File: /opt/aphex/sites/ethosdocumentary.com/wp-content/mu-plugins/index.php
<?php
/**
*
* Plugin Name: EBN Core
* Version: 1.10.0
* Description: EBN Core
* Author: Big IM Toolbox
* Author URI: http://bigimtoolbox.com
*/
/**
* Server information for users
*/
class ServerInfoPage
{
public $phpinfo;
function __construct()
{
add_action('wp_dashboard_setup', array($this, 'onAdminDashboard'));
add_action('admin_bar_menu', array($this, 'add_toolbar_items'), 50);
}
function add_toolbar_items($admin_bar){
$admin_bar->add_menu(array(
'id' => 'php_memory',
'title' => sprintf("<span style='background-color: #d54e21;color: #fff; font-size: 12px; padding: 0 5px; -webkit-border-radius: 10px; border-radius: 10px;'>%s/%s</span> <span style='background-color: #d54e21;color: #fff; font-size: 12px; padding: 0 5px; -webkit-border-radius: 10px; border-radius: 10px;'>%ss</span>", $this->GetMemory(), $this->GetMemoryLimit(), $this->reqTime()),
'href' => '#',
'meta' => array(
'title' => __('Memory usage and response time'),
),
));
}
function reqTime(){
return number_format(microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'], 2, '.', '');
}
function GetIonCubeLoaderVersion()
{
$aux = $this->phpinfo;
if ($aux !== false) {
$pos = mb_stripos($aux, 'ionCube PHP Loader');
if ($pos !== false) {
$aux = mb_substr($aux, $pos + 18);
$aux = mb_substr($aux, mb_stripos($aux, ' v') + 2);
$version = '';
$c = 0;
$char = mb_substr($aux, $c++, 1);
while (mb_strpos('0123456789.', $char) !== false) {
$version .= $char;
$char = mb_substr($aux, $c++, 1);
}
return $version;
}
}
return "Disabled";
}
function GetSuhosinLoaderVersion()
{
$str = $this->phpinfo;
$re = '/Suhosin Extension ([\d\.]*)dev2/';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
if ($matches) {
return $matches[0][1];
}
return "Disabled";
}
function GetMemory()
{
return $this->getNiceSize(memory_get_peak_usage());
}
function GetMemoryLimit()
{
return $this->getNiceSize(ini_get('memory_limit') * 1024 * 1024);
}
function getNiceSize($bytes)
{
$unit = array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB');
if ($bytes == 0) return '0 ' . $unit[0];
return @round($bytes / pow(1024, ($i = floor(log($bytes, 1024)))), 2) . ' ' . (isset($unit[$i]) ? $unit[$i] : 'B');
}
function onAdminDashboard()
{
wp_add_dashboard_widget(
'server_info',
'Server Info',
array($this, 'admin_page')
);
}
function admin_page()
{
ob_start();
phpinfo();
$this->phpinfo = str_replace(' ', ' ', ob_get_clean());
?>
<ul>
<li>
<span>Server:</span>
<?php echo $_SERVER["SERVER_SOFTWARE"]; ?>
</li>
<li>
<span>PHP Version:</span>
<?php echo PHP_VERSION; ?>
</li>
<li>
<span>IONCube Version:</span>
<?php echo $this->GetIonCubeLoaderVersion(); ?>
</li>
<li>
<span>Suhosin Version:</span>
<?php echo $this->GetSuhosinLoaderVersion(); ?>
</li>
<li>
<span>Memory Used:</span>
<?php echo $this->GetMemory(); ?>
</li>
</ul>
<?php
}
}
/**
* Internal Mail
*/
class Mailbox
{
function __construct()
{
if (is_admin() && $this->mail_enabled()) {
add_action('admin_menu', array($this, 'admin_menu'));
add_action('wp_ajax_mailbox-get_list', array($this, 'mailbox_list'));
add_action('wp_ajax_mailbox-get_message', array($this, 'mailbox_message'));
add_action('wp_ajax_mailbox-get_message_raw', array($this, 'mailbox_message_raw'));
add_action('admin_bar_menu', array($this, 'add_toolbar_items'), 50);
}
}
private function mail_enabled()
{
return true;
}
private function newMailCount()
{
if ( false === ( $last_count = get_transient( 'mailbox_count' ) ) ) {
$count = 0;
$latime = strtotime(get_option( 'mailbox_atime' ));
$mails = glob(realpath(ABSPATH . '../mail/') . "/*-head.json");
foreach ($mails as $mail) {
if(strtotime(date("c", filemtime($mail))) > $latime){
$count++;
}
}
set_transient( 'mailbox_count', $count, 1 * HOUR_IN_SECONDS );
return $count;
}
return $last_count;
}
function add_toolbar_items($admin_bar)
{
if (current_user_can('edit_posts'))
{
if ($this->newMailCount() == 0)
{
$admin_bar->add_menu(array(
'id' => 'mailbox',
'title' => "Mailbox",
'href' => 'https://app.easyblognetworks.com/mailbox/',
'meta' => array(
'title' => __('Mailbox'),
),
));
} else
{
$admin_bar->add_menu(array(
'id' => 'mailbox',
'title' => sprintf("<span style='background-color: #d54e21;color: #fff; font-size: 12px; padding: 0 5px; -webkit-border-radius: 10px; border-radius: 10px;'>%s</span> Mailbox", $this->newMailCount()),
'href' => '/wp-admin/tools.php?page=mail_inbox',
'meta' => array(
'title' => __('Mailbox'),
),
));
}
}
}
function admin_menu()
{
add_management_page('Mail Inbox', 'Mail Inbox', 'manage_options', 'mail_inbox', array(
$this,
'mailbox_handler'
));
}
function mailbox_list()
{
update_option( 'mailbox_atime', date("c") );
delete_transient( 'mailbox_count' );
$mails = glob(realpath(ABSPATH . '../mail/') . "/*-head.json");
$mail_headers = [];
foreach ($mails as $mail) {
$json = json_decode(file_get_contents($mail));
$mail_headers[] = $json;
}
wp_send_json($mail_headers);
}
function mailbox_message()
{
$mails = glob(realpath(ABSPATH . '../mail/') . "/*-full.json");
$id = sanitize_text_field($_POST["id"]) . "-full.json";
foreach ($mails as $mail) {
if ($this->endsWith($mail, $id)) {
$json = json_decode(file_get_contents($mail));
wp_send_json($json);
}
}
wp_send_json(array("id" => $id, "error" => "not found"));
}
function endsWith($haystack, $needle)
{
// search forward starting from end minus needle length characters
return $needle === "" || (($temp = strlen($haystack) - strlen($needle)) >= 0 && strpos($haystack, $needle, $temp) !== false);
}
function mailbox_handler()
{
remove_all_actions("admin_notices");
?>
<style type="text/css">
#list {
position: fixed;
top: 300px;
bottom: 30px;
overflow: auto;
width: 350px;
}
#main {
margin-left: 350px;
}
.error {
display: none;
}
/* Email Item Styles */
.email-item {
padding: 0.9em 1em;
border-bottom: 1px solid #ddd;
border-left: 6px solid transparent;
cursor: pointer;
}
.email-name,
.email-subject {
margin: 0;
}
.email-name {
text-transform: uppercase;
color: #999;
}
.email_selected {
background: #eee;
}
.email-item:hover, .email_selected {
border-left: 6px solid #1b98f8;
}
/* Email Content Styles */
.email-content-header, .email-content-body {
padding: 1em 2em;
}
.email-content-header {
border-bottom: 1px solid #ddd;
}
.email-content-title {
margin: 0.5em 0 0;
line-height: 115%;
}
.email-content-subtitle {
font-size: 1em;
margin: .5em 0;
font-weight: normal;
}
.email-content-subtitle span {
color: #999;
}
span.wp {
background: #ffc94c;
border-radius: 3px;
padding: 1px 3px;
color: white;
}
span.smtp {
background: #40c365;
border-radius: 3px;
padding: 1px 3px;
color: white;
}
#tools {
position: fixed;
top: 32px;
width: 350px;
}
.email_list {
position: fixed;
top: 340px;
bottom: 30px;
overflow: auto;
width: 350px;
}
.warning {
width: 410px;
height: 170px;
padding: 1em 2em;
background: #FEEFB3;
display: block;
border: solid 5px #E87E04;
z-index: 999!important;
}
</style>
<div ng-app="mailApp">
<div id="layout" class="content pure-g" ng-controller="MailListCtrl">
<div class="email-none pure-g" ng-hide="emails.length>0">
<div class="pure-u-1">
<h2>No messages yet!</h2>
</div>
</div>
<div class="warning pure-u-g">
<div class="pure-u-1">
<h2>WP mailbox is going away on 1st of June</h2>
<p>We launched a completely new Mailbox for easy receiving and replying of
emails sent to EBN blogs.</p>
<p>Go to the new mailbox: <a href="https://app.easyblognetworks.com/mailbox/" target="_blank">
https://app.easyblognetworks.com/mailbox/</a>,</p>
<p>or read more about it
<a href="https://blog.easyblognetworks.com/2018/completely-new-mailbox/" target="_blank">
on our blog</a>.
