Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

[2] Fix | Delete

php_value auto_prepend_file ~/wp-content/plugins/wordfence/waf/bootstrap.php

[3] Fix | Delete

[4] Fix | Delete

[5] Fix | Delete

if (!defined('WFWAF_RUN_COMPLETE')) {

[6] Fix | Delete

[7] Fix | Delete

if (!defined('WFWAF_AUTO_PREPEND')) {

[8] Fix | Delete

define('WFWAF_AUTO_PREPEND', true);

[9] Fix | Delete

}

[10] Fix | Delete

if (!defined('WF_IS_WP_ENGINE')) {

[11] Fix | Delete

define('WF_IS_WP_ENGINE', isset($_SERVER['IS_WPE']));

[12] Fix | Delete

}

[13] Fix | Delete

if (!defined('WF_IS_FLYWHEEL')) {

[14] Fix | Delete

define('WF_IS_FLYWHEEL', isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Flywheel/') === 0);

[15] Fix | Delete

}

[16] Fix | Delete

if (!defined('WF_IS_PRESSABLE')) {

[17] Fix | Delete

define('WF_IS_PRESSABLE', (defined('IS_ATOMIC') && IS_ATOMIC) || (defined('IS_PRESSABLE') && IS_PRESSABLE));

[18] Fix | Delete

}

[19] Fix | Delete

[20] Fix | Delete

require(dirname(__FILE__) . '/../lib/wfVersionSupport.php');

[21] Fix | Delete

/**

[22] Fix | Delete

* @var string $wfPHPDeprecatingVersion

[23] Fix | Delete

* @var string $wfPHPMinimumVersion

[24] Fix | Delete

[25] Fix | Delete

[26] Fix | Delete

if (!defined('WF_PHP_UNSUPPORTED')) {

[27] Fix | Delete

define('WF_PHP_UNSUPPORTED', version_compare(PHP_VERSION, $wfPHPMinimumVersion, '<'));

[28] Fix | Delete

}

[29] Fix | Delete

[30] Fix | Delete

if (WF_PHP_UNSUPPORTED) {

[31] Fix | Delete

return;

[32] Fix | Delete

}

[33] Fix | Delete

[34] Fix | Delete

[35] Fix | Delete

[36] Fix | Delete

require_once(dirname(__FILE__) . '/wfWAFUserIPRange.php');

[37] Fix | Delete

require_once(dirname(__FILE__) . '/wfWAFIPBlocksController.php');

[38] Fix | Delete

require_once(dirname(__FILE__) . '/../vendor/wordfence/wf-waf/src/init.php');

[39] Fix | Delete

[40] Fix | Delete

class wfWAFWordPressRequest extends wfWAFRequest {

[41] Fix | Delete

[42] Fix | Delete

/**

[43] Fix | Delete

* @param wfWAFRequest|null $request

[44] Fix | Delete

* @return wfWAFRequest

[45] Fix | Delete

[46] Fix | Delete

public static function createFromGlobals($request = null) {

[47] Fix | Delete

if (version_compare(phpversion(), '5.3.0') >= 0) {

[48] Fix | Delete

$class = get_called_class();

[49] Fix | Delete

$request = new $class();

[50] Fix | Delete

} else {

[51] Fix | Delete

$request = new self();

[52] Fix | Delete

}

[53] Fix | Delete

return parent::createFromGlobals($request);

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

public function getIP() {

[57] Fix | Delete

static $theIP = null;

[58] Fix | Delete

if (isset($theIP)) {

[59] Fix | Delete

return $theIP;

[60] Fix | Delete

}

[61] Fix | Delete

$ips = array();

[62] Fix | Delete

$howGet = wfWAF::getInstance()->getStorageEngine()->getConfig('howGetIPs', null, 'synced');

[63] Fix | Delete

if ($howGet) {

[64] Fix | Delete

if (is_string($howGet) && is_array($_SERVER) && array_key_exists($howGet, $_SERVER)) {

[65] Fix | Delete

$ips[] = array($_SERVER[$howGet], $howGet);

