function bps_wpadmin_htaccess_status_dashboard()
{
if (current_user_can('manage_options')) {
global $bps_version, $bps_last_version, $aitpro_bullet;
if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
$BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
return;
}
$filename = ABSPATH . 'wp-admin/.htaccess';
$permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
$check_string = @file_get_contents($filename);
$section = @file_get_contents($filename, NULL, NULL, 3, 46);
$bps_wpadmin_upgrade = '';
$pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
$pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
$pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
$pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
$BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
$BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
if (!file_exists($filename)) {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your wp-admin folder. Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' for more specific information.', 'bulletproof-security') . '</font><br><font color="blue">' . __('BPS First Time|New Installation', 'bulletproof-security') . '</font><br>' . __('If you are installing BPS for the first time click here ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php">' . __('Security Modes page', 'bulletproof-security') . '</a>' . __(' and then click the AutoMagic, Setup Steps & Other Help Info Read Me help button for BPS Setup Steps.', 'bulletproof-security') . '</div>';
echo $text;
} else {
if (file_exists($filename)) {
switch ($bps_version) {
case $bps_last_version:
// for Testing
if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
// echo or print for testing
}
break;
case !strpos($check_string, "BULLETPROOF"):
$text = '<div style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:0px 5px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('The BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('Go to the ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php">' . __('Security Modes page', 'bulletproof-security') . '</a>' . __(' and Activate wp-admin Folder BulletProof Mode.', 'bulletproof-security') . '</div>';
echo $text;
break;
case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
// Windows IIS, XAMPP, etc
@chmod($filename, 0644);
}
$stringReplace = @file_get_contents($filename);
$stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
if (preg_match($pattern10a, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10b, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10c, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern1, $stringReplace, $matches)) {
$stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
}
file_put_contents($filename, $stringReplace);
if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
//print("Testing wp-admin auto-update");
$bps_wpadmin_upgrade = 'upgrade';
}
// end upgrade processing
break;
case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
$bps_status_display = get_option('bulletproof_security_options_status_display');
if ($bps_status_display['bps_status_display'] != 'Off') {
if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
$WBM = $aitpro_bullet . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#WBM-Link" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
$WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
echo '<div id="bps-status-display" style="background-color:#eeeeee;font-weight:bold;float:left;margin:0px;">' . $WBM_str . '</div>';
}
}
break;
default:
if ($bps_wpadmin_upgrade != 'upgrade') {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
echo $text;
}
}
}
}
}
}
}
function bps_wpadmin_htaccess_status_dashboard()
{
if (current_user_can('manage_options')) {
global $bps_version, $bps_last_version, $aitpro_bullet;
if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
$BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
return;
}
$filename = ABSPATH . 'wp-admin/.htaccess';
$permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
$check_string = @file_get_contents($filename);
$section = @file_get_contents($filename, NULL, NULL, 3, 46);
$bps_wpadmin_upgrade = '';
$pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
$pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
$pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
$pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
$BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
$BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
if (!file_exists($filename)) {
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security') . '</font><br>' . __('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security') . '<br>' . __('After you are done troubleshooting ', 'bulletproof-security') . '</font><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you deleted the wp-admin htaccess file due to bad/invalid Custom Code causing a problem then ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, delete the bad/invalid wp-admin Custom Code and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
} else {
if (file_exists($filename)) {
switch ($bps_version) {
case $bps_last_version:
// for Testing
if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
// echo or print for testing
}
break;
case !strpos($check_string, "BULLETPROOF"):
