Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93

Warning: Undefined array key "page_file_edit_line" in /home/sportsfever/public_html/filemanger/edit_text_line.php on line 32
/home/sportsfe.../httpdocs/clone/wp-conte.../plugins/wordfenc.../lib
File: wfScanEngine.php
}
[2000] Fix | Delete
else if ($currentVulnerable && !$patchVulnerable) { //Non-edge branch, current version is vulnerable but patch version is not
[2001] Fix | Delete
$longMsg = sprintf(/* translators: Software version. */ __("WordPress version %s is now available for your site's current branch. Please upgrade immediately to get the latest security updates from WordPress.", 'wordfence'), esc_html($updateVersion));
[2002] Fix | Delete
//keep existing $severity already set
[2003] Fix | Delete
}
[2004] Fix | Delete
else { //Non-edge branch, unpatched vulnerability -- shift recommendation from patch update to edge update
[2005] Fix | Delete
$updateVersion = $this->updateCheck->getCoreUpdateVersion();
[2006] Fix | Delete
//keep existing $severity and $longMsg already set
[2007] Fix | Delete
}
[2008] Fix | Delete
}
[2009] Fix | Delete
else { //Edge branch or newest version of an older branch
[2010] Fix | Delete
if (!$currentVulnerable && !$edgeVulnerable) { //Neither the current version or edge version have a known vulnerability
[2011] Fix | Delete
if ($this->updateCheck->getCoreEarlierBranch()) { //Update available on the edge branch, but the older branch in current use is up-to-date for its patches
[2012] Fix | Delete
$severity = wfIssues::SEVERITY_LOW;
[2013] Fix | Delete
}
[2014] Fix | Delete
else {
[2015] Fix | Delete
$severity = wfIssues::SEVERITY_MEDIUM;
[2016] Fix | Delete
}
[2017] Fix | Delete
$longMsg = sprintf(/* translators: Software version. */ __("WordPress version %s is now available. Please upgrade immediately to get the latest fixes and compatibility updates from WordPress.", 'wordfence'), esc_html($updateVersion));
[2018] Fix | Delete
}
[2019] Fix | Delete
//else vulnerability fixed or unpatched vulnerability, keep the existing values already set
[2020] Fix | Delete
}
[2021] Fix | Delete
[2022] Fix | Delete
$longMsg .= ' <a href="' . wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_CORE_UPGRADE) . '" target="_blank" rel="noopener noreferrer">' . esc_html__('Learn more', 'wordfence') . '<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>';
[2023] Fix | Delete
[2024] Fix | Delete
if ($updateVersion) {
[2025] Fix | Delete
$added = $this->addIssue(
[2026] Fix | Delete
'wfUpgrade',
[2027] Fix | Delete
$severity,
[2028] Fix | Delete
'wfUpgrade' . $updateVersion,
[2029] Fix | Delete
'wfUpgrade' . $updateVersion,
[2030] Fix | Delete
$shortMsg,
[2031] Fix | Delete
$longMsg,
[2032] Fix | Delete
array(
[2033] Fix | Delete
'currentVersion' => $this->wp_version,
[2034] Fix | Delete
'newVersion' => $updateVersion,
[2035] Fix | Delete
)
[2036] Fix | Delete
);
[2037] Fix | Delete
[2038] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2039] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2040] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2041] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2042] Fix | Delete
}
[2043] Fix | Delete
}
[2044] Fix | Delete
}
[2045] Fix | Delete
[2046] Fix | Delete
$allPlugins = $this->updateCheck->getAllPlugins();
[2047] Fix | Delete
[2048] Fix | Delete
// Plugin updates needed
[2049] Fix | Delete
if (count($this->updateCheck->getPluginUpdates()) > 0) {
[2050] Fix | Delete
foreach ($this->updateCheck->getPluginUpdates() as $plugin) {
[2051] Fix | Delete
$severity = wfIssues::SEVERITY_CRITICAL;
[2052] Fix | Delete
if (isset($plugin['vulnerable'])) {
[2053] Fix | Delete
if (!$plugin['vulnerable']) {
[2054] Fix | Delete
$severity = wfIssues::SEVERITY_MEDIUM;
[2055] Fix | Delete
}
[2056] Fix | Delete
}
[2057] Fix | Delete
$key = 'wfPluginUpgrade' . ' ' . $plugin['pluginFile'] . ' ' . $plugin['newVersion'] . ' ' . $plugin['Version'];
[2058] Fix | Delete
$shortMsg = sprintf(
[2059] Fix | Delete
/* translators: 1. Plugin name. 2. Software version. 3. Software version. */
[2060] Fix | Delete
__('The Plugin "%1$s" needs an upgrade (%2$s -> %3$s).', 'wordfence'),
[2061] Fix | Delete
empty($plugin['Name']) ? $plugin['pluginFile'] : $plugin['Name'],
[2062] Fix | Delete
$plugin['Version'],
[2063] Fix | Delete
$plugin['newVersion']
[2064] Fix | Delete
);
[2065] Fix | Delete
