/**
* Send test HTTP request to the API URLs.
*
* @param string $unique Unique API URL selector.
* @return object WordPress HTTP request response.
*/
public static function debugApiCall($unique = null)
{
$urls = self::ambiguousApiUrls();
if (array_key_exists($unique, $urls)) {
$params = array();
$url = self::apiUrlProtocol($urls[$unique]);
if ($unique === 'sitechck') {
$response = self::getSitecheckResults('sucuri.net', false);
} else {
if ($unique === 'cproxywp') {
$params['v2'] = 'true';
$params['a'] = 'test';
} elseif ($unique === 'wpplugin') {
$url = str_replace('/PLUGIN/', '/sucuri-scanner/', $url);
} elseif ($unique === 'plugindt') {
$url = str_replace('/PLUGIN.json', '/sucuri-scanner.json', $url);
} elseif ($unique === 'wpvfpath') {
$fpath = sprintf('/%s/wp-load.php', SucuriScan::site_version());
$url = str_replace('/VERSION/FILEPATH', $fpath, $url);
}
$response = self::apiCall($url, 'GET', $params);
}
if ($response) {
if ($unique === 'sucuriwp' && array_key_exists('status', $response) && array_key_exists('action', $response) && array_key_exists('output', $response) && is_numeric($response['status'])) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'cproxywp' && array_key_exists('status', $response) && array_key_exists('action', $response) && array_key_exists('output', $response) && is_numeric($response['status'])) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'sitechck' && array_key_exists('SCAN', $response) && array_key_exists('SYSTEM', $response) && array_key_exists('BLACKLIST', $response)) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'wpssalts' && strpos($response, 'AUTH_KEY') && strpos($response, 'AUTH_SALT') && strpos($response, 'SECURE_AUTH_KEY')) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'wphashes' && is_array($response) && array_key_exists('checksums', $response) && is_array($response['checksums'])) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'wpplugin' && strpos($response, '<title>Sucuri Security') && strpos($response, 'wordpress.org/plugin/sucuri-scanner')) {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'plugindt' && array_key_exists('slug', $response) && $response['slug'] === 'sucuri-scanner') {
return array('unique' => $unique, 'output' => 'OK');
} elseif ($unique === 'wpvfpath' && strpos($response, 'ABSPATH') && strpos($response, 'wp_die')) {
return array('unique' => $unique, 'output' => 'OK');
}
}
}
return array('unique' => $unique, 'output' => 'ERROR');
}
/**
* Compare the md5sum of the core files in the current site with the hashes hosted
* remotely in Sucuri servers. These hashes are updated every time a new version
* of WordPress is released. If the "Send Email" parameter is set the function will
* send a notification to the administrator with a list of files that were added,
* modified and/or deleted so far.
*
* @param boolean $send_email If the HTML code returned will be sent via email.
* @return string HTML code with a list of files that were affected.
*/
function sucuriscan_core_files($send_email = false)
{
$site_version = SucuriScan::site_version();
$affected_files = 0;
$template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden', 'CoreFiles.FailureVisibility' => 'hidden', 'CoreFiles.RemoteChecksumsURL' => '');
if ($site_version && SucuriScanOption::is_enabled(':scan_checksums')) {
// Check if there are added, removed, or modified files.
$latest_hashes = sucuriscan_check_core_integrity($site_version);
$template_variables['CoreFiles.RemoteChecksumsURL'] = 'http://api.wordpress.org/core/checksums/1.0/' . '?version=' . $site_version . '&locale=en_US';
if ($latest_hashes) {
$cache = new SucuriScanCache('integrity');
$ignored_files = $cache->get_all();
$counter = 0;
foreach ($latest_hashes as $list_type => $file_list) {
if ($list_type == 'stable' || empty($file_list)) {
continue;
}
foreach ($file_list as $file_info) {
$file_path = $file_info['filepath'];
$full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path);
// Skip files that were marked as fixed.
if ($ignored_files) {
// Get the checksum of the base file name.
$file_path_checksum = md5($file_path);
if (array_key_exists($file_path_checksum, $ignored_files)) {
continue;
}
}
// Add extra information to the file list.