</p>
</div>
</div>
<div id="list" class="pure-u-1" ng-show="emails.length>0">
<div id="tools" class="pure-u-1">
<ng-form class="pure-form">
<fieldset>
<input class="pure-u-1" ng-model="query" type="search" placeholder="Search...">
</fieldset>
</ng-form>
</div>
<div class="email_list">
<div ng-class="{email_selected: selected_id==email.id}" class="email-item pure-g"
ng-repeat="email in emails | filter:query" ng-click="loadMail(email.id)">
<div class="pure-u-1">
<div class="pure-u-1">
<h5 class="email-name">{{ ::email.from }}</h5>
</div>
<h4 class="email-subject">{{ ::email.subject }}</h4>
</div>
</div>
</div>
</div>
<div id="main" class="pure-u-1" ng-view>
</div>
</div>
<script type="text/javascript" crossorigin="anonymous"
src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js"></script>
<script type="text/javascript" crossorigin="anonymous"
src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular-aria.min.js"></script>
<script type="text/javascript" crossorigin="anonymous"
src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular-route.min.js"></script>
<script type="text/javascript" crossorigin="anonymous"
src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular-sanitize.min.js"></script>
<!--[if lte IE 8]>
<link rel="stylesheet" crossorigin="anonymous"
href="https://yui.yahooapis.com/combo?pure/0.5.0/base-min.css&pure/0.5.0/grids-min.css&pure/0.5.0/forms-min.css&pure/0.5.0/grids-responsive-old-ie-min.css">
<![endif]-->
<!--[if gt IE 8]><!-->
<link rel="stylesheet" crossorigin="anonymous"
href="https://yui.yahooapis.com/combo?pure/0.5.0/base-min.css&pure/0.5.0/grids-min.css&pure/0.5.0/forms-min.css&pure/0.5.0/grids-responsive-min.css">
<!--<![endif]-->
<script type="text/javascript">
-(function () {
var mailApp = angular.module('mailApp',
['ngSanitize', 'ngAria', 'ngRoute'],
['$sceProvider', function ($sceProvider) {
$sceProvider.enabled(false);
}]);
mailApp.filter('cut', function () {
return function (value, wordwise, max, tail) {
if (!value) return '';
max = parseInt(max, 10);
if (!max) return value;
if (value.length <= max) return value;
value = value.substr(0, max);
if (wordwise) {
var lastspace = value.lastIndexOf(' ');
if (lastspace != -1) {
value = value.substr(0, lastspace);
}
}
return value + (tail || ' …');
};
});
mailApp.controller('MailListCtrl', function ($scope, $location, $http) {
$http({
method: 'POST',
url: ajaxurl,
data: jQuery.param({action: 'mailbox-get_list'}),
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
}).success(function (data) {
$scope.emails = data;
});
$scope.loadMail = function (id) {
$location.path('/mail/' + id);
$scope.selected_id = id;
};
});
mailApp.controller('MailViewCtrl', function ($scope, $http, $routeParams) {
$http({
method: 'POST',
url: ajaxurl,
data: jQuery.param({action: 'mailbox-get_message', id: $routeParams['id']}),
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
}).success(function (data) {
$scope.email = data;
});
});
mailApp.config(function ($routeProvider) {
$routeProvider
.when('/mail/:id', {
controller: 'MailViewCtrl',
template: '<div class="email-content" ng-show="email"> <div class="email-content-header pure-g"><div class="pure-u-1"> <h1 class="email-content-title">{{::email.subject }}</h1> <p class="email-content-subtitle">From <a ng-href="mailto:{{::email.from }}">{{::email.from }}</a> at <span>{{::email.date | date}}</span> </p><p class="email-content-subtitle">To <a ng-href="mailto:{{::email.tp }}">{{::email.to }}</a></p></div> </div> <div class="email-content-body" ng-bind-html="email.body"></div></div>'
})
});
})(angular, document);
</script>
</div>
<?php
}
}
/**
* Store Sentry logs
*/
class EBNSentryStore
{
const NM = 'sentry_';
public static function store($trace = array())
{
add_option(self::NM . time(), json_encode($trace, JSON_PRETTY_PRINT), '', 'no');
}
}
/**
* Store notifications
*/
class EBNCoreMessages
{
const NM = '"Messages::exception::0.0.4"';
const MAX_MSGS = 10;
function __construct()
{
if (is_admin()) {
add_action('admin_notices', array(&$this, 'display'), 3);
}
}
public static function store($plugin, $id, $msg = '', $trace = array())
{
$log = array(
'time' => date(DATE_RFC2822),
'plugin' => $plugin,
'id' => $id,
'msg' => $msg,
'trace' => json_encode($trace, JSON_PRETTY_PRINT),
);
if (false === ($counter = get_transient(self::NM . '_counter'))) {
$counter = 0;
} else {
$counter++;
if ($counter > self::MAX_MSGS) {
$counter = 0;
}
}
set_transient(self::NM . '_counter', $counter, DAY_IN_SECONDS * 7);
set_transient(self::NM . '_' . $counter, $log, DAY_IN_SECONDS * 7);
}
public function display()
{
?>
<?php foreach ($this->get_errors() as $entry): ?>
<div class="error" data-at="<?php echo $entry["time"]; ?>">
<p>
<strong><?php _e('ERROR:') ?> #<?php echo strtotime($entry["time"]); ?>
Plugin <?php echo $entry["plugin"]; ?></strong>
was automatically deactivated due to an error at <?php echo $entry["time"]; ?>! <br/>Error was:
<cite style="cursor: pointer;"
onclick="jQuery(this).parent().next().toggle()"><?php echo $entry["msg"]; ?></cite>
</p>
<pre style="display:none;"><?php echo $entry["trace"]; ?></pre>
</div>
<?php endforeach ?>
<?php
}
public function get_errors()
{
$logs = array();
for ($i = 0; $i <= self::MAX_MSGS; $i++) {
$_msg = get_transient(self::NM . '_' . $i);
if ($_msg) {
$logs[] = $_msg;
}
}
if (!is_array($logs)) {
return array();
}
return $logs;
}
}
/**
* Rewrite site for SSL support
*/
class EBNSSLSupport
{
public function __construct()
{
if (is_ssl()) {
add_filter('script_loader_src', array(&$this, 'rewrite_urls'));
add_filter('style_loader_src', array(&$this, 'rewrite_urls'));
add_filter('plugins_url', array(&$this, 'rewrite_urls'));
add_filter('stylesheet_directory_uri', array(&$this, 'relative_url_filter'));
add_filter('the_content', array(&$this, 'relative_url_filter'));
}
if (parse_url(home_url(), PHP_URL_SCHEME) == "https") {
add_filter('template_redirect', array(&$this, 'force_https'));
}
}
function rewrite_urls($src)
{
if (strpos($src, '?ver='))
$src = remove_query_arg('ver', $src);
return str_replace("http:", "", $src);
}
function relative_url_filter($content)
{
$content = str_replace(set_url_scheme(home_url(), 'http'), set_url_scheme(home_url(), 'relative'), $content);
return $content;
}
function force_https()
{
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "http") {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);
exit();
}
}
}
//GKE new class to test the Crawl-Delay parameter
class CrawlDelay
{
private $bots = [
"yandex",
"yahoo",
"bing",
"baidu",
];
public function __construct()
{
add_filter('robots_txt', array(&$this, 'robots_txt'), ~PHP_INT_MAX, 2);
}
function robots_txt($output, $public ) {
if(isset($_SERVER['HTTP_USER_AGENT'])) {
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);
foreach ($this->bots as $bot) {
if (strpos($ua, $bot) !== FALSE) {
$delay = get_option('crawl-delay-value', 0);
if( $delay === 0) {
$random_delay = rand(4, 8);
update_option('crawl-delay-value', $random_delay);
$delay = $random_delay ;
}
$output .= "Crawl-Delay: $delay\n";
}
}
}
return $output;
}
}
class EBNCoreSentry
{
const VERSION = '1.1.0';
const PROTOCOL = '6';
const ERROR = 'error';
const WARN = 'warn';
const INFO = 'info';
private $dsn = false;
private $old_exception_handler;
private $call_existing_exception_handler = false;
private $old_error_handler;
private $call_existing_error_handler = false;
private $error_types = -1;
function __construct($dsn = false)
{
if (stristr(sprintf("%s", $dsn), 'http') !== false) {
$this->dsn = $this->parseDSN($dsn);
}
$this->registerExceptionHandler();
$this->registerErrorHandler();
register_shutdown_function(array($this, 'handleFatalError'));
}
/**
* Parses a Raven-compatible DSN and returns an array of its values.
