MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall - Version 3.7

Version Description

  • Removing deprecated get_magic_quotes_gpc function
  • Improving Firewall Logging
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Version 3.7
Comparing to
See all releases

Code changes from version 3.6 to 3.7

Files changed (18) hide show
  1. admin/dashboard.php +4 -0
  2. admin/{main_page.php → registration.php} +1 -8
  3. admin/top_box.php +0 -4
  4. callback/handler.php +5 -4
  5. callback/wings/db.php +26 -4
  6. callback/wings/fs.php +23 -1
  7. callback/wings/misc.php +3 -0
  8. callback/wings/protect.php +3 -3
  9. info.php +7 -2
  10. malcare.php +5 -5
  11. protect/fw/config.php +31 -9
  12. protect/fw/fw.php +54 -51
  13. protect/fw/request.php +14 -30
  14. protect/prepend/protect.php +2 -2
  15. protect/wp/protect.php +4 -4
  16. readme.txt +6 -2
  17. wp_admin.php +16 -6
  18. wp_site_info.php +4 -0
admin/dashboard.php ADDED
@@ -0,0 +1,4 @@
 
 
 
 
1
+ <div>
2
+ <iframe style="width: 99%; height: 1900px; padding-top: 13px;"src="<?=$this->account->authenticatedUrl('/malcare/access')?>">
3
+ </iframe>
4
+ </div>
admin/{main_page.php → registration.php} RENAMED
@@ -1,9 +1,3 @@
1
- <?php if (MCAccount::isConfigured($this->settings)) { ?>
2
- <div>
3
- <iframe style="width: 99%; height: 1900px; padding-top: 13px;"src="<?=$this->account->authenticatedUrl('/malcare/access')?>">
4
- </iframe>
5
- </div>
6
- <?php } else { ?>
7
  <div id="content-wrapper" style="width: 99%;">
8
  <!-- Content HTML goes here -->
9
  <div class="mui-container-fluid">
@@ -94,5 +88,4 @@
94
  <div class="mui-container mui--text-center" style="margin-top: 10px;">
95
  Made with ♥ by <a href="https://blogvault.net"><img src="<?php echo plugins_url('../img/bv.png', __FILE__); ?>" /></a>
96
  </div>
97
- </footer>
98
- <?php } ?>
 
 
 
 
 
 
1
  <div id="content-wrapper" style="width: 99%;">
2
  <!-- Content HTML goes here -->
3
  <div class="mui-container-fluid">
88
  <div class="mui-container mui--text-center" style="margin-top: 10px;">
89
  Made with ♥ by <a href="https://blogvault.net"><img src="<?php echo plugins_url('../img/bv.png', __FILE__); ?>" /></a>
90
  </div>
91
+ </footer>
 
admin/top_box.php CHANGED
@@ -1,7 +1,3 @@
1
- <?php if (!MCAccount::isConfigured($this->settings)) { ?>
2
- <div class="mui--text-title main-title">Are you Hacked? Scan Your Website for FREE.</div>
3
- <br/><br/>
4
- <?php } ?>
5
  <div style= "width: 800px; margin: 20px auto; overflow: hidden;">
6
  <div style="width: 49%; float: left; border-right: 2px solid #333;">
7
  <iframe width="380" height="215" src="https://www.youtube.com/embed/rBuYh2dIadk"></iframe>
 
 
 
 
1
  <div style= "width: 800px; margin: 20px auto; overflow: hidden;">
2
  <div style="width: 49%; float: left; border-right: 2px solid #333;">
3
  <iframe width="380" height="215" src="https://www.youtube.com/embed/rBuYh2dIadk"></iframe>
callback/handler.php CHANGED
@@ -10,6 +10,7 @@ if (!class_exists('BVCallbackHandler')) :
10
  public $request;
11
  public $account;
12
  public $response;
 
13
 
14
  public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
15
  $this->db = $db;
@@ -18,6 +19,7 @@ if (!class_exists('BVCallbackHandler')) :
18
  $this->request = $request;
19
  $this->account = $account;
20
  $this->response = $response;
 
21
  }
22
 
23
  public function bvAdmExecuteWithoutUser() {
@@ -30,17 +32,16 @@ if (!class_exists('BVCallbackHandler')) :
30
 
31
  public function execute($resp = array()) {
32
  $this->routeRequest();
33
- $bvinfo = new MCInfo($this->settings);
34
  $resp = array(
35
  "request_info" => $this->request->info(),
36
  "site_info" => $this->siteinfo->info(),
37
  "account_info" => $this->account->info(),
38
- "bvinfo" => $bvinfo->info(),
39
  "api_pubkey" => substr(MCAccount::getApiPublicKey($this->settings), 0, 8)
40
  );
41
  $this->response->terminate($resp);
42
  }
43
-
44
  public function routeRequest() {
45
  switch ($this->request->wing) {
46
  case 'manage':
@@ -103,4 +104,4 @@ if (!class_exists('BVCallbackHandler')) :
103
  return 1;
104
  }
105
  }
106
- endif;
10
  public $request;
11
  public $account;
12
  public $response;
13
+ public $bvinfo;
14
 
15
  public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
16
  $this->db = $db;
19
  $this->request = $request;
20
  $this->account = $account;
21
  $this->response = $response;
22
+ $this->bvinfo = new MCInfo($this->settings);
23
  }
24
 
25
  public function bvAdmExecuteWithoutUser() {
32
 
33
  public function execute($resp = array()) {
34
  $this->routeRequest();
 
