wfAPI.php — Wordfence Security – Firewall, Malware Scan, and Login Security 7.2.5

wordfence / lib / wfAPI.php

wordfence / lib Last commit date

wfAPI.php

242 lines

1	<?php
2	require_once('wordfenceConstants.php');
3	require_once('wordfenceClass.php');
4
5	class wfAPI {
6	const KEY_TYPE_FREE = 'free';
7	const KEY_TYPE_PAID_CURRENT = 'paid-current';
8	const KEY_TYPE_PAID_EXPIRED = 'paid-expired';
9
10	public $lastHTTPStatus = '';
11	public $lastCurlErrorNo = '';
12	private $curlContent = 0;
13	private $APIKey = '';
14	private $wordpressVersion = '';
15
16	public function __construct($apiKey, $wordpressVersion) {
17	$this->APIKey = $apiKey;
18	$this->wordpressVersion = $wordpressVersion;
19	}
20
21	public function getStaticURL($url) { // In the form '/something.bin' without quotes
22	return $this->getURL(rtrim($this->getAPIURL(), '/') . '/' . ltrim($url, '/'));
23	}
24
25	public function call($action, $getParams = array(), $postParams = array(), $forceSSL = false, $timeout = 900) {
26	$apiURL = $this->getAPIURL();
27	//Sanity check. Developer should call wfAPI::SSLEnabled() to check if SSL is enabled before forcing SSL and return a user friendly msg if it's not.
28	if ($forceSSL && (!preg_match('/^https:/i', $apiURL))) {
29	//User's should never see this message unless we aren't calling SSLEnabled() to check if SSL is enabled before using call() with forceSSL
30	throw new wfAPICallSSLUnavailableException("SSL is not supported by your web server and is required to use this function. Please ask your hosting provider or site admin to install cURL with openSSL to use this feature.");
31	}
32	$json = $this->getURL(rtrim($apiURL, '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&' . self::buildQuery(
33	array_merge(
34	array('action' => $action),
35	$getParams
36	)), $postParams, $timeout);
37	if (!$json) {
38	throw new wfAPICallInvalidResponseException("We received an empty data response from the Wordfence scanning servers when calling the '$action' function.");
39	}
40
41	$dat = json_decode($json, true);
42	if (isset($dat['_isPaidKey'])) {
43	wfConfig::set('keyExpDays', $dat['_keyExpDays']);
44	if ($dat['_keyExpDays'] > -1) {
45	wfConfig::set('isPaid', 1);
46	}
47	else if ($dat['_keyExpDays'] < 0) {
48	wfConfig::set('isPaid', '');
49	}
50
51	if (!isset($dat['errorMsg'])) {
52	if ($dat['_keyExpDays'] > -1) {
53	wfConfig::set('keyType', self::KEY_TYPE_PAID_CURRENT);
54	}
55	else if ($dat['_keyExpDays'] < 0) {
56	wfConfig::set('keyType', self::KEY_TYPE_PAID_EXPIRED);
57	}
58
59	if (isset($dat['_autoRenew'])) { wfConfig::set('premiumAutoRenew', wfUtils::truthyToInt($dat['_autoRenew'])); } else { wfConfig::remove('premiumAutoRenew'); }
60	if (isset($dat['_nextRenewAttempt'])) { wfConfig::set('premiumNextRenew', time() + $dat['_nextRenewAttempt'] * 86400); } else { wfConfig::remove('premiumNextRenew'); }
61	if (isset($dat['_paymentExpiring'])) { wfConfig::set('premiumPaymentExpiring', wfUtils::truthyToInt($dat['_paymentExpiring'])); } else { wfConfig::remove('premiumPaymentExpiring'); }
62	if (isset($dat['_paymentExpired'])) { wfConfig::set('premiumPaymentExpired', wfUtils::truthyToInt($dat['_paymentExpired'])); } else { wfConfig::remove('premiumPaymentExpired'); }