[66] Fix | Delete

}

[67] Fix | Delete

[68] Fix | Delete

if ($howGet != 'REMOTE_ADDR') {

[69] Fix | Delete

$ips[] = array((is_array($_SERVER) && array_key_exists('REMOTE_ADDR', $_SERVER)) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'REMOTE_ADDR');

[70] Fix | Delete

}

[71] Fix | Delete

}

[72] Fix | Delete

else {

[73] Fix | Delete

$recommendedField = wfWAF::getInstance()->getStorageEngine()->getConfig('detectProxyRecommendation', null, 'synced');

[74] Fix | Delete

if (!empty($recommendedField) && $recommendedField != 'UNKNOWN' && $recommendedField != 'DEFERRED') {

[75] Fix | Delete

if (isset($_SERVER[$recommendedField])) {

[76] Fix | Delete

$ips[] = array($_SERVER[$recommendedField], $recommendedField);

[77] Fix | Delete

}

[78] Fix | Delete

}

[79] Fix | Delete

[80] Fix | Delete

$ips[] = array((is_array($_SERVER) && array_key_exists('REMOTE_ADDR', $_SERVER)) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'REMOTE_ADDR');

[81] Fix | Delete

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {

[82] Fix | Delete

$ips[] = array($_SERVER['HTTP_X_FORWARDED_FOR'], 'HTTP_X_FORWARDED_FOR');

[83] Fix | Delete

}

[84] Fix | Delete

if (isset($_SERVER['HTTP_X_REAL_IP'])) {

[85] Fix | Delete

$ips[] = array($_SERVER['HTTP_X_REAL_IP'], 'HTTP_X_REAL_IP');

[86] Fix | Delete

}

[87] Fix | Delete

}

[88] Fix | Delete

[89] Fix | Delete

$cleanedIP = $this->_getCleanIPAndServerVar($ips);

[90] Fix | Delete

if (is_array($cleanedIP)) {

[91] Fix | Delete

list($ip, $variable) = $cleanedIP;

[92] Fix | Delete

$theIP = $ip;

[93] Fix | Delete

return $ip;

[94] Fix | Delete

}

[95] Fix | Delete

$theIP = $cleanedIP;

[96] Fix | Delete

return $cleanedIP;

[97] Fix | Delete

}

[98] Fix | Delete

[99] Fix | Delete

/**

[100] Fix | Delete

* Expects an array of items. The items are either IPs or IPs separated by comma, space or tab. Or an array of IP's.

[101] Fix | Delete

* We then examine all IP's looking for a public IP and storing private IP's in an array. If we find no public IPs we return the first private addr we found.

[102] Fix | Delete

[103] Fix | Delete

* @param array $arr

[104] Fix | Delete

* @return bool|mixed

[105] Fix | Delete

[106] Fix | Delete

private function _getCleanIPAndServerVar($arr) {

[107] Fix | Delete

$privates = array(); //Store private addrs until end as last resort.

[108] Fix | Delete

foreach ($arr as $entry) {

[109] Fix | Delete

list($item, $var) = $entry;

[110] Fix | Delete

if (is_array($item)) {

[111] Fix | Delete

foreach ($item as $j) {

[112] Fix | Delete

// try verifying the IP is valid before stripping the port off

[113] Fix | Delete

if (!$this->_isValidIP($j)) {

[114] Fix | Delete

$j = preg_replace('/:\d+$/', '', $j); //Strip off port

[115] Fix | Delete

}

[116] Fix | Delete

if ($this->_isValidIP($j)) {

[117] Fix | Delete

if ($this->_isIPv6MappedIPv4($j)) {

[118] Fix | Delete

$j = wfWAFUtils::inet_ntop(wfWAFUtils::inet_pton($j));

[119] Fix | Delete

}

[120] Fix | Delete

[121] Fix | Delete

if ($this->_isPrivateIP($j)) {

[122] Fix | Delete

$privates[] = array($j, $var);

