Edit File by line

<?php

[0] Fix | Delete

require_once(dirname(__FILE__) . '/wfUtils.php');

[1] Fix | Delete

class wfIssues {

[2] Fix | Delete

//Possible responses from `addIssue`

[3] Fix | Delete

const ISSUE_ADDED = 'a';

[4] Fix | Delete

const ISSUE_UPDATED = 'u';

[5] Fix | Delete

const ISSUE_DUPLICATE = 'd';

[6] Fix | Delete

const ISSUE_IGNOREP = 'ip';

[7] Fix | Delete

const ISSUE_IGNOREC = 'ic';

[8] Fix | Delete

[9] Fix | Delete

//Possible status message states

[10] Fix | Delete

const STATUS_NONE = 'n'; //Default state before running

[11] Fix | Delete

[12] Fix | Delete

const STATUS_SKIPPED = 's'; //The scan job was skipped because it didn't need to run

[13] Fix | Delete

const STATUS_IGNORED = 'i'; //The scan job found an issue, but it matched an entry in the ignore list

[14] Fix | Delete

[15] Fix | Delete

const STATUS_PROBLEM = 'p'; //The scan job found an issue

[16] Fix | Delete

const STATUS_SECURE = 'r'; //The scan job found no issues

[17] Fix | Delete

[18] Fix | Delete

const STATUS_FAILED = 'f'; //The scan job failed

[19] Fix | Delete

const STATUS_SUCCESS = 'c'; //The scan job succeeded

[20] Fix | Delete

[21] Fix | Delete

const STATUS_PAIDONLY = 'x';

[22] Fix | Delete

[23] Fix | Delete

//Possible scan failure types

[24] Fix | Delete

const SCAN_FAILED_GENERAL = 'general';

[25] Fix | Delete

const SCAN_FAILED_TIMEOUT = 'timeout';

[26] Fix | Delete

const SCAN_FAILED_DURATION_REACHED = 'duration';

[27] Fix | Delete

const SCAN_FAILED_VERSION_CHANGE = 'versionchange';

[28] Fix | Delete

const SCAN_FAILED_FORK_FAILED = 'forkfailed';

[29] Fix | Delete

const SCAN_FAILED_CALLBACK_TEST_FAILED = 'callbackfailed';

[30] Fix | Delete

const SCAN_FAILED_START_TIMEOUT = 'starttimeout';

[31] Fix | Delete

[32] Fix | Delete

const SCAN_FAILED_API_SSL_UNAVAILABLE = 'sslunavailable';

[33] Fix | Delete

const SCAN_FAILED_API_CALL_FAILED = 'apifailed';

[34] Fix | Delete

const SCAN_FAILED_API_INVALID_RESPONSE = 'apiinvalid';

[35] Fix | Delete

const SCAN_FAILED_API_ERROR_RESPONSE = 'apierror';

[36] Fix | Delete

[37] Fix | Delete

const SEVERITY_NONE = 0;

[38] Fix | Delete

const SEVERITY_LOW = 25;

[39] Fix | Delete

const SEVERITY_MEDIUM = 50;

[40] Fix | Delete

const SEVERITY_HIGH = 75;

[41] Fix | Delete

const SEVERITY_CRITICAL = 100;

[42] Fix | Delete

[43] Fix | Delete

const SCAN_STATUS_UPDATE_INTERVAL = 10; //Seconds

[44] Fix | Delete

[45] Fix | Delete

private $db = false;

[46] Fix | Delete

[47] Fix | Delete

//Properties that are serialized on sleep:

[48] Fix | Delete

private $updateCalled = false;

[49] Fix | Delete

private $issuesTable = '';

[50] Fix | Delete

private $pendingIssuesTable = '';

[51] Fix | Delete

private $maxIssues = 0;

[52] Fix | Delete

private $newIssues = array();

[53] Fix | Delete

public $totalIssues = 0;

[54] Fix | Delete

public $totalIgnoredIssues = 0;

[55] Fix | Delete

private $totalIssuesBySeverity = array();

