Files
SIGE-WEB-snapshot/ambiente-de-test/wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-tools-menu.php

252 lines
8.8 KiB
PHP

<?php
if (!defined('ABSPATH')) {
exit; // Exit if accessed directly
}
class AIOWPSecurity_Tools_Menu extends AIOWPSecurity_Admin_Menu {
/**
* Tools menu slug
*
* @var string
*/
protected $menu_page_slug = AIOWPSEC_TOOLS_MENU_SLUG;
/**
* Constructor adds menu for Tools
*/
public function __construct() {
parent::__construct(__('Tools', 'all-in-one-wp-security-and-firewall'));
}
/**
* This function will setup the menus tabs by setting the array $menu_tabs
*
* @return void
*/
protected function setup_menu_tabs() {
$menu_tabs = array(
'password-tool' => array(
'title' => __('Password tool', 'all-in-one-wp-security-and-firewall'),
'render_callback' => array($this, 'render_password_tool'),
),
'whois-lookup' => array(
'title' => __('WHOIS lookup', 'all-in-one-wp-security-and-firewall'),
'render_callback' => array($this, 'render_whois_lookup_tab'),
),
'custom-rules' => array(
'title' => __('Custom .htaccess rules', 'all-in-one-wp-security-and-firewall'),
'render_callback' => array($this, 'render_custom_rules'),
'display_condition_callback' => array('AIOWPSecurity_Utility_Permissions', 'is_main_site_and_super_admin'),
),
'visitor-lockout' => array(
'title' => __('Visitor lockout', 'all-in-one-wp-security-and-firewall'),
'render_callback' => array($this, 'render_visitor_lockout'),
),
);
$this->menu_tabs = array_filter($menu_tabs, array($this, 'should_display_tab'));
}
/**
* Render the 'Custom (htaccess) rules' tab
*
* @return void
*/
protected function render_custom_rules() {
global $aio_wp_security;
if (isset($_POST['aiowps_save_custom_rules_settings'])) { // Do form submission tasks
if (is_wp_error(AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_POST['_wpnonce'], 'aiowpsec-save-custom-rules-settings-nonce'))) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save custom rules settings.", 4);
die('Nonce check failed for save custom rules settings.');
}
//Save settings
if (isset($_POST["aiowps_enable_custom_rules"]) && empty($_POST['aiowps_custom_rules'])) {
$this->show_msg_error(__('You must enter some .htaccess directives code in the text box below', 'all-in-one-wp-security-and-firewall'));
} else {
if (!empty($_POST['aiowps_custom_rules'])) {
// Undo magic quotes that are automatically added to `$_GET`,
// `$_POST`, `$_COOKIE`, and `$_SERVER` by WordPress as
// they corrupt any custom rule with backslash in it...
$aio_wp_security->configs->set_value('aiowps_custom_rules', stripslashes($_POST['aiowps_custom_rules']));
} else {
$aio_wp_security->configs->set_value('aiowps_custom_rules', ''); //Clear the custom rules config value
}
$aio_wp_security->configs->set_value('aiowps_enable_custom_rules', isset($_POST["aiowps_enable_custom_rules"]) ? '1' : '');
$aio_wp_security->configs->set_value('aiowps_place_custom_rules_at_top', isset($_POST["aiowps_place_custom_rules_at_top"]) ? '1' : '');
$aio_wp_security->configs->save_config(); //Save the configuration
$this->show_msg_settings_updated();
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
if (!$write_result) {
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file, please edit file manually.', 'all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("Custom Rules feature - The plugin was unable to write to the .htaccess file.");
}
}
}
$aio_wp_security->include_template('wp-admin/tools/custom-htaccess.php');
}
/**
* Renders the submenu's password tool tab
*
* @return Void
*/
protected function render_password_tool() {
global $aio_wp_security;
wp_enqueue_script('aiowpsec-pw-tool-js');
$aio_wp_security->include_template('wp-admin/tools/password-tool.php');
}
/**
* Does a WHOIS lookup on an IP address or domain name and then returns the result.
