Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93

Warning: Undefined array key "page_file_edit_line" in /home/sportsfever/public_html/filemanger/edit_text_line.php on line 32
/home/sportsfe.../httpdocs/clone/wp-conte.../plugins/wordfenc.../lib
File: wfUpdateCheck.php
*/
[500] Fix | Delete
public function checkCoreVulnerabilities($initial = false) {
[501] Fix | Delete
$vulnerabilities = array();
[502] Fix | Delete
[503] Fix | Delete
include(ABSPATH . WPINC . '/version.php'); /** @var $wp_version */
[504] Fix | Delete
[505] Fix | Delete
$core = array(
[506] Fix | Delete
'current' => $wp_version,
[507] Fix | Delete
);
[508] Fix | Delete
[509] Fix | Delete
if ($this->needs_core_update) {
[510] Fix | Delete
$core['edge'] = $this->core_update_version;
[511] Fix | Delete
}
[512] Fix | Delete
[513] Fix | Delete
if ($this->core_update_patch_available) {
[514] Fix | Delete
$core['patch'] = $this->core_update_patch_version;
[515] Fix | Delete
}
[516] Fix | Delete
[517] Fix | Delete
try {
[518] Fix | Delete
$result = $this->api->call('core_vulnerability_check', array(), array(
[519] Fix | Delete
'core' => json_encode($core),
[520] Fix | Delete
));
[521] Fix | Delete
[522] Fix | Delete
wfConfig::set_ser('vulnerabilities_core', $result['vulnerable'], false, wfConfig::DONT_AUTOLOAD); //Will have the index `current` with possibly `edge` and `patch` depending on what was provided above
[523] Fix | Delete
}
[524] Fix | Delete
catch (Exception $e) {
[525] Fix | Delete
//Do nothing
[526] Fix | Delete
}
[527] Fix | Delete
}
[528] Fix | Delete
[529] Fix | Delete
private function initializePluginVulnerabilityData($plugin, &$installedPlugins, &$records, $values = null, $update = false) {
[530] Fix | Delete
$file = $this->checkPluginFile($plugin, $installedPlugins);
[531] Fix | Delete
if ($file === null)
[532] Fix | Delete
return null;
[533] Fix | Delete
$data = $installedPlugins[$plugin];
[534] Fix | Delete
$record = array(
[535] Fix | Delete
'slug' => $this->extractSlug($plugin, $values),
[536] Fix | Delete
'fromVersion' => isset($data['Version']) ? $data['Version'] : 'Unknown',
[537] Fix | Delete
'vulnerable' => false
[538] Fix | Delete
);
[539] Fix | Delete
if ($update && is_array($values))
[540] Fix | Delete
$record['toVersion'] = isset($values['new_version']) ? $values['new_version'] : 'Unknown';
[541] Fix | Delete
$records[] = $record;
[542] Fix | Delete
unset($installedPlugins[$plugin]);
[543] Fix | Delete
}
[544] Fix | Delete
[545] Fix | Delete
/**
[546] Fix | Delete
* @param bool $initial if true, treat as the initial scan run
[547] Fix | Delete
*/
[548] Fix | Delete
public function checkPluginVulnerabilities($initial=false) {
[549] Fix | Delete
[550] Fix | Delete
self::requirePluginsApi();
[551] Fix | Delete
[552] Fix | Delete
$vulnerabilities = array();
[553] Fix | Delete
[554] Fix | Delete
//Get the full plugin list
[555] Fix | Delete
if (!function_exists('get_plugins')) {
