Exemplo n.º 1
0
 protected function validate_settings()
 {
     if (!$this->can_save()) {
         return;
     }
     $previous_settings = ITSEC_Modules::get_settings($this->get_id());
     $diff = array_diff_assoc($this->settings, $previous_settings);
     if (!empty($diff)) {
         ITSEC_Response::regenerate_server_config();
     }
     if ($this->settings['write_permissions']) {
         // Always set permissions to 0444 when saving the settings.
         // This ensures that the file permissions are fixed each time the settings are saved.
         $new_permissions = 0444;
     } else {
         if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) {
             // Only revert the settings to the defaults when disabling the setting.
             // This avoids changing the file permissions when the setting has yet to be enabled and disabled.
             $new_permissions = 0664;
         }
     }
     if (isset($new_permissions)) {
         // Only change the permissions when needed.
         require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php';
         require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php';
         $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path();
         $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
         ITSEC_Lib_File::chmod($server_config_file, $new_permissions);
         ITSEC_Lib_File::chmod($wp_config_file, $new_permissions);
         ITSEC_Response::reload_module('file-permissions');
     }
 }
 public static function regenerate_server_config($add_responses = true)
 {
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
     $result = ITSEC_Lib_Config_File::update_server_config();
     $success = !is_wp_error($result);
     $server = ITSEC_Lib_Utility::get_web_server();
     if ($add_responses) {
         if (is_wp_error($result)) {
             ITSEC_Response::add_error($result);
             $file = ITSEC_Lib_Config_File::get_server_config_file_path();
         } else {
             if ('nginx' === $server) {
                 ITSEC_Response::add_message(__('You must restart your NGINX server for the changes to take effect.', 'better-wp-security'));
             }
         }
     }
     return $success;
 }
Exemplo n.º 3
0
    protected function render_settings($form)
    {
        if (!defined('DOING_AJAX') || !DOING_AJAX) {
            echo '<p>' . __('Click the button to load the current file permissions.', 'better-wp-security') . '</p>';
            echo '<p>' . $form->add_button('load_file_permissions', array('value' => __('Load File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module')) . '</p>';
            return;
        }
        require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
        $wp_upload_dir = ITSEC_Core::get_wp_upload_dir();
        $path_data = array(array(ABSPATH, 0755), array(ABSPATH . WPINC, 0755), array(ABSPATH . 'wp-admin', 0755), array(ABSPATH . 'wp-admin/js', 0755), array(WP_CONTENT_DIR, 0755), array(get_theme_root(), 0755), array(WP_PLUGIN_DIR, 0755), array($wp_upload_dir['basedir'], 0755), array(ITSEC_Lib_Config_File::get_wp_config_file_path(), 0444), array(ITSEC_Lib_Config_File::get_server_config_file_path(), 0444));
        $rows = array();
        foreach ($path_data as $path) {
            $row = array();
            list($path, $suggested_permissions) = $path;
            $display_path = preg_replace('/^' . preg_quote(ABSPATH, '/') . '/', '', $path);
            $display_path = ltrim($display_path, '/');
            if (empty($display_path)) {
                $display_path = '/';
            }
            $row[] = $display_path;
            $row[] = sprintf('%o', $suggested_permissions);
            $permissions = fileperms($path) & 0777;
            $row[] = sprintf('%o', $permissions);
            if (!$permissions || $permissions != $suggested_permissions) {
                $row[] = __('WARNING', 'better-wp-security');
                $row[] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
            } else {
                $row[] = __('OK', 'better-wp-security');
                $row[] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;">&nbsp;&nbsp;&nbsp;</div>';
            }
            $rows[] = $row;
        }
        $class = 'entry-row';
        ?>
	<p><?php 
        $form->add_button('reload_file_permissions', array('value' => __('Reload File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module'));
        ?>
</p>
	<table class="widefat">
		<thead>
			<tr>
				<th><?php 
        _e('Relative Path', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Suggestion', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Value', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Result', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Status', 'better-wp-security');
        ?>
</th>
			</tr>
		</thead>
		<tfoot>
			<tr>
				<th><?php 
        _e('Relative Path', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Suggestion', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Value', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Result', 'better-wp-security');
        ?>
</th>
				<th><?php 
        _e('Status', 'better-wp-security');
        ?>
</th>
			</tr>
		</tfoot>
		<tbody>
			<?php 
        foreach ($rows as $row) {
            ?>
				<tr class="<?php 
            echo $class;
            ?>
">
					<?php 
            foreach ($row as $column) {
                ?>
						<td><?php 
                echo $column;
                ?>
</td>
					<?php 
            }
            ?>
				</tr>
				<?php 
            $class = 'entry-row' === $class ? 'entry-row alternate' : 'entry-row';
            ?>
			<?php 
        }
        ?>
		</tbody>
	</table>
	<br />
<?php 
    }
	/**
	 * Sanitize and validate input
	 *
	 * @param  Array $input array of input fields
	 *
	 * @return Array         Sanitized array
	 */
	public function sanitize_module_input( $input ) {

