/** Remove the version parameter from urls */
public static function fix_removeWpVersionFromLinks($src = '')
{
global $wpsPluginAlertsArray;
$actionName = $wpsPluginAlertsArray['fix_remove_wp_version_links']['name'];
$alertType = $wpsPluginAlertsArray['fix_remove_wp_version_links']['type'];
/* This check is important so this function will run only if the user enables it. */
if (!self::isSettingEnabled(__FUNCTION__)) {
self::alert($actionName, $alertType, WpsSettings::ALERT_CRITICAL, __('WordPress version is displayed in links for all users', WpsSettings::TEXT_DOMAIN), __('<p>By default, WordPress will display the current version in links to javascript scripts or stylesheets.
Therefore, if anyone has access to this information it might be a security risk because if a hacker knows which version of WordPress a website is running,
it can make it easier for him to target a known WordPress security issue.</p>', WpsSettings::TEXT_DOMAIN), sprintf(__('<p>This plugin can automatically hide the WordPress version from links if the option <strong>"%s"</strong> is checked on the plugin\'s settings page.</p>', WpsSettings::TEXT_DOMAIN), 'Remove the version parameter from urls'));
return;
}
if (!WsdUtil::isAdministrator()) {
add_filter('script_loader_src', array('WsdSecurityHelper', '__removeWpVersionFromLinks'));
add_filter('style_loader_src', array('WsdSecurityHelper', '__removeWpVersionFromLinks'));
}
self::alert($actionName, $alertType, WpsSettings::ALERT_INFO, __('WordPress version displayed in links only for administrator users.', WpsSettings::TEXT_DOMAIN), __('<p>By default, WordPress will display the current version in links to javascript scripts or stylesheets.
Therefore, if anyone has access to this information it might be a security risk because if a hacker knows which version of WordPress a website is running,
it can make it easier for him to target a known WordPress security issue.</p>', WpsSettings::TEXT_DOMAIN));
}
private static function _checkFiles($basePath, array $files, $fileModifiedSince, $isWpRoot = false, $isWpContent = false, $isWpAdmin = false)
{
wssLog(__METHOD__ . '(). Scanning: ' . WsdUtil::normalizePath($basePath));
foreach ($files as $file) {
$_file = $basePath . $file;
$_file = WsdUtil::normalizePath($_file);
if (!is_file($_file)) {
// if this is the root and wp-config.php file...
if ($isWpRoot) {
// safely ignore this file
if (strcasecmp($file, 'wp-config-sample.php') == 0) {
wssLog('wp-config-sample.php file is missing but can be ignored. Skipping file check.');
continue;
} elseif (strcasecmp($file, 'wp-config.php') == 0) {
// check one level above
$path = realpath('../' . ABSPATH) . '/' . $file;
if (is_file($path)) {
$_file = $path;
} else {
//#! Mark file not found
self::_markFileNotFound($_file);
continue;
}
} elseif (strcasecmp($file, 'readme.html') == 0) {
wssLog('readme.html file is missing but can be ignored. Skipping file check.');
continue;
}
} elseif ($isWpContent) {
// Ignore WP's default themes and plugins if not found
if (WsdUtil::canIgnoreScanPath($_file)) {
wssLog($_file . ' file is missing but can be ignored. Skipping file check.');
continue;
}
} elseif ($isWpAdmin) {
// safely ignore marked files from /wp-admin
if (strcasecmp($file, 'install.php') == 0) {
wssLog('wp-admin/install.php file is missing but can be ignored. Skipping file check.');
continue;
} elseif (strcasecmp($file, 'upgrade.php') == 0) {
wssLog('wp-admin/upgrade.php file is missing but can be ignored. Skipping file check.');
continue;
}
}
//#! Mark file not found
self::_markFileNotFound($_file);
continue;
}
$mdate = filemtime($_file);
if ($mdate > $fileModifiedSince) {
//#! Mark file as modified
self::_markFileModified($_file, $mdate);
}
}
}
?>
<div id="lastScansWrapper">
<div class="wsdplugin_alert_section_title wsdplugin_alert_section_title_category"><p>Previous Scans</p></div>
