Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/clone/wp-conte.../plugins/blogvaul.../protect
File: fw.php
<?php
[0] Fix | Delete
if (!defined('ABSPATH') && !defined('MCDATAPATH')) exit;
[1] Fix | Delete
[2] Fix | Delete
if (!class_exists('BVProtectFW_V565')) :
[3] Fix | Delete
require_once dirname( __FILE__ ) . '/fw/rule/errors.php';
[4] Fix | Delete
require_once dirname( __FILE__ ) . '/fw/rule/engine.php';
[5] Fix | Delete
require_once dirname( __FILE__ ) . '/fw/rule.php';
[6] Fix | Delete
[7] Fix | Delete
class BVProtectFW_V565 {
[8] Fix | Delete
private $brand_name;
[9] Fix | Delete
private $protect_mode;
[10] Fix | Delete
private $request;
[11] Fix | Delete
private $ipstore;
[12] Fix | Delete
private $logger;
[13] Fix | Delete
[14] Fix | Delete
private $is_shutdown_cb_set = false;
[15] Fix | Delete
private $is_rule_initialized = false;
[16] Fix | Delete
private $is_wpf_rule_initialized = false;
[17] Fix | Delete
private $is_ip_cookie_set = false;
[18] Fix | Delete
private $is_request_profiled = false;
[19] Fix | Delete
private $is_on_boot_rules_executed = false;
[20] Fix | Delete
private $is_ip_checked_for_blacklisted = false;
[21] Fix | Delete
private $has_valid_bypass_cookie;
[22] Fix | Delete
[23] Fix | Delete
private $mode = BVProtectFW_V565::MODE_DISABLED;
[24] Fix | Delete
private $ip_cookie_mode = BVProtectFW_V565::IP_COOKIE_MODE_DISABLED;
[25] Fix | Delete
private $admin_cookie_mode = BVProtectFW_V565::ADMIN_COOKIE_MODE_DISABLED;
[26] Fix | Delete
private $bypass_level = BVProtectFW_V565::WP_USER_ROLE_LEVEL_CONTRIBUTOR;
[27] Fix | Delete
private $wpf_rule_init_mode = BVProtectFW_V565::WPF_RULE_INIT_MODE_WP;
[28] Fix | Delete
private $custom_roles = array();
[29] Fix | Delete
private $cookie_key = "";
[30] Fix | Delete
private $cookie_path = "";
[31] Fix | Delete
private $cookie_domain = "";
[32] Fix | Delete
private $cookie_validity = 2592000;
[33] Fix | Delete
private $can_set_cache_prevention_cookie = false;
[34] Fix | Delete
private $rules_mode = BVProtectFW_V565::RULES_MODE_DISABLED;
[35] Fix | Delete
private $is_geo_blocking = false;
[36] Fix | Delete
private $is_wp_user_cookie_enabled = false;
[37] Fix | Delete
private $log_config = array();
[38] Fix | Delete
private $request_profiling_mode = BVProtectFW_V565::REQ_PROFILING_MODE_DISABLED;
[39] Fix | Delete
private $logging_mode = BVProtectFW_V565::LOGGING_MODE_VISITOR;
[40] Fix | Delete
private $skip_log_config = array();
[41] Fix | Delete
private $skip_log_cookies = array();
[42] Fix | Delete
private $skip_log_headers = array();
[43] Fix | Delete
private $skip_log_post_params = array();
[44] Fix | Delete
private $skip_log_json_params = array();
[45] Fix | Delete
private $wp_user_caps_to_consider = array();
[46] Fix | Delete
[47] Fix | Delete
private $request_profiled_data = array();
[48] Fix | Delete
private $rules = array();
[49] Fix | Delete
private $wpf_rules = array();
[50] Fix | Delete
private $rule_log = array();
[51] Fix | Delete
private $matched_rules = array();
[52] Fix | Delete
private $break_rule_matching = false;
[53] Fix | Delete
private $can_log_raw_body = false;
