/** * Write all active rules to .htaccess file. * * @return boolean True on success, false on failure. */ static function write_to_htaccess() { global $aio_wp_security; //figure out what server is being used if (AIOWPSecurity_Utility::get_server_type() == -1) { $aio_wp_security->debug_logger->log_debug("Unable to write to .htaccess - server type not supported!", 4); return false; //unable to write to the file } //clean up old rules first if (AIOWPSecurity_Utility_Htaccess::delete_from_htaccess() == -1) { $aio_wp_security->debug_logger->log_debug("Delete operation of .htaccess file failed!", 4); return false; //unable to write to the file } $htaccess = ABSPATH . '.htaccess'; if (!($f = @fopen($htaccess, 'a+'))) { @chmod($htaccess, 0644); if (!($f = @fopen($htaccess, 'a+'))) { $aio_wp_security->debug_logger->log_debug("chmod operation on .htaccess failed!", 4); return false; } } AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess); //TODO - we dont want to continually be backing up the htaccess file @ini_set('auto_detect_line_endings', true); $ht = explode(PHP_EOL, implode('', file($htaccess))); //parse each line of file into array $rules = AIOWPSecurity_Utility_Htaccess::getrules(); $rulesarray = explode(PHP_EOL, $rules); $rulesarray = apply_filters('aiowps_htaccess_rules_before_writing', $rulesarray); $contents = array_merge($rulesarray, $ht); if (!($f = @fopen($htaccess, 'w+'))) { $aio_wp_security->debug_logger->log_debug("Write operation on .htaccess failed!", 4); return false; //we can't write to the file } $blank = false; //write each line to file foreach ($contents as $insertline) { if (trim($insertline) == '') { if ($blank == false) { fwrite($f, PHP_EOL . trim($insertline)); } $blank = true; } else { $blank = false; fwrite($f, PHP_EOL . trim($insertline)); } } @fclose($f); return true; //success }
function render_tab2() { global $aio_wp_security; if (isset($_POST['aiowps_save_htaccess'])) { $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-save-htaccess-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file save!", 4); die("Nonce check failed on htaccess file save!"); } $htaccess_path = ABSPATH . '.htaccess'; $result = AIOWPSecurity_Utility_File::backup_and_rename_htaccess($htaccess_path); //Backup the htaccess file if ($result) { $random_prefix = AIOWPSecurity_Utility::generate_alpha_numeric_random_string(10); $aiowps_backup_dir = WP_CONTENT_DIR . '/' . AIO_WP_SECURITY_BACKUPS_DIR_NAME; if (rename($aiowps_backup_dir . '/' . '.htaccess.backup', $aiowps_backup_dir . '/' . $random_prefix . '_htaccess_backup.txt')) { echo '<div id="message" class="updated fade"><p>'; _e('Your .htaccess file was successfully backed up! Using an FTP program go to the "/wp-content/aiowps_backups" directory to save a copy of the file to your computer.', 'aiowpsecurity'); echo '</p></div>'; } else { $aio_wp_security->debug_logger->log_debug("htaccess file rename failed during backup!", 4); $this->show_msg_error(__('htaccess file rename failed during backup. Please check your root directory for the backup file using FTP.', 'aiowpsecurity')); } } else { $aio_wp_security->debug_logger->log_debug("htaccess - Backup operation failed!", 4); $this->show_msg_error(__('htaccess backup failed.', 'aiowpsecurity')); } } if (isset($_POST['aiowps_restore_htaccess_button'])) { $nonce = $_REQUEST['_wpnonce']; if (!wp_verify_nonce($nonce, 'aiowpsec-restore-htaccess-nonce')) { $aio_wp_security->debug_logger->log_debug("Nonce check failed on htaccess file restore!", 4); die("Nonce check failed on htaccess file restore!"); } if (empty($_POST['aiowps_htaccess_file'])) { $this->show_msg_error(__('Please choose a .htaccess to restore from.', 'aiowpsecurity')); } else { //Let's copy the uploaded .htaccess file into the active root file $new_htaccess_file_path = trim($_POST['aiowps_htaccess_file']); //TODO //Verify that file chosen has contents which are relevant to .htaccess file $is_htaccess = AIOWPSecurity_Utility_Htaccess::check_if_htaccess_contents($new_htaccess_file_path); if ($is_htaccess == 1) { $active_root_htaccess = ABSPATH . '.htaccess'; if (!copy($new_htaccess_file_path, $active_root_htaccess)) { //Failed to make a backup copy $aio_wp_security->debug_logger->log_debug("htaccess - Restore from .htaccess operation failed!", 4); $this->show_msg_error(__('htaccess file restore failed. Please attempt to restore the .htaccess manually using FTP.', 'aiowpsecurity')); } else { $this->show_msg_updated(__('Your .htaccess file has successfully been restored!', 'aiowpsecurity')); } } else { $aio_wp_security->debug_logger->log_debug("htaccess restore failed - Contents of restore file appear invalid!", 4); $this->show_msg_error(__('htaccess Restore operation failed! Please check the contents of the file you are trying to restore from.', 'aiowpsecurity')); } } } ?> <h2><?php _e('.htaccess File Operations', 'aiowpsecurity'); ?> </h2> <div class="aio_blue_box"> <?php echo '<p>' . __('Your ".htaccess" file is a key component of your website\'s security and it can be modified to implement various levels of protection mechanisms.', 'aiowpsecurity') . ' <br />' . __('This feature allows you to backup and save your currently active .htaccess file should you need to re-use the the backed up file in the future.', 'aiowpsecurity') . ' <br />' . __('You can also restore your site\'s .htaccess settings using a backed up .htaccess file.', 'aiowpsecurity') . ' </p>'; ?> </div> <?php if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1) { //Hide config settings if MS and not main site AIOWPSecurity_Utility::display_multisite_message(); } else { ?> <div class="postbox"> <h3><label for="title"><?php _e('Save the current .htaccess file', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <form action="" method="POST"> <?php wp_nonce_field('aiowpsec-save-htaccess-nonce'); ?> <p class="description"><?php _e('Click the button below to backup and save the currently active .htaccess file.', 'aiowpsecurity'); ?> </p> <input type="submit" name="aiowps_save_htaccess" value="<?php _e('Backup .htaccess File', 'aiowpsecurity'); ?> " class="button-primary" /> </form> </div></div> <div class="postbox"> <h3><label for="title"><?php _e('Restore from a backed up .htaccess file', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <form action="" method="POST"> <?php wp_nonce_field('aiowpsec-restore-htaccess-nonce'); ?> <table class="form-table"> <tr valign="top"> <th scope="row"><?php _e('.htaccess file to restore from', 'aiowpsecurity'); ?> :</th> <td> <input type="button" id="aiowps_htaccess_file_button" name="aiowps_htaccess_file_button" class="button rbutton" value="Select Your htaccess File" /> <input name="aiowps_htaccess_file" type="text" id="aiowps_htaccess_file" value="" size="80" /> <p class="description"> <?php _e('After selecting your file, click the button below to restore your site using the backed up htaccess file (htaccess_backup.txt).', 'aiowpsecurity'); ?> </p> </td> </tr> </table> <input type="submit" name="aiowps_restore_htaccess_button" value="<?php _e('Restore .htaccess File', 'aiowpsecurity'); ?> " class="button-primary" /> </form> </div></div> <div class="postbox"> <h3><label for="title"><?php _e('View Contents of the currently active .htaccess file', 'aiowpsecurity'); ?> </label></h3> <div class="inside"> <?php $ht_file = ABSPATH . '.htaccess'; $ht_contents = AIOWPSecurity_Utility_File::get_file_contents($ht_file); //echo $ht_contents; ?> <textarea class="aio_text_area_file_output aio_half_width aio_spacer_10_tb" rows="15" readonly><?php echo $ht_contents; ?> </textarea> </div></div> <?php } // End if statement }