The WP Remote WordPress Plugin - Version 4.82

Version Description

  • Firewall Improvements
  • Real-time Improvements
Download this release

Release Info

Developer ritesh.soni36
Plugin Icon 128x128 The WP Remote WordPress Plugin
Version 4.82
Comparing to
See all releases

Code changes from version 4.81 to 4.82

Files changed (9) hide show
  1. callback/wings/db.php +11 -0
  2. info.php +1 -1
  3. plugin.php +1 -1
  4. protect/fw/fw.php +8 -8
  5. protect/fw/request.php +9 -0
  6. protect/fw/rule_evaluator.php +67 -12
  7. readme.txt +8 -4
  8. wp_dynsync.php +20 -33
  9. wp_site_info.php +2 -2
callback/wings/db.php CHANGED
@@ -122,6 +122,14 @@ class BVDBCallback extends BVCallbackBase {
122
  return $resp;
123
  }
124
 
 
 
 
 
 
 
 
 
125
  public function process($request) {
126
  $db = $this->db;
127
  $params = $request->params;
@@ -285,6 +293,9 @@ class BVDBCallback extends BVCallbackBase {
285
  case "altrtbl":
286
  $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
287
  break;
 
 
 
288
  case "tbls":
289
  $resp = array();
290
 
122
  return $resp;
123
  }
124
 
125
+ public function multiGetResult($queries) {
126
+ $resp = array();
127
+ foreach($queries as $query) {
128
+ array_push($resp, $this->db->getResult($query));
129
+ }
130
+ return $resp;
131
+ }
132
+
133
  public function process($request) {
134
  $db = $this->db;
135
  $params = $request->params;
293
  case "altrtbl":
294
  $resp = array("altrtbl" => $db->alterBVTable($params['query'], $params['query']));
295
  break;
296
+ case "mltigtrslt":
297
+ $resp = array("mltigtrslt" => $this->multiGetResult($params['queries']));
298
+ break;
299
  case "tbls":
300
  $resp = array();
301
 
info.php CHANGED
@@ -10,7 +10,7 @@ if (!class_exists('WPRInfo')) :
10
  public $badgeinfo = 'wprbadge';
11
  public $ip_header_option = 'wpripheader';
12
  public $brand_option = 'wprbrand';
13
- public $version = '4.81';
14
  public $webpage = 'https://wpremote.com';
15
  public $appurl = 'https://app.wpremote.com';
16
  public $slug = 'wpremote/plugin.php';
10
  public $badgeinfo = 'wprbadge';
11
  public $ip_header_option = 'wpripheader';
12
  public $brand_option = 'wprbrand';
13
+ public $version = '4.82';
14
  public $webpage = 'https://wpremote.com';
15
  public $appurl = 'https://app.wpremote.com';
16
  public $slug = 'wpremote/plugin.php';
plugin.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://wpremote.com
5
  Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
6
  Author: WP Remote
7
  Author URI: https://wpremote.com
8
- Version: 4.81
9
  Network: True
10
  */
11
 
5
  Description: Manage your WordPress site with <a href="https://wpremote.com/">WP Remote</a>.
6
  Author: WP Remote
7
  Author URI: https://wpremote.com
8
+ Version: 4.82
9
  Network: True
10
  */
11
 
protect/fw/fw.php CHANGED
@@ -250,20 +250,20 @@ class BVFW {
250
  public function execute() {
251
  if ($this->config->canProfileReqInfo()) {
252
  $result = array();
253
-
254
- if ($this->request->getMethod() === 'POST' &&
255
- preg_match('/(admin-ajax.php|admin-post.php)$/', $this->request->getPath())) {
256
- $result += $this->profileRequestInfo(array("action" => $this->request->getPostParams('action')),
257
- true, 'BODY[');
258
  }
259
  $result += $this->profileRequestInfo($this->request->getPostParams(),
260
- $this->config->isReqProfilingModeDebug(), 'BODY[');
261
  $result += $this->profileRequestInfo($this->request->getGetParams(),
262
  true, 'GET[');
263
  $result += $this->profileRequestInfo($this->request->getFiles(),
264
  true, 'FILES[');
265
- $result += $this->profileRequestInfo($this->getBVCookies(),
266
- true, 'COOKIES[');
267
  $this->request->updateReqInfo($result);
268
  }
269
 
