admin.php
2 months ago
ajax.php
2 months ago
functions.php
1 month ago
setup.php
1 month ago
stats.php
2 months ago
utility.php
2 months ago
setup.php
677 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * WP Captcha |
| 5 | * https://getwpcaptcha.com/ |
| 6 | * (c) WebFactory Ltd, 2022 - 2026, www.webfactoryltd.com |
| 7 | */ |
| 8 | |
| 9 | class WPCaptcha_Setup extends WPCaptcha |
| 10 | { |
| 11 | static $wp_filesystem; |
| 12 | |
| 13 | /** |
| 14 | * Actions to run on load, but init would be too early as not all classes are initialized |
| 15 | * |
| 16 | * @return null |
| 17 | */ |
| 18 | static function load_actions() |
| 19 | { |
| 20 | self::register_custom_tables(); |
| 21 | } // admin_actions |
| 22 | |
| 23 | static function setup_wp_filesystem() |
| 24 | { |
| 25 | global $wp_filesystem; |
| 26 | |
| 27 | if (empty($wp_filesystem)) { |
| 28 | require_once ABSPATH . '/wp-admin/includes/file.php'; |
| 29 | WP_Filesystem(); |
| 30 | } |
| 31 | |
| 32 | self::$wp_filesystem = $wp_filesystem; |
| 33 | return self::$wp_filesystem; |
| 34 | } // setup_wp_filesystem |
| 35 | |
| 36 | /** |
| 37 | * Check if user has the minimal WP version required by WP Captcha |
| 38 | * |
| 39 | * @since 5.0 |
| 40 | * |
| 41 | * @return bool |
| 42 | * |
| 43 | */ |
| 44 | static function check_wp_version($min_version) |
| 45 | { |
| 46 | if (!version_compare(get_bloginfo('version'), $min_version, '>=')) { |
| 47 | add_action('admin_notices', array(__CLASS__, 'notice_min_wp_version')); |
| 48 | return false; |
| 49 | } else { |
| 50 | return true; |
| 51 | } |
| 52 | } // check_wp_version |
| 53 | |
| 54 | /** |
| 55 | * Check if user has the minimal PHP version required by WP Captcha |
| 56 | * |
| 57 | * @since 5.0 |
| 58 | * |
| 59 | * @return bool |
| 60 | * |
| 61 | */ |
| 62 | static function check_php_version($min_version) |
| 63 | { |
| 64 | if (!version_compare(phpversion(), $min_version, '>=')) { |
| 65 | add_action('admin_notices', array(__CLASS__, 'notice_min_php_version')); |
| 66 | return false; |
| 67 | } else { |
| 68 | return true; |
| 69 | } |
| 70 | } // check_wp_version |
| 71 | |
| 72 | /** |
| 73 | * Display error message if WP version is too low |
| 74 | * |
| 75 | * @since 5.0 |
| 76 | * |
| 77 | * @return null |
| 78 | * |
| 79 | */ |
| 80 | static function notice_min_wp_version() |
| 81 | { |
| 82 | /* translators: %1$s is replaced with the current WordPress version, %2$s is replaced with the URL to WordPress update page in the Dashboard */ |
| 83 | WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires WordPress version 4.6</b> or higher to function properly. You are using WordPress version %1$s. Please <a href="%2$s">update it</a>.', 'advanced-google-recaptcha'), get_bloginfo('version'), admin_url('update-core.php')) . '</p></div>'); |
| 84 | } // notice_min_wp_version_error |
| 85 | |
| 86 | /** |
| 87 | * Display error message if PHP version is too low |
| 88 | * |
| 89 | * @since 5.0 |
| 90 | * |
| 91 | * @return null |
| 92 | * |
| 93 | */ |
| 94 | static function notice_min_php_version() |
| 95 | { |
| 96 | /* translators: %1$s is replaced with the current PHP version, %2$s is replaced with the URL to WordPress update PHP support page */ |
| 97 | WPCaptcha_Utility::wp_kses_wf('<div class="error"><p>' . sprintf(__('WP Captcha plugin <b>requires PHP version 5.6.20</b> or higher to function properly. You are using PHP version %1$s. Please <a href="%2$s" target="_blank">update it</a>.', 'advanced-google-recaptcha'), phpversion(), 'https://wordpress.org/support/update-php/') . '</p></div>'); |
