The WP Remote WordPress Plugin - Version 4.77

Version Description

  • Improved the landing pages.
  • Enhanced future vulnerability protection
  • IP Blocking Improvements
  • Improved firewall configuration for migrations
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 The WP Remote WordPress Plugin
Version 4.77
Comparing to
See all releases

Code changes from version 4.76 to 4.77

Files changed (14) hide show
  1. admin/components/testimony.php +1 -1
  2. css/bvplugin.min.css +1 -1
  3. img/wpr-testimony-alessio-santoro.jpg +0 -0
  4. info.php +14 -3
  5. plugin.php +1 -1
  6. protect/base.php +81 -0
  7. protect/fw/fw.php +103 -31
  8. protect/fw/request.php +5 -0
  9. protect/fw/rule_evaluator.php +123 -6
  10. protect/prepend/protect.php +3 -2
  11. protect/wp/ipstore.php +1 -50
  12. protect/wp/lp/lp.php +3 -0
  13. protect/wp/protect.php +8 -5
  14. readme.txt +7 -1
admin/components/testimony.php CHANGED
@@ -5,7 +5,7 @@
5
  <input type="radio" name="slides" id="radio-1" checked>
6
  <ul class="slides text-center">
7
  <li class="slide text-center">
8
- <img class="user" src="https://wpremote.com/wp-content/themes/generatepress_child/assets/images/alessio-santoro.jpg"/><br/>
9
  <p>
10
  <h1>&ldquo;</h1>
11
  <h4>"WP Remote Is superior to ALL OTHERS BY FAR.
5
  <input type="radio" name="slides" id="radio-1" checked>
6
  <ul class="slides text-center">
7
  <li class="slide text-center">
8
+ <img class="user" src="<?php echo plugins_url("/../../img/wpr-testimony-alessio-santoro.jpg", __FILE__); ?>"/><br/>
9
  <p>
10
  <h1>&ldquo;</h1>
11
  <h4>"WP Remote Is superior to ALL OTHERS BY FAR.
css/bvplugin.min.css CHANGED
@@ -1 +1 @@
1
- @import url('https://fonts.googleapis.com/css?family=Roboto:400, 500');@import url(https://fonts.googleapis.com/css2?family=Noto+Serif&display=swap);body a,body h1,body h2,body h3,body h4{font-family:Roboto,sans-serif}body button,body h5,body h6,body li,body p,body ul li a{font-family:Roboto,sans-serif}.text-center{text-align:center}.text-right{text-align:right}.d-flex{display:flex}.center-align-dflex{align-items:center;display:flex;justify-content:center;flex-direction:column}.h-100{height:100%}.mb-2{margin-bottom:20px}.mr-1{margin-right:10px}.mt-1{margin-top:10px}.float-right{float:right}.fw-600{font-weight:600}.text-white{color:#fff!important}.text-capitalize{text-transform:capitalize}.text-uppercase{text-transform:uppercase}input[type=checkbox]:checked::before{width:2.3rem;margin:-1px 0 0 -4px}input[type=checkbox]:focus{outline:unset!important}.color-grey{color:#4a4a4a!important}.color-blue{color:#7683ad!important}a{outline:unset!important;box-shadow:none!important}.custom-container{max-width:1440px;margin:auto}#wpcontent{padding:0!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#add-new-account #header .intro-video{display:none}#header{padding-top:77px;padding-bottom:40px;background-color:#e1f9fe;height:100%;position:relative;text-align:center}#header .top-links{position:absolute;top:15px;right:10px}#header .top-links a{text-decoration:underline}.wpremote #header a:hover{color:#050504}#header .heading{font-family:Roboto;font-style:normal;font-size:22px;font-weight:500}#header .intro-video,#list-features .intro-video{padding:10px 25px;background:rgba(255,255,255);border:1px solid #e3ebfd;box-sizing:border-box;border-radius:8px;max-width:300px;font-family:Lato;font-weight:400;font-style:normal;font-size:14px;line-height:17px;color:#7683ad;margin:auto;margin-top:15px}#list-features .intro-video{margin:unset;margin-top:50px}.email-form{margin-top:10px}.email-form h5.check-box-text input.check-box{position:relative;width:20px;height:20px;margin:0 0 5px 0;border-radius:4px}.email-form h5.check-box-text{font-style:normal;font-weight:400;font-size:14px;line-height:17px;text-align:center;letter-spacing:.291667px;color:#4a4a4a;margin:15px 5px}.email-form .search-container label>a{text-decoration:underline}.email-form input.search{background:#fff;box-sizing:border-box;box-shadow:0 2px 10px rgba(204,203,203,.4);border-radius:8px;padding:25px;max-width:600px;width:100%;font-family:Roboto;font-weight:400;font-size:16px;line-height:10px;letter-spacing:.319444px;height:52px}.wpremote .email-form input.search{border:1px solid rgba(255,216,3,.5)}.email-form .e-mail-button{border:1px solid #e5e5e5;box-sizing:border-box;padding:25px;max-width:600px;width:100%;border-radius:8px;font-style:normal;font-weight:600;font-size:17px;line-height:1px;text-align:center;letter-spacing:.333333px;color:#4a4a4a}.email-form .e-mail-button span{color:#050504}.email-form .e-mail-button:active{transform:translateY(.5px)}.wpremote .email-form .e-mail-button{background:#ffd803}#account-list h4,#footer h4,#list-features h4{font-family:Roboto;font-weight:500;font-style:normal;font-size:24px;line-height:28px;text-align:center;letter-spacing:.416667px;color:#4a4a4a}#account-list h5,#footer h5,#list-features h5{font-family:Roboto;font-weight:400;font-style:normal;font-size:12px;line-height:28px;text-align:center;letter-spacing:.8px;text-transform:uppercase}.wpremote h5{color:#2f9d92}#footer .brand{justify-content:center}#footer .brand img{margin:0 15px}#footer .heading{margin-bottom:30px}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#account-list,#footer,#list-features{padding:50px 0}#list-features .heading{padding-bottom:20px}.wpremote #list-features img.main-image{width:100%}#list-features ul{list-style:inside}#list-features li{font-size:12px}#list-features #accordion input{display:none}#list-features #accordion{background:#fff;font-family:Roboto;font-style:normal}#list-features #accordion h4{color:#333;font-weight:500;font-size:18px;line-height:24px;text-align:left}#list-features #accordion h5{color:#2f9d92;font-weight:400;font-size:11px;line-height:22px;letter-spacing:.5px}.wpremote #list-features #accordion h5{color:#2f9d92}#list-features #accordion label{border-radius:8px;display:block;margin-bottom:.125em;padding:.25em 1em;z-index:20}#list-features #accordion label:hover{text-decoration:underline}#list-features #accordion .article{display:none;overflow:hidden;z-index:10;font-weight:400;font-size:14px;line-height:22px;padding:.25em 1em;color:#888}#list-features #accordion input:checked~.acc-card{border:1px solid rgba(101,99,255,.3);box-sizing:border-box;box-shadow:0 2px 8px rgba(229,229,229,.25);border-radius:8px;background:rgba(225,249,254,.3)}#list-features #accordion input:checked~.acc-card .article{display:block}#account-list .account-list-container{width:800px;margin:auto;padding:20px;box-sizing:border-box;box-shadow:2px 2px 9px rgb(212 212 212),0 0 9px rgb(212 212 212);border-radius:11.5px}#account-list table{min-width:700px;margin:auto;margin-top:30px}#account-list .table-container{max-height:340px;overflow:auto}#account-list table input.button-primary{box-shadow:unset}#account-list .table-container::-webkit-scrollbar{width:6px;height:6px}#account-list .table-container::-webkit-scrollbar-thumb{background:#ccc;border-radius:10px;width:6px;height:6px}#account-list table tr th{text-align:center}#account-list table tr td{padding:10px}#testimony{overflow:hidden}#testimony .carousel{padding-top:80px;text-align:center;height:auto;width:100%;margin:auto;position:relative}#testimony .slide h1{font-family:"Noto Serif";font-style:normal;font-weight:400;font-size:144px;line-height:51px;text-align:center;letter-spacing:.9px;color:#7b7afe;padding:20px;max-width:1440px;margin:auto}#testimony .slide h4{font-family:Roboto;font-style:normal;font-weight:400;font-size:28px;line-height:46px;text-align:center;letter-spacing:.2px;color:#fff;padding:20px;max-width:1440px;margin:auto}#testimony .slide h5{font-family:Roboto;font-style:normal;font-weight:400;font-size:18px;line-height:21px;text-align:center;letter-spacing:.15px;color:#fff;mix-blend-mode:normal;opacity:.58;margin:20px}#testimony .carousel .slides{width:400%;left:0;padding-left:0;padding-top:1em;list-style:none;position:relative;-webkit-transition:transform .5s;-moz-transition:transform .5s;-o-transition:transform .5s;transition:transform .5s}#testimony .carousel .slide .user{position:relative;top:-90px;border-radius:50%;height:140px;width:140px}#testimony .carousel .slide-div{background:#2d3a67;width:100%}#testimony .carousel .slides li{width:25%;position:relative;float:left}#testimony .carousel li p{margin-top:0}#testimony .carousel .slidesNavigation{display:inline-block;list-style:none;margin:40px}#testimony .carousel input{display:none}#testimony .carousel .slidesNavigation label{float:left;margin:6px;display:block;height:10px;width:10px;-webkit-border-radius:50%;border-radius:50%;border:solid 1px #fff;background:#fff;opacity:.4;font-size:0}#radio-1:checked~.slides{transform:translateX(0)}#radio-2:checked~.slides{transform:translateX(-25%)}#radio-3:checked~.slides{transform:translateX(-50%)}#radio-4:checked~.slides{transform:translateX(-75%)}#testimony .carousel #radio-1:checked~.slidesNavigation label#dotForRadio-1,#testimony .carousel #radio-2:checked~.slidesNavigation label#dotForRadio-2,#testimony .carousel #radio-3:checked~.slidesNavigation label#dotForRadio-3,#testimony .carousel #radio-4:checked~.slidesNavigation label#dotForRadio-4{opacity:1}@media (max-width:624px){#get-started span{display:none}#get-started:before{font-size:13px;content:"Submit"}#footer .brand{justify-content:center}#footer .brand img{margin:20px;display:inline-block}.email-form .search-container label{font-size:11px}#header .heading{font-size:18px}#header .logo-img img{height:60px}#header .intro-video,#list-features .intro-video{max-width:77%}#list-features .intro-video{margin-bottom:15px}#list-features img.main-image{width:100%}#account-list .account-list-container{width:unset;box-shadow:unset;margin:0 10px}#account-list a.btn{margin-bottom:10px}}@media (max-width:1024px){.man-img{display:none}.d-flex{display:inline-block}.intro-video{margin:auto;margin-bottom:70px}}@media (min-width:1024px) and (max-width:1367px){#get-started span{display:none}#get-started:before{content:"Submit"}}@media (min-width:768px){.justify-content-center{justify-content:center}}@media (max-width:1440px){.row{margin-left:0!important;margin-right:0!important}}
1
+ @import url('https://fonts.googleapis.com/css?family=Roboto:400, 500');@import url(https://fonts.googleapis.com/css2?family=Noto+Serif&display=swap);body a,body h1,body h2,body h3,body h4{font-family:Roboto,sans-serif}body button,body h5,body h6,body li,body p,body ul li a{font-family:Roboto,sans-serif}.text-center{text-align:center}.text-right{text-align:right}.d-flex{display:flex}.center-align-dflex{align-items:center;display:flex;justify-content:center;flex-direction:column}.h-100{height:100%}.mb-2{margin-bottom:20px}.mr-1{margin-right:10px}.mt-1{margin-top:10px}.float-right{float:right}.fw-600{font-weight:600}.text-white{color:#fff!important}.text-capitalize{text-transform:capitalize}.text-uppercase{text-transform:uppercase}input[type=checkbox]:checked::before{width:2.3rem;margin:-1px 0 0 -4px}input[type=checkbox]:focus{outline:unset!important}.color-grey{color:#4a4a4a!important}.color-blue{color:#7683ad!important}a{outline:unset!important;box-shadow:none!important}.custom-container{max-width:1440px;margin:auto}#wpcontent{padding:0!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#add-new-account #header .intro-video{display:none}#header{padding-top:77px;padding-bottom:40px;background-color:#e1f9fe;height:100%;position:relative;text-align:center}#header .top-links{position:absolute;top:15px;right:10px}#header .top-links a{text-decoration:underline}.wpremote #header a:hover{color:#050504}#header .heading{font-family:Roboto;font-style:normal;font-size:22px;font-weight:500}#header .intro-video,#list-features .intro-video{padding:10px 25px;background:rgba(255,255,255);border:1px solid #e3ebfd;box-sizing:border-box;border-radius:8px;max-width:300px;font-family:Lato;font-weight:400;font-style:normal;font-size:14px;line-height:17px;color:#7683ad;margin:auto;margin-top:15px}#list-features .intro-video{margin:unset;margin-top:50px}.email-form{margin-top:10px}.email-form h5.check-box-text input.check-box{position:relative;width:20px;height:20px;margin:0 0 5px 0;border-radius:4px}.email-form h5.check-box-text{font-style:normal;font-weight:400;font-size:14px;line-height:17px;text-align:center;letter-spacing:.291667px;color:#4a4a4a;margin:15px 5px}.email-form .search-container label>a{text-decoration:underline}.email-form input.search{background:#fff;box-sizing:border-box;box-shadow:0 2px 10px rgba(204,203,203,.4);border-radius:8px;padding:25px;max-width:600px;width:100%;font-family:Roboto;font-weight:400;font-size:16px;line-height:10px;letter-spacing:.319444px;height:52px}.wpremote .email-form input.search{border:1px solid rgba(255,216,3,.5)}.email-form .e-mail-button{border:1px solid #e5e5e5;box-sizing:border-box;padding:25px;max-width:600px;width:100%;border-radius:8px;font-style:normal;font-weight:600;font-size:17px;line-height:1px;text-align:center;letter-spacing:.333333px;color:#4a4a4a}.email-form .e-mail-button span{color:#050504}.email-form .e-mail-button:active{transform:translateY(.5px)}.wpremote .email-form .e-mail-button{background:#ffd803}#account-list h4,#footer h4,#list-features h4{font-family:Roboto;font-weight:500;font-style:normal;font-size:24px;line-height:28px;text-align:center;letter-spacing:.416667px;color:#4a4a4a}#account-list h5,#footer h5,#list-features h5{font-family:Roboto;font-weight:400;font-style:normal;font-size:12px;line-height:28px;text-align:center;letter-spacing:.8px;text-transform:uppercase}.wpremote h5{color:#2f9d92}#footer .brand{justify-content:center}#footer .brand img{margin:0 15px}#footer .heading{margin-bottom:30px}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#wpbody-content{padding-bottom:65px;float:left;width:100%;overflow:visible!important}#account-list,#footer,#list-features{padding:50px 0}#list-features .heading{padding-bottom:20px}.wpremote #list-features img.main-image{width:100%}#list-features ul{list-style:inside}#list-features li{font-size:12px}#list-features #accordion input{display:none}#list-features #accordion{background:#fff;font-family:Roboto;font-style:normal}#list-features #accordion h4{color:#333;font-weight:500;font-size:18px;line-height:24px;text-align:left}#list-features #accordion h5{color:#2f9d92;font-weight:400;font-size:11px;line-height:22px;letter-spacing:.5px}.wpremote #list-features #accordion h5{color:#2f9d92}#list-features #accordion label{border-radius:8px;display:block;margin-bottom:.125em;padding:.25em 1em;z-index:20}#list-features #accordion label:hover{text-decoration:underline}#list-features #accordion .article{display:none;overflow:hidden;z-index:10;font-weight:400;font-size:14px;line-height:22px;padding:.25em 1em;color:#888}#list-features #accordion input:checked~.acc-card{border:1px solid rgba(101,99,255,.3);box-sizing:border-box;box-shadow:0 2px 8px rgba(229,229,229,.25);border-radius:8px;background:rgba(225,249,254,.3)}#list-features #accordion input:checked~.acc-card .article{display:block}#account-list .account-list-container{width:800px;margin:auto;padding:20px;box-sizing:border-box;box-shadow:2px 2px 9px rgb(212 212 212),0 0 9px rgb(212 212 212);border-radius:11.5px}#account-list table{min-width:700px;margin:auto;margin-top:30px}#account-list .table-container{max-height:340px;overflow:auto}#account-list table input.button-primary{box-shadow:unset}#account-list .table-container::-webkit-scrollbar{width:6px;height:6px}#account-list .table-container::-webkit-scrollbar-thumb{background:#ccc;border-radius:10px;width:6px;height:6px}#account-list table tr th{text-align:center}#account-list table tr td{padding:10px}#testimony{overflow:hidden}#testimony .carousel{padding-top:80px;text-align:center;height:auto;width:100%;margin:auto;position:relative}#testimony .slide h1{font-family:"Noto Serif";font-style:normal;font-weight:400;font-size:144px;line-height:51px;text-align:center;letter-spacing:.9px;color:#7b7afe;padding:20px;max-width:1440px;margin:auto}#testimony .slide h4{font-family:Roboto;font-style:normal;font-weight:400;font-size:28px;line-height:46px;text-align:center;letter-spacing:.2px;color:#fff;padding:20px;max-width:1440px;margin:auto}#testimony .slide h5{font-family:Roboto;font-style:normal;font-weight:400;font-size:18px;line-height:21px;text-align:center;letter-spacing:.15px;color:#fff;mix-blend-mode:normal;opacity:.58;margin:20px}#testimony .carousel .slides{width:400%;left:0;padding-left:0;padding-top:1em;list-style:none;position:relative;-webkit-transition:transform .5s;-moz-transition:transform .5s;-o-transition:transform .5s;transition:transform .5s}#testimony .carousel .slide .user{position:relative;top:-90px;border-radius:50%;height:140px;width:140px;object-fit:cover}#testimony .carousel .slide-div{background:#2d3a67;width:100%}#testimony .carousel .slides li{width:25%;position:relative;float:left}#testimony .carousel li p{margin-top:0}#testimony .carousel .slidesNavigation{display:inline-block;list-style:none;margin:40px}#testimony .carousel input{display:none}#testimony .carousel .slidesNavigation label{float:left;margin:6px;display:block;height:10px;width:10px;-webkit-border-radius:50%;border-radius:50%;border:solid 1px #fff;background:#fff;opacity:.4;font-size:0}#radio-1:checked~.slides{transform:translateX(0)}#radio-2:checked~.slides{transform:translateX(-25%)}#radio-3:checked~.slides{transform:translateX(-50%)}#radio-4:checked~.slides{transform:translateX(-75%)}#testimony .carousel #radio-1:checked~.slidesNavigation label#dotForRadio-1,#testimony .carousel #radio-2:checked~.slidesNavigation label#dotForRadio-2,#testimony .carousel #radio-3:checked~.slidesNavigation label#dotForRadio-3,#testimony .carousel #radio-4:checked~.slidesNavigation label#dotForRadio-4{opacity:1}@media (max-width:624px){#get-started span{display:none}#get-started:before{font-size:13px;content:"Submit"}#footer .brand{justify-content:center}#footer .brand img{margin:20px;display:inline-block}.email-form .search-container label{font-size:11px}#header .heading{font-size:18px}#header .logo-img img{height:60px}#header .intro-video,#list-features .intro-video{max-width:77%}#list-features .intro-video{margin-bottom:15px}#list-features img.main-image{width:100%}#account-list .account-list-container{width:unset;box-shadow:unset;margin:0 10px}#account-list a.btn{margin-bottom:10px}}@media (max-width:1024px){.man-img{display:none}.d-flex{display:inline-block}.intro-video{margin:auto;margin-bottom:70px}}@media (min-width:1024px) and (max-width:1367px){#get-started span{display:none}#get-started:before{content:"Submit"}}@media (min-width:768px){.justify-content-center{justify-content:center}}@media (max-width:1440px){.row{margin-left:0!important;margin-right:0!important}}
img/wpr-testimony-alessio-santoro.jpg ADDED
Binary file
info.php CHANGED
@@ -10,7 +10,7 @@ if (!class_exists('WPRInfo')) :
10
  public $badgeinfo = 'wprbadge';
11
  public $ip_header_option = 'wpripheader';
12
  public $brand_option = 'wprbrand';
13
- public $version = '4.76';
14
  public $webpage = 'https://wpremote.com';
15
  public $appurl = 'https://app.wpremote.com';
16
  public $slug = 'wpremote/plugin.php';
@@ -103,8 +103,19 @@ if (!class_exists('WPRInfo')) :
103
  return ($this->getWatchTime() > $expiry_time);
104
  }
105
 
