/** * Manage Protect Settings * * ## OPTIONS * * whitelist: Whitelist an IP address. You can also read or clear the whitelist. * * * ## EXAMPLES * * wp jetpack protect whitelist <ip address> * wp jetpack protect whitelist list * wp jetpack protect whitelist clear * * @synopsis <whitelist> [<ip|ip_low-ip_high|list|clear>] */ public function protect($args, $assoc_args) { $action = isset($args[0]) ? $args[0] : 'prompt'; if (!in_array($action, array('whitelist'))) { WP_CLI::error(sprintf(__('%s is not a valid command.', 'jetpack'), $action)); } // Check if module is active if (!Jetpack::is_module_active(__FUNCTION__)) { WP_CLI::error(sprintf(_x('%s is not active. You can activate it with "wp jetpack module activate %s"', '"wp jetpack module activate" is a command - do not translate', 'jetpack'), __FUNCTION__, __FUNCTION__)); } if (in_array($action, array('whitelist'))) { if (isset($args[1])) { $action = 'whitelist'; } else { $action = 'prompt'; } } switch ($action) { case 'whitelist': $whitelist = array(); $new_ip = $args[1]; $current_whitelist = get_site_option('jetpack_protect_whitelist'); // Build array of IPs that are already whitelisted. // Re-build manually instead of using jetpack_protect_format_whitelist() so we can easily get // low & high range params for jetpack_protect_ip_address_is_in_range(); foreach ($current_whitelist as $whitelisted) { // IP ranges if ($whitelisted->range) { // Is it already whitelisted? if (jetpack_protect_ip_address_is_in_range($new_ip, $whitelisted->range_low, $whitelisted->range_high)) { WP_CLI::error(sprintf(__("%s has already been whitelisted", 'jetpack'), $new_ip)); break; } $whitelist[] = $whitelisted->range_low . " - " . $whitelisted->range_high; } else { // Individual IPs // Check if the IP is already whitelisted (single IP only) if ($new_ip == $whitelisted->ip_address) { WP_CLI::error(sprintf(__("%s has already been whitelisted", 'jetpack'), $new_ip)); break; } $whitelist[] = $whitelisted->ip_address; } } /* * List the whitelist * Done here because it's easier to read the $whitelist array after it's been rebuilt */ if (isset($args[1]) && 'list' == $args[1]) { if (!empty($whitelist)) { WP_CLI::success(__('Here are your whitelisted IPs:', 'jetpack')); foreach ($whitelist as $ip) { WP_CLI::line("\t" . str_pad($ip, 24)); } } else { WP_CLI::line(__('Whitelist is empty.', "jetpack")); } break; } /* * Clear the whitelist */ if (isset($args[1]) && 'clear' == $args[1]) { if (!empty($whitelist)) { $whitelist = array(); jetpack_protect_save_whitelist($whitelist); WP_CLI::success(__('Cleared all whitelisted IPs', 'jetpack')); } else { WP_CLI::line(__('Whitelist is empty.', "jetpack")); } break; } // Append new IP to whitelist array array_push($whitelist, $new_ip); // Save whitelist if there are no errors $result = jetpack_protect_save_whitelist($whitelist); if (is_wp_error($result)) { WP_CLI::error(__($result, 'jetpack')); } WP_CLI::success(sprintf(__('%s has been whitelisted.', 'jetpack'), $new_ip)); break; case 'prompt': WP_CLI::error(__('No command found.', 'jetpack') . "\n" . __('Please enter the IP address you want to whitelist.', 'jetpack') . "\n" . _x('You can save a range of IPs {low_range}-{high_range}. No spaces allowed. (example: 1.1.1.1-2.2.2.2)', 'Instructions on how to whitelist IP ranges - low_range/high_range should be translated.', 'jetpack') . "\n" . _x("You can also 'list' or 'clear' the whitelist.", "'list' and 'clear' are commands and should not be translated", 'jetpack') . "\n"); break; } }
function ip_is_whitelisted($ip) { // If we found an exact match in wp-config if (defined('JETPACK_IP_ADDRESS_OK') && JETPACK_IP_ADDRESS_OK == $ip) { return true; } $whitelist = jetpack_protect_get_local_whitelist(); if (is_multisite()) { $whitelist = array_merge($whitelist, get_site_option('jetpack_protect_global_whitelist', array())); } if (!empty($whitelist)) { foreach ($whitelist as $item) { // If the IPs are an exact match if (!$item->range && isset($item->ip_address) && $item->ip_address == $ip) { return true; } if ($item->range && isset($item->range_low) && isset($item->range_high)) { if (jetpack_protect_ip_address_is_in_range($ip, $item->range_low, $item->range_high)) { return true; } } } } return false; }