Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/clone/wp-conte.../plugins/wordfenc.../lib/rest-api
File: wfRESTConfigController.php
<?php
[0] Fix | Delete
[1] Fix | Delete
use WordfenceLS\Controller_Settings;
[2] Fix | Delete
[3] Fix | Delete
require_once(dirname(__FILE__) . '/wfRESTBaseController.php');
[4] Fix | Delete
[5] Fix | Delete
class wfRESTConfigController extends wfRESTBaseController {
[6] Fix | Delete
[7] Fix | Delete
public static function disconnectConfig($adminEmail = null) {
[8] Fix | Delete
global $wpdb;
[9] Fix | Delete
delete_transient('wordfenceCentralJWT' . wfConfig::get('wordfenceCentralSiteID'));
[10] Fix | Delete
[11] Fix | Delete
if (is_null($adminEmail)) {
[12] Fix | Delete
$adminEmail = wfConfig::get('wordfenceCentralConnectEmail');
[13] Fix | Delete
}
[14] Fix | Delete
[15] Fix | Delete
$result = $wpdb->query('DELETE FROM ' . wfDB::networkTable('wfConfig') . " WHERE name LIKE 'wordfenceCentral%'");
[16] Fix | Delete
[17] Fix | Delete
wfConfig::set('wordfenceCentralDisconnected', true);
[18] Fix | Delete
wfConfig::set('wordfenceCentralDisconnectTime', time());
[19] Fix | Delete
wfConfig::set('wordfenceCentralDisconnectEmail', $adminEmail);
[20] Fix | Delete
wfConfig::set('wordfenceCentralConfigurationIssue', false);
[21] Fix | Delete
[22] Fix | Delete
return !!$result;
[23] Fix | Delete
}
[24] Fix | Delete
[25] Fix | Delete
public function registerRoutes() {
[26] Fix | Delete
register_rest_route('wordfence/v1', '/config', array(
[27] Fix | Delete
'methods' => WP_REST_Server::READABLE,
[28] Fix | Delete
'callback' => array($this, 'getConfig'),
[29] Fix | Delete
'permission_callback' => array($this, 'verifyToken'),
[30] Fix | Delete
'fields' => array(
[31] Fix | Delete
'description' => __('Specific config options to return.', 'wordfence'),
[32] Fix | Delete
'type' => 'array',
[33] Fix | Delete
'required' => false,
[34] Fix | Delete
),
[35] Fix | Delete
));
[36] Fix | Delete
register_rest_route('wordfence/v1', '/config', array(
[37] Fix | Delete
'methods' => WP_REST_Server::EDITABLE,
[38] Fix | Delete
'callback' => array($this, 'setConfig'),
[39] Fix | Delete
'permission_callback' => array($this, 'verifyToken'),
[40] Fix | Delete
'fields' => array(
[41] Fix | Delete
'description' => __('Specific config options to set.', 'wordfence'),
[42] Fix | Delete
'type' => 'array',
[43] Fix | Delete
'required' => true,
[44] Fix | Delete
),
[45] Fix | Delete
));
[46] Fix | Delete
register_rest_route('wordfence/v1', '/disconnect', array(
[47] Fix | Delete
'methods' => WP_REST_Server::EDITABLE,
[48] Fix | Delete
'callback' => array($this, 'disconnect'),
[49] Fix | Delete
'permission_callback' => array($this, 'verifyToken'),
[50] Fix | Delete
));
[51] Fix | Delete
register_rest_route('wordfence/v1', '/premium-connect', array(
[52] Fix | Delete
'methods' => WP_REST_Server::EDITABLE,
[53] Fix | Delete
'callback' => array($this, 'premiumConnect'),
[54] Fix | Delete
'permission_callback' => array($this, 'verifyTokenPremium'),
[55] Fix | Delete
));
[56] Fix | Delete
}
[57] Fix | Delete
[58] Fix | Delete
/**
[59] Fix | Delete
* @param WP_REST_Request $request
[60] Fix | Delete
* @return mixed|WP_REST_Response
[61] Fix | Delete
*/
[62] Fix | Delete
public function getConfig($request) {
