ofco/medicalalert-web-reloaded
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rebase from live enviornment

Browse Source
This commit is contained in:
Rachit Bhargava
2024-01-09 22:14:20 -05:00
parent ff0b49a046
commit 3a22fcaa4a
15968 changed files with 2344674 additions and 45234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
wp/plugins/wordfence/waf/.htaccess Normal file
View File

@@ -0,0 +1,16 @@
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} \.php$
RewriteRule .* - [F,L,NC]
</IfModule>
<IfModule !mod_rewrite.c>
<FilesMatch "\.php$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</FilesMatch>
</IfModule>

1039
wp/plugins/wordfence/waf/bootstrap.php Normal file
View File

File diff suppressed because it is too large Load Diff

189
wp/plugins/wordfence/waf/dummy.php Normal file
View File

@@ -0,0 +1,189 @@
<?php
/**
* A dummy WAF implementation that can be used if initialization of the actual WAF failures
*/
class wfDummyWaf extends wfWAF {
public function __construct() {
parent::__construct(new wfDummyWafRequest(), new wfDummyWafStorageEngine());
}
}
class wfDummyWafRequest implements wfWAFRequestInterface {
public function getBody() {
return null;
}
public function getRawBody() {
return null;
}
public function getMd5Body() {
return null;
}
public function getJsonBody() {
return null;
}
public function getQueryString() {
return null;
}
public function getMd5QueryString() {
return null;
}
public function getHeaders() {
return null;
}
public function getCookies() {
return null;
}
public function getFiles() {
return null;
}
public function getFileNames() {
return null;
}
public function getHost() {
return null;
}
public function getURI() {
return null;
}
public function setMetadata($metadata) {
}
public function getMetadata() {
return null;
}
public function getPath() {
return null;
}
public function getIP() {
return null;
}
public function getMethod() {
return null;
}
public function getProtocol() {
return null;
}
public function getAuth() {
return null;
}
public function getTimestamp() {
return null;
}
public function __toString() {
return '';
}
}
class wfDummyWafStorageEngine implements wfWAFStorageInterface {
public function hasPreviousAttackData($olderThan) {
return false;
}
public function hasNewerAttackData($newerThan) {
return false;
}
public function getAttackData() {
return null;
}
public function getAttackDataArray() {
return array();
}
public function getNewestAttackDataArray($newerThan) {
return array();
}
public function truncateAttackData() {
}
public function logAttack($failedRules, $failedParamKey, $failedParamValue, $request, $_ = null) {
}
public function blockIP($timestamp, $ip) {
}
public function isIPBlocked($ip) {
return false;
}
public function purgeIPBlocks($types = wfWAFStorageInterface::IP_BLOCKS_ALL) {
}
public function getConfig($key, $default = null, $category = '') {
if ($key === 'wafStatus')
return 'disabled';
return $default;
}
public function setConfig($key, $value, $category = '') {
}
public function unsetConfig($key, $category = '') {
}
public function uninstall() {
}
public function isInLearningMode() {
return false;
}
public function isDisabled() {
return true;
}
public function getRulesDSLCacheFile() {
return null;
}
public function isAttackDataFull() {
return false;
}
public function vacuum() {
}
public function getRules() {
return array();
}
public function setRules($rules) {
}
public function needsInitialRules() {
return false;
}
public function getDescription() {
return 'Dummy Storage Engine';
}
}

140
wp/plugins/wordfence/waf/pomo/entry.php Normal file
View File

@@ -0,0 +1,140 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* Contains Translation_Entry class
*
* @version $Id: entry.php 1157 2015-11-20 04:30:11Z dd32 $
* @package pomo
* @subpackage entry
*/
if ( ! class_exists( 'wfTranslation_Entry', false ) ) :
/**
* Translation_Entry class encapsulates a translatable string
*/
class wfTranslation_Entry {
/**
* Whether the entry contains a string and its plural form, default is false
*
* @var boolean
*/
var $is_plural = false;
var $context = null;
var $singular = null;
var $plural = null;
var $translations = array();
var $translator_comments = '';
var $extracted_comments = '';
var $references = array();
var $flags = array();
/**
* @param array $args associative array, support following keys:
* - singular (string) -- the string to translate, if omitted and empty entry will be created
* - plural (string) -- the plural form of the string, setting this will set {@link $is_plural} to true
* - translations (array) -- translations of the string and possibly -- its plural forms
* - context (string) -- a string differentiating two equal strings used in different contexts
* - translator_comments (string) -- comments left by translators
* - extracted_comments (string) -- comments left by developers
* - references (array) -- places in the code this strings is used, in relative_to_root_path/file.php:linenum form
* - flags (array) -- flags like php-format
*/
function __construct( $args = array() ) {
// If no singular -- empty object.
