protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$forbidden_slugs = array('admin', 'login', 'wp-login.php', 'dashboard', 'wp-admin');
if (in_array($this->settings['slug'], $forbidden_slugs)) {
$this->add_error(__('The Login Slug cannot be "%1$s" as WordPress uses that slug.', 'better-wp-security'));
$this->set_can_save(false);
return;
}
if ($this->settings['enabled'] && $this->settings['slug'] !== $this->previous_settings['slug']) {
$url = get_site_url() . '/' . $this->settings['slug'];
ITSEC_Response::add_message(sprintf(__('The Hide Backend feature is now active. Your new login URL is <strong><code>%1$s</code></strong>. Please note this may be different than what you sent as the URL was sanitized to meet various requirements. A reminder has also been sent to the notification email addresses set in iThemes Security\'s Global settings.', 'better-wp-security'), esc_url($url)));
} else {
if ($this->settings['enabled'] && !$this->previous_settings['enabled']) {
$url = get_site_url() . '/' . $this->settings['slug'];
ITSEC_Response::add_message(sprintf(__('The Hide Backend feature is now active. Your new login URL is <strong><code>%1$s</code></strong>. A reminder has also been sent to the notification email addresses set in iThemes Security\'s Global settings.', 'better-wp-security'), esc_url($url)));
} else {
if (!$this->settings['enabled'] && $this->previous_settings['enabled']) {
$url = get_site_url() . '/wp-login.php';
ITSEC_Response::add_message(sprintf(__('The Hide Backend feature is now disabled. Your new login URL is <strong><code>%1$s</code></strong>. A reminder has also been sent to the notification email addresses set in iThemes Security\'s Global settings.', 'better-wp-security'), esc_url($url)));
}
}
}
if (isset($url)) {
$this->send_new_login_url($url);
ITSEC_Response::prevent_modal_close();
}
if ($this->settings['enabled'] !== $this->previous_settings['enabled'] || $this->settings['slug'] !== $this->previous_settings['slug'] || $this->settings['register'] !== $this->previous_settings['register']) {
ITSEC_Response::regenerate_server_config();
}
ITSEC_Response::reload_module($this->get_id());
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
$diff = array_diff_assoc($this->settings, $previous_settings);
if (!empty($diff)) {
ITSEC_Response::regenerate_server_config();
}
if ($this->settings['write_permissions']) {
// Always set permissions to 0444 when saving the settings.
// This ensures that the file permissions are fixed each time the settings are saved.
$new_permissions = 0444;
} else {
if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) {
// Only revert the settings to the defaults when disabling the setting.
// This avoids changing the file permissions when the setting has yet to be enabled and disabled.
$new_permissions = 0664;
}
}
if (isset($new_permissions)) {
// Only change the permissions when needed.