[123] Fix | Delete

}

[124] Fix | Delete

else {

[125] Fix | Delete

return array($j, $var);

[126] Fix | Delete

}

[127] Fix | Delete

}

[128] Fix | Delete

}

[129] Fix | Delete

continue; //This was an array so we can skip to the next item

[130] Fix | Delete

}

[131] Fix | Delete

$skipToNext = false;

[132] Fix | Delete

$trustedProxyConfig = wfWAF::getInstance()->getStorageEngine()->getConfig('howGetIPs_trusted_proxies_unified', null, 'synced');

[133] Fix | Delete

$trustedProxies = $trustedProxyConfig === null ? array() : explode("\n", $trustedProxyConfig);

[134] Fix | Delete

foreach (array(',', ' ', "\t") as $char) {

[135] Fix | Delete

if (strpos($item, $char) !== false) {

[136] Fix | Delete

$sp = explode($char, $item);

[137] Fix | Delete

$sp = array_reverse($sp);

[138] Fix | Delete

foreach ($sp as $index => $j) {

[139] Fix | Delete

$j = trim($j);

[140] Fix | Delete

if (!$this->_isValidIP($j)) {

[141] Fix | Delete

$j = preg_replace('/:\d+$/', '', $j); //Strip off port

[142] Fix | Delete

}

[143] Fix | Delete

if ($this->_isValidIP($j)) {

[144] Fix | Delete

if ($this->_isIPv6MappedIPv4($j)) {

[145] Fix | Delete

$j = wfWAFUtils::inet_ntop(wfWAFUtils::inet_pton($j));

[146] Fix | Delete

}

[147] Fix | Delete

[148] Fix | Delete

foreach ($trustedProxies as $proxy) {

[149] Fix | Delete

if (!empty($proxy)) {

[150] Fix | Delete

if (wfWAFUtils::subnetContainsIP($proxy, $j) && $index < count($sp) - 1) {

[151] Fix | Delete

continue 2;

[152] Fix | Delete

}

[153] Fix | Delete

}

[154] Fix | Delete

}

[155] Fix | Delete

[156] Fix | Delete

if ($this->_isPrivateIP($j)) {

[157] Fix | Delete

$privates[] = array($j, $var);

[158] Fix | Delete

}

[159] Fix | Delete

else {

[160] Fix | Delete

return array($j, $var);

[161] Fix | Delete

}

[162] Fix | Delete

}

[163] Fix | Delete

}

[164] Fix | Delete

$skipToNext = true;

[165] Fix | Delete

break;

[166] Fix | Delete

}

[167] Fix | Delete

}

[168] Fix | Delete

if ($skipToNext){ continue; } //Skip to next item because this one had a comma, space or tab so was delimited and we didn't find anything.

[169] Fix | Delete

[170] Fix | Delete

if (!$this->_isValidIP($item)) {

[171] Fix | Delete

$item = preg_replace('/:\d+$/', '', $item); //Strip off port

[172] Fix | Delete

}

[173] Fix | Delete

if ($this->_isValidIP($item)) {

[174] Fix | Delete

if ($this->_isIPv6MappedIPv4($item)) {

[175] Fix | Delete

$item = wfWAFUtils::inet_ntop(wfWAFUtils::inet_pton($item));

[176] Fix | Delete

}

[177] Fix | Delete

[178] Fix | Delete

if ($this->_isPrivateIP($item)) {

[179] Fix | Delete

$privates[] = array($item, $var);

[180] Fix | Delete

}

[181] Fix | Delete

else {

[182] Fix | Delete

return array($item, $var);

[183] Fix | Delete

}

[184] Fix | Delete

}

[185] Fix | Delete

}

[186] Fix | Delete

if (sizeof($privates) > 0) {

[187] Fix | Delete

return $privates[0]; //Return the first private we found so that we respect the order the IP's were passed to this function.