| 98 | } // notice_min_wp_version_error |
| 99 | |
| 100 | |
| 101 | /** |
| 102 | * activate doesn't get fired on upgrades so we have to compensate |
| 103 | * |
| 104 | * @since 5.0 |
| 105 | * |
| 106 | * @return null |
| 107 | * |
| 108 | */ |
| 109 | public static function maybe_upgrade() |
| 110 | { |
| 111 | $meta = self::get_meta(); |
| 112 | if (empty($meta['database_ver']) || $meta['database_ver'] < self::$version) { |
| 113 | self::create_custom_tables(); |
| 114 | } |
| 115 | |
| 116 | |
| 117 | // Copy options from free |
| 118 | $options = get_option(WPCAPTCHA_OPTIONS_KEY); |
| 119 | if (false === $options) { |
| 120 | $free_options = get_option("agr_options"); |
| 121 | if (false !== $free_options && isset($free_options['enable_login'])) { |
| 122 | $options['captcha'] = $free_options['captcha_type'] == 'v3'?'recaptchav3':'recaptchav2'; |
| 123 | $options['captcha_site_key'] = $free_options['site_key']; |
| 124 | $options['captcha_secret_key'] = $free_options['secret_key']; |
| 125 | $options['captcha_show_login'] = $free_options['enable_login']; |
| 126 | $options['captcha_show_wp_registration'] = $free_options['enable_register']; |
| 127 | $options['captcha_show_wp_lost_password'] = $free_options['enable_lost_password']; |
| 128 | $options['captcha_show_wp_comment'] = $free_options['enable_comment_form']; |
| 129 | $options['captcha_show_woo_registration'] = $free_options['enable_woo_register']; |
| 130 | $options['captcha_show_woo_checkout'] = $free_options['enable_woo_checkout']; |
| 131 | $options['captcha_show_edd_registration'] = $free_options['enable_edd_register']; |
| 132 | $options['captcha_show_bp_registration'] = $free_options['enable_bp_register']; |
| 133 | |
| 134 | update_option(WPCAPTCHA_OPTIONS_KEY, $options); |
| 135 | ///delete_option("agr_options"); |
| 136 | } |
| 137 | } |
| 138 | } // maybe_upgrade |
| 139 | |
| 140 | |
| 141 | /** |
| 142 | * Get plugin options |
| 143 | * |
| 144 | * @since 5.0 |
| 145 | * |
| 146 | * @return array options |
| 147 | * |
| 148 | */ |
| 149 | static function get_options() |
| 150 | { |
| 151 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 152 | |
| 153 | if (!is_array($options)) { |
| 154 | $options = array(); |
| 155 | } |
| 156 | $options = array_merge(self::default_options(), $options); |
| 157 | |
| 158 | return $options; |
| 159 | } // get_options |
| 160 | |
| 161 | /** |
| 162 | * Register all settings |
| 163 | * |
| 164 | * @since 5.0 |
| 165 | * |
| 166 | * @return false |
| 167 | * |
| 168 | */ |
| 169 | static function register_settings() |
| 170 | { |
| 171 | register_setting(WPCAPTCHA_OPTIONS_KEY, WPCAPTCHA_OPTIONS_KEY, array(__CLASS__, 'sanitize_settings')); |
| 172 | } // register_settings |
| 173 | |
| 174 | |
| 175 | /** |
| 176 | * Set default options |
| 177 | * |
| 178 | * @since 5.0 |
| 179 | * |
| 180 | * @return null |
| 181 | * |
| 182 | */ |
| 183 | static function default_options() |
| 184 | { |
| 185 | $defaults = array( |
| 186 | 'login_protection' => 0, |
| 187 | 'max_login_retries' => 3, |
| 188 | 'retries_within' => 5, |
| 189 | 'lockout_length' => 60, |
| 190 | 'lockout_invalid_usernames' => 1, |
| 191 | 'mask_login_errors' => 0, |
| 192 | 'show_credit_link' => 0, |
| 193 | 'anonymous_logging' => 0, |
| 194 | 'block_bots' => 0, |
| 195 | 'log_passwords' => 0, |
| 196 | 'instant_block_nonusers' => 0, |
| 197 | 'cookie_lifetime' => 14, |
| 198 | 'country_blocking_mode' => 'none', |
| 199 | 'country_blocking_countries' => '', |
| 200 | 'block_undetermined_countries' => 0, |
| 201 | 'captcha' => 'disabled', |
| 202 | 'captcha_secret_key' => '', |
