admin
2 months ago
cli
2 months ago
lib
3 months ago
captcha.php
3 months ago
cloudsecure-wp.php
2 months ago
common.php
2 months ago
config.php
2 years ago
disable-access-system-file.php
4 months ago
disable-author-query.php
2 years ago
disable-login.php
2 months ago
disable-restapi.php
2 months ago
disable-xmlrpc.php
1 year ago
htaccess.php
3 months ago
login-log.php
2 months ago
login-notification.php
1 year ago
rename-login-page.php
3 months ago
restrict-admin-page.php
3 months ago
server-error-notification.php
2 months ago
two-factor-authentication.php
2 months ago
unify-messages.php
2 years ago
update-notice.php
7 months ago
waf-engine.php
3 months ago
waf.php
2 months ago
common.php
305 lines
| 1 | <?php |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; |
| 5 | } |
| 6 | |
| 7 | require_once ABSPATH . 'wp-admin/includes/plugin.php'; |
| 8 | require_once ABSPATH . 'wp-includes/pluggable.php'; |
| 9 | |
| 10 | class CloudSecureWP_Common { |
| 11 | public const MESSAGES = array( |
| 12 | 'error_multisite' => 'WordPressマルチサイトには対応していません', |
| 13 | 'error_htaccess_update' => '.htaccessファイルの更新に失敗しました', |
| 14 | 'error_conflict_plugin' => '競合するプラグインが有効化されています', |
| 15 | ); |
| 16 | |
| 17 | public const CONFLICT_PLUGINS = array( |
| 18 | array( |
| 19 | 'name' => 'SiteGuard WP Plugin', |
| 20 | 'path' => 'siteguard/siteguard.php', |
| 21 | ), |
| 22 | ); |
| 23 | |
| 24 | public const PAGE_404 = 'cloudsecurewp_404'; |
| 25 | protected const LOGIN_STATUS_SUCCESS = 1; |
| 26 | protected const LOGIN_STATUS_FAILED = 2; |
| 27 | protected const LOGIN_STATUS_DISABLED = 3; |
| 28 | protected const LOGIN_STATUS_DATAS = array( |
| 29 | self::LOGIN_STATUS_SUCCESS => '成功', |
| 30 | self::LOGIN_STATUS_FAILED => '失敗', |
| 31 | self::LOGIN_STATUS_DISABLED => '無効', |
| 32 | ); |
| 33 | |
| 34 | protected const METHOD_PAGE = 1; |
| 35 | protected const METHOD_XMLRPC = 2; |
| 36 | protected const METHODS = array( |
| 37 | self::METHOD_PAGE => 'ログインページ', |
| 38 | self::METHOD_XMLRPC => 'XML-RPC', |
| 39 | ); |
| 40 | protected $info; |
| 41 | |
| 42 | function __construct( array $info ) { |
| 43 | $this->info = $info; |
| 44 | } |
| 45 | |
| 46 | /** |
| 47 | * エラーログ出力 |
| 48 | * |
| 49 | * @param string $msg |
| 50 | * @param string $tag |
| 51 | * @return bool |
| 52 | */ |
| 53 | protected function error_log( string $msg, string $tag = '' ): bool { |
| 54 | $file_path = $this->info['plugin_path'] . 'log/' . date_i18n( 'Ymd_' ) . 'error.log'; |
| 55 | |
| 56 | if ( '' !== $tag ) { |
| 57 | $tag = '[' . $tag . '] '; |
| 58 | } else { |
| 59 | $tag = ' '; |
| 60 | } |
| 61 | |
| 62 | $msg = str_replace( array( "\r\n", "\r", "\n" ), ' ', $msg ); |
| 63 | if ( false === file_put_contents( $file_path, '[' . date_i18n( 'His' ) . ']' . $tag . $msg . "\n", FILE_APPEND | LOCK_EX ) ) { |
| 64 | return false; |
| 65 | } |
| 66 | return true; |
| 67 | } |
| 68 | |
| 69 | /** |
| 70 | * WP cron 有効判定 |
| 71 | * |
| 72 | * @return bool |
| 73 | */ |
| 74 | protected function cron_enabled(): bool { |
