admin
5 months ago
cli
8 months ago
lib
11 months ago
captcha.php
2 years ago
cloudsecure-wp.php
5 months ago
common.php
1 year ago
config.php
2 years ago
disable-access-system-file.php
1 year ago
disable-author-query.php
2 years ago
disable-login.php
1 year ago
disable-restapi.php
7 months ago
disable-xmlrpc.php
1 year ago
htaccess.php
5 months ago
login-log.php
1 year ago
login-notification.php
1 year ago
rename-login-page.php
1 year ago
restrict-admin-page.php
10 months ago
server-error-notification.php
1 year ago
two-factor-authentication.php
6 months ago
unify-messages.php
2 years ago
update-notice.php
7 months ago
waf-engine.php
7 months ago
waf.php
1 year ago
common.php
297 lines
| 1 | <?php |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; |
| 5 | } |
| 6 | |
| 7 | require_once ABSPATH . 'wp-admin/includes/plugin.php'; |
| 8 | require_once ABSPATH . 'wp-includes/pluggable.php'; |
| 9 | |
| 10 | class CloudSecureWP_Common { |
| 11 | public const MESSAGES = array( |
| 12 | 'error_multisite' => 'WordPressマルチサイトには対応していません', |
| 13 | 'error_htaccess_update' => '.htaccessファイルの更新に失敗しました', |
| 14 | 'error_conflict_plugin' => '競合するプラグインが有効化されています', |
| 15 | ); |
| 16 | |
| 17 | public const CONFLICT_PLUGINS = array( |
| 18 | array( |
| 19 | 'name' => 'SiteGuard WP Plugin', |
| 20 | 'path' => 'siteguard/siteguard.php', |
| 21 | ), |
| 22 | ); |
| 23 | |
| 24 | public const PAGE_404 = 'cloudsecurewp_404'; |
| 25 | protected const LOGIN_STATUS_SUCCESS = 1; |
| 26 | protected const LOGIN_STATUS_FAILED = 2; |
| 27 | protected const LOGIN_STATUS_DISABLED = 3; |
| 28 | protected const LOGIN_STATUS_DATAS = array( |
| 29 | self::LOGIN_STATUS_SUCCESS => '成功', |
| 30 | self::LOGIN_STATUS_FAILED => '失敗', |
| 31 | self::LOGIN_STATUS_DISABLED => '無効', |
| 32 | ); |
| 33 | protected $info; |
| 34 | |
| 35 | function __construct( array $info ) { |
| 36 | $this->info = $info; |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * エラーログ出力 |
| 41 | * |
| 42 | * @param string $msg |
| 43 | * @param string $tag |
| 44 | * @return bool |
| 45 | */ |
| 46 | protected function error_log( string $msg, string $tag = '' ): bool { |
| 47 | $file_path = $this->info['plugin_path'] . 'log/' . date_i18n( 'Ymd_' ) . 'error.log'; |
| 48 | |
| 49 | if ( '' !== $tag ) { |
| 50 | $tag = '[' . $tag . '] '; |
| 51 | } else { |
| 52 | $tag = ' '; |
| 53 | } |
| 54 | |
| 55 | if ( false === file_put_contents( $file_path, '[' . date_i18n( 'His' ) . ']' . $tag . $msg . "\n", FILE_APPEND | LOCK_EX ) ) { |
| 56 | return false; |
| 57 | } |
| 58 | return true; |
| 59 | } |
| 60 | |
| 61 | /** |
| 62 | * WP cron 有効判定 |
| 63 | * |
| 64 | * @return bool |
| 65 | */ |
| 66 | protected function cron_enabled(): bool { |
| 67 | if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) { |
| 68 | return false; |
| 69 | } |
| 70 | return true; |
| 71 | } |
| 72 | |
| 73 | /** |
| 74 | * WP mail 送信 |
| 75 | * |
| 76 | * @param string $to |
