Edit File by line

<?php

[0] Fix | Delete

require_once(dirname(__FILE__) . '/wordfenceConstants.php');

[1] Fix | Delete

require_once(dirname(__FILE__) . '/wfScanEngine.php');

[2] Fix | Delete

require_once(dirname(__FILE__) . '/wfScan.php');

[3] Fix | Delete

require_once(dirname(__FILE__) . '/wfScanMonitor.php');

[4] Fix | Delete

require_once(dirname(__FILE__) . '/wfCrawl.php');

[5] Fix | Delete

require_once(dirname(__FILE__) . '/Diff.php');

[6] Fix | Delete

require_once(dirname(__FILE__) . '/Diff/Renderer/Html/SideBySide.php');

[7] Fix | Delete

require_once(dirname(__FILE__) . '/wfAPI.php');

[8] Fix | Delete

require_once(dirname(__FILE__) . '/wfIssues.php');

[9] Fix | Delete

require_once(dirname(__FILE__) . '/wfDB.php');

[10] Fix | Delete

require_once(dirname(__FILE__) . '/wfUtils.php');

[11] Fix | Delete

require_once(dirname(__FILE__) . '/wfLog.php');

[12] Fix | Delete

require_once(dirname(__FILE__) . '/wfConfig.php');

[13] Fix | Delete

require_once(dirname(__FILE__) . '/wfSchema.php');

[14] Fix | Delete

require_once(dirname(__FILE__) . '/wfCache.php');

[15] Fix | Delete

require_once(dirname(__FILE__) . '/wfCrypt.php');

[16] Fix | Delete

require_once(dirname(__FILE__) . '/wfMD5BloomFilter.php');

[17] Fix | Delete

require_once(dirname(__FILE__) . '/wfView.php');

[18] Fix | Delete

require_once(dirname(__FILE__) . '/wfHelperString.php');

[19] Fix | Delete

require_once(dirname(__FILE__) . '/wfDirectoryIterator.php');

[20] Fix | Delete

require_once(dirname(__FILE__) . '/wfUpdateCheck.php');

[21] Fix | Delete

require_once(dirname(__FILE__) . '/wfActivityReport.php');

[22] Fix | Delete

require_once(dirname(__FILE__) . '/wfHelperBin.php');

[23] Fix | Delete

require_once(dirname(__FILE__) . '/wfDiagnostic.php');

[24] Fix | Delete

require_once(dirname(__FILE__) . '/wfStyle.php');

[25] Fix | Delete

require_once(dirname(__FILE__) . '/wfDashboard.php');

[26] Fix | Delete

require_once(dirname(__FILE__) . '/wfNotification.php');

[27] Fix | Delete

[28] Fix | Delete

require_once(dirname(__FILE__) . '/../models/page/wfPage.php');

[29] Fix | Delete

require_once(dirname(__FILE__) . '/../models/common/wfTab.php');

[30] Fix | Delete

require_once(dirname(__FILE__) . '/../models/block/wfBlock.php');

[31] Fix | Delete

require_once(dirname(__FILE__) . '/../models/block/wfRateLimit.php');

[32] Fix | Delete

require_once(dirname(__FILE__) . '/../models/firewall/wfFirewall.php');

[33] Fix | Delete

require_once(dirname(__FILE__) . '/../models/scanner/wfScanner.php');

[34] Fix | Delete

require_once(dirname(__FILE__) . '/wfPersistenceController.php');

[35] Fix | Delete

require_once(dirname(__FILE__) . '/wfImportExportController.php');

[36] Fix | Delete

require_once(dirname(__FILE__) . '/wfOnboardingController.php');

[37] Fix | Delete

require_once(dirname(__FILE__) . '/wfSupportController.php');

[38] Fix | Delete

require_once(dirname(__FILE__) . '/wfCredentialsController.php');

[39] Fix | Delete

require_once(dirname(__FILE__) . '/wfVersionCheckController.php');

[40] Fix | Delete

require_once(dirname(__FILE__) . '/wfDateLocalization.php');

[41] Fix | Delete

require_once(dirname(__FILE__) . '/wfAdminNoticeQueue.php');

[42] Fix | Delete

require_once(dirname(__FILE__) . '/wfModuleController.php');

[43] Fix | Delete

require_once(dirname(__FILE__) . '/wfAlerts.php');

[44] Fix | Delete

require_once(dirname(__FILE__) . '/wfDeactivationOption.php');

[45] Fix | Delete

[46] Fix | Delete

if (version_compare(phpversion(), '5.3', '>=')) {

[47] Fix | Delete

require_once(dirname(__FILE__) . '/WFLSPHP52Compatability.php');

