public function handle_ajax_request($data)
{
global $itsec_globals;
require_once dirname(__FILE__) . '/class-itsec-malware-scanner.php';
require_once dirname(__FILE__) . '/class-itsec-malware-scan-results-template.php';
if (!ITSEC_Core::current_user_can_manage()) {
$results = new WP_Error('itsec-settings-malware-scan-insufficient-privileges', __('An error prevented the scan from completing as expected. The currently logged in user does not have sufficient permissions to run this scan. You may need to log out of the site and log back in.', 'better-wp-security'));
} else {
$results = ITSEC_Malware_Scanner::scan();
}
ITSEC_Response::set_response(ITSEC_Malware_Scan_Results_Template::get_html($results, true));
}
/**
* Dismisses the file change notifications.
*
* Processes the ajax request for dismissing the file change notification box in the
* WordPress Dashboard.
*
* @since 4.0.0
*
* @return void
*/
public function wp_ajax_itsec_file_change_warning_ajax()
{
if (!ITSEC_Core::current_user_can_manage()) {
die(__('You do not have permissions to do this!', 'better-wp-security'));
}
if (!wp_verify_nonce(sanitize_text_field($_POST['nonce']), 'itsec_file_change_warning')) {
die(__('Security error!', 'better-wp-security'));
}
die(delete_site_option('itsec_file_change_warning'));
}
public function update_temp_whitelist()
{
if (!ITSEC_Core::current_user_can_manage()) {
// Only add IP's of users that can manage Security settings.
return;
}
$ip = ITSEC_Lib::get_ip();
$this->add_to_temp_whitelist($ip);
}
public function handle_ajax_request()
{
global $itsec_globals;
if (WP_DEBUG) {
ini_set('display_errors', 1);
}
$method = isset($_POST['method']) && is_string($_POST['method']) ? $_POST['method'] : '';
$module = isset($_POST['module']) && is_string($_POST['module']) ? $_POST['module'] : '';
if (false === check_ajax_referer('itsec-settings-nonce', 'nonce', false)) {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-failed-nonce', __('A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.', 'better-wp-security')));
} else {
if (!ITSEC_Core::current_user_can_manage()) {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-insufficient-privileges', __('A permissions security check failed, preventing the request from completing as expected. The currently logged in user does not have sufficient permissions to make this request. Please try reloading the page and trying again.', 'better-wp-security')));
} else {
if (empty($method)) {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-missing-method', __('The server did not receive a valid request. The required "method" argument is missing. Please try again.', 'better-wp-security')));
} else {
if ('save' === $method) {
$this->handle_post();
} else {
if (empty($module)) {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-missing-module', __('The server did not receive a valid request. The required "module" argument is missing. Please try again.', 'better-wp-security')));
} else {
if ('activate' === $method) {
ITSEC_Response::set_response(ITSEC_Modules::activate($module));
} else {
if ('deactivate' === $method) {
ITSEC_Response::set_response(ITSEC_Modules::deactivate($module));
} else {
if ('is_active' === $method) {
ITSEC_Response::set_response(ITSEC_Modules::is_active($module));
} else {
if ('get_refreshed_module_settings' === $method) {
ITSEC_Response::set_response($this->get_module_settings($module));
} else {
if ('get_refreshed_widget_settings' === $method) {
ITSEC_Response::set_response($this->get_widget_settings($module));
} else {
if ('handle_module_request' === $method) {
if (isset($this->modules[$module])) {
if (isset($_POST['data'])) {
$returned_value = $this->modules[$module]->handle_ajax_request($_POST['data']);
if (!is_null($returned_value)) {
ITSEC_Response::set_response($returned_value);
}
} else {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-module-request-missing-data', __('The server did not receive a valid request. The required "data" argument for the module is missing. Please try again.', 'better-wp-security')));
}
} else {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-module-request-invalid-module', __("The server did not receive a valid request. The supplied module, \"{$module}\", does not exist. Please try again.", 'better-wp-security')));
}
} else {
if ('handle_widget_request' === $method) {
if (isset($this->widgets[$module])) {
if (isset($_POST['data'])) {
$this->widgets[$module]->handle_ajax_request($_POST['data']);
} else {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-widget-request-missing-data', __('The server did not receive a valid request. The required "data" argument for the widget is missing. Please try again.', 'better-wp-security')));
}
} else {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-widget-request-invalid-widget', __("The server did not receive a valid request. The supplied widget, \"{$module}\", does not exist. Please try again.", 'better-wp-security')));
}
} else {
ITSEC_Response::add_error(new WP_Error('itsec-settings-page-unknown-method', __('The server did not receive a valid request. An unknown "method" argument was supplied. Please try again.', 'better-wp-security')));
}
}
}
}
}
}
}
}
}
}
}
}
ITSEC_Response::send_json();
}
/**
* Add admin bar item
*
* @since 4.0
*
* @return void
*/
public function admin_bar_links()
{
global $wp_admin_bar, $itsec_globals;
if (!ITSEC_Core::current_user_can_manage()) {
return;
}
// Add the Parent link.
$wp_admin_bar->add_menu(array('title' => __('Security', 'better-wp-security'), 'href' => self::get_settings_page_url(), 'id' => 'itsec_admin_bar_menu'));
$wp_admin_bar->add_menu(array('id' => 'itsec_admin_bar_settings', 'title' => __('Settings', 'better-wp-security'), 'href' => self::get_settings_page_url(), 'parent' => 'itsec_admin_bar_menu'));
$wp_admin_bar->add_menu(array('id' => 'itsec_admin_bar_security_check', 'title' => __('Security Check', 'better-wp-security'), 'href' => self::get_security_check_page_url(), 'parent' => 'itsec_admin_bar_menu'));
$wp_admin_bar->add_menu(array('id' => 'itsec_admin_bar_logs', 'title' => __('Logs', 'better-wp-security'), 'href' => self::get_logs_page_url(), 'parent' => 'itsec_admin_bar_menu'));
}
