MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 3.5

Version Description

  • Firewall in prepend mode
  • Robust Firewall and Login protection
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 3.5
Comparing to
See all releases

Code changes from version 3.4 to 3.5

Files changed (42) hide show
  1. account.php +1 -1
  2. admin/main_page.php +8 -30
  3. callback/handler.php +7 -15
  4. callback/request.php +2 -2
  5. callback/wings/account.php +3 -2
  6. callback/wings/fs.php +80 -1
  7. callback/wings/fw.php +0 -62
  8. callback/wings/info.php +23 -42
  9. callback/wings/ipstore.php +3 -4
  10. callback/wings/lp.php +0 -74
  11. callback/wings/misc.php +4 -16
  12. callback/wings/protect.php +462 -23
  13. callback/wings/{monit.php → watch.php} +62 -9
  14. img/cw_icon.png +0 -0
  15. info.php +18 -7
  16. malcare.php +21 -17
  17. protect/base.php +29 -0
  18. protect/fw/config.php +95 -0
  19. protect/fw/fw.php +344 -0
  20. protect/{wp_fw → fw}/request.php +7 -13
  21. protect/prepend/ignitor.php +9 -0
  22. protect/prepend/info.php +17 -0
  23. protect/prepend/ipstore.php +49 -0
  24. protect/prepend/logger.php +20 -0
  25. protect/prepend/protect.php +76 -0
  26. protect/protect.php +0 -58
  27. protect/{ipstore.php → wp/ipstore.php} +17 -0
  28. protect/{logger.php → wp/logger.php} +0 -0
  29. protect/wp/lp/config.php +25 -0
  30. protect/{wp_lp → wp/lp}/lp.php +11 -12
  31. protect/wp/protect.php +75 -0
  32. protect/wp_fw/config.php +0 -251
  33. protect/wp_fw/fw.php +0 -597
  34. protect/wp_lp/config.php +0 -82
  35. readme.txt +5 -1
  36. recover.php +1 -1
  37. wp_actions.php +1 -2
  38. wp_admin.php +59 -43
  39. wp_api.php +3 -3
  40. wp_cli.php +91 -11
  41. wp_db.php +15 -1
  42. wp_site_info.php +9 -3
account.php CHANGED
@@ -118,7 +118,7 @@ if (!class_exists('MCAccount')) :
118
  self::update($settings, $accounts);
119
  }
120
 
121
- public function respInfo() {
122
  return array(
123
  "public" => substr($this->public, 0, 6),
124
  "sigmatch" => substr($this->sig_match, 0, 6)
118
  self::update($settings, $accounts);
119
  }
120
 
121
+ public function info() {
122
  return array(
123
  "public" => substr($this->public, 0, 6),
124
  "sigmatch" => substr($this->sig_match, 0, 6)
admin/main_page.php CHANGED
@@ -1,3 +1,9 @@
 
 
 
 
 
 
1
  <div id="content-wrapper" style="width: 99%;">
2
  <!-- Content HTML goes here -->
3
  <div class="mui-container-fluid">
@@ -13,37 +19,9 @@
13
  </div>
14
  </div>
15
  </div>
16
-
17
  <div class="mui-container-fluid" style="padding: 0px;">
18
  <div class="mui-col-md-10" style="padding-left: 0px;">
19
  <br>
20
- <?php if (MCAccount::isConfigured($this->settings)) { ?>
21
- <div class="bv-box" style="overflow: hidden;">
22
- <div class="mui-col-md-8" style="margin: 15px auto; overflow: hidden; float: inherit;">
23
- <div class="mui-panel mui--text-center" style="margin-bottom:0!important;background-color:#4caf50;">
24
- <div class="mui--text-title mui--text-light">MalCare Protection Activated</div>
25
- </div>
26
- <div class="mui-panel" style="height: 240px;">
27
- <div class="mui--text-body1" style="font-size: 20px; text-align: center;">View detailed security statistics on Dashboard.</div>
28
- <div style="text-align: center;"><a class="mui-btn mui-btn--raised mui-btn--primary custom-bv-button" href=<?php echo $this->account->authenticatedUrl('/malcare/access')?> target="_blank">Visit Dashboard</a></div>
29
- <div style="text-align: center; margin-top: 10px;">
30
- <span>Loved Malcare ? Share a Word </span>
31
- <br>
32
- <?php
33
- $shareLink = "https://wordpress.org/plugins/malcare-security/";
34
- $shareText = "I just secured my website using MalCare Wordpress Security Plugin. It Does not OVERLOAD my server and Removes malware in One-Click. RIDICULOUSLY Easy! Check it out";
35
- $hashTags = "MalCare, Wordpress, Security";
36
- ?>
37
- <span><a href="http://twitter.com/share?text=<?php echo $shareText; ?>&url=<?php echo $shareLink; ?>&hashtags=<?php echo $hashTags; ?>"><img src="<?php echo plugins_url("/../img/twitter.png", __FILE__); ?>" class="share-icons" /></a></span>
38
- <span><a href="https://www.facebook.com/sharer/sharer.php?u=<?php echo $shareLink; ?>&quote=<?php echo $shareText; ?>"><img src="<?php echo plugins_url("/../img/fb.png", __FILE__); ?>" class="share-icons" /></a></span>
39
- </div>
40
- </div>
41
- </div>
42
- </div>
43
- <div class="bv-box" style="padding-top: 10px; padding-bottom: 10px; margin-top:10px;">
44
- <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
45
- </div>
46
- <?php } else { ?>
47
  <div class="bv-box" style="padding-top: 10px; padding-bottom: 10px;">
48
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
49
  </div>
@@ -70,7 +48,6 @@
70
  </form>
71
  <br/>
72
  </div>
73
- <?php } ?>
74
  </div>
75
  <div class="mui-col-md-2 side">
76
  <div class="side-box" style="margin: 0px !important;">
@@ -117,4 +94,5 @@
117
  <div class="mui-container mui--text-center" style="margin-top: 10px;">
118
  Made with ♥ by <a href="https://blogvault.net"><img src="<?php echo plugins_url('../img/bv.png', __FILE__); ?>" /></a>
119
  </div>
120
- </footer>
 
1
+ <?php if (MCAccount::isConfigured($this->settings)) { ?>
2
+ <div>
3
+ <iframe style="width: 99%; height: 1900px; padding-top: 13px;"src="<?=$this->account->authenticatedUrl('/malcare/access')?>">
4
+ </iframe>
5
+ </div>
6
+ <?php } else { ?>
7
  <div id="content-wrapper" style="width: 99%;">
8
  <!-- Content HTML goes here -->
9
  <div class="mui-container-fluid">
19
  </div>
20
  </div>
21
  </div>
 
22
  <div class="mui-container-fluid" style="padding: 0px;">
23
  <div class="mui-col-md-10" style="padding-left: 0px;">
24
  <br>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
25
  <div class="bv-box" style="padding-top: 10px; padding-bottom: 10px;">
26
  <?php require_once dirname( __FILE__ ) . "/top_box.php";?>
27
  </div>
48
  </form>
49
  <br/>
50
  </div>
 
51
  </div>
52
  <div class="mui-col-md-2 side">
53
  <div class="side-box" style="margin: 0px !important;">
94
  <div class="mui-container mui--text-center" style="margin-top: 10px;">
95
  Made with ♥ by <a href="https://blogvault.net"><img src="<?php echo plugins_url('../img/bv.png', __FILE__); ?>" /></a>
96
  </div>
97
+ </footer>
98
+ <?php } ?>
callback/handler.php CHANGED
@@ -32,10 +32,10 @@ if (!class_exists('BVCallbackHandler')) :
32
  $this->routeRequest();
33
  $bvinfo = new MCInfo($this->settings);
34
  $resp = array(
35
- "request_info" => $this->request->respInfo(),
36
- "site_info" => $this->siteinfo->respInfo(),
37
- "account_info" => $this->account->respInfo(),
38
- "bvinfo" => $bvinfo->respInfo(),
39
  "api_pubkey" => substr(MCAccount::getApiPublicKey($this->settings), 0, 8)
40
  );
41
  $this->response->terminate($resp);
@@ -67,17 +67,9 @@ if (!class_exists('BVCallbackHandler')) :
67
  require_once dirname( __FILE__ ) . '/wings/ipstore.php';
68
  $module = new BVIPStoreCallback($this);
69
  break;
70
- case 'fw':
71
- require_once dirname( __FILE__ ) . '/wings/fw.php';
72
- $module = new BVFirewallCallback($this);
73
- break;
74
- case 'lp':
75
- require_once dirname( __FILE__ ) . '/wings/lp.php';
76
- $module = new BVLoginProtectCallback($this);
77
- break;
78
- case 'monit':
79
- require_once dirname( __FILE__ ) . '/wings/monit.php';
80
- $module = new BVMonitCallback($this);
81
  break;
82
  case 'brand':
83
  require_once dirname( __FILE__ ) . '/wings/brand.php';
32
  $this->routeRequest();
33
  $bvinfo = new MCInfo($this->settings);
34
  $resp = array(
35
+ "request_info" => $this->request->info(),
36
+ "site_info" => $this->siteinfo->info(),
37
+ "account_info" => $this->account->info(),
38
+ "bvinfo" => $bvinfo->info(),
39
  "api_pubkey" => substr(MCAccount::getApiPublicKey($this->settings), 0, 8)
40
  );
41
  $this->response->terminate($resp);
67
  require_once dirname( __FILE__ ) . '/wings/ipstore.php';
68
  $module = new BVIPStoreCallback($this);
69
  break;
70
+ case 'wtch':
71
+ require_once dirname( __FILE__ ) . '/wings/watch.php';
72
+ $module = new BVWatchCallback($this);
 
 
 
 
 
 
 
 
73
  break;
74
  case 'brand':
75
  require_once dirname( __FILE__ ) . '/wings/brand.php';
callback/request.php CHANGED
@@ -40,7 +40,7 @@ if (!class_exists('BVCallbackRequest')) :
40
  return array_key_exists('apicall', $this->params);
41
  }
42
 
43
- public function respInfo() {
44
  $info = array(
45
  "requestedsig" => $this->sig,
46
  "requestedtime" => $this->time,
@@ -176,4 +176,4 @@ if (!class_exists('BVCallbackRequest')) :
176
  return $data;
177
  }
178
  }
179
- endif;
40
  return array_key_exists('apicall', $this->params);
41
  }
42
 
43
+ public function info() {
44
  $info = array(
45
  "requestedsig" => $this->sig,
46
  "requestedtime" => $this->time,
176
  return $data;
177
  }
178
  }
179
+ endif;
callback/wings/account.php CHANGED
@@ -21,7 +21,7 @@ class BVAccountCallback extends BVCallbackBase {
21
  $resp = array("status" => MCAccount::exists($this->settings, $params['public']));
22
  break;
23
  case "rmacc":
24
- $resp = array("status" => $account->remove($params['public']));
25
  break;
26
  case "updt":
27
  $info = array();
@@ -32,7 +32,8 @@ class BVAccountCallback extends BVCallbackBase {
32
  $resp = array("status" => MCAccount::exists($this->settings, $params['pubkey']));
33
  break;
34
  case "updtapikey":
35
- $resp = array("status" => MCAccount::updateApiPublicKey($this->settings, $params['pubkey']));
 
36
  break;
37
  case "rmdefsec":
38
  $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
21
  $resp = array("status" => MCAccount::exists($this->settings, $params['public']));
22
  break;
23
  case "rmacc":
24
+ $resp = array("status" => MCAccount::remove($this->settings, $params['public']));
25
  break;
26
  case "updt":
27
  $info = array();
32
  $resp = array("status" => MCAccount::exists($this->settings, $params['pubkey']));
33
  break;
34
  case "updtapikey":
35
+ MCAccount::updateApiPublicKey($this->settings, $params['pubkey']);
36
+ $resp = array("status" => $this->settings->getOption(MCAccount::$api_public_key));
37
  break;
38
  case "rmdefsec":
39
  $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
callback/wings/fs.php CHANGED
@@ -149,6 +149,34 @@ class BVFSCallback extends BVCallbackBase {
149
  return $md5;
150
  }
151
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
152
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
153
  $result = array();
154
  foreach ($files as $file) {
@@ -204,6 +232,33 @@ class BVFSCallback extends BVCallbackBase {
204
  return $result;
205
  }
206
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
207
  function process($request) {
208
  $params = $request->params;
209
  $stream_init_info = BVStream::startStream($this->account, $request);
@@ -264,6 +319,30 @@ class BVFSCallback extends BVCallbackBase {
264
  $directoryList = glob($initdir.$regex, $glob_option);
265
  $resp = $this->getFilesStats($directoryList);
266
  break;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
267
  default:
268
  $resp = false;
269
  }
@@ -277,4 +356,4 @@ class BVFSCallback extends BVCallbackBase {
277
  return $resp;
278
  }
279
  }
280
- endif;
149
  return $md5;
150
  }
151
 
152
+ function getFilesContent($files, $withContent = true) {
153
+ $result = array();
154
+ foreach ($files as $file) {
155
+ $fdata = $this->fileStat($file);
156
+ $absfile = ABSPATH.$file;
157
+
158
+ if (is_dir($absfile) && !is_link($absfile)) {
159
+ $fdata['is_dir'] = true;
160
+ } else {
161
+ if (!is_readable($file)) {
162
+ $fdata['error'] = 'file not readable';
163
+ } else {
164
+ if ($withContent === true) {
165
+ if ($content = file_get_contents($absfile)) {
166
+ $fdata['content'] = $content;
167
+ } else {
168
+ $fdata['error'] = 'unable to read file';
169
+ }
170
+ }
171
+ }
172
+ }
173
+
174
+ $result[$file] = $fdata;
175
+ }
176
+
177
+ return $result;
178
+ }
179
+
180
  function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
181
  $result = array();
182
  foreach ($files as $file) {
232
  return $result;
233
  }
234
 
235
+ function mkdir($path, $permissions) {
236
+ $result = array();
237
+ $path = ABSPATH.$path;
238
+
239
+ if (!file_exists($path)) {
240
+ if (!mkdir($path)) {
241
+ $result['status'] = 'Error';
242
+ $result['message'] = 'UNABLE_TO_CREATE_DIR';
243
+ }
244
+ } else {
245
+ $result['already_exists'] = true;
246
+ }
247
+
248
+ if (file_exists($path)) {
249
+ $result['exists'] = true;
250
+
251
+ if (chmod($path, $permissions)) {
252
+ $result['status'] = 'Done';
253
+ } else {
254
+ $result['status'] = 'Error';
255
+ $result['message'] = "UNABLE_TO_SET_PERMISSIONS";
256
+ }
257
+ }
258
+
259
+ return $result;
260
+ }
261
+
262
  function process($request) {
263
  $params = $request->params;
264
  $stream_init_info = BVStream::startStream($this->account, $request);
319
  $directoryList = glob($initdir.$regex, $glob_option);
320
  $resp = $this->getFilesStats($directoryList);
321
  break;
322
+ case "dirsexists":
323
+ $resp = array();
324
+ $dirs = $params['dirs'];
325
+
326
+ foreach ($dirs as $dir) {
327
+ $path = ABSPATH.$dir;
328
+ if (file_exists($path) && is_dir($path) && !is_link($path)) {
329
+ $resp[$dir] = true;
330
+ } else {
331
+ $resp[$dir] = false;
332
+ }
333
+ }
334
+
335
+ $resp["status"] = "Done";
336
+ break;
337
+ case "gtfilescntent":
338
+ $files = $params['files'];
339
+ $withContent = array_key_exists('withcontent', $params) ? $params['withcontent'] : true;
340
+ $resp = array("files_content" => $this->getFilesContent($files, $withContent));
341
+ break;
342
+ case "mkdr":
343
+ $permissions = array_key_exists('permissions', $params) ? $params['permissions'] : 0777;
344
+ $resp = array('mkdir' => $this->mkdir($params['path'], $permissions));
345
+ break;
346
  default:
347
  $resp = false;
348
  }
356
  return $resp;
357
  }
358
  }
359
+ endif;
callback/wings/fw.php DELETED
@@ -1,62 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVFirewallCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
7
-
8
- class BVFirewallCallback {
9
- public $db;
10
- public $settings;
11
-
12
- public function __construct($callback_handler) {
13
- $this->db = $callback_handler->db;
14
- $this->settings = $callback_handler->settings;
15
- }
16
-
17
- public function process($request) {
18
- $params = $request->params;
19
- $config = new BVWPFWConfig($this->db, $this->settings);
20
- switch ($request->method) {
21
- case "clrconfig":
22
- $resp = array("clearconfig" => $config->clear());
23
- break;
24
- case "setmode":
25
- $config->setMode($params['mode']);
26
- $resp = array("setmode" => $config->getMode());
27
- break;
28
- case "dsblrules":
29
- $config->setDisabledRules($params['disabled_rules']);
30
- $resp = array("disabled_rules" => $config->getDisabledRules());
31
- break;
32
- case "adtrls":
33
- $config->setAuditRules($params['audit_rules']);
34
- $resp = array("audit_rules" => $config->getAuditRules());
35
- break;
36
- case "setrulesmode":
37
- $config->setRulesMode($params['rules_mode']);
38
- $resp = array("rules_mode" => $config->getRulesMode());
39
- break;
40
- case "setreqprofilingmode":
41
- $config->setReqProfilingMode($params['req_profiling_mode']);
42
- $resp = array("req_profiling_mode" => $config->getReqProfilingMode());
43
- break;
44
- case "stbypslevl":
45
- $config->setBypassLevel($params['bypslevl']);
46
- $resp = array("bypslevl" => $config->getBypassLevel());
47
- break;
48
- case "stcstmrls":
49
- $config->setCustomRoles($params['cstmrls']);
50
- $resp = array("cstmrls" => $config->getCustomRoles());
51
- break;
52
- case "stcookiemode":
53
- $config->setCookieMode($params['mode']);
54
- $resp = array("mode" => $config->getCookieMode());
55
- break;
56
- default:
57
- $resp = false;
58
- }
59
- return $resp;
60
- }
61
- }
62
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/wings/info.php CHANGED
@@ -96,11 +96,13 @@ class BVInfoCallback extends BVCallbackBase {
96
 
97
  public function getSystemInfo() {
98
  $sys_info = array(
99
- 'serverip' => $_SERVER['SERVER_ADDR'],
100
  'host' => $_SERVER['HTTP_HOST'],
101
  'phpversion' => phpversion(),
102
  'AF_INET6' => defined('AF_INET6')
103
  );
 
 
 
104
  if (function_exists('get_current_user')) {
105
  $sys_info['user'] = get_current_user();
106
  }
@@ -203,51 +205,11 @@ class BVInfoCallback extends BVCallbackBase {
203
  $data['dynsync'] = $settings->getOption('bvDynSyncActive');
204
  $data['woodyn'] = $settings->getOption('bvWooDynSync');
205
  $data['dynplug'] = $settings->getOption('bvdynplug');
206
- $data['ptplug'] = $settings->getOption('bvptplug');
207
- $data['fw'] = $this->getFWConfig();
208
- $data['lp'] = $this->getLPConfig();
209
  $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
210
  $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
211
  }
212
 