[56] Fix | Delete

[57] Fix | Delete

public static $issueSeverities = array(

[58] Fix | Delete

'checkGSB' => wfIssues::SEVERITY_CRITICAL,

[59] Fix | Delete

'checkSpamIP' => wfIssues::SEVERITY_HIGH,

[60] Fix | Delete

'spamvertizeCheck' => wfIssues::SEVERITY_CRITICAL,

[61] Fix | Delete

'commentBadURL' => wfIssues::SEVERITY_LOW,

[62] Fix | Delete

'postBadTitle' => wfIssues::SEVERITY_HIGH,

[63] Fix | Delete

'postBadURL' => wfIssues::SEVERITY_HIGH,

[64] Fix | Delete

'file' => wfIssues::SEVERITY_CRITICAL,

[65] Fix | Delete

'timelimit' => wfIssues::SEVERITY_HIGH,

[66] Fix | Delete

'checkHowGetIPs' => wfIssues::SEVERITY_HIGH,

[67] Fix | Delete

'diskSpace' => wfIssues::SEVERITY_HIGH,

[68] Fix | Delete

'wafStatus' => wfIssues::SEVERITY_CRITICAL,

[69] Fix | Delete

'configReadable' => wfIssues::SEVERITY_CRITICAL,

[70] Fix | Delete

'wfPluginVulnerable' => wfIssues::SEVERITY_HIGH,

[71] Fix | Delete

'coreUnknown' => wfIssues::SEVERITY_HIGH,

[72] Fix | Delete

'easyPasswordWeak' => wfIssues::SEVERITY_HIGH,

[73] Fix | Delete

'knownfile' => wfIssues::SEVERITY_HIGH,

[74] Fix | Delete

'optionBadURL' => wfIssues::SEVERITY_HIGH,

[75] Fix | Delete

'publiclyAccessible' => wfIssues::SEVERITY_HIGH,

[76] Fix | Delete

'suspiciousAdminUsers' => wfIssues::SEVERITY_HIGH,

[77] Fix | Delete

'wfPluginAbandoned' => wfIssues::SEVERITY_MEDIUM,

[78] Fix | Delete

'wfPluginRemoved' => wfIssues::SEVERITY_CRITICAL,

[79] Fix | Delete

'wfPluginUpgrade' => wfIssues::SEVERITY_MEDIUM,

[80] Fix | Delete

'wfThemeUpgrade' => wfIssues::SEVERITY_MEDIUM,

[81] Fix | Delete

'wfUpgradeError' => wfIssues::SEVERITY_MEDIUM,

[82] Fix | Delete

'wfUpgrade' => wfIssues::SEVERITY_HIGH,

[83] Fix | Delete

'wpscan_directoryList' => wfIssues::SEVERITY_HIGH,

[84] Fix | Delete

'wpscan_fullPathDiscl' => wfIssues::SEVERITY_HIGH,

[85] Fix | Delete

);

[86] Fix | Delete

[87] Fix | Delete

public static function validIssueTypes() {

[88] Fix | Delete

return array('checkHowGetIPs', 'checkSpamIP', 'commentBadURL', 'configReadable', 'coreUnknown', 'database', 'diskSpace', 'wafStatus', 'easyPassword', 'file', 'geoipSupport', 'knownfile', 'optionBadURL', 'postBadTitle', 'postBadURL', 'publiclyAccessible', 'spamvertizeCheck', 'suspiciousAdminUsers', 'timelimit', 'wfPluginAbandoned', 'wfPluginRemoved', 'wfPluginUpgrade', 'wfPluginVulnerable', 'wfThemeUpgrade', 'wfUpgradeError', 'wfUpgrade', 'wpscan_directoryList', 'wpscan_fullPathDiscl', 'skippedPaths');

[89] Fix | Delete

}

[90] Fix | Delete

[91] Fix | Delete

public static function statusPrep(){

[92] Fix | Delete

wfConfig::set_ser('wfStatusStartMsgs', array());

[93] Fix | Delete

wordfence::status(10, 'info', "SUM_PREP:Preparing a new scan.");

[94] Fix | Delete

wfIssues::updateScanStillRunning();

[95] Fix | Delete

}

[96] Fix | Delete

[97] Fix | Delete

public static function statusStart($message) {

[98] Fix | Delete

$statusStartMsgs = wfConfig::get_ser('wfStatusStartMsgs', array());

[99] Fix | Delete

$statusStartMsgs[] = $message;

