public function __construct()
{
$this->startTime = time();
$this->maxExecTime = self::getMaxExecutionTime();
$this->i = new wfIssues();
$this->cycleStartTime = time();
$this->wp_version = wfUtils::getWPVersion();
$this->apiKey = wfConfig::get('apiKey');
$this->api = new wfAPI($this->apiKey, $this->wp_version);
include 'wfDict.php';
//$dictWords
$this->dictWords = $dictWords;
$this->jobList[] = 'publicSite';
$this->jobList[] = 'checkSpamvertized';
$this->jobList[] = 'checkSpamIP';
$this->jobList[] = 'heartbleed';
$this->jobList[] = 'knownFiles_init';
$this->jobList[] = 'knownFiles_main';
$this->jobList[] = 'knownFiles_finish';
foreach (array('knownFiles', 'fileContents', 'database', 'posts', 'comments', 'passwds', 'dns', 'diskSpace', 'oldVersions') as $scanType) {
if (wfConfig::get('scansEnabled_' . $scanType)) {
if (method_exists($this, 'scan_' . $scanType . '_init')) {
foreach (array('init', 'main', 'finish') as $op) {
$this->jobList[] = $scanType . '_' . $op;
}
} else {
if (method_exists($this, 'scan_' . $scanType)) {
$this->jobList[] = $scanType;
}
}
}
}
}
public static function verifyCrawlerPTR($hostPattern, $IP)
{
global $wpdb;
$table = $wpdb->base_prefix . 'wfCrawlers';
$db = new wfDB();
$IPn = wfUtils::inet_aton($IP);
$status = $db->querySingle("select status from {$table} where IP=%s and patternSig=UNHEX(MD5('%s')) and lastUpdate > unix_timestamp() - %d", $IPn, $hostPattern, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME);
if ($status) {
if ($status == 'verified') {
return true;
} else {
return false;
}
}
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$host = wfUtils::reverseLookup($IP);
if (!$host) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', '');
return false;
}
if (preg_match($hostPattern, $host)) {
$resultIPs = gethostbynamel($host);
$addrsMatch = false;
foreach ($resultIPs as $resultIP) {
if ($resultIP == $IP) {
$addrsMatch = true;
break;
}
}
if ($addrsMatch) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'verified', $host, 'verified', $host);
return true;
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'fwdFail', $host, 'fwdFail', $host);
return false;
}
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'badPTR', $host, 'badPTR', $host);
return false;
}
}
public function downgrade_license()
{
$api = new wfAPI('', wfUtils::getWPVersion());
$return = array();
try {
$keyData = $api->call('get_anon_api_key');
if ($keyData['ok'] && $keyData['apiKey']) {
wfConfig::set('apiKey', $keyData['apiKey']);
wfConfig::set('isPaid', 0);
$return['apiKey'] = $keyData['apiKey'];
$return['isPaid'] = 0;
//When downgrading we must disable all two factor authentication because it can lock an admin out if we don't.
wfConfig::set_ser('twoFactorUsers', array());
} else {
throw new Exception('Could not understand the response we received from the Wordfence servers when applying for a free API key.');
}
} catch (Exception $e) {
$return['errorMsg'] = 'Could not fetch free API key from Wordfence: ' . htmlentities($e->getMessage());
return $return;
}
$return['ok'] = 1;
return $return;
}
public static function getIPsGeo($IPs)
{
//works with int or dotted. Outputs same format it receives.