[556] Fix | Delete
require_once(ABSPATH . '/wp-admin/includes/plugin.php');
[557] Fix | Delete
}
[558] Fix | Delete
$installedPlugins = get_plugins();
[559] Fix | Delete
[560] Fix | Delete
//Get the info for plugins on wordpress.org
[561] Fix | Delete
$update_plugins = $this->fetchPluginUpdates();
[562] Fix | Delete
if ($update_plugins) {
[563] Fix | Delete
if (!empty($update_plugins->response)) {
[564] Fix | Delete
foreach ($update_plugins->response as $plugin => $vals) {
[565] Fix | Delete
$this->initializePluginVulnerabilityData($plugin, $installedPlugins, $vulnerabilities, (array) $vals, true);
[566] Fix | Delete
}
[567] Fix | Delete
}
[568] Fix | Delete
[569] Fix | Delete
if (!empty($update_plugins->no_update)) {
[570] Fix | Delete
foreach ($update_plugins->no_update as $plugin => $vals) {
[571] Fix | Delete
$this->initializePluginVulnerabilityData($plugin, $installedPlugins, $vulnerabilities, (array) $vals);
[572] Fix | Delete
}
[573] Fix | Delete
}
[574] Fix | Delete
}
[575] Fix | Delete
[576] Fix | Delete
//Get the remaining plugins (not in the wordpress.org repo for whatever reason)
[577] Fix | Delete
foreach ($installedPlugins as $plugin => $data) {
[578] Fix | Delete
$this->initializePluginVulnerabilityData($plugin, $installedPlugins, $vulnerabilities, $data);
[579] Fix | Delete
}
[580] Fix | Delete
[581] Fix | Delete
if (count($vulnerabilities) > 0) {
[582] Fix | Delete
try {
[583] Fix | Delete
$result = $this->api->call('plugin_vulnerability_check', array(), array(
[584] Fix | Delete
'plugins' => json_encode($vulnerabilities),
[585] Fix | Delete
));
[586] Fix | Delete
[587] Fix | Delete
foreach ($vulnerabilities as &$v) {
[588] Fix | Delete
$vulnerableList = $result['vulnerable'];
[589] Fix | Delete
foreach ($vulnerableList as $r) {
[590] Fix | Delete
if ($r['slug'] == $v['slug']) {
[591] Fix | Delete
$v['vulnerable'] = !!$r['vulnerable'];
[592] Fix | Delete
if (isset($r['link'])) {
[593] Fix | Delete
$v['link'] = $r['link'];
[594] Fix | Delete
}
[595] Fix | Delete
if (isset($r['score'])) {
[596] Fix | Delete
$v['score'] = $r['score'];
[597] Fix | Delete
}
[598] Fix | Delete
if (isset($r['vector'])) {
[599] Fix | Delete
$v['vector'] = $r['vector'];
[600] Fix | Delete
}
[601] Fix | Delete
break;
[602] Fix | Delete
}
[603] Fix | Delete
}
[604] Fix | Delete
}
[605] Fix | Delete
}
[606] Fix | Delete
catch (Exception $e) {
[607] Fix | Delete
//Do nothing
[608] Fix | Delete
}
[609] Fix | Delete
[610] Fix | Delete
wfConfig::set_ser('vulnerabilities_plugin', $vulnerabilities, false, wfConfig::DONT_AUTOLOAD);
[611] Fix | Delete
}
[612] Fix | Delete
}
[613] Fix | Delete
[614] Fix | Delete
/**
[615] Fix | Delete
* @param bool $initial whether or not this is the initial run
[616] Fix | Delete
*/
[617] Fix | Delete
public function checkThemeVulnerabilities($initial = false) {
[618] Fix | Delete
if (!function_exists('wp_update_themes')) {
