Changeset 3238410
- Timestamp:
- 02/11/2025 08:33:56 AM (14 months ago)
- Location:
- defend-wp-firewall/trunk
- Files:
-
- 36 edited
-
admin/class-defend-wp-firewall-service.php (modified) (4 diffs)
-
admin/class-defend-wp-firewall-settings.php (modified) (6 diffs)
-
admin/class-purge-plugins-cache.php (modified) (2 diffs)
-
admin/js/defend-wp-firewall-admin.js (modified) (1 diff)
-
admin/views/defend-wp-firewall-initial-setup.php (modified) (1 diff)
-
admin/views/defend-wp-firewall-log-rows-template.php (modified) (1 diff)
-
admin/views/defend-wp-firewall-settings-display.php (modified) (2 diffs)
-
defend-wp-firewall-constants.php (modified) (2 diffs)
-
defend-wp-firewall.php (modified) (2 diffs)
-
functions/base-functions.php (modified) (6 diffs)
-
functions/cookie-functions.php (modified) (4 diffs)
-
functions/firewall-functions.php (modified) (15 diffs)
-
functions/htaccess-functions.php (modified) (1 diff)
-
functions/login-functions.php (modified) (1 diff)
-
functions/plugins-manager-functions.php (modified) (3 diffs)
-
functions/post-manager-functions.php (modified) (4 diffs)
-
functions/remove-action-filter.php (modified) (1 diff)
-
functions/run-functions.php (modified) (1 diff)
-
functions/shortcode-functions.php (modified) (4 diffs)
-
functions/user-manager-functions.php (modified) (1 diff)
-
hooks/blocklist-functions.php (modified) (4 diffs)
-
hooks/js/blocklist-common.js (modified) (1 diff)
-
hooks/js/nonce.js (modified) (1 diff)
-
hooks/plugins-manager-functions.php (modified) (1 diff)
-
hooks/post-manager-functions.php (modified) (1 diff)
-
hooks/remove-action-filter.php (modified) (1 diff)
-
hooks/run-functions.php (modified) (1 diff)
-
hooks/shortcode-functions.php (modified) (1 diff)
-
includes/class-defend-wp-firewall-logs.php (modified) (2 diffs)
-
includes/class-defend-wp-firewall-options.php (modified) (2 diffs)
-
includes/class-defend-wp-firewall.php (modified) (5 diffs)
-
includes/defend-wp-firewall-custom-functions.php (modified) (2 diffs)
-
includes/defend-wp-firewall-generic-functions.php (modified) (5 diffs)
-
includes/view/block-access.php (modified) (2 diffs)
-
readme.txt (modified) (3 diffs)
-
uninstall.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
defend-wp-firewall/trunk/admin/class-defend-wp-firewall-service.php
r3160264 r3238410 35 35 36 36 public function send_sevice_request( $request_data = array(), $url = '' ) { 37 $body = apply_filters( 'defend_wp_firewall_service_request', $request_data );37 $body = apply_filters( 'defend_wp_firewall_service_request', $request_data ); 38 38 $http_args = array( 39 39 'headers' => array( 'Content-Type' => 'application/json' ), … … 166 166 167 167 public function collect_urls() { 168 return array( 169 'url' => site_url(), 170 'home_url' => home_url(), 171 ); 168 return defend_wp_firewall_collect_urls(); 172 169 } 173 170 … … 203 200 $this->defend_wp_firewall_options->set_option( 'dfwp_firewall_last_sync', time() ); 204 201 return $this->defend_wp_firewall_options->set_option( 'dfwp_firewall', wp_json_encode( $response['rules'] ), true ); 202 } elseif ( ! empty( $this->defend_wp_firewall_options->get_option( 'dfwp_pub_key' ) ) ) { 203 return true; 205 204 } 206 205 } … … 310 309 $response = $this->send_sevice_request( $params, $this->update_site_meta ); 311 310 if ( ! empty( $response ) && ! empty( $response['status'] ) && $response['status'] === 'success' ) { 312 return $this->defend_wp_firewall_options->set_option( 'dfwp_join_email', $email );311 return $this->defend_wp_firewall_options->set_option( 'dfwp_join_email', $email, true ); 313 312 } 314 313 -
defend-wp-firewall/trunk/admin/class-defend-wp-firewall-settings.php
r3160264 r3238410 29 29 public function allowed_post_tags() { 30 30 $allowed_atts = array( 31 'align' => array(), 32 'class' => array(), 33 'type' => array(), 34 'id' => array(), 35 'dir' => array(), 36 'lang' => array(), 37 'style' => array( 'display' ), 38 'xml:lang' => array(), 39 'src' => array(), 40 'alt' => array(), 41 'href' => array(), 42 'rel' => array(), 43 'rev' => array(), 44 'target' => array(), 45 'novalidate' => array(), 46 'value' => array(), 47 'name' => array(), 48 'tabindex' => array(), 49 'action' => array(), 50 'method' => array(), 51 'for' => array(), 52 'width' => array(), 53 'height' => array(), 54 'data' => array(), 55 'title' => array(), 56 'checked' => array(), 57 'this_type' => array(), 58 'this_id' => array(), 59 'data-navid' => array(), 60 'parent_prev_id' => array(), 31 'align' => array(), 32 'class' => array(), 33 'type' => array(), 34 'id' => array(), 35 'dir' => array(), 36 'lang' => array(), 37 'style' => array( 'display' ), 38 'xml:lang' => array(), 39 'src' => array(), 40 'alt' => array(), 41 'href' => array(), 42 'rel' => array(), 43 'rev' => array(), 44 'target' => array(), 45 'novalidate' => array(), 46 'value' => array(), 47 'name' => array(), 48 'tabindex' => array(), 49 'action' => array(), 50 'method' => array(), 51 'for' => array(), 52 'width' => array(), 53 'height' => array(), 54 'data' => array(), 55 'title' => array(), 56 'checked' => array(), 57 'this_type' => array(), 58 'this_id' => array(), 59 'data-navid' => array(), 60 'parent_prev_id' => array(), 61 'multiple' => array(), 62 'data-placeholder' => array(), 63 'selected' => array(), 61 64 ); 62 65 $allowed_atts = apply_filters( 'defend_wp_firewall_settings_allowed_attr', $allowed_atts ); … … 67 70 $allowed_post_tags['form'] = $allowed_atts; 68 71 $allowed_post_tags['a'] = $allowed_atts; 72 $allowed_post_tags['select'] = $allowed_atts; 73 $allowed_post_tags['option'] = $allowed_atts; 69 74 $allowed_post_tags = apply_filters( 'defend_wp_firewall_settings_allowed_tags', $allowed_post_tags ); 70 75 return $allowed_post_tags; … … 100 105 $this->defend_wp_firewall_options->set_option( 'disable_xml_rpc_request', $this_settings['disable_xml_rpc_request'] ?? 'yes', true ); 101 106 $this->defend_wp_firewall_options->set_option( 'enable_sanitize_request', $this_settings['enable_sanitize_request'] ?? 'yes', true ); 107 $this->defend_wp_firewall_options->set_option( 'enable_auto_update', $this_settings['enable_auto_update'] ?? 'yes', true ); 102 108 103 109 global $defend_wp_firewall_all_configs; … … 256 262 <div class="ml-3"> 257 263 <p class="text-xs text-yellow-700">If you are facing any page loading or data displaying issues on your website, please clear all the caches. If you use a cache plugin or your hosting provider has a caching service, clear that as well.<br><br>If the issue persists, disable this setting and 258 <a class="font-medium text-yellow-700 underline hover:text-yellow-600" href="mailto:help@defendwp. com?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F">contact us</a>.264 <a class="font-medium text-yellow-700 underline hover:text-yellow-600" href="mailto:help@defendwp.org?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F">contact us</a>. 259 265 </p> 260 266 </div> … … 274 280 </div> 275 281 <div class="ml-3 text-sm leading-6"> 276 <label for="enable_sanitize_request" class="font-medium text-gray-900 -mt-1 inline-block">Enable Sanitize request for non-admins</label>277 <p id="enable_sanitize_request-description" class="text-gray-500">It will perform esc_html() for all the <span class="rounded-md py-1 px-2 text-xs font-medium ring-1 ring-inset text-gray-600 bg-gray-50 ring-gray-500/10 font-mono">GET</span> and <span class="rounded-md py-1 px-2 text-xs font-medium ring-1 ring-inset text-gray-600 bg-gray-50 ring-gray-500/10 font-mono">POST</span> requests.</p>282 <label for="enable_sanitize_request" class="font-medium text-gray-900 -mt-1 inline-block">Enable Sanitize requests</label> 283 <p id="enable_sanitize_request-description" class="text-gray-500">It will sanitize all <span class="rounded-md py-1 px-2 text-xs font-medium ring-1 ring-inset text-gray-600 bg-gray-50 ring-gray-500/10 font-mono">GET</span> and <span class="rounded-md py-1 px-2 text-xs font-medium ring-1 ring-inset text-gray-600 bg-gray-50 ring-gray-500/10 font-mono">POST</span> requests that match the firewall rules.</p> 278 284 </div> 279 285 </div> … … 418 424 <div class="dfwp-nav-dec" id="dfwp-advanced" style="display: none;"> 419 425 <h2 class="text-base font-semibold leading-7 text-gray-900 px-5 py-3 bg-gray-50 rounded-tr-lg border-b">Advanced</h2> 420 <fieldset class=" border-b border-gray-200 pb-5"> 421 <div class="relative flex items-start pt-3.5 px-5"> 422 <div class="flex h-6 items-center"> 423 <div class="text-sm leading-6 flex items-center"> 424 <p class="text-gray-500"> 426 <fieldset class=" border-b border-gray-200"> 427 <div class="divide-y divide-gray-200"> 428 <div class="relative flex items-start pt-3.5 pb-4 px-5"> 429 <div class="flex h-6 items-center"> 430 <div class="text-sm leading-6 flex items-center"> 431 <p class="text-gray-500"> 432 433 <?php 434 if ( ! empty( $all_configs_dwp['dfwp_firewall_last_sync'] ) ) { 435 echo 'Last sync '; 436 $date_time_format = get_option( 'date_format' ) . ' ' . get_option( 'time_format' ); 437 echo esc_html( wp_date( $date_time_format, $all_configs_dwp['dfwp_firewall_last_sync'] ) ); 438 } 439 ?> 440 </p> 441 <div class="flex"> 442 <button class="sync_firewall_dfwp inline-flex items-center justify-center rounded-md bg-lime-600 ml-2 px-2 py-1 text-sm font-medium text-white shadow-sm hover:bg-lime-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600 w-auto top-px">Sync Firewall</button> 443 <button class="revoke_connect_firewall_dfwp inline-flex items-center justify-center rounded-md bg-red-600 ml-2 px-2 py-1 text-sm font-medium text-white shadow-sm hover:bg-red-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-red-600 w-auto top-px">Revoke & Connect</button> 444 </div> 425 445 446 </div> 447 </div> 448 </div> 449 <div class="relative flex items-start pb-4 pt-3.5 px-5"> 450 <div class="flex h-6 items-center"> 451 <input id="enable_auto_update" 426 452 <?php 427 if ( ! empty( $all_configs_dwp['dfwp_firewall_last_sync'] ) ) { 428 echo 'Last sync '; 429 $date_time_format = get_option( 'date_format' ) . ' ' . get_option( 'time_format' ); 430 echo esc_html( wp_date( $date_time_format, $all_configs_dwp['dfwp_firewall_last_sync'] ) ); 453 if ( ! empty( $all_configs_dwp ) && ! empty( $all_configs_dwp['enable_auto_update'] ) && $all_configs_dwp['enable_auto_update'] == 'yes' ) { 454 echo 'checked'; 431 455 } 432 456 ?