예제 #1
0
function sixscan_common_gather_system_information_for_anonymous_support_ticket()
{
    $submission_data = "\n";
    $submission_data .= "OS: " . PHP_OS . " \n";
    $submission_data .= "Server info: " . print_r($_SERVER, TRUE);
    $regdata_status = sixscan_common_is_regdata_present();
    $submission_data .= "Regdata present: {$regdata_status}\n";
    $write_method = get_option(SIXSCAN_OPTION_WPFS_CONFIG) === FALSE ? "Direct_access" : "WP_filesystem";
    $submission_data .= "Write method: {$write_method}\n";
    /* Check , whether site can access external resources */
    $url = SIXSCAN_BODYGUARD_REGISTER_URL;
    $proxy = new WP_HTTP_Proxy();
    if ($proxy->is_enabled() && $proxy->send_through_proxy($url)) {
        $is_through_proxy = "true";
    } else {
        $is_through_proxy = "false";
    }
    $submission_data .= "Is access through proxy: {$is_through_proxy}\n";
    $htaccess_contents = file_get_contents(sixscan_common_get_htaccess_file_path(TRUE));
    if ($htaccess_contents == FALSE) {
        $htaccess_contents = "Empty";
    }
    $submission_data .= "Htaccess contents: {$htaccess_contents}\n";
    $plugin_list = get_plugins();
    $submission_data .= "Plugins: " . print_r($plugin_list, TRUE) . "\n";
    $phpinif_info = ini_get_all();
    $submission_data .= "phpinfo(): " . print_r($phpinif_info, true) . "\n";
    return $submission_data;
}
예제 #2
0
    unlink(SIXSCAN_LOCK_FILE_NAME);
}
$wp_load_location = sixscan_notice_find_wp_load_location();
if ($wp_load_location == FALSE) {
    header("HTTP/1.1 500 Can't initialize WP environment");
    exit(0);
}
require $wp_load_location;
require_once '../../admin/includes/common.php';
/*	Older Wordpress version contain several functions, that we use, in this file: */
require_once ABSPATH . 'wp-admin/includes/file.php';
if (defined('SIXSCAN_VERSION') == FALSE) {
    header("HTTP/1.1 500 Can't initialize environment");
    exit(0);
}
if (sixscan_common_is_regdata_present() != TRUE) {
    header("HTTP/1.1 500 6Scan not registered");
    exit(0);
}
/*	Backwards compatibility. Plugins of versions <1.0.5 had another "active" indication */
$backward_compat_active = get_option('sixscan_setupaccount');
if ($backward_compat_active == 'SETUP_STAGE_RUNNING' || $backward_compat_active == 'SETUP_STAGE_INSTALLED') {
    /*	Cleanup and activate for new version */
    delete_option('sixscan_setupaccount');
    sixscan_common_set_account_active(TRUE);
}
/*	Verify process. Make sure that sites belongs to the user that registered it */
if (isset($_REQUEST[SIXSCAN_NOTICE_VERIFICATION_NAME]) && isset($_REQUEST[SIXSCAN_NOTICE_AUTH_NAME])) {
    $expected_auth_id = md5(sixscan_common_get_api_token() . sixscan_common_get_site_id());
    if ($_REQUEST[SIXSCAN_NOTICE_VERIFICATION_NAME] == sixscan_common_get_site_id() && $_REQUEST[SIXSCAN_NOTICE_AUTH_NAME] == $expected_auth_id) {
        echo SIXSCAN_VERIFICATION_DELIMITER . sixscan_common_get_verification_token() . SIXSCAN_VERIFICATION_DELIMITER;
예제 #3
0
function sixscan_installation_install($tmp_key)
{
    try {
        /*	Clear the operational flag. It will be set, if activation is successful  */
        sixscan_common_set_account_operational(FALSE);
        global $wp_filesystem;
        $current_wp_filesystem = $tmp_key == "" ? 'direct' : 'ftp';
        if (is_multisite()) {
            $err_message = "6Scan Install <b>Error</b>: 6Scan currently does not support multisite installs. The support will be added soon";
            return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Multisite install failed", $current_wp_filesystem);
        }
        /*	Make sure we can create signature file and update the site's .htaccess file */
        if (sixscan_common_test_dir_writable($wp_filesystem->abspath()) == FALSE) {
            $err_message = "6Scan Install <b>Error</b>: Failed creating signature file at Wordpress directory " . ABSPATH . SIXSCAN_COMM_SIGNATURE_FILENAME . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>";
            return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed creating signature file", $current_wp_filesystem);
        }
        if ($wp_filesystem->exists(SIXSCAN_HTACCESS_FILE) && sixscan_common_test_file_writable(SIXSCAN_HTACCESS_FILE) == FALSE) {