if ( ! isset( $args['singular'] ) ) {
return;
}
// Get member variable values from args hash.
foreach ( $args as $varname => $value ) {
$this->$varname = $value;
}
if ( isset( $args['plural'] ) && $args['plural'] ) {
$this->is_plural = true;
}
if ( ! is_array( $this->translations ) ) {
$this->translations = array();
}
if ( ! is_array( $this->references ) ) {
$this->references = array();
}
if ( ! is_array( $this->flags ) ) {
$this->flags = array();
}
}
/**
* Generates a unique key for this entry
*
* @return string|bool the key or false if the entry is empty
*/
function key() {
if ( null === $this->singular || '' === $this->singular ) {
return false;
}
// Prepend context and EOT, like in MO files.
$key = ! $this->context ? $this->singular : $this->context . "\4" . $this->singular;
// Standardize on \n line endings.
$key = str_replace( array( "\r\n", "\r" ), "\n", $key );
return $key;
}
/**
* @param object $other
*/
function merge_with( &$other ) {
$this->flags = array_unique( array_merge( $this->flags, $other->flags ) );
$this->references = array_unique( array_merge( $this->references, $other->references ) );
if ( $this->extracted_comments != $other->extracted_comments ) {
$this->extracted_comments .= $other->extracted_comments;
}
}
}
endif;

393
wp/plugins/wordfence/waf/pomo/mo.php Normal file
View File

@@ -0,0 +1,393 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* Class for working with MO files
*
* @version $Id: mo.php 1157 2015-11-20 04:30:11Z dd32 $
* @package pomo
* @subpackage mo
*/
require_once __DIR__ . '/translations.php';
require_once __DIR__ . '/streams.php';
if ( ! class_exists( 'wfMO', false ) ) :
class wfMO extends wfGettext_Translations {
var $_nplurals = 2;
/**
* Loaded MO file.
*
* @var string
*/
private $filename = '';
/**
* Returns the loaded MO file.
*
* @return string The loaded MO file.
*/
public function get_filename() {
return $this->filename;
}
/**
* Fills up with the entries from MO file $filename
*
* @param string $filename MO file to load
* @return bool True if the import from file was successful, otherwise false.
*/
function import_from_file( $filename ) {
$reader = new wfPOMO_FileReader( $filename );
if ( ! $reader->is_resource() ) {
return false;
}
$this->filename = (string) $filename;
return $this->import_from_reader( $reader );
}
/**
* @param string $filename
* @return bool
*/
function export_to_file( $filename ) {
$fh = fopen( $filename, 'wb' );
if ( ! $fh ) {
return false;
}
$res = $this->export_to_file_handle( $fh );
fclose( $fh );
return $res;
}
/**
* @return string|false
*/
function export() {
$tmp_fh = fopen( 'php://temp', 'r+' );
if ( ! $tmp_fh ) {
return false;
}
$this->export_to_file_handle( $tmp_fh );
rewind( $tmp_fh );
return stream_get_contents( $tmp_fh );
}
/**
* @param wfTranslation_Entry $entry
* @return bool
*/
function is_entry_good_for_export( $entry ) {
if ( empty( $entry->translations ) ) {
return false;
}
if ( ! array_filter( $entry->translations ) ) {
return false;
}
return true;
}
/**
* @param resource $fh
* @return true
*/
function export_to_file_handle( $fh ) {
$entries = array_filter( $this->entries, array( $this, 'is_entry_good_for_export' ) );
ksort( $entries );
$magic = 0x950412de;
$revision = 0;
$total = count( $entries ) + 1; // All the headers are one entry.