 
 
 
 
 
 
 
 
 
 
 
106
  public function isProtectModuleEnabled() {
107
- return $this->isServiceActive("protect");
108
  }
109
 
110
  public function isDynSyncModuleEnabled() {
@@ -130,7 +141,7 @@ if (!class_exists('WPRInfo')) :
130
  }
131
 
132
  public function isMalcare() {
133
- return $this->getBrandName() === 'MalCare - Pro';
134
  }
135
 
136
  public function isBlogvault() {
10
  public $badgeinfo = 'wprbadge';
11
  public $ip_header_option = 'wpripheader';
12
  public $brand_option = 'wprbrand';
13
+ public $version = '4.77';
14
  public $webpage = 'https://wpremote.com';
15
  public $appurl = 'https://app.wpremote.com';
16
  public $slug = 'wpremote/plugin.php';
103
  return ($this->getWatchTime() > $expiry_time);
104
  }
105
 
106
+ public function isValidEnvironment(){
107
+ $bvsiteinfo = new WPRWPSiteInfo();
108
+ $siteurl = $bvsiteinfo->siteurl();
109
+ $bvconfig = $this->config;
110
+ if ($bvconfig && array_key_exists("abspath", $bvconfig) &&
111
+ array_key_exists("siteurl", $bvconfig) && !empty($siteurl)) {
112
+ return ($bvconfig["abspath"] == ABSPATH && $bvconfig["siteurl"] == $siteurl);
113
+ }
114
+ return true;
115
+ }
116
+
117
  public function isProtectModuleEnabled() {
118
+ return $this->isServiceActive("protect") && $this->isValidEnvironment();
119
  }
120
 
121
  public function isDynSyncModuleEnabled() {
141
  }
142
 
143
  public function isMalcare() {
144
+ return $this->getBrandName() === 'MalCare';
145
  }
146
 
147
  public function isBlogvault() {
plugin.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://wpremote.com
5
  Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
6
  Author: WP Remote
7
  Author URI: https://wpremote.com
8
- Version: 4.76
9
  Network: True
10
  */
11
 
5
  Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
6
  Author: WP Remote
7
  Author URI: https://wpremote.com
8
+ Version: 4.77
9
  Network: True
10
  */
11
 
protect/base.php CHANGED
@@ -25,5 +25,86 @@ class BVProtectBase {
25
 
26
  return $ip;
27
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  }
29
  endif;
25
 
26
  return $ip;
27
  }
28
+
29
+ public static function hasIPv6Support() {
30
+ return defined('AF_INET6');
31
+ }
32
+
33
+ public static function isValidIP($ip) {
34
+ return filter_var($ip, FILTER_VALIDATE_IP) !== false;
35
+ }
36
+
37
+ public static function bvInetPton($ip) {
38
+ $pton = self::isValidIP($ip) ? (self::hasIPv6Support() ? inet_pton($ip) : self::_bvInetPton($ip)) : false;
39
+ return $pton;
40
+ }
41
+
42
+ public static function _bvInetPton($ip) {
43
+ if (preg_match('/^(?:\d{1,3}(?:\.|$)){4}/', $ip)) {
44
+ $octets = explode('.', $ip);
45
+ $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
46
+ return $bin;
47
+ }
48
+
49
+ if (preg_match('/^((?:[\da-f]{1,4}(?::|)){0,8})(::)?((?:[\da-f]{1,4}(?::|)){0,8})$/i', $ip)) {
50
+ if ($ip === '::') {
51
+ return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
52
+ }
53
+ $colon_count = substr_count($ip, ':');
54
+ $dbl_colon_pos = strpos($ip, '::');
55
+ if ($dbl_colon_pos !== false) {
56
+ $ip = str_replace('::', str_repeat(':0000',
57
+ (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
58
+ $ip = trim($ip, ':');
59
+ }
60
+
61
+ $ip_groups = explode(':', $ip);
62
+ $ipv6_bin = '';
63
+ foreach ($ip_groups as $ip_group) {
64
+ $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
65
+ }
66
+
67
+ return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
68
+ }
69
+
70
+ if (preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:|(?:0{1,4}\:){5})ffff\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i', $ip, $matches)) {
71
+ $octets = explode('.', $matches[1]);
72
+ return chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
73
+ }
74
+
75
+ return false;
76
+ }
77
+
78
+ public static function isIPInRange($start_ip_range, $end_ip_range, $ip) {
79
+ $bin_ip = null;
80
+ if ($ip) {
81
+ $bin_ip = self::bvInetPton($ip);
82
+ }
83
+ if ($bin_ip && $bin_ip >= self::bvInetPton($start_ip_range)
84
+ && $bin_ip <= self::bvInetPton($end_ip_range)) {
85
+ return true;
86
+ }
87
+ return false;
88
+ }
89
+
90
+ public static function isPrivateIP($ip) {
91
+ $private_ip_ranges = array(
92
+ array("10.0.0.0", "10.255.255.255"),
93
+ array("172.16.0.0", "172.31.255.255"),
94
+ array("192.168.0.0", "192.168.255.255"),
95
+ array("127.0.0.1", "127.255.255.255"),
96
+ array("::1","::1"),
97
+ array("fc00::","fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")
98
+ );
99
+
100
+ $result = false;
101
+ foreach ($private_ip_ranges as $ip_range) {
102
+ $result = self::isIPInRange($ip_range[0], $ip_range[1], $ip);
103
+ if($result) {
104
+ return $result;
105
+ }
106
+ }
107
+ return $result;
108
+ }
109
  }
110
  endif;
protect/fw/fw.php CHANGED
@@ -12,9 +12,16 @@ class BVFW {
12
  public $ipstore;
13
  public $category;
14
  public $logger;
15
- public $ruleSet;
 
16
  public $ruleEvaluator;
17
  public $break_rule_evaluation;
 
 
 
 
 
 
18
 
19
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
20
  @@HOSTNAME|
@@ -53,17 +60,26 @@ class BVFW {
53
  const IP_COOKIE = "bvfw-ip-cookie";
54
  const PREVENT_CACHE_COOKIE = "wp-bvfw-prevent-cache-cookie";
55
 
56
- public function __construct($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
 
57
  $this->config = new BVFWConfig($confHash);
58
  $this->request = new BVWPRequest($ip);
59
  $this->bvinfo = $bvinfo;
60
  $this->ipstore = $ipstore;
61
  $this->logger = $logger;
62
- $this->ruleSet = $ruleSet;
63
- $this->ruleEvaluator = new BVFWRuleEvaluator($this->request);
64
  $this->break_rule_evaluation = false;
65
  }
66
 
 
 
 
 
 
 
 
 
67
  public function setcookie($name, $value, $expire) {
68
  $path = $this->config->cookiePath;
69
  $cookie_domain = $this->config->cookieDomain;
@@ -162,8 +178,8 @@ class BVFW {
162
  if ($this->config->isCompleteLoggingEnabled()) {
163
  $canlog = true;
164
  } else if ($this->config->isVisitorLoggingEnabled()) {
165
- $canlog = !$this->hasValidBypassCookie() &&
166
- (!function_exists('is_user_logged_in') || !is_user_logged_in());
167
  }
168
  return $canlog;
169
  }
@@ -215,6 +231,10 @@ class BVFW {
215
  $this->request->setCategory(BVWPRequest::WHITELISTED);
216
  $this->request->setStatus(BVWPRequest::BYPASSED);
217
  return true;
 
