public static function startScan() { wssLog(__METHOD__ . '() triggered ' . PHP_EOL . str_repeat('=', 50)); $settings = WsdWPScanSettings::getSettings(); $scanID = $settings['SCAN_ID']; $scanState = $settings['SCAN_STATE']; $scanProgress = $settings['SCAN_PROGRESS']; $scanResult = $settings['SCAN_RESULT']; $scanType = $settings['SCAN_TYPE']; self::$_scanID = $scanID; wssLog('SCAN DATA', array('$scanID' => $scanID, '$scanState' => $scanState, '$scanProgress' => $scanProgress, '$scanResult' => $scanResult, '$scanType' => $scanType)); // if scan id == 0 there is no scan registered if (empty($scanID)) { $failReason = "Internal Error: No scan ID provided."; wssLog('No scan ID. Ignoring the scan start request.'); self::stopScan(false, $failReason); return false; } //#! if scan state is none if ($scanState == WsdWPScanSettings::SCAN_STATE_NONE) { wssLog('Invalid scan state. Ignoring the scan start request.', array('state' => 'SCAN_STATE_NONE')); return false; } //#! if scan in progress if ($scanState == WsdWPScanSettings::SCAN_STATE_IN_PROGRESS) { wssLog('Scan is running. Ignoring the scan start request.', array('state' => 'SCAN_STATE_IN_PROGRESS', 'progress' => $scanProgress)); return false; } //#! Start scan //============================= global $wp_version; wssLog('WordPress version installed:', array('version' => $wp_version)); if (empty($wp_version)) { $failReason = __("Could not retrieve the WordPress version.", WpsSettings::TEXT_DOMAIN); wssLog('Invalid WordPress version detected.'); self::stopScan(false, $failReason); return false; } wssLog('Starting scan.', array('ID' => self::$_scanID)); @ignore_user_abort(true); @set_time_limit(WpsSettings::WPS_MAX_TIME_EXEC_LIMIT); //#! update scan state WsdWPScanSettings::updateSetting('SCAN_STATE', WsdWPScanSettings::SCAN_STATE_IN_PROGRESS); //#! Request the json file from server depending on the current WP version $json = null; $url = WpsSettings::getJsonRepoUrl() . "{$wp_version}.json"; wssLog('Retrieving json file.', array('path' => $url)); $c = @file_get_contents($url); if (empty($c)) { $reason = sprintf(__("Error retrieving the json file from server for the detected WordPress version: %s. Scan aborted.", WpsSettings::TEXT_DOMAIN), $wp_version); wssLog($reason); self::stopScan(false, $reason); return false; } else { $data = json_decode($c); wssLog('Json file retrieved from path: ' . $url); if (is_null($data)) { $failReason = __('Error decoding the json file. The file might be empty or corrupted.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } //#! Ensure file is valid if (isset($data->root) && isset($data->wp_admin) && isset($data->wp_content) && isset($data->wp_includes)) { $rootFiles = $data->root; $wpAdminFiles = $data->wp_admin; $wpContentFiles = $data->wp_content; $wpIncludesFiles = $data->wp_includes; if (empty($rootFiles) || empty($wpAdminFiles) || empty($wpContentFiles) || empty($wpIncludesFiles)) { $failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } //#! mark as ok for GC $data = null; $now = time(); $h24 = 24 * 60 * 60; $since = 0; if ($scanType == 0) { $since = strtotime('midnight'); } elseif ($scanType == 1) { $since = $now - $h24; } elseif ($scanType == 2) { $since = $now - 2 * $h24; } elseif ($scanType == 3) { $since = $now - 3 * $h24; } elseif ($scanType == 4) { $since = $now - 4 * $h24; } elseif ($scanType == 5) { $since = $now - 5 * $h24; } elseif ($scanType == 6) { $since = $now - 6 * $h24; } elseif ($scanType == 7) { $since = $now - 7 * $h24; } elseif ($scanType == 8) { $since = strtotime("-1 months") - $h24 - $now; } WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ROOT, true); self::_checkFiles(ABSPATH, $rootFiles, $since, true); wssLog("root directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ADMIN); self::_checkFiles(ABSPATH . 'wp-admin/', $wpAdminFiles, $since, false, false, true); wssLog("wp-admin directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_CONTENT); self::_checkFiles(ABSPATH . 'wp-content/', $wpContentFiles, $since, false, true); wssLog("wp-content directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_INCLUDES); self::_checkFiles(ABSPATH . 'wp-includes/', $wpIncludesFiles, $since); wssLog("wp-includes directory scan complete"); //#! Mark scan as completed self::stopScan(true); return true; } else { $failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } } }
/** * Retrieve the settings from database. This method will extract all methods found in the WsdSecurity class and provide them as * settings in the settings page. It will also auto update itself in case new methods are added to the class or if * some of them were removed. * @return array */ public static function getSettings() { $className = 'WsdSecurity'; if (!class_exists($className)) { return array(); } if (wpsIsMultisite()) { $settings = get_blog_option(1, WpsSettings::PLUGIN_SETTINGS_OPTION_NAME); } else { $settings = WpsOption::getOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME); } $methods = WpsSettings::getSettingsList(); $useReflection = false; if (empty($settings)) { $settings = array(); foreach ($methods as $method) { $settings[$method['name']] = array('name' => $method['name'], 'value' => 0, 'desc' => $method['text']); } } else { // Check to see whether or not new methods were added or subtracted $numSettings = count($settings); $numMethods = count($methods); if ($numMethods != $numSettings) { // add new methods $_temp = array(); foreach ($methods as $method) { if (!isset($settings[$method['name']])) { $settings[$method['name']] = array('name' => $method['name'], 'value' => 0, 'desc' => $method['text']); } array_push($_temp, $method['name']); } // remove missing methods foreach ($settings as $k => &$entry) { if (!in_array($entry['name'], $_temp)) { unset($settings[$k]); } } } } WpsOption::addOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME, $settings); return $settings; }
function wpsRunFixes() { $methods = WpsSettings::getSettingsList(); if (empty($methods)) { return false; } foreach ($methods as $method) { add_action('init', array('WsdSecurity', $method['name'])); } }
<?php if (!WsdUtil::canLoad()) { return; } /* * Displays the File scan results info */ $acxFileList = WpsSettings::getScanFileList(); $acx_isPostBack = false; $acx_message = ''; //@ IF POSTBACK if (!WsdUtil::isWinOs()) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { // check nonce if (isset($_POST['wsdplugin_update_paths_field'])) { if (!wp_verify_nonce($_POST['wsdplugin_update_paths_field'], 'wsdplugin_update_paths')) { wp_die(__('Invalid request.')); } } else { wp_die(__('Invalid request.')); } $acx_isPostBack = true; $result = WsdUtil::changeFilePermissions($acxFileList); if (empty($result)) { $acx_message = __('No changes applied. You are running PHP on a Windows server thus chmod cannot be used'); } else { $acx_message = __('Successful changes') . ': ' . $result['success'] . ', ' . __('Failed') . ': ' . $result['failed']; } } }