Пример #1
0
/**
 * Retrieve all the constants and variables with their respective values defined
 * in the WordPress configuration file, only the database password constant is
 * omitted for security reasons.
 *
 * @return string The HTML code displaying the constants and variables found in the wp-config file.
 */
function sucuriscan_infosys_wpconfig()
{
    $template_variables = array('WordpressConfig.Rules' => '', 'WordpressConfig.Total' => 0);
    $ignore_wp_rules = array('DB_PASSWORD');
    $wp_config_path = SucuriScan::get_wpconfig_path();
    if ($wp_config_path) {
        $wp_config_rules = array();
        $wp_config_content = SucuriScanFileInfo::file_lines($wp_config_path);
        // Parse the main configuration file and look for constants and global variables.
        foreach ((array) $wp_config_content as $line) {
            if (preg_match('/^\\s?(#|\\/\\/)/', $line)) {
                // Ignore commented lines.
                continue;
            } elseif (preg_match('/define\\(/', $line)) {
                // Detect PHP constants even if the line if indented.
                $line = preg_replace('/.*define\\((.+)\\);.*/', '$1', $line);
                $line_parts = explode(',', $line, 2);
            } elseif (preg_match('/^\\$[a-zA-Z_]+/', $line)) {
                // Detect global variables like the database table prefix.
                $line = preg_replace('/;\\s\\/\\/.*/', ';', $line);
                $line_parts = explode('=', $line, 2);
            } else {
                // Ignore other lines.
                continue;
            }
            // Clean and append the rule to the wp_config_rules variable.
            if (isset($line_parts) && count($line_parts) == 2) {
                $key_name = '';
                $key_value = '';
                // TODO: A foreach loop is not really necessary, find a better way.
                foreach ($line_parts as $i => $line_part) {
                    $line_part = trim($line_part);
                    $line_part = ltrim($line_part, '$');
                    $line_part = rtrim($line_part, ';');
                    // Remove single/double quotes at the beginning and end of the string.
                    $line_part = ltrim($line_part, "'");
                    $line_part = rtrim($line_part, "'");
                    $line_part = ltrim($line_part, '"');
                    $line_part = rtrim($line_part, '"');
                    // Assign the clean strings to specific variables.
                    if ($i == 0) {
                        $key_name = $line_part;
                    }
                    if ($i == 1) {
                        if (defined($key_name)) {
                            $key_value = constant($key_name);
                            if (is_bool($key_value)) {
                                $key_value = $key_value === true ? 'TRUE' : 'FALSE';
                            }
                        } else {
                            $key_value = $line_part;
                        }
                    }
                }
                // Remove the value of sensitive variables like the database password.
                if (in_array($key_name, $ignore_wp_rules)) {
                    $key_value = 'hidden';
                }
                // Append the value to the configuration rules.
                $wp_config_rules[$key_name] = $key_value;
            }
        }
        // Pass the WordPress configuration rules to the template and show them.
        $counter = 0;
        foreach ($wp_config_rules as $var_name => $var_value) {
            $css_class = $counter % 2 == 0 ? '' : 'alternate';
            $label_css = 'sucuriscan-monospace';
            if (empty($var_value)) {
                $var_value = 'empty';
                $label_css = 'sucuriscan-label-default';
            } elseif ($var_value == 'hidden') {
                $label_css = 'sucuriscan-label-info';
            }
            $template_variables['WordpressConfig.Total'] += 1;
            $template_variables['WordpressConfig.Rules'] .= SucuriScanTemplate::get_snippet('infosys-wpconfig', array('WordpressConfig.VariableName' => SucuriScan::escape($var_name), 'WordpressConfig.VariableValue' => SucuriScan::escape($var_value), 'WordpressConfig.VariableCssClass' => $label_css, 'WordpressConfig.CssClass' => $css_class));
            $counter += 1;
        }
    }
    return SucuriScanTemplate::get_section('infosys-wpconfig', $template_variables);
}