Edit File by line

* @param array $types Array of issue types to delete

[500] Fix | Delete

* @param string $status Issue status to delete

[501] Fix | Delete

* @return bool|wfCentralAPIResponse

[502] Fix | Delete

[503] Fix | Delete

public static function deleteIssueTypes($types, $status = 'new') {

[504] Fix | Delete

$siteID = wfConfig::get('wordfenceCentralSiteID');

[505] Fix | Delete

$request = new wfCentralAuthenticatedAPIRequest('/site/' . $siteID . '/issues', 'DELETE', array(

[506] Fix | Delete

'data' => array(

[507] Fix | Delete

'type' => 'issue-list',

[508] Fix | Delete

'attributes' => array(

[509] Fix | Delete

'types' => $types,

[510] Fix | Delete

'status' => $status,

[511] Fix | Delete

)

[512] Fix | Delete

[513] Fix | Delete

));

[514] Fix | Delete

try {

[515] Fix | Delete

$response = $request->execute();

[516] Fix | Delete

return $response;

[517] Fix | Delete

}

[518] Fix | Delete

catch (wfCentralAPIException $e) {

[519] Fix | Delete

error_log($e);

[520] Fix | Delete

}

[521] Fix | Delete

catch (Exception $e) {

[522] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($e);

[523] Fix | Delete

}

[524] Fix | Delete

catch (Throwable $t) {

[525] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($t);

[526] Fix | Delete

}

[527] Fix | Delete

return false;

[528] Fix | Delete

}

[529] Fix | Delete

[530] Fix | Delete

public static function requestConfigurationSync() {

[531] Fix | Delete

if (! wfCentral::isConnected() || !self::$syncConfig) {

[532] Fix | Delete

return;

[533] Fix | Delete

}

[534] Fix | Delete

[535] Fix | Delete

$endpoint = '/site/'.wfConfig::get('wordfenceCentralSiteID').'/config';

[536] Fix | Delete

$args = array('timeout' => 0.01, 'blocking' => false);

[537] Fix | Delete

$request = new wfCentralAuthenticatedAPIRequest($endpoint, 'POST', array(), $args);

[538] Fix | Delete

[539] Fix | Delete

try {

[540] Fix | Delete

$request->execute();

[541] Fix | Delete

}

[542] Fix | Delete

catch (Exception $e) {

[543] Fix | Delete

// We can safely ignore an error here for now.

[544] Fix | Delete

}

[545] Fix | Delete

catch (Throwable $t) {

[546] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($t);

[547] Fix | Delete

}

[548] Fix | Delete

}

[549] Fix | Delete

[550] Fix | Delete

protected static $syncConfig = true;

[551] Fix | Delete

[552] Fix | Delete

public static function preventConfigurationSync() {

[553] Fix | Delete

self::$syncConfig = false;

[554] Fix | Delete

}

[555] Fix | Delete

[556] Fix | Delete

/**

[557] Fix | Delete

* @param $scan

[558] Fix | Delete

* @param $running

[559] Fix | Delete

* @return bool|wfCentralAPIResponse

[560] Fix | Delete

[561] Fix | Delete

public static function updateScanStatus($scan = null) {

[562] Fix | Delete

if ($scan === null) {

[563] Fix | Delete

$scan = wfConfig::get_ser('scanStageStatuses');

[564] Fix | Delete

if (!is_array($scan)) {

[565] Fix | Delete

$scan = array();

[566] Fix | Delete

}

[567] Fix | Delete

}

[568] Fix | Delete

[569] Fix | Delete

wfScanner::shared()->flushSummaryItems();

[570] Fix | Delete

[571] Fix | Delete

$siteID = wfConfig::get('wordfenceCentralSiteID');

[572] Fix | Delete

$running = wfScanner::shared()->isRunning();

[573] Fix | Delete

$request = new wfCentralAuthenticatedAPIRequest('/site/' . $siteID . '/scan', 'PATCH', array(

