Edit File by line

<?php

[0] Fix | Delete

require_once(dirname(__FILE__) . '/wordfenceConstants.php');

[1] Fix | Delete

require_once(dirname(__FILE__) . '/wordfenceClass.php');

[2] Fix | Delete

require_once(dirname(__FILE__) . '/wfLicense.php');

[3] Fix | Delete

[4] Fix | Delete

class wfAPI {

[5] Fix | Delete

[6] Fix | Delete

public $lastHTTPStatus = '';

[7] Fix | Delete

public $lastCurlErrorNo = '';

[8] Fix | Delete

private $curlContent = 0;

[9] Fix | Delete

private $APIKey = '';

[10] Fix | Delete

private $wordpressVersion = '';

[11] Fix | Delete

[12] Fix | Delete

public function __construct($apiKey, $wordpressVersion) {

[13] Fix | Delete

$this->APIKey = $apiKey;

[14] Fix | Delete

$this->wordpressVersion = $wordpressVersion;

[15] Fix | Delete

}

[16] Fix | Delete

[17] Fix | Delete

public function getStaticURL($url) { // In the form '/something.bin' without quotes

[18] Fix | Delete

return $this->getURL(rtrim($this->getAPIURL(), '/') . '/' . ltrim($url, '/'));

[19] Fix | Delete

}

[20] Fix | Delete

[21] Fix | Delete

public function call($action, $getParams = array(), $postParams = array(), $forceSSL = false, $timeout = 900) {

[22] Fix | Delete

$apiURL = $this->getAPIURL();

[23] Fix | Delete

//Sanity check. Developer should call wfAPI::SSLEnabled() to check if SSL is enabled before forcing SSL and return a user friendly msg if it's not.

[24] Fix | Delete

if ($forceSSL && (!preg_match('/^https:/i', $apiURL))) {

[25] Fix | Delete

//User's should never see this message unless we aren't calling SSLEnabled() to check if SSL is enabled before using call() with forceSSL

[26] Fix | Delete

throw new wfAPICallSSLUnavailableException(__("SSL is not supported by your web server and is required to use this function. Please ask your hosting provider or site admin to install cURL with openSSL to use this feature.", 'wordfence'));

[27] Fix | Delete

}

[28] Fix | Delete

$json = $this->getURL(rtrim($apiURL, '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&' . self::buildQuery(

[29] Fix | Delete

array_merge(

[30] Fix | Delete

array('action' => $action),

[31] Fix | Delete

$getParams

[32] Fix | Delete

)), $postParams, $timeout);

[33] Fix | Delete

if (!$json) {

[34] Fix | Delete

throw new wfAPICallInvalidResponseException(sprintf(/* translators: API call/action/endpoint. */__("We received an empty data response from the Wordfence scanning servers when calling the '%s' function.", 'wordfence'), $action));

[35] Fix | Delete

}

[36] Fix | Delete

[37] Fix | Delete

$dat = json_decode($json, true);

[38] Fix | Delete

[39] Fix | Delete

if (!is_array($dat)) {

[40] Fix | Delete

throw new wfAPICallInvalidResponseException(sprintf(/* translators: API call/action/endpoint. */ __("We received a data structure that is not the expected array when contacting the Wordfence scanning servers and calling the '%s' function.", 'wordfence'), $action));

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

//Only process key data for responses that include it

[44] Fix | Delete

if (array_key_exists('_isPaidKey', $dat))

[45] Fix | Delete

$this->processKeyData($dat);

[46] Fix | Delete

[47] Fix | Delete

if (isset($dat['_touppChanged'])) {

[48] Fix | Delete

wfConfig::set('touppPromptNeeded', wfUtils::truthyToBoolean($dat['_touppChanged']));

[49] Fix | Delete

}

[50] Fix | Delete

[51] Fix | Delete

if (isset($dat['errorMsg'])) {

[52] Fix | Delete

throw new wfAPICallErrorResponseException($dat['errorMsg']);

[53] Fix | Delete

}

[54] Fix | Delete

[55] Fix | Delete

return $dat;

[56] Fix | Delete

}

[57] Fix | Delete

[58] Fix | Delete

private function processKeyData($dat) {

[59] Fix | Delete

$license = wfLicense::current()

