/** * Sanitize and validate input * * Sanitizes and validates module options saved on the settings page or via multisite. * * @since 4.0.0 * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; $input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false; $input['all_sites'] = isset($input['all_sites']) && intval($input['all_sites'] == 1) ? true : false; $input['interval'] = isset($input['interval']) ? absint($input['interval']) : 3; $input['method'] = isset($input['method']) ? intval($input['method']) : 0; $input['location'] = isset($input['location']) ? sanitize_text_field($input['location']) : $itsec_globals['ithemes_backup_dir']; $input['last_run'] = isset($this->settings['last_run']) ? $this->settings['last_run'] : 0; $input['retain'] = isset($input['retain']) ? absint($input['retain']) : 0; if (isset($input['location']) && $input['location'] != $itsec_globals['ithemes_backup_dir']) { $good_path = ITSEC_Lib::validate_path($input['location']); } else { $good_path = true; } if (true !== $good_path) { $input['location'] = $itsec_globals['ithemes_backup_dir']; $type = 'error'; $message = __('The file path entered for the backup file location does not appear to be valid. it has been reset to: ' . $itsec_globals['ithemes_backup_dir'], 'it-l10n-ithemes-security-pro'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['exclude'] = isset($input['exclude']) ? $input['exclude'] : array(); $input['zip'] = isset($input['zip']) && intval($input['zip'] == 1) ? true : false; if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = $input; } return $input; }
/** * Sanitize and validate input * * Sanitizes and validates module options saved on the settings page or via multisite. * * @since 4.0.0 * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; //File Change Detection Fields $input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false; $input['split'] = isset($input['split']) && intval($input['split'] == 1) ? true : false; $input['method'] = isset($input['method']) && intval($input['method'] == 1) ? true : false; $input['email'] = isset($input['email']) && intval($input['email'] == 1) ? true : false; $input['notify_admin'] = isset($input['notify_admin']) && intval($input['notify_admin'] == 1) ? true : false; $input['last_chunk'] = isset($input['last_chunk']) ? $input['last_chunk'] : false; if (!is_array($input['file_list'])) { $file_list = explode(PHP_EOL, $input['file_list']); } else { $file_list = $input['file_list']; } $good_files = array(); foreach ($file_list as $file) { $good_files[] = sanitize_text_field(trim($file)); } $input['file_list'] = $good_files; if (!is_array($input['types'])) { $file_types = explode(PHP_EOL, $input['types']); } else { $file_types = $input['types']; } $good_types = array(); foreach ($file_types as $file_type) { $file_type = trim($file_type); if (0 < strlen($file_type) && '.' != $file_type) { $good_type = sanitize_text_field('.' . str_replace('.', '', $file_type)); $good_types[] = sanitize_text_field(trim($good_type)); } } $input['types'] = $good_types; if (isset($input['split']) && true === $input['split']) { $interval = 12282; } else { $interval = 86340; } if (defined('ITSEC_DOING_FILE_CHECK') && true === ITSEC_DOING_FILE_CHECK) { $input['last_run'] = $itsec_globals['current_time']; } else { $input['last_run'] = isset($this->settings['last_run']) && $this->settings['last_run'] > $itsec_globals['current_time'] - $interval ? $this->settings['last_run'] : $itsec_globals['current_time'] - $interval + 120; } if (is_multisite()) { $this->core->show_network_admin_notice(false); $this->settings = $input; } return $input; }
/** * Sanitize and validate input * * Sanitizes and validates module options saved on the settings page or via multisite. * * @since 1.2.0 * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { //process strong passwords settings $input['enabled'] = isset($input['enabled']) && 1 === intval($input['enabled']) ? true : false; if (isset($input['roll']) && ctype_alpha(wp_strip_all_tags($input['roll']))) { $input['roll'] = wp_strip_all_tags($input['roll']); } $input['offset'] = isset($input['offset']) ? intval($input['offset']) : 1; if (is_multisite()) { $this->core->show_network_admin_notice(false); $this->settings = $input; } return $input; }
/** * Sanitize and validate input * * @since 4.6.0 */ public function process_salts() { global $itsec_globals; require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-file.php'; $config_file_path = ITSEC_Lib_Config_File::get_wp_config_file_path(); $config = ITSEC_Lib_File::read($config_file_path); $error = ''; if (is_wp_error($config)) { $error = sprintf(__('Unable to read the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()); } else { $defines = array('AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT'); foreach ($defines as $define) { $new_salt = $this->get_salt(); $new_salt = str_replace('$', '\\$', $new_salt); $regex = "/(define\\s*\\(\\s*(['\"]){$define}\\2\\s*,\\s*)(['\"]).+?\\3(\\s*\\)\\s*;)/"; $config = preg_replace($regex, "\${1}'{$new_salt}'\${4}", $config); } $write_result = ITSEC_Lib_File::write($config_file_path, $config); if (is_wp_error($write_result)) { $error = sprintf(__('Unable to update the <code>wp-config.php</code> file in order to update the salts. Error details as follows: %1$s (%2$s)', 'better-wp-security'), $config->get_error_message(), $config->get_error_code()); } } if (!empty($error)) { add_settings_error('itsec', esc_attr('settings_updated'), $error, 'error'); add_site_option('itsec_manual_update', true); } $this->settings = true; //this tells the form field that all went well. if (is_multisite()) { if (!empty($error)) { $error_handler = new WP_Error(); $error_handler->add('error', $error); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = true; } if ($this->settings === true) { update_site_option('itsec_salts', $itsec_globals['current_time_gmt']); wp_clear_auth_cookie(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); } }
