PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.3.22
CloudSecure WP Security v1.3.22
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / admin / waf.php
cloudsecure-wp-security / modules / admin Last commit date
captcha.php 1 year ago common.php 1 year ago dashboard.php 1 year ago disable-access-system-file.php 7 months ago disable-author-query.php 1 year ago disable-login.php 1 year ago disable-restapi.php 1 year ago disable-xmlrpc.php 1 year ago login-log-table.php 1 year ago login-log.php 1 year ago login-notification.php 1 year ago rename-login-page.php 1 year ago restrict-admin-page.php 1 year ago server-error-notification.php 1 year ago server-error-table.php 1 year ago two-factor-authentication-registration.php 2 years ago two-factor-authentication.php 1 year ago unify-messages.php 1 year ago update-notice.php 1 year ago waf-table.php 1 year ago waf.php 7 months ago
waf.php
260 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 class CloudSecureWP_Admin_Waf extends CloudSecureWP_Admin_Common {
8 private $waf;
9 private $waf_table;
10 private $constant_settings;
11
12 function __construct( array $info, CloudSecureWP_Waf $waf ) {
13 parent::__construct( $info );
14 $this->waf = $waf;
15 $this->waf_table = new CloudSecureWP_Waf_Table( $this->waf );
16 $this->constant_settings = $this->waf->get_constant_settings();
17 $this->prepare_view_data();
18 $this->render();
19 }
20
21
22 /**
23 * 画面表示用のデータを準備
24 */
25 public function prepare_view_data(): void {
26 $this->datas = $this->waf->get_settings();
27
28 if ( ! empty( $_POST ) && check_admin_referer( $this->waf->get_feature_key() . '_csrf' ) ) {
29
30 foreach ( $this->datas as $key => $val ) {
31
32 switch ( $key ) {
33 case 'waf':
34 $tmp = sanitize_text_field( $_POST[ $key ] ?? '' );
35
36 if ( ! $this->is_selected( $tmp, self::TF_VALIES ) ) {
37 $this->errors[] = '有効・無効の値が不正です';
38 }
39
40 if ( ! $this->check_environment() ) {
41 $tmp = 'f';
42 }
43
44 $this->datas[ $key ] = $tmp;
45 break;
46
47 case 'waf_send_admin_mail':
48 $tmp = sanitize_text_field( $_POST[ $key ] ?? '' );
49
50 if ( ! $this->is_selected( $tmp, $this->constant_settings['waf_send_admin_mail'] ) ) {
51 $this->errors[] = 'メール通知の値が不正です';
52 }
53
54 $this->datas[ $key ] = $tmp;
55 break;
56
57 case 'waf_available_rules':
58 $tmp = 0;
59
60 if ( isset( $_POST[ $key ] ) ) {
61 if ( is_array( $_POST[ $key ] ) ) {
62 $sanitized_post_values = array_map( 'sanitize_text_field', $_POST[ $key ] );
63
64 foreach ( $sanitized_post_values as $value ) {
65 if ( ! in_array( intval( $value ), $this->constant_settings['waf_available_rules'], true ) ) {
66 $this->errors[] = '検知する攻撃種別の値が不正です';
67 break;
68 }
69
70 $tmp = $tmp | intval( $value );
71 }
72 } else {
73 $this->errors[] = '検知する攻撃種別の値が不正です';
74 }
75 }
76
77 $this->datas[ $key ] = $tmp;
78 break;
79 }
80 }
81
82 if ( empty( $this->errors ) ) {
83 if ( 't' === $this->datas['waf'] ) {
84 $this->messages[] = 'シンプルWAF機能が有効になりました。';
85 } else {
86 $this->messages[] = 'シンプルWAF機能が無効になりました。';
87 }
88
89 $this->waf->save_settings( $this->datas );
90 }
91 }
92
93 $this->waf_table->prepare_items();
94 $this->datas = $this->get_checked( $this->datas, array( 'waf', 'waf_send_admin_mail' ) );
95 }
96
97 /**
98 * waf機能画面のデスクリプション表示用データ
99 */
100 public function get_waf_description_data(): void {
101 ?>
102 <nav>
103 <ul class="breadcrumb">
104 <li class="breadcrumb__list"><a href="?page=cloudsecurewp">ダッシュボード</a></li>
105 <li class="breadcrumb__list">シンプルWAF</li>
106 </ul>
107 </nav>
108 <div class="title-block mb-12">
109 <p class="title-block-small-text">この機能のマニュアルは<a class="title-block-link" target="_blank" href="https://wpplugin.cloudsecure.ne.jp/cloudsecure_wp_security/waf.php">こちら</a></p>
110 <h1 class="title-block-title">シンプルWAF</h1>
111 </div>
112 <div class="title-bottom-text">
113 WordPressへの基本的な攻撃を検知すると403エラー(Forbidden)を返して検知履歴を記録し、管理�
114 にメールで通知します。<br />
115 1分間以�
116 に同じ種別の攻撃を検知した場合、検知履歴は記録しますが、メールでの通知は行いません。<br />
117 <strong>※機能を有効にした場合のみ、検知履歴を記録します。</strong>
118 </div>
119 <?php
120 }
121
122 /**
123 * waf履歴一覧画面のデスクリプション表示用データ
124 */
125 public function get_log_description_data(): void {
126 ?>
127 <nav>
128 <ul class="breadcrumb">
129 <li class="breadcrumb__list"><a href="?page=cloudsecurewp">ダッシュボード</a></li>
130 <li class="breadcrumb__list"><a href="?page=cloudsecurewp_waf">シンプルWAF</a></li>
131 <li class="breadcrumb__list">検知履歴一覧</li>
132 </ul>
133 </nav>
134 <div class="title-block mb-12">
