Changeset 3334399

Timestamp:

07/26/2025 12:33:24 AM (7 months ago)

Author:

bitslip6

Message:

checkin resolution for CVE-2025-6722

Location:

bitfire/trunk

Files:

• bitfire-admin.php (modified) (1 diff)
• bitfire-plugin.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• src/api.php (modified) (8 diffs)
• src/bitfire.php (modified) (2 diffs)
• src/botfilter.php (modified) (2 diffs)
• src/dashboard.php (modified) (11 diffs)
• src/server.php (modified) (20 diffs)
• src/util.php (modified) (10 diffs)
• src/webfilter.php (modified) (2 diffs)
• startup.php (modified) (1 diff)
• uninstall.php (modified) (2 diffs)
• views/traffic.html (modified) (1 diff)
• views/wizard.html (modified) (1 diff)

bitfire/trunk/bitfire-admin.php

@@ -17 +17 @@
 use const BitFire\FILE_W;
 use const BitFire\INFO;
-use const BitFire\WAF_INI;
 use const BitFire\WAF_ROOT;
 use const BitFire\WAF_SRC;

bitfire/trunk/bitfire-plugin.php

@@ -24 +24 @@
  * Description:       Only RASP firewall for WordPress. Stop malware, redirects, back-doors and account takeover. 100% bot blocking, backups, malware cleaner.
  * Description:       Only RASP firewall for WordPress. Stop malware, redirects, back-doors and account takeover. 100% bot blocking, backups, malware cleaner.
- * Version:           4.5
+ * Version:           4.6
  * Author:            BitFire.co
  * License:           AGPL-3.0+

bitfire/trunk/readme.txt

@@ -5 +5 @@
 Tags: security, firewall, malware scanner, waf, activity log
 Requires at least: 5.0.0
-Tested up to: 6.7.2
-Stable tag: 4.5.0
+Tested up to: 6.8.2
+Stable tag: 4.6.0
 Requires PHP: 7.4
 License: AGPLv3 or later
@@ -220 +220 @@
 
 == Changelog ==
+
+= 4.6 =
+ * Address a potential information disclosure issue on miss-configured web servers with WordPress core file changes. Early July WordFence
+   issued CVE-2025-6722 for BitFire. The WordFence team expressed concern that web servers with directory listings enabled 
+    (a miss-configuration present on <1% of servers globally) AND had also deleted the WordPress core file wp-content/plugins/index.php
+    could expose a hidden directory containing filtered web log data for BitFire and firewall configuration settings. While this exact
+    setup requires multiple security misconfigurations to be present on an affected system - WordPress requested the plugin be
+    removed from the official WordPress plugin repository. After several weeks of discussion about possible resolutions the following
+    changes were accepted as mitigation. The upgrade will apply these changes automatically:
+    1. The configuration and log data was moved from /wp-content/plugins/bitfire_RANDOM to /wp-content/uploads/bitfire_RANDOM per the WordPress team
+    2. The length of the random directory name was increased from 10 characters to 12 characters.
+    3. A third method of protection was added with a .htaccess file to restrict access for web servers that support .htaccess files.
+    4. A new check was added to ensure that the file wp-content/uploads/index.php is always present to prevent directory listings
+       that could expose the path to this hidden directory.
 
 = 4.5 =

bitfire/trunk/src/api.php

@@ -52 +52 @@
 use function ThreadFin\HTTP\httpp;
 use function ThreadFin\icontains;
+use function ThreadFin\make_config_loader;
 use function ThreadFin\trace;
 use function ThreadFin\ƒ_id;
@@ -541 +542 @@
     $name = $request->post["param"];
 
+    $config_file = make_config_loader()->run()->read_out();
+
     // remove all lines with $name[]
-    $file_no_array = FileData::new(WAF_INI)->read()->filter(function($line) use ($name) {
+    $file_no_array = FileData::new($config_file)->read()->filter(function($line) use ($name) {
         return ! contains($line, "{$name}[]");
     });
@@ -556 +559 @@
 
     // write the new file
-    $effect->file(new FileMod(WAF_INI, join("", $file_no_array->lines)));
+    $effect->file(new FileMod($config_file, join("", $file_no_array->lines)));
 
     // remove the old cache entry and force a new parse
@@ -719 +722 @@
     file_recurse(\BitFire\WAF_ROOT."data/bitfire-{$v}", function (string $x) use ($v) {
         $base = basename($x);
-        if (is_file($x) && $base != "config.ini") {
+        if (is_file($x) && ends_with($x, "config.ini")) {
             $root = str_replace(\BitFire\WAF_ROOT."data/bitfire-{$v}/", "", $x);
             if (!rename($x, \BitFire\WAF_ROOT . $root)) { debug("unable to rename [%s] - %s", $x, $root); }
@@ -782 +785 @@
     $p1 = hash("sha3-256", $request->post['pass1']??'');
     debug("pass sha3-256 %s ", $p1);
-    $pass = file_replace(\BitFire\WAF_INI, "password = 'default'", "password = '$p1'")->run()->num_errors() == 0;
+
+    $config_file = make_config_loader()->run()->read_out();
+    $pass = file_replace($config_file, "password = 'default'", "password = '$p1'")->run()->num_errors() == 0;
     CacheStorage::get_instance()->save_data("parse_ini", null, -86400);
-    exit(($pass) ? "success" : "unable to write to: " . \BitFire\WAF_INI);
+    exit(($pass) ? "success" : "unable to write to: $config_file");
 }
 
@@ -850 +855 @@
 function toggle_config_value(\BitFire\Request $request) : Effect {
 
+    $config_file = make_config_loader()->run()->read_out();
     // handle fixing write permissions
     if ($request->post["param"] == "unlock_config") {
-        $result = chmod(\BitFire\WAF_INI, 0664);
-        return Effect::new()->api(true, "updated 2", ["file" => WAF_INI, "mode" => 0664, "result" => $result]);
+        $result = chmod($config_file, 0664);
+        return Effect::new()->api(true, "updated 2", ["file" => $config_file, "mode" => 0664, "result" => $result]);
     }
     // handle toggle on/off to values
@@ -861 +867 @@
     }
 