[60] Fix | Delete

->setApiKey($this->APIKey)

[61] Fix | Delete

->setPaid($dat['_isPaidKey'])

[62] Fix | Delete

->setRemainingDays($dat['_keyExpDays'])

[63] Fix | Delete

->setType(array_key_exists('_licenseType', $dat) ? $dat['_licenseType'] : null);

[64] Fix | Delete

[65] Fix | Delete

if (isset($dat['_isPaidKey']) && !isset($dat['errorMsg'])) {

[66] Fix | Delete

wfConfig::setOrRemove('premiumAutoRenew', isset($dat['_autoRenew']) ? wfUtils::truthyToInt($dat['_autoRenew']) : null);

[67] Fix | Delete

wfConfig::setOrRemove('premiumNextRenew', isset($dat['_nextRenewAttempt']) ? time() + $dat['_nextRenewAttempt'] * 86400 : null);

[68] Fix | Delete

wfConfig::setOrRemove('premiumPaymentExpiring', isset($dat['_paymentExpiring']) ? wfUtils::truthyToInt($dat['_paymentExpiring']) : null);

[69] Fix | Delete

wfConfig::setOrRemove('premiumPaymentExpired', isset($dat['_paymentExpired']) ? wfUtils::truthyToInt($dat['_paymentExpired']) : null);

[70] Fix | Delete

wfConfig::setOrRemove('premiumPaymentMissing', isset($dat['_paymentMissing']) ? wfUtils::truthyToInt($dat['_paymentMissing']) : null);

[71] Fix | Delete

wfConfig::setOrRemove('premiumPaymentHold', isset($dat['_paymentHold']) ? wfUtils::truthyToInt($dat['_paymentHold']) : null);

[72] Fix | Delete

}

[73] Fix | Delete

[74] Fix | Delete

$hasKeyConflict = false;

[75] Fix | Delete

if (isset($dat['_hasKeyConflict'])) {

[76] Fix | Delete

$hasKeyConflict = ($dat['_hasKeyConflict'] == 1);

[77] Fix | Delete

if ($hasKeyConflict) {

[78] Fix | Delete

new wfNotification(null, wfNotification::PRIORITY_HIGH_CRITICAL, '<a href="' . wfUtils::wpAdminURL('admin.php?page=Wordfence&subpage=global_options') . '">' . esc_html__('The Wordfence license you\'re using does not match this site\'s address. Premium features are disabled.', 'wordfence') . '</a>', 'wfplugin_keyconflict', null, array(array('link' => 'https://www.wordfence.com/manage-wordfence-api-keys/', 'label' => 'Manage Keys')));

[79] Fix | Delete

$license->setConflicting();

[80] Fix | Delete

}

[81] Fix | Delete

}

[82] Fix | Delete

[83] Fix | Delete

$license->setDeleted(isset($dat['_keyNoLongerValid']) && $dat['_keyNoLongerValid'] == 1);

[84] Fix | Delete

[85] Fix | Delete

if (!$hasKeyConflict) {

[86] Fix | Delete

$license->setConflicting(false);

[87] Fix | Delete

$n = wfNotification::getNotificationForCategory('wfplugin_keyconflict');

[88] Fix | Delete

if ($n !== null) {

[89] Fix | Delete

wordfence::status(1, 'info', 'Idle');

[90] Fix | Delete

$n->markAsRead();

[91] Fix | Delete

}

[92] Fix | Delete

}

[93] Fix | Delete

[94] Fix | Delete

$license->save(isset($dat['errorMsg']));

[95] Fix | Delete

}

[96] Fix | Delete

[97] Fix | Delete

protected function getURL($url, $postParams = array(), $timeout = 900) {

[98] Fix | Delete

wordfence::status(4, 'info', sprintf(/* translators: API version. */ __("Calling Wordfence API v%s:", 'wordfence'), WORDFENCE_API_VERSION) . $url);

[99] Fix | Delete

[100] Fix | Delete

if (!function_exists('wp_remote_post')) {

[101] Fix | Delete

require_once(ABSPATH . WPINC . 'http.php');

[102] Fix | Delete

}

[103] Fix | Delete

[104] Fix | Delete

$ssl_verify = (bool) wfConfig::get('ssl_verify');

[105] Fix | Delete

$args = array(

[106] Fix | Delete

'timeout' => $timeout,

[107] Fix | Delete

'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),

[108] Fix | Delete

'body' => $postParams,

[109] Fix | Delete

'sslverify' => $ssl_verify,

[110] Fix | Delete

'headers' => array('Referer' => false),

[111] Fix | Delete

);

[112] Fix | Delete

if (!$ssl_verify) {

[113] Fix | Delete

// Some versions of cURL will complain that SSL verification is disabled but the CA bundle was supplied.

