Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WordfenceLS;

[2] Fix | Delete

[3] Fix | Delete

abstract class Model_Crypto {

[4] Fix | Delete

/**

[5] Fix | Delete

* Refreshes the secrets used by the plugin.

[6] Fix | Delete

[7] Fix | Delete

public static function refresh_secrets() {

[8] Fix | Delete

Controller_Settings::shared()->set(Controller_Settings::OPTION_SHARED_HASH_SECRET_KEY, bin2hex(self::random_bytes(32)));

[9] Fix | Delete

Controller_Settings::shared()->set(Controller_Settings::OPTION_SHARED_SYMMETRIC_SECRET_KEY, bin2hex(self::random_bytes(32)));

[10] Fix | Delete

Controller_Settings::shared()->set(Controller_Settings::OPTION_LAST_SECRET_REFRESH, Controller_Time::time(), true);

[11] Fix | Delete

}

[12] Fix | Delete

[13] Fix | Delete

/**

[14] Fix | Delete

* Returns the secret for hashing.

[15] Fix | Delete

[16] Fix | Delete

* @return string

[17] Fix | Delete

[18] Fix | Delete

public static function shared_hash_secret() {

[19] Fix | Delete

return Controller_Settings::shared()->get(Controller_Settings::OPTION_SHARED_HASH_SECRET_KEY);

[20] Fix | Delete

}

[21] Fix | Delete

[22] Fix | Delete

/**

[23] Fix | Delete

* Returns the secret for symmetric encryption.

[24] Fix | Delete

[25] Fix | Delete

* @return string

[26] Fix | Delete

[27] Fix | Delete

public static function shared_symmetric_secret() {

[28] Fix | Delete

return Controller_Settings::shared()->get(Controller_Settings::OPTION_SHARED_SYMMETRIC_SECRET_KEY);

[29] Fix | Delete

}

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* Returns whether or not the installation has the required crypto support for this to work.

[33] Fix | Delete

[34] Fix | Delete

* @return bool

[35] Fix | Delete

[36] Fix | Delete

public static function has_required_crypto_functions() {

[37] Fix | Delete

if (function_exists('openssl_get_publickey') && function_exists('openssl_get_cipher_methods')) {

[38] Fix | Delete

$ciphers = openssl_get_cipher_methods();

[39] Fix | Delete

return array_search('aes-256-cbc', $ciphers) !== false;

[40] Fix | Delete

}

[41] Fix | Delete

return false;

[42] Fix | Delete

}

[43] Fix | Delete

[44] Fix | Delete

/**

[45] Fix | Delete

* Utility

[46] Fix | Delete

[47] Fix | Delete

[48] Fix | Delete

public static function random_bytes($bytes) {

[49] Fix | Delete

$bytes = (int) $bytes;

[50] Fix | Delete

if (function_exists('random_bytes')) {

[51] Fix | Delete

try {

[52] Fix | Delete

$rand = random_bytes($bytes);

[53] Fix | Delete

if (is_string($rand) && self::strlen($rand) === $bytes) {

[54] Fix | Delete

return $rand;

[55] Fix | Delete

}

[56] Fix | Delete

} catch (\Exception $e) {

[57] Fix | Delete

// Fall through

[58] Fix | Delete

} catch (\TypeError $e) {

[59] Fix | Delete

// Fall through

[60] Fix | Delete

} catch (\Error $e) {

[61] Fix | Delete

// Fall through

[62] Fix | Delete

}

[63] Fix | Delete

}

[64] Fix | Delete

if (function_exists('mcrypt_create_iv')) {

[65] Fix | Delete

// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_create_ivDeprecatedRemoved,PHPCompatibility.Extensions.RemovedExtensions.mcryptDeprecatedRemoved,PHPCompatibility.Constants.RemovedConstants.mcrypt_dev_urandomDeprecatedRemoved

[66] Fix | Delete

$rand = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);

[67] Fix | Delete

if (is_string($rand) && self::strlen($rand) === $bytes) {

[68] Fix | Delete

return $rand;