-    debug("update config [%s]", WAF_INI);
-
-    // ugly fix for missing valid domain line
-    $config = FileData::new(WAF_INI)->read();
-
-    if ($config->num_lines < 1) {
-        file_replace(WAF_INI, "; domain_fix_line", "valid_domains[] = \"\"\n; domain_fix_line")->run();
-    }
+    debug("update config [%s]", $config_file);
 
     // update the config file
@@ -1248 +1247 @@
     $effect = Effect::new()->exit(true);
     $weblog_file = get_hidden_file("weblog.bin");
-    $fh = fopen($weblog_file, "rb");
+    if (file_exists($weblog_file)) {
+        $fh = fopen($weblog_file, "rb");
+    }
     if (!$fh) {
         return $effect->api(false, "unable to open $weblog_file");

bitfire/trunk/src/bitfire.php

@@ -264 +264 @@
     }
 
+    $config_file = \ThreadFin\make_config_loader()->run()->read_out();
     $raw_pw = $_SERVER["PHP_AUTH_PW"]??'';
     // read any recovery passwords
@@ -274 +275 @@
             // set the password and unlock the config file
             $password = trim(file_get_contents($file));
-            @chmod(WAF_INI, FILE_RW);
+            @chmod($config_file, FILE_RW);
         }
     }

bitfire/trunk/src/botfilter.php

@@ -1257 +1257 @@
 
     // create a new bot if we could not load one from the remote server (bitfire.co down?)
-    if (!empty($request) && empty($bot_data)) {
+    if (empty($bot_data)) {
         trace('BOT_NEW');
         $bot_data = new BotSimpleInfo($agent->trim);
         $bot_data->agent_trim = $agent->trim;
-        $bot_data->ips = [$request->ip => $request->classification];
+        if (!empty($request)) {
+            $bot_data->ips = [$request->ip => $request->classification];
+        }
         $bot_data->category = 'Auto Learn';
         $bot_data->name = '';
@@ -1277 +1279 @@
 
     // bot_data will now have known bots and unknown bots, manual mode will be set
-    $bot_data->agent = $agent->agent_text;
+    if (empty($bot_data->agent)) {
+        $bot_data->agent = $agent->agent_text;
+    }
 
 

bitfire/trunk/src/dashboard.php

@@ -68 +68 @@
 use function ThreadFin\un_json;
 use function ThreadFin\at;
+use function ThreadFin\make_config_loader;
 
 require_once \BitFire\WAF_SRC . "api.php";
@@ -170 +171 @@
 {
     static $result = NULL;
+    $config_file = make_config_loader()->run()->read_out();
     if ($result === NULL) {
-        $result = is_writeable(\BitFire\WAF_INI) && is_writeable(\BitFire\WAF_ROOT . "config.ini.php");
+        $result = is_writeable($config_file) && is_writeable(\BitFire\WAF_ROOT . "config.ini.php");
     }
     return ($result) ? " " : "disabled ";
@@ -233 +235 @@
 
     $content = CFG::str("cms_content_url");
+    $is_default = CFG::enabled('default_config');
     $variables['license'] = CFG::str('pro_key', "unlicensed");
     $variables['font_path'] = (defined("WPINC") && !empty($content)) ? "$content/plugins/bitfire/public" : "https://bitfire.co/dash/fonts/cerebrisans";
@@ -250 +253 @@
     $variables['sym_version'] = BITFIRE_SYM_VER;
     $variables['showfree_class'] = $is_free ? "" : "hidden";
+    $variables['showerror_class'] = $is_default ? "" : "hidden";
+
     $variables['hidefree_class'] = $is_free ? "hidden" : "";
     $variables['release'] = (($is_free)  ? "FREE" : "PRO") . " Release " . BITFIRE_SYM_VER;
@@ -313 +318 @@
     if ($auth->read_status() == 302) { return; }
 
+    $config_file = make_config_loader()->run()->read_out();
     // load the scanner config
     $raw_scan_config = CFG::arr("malware_config");
     if (empty($raw_scan_config)) {
         $raw_scan_config = ["unknown_core:1", "standard_scan:false", "access_time:1", "random_name_per:50", "line_limit:12000", "freq_limit:768", "random_name_per:75", "fn_freq_limit:512", "fn_line_limit:2048", "fn_random_name_per:60",  "includes:0", "var_fn:1", "call_func:1", "wp_func:0", "extra_regex:"];
-        $eff = update_ini_fn(ƒixl('\BitFireSvr\array_to_ini', 'malware_config', $raw_scan_config), WAF_INI, true);
+        $eff = update_ini_fn(ƒixl('\BitFireSvr\array_to_ini', 'malware_config', $raw_scan_config), $config_file, true);
         $eff->run();
     }
@@ -419 +425 @@
 function serve_settings()
 {
+    $ini_file = make_config_loader()->run()->read_out();    
+
     // authentication guard
     $auth = validate_auth();
@@ -448 +456 @@
 
     $policy = CFG::arr("csp_policy");
+
 
     //"dashboard_path" => $dashboard_path,
@@ -463 +472 @@
         "cor_policy" => (CFG::str("cor_policy") == "same-site") ? true : false, 
         //"theme_css" => file_get_contents(\BitFire\WAF_ROOT."public/theme.min.css"). file_get_contents(\BitFire\WAF_ROOT."public/theme.bundle.css"),
-        "valid_domains_html" => list_text_inputs("valid_domains"),
         "hide_shmop" => (function_exists("shmop_open")) ? "" : "hidden",
         "hide_apcu" => (function_exists("apcu_store")) ? "" : "hidden",
@@ -472 +480 @@
         "disabled" => $disabled,
         "info" => $info,
-        "waf_ini" => WAF_INI,
+        "waf_ini" => $ini_file,
         "mfa_class" => (defined("WPINC")) ? "text-muted" : "text-danger"
     )))->run();
@@ -624 +632 @@
         $bot = hydrate_any_bot_file($file);
 
-        if (is_array($bot->ips)) {
+        if (!empty($bot) && is_array($bot->ips)) {
             foreach ($bot->ips as $ip => $unused_class) {
                 $ip_counter[$ip] = ($ip_counter[$ip] ?? 0) + 1;
@@ -632 +640 @@
 
 
-        if (!$bot) {
+        if (!$bot && file_exists($file)) {
             unlink($file);
             return false;

bitfire/trunk/src/server.php

@@ -45 +45 @@
     public $crawler_id; // udger code, to remove from old bot data...
 
