Ejemplo n.º 1
0
 /**
  * Displays the ruleset(s) pages.
  */
 public function display_wemahu_rulesets()
 {
     global $wpdb;
     $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'list';
     switch ($action) {
         case 'list':
             include_once 'views/rulesets.php';
             break;
         case 'edit':
             $rulsetId = (int) $_REQUEST['id'];
             $ModelRuleset = new ModelRuleset($wpdb);
             $rulesetData = $ModelRuleset->getRulesetData($rulsetId);
             include_once 'views/ruleset.php';
             break;
         case 'save':
             $rulsetId = (int) $_POST['id'];
             check_admin_referer('save_ruleset_' . $rulsetId);
             $ModelRuleset = new ModelRuleset($wpdb);
             $saveResult = $ModelRuleset->saveRuleset($_POST['ruleset'], $rulsetId);
             if ($saveResult === false) {
                 $message = array('type' => 'error', 'text' => 'Rule could not be saved to database.');
             } else {
                 $message = array('type' => 'updated', 'text' => 'Rule successfully saved.');
                 $rulsetId = $saveResult;
             }
             $rulesetData = $ModelRuleset->getRulesetData($rulsetId);
             include_once 'views/ruleset.php';
             break;
         case 'add':
             $rulesetData = array('id' => 0, 'name' => '', 'filecheck' => 1, 'scandir' => '', 'regex_check' => 1, 'hash_check' => 1, 'filetypes' => 'php,jpg,png,gif,js,html,htm,xml,htaccess', 'filesize_max' => '500000');
             include_once 'views/ruleset.php';
             break;
         case 'delete':
             $deleteResult = false;
             if (!empty($_GET['id'])) {
                 $rulsetId = (int) $_GET['id'];
                 check_admin_referer('delete_' . $rulsetId);
                 $ModelRuleset = new ModelRuleset($wpdb);
                 $deleteResult = $ModelRuleset->deleteRuleset($rulsetId);
             }
             if (!empty($_GET['ruleset'])) {
                 check_admin_referer('bulk-rulesets');
                 $rulesetIds = $_GET['ruleset'];
                 $ModelRuleset = new ModelRuleset($wpdb);
                 foreach ($rulesetIds as $rulsetId) {
                     $deleteResult = $ModelRuleset->deleteRuleset($rulsetId);
                     if ($deleteResult === false) {
                         break;
                     }
                 }
                 $deleteResult = true;
             }
             if ($deleteResult === false) {
                 $message = array('type' => 'error', 'text' => 'Rule(s) could not be deleted database.');
             } else {
                 $message = array('type' => 'updated', 'text' => 'Rule(s) successfully deleted.');
             }
             include_once 'views/rulesets.php';
             break;
     }
 }
Ejemplo n.º 2
0
 /**
  * Inits wemahu scanner by passing necessary objects like settings and database.
  *
  */
 public function initWemahu()
 {
     $rulesetId = (int) $_POST['ruleset'];
     if (empty($rulesetId)) {
         $this->returnError('No ruleset selected.');
     }
     $ModelRuleset = new ModelRuleset($this->wpdb);
     $rulesetData = $ModelRuleset->getRulesetData($rulesetId);
     if (empty($rulesetData)) {
         $this->returnError('Invalid ruleset.');
     }
     // prepare Wemahu settings:
     $WemahuSettings = new Wemahu\Settings();
     $WemahuSettings->intervalMode = true;
     $WemahuSettings->useApi = (int) $this->options['use_api'] === 1 ? true : false;
     $WemahuSettings->audits['filecheck'] = (int) $rulesetData['filecheck'] === 1 ? true : false;
     $WemahuSettings->auditSettings['filecheck']['regexCheck'] = (int) $rulesetData['regex_check'] === 1 ? true : false;
     $WemahuSettings->auditSettings['filecheck']['hashCheck'] = (int) $rulesetData['hash_check'] === 1 ? true : false;
     $WemahuSettings->auditSettings['filecheck']['scanDir'] = ABSPATH;
     $WemahuSettings->auditSettings['filecheck']['tmpDir'] = WP_PLUGIN_DIR . '/wemahu/tmp';
     $WemahuSettings->auditSettings['filecheck']['pathRegexWhitelistUser'] = WP_PLUGIN_DIR . '/wemahu/tmp/wemahu_regex_whitelist.wmdb';
     if (!empty($rulesetData['scandir'])) {
         $WemahuSettings->auditSettings['filecheck']['scanDir'] = $rulesetData['scandir'];
     }
     $WemahuSettings->auditSettings['filecheck']['scanDir'] = rtrim($WemahuSettings->auditSettings['filecheck']['scanDir'], '/');
     if (!empty($rulesetData['regex_db'])) {
         $WemahuSettings->auditSettings['filecheck']['pathRegexDb'] = WP_PLUGIN_DIR . '/wemahu/admin/libs/wemahu/db/' . $rulesetData['regex_db'] . '.wmdb';
     }
     if (!empty($rulesetData['filetypes'])) {
         $WemahuSettings->auditSettings['filecheck']['extensionFilter'] = $rulesetData['filetypes'];
     }
     if (!empty($rulesetData['filesize_max'])) {
         $WemahuSettings->auditSettings['filecheck']['sizeFilter'] = $rulesetData['filesize_max'];
     }
     if (!empty($rulesetData['max_results_file'])) {
         $WemahuSettings->auditSettings['filecheck']['maxResultsFile'] = $rulesetData['max_results_file'];
     }
     if (!empty($rulesetData['max_results_total'])) {
         $WemahuSettings->auditSettings['filecheck']['maxResultsTotal'] = $rulesetData['max_results_total'];
     }
     if ($WemahuSettings->auditSettings['filecheck']['hashCheck'] === true && !empty($rulesetData['hash_check_blacklist'])) {
         $WemahuSettings->auditSettings['filecheck']['hashCheckBlacklist'] = explode("\n", str_replace("\r", "", $rulesetData['hash_check_blacklist']));
     }
     // Init Wemahu:
     $Wemahu = new Wemahu\Wemahu();
     $Wemahu->setSettings($WemahuSettings);
     $WemahuStorage = new Wemahu\Storage();
     $Wemahu->setStorage($WemahuStorage);
     $WemahuDatabase = new Wemahu\WordpressDatabase($this->wpdb);
     $Wemahu->setDatabase($WemahuDatabase);
     $initResult = $Wemahu->init();
     // Send Response:
     if ($initResult === false) {
         $this->JsonResponse->setError('Wemahu initialization failed.');
     }
     $auditMessages = $Wemahu->getAuditMessages();
     $auditMessagesHtml = implode('<br />', $auditMessages) . '<br />';
     $this->JsonResponse->setType('init_success');
     $this->JsonResponse->setData('init_msg', $auditMessagesHtml);
     echo $this->JsonResponse->getResponseData();
     exit;
 }