function nebula_domain_prevention() { $domain_blacklist_json_file = get_template_directory() . '/includes/data/domain_blacklist.txt'; $domain_blacklist = get_transient('nebula_domain_blacklist'); if (empty($domain_blacklist) || is_debug()) { WP_Filesystem(); global $wp_filesystem; $domain_blacklist = $wp_filesystem->get_contents('https://raw.githubusercontent.com/piwik/referrer-spam-blacklist/master/spammers.txt'); //@TODO "Nebula" 0: Consider using: FILE_SKIP_EMPTY_LINES (works with file() dunno about get_contents()) if (empty($domain_blacklist)) { $domain_blacklist = $wp_filesystem->get_contents('https://raw.githubusercontent.com/chrisblakley/Nebula/master/includes/data/domain_blacklist.txt'); //In case piwik is not available (or changes). } if (!empty($domain_blacklist)) { $wp_filesystem->put_contents($domain_blacklist_json_file, $domain_blacklist); set_transient('nebula_domain_blacklist', $domain_blacklist, 60 * 60); //1 hour cache } else { $domain_blacklist = $wp_filesystem->get_contents($domain_blacklist_json_file); } } if (!empty($domain_blacklist)) { $GLOBALS['domain_blacklist'] = array(); foreach (explode("\n", $domain_blacklist) as $line) { //@TODO "Nebula" 0: continue; if empty line. $GLOBALS['domain_blacklist'][] = $line; } //Additional blacklisted domains $additional_blacklisted_domains = array(); $GLOBALS['domain_blacklist'] = array_merge($GLOBALS['domain_blacklist'], $additional_blacklisted_domains); if (count($GLOBALS['domain_blacklist']) > 1) { if (isset($_SERVER['HTTP_REFERER']) && contains(strtolower($_SERVER['HTTP_REFERER']), $GLOBALS['domain_blacklist'])) { ga_send_event('Security Precaution', 'Blacklisted Domain Prevented', 'Referring Domain: ' . $_SERVER['HTTP_REFERER'] . ' (IP: ' . $_SERVER['REMOTE_ADDR'] . ')'); do_action('nebula_spambot_prevention'); header('HTTP/1.1 403 Forbidden'); die; } if (isset($_SERVER['REMOTE_HOST']) && contains(strtolower($_SERVER['REMOTE_HOST']), $GLOBALS['domain_blacklist'])) { ga_send_event('Security Precaution', 'Blacklisted Domain Prevented', 'Hostname: ' . $_SERVER['REMOTE_HOST'] . ' (IP: ' . $_SERVER['REMOTE_ADDR'] . ')'); do_action('nebula_spambot_prevention'); header('HTTP/1.1 403 Forbidden'); die; } if (isset($_SERVER['SERVER_NAME']) && contains(strtolower($_SERVER['SERVER_NAME']), $GLOBALS['domain_blacklist'])) { ga_send_event('Security Precaution', 'Blacklisted Domain Prevented', 'Server Name: ' . $_SERVER['SERVER_NAME'] . ' (IP: ' . $_SERVER['REMOTE_ADDR'] . ')'); do_action('nebula_spambot_prevention'); header('HTTP/1.1 403 Forbidden'); die; } if (isset($_SERVER['REMOTE_ADDR']) && contains(strtolower(gethostbyaddr($_SERVER['REMOTE_ADDR'])), $GLOBALS['domain_blacklist'])) { ga_send_event('Security Precaution', 'Blacklisted Domain Prevented', 'Network Hostname: ' . $_SERVER['SERVER_NAME'] . ' (IP: ' . $_SERVER['REMOTE_ADDR'] . ')'); do_action('nebula_spambot_prevention'); header('HTTP/1.1 403 Forbidden'); die; } } else { ga_send_event('Security Precaution', 'Error', 'spammers.txt has no entries!'); } //Use this to generate a regex string of common referral spambots (or a custom passes array of strings). Unfortunately Google Analytics limits filters to 255 characters. function nebula_spambot_regex($domains = null) { $domains = $domains ? $domains : $GLOBALS['domain_blacklist']; $domains = str_replace(array('.', '-'), array('\\.', '\\-'), $domains); return implode("|", $domains); } } else { ga_send_event('Security Precaution', 'Error', 'spammers.txt was not available!'); } }