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('he BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/wizard/wizard.php">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security') . '<br><a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-7">' . __('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
break;
case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
// Windows IIS, XAMPP, etc
@chmod($filename, 0644);
}
$stringReplace = @file_get_contents($filename);
$stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
if (preg_match($pattern10a, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10b, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10c, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern1, $stringReplace, $matches)) {
$stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
}
file_put_contents($filename, $stringReplace);
if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
//print("Testing wp-admin auto-update");
$bps_wpadmin_upgrade = 'upgrade';
}
// end upgrade processing
break;
case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
$bps_status_display = get_option('bulletproof_security_options_status_display');
if ($bps_status_display['bps_status_display'] != 'Off') {
if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
$WBM = $aitpro_bullet . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#WBM-Link" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
$WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
echo '<div id="bps-status-display" style="background-color:#eeeeee;font-weight:bold;float:left;margin:0px;">' . $WBM_str . '</div>';
}
}
break;
default:
if ($bps_wpadmin_upgrade != 'upgrade') {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="admin.php?page=bulletproof-security/admin/core/options.php#bps-tabs-2">' . __('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
echo $text;
}
}
}
}
}
}
}
function bps_wpadmin_htaccess_status_dashboard()
{
if (current_user_can('manage_options')) {
global $bps_version, $bps_last_version, $aitpro_bullet;
if (esc_html($_SERVER['REQUEST_METHOD']) != 'POST' && esc_html($_SERVER['QUERY_STRING']) != 'page=bulletproof-security/admin/system-info/system-info.php') {
$BPS_wpadmin_Options = get_option('bulletproof_security_options_htaccess_res');
if ($BPS_wpadmin_Options['bps_wpadmin_restriction'] == 'disabled') {
return;
}
$filename = ABSPATH . 'wp-admin/.htaccess';
$permsHtaccess = @substr(sprintf('%o', fileperms($filename)), -4);
$check_string = @file_get_contents($filename);
$section = @file_get_contents($filename, NULL, NULL, 3, 46);
$bps_wpadmin_upgrade = '';
$pattern10a = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\?(.*)\\sHTTP\\/\\s\\[NC,OR\\]\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s(.*)\\*(.*)\\sHTTP\\/\\s\\[NC,OR\\]/';
$pattern10b = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\?\\+\\(%20\\{1,\\}.*\\s*RewriteCond\\s%\\{THE_REQUEST\\}\\s.*\\+\\(.*\\*\\|%2a.*\\s\\[NC,OR\\]/';
$pattern10c = '/RewriteCond\\s%\\{THE_REQUEST\\}\\s\\(\\\\?.*%2a\\)\\+\\(%20\\+\\|\\\\s\\+.*HTTP\\(:\\/.*\\[NC,OR\\]/';
$pattern1 = '/(\\[|\\]|\\(|\\)|<|>)/s';
$pattern_amod = '/#\\sWPADMIN\\sDENY\\sBROWSER\\sACCESS\\sTO\\sFILES(.*\\s*){13,16}#\\sEND\\sBPS\\sWPADMIN\\sDENY\\sACCESS\\sTO\\sFILES/';
$BPSVpattern = '/BULLETPROOF\\s\\.[\\d](.*)WP-ADMIN/';
$BPSVreplace = "BULLETPROOF {$bps_version} WP-ADMIN";
if (!file_exists($filename)) {
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! An htaccess file was NOT found in your WordPress wp-admin folder', 'bulletproof-security') . '</font><br>' . __('If you have deleted the wp-admin htaccess file for troubleshooting purposes you can disregard this Alert.', 'bulletproof-security') . '<br>' . __('After you are done troubleshooting ', 'bulletproof-security') . '</font><a href="' . admin_url('admin.php?page=bulletproof-security/admin/wizard/wizard.php') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you deleted the wp-admin htaccess file due to bad/invalid Custom Code causing a problem then ', 'bulletproof-security') . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, delete the bad/invalid wp-admin Custom Code and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
} else {
if (file_exists($filename)) {
switch ($bps_version) {
case $bps_last_version:
// for Testing
if (strpos($check_string, "BULLETPROOF {$bps_last_version}") && strpos($check_string, "BPSQSE-check")) {
// echo or print for testing
}
break;
case !strpos($check_string, "BULLETPROOF"):
// Setup Wizard Notice: not displayed. The Setup Wizard DB option is automatically saved in the root htaccess funcion on BPS plugin upgrades.
if (!get_option('bulletproof_security_options_wizard_free')) {
// display nothing. Notice is already displayed in the root htaccess function.