[114] Fix | Delete

$args['sslcertificates'] = false;

[115] Fix | Delete

}

[116] Fix | Delete

[117] Fix | Delete

$response = wp_remote_post($url, $args);

[118] Fix | Delete

[119] Fix | Delete

$this->lastHTTPStatus = (int) wp_remote_retrieve_response_code($response);

[120] Fix | Delete

[121] Fix | Delete

if (is_wp_error($response)) {

[122] Fix | Delete

$error_message = $response->get_error_message();

[123] Fix | Delete

if ($error_message) {

[124] Fix | Delete

$apiExceptionMessage = sprintf(/* translators: Error message. */ __('There was an error connecting to the Wordfence scanning servers: %s', 'wordfence'), $error_message);

[125] Fix | Delete

} else {

[126] Fix | Delete

$apiExceptionMessage = __('There was an unknown error connecting to the Wordfence scanning servers.', 'wordfence');

[127] Fix | Delete

}

[128] Fix | Delete

[129] Fix | Delete

throw new wfAPICallFailedException($apiExceptionMessage);

[130] Fix | Delete

}

[131] Fix | Delete

[132] Fix | Delete

$dateHeader = @$response['headers']['date'];

[133] Fix | Delete

if (!empty($dateHeader) && (time() - wfConfig::get('timeoffset_wf_updated', 0) > 3600)) {

[134] Fix | Delete

if (function_exists('date_create_from_format')) {

[135] Fix | Delete

$dt = DateTime::createFromFormat('D, j M Y G:i:s O', $dateHeader);

[136] Fix | Delete

$timestamp = $dt->getTimestamp();

[137] Fix | Delete

}

[138] Fix | Delete

else {

[139] Fix | Delete

$timestamp = strtotime($dateHeader);

[140] Fix | Delete

}

[141] Fix | Delete

$offset = $timestamp - time();

[142] Fix | Delete

wfConfig::set('timeoffset_wf', $offset);

[143] Fix | Delete

wfConfig::set('timeoffset_wf_updated', time());

[144] Fix | Delete

}

[145] Fix | Delete

[146] Fix | Delete

if (!empty($response['response']['code'])) {

[147] Fix | Delete

$this->lastHTTPStatus = (int) $response['response']['code'];

[148] Fix | Delete

}

[149] Fix | Delete

[150] Fix | Delete

if (200 != $this->lastHTTPStatus) {

[151] Fix | Delete

throw new wfAPICallFailedException(sprintf(/* translators: HTTP status code. */__("The Wordfence scanning servers are currently unavailable. This may be for maintenance or a temporary outage. If this still occurs in an hour, please contact support. [%s]", 'wordfence'), $this->lastHTTPStatus));

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

$content = wp_remote_retrieve_body($response);

[155] Fix | Delete

return $content;

[156] Fix | Delete

}

[157] Fix | Delete

[158] Fix | Delete

public function binCall($func, $postData) {

[159] Fix | Delete

$url = rtrim($this->getAPIURL(), '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&action=' . $func;

[160] Fix | Delete

[161] Fix | Delete

$data = $this->getURL($url, $postData);

[162] Fix | Delete

[163] Fix | Delete

if (preg_match('/\{.*errorMsg/', $data)) {

[164] Fix | Delete

$jdat = @json_decode($data, true);

[165] Fix | Delete

if (is_array($jdat) && $jdat['errorMsg']) {

[166] Fix | Delete

throw new Exception($jdat['errorMsg']);

[167] Fix | Delete

}

[168] Fix | Delete

}

[169] Fix | Delete

return array('code' => $this->lastHTTPStatus, 'data' => $data);

[170] Fix | Delete

}

[171] Fix | Delete

[172] Fix | Delete

public static function generateSiteStats($wordpressVersion = null) {

[173] Fix | Delete

if ($wordpressVersion === null)