[54] Fix | Delete
private $log_slice_size = BVProtectFW_V565::LOG_SLICE_SIZE;
[55] Fix | Delete
[56] Fix | Delete
private static $instance = null;
[57] Fix | Delete
[58] Fix | Delete
const MODE_DISABLED = 1;
[59] Fix | Delete
const MODE_AUDIT = 2;
[60] Fix | Delete
const MODE_PROTECT = 3;
[61] Fix | Delete
[62] Fix | Delete
const RULES_MODE_DISABLED = 1;
[63] Fix | Delete
const RULES_MODE_AUDIT = 2;
[64] Fix | Delete
const RULES_MODE_PROTECT = 3;
[65] Fix | Delete
[66] Fix | Delete
const REQ_PROFILING_MODE_DISABLED = 1;
[67] Fix | Delete
const REQ_PROFILING_MODE_NORMAL = 2;
[68] Fix | Delete
const REQ_PROFILING_MODE_DEBUG = 3;
[69] Fix | Delete
[70] Fix | Delete
const IP_COOKIE_MODE_ENABLED = 1;
[71] Fix | Delete
const IP_COOKIE_MODE_DISABLED = 2;
[72] Fix | Delete
[73] Fix | Delete
const WPF_RULE_INIT_MODE_PREPEND = 1;
[74] Fix | Delete
const WPF_RULE_INIT_MODE_WP = 2;
[75] Fix | Delete
[76] Fix | Delete
const ADMIN_COOKIE_MODE_ENABLED = 1;
[77] Fix | Delete
const ADMIN_COOKIE_MODE_DISABLED = 2;
[78] Fix | Delete
[79] Fix | Delete
const WP_USER_ROLE_LEVEL_UNKNOWN = 0;
[80] Fix | Delete
const WP_USER_ROLE_LEVEL_SUBSCRIBER = 1;
[81] Fix | Delete
const WP_USER_ROLE_LEVEL_CONTRIBUTOR = 2;
[82] Fix | Delete
const WP_USER_ROLE_LEVEL_AUTHOR = 3;
[83] Fix | Delete
const WP_USER_ROLE_LEVEL_EDITOR = 4;
[84] Fix | Delete
const WP_USER_ROLE_LEVEL_ADMIN = 5;
[85] Fix | Delete
const WP_USER_ROLE_LEVEL_CUSTOM = 6;
[86] Fix | Delete
[87] Fix | Delete
#XNOTE: Need clarity.
[88] Fix | Delete
const WS_CONF_MODE_APACHEMODPHP = 1;
[89] Fix | Delete
const WS_CONF_MODE_APACHESUPHP = 2;
[90] Fix | Delete
const WS_CONF_MODE_CGI_FASTCGI = 3;
[91] Fix | Delete
const WS_CONF_MODE_NGINX = 4;
[92] Fix | Delete
const WS_CONF_MODE_LITESPEED = 5;
[93] Fix | Delete
const WS_CONF_MODE_IIS = 6;
[94] Fix | Delete
[95] Fix | Delete
const LOGGING_MODE_VISITOR = 1;
[96] Fix | Delete
const LOGGING_MODE_COMPLETE = 2;
[97] Fix | Delete
const LOGGING_MODE_DISABLED = 3;
[98] Fix | Delete
[99] Fix | Delete
const DEFAULT_WP_USER_ROLE_LEVELS = array(
[100] Fix | Delete
'administrator' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_ADMIN,
[101] Fix | Delete
'editor' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_EDITOR,
[102] Fix | Delete
'author' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_AUTHOR,
[103] Fix | Delete
'contributor' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_CONTRIBUTOR,
[104] Fix | Delete
'subscriber' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_SUBSCRIBER
[105] Fix | Delete
);
[106] Fix | Delete
[107] Fix | Delete
const EXTRA_WP_USER_ROLE_LEVELS = array(
[108] Fix | Delete
'custom' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_CUSTOM,
[109] Fix | Delete
'unknown' => BVProtectFW_V565::WP_USER_ROLE_LEVEL_UNKNOWN
[110] Fix | Delete
);
[111] Fix | Delete
[112] Fix | Delete
const TABLE_NAME = "fw_requests";
[113] Fix | Delete
const IP_COOKIE_NAME = "mcfw-ip-cookie";
[114] Fix | Delete
const BYPASS_COOKIE_NAME = "mcfw-bypass-cookie";
[115] Fix | Delete
const PREVENT_CACHE_COOKIE_NAME = "wp-mcfw-prevent-cache-cookie";
