File "settings-apiservice.php"

Full Path: /home/rrterraplen/public_html/wp-content-20241221212636/plugins/sucuri-scanner/src/settings-apiservice.php
File size: 6.39 KB
MIME-type: text/x-php
Charset: utf-8

<?php

/**
 * Code related to the settings-apiservice.php interface.
 *
 * PHP version 5
 *
 * @category   Library
 * @package    Sucuri
 * @subpackage SucuriScanner
 * @author     Daniel Cid <[email protected]>
 * @copyright  2010-2018 Sucuri Inc.
 * @license    https://www.gnu.org/licenses/gpl-2.0.txt GPL2
 * @link       https://wordpress.org/plugins/sucuri-scanner
 */

if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
    if (!headers_sent()) {
        /* Report invalid access if possible. */
        header('HTTP/1.1 403 Forbidden');
    }
    exit(1);
}

/**
 * Returns the HTML to configure the API service status.
 *
 * @param bool $nonce True if the CSRF protection worked, false otherwise.
 * @return string HTML for the API service status option.
 */
function sucuriscan_settings_apiservice_status($nonce)
{
    $api_url_is_set = SucuriScan::issetScanApiUrl();

    $params = array();

    if ($nonce) {
        // Enable or disable the API service communication.
        $api_service = SucuriScanRequest::post(':api_service', '(en|dis)able');

        if ($api_service) {
            if (!$api_url_is_set) {
                SucuriScanInterface::error(__('The status of the API service could not be enabled because the required SUCURISCAN_API_URL configuration was not found.', 'sucuri-scanner'));
            } else {
                $action_d = $api_service . 'd';
                $message = sprintf(__('API service communication was <code>%s</code>', 'sucuri-scanner'), $action_d);

                SucuriScanEvent::reportInfoEvent($message);
                SucuriScanEvent::notifyEvent('plugin_change', $message);
                SucuriScanOption::updateOption(':api_service', $action_d);
                SucuriScanInterface::info(__('The status of the API service has been changed', 'sucuri-scanner'));
            }
        }
    }

    $api_service_option = SucuriScanOption::getOption(':api_service');

    if ($api_service_option === 'enabled') {
        $params['ApiStatus.StatusNum'] = '1';
        $params['ApiStatus.Status'] = __('Enabled', 'sucuri-scanner');
        $params['ApiStatus.SwitchText'] = __('Disable', 'sucuri-scanner');
        $params['ApiStatus.SwitchValue'] = 'disable';
        $params['ApiStatus.WarningVisibility'] = 'visible';
        $params['ApiStatus.ErrorVisibility'] = 'hidden';
    }

    if ($api_service_option === 'disabled' || !$api_url_is_set) {
        $params['ApiStatus.StatusNum'] = '2';
        $params['ApiStatus.Status'] = __('Disabled', 'sucuri-scanner');
        $params['ApiStatus.SwitchText'] = __('Enable', 'sucuri-scanner');
        $params['ApiStatus.SwitchValue'] = 'enable';
        $params['ApiStatus.WarningVisibility'] = 'hidden';
        $params['ApiStatus.ErrorVisibility'] = 'visible';
    }

    if ($api_service_option === 'disabled' && $api_url_is_set) {
        $params['ApiStatus.StatusNum'] = '0';
    }

    $params['ApiStatus.ServiceURL'] = !$api_url_is_set ? __('Service API URL not set. To enable the API service, add your custom API service URL as the SUCURISCAN_API_URL constant value to the main configuration file (wp-config.php). If you do not have a custom API to store the audit logs, the plugin will still store these logs on your hosting environment.') : __('Service API URL: '). SUCURISCAN_API_URL;

    $api_key = SucuriScanAPI::getPluginKey();
    $params['ApiStatus.ApiKey'] = $api_key ? $api_key : __('NONE', 'sucuri-scanner');

    return SucuriScanTemplate::getSection('settings-apiservice-status', $params);
}

/**
 * Returns the HTML to configure the API service proxy.
 *
 * @return string HTML for the API service proxy option.
 */
function sucuriscan_settings_apiservice_proxy()
{
    $params = array(
        'APIProxy.Host' => 'no_proxy_host',
        'APIProxy.Port' => 'no_proxy_port',
        'APIProxy.Username' => 'no_proxy_username',
        'APIProxy.Password' => 'no_proxy_password',
        'APIProxy.PasswordType' => 'default',
        'APIProxy.PasswordText' => 'empty',
    );

    if (class_exists('WP_HTTP_Proxy')) {
        $wp_http_proxy = new WP_HTTP_Proxy();

        if ($wp_http_proxy->is_enabled()) {
            $proxy_host = SucuriScan::escape($wp_http_proxy->host());
            $proxy_port = SucuriScan::escape($wp_http_proxy->port());
            $proxy_username = SucuriScan::escape($wp_http_proxy->username());
            $proxy_password = SucuriScan::escape($wp_http_proxy->password());

            $params['APIProxy.Host'] = $proxy_host;
            $params['APIProxy.Port'] = $proxy_port;
            $params['APIProxy.Username'] = $proxy_username;
            $params['APIProxy.Password'] = $proxy_password;
            $params['APIProxy.PasswordType'] = 'info';
            $params['APIProxy.PasswordText'] = 'hidden';
        }
    }

    return SucuriScanTemplate::getSection('settings-apiservice-proxy', $params);
}

/**
 * Returns the HTML to configure the URL for the checkums API.
 *
 * @param bool $nonce True if the CSRF protection worked, false otherwise.
 * @return string HTML for the URL for the checksums API service.
 */
function sucuriscan_settings_apiservice_checksums($nonce)
{
    $params = array();
    $url = SucuriScanRequest::post(':checksum_api');

    if ($nonce && $url !== false) {
        /* https://github.com/WordPress/WordPress - OR - WordPress/WordPress */
        $pattern = '/^(https:\/\/github\.com\/)?([0-9a-zA-Z_]+\/[0-9a-zA-Z_]+)/';

        if (@preg_match($pattern, $url, $match)) {
            SucuriScanOption::updateOption(':checksum_api', $match[2]);

            $message = sprintf(__('Core integrity API changed: %s', 'sucuri-scanner'), SucuriScanAPI::checksumAPI());
            SucuriScanEvent::reportInfoEvent($message);
            SucuriScanEvent::notifyEvent('plugin_change', $message);
            SucuriScanInterface::info(__('The URL to retrieve the WordPress checksums has been changed', 'sucuri-scanner'));
        } else {
            SucuriScanOption::deleteOption(':checksum_api');

            $message = sprintf(__('Core integrity API changed: %s', 'sucuri-scanner'), SucuriScanAPI::checksumAPI());
            SucuriScanEvent::reportInfoEvent($message);
            SucuriScanEvent::notifyEvent('plugin_change', $message);
            SucuriScanInterface::info(__('The URL to retrieve the WordPress checksums has been changed', 'sucuri-scanner'));
        }
    }

    $params['ChecksumsAPI'] = SucuriScanAPI::checksumAPI();

    return SucuriScanTemplate::getSection('settings-apiservice-checksums', $params);
}