[188] Fix | Delete

}

[189] Fix | Delete

return false;

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

/**

[193] Fix | Delete

* @param string $ip

[194] Fix | Delete

* @return bool

[195] Fix | Delete

[196] Fix | Delete

private function _isValidIP($ip) {

[197] Fix | Delete

return filter_var($ip, FILTER_VALIDATE_IP) !== false;

[198] Fix | Delete

}

[199] Fix | Delete

[200] Fix | Delete

/**

[201] Fix | Delete

* @param string $ip

[202] Fix | Delete

* @return bool

[203] Fix | Delete

[204] Fix | Delete

private function _isIPv6MappedIPv4($ip) {

[205] Fix | Delete

return preg_match('/^(?:\:(?:\:0{1,4}){0,4}\:|(?:0{1,4}\:){5})ffff\:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/i', $ip) > 0;

[206] Fix | Delete

}

[207] Fix | Delete

[208] Fix | Delete

/**

[209] Fix | Delete

* @param string $addr Should be in dot or colon notation (127.0.0.1 or ::1)

[210] Fix | Delete

* @return bool

[211] Fix | Delete

[212] Fix | Delete

private function _isPrivateIP($ip) {

[213] Fix | Delete

// Run this through the preset list for IPv4 addresses.

[214] Fix | Delete

if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {

[215] Fix | Delete

$wordfenceLib = realpath(dirname(__FILE__) . '/../lib');

[216] Fix | Delete

include($wordfenceLib . '/wfIPWhitelist.php'); // defines $wfIPWhitelist

[217] Fix | Delete

$private = $wfIPWhitelist['private'];

[218] Fix | Delete

[219] Fix | Delete

foreach ($private as $a) {

[220] Fix | Delete

if (wfWAFUtils::subnetContainsIP($a, $ip)) {

[221] Fix | Delete

return true;

[222] Fix | Delete

}

[223] Fix | Delete

}

[224] Fix | Delete

}

[225] Fix | Delete

[226] Fix | Delete

return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6) !== false

[227] Fix | Delete

&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false;

[228] Fix | Delete

}

[229] Fix | Delete

}

[230] Fix | Delete

[231] Fix | Delete

class wfWAFWordPressObserver extends wfWAFBaseObserver {

[232] Fix | Delete

[233] Fix | Delete

private $waf;

[234] Fix | Delete

[235] Fix | Delete

public function __construct($waf){

[236] Fix | Delete

$this->waf=$waf;

[237] Fix | Delete

}

[238] Fix | Delete

[239] Fix | Delete

public function beforeRunRules() {

[240] Fix | Delete

// Whitelisted URLs (in WAF config)

[241] Fix | Delete

$whitelistedURLs = wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLs', null, 'livewaf');

[242] Fix | Delete

if ($whitelistedURLs) {

[243] Fix | Delete

$whitelistPattern = "";

[244] Fix | Delete

foreach ($whitelistedURLs as $whitelistedURL) {

[245] Fix | Delete

$whitelistPattern .= preg_replace('/\\\\\*/', '.*?', preg_quote($whitelistedURL, '/')) . '|';

[246] Fix | Delete

}

[247] Fix | Delete

$whitelistPattern = '/^(?:' . wfWAFUtils::substr($whitelistPattern, 0, -1) . ')$/i';

[248] Fix | Delete

[249] Fix | Delete

wfWAFRule::create(wfWAF::getInstance(), 0x8000000, 'rule', 'whitelist', 0, 'User Supplied Allowlisted URL', 'allow',

[250] Fix | Delete

new wfWAFRuleComparisonGroup(

[251] Fix | Delete

new wfWAFRuleComparison(wfWAF::getInstance(), 'match', $whitelistPattern, array(

[252] Fix | Delete

'request.uri',

[253] Fix | Delete

))

[254] Fix | Delete

)

[255] Fix | Delete

)->evaluate();

[256] Fix | Delete

}

[257] Fix | Delete

[258] Fix | Delete

// Whitelisted IPs (Wordfence config)

[259] Fix | Delete

$whitelistedIPs = wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedIPs', null, 'synced');