$css_class = $counter % 2 == 0 ? '' : 'alternate';
$file_size = @filesize($full_filepath);
$is_fixable_html = '';
$is_fixable_text = '';
// Check whether the file can be fixed automatically or not.
if ($file_info['is_fixable'] !== true) {
$css_class .= ' sucuriscan-opacity';
$is_fixable_html = 'disabled="disbled"';
$is_fixable_text = '(must be fixed manually)';
}
// Generate the HTML code from the snippet template for this file.
$template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => SucuriScan::escape($file_path), 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text));
$counter += 1;
$affected_files += 1;
}
}
if ($counter > 0) {
$template_variables['CoreFiles.ListCount'] = $counter;
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'visible';
}
} else {
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'hidden';
$template_variables['CoreFiles.FailureVisibility'] = 'visible';
}
}
// Send an email notification with the affected files.
if ($send_email === true) {
if ($affected_files > 0) {
$content = SucuriScanTemplate::get_section('notification-corefiles', $template_variables);
$sent = SucuriScanEvent::notify_event('scan_checksums', $content);
return $sent;
}
return false;
}
return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables);
}
/**
* Compare the md5sum of the core files in the current site with the hashes hosted
* remotely in Sucuri servers. These hashes are updated every time a new version
* of WordPress is released.
*
* @return void
*/
function sucuriscan_core_files()
{
$site_version = SucuriScan::site_version();
$template_variables = array('CoreFiles.List' => '', 'CoreFiles.ListCount' => 0, 'CoreFiles.GoodVisibility' => 'visible', 'CoreFiles.BadVisibility' => 'hidden');
if ($site_version && SucuriScanOption::get_option(':scan_checksums') == 'enabled') {
// Check if there are added, removed, or modified files.
$latest_hashes = sucuriscan_check_core_integrity($site_version);
if ($latest_hashes) {
$cache = new SucuriScanCache('integrity');
$ignored_files = $cache->get_all();
$counter = 0;
foreach ($latest_hashes as $list_type => $file_list) {
if ($list_type == 'stable' || empty($file_list)) {
continue;
}
foreach ($file_list as $file_info) {
$file_path = $file_info['filepath'];
$full_filepath = sprintf('%s/%s', rtrim(ABSPATH, '/'), $file_path);
// Skip files that were marked as fixed.
if ($ignored_files) {
// Get the checksum of the base file name.
$file_path_checksum = md5($file_path);
if (array_key_exists($file_path_checksum, $ignored_files)) {
continue;
}
}
// Add extra information to the file list.
$css_class = $counter % 2 == 0 ? '' : 'alternate';
$file_size = @filesize($full_filepath);
$is_fixable_html = '';
$is_fixable_text = '';
// Check whether the file can be fixed automatically or not.
if ($file_info['is_fixable'] !== true) {
$css_class .= ' sucuriscan-opacity';
$is_fixable_html = 'disabled="disbled"';
$is_fixable_text = '(must be fixed manually)';
}
// Generate the HTML code from the snippet template for this file.
$template_variables['CoreFiles.List'] .= SucuriScanTemplate::get_snippet('integrity-corefiles', array('CoreFiles.CssClass' => $css_class, 'CoreFiles.StatusType' => $list_type, 'CoreFiles.FilePath' => $file_path, 'CoreFiles.FileSize' => $file_size, 'CoreFiles.FileSizeHuman' => SucuriScan::human_filesize($file_size), 'CoreFiles.FileSizeNumber' => number_format($file_size), 'CoreFiles.ModifiedAt' => SucuriScan::datetime($file_info['modified_at']), 'CoreFiles.IsFixtableFile' => $is_fixable_html, 'CoreFiles.IsNotFixable' => $is_fixable_text));
$counter += 1;
}
}
if ($counter > 0) {
$template_variables['CoreFiles.ListCount'] = $counter;
$template_variables['CoreFiles.GoodVisibility'] = 'hidden';
$template_variables['CoreFiles.BadVisibility'] = 'visible';
}
} else {
SucuriScanInterface::error('Error retrieving the WordPress core hashes, try again.');
}
}
return SucuriScanTemplate::get_section('integrity-corefiles', $template_variables);
}