| 75 | if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) { |
| 76 | return false; |
| 77 | } |
| 78 | return true; |
| 79 | } |
| 80 | |
| 81 | /** |
| 82 | * WP mail 送信 |
| 83 | * |
| 84 | * @param string $to |
| 85 | * @param string $subject |
| 86 | * @param string $body |
| 87 | * @return bool |
| 88 | */ |
| 89 | public function wp_send_mail( string $to, string $subject, string $body ): bool { |
| 90 | $subject = '【' . get_option( 'blogname' ) . '】 ' . $subject . '|CloudSecure WP Security'; |
| 91 | |
| 92 | if ( @wp_mail( $to, $subject, $body ) ) { |
| 93 | return true; |
| 94 | } |
| 95 | return false; |
| 96 | } |
| 97 | |
| 98 | /** |
| 99 | * クライアントIP取得 |
| 100 | * |
| 101 | * @return string |
| 102 | */ |
| 103 | public function get_client_ip(): string { |
| 104 | return sanitize_text_field( $_SERVER['REMOTE_ADDR'] ?? '' ); |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * 競合プラグイン有効判定 |
| 109 | * |
| 110 | * @return string |
| 111 | */ |
| 112 | protected function get_conflict_plugin_name(): string { |
| 113 | $plugins = self::CONFLICT_PLUGINS; |
| 114 | $ret = ''; |
| 115 | |
| 116 | foreach ( $plugins as $plugin_row ) { |
| 117 | if ( is_plugin_active( $plugin_row['path'] ) ) { |
| 118 | $ret = $plugin_row['name']; |
| 119 | break; |
| 120 | } |
| 121 | } |
| 122 | |
| 123 | return $ret; |
| 124 | } |
| 125 | |
| 126 | /** |
| 127 | * 管理� |
| 128 | のユーザー� |
| 129 | 報� |
| 130 | �件取得 |
| 131 | */ |
| 132 | public function get_admin_users(): array { |
| 133 | $args = array( |
| 134 | 'role' => 'administrator', |
| 135 | 'fields' => 'all', |
| 136 | ); |
| 137 | |
| 138 | return get_users( $args ); |
| 139 | } |
| 140 | |
| 141 | /** |
| 142 | * � |
| 143 | �列からテキストに変換 |
| 144 | * |
| 145 | * @param array $array |
| 146 | * @return string |
| 147 | */ |
| 148 | public function array2Text( array $array ): string { |
| 149 | return implode( "\n", $array ); |
| 150 | } |
| 151 | |
| 152 | /** |
| 153 | * 動作環境チェック |
| 154 | * |
| 155 | * @return bool |
| 156 | */ |
| 157 | public function check_environment(): bool { |
| 158 | if ( ! is_multisite() ) { |
| 159 | if ( '' === $this->get_conflict_plugin_name() ) { |
| 160 | return true; |
| 161 | } |
| 162 | } |
| 163 | |
| 164 | return false; |
| 165 | } |
| 166 | |
| 167 | /** |
| 168 | * 機能OFF 管理画面に通知表示 |
| 169 | */ |
| 170 | public function prepare_admin_notices( $key_feature, $feature ) { |
| 171 | if ( ! current_user_can( 'administrator' ) ) { |
| 172 | return; |
| 173 | } |
| 174 | |
| 175 | ?> |
| 176 | <div class="notice notice-error is-dismissible"> |
| 177 | <p><strong>【CloudSecure WP Security】</strong></p> |
| 178 | <p>.htaccessファイルに変更が加えられたため、一時的に<strong><?php echo esc_html( $feature ); ?>機能</strong>を無効にしました。</p> |
| 179 | <p>再度有効にする場合は、<a href="<?php echo esc_url( admin_url( 'admin.php?page=cloudsecurewp_' . $key_feature ) ); ?>">設定画面</a>から機能を有効にしてください。</p> |
| 180 | </div> |
| 181 | <?php |
| 182 | } |
| 183 | |
| 184 | |
| 185 | /** |
| 186 | * USERAGENT 取得 |
| 187 | * |
| 188 | * @return string |
| 189 | */ |
| 190 | public function get_http_user_agent(): string { |
