Version Description
- Sending plugname in request to backend servers
- Firewall in prepend mode
- Robust Firewall and Login protection
- Robust write callbacks
- Without FTP cleanup and restore support
Download this release
Release Info
Developer | ritesh.soni36 |
Plugin | The WP Remote WordPress Plugin |
Version | 4.22 |
Comparing to | |
See all releases |
Code changes from version 3.4 to 4.22
- account.php +8 -2
- callback/handler.php +14 -17
- callback/request.php +2 -2
- callback/wings/account.php +3 -2
- callback/wings/db.php +11 -4
- callback/wings/fs.php +53 -0
- callback/wings/fs_write.php +437 -0
- callback/wings/fw.php +0 -62
- callback/wings/info.php +46 -42
- callback/wings/ipstore.php +3 -4
- callback/wings/lp.php +0 -74
- callback/wings/misc.php +4 -16
- callback/wings/protect.php +66 -23
- callback/wings/{monit.php → watch.php} +62 -9
- info.php +24 -7
- plugin.php +21 -17
- protect/base.php +29 -0
- protect/fw/config.php +117 -0
- protect/fw/fw.php +347 -0
- protect/{wp_fw → fw}/request.php +21 -43
- protect/prepend/ignitor.php +9 -0
- protect/prepend/info.php +17 -0
- protect/prepend/ipstore.php +49 -0
- protect/prepend/logger.php +20 -0
- protect/prepend/protect.php +76 -0
- protect/protect.php +0 -58
- protect/{ipstore.php → wp/ipstore.php} +17 -0
- protect/{logger.php → wp/logger.php} +0 -0
- protect/wp/lp/config.php +25 -0
- protect/{wp_lp → wp/lp}/lp.php +12 -13
- protect/wp/protect.php +75 -0
- protect/wp_fw/config.php +0 -251
- protect/wp_fw/fw.php +0 -597
- protect/wp_lp/config.php +0 -82
- readme.txt +9 -2
- recover.php +1 -1
- wp_actions.php +1 -2
- wp_admin.php +16 -3
- wp_api.php +12 -9
- wp_db.php +15 -1
- wp_dynsync.php +0 -1
- wp_site_info.php +13 -3
account.php
CHANGED
@@ -42,6 +42,10 @@ if (!class_exists('WPRAccount')) :
|
|
42 |
return $str;
|
43 |
}
|
44 |
|
|
|
|
|
|
|
|
|
45 |
public static function apiPublicAccount($settings) {
|
46 |
$pubkey = $settings->getOption(self::$api_public_key);
|
47 |
return self::find($settings, $pubkey);
|
@@ -98,6 +102,7 @@ if (!class_exists('WPRAccount')) :
|
|
98 |
}
|
99 |
|
100 |
public function newAuthParams($version) {
|
|
|
101 |
$args = array();
|
102 |
$time = time();
|
103 |
$sig = sha1($this->public.$this->secret.$time.$version);
|
@@ -106,6 +111,7 @@ if (!class_exists('WPRAccount')) :
|
|
106 |
$args['bvPublic'] = $this->public;
|
107 |
$args['bvVersion'] = $version;
|
108 |
$args['sha1'] = '1';
|
|
|
109 |
return $args;
|
110 |
}
|
111 |
|
@@ -118,7 +124,7 @@ if (!class_exists('WPRAccount')) :
|
|
118 |
self::update($settings, $accounts);
|
119 |
}
|
120 |
|
121 |
-
public function
|
122 |
return array(
|
123 |
"public" => substr($this->public, 0, 6),
|
124 |
"sigmatch" => substr($this->sig_match, 0, 6)
|
@@ -179,4 +185,4 @@ if (!class_exists('WPRAccount')) :
|
|
179 |
return array_key_exists($pubkey, $accounts);
|
180 |
}
|
181 |
}
|
182 |
-
endif;
|
42 |
return $str;
|
43 |
}
|
44 |
|
45 |
+
public static function sanitizeKey($key) {
|
46 |
+
return preg_replace('/[^a-zA-Z0-9_\-]/', '', $key);
|
47 |
+
}
|
48 |
+
|
49 |
public static function apiPublicAccount($settings) {
|
50 |
$pubkey = $settings->getOption(self::$api_public_key);
|
51 |
return self::find($settings, $pubkey);
|
102 |
}
|
103 |
|
104 |
public function newAuthParams($version) {
|
105 |
+
$bvinfo = new WPRInfo($this->settings);
|
106 |
$args = array();
|
107 |
$time = time();
|
108 |
$sig = sha1($this->public.$this->secret.$time.$version);
|
111 |
$args['bvPublic'] = $this->public;
|
112 |
$args['bvVersion'] = $version;
|
113 |
$args['sha1'] = '1';
|
114 |
+
$args['plugname'] = $bvinfo->plugname;
|
115 |
return $args;
|
116 |
}
|
117 |
|
124 |
self::update($settings, $accounts);
|
125 |
}
|
126 |
|
127 |
+
public function info() {
|
128 |
return array(
|
129 |
"public" => substr($this->public, 0, 6),
|
130 |
"sigmatch" => substr($this->sig_match, 0, 6)
|
185 |
return array_key_exists($pubkey, $accounts);
|
186 |
}
|
187 |
}
|
188 |
+
endif;
|
callback/handler.php
CHANGED
@@ -10,6 +10,7 @@ if (!class_exists('BVCallbackHandler')) :
|
|
10 |
public $request;
|
11 |
public $account;
|
12 |
public $response;
|
|
|
13 |
|
14 |
public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
|
15 |
$this->db = $db;
|
@@ -18,6 +19,7 @@ if (!class_exists('BVCallbackHandler')) :
|
|
18 |
$this->request = $request;
|
19 |
$this->account = $account;
|
20 |
$this->response = $response;
|
|
|
21 |
}
|
22 |
|
23 |
public function bvAdmExecuteWithoutUser() {
|
@@ -30,17 +32,16 @@ if (!class_exists('BVCallbackHandler')) :
|
|
30 |
|
31 |
public function execute($resp = array()) {
|
32 |
$this->routeRequest();
|
33 |
-
$bvinfo = new WPRInfo($this->settings);
|
34 |
$resp = array(
|
35 |
-
"request_info" => $this->request->
|
36 |
-
"site_info" => $this->siteinfo->
|
37 |
-
"account_info" => $this->account->
|
38 |
-
"bvinfo" => $bvinfo->
|
39 |
"api_pubkey" => substr(WPRAccount::getApiPublicKey($this->settings), 0, 8)
|
40 |
);
|
41 |
$this->response->terminate($resp);
|
42 |
}
|
43 |
-
|
44 |
public function routeRequest() {
|
45 |
switch ($this->request->wing) {
|
46 |
case 'manage':
|
@@ -67,17 +68,9 @@ if (!class_exists('BVCallbackHandler')) :
|
|
67 |
require_once dirname( __FILE__ ) . '/wings/ipstore.php';
|
68 |
$module = new BVIPStoreCallback($this);
|
69 |
break;
|
70 |
-
case '
|
71 |
-
require_once dirname( __FILE__ ) . '/wings/
|
72 |
-
$module = new
|
73 |
-
break;
|
74 |
-
case 'lp':
|
75 |
-
require_once dirname( __FILE__ ) . '/wings/lp.php';
|
76 |
-
$module = new BVLoginProtectCallback($this);
|
77 |
-
break;
|
78 |
-
case 'monit':
|
79 |
-
require_once dirname( __FILE__ ) . '/wings/monit.php';
|
80 |
-
$module = new BVMonitCallback($this);
|
81 |
break;
|
82 |
case 'brand':
|
83 |
require_once dirname( __FILE__ ) . '/wings/brand.php';
|
@@ -91,6 +84,10 @@ if (!class_exists('BVCallbackHandler')) :
|
|
91 |
require_once dirname( __FILE__ ) . '/wings/account.php';
|
92 |
$module = new BVAccountCallback($this);
|
93 |
break;
|
|
|
|
|
|
|
|
|
94 |
default:
|
95 |
require_once dirname( __FILE__ ) . '/wings/misc.php';
|
96 |
$module = new BVMiscCallback($this);
|
10 |
public $request;
|
11 |
public $account;
|
12 |
public $response;
|
13 |
+
public $bvinfo;
|
14 |
|
15 |
public function __construct($db, $settings, $siteinfo, $request, $account, $response) {
|
16 |
$this->db = $db;
|
19 |
$this->request = $request;
|
20 |
$this->account = $account;
|
21 |
$this->response = $response;
|
22 |
+
$this->bvinfo = new WPRInfo($this->settings);
|
23 |
}
|
24 |
|
25 |
public function bvAdmExecuteWithoutUser() {
|
32 |
|
33 |
public function execute($resp = array()) {
|
34 |
$this->routeRequest();
|
|
|
35 |
$resp = array(
|
36 |
+
"request_info" => $this->request->info(),
|
37 |
+
"site_info" => $this->siteinfo->info(),
|
38 |
+
"account_info" => $this->account->info(),
|
39 |
+
"bvinfo" => $this->bvinfo->info(),
|
40 |
"api_pubkey" => substr(WPRAccount::getApiPublicKey($this->settings), 0, 8)
|
41 |
);
|
42 |
$this->response->terminate($resp);
|
43 |
}
|
44 |
+
|
45 |
public function routeRequest() {
|
46 |
switch ($this->request->wing) {
|
47 |
case 'manage':
|
68 |
require_once dirname( __FILE__ ) . '/wings/ipstore.php';
|
69 |
$module = new BVIPStoreCallback($this);
|
70 |
break;
|
71 |
+
case 'wtch':
|
72 |
+
require_once dirname( __FILE__ ) . '/wings/watch.php';
|
73 |
+
$module = new BVWatchCallback($this);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
74 |
break;
|
75 |
case 'brand':
|
76 |
require_once dirname( __FILE__ ) . '/wings/brand.php';
|
84 |
require_once dirname( __FILE__ ) . '/wings/account.php';
|
85 |
$module = new BVAccountCallback($this);
|
86 |
break;
|
87 |
+
case 'fswrt':
|
88 |
+
require_once dirname( __FILE__ ) . '/wings/fs_write.php';
|
89 |
+
$module = new BVFSWriteCallback();
|
90 |
+
break;
|
91 |
default:
|
92 |
require_once dirname( __FILE__ ) . '/wings/misc.php';
|
93 |
$module = new BVMiscCallback($this);
|
callback/request.php
CHANGED
@@ -40,7 +40,7 @@ if (!class_exists('BVCallbackRequest')) :
|
|
40 |
return array_key_exists('apicall', $this->params);
|
41 |
}
|
42 |
|
43 |
-
public function
|
44 |
$info = array(
|
45 |
"requestedsig" => $this->sig,
|
46 |
"requestedtime" => $this->time,
|
@@ -89,7 +89,7 @@ if (!class_exists('BVCallbackRequest')) :
|
|
89 |
if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
|
90 |
array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
|
91 |
$digest_algo = 'SHA1';
|
92 |
-
$sent_mac = $in_params['bvprmsmac'];
|
93 |
|
94 |
if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
|
95 |
$digest_algo = $in_params['bvprmshshalgo'];
|
40 |
return array_key_exists('apicall', $this->params);
|
41 |
}
|
42 |
|
43 |
+
public function info() {
|
44 |
$info = array(
|
45 |
"requestedsig" => $this->sig,
|
46 |
"requestedtime" => $this->time,
|
89 |
if (array_key_exists('bvprms', $in_params) && isset($in_params['bvprms']) &&
|
90 |
array_key_exists('bvprmsmac', $in_params) && isset($in_params['bvprmsmac'])) {
|
91 |
$digest_algo = 'SHA1';
|
92 |
+
$sent_mac = WPRAccount::sanitizeKey($in_params['bvprmsmac']);
|
93 |
|
94 |
if (array_key_exists('bvprmshshalgo', $in_params) && isset($in_params['bvprmshshalgo'])) {
|
95 |
$digest_algo = $in_params['bvprmshshalgo'];
|
callback/wings/account.php
CHANGED
@@ -21,7 +21,7 @@ class BVAccountCallback extends BVCallbackBase {
|
|
21 |
$resp = array("status" => WPRAccount::exists($this->settings, $params['public']));
|
22 |
break;
|
23 |
case "rmacc":
|
24 |
-
$resp = array("status" =>
|
25 |
break;
|
26 |
case "updt":
|
27 |
$info = array();
|
@@ -32,7 +32,8 @@ class BVAccountCallback extends BVCallbackBase {
|
|
32 |
$resp = array("status" => WPRAccount::exists($this->settings, $params['pubkey']));
|
33 |
break;
|
34 |
case "updtapikey":
|
35 |
-
|
|
|
36 |
break;
|
37 |
case "rmdefsec":
|
38 |
$resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
|
21 |
$resp = array("status" => WPRAccount::exists($this->settings, $params['public']));
|
22 |
break;
|
23 |
case "rmacc":
|
24 |
+
$resp = array("status" => WPRAccount::remove($this->settings, $params['public']));
|
25 |
break;
|
26 |
case "updt":
|
27 |
$info = array();
|
32 |
$resp = array("status" => WPRAccount::exists($this->settings, $params['pubkey']));
|
33 |
break;
|
34 |
case "updtapikey":
|
35 |
+
WPRAccount::updateApiPublicKey($this->settings, $params['pubkey']);
|
36 |
+
$resp = array("status" => $this->settings->getOption(WPRAccount::$api_public_key));
|
37 |
break;
|
38 |
case "rmdefsec":
|
39 |
$resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
|
callback/wings/db.php
CHANGED
@@ -9,9 +9,13 @@ class BVDBCallback extends BVCallbackBase {
|
|
9 |
public $stream;
|
10 |
public $account;
|
11 |
|
|
|
|
|
12 |
public function __construct($callback_handler) {
|
13 |
$this->db = $callback_handler->db;
|
14 |
$this->account = $callback_handler->account;
|
|
|
|
|
15 |
}
|
16 |
|
17 |
public function getLastID($pkeys, $end_row) {
|
@@ -64,6 +68,9 @@ class BVDBCallback extends BVCallbackBase {
|
|
64 |
$db = $this->db;
|
65 |
$params = $request->params;
|
66 |
$stream_init_info = BVStream::startStream($this->account, $request);
|
|
|
|
|
|
|
67 |
if (array_key_exists('stream', $stream_init_info)) {
|
68 |
$this->stream = $stream_init_info['stream'];
|
69 |
switch ($request->method) {
|
@@ -140,17 +147,17 @@ class BVDBCallback extends BVCallbackBase {
|
|
140 |
$resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
|
141 |
break;
|
142 |
case "tblexists":
|
143 |
-
$resp = array("tblexists" => $db->isTablePresent($params['
|
144 |
break;
|
145 |
case "crttbl":
|
146 |
$usedbdelta = array_key_exists('usedbdelta', $params);
|
147 |
-
$resp = array("crttbl" => $db->createTable($params['query'], $params['
|
148 |
break;
|
149 |
case "drptbl":
|
150 |
-
$resp = array("drptbl" => $db->dropBVTable($params['
|
151 |
break;
|
152 |
case "trttbl":
|
153 |
-
$resp = array("trttbl" => $db->truncateBVTable($params['
|
154 |
break;
|
155 |
case "altrtbl":
|
156 |
$resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
|
9 |
public $stream;
|
10 |
public $account;
|
11 |
|
12 |
+
public static $bvTables = array("fw_requests", "lp_requests", "ip_store");
|
13 |
+
|
14 |
public function __construct($callback_handler) {
|
15 |
$this->db = $callback_handler->db;
|
16 |
$this->account = $callback_handler->account;
|
17 |
+
$this->siteinfo = $callback_handler->siteinfo;
|
18 |
+
$this->bvinfo = $callback_handler->bvinfo;
|
19 |
}
|
20 |
|
21 |
public function getLastID($pkeys, $end_row) {
|
68 |
$db = $this->db;
|
69 |
$params = $request->params;
|
70 |
$stream_init_info = BVStream::startStream($this->account, $request);
|
71 |
+
|
72 |
+
|
73 |
+
|
74 |
if (array_key_exists('stream', $stream_init_info)) {
|
75 |
$this->stream = $stream_init_info['stream'];
|
76 |
switch ($request->method) {
|
147 |
$resp = $this->getTableData($table, $tname, $rcount, $offset, $limit, $bsize, $filter, $pkeys, true);
|
148 |
break;
|
149 |
case "tblexists":
|
150 |
+
$resp = array("tblexists" => $db->isTablePresent($params['table']));
|
151 |
break;
|
152 |
case "crttbl":
|
153 |
$usedbdelta = array_key_exists('usedbdelta', $params);
|
154 |
+
$resp = array("crttbl" => $db->createTable($params['query'], $params['table'], $usedbdelta));
|
155 |
break;
|
156 |
case "drptbl":
|
157 |
+
$resp = array("drptbl" => $db->dropBVTable($params['table']));
|
158 |
break;
|
159 |
case "trttbl":
|
160 |
+
$resp = array("trttbl" => $db->truncateBVTable($params['table']));
|
161 |
break;
|
162 |
case "altrtbl":
|
163 |
$resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
|
callback/wings/fs.php
CHANGED
@@ -8,6 +8,8 @@ class BVFSCallback extends BVCallbackBase {
|
|
8 |
public $stream;
|
9 |
public $account;
|
10 |
|
|
|
|
|
11 |
public function __construct($callback_handler) {
|
12 |
$this->account = $callback_handler->account;
|
13 |
}
|
@@ -149,6 +151,34 @@ class BVFSCallback extends BVCallbackBase {
|
|
149 |
return $md5;
|
150 |
}
|
151 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
152 |
function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
|
153 |
$result = array();
|
154 |
foreach ($files as $file) {
|
@@ -207,6 +237,9 @@ class BVFSCallback extends BVCallbackBase {
|
|
207 |
function process($request) {
|
208 |
$params = $request->params;
|
209 |
$stream_init_info = BVStream::startStream($this->account, $request);
|
|
|
|
|
|
|
210 |
if (array_key_exists('stream', $stream_init_info)) {
|
211 |
$this->stream = $stream_init_info['stream'];
|
212 |
switch ($request->method) {
|
@@ -264,6 +297,26 @@ class BVFSCallback extends BVCallbackBase {
|
|
264 |
$directoryList = glob($initdir.$regex, $glob_option);
|
265 |
$resp = $this->getFilesStats($directoryList);
|
266 |
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
267 |
default:
|
268 |
$resp = false;
|
269 |
}
|
8 |
public $stream;
|
9 |
public $account;
|
10 |
|
11 |
+
public static $cwAllowedFiles = array(".htaccess", ".user.ini", "malcare-waf.php");
|
12 |
+
|
13 |
public function __construct($callback_handler) {
|
14 |
$this->account = $callback_handler->account;
|
15 |
}
|
151 |
return $md5;
|
152 |
}
|
153 |
|
154 |
+
function getFilesContent($files, $withContent = true) {
|
155 |
+
$result = array();
|
156 |
+
foreach ($files as $file) {
|
157 |
+
$fdata = $this->fileStat($file);
|
158 |
+
$absfile = ABSPATH.$file;
|
159 |
+
|
160 |
+
if (is_dir($absfile) && !is_link($absfile)) {
|
161 |
+
$fdata['is_dir'] = true;
|
162 |
+
} else {
|
163 |
+
if (!is_readable($file)) {
|
164 |
+
$fdata['error'] = 'file not readable';
|
165 |
+
} else {
|
166 |
+
if ($withContent === true) {
|
167 |
+
if ($content = file_get_contents($absfile)) {
|
168 |
+
$fdata['content'] = $content;
|
169 |
+
} else {
|
170 |
+
$fdata['error'] = 'unable to read file';
|
171 |
+
}
|
172 |
+
}
|
173 |
+
}
|
174 |
+
}
|
175 |
+
|
176 |
+
$result[$file] = $fdata;
|
177 |
+
}
|
178 |
+
|
179 |
+
return $result;
|
180 |
+
}
|
181 |
+
|
182 |
function getFilesStats($files, $offset = 0, $limit = 0, $bsize = 102400, $md5 = false) {
|
183 |
$result = array();
|
184 |
foreach ($files as $file) {
|
237 |
function process($request) {
|
238 |
$params = $request->params;
|
239 |
$stream_init_info = BVStream::startStream($this->account, $request);
|
240 |
+
|
241 |
+
|
242 |
+
|
243 |
if (array_key_exists('stream', $stream_init_info)) {
|
244 |
$this->stream = $stream_init_info['stream'];
|
245 |
switch ($request->method) {
|
297 |
$directoryList = glob($initdir.$regex, $glob_option);
|
298 |
$resp = $this->getFilesStats($directoryList);
|
299 |
break;
|
300 |
+
case "dirsexists":
|
301 |
+
$resp = array();
|
302 |
+
$dirs = $params['dirs'];
|
303 |
+
|
304 |
+
foreach ($dirs as $dir) {
|
305 |
+
$path = ABSPATH.$dir;
|
306 |
+
if (file_exists($path) && is_dir($path) && !is_link($path)) {
|
307 |
+
$resp[$dir] = true;
|
308 |
+
} else {
|
309 |
+
$resp[$dir] = false;
|
310 |
+
}
|
311 |
+
}
|
312 |
+
|
313 |
+
$resp["status"] = "Done";
|
314 |
+
break;
|
315 |
+
case "gtfilescntent":
|
316 |
+
$files = $params['files'];
|
317 |
+
$withContent = array_key_exists('withcontent', $params) ? $params['withcontent'] : true;
|
318 |
+
$resp = array("files_content" => $this->getFilesContent($files, $withContent));
|
319 |
+
break;
|
320 |
default:
|
321 |
$resp = false;
|
322 |
}
|
callback/wings/fs_write.php
ADDED
@@ -0,0 +1,437 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if (!defined('ABSPATH')) exit;
|
4 |
+
if (!class_exists('BVFSWriteCallback')) :
|
5 |
+
|
6 |
+
class BVFSWriteCallback extends BVCallbackBase {
|
7 |
+
|
8 |
+
const MEGABYTE = 1024 * 1024;
|
9 |
+
|
10 |
+
public function __construct() {
|
11 |
+
}
|
12 |
+
|
13 |
+
public function removeFiles($files) {
|
14 |
+
$result = array();
|
15 |
+
|
16 |
+
foreach($files as $file) {
|
17 |
+
$file_result = array();
|
18 |
+
|
19 |
+
if (file_exists($file)) {
|
20 |
+
|
21 |
+
$file_result['status'] = unlink($file);
|
22 |
+
if ($file_result['status'] === false) {
|
23 |
+
$file_result['error'] = "UNLINK_FAILED";
|
24 |
+
}
|
25 |
+
|
26 |
+
} else {
|
27 |
+
$file_result['status'] = true;
|
28 |
+
$file_result['error'] = "NOT_PRESENT";
|
29 |
+
}
|
30 |
+
|
31 |
+
$result[$file] = $file_result;
|
32 |
+
}
|
33 |
+
|
34 |
+
$result['status'] = true;
|
35 |
+
return $result;
|
36 |
+
}
|
37 |
+
|
38 |
+
public function makeDirs($dirs) {
|
39 |
+
$result = array();
|
40 |
+
|
41 |
+
foreach($dirs as $dir) {
|
42 |
+
$dir_result = array();
|
43 |
+
|
44 |
+
if (file_exists($dir)) {
|
45 |
+
|
46 |
+
if (is_dir($dir)) {
|
47 |
+
$dir_result['status'] = true;
|
48 |
+
$dir_result['message'] = "DIR_ALREADY_PRESENT";
|
49 |
+
} else {
|
50 |
+
$dir_result['status'] = false;
|
51 |
+
$dir_result['error'] = "FILE_PRESENT_IN_PLACE_OF_DIR";
|
52 |
+
}
|
53 |
+
|
54 |
+
} else {
|
55 |
+
|
56 |
+
$dir_result['status'] = mkdir($dir);
|
57 |
+
if ($dir_result['status'] === false) {
|
58 |
+
$dir_result['error'] = "MKDIR_FAILED";
|
59 |
+
}
|
60 |
+
|
61 |
+
}
|
62 |
+
|
63 |
+
$result[$dir] = $dir_result;
|
64 |
+
}
|
65 |
+
|
66 |
+
$result['status'] = true;
|
67 |
+
return $result;
|
68 |
+
}
|
69 |
+
|
70 |
+
public function removeDirs($dirs) {
|
71 |
+
$result = array();
|
72 |
+
|
73 |
+
foreach($dirs as $dir) {
|
74 |
+
$dir_result = array();
|
75 |
+
|
76 |
+
if (is_dir($dir) && !is_link($dir)) {
|
77 |
+
|
78 |
+
if ($this->isEmptyDir($dir)) {
|
79 |
+
|
80 |
+
$dir_result['status'] = rmdir($dir);
|
81 |
+
if ($dir_result['status'] === false) {
|
82 |
+
$dir_result['error'] = "RMDIR_FAILED";
|
83 |
+
}
|
84 |
+
|
85 |
+
} else {
|
86 |
+
$dir_result['status'] = false;
|
87 |
+
$dir_result['error'] = "NOT_EMPTY";
|
88 |
+
}
|
89 |
+
|
90 |
+
} else {
|
91 |
+
$dir_result['status'] = false;
|
92 |
+
$dir_result['error'] = "NOT_DIR";
|
93 |
+
}
|
94 |
+
|
95 |
+
$result[$dir] = $dir_result;
|
96 |
+
}
|
97 |
+
|
98 |
+
$result['status'] = true;
|
99 |
+
return $result;
|
100 |
+
}
|
101 |
+
|
102 |
+
public function isEmptyDir($dir) {
|
103 |
+
$handle = opendir($dir);
|
104 |
+
|
105 |
+
while (false !== ($entry = readdir($handle))) {
|
106 |
+
if ($entry != "." && $entry != "..") {
|
107 |
+
closedir($handle);
|
108 |
+
return false;
|
109 |
+
}
|
110 |
+
}
|
111 |
+
closedir($handle);
|
112 |
+
|
113 |
+
return true;
|
114 |
+
}
|
115 |
+
|
116 |
+
public function doChmod($path_infos) {
|
117 |
+
$result = array();
|
118 |
+
|
119 |
+
foreach($path_infos as $path => $mode) {
|
120 |
+
$path_result = array();
|
121 |
+
|
122 |
+
if (file_exists($path)) {
|
123 |
+
|
124 |
+
$path_result['status'] = chmod($path, $mode);
|
125 |
+
if ($path_result['status'] === false) {
|
126 |
+
$path_result['error'] = "CHMOD_FAILED";
|
127 |
+
}
|
128 |
+
|
129 |
+
} else {
|
130 |
+
$path_result['status'] = false;
|
131 |
+
$path_result['error'] = "NOT_FOUND";
|
132 |
+
}
|
133 |
+
|
134 |
+
$result[$path] = $path_result;
|
135 |
+
}
|
136 |
+
|
137 |
+
$result['status'] = true;
|
138 |
+
return $result;
|
139 |
+
}
|
140 |
+
|
141 |
+
public function concatFiles($ifiles, $ofile, $bsize, $offset) {
|
142 |
+
if (($offset !== 0) && (!file_exists($ofile))) {
|
143 |
+
return array(
|
144 |
+
'status' => false,
|
145 |
+
'error' => 'OFILE_NOT_FOUND_BEFORE_CONCAT'
|
146 |
+
);
|
147 |
+
}
|
148 |
+
|
149 |
+
if (file_exists($ofile) && ($offset !== 0)) {
|
150 |
+
$handle = fopen($ofile, 'rb+');
|
151 |
+
} else {
|
152 |
+
$handle = fopen($ofile, 'wb+');
|
153 |
+
}
|
154 |
+
|
155 |
+
if ($handle === false) {
|
156 |
+
return array(
|
157 |
+
'status' => false,
|
158 |
+
'error' => 'FOPEN_FAILED'
|
159 |
+
);
|
160 |
+
}
|
161 |
+
|
162 |
+
if ($offset !== 0) {
|
163 |
+
if (fseek($handle, $offset, SEEK_SET) === -1) {
|
164 |
+
return array(
|
165 |
+
'status' => false,
|
166 |
+
'error' => 'FSEEK_FAILED'
|
167 |
+
);
|
168 |
+
}
|
169 |
+
}
|
170 |
+
|
171 |
+
$total_written = 0;
|
172 |
+
foreach($ifiles as $file) {
|
173 |
+
$fp = fopen($file, 'rb');
|
174 |
+
if ($fp === false) {
|
175 |
+
return array(
|
176 |
+
'status' => false,
|
177 |
+
'error' => "UNABLE_TO_OPEN_TMP_OFILE_FOR_READING"
|
178 |
+
);
|
179 |
+
}
|
180 |
+
|
181 |
+
while (!feof($fp)) {
|
182 |
+
$content = fread($fp, $bsize);
