/
wp-security-blacklist-menu.php
267 lines (242 loc) · 13.8 KB
/
wp-security-blacklist-menu.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
<?php
if(!defined('ABSPATH')){
exit;//Exit if accessed directly
}
class AIOWPSecurity_Blacklist_Menu extends AIOWPSecurity_Admin_Menu
{
var $menu_page_slug = AIOWPSEC_BLACKLIST_MENU_SLUG;
/* Specify all the tabs of this menu in the following array */
var $menu_tabs;
var $menu_tabs_handler = array(
'tab1' => 'render_tab1',
);
function __construct()
{
$this->render_menu_page();
}
function set_menu_tabs()
{
$this->menu_tabs = array(
'tab1' => __('Ban Users', 'all-in-one-wp-security-and-firewall'),
);
}
function get_current_tab()
{
$tab_keys = array_keys($this->menu_tabs);
$tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0];
return $tab;
}
/*
* Renders our tabs of this menu as nav items
*/
function render_menu_tabs()
{
$current_tab = $this->get_current_tab();
echo '<h2 class="nav-tab-wrapper">';
foreach ( $this->menu_tabs as $tab_key => $tab_caption )
{
$active = $current_tab == $tab_key ? 'nav-tab-active' : '';
echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
}
echo '</h2>';
}
/*
* The menu rendering goes here
*/
function render_menu_page()
{
echo '<div class="wrap">';
echo '<h2>'.__('Blacklist Manager','all-in-one-wp-security-and-firewall').'</h2>';//Interface title
$this->set_menu_tabs();
$tab = $this->get_current_tab();
$this->render_menu_tabs();
?>
<div id="poststuff"><div id="post-body">
<?php
//$tab_keys = array_keys($this->menu_tabs);
call_user_func(array(&$this, $this->menu_tabs_handler[$tab]));
?>
</div></div>
</div><!-- end of wrap -->
<?php
}
function render_tab1()
{
global $aio_wp_security;
global $aiowps_feature_mgr;
$result = 1;
if (isset($_POST['aiowps_save_blacklist_settings']))
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-blacklist-settings-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for save blacklist settings!",4);
die(__('Nonce check failed for save blacklist settings!','all-in-one-wp-security-and-firewall'));
}
if (isset($_POST["aiowps_enable_blacklisting"]) && empty($_POST['aiowps_banned_ip_addresses']) && empty($_POST['aiowps_banned_user_agents']))
{
$this->show_msg_error('You must submit at least one IP address or one User Agent value or both!','all-in-one-wp-security-and-firewall');
}
else
{
if (!empty($_POST['aiowps_banned_ip_addresses']))
{
$ip_addresses = $_POST['aiowps_banned_ip_addresses'];
$ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($ip_addresses);
$payload = AIOWPSecurity_Utility_IP::validate_ip_list($ip_list_array, 'blacklist');
if($payload[0] == 1){
//success case
$result = 1;
$list = $payload[1];
$banned_ip_data = implode(PHP_EOL, $list);
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',$banned_ip_data);
$_POST['aiowps_banned_ip_addresses'] = ''; //Clear the post variable for the banned address list
}
else{
$result = -1;
$error_msg = $payload[1][0];
$this->show_msg_error($error_msg);
}
}
else
{
$aio_wp_security->configs->set_value('aiowps_banned_ip_addresses',''); //Clear the IP address config value
}
if (!empty($_POST['aiowps_banned_user_agents']))
{
$result = $result * $this->validate_user_agent_list();
}else{
//clear the user agent list
$aio_wp_security->configs->set_value('aiowps_banned_user_agents','');
}
if ($result == 1)
{
$aio_wp_security->configs->set_value('aiowps_enable_blacklisting',isset($_POST["aiowps_enable_blacklisting"])?'1':'');
$aio_wp_security->configs->save_config(); //Save the configuration
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
$write_result = AIOWPSecurity_Utility_Htaccess::write_to_htaccess(); //now let's write to the .htaccess file
if ( !$write_result )
{
$this->show_msg_error(__('The plugin was unable to write to the .htaccess file. Please edit file manually.','all-in-one-wp-security-and-firewall'));
$aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Blacklist_Menu - The plugin was unable to write to the .htaccess file.");
}
}
}
}
?>
<h2><?php _e('Ban IPs or User Agents', 'all-in-one-wp-security-and-firewall')?></h2>
<div class="aio_blue_box">
<?php
echo '<p>'.__('The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('The plugin achieves this by making appropriate modifications to your .htaccess file.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.', 'all-in-one-wp-security-and-firewall').'
</p>';
?>
</div>
<div class="aio_grey_box">
<?php
$addon_link = '<strong><a href="http://www.site-scanners.com/country-blocking-addon/" target="_blank">'.__('Country Blocking Addon', 'all-in-one-wp-security-and-firewall').'</a></strong>';
$info_msg = sprintf( __('You may also be interested in our %s.', 'all-in-one-wp-security-and-firewall'), $addon_link);
$info_msg2 = __('This addon allows you to automatically block IP addresses based on their country of origin.', 'all-in-one-wp-security-and-firewall');
echo '<p>'.$info_msg.