213
- public function getLPConfig() {
214
- $config = array();
215
- $settings = $this->settings;
216
- $mode = $settings->getOption('bvlpmode');
217
- $cplimit = $settings->getOption('bvlpcaptchalimit');
218
- $tplimit = $settings->getOption('bvlptempblocklimit');
219
- $bllimit = $settings->getOption('bvlpblockAllLimit');
220
- $config['mode'] = intval($mode ? $mode : 1);
221
- $config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
222
- $config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
223
- $config['block_all_limit'] = intval($bllimit ? $bllimit : 100);
224
- return $config;
225
- }
226
-
227
- public function getFWConfig() {
228
- $config = array();
229
- $settings = $this->settings;
230
- $mode = $settings->getOption('bvfwmode');
231
- $drules = $settings->getOption('bvfwdisabledrules');
232
- $arules = $settings->getOption('bvfwauditrules');
233
- $rmode = $settings->getOption('bvfwrulesmode');
234
- $reqprofilingmode = $settings->getOption('bvfwreqprofilingmode');
235
- $bypass_level = $settings->getOption('bvfwbypasslevel');
236
- $custom_roles = $settings->getOption('bvfwcustomroles');
237
- $cookiemode = $settings->getOption('bvfwcookiemode');
238
- $cookiekey = (string) $settings->getOption('bvfwcookiekey');
239
- $config['mode'] = intval($mode ? $mode : 1);
240
- $config['disabled_rules'] = $drules ? $drules : array();
241
- $config['audit_rules'] = $arules ? $arules : array();
242
- $config['rules_mode'] = intval($rmode ? $rmode : 1);
243
- $config['req_profiling_mode'] = intval($reqprofilingmode ? $reqprofilingmode : 1);
244
- $config['bypslevl'] = intval($bypass_level ? $bypass_level : 2);
245
- $config['cstmrls'] = $custom_roles ? $custom_roles : array();
246
- $config['cookiemode'] = intval($cookiemode ? $cookiemode : 2);
247
- $config['cookiekey'] = $cookiekey;
248
- return $config;
249
- }
250
-
251
  public function dbconf(&$info) {
252
  $db = $this->db;
253
  if (defined('DB_CHARSET'))
@@ -256,6 +218,15 @@ class BVInfoCallback extends BVCallbackBase {
256
  $info['charset_collate'] = $db->getCharsetCollate();
257
  return $info;
258
  }
 
 
 
 
 
 
 
 
 
259
 
260
  public function activate() {
261
  $resp = array();
@@ -273,6 +244,9 @@ class BVInfoCallback extends BVCallbackBase {
273
  case "activateinfo":
274
  $resp = $this->activate();
275
  break;
 
 
 
276
  case "gtpsts":
277
  $count = 5;
278
  if (array_key_exists('count', $params))
@@ -294,6 +268,13 @@ class BVInfoCallback extends BVCallbackBase {
294
  case "gtwp":
295
  $resp = $this->getWpInfo();
296
  break;
 
 
 
 
 
 
 
297
  case "getoption":
298
  $resp = array("option" => $this->settings->getOption($params['name']));
299
  break;
96
 
97
  public function getSystemInfo() {
98
  $sys_info = array(
 
99
  'host' => $_SERVER['HTTP_HOST'],
100
  'phpversion' => phpversion(),
101
  'AF_INET6' => defined('AF_INET6')
102
  );
103
+ if (array_key_exists('SERVER_ADDR', $_SERVER)) {
104
+ $sys_info['serverip'] = $_SERVER['SERVER_ADDR'];
105
+ }
106
  if (function_exists('get_current_user')) {
107
  $sys_info['user'] = get_current_user();
108
  }
205
  $data['dynsync'] = $settings->getOption('bvDynSyncActive');
206
  $data['woodyn'] = $settings->getOption('bvWooDynSync');
207
  $data['dynplug'] = $settings->getOption('bvdynplug');
208
+ $data['protect'] = $settings->getOption('bvptconf');
 
 
209
  $data['brand'] = $settings->getOption($this->bvinfo->brand_option);
210
  $data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
211
  }
212
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
213
  public function dbconf(&$info) {
214
  $db = $this->db;
215
  if (defined('DB_CHARSET'))
218
  $info['charset_collate'] = $db->getCharsetCollate();
219
  return $info;
220
  }
221
+
222
+ public function cookieInfo() {
223
+ $resp = array();
224
+ if (defined('COOKIEPATH'))
225
+ $resp['cookiepath'] = COOKIEPATH;
226
+ if (defined('COOKIE_DOMAIN'))
227
+ $resp['cookiedomain'] = COOKIE_DOMAIN;
228
+ return array('cookieinfo' => $resp);
229
+ }
230
 
231
  public function activate() {
232
  $resp = array();
244
  case "activateinfo":
245
  $resp = $this->activate();
246
  break;
247
+ case "ckeyinfo":
248
+ $resp = $this->cookieInfo();
249
+ break;
250
  case "gtpsts":
251
  $count = 5;
252
  if (array_key_exists('count', $params))
268
  case "gtwp":
269
  $resp = $this->getWpInfo();
270
  break;
271
+ case "gtallhdrs":
272
+ $data = (function_exists('getallheaders')) ? getallheaders() : false;
273
+ $resp = array("allhdrs" => $data);
274
+ break;
275
+ case "gtsvr":
276
+ $resp = array("svr" => $_SERVER);
277
+ break;
278
  case "getoption":
279
  $resp = array("option" => $this->settings->getOption($params['name']));
280
  break;
callback/wings/ipstore.php CHANGED
@@ -3,7 +3,7 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../protect/ipstore.php';
7
 
8
  class BVIPStoreCallback extends BVCallbackBase {
9
  public $db;
@@ -87,9 +87,8 @@ class BVIPStoreCallback extends BVCallbackBase {
87
  case "insrtips":
88
  $values = $params['values'];
89
  $fields = $params['fields'];
90
- $rmfilter = $params['rmfilter'];
91
- if ($rmfilter) {
92
- $db->deleteBVTableContent($table, $rmfilter);
93
  }
94
  $this->insertIPs($bvTable, $fields, $values);
95
  $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVIPStoreCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp/ipstore.php';
7
 
8
  class BVIPStoreCallback extends BVCallbackBase {
9
  public $db;
87
  case "insrtips":
88
  $values = $params['values'];
89
  $fields = $params['fields'];
90
+ if (array_key_exists('rmfilter', $params)) {
91
+ $db->deleteBVTableContent($table, $params['rmfilter']);
 
92
  }
93
  $this->insertIPs($bvTable, $fields, $values);
94
  $resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
callback/wings/lp.php DELETED
@@ -1,74 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVLoginProtectCallback')) :
5
-
6
- require_once dirname( __FILE__ ) . '/../../protect/wp_lp/lp.php';
7
-
8
- class BVLoginProtectCallback extends BVCallbackBase {
9
- public $db;
10
- public $settings;
11
-
12
- public function __construct($callback_handler) {
13
- $this->db = $callback_handler->db;
14
- $this->settings = $callback_handler->settings;
15
- }
16
-
17
- public function unBlockLogins() {
18
- $this->settings->deleteTransient('bvlp_block_logins');
19
- $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
20
- return $this->settings->getTransient('bvlp_allow_logins');
21
- }
22
-
23
- public function blockLogins($time) {
24
- $this->settings->deleteTransient('bvlp_allow_logins');
25
- $this->settings->setTransient('bvlp_block_logins', 'true', $time);
26
- return $this->settings->getTransient('bvlp_block_logins');
27
- }
28
-
29
- public function unBlockIP($ip, $attempts, $time) {
30
- $transient_name = BVWPLP::$unblock_ip_transient.$ip;
31
- $this->settings->setTransient($transient_name, $attempts, $time);
32
- return $this->settings->getTransient($transient_name);
33
- }
34
-
35
- public function process($request) {
36
- $params = $request->params;
37
- $config = new BVWPLPConfig($this->db, $this->settings);
38
- switch ($request->method) {
39
- case "clrconfig":
40
- $resp = array("clearconfig" => $config->clear());
41
- break;
42
- case "setmode":
43
- $config->setMode($params['mode']);
44
- $resp = array("setmode" => $config->getMode());
45
- break;
46
- case "setcaptchalimit":
47
- $config->setCaptchaLimit($params['captcha_limit']);
48
- $resp = array("captcha_limit" => $config->getCaptchaLimit());
49
- break;
50
- case "settmpblklimit":
51
- $config->setTempBlockLimit($params['temp_block_limit']);
52
- $resp = array("temp_block_limit" => $config->getTempBlockLimit());
53
- break;
54
- case "setblkalllimit":
55
- $config->setBlockAllLimit($params['block_all_limit']);
56
- $resp = array("block_all_limit" => $config->getBlockAllLimit());
57
- break;
58
- case "unblklogins":
59
- $resp = array("unblocklogins" => $this->unBlockLogins());
60
- break;
61
- case "blklogins":
62
- $time = array_key_exists('time', $params) ? $params['time'] : 1800;
63
- $resp = array("blocklogins" => $this->blockLogins($time));
64
- break;
65
- case "unblkip":
66
- $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
67
- break;
68
- default:
69
- $resp = false;
70
- }
71
- return $resp;
72
- }
73
- }
74
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
callback/wings/misc.php CHANGED
@@ -23,9 +23,9 @@ class BVMiscCallback extends BVCallbackBase {
23
  switch ($request->method) {
24
  case "dummyping":
25
  $resp = array();
26
- $resp = array_merge($resp, $this->siteinfo->respInfo());
27
- $resp = array_merge($resp, $this->account->respInfo());
28
- $resp = array_merge($resp, $this->bvinfo->respInfo());
29
  break;
30
  case "enablebadge":
31
  $option = $bvinfo->badgeinfo;
@@ -52,14 +52,6 @@ class BVMiscCallback extends BVCallbackBase {
52
  $settings->deleteOption('bvdynplug');
53
  $resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
  break;
55
- case "setptplug":
56
- $settings->updateOption('bvptplug', $params['ptplug']);
57
- $resp = array("setptplug" => $settings->getOption('bvptplug'));
58
- break;
59
- case "unsetptplug":
60
- $settings->deleteOption('bvptlug');
61
- $resp = array("unsetptplug" => $settings->getOption('bvptlug'));
62
- break;
63
  case "wpupplgs":
64
  $resp = array("wpupdateplugins" => wp_update_plugins());
65
  break;
@@ -69,10 +61,6 @@ class BVMiscCallback extends BVCallbackBase {
69
  case "wpupcre":
70
  $resp = array("wpupdatecore" => wp_version_check());
71
  break;
72
- case "rmmonitime":
73
- $this->settings->deleteOption('bvmonittime');
74
- $resp = array("rmmonitime" => !$bvinfo->getMonitTime());
75
- break;
76
  case "phpinfo":
77
  phpinfo();
78
  die();
@@ -86,4 +74,4 @@ class BVMiscCallback extends BVCallbackBase {
86
  return $resp;
87
  }
88
  }
89
- endif;
23
  switch ($request->method) {
24
  case "dummyping":
25
  $resp = array();
26
+ $resp = array_merge($resp, $this->siteinfo->info());
27
+ $resp = array_merge($resp, $this->account->info());
28
+ $resp = array_merge($resp, $this->bvinfo->info());
29
  break;
30
  case "enablebadge":
31
  $option = $bvinfo->badgeinfo;
52
  $settings->deleteOption('bvdynplug');
53
  $resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
54
  break;
 
 
 
 
 
 
 
 
55
  case "wpupplgs":
56
  $resp = array("wpupdateplugins" => wp_update_plugins());
57
  break;
61
  case "wpupcre":
62
  $resp = array("wpupdatecore" => wp_version_check());
63
  break;
 
 
 
 
64
  case "phpinfo":
65
  phpinfo();
66
  die();
74
  return $resp;
75
  }
76
  }
77
+ endif;
callback/wings/protect.php CHANGED
@@ -3,7 +3,9 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
- require_once dirname( __FILE__ ) . '/../../protect/protect.php';
 
 
7
 
8
  class BVProtectCallback extends BVCallbackBase {
9
  public $db;
@@ -14,10 +16,376 @@ class BVProtectCallback extends BVCallbackBase {
14
  $this->settings = $callback_handler->settings;
15
  }
16
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17
  public function process($request) {
18
  $bvinfo = new MCInfo($this->settings);
19
- $protect = new BVProtect($this->db, $this->settings);
20
  $params = $request->params;
 
21
  switch ($request->method) {
22
  case "gtipprobeinfo":
23
  $resp = array();
@@ -31,41 +399,112 @@ class BVProtectCallback extends BVCallbackBase {
31
  }
32
  }
33
  $resp["hdrsinfo"] = $hdrsinfo;
34
- if ($iphdr = $this->settings->getOption($bvinfo->ip_header_option)) {
35
- $resp["iphdr"] = $iphdr;
36
- }
 
 
 
 
 
 
 
 
 
37
  break;
38
  case "gtraddr":
39
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
40
  $resp = array("raddr" => $raddr);
41
  break;
42
- case "gtallhdrs":
43
- $data = (function_exists('getallheaders')) ? getallheaders() : false;
44
- $resp = array("allhdrs" => $data);
45
  break;
46
- case "gtsvr":
47
- $resp = array("svr" => $_SERVER);
48
  break;
49
- case "gtip":
50
- $resp = array("ip" => $protect->getIP());
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
51
  break;
52
- case "stiphdr":
53
- $option_name = $bvinfo->ip_header_option;
54
- $iphdr = array('hdr' => $params['hdr'], 'pos' => $params['pos']);
55
- $this->settings->updateOption($option_name, $iphdr);
56
- $resp = array("iphdr" => $this->settings->getOption($option_name));
57
  break;
58
- case "gtiphdr":
59
- $resp = array("iphdr" => $this->settings->getOption($bvinfo->ip_header_option));
60
  break;
61
- case "rmiphdr":
62
- $option_name = $bvinfo->ip_header_option;
63
- $this->settings->deleteOption($option_name);
64
- $resp = array("iphdr" => $this->settings->getOption($option_name));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
  break;
66
  default:
67
  $resp = false;
68
  }
 
69
  return $resp;
70
  }
71
  }
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVProtectCallback')) :
5
 
6
+ require_once dirname( __FILE__ ) . '/../../protect/wp/protect.php';
7
+ require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
8
+ require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
9
 
10
  class BVProtectCallback extends BVCallbackBase {
11
  public $db;
16
  $this->settings = $callback_handler->settings;
17
  }
18
 
