Edit File by line

//PUBLIC API

[7500] Fix | Delete

public static function doNotCache(){ //Call this to prevent Wordfence from caching the current page.

[7501] Fix | Delete

wfCache::doNotCache();

[7502] Fix | Delete

return true;

[7503] Fix | Delete

}

[7504] Fix | Delete

public static function whitelistIP($IP){ //IP as a string in dotted quad notation e.g. '10.11.12.13'

[7505] Fix | Delete

$IP = trim($IP);

[7506] Fix | Delete

$user_range = new wfUserIPRange($IP);

[7507] Fix | Delete

if (!$user_range->isValidRange()) {

[7508] Fix | Delete

throw new Exception(__("The IP you provided must be in dotted quad notation or use ranges with square brackets. e.g. 10.11.12.13 or 10.11.12.[1-50]", 'wordfence'));

[7509] Fix | Delete

}

[7510] Fix | Delete

$whites = wfConfig::get('whitelisted', '');

[7511] Fix | Delete

$arr = explode(',', $whites);

[7512] Fix | Delete

$arr2 = array();

[7513] Fix | Delete

foreach($arr as $e){

[7514] Fix | Delete

if($e == $IP){

[7515] Fix | Delete

return false;

[7516] Fix | Delete

}

[7517] Fix | Delete

$arr2[] = trim($e);

[7518] Fix | Delete

}

[7519] Fix | Delete

$arr2[] = $IP;

[7520] Fix | Delete

wfConfig::set('whitelisted', implode(',', $arr2));

[7521] Fix | Delete

return true;

[7522] Fix | Delete

}

[7523] Fix | Delete

[7524] Fix | Delete

public static function ajax_email_summary_email_address_debug_callback() {

[7525] Fix | Delete

$email = !empty($_REQUEST['email']) ? $_REQUEST['email'] : null;

[7526] Fix | Delete

if (!wfUtils::isValidEmail($email)) {

[7527] Fix | Delete

return array('result' => __('Invalid email address provided', 'wordfence'));

[7528] Fix | Delete

}

[7529] Fix | Delete

[7530] Fix | Delete

$report = new wfActivityReport();

[7531] Fix | Delete

return $report->sendReportViaEmail($email) ?

[7532] Fix | Delete

array('ok' => 1, 'result' => __('Test email sent successfully', 'wordfence')) :

[7533] Fix | Delete

array('result' => __("Test email failed to send", 'wordfence'));

[7534] Fix | Delete

}

[7535] Fix | Delete

[7536] Fix | Delete

public static function addDashboardWidget() {

[7537] Fix | Delete

if (wfUtils::isAdmin() && (is_network_admin() || !is_multisite()) && wfConfig::get('email_summary_dashboard_widget_enabled')) {

[7538] Fix | Delete

wp_enqueue_style('wordfence-activity-report-widget', wfUtils::getBaseURL() . wfUtils::versionedAsset('css/activity-report-widget.css'), '', WORDFENCE_VERSION);

[7539] Fix | Delete

$report_date_range = 'week';

[7540] Fix | Delete

switch (wfConfig::get('email_summary_interval')) {

[7541] Fix | Delete

case 'daily':

[7542] Fix | Delete

$report_date_range = 'day';

[7543] Fix | Delete

break;

[7544] Fix | Delete

[7545] Fix | Delete

case 'monthly':

[7546] Fix | Delete

$report_date_range = 'month';

[7547] Fix | Delete

break;

[7548] Fix | Delete

}

[7549] Fix | Delete

wp_add_dashboard_widget(

[7550] Fix | Delete

'wordfence_activity_report_widget',

[7551] Fix | Delete

sprintf(/* translators: Localized date range. */ __('Wordfence activity in the past %s', 'wordfence'), $report_date_range),

[7552] Fix | Delete

array('wfActivityReport', 'outputDashboardWidget')

[7553] Fix | Delete

);