$added = $this->addIssue('wfPluginUpgrade', $severity, $key, $key, $shortMsg,
[2066] Fix | Delete
sprintf(
[2067] Fix | Delete
__("You need to upgrade \"%s\" to the newest version to ensure you have any security fixes the developer has released.", 'wordfence'),
[2068] Fix | Delete
empty($plugin['Name']) ? $plugin['pluginFile'] : $plugin['Name']
[2069] Fix | Delete
), $plugin);
[2070] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2071] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2072] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2073] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2074] Fix | Delete
}
[2075] Fix | Delete
[2076] Fix | Delete
if (isset($plugin['slug'])) {
[2077] Fix | Delete
unset($allPlugins[$plugin['slug']]);
[2078] Fix | Delete
}
[2079] Fix | Delete
}
[2080] Fix | Delete
}
[2081] Fix | Delete
[2082] Fix | Delete
// Theme updates needed
[2083] Fix | Delete
if (count($this->updateCheck->getThemeUpdates()) > 0) {
[2084] Fix | Delete
foreach ($this->updateCheck->getThemeUpdates() as $theme) {
[2085] Fix | Delete
$severity = wfIssues::SEVERITY_CRITICAL;
[2086] Fix | Delete
if (isset($theme['vulnerable'])) {
[2087] Fix | Delete
if (!$theme['vulnerable']) {
[2088] Fix | Delete
$severity = wfIssues::SEVERITY_MEDIUM;
[2089] Fix | Delete
}
[2090] Fix | Delete
}
[2091] Fix | Delete
$key = 'wfThemeUpgrade' . ' ' . $theme['Name'] . ' ' . $theme['version'] . ' ' . $theme['newVersion'];
[2092] Fix | Delete
$shortMsg = sprintf(
[2093] Fix | Delete
/* translators: 1. Theme name. 2. Software version. 3. Software version. */
[2094] Fix | Delete
__('The Theme "%1$s" needs an upgrade (%2$s -> %3$s).', 'wordfence'),
[2095] Fix | Delete
$theme['Name'],
[2096] Fix | Delete
$theme['version'],
[2097] Fix | Delete
$theme['newVersion']
[2098] Fix | Delete
);
[2099] Fix | Delete
$added = $this->addIssue('wfThemeUpgrade', $severity, $key, $key, $shortMsg, sprintf(
[2100] Fix | Delete
/* translators: Theme name. */
[2101] Fix | Delete
__("You need to upgrade \"%s\" to the newest version to ensure you have any security fixes the developer has released.", 'wordfence'),
[2102] Fix | Delete
esc_html($theme['Name'])
[2103] Fix | Delete
), $theme);
[2104] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2105] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2106] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2107] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2108] Fix | Delete
}
[2109] Fix | Delete
}
[2110] Fix | Delete
}
[2111] Fix | Delete
[2112] Fix | Delete
if ($this->isFullScan()) {
[2113] Fix | Delete
//Abandoned plugins
[2114] Fix | Delete
foreach ($this->pluginRepoStatus as $slug => $status) {
[2115] Fix | Delete
if ($status !== false && !is_wp_error($status) && ((is_object($status) && property_exists($status, 'last_updated')) || (is_array($status) && array_key_exists('last_updated', $status)))) {
[2116] Fix | Delete
$statusArray = (array) $status;
[2117] Fix | Delete
$hasVersion = array_key_exists('version', $statusArray);
[2118] Fix | Delete
if (!$hasVersion) {
[2119] Fix | Delete
$statusArray['version'] = null;
[2120] Fix | Delete
wordfence::status(3, 'error', "Unable to determine version for plugin $slug");
[2121] Fix | Delete
}
[2122] Fix | Delete
[2123] Fix | Delete
if (array_key_exists('last_updated', $statusArray) &&
[2124] Fix | Delete
is_string($statusArray['last_updated']) &&
[2125] Fix | Delete
($lastUpdateTimestamp = strtotime($statusArray['last_updated'])) &&
[2126] Fix | Delete
(time() - $lastUpdateTimestamp) > 63072000 /* ~2 years */) {
[2127] Fix | Delete
[2128] Fix | Delete
try {
[2129] Fix | Delete
$statusArray['dateUpdated'] = wfUtils::formatLocalTime(get_option('date_format'), $lastUpdateTimestamp);
[2130] Fix | Delete
}
[2131] Fix | Delete
catch (Exception $e) { //DateMalformedStringException in PHP >= 8.3, Exception previously
[2132] Fix | Delete
wordfence::status(3, 'error', sprintf(
[2133] Fix | Delete
/* translators: 1. Plugin slug. 2. Malformed date string. */
[2134] Fix | Delete
__('Encountered bad date string for plugin "%s" in abandoned plugin check: %s', 'wordfence'),
[2135] Fix | Delete
$slug,
[2136] Fix | Delete
$statusArray['last_updated']));
[2137] Fix | Delete
continue;
[2138] Fix | Delete
}
[2139] Fix | Delete
$severity = wfIssues::SEVERITY_MEDIUM;
[2140] Fix | Delete
$statusArray['abandoned'] = true;
[2141] Fix | Delete