19
+ public function contentDir() {
20
+ return defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : "";
21
+ }
22
+
23
+ public function mcDataPath() {
24
+ return $this->contentDir() . '/mc_data/';
25
+ }
26
+
27
+ public function mcIPsFilePath($confkey) {
28
+ return $this->mcDataPath() . $confkey. '-mc_ips.conf';
29
+ }
30
+
31
+ public function mcConfigFilePath($confkey) {
32
+ return $this->mcDataPath() . $confkey. '-mc.conf';
33
+ }
34
+
35
+ public function mcLogFilePath($confkey) {
36
+ return $this->mcDataPath() . $confkey. '-mc.log';
37
+ }
38
+
39
+ public function mcWAFFilePath() {
40
+ return ABSPATH . 'malcare-waf.php';
41
+ }
42
+
43
+ public function htAccessFilePath() {
44
+ return ABSPATH . '.htaccess';
45
+ }
46
+
47
+ public function useriniFilePath() {
48
+ return ABSPATH . '.user.ini';
49
+ }
50
+
51
+ public function writeToFile($file, $content, $permissions) {
52
+ $tmp_file = tmpfile();
53
+ $result = array();
54
+
55
+ if (!$tmp_file) {
56
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_CREATE_TMPFILE');
57
+ } else {
58
+ $tmpmeta = stream_get_meta_data($tmp_file);
59
+ $tmpfilename = $tmpmeta['uri'];
60
+
61
+ if (file_put_contents($tmpfilename, $content)) {
62
+
63
+ $tmp_contents = file_get_contents($tmpfilename);
64
+
65
+ if ($tmp_contents !== $content) {
66
+ $result = array('status' => 'Error', 'message' => 'TMPFILE_CONTENT_MISMATCH');
67
+ } else if (!@rename($tmpfilename, $file)) {
68
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_RENAME_TMPFILE');
69
+ } else {
70
+ chmod($file, $permissions);
71
+ $fcontent = file_get_contents($file);
72
+
73
+ if ($fcontent !== $content) {
74
+ $result = array(
75
+ 'status' => 'Error',
76
+ 'message' => 'FILE_NOT_WRITTEN_PROPERLY',
77
+ 'content' => $fcontent
78
+ );
79
+ } else {
80
+ $result = array('status' => 'Done');
81
+ }
82
+
83
+ }
84
+ } else {
85
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_WRITE_IN_TMPFILE');
86
+ }
87
+ }
88
+ return $result;
89
+ }
90
+
91
+ public function writeToMcDataFile($fname, $content, $confkey, $permissions) {
92
+ $result = array();
93
+ if (in_array($fname, BVFWConfig::VALID_MC_DATA_FILENAMES)) {
94
+
95
+ $mcDataPath = $this->mcDataPath();
96
+
97
+ if (file_exists($mcDataPath)) {
98
+ $filepath = $mcDataPath . $confkey . '-' . $fname;
99
+ $result = $this->writeToFile($filepath, $content, $permissions);
100
+ } else {
101
+ $result['status'] = 'Error';
102
+ $result['message'] = 'MC_DATA_PATH_DOES_NOT_EXISTS';
103
+ }
104
+
105
+ } else {
106
+ $result['status'] = 'Error';
107
+ $result['message'] = 'INVALID_FILE_NAME';
108
+ }
109
+ return $result;
110
+ }
111
+
112
+ public function getMalcareWAFContent($confkey) {
113
+ return sprintf(
114
+ '<?php
115
+ // Please validate auto_prepend_file setting before removing this file
116
+
117
+ if (file_exists(%1$s)) {
118
+ define("MCDATAPATH", %2$s);
119
+ define("MCCONFKEY", %3$s);
120
+ include_once(%1$s);
121
+ }
122
+ ?>',
123
+ var_export(MCBASEPATH . 'protect/prepend/ignitor.php', true),
124
+ var_export($this->mcDataPath(), true),
125
+ var_export($confkey, true)
126
+ );
127
+ }
128
+
129
+ public function configureMalcareWAF($confkey) {
130
+ $result = array();
131
+ if (!$confkey || $confkey === "") {
132
+ $result['status'] = 'Error';
133
+ $result['message'] = 'INVALID_CONFKEY';
134
+ } else {
135
+
136
+ $content = $this->getMalcareWAFContent($confkey);
137
+ $result = $this->writeToFile($this->mcWAFFilePath(), $content, 0644);
138
+ }
139
+
140
+ return $result;
141
+ }
142
+
143
+ public function addPrependToHtaccess($user_ini, $mode) {
144
+ $userIniHtaccessContent = '';
145
+ if ($user_ini) {
146
+ $userIniHtaccessContent = sprintf('<Files "%s">
147
+ <IfModule mod_authz_core.c>
148
+ Require all denied
149
+ </IfModule>
150
+ <IfModule !mod_authz_core.c>
151
+ Order deny,allow
152
+ Deny from all
153
+ </IfModule>
154
+ </Files>
155
+ ', $user_ini);
156
+ }
157
+
158
+ switch ($mode) {
159
+ case BVFWConfig::MODE_APACHEMODPHP:
160
+ $htaccessPrependContent = sprintf("# MalCare WAF
161
+ <IfModule mod_php5.c>
162
+ php_value auto_prepend_file '%s'
163
+ </IfModule>
164
+ <IfModule mod_php7.c>
165
+ php_value auto_prepend_file '%s'
166
+ </IfModule>
167
+ $userIniHtaccessContent
168
+ # END MalCare WAF
169
+ ", $this->mcWAFFilePath(), $this->mcWAFFilePath());
170
+ break;
171
+
172
+ case BVFWConfig::MODE_LITESPEED:
173
+ $htaccessPrependContent = sprintf("# MalCare WAF
174
+ <IfModule LiteSpeed>
175
+ php_value auto_prepend_file '%s'
176
+ </IfModule>
177
+ <IfModule lsapi_module>
178
+ php_value auto_prepend_file '%s'
179
+ </IfModule>
180
+ $userIniHtaccessContent
181
+ # END MalCare WAF
182
+ ", $this->mcWAFFilePath(), $this->mcWAFFilePath());
183
+ break;
184
+
185
+ case BVFWConfig::MODE_APACHESUPHP:
186
+ $htaccessPrependContent = sprintf("# MalCare WAF
187
+ $userIniHtaccessContent
188
+ # END MalCare WAF
189
+ ", ABSPATH);
190
+ break;
191
+
192
+ case BVFWConfig::MODE_CGI_FASTCGI:
193
+ if ($userIniHtaccessContent) {
194
+ $htaccessPrependContent = sprintf("# MalCare WAF
195
+ $userIniHtaccessContent
196
+ # END MalCare WAF
197
+ ", ABSPATH);
198
+ }
199
+ break;
200
+
201
+ }
202
+
203
+ $result = array();
204
+ $htaccessPath = $this->htAccessFilePath();
205
+
206
+ if (!empty($htaccessPrependContent)) {
207
+ $htaccessContent = '';
208
+ if (file_exists($htaccessPath)) {
209
+ $htaccessContent = file_get_contents($htaccessPath);
210
+ }
211
+
212
+ if (!empty($htaccessContent)) {
213
+ $regex = '/# MalCare WAF.*?# END MalCare WAF/is';
214
+ if (preg_match($regex, $htaccessContent, $matches)) {
215
+ $htaccessContent = preg_replace($regex, $htaccessPrependContent, $htaccessContent);
216
+ } else {
217
+ $htaccessContent .= "\n\n" . $htaccessPrependContent;
218
+ }
219
+ } else {
220
+ $htaccessContent = $htaccessPrependContent;
221
+ }
222
+
223
+ $result = $this->writeToFile($htaccessPath, $htaccessContent, 0755);
224
+
225
+ if ($mode == BVFWConfig::MODE_LITESPEED) {
226
+ touch($htaccessPath);
227
+ }
228
+
229
+ }
230
+
231
+ if (file_exists($htaccessPath)) {
232
+ $result['content'] = file_get_contents($htaccessPath);
233
+ }
234
+
235
+ return $result;
236
+ }
237
+
238
+ public function removePrependFromHtaccess() {
239
+ $result = array();
240
+ $htaccessPath = $this->htAccessFilePath();
241
+
242
+ if (file_exists($htaccessPath)) {
243
+ $htaccessContent = file_get_contents($htaccessPath);
244
+ $regex = '/# MalCare WAF.*?# END MalCare WAF/is';
245
+
246
+ if (preg_match($regex, $htaccessContent, $matches)) {
247
+ $htaccessContent = preg_replace($regex, '', $htaccessContent);
248
+
249
+ $result = $this->writeToFile($htaccessPath, $htaccessContent, 0755);
250
+ }
251
+ }
252
+
253
+ if (file_exists($htaccessPath)) {
254
+ $result['content'] = file_get_contents($htaccessPath);
255
+ }
256
+
257
+ return $result;
258
+ }
259
+
260
+ public function addPrependToUserini($mode) {
261
+ switch ($mode) {
262
+ case BVFWConfig::MODE_CGI_FASTCGI:
263
+ case BVFWConfig::MODE_NGINX:
264
+ case BVFWConfig::MODE_IIS:
265
+ case BVFWConfig::MODE_LITESPEED:
266
+ case BVFWConfig::MODE_APACHESUPHP:
267
+ $useriniPrependContent = sprintf("; MalCare WAF
268
+ auto_prepend_file = '%s'
269
+ ; END MalCare WAF
270
+ ", $this->mcWAFFilePath());
271
+ break;
272
+ }
273
+
274
+ $result = array();
275
+ $useriniPath = $this->useriniFilePath();
276
+
277
+ if (!empty($useriniPrependContent)) {
278
+ $useriniContent = '';
279
+ if (file_exists($useriniPath)) {
280
+ $useriniContent = file_get_contents($useriniPath);
281
+ }
282
+ if (!empty($useriniContent)) {
283
+ $useriniContent = str_replace('auto_prepend_file', ';auto_prepend_file', $useriniContent);
284
+ $regex = '/; MalCare WAF.*?; END MalCare WAF/is';
285
+ if (preg_match($regex, $useriniContent, $matches)) {
286
+ $useriniContent = preg_replace($regex, $useriniPrependContent, $useriniContent);
287
+ } else {
288
+ $useriniContent .= "\n\n" . $useriniPrependContent;
289
+ }
290
+ } else {
291
+ $useriniContent = $useriniPrependContent;
292
+ }
293
+
294
+ $result = $this->writeToFile($useriniPath, $useriniContent, 0755);
295
+ }
296
+
297
+ if (file_exists($useriniPath)) {
298
+ $result['content'] = file_get_contents($useriniPath);
299
+ }
300
+
301
+ return $result;
302
+ }
303
+
304
+ public function removePrependFromUserini() {
305
+ $result = array();
306
+ $useriniPath = $this->UseriniFilePath();
307
+
308
+ if (file_exists($useriniPath)) {
309
+ $useriniContent = file_get_contents($useriniPath);
310
+ $regex = '/; MalCare WAF.*?; END MalCare WAF/is';
311
+
312
+ if (preg_match($regex, $useriniContent, $matches)) {
313
+ $useriniContent = preg_replace($regex, '', $useriniContent);
314
+
315
+ $result = $this->writeToFile($useriniPath, $useriniContent, 0755);
316
+ }
317
+ }
318
+
319
+ if (file_exists($useriniPath)) {
320
+ $result['content'] = file_get_contents($useriniPath);
321
+ }
322
+
323
+ return $result;
324
+ }
325
+
326
+ public function serverConfig() {
327
+ return array(
328
+ 'software' => $_SERVER['SERVER_SOFTWARE'],
329
+ 'sapi' => (function_exists('php_sapi_name')) ? php_sapi_name() : false,
330
+ 'has_apache_get_modules' => function_exists('apache_get_modules'),
331
+ 'posix_getuid' => (function_exists('posix_getuid')) ? posix_getuid() : null,
332
+ 'uid' => (function_exists('getmyuid')) ? getmyuid() : null,
333
+ 'user_ini' => ini_get('user_ini.filename'),
334
+ 'php_major_version' => PHP_MAJOR_VERSION
335
+ );
336
+ }
337
+
338
+ public function removeDir($dir) {
339
+ $result = array();
340
+ if (file_exists($dir)) {
341
+ if (rmdir($dir)) {
342
+ $result = array('status' => 'Done');
343
+ } else {
344
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_REMOVE_DIR');
345
+ }
346
+ } else {
347
+ $result = array('status' => 'Done', 'message' => 'DIR_DOESNOT_EXISTS');
348
+ }
349
+
350
+ return $result;
351
+ }
352
+
353
+ public function removeFile($filename) {
354
+ $result = array();
355
+ if (file_exists($filename)) {
356
+ if (unlink($filename)) {
357
+ $result = array('status' => 'Done');
358
+ } else {
359
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_REMOVE_FILE');
360
+ }
361
+ } else {
362
+ $result = array('status' => 'Done', 'message' => 'FILE_DOESNOT_EXISTS');
363
+ }
364
+ return $result;
365
+ }
366
+
367
+ public function unBlockLogins() {
368
+ $this->settings->deleteTransient('bvlp_block_logins');
369
+ $this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
370
+ return $this->settings->getTransient('bvlp_allow_logins');
371
+ }
372
+
373
+ public function blockLogins($time) {
374
+ $this->settings->deleteTransient('bvlp_allow_logins');
375
+ $this->settings->setTransient('bvlp_block_logins', 'true', $time);
376
+ return $this->settings->getTransient('bvlp_block_logins');
377
+ }
378
+
379
+ public function unBlockIP($ip, $attempts, $time) {
380
+ $transient_name = BVWPLP::$unblock_ip_transient.$ip;
381
+ $this->settings->setTransient($transient_name, $attempts, $time);
382
+ return $this->settings->getTransient($transient_name);
383
+ }
384
+
385
  public function process($request) {
386
  $bvinfo = new MCInfo($this->settings);
 
387
  $params = $request->params;
388
+
389
  switch ($request->method) {
390
  case "gtipprobeinfo":
391
  $resp = array();
399
  }
400
  }
401
  $resp["hdrsinfo"] = $hdrsinfo;
402
+ break;
403
+ case "gtptcnf":
404
+ $resp = array('conf' => $this->settings->getOption('bvptconf'));
405
+ break;
406
+ case "clrcnf":
407
+ $this->settings->deleteOption('bvptconf');
408
+ $this->settings->deleteOption('bvptplug');
409
+ $resp = array("clearconfig" => true);
410
+ break;
411
+ case "docnf":
412
+ $this->settings->updateOption('bvptconf', $params['conf']);
413
+ $resp = array('conf' => $this->settings->getOption('bvptconf'));
414
  break;
415
  case "gtraddr":
416
  $raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
417
  $resp = array("raddr" => $raddr);
418
  break;
419
+ case "svrcnf":
420
+ $resp = array("serverconfig" => $this->serverConfig());
 
421
  break;
422
+ case "gtmcwafcntent":
423
+ $resp = array('content' => $this->getMalcareWAFContent($params['confkey']));
424
  break;
425
+ case "wrtmcdtafle":
426
+ $permissions = array_key_exists('permissions', $params) ? $params['permissions'] : 0664;
427
+ $confkey = $params['confkey'];
428
+ $fname = $params['fname'];
429
+ $content = $params['content'];
430
+ $resp = array('writetomcdatafile' => $this->writeToMcDataFile($fname, $content, $confkey, $permissions));
431
+ break;
432
+ case "cnfgrewaf":
433
+ $confkey = $params['confkey'];
434
+ $resp = array('configurewaf' => $this->configureMalcareWAF($confkey));
435
+ break;
436
+ case "rmmcdta":
437
+ $name = $params['name'];
438
+ if (in_array($name, BVFWConfig::VALID_DELETABLE_FILES)) {
439
+ switch($name) {
440
+ case "mc.conf":
441
+ $name = $this->mcConfigFilePath($params['confkey']);
442
+ $resp = $this->removeFile($name);
443
+ break;
444
+ case "mc_ips.conf":
445
+ $name = $this->mcIPsFilePath($params['confkey']);
446
+ $resp = $this->removeFile($name);
447
+ break;
448
+ case "malcare-waf.php":
449
+ $name = $this->mcWAFFilePath();
450
+ $resp = $this->removeFile($name);
451
+ break;
452
+ case "mc.log":
453
+ $name = $this->mcLogFilePath($params['confkey']);
454
+ $resp = $this->removeFile($name);
455
+ break;
456
+ case "mc_data":
457
+ $dir = $this->mcDataPath();
458
+ $resp = $this->removeDir($dir);
459
+ break;
460
+ default:
461
+ $resp = array('status' => 'Error', 'message' => 'INCORRECT_FILENAME');
462
+ }
463
+ } else {
464
+ $resp = array('status' => 'Error', 'message' => 'INCORRECT_FILENAME');
465
+ }
466
  break;
467
+ case "addprepndtohtacess":
468
+ $user_ini = $params['user_ini'];
469
+ $mode = intval($params['mode']);
470
+ $resp = array('prependtohtaccess' => $this->addPrependToHtaccess($user_ini, $mode));
 
471
  break;
472
+ case "rmprepndfrmhtacess":
473
+ $resp = array('removefromhtaccess' => $this->removePrependFromHtaccess());
474
  break;
475
+ case "addprepndtousrini":
476
+ $mode = intval($params['mode']);
477
+ $resp = array('prependtouserini' => $this->addPrependToUserini($mode));
478
+ break;
479
+ case "rmprepndfrmusrini":
480
+ $resp = array('removefromuserini' => $this->removePrependFromUserini());
481
+ break;
482
+ case "setptplug":
483
+ $this->settings->updateOption('bvptplug', $params['ptplug']);
484
+ $resp = array("setptplug" => $this->settings->getOption('bvptplug'));
485
+ break;
486
+ case "unsetptplug":
487
+ $this->settings->deleteOption('bvptlug');
488
+ $resp = array("unsetptplug" => $this->settings->getOption('bvptlug'));
489
+ break;
490
+ case "unblklogins":
491
+ $resp = array("unblocklogins" => $this->unBlockLogins());
492
+ break;
493
+ case "blklogins":
494
+ $time = array_key_exists('time', $params) ? $params['time'] : 1800;
495
+ $resp = array("blocklogins" => $this->blockLogins($time));
496
+ break;
497
+ case "unblkip":
498
+ $resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
499
+ break;
500
+ case "rmwatchtime":
501
+ $this->settings->deleteOption('bvwatchtime');
502
+ $resp = array("rmwatchtime" => !$bvinfo->getWatchTime());
503
  break;
504
  default:
505
  $resp = false;
506
  }
507
+
508
  return $resp;
509
  }
510
  }
callback/wings/{monit.php → watch.php} RENAMED
@@ -1,9 +1,9 @@
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVMonitCallback')) :
5
 
6
- class BVMonitCallback extends BVCallbackBase {
7
  public $db;
8
  public $settings;
9
 
@@ -31,20 +31,65 @@ class BVMonitCallback extends BVCallbackBase {
31
  return $this->db->deleteBVTableContent($name, $filter);
32
  }
33
 
34
- public function setMonitTime() {
35
- return $this->settings->updateOption('bvmonittime', time());
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
36
  }
37
 
38
  public function process($request) {
39
  $db = $this->db;
40
  $settings = $this->settings;
41
- $this->setMonitTime();
42
  $params = $request->params;
 
43
  switch ($request->method) {
44
  case "getdata":
45
  $resp = array();
 
46
  if (array_key_exists('lp', $params)) {
47
- require_once dirname( __FILE__ ) . '/../../protect/wp_lp/config.php';
48
  $lp_params = $params['lp'];
49
  $limit = intval(urldecode($lp_params['limit']));
50
  $filter = urldecode($lp_params['filter']);
@@ -52,15 +97,22 @@ class BVMonitCallback extends BVCallbackBase {
52
  $table = $db->getBVTable(BVWPLPConfig::$requests_table);
53
  $resp["lplogs"] = $this->getData($table, $limit, $filter);
54
  }
 
 
 
 
 
 
55
  if (array_key_exists('fw', $params)) {
56
- require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
57
  $fw_params = $params['fw'];
58
  $limit = intval(urldecode($fw_params['limit']));
59
  $filter = urldecode($fw_params['filter']);
60
- $db->deleteBVTableContent(BVWPFWConfig::$requests_table, $fw_params['rmfilter']);
61
- $table = $db->getBVTable(BVWPFWConfig::$requests_table);
62
  $resp["fwlogs"] = $this->getData($table, $limit, $filter);
63
  }
 
64
  if (array_key_exists('dynevent', $params)) {
65
  require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
66
  $isdynsyncactive = $settings->getOption('bvDynSyncActive');
@@ -76,6 +128,7 @@ class BVMonitCallback extends BVCallbackBase {
76
  $resp["status"] = true;
77
  }
78
  }
 
79
  $resp["status"] = "done";
80
  break;
81
  case "rmdata":
1
  <?php
2
 
3
  if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWatchCallback')) :
5
 
6
+ class BVWatchCallback extends BVCallbackBase {
7
  public $db;
8
  public $settings;
9
 
31
  return $this->db->deleteBVTableContent($name, $filter);
32
  }
33
 
34
+ public function setWatchTime() {
35
+ return $this->settings->updateOption('bvwatchtime', time());
36
+ }
37
+
38
+ public function getFWPrependLog($params) {
39
+ $result = array();
40
+ $fname = $params['fname'];
41
+ $limit = intval($params['limit']);
42
+
43
+ if (file_exists($fname)) {
44
+
45
+ $result['exists'] = true;
46
+ $tmpfname = $fname."tmp";
47
+
48
+ if (!@rename($fname, $tmpfname)) {
49
+
50
+ $result = array('status' => 'Error', 'message' => 'UNABLE_TO_RENAME_LOGFILE');
51
+
52
+ } else {
53
+
54
+ if (file_exists($tmpfname)) {
55
+
56
+ $fsize = filesize($tmpfname);
57
+ $result["size"] = $fsize;
58
+
59
+ if ($fsize <= $limit) {
60
+
61
+ $result['content'] = file_get_contents($tmpfname);
62
+
63
+ } else {
64
+ $handle = fopen($tmpfname, "rb");
65
+ $result['content'] = fread($handle, $limit);
66
+ $result['incomplete'] = true;
67
+ fclose($handle);
68
+ }
69
+
70
+ $result['tmpfile'] = unlink($tmpfname);
71
+ } else {
72
+ $result['tmpfile'] = 'DOES_NOT_EXISTS';
73
+ }
74
+
75
+ }
76
+ }
77
+
78
+ return $result;
79
  }
80
 
81
  public function process($request) {
82
  $db = $this->db;
83
  $settings = $this->settings;
84
+ $this->setWatchTime();
85
  $params = $request->params;
86
+
87
  switch ($request->method) {
88
  case "getdata":
89
  $resp = array();
90
+
91
  if (array_key_exists('lp', $params)) {
92
+ require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
93
  $lp_params = $params['lp'];
94
  $limit = intval(urldecode($lp_params['limit']));
95
  $filter = urldecode($lp_params['filter']);
97
  $table = $db->getBVTable(BVWPLPConfig::$requests_table);
98
  $resp["lplogs"] = $this->getData($table, $limit, $filter);
99
  }
100
+
101
+ if (array_key_exists('prelog', $params)) {
102
+ $prelog_params = $params['prelog'];
103
+ $resp["prelog"] = $this->getFWPrependLog($prelog_params);
104
+ }
105
+
106
  if (array_key_exists('fw', $params)) {
107
+ require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
108
  $fw_params = $params['fw'];
109
  $limit = intval(urldecode($fw_params['limit']));
110
  $filter = urldecode($fw_params['filter']);
111
+ $db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
112
+ $table = $db->getBVTable(BVFWConfig::$requests_table);
113
  $resp["fwlogs"] = $this->getData($table, $limit, $filter);
114
  }
115
+
116
  if (array_key_exists('dynevent', $params)) {
117
  require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
118
  $isdynsyncactive = $settings->getOption('bvDynSyncActive');
128
  $resp["status"] = true;
129
  }
130
  }
131
+
132
  $resp["status"] = "done";
133
  break;
134
  case "rmdata":
img/cw_icon.png ADDED
Binary file
info.php CHANGED
@@ -9,12 +9,13 @@ if (!class_exists('MCInfo')) :
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
- public $version = '3.4';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
16
  public $plug_redirect = 'mcredirect';
17
  public $logo = '../img/logo.png';
 
18
 
19
  public function __construct($settings) {
20
  $this->settings = $settings;
@@ -32,8 +33,16 @@ if (!class_exists('MCInfo')) :
32
  return $this->brandname;
33
  }
34
 
35
- public function getMonitTime() {
36
- $time = $this->settings->getOption('bvmonittime');
 
 
 
 
 
 
 
 
37
  return ($time ? $time : 0);
38
  }
39
 
@@ -48,10 +57,10 @@ if (!class_exists('MCInfo')) :
48
  return $this->appurl;
49
  }
50
  }
51
-
52
  public function isActivePlugin() {
53
  $expiry_time = time() - (3 * 24 * 3600);
54
- return ($this->getMonitTime() > $expiry_time);
55
  }
56
 
57
  public function isProtectModuleEnabled() {
@@ -63,6 +72,7 @@ if (!class_exists('MCInfo')) :
63
  return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
64
  $this->isActivePlugin();
65
  }
 
66
  public function isActivateRedirectSet() {
67
  return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
68
  }
@@ -75,10 +85,11 @@ if (!class_exists('MCInfo')) :
75
  return $this->getBrandName() === 'BlogVault';
76
  }
77
 
78
- public function respInfo() {
79
  return array(
80
  "bvversion" => $this->version,
81
- "sha1" => "true"
 
82
  );
83
  }
84
  }
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
+ public $version = '3.5';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
16
  public $plug_redirect = 'mcredirect';
17
  public $logo = '../img/logo.png';
18
+ public $brand_icon = '/img/icon.png';
19
 
20
  public function __construct($settings) {
21
  $this->settings = $settings;
33
  return $this->brandname;
34
  }
35
 
