function sixscan_htaccess_uninstall()
{
global $wp_filesystem;
if ($wp_filesystem == NULL) {
WP_Filesystem();
}
$is_direct = $wp_filesystem->method == 'direct';
$local_htaccess_path = sixscan_common_get_htaccess_file_path($is_direct);
try {
if ($wp_filesystem->exists($local_htaccess_path)) {
$htaccess_content = $wp_filesystem->get_contents($local_htaccess_path);
$a = preg_replace('@# Created by 6Scan plugin(.*?)# End of 6Scan plugin@s', '', $htaccess_content);
if ($wp_filesystem->put_contents($local_htaccess_path, $a) === FALSE) {
throw new Exception('Failed to open htaccess during installation');
}
}
if ($wp_filesystem->exists(sixscan_common_get_htaccess_dest_path($is_direct))) {
$wp_filesystem->delete(sixscan_common_get_htaccess_dest_path($is_direct));
}
if ($wp_filesystem->exists(sixscan_common_get_signature_dest_path($is_direct))) {
$wp_filesystem->delete(sixscan_common_get_signature_dest_path($is_direct));
}
} catch (Exception $e) {
return $e;
}
return TRUE;
}
function sixscan_common_gather_system_information_for_anonymous_support_ticket()
{
$submission_data = "\n";
$submission_data .= "OS: " . PHP_OS . " \n";
$submission_data .= "Server info: " . print_r($_SERVER, TRUE);
$regdata_status = sixscan_common_is_regdata_present();
$submission_data .= "Regdata present: {$regdata_status}\n";
$write_method = get_option(SIXSCAN_OPTION_WPFS_CONFIG) === FALSE ? "Direct_access" : "WP_filesystem";
$submission_data .= "Write method: {$write_method}\n";
/* Check , whether site can access external resources */
$url = SIXSCAN_BODYGUARD_REGISTER_URL;
$proxy = new WP_HTTP_Proxy();
if ($proxy->is_enabled() && $proxy->send_through_proxy($url)) {
$is_through_proxy = "true";
} else {
$is_through_proxy = "false";
}
$submission_data .= "Is access through proxy: {$is_through_proxy}\n";
$htaccess_contents = file_get_contents(sixscan_common_get_htaccess_file_path(TRUE));
if ($htaccess_contents == FALSE) {
$htaccess_contents = "Empty";
}
$submission_data .= "Htaccess contents: {$htaccess_contents}\n";
$plugin_list = get_plugins();
$submission_data .= "Plugins: " . print_r($plugin_list, TRUE) . "\n";
$phpinif_info = ini_get_all();
$submission_data .= "phpinfo(): " . print_r($phpinif_info, true) . "\n";
return $submission_data;
}
function sixscan_signatures_update_htaccess($links_list)
{
global $wp_filesystem;
$htaccess_fpath = sixscan_common_get_htaccess_file_path($wp_filesystem->method == 'direct');
if ($wp_filesystem->exists($htaccess_fpath)) {
$htaccess_content = $wp_filesystem->get_contents($htaccess_fpath);
/* Remove old 6Scan signature contents */
$new_content = trim(preg_replace('@# Created by 6Scan plugin(.*?)# End of 6Scan plugin@s', '', $htaccess_content));
} else {
$new_content = "";
}
$mixed_site_address = parse_url(home_url());
if (!isset($mixed_site_address['path']) || strlen($mixed_site_address['path']) == 0 || $mixed_site_address['path'] == '/') {
$wordpress_base_dirname = "/";
} else {
$wordpress_base_dirname = untrailingslashit($mixed_site_address['path']);
}
/* Those symbols have to be escaped , if written into htaccess file as RuleCond
*/
$chars_to_escape_arr = array('.', '^', '$', '+', '{', '}', '[', ']', '(', ')');
$escaped_chars_arr = array('\\.', '\\^', '\\$', '\\+', '\\{', '\\}', '\\[', '\\]', '\\(', '\\)');
/* We need the site relative path */
$rel_path = isset($mixed_site_address['path']) ? $mixed_site_address['path'] : "";
$current_hostname = $mixed_site_address['host'];
if (substr($current_hostname, 0, 4) === 'www.') {
$current_hostname = substr($current_hostname, 4);
}
/* Escape the dot of current hostname for regexps */
$current_hostname = str_replace(".", "\\.", $current_hostname);
$vuln_urls = "#Broad-spectrum protection: User agent/referrer injections. XSS,RFI and SQLI prevention\nRewriteCond %{REQUEST_METHOD} ^(OPTIONS|PUT|DELETE|TRACE|CONNECT|PATCH|TRACK|DEBUG) [NC]\n";
if (sixscan_signatures_is_to_block_non_standard_requests()) {
$vuln_urls .= "RewriteRule ^(.*)\$ - [F,L]\n";