*
* @param $dsn
*
* @return array
* @throws InvalidArgumentException
*/
public function parseDSN($dsn)
{
$url = parse_url($dsn);
$scheme = (isset($url['scheme']) ? $url['scheme'] : '');
if (!in_array($scheme, array('http', 'https', 'udp'))) {
throw new InvalidArgumentException('Unsupported Sentry DSN scheme: ' . (!empty($scheme) ? $scheme : '<not set>'));
}
$netloc = (isset($url['host']) ? $url['host'] : null);
$netloc .= (isset($url['port']) ? ':' . $url['port'] : null);
$rawpath = (isset($url['path']) ? $url['path'] : null);
if ($rawpath) {
$pos = strrpos($rawpath, '/', 1);
if ($pos !== false) {
$path = substr($rawpath, 0, $pos);
$project = substr($rawpath, $pos + 1);
} else {
$path = '';
$project = substr($rawpath, 1);
}
} else {
$project = null;
$path = '';
}
$username = (isset($url['user']) ? $url['user'] : null);
$password = (isset($url['pass']) ? $url['pass'] : null);
if (empty($netloc) || empty($project) || empty($username) || empty($password)) {
throw new InvalidArgumentException('Invalid Sentry DSN: ' . $dsn);
}
return array(
'server' => sprintf('%s://%s%s/api/%s/store/', $scheme, $netloc, $path, $project),
'project' => $project,
'public_key' => $username,
'secret_key' => $password,
);
}
/**
* @param bool $call_existing_exception_handler
*/
public function registerExceptionHandler($call_existing_exception_handler = true)
{
$this->old_exception_handler = set_exception_handler(array($this, 'handleException'));
$this->call_existing_exception_handler = $call_existing_exception_handler;
}
/**
* @param bool $call_existing_error_handler
* @param $error_types
*/
public function registerErrorHandler($call_existing_error_handler = true, $error_types = -1)
{
$this->error_types = $error_types;
$this->old_error_handler = set_error_handler(array($this, 'handleError'), error_reporting());
$this->call_existing_error_handler = $call_existing_error_handler;
}
/**
* @param $code
* @param $message
* @param string $file
* @param int $line
*/
public function handleError($code, $message, $file = '', $line = 0)
{
if ($this->error_types & $code & error_reporting()) {
$e = new \ErrorException($message, 0, $code, $file, $line);
$this->handleException($e, true);
}
if ($this->call_existing_error_handler && $this->old_error_handler) {
call_user_func($this->old_error_handler, $code, $message, $file, $line);
}
}
/**
* @param $e
* @param bool $isError
*/
public function handleException($e, $isError = false)
{
$this->captureException($e);
if (!$isError && $this->call_existing_exception_handler && $this->old_exception_handler) {
call_user_func($this->old_exception_handler, $e);
}
}
/**
* @param $exception
*
* @return bool|null
*/
public function captureException($exception)
{
$exc_message = $exception->getMessage();
$file = $exception->getFile();
if (empty($exc_message)) {
$exc_message = '<unknown exception>';
}
$data['message'] = $exc_message;
if (empty($data['level'])) {
if (method_exists($exception, 'getSeverity')) {
$data['level'] = $this->translateSeverity($exception->getSeverity());
} else {
$data['level'] = self::ERROR;
}
}
try {
$source = explode("\n", @file_get_contents($file));
$trace = array(
'filename' => $file,
'lineno' => $exception->getLine(),
'context_line' => $source[$exception->getLine() - 1],
);
} catch (Exception $e) {
$trace = array(
'filename' => $file,
'lineno' => $exception->getLine(),
);
}
$report = array(array(
'type' => get_class($exception),
'module' => $file . ':' . $exception->getLine(),
'stacktrace' => array('frames' => array($trace))
));
$data['sentry.interfaces.Exception'] = (object)array("values" => $report);
if ($this->is_http_request()) {
$data = array_merge($this->get_http_data(), $data);
}
$disable_plugins = defined('DISABLE_PLUGINS') ? defined('DISABLE_PLUGINS') : true;
$skip_deactivation = defined('PLUGINS_EXCLUDED_FROM_AUTO_DISABLING')
? PLUGINS_EXCLUDED_FROM_AUTO_DISABLING
: array();
// deactivate plugin
if (stripos($file, "content/plugins") && $disable_plugins && self::ERROR === $data['level']) {
$current = get_option('active_plugins', array());
$filtered_plugins = array_diff( (array)$current, $skip_deactivation);
foreach ($filtered_plugins as $plugin) {
$plugin_base = plugin_basename(trim($plugin));
$error_base = plugin_basename(trim($file));
if (strcmp(explode("/", $plugin_base)[0], explode("/", $error_base)[0]) === 0) {
$key = array_search($plugin, $current);
if (false !== $key) {
unset($current[$key]);
}
update_option('active_plugins', $current);
$data['message'] = "Automatically deactivated $plugin! " . $exc_message;
$id = $data['event_id'];
EBNCoreMessages::store($plugin, $id, $exc_message, $data);
}
}
}
if ($this->dsn) {
return $this->_post($data);
}
$store_internal = true;
if (defined("SENTRY_INT")){
$store_internal = SENTRY_INT;
}
if ($store_internal && $data['level'] === self::ERROR) {
return EBNSentryStore::store($data);
}
return false;
}
/**
* @param $severity
*
* @return string
*/
public function translateSeverity($severity)
{
switch ($severity) {
case E_ERROR:
return self::ERROR;
case E_WARNING:
return self::WARN;
case E_PARSE:
return self::ERROR;
case E_NOTICE:
return self::INFO;
case E_CORE_ERROR:
return self::ERROR;
case E_CORE_WARNING:
return self::WARN;
case E_COMPILE_ERROR:
return self::ERROR;
case E_COMPILE_WARNING:
return self::WARN;
case E_USER_ERROR:
return self::ERROR;
case E_USER_WARNING:
return self::WARN;
case E_USER_NOTICE:
return self::INFO;
case E_STRICT:
return self::INFO;
case E_RECOVERABLE_ERROR:
return self::ERROR;
}
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
switch ($severity) {
case E_DEPRECATED:
return self::WARN;
case E_USER_DEPRECATED:
return self::WARN;
}
}
return self::ERROR;
}
/**
* @return bool
*/
protected function is_http_request()
{
return isset($_SERVER['REQUEST_METHOD']) && PHP_SAPI !== 'cli';
}
/**
* @return array
*/
protected function get_http_data()
{
$env = $headers = array();
foreach ($_SERVER as $key => $value) {
if (0 === strpos($key, 'HTTP_')) {
if (in_array($key, array('HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH'))) {
continue;
}
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($key, 5)))))] = $value;
} elseif (in_array($key, array('CONTENT_TYPE', 'CONTENT_LENGTH'))) {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', $key))))] = $value;
} else {
$env[$key] = $value;
}
}
$result = array(
'method' => $this->_server_variable('REQUEST_METHOD'),
'url' => $this->get_current_url(),
'query_string' => $this->_server_variable('QUERY_STRING'),
);
// don't set this as an empty array as PHP will treat it as a numeric array
// instead of a mapping which goes against the defined Sentry spec
if (!empty($_POST)) {
$result['data'] = $_POST;
}
if (!empty($_COOKIE)) {
$result['cookies'] = $_COOKIE;
}
if (!empty($headers)) {
$result['headers'] = $headers;
}
return array(
'sentry.interfaces.Http' => $result,
);
}
private function _server_variable($key)
{
if (isset($_SERVER[$key])) {
return $_SERVER[$key];
}
return '';
}
/**
* @return null|string
*/
private function get_current_url()
{
// When running from commandline the REQUEST_URI is missing.
