Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/wp-conte.../plugins/wordfenc.../modules/login-se.../classes/controll...
File: whitelist.php
<?php
[0] Fix | Delete
[1] Fix | Delete
namespace WordfenceLS;
[2] Fix | Delete
[3] Fix | Delete
class Controller_Whitelist {
[4] Fix | Delete
private $_cachedStatus = array();
[5] Fix | Delete
[6] Fix | Delete
/**
[7] Fix | Delete
* Returns the singleton Controller_Whitelist.
[8] Fix | Delete
*
[9] Fix | Delete
* @return Controller_Whitelist
[10] Fix | Delete
*/
[11] Fix | Delete
public static function shared() {
[12] Fix | Delete
static $_shared = null;
[13] Fix | Delete
if ($_shared === null) {
[14] Fix | Delete
$_shared = new Controller_Whitelist();
[15] Fix | Delete
}
[16] Fix | Delete
return $_shared;
[17] Fix | Delete
}
[18] Fix | Delete
[19] Fix | Delete
public function is_whitelisted($ip) {
[20] Fix | Delete
$ipHash = hash('sha256', Model_IP::inet_pton($ip));
[21] Fix | Delete
if (isset($this->_cachedStatus[$ipHash])) {
[22] Fix | Delete
return $this->_cachedStatus[$ipHash];
[23] Fix | Delete
}
[24] Fix | Delete
[25] Fix | Delete
$whitelist = Controller_Settings::shared()->whitelisted_ips();
[26] Fix | Delete
foreach ($whitelist as $entry) {
[27] Fix | Delete
if ($this->ip_in_range($ip, $entry)) {
[28] Fix | Delete
$this->_cachedStatus[$ipHash] = true;
[29] Fix | Delete
return true;
[30] Fix | Delete
}
[31] Fix | Delete
}
[32] Fix | Delete
$this->_cachedStatus[$ipHash] = false;
[33] Fix | Delete
return false;
[34] Fix | Delete
}
[35] Fix | Delete
[36] Fix | Delete
/**
[37] Fix | Delete
* Check if the supplied IP address is within the user supplied range.
[38] Fix | Delete
*
[39] Fix | Delete
* @param string $ip
[40] Fix | Delete
* @return bool
[41] Fix | Delete
*/
[42] Fix | Delete
public function ip_in_range($ip, $range) {
[43] Fix | Delete
if (strpos($range, '/') !== false) { //CIDR range -- 127.0.0.1/24
[44] Fix | Delete
return $this->_cidr_contains_ip($range, $ip);
[45] Fix | Delete
}
[46] Fix | Delete
else if (strpos($range, '[') !== false) { //Bracketed range -- 127.0.0.[1-100]
[47] Fix | Delete
// IPv4 range
[48] Fix | Delete
if (strpos($range, '.') !== false && strpos($ip, '.') !== false) {
[49] Fix | Delete
// IPv4-mapped-IPv6
[50] Fix | Delete
if (preg_match('/:ffff:([^:]+)$/i', $range, $matches)) {
[51] Fix | Delete
$range = $matches[1];
[52] Fix | Delete
}
[53] Fix | Delete
if (preg_match('/:ffff:([^:]+)$/i', $ip, $matches)) {
[54] Fix | Delete
$ip = $matches[1];
[55] Fix | Delete
}
[56] Fix | Delete
[57] Fix | Delete
// Range check
[58] Fix | Delete
if (preg_match('/\[\d+\-\d+\]/', $range)) {
[59] Fix | Delete
$ipParts = explode('.', $ip);
[60] Fix | Delete
$whiteParts = explode('.', $range);
[61] Fix | Delete
$mismatch = false;
[62] Fix | Delete
if (count($whiteParts) != 4 || count($ipParts) != 4) {
[63] Fix | Delete
return false;
[64] Fix | Delete
}
[65] Fix | Delete
[66] Fix | Delete
for ($i = 0; $i <= 3; $i++) {
[67] Fix | Delete
if (preg_match('/^\[(\d+)\-(\d+)\]$/', $whiteParts[$i], $m)) {
[68] Fix | Delete
if ($ipParts[$i] < $m[1] || $ipParts[$i] > $m[2]) {
[69] Fix | Delete
$mismatch = true;
[70] Fix | Delete
}
[71] Fix | Delete
}