[48] Fix | Delete

define('WORDFENCE_USE_LEGACY_2FA', wfCredentialsController::useLegacy2FA());

[49] Fix | Delete

$wfCoreLoading = true;

[50] Fix | Delete

require(dirname(__FILE__) . '/../modules/login-security/wordfence-login-security.php');

[51] Fix | Delete

}

[52] Fix | Delete

[53] Fix | Delete

require_once(dirname(__FILE__) . '/wfJWT.php');

[54] Fix | Delete

require_once(dirname(__FILE__) . '/wfCentralAPI.php');

[55] Fix | Delete

[56] Fix | Delete

if (class_exists('WP_REST_Users_Controller')) { //WP 4.7+

[57] Fix | Delete

require_once(dirname(__FILE__) . '/wfRESTAPI.php');

[58] Fix | Delete

}

[59] Fix | Delete

if (wfCentral::isSupported()) { //WP 4.4.0+

[60] Fix | Delete

require_once(dirname(__FILE__) . '/rest-api/wfRESTAuthenticationController.php');

[61] Fix | Delete

require_once(dirname(__FILE__) . '/rest-api/wfRESTConfigController.php');

[62] Fix | Delete

require_once(dirname(__FILE__) . '/rest-api/wfRESTScanController.php');

[63] Fix | Delete

}

[64] Fix | Delete

[65] Fix | Delete

class wordfence {

[66] Fix | Delete

public static $printStatus = false;

[67] Fix | Delete

public static $wordfence_wp_version = false;

[68] Fix | Delete

/**

[69] Fix | Delete

* @var WP_Error

[70] Fix | Delete

[71] Fix | Delete

public static $authError;

[72] Fix | Delete

private static $passwordCodePattern = '/\s+wf([a-z0-9 ]+)$/i';

[73] Fix | Delete

protected static $lastURLError = false;

[74] Fix | Delete

protected static $curlContent = "";

[75] Fix | Delete

protected static $curlDataWritten = 0;

[76] Fix | Delete

protected static $hasher = '';

[77] Fix | Delete

protected static $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

[78] Fix | Delete

protected static $ignoreList = false;

[79] Fix | Delete

private static $wfLog = false;

[80] Fix | Delete

private static $hitID = 0;

[81] Fix | Delete

private static $debugOn = null;

[82] Fix | Delete

private static $runInstallCalled = false;

[83] Fix | Delete

private static $userDat = false;

[84] Fix | Delete

[85] Fix | Delete

const ATTACK_DATA_BODY_LIMIT=41943040; //40MB

[86] Fix | Delete

[87] Fix | Delete

public static function installPlugin(){

[88] Fix | Delete

self::runInstall();

[89] Fix | Delete

[90] Fix | Delete

if (get_current_user_id() > 0) {

[91] Fix | Delete

wfConfig::set('activatingIP', wfUtils::getIP());

[92] Fix | Delete

}

[93] Fix | Delete

[94] Fix | Delete

//Used by MU code below

[95] Fix | Delete

update_option('wordfenceActivated', 1);

[96] Fix | Delete

[97] Fix | Delete

if (defined('WORDFENCE_LS_FROM_CORE') && WORDFENCE_LS_FROM_CORE) {

[98] Fix | Delete

WFLSPHP52Compatability::install_plugin();

[99] Fix | Delete

}

[100] Fix | Delete

}

[101] Fix | Delete

public static function uninstallPlugin(){

[102] Fix | Delete

//Send admin alert

[103] Fix | Delete

$currentUser = wp_get_current_user();

[104] Fix | Delete

$username = $currentUser->user_login;

[105] Fix | Delete

$alertCallback = array(new wfWordfenceDeactivatedAlert($username, wfUtils::getIP()), 'send');

[106] Fix | Delete

do_action('wordfence_security_event', 'wordfenceDeactivated', array(

[107] Fix | Delete

'username' => $username,

[108] Fix | Delete

'ip' => wfUtils::getIP(),

[109] Fix | Delete

), $alertCallback);

[110] Fix | Delete

[111] Fix | Delete

//Check if caching is enabled and if it is, disable it and fix the .htaccess file.

[112] Fix | Delete

wfCache::removeCaching();

[113] Fix | Delete

[114] Fix | Delete

//Used by MU code below

[115] Fix | Delete

update_option('wordfenceActivated', 0);

[116] Fix | Delete

wp_clear_scheduled_hook('wordfence_daily_cron');

[117] Fix | Delete

wp_clear_scheduled_hook('wordfence_hourly_cron');

[118] Fix | Delete

wp_clear_scheduled_hook('wordfence_daily_autoUpdate');

[119] Fix | Delete

[120] Fix | Delete

//Remove old legacy cron job if it exists

[121] Fix | Delete

wp_clear_scheduled_hook('wordfence_scheduled_scan');

[122] Fix | Delete

[123] Fix | Delete

//Remove all scheduled scans.