[619] Fix | Delete
require_once(ABSPATH . WPINC . '/update.php');
[620] Fix | Delete
}
[621] Fix | Delete
[622] Fix | Delete
self::requirePluginsApi();
[623] Fix | Delete
[624] Fix | Delete
$this->checkThemeUpdates(!$initial, false);
[625] Fix | Delete
$update_themes = get_site_transient('update_themes');
[626] Fix | Delete
[627] Fix | Delete
$vulnerabilities = array();
[628] Fix | Delete
if ($update_themes && !empty($update_themes->response)) {
[629] Fix | Delete
if (!function_exists('get_plugin_data'))
[630] Fix | Delete
{
[631] Fix | Delete
require_once(ABSPATH . '/wp-admin/includes/plugin.php');
[632] Fix | Delete
}
[633] Fix | Delete
[634] Fix | Delete
foreach ($update_themes->response as $themeSlug => $vals) {
[635] Fix | Delete
[636] Fix | Delete
$valsArray = (array) $vals;
[637] Fix | Delete
$theme = wp_get_theme($themeSlug);
[638] Fix | Delete
[639] Fix | Delete
$record = array();
[640] Fix | Delete
$record['slug'] = $themeSlug;
[641] Fix | Delete
$record['toVersion'] = (isset($valsArray['new_version']) ? $valsArray['new_version'] : 'Unknown');
[642] Fix | Delete
$record['fromVersion'] = $theme->version;
[643] Fix | Delete
$record['vulnerable'] = false;
[644] Fix | Delete
$vulnerabilities[] = $record;
[645] Fix | Delete
}
[646] Fix | Delete
[647] Fix | Delete
try {
[648] Fix | Delete
$result = $this->api->call('theme_vulnerability_check', array(), array(
[649] Fix | Delete
'themes' => json_encode($vulnerabilities),
[650] Fix | Delete
));
[651] Fix | Delete
[652] Fix | Delete
foreach ($vulnerabilities as &$v) {
[653] Fix | Delete
$vulnerableList = $result['vulnerable'];
[654] Fix | Delete
foreach ($vulnerableList as $r) {
[655] Fix | Delete
if ($r['slug'] == $v['slug']) {
[656] Fix | Delete
$v['vulnerable'] = !!$r['vulnerable'];
[657] Fix | Delete
if (isset($r['link'])) {
[658] Fix | Delete
$v['link'] = $r['link'];
[659] Fix | Delete
}
[660] Fix | Delete
if (isset($r['score'])) {
[661] Fix | Delete
$v['score'] = $r['score'];
[662] Fix | Delete
}
[663] Fix | Delete
if (isset($r['vector'])) {
[664] Fix | Delete
$v['vector'] = $r['vector'];
[665] Fix | Delete
}
[666] Fix | Delete
break;
[667] Fix | Delete
}
[668] Fix | Delete
}
[669] Fix | Delete
}
[670] Fix | Delete
}
[671] Fix | Delete
catch (Exception $e) {
[672] Fix | Delete
//Do nothing
[673] Fix | Delete
}
[674] Fix | Delete
[675] Fix | Delete
wfConfig::set_ser('vulnerabilities_theme', $vulnerabilities, false, wfConfig::DONT_AUTOLOAD);
[676] Fix | Delete
}
[677] Fix | Delete
}
[678] Fix | Delete
[679] Fix | Delete
/**
[680] Fix | Delete
* Returns whether the core version is vulnerable. Available $which values are `current` for the version running now,
[681] Fix | Delete
* `patch` for the patch update (if available), and `edge` for the most recent update available. `patch` and `edge`
[682] Fix | Delete
* are accurate only if an update is actually available and will return false otherwise.