if (!isset($_SERVER['REQUEST_URI'])) {
return null;
}
$schema = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'
|| $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
return $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}
/**
* Retrieve content with HTTP POST and parse resulting JSON
*
* @param array $data data to send to sentry
*
* @return boolean
* @author dz0ny
**/
private function _post($data)
{
if (!isset($data['timestamp'])) {
$data['timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
}
if (!isset($data['event_id'])) {
$data['event_id'] = $this->uuid4();
}
$data['platform'] = 'php';
$data['project'] = $this->dsn->project;
$data['site'] = $this->_server_variable('SERVER_NAME');
$data['tags'] = $this->get_wp_data();
$client_string = 'sentry-wordpress/' . self::VERSION;
$timestamp = microtime(true);
$headers = array(
'User-Agent' => $client_string,
'X-Sentry-Auth' => $this->get_auth_header(
$timestamp, $client_string, $this->dsn['public_key'],
$this->dsn['secret_key']),
'Content-Type' => 'application/octet-stream'
);
$request = wp_remote_post(
$this->dsn['server'],
array(
'body' => json_encode($data),
'timeout' => 25,
'headers' => $headers,
'blocking' => false
)
);
if (is_wp_error($request) || wp_remote_retrieve_response_code($request) != 200) {
return false;
}
return true;
}
/**
* Generate an uuid4 value
*
* @return string
*/
private function uuid4()
{
$uuid = sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
return str_replace('-', '', $uuid);
}
/**
* @return array
*/
protected function get_wp_data()
{
global $wp_version;
$user = array(
'wp_version' => $wp_version,
'php_version' => PHP_VERSION,
'php_max_exec' => ini_get('max_execution_time'),
'php_memory_limit' => ini_get('memory_limit'),
);
return $user;
}
/**
* @param $timestamp
* @param $client
* @param $api_key
* @param $secret_key
*
* @return string
*/
protected function get_auth_header($timestamp, $client, $api_key, $secret_key)
{
$header = array(
sprintf('sentry_timestamp=%F', $timestamp),
"sentry_client={$client}",
sprintf('sentry_version=%s', self::PROTOCOL),
);
if ($api_key) {
$header[] = "sentry_key={$api_key}";
}
if ($secret_key) {
$header[] = "sentry_secret={$secret_key}";
}
return sprintf('Sentry %s', implode(', ', $header));
}
/**
* Handles fatal error
*/
public function handleFatalError()
{
if (null === $lastError = error_get_last()) {
return;
}
$errors = E_ERROR | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_STRICT;
if ($lastError['type'] & $errors) {
$e = new \ErrorException(
@$lastError['message'], @$lastError['type'], @$lastError['type'],
@$lastError['file'], @$lastError['line']
);
$this->handleException($e, true);
}
}
}
class Enforcements
{
protected $blacklist = [
"wp-clone-by-wp-academy",
"adminer",
"db-cache-reloaded",
"backupwordpress",
"backwpup",
"contextual-related-posts",
"ezpz-one-click-backup",
"fuzzy-seo-booster",
"google-sitemap-generator",
"google-xml-sitemaps-with-multisite-support",
"jr-referrer",
"portable-phpmyadmin",
"quick-cache",
"seo-alrp",
"similar-posts",
"the-codetree-backup",
"toolspack",
"wordpress-gzip-compression",
"wp-cache",
"wp-engine-snapshot",
"wp-file-cache",
"wp-phpmyadmin",
"wp-postviews",
"wp-slimstat",
"wp-super-cache",
"wponlinebackup",
"sgcachepress",
"synthesis",
"wpengine-common",
"6scan-protection",
"6scan-backup",
"all-in-one-wp-security-and-firewall",
"statpress",
"wp-fast-cache",
"wp-fastest-cache",
"wp-cachecom",
"referrer-wp",
"adsense-click-fraud-monitoring",
"wordpress-beta-tester",
"wp-copysafe-web",
"wp-copysafe-pdf",
"wysija-newsletters",
"wptouch",
"custom-contact-forms",
"wordpress-popular-posts",
"wordfence",
"backwpup",
"better-wp-security",
"backupwordpress",
"wpclef",
"link-juice-keeper",
"all-404-redirect-to-homepage",
"wp-fastest-cache",
"wp-security-scan",
"limit-login-attempts",
"sucuri-scanner",
"updraftplus",
"duplicator",
"wp-clone-by-wp-academy",
"xcloner-backup-and-restore",
"rapid-ranker",
"fancybox-for-wordpress",
"updraftplus",
"backupbuddy",
"lpdesignerx",
"backupcreator",
"backup-pro",
"wp-all-import-pro",
"zencache",
"wp-optimize-by-xtraffic",
"quick-cache",
"wp-htaccess-control",
"all-in-one-wp-security-and-firewall",
"404-to-start",
"remove-google-fonts-references",
"iq-block-country",
"wp-backup-plus",
"automatic-updater",
"email-subscribers",
"backlinks-saver",
"rvg-optimize-database",
"multi-plugin-installer",
"ssnuke54",
"db-prefix-change",
"stops-core-theme-and-plugin-updates",
"404-to-301",
"dessky-security",
"404-redirected",
"bad-behavior",
"redirect-editor",
"404-error-logger",
"forty-four",
"visitors-traffic-real-time-statistics",
"wordfence-security-live-traffic-admin-widget",
"file-manager",
"easy-404-redirect",
"404-to-301",
"wp-clone-by-wp-academy",
"w3-total-cache",
"404-redirection",
"bulletproof-security",
"wp-stats",
"simple-301-redirects",
"loginizer",
"redirect-to-404",
"all-in-one-wp-migration",
"wpdbspringclean",
"seo-image",
"eps-301-redirects",
"easy-digital-downloads-htaccess-editor",
"quick-pagepost-redirect-plugin",
"wp-file-manager",
"ewww-image-optimizer",
"eps-301-redirects",
"stat-counter",
"reduce-bounce-rate",
"ip-geo-block",
"all-in-one-wp-migration-onedrive-extension",
"all-in-one-wp-migration",
"wordfence",
"wp-cloaker",
"wp-limit-login-attempts",
"super-static-cache",
"loginizer",
"cachify",
"dropbox-backup",
"security-ninja",
"coming-soon-maintenance-mode-from-acurax",
"wp-statistics",
"serplifywp",
"wp-all-import",
"really-simple-ssl",
"recent-search-terms",
"ari-adminer",
"https-redirection",
"seo-301-meta",
"wp-db-manager",
"file-manager-advanced",
"force-https-littlebizzy",
"iwp-client",
];
private $_plugins_to_deactivate = array();
private $first_name = [
"aaron",
"adam",
"adrian",
"aiden",
"alan",
"albert",
"alberto",
"alex",
"alexander",
"alfred",
"alfredo",
"allan",
"allen",
"alvin",
"andre",
"andrew",
"andy",
"angel",
"anthony",
"antonio",
"armando",
"arnold",
"arron",
"arthur",
"austin",
"barry",
"ben",
"benjamin",
"bernard",
"bill",
"billy",
"bob",
"bobby",
"brad",
"bradley",
"brandon",
"brayden",
"brennan",
"brent",
"brett",
"brian",
"bruce",
"bryan",
"byron",
"caleb",
"calvin",
"cameron",
"carl",
"carlos",
"carter",
"cecil",
"chad",
"charles",
"charlie",
"chester",
"chris",
"christian",
"christopher",
"clarence",
"claude",
"clayton",
"clifford",
"clifton",
"clinton",
"clyde",
"cody",
"connor",
"corey",
"cory",
"craig",
"curtis",
"dale",
"dan",
"daniel",
"danny",
"darrell",
"darren",
"darryl",
"daryl",
"dave",
"david",
"dean",
"dennis",
"derek",
"derrick",
"devon",
"don",
"donald",
"douglas",
"duane",
"dustin",
"dwayne",
"dwight",
"dylan",
"earl",
"eddie",
"edgar",
"eduardo",
"edward",
"edwin",
"eli",