[124] Fix | Delete

wfScanner::shared()->unscheduleAllScans();

[125] Fix | Delete

wfScanMonitor::handleDeactivation();

[126] Fix | Delete

[127] Fix | Delete

// Remove cron for email summary

[128] Fix | Delete

wfActivityReport::clearCronJobs();

[129] Fix | Delete

[130] Fix | Delete

// Remove the admin user list so it can be regenerated if Wordfence is reactivated.

[131] Fix | Delete

wfConfig::set_ser('adminUserList', false);

[132] Fix | Delete

[133] Fix | Delete

if (!WFWAF_SUBDIRECTORY_INSTALL) {

[134] Fix | Delete

wfWAFConfig::set('wafDisabled', true);

[135] Fix | Delete

}

[136] Fix | Delete

[137] Fix | Delete

if(wfConfig::get('deleteTablesOnDeact')){

[138] Fix | Delete

if (wfCentral::isSupported() && wfCentral::isConnected()) {

[139] Fix | Delete

self::ajax_wfcentral_disconnect_callback();

[140] Fix | Delete

}

[141] Fix | Delete

[142] Fix | Delete

wfConfig::updateTableExists(false);

[143] Fix | Delete

$schema = new wfSchema();

[144] Fix | Delete

$schema->dropAll();

[145] Fix | Delete

foreach(array('wordfence_version', 'wordfenceActivated', wfSchema::TABLE_CASE_OPTION) as $opt) {

[146] Fix | Delete

if (is_multisite() && function_exists('delete_network_option')) {

[147] Fix | Delete

delete_network_option(null, $opt);

[148] Fix | Delete

}

[149] Fix | Delete

delete_option($opt);

[150] Fix | Delete

}

[151] Fix | Delete

[152] Fix | Delete

if (!WFWAF_SUBDIRECTORY_INSTALL) {

[153] Fix | Delete

try {

[154] Fix | Delete

if (WFWAF_AUTO_PREPEND) {

[155] Fix | Delete

$helper = new wfWAFAutoPrependHelper();

[156] Fix | Delete

if ($helper->uninstall()) {

[157] Fix | Delete

wfWAF::getInstance()->uninstall();

[158] Fix | Delete

}

[159] Fix | Delete

} else {

[160] Fix | Delete

wfWAF::getInstance()->uninstall();

[161] Fix | Delete

}

[162] Fix | Delete

} catch (wfWAFStorageFileException $e) {

[163] Fix | Delete

error_log($e->getMessage());

[164] Fix | Delete

} catch (wfWAFStorageEngineMySQLiException $e) {

[165] Fix | Delete

error_log($e->getMessage());

[166] Fix | Delete

}

[167] Fix | Delete

}

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

if (defined('WORDFENCE_LS_FROM_CORE') && WORDFENCE_LS_FROM_CORE) {

[171] Fix | Delete

WFLSPHP52Compatability::uninstall_plugin();

[172] Fix | Delete

}

[173] Fix | Delete

}

[174] Fix | Delete

public static function hourlyCron() {

[175] Fix | Delete

wfLog::trimHumanCache();

[176] Fix | Delete

[177] Fix | Delete

wfRateLimit::trimData();

[178] Fix | Delete

[179] Fix | Delete

wfCentral::checkForUnsentSecurityEvents();

[180] Fix | Delete

wfCentral::populateCentralSiteUrl();

[181] Fix | Delete

[182] Fix | Delete

wfVersionCheckController::shared()->checkVersionsAndWarn();

[183] Fix | Delete

[184] Fix | Delete

if (wfScanner::shared()->shouldRunQuickScan()) {

[185] Fix | Delete

wfScanner::shared()->recordLastQuickScanTime();

[186] Fix | Delete

wfScanEngine::startScan(false, wfScanner::SCAN_TYPE_QUICK);

[187] Fix | Delete

}

[188] Fix | Delete

}

[189] Fix | Delete

private static function keyAlert($msg){

[190] Fix | Delete

self::alert($msg, $msg . " " . __("To ensure uninterrupted Premium Wordfence protection on your site,\nplease renew your license by visiting http://www.wordfence.com/ Sign in, go to your dashboard,\nselect the license about to expire and click the button to renew that license.", 'wordfence'), false);