+    public $manual_mode;
+
     public function __construct($agent)
     {
@@ -86 +88 @@
 use const BitFire\STATUS_OK;
 use const BitFire\STATUS_FAIL;
-use const BitFire\WAF_INI;
 use const BitFire\WAF_ROOT;
 use const BitFire\WAF_SRC;
+use const ThreadFin\CUCKOO_MEM_CHUNK;
+use const ThreadFin\CUCKOO_STAT_SIZE;
 use const ThreadFin\DAY;
 use const ThreadFin\DS;
-
-
 
 use function BitFire\parse_agent;
@@ -118 +119 @@
 use function ThreadFin\trace;
 use function ThreadFin\at;
+use function ThreadFin\make_ini_info;
 use function ThreadFin\utc_date;
 use function ThreadFin\utc_time;
@@ -132 +134 @@
 const ACCESS_URL_URI = 13;
 
-const CONFIG_KEY_NAMES = [ "bitfire_enabled","allow_ip_block","security_headers_enabled","enforce_ssl_1year","csp_policy_enabled","csp_default","csp_policy","csp_uri","pro_key","rasp_filesystem","max_cache_age","web_filter_enabled","spam_filter_enabled","xss_block","sql_block","file_block","block_profanity","filtered_logging","allowed_methods","whitelist_enable","blacklist_enable","require_full_browser","honeypot_url","check_domain","valid_domains","valid_domains[]","ignore_bot_urls","rate_limit","rr_5m","cache_type","cookies_enabled","wordfence_emulation","report_file","block_file","debug_file","debug_header","send_errors","dashboard_usage","browser_cookie","dashboard_path","encryption_key","secret","password","cms_root","cms_content_url","cms_content_dir","debug","skip_local_bots","response_code","ip_header","dns_service","short_block_time","medium_block_time","long_block_time","cache_ini_files","root_restrict","configured","log_everything","ip_lookups","remote_tech_allow","tech_public_key","nag_ignore","verify_http_code", "block_profanity"];
-
+const CONFIG_KEY_NAMES = [ "bitfire_enabled","allow_ip_block","security_headers_enabled","enforce_ssl_1year","csp_policy_enabled","csp_default","csp_policy","csp_uri","pro_key","rasp_filesystem","max_cache_age","web_filter_enabled","spam_filter_enabled","xss_block","sql_block","file_block","block_profanity","filtered_logging","allowed_methods","whitelist_enable","blacklist_enable","require_full_browser","honeypot_url","check_domain","ignore_bot_urls","rate_limit","rr_5m","cache_type","cookies_enabled","wordfence_emulation","report_file","block_file","debug_file","debug_header","send_errors","dashboard_usage","browser_cookie","dashboard_path","encryption_key","secret","password","cms_root","cms_content_url","cms_content_dir","debug","skip_local_bots","response_code","ip_header","dns_service","short_block_time","medium_block_time","long_block_time","cache_ini_files","root_restrict","configured","log_everything","ip_lookups","remote_tech_allow","tech_public_key","nag_ignore","verify_http_code", "block_profanity"];
 
 // helpers
@@ -334 +335 @@
 function update_ini_fn(callable $fn, string $filename = "", bool $append = false) : Effect {
     if (empty($filename)) {
-        $filename = (defined("\BitFire\WAF_INI")) ? \BitFire\WAF_INI : make_config_loader()->run()->read_out();
+        $filename = make_config_loader()->run()->read_out();
+        // file if we can not find it...
+        if (empty($filename) || !file_exists($filename)) {
+            return new Effect();
+        }
     }
 
@@ -421 +426 @@
     $fn = (ƒixl("preg_replace", $search, $replace));
 
+    $filename = make_config_loader()->run()->read_out();
+
     // replace the parameter
-    if (icontains(FileData::new(WAF_INI)->read()->raw(), "$param")) {
-        $effect = update_ini_fn($fn, WAF_INI);
+    if (icontains(FileData::new($filename)->read()->raw(), "$param")) {
+        $effect = update_ini_fn($fn, $filename);
     }
     // append the parameter
     else {
-        $effect = update_ini_fn(ƒ_id($replace), WAF_INI, true);
+        $effect = update_ini_fn(ƒ_id($replace), $filename, true);
     }
 
@@ -470 +477 @@
     }
 
+    $config_file = make_config_loader()->run()->read_out();
+    if (empty($config_file)) {
+        return Effect::$NULL;
+    }
+
     // if we already have the content, skip
-    $content = file_get_contents(WAF_INI);
+    if (file_exists($config_file)) {
+        $content = file_get_contents($config_file);
+    }
+    if (empty($content)) {
+        return Effect::$NULL;
+    }
     if (contains($content, $param)) {
         return Effect::$NULL;
@@ -489 +506 @@
     $line = preg_replace("/^\n\n/", "\n", trim($line));
 
-    return Effect::new()->file(new FileMod(WAF_INI, $content . $line));
+    return Effect::new()->file(new FileMod($config_file, $content . $line));
 }
 
@@ -508 +525 @@
     $ini_test = FileData::new($ini_src);
     // FILESYSTEM GUARDS
-    if (! $ini_test->exists) { return $e->exit(false, STATUS_EEXIST, "$ini_src does not exist!"); }
+    if (! $ini_test->exists) { return $e->exit(false, STATUS_EEXIST, "config file $ini_src does not exist!"); }
     if (! $ini_test->readable || ! $ini_test->writeable) { 
         if (!@chmod($ini_src, FILE_RW)) {
@@ -630 +647 @@
         $info["cookies"] = "not enabled.  none found. <= 1";
     }
-
-    $host = filter_input(INPUT_SERVER, "HTTP_HOST", FILTER_SANITIZE_URL);
-    $domain = at($host, ":", 0);
-    $info["domain_value"] = $domain;
-    $domain = join(".", array_slice(explode(".", $domain), -2));
-
-    $e->chain(update_ini_value("valid_domains[]", $domain, "default"));
 