$IPs = array_unique($IPs);
$toResolve = array();
$db = new wfDB();
global $wpdb;
$locsTable = $wpdb->base_prefix . 'wfLocs';
$IPLocs = array();
foreach ($IPs as $IP) {
$isBinaryIP = !self::isValidIP($IP);
if ($isBinaryIP) {
$ip_printable = wfUtils::inet_ntop($IP);
$ip_bin = $IP;
} else {
$ip_printable = $IP;
$ip_bin = wfUtils::inet_pton($IP);
}
$row = $db->querySingleRec("select IP, ctime, failed, city, region, countryName, countryCode, lat, lon, unix_timestamp() - ctime as age from " . $locsTable . " where IP=%s", $ip_bin);
if ($row) {
if ($row['age'] > WORDFENCE_MAX_IPLOC_AGE) {
$db->queryWrite("delete from " . $locsTable . " where IP=%s", $row['IP']);
} else {
if ($row['failed'] == 1) {
$IPLocs[$ip_printable] = false;
} else {
$row['IP'] = self::inet_ntop($row['IP']);
$IPLocs[$ip_printable] = $row;
}
}
}
if (!isset($IPLocs[$ip_printable])) {
$toResolve[] = $ip_printable;
}
}
if (sizeof($toResolve) > 0) {
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
try {
$freshIPs = $api->call('resolve_ips', array(), array('ips' => implode(',', $toResolve)));
if (is_array($freshIPs)) {
foreach ($freshIPs as $IP => $value) {
$IP_bin = wfUtils::inet_pton($IP);
if ($value == 'failed') {
$db->queryWrite("insert IGNORE into " . $locsTable . " (IP, ctime, failed) values (%s, unix_timestamp(), 1)", $IP_bin);
$IPLocs[$IP] = false;
} else {
if (is_array($value)) {
for ($i = 0; $i <= 5; $i++) {
//Prevent warnings in debug mode about uninitialized values
if (!isset($value[$i])) {
$value[$i] = '';
}
}
$db->queryWrite("insert IGNORE into " . $locsTable . " (IP, ctime, failed, city, region, countryName, countryCode, lat, lon) values (%s, unix_timestamp(), 0, '%s', '%s', '%s', '%s', %s, %s)", $IP_bin, $value[3], $value[2], $value[1], $value[0], $value[4], $value[5]);
$IPLocs[$IP] = array('IP' => $IP, 'city' => $value[3], 'region' => $value[2], 'countryName' => $value[1], 'countryCode' => $value[0], 'lat' => $value[4], 'lon' => $value[5]);
}
}
}
}
} catch (Exception $e) {
wordfence::status(2, 'error', "Call to Wordfence API to resolve IPs failed: " . $e->getMessage());
return array();
}
}
return $IPLocs;
}
/**
* Permanently blocks all temporarily locked out IPs.
*/
public static function ajax_permanentlyBlockAllIPs_callback()
{
/** @var wpdb $wpdb */
global $wpdb;
$IPs = array();
$type = !empty($_REQUEST['type']) ? $_REQUEST['type'] : null;
$reason = !empty($_REQUEST['reason']) ? $_REQUEST['reason'] : 'Manual block by administrator';
switch ($type) {
case 'throttled':
$IPs = $wpdb->get_col('SELECT DISTINCT IP FROM ' . $wpdb->base_prefix . 'wfThrottleLog');
break;
case 'lockedOut':
$lockoutSecs = wfConfig::get('loginSec_lockoutMins') * 60;
$IPs = $wpdb->get_col($wpdb->prepare('SELECT DISTINCT IP FROM ' . $wpdb->base_prefix . 'wfLockedOut
WHERE blockedTime + %d > UNIX_TIMESTAMP()', $lockoutSecs));
break;
case 'blocked':
$blockedTime = wfConfig::get('blockedTime');
$IPs = $wpdb->get_col($wpdb->prepare('SELECT DISTINCT IP FROM ' . $wpdb->base_prefix . 'wfBlocks
WHERE wfsn = 0
AND permanent = 0
AND blockedTime + %d > UNIX_TIMESTAMP()', $blockedTime));
break;
}
$log = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
if ($IPs && is_array($IPs)) {
foreach ($IPs as $IP) {
$log->blockIP(wfUtils::inet_ntop($IP), $reason, false, true);
}
}
switch ($type) {
case 'lockedOut':
if ($IPs) {
foreach ($IPs as &$IP) {
$IP = $wpdb->prepare('%s', $IP);
}
$wpdb->query('DELETE FROM ' . $wpdb->base_prefix . 'wfLockedOut WHERE IP IN (' . join(', ', $IPs) . ')');