|
183 |
+
if ($content === false) {
|
184 |
+
return array(
|
185 |
+
'status' => false,
|
186 |
+
'error' => "UNABLE_TO_READ_INFILE",
|
187 |
+
'filename' => $file
|
188 |
+
);
|
189 |
+
}
|
190 |
+
|
191 |
+
$written = fwrite($handle, $content);
|
192 |
+
if ($written === false) {
|
193 |
+
return array(
|
194 |
+
'status' => false,
|
195 |
+
'error' => "UNABLE_TO_WRITE_TO_OFILE",
|
196 |
+
'filename' => $file
|
197 |
+
);
|
198 |
+
}
|
199 |
+
$total_written += $written;
|
200 |
+
}
|
201 |
+
|
202 |
+
fclose($fp);
|
203 |
+
}
|
204 |
+
|
205 |
+
$result = array();
|
206 |
+
$result['fclose'] = fclose($handle);
|
207 |
+
|
208 |
+
if (file_exists($ofile) && ($total_written != 0)) {
|
209 |
+
$result['status'] = true;
|
210 |
+
$result['fsize'] = filesize($ofile);
|
211 |
+
$result['total_written'] = $total_written;
|
212 |
+
} else {
|
213 |
+
$result['status'] = false;
|
214 |
+
$result['error'] = 'CONCATINATED_FILE_FAILED';
|
215 |
+
}
|
216 |
+
|
217 |
+
return $result;
|
218 |
+
}
|
219 |
+
|
220 |
+
public function renameFiles($path_infos) {
|
221 |
+
$result = array();
|
222 |
+
|
223 |
+
foreach($path_infos as $oldpath => $newpath) {
|
224 |
+
$action_result = array();
|
225 |
+
$failed = array();
|
226 |
+
|
227 |
+
if (file_exists($oldpath)) {
|
228 |
+
|
229 |
+
$action_result['status'] = rename($oldpath, $newpath);
|
230 |
+
if ($action_result['status'] === false) {
|
231 |
+
$action_result['error'] = "RENAME_FAILED";
|
232 |
+
}
|
233 |
+
|
234 |
+
} else {
|
235 |
+
$action_result['status'] = false;
|
236 |
+
$action_result['error'] = "NOT_FOUND";
|
237 |
+
}
|
238 |
+
|
239 |
+
$result[$oldpath] = $action_result;
|
240 |
+
}
|
241 |
+
|
242 |
+
$result['status'] = true;
|
243 |
+
return $result;
|
244 |
+
}
|
245 |
+
|
246 |
+
public function curlFile($ifile_url, $ofile, $timeout) {
|
247 |
+
$fp = fopen($ofile, "wb+");
|
248 |
+
if ($fp === false) {
|
249 |
+
return array(
|
250 |
+
'error' => 'FOPEN_FAILED_FOR_TEMP_OFILE'
|
251 |
+
);
|
252 |
+
}
|
253 |
+
|
254 |
+
$result = array();
|
255 |
+
$ch = curl_init($ifile_url);
|
256 |
+
curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
|
257 |
+
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
|
258 |
+
curl_setopt($ch, CURLOPT_HEADER, 0);
|
259 |
+
curl_setopt($ch, CURLOPT_FILE, $fp);
|
260 |
+
|
261 |
+
if (!curl_exec($ch)) {
|
262 |
+
$result['error'] = curl_error($ch);
|
263 |
+
$result['errorno'] = curl_errno($ch);
|
264 |
+
}
|
265 |
+
|
266 |
+
curl_close($ch);
|
267 |
+
fclose($fp);
|
268 |
+
|
269 |
+
return $result;
|
270 |
+
}
|
271 |
+
|
272 |
+
public function streamCopyFile($ifile_url, $ofile) {
|
273 |
+
$result = array();
|
274 |
+
$handle = fopen($ifile_url, "rb");
|
275 |
+
|
276 |
+
if ($handle === false) {
|
277 |
+
return array(
|
278 |
+
'error' => "UNABLE_TO_OPEN_REMOTE_FILE_STREAM"
|
279 |
+
);
|
280 |
+
}
|
281 |
+
|
282 |
+
$fp = fopen($ofile, "wb+");
|
283 |
+
if ($fp === false) {
|
284 |
+
fclose($handle);
|
285 |
+
|
286 |
+
return array(
|
287 |
+
'error' => 'FOPEN_FAILED_FOR_OFILE'
|
288 |
+
);
|
289 |
+
}
|
290 |
+
|
291 |
+
if (stream_copy_to_stream($handle, $fp) === false) {
|
292 |
+
$result['error'] = "UNABLE_TO_WRITE_TO_TMP_OFILE";
|
293 |
+
}
|
294 |
+
|
295 |
+
fclose($handle);
|
296 |
+
fclose($fp);
|
297 |
+
|
298 |
+
return $result;
|
299 |
+
}
|
300 |
+
|
301 |
+
public function writeContentToFile($content, $ofile) {
|
302 |
+
$result = array();
|
303 |
+
|
304 |
+
$fp = fopen($ofile, "wb+");
|
305 |
+
if ($fp === false) {
|
306 |
+
return array(
|
307 |
+
'error' => 'FOPEN_FAILED_FOR_TEMP_OFILE'
|
308 |
+
);
|
309 |
+
}
|
310 |
+
|
311 |
+
if (fwrite($fp, $content) === false) {
|
312 |
+
$resp['error'] = "UNABLE_TO_WRITE_TO_TMP_OFILE";
|
313 |
+
}
|
314 |
+
fclose($fp);
|
315 |
+
|
316 |
+
return $result;
|
317 |
+
}
|
318 |
+
|
319 |
+
public function moveUploadedFile($ofile) {
|
320 |
+
$result = array();
|
321 |
+
|
322 |
+
if (isset($_FILES['myfile'])) {
|
323 |
+
$myfile = $_FILES['myfile'];
|
324 |
+
$is_upload_ok = false;
|
325 |
+
|
326 |
+
switch ($myfile['error']) {
|
327 |
+
case UPLOAD_ERR_OK:
|
328 |
+
$is_upload_ok = true;
|
329 |
+
break;
|
330 |
+
case UPLOAD_ERR_NO_FILE:
|
331 |
+
$result['error'] = "UPLOADERR_NO_FILE";
|
332 |
+
break;
|
333 |
+
case UPLOAD_ERR_INI_SIZE:
|
334 |
+
case UPLOAD_ERR_FORM_SIZE:
|
335 |
+
$result['error'] = "UPLOADERR_FORM_SIZE";
|
336 |
+
break;
|
337 |
+
default:
|
338 |
+
$result['error'] = "UPLOAD_ERR_UNKNOWN";
|
339 |
+
}
|
340 |
+
|
341 |
+
if ($is_upload_ok && !isset($myfile['tmp_name'])) {
|
342 |
+
$result['error'] = "MYFILE_TMP_NAME_NOT_FOUND";
|
343 |
+
$is_upload_ok = false;
|
344 |
+
}
|
345 |
+
|
346 |
+
if ($is_upload_ok) {
|
347 |
+
if (move_uploaded_file($myfile['tmp_name'], $ofile) === false) {
|
348 |
+
$result['error'] = 'MOVE_UPLOAD_FILE_FAILED';
|
349 |
+
}
|
350 |
+
}
|
351 |
+
|
352 |
+
} else {
|
353 |
+
$result['error'] = "FILE_NOT_PRESENT_IN_FILES";
|
354 |
+
}
|
355 |
+
|
356 |
+
return $result;
|
357 |
+
}
|
358 |
+
|
359 |
+
|
360 |
+
public function uploadFile($params) {
|
361 |
+
$resp = array();
|
362 |
+
$ofile = $params['ofile'];
|
363 |
+
|
364 |
+
switch($params['protocol']) {
|
365 |
+
case "curl":
|
366 |
+
$timeout = isset($params['timeout']) ? $params['timeout'] : 60;
|
367 |
+
$ifile_url = isset($params['ifileurl']) ? $params['ifileurl'] : null;
|
368 |
+
|
369 |
+
$resp = $this->curlFile($ifile_url, $ofile, $timeout);
|
370 |
+
break;
|
371 |
+
case "streamcopy":
|
372 |
+
$ifile_url = isset($params['ifileurl']) ? $params['ifileurl'] : null;
|
373 |
+
|
374 |
+
$resp = $this->streamCopyFile($ifile_url, $ofile);
|
375 |
+
break;
|
376 |
+
case "httpcontenttransfer":
|
377 |
+
$resp = $this->writeContentToFile($params['content'], $ofile);
|
378 |
+
break;
|
379 |
+
case "httpfiletransfer":
|
380 |
+
$resp = $this->moveUploadedFile($ofile);
|
381 |
+
break;
|
382 |
+
default:
|
383 |
+
$resp['error'] = "INVALID_PROTOCOL";
|
384 |
+
}
|
385 |
+
|
386 |
+
if (isset($resp['error'])) {
|
387 |
+
$resp['status'] = false;
|
388 |
+
} else {
|
389 |
+
|
390 |
+
if (file_exists($ofile)) {
|
391 |
+
$resp['status'] = true;
|
392 |
+
$resp['fsize'] = filesize($ofile);
|
393 |
+
} else {
|
394 |
+
$resp['status'] = false;
|
395 |
+
$resp['error'] = "OFILE_NOT_FOUND";
|
396 |
+
}
|
397 |
+
|
398 |
+
}
|
399 |
+
|
400 |
+
return $resp;
|
401 |
+
}
|
402 |
+
|
403 |
+
public function process($request) {
|
404 |
+
$params = $request->params;
|
405 |
+
|
406 |
+
switch ($request->method) {
|
407 |
+
case "rmfle":
|
408 |
+
$resp = $this->removeFiles($params['files']);
|
409 |
+
break;
|
410 |
+
case "chmd":
|
411 |
+
$resp = $this->doChmod($params['pathinfos']);
|
412 |
+
break;
|
413 |
+
case "mkdr":
|
414 |
+
$resp = $this->makeDirs($params['dirs']);
|
415 |
+
break;
|
416 |
+
case "rmdr":
|
417 |
+
$resp = $this->removeDirs($params['dirs']);
|
418 |
+
break;
|
419 |
+
case "renmefle":
|
420 |
+
$resp = $this->renameFiles($params['pathinfos']);
|
421 |
+
break;
|
422 |
+
case "wrtfle":
|
423 |
+
$resp = $this->uploadFile($params);
|
424 |
+
break;
|
425 |
+
case "cncatfls":
|
426 |
+
$bsize = (isset($params['bsize'])) ? $params['bsize'] : (8 * BVFSWriteCallback::MEGABYTE);
|
427 |
+
$offset = (isset($params['offset'])) ? $params['offset'] : 0;
|
428 |
+
$resp = $this->concatFiles($params['infiles'], $params['ofile'], $bsize, $offset);
|
429 |
+
break;
|
430 |
+
default:
|
431 |
+
$resp = false;
|
432 |
+
}
|
433 |
+
|
434 |
+
return $resp;
|
435 |
+
}
|
436 |
+
}
|
437 |
+
endif;
|
callback/wings/fw.php
DELETED
@@ -1,62 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('BVFirewallCallback')) :
|
5 |
-
|
6 |
-
require_once dirname( __FILE__ ) . '/../../protect/wp_fw/config.php';
|
7 |
-
|
8 |
-
class BVFirewallCallback {
|
9 |
-
public $db;
|
10 |
-
public $settings;
|
11 |
-
|
12 |
-
public function __construct($callback_handler) {
|
13 |
-
$this->db = $callback_handler->db;
|
14 |
-
$this->settings = $callback_handler->settings;
|
15 |
-
}
|
16 |
-
|
17 |
-
public function process($request) {
|
18 |
-
$params = $request->params;
|
19 |
-
$config = new BVWPFWConfig($this->db, $this->settings);
|
20 |
-
switch ($request->method) {
|
21 |
-
case "clrconfig":
|
22 |
-
$resp = array("clearconfig" => $config->clear());
|
23 |
-
break;
|
24 |
-
case "setmode":
|
25 |
-
$config->setMode($params['mode']);
|
26 |
-
$resp = array("setmode" => $config->getMode());
|
27 |
-
break;
|
28 |
-
case "dsblrules":
|
29 |
-
$config->setDisabledRules($params['disabled_rules']);
|
30 |
-
$resp = array("disabled_rules" => $config->getDisabledRules());
|
31 |
-
break;
|
32 |
-
case "adtrls":
|
33 |
-
$config->setAuditRules($params['audit_rules']);
|
34 |
-
$resp = array("audit_rules" => $config->getAuditRules());
|
35 |
-
break;
|
36 |
-
case "setrulesmode":
|
37 |
-
$config->setRulesMode($params['rules_mode']);
|
38 |
-
$resp = array("rules_mode" => $config->getRulesMode());
|
39 |
-
break;
|
40 |
-
case "setreqprofilingmode":
|
41 |
-
$config->setReqProfilingMode($params['req_profiling_mode']);
|
42 |
-
$resp = array("req_profiling_mode" => $config->getReqProfilingMode());
|
43 |
-
break;
|
44 |
-
case "stbypslevl":
|
45 |
-
$config->setBypassLevel($params['bypslevl']);
|
46 |
-
$resp = array("bypslevl" => $config->getBypassLevel());
|
47 |
-
break;
|
48 |
-
case "stcstmrls":
|
49 |
-
$config->setCustomRoles($params['cstmrls']);
|
50 |
-
$resp = array("cstmrls" => $config->getCustomRoles());
|
51 |
-
break;
|
52 |
-
case "stcookiemode":
|
53 |
-
$config->setCookieMode($params['mode']);
|
54 |
-
$resp = array("mode" => $config->getCookieMode());
|
55 |
-
break;
|
56 |
-
default:
|
57 |
-
$resp = false;
|
58 |
-
}
|
59 |
-
return $resp;
|
60 |
-
}
|
61 |
-
}
|
62 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
callback/wings/info.php
CHANGED
@@ -96,11 +96,13 @@ class BVInfoCallback extends BVCallbackBase {
|
|
96 |
|
97 |
public function getSystemInfo() {
|
98 |
$sys_info = array(
|
99 |
-
'serverip' => $_SERVER['SERVER_ADDR'],
|
100 |
'host' => $_SERVER['HTTP_HOST'],
|
101 |
'phpversion' => phpversion(),
|
102 |
'AF_INET6' => defined('AF_INET6')
|
103 |
);
|
|
|
|
|
|
|
104 |
if (function_exists('get_current_user')) {
|
105 |
$sys_info['user'] = get_current_user();
|
106 |
}
|
@@ -134,6 +136,7 @@ class BVInfoCallback extends BVCallbackBase {
|
|
134 |
'wpversion' => $wp_version,
|
135 |
'dbversion' => $wp_db_version,
|
136 |
'abspath' => ABSPATH,
|
|
|
137 |
'uploadpath' => $upload_dir['basedir'],
|
138 |
'uploaddir' => wp_upload_dir(),
|
139 |
'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null,
|
@@ -203,51 +206,11 @@ class BVInfoCallback extends BVCallbackBase {
|
|
203 |
$data['dynsync'] = $settings->getOption('bvDynSyncActive');
|
204 |
$data['woodyn'] = $settings->getOption('bvWooDynSync');
|
205 |
$data['dynplug'] = $settings->getOption('bvdynplug');
|
206 |
-
$data['
|
207 |
-
$data['fw'] = $this->getFWConfig();
|
208 |
-
$data['lp'] = $this->getLPConfig();
|
209 |
$data['brand'] = $settings->getOption($this->bvinfo->brand_option);
|
210 |
$data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
|
211 |
}
|
212 |
|
213 |
-
public function getLPConfig() {
|
214 |
-
$config = array();
|
215 |
-
$settings = $this->settings;
|
216 |
-
$mode = $settings->getOption('bvlpmode');
|
217 |
-
$cplimit = $settings->getOption('bvlpcaptchalimit');
|
218 |
-
$tplimit = $settings->getOption('bvlptempblocklimit');
|
219 |
-
$bllimit = $settings->getOption('bvlpblockAllLimit');
|
220 |
-
$config['mode'] = intval($mode ? $mode : 1);
|
221 |
-
$config['captcha_limit'] = intval($cplimit ? $cplimit : 3);
|
222 |
-
$config['temp_block_limit'] = intval($tplimit? $tplimit : 6);
|
223 |
-
$config['block_all_limit'] = intval($bllimit ? $bllimit : 100);
|
224 |
-
return $config;
|
225 |
-
}
|
226 |
-
|
227 |
-
public function getFWConfig() {
|
228 |
-
$config = array();
|
229 |
-
$settings = $this->settings;
|
230 |
-
$mode = $settings->getOption('bvfwmode');
|
231 |
-
$drules = $settings->getOption('bvfwdisabledrules');
|
232 |
-
$arules = $settings->getOption('bvfwauditrules');
|
233 |
-
$rmode = $settings->getOption('bvfwrulesmode');
|
234 |
-
$reqprofilingmode = $settings->getOption('bvfwreqprofilingmode');
|
235 |
-
$bypass_level = $settings->getOption('bvfwbypasslevel');
|
236 |
-
$custom_roles = $settings->getOption('bvfwcustomroles');
|
237 |
-
$cookiemode = $settings->getOption('bvfwcookiemode');
|
238 |
-
$cookiekey = (string) $settings->getOption('bvfwcookiekey');
|
239 |
-
$config['mode'] = intval($mode ? $mode : 1);
|
240 |
-
$config['disabled_rules'] = $drules ? $drules : array();
|
241 |
-
$config['audit_rules'] = $arules ? $arules : array();
|
242 |
-
$config['rules_mode'] = intval($rmode ? $rmode : 1);
|
243 |
-
$config['req_profiling_mode'] = intval($reqprofilingmode ? $reqprofilingmode : 1);
|
244 |
-
$config['bypslevl'] = intval($bypass_level ? $bypass_level : 2);
|
245 |
-
$config['cstmrls'] = $custom_roles ? $custom_roles : array();
|
246 |
-
$config['cookiemode'] = intval($cookiemode ? $cookiemode : 2);
|
247 |
-
$config['cookiekey'] = $cookiekey;
|
248 |
-
return $config;
|
249 |
-
}
|
250 |
-
|
251 |
public function dbconf(&$info) {
|
252 |
$db = $this->db;
|
253 |
if (defined('DB_CHARSET'))
|
@@ -256,6 +219,15 @@ class BVInfoCallback extends BVCallbackBase {
|
|
256 |
$info['charset_collate'] = $db->getCharsetCollate();
|
257 |
return $info;
|
258 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
259 |
|
260 |
public function activate() {
|
261 |
$resp = array();
|
@@ -266,6 +238,15 @@ class BVInfoCallback extends BVCallbackBase {
|
|
266 |
return array('actinfo' => $resp);
|
267 |
}
|
268 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
269 |
public function process($request) {
|
270 |
$db = $this->db;
|
271 |
$params = $request->params;
|
@@ -273,6 +254,9 @@ class BVInfoCallback extends BVCallbackBase {
|
|
273 |
case "activateinfo":
|
274 |
$resp = $this->activate();
|
275 |
break;
|
|
|
|
|
|
|
276 |
case "gtpsts":
|
277 |
$count = 5;
|
278 |
if (array_key_exists('count', $params))
|
@@ -294,6 +278,13 @@ class BVInfoCallback extends BVCallbackBase {
|
|
294 |
case "gtwp":
|
295 |
$resp = $this->getWpInfo();
|
296 |
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
297 |
case "getoption":
|
298 |
$resp = array("option" => $this->settings->getOption($params['name']));
|
299 |
break;
|
@@ -309,6 +300,19 @@ class BVInfoCallback extends BVCallbackBase {
|
|
309 |
$transient = $this->objectToArray($transient);
|
310 |
$resp = array("transient" => $transient);
|
311 |
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
312 |
default:
|
313 |
$resp = false;
|
314 |
}
|
96 |
|
97 |
public function getSystemInfo() {
|
98 |
$sys_info = array(
|
|
|
99 |
'host' => $_SERVER['HTTP_HOST'],
|
100 |
'phpversion' => phpversion(),
|
101 |
'AF_INET6' => defined('AF_INET6')
|
102 |
);
|
103 |
+
if (array_key_exists('SERVER_ADDR', $_SERVER)) {
|
104 |
+
$sys_info['serverip'] = $_SERVER['SERVER_ADDR'];
|
105 |
+
}
|
106 |
if (function_exists('get_current_user')) {
|
107 |
$sys_info['user'] = get_current_user();
|
108 |
}
|
136 |
'wpversion' => $wp_version,
|
137 |
'dbversion' => $wp_db_version,
|
138 |
'abspath' => ABSPATH,
|
139 |
+
'bvpluginpath' => defined('WPRBASEPATH') ? WPRBASEPATH : null,
|
140 |
'uploadpath' => $upload_dir['basedir'],
|
141 |
'uploaddir' => wp_upload_dir(),
|
142 |
'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null,
|
206 |
$data['dynsync'] = $settings->getOption('bvDynSyncActive');
|
207 |
$data['woodyn'] = $settings->getOption('bvWooDynSync');
|
208 |
$data['dynplug'] = $settings->getOption('bvdynplug');
|
209 |
+
$data['protect'] = $settings->getOption('bvptconf');
|
|
|
|
|
210 |
$data['brand'] = $settings->getOption($this->bvinfo->brand_option);
|
211 |
$data['badgeinfo'] = $settings->getOption($this->bvinfo->badgeinfo);
|
212 |
}
|
213 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
214 |
public function dbconf(&$info) {
|
215 |
$db = $this->db;
|
216 |
if (defined('DB_CHARSET'))
|
219 |
$info['charset_collate'] = $db->getCharsetCollate();
|
220 |
return $info;
|
221 |
}
|
222 |
+
|
223 |
+
public function cookieInfo() {
|
224 |
+
$resp = array();
|
225 |
+
if (defined('COOKIEPATH'))
|
226 |
+
$resp['cookiepath'] = COOKIEPATH;
|
227 |
+
if (defined('COOKIE_DOMAIN'))
|
228 |
+
$resp['cookiedomain'] = COOKIE_DOMAIN;
|
229 |
+
return array('cookieinfo' => $resp);
|
230 |
+
}
|
231 |
|
232 |
public function activate() {
|
233 |
$resp = array();
|
238 |
return array('actinfo' => $resp);
|
239 |
}
|
240 |
|
241 |
+
public function getHostInfo() {
|
242 |
+
$host_info = $_SERVER;
|
243 |
+
$host_info['PHP_SERVER_NAME'] = php_uname('\n');
|
244 |
+
if (array_key_exists('IS_PRESSABLE', get_defined_constants())) {
|
245 |
+
$host_info['IS_PRESSABLE'] = true;
|
246 |
+
}
|
247 |
+
return array('host_info' => $host_info);
|
248 |
+
}
|
249 |
+
|
250 |
public function process($request) {
|
251 |
$db = $this->db;
|
252 |
$params = $request->params;
|
254 |
case "activateinfo":
|
255 |
$resp = $this->activate();
|
256 |
break;
|
257 |
+
case "ckeyinfo":
|
258 |
+
$resp = $this->cookieInfo();
|
259 |
+
break;
|
260 |
case "gtpsts":
|
261 |
$count = 5;
|
262 |
if (array_key_exists('count', $params))
|
278 |
case "gtwp":
|
279 |
$resp = $this->getWpInfo();
|
280 |
break;
|
281 |
+
case "gtallhdrs":
|
282 |
+
$data = (function_exists('getallheaders')) ? getallheaders() : false;
|
283 |
+
$resp = array("allhdrs" => $data);
|
284 |
+
break;
|
285 |
+
case "gtsvr":
|
286 |
+
$resp = array("svr" => $_SERVER);
|
287 |
+
break;
|
288 |
case "getoption":
|
289 |
$resp = array("option" => $this->settings->getOption($params['name']));
|
290 |
break;
|
300 |
$transient = $this->objectToArray($transient);
|
301 |
$resp = array("transient" => $transient);
|
302 |
break;
|
303 |
+
case "gthost":
|
304 |
+
$resp = $this->getHostInfo();
|
305 |
+
break;
|
306 |
+
case "gtplinfo":
|
307 |
+
$args = array(
|
308 |
+
'slug' => wp_unslash($params['slug'])
|
309 |
+
);
|
310 |
+
$action = $params['action'];
|
311 |
+
$args = (object) $args;
|
312 |
+
$args = apply_filters('plugins_api_args', $args, $action);
|
313 |
+
$data = apply_filters('plugins_api', false, $action, $args);
|
314 |
+
$resp = array("plugins_info" => $data);
|
315 |
+
break;
|
316 |
default:
|
317 |
$resp = false;
|
318 |
}
|
callback/wings/ipstore.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVIPStoreCallback')) :
|
5 |
|
6 |
-
require_once dirname( __FILE__ ) . '/../../protect/ipstore.php';
|
7 |
|
8 |
class BVIPStoreCallback extends BVCallbackBase {
|
9 |
public $db;
|
@@ -87,9 +87,8 @@ class BVIPStoreCallback extends BVCallbackBase {
|
|
87 |
case "insrtips":
|
88 |
$values = $params['values'];
|
89 |
$fields = $params['fields'];
|
90 |
-
|
91 |
-
|
92 |
-
$db->deleteBVTableContent($table, $rmfilter);
|
93 |
}
|
94 |
$this->insertIPs($bvTable, $fields, $values);
|
95 |
$resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVIPStoreCallback')) :
|
5 |
|
6 |
+
require_once dirname( __FILE__ ) . '/../../protect/wp/ipstore.php';
|
7 |
|
8 |
class BVIPStoreCallback extends BVCallbackBase {
|
9 |
public $db;
|
87 |
case "insrtips":
|
88 |
$values = $params['values'];
|
89 |
$fields = $params['fields'];
|
90 |
+
if (array_key_exists('rmfilter', $params)) {
|
91 |
+
$db->deleteBVTableContent($table, $params['rmfilter']);
|
|
|
92 |
}
|
93 |
$this->insertIPs($bvTable, $fields, $values);
|
94 |
$resp = array("offset" => $this->getIPStoreOffset($bvTable, $auto_increment_offset));
|
callback/wings/lp.php
DELETED
@@ -1,74 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('BVLoginProtectCallback')) :
|
5 |
-
|
6 |
-
require_once dirname( __FILE__ ) . '/../../protect/wp_lp/lp.php';
|
7 |
-
|
8 |
-
class BVLoginProtectCallback extends BVCallbackBase {
|
9 |
-
public $db;
|
10 |
-
public $settings;
|
11 |
-
|
12 |
-
public function __construct($callback_handler) {
|
13 |
-
$this->db = $callback_handler->db;
|
14 |
-
$this->settings = $callback_handler->settings;
|
15 |
-
}
|
16 |
-
|
17 |
-
public function unBlockLogins() {
|
18 |
-
$this->settings->deleteTransient('bvlp_block_logins');
|
19 |
-
$this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
|
20 |
-
return $this->settings->getTransient('bvlp_allow_logins');
|
21 |
-
}
|
22 |
-
|
23 |
-
public function blockLogins($time) {
|
24 |
-
$this->settings->deleteTransient('bvlp_allow_logins');
|
25 |
-
$this->settings->setTransient('bvlp_block_logins', 'true', $time);
|
26 |
-
return $this->settings->getTransient('bvlp_block_logins');
|
27 |
-
}
|
28 |
-
|
29 |
-
public function unBlockIP($ip, $attempts, $time) {
|
30 |
-
$transient_name = BVWPLP::$unblock_ip_transient.$ip;
|
31 |
-
$this->settings->setTransient($transient_name, $attempts, $time);
|
32 |
-
return $this->settings->getTransient($transient_name);
|
33 |
-
}
|
34 |
-
|
35 |
-
public function process($request) {
|
36 |
-
$params = $request->params;
|
37 |
-
$config = new BVWPLPConfig($this->db, $this->settings);
|
38 |
-
switch ($request->method) {
|
39 |
-
case "clrconfig":
|
40 |
-
$resp = array("clearconfig" => $config->clear());
|
41 |
-
break;
|
42 |
-
case "setmode":
|
43 |
-
$config->setMode($params['mode']);
|
44 |
-
$resp = array("setmode" => $config->getMode());
|
45 |
-
break;
|
46 |
-
case "setcaptchalimit":
|
47 |
-
$config->setCaptchaLimit($params['captcha_limit']);
|
48 |
-
$resp = array("captcha_limit" => $config->getCaptchaLimit());
|
49 |
-
break;
|
50 |
-
case "settmpblklimit":
|
51 |
-
$config->setTempBlockLimit($params['temp_block_limit']);
|
52 |
-
$resp = array("temp_block_limit" => $config->getTempBlockLimit());
|
53 |
-
break;
|
54 |
-
case "setblkalllimit":
|
55 |
-
$config->setBlockAllLimit($params['block_all_limit']);
|
56 |
-
$resp = array("block_all_limit" => $config->getBlockAllLimit());
|
57 |
-
break;
|
58 |
-
case "unblklogins":
|
59 |
-
$resp = array("unblocklogins" => $this->unBlockLogins());
|
60 |
-
break;
|
61 |
-
case "blklogins":
|
62 |
-
$time = array_key_exists('time', $params) ? $params['time'] : 1800;
|
63 |
-
$resp = array("blocklogins" => $this->blockLogins($time));
|
64 |
-
break;
|
65 |
-