250
  public function execute() {
251
  if ($this->config->canProfileReqInfo()) {
252
  $result = array();
253
+ $has_debug_mode = $this->config->isReqProfilingModeDebug();
254
+ $action = $this->request->getAction();
255
+ if (isset($action)) {
256
+ $result += $this->profileRequestInfo(array("action" => $action),
257
+ true, 'ACTION[');
258
  }
259
  $result += $this->profileRequestInfo($this->request->getPostParams(),
260
+ $has_debug_mode, 'BODY[');
261
  $result += $this->profileRequestInfo($this->request->getGetParams(),
262
  true, 'GET[');
263
  $result += $this->profileRequestInfo($this->request->getFiles(),
264
  true, 'FILES[');
265
+ $cookies = $has_debug_mode ? $this->request->getCookies() : $this->getBVCookies();
266
+ $result += $this->profileRequestInfo($cookies, true, 'COOKIES[');
267
  $this->request->updateReqInfo($result);
268
  }
269
 
protect/fw/request.php CHANGED
@@ -319,6 +319,15 @@ class BVWPRequest {
319
  return $this->uri;
320
  }
321
 
 
 
 
 
 
 
 
 
 
322
  public function getPath() {
323
  return $this->path;
324
  }
319
  return $this->uri;
320
  }
321
 
322
+ public function getAction() {
323
+ $post_action = $this->getPostParams('action');
324
+ if (isset($post_action)) {
325
+ return $post_action;
326
+ } else {
327
+ return $this->getGetParams('action');
328
+ }
329
+ }
330
+
331
  public function getPath() {
332
  return $this->path;
333
  }
protect/fw/rule_evaluator.php CHANGED
@@ -6,7 +6,7 @@ if (!class_exists('BVFWRuleEvaluator')) :
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
- const VERSION = 0.3;
10
 
11
  public function __construct($fw) {
12
  $this->fw = $fw;
@@ -99,15 +99,30 @@ class BVFWRuleEvaluator {
99
  }
100
 
101
  // ================================ Functions to perform operations ========================================
102
- function contains($val, $subject) {
103
- if (is_array($val)) {
104
- return in_array($val, $subject);
105
  }
106
- return strpos((string) $subject, (string) $val) !== false;
 
 
107
  }
108
 
109
- function notContains($val, $subject) {
110
- return !$this->contains($val, $subject);
 
 
 
 
 
 
 
 
 
 
 
 
 
111
  }
112
 
113
  function match($pattern, $subject) {
@@ -206,6 +221,10 @@ class BVFWRuleEvaluator {
206
  return (md5((string) $subject) === $val);
207
  }
208
 
 
 
 
 
209
  function compareMultipleSubjects($func, $args, $subjects) {
210
  // TODO
211
  }
@@ -215,6 +234,10 @@ class BVFWRuleEvaluator {
215
  return $this->request->getReqInfo($key);
216
  }
217
 
 
 
 
 
218
  function getPath() {
219
  return $this->request->getPath();
220
  }
@@ -314,9 +337,8 @@ class BVFWRuleEvaluator {
314
  return ($this->getValue($expr["left_operand"]) &&
315
  $this->getValue($expr["right_operand"]));
316
  case "OR" :
317
- $loperand = $this->getValue($expr["left_operand"]);
318
- $roperand = $this->getValue($expr["right_operand"]);
319
- return ($loperand || $roperand);
320
  case "NOT" :
321
  return !$this->getValue($expr["value"]);
322
  case "FUNCTION" :
@@ -400,6 +422,37 @@ class BVFWRuleEvaluator {
400
  }
401
  }
402
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
403
  function preUserCreation($user_login) {
404
  $curr_hook = current_filter();
405
  $config = $this->getVariable($curr_hook);
@@ -438,8 +491,10 @@ class BVFWRuleEvaluator {
438
  }
439
 
440
  function preUpdateOption($value, $option, $old_value) {
441
- $log_data = array($value, $option, $old_value);
442
- $this->handleOption($option, $log_data);
 
 
443
  return $value;
444
  }
445
 
6
  class BVFWRuleEvaluator {
7
  private $request;
8
 
9
+ const VERSION = 0.4;
10
 
11
  public function __construct($fw) {
12
  $this->fw = $fw;
99
  }
100
 
101
  // ================================ Functions to perform operations ========================================
102
+ function inArray($element, $array) {
103
+ if (is_array($array)) {
104
+ return in_array($element, $array);
105
  }
106
+
107
+ array_push($this->errors, array("inArray", "Expects an array"));
108
+ return false;
109
  }
110
 