     // configure dynamic exceptions
@@ -816 +826 @@
     }
     $ini = "$root/".ini_get("user_ini.filename");
-    $hta = "$root/.htaccess";
     $extra = "";
     $note = "";
-    $status = false;
+    $status = STATUS_FAIL;
+
+    // make sure the config has been setup!
+    $config_file = make_config_loader()->run()->read_out();
 
 
@@ -828 +840 @@
         $ip = filter_input(INPUT_SERVER, CFG::str_up("ip_header", "REMOTE_ADDR"), FILTER_VALIDATE_IP);
         $block_file = \BitFire\BLOCK_DIR . DS . $ip;
-        $effect->chain(update_config(\BitFire\WAF_INI));
+        $effect->chain(update_config($config_file));
         $effect->chain(update_ini_value("configured", "true")); // MUST SYNC WITH UPDATE_CONFIG CALLS (WP)
         $effect->chain(Effect::new()->file(new FileMod(\BitFire\WAF_ROOT."install.log", "configured server settings. rare condition.",  FILE_RW, 0, true)));
@@ -843 +855 @@
 
     // force WordFence compatibility mode if running on WP ENGINE and WordFence is not installed, emulate WordFence
+    // WPEngine only allows creation of the root file wordfence-waf.php, all others will be blocked.
     // don't run this check if we are being run from the activation page (request will be null)
-    if (CFG::enabled("wordfence_emulation")) {
-        $cms_root = cms_root();
-        $waf_load = "$cms_root/wordfence-waf.php";
-        $effect->exit(false, STATUS_EEXIST, "WPEngine hosting. UNINSTALL WordFence before enabling always on.");
-        // we are on wordpress, found the dir and it exists
-        if (!empty($cms_root) && file_exists($cms_root)) {
-            // wordfence is not installed, and the autoload file does not exist, lets inject ours
-            if (!file_exists(CFG::str("cms_content_dir")."plugins/wordfence") && !file_exists($waf_load)) {
-                $self = dirname(__DIR__) . "/startup.php";
-                if (file_exists($self)) {
-                    $effect->file(new FileMod($waf_load, "<?"."php include_once '$self'; ?>\n"))
-                        ->status(STATUS_OK)
-                        ->out("WPEngine hosting. WordFence WAF emulation enabled. Always on protected.");
-                } else {
-                    $effect->exit(false, STATUS_ENOENT, "Critical error, unable to locate BitFire startup script. Please re-install.");
-                }
-            }
+    // wp-content located: check on the boot strap file
+    $waf_load_file = CFG::enabled("wordfence_emulation") ? "$root/wordfence-waf.php" : "$root/bitfire-waf.php";
+    $extra = "This may take up to " . ini_get("user_ini.cache_ttl") . " seconds to take effect (cache clear time)";
+
+    // boot strap exists, lets verify it's content
+    if (file_exists($waf_load_file)) {
+        $content = file_get_contents($waf_load_file);
+        if (\str_contains(strtolower($content), "wordfence")) {
+            $note = "WordFence WAF already installed at $waf_load_file. Please uninstall WordFence before enabling BitFire always on protection.";
+        }
+        else if (! \str_contains(strtolower($content), "bitfire")) {
+            $note = "Unknown content in $waf_load_file. manually remove this file from " . $_SERVER['DOCUMENT_ROOT'] . "/.user.ini FIRST, THEN SECOND remove $waf_load_file and retry. Consult support at [email protected] for help, this can damage your web site.";
         } else {
-            $effect->exit(false, STATUS_ENOENT, "Critical error, unable to locate WordPress root directory.");
-        }
-    }
-
-    // NOT WPE
+            $status = STATUS_OK;
+        }
+    }
+    // make the new boot strap file
     else {
-        // handle NGINX and other cases
-        $root_path = dirname(__DIR__) . DS;
-        $content = "\nauto_prepend_file = \"{$root_path}startup.php\"\n";
-        $status = (\BitFireSvr\install_file($ini, $content) ? true : false);
-        $file = $ini;
-        $extra = "This may take up to " . ini_get("user_ini.cache_ttl") . " seconds to take effect (cache clear time)";
-        $note = ($status == "success") ?
-            "BitFire was added to auto start in [$ini]. $extra" :
-            "Unable to add BitFire to auto start.  check permissions on file [$file]";
-    }
-
-    $effect->chain(Effect::new()->file(new FileMod(\BitFire\WAF_ROOT."install.log", join(", ", debug(null))."\n$note\n", FILE_RW, 0, true)));
+        $full_path = realpath(WAF_ROOT . "startup.php");
+        // only make the bootstrap file if we can find the plugin startup file
+        if ($full_path) {
+            $content = "<?php\n// THIS FILE LOADS BITFIRE FROM .user.ini NO NOT REMOVE!\nif (file_exists($full_path)) { include_once '$full_path'; } ?>\n";
+            $effect->file(new FileMod($waf_load_file, $content));
+            $effect->run();
+            $status = $effect->num_errors() == 0 ? STATUS_OK : STATUS_FAIL;
+        } else {
+            $note = "Critical error, unable to locate BitFire startup script. Please re-install.";
+        }
+    }
+
+    // bootstrap is looking good and was written successfully!
+    if ($status == STATUS_OK && empty($effect->read_errors())) {
+        $note = "BitFire always on protection installed. DO NOT MANUALLY REMOVE THE $waf_load_file FILE! Contact support at [email protected] for support\n";
+        $ini_content = "\nauto_prepend_file = \"{$root_path}startup.php\"\n";
+        $status = (\BitFireSvr\install_file($ini, $ini_content) ? STATUS_OK : STATUS_EACCES);
+    }
+
+    $effect->chain(Effect::new()->file(new FileMod(get_hidden_file("install.log"), join(", ", debug(null))."\n$note\n", FILE_RW, 0, true)));
     return $effect->exit(false)->api($status, $note)->status((($status) ? STATUS_OK : STATUS_FAIL));
 }
@@ -902 +917 @@
         $sem = sem_get(0x228AAAE7, 1, 0660, $opt);
         if (!empty($sem)) { sem_remove($sem); }
+    }
+    // remove any dangling shmop cache
+    if (function_exists('shmop_delete')) {
+        $token = Config::int("cache_token", 1234560);
+        $mem_end = ((4096 + 1) * CUCKOO_MEM_CHUNK) + CUCKOO_STAT_SIZE;
+        $memory = shmop_open($token, "w", 0644, $mem_end);
+        if (!empty($memory)) {
+            shmop_delete($memory);
+        }
     }
 