> 433 </p> 434 <div class="flex"> 435 <button class="sync_firewall_dfwp inline-flex items-center justify-center rounded-md bg-lime-600 ml-2 px-2 py-1 text-sm font-medium text-white shadow-sm hover:bg-lime-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600 w-auto top-px">Sync Firewall</button> 436 <button class="revoke_connect_firewall_dfwp inline-flex items-center justify-center rounded-md bg-red-600 ml-2 px-2 py-1 text-sm font-medium text-white shadow-sm hover:bg-red-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-red-600 w-auto top-px">Revoke & Connect</button> 457 name="enable_auto_update" type="checkbox" class="h-4 w-4 rounded border-gray-300 text-indigo-600 focus:ring-indigo-600" value="yes"> 437 458 </div> 438 439 </div> 459 <div class="ml-3 text-sm leading-6"> 460 <label for="enable_auto_update" class="font-medium text-gray-900 -mt-1 inline-block">Enable Auto Update</label> 461 <p id="enable_auto_update-description" class="text-gray-500">DefendWP Firewall plugin will be updated automatically.</p> 462 </div> 440 463 </div> 441 464 </div> -
defend-wp-firewall/trunk/admin/class-purge-plugins-cache.php
r3160264 r3238410 14 14 15 15 public function admin_notices() { 16 16 $pub_key = $this->defend_wp_firewall_options->get_option( 'dfwp_pub_key' ); 17 if ( empty( $pub_key ) ) { 18 return; 19 } 17 20 $enable_defendwp_nonce = $this->defend_wp_firewall_options->get_option( 'enable_defendwp_nonce' ); 18 21 if ( ! empty( $enable_defendwp_nonce ) && $enable_defendwp_nonce == 'yes' ) { … … 34 37 "<p> <strong>DefendWP: Clear all your cache</strong> </p> 35 38 <p>To ensure AJAX requests are handled properly, please clear all the caches. If you use a cache plugin or your hosting provider has a caching service, clear that as well. 36 If you face any issues, please <a class='font-medium text-yellow-700 underline hover:text-yellow-600' href='mailto:help@defendwp. com?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F'>contact us</a> </p><button type='button' class='notice-dismiss'><span class='screen-reader-text'>Dismiss this notice.</span></button>"39 If you face any issues, please <a class='font-medium text-yellow-700 underline hover:text-yellow-600' href='mailto:help@defendwp.org?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F'>contact us</a> </p><button type='button' class='notice-dismiss'><span class='screen-reader-text'>Dismiss this notice.</span></button>" 37 40 ); 38 41 } -
defend-wp-firewall/trunk/admin/js/defend-wp-firewall-admin.js
r3160264 r3238410 15 15 ls_settings['htaccess_themes_php'] = jQuery('#htaccess_themes_php:checked').val() || 'no'; 16 16 ls_settings['htaccess_protect_files'] = jQuery('#htaccess_protect_files:checked').val() || 'no'; 17 ls_settings['enable_auto_update'] = jQuery('#enable_auto_update:checked').val() || 'no'; 17 18 ls_settings['enable_dfwp_firewall'] = jQuery('#enable_dfwp_firewall:checked').val() || 'no'; 18 19 ls_settings['disable_xml_rpc_request'] = jQuery('#disable_xml_rpc_request:checked').val() || 'no'; -
defend-wp-firewall/trunk/admin/views/defend-wp-firewall-initial-setup.php
r3160264 r3238410 47 47 <div class="dfwp-error"> 48 48 <div class="mt-5 sm:mt-6 sm:grid sm:grid-flow-row-dense sm:grid-cols-2 sm:gap-3 flex"> 49 < button type="button" class="inline-flex w-full justify-center rounded-md bg-indigo-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600 sm:col-start-2">Contact us</button>49 <a href="mailto:[email protected]" type="button" class="inline-flex w-full justify-center rounded-md bg-indigo-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600 sm:col-start-2">Contact us</a> 50 50 <button type="button" class="mt-3 inline-flex w-full justify-center rounded-md bg-white px-3 py-2 text-sm font-semibold text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 hover:bg-gray-50 sm:col-start-1 sm:mt-0" onClick="defend_wp_firewall_refresh_page()">Connect again</button> 51 51 </div> -
defend-wp-firewall/trunk/admin/views/defend-wp-firewall-log-rows-template.php
r3160264 r3238410 198 198 <div class="ml-3"> 199 199 <p class="text-xs text-yellow-700">If you are facing any page loading or data displaying issues on your website, please clear all the caches. If you use a cache plugin or your hosting provider has a caching service, clear that as well.<br><br> 200 If the issue persists, disable the 'Add DefendWP nonce for all requests' under Settings › 'GET & POST Requests' and <a class="font-medium text-yellow-700 underline hover:text-yellow-600" href="mailto:help@defendwp. com?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F">contact us</a>.200 If the issue persists, disable the 'Add DefendWP nonce for all requests' under Settings › 'GET & POST Requests' and <a class="font-medium text-yellow-700 underline hover:text-yellow-600" href="mailto:help@defendwp.org?subject=Facing%20issue%20with%20page%20loading%20or%20data%20displaying&body=I%20was%20facing%20issues%20with%20the%20website%20and%20disabled%20the%20'Add%20DefendWP%20nonce%20for%20all%20requests'%20as%20instructed.%20What%20next%3F">contact us</a>. 201 201 </p> 202 202 </div> -
defend-wp-firewall/trunk/admin/views/defend-wp-firewall-settings-display.php
r3160264 r3238410 82 82 <p class="text-sm text-blue-700">Welcome to DefendWP. This is the Settings page where we have pre-configured 83 83 the rules for your website's best defence. Feel free customize the rules to your needs.<br><br>If you 84 need any assistance with this, please reach out at <a class="underline" href="mailto:help@defendwp. com"85 target="_blank">help@defendwp. com</a>.</p>84 need any assistance with this, please reach out at <a class="underline" href="mailto:help@defendwp.org" 85 target="_blank">help@defendwp.org</a>.</p> 86 86 <div class="ml-auto pl-3"> 87 87 <div class="-mx-1.5 -my-1.5"> … … 102 102 <?php } ?> 103 103 104 <div class="flex bg-white shadow rounded-lg mt-2" style="max-width: 8 00px;">104 <div class="flex bg-white shadow rounded-lg mt-2" style="max-width: 850px;"> 105 105 <div class="flex flex-col"> 106 <div class="flex grow flex-col gap-y-5 overflow-y-auto border-r border-gray-200 px-6 py-4" style="width: 2 55px;">106 <div class="flex grow flex-col gap-y-5 overflow-y-auto border-r border-gray-200 px-6 py-4" style="width: 280px;"> 107 107 <nav class="flex flex-col"> 108 108 <ul role="list" class="flex flex-col gap-y-7"> -
defend-wp-firewall/trunk/defend-wp-firewall-constants.php
r3160264 r3238410 80 80 81 81 public function versions() { 82 $this->define( 'DEFEND_WP_FIREWALL_VERSION', '1. 0.0' );82 $this->define( 'DEFEND_WP_FIREWALL_VERSION', '1.1.0' ); 83 83 $this->define( 'DEFEND_WP_FIREWALL_DATABASE_VERSION', '1.0' ); 84 84 } … … 96 96 97 97 $this->define( 'DEFEND_WP_FIREWALL_VALIDATE_FREQUENCY', 86400 ); 98 $this->define( 'DEFEND_WP_FIREWALL_SERVICE_URL', 'https://cron.defendwp. com' );98 $this->define( 'DEFEND_WP_FIREWALL_SERVICE_URL', 'https://cron.defendwp.org' ); 99 99 $this->define( 'DEFEND_WP_FIREWALL_LIMIT_LOGIN_TRIES_COUNT', 15 ); 100 $this->define( 'DEFEND_WP_FIREWALL_SITE_URL', 'https://defendwp.com/' );101 100 $this->define( 'DEFEND_WP_FIREWALL_SETTINGS_PAGE_URL', ( admin_url( 'admin.php?page=dfwp_settings' ) ) ); 102 101 $this->define( 'DEFEND_WP_FIREWALL_LATER_URL', ( admin_url( 'admin.php?page=dfwp_settings&dfwp_join=later' ) ) ); -
defend-wp-firewall/trunk/defend-wp-firewall.php
r3160264 r3238410 4 4 * 5 5 * @link https://revmakx.com 6 * @since 1. 0.06 * @since 1.1.0 7 7 * @package Defend_WP_Firewall 8 8 * 9 9 * @wordpress-plugin 10 10 * Plugin Name: DefendWP Firewall 11 * Plugin URI: https://defendwp. com11 * Plugin URI: https://defendwp.org 12 12 * Description: Defend your WordPress sites with free instant patches for disclosed vulnerabilities in the WP core, plugins and themes. 13 * Version: 1. 0.013 * Version: 1.1.0 14 14 * Author: Revmakx 15 15 * Author URI: https://revmakx.com … … 26 26 define( 'DEFEND_WP_FIREWALL_MAIN_FILE', __FILE__ ); 27 27 define( 'DEFEND_WP_FIREWALL_PATH', plugin_dir_path( DEFEND_WP_FIREWALL_MAIN_FILE ) ); 28 define( 29 'DEFEND_WP_FIREWALL_BASENAME', 30 function_exists( 'plugin_basename' ) ? plugin_basename( __FILE__ ) : 31 basename( __DIR__ ) . '/' . basename( __FILE__ ) 32 ); 28 33 29 34 require DEFEND_WP_FIREWALL_PATH . 'defend-wp-firewall-constants.php'; -
defend-wp-firewall/trunk/functions/base-functions.php
r3160264 r3238410 59 59 `id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, 60 60 `type` varchar(190) NOT NULL, 61 `firewall_id` varchar(190) NULL, 61 62 `title` text NOT NULL, 62 63 `message` text NOT NULL, … … 65 66 `extra` text NOT NULL, 66 67 `ts` bigint(20) NOT NULL, 67 `hr_time` varchar(150) NOT NULL 68 `hr_time` varchar(150) NOT NULL, 69 `data_collected` enum('0','1') DEFAULT '0' 68 70 ) COLLATE 'utf8mb4_general_ci';"; 69 71 … … 73 75 `id` bigint NOT NULL AUTO_INCREMENT PRIMARY KEY, 74 76 `type` varchar(190) NOT NULL, 77 `firewall_id` varchar(190) NULL, 75 78 `title` text NOT NULL, 76 79 `message` text NOT NULL, … … 79 82 `extra` text NOT NULL, 80 83 `ts` bigint(20) NOT NULL, 81 `hr_time` varchar(150) NOT NULL 84 `hr_time` varchar(150) NOT NULL, 85 `data_collected` enum('0','1') DEFAULT '0' 82 86 ) COLLATE 'utf8mb4_general_ci';", 83 87 $table_name … … 221 225 $enc_uploads_url = base64_encode( $upload_dir_meta['baseurl'] ); 222 226 223 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_url', get_home_url() );224 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_url_enc', $enc_site_url );225 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_admin_url_enc', $enc_admin_url );226 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_uploads_url_enc', $enc_uploads_url );227 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_url', get_home_url(), true ); 228 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_url_enc', $enc_site_url, true ); 229 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_admin_url_enc', $enc_admin_url, true ); 230 $this->defend_wp_firewall_options->set_option( 'defend_wp_firewall_uploads_url_enc', $enc_uploads_url, true ); 227 231 228 232 $this->defend_wp_firewall_options->set_option( 'initial_flags_set', 1 ); … … 230 234 $ip_site_unique_id_dfwp = $this->defend_wp_firewall_options->get_option( 'ip_site_unique_id_dfwp' ); 231 235 if ( empty( $ip_site_unique_id_dfwp ) ) { 232 $new_unique_id = uniqid();236 $new_unique_id = hash( 'sha256', uniqid() ); 233 237 $this->defend_wp_firewall_options->set_option( 'ip_site_unique_id_dfwp', $new_unique_id ); 234 238 } -