[7554] Fix | Delete

}

[7555] Fix | Delete

}

[7556] Fix | Delete

[7557] Fix | Delete

/**

[7558] Fix | Delete

* @return bool

[7559] Fix | Delete

[7560] Fix | Delete

public static function hasGDLimitLoginsMUPlugin() {

[7561] Fix | Delete

return defined('GD_SYSTEM_PLUGIN_DIR') && file_exists(GD_SYSTEM_PLUGIN_DIR . 'limit-login-attempts/limit-login-attempts.php')

[7562] Fix | Delete

&& defined('LIMIT_LOGIN_DIRECT_ADDR');

[7563] Fix | Delete

}

[7564] Fix | Delete

[7565] Fix | Delete

/**

[7566] Fix | Delete

* @param string $content

[7567] Fix | Delete

* @return string

[7568] Fix | Delete

[7569] Fix | Delete

public static function fixGDLimitLoginsErrors($content) {

[7570] Fix | Delete

if (self::$authError) {

[7571] Fix | Delete

$content = str_replace(wp_kses(__('<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts'), array('strong'=>array())) . "<br />\n", '', $content);

[7572] Fix | Delete

$content .= '<br />' . self::$authError->get_error_message();

[7573] Fix | Delete

}

[7574] Fix | Delete

return $content;

[7575] Fix | Delete

}

[7576] Fix | Delete

[7577] Fix | Delete

/**

[7578] Fix | Delete

* @return array

[7579] Fix | Delete

[7580] Fix | Delete

public static function ajax_deleteAdminUser_callback() {

[7581] Fix | Delete

/** @var wpdb $wpdb */

[7582] Fix | Delete

global $wpdb;

[7583] Fix | Delete

$issueID = absint(!empty($_POST['issueID']) ? $_POST['issueID'] : 0);

[7584] Fix | Delete

$wfIssues = new wfIssues();

[7585] Fix | Delete

$issue = $wfIssues->getIssueByID($issueID);

[7586] Fix | Delete

if (!$issue) {

[7587] Fix | Delete

return array('errorMsg' => __("We could not find that issue in our database.", 'wordfence'));

[7588] Fix | Delete

}

[7589] Fix | Delete

$data = $issue['data'];

[7590] Fix | Delete

if (empty($data['userID'])) {

[7591] Fix | Delete

return array('errorMsg' => __("We could not find that user in the database.", 'wordfence'));

[7592] Fix | Delete

}

[7593] Fix | Delete

$user = new WP_User($data['userID']);

[7594] Fix | Delete

if (!$user->exists()) {

[7595] Fix | Delete

return array('errorMsg' => __("We could not find that user in the database.", 'wordfence'));

[7596] Fix | Delete

}

[7597] Fix | Delete

$userLogin = $user->user_login;

[7598] Fix | Delete

if (is_multisite() && strcasecmp($user->user_email, get_site_option('admin_email')) === 0) {

[7599] Fix | Delete

return array('errorMsg' => __("This user's email is the network admin email. It will need to be changed before deleting this user.", 'wordfence'));

[7600] Fix | Delete

}

[7601] Fix | Delete

if (is_multisite()) {

[7602] Fix | Delete

revoke_super_admin($data['userID']);

[7603] Fix | Delete

}

[7604] Fix | Delete

wp_delete_user($data['userID']);

[7605] Fix | Delete

if (is_multisite()) {

[7606] Fix | Delete

$wpdb->delete($wpdb->users, array('ID' => $data['userID']));

[7607] Fix | Delete

}

[7608] Fix | Delete

$wfIssues->deleteIssue($issueID);

[7609] Fix | Delete

wfScanEngine::refreshScanNotification($wfIssues);

[7610] Fix | Delete

[7611] Fix | Delete

return array(

[7612] Fix | Delete

'ok' => 1,

[7613] Fix | Delete

'user_login' => $userLogin,

[7614] Fix | Delete

);

[7615] Fix | Delete

}

[7616] Fix | Delete

[7617] Fix | Delete

public static function ajax_revokeAdminUser_callback() {

[7618] Fix | Delete

$issueID = absint(!empty($_POST['issueID']) ? $_POST['issueID'] : 0);

[7619] Fix | Delete

$wfIssues = new wfIssues();

[7620] Fix | Delete

$issue = $wfIssues->getIssueByID($issueID);