[683] Fix | Delete
*
[684] Fix | Delete
* @param string $which
[685] Fix | Delete
* @return bool
[686] Fix | Delete
*/
[687] Fix | Delete
public function isCoreVulnerable($which = 'current') {
[688] Fix | Delete
static $_vulnerabilitiesRefreshed = false;
[689] Fix | Delete
$vulnerabilities = wfConfig::get_ser('vulnerabilities_core', null);
[690] Fix | Delete
if ($vulnerabilities === null) {
[691] Fix | Delete
if (!$_vulnerabilitiesRefreshed) {
[692] Fix | Delete
$this->checkCoreVulnerabilities(true);
[693] Fix | Delete
$_vulnerabilitiesRefreshed = true;
[694] Fix | Delete
}
[695] Fix | Delete
[696] Fix | Delete
//Verify that we got a valid response, if not, avoid infinite recursion
[697] Fix | Delete
$vulnerabilities = wfConfig::get_ser('vulnerabilities_core', null);
[698] Fix | Delete
if ($vulnerabilities === null) {
[699] Fix | Delete
wordfence::status(4, 'error', __("Failed obtaining core vulnerability data, skipping check.", 'wordfence'));
[700] Fix | Delete
return false;
[701] Fix | Delete
}
[702] Fix | Delete
[703] Fix | Delete
return $this->isCoreVulnerable($which);
[704] Fix | Delete
}
[705] Fix | Delete
[706] Fix | Delete
if (!isset($vulnerabilities[$which])) {
[707] Fix | Delete
return false;
[708] Fix | Delete
}
[709] Fix | Delete
[710] Fix | Delete
return !!$vulnerabilities[$which]['vulnerable'];
[711] Fix | Delete
}
[712] Fix | Delete
[713] Fix | Delete
public function isPluginVulnerable($slug, $version) {
[714] Fix | Delete
return $this->_isSlugVulnerable('vulnerabilities_plugin', $slug, $version, function(){ $this->checkPluginVulnerabilities(true); });
[715] Fix | Delete
}
[716] Fix | Delete
[717] Fix | Delete
public function isThemeVulnerable($slug, $version) {
[718] Fix | Delete
return $this->_isSlugVulnerable('vulnerabilities_theme', $slug, $version, function(){ $this->checkThemeVulnerabilities(true); });
[719] Fix | Delete
}
[720] Fix | Delete
[721] Fix | Delete
private function _isSlugVulnerable($vulnerabilitiesKey, $slug, $version, $populateVulnerabilities=null) {
[722] Fix | Delete
static $_vulnerabilitiesRefreshed = array();
[723] Fix | Delete
$vulnerabilities = wfConfig::get_ser($vulnerabilitiesKey, null);
[724] Fix | Delete
if ( $vulnerabilities === null) {
[725] Fix | Delete
if (is_callable($populateVulnerabilities)) {
[726] Fix | Delete
if (!isset($_vulnerabilitiesRefreshed[$vulnerabilitiesKey])) {
[727] Fix | Delete
$populateVulnerabilities();
[728] Fix | Delete
$_vulnerabilitiesRefreshed[$vulnerabilitiesKey] = true;
[729] Fix | Delete
}
[730] Fix | Delete
[731] Fix | Delete
$vulnerabilities = wfConfig::get_ser($vulnerabilitiesKey, null);
[732] Fix | Delete
if ($vulnerabilities === null) {
[733] Fix | Delete
wordfence::status(4, 'error', __("Failed obtaining vulnerability data, skipping check.", 'wordfence'));
[734] Fix | Delete
return false;
[735] Fix | Delete
}
[736] Fix | Delete
[737] Fix | Delete
return $this->_isSlugVulnerable($vulnerabilitiesKey, $slug, $version);
[738] Fix | Delete
}
[739] Fix | Delete
return false;
[740] Fix | Delete
}
[741] Fix | Delete
foreach ($vulnerabilities as $v) {
[742] Fix | Delete
if ($v['slug'] == $slug) {
[743] Fix | Delete
if (
[744] Fix | Delete
($v['fromVersion'] == 'Unknown' && $v['toVersion'] == 'Unknown') ||
[745] Fix | Delete
((!isset($v['toVersion']) || $v['toVersion'] == 'Unknown') && version_compare($version, $v['fromVersion']) >= 0) ||
[746] Fix | Delete