63	if (isset($dat['_paymentMissing'])) { wfConfig::set('premiumPaymentMissing', wfUtils::truthyToInt($dat['_paymentMissing'])); } else { wfConfig::remove('premiumPaymentMissing'); }
64	if (isset($dat['_paymentHold'])) { wfConfig::set('premiumPaymentHold', wfUtils::truthyToInt($dat['_paymentHold'])); } else { wfConfig::remove('premiumPaymentHold'); }
65	}
66	}
67
68	$hasKeyConflict = false;
69	if (isset($dat['_hasKeyConflict'])) {
70	$hasKeyConflict = ($dat['_hasKeyConflict'] == 1);
71	if ($hasKeyConflict) {
72	new wfNotification(null, wfNotification::PRIORITY_HIGH_CRITICAL, '<a href="' . wfUtils::wpAdminURL('admin.php?page=Wordfence&subpage=global_options') . '">The Wordfence license you\'re using does not match this site\'s address. Premium features are disabled.</a>', 'wfplugin_keyconflict', null, array(array('link' => 'https://www.wordfence.com/manage-wordfence-api-keys/', 'label' => 'Manage Keys')));
73	wfConfig::set('hasKeyConflict', 1);
74	}
75	}
76
77	$keyNoLongerValid = false;
78	if (isset($dat['_keyNoLongerValid'])) {
79	$keyNoLongerValid = ($dat['_keyNoLongerValid'] == 1);
80	if ($keyNoLongerValid) {
81	wordfence::ajax_downgradeLicense_callback();
82	}
83	}
84
85	if (!$hasKeyConflict) {
86	wfConfig::remove('hasKeyConflict');
87	$n = wfNotification::getNotificationForCategory('wfplugin_keyconflict');
88	if ($n !== null) {
89	wordfence::status(1, 'info', 'Idle');
90	$n->markAsRead();
91	}
92	}
93
94	if (isset($dat['_touppChanged'])) {
95	wfConfig::set('touppPromptNeeded', wfUtils::truthyToBoolean($dat['_touppChanged']));
96	}
97
98	if (!is_array($dat)) {
99	throw new wfAPICallInvalidResponseException("We received a data structure that is not the expected array when contacting the Wordfence scanning servers and calling the '$action' function.");
100	}
101	if (is_array($dat) && isset($dat['errorMsg'])) {
102	throw new wfAPICallErrorResponseException($dat['errorMsg']);
103	}
104	return $dat;
105	}
106
107	protected function getURL($url, $postParams = array(), $timeout = 900) {
108	wordfence::status(4, 'info', "Calling Wordfence API v" . WORDFENCE_API_VERSION . ":" . $url);
109
110	if (!function_exists('wp_remote_post')) {
111	require_once ABSPATH . WPINC . 'http.php';
112	}
113
114	$ssl_verify = (bool) wfConfig::get('ssl_verify');
115	$args = array(
116	'timeout' => $timeout,
117	'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
118	'body' => $postParams,
119	'sslverify' => $ssl_verify,
120	'headers' => array('Referer' => false),
121	);
122	if (!$ssl_verify) {
123	// Some versions of cURL will complain that SSL verification is disabled but the CA bundle was supplied.
124	$args['sslcertificates'] = false;
125	}
126
127	$response = wp_remote_post($url, $args);
128
129	$this->lastHTTPStatus = (int) wp_remote_retrieve_response_code($response);
130
131	if (is_wp_error($response)) {
132	$error_message = $response->get_error_message();
133	throw new wfAPICallFailedException("There was an " . ($error_message ? '' : 'unknown ') . "error connecting to the Wordfence scanning servers" . ($error_message ? ": $error_message" : '.'));
134	}
135
136	$dateHeader = @$response['headers']['date'];
137	if (!empty($dateHeader) && (time() - wfConfig::get('timeoffset_wf_updated', 0) > 3600)) {
138	if (function_exists('date_create_from_format')) {
139	$dt = DateTime::createFromFormat('D, j M Y G:i:s O', $dateHeader);
140	$timestamp = $dt->getTimestamp();