[72] Fix | Delete
else if ($whiteParts[$i] != $ipParts[$i]) {
[73] Fix | Delete
$mismatch = true;
[74] Fix | Delete
}
[75] Fix | Delete
}
[76] Fix | Delete
if ($mismatch === false) {
[77] Fix | Delete
return true; // Is whitelisted because we did not get a mismatch
[78] Fix | Delete
}
[79] Fix | Delete
}
[80] Fix | Delete
else if ($range == $ip) {
[81] Fix | Delete
return true;
[82] Fix | Delete
}
[83] Fix | Delete
[84] Fix | Delete
// IPv6 range
[85] Fix | Delete
}
[86] Fix | Delete
else if (strpos($range, ':') !== false && strpos($ip, ':') !== false) {
[87] Fix | Delete
$ip = strtolower(Model_IP::expand_ipv6_address($ip));
[88] Fix | Delete
$range = strtolower($this->_expand_ipv6_range($range));
[89] Fix | Delete
if (preg_match('/\[[a-f0-9]+\-[a-f0-9]+\]/i', $range)) {
[90] Fix | Delete
$IPparts = explode(':', $ip);
[91] Fix | Delete
$whiteParts = explode(':', $range);
[92] Fix | Delete
$mismatch = false;
[93] Fix | Delete
if (count($whiteParts) != 8 || count($IPparts) != 8) {
[94] Fix | Delete
return false;
[95] Fix | Delete
}
[96] Fix | Delete
[97] Fix | Delete
for ($i = 0; $i <= 7; $i++) {
[98] Fix | Delete
if (preg_match('/^\[([a-f0-9]+)\-([a-f0-9]+)\]$/i', $whiteParts[$i], $m)) {
[99] Fix | Delete
$ip_group = hexdec($IPparts[$i]);
[100] Fix | Delete
$range_group_from = hexdec($m[1]);
[101] Fix | Delete
$range_group_to = hexdec($m[2]);
[102] Fix | Delete
if ($ip_group < $range_group_from || $ip_group > $range_group_to) {
[103] Fix | Delete
$mismatch = true;
[104] Fix | Delete
break;
[105] Fix | Delete
}
[106] Fix | Delete
}
[107] Fix | Delete
else if ($whiteParts[$i] != $IPparts[$i]) {
[108] Fix | Delete
$mismatch = true;
[109] Fix | Delete
break;
[110] Fix | Delete
}
[111] Fix | Delete
}
[112] Fix | Delete
if ($mismatch === false) {
[113] Fix | Delete
return true; // Is whitelisted because we did not get a mismatch
[114] Fix | Delete
}
[115] Fix | Delete
}
[116] Fix | Delete
else if ($range == $ip) {
[117] Fix | Delete
return true;
[118] Fix | Delete
}
[119] Fix | Delete
}
[120] Fix | Delete
}
[121] Fix | Delete
else if (strpos($range, '-') !== false) { //Linear range -- 127.0.0.1 - 127.0.1.100
[122] Fix | Delete
list($ip1, $ip2) = explode('-', $range);
[123] Fix | Delete
$ip1N = Model_IP::inet_pton($ip1);
[124] Fix | Delete
$ip2N = Model_IP::inet_pton($ip2);
[125] Fix | Delete
$ipN = Model_IP::inet_pton($ip);
[126] Fix | Delete
return (strcmp($ip1N, $ipN) <= 0 && strcmp($ip2N, $ipN) >= 0);
[127] Fix | Delete
}
[128] Fix | Delete
else { //Treat as a literal IP
[129] Fix | Delete
$ip1 = Model_IP::inet_pton($range);
[130] Fix | Delete
$ip2 = Model_IP::inet_pton($ip);
[131] Fix | Delete
if ($ip1 !== false && $ip1 === $ip2) {
[132] Fix | Delete
return true;
[133] Fix | Delete
}
[134] Fix | Delete
}
[135] Fix | Delete
[136] Fix | Delete
return false;
[137] Fix | Delete
}
[138] Fix | Delete
[139] Fix | Delete
/**
[140] Fix | Delete
* Utility
[141] Fix | Delete
*/
[142] Fix | Delete
[143] Fix | Delete
/**
[144] Fix | Delete
* Returns whether or not the CIDR-formatted subnet contains $ip.
[145] Fix | Delete
*
[146] Fix | Delete
* @param string $subnet
[147] Fix | Delete
* @param string $ip A human-readable IP.
