Server IP : 172.67.157.199 / Your IP : 18.116.63.5 [ Web Server : Apache System : Linux b70eb322-3aee-0c53-7c82-0db91281f2c6.secureserver.net 6.1.90-1.el9.elrepo.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 12:09:22 EDT 2024 x86_64 User : root ( 0) PHP Version : 8.0.30.2 Disable Function : NONE Domains : 0 Domains MySQL : ON | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /var/www/wp-content/plugins/defender-security/src/traits/ |
Upload File : |
<?php /** * Helper functions for plugin related tasks. * * @package WP_Defender\Traits */ namespace WP_Defender\Traits; use WP_Error; use WP_Defender\Component\Quarantine as Quarantine_Component; trait Plugin { /** * Version URL. * * @var string Versioned path of the plugin file. */ private $url_plugin_vcs = 'https://plugins.svn.wordpress.org/%s/tags/%s/%s'; /** * Trunk URL. * * @var string Trunk path of the plugin file. */ private $url_plugin_vcs_trunk = 'https://plugins.svn.wordpress.org/%s/trunk/%s'; /** * Key for org slugs transient. * * @var string */ public static string $org_slugs = 'wp-defender-org-slugs'; /** * Key for org responses transient. * * @var string */ public static string $org_responses = 'wp-defender-org-responses'; /** * Get all installed plugins. * * @return array */ public function get_plugins(): array { if ( ! function_exists( 'get_plugins' ) ) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; } // WordPress caches this internally. return get_plugins(); } /** * Get all slugs. * * @return array */ public function get_plugin_slugs(): array { $slugs = array(); foreach ( $this->get_plugins() as $slug => $plugin ) { $base_slug = explode( '/', $slug ); $slugs[] = array_shift( $base_slug ); } return $slugs; } /** * Get plugin data by slug. * * @param string $plugin_slug Plugin slug. * * @return array */ public function get_plugin_data( $plugin_slug ): array { foreach ( $this->get_plugins() as $slug => $plugin ) { if ( $plugin_slug === $slug ) { return $plugin; } } return array(); } /** * Retrieve plugin base directory. * * @return string */ public function get_plugin_base_dir(): string { if ( defined( 'WP_PLUGIN_DIR' ) ) { return wp_normalize_path( WP_PLUGIN_DIR . '/' ); } return wp_normalize_path( WP_CONTENT_DIR . '/plugins/' ); } /** * Check if a plugin exists on WordPress.org repository. * * @param string $slug The slug of the plugin. * * @return array Index message: describes what happened. * Index data: Plugin data from wp.org. * Index success: true if plugin in WordPress plugin repository * else false. */ public function check_plugin_on_wp_org( string $slug ): array { // Check if data exists in transient. $transient = get_site_transient( self::$org_responses ) ?? array(); if ( isset( $transient[ $slug ] ) ) { return array( 'message' => __( 'Plugin exists in WordPress repository.', 'defender-security' ), 'data' => $transient[ $slug ], 'success' => true, ); } $url = 'https://api.wordpress.org/plugins/info/1.0/' . $slug . '.json'; $http_args = array( 'timeout' => 15, 'sslverify' => false, // Many hosts have no updated CA bundle. 'user-agent' => 'Defender/' . DEFENDER_VERSION, ); $response = wp_remote_get( $url, $http_args ); if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) { $body_json = json_decode( wp_remote_retrieve_body( $response ), true ); $message = esc_html__( 'Plugin unknown error.', 'defender-security' ); if ( is_array( $body_json ) && isset( $body_json['error'] ) ) { $message = $body_json['error']; } return array( 'message' => $message, 'success' => false, ); } $results = json_decode( wp_remote_retrieve_body( $response ), true ); if ( ! is_array( $results ) ) { return array( 'message' => esc_html__( 'Plugin response is not in expected format.', 'defender-security' ), 'success' => false, ); } if ( ! empty( $results['closed'] ) ) { return array( 'message' => $response['description'], 'success' => false, ); } // Cache the relevant data in the transient. $filtered_results = array_intersect_key( $results, array_flip( array( 'homepage', 'version', 'author' ) ) ); $transient[ $slug ] = $filtered_results; set_site_transient( self::$org_responses, $transient, WEEK_IN_SECONDS ); return array( 'message' => esc_html__( 'Plugin exists in WordPress repository.', 'defender-security' ), 'data' => $results, 'success' => true, ); } /** * Check for readme.txt or readme.md files. * Sometimes plugins from wp.org don't have readme.txt file, e.g. 'wp-crontrol'. * * @param string $readme_file Path to readme.* file. * * @return bool */ public function check_by_readme_file( $readme_file ): bool { if ( file_exists( $readme_file ) && is_readable( $readme_file ) ) { global $wp_filesystem; // Initialize the WP filesystem, no more using 'file-put-contents' function. if ( empty( $wp_filesystem ) ) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); } $contents = trim( (string) $wp_filesystem->get_contents( $readme_file ) ); if ( false !== strpos( $contents, '===' ) ) { return true; } if ( false !