}
break;
}
return array('ok' => 1);
}
public function __construct()
{
$this->api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
}
/**
* @param $action
* @return bool|string|void
*/
public static function updateBlockedIPs($action)
{
//'add' or 'remove'
if (wfConfig::get('cacheType') != 'falcon') {
return;
}
$htaccessPath = self::getHtaccessPath();
if (!$htaccessPath) {
return "Wordfence could not find your .htaccess file.";
}
if ($action == 'remove') {
$fh = @fopen($htaccessPath, 'r+');
if (!$fh) {
$err = error_get_last();
return $err['message'];
}
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET);
//start of file
clearstatcache();
$contents = @fread($fh, filesize($htaccessPath));
if (!$contents) {
fclose($fh);
return "Could not read from {$htaccessPath}";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\\s\\n\\t]*/s', '', $contents);
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
@fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
} else {
if ($action == 'add') {
$fh = @fopen($htaccessPath, 'r+');
if (!$fh) {
$err = error_get_last();
return $err['message'];
}
$lines = array();
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$IPs = $wfLog->getBlockedIPsAddrOnly();
if (sizeof($IPs) > 0) {
foreach ($IPs as $IP) {
$lines[] = "Deny from {$IP}\n";
}
}
$ranges = $wfLog->getRangesBasic();
$browserAdded = false;
$browserLines = array();
if ($ranges) {
foreach ($ranges as $r) {
$arr = explode('|', $r);
$range = isset($arr[0]) ? $arr[0] : false;
$browser = isset($arr[1]) ? $arr[1] : false;
$referer = isset($arr[2]) ? $arr[2] : false;
if ($range) {
if ($browser || $referer) {
continue;
}
//We don't allow combos in falcon
list($start_range, $end_range) = explode('-', $range);
if (preg_match('/[\\.:]/', $start_range)) {
$start_range = wfUtils::inet_pton($start_range);
$end_range = wfUtils::inet_pton($end_range);
} else {
$start_range = wfUtils::inet_pton(long2ip($start_range));
$end_range = wfUtils::inet_pton(long2ip($end_range));
}
$cidrs = wfUtils::rangeToCIDRs($start_range, $end_range);
$hIPs = wfUtils::inet_ntop($start_range) . ' - ' . wfUtils::inet_ntop($end_range);
if (sizeof($cidrs) > 0) {
$lines[] = '#Start of blocking code for IP range: ' . $hIPs . "\n";
foreach ($cidrs as $c) {
$lines[] = "Deny from {$c}\n";
}
$lines[] = '#End of blocking code for IP range: ' . $hIPs . "\n";
}
} else {
if ($browser) {
if ($range || $referer) {
continue;
}
$browserLines[] = "\t#Blocking code for browser pattern: {$browser}\n";
$browser = preg_replace('/([\\-\\_\\.\\+\\!\\@\\#\\$\\%\\^\\&\\(\\)\\[\\]\\{\\}\\/])/', "\\\\\$1", $browser);
$browser = preg_replace('/\\*/', '.*', $browser);
$browserLines[] = "\tSetEnvIf User-Agent " . $browser . " WordfenceBadBrowser=1\n";
$browserAdded = true;
} else {
if ($referer) {
if ($browser || $range) {
continue;
}
$browserLines[] = "\t#Blocking code for referer pattern: {$referer}\n";
$referer = preg_replace('/([\\-\\_\\.\\+\\!\\@\\#\\$\\%\\^\\&\\(\\)\\[\\]\\{\\}\\/])/', "\\\\\$1", $referer);
$referer = preg_replace('/\\*/', '.*', $referer);
$browserLines[] = "\tSetEnvIf Referer " . $referer . " WordfenceBadBrowser=1\n";
$browserAdded = true;
}
}
}
}
}
if ($browserAdded) {
$lines[] = "<IfModule mod_setenvif.c>\n";
foreach ($browserLines as $l) {
$lines[] = $l;
}
$lines[] = "\tDeny from env=WordfenceBadBrowser\n";
$lines[] = "</IfModule>\n";
}
}
}
$blockCode = "#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data.\nOrder Deny,Allow\n";