| 203 | 'captcha_challenge_text' => 'Are you human? Please solve:', |
| 204 | 'captcha_site_key' => '', |
| 205 | 'captcha_show_login' => 1, |
| 206 | 'captcha_show_wp_registration' => 1, |
| 207 | 'captcha_show_wp_lost_password' => 1, |
| 208 | 'captcha_show_wp_comment' => 1, |
| 209 | 'captcha_show_woo_registration' => 0, |
| 210 | 'captcha_show_woo_checkout' => 0, |
| 211 | 'captcha_show_edd_registration' => 0, |
| 212 | 'captcha_show_bp_registration' => 0, |
| 213 | 'login_url' => '', |
| 214 | 'login_redirect_url' => '', |
| 215 | 'global_block' => 0, |
| 216 | 'country_global_block' => 0, |
| 217 | 'uninstall_delete' => 0, |
| 218 | 'block_message' => 'We\'re sorry, but your IP has been blocked due to too many recent failed login attempts.', |
| 219 | 'block_message_country' => 'We\'re sorry, but access from your location is not allowed.', |
| 220 | 'global_unblock_key' => 'agr' . md5(wp_generate_password(24)), |
| 221 | 'whitelist' => array(), |
| 222 | 'firewall_block_bots' => 0, |
| 223 | 'firewall_directory_traversal' => 0, |
| 224 | 'design_enable' => 0, |
| 225 | 'design_template' => 'orange', |
| 226 | 'design_background_color' => '', |
| 227 | 'design_background_image' => '', |
| 228 | 'design_logo' => '', |
| 229 | 'design_logo_url' => '', |
| 230 | 'design_logo_width' => '', |
| 231 | 'design_logo_height' => '', |
| 232 | 'design_logo_margin_bottom' => '', |
| 233 | 'design_text_color' => '#3c434a', |
| 234 | 'design_link_color' => '#2271b1', |
| 235 | 'design_link_hover_color' => '#135e96', |
| 236 | 'design_form_border_color' => '#FFFFFF', |
| 237 | 'design_form_border_width' => 1, |
| 238 | 'design_form_width' => '', |
| 239 | 'design_form_width' => '', |
| 240 | 'design_form_height' => '', |
| 241 | 'design_form_padding' => 26, |
| 242 | 'design_form_border_radius' => 2, |
| 243 | 'design_form_background_color' => '', |
| 244 | 'design_form_background_image' => '', |
| 245 | 'design_label_font_size' => 14, |
| 246 | 'design_label_text_color' => '#3c434a', |
| 247 | 'design_field_font_size' => 13, |
| 248 | 'design_field_text_color' => '#3c434a', |
| 249 | 'design_field_border_color' => '#8c8f94', |
| 250 | 'design_field_border_width' => 1, |
| 251 | 'design_field_border_radius' => 2, |
| 252 | 'design_field_background_color' => '#ffffff', |
| 253 | 'design_button_font_size' => 14, |
| 254 | 'design_button_text_color' => '', |
| 255 | 'design_button_border_color' => '#2271b1', |
| 256 | 'design_button_border_width' => 0, |
| 257 | 'design_button_border_radius' => 2, |
| 258 | 'design_button_background_color' => '#2271b1', |
| 259 | 'design_button_hover_text_color' => '', |
| 260 | 'design_button_hover_border_color' => '', |
| 261 | 'design_button_hover_background_color' => '', |
| 262 | 'design_custom_css' => '' |
| 263 | ); |
| 264 | |
| 265 | return $defaults; |
| 266 | } // default_options |
| 267 | |
| 268 | |
| 269 | /** |
| 270 | * Sanitize settings on save |
| 271 | * |
| 272 | * @since 5.0 |
| 273 | * |
| 274 | * @return array updated options |
| 275 | * |
| 276 | */ |
| 277 | static function sanitize_settings($options) |
| 278 | { |
| 279 | $old_options = self::get_options(); |
| 280 | |
| 281 | if (isset($options['captcha_verified']) && $options['captcha_verified'] != 1 && $options['captcha'] != 'disabled') { |
| 282 | $options['captcha'] = $old_options['captcha']; |
| 283 | $options['captcha_site_key'] = $old_options['captcha_site_key']; |
| 284 | $options['captcha_secret_key'] = $old_options['captcha_secret_key']; |
| 285 | } |
| 286 | |
| 287 | if (isset($options['captcha']) && ($options['captcha'] == 'disabled' || $options['captcha'] == 'builtin')) { |