35
  $resp = array(
36
  "request_info" => $this->request->info(),
37
  "site_info" => $this->siteinfo->info(),
38
  "account_info" => $this->account->info(),
39
+ "bvinfo" => $this->bvinfo->info(),
40
  "api_pubkey" => substr(MCAccount::getApiPublicKey($this->settings), 0, 8)
41
  );
42
  $this->response->terminate($resp);
43
  }
44
+
45
  public function routeRequest() {
46
  switch ($this->request->wing) {
47
  case 'manage':
104
  return 1;
105
  }
106
  }
107
+ endif;
callback/wings/db.php CHANGED
@@ -9,9 +9,13 @@ class BVDBCallback extends BVCallbackBase {
9
  public $stream;
10
  public $account;
11
 
 
 
12
  public function __construct($callback_handler) {
13
  $this->db = $callback_handler->db;
14
  $this->account = $callback_handler->account;
 
 
15
  }
16
 
17
  public function getLastID($pkeys, $end_row) {
@@ -64,6 +68,24 @@ class BVDBCallback extends BVCallbackBase {
64
  $db = $this->db;
65
  $params = $request->params;
66
  $stream_init_info = BVStream::startStream($this->account, $request);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
67
  if (array_key_exists('stream', $stream_init_info)) {
68
  $this->stream = $stream_init_info['stream'];
69
  switch ($request->method) {
@@ -140,17 +162,17 @@ class BVDBCallback extends BVCallbackBase {
140
  $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
141
  break;
142
  case "tblexists":
143
- $resp = array("tblexists" => $db->isTablePresent($params['tablename']));
144
  break;
145
  case "crttbl":
146
  $usedbdelta = array_key_exists('usedbdelta', $params);
147
- $resp = array("crttbl" => $db->createTable($params['query'], $params['tablename'], $usedbdelta));
148
  break;
149
  case "drptbl":
150
- $resp = array("drptbl" => $db->dropBVTable($params['name']));
151
  break;
152
  case "trttbl":
153
- $resp = array("trttbl" => $db->truncateBVTable($params['name']));
154
  break;
155
  case "altrtbl":
156
  $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
9
  public $stream;
10
  public $account;
11
 
12
+ public static $bvTables = array("fw_requests", "lp_requests", "ip_store");
13
+
14
  public function __construct($callback_handler) {
15
  $this->db = $callback_handler->db;
16
  $this->account = $callback_handler->account;
17
+ $this->siteinfo = $callback_handler->siteinfo;
18
+ $this->bvinfo = $callback_handler->bvinfo;
19
  }
20
 
21
  public function getLastID($pkeys, $end_row) {
68
  $db = $this->db;
69
  $params = $request->params;
70
  $stream_init_info = BVStream::startStream($this->account, $request);
71
+
72
+ if($this->siteinfo->isCWServer() && !$this->bvinfo->canOverrideCW()) {
73
+ $bv_table = $params['table'];
74
+ if (!empty($bv_table)) {
75
+ $allowed = false;
76
+ foreach(BVDBCallback::$bvTables as $table) {
77
+ if ($bv_table == $table || $bv_table == $db->getBVTable($table)) {
78
+ $allowed = true;
79
+ break;
80
+ }
81
+ }
82
+ if (!$allowed) {
83
+ return $stream_init_info;
84
+ }
85
+ }
86
+ }
87
+
88
+
89
  if (array_key_exists('stream', $stream_init_info)) {
90
  $this->stream = $stream_init_info['stream'];
91
  switch ($request->method) {
162
  $resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
163
  break;
164
  case "tblexists":
165
+ $resp = array("tblexists" => $db->isTablePresent($params['table']));
166
  break;
167
  case "crttbl":
168
  $usedbdelta = array_key_exists('usedbdelta', $params);
169
+ $resp = array("crttbl" => $db->createTable($params['query'], $params['table'], $usedbdelta));
170
  break;
171
  case "drptbl":
172
+ $resp = array("drptbl" => $db->dropBVTable($params['table']));
173
  break;
174
  case "trttbl":
175
+ $resp = array("trttbl" => $db->truncateBVTable($params['table']));
176
  break;
177
  case "altrtbl":
178
  $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
callback/wings/fs.php CHANGED
@@ -8,8 +8,12 @@ class BVFSCallback extends BVCallbackBase {
8
  public $stream;
9
  public $account;
10
 
 
 
11
  public function __construct($callback_handler) {
12
  $this->account = $callback_handler->account;
 
 
13
  }
14
 
15
  function fileStat($relfile) {
@@ -262,6 +266,24 @@ class BVFSCallback extends BVCallbackBase {
262
  function process($request) {
263
  $params = $request->params;
264
  $stream_init_info = BVStream::startStream($this->account, $request);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
265
  if (array_key_exists('stream', $stream_init_info)) {
266
  $this->stream = $stream_init_info['stream'];
267
  switch ($request->method) {
@@ -356,4 +378,4 @@ class BVFSCallback extends BVCallbackBase {
356
  return $resp;
357
  }
358
  }
359
- endif;
8
  public $stream;
9
  public $account;
10
 
11
+ public static $cwAllowedFiles = array(".htaccess", ".user.ini", "malcare-waf.php");
12
+
13
  public function __construct($callback_handler) {
14
  $this->account = $callback_handler->account;
15
+ $this->siteinfo = $callback_handler->siteinfo;
16
+ $this->bvinfo = $callback_handler->bvinfo;
17
  }
18
 