[7621] Fix | Delete

if (!$issue) {

[7622] Fix | Delete

return array('errorMsg' => __("We could not find that issue in our database.", 'wordfence'));

[7623] Fix | Delete

}

[7624] Fix | Delete

$data = $issue['data'];

[7625] Fix | Delete

if (empty($data['userID'])) {

[7626] Fix | Delete

return array('errorMsg' => __("We could not find that user in the database.", 'wordfence'));

[7627] Fix | Delete

}

[7628] Fix | Delete

$user = new WP_User($data['userID']);

[7629] Fix | Delete

$userLogin = $user->user_login;

[7630] Fix | Delete

wp_revoke_user($data['userID']);

[7631] Fix | Delete

if (is_multisite()) {

[7632] Fix | Delete

revoke_super_admin($data['userID']);

[7633] Fix | Delete

}

[7634] Fix | Delete

[7635] Fix | Delete

$wfIssues->deleteIssue($issueID);

[7636] Fix | Delete

wfScanEngine::refreshScanNotification($wfIssues);

[7637] Fix | Delete

[7638] Fix | Delete

return array(

[7639] Fix | Delete

'ok' => 1,

[7640] Fix | Delete

'user_login' => $userLogin,

[7641] Fix | Delete

);

[7642] Fix | Delete

}

[7643] Fix | Delete

[7644] Fix | Delete

public static function ajax_acknowledgeAdminUser_callback() {

[7645] Fix | Delete

$issueID = absint(!empty($_POST['issueID']) ? $_POST['issueID'] : 0);

[7646] Fix | Delete

$wfIssues = new wfIssues();

[7647] Fix | Delete

$issue = $wfIssues->getIssueByID($issueID);

[7648] Fix | Delete

if (!$issue) {

[7649] Fix | Delete

return array('errorMsg' => __("We could not find that issue in the database.", 'wordfence'));

[7650] Fix | Delete

}

[7651] Fix | Delete

$data = $issue['data'];

[7652] Fix | Delete

if (empty($data['userID'])) {

[7653] Fix | Delete

return array('errorMsg' => __("We could not find that user in the database.", 'wordfence'));

[7654] Fix | Delete

}

[7655] Fix | Delete

$user = new WP_User($data['userID']);

[7656] Fix | Delete

if (!$user->exists()) {

[7657] Fix | Delete

return array('errorMsg' => __("We could not find that user in the database.", 'wordfence'));

[7658] Fix | Delete

}

[7659] Fix | Delete

$userLogin = $user->user_login;

[7660] Fix | Delete

[7661] Fix | Delete

$adminUsers = new wfAdminUserMonitor();

[7662] Fix | Delete

$adminUsers->addAdmin($data['userID']);

[7663] Fix | Delete

[7664] Fix | Delete

$wfIssues->deleteIssue($issueID);

[7665] Fix | Delete

wfScanEngine::refreshScanNotification($wfIssues);

[7666] Fix | Delete

[7667] Fix | Delete

return array(

[7668] Fix | Delete

'ok' => 1,

[7669] Fix | Delete

'user_login' => $userLogin,

[7670] Fix | Delete

);

[7671] Fix | Delete

}

[7672] Fix | Delete

[7673] Fix | Delete

/**

[7674] Fix | Delete

[7675] Fix | Delete

[7676] Fix | Delete

public static function ajax_disableDirectoryListing_callback() {

[7677] Fix | Delete

$issueID = absint($_POST['issueID']);

[7678] Fix | Delete

$wfIssues = new wfIssues();

[7679] Fix | Delete

$issue = $wfIssues->getIssueByID($issueID);

[7680] Fix | Delete

if (!$issue) {

[7681] Fix | Delete

return array(

[7682] Fix | Delete

'err' => 1,

[7683] Fix | Delete

'errorMsg' => __("We could not find that issue in our database.", 'wordfence'),

[7684] Fix | Delete

);

[7685] Fix | Delete

}

[7686] Fix | Delete

$wfIssues->deleteIssue($issueID);

