PluginProbe ʕ •ᴥ•ʔ
SiteGuard WP Plugin / 1.8.7
SiteGuard WP Plugin v1.8.7
1.8.7 1.8.6 1.8.6-beta1 1.8.6-beta2 1.8.4 1.8.5 1.8.3 1.8.2 1.8.1 trunk 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.2.0 1.2.1 1.2.2 1.2.3 1.4.3 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.7.0 1.7.1 1.7.10 1.7.11 1.7.12 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.0-beta1 1.8.0-beta2 1.8.0-beta3 1.8.0-beta4
siteguard / admin / siteguard-menu-waf-tuning-support.php
siteguard / admin Last commit date
siteguard-login-history-table.php 1 month ago siteguard-menu-admin-filter.php 1 month ago siteguard-menu-author-query.php 2 weeks ago siteguard-menu-captcha.php 1 month ago siteguard-menu-dashboard.php 1 month ago siteguard-menu-fail-once.php 1 month ago siteguard-menu-init.php 1 month ago siteguard-menu-login-alert.php 1 month ago siteguard-menu-login-history.php 1 month ago siteguard-menu-login-lock.php 1 month ago siteguard-menu-protect-xmlrpc.php 1 month ago siteguard-menu-rename-login.php 2 weeks ago siteguard-menu-same-error.php 1 month ago siteguard-menu-updates-notify.php 1 month ago siteguard-menu-waf-tuning-support.php 1 month ago siteguard-waf-exclude-rule-table.php 1 month ago
siteguard-menu-waf-tuning-support.php
371 lines
1 <?php
2
3 require_once 'siteguard-waf-exclude-rule-table.php';
4
5 class SiteGuard_Menu_WAF_Tuning_Support extends SiteGuard_Base {
6 protected $wp_list_table;
7 function __construct() {
8 $this->wp_list_table = new SiteGuard_WAF_Exclude_Rule_Table();
9 $this->wp_list_table->prepare_items();
10 $this->render_page();
11 }
12 // convert from URL to PATH
13 function set_filename( $filename ) {
14 $base = basename( $filename );
15 $base = str_replace( '"', '', $base );
16 $base = trim( $base );
17 $idx = strpos( $base, '?' );
18 if ( false !== $idx ) {
19 return substr( $base, 0, $idx );
20 } else {
21 return $base;
22 }
23 }
24 function htaccess_error() {
25 echo '<div class="error settings-error"><p><strong>';
26 esc_html_e( 'ERROR: Failed to update settings. Please try again.', 'siteguard' );
27 echo '</strong></p></div>';
28 }
29 function htaccess_unavailable_error() {
30 echo '<div class="error settings-error"><p><strong>';
31 if ( isset( $_SERVER['SERVER_SOFTWARE'] ) && false !== stripos( $_SERVER['SERVER_SOFTWARE'], 'nginx' ) ) {
32 esc_html_e( 'ERROR: WAF tuning support is not available on Nginx. This feature edits the .htaccess file used by Apache.', 'siteguard' );
33 } elseif ( file_exists( ABSPATH . '.htaccess' ) && ! is_writable( ABSPATH . '.htaccess' ) ) {
34 esc_html_e( 'ERROR: Cannot enable WAF tuning support because the .htaccess file is not writable.', 'siteguard' );
35 } elseif ( ! is_writable( ABSPATH ) ) {
36 esc_html_e( 'ERROR: Cannot enable WAF tuning support because the WordPress installation directory is not writable.', 'siteguard' );
37 } else {
38 esc_html_e( 'ERROR: Cannot enable WAF tuning support. The .htaccess file appears to be ignored by the server (e.g. AllowOverride is disabled, or mod_rewrite is not loaded).', 'siteguard' );
39 }
40 echo '</strong></p></div>';
41 }
42 function render_page() {
43 global $siteguard_waf_exclude_rule;
