rlrsssl-really-simple-ssl.php — Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.5.11

really-simple-ssl / rlrsssl-really-simple-ssl.php

really-simple-ssl Last commit date

rlrsssl-really-simple-ssl.php

327 lines

1	<?php
2	/**
3	* Plugin Name: Really Simple Security
4	* Plugin URI: https://really-simple-ssl.com
5	* Description: Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.
6	* Version: 9.5.11
7	* Requires at least: 6.6
8	* Requires PHP: 7.4
9	* Author: Really Simple Security
10	* Author URI: https://really-simple-ssl.com/about-us
11	* License: GPL2
12	* Text Domain: really-simple-ssl
13	* Domain Path: /languages
14	* Network: true
15	*/
16	/* Copyright 2023 Really Simple Plugins BV (email : support@really-simple-ssl.com)
17	This program is free software; you can redistribute it and/or modify
18	it under the terms of the GNU General Public License, version 2, as
19	published by the Free Software Foundation.
20	This program is distributed in the hope that it will be useful,
21	but WITHOUT ANY WARRANTY; without even the implied warranty of
22	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23	GNU General Public License for more details.
24	You should have received a copy of the GNU General Public License
25	along with this program; if not, write to the Free Software
26	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27	*/
28
29	defined('ABSPATH') or die("you do not have access to this page!");
30
31	if ( ! defined( 'rsssl_file' ) ) {
32	define( 'rsssl_file', __FILE__ );
33	}
34
35	if ( ! defined( 'rsssl_plugin' ) ) {
36	define('rsssl_plugin', plugin_basename(__FILE__));
37	}
38
39	if (!function_exists('rsssl_activation_check')) {
40	function rsssl_activation_check()
41	{
42	update_option('rsssl_activation', true, false );
43	update_option('rsssl_show_onboarding', true, false );
44	update_option('rsssl_redirect_to_settings_page', true, HOUR_IN_SECONDS );
45	}
46	register_activation_hook( __FILE__, 'rsssl_activation_check' );
47	}
48
49	if ( class_exists('REALLY_SIMPLE_SSL') ) {
50	// Normally we can assume the function exists as class REALLY_SIMPLE_SSL
51	// also exists. But as this function is new we should be extra sure.
52	if (!function_exists('rsssl_deactivate_alternate')) {
53	$rsssl_path = trailingslashit( plugin_dir_path( __FILE__ ) );
54	require_once $rsssl_path . 'functions.php';
55	}
56
57	rsssl_deactivate_alternate('pro');
58	} else {
59	class REALLY_SIMPLE_SSL {
60
61	private static $instance;
62	public $front_end;
63	public $mixed_content_fixer;
64	public $multisite;
65	public $cache;
66	public $server;
67	public $admin;
68	public $progress;
69	public $onboarding;
70	public $placeholder;
71	public $certificate;
72	public $wp_cli;
73	public $mailer_admin;
74	public $site_health;
75	public $vulnerabilities;
76	public $settingsConfigService;
77
78	private function __construct()
79	{
80	if (isset($_GET['rsssl_apitoken']) && $_GET['rsssl_apitoken'] == get_option('rsssl_csp_report_token') ) {
81	if ( !defined('RSSSL_LEARNING_MODE') ) define( 'RSSSL_LEARNING_MODE' , true );
82	}
83	}
84
85	public static function instance()
86	{
87	if (!isset(self::$instance) && !(self::$instance instanceof REALLY_SIMPLE_SSL)) {
88	self::$instance = new REALLY_SIMPLE_SSL;
89	self::$instance->setup_constants();
90	self::$instance->includes();
91	self::$instance->front_end = new rsssl_front_end();
92	self::$instance->mixed_content_fixer = new rsssl_mixed_content_fixer();
93
94	if ( is_multisite() ) {
95	self::$instance->multisite = new rsssl_multisite();
96	}
97	if ( rsssl_admin_logged_in() ) {
98	self::$instance->cache = new rsssl_cache();
99	self::$instance->placeholder = new rsssl_placeholder();
100	self::$instance->server = new rsssl_server();
101	self::$instance->admin = new rsssl_admin();
102	self::$instance->mailer_admin = new rsssl_mailer_admin();
103	self::$instance->progress = new rsssl_progress();
