Changeset 2378681

Timestamp:

09/10/2020 12:15:35 PM (6 years ago)

Author:

akshatc

Message:

Disabling deactivate for botprotection accounts/Disconnect functionality through wpcli

Location:

malcare-security/trunk

Files:

• account.php (modified) (3 diffs)
• callback/wings/account.php (modified) (2 diffs)
• callback/wings/db.php (modified) (1 diff)
• callback/wings/fs.php (modified) (4 diffs)
• callback/wings/misc.php (modified) (1 diff)
• info.php (modified) (3 diffs)
• malcare.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)
• wp_admin.php (modified) (6 diffs)
• wp_cli.php (modified) (4 diffs)

malcare-security/trunk/account.php

@@ -85 +85 @@
         }
 
+        public static function accountsByType($settings, $account_type) {
+            $accounts = self::allAccounts($settings);
+            $accounts_by_type = array();
+            foreach ($accounts as $pubkey => $value) {
+                if (array_key_exists('account_type', $value) && $value['account_type'] === $account_type) {
+                    $accounts_by_type[$pubkey] = $value;
+                }
+            }
+            return $accounts_by_type;
+        }
+
+        public static function accountsByGid($settings, $account_gid) {
+            $accounts = self::allAccounts($settings);
+            $accounts_by_gid = array();
+            foreach ($accounts as $pubkey => $value) {
+                if (array_key_exists('account_gid', $value) && $value['account_gid'] === $account_gid) {
+                    $accounts_by_gid[$pubkey] = $value;
+                }
+            }
+            return $accounts_by_gid;
+        }
+
+        public static function accountsByPattern($settings, $search_key, $search_pattern) {
+            $accounts = self::allAccounts($settings);
+            $accounts_by_pattern = array();
+            foreach ($accounts as $pubkey => $value) {
+                if (array_key_exists($search_key, $value) && preg_match($search_pattern, $value[$search_key]) == 1) {
+                    $accounts_by_pattern[$pubkey] = $value;
+                }
+            }
+            return $accounts_by_pattern;
+        }
+
         public static function isConfigured($settings) {
             $accounts = self::accountsByPlugname($settings);
@@ -156 +189 @@
             return 1;
         }
-    
+
         public function updateInfo($info) {
             $accounts = self::allAccounts($this->settings);
-            $plugname = self::getPlugName($this->settings);
+            $plugname = $info["plugname"];
+            $account_type = $info["account_type"];
             $pubkey = $info['pubkey'];
             if (!array_key_exists($pubkey, $accounts)) {
                 $accounts[$pubkey] = array();
             }
+            if (array_key_exists('secret', $info)) {
+                $accounts[$pubkey]['secret'] = $info['secret'];
+            }
+            $accounts[$pubkey]['account_gid'] = $info['account_gid'];
             $accounts[$pubkey]['lastbackuptime'] = time();
             $accounts[$pubkey][$plugname] = true;
+            $accounts[$pubkey]['account_type'] = $account_type;
             $accounts[$pubkey]['url'] = $info['url'];
             $accounts[$pubkey]['email'] = $info['email'];
@@ -181 +220 @@
         }
 
+        public static function removeByAccountType($settings, $account_type) {
+            $accounts = MCAccount::accountsByType($settings, $account_type);
+            if (sizeof($accounts) >= 1) {
+                foreach ($accounts as $pubkey => $value) {
+                    MCAccount::remove($settings, $pubkey);
+                }
+                return true;
+            }
+            return false;
+        }
+
+        public static function removeByAccountGid($settings, $account_gid) {
+            $accounts = MCAccount::accountsByGid($settings, $account_gid);
+            if (sizeof($accounts) >= 1) {
+                foreach ($accounts as $pubkey => $value) {
+                    MCAccount::remove($settings, $pubkey);
+                }
+                return true;
+            }
+            return false;
+        }
+
         public static function exists($settings, $pubkey) {
             $accounts = self::allAccounts($settings);

malcare-security/trunk/callback/wings/account.php

@@ -25 +25 @@
             break;
         case "updt":
-            $info = array();
-            $info['email'] = $params['email'];
-            $info['url'] = $params['url'];
-            $info['pubkey'] = $params['pubkey'];
-            $account->updateInfo($info);
+            $account->updateInfo($params);
             $resp = array("status" => MCAccount::exists($this->settings, $params['pubkey']));
             break;
@@ -36 +32 @@
             $resp = array("status" => $this->settings->getOption(MCAccount::$api_public_key));
             break;
-        case "rmdefsec":
-            $resp = array("status" => $settings->deleteOption('bvDefaultSecret'));
+        case "rmbvscrt":
+            $resp = array("status" => $settings->deleteOption('bvSecretKey'));
             break;
         case "rmbvkeys":

malcare-security/trunk/callback/wings/db.php

@@ -70 +70 @@
         $stream_init_info = BVStream::startStream($this->account, $request);
 
