/** * Displays the ruleset(s) pages. */ public function display_wemahu_rulesets() { global $wpdb; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'list'; switch ($action) { case 'list': include_once 'views/rulesets.php'; break; case 'edit': $rulsetId = (int) $_REQUEST['id']; $ModelRuleset = new ModelRuleset($wpdb); $rulesetData = $ModelRuleset->getRulesetData($rulsetId); include_once 'views/ruleset.php'; break; case 'save': $rulsetId = (int) $_POST['id']; check_admin_referer('save_ruleset_' . $rulsetId); $ModelRuleset = new ModelRuleset($wpdb); $saveResult = $ModelRuleset->saveRuleset($_POST['ruleset'], $rulsetId); if ($saveResult === false) { $message = array('type' => 'error', 'text' => 'Rule could not be saved to database.'); } else { $message = array('type' => 'updated', 'text' => 'Rule successfully saved.'); $rulsetId = $saveResult; } $rulesetData = $ModelRuleset->getRulesetData($rulsetId); include_once 'views/ruleset.php'; break; case 'add': $rulesetData = array('id' => 0, 'name' => '', 'filecheck' => 1, 'scandir' => '', 'regex_check' => 1, 'hash_check' => 1, 'filetypes' => 'php,jpg,png,gif,js,html,htm,xml,htaccess', 'filesize_max' => '500000'); include_once 'views/ruleset.php'; break; case 'delete': $deleteResult = false; if (!empty($_GET['id'])) { $rulsetId = (int) $_GET['id']; check_admin_referer('delete_' . $rulsetId); $ModelRuleset = new ModelRuleset($wpdb); $deleteResult = $ModelRuleset->deleteRuleset($rulsetId); } if (!empty($_GET['ruleset'])) { check_admin_referer('bulk-rulesets'); $rulesetIds = $_GET['ruleset']; $ModelRuleset = new ModelRuleset($wpdb); foreach ($rulesetIds as $rulsetId) { $deleteResult = $ModelRuleset->deleteRuleset($rulsetId); if ($deleteResult === false) { break; } } $deleteResult = true; } if ($deleteResult === false) { $message = array('type' => 'error', 'text' => 'Rule(s) could not be deleted database.'); } else { $message = array('type' => 'updated', 'text' => 'Rule(s) successfully deleted.'); } include_once 'views/rulesets.php'; break; } }
/** * Inits wemahu scanner by passing necessary objects like settings and database. * */ public function initWemahu() { $rulesetId = (int) $_POST['ruleset']; if (empty($rulesetId)) { $this->returnError('No ruleset selected.'); } $ModelRuleset = new ModelRuleset($this->wpdb); $rulesetData = $ModelRuleset->getRulesetData($rulesetId); if (empty($rulesetData)) { $this->returnError('Invalid ruleset.'); } // prepare Wemahu settings: $WemahuSettings = new Wemahu\Settings(); $WemahuSettings->intervalMode = true; $WemahuSettings->useApi = (int) $this->options['use_api'] === 1 ? true : false; $WemahuSettings->audits['filecheck'] = (int) $rulesetData['filecheck'] === 1 ? true : false; $WemahuSettings->auditSettings['filecheck']['regexCheck'] = (int) $rulesetData['regex_check'] === 1 ? true : false; $WemahuSettings->auditSettings['filecheck']['hashCheck'] = (int) $rulesetData['hash_check'] === 1 ? true : false; $WemahuSettings->auditSettings['filecheck']['scanDir'] = ABSPATH; $WemahuSettings->auditSettings['filecheck']['tmpDir'] = WP_PLUGIN_DIR . '/wemahu/tmp'; $WemahuSettings->auditSettings['filecheck']['pathRegexWhitelistUser'] = WP_PLUGIN_DIR . '/wemahu/tmp/wemahu_regex_whitelist.wmdb'; if (!empty($rulesetData['scandir'])) { $WemahuSettings->auditSettings['filecheck']['scanDir'] = $rulesetData['scandir']; } $WemahuSettings->auditSettings['filecheck']['scanDir'] = rtrim($WemahuSettings->auditSettings['filecheck']['scanDir'], '/'); if (!empty($rulesetData['regex_db'])) { $WemahuSettings->auditSettings['filecheck']['pathRegexDb'] = WP_PLUGIN_DIR . '/wemahu/admin/libs/wemahu/db/' . $rulesetData['regex_db'] . '.wmdb'; } if (!empty($rulesetData['filetypes'])) { $WemahuSettings->auditSettings['filecheck']['extensionFilter'] = $rulesetData['filetypes']; } if (!empty($rulesetData['filesize_max'])) { $WemahuSettings->auditSettings['filecheck']['sizeFilter'] = $rulesetData['filesize_max']; } if (!empty($rulesetData['max_results_file'])) { $WemahuSettings->auditSettings['filecheck']['maxResultsFile'] = $rulesetData['max_results_file']; } if (!empty($rulesetData['max_results_total'])) { $WemahuSettings->auditSettings['filecheck']['maxResultsTotal'] = $rulesetData['max_results_total']; } if ($WemahuSettings->auditSettings['filecheck']['hashCheck'] === true && !empty($rulesetData['hash_check_blacklist'])) { $WemahuSettings->auditSettings['filecheck']['hashCheckBlacklist'] = explode("\n", str_replace("\r", "", $rulesetData['hash_check_blacklist'])); } // Init Wemahu: $Wemahu = new Wemahu\Wemahu(); $Wemahu->setSettings($WemahuSettings); $WemahuStorage = new Wemahu\Storage(); $Wemahu->setStorage($WemahuStorage); $WemahuDatabase = new Wemahu\WordpressDatabase($this->wpdb); $Wemahu->setDatabase($WemahuDatabase); $initResult = $Wemahu->init(); // Send Response: if ($initResult === false) { $this->JsonResponse->setError('Wemahu initialization failed.'); } $auditMessages = $Wemahu->getAuditMessages(); $auditMessagesHtml = implode('<br />', $auditMessages) . '<br />'; $this->JsonResponse->setType('init_success'); $this->JsonResponse->setData('init_msg', $auditMessagesHtml); echo $this->JsonResponse->getResponseData(); exit; }