| 288 | $options['captcha_site_key'] = ''; |
| 289 | $options['captcha_secret_key'] = ''; |
| 290 | } |
| 291 | |
| 292 | if (!isset($options['login_protection'])) { |
| 293 | $options['login_protection'] = 0; |
| 294 | } |
| 295 | |
| 296 | if (!isset($options['lockout_invalid_usernames'])) { |
| 297 | $options['lockout_invalid_usernames'] = 0; |
| 298 | } |
| 299 | |
| 300 | if (!isset($options['mask_login_errors'])) { |
| 301 | $options['mask_login_errors'] = 0; |
| 302 | } |
| 303 | |
| 304 | if (!isset($options['anonymous_logging'])) { |
| 305 | $options['anonymous_logging'] = 0; |
| 306 | } |
| 307 | |
| 308 | if (!isset($options['block_bots'])) { |
| 309 | $options['block_bots'] = 0; |
| 310 | } |
| 311 | |
| 312 | if (!isset($options['instant_block_nonusers'])) { |
| 313 | $options['instant_block_nonusers'] = 0; |
| 314 | } |
| 315 | |
| 316 | if (!isset($options['country_blocking_mode'])) { |
| 317 | $options['country_blocking_mode'] = 0; |
| 318 | } |
| 319 | |
| 320 | if (!isset($options['block_undetermined_countries'])) { |
| 321 | $options['block_undetermined_countries'] = 0; |
| 322 | } |
| 323 | |
| 324 | if (!isset($options['global_block'])) { |
| 325 | $options['global_block'] = 0; |
| 326 | } |
| 327 | |
| 328 | if (!isset($options['country_global_block'])) { |
| 329 | $options['country_global_block'] = 0; |
| 330 | } |
| 331 | |
| 332 | if (!isset($options['uninstall_delete'])) { |
| 333 | $options['uninstall_delete'] = 0; |
| 334 | } |
| 335 | |
| 336 | if (!isset($options['show_credit_link'])) { |
| 337 | $options['show_credit_link'] = 0; |
| 338 | } |
| 339 | |
| 340 | if (!isset($options['firewall_block_bots'])) { |
| 341 | $options['firewall_block_bots'] = 0; |
| 342 | } |
| 343 | |
| 344 | if (!isset($options['firewall_directory_traversal'])) { |
| 345 | $options['firewall_directory_traversal'] = 0; |
| 346 | } |
| 347 | |
| 348 | if (!isset($options['log_passwords'])) { |
| 349 | $options['log_passwords'] = 0; |
| 350 | } |
| 351 | |
| 352 | if (!isset($options['captcha_show_login'])) { |
| 353 | $options['captcha_show_login'] = 0; |
| 354 | } |
| 355 | |
| 356 | if (!isset($options['captcha_show_wp_registration'])) { |
| 357 | $options['captcha_show_wp_registration'] = 0; |
| 358 | } |
| 359 | |
| 360 | if (!isset($options['captcha_show_wp_lost_password'])) { |
| 361 | $options['captcha_show_wp_lost_password'] = 0; |
| 362 | } |
| 363 | |
| 364 | if (!isset($options['captcha_show_wp_comment'])) { |
| 365 | $options['captcha_show_wp_comment'] = 0; |
| 366 | } |
| 367 | |
| 368 | if (!isset($options['captcha_show_woo_registration'])) { |
| 369 | $options['captcha_show_woo_registration'] = 0; |
| 370 | } |
| 371 | |
| 372 | if (!isset($options['captcha_show_woo_checkout'])) { |
| 373 | $options['captcha_show_woo_checkout'] = 0; |
| 374 | } |
| 375 | |
| 376 | if (!isset($options['design_enable'])) { |
| 377 | $options['design_enable'] = 0; |
| 378 | } |
| 379 | |
| 380 | if (!isset($options['captcha_show_edd_registration'])) { |
| 381 | $options['captcha_show_edd_registration'] = 0; |
| 382 | } |
| 383 | |
| 384 | if (!isset($options['captcha_show_bp_registration'])) { |
| 385 | $options['captcha_show_bp_registration'] = 0; |
| 386 | } |
| 387 | |
| 388 | if ($old_options['firewall_block_bots'] != $options['firewall_block_bots'] || $old_options['firewall_directory_traversal'] != $options['firewall_directory_traversal']) { |
| 389 | self::firewall_setup($options); |
| 390 | } |
| 391 | |
| 392 | WPCaptcha_Utility::clear_3rdparty_cache(); |
| 393 | $options['last_options_edit'] = current_time('mysql', true); |
