Edit File by line

[10000] Fix | Delete

/**

[10001] Fix | Delete

* @param string|null $serverConfig

[10002] Fix | Delete

* @param string|null $currentAutoPrependedFile

[10003] Fix | Delete

[10004] Fix | Delete

public function __construct($serverConfig = null, $currentAutoPrependedFile = null) {

[10005] Fix | Delete

$this->serverConfig = $serverConfig;

[10006] Fix | Delete

$this->currentAutoPrependedFile = $currentAutoPrependedFile;

[10007] Fix | Delete

}

[10008] Fix | Delete

[10009] Fix | Delete

public function getFilesNeededForBackup() {

[10010] Fix | Delete

$backups = array();

[10011] Fix | Delete

$htaccess = wfWAFAutoPrependHelper::getHtaccessPath();

[10012] Fix | Delete

switch ($this->getServerConfig()) {

[10013] Fix | Delete

case 'apache-mod_php':

[10014] Fix | Delete

case 'apache-suphp':

[10015] Fix | Delete

case 'litespeed':

[10016] Fix | Delete

case 'cgi':

[10017] Fix | Delete

if (file_exists($htaccess)) {

[10018] Fix | Delete

$backups[] = $htaccess;

[10019] Fix | Delete

}

[10020] Fix | Delete

break;

[10021] Fix | Delete

}

[10022] Fix | Delete

if ($userIni = ini_get('user_ini.filename')) {

[10023] Fix | Delete

$userIniPath = wfWAFAutoPrependHelper::getUserIniPath();

[10024] Fix | Delete

switch ($this->getServerConfig()) {

[10025] Fix | Delete

case 'cgi':

[10026] Fix | Delete

case 'apache-suphp':

[10027] Fix | Delete

case 'nginx':

[10028] Fix | Delete

case 'litespeed':

[10029] Fix | Delete

case 'iis':

[10030] Fix | Delete

if (file_exists($userIniPath)) {

[10031] Fix | Delete

$backups[] = $userIniPath;

[10032] Fix | Delete

}

[10033] Fix | Delete

break;

[10034] Fix | Delete

}

[10035] Fix | Delete

}

[10036] Fix | Delete

return $backups;

[10037] Fix | Delete

}

[10038] Fix | Delete

[10039] Fix | Delete

public function downloadBackups($index = 0) {

[10040] Fix | Delete

$backups = $this->getFilesNeededForBackup();

[10041] Fix | Delete

if ($backups && array_key_exists($index, $backups)) {

[10042] Fix | Delete

$url = site_url();

[10043] Fix | Delete

$url = preg_replace('/^https?:\/\//i', '', $url);

[10044] Fix | Delete

$url = preg_replace('/[^a-zA-Z0-9\.]+/', '_', $url);

[10045] Fix | Delete

$url = preg_replace('/^_+/', '', $url);

[10046] Fix | Delete

$url = preg_replace('/_+$/', '', $url);

[10047] Fix | Delete

header('Content-Type: application/octet-stream');

[10048] Fix | Delete

$backupFileName = ltrim(basename($backups[$index]), '.');

[10049] Fix | Delete

header('Content-Disposition: attachment; filename="' . $backupFileName . '_Backup_for_' . $url . '.txt"');

[10050] Fix | Delete

readfile($backups[$index]);

[10051] Fix | Delete

die();

[10052] Fix | Delete

}

[10053] Fix | Delete

}

[10054] Fix | Delete

[10055] Fix | Delete

/**

[10056] Fix | Delete

* @return mixed

[10057] Fix | Delete

[10058] Fix | Delete

public function getServerConfig() {

[10059] Fix | Delete

return $this->serverConfig;

[10060] Fix | Delete

}

[10061] Fix | Delete

[10062] Fix | Delete

/**

[10063] Fix | Delete

* @param mixed $serverConfig

[10064] Fix | Delete

[10065] Fix | Delete

public function setServerConfig($serverConfig) {

[10066] Fix | Delete

$this->serverConfig = $serverConfig;