| 77 | * @param string $subject |
| 78 | * @param string $body |
| 79 | * @return bool |
| 80 | */ |
| 81 | public function wp_send_mail( string $to, string $subject, string $body ): bool { |
| 82 | $subject = '【' . get_option( 'blogname' ) . '】 ' . $subject; |
| 83 | |
| 84 | if ( @wp_mail( $to, $subject, $body ) ) { |
| 85 | return true; |
| 86 | } |
| 87 | return false; |
| 88 | } |
| 89 | |
| 90 | /** |
| 91 | * クライアントIP取得 |
| 92 | * |
| 93 | * @return string |
| 94 | */ |
| 95 | public function get_client_ip(): string { |
| 96 | return sanitize_text_field( $_SERVER['REMOTE_ADDR'] ?? '' ); |
| 97 | } |
| 98 | |
| 99 | /** |
| 100 | * 競合プラグイン有効判定 |
| 101 | * |
| 102 | * @return string |
| 103 | */ |
| 104 | protected function get_conflict_plugin_name(): string { |
| 105 | $plugins = self::CONFLICT_PLUGINS; |
| 106 | $ret = ''; |
| 107 | |
| 108 | foreach ( $plugins as $plugin_row ) { |
| 109 | if ( is_plugin_active( $plugin_row['path'] ) ) { |
| 110 | $ret = $plugin_row['name']; |
| 111 | break; |
| 112 | } |
| 113 | } |
| 114 | |
| 115 | return $ret; |
| 116 | } |
| 117 | |
| 118 | /** |
| 119 | * 管理� |
| 120 | のユーザー� |
| 121 | 報� |
| 122 | �件取得 |
| 123 | */ |
| 124 | public function get_admin_users(): array { |
| 125 | $args = array( |
| 126 | 'role' => 'administrator', |
| 127 | 'fields' => 'all', |
| 128 | ); |
| 129 | |
| 130 | return get_users( $args ); |
| 131 | } |
| 132 | |
| 133 | /** |
| 134 | * � |
| 135 | �列からテキストに変換 |
| 136 | * |
| 137 | * @param array $array |
| 138 | * @return string |
| 139 | */ |
| 140 | public function array2Text( array $array ): string { |
| 141 | return implode( "\n", $array ); |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * 動作環境チェック |
| 146 | * |
| 147 | * @return bool |
| 148 | */ |
| 149 | public function check_environment(): bool { |
| 150 | if ( ! is_multisite() ) { |
| 151 | if ( '' === $this->get_conflict_plugin_name() ) { |
| 152 | return true; |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | return false; |
| 157 | } |
| 158 | |
| 159 | /** |
| 160 | * 機能OFF 管理画面に通知表示 |
| 161 | */ |
| 162 | public function prepare_admin_notices( $key_feature, $feature ) { |
| 163 | if ( ! current_user_can( 'administrator' ) ) { |
| 164 | return; |
| 165 | } |
| 166 | |
| 167 | ?> |
| 168 | <div class="notice notice-error is-dismissible"> |
| 169 | <p><strong>【CloudSecure WP Security】</strong></p> |
| 170 | <p>.htaccessファイルに変更が加えられたため、一時的に<strong><?php esc_html( print( $feature ) ); ?>機能</strong>を無効にしました。</p> |
| 171 | <p>再度有効にする場合は、<a href="<?php esc_html( print( admin_url( 'admin.php?page=cloudsecurewp_' . $key_feature ) ) ); ?>">設定画面</a>から機能を有効にしてください。</p> |
| 172 | </div> |
| 173 | <?php |
| 174 | } |
| 175 | |
| 176 | |
| 177 | /** |
| 178 | * USERAGENT 取得 |
| 179 | * |
| 180 | * @return string |
| 181 | */ |
| 182 | public function get_http_user_agent(): string { |
| 183 | return sanitize_text_field( $_SERVER['HTTP_USER_AGENT'] ?? '' ); |