$statusArray['vulnerable'] = false;
[2142] Fix | Delete
$vulnerable = $hasVersion && $this->updateCheck->isPluginVulnerable($slug, $statusArray['version']);
[2143] Fix | Delete
if ($vulnerable) {
[2144] Fix | Delete
$severity = wfIssues::SEVERITY_CRITICAL;
[2145] Fix | Delete
$statusArray['vulnerable'] = true;
[2146] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['vulnerabilityLink'])) { $statusArray['vulnerabilityLink'] = $vulnerable['vulnerabilityLink']; }
[2147] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['cvssScore'])) { $statusArray['cvssScore'] = $vulnerable['cvssScore']; }
[2148] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['cvssVector'])) { $statusArray['cvssVector'] = $vulnerable['cvssVector']; }
[2149] Fix | Delete
}
[2150] Fix | Delete
[2151] Fix | Delete
if (isset($allPlugins[$slug]) && isset($allPlugins[$slug]['wpURL'])) {
[2152] Fix | Delete
$statusArray['wpURL'] = $allPlugins[$slug]['wpURL'];
[2153] Fix | Delete
}
[2154] Fix | Delete
[2155] Fix | Delete
$key = "wfPluginAbandoned {$slug} {$statusArray['version']}";
[2156] Fix | Delete
if (isset($statusArray['tested'])) {
[2157] Fix | Delete
$shortMsg = sprintf(
[2158] Fix | Delete
/* translators: 1. Plugin name. 2. Software version. 3. Software version. */
[2159] Fix | Delete
__('The Plugin "%1$s" appears to be abandoned (updated %2$s, tested to WP %3$s).', 'wordfence'),
[2160] Fix | Delete
(empty($statusArray['name']) ? $slug : $statusArray['name']),
[2161] Fix | Delete
$statusArray['dateUpdated'],
[2162] Fix | Delete
$statusArray['tested']
[2163] Fix | Delete
);
[2164] Fix | Delete
$longMsg = sprintf(
[2165] Fix | Delete
/* translators: 1. Plugin name. 2. Software version. */
[2166] Fix | Delete
__('It was last updated %1$s ago and tested up to WordPress %2$s.', 'wordfence'),
[2167] Fix | Delete
wfUtils::makeTimeAgo(time() - $lastUpdateTimestamp),
[2168] Fix | Delete
esc_html($statusArray['tested'])
[2169] Fix | Delete
);
[2170] Fix | Delete
} else {
[2171] Fix | Delete
$shortMsg = sprintf(
[2172] Fix | Delete
/* translators: 1. Plugin name. 2. Software version. */
[2173] Fix | Delete
__('The Plugin "%1$s" appears to be abandoned (updated %2$s).', 'wordfence'),
[2174] Fix | Delete
(empty($statusArray['name']) ? $slug : $statusArray['name']),
[2175] Fix | Delete
$statusArray['dateUpdated']
[2176] Fix | Delete
);
[2177] Fix | Delete
$longMsg = sprintf(
[2178] Fix | Delete
/* translators: Time duration. */
[2179] Fix | Delete
__('It was last updated %s ago.', 'wordfence'),
[2180] Fix | Delete
wfUtils::makeTimeAgo(time() - $lastUpdateTimestamp)
[2181] Fix | Delete
);
[2182] Fix | Delete
}
[2183] Fix | Delete
[2184] Fix | Delete
if ($statusArray['vulnerable']) {
[2185] Fix | Delete
$longMsg .= ' ' . __('It has unpatched security issues and may have compatibility problems with the current version of WordPress.', 'wordfence');
[2186] Fix | Delete
} else {
[2187] Fix | Delete
$longMsg .= ' ' . __('It may have compatibility problems with the current version of WordPress or unknown security issues.', 'wordfence');
[2188] Fix | Delete
}
[2189] Fix | Delete
$longMsg .= ' ' . sprintf(
[2190] Fix | Delete
/* translators: Support URL. */
[2191] Fix | Delete
__('<a href="%s" target="_blank" rel="noopener noreferrer">Get more information.<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_PLUGIN_ABANDONED));
[2192] Fix | Delete
$added = $this->addIssue('wfPluginAbandoned', $severity, $key, $key, $shortMsg, $longMsg, $statusArray);
[2193] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2194] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2195] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2196] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2197] Fix | Delete
}
[2198] Fix | Delete
[2199] Fix | Delete
unset($allPlugins[$slug]);
[2200] Fix | Delete
}
[2201] Fix | Delete
} else if ($status !== false && is_wp_error($status) && isset($status->errors['plugins_api_failed'])) { //The plugin does not exist in the wp.org repo
[2202] Fix | Delete
$knownFiles = $this->getKnownFilesLoader()->getKnownFiles();
[2203] Fix | Delete
if (isset($knownFiles['status']) && is_array($knownFiles['status']) && isset($knownFiles['status']['plugins']) && is_array($knownFiles['status']['plugins'])) {
[2204] Fix | Delete
$requestedPlugins = $this->getPlugins();
[2205] Fix | Delete
foreach ($requestedPlugins as $key => $data) {