[10067] Fix | Delete

}

[10068] Fix | Delete

[10069] Fix | Delete

/**

[10070] Fix | Delete

* @param WP_Filesystem_Base $wp_filesystem

[10071] Fix | Delete

* @throws wfWAFAutoPrependHelperException

[10072] Fix | Delete

[10073] Fix | Delete

public function performInstallation($wp_filesystem) {

[10074] Fix | Delete

$bootstrapPath = wordfence::getWAFBootstrapPath();

[10075] Fix | Delete

if (!$wp_filesystem->put_contents($bootstrapPath, wordfence::getWAFBootstrapContent($this->currentAutoPrependedFile))) {

[10076] Fix | Delete

throw new wfWAFAutoPrependHelperException(__('We were unable to create the <code>wordfence-waf.php</code> file in the root of the WordPress installation. It\'s possible WordPress cannot write to the <code>wordfence-waf.php</code> file because of file permissions. Please verify the permissions are correct and retry the installation.', 'wordfence'));

[10077] Fix | Delete

}

[10078] Fix | Delete

[10079] Fix | Delete

$serverConfig = $this->getServerConfig();

[10080] Fix | Delete

[10081] Fix | Delete

$htaccessPath = wfWAFAutoPrependHelper::getHtaccessPath();

[10082] Fix | Delete

$homePath = dirname($htaccessPath);

[10083] Fix | Delete

[10084] Fix | Delete

$userIniPath = wfWAFAutoPrependHelper::getUserIniPath();

[10085] Fix | Delete

$userIni = ini_get('user_ini.filename');

[10086] Fix | Delete

[10087] Fix | Delete

$userIniHtaccessDirectives = '';

[10088] Fix | Delete

if ($userIni) {

[10089] Fix | Delete

$userIniHtaccessDirectives = sprintf('<Files "%s">

[10090] Fix | Delete

[10091] Fix | Delete

Require all denied

[10092] Fix | Delete

</IfModule>

[10093] Fix | Delete

[10094] Fix | Delete

Order deny,allow

[10095] Fix | Delete

Deny from all

[10096] Fix | Delete

</IfModule>

[10097] Fix | Delete

</Files>

[10098] Fix | Delete

', addcslashes($userIni, '"'));

[10099] Fix | Delete

}

[10100] Fix | Delete

[10101] Fix | Delete

[10102] Fix | Delete

// .htaccess configuration

[10103] Fix | Delete

switch ($serverConfig) {

[10104] Fix | Delete

case 'apache-mod_php':

[10105] Fix | Delete

$autoPrependDirective = sprintf("# Wordfence WAF

[10106] Fix | Delete

[10107] Fix | Delete

php_value auto_prepend_file '%1\$s'

[10108] Fix | Delete

</IfModule>

[10109] Fix | Delete

[10110] Fix | Delete

php_value auto_prepend_file '%1\$s'

[10111] Fix | Delete

</IfModule>

[10112] Fix | Delete

[10113] Fix | Delete

php_value auto_prepend_file '%1\$s'

[10114] Fix | Delete

</IfModule>

[10115] Fix | Delete

$userIniHtaccessDirectives

[10116] Fix | Delete

# END Wordfence WAF

[10117] Fix | Delete

", addcslashes($bootstrapPath, "'"));

[10118] Fix | Delete

break;

[10119] Fix | Delete

[10120] Fix | Delete

case 'litespeed':

[10121] Fix | Delete

$escapedBootstrapPath = addcslashes($bootstrapPath, "'");

[10122] Fix | Delete

$autoPrependDirective = sprintf("# Wordfence WAF

[10123] Fix | Delete

[10124] Fix | Delete

php_value auto_prepend_file '%s'

[10125] Fix | Delete

</IfModule>

[10126] Fix | Delete

[10127] Fix | Delete

php_value auto_prepend_file '%s'

[10128] Fix | Delete

</IfModule>

[10129] Fix | Delete

$userIniHtaccessDirectives

[10130] Fix | Delete

# END Wordfence WAF

[10131] Fix | Delete

", $escapedBootstrapPath, $escapedBootstrapPath);

[10132] Fix | Delete

break;

[10133] Fix | Delete

[10134] Fix | Delete

case 'apache-suphp':