function unsplash_it($width = 800, $height = 600, $raw = false, $specific = false) { $override = apply_filters('pre_unsplash_it', false, $width, $height, $raw, $specific); if ($override !== false) { return $override; } $skip_list = array(31, 35, 224, 285, 312, 16, 403, 172, 268, 267, 349, 69, 103, 24, 140, 47, 219, 222, 184, 306, 70, 371, 385, 45, 211, 95, 83, 150, 233, 275, 343, 317, 278, 429, 383, 296, 292, 193, 299, 195, 298, 68, 148, 151, 129, 277, 333, 85, 48, 128, 365, 138, 155, 257, 37, 288, 407); if (!is_int($specific)) { $randID = random_number_between_but_not(0, 874, $skip_list); //Update the second number here periodically as more Unsplash.it photos become available. } else { $randID = $specific; } //Check if unsplash.it is online if (!nebula_is_available('https://unsplash.it')) { ga_send_event('send', 'event', 'Error', 'Random Unsplash', 'Unsplash.it Not Available'); if ($raw) { return placehold_it($width, $height, 'Unsplash.it Unavailable', 'ca3838'); } else { return placehold_it($width, $height, 'Unsplash.it Unavailable', 'ca3838') . '" title="Unsplash.it is not available.'; } } $image_path = 'https://unsplash.it/' . $width . '/' . $height . '?image=' . $randID; $check_image = nebula_is_available($image_path); //Ignore errors (because that's what we're looking for) $i = 1; $attempts = ''; while (!$check_image) { $attempts = ' [Errors: ' . $i . ']'; if ($specific || $i >= 5) { ga_send_event('send', 'event', 'Error', 'Random Unsplash', 'Image Not Found (ID: ' . $randID . ')'); if ($raw) { placehold_it($width, $height, 'ID+' . $randID . '+Not+Found', 'f6b83f'); } else { return placehold_it($width, $height, 'ID+' . $randID . '+Not+Found', 'f6b83f') . '" title="Unsplash image with ID ' . $randID . $attempts; } } $skip_list[] = $randID; ga_send_event('send', 'event', 'Error', 'Random Unsplash', 'Image Not Found (ID: ' . $randID . ')' . $attempts); $randID = random_number_between_but_not(0, 615, $skipList); $image_path = 'https://unsplash.it/' . $width . '/' . $height . '?image=' . $randID; $check_image = nebula_is_available($image_path); $i++; } if ($raw) { return $image_path; } else { return $image_path . '" title="Unsplash ID #' . $randID . $attempts; } }
function redirect_single_post() { if (is_search()) { global $wp_query; if ($wp_query->post_count == 1 && $wp_query->max_num_pages == 1) { if (isset($_GET['s'])) { //If the redirected post is the homepage, serve the regular search results page with one result (to prevent a redirect loop) if ($wp_query->posts['0']->ID != 1 && get_permalink($wp_query->posts['0']->ID) != home_url() . '/') { ga_send_event('Internal Search', 'Single Result Redirect', $_GET['s']); $_GET['s'] = str_replace(' ', '+', $_GET['s']); wp_redirect(get_permalink($wp_query->posts['0']->ID) . '?rs=' . $_GET['s']); exit; } } else { ga_send_event('Internal Search', 'Single Result Redirect'); wp_redirect(get_permalink($wp_query->posts['0']->ID) . '?rs'); exit; } } } }