44 isset( $_GET['action'] ) ? $action = sanitize_text_field( $_GET['action'] ) : $action = 'list';
45 if ( 'list' == $action && isset( $_POST['action'] ) ) {
46 $action = sanitize_text_field( $_POST['action'] );
47 }
48 if ( ! in_array( $action, array( 'list', 'add', 'edit', 'delete' ) ) ) {
49 $action = 'list';
50 }
51
52 $waf_exclude_rule_enable = $siteguard_waf_exclude_rule->get_enable();
53 if ( 'edit' == $action && isset( $_GET['rule'] ) ) {
54 $offset = 0;
55 $id = intval( sanitize_text_field( $_GET['rule'] ) );
56 $rule = $siteguard_waf_exclude_rule->get_rule( $id, $offset );
57 if ( false === $rule ) {
58 $filename = '';
59 $sig = '';
60 $comment = '';
61 } else {
62 $filename = $rule['filename'];
63 $sig = $rule['sig'];
64 $comment = $rule['comment'];
65 }
66 } elseif ( 'delete' == $action ) {
67 if ( isset( $_GET['rule'] ) ) {
68 $ids = array( $_GET['rule'] );
69 } elseif ( isset( $_POST['rule'] ) ) {
70 $ids = $_POST['rule'];
71 } else {
72 $ids = array();
73 }
74 } else {
75 $filename = '';
76 $sig = '';
77 $comment = '';
78 }
79 if ( isset( $_POST['update'] ) ) {
80 $update = sanitize_text_field( $_POST['update'] );
81 switch ( $update ) {
82 case 'add':
83 if ( check_admin_referer( 'siteguard-menu-waf-tuning-support-add' ) ) {
84 $error = false;
85 $errors = siteguard_check_multisite();
86 if ( is_wp_error( $errors ) ) {
87 $error = true;
88 }
89 if ( true == $error || ! isset( $_POST['filename'] ) || ! isset( $_POST['sig'] ) || ! isset( $_POST['comment'] ) ) {
90 // error
91 if ( true === $error ) {
92 siteguard_error_log( 'multisite enabled: ' . __FILE__ );
93 }
94 if ( ! isset( $_POST['sig'] ) ) {
95 siteguard_error_log( 'post value sig not set: ' . __FILE__ );
96 }
97 } else {
98 $filename = $this->set_filename( stripslashes( sanitize_text_field( $_POST['filename'] ) ) );
99 $sig = stripslashes( sanitize_textarea_field( $_POST['sig'] ) );
100 $comment = stripslashes( $_POST['comment'] );
101
102 $errors = $siteguard_waf_exclude_rule->add_rule( $filename, $sig, $comment );
103 if ( ! is_wp_error( $errors ) ) {
104 if ( $waf_exclude_rule_enable ) {
105 if ( false === $siteguard_waf_exclude_rule->feature_on() ) {
106 $this->htaccess_error();
107 }
108 }
109 echo '<div class="updated"><p><strong>' . esc_html__( 'New rule created', 'siteguard' ) . '</strong></p></div>';
110 $action = 'list';
111 $this->wp_list_table->prepare_items();
112 } else {
113 $action = 'add';
114 }
115 }
116 }
117 break;
118 case 'edit':
119 if ( check_admin_referer( 'siteguard-menu-waf-tuning-support-edit' ) ) {
120 if ( ! isset( $_POST['rule'] ) || ! isset( $_POST['filename'] ) || ! isset( $_POST['sig'] ) || ! isset( $_POST['comment'] ) ) {
121 // error
122 } else {
123 $id = sanitize_text_field( $_POST['rule'] );
124 $filename = $this->set_filename( stripslashes( sanitize_text_field( $_POST['filename'] ) ) );
125 $sig = stripslashes( sanitize_textarea_field( $_POST['sig'] ) );
126 $comment = stripslashes( sanitize_text_field( $_POST['comment'] ) );
127 $errors = $siteguard_waf_exclude_rule->update_rule( $id, $filename, $sig, $comment );
128 if ( ! is_wp_error( $errors ) ) {
129 if ( $waf_exclude_rule_enable ) {
