/** * Validate at plugins/themes area. * */ public function validate_direct() { // retrieve the name of plugins/themes $plugins = preg_quote(self::$content_dir['plugins'], '/'); $themes = preg_quote(self::$content_dir['themes'], '/'); $request = preg_replace('!(//+|/\\.+/)!', '/', $_SERVER['REQUEST_URI']); if (preg_match("/(?:({$plugins})|({$themes}))([^\\/]*)\\//", $request, $matches)) { // list of plugins/themes to bypass WP-ZEP $settings = self::get_option('settings'); $type = empty($matches[2]) ? 'plugins' : 'themes'; $list = apply_filters(self::PLUGIN_SLUG . "-bypass-{$type}", 'plugins' === $type ? array() : array()); // register validation by nonce (2: WP-ZEP) if (2 & $settings['validation'][$type] && !in_array($matches[3], $list, TRUE)) { add_filter(self::PLUGIN_SLUG . '-admin', array($this, 'check_nonce'), 5, 2); } // register validation by malicious signature add_filter(self::PLUGIN_SLUG . '-admin', array($this, 'check_signature'), 6, 2); // validate country by IP address (1: Block by country) $validate = $this->validate_ip('admin', $settings, 1 & $settings['validation'][$type]); // if the validation is successful, execute the requested uri via rewrite.php if (class_exists('IP_Geo_Block_Rewrite')) { IP_Geo_Block_Rewrite::exec($validate, $settings); } } }
self::abort($validate, $settings, file_exists($path)); } exit; } } // this will trigger `init` action hook include_once '../../../wp-load.php'; /** * Fallback execution * * Here's never reached if `Validate access to wp-content/(plugins|themes)/.../*.php` * is enable. But in case of disable, the requested uri should be executed indirectly * as a fallback. */ if (class_exists('IP_Geo_Block')) { IP_Geo_Block_Rewrite::exec(IP_Geo_Block::get_geolocation(), IP_Geo_Block::get_option('settings')); } } /* ! class_exists( 'IP_Geo_Block_Rewrite' ) */ /** * Configuration samples of .htaccess for apache * * 1. `/wordpress/wp-content/plugins/.htaccess` * * # BEGIN IP Geo Block * <IfModule mod_rewrite.c> * RewriteEngine on * RewriteBase /wordpress/wp-content/plugins/ip-geo-block/ * RewriteCond %{REQUEST_URI} !ip-geo-block/rewrite.php$ * RewriteRule ^.*\.php$ rewrite.php [L] * </IfModule>