 
 
 
218
  }
219
  return false;
220
  }
@@ -251,16 +271,53 @@ class BVFW {
251
  if ($this->isBlacklistedIP()) {
252
  $this->terminateRequest(BVWPRequest::BLACKLISTED);
253
  }
254
- if ($this->config->isRulesModeEnabled()) {
255
- if (is_array($this->ruleSet)) {
256
- $this->evaluateRules($this->ruleSet);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
257
  } else {
258
- $this->request->updateRulesInfo('errors', 'ruleset', 'Invalid RuleSet');
259
  }
260
  }
261
  }
262
  }
263
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
264
  public function matchCount($pattern, $subject) {
265
  $count = 0;
266
  if (is_array($subject)) {
@@ -389,52 +446,67 @@ class BVFW {
389
  foreach ($ruleSet as $rule) {
390
  $id = $rule["id"];
391
  $ruleLogic = $rule["rule_logic"];
392
- $actions = $rule["actions"];
393
- $min_rule_engine_ver = $rule["min_rule_engine_ver"];
394
  $this->ruleEvaluator->resetErrors();
395
 
396
- if (BVFWRuleEvaluator::VERSION >= $min_rule_engine_ver) {
397
- if ($this->ruleEvaluator->evaluateRule($ruleLogic) && empty($this->ruleEvaluator->getErrors())) {
398
- $this->request->updateMatchedRules($id);
399
- $this->executeActions($actions);
400
- } elseif (!empty($this->ruleEvaluator->getErrors())) {
401
- $this->request->updateRulesInfo("errors", (string) $id, $this->ruleEvaluator->getErrors());
402
- }
403
  }
 
404
  if ($this->break_rule_evaluation) {
405
  return;
406
  }
407
  }
408
  }
409
 
410
- function executeActions($actions){
411
- foreach($actions as $action) {
 
 
 
 
 
412
  switch ($action["type"]) {
413
  case "ALLOW":
414
  $this->break_rule_evaluation = true;
415
  $this->request->setCategory(BVWPRequest::RULE_ALLOWED);
416
  return;
417
  case "BLOCK":
418
- $this->terminateRequest(BVWPRequest::RULE_BLOCKED);
 
 
419
  return;
420
  case "INSPECT":
421
  $this->inspectRequest();
422
  break;
423
- case "DEBUG":
424
- //TODO
425
- break;
426
- case "SCRUB":
427
- //TODO
428
- break;
429
- case "FILTER":
430
- //TODO
431
- break;
432
  }
433
  }
434
  }
435
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
436
  public function inspectRequest() {
437
  $this->request->updateRulesInfo('inspect', "headers", $this->request->getHeaders());
 
 
 
 
 
 
438
  $this->request->updateRulesInfo('inspect', "getParams", $this->request->getGetParams());
439
  $this->request->updateRulesInfo('inspect', "postParams", $this->getPostParamsToLog($this->request->getPostParams()));
440
  $this->request->updateRulesInfo('inspect', "cookies", $this->request->getCookies());
12
  public $ipstore;
13
  public $category;
14
  public $logger;
15
+ public $generic_rule_set = array();
16
+ public $wpf_rule_set = array();
17
  public $ruleEvaluator;
18
  public $break_rule_evaluation;
19
+ public $ruleActions = array();
20
+ private static $instance = null;
21
+
22
+ #RuleLevels
23
+ const GENERIC = 1;
24
+ const WPF = 2;
25
 
26
  const SQLIREGEX = '/(?:[^\\w<]|\\/\\*\\![0-9]*|^)(?:
27
  @@HOSTNAME|
60
  const IP_COOKIE = "bvfw-ip-cookie";
61
  const PREVENT_CACHE_COOKIE = "wp-bvfw-prevent-cache-cookie";
62
 
63
+ #singleton design
64
+ private function __construct($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
65
  $this->config = new BVFWConfig($confHash);
66
  $this->request = new BVWPRequest($ip);
67
  $this->bvinfo = $bvinfo;
68
  $this->ipstore = $ipstore;
69
  $this->logger = $logger;
70
+ $this->initializeLevelWiseRuleSets($ruleSet);
71
+ $this->ruleEvaluator = new BVFWRuleEvaluator($this);
72
  $this->break_rule_evaluation = false;
73
  }
74
 
75
+ public static function getInstance($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet) {
76
+ if (!isset(self::$instance)) {
77
+ self::$instance = new BVFW($logger, $confHash, $ip, $bvinfo, $ipstore, $ruleSet);
78
+ }
79
+
80
+ return self::$instance;
81
+ }
82
+
83
  public function setcookie($name, $value, $expire) {
84
  $path = $this->config->cookiePath;
85
  $cookie_domain = $this->config->cookieDomain;
178
  if ($this->config->isCompleteLoggingEnabled()) {
179
  $canlog = true;
180
  } else if ($this->config->isVisitorLoggingEnabled()) {
181
+ $canlog = ($this->request->hasMatchedRules()) || (!$this->hasValidBypassCookie() &&
182
+ (!function_exists('is_user_logged_in') || !is_user_logged_in()));
183
  }
184
  return $canlog;
185
  }
231
  $this->request->setCategory(BVWPRequest::WHITELISTED);
232
  $this->request->setStatus(BVWPRequest::BYPASSED);
233
  return true;
234
+ } else if(BVProtectBase::isPrivateIP($this->request->getIP())) {
235
+ $this->request->setCategory(BVWPRequest::PRIVATEIP);
236
+ $this->request->setStatus(BVWPRequest::BYPASSED);
237
+ return true;
238
  }
239
  return false;
240
  }
271
  if ($this->isBlacklistedIP()) {
272
  $this->terminateRequest(BVWPRequest::BLACKLISTED);
273
  }
274
+ }
275
+ }
276
+
277
+ public function canExecuteRules() {
278
+ if (!$this->isWhitelistedIP() && $this->config->isRulesModeEnabled()) {
279
+ return true;
280
+ }
281
+ return false;
282
+ }
283
+
284
+ public function initializeLevelWiseRuleSets($rule_set) {
285
+ if (!is_array($rule_set)) {
286
+ $this->request->updateRulesInfo('errors', 'ruleset', 'Invalid RuleSet');
287
+ return;
288
+ }
289
+
290
+ foreach ($rule_set as $rule) {
291
+ if (BVFWRuleEvaluator::VERSION >= $rule["min_rule_engine_ver"]) {
292
+ if (array_key_exists("level", $rule) && $rule["level"] == BVFW::WPF) {
293
+ array_push($this->wpf_rule_set, $rule);
294
  } else {
295
+ array_push($this->generic_rule_set, $rule);
296
  }
297
  }
298
  }
299
  }
300
 