[2206] Fix | Delete
if ($data['ShortDir'] == $slug && isset($knownFiles['status']['plugins'][$slug]) && $knownFiles['status']['plugins'][$slug] == 'r') { //It existed in the repo at some point and was removed
[2207] Fix | Delete
$pluginFile = wfUtils::getPluginBaseDir() . $key;
[2208] Fix | Delete
$pluginData = get_plugin_data($pluginFile);
[2209] Fix | Delete
$pluginData['wpRemoved'] = true;
[2210] Fix | Delete
$pluginData['vulnerable'] = false;
[2211] Fix | Delete
$vulnerable = $this->updateCheck->isPluginVulnerable($slug, $pluginData['Version']);
[2212] Fix | Delete
if ($vulnerable) {
[2213] Fix | Delete
$pluginData['vulnerable'] = true;
[2214] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['vulnerabilityLink'])) { $statusArray['vulnerabilityLink'] = $vulnerable['vulnerabilityLink']; }
[2215] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['cvssScore'])) { $statusArray['cvssScore'] = $vulnerable['cvssScore']; }
[2216] Fix | Delete
if (is_array($vulnerable) && isset($vulnerable['cvssVector'])) { $statusArray['cvssVector'] = $vulnerable['cvssVector']; }
[2217] Fix | Delete
}
[2218] Fix | Delete
[2219] Fix | Delete
$key = "wfPluginRemoved {$slug} {$pluginData['Version']}";
[2220] Fix | Delete
$shortMsg = sprintf(
[2221] Fix | Delete
/* translators: Plugin name. */
[2222] Fix | Delete
__('The Plugin "%s" has been removed from wordpress.org but is still installed on your site.', 'wordfence'), (empty($pluginData['Name']) ? $slug : $pluginData['Name']));
[2223] Fix | Delete
if ($pluginData['vulnerable']) {
[2224] Fix | Delete
$longMsg = __('It has unpatched security issues and may have compatibility problems with the current version of WordPress.', 'wordfence');
[2225] Fix | Delete
} else {
[2226] Fix | Delete
$longMsg = __('Your site is still using this plugin, but it is not currently available on wordpress.org. Plugins can be removed from wordpress.org for various reasons. This can include benign issues like a plugin author discontinuing development or moving the plugin distribution to their own site, but some might also be due to security issues. In any case, future updates may or may not be available, so it is worth investigating the cause and deciding whether to temporarily or permanently replace or remove the plugin.', 'wordfence');
[2227] Fix | Delete
}
[2228] Fix | Delete
$longMsg .= ' ' . sprintf(
[2229] Fix | Delete
/* translators: Support URL. */
[2230] Fix | Delete
__('<a href="%s" target="_blank" rel="noopener noreferrer">Get more information.<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_PLUGIN_REMOVED));
[2231] Fix | Delete
$added = $this->addIssue('wfPluginRemoved', wfIssues::SEVERITY_CRITICAL, $key, $key, $shortMsg, $longMsg, $pluginData);
[2232] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2233] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2234] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2235] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2236] Fix | Delete
}
[2237] Fix | Delete
[2238] Fix | Delete
unset($allPlugins[$slug]);
[2239] Fix | Delete
}
[2240] Fix | Delete
}
[2241] Fix | Delete
}
[2242] Fix | Delete
}
[2243] Fix | Delete
}
[2244] Fix | Delete
[2245] Fix | Delete
//Handle plugins that either do not exist in the repo or do not have updates available
[2246] Fix | Delete
foreach ($allPlugins as $slug => $plugin) {
[2247] Fix | Delete
if ($plugin['vulnerable']) {
[2248] Fix | Delete
$key = implode(' ', array('wfPluginVulnerable', $plugin['pluginFile'], $plugin['Version']));
[2249] Fix | Delete
$shortMsg = sprintf(__('The Plugin "%s" has a security vulnerability.', 'wordfence'), $plugin['Name']);
[2250] Fix | Delete
$longMsg = sprintf(
[2251] Fix | Delete
wp_kses(
[2252] Fix | Delete
__('To protect your site from this vulnerability, the safest option is to deactivate and completely remove "%s" until a patched version is available. <a href="%s" target="_blank" rel="noopener noreferrer">Get more information.<span class="screen-reader-text"> (opens in new tab)</span></a>', 'wordfence'),
[2253] Fix | Delete
array(
[2254] Fix | Delete
'a' => array(
[2255] Fix | Delete
'href' => array(),
[2256] Fix | Delete
'target' => array(),
[2257] Fix | Delete
'rel' => array(),
[2258] Fix | Delete
),
[2259] Fix | Delete
'span' => array(
[2260] Fix | Delete
'class' => array()
[2261] Fix | Delete
)
[2262] Fix | Delete
)
[2263] Fix | Delete