19
  function fileStat($relfile) {
266
  function process($request) {
267
  $params = $request->params;
268
  $stream_init_info = BVStream::startStream($this->account, $request);
269
+
270
+ if($this->siteinfo->isCWServer() && !$this->bvinfo->canOverrideCW()) {
271
+ if(array_key_exists('initdir', $params)) {
272
+ return $stream_init_info;
273
+ }
274
+
275
+ if (array_key_exists('files', $params)) {
276
+ $files = $params['files'];
277
+
278
+ foreach($files as $file) {
279
+ if (!in_array($file, BVFSCallback::$cwAllowedFiles)) {
280
+ return $stream_init_info;
281
+ }
282
+ }
283
+ }
284
+ }
285
+
286
+
287
  if (array_key_exists('stream', $stream_init_info)) {
288
  $this->stream = $stream_init_info['stream'];
289
  switch ($request->method) {
378
  return $resp;
379
  }
380
  }
381
+ endif;
callback/wings/misc.php CHANGED
@@ -68,6 +68,9 @@ class BVMiscCallback extends BVCallbackBase {
68
  case "dlttrsnt":
69
  $resp = array("dlttrsnt" => $settings->deleteTransient($params['key']));
70
  break;
 
 
 
71
  default:
72
  $resp = false;
73
  }
68
  case "dlttrsnt":
69
  $resp = array("dlttrsnt" => $settings->deleteTransient($params['key']));
70
  break;
71
+ case "ovrcwoptn":
72
+ $resp = array("ovrcwoptn" => $settings->updateOption('bvoverridecw', true));
73
+ break;
74
  default:
75
  $resp = false;
76
  }
callback/wings/protect.php CHANGED
@@ -90,7 +90,7 @@ class BVProtectCallback extends BVCallbackBase {
90
 
91
  public function writeToMcDataFile($fname, $content, $confkey, $permissions) {
92
  $result = array();
93
- if (in_array($fname, BVFWConfig::VALID_MC_DATA_FILENAMES)) {
94
 
95
  $mcDataPath = $this->mcDataPath();
96
 
@@ -435,7 +435,7 @@ auto_prepend_file = '%s'
435
  break;
436
  case "rmmcdta":
437
  $name = $params['name'];
438
- if (in_array($name, BVFWConfig::VALID_DELETABLE_FILES)) {
439
  switch($name) {
440
  case "mc.conf":
441
  $name = $this->mcConfigFilePath($params['confkey']);
@@ -508,4 +508,4 @@ auto_prepend_file = '%s'
508
  return $resp;
509
  }
510
  }
511
- endif;
90
 
91
  public function writeToMcDataFile($fname, $content, $confkey, $permissions) {
92
  $result = array();
93
+ if (in_array($fname, BVFWConfig::$validMcDataFilenames)) {
94
 
95
  $mcDataPath = $this->mcDataPath();
96
 
435
  break;
436
  case "rmmcdta":
437
  $name = $params['name'];
438
+ if (in_array($name, BVFWConfig::$validDeletableFiles)) {
439
  switch($name) {
440
  case "mc.conf":
441
  $name = $this->mcConfigFilePath($params['confkey']);
508
  return $resp;
509
  }
510
  }
511
+ endif;
info.php CHANGED
@@ -9,7 +9,7 @@ if (!class_exists('MCInfo')) :
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
- public $version = '3.6';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
@@ -21,6 +21,11 @@ if (!class_exists('MCInfo')) :
21
  $this->settings = $settings;
22
  }
23
 
 
 
 
 
 
24
  public function getBrandInfo() {
25
  return $this->settings->getOption($this->brand_option);
26
  }
@@ -93,4 +98,4 @@ if (!class_exists('MCInfo')) :
93
  );
94
  }
95
  }
96
- endif;
9
  public $badgeinfo = 'mcbadge';
10
  public $ip_header_option = 'mcipheader';
11
  public $brand_option = 'mcbrand';
12
+ public $version = '3.7';
13
  public $webpage = 'https://www.malcare.com';
14
  public $appurl = 'https://app.malcare.com';
15
  public $slug = 'malcare-security/malcare.php';
21
  $this->settings = $settings;
22
  }
23
 
24
+ public function canOverrideCW() {
25
+ $scanOption = $this->settings->getOption('bvoverridecw');
26
+ return (isset($scanOption) && $scanOption == 1);
27
+ }
28
+
29
  public function getBrandInfo() {
30
  return $this->settings->getOption($this->brand_option);
31
  }
98
  );
99
  }
100
  }
101
+ endif;
malcare.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.malcare.com
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
- Version: 3.6
9
  Network: True
10
  */
11
 
@@ -54,10 +54,10 @@ register_deactivation_hook(__FILE__, array($wp_action, 'deactivate'));
54
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
55
 
56
  if (defined('WP_CLI') && WP_CLI) {
57
- require_once dirname( __FILE__ ) . '/wp_cli.php';
58
- $wp_cli = new MCWPCli($bvsettings, $bvinfo, $bvsiteinfo, $bvapi);
59
- WP_CLI::add_command('malcare', $wp_cli);
60
- }
61
 
62
  if (is_admin()) {
63
  require_once dirname( __FILE__ ) . '/wp_admin.php';
5
  Description: WordPress Security, Firewall and Malware Scanner
6
  Author: MalCare Security
7
  Author URI: https://www.malcare.com
8
+ Version: 3.7
9
  Network: True
10
  */
11
 
54
  add_action('wp_footer', array($wp_action, 'footerHandler'), 100);
55
 
56
  if (defined('WP_CLI') && WP_CLI) {
57
+ require_once dirname( __FILE__ ) . '/wp_cli.php';
58
+ $wp_cli = new MCWPCli($bvsettings, $bvinfo, $bvsiteinfo, $bvapi);
59
+ WP_CLI::add_command('malcare', $wp_cli);
60
+ }
61
 
62
  if (is_admin()) {
63
  require_once dirname( __FILE__ ) . '/wp_admin.php';
protect/fw/config.php CHANGED
@@ -7,12 +7,14 @@ class BVFWConfig {
7
  public $mode;
8
  public $requestProfilingMode;
9
  public $roleLevel;
10
- public $cookieMode;
 