36
+ public function getBrandIcon() {
37
+ $brand = $this->getBrandInfo();
38
+ if ($brand && array_key_exists('brand_icon', $brand)) {
39
+ return $brand['brand_icon'];
40
+ }
41
+ return $this->brand_icon;
42
+ }
43
+
44
+ public function getWatchTime() {
45
+ $time = $this->settings->getOption('bvwatchtime');
46
  return ($time ? $time : 0);
47
  }
48
 
57
  return $this->appurl;
58
  }
59
  }
60
+
61
  public function isActivePlugin() {
62
  $expiry_time = time() - (3 * 24 * 3600);
63
+ return ($this->getWatchTime() > $expiry_time);
64
  }
65
 
66
  public function isProtectModuleEnabled() {
72
  return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
73
  $this->isActivePlugin();
74
  }
75
+
76
  public function isActivateRedirectSet() {
77
  return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
78
  }
85
  return $this->getBrandName() === 'BlogVault';
86
  }
87
 
88
+ public function info() {
89
  return array(
90
  "bvversion" => $this->version,
91
+ "sha1" => "true",
92
+ "plugname" => $this->plugname
93
  );
94
  }
95
  }
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 3.4
9
  Network: True
10
  */
11
 
@@ -28,6 +28,7 @@ Network: True
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
 
31
  require_once dirname( __FILE__ ) . '/wp_settings.php';
32
  require_once dirname( __FILE__ ) . '/wp_site_info.php';
33
  require_once dirname( __FILE__ ) . '/wp_db.php';
@@ -53,14 +54,14 @@ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
53
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
54
 
55
  if (defined('WP_CLI') && WP_CLI) {
56
- require_once dirname( __FILE__ ) . '/wp_cli.php';
57
- $wp_cli = new MCWPCli($bvsettings);
58
- WP_CLI::add_command('malcare', $wp_cli);
59
- }
60
 
61
  if (is_admin()) {
62
  require_once dirname( __FILE__ ) . '/wp_admin.php';
63
- $wpadmin = new MCWPAdmin($bvsettings, $bvsiteinfo);
64
  add_action('admin_init', array($wpadmin, 'initHandler'));
65
  add_filter('all_plugins', array($wpadmin, 'initBranding'));
66
  add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
@@ -70,6 +71,7 @@ if (is_admin()) {
70
  add_action('admin_menu', array($wpadmin, 'menu'));
71
  }
72
  add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
 
73
  add_action('admin_notices', array($wpadmin, 'activateWarning'));
74
  add_action('admin_enqueue_scripts', array($wpadmin, 'mcsecAdminMenu'));
75
  }
@@ -97,13 +99,16 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
97
  $response = new BVCallbackResponse($request->bvb64cksize);
98
 
99
  if ($account && (1 === $account->authenticate($request))) {
 
 
 
100
  require_once dirname( __FILE__ ) . '/callback/handler.php';
101
  $params = $request->processParams($_REQUEST);
102
  if ($params === false) {
103
  $resp = array(
104
- "account_info" => $account->respInfo(),
105
- "request_info" => $request->respInfo(),
106
- "bvinfo" => $bvinfo->respInfo(),
107
  "statusmsg" => "BVPRMS_CORRUPTED"
108
  );
109
  $response->terminate($resp);
@@ -120,9 +125,9 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
120
  }
121
  } else {
122
  $resp = array(
123
- "account_info" => $account ? $account->respInfo() : array("error" => "ACCOUNT_NOT_FOUND"),
124
- "request_info" => $request->respInfo(),
125
- "bvinfo" => $bvinfo->respInfo(),
126
  "statusmsg" => "FAILED_AUTH",
127
  "api_pubkey" => substr(MCAccount::getApiPublicKey($bvsettings), 0, 8),
128
  "def_sigmatch" => substr(MCAccount::getSigMatch($request, MCRecover::getDefaultSecret($bvsettings)), 0, 8)
@@ -131,11 +136,10 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
131
  }
132
  } else {
133
  if ($bvinfo->isProtectModuleEnabled()) {
134
- require_once dirname( __FILE__ ) . '/protect/protect.php';
135
- require_once dirname( __FILE__ ) . '/protect/ipstore.php';
136
- $bvprotect = new BVProtect($bvdb, $bvsettings);
137
- $bvprotect->init();
138
- }
139
 
140
  ##DYNSYNCMODULE##
141
  }
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 3.5
9
  Network: True
10
  */
11
 
28
  /* Global response array */
29
 
30
  if (!defined('ABSPATH')) exit;
31
+
32
  require_once dirname( __FILE__ ) . '/wp_settings.php';
33
  require_once dirname( __FILE__ ) . '/wp_site_info.php';
34
  require_once dirname( __FILE__ ) . '/wp_db.php';
54
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
55
 
56
  if (defined('WP_CLI') && WP_CLI) {
57
+ require_once dirname( __FILE__ ) . '/wp_cli.php';
58
+ $wp_cli = new MCWPCli($bvsettings, $bvinfo, $bvsiteinfo, $bvapi);
59
+ WP_CLI::add_command('malcare', $wp_cli);
60
+ }
61
 
62
  if (is_admin()) {
63
  require_once dirname( __FILE__ ) . '/wp_admin.php';
64
+ $wpadmin = new MCWPAdmin($bvsettings, $bvsiteinfo, $bvapi);
65
  add_action('admin_init', array($wpadmin, 'initHandler'));
66
  add_filter('all_plugins', array($wpadmin, 'initBranding'));
67
  add_filter('plugin_row_meta', array($wpadmin, 'hidePluginDetails'), 10, 2);
71
  add_action('admin_menu', array($wpadmin, 'menu'));
72
  }
73
  add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
74
+ add_action('admin_head', array($wpadmin, 'removeAdminNotices'), 3);
75
  add_action('admin_notices', array($wpadmin, 'activateWarning'));
76
  add_action('admin_enqueue_scripts', array($wpadmin, 'mcsecAdminMenu'));
77
  }
99
  $response = new BVCallbackResponse($request->bvb64cksize);
100
 
101
  if ($account && (1 === $account->authenticate($request))) {
102
+ define('MCBASEPATH', plugin_dir_path(__FILE__));
103
+
104
+
105
  require_once dirname( __FILE__ ) . '/callback/handler.php';
106
  $params = $request->processParams($_REQUEST);
107
  if ($params === false) {
108
  $resp = array(
109
+ "account_info" => $account->info(),
110
+ "request_info" => $request->info(),
111
+ "bvinfo" => $bvinfo->info(),
112
  "statusmsg" => "BVPRMS_CORRUPTED"
113
  );
114
  $response->terminate($resp);
125
  }
126
  } else {
127
  $resp = array(
128
+ "account_info" => $account ? $account->info() : array("error" => "ACCOUNT_NOT_FOUND"),
129
+ "request_info" => $request->info(),
130
+ "bvinfo" => $bvinfo->info(),
131
  "statusmsg" => "FAILED_AUTH",
132
  "api_pubkey" => substr(MCAccount::getApiPublicKey($bvsettings), 0, 8),
133
  "def_sigmatch" => substr(MCAccount::getSigMatch($request, MCRecover::getDefaultSecret($bvsettings)), 0, 8)
136
  }
137
  } else {
138
  if ($bvinfo->isProtectModuleEnabled()) {
139
+ require_once dirname( __FILE__ ) . '/protect/wp/protect.php';
140
+ $bvprotect = new BVProtect($bvdb, $bvsettings);
141
+ $bvprotect->run();
142
+ }
 
143
 
144
  ##DYNSYNCMODULE##
145
  }
protect/base.php ADDED
@@ -0,0 +1,29 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
3
+ if (!class_exists('BVProtectBase')) :
4
+
5
+ class BVProtectBase {
6
+ public static function getIP($ipHeader) {
7
+ $ip = '127.0.0.1';
8
+ if ($ipHeader && is_array($ipHeader)) {
9
+ if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
10
+ $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
11
+ if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
12
+ $ip = $_ips[intval($ipHeader['pos'])];
13
+ }
14
+ }
15
+ } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
16
+ $ip = $_SERVER['REMOTE_ADDR'];
17
+ }
18
+
19
+ $ip = trim($ip);
20
+ if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
21
+ $ip = $matches[1];
22
+ } elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
23
+ $ip = $matches[1];
24
+ }
25
+
26
+ return $ip;
27
+ }
28
+ }
29
+ endif;
protect/fw/config.php ADDED
@@ -0,0 +1,95 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
4
+ if (!class_exists('BVFWConfig')) :
5
+
6
+ class BVFWConfig {
7
+ public $mode;
8
+ public $requestProfilingMode;
9
+ public $roleLevel;
10
+ public $cookieMode;
11
+ public $bypassLevel;
12
+ public $customRoles;
13
+ public $cookieKey;
14
+ public $cookiePath;
15
+ public $cookieDomain;
16
+
17
+ public static $requests_table = 'fw_requests';
18
+ public static $roleLevels = array(
19
+ 'administrator' => BVFWConfig::ROLE_LEVEL_ADMIN,
20
+ 'editor' => BVFWConfig::ROLE_LEVEL_EDITOR,
21
+ 'author' => BVFWConfig::ROLE_LEVEL_AUTHOR,
22
+ 'contributor' => BVFWConfig::ROLE_LEVEL_CONTRIBUTOR,
23
+ 'subscriber' => BVFWConfig::ROLE_LEVEL_SUBSCRIBER
24
+ );
25
+
26
+ function __construct($confHash) {
27
+ $this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVFWConfig::DISABLED;
28
+ $this->requestProfilingMode = array_key_exists('reqprofilingmode', $confHash) ? intval($confHash['reqprofilingmode']) : BVFWConfig::REQ_PROFILING_MODE_DISABLED;
29
+ $this->cookieMode = array_key_exists('cookiemode', $confHash) ? intval($confHash['cookiemode']) : BVFWConfig::COOKIE_MODE_DISABLED;
30
+ $this->bypassLevel = array_key_exists('bypasslevel', $confHash) ? intval($confHash['bypasslevel']) : BVFWConfig::ROLE_LEVEL_CONTRIBUTOR;
31
+ $this->customRoles = array_key_exists('customroles', $confHash) ? $confHash['customroles'] : array();
32
+ $this->cookieKey = array_key_exists('cookiekey', $confHash) ? $confHash['cookiekey'] : "";
33
+ $this->cookiePath = array_key_exists('cookiepath', $confHash) ? $confHash['cookiepath'] : "";
34
+ $this->cookieDomain = array_key_exists('cookiedomain', $confHash) ? $confHash['cookiedomain'] : "";
35
+ }
36
+
37
+ #mode
38
+ const DISABLED = 1;
39
+ const AUDIT = 2;
40
+ const PROTECT = 3;
41
+
42
+ #Request Profiling Mode
43
+ const REQ_PROFILING_MODE_DISABLED = 1;
44
+ const REQ_PROFILING_MODE_NORMAL = 2;
45
+ const REQ_PROFILING_MODE_DEBUG = 3;
46
+
47
+ #Cookie Mode
48
+ const COOKIE_MODE_ENABLED = 1;
49
+ const COOKIE_MODE_DISABLED = 2;
50
+
51
+ #Role Level
52
+ const ROLE_LEVEL_SUBSCRIBER = 1;
53
+ const ROLE_LEVEL_CONTRIBUTOR = 2;
54
+ const ROLE_LEVEL_AUTHOR = 3;
55
+ const ROLE_LEVEL_EDITOR = 4;
56
+ const ROLE_LEVEL_ADMIN = 5;
57
+ const ROLE_LEVEL_CUSTOM = 6;
58
+
59
+ #WebServer Conf Mode
60
+ const MODE_APACHEMODPHP = 1;
61
+ const MODE_APACHESUPHP = 2;
62
+ const MODE_CGI_FASTCGI = 3;
63
+ const MODE_NGINX = 4;
64
+ const MODE_LITESPEED = 5;
65
+ const MODE_IIS = 6;
66
+
67
+ #Valid mc_data filenames
68
+ const VALID_MC_DATA_FILENAMES = ['mc.conf', 'mc_ips.conf'];
69
+ const VALID_DELETABLE_FILES = ['mc.conf', 'mc_ips.conf', 'malcare-waf.php', 'mc.log', 'mc_data'];
70
+
71
+ public function isActive() {
72
+ return ($this->mode !== BVFWConfig::DISABLED);
73
+ }
74
+
75
+ public function isProtecting() {
76
+ return ($this->mode === BVFWConfig::PROTECT);
77
+ }
78
+
79
+ public function isAuditing() {
80
+ return ($this->mode === BVFWConfig::AUDIT);
81
+ }
82
+
83
+ public function isReqProfilingModeDebug() {
84
+ return ($this->requestProfilingMode === BVFWConfig::REQ_PROFILING_MODE_DEBUG);
85
+ }
86
+
87
+ public function canProfileReqInfo() {
88
+ return ($this->requestProfilingMode !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
89
+ }
90
+
91
+ public function canSetCookie() {
92
+ return ($this->cookieMode === BVFWConfig::COOKIE_MODE_ENABLED);
93
+ }
94
+ }
95
+ endif;
protect/fw/fw.php ADDED
@@ -0,0 +1,344 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
4
+ if (!class_exists('BVFW')) :
5
+
6
+ class BVFW {
7
+ public $bvinfo;
8
+ public $request;
9
+ public $config;
10
+ public $ipstore;
11
+ public $category;
12
+ public $logger;
13
+
14
+ const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
15
+ @@HOSTNAME|
16
+ ALTER|ANALYZE|ASENSITIVE|
17
+ BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
18
+ CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
19
+ DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
20
+ EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
21
+ FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
22
+ GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
23
+ IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
24
+ JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
25
+ MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
26
+ NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
27
+ PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
28
+ RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
29
+ SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
30
+ TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
31
+ UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
32
+ VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
33
+
34
+ const XSSREGEX = '/(?:
35
+ #tags
36
+ (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
37
+ #protocols
38
+ (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
39
+ #css expression
40
+ (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
41
+ #css properties
42
+ (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
43
+ #properties
44
+ (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
45
+ )/ix';
46
+
47
+ const BYPASS_COOKIE = "bvfw-bypass-cookie";
48
+ const IP_COOKIE = "bvfw-ip-cookie";
49
+
50
+ public function __construct($logger, $confHash, $ip, $bvinfo, $ipstore) {
51
+ $this->config = new BVFWConfig($confHash);
52
+ $this->request = new BVWPRequest($ip);
53
+ $this->bvinfo = $bvinfo;
54
+ $this->ipstore = $ipstore;
55
+ $this->logger = $logger;
56
+ }
57
+
58
+ public function setcookie($name, $value, $expire) {
59
+ $path = $this->config->cookiePath;
60
+ $cookie_domain = $this->config->cookieDomain;
61
+
62
+ if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
63
+ $secure = function_exists('is_ssl') ? is_ssl() : false;
64
+ @setcookie($name, $value, $expire, $path, $cookie_domain, $secure, true);
65
+ } else {
66
+ @setcookie($name, $value, $expire, $path);
67
+ }
68
+ }
69
+
70
+ public function setBypassCookie() {
71
+ if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
72
+ $roleLevel = $this->getCurrentRoleLevel();
73
+ $bypassLevel = $this->config->bypassLevel;
74
+ if ($roleLevel >= $bypassLevel) {
75
+ $cookie = $this->generateBypassCookie();
76
+ $this->setcookie(BVFW::BYPASS_COOKIE, $cookie, time() + 43200);
77
+ }
78
+ }
79
+ }
80
+
81
+ public function generateBypassCookie() {
82
+ $time = floor(time() / 43200);
83
+ $bypassLevel = $this->config->bypassLevel;
84
+ $cookiekey = $this->config->cookieKey;
85
+ return sha1($bypassLevel.$time.$cookiekey);
86
+ }
87
+
88
+ public function hasValidBypassCookie() {
89
+ $cookie = (string) $this->request->getCookies(BVFW::BYPASS_COOKIE);
90
+ return ($this->config->canSetCookie() && ($cookie === $this->generateBypassCookie()));
91
+ }
92
+
93
+ public function setIPCookie() {
94
+ if (!$this->request->getCookies(BVFW::IP_COOKIE)) {
95
+ $ip = $this->request->getIP();
96
+ $cookiekey = $this->config->cookieKey;
97
+ $time = floor(time() / 86400);
98
+ $cookie = sha1($ip.$time.$cookiekey);
99
+ $this->setcookie(BVFW::IP_COOKIE, $cookie, time() + 86400);
100
+ }
101
+ }
102
+
103
+ public function getBVCookies() {
104
+ $cookies = array();
105
+ $cookies[BVFW::IP_COOKIE] = (string) $this->request->getCookies(BVFW::IP_COOKIE);
106
+ return $cookies;
107
+ }
108
+
109
+ public function getCurrentRoleLevel() {
110
+ if (function_exists('current_user_can')) {
111
+ if (function_exists('is_super_admin') && is_super_admin()) {
112
+ return BVFWConfig::ROLE_LEVEL_ADMIN;
113
+ }
114
+ foreach ($this->config->customRoles as $role) {
115
+ if (current_user_can($role)) {
116
+ return BVFWConfig::ROLE_LEVEL_CUSTOM;
117
+ }
118
+ }
119
+ foreach (BVFWConfig::$roleLevels as $role => $level) {
120
+ if (current_user_can($role)) {
121
+ return $level;
122
+ }
123
+ }
124
+ }
125
+ return 0;
126
+ }
127
+
128
+ public function isActive() {
129
+ return $this->config->isActive();
130
+ }
131
+
132
+ public function canSetCookie() {
133
+ return $this->config->canSetCookie();
134
+ }
135
+
136
+ public function setResponseCode() {
137
+ if (!function_exists('http_response_code')) {
138
+ return false;
139
+ }
140
+
141
+ $this->request->setRespCode(http_response_code());
142
+ return true;
143
+ }
144
+
145
+ public function log() {
146
+ $this->setResponseCode();
147
+
148
+ if ($this->config->canSetCookie()) {
149
+ $canlog = !$this->hasValidBypassCookie();
150
+ } else {
151
+ $canlog = (!function_exists('is_user_logged_in') || !is_user_logged_in());
152
+ }
153
+
154
+ if ($canlog) {
155
+ $this->logger->log($this->request->getDataToLog());
156
+ }
157
+ }
158
+
159
+ public function terminateRequest($category = BVWPRequest::NORMAL) {
160
+ $this->request->setCategory($category);
161
+ $this->request->setStatus(BVWPRequest::BLOCKED);
162
+ $this->request->setRespCode(403);
163
+ header("Cache-Control: no-cache, no-store, must-revalidate");
164
+ header("Pragma: no-cache");
165
+ header("Expires: 0");
166
+ header('HTTP/1.0 403 Forbidden');
167
+ $brandname = $this->bvinfo->getBrandName();
168
+ die("
169
+ <div style='height: 98vh;'>
170
+ <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
171
+ <div><p>$brandname</p></div>
172
+ <p>Blocked because of Malicious Activities</p>
173
+ </div>
174
+ </div>
175
+ ");
176
+ }
177
+
178
+ public function isBlacklistedIP() {
179
+ return $this->ipstore->isFWIPBlacklisted($this->request->getIP());
180
+ }
181
+
182
+ public function isWhitelistedIP() {
183
+ return $this->ipstore->isFWIPWhitelisted($this->request->getIP());
184
+ }
185
+
186
+ public function canBypassFirewall() {
187
+ if ($this->isWhitelistedIP() || $this->hasValidBypassCookie()) {
188
+ $this->request->setCategory(BVWPRequest::WHITELISTED);
189
+ $this->request->setStatus(BVWPRequest::BYPASSED);
190
+ return true;
191
+ }
192
+ return false;
193
+ }
194
+
195
+ public function execute() {
196
+ if ($this->config->canProfileReqInfo()) {
197
+ $result = array();
198
+ $result += $this->profileRequestInfo($this->request->getBody(),
199
+ $this->config->isReqProfilingModeDebug(), 'BODY_');
200
+
201
+ $result += $this->profileRequestInfo($this->request->getQueryString(),
202
+ true, 'GET_');
203
+
204
+ $result += $this->profileRequestInfo($this->request->getFiles(),
205
+ true, 'FILES_');
206
+
207
+ $result += $this->profileRequestInfo($this->getBVCookies(),
208
+ true, 'COOKIES_');
209
+
210
+ if (strpos($this->request->getPath(), 'admin-ajax.php') !== false) {
211
+ $result += array('BODY_ADMIN_AJAX_ACTION' => $this->request->getBody('action'));
212
+ $result += array('GET_ADMIN_AJAX_ACTION' => $this->request->getQueryString('action'));
213
+ }
214
+
215
+ if (strpos($this->request->getPath(), 'admin-post.php') !== false) {
216
+ $result += array('BODY_ADMIN_POST_ACTION' => $this->request->getBody('action'));
217
+ $result += array('GET_ADMIN_POST_ACTION' => $this->request->getQueryString('action'));
218
+ }
219
+
220
+ $this->request->updateReqInfo($result);
221
+ }
222
+
223
+ if (!$this->canBypassFirewall() && $this->config->isProtecting()) {
224
+ if ($this->isBlacklistedIP()) {
225
+ $this->terminateRequest(BVWPRequest::BLACKLISTED);
226
+ }
227
+ }
228
+ }
229
+
230
+ public function matchCount($pattern, $subject) {
231
+ $count = 0;
232
+ if (is_array($subject)) {
233
+ foreach ($subject as $val) {
234
+ $count += $this->matchCount($pattern, $val);
235
+ }
236
+ return $count;
237
+ } else {
238
+ $count = preg_match_all((string) $pattern, (string) $subject, $matches);
239
+ return ($count === false ? 0 : $count);
240
+ }
241
+ }
242
+
243
+ public function getLength($val) {
244
+ $length = 0;
245
+ if (is_array($val)) {
246
+ foreach ($val as $v) {
247
+ $length += $this->getLength($v);
248
+ }
249
+ return $length;
250
+ } else {
251
+ return strlen((string) $val);
252
+ }
253
+ }
254
+
255
+ public function profileRequestInfo($params, $debug = false, $prefix = '') {
256
+ $result = array();
257
+ if (is_array($params)) {
258
+ foreach ($params as $key => $value) {
259
+ $currkey = $prefix . $key;
260
+ if (is_array($value)) {
261
+ $result = $result + $this->profileRequestInfo($value, $debug, $currkey . '_');
262
+ } else {
263
+ $result[$currkey] = array();
264
+ $valsize = $this->getLength($value);
265
+ $result[$currkey]["size"] = $valsize;
266
+ if ($debug === true && $valsize < 256) {
267
+ $result[$currkey]["value"] = $value;
268
+ continue;
269
+ }
270
+
271
+ if (preg_match('/^\d+$/', $value)) {
272
+ $result[$currkey]["numeric"] = true;
273
+ } else if (preg_match('/^\w+$/', $value)) {
274
+ $result[$currkey]["regular_word"] = true;
275
+ } else if (preg_match('/^\S+$/', $value)) {
276
+ $result[$currkey]["special_word"] = true;
277
+ } else if (preg_match('/^[\w\s]+$/', $value)) {
278
+ $result[$currkey]["regular_sentence"] = true;
279
+ } else if (preg_match('/^[\w\W]+$/', $value)) {
280
+ $result[$currkey]["special_chars_sentence"] = true;
281
+ }
282
+
283
+ if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
284
+ (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
285
+ $result[$currkey]["ipv4"] = true;
286
+ } else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
287
+ (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
288
+ $result[$currkey]["embeded_ipv4"] = true;
289
+ } else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
290
+ ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
291
+ ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
292
+ (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
293
+ ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
294
+ :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
295
+ ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
296
+ (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
297
+ (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
298
+ $result[$currkey]["ipv6"] = true;
299
+ } else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
300
+ ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
301
+ ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
302
+ (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
303
+ ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
304
+ :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
305
+ ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
306
+ (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
307
+ (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
308
+ $result[$currkey]["embeded_ipv6"] = true;
309
+ }
310
+
311
+ if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
312
+ $result[$currkey]["email"] = true;
313
+ } else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
314
+ $result[$currkey]["embeded_email"] = true;
315
+ }
316
+
317
+ if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
318
+ $result[$currkey]["link"] = true;
319
+ } else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
320
+ $result[$currkey]["embeded_link"] = true;
321
+ }
322
+
323
+ if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
324
+ iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
325
+ select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
326
+ script|noscript|template|slot|canvas)/ix', $value)) {
327
+ $result[$currkey]["embeded_html"] = true;
328
+ }
329
+
330
+ if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
331
+ xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
332
+ $result[$currkey]["file"] = true;
333
+ }
334
+
335
+ if ($this->matchCount(BVFW::SQLIREGEX, $value) >= 2) {
336
+ $result[$currkey]["sql"] = true;
337
+ }
338
+ }
339
+ }
340
+ }
341
+ return $result;
342
+ }
343
+ }
344
+ endif;
protect/{wp_fw → fw}/request.php RENAMED
@@ -1,7 +1,8 @@
1
  <?php
2
 