[63] Fix | Delete
$fields = (array) $request['fields'];
[64] Fix | Delete
[65] Fix | Delete
$config = array();
[66] Fix | Delete
[67] Fix | Delete
$firewall = new wfFirewall();
[68] Fix | Delete
$wafFields = array(
[69] Fix | Delete
'autoPrepend' => $firewall->protectionMode() === wfFirewall::PROTECTION_MODE_EXTENDED,
[70] Fix | Delete
'avoid_php_input' => wfWAF::getInstance()->getStorageEngine()->getConfig('avoid_php_input', false) ? 1 : 0,
[71] Fix | Delete
'disabledRules' => array_keys((array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules')),
[72] Fix | Delete
'ruleCount' => count((array) wfWAF::getInstance()->getRules()),
[73] Fix | Delete
'disableWAFBlacklistBlocking' => wfWAF::getInstance()->getStorageEngine()->getConfig('disableWAFBlacklistBlocking'),
[74] Fix | Delete
'enabled' => $firewall->wafStatus() !== wfFirewall::FIREWALL_MODE_DISABLED,
[75] Fix | Delete
'firewallMode' => $firewall->firewallMode(),
[76] Fix | Delete
'learningModeGracePeriod' => wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriod'),
[77] Fix | Delete
'learningModeGracePeriodEnabled' => wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriodEnabled'),
[78] Fix | Delete
'subdirectoryInstall' => $firewall->isSubDirectoryInstallation(),
[79] Fix | Delete
'wafStatus' => $firewall->wafStatus(),
[80] Fix | Delete
);
[81] Fix | Delete
$lsFields = array(
[82] Fix | Delete
Controller_Settings::OPTION_XMLRPC_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_XMLRPC_ENABLED),
[83] Fix | Delete
Controller_Settings::OPTION_2FA_WHITELISTED => Controller_Settings::shared()->get(Controller_Settings::OPTION_2FA_WHITELISTED),
[84] Fix | Delete
Controller_Settings::OPTION_IP_SOURCE => Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_SOURCE),
[85] Fix | Delete
Controller_Settings::OPTION_IP_TRUSTED_PROXIES => Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_TRUSTED_PROXIES),
[86] Fix | Delete
Controller_Settings::OPTION_REQUIRE_2FA_ADMIN => Controller_Settings::shared()->get(Controller_Settings::OPTION_REQUIRE_2FA_ADMIN),
[87] Fix | Delete
Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED),
[88] Fix | Delete
Controller_Settings::OPTION_GLOBAL_NOTICES => Controller_Settings::shared()->get(Controller_Settings::OPTION_GLOBAL_NOTICES),
[89] Fix | Delete
Controller_Settings::OPTION_REMEMBER_DEVICE_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_REMEMBER_DEVICE_ENABLED),
[90] Fix | Delete
Controller_Settings::OPTION_REMEMBER_DEVICE_DURATION => Controller_Settings::shared()->get(Controller_Settings::OPTION_REMEMBER_DEVICE_DURATION),
[91] Fix | Delete
Controller_Settings::OPTION_ALLOW_XML_RPC => Controller_Settings::shared()->get(Controller_Settings::OPTION_ALLOW_XML_RPC),
[92] Fix | Delete
Controller_Settings::OPTION_ENABLE_AUTH_CAPTCHA => Controller_Settings::shared()->get(Controller_Settings::OPTION_ENABLE_AUTH_CAPTCHA),
[93] Fix | Delete
Controller_Settings::OPTION_RECAPTCHA_THRESHOLD => Controller_Settings::shared()->get(Controller_Settings::OPTION_RECAPTCHA_THRESHOLD),
[94] Fix | Delete
Controller_Settings::OPTION_LAST_SECRET_REFRESH => Controller_Settings::shared()->get(Controller_Settings::OPTION_LAST_SECRET_REFRESH),
[95] Fix | Delete
);
[96] Fix | Delete
// Convert the database strings to typed values.