),
[2264] Fix | Delete
$plugin['Name'],
[2265] Fix | Delete
wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_PLUGIN_VULNERABLE)
[2266] Fix | Delete
);
[2267] Fix | Delete
if (is_array($plugin['vulnerable']) && isset($plugin['vulnerable']['vulnerabilityLink'])) { $statusArray['vulnerabilityLink'] = $plugin['vulnerable']['vulnerabilityLink']; }
[2268] Fix | Delete
if (is_array($plugin['vulnerable']) && isset($plugin['vulnerable']['cvssScore'])) { $statusArray['cvssScore'] = $plugin['vulnerable']['cvssScore']; }
[2269] Fix | Delete
if (is_array($plugin['vulnerable']) && isset($plugin['vulnerable']['cvssVector'])) { $statusArray['cvssVector'] = $plugin['vulnerable']['cvssVector']; }
[2270] Fix | Delete
$plugin['updatedAvailable'] = false;
[2271] Fix | Delete
$added = $this->addIssue('wfPluginVulnerable', wfIssues::SEVERITY_CRITICAL, $key, $key, $shortMsg, $longMsg, $plugin);
[2272] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
[2273] Fix | Delete
else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }
[2274] Fix | Delete
[2275] Fix | Delete
unset($allPlugins[$slug]);
[2276] Fix | Delete
}
[2277] Fix | Delete
}
[2278] Fix | Delete
}
[2279] Fix | Delete
[2280] Fix | Delete
$this->updateCheck = false;
[2281] Fix | Delete
$this->pluginRepoStatus = array();
[2282] Fix | Delete
[2283] Fix | Delete
wfIssues::statusEnd($this->statusIDX['oldVersions'], $haveIssues);
[2284] Fix | Delete
$this->scanController->completeStage(wfScanner::STAGE_VULNERABILITY_SCAN, $haveIssues);
[2285] Fix | Delete
}
[2286] Fix | Delete
[2287] Fix | Delete
public function scan_suspiciousAdminUsers() {
[2288] Fix | Delete
$this->statusIDX['suspiciousAdminUsers'] = wfIssues::statusStart(__("Scanning for admin users not created through WordPress", 'wordfence'));
[2289] Fix | Delete
$this->scanController->startStage(wfScanner::STAGE_OPTIONS_AUDIT);
[2290] Fix | Delete
$haveIssues = wfIssues::STATUS_SECURE;
[2291] Fix | Delete
[2292] Fix | Delete
$adminUsers = new wfAdminUserMonitor();
[2293] Fix | Delete
if ($adminUsers->isEnabled()) {
[2294] Fix | Delete
try {
[2295] Fix | Delete
$response = $this->api->call('suspicious_admin_usernames');
[2296] Fix | Delete
if (is_array($response) && isset($response['ok']) && wfUtils::truthyToBoolean($response['ok']) && !empty($response['patterns'])) {
[2297] Fix | Delete
wfConfig::set_ser('suspiciousAdminUsernames', $response['patterns']);
[2298] Fix | Delete
}
[2299] Fix | Delete
} catch (Exception $e) {
[2300] Fix | Delete
// Let the rest of the scan continue
[2301] Fix | Delete
}
[2302] Fix | Delete
[2303] Fix | Delete
$suspiciousAdmins = $adminUsers->checkNewAdmins();
[2304] Fix | Delete
if (is_array($suspiciousAdmins)) {
[2305] Fix | Delete
foreach ($suspiciousAdmins as $userID) {
[2306] Fix | Delete
$this->scanController->incrementSummaryItem(wfScanner::SUMMARY_SCANNED_USERS);
[2307] Fix | Delete
$user = new WP_User($userID);
[2308] Fix | Delete
$key = 'suspiciousAdminUsers' . $userID;
[2309] Fix | Delete
$added = $this->addIssue('suspiciousAdminUsers', wfIssues::SEVERITY_HIGH, $key, $key,
[2310] Fix | Delete
sprintf(/* translators: WordPress username. */ __("An admin user with the username %s was created outside of WordPress.", 'wordfence'), esc_html($user->user_login)),
[2311] Fix | Delete
sprintf(/* translators: WordPress username. */ __("An admin user with the username %s was created outside of WordPress. It's possible a plugin could have created the account, but if you do not recognize the user, we suggest you remove it.", 'wordfence'), esc_html($user->user_login)),
[2312] Fix | Delete
array(
[2313] Fix | Delete
'userID' => $userID,
[2314] Fix | Delete
));
[2315] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2316] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2317] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2318] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2319] Fix | Delete
}
[2320] Fix | Delete
}
[2321] Fix | Delete
}
[2322] Fix | Delete
[2323] Fix | Delete
$admins = $adminUsers->getCurrentAdmins();
[2324] Fix | Delete
/**
[2325] Fix | Delete
* @var WP_User $adminUser
[2326] Fix | Delete
*/
[2327] Fix | Delete
foreach ($admins as $userID => $adminUser) {
[2328] Fix | Delete
$added = false;
[2329] Fix | Delete
$key = 'suspiciousAdminUsers' . $userID;
[2330] Fix | Delete
[2331] Fix | Delete
// Check against user name list here.