$originals_lenghts_addr = 28;
$translations_lenghts_addr = $originals_lenghts_addr + 8 * $total;
$size_of_hash = 0;
$hash_addr = $translations_lenghts_addr + 8 * $total;
$current_addr = $hash_addr;
fwrite(
$fh,
pack(
'V*',
$magic,
$revision,
$total,
$originals_lenghts_addr,
$translations_lenghts_addr,
$size_of_hash,
$hash_addr
)
);
fseek( $fh, $originals_lenghts_addr );
// Headers' msgid is an empty string.
fwrite( $fh, pack( 'VV', 0, $current_addr ) );
$current_addr++;
$originals_table = "\0";
$reader = new wfPOMO_Reader();
foreach ( $entries as $entry ) {
$originals_table .= $this->export_original( $entry ) . "\0";
$length = $reader->strlen( $this->export_original( $entry ) );
fwrite( $fh, pack( 'VV', $length, $current_addr ) );
$current_addr += $length + 1; // Account for the NULL byte after.
}
$exported_headers = $this->export_headers();
fwrite( $fh, pack( 'VV', $reader->strlen( $exported_headers ), $current_addr ) );
$current_addr += strlen( $exported_headers ) + 1;
$translations_table = $exported_headers . "\0";
foreach ( $entries as $entry ) {
$translations_table .= $this->export_translations( $entry ) . "\0";
$length = $reader->strlen( $this->export_translations( $entry ) );
fwrite( $fh, pack( 'VV', $length, $current_addr ) );
$current_addr += $length + 1;
}
fwrite( $fh, $originals_table );
fwrite( $fh, $translations_table );
return true;
}
/**
* @param wfTranslation_Entry $entry
* @return string
*/
function export_original( $entry ) {
// TODO: Warnings for control characters.
$exported = $entry->singular;
if ( $entry->is_plural ) {
$exported .= "\0" . $entry->plural;
}
if ( $entry->context ) {
$exported = $entry->context . "\4" . $exported;
}
return $exported;
}
/**
* @param wfTranslation_Entry $entry
* @return string
*/
function export_translations( $entry ) {
// TODO: Warnings for control characters.
return $entry->is_plural ? implode( "\0", $entry->translations ) : $entry->translations[0];
}
/**
* @return string
*/
function export_headers() {
$exported = '';
foreach ( $this->headers as $header => $value ) {
$exported .= "$header: $value\n";
}
return $exported;
}
/**
* @param int $magic
* @return string|false
*/
function get_byteorder( $magic ) {
// The magic is 0x950412de.
// bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565
$magic_little = (int) - 1794895138;
$magic_little_64 = (int) 2500072158;
// 0xde120495
$magic_big = ( (int) - 569244523 ) & 0xFFFFFFFF;
if ( $magic_little == $magic || $magic_little_64 == $magic ) {
return 'little';
} elseif ( $magic_big == $magic ) {
return 'big';
} else {
return false;
}
}
/**
* @param wfPOMO_FileReader $reader
* @return bool True if the import was successful, otherwise false.
*/
function import_from_reader( $reader ) {
$endian_string = wfMO::get_byteorder( $reader->readint32() );
if ( false === $endian_string ) {
return false;
}
$reader->setEndian( $endian_string );
$endian = ( 'big' === $endian_string ) ? 'N' : 'V';
$header = $reader->read( 24 );
if ( $reader->strlen( $header ) != 24 ) {
return false;
}
// Parse header.
$header = unpack( "{$endian}revision/{$endian}total/{$endian}originals_lenghts_addr/{$endian}translations_lenghts_addr/{$endian}hash_length/{$endian}hash_addr", $header );
if ( ! is_array( $header ) ) {
return false;
}
// Support revision 0 of MO format specs, only.
if ( 0 != $header['revision'] ) {
return false;
}
// Seek to data blocks.
$reader->seekto( $header['originals_lenghts_addr'] );
// Read originals' indices.
$originals_lengths_length = $header['translations_lenghts_addr'] - $header['originals_lenghts_addr'];
if ( $originals_lengths_length != $header['total'] * 8 ) {
return false;
}
$originals = $reader->read( $originals_lengths_length );
if ( $reader->strlen( $originals ) != $originals_lengths_length ) {
return false;
}
// Read translations' indices.
$translations_lenghts_length = $header['hash_addr'] - $header['translations_lenghts_addr'];
if ( $translations_lenghts_length != $header['total'] * 8 ) {
return false;
}
$translations = $reader->read( $translations_lenghts_length );
if ( $reader->strlen( $translations ) != $translations_lenghts_length ) {
return false;
}
// Transform raw data into set of indices.
$originals = $reader->str_split( $originals, 8 );
$translations = $reader->str_split( $translations, 8 );
// Skip hash table.