[574] Fix | Delete

'data' => array(

[575] Fix | Delete

'type' => 'scan',

[576] Fix | Delete

'attributes' => array(

[577] Fix | Delete

'running' => $running,

[578] Fix | Delete

'scan' => $scan,

[579] Fix | Delete

'scan-summary' => wfConfig::get('wf_summaryItems'),

[580] Fix | Delete

[581] Fix | Delete

[582] Fix | Delete

));

[583] Fix | Delete

try {

[584] Fix | Delete

$response = $request->execute();

[585] Fix | Delete

wfConfig::set('lastScanStageStatusUpdate', time(), wfConfig::DONT_AUTOLOAD);

[586] Fix | Delete

return $response;

[587] Fix | Delete

}

[588] Fix | Delete

catch (wfCentralAPIException $e) {

[589] Fix | Delete

error_log($e);

[590] Fix | Delete

}

[591] Fix | Delete

catch (Exception $e) {

[592] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($e);

[593] Fix | Delete

}

[594] Fix | Delete

catch (Throwable $t) {

[595] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($t);

[596] Fix | Delete

}

[597] Fix | Delete

return false;

[598] Fix | Delete

}

[599] Fix | Delete

[600] Fix | Delete

/**

[601] Fix | Delete

* @param string $event

[602] Fix | Delete

* @param array $data

[603] Fix | Delete

* @param callable|null $alertCallback

[604] Fix | Delete

[605] Fix | Delete

public static function sendSecurityEvent($event, $data = array(), $alertCallback = null, $sendImmediately = false) {

[606] Fix | Delete

return self::sendSecurityEvents(array(array('type' => $event, 'data' => $data, 'event_time' => microtime(true))), $alertCallback, $sendImmediately);

[607] Fix | Delete

}

[608] Fix | Delete

[609] Fix | Delete

public static function sendSecurityEvents($events, $alertCallback = null, $sendImmediately = false) {

[610] Fix | Delete

if (empty($events)) {

[611] Fix | Delete

return true;

[612] Fix | Delete

}

[613] Fix | Delete

[614] Fix | Delete

if (!$sendImmediately && defined('DISABLE_WP_CRON') && DISABLE_WP_CRON) {

[615] Fix | Delete

$sendImmediately = true;

[616] Fix | Delete

}

[617] Fix | Delete

[618] Fix | Delete

$alerted = false;

[619] Fix | Delete

if (!self::pluginAlertingDisabled() && is_callable($alertCallback)) {

[620] Fix | Delete

call_user_func($alertCallback);

[621] Fix | Delete

$alerted = true;

[622] Fix | Delete

}

[623] Fix | Delete

[624] Fix | Delete

if ($sendImmediately) {

[625] Fix | Delete

$payload = array();

[626] Fix | Delete

foreach ($events as $e) {

[627] Fix | Delete

$payload[] = array(

[628] Fix | Delete

'type' => 'security-event',

[629] Fix | Delete

'attributes' => array(

[630] Fix | Delete

'type' => $e['type'],

[631] Fix | Delete

'data' => $e['data'],

[632] Fix | Delete

'event_time' => $e['event_time'],

[633] Fix | Delete

[634] Fix | Delete

);

[635] Fix | Delete

}

[636] Fix | Delete

[637] Fix | Delete

$siteID = wfConfig::get('wordfenceCentralSiteID');

[638] Fix | Delete

$request = new wfCentralAuthenticatedAPIRequest('/site/' . $siteID . '/security-events', 'POST', array(

[639] Fix | Delete

'data' => $payload,

[640] Fix | Delete

));

[641] Fix | Delete

try {

[642] Fix | Delete

// Attempt to send the security events to Central.

[643] Fix | Delete

$response = $request->execute();

[644] Fix | Delete

}

[645] Fix | Delete

catch (wfCentralAPIException $e) {

[646] Fix | Delete

// If we didn't alert previously, notify the user now in the event Central is down.

