PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.1.0
CloudSecure WP Security v1.1.0
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / restrict-admin-page.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
restrict-admin-page.php
253 lines
1 <?php
2 class CloudSecureWP_Restrict_Admin_Page extends CloudSecureWP_Common {
3 private const KEY_FEATURE = 'restrict_admin_page';
4 private const KEY_PATHS = self::KEY_FEATURE . '_paths';
5 private const DEFAULT_PATHS = array( 'css', 'images', 'admin-ajax.php', 'load-styles.php', 'site-health.php' );
6 private $config;
7 private $htaccess;
8 private $disable_login;
9
10 function __construct( array $info, CloudSecureWP_Config $config, CloudSecureWP_Htaccess $htaccess, CloudSecureWP_Disable_Login $disable_login ) {
11 parent::__construct( $info );
12 $this->config = $config;
13 $this->htaccess = $htaccess;
14 $this->disable_login = $disable_login;
15 }
16
17 /**
18 * 機能毎のKEY取得
19 *
20 * @return string
21 */
22 public function get_feature_key(): string {
23 return self::KEY_FEATURE;
24 }
25
26 /**
27 * 有効無効判定
28 *
29 * @return bool
30 */
31 public function is_enabled(): bool {
32 return $this->config->get( $this->get_feature_key() ) === 't' ? true : false;
33 }
34
35 /**
36 * 初期設定値取得
37 *
38 * @return array
39 */
40 public function get_default(): array {
41 $ret = array(
42 // self::KEY_FEATURE => $this->check_environment() && $this->htaccess->is_enabled() ? 't' : 'f',
43 self::KEY_FEATURE => 'f',
44 self::KEY_PATHS => self::DEFAULT_PATHS,
45 );
46 return $ret;
47 }
48
49 /**
50 * 設定値取得
51 */
52 public function get_settings(): array {
53 $settings = array();
54 $default = $this->get_default();
55
56 foreach ( $default as $key => $val ) {
57 $settings[ $key ] = $this->config->get( $key );
58 }
59
60 return $settings;
61 }
62
63 /**
64 * 設定値保存
65 *
66 * @param array $settings
67 * @return void
68 */
69 public function save_settings( $settings ): void {
70 $default = $this->get_default();
71
72 foreach ( $default as $key => $val ) {
73 $this->config->set( $key, $settings[ $key ] ?? '' );
74 }
75
76 $this->config->save();
77 }
78
79
80 /**
81 * htaccessに書き出す設定を取得
82 *
83 * @param array $allow_ips
84 * @param array $allow_paths
85 * @return string
86 */
87 private function get_htaccess_settings( array $allow_ips, array $allow_paths ): string {
88 $rules = '';
89 foreach ( $allow_paths as $path ) {
90 $rules .= ' RewriteRule ^wp-admin/' . str_replace( '.', '\.', $path ) . " - [L]\n";
91 }
92
93 $conds = '';
94 foreach ( $allow_ips as $ip ) {
95 $conds .= ' RewriteCond %{REMOTE_ADDR} !^' . str_replace( '.', '\.', $ip ) . "$\n";
96 }
97
98 $parse = parse_url( site_url() );
99 $base = ( $parse['path'] ?? '' ) . '/';
100 $page404 = self::PAGE_404;
101
102 $setting = "<IfModule mod_rewrite.c>" . "\n";
103 $setting .= " RewriteEngine on" . "\n";
104 $setting .= " RewriteBase {$base}" . "\n";
105 $setting .= " RewriteRule ^{$page404} - [L]\n{$rules}{$conds} RewriteRule ^wp-admin {$page404} [L]" . "\n";
106 $setting .= "</IfModule>" . "\n";
107
108 return $setting;
109 }
110
111 /**
112 * htaccessに書き出す設定を更新
113 *
114 * @param string $htaccess_settings
115 * @return bool
116 */
117 public function update_htaccess( string $htaccess_settings ): bool {
