Hanson.xyz Dev
363 lines
16 KiB
PHP
Executable File
363 lines
16 KiB
PHP
Executable File
<?php
|
|
|
|
if (!defined('ABSPATH')) {
|
|
exit; // Exit if accessed directly
|
|
}
|
|
|
|
class AIOWPSecurity_List_404 extends AIOWPSecurity_List_Table {
|
|
|
|
public function __construct() {
|
|
|
|
//Set parent defaults
|
|
parent::__construct(array(
|
|
'singular' => 'item', //singular name of the listed records
|
|
'plural' => 'items', //plural name of the listed records
|
|
'ajax' => false //does this table support ajax?
|
|
));
|
|
}
|
|
|
|
/**
|
|
* Returns created column in datetime format as per user setting time zone.
|
|
*
|
|
* @param array $item - data for the columns on the current row
|
|
*
|
|
* @return string - the datetime
|
|
*/
|
|
public function column_created($item) {
|
|
return AIOWPSecurity_Utility::convert_timestamp($item['created']);
|
|
}
|
|
|
|
public function column_default($item, $column_name) {
|
|
return $item[$column_name];
|
|
}
|
|
|
|
/**
|
|
* Returns id column html to be rendered.
|
|
*
|
|
* @param array $item - data for the columns on the current row
|
|
*
|
|
* @return string - html string for column rendered
|
|
*/
|
|
public function column_id($item) {
|
|
$ip = $item['ip_or_host'];
|
|
|
|
$is_locked = AIOWPSecurity_Utility::check_locked_ip($ip, '404');
|
|
$blacklist_tab = 'blacklist';
|
|
$is_blacklist = AIOWPSecurity_Utility::check_blacklist_ip($ip);
|
|
$actions = array();
|
|
$actions['delete'] = '<a class="aios-delete-404" data-id="' . esc_attr($item['id']) . '" data-message="' . esc_js(__('Are you sure you want to delete this item?', 'all-in-one-wp-security-and-firewall')) . '" href="#">' . __('Delete', 'all-in-one-wp-security-and-firewall') . '</a>';
|
|
|
|
if ($is_locked) {
|
|
// Build row actions for locked items
|
|
$actions['unblock'] = '<a class="aios-unblock-404" data-ip="' . esc_attr($ip) . '" data-message="' . esc_js(__('Are you sure you want to unblock this item?', 'all-in-one-wp-security-and-firewall')) . '" href="#">' . __('Unblock', 'all-in-one-wp-security-and-firewall') . '</a>';
|
|
} elseif ($is_blacklist) {
|
|
$unblock_url_nonce = wp_nonce_url(sprintf('admin.php?page=%s&tab=%s', AIOWPSEC_FIREWALL_MENU_SLUG, $blacklist_tab), "404_log_item_action", "aiowps_nonce");
|
|
$actions = array(
|
|
'unblock' => '<a href="'.$unblock_url_nonce.'" onclick="return confirm(\'' . esc_js(__('Are you sure you want to unblock this item?', 'all-in-one-wp-security-and-firewall')) . '\')">'.__('Unblock', 'all-in-one-wp-security-and-firewall').'</a>',
|
|
);
|
|
} else {
|
|
// Build row actions for other items
|
|
$actions['temp_block'] = '<a class="aios-temp-block-404" data-ip="' . esc_attr($ip) . '" data-message="' . esc_js(__('Are you sure you want to block this IP address?', 'all-in-one-wp-security-and-firewall')) . '" data-username="' . esc_attr($item['username']) . '" href="#">' . __('Temporarily block', 'all-in-one-wp-security-and-firewall') . '</a>';
|
|
$actions['blacklist_ip'] = '<a class="aios-blacklist-404" data-ip="' . esc_attr($ip) . '" data-message="' . esc_js(__('Are you sure you want to permanently block this IP address?', 'all-in-one-wp-security-and-firewall')) . '" href="#">' . __('Blacklist IP', 'all-in-one-wp-security-and-firewall') . '</a>';
|
|
}
|
|
|
|
//Return the user_login contents
|
|
return sprintf('%1$s <span style="color:silver"></span>%2$s',
|
|
/* $1%s */ $item['id'],
|
|
/* $2%s */ $this->row_actions($actions)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Returns status column html to be rendered.