case "unblkip":
|
66 |
-
$resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
|
67 |
-
break;
|
68 |
-
default:
|
69 |
-
$resp = false;
|
70 |
-
}
|
71 |
-
return $resp;
|
72 |
-
}
|
73 |
-
}
|
74 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
callback/wings/misc.php
CHANGED
@@ -23,9 +23,9 @@ class BVMiscCallback extends BVCallbackBase {
|
|
23 |
switch ($request->method) {
|
24 |
case "dummyping":
|
25 |
$resp = array();
|
26 |
-
$resp = array_merge($resp, $this->siteinfo->
|
27 |
-
$resp = array_merge($resp, $this->account->
|
28 |
-
$resp = array_merge($resp, $this->bvinfo->
|
29 |
break;
|
30 |
case "enablebadge":
|
31 |
$option = $bvinfo->badgeinfo;
|
@@ -52,14 +52,6 @@ class BVMiscCallback extends BVCallbackBase {
|
|
52 |
$settings->deleteOption('bvdynplug');
|
53 |
$resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
|
54 |
break;
|
55 |
-
case "setptplug":
|
56 |
-
$settings->updateOption('bvptplug', $params['ptplug']);
|
57 |
-
$resp = array("setptplug" => $settings->getOption('bvptplug'));
|
58 |
-
break;
|
59 |
-
case "unsetptplug":
|
60 |
-
$settings->deleteOption('bvptlug');
|
61 |
-
$resp = array("unsetptplug" => $settings->getOption('bvptlug'));
|
62 |
-
break;
|
63 |
case "wpupplgs":
|
64 |
$resp = array("wpupdateplugins" => wp_update_plugins());
|
65 |
break;
|
@@ -69,10 +61,6 @@ class BVMiscCallback extends BVCallbackBase {
|
|
69 |
case "wpupcre":
|
70 |
$resp = array("wpupdatecore" => wp_version_check());
|
71 |
break;
|
72 |
-
case "rmmonitime":
|
73 |
-
$this->settings->deleteOption('bvmonittime');
|
74 |
-
$resp = array("rmmonitime" => !$bvinfo->getMonitTime());
|
75 |
-
break;
|
76 |
case "phpinfo":
|
77 |
phpinfo();
|
78 |
die();
|
@@ -86,4 +74,4 @@ class BVMiscCallback extends BVCallbackBase {
|
|
86 |
return $resp;
|
87 |
}
|
88 |
}
|
89 |
-
endif;
|
23 |
switch ($request->method) {
|
24 |
case "dummyping":
|
25 |
$resp = array();
|
26 |
+
$resp = array_merge($resp, $this->siteinfo->info());
|
27 |
+
$resp = array_merge($resp, $this->account->info());
|
28 |
+
$resp = array_merge($resp, $this->bvinfo->info());
|
29 |
break;
|
30 |
case "enablebadge":
|
31 |
$option = $bvinfo->badgeinfo;
|
52 |
$settings->deleteOption('bvdynplug');
|
53 |
$resp = array("unsetdynplug" => $settings->getOption('bvdynplug'));
|
54 |
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
55 |
case "wpupplgs":
|
56 |
$resp = array("wpupdateplugins" => wp_update_plugins());
|
57 |
break;
|
61 |
case "wpupcre":
|
62 |
$resp = array("wpupdatecore" => wp_version_check());
|
63 |
break;
|
|
|
|
|
|
|
|
|
64 |
case "phpinfo":
|
65 |
phpinfo();
|
66 |
die();
|
74 |
return $resp;
|
75 |
}
|
76 |
}
|
77 |
+
endif;
|
callback/wings/protect.php
CHANGED
@@ -3,7 +3,9 @@
|
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVProtectCallback')) :
|
5 |
|
6 |
-
require_once dirname( __FILE__ ) . '/../../protect/protect.php';
|
|
|
|
|
7 |
|
8 |
class BVProtectCallback extends BVCallbackBase {
|
9 |
public $db;
|
@@ -14,10 +16,40 @@ class BVProtectCallback extends BVCallbackBase {
|
|
14 |
$this->settings = $callback_handler->settings;
|
15 |
}
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
17 |
public function process($request) {
|
18 |
$bvinfo = new WPRInfo($this->settings);
|
19 |
-
$protect = new BVProtect($this->db, $this->settings);
|
20 |
$params = $request->params;
|
|
|
21 |
switch ($request->method) {
|
22 |
case "gtipprobeinfo":
|
23 |
$resp = array();
|
@@ -31,41 +63,52 @@ class BVProtectCallback extends BVCallbackBase {
|
|
31 |
}
|
32 |
}
|
33 |
$resp["hdrsinfo"] = $hdrsinfo;
|
34 |
-
|
35 |
-
|
36 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
break;
|
38 |
case "gtraddr":
|
39 |
$raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
|
40 |
$resp = array("raddr" => $raddr);
|
41 |
break;
|
42 |
-
case "
|
43 |
-
$
|
44 |
-
|
|
|
|
|
|
|
45 |
break;
|
46 |
-
case "
|
47 |
-
$
|
|
|
48 |
break;
|
49 |
-
case "
|
50 |
-
$resp = array("
|
51 |
break;
|
52 |
-
case "
|
53 |
-
$
|
54 |
-
$
|
55 |
-
$this->settings->updateOption($option_name, $iphdr);
|
56 |
-
$resp = array("iphdr" => $this->settings->getOption($option_name));
|
57 |
break;
|
58 |
-
case "
|
59 |
-
$resp = array("
|
60 |
break;
|
61 |
-
case "
|
62 |
-
$
|
63 |
-
$
|
64 |
-
$resp = array("iphdr" => $this->settings->getOption($option_name));
|
65 |
break;
|
66 |
default:
|
67 |
$resp = false;
|
68 |
}
|
|
|
69 |
return $resp;
|
70 |
}
|
71 |
}
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVProtectCallback')) :
|
5 |
|
6 |
+
require_once dirname( __FILE__ ) . '/../../protect/wp/protect.php';
|
7 |
+
require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
|
8 |
+
require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
|
9 |
|
10 |
class BVProtectCallback extends BVCallbackBase {
|
11 |
public $db;
|
16 |
$this->settings = $callback_handler->settings;
|
17 |
}
|
18 |
|
19 |
+
public function serverConfig() {
|
20 |
+
return array(
|
21 |
+
'software' => $_SERVER['SERVER_SOFTWARE'],
|
22 |
+
'sapi' => (function_exists('php_sapi_name')) ? php_sapi_name() : false,
|
23 |
+
'has_apache_get_modules' => function_exists('apache_get_modules'),
|
24 |
+
'posix_getuid' => (function_exists('posix_getuid')) ? posix_getuid() : null,
|
25 |
+
'uid' => (function_exists('getmyuid')) ? getmyuid() : null,
|
26 |
+
'user_ini' => ini_get('user_ini.filename'),
|
27 |
+
'php_major_version' => PHP_MAJOR_VERSION
|
28 |
+
);
|
29 |
+
}
|
30 |
+
|
31 |
+
public function unBlockLogins() {
|
32 |
+
$this->settings->deleteTransient('bvlp_block_logins');
|
33 |
+
$this->settings->setTransient('bvlp_allow_logins', 'true', 1800);
|
34 |
+
return $this->settings->getTransient('bvlp_allow_logins');
|
35 |
+
}
|
36 |
+
|
37 |
+
public function blockLogins($time) {
|
38 |
+
$this->settings->deleteTransient('bvlp_allow_logins');
|
39 |
+
$this->settings->setTransient('bvlp_block_logins', 'true', $time);
|
40 |
+
return $this->settings->getTransient('bvlp_block_logins');
|
41 |
+
}
|
42 |
+
|
43 |
+
public function unBlockIP($ip, $attempts, $time) {
|
44 |
+
$transient_name = BVWPLP::$unblock_ip_transient.$ip;
|
45 |
+
$this->settings->setTransient($transient_name, $attempts, $time);
|
46 |
+
return $this->settings->getTransient($transient_name);
|
47 |
+
}
|
48 |
+
|
49 |
public function process($request) {
|
50 |
$bvinfo = new WPRInfo($this->settings);
|
|
|
51 |
$params = $request->params;
|
52 |
+
|
53 |
switch ($request->method) {
|
54 |
case "gtipprobeinfo":
|
55 |
$resp = array();
|
63 |
}
|
64 |
}
|
65 |
$resp["hdrsinfo"] = $hdrsinfo;
|
66 |
+
break;
|
67 |
+
case "gtptcnf":
|
68 |
+
$resp = array('conf' => $this->settings->getOption('bvptconf'));
|
69 |
+
break;
|
70 |
+
case "clrcnf":
|
71 |
+
$this->settings->deleteOption('bvptconf');
|
72 |
+
$this->settings->deleteOption('bvptplug');
|
73 |
+
$resp = array("clearconfig" => true);
|
74 |
+
break;
|
75 |
+
case "docnf":
|
76 |
+
$this->settings->updateOption('bvptconf', $params['conf']);
|
77 |
+
$resp = array('conf' => $this->settings->getOption('bvptconf'));
|
78 |
break;
|
79 |
case "gtraddr":
|
80 |
$raddr = array_key_exists('REMOTE_ADDR', $_SERVER) ? $_SERVER['REMOTE_ADDR'] : false;
|
81 |
$resp = array("raddr" => $raddr);
|
82 |
break;
|
83 |
+
case "svrcnf":
|
84 |
+
$resp = array("serverconfig" => $this->serverConfig());
|
85 |
+
break;
|
86 |
+
case "setptplug":
|
87 |
+
$this->settings->updateOption('bvptplug', $params['ptplug']);
|
88 |
+
$resp = array("setptplug" => $this->settings->getOption('bvptplug'));
|
89 |
break;
|
90 |
+
case "unsetptplug":
|
91 |
+
$this->settings->deleteOption('bvptlug');
|
92 |
+
$resp = array("unsetptplug" => $this->settings->getOption('bvptlug'));
|
93 |
break;
|
94 |
+
case "unblklogins":
|
95 |
+
$resp = array("unblocklogins" => $this->unBlockLogins());
|
96 |
break;
|
97 |
+
case "blklogins":
|
98 |
+
$time = array_key_exists('time', $params) ? $params['time'] : 1800;
|
99 |
+
$resp = array("blocklogins" => $this->blockLogins($time));
|
|
|
|
|
100 |
break;
|
101 |
+
case "unblkip":
|
102 |
+
$resp = array("unblockip" => $this->unBlockIP($params['ip'], $params['attempts'], $params['time']));
|
103 |
break;
|
104 |
+
case "rmwatchtime":
|
105 |
+
$this->settings->deleteOption('bvwatchtime');
|
106 |
+
$resp = array("rmwatchtime" => !$bvinfo->getWatchTime());
|
|
|
107 |
break;
|
108 |
default:
|
109 |
$resp = false;
|
110 |
}
|
111 |
+
|
112 |
return $resp;
|
113 |
}
|
114 |
}
|
callback/wings/{monit.php → watch.php}
RENAMED
@@ -1,9 +1,9 @@
|
|
1 |
<?php
|
2 |
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('
|
5 |
|
6 |
-
class
|
7 |
public $db;
|
8 |
public $settings;
|
9 |
|
@@ -31,20 +31,65 @@ class BVMonitCallback extends BVCallbackBase {
|
|
31 |
return $this->db->deleteBVTableContent($name, $filter);
|
32 |
}
|
33 |
|
34 |
-
|
35 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
36 |
}
|
37 |
|
38 |
public function process($request) {
|
39 |
$db = $this->db;
|
40 |
$settings = $this->settings;
|
41 |
-
$this->
|
42 |
$params = $request->params;
|
|
|
43 |
switch ($request->method) {
|
44 |
case "getdata":
|
45 |
$resp = array();
|
|
|
46 |
if (array_key_exists('lp', $params)) {
|
47 |
-
require_once dirname( __FILE__ ) . '/../../protect/
|
48 |
$lp_params = $params['lp'];
|
49 |
$limit = intval(urldecode($lp_params['limit']));
|
50 |
$filter = urldecode($lp_params['filter']);
|
@@ -52,15 +97,22 @@ class BVMonitCallback extends BVCallbackBase {
|
|
52 |
$table = $db->getBVTable(BVWPLPConfig::$requests_table);
|
53 |
$resp["lplogs"] = $this->getData($table, $limit, $filter);
|
54 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
55 |
if (array_key_exists('fw', $params)) {
|
56 |
-
require_once dirname( __FILE__ ) . '/../../protect/
|
57 |
$fw_params = $params['fw'];
|
58 |
$limit = intval(urldecode($fw_params['limit']));
|
59 |
$filter = urldecode($fw_params['filter']);
|
60 |
-
$db->deleteBVTableContent(
|
61 |
-
$table = $db->getBVTable(
|
62 |
$resp["fwlogs"] = $this->getData($table, $limit, $filter);
|
63 |
}
|
|
|
64 |
if (array_key_exists('dynevent', $params)) {
|
65 |
require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
|
66 |
$isdynsyncactive = $settings->getOption('bvDynSyncActive');
|
@@ -76,6 +128,7 @@ class BVMonitCallback extends BVCallbackBase {
|
|
76 |
$resp["status"] = true;
|
77 |
}
|
78 |
}
|
|
|
79 |
$resp["status"] = "done";
|
80 |
break;
|
81 |
case "rmdata":
|
1 |
<?php
|
2 |
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
+
if (!class_exists('BVWatchCallback')) :
|
5 |
|
6 |
+
class BVWatchCallback extends BVCallbackBase {
|
7 |
public $db;
|
8 |
public $settings;
|
9 |
|
31 |
return $this->db->deleteBVTableContent($name, $filter);
|
32 |
}
|
33 |
|
34 |
+
public function setWatchTime() {
|
35 |
+
return $this->settings->updateOption('bvwatchtime', time());
|
36 |
+
}
|
37 |
+
|
38 |
+
public function getFWPrependLog($params) {
|
39 |
+
$result = array();
|
40 |
+
$fname = $params['fname'];
|
41 |
+
$limit = intval($params['limit']);
|
42 |
+
|
43 |
+
if (file_exists($fname)) {
|
44 |
+
|
45 |
+
$result['exists'] = true;
|
46 |
+
$tmpfname = $fname."tmp";
|
47 |
+
|
48 |
+
if (!@rename($fname, $tmpfname)) {
|
49 |
+
|
50 |
+
$result = array('status' => 'Error', 'message' => 'UNABLE_TO_RENAME_LOGFILE');
|
51 |
+
|
52 |
+
} else {
|
53 |
+
|
54 |
+
if (file_exists($tmpfname)) {
|
55 |
+
|
56 |
+
$fsize = filesize($tmpfname);
|
57 |
+
$result["size"] = $fsize;
|
58 |
+
|
59 |
+
if ($fsize <= $limit) {
|
60 |
+
|
61 |
+
$result['content'] = file_get_contents($tmpfname);
|
62 |
+
|
63 |
+
} else {
|
64 |
+
$handle = fopen($tmpfname, "rb");
|
65 |
+
$result['content'] = fread($handle, $limit);
|
66 |
+
$result['incomplete'] = true;
|
67 |
+
fclose($handle);
|
68 |
+
}
|
69 |
+
|
70 |
+
$result['tmpfile'] = unlink($tmpfname);
|
71 |
+
} else {
|
72 |
+
$result['tmpfile'] = 'DOES_NOT_EXISTS';
|
73 |
+
}
|
74 |
+
|
75 |
+
}
|
76 |
+
}
|
77 |
+
|
78 |
+
return $result;
|
79 |
}
|
80 |
|
81 |
public function process($request) {
|
82 |
$db = $this->db;
|
83 |
$settings = $this->settings;
|
84 |
+
$this->setWatchTime();
|
85 |
$params = $request->params;
|
86 |
+
|
87 |
switch ($request->method) {
|
88 |
case "getdata":
|
89 |
$resp = array();
|
90 |
+
|
91 |
if (array_key_exists('lp', $params)) {
|
92 |
+
require_once dirname( __FILE__ ) . '/../../protect/wp/lp/config.php';
|
93 |
$lp_params = $params['lp'];
|
94 |
$limit = intval(urldecode($lp_params['limit']));
|
95 |
$filter = urldecode($lp_params['filter']);
|
97 |
$table = $db->getBVTable(BVWPLPConfig::$requests_table);
|
98 |
$resp["lplogs"] = $this->getData($table, $limit, $filter);
|
99 |
}
|
100 |
+
|
101 |
+
if (array_key_exists('prelog', $params)) {
|
102 |
+
$prelog_params = $params['prelog'];
|
103 |
+
$resp["prelog"] = $this->getFWPrependLog($prelog_params);
|
104 |
+
}
|
105 |
+
|
106 |
if (array_key_exists('fw', $params)) {
|
107 |
+
require_once dirname( __FILE__ ) . '/../../protect/fw/config.php';
|
108 |
$fw_params = $params['fw'];
|
109 |
$limit = intval(urldecode($fw_params['limit']));
|
110 |
$filter = urldecode($fw_params['filter']);
|
111 |
+
$db->deleteBVTableContent(BVFWConfig::$requests_table, $fw_params['rmfilter']);
|
112 |
+
$table = $db->getBVTable(BVFWConfig::$requests_table);
|
113 |
$resp["fwlogs"] = $this->getData($table, $limit, $filter);
|
114 |
}
|
115 |
+
|
116 |
if (array_key_exists('dynevent', $params)) {
|
117 |
require_once dirname( __FILE__ ) . '/../../wp_dynsync.php';
|
118 |
$isdynsyncactive = $settings->getOption('bvDynSyncActive');
|
128 |
$resp["status"] = true;
|
129 |
}
|
130 |
}
|
131 |
+
|
132 |
$resp["status"] = "done";
|
133 |
break;
|
134 |
case "rmdata":
|
info.php
CHANGED
@@ -9,17 +9,23 @@ if (!class_exists('WPRInfo')) :
|
|
9 |
public $badgeinfo = 'wprbadge';
|
10 |
public $ip_header_option = 'wpripheader';
|
11 |
public $brand_option = 'wprbrand';
|
12 |
-
public $version = '
|
13 |
public $webpage = 'https://wpremote.com';
|
14 |
public $appurl = 'https://app.wpremote.com';
|
15 |
public $slug = 'wpremote/plugin.php';
|
16 |
public $plug_redirect = 'wprredirect';
|
17 |
public $logo = '../img/wprlogo.png';
|
|
|
18 |
|
19 |
public function __construct($settings) {
|
20 |
$this->settings = $settings;
|
21 |
}
|
22 |
|
|
|
|
|
|
|
|
|
|
|
23 |
public function getBrandInfo() {
|
24 |
return $this->settings->getOption($this->brand_option);
|
25 |
}
|
@@ -29,11 +35,20 @@ if (!class_exists('WPRInfo')) :
|
|
29 |
if ($brand && array_key_exists('menuname', $brand)) {
|
30 |
return $brand['menuname'];
|
31 |
}
|
|
|
32 |
return $this->brandname;
|
33 |
}
|
34 |
|
35 |
-
public function
|
36 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
return ($time ? $time : 0);
|
38 |
}
|
39 |
|
@@ -48,10 +63,10 @@ if (!class_exists('WPRInfo')) :
|
|
48 |
return $this->appurl;
|
49 |
}
|
50 |
}
|
51 |
-
|
52 |
public function isActivePlugin() {
|
53 |
$expiry_time = time() - (3 * 24 * 3600);
|
54 |
-
return ($this->
|
55 |
}
|
56 |
|
57 |
public function isProtectModuleEnabled() {
|
@@ -63,6 +78,7 @@ if (!class_exists('WPRInfo')) :
|
|
63 |
return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
|
64 |
$this->isActivePlugin();
|
65 |
}
|
|
|
66 |
public function isActivateRedirectSet() {
|
67 |
return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
|
68 |
}
|
@@ -75,10 +91,11 @@ if (!class_exists('WPRInfo')) :
|
|
75 |
return $this->getBrandName() === 'BlogVault';
|
76 |
}
|
77 |
|
78 |
-
public function
|
79 |
return array(
|
80 |
"bvversion" => $this->version,
|
81 |
-
"sha1" => "true"
|
|
|
82 |
);
|
83 |
}
|
84 |
}
|
9 |
public $badgeinfo = 'wprbadge';
|
10 |
public $ip_header_option = 'wpripheader';
|
11 |
public $brand_option = 'wprbrand';
|
12 |
+
public $version = '4.22';
|
13 |
public $webpage = 'https://wpremote.com';
|
14 |
public $appurl = 'https://app.wpremote.com';
|
15 |
public $slug = 'wpremote/plugin.php';
|
16 |
public $plug_redirect = 'wprredirect';
|
17 |
public $logo = '../img/wprlogo.png';
|
18 |
+
public $brand_icon = '/img/icon.png';
|
19 |
|
20 |
public function __construct($settings) {
|
21 |
$this->settings = $settings;
|
22 |
}
|
23 |
|
24 |
+
public function canOverrideCW() {
|
25 |
+
$scanOption = $this->settings->getOption('bvoverridecw');
|
26 |
+
return (isset($scanOption) && $scanOption == 1);
|
27 |
+
}
|
28 |
+
|
29 |
public function getBrandInfo() {
|
30 |
return $this->settings->getOption($this->brand_option);
|
31 |
}
|
35 |
if ($brand && array_key_exists('menuname', $brand)) {
|
36 |
return $brand['menuname'];
|
37 |
}
|
38 |
+
|
39 |
return $this->brandname;
|
40 |
}
|
41 |
|
42 |
+
public function getBrandIcon() {
|
43 |
+
$brand = $this->getBrandInfo();
|
44 |
+
if ($brand && array_key_exists('brand_icon', $brand)) {
|
45 |
+
return $brand['brand_icon'];
|
46 |
+
}
|
47 |
+
return $this->brand_icon;
|
48 |
+
}
|
49 |
+
|
50 |
+
public function getWatchTime() {
|
51 |
+
$time = $this->settings->getOption('bvwatchtime');
|
52 |
return ($time ? $time : 0);
|
53 |
}
|
54 |
|
63 |
return $this->appurl;
|
64 |
}
|
65 |
}
|
66 |
+
|
67 |
public function isActivePlugin() {
|
68 |
$expiry_time = time() - (3 * 24 * 3600);
|
69 |
+
return ($this->getWatchTime() > $expiry_time);
|
70 |
}
|
71 |
|
72 |
public function isProtectModuleEnabled() {
|
78 |
return ($this->settings->getOption('bvdynplug') === $this->plugname) &&
|
79 |
$this->isActivePlugin();
|
80 |
}
|
81 |
+
|
82 |
public function isActivateRedirectSet() {
|
83 |
return ($this->settings->getOption($this->plug_redirect) === 'yes') ? true : false;
|
84 |
}
|
91 |
return $this->getBrandName() === 'BlogVault';
|
92 |
}
|
93 |
|
94 |
+
public function info() {
|
95 |
return array(
|
96 |
"bvversion" => $this->version,
|
97 |
+
"sha1" => "true",
|
98 |
+
"plugname" => $this->plugname
|
99 |
);
|
100 |
}
|
101 |
}
|
plugin.php
CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://wpremote.com
|
|
5 |
Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
|
6 |
Author: WP Remote
|
7 |
Author URI: https://wpremote.com
|
8 |
-
Version:
|
9 |
Network: True
|
10 |
*/
|
11 |
|
@@ -36,6 +36,7 @@ if (get_option( 'wpr_api_key' ) !== false) {
|
|
36 |
require 'old_wpremote/plugin.php';
|
37 |
}
|
38 |
|
|
|
39 |
require_once dirname( __FILE__ ) . '/wp_settings.php';
|
40 |
require_once dirname( __FILE__ ) . '/wp_site_info.php';
|
41 |
require_once dirname( __FILE__ ) . '/wp_db.php';
|
@@ -73,6 +74,7 @@ if (is_admin()) {
|
|
73 |
add_action('admin_menu', array($wpadmin, 'menu'));
|
74 |
}
|
75 |
add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
|
|
|
76 |
add_action('admin_notices', array($wpadmin, 'activateWarning'));
|
77 |
##ADMINENQUEUESCRIPTS##
|
78 |
}
|
@@ -88,7 +90,7 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
|
|
88 |
require_once dirname( __FILE__ ) . '/callback/request.php';
|
89 |
require_once dirname( __FILE__ ) . '/recover.php';
|
90 |
|
91 |
-
$pubkey = $_REQUEST['pubkey'];
|
92 |
|
93 |
if (array_key_exists('rcvracc', $_REQUEST)) {
|
94 |
$account = WPRRecover::find($bvsettings, $pubkey);
|
@@ -100,13 +102,16 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
|
|
100 |
$response = new BVCallbackResponse($request->bvb64cksize);
|
101 |
|
102 |
if ($account && (1 === $account->authenticate($request))) {
|
|
|
|
|
|
|
103 |
require_once dirname( __FILE__ ) . '/callback/handler.php';
|
104 |
$params = $request->processParams($_REQUEST);
|
105 |
if ($params === false) {
|
106 |
$resp = array(
|
107 |
-
"account_info" => $account->
|
108 |
-
"request_info" => $request->
|
109 |
-
"bvinfo" => $bvinfo->
|
110 |
"statusmsg" => "BVPRMS_CORRUPTED"
|
111 |
);
|
112 |
$response->terminate($resp);
|
@@ -123,9 +128,9 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
|
|
123 |
}
|
124 |
} else {
|
125 |
$resp = array(
|
126 |
-
"account_info" => $account ? $account->
|
127 |
-
"request_info" => $request->
|
128 |
-
"bvinfo" => $bvinfo->
|
129 |
"statusmsg" => "FAILED_AUTH",
|
130 |
"api_pubkey" => substr(WPRAccount::getApiPublicKey($bvsettings), 0, 8),
|
131 |
"def_sigmatch" => substr(WPRAccount::getSigMatch($request, WPRRecover::getDefaultSecret($bvsettings)), 0, 8)
|
@@ -134,16 +139,15 @@ if ((array_key_exists('bvplugname', $_REQUEST)) && ($_REQUEST['bvplugname'] == "
|
|
134 |
}
|
135 |
} else {
|
136 |
if ($bvinfo->isProtectModuleEnabled()) {
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
}
|
142 |
|
143 |
if ($bvinfo->isDynSyncModuleEnabled()) {
|
144 |
-
|
145 |
-
|
146 |
-
|
147 |
-
}
|
148 |
|
149 |
}
|
5 |
Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
|
6 |
Author: WP Remote
|
7 |
Author URI: https://wpremote.com
|
8 |
+
Version: 4.22
|
9 |
Network: True
|
10 |
*/
|
11 |
|
36 |
require 'old_wpremote/plugin.php';
|
37 |
}
|
38 |
|
39 |
+
|
40 |
require_once dirname( __FILE__ ) . '/wp_settings.php';
|
41 |
require_once dirname( __FILE__ ) . '/wp_site_info.php';
|
42 |
require_once dirname( __FILE__ ) . '/wp_db.php';
|
74 |
add_action('admin_menu', array($wpadmin, 'menu'));
|
75 |
}
|
76 |
add_filter('plugin_action_links', array($wpadmin, 'settingsLink'), 10, 2);
|
77 |
+
add_action('admin_head', array($wpadmin, 'removeAdminNotices'), 3);
|
78 |
add_action('admin_notices', array($wpadmin, 'activateWarning'));
|
79 |
##ADMINENQUEUESCRIPTS##
|
80 |
}
|
90 |
require_once dirname( __FILE__ ) . '/callback/request.php';
|
91 |
require_once dirname( __FILE__ ) . '/recover.php';
|
92 |
|
93 |
+
$pubkey = WPRAccount::sanitizeKey($_REQUEST['pubkey']);
|
94 |
|
95 |
if (array_key_exists('rcvracc', $_REQUEST)) {
|
96 |
$account = WPRRecover::find($bvsettings, $pubkey);
|
102 |
$response = new BVCallbackResponse($request->bvb64cksize);
|
103 |
|
104 |
if ($account && (1 === $account->authenticate($request))) {
|
105 |
+
define('WPRBASEPATH', plugin_dir_path(__FILE__));
|
106 |
+
|
107 |
+
|
108 |
require_once dirname( __FILE__ ) . '/callback/handler.php';
|
109 |
$params = $request->processParams($_REQUEST);
|
110 |
if ($params === false) {
|
111 |
$resp = array(
|
112 |
+
"account_info" => $account->info(),
|
113 |
+
"request_info" => $request->info(),
|
114 |
+
"bvinfo" => $bvinfo->info(),
|
115 |
"statusmsg" => "BVPRMS_CORRUPTED"
|
116 |
);
|
117 |
$response->terminate($resp);
|
128 |
}
|
129 |