[69] Fix | Delete

}

[70] Fix | Delete

}

[71] Fix | Delete

if (function_exists('openssl_random_pseudo_bytes')) {

[72] Fix | Delete

$rand = @openssl_random_pseudo_bytes($bytes, $strong);

[73] Fix | Delete

if (is_string($rand) && self::strlen($rand) === $bytes) {

[74] Fix | Delete

return $rand;

[75] Fix | Delete

}

[76] Fix | Delete

}

[77] Fix | Delete

// Last resort is insecure

[78] Fix | Delete

$return = '';

[79] Fix | Delete

for ($i = 0; $i < $bytes; $i++) {

[80] Fix | Delete

$return .= chr(mt_rand(0, 255));

[81] Fix | Delete

}

[82] Fix | Delete

return $return;

[83] Fix | Delete

}

[84] Fix | Delete

[85] Fix | Delete

/**

[86] Fix | Delete

* Polyfill for random_int.

[87] Fix | Delete

[88] Fix | Delete

* @param int $min

[89] Fix | Delete

* @param int $max

[90] Fix | Delete

* @return int

[91] Fix | Delete

[92] Fix | Delete

public static function random_int($min = 0, $max = 0x7FFFFFFF) {

[93] Fix | Delete

if (function_exists('random_int')) {

[94] Fix | Delete

try {

[95] Fix | Delete

return random_int($min, $max);

[96] Fix | Delete

} catch (\Exception $e) {

[97] Fix | Delete

// Fall through

[98] Fix | Delete

} catch (\TypeError $e) {

[99] Fix | Delete

// Fall through

[100] Fix | Delete

} catch (\Error $e) {

[101] Fix | Delete

// Fall through

[102] Fix | Delete

}

[103] Fix | Delete

}

[104] Fix | Delete

$diff = $max - $min;

[105] Fix | Delete

$bytes = self::random_bytes(4);

[106] Fix | Delete

if ($bytes === false || self::strlen($bytes) != 4) {

[107] Fix | Delete

throw new \RuntimeException("Unable to get 4 bytes");

[108] Fix | Delete

}

[109] Fix | Delete

$val = @unpack("Nint", $bytes);

[110] Fix | Delete

$val = $val['int'] & 0x7FFFFFFF;

[111] Fix | Delete

$fp = (float) $val / 2147483647.0; // convert to [0,1]

[112] Fix | Delete

return (int) (round($fp * $diff) + $min);

[113] Fix | Delete

}

[114] Fix | Delete

[115] Fix | Delete

public static function uuid() {

[116] Fix | Delete

return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',

[117] Fix | Delete

// 32 bits for "time_low"

[118] Fix | Delete

self::random_int(0, 0xffff), self::random_int(0, 0xffff),

[119] Fix | Delete

[120] Fix | Delete

// 16 bits for "time_mid"

[121] Fix | Delete

self::random_int(0, 0xffff),

[122] Fix | Delete

[123] Fix | Delete

// 16 bits for "time_hi_and_version",

[124] Fix | Delete

// four most significant bits holds version number 4

[125] Fix | Delete

self::random_int(0, 0x0fff) | 0x4000,

[126] Fix | Delete

[127] Fix | Delete

// 16 bits, 8 bits for "clk_seq_hi_res",

[128] Fix | Delete

// 8 bits for "clk_seq_low",

[129] Fix | Delete

// two most significant bits holds zero and one for variant DCE1.1

[130] Fix | Delete

self::random_int(0, 0x3fff) | 0x8000,

[131] Fix | Delete

[132] Fix | Delete

// 48 bits for "node"

[133] Fix | Delete

self::random_int(0, 0xffff), self::random_int(0, 0xffff), self::random_int(0, 0xffff)

[134] Fix | Delete

);

[135] Fix | Delete

}

[136] Fix | Delete

[137] Fix | Delete

/**

[138] Fix | Delete

* Set the mbstring internal encoding to a binary safe encoding when func_overload

[139] Fix | Delete

* is enabled.