111
+ function isSubstring($string, $substring) {
112
+ return strpos((string) $string, (string) $substring) !== false;
113
+ }
114
+
115
+ function containsAnySubstring($string, $array_of_substrings) {
116
+ if (is_array($array_of_substrings)) {
117
+ foreach ($array_of_substrings as $i => $substring) {
118
+ if ($this->isSubstring($string, $substring)) {
119
+ return true;
120
+ }
121
+ }
122
+ } else {
123
+ array_push($this->errors, array("containsAnySubstring", "Expects an array of substrings."));
124
+ }
125
+ return false;
126
  }
127
 
128
  function match($pattern, $subject) {
221
  return (md5((string) $subject) === $val);
222
  }
223
 
224
+ function matchActions($actions) {
225
+ return $this->inArray($this->getAction(), $actions);
226
+ }
227
+
228
  function compareMultipleSubjects($func, $args, $subjects) {
229
  // TODO
230
  }
234
  return $this->request->getReqInfo($key);
235
  }
236
 
237
+ function getAction() {
238
+ return $this->request->getAction();
239
+ }
240
+
241
  function getPath() {
242
  return $this->request->getPath();
243
  }
337
  return ($this->getValue($expr["left_operand"]) &&
338
  $this->getValue($expr["right_operand"]));
339
  case "OR" :
340
+ return ($this->getValue($expr["left_operand"]) ||
341
+ $this->getValue($expr["right_operand"]));
 
342
  case "NOT" :
343
  return !$this->getValue($expr["value"]);
344
  case "FUNCTION" :
422
  }
423
  }
424
 
425
+ function preUserCreationV2($meta, $user, $update, $userdata) {
426
+ $curr_hook = current_filter();
427
+ $config = $this->getVariable($curr_hook);
428
+ $rule_id = $config["rule_id"];
429
+ $username = sanitize_user($userdata['user_login'], true);
430
+ $roles_not_allowed = $config["roles_not_allowed"];
431
+
432
+ if (!$update && !current_user_can('create_users') &&
433
+ (isset($userdata['role']) && in_array($userdata['role'], $roles_not_allowed))) {
434
+ $log_data = array($user->ID, $username, $userdata['role']);
435
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
436
+ $this->fw->handleMatchedRule($rule_id);
437
+ }
438
+ return $meta;
439
+ }
440
+
441
+ function preDeletePostV2($delete, $post) {
442
+ $curr_hook = current_filter();
443
+ $config = $this->getVariable($curr_hook);
444
+ $posts_to_consider = $config["posts_to_consider"];
445
+ $rule_id = $config["rule_id"];
446
+
447
+ if (isset($post->post_type) && isset($post->post_status) &&
448
+ in_array(array($post->post_type, $post->post_status), $posts_to_consider) &&
449
+ !current_user_can("delete_{$post->post_type}", $post->ID)) {
450
+ $log_data = array($post->ID, $post->post_type, $post->status);
451
+ $this->request->updateRulesInfo("wp_hook_info", $curr_hook, $log_data);
452
+ $this->fw->handleMatchedRule($rule_id);
453
+ }
454
+ }
455
+
456
  function preUserCreation($user_login) {
457
  $curr_hook = current_filter();
458
  $config = $this->getVariable($curr_hook);
491
  }
492
 
493
  function preUpdateOption($value, $option, $old_value) {
494
+ if ($value !== $old_value && maybe_serialize($value) !== maybe_serialize($old_value)) {
495
+ $log_data = array($option, $value, $old_value);
496
+ $this->handleOption($option, $log_data);
497
+ }
498
  return $value;
499
  }
500
 
readme.txt CHANGED
@@ -2,16 +2,16 @@
2
  Contributors: BlogVault Backup
3
  Tags: wpremote, remote administration, multiple wordpress, backup, wordpress backup
4
  Plugin URI: https://wpremote.com/
5
- Donate link: https://app.wpremote.com/home/signup
6
  Requires at least: 4.0
7
- Tested up to: 6.0
8
  Requires PHP: 5.4.0
9
- Stable tag: 4.81
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
13
  == DESCRIPTION ==
14
- The WP Remote WordPress Plugin works with [WP Remote](https://app.wpremote.com/) to enable you to remotely manage and update all your WordPress sites.
15
  WP Remote has been acquired by BlogVault.
16
 
17
  = Features =
@@ -32,6 +32,10 @@ You can email us at support@wpremote.com for support.
32
  3. Sign up for an account at wpremote.com and add your site.
33
 
34
  == CHANGELOG ==
 
 
 