defend-wp-firewall/trunk/functions/cookie-functions.php
r3160264 r3238410 7 7 class Defend_WP_Firewall_Cookie_Functions { 8 8 public $user_cookie; 9 private $ipify_ip_dfwp = 'ipify_ip_dfwp'; 9 10 10 11 public function __construct() { … … 34 35 35 36 defend_wp_firewall_log( $cookie_name, '--------delete_user_cookie--------' ); 37 if ( ! isset( $_COOKIE[ $cookie_name ] ) ) { 38 return; 39 } 36 40 37 41 unset( $_COOKIE[ $cookie_name ] ); … … 47 51 48 52 $this_enc_ip = base64_encode( $this_ip . '||||' . $ip_site_unique_id_dfwp ); 49 $this->make_user_cookie( 'ipify_ip_dfwp', $this_enc_ip );53 $this->make_user_cookie( $this->ipify_ip_dfwp, $this_enc_ip ); 50 54 } 51 55 52 56 public function get_ipify_ip_from_cookie() { 53 $this_ip = $this->get_user_cookie( 'ipify_ip_dfwp');57 $this_ip = $this->get_user_cookie( $this->ipify_ip_dfwp ); 54 58 55 59 if ( empty( $this_ip ) ) { … … 77 81 return sanitize_text_field( $this_ip_arr[0] ); 78 82 } 83 84 public function delete_ipify_cookie() { 85 $this->delete_user_cookie( $this->ipify_ip_dfwp ); 86 } 79 87 } -
defend-wp-firewall/trunk/functions/firewall-functions.php
r3160264 r3238410 23 23 private $skip_request_methods_for_key_match = array( 'url' ); 24 24 private $skip_request_methods_for_full_match = array( 'url' ); 25 private $rule_register_functions = array( 'wp_check_filetype', 'defend_wp_users_can_register' ); 25 private $rule_register_functions = array( 'wp_check_filetype', 'defend_wp_users_can_register', 'get_post_meta', 'get_post_type', 'is_email', 'get_current_user_id' ); 26 private $callable_action_hooks = array( 'wp_logout', 'do_sanitize', 'remove_action', 'remove_filter', 'shortcode_rules', 'do_full_sanitize', 'deactivate_plugin', 'wp_post_restrictions', 'wp_user_restrictions', 'run' ); 26 27 27 28 public function __construct() { … … 186 187 $this->post_firewall_check(); 187 188 188 189 do_action( 'defend_wp_firewall_after_firewall_run', $this ); 189 190 } 190 191 … … 195 196 continue; 196 197 } 197 198 198 if ( ! empty( $dfwp_nonce_rules ) && in_array( $request_type, $this->nonce_supported_request_methods, true ) ) { 199 199 $this->nonce_checker( $dfwp_nonce_rules, $request_method, $request_type ); … … 227 227 228 228 public function process_data_run_rule( $request_value, $request_key, $request_type ) { 229 if ( is_string( $request_value ) ) { 230 229 if ( ! is_null( $request_value ) ) { 231 230 $result = $this->run_all_rules( $request_value, $request_key, $request_type ); 232 231 if ( $result !== false ) { … … 266 265 $formated_array['request_key'] = $request_key; 267 266 $formated_array['request_type'] = $request_type; 268 269 $filtered_value = apply_filters( 'defend_wp_firewall_request_after_run_all_rules', $formated_array ); 267 $filtered_value = apply_filters( 'defend_wp_firewall_request_after_run_all_rules', $formated_array ); 270 268 271 269 if ( ! empty( $filtered_value ) && isset( $filtered_value['request_value'] ) ) { … … 284 282 $request_key = $filtered_value['request_key']; 285 283 } 286 287 284 foreach ( $request_value as $a_key => $loop_value ) { 288 285 $filtered_value = $this->process_data_run_rule( $loop_value, $a_key, $request_type ); … … 477 474 foreach ( $run_functions as $func_args ) { 478 475 if ( in_array( $func_args['name'], $this->rule_register_functions, true ) && function_exists( $func_args['name'] ) ) { 479 $func_return = call_user_func( $func_args['name'], urldecode( $data ) ); 480 if ( ! empty( $func_args['result_key'] ) ) { 481 if ( isset( $func_return[ $func_args['result_key'] ] ) && $func_return[ $func_args['result_key'] ] ) { 476 $func_return = call_user_func( $func_args['name'], defend_wp_firewall_detect_and_sanitize_sql_injection( sanitize_text_field( urldecode( $data ) ) ) ); 477 if ( $func_args['name'] === 'get_user_by' && is_object( $func_return ) ) { 478 if ( $func_return->$func_args['result_key'] == $func_args['result_value'] ) { 479 $return_value = false; 480 } 481 } elseif ( ! empty( $func_args['match_data'] ) && $data != $func_return ) { 482 $return_value = false; 483 } elseif ( ! empty( $func_args['result_key'] ) ) { 484 if ( isset( $func_return[ $func_args['result_key'] ] ) && $func_return[ $func_args['result_key'] ] && ! empty( $func_args['result'] ) && $func_return[ $func_args['result_key'] ] === $func_args['result'] ) { 485 $return_value = false; 486 } elseif ( isset( $func_return[ $func_args['result_key'] ] ) && $func_return[ $func_args['result_key'] ] ) { 482 487 $return_value = false; 483 488 } 484 489 } elseif ( isset( $func_args['result'] ) && $func_args['result'] != $func_return ) { 485 490 $return_value = false; 486 } elseif ( $func_return ) { 487 $return_value = false; 491 } 492 493 if ( ! empty( $condition['return'] ) ) { 494 if ( isset( $condition['return']['function'] ) ) { 495 $return = $condition['return']['function']; 496 if ( $return === $return_value ) { 497 $return_value = true; 498 } else { 499 $return_value = false; 500 } 501 } 488 502 } 489 503 } … … 608 622 defend_wp_firewall_die( 609 623 array( 610 'type' => 'firewall', 611 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 612 'message' => 'Access denied by firewall.', 613 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 624 'type' => 'firewall', 625 'firewall_id' => $firewall_id, 626 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 627 'message' => 'Access denied by firewall.', 628 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 614 629 ), 615 630 $matched_rule['options']['log'], … … 653 668 } 654 669 } 670 foreach ( $value['options'] as $options_key => $options_value ) { 671 if ( in_array( $options_key, $this->callable_action_hooks, true ) && ! empty( $options_value ) ) { 672 do_action( 'defend_wp_firewall_' . $options_key, $value ); 673 } 674 } 655 675 } 656 676 return $return_array; … … 661 681 foreach ( $data as $a_key => $value ) { 662 682 if ( ! empty( $data[ $a_key ]['options']['nonce_check'] ) ) { 683 if ( isset( $data[ $a_key ]['options']['nonce_check']['is_dfwp'] ) && $data[ $a_key ]['options']['nonce_check']['is_dfwp'] && $this->is_nonce_enabled() === true ) { 684 $return_array[] = $value; 685 } 663 686 if ( ! empty( $data[ $a_key ]['options']['nonce_check']['nonce'] ) ) { 664 if ( ! isset( $data[ $a_key ]['options']['nonce_check']['is_dfwp'] ) && $data[ $a_key ]['options']['nonce_check']['is_dfwp'] && $this->is_nonce_enabled() === false ) {665 continue;666 }667 687 $return_array[] = $value; 668 688 } … … 799 819 } 800 820 } 801 802 if (!empty( $rule_item['options']['remove_action'] ) && !empty($rule_item['options']['remove_action']['skip_firewall'])) { 803 return true; 804 } 805 806 if (!empty( $rule_item['options']['remove_filter'] ) && !empty($rule_item['options']['remove_filter']['skip_firewall'])) { 807 return true; 808 } 821 822 if ( ! empty( $rule_item['options']['run'] ) && ! empty( $rule_item['options']['run']['skip_firewall'] ) ) { 823 return true; 824 } 825 826 if ( ! empty( $rule_item['options']['remove_action'] ) && ! empty( $rule_item['options']['remove_action']['skip_firewall'] ) ) { 827 return true; 828 } 829 830 if ( ! empty( $rule_item['options']['remove_filter'] ) && ! empty( $rule_item['options']['remove_filter']['skip_firewall'] ) ) { 831 return true; 832 } 809 833 810 834 return false; … … 1392 1416 if ( in_array( $func_name, $funcs, true ) && function_exists( $func_name ) ) { 1393 1417 if ( ! empty( $options['value_sanitize'] ) ) { 1394 $request_value = call_user_func( $func_name, $request_value ); 1418 if ( ! empty( $options['value_args'] ) ) { 1419 $request_value = call_user_func( $func_name, $request_value, $options['value_args'] ); 1420 } else { 1421 $request_value = call_user_func( $func_name, $request_value ); 1422 } 1395 1423 } 1396 1424 if ( ! empty( $options['key_sanitize'] ) ) { 1425 if ( ! empty( $options['key_args'] ) ) { 1426 $request_key = call_user_func( $func_name, $request_key, $options['key_args'] ); 1427 } else { 1428 $request_key = call_user_func( $func_name, $request_key ); 1429 } 1397 1430 $request_key = call_user_func( $func_name, $request_key ); 1398 1431 } … … 1407 1440 1408 1441 public function get_registered_sanitize_functions() { 1409 $func = array( 'sanitize_email', 'sanitize_file_name', 'sanitize_hex_color', 'sanitize_hex_color_no_hash', 'sanitize_html_class', 'sanitize_key', 'sanitize_meta', 'sanitize_mime_type', 'sanitize_option', 'sanitize_sql_orderby', 'sanitize_term', 'sanitize_term_field', 'sanitize_text_field', 'sanitize_textarea_field', 'sanitize_title', 'sanitize_title_for_query', 'sanitize_locale_name', 'sanitize_title_with_dashes', 'sanitize_user', 'sanitize_url', 'sanitize_trackback_urls', 'wp_kses', 'wp_kses_post', 'wp_kses_data', 'esc_sql', 'esc_url', 'esc_url_raw', 'esc_js', 'esc_html', 'esc_attr', 'esc_textarea', 'esc_xml', 'wp_unslash', 'intval', 'defend_wp_firewall_esc_like', 