[116] Fix | Delete
[117] Fix | Delete
const LOG_SLICE_SIZE = 1024;
[118] Fix | Delete
[119] Fix | Delete
private function __construct($protect_mode, $request, $config, $brand_name) {
[120] Fix | Delete
$this->request = $request;
[121] Fix | Delete
$this->brand_name = $brand_name;
[122] Fix | Delete
$this->protect_mode = $protect_mode;
[123] Fix | Delete
[124] Fix | Delete
if (array_key_exists('mode', $config) && is_int($config['mode'])) {
[125] Fix | Delete
$this->mode = $config['mode'];
[126] Fix | Delete
}
[127] Fix | Delete
[128] Fix | Delete
if (array_key_exists('ipcookiemode', $config) && is_int($config['ipcookiemode'])) {
[129] Fix | Delete
$this->ip_cookie_mode = $config['ipcookiemode'];
[130] Fix | Delete
}
[131] Fix | Delete
[132] Fix | Delete
if (array_key_exists('admincookiemode', $config) && is_int($config['admincookiemode'])) {
[133] Fix | Delete
$this->admin_cookie_mode = $config['admincookiemode'];
[134] Fix | Delete
}
[135] Fix | Delete
[136] Fix | Delete
if (array_key_exists('iswpusercookieenabled', $config) &&
[137] Fix | Delete
is_bool($config['iswpusercookieenabled'])) {
[138] Fix | Delete
[139] Fix | Delete
$this->is_wp_user_cookie_enabled = $config['iswpusercookieenabled'];
[140] Fix | Delete
}
[141] Fix | Delete
[142] Fix | Delete
if (array_key_exists('bypasslevel', $config) && is_int($config['bypasslevel'])) {
[143] Fix | Delete
$this->bypass_level = $config['bypasslevel'];
[144] Fix | Delete
}
[145] Fix | Delete
[146] Fix | Delete
if (array_key_exists('wpfruleinitmode', $config) && is_int($config['wpfruleinitmode'])) {
[147] Fix | Delete
$this->wpf_rule_init_mode = $config['wpfruleinitmode'];
[148] Fix | Delete
}
[149] Fix | Delete
[150] Fix | Delete
if (array_key_exists('customroles', $config) && is_array($config['customroles'])) {
[151] Fix | Delete
$this->custom_roles = $config['customroles'];
[152] Fix | Delete
}
[153] Fix | Delete
[154] Fix | Delete
if (array_key_exists('wpusercapstoconsider', $config) &&
[155] Fix | Delete
is_array($config['wpusercapstoconsider'])) {
[156] Fix | Delete
[157] Fix | Delete
$this->wp_user_caps_to_consider = $config['wpusercapstoconsider'];
[158] Fix | Delete
}
[159] Fix | Delete
[160] Fix | Delete
if (array_key_exists('cookiekey', $config) && is_string($config['cookiekey'])) {
[161] Fix | Delete
$this->cookie_key = $config['cookiekey'];
[162] Fix | Delete
}
[163] Fix | Delete
[164] Fix | Delete
if (array_key_exists('cookiepath', $config) && is_string($config['cookiepath'])) {
[165] Fix | Delete
$this->cookie_path = $config['cookiepath'];
[166] Fix | Delete
}
[167] Fix | Delete
[168] Fix | Delete
if (array_key_exists('cookiedomain', $config) && is_string($config['cookiedomain'])) {
[169] Fix | Delete
$this->cookie_domain = $config['cookiedomain'];
[170] Fix | Delete
}
[171] Fix | Delete
[172] Fix | Delete
if (array_key_exists('cookievalidity', $config) && is_int($config['cookievalidity'])) {
[173] Fix | Delete
$this->cookie_validity = $config['cookievalidity'];
[174] Fix | Delete
}
[175] Fix | Delete
[176] Fix | Delete
if (array_key_exists('cansetcachepreventioncookie', $config) &&