[2332] Fix | Delete
$suspiciousAdminUsernames = wfConfig::get_ser('suspiciousAdminUsernames');
[2333] Fix | Delete
if (is_array($suspiciousAdminUsernames)) {
[2334] Fix | Delete
foreach ($suspiciousAdminUsernames as $usernamePattern) {
[2335] Fix | Delete
if (preg_match($usernamePattern, $adminUser->user_login)) {
[2336] Fix | Delete
$added = $this->addIssue('suspiciousAdminUsers', wfIssues::SEVERITY_HIGH, $key, $key,
[2337] Fix | Delete
sprintf(/* translators: WordPress username. */ __("An admin user with a suspicious username %s was found.", 'wordfence'), esc_html($adminUser->user_login)),
[2338] Fix | Delete
sprintf(/* translators: WordPress username. */ __("An admin user with a suspicious username %s was found. Administrators accounts with usernames similar to this are commonly seen created by hackers. It's possible a plugin could have created the account, but if you do not recognize the user, we suggest you remove it.", 'wordfence'), esc_html($adminUser->user_login)),
[2339] Fix | Delete
array(
[2340] Fix | Delete
'userID' => $userID,
[2341] Fix | Delete
));
[2342] Fix | Delete
}
[2343] Fix | Delete
}
[2344] Fix | Delete
}
[2345] Fix | Delete
[2346] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2347] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2348] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2349] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2350] Fix | Delete
}
[2351] Fix | Delete
}
[2352] Fix | Delete
}
[2353] Fix | Delete
[2354] Fix | Delete
wfIssues::statusEnd($this->statusIDX['suspiciousAdminUsers'], $haveIssues);
[2355] Fix | Delete
$this->scanController->completeStage(wfScanner::STAGE_OPTIONS_AUDIT, $haveIssues);
[2356] Fix | Delete
}
[2357] Fix | Delete
[2358] Fix | Delete
public function scan_suspiciousOptions() {
[2359] Fix | Delete
$this->statusIDX['suspiciousOptions'] = wfIssues::statusStart(__("Scanning for suspicious site options", 'wordfence'));
[2360] Fix | Delete
$this->scanController->startStage(wfScanner::STAGE_OPTIONS_AUDIT);
[2361] Fix | Delete
$haveIssues = wfIssues::STATUS_SECURE;
[2362] Fix | Delete
[2363] Fix | Delete
$blogsToScan = self::getBlogsToScan('options');
[2364] Fix | Delete
$wfdb = new wfDB();
[2365] Fix | Delete
[2366] Fix | Delete
$this->hoover = new wordfenceURLHoover($this->apiKey, $this->wp_version);
[2367] Fix | Delete
foreach ($blogsToScan as $blog) {
[2368] Fix | Delete
$excludedHosts = array();
[2369] Fix | Delete
$homeURL = get_home_url($blog['blog_id']);
[2370] Fix | Delete
$host = parse_url($homeURL, PHP_URL_HOST);
[2371] Fix | Delete
if ($host) {
[2372] Fix | Delete
$excludedHosts[$host] = 1;
[2373] Fix | Delete
}
[2374] Fix | Delete
$siteURL = get_site_url($blog['blog_id']);
[2375] Fix | Delete
$host = parse_url($siteURL, PHP_URL_HOST);
[2376] Fix | Delete
if ($host) {
[2377] Fix | Delete
$excludedHosts[$host] = 1;
[2378] Fix | Delete
}
[2379] Fix | Delete
$excludedHosts = array_keys($excludedHosts);
[2380] Fix | Delete
[2381] Fix | Delete
//Newspaper Theme
[2382] Fix | Delete
if (defined('TD_THEME_OPTIONS_NAME')) {
[2383] Fix | Delete
$q = $wfdb->querySelect("SELECT option_name, option_value FROM " . $blog['table'] . " WHERE option_name REGEXP '^td_[0-9]+$' OR option_name = '%s'", TD_THEME_OPTIONS_NAME);
[2384] Fix | Delete
} else {
[2385] Fix | Delete
