PluginProbe ʕ •ᴥ•ʔ
CloudSecure WP Security / 1.4.5
CloudSecure WP Security v1.4.5
1.4.10 1.4.9 trunk 0.9.0 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.1 1.3.10 1.3.11 1.3.12 1.3.13 1.3.14 1.3.15 1.3.16 1.3.17 1.3.18 1.3.19 1.3.2 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8
cloudsecure-wp-security / modules / restrict-admin-page.php
cloudsecure-wp-security / modules Last commit date
admin 4 months ago cli 8 months ago lib 4 months ago captcha.php 3 months ago cloudsecure-wp.php 3 months ago common.php 4 months ago config.php 2 years ago disable-access-system-file.php 4 months ago disable-author-query.php 2 years ago disable-login.php 1 year ago disable-restapi.php 7 months ago disable-xmlrpc.php 1 year ago htaccess.php 5 months ago login-log.php 4 months ago login-notification.php 1 year ago rename-login-page.php 1 year ago restrict-admin-page.php 10 months ago server-error-notification.php 1 year ago two-factor-authentication.php 4 months ago unify-messages.php 2 years ago update-notice.php 7 months ago waf-engine.php 4 months ago waf.php 4 months ago
restrict-admin-page.php
273 lines
1 <?php
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit;
5 }
6
7 class CloudSecureWP_Restrict_Admin_Page extends CloudSecureWP_Common {
8 private const KEY_FEATURE = 'restrict_admin_page';
9 private const KEY_PATHS = self::KEY_FEATURE . '_paths';
10 private const DEFAULT_PATHS = array( 'css', 'images', 'admin-ajax.php', 'load-styles.php', 'site-health.php' );
11 private $config;
12 private $htaccess;
13 private $disable_login;
14
15 function __construct( array $info, CloudSecureWP_Config $config, CloudSecureWP_Htaccess $htaccess, CloudSecureWP_Disable_Login $disable_login ) {
16 parent::__construct( $info );
17 $this->config = $config;
18 $this->htaccess = $htaccess;
19 $this->disable_login = $disable_login;
20 }
21
22 /**
23 * 機能毎のKEY取得
24 *
25 * @return string
26 */
27 public function get_feature_key(): string {
28 return self::KEY_FEATURE;
29 }
30
31 /**
32 * 有効無効判定
33 *
34 * @return bool
35 */
36 public function is_enabled(): bool {
37 return $this->config->get( $this->get_feature_key() ) === 't' ? true : false;
38 }
39
40 /**
41 * 初期設定値取得
42 *
43 * @return array
44 */
45 public function get_default(): array {
46 $ret = array(
47 // self::KEY_FEATURE => $this->check_environment() && $this->htaccess->is_enabled() ? 't' : 'f',
48 self::KEY_FEATURE => 'f',
49 self::KEY_PATHS => self::DEFAULT_PATHS,
50 );
51 return $ret;
52 }
53
54 /**
55 * 設定値取得
56 */
57 public function get_settings(): array {
58 $settings = array();
59 $default = $this->get_default();
60
61 foreach ( $default as $key => $val ) {
62 $settings[ $key ] = $this->config->get( $key );
63 }
64
65 return $settings;
66 }
67
68 /**
69 * 設定値保存
70 *
71 * @param array $settings
72 * @return void
73 */
74 public function save_settings( $settings ): void {
75 $default = $this->get_default();
76
77 foreach ( $default as $key => $val ) {
78 $this->config->set( $key, $settings[ $key ] ?? '' );
79 }
80
81 $this->config->save();
82 }
83
84
85 /**
86 * htaccessに書き出す設定を取得
87 *
88 * @param array $allow_ips
89 * @param array $allow_paths
90 * @return string
91 */
92 private function get_htaccess_settings( array $allow_ips, array $allow_paths ): string {
93 $rules = '';
94 foreach ( $allow_paths as $path ) {
95 $rules .= ' RewriteRule ^wp-admin/' . str_replace( '.', '\.', $path ) . " - [L]\n";
96 }
97
98 $conds = '';
99 foreach ( $allow_ips as $ip ) {
100 $conds .= ' RewriteCond %{REMOTE_ADDR} !^' . str_replace( '.', '\.', $ip ) . "$\n";
101 }
102
103 $parse = parse_url( site_url() );
104 $base = ( $parse['path'] ?? '' ) . '/';
105 $page404 = self::PAGE_404;
106
107 $setting = "<IfModule mod_rewrite.c>" . "\n";
108 $setting .= " RewriteEngine on" . "\n";
109 $setting .= " RewriteBase {$base}" . "\n";
110 $setting .= " RewriteRule ^{$page404} - [L]\n{$rules}{$conds} RewriteRule ^wp-admin {$page404} [L]" . "\n";