3
- if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVWPRequest')) :
 
5
  class BVWPRequest {
6
  private $fileNames;
7
  private $files;
@@ -180,27 +181,20 @@ class BVWPRequest {
180
  return $this->category;
181
  }
182
 
183
- public function captureRespCode($status_header) {
184
- if (preg_match('/HTTP\/(\\d\\.\\d)\\s*(\\d+)\\s*(.*)/', $status_header, $tokens)) {
185
- $this->setRespCode(intval($tokens[2]));
186
- }
187
- return $status_header;
188
- }
189
-
190
  public function getDataToLog() {
191
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
192
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
193
- $rules_info = maybe_serialize($this->getRulesInfo());
194
- $req_info = maybe_serialize($this->getReqInfo());
195
  if (strlen($req_info) > 16000) {
196
- $req_info = maybe_serialize(array("keys" => array_keys($this->getReqInfo())));
197
  if (strlen($req_info) > 16000) {
198
- $req_info = maybe_serialize(array("bv_over_size" => true));
199
  }
200
  }
201
  $data = array(
202
  "path" => $this->getPath(),
203
- "filenames" => maybe_serialize($this->getFileNames()),
204
  "host" => $this->getHost(),
205
  "time" => $this->getTimeStamp(),
206
  "ip" => $this->getIP(),
1
  <?php
2
 
3
+ if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
4
  if (!class_exists('BVWPRequest')) :
5
+
6
  class BVWPRequest {
7
  private $fileNames;
8
  private $files;
181
  return $this->category;
182
  }
183
 
 
 
 
 
 
 
 
184
  public function getDataToLog() {
185
  $referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
186
  $user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
187
+ $rules_info = serialize($this->getRulesInfo());
188
+ $req_info = serialize($this->getReqInfo());
189
  if (strlen($req_info) > 16000) {
190
+ $req_info = serialize(array("keys" => array_keys($this->getReqInfo())));
191
  if (strlen($req_info) > 16000) {
192
+ $req_info = serialize(array("bv_over_size" => true));
193
  }
194
  }
195
  $data = array(
196
  "path" => $this->getPath(),
197
+ "filenames" => serialize($this->getFileNames()),
198
  "host" => $this->getHost(),
199
  "time" => $this->getTimeStamp(),
200
  "ip" => $this->getIP(),
protect/prepend/ignitor.php ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('MCDATAPATH')) exit;
3
+
4
+ if (defined('MCCONFKEY')) {
5
+ require_once dirname( __FILE__ ) . '/protect.php';
6
+
7
+ $mcProtect = new BVPrependProtect();
8
+ $mcProtect->run();
9
+ }
protect/prepend/info.php ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('MCDATAPATH')) exit;
3
+
4
+ if (!class_exists('BVPrependInfo')) :
5
+ class BVPrependInfo {
6
+ public $brandName;
7
+
8
+ function __construct($brand) {
9
+ $this->brandName = $brand;
10
+ }
11
+
12
+ public function getBrandName() {
13
+ return $this->brandName;
14
+ }
15
+
16
+ }
17
+ endif;
protect/prepend/ipstore.php ADDED
@@ -0,0 +1,49 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('MCDATAPATH')) exit;
3
+
4
+ if (!class_exists('BVPrependIPStore')) :
5
+ class BVPrependIPStore {
6
+ public $whitelistedIPs;
7
+ public $blacklistedIPs;
8
+
9
+ #TYPE
10
+ const BLACKLISTED = 1;
11
+ const WHITELISTED = 2;
12
+
13
+ #CATEGORY
14
+ const FW = 3;
15
+
16
+ function __construct($confHash) {
17
+ $this->whitelistedIPs = array_key_exists('whitelisted', $confHash) ? $confHash['whitelisted'] : array();
18
+ $this->blacklistedIPs = array_key_exists('blacklisted', $confHash) ? $confHash['blacklisted'] : array();
19
+ }
20
+
21
+ public function isFWIPBlacklisted($ip) {
22
+ return $this->checkIPPresent($ip, BVPrependIPStore::BLACKLISTED);
23
+ }
24
+
25
+ public function isFWIPWhitelisted($ip) {
26
+ return $this->checkIPPresent($ip, BVPrependIPStore::WHITELISTED);
27
+ }
28
+
29
+ public function checkIPPresent($ip, $type) {
30
+ $flag = false;
31
+
32
+ switch($type) {
33
+
34
+ case BVPrependIPStore::BLACKLISTED:
35
+ if (isset($this->blacklistedIPs[$ip]))
36
+ $flag = true;
37
+ break;
38
+
39
+ case BVPrependIPStore::WHITELISTED:
40
+ if (isset($this->whitelistedIPs[$ip]))
41
+ $flag = true;
42
+ break;
43
+ }
44
+
45
+ return $flag;
46
+ }
47
+
48
+ }
49
+ endif;
protect/prepend/logger.php ADDED
@@ -0,0 +1,20 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('MCDATAPATH')) exit;
3
+
4
+ if (!class_exists('BVPrependLogger')) :
5
+ class BVPrependLogger {
6
+ public $logFile;
7
+
8
+ function __construct() {
9
+ $this->logFile = MCDATAPATH . MCCONFKEY . '-mc.log';
10
+ }
11
+
12
+ public function log($data) {
13
+ $_data = serialize($data);
14
+ $str = "bvlogbvlogbvlog" . ":";
15
+ $str .= strlen($_data) . ":" . $_data;
16
+ error_log($str, 3, $this->logFile);
17
+ }
18
+
19
+ }
20
+ endif;
protect/prepend/protect.php ADDED
@@ -0,0 +1,76 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('MCDATAPATH')) exit;
3
+
4
+ if (!class_exists('BVPrependProtect')) :
5
+
6
+ require_once dirname( __FILE__ ) . '/../base.php';
7
+ require_once dirname( __FILE__ ) . '/../fw/fw.php';
8
+ require_once dirname( __FILE__ ) . '/../fw/request.php';
9
+ require_once dirname( __FILE__ ) . '/../fw/config.php';
10
+ require_once dirname( __FILE__ ) . '/info.php';
11
+ require_once dirname( __FILE__ ) . '/ipstore.php';
12
+ require_once dirname( __FILE__ ) . '/logger.php';
13
+
14
+ class BVPrependProtect {
15
+ public $mcConfFile;
16
+ public $mcIPsFile;
17
+
18
+ function __construct() {
19
+ $this->mcConfFile = MCDATAPATH . MCCONFKEY . '-' . 'mc.conf';
20
+ $this->mcIPsFile = MCDATAPATH . MCCONFKEY . '-' . 'mc_ips.conf';
21
+ }
22
+
23
+ public function parseFile($fname) {
24
+ $result = array();
25
+
26
+ if (file_exists($fname)) {
27
+ $content = file_get_contents($fname);
28
+ if (($content !== false) && is_string($content)) {
29
+ $result = json_decode($content, true);
30
+ }
31
+ }
32
+
33
+ return $result;
34
+ }
35
+
36
+ public function run() {
37
+ $mcConf = $this->parseFile($this->mcConfFile);
38
+ $mcIPsConf = $this->parseFile($this->mcIPsFile);
39
+
40
+ if (!array_key_exists('time', $mcConf) || !isset($mcConf['time']) || !($mcConf['time'] > time() - (48*3600))) {
41
+ return false;
42
+ }
43
+
44
+ if (empty($mcConf) || empty($mcIPsConf)) {
45
+ return false;
46
+ }
47
+
48
+ $brand = array_key_exists('brandname', $mcConf) ? $mcConf['brandname'] : "Protect";
49
+ $bvinfo = new BVPrependInfo($brand);
50
+ $bvipstore = new BVPrependIPStore($mcIPsConf);
51
+
52
+ $ipHeader = array_key_exists('ipheader', $mcConf) ? $mcConf['ipheader'] : false;
53
+ $ip = BVProtectBase::getIP($ipHeader);
54
+
55
+ $fwlogger = new BVPrependLogger();
56
+
57
+ $fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
58
+ $fw = new BVFW($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore);
59
+
60
+ if ($fw->isActive()) {
61
+
62
+ if ($fw->canSetCookie()) {
63
+ $fw->setIPCookie();
64
+ }
65
+
66
+ register_shutdown_function(array($fw, 'log'));
67
+
68
+ $fw->execute();
69
+ define('MCFWLOADED', true);
70
+ }
71
+
72
+ return true;
73
+ }
74
+
75
+ }
76
+ endif;
protect/protect.php DELETED
@@ -1,58 +0,0 @@
1
- <?php
2
- if (!defined('ABSPATH')) exit;
3
- if (!class_exists('BVProtect')) :
4
-
5
- require_once dirname( __FILE__ ) . '/logger.php';
6
- require_once dirname( __FILE__ ) . '/ipstore.php';
7
- require_once dirname( __FILE__ ) . '/wp_fw/fw.php';
8
- require_once dirname( __FILE__ ) . '/wp_lp/lp.php';
9
-
10
- class BVProtect {
11
- public $db;
12
- public $settings;
13
-
14
- function __construct($db, $settings) {
15
- $this->settings = $settings;
16
- $this->db = $db;
17
- }
18
-
19
- public function init() {
20
- $bvipstore = new BVIPStore($this->db);
21
- $bvipstore->init();
22
- $ip = $this->getIP();
23
- $fw = new BVWPFW($this->db, $this->settings, $ip, $bvipstore);
24
- if ($fw->config->isActive()) {
25
- $fw->init();
26
- $fw->execute();
27
- }
28
- add_action('clear_fw_config', array($fw->config, 'clear'));
29
- $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore);
30
- if ($lp->isActive()) {
31
- $lp->init();
32
- }
33
- add_action('clear_lp_config', array($lp->config, 'clear'));
34
- }
35
-
36
- public function getIP() {
37
- $ip = '127.0.0.1';
38
- $bvinfo = new MCInfo($this->settings);
39
- if (($ipHeader = $this->settings->getOption($bvinfo->ip_header_option)) && is_array($ipHeader)) {
40
- if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
41
- $_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
42
- if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
43
- $ip = $_ips[intval($ipHeader['pos'])];
44
- }
45
- }
46
- } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
47
- $ip = $_SERVER['REMOTE_ADDR'];
48
- }
49
- $ip = trim($ip);
50
- if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
51
- $ip = $matches[1];
52
- } elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
53
- $ip = $matches[1];
54
- }
55
- return $ip;
56
- }
57
- }
58
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
protect/{ipstore.php → wp/ipstore.php} RENAMED
@@ -76,6 +76,23 @@ if (!class_exists('BVIPStore')) :
76
  return false;
77
  }
78
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
79
  public function checkIPPresent($ip, $type, $category) {
80
  $db = $this->db;
81
  $table = $db->getBVTable(BVIPStore::$name);
76
  return false;
77
  }
78
 
79
+ public function isLPIPBlacklisted($ip) {
80
+ return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
81
+ }
82
+
83
+ public function isLPIPWhitelisted($ip) {
84
+ return $this->checkIPPresent($ip, BVIPStore::WHITELISTED, BVIPStore::LP);
85
+ }
86
+
87
+
88
+ public function isFWIPBlacklisted($ip) {
89
+ return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::FW);
90
+ }
91
+
92
+ public function isFWIPWhitelisted($ip) {
93
+ return $this->checkIPPresent($ip, BVIPStore::WHITELISTED, BVIPStore::FW);
94
+ }
95
+
96
  public function checkIPPresent($ip, $type, $category) {
97
  $db = $this->db;
98
  $table = $db->getBVTable(BVIPStore::$name);
protect/{logger.php → wp/logger.php} RENAMED
File without changes
protect/wp/lp/config.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ if (!defined('ABSPATH')) exit;
4
+ if (!class_exists('BVWPLPConfig')) :
5
+ class BVWPLPConfig {
6
+ public $mode;
7
+ public $captchaLimit;
8
+ public $tempBlockLimit;
9
+ public $blockAllLimit;
10
+
11
+ public static $requests_table = 'lp_requests';
12
+
13
+ #mode
14
+ const DISABLED = 1;
15
+ const AUDIT = 2;
16
+ const PROTECT = 3;
17
+
18
+ public function __construct($confHash) {
19
+ $this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVWPLPConfig::DISABLED;
20
+ $this->captchaLimit = array_key_exists('captchalimit', $confHash) ? intval($confHash['captchalimit']) : 3;
21
+ $this->tempBlockLimit = array_key_exists('tempblocklimit', $confHash) ? intval($confHash['tempblocklimit']) : 10;
22
+ $this->blockAllLimit = array_key_exists('blockalllimit', $confHash) ? intval($confHash['blockalllimit']) : 100;
23
+ }
24
+ }
25
+ endif;
protect/{wp_lp → wp/lp}/lp.php RENAMED
@@ -3,7 +3,6 @@
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVWPLP')) :
5
 
6
- require_once dirname( __FILE__ ) . '/config.php';
7
 
8
  class BVWPLP {
9
  public $db;
@@ -33,11 +32,11 @@ class BVWPLP {
33
  const BYPASSED = 6;
34
  const ALLOWED = 7;
35
 
36
- public function __construct($db, $settings, $ip, $ipstore) {
37
  $this->db = $db;
38
  $this->settings = $settings;
39
  $this->ip = $ip;
40
- $this->config = new BVWPLPConfig($db, $settings);
41
  $this->ipstore = $ipstore;
42
  $this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
43
  $this->time = strtotime(date("Y-m-d H:i:s"));
@@ -81,15 +80,15 @@ class BVWPLP {
81
  }
82
 
83
  public function getCaptchaLimit() {
84
- return $this->config->getCaptchaLimit();
85
  }
86
 
87
  public function getTempBlockLimit() {
88
- return $this->config->getTempBlockLimit();
89
  }
90
 
91
  public function getBlockAllLimit() {
92
- return $this->config->getBlockAllLimit();
93
  }
94
 
95
  public function getLoginLogsTable() {
@@ -119,7 +118,7 @@ class BVWPLP {
119
  return "
120
  <div style='height: 98vh;'>
121
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
122
- <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
123
  .$brandname."</h2></p><div>
124
  <p>" . $templates[$this->getCategory()]. "</p>
125
  </div>
@@ -127,19 +126,19 @@ class BVWPLP {
127
  }
128
 
129
  public function isProtecting() {
130
- return ($this->config->getMode() === BVWPLPConfig::PROTECT);
131
  }
132
 
133
  public function isActive() {
134
- return ($this->config->getMode() !== BVWPLPConfig::DISABLED);
135
  }
136
 
137
  public function isBlacklistedIP() {
138
- return $this->ipstore->checkIPPresent($this->ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
139
  }
140
 
141
  public function isWhitelistedIP() {
142
- return $this->ipstore->checkIPPresent($this->ip, BVIPStore::WHITELISTED, BVIPStore::LP);
143
  }
144
 
145
  public function isUnBlockedIP() {
@@ -239,4 +238,4 @@ class BVWPLP {
239
  return intval($rows[0]['count']);
240
  }
241
  }
242
- endif;
3
  if (!defined('ABSPATH')) exit;
4
  if (!class_exists('BVWPLP')) :
5
 