[100] Fix | Delete

wfConfig::set_ser('wfStatusStartMsgs', $statusStartMsgs);

[101] Fix | Delete

wordfence::status(10, 'info', 'SUM_START:' . $message);

[102] Fix | Delete

wfIssues::updateScanStillRunning();

[103] Fix | Delete

return count($statusStartMsgs) - 1;

[104] Fix | Delete

}

[105] Fix | Delete

[106] Fix | Delete

public static function statusEnd($index, $state) {

[107] Fix | Delete

$statusStartMsgs = wfConfig::get_ser('wfStatusStartMsgs', array());

[108] Fix | Delete

if ($state == self::STATUS_SKIPPED) {

[109] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDSKIPPED:' . $statusStartMsgs[$index]);

[110] Fix | Delete

}

[111] Fix | Delete

else if ($state == self::STATUS_IGNORED) {

[112] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDIGNORED:' . $statusStartMsgs[$index]);

[113] Fix | Delete

}

[114] Fix | Delete

else if ($state == self::STATUS_PROBLEM) {

[115] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDBAD:' . $statusStartMsgs[$index]);

[116] Fix | Delete

}

[117] Fix | Delete

else if ($state == self::STATUS_SECURE) {

[118] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDOK:' . $statusStartMsgs[$index]);

[119] Fix | Delete

}

[120] Fix | Delete

else if ($state == self::STATUS_FAILED) {

[121] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDFAILED:' . $statusStartMsgs[$index]);

[122] Fix | Delete

}

[123] Fix | Delete

else if ($state == self::STATUS_SUCCESS) {

[124] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDSUCCESS:' . $statusStartMsgs[$index]);

[125] Fix | Delete

}

[126] Fix | Delete

wfIssues::updateScanStillRunning();

[127] Fix | Delete

$statusStartMsgs[$index] = '';

[128] Fix | Delete

wfConfig::set_ser('wfStatusStartMsgs', $statusStartMsgs);

[129] Fix | Delete

}

[130] Fix | Delete

[131] Fix | Delete

public static function statusEndErr() {

[132] Fix | Delete

$statusStartMsgs = wfConfig::get_ser('wfStatusStartMsgs', array());

[133] Fix | Delete

for ($i = 0; $i < count($statusStartMsgs); $i++) {

[134] Fix | Delete

if (empty($statusStartMsgs[$i]) === false) {

[135] Fix | Delete

wordfence::status(10, 'info', 'SUM_ENDERR:' . $statusStartMsgs[$i]);

[136] Fix | Delete

$statusStartMsgs[$i] = '';

[137] Fix | Delete

}

[138] Fix | Delete

}

[139] Fix | Delete

wfIssues::updateScanStillRunning();

[140] Fix | Delete

}

[141] Fix | Delete

[142] Fix | Delete

public static function statusPaidOnly($message) {

[143] Fix | Delete

wordfence::status(10, 'info', "SUM_PAIDONLY:" . $message);

[144] Fix | Delete

wfIssues::updateScanStillRunning();

[145] Fix | Delete

}

[146] Fix | Delete

[147] Fix | Delete

public static function statusDisabled($message) {

[148] Fix | Delete

wordfence::status(10, 'info', "SUM_DISABLED:" . $message);

[149] Fix | Delete

wfIssues::updateScanStillRunning();

[150] Fix | Delete

}

[151] Fix | Delete

[152] Fix | Delete

public static function updateScanStillRunning($running = true) {

[153] Fix | Delete

static $lastUpdate = 0;

[154] Fix | Delete

if ($running) {

[155] Fix | Delete

$timestamp = time();

[156] Fix | Delete

if ($timestamp - $lastUpdate < self::SCAN_STATUS_UPDATE_INTERVAL)

[157] Fix | Delete

return;

[158] Fix | Delete

$lastUpdate = $timestamp;

[159] Fix | Delete

}

[160] Fix | Delete

else {

[161] Fix | Delete

$timestamp = 0;

[162] Fix | Delete

}

[163] Fix | Delete

wfConfig::set('wf_scanLastStatusTime', $timestamp);

[164] Fix | Delete

}

[165] Fix | Delete

[166] Fix | Delete

/**

[167] Fix | Delete

* Returns false if the scan has not been detected as failed. If it has, returns a constant corresponding to the reason.