		global $itsec_globals;

		$input['protect_files']               = ( isset( $input['protect_files'] ) && intval( $input['protect_files'] == 1 ) ? true : false );
		$input['directory_browsing']          = ( isset( $input['directory_browsing'] ) && intval( $input['directory_browsing'] == 1 ) ? true : false );
		$input['request_methods']             = ( isset( $input['request_methods'] ) && intval( $input['request_methods'] == 1 ) ? true : false );
		$input['suspicious_query_strings']    = ( isset( $input['suspicious_query_strings'] ) && intval( $input['suspicious_query_strings'] == 1 ) ? true : false );
		$input['non_english_characters']      = ( isset( $input['non_english_characters'] ) && intval( $input['non_english_characters'] == 1 ) ? true : false );
		$input['long_url_strings']            = ( isset( $input['long_url_strings'] ) && intval( $input['long_url_strings'] == 1 ) ? true : false );
		$input['write_permissions']           = ( isset( $input['write_permissions'] ) && intval( $input['write_permissions'] == 1 ) ? true : false );
		$input['wlwmanifest_header']          = ( isset( $input['wlwmanifest_header'] ) && intval( $input['wlwmanifest_header'] == 1 ) ? true : false );
		$input['edituri_header']              = ( isset( $input['edituri_header'] ) && intval( $input['edituri_header'] == 1 ) ? true : false );
		$input['theme_updates']               = ( isset( $input['theme_updates'] ) && intval( $input['theme_updates'] == 1 ) ? true : false );
		$input['plugin_updates']              = ( isset( $input['plugin_updates'] ) && intval( $input['plugin_updates'] == 1 ) ? true : false );
		$input['core_updates']                = ( isset( $input['core_updates'] ) && intval( $input['core_updates'] == 1 ) ? true : false );
		$input['comment_spam']                = ( isset( $input['comment_spam'] ) && intval( $input['comment_spam'] == 1 ) ? true : false );
		$input['file_editor']                 = ( isset( $input['file_editor'] ) && intval( $input['file_editor'] == 1 ) ? true : false );
		$input['disable_xmlrpc']              = isset( $input['disable_xmlrpc'] ) ? intval( $input['disable_xmlrpc'] ) : 0;
		$input['allow_xmlrpc_multiauth']      = isset( $input['allow_xmlrpc_multiauth'] ) ? (bool) $input['allow_xmlrpc_multiauth'] : true;
		$input['uploads_php']                 = ( isset( $input['uploads_php'] ) && intval( $input['uploads_php'] == 1 ) ? true : false );
		$input['safe_jquery']                 = ( isset( $input['safe_jquery'] ) && intval( $input['safe_jquery'] == 1 ) ? true : false );
		$input['login_errors']                = ( isset( $input['login_errors'] ) && intval( $input['login_errors'] == 1 ) ? true : false );
		$input['force_unique_nicename']       = ( isset( $input['force_unique_nicename'] ) && intval( $input['force_unique_nicename'] == 1 ) ? true : false );
		$input['disable_unused_author_pages'] = ( isset( $input['disable_unused_author_pages'] ) && intval( $input['disable_unused_author_pages'] == 1 ) ? true : false );

		if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) ) {
			$this->settings['allow_xmlrpc_multiauth'] = null;
		}