104	self::$instance->certificate = new rsssl_certificate();
105	self::$instance->site_health = new rsssl_site_health();
106
107	if (class_exists('\ReallySimplePlugins\RSS\Core\Services\SettingsConfigService')) {
108	self::$instance->settingsConfigService = new \ReallySimplePlugins\RSS\Core\Services\SettingsConfigService();
109	}
110
111	if ( defined( 'WP_CLI' ) && WP_CLI ) {
112	self::$instance->wp_cli = new rsssl_wp_cli();
113	}
114	}
115	self::$instance->hooks();
116	}
117	return self::$instance;
118	}
119
120	private function setup_constants()
121	{
122	define('rsssl_url', plugin_dir_url(__FILE__));
123	define('rsssl_path', trailingslashit(plugin_dir_path(__FILE__)));
124	define('rsssl_template_path', trailingslashit(plugin_dir_path(__FILE__)).'grid/templates/');
125	define('rsssl_version', '9.5.11');
126	define('rsssl_le_cron_generation_renewal_check', 20);
127	define('rsssl_le_manual_generation_renewal_check', 15);
128	}
129	private function includes()
130	{
131	require_once(rsssl_path . 'class-front-end.php');
132	require_once(rsssl_path . 'functions.php');
133	require_once(rsssl_path . 'class-mixed-content-fixer.php');
134	if ( defined( 'WP_CLI' ) && WP_CLI ) {
135	require_once( rsssl_path . 'class-wp-cli.php');
136	}
137	if ( is_multisite() ) {
138	require_once( rsssl_path . 'class-multisite.php');
139	}
140	if ( rsssl_admin_logged_in() ) {
141	require_once( rsssl_path . 'compatibility.php');
142	require_once( rsssl_path . 'upgrade.php');
143	require_once( rsssl_path . 'settings/settings.php' );
144	require_once( rsssl_path . 'modal/modal.php' );
145	require_once( rsssl_path . 'placeholders/class-placeholder.php' );
146	require_once( rsssl_path . 'class-admin.php');
147	require_once( rsssl_path . 'mailer/class-mail-admin.php');
148	require_once( rsssl_path . 'class-cache.php');
149	require_once( rsssl_path . 'class-server.php');
150	require_once( rsssl_path . 'progress/class-progress.php');
151	require_once( rsssl_path . 'class-certificate.php');
152	require_once( rsssl_path . 'class-site-health.php');
153	require_once( rsssl_path . 'mailer/class-mail.php');
154	require_once( rsssl_path . 'lets-encrypt/letsencrypt.php' );
155	if ( isset($_GET['install_pro'])) {
156	require_once( rsssl_path . 'upgrade/upgrade-to-pro.php');
157	}
158	}
159
160	require_once( rsssl_path . 'lets-encrypt/cron.php' );
161	require_once( rsssl_path . '/security/security.php');
162	require_once( rsssl_path . '/rsssl-auto-loader.php' );
163	}
164
165	private function hooks()
166	{
167	/**
168	* Fire custom hook
169	*/
170	if ( rsssl_admin_logged_in() ) {
171	add_action('admin_notices', array( $this, 'admin_notices'));
172	if ( is_multisite() ) {
173	add_action('network_admin_notices', array( $this, 'admin_notices'));
174	}
175	}
176
177	add_action('wp_loaded', array(self::$instance->front_end, 'force_ssl'), 20);
178	if ( rsssl_admin_logged_in() ) {
179	add_action('plugins_loaded', array(self::$instance->admin, 'init'), 10);
180	}
181	}
182
183	/**
184	* Notice about possible compatibility issues with add ons
185	*/
186	public static function admin_notices() {
187	//prevent showing on edit screen, as gutenberg removes the class which makes it editable.
188	$screen = get_current_screen();
189	if ( $screen && $screen->base === 'post' ) return;
190	if ( self::has_old_addon('really-simple-ssl-pro/really-simple-ssl-pro.php') \|\|
191	self::has_old_addon('really-simple-ssl-pro-multisite/really-simple-ssl-pro-multisite.php' )
192	) {
193	?>
194	<div id="message" class="error notice really-simple-plugins">
195	<p><?php echo __("Update Really Simple SSL Pro: the plugin needs to be updated to the latest version to be compatible.","really-simple-ssl");?></p>
196	<p>
197	<?php printf(__("Visit the plugins overview or %srenew your license%s.","really-simple-ssl"),'<a href="https://really-simple-ssl.com/pro/?mtm_campaign=renew&mtm_source=free&mtm_content=upgrade" target="_blank" rel="noopener noreferrer">','</a>'); ?>
