siteguard-admin-filter.php
3 years ago
siteguard-base.php
3 years ago
siteguard-captcha.php
3 years ago
siteguard-config.php
3 years ago
siteguard-disable-author-query.php
3 years ago
siteguard-disable-pingback.php
3 years ago
siteguard-disable-xmlrpc.php
3 years ago
siteguard-htaccess.php
3 years ago
siteguard-login-alert.php
3 years ago
siteguard-login-history.php
3 years ago
siteguard-login-lock.php
3 years ago
siteguard-rename-login.php
2 years ago
siteguard-updates-notify.php
3 years ago
siteguard-waf-exclude-rule.php
3 years ago
siteguard-htaccess.php
278 lines
| 1 | <?php |
| 2 | |
| 3 | class SiteGuard_Htaccess extends SiteGuard_Base { |
| 4 | const HTACCESS_PERMISSION = 0604; |
| 5 | const HTACCESS_MARK_START = '#SITEGUARD_PLUGIN_SETTINGS_START'; |
| 6 | const HTACCESS_MARK_END = '#SITEGUARD_PLUGIN_SETTINGS_END'; |
| 7 | |
| 8 | function __construct() { |
| 9 | } |
| 10 | static function get_htaccess_file() { |
| 11 | return ABSPATH . '.htaccess'; |
| 12 | } |
| 13 | static function get_tmp_dir() { |
| 14 | return SITEGUARD_PATH . 'tmp/'; |
| 15 | } |
| 16 | static function test_htaccess() { |
| 17 | return true; |
| 18 | // $result = wp_remote_get( SITEGUARD_URL_PATH . 'test/siteguard-test.php' ); |
| 19 | // if ( ! is_wp_error( $result ) && 200 === $result['response']['code'] ) { |
| 20 | // return true; |
| 21 | // } |
| 22 | // return false; |
| 23 | } |
| 24 | static function get_htaccess_new_file() { |
| 25 | return tempnam( self::get_tmp_dir(), 'htaccess_' ); |
| 26 | } |
| 27 | static function make_tmp_dir() { |
| 28 | $dir = self::get_tmp_dir(); |
| 29 | if ( ! wp_mkdir_p( $dir ) ) { |
| 30 | siteguard_error_log( "make tempdir failed: $dir" ); |
| 31 | return false; |
| 32 | } |
| 33 | $htaccess_file = $dir . '.htaccess'; |
| 34 | |
| 35 | if ( file_exists( $htaccess_file ) ) { |
| 36 | $lines = file( $htaccess_file ); |
| 37 | $res = preg_grep( '/IfModule authz_core_module/', $lines ); |
| 38 | if ( ! empty( $res ) ) { |
| 39 | return true; |
| 40 | } |
| 41 | } |
| 42 | |
| 43 | if ( $handle = @fopen( $htaccess_file, 'w' ) ) { |
| 44 | fwrite( $handle, '<IfModule authz_core_module>' . "\n" ); |
| 45 | fwrite( $handle, ' Require all denied' . "\n" ); |
| 46 | fwrite( $handle, '</IfModule>' . "\n" ); |
| 47 | fwrite( $handle, '<IfModule !authz_core_module>' . "\n" ); |
| 48 | fwrite( $handle, ' Order deny,allow' . "\n" ); |
| 49 | fwrite( $handle, ' Deny from all' . "\n" ); |
| 50 | fwrite( $handle, '</IfModule>' . "\n" ); |
| 51 | fclose( $handle ); |
| 52 | } |
| 53 | |
| 54 | return true; |
| 55 | } |
| 56 | static function is_exists_setting( $mark ) { |
| 57 | $result = false; |
| 58 | if ( '' === $mark ) { |
| 59 | $mark_start = self::HTACCESS_MARK_START; |
| 60 | $mark_end = self::HTACCESS_MARK_END; |
| 61 | } else { |
| 62 | $mark_start = $mark . '_START'; |
| 63 | $mark_end = $mark . '_END'; |
| 64 | } |
| 65 | $current_file = self::get_htaccess_file(); |
| 66 | if ( ! file_exists( $current_file ) ) { |
| 67 | return $result; |
| 68 | } |
| 69 | $fr = @fopen( $current_file, 'r' ); |
| 70 | if ( null === $fr ) { |
| 71 | return $result; |
| 72 | } |
| 73 | $line_num = 0; |
| 74 | $start_line = 0; |
| 75 | $end_line = 0; |
| 76 | while ( ! feof( $fr ) ) { |
| 77 | $line = fgets( $fr, 4096 ); |
| 78 | $line_num++; |
| 79 | if ( false !== strpos( $line, $mark_start ) ) { |
| 80 | $start_line = $line_num; |
| 81 | } |
| 82 | if ( false !== strpos( $line, $mark_end ) ) { |
| 83 | $end_line = $line_num; |
| 84 | if ( $start_line > 0 && ( $end_line - $start_line ) > 1 ) { |