[7687] Fix | Delete

[7688] Fix | Delete

$htaccessPath = wfCache::getHtaccessPath();

[7689] Fix | Delete

if (!$htaccessPath) {

[7690] Fix | Delete

return array(

[7691] Fix | Delete

'err' => 1,

[7692] Fix | Delete

'errorMsg' => __("Wordfence could not find your .htaccess file.", 'wordfence'),

[7693] Fix | Delete

);

[7694] Fix | Delete

}

[7695] Fix | Delete

[7696] Fix | Delete

$fileContents = file_get_contents($htaccessPath);

[7697] Fix | Delete

if (file_put_contents($htaccessPath, "# Added by Wordfence " . date('r') . "\nOptions -Indexes\n\n" . $fileContents, LOCK_EX)) {

[7698] Fix | Delete

$uploadPaths = wp_upload_dir();

[7699] Fix | Delete

if (!wfScanEngine::isDirectoryListingEnabled($uploadPaths['baseurl'])) {

[7700] Fix | Delete

return array(

[7701] Fix | Delete

'ok' => 1,

[7702] Fix | Delete

);

[7703] Fix | Delete

} else {

[7704] Fix | Delete

// Revert any changes done to .htaccess

[7705] Fix | Delete

file_put_contents($htaccessPath, $fileContents, LOCK_EX);

[7706] Fix | Delete

return array(

[7707] Fix | Delete

'err' => 1,

[7708] Fix | Delete

'errorMsg' => __("Updating the .htaccess did not fix the issue. You may need to add <code>Options -Indexes</code> to your httpd.conf if using Apache, or find documentation on how to disable directory listing for your web server.", 'wordfence'),

[7709] Fix | Delete

);

[7710] Fix | Delete

}

[7711] Fix | Delete

}

[7712] Fix | Delete

return array(

[7713] Fix | Delete

'err' => 1,

[7714] Fix | Delete

'errorMsg' => __("There was an error writing to your .htaccess file.", 'wordfence'),

[7715] Fix | Delete

);

[7716] Fix | Delete

}

[7717] Fix | Delete

[7718] Fix | Delete

/**

[7719] Fix | Delete

* Modify the query to prevent username enumeration.

[7720] Fix | Delete

[7721] Fix | Delete

* @param array $query_vars

[7722] Fix | Delete

* @return array

[7723] Fix | Delete

[7724] Fix | Delete

public static function preventAuthorNScans($query_vars) {

[7725] Fix | Delete

if (wfConfig::get('loginSec_disableAuthorScan') && !is_admin() &&

[7726] Fix | Delete

!empty($query_vars['author']) && (is_array($query_vars['author']) || is_numeric(preg_replace('/[^0-9]/', '', $query_vars['author']))) &&

[7727] Fix | Delete

(

[7728] Fix | Delete

(isset($_GET['author']) && (is_array($_GET['author']) || is_numeric(preg_replace('/[^0-9]/', '', $_GET['author'])))) ||

[7729] Fix | Delete

(isset($_POST['author']) && (is_array($_POST['author']) || is_numeric(preg_replace('/[^0-9]/', '', $_POST['author']))))

[7730] Fix | Delete

)

[7731] Fix | Delete

) {

[7732] Fix | Delete

global $wp_query;

[7733] Fix | Delete

$wp_query->set_404();

[7734] Fix | Delete

status_header(404);

[7735] Fix | Delete

nocache_headers();

[7736] Fix | Delete

[7737] Fix | Delete

$template = get_404_template();

[7738] Fix | Delete

if ($template && file_exists($template)) {

[7739] Fix | Delete

include($template);

[7740] Fix | Delete

}

[7741] Fix | Delete

[7742] Fix | Delete

exit;

[7743] Fix | Delete

}

[7744] Fix | Delete

return $query_vars;

[7745] Fix | Delete

}

[7746] Fix | Delete

[7747] Fix | Delete

/**

[7748] Fix | Delete

* @param WP_Upgrader $updater

[7749] Fix | Delete

* @param array $hook_extra

[7750] Fix | Delete

[7751] Fix | Delete

public static function hideReadme($updater, $hook_extra = null) {

[7752] Fix | Delete

if (wfConfig::get('other_hideWPVersion')) {

[7753] Fix | Delete

wfUtils::hideReadme();