[647] Fix | Delete

if (!$alerted && is_callable($alertCallback)) {

[648] Fix | Delete

call_user_func($alertCallback);

[649] Fix | Delete

}

[650] Fix | Delete

return false;

[651] Fix | Delete

}

[652] Fix | Delete

catch (Exception $e) {

[653] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($e);

[654] Fix | Delete

return false;

[655] Fix | Delete

}

[656] Fix | Delete

catch (Throwable $t) {

[657] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($t);

[658] Fix | Delete

return false;

[659] Fix | Delete

}

[660] Fix | Delete

}

[661] Fix | Delete

else {

[662] Fix | Delete

$wfdb = new wfDB();

[663] Fix | Delete

$table_wfSecurityEvents = wfDB::networkTable('wfSecurityEvents');

[664] Fix | Delete

$query = "INSERT INTO {$table_wfSecurityEvents} (`type`, `data`, `event_time`, `state`, `state_timestamp`) VALUES ";

[665] Fix | Delete

$query .= implode(', ', array_fill(0, count($events), "('%s', '%s', %f, 'new', NOW())"));

[666] Fix | Delete

[667] Fix | Delete

$immediateSendTypes = array('adminLogin',

[668] Fix | Delete

'adminLoginNewLocation',

[669] Fix | Delete

'nonAdminLogin',

[670] Fix | Delete

'nonAdminLoginNewLocation',

[671] Fix | Delete

'wordfenceDeactivated',

[672] Fix | Delete

'wafDeactivated',

[673] Fix | Delete

'autoUpdate');

[674] Fix | Delete

$args = array();

[675] Fix | Delete

foreach ($events as $e) {

[676] Fix | Delete

$sendImmediately = $sendImmediately || in_array($e['type'], $immediateSendTypes);

[677] Fix | Delete

$args[] = $e['type'];

[678] Fix | Delete

$args[] = json_encode($e['data']);

[679] Fix | Delete

$args[] = $e['event_time'];

[680] Fix | Delete

}

[681] Fix | Delete

$wfdb->queryWriteArray($query, $args);

[682] Fix | Delete

[683] Fix | Delete

if (($ts = self::isScheduledSecurityEventCronOverdue()) || $sendImmediately) {

[684] Fix | Delete

if ($ts) {

[685] Fix | Delete

self::unscheduleSendPendingSecurityEvents($ts);

[686] Fix | Delete

}

[687] Fix | Delete

self::sendPendingSecurityEvents();

[688] Fix | Delete

}

[689] Fix | Delete

else {

[690] Fix | Delete

self::scheduleSendPendingSecurityEvents();

[691] Fix | Delete

}

[692] Fix | Delete

}

[693] Fix | Delete

[694] Fix | Delete

return true;

[695] Fix | Delete

}

[696] Fix | Delete

[697] Fix | Delete

public static function sendPendingSecurityEvents() {

[698] Fix | Delete

$wfdb = new wfDB();

[699] Fix | Delete

$table_wfSecurityEvents = wfDB::networkTable('wfSecurityEvents');

[700] Fix | Delete

[701] Fix | Delete

$rawEvents = $wfdb->querySelect("SELECT * FROM {$table_wfSecurityEvents} WHERE `state` = 'new' ORDER BY `id` ASC LIMIT 100");

[702] Fix | Delete

[703] Fix | Delete

if (empty($rawEvents))

[704] Fix | Delete

return;

[705] Fix | Delete

[706] Fix | Delete

$ids = array();

[707] Fix | Delete

$events = array();

[708] Fix | Delete

foreach ($rawEvents as $r) {

[709] Fix | Delete

$ids[] = intval($r['id']);

[710] Fix | Delete

$events[] = array(

[711] Fix | Delete

'type' => $r['type'],

[712] Fix | Delete

'data' => json_decode($r['data'], true),

[713] Fix | Delete

'event_time' => $r['event_time'],

[714] Fix | Delete

);

[715] Fix | Delete

}

[716] Fix | Delete

[717] Fix | Delete

$idParam = '(' . implode(', ', $ids) . ')';

[718] Fix | Delete

$wfdb->queryWrite("UPDATE {$table_wfSecurityEvents} SET `state` = 'sending', `state_timestamp` = NOW() WHERE `id` IN {$idParam}");