[174] Fix | Delete

$wordpressVersion = wfUtils::getWPVersion();

[175] Fix | Delete

$cv = null;

[176] Fix | Delete

$cs = null;

[177] Fix | Delete

if (function_exists('curl_version')) {

[178] Fix | Delete

$curl = curl_version();

[179] Fix | Delete

$cv = $curl['version'];

[180] Fix | Delete

$cs = $curl['ssl_version'];

[181] Fix | Delete

}

[182] Fix | Delete

[183] Fix | Delete

$values = array(

[184] Fix | Delete

'wp' => $wordpressVersion,

[185] Fix | Delete

'wf' => WORDFENCE_VERSION,

[186] Fix | Delete

'ms' => (is_multisite() ? get_blog_count() : false),

[187] Fix | Delete

'h' => wfUtils::wpHomeURL(),

[188] Fix | Delete

'sslv' => function_exists('openssl_verify') && defined('OPENSSL_VERSION_NUMBER') ? OPENSSL_VERSION_NUMBER : null,

[189] Fix | Delete

'pv' => phpversion(),

[190] Fix | Delete

'pt' => php_sapi_name(),

[191] Fix | Delete

'cv' => $cv,

[192] Fix | Delete

'cs' => $cs,

[193] Fix | Delete

'sv' => (isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : null),

[194] Fix | Delete

'dv' => wfConfig::get('dbVersion', null),

[195] Fix | Delete

'lang' => get_site_option('WPLANG'),

[196] Fix | Delete

);

[197] Fix | Delete

[198] Fix | Delete

return wfUtils::base64url_encode(wfUtils::jsonEncodeSafely($values));

[199] Fix | Delete

}

[200] Fix | Delete

[201] Fix | Delete

public function makeAPIQueryString() {

[202] Fix | Delete

return self::buildQuery(array(

[203] Fix | Delete

'k' => $this->APIKey,

[204] Fix | Delete

's' => self::generateSiteStats($this->wordpressVersion)

[205] Fix | Delete

));

[206] Fix | Delete

}

[207] Fix | Delete

[208] Fix | Delete

private function buildQuery($data) {

[209] Fix | Delete

if (version_compare(phpversion(), '5.1.2', '>=')) {

[210] Fix | Delete

return http_build_query($data, '', '&'); //arg_separator parameter was only added in PHP 5.1.2. We do this because some PHP.ini's have arg_separator.output set to '&'

[211] Fix | Delete

} else {

[212] Fix | Delete

return http_build_query($data);

[213] Fix | Delete

}

[214] Fix | Delete

}

[215] Fix | Delete

[216] Fix | Delete

private function getAPIURL() {

[217] Fix | Delete

return self::SSLEnabled() ? WORDFENCE_API_URL_SEC : WORDFENCE_API_URL_NONSEC;

[218] Fix | Delete

}

[219] Fix | Delete

[220] Fix | Delete

public static function SSLEnabled() {

[221] Fix | Delete

if (!function_exists('wp_http_supports')) {

[222] Fix | Delete

require_once(ABSPATH . WPINC . 'http.php');

[223] Fix | Delete

}

[224] Fix | Delete

return wp_http_supports(array('ssl'));

[225] Fix | Delete

}

[226] Fix | Delete

[227] Fix | Delete

public function getTextImageURL($text) {

[228] Fix | Delete

$apiURL = $this->getAPIURL();

[229] Fix | Delete

return rtrim($apiURL, '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&' . self::buildQuery(array('action' => 'image', 'txt' => base64_encode($text)));

[230] Fix | Delete

}

[231] Fix | Delete

}

[232] Fix | Delete

[233] Fix | Delete

class wfAPICallSSLUnavailableException extends Exception {

[234] Fix | Delete

}

[235] Fix | Delete

[236] Fix | Delete

class wfAPICallFailedException extends Exception {

[237] Fix | Delete

}

[238] Fix | Delete

[239] Fix | Delete

class wfAPICallInvalidResponseException extends Exception {

[240] Fix | Delete

}

[241] Fix | Delete

[242] Fix | Delete

class wfAPICallErrorResponseException extends Exception {

[243] Fix | Delete

}

[244] Fix | Delete