$strings_addr = $header['hash_addr'] + $header['hash_length'] * 4;
$reader->seekto( $strings_addr );
$strings = $reader->read_all();
$reader->close();
for ( $i = 0; $i < $header['total']; $i++ ) {
$o = unpack( "{$endian}length/{$endian}pos", $originals[ $i ] );
$t = unpack( "{$endian}length/{$endian}pos", $translations[ $i ] );
if ( ! $o || ! $t ) {
return false;
}
// Adjust offset due to reading strings to separate space before.
$o['pos'] -= $strings_addr;
$t['pos'] -= $strings_addr;
$original = $reader->substr( $strings, $o['pos'], $o['length'] );
$translation = $reader->substr( $strings, $t['pos'], $t['length'] );
if ( '' === $original ) {
$this->set_headers( $this->make_headers( $translation ) );
} else {
$entry = &$this->make_entry( $original, $translation );
$this->entries[ $entry->key() ] = &$entry;
}
}
return true;
}
/**
* Build a Translation_Entry from original string and translation strings,
* found in a MO file
*
* @static
* @param string $original original string to translate from MO file. Might contain
* 0x04 as context separator or 0x00 as singular/plural separator
* @param string $translation translation string from MO file. Might contain
* 0x00 as a plural translations separator
* @return wfTranslation_Entry Entry instance.
*/
function &make_entry( $original, $translation ) {
$entry = new wfTranslation_Entry();
// Look for context, separated by \4.
$parts = explode( "\4", $original );
if ( isset( $parts[1] ) ) {
$original = $parts[1];
$entry->context = $parts[0];
}
// Look for plural original.
$parts = explode( "\0", $original );
$entry->singular = $parts[0];
if ( isset( $parts[1] ) ) {
$entry->is_plural = true;
$entry->plural = $parts[1];
}
// Plural translations are also separated by \0.
$entry->translations = explode( "\0", $translation );
return $entry;
}
/**
* @param int $count
* @return string
*/
function select_plural_form( $count ) {
return $this->gettext_select_plural_form( $count );
}
/**
* @return int
*/
function get_plural_forms_count() {
return $this->_nplurals;
}
}
endif;

387
wp/plugins/wordfence/waf/pomo/plural-forms.php Normal file
View File

@@ -0,0 +1,387 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* A gettext Plural-Forms parser.
*
* @since 4.9.0
*/
class wfPlural_Forms {
/**
* Operator characters.
*
* @since 4.9.0
* @var string OP_CHARS Operator characters.
*/
const OP_CHARS = '|&><!=%?:';
/**
* Valid number characters.
*
* @since 4.9.0
* @var string NUM_CHARS Valid number characters.
*/
const NUM_CHARS = '0123456789';
/**
* Operator precedence.
*
* Operator precedence from highest to lowest. Higher numbers indicate
* higher precedence, and are executed first.
*
* @see https://en.wikipedia.org/wiki/Operators_in_C_and_C%2B%2B#Operator_precedence
*
* @since 4.9.0
* @var array $op_precedence Operator precedence from highest to lowest.
*/
protected static $op_precedence = array(
'%' => 6,
'<' => 5,
'<=' => 5,
'>' => 5,
'>=' => 5,
'==' => 4,
'!=' => 4,
'&&' => 3,
'||' => 2,
'?:' => 1,
'?' => 1,
'(' => 0,
')' => 0,
);
/**
* Tokens generated from the string.
*
* @since 4.9.0
* @var array $tokens List of tokens.
*/
protected $tokens = array();
/**
* Cache for repeated calls to the function.
*
* @since 4.9.0
* @var array $cache Map of $n => $result
*/
protected $cache = array();
/**
* Constructor.
*
* @since 4.9.0
*
* @param string $str Plural function (just the bit after `plural=` from Plural-Forms)
*/
public function __construct( $str ) {
$this->parse( $str );
}
/**
* Parse a Plural-Forms string into tokens.
*
* Uses the shunting-yard algorithm to convert the string to Reverse Polish
* Notation tokens.
*
* @since 4.9.0
*
* @param string $str String to parse.
*/
protected function parse( $str ) {
$pos = 0;
$len = strlen( $str );
// Convert infix operators to postfix using the shunting-yard algorithm.