            $err_message = "6Scan Install <b>Error</b>: Failed writing .htaccess file " . SIXSCAN_HTACCESS_FILE . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>";
            return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed writing .htaccess file", $current_wp_filesystem);
        }
        if ($wp_filesystem->is_writable(SIXSCAN_PLUGIN_DIR . "/6scan.php") == FALSE) {
            $err_message = "6Scan Install <b>Error</b>: Can't modify 6Scan directory. This usually happens when security permissions do not allow writing to the Wordpress directory." . "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>";
            return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("Failed initializing WP_Filesystem()", $current_wp_filesystem);
        }
        if (ini_get("allow_url_fopen") == FALSE && !function_exists('curl_init')) {
            $err_message = "6Scan Install <b>Error</b>: No libcurl found <b>and</b> \"allow_url_fopen\" in your php.ini is disabled. 6Scan needs at least <b>one</b> transport layer to be enabled, in order to contact its server for automatic updates.<br>" . "*Please see <a href='http://6scan.freshdesk.com/solution/articles/3257-installing-curl-extension-on-a-system' target='_blank'> this FAQ entry</a> in order to enable Curl<br>" . "*Please see <a href='http://6scan.freshdesk.com/solution/categories/3294/folders/6728/articles/2681-i-am-seeing-an-error-that-is-similar-to-could-not-open-handle-for-fopen-' target='_blank'>this FAQ entry</a> for instructions on how to enable the \"allow_url_fopen\" flag<br>" . "<br/><br/>If you have additional questions, please visit our <a href='http://6scan.com/support' target='_blank'>community</a>";
            return sixscan_menu_wrap_error_msg($err_message) . sixscan_installation_error_description("No libcurl found and allow_url_fopen is disabled", $current_wp_filesystem);
        }
        /*	Rewrite the htaccess and 6scan-gate file */
        $htaccess_install_result = sixscan_htaccess_install();
        if ($htaccess_install_result !== TRUE) {
            return sixscan_menu_wrap_error_msg($htaccess_install_result['user_message']) . sixscan_installation_error_description($htaccess_install_result['short_description'], $current_wp_filesystem);
        }
        if (sixscan_common_is_regdata_present() == TRUE) {
            if (sixscan_communication_oracle_reg_reactivate(sixscan_common_get_site_id(), sixscan_common_get_api_token()) == TRUE) {
                /* There is no real install to go on, just reactivation */
                sixscan_common_set_account_operational(TRUE);
                sixscan_common_set_account_active(TRUE);
                return TRUE;
            } else {
                sixscan_common_erase_regdata();
            }
        }
        /*	Register process */
        $server_registration_result = sixscan_installation_register_with_server($tmp_key);
        if ($server_registration_result !== TRUE) {
            /* If something went wrong in the registration/verification process */
            sixscan_common_erase_regdata();
            return $server_registration_result . sixscan_installation_error_description("Server registration failed", $current_wp_filesystem);
        }
        /*	Account is now active, but not yet operational ( operation is set by server, when user completes the registration */
        sixscan_common_set_account_active(TRUE);
        /*	Preparing options for further use */
        update_option(SIXSCAN_OPTION_COMM_ORACLE_NONCE, 1);
        update_option(SIXSCAN_OPTION_COMM_LAST_SIG_UPDATE_NONCE, 0);
        update_option(SIXSCAN_OPTION_STAT_SUSPICIOUS_REQ_COUNT, 0);
        update_option(SIXSCAN_OPTION_STAT_OK_REQ_COUNT, 0);
        update_option(SIXSCAN_OPTION_WAF_REQUESTED, array());
        update_option(SIXSCAN_OPTION_LOGIN_SETTINGS, array());
        update_option(SIXSCAN_VULN_MESSAGE_DISMISSED, FALSE);
    } catch (Exception $e) {
        /* Exception aborts the process */
        sixscan_common_erase_regdata();
        sixscan_common_set_account_active(FALSE);
        sixscan_common_set_account_operational(FALSE);
        return $e . sixscan_installation_error_description("Exception occured while installing", $current_wp_filesystem);
    }
    return TRUE;
}