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php';
require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php';
$server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path();
$wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path();
ITSEC_Lib_File::chmod($server_config_file, $new_permissions);
ITSEC_Lib_File::chmod($wp_config_file, $new_permissions);
ITSEC_Response::reload_module('file-permissions');
}
}
public static function deactivate()
{
$self = self::get_instance();
$self->remove_config_hooks();
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
protected function handle_settings_changes($old_settings)
{
if ($this->settings['digest_email'] && !$old_settings['digest_email']) {
$digest_queue = array('last_sent' => ITSEC_Core::get_current_time_gmt(), 'messages' => array());
update_site_option('itsec_message_queue', $digest_queue);
}
if ($this->settings['write_files'] && !$old_settings['write_files']) {
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
if ($this->settings['file_editor'] !== $previous_settings['file_editor']) {
ITSEC_Response::regenerate_wp_config();
}
if ($this->settings['disable_xmlrpc'] !== $previous_settings['disable_xmlrpc'] || $this->settings['comment_spam'] !== $previous_settings['comment_spam']) {
ITSEC_Response::regenerate_server_config();
}
}
protected function validate_settings()
{
if (!$this->can_save()) {
return;
}
$previous_settings = ITSEC_Modules::get_settings($this->get_id());
foreach ($this->settings as $key => $val) {
if (!isset($previous_settings[$key]) || $previous_settings[$key] != $val) {
ITSEC_Response::regenerate_server_config();
break;
}
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['protect_files'] = isset($itsec_bwps_options['st_ht_files']) && $itsec_bwps_options['st_ht_files'] == 1 ? true : false;
$current_options['directory_browsing'] = isset($itsec_bwps_options['st_ht_browsing']) && $itsec_bwps_options['st_ht_browsing'] == 1 ? true : false;
$current_options['request_methods'] = isset($itsec_bwps_options['st_ht_request']) && $itsec_bwps_options['st_ht_request'] == 1 ? true : false;
$current_options['suspicious_query_strings'] = isset($itsec_bwps_options['st_ht_query']) && $itsec_bwps_options['st_ht_query'] == 1 ? true : false;
$current_options['non_english_characters'] = isset($itsec_bwps_options['st_ht_foreign']) && $itsec_bwps_options['st_ht_foreign'] == 1 ? true : false;
$current_options['long_url_strings'] = isset($itsec_bwps_options['st_longurl']) && $itsec_bwps_options['st_longurl'] == 1 ? true : false;
$current_options['write_permissions'] = isset($itsec_bwps_options['st_fileperm']) && $itsec_bwps_options['st_fileperm'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('system-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('system-tweaks');
} else {
ITSEC_Modules::deactivate('system-tweaks');
}
ITSEC_Modules::set_settings('system-tweaks', $current_options);
}
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['wlwmanifest_header'] = isset($itsec_bwps_options['st_manifest']) && $itsec_bwps_options['st_manifest'] == 1 ? true : false;
$current_options['edituri_header'] = isset($itsec_bwps_options['st_edituri']) && $itsec_bwps_options['st_edituri'] == 1 ? true : false;
$current_options['comment_spam'] = isset($itsec_bwps_options['st_comment']) && $itsec_bwps_options['st_comment'] == 1 ? true : false;
$current_options['login_errors'] = isset($itsec_bwps_options['st_loginerror']) && $itsec_bwps_options['st_loginerror'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('wordpress-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $setting => $on) {
// False is actually "enabled" for blocking xmlrpc multiauth
if ('allow_xmlrpc_multiauth' !== $setting && $on || 'allow_xmlrpc_multiauth' === $setting && !$on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('wordpress-tweaks');
} else {
ITSEC_Modules::deactivate('wordpress-tweaks');
}
ITSEC_Modules::set_settings('wordpress-tweaks', $current_options);
}
}
}
/**
* Execute module upgrade
*
* @since 4.0
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
ITSEC_Lib::create_database_tables();
$current_options = get_site_option('itsec_tweaks');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['theme_updates'] = isset($itsec_bwps_options['st_themenot']) && $itsec_bwps_options['st_themenot'] == 1 ? true : false;