|
|
*
|
|
* @param array $item - data for the columns on the current row
|
|
*
|
|
* @return string - html string for column rendered
|
|
*/
|
|
public function column_status($item) {
|
|
global $aio_wp_security;
|
|
$ip = $item['ip_or_host'];
|
|
//Check if this IP address is locked
|
|
$is_locked = AIOWPSecurity_Utility::check_locked_ip($ip, '404');
|
|
$blacklisted_string = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses');
|
|
$banned = strpos($blacklisted_string, $ip);
|
|
|
|
if (false !== $banned) {
|
|
return 'blacklisted';
|
|
} elseif ($is_locked) {
|
|
return 'temporarily blocked';
|
|
} else {
|
|
return '';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns checkbox column html to be rendered.
|
|
*
|
|
* @param array $item - data for the columns on the current row
|
|
*
|
|
* @return string - html string for column rendered
|
|
*/
|
|
public function column_cb($item) {
|
|
return sprintf('<input type="checkbox" name="%1$s[]" value="%2$s" />',
|
|
/* $1%s */ $this->_args['singular'], //Let's simply repurpose the table's singular label
|
|
/* $2%s */ $item['id'] //The value of the checkbox should be the record's id
|
|
);
|
|
}
|
|
|
|
public function get_columns() {
|
|
$columns = array(
|
|
'cb' => '<input type="checkbox" />', //Render a checkbox
|
|
'id' => 'ID',
|
|
'event_type' => __('Event type', 'all-in-one-wp-security-and-firewall'),
|
|
'ip_or_host' => __('IP address', 'all-in-one-wp-security-and-firewall'),
|
|
'url' => __('Attempted URL', 'all-in-one-wp-security-and-firewall'),
|
|
'referer_info' => __('Referer', 'all-in-one-wp-security-and-firewall'),
|
|
'created' => __('Date and time', 'all-in-one-wp-security-and-firewall'),
|
|
'status' => __('Lock status', 'all-in-one-wp-security-and-firewall'),
|
|
);
|
|
$columns = apply_filters('list_404_get_columns', $columns);
|
|
return $columns;
|
|
}
|
|
|
|
public function get_sortable_columns() {
|
|
$sortable_columns = array(
|
|
'id' => array('id', false),
|
|
'event_type' => array('event_type', false),
|
|
'ip_or_host' => array('ip_or_host', false),
|
|
'url' => array('url', false),
|
|
'referer_info' => array('referer_info', false),
|
|
'created' => array('created', false),
|
|
);
|
|
$sortable_columns = apply_filters('list_404_get_sortable_columns', $sortable_columns);
|
|
return $sortable_columns;
|
|
}
|
|
|
|
/**
|
|
* Get bulk actions for the current WordPress screen.
|
|
*
|
|
* @return array An associative array of bulk actions where the keys are action names
|
|
* and the values are the corresponding action labels.
|
|
*/
|
|
public function get_bulk_actions() {
|
|
return array(
|
|
//'unlock' => 'Unlock',
|
|
'bulk_block_ip' => __('Temporarily block IP', 'all-in-one-wp-security-and-firewall'),
|
|
'bulk_blacklist_ip' => __('Blacklist IP', 'all-in-one-wp-security-and-firewall'),
|
|
'delete' => __('Delete', 'all-in-one-wp-security-and-firewall')
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Process bulk actions for the current WordPress screen.
|
|
*
|
|
* This method checks for the presence of a valid nonce and user capabilities,
|
|
* then performs the appropriate action based on the selected bulk action.
|
|
*
|
|
* @return void
|
|
*/
|
|
private function process_bulk_action() {
|
|
// phpcs:disable WordPress.Security.NonceVerification.Recommended -- PCP warning. This is the nonce.
|
|
if (empty($_REQUEST['_wpnonce']) || !isset($_REQUEST['_wp_http_referer'])) return;
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- PCP warning. Ignore.
|
|
$result = AIOWPSecurity_Utility_Permissions::check_nonce_and_user_cap($_REQUEST['_wpnonce'], 'bulk-items');
|
|
if (is_wp_error($result)) return;
|
|
|
|
if ('bulk_block_ip' === $this->current_action()) {//Process delete bulk actions
|
|
if (!isset($_REQUEST['item'])) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
|
|
} else {
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- PCP warning, ignore. Sanitized later.
|
|
$this->block_ip(wp_unslash($_REQUEST['item']));
|
|
}
|
|
}
|
|
|
|
if ('bulk_blacklist_ip' === $this->current_action()) {//Process delete bulk actions
|
|
if (!isset($_REQUEST['item'])) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
|
|
} else {
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- PCP warning, ignore. Sanitized later.