[10135] Fix | Delete

$autoPrependDirective = sprintf("# Wordfence WAF

[10136] Fix | Delete

$userIniHtaccessDirectives

[10137] Fix | Delete

# END Wordfence WAF

[10138] Fix | Delete

", addcslashes($homePath, "'"));

[10139] Fix | Delete

break;

[10140] Fix | Delete

[10141] Fix | Delete

case 'cgi':

[10142] Fix | Delete

if ($userIniHtaccessDirectives) {

[10143] Fix | Delete

$autoPrependDirective = sprintf("# Wordfence WAF

[10144] Fix | Delete

$userIniHtaccessDirectives

[10145] Fix | Delete

# END Wordfence WAF

[10146] Fix | Delete

", addcslashes($homePath, "'"));

[10147] Fix | Delete

}

[10148] Fix | Delete

break;

[10149] Fix | Delete

[10150] Fix | Delete

}

[10151] Fix | Delete

[10152] Fix | Delete

if (!empty($autoPrependDirective)) {

[10153] Fix | Delete

// Modify .htaccess

[10154] Fix | Delete

$htaccessContent = $wp_filesystem->get_contents($htaccessPath);

[10155] Fix | Delete

[10156] Fix | Delete

if ($htaccessContent) {

[10157] Fix | Delete

$regex = '/# Wordfence WAF.*?# END Wordfence WAF/is';

[10158] Fix | Delete

if (preg_match($regex, $htaccessContent, $matches)) {

[10159] Fix | Delete

$htaccessContent = preg_replace($regex, $autoPrependDirective, $htaccessContent);

[10160] Fix | Delete

} else {

[10161] Fix | Delete

$htaccessContent .= "\n\n" . $autoPrependDirective;

[10162] Fix | Delete

}

[10163] Fix | Delete

} else {

[10164] Fix | Delete

$htaccessContent = $autoPrependDirective;

[10165] Fix | Delete

}

[10166] Fix | Delete

[10167] Fix | Delete

if (!$wp_filesystem->put_contents($htaccessPath, $htaccessContent)) {

[10168] Fix | Delete

throw new wfWAFAutoPrependHelperException(__('We were unable to make changes to the .htaccess file. It\'s possible WordPress cannot write to the .htaccess file because of file permissions, which may have been set by another security plugin, or you may have set them manually. Please verify the permissions allow the web server to write to the file, and retry the installation.', 'wordfence'));

[10169] Fix | Delete

}

[10170] Fix | Delete

if ($serverConfig == 'litespeed') {

[10171] Fix | Delete

// sleep(2);

[10172] Fix | Delete

$wp_filesystem->touch($htaccessPath);

[10173] Fix | Delete

}

[10174] Fix | Delete

[10175] Fix | Delete

}

[10176] Fix | Delete

if ($userIni) {

[10177] Fix | Delete

// .user.ini configuration

[10178] Fix | Delete

switch ($serverConfig) {

[10179] Fix | Delete

case 'cgi':

[10180] Fix | Delete

case 'nginx':

[10181] Fix | Delete

case 'apache-suphp':

[10182] Fix | Delete

case 'litespeed':

[10183] Fix | Delete

case 'iis':

[10184] Fix | Delete

$autoPrependIni = sprintf("; Wordfence WAF

[10185] Fix | Delete

auto_prepend_file = '%s'

[10186] Fix | Delete

; END Wordfence WAF

[10187] Fix | Delete

", addcslashes($bootstrapPath, "'"));

[10188] Fix | Delete

[10189] Fix | Delete

break;

[10190] Fix | Delete

}

[10191] Fix | Delete

[10192] Fix | Delete

if (!empty($autoPrependIni)) {

[10193] Fix | Delete

[10194] Fix | Delete

// Modify .user.ini

[10195] Fix | Delete

$userIniContent = $wp_filesystem->get_contents($userIniPath);

[10196] Fix | Delete

if (is_string($userIniContent)) {

[10197] Fix | Delete

$userIniContent = str_replace('auto_prepend_file', ';auto_prepend_file', $userIniContent);

[10198] Fix | Delete

$regex = '/; Wordfence WAF.*?; END Wordfence WAF/is';

[10199] Fix | Delete

if (preg_match($regex, $userIniContent, $matches)) {

[10200] Fix | Delete

$userIniContent = preg_replace($regex, $autoPrependIni, $userIniContent);