[177] Fix | Delete
is_bool($config['cansetcachepreventioncookie'])) {
[178] Fix | Delete
[179] Fix | Delete
$this->can_set_cache_prevention_cookie = $config['cansetcachepreventioncookie'];
[180] Fix | Delete
}
[181] Fix | Delete
[182] Fix | Delete
if (array_key_exists('rulesmode', $config) && is_int($config['rulesmode'])) {
[183] Fix | Delete
$this->rules_mode = $config['rulesmode'];
[184] Fix | Delete
}
[185] Fix | Delete
[186] Fix | Delete
if (array_key_exists('isgeoblocking', $config) && is_bool($config['isgeoblocking'])) {
[187] Fix | Delete
$this->is_geo_blocking = $config['isgeoblocking'];
[188] Fix | Delete
}
[189] Fix | Delete
[190] Fix | Delete
if (array_key_exists('logconfig', $config) && is_array($config['logconfig'])) {
[191] Fix | Delete
$this->log_config = $config['logconfig'];
[192] Fix | Delete
}
[193] Fix | Delete
[194] Fix | Delete
if (array_key_exists('canlograwbody', $this->log_config) &&
[195] Fix | Delete
is_bool($this->log_config['canlograwbody'])) {
[196] Fix | Delete
[197] Fix | Delete
$this->can_log_raw_body = $this->log_config['canlograwbody'];
[198] Fix | Delete
}
[199] Fix | Delete
[200] Fix | Delete
if (array_key_exists('logslicesize', $this->log_config) &&
[201] Fix | Delete
is_int($this->log_config['logslicesize'])) {
[202] Fix | Delete
[203] Fix | Delete
$this->log_slice_size = $this->log_config['logslicesize'];
[204] Fix | Delete
}
[205] Fix | Delete
[206] Fix | Delete
if (array_key_exists('reqprofilingmode', $this->log_config) &&
[207] Fix | Delete
is_int($this->log_config['reqprofilingmode'])) {
[208] Fix | Delete
[209] Fix | Delete
$this->request_profiling_mode = $this->log_config['reqprofilingmode'];
[210] Fix | Delete
}
[211] Fix | Delete
[212] Fix | Delete
if (array_key_exists('loggingmode', $this->log_config) &&
[213] Fix | Delete
is_int($this->log_config['loggingmode'])) {
[214] Fix | Delete
[215] Fix | Delete
$this->logging_mode = $this->log_config['loggingmode'];
[216] Fix | Delete
}
[217] Fix | Delete
[218] Fix | Delete
if (array_key_exists('except', $this->log_config) && is_array($this->log_config['except'])) {
[219] Fix | Delete
$this->skip_log_config = $this->log_config['except'];
[220] Fix | Delete
}
[221] Fix | Delete
[222] Fix | Delete
if (array_key_exists('cookies', $this->skip_log_config) &&
[223] Fix | Delete
is_array($this->skip_log_config['cookies'])) {
[224] Fix | Delete
[225] Fix | Delete
$this->skip_log_cookies = $this->skip_log_config['cookies'];
[226] Fix | Delete
}
[227] Fix | Delete
[228] Fix | Delete
if (array_key_exists('headers', $this->skip_log_config) &&
[229] Fix | Delete
is_array($this->skip_log_config['headers'])) {
[230] Fix | Delete
[231] Fix | Delete
$this->skip_log_headers = $this->skip_log_config['headers'];
[232] Fix | Delete
}
[233] Fix | Delete
[234] Fix | Delete
if (array_key_exists('post', $this->skip_log_config) &&
[235] Fix | Delete
is_array($this->skip_log_config['post'])) {
[236] Fix | Delete
[237] Fix | Delete
$this->skip_log_post_params = $this->skip_log_config['post'];
[238] Fix | Delete
}
[239] Fix | Delete
[240] Fix | Delete