$output = array();
$stack = array();
while ( $pos < $len ) {
$next = substr( $str, $pos, 1 );
switch ( $next ) {
// Ignore whitespace.
case ' ':
case "\t":
$pos++;
break;
// Variable (n).
case 'n':
$output[] = array( 'var' );
$pos++;
break;
// Parentheses.
case '(':
$stack[] = $next;
$pos++;
break;
case ')':
$found = false;
while ( ! empty( $stack ) ) {
$o2 = $stack[ count( $stack ) - 1 ];
if ( '(' !== $o2 ) {
$output[] = array( 'op', array_pop( $stack ) );
continue;
}
// Discard open paren.
array_pop( $stack );
$found = true;
break;
}
if ( ! $found ) {
throw new Exception( 'Mismatched parentheses' );
}
$pos++;
break;
// Operators.
case '|':
case '&':
case '>':
case '<':
case '!':
case '=':
case '%':
case '?':
$end_operator = strspn( $str, self::OP_CHARS, $pos );
$operator = substr( $str, $pos, $end_operator );
if ( ! array_key_exists( $operator, self::$op_precedence ) ) {
throw new Exception( sprintf( 'Unknown operator "%s"', $operator ) );
}
while ( ! empty( $stack ) ) {
$o2 = $stack[ count( $stack ) - 1 ];
// Ternary is right-associative in C.
if ( '?:' === $operator || '?' === $operator ) {
if ( self::$op_precedence[ $operator ] >= self::$op_precedence[ $o2 ] ) {
break;
}
} elseif ( self::$op_precedence[ $operator ] > self::$op_precedence[ $o2 ] ) {
break;
}
$output[] = array( 'op', array_pop( $stack ) );
}
$stack[] = $operator;
$pos += $end_operator;
break;
// Ternary "else".
case ':':
$found = false;
$s_pos = count( $stack ) - 1;
while ( $s_pos >= 0 ) {
$o2 = $stack[ $s_pos ];
if ( '?' !== $o2 ) {
$output[] = array( 'op', array_pop( $stack ) );
$s_pos--;
continue;
}
// Replace.
$stack[ $s_pos ] = '?:';
$found = true;
break;
}
if ( ! $found ) {
throw new Exception( 'Missing starting "?" ternary operator' );
}
$pos++;
break;
// Default - number or invalid.
default:
if ( $next >= '0' && $next <= '9' ) {
$span = strspn( $str, self::NUM_CHARS, $pos );
$output[] = array( 'value', intval( substr( $str, $pos, $span ) ) );
$pos += $span;
break;
}
throw new Exception( sprintf( 'Unknown symbol "%s"', $next ) );
}
}
while ( ! empty( $stack ) ) {
$o2 = array_pop( $stack );
if ( '(' === $o2 || ')' === $o2 ) {
throw new Exception( 'Mismatched parentheses' );
}
$output[] = array( 'op', $o2 );
}
$this->tokens = $output;
}
/**
* Get the plural form for a number.
*
* Caches the value for repeated calls.
*
* @since 4.9.0
*
* @param int $num Number to get plural form for.
* @return int Plural form value.
*/
public function get( $num ) {
if ( isset( $this->cache[ $num ] ) ) {
return $this->cache[ $num ];
}
$this->cache[ $num ] = $this->execute( $num );
return $this->cache[ $num ];
}
/**
* Execute the plural form function.
*
* @since 4.9.0
*
* @param int $n Variable "n" to substitute.
* @return int Plural form value.
*/
public function execute( $n ) {
$stack = array();
$i = 0;
$total = count( $this->tokens );
while ( $i < $total ) {
$next = $this->tokens[ $i ];
$i++;
if ( 'var' === $next[0] ) {
$stack[] = $n;
continue;
} elseif ( 'value' === $next[0] ) {
$stack[] = $next[1];
continue;
}
// Only operators left.