[719] Fix | Delete

if (self::sendSecurityEvents($events, null, true)) {

[720] Fix | Delete

$wfdb->queryWrite("UPDATE {$table_wfSecurityEvents} SET `state` = 'sent', `state_timestamp` = NOW() WHERE `id` IN {$idParam}");

[721] Fix | Delete

[722] Fix | Delete

self::checkForUnsentSecurityEvents();

[723] Fix | Delete

}

[724] Fix | Delete

else {

[725] Fix | Delete

$wfdb->queryWrite("UPDATE {$table_wfSecurityEvents} SET `state` = 'new', `state_timestamp` = NOW() WHERE `id` IN {$idParam}");

[726] Fix | Delete

self::scheduleSendPendingSecurityEvents();

[727] Fix | Delete

}

[728] Fix | Delete

}

[729] Fix | Delete

[730] Fix | Delete

public static function scheduleSendPendingSecurityEvents() {

[731] Fix | Delete

if (!defined('DONOTCACHEDB')) { define('DONOTCACHEDB', true); }

[732] Fix | Delete

$notMainSite = is_multisite() && !is_main_site();

[733] Fix | Delete

if ($notMainSite) {

[734] Fix | Delete

global $current_site;

[735] Fix | Delete

switch_to_blog($current_site->blog_id);

[736] Fix | Delete

}

[737] Fix | Delete

if (!wp_next_scheduled('wordfence_batchSendSecurityEvents')) {

[738] Fix | Delete

wp_schedule_single_event(time() + 300, 'wordfence_batchSendSecurityEvents');

[739] Fix | Delete

}

[740] Fix | Delete

if ($notMainSite) {

[741] Fix | Delete

restore_current_blog();

[742] Fix | Delete

}

[743] Fix | Delete

}

[744] Fix | Delete

[745] Fix | Delete

public static function unscheduleSendPendingSecurityEvents($timestamp) {

[746] Fix | Delete

if (!defined('DONOTCACHEDB')) { define('DONOTCACHEDB', true); }

[747] Fix | Delete

$notMainSite = is_multisite() && !is_main_site();

[748] Fix | Delete

if ($notMainSite) {

[749] Fix | Delete

global $current_site;

[750] Fix | Delete

switch_to_blog($current_site->blog_id);

[751] Fix | Delete

}

[752] Fix | Delete

if (!wp_next_scheduled('wordfence_batchSendSecurityEvents')) {

[753] Fix | Delete

wp_unschedule_event($timestamp, 'wordfence_batchSendSecurityEvents');

[754] Fix | Delete

}

[755] Fix | Delete

if ($notMainSite) {

[756] Fix | Delete

restore_current_blog();

[757] Fix | Delete

}

[758] Fix | Delete

}

[759] Fix | Delete

[760] Fix | Delete

public static function isScheduledSecurityEventCronOverdue() {

[761] Fix | Delete

if (!defined('DONOTCACHEDB')) { define('DONOTCACHEDB', true); }

[762] Fix | Delete

$notMainSite = is_multisite() && !is_main_site();

[763] Fix | Delete

if ($notMainSite) {

[764] Fix | Delete

global $current_site;

[765] Fix | Delete

switch_to_blog($current_site->blog_id);

[766] Fix | Delete

}

[767] Fix | Delete

[768] Fix | Delete

$overdue = false;

[769] Fix | Delete

if ($ts = wp_next_scheduled('wordfence_batchSendSecurityEvents')) {

[770] Fix | Delete

if ((time() - $ts) > 900) {

[771] Fix | Delete

$overdue = $ts;

[772] Fix | Delete

}

[773] Fix | Delete

}

[774] Fix | Delete

[775] Fix | Delete

if ($notMainSite) {

[776] Fix | Delete

restore_current_blog();

[777] Fix | Delete

}

[778] Fix | Delete

[779] Fix | Delete

return $overdue;

[780] Fix | Delete

}

[781] Fix | Delete

[782] Fix | Delete

public static function checkForUnsentSecurityEvents() {

[783] Fix | Delete

$wfdb = new wfDB();

[784] Fix | Delete

$table_wfSecurityEvents = wfDB::networkTable('wfSecurityEvents');

