PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.2.5
CloudSecure WP Security v1.2.5
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / restrict-admin-page.php
cloudsecure-wp-security / modules Last commit date
admin 2 years ago lib 2 years ago captcha.php 2 years ago cloudsecure-wp.php 2 years ago common.php 2 years ago config.php 2 years ago disable-author-query.php 2 years ago disable-login.php 2 years ago disable-restapi.php 2 years ago disable-xmlrpc.php 2 years ago htaccess.php 2 years ago login-log.php 2 years ago login-notification.php 2 years ago rename-login-page.php 2 years ago restrict-admin-page.php 2 years ago server-error-notification.php 2 years ago two-factor-authentication.php 2 years ago unify-messages.php 2 years ago update-notice.php 2 years ago
restrict-admin-page.php
266 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 class CloudSecureWP_Restrict_Admin_Page extends CloudSecureWP_Common {
8 private const KEY_FEATURE = 'restrict_admin_page';
9 private const KEY_PATHS = self::KEY_FEATURE . '_paths';
10 private const DEFAULT_PATHS = array( 'css', 'images', 'admin-ajax.php', 'load-styles.php', 'site-health.php' );
11 private $config;
12 private $htaccess;
13 private $disable_login;
14
15 function __construct( array $info, CloudSecureWP_Config $config, CloudSecureWP_Htaccess $htaccess, CloudSecureWP_Disable_Login $disable_login ) {
16 parent::__construct( $info );
17 $this->config = $config;
18 $this->htaccess = $htaccess;
19 $this->disable_login = $disable_login;
20 }
21
22 /**
23 * 機能毎のKEY取得
24 *
25 * @return string
26 */
27 public function get_feature_key(): string {
28 return self::KEY_FEATURE;
29 }
30
31 /**
32 * 有効無効判定
33 *
34 * @return bool
35 */
36 public function is_enabled(): bool {
37 return $this->config->get( $this->get_feature_key() ) === 't' ? true : false;
38 }
39
40 /**
41 * 初期設定値取得
42 *
43 * @return array
44 */
45 public function get_default(): array {
46 $ret = array(
47 // self::KEY_FEATURE => $this->check_environment() && $this->htaccess->is_enabled() ? 't' : 'f',
48 self::KEY_FEATURE => 'f',
49 self::KEY_PATHS => self::DEFAULT_PATHS,
50 );
51 return $ret;
52 }
53
54 /**
55 * 設定値取得
56 */
57 public function get_settings(): array {
58 $settings = array();
59 $default = $this->get_default();
60
61 foreach ( $default as $key => $val ) {
62 $settings[ $key ] = $this->config->get( $key );
63 }
64
65 return $settings;
66 }
67
68 /**
69 * 設定値保存
70 *
71 * @param array $settings
72 * @return void
73 */
74 public function save_settings( $settings ): void {
75 $default = $this->get_default();
76
77 foreach ( $default as $key => $val ) {
78 $this->config->set( $key, $settings[ $key ] ?? '' );
79 }
80
81 $this->config->save();
82 }
83
84
85 /**
86 * htaccessに書き出す設定を取得
87 *
88 * @param array $allow_ips
89 * @param array $allow_paths
90 * @return string
91 */
92 private function get_htaccess_settings( array $allow_ips, array $allow_paths ): string {
93 $rules = '';
94 foreach ( $allow_paths as $path ) {
95 $rules .= ' RewriteRule ^wp-admin/' . str_replace( '.', '\.', $path ) . " - [L]\n";
96 }
97
98 $conds = '';
99 foreach ( $allow_ips as $ip ) {
100 $conds .= ' RewriteCond %{REMOTE_ADDR} !^' . str_replace( '.', '\.', $ip ) . "$\n";
101 }
102
103 $parse = parse_url( site_url() );
104 $base = ( $parse['path'] ?? '' ) . '/';
105 $page404 = self::PAGE_404;
106
107 $setting = "<IfModule mod_rewrite.c>" . "\n";
108 $setting .= " RewriteEngine on" . "\n";
109 $setting .= " RewriteBase {$base}" . "\n";
110 $setting .= " RewriteRule ^{$page404} - [L]\n{$rules}{$conds} RewriteRule ^wp-admin {$page404} [L]" . "\n";
111 $setting .= "</IfModule>" . "\n";