 
6
 
7
  class BVWPLP {
8
  public $db;
32
  const BYPASSED = 6;
33
  const ALLOWED = 7;
34
 
35
+ public function __construct($db, $settings, $ip, $ipstore, $confHash) {
36
  $this->db = $db;
37
  $this->settings = $settings;
38
  $this->ip = $ip;
39
+ $this->config = new BVWPLPConfig($confHash);
40
  $this->ipstore = $ipstore;
41
  $this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
42
  $this->time = strtotime(date("Y-m-d H:i:s"));
80
  }
81
 
82
  public function getCaptchaLimit() {
83
+ return $this->config->captchaLimit;
84
  }
85
 
86
  public function getTempBlockLimit() {
87
+ return $this->config->tempBlockLimit;
88
  }
89
 
90
  public function getBlockAllLimit() {
91
+ return $this->config->blockAllLimit;
92
  }
93
 
94
  public function getLoginLogsTable() {
118
  return "
119
  <div style='height: 98vh;'>
120
  <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
121
+ <div><p><img src=".plugins_url('/../../../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
122
  .$brandname."</h2></p><div>
123
  <p>" . $templates[$this->getCategory()]. "</p>
124
  </div>
126
  }
127
 
128
  public function isProtecting() {
129
+ return ($this->config->mode === BVWPLPConfig::PROTECT);
130
  }
131
 
132
  public function isActive() {
133
+ return ($this->config->mode !== BVWPLPConfig::DISABLED);
134
  }
135
 
136
  public function isBlacklistedIP() {
137
+ return $this->ipstore->isLPIPBlacklisted($this->ip);
138
  }
139
 
140
  public function isWhitelistedIP() {
141
+ return $this->ipstore->isLPIPWhitelisted($this->ip);
142
  }
143
 