} else {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! Your wp-admin folder may not be protected by BulletProof Security', 'bulletproof-security') . '</font><br>' . __('he BPS version: BULLETPROOF .xx.x WP-ADMIN SECURE .HTACCESS line of code was not found at the top of your wp-admin htaccess file.', 'bulletproof-security') . '<br>' . __('The BPS version line of code MUST be at the very top of your wp-admin htaccess file.', 'bulletproof-security') . '<br><a href="' . admin_url('admin.php?page=bulletproof-security/admin/wizard/wizard.php') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Setup Wizard page and click the Setup Wizard button to setup the BPS plugin again.', 'bulletproof-security') . '<br>' . __('Important Note: If you manually added other htaccess code above the BPS version line of code in your wp-admin htaccess file, you can copy that code to BPS wp-admin Custom Code so that your code is saved in the correct place in the BPS wp-admin htaccess file. ', 'bulletproof-security') . '<br><a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-7') . '">' . esc_attr__('Click Here', 'bulletproof-security') . '</a>' . __(' to go to the BPS Custom Code page, add your wp-admin custom htaccess code in an appropriate wp-admin Custom Code text box and click the Save wp-admin Custom Code button before running the Setup Wizard again.', 'bulletproof-security') . '</div>';
echo $text;
}
break;
case !strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
// mod_authz_core forward/backward compatibility: create new htaccess files if needed
bpsPro_apache_mod_directive_check();
$CC_Options_wpadmin = get_option('bulletproof_security_options_customcode_WPA');
$Apache_Mod_options = get_option('bulletproof_security_options_apache_modules');
if (@substr($sapi_type, 0, 6) != 'apache' || @$permsHtaccess != '0666' || @$permsHtaccess != '0777') {
// Windows IIS, XAMPP, etc
@chmod($filename, 0644);
}
$stringReplace = @file_get_contents($filename);
$stringReplace = preg_replace($BPSVpattern, $BPSVreplace, $stringReplace);
if (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'Yes') {
$stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Require all denied and Uncomment: Require ip 127.0.0.1\n# Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\n<IfModule mod_authz_core.c>\nRequire all denied\n#Require ip 127.0.0.1\n</IfModule>\n\n<IfModule !mod_authz_core.c>\n<IfModule mod_access_compat.c>\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</IfModule>\n</IfModule>\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
} elseif (preg_match($pattern_amod, $stringReplace, $matches) && $CC_Options_wpadmin['bps_customcode_deny_files_wpa'] == '' && $Apache_Mod_options['bps_apache_mod_ifmodule'] == 'No') {
$stringReplace = preg_replace($pattern_amod, "# WPADMIN DENY BROWSER ACCESS TO FILES\n# Deny Browser access to /wp-admin/install.php\n# Use BPS Custom Code to modify/edit/change this code and to save it permanently.\n# To be able to view the install.php file from a Browser, replace 127.0.0.1 with your actual\n# current IP address. Comment out: #Deny from all and Uncomment: Allow from 127.0.0.1\n# Note: The BPS System Info page displays which modules are loaded on your server.\n\n# BEGIN BPS WPADMIN DENY ACCESS TO FILES\n<FilesMatch \"^(install\\.php)\">\nOrder Allow,Deny\nDeny from all\n#Allow from 127.0.0.1\n</FilesMatch>\n# END BPS WPADMIN DENY ACCESS TO FILES", $stringReplace);
}
if (preg_match($pattern10a, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10a, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10b, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10b, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern10c, $stringReplace, $matches)) {
$stringReplace = preg_replace($pattern10c, "RewriteCond %{THE_REQUEST} (\\?|\\*|%2a)+(%20+|\\\\\\s+|%20+\\\\\\s+|\\\\\\s+%20+|\\\\\\s+%20+\\\\\\s+)HTTP(:/|/) [NC,OR]", $stringReplace);
}
if (preg_match($pattern1, $stringReplace, $matches)) {
$stringReplace = str_replace("RewriteCond %{QUERY_STRING} ^.*(\\[|\\]|\\(|\\)|<|>).* [NC,OR]", "RewriteCond %{QUERY_STRING} ^.*(\\(|\\)|<|>).* [NC,OR]", $stringReplace);
}
file_put_contents($filename, $stringReplace);
if (getBPSInstallTime() == getBPSwpadminHtaccessLasModTime_minutes() || getBPSInstallTime_plusone() == getBPSwpadminHtaccessLasModTime_minutes()) {
//print("Testing wp-admin auto-update");
$bps_wpadmin_upgrade = 'upgrade';
}
// end upgrade processing
break;
case strpos($check_string, "BULLETPROOF {$bps_version}") && strpos($check_string, "BPSQSE-check"):
$bps_status_display = get_option('bulletproof_security_options_status_display');
if ($bps_status_display['bps_status_display'] != 'Off') {
if (preg_match('/page=bulletproof-security/', esc_html($_SERVER['REQUEST_URI']), $matches)) {
$WBM = $aitpro_bullet . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#WBM-Link') . '" title="wp-admin Folder BulletProof Mode" style="text-decoration:none;">' . __('WBM', 'bulletproof-security') . '</a>: <font color="green"><strong>' . __('On', 'bulletproof-security') . '</strong></font>';
$WBM_str = str_replace("BULLETPROOF {$bps_version} WP-ADMIN SECURE .HTACCESS", "{$WBM}", $section);
echo '<div id="bps-status-display" style="float:left;font-weight:bold;margin:0px;">' . $WBM_str . '</div>';
}
}
break;
default:
if ($bps_wpadmin_upgrade != 'upgrade') {
$text = '<div class="update-nag" style="background-color:#ffffe0;font-size:1em;font-weight:bold;padding:2px 5px;margin-top:2px;"><font color="red">' . __('BPS Alert! A valid BPS htaccess file was NOT found in your wp-admin folder', 'bulletproof-security') . '</font><br>' . __('BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.', 'bulletproof-security') . '<br>' . __('Check the BPS ', 'bulletproof-security') . '<a href="' . admin_url('admin.php?page=bulletproof-security/admin/core/core.php#bps-tabs-2') . '">' . esc_attr__('Security Status page', 'bulletproof-security') . '</a>' . __(' to view your BPS Security Status information.', 'bulletproof-security') . '</div>';
echo $text;
}
}
}
}
}
}
}
