<?php /** * Code related to the settings-apiservice.php interface. * * PHP version 5 * * @category Library * @package Sucuri * @subpackage SucuriScanner * @author Daniel Cid <[email protected]> * @copyright 2010-2018 Sucuri Inc. * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2 * @link https://wordpress.org/plugins/sucuri-scanner */ if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) { if (!headers_sent()) { /* Report invalid access if possible. */ header('HTTP/1.1 403 Forbidden'); } exit(1); } /** * Returns the HTML to configure the API service status. * * @param bool $nonce True if the CSRF protection worked, false otherwise. * @return string HTML for the API service status option. */ function sucuriscan_settings_apiservice_status($nonce) { $api_url_is_set = SucuriScan::issetScanApiUrl(); $params = array(); if ($nonce) { // Enable or disable the API service communication. $api_service = SucuriScanRequest::post(':api_service', '(en|dis)able'); if ($api_service) { if (!$api_url_is_set) { SucuriScanInterface::error(__('The status of the API service could not be enabled because the required SUCURISCAN_API_URL configuration was not found.', 'sucuri-scanner')); } else { $action_d = $api_service . 'd'; $message = sprintf(__('API service communication was <code>%s</code>', 'sucuri-scanner'), $action_d); SucuriScanEvent::reportInfoEvent($message); SucuriScanEvent::notifyEvent('plugin_change', $message); SucuriScanOption::updateOption(':api_service', $action_d); SucuriScanInterface::info(__('The status of the API service has been changed', 'sucuri-scanner')); } } } $api_service_option = SucuriScanOption::getOption(':api_service'); if ($api_service_option === 'enabled') { $params['ApiStatus.StatusNum'] = '1'; $params['ApiStatus.Status'] = __('Enabled', 'sucuri-scanner'); $params['ApiStatus.SwitchText'] = __('Disable', 'sucuri-scanner'); $params['ApiStatus.SwitchValue'] = 'disable'; $params['ApiStatus.WarningVisibility'] = 'visible'; $params['ApiStatus.ErrorVisibility'] = 'hidden'; } if ($api_service_option === 'disabled' || !$api_url_is_set) { $params['ApiStatus.StatusNum'] = '2'; $params['ApiStatus.Status'] = __('Disabled', 'sucuri-scanner'); $params['ApiStatus.SwitchText'] = __('Enable', 'sucuri-scanner'); $params['ApiStatus.SwitchValue'] = 'enable'; $params['ApiStatus.WarningVisibility'] = 'hidden'; $params['ApiStatus.ErrorVisibility'] = 'visible'; } if ($api_service_option === 'disabled' && $api_url_is_set) { $params['ApiStatus.StatusNum'] = '0'; } $params['ApiStatus.ServiceURL'] = !$api_url_is_set ? __('Service API URL not set. To enable the API service, add your custom API service URL as the SUCURISCAN_API_URL constant value to the main configuration file (wp-config.php). If you do not have a custom API to store the audit logs, the plugin will still store these logs on your hosting environment.') : __('Service API URL: '). SUCURISCAN_API_URL; $api_key = SucuriScanAPI::getPluginKey(); $params['ApiStatus.ApiKey'] = $api_key ? $api_key : __('NONE', 'sucuri-scanner'); return SucuriScanTemplate::getSection('settings-apiservice-status', $params); } /** * Returns the HTML to configure the API service proxy. * * @return string HTML for the API service proxy option. */ function sucuriscan_settings_apiservice_proxy() { $params = array( 'APIProxy.Host' => 'no_proxy_host', 'APIProxy.Port' => 'no_proxy_port', 'APIProxy.Username' => 'no_proxy_username', 'APIProxy.Password' => 'no_proxy_password', 'APIProxy.PasswordType' => 'default', 'APIProxy.PasswordText' => 'empty', ); if (class_exists('WP_HTTP_Proxy')) { $wp_http_proxy = new WP_HTTP_Proxy(); if ($wp_http_proxy->is_enabled()) { $proxy_host = SucuriScan::escape($wp_http_proxy->host()); $proxy_port = SucuriScan::escape($wp_http_proxy->port()); $proxy_username = SucuriScan::escape($wp_http_proxy->username()); $proxy_password = SucuriScan::escape($wp_http_proxy->password()); $params['APIProxy.Host'] = $proxy_host; $params['APIProxy.Port'] = $proxy_port; $params['APIProxy.Username'] = $proxy_username; $params['APIProxy.Password'] = $proxy_password; $params['APIProxy.PasswordType'] = 'info'; $params['APIProxy.PasswordText'] = 'hidden'; } } return SucuriScanTemplate::getSection('settings-apiservice-proxy', $params); } /** * Returns the HTML to configure the URL for the checkums API. * * @param bool $nonce True if the CSRF protection worked, false otherwise. * @return string HTML for the URL for the checksums API service. */ function sucuriscan_settings_apiservice_checksums($nonce) { $params = array(); $url = SucuriScanRequest::post(':checksum_api'); if ($nonce && $url !== false) { /* https://github.com/WordPress/WordPress - OR - WordPress/WordPress */ $pattern = '/^(https:\/\/github\.com\/)?([0-9a-zA-Z_]+\/[0-9a-zA-Z_]+)/'; if (@preg_match($pattern, $url, $match)) { SucuriScanOption::updateOption(':checksum_api', $match[2]); $message = sprintf(__('Core integrity API changed: %s', 'sucuri-scanner'), SucuriScanAPI::checksumAPI()); SucuriScanEvent::reportInfoEvent($message); SucuriScanEvent::notifyEvent('plugin_change', $message); SucuriScanInterface::info(__('The URL to retrieve the WordPress checksums has been changed', 'sucuri-scanner')); } else { SucuriScanOption::deleteOption(':checksum_api'); $message = sprintf(__('Core integrity API changed: %s', 'sucuri-scanner'), SucuriScanAPI::checksumAPI()); SucuriScanEvent::reportInfoEvent($message); SucuriScanEvent::notifyEvent('plugin_change', $message); SucuriScanInterface::info(__('The URL to retrieve the WordPress checksums has been changed', 'sucuri-scanner')); } } $params['ChecksumsAPI'] = SucuriScanAPI::checksumAPI(); return SucuriScanTemplate::getSection('settings-apiservice-checksums', $params); }