Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/clone/wp-conte.../plugins/wordfenc.../views/waf
File: debug.php
<?php
[0] Fix | Delete
[1] Fix | Delete
if (!defined('WORDFENCE_VERSION')) { exit; }
[2] Fix | Delete
[3] Fix | Delete
/** @var wfRequestModel $hit */
[4] Fix | Delete
/** @var stdClass $hitData */
[5] Fix | Delete
[6] Fix | Delete
$title = sprintf('Debugging #%d as False Positive', $hit->id);
[7] Fix | Delete
[8] Fix | Delete
$fields = array(
[9] Fix | Delete
'URL' => $hit->URL,
[10] Fix | Delete
'Timestamp' => date('r', $hit->ctime),
[11] Fix | Delete
'IP' => wfUtils::inet_ntop($hit->IP),
[12] Fix | Delete
'Status Code' => $hit->statusCode,
[13] Fix | Delete
'User Agent' => $hit->UA,
[14] Fix | Delete
'Referer' => $hit->referer,
[15] Fix | Delete
);
[16] Fix | Delete
[17] Fix | Delete
if (isset($hitData->fullRequest)) {
[18] Fix | Delete
$requestString = base64_decode($hitData->fullRequest);
[19] Fix | Delete
$request = wfWAFRequest::parseString($requestString);
[20] Fix | Delete
} else {
[21] Fix | Delete
$request = new wfWAFRequest();
[22] Fix | Delete
$request->setAuth(array());
[23] Fix | Delete
$request->setBody(array());
[24] Fix | Delete
$request->setCookies(array());
[25] Fix | Delete
$request->setFileNames(array());
[26] Fix | Delete
$request->setFiles(array());
[27] Fix | Delete
$request->setHeaders(array());
[28] Fix | Delete
$request->setHost('');
[29] Fix | Delete
$request->setIp('');
[30] Fix | Delete
$request->setMethod('GET');
[31] Fix | Delete
$request->setPath('');
[32] Fix | Delete
$request->setProtocol('http');
[33] Fix | Delete
$request->setQueryString(array());
[34] Fix | Delete
$request->setTimestamp('');
[35] Fix | Delete
$request->setUri('');
[36] Fix | Delete
[37] Fix | Delete
$headers = array();
[38] Fix | Delete
$urlPieces = parse_url($hit->URL);
[39] Fix | Delete
if ($urlPieces) {
[40] Fix | Delete
if (array_key_exists('scheme', $urlPieces)) {
[41] Fix | Delete
$request->setProtocol($urlPieces['scheme']);
[42] Fix | Delete
}
[43] Fix | Delete
if (array_key_exists('host', $urlPieces)) {
[44] Fix | Delete
$request->setHost($urlPieces['host']);
[45] Fix | Delete
$headers['Host'] = $urlPieces['host'];
[46] Fix | Delete
}
[47] Fix | Delete
$uri = '/';
[48] Fix | Delete
if (array_key_exists('path', $urlPieces)) {
[49] Fix | Delete
$request->setPath($urlPieces['path']);
[50] Fix | Delete
$uri = $urlPieces['path'];
[51] Fix | Delete
}
[52] Fix | Delete
if (array_key_exists('query', $urlPieces)) {
[53] Fix | Delete
$uri .= '?' . $urlPieces['query'];
[54] Fix | Delete
parse_str($urlPieces['query'], $query);
[55] Fix | Delete
$request->setQueryString($query);
[56] Fix | Delete
}
[57] Fix | Delete
$request->setUri($uri);
[58] Fix | Delete
}
[59] Fix | Delete
$headers['User-Agent'] = $hit->UA;
[60] Fix | Delete
$headers['Referer'] = $hit->referer;
[61] Fix | Delete
$request->setHeaders($headers);
[62] Fix | Delete
[63] Fix | Delete
preg_match('/request\.([a-z]+)(?:\[(.*?)\](.*?))?/i', $hitData->paramKey, $matches);
[64] Fix | Delete
if ($matches) {
[65] Fix | Delete
switch ($matches[1]) {
[66] Fix | Delete
case 'body':
[67] Fix | Delete
$request->setMethod('POST');
[68] Fix | Delete
parse_str("$matches[2]$matches[3]", $body);
[69] Fix | Delete
$request->setBody($body);
[70] Fix | Delete
break;
[71] Fix | Delete
}
[72] Fix | Delete
}
[73] Fix | Delete
}
[74] Fix | Delete
[75] Fix | Delete
$request->setIP(wfUtils::inet_ntop($hit->IP));
[76] Fix | Delete
$request->setTimestamp($hit->ctime);
[77] Fix | Delete
[78] Fix | Delete
[79] Fix | Delete
$waf = wfWAF::getInstance();
[80] Fix | Delete
$waf->setRequest($request);
[81] Fix | Delete