11
  public $bypassLevel;
12
  public $customRoles;
13
  public $cookieKey;
14
  public $cookiePath;
15
  public $cookieDomain;
 
16
 
17
  public static $requests_table = 'fw_requests';
18
  public static $roleLevels = array(
@@ -26,7 +28,9 @@ class BVFWConfig {
26
  function __construct($confHash) {
27
  $this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVFWConfig::DISABLED;
28
  $this->requestProfilingMode = array_key_exists('reqprofilingmode', $confHash) ? intval($confHash['reqprofilingmode']) : BVFWConfig::REQ_PROFILING_MODE_DISABLED;
29
- $this->cookieMode = array_key_exists('cookiemode', $confHash) ? intval($confHash['cookiemode']) : BVFWConfig::COOKIE_MODE_DISABLED;
 
 
30
  $this->bypassLevel = array_key_exists('bypasslevel', $confHash) ? intval($confHash['bypasslevel']) : BVFWConfig::ROLE_LEVEL_CONTRIBUTOR;
31
  $this->customRoles = array_key_exists('customroles', $confHash) ? $confHash['customroles'] : array();
32
  $this->cookieKey = array_key_exists('cookiekey', $confHash) ? $confHash['cookiekey'] : "";
@@ -44,9 +48,13 @@ class BVFWConfig {
44
  const REQ_PROFILING_MODE_NORMAL = 2;
45
  const REQ_PROFILING_MODE_DEBUG = 3;
46
 
47
- #Cookie Mode
48
- const COOKIE_MODE_ENABLED = 1;
49
- const COOKIE_MODE_DISABLED = 2;
 
 
 
 
50
 
51
  #Role Level
52
  const ROLE_LEVEL_SUBSCRIBER = 1;
@@ -63,10 +71,16 @@ class BVFWConfig {
63
  const MODE_NGINX = 4;
64
  const MODE_LITESPEED = 5;
65
  const MODE_IIS = 6;
 
 
 
 
 
 
66
 
67
  #Valid mc_data filenames
68
- const VALID_MC_DATA_FILENAMES = ['mc.conf', 'mc_ips.conf'];
69
- const VALID_DELETABLE_FILES = ['mc.conf', 'mc_ips.conf', 'malcare-waf.php', 'mc.log', 'mc_data'];
70
 
71
  public function isActive() {
72
  return ($this->mode !== BVFWConfig::DISABLED);
@@ -88,8 +102,16 @@ class BVFWConfig {
88
  return ($this->requestProfilingMode !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
89
  }
90
 
91
- public function canSetCookie() {
92
- return ($this->cookieMode === BVFWConfig::COOKIE_MODE_ENABLED);
 
 
 
 
 
 
 
 
93
  }
94
  }
95
  endif;
7
  public $mode;
8
  public $requestProfilingMode;
9
  public $roleLevel;
10
+ public $ipCookieMode;
11
+ public $adminCookieMode;
12
  public $bypassLevel;
13
  public $customRoles;
14
  public $cookieKey;
15
  public $cookiePath;
16
  public $cookieDomain;
17
+ public $loggingMode;
18
 
19
  public static $requests_table = 'fw_requests';
20
  public static $roleLevels = array(
28
  function __construct($confHash) {
29
  $this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVFWConfig::DISABLED;
30
  $this->requestProfilingMode = array_key_exists('reqprofilingmode', $confHash) ? intval($confHash['reqprofilingmode']) : BVFWConfig::REQ_PROFILING_MODE_DISABLED;
31
+ $this->ipCookieMode = array_key_exists('ipcookiemode', $confHash) ? intval($confHash['ipcookiemode']) : BVFWConfig::IP_COOKIE_MODE_DISABLED;
32
+ $this->adminCookieMode = array_key_exists('admincookiemode', $confHash) ? intval($confHash['admincookiemode']) : BVFWConfig::ADMIN_COOKIE_MODE_DISABLED;
33
+ $this->loggingMode = array_key_exists('loggingmode', $confHash) ? intval($confHash['loggingmode']) : BVFWConfig::LOGGING_MODE_VISITOR;
34
  $this->bypassLevel = array_key_exists('bypasslevel', $confHash) ? intval($confHash['bypasslevel']) : BVFWConfig::ROLE_LEVEL_CONTRIBUTOR;
35
  $this->customRoles = array_key_exists('customroles', $confHash) ? $confHash['customroles'] : array();
36
  $this->cookieKey = array_key_exists('cookiekey', $confHash) ? $confHash['cookiekey'] : "";
48
  const REQ_PROFILING_MODE_NORMAL = 2;
49
  const REQ_PROFILING_MODE_DEBUG = 3;
50
 
51
+ #IP Cookie Mode
52
+ const IP_COOKIE_MODE_ENABLED = 1;
53
+ const IP_COOKIE_MODE_DISABLED = 2;
54
+
55
+ #Admin Cookie Mode
56
+ const ADMIN_COOKIE_MODE_ENABLED = 1;
57
+ const ADMIN_COOKIE_MODE_DISABLED = 2;
58
 
59
  #Role Level
60
  const ROLE_LEVEL_SUBSCRIBER = 1;
71
  const MODE_NGINX = 4;
72
  const MODE_LITESPEED = 5;
73
  const MODE_IIS = 6;
74
+
75
+ #Logging Mode
76
+ const LOGGING_MODE_VISITOR = 1;
77
+ const LOGGING_MODE_COMPLETE = 2;
78
+ const LOGGING_MODE_DISABLED = 3;
79
+
80
 
81
  #Valid mc_data filenames
82
+ public static $validMcDataFilenames = array('mc.conf', 'mc_ips.conf');
83
+ public static $validDeletableFiles = array('mc.conf', 'mc_ips.conf', 'malcare-waf.php', 'mc.log', 'mc_data');
84
 