|
|
$this->blacklist_ip_address(wp_unslash($_REQUEST['item']));
|
|
}
|
|
}
|
|
if ('delete' === $this->current_action()) {//Process delete bulk actions
|
|
if (!isset($_REQUEST['item'])) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Please select some records using the checkboxes', 'all-in-one-wp-security-and-firewall'));
|
|
} else {
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- PCP warning, ignore. Sanitized later.
|
|
$this->delete_404_event_records(wp_unslash($_REQUEST['item']));
|
|
}
|
|
}
|
|
// phpcs:enable WordPress.Security.NonceVerification.Recommended -- PCP warning. This is the nonce.
|
|
}
|
|
|
|
/**
|
|
* Locks an IP address by adding it to the AIOWPSEC_TBL_LOGIN_LOCKOUT table.
|
|
*
|
|
* @param array|string $entries - ids that correspond to ip addresses in the AIOWPSEC_TBL_EVENTS table or a single ip address
|
|
* @param string $username - (optional)username of user being locked
|
|
*
|
|
* @return boolean|void
|
|
*/
|
|
public function block_ip($entries, $username = '') {
|
|
global $wpdb;
|
|
if (is_array($entries)) {
|
|
//lock multiple records
|
|
$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
|
|
$id_list = "(" .implode(",", $entries) .")"; //Create comma separate list for DB operation
|
|
$events_table = AIOWPSEC_TBL_EVENTS;
|
|
// phpcs:ignore WordPress.DB.PreparedSQL, WordPress.DB.DirectDatabaseQuery -- PCP error. Ignore.
|
|
$results = $wpdb->get_col("SELECT ip_or_host FROM $events_table WHERE ID IN " . $id_list);
|
|
if (empty($results)) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found.', 'all-in-one-wp-security-and-firewall'));
|
|
return false;
|
|
} else {
|
|
foreach ($results as $entry) {
|
|
if (filter_var($entry, FILTER_VALIDATE_IP)) {
|
|
AIOWPSecurity_Utility::lock_IP($entry, '404', $username);
|
|
}
|
|
}
|
|
}
|
|
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses are now temporarily blocked.', 'all-in-one-wp-security-and-firewall'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Permanently blocks an IP address by adding it to the blacklist and writing rules to the htaccess file.
|
|
*
|
|
* @param array|string $entries - ids that correspond to ip addresses in the AIOWPSEC_TBL_EVENTS table or a single ip address
|
|
*
|
|
* @return boolean|void
|
|
*/
|
|
public function blacklist_ip_address($entries) {
|
|
global $wpdb, $aio_wp_security;
|
|
$aiowps_firewall_config = AIOS_Firewall_Resource::request(AIOS_Firewall_Resource::CONFIG);
|
|
$bl_ip_addresses = $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'); //get the currently saved blacklisted IPs
|
|
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($bl_ip_addresses);
|
|
|
|
if (is_array($entries)) {
|
|
//Get the selected IP addresses
|
|
$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
|
|
$id_list = "(" .implode(",", $entries) .")"; //Create comma separate list for DB operation
|
|
$events_table = AIOWPSEC_TBL_EVENTS;
|
|
// phpcs:ignore WordPress.DB.PreparedSQL, WordPress.DB.DirectDatabaseQuery -- PCP error. Ignore.
|
|
$results = $wpdb->get_col("SELECT ip_or_host FROM $events_table WHERE ID IN " . $id_list);
|
|
if (empty($results)) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('Could not process the request because the IP addresses for the selected entries could not be found.', 'all-in-one-wp-security-and-firewall'));
|
|
return false;
|
|
} else {
|
|
foreach ($results as $entry) {
|
|
$ip_list_array[] = $entry;
|
|
}
|
|
}
|
|
}
|
|
|
|
$validated_ip_list_array = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
|
|
if (is_wp_error($validated_ip_list_array)) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_error_st(nl2br($validated_ip_list_array->get_error_message()));
|
|
} else {
|
|
$banned_ip_data = implode("\n", $validated_ip_list_array);
|
|
$aio_wp_security->configs->set_value('aiowps_enable_blacklisting', '1'); // Force blacklist feature to be enabled.