$q = $wfdb->querySelect("SELECT option_name, option_value FROM " . $blog['table'] . " WHERE option_name REGEXP '^td_[0-9]+$'");
[2386] Fix | Delete
}
[2387] Fix | Delete
foreach ($q as $row) {
[2388] Fix | Delete
$found = $this->hoover->hoover($blog['blog_id'] . '-' . $row['option_name'], $row['option_value'], $excludedHosts);
[2389] Fix | Delete
$this->scanController->incrementSummaryItem(wfScanner::SUMMARY_SCANNED_URLS, $found);
[2390] Fix | Delete
}
[2391] Fix | Delete
}
[2392] Fix | Delete
[2393] Fix | Delete
[2394] Fix | Delete
$this->status(2, 'info', __("Examining URLs found in the options we scanned for dangerous websites", 'wordfence'));
[2395] Fix | Delete
$hooverResults = $this->hoover->getBaddies();
[2396] Fix | Delete
$this->status(2, 'info', __("Done examining URLs", 'wordfence'));
[2397] Fix | Delete
if ($this->hoover->errorMsg) {
[2398] Fix | Delete
wfIssues::statusEndErr();
[2399] Fix | Delete
throw new Exception($this->hoover->errorMsg);
[2400] Fix | Delete
}
[2401] Fix | Delete
$this->hoover->cleanup();
[2402] Fix | Delete
foreach ($hooverResults as $idString => $hresults) {
[2403] Fix | Delete
$arr = explode('-', $idString);
[2404] Fix | Delete
$blogID = $arr[0];
[2405] Fix | Delete
$optionKey = $arr[1];
[2406] Fix | Delete
$blog = null;
[2407] Fix | Delete
foreach ($hresults as $result) {
[2408] Fix | Delete
if ($result['badList'] != 'goog-malware-shavar' && $result['badList'] != 'googpub-phish-shavar' && $result['badList'] != 'wordfence-dbl') {
[2409] Fix | Delete
continue; //A list type that may be new and the plugin has not been upgraded yet.
[2410] Fix | Delete
}
[2411] Fix | Delete
[2412] Fix | Delete
if ($blog === null) {
[2413] Fix | Delete
$blogs = self::getBlogsToScan('options', $blogID);
[2414] Fix | Delete
$blog = array_shift($blogs);
[2415] Fix | Delete
}
[2416] Fix | Delete
[2417] Fix | Delete
if ($result['badList'] == 'goog-malware-shavar') {
[2418] Fix | Delete
$shortMsg = sprintf(/* translators: URL. */ __("Option contains a suspected malware URL: %s", 'wordfence'), esc_html($optionKey));
[2419] Fix | Delete
$longMsg = sprintf(/* translators: URL. */ __("This option contains a suspected malware URL listed on Google's list of malware sites. It may indicate your site is infected with malware. The URL is: %s", 'wordfence'), esc_html($result['URL']));
[2420] Fix | Delete
} else if ($result['badList'] == 'googpub-phish-shavar') {
[2421] Fix | Delete
$shortMsg = sprintf(/* translators: URL. */ __("Option contains a suspected phishing site URL: %s", 'wordfence'), esc_html($optionKey));
[2422] Fix | Delete
$longMsg = sprintf(/* translators: URL. */ __("This option contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. It may indicate your site is infected with malware. The URL is: %s", 'wordfence'), esc_html($result['URL']));
[2423] Fix | Delete
} else if ($result['badList'] == 'wordfence-dbl') {
[2424] Fix | Delete
$shortMsg = sprintf(/* translators: URL. */ __("Option contains a suspected malware URL: %s", 'wordfence'), esc_html($optionKey));
[2425] Fix | Delete
$longMsg = sprintf(/* translators: URL. */ __("This option contains a URL that is currently listed on Wordfence's domain blocklist. It may indicate your site is infected with malware. The URL is: %s", 'wordfence'), esc_html($result['URL']));
[2426] Fix | Delete
} else {
[2427] Fix | Delete
//A list type that may be new and the plugin has not been upgraded yet.