[191] Fix | Delete

}

[192] Fix | Delete

private static function pingApiKey() {

[193] Fix | Delete

$apiKey = wfConfig::get('apiKey');

[194] Fix | Delete

if (empty($apiKey))

[195] Fix | Delete

return;

[196] Fix | Delete

$api = new wfAPI($apiKey, wfUtils::getWPVersion());

[197] Fix | Delete

try {

[198] Fix | Delete

$keyType = wfLicense::KEY_TYPE_FREE;

[199] Fix | Delete

$keyData = $api->call('ping_api_key', array(), array('supportHash' => wfConfig::get('supportHash', ''), 'whitelistHash' => wfConfig::get('whitelistHash', ''), 'tldlistHash' => wfConfig::get('tldlistHash', ''), 'ipResolutionListHash' => wfConfig::get('ipResolutionListHash', '')));

[200] Fix | Delete

if (isset($keyData['_isPaidKey'])) {

[201] Fix | Delete

$keyType = wfConfig::get('keyType');

[202] Fix | Delete

}

[203] Fix | Delete

[204] Fix | Delete

if (isset($keyData['_feedbackBasis'])) {

[205] Fix | Delete

wfConfig::setBool('satisfactionPromptOverride', $keyData['_feedbackBasis'] > WORDFENCE_FEEDBACK_EPOCH);

[206] Fix | Delete

}

[207] Fix | Delete

[208] Fix | Delete

if(isset($keyData['_isPaidKey']) && $keyData['_isPaidKey']){

[209] Fix | Delete

$keyExpDays = $keyData['_keyExpDays'];

[210] Fix | Delete

$keyIsExpired = $keyData['_expired'];

[211] Fix | Delete

if (!empty($keyData['_autoRenew'])) {

[212] Fix | Delete

if ($keyExpDays > 12) {

[213] Fix | Delete

wfConfig::set('keyAutoRenew10Sent', '');

[214] Fix | Delete

} else if ($keyExpDays <= 12 && $keyExpDays > 0 && !wfConfig::get('keyAutoRenew10Sent')) {

[215] Fix | Delete

wfConfig::set('keyAutoRenew10Sent', 1);

[216] Fix | Delete

$email = __("Your Premium Wordfence License is set to auto-renew in 10 days.", 'wordfence');

[217] Fix | Delete

self::alert($email, $email . " " . __("To update your license settings please visit http://www.wordfence.com/zz9/dashboard", 'wordfence'), false);

[218] Fix | Delete

}

[219] Fix | Delete

} else {

[220] Fix | Delete

if($keyExpDays > 15){

[221] Fix | Delete

wfConfig::set('keyExp15Sent', '');

[222] Fix | Delete

wfConfig::set('keyExp7Sent', '');

[223] Fix | Delete

wfConfig::set('keyExp2Sent', '');

[224] Fix | Delete

wfConfig::set('keyExp1Sent', '');

[225] Fix | Delete

wfConfig::set('keyExpFinalSent', '');

[226] Fix | Delete

} else if($keyExpDays <= 15 && $keyExpDays > 0){

[227] Fix | Delete

if($keyExpDays <= 15 && $keyExpDays >= 11 && (! wfConfig::get('keyExp15Sent'))){

[228] Fix | Delete

wfConfig::set('keyExp15Sent', 1);

[229] Fix | Delete

self::keyAlert(__("Your Premium Wordfence License expires in less than 2 weeks.", 'wordfence'));

[230] Fix | Delete

} else if($keyExpDays <= 7 && $keyExpDays >= 4 && (! wfConfig::get('keyExp7Sent'))){

[231] Fix | Delete

wfConfig::set('keyExp7Sent', 1);

[232] Fix | Delete

self::keyAlert(__("Your Premium Wordfence License expires in less than a week.", 'wordfence'));

[233] Fix | Delete

} else if($keyExpDays == 2 && (! wfConfig::get('keyExp2Sent'))){

[234] Fix | Delete

wfConfig::set('keyExp2Sent', 1);

[235] Fix | Delete

self::keyAlert(__("Your Premium Wordfence License expires in 2 days.", 'wordfence'));

[236] Fix | Delete

} else if($keyExpDays == 1 && (! wfConfig::get('keyExp1Sent'))){

[237] Fix | Delete

wfConfig::set('keyExp1Sent', 1);

[238] Fix | Delete

self::keyAlert(__("Your Premium Wordfence License expires in 1 day.", 'wordfence'));

[239] Fix | Delete

}

[240] Fix | Delete

} else if($keyIsExpired && (! wfConfig::get('keyExpFinalSent')) ){

[241] Fix | Delete

wfConfig::set('keyExpFinalSent', 1);