144
  public function isUnBlockedIP() {
238
  return intval($rows[0]['count']);
239
  }
240
  }
241
+ endif;
protect/wp/protect.php ADDED
@@ -0,0 +1,75 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ if (!defined('ABSPATH')) exit;
3
+ if (!class_exists('BVProtect')) :
4
+
5
+ require_once dirname( __FILE__ ) . '/../base.php';
6
+ require_once dirname( __FILE__ ) . '/logger.php';
7
+ require_once dirname( __FILE__ ) . '/ipstore.php';
8
+ require_once dirname( __FILE__ ) . '/../fw/fw.php';
9
+ require_once dirname( __FILE__ ) . '/../fw/config.php';
10
+ require_once dirname( __FILE__ ) . '/../fw/request.php';
11
+ require_once dirname( __FILE__ ) . '/lp/lp.php';
12
+ require_once dirname( __FILE__ ) . '/lp/config.php';
13
+
14
+ class BVProtect {
15
+ public $db;
16
+ public $settings;
17
+
18
+ function __construct($db, $settings) {
19
+ $this->settings = $settings;
20
+ $this->db = $db;
21
+ }
22
+
23
+ public function run() {
24
+ $bvipstore = new BVIPStore($this->db);
25
+ $bvipstore->init();
26
+ $bvinfo = new MCInfo($this->settings);
27
+
28
+ $config = $this->settings->getOption('bvptconf');
29
+ if (!$config) {
30
+ $config = array();
31
+ }
32
+
33
+ $ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
34
+ $ip = BVProtectBase::getIP($ipHeader);
35
+
36
+ $fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
37
+
38
+ $fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
39
+ $fw = new BVFW($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore);
40
+
41
+ if ($fw->isActive()) {
42
+
43
+ if ($fw->canSetCookie()) {
44
+ add_action('init', array($fw, 'setBypassCookie'));
45
+
46
+ if (!defined('MCFWLOADED')) {
47
+ $fw->setIPCookie();
48
+ }
49
+ }
50
+
51
+ if (!defined('MCFWLOADED')) {
52
+ register_shutdown_function(array($fw, 'log'));
53
+
54
+ $fw->execute();
55
+ }
56
+ }
57
+
58
+ add_action('clear_pt_config', array($this, 'uninstall'));
59
+
60
+ $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
61
+ $lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore, $lpConfHash);
62
+ if ($lp->isActive()) {
63
+ $lp->init();
64
+ }
65
+ }
66
+
67
+ public function uninstall() {
68
+ $this->settings->deleteOption('bvptconf');
69
+ $this->db->dropBVTable(BVFWConfig::$requests_table);
70
+ $this->db->dropBVTable(BVWPLPConfig::$requests_table);
71
+ $this->settings->deleteOption('bvptplug');
72
+ return true;
73
+ }
74
+ }
75
+ endif;
protect/wp_fw/config.php DELETED
@@ -1,251 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVWPFWConfig')) :
5
- class BVWPFWConfig {
6
- public $db;
7
- public $settings;
8
- public static $requests_table = 'fw_requests';
9
- public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
10
- public static $roleLevels = array(
11
- 'administrator' => BVWPFWConfig::ROLE_LEVEL_ADMIN,
12
- 'editor' => BVWPFWConfig::ROLE_LEVEL_EDITOR,
13
- 'author' => BVWPFWConfig::ROLE_LEVEL_AUTHOR,
14
- 'contributor' => BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR,
15
- 'subscriber' => BVWPFWConfig::ROLE_LEVEL_SUBSCRIBER
16
- );
17
-
18
- function __construct($db, $settings) {
19
- $this->db = $db;
20
- $this->settings = $settings;
21
- }
22
-
23
- #mode
24
- const DISABLED = 1;
25
- const AUDIT = 2;
26
- const PROTECT = 3;
27
-
28
- #Rule Mode
29
- const DISABLEDRULE = 1;
30
- const AUDITRULE = 2;
31
- const PROTECTRULE = 3;
32
-
33
- #Request Profiling Mode
34
- const REQ_PROFILING_MODE_DISABLED = 1;
35
- const REQ_PROFILING_MODE_NORMAL = 2;
36
- const REQ_PROFILING_MODE_DEBUG = 3;
37
-
38
- #Cookie Mode
39
- const COOKIE_MODE_ENABLED = 1;
40
- const COOKIE_MODE_DISABLED = 2;
41
-
42
- #Role Level
43
- const ROLE_LEVEL_SUBSCRIBER = 1;
44
- const ROLE_LEVEL_CONTRIBUTOR = 2;
45
- const ROLE_LEVEL_AUTHOR = 3;
46
- const ROLE_LEVEL_EDITOR = 4;
47
- const ROLE_LEVEL_ADMIN = 5;
48
- const ROLE_LEVEL_CUSTOM = 6;
49
-
50
- public static function isDisabledRule($mode) {
51
- return ($mode === BVWPFWConfig::DISABLEDRULE);
52
- }
53
-
54
- public static function isProtectingRule($mode) {
55
- return ($mode === BVWPFWConfig::PROTECTRULE);
56
- }
57
-
58
- public static function isAuditingRule($mode) {
59
- return ($mode === BVWPFWConfig::AUDITRULE);
60
- }
61
-
62
- public function isActive() {
63
- return ($this->getMode() !== BVWPFWConfig::DISABLED);
64
- }
65
-
66
- public function isProtecting() {
67
- return ($this->getMode() === BVWPFWConfig::PROTECT);
68
- }
69
-
70
- public function isAuditing() {
71
- return ($this->getMode() === BVWPFWConfig::AUDIT);
72
- }
73
-
74
- public function isReqProfilingModeDebug() {
75
- return ($this->getReqProfilingMode() === BVWPFWConfig::REQ_PROFILING_MODE_DEBUG);
76
- }
77
-
78
- public function canProfileReqInfo() {
79
- return ($this->getReqProfilingMode() !== BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
80
- }
81
-
82
- public function canSetCookie() {
83
- return ($this->getCookieMode() === BVWPFWConfig::COOKIE_MODE_ENABLED);
84
- }
85
-
86
- public function getRules() {
87
- $rules = array("audit" => array(), "protect" => array());
88
- $isAudit = false;
89
- $rulesMode = $this->getRulesMode();
90
- if (BVWPFWConfig::isDisabledRule($rulesMode)) {
91
- return $rules;
92
- }
93
- $isAudit = ($this->isAuditing() || BVWPFWConfig::isAuditingRule($rulesMode));
94
- $rulesInfo = array();
95
- foreach ($this->getAuditRules() as $rule)
96
- $rulesInfo[$rule] = BVWPFWConfig::AUDITRULE;
97
- foreach ($this->getDisabledRules() as $rule)
98
- $rulesInfo[$rule] = BVWPFWConfig::DISABLEDRULE;
99
- foreach (BVWPFWConfig::$allRules as $rule) {
100
- if (isset($rulesInfo[$rule])) {
101
- if (BVWPFWConfig::isAuditingRule($rulesInfo[$rule])) {
102
- $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
103
- }
104
- } else {
105
- if ($isAudit) {
106
- $rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
107
- } else {
108
- $rules["protect"][$rule] = BVWPFWConfig::PROTECTRULE;
109
- }
110
- }
111
- }
112
- return $rules;
113
- }
114
-
115
- public function setMode($mode) {
116
- if (!$mode) {
117
- $this->settings->deleteOption('bvfwmode');
118
- } else {
119
- $this->settings->updateOption('bvfwmode', intval($mode));
120
- }
121
- }
122
-
123
- public function setRulesMode($mode) {
124
- if (!$mode) {
125
- $this->settings->deleteOption('bvfwrulesmode');
126
- } else {
127
- $this->settings->updateOption('bvfwrulesmode', intval($mode));
128
- }
129
- }
130
-
131
- public function setCookieMode($mode) {
132
- if (!$mode) {
133
- $this->settings->deleteOption('bvfwcookiemode');
134
- } else {
135
- $this->settings->updateOption('bvfwcookiemode', intval($mode));
136
- }
137
- }
138
-
139
- public function setCookieKey($key) {
140
- if (!$key) {
141
- $this->settings->deleteOption('bvfwcookiekey');
142
- } else {
143
- $this->settings->updateOption('bvfwcookiekey', strval($key));
144
- }
145
- }
146
-
147
- public function setReqProfilingMode($mode) {
148
- if (!$mode) {
149
- $this->settings->deleteOption('bvfwreqprofilingmode');
150
- } else {
151
- $this->settings->updateOption('bvfwreqprofilingmode', intval($mode));
152
- }
153
- }
154
-
155
- public function setDisabledRules($rules) {
156
- if (!$rules) {
157
- $this->settings->deleteOption('bvfwdisabledrules');
158
- } else {
159
- $this->settings->updateOption('bvfwdisabledrules', $rules);
160
- }
161
- }
162
-
163
- public function setBypassLevel($level) {
164
- if (!$level) {
165
- $this->settings->deleteOption('bvfwbypasslevel');
166
- } else {
167
- $this->settings->updateOption('bvfwbypasslevel', $level);
168
- }
169
- }
170
-
171
- public function setCustomRoles($roles) {
172
- if (!$roles) {
173
- $this->settings->deleteOption('bvfwcutomroles');
174
- } else {
175
- $this->settings->updateOption('bvfwcustomroles', $roles);
176
- }
177
- }
178
-
179
- public function setAuditRules($rules) {
180
- if (!$rules) {
181
- $this->settings->deleteOption('bvfwauditrules');
182
- } else {
183
- $this->settings->updateOption('bvfwauditrules', $rules);
184
- }
185
- }
186
-
187
- public function getMode() {
188
- $mode = $this->settings->getOption('bvfwmode');
189
- return intval($mode ? $mode : BVWPFWConfig::DISABLED);
190
- }
191
-
192
- public function getRulesMode() {
193
- $mode = $this->settings->getOption('bvfwrulesmode');
194
- return intval($mode ? $mode : BVWPFWConfig::DISABLED);
195
- }
196
-
197
- public function getCookieMode() {
198
- $mode = $this->settings->getOption('bvfwcookiemode');
199
- return intval($mode ? $mode : BVWPFWConfig::COOKIE_MODE_DISABLED);
200
- }
201
-
202
- public function getCookieKey() {
203
- $key = (string) $this->settings->getOption('bvfwcookiekey');
204
- if ($key === '') {
205
- $key = MCAccount::randString(32);
206
- $this->setCookieKey($key);
207
- }
208
- return $key;
209
- }
210
-
211
- public function getReqProfilingMode() {
212
- $mode = $this->settings->getOption('bvfwreqprofilingmode');
213
- return intval($mode ? $mode : BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
214
- }
215
-
216
- public function getDisabledRules() {
217
- $rules = $this->settings->getOption('bvfwdisabledrules');
218
- return ($rules ? $rules : array());
219
- }
220
-
221
- public function getAuditRules() {
222
- $rules = $this->settings->getOption('bvfwauditrules');
223
- return ($rules ? $rules : array());
224
- }
225
-
226
- public function getBypassLevel() {
227
- $level = $this->settings->getOption('bvfwbypasslevel');
228
- return intval($level ? $level : BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR);
229
- }
230
-
231
- public function getCustomRoles() {
232
- $roles = $this->settings->getOption('bvfwcustomroles');
233
- return ($roles ? $roles : array());
234
- }
235
-
236
- public function clear() {
237
- $this->setMode(false);
238
- $this->setRulesMode(false);
239
- $this->setBypassLevel(false);
240
- $this->setCustomRoles(false);
241
- $this->setCookieMode(false);
242
- $this->setCookieKey(false);
243
- $this->setDisabledRules(false);
244
- $this->setAuditRules(false);
245
- $this->setReqProfilingMode(false);
246
- $this->db->dropBVTable(BVWPFWConfig::$requests_table);
247
- $this->settings->deleteOption('bvptplug');
248
- return true;
249
- }
250
- }
251
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
protect/wp_fw/fw.php DELETED
@@ -1,597 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVWPFW')) :
5
-
6
- require_once dirname( __FILE__ ) . '/config.php';
7
- require_once dirname( __FILE__ ) . '/request.php';
8
-
9
- class BVWPFW {
10
- public $db;
11
- public $settings;
12
- public $request;
13
- public $config;
14
- public $ipstore;
15
- public $category;
16
- public $logger;
17
- private $currRuleInfo;
18
-
19
- const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
- @@HOSTNAME|
21
- ALTER|ANALYZE|ASENSITIVE|
22
- BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
23
- CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
24
- DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
25
- EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
26
- FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
27
- GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
28
- IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
29
- JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
30
- MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
31
- NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
32
- PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
33
- RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
34
- SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
35
- TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
36
- UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
37
- VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
38
-
39
- const XSSREGEX = '/(?:
40
- #tags
41
- (?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
42
- #protocols
43
- (?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
44
- #css expression
45
- (?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
46
- #css properties
47
- (?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
48
- #properties
49
- (?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
50
- )/ix';
51
-
52
- const BYPASS_COOKIE = "bvfw-bypass-cookie";
53
- const IP_COOKIE = "bvfw-ip-cookie";
54
-
55
- public function __construct($db, $settings, $ip, $ipstore) {
56
- $this->db = $db;
57
- $this->settings = $settings;
58
- $this->config = new BVWPFWConfig($db, $settings);
59
- $this->request = new BVWPRequest($ip);
60
- $this->ipstore = $ipstore;
61
- $this->logger = new BVLogger($db, BVWPFWConfig::$requests_table);
62
- }
63
-
64
- public function init() {
65
- if ($this->config->canSetCookie()) {
66
- add_action('init', array($this, 'setBypassCookie'));
67
- $this->setIPCookie();
68
- }
69
- add_filter('status_header', array($this->request, 'captureRespCode'));
70
- register_shutdown_function(array($this, 'log'));
71
- }
72
-
73
- public function setcookie($name, $value, $expire, $path = COOKIEPATH, $domain = COOKIE_DOMAIN) {
74
- if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
75
- $secure = function_exists('is_ssl') ? is_ssl() : false;
76
- @setcookie($name, $value, $expire, $path, $domain, $secure, true);
77
- } else {
78
- @setcookie($name, $value, $expire, $path);
79
- }
80
- }
81
-
82
- public function setBypassCookie() {
83
- if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
84
- $roleLevel = $this->getCurrentRoleLevel();
85
- $bypassLevel = $this->config->getBypassLevel();
86
- if ($roleLevel >= $bypassLevel) {
87
- $cookie = $this->generateBypassCookie();
88
- $this->setcookie(BVWPFW::BYPASS_COOKIE, $cookie, time() + 43200);
89
- }
90
- }
91
- }
92
-
93
- public function generateBypassCookie() {
94
- $time = floor(time() / 43200);
95
- $bypassLevel = $this->config->getBypassLevel();
96
- $cookiekey = $this->config->getCookieKey();
97
- return sha1($bypassLevel.$time.$cookiekey);
98
- }
99
-
100
- public function hasValidBypassCookie() {
101
- $cookie = (string) $this->request->getCookies(BVWPFW::BYPASS_COOKIE);
102
- return ($this->config->canSetCookie() && ($cookie === $this->generateBypassCookie()));
103
- }
104
-
105
- public function setIPCookie() {
106
- if (!$this->request->getCookies(BVWPFW::IP_COOKIE)) {
107
- $ip = $this->request->getIP();
108
- $cookiekey = $this->config->getCookieKey();
109
- $time = floor(time() / 3600);
110
- $cookie = sha1($ip.$time.$cookiekey);
111
- $this->setcookie(BVWPFW::IP_COOKIE, $cookie, time() + 3600);
112
- }
113
- }
114
-
115
- public function getBVCookies() {
116
- $cookies = array();
117
- $cookies[BVWPFW::IP_COOKIE] = (string) $this->request->getCookies(BVWPFW::IP_COOKIE);
118
- return $cookies;
119
- }
120
-
121
- public function getCurrentRoleLevel() {
122
- if (function_exists('current_user_can')) {
123
- if (function_exists('is_super_admin') && is_super_admin()) {
124
- return BVWPFWConfig::ROLE_LEVEL_ADMIN;
125
- }
126
- foreach ($this->config->getCustomRoles() as $role) {
127
- if (current_user_can($role)) {
128
- return BVWPFWConfig::ROLE_LEVEL_CUSTOM;
129
- }
130
- }
131
- foreach (BVWPFWConfig::$roleLevels as $role => $level) {
132
- if (current_user_can($role)) {
133
- return $level;
134
- }
135
- }
136
- }
137
- return 0;
138
- }
139
-
140
- public function log() {
141
- if ($this->config->canSetCookie()) {
142
- $canlog = !$this->hasValidBypassCookie();
143
- } else {
144
- $canlog = (!function_exists('is_user_logged_in') || !is_user_logged_in());
145
- }
146
- if ($canlog) {
147
- $this->logger->log($this->request->getDataToLog());
148
- }
149
- }
150
-
151
- public function terminateRequest($category = BVWPRequest::NORMAL) {
152
- $info = new MCInfo($this->settings);
153
- $this->request->setCategory($category);
154
- $this->request->setStatus(BVWPRequest::BLOCKED);
155
- $this->request->setRespCode(403);
156
- header("Cache-Control: no-cache, no-store, must-revalidate");
157
- header("Pragma: no-cache");
158
- header("Expires: 0");
159
- header('HTTP/1.0 403 Forbidden');
160
- $brandname = $info->getBrandName();
161
- die("
162
- <div style='height: 98vh;'>
163
- <div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
164
- <div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
165
- .$brandname."</h2></p><div>
166
- <p>Blocked because of Malicious Activities</p>
167
- </div>
168
- </div>
169
- ");
170
- }
171
-
172
- public function isBlacklistedIP() {
173
- return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::BLACKLISTED, BVIPStore::FW);
174
- }
175
-
176
- public function isWhitelistedIP() {
177
- return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::WHITELISTED, BVIPStore::FW);
178
- }
179
-
180
- public function canBypassFirewall() {
181
- if ($this->isWhitelistedIP() || $this->hasValidBypassCookie()) {
182
- $this->request->setCategory(BVWPRequest::WHITELISTED);
183
- $this->request->setStatus(BVWPRequest::BYPASSED);
184
- return true;
185
- }
186
- return false;
187
- }
188
-
189
- public function execute() {
190
- if ($this->config->canProfileReqInfo()) {
191
- $result = array();
192
- $result += $this->profileRequestInfo($this->request->getBody(),
193
- $this->config->isReqProfilingModeDebug(), 'BODY_');
194
- $result += $this->profileRequestInfo($this->request->getQueryString(),
195
- true, 'GET_');
196
- $result += $this->profileRequestInfo($this->request->getFiles(),
197
- true, 'FILES_');
198
- $result += $this->profileRequestInfo($this->getBVCookies(),
199
- true, 'COOKIES_');
200
- if (strpos($this->request->getPath(), 'admin-ajax.php') !== false) {
201
- $result += array('BODY_ADMIN_AJAX_ACTION' => $this->request->getBody('action'));
202
- $result += array('GET_ADMIN_AJAX_ACTION' => $this->request->getQueryString('action'));
203
- }
204
- if (strpos($this->request->getPath(), 'admin-post.php') !== false) {
205
- $result += array('BODY_ADMIN_POST_ACTION' => $this->request->getBody('action'));
206
- $result += array('GET_ADMIN_POST_ACTION' => $this->request->getQueryString('action'));
207
- }
208
- $this->request->updateReqInfo($result);
209
- }
210
- if (!$this->canBypassFirewall()) {
211
- $rules = $this->config->getRules();
212
- $this->matchRules($rules["audit"]);
213
- if ($this->config->isProtecting()) {
214
- if ($this->isBlacklistedIP()) {
215
- $this->terminateRequest(BVWPRequest::BLACKLISTED);
216
- }
217
- if ($this->matchRules($rules["protect"], true)) {
218
- $this->terminateRequest();
219
- }
220
- }
221
- }
222
- }
223
-
224
- public function getServerValue($key) {
225
- if (isset($_SERVER) && array_key_exists($key, $_SERVER)) {
226
- return $_SERVER[$key];
227
- }
228
- return null;
229
- }
230
-
231
- public function match($pattern, $subject, $key = NULL) {
232
- if (is_array($subject)) {
233
- foreach ($subject as $k => $v) {
234
- $k = ($key !== NULL) ? $key.'-'.$k : NULL;
235
- if ($this->match($pattern, $v, $k)) {
236
- return true;
237
- }
238
- }
239
- } else {
240
- if (preg_match((string) $pattern, (string) $subject) > 0) {
241
- if ($key !== NULL) {
242
- $this->currRuleInfo[$key] = $this->getLength($subject);
243
- }
244
- return true;
245
- }
246
- }
247
- return false;
248
- }
249
-
250
- public function matchCount($pattern, $subject) {
251
- $count = 0;
252
- if (is_array($subject)) {
253
- foreach ($subject as $val) {
254
- $count += $this->matchCount($pattern, $val);
255
- }
256
- return $count;
257
- } else {
258
- $count = preg_match_all((string) $pattern, (string) $subject, $matches);
259
- return ($count === false ? 0 : $count);
260
- }
261
- }
262
-
263
- public function matchMD5($str, $val) {
264
- return md5((string) $str) === $val;
265
- }
266
-
267
- public function getLength($val) {
268
- $length = 0;
269
- if (is_array($val)) {
270
- foreach ($val as $v) {
271
- $length += $this->getLength($v);
272
- }
273
- return $length;
274
- } else {
275
- return strlen((string) $val);
276
- }
277
- }
278
-
279
- public function equals($value, $subject) {
280
- return $value == $subject;
281
- }
282
-
283
- public function notEquals($value, $subject) {
284
- return $value != $subject;
285
- }
286
-
287
- public function profileRequestInfo($params, $debug = false, $prefix = '') {
288
- $result = array();
289
- if (is_array($params)) {
290
- foreach ($params as $key => $value) {
291
- $currkey = $prefix . $key;
292
- if (is_array($value)) {
293
- $result = $result + $this->profileRequestInfo($value, $debug, $currkey . '_');
294
- } else {
295
- $result[$currkey] = array();
296
- $valsize = $this->getLength($value);
297
- $result[$currkey]["size"] = $valsize;
298
- if ($debug === true && $valsize < 256) {
299
- $result[$currkey]["value"] = $value;
300
- continue;
301
- }
302
-
303
- if (preg_match('/^\d+$/', $value)) {
304
- $result[$currkey]["numeric"] = true;
305
- } else if (preg_match('/^\w+$/', $value)) {
306
- $result[$currkey]["regular_word"] = true;
307
- } else if (preg_match('/^\S+$/', $value)) {
308
- $result[$currkey]["special_word"] = true;
309
- } else if (preg_match('/^[\w\s]+$/', $value)) {
310
- $result[$currkey]["regular_sentence"] = true;
311
- } else if (preg_match('/^[\w\W]+$/', $value)) {
312
- $result[$currkey]["special_chars_sentence"] = true;
313
- }
314
-
315
- if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
316
- (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
317
- $result[$currkey]["ipv4"] = true;
318
- } else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
319
- (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
320
- $result[$currkey]["embeded_ipv4"] = true;
321
- } else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
322
- ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
323
- ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
324
- (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
325
- ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
326
- :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
327
- ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
328
- (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
329
- (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
330
- $result[$currkey]["ipv6"] = true;
331
- } else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
332
- ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
333
- ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
334
- (:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
335
- ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
336
- :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
337
- ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
338
- (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
339
- (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
340
- $result[$currkey]["embeded_ipv6"] = true;
341
- }
342
-
343
- if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
344
- $result[$currkey]["email"] = true;
345
- } else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
346
- $result[$currkey]["embeded_email"] = true;
347
- }
348
-
349
- if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
350
- $result[$currkey]["link"] = true;
351
- } else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
352
- $result[$currkey]["embeded_link"] = true;
353
- }
354
-
355
- if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
356
- iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
357
- select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
358
- script|noscript|template|slot|canvas)/ix', $value)) {
359
- $result[$currkey]["embeded_html"] = true;
360
- }
361
-
362
- if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
363
- xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
364
- $result[$currkey]["file"] = true;
365
- }
366
-
367
- if ($this->matchCount(BVWPFW::SQLIREGEX, $value) >= 2) {
368
- $result[$currkey]["sql"] = true;
369
- }
370
- }
371
- }
372
- }
373
- return $result;
374
- }
375
-
376
- public function matchRules($rules = array(), $isProtect = false) {
377
- if (empty($rules)) {
378
- return false;
379
- }
380
- if (isset($rules[108])) {
381
- $this->currRuleInfo = array();
382
- if ($this->match(BVWPFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
383
- $this->request->updateRulesInfo(108, $this->currRuleInfo);
384
- if ($isProtect) return true;
385
- }
386
- }
387
- if (isset($rules[112])) {
388
- $this->currRuleInfo = array();
389
- if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $this->request->getPath()) &&
390
- (($this->equals('revslider_show_image', $this->request->getQueryString('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")) or
391
- ($this->equals('revslider_show_image', $this->request->getBody('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")))) {
392
- $this->request->updateRulesInfo(112, $this->currRuleInfo);
393
- if ($isProtect) return true;
394
- }
395
- }
396
- if (isset($rules[114])) {
397
- $this->currRuleInfo = array();
398
- if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getBody(), "BODY") or
399
- $this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getQueryString(), "GET")) {
400
- $this->request->updateRulesInfo(114, $this->currRuleInfo);
401
- if ($isProtect) return true;
402
- }
403
- }
404
- if (isset($rules[115])) {
405
- $this->currRuleInfo = array();
406
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) &&
407
- ($this->equals('update-plugin', $this->request->getBody('action')) or $this->equals('update-plugin', $this->request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getBody(), "BODY") or
408
- ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getQueryString(), "GET")))) {
409
- $this->request->updateRulesInfo(115, $this->currRuleInfo);
410
- if ($isProtect) return true;
411
- }
412
- }
413
- if (isset($rules[132])) {
414
- $this->currRuleInfo = array();
415
- if (($this->equals('Y', $this->request->getBody('kentopvc_hidden'))) &&
416
- ((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
417
- (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
418
- (!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
419
- ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
420
- ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
421
- ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
422
- $this->request->updateRulesInfo(132, $this->currRuleInfo);
423
- if ($isProtect) return true;
424
- }
425
- }
426
- if (isset($rules[133])) {
427
- $this->currRuleInfo = array();
428
- if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $this->request->getPath())) or
429
- ($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $this->request->getPath()))) &&
430
- ((($this->getLength($this->request->getBody('src')) > 0) &&
431
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getBody('src'), "src"))) or
432
- (($this->getLength($this->request->getQueryString('src'))) &&
433
- (!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getQueryString('src'), "src"))))) {
434
- $this->request->updateRulesInfo(133, $this->currRuleInfo);
435
- if ($isProtect) return true;
436
- }
437
- }
438
- if (isset($rules[145])) {
439
- $this->currRuleInfo = array();
440
- if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
441
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
442
- (($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
443
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
444
- $this->request->updateRulesInfo(145, $this->currRuleInfo);
445
- if ($isProtect) return true;
446
- }
447
- }
448
- if (isset($rules[146])) {
449
- $this->currRuleInfo = array();
450
- if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $this->request->getPath())) {
451
- $this->request->updateRulesInfo(146, $this->currRuleInfo);
452
- if ($isProtect) return true;
453
- }
454
- }
455
- if (isset($rules[155])) {
456
- $this->currRuleInfo = array();
457
- if (($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
458
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
459
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
460
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
461
- ($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
462
- $this->request->updateRulesInfo(155, $this->currRuleInfo);
463
- if ($isProtect) return true;
464
- }
465
- }
466
- if (isset($rules[156])) {
467
- $this->currRuleInfo = array();
468
- if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
469
- (($this->match(BVWPFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
470
- ($this->match(BVWPFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
471
- $this->request->updateRulesInfo(156, $this->currRuleInfo);
472
- if ($isProtect) return true;
473
- }
474
- }
475
- if (isset($rules[165])) {
476
- $this->currRuleInfo = array();
477
- if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $this->request->getCookies('ecwid_oauth_state'), "ecwid_oauth_state")) {
478
- $this->request->updateRulesInfo(165, $this->currRuleInfo);
479
- if ($isProtect) return true;
480
- }
481
- }
482
- if (isset($rules[167])) {
483
- $this->currRuleInfo = array();
484
- if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $this->request->getFileNames())) &&
485
- ($this->getLength($this->request->getBody('save_bepro_listing')) > 0)) {
486
- $this->request->updateRulesInfo(167, $this->currRuleInfo);
487
- if ($isProtect) return true;
488
- }
489
- }
490
- if (isset($rules[168])) {
491
- $this->currRuleInfo = array();
492
- if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME'))) &&
493
- ($this->equals('master-slider', $this->request->getQueryString('page'))) &&
494
- ($this->getLength($this->request->getBody('page')) > 0) &&
495
- ($this->notEquals('master-slider', $this->request->getBody('page')))) {
496
- $this->request->updateRulesInfo(168, $this->currRuleInfo);
497
- if ($isProtect) return true;
498
- }
499
- }
500
- if (isset($rules[169])) {
501
- $this->currRuleInfo = array();
502
- if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
503
- ($this->match(BVWPFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
504
- $this->request->updateRulesInfo(169, $this->currRuleInfo);
505
- if ($isProtect) return true;
506
- }
507
- }
508
- if (isset($rules[171])) {
509
- $this->currRuleInfo = array();
510
- if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $this->request->getPath())) or
511
- ($this->match('#/wp/v\\d+/posts/#i', $this->request->getQueryString('rest_route'), "rest_route"))) &&
512
- ($this->match('/[^0-9]/', $this->request->getQueryString('id'), "id"))) {
513
- $this->request->updateRulesInfo(171, $this->currRuleInfo);
514
- if ($isProtect) return true;
515
- }
516
- }
517
- if (isset($rules[172])) {
518
- $this->currRuleInfo = array();
519
- $pattern = '`\b(?i:(?:conf(?:ig(?:ur(?:e|ation)|\.inc|_global)?)?)|settings?(?:\.?inc)?)\.php$`';
520
- if ((($this->match($pattern, $this->getServerValue('SCRIPT_FILENAME'), "SCRIPT_FILENAME")) or
521
- ($this->match($pattern, $this->request->getQueryString(), "GET")))) {
522
- $this->request->updateRulesInfo(172, $this->currRuleInfo);
523
- if ($isProtect) return true;
524
- }
525
- }
526
- if (isset($rules[173])) {
527
- $this->currRuleInfo = array();
528
- $pattern = '`(?:\.{2}[\/]+)`';
529
- if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
530
- ($this->match($pattern, $this->request->getQueryString(), "GET")) or
531
- ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
532
- ($this->match($pattern, $this->request->getHeader('User-Agent'), "HEADER")))) {
533
- $this->request->updateRulesInfo(173, $this->currRuleInfo);
534
- if ($isProtect) return true;
535
- }
536
- }
537
- if (isset($rules[174])) {
538
- $this->currRuleInfo = array();
539
- $pattern = '`\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
540
- if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
541
- ($this->match($pattern, $this->request->getQueryString(), "GET")) or
542
- ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
543
- ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
544
- ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")) or
545
- ($this->match($pattern, $this->getServerValue('PATH_INFO'), "PATH_INFO")))) {
546
- $this->request->updateRulesInfo(174, $this->currRuleInfo);
547
- if ($isProtect) return true;
548
- }
549
- }
550
- if (isset($rules[175])) {
551
- $this->currRuleInfo = array();
552
- $pattern = '`\\b(?i:eval)\\s*\\(\\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\\s*\\(`';
553
- if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
554
- ($this->match($pattern, $this->request->getQueryString(), "GET")) or
555
- ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
556
- ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
557
- $this->request->updateRulesInfo(175, $this->currRuleInfo);
558
- if ($isProtect) return true;
559
- }
560
- }
561
- if (isset($rules[176])) {
562
- $this->currRuleInfo = array();
563
- $pattern = '`(?:<\\?(?![Xx][Mm][Ll]).*?(?:\\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|(?:ex|im)plode|file(?:_get_contents)?|fsockopen|function_exists|gzinflate|move_uploaded_file|passthru|[ep]reg_replace|phpinfo|stripslashes|strrev|substr|system|(?:shell_)?exec)\\s*(?:/\\*.+?\\*/\\s*)?\\())|#!/(?:usr|bin)/.+?\\s|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
564
- if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
565
- ($this->match($pattern, $this->request->getQueryString(), "GET")) or
566
- ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
567
- ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
568
- $this->request->updateRulesInfo(176, $this->currRuleInfo);
569
- if ($isProtect) return true;
570
- }
571
- }
572
- if (isset($rules[177])) {
573
- $this->currRuleInfo = array();
574
- if ((($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getBody()) > 2) or
575
- ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
576
- ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getCookies()) > 2) or
577
- ($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
578
- $this->request->updateRulesInfo(177, $this->currRuleInfo);
579
- if ($isProtect) return true;
580
- }
581
- }
582
- if (isset($rules[178])) {
583
- $this->currRuleInfo = array();
584
- $pattern = '`(?: \\W(?:background(-image)?|-moz-binding)\\s*:[^}]*?\\burl\\s*\\([^)]+?(https?:)?//\\w|<(?i:applet|div|embed|form|i?frame(?:set)?|i(?:mg|sindex)|link|m(?:eta|arquee)|object|script|textarea)\\b.*=.*?>|\\bdocument\\s*\\.\\s*(?:body|cookie|domain|location|open|write(?:ln)?)\\b|\\blocation\\s*\\.\\s*(?:href|replace)\\b|\\bwindow\\s*\\.\\s*(?:open|location)\\b|\\b(?:alert|confirm|eval|expression|prompt|set(?:Timeout|Interval)|String\\s*\\.\\s*fromCharCode|\\.\\s*substr)\\b\\s*\\(.*?\\)|(?i)<\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>.*?<\\s*/\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>|(?i)<[a-z].+?\\bon[a-z]{3,29}\\b\\s*=.{5}|(?i)<.+?\\bon[a-z]{3,29}\\b\\s*=\\s*[\'"](?!\\s*return false\\b).*?[\'"].+?>|(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>|<.+?(?i)\\b(?:href|(?:form)?action|background|code|data|location|name|poster|src|value)\\s*=\\s*[\'"]?(?:(?:f|ht)tps?:)?//\\w+\\.\\w|\\batob\\s*(?:[\'"\\x60]\\s*\\]\\s*)?\\(\\s*([\'"\\x60])[a-zA-Z0-9/+=]+\\1\\s*\\)|<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?> |<x:script\\b.*?>.*?</x:script.*?>|\\+A(?:Dw|ACIAPgA8)-.+?\\+AD4(?:APAAi)?-|[{}+[\\]\\s]\\+\\s*\\[\\s*]\\s*\\)\\s*\\[[{!}+[\\]\\s]|(?i)<[a-z]+/[a-z]+.+?=.+?>|\\[\\s*\\]\\s*\\[\\s*[\'"\\x60]filter[\'"\\x60]\\s*\\]\\s*\\[\\s*[\'"\\x60]constructor[\'"\\x60]\\s*\\]\\s*\\(\\s*|\\b(?:document|window|this)\\s*\\[.+?\\]\\s*[\\[(]|(?:(?:\\b(?:self|this|top|window)\\s*\\[.+?\\]|\\(\\s*(?:alert|confirm|eval|expression|prompt)\\s*\\)|\\[.*?\\]\\s*\\.\\s*find)|(?:\\.\\s*(?:re(?:ject|place)|constructor)))\\s*\\(.*?\\)|\\b(\\w+)\\s*=\\s*(?:alert|confirm|eval|expression|prompt)\\s*[;,]\\1\\s*\\(.*?\\))`';
585
- if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
586
- ($this->match($pattern, $this->request->getQueryString(), "GET")) or
587
- ($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
588
- ($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
589
- ($this->match($pattern, $this->request->getHeader('Referer'), "Referer")))) {
590
- $this->request->updateRulesInfo(178, $this->currRuleInfo);
591
- if ($isProtect) return true;
592
- }
593
- }
594
- return false;
595
- }
596
- }
597
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
protect/wp_lp/config.php DELETED
@@ -1,82 +0,0 @@
1
- <?php
2
-
3
- if (!defined('ABSPATH')) exit;
4
- if (!class_exists('BVWPLPConfig')) :
5
- class BVWPLPConfig {
6
- public $db;
7
- public $settings;
8
- public static $requests_table = 'lp_requests';
9
-
10
- #mode
11
- const DISABLED = 1;
12
- const AUDIT = 2;
13
- const PROTECT = 3;
14
-
15
- public function __construct($db, $settings) {
16
- $this->db = $db;
17
- $this->settings = $settings;
18
- }
19
-
20
- public function setMode($mode) {
21
- if (!$mode) {
22
- $this->settings->deleteOption('bvlpmode');
23
- } else {
24
- $this->settings->updateOption('bvlpmode', intval($mode));
25
- }
26
- }
27
-
28
- public function setCaptchaLimit($count) {
29
- if (!$count) {
30
- $this->settings->deleteOption('bvlpcaptchaLimit');
31
- } else {
32
- $this->settings->updateOption('bvlpcaptchaLimit', intval($count));
33
- }
34
- }
35
-
36
- public function setTempBlockLimit($count) {
37
- if (!$count) {
38
- $this->settings->deleteOption('bvlptempblocklimit');
39
- } else {
40
- $this->settings->updateOption('bvlptempblocklimit', intval($count));
41
- }
42
- }
43
-
44
- public function setBlockAllLimit($count) {
45
- if (!$count) {
46
- $this->settings->deleteOption('bvlpblockalllimit');
47
- } else {
48
- $this->settings->updateOption('bvlpblockalllimit', intval($count));
49
- }
50
- }
51
-
52
- public function getMode() {
53
- $mode = $this->settings->getOption('bvlpmode');
54
- return intval($mode ? $mode : BVWPLPConfig::DISABLED);
55
- }
56
-
57
- public function getCaptchaLimit() {
58
- $limit = $this->settings->getOption('bvlpcaptchalimit');
59
- return ($limit ? $limit : 3);
60
- }
61
-
62
- public function getTempBlockLimit() {
63
- $limit = $this->settings->getOption('bvlptempblocklimit');
64
- return ($limit ? $limit : 10);
65
- }
66
-
67
- public function getBlockAllLimit() {
68
- $limit = $this->settings->getOption('bvlpblockAlllimit');
69
- return ($limit ? $limit : 100);
70
- }
71
-
72
- public function clear() {
73
- $this->setMode(false);
74
- $this->setCaptchaLimit(false);
75
- $this->setTempBlockLimit(false);
76
- $this->setBlockAllLimit(false);
77
- $this->db->dropBVTable(BVWPLPConfig::$requests_table);
78
- $this->settings->deleteOption('bvptplug');
79
- return true;
80
- }
81
- }
82
- endif;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
- Stable tag: 3.4
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -218,6 +218,10 @@ FTP details input into MalCare is processed on our servers. We need your FTP cre
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
 