[260] Fix | Delete

if ($whitelistedIPs) {

[261] Fix | Delete

if (!is_array($whitelistedIPs)) {

[262] Fix | Delete

$whitelistedIPs = explode(',', $whitelistedIPs);

[263] Fix | Delete

}

[264] Fix | Delete

foreach ($whitelistedIPs as $whitelistedIP) {

[265] Fix | Delete

$ipRange = new wfWAFUserIPRange($whitelistedIP);

[266] Fix | Delete

if ($ipRange->isIPInRange(wfWAF::getInstance()->getRequest()->getIP())) {

[267] Fix | Delete

throw new wfWAFAllowException('Wordfence allowlisted IP.');

[268] Fix | Delete

}

[269] Fix | Delete

}

[270] Fix | Delete

}

[271] Fix | Delete

[272] Fix | Delete

// Check plugin blocking

[273] Fix | Delete

if ($result = wfWAF::getInstance()->willPerformFinalAction(wfWAF::getInstance()->getRequest())) {

[274] Fix | Delete

if ($result === true) { $result = 'Not available'; } // Should not happen but can if the reason in the blocks table is empty

[275] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('finalAction' => $result)));

[276] Fix | Delete

}

[277] Fix | Delete

}

[278] Fix | Delete

[279] Fix | Delete

public function afterRunRules()

[280] Fix | Delete

{

[281] Fix | Delete

//Blacklist

[282] Fix | Delete

if (!wfWAF::getInstance()->getStorageEngine()->getConfig('disableWAFBlacklistBlocking')) {

[283] Fix | Delete

$blockedPrefixes = wfWAF::getInstance()->getStorageEngine()->getConfig('blockedPrefixes', null, 'transient');

[284] Fix | Delete

if ($blockedPrefixes && wfWAF::getInstance()->getStorageEngine()->getConfig('isPaid', null, 'synced')) {

[285] Fix | Delete

$blockedPrefixes = base64_decode($blockedPrefixes);

[286] Fix | Delete

if ($this->_prefixListContainsIP($blockedPrefixes, wfWAF::getInstance()->getRequest()->getIP()) !== false) {

[287] Fix | Delete

$allowedCacheJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('blacklistAllowedCache', '', 'transient');

[288] Fix | Delete

$allowedCache = @json_decode($allowedCacheJSON, true);

[289] Fix | Delete

if (!is_array($allowedCache)) {

[290] Fix | Delete

$allowedCache = array();

[291] Fix | Delete

}

[292] Fix | Delete

[293] Fix | Delete

$cacheTest = base64_encode(wfWAFUtils::inet_pton(wfWAF::getInstance()->getRequest()->getIP()));

[294] Fix | Delete

if (!in_array($cacheTest, $allowedCache)) {

[295] Fix | Delete

$guessSiteURL = sprintf('%s://%s/', wfWAF::getInstance()->getRequest()->getProtocol(), wfWAF::getInstance()->getRequest()->getHost());

[296] Fix | Delete

try {

[297] Fix | Delete

$request = new wfWAFHTTP();

[298] Fix | Delete

$response = wfWAFHTTP::get(WFWAF_API_URL_SEC . "?" . http_build_query(array(

[299] Fix | Delete

'action' => 'is_ip_blacklisted',

[300] Fix | Delete

'ip' => wfWAF::getInstance()->getRequest()->getIP(),

[301] Fix | Delete

'k' => wfWAF::getInstance()->getStorageEngine()->getConfig('apiKey', null, 'synced'),

[302] Fix | Delete

's' => wfWAF::getInstance()->getStorageEngine()->getConfig('siteURL', null, 'synced') ? wfWAF::getInstance()->getStorageEngine()->getConfig('siteURL', null, 'synced') : $guessSiteURL,

[303] Fix | Delete

'h' => wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL', null, 'synced') ? wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL', null, 'synced') : $guessSiteURL,

[304] Fix | Delete

't' => microtime(true),

[305] Fix | Delete

'lang' => wfWAF::getInstance()->getStorageEngine()->getConfig('WPLANG', null, 'synced'),