'defend_wp_firewall_wpdb_real_escape', 'absint', 'defend_wp_firewall_detect_and_sanitize_sql_injection', 'defend_wp_firewall_do_sql_sanitize', 'defend_wp_firewall_prepare_in_int', '__return_empty_string', 'defend_wp_firewall_delete_cookie', 'defend_wp_firewall_wp_safe_redirect_check', 'floatval' );1442 $func = array( 'sanitize_email', 'sanitize_file_name', 'sanitize_hex_color', 'sanitize_hex_color_no_hash', 'sanitize_html_class', 'sanitize_key', 'sanitize_meta', 'sanitize_mime_type', 'sanitize_option', 'sanitize_sql_orderby', 'sanitize_term', 'sanitize_term_field', 'sanitize_text_field', 'sanitize_textarea_field', 'sanitize_title', 'sanitize_title_for_query', 'sanitize_locale_name', 'sanitize_title_with_dashes', 'sanitize_user', 'sanitize_url', 'sanitize_trackback_urls', 'wp_kses', 'wp_kses_post', 'wp_kses_data', 'esc_sql', 'esc_url', 'esc_url_raw', 'esc_js', 'esc_html', 'esc_attr', 'esc_textarea', 'esc_xml', 'wp_unslash', 'intval', 'defend_wp_firewall_esc_like', 'defend_wp_firewall_wpdb_real_escape', 'absint', 'defend_wp_firewall_detect_and_sanitize_sql_injection', 'defend_wp_firewall_do_sql_sanitize', 'defend_wp_firewall_prepare_in_int', '__return_empty_string', 'defend_wp_firewall_delete_cookie', 'defend_wp_firewall_wp_safe_redirect_check', 'floatval', 'escapeshellarg', 'defend_wp_firewall_delete_not_allowed_shortcodes', 'defend_wp_sanitize_file_name' ); 1410 1443 1411 1444 return apply_filters( 'defend_wp_get_registered_sanitize_functions', $func ); … … 1431 1464 1432 1465 $firewall_id = $this->find_matched_rule( $dfwp_firewall_rules, $data, $data_key, $request_type, $this->sanitize_matched_rules, true ); 1466 if ( $firewall_id !== false ) { 1467 $this->process_matched_sanitize_rule( $firewall_id ); 1468 return true; 1469 } 1470 } else { 1471 $firewall_id = $this->find_matched_rule( $dfwp_firewall_rules, '_dfwp_dummy_value', $data_key, $request_type, $this->sanitize_matched_rules, true ); 1433 1472 if ( $firewall_id !== false ) { 1434 1473 $this->process_matched_sanitize_rule( $firewall_id ); … … 1513 1552 $request_value = $formated_array['request_value']; 1514 1553 1515 if ( empty( $formated_array['request_key'] ) ) {1554 if ( ! isset( $formated_array['request_key'] ) ) { 1516 1555 return $formated_array; 1517 1556 } -
defend-wp-firewall/trunk/functions/htaccess-functions.php
r3160264 r3238410 205 205 'readme.txt', 206 206 'wp-config.php', 207 'wp-config-sample.php', 207 208 'error_log', 208 209 'php_errorlog', 210 'debug.log', 209 211 ); 210 212 -
defend-wp-firewall/trunk/functions/login-functions.php
r3160264 r3238410 47 47 defend_wp_firewall_die( 48 48 array( 49 'type' => 'firewall', 50 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 51 'message' => 'Access denied by firewall.', 52 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 49 'type' => 'firewall', 50 'firewall_id' => $firewall_id, 51 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 52 'message' => 'Access denied by firewall.', 53 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 53 54 ), 54 55 $log, -
defend-wp-firewall/trunk/functions/plugins-manager-functions.php
r3160264 r3238410 7 7 class Defend_WP_Firewall_Plugins_Manager_Functions { 8 8 9 public function check_and_deactivate( $firewall_rules ) { 10 $firewall_rules = $this->filter_by_deactivate_plugin( $firewall_rules ); 11 if ( empty( $firewall_rules ) ) { 9 private $deactivate_plugin_rules = array(); 10 11 public function defend_wp_firewall_deactivate_plugin( $rule ) { 12 if ( ! empty( $this->deactivate_plugin_rules[ $rule['slug'] ] ) ) { 13 return; 14 } 15 if ( ! empty( $rule['options']['deactivate_plugin'] ) ) { 16 $this->deactivate_plugin_rules[ $rule['slug'] ] = $rule['options']['deactivate_plugin']; 17 $this->deactivate_plugin_rules[ $rule['slug'] ]['id'] = $rule['id']; 18 } 19 } 20 21 public function check_and_deactivate() { 22 if ( empty( $this->deactivate_plugin_rules ) ) { 12 23 return; 13 24 } … … 16 27 } 17 28 $active_plugins = get_option( 'active_plugins' ); 18 foreach ( $ firewall_rules as $slug => $value ) {29 foreach ( $this->deactivate_plugin_rules as $slug => $value ) { 19 30 if ( empty( $value['versions'] ) ) { 20 31 continue; … … 38 49 } 39 50 40 private function filter_by_deactivate_plugin( $firewall_rules ) {41 $return_array = array();42 43 foreach ( $firewall_rules as $rule_key => $value ) {44 if ( ! empty( $value['options']['deactivate_plugin'] ) ) {45 $return_array[ $value['slug'] ] = $value['options']['deactivate_plugin'];46 $return_array[ $value['slug'] ]['id'] = $value['id'];47 }48 }49 return $return_array;50 }51 52 51 private function deactivate_plugin( $slug, $firewall_id ) { 53 52 global $defend_wp_firewall_is_ALL_whitelisted_globally; 54 $duplicate = $defend_wp_firewall_is_ALL_whitelisted_globally;53 $duplicate = $defend_wp_firewall_is_ALL_whitelisted_globally; 55 54 $defend_wp_firewall_is_ALL_whitelisted_globally = 'yes'; 56 55 defend_wp_firewall_die( -
defend-wp-firewall/trunk/functions/post-manager-functions.php
r3160264 r3238410 9 9 private $firewall_obj; 10 10 private $dfwp_wp_delete_post_firewall_rules = array(); 11 private $get_post_metadata = array(); 11 12 12 13 public function __construct() { … … 23 24 $this->dfwp_wp_delete_post_firewall_rules[ $dfwp_firewall_rule['id'] ] = $dfwp_firewall_rule; 24 25 } 26 } 27 } 28 29 public function wp_post_restrictions( $rule ) { 30 if ( ! empty( $this->get_post_metadata[ $rule['id'] ] ) ) { 31 return; 32 } 33 if ( ! empty( $rule['options']['wp_post_restrictions'] ) && ! empty( $rule['options']['wp_post_restrictions']['get_post_metadata'] ) ) { 34 $this->get_post_metadata[ $rule['id'] ] = $rule['options']['wp_post_restrictions']['get_post_metadata']; 25 35 } 26 36 } … … 61 71 defend_wp_firewall_die( 62 72 array( 63 'type' => 'firewall', 64 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 65 'message' => 'Access denied by firewall.', 66 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 73 'type' => 'firewall', 74 'firewall_id' => $firewall_id, 75 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 76 'message' => 'Access denied by firewall.', 77 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 67 78 ), 68 79 $log, … … 87 98 return false; 88 99 } 100 101 public function get_post_metadata( $meta_value, $object_id, $meta_key, $single, $meta_type ) { 102 if ( empty( $this->get_post_metadata ) ) { 103 return $meta_value; 104 } 105 $matched_rule = array(); 106 foreach ( $this->get_post_metadata as $firewall_id => $meta_rule ) { 107 foreach ( $meta_rule['rules'] as $meta_rule_values ) { 108 $rule = $meta_rule_values['rule']; 109 if ( isset( $rule['key'] ) && $this->firewall_obj->check_rule( $meta_key, $rule, 'key' ) ) { 110 $matched_rule = $meta_rule_values; 111 break; 112 } elseif ( isset( $rule['rule'] ) && $this->firewall_obj->check_rule( $meta_key, $rule ) ) { 113 $matched_rule = $meta_rule_values; 114 break; 115 } 116 } 117 if ( ! empty( $matched_rule ) ) { 118 break; 119 } 120 } 121 if ( empty( $matched_rule ) ) { 122 return $meta_value; 123 } 124 125 $meta_cache = wp_cache_get( $object_id, $meta_type . '_meta' ); 126 127 if ( ! $meta_cache ) { 128 $meta_cache = update_meta_cache( $meta_type, array( $object_id ) ); 129 if ( isset( $meta_cache[ $object_id ] ) ) { 130 $meta_cache = $meta_cache[ $object_id ]; 131 } else { 132 $meta_cache = null; 133 } 134 } 135 136 if ( ! $meta_key ) { 137 return $meta_cache; 138 } 139 140 if ( isset( $meta_cache[ $meta_key ] ) ) { 141 if ( $single ) { 142 $processed_value = $this->run_meta_rule_against_meta_value( $meta_cache[ $meta_key ][0], $matched_rule, $firewall_id ); 143 return maybe_unserialize( $processed_value ); 144 } else { 145 $processed_value = $this->run_meta_rule_against_meta_value( $meta_cache[ $meta_key ], $matched_rule, $firewall_id ); 146 return array_map( 'maybe_unserialize', $processed_value ); 147 } 148 } 149 150 return null; 151 } 152 153 public function run_meta_rule_against_meta_value( $meta_value, $matched_rule, $firewall_id ) { 154 $rule = $matched_rule['rule']; 155 if ( is_array( $meta_value ) ) { 156 foreach ( $meta_value as $request_key => $request_value ) { 157 if ( isset( $rule['key'] ) && $this->firewall_obj->check_rule( $request_value, $rule ) ) { 158 $meta_value[ $request_key ] = $this->process_meta_rule( $matched_rule, $request_value, $request_key, $meta_value, $firewall_id ); 159 } elseif ( ! isset( $rule['key'] ) ) { 160 $meta_value[ $request_key ] = $this->process_meta_rule( $matched_rule, $request_value, $request_key, $meta_value, $firewall_id ); 161 } 162 } 163 } elseif ( is_string( $matched_rule ) ) { 164 return $this->process_meta_rule( $matched_rule, $meta_value, '', $meta_value, $firewall_id ); 165 } 166 167 return $meta_value; 168 } 169 170 private function process_meta_rule( $rule, $request_value, $request_key, $meta_value, $firewall_id ) { 171 if ( ! empty( $rule['do_sanitize'] ) ) { 172 $return_array = $this->firewall_obj->do_sanitize( $request_value, $request_key, $rule['do_sanitize'] ); 173 return $return_array['request_value']; 174 } else { 175 if ( $rule['log'] ) { 176 defend_wp_firewall_die( 177 array( 178 'type' => 'firewall', 179 'firewall_id' => $firewall_id, 180 'title' => 'Get Post Meta (ID #' . ( $firewall_id ) . ')', 181 'message' => 'Access denied by firewall.', 182 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $meta_value ) ), 183 ), 184 true, 185 false, 186 ); 187 } 188 if ( $rule['block'] ) { 189 return ''; 190 } 191 } 192 return $request_value; 193 } 89 194 } -
defend-wp-firewall/trunk/functions/remove-action-filter.php