141	}
142	else {
143	$timestamp = strtotime($dateHeader);
144	}
145	$offset = $timestamp - time();
146	wfConfig::set('timeoffset_wf', $offset);
147	wfConfig::set('timeoffset_wf_updated', time());
148	}
149
150	if (!empty($response['response']['code'])) {
151	$this->lastHTTPStatus = (int) $response['response']['code'];
152	}
153
154	if (200 != $this->lastHTTPStatus) {
155	throw new wfAPICallFailedException("The Wordfence scanning servers are currently unavailable. This may be for maintenance or a temporary outage. If this still occurs in an hour, please contact support. [$this->lastHTTPStatus]");
156	}
157
158	$content = wp_remote_retrieve_body($response);
159	return $content;
160	}
161
162	public function binCall($func, $postData) {
163	$url = rtrim($this->getAPIURL(), '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&action=' . $func;
164
165	$data = $this->getURL($url, $postData);
166
167	if (preg_match('/\{.*errorMsg/', $data)) {
168	$jdat = @json_decode($data, true);
169	if (is_array($jdat) && $jdat['errorMsg']) {
170	throw new Exception($jdat['errorMsg']);
171	}
172	}
173	return array('code' => $this->lastHTTPStatus, 'data' => $data);
174	}
175
176	public function makeAPIQueryString() {
177	$cv = null;
178	$cs = null;
179	if (function_exists('curl_version')) {
180	$curl = curl_version();
181	$cv = $curl['version'];
182	$cs = $curl['ssl_version'];
183	}
184
185	$values = array(
186	'wp' => $this->wordpressVersion,
187	'wf' => WORDFENCE_VERSION,
188	'ms' => (is_multisite() ? get_blog_count() : false),
189	'h' => wfUtils::wpHomeURL(),
190	'sslv' => function_exists('openssl_verify') && defined('OPENSSL_VERSION_NUMBER') ? OPENSSL_VERSION_NUMBER : null,
191	'pv' => phpversion(),
192	'pt' => php_sapi_name(),
193	'cv' => $cv,
194	'cs' => $cs,
195	'sv' => (isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : null),
196	'dv' => wfConfig::get('dbVersion', null),
197	);
198
199	return self::buildQuery(array(
200	'k' => $this->APIKey,
201	's' => wfUtils::base64url_encode(json_encode($values)),
202	'betaFeed' => (int) wfConfig::get('betaThreatDefenseFeed'),
203	));
204	}
205
206	private function buildQuery($data) {
207	if (version_compare(phpversion(), '5.1.2', '>=')) {
208	return http_build_query($data, '', '&'); //arg_separator parameter was only added in PHP 5.1.2. We do this because some PHP.ini's have arg_separator.output set to '&'
209	} else {
210	return http_build_query($data);
211	}
212	}
213
214	private function getAPIURL() {
215	return self::SSLEnabled() ? WORDFENCE_API_URL_SEC : WORDFENCE_API_URL_NONSEC;
216	}
217
218	public static function SSLEnabled() {
219	if (!function_exists('wp_http_supports')) {
220	require_once ABSPATH . WPINC . 'http.php';
221	}
222	return wp_http_supports(array('ssl'));
223	}
224
225	public function getTextImageURL($text) {
226	$apiURL = $this->getAPIURL();
227	return rtrim($apiURL, '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&' . self::buildQuery(array('action' => 'image', 'txt' => base64_encode($text)));
228	}
229	}
230
231	class wfAPICallSSLUnavailableException extends Exception {
232	}
233
234	class wfAPICallFailedException extends Exception {
235	}
236
237	class wfAPICallInvalidResponseException extends Exception {
238	}
239
240	class wfAPICallErrorResponseException extends Exception {
241	}
242