118 $plugin_tag = $this->htaccess->get_plugin_settings_tag();
119 $tag = $this->get_feature_key();
120
121 if ( $this->htaccess->setting_tag_exists( $plugin_tag ) ) {
122 if ( $this->htaccess->setting_tag_exists( $tag ) ) {
123 if ( ! $this->remove_htaccess() ) {
124 return false;
125 }
126 }
127 } else {
128 if ( ! $this->htaccess->add_plugin_settings_tag() ) {
129 return false;
130 }
131 }
132 $ret = $this->htaccess->add_feature_setting( $tag, $htaccess_settings );
133
134 return $ret;
135 }
136
137 /**
138 * htaccessから設定を削除
139 *
140 * @return bool
141 */
142 public function remove_htaccess(): bool {
143 return $this->htaccess->remove_settings( array( $this->get_feature_key() ) );
144 }
145
146 /**
147 * 制限除外パスを取得
148 *
149 * @return array
150 */
151 public function get_exclude_paths(): array {
152 return $this->config->get( self::KEY_PATHS ?? array() );
153 }
154
155 /**
156 * プライベートIP判定
157 *
158 * @param string $ip
159 * @return bool
160 */
161 public function isPrivateIP( string $ip ): bool {
162 if ( false === filter_var( $ip, FILTER_VALIDATE_IP ) ) {
163 return false;
164 }
165
166 return ! ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) );
167 }
168
169 /**
170 * 設定更新
171 *
172 * @return bool
173 */
174 public function update(): bool {
175
176 $allowed_ips = array( '127.0.0.1' );
177 $server_ip = sanitize_text_field( $_SERVER['SERVER_ADDR'] ?? '' );
178
179 if ( false !== filter_var( $server_ip, FILTER_VALIDATE_IP ) ) {
180 if ( false === in_array( $server_ip, $allowed_ips) ) {
181 $allowed_ips[] = $server_ip;
182 }
183 }
184
185 $success_rows = $this->disable_login->get_rows_status_success();
186 foreach ( $success_rows as $success_row ) {
187 $tmp_ip = trim( $success_row['ip'] );
188 if ( false === in_array( $tmp_ip, $allowed_ips) ) {
189 $allowed_ips[] = $tmp_ip;
190 }
191 }
192
193 $allowed_paths = $this->get_exclude_paths();
194 $htaccess_setting = $this->get_htaccess_settings( $allowed_ips, $allowed_paths );
195
196 if ( ! $this->update_htaccess( $htaccess_setting ) ) {
197 $settings = $this->get_settings();
198 $settings[ $this->get_feature_key() ] = 'f';
199 $this->save_settings( $settings );
200
201 return false;
202 }
203
204 return true;
205 }
206
207 /**
208 * テキストから�
209 �列に変換
210 *
211 * @param string $text
212 * @return array
213 */
214 public function text2Array( string $text ): array {
215 $searches = array( "\r\n", "\r" );
216 $text = str_replace( $searches, "\n", $text );
217 $text_array = explode( "\n", $text );
218
219 foreach ( $text_array as &$path ) {
220 $path = preg_replace( '|\s|', '', $path );
221 }
222 unset( $path );
223
224 $text_array = array_filter( $text_array, 'strlen' );
225 $text_array = array_unique( $text_array );
226
227 return $text_array;
228 }
229
230 /**
231 * 有効化
232 * CloudSecureWP_Disable_Login->activate() が�
233 �に実行される�
234 要あり(DBテーブル作成のため)
235 *
236 * @return void
237 */
238 public function activate(): void {
239 $this->save_settings( $this->get_default() );
240 }
241
242 /**
243 * 無効化
244 *
245 * @return void
246 */
247 public function deactivate(): void {
248 $this->remove_htaccess();
249 $this->config->set( self::KEY_FEATURE, 'f' );
250 $this->config->save();
251 }
252 }
253