'<br />'.$info_msg2.'</p>';
?>
</div>
<div class="postbox">
<h3 class="hndle"><label for="title"><?php _e('IP Hosts and User Agent Blacklist Settings', 'all-in-one-wp-security-and-firewall'); ?></label></h3>
<div class="inside">
<?php
//Display security info badge
global $aiowps_feature_mgr;
$aiowps_feature_mgr->output_feature_details_badge("blacklist-manager-ip-user-agent-blacklisting");
?>
<form action="" method="POST">
<?php wp_nonce_field('aiowpsec-blacklist-settings-nonce'); ?>
<div class="aio_orange_box">
<p>
<?php
$read_link = '<a href="https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin#advanced_features_note" target="_blank">'.__('must read this message', 'all-in-one-wp-security-and-firewall').'</a>';
echo sprintf(__('This feature can lock you out of admin if it doesn\'t work correctly on your site. You %s before activating this feature.', 'all-in-one-wp-security-and-firewall'), $read_link);
?>
</p>
</div>
<table class="form-table">
<tr valign="top">
<th scope="row"><?php _e('Enable IP or User Agent Blacklisting', 'all-in-one-wp-security-and-firewall')?>:</th>
<td>
<input name="aiowps_enable_blacklisting" type="checkbox"<?php if($aio_wp_security->configs->get_value('aiowps_enable_blacklisting')=='1') echo ' checked="checked"'; ?> value="1"/>
<span class="description"><?php _e('Check this if you want to enable the banning (or blacklisting) of selected IP addresses and/or user agents specified in the settings below', 'all-in-one-wp-security-and-firewall'); ?></span>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('Enter IP Addresses:', 'all-in-one-wp-security-and-firewall')?></th>
<td>
<textarea name="aiowps_banned_ip_addresses" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_ip_addresses']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_ip_addresses')); ?></textarea>
<br />
<span class="description"><?php _e('Enter one or more IP addresses or IP ranges.','all-in-one-wp-security-and-firewall');?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.__('Each IP address must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.__('To specify an IP range use a wildcard "*" character. Acceptable ways to use wildcards is shown in the examples below:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.__('Example 1: 195.47.89.*', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.__('Example 2: 195.47.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.__('Example 3: 195.*.*.*', 'all-in-one-wp-security-and-firewall').'</p>';
?>
</div>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('Enter User Agents:', 'all-in-one-wp-security-and-firewall')?></th>
<td>
<textarea name="aiowps_banned_user_agents" rows="5" cols="50"><?php echo ($result == -1)?htmlspecialchars($_POST['aiowps_banned_user_agents']):htmlspecialchars($aio_wp_security->configs->get_value('aiowps_banned_user_agents')); ?></textarea>
<br />
<span class="description">
<?php _e('Enter one or more user agent strings.','all-in-one-wp-security-and-firewall');?></span>
<span class="aiowps_more_info_anchor"><span class="aiowps_more_info_toggle_char">+</span><span class="aiowps_more_info_toggle_text"><?php _e('More Info', 'all-in-one-wp-security-and-firewall'); ?></span></span>
<div class="aiowps_more_info_body">
<?php
echo '<p class="description">'.__('Each user agent string must be on a new line.', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">'.__('Example 1 - A single user agent string to block:', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">SquigglebotBot</p>';
echo '<p class="description">'.__('Example 2 - A list of more than 1 user agent strings to block', 'all-in-one-wp-security-and-firewall').'</p>';
echo '<p class="description">baiduspider<br />SquigglebotBot<br />SurveyBot<br />VoidEYE<br />webcrawl.net<br />YottaShopping_Bot</p>';
?>
</div>
</td>
</tr>
</table>
<input type="submit" name="aiowps_save_blacklist_settings" value="<?php _e('Save Settings', 'all-in-one-wp-security-and-firewall')?>" class="button-primary" />
</form>
</div></div>
<?php
}
function validate_user_agent_list()
{
global $aio_wp_security;
@ini_set('auto_detect_line_endings', true);
//$errors = '';
$submitted_agents = explode(PHP_EOL, $_POST['aiowps_banned_user_agents']);
$agents = array();
if (!empty($submitted_agents))
{
foreach ($submitted_agents as $agent)
{
$text = sanitize_text_field($agent);
$agents[] = $text;
}
}
if (sizeof($agents) > 1)
{
sort( $agents );
$agents = array_unique($agents, SORT_STRING);
}
$banned_user_agent_data = implode(PHP_EOL, $agents);
$aio_wp_security->configs->set_value('aiowps_banned_user_agents',$banned_user_agent_data);
$_POST['aiowps_banned_user_agents'] = ''; //Clear the post variable for the banned address list
return 1;
}
} //end class