| Server IP : 104.21.14.48 / Your IP : 3.147.54.85 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/defender-security/src/controller/ |
Upload File : |
<?php
/**
* Handles onboarding.
*
* @package WP_Defender\Controller
*/
namespace WP_Defender\Controller;
use WP_Defender\Event;
use Calotes\Helper\HTTP;
use Calotes\Helper\Route;
use WP_Defender\Behavior\WPMUDEV;
use WP_Defender\Model\Setting\Login_Lockout;
use WP_Defender\Model\Setting\Notfound_Lockout;
use WP_Defender\Model\Setting\User_Agent_Lockout;
use WP_Defender\Model\Setting\Main_Setting as Model_Main_Setting;
use WP_Defender\Model\Setting\Scan as Scan_Settings;
use WP_Defender\Controller\Scan as Controller_Scan;
/**
* This class is only used once, after the activation on a fresh install.
* We will use this for activating & presets other module settings.
*/
class Onboard extends Event {
/**
* The slug identifier for this controller.
*
* @var string
*/
public $slug = 'wp-defender';
/**
* Initializes the model and service, registers routes, and sets up scheduled events if the model is active.
*/
public function __construct() {
$this->attach_behavior( WPMUDEV::class, WPMUDEV::class );
$this->add_main_page();
add_action( 'defender_enqueue_assets', array( &$this, 'enqueue_assets' ) );
}
/**
* Registers the main page in the WordPress admin menu.
*/
protected function add_main_page() {
$this->register_page(
$this->get_menu_title(),
$this->parent_slug,
array(
&$this,
'main_view',
),
null,
$this->get_menu_icon()
);
}
/**
* Renders the main view for this page.
*/
public function main_view() {
$class = wd_di()->get( Security_Tweaks::class );
$class->refresh_tweaks_status();
$this->render( 'main' );
}
/**
* Method to handle the activation process.
*
* @defender_route
*/
public function activating() {
if ( ! $this->check_permission() || ! $this->verify_nonce( 'activatingonboard' ) ) {
wp_send_json_error( array( 'message' => esc_html__( 'Invalid', 'defender-security' ) ) );
}
$this->attach_behavior( WPMUDEV::class, WPMUDEV::class );
update_site_option( 'wp_defender_shown_activator', true );
delete_site_option( 'wp_defender_is_free_activated' );
$this->maybe_tracking( 'Activate & Configure' );
// Run plugin modules.
if ( $this->is_pro() ) {
$this->preset_audit();
$this->preset_blacklist_monitor();
}
$this->preset_firewall();
$this->resolve_security_tweaks();
$this->preset_scanning();
// @since 4.2.0 No display the Data Tracking after the Onboarding.
Data_Tracking::delete_modal_key();
wp_send_json_success();
}
/**
* Enable blacklist status.
*/
private function preset_blacklist_monitor() {
$this->make_wpmu_request(
WPMUDEV::API_BLACKLIST,
array(),
array(
'method' => 'POST',
)
);
}
/**
* Sets the audit logging to enabled and saves the changes.
*
* @return void
*/
private function preset_audit() {
$audit = new \WP_Defender\Model\Setting\Audit_Logging();
$audit->enabled = true;
$audit->save();
}
/**
* Sets up the preset scanning configuration and creates a new scan.
*
* @return void
*/
private function preset_scanning() {
$model = new Scan_Settings();
$model->save();
// Create new scan.
$ret = \WP_Defender\Model\Scan::create();
if ( is_object( $ret ) && ! is_wp_error( $ret ) ) {
if ( ! $this->is_tracking_active() ) {
wd_di()->get( Model_Main_Setting::class )->toggle_tracking( true );
}
$scan_controller = wd_di()->get( Controller_Scan::class );
$scan_controller->scan_started_analytics(
array(
'Triggered From' => 'Plugin',
'Scan Type' => 'Install',
)
);
$scan_controller->do_async_scan( 'install' );
}
}
/**
* Sets up the preset firewall configuration.