85
  public function isActive() {
86
  return ($this->mode !== BVFWConfig::DISABLED);
102
  return ($this->requestProfilingMode !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
103
  }
104
 
105
+ public function isCompleteLoggingEnabled() {
106
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_COMPLETE);
107
+ }
108
+
109
+ public function isVisitorLoggingEnabled() {
110
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_VISITOR);
111
+ }
112
+
113
+ public function isLoggingDisabled() {
114
+ return ($this->loggingMode === BVFWConfig::LOGGING_MODE_DISABLED);
115
  }
116
  }
117
  endif;
protect/fw/fw.php CHANGED
@@ -87,7 +87,7 @@ class BVFW {
87
 
88
  public function hasValidBypassCookie() {
89
  $cookie = (string) $this->request->getCookies(BVFW::BYPASS_COOKIE);
90
- return ($this->config->canSetCookie() && ($cookie === $this->generateBypassCookie()));
91
  }
92
 
93
  public function setIPCookie() {
@@ -102,7 +102,9 @@ class BVFW {
102
 
103
  public function getBVCookies() {
104
  $cookies = array();
105
- $cookies[BVFW::IP_COOKIE] = (string) $this->request->getCookies(BVFW::IP_COOKIE);
 
 
106
  return $cookies;
107
  }
108
 
@@ -128,9 +130,12 @@ class BVFW {
128
  public function isActive() {
129
  return $this->config->isActive();
130
  }
 
 
 
131
 
132
- public function canSetCookie() {
133
- return $this->config->canSetCookie();
134
  }
135
 
136
  public function setResponseCode() {
@@ -142,16 +147,21 @@ class BVFW {
142
  return true;
143
  }
144
 
145
- public function log() {
146
- $this->setResponseCode();
147
 
148
- if ($this->config->canSetCookie()) {
149
- $canlog = !$this->hasValidBypassCookie();
150
- } else {
151
- $canlog = (!function_exists('is_user_logged_in') || !is_user_logged_in());
 
152
  }
 
 
153
 
154
- if ($canlog) {
 
 
155
  $this->logger->log($this->request->getDataToLog());
156
  }
157
  }
@@ -195,28 +205,20 @@ class BVFW {
195
  public function execute() {
196
  if ($this->config->canProfileReqInfo()) {
197
  $result = array();
198
- $result += $this->profileRequestInfo($this->request->getBody(),
199
- $this->config->isReqProfilingModeDebug(), 'BODY_');
200
 
 
 
 
 
 
 
 
201
  $result += $this->profileRequestInfo($this->request->getQueryString(),
202
- true, 'GET_');
203
-
204
  $result += $this->profileRequestInfo($this->request->getFiles(),
205
- true, 'FILES_');
206
-
207
  $result += $this->profileRequestInfo($this->getBVCookies(),
208
- true, 'COOKIES_');
209
-
210
- if (strpos($this->request->getPath(), 'admin-ajax.php') !== false) {
211
- $result += array('BODY_ADMIN_AJAX_ACTION' => $this->request->getBody('action'));
212
- $result += array('GET_ADMIN_AJAX_ACTION' => $this->request->getQueryString('action'));
213
- }
214
-
215
- if (strpos($this->request->getPath(), 'admin-post.php') !== false) {
216
- $result += array('BODY_ADMIN_POST_ACTION' => $this->request->getBody('action'));
217
- $result += array('GET_ADMIN_POST_ACTION' => $this->request->getQueryString('action'));
218
- }
219
-
220
  $this->request->updateReqInfo($result);
221
  }
222
 
@@ -252,40 +254,41 @@ class BVFW {
252
  }
253
  }
254
 
255
- public function profileRequestInfo($params, $debug = false, $prefix = '') {
256
  $result = array();
257
  if (is_array($params)) {
258
  foreach ($params as $key => $value) {
259
- $currkey = $prefix . $key;
260
  if (is_array($value)) {
261
- $result = $result + $this->profileRequestInfo($value, $debug, $currkey . '_');
262
  } else {
263
- $result[$currkey] = array();
 
264
  $valsize = $this->getLength($value);
265
- $result[$currkey]["size"] = $valsize;
266
  if ($debug === true && $valsize < 256) {
267
- $result[$currkey]["value"] = $value;
268
  continue;
269
  }
270
 
271
  if (preg_match('/^\d+$/', $value)) {
272
- $result[$currkey]["numeric"] = true;
273
  } else if (preg_match('/^\w+$/', $value)) {
274
- $result[$currkey]["regular_word"] = true;
275
  } else if (preg_match('/^\S+$/', $value)) {
276
- $result[$currkey]["special_word"] = true;
277
  } else if (preg_match('/^[\w\s]+$/', $value)) {
278
- $result[$currkey]["regular_sentence"] = true;
279
  } else if (preg_match('/^[\w\W]+$/', $value)) {
280
- $result[$currkey]["special_chars_sentence"] = true;
281
  }
282
 
283
  if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
284
  (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
285
- $result[$currkey]["ipv4"] = true;
286
  } else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
287
  (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
288
- $result[$currkey]["embeded_ipv4"] = true;
289
  } else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
290
  ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
291
  ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
@@ -295,7 +298,7 @@ class BVFW {
295
  ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
296
  (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
297
  (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
298
- $result[$currkey]["ipv6"] = true;
299
  } else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
300
  ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
301
  ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
@@ -305,35 +308,35 @@ class BVFW {
305
  ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
306
  (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
307
  (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
308
- $result[$currkey]["embeded_ipv6"] = true;
309
  }
310
 
311
  if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
312
- $result[$currkey]["email"] = true;
313
  } else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
314
- $result[$currkey]["embeded_email"] = true;
315
  }
316
 