| 191 | return sanitize_text_field( $_SERVER['HTTP_USER_AGENT'] ?? '' ); |
| 192 | } |
| 193 | |
| 194 | /** |
| 195 | * HTTP_REFERER 取得 |
| 196 | * |
| 197 | * @return string |
| 198 | */ |
| 199 | public function get_http_referer(): string { |
| 200 | return sanitize_url( $_SERVER['HTTP_REFERER'] ?? '' ); |
| 201 | } |
| 202 | |
| 203 | /** |
| 204 | * クエリ文字列部分を除いた REQUEST_URI 取得 |
| 205 | * |
| 206 | * @return string |
| 207 | */ |
| 208 | public function get_request_uri(): string { |
| 209 | $request_uri = ''; |
| 210 | if ( ! empty( $_SERVER['REQUEST_URI'] ) ) { |
| 211 | if ( ! empty( $_SERVER['QUERY_STRING'] ) ) { |
| 212 | $request_uri = str_replace( '?' . $_SERVER['QUERY_STRING'], '', $_SERVER['REQUEST_URI'] ); |
| 213 | } else { |
| 214 | $request_uri = $_SERVER['REQUEST_URI']; |
| 215 | } |
| 216 | |
| 217 | if ( false === $request_uri ) { |
| 218 | $request_uri = ''; |
| 219 | } |
| 220 | } |
| 221 | |
| 222 | return $request_uri; |
| 223 | } |
| 224 | |
| 225 | /** |
| 226 | * REQAUEST_HEADER 取得 |
| 227 | * |
| 228 | * @return array |
| 229 | */ |
| 230 | public function get_http_request_headers(): array { |
| 231 | $request_headers = array(); |
| 232 | |
| 233 | if ( ! empty( $_SERVER ) ) { |
| 234 | foreach ( $_SERVER as $key => $value ) { |
| 235 | if ( substr( $key, 0, 5 ) === 'HTTP_' ) { |
| 236 | $request_headers[ ucwords( str_replace( '_', '-', strtolower( substr( $key, 5 ) ) ), '-' ) ] = $value; |
| 237 | } |
| 238 | } |
| 239 | |
| 240 | if ( isset( $_SERVER['CONTENT_TYPE'] ) ) { |
| 241 | $request_headers['Content-Type'] = $_SERVER['CONTENT_TYPE']; |
| 242 | } |
| 243 | } |
| 244 | |
| 245 | return $request_headers; |
| 246 | } |
| 247 | |
| 248 | /** |
| 249 | * 年月日取得 |
| 250 | * |
| 251 | * @param string $delimiter |
| 252 | * @return string |
| 253 | */ |
| 254 | public function get_date( string $delimiter = '/' ): string { |
| 255 | return date_i18n( "Y{$delimiter}m{$delimiter}d" ); |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * 時分秒取得 |
| 260 | * |
| 261 | * @return string |
| 262 | */ |
| 263 | public function get_time(): string { |
| 264 | return date_i18n( 'H:i:s' ); |
| 265 | } |
| 266 | |
| 267 | /** |
| 268 | * ログインステータス� |
| 269 | 報取得 |
| 270 | */ |
| 271 | public function get_login_status_datas(): array { |
| 272 | return self::LOGIN_STATUS_DATAS; |
| 273 | } |
| 274 | |
| 275 | /** |
| 276 | * 404 |
| 277 | */ |
| 278 | public function page404(): void { |
| 279 | $page = get_404_template(); |
| 280 | |
| 281 | if ( '' !== $page ) { |
| 282 | global $wp_query; |
| 283 | |
| 284 | status_header( 404 ); |
| 285 | nocache_headers(); |
| 286 | $wp_query->set_404(); |
| 287 | include $page; |
| 288 | |
| 289 | } else { |
| 290 | wp_safe_redirect( home_url( self::PAGE_404 ) ); |
| 291 | } |
| 292 | |
| 293 | exit; |
| 294 | } |
| 295 | |
| 296 | /** |
| 297 | * 403 |
| 298 | */ |
| 299 | public function page403(): void { |
| 300 | status_header( 403, 'Forbidden' ); |
| 301 | nocache_headers(); |
| 302 | exit; |
| 303 | } |
| 304 | } |
| 305 |