[148] Fix | Delete
* @return bool
[149] Fix | Delete
*/
[150] Fix | Delete
protected function _cidr_contains_ip($subnet, $ip) {
[151] Fix | Delete
list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
[152] Fix | Delete
[153] Fix | Delete
if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
[154] Fix | Delete
// If no prefix was supplied, 32 is implied for IPv4
[155] Fix | Delete
if ($prefix === null) {
[156] Fix | Delete
$prefix = 32;
[157] Fix | Delete
}
[158] Fix | Delete
[159] Fix | Delete
// Validate the IPv4 network prefix
[160] Fix | Delete
if ($prefix < 0 || $prefix > 32) {
[161] Fix | Delete
return false;
[162] Fix | Delete
}
[163] Fix | Delete
[164] Fix | Delete
// Increase the IPv4 network prefix to work in the IPv6 address space
[165] Fix | Delete
$prefix += 96;
[166] Fix | Delete
}
[167] Fix | Delete
else {
[168] Fix | Delete
// If no prefix was supplied, 128 is implied for IPv6
[169] Fix | Delete
if ($prefix === null) {
[170] Fix | Delete
$prefix = 128;
[171] Fix | Delete
}
[172] Fix | Delete
[173] Fix | Delete
// Validate the IPv6 network prefix
[174] Fix | Delete
if ($prefix < 1 || $prefix > 128) {
[175] Fix | Delete
return false;
[176] Fix | Delete
}
[177] Fix | Delete
}
[178] Fix | Delete
[179] Fix | Delete
$bin_network = Model_Crypto::substr(Model_IP::inet_pton($network), 0, ceil($prefix / 8));
[180] Fix | Delete
$bin_ip = Model_Crypto::substr(Model_IP::inet_pton($ip), 0, ceil($prefix / 8));
[181] Fix | Delete
if ($prefix % 8 != 0) { //Adjust the last relevant character to fit the mask length since the character's bits are split over it
[182] Fix | Delete
$pos = intval($prefix / 8);
[183] Fix | Delete
$adjustment = chr(((0xff << (8 - ($prefix % 8))) & 0xff));
[184] Fix | Delete
$bin_network[$pos] = ($bin_network[$pos] & $adjustment);
[185] Fix | Delete
$bin_ip[$pos] = ($bin_ip[$pos] & $adjustment);
[186] Fix | Delete
}
[187] Fix | Delete
[188] Fix | Delete
return ($bin_network === $bin_ip);
[189] Fix | Delete
}
[190] Fix | Delete
[191] Fix | Delete
/**
[192] Fix | Delete
* Expands a compressed printable range representation of an IPv6 address.
[193] Fix | Delete
*
[194] Fix | Delete
* @param string $range
[195] Fix | Delete
* @return string
[196] Fix | Delete
*/
[197] Fix | Delete
protected function _expand_ipv6_range($range) {
[198] Fix | Delete
$colon_count = substr_count($range, ':');
[199] Fix | Delete
$dbl_colon_count = substr_count($range, '::');
[200] Fix | Delete
if ($dbl_colon_count > 1) {
[201] Fix | Delete
return false;
[202] Fix | Delete
}
[203] Fix | Delete
$dbl_colon_pos = strpos($range, '::');
[204] Fix | Delete
if ($dbl_colon_pos !== false) {
[205] Fix | Delete
$range = str_replace('::', str_repeat(':0000', (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($range) - 2) ? 9 : 8) - $colon_count) . ':', $range);
[206] Fix | Delete
$range = trim($range, ':');
[207] Fix | Delete
}
[208] Fix | Delete
$colon_count = substr_count($range, ':');
[209] Fix | Delete
if ($colon_count != 7) {
[210] Fix | Delete
return false;
[211] Fix | Delete
}
[212] Fix | Delete
[213] Fix | Delete
$groups = explode(':', $range);
[214] Fix | Delete
$expanded = '';
[215] Fix | Delete
foreach ($groups as $group) {
[216] Fix | Delete
if (preg_match('/\[([a-f0-9]{1,4})\-([a-f0-9]{1,4})\]/i', $group, $matches)) {
[217] Fix | Delete
$expanded .= sprintf('[%s-%s]', str_pad(strtolower($matches[1]), 4, '0', STR_PAD_LEFT), str_pad(strtolower($matches[2]), 4, '0', STR_PAD_LEFT)) . ':';
[218] Fix | Delete
}
[219] Fix | Delete
else if (preg_match('/[a-f0-9]{1,4}/i', $group)) {
[220] Fix | Delete
$expanded .= str_pad(strtolower($group), 4, '0', STR_PAD_LEFT) . ':';
[221] Fix | Delete
}
[222] Fix | Delete
else {
[223] Fix | Delete
return false;
[224] Fix | Delete
}
[225] Fix | Delete
}
[226] Fix | Delete
return trim($expanded, ':');
[227] Fix | Delete
}
[228] Fix | Delete
[229] Fix | Delete
/**
[230] Fix | Delete
* @return bool
[231] Fix | Delete
*/
[232] Fix | Delete
public function is_valid_range($range) {
[233] Fix | Delete
return $this->_is_valid_cidr_range($range) || $this->_is_valid_bracketed_range($range) || $this->_is_valid_linear_range($range) || Model_IP::is_valid_ip($range);