301
+ public function ruleSetToExecute() {
302
+ $rule_set = array();
303
+ if ($this->isWpLoaded()) {
304
+ $rule_set = $this->wpf_rule_set;
305
+ }
306
+ if (!defined('MCWAFLOADED') && !$this->hasValidBypassCookie()) {
307
+ $rule_set = array_merge($rule_set, $this->generic_rule_set);
308
+ }
309
+ return $rule_set;
310
+ }
311
+
312
+ public function executeRules() {
313
+ if (!$this->canExecuteRules()) {
314
+ return;
315
+ }
316
+
317
+ $rule_set = $this->ruleSetToExecute();
318
+ $this->evaluateRules($rule_set);
319
+ }
320
+
321
  public function matchCount($pattern, $subject) {
322
  $count = 0;
323
  if (is_array($subject)) {
446
  foreach ($ruleSet as $rule) {
447
  $id = $rule["id"];
448
  $ruleLogic = $rule["rule_logic"];
449
+ $this->ruleActions[$id] = $rule["actions"];
 
450
  $this->ruleEvaluator->resetErrors();
451
 
452
+ if ($this->ruleEvaluator->evaluateRule($ruleLogic) && empty($this->ruleEvaluator->getErrors())) {
453
+ $this->handleMatchedRule($id);
454
+ } elseif (!empty($this->ruleEvaluator->getErrors())) {
455
+ $this->request->updateRulesInfo("errors", (string) $id, $this->ruleEvaluator->getErrors());
 
 
 
456
  }
457
+
458
  if ($this->break_rule_evaluation) {
459
  return;
460
  }
461
  }
462
  }
463
 
464
+ function handleMatchedRule($id) {
465
+ $this->request->updateMatchedRules($id);
466
+ $this->executeActions($id);
467
+ }
468
+
469
+ function executeActions($id){
470
+ foreach($this->ruleActions[$id] as $action) {
471
  switch ($action["type"]) {
472
  case "ALLOW":
473
  $this->break_rule_evaluation = true;
474
  $this->request->setCategory(BVWPRequest::RULE_ALLOWED);
475
  return;
476
  case "BLOCK":
477
+ if ($this->config->isProtecting()) {
478
+ $this->terminateRequest(BVWPRequest::RULE_BLOCKED);
479
+ }
480
  return;
481
  case "INSPECT":
482
  $this->inspectRequest();
483
  break;
 
 
 
 
 
 
 
 
 
484
  }
485
  }
486
  }
487
 
488
+ function isWPLoaded() {
489
+ return defined('BVWPLOADED');
490
+ }
491
+
492
+ function getCurrentWPUser() {
493
+ if (!$this->isWPLoaded()) {
494
+ return;
495
+ }
496
+ if (!function_exists('wp_get_current_user')) {
497
+ @include_once(ABSPATH . "wp-includes/pluggable.php");
498
+ }
499
+ return wp_get_current_user();
500
+ }
501
+
502
  public function inspectRequest() {
503
  $this->request->updateRulesInfo('inspect', "headers", $this->request->getHeaders());
504
+
505
+ $wp_user = $this->getCurrentWPUser();
506
+ if ($wp_user && isset($wp_user->ID)) {
507
+ $this->request->updateRulesInfo('inspect', "userID", $wp_user->ID);
508
+ }
509
+
510
  $this->request->updateRulesInfo('inspect', "getParams", $this->request->getGetParams());
511
  $this->request->updateRulesInfo('inspect', "postParams", $this->getPostParamsToLog($this->request->getPostParams()));
512
  $this->request->updateRulesInfo('inspect', "cookies", $this->request->getCookies());
protect/fw/request.php CHANGED
@@ -36,6 +36,7 @@ class BVWPRequest {
36
  const USER_BLACKLISTED = 50;
37
  const RULE_BLOCKED = 60;
38
  const RULE_ALLOWED = 70;
 
39
 
40
  public function __construct($ip) {
41
  $fileNames = array();
@@ -180,6 +181,10 @@ class BVWPRequest {
180
  return $this->matchedRules;
181
  }
182
 
 
 
 
 
183
  public function updateReqInfo($info) {
184
  if (is_array($info)) {
185
  $this->reqInfo = $this->reqInfo + $info;
36
  const USER_BLACKLISTED = 50;
37
  const RULE_BLOCKED = 60;
38
  const RULE_ALLOWED = 70;
39
+ const PRIVATEIP = 80;
40
 
41
  public function __construct($ip) {
42
  $fileNames = array();
181
  return $this->matchedRules;
182
  }
183
 
184
+ public function hasMatchedRules() {
185
+ return !empty($this->matchedRules);
186
+ }
187
+
188
  public function updateReqInfo($info) {
189
  if (is_array($info)) {
190
  $this->reqInfo = $this->reqInfo + $info;
protect/fw/rule_evaluator.php CHANGED
@@ -6,10 +6,11 @@ if (!class_exists('BVFWRuleEvaluator')) :
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
- const VERSION = 0.2;
10
 
11
- public function __construct($request) {
12
- $this->request = $request;
 
13
  }
14
 
15
  function getErrors() {
@@ -310,9 +311,8 @@ class BVFWRuleEvaluator {
310
  function evaluateExpression($expr) {
311
  switch ($expr["type"]) {
312
  case "AND" :
313
- $loperand = $this->getValue($expr["left_operand"]);
314
- $roperand = $this->getValue($expr["right_operand"]);
315
- return ($loperand && $roperand);
316
  case "OR" :
317
  $loperand = $this->getValue($expr["left_operand"]);
318
  $roperand = $this->getValue($expr["right_operand"]);
@@ -343,6 +343,111 @@ class BVFWRuleEvaluator {
343
  return $_args;
344
  }
345
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
346
  function executeFunctionCall($func) {
347
  $name = $func["name"];
348
  $handler = array($this, $name);
@@ -367,6 +472,18 @@ class BVFWRuleEvaluator {
367
  return $this->fetchConstantValue($expr["value"]);
368
  case "FUNCTION" :
369
  return $this->executeFunctionCall($expr);
 
 
 
 
 
 
 
 
 
 
 
 
370
  default :
371
  return $this->evaluateExpression($expr);
372
  }
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
+ const VERSION = 0.3;
10
 
11
+ public function __construct($fw) {
12
+ $this->fw = $fw;
13
+ $this->request = $fw->request;
14
  }
15
 
16
  function getErrors() {
311
  function evaluateExpression($expr) {
312
  switch ($expr["type"]) {
313
  case "AND" :
314
+ return ($this->getValue($expr["left_operand"]) &&
315
+ $this->getValue($expr["right_operand"]));
 
316
  case "OR" :
317
  $loperand = $this->getValue($expr["left_operand"]);
318
  $roperand = $this->getValue($expr["right_operand"]);
343
  return $_args;
344
  }
345
 