[242] Fix | Delete

self::keyAlert(__("Your Wordfence Premium License has Expired!", 'wordfence'));

[243] Fix | Delete

}

[244] Fix | Delete

}

[245] Fix | Delete

}

[246] Fix | Delete

if (isset($keyData['dashboard'])) {

[247] Fix | Delete

wfConfig::set('lastDashboardCheck', time());

[248] Fix | Delete

wfDashboard::processDashboardResponse($keyData['dashboard']);

[249] Fix | Delete

}

[250] Fix | Delete

if (isset($keyData['support']) && isset($keyData['supportHash'])) {

[251] Fix | Delete

wfConfig::set('supportContent', $keyData['support'], wfConfig::DONT_AUTOLOAD);

[252] Fix | Delete

wfConfig::set('supportHash', $keyData['supportHash']);

[253] Fix | Delete

}

[254] Fix | Delete

if (isset($keyData['_whitelist']) && isset($keyData['_whitelistHash'])) {

[255] Fix | Delete

wfConfig::setJSON('whitelistPresets', $keyData['_whitelist']);

[256] Fix | Delete

wfConfig::set('whitelistHash', $keyData['_whitelistHash']);

[257] Fix | Delete

}

[258] Fix | Delete

if (isset($keyData['_tldlist']) && isset($keyData['_tldlistHash'])) {

[259] Fix | Delete

wfConfig::set('tldlist', $keyData['_tldlist'], wfConfig::DONT_AUTOLOAD);

[260] Fix | Delete

wfConfig::set('tldlistHash', $keyData['_tldlistHash']);

[261] Fix | Delete

}

[262] Fix | Delete

if (isset($keyData['_ipResolutionList']) && isset($keyData['_ipResolutionListHash'])) {

[263] Fix | Delete

wfConfig::setJSON('ipResolutionList', $keyData['_ipResolutionList']);

[264] Fix | Delete

wfConfig::set('ipResolutionListHash', $keyData['_ipResolutionListHash']);

[265] Fix | Delete

}

[266] Fix | Delete

if (isset($keyData['scanSchedule']) && is_array($keyData['scanSchedule'])) {

[267] Fix | Delete

wfConfig::set_ser('noc1ScanSchedule', $keyData['scanSchedule']);

[268] Fix | Delete

if (wfScanner::shared()->schedulingMode() == wfScanner::SCAN_SCHEDULING_MODE_AUTOMATIC) {

[269] Fix | Delete

wfScanner::shared()->scheduleScans();

[270] Fix | Delete

}

[271] Fix | Delete

}

[272] Fix | Delete

if (isset($keyData['showWfCentralUI'])) {

[273] Fix | Delete

wfConfig::set('showWfCentralUI', (int) $keyData['showWfCentralUI']);

[274] Fix | Delete

}

[275] Fix | Delete

[276] Fix | Delete

if (isset($keyData['_keyNoLongerValid']) && $keyData['_keyNoLongerValid'] == 1) {

[277] Fix | Delete

if (wfConfig::get('keyDeletedNotice') !== $apiKey) {

[278] Fix | Delete

$keyDeletedNoticeSent = self::alert(__("The Wordfence Premium License in use on this site has been removed from your account.", 'wordfence'), __("The license you were using has been removed from your account. Please reach out to billing@wordfence.com or create a Premium support case at https://support.wordfence.com/support/tickets for more information. Our staff is happy to help.", 'wordfence'), false);

[279] Fix | Delete

if ($keyDeletedNoticeSent) {

[280] Fix | Delete

wfConfig::set('keyDeletedNotice', $apiKey);

[281] Fix | Delete

}

[282] Fix | Delete

}

[283] Fix | Delete

}

[284] Fix | Delete

[285] Fix | Delete

wfConfig::set('keyType', $keyType);

[286] Fix | Delete

}

[287] Fix | Delete

catch(Exception $e){

[288] Fix | Delete

wordfence::status(4, 'error', sprintf(/* translators: Wordfence license key. */ __("Could not verify Wordfence License: %s", 'wordfence'), $e->getMessage()));

[289] Fix | Delete

}

[290] Fix | Delete

}

[291] Fix | Delete

public static function dailyCron() {

[292] Fix | Delete

$lastDailyCron = (int) wfConfig::get('lastDailyCron', 0);

[293] Fix | Delete

if (($lastDailyCron + 43200) > time()) { //Run no more frequently than every 12 hours

[294] Fix | Delete

return;

[295] Fix | Delete

}

[296] Fix | Delete

[297] Fix | Delete

wfConfig::set('lastDailyCron', time());

