protected function sanitize_settings() { $this->sanitize_setting('bool', 'default', __('Default Blacklist', 'better-wp-security')); $this->sanitize_setting('bool', 'enable_ban_lists', __('Ban Lists', 'better-wp-security')); $this->sanitize_setting('newline-separated-ips', 'host_list', __('Ban Hosts', 'better-wp-security')); if (is_array($this->settings['host_list'])) { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php'; $whitelisted_hosts = array(); $current_ip = ITSEC_Lib::get_ip(); foreach ($this->settings['host_list'] as $host) { if (is_user_logged_in() && ITSEC_Lib_IP_Tools::intersect($current_ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($host))) { $this->set_can_save(false); /* translators: 1: input name, 2: invalid host */ $this->add_error(sprintf(__('The following host in %1$s matches your current IP and cannot be banned: %2$s', 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $host)); continue; } if (ITSEC_Lib::is_ip_whitelisted($host)) { $whitelisted_hosts[] = $host; } } if (!empty($whitelisted_hosts)) { $this->set_can_save(false); /* translators: 1: input name, 2: invalid host list */ $this->add_error(wp_sprintf(_n('The following IP in %1$s is whitelisted and cannot be banned: %2$l', 'The following IPs in %1$s are whitelisted and cannot be banned: %2$l', count($whitelisted_hosts), 'better-wp-security'), __('Ban Hosts', 'better-wp-security'), $whitelisted_hosts)); } } $this->sanitize_setting(array($this, 'sanitize_agent_list_entry'), 'agent_list', __('Ban User Agents', 'better-wp-security')); }
/** * Determines whether a given IP address is whitelisted * * @param string $ip_to_check ip to check (can be in CIDR notation) * @param array $white_ips ip list to compare to if not yet saved to options * @param boolean $current whether to whitelist the current ip or not (due to saving, etc) * * @return boolean true if whitelisted or false */ public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false) { if (!class_exists('ITSEC_Lib_IP_Tools')) { $itsec_core = ITSEC_Core::get_instance(); require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php'; } if ($white_ips === null) { $global_settings = get_site_option('itsec_global'); $white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array(); } if ($current === true) { $white_ips[] = ITSEC_Lib::get_ip(); //add current user ip to whitelist to check automatically } // Check to see if we have a temporarily white listed IP $temp = get_site_option('itsec_temp_whitelist_ip'); if (false !== $temp) { // If the temporary white list is expired, delete the option we store it in if ($temp['exp'] < current_time('timestamp')) { delete_site_option('itsec_temp_whitelist_ip'); } else { // If the temporary white list is still valid, add the IP to our list of white IPs $white_ips[] = $temp['ip']; } } $white_ips = apply_filters('itsec_white_ips', $white_ips); foreach ($white_ips as $white_ip) { if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) { return true; } } return false; }
/** * Determines whether a given IP address is whitelisted * * @param string $ip_to_check ip to check (can be in CIDR notation) * @param array $white_ips ip list to compare to if not yet saved to options * @param boolean $current whether to whitelist the current ip or not (due to saving, etc) * * @return boolean true if whitelisted or false */ public static function is_ip_whitelisted($ip_to_check, $white_ips = null, $current = false) { if (!class_exists('ITSEC_Lib_IP_Tools')) { $itsec_core = ITSEC_Core::get_instance(); require_once dirname($itsec_core->get_plugin_file()) . '/core/lib/class-itsec-lib-ip-tools.php'; } if ($white_ips === null) { $global_settings = get_site_option('itsec_global'); $white_ips = isset($global_settings['lockout_white_list']) ? $global_settings['lockout_white_list'] : array(); } if ($current === true) { $white_ips[] = ITSEC_Lib::get_ip(); //add current user ip to whitelist to check automatically } foreach ($white_ips as $white_ip) { if (ITSEC_Lib_IP_Tools::intersect($ip_to_check, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($white_ip))) { return true; } } return false; }
/** * Determines whether a given IP address is blacklisted * * @param string $ip ip to check (can be in CIDR notation) * @param array $blacklisted_ips ip list to compare to if not yet saved to options * * @return boolean true if blacklisted or false */ public static function is_ip_blacklisted($ip = null, $blacklisted_ips = null) { $ip = sanitize_text_field($ip); if (empty($ip)) { $ip = ITSEC_Lib::get_ip(); } if (!class_exists('ITSEC_Lib_IP_Tools')) { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php'; } if (is_null($blacklisted_ips)) { $blacklisted_ips = self::get_blacklisted_ips(); } foreach ($blacklisted_ips as $blacklisted_ip) { if (ITSEC_Lib_IP_Tools::intersect($ip, ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($blacklisted_ip))) { return true; } } return false; }