346
+ function loadPluggable() {
347
+ if (!function_exists('wp_get_current_user')) {
348
+ @include_once(ABSPATH . "wp-includes/pluggable.php");
349
+ }
350
+ }
351
+
352
+ function addWPAction($hook_name, $func_name, $priority, $accepted_args, $config) {
353
+ $this->loadPluggable();
354
+ add_action($hook_name, array($this, $func_name), $priority, $accepted_args);
355
+ $this->setVariable($hook_name, $config);
356
+ return false;
357
+ }
358
+
359
+ function addWPFilter($hook_name, $func_name, $priority, $accepted_args, $config) {
360
+ $this->loadPluggable();
361
+ add_filter($hook_name, array($this, $func_name), $priority, $accepted_args);
362
+ $this->setVariable($hook_name, $config);
363
+ return false;
364
+ }
365
+
366
+ function setVariable($name, $value) {
367
+ $this->{$name} = $value;
368
+ }
369
+
370
+ function getVariable($name) {
371
+ return $this->{$name};
372
+ }
373
+
374
+ function preInsertUpdatePost($maybe_empty, $postarr) {
375
+ $curr_hook = current_filter();
376
+ $config = $this->getVariable($curr_hook);
377
+ $posts_to_consider = $config["posts_to_consider"];
378
+ $rule_id = $config["rule_id"];
379
+ if (in_array($postarr['post_type'], $posts_to_consider)) {
380
+ if ((!empty($postarr['ID']) && !current_user_can("edit_{$postarr['post_type']}", $postarr['ID']))
381
+ || !current_user_can("edit_posts")) {
382
+ $log_data = array($postarr['post_type'], $postarr['ID']);
383
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
384
+ $this->fw->handleMatchedRule($rule_id);
385
+ }
386
+ }
387
+ return false;
388
+ }
389
+
390
+ function preDeletePost($delete, $post) {
391
+ $curr_hook = current_filter();
392
+ $config = $this->getVariable($curr_hook);
393
+ $posts_to_consider = $config["posts_to_consider"];
394
+ $rule_id = $config["rule_id"];
395
+ if (isset($post->post_type) && in_array($post->post_type, $posts_to_consider) &&
396
+ !current_user_can("delete_{$post->post_type}", $post->ID)) {
397
+ $log_data = array($post->post_type, $post->ID);
398
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
399
+ $this->fw->handleMatchedRule($rule_id);
400
+ }
401
+ }
402
+
403
+ function preUserCreation($user_login) {
404
+ $curr_hook = current_filter();
405
+ $config = $this->getVariable($curr_hook);
406
+ $rule_id = $config["rule_id"];
407
+ if (!username_exists($user_login) && !current_user_can('create_users')) {
408
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $user_login);
409
+ $this->fw->handleMatchedRule($rule_id);
410
+ }
411
+ return $user_login;
412
+ }
413
+
414
+ function preDeleteUser($id, $reassign, $user) {
415
+ $curr_hook = current_filter();
416
+ $config = $this->getVariable($curr_hook);
417
+ $rule_id = $config["rule_id"];
418
+ if (!current_user_can('delete_users')) {
419
+ $log_data = array($id, $reassign, array("ID" => $user->ID,
420
+ "username" => $user->user_login,
421
+ "user_email" => $user->user_email,
422
+ "caps" => $user->allcaps,
423
+ "roles" => $user->roles));
424
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
425
+ $this->fw->handleMatchedRule($rule_id);
426
+ }
427
+ }
428
+
429
+ function handleOption($option, $log_data) {
430
+ $curr_hook = current_filter();
431
+ $config = $this->getVariable($curr_hook);
432
+ $options_to_consider = $config["options_to_consider"];
433
+ $rule_id = $config["rule_id"];
434
+ if (in_array($option, $options_to_consider) && !current_user_can('manage_options')) {
435
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
436
+ $this->fw->handleMatchedRule($rule_id);
437
+ }
438
+ }
439
+
440
+ function preUpdateOption($value, $option, $old_value) {
441
+ $log_data = array($value, $option, $old_value);
442
+ $this->handleOption($option, $log_data);
443
+ return $value;
444
+ }
445
+
446
+ function preDeleteOption($option) {
447
+ $this->handleOption($option, $option);
448
+ return $option;
449
+ }
450
+
451
  function executeFunctionCall($func) {
452
  $name = $func["name"];
453
  $handler = array($this, $name);
472
  return $this->fetchConstantValue($expr["value"]);
473
  case "FUNCTION" :
474
  return $this->executeFunctionCall($expr);
475
+ case "ARRAY" :
476
+ $arr = array();
477
+ foreach ($expr["value"] as $element) {
478
+ $arr[] = $this->getValue($element);
479
+ }
480
+ return $arr;
481
+ case "HASH" :
482
+ $hash = array();
483
+ foreach($expr["value"] as $key => $value) {
484
+ $hash[strval($key)] = $value;
485
+ }
486
+ return $hash;
487
  default :
488
  return $this->evaluateExpression($expr);
489
  }
protect/prepend/protect.php CHANGED
@@ -58,7 +58,7 @@ require_once dirname( __FILE__ ) . '/logger.php';
58
  $fwlogger = new BVPrependLogger();
59
 
60
  $fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
61
- $fw = new BVFW($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $mcRuleSet);
62
 
63
  if ($fw->isActive()) {
64
 
@@ -69,7 +69,8 @@ require_once dirname( __FILE__ ) . '/logger.php';
69
  register_shutdown_function(array($fw, 'log'));
70
 
71
  $fw->execute();
72
- define('MCFWLOADED', true);
 
73
  }
74
 
75
  return true;
58
  $fwlogger = new BVPrependLogger();
59
 
60
  $fwConfHash = array_key_exists('fw', $mcConf) ? $mcConf['fw'] : array();
61
+ $fw = BVFW::getInstance($fwlogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $mcRuleSet);
62
 
63
  if ($fw->isActive()) {
64
 
69
  register_shutdown_function(array($fw, 'log'));
70
 
71
  $fw->execute();
72
+ $fw->executeRules();
73
+ define('MCWAFLOADED', true);
74
  }
75
 
