/**
* Manage Protect Settings
*
* ## OPTIONS
*
* whitelist: Whitelist an IP address. You can also read or clear the whitelist.
*
*
* ## EXAMPLES
*
* wp jetpack protect whitelist <ip address>
* wp jetpack protect whitelist list
* wp jetpack protect whitelist clear
*
* @synopsis <whitelist> [<ip|ip_low-ip_high|list|clear>]
*/
public function protect($args, $assoc_args)
{
$action = isset($args[0]) ? $args[0] : 'prompt';
if (!in_array($action, array('whitelist'))) {
WP_CLI::error(sprintf(__('%s is not a valid command.', 'jetpack'), $action));
}
// Check if module is active
if (!Jetpack::is_module_active(__FUNCTION__)) {
WP_CLI::error(sprintf(_x('%s is not active. You can activate it with "wp jetpack module activate %s"', '"wp jetpack module activate" is a command - do not translate', 'jetpack'), __FUNCTION__, __FUNCTION__));
}
if (in_array($action, array('whitelist'))) {
if (isset($args[1])) {
$action = 'whitelist';
} else {
$action = 'prompt';
}
}
switch ($action) {
case 'whitelist':
$whitelist = array();
$new_ip = $args[1];
$current_whitelist = get_site_option('jetpack_protect_whitelist');
// Build array of IPs that are already whitelisted.
// Re-build manually instead of using jetpack_protect_format_whitelist() so we can easily get
// low & high range params for jetpack_protect_ip_address_is_in_range();
foreach ($current_whitelist as $whitelisted) {
// IP ranges
if ($whitelisted->range) {
// Is it already whitelisted?
if (jetpack_protect_ip_address_is_in_range($new_ip, $whitelisted->range_low, $whitelisted->range_high)) {
WP_CLI::error(sprintf(__("%s has already been whitelisted", 'jetpack'), $new_ip));
break;
}
$whitelist[] = $whitelisted->range_low . " - " . $whitelisted->range_high;
} else {
// Individual IPs
// Check if the IP is already whitelisted (single IP only)
if ($new_ip == $whitelisted->ip_address) {
WP_CLI::error(sprintf(__("%s has already been whitelisted", 'jetpack'), $new_ip));
break;
}
$whitelist[] = $whitelisted->ip_address;
}
}
/*
* List the whitelist
* Done here because it's easier to read the $whitelist array after it's been rebuilt
*/
if (isset($args[1]) && 'list' == $args[1]) {
if (!empty($whitelist)) {
WP_CLI::success(__('Here are your whitelisted IPs:', 'jetpack'));
foreach ($whitelist as $ip) {
WP_CLI::line("\t" . str_pad($ip, 24));
}
} else {
WP_CLI::line(__('Whitelist is empty.', "jetpack"));
}
break;
}
/*
* Clear the whitelist
*/
if (isset($args[1]) && 'clear' == $args[1]) {
if (!empty($whitelist)) {
$whitelist = array();
jetpack_protect_save_whitelist($whitelist);
WP_CLI::success(__('Cleared all whitelisted IPs', 'jetpack'));
} else {
WP_CLI::line(__('Whitelist is empty.', "jetpack"));
}
break;
}
// Append new IP to whitelist array
array_push($whitelist, $new_ip);
// Save whitelist if there are no errors
$result = jetpack_protect_save_whitelist($whitelist);
if (is_wp_error($result)) {
WP_CLI::error(__($result, 'jetpack'));
}
WP_CLI::success(sprintf(__('%s has been whitelisted.', 'jetpack'), $new_ip));
break;
case 'prompt':
WP_CLI::error(__('No command found.', 'jetpack') . "\n" . __('Please enter the IP address you want to whitelist.', 'jetpack') . "\n" . _x('You can save a range of IPs {low_range}-{high_range}. No spaces allowed. (example: 1.1.1.1-2.2.2.2)', 'Instructions on how to whitelist IP ranges - low_range/high_range should be translated.', 'jetpack') . "\n" . _x("You can also 'list' or 'clear' the whitelist.", "'list' and 'clear' are commands and should not be translated", 'jetpack') . "\n");
break;
}
}
function ip_is_whitelisted($ip)
{
// If we found an exact match in wp-config
if (defined('JETPACK_IP_ADDRESS_OK') && JETPACK_IP_ADDRESS_OK == $ip) {
return true;
}
$whitelist = jetpack_protect_get_local_whitelist();
if (is_multisite()) {
$whitelist = array_merge($whitelist, get_site_option('jetpack_protect_global_whitelist', array()));
}
if (!empty($whitelist)) {
foreach ($whitelist as $item) {
// If the IPs are an exact match
if (!$item->range && isset($item->ip_address) && $item->ip_address == $ip) {
return true;
}
if ($item->range && isset($item->range_low) && isset($item->range_high)) {
if (jetpack_protect_ip_address_is_in_range($ip, $item->range_low, $item->range_high)) {
return true;
}
}
}
}
return false;
}
