/** * Process the requests sent by the form submissions originated in the settings * page, all forms must have a nonce field that will be checked against the one * generated in the template render function. * * @param boolean $page_nonce True if the nonce is valid, False otherwise. * @return void */ function sucuriscan_settings_form_submissions($page_nonce = null) { global $sucuriscan_schedule_allowed, $sucuriscan_interface_allowed, $sucuriscan_notify_options, $sucuriscan_email_subjects; // Use this conditional to avoid double checking. if (is_null($page_nonce)) { $page_nonce = SucuriScanInterface::check_nonce(); } if ($page_nonce) { // Save API key after it was recovered by the administrator. if ($api_key = SucuriScanRequest::post(':manual_api_key')) { SucuriScanAPI::setPluginKey($api_key, true); SucuriScanEvent::schedule_task(); SucuriScanEvent::report_info_event('Sucuri API key was added manually.'); } // Remove API key from the local storage. if (SucuriScanRequest::post(':remove_api_key') !== false) { SucuriScanAPI::setPluginKey(''); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); SucuriScanEvent::report_critical_event('Sucuri API key was deleted.'); SucuriScanEvent::notify_event('plugin_change', 'Sucuri API key removed'); } // Enable or disable the filesystem scanner. if ($fs_scanner = SucuriScanRequest::post(':fs_scanner', '(en|dis)able')) { $action_d = $fs_scanner . 'd'; $message = 'Main file system scanner was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':fs_scanner', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for file integrity. if ($scan_checksums = SucuriScanRequest::post(':scan_checksums', '(en|dis)able')) { $action_d = $scan_checksums . 'd'; $message = 'File system scanner for file integrity was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_checksums', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for error logs. if ($ignore_scanning = SucuriScanRequest::post(':ignore_scanning', '(en|dis)able')) { $action_d = $ignore_scanning . 'd'; $message = 'File system scanner rules to ignore directories was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':ignore_scanning', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for error logs. if ($scan_errorlogs = SucuriScanRequest::post(':scan_errorlogs', '(en|dis)able')) { $action_d = $scan_errorlogs . 'd'; $message = 'File system scanner for error logs was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_errorlogs', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the error logs parsing. if ($parse_errorlogs = SucuriScanRequest::post(':parse_errorlogs', '(en|dis)able')) { $action_d = $parse_errorlogs . 'd'; $message = 'Analysis of main error log file was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':parse_errorlogs', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the SiteCheck scanner and the malware scan page. if ($sitecheck_scanner = SucuriScanRequest::post(':sitecheck_scanner', '(en|dis)able')) { $action_d = $sitecheck_scanner . 'd'; $message = 'SiteCheck malware and blacklist scanner was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':sitecheck_scanner', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Modify the schedule of the filesystem scanner. if ($frequency = SucuriScanRequest::post(':scan_frequency')) { if (array_key_exists($frequency, $sucuriscan_schedule_allowed)) { SucuriScanOption::update_option(':scan_frequency', $frequency); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); if ($frequency != '_oneoff') { wp_schedule_event(time() + 10, $frequency, 'sucuriscan_scheduled_scan'); } $frequency_title = strtolower($sucuriscan_schedule_allowed[$frequency]); $message = 'File system scanning frequency set to <code>' . $frequency_title . '</code>'; SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Set the method (aka. interface) that will be used to scan the site. if ($interface = SucuriScanRequest::post(':scan_interface')) { $allowed_values = array_keys($sucuriscan_interface_allowed); if (in_array($interface, $allowed_values)) { $message = 'File system scanning interface set to <code>' . $interface . '</code>'; SucuriScanOption::update_option(':scan_interface', $interface); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Update the limit of error log lines to parse. if ($errorlogs_limit = SucuriScanRequest::post(':errorlogs_limit', '[0-9]+')) { if ($errorlogs_limit > 1000) { SucuriScanInterface::error('Analyze more than 1,000 lines will take too much time.'); } else { SucuriScanOption::update_option(':errorlogs_limit', $errorlogs_limit); SucuriScanInterface::info('Analyze last <code>' . $errorlogs_limit . '</code> entries encountered in the error logs.'); if ($errorlogs_limit == 0) { SucuriScanOption::update_option(':parse_errorlogs', 'disabled'); } } } // Reset the plugin security logs. $allowed_log_files = '(integrity|lastlogins|failedlogins|sitecheck)'; if ($reset_logfile = SucuriScanRequest::post(':reset_logfile', $allowed_log_files)) { $files_to_delete = array('sucuri-' . $reset_logfile . '.php', 'sucuri-old' . $reset_logfile . '.php'); foreach ($files_to_delete as $log_filename) { $log_filepath = SucuriScan::datastore_folder_path($log_filename); if (@unlink($log_filepath)) { $log_filename_simple = str_replace('.php', '', $log_filename); $message = 'Deleted security log <code>' . $log_filename_simple . '</code>'; SucuriScanEvent::report_debug_event($message); SucuriScanInterface::info($message); } } } // Ignore a new event for email notifications. if ($action = SucuriScanRequest::post(':ignorerule_action', '(add|remove)')) { $ignore_rule = SucuriScanRequest::post(':ignorerule'); if ($action == 'add') { if (SucuriScanOption::add_ignored_event($ignore_rule)) { SucuriScanInterface::info('Post-type ignored successfully.'); SucuriScanEvent::report_warning_event('Changes in <code>' . $ignore_rule . '</code> post-type will be ignored'); } else { SucuriScanInterface::error('The post-type is invalid or it may be already ignored.'); } } elseif ($action == 'remove') { SucuriScanOption::remove_ignored_event($ignore_rule); SucuriScanInterface::info('Post-type removed from the list successfully.'); SucuriScanEvent::report_notice_event('Changes in <code>' . $ignore_rule . '</code> post-type will not be ignored'); } } // Ignore a new directory path for the file system scans. if ($action = SucuriScanRequest::post(':ignorescanning_action', '(ignore|unignore)')) { $ignore_directories = SucuriScanRequest::post(':ignorescanning_dirs', '_array'); $ignore_file = SucuriScanRequest::post(':ignorescanning_file'); if ($action == 'ignore') { // Target a single file path to be ignored. if ($ignore_file !== false) { $ignore_directories = array($ignore_file); } // Target a list of directories to be ignored. if (!empty($ignore_directories)) { $were_ignored = array(); foreach ($ignore_directories as $resource_path) { if (file_exists($resource_path) && SucuriScanFSScanner::ignore_directory($resource_path)) { $were_ignored[] = $resource_path; } } if (!empty($were_ignored)) { SucuriScanInterface::info('Items selected will be ignored in future scans.'); SucuriScanEvent::report_warning_event(sprintf('Resources will not be scanned: (multiple entries): %s', @implode(',', $ignore_directories))); } } } elseif ($action == 'unignore') { foreach ($ignore_directories as $directory_path) { SucuriScanFSScanner::unignore_directory($directory_path); } SucuriScanInterface::info('Items selected will not be ignored anymore.'); SucuriScanEvent::report_notice_event(sprintf('Resources will be scanned: (multiple entries): %s', @implode(',', $ignore_directories))); } } // Trust and IP address to ignore notifications for a subnet. if ($trust_ip = SucuriScanRequest::post(':trust_ip')) { if (SucuriScan::is_valid_ip($trust_ip) || SucuriScan::is_valid_cidr($trust_ip)) { $cache = new SucuriScanCache('trustip'); $ip_info = SucuriScan::get_ip_info($trust_ip); $ip_info['added_at'] = SucuriScan::local_time(); $cache_key = md5($ip_info['remote_addr']); if ($cache->exists($cache_key)) { SucuriScanInterface::error('The IP address specified was already trusted.'); } elseif ($cache->add($cache_key, $ip_info)) { $message = 'Changes from <code>' . $trust_ip . '</code> will be ignored'; SucuriScanEvent::report_warning_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('The