<div class="inside" style="margin-left: 5px;">
<?php
echo WsdUtil::loadTemplate('tpl-last-scans-list', array('showScanForm' => $showScanForm, 'scanState' => $scanState));
?>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="<?php
echo WsdUtil::jsUrl('wsdplugin-wp-scan.js');
?>
" type="text/javascript"></script>
<script type="text/javascript">
jQuery(document).ready(function($){
//#!++ Set the default dateScan
var dateScan = 0; // default
$('#dateScan').on('change', function(){ dateScan = $(this).val(); });
//#!--
<?php
if ($enableSubmit) {
?>
$('#inputFormScan').on('click', function(){ $('#wpScanForm').submit(); });
<?php
}
?>
function wpsCreateNetworkMenu()
{
$reqCap = 'administrator';
if (current_user_can($reqCap) && function_exists('add_menu_page')) {
add_menu_page('WP Security', 'WP Security', $reqCap, WPS_PLUGIN_PREFIX, array('WsdPlugin', 'pageMain'), WsdUtil::imageUrl('logo-small.png'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'Dashboard', 'Dashboard', $reqCap, WPS_PLUGIN_PREFIX, array('WsdPlugin', 'pageMain'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'Database', 'Database', $reqCap, WPS_PLUGIN_PREFIX . 'database', array('WsdPlugin', 'pageDatabase'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'WP Info', 'WP Info', $reqCap, WPS_PLUGIN_PREFIX . 'scanner', array('WsdPlugin', 'pageWpInfo'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'WP File Scan', 'WP File Scan', $reqCap, WPS_PLUGIN_PREFIX . 'wpscan', array('WsdPlugin', 'pageWpFileScan'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'Live traffic', 'Live traffic', $reqCap, WPS_PLUGIN_PREFIX . 'live_traffic', array('WsdPlugin', 'pageLiveTraffic'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'Blog', 'Blog', $reqCap, WPS_PLUGIN_PREFIX . 'blog', array('WsdPlugin', 'pageBlog'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'Settings', 'Settings', $reqCap, WPS_PLUGIN_PREFIX . 'settings', array('WsdPlugin', 'pageSettings'));
add_submenu_page(WPS_PLUGIN_PREFIX, 'About', 'About', $reqCap, WPS_PLUGIN_PREFIX . 'about', array('WsdPlugin', 'pageAbout'));
}
}
if (!WsdUtil::canLoad()) {
return;
}
/*
* DISPLAY AVAILABLE DOWNLOADS
*======================================================
*/
$files = WsdUtil::getAvailableBackupFiles();
if (empty($files)) {
echo '<p>No backups files found.</p>';
} else {
echo '<div class="acx-section-box">';
echo '<ul id="bck-list" data-nonce="' . wp_create_nonce("wpsBackupFileDelete_nonce") . '">';
foreach ($files as $fileName) {
echo '<li style="overflow: hidden;">';
echo '<a href="#" title="Delete this backup" class="acx-delete-bck" style="margin-top: 3px; margin-right: 7px; float: left;"><img src="' . WsdUtil::imageUrl('minus.gif') . '"/></a>';
echo '<a href="', WPS_PLUGIN_URL . 'res/backups/', $fileName, '" title="', __('Click to download'), '" style="float: left;">', $fileName, '</a>';
echo '</li>';
}
echo '</ul>';
echo '</div>';
}
?>
<script type="text/javascript">
jQuery(document).ready(function($){
function deleteBackupFile($,adminPostUrl, serverMethod, nonce, fileName, $item)
{
$.ajax({
type : "post",
dataType : "json",
cache: false,
/**
* @public
* @param $optName
* @param $getMaxRssEntries
*/
function wpsPlugin_handleDisplayRssData($optName, $getMaxRssEntries)
{
$data = wpsPlugin_GetFeedData($getMaxRssEntries);
wpsPlugin_updateRssFeedOption($optName, $data);
echo str_ireplace("url('rss.png')", "url('" . WsdUtil::imageUrl('rss.png') . "')", $data);
}
echo WsdUtil::loadTemplate('box-available-backups');
?>
</div>
</div>
</div>
<p class="clear"></p>
<div class="metabox-holder" style="width:99.8%; padding-top: 0;">
<?php
/*
* CHANGE DATABASE PREFIX TOOL
* ================================================================
*/
?>
<div id="cdtp" class="postbox">
<h3 class="hndle" style="cursor: default;"><span><?php
echo __('Change Database Prefix');
?>
</span></h3>