switch ( $next[1] ) {
case '%':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 % $v2;
break;
case '||':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 || $v2;
break;
case '&&':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 && $v2;
break;
case '<':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 < $v2;
break;
case '<=':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 <= $v2;
break;
case '>':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 > $v2;
break;
case '>=':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 >= $v2;
break;
case '!=':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 != $v2;
break;
case '==':
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 == $v2;
break;
case '?:':
$v3 = array_pop( $stack );
$v2 = array_pop( $stack );
$v1 = array_pop( $stack );
$stack[] = $v1 ? $v2 : $v3;
break;
default:
throw new Exception( sprintf( 'Unknown operator "%s"', $next[1] ) );
}
}
if ( count( $stack ) !== 1 ) {
throw new Exception( 'Too many values remaining on the stack' );
}
return (int) $stack[0];
}
}

553
wp/plugins/wordfence/waf/pomo/po.php Normal file
View File

@@ -0,0 +1,553 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* Class for working with PO files
*
* @version $Id: po.php 1158 2015-11-20 04:31:23Z dd32 $
* @package pomo
* @subpackage po
*/
require_once __DIR__ . '/translations.php';
if ( ! defined( 'WF_PO_MAX_LINE_LEN' ) ) {
define( 'WF_PO_MAX_LINE_LEN', 79 );
}
ini_set( 'auto_detect_line_endings', 1 );
/**
* Routines for working with PO files
*/
if ( ! class_exists( 'wfPO', false ) ) :
class wfPO extends wfGettext_Translations {
var $comments_before_headers = '';
/**
* Exports headers to a PO entry
*
* @return string msgid/msgstr PO entry for this PO file headers, doesn't contain newline at the end
*/
function export_headers() {
$header_string = '';
foreach ( $this->headers as $header => $value ) {
$header_string .= "$header: $value\n";
}
$poified = wfPO::poify( $header_string );
if ( $this->comments_before_headers ) {
$before_headers = $this->prepend_each_line( rtrim( $this->comments_before_headers ) . "\n", '# ' );
} else {
$before_headers = '';
}
return rtrim( "{$before_headers}msgid \"\"\nmsgstr $poified" );
}
/**
* Exports all entries to PO format
*
* @return string sequence of mgsgid/msgstr PO strings, doesn't containt newline at the end
*/
function export_entries() {
// TODO: Sorting.
return implode( "\n\n", array_map( array('wfPO', 'export_entry' ), $this->entries ) );
}
/**
* Exports the whole PO file as a string
*
* @param bool $include_headers whether to include the headers in the export
* @return string ready for inclusion in PO file string for headers and all the enrtries
*/
function export( $include_headers = true ) {
$res = '';
if ( $include_headers ) {
$res .= $this->export_headers();
$res .= "\n\n";
}
$res .= $this->export_entries();
return $res;
}
/**
* Same as {@link export}, but writes the result to a file
*
* @param string $filename Where to write the PO string.
* @param bool $include_headers Whether to include the headers in the export.
* @return bool true on success, false on error
*/
function export_to_file( $filename, $include_headers = true ) {
$fh = fopen( $filename, 'w' );
if ( false === $fh ) {
return false;
}
$export = $this->export( $include_headers );
$res = fwrite( $fh, $export );
if ( false === $res ) {
return false;
}
return fclose( $fh );
}
/**
* Text to include as a comment before the start of the PO contents
*
* Doesn't need to include # in the beginning of lines, these are added automatically
*
* @param string $text Text to include as a comment.
*/
function set_comment_before_headers( $text ) {
$this->comments_before_headers = $text;
}
/**
* Formats a string in PO-style
*
* @param string $string the string to format
* @return string the poified string
*/
public static function poify( $string ) {
$quote = '"';
$slash = '\\';
$newline = "\n";
$replaces = array(
"$slash" => "$slash$slash",
"$quote" => "$slash$quote",
"\t" => '\t',
);
$string = str_replace( array_keys( $replaces ), array_values( $replaces ), $string );
$po = $quote . implode( "${slash}n$quote$newline$quote", explode( $newline, $string ) ) . $quote;
// Add empty string on first line for readbility.
if ( false !== strpos( $string, $newline ) &&
( substr_count( $string, $newline ) > 1 || substr( $string, -strlen( $newline ) ) !== $newline ) ) {
$po = "$quote$quote$newline$po";
}
// Remove empty strings.
$po = str_replace( "$newline$quote$quote", '', $po );
return $po;
}
/**
* Gives back the original string from a PO-formatted string
*
* @param string $string PO-formatted string
* @return string enascaped string
*/
public static function unpoify( $string ) {
$escapes = array(
't' => "\t",
'n' => "\n",
'r' => "\r",
'\\' => '\\',
);
$lines = array_map( 'trim', explode( "\n", $string ) );
$lines = array_map( array('wfPO', 'trim_quotes' ), $lines );
$unpoified = '';
$previous_is_backslash = false;
foreach ( $lines as $line ) {
preg_match_all( '/./u', $line, $chars );
$chars = $chars[0];
foreach ( $chars as $char ) {
if ( ! $previous_is_backslash ) {
if ( '\\' === $char ) {
$previous_is_backslash = true;
} else {
$unpoified .= $char;
}
} else {
$previous_is_backslash = false;
$unpoified .= isset( $escapes[ $char ] ) ? $escapes[ $char ] : $char;
}
}
}
// Standardise the line endings on imported content, technically PO files shouldn't contain \r.