new entry was not saved in the datastore file.'); } } } // Trust and IP address to ignore notifications for a subnet. if ($del_trust_ip = SucuriScanRequest::post(':del_trust_ip', '_array')) { $cache = new SucuriScanCache('trustip'); foreach ($del_trust_ip as $cache_key) { $cache->delete($cache_key); } SucuriScanInterface::info('The IP addresses selected were deleted successfully.'); } // Update the settings for the heartbeat API. if ($heartbeat_status = SucuriScanRequest::post(':heartbeat_status')) { $statuses_allowed = SucuriScanHeartbeat::statuses_allowed(); if (array_key_exists($heartbeat_status, $statuses_allowed)) { $message = 'Heartbeat status set to <code>' . $heartbeat_status . '</code>'; SucuriScanOption::update_option(':heartbeat', $heartbeat_status); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat status not allowed.'); } } // Update the value of the heartbeat pulse. if ($heartbeat_pulse = SucuriScanRequest::post(':heartbeat_pulse')) { $pulses_allowed = SucuriScanHeartbeat::pulses_allowed(); if (array_key_exists($heartbeat_pulse, $pulses_allowed)) { $message = 'Heartbeat pulse set to <code>' . $heartbeat_pulse . '</code> seconds.'; SucuriScanOption::update_option(':heartbeat_pulse', $heartbeat_pulse); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat pulse not allowed.'); } } // Update the value of the heartbeat interval. if ($heartbeat_interval = SucuriScanRequest::post(':heartbeat_interval')) { $intervals_allowed = SucuriScanHeartbeat::intervals_allowed(); if (array_key_exists($heartbeat_interval, $intervals_allowed)) { $message = 'Heartbeat interval set to <code>' . $heartbeat_interval . '</code>'; SucuriScanOption::update_option(':heartbeat_interval', $heartbeat_interval); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat interval not allowed.'); } } // Enable or disable the auto-start execution of heartbeat. if ($heartbeat_autostart = SucuriScanRequest::post(':heartbeat_autostart', '(en|dis)able')) { $action_d = $heartbeat_autostart . 'd'; $message = 'Heartbeat auto-start was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':heartbeat_autostart', $action_d); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } } }
/** * Process the requests sent by the form submissions originated in the settings * page, all forms must have a nonce field that will be checked against the one * generated in the template render function. * * @param boolean $page_nonce True if the nonce is valid, False otherwise. * @return void */ function sucuriscan_settings_form_submissions($page_nonce = null) { global $sucuriscan_schedule_allowed, $sucuriscan_interface_allowed, $sucuriscan_notify_options, $sucuriscan_emails_per_hour, $sucuriscan_maximum_failed_logins, $sucuriscan_email_subjects; // Use this conditional to avoid double checking. if (is_null($page_nonce)) { $page_nonce = SucuriScanInterface::check_nonce(); } if ($page_nonce) { // Save API key after it was recovered by the administrator. if ($api_key = SucuriScanRequest::post(':manual_api_key')) { SucuriScanAPI::set_plugin_key($api_key, true); SucuriScanEvent::schedule_task(); SucuriScanEvent::report_info_event('Sucuri API key was added manually.'); } // Remove API key from the local storage. if (SucuriScanRequest::post(':remove_api_key') !== false) { SucuriScanAPI::set_plugin_key(''); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); SucuriScanEvent::report_critical_event('Sucuri API key was deleted.'); SucuriScanEvent::notify_event('plugin_change', 'Sucuri API key removed'); } // Enable or disable the filesystem scanner. if ($fs_scanner = SucuriScanRequest::post(':fs_scanner', '(en|dis)able')) { $action_d = $fs_scanner . 'd'; $message = 'Main file system scanner was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':fs_scanner', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for modified files. if ($scan_modfiles = SucuriScanRequest::post(':scan_modfiles', '(en|dis)able')) { $action_d = $scan_modfiles . 