/** * Sanitize and validate input * * @since 4.6.0 */ public function process_salts() { global $itsec_files, $itsec_globals; //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); $rules = $this->build_salts_rules(); $itsec_files->set_wpconfig($rules); $configs = $itsec_files->save_wpconfig(); if (is_array($configs)) { if ($configs['success'] === false) { $type = 'error'; $message = $configs['text']; add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } if (!$configs) { $type = 'error'; $message = __('Unable change the WordPress Salts. Operation cancelled.', 'it-l10n-better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } else { add_site_option('itsec_manual_update', true); } $this->settings = true; //this tells the form field that all went well. if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = true; } if ($this->settings === true) { update_site_option('itsec_salts', $itsec_globals['current_time_gmt']); wp_clear_auth_cookie(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); } }
/** * Public function to get lock and call backup. * * Attempts to get a lock to prevent concurrant backups and calls the backup function itself. * * @since 4.0.0 * * @param boolean $one_time whether this is a one time backup * * @return mixed false on error or nothing */ public function do_backup($one_time = false) { global $itsec_files; ITSEC_Lib::set_minimum_memory_limit('128M'); if ($itsec_files->get_file_lock('backup')) { $this->execute_backup($one_time); $itsec_files->release_file_lock('backup'); if (true === $one_time) { switch ($this->settings['method']) { case 0: $details = __('emailed to backup recipients and saved locally.', 'it-l10n-better-wp-security'); break; case 1: $details = __('emailed to backup recipients.', 'it-l10n-better-wp-security'); break; default: $details = __('saved locally.', 'it-l10n-better-wp-security'); break; } $type = 'updated'; $message = __('Backup Completed and ' . $details, 'it-l10n-better-wp-security'); } $success = true; } else { if (true === $one_time) { $type = 'error'; $message = __('Something went wrong with your backup. It looks like another process might already be trying to backup your database. Please try again in a few minutes. If the problem persists please contact support.', 'it-l10n-better-wp-security'); } $success = false; } if (true === $one_time) { if (is_multisite()) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } return $success; }
/** * Processes the change of wp-content * * Processes the changing of the wp-content directory including physically * renaming the directory, adding the new information to wp-config.php and * making sure the submitted directory name is valid. * * @since 4.0.0 * * @access private * * @return void */ private function process_directory() { global $itsec_files; //suppress error messages due to timing error_reporting(0); @ini_set('display_errors', 0); $dir_name = sanitize_file_name($_POST['name']); $old_directory = ''; $new_directory = ''; if (2 >= strlen($dir_name)) { //make sure the directory name is at least 2 characters $type = 'error'; $message = __('Please choose a directory name that is greater than 2 characters in length.', 'it-l10n-better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } elseif ('wp-content' === $dir_name) { //they must pick something new or we're not going to process $type = 'error'; $message = __('You have not chosen a new name for wp-content. Nothing was saved.', 'it-l10n-better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } else { //process the name change $rules = $this->build_wpconfig_rules($dir_name); $itsec_files->set_wpconfig($rules); $configs = $itsec_files->save_wpconfig(); if (is_array($configs)) { if ($configs['success'] === false) { $type = 'error'; $message = $configs['text']; add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $old_directory = WP_CONTENT_DIR; $new_directory = trailingslashit(ABSPATH) . $dir_name; $renamed = rename($old_directory, $new_directory); if (!$renamed) { $type = 'error'; $message = __('Unable to rename the wp-content folder. Operation cancelled.', 'it-l10n-better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } } else { add_site_option('itsec_manual_update', true); } } $this->settings = true; //this tells the form field that all went well. $backup = get_site_option('itsec_backup'); if (false !== $backup && isset($backup['location'])) { $backup['location'] = str_replace($old_directory, $new_directory, $backup['location']); update_site_option('itsec_backup', $backup); } $global = get_site_option('itsec_global'); if (false !== $global && (isset($global['log_location']) || isset($global['nginx_file']))) { if (isset($global['log_location'])) { $global['log_location'] = str_replace($old_directory, $new_directory, $global['log_location']); } if (isset($global['nginx_file'])) { $global['nginx_file'] = str_replace($old_directory, $new_directory, $global['nginx_file']); } update_site_option('itsec_global', $global); } if (is_multisite()) { //put the error messages in the right place if multisite or not if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = true; } }