if (array_key_exists('json', $this->skip_log_config) &&
[241] Fix | Delete
is_array($this->skip_log_config['json'])) {
[242] Fix | Delete
[243] Fix | Delete
$this->skip_log_json_params = $this->skip_log_config['json'];
[244] Fix | Delete
}
[245] Fix | Delete
[246] Fix | Delete
if ($this->isPrependMode()) {
[247] Fix | Delete
$log_file = MCDATAPATH . MCCONFKEY . '-mc.log';
[248] Fix | Delete
$this->ipstore = new BVProtectIpstore_V565(BVProtectIpstore_V565::STORAGE_TYPE_FS);
[249] Fix | Delete
$this->logger = new BVProtectLogger_V565($log_file, BVProtectLogger_V565::TYPE_FS);
[250] Fix | Delete
} else {
[251] Fix | Delete
$this->ipstore = new BVProtectIpstore_V565(BVProtectIpstore_V565::STORAGE_TYPE_DB);
[252] Fix | Delete
$this->logger = new BVProtectLogger_V565(BVProtectFW_V565::TABLE_NAME, BVProtectLogger_V565::TYPE_DB);
[253] Fix | Delete
}
[254] Fix | Delete
[255] Fix | Delete
if ($this->is_wp_user_cookie_enabled) {
[256] Fix | Delete
$this->loadWPUser();
[257] Fix | Delete
}
[258] Fix | Delete
[259] Fix | Delete
$this->initRules();
[260] Fix | Delete
}
[261] Fix | Delete
[262] Fix | Delete
public static function getInstance($protect_mode, $request, $config, $brand_name) {
[263] Fix | Delete
if (!isset(self::$instance)) {
[264] Fix | Delete
self::$instance = new self($protect_mode, $request, $config, $brand_name);
[265] Fix | Delete
} elseif (self::$instance->protect_mode != $protect_mode && $protect_mode == BVProtect_V565::MODE_WP) {
[266] Fix | Delete
self::$instance->protect_mode = $protect_mode;
[267] Fix | Delete
self::$instance->brand_name = $brand_name;
[268] Fix | Delete
self::$instance->ipstore = new BVProtectIpstore_V565(BVProtectIpstore_V565::STORAGE_TYPE_DB);
[269] Fix | Delete
self::$instance->initRules();
[270] Fix | Delete
}
[271] Fix | Delete
[272] Fix | Delete
return self::$instance;
[273] Fix | Delete
}
[274] Fix | Delete
[275] Fix | Delete
public static function uninstall() {
[276] Fix | Delete
BVProtect_V565::$db->dropBVTable(BVProtectFW_V565::TABLE_NAME);
[277] Fix | Delete
}
[278] Fix | Delete
[279] Fix | Delete
public function init() {
[280] Fix | Delete
if (!$this->isModeDisabled()) {
[281] Fix | Delete
$this->setShutdownCallback();
[282] Fix | Delete
$this->profileRequest();
[283] Fix | Delete
$this->setAdminCookie();
[284] Fix | Delete
$this->setWPUserCookie();
[285] Fix | Delete
$this->setIPCookie();
[286] Fix | Delete
$this->blockRequestForBlacklistedIP();
[287] Fix | Delete
if (!$this->is_on_boot_rules_executed) {
[288] Fix | Delete
$this->handleRequestOnRuleMatch($this->rules);
[289] Fix | Delete
[290] Fix | Delete
$this->is_on_boot_rules_executed = true;
[291] Fix | Delete
}
[292] Fix | Delete
}
[293] Fix | Delete
}
[294] Fix | Delete
[295] Fix | Delete
private function isPrependMode() {
[296] Fix | Delete
return ($this->protect_mode === BVProtect_V565::MODE_PREPEND);
[297] Fix | Delete
}
[298] Fix | Delete
[299] Fix | Delete
private function isWPMode() {
[300] Fix | Delete
return ($this->protect_mode === BVProtect_V565::MODE_WP);
[301] Fix | Delete
}
[302] Fix | Delete
[303] Fix | Delete
private function isModeDisabled() {