'd'; $message = 'File system scanner for modified files was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_modfiles', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for file integrity. if ($scan_checksums = SucuriScanRequest::post(':scan_checksums', '(en|dis)able')) { $action_d = $scan_checksums . 'd'; $message = 'File system scanner for file integrity was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_checksums', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for error logs. if ($ignore_scanning = SucuriScanRequest::post(':ignore_scanning', '(en|dis)able')) { $action_d = $ignore_scanning . 'd'; $message = 'File system scanner rules to ignore directories was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':ignore_scanning', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for error logs. if ($scan_errorlogs = SucuriScanRequest::post(':scan_errorlogs', '(en|dis)able')) { $action_d = $scan_errorlogs . 'd'; $message = 'File system scanner for error logs was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_errorlogs', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the error logs parsing. if ($parse_errorlogs = SucuriScanRequest::post(':parse_errorlogs', '(en|dis)able')) { $action_d = $parse_errorlogs . 'd'; $message = 'Analysis of main error log file was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':parse_errorlogs', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the SiteCheck scanner and the malware scan page. if ($sitecheck_scanner = SucuriScanRequest::post(':sitecheck_scanner', '(en|dis)able')) { $action_d = $sitecheck_scanner . 'd'; $message = 'SiteCheck malware and blacklist scanner was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':sitecheck_scanner', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Modify the schedule of the filesystem scanner. if ($frequency = SucuriScanRequest::post(':scan_frequency')) { if (array_key_exists($frequency, $sucuriscan_schedule_allowed)) { SucuriScanOption::update_option(':scan_frequency', $frequency); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); if ($frequency != '_oneoff') { wp_schedule_event(time() + 10, $frequency, 'sucuriscan_scheduled_scan'); } $frequency_title = strtolower($sucuriscan_schedule_allowed[$frequency]); $message = 'File system scanning frequency set to <code>' . $frequency_title . '</code>'; SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Set the method (aka. interface) that will be used to scan the site. if ($interface = SucuriScanRequest::post(':scan_interface')) { $allowed_values = array_keys($sucuriscan_interface_allowed); if (in_array($interface, $allowed_values)) { $message = 'File system scanning interface set to <code>' . $interface . '</code>'; SucuriScanOption::update_option(':scan_interface', $interface); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Update the limit of error log lines to parse. if ($errorlogs_limit = SucuriScanRequest::post(':errorlogs_limit', '[0-9]+')) { if ($errorlogs_limit > 1000) { SucuriScanInterface::error('Analyze more than 1,000 lines will take too much time.'); } else { SucuriScanOption::update_option(':errorlogs_limit', $errorlogs_limit); SucuriScanInterface::info('Analyze last <code>' . $errorlogs_limit . '</code> entries encountered in the error logs.'); if ($errorlogs_limit == 0) { SucuriScanOption::update_option(':parse_errorlogs', 'disabled'); } } } // Reset the plugin security logs. $allowed_log_files = '(integrity|lastlogins|failedlogins|sitecheck)'; if ($reset_logfile = SucuriScanRequest::post(':reset_logfile', $allowed_log_files)) { $files_to_delete = array('sucuri-' . $reset_logfile . '.php', 'sucuri-old' . $reset_logfile . '.php'); foreach ($files_to_delete as $log_filename) { $log_filepath = SucuriScan::datastore_folder_path($log_filename); if (@unlink($log_filepath)) { $log_filename_simple = str_replace('.php', '', $log_filename); $message = 'Deleted security log <code>' . $log_filename_simple . '</code>'; SucuriScanEvent::report_debug_event($message); SucuriScanInterface::info($message); } } } // Update the value for the maximum emails per hour. if ($per_hour = SucuriScanRequest::post(':emails_per_hour')) { if (array_key_exists($per_hour, $sucuriscan_emails_per_hour)) { $per_hour_label = strtolower($sucuriscan_emails_per_hour[$per_hour]); $message = 'Maximum email alerts per hour set to <code>' . $per_hour_label . '</code>'; SucuriScanOption::update_option(':emails_per_hour', $per_hour); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Invalid value for the maximum emails per hour.'); } } // Update the email where the event notifications will be sent. if ($new_email = SucuriScanRequest::post(':notify_to')) { $valid_email = SucuriScan::get_valid_email($new_email); if ($valid_email) { $message = 'Sucuri alerts will be sent to this email: <code>' . $valid_email . '</code>'; SucuriScanOption::update_option(':notify_to', $valid_email); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Email format not supported.'); } } // Update the maximum failed logins per hour before consider it a brute-force attack. if ($failed_logins = SucuriScanRequest::post(':maximum_failed_logins')) { if (array_key_exists($failed_logins, $sucuriscan_maximum_failed_logins)) { $message = 'Consider brute-force attack after <code>' . $failed_logins . '</code> failed logins per hour'; SucuriScanOption::update_option(':maximum_failed_logins', $failed_logins); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Invalid value for the maximum failed logins per hour before consider it a brute-force attack.'); } } // Enable or disable the audit logs report. if ($audit_report = SucuriScanRequest::post(':audit_report', '(en|dis)able')) { $action_d = $audit_report . 'd'; $message = 'Audit logs report was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':audit_report', $action_d); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Update the limit for audit logs report. if ($logs4report = SucuriScanRequest::post(':logs4report', '[0-9]{1,4}')) { $message = 'Limit for audit logs report set to <code>' . $logs4report . '</code>'; SucuriScanOption::update_option(':logs4report', $logs4report); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Update the notification settings. if (SucuriScanRequest::post(':save_notification_settings') !== false) { $options_updated_counter = 0; if (SucuriScanRequest::post(':notify_scan_checksums', '1')) { $_POST['sucuriscan_prettify_mails'] = '1'; } foreach ($sucuriscan_notify_options as $alert_type => $alert_label) { $option_value = SucuriScanRequest::post($alert_type, '(1|0)'); if ($option_value !== false) { $current_value = SucuriScanOption::get_option($alert_type); $option_value = $option_value == '1' ? 'enabled' : 'disabled'; // Check that the option value was actually changed. if ($current_value !== $option_value) { SucuriScanOption::update_option($alert_type, $option_value); $options_updated_counter += 1; } } } if ($options_updated_counter > 0) { $message = 'Alert settings were changed <code>' . $options_updated_counter . ' options</code>'; SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Update the subject format for the email alerts. if ($email_subject = SucuriScanRequest::post(':email_subject')) { $new_email_subject = false; $current_value = SucuriScanOption::get_option(':email_subject'); /** * Validate the format of the email subject format. * * If the user chooses the option to build the subject of the email alerts * manually we will need to validate the characters. Otherwise we will need to * check if the pseudo-tags selected by the user are allowed and supported. */ if ($email_subject == 'custom') { $format_pattern = '/^[0-9a-zA-Z:,\\s]+$/'; $custom_email_subject = SucuriScanRequest::post(':custom_email_subject'); if ($custom_email_subject !== false && !empty($custom_email_subject) && preg_match($format_pattern, $custom_email_subject)) { $new_email_subject = trim($custom_email_subject); } else { SucuriScanInterface::error('Invalid characters found in the email alert subject format.'); } } elseif (is_array($sucuriscan_email_subjects) && in_array($email_subject, $sucuriscan_email_subjects)) { $new_email_subject = trim($email_subject); } // Proceed with the operation saving the new subject. if ($new_email_subject !== false && $current_value !