} else {
|
130 |
$resp = array(
|
131 |
+
"account_info" => $account ? $account->info() : array("error" => "ACCOUNT_NOT_FOUND"),
|
132 |
+
"request_info" => $request->info(),
|
133 |
+
"bvinfo" => $bvinfo->info(),
|
134 |
"statusmsg" => "FAILED_AUTH",
|
135 |
"api_pubkey" => substr(WPRAccount::getApiPublicKey($bvsettings), 0, 8),
|
136 |
"def_sigmatch" => substr(WPRAccount::getSigMatch($request, WPRRecover::getDefaultSecret($bvsettings)), 0, 8)
|
139 |
}
|
140 |
} else {
|
141 |
if ($bvinfo->isProtectModuleEnabled()) {
|
142 |
+
require_once dirname( __FILE__ ) . '/protect/wp/protect.php';
|
143 |
+
$bvprotect = new BVProtect($bvdb, $bvsettings);
|
144 |
+
$bvprotect->run();
|
145 |
+
}
|
|
|
146 |
|
147 |
if ($bvinfo->isDynSyncModuleEnabled()) {
|
148 |
+
require_once dirname( __FILE__ ) . '/wp_dynsync.php';
|
149 |
+
$dynsync = new BVWPDynSync($bvdb, $bvsettings);
|
150 |
+
$dynsync->init();
|
151 |
+
}
|
152 |
|
153 |
}
|
protect/base.php
ADDED
@@ -0,0 +1,29 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
|
3 |
+
if (!class_exists('BVProtectBase')) :
|
4 |
+
|
5 |
+
class BVProtectBase {
|
6 |
+
public static function getIP($ipHeader) {
|
7 |
+
$ip = '127.0.0.1';
|
8 |
+
if ($ipHeader && is_array($ipHeader)) {
|
9 |
+
if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
|
10 |
+
$_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
|
11 |
+
if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
|
12 |
+
$ip = $_ips[intval($ipHeader['pos'])];
|
13 |
+
}
|
14 |
+
}
|
15 |
+
} else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
|
16 |
+
$ip = $_SERVER['REMOTE_ADDR'];
|
17 |
+
}
|
18 |
+
|
19 |
+
$ip = trim($ip);
|
20 |
+
if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
|
21 |
+
$ip = $matches[1];
|
22 |
+
} elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
|
23 |
+
$ip = $matches[1];
|
24 |
+
}
|
25 |
+
|
26 |
+
return $ip;
|
27 |
+
}
|
28 |
+
}
|
29 |
+
endif;
|
protect/fw/config.php
ADDED
@@ -0,0 +1,117 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
|
4 |
+
if (!class_exists('BVFWConfig')) :
|
5 |
+
|
6 |
+
class BVFWConfig {
|
7 |
+
public $mode;
|
8 |
+
public $requestProfilingMode;
|
9 |
+
public $roleLevel;
|
10 |
+
public $ipCookieMode;
|
11 |
+
public $adminCookieMode;
|
12 |
+
public $bypassLevel;
|
13 |
+
public $customRoles;
|
14 |
+
public $cookieKey;
|
15 |
+
public $cookiePath;
|
16 |
+
public $cookieDomain;
|
17 |
+
public $loggingMode;
|
18 |
+
|
19 |
+
public static $requests_table = 'fw_requests';
|
20 |
+
public static $roleLevels = array(
|
21 |
+
'administrator' => BVFWConfig::ROLE_LEVEL_ADMIN,
|
22 |
+
'editor' => BVFWConfig::ROLE_LEVEL_EDITOR,
|
23 |
+
'author' => BVFWConfig::ROLE_LEVEL_AUTHOR,
|
24 |
+
'contributor' => BVFWConfig::ROLE_LEVEL_CONTRIBUTOR,
|
25 |
+
'subscriber' => BVFWConfig::ROLE_LEVEL_SUBSCRIBER
|
26 |
+
);
|
27 |
+
|
28 |
+
function __construct($confHash) {
|
29 |
+
$this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVFWConfig::DISABLED;
|
30 |
+
$this->requestProfilingMode = array_key_exists('reqprofilingmode', $confHash) ? intval($confHash['reqprofilingmode']) : BVFWConfig::REQ_PROFILING_MODE_DISABLED;
|
31 |
+
$this->ipCookieMode = array_key_exists('ipcookiemode', $confHash) ? intval($confHash['ipcookiemode']) : BVFWConfig::IP_COOKIE_MODE_DISABLED;
|
32 |
+
$this->adminCookieMode = array_key_exists('admincookiemode', $confHash) ? intval($confHash['admincookiemode']) : BVFWConfig::ADMIN_COOKIE_MODE_DISABLED;
|
33 |
+
$this->loggingMode = array_key_exists('loggingmode', $confHash) ? intval($confHash['loggingmode']) : BVFWConfig::LOGGING_MODE_VISITOR;
|
34 |
+
$this->bypassLevel = array_key_exists('bypasslevel', $confHash) ? intval($confHash['bypasslevel']) : BVFWConfig::ROLE_LEVEL_CONTRIBUTOR;
|
35 |
+
$this->customRoles = array_key_exists('customroles', $confHash) ? $confHash['customroles'] : array();
|
36 |
+
$this->cookieKey = array_key_exists('cookiekey', $confHash) ? $confHash['cookiekey'] : "";
|
37 |
+
$this->cookiePath = array_key_exists('cookiepath', $confHash) ? $confHash['cookiepath'] : "";
|
38 |
+
$this->cookieDomain = array_key_exists('cookiedomain', $confHash) ? $confHash['cookiedomain'] : "";
|
39 |
+
}
|
40 |
+
|
41 |
+
#mode
|
42 |
+
const DISABLED = 1;
|
43 |
+
const AUDIT = 2;
|
44 |
+
const PROTECT = 3;
|
45 |
+
|
46 |
+
#Request Profiling Mode
|
47 |
+
const REQ_PROFILING_MODE_DISABLED = 1;
|
48 |
+
const REQ_PROFILING_MODE_NORMAL = 2;
|
49 |
+
const REQ_PROFILING_MODE_DEBUG = 3;
|
50 |
+
|
51 |
+
#IP Cookie Mode
|
52 |
+
const IP_COOKIE_MODE_ENABLED = 1;
|
53 |
+
const IP_COOKIE_MODE_DISABLED = 2;
|
54 |
+
|
55 |
+
#Admin Cookie Mode
|
56 |
+
const ADMIN_COOKIE_MODE_ENABLED = 1;
|
57 |
+
const ADMIN_COOKIE_MODE_DISABLED = 2;
|
58 |
+
|
59 |
+
#Role Level
|
60 |
+
const ROLE_LEVEL_SUBSCRIBER = 1;
|
61 |
+
const ROLE_LEVEL_CONTRIBUTOR = 2;
|
62 |
+
const ROLE_LEVEL_AUTHOR = 3;
|
63 |
+
const ROLE_LEVEL_EDITOR = 4;
|
64 |
+
const ROLE_LEVEL_ADMIN = 5;
|
65 |
+
const ROLE_LEVEL_CUSTOM = 6;
|
66 |
+
|
67 |
+
#WebServer Conf Mode
|
68 |
+
const MODE_APACHEMODPHP = 1;
|
69 |
+
const MODE_APACHESUPHP = 2;
|
70 |
+
const MODE_CGI_FASTCGI = 3;
|
71 |
+
const MODE_NGINX = 4;
|
72 |
+
const MODE_LITESPEED = 5;
|
73 |
+
const MODE_IIS = 6;
|
74 |
+
|
75 |
+
#Logging Mode
|
76 |
+
const LOGGING_MODE_VISITOR = 1;
|
77 |
+
const LOGGING_MODE_COMPLETE = 2;
|
78 |
+
const LOGGING_MODE_DISABLED = 3;
|
79 |
+
|
80 |
+
|
81 |
+
#Valid mc_data filenames
|
82 |
+
public static $validMcDataFilenames = array('mc.conf', 'mc_ips.conf');
|
83 |
+
public static $validDeletableFiles = array('mc.conf', 'mc_ips.conf', 'malcare-waf.php', 'mc.log', 'mc_data');
|
84 |
+
|
85 |
+
public function isActive() {
|
86 |
+
return ($this->mode !== BVFWConfig::DISABLED);
|
87 |
+
}
|
88 |
+
|
89 |
+
public function isProtecting() {
|
90 |
+
return ($this->mode === BVFWConfig::PROTECT);
|
91 |
+
}
|
92 |
+
|
93 |
+
public function isAuditing() {
|
94 |
+
return ($this->mode === BVFWConfig::AUDIT);
|
95 |
+
}
|
96 |
+
|
97 |
+
public function isReqProfilingModeDebug() {
|
98 |
+
return ($this->requestProfilingMode === BVFWConfig::REQ_PROFILING_MODE_DEBUG);
|
99 |
+
}
|
100 |
+
|
101 |
+
public function canProfileReqInfo() {
|
102 |
+
return ($this->requestProfilingMode !== BVFWConfig::REQ_PROFILING_MODE_DISABLED);
|
103 |
+
}
|
104 |
+
|
105 |
+
public function isCompleteLoggingEnabled() {
|
106 |
+
return ($this->loggingMode === BVFWConfig::LOGGING_MODE_COMPLETE);
|
107 |
+
}
|
108 |
+
|
109 |
+
public function isVisitorLoggingEnabled() {
|
110 |
+
return ($this->loggingMode === BVFWConfig::LOGGING_MODE_VISITOR);
|
111 |
+
}
|
112 |
+
|
113 |
+
public function isLoggingDisabled() {
|
114 |
+
return ($this->loggingMode === BVFWConfig::LOGGING_MODE_DISABLED);
|
115 |
+
}
|
116 |
+
}
|
117 |
+
endif;
|
protect/fw/fw.php
ADDED
@@ -0,0 +1,347 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
|
4 |
+
if (!class_exists('BVFW')) :
|
5 |
+
|
6 |
+
class BVFW {
|
7 |
+
public $bvinfo;
|
8 |
+
public $request;
|
9 |
+
public $config;
|
10 |
+
public $ipstore;
|
11 |
+
public $category;
|
12 |
+
public $logger;
|
13 |
+
|
14 |
+
const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
|
15 |
+
@@HOSTNAME|
|
16 |
+
ALTER|ANALYZE|ASENSITIVE|
|
17 |
+
BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
|
18 |
+
CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
|
19 |
+
DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
|
20 |
+
EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
|
21 |
+
FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
|
22 |
+
GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
|
23 |
+
IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
|
24 |
+
JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
|
25 |
+
MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
|
26 |
+
NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
|
27 |
+
PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
|
28 |
+
RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
|
29 |
+
SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
|
30 |
+
TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
|
31 |
+
UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
|
32 |
+
VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
|
33 |
+
|
34 |
+
const XSSREGEX = '/(?:
|
35 |
+
#tags
|
36 |
+
(?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
|
37 |
+
#protocols
|
38 |
+
(?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
|
39 |
+
#css expression
|
40 |
+
(?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
|
41 |
+
#css properties
|
42 |
+
(?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
|
43 |
+
#properties
|
44 |
+
(?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
|
45 |
+
)/ix';
|
46 |
+
|
47 |
+
const BYPASS_COOKIE = "bvfw-bypass-cookie";
|
48 |
+
const IP_COOKIE = "bvfw-ip-cookie";
|
49 |
+
|
50 |
+
public function __construct($logger, $confHash, $ip, $bvinfo, $ipstore) {
|
51 |
+
$this->config = new BVFWConfig($confHash);
|
52 |
+
$this->request = new BVWPRequest($ip);
|
53 |
+
$this->bvinfo = $bvinfo;
|
54 |
+
$this->ipstore = $ipstore;
|
55 |
+
$this->logger = $logger;
|
56 |
+
}
|
57 |
+
|
58 |
+
public function setcookie($name, $value, $expire) {
|
59 |
+
$path = $this->config->cookiePath;
|
60 |
+
$cookie_domain = $this->config->cookieDomain;
|
61 |
+
|
62 |
+
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
63 |
+
$secure = function_exists('is_ssl') ? is_ssl() : false;
|
64 |
+
@setcookie($name, $value, $expire, $path, $cookie_domain, $secure, true);
|
65 |
+
} else {
|
66 |
+
@setcookie($name, $value, $expire, $path);
|
67 |
+
}
|
68 |
+
}
|
69 |
+
|
70 |
+
public function setBypassCookie() {
|
71 |
+
if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
|
72 |
+
$roleLevel = $this->getCurrentRoleLevel();
|
73 |
+
$bypassLevel = $this->config->bypassLevel;
|
74 |
+
if ($roleLevel >= $bypassLevel) {
|
75 |
+
$cookie = $this->generateBypassCookie();
|
76 |
+
$this->setcookie(BVFW::BYPASS_COOKIE, $cookie, time() + 43200);
|
77 |
+
}
|
78 |
+
}
|
79 |
+
}
|
80 |
+
|
81 |
+
public function generateBypassCookie() {
|
82 |
+
$time = floor(time() / 43200);
|
83 |
+
$bypassLevel = $this->config->bypassLevel;
|
84 |
+
$cookiekey = $this->config->cookieKey;
|
85 |
+
return sha1($bypassLevel.$time.$cookiekey);
|
86 |
+
}
|
87 |
+
|
88 |
+
public function hasValidBypassCookie() {
|
89 |
+
$cookie = (string) $this->request->getCookies(BVFW::BYPASS_COOKIE);
|
90 |
+
return ($this->canSetAdminCookie() && ($cookie === $this->generateBypassCookie()));
|
91 |
+
}
|
92 |
+
|
93 |
+
public function setIPCookie() {
|
94 |
+
if (!$this->request->getCookies(BVFW::IP_COOKIE)) {
|
95 |
+
$ip = $this->request->getIP();
|
96 |
+
$cookiekey = $this->config->cookieKey;
|
97 |
+
$time = floor(time() / 86400);
|
98 |
+
$cookie = sha1($ip.$time.$cookiekey);
|
99 |
+
$this->setcookie(BVFW::IP_COOKIE, $cookie, time() + 86400);
|
100 |
+
}
|
101 |
+
}
|
102 |
+
|
103 |
+
public function getBVCookies() {
|
104 |
+
$cookies = array();
|
105 |
+
if ($this->request->getCookies(BVFW::IP_COOKIE) !== NULL) {
|
106 |
+
$cookies[BVFW::IP_COOKIE] = (string) $this->request->getCookies(BVFW::IP_COOKIE);
|
107 |
+
}
|
108 |
+
return $cookies;
|
109 |
+
}
|
110 |
+
|
111 |
+
public function getCurrentRoleLevel() {
|
112 |
+
if (function_exists('current_user_can')) {
|
113 |
+
if (function_exists('is_super_admin') && is_super_admin()) {
|
114 |
+
return BVFWConfig::ROLE_LEVEL_ADMIN;
|
115 |
+
}
|
116 |
+
foreach ($this->config->customRoles as $role) {
|
117 |
+
if (current_user_can($role)) {
|
118 |
+
return BVFWConfig::ROLE_LEVEL_CUSTOM;
|
119 |
+
}
|
120 |
+
}
|
121 |
+
foreach (BVFWConfig::$roleLevels as $role => $level) {
|
122 |
+
if (current_user_can($role)) {
|
123 |
+
return $level;
|
124 |
+
}
|
125 |
+
}
|
126 |
+
}
|
127 |
+
return 0;
|
128 |
+
}
|
129 |
+
|
130 |
+
public function isActive() {
|
131 |
+
return $this->config->isActive();
|
132 |
+
}
|
133 |
+
public function canSetAdminCookie() {
|
134 |
+
return ($this->config->adminCookieMode === BVFWConfig::ADMIN_COOKIE_MODE_ENABLED);
|
135 |
+
}
|
136 |
+
|
137 |
+
public function canSetIPCookie() {
|
138 |
+
return ($this->config->ipCookieMode === BVFWConfig::IP_COOKIE_MODE_ENABLED);
|
139 |
+
}
|
140 |
+
|
141 |
+
public function setResponseCode() {
|
142 |
+
if (!function_exists('http_response_code')) {
|
143 |
+
return false;
|
144 |
+
}
|
145 |
+
|
146 |
+
$this->request->setRespCode(http_response_code());
|
147 |
+
return true;
|
148 |
+
}
|
149 |
+
|
150 |
+
public function canLog() {
|
151 |
+
$canlog = false;
|
152 |
+
|
153 |
+
if ($this->config->isCompleteLoggingEnabled()) {
|
154 |
+
$canlog = true;
|
155 |
+
} else if ($this->config->isVisitorLoggingEnabled()) {
|
156 |
+
$canlog = !$this->hasValidBypassCookie() &&
|
157 |
+
(!function_exists('is_user_logged_in') || !is_user_logged_in());
|
158 |
+
}
|
159 |
+
return $canlog;
|
160 |
+
}
|
161 |
+
|
162 |
+
public function log() {
|
163 |
+
if ($this->canLog()) {
|
164 |
+
$this->setResponseCode();
|
165 |
+
$this->logger->log($this->request->getDataToLog());
|
166 |
+
}
|
167 |
+
}
|
168 |
+
|
169 |
+
public function terminateRequest($category = BVWPRequest::NORMAL) {
|
170 |
+
$this->request->setCategory($category);
|
171 |
+
$this->request->setStatus(BVWPRequest::BLOCKED);
|
172 |
+
$this->request->setRespCode(403);
|
173 |
+
header("Cache-Control: no-cache, no-store, must-revalidate");
|
174 |
+
header("Pragma: no-cache");
|
175 |
+
header("Expires: 0");
|
176 |
+
header('HTTP/1.0 403 Forbidden');
|
177 |
+
$brandname = $this->bvinfo->getBrandName().' Firewall';
|
178 |
+
die("
|
179 |
+
<div style='height: 98vh;'>
|
180 |
+
<div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
|
181 |
+
<div><p>$brandname</p></div>
|
182 |
+
<p>Blocked because of Malicious Activities</p>
|
183 |
+
</div>
|
184 |
+
</div>
|
185 |
+
");
|
186 |
+
}
|
187 |
+
|
188 |
+
public function isBlacklistedIP() {
|
189 |
+
return $this->ipstore->isFWIPBlacklisted($this->request->getIP());
|
190 |
+
}
|
191 |
+
|
192 |
+
public function isWhitelistedIP() {
|
193 |
+
return $this->ipstore->isFWIPWhitelisted($this->request->getIP());
|
194 |
+
}
|
195 |
+
|
196 |
+
public function canBypassFirewall() {
|
197 |
+
if ($this->isWhitelistedIP() || $this->hasValidBypassCookie()) {
|
198 |
+
$this->request->setCategory(BVWPRequest::WHITELISTED);
|
199 |
+
$this->request->setStatus(BVWPRequest::BYPASSED);
|
200 |
+
return true;
|
201 |
+
}
|
202 |
+
return false;
|
203 |
+
}
|
204 |
+
|
205 |
+
public function execute() {
|
206 |
+
if ($this->config->canProfileReqInfo()) {
|
207 |
+
$result = array();
|
208 |
+
|
209 |
+
if ($this->request->getMethod() === 'POST' &&
|
210 |
+
preg_match('/(admin-ajax.php|admin-post.php)$/', $this->request->getPath())) {
|
211 |
+
$result += $this->profileRequestInfo(array("action" => $this->request->getBody('action')),
|
212 |
+
true, 'BODY[');
|
213 |
+
}
|
214 |
+
$result += $this->profileRequestInfo($this->request->getBody(),
|
215 |
+
$this->config->isReqProfilingModeDebug(), 'BODY[');
|
216 |
+
$result += $this->profileRequestInfo($this->request->getQueryString(),
|
217 |
+
true, 'GET[');
|
218 |
+
$result += $this->profileRequestInfo($this->request->getFiles(),
|
219 |
+
true, 'FILES[');
|
220 |
+
$result += $this->profileRequestInfo($this->getBVCookies(),
|
221 |
+
true, 'COOKIES[');
|
222 |
+
$this->request->updateReqInfo($result);
|
223 |
+
}
|
224 |
+
|
225 |
+
if (!$this->canBypassFirewall() && $this->config->isProtecting()) {
|
226 |
+
if ($this->isBlacklistedIP()) {
|
227 |
+
$this->terminateRequest(BVWPRequest::BLACKLISTED);
|
228 |
+
}
|
229 |
+
}
|
230 |
+
}
|
231 |
+
|
232 |
+
public function matchCount($pattern, $subject) {
|
233 |
+
$count = 0;
|
234 |
+
if (is_array($subject)) {
|
235 |
+
foreach ($subject as $val) {
|
236 |
+
$count += $this->matchCount($pattern, $val);
|
237 |
+
}
|
238 |
+
return $count;
|
239 |
+
} else {
|
240 |
+
$count = preg_match_all((string) $pattern, (string) $subject, $matches);
|
241 |
+
return ($count === false ? 0 : $count);
|
242 |
+
}
|
243 |
+
}
|
244 |
+
|
245 |
+
public function getLength($val) {
|
246 |
+
$length = 0;
|
247 |
+
if (is_array($val)) {
|
248 |
+
foreach ($val as $v) {
|
249 |
+
$length += $this->getLength($v);
|
250 |
+
}
|
251 |
+
return $length;
|
252 |
+
} else {
|
253 |
+
return strlen((string) $val);
|
254 |
+
}
|
255 |
+
}
|
256 |
+
|
257 |
+
public function profileRequestInfo($params, $debug = false, $prefix = '', $obraces = 1) {
|
258 |
+
$result = array();
|
259 |
+
if (is_array($params)) {
|
260 |
+
foreach ($params as $key => $value) {
|
261 |
+
$key = $prefix . $key;
|
262 |
+
if (is_array($value)) {
|
263 |
+
$result = $result + $this->profileRequestInfo($value, $debug, $key . '[', $obraces + 1);
|
264 |
+
} else {
|
265 |
+
$key = $key . str_repeat(']', $obraces);
|
266 |
+
$result[$key] = array();
|
267 |
+
$valsize = $this->getLength($value);
|
268 |
+
$result[$key]["size"] = $valsize;
|
269 |
+
if ($debug === true && $valsize < 256) {
|
270 |
+
$result[$key]["value"] = $value;
|
271 |
+
continue;
|
272 |
+
}
|
273 |
+
|
274 |
+
if (preg_match('/^\d+$/', $value)) {
|
275 |
+
$result[$key]["numeric"] = true;
|
276 |
+
} else if (preg_match('/^\w+$/', $value)) {
|
277 |
+
$result[$key]["regular_word"] = true;
|
278 |
+
} else if (preg_match('/^\S+$/', $value)) {
|
279 |
+
$result[$key]["special_word"] = true;
|
280 |
+
} else if (preg_match('/^[\w\s]+$/', $value)) {
|
281 |
+
$result[$key]["regular_sentence"] = true;
|
282 |
+
} else if (preg_match('/^[\w\W]+$/', $value)) {
|
283 |
+
$result[$key]["special_chars_sentence"] = true;
|
284 |
+
}
|
285 |
+
|
286 |
+
if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
|
287 |
+
(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
|
288 |
+
$result[$key]["ipv4"] = true;
|
289 |
+
} else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
|
290 |
+
(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
|
291 |
+
$result[$key]["embeded_ipv4"] = true;
|
292 |
+
} else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
|
293 |
+
([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
|
294 |
+
([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
|
295 |
+
(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
|
296 |
+
([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
|
297 |
+
:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
|
298 |
+
::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
|
299 |
+
(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
|
300 |
+
(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
|
301 |
+
$result[$key]["ipv6"] = true;
|
302 |
+
} else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
|
303 |
+
([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
|
304 |
+
([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
|
305 |
+
(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
|
306 |
+
([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
|
307 |
+
:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
|
308 |
+
::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
|
309 |
+
(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
|
310 |
+
(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
|
311 |
+
$result[$key]["embeded_ipv6"] = true;
|
312 |
+
}
|
313 |
+
|
314 |
+
if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
|
315 |
+
$result[$key]["email"] = true;
|
316 |
+
} else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
|
317 |
+
$result[$key]["embeded_email"] = true;
|
318 |
+
}
|
319 |
+
|
320 |
+
if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
|
321 |
+
$result[$key]["link"] = true;
|
322 |
+
} else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
|
323 |
+
$result[$key]["embeded_link"] = true;
|
324 |
+
}
|
325 |
+
|
326 |
+
if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
|
327 |
+
iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
|
328 |
+
select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
|
329 |
+
script|noscript|template|slot|canvas)/ix', $value)) {
|
330 |
+
$result[$key]["embeded_html"] = true;
|
331 |
+
}
|
332 |
+
|
333 |
+
if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
|
334 |
+
xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
|
335 |
+
$result[$key]["file"] = true;
|
336 |
+
}
|
337 |
+
|
338 |
+
if ($this->matchCount(BVFW::SQLIREGEX, $value) >= 2) {
|
339 |
+
$result[$key]["sql"] = true;
|
340 |
+
}
|
341 |
+
}
|
342 |
+
}
|
343 |
+
}
|
344 |
+
return $result;
|
345 |
+
}
|
346 |
+
}
|
347 |
+
endif;
|
protect/{wp_fw → fw}/request.php
RENAMED
@@ -1,7 +1,8 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVWPRequest')) :
|
|
|
5 |
class BVWPRequest {
|
6 |
private $fileNames;
|
7 |
private $files;
|
@@ -43,13 +44,13 @@ class BVWPRequest {
|
|
43 |
$this->setCategory(BVWPRequest::NORMAL);
|
44 |
$this->setStatus(BVWpRequest::ALLOWED);
|
45 |
$this->setTimestamp(time());
|
46 |
-
$this->setQueryString(
|
47 |
-
$this->setCookies(
|
48 |
-
$this->setBody(
|
49 |
-
$this->setFiles(
|
50 |
if (!empty($_FILES)) {
|
51 |
foreach ($_FILES as $input => $file) {
|
52 |
-
$fileNames[$input] =
|
53 |
}
|
54 |
}
|
55 |
$this->setFileNames($fileNames);
|
@@ -60,30 +61,30 @@ class BVWPRequest {
|
|
60 |
$header = str_replace(array(' ', '_'), array('', ' '), $header);
|
61 |
$header = ucwords(strtolower($header));
|
62 |
$header = str_replace(' ', '-', $header);
|
63 |
-
$headers[$header] =
|
64 |
}
|
65 |
}
|
66 |
if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
|
67 |
-
$headers['Content-Type'] =
|
68 |
}
|
69 |
if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
|
70 |
-
$headers['Content-Length'] =
|
71 |
}
|
72 |
if (array_key_exists('REFERER', $_SERVER)) {
|
73 |
-
$headers['Referer'] =
|
74 |
}
|
75 |
if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
|
76 |
-
$headers['User-Agent'] =
|
77 |
}
|
78 |
|
79 |
if (array_key_exists('Host', $headers)) {
|
80 |
$host = $headers['Host'];
|
81 |
} else if (array_key_exists('SERVER_NAME', $_SERVER)) {
|
82 |
-
$host =
|
83 |
}
|
84 |
|
85 |
-
$method = array_key_exists('REQUEST_METHOD', $_SERVER) ?