[168] Fix | Delete

[169] Fix | Delete

* @return bool|string

[170] Fix | Delete

[171] Fix | Delete

public static function hasScanFailed() {

[172] Fix | Delete

$lastStatusUpdate = self::lastScanStatusUpdate();

[173] Fix | Delete

if ($lastStatusUpdate !== false && wfScanner::shared()->isRunning()) {

[174] Fix | Delete

$threshold = WORDFENCE_SCAN_FAILURE_THRESHOLD;

[175] Fix | Delete

if (time() - $lastStatusUpdate > $threshold) {

[176] Fix | Delete

return self::SCAN_FAILED_TIMEOUT;

[177] Fix | Delete

}

[178] Fix | Delete

}

[179] Fix | Delete

[180] Fix | Delete

$scanStartAttempt = wfConfig::get('scanStartAttempt', 0);

[181] Fix | Delete

if ($scanStartAttempt && time() - $scanStartAttempt > WORDFENCE_SCAN_START_FAILURE_THRESHOLD) {

[182] Fix | Delete

return self::SCAN_FAILED_START_TIMEOUT;

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

$recordedFailure = wfConfig::get('lastScanFailureType');

[186] Fix | Delete

switch ($recordedFailure) {

[187] Fix | Delete

case self::SCAN_FAILED_GENERAL:

[188] Fix | Delete

case self::SCAN_FAILED_DURATION_REACHED:

[189] Fix | Delete

case self::SCAN_FAILED_VERSION_CHANGE:

[190] Fix | Delete

case self::SCAN_FAILED_FORK_FAILED:

[191] Fix | Delete

case self::SCAN_FAILED_CALLBACK_TEST_FAILED:

[192] Fix | Delete

case self::SCAN_FAILED_API_SSL_UNAVAILABLE:

[193] Fix | Delete

case self::SCAN_FAILED_API_CALL_FAILED:

[194] Fix | Delete

case self::SCAN_FAILED_API_INVALID_RESPONSE:

[195] Fix | Delete

case self::SCAN_FAILED_API_ERROR_RESPONSE:

[196] Fix | Delete

return $recordedFailure;

[197] Fix | Delete

}

[198] Fix | Delete

[199] Fix | Delete

return false;

[200] Fix | Delete

}

[201] Fix | Delete

[202] Fix | Delete

/**

[203] Fix | Delete

* Returns false if the scan has not been detected as timed out. If it has, it returns the timestamp of the last status update.

[204] Fix | Delete

[205] Fix | Delete

* @return bool|int

[206] Fix | Delete

[207] Fix | Delete

public static function lastScanStatusUpdate() {

[208] Fix | Delete

if (wfConfig::get('wf_scanLastStatusTime', 0) === 0) {

[209] Fix | Delete

return false;

[210] Fix | Delete

}

[211] Fix | Delete

[212] Fix | Delete

$threshold = WORDFENCE_SCAN_FAILURE_THRESHOLD;

[213] Fix | Delete

return (time() > wfConfig::get('wf_scanLastStatusTime', 0) + $threshold) ? wfConfig::get('wf_scanLastStatusTime', 0) : false;

[214] Fix | Delete

}

[215] Fix | Delete

[216] Fix | Delete

/**

[217] Fix | Delete

* Returns the singleton wfIssues.

[218] Fix | Delete

[219] Fix | Delete

* @return wfIssues

[220] Fix | Delete

[221] Fix | Delete

public static function shared() {

[222] Fix | Delete

static $_issues = null;

[223] Fix | Delete

if ($_issues === null) {

[224] Fix | Delete

$_issues = new wfIssues();

[225] Fix | Delete

}

[226] Fix | Delete

return $_issues;

[227] Fix | Delete

}

[228] Fix | Delete

[229] Fix | Delete

public function __sleep(){ //Same order here as vars above

[230] Fix | Delete

return array('updateCalled', 'issuesTable', 'pendingIssuesTable', 'maxIssues', 'newIssues', 'totalIssues', 'totalIgnoredIssues', 'totalIssuesBySeverity');

[231] Fix | Delete

}

[232] Fix | Delete

public function __construct(){

[233] Fix | Delete

$this->issuesTable = wfDB::networkTable('wfIssues');