317
  if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
318
- $result[$currkey]["link"] = true;
319
  } else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
320
- $result[$currkey]["embeded_link"] = true;
321
  }
322
 
323
  if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
324
  iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
325
  select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
326
  script|noscript|template|slot|canvas)/ix', $value)) {
327
- $result[$currkey]["embeded_html"] = true;
328
  }
329
 
330
  if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
331
  xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
332
- $result[$currkey]["file"] = true;
333
  }
334
 
335
  if ($this->matchCount(BVFW::SQLIREGEX, $value) >= 2) {
336
- $result[$currkey]["sql"] = true;
337
  }
338
  }
339
  }
87
 
88
  public function hasValidBypassCookie() {
89
  $cookie = (string) $this->request->getCookies(BVFW::BYPASS_COOKIE);
90
+ return ($this->canSetAdminCookie() && ($cookie === $this->generateBypassCookie()));
91
  }
92
 
93
  public function setIPCookie() {
102
 
103
  public function getBVCookies() {
104
  $cookies = array();
105
+ if ($this->request->getCookies(BVFW::IP_COOKIE) !== NULL) {
106
+ $cookies[BVFW::IP_COOKIE] = (string) $this->request->getCookies(BVFW::IP_COOKIE);
107
+ }
108
  return $cookies;
109
  }
110
 
130
  public function isActive() {
131
  return $this->config->isActive();
132
  }
133
+ public function canSetAdminCookie() {
134
+ return ($this->config->adminCookieMode === BVFWConfig::ADMIN_COOKIE_MODE_ENABLED);
135
+ }
136
 
137
+ public function canSetIPCookie() {
138
+ return ($this->config->ipCookieMode === BVFWConfig::IP_COOKIE_MODE_ENABLED);
139
  }
140
 
141
  public function setResponseCode() {
147
  return true;
148
  }
149
 
150
+ public function canLog() {
151
+ $canlog = false;
152
 
153
+ if ($this->config->isCompleteLoggingEnabled()) {
154
+ $canlog = true;
155
+ } else if ($this->config->isVisitorLoggingEnabled()) {
156
+ $canlog = !$this->hasValidBypassCookie() &&
157
+ (!function_exists('is_user_logged_in') || !is_user_logged_in());
158
  }
159
+ return $canlog;
160
+ }
161
 
162
+ public function log() {
163
+ if ($this->canLog()) {
164
+ $this->setResponseCode();
165
  $this->logger->log($this->request->getDataToLog());
166
  }
167
  }
205
  public function execute() {
206
  if ($this->config->canProfileReqInfo()) {
207
  $result = array();
 
 
208
 
209
+ if ($this->request->getMethod() === 'POST' &&
210
+ preg_match('/(admin-ajax.php|admin-post.php)$/', $this->request->getPath())) {
211
+ $result += $this->profileRequestInfo(array("action" => $this->request->getBody('action')),
212
+ true, 'BODY[');
213
+ }
214
+ $result += $this->profileRequestInfo($this->request->getBody(),
215
+ $this->config->isReqProfilingModeDebug(), 'BODY[');
216
  $result += $this->profileRequestInfo($this->request->getQueryString(),
217
+ true, 'GET[');
 
218
  $result += $this->profileRequestInfo($this->request->getFiles(),
219
+ true, 'FILES[');
 
220
  $result += $this->profileRequestInfo($this->getBVCookies(),
221
+ true, 'COOKIES[');
 
 
 
 
 
 
 
 
 
 
 
222
  $this->request->updateReqInfo($result);
223
  }
224
 
254
  }
255
  }
256
 
257
+ public function profileRequestInfo($params, $debug = false, $prefix = '', $obraces = 1) {
258
  $result = array();
259
  if (is_array($params)) {
260
  foreach ($params as $key => $value) {
261
+ $key = $prefix . $key;
262
  if (is_array($value)) {
263
+ $result = $result + $this->profileRequestInfo($value, $debug, $key . '[', $obraces + 1);
264
  } else {
265
+ $key = $key . str_repeat(']', $obraces);
266
+ $result[$key] = array();
267
  $valsize = $this->getLength($value);
268
+ $result[$key]["size"] = $valsize;
269
  if ($debug === true && $valsize < 256) {
270
+ $result[$key]["value"] = $value;
271
  continue;
272
  }
273
 
274
  if (preg_match('/^\d+$/', $value)) {
275
+ $result[$key]["numeric"] = true;
276
  } else if (preg_match('/^\w+$/', $value)) {
277
+ $result[$key]["regular_word"] = true;
278
  } else if (preg_match('/^\S+$/', $value)) {
279
+ $result[$key]["special_word"] = true;
280
  } else if (preg_match('/^[\w\s]+$/', $value)) {
281
+ $result[$key]["regular_sentence"] = true;
282
  } else if (preg_match('/^[\w\W]+$/', $value)) {
283
+ $result[$key]["special_chars_sentence"] = true;
284
  }
285
 
286
  if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
287
  (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
288
+ $result[$key]["ipv4"] = true;
289
  } else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
290
  (25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
291
+ $result[$key]["embeded_ipv4"] = true;
292
  } else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
293
  ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
294
  ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
298
  ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
299
  (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
300
  (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
301
+ $result[$key]["ipv6"] = true;
302
  } else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
303
  ([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
304
  ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
308
  ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
309
  (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
310
  (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
311
+ $result[$key]["embeded_ipv6"] = true;
312
  }
313
 
314
  if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
315
+ $result[$key]["email"] = true;
316
  } else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
317
+ $result[$key]["embeded_email"] = true;
318
  }
319
 
320
  if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
321
+ $result[$key]["link"] = true;
322
  } else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
323
+ $result[$key]["embeded_link"] = true;
324
  }
325
 