<div class="inside">
<?php
echo WsdUtil::loadTemplate('box-database-change-prefix');
?>
</div>
</div>
</div>
</div>
</div>
<div class="inside acx-section-box">
<?php
echo WsdUtil::loadTemplate('box-server-results');
?>
</div>
</div>
<div style="width:49.8%; float: right;" class="postbox">
<h3 class="hndle" style="cursor: default;"><span><?php
echo __('WordPress Scan Report', WpsSettings::TEXT_DOMAIN);
?>
</span></h3>
<div class="inside acx-section-box">
<?php
echo WsdUtil::loadTemplate('box-scan-results-wp');
?>
</div>
</div>
<div style="width:99.8%; clear: both;" class="inner-sidebar1 postbox">
<h3 class="hndle" style="cursor: default;"><span><?php
echo __('File Scan Report', WpsSettings::TEXT_DOMAIN);
?>
</span></h3>
<div class="inside">
<?php
echo WsdUtil::loadTemplate('box-scan-results-file');
?>
</div>
</div>
</div>
</div>
/**
* @internal
* @param $maxEntries
* @param int $lastID
* @return mixed|string|void
*/
public static final function _ajaxGetFrom($maxEntries, $lastID = 0)
{
$result = array('type' => 'success', 'data' => array());
// get the last ID from db
$dbLastID = self::getLastID();
if (empty($dbLastID)) {
$result['data'][] = '<tr data-id="0"><td><p style="margin: 5px 5px; font-weight: bold; color: #cc0000">' . __('No data yet.', WpsSettings::TEXT_DOMAIN) . '</p></td></tr>';
return json_encode($result);
}
// no change - nothing to display
if ($lastID == $dbLastID) {
return json_encode($result);
}
if ($lastID == 0) {
$getFrom = $maxEntries;
} else {
$getFrom = $dbLastID - $lastID;
if ($getFrom < 1) {
return json_encode($result);
}
}
$data = self::getTrafficData($getFrom);
if (empty($data)) {
$result['data'][] = '<tr data-id="0"><td><p style="margin: 5px 5px; font-weight: bold; color: #cc0000">' . __('No data yet.', WpsSettings::TEXT_DOMAIN) . '</p></td></tr>';
} else {
$data = array_reverse($data);
foreach ($data as $entry) {
$req = trim($entry->entryRequestedUrl);
$e = '<tr data-id="' . $entry->entryId . '"><td class="wsd-scan-entry">';
$e .= '<div>';
if (empty($entry->entryReferrer)) {
$ref = '';
} else {
// Ignore page refresh
$ref = trim($entry->entryReferrer);
if (strcasecmp($req, $ref) == 0) {
continue;
}
$url = strip_tags(urldecode($req));
$url = esc_html($url, ENT_QUOTES);
$ref = ' ' . __('coming from', WpsSettings::TEXT_DOMAIN) . ' <span class="w-entry"><span>' . $url . '</span></span>';
}
// add geo-location + flag
$country = '';
$city = '';
$flag = '';
if (!empty($entry->entryCountry)) {
$country = $entry->entryCountry;
$pos = strpos($country, ',');
if (false !== $pos) {
$code = substr($country, $pos + 1);
$flag = WsdUtil::imageUrl('flags/' . strtolower($code) . '.png');
$country = substr($country, 0, $pos);
}
}
if (!empty($entry->entryCity)) {
$city = $entry->entryCity;
}
if (!empty($flag)) {
$flag = trim($flag);
if (false !== ($pos = strpos($flag, ' republic of,kr.png'))) {
$flag = WsdUtil::imageUrl('flags/kr.png');
}
$flag = '<img src="' . $flag . '" alt="' . $flag . '" title="' . $flag . '"/>';
}
$ipInfoUrl = "http://dnsquery.org/ipwhois/{$entry->entryIp}";
$ipInfoTitle = __('Lookup this IP. Opens in a new window/tab', WpsSettings::TEXT_DOMAIN);
$geoInfo = '<span>';
if (!empty($country)) {
if (!empty($flag)) {
$geoInfo .= $flag;
}
if (!empty($city)) {
$geoInfo .= ' ' . $city . ',';
}
if (!empty($country)) {
$geoInfo .= ' ' . $country;
}
$geoInfo .= ' (<span class="w-ip"><a href="' . $ipInfoUrl . '" title="' . $ipInfoTitle . '" target="_blank">' . $entry->entryIp . '</a></span>)';
} else {
$geoInfo = __('Unknown location', WpsSettings::TEXT_DOMAIN) . ' (<span class="w-ip"><a href="' . $ipInfoUrl . '" title="' . $ipInfoTitle . '" target="_blank">' . $entry->entryIp . '</a></span>)';
}
$geoInfo .= '</span>';
$reqUrl = strip_tags(urldecode($req));
$reqUrl = esc_html($reqUrl, ENT_QUOTES);
$e .= '<p style="margin-bottom: 1px;">' . $geoInfo;