[234] Fix | Delete
}
[235] Fix | Delete
[236] Fix | Delete
protected function _is_valid_cidr_range($range) { //e.g., 192.0.2.1/24
[237] Fix | Delete
if (preg_match('/[^0-9a-f:\/\.]/i', $range)) { return false; }
[238] Fix | Delete
$components = explode('/', $range);
[239] Fix | Delete
if (count($components) != 2) { return false; }
[240] Fix | Delete
[241] Fix | Delete
list($ip, $prefix) = $components;
[242] Fix | Delete
if (!Model_IP::is_valid_ip($ip)) { return false; }
[243] Fix | Delete
[244] Fix | Delete
if (!preg_match('/^\d+$/', $prefix)) { return false; }
[245] Fix | Delete
[246] Fix | Delete
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
[247] Fix | Delete
if ($prefix < 0 || $prefix > 32) { return false; }
[248] Fix | Delete
}
[249] Fix | Delete
else {
[250] Fix | Delete
if ($prefix < 1 || $prefix > 128) { return false; }
[251] Fix | Delete
}
[252] Fix | Delete
[253] Fix | Delete
return true;
[254] Fix | Delete
}
[255] Fix | Delete
[256] Fix | Delete
protected function _is_valid_bracketed_range($range) { //e.g., 192.0.2.[1-10]
[257] Fix | Delete
if (preg_match('/[^0-9a-f:\.\[\]\-]/i', $range)) { return false; }
[258] Fix | Delete
if (strpos($range, '.') !== false) { //IPv4
[259] Fix | Delete
if (preg_match_all('/(\d+)/', $range, $matches) > 0) {
[260] Fix | Delete
foreach ($matches[1] as $match) {
[261] Fix | Delete
$group = (int) $match;
[262] Fix | Delete
if ($group > 255 || $group < 0) {
[263] Fix | Delete
return false;
[264] Fix | Delete
}
[265] Fix | Delete
}
[266] Fix | Delete
}
[267] Fix | Delete
[268] Fix | Delete
$group_regex = '([0-9]{1,3}|\[[0-9]{1,3}\-[0-9]{1,3}\])';
[269] Fix | Delete
return preg_match('/^' . str_repeat("{$group_regex}\\.", 3) . $group_regex . '$/i', $range) > 0;
[270] Fix | Delete
}
[271] Fix | Delete
[272] Fix | Delete
//IPv6
[273] Fix | Delete
if (strpos($range, '::') !== false) {
[274] Fix | Delete
$range = $this->_expand_ipv6_range($range);
[275] Fix | Delete
}
[276] Fix | Delete
[277] Fix | Delete
if (!$range) {
[278] Fix | Delete
return false;
[279] Fix | Delete
}
[280] Fix | Delete
$group_regex = '([a-f0-9]{1,4}|\[[a-f0-9]{1,4}\-[a-f0-9]{1,4}\])';
[281] Fix | Delete
return preg_match('/^' . str_repeat($group_regex . ':', 7) . $group_regex . '$/i', $range) > 0;
[282] Fix | Delete
}
[283] Fix | Delete
[284] Fix | Delete
protected function _is_valid_linear_range($range) { //e.g., 192.0.2.1-192.0.2.100
[285] Fix | Delete
if (preg_match('/[^0-9a-f:\.\-]/i', $range)) { return false; }
[286] Fix | Delete
list($ip1, $ip2) = explode("-", $range);
[287] Fix | Delete
$ip1N = Model_IP::inet_pton($ip1);
[288] Fix | Delete
$ip2N = Model_IP::inet_pton($ip2);
[289] Fix | Delete
[290] Fix | Delete
if ($ip1N === false || !Model_IP::is_valid_ip($ip1) || $ip2N === false || !Model_IP::is_valid_ip($ip2)) {
[291] Fix | Delete
return false;
[292] Fix | Delete
}
[293] Fix | Delete
[294] Fix | Delete
return strcmp($ip1N, $ip2N) <= 0;
[295] Fix | Delete
}
[296] Fix | Delete
[297] Fix | Delete
protected function _is_mixed_range($range) { //e.g., 192.0.2.1-2001:db8::ffff
[298] Fix | Delete
if (preg_match('/[^0-9a-f:\.\-]/i', $range)) { return false; }
[299] Fix | Delete
list($ip1, $ip2) = explode("-", $range);
[300] Fix | Delete
[301] Fix | Delete
$ipv4Count = 0;
[302] Fix | Delete
$ipv4Count += filter_var($ip1, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false ? 1 : 0;
[303] Fix | Delete
$ipv4Count += filter_var($ip2, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false ? 1 : 0;
[304] Fix | Delete
[305] Fix | Delete
$ipv6Count = 0;
[306] Fix | Delete
$ipv6Count += filter_var($ip1, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false ? 1 : 0;
[307] Fix | Delete
$ipv6Count += filter_var($ip2, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false ? 1 : 0;
[308] Fix | Delete
[309] Fix | Delete
if ($ipv4Count != 2 && $ipv6Count != 2) {
[310] Fix | Delete
return true;
[311] Fix | Delete
}
[312] Fix | Delete
[313] Fix | Delete
return false;
[314] Fix | Delete
}
[315] Fix | Delete
}
[316] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function