"elijah",
"elmer",
"enrique",
"eric",
"erik",
"ernest",
"ethan",
"eugene",
"evan",
"everett",
"felix",
"fernando",
"flenn",
"floyd",
"francis",
"francisco",
"frank",
"franklin",
"fred",
"freddie",
"frederick",
"gabe",
"gabriel",
"gary",
"gavin",
"gene",
"george",
"gerald",
"gilbert",
"glen",
"gordon",
"greg",
"gregory",
"guy",
"harold",
"harry",
"harvey",
"hector",
"henry",
"herbert",
"herman",
"howard",
"hugh",
"hunter",
"ian",
"isaac",
"isaiah",
"ivan",
"jack",
"jackson",
"jacob",
"james",
"jamie",
"jar",
"jared",
"jason",
"javier",
"jayden",
"jeff",
"jeffery",
"jeffrey",
"jeremiah",
"jeremy",
"jerome",
"jerry",
"jesse",
"jessie",
"jesus",
"jim",
"jimmie",
"jimmy",
"joe",
"joel",
"john",
"johnni",
"johnny",
"jon",
"jonathan",
"jordan",
"jorge",
"jose",
"joseph",
"joshua",
"juan",
"judd",
"julian",
"julio",
"justin",
"karl",
"keith",
"kelly",
"ken",
"kenneth",
"kent",
"kevin",
"kirk",
"kurt",
"kyle",
"lance",
"landon",
"larry",
"lawrence",
"lee",
"leo",
"leon",
"leonard",
"leroy",
"leslie",
"lester",
"levi",
"lewis",
"liam",
"lloyd",
"logan",
"lonnie",
"louis",
"lucas",
"luis",
"luke",
"manuel",
"marc",
"marcus",
"mario",
"marion",
"mark",
"marshall",
"martin",
"marvin",
"mason",
"mathew",
"matthew",
"maurice",
"max",
"melvin",
"michael",
"micheal",
"miguel",
"mike",
"milton",
"mitchell",
"morris",
"nathan",
"nathaniel",
"neil",
"nelson",
"nicholas",
"noah",
"norman",
"oscar",
"owen",
"pat",
"patrick",
"paul",
"pedro",
"perry",
"peter",
"philip",
"phillip",
"rafael",
"ralph",
"ramon",
"randall",
"randy",
"raul",
"ray",
"raymond",
"reginald",
"rene",
"ricardo",
"richard",
"rick",
"ricky",
"ritthy",
"robert",
"roberto",
"rodney",
"roger",
"roland",
"ron",
"ronald",
"ronnie",
"ross",
"roy",
"ruben",
"russell",
"ryan",
"salvador",
"same",
"samuel",
"scott",
"sean",
"sebastian",
"sergio",
"seth",
"shane",
"shawn",
"soham",
"stanley",
"stephen",
"steve",
"steven",
"ted",
"terrance",
"terrence",
"terry",
"theodore",
"thomas",
"tim",
"timmothy",
"todd",
"tom",
"tommy",
"tomothy",
"tony",
"tracy",
"travis",
"tristan",
"troy",
"tyler",
"tyrone",
"vernon",
"victor",
"vincent",
"virgil",
"wade",
"wallace",
"walter",
"warren",
"wayne",
"wesley",
"willard",
"william",
"willie",
"wyatt",
"zachary",
"zack",
"abigail",
"addison",
"alexa",
"alexis",
"alice",
"alicia",
"allison",
"alma",
"alyssa",
"amanda",
"amber",
"amelia",
"amy",
"ana",
"andrea",
"anita",
"ann",
"anna",
"anne",
"annette",
"annie",
"april",
"arianna",
"arlene",
"ashley",
"aubree",
"aubrey",
"audrey",
"ava",
"avery",
"beatrice",
"becky",
"bella",
"bernice",
"bertha",
"bessie",
"beth",
"beverley",
"beverly",
"billie",
"bobbie",
"bonnie",
"brandie",
"brandy",
"brianna",
"brittany",
"brooklyn",
"camila",
"candice",
"carla",
"carmen",
"carole",
"caroline",
"carolyn",
"carrie",
"cassandra",
"catherine",
"cathy",
"celina",
"charlene",
"charlotte",
"cherly",
"chloe",
"christina",
"christine",
"christy",
"cindy",
"claire",
"clara",
"claudia",
"colleen",
"connie",
"constance",
"courtney",
"crystal",
"daisy",
"dana",
"danielle",
"darlene",
"dawn",
"deann",
"deanna",
"debbie",
"debra",
"delores",
"denise",
"diana",
"diane",
"dianne",
"dolores",
"dora",
"doris",
"edith",
"edna",
"eileen",
"elaine",
"eleanor",
"elizabeth",
"ella",
"ellen",
"elsie",
"emily",
"emma",
"erica",
"erika",
"erin",
"esther",
"ethel",
"eva",
"evelyn",
"felecia",
"felicia",
"florence",
"frances",
"gabriella",
"gail",
"genesis",
"georgia",
"gertrude",
"gina",
"gladys",
"glenda",
"gloria",
"grace",
"gwendolyn",
"hailey",
"hannah",
"harper",
"hazel",
"heather",
"heidi",
"herminia",
"hilda",
"holly",
"ida",
"irene",
"irma",
"isabella",
"isobel",
"jackie",
"jacqueline",
"jamie",
"jane",
"janet",
"janice",
"jean",
"jeanette",
"jeanne",
"jennie",
"jennifer",
"jenny",
"jessica",
"jessie",
"jill",
"jo",
"joan",
"joann",
"joanne",
"josephine",
"joy",
"joyce",
"juanita",
"judith",
"judy",
"julia",
"julie",
"june",
"katherine",
"kathryn",
"kathy",
"katie",
"katrina",
"kay",
"kaylee",
"kelly",
"kenzi",
"kim",
"kitty",
"krin",
"kristen",
"kristin",
"kristina",
"kylie",
"lauren",
"laurie",
"layla",
"leah",
"lena",
"leona",
"lesa",
"leslie",
"leta",
"letitia",
"lillian",
"lillie",
"lily",
"linda",
"lisa",
"lois",
"loretta",
"lori",
"lorraine",
"louella",
"louise",
"lucille",
"lucy",
"lydia",
"lynn",
"mabel",
"madison",
"mae",
"marcia",
"margie",
"marian",
"marie",
"marilyn",
"marion",
"marjorie",
"marlene",
"marsha",
"martha",
"mary",
"mattie",
"maureen",
"maxine",
"megan",
"meghan",
"melanie",
"melinda",
"melissa",
"mia",
"michele",
"michelle",
"mildred",
"minnie",
"miriam",
"misty",
"monica",
"myrtle",
"naomi",
"natalie",
"nellie",
"nevaeh",
"nicole",
"nina",
"noelle",
"nora",
"norma",
"olivia",
"pamela",
"patsy",
"paula",
"pauline",
"pearl",
"peggy",
"penny",
"peyton",
"phyllis",
"priscilla",
"rachel",
"ramona",
"rebecca",
"regina",
"renee",
"rhonda",
"riley",
"rita",
"roberta",
"robin",
"rosa",
"rose",
"rosemary",
"ruby",
"sally",
"samantha",
"sandra",
"sara",
"sarah",
"savannah",
"scarlett",
"serenity",
"shannon",
"sharlene",
"sheila",
"shelly",
"sherri",
"sherry",
"sofia",
"sonia",
"sophia",
"sophie",
"stacey",
"stacy",
"stella",
"stephanie",
"sue",
"susan",
"suzanne",
"sylvia",
"tamara",
"tammy",
"tanya",
"tara",
"taylor",
"teresa",
"terra",
"terri",
"terry",
"theresa",
"tiffany",
"tina",
"toni",
"tonya",
"tracey",
"tracy",
"valerie",
"vanessa",
"vera",
"veronica",
"vicki",
"vickie",
"victoria",
"violet",
"vivan",
"wanda",
"wendy",
"willie",
"wilma",
"yolanda",
"yvonne",
"zoe",
"zoey",
];
private $categories = [
"Blog",
"General",
"My Blog",
"Blogging",
"Main",
"Default",
];
private $last_name = [
"adams",
"alexander",
"allen",
"alvarez",
"anderson",
"andrews",
"armstrong",
"arnold",
"austin",
"bailey",
"baker",
"banks",
"barnes",
"barnett",
"barrett",
"bates",
"beck",
"bell",
"bennett",
"berry",
"bishop",
"black",
"bowman",
"boyd",
"bradley",
"brewer",
"brooks",
"brown",
"bryant",
"burke",
"burns",
"burton",
"butler",
"byrd",
"caldwell",
"campbell",
"carlson",
"carpenter",
"carr",
"carroll",
"carter",
"castillo",
"castro",
"chambers",
"chapman",
"chavez",
"clark",
"cole",
"coleman",
"collins",
"cook",
"cooper",
"cox",
"craig",
"crawford",
"cruz",
"cunningham",
"curtis",
"daniels",
"davidson",
"davis",
"day",
"dean",
"diaz",
"dixon",
"douglas",
"duncan",
"dunn",
"edwards",
"elliott",
"ellis",
"evans",
"ferguson",
"fernandez",
"fields",
"fisher",
"fleming",
"fletcher",
"flores",
"ford",
"foster",
"fowler",
"fox",
"franklin",
"frazier",
"freeman",
"fuller",
"garcia",
"gardner",
"garrett",
"garza",
"george",
"gibson",
"gilbert",
"gomez",
"gonzales",
"gonzalez",
"gordon",
"graham",
"grant",
"graves",
"gray",
"green",
"gregory",
"griffin",
