public static function ajax_saveWAFConfig_callback() { if (isset($_POST['wafConfigAction'])) { switch ($_POST['wafConfigAction']) { case 'config': if (!empty($_POST['wafStatus'])) { if ($_POST['wafStatus'] == 'learning-mode' && !empty($_POST['learningModeGracePeriodEnabled'])) { $gracePeriodEnd = strtotime(isset($_POST['learningModeGracePeriod']) ? $_POST['learningModeGracePeriod'] : ''); if ($gracePeriodEnd > time()) { wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 1); wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriod', $gracePeriodEnd); } else { return array('err' => 1, 'errorMsg' => "The grace period end time must be in the future."); } } else { wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0); wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod'); } wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']); } break; case 'addWhitelist': if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) { $path = stripslashes($_POST['whitelistedPath']); $paramKey = stripslashes($_POST['whitelistedParam']); if (!$path || !$paramKey) { break; } $data = array('timestamp' => time(), 'description' => 'Whitelisted via Firewall Options page', 'ip' => wfUtils::getIP(), 'disabled' => empty($_POST['whitelistedEnabled'])); if (function_exists('get_current_user_id')) { $data['userID'] = get_current_user_id(); } wfWAF::getInstance()->whitelistRuleForParam($path, $paramKey, 'all', $data); } break; case 'replaceWhitelist': if (!empty($_POST['oldWhitelistedPath']) && !empty($_POST['oldWhitelistedParam']) && !empty($_POST['newWhitelistedPath']) && !empty($_POST['newWhitelistedParam'])) { $oldWhitelistedPath = stripslashes($_POST['oldWhitelistedPath']); $oldWhitelistedParam = stripslashes($_POST['oldWhitelistedParam']); $newWhitelistedPath = stripslashes($_POST['newWhitelistedPath']); $newWhitelistedParam = stripslashes($_POST['newWhitelistedParam']); $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams'); // These are already base64'd $oldKey = $oldWhitelistedPath . '|' . $oldWhitelistedParam; $newKey = base64_encode($newWhitelistedPath) . '|' . base64_encode($newWhitelistedParam); try { $savedWhitelistedURLParams = wfUtils::arrayReplaceKey($savedWhitelistedURLParams, $oldKey, $newKey); } catch (Exception $e) { error_log("Caught exception from 'wfUtils::arrayReplaceKey' with message: " . $e->getMessage()); } wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams); } break; case 'deleteWhitelist': if (isset($_POST['deletedWhitelistedPath']) && is_string($_POST['deletedWhitelistedPath']) && isset($_POST['deletedWhitelistedParam']) && is_string($_POST['deletedWhitelistedParam'])) { $deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']); $deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']); $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams'); $key = $deletedWhitelistedPath . '|' . $deletedWhitelistedParam; unset($savedWhitelistedURLParams[$key]); wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams); } break; case 'enableWhitelist': if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) { $path = stripslashes($_POST['whitelistedPath']); $paramKey = stripslashes($_POST['whitelistedParam']); if (!$path || !$paramKey) { break; } $enabled = !empty($_POST['whitelistedEnabled']); $savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams'); $key = $path . '|' . $paramKey; if (array_key_exists($key, $savedWhitelistedURLParams) && is_array($savedWhitelistedURLParams[$key])) { foreach ($savedWhitelistedURLParams[$key] as $ruleID => $data) { $savedWhitelistedURLParams[$key][$ruleID]['disabled'] = !$enabled; } } wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams); } break; case 'enableRule': $ruleEnabled = !empty($_POST['ruleEnabled']); $ruleID = !empty($_POST['ruleID']) ? (int) $_POST['ruleID'] : false; if ($ruleID) { $disabledRules = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules'); if ($ruleEnabled) { unset($disabledRules[$ruleID]); } else { $disabledRules[$ruleID] = true; } wfWAF::getInstance()->getStorageEngine()->setConfig('disabledRules', $disabledRules); } break; } } return array('success' => true, 'data' => self::_getWAFData()); }