[234] Fix | Delete

$this->pendingIssuesTable = wfDB::networkTable('wfPendingIssues');

[235] Fix | Delete

$this->maxIssues = wfConfig::get('scan_maxIssues', 0);

[236] Fix | Delete

}

[237] Fix | Delete

public function __wakeup(){

[238] Fix | Delete

$this->db = new wfDB();

[239] Fix | Delete

}

[240] Fix | Delete

[241] Fix | Delete

public function addIssue($type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData, $alreadyHashed = false) {

[242] Fix | Delete

return $this->_addIssue('issue', $type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData, $alreadyHashed);

[243] Fix | Delete

}

[244] Fix | Delete

public function addPendingIssue($type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData) {

[245] Fix | Delete

return $this->_addIssue('pending', $type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData);

[246] Fix | Delete

}

[247] Fix | Delete

[248] Fix | Delete

/**

[249] Fix | Delete

* Create a new issue

[250] Fix | Delete

[251] Fix | Delete

* @param string $group The issue type (e.g., issue or pending

[252] Fix | Delete

* @param string $type

[253] Fix | Delete

* @param int $severity

[254] Fix | Delete

* @param string $ignoreP string to compare against for permanent ignores

[255] Fix | Delete

* @param string $ignoreC string to compare against for ignoring until something changes

[256] Fix | Delete

* @param string $shortMsg

[257] Fix | Delete

* @param string $longMsg

[258] Fix | Delete

* @param array $templateData

[259] Fix | Delete

* @param bool $alreadyHashed If true, don't re-hash $ignoreP and $ignoreC

[260] Fix | Delete

* @return string One of the ISSUE_ constants

[261] Fix | Delete

[262] Fix | Delete

private function _addIssue($group, $type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData, $alreadyHashed = false) {

[263] Fix | Delete

if ($group == 'pending') {

[264] Fix | Delete

$table = $this->pendingIssuesTable;

[265] Fix | Delete

}

[266] Fix | Delete

else {

[267] Fix | Delete

$table = $this->issuesTable;

[268] Fix | Delete

}

[269] Fix | Delete

[270] Fix | Delete

if (!$alreadyHashed) {

[271] Fix | Delete

$ignoreP = md5($ignoreP);

[272] Fix | Delete

$ignoreC = md5($ignoreC);

[273] Fix | Delete

}

[274] Fix | Delete

[275] Fix | Delete

$results = $this->getDB()->querySelect("SELECT id, status, ignoreP, ignoreC FROM {$table} WHERE (ignoreP = '%s' OR ignoreC = '%s')", $ignoreP, $ignoreC);

[276] Fix | Delete

foreach ($results as $row) {

[277] Fix | Delete

if ($row['status'] == 'new' && ($row['ignoreC'] == $ignoreC || $row['ignoreP'] == $ignoreP)) {

[278] Fix | Delete

if ($type != 'file' && $type != 'database') { //Filter out duplicate new issues except for infected files because we want to see all infections even if file contents are identical

[279] Fix | Delete

return self::ISSUE_DUPLICATE;

[280] Fix | Delete

}

[281] Fix | Delete

}

[282] Fix | Delete

[283] Fix | Delete

if ($row['status'] == 'ignoreP' && $row['ignoreP'] == $ignoreP) { $this->totalIgnoredIssues++; return self::ISSUE_IGNOREP; } //Always ignore

[284] Fix | Delete

else if ($row['status'] == 'ignoreC' && $row['ignoreC'] == $ignoreC) { $this->totalIgnoredIssues++; return self::ISSUE_IGNOREC; } //Unchanged, ignore

[285] Fix | Delete

else if ($row['status'] == 'ignoreC') {

[286] Fix | Delete

$updateID = $row['id']; //Re-use the existing issue row

[287] Fix | Delete

break;

[288] Fix | Delete

}

[289] Fix | Delete

}

[290] Fix | Delete

[291] Fix | Delete

if ($group != 'pending') {

[292] Fix | Delete

if (!array_key_exists($severity, $this->totalIssuesBySeverity)) {

[293] Fix | Delete

$this->totalIssuesBySeverity[$severity] = 0;

[294] Fix | Delete

}

[295] Fix | Delete

$this->totalIssuesBySeverity[$severity]++;