r3160264 r3238410 7 7 class Defend_WP_Firewall_Remove_Action_Filter_Functions { 8 8 9 10 9 private $action_rules = array(); 10 private $filter_rules = array(); 11 11 12 public function defend_wp_firewall_rules_before_pre_condition_filter($dfwp_firewall_rules){ 13 $this->filter_rules($dfwp_firewall_rules); 14 } 12 public function defend_wp_firewall_remove_action( $rule ) { 13 if ( ! empty( $this->action_rules[ $rule['id'] ] ) ) { 14 return; 15 } 16 if ( ! empty( $rule['options']['remove_action'] ) && ! empty( $rule['options']['remove_action']['always_run'] ) ) { 17 $this->action_rules[ $rule['id'] ] = $rule['options']['remove_action']; 18 } 19 } 15 20 16 private function filter_rules($dfwp_firewall_rules){ 17 foreach ( $dfwp_firewall_rules as $rule_key => $value ) { 18 if ( ! empty( $value['options']['remove_action'] ) && !empty( $value['options']['remove_action']['always_run'] ) ) { 19 $this->action_rules[$value['id']] = $value['options']['remove_action']; 20 } 21 public function defend_wp_firewall_remove_filter( $rule ) { 22 if ( ! empty( $this->filter_rules[ $rule['id'] ] ) ) { 23 return; 24 } 25 if ( ! empty( $rule['options']['remove_filter'] ) && ! empty( $rule['options']['remove_filter']['always_run'] ) ) { 26 $this->filter_rules[ $rule['id'] ] = $rule['options']['remove_filter']; 27 } 28 } 21 29 22 if ( ! empty( $value['options']['remove_filter'] ) && !empty( $value['options']['remove_filter']['always_run'] ) ) { 23 $this->filter_rules[$value['id']] = $value['options']['remove_filter']; 30 public function process_remove_action_filter_rules() { 31 if ( ! empty( $this->action_rules ) ) { 32 foreach ( $this->action_rules as $action ) { 33 $priority = 10; 34 if ( ! empty( $action['priority'] ) ) { 35 $priority = $action['priority']; 36 } 37 if ( is_string( $action['callback'] ) ) { 38 remove_action( $action['hook_name'], $action['callback'], $priority ); 39 } elseif ( is_array( $action['callback'] ) ) { 40 defend_wp_firewall_remove_by_plugin_class( $action['hook_name'], $action['callback']['class'], $action['callback']['func'], true, $priority ); 41 } 24 42 } 25 43 } 26 }27 44 28 public function process_remove_action_filter_rules(){ 29 if (!empty($this->action_rules)) { 30 foreach ($this->action_rules as $action) { 31 $priority = 10; 32 if (!empty($action['priority'])) { 33 $priority = $action['priority']; 34 } 35 if (is_string($action['callback'])) { 36 remove_action($action['hook_name'], $action['callback'], $priority); 37 }elseif (is_array($action['callback'])) { 38 defend_wp_firewall_remove_by_plugin_class($action['hook_name'], $action['callback']['class'], $action['callback']['func'], true, $priority); 39 } 40 } 41 } 42 43 if (!empty($this->filter_rules)) { 44 foreach ($this->filter_rules as $filter) { 45 $priority = 10; 46 if (!empty($filter['priority'])) { 47 $priority = $filter['priority']; 48 } 49 if (is_string($filter['callback'])) { 50 remove_filter($filter['hook_name'], $filter['callback'], $priority); 51 }elseif (is_array($filter['callback'])) { 52 defend_wp_firewall_remove_by_plugin_class($filter['hook_name'], $filter['callback']['class'], $filter['callback']['func'], false, $priority); 53 } 54 } 55 } 56 } 45 if ( ! empty( $this->filter_rules ) ) { 46 foreach ( $this->filter_rules as $filter ) { 47 $priority = 10; 48 if ( ! empty( $filter['priority'] ) ) { 49 $priority = $filter['priority']; 50 } 51 if ( is_string( $filter['callback'] ) ) { 52 remove_filter( $filter['hook_name'], $filter['callback'], $priority ); 53 } elseif ( is_array( $filter['callback'] ) ) { 54 defend_wp_firewall_remove_by_plugin_class( $filter['hook_name'], $filter['callback']['class'], $filter['callback']['func'], false, $priority ); 55 } 56 } 57 } 58 } 57 59 } -
defend-wp-firewall/trunk/functions/run-functions.php
r3160264 r3238410 7 7 class Defend_WP_Firewall_Run_Functions { 8 8 9 private $run_function_matched_rules= array();9 private $run_function_matched_rules = array(); 10 10 11 public function defend_wp_firewall_rules_before_pre_condition_filter($dfwp_firewall_rules){ 12 $this->filter_rules($dfwp_firewall_rules); 13 } 11 public function defend_wp_firewall_run( $rule ) { 12 if ( ! empty( $this->run_function_matched_rules[ $rule['id'] ] ) ) { 13 return; 14 } 15 if ( ! empty( $rule['options']['run'] ) && ! empty( $rule['options']['run']['always_run'] ) ) { 16 $this->run_function_matched_rules[ $rule['id'] ] = $rule; 17 } 18 } 14 19 15 private function filter_rules($dfwp_firewall_rules){ 16 foreach ( $dfwp_firewall_rules as $rule_key => $value ) { 17 if ( ! empty( $value['options']['run'] ) && !empty( $value['options']['run']['always_run'] ) ) { 18 $this->run_function_matched_rules[$value['id']] = $value; 19 } 20 } 21 } 22 23 public function process_always_run_functions(){ 24 $this->run_functions(); 25 } 20 public function process_always_run_functions() { 21 $this->run_functions(); 22 } 26 23 27 24 28 29 if (isset($this->run_function_matched_rules[$firewall_id])) {30 31 25 public function register_run_functions( $dfwp_firewall_rule, $firewall_id ) { 26 if ( isset( $this->run_function_matched_rules[ $firewall_id ] ) ) { 27 return false; 28 } 32 29 33 $this->run_function_matched_rules[$firewall_id] = array(); 34 $this->run_function_matched_rules[$firewall_id] = $dfwp_firewall_rule; 35 30 $this->run_function_matched_rules[ $firewall_id ] = array(); 31 $this->run_function_matched_rules[ $firewall_id ] = $dfwp_firewall_rule; 36 32 } 37 33 38 public function run_functions(){ 39 if (empty($this->run_function_matched_rules)) { 40 return; 41 } 42 43 $registered_functions = array('defend_wp_firewall_plugin_backuply_1_3_4', 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5'); 34 public function run_functions() { 35 if ( empty( $this->run_function_matched_rules ) ) { 36 return; 37 } 38 $registered_functions = array( 'defend_wp_firewall_plugin_backuply_1_3_4', 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5', 'defend_wp_firewall_plugin_the_events_calendar_6_6_4', 'defend_wp_firewall_plugin_watchtowerhq_3_9_6', 'defend_wp_firewall_plugin_really_simple_ssl_9_0_0', 'defend_wp_firewall_plugin_contest_24_0_7' ); 44 39 45 foreach ($this->run_function_matched_rules as $firewall_id => $dfwp_firewall_rule) { 46 if (empty($dfwp_firewall_rule) && empty($dfwp_firewall_rule['options'])) { 47 return false; 48 } 49 if (empty($dfwp_firewall_rule['options']['run'])) { 50 return false; 51 } 52 53 $run_functions = $dfwp_firewall_rule['options']['run']; 54 55 if (empty($run_functions['callback'])) { 56 return false; 57 } 40 $registered_functions = apply_filters( 'defend_wp_firewall_register_run_function', $registered_functions ); 41 foreach ( $this->run_function_matched_rules as $firewall_id => $dfwp_firewall_rule ) { 42 if ( empty( $dfwp_firewall_rule ) && empty( $dfwp_firewall_rule['options'] ) ) { 43 continue; 44 } 45 if ( empty( $dfwp_firewall_rule['options']['run'] ) ) { 46 continue; 47 } 58 48 59 $callback = $run_functions['callback'];49 $run_functions = $dfwp_firewall_rule['options']['run']; 60 50 61 if (!in_array($callback, $registered_functions, true)) {62 return false;63 51 if ( empty( $run_functions['callback'] ) ) { 52 continue; 53 } 64 54 65 if (!function_exists($callback)) { 66 return false; 67 } 55 $callback = $run_functions['callback']; 56 if ( ! in_array( $callback, $registered_functions, true ) ) { 57 continue; 58 } 68 59 69 $args = !empty($run_functions['args'])?$run_functions['args']:array(); 60 if ( ! function_exists( $callback ) ) { 61 continue; 62 } 70 63 71 $args['dfwp_firewall_rule'] = $dfwp_firewall_rule; 72 $args['run_functions'] = $run_functions; 73 call_user_func($callback, $args); 74 } 75 } 64 $args = ! empty( $run_functions['args'] ) ? $run_functions['args'] : array(); 76 65 66 $args['dfwp_firewall_rule'] = $dfwp_firewall_rule; 67 $args['run_functions'] = $run_functions; 68 call_user_func( $callback, $args ); 69 } 70 } 77 71 } -
defend-wp-firewall/trunk/functions/shortcode-functions.php
r3160264 r3238410 15 15 } 16 16 17 public function defend_wp_firewall_rules_before_pre_condition_filter( $dfwp_firewall_rules ) { 18 $this->do_shortcode_rules = $this->filter_rules_by_shortcode_rules( $dfwp_firewall_rules ); 17 public function defend_wp_firewall_shortcode_rules( $rule ) { 18 if ( ! empty( $this->do_shortcode_rules[ $rule['id'] ] ) ) { 19 return; 20 } 21 if ( ! empty( $rule['options']['shortcode_rules'] ) ) { 22 $this->do_shortcode_rules[ $rule['id'] ] = $rule['options']['shortcode_rules']; 23 } 19 24 } 20 25 … … 43 48 44 49 return array(); 45 }46 47 private function filter_rules_by_shortcode_rules( $dfwp_firewall_rules ) {48 $return_array = array();49 foreach ( $dfwp_firewall_rules as $rule_key => $value ) {50 if ( ! empty( $value['options']['shortcode_rules'] ) ) {51 $return_array[] = $value['options']['shortcode_rules'];52 }53 }54 return $return_array;55 50 } 56 51 … … 129 124 defend_wp_firewall_die( 130 125 array( 131 'type' => 'firewall', 132 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 133 'message' => 'Access denied by firewall.', 134 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 126 'type' => 'firewall', 127 'firewall_id' => $firewall_id, 128 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 129 'message' => 'Access denied by firewall.', 130 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 135 131 ), 136 132 $log, … … 153 149 foreach ( $this->do_shortcode_rules as $shortcode_rules ) { 154 150 foreach ( $shortcode_rules as $shortcode_rule ) { 155 if ( $shortcode_rule['tag'] === $tag ) {151 if ( ! empty( $shortcode_rule['tag'] ) && $shortcode_rule['tag'] === $tag ) { 156 152 $result = $this->run_do_shortcode_check( $attr, $shortcode_rule['attr'] ); 157 153 if ( $result === true ) { -
defend-wp-firewall/trunk/functions/user-manager-functions.php
r3160264 r3238410 66 66 defend_wp_firewall_die( 67 67 array( 68 'type' => 'firewall', 69 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 70 'message' => 'Access denied by firewall.', 71 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 68 'type' => 'firewall', 69 'firewall_id' => $firewall_id, 70 'title' => $title . ' (ID #' . ( $firewall_id ) . ')', 71 'message' => 'Access denied by firewall.', 72 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_post_data ) ), 72 73 ), 73 74 $log, -