-        if(MCWPSiteInfo::isCWServer() && !$this->bvinfo->isManualSignup()) {
+        if($this->bvinfo->canSetCWBranding()) {
             $bv_table = $params['table'];
             if (!empty($bv_table)) {

malcare-security/trunk/callback/wings/fs.php

@@ -13 +13 @@
     public function __construct($callback_handler) {
         $this->account = $callback_handler->account;
+        $this->bvinfo = $callback_handler->bvinfo;
     }
 
@@ -27 +28 @@
                 $fdata["link"] = @readlink($absfile);
             }
-            if ($md5 === true) {
+            if ($md5 === true && !is_dir($absfile)) {
                 $fdata["md5"] = $this->calculateMd5($absfile, array(), 0, 0, 0);
             }
@@ -197 +198 @@
                 continue;
             }
-            if ($md5 === true) {
+            if ($md5 === true && !is_dir($absfile)) {
                 $fdata["md5"] = $this->calculateMd5($absfile, $fdata, $offset, $limit, $bsize);
             }
@@ -246 +247 @@
         $params = $request->params;
         $stream_init_info = BVStream::startStream($this->account, $request);
-        
-        
+
+        if($this->bvinfo->canSetCWBranding()) {
+            if(array_key_exists('initdir', $params)) {
+                return $stream_init_info;
+            }
+
+            if (array_key_exists('files', $params)) {
+                $files = $params['files'];
+
+                foreach($files as $file) {
+                    if (!in_array($file, BVFSCallback::$cwAllowedFiles)) {
+                        return $stream_init_info;
+                    }
+                }
+            }
+        }
+
 
         if (array_key_exists('stream', $stream_init_info)) {

malcare-security/trunk/callback/wings/misc.php

@@ -95 +95 @@
             $resp = array("dlttrsnt" => $settings->deleteTransient($params['key']));
             break;
-        case "setmanulsignup":
-            $resp = array("setmanulsignup" => $settings->updateOption("bvmanualsignup", true));
+        case "setbvss":
+            $resp = array("status" => $settings->updateOption('bv_site_settings', $params['bv_site_settings']));
             break;
         default:

malcare-security/trunk/info.php

@@ -10 +10 @@
         public $ip_header_option = 'mcipheader';
         public $brand_option = 'mcbrand';
-        public $version = '4.35';
+        public $version = '4.4';
         public $webpage = 'https://www.malcare.com';
         public $appurl = 'https://app.malcare.com';
@@ -22 +22 @@
         }
 
-        public function isManualSignup() {
-            $scanOption = $this->settings->getOption('bvmanualsignup');
-            return (isset($scanOption) && $scanOption == 1);
+        public function canSetCWBranding() {
+            if (MCWPSiteInfo::isCWServer()) {
+
+                $bot_protect_accounts = MCAccount::accountsByType($this->settings, 'botprotect');
+                if (sizeof($bot_protect_accounts) >= 1)
+                    return true;
+
+                $bot_protect_accounts = MCAccount::accountsByPattern($this->settings, 'email', '/@cw_user\.com$/');
+                if (sizeof($bot_protect_accounts) >= 1)
+                    return true;
+            }
+
+            return false;
         }
 
@@ -37 +47 @@
             }
           $bvinfo = new MCInfo($this->settings);
-if (MCWPSiteInfo::isCWServer() && !$bvinfo->isManualSignup()) {
+if ($bvinfo->canSetCWBranding()) {
                 return "Cloudways";
             }

malcare-security/trunk/malcare.php

@@ -6 +6 @@
 Author: MalCare Security
 Author URI: https://www.malcare.com
-Version: 4.35
+Version: 4.4
 Network: True
  */
@@ -75 +75 @@
     add_action('admin_notices', array($wpadmin, 'activateWarning'));
     add_action('admin_enqueue_scripts', array($wpadmin, 'mcsecAdminMenu'));
+    add_action('plugin_action_links', array($wpadmin, 'disableDeactivation'), 10, 2);
 }
 
@@ -143 +144 @@
 
     ##DYNSYNCMODULE##
+    ##WPAUTOUPDATEBLOCKMODULE##
 }

malcare-security/trunk/readme.txt

@@ -7 +7 @@
 Tested up to: 5.5
 Requires PHP: 5.4.0
-Stable tag: 4.35
+Stable tag: 4.4
 License: GPLv2 or later
 License URI: [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
@@ -391 +391 @@
 
 == CHANGELOG ==
-= 4.35 =
-* Improved scanfiles and filelist api
+= 4.4 =
+* Disabling deactivate for botprotection accounts
+* Disconnect functionality through wpcli with params account_gid and account_type
+* Removed manual signup logic
 