[97] Fix | Delete
foreach ($lsFields as $lsField => $value) {
[98] Fix | Delete
$lsFields[$lsField] = Controller_Settings::shared()->clean($lsField, $value);
[99] Fix | Delete
}
[100] Fix | Delete
[101] Fix | Delete
if (!$fields) {
[102] Fix | Delete
foreach (wfConfig::$defaultConfig as $group => $groupOptions) {
[103] Fix | Delete
foreach ($groupOptions as $field => $values) {
[104] Fix | Delete
$fields[] = $field;
[105] Fix | Delete
}
[106] Fix | Delete
}
[107] Fix | Delete
foreach ($wafFields as $wafField => $value) {
[108] Fix | Delete
$fields[] = 'waf.' . $wafField;
[109] Fix | Delete
}
[110] Fix | Delete
foreach ($lsFields as $lsField => $value) {
[111] Fix | Delete
$fields[] = 'wfls_settings_' . $lsField;
[112] Fix | Delete
}
[113] Fix | Delete
}
[114] Fix | Delete
[115] Fix | Delete
foreach ($fields as $field) {
[116] Fix | Delete
if (strpos($field, 'waf.') === 0) {
[117] Fix | Delete
$wafField = substr($field, 4);
[118] Fix | Delete
if (array_key_exists($wafField, $wafFields)) {
[119] Fix | Delete
$config['waf'][$wafField] = $wafFields[$wafField];
[120] Fix | Delete
}
[121] Fix | Delete
continue;
[122] Fix | Delete
}
[123] Fix | Delete
[124] Fix | Delete
if (strpos($field, 'wfls_settings_') === 0) {
[125] Fix | Delete
$lsField = substr($field, 14);
[126] Fix | Delete
if (array_key_exists($lsField, $lsFields)) {
[127] Fix | Delete
$config['wfls_settings_' . $lsField] = $lsFields[$lsField];
[128] Fix | Delete
}
[129] Fix | Delete
continue;
[130] Fix | Delete
}
[131] Fix | Delete
[132] Fix | Delete
if (array_key_exists($field, wfConfig::$defaultConfig['checkboxes'])) {
[133] Fix | Delete
$config[$field] = (bool) wfConfig::get($field);
[134] Fix | Delete
[135] Fix | Delete
} else if (array_key_exists($field, wfConfig::$defaultConfig['otherParams']) ||
[136] Fix | Delete
array_key_exists($field, wfConfig::$defaultConfig['defaultsOnly'])) {
[137] Fix | Delete
[138] Fix | Delete
$configConfig = !empty(wfConfig::$defaultConfig['otherParams'][$field]) ?
[139] Fix | Delete
wfConfig::$defaultConfig['otherParams'][$field] : wfConfig::$defaultConfig['defaultsOnly'][$field];
[140] Fix | Delete
[141] Fix | Delete
if (!empty($configConfig['validation']['type'])) {
[142] Fix | Delete
switch ($configConfig['validation']['type']) {
[143] Fix | Delete
case wfConfig::TYPE_INT:
[144] Fix | Delete
$config[$field] = wfConfig::getInt($field);
[145] Fix | Delete
break;
[146] Fix | Delete
[147] Fix | Delete
case wfConfig::TYPE_DOUBLE:
[148] Fix | Delete
case wfConfig::TYPE_FLOAT:
[149] Fix | Delete
$config[$field] = floatval(wfConfig::get($field));
[150] Fix | Delete
break;
[151] Fix | Delete
[152] Fix | Delete
case wfConfig::TYPE_BOOL:
[153] Fix | Delete
$config[$field] = (bool) wfConfig::get($field);
[154] Fix | Delete
break;
[155] Fix | Delete
[156] Fix | Delete
case wfConfig::TYPE_ARRAY:
[157] Fix | Delete
$config[$field] = wfConfig::get_ser($field);
[158] Fix | Delete
break;
[159] Fix | Delete
[160] Fix | Delete
case wfConfig::TYPE_STRING:
[161] Fix | Delete
default:
[162] Fix | Delete
$config[$field] = wfConfig::get($field);
[163] Fix | Delete
break;
[164] Fix | Delete
}
[165] Fix | Delete
} else {
[166] Fix | Delete
$config[$field] = wfConfig::get($field);
[167] Fix | Delete
}
[168] Fix | Delete
[169] Fix | Delete
} else if (in_array($field, wfConfig::$serializedOptions)) {
[170] Fix | Delete
$config[$field] = wfConfig::get_ser($field);
[171] Fix | Delete
}
[172] Fix | Delete
}
[173] Fix | Delete
[174] Fix | Delete
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
[175] Fix | Delete
parse_str($api->makeAPIQueryString(), $qs);
[176] Fix | Delete
$systemInfo = json_decode(wfUtils::base64url_decode($qs['s']), true);
[177] Fix | Delete
$systemInfo['output_buffering'] = ini_get('output_buffering');
[178] Fix | Delete
$systemInfo['ip'] = wfUtils::getIPAndServerVariable();
[179] Fix | Delete