} else {
$vuln_urls .= "RewriteRule .* - [E=sixscansecuritylog:1,E=sixscanstrangerequest:1] -\n";
}
$vuln_urls .= "\n\nRewriteCond %{QUERY_STRING} (http(s)?(:|%3A)(/|%2F)(/|%2F)|ftp(:|%3A)(/|%2F)(/|%2F)|zlib(:|%3A)|bzip2(:|%3A)) [NC]\nRewriteRule .* - [E=sixscansecuritylog:1,E=sixscanwafrfi:1] -\n\nRewriteCond %{REQUEST_METHOD} ^(POST) [NC]\nRewriteCond %{HTTP_REFERER} !^\$\nRewriteCond %{HTTP_REFERER} !^(WordPress\\/[\\d.]+;\\s+)?https?://(www.)?" . $current_hostname . " [NC]\nRewriteRule .* - [E=sixscansecuritylog:1,E=sixscanwafcsrf:1] -\n\nRewriteCond %{QUERY_STRING} (<|%3c).*(script|iframe|src).*(>|%3e) [NC]\nRewriteRule .* - [E=sixscansecuritylog:1,E=sixscanwafxss:1] -\n\nRewriteCond %{QUERY_STRING} union.*select [NC,OR]\nRewriteCond %{QUERY_STRING} (concat|delete|right|ascii|left|mid|version|substring|extractvalue|benchmark|load_file).*\\(.*\\)\t[NC,OR]\nRewriteCond %{QUERY_STRING} (into.*outfile) [NC,OR]\nRewriteCond %{QUERY_STRING} (having.*--) [NC]\nRewriteRule .* - [E=sixscansecuritylog:1,E=sixscanwafsqli:1] -\n\n";
//#skip the rfi rule, if accessing wp-login page
//RewriteCond %{REQUEST_URI} ^" . trailingslashit( $wordpress_base_dirname ) . "wp-login [NC]
//RewriteRule ^(.*)$ - [S=1]
if (strlen($links_list) > 0) {
$links = explode(SIXSCAN_SIGNATURE_LINKS_DELIMITER, $links_list);
/* Prepare rules for the htaccess */
foreach ($links as $one_link) {
$one_link = trailingslashit($rel_path) . substr($one_link, 1);
$one_link = str_replace($chars_to_escape_arr, $escaped_chars_arr, $one_link);
/* We also change / to /+ , so that any path with multiple slashes will be treated ( "dir///path" = "dir/path" ) */
$one_link = str_replace('/', '/+', $one_link);
$vuln_urls .= "RewriteCond %{REQUEST_URI} ^" . trim($one_link) . " [NC,OR]\n";
}
}
$vuln_urls .= "RewriteCond %{REQUEST_URI} ^" . SIXSCAN_SIGNATURE_DEFAULT_PLACEHOLDER_LINK . "\n";
$vuln_urls .= "RewriteRule .* " . trailingslashit($wordpress_base_dirname) . "6scan-gate.php [E=sixscaninternal:accessgranted,L]\n";
$htaccess_links = "#Patrol's IPs needs access, to check whether rules update is required\n";
/* IP's , that are allowed to see non-filtered version of scripts. This is to enable 6Scan backend's decision ,
whether the patch is still required , or can be removed */
$ip_list_arr = explode(',', SIXSCAN_SIGNATURE_SCANNER_IP_LIST);
foreach ($ip_list_arr as $ip_index => $one_ok_ip) {
$one_ok_ip = str_replace(".", "\\.", $one_ok_ip);
$htaccess_links .= "RewriteCond %{REMOTE_ADDR} ^" . trim($one_ok_ip) . "\$";
/* Last IP should not have [OR] flag */
if ($ip_index != count($ip_list_arr) - 1) {
$htaccess_links .= " [OR]\n";
} else {
$htaccess_links .= "\n";
}
}
/* If an IP maches one of the listed , skip the next 6 rules (automatic exploit detection/6scan_gate forwarding) */
$htaccess_links .= "RewriteRule ^(.*)\$ - [S=6]\n\n";
/* Now add the URL rules */
$htaccess_links .= $vuln_urls;
$tmp_htaccess_file = $htaccess_fpath . ".tmp";
$new_content = "# Created by 6Scan plugin\n#Those are used by 6Scan Gateway\nSetEnv SIXSCAN_HTACCESS_VERSION\t" . SIXSCAN_HTACCESS_VERSION . "\nSetEnv SIXSCAN_WP_BASEDIR\t\t\t" . $wordpress_base_dirname . "\n\n#don't show directory listing and apache information\nServerSignature Off\n\n<IfModule mod_rewrite.c>\nRewriteEngine On\n\n#avoid direct access to the 6scan-gate.php file\nRewriteCond %{ENV:REDIRECT_sixscaninternal} !^accessgranted\$\nRewriteCond %{ENV:sixscaninternal} !^accessgranted\$\nRewriteCond %{REQUEST_URI} 6scan-gate\\.php\$\nRewriteRule ^(.*)\$ - [F]\n\t\t\t\t\t\n#This is not really a must, but speeds things up a bit\nRewriteRule ^6scan-gate\\.php\$ - [L]\n\n" . $htaccess_links . "</IfModule>\n# End of 6Scan plugin\n\n" . $new_content;
$wp_filesystem->put_contents($tmp_htaccess_file, $new_content);
if (sixscan_signatures_update_copy_file($tmp_htaccess_file, $htaccess_fpath) == FALSE) {
return "Failed moving htaccess from {$tmp_htaccess_file} to " . $htaccess_fpath;
}
return TRUE;
}