defend-wp-firewall/trunk/hooks/blocklist-functions.php
r3160264 r3238410 15 15 add_action( 'wp_ajax_remove_single_blocklist_dfwp', array( $this, 'remove_single_blocklist_dfwp' ) ); 16 16 17 add_action( 'admin_enqueue_scripts', array( $this, 'common_enqueue_scripts' ) );18 add_action( 'wp_enqueue_scripts', array( $this, 'common_enqueue_scripts' ) );19 add_action( 'login_enqueue_scripts', array( $this, 'common_enqueue_scripts' ) );17 add_action( 'admin_enqueue_scripts', array( $this, 'common_enqueue_scripts' ), 100000 ); 18 add_action( 'wp_enqueue_scripts', array( $this, 'common_enqueue_scripts' ), 100000 ); 19 add_action( 'login_enqueue_scripts', array( $this, 'common_enqueue_scripts' ), 100000 ); 20 20 21 21 add_action( 'wp_ajax_save_ipify_ip_dfwp', array( $this, 'save_ipify_ip_dfwp' ) ); … … 24 24 25 25 public function init() { 26 $this->reset_ipify_ip(); 26 27 $defend_wp_firewall_blocklist = new Defend_WP_Firewall_Blocklist_Functions(); 27 28 $defend_wp_firewall_blocklist->check_and_block(); … … 29 30 30 31 public function common_enqueue_scripts() { 32 if ( defined( 'DEFEND_WP_FIREWALL_BLOCKED' ) ) { 33 global $wp_scripts; 34 foreach ( $wp_scripts->queue as $script ) { 35 wp_dequeue_script( $script ); 36 wp_deregister_script( $script ); 37 } 38 } 31 39 wp_enqueue_script( DEFEND_WP_FIREWALL_PLUGIN_SLUG . '-blocklist-common', plugin_dir_url( __FILE__ ) . 'js/blocklist-common.js', array( 'jquery' ), DEFEND_WP_FIREWALL_VERSION, false ); 32 40 wp_localize_script( … … 42 50 43 51 public function get_ipify_ip_dfwp() { 44 $cookie_functions_obj = new Defend_WP_Firewall_Cookie_Functions(); 45 $this_ip = $cookie_functions_obj->get_ipify_ip_from_cookie(); 52 $ip_obj = new Defend_WP_Firewall_IP_Address(); 53 $ipify = $ip_obj->get_ipify_ip_dfwp(); 54 $fallback_ip = $ip_obj->get_fallback_ip(); 55 if ( $ipify === $fallback_ip ) { 56 return $ipify; 57 } 58 return false; 59 } 46 60 47 return $this_ip; 61 public function reset_ipify_ip() { 62 $ip_obj = new Defend_WP_Firewall_IP_Address(); 63 $ipify = $ip_obj->get_ipify_ip_dfwp(); 64 $fallback_ip = $ip_obj->get_fallback_ip(); 65 if ( $ipify === $fallback_ip ) { 66 return; 67 } 68 if ( ! empty( $ipify ) ) { 69 $cookie_obj = new Defend_WP_Firewall_Cookie_Functions(); 70 $cookie_obj->delete_ipify_cookie(); 71 } 72 return false; 48 73 } 49 74 -
defend-wp-firewall/trunk/hooks/js/blocklist-common.js
r3160264 r3238410 4 4 return true; 5 5 } 6 try { 7 const ORG_IP_DWP = await fetch("https://api.ipify.org?format=json"); 8 let thisIP = await ORG_IP_DWP.json(); 9 if (typeof thisIP != 'undefined' && thisIP && thisIP.ip) { 10 defend_wp_firewall_save_original_ip_got_from_ipify(thisIP.ip); 11 } 12 } catch (error) { 13 console.error('ipify Error:', error); // Handle errors 14 } 6 15 7 const ORG_IP_DWP = await fetch("https://api.ipify.org?format=json");8 let thisIP = await ORG_IP_DWP.json();9 10 if (typeof thisIP != 'undefined' && thisIP && thisIP.ip) {11 defend_wp_firewall_save_original_ip_got_from_ipify(thisIP.ip);12 }13 16 } 14 17 15 18 function defend_wp_firewall_save_original_ip_got_from_ipify(thisIP) { 16 var data = {19 var data = new URLSearchParams({ 17 20 'action': 'save_ipify_ip_dfwp', 18 21 'security': defend_wp_firewall_common_blocklist_obj.security, 19 22 'ip': thisIP, 20 } ;23 }); 21 24 22 jQuery.post(defend_wp_firewall_common_blocklist_obj.ajaxurl, data, function (response) { 23 24 }); 25 fetch(defend_wp_firewall_common_blocklist_obj.ajaxurl, { 26 method: 'POST', 27 body: data 28 }) 25 29 } 26 30 27 31 defend_wp_firewall_get_org_IP(); 28 29 jQuery(document).ready(function ($) {30 31 }); -
defend-wp-firewall/trunk/hooks/js/nonce.js
r3160264 r3238410 61 61 }); 62 62 63 $(window).load(function () { 64 if (typeof defend_wp_firewall_nonce_obj !== 'undefined' && defend_wp_firewall_nonce_obj.defend_wp_firewall_nonce) { 65 var nonce = defend_wp_firewall_nonce_obj.defend_wp_firewall_nonce; 66 $('form').each(function () { 67 if (!$(this).hasClass('defend_wp_firewall_nonce')) { 68 $(this).append('<input class="defend_wp_firewall_nonce" type="hidden" name="defend_wp_firewall_nonce" value="' + nonce + '">'); 69 } 70 }); 71 } 72 }); 73 74 63 75 64 76 })(jQuery); -
defend-wp-firewall/trunk/hooks/plugins-manager-functions.php
r3160264 r3238410 13 13 14 14 public function define_hooks() { 15 add_filter( 'defend_wp_firewall_rules_before_pre_condition_filter', array( $this->plugins_manager, 'check_and_deactivate' ), 10, 5 ); 15 add_action( 'defend_wp_firewall_deactivate_plugin', array( $this->plugins_manager, 'defend_wp_firewall_deactivate_plugin' ), 10, 5 ); 16 add_action( 'defend_wp_firewall_after_firewall_run', array( $this->plugins_manager, 'check_and_deactivate' ), 10 ); 16 17 } 17 18 } -
defend-wp-firewall/trunk/hooks/post-manager-functions.php
r3160264 r3238410 15 15 add_filter( 'pre_delete_post', array( $this->post_manager, 'pre_delete_post' ), 10, 3 ); 16 16 add_action( 'defend_wp_firewall_matched_rule_action', array( $this->post_manager, 'defend_wp_matched_rules' ), 10, 5 ); 17 add_filter( 'get_post_metadata', array( $this->post_manager, 'get_post_metadata' ), 10, 5 ); 18 add_action( 'defend_wp_firewall_wp_post_restrictions', array( $this->post_manager, 'wp_post_restrictions' ), 10 ); 17 19 } 18 20 } -
defend-wp-firewall/trunk/hooks/remove-action-filter.php
r3160264 r3238410 6 6 7 7 class Defend_WP_Firewall_Remove_Action_Filter_Functions_Hooks { 8 8 private $remove_action_filter_manager; 9 9 10 10 public function __construct() { 11 11 $this->remove_action_filter_manager = new Defend_WP_Firewall_Remove_Action_Filter_Functions(); 12 12 } 13 13 14 public function define_hooks() { 15 add_action( 'defend_wp_firewall_rules_before_pre_condition_filter', array( $this->remove_action_filter_manager, 'defend_wp_firewall_rules_before_pre_condition_filter' ), 10, 5 ); 14 public function define_hooks() { 15 add_action( 'defend_wp_firewall_remove_action', array( $this->remove_action_filter_manager, 'defend_wp_firewall_remove_action' ), 10, 5 ); 16 add_action( 'defend_wp_firewall_remove_filter', array( $this->remove_action_filter_manager, 'defend_wp_firewall_remove_filter' ), 10, 5 ); 16 17 17 add_action('init', array($this->remove_action_filter_manager, 'process_remove_action_filter_rules') );18 add_action( 'init', array( $this->remove_action_filter_manager, 'process_remove_action_filter_rules' ) ); 18 19 } 19 20 } -
defend-wp-firewall/trunk/hooks/run-functions.php
r3160264 r3238410 6 6 7 7 class Defend_WP_Firewall_Run_Functions_Hooks { 8 8 private $run_functions_manager; 9 9 10 10 public function __construct() { 11 11 $this->run_functions_manager = new Defend_WP_Firewall_Run_Functions(); 12 12 } 13 13 14 public function define_hooks(){15 add_action( 'defend_wp_firewall_rules_before_pre_condition_filter', array( $this->run_functions_manager, 'defend_wp_firewall_rules_before_pre_condition_filter' ), 10, 5 );14 public function define_hooks() { 15 add_action( 'defend_wp_firewall_run', array( $this->run_functions_manager, 'defend_wp_firewall_run' ), 10, 5 ); 16 16 17 add_action('init', array($this->run_functions_manager, 'process_always_run_functions') );17 add_action( 'init', array( $this->run_functions_manager, 'process_always_run_functions' ) ); 18 18 19 19 add_action( 'defend_wp_firewall_matched_rule_action', array( $this->run_functions_manager, 'register_run_functions' ), 10, 2 ); 20 20 add_action( 'defend_wp_firewall_after_firewall_run', array( $this->run_functions_manager, 'run_functions' ), 10 ); 21 } 22 21 } 23 22 } -
defend-wp-firewall/trunk/hooks/shortcode-functions.php
r3160264 r3238410 15 15 add_filter( 'defend_wp_firewall_matched_rule', array( $this->shortcode, 'defend_wp_firewall_matched_rule' ), 10, 5 ); 16 16 add_filter( 'pre_do_shortcode_tag', array( $this->shortcode, 'pre_do_shortcode_tag' ), 10, 4 ); 17 add_ filter( 'defend_wp_firewall_rules_before_pre_condition_filter', array( $this->shortcode, 'defend_wp_firewall_rules_before_pre_condition_filter' ), 10, 5 );17 add_action( 'defend_wp_firewall_shortcode_rules', array( $this->shortcode, 'defend_wp_firewall_shortcode_rules' ), 10, 5 ); 18 18 } 19 19 } -
defend-wp-firewall/trunk/includes/class-defend-wp-firewall-logs.php
r3160264 r3238410 84 84 85 85 $result = $this->wpdb->insert( $this->logs_table_name, $sanitized_data ); 86 do_action( 'defend_wp_firewall_after_saving_log', $sanitized_data, $this->wpdb->insert_id ); 86 87 87 88 if ( $result === false ) { … … 99 100 if ( ! empty( $block_type ) ) { 100 101 101 return get_all_logs_by_type( $block_type );102 return $this->get_all_logs_by_type( $block_type ); 102 103 } 103 104 -
defend-wp-firewall/trunk/includes/class-defend-wp-firewall-options.php
r3160264 r3238410 25 25 if ( $sanitize ) { 26 26 $name = sanitize_text_field( $name ); 27 $value = sanitize_text_field( $value ); 27 $value = $this->sanitize_input( $value ); 28 } 29 30 if ( is_array( $value ) ) { 31 $value = json_encode( $value ); 28 32 } 29 33 … … 38 42 } 39 43 return $result; 44 } 45 46 private function sanitize_input( $input ) { 47 if ( is_array( $input ) ) { 48 // If input is an array, sanitize each element 49 return array_map( 'sanitize_text_field', $input ); 50 } else { 51 // If input is a string, sanitize the string 52 return sanitize_text_field( $input ); 53 } 40 54 } 41 55 -
defend-wp-firewall/trunk/includes/class-defend-wp-firewall.php