@@ -938 +962 @@
     // remove all configuration...
     do_for_each(glob(get_hidden_file("*"), GLOB_NOSORT), [$effect, 'unlink']);
-    $effect->unlink(get_hidden_file(""));
+    do_for_each(glob(get_hidden_file("bots", GLOB_NOSORT)), [$effect, 'unlink']);
+    do_for_each(glob(get_hidden_file("params", GLOB_NOSORT)), [$effect, 'unlink']);
+    do_for_each(glob(get_hidden_file("quick_map", GLOB_NOSORT)), [$effect, 'unlink']);
+    $config_dir_path = get_hidden_file("");
+    $effect->unlink($config_dir_path);
 
     $note = ($status == "success") ?
@@ -946 +974 @@
     $effect->out(json_encode(array('status' => $status, 'note' => $note, 'method' => $method, 'path' => $path)));
 
+    file_put_contents("/tmp/uninstall.log", print_r($effect, true));
 
     return $effect;
@@ -1099 +1128 @@
     }
 
+    // make sure the config has been setup!
+    $config_file = make_config_loader()->run()->read_out();
+
     $effect = \BitFireSvr\update_ini_value("bitfire_enabled", "true");
     debug("configured: [%d]", CFG::enabled("configured"));
 
-    $effect->chain(update_config(\BitFire\WAF_INI));
+    $effect->chain(update_config($config_file));
     // make sure we run auto configure and install auto start
     // update configured after check for install.  allows install on deactivate - activate
@@ -1246 +1278 @@
 }
 
+/**
+ * 
+ * perform a basic check to make sure that the config directory is looking good.
+ * @param string $path 
+ * @return bool - true if the config is okay, false if not 
+ */
+function verify_config(string $path) : bool {
+    $files = glob($path . "/*");
+    if (count($files) < 11) {
+        return false;
+    }
+
+    $have_config = $have_bots = false;
+    foreach($files as $file) {
+        if (ends_with($file, "config.ini")) {
+            $have_config = true;
+        }
+        if (ends_with($file, "bots")) {
+            $have_bots = true;
+        }
+    }
+
+    return $have_config && $have_bots;
+}
+
+/**
+ * Migrate the configuration directory to the new location.
+ * @param string $orig_key - the old key - if empty, a new key will be generated
+ * @return string - the new key if migration passed, empty string on failure
+ */
+function migrate_config_dir(string $orig_key) : string {
+    // create a new key if we are using the default key
+    static $random_key = '';
+    if (empty($random_key)) { $random_key = random_str(12); }
+
+    $new_key = (empty($orig_key)) ? $random_key : $orig_key;
+
+    // this is already defined in wp-includes/load.php, I'm just paranoid
+    if (defined('ABSPATH') && !defined('WP_CONTENT_DIR')) { define('WP_CONTENT_DIR', ABSPATH . 'wp-content'); }
+
+    // don't allow a double migration
+    $migration_path = WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'uploads' . DIRECTORY_SEPARATOR . "bitfire_$new_key";
+    if (file_exists($migration_path) && is_dir($migration_path)) {
+        // if the migration path already exists, we are done
+        return $new_key;
+    }
+
+    $old_path = $old_key = '';
+    // look in the old location for the config directory
+    $old_configs = glob(WP_CONTENT_DIR . "/plugins/bitfire_??????????");
+    // found an old config in the old location, let's move it.
+    if (count($old_configs) > 0) {
+        // we have an old config, so we will migrate it
+        $old_path = realpath($old_configs[0]);
+        if ($old_path && verify_config($old_path)) {
+            // the old config is good, we are going to use it, lets move the
+            // hidden_config directory so we don't accidentally use that some other time
+            rename(WAF_ROOT . "hidden_config", WAF_ROOT . "orig_config");
+            $tmp     = basename($old_path);
+            $parts   = explode("_", $tmp);
+            $old_key = $parts[1];
+        }
+    }
+
+    // next, look for an "OLD" config in the NEW location...
+    $old_configs = glob(WP_CONTENT_DIR . "/uploads/bitfire_????????????");
+    // found an old config in the old location, let's move it.
+    if (count($old_configs) > 0) {
+        // we have an old config, so we will migrate it
+        $old_path = realpath($old_configs[0]);
+        if ($old_path && verify_config($old_path)) {
+            // the old config is good, we are going to use it, lets move the
+            // hidden_config directory so we don't accidentally use that some other time
+            rename(WAF_ROOT . "hidden_config", WAF_ROOT . "orig_config");
+            $tmp     = basename($old_path);
+            $parts   = explode("_", $tmp);
+            $old_key = $parts[1];
+        }
+    }
+
+    // no valid old config found, look for the default config (could be a new install) 
+    if (empty($old_path) || empty($old_key)) {
+        $default_path = WP_CONTENT_DIR . "/plugins/bitfire/hidden_config";
+        // we still have an old config, so we will migrate it
+        if (file_exists($default_path)) {
+            $old_path = realpath($default_path);
+        }
+    }
+
+    $success = false;
+    // move the old configuration to the new configuration directory
+    if ($old_path && file_exists($old_path) && is_dir($old_path)) {
+        $success = rename($old_path, $migration_path);
+        if ($success) {
+            $effect = make_ini_info($new_key)->run();
+
+            if ($effect->num_errors() <= 0) {
+                return $new_key;
+            }
+        }
+    }
+
+    // looks like ini_info wasn't updated correctly (stat cache?). try to find the already migrated config...
+    $old_configs = glob(WP_CONTENT_DIR . DIRECTORY_SEPARATOR . "uploads/bitfire_????????????", GLOB_ONLYDIR);
+    if ($old_configs) {
+        $config = array_shift($old_configs);
+        $secret = substr(basename($config), -12);
+        $effect = make_ini_info($secret)->run();
+        return $secret;
+    }
+
+    return '';
+}
 
 function upgrade($upgrade=null, $extra=null) {
@@ -1339 +1484 @@
     update_ini_value("tech_public_key", "b39a09eb3095c54fd346a2f3c8a13a8f143a1b3fe26b49c286389c55cec73c3e")->run();
 
