Changeset 487204

Timestamp:

01/09/2012 09:24:41 PM (13 years ago)

Author:

blogrescue

Message:

• Any folder or file named 'cache' is now always ignored
• Any folder or file named 'error_log' is now always ignored
• A new option that enables/disabled checksum evaluation has been added (Default and recommended setting is Disabled)

Location:

wordpress-sentinel/trunk

Files:

• readme.txt (modified) (3 diffs)
• wordpress_sentinel.php (modified) (14 diffs)

wordpress-sentinel/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 3.0
 Tested up to: 3.3
-Stable tag: 1.1
+Stable tag: 1.2
 
 This plugin acts as a sentinel that watches over your core Wordpress programs (plus installed themes and plugins) and tells you when changes happen.
@@ -52 +52 @@
 Obviously, the plugin cannot differentiate between a good change and a bad change, so if you make changes to a Theme or install a new Plugin, or even Upgrade Wordpress to a newer version, it is simply going to notice the change and let you know. When this happens (and it will happen), just go to the Wordpress Sentinel option, find the item that you changed or added, and Refresh the Snapshot. (The <strong>Snapshot Everything New</strong> button is a handy way to create initial snapshots after installing new themes and plugins.  It does not touch items which have previously been catalogued.)
 
+= What are Checksums and Why do I need Them? =
+
+Checksums are a way of looking at the contents of a file and building a hash.  If the file changes in any way, even if the size remains the same, the checksum will be different.  Enabling checksums adds extra security however, however this comes at a cost.  The added overhead can slow down a site if there are an inordinate number of files or if there are extremely large files that have to be processed.  The basic file checks compare the modification date and the file size.  This should provide adequate protection in most situations.
+  
 = It is complaining because my sitemap updated - How do I fix this? =
 
@@ -93 +97 @@
 == Changelog ==
 
+= 1.2 =
+* Any folder or file named 'cache' is now always ignored
+* Any folder or file named 'error_log' is now always ignored
+* A new option that enables/disabled checksum evaluation has been added (Default and recommended setting is Disabled)
+
 = 1.1 =
 * Plugin now allows an entire plugin or theme to be ignored (not watched)

wordpress-sentinel/trunk/wordpress_sentinel.php

@@ -41 +41 @@
   var $wp_plugin_dir;
   var $wp_wordpress_dir;
+  var $use_checksums;
   
   var $base;
@@ -62 +63 @@
     $this->wp_plugin_dir = WP_PLUGIN_DIR;
     $this->wp_wordpress_dir = dirname(WP_CONTENT_DIR);  
+    
+    $this->use_checksums = get_site_option('wordpress_sentinel_use_checksums');
   }
   
@@ -78 +81 @@
     
     // Periodic (mock cron) checking for changes
-    $action_interval = 5; // minutes
-    $check_interval = 2; // hours
+    $action_interval = 10; // minutes
+    $check_interval = 4; // hours
     
     $site_check = intval(get_site_option('wordpress_sentinel_site_check'));
@@ -97 +100 @@
       }
 
-      delete_option('wordpress_sentinel_site_check');
-      add_option('wordpress_sentinel_site_check', time());
+      update_option('wordpress_sentinel_site_check', time());
     }
   }
@@ -104 +106 @@
   function admin_panel() {
     $this->build_section_list();
-
-    print '<div id="icon-options-general" class="icon32"><br /></div>';
-    print '<h2>Wordpress Sentinel</h2>';
-    print "<div style='text-align:center;'>";
-    
-    $snapshot_url = $this->url('snapshot', array('section'=>'all'));
-    $snapshot_link = ( function_exists('wp_nonce_url') ) ? wp_nonce_url($snapshot_url, 'sentinel-snapshot-all') : $snapshot_url;
-    print "<a href='$snapshot_link' class='button'>".
-      "Snapshot Everything New</a>";
-      
-    print "&nbsp;&nbsp;&nbsp;&nbsp;";
-    
-    $check_url = $this->url('check', array('section'=>'all'));
-    $check_link = ( function_exists('wp_nonce_url') ) ? wp_nonce_url($check_url, 'sentinel-check-all') : $check_url;
-    print "<a href='$check_link' class='button'>Check Everything</a>";
-    
-    print "&nbsp;&nbsp;&nbsp;&nbsp;";
-    print "<a href='".$this->url('help')."' class='button'>How Does This Work?</a>";
-    print "</div>";
 
     $admin_home = true;
@@ -128 +111 @@
     $section_id = $this->arg('section', '0');
     $section_id_intval = intval($section_id);
+    $checksum_message = '';
+
+    if($action == 'checksum') {
+      check_admin_referer('sentinel-checksum');
+      $this->use_checksums = !$this->use_checksums;
+      update_option('wordpress_sentinel_use_checksums', $this->use_checksums);
+      
+      $checksum_message = "<div id='message' class='updated' style='margin-top:8px;'>".
+        "<p>Checksum Mode Changed - Checksums are now <strong>".
+        ($this->use_checksums ? 'Enabled' : 'Disabled')."</strong>.".
+        ($this->use_checksums ? ' (All Snapshots will need to be Refreshed!)' : '').
+        "</p></div>";
+    }  
+
+    $this->interface_buttons();
+    if($checksum_message != '') print $checksum_message;
 