76
  return true;
protect/wp/ipstore.php CHANGED
@@ -27,55 +27,6 @@ if (!class_exists('BVIPStore')) :
27
  $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
30
- public function hasIPv6Support() {
31
- return defined('AF_INET6');
32
- }
33
-
34
- public static function isValidIP($ip) {
35
- return filter_var($ip, FILTER_VALIDATE_IP) !== false;
36
- }
37
-
38
- public function bvInetPton($ip) {
39
- $pton = $this->isValidIP($ip) ? ($this->hasIPv6Support() ? inet_pton($ip) : $this->_bvInetPton($ip)) : false;
40
- return $pton;
41
- }
42
-
43
- public function _bvInetPton($ip) {
44
- if (preg_match('/^(?:\d{1,3}(?:\.|$)){4}/', $ip)) {
45
- $octets = explode('.', $ip);
46
- $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
47
- return $bin;
48
- }
49
-
50
- if (preg_match('/^((?:[\da-f]{1,4}(?::|)){0,8})(::)?((?:[\da-f]{1,4}(?::|)){0,8})$/i', $ip)) {
51
- if ($ip === '::') {
52
- return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
53
- }
54
- $colon_count = substr_count($ip, ':');
55
- $dbl_colon_pos = strpos($ip, '::');
56
- if ($dbl_colon_pos !== false) {
57
- $ip = str_replace('::', str_repeat(':0000',
58
- (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
59
- $ip = trim($ip, ':');
60
- }
61
-
62
- $ip_groups = explode(':', $ip);
63
- $ipv6_bin = '';
64
- foreach ($ip_groups as $ip_group) {
65
- $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
66
- }
67
-
68
- return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
69
- }
70
-
71
- if (preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:|(?:0{1,4}\:){5})ffff\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i', $ip, $matches)) {
72
- $octets = explode('.', $matches[1]);
73
- return chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
74
- }
75
-
76
- return false;
77
- }
78
-
79
  public function isLPIPBlacklisted($ip) {
80
  return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
81
  }
@@ -97,7 +48,7 @@ if (!class_exists('BVIPStore')) :
97
  $db = $this->db;
98
  $table = $db->getBVTable(BVIPStore::$name);
99
  if ($db->isTablePresent($table)) {
100
- $binIP = $this->bvInetPton($ip);
101
  if ($binIP !== false) {
102
  $category_str = ($category == BVIPStore::FW) ? "`is_fw` = true" : "`is_lp` = true";
103
  $query_str = "SELECT * FROM $table WHERE %s >= `start_ip_range` && %s <= `end_ip_range` && " . $category_str . " && `type` = %d LIMIT 1;";
27
  $this->db->dropBVTable(BVIPStore::$name);
28
  }
29
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
  public function isLPIPBlacklisted($ip) {
31
  return $this->checkIPPresent($ip, BVIPStore::BLACKLISTED, BVIPStore::LP);
32
  }
48
  $db = $this->db;
49
  $table = $db->getBVTable(BVIPStore::$name);
50
  if ($db->isTablePresent($table)) {
51
+ $binIP = BVProtectBase::bvInetPton($ip);
52
  if ($binIP !== false) {
53
  $category_str = ($category == BVIPStore::FW) ? "`is_fw` = true" : "`is_lp` = true";
54
  $query_str = "SELECT * FROM $table WHERE %s >= `start_ip_range` && %s <= `end_ip_range` && " . $category_str . " && `type` = %d LIMIT 1;";
protect/wp/lp/lp.php CHANGED
@@ -31,6 +31,7 @@ class BVWPLP {
31
  const BLACKLISTED = 5;
32
  const BYPASSED = 6;
33
  const ALLOWED = 7;
 
34
 
35
  public function __construct($db, $settings, $ip, $ipstore, $confHash) {
36
  $this->db = $db;
@@ -199,6 +200,8 @@ class BVWPLP {
199
  $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip, $this->getFailedLoginGap());
200
  if ($this->isWhitelistedIP()) {
201
  $this->setCategory(BVWPLP::BYPASSED);
 
 
202
  } else if ($this->isBlacklistedIP()) {
203
  $this->setCategory(BVWPLP::BLACKLISTED);
204
  $this->terminateLogin();
31
  const BLACKLISTED = 5;
32
  const BYPASSED = 6;
33
  const ALLOWED = 7;
34
+ const PRIVATEIP = 8;
35
 
36
  public function __construct($db, $settings, $ip, $ipstore, $confHash) {
37
  $this->db = $db;
200
  $failed_attempts = $this->getLoginCount(BVWPLP::LOGINFAILURE, $this->ip, $this->getFailedLoginGap());
201
  if ($this->isWhitelistedIP()) {
202
  $this->setCategory(BVWPLP::BYPASSED);
203
+ } else if (BVProtectBase::isPrivateIP($this->ip)) {
204
+ $this->setCategory(BVWPLP::PRIVATEIP);
205
  } else if ($this->isBlacklistedIP()) {
206
  $this->setCategory(BVWPLP::BLACKLISTED);
207
  $this->terminateLogin();
protect/wp/protect.php CHANGED
@@ -28,7 +28,7 @@ class BVProtect {
28
  $bvipstore = new BVIPStore($this->db);
29
  $bvipstore->init();
30
  $bvinfo = new WPRInfo($this->settings);
31
-
32
  $config = $this->settings->getOption($bvinfo->services_option_name);
33
  if (array_key_exists('protect', $config)) {
34
  $config = $config['protect'];
@@ -38,12 +38,12 @@ class BVProtect {
38
 
39
  $ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
40
  $ip = BVProtectBase::getIP($ipHeader);
41
-
42
  $fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
43
 
44
  $fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
45
  $ruleSet = $this->getRuleSet();
46
- $fw = new BVFW($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $ruleSet);
47
 
48
  if ($fw->isActive()) {
49
 
@@ -51,15 +51,18 @@ class BVProtect {
51
  add_action('init', array($fw, 'setBypassCookie'));
52
  }
53
 
54
- if (!defined('MCFWLOADED') && $fw->canSetIPCookie()) {
55
  $fw->setIPCookie();
56
  }
57
 
58
- if (!defined('MCFWLOADED')) {
 
 
59
  register_shutdown_function(array($fw, 'log'));
60
 
61
  $fw->execute();
62
  }
 
63
  }
64
 
65
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
28
  $bvipstore = new BVIPStore($this->db);
29
  $bvipstore->init();
30
  $bvinfo = new WPRInfo($this->settings);
31
+
32
  $config = $this->settings->getOption($bvinfo->services_option_name);
33
  if (array_key_exists('protect', $config)) {
34
  $config = $config['protect'];
38
 
39
  $ipHeader = array_key_exists('ipheader', $config) ? $config['ipheader'] : false;
40
  $ip = BVProtectBase::getIP($ipHeader);
41
+
42
  $fwLogger = new BVLogger($this->db, BVFWConfig::$requests_table);
43
 
44
  $fwConfHash = array_key_exists('fw', $config) ? $config['fw'] : array();
45
  $ruleSet = $this->getRuleSet();
46
+ $fw = BVFW::getInstance($fwLogger, $fwConfHash, $ip, $bvinfo, $bvipstore, $ruleSet);
47
 
48
  if ($fw->isActive()) {
49
 
51
  add_action('init', array($fw, 'setBypassCookie'));
52
  }
53
 
54
+ if (!defined('MCWAFLOADED') && $fw->canSetIPCookie()) {
55
  $fw->setIPCookie();
56
  }
57
 
58
+ define('BVWPLOADED', true);
59
+
60
+ if (!defined('MCWAFLOADED')) {
61
  register_shutdown_function(array($fw, 'log'));
62
 
63
  $fw->execute();
64
  }
65
+ $fw->executeRules();
66
  }
67
 
68
  $lpConfHash = array_key_exists('lp', $config) ? $config['lp'] : array();
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://app.wpremote.com/home/signup
6
  Requires at least: 4.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.4.0
9
- Stable tag: 4.76
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
@@ -32,6 +32,12 @@ You can email us at support@wpremote.com for support.
32
  3. Sign up for an account at wpremote.com and add your site.
33
 
34
  == CHANGELOG ==
 
 
 
 
 
 
35
  = 4.76 =
36
  * Improvements in fetching file stats
37
 
6
  Requires at least: 4.0
7
  Tested up to: 5.9
8
  Requires PHP: 5.4.0
9
+ Stable tag: 4.77
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
32
  3. Sign up for an account at wpremote.com and add your site.
33
 
34
  == CHANGELOG ==
35
+ = 4.77 =
36
+ * Improved the landing pages.
37
+ * Enhanced future vulnerability protection
38
+ * IP Blocking Improvements
39
+ * Improved firewall configuration for migrations
40
+
41
  = 4.76 =
42
  * Improvements in fetching file stats
43