$blockCode .= implode('', $lines);
$blockCode .= "#Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS\n";
//Minimize time between lock/unlock
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET);
//start of file
clearstatcache();
//Or we get the wrong size from a cached entry and corrupt the file
$contents = @fread($fh, filesize($htaccessPath));
if (!$contents) {
fclose($fh);
return "Could not read from {$htaccessPath}";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\\s\\n\\t]*/s', '', $contents);
$contents = $blockCode . $contents;
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
@fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
}
public static function getLog()
{
if (!self::$wfLog) {
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
self::$wfLog = $wfLog;
}
return self::$wfLog;
}
/**
* @param string $type
* @param array $results
* @throws Exception
*/
public function processGetHitsResults($type, &$results)
{
$serverTime = $this->getDB()->querySingle("select unix_timestamp()");
$this->resolveIPs($results);
$ourURL = parse_url(site_url());
$ourHost = strtolower($ourURL['host']);
$ourHost = preg_replace('/^www\\./i', '', $ourHost);
$browscap = new wfBrowscap();
$advanced_blocking_results = $this->getDB()->querySelect('SELECT * FROM ' . $this->ipRangesTable);
$advanced_blocking = array();
foreach ($advanced_blocking_results as $advanced_blocking_row) {
list($blocked_range) = explode('|', $advanced_blocking_row['blockString']);
$blocked_range = explode('-', $blocked_range);
if (count($blocked_range) == 2) {
// Still using v5 32 bit int style format.
if (!preg_match('/[\\.:]/', $blocked_range[0])) {
$blocked_range[0] = long2ip($blocked_range[0]);
$blocked_range[1] = long2ip($blocked_range[1]);
}
$advanced_blocking[] = array(wfUtils::inet_pton($blocked_range[0]), wfUtils::inet_pton($blocked_range[1]), $advanced_blocking_row['id']);
}
}
foreach ($results as &$res) {
$res['type'] = $type;
$res['timeAgo'] = wfUtils::makeTimeAgo($serverTime - $res['ctime']);
$res['blocked'] = $this->getDB()->querySingle("select blockedTime from " . $this->blocksTable . " where IP=%s and (permanent = 1 OR (blockedTime + %s > unix_timestamp()))", $res['IP'], wfConfig::get('blockedTime'));
$res['rangeBlocked'] = false;
$res['ipRangeID'] = -1;
foreach ($advanced_blocking as $advanced_blocking_row) {
if (strcmp($res['IP'], $advanced_blocking_row[0]) >= 0 && strcmp($res['IP'], $advanced_blocking_row[1]) <= 0) {
$res['rangeBlocked'] = true;
$res['ipRangeID'] = $advanced_blocking_row[2];
break;
}
}
$res['IP'] = wfUtils::inet_ntop($res['IP']);
$res['extReferer'] = false;
if (isset($res['referer']) && $res['referer']) {
if (wfUtils::hasXSS($res['referer'])) {
//filtering out XSS
$res['referer'] = '';
}
}
if (isset($res['referer']) && $res['referer']) {
$refURL = parse_url($res['referer']);
if (is_array($refURL) && isset($refURL['host']) && $refURL['host']) {
$refHost = strtolower(preg_replace('/^www\\./i', '', $refURL['host']));
if ($refHost != $ourHost) {
$res['extReferer'] = true;
//now extract search terms
$q = false;
if (preg_match('/(?:google|bing|alltheweb|aol|ask)\\./i', $refURL['host'])) {
$q = 'q';
} else {
if (stristr($refURL['host'], 'yahoo.')) {
$q = 'p';
} else {
if (stristr($refURL['host'], 'baidu.')) {
$q = 'wd';
}
}
}
if ($q) {
$queryVars = array();
if (isset($refURL['query'])) {
parse_str($refURL['query'], $queryVars);
