protected function validate_settings() { if (!$this->can_save()) { return; } $previous_settings = ITSEC_Modules::get_settings($this->get_id()); $diff = array_diff_assoc($this->settings, $previous_settings); if (!empty($diff)) { ITSEC_Response::regenerate_server_config(); } if ($this->settings['write_permissions']) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else { if ($this->settings['write_permissions'] !== $previous_settings['write_permissions']) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } } if (isset($new_permissions)) { // Only change the permissions when needed. require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-config-file.php'; require_once ITSEC_Core::get_core_dir() . 'lib/class-itsec-lib-file.php'; $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod($server_config_file, $new_permissions); ITSEC_Lib_File::chmod($wp_config_file, $new_permissions); ITSEC_Response::reload_module('file-permissions'); } }
public static function regenerate_server_config($add_responses = true) { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; $result = ITSEC_Lib_Config_File::update_server_config(); $success = !is_wp_error($result); $server = ITSEC_Lib_Utility::get_web_server(); if ($add_responses) { if (is_wp_error($result)) { ITSEC_Response::add_error($result); $file = ITSEC_Lib_Config_File::get_server_config_file_path(); } else { if ('nginx' === $server) { ITSEC_Response::add_message(__('You must restart your NGINX server for the changes to take effect.', 'better-wp-security')); } } } return $success; }
protected function render_settings($form) { if (!defined('DOING_AJAX') || !DOING_AJAX) { echo '<p>' . __('Click the button to load the current file permissions.', 'better-wp-security') . '</p>'; echo '<p>' . $form->add_button('load_file_permissions', array('value' => __('Load File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module')) . '</p>'; return; } require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; $wp_upload_dir = ITSEC_Core::get_wp_upload_dir(); $path_data = array(array(ABSPATH, 0755), array(ABSPATH . WPINC, 0755), array(ABSPATH . 'wp-admin', 0755), array(ABSPATH . 'wp-admin/js', 0755), array(WP_CONTENT_DIR, 0755), array(get_theme_root(), 0755), array(WP_PLUGIN_DIR, 0755), array($wp_upload_dir['basedir'], 0755), array(ITSEC_Lib_Config_File::get_wp_config_file_path(), 0444), array(ITSEC_Lib_Config_File::get_server_config_file_path(), 0444)); $rows = array(); foreach ($path_data as $path) { $row = array(); list($path, $suggested_permissions) = $path; $display_path = preg_replace('/^' . preg_quote(ABSPATH, '/') . '/', '', $path); $display_path = ltrim($display_path, '/'); if (empty($display_path)) { $display_path = '/'; } $row[] = $display_path; $row[] = sprintf('%o', $suggested_permissions); $permissions = fileperms($path) & 0777; $row[] = sprintf('%o', $permissions); if (!$permissions || $permissions != $suggested_permissions) { $row[] = __('WARNING', 'better-wp-security'); $row[] = '<div style="background-color: #FEFF7F; border: 1px solid #E2E2E2;"> </div>'; } else { $row[] = __('OK', 'better-wp-security'); $row[] = '<div style="background-color: #22EE5B; border: 1px solid #E2E2E2;"> </div>'; } $rows[] = $row; } $class = 'entry-row'; ?> <p><?php $form->add_button('reload_file_permissions', array('value' => __('Reload File Permissions Details', 'better-wp-security'), 'class' => 'button-primary itsec-reload-module')); ?> </p> <table class="widefat"> <thead> <tr> <th><?php _e('Relative Path', 'better-wp-security'); ?> </th> <th><?php _e('Suggestion', 'better-wp-security'); ?> </th> <th><?php _e('Value', 'better-wp-security'); ?> </th> <th><?php _e('Result', 'better-wp-security'); ?> </th> <th><?php _e('Status', 'better-wp-security'); ?> </th> </tr> </thead> <tfoot> <tr> <th><?php _e('Relative Path', 'better-wp-security'); ?> </th> <th><?php _e('Suggestion', 'better-wp-security'); ?> </th> <th><?php _e('Value', 'better-wp-security'); ?> </th> <th><?php _e('Result', 'better-wp-security'); ?> </th> <th><?php _e('Status', 'better-wp-security'); ?> </th> </tr> </tfoot> <tbody> <?php foreach ($rows as $row) { ?> <tr class="<?php echo $class; ?> "> <?php foreach ($row as $column) { ?> <td><?php echo $column; ?> </td> <?php } ?> </tr> <?php $class = 'entry-row' === $class ? 'entry-row alternate' : 'entry-row'; ?> <?php } ?> </tbody> </table> <br /> <?php }