$unpoified = str_replace( array( "\r\n", "\r" ), "\n", $unpoified );
return $unpoified;
}
/**
* Inserts $with in the beginning of every new line of $string and
* returns the modified string
*
* @param string $string prepend lines in this string
* @param string $with prepend lines with this string
*/
public static function prepend_each_line( $string, $with ) {
$lines = explode( "\n", $string );
$append = '';
if ( "\n" === substr( $string, -1 ) && '' === end( $lines ) ) {
/*
* Last line might be empty because $string was terminated
* with a newline, remove it from the $lines array,
* we'll restore state by re-terminating the string at the end.
*/
array_pop( $lines );
$append = "\n";
}
foreach ( $lines as &$line ) {
$line = $with . $line;
}
unset( $line );
return implode( "\n", $lines ) . $append;
}
/**
* Prepare a text as a comment -- wraps the lines and prepends #
* and a special character to each line
*
* @access private
* @param string $text the comment text
* @param string $char character to denote a special PO comment,
* like :, default is a space
*/
public static function comment_block( $text, $char = ' ' ) {
$text = wordwrap( $text, WF_PO_MAX_LINE_LEN - 3 );
return wfPO::prepend_each_line( $text, "#$char " );
}
/**
* Builds a string from the entry for inclusion in PO file
*
* @param wfTranslation_Entry $entry the entry to convert to po string (passed by reference).
* @return string|false PO-style formatted string for the entry or
* false if the entry is empty
*/
public static function export_entry( &$entry ) {
if ( null === $entry->singular || '' === $entry->singular ) {
return false;
}
$po = array();
if ( ! empty( $entry->translator_comments ) ) {
$po[] = wfPO::comment_block( $entry->translator_comments );
}
if ( ! empty( $entry->extracted_comments ) ) {
$po[] = wfPO::comment_block( $entry->extracted_comments, '.' );
}
if ( ! empty( $entry->references ) ) {
$po[] = wfPO::comment_block( implode( ' ', $entry->references ), ':' );
}
if ( ! empty( $entry->flags ) ) {
$po[] = wfPO::comment_block( implode( ', ', $entry->flags ), ',' );
}
if ( $entry->context ) {
$po[] = 'msgctxt ' . wfPO::poify( $entry->context );
}
$po[] = 'msgid ' . wfPO::poify( $entry->singular );
if ( ! $entry->is_plural ) {
$translation = empty( $entry->translations ) ? '' : $entry->translations[0];
$translation = wfPO::match_begin_and_end_newlines( $translation, $entry->singular );
$po[] = 'msgstr ' . wfPO::poify( $translation );
} else {
$po[] = 'msgid_plural ' . wfPO::poify( $entry->plural );
$translations = empty( $entry->translations ) ? array( '', '' ) : $entry->translations;
foreach ( $translations as $i => $translation ) {
$translation = wfPO::match_begin_and_end_newlines( $translation, $entry->plural );
$po[] = "msgstr[$i] " . wfPO::poify( $translation );
}
}
return implode( "\n", $po );
}
public static function match_begin_and_end_newlines( $translation, $original ) {
if ( '' === $translation ) {
return $translation;
}
$original_begin = "\n" === substr( $original, 0, 1 );
$original_end = "\n" === substr( $original, -1 );
$translation_begin = "\n" === substr( $translation, 0, 1 );
$translation_end = "\n" === substr( $translation, -1 );
if ( $original_begin ) {
if ( ! $translation_begin ) {
$translation = "\n" . $translation;
}
} elseif ( $translation_begin ) {
$translation = ltrim( $translation, "\n" );
}
if ( $original_end ) {
if ( ! $translation_end ) {
$translation .= "\n";
}
} elseif ( $translation_end ) {
$translation = rtrim( $translation, "\n" );
}
return $translation;
}
/**
* @param string $filename
* @return boolean
*/
function import_from_file( $filename ) {
$f = fopen( $filename, 'r' );
if ( ! $f ) {
return false;
}
$lineno = 0;
while ( true ) {
$res = $this->read_entry( $f, $lineno );
if ( ! $res ) {
break;
}
if ( '' === $res['entry']->singular ) {
$this->set_headers( $this->make_headers( $res['entry']->translations[0] ) );
} else {
$this->add_entry( $res['entry'] );
}
}
wfPO::read_line( $f, 'clear' );
if ( false === $res ) {
return false;
}
if ( ! $this->headers && ! $this->entries ) {
return false;
}
return true;
}
/**
* Helper function for read_entry
*
* @param string $context
* @return bool
*/
protected static function is_final( $context ) {
return ( 'msgstr' === $context ) || ( 'msgstr_plural' === $context );
}
/**
* @param resource $f
* @param int $lineno
* @return null|false|array
*/
function read_entry( $f, $lineno = 0 ) {
$entry = new wfTranslation_Entry();
// Where were we in the last step.