|
86 |
-
$uri = array_key_exists('REQUEST_URI', $_SERVER) ?
|
87 |
$_uri = parse_url($uri);
|
88 |
$path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
|
89 |
}
|
@@ -180,27 +181,20 @@ class BVWPRequest {
|
|
180 |
return $this->category;
|
181 |
}
|
182 |
|
183 |
-
public function captureRespCode($status_header) {
|
184 |
-
if (preg_match('/HTTP\/(\\d\\.\\d)\\s*(\\d+)\\s*(.*)/', $status_header, $tokens)) {
|
185 |
-
$this->setRespCode(intval($tokens[2]));
|
186 |
-
}
|
187 |
-
return $status_header;
|
188 |
-
}
|
189 |
-
|
190 |
public function getDataToLog() {
|
191 |
$referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
|
192 |
$user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
|
193 |
-
$rules_info =
|
194 |
-
$req_info =
|
195 |
if (strlen($req_info) > 16000) {
|
196 |
-
$req_info =
|
197 |
if (strlen($req_info) > 16000) {
|
198 |
-
$req_info =
|
199 |
}
|
200 |
}
|
201 |
$data = array(
|
202 |
"path" => $this->getPath(),
|
203 |
-
"filenames" =>
|
204 |
"host" => $this->getHost(),
|
205 |
"time" => $this->getTimeStamp(),
|
206 |
"ip" => $this->getIP(),
|
@@ -304,21 +298,5 @@ class BVWPRequest {
|
|
304 |
public function getTimestamp() {
|
305 |
return $this->timestamp;
|
306 |
}
|
307 |
-
|
308 |
-
public static function removeMagicQuotes($value) {
|
309 |
-
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
|
310 |
-
return BVWPRequest::removeSlashesRecursively($value);
|
311 |
-
}
|
312 |
-
return $value;
|
313 |
-
}
|
314 |
-
|
315 |
-
public static function removeSlashesRecursively($value) {
|
316 |
-
if (is_array($value)) {
|
317 |
-
$value = array_map(array('self', 'removeSlashesRecursively',), $value);
|
318 |
-
} else if (is_string($value)) {
|
319 |
-
$value = stripslashes($value);
|
320 |
-
}
|
321 |
-
return $value;
|
322 |
-
}
|
323 |
}
|
324 |
-
endif;
|
1 |
<?php
|
2 |
|
3 |
+
if (! (defined('ABSPATH') || defined('MCDATAPATH')) ) exit;
|
4 |
if (!class_exists('BVWPRequest')) :
|
5 |
+
|
6 |
class BVWPRequest {
|
7 |
private $fileNames;
|
8 |
private $files;
|
44 |
$this->setCategory(BVWPRequest::NORMAL);
|
45 |
$this->setStatus(BVWpRequest::ALLOWED);
|
46 |
$this->setTimestamp(time());
|
47 |
+
$this->setQueryString($_GET);
|
48 |
+
$this->setCookies($_COOKIE);
|
49 |
+
$this->setBody($_POST);
|
50 |
+
$this->setFiles($_FILES);
|
51 |
if (!empty($_FILES)) {
|
52 |
foreach ($_FILES as $input => $file) {
|
53 |
+
$fileNames[$input] = $file['name'];
|
54 |
}
|
55 |
}
|
56 |
$this->setFileNames($fileNames);
|
61 |
$header = str_replace(array(' ', '_'), array('', ' '), $header);
|
62 |
$header = ucwords(strtolower($header));
|
63 |
$header = str_replace(' ', '-', $header);
|
64 |
+
$headers[$header] = $value;
|
65 |
}
|
66 |
}
|
67 |
if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
|
68 |
+
$headers['Content-Type'] = $_SERVER['CONTENT_TYPE'];
|
69 |
}
|
70 |
if (array_key_exists('CONTENT_LENGTH', $_SERVER)) {
|
71 |
+
$headers['Content-Length'] = $_SERVER['CONTENT_LENGTH'];
|
72 |
}
|
73 |
if (array_key_exists('REFERER', $_SERVER)) {
|
74 |
+
$headers['Referer'] = $_SERVER['REFERER'];
|
75 |
}
|
76 |
if (array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
|
77 |
+
$headers['User-Agent'] = $_SERVER['HTTP_USER_AGENT'];
|
78 |
}
|
79 |
|
80 |
if (array_key_exists('Host', $headers)) {
|
81 |
$host = $headers['Host'];
|
82 |
} else if (array_key_exists('SERVER_NAME', $_SERVER)) {
|
83 |
+
$host = $_SERVER['SERVER_NAME'];
|
84 |
}
|
85 |
|
86 |
+
$method = array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET';
|
87 |
+
$uri = array_key_exists('REQUEST_URI', $_SERVER) ? $_SERVER['REQUEST_URI'] : '';
|
88 |
$_uri = parse_url($uri);
|
89 |
$path = (is_array($_uri) && array_key_exists('path', $_uri)) ? $_uri['path'] : $uri;
|
90 |
}
|
181 |
return $this->category;
|
182 |
}
|
183 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
184 |
public function getDataToLog() {
|
185 |
$referer = $this->getHeader('Referer') ? $this->getHeader('Referer') : '';
|
186 |
$user_agent = $this->getHeader('User-Agent') ? $this->getHeader('User-Agent') : '';
|
187 |
+
$rules_info = serialize($this->getRulesInfo());
|
188 |
+
$req_info = serialize($this->getReqInfo());
|
189 |
if (strlen($req_info) > 16000) {
|
190 |
+
$req_info = serialize(array("keys" => array_keys($this->getReqInfo())));
|
191 |
if (strlen($req_info) > 16000) {
|
192 |
+
$req_info = serialize(array("bv_over_size" => true));
|
193 |
}
|
194 |
}
|
195 |
$data = array(
|
196 |
"path" => $this->getPath(),
|
197 |
+
"filenames" => serialize($this->getFileNames()),
|
198 |
"host" => $this->getHost(),
|
199 |
"time" => $this->getTimeStamp(),
|
200 |
"ip" => $this->getIP(),
|
298 |
public function getTimestamp() {
|
299 |
return $this->timestamp;
|
300 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
301 |
}
|
302 |
+
endif;
|
protect/prepend/ignitor.php
ADDED
@@ -0,0 +1,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('MCDATAPATH')) exit;
|
3 |
+
|
4 |
+
if (defined('MCCONFKEY')) {
|
5 |
+
require_once dirname( __FILE__ ) . '/protect.php';
|
6 |
+
|
7 |
+
$mcProtect = new BVPrependProtect();
|
8 |
+
$mcProtect->run();
|
9 |
+
}
|
protect/prepend/info.php
ADDED
@@ -0,0 +1,17 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('MCDATAPATH')) exit;
|
3 |
+
|
4 |
+
if (!class_exists('BVPrependInfo')) :
|
5 |
+
class BVPrependInfo {
|
6 |
+
public $brandName;
|
7 |
+
|
8 |
+
function __construct($brand) {
|
9 |
+
$this->brandName = $brand;
|
10 |
+
}
|
11 |
+
|
12 |
+
public function getBrandName() {
|
13 |
+
return $this->brandName;
|
14 |
+
}
|
15 |
+
|
16 |
+
}
|
17 |
+
endif;
|
protect/prepend/ipstore.php
ADDED
@@ -0,0 +1,49 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('MCDATAPATH')) exit;
|
3 |
+
|
4 |
+
if (!class_exists('BVPrependIPStore')) :
|
5 |
+
class BVPrependIPStore {
|
6 |
+
public $whitelistedIPs;
|
7 |
+
public $blacklistedIPs;
|
8 |
+
|
9 |
+
#TYPE
|
10 |
+
const BLACKLISTED = 1;
|
11 |
+
const WHITELISTED = 2;
|
12 |
+
|
13 |
+
#CATEGORY
|
14 |
+
const FW = 3;
|
15 |
+
|
16 |
+
function __construct($confHash) {
|
17 |
+
$this->whitelistedIPs = array_key_exists('whitelisted', $confHash) ? $confHash['whitelisted'] : array();
|
18 |
+
$this->blacklistedIPs = array_key_exists('blacklisted', $confHash) ? $confHash['blacklisted'] : array();
|
19 |
+
}
|
20 |
+
|
21 |
+
public function isFWIPBlacklisted($ip) {
|
22 |
+
return $this->checkIPPresent($ip, BVPrependIPStore::BLACKLISTED);
|
23 |
+
}
|
24 |
+
|
25 |
+
public function isFWIPWhitelisted($ip) {
|
26 |
+
return $this->checkIPPresent($ip, BVPrependIPStore::WHITELISTED);
|
27 |
+
}
|
28 |
+
|
29 |
+
public function checkIPPresent($ip, $type) {
|
30 |
+
$flag = false;
|
31 |
+
|
32 |
+
switch($type) {
|
33 |
+
|
34 |
+
case BVPrependIPStore::BLACKLISTED:
|
35 |
+
if (isset($this->blacklistedIPs[$ip]))
|
36 |
+
$flag = true;
|
37 |
+
break;
|
38 |
+
|
39 |
+
case BVPrependIPStore::WHITELISTED:
|
40 |
+
if (isset($this->whitelistedIPs[$ip]))
|
41 |
+
$flag = true;
|
42 |
+
break;
|
43 |
+
}
|
44 |
+
|
45 |
+
return $flag;
|
46 |
+
}
|
47 |
+
|
48 |
+
}
|
49 |
+
endif;
|
protect/prepend/logger.php
ADDED
@@ -0,0 +1,20 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('MCDATAPATH')) exit;
|
3 |
+
|
4 |
+
if (!class_exists('BVPrependLogger')) :
|
5 |
+
class BVPrependLogger {
|
6 |
+
public $logFile;
|
7 |
+
|
8 |
+
function __construct() {
|
9 |
+
$this->logFile = MCDATAPATH . MCCONFKEY . '-mc.log';
|
10 |
+
}
|
11 |
+
|
12 |
+
public function log($data) {
|
13 |
+
$_data = serialize($data);
|
14 |
+
$str = "bvlogbvlogbvlog" . ":";
|
15 |
+
$str .= strlen($_data) . ":" . $_data;
|
16 |
+
error_log($str, 3, $this->logFile);
|
17 |
+
}
|
18 |
+
|
19 |
+
}
|
20 |
+
endif;
|
protect/prepend/protect.php
ADDED
@@ -0,0 +1,76 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('MCDATAPATH')) exit;
|
3 |
+
|
4 |
+
if (!class_exists('BVPrependProtect')) :
|
5 |
+
|
6 |
+
require_once dirname( __FILE__ ) . '/../base.php';
|
7 |
+
require_once dirname( __FILE__ ) . '/../fw/fw.php';
|
8 |
+
require_once dirname( __FILE__ ) . '/../fw/request.php';
|
9 |
+
require_once dirname( __FILE__ ) . '/../fw/config.php';
|
10 |
+
require_once dirname( __FILE__ ) . '/info.php';
|
11 |
+
require_once dirname( __FILE__ ) . '/ipstore.php';
|
12 |
+
require_once dirname( __FILE__ ) . '/logger.php';
|
13 |
+
|
14 |
+
class BVPrependProtect {
|
15 |
+
public $mcConfFile;
|
16 |
+
public $mcIPsFile;
|
17 |
+
|
18 |
+
function __construct() {
|
19 |
+
$this->mcConfFile = MCDATAPATH . MCCONFKEY . '-' . 'mc.conf';
|
20 |
+
$this->mcIPsFile = MCDATAPATH . MCCONFKEY . '-' . 'mc_ips.conf';
|
21 |
+
}
|
22 |
+
|
23 |
+
public function parseFile($fname) {
|
24 |
+
$result = array();
|
25 |
+
|
26 |
+
if (file_exists($fname)) {
|
27 |
+
$content = file_get_contents($fname);
|
28 |
+
if (($content !== false) && is_string($content)) {
|
29 |
+
$result = json_decode($content, true);
|
30 |
+
}
|
31 |
+
}
|
32 |
+
|
33 |
+
return $result;
|
34 |
+
}
|
35 |
+
|
36 |
+
public function run() {
|
37 |
+
$mcConf = $this->parseFile($this->mcConfFile);
|
38 |
+
$mcIPsConf = $this->parseFile($this->mcIPsFile);
|
39 |
+
|
40 |
+
if (!array_key_exists('time', $mcConf) || !isset($mcConf['time']) || !($mcConf['time'] > time() - (48*3600))) {
|
41 |
+
return false;
|
42 |
+
}
|
43 |
+
|
44 |
+
if (empty($mcConf) || empty($mcIPsConf)) {
|
45 |
+
return false;
|
46 |
+
}
|
47 |
+
|
48 |
+
$brand = array_key_exists('brandname', $mcConf) ? $mcConf['brandname'] : "Protect";
|
49 |
+
$bvinfo = new BVPrependInfo($brand);
|
50 |
+
$bvipstore = new BVPrependIPStore($mcIPsConf);
|
51 |
+
|
52 |
+
$ipHeader = array_key_exists('ipheader', $mcConf) ? $mcConf['ipheader'] : false;
|
53 |
+
$ip = BVProtectBase::getIP($ipHeader);
|
54 |
+
|
55 |
+
$fwlogger = new BVPrependLogger();
|
56 |
+
|
57 |
+
$fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
|
58 |
+
$fw = new BVFW($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore);
|
59 |
+
|
60 |
+
if ($fw->isActive()) {
|
61 |
+
|
62 |
+
if ($fw->canSetIPCookie()) {
|
63 |
+
$fw->setIPCookie();
|
64 |
+
}
|
65 |
+
|
66 |
+
register_shutdown_function(array($fw, 'log'));
|
67 |
+
|
68 |
+
$fw->execute();
|
69 |
+
define('MCFWLOADED', true);
|
70 |
+
}
|
71 |
+
|
72 |
+
return true;
|
73 |
+
}
|
74 |
+
|
75 |
+
}
|
76 |
+
endif;
|
protect/protect.php
DELETED
@@ -1,58 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
if (!defined('ABSPATH')) exit;
|
3 |
-
if (!class_exists('BVProtect')) :
|
4 |
-
|
5 |
-
require_once dirname( __FILE__ ) . '/logger.php';
|
6 |
-
require_once dirname( __FILE__ ) . '/ipstore.php';
|
7 |
-
require_once dirname( __FILE__ ) . '/wp_fw/fw.php';
|
8 |
-
require_once dirname( __FILE__ ) . '/wp_lp/lp.php';
|
9 |
-
|
10 |
-
class BVProtect {
|
11 |
-
public $db;
|
12 |
-
public $settings;
|
13 |
-
|
14 |
-
function __construct($db, $settings) {
|
15 |
-
$this->settings = $settings;
|
16 |
-
$this->db = $db;
|
17 |
-
}
|
18 |
-
|
19 |
-
public function init() {
|
20 |
-
$bvipstore = new BVIPStore($this->db);
|
21 |
-
$bvipstore->init();
|
22 |
-
$ip = $this->getIP();
|
23 |
-
$fw = new BVWPFW($this->db, $this->settings, $ip, $bvipstore);
|
24 |
-
if ($fw->config->isActive()) {
|
25 |
-
$fw->init();
|
26 |
-
$fw->execute();
|
27 |
-
}
|
28 |
-
add_action('clear_fw_config', array($fw->config, 'clear'));
|
29 |
-
$lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore);
|
30 |
-
if ($lp->isActive()) {
|
31 |
-
$lp->init();
|
32 |
-
}
|
33 |
-
add_action('clear_lp_config', array($lp->config, 'clear'));
|
34 |
-
}
|
35 |
-
|
36 |
-
public function getIP() {
|
37 |
-
$ip = '127.0.0.1';
|
38 |
-
$bvinfo = new WPRInfo($this->settings);
|
39 |
-
if (($ipHeader = $this->settings->getOption($bvinfo->ip_header_option)) && is_array($ipHeader)) {
|
40 |
-
if (array_key_exists($ipHeader['hdr'], $_SERVER)) {
|
41 |
-
$_ips = preg_split("/(,| |\t)/", $_SERVER[$ipHeader['hdr']]);
|
42 |
-
if (array_key_exists(intval($ipHeader['pos']), $_ips)) {
|
43 |
-
$ip = $_ips[intval($ipHeader['pos'])];
|
44 |
-
}
|
45 |
-
}
|
46 |
-
} else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
|
47 |
-
$ip = $_SERVER['REMOTE_ADDR'];
|
48 |
-
}
|
49 |
-
$ip = trim($ip);
|
50 |
-
if (preg_match('/^\[([0-9a-fA-F:]+)\](:[0-9]+)$/', $ip, $matches)) {
|
51 |
-
$ip = $matches[1];
|
52 |
-
} elseif (preg_match('/^([0-9.]+)(:[0-9]+)$/', $ip, $matches)) {
|
53 |
-
$ip = $matches[1];
|
54 |
-
}
|
55 |
-
return $ip;
|
56 |
-
}
|
57 |
-
}
|
58 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protect/{ipstore.php → wp/ipstore.php}
RENAMED
@@ -76,6 +76,23 @@ if (!class_exists('BVIPStore')) :
|
|
76 |
return false;
|
77 |
}
|
78 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
79 |
public function checkIPPresent($ip, $type, $category) {
|
80 |
$db = $this->db;
|
81 |
$table = $db->getBVTable(BVIPStore::$name);
|
76 |
return false;
|
77 |
}
|
78 |
|
79 |
+
public function isLPIPBlacklisted($ip) {
|
80 |
+
return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
|
81 |
+
}
|
82 |
+
|
83 |
+
public function isLPIPWhitelisted($ip) {
|
84 |
+
return $this->checkIPPresent($ip, BVIPStore::WHITELISTED, BVIPStore::LP);
|
85 |
+
}
|
86 |
+
|
87 |
+
|
88 |
+
public function isFWIPBlacklisted($ip) {
|
89 |
+
return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::FW);
|
90 |
+
}
|
91 |
+
|
92 |
+
public function isFWIPWhitelisted($ip) {
|
93 |
+
return $this->checkIPPresent($ip, BVIPStore::WHITELISTED, BVIPStore::FW);
|
94 |
+
}
|
95 |
+
|
96 |
public function checkIPPresent($ip, $type, $category) {
|
97 |
$db = $this->db;
|
98 |
$table = $db->getBVTable(BVIPStore::$name);
|
protect/{logger.php → wp/logger.php}
RENAMED
File without changes
|
protect/wp/lp/config.php
ADDED
@@ -0,0 +1,25 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
if (!defined('ABSPATH')) exit;
|
4 |
+
if (!class_exists('BVWPLPConfig')) :
|
5 |
+
class BVWPLPConfig {
|
6 |
+
public $mode;
|
7 |
+
public $captchaLimit;
|
8 |
+
public $tempBlockLimit;
|
9 |
+
public $blockAllLimit;
|
10 |
+
|
11 |
+
public static $requests_table = 'lp_requests';
|
12 |
+
|
13 |
+
#mode
|
14 |
+
const DISABLED = 1;
|
15 |
+
const AUDIT = 2;
|
16 |
+
const PROTECT = 3;
|
17 |
+
|
18 |
+
public function __construct($confHash) {
|
19 |
+
$this->mode = array_key_exists('mode', $confHash) ? intval($confHash['mode']) : BVWPLPConfig::DISABLED;
|
20 |
+
$this->captchaLimit = array_key_exists('captchalimit', $confHash) ? intval($confHash['captchalimit']) : 3;
|
21 |
+
$this->tempBlockLimit = array_key_exists('tempblocklimit', $confHash) ? intval($confHash['tempblocklimit']) : 10;
|
22 |
+
$this->blockAllLimit = array_key_exists('blockalllimit', $confHash) ? intval($confHash['blockalllimit']) : 100;
|
23 |
+
}
|
24 |
+
}
|
25 |
+
endif;
|
protect/{wp_lp → wp/lp}/lp.php
RENAMED
@@ -3,7 +3,6 @@
|
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVWPLP')) :
|
5 |
|
6 |
-
require_once dirname( __FILE__ ) . '/config.php';
|
7 |
|
8 |
class BVWPLP {
|
9 |
public $db;
|
@@ -33,11 +32,11 @@ class BVWPLP {
|
|
33 |
const BYPASSED = 6;
|
34 |
const ALLOWED = 7;
|
35 |
|
36 |
-
public function __construct($db, $settings, $ip, $ipstore) {
|
37 |
$this->db = $db;
|
38 |
$this->settings = $settings;
|
39 |
$this->ip = $ip;
|
40 |
-
$this->config = new BVWPLPConfig($
|
41 |
$this->ipstore = $ipstore;
|
42 |
$this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
|
43 |
$this->time = strtotime(date("Y-m-d H:i:s"));
|
@@ -81,15 +80,15 @@ class BVWPLP {
|
|
81 |
}
|
82 |
|
83 |
public function getCaptchaLimit() {
|
84 |
-
return $this->config->
|
85 |
}
|
86 |
|
87 |
public function getTempBlockLimit() {
|
88 |
-
return $this->config->
|
89 |
}
|
90 |
|
91 |
public function getBlockAllLimit() {
|
92 |
-
return $this->config->
|
93 |
}
|
94 |
|
95 |
public function getLoginLogsTable() {
|
@@ -107,7 +106,7 @@ class BVWPLP {
|
|
107 |
|
108 |
public function terminateTemplate() {
|
109 |
$info = new WPRInfo($this->settings);
|
110 |
-
$brandname = $info->getBrandName();
|
111 |
$templates = array (
|
112 |
1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
|
113 |
class='btn btn-default'>Click here</a> to unblock yourself.",
|
@@ -119,7 +118,7 @@ class BVWPLP {
|
|
119 |
return "
|
120 |
<div style='height: 98vh;'>
|
121 |
<div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
|
122 |
-
<div><p><img src=".plugins_url('
|
123 |
.$brandname."</h2></p><div>
|
124 |
<p>" . $templates[$this->getCategory()]. "</p>
|
125 |
</div>
|
@@ -127,19 +126,19 @@ class BVWPLP {
|
|
127 |
}
|
128 |
|
129 |
public function isProtecting() {
|
130 |
-
return ($this->config->
|
131 |
}
|
132 |
|
133 |
public function isActive() {
|
134 |
-
return ($this->config->
|
135 |
}
|
136 |
|
137 |
public function isBlacklistedIP() {
|
138 |
-
return $this->ipstore->
|
139 |
}
|
140 |
|
141 |
public function isWhitelistedIP() {
|
142 |
-
return $this->ipstore->
|
143 |
}
|
144 |
|
145 |
public function isUnBlockedIP() {
|
@@ -239,4 +238,4 @@ class BVWPLP {
|
|
239 |
return intval($rows[0]['count']);
|
240 |
}
|
241 |
}
|
242 |
-
endif;
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
if (!class_exists('BVWPLP')) :
|
5 |
|
|
|
6 |
|
7 |
class BVWPLP {
|
8 |
public $db;
|
32 |
const BYPASSED = 6;
|
33 |
const ALLOWED = 7;
|
34 |
|
35 |
+
public function __construct($db, $settings, $ip, $ipstore, $confHash) {
|
36 |
$this->db = $db;
|
37 |
$this->settings = $settings;
|
38 |
$this->ip = $ip;
|
39 |
+
$this->config = new BVWPLPConfig($confHash);
|
40 |
$this->ipstore = $ipstore;
|
41 |
$this->logger = new BVLogger($db, BVWPLPConfig::$requests_table);
|
42 |
$this->time = strtotime(date("Y-m-d H:i:s"));
|
80 |
}
|
81 |
|
82 |
public function getCaptchaLimit() {
|
83 |
+
return $this->config->captchaLimit;
|
84 |
}
|
85 |
|
86 |
public function getTempBlockLimit() {
|
87 |
+
return $this->config->tempBlockLimit;
|
88 |
}
|
89 |
|
90 |
public function getBlockAllLimit() {
|
91 |
+
return $this->config->blockAllLimit;
|
92 |
}
|
93 |
|
94 |
public function getLoginLogsTable() {
|
106 |
|
107 |
public function terminateTemplate() {
|
108 |
$info = new WPRInfo($this->settings);
|
109 |
+
$brandname = $info->getBrandName().' Firewall';
|
110 |
$templates = array (
|
111 |
1 => "<p>Too many failed attempts, You are barred from logging into this site.</p><a href=".$this->getCaptchaLink()."