$current_options['plugin_updates'] = isset($itsec_bwps_options['st_pluginnot']) && $itsec_bwps_options['st_pluginnot'] == 1 ? true : false;
$current_options['core_updates'] = isset($itsec_bwps_options['st_corenot']) && $itsec_bwps_options['st_corenot'] == 1 ? true : false;
update_site_option('itsec_tweaks', $current_options);
ITSEC_Response::regenerate_server_config();
ITSEC_Response::regenerate_wp_config();
}
}
if ($itsec_old_version < 4035) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_tweaks');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$new_module_settings = ITSEC_Modules::get_settings('multisite-tweaks');
// Reduce to only settings in new module
$current_options = array_intersect_key($current_options, $new_module_settings);
// Use new module settings as defaults for any missing settings
$current_options = array_merge($new_module_settings, $current_options);
// If anything in this module is being used activate it, otherwise deactivate it
$activate = false;
foreach ($current_options as $on) {
if ($on) {
$activate = true;
break;
}
}
if ($activate) {
ITSEC_Modules::activate('multisite-tweaks');
} else {
ITSEC_Modules::deactivate('multisite-tweaks');
}
ITSEC_Modules::set_settings('multisite-tweaks', $current_options);
}
}
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_ban_users');
// Don't do anything if settings haven't already been set, defaults exist in the module system and we prefer to use those
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['bu_enabled']) && $itsec_bwps_options['bu_enabled'] == 1 ? true : false;
$current_options['default'] = isset($itsec_bwps_options['bu_blacklist']) && $itsec_bwps_options['bu_blacklist'] == 1 ? true : false;
if (isset($itsec_bwps_options['bu_banlist']) && !is_array($itsec_bwps_options['bu_banlist']) && strlen($itsec_bwps_options['bu_banlist']) > 1) {
$raw_hosts = explode(PHP_EOL, $itsec_bwps_options['bu_banlist']);
foreach ($raw_hosts as $host) {
if (strlen($host) > 1) {
$current_options['host_list'][] = $host;
}
}
}
if (isset($itsec_bwps_options['bu_banagent']) && !is_array($itsec_bwps_options['bu_banagent']) && strlen($itsec_bwps_options['bu_banagent']) > 1) {
$current_options['agent_list'] = explode(PHP_EOL, $itsec_bwps_options['bu_banagent']);
$raw_agents = explode(PHP_EOL, $itsec_bwps_options['bu_banagent']);
foreach ($raw_agents as $agent) {
if (strlen($agent) > 1) {
$current_options['agent_list'][] = $agent;
}
}
}
update_site_option('itsec_ban_users', $current_options);
ITSEC_Response::regenerate_server_config();
}
}
if ($itsec_old_version < 4027) {
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_ban_users');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
$itsec_modules = ITSEC_Modules::get_instance();
// 'enable_ban_lists' was previously just 'enabled'
// Make sure the new module is properly activated or deactivated
if ($current_options['enabled']) {
ITSEC_Modules::activate('backup');
$current_options['enable_ban_lists'] = true;
} else {
ITSEC_Modules::deactivate('backup');
$current_options['enable_ban_lists'] = false;
}
unset($current_options['enabled']);
// Filter out invalid IPs
$current_options['host_list'] = array_map('trim', $current_options['host_list']);
if (!class_exists('ITSEC_Lib_IP_Tools')) {
require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-ip-tools.php';
}
foreach ($current_options['host_list'] as $index => $ip) {
if ('' === $ip || false === ITSEC_Lib_IP_Tools::ip_wild_to_ip_cidr($ip)) {
unset($current_options['host_list'][$index]);
}
}
$itsec_modules->set_settings('ban-users', $current_options);
}
}
}
/**
* Update Execution
*
* @since 4.0
*
* @param string $old_version Old version number
*
* @return void
*/
private function upgrade_execute($upgrade = false)
{
global $itsec_old_version, $itsec_globals, $wpdb, $itsec_setup_action;
$tables_updated = false;
$itsec_setup_action = 'upgrade';
$itsec_old_version = $upgrade;
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
if (wp_next_scheduled('bwps_backup')) {
wp_clear_scheduled_hook('bwps_backup');
}
if (is_multisite()) {
switch_to_blog(1);
$itsec_bwps_options = get_option('bit51_bwps');
delete_option('bit51_bwps');
delete_option('bwps_intrusion_warning');
delete_option('bit51_bwps_data');
delete_site_transient('bit51_bwps_backup');
delete_site_transient('bwps_away');
restore_current_blog();
} else {