| 85 | $result = true; |
| 86 | } |
| 87 | break; |
| 88 | } |
| 89 | } |
| 90 | @fclose( $fr ); |
| 91 | |
| 92 | return $result; |
| 93 | } |
| 94 | static function check_permission( $flag_create = true ) { |
| 95 | $file = self::get_htaccess_file(); |
| 96 | if ( true === $flag_create ) { |
| 97 | self::get_apply_permission( $file ); |
| 98 | } |
| 99 | if ( ! is_readable( $file ) ) { |
| 100 | siteguard_error_log( "file not readable: $file" ); |
| 101 | return false; |
| 102 | } |
| 103 | if ( ! is_writable( $file ) ) { |
| 104 | siteguard_error_log( "file not writable: $file" ); |
| 105 | return false; |
| 106 | } |
| 107 | $path = pathinfo( $file, PATHINFO_DIRNAME ); |
| 108 | if ( ! is_writable( $path ) ) { |
| 109 | siteguard_error_log( 'directory not writable: ' . $path ); |
| 110 | return false; |
| 111 | } |
| 112 | return true; |
| 113 | } |
| 114 | static function get_apply_permission_itr( $file ) { |
| 115 | clearstatcache(); |
| 116 | $perm = intval( substr( sprintf( '%o', fileperms( $file ) ), -4 ), 8 ); |
| 117 | return $perm; |
| 118 | } |
| 119 | static function get_apply_permission( $file ) { |
| 120 | $perm = self::HTACCESS_PERMISSION; |
| 121 | if ( file_exists( $file ) ) { |
| 122 | $perm = self::get_apply_permission_itr( $file ); |
| 123 | } else { |
| 124 | @touch( $file ); |
| 125 | } |
| 126 | @chmod( $file, $perm ); |
| 127 | return $perm; |
| 128 | } |
| 129 | static function clear_settings( $mark ) { |
| 130 | if ( ! self::make_tmp_dir() ) { |
| 131 | return false; |
| 132 | } |
| 133 | if ( '' === $mark ) { |
| 134 | $mark_start = self::HTACCESS_MARK_START; |
| 135 | $mark_end = self::HTACCESS_MARK_END; |
| 136 | } else { |
| 137 | $mark_start = $mark . '_START'; |
| 138 | $mark_end = $mark . '_END'; |
| 139 | } |
| 140 | $flag_settings = false; |
| 141 | $current_file = self::get_htaccess_file(); |
| 142 | $perm = self::get_apply_permission( $current_file ); |
| 143 | if ( ! self::check_permission( false ) ) { |
| 144 | return false; |
| 145 | } |
| 146 | $fr = @fopen( $current_file, 'r' ); |
| 147 | if ( null === $fr ) { |
| 148 | siteguard_error_log( "fopen failed: $current_file" ); |
| 149 | return false; |
| 150 | } |
| 151 | $new_file = self::get_htaccess_new_file(); |
| 152 | $fw = @fopen( $new_file, 'w' ); |
| 153 | if ( null === $fw ) { |
| 154 | siteguard_error_log( "fopen failed: $new_file" ); |
| 155 | return false; |
| 156 | } |
| 157 | while ( ! feof( $fr ) ) { |
| 158 | $line = fgets( $fr, 4096 ); |
| 159 | if ( false !== strpos( $line, $mark_start ) ) { |
| 160 | $flag_settings = true; |
| 161 | } |
| 162 | if ( false === $flag_settings ) { |
| 163 | fputs( $fw, $line, 4096 ); |
| 164 | } |
| 165 | if ( true == $flag_settings && false !== strpos( $line, $mark_end ) ) { |
| 166 | $flag_settings = false; |
| 167 | } |
| 168 | } |
| 169 | fclose( $fr ); |
| 170 | fclose( $fw ); |
| 171 | @chmod( $new_file, $perm ); |
| 172 | if ( ! rename( $new_file, $current_file ) ) { |
| 173 | siteguard_error_log( "rename failed: $new_file $current_file" ); |
| 174 | return false; |
| 175 | } |
| 176 | return true; |
| 177 | } |
| 178 | function update_settings( $mark, $data ) { |
| 179 | if ( ! self::make_tmp_dir() ) { |
| 180 | return false; |
| 181 | } |
| 182 | $flag_write = false; |
| 183 | $flag_through = true; |
| 184 | $flag_wp = false; |
| 185 | $flag_wp_set = false; |
| 186 | $wp_settings = ''; |
| 187 | $mark_start = $mark . '_START'; |
| 188 | $mark_end = $mark . '_END'; |
| 189 | $mark_wp_start = '# BEGIN WordPress'; |
| 190 | $mark_wp_end = '# END WordPress'; |
