/**
* Retrieve all the constants and variables with their respective values defined
* in the WordPress configuration file, only the database password constant is
* omitted for security reasons.
*
* @return string The HTML code displaying the constants and variables found in the wp-config file.
*/
function sucuriscan_infosys_wpconfig()
{
$template_variables = array('WordpressConfig.Rules' => '', 'WordpressConfig.Total' => 0);
$ignore_wp_rules = array('DB_PASSWORD');
$wp_config_path = SucuriScan::get_wpconfig_path();
if ($wp_config_path) {
$wp_config_rules = array();
$wp_config_content = SucuriScanFileInfo::file_lines($wp_config_path);
// Parse the main configuration file and look for constants and global variables.
foreach ((array) $wp_config_content as $line) {
if (preg_match('/^\\s?(#|\\/\\/)/', $line)) {
// Ignore commented lines.
continue;
} elseif (preg_match('/define\\(/', $line)) {
// Detect PHP constants even if the line if indented.
$line = preg_replace('/.*define\\((.+)\\);.*/', '$1', $line);
$line_parts = explode(',', $line, 2);
} elseif (preg_match('/^\\$[a-zA-Z_]+/', $line)) {
// Detect global variables like the database table prefix.
$line = preg_replace('/;\\s\\/\\/.*/', ';', $line);
$line_parts = explode('=', $line, 2);
} else {
// Ignore other lines.
continue;
}
// Clean and append the rule to the wp_config_rules variable.
if (isset($line_parts) && count($line_parts) == 2) {
$key_name = '';
$key_value = '';
// TODO: A foreach loop is not really necessary, find a better way.
foreach ($line_parts as $i => $line_part) {
$line_part = trim($line_part);
$line_part = ltrim($line_part, '$');
$line_part = rtrim($line_part, ';');
// Remove single/double quotes at the beginning and end of the string.
$line_part = ltrim($line_part, "'");
$line_part = rtrim($line_part, "'");
$line_part = ltrim($line_part, '"');
$line_part = rtrim($line_part, '"');
// Assign the clean strings to specific variables.
if ($i == 0) {
$key_name = $line_part;
}
if ($i == 1) {
if (defined($key_name)) {
$key_value = constant($key_name);
if (is_bool($key_value)) {
$key_value = $key_value === true ? 'TRUE' : 'FALSE';
}
} else {
$key_value = $line_part;
}
}
}
// Remove the value of sensitive variables like the database password.
if (in_array($key_name, $ignore_wp_rules)) {
$key_value = 'hidden';
}
// Append the value to the configuration rules.
$wp_config_rules[$key_name] = $key_value;
}
}
// Pass the WordPress configuration rules to the template and show them.
$counter = 0;
foreach ($wp_config_rules as $var_name => $var_value) {
$css_class = $counter % 2 == 0 ? '' : 'alternate';
$label_css = 'sucuriscan-monospace';
if (empty($var_value)) {
$var_value = 'empty';
$label_css = 'sucuriscan-label-default';
} elseif ($var_value == 'hidden') {
$label_css = 'sucuriscan-label-info';
}
$template_variables['WordpressConfig.Total'] += 1;
$template_variables['WordpressConfig.Rules'] .= SucuriScanTemplate::get_snippet('infosys-wpconfig', array('WordpressConfig.VariableName' => SucuriScan::escape($var_name), 'WordpressConfig.VariableValue' => SucuriScan::escape($var_value), 'WordpressConfig.VariableCssClass' => $label_css, 'WordpressConfig.CssClass' => $css_class));
$counter += 1;
}
}
return SucuriScanTemplate::get_section('infosys-wpconfig', $template_variables);
}