*
* @return void
*/
private function preset_firewall() {
$lockout = new Login_Lockout();
$lockout->enabled = true;
$lockout->save();
$nf = new Notfound_Lockout();
$nf->enabled = true;
$nf->save();
$ua = new User_Agent_Lockout();
$ua->enabled = true;
$ua->save();
}
/**
* Resolve all tweaks that we can.
*
* @since 2.4.6 Remove tweaks that can be added to wp-config.php manually: 'hide-error', 'disable-file-editor'.
*/
private function resolve_security_tweaks() {
$slugs = array(
'disable-xml-rpc',
'login-duration',
'disable-trackback',
'prevent-enum-users',
);
$class = wd_di()->get( Security_Tweaks::class );
$class->refresh_tweaks_status();
$class->security_tweaks_auto_action( $slugs, 'resolve' );
}
/**
* Get modules in quick setup.
*
* @return array
*/
private function get_modules(): array {
$modules = array(
'Firewall',
'Recommendations',
);
if ( $this->is_pro() ) {
$modules[] = 'Malware Scanning';
$modules[] = 'Audit Logging';
$modules[] = 'Blocklist Monitor';
} else {
$modules[] = 'WP file scanning';
}
return $modules;
}
/**
* Maybe track usage data.
*
* @param string $action Action name.
*/
private function maybe_tracking( string $action ) {
$usage_data_state = HTTP::post( 'usage_tracking', '' );
// Track it, the default option value is changed to True.
if ( 'true' === $usage_data_state ) {
wd_di()->get( Model_Main_Setting::class )->toggle_tracking( true );
$this->track_opt_toggle( true, 'Wizard' );
$this->track_feature(
'def_quick_setup',
array(
'module' => $this->get_modules(),
'action' => $action,
)
);
}
}
/**
* Skip onboarding.
*
* @defender_route
*/
public function skip() {
if ( ! $this->check_permission() || ! $this->verify_nonce( 'skiponboard' ) ) {
wp_send_json_error( array( 'message' => esc_html__( 'Invalid', 'defender-security' ) ) );
}
update_site_option( 'wp_defender_shown_activator', true );
delete_site_option( 'wp_defender_is_free_activated' );
// @since 4.2.0 No display the Data Tracking after the Onboarding.
Data_Tracking::delete_modal_key();
$this->maybe_tracking( 'Start from scratch' );
wp_send_json_success();
}
/**
* Enqueues scripts and styles for this page.
* Only enqueues assets if the page is active.
*/
public function enqueue_assets() {
if ( ! $this->is_page_active() ) {
return;
}
wp_localize_script( 'def-onboard', 'onboard', $this->data_frontend() );
wp_enqueue_script( 'def-onboard' );
$this->enqueue_main_assets();
add_filter( 'admin_body_class', array( $this, 'admin_body_class' ) );
}
/**
* Add classes to admin body.
*
* @param string $classes Admin body classes.
*
* @return string
*/
public function admin_body_class( $classes ) {
$classes .= ' wdf-full-screen ';
return $classes;
}
/**
* Removes settings for all submodules.
*/
public function remove_settings() {
}
/**
* Delete all the data & the cache.
*/
public function remove_data() {
}
/**
* Exports strings.
*
* @return array An array of strings.
*/
public function export_strings() {
return array();
}
/**
* Converts the current object state to an array.
*
* @return array The array representation of the object.
*/
public function to_array(): array {
return array();
}
/**
* Imports data into the model.
*
* @param array $data Data to be imported into the model.
*/
public function import_data( array $data ) {
}
/**
* Provides data for the frontend.
*
* @return array An array of data for the frontend.
*/
public function data_frontend(): array {
[ $endpoints, $nonces ] = Route::export_routes( 'onboard' );
return array(
'endpoints' => $endpoints,
'nonces' => $nonces,
'misc' => array(
'state_usage_tracking' => wd_di()->get( Model_Main_Setting::class )->usage_tracking,
'privacy_link' => Model_Main_Setting::PRIVACY_LINK,
),
);
}
}