.php';
9
 
10
  class MalCare {
11
- public $version = '1.88';
12
  public $plugname = 'malcare';
13
  public $brandname = 'MalCare';
14
  public $webpage = 'https://www.malcare.com';
8
  require_once dirname( __FILE__ ) . '/main/db.php';
9
 
10
  class MalCare {
11
+ public $version = '1.89';
12
  public $plugname = 'malcare';
13
  public $brandname = 'MalCare';
14
  public $webpage = 'https://www.malcare.com';
main/db.php CHANGED
@@ -92,6 +92,15 @@ class MCDb {
92
  return $this->isTablePresent($table);
93
  }
94
 
 
 
 
 
 
 
 
 
 
95
  function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
96
  $query = "SELECT $fields from $table $filter";
97
  if ($limit > 0)
92
  return $this->isTablePresent($table);
93
  }
94
 
95
+ function alterBVTable($query, $name) {
96
+ $resp = false;
97
+ $table = $this->getBVTable($name);
98
+ if ($this->isTablePresent($table)) {
99
+ $resp = $this->query($query);
100
+ }
101
+ return $resp;
102
+ }
103
+
104
  function getTableContent($table, $fields = '*', $filter = '', $limit = 0, $offset = 0) {
105
  $query = "SELECT $fields from $table $filter";
106
  if ($limit > 0)
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 1.88
9
  Network: True
10
  */
11
 
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 1.89
9
  Network: True
10
  */
11
 
protect.php CHANGED
@@ -17,6 +17,7 @@ class BVProtect {
17
  $ip = $this->getIP();
18
  $fw = new BVFW($this->bvmain, $ip);
19
  $fw->init();
 
20
  $lp = new BVLP($this->bvmain, $ip);
21
  $lp->init();
22
  }
@@ -42,4 +43,4 @@ class BVProtect {
42
  return $ip;
43
  }
44
  }
45
- endif;
17
  $ip = $this->getIP();
18
  $fw = new BVFW($this->bvmain, $ip);
19
  $fw->init();
20
+ $fw->execute();
21
  $lp = new BVLP($this->bvmain, $ip);
22
  $lp->init();
23
  }
43
  return $ip;
44
  }
45
  }
46
+ endif;
readme.txt CHANGED
@@ -218,6 +218,9 @@ FTP details input into MalCare is processed on our servers. We need your FTP cre
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
 
 
 
221
  = 1.88 =
222
  * Callback improvements
223
  * Adding delete transient callback
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
221
+ = 1.89 =
222
+ * Firewall improvements
223
+
224
  = 1.88 =
225
  * Callback improvements
226
  * Adding delete transient callback