[306] Fix | Delete

), '', '&'), $request);

[307] Fix | Delete

[308] Fix | Delete

if ($response instanceof wfWAFHTTPResponse && $response->getBody()) {

[309] Fix | Delete

$jsonData = wfWAFUtils::json_decode($response->getBody(), true);

[310] Fix | Delete

if (is_array($jsonData) && array_key_exists('data', $jsonData)) {

[311] Fix | Delete

if (preg_match('/^block:(\d+)$/i', $jsonData['data'], $matches)) {

[312] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->blockIP((int)$matches[1] + time(), wfWAF::getInstance()->getRequest()->getIP(), wfWAFStorageInterface::IP_BLOCKS_BLACKLIST);

[313] Fix | Delete

$e = new wfWAFBlockException();

[314] Fix | Delete

$e->setFailedRules(array('blocked'));

[315] Fix | Delete

$e->setRequest(wfWAF::getInstance()->getRequest());

[316] Fix | Delete

throw $e;

[317] Fix | Delete

}

[318] Fix | Delete

else { //Allowed, cache until the next prefix list refresh

[319] Fix | Delete

$allowedCache[] = $cacheTest;

[320] Fix | Delete

wfWAF::getInstance()->getStorageEngine()->setConfig('blacklistAllowedCache', json_encode($allowedCache), 'transient');

[321] Fix | Delete

}

[322] Fix | Delete

}

[323] Fix | Delete

}

[324] Fix | Delete

} catch (wfWAFHTTPTransportException $e) {

[325] Fix | Delete

error_log($e->getMessage());

[326] Fix | Delete

}

[327] Fix | Delete

}

[328] Fix | Delete

}

[329] Fix | Delete

}

[330] Fix | Delete

}

[331] Fix | Delete

[332] Fix | Delete

$watchedIPs = wfWAF::getInstance()->getStorageEngine()->getConfig('watchedIPs', null, 'transient');

[333] Fix | Delete

if ($watchedIPs) {

[334] Fix | Delete

if (!is_array($watchedIPs)) {

[335] Fix | Delete

$watchedIPs = explode(',', $watchedIPs);

[336] Fix | Delete

}

[337] Fix | Delete

foreach ($watchedIPs as $watchedIP) {

[338] Fix | Delete

$ipRange = new wfWAFUserIPRange($watchedIP);

[339] Fix | Delete

if ($ipRange->isIPInRange(wfWAF::getInstance()->getRequest()->getIP())) {

[340] Fix | Delete

$this->waf->recordLogEvent(new wfWAFLogEvent());

[341] Fix | Delete

}

[342] Fix | Delete

}

[343] Fix | Delete

}

[344] Fix | Delete

[345] Fix | Delete

if ($reason = wfWAF::getInstance()->getRequest()->getMetadata('finalAction')) {

[346] Fix | Delete

$e = new wfWAFBlockException($reason['action']);

[347] Fix | Delete

$e->setRequest(wfWAF::getInstance()->getRequest());

[348] Fix | Delete

throw $e;

[349] Fix | Delete

}

[350] Fix | Delete

}

[351] Fix | Delete

[352] Fix | Delete

private function _prefixListContainsIP($prefixList, $ip) {

[353] Fix | Delete

$size = ord(wfWAFUtils::substr($prefixList, 0, 1));

[354] Fix | Delete

[355] Fix | Delete

$sha256 = hash('sha256', wfWAFUtils::inet_pton($ip), true);

[356] Fix | Delete

$p = wfWAFUtils::substr($sha256, 0, $size);

[357] Fix | Delete

[358] Fix | Delete

$count = ceil((wfWAFUtils::strlen($prefixList) - 1) / $size);

[359] Fix | Delete

$low = 0;

[360] Fix | Delete

$high = $count - 1;

[361] Fix | Delete

[362] Fix | Delete

while ($low <= $high) {

[363] Fix | Delete

$mid = (int) (($high + $low) / 2);

