PluginProbe ʕ •ᴥ•ʔ
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) / 9.5.0.1
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) v9.5.0.1
9.5.11 9.5.10.1 9.5.10 trunk 9.4.0 9.4.1 9.4.2 9.4.3 9.5.0 9.5.0.1 9.5.0.2 9.5.1 9.5.2 9.5.2.2 9.5.2.3 9.5.3 9.5.3.1 9.5.3.2 9.5.4 9.5.5 9.5.6 9.5.7 9.5.8 9.5.9
really-simple-ssl / security / integrations.php
really-simple-ssl / security Last commit date
includes 1 year ago server 9 months ago tests 1 year ago wordpress 9 months ago class-rsssl-htaccess-file-manager.php 9 months ago cron.php 1 year ago deactivate-integration.php 3 years ago firewall-manager.php 9 months ago functions.php 9 months ago hardening.php 1 year ago index.php 2 years ago integrations.php 1 year ago notices.php 1 year ago security.php 9 months ago sync-settings.php 1 year ago tests.php 1 year ago
integrations.php
177 lines
1 <?php
2 defined( 'ABSPATH' ) or die();
3 global $rsssl_integrations_list;
4 $rsssl_integrations_list = apply_filters( 'rsssl_integrations', array(
5 'user-registration' => array(
6 'folder' => 'wordpress',
7 'option_id' => 'disable_anyone_can_register',
8 ),
9
10 'file-editing' => array(
11 'folder' => 'wordpress',
12 'option_id' => 'disable_file_editing',
13 ),
14
15 'hide-wp-version' => array(
16 'folder' => 'wordpress',
17 'option_id' => 'hide_wordpress_version',
18 ),
19
20 'user-enumeration' => array(
21 'folder' => 'wordpress',
22 'option_id' => 'disable_user_enumeration',
23 ),
24
25 'block-code-execution-uploads' => array(
26 'folder' => 'wordpress',
27 'impact' => 'medium',
28 'risk' => 'low',
29 'option_id' => 'block_code_execution_uploads',
30 ),
31
32 'prevent-login-info-leakage' => array(
33 'folder' => 'wordpress',
34 'option_id' => 'disable_login_feedback',
35 ),
36 'disable-indexing' => array(
37 'folder' => 'server',
38 'option_id' => 'disable_indexing',
39 'has_deactivation' => true,
40 ),
41
42 'rename-admin-user' => array(
43 'folder' => 'wordpress',
44 'option_id' => 'rename_admin_user',
45 ),
46 'display-name-is-login-name' => array(
47 'folder' => 'wordpress',
48 'option_id' => 'block_display_is_login',
49 ),
50
51 'disable-xmlrpc' => array(
52 'folder' => 'wordpress',
53 'option_id' => 'disable_xmlrpc',
54 'always_include' => false,
55 ),
56 'vulnerabilities' => array(
57 'folder' => 'wordpress',
58 'option_id' => 'enable_vulnerability_scanner',
59 'admin_only' => true,
60 ),
61 'class-rsssl-two-factor' => array(
62 'folder' => 'wordpress/two-fa',
63 'option_id' => 'login_protection_enabled',
64 'always_include' => false,
65 ),
66 ) );
67
68 /**
69 * Check if this plugin's integration is enabled
70 * @param string $plugin
71 * @param array $details
72 *
73 * @return bool
74 */
75 if ( ! function_exists('rsssl_is_integration_enabled') ) {
76 function rsssl_is_integration_enabled( $plugin, $details ) {
77 global $rsssl_integrations_list;
78 if ( ! array_key_exists( $plugin, $rsssl_integrations_list ) ) {
79 return false;
80 }
81 if ( $details['always_include'] ) {
82 return true;
83 }
84
85 //if an integration was just enabled, we keep it enabled until it removes itself from the list.
86 //only for admin users
87 if ( rsssl_is_in_deactivation_list( $plugin ) ) {
88 return true;
89 }
90
91 $field_id = $details['option_id'] ?? false;
92 if ( ! $field_id ) {
93 return false;
94 }
95
96 $field_value = $details['option_value'] ?? false;
97 $stored_value = rsssl_get_option( $field_id );
98 if ( $field_value ) {
99 $invert = false;
100 $condition_met = false;
101 if (strpos($field_value, 'NOT') === 0) {
102 $invert = true;
103 $field_value = str_replace( 'NOT ', '', $field_value);
104 }
105 if ( $stored_value === $field_value ) {
106 $condition_met = true;
107 }
108 if ( $invert ) {
109 $condition_met = !$condition_met;
110 }
111 return $condition_met;
112 } else if ( $stored_value ) {
113 return true;
114 }
115
116 return false;
117 }
118 }
119 /**
120 * code loaded without privileges to allow integrations between plugins and services, when enabled.
121 */
122 if ( ! function_exists('rsssl_integrations') ) {
123 function rsssl_integrations() {
124
125 $safe_mode = defined( 'RSSSL_SAFE_MODE' ) && RSSSL_SAFE_MODE;
126
127 global $rsssl_integrations_list;
128 foreach ( $rsssl_integrations_list as $plugin => $details ) {
129 $details = wp_parse_args( $details,
130 [
131 'option_id' => false,
132 'always_include' => false,
133 'folder' => false,
134 'admin_only' => false,
135 'is_pro' => false,
136 ]
137 );
138
139 if ( $details['admin_only'] && ! rsssl_admin_logged_in() ) {
140 continue;
141 }
142
143 if ( rsssl_is_integration_enabled( $plugin, $details ) ) {
144 $path = apply_filters( 'rsssl_integrations_path', rsssl_path, $plugin, $details );
145
146 $file = $path . 'security/' . $details['folder'] . "/" . $plugin . '.php';
147 if ( ! file_exists( $file ) && $safe_mode ) {
148 continue;
149 }
150 require_once( $file );
151 }
152 }
153 }
154 }
155 add_action( 'plugins_loaded', 'rsssl_integrations', 10 );
156 add_action( 'rsssl_after_saved_fields', 'rsssl_integrations', 20 );
157
158 /**
159 * Check if a plugin is on the deactivation list
160 *
161 * @param string $plugin
162 *
163 * @return bool
164 */
165 if ( ! function_exists('rsssl_is_in_deactivation_list') ) {
166 function rsssl_is_in_deactivation_list( string $plugin ): bool {
167 if ( ! is_admin() || ! is_user_logged_in() ) {
168 return false;
169 }
170
171 if ( ! is_array( get_option( 'rsssl_deactivate_list', [] ) ) ) {
172 delete_option( 'rsssl_deactivate_list' );
173 }
174
175 return in_array( $plugin, get_option( 'rsssl_deactivate_list', [] ) );
176 }
177 }