326
  if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
327
  iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
328
  select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
329
  script|noscript|template|slot|canvas)/ix', $value)) {
330
+ $result[$key]["embeded_html"] = true;
331
  }
332
 
333
  if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
334
  xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
335
+ $result[$key]["file"] = true;
336
  }
337
 
338
  if ($this->matchCount(BVFW::SQLIREGEX, $value) >= 2) {
339
+ $result[$key]["sql"] = true;
340
  }
341
  }
342
  }
protect/fw/request.php CHANGED
@@ -44,13 +44,13 @@ class BVWPRequest {
44
  $this->setCategory(BVWPRequest::NORMAL);
45
  $this->setStatus(BVWpRequest::ALLOWED);
46
  $this->setTimestamp(time());
47
- $this->setQueryString(BVWPRequest::removeMagicQuotes($_GET));
48
- $this->setCookies(BVWPRequest::removeMagicQuotes($_COOKIE));
49
- $this->setBody(BVWPRequest::removeMagicQuotes($_POST));
50
- $this->setFiles(BVWPRequest::removeMagicQuotes($_FILES));
51
  if (!empty($_FILES)) {
52
  foreach ($_FILES as $input => $file) {
53
- $fileNames[$input] = BVWPRequest::removeMagicQuotes($file['name']);
54
  }
55
  }
56
  $this->setFileNames($fileNames);
@@ -61,30 +61,30 @@ class BVWPRequest {
61
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
62
  $header = ucwords(strtolower($header));
63
  $header = str_replace(' ', '-', $header);
64
- $headers[$header] = BVWPRequest::removeMagicQuotes($value);
65
  }
66
  }
67
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
68
- $headers['Content-Type'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_TYPE']);
69
  }
70
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
71
- $headers['Content-Length'] = BVWPRequest::removeMagicQuotes($_SERVER['CONTENT_LENGTH']);
72
  }
73
  if (array_key_exists('REFERER', $_SERVER)) {
74
- $headers['Referer'] = BVWPRequest::removeMagicQuotes($_SERVER['REFERER']);
75
  }
76
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
77
- $headers['User-Agent'] = BVWPRequest::removeMagicQuotes($_SERVER['HTTP_USER_AGENT']);
78
  }
79
 
80
  if (array_key_exists('Host', $headers)) {
81
  $host = $headers['Host'];
82
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
83
- $host = BVWPRequest::removeMagicQuotes($_SERVER['SERVER_NAME']);
84
  }
85
 
86
- $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_METHOD']) : 'GET';
87
- $uri = array_key_exists('REQUEST_URI', $_SERVER) ? BVWPRequest::removeMagicQuotes($_SERVER['REQUEST_URI']) : '';
88
  $_uri = parse_url($uri);
89
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
90
  }
@@ -298,21 +298,5 @@ class BVWPRequest {
298
  public function getTimestamp() {
299
  return $this->timestamp;
300
  }
301
-
302
- public static function removeMagicQuotes($value) {
303
- if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
304
- return BVWPRequest::removeSlashesRecursively($value);
305
- }
306
- return $value;
307
- }
308
-
309
- public static function removeSlashesRecursively($value) {
310
- if (is_array($value)) {
311
- $value = array_map(array('self', 'removeSlashesRecursively',), $value);
312
- } else if (is_string($value)) {
313
- $value = stripslashes($value);
314
- }
315
- return $value;
316
- }
317
  }
318
- endif;
44
  $this->setCategory(BVWPRequest::NORMAL);
45
  $this->setStatus(BVWpRequest::ALLOWED);
46
  $this->setTimestamp(time());
47
+ $this->setQueryString($_GET);
48
+ $this->setCookies($_COOKIE);
49
+ $this->setBody($_POST);
50
+ $this->setFiles($_FILES);
51
  if (!empty($_FILES)) {
52
  foreach ($_FILES as $input => $file) {
53
+ $fileNames[$input] = $file['name'];
54
  }
55
  }
56
  $this->setFileNames($fileNames);
61
  $header = str_replace(array(' ', '_'), array('', ' '), $header);
62
  $header = ucwords(strtolower($header));
63
  $header = str_replace(' ', '-', $header);
64
+ $headers[$header] = $value;
65
  }
66
  }
67
  if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
68
+ $headers['Content-Type'] = $_SERVER['CONTENT_TYPE'];
69
  }
70
  if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
71
+ $headers['Content-Length'] = $_SERVER['CONTENT_LENGTH'];
72
  }
73
  if (array_key_exists('REFERER', $_SERVER)) {
74
+ $headers['Referer'] = $_SERVER['REFERER'];
75
  }
76
  if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
77
+ $headers['User-Agent'] = $_SERVER['HTTP_USER_AGENT'];
78
  }
79
 
80
  if (array_key_exists('Host', $headers)) {
81
  $host = $headers['Host'];
82
  } else if (array_key_exists('SERVER_NAME', $_SERVER)) {
83
+ $host = $_SERVER['SERVER_NAME'];
84
  }
85
 
86
+ $method = array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET';
87
+ $uri = array_key_exists('REQUEST_URI', $_SERVER) ? $_SERVER['REQUEST_URI'] : '';
88
  $_uri = parse_url($uri);
89
  $path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
90
  }
298
  public function getTimestamp() {
299
  return $this->timestamp;
300
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
301
  }
302
+ endif;
protect/prepend/protect.php CHANGED
@@ -59,7 +59,7 @@ require_once dirname( __FILE__ ) . '/logger.php';
59
 