-    file_put_contents(dirname(WAF_INI)."/browser_allow.json", "{\n'ip': {},\n'ua': {}\n }", LOCK_EX);
+    $browser_allow_file = get_hidden_file("browser_allow.json");
+    if (!file_exists($browser_allow_file)) {
+        file_put_contents($browser_allow_file, "{\n'ip': {},\n'ua': {}\n }", LOCK_EX);
+    }
 
     // convert old format bots to BotSimpleInfo
@@ -1663 +1811 @@
 
     // write to a temp file and make sure it loads
-    file_put_contents($config_file . ".tmp", $file->raw() . "\n");
-    $success = parse_ini_file($config_file . ".tmp");
-    // there is an error, return the mapped config data, will try again later
-    if ($success == false) {
-        return $data;
+    $raw     = $file->raw();
+    $success = false;
+    $raw_len = strlen($raw);
+    if ($raw_len > 1024) {
+        $bytes = file_put_contents($config_file . ".tmp", $raw . "\n");
+        if ($bytes < $raw_len) {
+            $success = parse_ini_file($config_file . ".tmp");
+            // there is an error, return the mapped config data, will try again later
+            if ($success == false) {
+                return $data;
+            }
+        }
     }
 

bitfire/trunk/src/util.php

@@ -34 +34 @@
 use function BitFire\on_err;
 use function BitFireChars\save_config2;
+use function BitFirePlugin\file_type;
 use function BitFireSvr\update_ini_value;
 use function ThreadFin\HTTP\http;
@@ -386 +387 @@
     static $last = 0; if (is_null($msg)) { return $last; }
     $last = microtime(true); trace($msg);
+}
+// emergency logger in case config can not load
+function emerg(string $msg) :void {
+    file_put_contents("/tmp/bitfire_emerg.log", date('Y-m-d H:i:s') . " " . $msg . "\n", FILE_APPEND);
 }
 function dbg($x, $msg="") {$m=htmlspecialchars($msg); $z=(php_sapi_name() == "cli") ? print_r($x, true) : htmlspecialchars(print_r($x, true)); echo "<pre>\n[$m]\n($z)\n" . join("\n", debug(null)) . "\n" . debug(trace(null));
@@ -968 +973 @@
         // write all effect files
         foreach ($this->file_outs as $file) {
+
             assert(!empty($file->filename), "can't write to null file: " . en_json($file));
             $len = strlen($file->content);
@@ -1014 +1020 @@
                 }
             }
-        }
+
+            // we need to clear the entry from the stat cache so we can read the updated file
+            clearstatcache(true, $file->filename);
+        }
+
 
         // allowable: backup files, WordFence waf loader if it is an emulation file
@@ -1575 +1585 @@
 function make_config_loader() : Effect {
     $effect = Effect::new();
-    if (defined("BitFire\WAF_INI")) { return $effect->out(\BitFire\WAF_INI)->hide_output(); }
-
-
-    // FIRST, lets verify that we already have a valid config
-    // if so we bail out early here...
-    $parent = dirname(WAF_ROOT, 1);
+    static $path = "";
+    if (!empty($path)) { return $effect->out($path)->hide_output(); }
+
+
+    // normal path, load the secret key are return the path to the config file
     $file = \BitFire\WAF_ROOT."ini_info.php";
+    $secret_key = "";
     if (file_exists($file)) {
-        $secret_key = "";
+        // including the ini_info.php file will define $secret_key and $ini_type
         include $file;
-        $config_file = $parent . "/bitfire_{$secret_key}/config.ini";
-        if (file_exists($config_file)) {
-            define("BitFire\WAF_INI", $config_file);
+        $config_path = WP_CONTENT_DIR . DIRECTORY_SEPARATOR . "uploads/bitfire_{$secret_key}/config.ini";
+        $config_file = realpath($config_path);
+        // normal case after secret directory move
+        if ($config_file) {
+            $path = $config_file;
             return $effect->out($config_file)->hide_output();
         }
     }
-    // ini_info was invalid, reset the key
-    $secret_key = "";
-
-    // we don't know where the config is because there is no ini_info file
-    // probably a first run, or a new install, lets find it
-    // find all old configs
-    $config_dirs = glob("{$parent}/bitfire_??????????");
-
-    // get the creation/modification time so we can find most recent
-    $dir_with_time = array_map(function($dir) {
-        return [ "dir" => $dir, "time" => filemtime($dir) ];
-    }, $config_dirs);
-    usort($dir_with_time, function($a, $b) {
-        return $a["time"] - $b["time"];
-    });
-    // if we have existing dirs, then lets use the most recent config
-    if (count($dir_with_time) > 0) {
-        $newest = array_pop($dir_with_time);
-        if (preg_match("/bitfire_(\w+)/", $newest["dir"], $matches)) {
-            $secret_key = $matches[1];
-            while($next = array_pop($dir_with_time)) {
-                // delete all but the newest
-                $effect->unlink($next["dir"]);
-            }
-        }
-    }
-    // no old configs, lets create a new one
-    if (empty($secret_key)) {
-        $secret_key = random_str(10);
-        // check if the hidden config has not yet been moved and move it
-        $path = $parent . "/bitfire_{$secret_key}/";
-        $orig_config = WAF_ROOT . "hidden_config";
-        if (file_exists($orig_config)) {
-            rename($orig_config, $path);
-        }
-    }
-
-    // we should have a secret key by now, lets update the ini_info file
-    if (!empty($secret_key)) {
-        $markup = "<?"."php \$secret_key = '$secret_key'; ";
+
+    // make sure we have the server modification functions available and migrate an old config
+    require_once WAF_ROOT . "/src/server.php";
+    $new_key = \BitFireSvr\migrate_config_dir($secret_key);
+    $config_path = WP_CONTENT_DIR . DIRECTORY_SEPARATOR . "uploads/bitfire_{$new_key}/config.ini";
+
+    // we should have a valid config at this location now
+    $config_file = realpath($config_path);
+
+    // normal case after secret directory move
+    if (file_exists($config_file)) {
+        $path = $config_file;
+        return $effect->out($config_file)->hide_output();
+    }
+
+    // something has gone very wrong at this point. (probably file permissions)
+    // return the default config file
+    $orig_config = WAF_ROOT . "hidden_config";
+    return $effect->out($orig_config)->hide_output();
+}
+
+/**
+ * create an effect to write the ini_info.php file, will auto determine the cache type if one is not given
+ * @param string $secret_key 
+ * @param string $ini_type 
+ * @return Effect 
+ */
+function make_ini_info(string $secret_key, string $ini_type = '') : Effect {
+    $effect = Effect::new();
+    // attempt to use shared memory if available
+    if (empty($ini_type)) {
         if (function_exists("shmop_open")) {
-            $markup .= '$ini_type = "shmop";';
-        } else {
-            $markup .= '$ini_type = "opcache";';
-        }
-        $effect->file(new FileMod(\BitFire\WAF_ROOT."ini_info.php", $markup));
-    }
-
-    $path = $parent . "/bitfire_{$secret_key}/";
-    define("BitFire\WAF_INI", $path . "config.ini");
-    return $effect->out($path . "config.ini")->hide_output();
-}
+            $id = @shmop_open(12345, 'c', 0666, 1470008);
+            if (!empty($id)) {
+                @shmop_delete($id); 
+                $ini_type = "shmop";
+            }
+        }
+    }
+    // if we don't have shmop, then we use opcache
+    if (empty($ini_type)) {
+        $ini_type = "opcache";
+    }
+    // if we have a secret key, then we write the ini_info.php file
+    $markup = "<?php \$secret_key = '$secret_key'; \$ini_type = '$ini_type';";
+    $effect->file(new FileMod(\BitFire\WAF_ROOT."ini_info.php", $markup));
+    return $effect;
+}
+
 
