Server IP : 172.67.157.199 / Your IP : 3.135.215.96 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/defender-security/src/component/ |
Upload File : |
<?php /** * Handles security headers. * * @package WP_Defender\Component */ namespace WP_Defender\Component; use Calotes\Base\Component; use WP_Defender\Model\Setting\Security_Headers; /** * Base class for managing all security headers. */ abstract class Security_Header extends Component { /** * Static variable to store the rule slug. * * @var string */ public static $rule_slug; /** * Instance of Security_Headers used for caching. * * @var Security_Headers */ public $model; /** * Retrieves miscellaneous data related to the security header. * * @return array Returns an array of miscellaneous data. */ public function get_misc_data() { return array(); } /** * Checks the condition of the security header. * * @return mixed The result of the check. */ abstract public function check(); /** * Retrieves the title of the security header. * * @return string The title of the security header. */ abstract public function get_title(); /** * Adds necessary hooks related to the security header. * * @return mixed */ abstract public function add_hooks(); /** * Safely retrieves the model instance, initializing it if not already done. * * @return Security_Headers The instance of Security_Headers. */ protected function get_model() { if ( is_object( $this->model ) ) { return $this->model; } $this->model = new Security_Headers(); return $this->model; } /** * Checks if a specific header is submitted based on the provided conditions. * * @param string $header The header to check. * @param mixed $somewhere Additional condition to evaluate. * * @return bool True if the header is submitted, false otherwise. */ protected function maybe_submit_header( $header, $somewhere ): bool { if ( false === $somewhere ) { return true; } $collection = headers_list(); $match = false; foreach ( $collection as $item ) { if ( stristr( $item, $header ) ) { $match = true; } } return $match; } /** * Performs a HEAD request to a URL and caches the response. * * @param string $url The URL to request. * @param string $origin The origin of the request. * @param int|null $ttl Time-to-live for the cache entry. * * @return array|mixed The headers from the response or the WP_Error object if the request fails. */ protected function head_request( $url, $origin, $ttl = null ) { $model = $this->get_model(); $cached = $model->get_data_values( 'head_requests' ); if ( ! is_array( $cached ) ) { $cached = array(); } if ( isset( $cached[ $url ] ) ) { $cache = $cached[ $url ]; if ( $cache['ttl'] > time() ) { return $cache['data']; } } // No cache or cache expired. $request = wp_remote_head( $url, array( 'user-agent' => 'WP Defender self ping - ' . $origin ) ); if ( ! is_wp_error( $request ) ) { $headers = wp_remote_retrieve_headers( $request ); $headers = $headers->getAll(); if ( null === $ttl ) { $ttl = strtotime( '+1 day' ); } $headers['response_code'] = wp_remote_retrieve_response_code( $request ); $cached[ $url ] = array( 'ttl' => apply_filters( 'wd_head_request_ttl', $ttl ), 'data' => $headers, ); $model->set_data_values( 'head_requests', $cached ); $this->log( sprintf( 'Fetched header for %s into cache', $url ) ); return $headers; } return $request; } }