111 $setting .= "</IfModule>" . "\n";
112
113 return $setting;
114 }
115
116 /**
117 * htaccessに書き出す設定を更新
118 *
119 * @param string $htaccess_settings
120 * @return bool
121 */
122 public function update_htaccess( string $htaccess_settings ): bool {
123 $plugin_tag = $this->htaccess->get_plugin_settings_tag();
124 $tag = $this->get_feature_key();
125
126 if ( $this->htaccess->setting_tag_exists( $plugin_tag ) ) {
127 if ( $this->htaccess->setting_tag_exists( $tag ) ) {
128 if ( ! $this->remove_htaccess() ) {
129 return false;
130 }
131 }
132 } else {
133 if ( ! $this->htaccess->add_plugin_settings_tag() ) {
134 return false;
135 }
136 }
137 $ret = $this->htaccess->add_feature_setting( $tag, $htaccess_settings );
138
139 return $ret;
140 }
141
142 /**
143 * htaccessから設定を削除
144 *
145 * @return bool
146 */
147 public function remove_htaccess(): bool {
148 return $this->htaccess->remove_settings( array( $this->get_feature_key() ) );
149 }
150
151 /**
152 * 制限除外パスを取得
153 *
154 * @return array
155 */
156 public function get_exclude_paths(): array {
157 return $this->config->get( self::KEY_PATHS ) ?? array();
158 }
159
160 /**
161 * プライベートIP判定
162 *
163 * @param string $ip
164 * @return bool
165 */
166 public function isPrivateIP( string $ip ): bool {
167 if ( false === filter_var( $ip, FILTER_VALIDATE_IP ) ) {
168 return false;
169 }
170
171 return ! ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) );
172 }
173
174 /**
175 * 設定更新
176 *
177 * @return bool
178 */
179 public function update(): bool {
180 $allowed_ips = array( '127.0.0.1' );
181 $server_ip = sanitize_text_field( $_SERVER['SERVER_ADDR'] ?? '' );
182
183 if ( false !== filter_var( $server_ip, FILTER_VALIDATE_IP ) ) {
184 if ( false === in_array( $server_ip, $allowed_ips ) ) {
185 $allowed_ips[] = $server_ip;
186 }
187 }
188
189 $client_ip = $this->get_client_ip();
190
191 if ( false !== filter_var( $client_ip, FILTER_VALIDATE_IP ) ) {
192 if ( false === in_array( $client_ip, $allowed_ips ) ) {
193 $allowed_ips[] = $client_ip;
194 }
195 }
196
197 $success_rows = $this->disable_login->get_rows_status_success();
198 foreach ( $success_rows as $success_row ) {
199 $tmp_ip = trim( $success_row['ip'] );
200 if ( false === in_array( $tmp_ip, $allowed_ips ) ) {
201 $allowed_ips[] = $tmp_ip;
202 }
203 }
204
205 $allowed_paths = $this->get_exclude_paths();
206 $htaccess_setting = $this->get_htaccess_settings( $allowed_ips, $allowed_paths );
207
208 if ( ! $this->update_htaccess( $htaccess_setting ) ) {
209 $settings = $this->get_settings();
210 $settings[ $this->get_feature_key() ] = 'f';
211 $this->save_settings( $settings );
212
213 return false;
214 }
215
216 return true;
217 }
218
219 /**
220 * テキストから�
221 �列に変換
222 *
223 * @param string $text
224 * @return array
225 */
226 public function text2Array( string $text ): array {
227 $searches = array( "\r\n", "\r" );
228 $text = str_replace( $searches, "\n", $text );
229 $text_array = explode( "\n", $text );
230
231 foreach ( $text_array as &$path ) {
232 $path = preg_replace( '|\s|', '', $path );
233 }
234 unset( $path );
235
236 $text_array = array_filter( $text_array, 'strlen' );
237 $text_array = array_unique( $text_array );
238
239 return $text_array;
240 }
241
242 /**
243 * 管理画面に通知表示
244 */
245 public function admin_notices() {
246 $feature = '管理画面アクセス制限';
247 $this->prepare_admin_notices( self::KEY_FEATURE, $feature );
248 }
249
250 /**
251 * 有効化
252 * CloudSecureWP_Disable_Login->activate() が�
253 �に実行される�
254 要あり(DBテーブル作成のため)
255 *
256 * @return void
257 */
258 public function activate(): void {
259 $this->save_settings( $this->get_default() );
260 }
261
262 /**
263 * 無効化
264 *
265 * @return void
266 */
267 public function deactivate(): void {
268 $this->remove_htaccess();
269 $this->config->set( self::KEY_FEATURE, 'f' );
270 $this->config->save();
271 }
272 }
273