[140] Fix | Delete

[141] Fix | Delete

* When mbstring.func_overload is in use for multi-byte encodings, the results from

[142] Fix | Delete

* strlen() and similar functions respect the utf8 characters, causing binary data

[143] Fix | Delete

* to return incorrect lengths.

[144] Fix | Delete

[145] Fix | Delete

* This function overrides the mbstring encoding to a binary-safe encoding, and

[146] Fix | Delete

* resets it to the users expected encoding afterwards through the

[147] Fix | Delete

* `reset_mbstring_encoding` function.

[148] Fix | Delete

[149] Fix | Delete

* It is safe to recursively call this function, however each

[150] Fix | Delete

* `_mbstring_binary_safe_encoding()` call must be followed up with an equal number

[151] Fix | Delete

* of `_reset_mbstring_encoding()` calls.

[152] Fix | Delete

[153] Fix | Delete

* @see Model_Crypto::_reset_mbstring_encoding

[154] Fix | Delete

[155] Fix | Delete

* @staticvar array $encodings

[156] Fix | Delete

* @staticvar bool $overloaded

[157] Fix | Delete

[158] Fix | Delete

* @param bool $reset Optional. Whether to reset the encoding back to a previously-set encoding.

[159] Fix | Delete

* Default false.

[160] Fix | Delete

[161] Fix | Delete

protected static function _mbstring_binary_safe_encoding($reset = false) {

[162] Fix | Delete

static $encodings = array();

[163] Fix | Delete

static $overloaded = null;

[164] Fix | Delete

[165] Fix | Delete

if (is_null($overloaded)) {

[166] Fix | Delete

// phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated

[167] Fix | Delete

$overloaded = function_exists('mb_internal_encoding') && (ini_get('mbstring.func_overload') & 2);

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

if (false === $overloaded) { return; }

[171] Fix | Delete

[172] Fix | Delete

if (!$reset) {

[173] Fix | Delete

$encoding = mb_internal_encoding();

[174] Fix | Delete

array_push($encodings, $encoding);

[175] Fix | Delete

mb_internal_encoding('ISO-8859-1');

[176] Fix | Delete

}

[177] Fix | Delete

[178] Fix | Delete

if ($reset && $encodings) {

[179] Fix | Delete

$encoding = array_pop($encodings);

[180] Fix | Delete

mb_internal_encoding($encoding);

[181] Fix | Delete

}

[182] Fix | Delete

}

[183] Fix | Delete

[184] Fix | Delete

/**

[185] Fix | Delete

* Reset the mbstring internal encoding to a users previously set encoding.

[186] Fix | Delete

[187] Fix | Delete

* @see Model_Crypto::_mbstring_binary_safe_encoding

[188] Fix | Delete

[189] Fix | Delete

protected static function _reset_mbstring_encoding() {

[190] Fix | Delete

self::_mbstring_binary_safe_encoding(true);

[191] Fix | Delete

}

[192] Fix | Delete

[193] Fix | Delete

/**

[194] Fix | Delete

* @param callable $function

[195] Fix | Delete

* @param array $args

[196] Fix | Delete

* @return mixed

[197] Fix | Delete

[198] Fix | Delete

protected static function _call_mb_string_function($function, $args) {

[199] Fix | Delete

self::_mbstring_binary_safe_encoding();

[200] Fix | Delete

$return = call_user_func_array($function, $args);

[201] Fix | Delete

self::_reset_mbstring_encoding();

[202] Fix | Delete

return $return;

[203] Fix | Delete

}

[204] Fix | Delete

[205] Fix | Delete

/**

[206] Fix | Delete

* Multibyte safe strlen.