     if($action == 'snapshot') {
@@ -158 +157 @@
         $this->check_section($section_id_intval);
       }
-      
+
     } else if($action == 'help') {
       $this->show_help();
@@ -168 +167 @@
       $this->display_sections();
     }
+  }
+  
+  function interface_buttons() {
+    print '<div id="icon-options-general" class="icon32"><br /></div>';
+    print '<h2>Wordpress Sentinel</h2>';
+    print "<div style='text-align:center;'>";
+    
+    $snapshot_url = $this->url('snapshot', array('section'=>'all'));
+    $snapshot_link = ( function_exists('wp_nonce_url') ) ? wp_nonce_url($snapshot_url, 'sentinel-snapshot-all') : $snapshot_url;
+    print "<a href='$snapshot_link' class='button'>".
+      "Snapshot Everything New</a>";
+      
+    print "&nbsp;&nbsp;&nbsp;&nbsp;";
+    
+    $check_url = $this->url('check', array('section'=>'all'));
+    $check_link = ( function_exists('wp_nonce_url') ) ? wp_nonce_url($check_url, 'sentinel-check-all') : $check_url;
+    print "<a href='$check_link' class='button'>Check Everything</a>";
+
+    print "&nbsp;&nbsp;&nbsp;&nbsp;";
+    
+    $sum_url = $this->url('checksum');
+    $sum_link = ( function_exists('wp_nonce_url') ) ? wp_nonce_url($sum_url, 'sentinel-checksum') : $sum_url;
+    print "<a href='$sum_link' class='button'>".($this->use_checksums ? 'Disable' : 'Enable')." Checksums</a>";
+    
+    print "&nbsp;&nbsp;&nbsp;&nbsp;";
+    
+    print "<a href='".$this->url('help')."' class='button'>How Does This Work?</a>";
+    print "</div>";
   }
   
@@ -238 +265 @@
   <h3>What if I'm the one making changes?</h3>
   <p>Obviously, the plugin cannot differentiate between a good change and a bad change, so if you make changes to a Theme or install a new Plugin, or even Upgrade Wordpress to a newer version, it is simply going to notice the change and let you know. When this happens (and it will happen), just go to the Wordpress Sentinel option, find the item that you changed or added, and Refresh the Snapshot. (The <strong>Snapshot Everything New</strong> button is a handy way to create initial snapshots after installing new themes and plugins.  It does not touch items which have previously been catalogued.)</p>
+  <h3>What are Checksums and Why do I need Them?</h3>
+  <p>Checksums are a way of looking at the contents of a file and building a hash.  If the file changes in any way, even if the size remains the same, the checksum will be different.  Enabling checksums adds extra security however, however this comes at a cost.  The added overhead can slow down a site if there are an inordinate number of files or if there are extremely large files that have to be processed.  The basic file checks compare the modification date and the file size.  This should provide adequate protection in most situations.</p>
   <h3>It is complaining because my sitemap updated - How do I fix this?</h3>
   To stop watching your sitemap files, do the following:
@@ -486 +515 @@
         $actual_file = $section_actual_files[sha1($snapshot_file->location)];
         $difference = ($snapshot_file->size != $actual_file->size) ||
-          ($snapshot_file->update_date != date("Y-m-d H:i:s", $actual_file->date)) ||
-          ($snapshot_file->checksum != $actual_file->checksum);
+          ($snapshot_file->update_date != date("Y-m-d H:i:s", $actual_file->date));
+        if($this->use_checksums == true) $difference = $difference || ($snapshot_file->checksum != $actual_file->checksum);
+        
         if($difference) {
           if($snapshot_file->watch == 0) {
@@ -557 +587 @@
     if($section_row->mode == WPS_MODE_FILE) {
       $file_location  = $section_row->location . DIRECTORY_SEPARATOR . $section_row->slug;
-      $files[sha1($file_location)] = new wordpresssentinel_file($file_location);
+      $files[sha1($file_location)] = new wordpresssentinel_file($file_location, $this->use_checksums);
     } else {
       $this->process_directory($files, $section_row->mode, $section_row->location);
@@ -567 +597 @@
   function process_directory(&$files, $mode, $path) {
     $handle = opendir($path);
-    $skip = array('.', '..');
+    $skip = array('.', '..', 'cache', 'error_log');
     
     while($entry = readdir($handle)) {
@@ -577 +607 @@
         if($mode == WPS_MODE_RECURSIVE) $this->process_directory($files, $mode, $resource);
       } else {
-        $files[sha1($resource)] = new wordpresssentinel_file($resource);
+        $files[sha1($resource)] = new wordpresssentinel_file($resource, $this->use_checksums);
       }
     }
@@ -670 +700 @@
   var $date;
   
-  function wordpresssentinel_file($location) {
+  function wordpresssentinel_file($location, $use_checksums) {
     $this->file = $location;
     $this->size = filesize($location);
-    $this->checksum = sha1_file($location);
     $this->date = filemtime($location);
+
+    if($use_checksums == true && $this->size < 50000) {
+      $this->checksum = sha1_file($location);
+    } else {
+      $this->checksum = 'not used';
+    }
   }
 }