[7754] Fix | Delete

}

[7755] Fix | Delete

}

[7756] Fix | Delete

[7757] Fix | Delete

public static function ajax_saveDisclosureState_callback() {

[7758] Fix | Delete

if (isset($_POST['name']) && isset($_POST['state'])) {

[7759] Fix | Delete

$name = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_POST['name']);

[7760] Fix | Delete

$state = wfUtils::truthyToBoolean($_POST['state']);

[7761] Fix | Delete

if (!empty($name)) {

[7762] Fix | Delete

$disclosureStates = wfConfig::get_ser('disclosureStates', array());

[7763] Fix | Delete

$disclosureStates[$name] = $state;

[7764] Fix | Delete

wfConfig::set_ser('disclosureStates', $disclosureStates);

[7765] Fix | Delete

return array('ok' => 1);

[7766] Fix | Delete

}

[7767] Fix | Delete

}

[7768] Fix | Delete

else if (isset($_POST['names']) && isset($_POST['state'])) {

[7769] Fix | Delete

$rawNames = $_POST['names'];

[7770] Fix | Delete

if (is_array($rawNames)) {

[7771] Fix | Delete

$filteredNames = array();

[7772] Fix | Delete

foreach ($rawNames as $name) {

[7773] Fix | Delete

$name = preg_replace('/[^a-zA-Z0-9_\-]/', '', $name);

[7774] Fix | Delete

if (!empty($name)) {

[7775] Fix | Delete

$filteredNames[] = $name;

[7776] Fix | Delete

}

[7777] Fix | Delete

}

[7778] Fix | Delete

[7779] Fix | Delete

$state = wfUtils::truthyToBoolean($_POST['state']);

[7780] Fix | Delete

if (!empty($filteredNames)) {

[7781] Fix | Delete

$disclosureStates = wfConfig::get_ser('disclosureStates', array());

[7782] Fix | Delete

foreach ($filteredNames as $name) {

[7783] Fix | Delete

$disclosureStates[$name] = $state;

[7784] Fix | Delete

}

[7785] Fix | Delete

wfConfig::set_ser('disclosureStates', $disclosureStates);

[7786] Fix | Delete

return array('ok' => 1);

[7787] Fix | Delete

}

[7788] Fix | Delete

}

[7789] Fix | Delete

}

[7790] Fix | Delete

[7791] Fix | Delete

return array(

[7792] Fix | Delete

'err' => 1,

[7793] Fix | Delete

'errorMsg' => __("Required parameters not sent.", 'wordfence'),

[7794] Fix | Delete

);

[7795] Fix | Delete

}

[7796] Fix | Delete

[7797] Fix | Delete

public static function ajax_saveWAFConfig_callback() {

[7798] Fix | Delete

if (isset($_POST['wafConfigAction'])) {

[7799] Fix | Delete

$waf = wfWAF::getInstance();

[7800] Fix | Delete

if (method_exists($waf, 'isReadOnly') && $waf->isReadOnly()) {

[7801] Fix | Delete

return array(

[7802] Fix | Delete

'err' => 1,

[7803] Fix | Delete

'errorMsg' => __("The WAF is currently in read-only mode and will not save any configuration changes.", 'wordfence'),

[7804] Fix | Delete

);

[7805] Fix | Delete

}

[7806] Fix | Delete

[7807] Fix | Delete

switch ($_POST['wafConfigAction']) {

[7808] Fix | Delete

case 'config':

[7809] Fix | Delete

if (!empty($_POST['wafStatus']) && in_array($_POST['wafStatus'], array(wfFirewall::FIREWALL_MODE_DISABLED, wfFirewall::FIREWALL_MODE_LEARNING, wfFirewall::FIREWALL_MODE_ENABLED))) {

[7810] Fix | Delete

if ($_POST['wafStatus'] == 'learning-mode' && !empty($_POST['learningModeGracePeriodEnabled'])) {