|
112 |
class='btn btn-default'>Click here</a> to unblock yourself.",
|
118 |
return "
|
119 |
<div style='height: 98vh;'>
|
120 |
<div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
|
121 |
+
<div><p><img src=".plugins_url('/../../../img/icon.png', __FILE__)."><h2>Login Protection</h2><h3>powered by</h3><h2>"
|
122 |
.$brandname."</h2></p><div>
|
123 |
<p>" . $templates[$this->getCategory()]. "</p>
|
124 |
</div>
|
126 |
}
|
127 |
|
128 |
public function isProtecting() {
|
129 |
+
return ($this->config->mode === BVWPLPConfig::PROTECT);
|
130 |
}
|
131 |
|
132 |
public function isActive() {
|
133 |
+
return ($this->config->mode !== BVWPLPConfig::DISABLED);
|
134 |
}
|
135 |
|
136 |
public function isBlacklistedIP() {
|
137 |
+
return $this->ipstore->isLPIPBlacklisted($this->ip);
|
138 |
}
|
139 |
|
140 |
public function isWhitelistedIP() {
|
141 |
+
return $this->ipstore->isLPIPWhitelisted($this->ip);
|
142 |
}
|
143 |
|
144 |
public function isUnBlockedIP() {
|
238 |
return intval($rows[0]['count']);
|
239 |
}
|
240 |
}
|
241 |
+
endif;
|
protect/wp/protect.php
ADDED
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('ABSPATH')) exit;
|
3 |
+
if (!class_exists('BVProtect')) :
|
4 |
+
|
5 |
+
require_once dirname( __FILE__ ) . '/../base.php';
|
6 |
+
require_once dirname( __FILE__ ) . '/logger.php';
|
7 |
+
require_once dirname( __FILE__ ) . '/ipstore.php';
|
8 |
+
require_once dirname( __FILE__ ) . '/../fw/fw.php';
|
9 |
+
require_once dirname( __FILE__ ) . '/../fw/config.php';
|
10 |
+
require_once dirname( __FILE__ ) . '/../fw/request.php';
|
11 |
+
require_once dirname( __FILE__ ) . '/lp/lp.php';
|
12 |
+
require_once dirname( __FILE__ ) . '/lp/config.php';
|
13 |
+
|
14 |
+
class BVProtect {
|
15 |
+
public $db;
|
16 |
+
public $settings;
|
17 |
+
|
18 |
+
function __construct($db, $settings) {
|
19 |
+
$this->settings = $settings;
|
20 |
+
$this->db = $db;
|
21 |
+
}
|
22 |
+
|
23 |
+
public function run() {
|
24 |
+
$bvipstore = new BVIPStore($this->db);
|
25 |
+
$bvipstore->init();
|
26 |
+
$bvinfo = new WPRInfo($this->settings);
|
27 |
+
|
28 |
+
$config = $this->settings->getOption('bvptconf');
|
29 |
+
if (!$config) {
|
30 |
+
$config = array();
|
31 |
+
}
|
32 |
+
|
33 |
+
$ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
|
34 |
+
$ip = BVProtectBase::getIP($ipHeader);
|
35 |
+
|
36 |
+
$fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
|
37 |
+
|
38 |
+
$fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
|
39 |
+
$fw = new BVFW($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore);
|
40 |
+
|
41 |
+
if ($fw->isActive()) {
|
42 |
+
|
43 |
+
if ($fw->canSetAdminCookie()) {
|
44 |
+
add_action('init', array($fw, 'setBypassCookie'));
|
45 |
+
}
|
46 |
+
|
47 |
+
if (!defined('MCFWLOADED') && $fw->canSetIPCookie()) {
|
48 |
+
$fw->setIPCookie();
|
49 |
+
}
|
50 |
+
|
51 |
+
if (!defined('MCFWLOADED')) {
|
52 |
+
register_shutdown_function(array($fw, 'log'));
|
53 |
+
|
54 |
+
$fw->execute();
|
55 |
+
}
|
56 |
+
}
|
57 |
+
|
58 |
+
add_action('clear_pt_config', array($this, 'uninstall'));
|
59 |
+
|
60 |
+
$lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
|
61 |
+
$lp = new BVWPLP($this->db, $this->settings, $ip, $bvipstore, $lpConfHash);
|
62 |
+
if ($lp->isActive()) {
|
63 |
+
$lp->init();
|
64 |
+
}
|
65 |
+
}
|
66 |
+
|
67 |
+
public function uninstall() {
|
68 |
+
$this->settings->deleteOption('bvptconf');
|
69 |
+
$this->db->dropBVTable(BVFWConfig::$requests_table);
|
70 |
+
$this->db->dropBVTable(BVWPLPConfig::$requests_table);
|
71 |
+
$this->settings->deleteOption('bvptplug');
|
72 |
+
return true;
|
73 |
+
}
|
74 |
+
}
|
75 |
+
endif;
|
protect/wp_fw/config.php
DELETED
@@ -1,251 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('BVWPFWConfig')) :
|
5 |
-
class BVWPFWConfig {
|
6 |
-
public $db;
|
7 |
-
public $settings;
|
8 |
-
public static $requests_table = 'fw_requests';
|
9 |
-
public static $allRules = array(108, 112, 114, 115, 132, 133, 145, 146, 155, 156, 165, 167, 168, 169, 171, 172, 173, 174, 175, 176, 177, 178);
|
10 |
-
public static $roleLevels = array(
|
11 |
-
'administrator' => BVWPFWConfig::ROLE_LEVEL_ADMIN,
|
12 |
-
'editor' => BVWPFWConfig::ROLE_LEVEL_EDITOR,
|
13 |
-
'author' => BVWPFWConfig::ROLE_LEVEL_AUTHOR,
|
14 |
-
'contributor' => BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR,
|
15 |
-
'subscriber' => BVWPFWConfig::ROLE_LEVEL_SUBSCRIBER
|
16 |
-
);
|
17 |
-
|
18 |
-
function __construct($db, $settings) {
|
19 |
-
$this->db = $db;
|
20 |
-
$this->settings = $settings;
|
21 |
-
}
|
22 |
-
|
23 |
-
#mode
|
24 |
-
const DISABLED = 1;
|
25 |
-
const AUDIT = 2;
|
26 |
-
const PROTECT = 3;
|
27 |
-
|
28 |
-
#Rule Mode
|
29 |
-
const DISABLEDRULE = 1;
|
30 |
-
const AUDITRULE = 2;
|
31 |
-
const PROTECTRULE = 3;
|
32 |
-
|
33 |
-
#Request Profiling Mode
|
34 |
-
const REQ_PROFILING_MODE_DISABLED = 1;
|
35 |
-
const REQ_PROFILING_MODE_NORMAL = 2;
|
36 |
-
const REQ_PROFILING_MODE_DEBUG = 3;
|
37 |
-
|
38 |
-
#Cookie Mode
|
39 |
-
const COOKIE_MODE_ENABLED = 1;
|
40 |
-
const COOKIE_MODE_DISABLED = 2;
|
41 |
-
|
42 |
-
#Role Level
|
43 |
-
const ROLE_LEVEL_SUBSCRIBER = 1;
|
44 |
-
const ROLE_LEVEL_CONTRIBUTOR = 2;
|
45 |
-
const ROLE_LEVEL_AUTHOR = 3;
|
46 |
-
const ROLE_LEVEL_EDITOR = 4;
|
47 |
-
const ROLE_LEVEL_ADMIN = 5;
|
48 |
-
const ROLE_LEVEL_CUSTOM = 6;
|
49 |
-
|
50 |
-
public static function isDisabledRule($mode) {
|
51 |
-
return ($mode === BVWPFWConfig::DISABLEDRULE);
|
52 |
-
}
|
53 |
-
|
54 |
-
public static function isProtectingRule($mode) {
|
55 |
-
return ($mode === BVWPFWConfig::PROTECTRULE);
|
56 |
-
}
|
57 |
-
|
58 |
-
public static function isAuditingRule($mode) {
|
59 |
-
return ($mode === BVWPFWConfig::AUDITRULE);
|
60 |
-
}
|
61 |
-
|
62 |
-
public function isActive() {
|
63 |
-
return ($this->getMode() !== BVWPFWConfig::DISABLED);
|
64 |
-
}
|
65 |
-
|
66 |
-
public function isProtecting() {
|
67 |
-
return ($this->getMode() === BVWPFWConfig::PROTECT);
|
68 |
-
}
|
69 |
-
|
70 |
-
public function isAuditing() {
|
71 |
-
return ($this->getMode() === BVWPFWConfig::AUDIT);
|
72 |
-
}
|
73 |
-
|
74 |
-
public function isReqProfilingModeDebug() {
|
75 |
-
return ($this->getReqProfilingMode() === BVWPFWConfig::REQ_PROFILING_MODE_DEBUG);
|
76 |
-
}
|
77 |
-
|
78 |
-
public function canProfileReqInfo() {
|
79 |
-
return ($this->getReqProfilingMode() !== BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
|
80 |
-
}
|
81 |
-
|
82 |
-
public function canSetCookie() {
|
83 |
-
return ($this->getCookieMode() === BVWPFWConfig::COOKIE_MODE_ENABLED);
|
84 |
-
}
|
85 |
-
|
86 |
-
public function getRules() {
|
87 |
-
$rules = array("audit" => array(), "protect" => array());
|
88 |
-
$isAudit = false;
|
89 |
-
$rulesMode = $this->getRulesMode();
|
90 |
-
if (BVWPFWConfig::isDisabledRule($rulesMode)) {
|
91 |
-
return $rules;
|
92 |
-
}
|
93 |
-
$isAudit = ($this->isAuditing() || BVWPFWConfig::isAuditingRule($rulesMode));
|
94 |
-
$rulesInfo = array();
|
95 |
-
foreach ($this->getAuditRules() as $rule)
|
96 |
-
$rulesInfo[$rule] = BVWPFWConfig::AUDITRULE;
|
97 |
-
foreach ($this->getDisabledRules() as $rule)
|
98 |
-
$rulesInfo[$rule] = BVWPFWConfig::DISABLEDRULE;
|
99 |
-
foreach (BVWPFWConfig::$allRules as $rule) {
|
100 |
-
if (isset($rulesInfo[$rule])) {
|
101 |
-
if (BVWPFWConfig::isAuditingRule($rulesInfo[$rule])) {
|
102 |
-
$rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
|
103 |
-
}
|
104 |
-
} else {
|
105 |
-
if ($isAudit) {
|
106 |
-
$rules["audit"][$rule] = BVWPFWConfig::AUDITRULE;
|
107 |
-
} else {
|
108 |
-
$rules["protect"][$rule] = BVWPFWConfig::PROTECTRULE;
|
109 |
-
}
|
110 |
-
}
|
111 |
-
}
|
112 |
-
return $rules;
|
113 |
-
}
|
114 |
-
|
115 |
-
public function setMode($mode) {
|
116 |
-
if (!$mode) {
|
117 |
-
$this->settings->deleteOption('bvfwmode');
|
118 |
-
} else {
|
119 |
-
$this->settings->updateOption('bvfwmode', intval($mode));
|
120 |
-
}
|
121 |
-
}
|
122 |
-
|
123 |
-
public function setRulesMode($mode) {
|
124 |
-
if (!$mode) {
|
125 |
-
$this->settings->deleteOption('bvfwrulesmode');
|
126 |
-
} else {
|
127 |
-
$this->settings->updateOption('bvfwrulesmode', intval($mode));
|
128 |
-
}
|
129 |
-
}
|
130 |
-
|
131 |
-
public function setCookieMode($mode) {
|
132 |
-
if (!$mode) {
|
133 |
-
$this->settings->deleteOption('bvfwcookiemode');
|
134 |
-
} else {
|
135 |
-
$this->settings->updateOption('bvfwcookiemode', intval($mode));
|
136 |
-
}
|
137 |
-
}
|
138 |
-
|
139 |
-
public function setCookieKey($key) {
|
140 |
-
if (!$key) {
|
141 |
-
$this->settings->deleteOption('bvfwcookiekey');
|
142 |
-
} else {
|
143 |
-
$this->settings->updateOption('bvfwcookiekey', strval($key));
|
144 |
-
}
|
145 |
-
}
|
146 |
-
|
147 |
-
public function setReqProfilingMode($mode) {
|
148 |
-
if (!$mode) {
|
149 |
-
$this->settings->deleteOption('bvfwreqprofilingmode');
|
150 |
-
} else {
|
151 |
-
$this->settings->updateOption('bvfwreqprofilingmode', intval($mode));
|
152 |
-
}
|
153 |
-
}
|
154 |
-
|
155 |
-
public function setDisabledRules($rules) {
|
156 |
-
if (!$rules) {
|
157 |
-
$this->settings->deleteOption('bvfwdisabledrules');
|
158 |
-
} else {
|
159 |
-
$this->settings->updateOption('bvfwdisabledrules', $rules);
|
160 |
-
}
|
161 |
-
}
|
162 |
-
|
163 |
-
public function setBypassLevel($level) {
|
164 |
-
if (!$level) {
|
165 |
-
$this->settings->deleteOption('bvfwbypasslevel');
|
166 |
-
} else {
|
167 |
-
$this->settings->updateOption('bvfwbypasslevel', $level);
|
168 |
-
}
|
169 |
-
}
|
170 |
-
|
171 |
-
public function setCustomRoles($roles) {
|
172 |
-
if (!$roles) {
|
173 |
-
$this->settings->deleteOption('bvfwcutomroles');
|
174 |
-
} else {
|
175 |
-
$this->settings->updateOption('bvfwcustomroles', $roles);
|
176 |
-
}
|
177 |
-
}
|
178 |
-
|
179 |
-
public function setAuditRules($rules) {
|
180 |
-
if (!$rules) {
|
181 |
-
$this->settings->deleteOption('bvfwauditrules');
|
182 |
-
} else {
|
183 |
-
$this->settings->updateOption('bvfwauditrules', $rules);
|
184 |
-
}
|
185 |
-
}
|
186 |
-
|
187 |
-
public function getMode() {
|
188 |
-
$mode = $this->settings->getOption('bvfwmode');
|
189 |
-
return intval($mode ? $mode : BVWPFWConfig::DISABLED);
|
190 |
-
}
|
191 |
-
|
192 |
-
public function getRulesMode() {
|
193 |
-
$mode = $this->settings->getOption('bvfwrulesmode');
|
194 |
-
return intval($mode ? $mode : BVWPFWConfig::DISABLED);
|
195 |
-
}
|
196 |
-
|
197 |
-
public function getCookieMode() {
|
198 |
-
$mode = $this->settings->getOption('bvfwcookiemode');
|
199 |
-
return intval($mode ? $mode : BVWPFWConfig::COOKIE_MODE_DISABLED);
|
200 |
-
}
|
201 |
-
|
202 |
-
public function getCookieKey() {
|
203 |
-
$key = (string) $this->settings->getOption('bvfwcookiekey');
|
204 |
-
if ($key === '') {
|
205 |
-
$key = WPRAccount::randString(32);
|
206 |
-
$this->setCookieKey($key);
|
207 |
-
}
|
208 |
-
return $key;
|
209 |
-
}
|
210 |
-
|
211 |
-
public function getReqProfilingMode() {
|
212 |
-
$mode = $this->settings->getOption('bvfwreqprofilingmode');
|
213 |
-
return intval($mode ? $mode : BVWPFWConfig::REQ_PROFILING_MODE_DISABLED);
|
214 |
-
}
|
215 |
-
|
216 |
-
public function getDisabledRules() {
|
217 |
-
$rules = $this->settings->getOption('bvfwdisabledrules');
|
218 |
-
return ($rules ? $rules : array());
|
219 |
-
}
|
220 |
-
|
221 |
-
public function getAuditRules() {
|
222 |
-
$rules = $this->settings->getOption('bvfwauditrules');
|
223 |
-
return ($rules ? $rules : array());
|
224 |
-
}
|
225 |
-
|
226 |
-
public function getBypassLevel() {
|
227 |
-
$level = $this->settings->getOption('bvfwbypasslevel');
|
228 |
-
return intval($level ? $level : BVWPFWConfig::ROLE_LEVEL_CONTRIBUTOR);
|
229 |
-
}
|
230 |
-
|
231 |
-
public function getCustomRoles() {
|
232 |
-
$roles = $this->settings->getOption('bvfwcustomroles');
|
233 |
-
return ($roles ? $roles : array());
|
234 |
-
}
|
235 |
-
|
236 |
-
public function clear() {
|
237 |
-
$this->setMode(false);
|
238 |
-
$this->setRulesMode(false);
|
239 |
-
$this->setBypassLevel(false);
|
240 |
-
$this->setCustomRoles(false);
|
241 |
-
$this->setCookieMode(false);
|
242 |
-
$this->setCookieKey(false);
|
243 |
-
$this->setDisabledRules(false);
|
244 |
-
$this->setAuditRules(false);
|
245 |
-
$this->setReqProfilingMode(false);
|
246 |
-
$this->db->dropBVTable(BVWPFWConfig::$requests_table);
|
247 |
-
$this->settings->deleteOption('bvptplug');
|
248 |
-
return true;
|
249 |
-
}
|
250 |
-
}
|
251 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protect/wp_fw/fw.php
DELETED
@@ -1,597 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('BVWPFW')) :
|
5 |
-
|
6 |
-
require_once dirname( __FILE__ ) . '/config.php';
|
7 |
-
require_once dirname( __FILE__ ) . '/request.php';
|
8 |
-
|
9 |
-
class BVWPFW {
|
10 |
-
public $db;
|
11 |
-
public $settings;
|
12 |
-
public $request;
|
13 |
-
public $config;
|
14 |
-
public $ipstore;
|
15 |
-
public $category;
|
16 |
-
public $logger;
|
17 |
-
private $currRuleInfo;
|
18 |
-
|
19 |
-
const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
|
20 |
-
@@HOSTNAME|
|
21 |
-
ALTER|ANALYZE|ASENSITIVE|
|
22 |
-
BEFORE|BENCHMARK|BETWEEN|BIGINT|BINARY|BLOB|
|
23 |
-
CALL|CASE|CHANGE|CHAR|CHARACTER|CHAR_LENGTH|COLLATE|COLUMN|CONCAT|CONDITION|CONSTRAINT|CONTINUE|CONVERT|CREATE|CROSS|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|
|
24 |
-
DATABASE|DATABASES|DAY_HOUR|DAY_MICROSECOND|DAY_MINUTE|DAY_SECOND|DECIMAL|DECLARE|DEFAULT|DELAYED|DELETE|DESCRIBE|DETERMINISTIC|DISTINCT|DISTINCTROW|DOUBLE|DROP|DUAL|DUMPFILE|
|
25 |
-
EACH|ELSE|ELSEIF|ELT|ENCLOSED|ESCAPED|EXISTS|EXIT|EXPLAIN|EXTRACTVALUE|
|
26 |
-
FETCH|FLOAT|FLOAT4|FLOAT8|FORCE|FOREIGN|FROM|FULLTEXT|
|
27 |
-
GRANT|GROUP|HAVING|HEX|HIGH_PRIORITY|HOUR_MICROSECOND|HOUR_MINUTE|HOUR_SECOND|
|
28 |
-
IFNULL|IGNORE|INDEX|INFILE|INNER|INOUT|INSENSITIVE|INSERT|INTERVAL|ISNULL|ITERATE|
|
29 |
-
JOIN|KILL|LEADING|LEAVE|LIMIT|LINEAR|LINES|LOAD|LOAD_FILE|LOCALTIME|LOCALTIMESTAMP|LOCK|LONG|LONGBLOB|LONGTEXT|LOOP|LOW_PRIORITY|
|
30 |
-
MASTER_SSL_VERIFY_SERVER_CERT|MATCH|MAXVALUE|MEDIUMBLOB|MEDIUMINT|MEDIUMTEXT|MID|MIDDLEINT|MINUTE_MICROSECOND|MINUTE_SECOND|MODIFIES|
|
31 |
-
NATURAL|NO_WRITE_TO_BINLOG|NULL|NUMERIC|OPTION|ORD|ORDER|OUTER|OUTFILE|
|
32 |
-
PRECISION|PRIMARY|PRIVILEGES|PROCEDURE|PROCESSLIST|PURGE|
|
33 |
-
RANGE|READ_WRITE|REGEXP|RELEASE|REPEAT|REQUIRE|RESIGNAL|RESTRICT|RETURN|REVOKE|RLIKE|ROLLBACK|
|
34 |
-
SCHEMA|SCHEMAS|SECOND_MICROSECOND|SELECT|SENSITIVE|SEPARATOR|SHOW|SIGNAL|SLEEP|SMALLINT|SPATIAL|SPECIFIC|SQLEXCEPTION|SQLSTATE|SQLWARNING|SQL_BIG_RESULT|SQL_CALC_FOUND_ROWS|SQL_SMALL_RESULT|STARTING|STRAIGHT_JOIN|SUBSTR|
|
35 |
-
TABLE|TERMINATED|TINYBLOB|TINYINT|TINYTEXT|TRAILING|TRANSACTION|TRIGGER|
|
36 |
-
UNDO|UNHEX|UNION|UNLOCK|UNSIGNED|UPDATE|UPDATEXML|USAGE|USING|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|
|
37 |
-
VALUES|VARBINARY|VARCHAR|VARCHARACTER|VARYING|WHEN|WHERE|WHILE|WRITE|YEAR_MONTH|ZEROFILL)(?=[^\\w]|$)/ix';
|
38 |
-
|
39 |
-
const XSSREGEX = '/(?:
|
40 |
-
#tags
|
41 |
-
(?:\\<|\\+ADw\\-|\\xC2\\xBC)(script|iframe|svg|object|embed|applet|link|style|meta|\\/\\/|\\?xml\\-stylesheet)(?:[^\\w]|\\xC2\\xBE)|
|
42 |
-
#protocols
|
43 |
-
(?:^|[^\\w])(?:(?:\\s*(?:&\\#(?:x0*6a|0*106)|j)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*62|0*98)|b)|\\s*(?:&\\#(?:x0*65|0*101)|e)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*6c|0*108)|l)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*76|0*118)|v)\\s*(?:&\\#(?:x0*65|0*101)|e))\\s*(?:&\\#(?:x0*73|0*115)|s)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*72|0*114)|r)\\s*(?:&\\#(?:x0*69|0*105)|i)\\s*(?:&\\#(?:x0*70|0*112)|p)\\s*(?:&\\#(?:x0*74|0*116)|t)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6c|0*108)|l)|\\s*(?:&\\#(?:x0*6d|0*109)|m)\\s*(?:&\\#(?:x0*6f|0*111)|o)\\s*(?:&\\#(?:x0*63|0*99)|c)\\s*(?:&\\#(?:x0*68|0*104)|h)\\s*(?:&\\#(?:x0*61|0*97)|a)|\\s*(?:&\\#(?:x0*64|0*100)|d)\\s*(?:&\\#(?:x0*61|0*97)|a)\\s*(?:&\\#(?:x0*74|0*116)|t)\\s*(?:&\\#(?:x0*61|0*97)|a)(?!(?:&\\#(?:x0*3a|0*58)|\\:)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*2f|0*47)|\\/)(?:(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*6e|0*110)|n)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*70|0*112)|p)|(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*70|0*112)|p)?(?:&\\#(?:x0*6a|0*106)|j)(?:&\\#(?:x0*70|0*112)|p)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*67|0*103)|g)|(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*69|0*105)|i)(?:&\\#(?:x0*66|0*102)|f)(?:&\\#(?:x0*66|0*102)|f)|(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*76|0*118)|v)(?:&\\#(?:x0*67|0*103)|g)(?:&\\#(?:x0*2b|0*43)|\\+)(?:&\\#(?:x0*78|0*120)|x)(?:&\\#(?:x0*6d|0*109)|m)(?:&\\#(?:x0*6c|0*108)|l))(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*63|0*99)|c)(?:&\\#(?:x0*68|0*104)|h)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*72|0*114)|r)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*74|0*116)|t)(?:&\\#(?:x0*3d|0*61)|=)[\\-a-z0-9]+)?(?:(?:&\\#(?:x0*3b|0*59)|;)(?:&\\#(?:x0*62|0*98)|b)(?:&\\#(?:x0*61|0*97)|a)(?:&\\#(?:x0*73|0*115)|s)(?:&\\#(?:x0*65|0*101)|e)(?:&\\#(?:x0*36|0*54)|6)(?:&\\#(?:x0*34|0*52)|4))?(?:&\\#(?:x0*2c|0*44)|,)))\\s*(?:&\\#(?:x0*3a|0*58)|&colon|\\:)|
|
44 |
-
#css expression
|
45 |
-
(?:^|[^\\w])(?:(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*78|\\\\0*58|x)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*70|\\\\0*50|p)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*73|\\\\0*53|s)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n))[^\\w]*?(?:\\\\0*28|\\()|
|
46 |
-
#css properties
|
47 |
-
(?:^|[^\\w])(?:(?:(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*65|\\\\0*45|e)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*68|\\\\0*48|h)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*61|\\\\0*41|a)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*76|\\\\0*56|v)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*72|\\\\0*52|r)(?:\\/\\*.*?\\*\\/)*)|(?:(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6d|\\\\0*4d|m)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6f|\\\\0*4f|o)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*7a|\\\\0*5a|z)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*2d|\\\\0*2d|-)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*62|\\\\0*42|b)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*64|\\\\0*44|d)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*69|\\\\0*49|i)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*6e|\\\\0*4e|n)(?:\\/\\*.*?\\*\\/)*(?:\\\\0*67|\\\\0*47|g)(?:\\/\\*.*?\\*\\/)*))[^\\w]*(?:\\\\0*3a|\\\\0*3a|:)[^\\w]*(?:\\\\0*75|\\\\0*55|u)(?:\\\\0*72|\\\\0*52|r)(?:\\\\0*6c|\\\\0*4c|l)|
|
48 |
-
#properties
|
49 |
-
(?:^|[^\\w])(?:on(?:abort|activate|afterprint|afterupdate|autocomplete|autocompleteerror|beforeactivate|beforecopy|beforecut|beforedeactivate|beforeeditfocus|beforepaste|beforeprint|beforeunload|beforeupdate|blur|bounce|cancel|canplay|canplaythrough|cellchange|change|click|close|contextmenu|controlselect|copy|cuechange|cut|dataavailable|datasetchanged|datasetcomplete|dblclick|deactivate|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|durationchange|emptied|encrypted|ended|error|errorupdate|filterchange|finish|focus|focusin|focusout|formchange|forminput|hashchange|help|input|invalid|keydown|keypress|keyup|languagechange|layoutcomplete|load|loadeddata|loadedmetadata|loadstart|losecapture|message|mousedown|mouseenter|mouseleave|mousemove|mouseout|mouseover|mouseup|mousewheel|move|moveend|movestart|mozfullscreenchange|mozfullscreenerror|mozpointerlockchange|mozpointerlockerror|offline|online|page|pagehide|pageshow|paste|pause|play|playing|popstate|progress|propertychange|ratechange|readystatechange|reset|resize|resizeend|resizestart|rowenter|rowexit|rowsdelete|rowsinserted|scroll|search|seeked|seeking|select|selectstart|show|stalled|start|storage|submit|suspend|timer|timeupdate|toggle|unload|volumechange|waiting|webkitfullscreenchange|webkitfullscreenerror|wheel)|formaction|data\\-bind|ev:event)[^\\w]
|
50 |
-
)/ix';
|
51 |
-
|
52 |
-
const BYPASS_COOKIE = "bvfw-bypass-cookie";
|
53 |
-
const IP_COOKIE = "bvfw-ip-cookie";
|
54 |
-
|
55 |
-
public function __construct($db, $settings, $ip, $ipstore) {
|
56 |
-
$this->db = $db;
|
57 |
-
$this->settings = $settings;
|
58 |
-
$this->config = new BVWPFWConfig($db, $settings);
|
59 |
-
$this->request = new BVWPRequest($ip);
|
60 |
-
$this->ipstore = $ipstore;
|
61 |
-
$this->logger = new BVLogger($db, BVWPFWConfig::$requests_table);
|
62 |
-
}
|
63 |
-
|
64 |
-
public function init() {
|
65 |
-
if ($this->config->canSetCookie()) {
|
66 |
-
add_action('init', array($this, 'setBypassCookie'));
|
67 |
-
$this->setIPCookie();
|
68 |
-
}
|
69 |
-
add_filter('status_header', array($this->request, 'captureRespCode'));
|
70 |
-
register_shutdown_function(array($this, 'log'));
|
71 |
-
}
|
72 |
-
|
73 |
-
public function setcookie($name, $value, $expire, $path = COOKIEPATH, $domain = COOKIE_DOMAIN) {
|
74 |
-
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
75 |
-
$secure = function_exists('is_ssl') ? is_ssl() : false;
|
76 |
-
@setcookie($name, $value, $expire, $path, $domain, $secure, true);