| 191 | $current_file = self::get_htaccess_file(); |
| 192 | $perm = self::get_apply_permission( $current_file ); |
| 193 | if ( ! self::check_permission( false ) ) { |
| 194 | return false; |
| 195 | } |
| 196 | $fr = @fopen( $current_file, 'r' ); |
| 197 | if ( null === $fr ) { |
| 198 | siteguard_error_log( "fopen failed: $current_file" ); |
| 199 | return false; |
| 200 | } |
| 201 | $new_file = self::get_htaccess_new_file(); |
| 202 | if ( ! is_writable( $new_file ) ) { |
| 203 | siteguard_error_log( "file not writable: $new_file" ); |
| 204 | return false; |
| 205 | } |
| 206 | $fw = @fopen( $new_file, 'w' ); |
| 207 | if ( null === $fw ) { |
| 208 | siteguard_error_log( "fopen failed: $new_file" ); |
| 209 | return false; |
| 210 | } |
| 211 | while ( ! feof( $fr ) ) { |
| 212 | $line = fgets( $fr, 4096 ); |
| 213 | |
| 214 | // Save WordPress settings. |
| 215 | // WordPress settings has to be written after SiteGuard settings. |
| 216 | if ( false === $flag_write && false == $flag_wp_set && false !== strpos( $line, $mark_wp_start ) ) { |
| 217 | $flag_wp = true; |
| 218 | $flag_wp_set = true; |
| 219 | } |
| 220 | if ( $flag_wp_set ) { |
| 221 | $wp_settings .= $line; |
| 222 | if ( false !== strpos( $line, $mark_wp_end ) ) { |
| 223 | $flag_wp_set = false; |
| 224 | } |
| 225 | continue; |
| 226 | } |
| 227 | |
| 228 | if ( false !== strpos( $line, $mark_start ) ) { |
| 229 | fwrite( $fw, $line, strlen( $line ) ); |
| 230 | fwrite( $fw, $data, strlen( $data ) ); |
| 231 | $flag_write = true; |
| 232 | $flag_through = false; |
| 233 | continue; |
| 234 | } |
| 235 | if ( false === $flag_write && false !== strpos( $line, self::HTACCESS_MARK_END ) ) { |
| 236 | fwrite( $fw, $mark_start . "\n", strlen( $mark_start ) + 1 ); |
| 237 | fwrite( $fw, $data, strlen( $data ) ); |
| 238 | fwrite( $fw, $mark_end . "\n", strlen( $mark_end ) + 1 ); |
| 239 | $flag_write = true; |
| 240 | } |
| 241 | if ( false === $flag_through && false !== strpos( $line, $mark_end ) ) { |
| 242 | $flag_through = true; |
| 243 | } |
| 244 | if ( $flag_through ) { |
| 245 | fwrite( $fw, $line, strlen( $line ) ); |
| 246 | if ( false === $flag_wp && false !== strpos( $line, $mark_wp_start ) ) { |
| 247 | $flag_wp = true; |
| 248 | } |
| 249 | } |
| 250 | } |
| 251 | if ( false === $flag_write ) { |
| 252 | fwrite( $fw, "\n" . self::HTACCESS_MARK_START . "\n", strlen( self::HTACCESS_MARK_START ) + 2 ); |
| 253 | fwrite( $fw, $mark_start . "\n", strlen( $mark_start ) + 1 ); |
| 254 | fwrite( $fw, $data, strlen( $data ) ); |
| 255 | fwrite( $fw, $mark_end . "\n", strlen( $mark_end ) + 1 ); |
| 256 | fwrite( $fw, self::HTACCESS_MARK_END . "\n", strlen( self::HTACCESS_MARK_END ) + 1 ); |
| 257 | } |
| 258 | if ( '' != $wp_settings ) { // Write saved WordPress Settings |
| 259 | fwrite( $fw, "\n", 1 ); |
| 260 | fwrite( $fw, $wp_settings, strlen( $wp_settings ) ); |
| 261 | fwrite( $fw, "\n", 1 ); |
| 262 | } elseif ( false === $flag_wp ) { // Write empty WordPress Settings |
| 263 | fwrite( $fw, "\n", 1 ); |
| 264 | fwrite( $fw, $mark_wp_start . "\n", strlen( $mark_wp_start ) + 1 ); |
| 265 | fwrite( $fw, $mark_wp_end . "\n", strlen( $mark_wp_end ) + 1 ); |
| 266 | fwrite( $fw, "\n", 1 ); |
| 267 | } |
| 268 | fclose( $fr ); |
| 269 | fclose( $fw ); |
| 270 | @chmod( $new_file, $perm ); |
| 271 | if ( ! rename( $new_file, $current_file ) ) { |
| 272 | siteguard_error_log( "rename failed: $new_file $current_file" ); |
| 273 | return false; |
| 274 | } |
| 275 | return true; |
| 276 | } |
| 277 | } |
| 278 |