 = 4.33 =

malcare-security/trunk/wp_admin.php

@@ -30 +30 @@
             remove_all_actions('all_admin_notices');
         }
+    }
+
+    public function disableDeactivation($actions, $plugin_file) {
+        if ($this->bvinfo->canSetCWBranding()) {
+            if ( $this->bvinfo->slug === $plugin_file ) {
+                unset( $actions['deactivate'] );
+            }
+        }
+        return $actions;
     }
 
@@ -68 +77 @@
         if ($this->bvinfo->isActivateRedirectSet()) {
             $this->settings->updateOption($this->bvinfo->plug_redirect, 'no');
-            $this->settings->updateOption('bvmanualsignup', true);
             wp_redirect($this->mainUrl());
         }
@@ -106 +114 @@
             array($this, 'showAccountDetailsPage'));
 
-        if (!MCWPSiteInfo::isCWServer() || $this->bvinfo->isManualSignup()) {
+        if (!$this->bvinfo->canSetCWBranding()) {
             $bname = $this->bvinfo->getBrandName();
             $icon = $this->bvinfo->getBrandIcon();
@@ -138 +146 @@
         #XNOTE: Fix this
         if ( $file == plugin_basename( dirname(__FILE__).'/malcare.php' ) ) {
-            if (!MCWPSiteInfo::isCWServer() || $this->bvinfo->isManualSignup()) {
+            if (!$this->bvinfo->canSetCWBranding()) {
                 $settings_link = '<a href="'.$this->mainUrl().'">'.__( 'Settings' ).'</a>';
                 array_unshift($links, $settings_link);
@@ -189 +197 @@
 
     public function showAddAccountPage() {
-        $this->settings->updateOption('bvmanualsignup', true);
         $this->enqueueBootstrapCSS();
         require_once dirname( __FILE__ ) . "/admin/registration.php";
@@ -228 +235 @@
         }
 
-        if (MCWPSiteInfo::isCWServer() && !$this->bvinfo->isManualSignup()) {
+        if ($this->bvinfo->canSetCWBranding()) {
             $brand = $this->cwBrandInfo();
             if (array_key_exists('name', $brand)) {

malcare-security/trunk/wp_cli.php

@@ -30 +30 @@
             'Authorization' => "BVAPI-HMAC {$params['account_public']}:{$params['sig']}:{$params['timestamp']}"
         );
-        $this->request($url, $request_params, $headers);
+
+        $resp = $this->request($url, $request_params, $headers);
+
+        $this->updateAccountInfo($resp);
+
+        $this->handle_response($resp);
     }
 
@@ -56 +61 @@
             WP_CLI::error('Account not found');
         }
-        $this->request($account->authenticatedUrl('/bvapi/disable_fw'));
+        $resp = $this->request($account->authenticatedUrl('/bvapi/disable_fw'));
+        $this->handle_response($resp);
     }
 
@@ -64 +70 @@
             WP_CLI::error('Account not found.');
         }
-        $this->request($account->authenticatedUrl('/bvapi/enable_fw'));
+        $resp = $this->request($account->authenticatedUrl('/bvapi/enable_fw'));
+        $this->handle_response($resp);
     }
 
     public function disconnect($args, $params) {
+        $status = false;
         if (isset($params['public_key'])) {
-            if (strlen($params['public_key']) >= 32) {
-                $status = MCAccount::remove($this->settings, $params['public_key']);
-                if ($status) {
-                    WP_CLI::success('Account Keys removed successfully.');
-                } else {
-                    WP_CLI::error('No Account with provided public key exists.');
-                }
-            } else {
-                WP_CLI::error('Invalid Public Key.');
-            }
+            $status = MCAccount::remove($this->settings, $params['public_key']);
+        } else if(isset($params['account_type'])) {
+            $status = MCAccount::removeByAccountType($this->settings, $params['account_type']);
+        } else if(isset($params['account_gid'])) {
+            $status = MCAccount::removeByAccountGid($this->settings, $params['account_gid']);
         } else {
-            WP_CLI::error('Please Provide Public Key.');
+            WP_CLI::error('Input Params are incorrect. Please validate the params.');
+        }
+
+        if ($status) {
+            WP_CLI::success('Account removed successfully.');
+        } else {
+            WP_CLI::error('No Account exists.');
         }
     }
@@ -86 +95 @@
     private function request($url, $request_params = array(), $headers = array()) {
         $resp = $this->bvapi->http_request($url, $request_params, $headers);
-        $this->handle_response($resp);
+        return $resp;
+    }
+
+    private function updateAccountInfo($resp) {
+        if(isset($resp["response"]) && isset($resp["response"]["code"]) && ($resp["response"]["code"] == 200)) {
+            if (isset($resp["body"])) {
+                $body = json_decode($resp["body"], true);
+                if (isset($body["account_info"])) {
+                    $info = $body["account_info"];
+                    MCAccount::addAccount($this->settings, $info['pubkey'], $info['secret']);
+                    $account = MCAccount::find($this->settings, $info['pubkey']);
+                    $account->updateInfo($info);
+                }
+            }
+        }
     }