 
@@ -1652 +1661 @@
  * @return string - the realpath to the file
  */
-function get_hidden_file(string $file_name, ?string $secret_key = null) : string {
+function get_hidden_file(string $file_name) : string {
     static $path = null;
     //if (php_sapi_name() === "cli") { return getcwd() . "/$file_name"; }
 
-    // use the secret key passed to us
-    if (!empty($secret_key)) {
-        $parent = dirname(WAF_ROOT, 1);
-        $path = realpath($parent . "/bitfire_{$secret_key}/") . "/";
-    }
     // fall back to the secret key in the ini_info file
     if (empty($path)) {
-        $path = dirname(make_config_loader()->read_out(), 1) . "/";
-    }
-    return $path . $file_name;
+        // make config loader returns the path to the config file
+        $config_file = make_config_loader()->run()->read_out();
+        // get the path to the hidden directory 
+        $test = dirname($config_file);
+        // we found the config, save that path in the static variable for future use
+        if (file_exists($test) && WAF_ROOT != $test) {
+            $path = $test . DIRECTORY_SEPARATOR;
+        }
+
+        $config_parent = dirname($test) . DIRECTORY_SEPARATOR;
+        // make sure that the index.php file exists in the wp-content/uploads directory to hide the configuration
+        if ($config_parent . "index.php") {
+            file_put_contents($config_parent . "index.php", "<?php\n//Silence is golden.", LOCK_EX);
+        }
+
+    }
+    // very odd case (SHOULD NEVER HAPPEN) where the config file is not found, we use the default path
+    if (empty($path)) {
+        $path = WAF_ROOT;
+    }
+    // if we are requesting an empty file name, we just return the path (since they are requesting the hidden directory path)
+    if ($file_name == "") {
+        return $path;
+    }
+
+    $file_path = $path . $file_name;
+    return $file_path; // hold on to your butts!
+}
+
+/**
+ * a fail safe fall back config if we can't find one
+ * @return array 
+ */
+function default_config() : array {
+    return [
+        "bitfire_enabled" => false,
+        "allow_ip_block" => false,
+        "security_headers_enabled" => false,
+        "log_everything" => false,
+        "web_filter_enabled" => false,
+        "require_full_browser" => false,
+        "whitelist_enable" => false,
+        "blacklist_enable" => false,
+        "cache_type" => "nop",
+        "ip_header" => "remote_addr",
+        "default_config" => true,
+        "wizard" => true
+    ];
 }
 
@@ -1676 +1725 @@
     //$ini_type = "opcache";
 
-    $loader = make_config_loader()->run();
-    $config_file = $loader->read_out();
+    
+
+    $config_file = make_config_loader()->run()->read_out();
     $cache_config_file = $config_file . ".php";
 
     // return a core config with everything off if the config file is not found...
     if (!file_exists($config_file)) {
-        return [
-            "bitfire_enabled" => false,
-            "allow_ip_block" => false,
-            "security_headers_enabled" => false,
-            "log_everything" => false,
-            "web_filter_enabled" => false,
-            "require_full_browser" => false,
-            "whitelist_enable" => false,
-            "blacklist_enable" => false,
-            "cache_type" => "nop",
-            "ip_header" => "remote_addr",
-            "wizard" => false
-        ];
+        return default_config();
     }
 
@@ -1704 +1742 @@
     if (!file_exists($cache_config_file) || filemtime($cache_config_file) < $mod_time) {
         