if (isset($queryVars[$q])) {
$res['searchTerms'] = urlencode($queryVars[$q]);
}
}
}
}
}
if ($res['extReferer']) {
if (isset($referringPage) && stristr($referringPage['host'], 'google.')) {
parse_str($referringPage['query'], $queryVars);
// echo $queryVars['q']; // This is the search term used
}
}
}
$res['browser'] = false;
if ($res['UA']) {
$b = $browscap->getBrowser($res['UA']);
if ($b && $b['Parent'] != 'DefaultProperties') {
$res['browser'] = array('browser' => !empty($b['Browser']) ? $b['Browser'] : "", 'version' => !empty($b['Version']) ? $b['Version'] : "", 'platform' => !empty($b['Platform']) ? $b['Platform'] : "", 'isMobile' => !empty($b['isMobileDevice']) ? $b['isMobileDevice'] : "", 'isCrawler' => !empty($b['Crawler']) ? $b['Crawler'] : "");
} else {
$log = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$IP = wfUtils::getIP();
$res['browser'] = array('isCrawler' => !(isset($_COOKIE['wordfence_verifiedHuman']) && $log->validateVerifiedHumanCookie($_COOKIE['wordfence_verifiedHuman'], $res['UA'], $IP)) ? 'true' : '');
}
}
if ($res['userID']) {
$ud = get_userdata($res['userID']);
if ($ud) {
$res['user'] = array('editLink' => wfUtils::editUserLink($res['userID']), 'display_name' => $res['display_name'], 'ID' => $res['userID']);
$res['user']['avatar'] = get_avatar($res['userID'], 16);
}
} else {
$res['user'] = false;
}
}
}
?>
<p>Critical Problems:</p>
<?php
foreach ($issues as $i) {
if ($i['severity'] == 1) {
?>
<p>* <?php
echo htmlspecialchars($i['shortMsg']);
?>
</p>
<?php
if (!empty($i['tmplData']['badURL'])) {
?>
<p><img src="<?php
echo sprintf("http://noc1.wordfence.com/v2.14/?v=%s&s=%s&k=%s&action=image&txt=%s", rawurlencode(wfUtils::getWPVersion()), rawurlencode(home_url()), rawurlencode(wfConfig::get('apiKey')), rawurlencode(base64_encode($i['tmplData']['badURL'])));
?>
" alt="" /></p>
<?php
}
?>
<?php
}
}
}
?>
<?php
if ($level == 2 && $totalWarningIssues > 0) {
?>
if (isset($i['tmplData']['wpURL'])) {
?>
<p><?php
if ($i['tmplData']['vulnerabilityPatched']) {
?>
<strong>Update includes security-related fixes.</strong> <?php
}
echo $i['tmplData']['wpURL'];
?>
/changelog</p>
<?php
}
if (!empty($i['tmplData']['badURL'])) {
?>
<p><img src="<?php
echo WORDFENCE_API_URL_BASE_NONSEC . "?" . http_build_query(array('v' => wfUtils::getWPVersion(), 's' => home_url(), 'k' => wfConfig::get('apiKey'), 'action' => 'image', 'txt' => base64_encode($i['tmplData']['badURL'])), '', '&');
?>
" alt="" /></p>
<?php
}
?>
<?php
}
}
}
?>
<?php
if ($level == 2 && $totalWarningIssues > 0) {
?>
/**
* @param string|null $ip
* @return bool
*/
public static function verifyGooglebotViaNOC1($ip = null)
{
global $wpdb;
$table = $wpdb->base_prefix . 'wfCrawlers';
if ($ip === null) {
$ip = wfUtils::getIP();
}
$db = new wfDB();
$IPn = wfUtils::inet_pton($ip);
$patternSig = 'googlenoc1';
$status = $db->querySingle("select status from {$table}\n\t\t\t\twhere IP=%s\n\t\t\t\tand patternSig=UNHEX(MD5('%s'))\n\t\t\t\tand lastUpdate > unix_timestamp() - %d", $IPn, $patternSig, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME);
if ($status === 'verified') {
return true;
} else {
if ($status === 'fakeBot') {
return false;
}
}
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
try {
$data = $api->call('verify_googlebot', array('ip' => $ip));
if (is_array($data) && !empty($data['verified'])) {
// Cache results