 
35
  = 4.81 =
36
  * Improving coding standards
37
 
2
  Contributors: BlogVault Backup
3
  Tags: wpremote, remote administration, multiple wordpress, backup, wordpress backup
4
  Plugin URI: https://wpremote.com/
5
+ Donate link: https://wpremote.com/
6
  Requires at least: 4.0
7
+ Tested up to: 6.1
8
  Requires PHP: 5.4.0
9
+ Stable tag: 4.82
10
  License: GPLv2 or later
11
  License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
12
 
13
  == DESCRIPTION ==
14
+ The WP Remote WordPress Plugin works with [WP Remote](https://wpremote.com/) to enable you to remotely manage and update all your WordPress sites.
15
  WP Remote has been acquired by BlogVault.
16
 
17
  = Features =
32
  3. Sign up for an account at wpremote.com and add your site.
33
 
34
  == CHANGELOG ==
35
+ = 4.82 =
36
+ * Firewall Improvements
37
+ * Real-time Improvements
38
+
39
  = 4.81 =
40
  * Improving coding standards
41
 
wp_dynsync.php CHANGED
@@ -48,24 +48,21 @@ class BVWPDynSync {
48
  }
49
 
50
  function get_ignored_postmeta() {
51
- $defaults = array(
52
- '_excluded_links'
53
- );
54
  $ignored_postmeta = $this->ignored_events['postmeta'];
55
  if (empty($ignored_postmeta)) {
56
  $ignored_postmeta = array();
57
  }
58
- return array_unique(array_merge($defaults, $ignored_postmeta));
59
  }
60
 
61
  function postmeta_insert_handler($meta_id, $post_id, $meta_key, $meta_value='') {
62
- if (in_array($meta_key, $this->get_ignored_postmeta(), true))
63
  return;
64
  $this->add_db_event('postmeta', array('meta_id' => $meta_id));
65
  }
66
 
67
  function postmeta_modification_handler($meta_id, $object_id, $meta_key, $meta_value) {
68
- if (in_array($meta_key, $this->get_ignored_postmeta(), true))
69
  return;
70
  if (!is_array($meta_id))
71
  return $this->add_db_event('postmeta', array('meta_id' => $meta_id));
@@ -75,7 +72,7 @@ class BVWPDynSync {
75
  }
76
 
77
  function postmeta_action_handler($meta_id, $post_id = null, $meta_key = null) {
78
- if (in_array($meta_key, $this->get_ignored_postmeta(), true))
79
  return;
80
  if ( !is_array($meta_id) )
81
  return $this->add_db_event('postmeta', array('meta_id' => $meta_id));
@@ -189,37 +186,27 @@ class BVWPDynSync {
189
  }
190
 
191
  function get_ignored_options() {
192
- $defaults = array(
193
- 'cron',
194
- 'wpsupercache_gc_time',
195
- 'rewrite_rules',
196
- 'akismet_spam_count',
197
- 'iwp_client_user_hit_count',
198
- '_disqus_sync_lock',
199
- 'stats_cache'
200
- );
201
  $ignored_options = $this->ignored_events['options'];
202
  if (empty($ignored_options)) {
203
  $ignored_options = array();
204
  }
205
- return array_unique(array_merge($defaults, $ignored_options));
206
  }
207
 
208
- function get_ping_permission($option_name) {
209
- $ping_permitted = true;
210
- $ignored_options = $this->get_ignored_options();
211
- foreach($ignored_options as $val) {
212
  if ($val[0] == '/') {
213
- if (preg_match($val, $option_name))
214
- $ping_permitted = false;
215
  } else {
216
- if ($val == $option_name)
217
- $ping_permitted = false;
218
  }
219
- if (!$ping_permitted)
220
  break;
221
  }
222
- return $ping_permitted;
223
  }
224
 
225
  function option_handler($option_name) {
@@ -227,8 +214,8 @@ class BVWPDynSync {
227
  $msg_type = 'delete';
228
  else
229
  $msg_type = 'edit';
230
- $ping_permitted = $this->get_ping_permission($option_name);
231
- if ($ping_permitted)
232
  $this->add_db_event('options', array('option_name' => $option_name, 'msg_type' => $msg_type));
233
  return $option_name;
234
  }
@@ -258,11 +245,11 @@ class BVWPDynSync {
258
  }
259
 
260
  function sitemeta_handler($option) {
261
- $ping_permitted = $this->get_ping_permission($option);
262
- if ($ping_permitted && is_multisite()) {
263
  $this->add_db_event('sitemeta', array('site_id' => $this->db->getSiteId(), 'meta_key' => $option));
264
  }
265
- return $ping_permitted;
266
  }
267
 