[785] Fix | Delete

$wfdb->queryWrite("UPDATE {$table_wfSecurityEvents} SET `state` = 'new', `state_timestamp` = NOW() WHERE `state` = 'sending' AND `state_timestamp` < DATE_SUB(NOW(), INTERVAL 30 MINUTE)");

[786] Fix | Delete

[787] Fix | Delete

$count = $wfdb->querySingle("SELECT COUNT(*) AS cnt FROM {$table_wfSecurityEvents} WHERE `state` = 'new'");

[788] Fix | Delete

if ($count) {

[789] Fix | Delete

self::scheduleSendPendingSecurityEvents();

[790] Fix | Delete

}

[791] Fix | Delete

}

[792] Fix | Delete

[793] Fix | Delete

public static function trimSecurityEvents() {

[794] Fix | Delete

$wfdb = new wfDB();

[795] Fix | Delete

$table_wfSecurityEvents = wfDB::networkTable('wfSecurityEvents');

[796] Fix | Delete

$count = $wfdb->querySingle("SELECT COUNT(*) AS cnt FROM {$table_wfSecurityEvents}");

[797] Fix | Delete

if ($count > 20000) {

[798] Fix | Delete

$wfdb->truncate($table_wfSecurityEvents); //Similar behavior to other logged data, assume possible DoS so truncate

[799] Fix | Delete

}

[800] Fix | Delete

else if ($count > 1000) {

[801] Fix | Delete

$wfdb->queryWrite("DELETE FROM {$table_wfSecurityEvents} ORDER BY id ASC LIMIT %d", $count - 1000);

[802] Fix | Delete

}

[803] Fix | Delete

}

[804] Fix | Delete

[805] Fix | Delete

/**

[806] Fix | Delete

* @param $event

[807] Fix | Delete

* @param array $data

[808] Fix | Delete

* @param callable|null $alertCallback

[809] Fix | Delete

[810] Fix | Delete

public static function sendAlertCallback($event, $data = array(), $alertCallback = null) {

[811] Fix | Delete

if (is_callable($alertCallback)) {

[812] Fix | Delete

call_user_func($alertCallback);

[813] Fix | Delete

}

[814] Fix | Delete

}

[815] Fix | Delete

[816] Fix | Delete

public static function pluginAlertingDisabled() {

[817] Fix | Delete

if (!self::isConnected()) {

[818] Fix | Delete

return false;

[819] Fix | Delete

}

[820] Fix | Delete

[821] Fix | Delete

return wfConfig::get('wordfenceCentralPluginAlertingDisabled', false);

[822] Fix | Delete

}

[823] Fix | Delete

[824] Fix | Delete

/**

[825] Fix | Delete

* Returns the site URL as associated with this site's Central linking.

[826] Fix | Delete

[827] Fix | Delete

* The return value may be:

[828] Fix | Delete

* - null if there is no `site-url` key present in the stored Central data

[829] Fix | Delete

* - a string if there is a `site-url` value

[830] Fix | Delete

[831] Fix | Delete

* @return string|null

[832] Fix | Delete

[833] Fix | Delete

public static function getCentralSiteUrl() {

[834] Fix | Delete

$siteData = json_decode(wfConfig::get('wordfenceCentralSiteData', '[]'), true);

[835] Fix | Delete

return (is_array($siteData) && array_key_exists('site-url', $siteData)) ? (string) $siteData['site-url'] : null;

[836] Fix | Delete

}

[837] Fix | Delete

[838] Fix | Delete

/**

[839] Fix | Delete

* Populates the Central record's site URL if missing locally.