130 if ( false === $siteguard_waf_exclude_rule->feature_on() ) {
131 $this->htaccess_error();
132 }
133 }
134 echo '<div class="updated"><p><strong>' . esc_html__( 'Rule updated', 'siteguard' ) . '</strong></p></div>';
135 $action = 'list';
136 $this->wp_list_table->prepare_items();
137 } else {
138 $action = 'edit';
139 }
140 }
141 }
142 break;
143 case 'delete':
144 if ( check_admin_referer( 'siteguard-menu-waf-tuning-support-delete' ) ) {
145 if ( ! isset( $_POST['rule'] ) ) {
146 // error
147 } else {
148 $ids = $_POST['rule'];
149 $siteguard_waf_exclude_rule->delete_rule( $ids );
150 if ( $waf_exclude_rule_enable ) {
151 if ( false === $siteguard_waf_exclude_rule->feature_on() ) {
152 $this->htaccess_error();
153 }
154 }
155 echo '<div class="updated"><p><strong>' . esc_html__( 'Rule deleted', 'siteguard' ) . '</strong></p></div>';
156 $action = 'list';
157 $this->wp_list_table->prepare_items();
158 }
159 }
160 break;
161 case 'apply':
162 if ( isset( $_POST['action'] ) && 'delete' == $_POST['action'] ) {
163 break;
164 }
165 if ( check_admin_referer( 'siteguard-menu-waf-tuning-support-apply' ) ) {
166 if ( ! isset( $_POST['waf_exclude_rule_enable'] ) ) {
167 // error
168 } else {
169 $error = false;
170 $errors = siteguard_check_multisite();
171 if ( is_wp_error( $errors ) ) {
172 $error = true;
173 }
174 if ( false === $error && '1' === $_POST['waf_exclude_rule_enable'] && false === SiteGuard_Htaccess::test_htaccess() ) {
175 $error = true;
176 $siteguard_waf_exclude_rule->set_enable( '0' );
177 $siteguard_waf_exclude_rule->feature_off();
178 $waf_exclude_rule_enable = '0';
179 $this->htaccess_unavailable_error();
180 }
181 if ( false === $error && false === $this->is_switch_value( $_POST['waf_exclude_rule_enable'] ) ) {
182 echo '<div class="error settings-error"><p><strong>';
183 esc_html_e( 'ERROR: Invalid input value.', 'siteguard' );
184 echo '</strong></p></div>';
185 $error = true;
186 }
187 if ( false === $error ) {
188 $old_waf_exclude_rule_enable = $waf_exclude_rule_enable;
189 $waf_exclude_rule_enable = sanitize_text_field( $_POST['waf_exclude_rule_enable'] );
190 $siteguard_waf_exclude_rule->set_enable( $waf_exclude_rule_enable );
191 if ( '1' == $waf_exclude_rule_enable ) {
192 $result = $siteguard_waf_exclude_rule->feature_on();
193 if ( true === $result ) {
194 echo '<div class="updated"><p><strong>' . esc_html__( 'Rules applied', 'siteguard' ) . '</strong></p></div>';
195 }
196 } else {
197 $result = $siteguard_waf_exclude_rule->feature_off();
198 if ( true === $result ) {
199 echo '<div class="updated"><p><strong>' . esc_html__( 'Rules removed', 'siteguard' ) . '</strong></p></div>';
200 }
201 }
202 if ( false === $result ) {
203 $waf_exclude_rule_enable = $old_waf_exclude_rule_enable;
204 $siteguard_waf_exclude_rule->set_enable( $waf_exclude_rule_enable );
205 $this->htaccess_error();
206 }
207 }
208 }
209 }
210 break;
211 default:
212 }
213 } elseif ( 'delete' == $action ) {
214 if ( isset( $_GET['rule'] ) ) {
215 $ids = array( $_GET['rule'] );
216 } elseif ( isset( $_POST['rule'] ) ) {
217 $ids = $_POST['rule'];
218 } else {
219 $ids = array();
220 }
221 }
222
