admin
4 months ago
cli
8 months ago
lib
4 months ago
captcha.php
3 months ago
cloudsecure-wp.php
4 months ago
common.php
4 months ago
config.php
2 years ago
disable-access-system-file.php
4 months ago
disable-author-query.php
2 years ago
disable-login.php
1 year ago
disable-restapi.php
7 months ago
disable-xmlrpc.php
1 year ago
htaccess.php
5 months ago
login-log.php
4 months ago
login-notification.php
1 year ago
rename-login-page.php
1 year ago
restrict-admin-page.php
10 months ago
server-error-notification.php
1 year ago
two-factor-authentication.php
4 months ago
unify-messages.php
2 years ago
update-notice.php
7 months ago
waf-engine.php
4 months ago
waf.php
4 months ago
disable-access-system-file.php
118 lines
| 1 | <?php |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; |
| 5 | } |
| 6 | |
| 7 | class CloudSecureWP_Disable_Access_System_File extends CloudSecureWP_Waf_Engine { |
| 8 | private const KEY_FEATURE = 'disable_access_system_file'; |
| 9 | private const AVAILABLE_RULES = 1; // waf機能でいう検知する攻撃種別について、本機能では1種類のため1で固定 |
| 10 | private $disable_access_system_file_rules; |
| 11 | private $config; |
| 12 | |
| 13 | function __construct( array $info, CloudSecureWP_Config $config ) { |
| 14 | parent::__construct( $info ); |
| 15 | $this->config = $config; |
| 16 | $this->disable_access_system_file_rules = new CloudSecureWP_Disable_Access_System_File_Rules(); |
| 17 | } |
| 18 | |
| 19 | /** |
| 20 | * 機能毎のKEY取得 |
| 21 | * |
| 22 | * @return string |
| 23 | */ |
| 24 | public function get_feature_key(): string { |
| 25 | return self::KEY_FEATURE; |
| 26 | } |
| 27 | |
| 28 | /** |
| 29 | * 有効無効判定 |
| 30 | * |
| 31 | * @return bool |
| 32 | */ |
| 33 | public function is_enabled(): bool { |
| 34 | return $this->config->get( $this->get_feature_key() ) === 't' ? true : false; |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * 初期設定値取得 |
| 39 | * |
| 40 | * @return array |
| 41 | */ |
| 42 | public function get_default(): array { |
| 43 | $ret = array( |
| 44 | self::KEY_FEATURE => $this->check_environment() ? 't' : 'f', |
| 45 | ); |
| 46 | return $ret; |
| 47 | } |
| 48 | |
| 49 | /** |
| 50 | * 設定値取得 |
| 51 | */ |
| 52 | public function get_settings(): array { |
| 53 | $settings = array(); |
| 54 | $default = $this->get_default(); |
| 55 | |
| 56 | foreach ( $default as $key => $val ) { |
| 57 | $settings[ $key ] = $this->config->get( $key ); |
| 58 | } |
| 59 | |
| 60 | return $settings; |
| 61 | } |
| 62 | |
| 63 | /** |
| 64 | * 設定値保存 |
| 65 | * |
| 66 | * @param array $settings |
| 67 | * @return void |
| 68 | */ |
| 69 | public function save_settings( $settings ): void { |
| 70 | $default = $this->get_default(); |
| 71 | |
| 72 | foreach ( $default as $key => $val ) { |
| 73 | $this->config->set( $key, $settings[ $key ] ?? '' ); |
| 74 | } |
| 75 | |
| 76 | $this->config->save(); |
| 77 | } |
| 78 | |
| 79 | /** |
| 80 | * システム設定ファイルアクセス制限 |
| 81 | */ |
| 82 | public function init(): void { |
| 83 | $waf_rules = $this->disable_access_system_file_rules->get_waf_rules(); |
| 84 | $locationmatch_rules = $this->disable_access_system_file_rules->get_locationmatch_rules(); |
| 85 | $remove_rules = array( |
| 86 | 'ajax_editor' => array( '950005' ), |
| 87 | 'ajax_customize' => array( '950005' ), |
| 88 | 'rest_api' => array( '950005' ), |
| 89 | ); |
| 90 | |
| 91 | $results = $this->waf_engine( $waf_rules, $locationmatch_rules, self::AVAILABLE_RULES, $remove_rules ); |
| 92 | |
| 93 | if ( $results['is_deny'] ) { |
| 94 | $this->page403(); |
| 95 | exit; |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | /** |
| 100 | * 有効化 |
| 101 | * |
| 102 | * @return void |
| 103 | */ |
| 104 | public function activate(): void { |
| 105 | $this->save_settings( $this->get_default() ); |
| 106 | } |
| 107 | |
| 108 | /** |
| 109 | * 無効化 |
| 110 | * |
| 111 | * @return void |
| 112 | */ |
| 113 | public function deactivate(): void { |
| 114 | $this->config->set( $this->get_feature_key(), 'f' ); |
| 115 | $this->config->save(); |
| 116 | } |
| 117 | } |
| 118 |