/** * Inserts an IP address into the htaccess ban list. * * @since 4.0 * * @param $ip * @param null $ban_list * @param null $white_list * * @return void */ public static function insert_ip($ip, $ban_list = null, $white_list = null) { $settings = get_site_option('itsec_ban_users'); $host = sanitize_text_field($ip); if ($ban_list === null) { $ban_list = isset($settings['host_list']) ? $settings['host_list'] : array(); } if ($white_list === null) { $global_settings = get_site_option('itsec_global'); $white_list = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array(); } if (!in_array($host, $ban_list) && !ITSEC_Ban_Users::is_ip_whitelisted($host, $white_list)) { $ban_list[] = $host; $settings['host_list'] = $ban_list; ITSEC_Files::quick_ban($host); update_site_option('itsec_ban_users', $settings); add_site_option('itsec_rewrites_changed', true); } }
/** * Sanitize and validate input * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; $has_errors = false; //Sanitize checkbox features $input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false; $input['default'] = isset($input['default']) && intval($input['default'] == 1) ? true : false; if (isset($input['agent_list']) && is_string($input['agent_list'])) { $agents = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['agent_list'])); } else { if (isset($input['agent_list']) && is_array($input['agent_list'])) { $agents = $input['agent_list']; } else { $agents = array(); } } $good_agents = array(); foreach ($agents as $agent) { $agent = trim(sanitize_text_field($agent)); if (!empty($agent)) { $good_agents[] = $agent; } } $input['agent_list'] = array_unique($good_agents); if (isset($input['host_list']) && is_string($input['host_list'])) { $addresses = preg_split('/(?<!\\r)\\n|\\r(?!\\n)|(?<!\\r)\\r\\n|\\r\\r\\n/', trim($input['host_list'])); } else { if (isset($input['host_list']) && is_array($input['host_list'])) { $addresses = $input['host_list']; } else { $addresses = array(); } } if (!class_exists('ITSEC_Ban_Users')) { require dirname(__FILE__) . '/class-itsec-ban-users.php'; } $bad_ips = array(); $white_ips = array(); $raw_ips = array(); foreach ($addresses as $index => $address) { $address = trim($address); if (empty($address)) { continue; } if (!ITSEC_Lib::validates_ip_address($address)) { $bad_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } if (ITSEC_Ban_Users::is_ip_whitelisted($address, null, true)) { $white_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } $raw_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } $raw_ips = array_unique($raw_ips); if (!empty($bad_ips)) { $input['enabled'] = false; //disable ban users list $type = 'error'; if (!$has_errors) { $message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security')); } foreach ($bad_ips as $bad_ip) { $message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the ban users box.', 'better-wp-security')); } add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); $has_errors = true; } if (sizeof($white_ips) > 0) { $input['enabled'] = false; //disable ban users list $type = 'error'; if (!$has_errors) { $message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'better-wp-security')); } foreach ($white_ips as $white_ip) { $message .= sprintf('%s %s<br />', $white_ip, __('is not a valid address as it has been white listed.', 'better-wp-security')); } add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); $has_errors = true; } $input['host_list'] = $raw_ips; if (!$has_errors) { if (!isset($type) && ($input['host_list'] !== $this->settings['host_list'] || $input['enabled'] !== $this->settings['enabled'] || $input['default'] !== $this->settings['default'] || $input['agent_list'] !== $this->settings['agent_list']) || isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) { add_site_option('itsec_rewrites_changed', true); } } if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = $input; } return $input; }
/** * Sanitize and validate input * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; $no_errors = false; //start out assuming they entered a bad IP somewhere //Sanitize checkbox features $input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false; $input['default'] = isset($input['default']) && intval($input['default'] == 1) ? true : false; //process agent list if (isset($input['agent_list']) && !is_array($input['agent_list'])) { $agents = explode(PHP_EOL, $input['agent_list']); } elseif (isset($input['agent_list'])) { $agents = $input['agent_list']; } else { $agents = array(); } $good_agents = array(); foreach ($agents as $agent) { $good_agents[] = trim(sanitize_text_field($agent)); } $input['agent_list'] = $good_agents; //Process hosts list if (isset($input['host_list']) && !is_array($input['host_list'])) { $addresses = explode(PHP_EOL, $input['host_list']); } elseif (isset($input['host_list'])) { $addresses = $input['host_list']; } else { $addresses = array(); } $bad_ips = array(); $white_ips = array(); $raw_ips = array(); foreach ($addresses as $index => $address) { if (strlen(trim($address)) > 0) { if (ITSEC_Lib::validates_ip_address($address) === false) { $bad_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } if (!class_exists('ITSEC_Ban_Users')) { require dirname(__FILE__) . '/class-itsec-ban-users.php'; } if (ITSEC_Ban_Users::is_ip_whitelisted($address, NULL, true)) { $white_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } $raw_ips[] = trim(filter_var($address, FILTER_SANITIZE_STRING)); } else { unset($addresses[$index]); } } $raw_ips = array_unique($raw_ips); if (sizeof($bad_ips) > 0) { $input['enabled'] = false; //disable ban users list $type = 'error'; if ($no_errors === true) { $message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'it-l10n-better-wp-security')); } foreach ($bad_ips as $bad_ip) { $message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the ban users box.', 'it-l10n-better-wp-security')); } add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } else { $no_errors = true; } if (sizeof($white_ips) > 0) { $input['enabled'] = false; //disable ban users list $type = 'error'; if ($no_errors === true) { $message = sprintf('%s<br /><br />', __('Note that the ban users feature has been disabled until the following errors are corrected:', 'it-l10n-better-wp-security')); } foreach ($white_ips as $white_ip) { $message .= sprintf('%s %s<br />', $white_ip, __('is not a valid address as it has been white listed.', 'it-l10n-better-wp-security')); } add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } else { $no_errors = true; } $input['host_list'] = $raw_ips; if ($no_errors === true) { if (!isset($type) && ($input['host_list'] !== $this->settings['host_list'] || $input['enabled'] !== $this->settings['enabled'] || $input['default'] !== $this->settings['default'] || $input['agent_list'] !== $this->settings['agent_list']) || isset($itsec_globals['settings']['write_files']) && $itsec_globals['settings']['write_files'] === true) { add_site_option('itsec_rewrites_changed', true); } } if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = $input; } return $input; }