$e .= $ref . ' ' . __('requested', WpsSettings::TEXT_DOMAIN) . ' <span class="w-entry"><span>' . $reqUrl . '</span></span></p>';
$e .= '<p style="margin-bottom: 1px;"><strong>' . __('Date', WpsSettings::TEXT_DOMAIN) . '</strong>: <span class="w-date">' . $entry->entryTime . '</span></p>';
$e .= '<p style="margin-bottom: 1px;"><strong>' . __('Agent', WpsSettings::TEXT_DOMAIN) . '</strong>: <span class="w-ua">' . htmlentities($entry->entryUA, ENT_QUOTES) . '</span></p>';
$e .= '</div>';
$e .= '</td></tr>';
$result['data'][] = $e;
}
}
return json_encode($result);
}
var maxEntries = ((<?php
echo $keepNumEntriesLiveTraffic;
?>
> 100) ? 100 : <?php
echo $keepNumEntriesLiveTraffic;
?>
);
var queue = new liveTrafficQueue(
$
,"<?php
echo admin_url('admin-ajax.php');
?>
"
,"ajaxGetTrafficData"
,"<?php
echo WsdUtil::imageUrl('ajax-loader.gif');
?>
"
,maxEntries);
queue.retrieveData();
<?php
/*[ enable autoload only if refresh rate > 0 ]*/
?>
<?php
if ($liveTrafficRefreshRateAjax > 0) {
?>
window.setInterval(function(){ queue.retrieveData(); }, <?php
echo $liveTrafficRefreshRateAjax * 1000;
?>
public static function getServerInfo()
{
global $wpdb;
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
if (is_array($mysqlinfo)) {
$sql_mode = $mysqlinfo[0]->Value;
}
if (empty($sql_mode)) {
$sql_mode = __('Not set', WpsSettings::TEXT_DOMAIN);
}
$sm = ini_get('safe_mode');
if (strcasecmp('On', $sm) == 0) {
$safe_mode = __('On', WpsSettings::TEXT_DOMAIN);
} else {
$safe_mode = __('Off', WpsSettings::TEXT_DOMAIN);
}
if (ini_get('allow_url_fopen')) {
$allow_url_fopen = __('On', WpsSettings::TEXT_DOMAIN);
} else {
$allow_url_fopen = __('Off', WpsSettings::TEXT_DOMAIN);
}
if (ini_get('upload_max_filesize')) {
$upload_max = ini_get('upload_max_filesize');
} else {
$upload_max = __('N/A', WpsSettings::TEXT_DOMAIN);
}
if (ini_get('post_max_size')) {
$post_max = ini_get('post_max_size');
} else {
$post_max = __('N/A', WpsSettings::TEXT_DOMAIN);
}
if (ini_get('max_execution_time')) {
$max_execute = ini_get('max_execution_time');
} else {
$max_execute = __('N/A', WpsSettings::TEXT_DOMAIN);
}
if (ini_get('memory_limit')) {
$memory_limit = ini_get('memory_limit');
} else {
$memory_limit = __('N/A', WpsSettings::TEXT_DOMAIN);
}
if (function_exists('memory_get_usage')) {
$memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte', WpsSettings::TEXT_DOMAIN);
} else {
$memory_usage = __('N/A', WpsSettings::TEXT_DOMAIN);
}
if (is_callable('exif_read_data')) {
$exif = __('Yes', WpsSettings::TEXT_DOMAIN) . " ( V" . substr(phpversion('exif'), 0, 4) . ")";
} else {
$exif = __('No', WpsSettings::TEXT_DOMAIN);
}
if (is_callable('iptcparse')) {
$iptc = __('Yes', WpsSettings::TEXT_DOMAIN);
} else {
$iptc = __('No', WpsSettings::TEXT_DOMAIN);
}
if (is_callable('xml_parser_create')) {
$xml = __('Yes', WpsSettings::TEXT_DOMAIN);
} else {
$xml = __('No', WpsSettings::TEXT_DOMAIN);
}
$sqlModeText = __('SQL Mode (sql_mode) is a MySQL system variable. By means of this variable the MySQL Server SQL Mode is controlled.
Many operational characteristics of MySQL Server can be configured by setting the SQL Mode.
By setting the SQL Mode appropriately, a client program can instruct the server how strict or forgiving to be about accepting input data, enable or disable behaviors relating to standard SQL conformance,
or provide better compatibility with other database systems. By default, the server uses a sql_mode value of \'\' (the empty string), which enables no restrictions.
Thus, the server operates in forgiving mode (non-strict mode) by default. In non-strict mode, the MySQL server converts erroneous input values to the closest legal
values (as determined from column definitions) and continues on its way.', WpsSettings::TEXT_DOMAIN);
$phpSafeModeText = __('The PHP Safe Mode (safe_mode) is an attempt to solve the shared-server security problem.