[304] Fix | Delete
return ($this->mode === BVProtectFW_V565::MODE_DISABLED);
[305] Fix | Delete
}
[306] Fix | Delete
[307] Fix | Delete
private function isModeProtect() {
[308] Fix | Delete
return ($this->mode === BVProtectFW_V565::MODE_PROTECT);
[309] Fix | Delete
}
[310] Fix | Delete
[311] Fix | Delete
private function isAdminCookieEnabled() {
[312] Fix | Delete
return ($this->admin_cookie_mode === BVProtectFW_V565::ADMIN_COOKIE_MODE_ENABLED);
[313] Fix | Delete
}
[314] Fix | Delete
[315] Fix | Delete
private function isIPCookieEnabled() {
[316] Fix | Delete
return ($this->ip_cookie_mode === BVProtectFW_V565::IP_COOKIE_MODE_ENABLED);
[317] Fix | Delete
}
[318] Fix | Delete
[319] Fix | Delete
private function isRequestProfilingDisabled() {
[320] Fix | Delete
return ($this->request_profiling_mode === BVProtectFW_V565::REQ_PROFILING_MODE_DISABLED);
[321] Fix | Delete
}
[322] Fix | Delete
[323] Fix | Delete
private function isRequestProfilingModeDebug() {
[324] Fix | Delete
return ($this->request_profiling_mode === BVProtectFW_V565::REQ_PROFILING_MODE_DEBUG);
[325] Fix | Delete
}
[326] Fix | Delete
[327] Fix | Delete
private function isRequestHasValidBypassCookie() {
[328] Fix | Delete
if (!isset($this->has_valid_bypass_cookie)) {
[329] Fix | Delete
$cookie = (string) $this->request->getCookies(BVProtectFW_V565::BYPASS_COOKIE_NAME);
[330] Fix | Delete
$new_cookie = $this->generateBypassCookie();
[331] Fix | Delete
$is_valid = ($this->isAdminCookieEnabled() && $new_cookie && ($cookie === $new_cookie));
[332] Fix | Delete
$this->has_valid_bypass_cookie = $is_valid;
[333] Fix | Delete
}
[334] Fix | Delete
[335] Fix | Delete
return $this->has_valid_bypass_cookie;
[336] Fix | Delete
}
[337] Fix | Delete
[338] Fix | Delete
private function isRulesModeProtect() {
[339] Fix | Delete
return ($this->rules_mode === BVProtectFW_V565::RULES_MODE_PROTECT);
[340] Fix | Delete
}
[341] Fix | Delete
[342] Fix | Delete
public function isLoggingModeComplete() {
[343] Fix | Delete
return ($this->logging_mode === BVProtectFW_V565::LOGGING_MODE_COMPLETE);
[344] Fix | Delete
}
[345] Fix | Delete
[346] Fix | Delete
public function isLoggingModeVisitor() {
[347] Fix | Delete
return ($this->logging_mode === BVProtectFW_V565::LOGGING_MODE_VISITOR);
[348] Fix | Delete
}
[349] Fix | Delete
[350] Fix | Delete
public function isGeoBlockingEnabled() {
[351] Fix | Delete
return ($this->is_geo_blocking === true);
[352] Fix | Delete
}
[353] Fix | Delete
[354] Fix | Delete
private function isWPFRuleInitModePrepend() {
[355] Fix | Delete
return ($this->wpf_rule_init_mode === BVProtectFW_V565::WPF_RULE_INIT_MODE_PREPEND);
[356] Fix | Delete
}
[357] Fix | Delete
[358] Fix | Delete
private function isWPFRuleInitModeWP() {
[359] Fix | Delete
return ($this->wpf_rule_init_mode === BVProtectFW_V565::WPF_RULE_INIT_MODE_WP);
[360] Fix | Delete
}
[361] Fix | Delete
[362] Fix | Delete
private function canInitWPFRules() {
[363] Fix | Delete
if (!$this->isWPFRuleInitModePrepend() && $this->isPrependMode()) {
[364] Fix | Delete
return false;
[365] Fix | Delete
}
[366] Fix | Delete
[367] Fix | Delete