223 if ( isset( $errors ) && is_wp_error( $errors ) ) {
224 ?>
225 <div class="error">
226 <ul>
227 <?php
228 foreach ( $errors->get_error_messages() as $err ) {
229 echo '<li>' . esc_html( $err ) . "</li>\n";
230 }
231 ?>
232 </ul>
233 </div>
234 <?php
235 }
236
237 echo '<div class="wrap">';
238 echo '<img src="' . SITEGUARD_URL_PATH . 'images/sg_wp_plugin_logo_40.png" alt="SiteGuard Logo" />';
239 switch ( $action ) {
240 case 'list':
241 echo '<h2>' . esc_html__( 'WAF Tuning Support', 'siteguard' ) . ' <a href="?page=siteguard_waf_tuning_support&action=add" class="add-new-h2">' . esc_html__( 'Add New', 'siteguard' ) . '</a></h2>';
242 $documentation_link = '<a href="' . esc_url( __( 'https://www.jp-secure.com/siteguard_wp_plugin_en/howto/waf_tuning_support/', 'siteguard' ) ) . '" target="_blank">' . esc_html__( 'online documentation', 'siteguard' ) . '</a>';
243 echo '<div class="siteguard-description">'
244 . sprintf(
245 /* translators: %1$s: Link to the online documentation. */
246 esc_html__( 'See the %1$s.', 'siteguard' ),
247 $documentation_link
248 )
249 . '</div>';
250 ?>
251 <form name="form1" method="post" action="">
252 <table class="form-table">
253 <tr>
254 <th scope="row" colspan="2">
255 <ul class="siteguard-radios">
256 <li>
257 <input type="radio" name="waf_exclude_rule_enable" id="waf_exclude_rule_enable_on" value="1" <?php checked( $waf_exclude_rule_enable, '1' ); ?> >
258 <label for="waf_exclude_rule_enable_on"><?php esc_html_e( 'ON', 'siteguard' ); ?></label>
259 </li><li>
260 <input type="radio" name="waf_exclude_rule_enable" id="waf_exclude_rule_enable_off" value="0" <?php checked( $waf_exclude_rule_enable, '0' ); ?> >
261 <label for="waf_exclude_rule_enable_off"><?php esc_html_e( 'OFF', 'siteguard' ); ?></label>
262 </li>
263 </ul>
264 <?php
265 $error = siteguard_check_multisite();
266 if ( is_wp_error( $error ) ) {
267 echo '<p class="description">';
268 echo esc_html( $error->get_error_message() );
269 echo '</p>';
270 }
271 echo '<p class="description">';
272 esc_html_e( 'This feature requires WAF (SiteGuard Server Edition) to be installed on the server.', 'siteguard' );
273 echo '</p>';
274 ?>
275 </th>
276 </table>
277 <?php
278 $this->wp_list_table->display();
279 ?>
280 <div class="siteguard-description">
281 <?php
282 esc_html_e(
283 'If WAF (SiteGuard Server Edition) is installed on the server, it may occasionally block legitimate WordPress actions. Use this tool to create exceptions so those actions work while keeping WAF protection active.',
284 'siteguard'
285 )
286 ?>
287 </div>
288 <hr />
289 <?php
290 echo '<input type="hidden" name="update" id="update" value="apply">';
291 wp_nonce_field( 'siteguard-menu-waf-tuning-support-apply' );
292 submit_button( esc_attr__( 'Apply rules', 'siteguard' ) );
293 ?>
294 </form>
295 <?php
296 break;
297 case 'add':
298 case 'edit':
299 if ( 'add' == $action ) {
300 echo '<h2>' . esc_html__( 'Add WAF Exclusion Rule', 'siteguard' ) . '</h2>';
301 } else {
302 echo '<h2>' . esc_html__( 'Edit WAF Exclusion Rule', 'siteguard' ) . '</h2>';
303 }
304 ?>
305 <form name="form1" method="post" action="<?php echo esc_url( menu_page_url( 'siteguard_waf_tuning_support', false ) ); ?>">
