Merged in release/release-1.09 (pull request #10)

Release/release 1.09

* Install missing plugins 
* rs set to 1

* rebase pantheon for aws

* rebase pantheon for aws

* prod config change

* prod config change

* fix campaing issue

* revert


Approved-by: Jay Sharma

wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/mysql.php

@@ -572,7 +572,6 @@ class wfWAFStorageMySQL implements wfWAFStorageInterface {
 				'whitelistedIPs',
 				'howGetIPs',
 				'howGetIPs_trusted_proxies',
-				'howGetIPs_trusted_proxies_unified',
 				'other_WFNet',
 				'pluginABSPATH',
 				'serverIPs',

wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php

@@ -304,12 +304,12 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 
 		// Check if this is signed request and update ruleset.
 
-		$ping = $this->getRequest()->getBody('ping256');
+		$ping = $this->getRequest()->getBody('ping');
 		$pingResponse = $this->getRequest()->getBody('ping_response');
 
 		if ($ping && $pingResponse &&
-			$this->verifyPing($ping) &&
-			$this->verifySignedRequest($this->getRequest()->getBody('signature256'), $this->getStorageEngine()->getConfig('apiKey', null, 'synced'))
+			wfWAFUtils::hash_equals($ping, sha1($this->getStorageEngine()->getConfig('apiKey', null, 'synced'))) &&
+			$this->verifySignedRequest($this->getRequest()->getBody('signature'), $this->getStorageEngine()->getConfig('apiKey', null, 'synced'))
 		) {
 			// $this->updateRuleSet(base64_decode($this->getRequest()->body('ping')));
 			$event = new wfWAFCronFetchRulesEvent(time() - 2);
@@ -318,7 +318,7 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 
 			header('Content-type: text/plain');
 			$pingResponse = preg_replace('/[a-zA-Z0-9]/', '', $this->getRequest()->getBody('ping_response'));
-			exit('Success: ' . hash('sha256', $this->getStorageEngine()->getConfig('apiKey', null, 'synced') . $pingResponse));
+			exit('Success: ' . sha1($this->getStorageEngine()->getConfig('apiKey', null, 'synced') . $pingResponse));
 		}
 	}
 
@@ -469,8 +469,6 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 	}
 
 	protected function runMigrations() {
-		if (!wfWAFStorageFile::allowFileWriting()) { return false; }
-		
 		$storageEngine = $this->getStorageEngine();
 		$currentVersion = $storageEngine->getConfig('version');
 		if (wfWAFUtils::isVersionBelow(WFWAF_VERSION, $currentVersion)) {
@@ -536,7 +534,6 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 					'whitelistedIPs' => 'synced',
 					'howGetIPs' => 'synced',
 					'howGetIPs_trusted_proxies' => 'synced',
-					'howGetIPs_trusted_proxies_unified' => 'synced',
 					'pluginABSPATH' => 'synced',
 					'other_WFNet' => 'synced',
 					'serverIPs' => 'synced',
@@ -624,22 +621,17 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 	public function hasOpenSSL() {
 		return function_exists('openssl_verify');
 	}
-	
-	public function verifyPing($ping, $algorithm = 'sha256') {
-		$hash = hash($algorithm, $this->getStorageEngine()->getConfig('apiKey', null, 'synced'));
-		return wfWAFUtils::hash_equals($ping, $hash);
-	}
 
 	/**
 	 * @param string $signature
 	 * @param string $data
 	 * @return bool
 	 */
-	public function verifySignedRequest($signature, $data, $algorithm = OPENSSL_ALGO_SHA256) {
+	public function verifySignedRequest($signature, $data) {
 		if (!$this->hasOpenSSL()) {
 			return false;
 		}
-		$valid = openssl_verify($data, $signature, $this->getPublicKey(), $algorithm);
+		$valid = openssl_verify($data, $signature, $this->getPublicKey(), OPENSSL_ALGO_SHA1);
 		return $valid === 1;
 	}
 