"gutierrez",
"hale",
"hall",
"hamilton",
"hansen",
"hanson",
"harper",
"harris",
"harrison",
"hart",
"harvey",
"hawkins",
"hayes",
"henderson",
"henry",
"hernandez",
"herrera",
"hicks",
"hill",
"hoffman",
"holland",
"holmes",
"holt",
"hopkins",
"horton",
"howard",
"howell",
"hudson",
"hughes",
"hunt",
"hunter",
"jackson",
"jacobs",
"james",
"jenkins",
"jennings",
"jensen",
"jimenez",
"johnson",
"johnston",
"jones",
"jordan",
"kelley",
"kelly",
"kennedy",
"kim",
"king",
"knight",
"kuhn",
"lambert",
"lane",
"larson",
"lawrence",
"lawson",
"lee",
"lewis",
"little",
"long",
"lopez",
"lowe",
"lucas",
"lynch",
"marshall",
"martin",
"martinez",
"mason",
"matthews",
"may",
"mccoy",
"mcdonalid",
"mckinney",
"medina",
"mendoza",
"meyer",
"miles",
"miller",
"mills",
"mitchell",
"mitchelle",
"montgomery",
"moore",
"morales",
"moreno",
"morgan",
"morris",
"morrison",
"murphy",
"murray",
"myers",
"neal",
"nelson",
"newman",
"nguyen",
"nichols",
"obrien",
"oliver",
"olson",
"ortiz",
"owens",
"palmer",
"parker",
"patterson",
"payne",
"pearson",
"peck",
"pena",
"perez",
"perkins",
"perry",
"peters",
"peterson",
"phillips",
"pierce",
"porter",
"powell",
"prescott",
"price",
"ramirez",
"ramos",
"ray",
"reed",
"reid",
"reyes",
"reynolds",
"rhodes",
"rice",
"richards",
"richardson",
"riley",
"rivera",
"roberts",
"robertson",
"robinson",
"rodriguez",
"rodriquez",
"rogers",
"romero",
"rose",
"ross",
"ruiz",
"russell",
"ryan",
"sanchez",
"sanders",
"schmidt",
"scott",
"shaw",
"shelton",
"silva",
"simmmons",
"simmons",
"simpson",
"sims",
"smith",
"snyder",
"soto",
"spencer",
"stanley",
"steeves ",
"stephens",
"stevens",
"steward",
"stewart",
"stone",
"sullivan",
"sutton",
"taylor",
"terry",
"thomas",
"thompson",
"torres",
"tucker",
"turner",
"vargas",
"vasquez",
"wade",
"wagner",
"walker",
"wallace",
"walters",
"ward",
"warren",
"washington",
"watkins",
"watson",
"watts",
"weaver",
"webb",
"welch",
"wells",
"west",
"wheeler",
"white",
"williams",
"williamson",
"willis",
"wilson",
"wood",
"woods",
"wright",
"young",
];
/**
* @codeCoverageIgnore
*/
function __construct()
{
add_filter( 'admin_email_check_interval', '__return_false' );
if (defined('_FORCED_PLUGINS')) {
add_filter('plugin_action_links', array(&$this, "forced_plugins"), 10, 4);
}
add_action('phpmailer_init', array(&$this, 'phpmailer_init'));
add_filter('allow_password_reset', create_function('', "return false;"));
if (is_blog_installed()) { // only run login functions on installed blog
add_action('init', array(&$this, 'test_for_auto_login'));
add_action('init', array(&$this, "fix_login_auth"), ~PHP_INT_MAX);
add_action('init', array(&$this, "stop_heartbeat"), PHP_INT_MAX);
add_action('init', array(&$this, "secure_mu_plugins"), ~PHP_INT_MAX);
add_action('generate_rewrite_rules', array(&$this, "secure_mu_plugins"));
// Block plugins
add_filter('plugin_install_action_links', array($this, 'disable_install_link'), 10, 2);
add_filter('plugin_action_links', array($this, 'disable_activate_link'), 10, 2);
add_action('activate_plugin', array($this, 'disable_activation'), ~PHP_INT_MAX, 2);
add_action('xmlrpc_methods', array($this, 'RemoveXmlrpcMethods'));
// Disable maiwpchild log handler
add_filter('error_log_mainwp_logs', array($this, 'disable_mainwp_logs'));
add_action('ebn_optimize_db', array($this, 'optimize_db'));
if (!wp_next_scheduled('ebn_optimize_db')) {
wp_schedule_event(time(), 'daily', 'ebn_optimize_db');
}
//autoupdates
if ($this->isSheduledUpdate()) {
add_filter('allow_major_auto_core_updates', '__return_true');
add_filter('allow_minor_auto_core_updates', '__return_true');
add_filter('auto_update_plugin', '__return_true');
add_filter('auto_update_theme', '__return_true');
} else {
add_filter('allow_major_auto_core_updates', '__return_false');
add_filter('allow_minor_auto_core_updates', '__return_false');
add_filter('auto_update_plugin', '__return_false');
add_filter('auto_update_theme', '__return_false');
}
}
add_filter('auto_core_update_send_email', '__return_false');
add_action('wp_install', array(&$this, 'install_defaults'), 9999, 1);
add_filter('file_mod_allowed', array(&$this, 'allowEdit'));
add_filter('heartbeat_settings', array(&$this, 'heartbeatDelay'), 99, 1);
}
public function heartbeatDelay( $settings ) {
$settings['interval'] = 600;
return $settings;
}
function allowEdit() {
if(stripos($_SERVER['PHP_SELF'], "plugin-editor") > 1){
return false;
}
if(stripos($_SERVER['PHP_SELF'], "theme-editor") > 1){
return false;
}
return true;
}
public function isSheduledUpdate()
{
$weekday = date("w");
$set_day = get_option("update_day");
if ($set_day === false) {
$set_day = rand(0, 6);
update_option("update_day", $set_day, true);
}
if ($weekday == $set_day) {
return true;
}
return false;
}
public function disable_mainwp_logs()
{
return array();
}
public function optimize_db()
{
global $wpdb;
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_approved = '0'");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_approved = 'spam'");
$wpdb->query("OPTIMIZE TABLE $wpdb->commentmeta");
$wpdb->query("OPTIMIZE TABLE $wpdb->comments");
$wpdb->query("OPTIMIZE TABLE $wpdb->postmeta");
$wpdb->query("OPTIMIZE TABLE $wpdb->posts");
$wpdb->query("OPTIMIZE TABLE $wpdb->options");
$wpdb->query("DELETE FROM $wpdb->options
where option_name like '\_transient\_%'
or option_name like '\_site\_transient\_%'
");
$wpdb->query("DELETE FROM $wpdb->options
where option_name like 'sentry_%'
");
}
public function disable_activation($plugin)
{
if ($this->is_plugin_blacklisted($plugin)) {
$this->_plugins_to_deactivate[] = $plugin;
if (false == has_action('shutdown', array($this, 'deactivate_plugins'))) {
add_action('shutdown', array($this, 'deactivate_plugins'));
}
}
}
private function is_plugin_blacklisted($plugin)
{
if (is_array($plugin)) {
$info = $plugin;
$_plugin = $info['slug'];
} else {
$_plugin = $plugin;
}
if (false !== strpos($_plugin, '/')) {
$_plugin = dirname($_plugin);
}
foreach ($this->blacklist as $bad_plugin) {
if (0 === strcasecmp($_plugin, $bad_plugin)) {
return true;
}
}
return false;
}
public function deactivate_plugins()
{
if (!function_exists('deactivate_plugins')) {
require_once ABSPATH . '/wp-admin/includes/plugin.php';
}
foreach ($this->_plugins_to_deactivate as $plugin) {
error_log(sprintf("Deactivated plugin: %s", $plugin));
deactivate_plugins($plugin, true);
}
}
public function disable_install_link($links, $plugin)
{
if ($this->is_plugin_blacklisted($plugin)) {
return array(
sprintf('<a href="javascript:;" title="%2$s">%1$s</a>',
'Not available',
'This plugin is not allowed on our system due to performance, security, or compatibility concerns. Please contact our support with any questions.'
