public static function ajax_saveWAFConfig_callback()
{
if (isset($_POST['wafConfigAction'])) {
switch ($_POST['wafConfigAction']) {
case 'config':
if (!empty($_POST['wafStatus'])) {
if ($_POST['wafStatus'] == 'learning-mode' && !empty($_POST['learningModeGracePeriodEnabled'])) {
$gracePeriodEnd = strtotime(isset($_POST['learningModeGracePeriod']) ? $_POST['learningModeGracePeriod'] : '');
if ($gracePeriodEnd > time()) {
wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 1);
wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriod', $gracePeriodEnd);
} else {
return array('err' => 1, 'errorMsg' => "The grace period end time must be in the future.");
}
} else {
wfWAF::getInstance()->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0);
wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod');
}
wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']);
}
break;
case 'addWhitelist':
if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {
$path = stripslashes($_POST['whitelistedPath']);
$paramKey = stripslashes($_POST['whitelistedParam']);
if (!$path || !$paramKey) {
break;
}
$data = array('timestamp' => time(), 'description' => 'Whitelisted via Firewall Options page', 'ip' => wfUtils::getIP(), 'disabled' => empty($_POST['whitelistedEnabled']));
if (function_exists('get_current_user_id')) {
$data['userID'] = get_current_user_id();
}
wfWAF::getInstance()->whitelistRuleForParam($path, $paramKey, 'all', $data);
}
break;
case 'replaceWhitelist':
if (!empty($_POST['oldWhitelistedPath']) && !empty($_POST['oldWhitelistedParam']) && !empty($_POST['newWhitelistedPath']) && !empty($_POST['newWhitelistedParam'])) {
$oldWhitelistedPath = stripslashes($_POST['oldWhitelistedPath']);
$oldWhitelistedParam = stripslashes($_POST['oldWhitelistedParam']);
$newWhitelistedPath = stripslashes($_POST['newWhitelistedPath']);
$newWhitelistedParam = stripslashes($_POST['newWhitelistedParam']);
$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
// These are already base64'd
$oldKey = $oldWhitelistedPath . '|' . $oldWhitelistedParam;
$newKey = base64_encode($newWhitelistedPath) . '|' . base64_encode($newWhitelistedParam);
try {
$savedWhitelistedURLParams = wfUtils::arrayReplaceKey($savedWhitelistedURLParams, $oldKey, $newKey);
} catch (Exception $e) {
error_log("Caught exception from 'wfUtils::arrayReplaceKey' with message: " . $e->getMessage());
}
wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
}
break;
case 'deleteWhitelist':
if (isset($_POST['deletedWhitelistedPath']) && is_string($_POST['deletedWhitelistedPath']) && isset($_POST['deletedWhitelistedParam']) && is_string($_POST['deletedWhitelistedParam'])) {
$deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']);
$deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']);
$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
$key = $deletedWhitelistedPath . '|' . $deletedWhitelistedParam;
unset($savedWhitelistedURLParams[$key]);
wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
}
break;
case 'enableWhitelist':
if (isset($_POST['whitelistedPath']) && isset($_POST['whitelistedParam'])) {
$path = stripslashes($_POST['whitelistedPath']);
$paramKey = stripslashes($_POST['whitelistedParam']);
if (!$path || !$paramKey) {
break;
}
$enabled = !empty($_POST['whitelistedEnabled']);
$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
$key = $path . '|' . $paramKey;
if (array_key_exists($key, $savedWhitelistedURLParams) && is_array($savedWhitelistedURLParams[$key])) {
foreach ($savedWhitelistedURLParams[$key] as $ruleID => $data) {
$savedWhitelistedURLParams[$key][$ruleID]['disabled'] = !$enabled;
}
}
wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
}
break;
case 'enableRule':
$ruleEnabled = !empty($_POST['ruleEnabled']);
$ruleID = !empty($_POST['ruleID']) ? (int) $_POST['ruleID'] : false;
if ($ruleID) {
$disabledRules = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules');
if ($ruleEnabled) {
unset($disabledRules[$ruleID]);
} else {
$disabledRules[$ruleID] = true;
}
wfWAF::getInstance()->getStorageEngine()->setConfig('disabledRules', $disabledRules);
}
break;
}
}
return array('success' => true, 'data' => self::_getWAFData());
}