$itsec_bwps_options = get_option('bit51_bwps');
delete_option('bit51_bwps');
delete_option('bwps_intrusion_warning');
delete_option('bit51_bwps_data');
delete_site_transient('bit51_bwps_backup');
delete_site_transient('bwps_away');
}
if ($itsec_bwps_options !== false) {
$current_options = get_site_option('itsec_global');
if ($current_options === false) {
$current_options = $this->defaults;
}
$current_options['notification_email'] = array(isset($itsec_bwps_options['ll_emailaddress']) && strlen($itsec_bwps_options['ll_emailaddress']) ? $itsec_bwps_options['ll_emailaddress'] : get_option('admin_email'));
$current_options['backup_email'] = array(isset($itsec_bwps_options['backup_emailaddress']) && strlen($itsec_bwps_options['backup_emailaddress']) ? $itsec_bwps_options['backup_emailaddress'] : get_option('admin_email'));
$current_options['blacklist'] = isset($itsec_bwps_options['ll_blacklistip']) && $itsec_bwps_options['ll_blacklistip'] == 0 ? false : true;
$current_options['blacklist_count'] = isset($itsec_bwps_options['ll_blacklistipthreshold']) && intval($itsec_bwps_options['ll_blacklistipthreshold']) > 0 ? intval($itsec_bwps_options['ll_blacklistipthreshold']) : 3;
$current_options['write_files'] = isset($itsec_bwps_options['st_writefiles']) && $itsec_bwps_options['st_writefiles'] == 1 ? true : false;
$itsec_globals['settings']['write_files'] = $current_options['write_files'];
$current_options['did_upgrade'] = true;
if (isset($itsec_bwps_options['id_whitelist']) && !is_array($itsec_bwps_options['id_whitelist']) && strlen($itsec_bwps_options['id_whitelist']) > 1) {
$raw_hosts = explode(PHP_EOL, $itsec_bwps_options['id_whitelist']);
foreach ($raw_hosts as $host) {
if (strlen($host) > 1) {
$current_options['lockout_white_list'][] = $host;
}
}
}
if ($current_options['write_files'] === false) {
set_site_transient('ITSEC_SHOW_WRITE_FILES_TOOLTIP', true, 600);
}
update_site_option('itsec_global', $current_options);
}
$wpdb->query("DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_lockouts`;");
$wpdb->query("DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "bwps_log`;");
$wpdb->query("DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_d404`;");
$wpdb->query("DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_ll`;");
$wpdb->query("DROP TABLE IF EXISTS `" . $wpdb->base_prefix . "BWPS_lockouts`;");
delete_option('bwps_file_log');
delete_option('bwps_awaymode');
delete_option('bwps_filecheck');
delete_option('BWPS_Login_Slug');
delete_option('BWPS_options');
delete_option('BWPS_versions');
delete_option('bit51_bwps_data');
}
$this->do_modules();
$itsec_globals['data']['build'] = ITSEC_Core::get_plugin_build();
update_site_option('itsec_data', $itsec_globals['data']);
if ($itsec_old_version < 4030) {
ITSEC_Lib::create_database_tables();
//adds username field to lockouts and temp
$tables_updated = true;
ITSEC_Response::regenerate_server_config();
}
if ($itsec_old_version < 4031) {
$banned_option = get_site_option('itsec_ban_users');
if (isset($banned_option['white_list'])) {
$banned_white_list = $banned_option['white_list'];
$options = get_site_option('itsec_global');
$white_list = isset($options['lockout_white_list']) ? $options['lockout_white_list'] : array();
if (!is_array($white_list)) {
$white_list = explode(PHP_EOL, $white_list);
}
if (!is_array($banned_white_list)) {
$banned_white_list = explode(PHP_EOL, $banned_white_list);
}
$new_white_list = array_merge($white_list, $banned_white_list);
$options['lockout_white_list'] = $new_white_list;
update_site_option('itsec_global', $options);
}
}
if ($itsec_old_version < 4033) {
if (get_site_option('itsec_api_nag') === false) {
//show the nag to activate an API key
add_site_option('itsec_api_nag', true, false);
}
}
//IPv6 support was added in 4039
if ($itsec_old_version < 4039 && !$tables_updated) {
ITSEC_Lib::create_database_tables();
$tables_updated = true;
}
if ($itsec_old_version < 4040) {
$options = get_site_option('itsec_global');
if ($options['log_info']) {
$new_log_info = substr(sanitize_title(get_bloginfo('name')), 0, 20) . '-' . wp_generate_password(30, false);
$old_file = path_join($options['log_location'], 'event-log-' . $options['log_info'] . '.log');
$new_file = path_join($options['log_location'], 'event-log-' . $new_log_info . '.log');
// If the file exists already, don't update the location unless we successfully move it.