r3160264 r3238410 63 63 $this->plugin_admin->init(); 64 64 65 $this->plugin_update = new Defend_WP_Firewall_Update(); 66 $this->plugin_update->init(); 67 65 68 do_action( 'defend_wp_firewall_pre_functions_load' ); 66 69 … … 78 81 require_once plugin_dir_path( __DIR__ ) . 'includes/defend-wp-firewall-custom-functions.php'; 79 82 require_once plugin_dir_path( __DIR__ ) . 'includes/class-defend-wp-firewall-logs.php'; 83 require_once plugin_dir_path( __DIR__ ) . 'includes/class-defend-wp-firewall-ip-address.php'; 84 require_once plugin_dir_path( __DIR__ ) . 'includes/class-defend-wp-firewall-anonymous.php'; 80 85 require_once plugin_dir_path( __DIR__ ) . 'functions/base-functions.php'; 81 86 require_once plugin_dir_path( __DIR__ ) . 'functions/cookie-functions.php'; … … 101 106 require_once plugin_dir_path( __DIR__ ) . 'hooks/login-functions.php'; 102 107 require_once plugin_dir_path( __DIR__ ) . 'functions/login-functions.php'; 103 108 require_once plugin_dir_path( __DIR__ ) . 'hooks/remove-action-filter.php'; 104 109 require_once plugin_dir_path( __DIR__ ) . 'functions/remove-action-filter.php'; 105 110 require_once plugin_dir_path( __DIR__ ) . 'hooks/run-functions.php'; 106 111 require_once plugin_dir_path( __DIR__ ) . 'functions/run-functions.php'; 107 112 … … 109 114 require_once plugin_dir_path( __DIR__ ) . 'admin/class-defend-wp-firewall-settings.php'; 110 115 require_once plugin_dir_path( __DIR__ ) . 'admin/class-defend-wp-firewall-service.php'; 116 require_once plugin_dir_path( __DIR__ ) . 'admin/class-defend-wp-firewall-update.php'; 111 117 112 118 if ( defined( 'DEFEND_WP_FIREWALL_TESTING' ) && DEFEND_WP_FIREWALL_TESTING ) { … … 152 158 $defend_functions->define_hooks(); 153 159 154 160 $defend_functions = new Defend_WP_Firewall_Remove_Action_Filter_Functions_Hooks(); 155 161 $defend_functions->define_hooks(); 156 162 157 163 $defend_functions = new Defend_WP_Firewall_Run_Functions_Hooks(); 158 164 $defend_functions->define_hooks(); 159 165 166 new Defend_WP_Firewall_Anonymous(); 160 167 161 168 if ( is_admin() ) { -
defend-wp-firewall/trunk/includes/defend-wp-firewall-custom-functions.php
r3160264 r3238410 1 1 <?php 2 2 3 function defend_wp_firewall_plugin_backuply_1_3_4( $args){4 if (empty($_POST['options'])) {5 6 7 $options= $_POST['options'];8 $keys = array_keys($options);9 $field_prefix = $options[$keys[0]];10 11 $possible_fields = ['option', 'meta'];12 13 14 if (!in_array($field_prefix, $possible_fields, true)){15 16 $firewall_id= $dfwp_firewall_rule['id'];17 $matched_rule_data= 'defend_wp_firewall_plugin_backuply_1_3_4';18 $run_functions= $args['run_functions'];3 function defend_wp_firewall_plugin_backuply_1_3_4( $args ) { 4 if ( empty( $_POST['options'] ) ) { 5 return; 6 } 7 $options = $_POST['options']; 8 $keys = array_keys( $options ); 9 $field_prefix = $options[ $keys[0] ]; 10 11 $possible_fields = array( 'option', 'meta' ); 12 13 // We make sure here that we do not process any unwanted data. 14 if ( ! in_array( $field_prefix, $possible_fields, true ) ) { 15 $dfwp_firewall_rule = $args['dfwp_firewall_rule']; 16 $firewall_id = $dfwp_firewall_rule['id']; 17 $matched_rule_data = 'defend_wp_firewall_plugin_backuply_1_3_4'; 18 $run_functions = $args['run_functions']; 19 19 20 20 defend_wp_firewall_die( 21 21 array( 22 'type' => 'firewall', 23 'title' => 'Firewall function block (ID #' . ( $firewall_id ) . ')', 24 'message' => 'Access denied by firewall.', 25 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 22 'type' => 'firewall', 23 'firewall_id' => $firewall_id, 24 'title' => 'Firewall function block (ID #' . ( $firewall_id ) . ')', 25 'message' => 'Access denied by firewall.', 26 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 26 27 ), 27 28 $run_functions['log'], … … 31 32 } 32 33 33 function defend_wp_firewall_plugin_wp_easy_gallery_4_8_5( $args){34 if (empty($_POST['edit_imageId'])) {35 36 34 function defend_wp_firewall_plugin_wp_easy_gallery_4_8_5( $args ) { 35 if ( empty( $_POST['edit_imageId'] ) ) { 36 return; 37 } 37 38 38 $dfwp_firewall_rule = $args['dfwp_firewall_rule']; 39 $firewall_id = $dfwp_firewall_rule['id']; 40 $matched_rule_data = 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5'; 41 $run_functions = $args['run_functions']; 42 43 foreach ($_POST['edit_imageId'] as $key => $editImageId) { 44 $fixed_value = intval($editImageId); 45 $_POST['edit_imageId'][$key] = $fixed_value; 39 $dfwp_firewall_rule = $args['dfwp_firewall_rule']; 40 $firewall_id = $dfwp_firewall_rule['id']; 41 $matched_rule_data = 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5'; 42 $run_functions = $args['run_functions']; 46 43 47 if ($fixed_value !== $editImageId) { 48 defend_wp_firewall_die( 49 array( 50 'type' => 'firewall', 51 'title' => 'Firewall function sanitize (ID #' . ( $firewall_id ) . ')', 52 'message' => 'Access denied by firewall.', 53 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 54 ), 55 $run_functions['log'], 56 $run_functions['block'], 57 ); 58 } 59 } 44 foreach ( $_POST['edit_imageId'] as $key => $editImageId ) { 45 $fixed_value = intval( $editImageId ); 46 $_POST['edit_imageId'][ $key ] = $fixed_value; 47 48 if ( $fixed_value !== $editImageId ) { 49 defend_wp_firewall_die( 50 array( 51 'type' => 'firewall', 52 'firewall_id' => $firewall_id, 53 'title' => 'Firewall function sanitize (ID #' . ( $firewall_id ) . ')', 54 'message' => 'Access denied by firewall.', 55 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 56 ), 57 $run_functions['log'], 58 $run_functions['block'], 59 ); 60 } 61 } 60 62 } 61 63 62 function defend_wp_firewall_plugin_the_events_calendar_6_6_4( $args){63 64 65 64 function defend_wp_firewall_plugin_the_events_calendar_6_6_4( $args ) { 65 global $defend_wp_firewall_events_calendar_6_6_4; 66 $defend_wp_firewall_events_calendar_6_6_4 = $args; 67 add_filter( 'posts_orderby', 'defend_wp_firewall_plugin_the_events_calendar_6_6_4_filter', 100, 2 ); 66 68 } 67 69 68 function defend_wp_firewall_plugin_the_events_calendar_6_6_4_filter($posts_orderby, $query){ 69 if ( ! is_string( $posts_orderby ) || trim( $posts_orderby ) === '' ) { 70 return $posts_orderby; 71 } 72 global $defend_wp_firewall_events_calendar_6_6_4; 73 $redirected_orderbys = ''; 74 $orderbys = explode( ',', $posts_orderby ); 75 foreach ( $orderbys as $orderby_frag ) { 76 // Fast-track the `rand` order, no need to redirect anything. 77 if ( stripos( $orderby_frag, 'rand' ) === 0 ) { 78 $redirected_orderbys .= $orderby_frag; 79 continue; 80 } 70 function defend_wp_firewall_plugin_the_events_calendar_6_6_4_filter( $posts_orderby, $query ) { 71 if ( ! is_string( $posts_orderby ) || trim( $posts_orderby ) === '' ) { 72 return $posts_orderby; 73 } 74 global $defend_wp_firewall_events_calendar_6_6_4; 75 $redirected_orderbys = ''; 76 $orderbys = explode( ',', $posts_orderby ); 77 foreach ( $orderbys as $orderby_frag ) { 78 // Fast-track the `rand` order, no need to redirect anything. 79 if ( stripos( $orderby_frag, 'rand' ) === 0 ) { 80 $redirected_orderbys .= $orderby_frag; 81 continue; 82 } 83 // Each `ORDER BY` entry could specify an order (DESC|ASC) or not. 84 if ( preg_match( '~\s*(?<orderby>[^\s]+]?)\s+(?<order>.+)$~i', $orderby_frag, $m ) ) { 85 $orderby = trim( $m['orderby'] ); 86 $order = strtoupper( trim( $orderby ) ); 87 if ( defend_wp_firewall_detect_sql_injection( $order ) && ! in_array( $order, array( 'DESC', 'ASC' ), true ) ) { 88 $dfwp_firewall_rule = $defend_wp_firewall_events_calendar_6_6_4['dfwp_firewall_rule']; 89 $firewall_id = $dfwp_firewall_rule['id']; 90 $matched_rule_data = 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5'; 91 $run_functions = $defend_wp_firewall_events_calendar_6_6_4['run_functions']; 92 defend_wp_firewall_die( 93 array( 94 'type' => 'firewall', 95 'firewall_id' => $firewall_id, 96 'title' => 'Firewall function block (ID #' . ( $firewall_id ) . ')', 97 'message' => 'Access denied by firewall.', 98 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 99 ), 100 $run_functions['log'], 101 $run_functions['block'], 102 ); 103 } 104 } 81 105 82 // Each `ORDER BY` entry could specify an order (DESC|ASC) or not. 83 if ( preg_match( '~\s*(?<orderby>[^\s]+]?)\s+(?<order>.+)$~i', $orderby_frag, $m ) ) { 84 $orderby = trim( $m['orderby'] ); 85 $order = strtoupper( trim( $orderby ) ); 86 if (!in_array($order, array('DESC', 'ASC'), true)) { 87 $dfwp_firewall_rule = $defend_wp_firewall_events_calendar_6_6_4['dfwp_firewall_rule']; 88 $firewall_id = $dfwp_firewall_rule['id']; 89 $matched_rule_data = 'defend_wp_firewall_plugin_wp_easy_gallery_4_8_5'; 90 $run_functions = $defend_wp_firewall_events_calendar_6_6_4['run_functions']; 91 defend_wp_firewall_die( 92 array( 93 'type' => 'firewall', 94 'title' => 'Firewall function block (ID #' . ( $firewall_id ) . ')', 95 'message' => 'Access denied by firewall.', 96 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 97 ), 98 $run_functions['log'], 99 $run_functions['block'], 100 ); 101 } 102 } 106 return $posts_orderby; 107 } 103 108 104 return $posts_orderby;105 109 return $redirected_orderbys; 110 } 106 111 107 return $redirected_orderbys; 112 function defend_wp_firewall_plugin_watchtowerhq_3_9_6( $args ) { 113 if ( isset( $_GET['wht_login'] ) && empty( $_GET['access_token'] ) ) { 114 $dfwp_firewall_rule = $args['dfwp_firewall_rule']; 115 $firewall_id = $dfwp_firewall_rule['id']; 116 $matched_rule_data = 'defend_wp_firewall_plugin_watchtowerhq_3_9_6'; 117 $run_functions = $args['run_functions']; 118 defend_wp_firewall_die( 119 array( 120 'type' => 'firewall', 121 'firewall_id' => $firewall_id, 122 'title' => 'Firewall function sanitize (ID #' . ( $firewall_id ) . ')', 123 'message' => 'Access denied by firewall.', 124 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 125 ), 126 $run_functions['log'], 127 $run_functions['block'], 128 ); 129 } 108 130 } 131 132 function defend_wp_firewall_plugin_really_simple_ssl_9_0_0( $args ) { 133 $dfwp_firewall_rule = $args['dfwp_firewall_rule']; 134 $firewall_id = $dfwp_firewall_rule['id']; 135 $matched_rule_data = 'defend_wp_firewall_plugin_really_simple_ssl_9_0_0'; 136 $run_functions = $args['run_functions']; 137 138 if ( ! empty( $_POST['user_id'] ) && ! empty( $_POST['login_nonce'] ) ) { 139 $user_id = intval( sanitize_text_field( $_POST['user_id'] ) ); 140 $nonce = $_POST['login_nonce']; 141 $login_nonce = get_user_meta( $user_id, '_rsssl_two_factor_nonce', true ); 142 $return = true; 143 if ( ! $login_nonce || empty( $login_nonce['rsssl_key'] ) || empty( $login_nonce['rsssl_expiration'] ) ) { 144 $return = false; 145 } 146 147 if ( $return ) { 148 $unverified_nonce = array( 149 'rsssl_user_id' => $user_id, 150 'rsssl_expiration' => $login_nonce['rsssl_expiration'], 151 'rsssl_key' => $nonce, 152 ); 153 154 $message = wp_json_encode( $unverified_nonce ); 155 156 if ( ! $message ) { 157 $return = false; 158 } else { 159 160 $unverified_hash = wp_hash( $message, 'nonce' ); 161 162 $hashes_match = $unverified_hash && hash_equals( $login_nonce['rsssl_key'], $unverified_hash ); 163 164 if ( $hashes_match && time() < $login_nonce['rsssl_expiration'] ) { 165 return true; 166 } 167 } 168 } 169 170 defend_wp_firewall_die( 171 array( 172 'type' => 'firewall', 173 'firewall_id' => $firewall_id, 174 'title' => 'Firewall function sanitize (ID #' . ( $firewall_id ) . ')', 175 'message' => 'Access denied by firewall.', 176 'extra' => array( 'more_details' => array( 'FIREWALL_MATCH' => $matched_rule_data ) ), 177 ), 178 $run_functions['log'], 179 $run_functions['block'], 180 ); 181 } 182 } 183 184 function defend_wp_firewall_plugin_contest_24_0_7( $args ) { 185 $_REQUEST['cgLostPasswordSiteUrl'] = wp_get_referer(); 186 } -