[840] Fix | Delete

[841] Fix | Delete

* @return array|bool

[842] Fix | Delete

[843] Fix | Delete

public static function populateCentralSiteUrl() {

[844] Fix | Delete

$siteData = json_decode(wfConfig::get('wordfenceCentralSiteData', '[]'), true);

[845] Fix | Delete

if (!is_array($siteData) || !array_key_exists('site-url', $siteData)) {

[846] Fix | Delete

try {

[847] Fix | Delete

$request = new wfCentralAuthenticatedAPIRequest('/site/' . wfConfig::get('wordfenceCentralSiteID'), 'GET', array(), array('timeout' => 2));

[848] Fix | Delete

$response = $request->execute();

[849] Fix | Delete

if ($response->isError()) {

[850] Fix | Delete

return $response->returnErrorArray();

[851] Fix | Delete

}

[852] Fix | Delete

$responseData = $response->getJSONBody();

[853] Fix | Delete

if (is_array($responseData) && isset($responseData['data']['attributes'])) {

[854] Fix | Delete

$siteData = $responseData['data']['attributes'];

[855] Fix | Delete

wfConfig::set('wordfenceCentralSiteData', json_encode($siteData));

[856] Fix | Delete

}

[857] Fix | Delete

}

[858] Fix | Delete

catch (wfCentralAPIException $e) {

[859] Fix | Delete

return false;

[860] Fix | Delete

}

[861] Fix | Delete

catch (Exception $e) {

[862] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($e);

[863] Fix | Delete

return false;

[864] Fix | Delete

}

[865] Fix | Delete

catch (Throwable $t) {

[866] Fix | Delete

wfCentralAPIRequest::handleInternalCentralAPIError($t);

[867] Fix | Delete

return false;

[868] Fix | Delete

}

[869] Fix | Delete

}

[870] Fix | Delete

return true;

[871] Fix | Delete

}

[872] Fix | Delete

[873] Fix | Delete

public static function isCentralSiteUrlMismatched() {

[874] Fix | Delete

if (!wfCentral::_isConnected()) {

[875] Fix | Delete

return false;

[876] Fix | Delete

}

[877] Fix | Delete

[878] Fix | Delete

$centralSiteUrl = self::getCentralSiteUrl();

[879] Fix | Delete

if (!is_string($centralSiteUrl)) {

[880] Fix | Delete

return false;

[881] Fix | Delete

}

[882] Fix | Delete

[883] Fix | Delete

$localSiteUrl = get_site_url();

[884] Fix | Delete

return !wfUtils::compareSiteUrls($centralSiteUrl, $localSiteUrl, array('www'));

[885] Fix | Delete

}

[886] Fix | Delete

[887] Fix | Delete

public static function mismatchedCentralUrlNotice() {

[888] Fix | Delete

echo '<div id="wordfenceMismatchedCentralUrlNotice" class="fade notice notice-warning">' .

[889] Fix | Delete

__('Your site is currently linked to Wordfence Central under a different site URL.', 'wordfence')

[890] Fix | Delete

. ' '

[891] Fix | Delete

. __('This may cause duplicated scan issues if both sites are currently active and reporting and is generally caused by duplicating the database from one site to another (e.g., from a production site to staging). We recommend disconnecting this site only, which will leave the matching site still connected.', 'wordfence')

[892] Fix | Delete

. ''

[893] Fix | Delete

. __('If this is a single site with multiple domains or subdomains, you can dismiss this message.', 'wordfence')

[894] Fix | Delete

. ''

[895] Fix | Delete

. '<a class="wf-btn wf-btn-primary wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.centralUrlMismatchChoice(\'local\'); return false;" role="button">' .

[896] Fix | Delete

__('Disconnect This Site', 'wordfence')

[897] Fix | Delete

. '</a> '

[898] Fix | Delete

. '<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.centralUrlMismatchChoice(\'global\'); return false;" role="button">' .

[899] Fix | Delete

__('Disconnect All', 'wordfence')

[900] Fix | Delete

. '</a> '

[901] Fix | Delete

. '<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.centralUrlMismatchChoice(\'dismiss\'); return false;" role="button">' .

[902] Fix | Delete

__('Dismiss', 'wordfence')

[903] Fix | Delete

. '</a> '

[904] Fix | Delete

. '<a class="wfhelp" target="_blank" rel="noopener noreferrer" href="' . wfSupportController::esc_supportURL(wfSupportController::ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA) . '"> (' . esc_html__('opens in new tab', 'wordfence') . ')</a></div>';

[905] Fix | Delete

}

[906] Fix | Delete

}

[907] Fix | Delete