It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren\'t
very realistic, many people, especially ISP\'s, use safe mode for now.', WpsSettings::TEXT_DOMAIN);
$phpAllowFopenText = __('PHP allow_url_fopen option, if enabled (allows PHP\'s file functions - such as \'file_get_contents()\' and the \'include\' and \'require\' statements),
can retrieve data from remote locations, like an FTP or web site, which may pose a security risk.', WpsSettings::TEXT_DOMAIN);
$phpMemoryLimitText = __('PHP memory_limit option sets the maximum amount of memory in bytes that a script is allowed to allocate.
By enabling a realistic memory_limit you can protect your applications from certain types of Denial of Service attacks, and also from bugs in
applications (such as infinite loops, poor use of image based functions, or other memory intensive mistakes).', WpsSettings::TEXT_DOMAIN);
$phpMaxUploadSizeText = __('PHP upload_max_filesize option limits the maximum size of files that PHP will accept through uploads. Attackers may attempt to send grossly oversized files to exhaust your system resources;
by setting a realistic value here you can mitigate some of the damage by those attacks.', WpsSettings::TEXT_DOMAIN);
$phpMaxPostSizeText = __('PHP post_max_size option limits the maximum size of the POST request that PHP will process. Attackers may attempt to send grossly oversized POST requests to exhaust your system resources;
by setting a realistic value here you can mitigate some of the damage by those attacks.', WpsSettings::TEXT_DOMAIN);
$phpScriptExecTimeText = __('PHP max_execution_time option sets the maximum time in seconds a script is allowed to run before it is terminated by the parser.
This helps prevent poorly written scripts from tying up the server.', WpsSettings::TEXT_DOMAIN);
$exifText = __('PHP exif extension enables you to work with image meta data. For example, you may use exif functions to read meta data of pictures taken from digital cameras by working with
information stored in the headers of the JPEG and TIFF images.', WpsSettings::TEXT_DOMAIN);
$iptcText = __('IPTC data is a method of storing textual information in images defined by the International Press Telecommunications Council.
It was developed for press photographers who need to attach information to images when they are submitting them electronically but it is useful for all photographers.
It provides a standard way of storing information such as captions, keywords, location. Because the information is stored in the image in a standard way this information
can be accessed by other IPTC aware applications.', WpsSettings::TEXT_DOMAIN);
$xmlText = __('XML (eXtensible Markup Language) is a data format for structured document interchange on the Web. It is a standard defined by the World Wide Web Consortium (W3C).', WpsSettings::TEXT_DOMAIN);
$str = '<script type="text/javascript" src="' . WsdUtil::jsUrl('wsdplugin_glossary_tooltip.js') . '"></script>';
$str .= '<ul class="acx-common-list">';
$str .= '<li>' . __('Operating System', WpsSettings::TEXT_DOMAIN) . ' : <strong> ' . PHP_OS . '</strong></li>';
$str .= '<li>' . __('Server', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $_SERVER["SERVER_SOFTWARE"] . '</strong></li>';
$str .= '<li>' . __('Memory usage', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $memory_usage . '</strong></li>';
$str .= '<li>' . __('PHP Version', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . PHP_VERSION . '</strong></li>';
$str .= '<li>' . __('MYSQL Version', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $sqlversion . '</strong></li>';
$str .= '</ul>';
$str .= '<p class="clear" style="margin-top: 7px;"></p>';
$str .= '<ul class="acx-common-list">';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $sqlModeText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('SQL Mode', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $sql_mode . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpSafeModeText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Safe Mode', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $safe_mode . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpAllowFopenText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Allow URL fopen', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $allow_url_fopen . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpMemoryLimitText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Memory Limit', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $memory_limit . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip"onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpMaxUploadSizeText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Max Upload Size', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $upload_max . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpMaxPostSizeText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Max Post Size', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $post_max . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $phpScriptExecTimeText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Max Script Execute Time', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $max_execute . 's</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $exifText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP Exif support', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $exif . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $iptcText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP IPTC support', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $iptc . '</strong></li>';
$str .= '<li class="wsdplugin-tooltip" onmouseover="wsdplugin_glossary_tooltip.show(this);" data-bind-title="' . $xmlText . '" onmouseout="wsdplugin_glossary_tooltip.hide();">' . __('PHP XML support', WpsSettings::TEXT_DOMAIN) . ' : <strong>' . $xml . '</strong></li>';
$str .= '</ul>';
return $str;
}
/**
* Sets the list of files to check for permissions
* @return array
*/
static function getScanFileList()
{
$_wpsPlugin_base_path = trailingslashit(ABSPATH);
$_wpsPluginWpConfigPath = WsdUtil::getWpConfigFilePath();
return array('root directory' => array('filePath' => $_wpsPlugin_base_path, 'suggestedPermissions' => '0755'), 'wp-admin' => array('filePath' => $_wpsPlugin_base_path . 'wp-admin', 'suggestedPermissions' => '0755'), 'wp-content' => array('filePath' => $_wpsPlugin_base_path . 'wp-content', 'suggestedPermissions' => '0755'), 'wp-includes' => array('filePath' => $_wpsPlugin_base_path . 'wp-includes', 'suggestedPermissions' => '0755'), '.htaccess' => array('filePath' => $_wpsPlugin_base_path . '.htaccess', 'suggestedPermissions' => '0644'), 'readme.html' => array('filePath' => $_wpsPlugin_base_path . 'readme.html', 'suggestedPermissions' => '0400'), 'wp-config.php' => array('filePath' => $_wpsPluginWpConfigPath, 'suggestedPermissions' => '0644'), 'wp-admin/index.php' => array('filePath' => $_wpsPlugin_base_path . 'wp-admin/index.php', 'suggestedPermissions' => '0644'), 'wp-admin/.htaccess' => array('filePath' => $_wpsPlugin_base_path . 'wp-admin/.htaccess', 'suggestedPermissions' => '0644'));
}
<?php
/*
* Check if the backups directory is writable
*======================================================
*/
if (is_dir(WPS_PLUGIN_BACKUPS_DIR) && is_writable(WPS_PLUGIN_BACKUPS_DIR)) {
?>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['wsd_db_backup'])) {
if (function_exists('wp_nonce_field')) {
check_admin_referer('wpss-backup-database-nonce');
}
if ('' != ($fname = WsdUtil::backupDatabase())) {
echo '<p class="acx-info-box">';
echo '<span>', __('Database successfully backed up!'), '</span>';
echo '<br/><span>', __('Download backup file'), ': </span>';
echo '<a href="', WPS_PLUGIN_URL . 'res/backups/', $fname, '" style="color:#000">', $fname, '</a>';
echo '</p>';
} else {
echo '<p class="acx-info-box">';
echo __('The database could not be backed up!');
echo '<br/>', __("A possible error might be that you didn't set up writing permissions for the backups directory!");
echo '</p>';
}
}
}
?>
<div class="acx-section-box">
<?php
if (!WsdUtil::canLoad()) {
return;
}
echo WsdInfoServer::getServerInfo();
?>
if (file_exists($filePath)) {
echo '<td>', $sp, '</td>';
} else {
if (is_file($filePath)) {
echo '<td>0644</td>';
} elseif (is_dir($filePath)) {
echo '<td class="center">0755</td>';
} else {
echo '<td>', $sp, '</td>';
}
}
echo '</tr>';
}
echo '</tbody>';
echo '</table>';
if (!WsdUtil::isWinOs()) {
echo '<div class="wsdplugin-overflow"><p style="text-align: right; clear: both; margin: 7px 0 0 0;" class="wsdplugin-overflow">';
//@@ Display action result
if ($acx_isPostBack && !empty($acx_message)) {
echo '<p class="acx-info-box" style="float: left; width: 70%; margin: 0 0; padding-top: 3px; padding-bottom: 3px;">' . $acx_message . '</p>';
}
if (wpsIsMainSite()) {
echo '<input type="submit" value="Apply suggested permissions" class="button-primary" style="float: right;" />';
}
echo '</div>';
}
echo '</form>';
echo '<p class="acx-info-box" style="margin: 7px 0 7px 0;">';
echo __('Our suggested permissions are still secure but more permissive in order not to break some servers\' setups.