198	</p>
199	</div>
200	<?php
201	}
202	}
203
204	/**
205	* Check if we have a pre 4.0 add on active which should be upgraded
206	* @param $file
207	*
208	* @return bool
209	*/
210
211	public static function has_old_addon($file) {
212	require_once(ABSPATH.'wp-admin/includes/plugin.php');
213	$data = false;
214	if ( is_plugin_active($file)) $data = get_plugin_data( trailingslashit(WP_PLUGIN_DIR) . $file, false, false );
215	if ($data && version_compare($data['Version'], '7.0.6', '<')) {
216	return true;
217	}
218
219	if ($data && $data['Name']==='Really Simple SSL social' && version_compare($data['Version'], '4.0.8', '<')) {
220	return true;
221	}
222	return false;
223	}
224	}
225	}
226
227	if ( !defined('RSSSL_DEACTIVATING_ALTERNATE')
228	&& !function_exists('RSSSL')
229	) {
230	function RSSSL() {
231	return REALLY_SIMPLE_SSL::instance();
232	}
233	add_action('plugins_loaded', 'RSSSL', 8);
234
235	require_once __DIR__ . '/functions.php';
236
237	if (file_exists(__DIR__ . '/core/really-simple-security-core.php')) {
238	require_once __DIR__ . '/core/really-simple-security-core.php';
239	}
240	}
241
242	if ( ! function_exists('rsssl_add_manage_security_capability')){
243	/**
244	* Add a user capability to WordPress and add to admin and editor role
245	*/
246	function rsssl_add_manage_security_capability(){
247	$role = get_role( 'administrator' );
248	if( $role && !$role->has_cap( 'manage_security' ) ){
249	$role->add_cap( 'manage_security' );
250	}
251	}
252
253	register_activation_hook( __FILE__, 'rsssl_add_manage_security_capability' );
254	}
255
256	if ( ! function_exists( 'rsssl_user_can_manage' ) ) {
257	/**
258	* Check if user has required capability
259	* @return bool
260	*/
261	function rsssl_user_can_manage() {
262	if ( current_user_can('manage_security') ) {
263	return true;
264	}
265
266	#allow wp-cli access to activate ssl
267	if ( defined( 'WP_CLI' ) && WP_CLI ){
268	return true;
269	}
270	return false;
271	}
272	}
273
274	if ( !function_exists('rsssl_admin_logged_in')){
275	function rsssl_admin_logged_in(){
276	$wpcli = defined( 'WP_CLI' ) && WP_CLI;
277	return (is_admin() && rsssl_user_can_manage()) \|\| rsssl_is_logged_in_rest() \|\| wp_doing_cron() \|\| $wpcli \|\| defined('RSSSL_DOING_SYSTEM_STATUS') \|\| defined('RSSSL_LEARNING_MODE');
278	}
279	}
280
281
282
283	if ( ! function_exists( 'rsssl_is_logged_in_rest' ) ) {
284	function rsssl_is_logged_in_rest() {
285	// Check if the request URI is valid
286	if (!isset($_SERVER['REQUEST_URI'])) {
287	return false;
288	}
289
290	$request_uri = $_SERVER['REQUEST_URI'];
291
292	// Check for a direct REST API path
293	if (strpos($request_uri, '/really-simple-security/v1/') !== false) {
294	return is_user_logged_in();
295	}
296
297	// Check for rest_route parameter with really-simple-security (plain permalinks)
298	if (strpos($request_uri, 'rest_route=') !== false &&
299	strpos($request_uri, 'really-simple-security') !== false) {
300	return is_user_logged_in();
301	}
302
303	return false;
304	}
305	}
306
307	if ( ! function_exists( 'rsssl_maybe_activate_recommended_features_extendify' ) ) {
308	function rsssl_maybe_activate_recommended_features_extendify() {
309	if ( get_option( 'rsssl_activated_recommended_features_extendify' ) \|\| ! defined( 'EXTENDIFY_PARTNER_ID' ) \|\| defined( 'rsssl_pro' ) ) {
310	return;
311	}
312
313	try {
314	RSSSL()->admin->activate_recommended_features();
315	} catch ( Exception $e ) {
316	if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
317	error_log( 'Really Simple Security: recommended features activation failed: ' . $e->getMessage() );
318	return;
319	}
320	}
321
322	update_option( 'rsssl_activated_recommended_features_extendify', true );
323	}
324
325	add_action( 'admin_init', 'rsssl_maybe_activate_recommended_features_extendify', 99 );
326	}
327