includes
1 year ago
server
9 months ago
tests
1 year ago
wordpress
9 months ago
class-rsssl-htaccess-file-manager.php
9 months ago
cron.php
1 year ago
deactivate-integration.php
3 years ago
firewall-manager.php
9 months ago
functions.php
9 months ago
hardening.php
1 year ago
index.php
2 years ago
integrations.php
1 year ago
notices.php
1 year ago
security.php
9 months ago
sync-settings.php
1 year ago
tests.php
1 year ago
hardening.php
89 lines
| 1 | <?php |
| 2 | defined('ABSPATH') or die(); |
| 3 | class rsssl_hardening { |
| 4 | private static $_this; |
| 5 | public $risk_naming; |
| 6 | function __construct() |
| 7 | { |
| 8 | if (isset(self::$_this)) |
| 9 | wp_die(sprintf(__('%s is a singleton class and you cannot create a second instance.', 'really-simple-ssl'), get_class($this))); |
| 10 | add_filter( 'rsssl_do_action', array($this, 'hardening_data'), 10, 3 ); |
| 11 | |
| 12 | add_action("admin_init", array($this, "load_translations")); |
| 13 | self::$_this = $this; |
| 14 | } |
| 15 | |
| 16 | public function load_translations(){ |
| 17 | $this->risk_naming = [ |
| 18 | 'l' => __('low-risk', 'really-simple-ssl'), |
| 19 | 'm' => __('medium-risk', 'really-simple-ssl'), |
| 20 | 'h' => __('high-risk', 'really-simple-ssl'), |
| 21 | 'c' => __('critical', 'really-simple-ssl'), |
| 22 | ]; |
| 23 | } |
| 24 | |
| 25 | function hardening_data( array $response, string $action, $data ): array { |
| 26 | if ( ! rsssl_user_can_manage() ) { |
| 27 | return $response; |
| 28 | } |
| 29 | if ($action === 'hardening_data') { |
| 30 | $response = $this->get_stats( $data ); |
| 31 | } |
| 32 | |
| 33 | return $response; |
| 34 | } |
| 35 | |
| 36 | static function this() |
| 37 | { |
| 38 | return self::$_this; |
| 39 | } |
| 40 | |
| 41 | /* Public Section 2: DataGathering */ |
| 42 | |
| 43 | /** |
| 44 | * @param $data |
| 45 | * |
| 46 | * @return array |
| 47 | */ |
| 48 | public function get_stats($data): array |
| 49 | { |
| 50 | if ( ! rsssl_user_can_manage() ) { |
| 51 | return []; |
| 52 | } |
| 53 | |
| 54 | $vulEnabled = rsssl_get_option('enable_vulnerability_scanner'); |
| 55 | //now we fetch all plugins that have an update available. |
| 56 | |
| 57 | $stats = [ |
| 58 | 'updates' => $this->getAllUpdatesCount(), |
| 59 | 'lastChecked' => time(), |
| 60 | 'riskNaming' => $this->risk_naming, |
| 61 | 'vulEnabled' => $vulEnabled, |
| 62 | ]; |
| 63 | |
| 64 | $repsonse = [ |
| 65 | "request_success" => true, |
| 66 | 'data' => apply_filters('rsssl_vulnerability_data', $stats), |
| 67 | ]; |
| 68 | return $repsonse; |
| 69 | } |
| 70 | |
| 71 | /** |
| 72 | * Gets the count of all available updates for core, plugins, and themes. |
| 73 | * |
| 74 | * @return int The count of all available updates. |
| 75 | */ |
| 76 | public function getAllUpdatesCount(): int |
| 77 | { |
| 78 | $updatesData = wp_get_update_data(); |
| 79 | // Checks if the 'counts' key exists in the array and it's an array itself. |
| 80 | if (isset($updatesData['counts']) && is_array($updatesData['counts'])) { |
| 81 | //we only want core, plugins and themes. |
| 82 | $updatesCounts = array_slice($updatesData['counts'], 0, 3); |
| 83 | return array_sum($updatesCounts); |
| 84 | } |
| 85 | // Fallback return in case there's no 'counts' key or it's not an array. |
| 86 | return 0; |
| 87 | } |
| 88 | } |
| 89 |