-        $config = parse_ini_file($config_file, false, INI_SCANNER_TYPED);
-        //$c = count($config);
-        //die("config [$c]\n");
+        // support for json configs...
+        if (strpos($config_file, ".json") !== false) {
+            $config = json_decode(file_get_contents($config_file), true);
+        } else {
+            $config = parse_ini_file($config_file, false, INI_SCANNER_TYPED);
+        }
+
+        // write the php cached config file
         if (is_array($config) && count($config) > 20) {
             // ensure that passwords are always hashed
@@ -1720 +1763 @@
             $exp = time() + 86400*7; 
             $data = "<?php \$value = $s; \$priority = $priority; \$success = (time() < $exp);";
-            file_put_contents($cache_config_file, $data, LOCK_EX) == strlen($data);
-        }
+            file_put_contents($cache_config_file, $data, LOCK_EX);
+        }
+        // TODO: we need to add a notification that the config file is invalid
         else {
-            require_once WAF_SRC . "server.php";
-            $config = save_config2($config_file);
+            return default_config();
         }
     }
@@ -1730 +1773 @@
     if (file_exists($cache_config_file)) {
         include $cache_config_file;
+        // normal case, we have a valid config
         if (isset($value) && count($value) > 20) {
             $config = $value;

bitfire/trunk/src/webfilter.php

@@ -106 +106 @@
 
             // update keys and values
-            $key_file = \BitFire\WAF_ROOT."data/keys2.raw";
-            $value_file = \BitFire\WAF_ROOT."data/values2.raw";
-            $f1 = $key_file;    //get_hidden_file("keys2.txt");
-            $f2 = $value_file;  //get_hidden_file("values2.txt");
+            $key_file = get_hidden_file("keys2.raw");
+            $value_file = get_hidden_file("values2.raw");
             $exp_time = time() - DAY;
             if (!file_exists($key_file) || filemtime($key_file) < $exp_time || !file_exists($value_file) || filemtime($value_file) < $exp_time) {
@@ -121 +119 @@
             trace("KEY.{$c1} VAL.{$c2}");
             if ($c1 <= 1 || $c2 <= 1) {
-                update_raw($f1, $f2)->run();
+                update_raw($key_file, $value_file)->run();
             } 
             else {

bitfire/trunk/startup.php

@@ -87 +87 @@
     }, ARRAY_FILTER_USE_BOTH);
 
-    // user is not logged in, so we will run the firewall code here.
-    // if they are logged in, the code will run from the wordpress handler so that we
-    // have access to the user functions
-    if (empty(CFG::str("cms_root")) || count($auth_cookies) < 2) {
+    // if no auth cookies are present or not running in WordPress we can run early
+    // if this code skips - it will be called on plugin init later. 
+    // inspect() prevents double runs
+    if (!defined('ABSPATH') || count($auth_cookies) < 2) {
         $bitfire = \Bitfire\BitFire::get_instance();
         $bitfire->inspect();

bitfire/trunk/uninstall.php

@@ -39 +39 @@
         $file = ini_get("auto_prepend_file");
         if (!empty($file) && contains($file, "bitfire")) {
-            $seconds = -1;//$exp - time();
+            $removed = removeBitFireBlock($_SERVER['DOCUMENT_ROOT'] . '/.user.ini');
+            $seconds = -1; // some servers dont let us read this ini setting, so just display the default
             if ($seconds < 0 || $seconds > 10000) { $seconds = 300; }
-            die("must wait up to $seconds seconds for user.ini cache to expire, or restart php process.");
+            die("Auto startup script has been removed but is still loaded in cache. Please wait up to $seconds seconds for .user.ini cache to expire and auto startup to unload. FAILURE TO REMOVE THE STARTUP SCRIPT FROM .user.ini WILL RESULT IN SERVER CRASH. If you think this is in error - manually edit " . $_SERVER['DOCUMENT_ROOT'] . "/.user.ini in your webroot directory and remove the bitfire startup script manually. email [email protected] if you need assistance.");
         }
 
@@ -53 +54 @@
 }
 
+
+/**
+ * manually remove the bitfire startup script.
+ * @param string $filepath 
+ * @return bool 
+ */
+function removeBitFireBlock(string $filepath): bool {
+    if (!file_exists($filepath) || !is_readable($filepath) || !is_writable($filepath)) {
+        return false;
+    }
+
+    $content = file_get_contents($filepath);
+    if ($content === false) {
+        return false;
+    }
+
+    // Remove everything between #BEGIN BitFire and #END BitFire (including those lines)
+    $pattern = '/^#BEGIN BitFire.*?#END BitFire\s*/ms';
+    $modified = preg_replace($pattern, '', $content);
+
+    if ($modified === null) {
+        return false; // preg_replace failed
+    }
+
+    return file_put_contents($filepath, $modified) !== false;
+}

bitfire/trunk/views/traffic.html

@@ -459 +459 @@
           This free version of BitFire uses OFFLINE data analysis to flag and identify traffic patterns from log data.
           To secure your site and block this traffic in real-time, please upgrade to realtime generative AI blocking.
-          <a href="https://bitfire.co/purchase" target="_blank" style="text-decoration: underline;">Upgrade to Real-Time blocking</a>
+          <a href="https://bitfire.co/pricing" target="_blank" style="text-decoration: underline;">Upgrade to Real-Time blocking</a>
         </td>
       </tr>
     </table>
+  <table style="margin-top:.25rem" class="{{showerror_class}}">
+      <tr>
+        <td style="font-size:1rem;border:2px solid #F33;padding:.25rem 1rem;">
+          <h2 style="margin-bottom:.25rem;float:left;margin-right:2rem;">Note:</h2>
+          ERROR: configuration data wp-content/uploads/bitfire_RANDOM has been removed! Software is in-operable. Please re-install.
+        </td>
+      </tr>
+    </table>
+
 
   <!-- CARDS -->

bitfire/trunk/views/wizard.html

@@ -286 +286 @@
           </div>
           <div class="modal-body">
-            <p>Auto configuration complete. Click finish to download IP database (1 min).</p>
+            <p>Auto configuration complete. Click Finish -> Tour Dashboard to download IP database (wait ~1 min for IP database to download).</p>
 
             <div id="spin" class="text-success hidden spinner-border left mt-1 mr-2 " style="margin-left: 0" role="status"></div>