306 <table class="form-table">
307 <tr>
308 <th scope="row"><label for="sig"><?php esc_html_e( 'Signature', 'siteguard' ); ?></label></th>
309 <td>
310 <textarea name="sig" id="sig" style="width:350px;" rows="5" ><?php echo esc_html( $sig ); ?></textarea>
311 <p class="description"><?php esc_html_e( 'Enter the detected signature name or signature ID. To specify more than one, enter each one on a separate line.', 'siteguard' ); ?></p>
312 </td>
313 </tr>
314 <tr>
315 <th scope="row"><label for="filename"><?php esc_html_e( 'Filename (optional)', 'siteguard' ); ?></label></th>
316 <td>
317 <input type="text" name="filename" id="filename" value="<?php echo esc_attr( $filename ); ?>" class="regular-text code" >
318 <p class="description"><?php esc_html_e( 'Enter the target filename. You can also paste the URL path before the question mark (?).', 'siteguard' ); ?></p>
319 </td>
320 </tr>
321 <tr>
322 <th scope="row"><label for="comment"><?php esc_html_e( 'Comment (optional)', 'siteguard' ); ?></label></th>
323 <td>
324 <input type="text" name="comment" id="comment" value="<?php echo esc_attr( $comment ); ?>" class="regular-text" >
325 </td>
326 </tr>
327 </table>
328
329 <hr />
330 <?php
331 if ( 'add' == $action ) {
332 echo '<input type="hidden" name="update" id="update" value="add">';
333 wp_nonce_field( 'siteguard-menu-waf-tuning-support-add' );
334 submit_button( esc_attr__( 'Save', 'siteguard' ) );
335 } else {
336 echo '<input type="hidden" name="update" id="update" value="edit">';
337 echo '<input type="hidden" name="rule" id="rule" value="' . esc_attr( $id ) . '">';
338 wp_nonce_field( 'siteguard-menu-waf-tuning-support-edit' );
339 submit_button();
340 }
341 echo '</form>';
342 break;
343 case 'delete':
344 echo '<h2>' . esc_html__( 'Delete WAF Exclusion Rule', 'siteguard' ) . '</h2>';
345 ?>
346 <form name="form1" method="post" action="<?php echo esc_url( menu_page_url( 'siteguard_waf_tuning_support', false ) ); ?>">
347 <?php
348 echo '<p>' . esc_html( _n( 'You have specified this rule for deletion:', 'You have specified these rules for deletion:', count( $ids ), 'siteguard' ) ) . '</p>';
349 $go_delete = 0;
350 foreach ( $ids as $id ) {
351 $offset = 0;
352 $rule = $siteguard_waf_exclude_rule->get_rule( sanitize_text_field( $id ), $offset );
353 echo '<input type="hidden" name="rule[]" value="' . esc_attr( $id ) . '" />' . esc_html__( 'Signature', 'siteguard' ) . ' : ' . esc_html__( 'Filename', 'siteguard' ) . ' : ' . esc_html__( 'Comment', 'siteguard' ) . ' [' . esc_html( $rule['sig'] ) . ' : ' . esc_html( $rule['filename'] ) . ' : ' . esc_html( $rule['comment'] ) . "]<br />\n";
354 $go_delete = 1;
355 }
356 if ( 1 == $go_delete ) {
357 echo '<input type="hidden" name="update" id="update" value="delete">';
358 wp_nonce_field( 'siteguard-menu-waf-tuning-support-delete' );
359 submit_button( esc_attr__( 'Confirm Deletion', 'siteguard' ) );
360 } else {
361 echo '<p>' . esc_html__( 'There are no rules selected for deletion.', 'siteguard' ) . '</p>';
362 }
363 echo '</form>';
364 break;
365 }
366 ?>
367 </div>
368 <?php
369 }
370 }
371