return true;
[368] Fix | Delete
}
[369] Fix | Delete
[370] Fix | Delete
private function generateBypassCookie() {
[371] Fix | Delete
$time = floor(time() / 43200);
[372] Fix | Delete
[373] Fix | Delete
return hash('sha256', $this->bypass_level . $time . $this->cookie_key);
[374] Fix | Delete
}
[375] Fix | Delete
[376] Fix | Delete
private function getWPFRules($action_name) {
[377] Fix | Delete
if (!array_key_exists($action_name, $this->wpf_rules)) {
[378] Fix | Delete
return array();
[379] Fix | Delete
}
[380] Fix | Delete
return $this->wpf_rules[$action_name];
[381] Fix | Delete
}
[382] Fix | Delete
[383] Fix | Delete
public function setWPUserCookieHandler() {
[384] Fix | Delete
if (function_exists('is_user_logged_in') && is_user_logged_in()) {
[385] Fix | Delete
$current_wp_user = $this->getCurrentWPUser();
[386] Fix | Delete
[387] Fix | Delete
if (!$current_wp_user->isIdentical($this->request->wp_user)) {
[388] Fix | Delete
$serialized_wp_user = BVProtectWPUser_V565::_serialize($current_wp_user);
[389] Fix | Delete
$cookie_val = $serialized_wp_user . '_' .
[390] Fix | Delete
BVProtectUtils_V565::signMessage($serialized_wp_user, $this->cookie_key);
[391] Fix | Delete
$cookie_val = base64_encode($cookie_val);
[392] Fix | Delete
[393] Fix | Delete
$this->setCookie(BVProtectWPUser_V565::COOKIE_NAME, $cookie_val);
[394] Fix | Delete
}
[395] Fix | Delete
} elseif ($this->request->wp_user->isLoggedIn()) {
[396] Fix | Delete
$this->request->wp_user = BVProtectWPUser_V565::defaultUser();
[397] Fix | Delete
$this->unsetCookie(BVProtectWPUser_V565::COOKIE_NAME);
[398] Fix | Delete
}
[399] Fix | Delete
}
[400] Fix | Delete
[401] Fix | Delete
private function getCurrentWPUser() {
[402] Fix | Delete
$id = 0;
[403] Fix | Delete
$role_level = 0;
[404] Fix | Delete
$capabilities = array();
[405] Fix | Delete
$time = (int) floor(time() / 43200);
[406] Fix | Delete
[407] Fix | Delete
if (function_exists('wp_get_current_user')) {
[408] Fix | Delete
$user = wp_get_current_user();
[409] Fix | Delete
$id = $user->ID;
[410] Fix | Delete
$role_level = $this->getCurrentWPUserRoleLevel();
[411] Fix | Delete
$capabilities = $this->getCurrentWPUserCapabilities();
[412] Fix | Delete
}
[413] Fix | Delete
[414] Fix | Delete
return (new BVProtectWPUser_V565($id, $role_level, $capabilities, $time));
[415] Fix | Delete
}
[416] Fix | Delete
[417] Fix | Delete
private function getCurrentWPUserCapabilities() {
[418] Fix | Delete
$capabilities = array();
[419] Fix | Delete
[420] Fix | Delete
if (function_exists('current_user_can')) {
[421] Fix | Delete
foreach ($this->wp_user_caps_to_consider as $capability => $id) {
[422] Fix | Delete
if (current_user_can($capability)) {
[423] Fix | Delete
$capabilities[] = $id;
[424] Fix | Delete
}
[425] Fix | Delete
}
[426] Fix | Delete
sort($capabilities);
[427] Fix | Delete
}
[428] Fix | Delete
[429] Fix | Delete
return $capabilities;
[430] Fix | Delete
}
[431] Fix | Delete
[432] Fix | Delete
private function loadWPUser() {
[433] Fix | Delete
$this->request->wp_user = BVProtectWPUser_V565::defaultUser();
[434] Fix | Delete
[435] Fix | Delete