[82] Fix | Delete
$result = '<strong class="ok">Passed</strong>';
[83] Fix | Delete
$failedRules = array();
[84] Fix | Delete
try {
[85] Fix | Delete
$waf->runRules();
[86] Fix | Delete
} catch (wfWAFAllowException $e) {
[87] Fix | Delete
$result = '<strong class="ok">Allowlisted</strong>';
[88] Fix | Delete
} catch (wfWAFBlockException $e) {
[89] Fix | Delete
$result = '<strong class="error">Blocked</strong>';
[90] Fix | Delete
$failedRules = $waf->getFailedRules();
[91] Fix | Delete
} catch (wfWAFBlockSQLiException $e) {
[92] Fix | Delete
$result = '<strong class="error">Blocked For SQLi</strong>';
[93] Fix | Delete
$failedRules = $waf->getFailedRules();
[94] Fix | Delete
} catch (wfWAFBlockXSSException $e) {
[95] Fix | Delete
$result = '<strong class="error">Blocked For XSS</strong>';
[96] Fix | Delete
$failedRules = $waf->getFailedRules();
[97] Fix | Delete
}
[98] Fix | Delete
[99] Fix | Delete
?>
[100] Fix | Delete
<!doctype html>
[101] Fix | Delete
<html lang="en">
[102] Fix | Delete
<head>
[103] Fix | Delete
<meta charset="UTF-8">
[104] Fix | Delete
<title><?php echo esc_html($title) ?></title>
[105] Fix | Delete
<link rel="stylesheet" href="<?php echo wfUtils::getBaseURL() . wfUtils::versionedAsset('css/main.css'); ?>">
[106] Fix | Delete
<link rel="stylesheet" href="<?php echo wfLicense::current()->getStylesheet(); ?>">
[107] Fix | Delete
<style>
[108] Fix | Delete
html {
[109] Fix | Delete
font-family: "Open Sans", Helvetica, Arial, sans-serif;
[110] Fix | Delete
}
[111] Fix | Delete
h1, h2, h3, h4, h5 {
[112] Fix | Delete
margin: 20px 0px 8px;
[113] Fix | Delete
}
[114] Fix | Delete
pre, p {
[115] Fix | Delete
margin: 8px 0px 20px;
[116] Fix | Delete
}
[117] Fix | Delete
pre.request-debug {
[118] Fix | Delete
padding: 12px;
[119] Fix | Delete
background: #fafafa;
[120] Fix | Delete
border: 1px solid #999999;
[121] Fix | Delete
overflow: auto;
[122] Fix | Delete
}
[123] Fix | Delete
pre.request-debug em {
[124] Fix | Delete
font-style: normal;
[125] Fix | Delete
padding: 1px;
[126] Fix | Delete
border: 1px solid #ffb463;
[127] Fix | Delete
background-color: #ffffe0;
[128] Fix | Delete
border-radius: 2px;
[129] Fix | Delete
}
[130] Fix | Delete
pre.request-debug strong {
[131] Fix | Delete
border: 1px solid #ff4a35;
[132] Fix | Delete
background-color: #ffefe7;
[133] Fix | Delete
margin: 1px;
[134] Fix | Delete
}
[135] Fix | Delete
.ok {
[136] Fix | Delete
color: #00c000;
[137] Fix | Delete
}
[138] Fix | Delete
.error {
[139] Fix | Delete
color: #ff4a35;
[140] Fix | Delete
}
[141] Fix | Delete
#wrapper {
[142] Fix | Delete
max-width: 1060px;
[143] Fix | Delete
margin: 0px auto;
[144] Fix | Delete
}
[145] Fix | Delete
</style>
[146] Fix | Delete
</head>
[147] Fix | Delete
<body>
[148] Fix | Delete
<div id="wrapper">
[149] Fix | Delete
<h1><?php echo esc_html($title) ?></h1>
[150] Fix | Delete
[151] Fix | Delete
<table class="wf-striped-table">
[152] Fix | Delete
<thead>
[153] Fix | Delete
<tr>
[154] Fix | Delete
<th colspan="2">Request Details</th>
[155] Fix | Delete
</tr>
[156] Fix | Delete
</thead>
[157] Fix | Delete
<?php foreach ($fields as $label => $value): ?>
[158] Fix | Delete
<tr>
[159] Fix | Delete
<td><?php echo esc_html($label) ?>:</td>
[160] Fix | Delete
<td><?php echo esc_html($value) ?></td>
[161] Fix | Delete
</tr>
[162] Fix | Delete
<?php endforeach ?>
[163] Fix | Delete
</table>
[164] Fix | Delete
[165] Fix | Delete
<h4>HTTP Request: <?php echo $result ?></h4>
[166] Fix | Delete
<?php if (!isset($hitData->fullRequest)): ?>
[167] Fix | Delete
<em style="font-size: 14px;">This is a reconstruction of the request using what was flagged by the WAF.