		if (
			( $input['protect_files'] !== $this->settings['protect_files'] ||
			  $input['directory_browsing'] !== $this->settings['directory_browsing'] ||
			  $input['request_methods'] !== $this->settings['request_methods'] ||
			  $input['suspicious_query_strings'] !== $this->settings['suspicious_query_strings'] ||
			  $input['non_english_characters'] !== $this->settings['non_english_characters'] ||
			  $input['comment_spam'] !== $this->settings['comment_spam'] ||
			  $input['disable_xmlrpc'] !== $this->settings['disable_xmlrpc'] ||
			  $input['allow_xmlrpc_multiauth'] !== $this->settings['allow_xmlrpc_multiauth'] ||
			  $input['uploads_php'] !== $this->settings['uploads_php']
			) ||
			isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true
		) {

			add_site_option( 'itsec_rewrites_changed', true );

		}

		if ( $input['file_editor'] !== $this->settings['file_editor'] ) {

			add_site_option( 'itsec_config_changed', true );

		}


		if ( $input['write_permissions'] === true ) {
			// Always set permissions to 0444 when saving the settings.
			// This ensures that the file permissions are fixed each time the settings are saved.
			
			$new_permissions = 0444;
		} else if ( $input['write_permissions'] !== $this->settings['write_permissions'] ) {
			// Only revert the settings to the defaults when disabling the setting.
			// This avoids changing the file permissions when the setting has yet to be enabled and disabled.
			
			$new_permissions = 0664;
		}
		
		if ( isset( $new_permissions ) ) {
			// Only change the permissions when needed.
			
			require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' );
			require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' );
			
			$server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path();
			$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
			
			ITSEC_Lib_File::chmod( $server_config_file, $new_permissions );
			ITSEC_Lib_File::chmod( $wp_config_file, $new_permissions );
		}


		if ( is_multisite() ) {

			$this->settings = $input;

		}

		return $input;

	}
Exemplo n.º 5
0
 /**
  * Processes file writing after saving options.
  *
  * Looks to see if rewrites_changed is true and starts file writing process as appropriate
  *
  * @since 4.0.0
  *
  * @return void
  */
 public function admin_init()
 {
     global $itsec_globals;
     if (true === $this->rewrites_changed) {
         if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) {
             do_action('itsec_pre_save_rewrites');
             $rewrites = $this->save_rewrites();
             if (is_array($rewrites)) {
                 if (false === $rewrites['success']) {
                     add_settings_error('itsec', esc_attr('settings_updated'), $rewrites['text'], 'error');
                     require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php';
                     $file = ITSEC_Lib_Config_File::get_server_config_file_path();
                     $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "Rewrite Rules" section.', 'better-wp-security'), $file, admin_url('admin.php?page=itsec#itsec_rewrite'));
                     add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error');
                 } else {
                     if (true !== $rewrites['text']) {
                         add_settings_error('itsec', esc_attr('settings_updated'), __('Settings Updated', 'better-wp-security') . '<br />' . $rewrites['text'], 'updated');
                     }
                 }
             } else {
                 add_site_option('itsec_manual_update', true);
             }
         } else {
             add_site_option('itsec_manual_update', true);
         }
     }
     if (true === $this->config_changed) {
         if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) {
             do_action('itsec_pre_save_configs');
             $configs = $this->save_wpconfig();
             if (is_array($configs)) {
                 if (false === $configs['success']) {
                     add_settings_error('itsec', esc_attr('settings_updated'), $configs['text'], 'error');
                     $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "wp-config.php Rules" section.', 'better-wp-security'), ABSPATH . 'wp-config.php', admin_url('admin.php?page=itsec#itsec_wpconfig'));
                     add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error');
                 }
                 if (1 == get_site_option('itsec_clear_login')) {
                     delete_site_option('itsec_clear_login');
                     wp_clear_auth_cookie();
                     $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true';
                     wp_safe_redirect($redirect_to);
                     exit;
                 }
             } else {
                 add_site_option('itsec_manual_update', true);
             }
         } else {
             add_site_option('itsec_manual_update', true);
         }
     }
 }
Exemplo n.º 6
0
 /**
  * Gets location of .htaccess
  *
  * Finds and returns path to .htaccess or nginx.conf if appropriate
  *
  * @since 4.0.0
  *
  * @return string path to .htaccess
  */
 public static function get_htaccess()
 {
     require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php';
     return ITSEC_Lib_Config_File::get_server_config_file_path();
 }