 
 
 
221
  = 3.4 =
222
  * Plugin branding fixes
223
 
6
  Requires at least: 4.0
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
+ Stable tag: 3.5
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
221
+ = 3.5 =
222
+ * Firewall in prepend mode
223
+ * Robust Firewall and Login protection
224
+
225
  = 3.4 =
226
  * Plugin branding fixes
227
 
recover.php CHANGED
@@ -44,4 +44,4 @@ if (!class_exists('MCRecover')) :
44
  return $account;
45
  }
46
  }
47
- endif;
44
  return $account;
45
  }
46
  }
47
+ endif;
wp_actions.php CHANGED
@@ -36,8 +36,7 @@ if (!class_exists('MCWPAction')) :
36
  }
37
 
38
  public static function uninstall() {
39
- do_action('clear_lp_config');
40
- do_action('clear_fw_config');
41
  do_action('clear_ip_store');
42
  ##CLEARDYNSYNCCONFIG##
43
  }
36
  }
37
 
38
  public static function uninstall() {
39
+ do_action('clear_pt_config');
 
40
  do_action('clear_ip_store');
41
  ##CLEARDYNSYNCCONFIG##
42
  }
wp_admin.php CHANGED
@@ -6,11 +6,13 @@ class MCWPAdmin {
6
  public $settings;
7
  public $siteinfo;
8
  public $account;
 
9
  public $bvinfo;
10
 
11
- function __construct($settings, $siteinfo) {
12
  $this->settings = $settings;
13
  $this->siteinfo = $siteinfo;
 
14
  $this->bvinfo = new MCInfo($this->settings);
15
  }
16
 
@@ -22,6 +24,27 @@ class MCWPAdmin {
22
  }
23
  }
24
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
25
  public function initHandler() {
26
  if (!current_user_can('activate_plugins'))
27
  return;
@@ -56,14 +79,19 @@ class MCWPAdmin {
56
  }
57
 
58
  public function menu() {
59
- $brand = $this->bvinfo->getBrandInfo();
60
- if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
61
- $bname = $this->bvinfo->getBrandName();
62
- $pubkey = array_keys(MCAccount::accountsByPlugname($this->settings))[0];
63
- $this->account = MCAccount::find($this->settings, $pubkey);
64
- add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
65
- array($this, 'adminPage'), plugins_url('img/icon.png', __FILE__ ));
 
 
 
66
  }
 
 
67
  }
68
 
69
  public function hidePluginDetails($plugin_metas, $slug) {
@@ -90,18 +118,10 @@ class MCWPAdmin {
90
  }
91
 
92
  public function getPluginLogo() {
93
- $brand = $this->bvinfo->getBrandInfo();
94
- if ($brand && array_key_exists('logo', $brand)) {
95
- return $brand['logo'];
96
- }
97
  return $this->bvinfo->logo;
98
  }
99
 
100
  public function getWebPage() {
101
- $brand = $this->bvinfo->getBrandInfo();
102
- if ($brand && array_key_exists('webpage', $brand)) {
103
- return $brand['webpage'];
104
- }
105
  return $this->bvinfo->webpage;
106
  }
107
 
@@ -138,7 +158,7 @@ class MCWPAdmin {
138
  }
139
 
140
  public function adminPage() {
141
- require_once dirname( __FILE__ ) . '/admin/main_page.php';
142
  }
143
 
144
  public function initBranding($plugins) {
@@ -148,32 +168,28 @@ class MCWPAdmin {
148
  return $plugins;
149
  }
150
 
151
- $brand = $this->bvinfo->getBrandInfo();
152
- if ($brand) {
153
- if (array_key_exists('hide', $brand)) {
154
- unset($plugins[$slug]);
155
- } else {
156
- if (array_key_exists('name', $brand)) {
157
- $plugins[$slug]['Name'] = $brand['name'];
158
- }
159
- if (array_key_exists('title', $brand)) {
160
- $plugins[$slug]['Title'] = $brand['title'];
161
- }
162
- if (array_key_exists('description', $brand)) {
163
- $plugins[$slug]['Description'] = $brand['description'];
164
- }
165
- if (array_key_exists('authoruri', $brand)) {
166
- $plugins[$slug]['AuthorURI'] = $brand['authoruri'];
167
- }
168
- if (array_key_exists('author', $brand)) {
169
- $plugins[$slug]['Author'] = $brand['author'];
170
- }
171
- if (array_key_exists('authorname', $brand)) {
172
- $plugins[$slug]['AuthorName'] = $brand['authorname'];
173
- }
174
- if (array_key_exists('pluginuri', $brand)) {
175
- $plugins[$slug]['PluginURI'] = $brand['pluginuri'];
176
- }
177
  }
178
  }
179
  return $plugins;
6
  public $settings;
7
  public $siteinfo;
8
  public $account;
9
+ public $bvapi;
10
  public $bvinfo;
11
 
12
+ function __construct($settings, $siteinfo, $bvapi) {
13
  $this->settings = $settings;
14
  $this->siteinfo = $siteinfo;
15
+ $this->bvapi = $bvapi;
16
  $this->bvinfo = new MCInfo($this->settings);
17
  }
18
 
24
  }
25
  }
26
 
27
+ public function removeAdminNotices() {
28
+ if (array_key_exists('page', $_REQUEST) && $_REQUEST['page'] == $this->bvinfo->plugname) {
29
+ remove_all_actions('admin_notices');
30
+ remove_all_actions('all_admin_notices');
31
+ }
32
+ }
33
+
34
+ public function cwBrandInfo() {
35
+ return array(
36
+ 'name' => "CloudWays WordPress Security, Firewall",
37
+ 'title' => "Wordpress Security",
38
+ 'description' => "WordPress Security, Firewall",
39
+ 'authoruri' => "https://www.malcare.com",
40
+ 'author' => "MalCare Security",
41
+ 'authorname' => "Malcare Security",
42
+ 'pluginuri' => "https://www.malcare.com",
43
+ 'menuname' => "Cloudways Security",
44
+ 'brand_icon' => "/img/cw_icon.png"
45
+ );
46
+ }
47
+
48
  public function initHandler() {
49
  if (!current_user_can('activate_plugins'))
50
  return;
79
  }
80
 
81
  public function menu() {
82
+ $bname = $this->bvinfo->getBrandName();
83
+ $icon = $this->bvinfo->getBrandIcon();
84
+ if (isset($_SERVER['cw_allowed_ip'])) {
85
+ $brandinfo = $this->cwBrandInfo();
86
+ $bname = $brandinfo["menuname"];
87
+ $icon = $brandinfo["brand_icon"];
88
+ }
89
+ $keys = array_keys(MCAccount::accountsByPlugname($this->settings));
90
+ if (!empty($keys)) {
91
+ $this->account = MCAccount::find($this->settings, $keys[0]);
92
  }
93
+ add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
94
+ array($this, 'adminPage'), plugins_url($icon, __FILE__ ));
95
  }
96
 
97
  public function hidePluginDetails($plugin_metas, $slug) {
118
  }
119
 
120
  public function getPluginLogo() {
 
 
 
 
121
  return $this->bvinfo->logo;
122
  }
123
 
124
  public function getWebPage() {
 
 
 
 
125
  return $this->bvinfo->webpage;
126
  }
127
 
158
  }
159
 
160
  public function adminPage() {
161
+ require_once dirname( __FILE__ ) . "/admin/main_page.php";
162
  }
163
 
164
  public function initBranding($plugins) {
168
  return $plugins;
169
  }
170
 
171
+ if (isset($_SERVER['cw_allowed_ip'])) {
172
+ $brand = $this->cwBrandInfo();
173
+ if (array_key_exists('name', $brand)) {
174
+ $plugins[$slug]['Name'] = $brand['name'];
175
+ }
176
+ if (array_key_exists('title', $brand)) {
177
+ $plugins[$slug]['Title'] = $brand['title'];
178
+ }
179
+ if (array_key_exists('description', $brand)) {
180
+ $plugins[$slug]['Description'] = $brand['description'];
181
+ }
182
+ if (array_key_exists('authoruri', $brand)) {
183
+ $plugins[$slug]['AuthorURI'] = $brand['authoruri'];
184
+ }
185
+ if (array_key_exists('author', $brand)) {
186
+ $plugins[$slug]['Author'] = $brand['author'];
187
+ }
188
+ if (array_key_exists('authorname', $brand)) {
189
+ $plugins[$slug]['AuthorName'] = $brand['authorname'];
190
+ }
191
+ if (array_key_exists('pluginuri', $brand)) {
192
+ $plugins[$slug]['PluginURI'] = $brand['pluginuri'];
 
 
 
 
193
  }
194
  }
195
  return $plugins;
wp_api.php CHANGED
@@ -11,16 +11,16 @@ if (!class_exists('MCWPAPI')) :
11
 
12
  public function pingbv($method, $body, $public = false) {
13
  if ($public) {
14
- $this->create_request_params($method, $public);
15
  } else {
16
  $accounts = MCAccount::allAccounts($this->settings);
17
  foreach ($accounts as $pubkey => $value ) {
18
- $this->create_request_params($method, $pubkey);
19
  }
20
  }
21
  }
22
 
23
- public function create_request_params($method, $pubkey) {
24
  $account = MCAccount::find($this->settings, $pubkey);
25
  $url = $account->authenticatedUrl($method);
26
  $this->http_request($url, $body);
11
 
12
  public function pingbv($method, $body, $public = false) {
13
  if ($public) {
14
+ $this->create_request_params($method, $body, $public);
15
  } else {
16
  $accounts = MCAccount::allAccounts($this->settings);
17
  foreach ($accounts as $pubkey => $value ) {
18
+ $this->create_request_params($method, $body, $pubkey);
19
  }
20
  }
21
  }
22
 
23
+ public function create_request_params($method, $body, $pubkey) {
24
  $account = MCAccount::find($this->settings, $pubkey);
25
  $url = $account->authenticatedUrl($method);
26
  $this->http_request($url, $body);
wp_cli.php CHANGED
@@ -2,36 +2,116 @@
2
  if (!defined('ABSPATH')) exit;
3
  if (!class_exists('MCWPCli')) :
4
 
 
 
5
  class MCWPCli {
6
  public $settings;
 
 
 
7
 
8
- public function __construct($settings) {
9
  $this->settings = $settings;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
10
  }
11
 
12
  public function execute($args, $params) {
13
  switch ($params['action']) {
14
- case "addaccount":
15
- if (!array_key_exists('public', $params) || !array_key_exists('secret', $params)) {
16
- echo('Please enter public and secret key in the format -> wp malcare execute --method=addaccount --public=<public> --secret=<secret>');
17
- break;
18
  }
19
  $secret = $params['secret'];
20
  $pubkey = $params['public'];
21
  if (strlen($pubkey) < 32 || strlen($secret) < 32) {
22
- echo('Error -> Public key and secret key should be 32 characters long.');
23
- break;
24
  }
25
  MCAccount::addAccount($this->settings, $pubkey, $secret);
 
26
  if (MCAccount::exists($this->settings, $pubkey)) {
27
- echo('Account successfully added.');
28
  } else {
29
- echo('Adding account operation failed.');
30
  }
31
  break;
32
- default:
33
- echo('Command not found.');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
34
  break;
 
 
 
 
 
 
 
 
 
 
35
  }
36
  }
37
  }
2
  if (!defined('ABSPATH')) exit;
3
  if (!class_exists('MCWPCli')) :
4
 
5
+ require_once dirname( __FILE__ ) . '/recover.php';
6
+
7
  class MCWPCli {
8
  public $settings;
9
+ public $siteinfo;
10
+ public $bvinfo;
11
+ public $bvapi;
12
 
13
+ public function __construct($settings, $bvinfo, $bvsiteinfo, $bvapi ) {
14
  $this->settings = $settings;
15
+ $this->siteinfo = $bvsiteinfo;
16
+ $this->bvinfo = $bvinfo;
17
+ $this->bvapi = $bvapi;
18
+ }
19
+
20
+ public function request($url, $request_params = array()) {
21
+ $resp = $this->bvapi->http_request($url, $request_params);
22
+ $this->handle_response($resp);
23
+ }
24
+
25
+ public function handle_response($resp) {
26
+ if (empty($resp)) {
27
+ WP_CLI::error("Error in connecting to MalCare Server. Please retry after some time.");
28
+ } else if (is_wp_error($resp)) {
29
+ $error_message = "";
30
+ if (isset($resp->errors["http_request_failed"][0])) {
31
+ $error_message = $resp->errors["http_request_failed"][0];
32
+ } else {
33
+ $error_message = "WPError request params empty";
34
+ }
35
+ WP_CLI::error("{$error_message} . Please retry after sometime or contact us.");
36
+ } else {
37
+ if (isset($resp["response"])) {
38
+ if (isset($resp["response"]["code"])) {
39
+ $resp_code = $resp["response"]["code"];
40
+ if ($resp_code == 200) {
41
+ if (isset($resp["body"])) {
42
+ $body = json_decode($resp["body"], true);
43
+ if (isset($body["error"])) {
44
+ WP_CLI::error("code: {$resp_code} -- message: {$body["error"]} . Please retry or contact us");
45
+ } else if (isset($body["message"])) {
46
+ WP_CLI::success("code: {$resp_code} -- message: {$body["message"]}");
47
+ } else {
48
+ WP_CLI::error("Invalid Response. Please retry or contact us.");
49
+ }
50
+ } else {
51
+ WP_CLI::error("Invalid Response. Please retry or contact us.");
52
+ }
53
+ } else {
54
+ if (isset($resp["response"]["message"])) {
55
+ WP_CLI::error("code: {$resp_code} -- message: {$resp["response"]["message"]} . Please retry or contact us");
56
+ } else {
57
+ WP_CLI::error("Invalid Response. Please retry or contact us.");
58
+ }
59
+ }
60
+ } else {
61
+ WP_CLI::error("Invalid Response. Please retry or contact us.");
62
+ }
63
+ } else {
64
+ WP_CLI::error("Invalid Response. Please retry or contact us.");
65
+ }
66
+ }
67
  }
68
 
69
  public function execute($args, $params) {
70
  switch ($params['action']) {
71
+ case "setkeys":
72
+ if (!isset($params['public']) || !isset($params['secret'])) {
73
+ WP_CLI::error('Please enter valid public and secret keys.');
 
74
  }
75
  $secret = $params['secret'];
76
  $pubkey = $params['public'];
77
  if (strlen($pubkey) < 32 || strlen($secret) < 32) {
78
+ WP_CLI::error('Public key and secret key should be 32 characters long.');
 
79
  }
80
  MCAccount::addAccount($this->settings, $pubkey, $secret);
81
+ MCAccount::updateApiPublicKey($this->settings, $pubkey);
82
  if (MCAccount::exists($this->settings, $pubkey)) {
83
+ WP_CLI::success('Keys Setup Successfully.');
84
  } else {
85
+ WP_CLI::error('Keys Setup Failed.');
86
  }
87
  break;
88
+ case "register":
89
+ $request_params = array_merge($this->siteinfo->info(), $this->bvinfo->info());
90
+ $request_params['bvpublic'] = MCAccount::getApiPublicKey($this->settings);
91
+ $request_params['bvsecret'] = MCRecover::defaultSecret($this->settings);
92
+ $url = $this->bvinfo->appUrl()."/wpcli/register";
93
+ foreach (preg_grep('#time|customer_id|host_id|action|sig|site_id|email|password#i', array_keys($params)) as $key ) {
94
+ $request_params[$key] = $params[$key];
95
+ }
96
+ $this->request($url, $request_params);
97
+ break;
98
+ case "disable_fw":
99
+ $account = MCAccount::apiPublicAccount($this->settings);
100
+ if (!$account) {
101
+ WP_CLI::error('Account not found');
102
+ }
103
+ $this->request($account->authenticatedUrl('/bvapi/disable_fw'));
104
  break;
105
+ case "enable_fw":
106
+ $account = MCAccount::apiPublicAccount($this->settings);
107
+ if (!$account) {
108
+ WP_CLI::error('Account not found.');
109
+ }
110
+ $this->request($account->authenticatedUrl('/bvapi/enable_fw'));
111
+ break;
112
+
113
+ default:
114
+ WP_CLI::error('Please Enter a valid action');
115
  }
116
  }
117
  }
wp_db.php CHANGED
@@ -168,5 +168,19 @@ class MCWPDb {
168
  $table = $this->getBVTable($name);
169
  return $wpdb->replace($table, $value);
170
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
171
  }
172
- endif;
168
  $table = $this->getBVTable($name);
169
  return $wpdb->replace($table, $value);
170
  }
171
+
172
+ public function tinfo($name) {
173
+ $result = array();
174
+ $table = $this->getBVTable($name);
175
+
176
+ $result['name'] = $table;
177
+
178
+ if ($this->isTablePresent($table)) {
179
+ $result['exists'] = true;
180
+ $result['createquery'] = $this->showTableCreate($table);
181
+ }
182
+
183
+ return $result;
184
+ }
185
  }
186
+ endif;
wp_site_info.php CHANGED
@@ -39,7 +39,7 @@ class MCWPSiteInfo {
39
  return is_main_site();
40
  }
41
 
42
- public function respInfo() {
43
  $info = array();
44
  $this->basic($info);
45
  $info['dbsig'] = $this->dbsig(false);
@@ -51,12 +51,18 @@ class MCWPSiteInfo {
51
  $info['wpurl'] = $this->wpurl();
52
  $info['siteurl'] = $this->siteurl();
53
  $info['homeurl'] = $this->homeurl();
54
- $info['serverip'] = $_SERVER['SERVER_ADDR'];
 
 
55
  $info['abspath'] = ABSPATH;
56
  }
57
 
58
  public function serversig($full = false) {
59
- $sig = sha1($_SERVER['SERVER_ADDR'].ABSPATH);
 
 
 
 
60
  if ($full)
61
  return $sig;
62
  else
39
  return is_main_site();
40
  }
41
 
42
+ public function info() {
43
  $info = array();
44
  $this->basic($info);
45
  $info['dbsig'] = $this->dbsig(false);
51
  $info['wpurl'] = $this->wpurl();
52
  $info['siteurl'] = $this->siteurl();
53
  $info['homeurl'] = $this->homeurl();
54
+ if (array_key_exists('SERVER_ADDR', $_SERVER)) {
55
+ $info['serverip'] = $_SERVER['SERVER_ADDR'];
56
+ }
57
  $info['abspath'] = ABSPATH;
58
  }
59
 
60
  public function serversig($full = false) {
61
+ $sig_param = ABSPATH;
62
+ if (array_key_exists('SERVER_ADDR', $_SERVER)) {
63
+ $sig_param = $_SERVER['SERVER_ADDR'].ABSPATH;
64
+ }
65
+ $sig = sha1($sig_param);
66
  if ($full)
67
  return $sig;
68
  else