function nebula_upload_data() { if (!wp_verify_nonce($_POST['nonce'], 'nebula_ajax_nonce')) { die('Permission Denied.'); } if (!$_POST['data']['data'] || $_POST['data']['data'] == '') { exit; } $data = $_POST['data']['data']; $directory = $_POST['data']['directory'] == '' ? 'general' : $_POST['data']['directory']; $category = $_POST['data']['category'] == '' ? false : $_POST['data']['category']; $action = $_POST['data']['action'] == '' ? 'Upload' : $_POST['data']['action']; $url = $_POST['data']['url'] == '' ? 'Unknown' : $_POST['data']['url']; //Check the filesize of the data if (function_exists('mb_strlen')) { $filesize = mb_strlen($data, '8bit'); } else { $filesize = strlen($data); } $data .= "\r\n\r\n---\n\t\t\r\nIP Address: " . $_SERVER['REMOTE_ADDR'] . "\r\nUser Agent: " . $_SERVER["HTTP_USER_AGENT"] . "\r\nURL: " . $url . "\r\nFilesize: " . $filesize; $this_id = uniqid(); $filetype = $_POST['data']['filetype'] == '' ? 'txt' : $_POST['data']['filetype']; //Check filetype for bad extensions, check data for bad strings. if (!in_array($filetype, array('txt', 'jpg', 'png', 'gif', 'jpeg', 'doc', 'docx', 'csv', 'pdf')) || in_array($data, array('header(', 'Content-type:', '<?', 'htaccess', '.sql', 'DROP TABLE', 'base64'))) { //|| in_array($directory, array('.')) echo 'You are attempting to upload something that is not allowed. '; $upload_dir = wp_upload_dir(); if (!is_dir($upload_dir['basedir'] . '/nebula_custom_data/')) { echo 'nebula_custom_data directory does not exist. Creating it! '; mkdir($upload_dir['basedir'] . '/nebula_custom_data'); } if (!is_dir($upload_dir['basedir'] . '/nebula_custom_data/bad_data/')) { echo 'nebula_custom_data/bad_data directory does not exist. Creating it! '; mkdir($upload_dir['basedir'] . '/nebula_custom_data/bad_data'); } $data .= "\r\nAttempted Directory: " . $directory . "\r\nAttempted Filetype: " . $filetype; $file = $upload_dir['basedir'] . '/nebula_custom_data/bad_data/' . date('Y-m-d_H-i-s', strtotime('now')) . '_id' . $this_id . '.txt'; $success = file_put_contents($file, $data); ga_send_event('Security Precaution', 'Nebula Upload Data Block', '/bad_data/...id' . $this_id); exit; } //@TODO "Nebula" 0: Somehow check if uploads directory is traversable. If so, die with a warning. $upload_dir = wp_upload_dir(); if (!is_dir($upload_dir['basedir'] . '/nebula_custom_data/')) { echo 'nebula_custom_data directory does not exist. Creating it! '; mkdir($upload_dir['basedir'] . '/nebula_custom_data'); } if (!is_dir($upload_dir['basedir'] . '/nebula_custom_data/' . $directory . '/')) { echo 'nebula_custom_data/' . $directory . ' directory does not exist. Creating it! '; mkdir($upload_dir['basedir'] . '/nebula_custom_data/' . $directory); } $file = $upload_dir['basedir'] . '/nebula_custom_data/' . $directory . '/' . date('Y-m-d_H-i-s', strtotime('now')) . '_id' . $this_id . '.' . $filetype; $success = file_put_contents($file, $data); if ($category) { ga_send_event($category, $action, '/' . $directory . '/...id' . $this_id); } exit; /* if ( ! function_exists( 'wp_handle_upload' ) ){ require_once( ABSPATH . 'wp-admin/includes/file.php' ); } $uploadedfile = $_FILES['file']; $upload_overrides = array( 'test_form' => false ); $movefile = wp_handle_upload( $uploadedfile, $upload_overrides ); if ( $movefile && !isset( $movefile['error'] ) ){ echo "File is valid, and was successfully uploaded.\n"; var_dump( $movefile); } else { echo $movefile['error']; } */ }