[296] Fix | Delete

$this->totalIssues++;

[297] Fix | Delete

if (empty($this->maxIssues) || $this->totalIssues <= $this->maxIssues)

[298] Fix | Delete

{

[299] Fix | Delete

$this->newIssues[] = array(

[300] Fix | Delete

'type' => $type,

[301] Fix | Delete

'severity' => $severity,

[302] Fix | Delete

'ignoreP' => $ignoreP,

[303] Fix | Delete

'ignoreC' => $ignoreC,

[304] Fix | Delete

'shortMsg' => $shortMsg,

[305] Fix | Delete

'longMsg' => $longMsg,

[306] Fix | Delete

'tmplData' => $templateData

[307] Fix | Delete

);

[308] Fix | Delete

}

[309] Fix | Delete

}

[310] Fix | Delete

[311] Fix | Delete

if (isset($updateID)) {

[312] Fix | Delete

if ($group !== 'pending' && wfCentral::isConnected()) {

[313] Fix | Delete

wfCentral::sendIssue(array(

[314] Fix | Delete

'id' => $updateID,

[315] Fix | Delete

'lastUpdated' => time(),

[316] Fix | Delete

'type' => $type,

[317] Fix | Delete

'severity' => $severity,

[318] Fix | Delete

'ignoreP' => $ignoreP,

[319] Fix | Delete

'ignoreC' => $ignoreC,

[320] Fix | Delete

'shortMsg' => $shortMsg,

[321] Fix | Delete

'longMsg' => $longMsg,

[322] Fix | Delete

'data' => $templateData,

[323] Fix | Delete

));

[324] Fix | Delete

}

[325] Fix | Delete

[326] Fix | Delete

$this->getDB()->queryWrite(

[327] Fix | Delete

"UPDATE {$table} SET lastUpdated = UNIX_TIMESTAMP(), status = '%s', type = '%s', severity = %d, ignoreP = '%s', ignoreC = '%s', shortMsg = '%s', longMsg = '%s', data = '%s' WHERE id = %d",

[328] Fix | Delete

'new',

[329] Fix | Delete

$type,

[330] Fix | Delete

$severity,

[331] Fix | Delete

$ignoreP,

[332] Fix | Delete

$ignoreC,

[333] Fix | Delete

$shortMsg,

[334] Fix | Delete

$longMsg,

[335] Fix | Delete

serialize($templateData),

[336] Fix | Delete

$updateID);

[337] Fix | Delete

[338] Fix | Delete

[339] Fix | Delete

return self::ISSUE_UPDATED;

[340] Fix | Delete

}

[341] Fix | Delete

[342] Fix | Delete

$this->getDB()->queryWrite("INSERT INTO {$table} (time, lastUpdated, status, type, severity, ignoreP, ignoreC, shortMsg, longMsg, data) VALUES (UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s')",

[343] Fix | Delete

'new',

[344] Fix | Delete

$type,

[345] Fix | Delete

$severity,

[346] Fix | Delete

$ignoreP,

[347] Fix | Delete

$ignoreC,

[348] Fix | Delete

$shortMsg,

[349] Fix | Delete

$longMsg,

[350] Fix | Delete

serialize($templateData));

[351] Fix | Delete

[352] Fix | Delete

if ($group !== 'pending' && wfCentral::isConnected()) {

[353] Fix | Delete

global $wpdb;

[354] Fix | Delete

wfCentral::sendIssue(array(

[355] Fix | Delete

'id' => $wpdb->insert_id,

[356] Fix | Delete

'status' => 'new',

[357] Fix | Delete

'time' => time(),

[358] Fix | Delete

'lastUpdated' => time(),

[359] Fix | Delete

'type' => $type,

[360] Fix | Delete

'severity' => $severity,

[361] Fix | Delete

'ignoreP' => $ignoreP,

[362] Fix | Delete

'ignoreC' => $ignoreC,

[363] Fix | Delete

'shortMsg' => $shortMsg,

[364] Fix | Delete

'longMsg' => $longMsg,

[365] Fix | Delete

'data' => $templateData,

[366] Fix | Delete

));

[367] Fix | Delete

}

[368] Fix | Delete

[369] Fix | Delete

return self::ISSUE_ADDED;