[364] Fix | Delete

$val = wfWAFUtils::substr($prefixList, 1 + $mid * $size, $size);

[365] Fix | Delete

$cmp = strcmp($val, $p);

[366] Fix | Delete

if ($cmp < 0) {

[367] Fix | Delete

$low = $mid + 1;

[368] Fix | Delete

}

[369] Fix | Delete

else if ($cmp > 0) {

[370] Fix | Delete

$high = $mid - 1;

[371] Fix | Delete

}

[372] Fix | Delete

else {

[373] Fix | Delete

return $mid;

[374] Fix | Delete

}

[375] Fix | Delete

}

[376] Fix | Delete

[377] Fix | Delete

return false;

[378] Fix | Delete

}

[379] Fix | Delete

}

[380] Fix | Delete

[381] Fix | Delete

/**

[382] Fix | Delete

[383] Fix | Delete

[384] Fix | Delete

class wfWAFWordPress extends wfWAF {

[385] Fix | Delete

[386] Fix | Delete

/** @var wfWAFRunException */

[387] Fix | Delete

private $learningModeAttackException;

[388] Fix | Delete

[389] Fix | Delete

/**

[390] Fix | Delete

* @param wfWAFBlockException $e

[391] Fix | Delete

* @param int $httpCode

[392] Fix | Delete

[393] Fix | Delete

public function blockAction($e, $httpCode = 403, $redirect = false, $template = null) {

[394] Fix | Delete

$failedRules = $e->getFailedRules();

[395] Fix | Delete

if (!is_array($failedRules)) {

[396] Fix | Delete

$failedRules = array();

[397] Fix | Delete

}

[398] Fix | Delete

[399] Fix | Delete

if ($this->isInLearningMode() && !$e->getRequest()->getMetadata('finalAction') && !in_array('blocked', $failedRules)) {

[400] Fix | Delete

register_shutdown_function(array(

[401] Fix | Delete

$this, 'whitelistFailedRulesIfNot404',

[402] Fix | Delete

));

[403] Fix | Delete

$this->getStorageEngine()->logAttack($e->getFailedRules(), $e->getParamKey(), $e->getParamValue(), $e->getRequest());

[404] Fix | Delete

$this->setLearningModeAttackException($e);

[405] Fix | Delete

} else {

[406] Fix | Delete

if (empty($failedRules)) {

[407] Fix | Delete

$finalAction = $e->getRequest()->getMetadata('finalAction');

[408] Fix | Delete

if (is_array($finalAction)) {

[409] Fix | Delete

$isLockedOut = isset($finalAction['lockout']) && $finalAction['lockout'];

[410] Fix | Delete

$finalAction = $finalAction['action'];

[411] Fix | Delete

if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY_REDIR) {

[412] Fix | Delete

$redirect = wfWAFIPBlocksController::currentController()->countryRedirURL();

[413] Fix | Delete

}

[414] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY_BYPASS_REDIR) {

[415] Fix | Delete

$redirect = wfWAFIPBlocksController::currentController()->countryBypassRedirURL();

[416] Fix | Delete

}

[417] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_UAREFIPRANGE) {

[418] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('503Reason' => 'Advanced blocking in effect.', '503Time' => 3600)));

[419] Fix | Delete

$httpCode = 503;

[420] Fix | Delete

}

[421] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY) {

[422] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('503Reason' => 'Access from your area has been temporarily limited for security reasons.', '503Time' => 3600)));

[423] Fix | Delete

$httpCode = 503;

[424] Fix | Delete

}

[425] Fix | Delete

else if (is_string($finalAction) && strlen($finalAction) > 0) {

[426] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('503Reason' => $finalAction, '503Time' => 3600)));

[427] Fix | Delete

$httpCode = 503;