defend-wp-firewall/trunk/includes/defend-wp-firewall-generic-functions.php
r3160264 r3238410 284 284 if ( $block ) { 285 285 286 define( 'DEFEND_WP_FIREWALL_BLOCKED', true ); 287 286 288 if ( ! defined( 'DONOTCACHEPAGE' ) ) { 287 289 define( 'DONOTCACHEPAGE', true ); … … 374 376 375 377 function defend_wp_firewall_get_remote_address() { 376 $cookie_functions_obj = new Defend_WP_Firewall_Cookie_Functions(); 377 $this_ip = $cookie_functions_obj->get_ipify_ip_from_cookie(); 378 379 if ( ! empty( $this_ip ) ) { 380 381 // defend_wp_firewall_log($this_ip, '--------this_ip---defend_wp_firewall_get_remote_address---'); 382 383 return $this_ip; 384 } 385 386 if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { 387 $req_ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ); 388 if ( stripos( $req_ip, ',' ) !== false ) { 389 $req_ip = explode( ',', $req_ip )[0]; 390 } 391 return sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ); 392 } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { 393 return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); 394 } 395 396 return ''; 378 $ip_obj = new Defend_WP_Firewall_IP_Address(); 379 380 return $ip_obj->get_ip(); 397 381 } 398 382 … … 409 393 } 410 394 $decoded_data = json_decode( ( $json_string ), true ); 411 $json_error = json_last_error(); 412 if ( $decoded_data === null || $json_error !== JSON_ERROR_NONE || !is_array($decoded_data) ) { 395 if ( empty( $decoded_data ) ) { 396 $decoded_data = json_decode( wp_unslash( $json_string ), true ); 397 } 398 $json_error = json_last_error(); 399 if ( $decoded_data === null || $json_error !== JSON_ERROR_NONE || ! is_array( $decoded_data ) ) { 413 400 return false; 414 401 } else { … … 422 409 } 423 410 $decode_data = base64_decode( $data, true ); 424 if ( preg_match('/^[\x20-\x7E]+$/', $decode_data) && $decode_data !== false && wp_json_encode( $decode_data ) && base64_encode( $decode_data ) === $data && preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $data) ) {411 if ( preg_match( '/^[\x20-\x7E]+$/', $decode_data ) && $decode_data !== false && wp_json_encode( $decode_data ) && base64_encode( $decode_data ) === $data && preg_match( '/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $data ) ) { 425 412 return $decode_data; 426 413 } … … 600 587 601 588 602 function defend_wp_firewall_remove_by_plugin_class($tag, $class_name, $functionName, $isAction = false, $priority = 10) { 603 if (!class_exists($class_name)) { 604 return null; 605 } 606 607 global $wp_filter; 608 609 if (empty($wp_filter[$tag][$priority])) { 610 return null; 611 } 612 613 foreach ($wp_filter[$tag][$priority] as $callable) { 614 if (empty($callable['function']) || !is_array($callable['function']) || count($callable['function']) < 2) { 615 continue; 616 } 617 618 if (!is_a($callable['function'][0], $class_name)) { 619 continue; 620 } 621 622 if ($callable['function'][1] !== $functionName) { 623 continue; 624 } 625 626 if ($isAction) { 627 remove_action($tag, $callable['function'], $priority); 628 } else { 629 remove_filter($tag, $callable['function'], $priority); 630 } 631 632 return $callable['function']; 633 } 634 635 return null; 636 } 589 function defend_wp_firewall_remove_by_plugin_class( $tag, $class_name, $functionName, $isAction = false, $priority = 10 ) { 590 if ( ! class_exists( $class_name ) ) { 591 return null; 592 } 593 594 global $wp_filter; 595 596 if ( empty( $wp_filter[ $tag ][ $priority ] ) ) { 597 return null; 598 } 599 600 foreach ( $wp_filter[ $tag ][ $priority ] as $callable ) { 601 if ( empty( $callable['function'] ) || ! is_array( $callable['function'] ) || count( $callable['function'] ) < 2 ) { 602 continue; 603 } 604 605 if ( ! is_a( $callable['function'][0], $class_name ) ) { 606 continue; 607 } 608 609 if ( $callable['function'][1] !== $functionName ) { 610 continue; 611 } 612 613 if ( $isAction ) { 614 remove_action( $tag, $callable['function'], $priority ); 615 } else { 616 remove_filter( $tag, $callable['function'], $priority ); 617 } 618 619 return $callable['function']; 620 } 621 622 return null; 623 } 624 625 function defend_wp_sanitize_file_name( $filename ) { 626 $filename = remove_accents( $filename ); 627 $special_chars = array( '?', '[', ']', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) ); 628 // Check for support for utf8 in the installed PCRE library once and store the result in a static. 629 static $utf8_pcre = null; 630 if ( ! isset( $utf8_pcre ) ) { 631 // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged 632 $utf8_pcre = @preg_match( '/^./u', 'a' ); 633 } 634 if ( ! seems_utf8( $filename ) ) { 635 $_ext = pathinfo( $filename, PATHINFO_EXTENSION ); 636 $_name = pathinfo( $filename, PATHINFO_FILENAME ); 637 $filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext; 638 } 639 if ( $utf8_pcre ) { 640 $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); 641 } 642 $filename = str_replace( $special_chars, '', $filename ); 643 $filename = str_replace( array( '%20', '+' ), '-', $filename ); 644 $filename = preg_replace( '/\.{2,}/', '.', $filename ); 645 $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); 646 $filename = preg_replace( '/\/\.+/i', '', $filename ); 647 $filename = preg_replace( '/(\/\/)+/i', '', $filename ); 648 $filename = trim( $filename, '.-_' ); 649 return $filename; 650 } 651 652 653 function defend_wp_firewall_delete_not_allowed_shortcodes( $content, $allowed_shortcodes = array() ) { 654 if ( empty( $allowed_shortcodes ) ) { 655 return $content; 656 } 657 $matches = array(); 658 preg_match_all( 659 '/' . get_shortcode_regex() . '/', 660 $content, 661 $matches, 662 PREG_SET_ORDER 663 ); 664 665 $all_shortcodes = array(); 666 foreach ( $matches as $shortcode ) { 667 $all_shortcodes[] = $shortcode[2]; 668 } 669 670 $not_allowed_shortcodes = array_diff( $all_shortcodes, $allowed_shortcodes ); 671 672 $pattern = get_shortcode_regex( $not_allowed_shortcodes ); 673 674 $content = preg_replace_callback( '/' . $pattern . '/s', 'strip_shortcode_tag', $content ); 675 676 return $content; 677 } 678 679 function defend_wp_firewall_collect_urls() { 680 return array( 681 'url' => site_url(), 682 'home_url' => home_url(), 683 ); 684 } -
defend-wp-firewall/trunk/includes/view/block-access.php
r3160264 r3238410 14 14 <meta http-equiv="X-UA-Compatible" content="ie=edge"> 15 15 <title>Access denied by DefendWP</title> 16 <?php wp_head(); ?> 16 17 </head> 17 18 … … 36 37 </main> 37 38 <div class="footer" style="text-align: center;max-width: 580px;margin: 20px auto 0;font-size: 14px;"> 38 <div class="dwp-branding">This website is protected by<br><a href="https://defendwp. com/" target="_blank"39 <div class="dwp-branding">This website is protected by<br><a href="https://defendwp.org/" target="_blank" 39 40 class="link" style='background-image: url("<?php echo esc_url( DEFEND_WP_FIREWALL_PLUGIN_URL . 'assets/icon.svg' ); ?>");width: 120px;height: 16px;display: block;margin: 5px auto 0;'></a></div> 40 41 </body> -
defend-wp-firewall/trunk/readme.txt
r3160264 r3238410 4 4 Tags: security, vulnerability, malware, performance 5 5 Requires at least: 6.2.0 6 Tested up to: 6. 6.27 Stable tag: 1. 0.06 Tested up to: 6.7.1 7 Stable tag: 1.1.0 8 8 Requires PHP: 8.1 9 9 License: GPLv2 or later … … 45 45 This plugin utilizes the [Ipify.org](https://api.ipify.org?format=json) to provide enhanced functionality. The API allows the plugin to retrieve the exact IP of the current user, which will be used to determine whether the user can access the WordPress site.[Privacy policy](https://ipify.org) 46 46 47 Vulnerabilities, Plugins, and Themes data will be sent between [DefendWP.com](https://defendwp.com) and the WP site to instantly patch from vulnerabilities.47 Vulnerabilities, IPs, Plugins and Themes data will be sent between [DefendWP.org](https://defendwp.org) and the WP site to instantly patch from vulnerabilities. 48 48 49 49 == Installation == … … 103 103 == Changelog == 104 104 105 = 1.1.0 = 106 *Release Date - 11 Feb 2025* 107 108 Improvement: Support for DefendWP Pro v.2.0.0 plugin. 109 105 110 = 1.0.0 = 106 111 *Release Date - 30 Sep 2024* -
defend-wp-firewall/trunk/uninstall.php
r3160264 r3238410 22 22 $result = $wpdb->query( $wpdb->prepare( 'DROP TABLE IF EXISTS %i;', $table_name ) ); 23 23 } 24 25 $timestamp = wp_next_scheduled( 'defend_wp_firewall_cron_hook' ); 26 if ( $timestamp ) { 27 wp_unschedule_event( $timestamp, 'defend_wp_firewall_cron_hook' ); 28 } 29 wp_clear_scheduled_hook( 'defend_wp_firewall_daily_auto_update' );
Note: See TracChangeset
for help on using the changeset viewer.