[10201] Fix | Delete

} else {

[10202] Fix | Delete

$userIniContent .= "\n\n" . $autoPrependIni;

[10203] Fix | Delete

}

[10204] Fix | Delete

} else {

[10205] Fix | Delete

$userIniContent = $autoPrependIni;

[10206] Fix | Delete

}

[10207] Fix | Delete

[10208] Fix | Delete

if (!$wp_filesystem->put_contents($userIniPath, $userIniContent)) {

[10209] Fix | Delete

throw new wfWAFAutoPrependHelperException(sprintf(/* translators: File path. */ __('We were unable to make changes to the %1$s file. It\'s possible WordPress cannot write to the %1$s file because of file permissions. Please verify the permissions are correct and retry the installation.', 'wordfence'), basename($userIniPath)));

[10210] Fix | Delete

}

[10211] Fix | Delete

}

[10212] Fix | Delete

}

[10213] Fix | Delete

}

[10214] Fix | Delete

[10215] Fix | Delete

/**

[10216] Fix | Delete

* @param WP_Filesystem_Base $wp_filesystem

[10217] Fix | Delete

* @throws wfWAFAutoPrependHelperException

[10218] Fix | Delete

[10219] Fix | Delete

* @return bool Whether or not the .user.ini still has a commented-out auto_prepend_file setting

[10220] Fix | Delete

[10221] Fix | Delete

public function performIniRemoval($wp_filesystem) {

[10222] Fix | Delete

$serverConfig = $this->getServerConfig();

[10223] Fix | Delete

[10224] Fix | Delete

$htaccessPath = wfWAFAutoPrependHelper::getHtaccessPath();

[10225] Fix | Delete

[10226] Fix | Delete

$userIniPath = wfWAFAutoPrependHelper::getUserIniPath();

[10227] Fix | Delete

$userIni = ini_get('user_ini.filename');

[10228] Fix | Delete

[10229] Fix | Delete

// Modify .htaccess

[10230] Fix | Delete

$htaccessContent = $wp_filesystem->get_contents($htaccessPath);

[10231] Fix | Delete

[10232] Fix | Delete

if (is_string($htaccessContent)) {

[10233] Fix | Delete

$htaccessContent = preg_replace('/# Wordfence WAF.*?# END Wordfence WAF/is', '', $htaccessContent);

[10234] Fix | Delete

} else {

[10235] Fix | Delete

$htaccessContent = '';

[10236] Fix | Delete

}

[10237] Fix | Delete

[10238] Fix | Delete

if (!$wp_filesystem->put_contents($htaccessPath, $htaccessContent)) {

[10239] Fix | Delete

[10240] Fix | Delete

}

[10241] Fix | Delete

if ($serverConfig == 'litespeed') {

[10242] Fix | Delete

// sleep(2);

[10243] Fix | Delete

$wp_filesystem->touch($htaccessPath);

[10244] Fix | Delete

}

[10245] Fix | Delete

[10246] Fix | Delete

if ($userIni) {

[10247] Fix | Delete

// Modify .user.ini

[10248] Fix | Delete

$userIniContent = $wp_filesystem->get_contents($userIniPath);

[10249] Fix | Delete

if (is_string($userIniContent)) {

[10250] Fix | Delete

$userIniContent = preg_replace('/; Wordfence WAF.*?; END Wordfence WAF/is', '', $userIniContent);

[10251] Fix | Delete

$userIniContent = str_replace('auto_prepend_file', ';auto_prepend_file', $userIniContent);

[10252] Fix | Delete

} else {

[10253] Fix | Delete

$userIniContent = '';

[10254] Fix | Delete

}

[10255] Fix | Delete

[10256] Fix | Delete

if (!$wp_filesystem->put_contents($userIniPath, $userIniContent)) {

[10257] Fix | Delete

[10258] Fix | Delete

}

[10259] Fix | Delete

[10260] Fix | Delete

return strpos($userIniContent, 'auto_prepend_file') !== false;

[10261] Fix | Delete

}

[10262] Fix | Delete

[10263] Fix | Delete

return false;