268
  /* WOOCOMMERCE SUPPORT FUNCTIONS BEGINS FROM HERE*/
@@ -559,7 +546,7 @@ class BVWPDynSync {
559
  add_action('edit_attachment', array($this, 'post_action_handler'));
560
  add_action('add_attachment', array($this, 'post_action_handler'));
561
  add_action('delete_attachment', array($this, 'post_action_handler'));
562
- add_action('private_to_published', array($this, 'post_action_handler'));
563
  add_action('wp_restore_post_revision', array($this, 'post_action_handler'));
564
 
565
  /* CAPTURING EVENTS FOR WP_POSTMETA TABLE */
48
  }
49
 
50
  function get_ignored_postmeta() {
 
 
 
51
  $ignored_postmeta = $this->ignored_events['postmeta'];
52
  if (empty($ignored_postmeta)) {
53
  $ignored_postmeta = array();
54
  }
55
+ return array_unique($ignored_postmeta);
56
  }
57
 
58
  function postmeta_insert_handler($meta_id, $post_id, $meta_key, $meta_value='') {
59
+ if ($this->is_key_ignored($this->get_ignored_postmeta(), $meta_key))
60
  return;
61
  $this->add_db_event('postmeta', array('meta_id' => $meta_id));
62
  }
63
 
64
  function postmeta_modification_handler($meta_id, $object_id, $meta_key, $meta_value) {
65
+ if ($this->is_key_ignored($this->get_ignored_postmeta(), $meta_key))
66
  return;
67
  if (!is_array($meta_id))
68
  return $this->add_db_event('postmeta', array('meta_id' => $meta_id));
72
  }
73
 
74
  function postmeta_action_handler($meta_id, $post_id = null, $meta_key = null) {
75
+ if ($this->is_key_ignored($this->get_ignored_postmeta(), $meta_key))
76
  return;
77
  if ( !is_array($meta_id) )
78
  return $this->add_db_event('postmeta', array('meta_id' => $meta_id));
186
  }
187
 
188
  function get_ignored_options() {
 
 
 
 
 
 
 
 
 
189
  $ignored_options = $this->ignored_events['options'];
190
  if (empty($ignored_options)) {
191
  $ignored_options = array();
192
  }
193
+ return array_unique($ignored_options);
194
  }
195
 
196
+ function is_key_ignored($ignored_keys, $value) {
197
+ $is_ignored = false;
198
+ foreach($ignored_keys as $val) {
 
199
  if ($val[0] == '/') {
200
+ if (preg_match($val, $value))
201
+ $is_ignored = true;
202
  } else {
203
+ if ($val == $value)
204
+ $is_ignored = true;
205
  }
206
+ if ($is_ignored)
207
  break;
208
  }
209
+ return $is_ignored;
210
  }
211
 
212
  function option_handler($option_name) {
214
  $msg_type = 'delete';
215
  else
216
  $msg_type = 'edit';
217
+ $is_ignored = $this->is_key_ignored($this->get_ignored_options(), $option_name);
218
+ if (!$is_ignored)
219
  $this->add_db_event('options', array('option_name' => $option_name, 'msg_type' => $msg_type));
220
  return $option_name;
221
  }
245
  }
246
 
247
  function sitemeta_handler($option) {
248
+ $is_ignored = $this->is_key_ignored($this->get_ignored_options(), $option);
249
+ if (!$is_ignored && is_multisite()) {
250
  $this->add_db_event('sitemeta', array('site_id' => $this->db->getSiteId(), 'meta_key' => $option));
251
  }
252
+ return !$is_ignored;
253
  }
254
 
255
  /* WOOCOMMERCE SUPPORT FUNCTIONS BEGINS FROM HERE*/
546
  add_action('edit_attachment', array($this, 'post_action_handler'));
547
  add_action('add_attachment', array($this, 'post_action_handler'));
548
  add_action('delete_attachment', array($this, 'post_action_handler'));
549
+ add_action('private_to_publish', array($this, 'post_action_handler'));
550
  add_action('wp_restore_post_revision', array($this, 'post_action_handler'));
551
 
552
  /* CAPTURING EVENTS FOR WP_POSTMETA TABLE */
wp_site_info.php CHANGED
@@ -28,8 +28,8 @@ class WPRWPSiteInfo {
28
  }
29
 
30
  public function isMultisite() {
31
- if (function_exists('is_multisite'))
32
- return is_multisite();
33
  return false;
34
  }
35
 
28
  }
29
 
30
  public function isMultisite() {
31
+ if (function_exists('is_multisite') && is_multisite())
32
+ return true;
33
  return false;
34
  }
35