$cookie_val = $this->request->getCookies(BVProtectWPUser_V565::COOKIE_NAME);
[436] Fix | Delete
if (!is_string($cookie_val)) {
[437] Fix | Delete
return;
[438] Fix | Delete
}
[439] Fix | Delete
[440] Fix | Delete
$cookie_val = base64_decode($cookie_val, true);
[441] Fix | Delete
if ($cookie_val === false) {
[442] Fix | Delete
return;
[443] Fix | Delete
}
[444] Fix | Delete
[445] Fix | Delete
$cookie_val_array = explode('_', $cookie_val);
[446] Fix | Delete
if (count($cookie_val_array) !== 2) {
[447] Fix | Delete
return;
[448] Fix | Delete
}
[449] Fix | Delete
list($serialized_user, $signature) = $cookie_val_array;
[450] Fix | Delete
[451] Fix | Delete
if (BVProtectUtils_V565::verifyMessage($serialized_user, $signature, $this->cookie_key) === true) {
[452] Fix | Delete
$wp_user = BVProtectWPUser_V565::_unserialize($serialized_user);
[453] Fix | Delete
[454] Fix | Delete
if (!isset($wp_user) || $wp_user->time !== (int) floor(time() / 43200)) {
[455] Fix | Delete
return;
[456] Fix | Delete
}
[457] Fix | Delete
[458] Fix | Delete
$this->request->wp_user = $wp_user;
[459] Fix | Delete
[460] Fix | Delete
$capability_names = array_flip($this->wp_user_caps_to_consider);
[461] Fix | Delete
foreach ($this->request->wp_user->capabilities as $capability) {
[462] Fix | Delete
if (array_key_exists($capability, $capability_names)) {
[463] Fix | Delete
$this->request->wp_user->capability_names[] = $capability_names[$capability];
[464] Fix | Delete
}
[465] Fix | Delete
}
[466] Fix | Delete
[467] Fix | Delete
$role_by_level = array_flip(array_merge(BVProtectFW_V565::DEFAULT_WP_USER_ROLE_LEVELS,
[468] Fix | Delete
BVProtectFW_V565::EXTRA_WP_USER_ROLE_LEVELS));
[469] Fix | Delete
$this->request->wp_user->role = $role_by_level[$this->request->wp_user->role_level];
[470] Fix | Delete
}
[471] Fix | Delete
}
[472] Fix | Delete
[473] Fix | Delete
private function pushWPFRule($action_name, $rule) {
[474] Fix | Delete
if (!array_key_exists($action_name, $this->wpf_rules)) {
[475] Fix | Delete
$this->wpf_rules[$action_name] = array();
[476] Fix | Delete
}
[477] Fix | Delete
[478] Fix | Delete
$this->wpf_rules[$action_name][] = $rule;
[479] Fix | Delete
}
[480] Fix | Delete
[481] Fix | Delete
private function initRules() {
[482] Fix | Delete
if (!$this->isRulesModeProtect() || $this->isRequestIPWhitelisted()) {
[483] Fix | Delete
return;
[484] Fix | Delete
}
[485] Fix | Delete
[486] Fix | Delete
if ($this->is_rule_initialized && $this->is_wpf_rule_initialized) {
[487] Fix | Delete
return;
[488] Fix | Delete
}
[489] Fix | Delete
[490] Fix | Delete
if ($this->isPrependMode()) {
[491] Fix | Delete
$rules_file = MCDATAPATH . MCCONFKEY . '-' . 'mc_rules.json';
[492] Fix | Delete
$rule_arrays = BVProtectUtils_V565::parseFile($rules_file);
[493] Fix | Delete
} else {
[494] Fix | Delete
$rule_arrays = BVProtect_V565::$settings->getOption('bvruleset');
[495] Fix | Delete
if(!is_array($rule_arrays)) {
[496] Fix | Delete
$rule_arrays = array();
[497] Fix | Delete
}
[498] Fix | Delete
}
[499] Fix | Delete
1234
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function