/** * Sanitize and validate input * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input( $input ) { global $itsec_globals; $input['protect_files'] = ( isset( $input['protect_files'] ) && intval( $input['protect_files'] == 1 ) ? true : false ); $input['directory_browsing'] = ( isset( $input['directory_browsing'] ) && intval( $input['directory_browsing'] == 1 ) ? true : false ); $input['request_methods'] = ( isset( $input['request_methods'] ) && intval( $input['request_methods'] == 1 ) ? true : false ); $input['suspicious_query_strings'] = ( isset( $input['suspicious_query_strings'] ) && intval( $input['suspicious_query_strings'] == 1 ) ? true : false ); $input['non_english_characters'] = ( isset( $input['non_english_characters'] ) && intval( $input['non_english_characters'] == 1 ) ? true : false ); $input['long_url_strings'] = ( isset( $input['long_url_strings'] ) && intval( $input['long_url_strings'] == 1 ) ? true : false ); $input['write_permissions'] = ( isset( $input['write_permissions'] ) && intval( $input['write_permissions'] == 1 ) ? true : false ); $input['wlwmanifest_header'] = ( isset( $input['wlwmanifest_header'] ) && intval( $input['wlwmanifest_header'] == 1 ) ? true : false ); $input['edituri_header'] = ( isset( $input['edituri_header'] ) && intval( $input['edituri_header'] == 1 ) ? true : false ); $input['theme_updates'] = ( isset( $input['theme_updates'] ) && intval( $input['theme_updates'] == 1 ) ? true : false ); $input['plugin_updates'] = ( isset( $input['plugin_updates'] ) && intval( $input['plugin_updates'] == 1 ) ? true : false ); $input['core_updates'] = ( isset( $input['core_updates'] ) && intval( $input['core_updates'] == 1 ) ? true : false ); $input['comment_spam'] = ( isset( $input['comment_spam'] ) && intval( $input['comment_spam'] == 1 ) ? true : false ); $input['file_editor'] = ( isset( $input['file_editor'] ) && intval( $input['file_editor'] == 1 ) ? true : false ); $input['disable_xmlrpc'] = isset( $input['disable_xmlrpc'] ) ? intval( $input['disable_xmlrpc'] ) : 0; $input['allow_xmlrpc_multiauth'] = isset( $input['allow_xmlrpc_multiauth'] ) ? (bool) $input['allow_xmlrpc_multiauth'] : true; $input['uploads_php'] = ( isset( $input['uploads_php'] ) && intval( $input['uploads_php'] == 1 ) ? true : false ); $input['safe_jquery'] = ( isset( $input['safe_jquery'] ) && intval( $input['safe_jquery'] == 1 ) ? true : false ); $input['login_errors'] = ( isset( $input['login_errors'] ) && intval( $input['login_errors'] == 1 ) ? true : false ); $input['force_unique_nicename'] = ( isset( $input['force_unique_nicename'] ) && intval( $input['force_unique_nicename'] == 1 ) ? true : false ); $input['disable_unused_author_pages'] = ( isset( $input['disable_unused_author_pages'] ) && intval( $input['disable_unused_author_pages'] == 1 ) ? true : false ); if ( ! isset( $this->settings['allow_xmlrpc_multiauth'] ) ) { $this->settings['allow_xmlrpc_multiauth'] = null; } if ( ( $input['protect_files'] !== $this->settings['protect_files'] || $input['directory_browsing'] !== $this->settings['directory_browsing'] || $input['request_methods'] !== $this->settings['request_methods'] || $input['suspicious_query_strings'] !== $this->settings['suspicious_query_strings'] || $input['non_english_characters'] !== $this->settings['non_english_characters'] || $input['comment_spam'] !== $this->settings['comment_spam'] || $input['disable_xmlrpc'] !== $this->settings['disable_xmlrpc'] || $input['allow_xmlrpc_multiauth'] !== $this->settings['allow_xmlrpc_multiauth'] || $input['uploads_php'] !== $this->settings['uploads_php'] ) || isset( $itsec_globals['settings']['write_files'] ) && $itsec_globals['settings']['write_files'] === true ) { add_site_option( 'itsec_rewrites_changed', true ); } if ( $input['file_editor'] !