[298] Fix | Delete

[299] Fix | Delete

global $wpdb;

[300] Fix | Delete

$version = $wpdb->get_var("SELECT VERSION()");

[301] Fix | Delete

wfConfig::set('dbVersion', $version);

[302] Fix | Delete

[303] Fix | Delete

self::pingApiKey();

[304] Fix | Delete

[305] Fix | Delete

$allowMySQLi = wfConfig::testDB();

[306] Fix | Delete

wfConfig::set('allowMySQLi', $allowMySQLi);

[307] Fix | Delete

[308] Fix | Delete

$wfdb = new wfDB();

[309] Fix | Delete

[310] Fix | Delete

$table_wfLocs = wfDB::networkTable('wfLocs');

[311] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfLocs} where ctime < unix_timestamp() - %d", WORDFENCE_MAX_IPLOC_AGE);

[312] Fix | Delete

[313] Fix | Delete

wfBlock::vacuum();

[314] Fix | Delete

[315] Fix | Delete

$table_wfCrawlers = wfDB::networkTable('wfCrawlers');

[316] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfCrawlers} where lastUpdate < unix_timestamp() - (86400 * 7)");

[317] Fix | Delete

[318] Fix | Delete

self::trimWfHits(true);

[319] Fix | Delete

[320] Fix | Delete

$maxRows = absint(wfConfig::get('liveTraf_maxRows', 2000));; //affects stuff further down too

[321] Fix | Delete

[322] Fix | Delete

$table_wfLogins = wfDB::networkTable('wfLogins');

[323] Fix | Delete

$count2 = $wfdb->querySingle("select count(*) as cnt from {$table_wfLogins}");

[324] Fix | Delete

if($count2 > 20000){

[325] Fix | Delete

$wfdb->truncate($table_wfLogins); //in case of Dos

[326] Fix | Delete

} else if($count2 > $maxRows){

[327] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfLogins} order by ctime asc limit %d", ($count2 - $maxRows));

[328] Fix | Delete

}

[329] Fix | Delete

[330] Fix | Delete

wfCentral::trimSecurityEvents();

[331] Fix | Delete

[332] Fix | Delete

$table_wfReverseCache = wfDB::networkTable('wfReverseCache');

[333] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfReverseCache} where unix_timestamp() - lastUpdate > 86400");

[334] Fix | Delete

[335] Fix | Delete

$table_wfStatus = wfDB::networkTable('wfStatus');

[336] Fix | Delete

$count4 = $wfdb->querySingle("select count(*) as cnt from {$table_wfStatus}");

[337] Fix | Delete

if($count4 > 100000){

[338] Fix | Delete

$wfdb->truncate($table_wfStatus);

[339] Fix | Delete

} else if($count4 > 1000){ //max status events we keep. This determines how much gets emailed to us when users sends us a debug report.

[340] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfStatus} where level != 10 order by ctime asc limit %d", ($count4 - 1000));

[341] Fix | Delete

$count5 = $wfdb->querySingle("select count(*) as cnt from {$table_wfStatus} where level=10");

[342] Fix | Delete

if($count5 > 100){

[343] Fix | Delete

$wfdb->queryWrite("delete from {$table_wfStatus} where level = 10 order by ctime asc limit %d", ($count5 - 100) );

[344] Fix | Delete

}

[345] Fix | Delete

}

[346] Fix | Delete

[347] Fix | Delete

$report = new wfActivityReport();

[348] Fix | Delete

$report->rotateIPLog();

[349] Fix | Delete

self::_refreshUpdateNotification($report, true);

[350] Fix | Delete

[351] Fix | Delete

wfUpdateCheck::syncAllVersionInfo();

[352] Fix | Delete

[353] Fix | Delete

self::purgeWafFailures();

[354] Fix | Delete

[355] Fix | Delete

wfConfig::remove('lastPermissionsTemplateCheck');

[356] Fix | Delete

}

[357] Fix | Delete

public static function _scheduleRefreshUpdateNotification($upgrader = null, $options = null) {

[358] Fix | Delete

$defer = false;

[359] Fix | Delete

if (is_array($options) && isset($options['type']) && $options['type'] == 'core') {

[360] Fix | Delete

$defer = true;

[361] Fix | Delete

set_site_transient('wordfence_updating_notifications', true, 600);

[362] Fix | Delete

}

[363] Fix | Delete

[364] Fix | Delete

if ($defer) {

[365] Fix | Delete

wp_schedule_single_event(time(), 'wordfence_refreshUpdateNotification');

[366] Fix | Delete

}

[367] Fix | Delete

else {

[368] Fix | Delete

self::_refreshUpdateNotification();