$systemInfo['detected_ips'] = wfUtils::getAllServerVariableIPs();
[180] Fix | Delete
$systemInfo['admin_url'] = network_admin_url();
[181] Fix | Delete
[182] Fix | Delete
$response = rest_ensure_response(array(
[183] Fix | Delete
'config' => $config,
[184] Fix | Delete
'info' => $systemInfo,
[185] Fix | Delete
));
[186] Fix | Delete
return $response;
[187] Fix | Delete
}
[188] Fix | Delete
[189] Fix | Delete
/**
[190] Fix | Delete
* @param WP_REST_Request $request
[191] Fix | Delete
* @return mixed|WP_REST_Response
[192] Fix | Delete
*/
[193] Fix | Delete
public function setConfig($request) {
[194] Fix | Delete
wfCentral::preventConfigurationSync();
[195] Fix | Delete
[196] Fix | Delete
$fields = $request['fields'];
[197] Fix | Delete
if (is_array($fields) && $fields) {
[198] Fix | Delete
$loginSecurityConfig = array();
[199] Fix | Delete
foreach ($fields as $key => $value) {
[200] Fix | Delete
if (strpos($key, 'wfls_settings_') === 0) {
[201] Fix | Delete
$lsField = substr($key, 14);
[202] Fix | Delete
$loginSecurityConfig[$lsField] = $value;
[203] Fix | Delete
}
[204] Fix | Delete
}
[205] Fix | Delete
[206] Fix | Delete
if ($loginSecurityConfig) {
[207] Fix | Delete
$errors = Controller_Settings::shared()->validate_multiple($loginSecurityConfig);
[208] Fix | Delete
[209] Fix | Delete
if ($errors !== true) {
[210] Fix | Delete
if (count($errors) == 1) {
[211] Fix | Delete
return new WP_Error('rest_set_config_error',
[212] Fix | Delete
sprintf(
[213] Fix | Delete
/* translators: Error message. */
[214] Fix | Delete
__('An error occurred while saving the configuration: %s', 'wordfence'), $errors[0]['error']),
[215] Fix | Delete
array('status' => 422));
[216] Fix | Delete
[217] Fix | Delete
} else if (count($errors) > 1) {
[218] Fix | Delete
$compoundMessage = array();
[219] Fix | Delete
foreach ($errors as $e) {
[220] Fix | Delete
$compoundMessage[] = $e['error'];
[221] Fix | Delete
}
[222] Fix | Delete
return new WP_Error('rest_set_config_error',
[223] Fix | Delete
sprintf(
[224] Fix | Delete
/* translators: Error message. */
[225] Fix | Delete
__('Errors occurred while saving the configuration: %s', 'wordfence'), implode(', ', $compoundMessage)),
[226] Fix | Delete
array('status' => 422));
[227] Fix | Delete
}
[228] Fix | Delete
[229] Fix | Delete
return new WP_Error('rest_set_config_error',
[230] Fix | Delete
__('Errors occurred while saving the configuration.', 'wordfence'),
[231] Fix | Delete
array('status' => 422));
[232] Fix | Delete
}
[233] Fix | Delete
[234] Fix | Delete
try {
[235] Fix | Delete
Controller_Settings::shared()->set_multiple($loginSecurityConfig);
[236] Fix | Delete
foreach ($fields as $key => $value) {
[237] Fix | Delete
if (strpos($key, 'wfls_settings_') === 0) {
[238] Fix | Delete
unset($fields[$key]);
[239] Fix | Delete
}
[240] Fix | Delete
}
[241] Fix | Delete
[242] Fix | Delete
} catch (Exception $e) {
[243] Fix | Delete
return new WP_Error('rest_save_config_error',
[244] Fix | Delete
sprintf(
[245] Fix | Delete
/* translators: Error message. */
[246] Fix | Delete
__('A server error occurred while saving the configuration: %s', 'wordfence'), $e->getMessage()),
[247] Fix | Delete
array('status' => 500));
[248] Fix | Delete
}
[249] Fix | Delete
}
[250] Fix | Delete
[251] Fix | Delete
$errors = wfConfig::validate($fields);
[252] Fix | Delete
if ($errors !== true) {
[253] Fix | Delete
if (count($errors) == 1) {
[254] Fix | Delete
return new WP_Error('rest_set_config_error',
[255] Fix | Delete
sprintf(
[256] Fix | Delete
/* translators: Error message. */
[257] Fix | Delete
__('An error occurred while saving the configuration: %s', 'wordfence'), $errors[0]['error']),
[258] Fix | Delete
array('status' => 422));
[259] Fix | Delete
[260] Fix | Delete
} else if (count($errors) > 1) {
[261] Fix | Delete
$compoundMessage = array();
[262] Fix | Delete
foreach ($errors as $e) {
[263] Fix | Delete
