public static function startScan()
{
wssLog(__METHOD__ . '() triggered ' . PHP_EOL . str_repeat('=', 50));
$settings = WsdWPScanSettings::getSettings();
$scanID = $settings['SCAN_ID'];
$scanState = $settings['SCAN_STATE'];
$scanProgress = $settings['SCAN_PROGRESS'];
$scanResult = $settings['SCAN_RESULT'];
$scanType = $settings['SCAN_TYPE'];
self::$_scanID = $scanID;
wssLog('SCAN DATA', array('$scanID' => $scanID, '$scanState' => $scanState, '$scanProgress' => $scanProgress, '$scanResult' => $scanResult, '$scanType' => $scanType));
// if scan id == 0 there is no scan registered
if (empty($scanID)) {
$failReason = "Internal Error: No scan ID provided.";
wssLog('No scan ID. Ignoring the scan start request.');
self::stopScan(false, $failReason);
return false;
}
//#! if scan state is none
if ($scanState == WsdWPScanSettings::SCAN_STATE_NONE) {
wssLog('Invalid scan state. Ignoring the scan start request.', array('state' => 'SCAN_STATE_NONE'));
return false;
}
//#! if scan in progress
if ($scanState == WsdWPScanSettings::SCAN_STATE_IN_PROGRESS) {
wssLog('Scan is running. Ignoring the scan start request.', array('state' => 'SCAN_STATE_IN_PROGRESS', 'progress' => $scanProgress));
return false;
}
//#! Start scan
//=============================
global $wp_version;
wssLog('WordPress version installed:', array('version' => $wp_version));
if (empty($wp_version)) {
$failReason = __("Could not retrieve the WordPress version.", WpsSettings::TEXT_DOMAIN);
wssLog('Invalid WordPress version detected.');
self::stopScan(false, $failReason);
return false;
}
wssLog('Starting scan.', array('ID' => self::$_scanID));
@ignore_user_abort(true);
@set_time_limit(WpsSettings::WPS_MAX_TIME_EXEC_LIMIT);
//#! update scan state
WsdWPScanSettings::updateSetting('SCAN_STATE', WsdWPScanSettings::SCAN_STATE_IN_PROGRESS);
//#! Request the json file from server depending on the current WP version
$json = null;
$url = WpsSettings::getJsonRepoUrl() . "{$wp_version}.json";
wssLog('Retrieving json file.', array('path' => $url));
$c = @file_get_contents($url);
if (empty($c)) {
$reason = sprintf(__("Error retrieving the json file from server for the detected WordPress version: %s. Scan aborted.", WpsSettings::TEXT_DOMAIN), $wp_version);
wssLog($reason);
self::stopScan(false, $reason);
return false;
} else {
$data = json_decode($c);
wssLog('Json file retrieved from path: ' . $url);
if (is_null($data)) {
$failReason = __('Error decoding the json file. The file might be empty or corrupted.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
//#! Ensure file is valid
if (isset($data->root) && isset($data->wp_admin) && isset($data->wp_content) && isset($data->wp_includes)) {
$rootFiles = $data->root;
$wpAdminFiles = $data->wp_admin;
$wpContentFiles = $data->wp_content;
$wpIncludesFiles = $data->wp_includes;
if (empty($rootFiles) || empty($wpAdminFiles) || empty($wpContentFiles) || empty($wpIncludesFiles)) {
$failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
//#! mark as ok for GC
$data = null;
$now = time();
$h24 = 24 * 60 * 60;
$since = 0;
if ($scanType == 0) {
$since = strtotime('midnight');
} elseif ($scanType == 1) {
$since = $now - $h24;
} elseif ($scanType == 2) {
$since = $now - 2 * $h24;
} elseif ($scanType == 3) {
$since = $now - 3 * $h24;
} elseif ($scanType == 4) {
$since = $now - 4 * $h24;
} elseif ($scanType == 5) {
$since = $now - 5 * $h24;
} elseif ($scanType == 6) {
$since = $now - 6 * $h24;
} elseif ($scanType == 7) {
$since = $now - 7 * $h24;
} elseif ($scanType == 8) {
$since = strtotime("-1 months") - $h24 - $now;
}
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ROOT, true);
self::_checkFiles(ABSPATH, $rootFiles, $since, true);
wssLog("root directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ADMIN);
self::_checkFiles(ABSPATH . 'wp-admin/', $wpAdminFiles, $since, false, false, true);
wssLog("wp-admin directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_CONTENT);
self::_checkFiles(ABSPATH . 'wp-content/', $wpContentFiles, $since, false, true);
wssLog("wp-content directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_INCLUDES);
self::_checkFiles(ABSPATH . 'wp-includes/', $wpIncludesFiles, $since);
wssLog("wp-includes directory scan complete");
//#! Mark scan as completed
self::stopScan(true);
return true;
} else {
$failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
}
}
/**
* Retrieve the settings from database. This method will extract all methods found in the WsdSecurity class and provide them as
* settings in the settings page. It will also auto update itself in case new methods are added to the class or if
* some of them were removed.
* @return array
*/
public static function getSettings()
{
$className = 'WsdSecurity';
if (!class_exists($className)) {
return array();
}
if (wpsIsMultisite()) {
$settings = get_blog_option(1, WpsSettings::PLUGIN_SETTINGS_OPTION_NAME);
} else {
$settings = WpsOption::getOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME);
}
$methods = WpsSettings::getSettingsList();
$useReflection = false;
if (empty($settings)) {
$settings = array();
foreach ($methods as $method) {
$settings[$method['name']] = array('name' => $method['name'], 'value' => 0, 'desc' => $method['text']);
}
} else {
// Check to see whether or not new methods were added or subtracted
$numSettings = count($settings);
$numMethods = count($methods);
if ($numMethods != $numSettings) {
// add new methods
$_temp = array();
foreach ($methods as $method) {
if (!isset($settings[$method['name']])) {
$settings[$method['name']] = array('name' => $method['name'], 'value' => 0, 'desc' => $method['text']);
}
array_push($_temp, $method['name']);
}
// remove missing methods
foreach ($settings as $k => &$entry) {
if (!in_array($entry['name'], $_temp)) {
unset($settings[$k]);
}
}
}
}
WpsOption::addOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME, $settings);
return $settings;
}
function wpsRunFixes()
{
$methods = WpsSettings::getSettingsList();
if (empty($methods)) {
return false;
}
foreach ($methods as $method) {
add_action('init', array('WsdSecurity', $method['name']));
}
}
<?php
if (!WsdUtil::canLoad()) {
return;
}
/*
* Displays the File scan results info
*/
$acxFileList = WpsSettings::getScanFileList();
$acx_isPostBack = false;
$acx_message = '';
//@ IF POSTBACK
if (!WsdUtil::isWinOs()) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// check nonce
if (isset($_POST['wsdplugin_update_paths_field'])) {
if (!wp_verify_nonce($_POST['wsdplugin_update_paths_field'], 'wsdplugin_update_paths')) {
wp_die(__('Invalid request.'));
}
} else {
wp_die(__('Invalid request.'));
}
$acx_isPostBack = true;
$result = WsdUtil::changeFilePermissions($acxFileList);
if (empty($result)) {
$acx_message = __('No changes applied. You are running PHP on a Windows server thus chmod cannot be used');
} else {
$acx_message = __('Successful changes') . ': ' . $result['success'] . ', ' . __('Failed') . ': ' . $result['failed'];
}
}
}