[7811] Fix | Delete

$gracePeriodEnd = strtotime(isset($_POST['learningModeGracePeriod']) ? $_POST['learningModeGracePeriod'] : '');

[7812] Fix | Delete

if ($gracePeriodEnd > time()) {

[7813] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 1);

[7814] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriod', $gracePeriodEnd);

[7815] Fix | Delete

} else {

[7816] Fix | Delete

return array(

[7817] Fix | Delete

'err' => 1,

[7818] Fix | Delete

'errorMsg' => __("The grace period end time must be in the future.", 'wordfence'),

[7819] Fix | Delete

);

[7820] Fix | Delete

}

[7821] Fix | Delete

} else {

[7822] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0);

[7823] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod');

[7824] Fix | Delete

}

[7825] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']);

[7826] Fix | Delete

$firewall = new wfFirewall();

[7827] Fix | Delete

$firewall->syncStatus(true);

[7828] Fix | Delete

}

[7829] Fix | Delete

[7830] Fix | Delete

break;

[7831] Fix | Delete

[7832] Fix | Delete

case 'addWhitelist':

[7833] Fix | Delete

if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {

[7834] Fix | Delete

$path = stripslashes($_POST['whitelistedPath']);

[7835] Fix | Delete

$paramKey = stripslashes($_POST['whitelistedParam']);

[7836] Fix | Delete

if (!$path || !$paramKey) {

[7837] Fix | Delete

break;

[7838] Fix | Delete

}

[7839] Fix | Delete

$data = array(

[7840] Fix | Delete

'timestamp' => time(),

[7841] Fix | Delete

'description' => __('Allowlisted via Firewall Options page', 'wordfence'),

[7842] Fix | Delete

'ip' => wfUtils::getIP(),

[7843] Fix | Delete

'disabled' => empty($_POST['whitelistedEnabled']),

[7844] Fix | Delete

);

[7845] Fix | Delete

if (function_exists('get_current_user_id')) {

[7846] Fix | Delete

$data['userID'] = get_current_user_id();

[7847] Fix | Delete

}

[7848] Fix | Delete

wfWAF::getInstance()->whitelistRuleForParam($path, $paramKey, 'all', $data);

[7849] Fix | Delete

}

[7850] Fix | Delete

break;

[7851] Fix | Delete

[7852] Fix | Delete

case 'replaceWhitelist':

[7853] Fix | Delete

if (

[7854] Fix | Delete

!empty($_POST['oldWhitelistedPath']) && !empty($_POST['oldWhitelistedParam']) &&

[7855] Fix | Delete

!empty($_POST['newWhitelistedPath']) && !empty($_POST['newWhitelistedParam'])

[7856] Fix | Delete

) {

[7857] Fix | Delete

$oldWhitelistedPath = stripslashes($_POST['oldWhitelistedPath']);

[7858] Fix | Delete

$oldWhitelistedParam = stripslashes($_POST['oldWhitelistedParam']);

[7859] Fix | Delete

[7860] Fix | Delete

$newWhitelistedPath = stripslashes($_POST['newWhitelistedPath']);

[7861] Fix | Delete

$newWhitelistedParam = stripslashes($_POST['newWhitelistedParam']);

[7862] Fix | Delete

[7863] Fix | Delete

$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams', null, 'livewaf');

[7864] Fix | Delete

// These are already base64'd

[7865] Fix | Delete

$oldKey = $oldWhitelistedPath . '|' . $oldWhitelistedParam;

[7866] Fix | Delete

$newKey = base64_encode($newWhitelistedPath) . '|' . base64_encode($newWhitelistedParam);

[7867] Fix | Delete

try {

[7868] Fix | Delete

$savedWhitelistedURLParams = wfUtils::arrayReplaceKey($savedWhitelistedURLParams, $oldKey, $newKey);

[7869] Fix | Delete

} catch (Exception $e) {

[7870] Fix | Delete

error_log("Caught exception from 'wfUtils::arrayReplaceKey' with message: " . $e->getMessage());

[7871] Fix | Delete

}

[7872] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams, 'livewaf');

[7873] Fix | Delete

}

[7874] Fix | Delete

break;