112
113 return $setting;
114 }
115
116 /**
117 * htaccessに書き出す設定を更新
118 *
119 * @param string $htaccess_settings
120 * @return bool
121 */
122 public function update_htaccess( string $htaccess_settings ): bool {
123 $plugin_tag = $this->htaccess->get_plugin_settings_tag();
124 $tag = $this->get_feature_key();
125
126 if ( $this->htaccess->setting_tag_exists( $plugin_tag ) ) {
127 if ( $this->htaccess->setting_tag_exists( $tag ) ) {
128 if ( ! $this->remove_htaccess() ) {
129 return false;
130 }
131 }
132 } else {
133 if ( ! $this->htaccess->add_plugin_settings_tag() ) {
134 return false;
135 }
136 }
137 $ret = $this->htaccess->add_feature_setting( $tag, $htaccess_settings );
138
139 return $ret;
140 }
141
142 /**
143 * htaccessから設定を削除
144 *
145 * @return bool
146 */
147 public function remove_htaccess(): bool {
148 return $this->htaccess->remove_settings( array( $this->get_feature_key() ) );
149 }
150
151 /**
152 * 制限除外パスを取得
153 *
154 * @return array
155 */
156 public function get_exclude_paths(): array {
157 return $this->config->get( self::KEY_PATHS ?? array() );
158 }
159
160 /**
161 * プライベートIP判定
162 *
163 * @param string $ip
164 * @return bool
165 */
166 public function isPrivateIP( string $ip ): bool {
167 if ( false === filter_var( $ip, FILTER_VALIDATE_IP ) ) {
168 return false;
169 }
170
171 return ! ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) );
172 }
173
174 /**
175 * 設定更新
176 *
177 * @return bool
178 */
179 public function update(): bool {
180
181 $allowed_ips = array( '127.0.0.1' );
182 $server_ip = sanitize_text_field( $_SERVER['SERVER_ADDR'] ?? '' );
183
184 if ( false !== filter_var( $server_ip, FILTER_VALIDATE_IP ) ) {
185 if ( false === in_array( $server_ip, $allowed_ips) ) {
186 $allowed_ips[] = $server_ip;
187 }
188 }
189
190 $client_ip = $this->get_client_ip();
191
192 if ( false !== filter_var( $client_ip, FILTER_VALIDATE_IP ) ) {
193 if ( false === in_array( $client_ip, $allowed_ips) ) {
194 $allowed_ips[] = $client_ip;
195 }
196 }
197
198 $success_rows = $this->disable_login->get_rows_status_success();
199 foreach ( $success_rows as $success_row ) {
200 $tmp_ip = trim( $success_row['ip'] );
201 if ( false === in_array( $tmp_ip, $allowed_ips) ) {
202 $allowed_ips[] = $tmp_ip;
203 }
204 }
205
206 $allowed_paths = $this->get_exclude_paths();
207 $htaccess_setting = $this->get_htaccess_settings( $allowed_ips, $allowed_paths );
208
209 if ( ! $this->update_htaccess( $htaccess_setting ) ) {
210 $settings = $this->get_settings();
211 $settings[ $this->get_feature_key() ] = 'f';
212 $this->save_settings( $settings );
213
214 return false;
215 }
216
217 return true;
218 }
219
220 /**
221 * テキストから�
222 �列に変換
223 *
224 * @param string $text
225 * @return array
226 */
227 public function text2Array( string $text ): array {
228 $searches = array( "\r\n", "\r" );
229 $text = str_replace( $searches, "\n", $text );
230 $text_array = explode( "\n", $text );
231
232 foreach ( $text_array as &$path ) {
233 $path = preg_replace( '|\s|', '', $path );
234 }
235 unset( $path );
236
237 $text_array = array_filter( $text_array, 'strlen' );
238 $text_array = array_unique( $text_array );
239
240 return $text_array;
241 }
242
243 /**
244 * 有効化
245 * CloudSecureWP_Disable_Login->activate() が�
246 �に実行される�
247 要あり(DBテーブル作成のため)
248 *
249 * @return void
250 */
251 public function activate(): void {
252 $this->save_settings( $this->get_default() );
253 }
254
255 /**
256 * 無効化
257 *
258 * @return void
259 */
260 public function deactivate(): void {
261 $this->remove_htaccess();
262 $this->config->set( self::KEY_FEATURE, 'f' );
263 $this->config->save();
264 }
265 }
266