[370] Fix | Delete

}

[371] Fix | Delete

public function deleteIgnored(){

[372] Fix | Delete

if (wfCentral::isConnected()) {

[373] Fix | Delete

$result = $this->getDB()->querySelect("SELECT id from " . $this->issuesTable . " where status='ignoreP' or status='ignoreC'");

[374] Fix | Delete

$issues = array();

[375] Fix | Delete

foreach ($result as $row) {

[376] Fix | Delete

$issues[] = $row['id'];

[377] Fix | Delete

}

[378] Fix | Delete

wfCentral::deleteIssues($issues);

[379] Fix | Delete

}

[380] Fix | Delete

[381] Fix | Delete

$this->getDB()->queryWrite("delete from " . $this->issuesTable . " where status='ignoreP' or status='ignoreC'");

[382] Fix | Delete

}

[383] Fix | Delete

public function deleteNew($types = null) {

[384] Fix | Delete

if (!is_array($types)) {

[385] Fix | Delete

if (wfCentral::isConnected()) {

[386] Fix | Delete

wfCentral::deleteNewIssues();

[387] Fix | Delete

}

[388] Fix | Delete

[389] Fix | Delete

$this->getDB()->queryWrite("DELETE FROM {$this->issuesTable} WHERE status = 'new'");

[390] Fix | Delete

}

[391] Fix | Delete

else {

[392] Fix | Delete

if (wfCentral::isConnected()) {

[393] Fix | Delete

wfCentral::deleteIssueTypes($types, 'new');

[394] Fix | Delete

}

[395] Fix | Delete

[396] Fix | Delete

$query = "DELETE FROM {$this->issuesTable} WHERE status = 'new' AND type IN (" . implode(',', array_fill(0, count($types), "'%s'")) . ")";

[397] Fix | Delete

array_unshift($types, $query);

[398] Fix | Delete

call_user_func_array(array($this->getDB(), 'queryWrite'), $types);

[399] Fix | Delete

}

[400] Fix | Delete

}

[401] Fix | Delete

public function ignoreAllNew(){

[402] Fix | Delete

if (wfCentral::isConnected()) {

[403] Fix | Delete

$issues = $this->getDB()->querySelect('SELECT * FROM ' . $this->issuesTable . ' WHERE status=\'new\'');

[404] Fix | Delete

if ($issues) {

[405] Fix | Delete

wfCentral::sendIssues($issues);

[406] Fix | Delete

}

[407] Fix | Delete

}

[408] Fix | Delete

[409] Fix | Delete

$this->getDB()->queryWrite("update " . $this->issuesTable . " set status='ignoreC' where status='new'");

[410] Fix | Delete

}

[411] Fix | Delete

public function emailNewIssues($timeLimitReached = false, $scanController = false){

[412] Fix | Delete

$level = wfConfig::getAlertLevel();

[413] Fix | Delete

$emails = wfConfig::getAlertEmails();

[414] Fix | Delete

if (!count($emails)) {

[415] Fix | Delete

return;

[416] Fix | Delete

}

[417] Fix | Delete

[418] Fix | Delete

$shortSiteURL = preg_replace('/^https?:\/\//i', '', site_url());

[419] Fix | Delete

$subject = "[Wordfence Alert] Problems found on $shortSiteURL";

[420] Fix | Delete

[421] Fix | Delete

if(sizeof($emails) < 1){ return; }

[422] Fix | Delete

if($level < 1){ return; }

[423] Fix | Delete

$needsToAlert = false;

[424] Fix | Delete

foreach ($this->totalIssuesBySeverity as $issueSeverity => $totalIssuesBySeverity) {

[425] Fix | Delete

if ($issueSeverity >= $level && $totalIssuesBySeverity > 0) {

[426] Fix | Delete

$needsToAlert = true;

[427] Fix | Delete

break;

[428] Fix | Delete

}

[429] Fix | Delete

}

[430] Fix | Delete

if (!$needsToAlert) {

[431] Fix | Delete

return;

[432] Fix | Delete

}

[433] Fix | Delete

$emailedIssues = wfConfig::get_ser('emailedIssuesList', array());

[434] Fix | Delete

if(! is_array($emailedIssues)){

[435] Fix | Delete

$emailedIssues = array();