[10264] Fix | Delete

}

[10265] Fix | Delete

[10266] Fix | Delete

/**

[10267] Fix | Delete

* @param WP_Filesystem_Base $wp_filesystem

[10268] Fix | Delete

* @throws wfWAFAutoPrependHelperException

[10269] Fix | Delete

[10270] Fix | Delete

public function performAutoPrependFileRemoval($wp_filesystem) {

[10271] Fix | Delete

$bootstrapPath = wordfence::getWAFBootstrapPath();

[10272] Fix | Delete

if (!$wp_filesystem->delete($bootstrapPath)) {

[10273] Fix | Delete

throw new wfWAFAutoPrependHelperException(__('We were unable to remove the <code>wordfence-waf.php</code> file in the root of the WordPress installation. It\'s possible WordPress cannot remove the <code>wordfence-waf.php</code> file because of file permissions. Please verify the permissions are correct and retry the removal.', 'wordfence'));

[10274] Fix | Delete

}

[10275] Fix | Delete

}

[10276] Fix | Delete

[10277] Fix | Delete

public static function getHtaccessPath() {

[10278] Fix | Delete

return wfUtils::getHomePath() . '.htaccess';

[10279] Fix | Delete

}

[10280] Fix | Delete

[10281] Fix | Delete

public static function getUserIniPath() {

[10282] Fix | Delete

$userIni = ini_get('user_ini.filename');

[10283] Fix | Delete

if ($userIni) {

[10284] Fix | Delete

return wfUtils::getHomePath() . $userIni;

[10285] Fix | Delete

}

[10286] Fix | Delete

return false;

[10287] Fix | Delete

}

[10288] Fix | Delete

[10289] Fix | Delete

/**

[10290] Fix | Delete

* Extracts the WAF section from the .htaccess content and returns it (inclusive of the section markers). If not

[10291] Fix | Delete

* present, returns false.

[10292] Fix | Delete

[10293] Fix | Delete

* @param string $htaccessContent

[10294] Fix | Delete

* @return false|string

[10295] Fix | Delete

[10296] Fix | Delete

public static function getHtaccessSectionContent($htaccessContent) {

[10297] Fix | Delete

$regex = '/# Wordfence WAF.*?# END Wordfence WAF/is';

[10298] Fix | Delete

if (preg_match($regex, $htaccessContent, $matches)) {

[10299] Fix | Delete

return $matches[0];

[10300] Fix | Delete

}

[10301] Fix | Delete

return false;

[10302] Fix | Delete

}

[10303] Fix | Delete

[10304] Fix | Delete

/**

[10305] Fix | Delete

* Extracts the WAF section from the .user.ini content and returns it (inclusive of the section markers). If not

[10306] Fix | Delete

* present, returns false.

[10307] Fix | Delete

[10308] Fix | Delete

* @param string $userIniContent

[10309] Fix | Delete

* @return false|string

[10310] Fix | Delete

[10311] Fix | Delete

public static function getUserIniSectionContent($userIniContent) {

[10312] Fix | Delete

$regex = '/; Wordfence WAF.*?; END Wordfence WAF/is';

[10313] Fix | Delete

if (preg_match($regex, $userIniContent, $matches)) {

[10314] Fix | Delete

return $matches[0];

[10315] Fix | Delete

}

[10316] Fix | Delete

return false;

[10317] Fix | Delete

}

[10318] Fix | Delete

[10319] Fix | Delete

public function usesUserIni() {

[10320] Fix | Delete

$userIni = ini_get('user_ini.filename');

[10321] Fix | Delete

if (!$userIni) {

[10322] Fix | Delete

return false;

[10323] Fix | Delete

}

[10324] Fix | Delete

switch ($this->getServerConfig()) {

[10325] Fix | Delete

case 'cgi':

[10326] Fix | Delete

case 'apache-suphp':

[10327] Fix | Delete

case 'nginx':

[10328] Fix | Delete

case 'litespeed':

[10329] Fix | Delete

case 'iis':

[10330] Fix | Delete

return true;

[10331] Fix | Delete

}

[10332] Fix | Delete

return false;

[10333] Fix | Delete

}

[10334] Fix | Delete

[10335] Fix | Delete

public function uninstall() {

[10336] Fix | Delete

/** @var WP_Filesystem_Base $wp_filesystem */

[10337] Fix | Delete

global $wp_filesystem;