| 394 | |
| 395 | return array_merge($old_options, $options); |
| 396 | } // sanitize_settings |
| 397 | |
| 398 | /** |
| 399 | * Get plugin metadata |
| 400 | * |
| 401 | * @since 5.0 |
| 402 | * |
| 403 | * @return array meta |
| 404 | * |
| 405 | */ |
| 406 | static function get_meta() |
| 407 | { |
| 408 | $meta = get_option(WPCAPTCHA_META_KEY, array()); |
| 409 | |
| 410 | if (!is_array($meta) || empty($meta)) { |
| 411 | $meta['first_version'] = self::get_plugin_version(); |
| 412 | $meta['first_install'] = current_time('timestamp'); |
| 413 | update_option(WPCAPTCHA_META_KEY, $meta); |
| 414 | } |
| 415 | |
| 416 | return $meta; |
| 417 | } // get_meta |
| 418 | |
| 419 | static function update_meta($key, $value) |
| 420 | { |
| 421 | $meta = get_option(WPCAPTCHA_META_KEY, array()); |
| 422 | $meta[$key] = $value; |
| 423 | update_option(WPCAPTCHA_META_KEY, $meta); |
| 424 | } // update_meta |
| 425 | |
| 426 | /** |
| 427 | * Register custom tables |
| 428 | * |
| 429 | * @since 5.0 |
| 430 | * |
| 431 | * @return null |
| 432 | * |
| 433 | */ |
| 434 | static function register_custom_tables() |
| 435 | { |
| 436 | global $wpdb; |
| 437 | |
| 438 | $wpdb->wpcatcha_login_fails = $wpdb->prefix . 'wpc_login_fails'; |
| 439 | $wpdb->wpcatcha_accesslocks = $wpdb->prefix . 'wpc_accesslocks'; |
| 440 | } // register_custom_tables |
| 441 | |
| 442 | /** |
| 443 | * Create custom tables |
| 444 | * |
| 445 | * @since 5.0 |
| 446 | * |
| 447 | * @return null |
| 448 | * |
| 449 | */ |
| 450 | static function create_custom_tables() |
| 451 | { |
| 452 | global $wpdb; |
| 453 | require_once ABSPATH . 'wp-admin/includes/upgrade.php'; |
| 454 | |
| 455 | self::register_custom_tables(); |
| 456 | |
| 457 | $wpcaptcha_login_fails = "CREATE TABLE " . $wpdb->wpcatcha_login_fails . " ( |
| 458 | `login_attempt_ID` bigint(20) NOT NULL AUTO_INCREMENT, |
| 459 | `user_id` bigint(20) NOT NULL, |
| 460 | `login_attempt_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 461 | `login_attempt_IP` varchar(100) NOT NULL default '', |
| 462 | `failed_user` varchar(200) NOT NULL default '', |
| 463 | `failed_pass` varchar(200) NOT NULL default '', |
| 464 | `reason` varchar(200) NULL, |
| 465 | PRIMARY KEY (`login_attempt_ID`) |
| 466 | );"; |
| 467 | dbDelta($wpcaptcha_login_fails); |
| 468 | |
| 469 | $wpcaptcha_accesslocks = "CREATE TABLE " . $wpdb->wpcatcha_accesslocks . " ( |
| 470 | `accesslock_ID` bigint(20) NOT NULL AUTO_INCREMENT, |
| 471 | `user_id` bigint(20) NOT NULL, |
| 472 | `accesslock_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 473 | `release_date` datetime NOT NULL default '0000-00-00 00:00:00', |
| 474 | `accesslock_IP` varchar(100) NOT NULL default '', |
| 475 | `reason` varchar(200) NULL, |
| 476 | `unlocked` smallint(20) NOT NULL default '0', |
| 477 | PRIMARY KEY (`accesslock_ID`) |
| 478 | );"; |
| 479 | dbDelta($wpcaptcha_accesslocks); |
| 480 | |
| 481 | self::update_meta('database_ver', self::$version); |
| 482 | } // create_custom_tables |
| 483 | |
| 484 | |
| 485 | static function firewall_setup($options = false) |
| 486 | { |
| 487 | self::setup_wp_filesystem(); |
| 488 | self::firewall_remove_rules(); |
| 489 | |
| 490 | if (false === $options) { |
| 491 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 492 | } |
| 493 | |
| 494 | $htaccess = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess'); |
| 495 | |
| 496 | $firewall_rules = []; |
| 497 | $firewall_rules[] = '# BEGIN WP Captcha Firewall'; |
| 498 | |
| 499 | if ($options['firewall_block_bots']) { |