60
  if ($fw->isActive()) {
61
 
62
- if ($fw->canSetCookie()) {
63
  $fw->setIPCookie();
64
  }
65
 
@@ -73,4 +73,4 @@ require_once dirname( __FILE__ ) . '/logger.php';
73
  }
74
 
75
  }
76
- endif;
59
 
60
  if ($fw->isActive()) {
61
 
62
+ if ($fw->canSetIPCookie()) {
63
  $fw->setIPCookie();
64
  }
65
 
73
  }
74
 
75
  }
76
+ endif;
protect/wp/protect.php CHANGED
@@ -40,12 +40,12 @@ class BVProtect {
40
 
41
  if ($fw->isActive()) {
42
 
43
- if ($fw->canSetCookie()) {
44
  add_action('init', array($fw, 'setBypassCookie'));
 
45
 
46
- if (!defined('MCFWLOADED')) {
47
- $fw->setIPCookie();
48
- }
49
  }
50
 
51
  if (!defined('MCFWLOADED')) {
40
 
41
  if ($fw->isActive()) {
42
 
43
+ if ($fw->canSetAdminCookie()) {
44
  add_action('init', array($fw, 'setBypassCookie'));
45
+ }
46
 
47
+ if (!defined('MCFWLOADED') && $fw->canSetIPCookie()) {
48
+ $fw->setIPCookie();
 
49
  }
50
 
51
  if (!defined('MCFWLOADED')) {
readme.txt CHANGED
@@ -5,8 +5,8 @@ Plugin URI: https://www.malcare.com
5
  Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.3
8
- Requires PHP: 5.3.0
9
- Stable tag: 3.6
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -218,6 +218,10 @@ FTP details input into MalCare is processed on our servers. We need your FTP cre
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
 
 
 
 
221
  = 3.6 =
222
  * WPCli to server request path updated
223
  * Authentication header added in wpcli request param
5
  Donate link: https://www.malcare.com
6
  Requires at least: 4.0
7
  Tested up to: 5.3
8
+ Requires PHP: 5.4.0
9
+ Stable tag: 3.7
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
218
  8. With BlogVault's White-Label Solution you can showcase our service under your own brilliant brand.
219
 
220
  == CHANGELOG ==
221
+ = 3.7 =
222
+ * Removing deprecated get_magic_quotes_gpc function
223
+ * Improving Firewall Logging
224
+
225
  = 3.6 =
226
  * WPCli to server request path updated
227
  * Authentication header added in wpcli request param
wp_admin.php CHANGED
@@ -81,15 +81,17 @@ class MCWPAdmin {
81
  public function menu() {
82
  $bname = $this->bvinfo->getBrandName();
83
  $icon = $this->bvinfo->getBrandIcon();
84
- if (isset($_SERVER['cw_allowed_ip'])) {
85
  $brandinfo = $this->cwBrandInfo();
86
  $bname = $brandinfo["menuname"];
87
  $icon = $brandinfo["brand_icon"];
88
  }
89
- $keys = array_keys(MCAccount::accountsByPlugname($this->settings));
90
- if (!empty($keys)) {
91
- $this->account = MCAccount::find($this->settings, $keys[0]);
 
92
  }
 
93
  add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
94
  array($this, 'adminPage'), plugins_url($icon, __FILE__ ));
95
  }
@@ -158,7 +160,15 @@ class MCWPAdmin {
158
  }
159
 
160
  public function adminPage() {
161
- require_once dirname( __FILE__ ) . "/admin/main_page.php";
 
 
 
 
 
 
 
 
162
  }
163
 
164
  public function initBranding($plugins) {
@@ -168,7 +178,7 @@ class MCWPAdmin {
168
  return $plugins;
169
  }
170
 
171
- if (isset($_SERVER['cw_allowed_ip'])) {
172
  $brand = $this->cwBrandInfo();
173
  if (array_key_exists('name', $brand)) {
174
  $plugins[$slug]['Name'] = $brand['name'];
81
  public function menu() {
82
  $bname = $this->bvinfo->getBrandName();
83
  $icon = $this->bvinfo->getBrandIcon();
84
+ if ($this->siteinfo->isCWServer()) {
85
  $brandinfo = $this->cwBrandInfo();
86
  $bname = $brandinfo["menuname"];
87
  $icon = $brandinfo["brand_icon"];
88
  }
89
+
90
+ $pub_key = MCAccount::getApiPublicKey($this->settings);
91
+ if ($pub_key && isset($pub_key)) {
92
+ $this->account = MCAccount::find($this->settings, $pub_key);
93
  }
94
+
95
  add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
96
  array($this, 'adminPage'), plugins_url($icon, __FILE__ ));
97
  }
160
  }
161
 
162
  public function adminPage() {
163
+ if (isset($_REQUEST['add_account'])) {
164
+ $this->settings->updateOption('bvoverridecw', true);
165
+ require_once dirname( __FILE__ ) . "/admin/registration.php";
166
+ } else if(MCAccount::isConfigured($this->settings)) {
167
+ require_once dirname( __FILE__ ) . "/admin/dashboard.php";
168
+ } else {
169
+ $this->settings->updateOption('bvoverridecw', true);
170
+ require_once dirname( __FILE__ ) . "/admin/registration.php";
171
+ }
172
  }
173
 
174
  public function initBranding($plugins) {
178
  return $plugins;
179
  }
180
 
181
+ if ($this->siteinfo->isCWServer()) {
182
  $brand = $this->cwBrandInfo();
183
  if (array_key_exists('name', $brand)) {
184
  $plugins[$slug]['Name'] = $brand['name'];
wp_site_info.php CHANGED
@@ -81,5 +81,9 @@ class MCWPSiteInfo {
81
  else
82
  return substr($sig, 0, 6);
83
  }
 
 
 
 
84
  }
85
  endif;
81
  else
82
  return substr($sig, 0, 6);
83
  }
84
+
85
+ public function isCWServer() {
86
+ return isset($_SERVER['cw_allowed_ip']);
87
+ }
88
  }
89
  endif;