[369] Fix | Delete

}

[370] Fix | Delete

}

[371] Fix | Delete

public static function _refreshUpdateNotification($report = null, $useCachedValued = false) {

[372] Fix | Delete

if ($report === null) {

[373] Fix | Delete

$report = new wfActivityReport();

[374] Fix | Delete

}

[375] Fix | Delete

[376] Fix | Delete

$updatesNeeded = $report->getUpdatesNeeded($useCachedValued);

[377] Fix | Delete

if ($updatesNeeded) {

[378] Fix | Delete

$items = array();

[379] Fix | Delete

$plural = false;

[380] Fix | Delete

if ($updatesNeeded['core']) {

[381] Fix | Delete

$items[] = sprintf(/* translators: WordPress version. */ __('WordPress (v%s)', 'wordfence'), esc_html($updatesNeeded['core']));

[382] Fix | Delete

}

[383] Fix | Delete

[384] Fix | Delete

if ($updatesNeeded['plugins']) {

[385] Fix | Delete

$entry = sprintf(/* translators: Number of plugins. */ _n('%d plugin', '%d plugins', count($updatesNeeded['plugins']), 'wordfence'), count($updatesNeeded['plugins']));

[386] Fix | Delete

$items[] = $entry;

[387] Fix | Delete

}

[388] Fix | Delete

[389] Fix | Delete

if ($updatesNeeded['themes']) {

[390] Fix | Delete

$entry = sprintf(/* translators: Number of themes. */ _n('%d theme', '%d themes', count($updatesNeeded['themes']), 'wordfence'), count($updatesNeeded['themes']));

[391] Fix | Delete

$items[] = $entry;

[392] Fix | Delete

}

[393] Fix | Delete

[394] Fix | Delete

$message = _n('An update is available for ', 'Updates are available for ', count($items), 'wordfence');

[395] Fix | Delete

[396] Fix | Delete

for ($i = 0; $i < count($items); $i++) {

[397] Fix | Delete

if ($i > 0 && count($items) > 2) { $message .= ', '; }

[398] Fix | Delete

else if ($i > 0) { $message .= ' '; }

[399] Fix | Delete

if ($i > 0 && $i == count($items) - 1) { $message .= __('and ', 'wordfence'); }

[400] Fix | Delete

$message .= $items[$i];

[401] Fix | Delete

}

[402] Fix | Delete

[403] Fix | Delete

new wfNotification(null, wfNotification::PRIORITY_HIGH_WARNING, '<a href="' . wfUtils::wpAdminURL('update-core.php') . '">' . $message . '</a>', 'wfplugin_updates');

[404] Fix | Delete

}

[405] Fix | Delete

else {

[406] Fix | Delete

$n = wfNotification::getNotificationForCategory('wfplugin_updates');

[407] Fix | Delete

if ($n !== null) {

[408] Fix | Delete

$n->markAsRead();

[409] Fix | Delete

}

[410] Fix | Delete

}

[411] Fix | Delete

[412] Fix | Delete

$i = new wfIssues();

[413] Fix | Delete

$i->reconcileUpgradeIssues($report, true);

[414] Fix | Delete

[415] Fix | Delete

wp_schedule_single_event(time(), 'wordfence_completeCoreUpdateNotification');

[416] Fix | Delete

}

[417] Fix | Delete

public static function _completeCoreUpdateNotification() {

[418] Fix | Delete

//This approach is here because WP Core updates run in a different sequence than plugin/theme updates, so we have to defer the running of the notification update sequence by an extra page load

[419] Fix | Delete

delete_site_transient('wordfence_updating_notifications');

[420] Fix | Delete

[421] Fix | Delete

wfVersionCheckController::shared()->checkVersionsAndWarn();

[422] Fix | Delete

}

[423] Fix | Delete

private static function scheduleCrons($delay = 0) {

[424] Fix | Delete

wp_clear_scheduled_hook('wordfence_daily_cron');

[425] Fix | Delete

wp_clear_scheduled_hook('wordfence_hourly_cron');

[426] Fix | Delete

if (is_main_site()) {

[427] Fix | Delete

wfConfig::remove('lastDailyCron');

[428] Fix | Delete

wp_schedule_event(time() + $delay, 'daily', 'wordfence_daily_cron'); //'daily'

[429] Fix | Delete

wp_schedule_event(time() + $delay, 'hourly', 'wordfence_hourly_cron');

[430] Fix | Delete

}

[431] Fix | Delete

}

[432] Fix | Delete

public static function runInstall(){

[433] Fix | Delete

if(self::$runInstallCalled){ return; }

[434] Fix | Delete

self::$runInstallCalled = true;