| 500 | $firewall_rules[] = '<IfModule mod_rewrite.c>'; |
| 501 | |
| 502 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]'; |
| 503 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]'; |
| 504 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR]'; |
| 505 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR]'; |
| 506 | $firewall_rules[] = 'RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]'; |
| 507 | |
| 508 | $firewall_rules[] = 'RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]'; |
| 509 | |
| 510 | $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (semalt\.com|todaperfeita) [NC,OR]'; |
| 511 | $firewall_rules[] = 'RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]'; |
| 512 | |
| 513 | $firewall_rules[] = 'RewriteRule .* - [F,L]'; |
| 514 | $firewall_rules[] = '</IfModule>'; |
| 515 | } |
| 516 | |
| 517 | if ($options['firewall_directory_traversal']) { |
| 518 | $firewall_rules[] = '<IfModule mod_rewrite.c>'; |
| 519 | |
| 520 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]'; |
| 521 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]'; |
| 522 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]'; |
| 523 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]'; |
| 524 | $firewall_rules[] = 'RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]'; |
| 525 | |
| 526 | $firewall_rules[] = 'RewriteCond %{REQUEST_URI} (\^|`|<|>|\\\\|\|) [NC,OR]'; |
| 527 | $firewall_rules[] = 'RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC]'; |
| 528 | |
| 529 | $firewall_rules[] = 'RewriteRule .* - [F,L]'; |
| 530 | $firewall_rules[] = '</IfModule>'; |
| 531 | } |
| 532 | |
| 533 | $firewall_rules[] = '# END WP Captcha Firewall'; |
| 534 | |
| 535 | $htaccess = implode(PHP_EOL, $firewall_rules) . PHP_EOL . $htaccess; |
| 536 | |
| 537 | if (count($firewall_rules) > 2) { |
| 538 | $firewall_test = self::firewall_test_htaccess($htaccess); |
| 539 | if (is_wp_error($firewall_test)) { |
| 540 | WPCaptcha_Utility::display_notice( |
| 541 | $firewall_test->get_error_message(), |
| 542 | "error" |
| 543 | ); |
| 544 | } else { |
| 545 | self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $htaccess); |
| 546 | } |
| 547 | } |
| 548 | } |
| 549 | |
| 550 | static function firewall_test_htaccess($new_content) |
| 551 | { |
| 552 | $uploads_directory = wp_upload_dir(); |
| 553 | $test_id = wp_rand(1000, 9999); |
| 554 | $htaccess_test_folder = $uploads_directory['basedir'] . '/htaccess-test-' . $test_id . '/'; |
| 555 | $htaccess_test_url = $uploads_directory['baseurl'] . '/htaccess-test-' . $test_id . '/'; |
| 556 | |
| 557 | // Create test directory and files |
| 558 | if (!self::$wp_filesystem->is_dir($htaccess_test_folder)) { |
| 559 | if (true !== self::$wp_filesystem->mkdir($htaccess_test_folder, 0777)) { |
| 560 | return new WP_Error('firewall_failed', 'Failed to create test directory. Please check that your uploads folder is writable.', false); |
| 561 | } |
| 562 | } |
| 563 | |
| 564 | if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . 'index.html', 'htaccess-test-' . $test_id)) { |
| 565 | return new WP_Error('firewall_failed', 'Failed to create test files. Please check that your uploads folder is writable.', false); |
| 566 | } |
| 567 | |
| 568 | if (true !== self::$wp_filesystem->put_contents($htaccess_test_folder . '.htaccess', $new_content)) { |
| 569 | return new WP_Error('firewall_failed', 'Failed to create test directory and files. Please check that your uploads folder is writeable.', false); |
| 570 | } |
| 571 | |
| 572 | // Retrieve test file over http |