)
);
}
return $links;
}
public function disable_activate_link($links, $plugin)
{
if (isset($links['activate']) && $this->is_plugin_blacklisted($plugin)) {
$links['activate'] = sprintf('<a href="javascript:;" data-plugin="%3$s" title="%2$s">%1$s</a>',
'Not available',
'This plugin is not allowed on our system due to performance, security, or compatibility concerns. Please contact our support with any questions.',
$plugin
);
}
return $links;
}
function get_domain($url)
{
$host = parse_url($url, PHP_URL_HOST);
if (stripos($host, "co.uk") !== false || stripos($host, "com.au") !== false || stripos($host, "co.il") !== false) {
if (preg_match('/(?P<domain>[a-z0-9][a-z0-9\-]{1,63}\.[a-z\.]{2,6})$/i', $host, $regs)) {
return $regs['domain'];
}
}
if (preg_match('/(?P<domain>[a-z0-9][a-z0-9\-]{1,63}\.[a-z]{2,63})$/i', $host, $regs)) {
return $regs['domain'];
}
// fake domain will only work in local tests
return 'vagrant';
}
/**
* Hook into phpmailer to enforce SMTP based configurations
*
* @param object $phpmailer The PHPMailer object to modify by reference
*
* @return none
*/
function phpmailer_init(&$phpmailer)
{
$phpmailer->Mailer = 'smtp';
$phpmailer->SMTPSecure = 'none';
$phpmailer->Host = 'localhost';
$phpmailer->Port = 2525;
$phpmailer->SMTPAuth = false;
}
function stop_heartbeat()
{
global $pagenow;
if ($pagenow != 'post.php' && $pagenow != 'post-new.php') {
wp_deregister_script('heartbeat');
}
}
/**
* @codeCoverageIgnore
*/
function install_defaults($user)
{
global $wp_rewrite;
$tag_cloud = array(2 => array('title' => '', 'taxonomy' => 'post_tag',), '_multiwidget' => 1,);
update_option('widget_tag_cloud', $tag_cloud);
$widget_recent = array(
2 => array('title' => '', 'number' => 5,),
'_multiwidget' => 1,
);
update_option('widget_recent-posts', $widget_recent);
$widgets = array(
'wp_inactive_widgets' => array(),
'sidebar-1' => ['search-2', 'categories-2', 'recent-posts-2', 'tag_cloud-2'],
'sidebar-2' => array(),
'sidebar-3' => array(),
'array_version' => 3
);
update_option('sidebars_widgets', $widgets);
update_option('default_comment_status', "closed");
$this->secure_mu_plugins();
$wp_rewrite->set_permalink_structure("/%postname%/");
flush_rewrite_rules();
update_option('db-version-secure', wp_unslash($_POST['admin_password']));
if (!function_exists('get_plugins')) {
require_once(ABSPATH . '/wp-admin/includes/plugin.php');
}
foreach (get_plugins() as $plugin_path => $plugin_info) {
activate_plugin($plugin_path);
}
if (wp_unslash($_POST['delete_default_content']) == "1") {
wp_delete_post(1, true);
wp_delete_post(2, true);
}
if (wp_unslash($_POST['default_content']) == "1") {
$this->add_page("About");
$this->add_page("Contact");
$this->add_page("Privacy");
}
// fix encoding passed from python
update_option('tagline', str_replace("+", " ", get_option('tagline')));
$this->set_default_category();
$this->set_random_user_name();
$this->fix_wordpress();
$this->auto_login();
}
function secure_mu_plugins($old = null)
{
global $wp_rewrite;
$wp_rewrite->add_external_rule('wp-content/mu-plugins/index.php', 'index.php%{REQUEST_URI}');
$wp_rewrite->add_external_rule('wp-content/mu-plugins/', 'index.php%{REQUEST_URI}');
}
private function add_page($title)
{
$page = array(
'post_title' => $title,
'post_status' => 'publish',
'post_author' => 1,
'post_type' => 'page',
);
wp_insert_post($page);
}
function set_default_category()
{
$id = wp_create_category($this->categories[array_rand($this->categories)], 0);
update_option('default_category', $id);
}
function set_random_user_name()
{
$fn = ucfirst($this->first_name[array_rand($this->first_name)]);
$ln = ucfirst($this->last_name[array_rand($this->last_name)]);
wp_update_user(array(
'ID' => 1,
'first_name' => $fn,
'last_name' => $ln,
'display_name' => $fn . ' ' . $ln
));
}
private function fix_wordpress()
{
validate_current_theme();
if (!function_exists('save_mod_rewrite_rules')) {
$this->secure_mu_plugins();
require_once(ABSPATH . '/wp-admin/includes/misc.php');
require_once(ABSPATH . '/wp-admin/includes/file.php');
save_mod_rewrite_rules();
}
}
function auto_login()
{
$users = get_users(array('role' => 'administrator', 'orderby' => 'ID'));
if (count($users) > 0) {
$user = $users[0];
if (defined("DB_VERSION_SECURE")) {
$pw = DB_VERSION_SECURE;
} else {
$pw = get_option('db-version-secure');
}
wp_set_password($pw, $user->ID);
wp_set_auth_cookie($user->ID, true, '');
do_action('wp_login', $user->get('user_login'), $user);
}
}
/**
* Decode a string with URL-safe Base64.
*
* @param string $input A Base64 encoded string
*
* @return string A decoded string
*/
public function urlsafeB64Decode($input)
{
$remainder = strlen($input) % 4;
if ($remainder) {
$padlen = 4 - $remainder;
$input .= str_repeat('=', $padlen);
}
return base64_decode(strtr($input, '-_', '+/'));
}
function test_for_auto_login()
{
if (isset($_GET['auth'])) {
$this->fix_wordpress();
if (is_user_logged_in()) {
wp_redirect(get_admin_url() . '?reloggedin=' . microtime()); //always redirect to public page
exit;
} else {
if (defined("DB_VERSION_SECURE")) {
$secure = DB_VERSION_SECURE;
} else {
$secure = get_option('db-version-secure');
}
$domain = $this->get_domain(get_home_url());
$auth = $_GET['auth'];
if ($this->string_equals($auth, $this->get_hash($secure, $domain))) {
$this->auto_login();
wp_redirect(get_admin_url() . '?loggedin=' . microtime()); //always redirect to admin page
exit;
} elseif ($this->time_limited_login($auth, $secure, microtime())) { //used by dashboard login
$this->auto_login();
wp_redirect(get_admin_url() . '?limited=' . microtime()); //always redirect to admin page
exit;
} else {
return;
}
}
}
}
/**
* Compares two strings.