|
77 |
-
} else {
|
78 |
-
@setcookie($name, $value, $expire, $path);
|
79 |
-
}
|
80 |
-
}
|
81 |
-
|
82 |
-
public function setBypassCookie() {
|
83 |
-
if (function_exists('is_user_logged_in') && is_user_logged_in() && !$this->hasValidBypassCookie()) {
|
84 |
-
$roleLevel = $this->getCurrentRoleLevel();
|
85 |
-
$bypassLevel = $this->config->getBypassLevel();
|
86 |
-
if ($roleLevel >= $bypassLevel) {
|
87 |
-
$cookie = $this->generateBypassCookie();
|
88 |
-
$this->setcookie(BVWPFW::BYPASS_COOKIE, $cookie, time() + 43200);
|
89 |
-
}
|
90 |
-
}
|
91 |
-
}
|
92 |
-
|
93 |
-
public function generateBypassCookie() {
|
94 |
-
$time = floor(time() / 43200);
|
95 |
-
$bypassLevel = $this->config->getBypassLevel();
|
96 |
-
$cookiekey = $this->config->getCookieKey();
|
97 |
-
return sha1($bypassLevel.$time.$cookiekey);
|
98 |
-
}
|
99 |
-
|
100 |
-
public function hasValidBypassCookie() {
|
101 |
-
$cookie = (string) $this->request->getCookies(BVWPFW::BYPASS_COOKIE);
|
102 |
-
return ($this->config->canSetCookie() && ($cookie === $this->generateBypassCookie()));
|
103 |
-
}
|
104 |
-
|
105 |
-
public function setIPCookie() {
|
106 |
-
if (!$this->request->getCookies(BVWPFW::IP_COOKIE)) {
|
107 |
-
$ip = $this->request->getIP();
|
108 |
-
$cookiekey = $this->config->getCookieKey();
|
109 |
-
$time = floor(time() / 3600);
|
110 |
-
$cookie = sha1($ip.$time.$cookiekey);
|
111 |
-
$this->setcookie(BVWPFW::IP_COOKIE, $cookie, time() + 3600);
|
112 |
-
}
|
113 |
-
}
|
114 |
-
|
115 |
-
public function getBVCookies() {
|
116 |
-
$cookies = array();
|
117 |
-
$cookies[BVWPFW::IP_COOKIE] = (string) $this->request->getCookies(BVWPFW::IP_COOKIE);
|
118 |
-
return $cookies;
|
119 |
-
}
|
120 |
-
|
121 |
-
public function getCurrentRoleLevel() {
|
122 |
-
if (function_exists('current_user_can')) {
|
123 |
-
if (function_exists('is_super_admin') && is_super_admin()) {
|
124 |
-
return BVWPFWConfig::ROLE_LEVEL_ADMIN;
|
125 |
-
}
|
126 |
-
foreach ($this->config->getCustomRoles() as $role) {
|
127 |
-
if (current_user_can($role)) {
|
128 |
-
return BVWPFWConfig::ROLE_LEVEL_CUSTOM;
|
129 |
-
}
|
130 |
-
}
|
131 |
-
foreach (BVWPFWConfig::$roleLevels as $role => $level) {
|
132 |
-
if (current_user_can($role)) {
|
133 |
-
return $level;
|
134 |
-
}
|
135 |
-
}
|
136 |
-
}
|
137 |
-
return 0;
|
138 |
-
}
|
139 |
-
|
140 |
-
public function log() {
|
141 |
-
if ($this->config->canSetCookie()) {
|
142 |
-
$canlog = !$this->hasValidBypassCookie();
|
143 |
-
} else {
|
144 |
-
$canlog = (!function_exists('is_user_logged_in') || !is_user_logged_in());
|
145 |
-
}
|
146 |
-
if ($canlog) {
|
147 |
-
$this->logger->log($this->request->getDataToLog());
|
148 |
-
}
|
149 |
-
}
|
150 |
-
|
151 |
-
public function terminateRequest($category = BVWPRequest::NORMAL) {
|
152 |
-
$info = new WPRInfo($this->settings);
|
153 |
-
$this->request->setCategory($category);
|
154 |
-
$this->request->setStatus(BVWPRequest::BLOCKED);
|
155 |
-
$this->request->setRespCode(403);
|
156 |
-
header("Cache-Control: no-cache, no-store, must-revalidate");
|
157 |
-
header("Pragma: no-cache");
|
158 |
-
header("Expires: 0");
|
159 |
-
header('HTTP/1.0 403 Forbidden');
|
160 |
-
$brandname = $info->getBrandName();
|
161 |
-
die("
|
162 |
-
<div style='height: 98vh;'>
|
163 |
-
<div style='text-align: center; padding: 10% 0; font-family: Arial, Helvetica, sans-serif;'>
|
164 |
-
<div><p><img src=".plugins_url('/../../img/icon.png', __FILE__)."><h2>Firewall</h2><h3>powered by</h3><h2>"
|
165 |
-
.$brandname."</h2></p><div>
|
166 |
-
<p>Blocked because of Malicious Activities</p>
|
167 |
-
</div>
|
168 |
-
</div>
|
169 |
-
");
|
170 |
-
}
|
171 |
-
|
172 |
-
public function isBlacklistedIP() {
|
173 |
-
return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::BLACKLISTED, BVIPStore::FW);
|
174 |
-
}
|
175 |
-
|
176 |
-
public function isWhitelistedIP() {
|
177 |
-
return $this->ipstore->checkIPPresent($this->request->getIP(), BVIPStore::WHITELISTED, BVIPStore::FW);
|
178 |
-
}
|
179 |
-
|
180 |
-
public function canBypassFirewall() {
|
181 |
-
if ($this->isWhitelistedIP() || $this->hasValidBypassCookie()) {
|
182 |
-
$this->request->setCategory(BVWPRequest::WHITELISTED);
|
183 |
-
$this->request->setStatus(BVWPRequest::BYPASSED);
|
184 |
-
return true;
|
185 |
-
}
|
186 |
-
return false;
|
187 |
-
}
|
188 |
-
|
189 |
-
public function execute() {
|
190 |
-
if ($this->config->canProfileReqInfo()) {
|
191 |
-
$result = array();
|
192 |
-
$result += $this->profileRequestInfo($this->request->getBody(),
|
193 |
-
$this->config->isReqProfilingModeDebug(), 'BODY_');
|
194 |
-
$result += $this->profileRequestInfo($this->request->getQueryString(),
|
195 |
-
true, 'GET_');
|
196 |
-
$result += $this->profileRequestInfo($this->request->getFiles(),
|
197 |
-
true, 'FILES_');
|
198 |
-
$result += $this->profileRequestInfo($this->getBVCookies(),
|
199 |
-
true, 'COOKIES_');
|
200 |
-
if (strpos($this->request->getPath(), 'admin-ajax.php') !== false) {
|
201 |
-
$result += array('BODY_ADMIN_AJAX_ACTION' => $this->request->getBody('action'));
|
202 |
-
$result += array('GET_ADMIN_AJAX_ACTION' => $this->request->getQueryString('action'));
|
203 |
-
}
|
204 |
-
if (strpos($this->request->getPath(), 'admin-post.php') !== false) {
|
205 |
-
$result += array('BODY_ADMIN_POST_ACTION' => $this->request->getBody('action'));
|
206 |
-
$result += array('GET_ADMIN_POST_ACTION' => $this->request->getQueryString('action'));
|
207 |
-
}
|
208 |
-
$this->request->updateReqInfo($result);
|
209 |
-
}
|
210 |
-
if (!$this->canBypassFirewall()) {
|
211 |
-
$rules = $this->config->getRules();
|
212 |
-
$this->matchRules($rules["audit"]);
|
213 |
-
if ($this->config->isProtecting()) {
|
214 |
-
if ($this->isBlacklistedIP()) {
|
215 |
-
$this->terminateRequest(BVWPRequest::BLACKLISTED);
|
216 |
-
}
|
217 |
-
if ($this->matchRules($rules["protect"], true)) {
|
218 |
-
$this->terminateRequest();
|
219 |
-
}
|
220 |
-
}
|
221 |
-
}
|
222 |
-
}
|
223 |
-
|
224 |
-
public function getServerValue($key) {
|
225 |
-
if (isset($_SERVER) && array_key_exists($key, $_SERVER)) {
|
226 |
-
return $_SERVER[$key];
|
227 |
-
}
|
228 |
-
return null;
|
229 |
-
}
|
230 |
-
|
231 |
-
public function match($pattern, $subject, $key = NULL) {
|
232 |
-
if (is_array($subject)) {
|
233 |
-
foreach ($subject as $k => $v) {
|
234 |
-
$k = ($key !== NULL) ? $key.'-'.$k : NULL;
|
235 |
-
if ($this->match($pattern, $v, $k)) {
|
236 |
-
return true;
|
237 |
-
}
|
238 |
-
}
|
239 |
-
} else {
|
240 |
-
if (preg_match((string) $pattern, (string) $subject) > 0) {
|
241 |
-
if ($key !== NULL) {
|
242 |
-
$this->currRuleInfo[$key] = $this->getLength($subject);
|
243 |
-
}
|
244 |
-
return true;
|
245 |
-
}
|
246 |
-
}
|
247 |
-
return false;
|
248 |
-
}
|
249 |
-
|
250 |
-
public function matchCount($pattern, $subject) {
|
251 |
-
$count = 0;
|
252 |
-
if (is_array($subject)) {
|
253 |
-
foreach ($subject as $val) {
|
254 |
-
$count += $this->matchCount($pattern, $val);
|
255 |
-
}
|
256 |
-
return $count;
|
257 |
-
} else {
|
258 |
-
$count = preg_match_all((string) $pattern, (string) $subject, $matches);
|
259 |
-
return ($count === false ? 0 : $count);
|
260 |
-
}
|
261 |
-
}
|
262 |
-
|
263 |
-
public function matchMD5($str, $val) {
|
264 |
-
return md5((string) $str) === $val;
|
265 |
-
}
|
266 |
-
|
267 |
-
public function getLength($val) {
|
268 |
-
$length = 0;
|
269 |
-
if (is_array($val)) {
|
270 |
-
foreach ($val as $v) {
|
271 |
-
$length += $this->getLength($v);
|
272 |
-
}
|
273 |
-
return $length;
|
274 |
-
} else {
|
275 |
-
return strlen((string) $val);
|
276 |
-
}
|
277 |
-
}
|
278 |
-
|
279 |
-
public function equals($value, $subject) {
|
280 |
-
return $value == $subject;
|
281 |
-
}
|
282 |
-
|
283 |
-
public function notEquals($value, $subject) {
|
284 |
-
return $value != $subject;
|
285 |
-
}
|
286 |
-
|
287 |
-
public function profileRequestInfo($params, $debug = false, $prefix = '') {
|
288 |
-
$result = array();
|
289 |
-
if (is_array($params)) {
|
290 |
-
foreach ($params as $key => $value) {
|
291 |
-
$currkey = $prefix . $key;
|
292 |
-
if (is_array($value)) {
|
293 |
-
$result = $result + $this->profileRequestInfo($value, $debug, $currkey . '_');
|
294 |
-
} else {
|
295 |
-
$result[$currkey] = array();
|
296 |
-
$valsize = $this->getLength($value);
|
297 |
-
$result[$currkey]["size"] = $valsize;
|
298 |
-
if ($debug === true && $valsize < 256) {
|
299 |
-
$result[$currkey]["value"] = $value;
|
300 |
-
continue;
|
301 |
-
}
|
302 |
-
|
303 |
-
if (preg_match('/^\d+$/', $value)) {
|
304 |
-
$result[$currkey]["numeric"] = true;
|
305 |
-
} else if (preg_match('/^\w+$/', $value)) {
|
306 |
-
$result[$currkey]["regular_word"] = true;
|
307 |
-
} else if (preg_match('/^\S+$/', $value)) {
|
308 |
-
$result[$currkey]["special_word"] = true;
|
309 |
-
} else if (preg_match('/^[\w\s]+$/', $value)) {
|
310 |
-
$result[$currkey]["regular_sentence"] = true;
|
311 |
-
} else if (preg_match('/^[\w\W]+$/', $value)) {
|
312 |
-
$result[$currkey]["special_chars_sentence"] = true;
|
313 |
-
}
|
314 |
-
|
315 |
-
if (preg_match('/^\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
|
316 |
-
(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b$/x', $value)) {
|
317 |
-
$result[$currkey]["ipv4"] = true;
|
318 |
-
} else if (preg_match('/\b((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}
|
319 |
-
(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\b/x', $value)) {
|
320 |
-
$result[$currkey]["embeded_ipv4"] = true;
|
321 |
-
} else if (preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
|
322 |
-
([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
|
323 |
-
([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
|
324 |
-
(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
|
325 |
-
([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
|
326 |
-
:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
|
327 |
-
::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
|
328 |
-
(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
|
329 |
-
(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/x', $value)) {
|
330 |
-
$result[$currkey]["ipv6"] = true;
|
331 |
-
} else if (preg_match('/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|
|
332 |
-
([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|
|
333 |
-
([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}
|
334 |
-
(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|
|
335 |
-
([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|
|
336 |
-
:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|
|
337 |
-
::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}
|
338 |
-
(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|
|
339 |
-
(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/x', $value)) {
|
340 |
-
$result[$currkey]["embeded_ipv6"] = true;
|
341 |
-
}
|
342 |
-
|
343 |
-
if (preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/', $value)) {
|
344 |
-
$result[$currkey]["email"] = true;
|
345 |
-
} else if (preg_match('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}/', $value)) {
|
346 |
-
$result[$currkey]["embeded_email"] = true;
|
347 |
-
}
|
348 |
-
|
349 |
-
if (preg_match('/^(http|ftp)s?:\/\/\S+$/i', $value)) {
|
350 |
-
$result[$currkey]["link"] = true;
|
351 |
-
} else if (preg_match('/(http|ftp)s?:\/\/\S+$/i', $value)) {
|
352 |
-
$result[$currkey]["embeded_link"] = true;
|
353 |
-
}
|
354 |
-
|
355 |
-
if (preg_match('/<(html|head|title|base|link|meta|style|picture|source|img|
|
356 |
-
iframe|embed|object|param|video|audio|track|map|area|form|label|input|button|
|
357 |
-
select|datalist|optgroup|option|textarea|output|progress|meter|fieldset|legend|
|
358 |
-
script|noscript|template|slot|canvas)/ix', $value)) {
|
359 |
-
$result[$currkey]["embeded_html"] = true;
|
360 |
-
}
|
361 |
-
|
362 |
-
if (preg_match('/\.(jpg|jpeg|png|gif|ico|pdf|doc|docx|ppt|pptx|pps|ppsx|odt|xls|zip|gzip|
|
363 |
-
xlsx|psd|mp3|m4a|ogg|wav|mp4|m4v|mov|wmv|avi|mpg|ogv|3gp|3g2|php|html|phtml|js|css)/ix', $value)) {
|
364 |
-
$result[$currkey]["file"] = true;
|
365 |
-
}
|
366 |
-
|
367 |
-
if ($this->matchCount(BVWPFW::SQLIREGEX, $value) >= 2) {
|
368 |
-
$result[$currkey]["sql"] = true;
|
369 |
-
}
|
370 |
-
}
|
371 |
-
}
|
372 |
-
}
|
373 |
-
return $result;
|
374 |
-
}
|
375 |
-
|
376 |
-
public function matchRules($rules = array(), $isProtect = false) {
|
377 |
-
if (empty($rules)) {
|
378 |
-
return false;
|
379 |
-
}
|
380 |
-
if (isset($rules[108])) {
|
381 |
-
$this->currRuleInfo = array();
|
382 |
-
if ($this->match(BVWPFW::XSSREGEX, $this->request->getQueryString(), "GET")) {
|
383 |
-
$this->request->updateRulesInfo(108, $this->currRuleInfo);
|
384 |
-
if ($isProtect) return true;
|
385 |
-
}
|
386 |
-
}
|
387 |
-
if (isset($rules[112])) {
|
388 |
-
$this->currRuleInfo = array();
|
389 |
-
if ($this->match('/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/', $this->request->getPath()) &&
|
390 |
-
(($this->equals('revslider_show_image', $this->request->getQueryString('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")) or
|
391 |
-
($this->equals('revslider_show_image', $this->request->getBody('action')) && $this->match('/\\.php$/i', $this->request->getQueryString('img'), "img")))) {
|
392 |
-
$this->request->updateRulesInfo(112, $this->currRuleInfo);
|
393 |
-
if ($isProtect) return true;
|
394 |
-
}
|
395 |
-
}
|
396 |
-
if (isset($rules[114])) {
|
397 |
-
$this->currRuleInfo = array();
|
398 |
-
if ($this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getBody(), "BODY") or
|
399 |
-
$this->match('/<\\!(?:DOCTYPE|ENTITY)\\s+(?:%\\s*)?\\w+\\s+SYSTEM/i', $this->request->getQueryString(), "GET")) {
|
400 |
-
$this->request->updateRulesInfo(114, $this->currRuleInfo);
|
401 |
-
if ($isProtect) return true;
|
402 |
-
}
|
403 |
-
}
|
404 |
-
if (isset($rules[115])) {
|
405 |
-
$this->currRuleInfo = array();
|
406 |
-
if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) &&
|
407 |
-
($this->equals('update-plugin', $this->request->getBody('action')) or $this->equals('update-plugin', $this->request->getQueryString('action'))) && ($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getBody(), "BODY") or
|
408 |
-
($this->match('/(^|\\/|\\\\|%2f|%5c)\\.\\.(\\\\|\\/|%2f|%5c)/i', $this->request->getQueryString(), "GET")))) {
|
409 |
-
$this->request->updateRulesInfo(115, $this->currRuleInfo);
|
410 |
-
if ($isProtect) return true;
|
411 |
-
}
|
412 |
-
}
|
413 |
-
if (isset($rules[132])) {
|
414 |
-
$this->currRuleInfo = array();
|
415 |
-
if (($this->equals('Y', $this->request->getBody('kentopvc_hidden'))) &&
|
416 |
-
((!$this->match('/^1?$/', $this->request->getBody('kento_pvc_hide'), "kento_pvc_hide")) or
|
417 |
-
(!$this->match('/^1?$/', $this->request->getBody('kento_pvc_uniq'), "kento_pvc_uniq")) or
|
418 |
-
(!$this->match('/^1?$/', $this->request->getBody('kento_pvc_posttype'), "kento_pvc_posttype")) or
|
419 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_today_text'), "kento_pvc_today_text")) or
|
420 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_total_text'), "kento_pvc_total_text")) or
|
421 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getBody('kento_pvc_numbers_lang'), "kento_pvc_numbers_lang")))) {
|
422 |
-
$this->request->updateRulesInfo(132, $this->currRuleInfo);
|
423 |
-
if ($isProtect) return true;
|
424 |
-
}
|
425 |
-
}
|
426 |
-
if (isset($rules[133])) {
|
427 |
-
$this->currRuleInfo = array();
|
428 |
-
if ((($this->match('#/wp\\-mobile\\-detector[/]+resize\\.php#i', $this->request->getPath())) or
|
429 |
-
($this->match('#/wp\\-mobile\\-detector[/]+timthumb\\.php#i', $this->request->getPath()))) &&
|
430 |
-
((($this->getLength($this->request->getBody('src')) > 0) &&
|
431 |
-
(!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getBody('src'), "src"))) or
|
432 |
-
(($this->getLength($this->request->getQueryString('src'))) &&
|
433 |
-
(!$this->match('/\\.(?:png|gif|jpg|jpeg|jif|jfif|svg)$/i', $this->request->getQueryString('src'), "src"))))) {
|
434 |
-
$this->request->updateRulesInfo(133, $this->currRuleInfo);
|
435 |
-
if ($isProtect) return true;
|
436 |
-
}
|
437 |
-
}
|
438 |
-
if (isset($rules[145])) {
|
439 |
-
$this->currRuleInfo = array();
|
440 |
-
if ((($this->match('/Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough|Bullseye|BunnySlippers|ca\\-crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|cosmos|Crescent|discobot|DittoSpyder|DotBot|Download Ninja|EasouSpider|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|ExtractorPro|Fasterfox|FeedBooster|Foobot|Genieo|grub\\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java\\/1\\.|JennyBot|k2spider|Kenjin Spider|Keyword Density\\/0\\.9|larbin|LexiBot|libWeb|libwww|LinkextractorPro|linko|LinkScan\\/8\\.1a Unix|LinkWalker|LNSpiderguy|lwp\\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin|Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki\\-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\\.com|PHP\\/5\\.\\{|ProPowerBot\\/2\\.14|ProWebWalker|Python\\-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot|SeznamBot|SISTRIX|sitecheck\\.Internetseer\\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz\\/1\\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot|Titan|toCrawl\\/UrlDispatcher|True_Robot|turingos|TurnitinBot|UbiCrawler|UnisterBot|URLy Warning|VCI|WBSearchBot|Web Downloader\\/6\\.9|Web Image Collector|WebAuto|WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger|Website Quester|Webster Pro|WebStripper|WebZip|Wotbox|wsr\\-agent|WWW\\-Collector\\-E|Xenu|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files/i', $this->request->getHeader('User-Agent'), "User-Agent")) &&
|
441 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent"))) or
|
442 |
-
(($this->match('/semalt\\.com|kambasoft\\.com|savetubevideo\\.com|buttons\\-for\\-website\\.com|sharebutton\\.net|soundfrost\\.org|srecorder\\.com|softomix\\.com|softomix\\.net|myprintscreen\\.com|joinandplay\\.me|fbfreegifts\\.com|openmediasoft\\.com|zazagames\\.org|extener\\.org|openfrost\\.com|openfrost\\.net|googlsucks\\.com|best\\-seo\\-offer\\.com|buttons\\-for\\-your\\-website\\.com|www\\.Get\\-Free\\-Traffic\\-Now\\.com|best\\-seo\\-solution\\.com|buy\\-cheap\\-online\\.info|site3\\.free\\-share\\-buttons\\.com|webmaster\\-traffic\\.co/i', $this->request->getHeader('Referer'), "Referer")) &&
|
443 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('User-Agent'), "User-Agent")))) {
|
444 |
-
$this->request->updateRulesInfo(145, $this->currRuleInfo);
|
445 |
-
if ($isProtect) return true;
|
446 |
-
}
|
447 |
-
}
|
448 |
-
if (isset($rules[146])) {
|
449 |
-
$this->currRuleInfo = array();
|
450 |
-
if ($this->match('/sitemap_.*?<.*?(:?_\\d+)?\\.xml(:?\\.gz)?/i', $this->request->getPath())) {
|
451 |
-
$this->request->updateRulesInfo(146, $this->currRuleInfo);
|
452 |
-
if ($isProtect) return true;
|
453 |
-
}
|
454 |
-
}
|
455 |
-
if (isset($rules[155])) {
|
456 |
-
$this->currRuleInfo = array();
|
457 |
-
if (($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Client-IP'), "Client-IP")) or
|
458 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Forwarded'), "X-Forwarded")) or
|
459 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('X-Cluster-Client-IP'), "X-Cluster-Client-IP")) or
|
460 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded-For'), "Forwarded-For")) or
|
461 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getHeader('Forwarded'), "Forwarded"))) {
|
462 |
-
$this->request->updateRulesInfo(155, $this->currRuleInfo);
|
463 |
-
if ($isProtect) return true;
|
464 |
-
}
|
465 |
-
}
|
466 |
-
if (isset($rules[156])) {
|
467 |
-
$this->currRuleInfo = array();
|
468 |
-
if ($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME')) and
|
469 |
-
(($this->match(BVWPFW::SQLIREGEX, $this->request->getBody('umm_user'), "umm_user")) or
|
470 |
-
($this->match(BVWPFW::SQLIREGEX, $this->request->getQueryString('umm_user'), "umm_user")))) {
|
471 |
-
$this->request->updateRulesInfo(156, $this->currRuleInfo);
|
472 |
-
if ($isProtect) return true;
|
473 |
-
}
|
474 |
-
}
|
475 |
-
if (isset($rules[165])) {
|
476 |
-
$this->currRuleInfo = array();
|
477 |
-
if ($this->match('/O:\\d+:"(?!stdClass")[^"]+":/', $this->request->getCookies('ecwid_oauth_state'), "ecwid_oauth_state")) {
|
478 |
-
$this->request->updateRulesInfo(165, $this->currRuleInfo);
|
479 |
-
if ($isProtect) return true;
|
480 |
-
}
|
481 |
-
}
|
482 |
-
if (isset($rules[167])) {
|
483 |
-
$this->currRuleInfo = array();
|
484 |
-
if ((!$this->match('/\\.(jpe?g|png|mpeg|mov|flv|pdf|docx?|txt|csv|avi|mp3|wma|wav)($|\\.)/i', $this->request->getFileNames())) &&
|
485 |
-
($this->getLength($this->request->getBody('save_bepro_listing')) > 0)) {
|
486 |
-
$this->request->updateRulesInfo(167, $this->currRuleInfo);
|
487 |
-
if ($isProtect) return true;
|
488 |
-
}
|
489 |
-
}
|
490 |
-
if (isset($rules[168])) {
|
491 |
-
$this->currRuleInfo = array();
|
492 |
-
if (($this->match('#/wp\\-admin/admin\\-ajax\\.php$#i', $this->getServerValue('SCRIPT_FILENAME'))) &&
|
493 |
-
($this->equals('master-slider', $this->request->getQueryString('page'))) &&