| 573 | $response = wp_remote_get($htaccess_test_url . 'index.html', array('sslverify' => false, 'redirection' => 0)); |
| 574 | $response_code = wp_remote_retrieve_response_code($response); |
| 575 | |
| 576 | // Remove Test Directory |
| 577 | self::$wp_filesystem->delete($htaccess_test_folder . '.htaccess'); |
| 578 | self::$wp_filesystem->delete($htaccess_test_folder . 'index.html'); |
| 579 | self::$wp_filesystem->rmdir($htaccess_test_folder); |
| 580 | |
| 581 | // Check if test file content is what we expect |
| 582 | if ((in_array($response_code, range(200, 299)) && !is_wp_error($response) && wp_remote_retrieve_body($response) == 'htaccess-test-' . $test_id) || (in_array($response_code, range(300, 399)) && !is_wp_error($response))) { |
| 583 | return true; |
| 584 | } else { |
| 585 | return new WP_Error('firewall_failed', 'Unfortunately it looks like installing these firewall rules could cause your entire site, including the admin, to become inaccessible. Fix the errors before saving', false); |
| 586 | } |
| 587 | } |
| 588 | |
| 589 | static function firewall_remove_rules() |
| 590 | { |
| 591 | |
| 592 | if (self::$wp_filesystem->is_writable(WPCaptcha_Utility::get_home_path() . '.htaccess')) { |
| 593 | |
| 594 | $htaccess_rules = self::$wp_filesystem->get_contents(WPCaptcha_Utility::get_home_path() . '.htaccess'); |
| 595 | |
| 596 | if ($htaccess_rules) { |
| 597 | $htaccess_rules = explode(PHP_EOL, $htaccess_rules); |
| 598 | $found = false; |
| 599 | $new_content = ''; |
| 600 | |
| 601 | foreach ($htaccess_rules as $htaccess_rule) { |
| 602 | if ($htaccess_rule == '# BEGIN WP Captcha Firewall') { |
| 603 | $found = true; |
| 604 | } |
| 605 | |
| 606 | if (!$found) { |
| 607 | $new_content .= $htaccess_rule . PHP_EOL; |
| 608 | } |
| 609 | |
| 610 | if ($htaccess_rule == '# END WP Captcha Firewall') { |
| 611 | $found = false; |
| 612 | } |
| 613 | } |
| 614 | |
| 615 | $new_content = trim($new_content, PHP_EOL); |
| 616 | |
| 617 | self::$wp_filesystem->put_contents(WPCaptcha_Utility::get_home_path() . '.htaccess', $new_content); |
| 618 | |
| 619 | return true; |
| 620 | } |
| 621 | } |
| 622 | |
| 623 | return false; |
| 624 | } |
| 625 | |
| 626 | /** |
| 627 | * Actions on plugin activation |
| 628 | * |
| 629 | * @since 5.0 |
| 630 | * |
| 631 | * @return null |
| 632 | * |
| 633 | */ |
| 634 | static function activate() |
| 635 | { |
| 636 | self::create_custom_tables(); |
| 637 | WPCaptcha_Admin::reset_pointers(); |
| 638 | } // activate |
| 639 | |
| 640 | |
| 641 | /** |
| 642 | * Actions on plugin deactivaiton |
| 643 | * |
| 644 | * @since 5.0 |
| 645 | * |
| 646 | * @return null |
| 647 | * |
| 648 | */ |
| 649 | static function deactivate() |
| 650 | { |
| 651 | } // deactivate |
| 652 | |
| 653 | /** |
| 654 | * Actions on plugin uninstall |
| 655 | * |
| 656 | * @since 5.0 |
| 657 | * |
| 658 | * @return null |
| 659 | */ |
| 660 | static function uninstall() |
| 661 | { |
| 662 | global $wpdb; |
| 663 | |
| 664 | $options = get_option(WPCAPTCHA_OPTIONS_KEY, array()); |
| 665 | |
| 666 | if ($options['uninstall_delete'] == '1') { |
| 667 | delete_option(WPCAPTCHA_OPTIONS_KEY); |
| 668 | delete_option(WPCAPTCHA_META_KEY); |
| 669 | delete_option(WPCAPTCHA_POINTERS_KEY); |
| 670 | delete_option(WPCAPTCHA_NOTICES_KEY); |
| 671 | // phpcs:ignore db call warnings as we are using a custom table |
| 672 | $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_login_fails"); // phpcs:ignore |
| 673 | $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->prefix . "wpc_accesslocks"); // phpcs:ignore |
| 674 | } |
| 675 | } // uninstall |
| 676 | } // class |
| 677 |