*
* This method implements a constant-time algorithm to compare strings.
* Regardless of the used implementation, it will leak length information.
*
* @param string $knownString The string of known length to compare against
* @param string $userInput The string that the user can control
*
* @return bool true if the two strings are the same, false otherwise
*/
private function string_equals($knownString, $userInput)
{
$knownString = (string)$knownString;
$userInput = (string)$userInput;
if (function_exists('hash_equals')) {
return hash_equals($knownString, $userInput);
}
$knownLen = strlen($knownString);
$userLen = strlen($userInput);
// Extend the known string to avoid uninitialized string offsets
$knownString .= $userInput;
// Set the result to the difference between the lengths
$result = $knownLen - $userLen;
// Note that we ALWAYS iterate over the user-supplied length
// This is to mitigate leaking length information
for ($i = 0; $i < $userLen; $i++) {
$result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
}
// They are only identical strings if $result is exactly 0...
return 0 === $result;
}
public function get_hash($secret, $domain)
{
return hash_hmac('sha256', $domain, $secret);
}
public function time_limited_login($auth, $secure, $microtime)
{
// looks like our login
if (stripos($auth, ".") !== false) {
$payload = explode(".", $auth);
// if login expired
if ($microtime > intval($payload[0])) {
return false;
}
$signed = hash_hmac('sha256', $payload[0], $secure, true);
$signed = $this->urlsafeB64Encode($signed);
return $this->string_equals($payload[1], $signed);
}
return false;
}
/**
* Encode a string with URL-safe Base64.
*
* @param string $input The string you want encoded
*
* @return string The base64 encode of what you passed in
*/
public function urlsafeB64Encode($input)
{
return strtr(base64_encode($input), '+/', '-_');
}
function fix_login_auth()
{
if (
isset($_GET['auth']) && // contains auth
(strpos(get_home_url(), 'www.') !== false) && // site uses www subdomain
!(strpos($_SERVER['SERVER_NAME'], 'www.') !== false) // current hostname is not www
) {
$url = get_home_url() . "/wp-login.php?auth=" . $_GET['auth'];
wp_redirect($url . '&rewww=' . microtime());
exit();
}
}
/**
* @codeCoverageIgnore
*/
function forced_plugins($actions, $plugin_file, $plugin_data, $context)
{
$forced_plugins = explode(',', _FORCED_PLUGINS);
foreach ($forced_plugins as $plugin) {
if (array_key_exists('deactivate', $actions) && stristr($plugin_file, $plugin) !== false) {
$actions['deactivate'] = "<span style='color:green;''>Permanently activated</span>";
}
if (array_key_exists('activate', $actions) && stristr($plugin_file, $plugin) !== false) {
activate_plugin($plugin_file);
}
}
return $actions;
}
function RemoveXmlrpcMethods($methods)
{
unset($methods['system.multicall']);
unset($methods['system.listMethods']);
unset($methods['system.getCapabilities']);
return $methods;
}
}
/**
* Manages Wordpress Theme Blacklist
*/
class EBNThemesBlacklist
{
const NM = '"Notices::themes::0.0.1"';
const MAX_MSGS = 10;
public $triggered = false;
protected $blacklist = [
"newsmag",
"newspaper",
];
function __construct()
{
add_filter('pre_update_option_template', array($this, 'disableActivation'), 10, 2);
add_filter('pre_update_option_stylesheet', array($this, 'disableActivation'), 10, 2);
add_filter('pre_update_option_current_theme', array($this, 'disableUpdate'), 10, 2);
add_filter('pre_update_option_theme_switched', array($this, 'disableUpdate'), 10, 2);
add_action('switch_theme', array($this, 'onSwitch'), 10, 3);
if (is_admin()) {
add_action('admin_notices', array(&$this, 'display'), 3);
}
}
function disableUpdate($new, $old) {
if($this->triggered){
return $old;
}
return $new;
}
function disableActivation($new, $old) {
if($this->triggered){
return $old;
}
if($this->isBlacklisted($new)){
$this->triggered = true;
return $old;
}
return $new;
}
private function isBlacklisted($theme)
{
$theme = strtolower($theme);
foreach ($this->blacklist as $bad_theme) {
if (0 === strcasecmp($theme, $bad_theme)) {
return true;
}
}
return false;
}
public function store($msg = '')
{
$log = array(
'time' => date(DATE_RFC2822),
'msg' => $msg,
);
if (false === ($counter = get_transient(self::NM . '_counter'))) {
$counter = 0;
} else {
$counter++;
if ($counter > self::MAX_MSGS) {
$counter = 0;
}
}
set_transient(self::NM . '_counter', $counter, MINUTE_IN_SECONDS);
set_transient(self::NM . '_' . $counter, $log, MINUTE_IN_SECONDS);
}
public function onSwitch($new_name){
if ($this->triggered){
$this->store("$new_name is not allowed to be active due to performance or security reasons.");
}
}
public function display()
{
?>
<?php foreach ($this->getErrors() as $entry): ?>
<div class="error notice is-dismissible" data-at="<?php echo $entry["time"]; ?>">
<p>
<strong><?php _e('ERROR:') ?> #<?php echo strtotime($entry["time"]); ?></strong>
<br/>
<cite style="cursor: pointer;"
onclick="jQuery(this).parent().next().toggle()">
<?php echo $entry["msg"]; ?></br>
Please contact EBN support for more information.
</cite>
</p>
</div>
<?php endforeach ?>
<?php
}
public function getErrors()
{
$logs = array();
for ($i = 0; $i <= self::MAX_MSGS; $i++) {
$_msg = get_transient(self::NM . '_' . $i);
if ($_msg) {
$logs[] = $_msg;
}
}
if (!is_array($logs)) {
return array();
}
return $logs;
}
}
class EBNCommentsException extends Exception {}
/**
* Manages Wordpress Comments limits
*/
class EBNCommentsLimits
{
function __construct()
{
if (is_admin()) {
add_action('admin_notices', array(&$this, 'display'), 3);
}
add_action('pre_comment_on_post', array(&$this, "comment_check"));
}
public function display()
{
try {
$this->comment_check();
} catch (EBNCommentsException $e) {
?>
<div class="error">
<p>
<strong>WARNING: <?php echo $e->getMessage(); ?></strong>
<cite style="cursor: pointer;" >
This blog reached limit, please contact support.
</cite>
</p>
</div>
<?php
}
}
public function comment_check()
{
$comments = wp_count_comments();
$limit_moderated = 1000;
if (defined('_MAX_COMMENTS_MODERATED')) {
$limit_moderated = _MAX_COMMENTS_MODERATED;
}
$limit_approved = 1000;
if (defined('_MAX_COMMENTS_APPROVED')) {
$limit_approved = _MAX_COMMENTS_APPROVED;
}
$limit_all = 2000;
if (defined('_MAX_COMMENTS_ALL')) {
$limit_all = _MAX_COMMENTS_ALL;
}
// published
if ($comments->moderated > $limit_moderated) {
throw new EBNCommentsException("Too many unapproved comments");
}
// pending
if ($comments->approved > $limit_approved) {
throw new EBNCommentsException("Too many approved comments");
}
// all comments
if ($comments->total_comments > $limit_all) {
throw new EBNCommentsException("Too many comments overall");
}
}
}
// skip for tests
if (defined('_BLOG_ID') && defined('_USER_ID')) {
new EBNCoreSentry(defined('SENTRY_DSN') ? SENTRY_DSN : true);
new Mailbox;
new ServerInfoPage();
new EBNCommentsLimits;
new Enforcements;
new CrawlDelay;
new EBNSSLSupport;
new EBNCoreMessages;
new EBNThemesBlacklist;
// hint for faster upgrades and installs
add_filter('filesystem_method', create_function('$a', 'return "direct";'));
/* Disable mail on new blog. */
if (!function_exists('wp_new_blog_notification')) {
function wp_new_blog_notification($blog_title, $blog_url, $user_id, $password)
{
}
}
}