$compoundMessage[] = $e['error'];
[264] Fix | Delete
}
[265] Fix | Delete
return new WP_Error('rest_set_config_error',
[266] Fix | Delete
sprintf(
[267] Fix | Delete
/* translators: Error message. */
[268] Fix | Delete
__('Errors occurred while saving the configuration: %s', 'wordfence'), implode(', ', $compoundMessage)),
[269] Fix | Delete
array('status' => 422));
[270] Fix | Delete
}
[271] Fix | Delete
[272] Fix | Delete
return new WP_Error('rest_set_config_error',
[273] Fix | Delete
__('Errors occurred while saving the configuration.', 'wordfence'),
[274] Fix | Delete
array('status' => 422));
[275] Fix | Delete
}
[276] Fix | Delete
[277] Fix | Delete
try {
[278] Fix | Delete
wfConfig::save($fields);
[279] Fix | Delete
return rest_ensure_response(array(
[280] Fix | Delete
'success' => true,
[281] Fix | Delete
));
[282] Fix | Delete
[283] Fix | Delete
} catch (Exception $e) {
[284] Fix | Delete
return new WP_Error('rest_save_config_error',
[285] Fix | Delete
sprintf(
[286] Fix | Delete
/* translators: Error message. */
[287] Fix | Delete
__('A server error occurred while saving the configuration: %s', 'wordfence'), $e->getMessage()),
[288] Fix | Delete
array('status' => 500));
[289] Fix | Delete
}
[290] Fix | Delete
}
[291] Fix | Delete
return new WP_Error('rest_save_config_error',
[292] Fix | Delete
__("Validation error: 'fields' parameter is empty or not an array.", 'wordfence'),
[293] Fix | Delete
array('status' => 422));
[294] Fix | Delete
[295] Fix | Delete
}
[296] Fix | Delete
[297] Fix | Delete
/**
[298] Fix | Delete
* @param WP_REST_Request $request
[299] Fix | Delete
* @return mixed|WP_REST_Response
[300] Fix | Delete
*/
[301] Fix | Delete
public function disconnect($request) {
[302] Fix | Delete
self::disconnectConfig();
[303] Fix | Delete
return rest_ensure_response(array(
[304] Fix | Delete
'success' => true,
[305] Fix | Delete
));
[306] Fix | Delete
}
[307] Fix | Delete
[308] Fix | Delete
/**
[309] Fix | Delete
* @param WP_REST_Request $request
[310] Fix | Delete
* @return mixed|WP_REST_Response
[311] Fix | Delete
*/
[312] Fix | Delete
public function premiumConnect($request) {
[313] Fix | Delete
require_once(WORDFENCE_PATH . '/lib/sodium_compat_fast.php');
[314] Fix | Delete
[315] Fix | Delete
// Store values sent by Central.
[316] Fix | Delete
$wordfenceCentralPK = $request['public-key'];
[317] Fix | Delete
$wordfenceCentralSiteData = $request['site-data'];
[318] Fix | Delete
$wordfenceCentralSiteID = $request['site-id'];
[319] Fix | Delete
[320] Fix | Delete
$keypair = ParagonIE_Sodium_Compat::crypto_sign_keypair();
[321] Fix | Delete
$publicKey = ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair);
[322] Fix | Delete
$secretKey = ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair);
[323] Fix | Delete
wfConfig::set('wordfenceCentralSecretKey', $secretKey);
[324] Fix | Delete
[325] Fix | Delete
wfConfig::set('wordfenceCentralConnected', 1);
[326] Fix | Delete
wfConfig::set('wordfenceCentralCurrentStep', 6);
[327] Fix | Delete
wfConfig::set('wordfenceCentralPK', pack("H*", $wordfenceCentralPK));
[328] Fix | Delete
wfConfig::set('wordfenceCentralSiteData', json_encode($wordfenceCentralSiteData));
[329] Fix | Delete
wfConfig::set('wordfenceCentralSiteID', $wordfenceCentralSiteID);
[330] Fix | Delete
wfConfig::set('wordfenceCentralConnectTime', time());
[331] Fix | Delete
wfConfig::set('wordfenceCentralConnectEmail', !empty($this->tokenData['adminEmail']) ? $this->tokenData['adminEmail'] : null);
[332] Fix | Delete
[333] Fix | Delete
// Return values created by Wordfence.
[334] Fix | Delete
return rest_ensure_response(array(
[335] Fix | Delete
'success' => true,
[336] Fix | Delete
'public-key' => ParagonIE_Sodium_Compat::bin2hex($publicKey),
[337] Fix | Delete
));
[338] Fix | Delete
}
[339] Fix | Delete
}
[340] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function