If your existent file permissions are more restrictive, ex: 0750 instead of the suggested 0755 then you have no reason to
change it to the suggested 0755 permissions.');
}
}
echo '</div></div>';
echo '</td>';
echo '</tr>';
}
} else {
echo '<tr class="entry-event alt"><td colspan="4"><p style="font-weight:800;padding-top:6px;">' . __('No alerts found.') . '</p></td></tr>';
}
?>
</tbody>
</table>
</div>
</div>
<!-- Current Alerts -->
</div>
<script type="text/javascript">
jQuery(document).ready(function($){
wpsPlugin_bindEntryClick($);
$("#FilterAlertTypeSelect").val("<?php
echo $alertsFilterBy;
?>
").attr("selected", "selected");
$('#FilterAlertTypeButton').click(function(){window.location = updateQueryStringParam(document.URL,'filter',$('#FilterAlertTypeSelect').val());});
});
</script>
<?php
echo WsdUtil::loadTemplate('box-banners');
?>
</div>
static function activate()
{
wssLog(__METHOD__ . '() executed');
global $wpdb;
$charset_collate = '';
if (!empty($wpdb->charset)) {
$charset_collate = "DEFAULT CHARACTER SET {$wpdb->charset}";
}
if (!empty($wpdb->collate)) {
$charset_collate .= " COLLATE {$wpdb->collate}";
}
// MUST HAVE "CREATE" RIGHTS if a table is not found and needs to be created
$rights = WsdInfoServer::getDatabaseUserAccessRights();
wssLog('USER RIGHTS', $rights);
$hasCreateRight = in_array('CREATE', $rights['rightsHaving']);
// Must have alter right for updating table
$hasAlterRight = in_array('CREATE', $rights['rightsHaving']);
$table1 = self::getTableName(WpsSettings::ALERTS_TABLE_NAME);
$table2 = self::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME);
$table3 = self::getTableName(WpsSettings::SCAN_TABLE_NAME);
$table4 = self::getTableName(WpsSettings::SCANS_TABLE_NAME);
if (!WsdUtil::tableExists($table1)) {
wssLog("table not found: {$table1}");
if (!$hasCreateRight) {
wssLog("user has no create right. cannot create table: {$table1}");
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query1 = "CREATE TABLE IF NOT EXISTS {$table1} (\n `alertId` INT UNSIGNED NOT NULL AUTO_INCREMENT ,\n `alertType` TINYINT NOT NULL DEFAULT 0 ,\n `alertSeverity` INT NOT NULL DEFAULT 0 ,\n `alertActionName` VARCHAR (255) NOT NULL,\n `alertTitle` VARCHAR(255) NOT NULL ,\n `alertDescription` TEXT NOT NULL ,\n `alertSolution` TEXT NOT NULL ,\n `alertDate` DATETIME NOT NULL default '0000-00-00 00:00:00',\n `alertFirstSeen` DATETIME NOT NULL default '0000-00-00 00:00:00',\n PRIMARY KEY (`alertId`) ,\n UNIQUE INDEX `alertId_UNIQUE` (`alertId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query1);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query1}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table1}");
}
$alterCheck = true;
if (!WsdUtil::tableExists($table2)) {
wssLog("table not found: {$table2}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query2 = "CREATE TABLE IF NOT EXISTS {$table2} (\n `entryId` bigint(20) unsigned NOT NULL auto_increment,\n `entryTime` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',\n `entryIp` text,\n `entryReferrer` text,\n `entryUA` text,\n `entryRequestedUrl` text,\n `entryCountry` varchar(125) not null,\n `entryCity` varchar(125) not null,\n `blogId` INT(10) NOT NULL DEFAULT 1,\n PRIMARY KEY (entryId)) {$charset_collate};";
$result = @$wpdb->query($query2);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query2}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$alterCheck = false;
wssLog("table created: {$table2}.");
}
if ($alterCheck) {
wssLog("Alter check needed for {$table2}.");
if (!$hasAlterRight) {
wssLog('NO ALTER RIGHT');
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>ALTER</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
// Get columns
$query = "SHOW COLUMNS FROM {$table2}";
$cols = $wpdb->get_results($query, ARRAY_A);
$columns = array();
if (empty($cols)) {
wssLog("Could not retrieve columns from table: {$table2}");
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query}</pre></strong>. Please inform the plugin author about this error.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
foreach ($cols as $i => $values) {
if (isset($values['Field']) && !empty($values['Field'])) {
array_push($columns, $values['Field']);
}
}
$entryCountryExists = $entryCityExists = $blogIdExists = false;
if (in_array('entryCountry', $columns)) {
$entryCountryExists = true;
}
if (in_array('entryCity', $columns)) {
$entryCityExists = true;
}
if (in_array('blogId', $columns)) {
$blogIdExists = true;
}
//## Check for column: entryCountry
wssLog("Checking for column: entryCountry");
if (!$entryCountryExists) {
// alter table
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCountry` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryRequestedUrl`;";
$result = @$wpdb->query($q);
if ($result === false) {
wssLog('MySql error: ' . mysql_error());
wssLog("Error running query: {$q}");