[7875] Fix | Delete

[7876] Fix | Delete

case 'deleteWhitelist':

[7877] Fix | Delete

if (

[7878] Fix | Delete

isset($_POST['deletedWhitelistedPath']) && is_string($_POST['deletedWhitelistedPath']) &&

[7879] Fix | Delete

isset($_POST['deletedWhitelistedParam']) && is_string($_POST['deletedWhitelistedParam'])

[7880] Fix | Delete

) {

[7881] Fix | Delete

$deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']);

[7882] Fix | Delete

$deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']);

[7883] Fix | Delete

$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams', null, 'livewaf');

[7884] Fix | Delete

$key = $deletedWhitelistedPath . '|' . $deletedWhitelistedParam;

[7885] Fix | Delete

unset($savedWhitelistedURLParams[$key]);

[7886] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams, 'livewaf');

[7887] Fix | Delete

}

[7888] Fix | Delete

break;

[7889] Fix | Delete

[7890] Fix | Delete

case 'enableWhitelist':

[7891] Fix | Delete

if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {

[7892] Fix | Delete

$path = stripslashes($_POST['whitelistedPath']);

[7893] Fix | Delete

$paramKey = stripslashes($_POST['whitelistedParam']);

[7894] Fix | Delete

if (!$path || !$paramKey) {

[7895] Fix | Delete

break;

[7896] Fix | Delete

}

[7897] Fix | Delete

$enabled = !empty($_POST['whitelistedEnabled']);

[7898] Fix | Delete

[7899] Fix | Delete

$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams', null, 'livewaf');

[7900] Fix | Delete

$key = $path . '|' . $paramKey;

[7901] Fix | Delete

if (array_key_exists($key, $savedWhitelistedURLParams) && is_array($savedWhitelistedURLParams[$key])) {

[7902] Fix | Delete

foreach ($savedWhitelistedURLParams[$key] as $ruleID => $data) {

[7903] Fix | Delete

$savedWhitelistedURLParams[$key][$ruleID]['disabled'] = !$enabled;

[7904] Fix | Delete

}

[7905] Fix | Delete

}

[7906] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams, 'livewaf');

[7907] Fix | Delete

}

[7908] Fix | Delete

break;

[7909] Fix | Delete

[7910] Fix | Delete

case 'enableRule':

[7911] Fix | Delete

$ruleEnabled = !empty($_POST['ruleEnabled']);

[7912] Fix | Delete

$ruleID = !empty($_POST['ruleID']) ? (int) $_POST['ruleID'] : false;

[7913] Fix | Delete

if ($ruleID) {

[7914] Fix | Delete

$disabledRules = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules');

[7915] Fix | Delete

if ($ruleEnabled) {

[7916] Fix | Delete

unset($disabledRules[$ruleID]);

[7917] Fix | Delete

} else {

[7918] Fix | Delete

$disabledRules[$ruleID] = true;

[7919] Fix | Delete

}

[7920] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('disabledRules', $disabledRules);

[7921] Fix | Delete

}

[7922] Fix | Delete

break;

[7923] Fix | Delete

case 'disableWAFBlacklistBlocking':

[7924] Fix | Delete

if (isset($_POST['disableWAFBlacklistBlocking'])) {

[7925] Fix | Delete

$disableWAFBlacklistBlocking = (int) $_POST['disableWAFBlacklistBlocking'];

[7926] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('disableWAFBlacklistBlocking', $disableWAFBlacklistBlocking);

[7927] Fix | Delete

if (method_exists(wfWAF::getInstance()->getStorageEngine(), 'purgeIPBlocks')) {

[7928] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->purgeIPBlocks(wfWAFStorageInterface::IP_BLOCKS_BLACKLIST);

[7929] Fix | Delete

}

[7930] Fix | Delete

}

[7931] Fix | Delete

break;

[7932] Fix | Delete

}

[7933] Fix | Delete

}

[7934] Fix | Delete

[7935] Fix | Delete

return array(

[7936] Fix | Delete

'success' => true,

[7937] Fix | Delete

'data' => self::_getWAFData(),

[7938] Fix | Delete

);