[428] Fix | Delete

[429] Fix | Delete

if ($isLockedOut) {

[430] Fix | Delete

parent::blockAction($e, $httpCode, $redirect, '503-lockout'); //exits

[431] Fix | Delete

}

[432] Fix | Delete

}

[433] Fix | Delete

}

[434] Fix | Delete

}

[435] Fix | Delete

else if (array_search('blocked', $failedRules) !== false) {

[436] Fix | Delete

parent::blockAction($e, $httpCode, $redirect, '403-blacklist'); //exits

[437] Fix | Delete

}

[438] Fix | Delete

[439] Fix | Delete

parent::blockAction($e, $httpCode, $redirect, $template);

[440] Fix | Delete

}

[441] Fix | Delete

}

[442] Fix | Delete

[443] Fix | Delete

/**

[444] Fix | Delete

* @param wfWAFBlockXSSException $e

[445] Fix | Delete

* @param int $httpCode

[446] Fix | Delete

[447] Fix | Delete

public function blockXSSAction($e, $httpCode = 403, $redirect = false) {

[448] Fix | Delete

if ($this->isInLearningMode() && !$e->getRequest()->getMetadata('finalAction')) {

[449] Fix | Delete

register_shutdown_function(array(

[450] Fix | Delete

$this, 'whitelistFailedRulesIfNot404',

[451] Fix | Delete

));

[452] Fix | Delete

$this->getStorageEngine()->logAttack($e->getFailedRules(), $e->getParamKey(), $e->getParamValue(), $e->getRequest());

[453] Fix | Delete

$this->setLearningModeAttackException($e);

[454] Fix | Delete

} else {

[455] Fix | Delete

$failedRules = $e->getFailedRules();

[456] Fix | Delete

if (empty($failedRules)) {

[457] Fix | Delete

$finalAction = $e->getRequest()->getMetadata('finalAction');

[458] Fix | Delete

if (is_array($finalAction)) {

[459] Fix | Delete

$finalAction = $finalAction['action'];

[460] Fix | Delete

if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY_REDIR) {

[461] Fix | Delete

$redirect = wfWAFIPBlocksController::currentController()->countryRedirURL();

[462] Fix | Delete

}

[463] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY_BYPASS_REDIR) {

[464] Fix | Delete

$redirect = wfWAFIPBlocksController::currentController()->countryBypassRedirURL();

[465] Fix | Delete

}

[466] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_UAREFIPRANGE) {

[467] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('503Reason' => 'Advanced blocking in effect.', '503Time' => 3600)));

[468] Fix | Delete

$httpCode = 503;

[469] Fix | Delete

}

[470] Fix | Delete

else if ($finalAction == wfWAFIPBlocksController::WFWAF_BLOCK_COUNTRY) {

[471] Fix | Delete

[472] Fix | Delete

$httpCode = 503;

[473] Fix | Delete

}

[474] Fix | Delete

else if (is_string($finalAction) && strlen($finalAction) > 0) {

[475] Fix | Delete

wfWAF::getInstance()->getRequest()->setMetadata(array_merge(wfWAF::getInstance()->getRequest()->getMetadata(), array('503Reason' => $finalAction, '503Time' => 3600)));

[476] Fix | Delete

$httpCode = 503;

[477] Fix | Delete

}

[478] Fix | Delete

}

[479] Fix | Delete

}

[480] Fix | Delete

[481] Fix | Delete

parent::blockXSSAction($e, $httpCode, $redirect);

[482] Fix | Delete

}

[483] Fix | Delete

}

[484] Fix | Delete

[485] Fix | Delete

private function isCli() {

[486] Fix | Delete

return (php_sapi_name()==='cli') || !array_key_exists('REQUEST_METHOD', $_SERVER);

[487] Fix | Delete

}

[488] Fix | Delete

[489] Fix | Delete

/**

[490] Fix | Delete

[491] Fix | Delete

[492] Fix | Delete

public function runCron() {

[493] Fix | Delete

if($this->isCli()){

[494] Fix | Delete

return;

[495] Fix | Delete

}

[496] Fix | Delete

/**

[497] Fix | Delete

* Removed sending attack data. Attack data is sent in @see wordfence::veryFirstAction

[498] Fix | Delete

[499] Fix | Delete

12 3