== $new_email_subject) { $message = 'Alert subject format set to <code>' . $new_email_subject . '</code>'; SucuriScanOption::update_option(':email_subject', $new_email_subject); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Ignore a new event for email notifications. if ($action = SucuriScanRequest::post(':ignorerule_action', '(add|remove)')) { $ignore_rule = SucuriScanRequest::post(':ignorerule'); if ($action == 'add') { if (SucuriScanOption::add_ignored_event($ignore_rule)) { SucuriScanInterface::info('Post-type ignored successfully.'); SucuriScanEvent::report_warning_event('Changes in <code>' . $ignore_rule . '</code> post-type will be ignored'); } else { SucuriScanInterface::error('The post-type is invalid or it may be already ignored.'); } } elseif ($action == 'remove') { SucuriScanOption::remove_ignored_event($ignore_rule); SucuriScanInterface::info('Post-type removed from the list successfully.'); SucuriScanEvent::report_notice_event('Changes in <code>' . $ignore_rule . '</code> post-type will not be ignored'); } } // Ignore a new directory path for the file system scans. if ($action = SucuriScanRequest::post(':ignorescanning_action', '(ignore|unignore)')) { $ignore_directories = SucuriScanRequest::post(':ignorescanning_dirs', '_array'); $ignore_file = SucuriScanRequest::post(':ignorescanning_file'); if ($action == 'ignore') { // Target a single file path to be ignored. if ($ignore_file !== false) { $ignore_directories = array($ignore_file); } // Target a list of directories to be ignored. if (!empty($ignore_directories)) { $were_ignored = array(); foreach ($ignore_directories as $resource_path) { if (file_exists($resource_path) && SucuriScanFSScanner::ignore_directory($resource_path)) { $were_ignored[] = $resource_path; } } if (!empty($were_ignored)) { SucuriScanInterface::info('Items selected will be ignored in future scans.'); SucuriScanEvent::report_warning_event(sprintf('Resources will not be scanned: (multiple entries): %s', @implode(',', $ignore_directories))); } } } elseif ($action == 'unignore') { foreach ($ignore_directories as $directory_path) { SucuriScanFSScanner::unignore_directory($directory_path); } SucuriScanInterface::info('Items selected will not be ignored anymore.'); SucuriScanEvent::report_notice_event(sprintf('Resources will be scanned: (multiple entries): %s', @implode(',', $ignore_directories))); } } // Trust and IP address to ignore notifications for a subnet. if ($trust_ip = SucuriScanRequest::post(':trust_ip')) { if (SucuriScan::is_valid_ip($trust_ip) || SucuriScan::is_valid_cidr($trust_ip)) { $cache = new SucuriScanCache('trustip'); $ip_info = SucuriScan::get_ip_info($trust_ip); $ip_info['added_at'] = SucuriScan::local_time(); $cache_key = md5($ip_info['remote_addr']); if ($cache->exists($cache_key)) { SucuriScanInterface::error('The IP address specified was already trusted.'); } elseif ($cache->add($cache_key, $ip_info)) { $message = 'Changes from <code>' . $trust_ip . '</code> will be ignored'; SucuriScanEvent::report_warning_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('The new entry was not saved in the datastore file.'); } } } // Trust and IP address to ignore notifications for a subnet. if ($del_trust_ip = SucuriScanRequest::post(':del_trust_ip', '_array')) { $cache = new SucuriScanCache('trustip'); foreach ($del_trust_ip as $cache_key) { $cache->delete($cache_key); } SucuriScanInterface::info('The IP addresses selected were deleted successfully.'); } // Update the settings for the heartbeat API. if ($heartbeat_status = SucuriScanRequest::post(':heartbeat_status')) { $statuses_allowed = SucuriScanHeartbeat::statuses_allowed(); if (array_key_exists($heartbeat_status, $statuses_allowed)) { $message = 'Heartbeat status set to <code>' . $heartbeat_status . '</code>'; SucuriScanOption::update_option(':heartbeat', $heartbeat_status); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat status not allowed.'); } } // Update the value of the heartbeat pulse. if ($heartbeat_pulse = SucuriScanRequest::post(':heartbeat_pulse')) { $pulses_allowed = SucuriScanHeartbeat::pulses_allowed(); if (array_key_exists($heartbeat_pulse, $pulses_allowed)) { $message = 'Heartbeat pulse set to <code>' . $heartbeat_pulse . '</code> seconds.'; SucuriScanOption::update_option(':heartbeat_pulse', $heartbeat_pulse); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat pulse not allowed.'); } } // Update the value of the heartbeat interval. if ($heartbeat_interval = SucuriScanRequest::post(':heartbeat_interval')) { $intervals_allowed = SucuriScanHeartbeat::intervals_allowed(); if (array_key_exists($heartbeat_interval, $intervals_allowed)) { $message = 'Heartbeat interval set to <code>' . $heartbeat_interval . '</code>'; SucuriScanOption::update_option(':heartbeat_interval', $heartbeat_interval); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat interval not allowed.'); } } // Enable or disable the auto-start execution of heartbeat. if ($heartbeat_autostart = SucuriScanRequest::post(':heartbeat_autostart', '(en|dis)able')) { $action_d = $heartbeat_autostart . 'd'; $message = 'Heartbeat auto-start was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':heartbeat_autostart', $action_d); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } // Debug ability of the plugin to send email alerts correctly. if (SucuriScanRequest::post(':debug_email')) { $recipient = SucuriScanOption::get_option(':notify_to'); $mail_sent = SucuriScanMail::send_mail($recipient, 'Test email alert', sprintf('Test email alert sent at %s', date('r')), array('Force' => true)); SucuriScanInterface::info('Test email alert sent, check your inbox.'); } } }
/** * Process the requests sent by the form submissions originated in the settings * page, all forms must have a nonce field that will be checked against the one * generated in the template render function. * * @param boolean $page_nonce True if the nonce is valid, False otherwise. * @return void */ function sucuriscan_settings_form_submissions($page_nonce = null) { global $sucuriscan_schedule_allowed, $sucuriscan_interface_allowed; // Use this conditional to avoid double checking. if (is_null($page_nonce)) { $page_nonce = SucuriScanInterface::check_nonce(); } if ($page_nonce) { // Enable or disable the filesystem scanner. if ($fs_scanner = SucuriScanRequest::post(':fs_scanner', '(en|dis)able')) { $action_d = $fs_scanner . 'd'; $message = 'Main file system scanner was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':fs_scanner', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Enable or disable the filesystem scanner for error logs. if ($scan_errorlogs = SucuriScanRequest::post(':scan_errorlogs', '(en|dis)able')) { $action_d = $scan_errorlogs . 'd'; $message = 'File system scanner for error logs was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':scan_errorlogs', $action_d); SucuriScanEvent::report_auto_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } // Modify the schedule of the filesystem scanner. if ($frequency = SucuriScanRequest::post(':scan_frequency')) { if (array_key_exists($frequency, $sucuriscan_schedule_allowed)) { SucuriScanOption::update_option(':scan_frequency', $frequency); wp_clear_scheduled_hook('sucuriscan_scheduled_scan'); if ($frequency != '_oneoff') { wp_schedule_event(time() + 10, $frequency, 'sucuriscan_scheduled_scan'); } $frequency_title = strtolower($sucuriscan_schedule_allowed[$frequency]); $message = 'File system scanning frequency set to <code>' . $frequency_title . '</code>'; SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Set the method (aka. interface) that will be used to scan the site. if ($interface = SucuriScanRequest::post(':scan_interface')) { $allowed_values = array_keys($sucuriscan_interface_allowed); if (in_array($interface, $allowed_values)) { $message = 'File system scanning interface set to <code>' . $interface . '</code>'; SucuriScanOption::update_option(':scan_interface', $interface); SucuriScanEvent::report_info_event($message); SucuriScanEvent::notify_event('plugin_change', $message); SucuriScanInterface::info($message); } } // Reset the plugin security logs. $allowed_log_files = '(lastlogins|failedlogins)'; if ($reset_logfile = SucuriScanRequest::post(':reset_logfile', $allowed_log_files)) { $files_to_delete = array('sucuri-' . $reset_logfile . '.php', 'sucuri-old' . $reset_logfile . '.php'); foreach ($files_to_delete as $log_filename) { $log_filepath = SucuriScan::datastore_folder_path($log_filename); if (@unlink($log_filepath)) { $log_filename_simple = str_replace('.php', '', $log_filename); $message = 'Deleted security log <code>' . $log_filename_simple . '</code>'; SucuriScanEvent::report_debug_event($message); SucuriScanInterface::info($message); } } } // Ignore a new event for email notifications. if ($action = SucuriScanRequest::post(':ignorerule_action', '(add|remove)')) { $ignore_rule = SucuriScanRequest::post(':ignorerule'); if ($action == 'add') { if (SucuriScanOption::add_ignored_event($ignore_rule)) { SucuriScanInterface::info('Post-type ignored successfully.'); SucuriScanEvent::report_warning_event('Changes in <code>' . $ignore_rule . '</code> post-type will be ignored'); } else { SucuriScanInterface::error('The post-type is invalid or it may be already ignored.'); } } elseif ($action == 'remove') { SucuriScanOption::remove_ignored_event($ignore_rule); SucuriScanInterface::info('Post-type removed from the list successfully.'); SucuriScanEvent::report_notice_event('Changes in <code>' . $ignore_rule . '</code> post-type will not be ignored'); } } // Trust and IP address to ignore notifications for a subnet. if ($trust_ip = SucuriScanRequest::post(':trust_ip')) { if (SucuriScan::is_valid_ip($trust_ip) || SucuriScan::is_valid_cidr($trust_ip)) { $cache = new SucuriScanCache('trustip'); $ip_info = SucuriScan::get_ip_info($trust_ip); $ip_info['added_at'] = SucuriScan::local_time(); $cache_key = md5($ip_info['remote_addr']); if ($cache->exists($cache_key)) { SucuriScanInterface::error('The IP address specified was already trusted.'); } elseif ($cache->add($cache_key, $ip_info)) { $message = 'Changes from <code>' . $trust_ip . '</code> will be ignored'; SucuriScanEvent::report_warning_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('The new entry was not saved in the datastore file.'); } } } // Trust and IP address to ignore notifications for a subnet. if ($del_trust_ip = SucuriScanRequest::post(':del_trust_ip', '_array')) { $cache = new SucuriScanCache('trustip'); foreach ($del_trust_ip as $cache_key) { $cache->delete($cache_key); } SucuriScanInterface::info('The IP addresses selected were deleted successfully.'); } // Update the settings for the heartbeat API. if ($heartbeat_status = SucuriScanRequest::post(':heartbeat_status')) { $statuses_allowed = SucuriScanHeartbeat::statuses_allowed(); if (array_key_exists($heartbeat_status, $statuses_allowed)) { $message = 'Heartbeat status set to <code>' . $heartbeat_status . '</code>'; SucuriScanOption::update_option(':heartbeat', $heartbeat_status); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat status not allowed.'); } } // Update the value of the heartbeat pulse. if ($heartbeat_pulse = SucuriScanRequest::post(':heartbeat_pulse')) { $pulses_allowed = SucuriScanHeartbeat::pulses_allowed(); if (array_key_exists($heartbeat_pulse, $pulses_allowed)) { $message = 'Heartbeat pulse set to <code>' . $heartbeat_pulse . '</code> seconds.'; SucuriScanOption::update_option(':heartbeat_pulse', $heartbeat_pulse); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat pulse not allowed.'); } } // Update the value of the heartbeat interval. if ($heartbeat_interval = SucuriScanRequest::post(':heartbeat_interval')) { $intervals_allowed = SucuriScanHeartbeat::intervals_allowed(); if (array_key_exists($heartbeat_interval, $intervals_allowed)) { $message = 'Heartbeat interval set to <code>' . $heartbeat_interval . '</code>'; SucuriScanOption::update_option(':heartbeat_interval', $heartbeat_interval); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } else { SucuriScanInterface::error('Heartbeat interval not allowed.'); } } // Enable or disable the auto-start execution of heartbeat. if ($heartbeat_autostart = SucuriScanRequest::post(':heartbeat_autostart', '(en|dis)able')) { $action_d = $heartbeat_autostart . 'd'; $message = 'Heartbeat auto-start was <code>' . $action_d . '</code>'; SucuriScanOption::update_option(':heartbeat_autostart', $action_d); SucuriScanEvent::report_info_event($message); SucuriScanInterface::info($message); } } }