($v['fromVersion'] == 'Unknown' && isset($v['toVersion']) && version_compare($version, $v['toVersion']) < 0) ||
[747] Fix | Delete
(version_compare($version, $v['fromVersion']) >= 0 && isset($v['toVersion']) && version_compare($version, $v['toVersion']) < 0)
[748] Fix | Delete
) {
[749] Fix | Delete
if ($v['vulnerable']) { return $v; }
[750] Fix | Delete
return false;
[751] Fix | Delete
}
[752] Fix | Delete
}
[753] Fix | Delete
}
[754] Fix | Delete
return false;
[755] Fix | Delete
}
[756] Fix | Delete
[757] Fix | Delete
/**
[758] Fix | Delete
* @return boolean
[759] Fix | Delete
*/
[760] Fix | Delete
public function needsCoreUpdate() {
[761] Fix | Delete
return $this->needs_core_update;
[762] Fix | Delete
}
[763] Fix | Delete
[764] Fix | Delete
/**
[765] Fix | Delete
* @return string
[766] Fix | Delete
*/
[767] Fix | Delete
public function getCoreUpdateVersion() {
[768] Fix | Delete
return $this->core_update_version;
[769] Fix | Delete
}
[770] Fix | Delete
[771] Fix | Delete
/**
[772] Fix | Delete
* Returns true if there is a patch version available for the site's current minor branch and the site is not on
[773] Fix | Delete
* the most recent minor branch (e.g., a backported security update).
[774] Fix | Delete
*
[775] Fix | Delete
* Example: suppose the site is currently on 4.1.37. This will return true and `getCoreUpdatePatchVersion` will
[776] Fix | Delete
* return 4.1.39. `getCoreUpdateVersion` will return 6.4.2 (as of writing this comment).
[777] Fix | Delete
*
[778] Fix | Delete
* @return bool
[779] Fix | Delete
*/
[780] Fix | Delete
public function coreUpdatePatchAvailable() {
[781] Fix | Delete
return $this->core_update_patch_available;
[782] Fix | Delete
}
[783] Fix | Delete
[784] Fix | Delete
/**
[785] Fix | Delete
* The version number for the patch update if available.
[786] Fix | Delete
*
[787] Fix | Delete
* @return string
[788] Fix | Delete
*/
[789] Fix | Delete
public function getCoreUpdatePatchVersion() {
[790] Fix | Delete
return $this->core_update_patch_version;
[791] Fix | Delete
}
[792] Fix | Delete
[793] Fix | Delete
/**
[794] Fix | Delete
* Returns whether or not the current core version is on a major or minor release earlier than the current available
[795] Fix | Delete
* edge update.
[796] Fix | Delete
*
[797] Fix | Delete
* @return bool
[798] Fix | Delete
*/
[799] Fix | Delete
public function getCoreEarlierBranch() {
[800] Fix | Delete
return $this->core_earlier_branch;
[801] Fix | Delete
}
[802] Fix | Delete
[803] Fix | Delete
/**
[804] Fix | Delete
* @return array
[805] Fix | Delete
*/
[806] Fix | Delete
public function getPluginUpdates() {
[807] Fix | Delete
return $this->plugin_updates;
[808] Fix | Delete
}
[809] Fix | Delete
[810] Fix | Delete
/**
[811] Fix | Delete
* @return array
[812] Fix | Delete
*/
[813] Fix | Delete
public function getAllPlugins() {
[814] Fix | Delete
return $this->all_plugins;
[815] Fix | Delete
}
[816] Fix | Delete
[817] Fix | Delete
/**
[818] Fix | Delete
* @return array
[819] Fix | Delete
*/
[820] Fix | Delete
public function getPluginSlugs() {
[821] Fix | Delete
return $this->plugin_slugs;
[822] Fix | Delete
}
[823] Fix | Delete
[824] Fix | Delete
/**
[825] Fix | Delete
* @return array
[826] Fix | Delete
*/
[827] Fix | Delete
public function getThemeUpdates() {
[828] Fix | Delete
return $this->theme_updates;
[829] Fix | Delete
}
[830] Fix | Delete
}
[831] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function