|
|
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses', $banned_ip_data);
|
|
$aio_wp_security->configs->save_config();
|
|
|
|
$aiowps_firewall_config->set_value('aiowps_blacklist_ips', $validated_ip_list_array);
|
|
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP addresses have been added to the blacklist and will be permanently blocked.', 'all-in-one-wp-security-and-firewall'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Deletes one or more records from the AIOWPSEC_TBL_EVENTS table.
|
|
*
|
|
* @param array|string|integer $entries - ids or a single id
|
|
*
|
|
* @return void|string
|
|
*/
|
|
public function delete_404_event_records($entries) {
|
|
global $wpdb, $aio_wp_security;
|
|
$events_table = AIOWPSEC_TBL_EVENTS;
|
|
if (is_array($entries)) {
|
|
//Delete multiple records
|
|
$entries = array_map('esc_sql', $entries); //escape every array element
|
|
$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
|
|
$id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
|
|
// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP error. Ignore.
|
|
$result = $wpdb->query("DELETE FROM " . $events_table . " WHERE id IN " . $id_list);
|
|
if ($result) {
|
|
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
|
|
} else {
|
|
// Error on bulk delete
|
|
$aio_wp_security->debug_logger->log_debug('Database error occurred when deleting rows from Events table. Database error: '.$wpdb->last_error, 4);
|
|
AIOWPSecurity_Admin_Menu::show_msg_record_not_deleted_st();
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Retrieves all items from AIOWPSEC_TBL_EVENTS according to a search term inside $_REQUEST['s'] and only '404' events if there is no search term. It then assigns to $this->items.
|
|
*
|
|
* @param Boolean $ignore_pagination - whether to not paginate
|
|
*
|
|
* @return Void
|
|
*/
|
|
public function prepare_items($ignore_pagination = false) {
|
|
/**
|
|
* First, lets decide how many records per page to show
|
|
*/
|
|
$per_page = 100;
|
|
$columns = $this->get_columns();
|
|
$hidden = array();
|
|
$sortable = $this->get_sortable_columns();
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. Nonce checked in previous function.
|
|
$search_term = isset($_REQUEST['s']) ? sanitize_text_field(wp_unslash($_REQUEST['s'])) : '';
|
|
|
|
$this->_column_headers = array($columns, $hidden, $sortable);
|
|
|
|
$this->process_bulk_action();
|
|
|
|
global $wpdb;
|
|
$events_table_name = AIOWPSEC_TBL_EVENTS;
|
|
|
|
// Ordering parameters
|
|
// Parameters that are going to be used to order the result
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce.
|
|
$orderby = isset($_GET['orderby']) ? sanitize_text_field(wp_unslash($_GET['orderby'])) : '';
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- PCP warning. No nonce.
|
|
$order = isset($_GET['order']) ? sanitize_text_field(wp_unslash($_GET['order'])) : '';
|
|
|
|
$orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
|
|
$order = !empty($order) ? esc_sql($order) : 'DESC';
|
|
|
|
$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
|
|
$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
|
|
|
|
if (empty($search_term)) {
|
|
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP warning. Ignore.
|
|
$data = $wpdb->get_results("SELECT * FROM $events_table_name WHERE `event_type` = '404' ORDER BY $orderby $order", ARRAY_A);
|
|
} else {
|
|
// phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQueryWithPlaceholder, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery -- PCP error. Ignore.
|
|
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name WHERE `ip_or_host` LIKE '%%%s%%' OR `url` LIKE '%%%s%%' OR `referer_info` LIKE '%%%s%%' ORDER BY $orderby $order", $wpdb->esc_like($search_term), $wpdb->esc_like($search_term), $wpdb->esc_like($search_term)), ARRAY_A);
|
|
}
|
|
|
|
if (!$ignore_pagination) {
|
|
$current_page = $this->get_pagenum();
|
|
$total_items = count($data);
|
|
$data = array_slice($data, (($current_page - 1) * $per_page), $per_page);
|
|
$this->set_pagination_args(array(
|
|
'total_items' => $total_items, //WE have to calculate the total number of items
|
|
'per_page' => $per_page, //WE have to determine how many items to show on a page
|
|
'total_pages' => ceil($total_items / $per_page) //WE have to calculate the total number of pages
|
|
));
|
|
}
|
|
|
|
foreach ($data as $index => $row) {
|
|
// Insert an empty status column - we will use later
|
|
$data[$index]['status'] = '';
|
|
}
|
|
|
|
$this->items = $data;
|
|
}
|
|
|
|
}
|