if (file_exists($old_file) && rename($old_file, $new_file)) {
$options['log_info'] = $new_log_info;
}
}
// Make sure we have an index files to block directory listing in logs directory
if (is_dir($options['log_location']) && !file_exists(path_join($options['log_location'], 'index.php'))) {
file_put_contents(path_join($options['log_location'], 'index.php'), "<?php\n// Silence is golden.");
}
$backup_options = get_site_option('itsec_backup');
// Make sure we have an index files to block directory listing in backups directory
if (is_dir($backup_options['location']) && !file_exists(path_join($backup_options['location'], 'index.php'))) {
file_put_contents(path_join($backup_options['location'], 'index.php'), "<?php\n// Silence is golden.");
}
update_site_option('itsec_global', $options);
}
$itsec_modules = ITSEC_Modules::get_instance();
$itsec_modules->run_upgrade($itsec_old_version, ITSEC_Core::get_plugin_build());
}
/**
* Execute module upgrade
*
* @return void
*/
public function execute_upgrade($itsec_old_version)
{
if ($itsec_old_version < 4000) {
global $itsec_bwps_options;
$current_options = get_site_option('itsec_hide_backend');
if (false !== $current_options) {
$current_options['enabled'] = isset($itsec_bwps_options['hb_enabled']) && $itsec_bwps_options['hb_enabled'] == 1 ? true : false;
$current_options['register'] = isset($itsec_bwps_options['hb_register']) ? sanitize_text_field($itsec_bwps_options['hb_register']) : 'wp-register.php';
if ($current_options['enabled'] === true) {
$current_options['show-tooltip'] = true;
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
} else {
$current_options['show-tooltip'] = false;
}
$forbidden_slugs = array('admin', 'login', 'wp-login.php', 'dashboard', 'wp-admin', '');
if (isset($itsec_bwps_options['hb_login']) && !in_array(trim($itsec_bwps_options['hb_login']), $forbidden_slugs)) {
$current_options['slug'] = $itsec_bwps_options['hb_login'];
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
} else {
$current_options['enabled'] = false;
set_site_transient('ITSEC_SHOW_HIDE_BACKEND_TOOLTIP', true, 600);
}
update_site_option('itsec_hide_backend', $current_options);
ITSEC_Response::regenerate_server_config();
}
}
if ($itsec_old_version < 4027) {
$current_options = get_site_option('itsec_hide_backend');
if (isset($current_options['enabled']) && $current_options['enabled'] === true) {
$config_file = ITSEC_Lib::get_htaccess();
//Make sure we can write to the file
$perms = substr(sprintf('%o', @fileperms($config_file)), -4);
@chmod($config_file, 0664);
add_action('admin_init', array($this, 'flush_rewrite_rules'));
//reset file permissions if we changed them
if ($perms == '0444') {
@chmod($config_file, 0444);
}
ITSEC_Response::regenerate_server_config();
}
}
if ($itsec_old_version < 4041) {
$current_options = get_site_option('itsec_hide_backend');
// If there are no current options, go with the new defaults by not saving anything
if (is_array($current_options)) {
// remove 'show-tooltip' which is old and not used in the new module
unset($current_options['show-tooltip']);
ITSEC_Modules::set_settings('hide-backend', $current_options);
}
}
}