[10338] Fix | Delete

[10339] Fix | Delete

$htaccessPath = wfWAFAutoPrependHelper::getHtaccessPath();

[10340] Fix | Delete

$userIniPath = wfWAFAutoPrependHelper::getUserIniPath();

[10341] Fix | Delete

[10342] Fix | Delete

$adminURL = admin_url('/');

[10343] Fix | Delete

$allow_relaxed_file_ownership = true;

[10344] Fix | Delete

$homePath = dirname($htaccessPath);

[10345] Fix | Delete

[10346] Fix | Delete

ob_start();

[10347] Fix | Delete

if (false === ($credentials = request_filesystem_credentials($adminURL, '', false, $homePath,

[10348] Fix | Delete

array('version', 'locale'), $allow_relaxed_file_ownership))

[10349] Fix | Delete

) {

[10350] Fix | Delete

ob_end_clean();

[10351] Fix | Delete

return false;

[10352] Fix | Delete

}

[10353] Fix | Delete

[10354] Fix | Delete

if (!WP_Filesystem($credentials, $homePath, $allow_relaxed_file_ownership)) {

[10355] Fix | Delete

// Failed to connect, Error and request again

[10356] Fix | Delete

request_filesystem_credentials($adminURL, '', true, ABSPATH, array('version', 'locale'),

[10357] Fix | Delete

$allow_relaxed_file_ownership);

[10358] Fix | Delete

ob_end_clean();

[10359] Fix | Delete

return false;

[10360] Fix | Delete

}

[10361] Fix | Delete

[10362] Fix | Delete

if ($wp_filesystem->errors->get_error_code()) {

[10363] Fix | Delete

ob_end_clean();

[10364] Fix | Delete

return false;

[10365] Fix | Delete

}

[10366] Fix | Delete

ob_end_clean();

[10367] Fix | Delete

[10368] Fix | Delete

if ($wp_filesystem->is_file($htaccessPath)) {

[10369] Fix | Delete

$htaccessContent = $wp_filesystem->get_contents($htaccessPath);

[10370] Fix | Delete

$regex = '/# Wordfence WAF.*?# END Wordfence WAF/is';

[10371] Fix | Delete

if (preg_match($regex, $htaccessContent, $matches)) {

[10372] Fix | Delete

$htaccessContent = preg_replace($regex, '', $htaccessContent);

[10373] Fix | Delete

if (!$wp_filesystem->put_contents($htaccessPath, $htaccessContent)) {

[10374] Fix | Delete

return false;

[10375] Fix | Delete

}

[10376] Fix | Delete

}

[10377] Fix | Delete

}

[10378] Fix | Delete

[10379] Fix | Delete

if ($wp_filesystem->is_file($userIniPath)) {

[10380] Fix | Delete

$userIniContent = $wp_filesystem->get_contents($userIniPath);

[10381] Fix | Delete

$regex = '/; Wordfence WAF.*?; END Wordfence WAF/is';

[10382] Fix | Delete

if (preg_match($regex, $userIniContent, $matches)) {

[10383] Fix | Delete

$userIniContent = preg_replace($regex, '', $userIniContent);

[10384] Fix | Delete

if (!$wp_filesystem->put_contents($userIniPath, $userIniContent)) {

[10385] Fix | Delete

return false;

[10386] Fix | Delete

}

[10387] Fix | Delete

}

[10388] Fix | Delete

}

[10389] Fix | Delete

[10390] Fix | Delete

$bootstrapPath = wordfence::getWAFBootstrapPath();

[10391] Fix | Delete

if ($wp_filesystem->is_file($bootstrapPath)) {

[10392] Fix | Delete

$wp_filesystem->delete($bootstrapPath);

[10393] Fix | Delete

}

[10394] Fix | Delete

return true;

[10395] Fix | Delete

}

[10396] Fix | Delete

}

[10397] Fix | Delete

[10398] Fix | Delete

class wfWAFAutoPrependHelperException extends Exception {

[10399] Fix | Delete

}

[10400] Fix | Delete

1 ...16 17 18 19 2021