== strpos( $contents, '#' ) ) { return true; } } return false; } /** * Is this plugin likely to be a WordPress.org plugin? * * @param string|null $slug of the plugin. * * @return bool Return true if likely, else false. */ public function is_likely_wporg_slug( ?string $slug ): bool { // Ensure slug is valid. if ( empty( $slug ) || ! is_string( $slug ) ) { return false; } // Check if data exists in transient. $transient = get_site_transient( self::$org_slugs ); if ( ! is_array( $transient ) ) { $transient = array(); } if ( isset( $transient[ $slug ] ) ) { return $transient[ $slug ]; } // Check by readme.txt. $readme_file = $this->get_plugin_base_dir() . $slug . '/readme.txt'; if ( $this->check_by_readme_file( $readme_file ) ) { $transient[ $slug ] = true; set_site_transient( self::$org_slugs, $transient, WEEK_IN_SECONDS ); return true; } // Check by readme.md. $readme_file = $this->get_plugin_base_dir() . $slug . '/readme.md'; if ( $this->check_by_readme_file( $readme_file ) ) { $transient[ $slug ] = true; set_site_transient( self::$org_slugs, $transient, WEEK_IN_SECONDS ); return true; } $transient[ $slug ] = false; set_site_transient( self::$org_slugs, $transient, WEEK_IN_SECONDS ); return false; } /** * Check if the plugin is active. * * @param string $file_path Absolute file path to the plugin file. * * @return bool */ public function is_active_plugin( $file_path ): bool { $path_data = explode( DIRECTORY_SEPARATOR, plugin_basename( $file_path ) ); if ( ! empty( $path_data[0] ) ) { $plugin_slug = $path_data[0]; } else { return false; } $active = false; foreach ( $this->get_plugins() as $slug => $data ) { if ( $plugin_slug === $slug || 0 === strpos( $slug, $plugin_slug ) ) { $active = is_multisite() ? is_plugin_active_for_network( $slug ) : is_plugin_active( $slug ); break; } } return $active; } /** * Get plugin header from any file of the plugin. * * @param string $file_path Absolute file path to the plugin file. * * @return array Return plugin details as array. */ public function get_plugin_headers( $file_path ): array { $plugin_directory = $this->get_plugin_directory_name( $file_path ); return get_plugins( DIRECTORY_SEPARATOR . $plugin_directory ); } /** * Get plugin directory name. * * @param string $file_path Absolute file path to the plugin file. * * @return string Return plugin directory name. */ public function get_plugin_directory_name( $file_path ): string { return (string) strtok( plugin_basename( $file_path ), '/' ); } /** * Get plugin relative path. * * @param string $file_path Absolute file path to the plugin file. * * @return string Return plugin relative path. */ public function get_plugin_relative_path( $file_path ): string { strtok( plugin_basename( $file_path ), DIRECTORY_SEPARATOR ); return (string) strtok( '' ); } /** * Check file exists at wp.org svn. * * @param string $url URL of the file. * * @return boolean Return true for file exists else false. */ private function is_origin_file_exists( $url ): bool { $result = wp_remote_head( $url ); if ( ! is_wp_error( $result ) ) { $http_status_code = wp_remote_retrieve_response_code( $result ); return 200 === $http_status_code; } return false; } /** * Generates the URL for a specific version of a plugin file. * * @param string $directory_name The name of the directory. * @param string $version The version of the file. * @param string $file_path The path of the file. * * @return string The URL of the versioned file. */ private function get_version_url( string $directory_name, string $version, string $file_path ): string { return sprintf( $this->url_plugin_vcs, $directory_name, $version, $file_path ); } /** * Generate the URL for the trunk of a plugin based on the directory name and file path. * * @param string $directory_name The name of the directory. * @param string $file_path The path of the file. * * @return string The URL of the trunk of the plugin. */ private function get_trunk_url( string $directory_name, string $file_path ): string { return sprintf( $this->url_plugin_vcs_trunk, $directory_name, $file_path ); } /** * Generate the URL for a file based on the directory name, version, and file path. * * @param string $directory_name The name of the directory. * @param string $version The version of the file. * @param string $file_path The path of the file. * * @return string The URL of the file. */ private function get_file_url( string $directory_name, string $version, string $file_path ): string { $file_url = $this->get_version_url( $directory_name, $version, $file_path ); if ( ! $this->is_origin_file_exists( $file_url ) ) { return $this->get_trunk_url( $directory_name, $file_path ); } return $file_url; } /** * Retrieves the content of a URL by downloading it and reading the contents of the downloaded file. * * @param string $url The URL to download the content from. * * @return string|WP_Error The content of the URL if successful, otherwise a WP_Error object. */ private function get_url_content( $url ) { global $wp_filesystem; // Initialize the WP filesystem, no more using 'file-put-contents' function. if ( empty( $wp_filesystem ) ) { require_once ABSPATH . '/wp-admin/includes/file.php'; WP_Filesystem(); } if ( ! function_exists( 'download_url' ) ) { $ds = DIRECTORY_SEPARATOR; require_once ABSPATH . 'wp-admin' . $ds . 'includes' . $ds . 'file.php'; } $tmp = download_url( $url ); if ( is_wp_error( $tmp ) ) { return $tmp; } $content = $wp_filesystem->get_contents( $tmp ); wp_delete_file( $tmp ); return $content; } /** * Quarantine a plugin. * * @param string $parent_action Parent action. * * @return array|WP_Error */ public function quarantine( string $parent_action ) { if ( ! class_exists( 'WP_Defender\Controller\Quarantine' ) ) { return new WP_Error( 'DEFENDER_PRO_ONLY_FEATURE', defender_quarantine_pro_only() ); } $quarantine_component = wd_di()->get( Quarantine_Component::class ); return $quarantine_component->quarantine_file( $this->owner, $parent_action ); } /** * Detect if the plugin file is quarantinable. * * @param string $file_path File path. * * @return bool Return true if file is in wp.org plugin else false. */ private function is_quarantinable( $file_path ): bool { return $this->is_likely_wporg_slug( $this->get_plugin_directory_name( $file_path ) ); } }