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCountry not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCountry");
}
//## Check for column: entryCity
wssLog("Checking for column: entryCity");
if (!$entryCityExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCity` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryCountry`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCity not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCity");
}
//## Check for column: blogId
wssLog("Checking for column: blogId");
if (!$blogIdExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `blogId` INT(10) NOT NULL DEFAULT 1 AFTER `entryCity`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: blogId not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: blogid");
}
wssLog("{$table2} updated successfully");
}
if (!WsdUtil::tableExists($table3)) {
wssLog("table not found: {$table3}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query3 = "CREATE TABLE IF NOT EXISTS {$table3} (\n `entryId` BIGINT NOT NULL AUTO_INCREMENT ,\n `scanId` INT NOT NULL ,\n `filePath` VARCHAR(1000) NOT NULL ,\n `dateModified` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' ,\n `fileNotFound` TINYINT NOT NULL DEFAULT 0,\n PRIMARY KEY (`entryId`) ,\n UNIQUE INDEX `entryId_UNIQUE` (`entryId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query3);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query3}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table3}.");
}
if (!WsdUtil::tableExists($table4)) {
wssLog("table not found: {$table4}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query4 = "CREATE TABLE {$table4} (\n `scanId` INT NOT NULL AUTO_INCREMENT ,\n `scanStartDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanEndDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanResult` INT NOT NULL DEFAULT 0,\n `failReason` VARCHAR(5000) NOT NULL DEFAULT '',\n `scanType` int(11) NOT NULL DEFAULT '0',\n PRIMARY KEY (`scanId`) ) {$charset_collate};";
$result = @$wpdb->query($query4);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query4}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
}
WpsOption::addOption(WpsSettings::CAN_RUN_TASKS_OPTION_NAME, 1);
return true;
}
<?php
if (!WsdUtil::canLoad()) {
return;
}
if (!WsdUtil::isAdministrator()) {
return;
}
$progress = WsdWPScanSettings::getSetting('SCAN_PROGRESS');
if ($progress == WsdWPScanSettings::SCAN_PROGRESS_NONE) {
$currentlyScanning = 'nothing';
} elseif ($progress == WsdWPScanSettings::SCAN_PROGRESS_ROOT) {
$currentlyScanning = '<strong>root</strong> directory';
} elseif ($progress == WsdWPScanSettings::SCAN_PROGRESS_ADMIN) {
$currentlyScanning = '<strong>wp-admin</strong> directory';
} elseif ($progress == WsdWPScanSettings::SCAN_PROGRESS_CONTENT) {
$currentlyScanning = '<strong>wp-content</strong> directory';
} elseif ($progress == WsdWPScanSettings::SCAN_PROGRESS_INCLUDES) {
$currentlyScanning = '<strong>wp-includes</strong> directory';
}
?>
<style type="text/css">
#progressBar { width: 400px; padding: 0 0; line-height: normal; }
#step { display:block; background: #e0e0e0; border: solid 1px #bebebe;padding: 3px 0; margin: 0 0; line-height: normal; text-align: center;}
#step span { font-weight: 800; color: #000; font-size: 12px; }
</style>
<h3 style="margin-bottom: 2px;">Scan State: In Progress</h3>
<hr style="height:1px; color: #eee; margin-top: 0; width: 75%;"/>
<div id="progressBar"><p id="step"><span></span></p></div>
if (empty($tables)) {
if (!empty($acxInfoMessage)) {
$acxInfoMessage .= '<br/>';
}
$acxInfoMessage .= __("Internal Error: We couldn't retrieve the list of tables from the database! Please inform the plug-in author about this error! Thank you!");
} else {
$result = WsdUtil::renameTables($tables, $old_prefix, $new_prefix);
// check for errors
if (!empty($result)) {
if (!empty($acxInfoMessage)) {
$acxInfoMessage .= '<br/>';
}
$acxInfoMessage .= '<span class="acx-notice-success acx-icon-alert-success">' . __('All tables have been successfully updated!') . '</span>';
// try to rename the fields
$acxInfoMessage .= WsdUtil::renameDbFields($old_prefix, $new_prefix);
if (0 < WsdUtil::updateWpConfigTablePrefix($wpConfigFile, $new_prefix)) {
$acxInfoMessage .= '<br/><span class="acx-notice-success acx-icon-alert-success">' . __('The <strong>wp-config</strong> file has been successfully updated!') . '</span>';
} else {
$acxInfoMessage .= '<br/>' . __('The <strong>wp-config</strong> file could not be updated! You have to manually update the <strong>$table_prefix</strong> variable to the one you have specified') . ': ' . $new_prefix;
}
} else {
$acxInfoMessage .= '<br/><strong>' . __('An error has occurred and the tables could not be updated!') . '</strong>';
}
}
// End if there are tables to rename
}
// End checks
}
}
// End if (!empty($_POST['newPrefixInput']))
} else {