== $this->settings['file_editor'] ) { add_site_option( 'itsec_config_changed', true ); } if ( $input['write_permissions'] === true ) { // Always set permissions to 0444 when saving the settings. // This ensures that the file permissions are fixed each time the settings are saved. $new_permissions = 0444; } else if ( $input['write_permissions'] !== $this->settings['write_permissions'] ) { // Only revert the settings to the defaults when disabling the setting. // This avoids changing the file permissions when the setting has yet to be enabled and disabled. $new_permissions = 0664; } if ( isset( $new_permissions ) ) { // Only change the permissions when needed. require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-config-file.php' ); require_once( trailingslashit( $GLOBALS['itsec_globals']['plugin_dir'] ) . 'core/lib/class-itsec-lib-file.php' ); $server_config_file = ITSEC_Lib_Config_File::get_server_config_file_path(); $wp_config_file = ITSEC_Lib_Config_File::get_wp_config_file_path(); ITSEC_Lib_File::chmod( $server_config_file, $new_permissions ); ITSEC_Lib_File::chmod( $wp_config_file, $new_permissions ); } if ( is_multisite() ) { $this->settings = $input; } return $input; }
/** * Processes file writing after saving options. * * Looks to see if rewrites_changed is true and starts file writing process as appropriate * * @since 4.0.0 * * @return void */ public function admin_init() { global $itsec_globals; if (true === $this->rewrites_changed) { if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) { do_action('itsec_pre_save_rewrites'); $rewrites = $this->save_rewrites(); if (is_array($rewrites)) { if (false === $rewrites['success']) { add_settings_error('itsec', esc_attr('settings_updated'), $rewrites['text'], 'error'); require_once trailingslashit($GLOBALS['itsec_globals']['plugin_dir']) . 'core/lib/class-itsec-lib-config-file.php'; $file = ITSEC_Lib_Config_File::get_server_config_file_path(); $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "Rewrite Rules" section.', 'better-wp-security'), $file, admin_url('admin.php?page=itsec#itsec_rewrite')); add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error'); } else { if (true !== $rewrites['text']) { add_settings_error('itsec', esc_attr('settings_updated'), __('Settings Updated', 'better-wp-security') . '<br />' . $rewrites['text'], 'updated'); } } } else { add_site_option('itsec_manual_update', true); } } else { add_site_option('itsec_manual_update', true); } } if (true === $this->config_changed) { if (isset($itsec_globals['settings']['write_files']) && true === $itsec_globals['settings']['write_files']) { do_action('itsec_pre_save_configs'); $configs = $this->save_wpconfig(); if (is_array($configs)) { if (false === $configs['success']) { add_settings_error('itsec', esc_attr('settings_updated'), $configs['text'], 'error'); $message = sprintf(__('Unable to update the <code>%1$s</code> file. You may need to manually remove the existing iThemes Security modifications and replace them with the rules found at <a href="%2$s">Security > Dashboard</a> under the "wp-config.php Rules" section.', 'better-wp-security'), ABSPATH . 'wp-config.php', admin_url('admin.php?page=itsec#itsec_wpconfig')); add_settings_error('itsec', esc_attr('settings_updated'), $message, 'error'); } if (1 == get_site_option('itsec_clear_login')) { delete_site_option('itsec_clear_login'); wp_clear_auth_cookie(); $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ITSEC_Lib::get_home_root() . 'wp-login.php?loggedout=true'; wp_safe_redirect($redirect_to); exit; } } else { add_site_option('itsec_manual_update', true); } } else { add_site_option('itsec_manual_update', true); } } }
/** * Gets location of .htaccess * * Finds and returns path to .htaccess or nginx.conf if appropriate * * @since 4.0.0 * * @return string path to .htaccess */ public static function get_htaccess() { require_once ITSEC_Core::get_core_dir() . '/lib/class-itsec-lib-config-file.php'; return ITSEC_Lib_Config_File::get_server_config_file_path(); }