[436] Fix | Delete

}

[437] Fix | Delete

$overflowCount = $this->totalIssues - count($this->newIssues);

[438] Fix | Delete

$finalIssues = array();

[439] Fix | Delete

$previousIssues = array();

[440] Fix | Delete

foreach($this->newIssues as $newIssue){

[441] Fix | Delete

$alreadyEmailed = false;

[442] Fix | Delete

foreach($emailedIssues as $emailedIssue){

[443] Fix | Delete

if($newIssue['ignoreP'] == $emailedIssue['ignoreP'] || $newIssue['ignoreC'] == $emailedIssue['ignoreC']){

[444] Fix | Delete

$alreadyEmailed = true;

[445] Fix | Delete

$previousIssues[] = $newIssue;

[446] Fix | Delete

break;

[447] Fix | Delete

}

[448] Fix | Delete

}

[449] Fix | Delete

if(! $alreadyEmailed){

[450] Fix | Delete

$finalIssues[] = $newIssue;

[451] Fix | Delete

}

[452] Fix | Delete

else {

[453] Fix | Delete

$overflowCount--;

[454] Fix | Delete

}

[455] Fix | Delete

}

[456] Fix | Delete

if(sizeof($finalIssues) < 1){ return; }

[457] Fix | Delete

[458] Fix | Delete

$this->newIssues = array();

[459] Fix | Delete

$this->totalIssues = 0;

[460] Fix | Delete

[461] Fix | Delete

$totals = array();

[462] Fix | Delete

foreach($finalIssues as $i){

[463] Fix | Delete

$emailedIssues[] = array( 'ignoreC' => $i['ignoreC'], 'ignoreP' => $i['ignoreP'] );

[464] Fix | Delete

if (!array_key_exists($i['severity'], $totals)) {

[465] Fix | Delete

$totals[$i['severity']] = 0;

[466] Fix | Delete

}

[467] Fix | Delete

$totals[$i['severity']]++;

[468] Fix | Delete

}

[469] Fix | Delete

wfConfig::set_ser('emailedIssuesList', $emailedIssues, false, wfConfig::DONT_AUTOLOAD);

[470] Fix | Delete

$needsToAlert = false;

[471] Fix | Delete

foreach ($totals as $issueSeverity => $totalIssuesBySeverity) {

[472] Fix | Delete

if ($issueSeverity >= $level && $totalIssuesBySeverity > 0) {

[473] Fix | Delete

$needsToAlert = true;

[474] Fix | Delete

break;

[475] Fix | Delete

}

[476] Fix | Delete

}

[477] Fix | Delete

if (!$needsToAlert) {

[478] Fix | Delete

return;

[479] Fix | Delete

}

[480] Fix | Delete

[481] Fix | Delete

$content = wfUtils::tmpl('email_newIssues.php', array(

[482] Fix | Delete

'isPaid' => wfConfig::get('isPaid'),

[483] Fix | Delete

'issues' => $finalIssues,

[484] Fix | Delete

'previousIssues' => $previousIssues,

[485] Fix | Delete

'totals' => $totals,

[486] Fix | Delete

'level' => $level,

[487] Fix | Delete

'issuesNotShown' => $overflowCount,

[488] Fix | Delete

'adminURL' => get_admin_url(),

[489] Fix | Delete

'timeLimitReached' => $timeLimitReached,

[490] Fix | Delete

'scanController' => ($scanController ? $scanController : wfScanner::shared()),

[491] Fix | Delete

));

[492] Fix | Delete

[493] Fix | Delete

foreach ($emails as $email) {

[494] Fix | Delete

$uniqueContent = str_replace('', wp_kses(sprintf(__('No longer an administrator for this site? <a href="%s" target="_blank">Click here</a> to stop receiving security alerts.', 'wordfence'), wfUtils::getSiteBaseURL() . '?_wfsf=removeAlertEmail&jwt=' . wfUtils::generateJWT(array('email' => $email))), array('a'=>array('href'=>array(), 'target'=>array()))), $content);

[495] Fix | Delete

wp_mail($email, $subject, $uniqueContent, 'Content-type: text/html');

[496] Fix | Delete

}

[497] Fix | Delete

}

[498] Fix | Delete

public function clearEmailedStatus($issues) {

[499] Fix | Delete