[207] Fix | Delete

[208] Fix | Delete

* @param $binary

[209] Fix | Delete

* @return int

[210] Fix | Delete

[211] Fix | Delete

public static function strlen($binary) {

[212] Fix | Delete

$args = func_get_args();

[213] Fix | Delete

return self::_call_mb_string_function('strlen', $args);

[214] Fix | Delete

}

[215] Fix | Delete

[216] Fix | Delete

/**

[217] Fix | Delete

* @param $haystack

[218] Fix | Delete

* @param $needle

[219] Fix | Delete

* @param int $offset

[220] Fix | Delete

* @return int

[221] Fix | Delete

[222] Fix | Delete

public static function stripos($haystack, $needle, $offset = 0) {

[223] Fix | Delete

$args = func_get_args();

[224] Fix | Delete

return self::_call_mb_string_function('stripos', $args);

[225] Fix | Delete

}

[226] Fix | Delete

[227] Fix | Delete

/**

[228] Fix | Delete

* @param $string

[229] Fix | Delete

* @return mixed

[230] Fix | Delete

[231] Fix | Delete

public static function strtolower($string) {

[232] Fix | Delete

$args = func_get_args();

[233] Fix | Delete

return self::_call_mb_string_function('strtolower', $args);

[234] Fix | Delete

}

[235] Fix | Delete

[236] Fix | Delete

/**

[237] Fix | Delete

* @param $string

[238] Fix | Delete

* @param $start

[239] Fix | Delete

* @param $length

[240] Fix | Delete

* @return mixed

[241] Fix | Delete

[242] Fix | Delete

public static function substr($string, $start, $length = null) {

[243] Fix | Delete

if ($length === null) { $length = self::strlen($string); }

[244] Fix | Delete

return self::_call_mb_string_function('substr', array(

[245] Fix | Delete

$string, $start, $length

[246] Fix | Delete

));

[247] Fix | Delete

}

[248] Fix | Delete

[249] Fix | Delete

/**

[250] Fix | Delete

* @param $haystack

[251] Fix | Delete

* @param $needle

[252] Fix | Delete

* @param int $offset

[253] Fix | Delete

* @return mixed

[254] Fix | Delete

[255] Fix | Delete

public static function strpos($haystack, $needle, $offset = 0) {

[256] Fix | Delete

$args = func_get_args();

[257] Fix | Delete

return self::_call_mb_string_function('strpos', $args);

[258] Fix | Delete

}

[259] Fix | Delete

[260] Fix | Delete

/**

[261] Fix | Delete

* @param string $haystack

[262] Fix | Delete

* @param string $needle

[263] Fix | Delete

* @param int $offset

[264] Fix | Delete

* @param int $length

[265] Fix | Delete

* @return mixed

[266] Fix | Delete

[267] Fix | Delete

public static function substr_count($haystack, $needle, $offset = 0, $length = null) {

[268] Fix | Delete

if ($length === null) { $length = self::strlen($haystack); }

[269] Fix | Delete

return self::_call_mb_string_function('substr_count', array(

[270] Fix | Delete

$haystack, $needle, $offset, $length

[271] Fix | Delete

));

[272] Fix | Delete

}

[273] Fix | Delete

[274] Fix | Delete

/**

[275] Fix | Delete

* @param $string

[276] Fix | Delete

* @return mixed

[277] Fix | Delete

[278] Fix | Delete

public static function strtoupper($string) {

[279] Fix | Delete

$args = func_get_args();

[280] Fix | Delete

return self::_call_mb_string_function('strtoupper', $args);

[281] Fix | Delete

}

[282] Fix | Delete

[283] Fix | Delete

/**

[284] Fix | Delete

* @param string $haystack

[285] Fix | Delete

* @param string $needle

[286] Fix | Delete

* @param int $offset

[287] Fix | Delete

* @return mixed

[288] Fix | Delete

[289] Fix | Delete

public static function strrpos($haystack, $needle, $offset = 0) {

[290] Fix | Delete

$args = func_get_args();

[291] Fix | Delete

return self::_call_mb_string_function('strrpos', $args);

[292] Fix | Delete

}

[293] Fix | Delete

}

[294] Fix | Delete