*
* @param String $search - IP address or domain name to do a WHOIS lookup on
* @param Integer $timeout - connection timeout for fsockopen
*
* @return String|WP_Error - returns preformatted WHOIS lookup result or WP_Error
*/
public function whois_lookup($search, $timeout = 10) {
$fp = @fsockopen('whois.iana.org', 43, $errno, $errstr, $timeout);
if (!$fp) {
return new WP_Error('whois_lookup_failed', 'whois.iana.org: Socket Error '.$errno.' - '.$errstr);
}
$queries = sprintf(__('Querying %s: %s', 'all-in-one-wp-security-and-firewall'), 'whois.iana.org', $search)."\n";
fputs($fp, $search."\r\n");
$out = '';
while (!feof($fp)) {
$line = fgets($fp);
if (preg_match('/refer: +(\S+)/', $line, $matches)) {
$referral_server = $matches[1];
$queries .= sprintf(__('Redirected to %s', 'all-in-one-wp-security-and-firewall'), $referral_server)."\n";
break;
}
$out .= $line;
}
fclose($fp);
if (!isset($referral_server) && filter_var($search, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && preg_match('/whois: +(\S+)/', $out, $matches)) {
$referral_server = $matches[1];
$queries .= sprintf(__('Redirected to %s', 'all-in-one-wp-security-and-firewall'), $referral_server)."\n";
}
$referrals = array();
while (isset($referral_server)) {
$referrals[] = $referral_server;
$fp = @fsockopen($referral_server, 43, $errno, $errstr, $timeout);
if (!$fp) {
return new WP_Error('whois_lookup_failed', $referral_server.': Socket Error '.$errno.' - '.$errstr);
}
if ('whois.arin.net' == $referral_server) {
$formatted_search = 'n + '.$search;
} elseif ('whois.denic.de' == $referral_server) {
$formatted_search = '-T dn,ace '.$search;
} elseif ('whois.dk-hostmaster.dk' == $referral_server) {
$formatted_search = '--charset=utf-8 --show-handles '.$search;
} elseif ('whois.nic.ad.jp' == $referral_server || 'whois.jprs.jp' == $referral_server) {
$formatted_search = $search.'/e';
} else {
$formatted_search = $search;
}
$queries .= sprintf(__('Querying %s: %s', 'all-in-one-wp-security-and-firewall'), $referral_server, $formatted_search)."\n";
$referral_server = null;
fputs($fp, $formatted_search."\r\n");
$out = '';
while (!feof($fp)) {
$line = fgets($fp);
if (preg_match('/Registrar WHOIS Server: +(\S+)/', $line, $matches)
|| preg_match('/% referto: +whois -h (\S+)/', $line, $matches)
|| preg_match('/% referto: +(\S+)/', $line, $matches)
|| preg_match('/ReferralServer: +rwhois:\/\/(\S+)/', $line, $matches)
|| preg_match('/ReferralServer: +whois:\/\/(\S+)/', $line, $matches)
) {
if (!in_array($matches[1], $referrals)) {
$referral_server = $matches[1];
$queries .= sprintf(__('Redirected to %s', 'all-in-one-wp-security-and-firewall'), $referral_server)."\n";
break;
}
}
$out .= $line;
}
fclose($fp);
}
return $queries."\n".$out;
}
/**
* Renders the submenu's whois-lookup tab body.
*
* @return Void
*/
protected function render_whois_lookup_tab() {
global $aio_wp_security;
$lookup = false;
$ip_or_domain = '';
if (isset($_POST['aiowps_whois_ip_or_domain'])) {
$nonce = $_POST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-whois-lookup')) {
$aio_wp_security->debug_logger->log_debug('Nonce check failed on WHOIS lookup.', 4);
die('Nonce check failed on WHOIS lookup.');
}
$lookup = true;
$ip_or_domain = stripslashes($_POST['aiowps_whois_ip_or_domain']);
}
$aio_wp_security->include_template('wp-admin/tools/whois-lookup.php', false, array('AIOWPSecurity_Tools_Menu' => $this, 'lookup' => $lookup, 'ip_or_domain' => $ip_or_domain));
}
/**
* Renders the submenu's visitor lockout tab
*
* @return void
*/
protected function render_visitor_lockout() {
global $aio_wp_security;
$maint_msg = '';
if (isset($_POST['aiowpsec_save_site_lockout'])) {
$nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-site-lockout')) {
$aio_wp_security->debug_logger->log_debug("Nonce check failed on site lockout feature settings save.", 4);
die("Nonce check failed on site lockout feature settings save.");
}
// Save settings
$aio_wp_security->configs->set_value('aiowps_site_lockout', isset($_POST["aiowps_site_lockout"]) ? '1' : '');
$maint_msg = htmlentities(stripslashes($_POST['aiowps_site_lockout_msg']), ENT_COMPAT, "UTF-8");
$aio_wp_security->configs->set_value('aiowps_site_lockout_msg', $maint_msg); // Text area/msg box
$aio_wp_security->configs->save_config();
$this->show_msg_updated(__('Site lockout feature settings saved.', 'all-in-one-wp-security-and-firewall'));
do_action('aiowps_site_lockout_settings_saved'); // Trigger action hook.
}
$aio_wp_security->include_template('wp-admin/tools/visitor-lockout.php', false, array());
}
} // End of class