[168] Fix | Delete
Full requests are only stored when <code>WFWAF_DEBUG</code> is enabled.</em>
[169] Fix | Delete
<?php endif ?>
[170] Fix | Delete
<pre class="request-debug"><?php
[171] Fix | Delete
$paramKey = wp_hash(uniqid('param', true));
[172] Fix | Delete
$matchKey = wp_hash(uniqid('match', true));
[173] Fix | Delete
[174] Fix | Delete
$template = array(
[175] Fix | Delete
"[$paramKey]" => '<em>',
[176] Fix | Delete
"[/$paramKey]" => '</em>',
[177] Fix | Delete
"[$matchKey]" => '<strong>',
[178] Fix | Delete
"[/$matchKey]" => '</strong>',
[179] Fix | Delete
);
[180] Fix | Delete
$highlightParamFormat = "[$paramKey]%s[/$paramKey]";
[181] Fix | Delete
$highlightMatchFormat = "[$matchKey]%s[/$matchKey]";
[182] Fix | Delete
$requestOut = esc_html($request->highlightFailedParams($failedRules, $highlightParamFormat, $highlightMatchFormat));
[183] Fix | Delete
[184] Fix | Delete
echo str_replace(array_keys($template), $template, $requestOut) ?></pre>
[185] Fix | Delete
[186] Fix | Delete
<?php if ($failedRules): ?>
[187] Fix | Delete
<h4>Failed Rules</h4>
[188] Fix | Delete
<table class="wf-striped-table">
[189] Fix | Delete
<thead>
[190] Fix | Delete
<tr>
[191] Fix | Delete
<th>ID</th>
[192] Fix | Delete
<th>Category</th>
[193] Fix | Delete
</tr>
[194] Fix | Delete
</thead>
[195] Fix | Delete
<tbody>
[196] Fix | Delete
<?php
[197] Fix | Delete
foreach ($failedRules as $paramKey => $categories) {
[198] Fix | Delete
foreach ($categories as $categoryKey => $failed) {
[199] Fix | Delete
foreach ($failed as $failedRule) {
[200] Fix | Delete
/** @var wfWAFRule $rule */
[201] Fix | Delete
$rule = $failedRule['rule'];
[202] Fix | Delete
printf("<tr><td>%d</td><td>%s</td></tr>", $rule->getRuleID(), $rule->getDescription());
[203] Fix | Delete
}
[204] Fix | Delete
}
[205] Fix | Delete
}
[206] Fix | Delete
?>
[207] Fix | Delete
</tbody>
[208] Fix | Delete
</table>
[209] Fix | Delete
[210] Fix | Delete
<?php endif ?>
[211] Fix | Delete
[212] Fix | Delete
<p>
[213] Fix | Delete
<button type="button" id="run-waf-rules">Run Through WAF Rules</button>
[214] Fix | Delete
</p>
[215] Fix | Delete
[216] Fix | Delete
<script>
[217] Fix | Delete
document.getElementById('run-waf-rules').onclick = function() {
[218] Fix | Delete
document.location.href = document.location.href;
[219] Fix | Delete
}
[220] Fix | Delete
</script>
[221] Fix | Delete
[222] Fix | Delete
[223] Fix | Delete
</div>
[224] Fix | Delete
[225] Fix | Delete
</body>
[226] Fix | Delete
</html>
[227] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function