135 <p class="title-block-small-text">この機能のマニュアルは<a class="title-block-link" target="_blank" href="https://wpplugin.cloudsecure.ne.jp/cloudsecure_wp_security/waf.php">こちら</a></p>
136 <h1 class="title-block-title">検知履歴一覧</h1>
137 </div>
138 <div class="title-bottom-text">
139 シンプルWAFで検知・遮断した攻撃の履歴を表示します。<br />
140 正常なリクエストが遮断された場合、該当する攻撃種別の設定を変更してください。<br />
141 </div>
142 <?php
143 }
144
145 /**
146 * デスクリプション
147 */
148 protected function admin_description(): void {
149 if ( isset( $_GET['childpage'] ) && 'log' === $_GET['childpage'] ) {
150 $this->get_log_description_data();
151 } else {
152 $this->get_waf_description_data();
153 }
154 }
155
156 /**
157 * waf機能画面のページコンテンツ表示用データ
158 */
159 public function get_waf_page_data(): void {
160 $lastkey = '';
161
162 if ( ! empty( $this->constant_settings['waf_rules_category'] ) ) {
163 end( $this->constant_settings['waf_rules_category'] );
164 $lastkey = key( $this->constant_settings['waf_rules_category'] );
165 reset( $this->constant_settings['waf_rules_category'] );
166 }
167
168 ?>
169 <form method="post">
170 <div class="waf-enabled-or-disabled-and-link-button-flex">
171 <div class="enabled-or-disabled">
172 <input class="enabled-or-disabled__btn" id="enabled" type="radio" name="waf" value="t" <?php echo esc_html( $this->datas['waf_t'] ?? '' ); ?> /><label for="enabled">有効</label>
173 <input class="enabled-or-disabled__btn" id="disabled" type="radio" name="waf" value="f" <?php echo esc_html( $this->datas['waf_f'] ?? '' ); ?> /><label for="disabled">無効</label>
174 </div>
175 <div class="link-button next-page"><a href="admin.php?page=cloudsecurewp_waf&childpage=log">検知履歴を表示</a></div>
176 </div>
177 <div class="box">
178 <div class="box-bottom">
179 <div class="box-row flex-start">
180 <div class="box-row-title not-label">メール通知</div>
181 <div class="box-row-content radio-btns">
182 <input type="radio" class="circle-radio" id="waf_send_admin_mail-off" name="waf_send_admin_mail" value="<?php echo esc_attr( $this->constant_settings['waf_send_admin_mail'][0] ); ?>" <?php echo esc_html( $this->datas[ 'waf_send_admin_mail_' . $this->constant_settings['waf_send_admin_mail'][0] ] ?? '' ); ?> /><label for="waf_send_admin_mail-off">通知しない</label><br />
183 <input type="radio" class="circle-radio" id="waf_send_admin_mail-on" name="waf_send_admin_mail" value="<?php echo esc_attr( $this->constant_settings['waf_send_admin_mail'][1] ); ?>" <?php echo esc_html( $this->datas[ 'waf_send_admin_mail_' . $this->constant_settings['waf_send_admin_mail'][1] ] ?? '' ); ?> /><label for="waf_send_admin_mail-on">通知する</label><br />
184 </div>
185 </div>
186 <div class="box-row flex-start">
187 <div class="box-row-title not-label">検知する攻撃種別</div>
188 <div class="box-row-content ">
189 <?php foreach ( $this->constant_settings['waf_rules_category'] as $key => $value ) : ?>
190 <input id="<?php echo esc_attr( $key ); ?>" class="checkbox" type="checkbox" name="waf_available_rules[]" value=<?php echo esc_attr( $key ); ?> <?php echo esc_html( ( ( $key & $this->datas['waf_available_rules'] ) > 0 ) ? 'checked' : '' ); ?> /><label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $value ); ?></label>
191 <?php if ( $key !== $lastkey ) : ?>
192 <br/>
193 <?php endif; ?>
194 <?php endforeach; ?>
195 </div>
196 </div>
197 </div>
198 </div>
199 <div id="submit-btn-area">
200 <?php $this->nonce_wp( $this->waf->get_feature_key() ); ?>
201 <?php $this->submit_button_wp(); ?>
202 </div>
203 </form>
204 <?php
205 }
206
207 /**
208 * waf履歴一覧画面のページコンテンツ表示用データ
209 */
210 public function get_log_page_data(): void {
211 ?>
212 <div class="waf-table-and-link-button" >
213 <div class="waf-link-button-position link-button back-page"><a href="admin.php?page=cloudsecurewp_waf">戻る</a></div>
214 <style>
215 table.cloudsecure-wp-security_page_cloudsecurewp_waf{
216 margin: 20px 0;
217 }
218 .tablenav {
219 height: 30px;
220 margin: 6px 0 4px;
221 padding-top: 0px;
222 }
223
224 th.column-access_at {
225 width: 13em;
226 }
227
228 th.column-attack {
229 width: 14%;
230 }
231
232 th.column-ip {
233 width: 13em;
234 }
235
236 th.sortable a, th.sorted a {
237 display: block;
238 overflow: hidden;
239 padding: 12px 8px 12px 23px;
240 }
241
242 </style>
243 <?php $this->waf_table->display(); ?>
244 </div>
245 <?php
246 }
247
248 /**
249 * ページコンテンツ
250 */
251 protected function page(): void {
252 if ( isset( $_GET['childpage'] ) && 'log' === $_GET['childpage'] ) {
253 $this->get_log_page_data();
254 } else {
255 $this->get_waf_page_data();
256 }
257
258 }
259 }
260