| 184 | } |
| 185 | |
| 186 | /** |
| 187 | * HTTP_REFERER 取得 |
| 188 | * |
| 189 | * @return string |
| 190 | */ |
| 191 | public function get_http_referer(): string { |
| 192 | return sanitize_url( $_SERVER['HTTP_REFERER'] ?? '' ); |
| 193 | } |
| 194 | |
| 195 | /** |
| 196 | * クエリ文字列部分を除いた REQUEST_URI 取得 |
| 197 | * |
| 198 | * @return string |
| 199 | */ |
| 200 | public function get_request_uri(): string { |
| 201 | $request_uri = ''; |
| 202 | if ( ! empty( $_SERVER['REQUEST_URI'] ) ) { |
| 203 | if ( ! empty( $_SERVER['QUERY_STRING'] ) ) { |
| 204 | $request_uri = str_replace( '?' . $_SERVER['QUERY_STRING'], '', $_SERVER['REQUEST_URI'] ); |
| 205 | } else { |
| 206 | $request_uri = $_SERVER['REQUEST_URI']; |
| 207 | } |
| 208 | |
| 209 | if ( false === $request_uri ) { |
| 210 | $request_uri = ''; |
| 211 | } |
| 212 | } |
| 213 | |
| 214 | return $request_uri; |
| 215 | } |
| 216 | |
| 217 | /** |
| 218 | * REQAUEST_HEADER 取得 |
| 219 | * |
| 220 | * @return array |
| 221 | */ |
| 222 | public function get_http_request_headers(): array { |
| 223 | $request_headers = array(); |
| 224 | |
| 225 | if ( ! empty( $_SERVER ) ) { |
| 226 | foreach ( $_SERVER as $key => $value ) { |
| 227 | if ( substr( $key, 0, 5 ) === 'HTTP_' ) { |
| 228 | $request_headers[ ucwords( str_replace( '_', '-', strtolower( substr( $key, 5 ) ) ), '-' ) ] = $value; |
| 229 | } |
| 230 | } |
| 231 | |
| 232 | if ( isset( $_SERVER['CONTENT_TYPE'] ) ) { |
| 233 | $request_headers['Content-Type'] = $_SERVER['CONTENT_TYPE']; |
| 234 | } |
| 235 | } |
| 236 | |
| 237 | return $request_headers; |
| 238 | } |
| 239 | |
| 240 | /** |
| 241 | * 年月日取得 |
| 242 | * |
| 243 | * @param string $delimiter |
| 244 | * @return string |
| 245 | */ |
| 246 | public function get_date( string $delimiter = '/' ): string { |
| 247 | return date_i18n( "Y{$delimiter}m{$delimiter}d" ); |
| 248 | } |
| 249 | |
| 250 | /** |
| 251 | * 時分秒取得 |
| 252 | * |
| 253 | * @return string |
| 254 | */ |
| 255 | public function get_time(): string { |
| 256 | return date_i18n( 'H:i:s' ); |
| 257 | } |
| 258 | |
| 259 | /** |
| 260 | * ログインステータス� |
| 261 | 報取得 |
| 262 | */ |
| 263 | public function get_login_status_datas(): array { |
| 264 | return self::LOGIN_STATUS_DATAS; |
| 265 | } |
| 266 | |
| 267 | /** |
| 268 | * 404 |
| 269 | */ |
| 270 | public function page404(): void { |
| 271 | $page = get_404_template(); |
| 272 | |
| 273 | if ( '' !== $page ) { |
| 274 | global $wp_query; |
| 275 | |
| 276 | status_header( 404 ); |
| 277 | nocache_headers(); |
| 278 | $wp_query->set_404(); |
| 279 | include $page; |
| 280 | |
| 281 | } else { |
| 282 | wp_safe_redirect( home_url( self::PAGE_404 ) ); |
| 283 | } |
| 284 | |
| 285 | exit; |
| 286 | } |
| 287 | |
| 288 | /** |
| 289 | * 403 |
| 290 | */ |
| 291 | public function page403(): void { |
| 292 | status_header( 403, 'Forbidden' ); |
| 293 | nocache_headers(); |
| 294 | exit; |
| 295 | } |
| 296 | } |
| 297 |