protected function sanitize_settings()
{
$this->sanitize_setting('bool', 'default', __('Default Blacklist', 'better-wp-security'));
$this->sanitize_setting('bool', 'enable_ban_lists', __('Ban Lists', 'better-wp-security'));
$this->sanitize_setting('newline-separated-ips', 'host_list', __('Ban Hosts', 'better-wp-security'));
if (is_array($this->settings['host_list'])) {
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php';
$whitelisted_hosts = array();
$current_ip = ITSEC_Lib::get_ip();
foreach ($this->settings['host_list'] as $host) {
if (is_user_logged_in() && ITSEC_Lib_IP_Tools::intersect($current_ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($host))) {
$this->set_can_save(false);
/* translators: 1: input name, 2: invalid host */
$this->add_error(sprintf(__('The following host in %1$s matches your current IP and cannot be banned: %2$s', 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $host));
continue;
}
if (ITSEC_Lib::is_ip_whitelisted($host)) {
$whitelisted_hosts[] = $host;
}
}
if (!empty($whitelisted_hosts)) {
$this->set_can_save(false);
/* translators: 1: input name, 2: invalid host list */
$this->add_error(wp_sprintf(_n('The following IP in %1$s is whitelisted and cannot be banned: %2$l', 'The following IPs in %1$s are whitelisted and cannot be banned: %2$l', count($whitelisted_hosts), 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $whitelisted_hosts));
}
}
$this->sanitize_setting(array($this, 'sanitize_agent_list_entry'), 'agent_list', __('Ban User Agents', 'better-wp-security'));
}
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check (can be in CIDR notation)
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
// Check to see if we have a temporarily white listed IP
$temp = get_site_option('itsec_temp_whitelist_ip');
if (false !== $temp) {
// If the temporary white list is expired, delete the option we store it in
if ($temp['exp'] < current_time('timestamp')) {
delete_site_option('itsec_temp_whitelist_ip');
} else {
// If the temporary white list is still valid, add the IP to our list of white IPs
$white_ips[] = $temp['ip'];
}
}
$white_ips = apply_filters('itsec_white_ips', $white_ips);
foreach ($white_ips as $white_ip) {
if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) {
return true;
}
}
return false;
}
/**
* Determines whether a given IP address is whitelisted
*
* @param string $ip_to_check ip to check (can be in CIDR notation)
* @param array $white_ips ip list to compare to if not yet saved to options
* @param boolean $current whether to whitelist the current ip or not (due to saving, etc)
*
* @return boolean true if whitelisted or false
*/
public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false)
{
if (!class_exists('ITSEC_Lib_IP_Tools')) {
$itsec_core = ITSEC_Core::get_instance();
require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php';
}
if ($white_ips === null) {
$global_settings = get_site_option('itsec_global');
$white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array();
}
if ($current === true) {
$white_ips[] = ITSEC_Lib::get_ip();
//add current user ip to whitelist to check automatically
}
foreach ($white_ips as $white_ip) {
if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) {
return true;
}
}
return false;
}
/**
* Determines whether a given IP address is blacklisted
*
* @param string $ip ip to check (can be in CIDR notation)
* @param array $blacklisted_ips ip list to compare to if not yet saved to options
*
* @return boolean true if blacklisted or false
*/
public static function is_ip_blacklisted($ip = null, $blacklisted_ips = null)
{
$ip = sanitize_text_field($ip);
if (empty($ip)) {
$ip = ITSEC_Lib::get_ip();
}
if (!class_exists('ITSEC_Lib_IP_Tools')) {
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php';
}
if (is_null($blacklisted_ips)) {
$blacklisted_ips = self::get_blacklisted_ips();
}
foreach ($blacklisted_ips as $blacklisted_ip) {
if (ITSEC_Lib_IP_Tools::intersect($ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($blacklisted_ip))) {
return true;
}
}
return false;
}
