コード例 #1
0
    function render_tab2()
    {
        global $aio_wp_security;
        global $aiowps_feature_mgr;
        if (isset($_POST['aiowps_disable_file_edit'])) {
            $nonce = $_REQUEST['_wpnonce'];
            if (!wp_verify_nonce($nonce, 'aiowpsec-disable-file-edit-nonce')) {
                $aio_wp_security->debug_logger->log_debug("Nonce check failed on disable PHP file edit options save!", 4);
                die("Nonce check failed on disable PHP file edit options save!");
            }
            if (isset($_POST['aiowps_disable_file_editing'])) {
                $res = AIOWPSecurity_Utility::disable_file_edits();
                //$this->disable_file_edits();
            } else {
                $res = AIOWPSecurity_Utility::enable_file_edits();
                //$this->enable_file_edits();
            }
            if ($res) {
                //Save settings if no errors
                $aio_wp_security->configs->set_value('aiowps_disable_file_editing', isset($_POST["aiowps_disable_file_editing"]) ? '1' : '');
                $aio_wp_security->configs->save_config();
                //Recalculate points after the feature status/options have been altered
                $aiowps_feature_mgr->check_feature_status_and_recalculate_points();
                $this->show_msg_updated(__('Your PHP file editing settings were saved successfully.', 'aiowpsecurity'));
            } else {
                $this->show_msg_error(__('Operation failed! Unable to modify or make a backup of wp-config.php file!', 'aiowpsecurity'));
            }
            //$this->show_msg_settings_updated();
        }
        ?>
        <h2><?php 
        _e('File Editing', 'aiowpsecurity');
        ?>
</h2>
        <div class="aio_blue_box">
            <?php 
        echo '<p>' . __('The Wordpress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files.', 'aiowpsecurity') . '
            <br />' . __('This is often the first tool an attacker will use if able to login, since it allows code execution.', 'aiowpsecurity') . '
            <br />' . __('This feature will disable the ability for people to edit PHP files via the dashboard.', 'aiowpsecurity') . '    
            </p>';
        ?>
        </div>

        <div class="postbox">
        <h3><label for="title"><?php 
        _e('Disable PHP File Editing', 'aiowpsecurity');
        ?>
</label></h3>
        <div class="inside">
        <?php 
        //Display security info badge
        global $aiowps_feature_mgr;
        $aiowps_feature_mgr->output_feature_details_badge("filesystem-file-editing");
        ?>

        <form action="" method="POST">
        <?php 
        wp_nonce_field('aiowpsec-disable-file-edit-nonce');
        ?>
            
        <table class="form-table">
            <tr valign="top">
                <th scope="row"><?php 
        _e('Disable Ability To Edit PHP Files', 'aiowpsecurity');
        ?>
:</th>                
                <td>
                <input name="aiowps_disable_file_editing" type="checkbox"<?php 
        if ($aio_wp_security->configs->get_value('aiowps_disable_file_editing') == '1') {
            echo ' checked="checked"';
        }
        ?>
 value="1"/>
                <span class="description"><?php 
        _e('Check this if you want to remove the ability for people to edit PHP files via the WP dashboard', 'aiowpsecurity');
        ?>
</span>
                </td>
            </tr>            
        </table>
        <input type="submit" name="aiowps_disable_file_edit" value="<?php 
        _e('Save Settings', 'aiowpsecurity');
        ?>
" class="button-primary" />
        </form>
        </div></div>
    <?php 
    }