[435] Fix | Delete

if (function_exists('ignore_user_abort')) {

[436] Fix | Delete

@ignore_user_abort(true);

[437] Fix | Delete

}

[438] Fix | Delete

if (!defined('DONOTCACHEDB')) { define('DONOTCACHEDB', true); }

[439] Fix | Delete

$previous_version = ((is_multisite() && function_exists('get_network_option')) ? get_network_option(null, 'wordfence_version', '0.0.0') : get_option('wordfence_version', '0.0.0'));

[440] Fix | Delete

if (is_multisite() && function_exists('update_network_option')) {

[441] Fix | Delete

update_network_option(null, 'wordfence_version', WORDFENCE_VERSION); //In case we have a fatal error we don't want to keep running install.

[442] Fix | Delete

}

[443] Fix | Delete

else {

[444] Fix | Delete

update_option('wordfence_version', WORDFENCE_VERSION); //In case we have a fatal error we don't want to keep running install.

[445] Fix | Delete

}

[446] Fix | Delete

[447] Fix | Delete

wordfence::status(4, 'info', sprintf(/* translators: Wordfence version. */ __('`runInstall` called with previous version = %s', 'wordfence'), $previous_version));

[448] Fix | Delete

[449] Fix | Delete

//EVERYTHING HERE MUST BE IDEMPOTENT

[450] Fix | Delete

[451] Fix | Delete

//Remove old legacy cron job if exists

[452] Fix | Delete

wp_clear_scheduled_hook('wordfence_scheduled_scan');

[453] Fix | Delete

[454] Fix | Delete

wfSchema::updateTableCase();

[455] Fix | Delete

$schema = new wfSchema();

[456] Fix | Delete

$schema->createAll(); //if not exists

[457] Fix | Delete

wfConfig::updateTableExists(true);

[458] Fix | Delete

[459] Fix | Delete

/** @var wpdb $wpdb */

[460] Fix | Delete

global $wpdb;

[461] Fix | Delete

[462] Fix | Delete

//6.1.15

[463] Fix | Delete

$configTable = wfDB::networkTable('wfConfig');

[464] Fix | Delete

$hasAutoload = $wpdb->get_col($wpdb->prepare(<<<SQL

[465] Fix | Delete

SELECT * FROM information_schema.COLUMNS

[466] Fix | Delete

WHERE TABLE_SCHEMA=DATABASE()

[467] Fix | Delete

AND COLUMN_NAME='autoload'

[468] Fix | Delete

AND TABLE_NAME=%s

[469] Fix | Delete

SQL

[470] Fix | Delete

, $configTable));

[471] Fix | Delete

if (!$hasAutoload) {

[472] Fix | Delete

$wpdb->query("ALTER TABLE {$configTable} ADD COLUMN autoload ENUM('no', 'yes') NOT NULL DEFAULT 'yes'");

[473] Fix | Delete

$wpdb->query("UPDATE {$configTable} SET autoload = 'no' WHERE name = 'wfsd_engine' OR name LIKE 'wordfence_chunked_%'");

[474] Fix | Delete

}

[475] Fix | Delete

[476] Fix | Delete

$wpdb->query("DELETE FROM $configTable WHERE `name` = 'emailedIssuesList' AND LENGTH(`val`) > 2 * 1024 * 1024");

[477] Fix | Delete

wfConfig::setDefaults(); //If not set

[478] Fix | Delete

[479] Fix | Delete

$restOfSite = wfConfig::get('cbl_restOfSiteBlocked', 'notset');

[480] Fix | Delete

if($restOfSite == 'notset'){

[481] Fix | Delete

wfConfig::set('cbl_restOfSiteBlocked', '1');

[482] Fix | Delete

}

[483] Fix | Delete

[484] Fix | Delete

if(wfConfig::get('autoUpdate') == '1'){

[485] Fix | Delete

wfConfig::enableAutoUpdate(); //Sets up the cron

[486] Fix | Delete

}

[487] Fix | Delete

[488] Fix | Delete

$freshAPIKey = !wfConfig::get('apiKey');

[489] Fix | Delete

if ($freshAPIKey) {

[490] Fix | Delete

wfConfig::set('touppPromptNeeded', true);

[491] Fix | Delete

}

[492] Fix | Delete

[493] Fix | Delete

self::scheduleCrons(15);

[494] Fix | Delete

[495] Fix | Delete

$db = new wfDB();

[496] Fix | Delete

[497] Fix | Delete

// IPv6 schema changes for 6.0.1

[498] Fix | Delete

$tables_with_ips = array(

[499] Fix | Delete

12 3 4 5 6 ...21