@@ -1945,13 +1937,13 @@ class wfWAFCronFetchRulesEvent extends wfWAFCronEvent {
 					if (is_array($jsonData)) {
 
 						if ($waf->hasOpenSSL() &&
-							isset($jsonData['data']['signature256']) &&
+							isset($jsonData['data']['signature']) &&
 							isset($jsonData['data']['rules']) &&
-							$waf->verifySignedRequest(base64_decode($jsonData['data']['signature256']), $jsonData['data']['rules'])
+							$waf->verifySignedRequest(base64_decode($jsonData['data']['signature']), $jsonData['data']['rules'])
 						) {
 							$waf->updateRuleSet(base64_decode($jsonData['data']['rules']),
 								isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
-							$waf->getStorageEngine()->setConfig('lastRuleHash', $jsonData['data']['signature256'], 'transient');
+							$waf->getStorageEngine()->setConfig('lastRuleHash', $jsonData['data']['signature'], 'transient');
 							if (array_key_exists('premiumCount', $jsonData['data'])) {
 								$waf->getStorageEngine()->setConfig('premiumCount', $jsonData['data']['premiumCount'], 'transient');
 							}
@@ -2000,25 +1992,25 @@ class wfWAFCronFetchRulesEvent extends wfWAFCronEvent {
 						$jsonData = wfWAFUtils::json_decode($this->response->getBody(), true);
 						if (is_array($jsonData)) {
 							if ($waf->hasOpenSSL() &&
-								isset($jsonData['data']['signature256']) &&
+								isset($jsonData['data']['signature']) &&
 								isset($jsonData['data']['signatures']) &&
-								$waf->verifySignedRequest(base64_decode($jsonData['data']['signature256']), $jsonData['data']['signatures'])
+								$waf->verifySignedRequest(base64_decode($jsonData['data']['signature']), $jsonData['data']['signatures'])
 							) {
 								$waf->setMalwareSignatures(wfWAFUtils::json_decode(base64_decode($jsonData['data']['signatures'])),
 									isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
-								$waf->getStorageEngine()->setConfig('lastMalwareHash', $jsonData['data']['signature256'], 'transient');
+								$waf->getStorageEngine()->setConfig('lastMalwareHash', $jsonData['data']['signature'], 'transient');
 								if (array_key_exists('premiumCount', $jsonData['data'])) {
 									$waf->getStorageEngine()->setConfig('signaturePremiumCount', $jsonData['data']['premiumCount'], 'transient');
 								}
 
-								if (array_key_exists('commonStringsSignature256', $jsonData['data']) && 
+								if (array_key_exists('commonStringsSignature', $jsonData['data']) && 
 									array_key_exists('commonStrings', $jsonData['data']) && 
 									array_key_exists('signatureIndexes', $jsonData['data']) &&
-									$waf->verifySignedRequest(base64_decode($jsonData['data']['commonStringsSignature256']), $jsonData['data']['commonStrings'] . $jsonData['data']['signatureIndexes'])
+									$waf->verifySignedRequest(base64_decode($jsonData['data']['commonStringsSignature']), $jsonData['data']['commonStrings'] . $jsonData['data']['signatureIndexes'])
 								) {
 									$waf->setMalwareSignatureCommonStrings(wfWAFUtils::json_decode(base64_decode($jsonData['data']['commonStrings'])), wfWAFUtils::json_decode(base64_decode($jsonData['data']['signatureIndexes'])));
 
-									$waf->getStorageEngine()->setConfig('lastMalwareHashCommonStrings', $jsonData['data']['commonStringsSignature256'], 'transient');
+									$waf->getStorageEngine()->setConfig('lastMalwareHashCommonStrings', $jsonData['data']['commonStringsSignature'], 'transient');
 								}
 
 							} else if (!$waf->hasOpenSSL() &&