[2428] Fix | Delete
continue;
[2429] Fix | Delete
}
[2430] Fix | Delete
[2431] Fix | Delete
$longMsg .= ' - ' . sprintf(/* translators: Support URL. */ __('<a href="%s" target="_blank" rel="noopener noreferrer">Get more information.<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_OPTION_MALWARE_URL));
[2432] Fix | Delete
[2433] Fix | Delete
$this->status(2, 'info', sprintf(/* translators: Scan result description. */ __("Adding issue: %s", 'wordfence'), $shortMsg));
[2434] Fix | Delete
[2435] Fix | Delete
if (is_multisite()) {
[2436] Fix | Delete
switch_to_blog($blogID);
[2437] Fix | Delete
}
[2438] Fix | Delete
[2439] Fix | Delete
$ignoreP = $idString;
[2440] Fix | Delete
$ignoreC = $idString . md5(serialize(get_option($optionKey, '')));
[2441] Fix | Delete
$added = $this->addIssue('optionBadURL', wfIssues::SEVERITY_HIGH, $ignoreP, $ignoreC, $shortMsg, $longMsg, array(
[2442] Fix | Delete
'optionKey' => $optionKey,
[2443] Fix | Delete
'badURL' => $result['URL'],
[2444] Fix | Delete
'isMultisite' => $blog['isMultisite'],
[2445] Fix | Delete
'domain' => $blog['domain'],
[2446] Fix | Delete
'path' => $blog['path'],
[2447] Fix | Delete
'blog_id' => $blogID
[2448] Fix | Delete
));
[2449] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2450] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2451] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2452] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2453] Fix | Delete
}
[2454] Fix | Delete
if (is_multisite()) {
[2455] Fix | Delete
restore_current_blog();
[2456] Fix | Delete
}
[2457] Fix | Delete
}
[2458] Fix | Delete
}
[2459] Fix | Delete
[2460] Fix | Delete
wfIssues::statusEnd($this->statusIDX['suspiciousOptions'], $haveIssues);
[2461] Fix | Delete
$this->scanController->completeStage(wfScanner::STAGE_OPTIONS_AUDIT, $haveIssues);
[2462] Fix | Delete
}
[2463] Fix | Delete
[2464] Fix | Delete
public function scan_geoipSupport() {
[2465] Fix | Delete
$this->statusIDX['geoipSupport'] = wfIssues::statusStart(__("Checking for future GeoIP support", 'wordfence'));
[2466] Fix | Delete
$this->scanController->startStage(wfScanner::STAGE_SERVER_STATE);
[2467] Fix | Delete
$haveIssues = wfIssues::STATUS_SECURE;
[2468] Fix | Delete
[2469] Fix | Delete
if (version_compare(phpversion(), '5.4') < 0 && wfConfig::get('isPaid') && wfBlock::hasCountryBlock()) {
[2470] Fix | Delete
$shortMsg = __('PHP Update Needed for Country Blocking', 'wordfence');
[2471] Fix | Delete
$longMsg = sprintf(/* translators: Software version. */ __('The GeoIP database that is required for country blocking has been updated to a new format. This new format requires sites to run PHP 5.4 or newer, and this site is on PHP %s. To ensure country blocking continues functioning, please update PHP.', 'wordfence'), wfUtils::cleanPHPVersion());
[2472] Fix | Delete
[2473] Fix | Delete
$longMsg .= ' ' . sprintf(/* translators: Support URL. */ __('<a href="%s" target="_blank" rel="noopener noreferrer">Get more information.<span class="screen-reader-text"> (' . esc_html__('opens in new tab', 'wordfence') . ')</span></a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_GEOIP_UPDATE));
[2474] Fix | Delete
[2475] Fix | Delete
$this->status(2, 'info', sprintf(/* translators: Scan result description. */ __("Adding issue: %s", 'wordfence'), $shortMsg));
[2476] Fix | Delete
[2477] Fix | Delete
$ignoreP = 'geoIPPHPDiscontinuing';
[2478] Fix | Delete
$ignoreC = $ignoreP;
[2479] Fix | Delete
$added = $this->addIssue('geoipSupport', wfIssues::SEVERITY_MEDIUM, $ignoreP, $ignoreC, $shortMsg, $longMsg, array());
[2480] Fix | Delete
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) {
[2481] Fix | Delete
$haveIssues = wfIssues::STATUS_PROBLEM;
[2482] Fix | Delete
} else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) {
[2483] Fix | Delete
$haveIssues = wfIssues::STATUS_IGNORED;
[2484] Fix | Delete
}
[2485] Fix | Delete
}
[2486] Fix | Delete
[2487] Fix | Delete
wfIssues::statusEnd($this->statusIDX['geoipSupport'], $haveIssues);
[2488] Fix | Delete
$this->scanController->completeStage(wfScanner::STAGE_SERVER_STATE, $haveIssues);
[2489] Fix | Delete
}
[2490] Fix | Delete
[2491] Fix | Delete
public function status($level, $type, $msg) {
[2492] Fix | Delete
wordfence::status($level, $type, $msg);
[2493] Fix | Delete
}
[2494] Fix | Delete
[2495] Fix | Delete
public function addIssue($type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData, $alreadyHashed = false) {
[2496] Fix | Delete
wfIssues::updateScanStillRunning();
[2497] Fix | Delete
return $this->i->addIssue($type, $severity, $ignoreP, $ignoreC, $shortMsg, $longMsg, $templateData, $alreadyHashed);
[2498] Fix | Delete
}
[2499] Fix | Delete
1234567
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function