|
494 |
-
($this->getLength($this->request->getBody('page')) > 0) &&
|
495 |
-
($this->notEquals('master-slider', $this->request->getBody('page')))) {
|
496 |
-
$this->request->updateRulesInfo(168, $this->currRuleInfo);
|
497 |
-
if ($isProtect) return true;
|
498 |
-
}
|
499 |
-
}
|
500 |
-
if (isset($rules[169])) {
|
501 |
-
$this->currRuleInfo = array();
|
502 |
-
if (($this->equals('fancybox-for-wordpress', $this->request->getQueryString('page'))) &&
|
503 |
-
($this->match(BVWPFW::XSSREGEX, $this->request->getBody('mfbfw'), "mfbfw"))) {
|
504 |
-
$this->request->updateRulesInfo(169, $this->currRuleInfo);
|
505 |
-
if ($isProtect) return true;
|
506 |
-
}
|
507 |
-
}
|
508 |
-
if (isset($rules[171])) {
|
509 |
-
$this->currRuleInfo = array();
|
510 |
-
if ((($this->match('#wp-json/wp/v\\d+/posts/#i', $this->request->getPath())) or
|
511 |
-
($this->match('#/wp/v\\d+/posts/#i', $this->request->getQueryString('rest_route'), "rest_route"))) &&
|
512 |
-
($this->match('/[^0-9]/', $this->request->getQueryString('id'), "id"))) {
|
513 |
-
$this->request->updateRulesInfo(171, $this->currRuleInfo);
|
514 |
-
if ($isProtect) return true;
|
515 |
-
}
|
516 |
-
}
|
517 |
-
if (isset($rules[172])) {
|
518 |
-
$this->currRuleInfo = array();
|
519 |
-
$pattern = '`\b(?i:(?:conf(?:ig(?:ur(?:e|ation)|\.inc|_global)?)?)|settings?(?:\.?inc)?)\.php$`';
|
520 |
-
if ((($this->match($pattern, $this->getServerValue('SCRIPT_FILENAME'), "SCRIPT_FILENAME")) or
|
521 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")))) {
|
522 |
-
$this->request->updateRulesInfo(172, $this->currRuleInfo);
|
523 |
-
if ($isProtect) return true;
|
524 |
-
}
|
525 |
-
}
|
526 |
-
if (isset($rules[173])) {
|
527 |
-
$this->currRuleInfo = array();
|
528 |
-
$pattern = '`(?:\.{2}[\/]+)`';
|
529 |
-
if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
|
530 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")) or
|
531 |
-
($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
|
532 |
-
($this->match($pattern, $this->request->getHeader('User-Agent'), "HEADER")))) {
|
533 |
-
$this->request->updateRulesInfo(173, $this->currRuleInfo);
|
534 |
-
if ($isProtect) return true;
|
535 |
-
}
|
536 |
-
}
|
537 |
-
if (isset($rules[174])) {
|
538 |
-
$this->currRuleInfo = array();
|
539 |
-
$pattern = '`\\b(?:\\$?_(COOKIE|ENV|FILES|(?:GE|POS|REQUES)T|SE(RVER|SSION))|HTTP_(?:(?:POST|GET)_VARS|RAW_POST_DATA)|GLOBALS)\\s*[=\\[)]|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
|
540 |
-
if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
|
541 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")) or
|
542 |
-
($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
|
543 |
-
($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
|
544 |
-
($this->match($pattern, $this->request->getHeader('Referer'), "Referer")) or
|
545 |
-
($this->match($pattern, $this->getServerValue('PATH_INFO'), "PATH_INFO")))) {
|
546 |
-
$this->request->updateRulesInfo(174, $this->currRuleInfo);
|
547 |
-
if ($isProtect) return true;
|
548 |
-
}
|
549 |
-
}
|
550 |
-
if (isset($rules[175])) {
|
551 |
-
$this->currRuleInfo = array();
|
552 |
-
$pattern = '`\\b(?i:eval)\\s*\\(\\s*(?i:base64_decode|exec|file_get_contents|gzinflate|passthru|shell_exec|stripslashes|system)\\s*\\(`';
|
553 |
-
if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
|
554 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")) or
|
555 |
-
($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
|
556 |
-
($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
|
557 |
-
$this->request->updateRulesInfo(175, $this->currRuleInfo);
|
558 |
-
if ($isProtect) return true;
|
559 |
-
}
|
560 |
-
}
|
561 |
-
if (isset($rules[176])) {
|
562 |
-
$this->currRuleInfo = array();
|
563 |
-
$pattern = '`(?:<\\?(?![Xx][Mm][Ll]).*?(?:\\$_?(?:COOKIE|ENV|FILES|GLOBALS|(?:GE|POS|REQUES)T|SE(RVER|SSION))\\s*[=\\[)]|\\b(?i:array_map|assert|base64_(?:de|en)code|curl_exec|eval|(?:ex|im)plode|file(?:_get_contents)?|fsockopen|function_exists|gzinflate|move_uploaded_file|passthru|[ep]reg_replace|phpinfo|stripslashes|strrev|substr|system|(?:shell_)?exec)\\s*(?:/\\*.+?\\*/\\s*)?\\())|#!/(?:usr|bin)/.+?\\s|\\W\\$\\{\\s*[\'"]\\w+[\'"]`';
|
564 |
-
if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
|
565 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")) or
|
566 |
-
($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
|
567 |
-
($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")))) {
|
568 |
-
$this->request->updateRulesInfo(176, $this->currRuleInfo);
|
569 |
-
if ($isProtect) return true;
|
570 |
-
}
|
571 |
-
}
|
572 |
-
if (isset($rules[177])) {
|
573 |
-
$this->currRuleInfo = array();
|
574 |
-
if ((($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getBody()) > 2) or
|
575 |
-
($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getQueryString()) > 2) or
|
576 |
-
($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getCookies()) > 2) or
|
577 |
-
($this->matchCount(BVWPFW::SQLIREGEX, $this->request->getHeader('User-Agent')) > 2))) {
|
578 |
-
$this->request->updateRulesInfo(177, $this->currRuleInfo);
|
579 |
-
if ($isProtect) return true;
|
580 |
-
}
|
581 |
-
}
|
582 |
-
if (isset($rules[178])) {
|
583 |
-
$this->currRuleInfo = array();
|
584 |
-
$pattern = '`(?: \\W(?:background(-image)?|-moz-binding)\\s*:[^}]*?\\burl\\s*\\([^)]+?(https?:)?//\\w|<(?i:applet|div|embed|form|i?frame(?:set)?|i(?:mg|sindex)|link|m(?:eta|arquee)|object|script|textarea)\\b.*=.*?>|\\bdocument\\s*\\.\\s*(?:body|cookie|domain|location|open|write(?:ln)?)\\b|\\blocation\\s*\\.\\s*(?:href|replace)\\b|\\bwindow\\s*\\.\\s*(?:open|location)\\b|\\b(?:alert|confirm|eval|expression|prompt|set(?:Timeout|Interval)|String\\s*\\.\\s*fromCharCode|\\.\\s*substr)\\b\\s*\\(.*?\\)|(?i)<\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>.*?<\\s*/\\s*s\\s*t\\s*y\\s*l\\s*e\\b.*?>|(?i)<[a-z].+?\\bon[a-z]{3,29}\\b\\s*=.{5}|(?i)<.+?\\bon[a-z]{3,29}\\b\\s*=\\s*[\'"](?!\\s*return false\\b).*?[\'"].+?>|(?i)<\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\b.*?>.*?<\\s*/\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t.*?>|<.+?(?i)\\b(?:href|(?:form)?action|background|code|data|location|name|poster|src|value)\\s*=\\s*[\'"]?(?:(?:f|ht)tps?:)?//\\w+\\.\\w|\\batob\\s*(?:[\'"\\x60]\\s*\\]\\s*)?\\(\\s*([\'"\\x60])[a-zA-Z0-9/+=]+\\1\\s*\\)|<.+?(?i)[a-z]+\\s*=.*?(?:java|vb)script:.+?> |<x:script\\b.*?>.*?</x:script.*?>|\\+A(?:Dw|ACIAPgA8)-.+?\\+AD4(?:APAAi)?-|[{}+[\\]\\s]\\+\\s*\\[\\s*]\\s*\\)\\s*\\[[{!}+[\\]\\s]|(?i)<[a-z]+/[a-z]+.+?=.+?>|\\[\\s*\\]\\s*\\[\\s*[\'"\\x60]filter[\'"\\x60]\\s*\\]\\s*\\[\\s*[\'"\\x60]constructor[\'"\\x60]\\s*\\]\\s*\\(\\s*|\\b(?:document|window|this)\\s*\\[.+?\\]\\s*[\\[(]|(?:(?:\\b(?:self|this|top|window)\\s*\\[.+?\\]|\\(\\s*(?:alert|confirm|eval|expression|prompt)\\s*\\)|\\[.*?\\]\\s*\\.\\s*find)|(?:\\.\\s*(?:re(?:ject|place)|constructor)))\\s*\\(.*?\\)|\\b(\\w+)\\s*=\\s*(?:alert|confirm|eval|expression|prompt)\\s*[;,]\\1\\s*\\(.*?\\))`';
|
585 |
-
if ((($this->match($pattern, $this->request->getBody(), "BODY")) or
|
586 |
-
($this->match($pattern, $this->request->getQueryString(), "GET")) or
|
587 |
-
($this->match($pattern, $this->request->getCookies(), "COOKIE")) or
|
588 |
-
($this->match($pattern, $this->request->getHeader('User-Agent'), "User-Agent")) or
|
589 |
-
($this->match($pattern, $this->request->getHeader('Referer'), "Referer")))) {
|
590 |
-
$this->request->updateRulesInfo(178, $this->currRuleInfo);
|
591 |
-
if ($isProtect) return true;
|
592 |
-
}
|
593 |
-
}
|
594 |
-
return false;
|
595 |
-
}
|
596 |
-
}
|
597 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protect/wp_lp/config.php
DELETED
@@ -1,82 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
if (!defined('ABSPATH')) exit;
|
4 |
-
if (!class_exists('BVWPLPConfig')) :
|
5 |
-
class BVWPLPConfig {
|
6 |
-
public $db;
|
7 |
-
public $settings;
|
8 |
-
public static $requests_table = 'lp_requests';
|
9 |
-
|
10 |
-
#mode
|
11 |
-
const DISABLED = 1;
|
12 |
-
const AUDIT = 2;
|
13 |
-
const PROTECT = 3;
|
14 |
-
|
15 |
-
public function __construct($db, $settings) {
|
16 |
-
$this->db = $db;
|
17 |
-
$this->settings = $settings;
|
18 |
-
}
|
19 |
-
|
20 |
-
public function setMode($mode) {
|
21 |
-
if (!$mode) {
|
22 |
-
$this->settings->deleteOption('bvlpmode');
|
23 |
-
} else {
|
24 |
-
$this->settings->updateOption('bvlpmode', intval($mode));
|
25 |
-
}
|
26 |
-
}
|
27 |
-
|
28 |
-
public function setCaptchaLimit($count) {
|
29 |
-
if (!$count) {
|
30 |
-
$this->settings->deleteOption('bvlpcaptchaLimit');
|
31 |
-
} else {
|
32 |
-
$this->settings->updateOption('bvlpcaptchaLimit', intval($count));
|
33 |
-
}
|
34 |
-
}
|
35 |
-
|
36 |
-
public function setTempBlockLimit($count) {
|
37 |
-
if (!$count) {
|
38 |
-
$this->settings->deleteOption('bvlptempblocklimit');
|
39 |
-
} else {
|
40 |
-
$this->settings->updateOption('bvlptempblocklimit', intval($count));
|
41 |
-
}
|
42 |
-
}
|
43 |
-
|
44 |
-
public function setBlockAllLimit($count) {
|
45 |
-
if (!$count) {
|
46 |
-
$this->settings->deleteOption('bvlpblockalllimit');
|
47 |
-
} else {
|
48 |
-
$this->settings->updateOption('bvlpblockalllimit', intval($count));
|
49 |
-
}
|
50 |
-
}
|
51 |
-
|
52 |
-
public function getMode() {
|
53 |
-
$mode = $this->settings->getOption('bvlpmode');
|
54 |
-
return intval($mode ? $mode : BVWPLPConfig::DISABLED);
|
55 |
-
}
|
56 |
-
|
57 |
-
public function getCaptchaLimit() {
|
58 |
-
$limit = $this->settings->getOption('bvlpcaptchalimit');
|
59 |
-
return ($limit ? $limit : 3);
|
60 |
-
}
|
61 |
-
|
62 |
-
public function getTempBlockLimit() {
|
63 |
-
$limit = $this->settings->getOption('bvlptempblocklimit');
|
64 |
-
return ($limit ? $limit : 10);
|
65 |
-
}
|
66 |
-
|
67 |
-
public function getBlockAllLimit() {
|
68 |
-
$limit = $this->settings->getOption('bvlpblockAlllimit');
|
69 |
-
return ($limit ? $limit : 100);
|
70 |
-
}
|
71 |
-
|
72 |
-
public function clear() {
|
73 |
-
$this->setMode(false);
|
74 |
-
$this->setCaptchaLimit(false);
|
75 |
-
$this->setTempBlockLimit(false);
|
76 |
-
$this->setBlockAllLimit(false);
|
77 |
-
$this->db->dropBVTable(BVWPLPConfig::$requests_table);
|
78 |
-
$this->settings->deleteOption('bvptplug');
|
79 |
-
return true;
|
80 |
-
}
|
81 |
-
}
|
82 |
-
endif;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
readme.txt
CHANGED
@@ -4,9 +4,9 @@ Tags: wpremote, remote administration, multiple wordpress, backup, wordpress bac
|
|
4 |
Plugin URI: https://wpremote.com/
|
5 |
Donate link: https://app.wpremote.com/home/signup
|
6 |
Requires at least: 4.0
|
7 |
-
Requires PHP: 5.4.0
|
8 |
Tested up to: 5.4
|
9 |
-
|
|
|
10 |
License: GPLv2 or later
|
11 |
License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
|
12 |
|
@@ -32,6 +32,13 @@ You can email us at support@wpremote.com for support.
|
|
32 |
3. Sign up for an account at wpremote.com and add your site.
|
33 |
|
34 |
== CHANGELOG ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
= 3.4 =
|
36 |
* Plugin branding fixes
|
37 |
|
4 |
Plugin URI: https://wpremote.com/
|
5 |
Donate link: https://app.wpremote.com/home/signup
|
6 |
Requires at least: 4.0
|
|
|
7 |
Tested up to: 5.4
|
8 |
+
Requires PHP: 5.4.0
|
9 |
+
Stable tag: 4.22
|
10 |
License: GPLv2 or later
|
11 |
License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
|
12 |
|
32 |
3. Sign up for an account at wpremote.com and add your site.
|
33 |
|
34 |
== CHANGELOG ==
|
35 |
+
= 4.22 =
|
36 |
+
* Sending plugname in request to backend servers
|
37 |
+
* Firewall in prepend mode
|
38 |
+
* Robust Firewall and Login protection
|
39 |
+
* Robust write callbacks
|
40 |
+
* Without FTP cleanup and restore support
|
41 |
+
|
42 |
= 3.4 =
|
43 |
* Plugin branding fixes
|
44 |
|
recover.php
CHANGED
@@ -44,4 +44,4 @@ if (!class_exists('WPRRecover')) :
|
|
44 |
return $account;
|
45 |
}
|
46 |
}
|
47 |
-
endif;
|
44 |
return $account;
|
45 |
}
|
46 |
}
|
47 |
+
endif;
|
wp_actions.php
CHANGED
@@ -36,8 +36,7 @@ if (!class_exists('WPRWPAction')) :
|
|
36 |
}
|
37 |
|
38 |
public static function uninstall() {
|
39 |
-
do_action('
|
40 |
-
do_action('clear_fw_config');
|
41 |
do_action('clear_ip_store');
|
42 |
do_action('clear_dynsync_config');
|
43 |
}
|
36 |
}
|
37 |
|
38 |
public static function uninstall() {
|
39 |
+
do_action('clear_pt_config');
|
|
|
40 |
do_action('clear_ip_store');
|
41 |
do_action('clear_dynsync_config');
|
42 |
}
|
wp_admin.php
CHANGED
@@ -7,10 +7,12 @@ class WPRWPAdmin {
|
|
7 |
public $settings;
|
8 |
public $siteinfo;
|
9 |
public $bvinfo;
|
|
|
10 |
|
11 |
-
function __construct($settings, $siteinfo) {
|
12 |
$this->settings = $settings;
|
13 |
$this->siteinfo = $siteinfo;
|
|
|
14 |
$this->bvinfo = new WPRInfo($this->settings);
|
15 |
}
|
16 |
|
@@ -22,6 +24,13 @@ class WPRWPAdmin {
|
|
22 |
}
|
23 |
}
|
24 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
25 |
public function initHandler() {
|
26 |
if (!current_user_can('activate_plugins'))
|
27 |
return;
|
@@ -50,8 +59,9 @@ class WPRWPAdmin {
|
|
50 |
$brand = $this->bvinfo->getBrandInfo();
|
51 |
if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
|
52 |
$bname = $this->bvinfo->getBrandName();
|
|
|
53 |
add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
|
54 |
-
array($this, 'adminPage'), plugins_url(
|
55 |
}
|
56 |
}
|
57 |
|
@@ -133,7 +143,10 @@ class WPRWPAdmin {
|
|
133 |
wp_enqueue_style( 'bvsurface', plugins_url('css/bvmui.min.css', __FILE__));
|
134 |
wp_enqueue_style( 'bvplugin', plugins_url('css/bvplugin.min.css', __FILE__));
|
135 |
if (isset($_REQUEST['bvnonce']) && wp_verify_nonce( $_REQUEST['bvnonce'], 'bvnonce' )) {
|
136 |
-
|
|
|
|
|
|
|
137 |
}
|
138 |
require_once dirname( __FILE__ ) . '/admin/header.php';
|
139 |
if (WPRAccount::isConfigured($this->settings)) {
|
7 |
public $settings;
|
8 |
public $siteinfo;
|
9 |
public $bvinfo;
|
10 |
+
public $bvapi;
|
11 |
|
12 |
+
function __construct($settings, $siteinfo, $bvapi = null) {
|
13 |
$this->settings = $settings;
|
14 |
$this->siteinfo = $siteinfo;
|
15 |
+
$this->bvapi = new WPRWPAPI($settings);
|
16 |
$this->bvinfo = new WPRInfo($this->settings);
|
17 |
}
|
18 |
|
24 |
}
|
25 |
}
|
26 |
|
27 |
+
function removeAdminNotices() {
|
28 |
+
if (array_key_exists('page', $_REQUEST) && $_REQUEST['page'] == $this->bvinfo->plugname) {
|
29 |
+
remove_all_actions('admin_notices');
|
30 |
+
remove_all_actions('all_admin_notices');
|
31 |
+
}
|
32 |
+
}
|
33 |
+
|
34 |
public function initHandler() {
|
35 |
if (!current_user_can('activate_plugins'))
|
36 |
return;
|
59 |
$brand = $this->bvinfo->getBrandInfo();
|
60 |
if (!$brand || (!array_key_exists('hide', $brand) && !array_key_exists('hide_from_menu', $brand))) {
|
61 |
$bname = $this->bvinfo->getBrandName();
|
62 |
+
$icon = $this->bvinfo->getBrandIcon();
|
63 |
add_menu_page($bname, $bname, 'manage_options', $this->bvinfo->plugname,
|
64 |
+
array($this, 'adminPage'), plugins_url($icon, __FILE__ ));
|
65 |
}
|
66 |
}
|
67 |
|
143 |
wp_enqueue_style( 'bvsurface', plugins_url('css/bvmui.min.css', __FILE__));
|
144 |
wp_enqueue_style( 'bvplugin', plugins_url('css/bvplugin.min.css', __FILE__));
|
145 |
if (isset($_REQUEST['bvnonce']) && wp_verify_nonce( $_REQUEST['bvnonce'], 'bvnonce' )) {
|
146 |
+
$info = array();
|
147 |
+
$this->siteinfo->basic($info);
|
148 |
+
$this->bvapi->pingbv('/bvapi/disconnect', $info, $_REQUEST['pubkey']);
|
149 |
+
WPRAccount::remove($this->settings, $_REQUEST['pubkey']);
|
150 |
}
|
151 |
require_once dirname( __FILE__ ) . '/admin/header.php';
|
152 |
if (WPRAccount::isConfigured($this->settings)) {
|
wp_api.php
CHANGED
@@ -8,30 +8,33 @@ if (!class_exists('WPRWPAPI')) :
|
|
8 |
public function __construct($settings) {
|
9 |
$this->settings = $settings;
|
10 |
}
|
11 |
-
|
12 |
public function pingbv($method, $body, $public = false) {
|
13 |
if ($public) {
|
14 |
-
$this->create_request_params($method, $public);
|
15 |
} else {
|
16 |
-
$
|
17 |
-
|
18 |
-
$this->create_request_params($method, $
|
19 |
}
|
20 |
}
|
21 |
}
|
22 |
|
23 |
-
public function create_request_params($method, $pubkey) {
|
24 |
$account = WPRAccount::find($this->settings, $pubkey);
|
25 |
$url = $account->authenticatedUrl($method);
|
26 |
$this->http_request($url, $body);
|
27 |
}
|
28 |
|
29 |
-
public function http_request($url, $body) {
|
30 |
$_body = array(
|
31 |
'method' => 'POST',
|
32 |
'timeout' => 15,
|
33 |
-
'body' => $body
|
34 |
-
|
|
|
|
|
|
|
35 |
return wp_remote_post($url, $_body);
|
36 |
}
|
37 |
}
|
8 |
public function __construct($settings) {
|
9 |
$this->settings = $settings;
|
10 |
}
|
11 |
+
|
12 |
public function pingbv($method, $body, $public = false) {
|
13 |
if ($public) {
|
14 |
+
$this->create_request_params($method, $body, $public);
|
15 |
} else {
|
16 |
+
$api_public_key = $this->settings->getOption('bvApiPublic');
|
17 |
+
if (!empty($api_public_key) && (strlen($api_public_key) >= 32)) {
|
18 |
+
$this->create_request_params($method, $body, $api_public_key);
|
19 |
}
|
20 |
}
|
21 |
}
|
22 |
|
23 |
+
public function create_request_params($method, $body, $pubkey) {
|
24 |
$account = WPRAccount::find($this->settings, $pubkey);
|
25 |
$url = $account->authenticatedUrl($method);
|
26 |
$this->http_request($url, $body);
|
27 |
}
|
28 |
|
29 |
+
public function http_request($url, $body, $headers = array()) {
|
30 |
$_body = array(
|
31 |
'method' => 'POST',
|
32 |
'timeout' => 15,
|
33 |
+
'body' => $body
|
34 |
+
);
|
35 |
+
if (!empty($headers)) {
|
36 |
+
$_body['headers'] = $headers;
|
37 |
+
}
|
38 |
return wp_remote_post($url, $_body);
|
39 |
}
|
40 |
}
|
wp_db.php
CHANGED
@@ -168,5 +168,19 @@ class WPRWPDb {
|
|
168 |
$table = $this->getBVTable($name);
|
169 |
return $wpdb->replace($table, $value);
|
170 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
171 |
}
|
172 |
-
endif;
|
168 |
$table = $this->getBVTable($name);
|
169 |
return $wpdb->replace($table, $value);
|
170 |
}
|
171 |
+
|
172 |
+
public function tinfo($name) {
|
173 |
+
$result = array();
|
174 |
+
$table = $this->getBVTable($name);
|
175 |
+
|
176 |
+
$result['name'] = $table;
|
177 |
+
|
178 |
+
if ($this->isTablePresent($table)) {
|
179 |
+
$result['exists'] = true;
|
180 |
+
$result['createquery'] = $this->showTableCreate($table);
|
181 |
+
}
|
182 |
+
|
183 |
+
return $result;
|
184 |
+
}
|
185 |
}
|
186 |
+
endif;
|
wp_dynsync.php
CHANGED
@@ -514,7 +514,6 @@ class BVWPDynSync {
|
|
514 |
/* These are applicable only in case of WPMU */
|
515 |
/* XNOTE: Handle registration_log_handler from within the server */
|
516 |
add_action('wpmu_new_blog', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
|
517 |
-
add_action('refresh_blog_details', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
|
518 |
add_action('delete_site_option',array($this, 'sitemeta_handler'), 10, 1);
|
519 |
add_action('add_site_option', array($this, 'sitemeta_handler'), 10, 1);
|
520 |
add_action('update_site_option', array($this, 'sitemeta_handler'), 10, 1);
|
514 |
/* These are applicable only in case of WPMU */
|
515 |
/* XNOTE: Handle registration_log_handler from within the server */
|
516 |
add_action('wpmu_new_blog', array($this, 'wpmu_new_blog_create_handler'), 10, 1);
|
|
|
517 |
add_action('delete_site_option',array($this, 'sitemeta_handler'), 10, 1);
|
518 |
add_action('add_site_option', array($this, 'sitemeta_handler'), 10, 1);
|
519 |
add_action('update_site_option', array($this, 'sitemeta_handler'), 10, 1);
|
wp_site_info.php
CHANGED
@@ -39,7 +39,7 @@ class WPRWPSiteInfo {
|
|
39 |
return is_main_site();
|
40 |
}
|
41 |
|
42 |
-
public function
|
43 |
$info = array();
|
44 |
$this->basic($info);
|
45 |
$info['dbsig'] = $this->dbsig(false);
|
@@ -51,12 +51,18 @@ class WPRWPSiteInfo {
|
|
51 |
$info['wpurl'] = $this->wpurl();
|
52 |
$info['siteurl'] = $this->siteurl();
|
53 |
$info['homeurl'] = $this->homeurl();
|
54 |
-
|
|
|
|
|
55 |
$info['abspath'] = ABSPATH;
|
56 |
}
|
57 |
|
58 |
public function serversig($full = false) {
|
59 |
-
$
|
|
|
|
|
|
|
|
|
60 |
if ($full)
|
61 |
return $sig;
|
62 |
else
|
@@ -75,5 +81,9 @@ class WPRWPSiteInfo {
|
|
75 |
else
|
76 |
return substr($sig, 0, 6);
|
77 |
}
|
|
|
|
|
|
|
|
|
78 |
}
|
79 |
endif;
|
39 |
return is_main_site();
|
40 |
}
|
41 |
|
42 |
+
public function info() {
|
43 |
$info = array();
|
44 |
$this->basic($info);
|
45 |
$info['dbsig'] = $this->dbsig(false);
|
51 |
$info['wpurl'] = $this->wpurl();
|
52 |
$info['siteurl'] = $this->siteurl();
|
53 |
$info['homeurl'] = $this->homeurl();
|
54 |
+
if (array_key_exists('SERVER_ADDR', $_SERVER)) {
|
55 |
+
$info['serverip'] = $_SERVER['SERVER_ADDR'];
|
56 |
+
}
|
57 |
$info['abspath'] = ABSPATH;
|
58 |
}
|
59 |
|
60 |
public function serversig($full = false) {
|
61 |
+
$sig_param = ABSPATH;
|
62 |
+
if (array_key_exists('SERVER_ADDR', $_SERVER)) {
|
63 |
+
$sig_param = $_SERVER['SERVER_ADDR'].ABSPATH;
|
64 |
+
}
|
65 |
+
$sig = sha1($sig_param);
|
66 |
if ($full)
|
67 |
return $sig;
|
68 |
else
|
81 |
else
|
82 |
return substr($sig, 0, 6);
|
83 |
}
|
84 |
+
|
85 |
+
public static function isCWServer() {
|
86 |
+
return isset($_SERVER['cw_allowed_ip']);
|
87 |
+
}
|
88 |
}
|
89 |
endif;
|