[7939] Fix | Delete

}

[7940] Fix | Delete

[7941] Fix | Delete

public static function ajax_updateWAFRules_callback() {

[7942] Fix | Delete

try {

[7943] Fix | Delete

$event = new wfWAFCronFetchRulesEvent(time() - 2, true);

[7944] Fix | Delete

$event->setWaf(wfWAF::getInstance());

[7945] Fix | Delete

$success = $event->fire();

[7946] Fix | Delete

$failureReason = false;

[7947] Fix | Delete

if (!$success && method_exists($event, 'getResponse')) {

[7948] Fix | Delete

$response = $event->getResponse();

[7949] Fix | Delete

if ($response === false) {

[7950] Fix | Delete

$failureReason = wfFirewall::UPDATE_FAILURE_UNREACHABLE;

[7951] Fix | Delete

}

[7952] Fix | Delete

else {

[7953] Fix | Delete

$jsonData = @json_decode($response->getBody(), true);

[7954] Fix | Delete

if (isset($jsonData['errorMessage']) && strpos($jsonData['errorMessage'], 'rate limit') !== false) {

[7955] Fix | Delete

$failureReason = wfFirewall::UPDATE_FAILURE_RATELIMIT;

[7956] Fix | Delete

}

[7957] Fix | Delete

else if (isset($jsonData['data']['signature'])) {

[7958] Fix | Delete

$failureReason = wfFirewall::UPDATE_FAILURE_FILESYSTEM;

[7959] Fix | Delete

}

[7960] Fix | Delete

}

[7961] Fix | Delete

}

[7962] Fix | Delete

[7963] Fix | Delete

return self::_getWAFData($success, $failureReason);

[7964] Fix | Delete

}

[7965] Fix | Delete

catch (Exception $e) {

[7966] Fix | Delete

$wafData = array(

[7967] Fix | Delete

'learningMode' => false,

[7968] Fix | Delete

'rules' => array(),

[7969] Fix | Delete

'whitelistedURLParams' => array(),

[7970] Fix | Delete

'disabledRules' => array(),

[7971] Fix | Delete

'isPaid' => (bool) wfConfig::get('isPaid', 0),

[7972] Fix | Delete

);

[7973] Fix | Delete

[7974] Fix | Delete

return $wafData;

[7975] Fix | Delete

}

[7976] Fix | Delete

}

[7977] Fix | Delete

[7978] Fix | Delete

public static function ajax_loadLiveTraffic_callback() {

[7979] Fix | Delete

$return = array();

[7980] Fix | Delete

[7981] Fix | Delete

$filters = new wfLiveTrafficQueryFilterCollection();

[7982] Fix | Delete

$query = new wfLiveTrafficQuery(self::getLog());

[7983] Fix | Delete

$query->setFilters($filters);

[7984] Fix | Delete

if (array_key_exists('groupby', $_REQUEST)) {

[7985] Fix | Delete

$param = $_REQUEST['groupby'];

[7986] Fix | Delete

if ($param === 'type') {

[7987] Fix | Delete

$param = 'jsRun';

[7988] Fix | Delete

}

[7989] Fix | Delete

$query->setGroupBy(new wfLiveTrafficQueryGroupBy($query, $param));

[7990] Fix | Delete

}

[7991] Fix | Delete

$query->setLimit(isset($_REQUEST['limit']) ? absint($_REQUEST['limit']) : 20);

[7992] Fix | Delete

$query->setOffset(isset($_REQUEST['offset']) ? absint($_REQUEST['offset']) : 0);

[7993] Fix | Delete

[7994] Fix | Delete

if (!empty($_REQUEST['since'])) {

[7995] Fix | Delete

$query->setStartDate($_REQUEST['since']);

[7996] Fix | Delete

} else if (!empty($_REQUEST['startDate'])) {

[7997] Fix | Delete

$query->setStartDate(is_numeric($_REQUEST['startDate']) ? $_REQUEST['startDate'] : strtotime($_REQUEST['startDate']));

[7998] Fix | Delete

}

[7999] Fix | Delete

1 ...14 151617 18 ...21