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate)\nvalues (%s, UNHEX(MD5('%s')), '%s', unix_timestamp())\nON DUPLICATE KEY UPDATE status='%3\$s', lastUpdate=unix_timestamp()", $IPn, $patternSig, 'verified');
return true;
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate)\nvalues (%s, UNHEX(MD5('%s')), '%s', unix_timestamp())\nON DUPLICATE KEY UPDATE status='%3\$s', lastUpdate=unix_timestamp()", $IPn, $patternSig, 'fakeBot');
}
} catch (Exception $e) {
// Do nothing, bail
}
return false;
}
public static function synchronizeConfigSettings()
{
if (!class_exists('wfConfig')) {
// Ensure this is only called when WordPress and the plugin are fully loaded
return;
}
static $isSynchronizing = false;
if ($isSynchronizing) {
return;
}
$isSynchronizing = true;
global $wpdb;
$db = new wfDB();
// Pattern Blocks
$r1 = $db->querySelect("SELECT id, blockType, blockString FROM {$wpdb->base_prefix}wfBlocksAdv");
$patternBlocks = array();
foreach ($r1 as $blockRec) {
if ($blockRec['blockType'] == 'IU') {
$bDat = explode('|', $blockRec['blockString']);
$ipRange = isset($bDat[0]) ? $bDat[0] : '';
$uaPattern = isset($bDat[1]) ? $bDat[1] : '';
$refPattern = isset($bDat[2]) ? $bDat[2] : '';
$hostnamePattern = isset($bDat[3]) ? $bDat[3] : '';
$patternBlocks[] = array('id' => $blockRec['id'], 'ipRange' => $ipRange, 'hostnamePattern' => $hostnamePattern, 'uaPattern' => $uaPattern, 'refPattern' => $refPattern);
}
}
// Country Blocks
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$cblCookie = $wfLog->getCBLCookieVal();
//Ensure we have the bypass cookie option set
$countryBlocks = array();
$countryBlocks['action'] = wfConfig::get('cbl_action', false);
$countryBlocks['loggedInBlocked'] = wfConfig::get('cbl_loggedInBlocked', false);
$countryBlocks['loginFormBlocked'] = wfConfig::get('cbl_loginFormBlocked', false);
$countryBlocks['restOfSiteBlocked'] = wfConfig::get('cbl_restOfSiteBlocked', false);
$countryBlocks['bypassRedirURL'] = wfConfig::get('cbl_bypassRedirURL', '');
$countryBlocks['bypassRedirDest'] = wfConfig::get('cbl_bypassRedirDest', '');
$countryBlocks['bypassViewURL'] = wfConfig::get('cbl_bypassViewURL', '');
$countryBlocks['redirURL'] = wfConfig::get('cbl_redirURL', '');
$countryBlocks['countries'] = explode(',', wfConfig::get('cbl_countries', ''));
$countryBlocks['cookieVal'] = $cblCookie;
//Other Blocks
$otherBlocks = array('blockedTime' => wfConfig::get('blockedTime', 0));
$otherBlockEntries = $db->querySelect("SELECT IP, blockedTime, reason, permanent, wfsn FROM {$wpdb->base_prefix}wfBlocks WHERE permanent = 1 OR (blockedTime + %d > unix_timestamp())", $otherBlocks['blockedTime']);
$otherBlocks['blocks'] = is_array($otherBlockEntries) ? $otherBlockEntries : array();
foreach ($otherBlocks['blocks'] as &$b) {
$b['IP'] = base64_encode($b['IP']);
}
// Save it
try {
$patternBlocksJSON = wfWAFUtils::json_encode($patternBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('patternBlocks', $patternBlocksJSON);
$countryBlocksJSON = wfWAFUtils::json_encode($countryBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('countryBlocks', $countryBlocksJSON);
$otherBlocksJSON = wfWAFUtils::json_encode($otherBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('otherBlocks', $otherBlocksJSON);
wfWAF::getInstance()->getStorageEngine()->setConfig('advancedBlockingEnabled', wfConfig::get('firewallEnabled'));
wfWAF::getInstance()->getStorageEngine()->setConfig('disableWAFIPBlocking', wfConfig::get('disableWAFIPBlocking'));
} catch (Exception $e) {
// Do nothing
}
$isSynchronizing = false;
}