// Can be: comment, msgctxt, msgid, msgid_plural, msgstr, msgstr_plural.
$context = '';
$msgstr_index = 0;
while ( true ) {
$lineno++;
$line = wfPO::read_line( $f );
if ( ! $line ) {
if ( feof( $f ) ) {
if ( self::is_final( $context ) ) {
break;
} elseif ( ! $context ) { // We haven't read a line and EOF came.
return null;
} else {
return false;
}
} else {
return false;
}
}
if ( "\n" === $line ) {
continue;
}
$line = trim( $line );
if ( preg_match( '/^#/', $line, $m ) ) {
// The comment is the start of a new entry.
if ( self::is_final( $context ) ) {
wfPO::read_line( $f, 'put-back' );
$lineno--;
break;
}
// Comments have to be at the beginning.
if ( $context && 'comment' !== $context ) {
return false;
}
// Add comment.
$this->add_comment_to_entry( $entry, $line );
} elseif ( preg_match( '/^msgctxt\s+(".*")/', $line, $m ) ) {
if ( self::is_final( $context ) ) {
wfPO::read_line( $f, 'put-back' );
$lineno--;
break;
}
if ( $context && 'comment' !== $context ) {
return false;
}
$context = 'msgctxt';
$entry->context .= wfPO::unpoify( $m[1] );
} elseif ( preg_match( '/^msgid\s+(".*")/', $line, $m ) ) {
if ( self::is_final( $context ) ) {
wfPO::read_line( $f, 'put-back' );
$lineno--;
break;
}
if ( $context && 'msgctxt' !== $context && 'comment' !== $context ) {
return false;
}
$context = 'msgid';
$entry->singular .= wfPO::unpoify( $m[1] );
} elseif ( preg_match( '/^msgid_plural\s+(".*")/', $line, $m ) ) {
if ( 'msgid' !== $context ) {
return false;
}
$context = 'msgid_plural';
$entry->is_plural = true;
$entry->plural .= wfPO::unpoify( $m[1] );
} elseif ( preg_match( '/^msgstr\s+(".*")/', $line, $m ) ) {
if ( 'msgid' !== $context ) {
return false;
}
$context = 'msgstr';
$entry->translations = array( wfPO::unpoify( $m[1] ) );
} elseif ( preg_match( '/^msgstr\[(\d+)\]\s+(".*")/', $line, $m ) ) {
if ( 'msgid_plural' !== $context && 'msgstr_plural' !== $context ) {
return false;
}
$context = 'msgstr_plural';
$msgstr_index = $m[1];
$entry->translations[ $m[1] ] = wfPO::unpoify( $m[2] );
} elseif ( preg_match( '/^".*"$/', $line ) ) {
$unpoified = wfPO::unpoify( $line );
switch ( $context ) {
case 'msgid':
$entry->singular .= $unpoified;
break;
case 'msgctxt':
$entry->context .= $unpoified;
break;
case 'msgid_plural':
$entry->plural .= $unpoified;
break;
case 'msgstr':
$entry->translations[0] .= $unpoified;
break;
case 'msgstr_plural':
$entry->translations[ $msgstr_index ] .= $unpoified;
break;
default:
return false;
}
} else {
return false;
}
}
$have_translations = false;
foreach ( $entry->translations as $t ) {
if ( $t || ( '0' === $t ) ) {
$have_translations = true;
break;
}
}
if ( false === $have_translations ) {
$entry->translations = array();
}
return array(
'entry' => $entry,
'lineno' => $lineno,
);
}
/**
* @param resource $f
* @param string $action
* @return boolean
*/
function read_line( $f, $action = 'read' ) {
static $last_line = '';
static $use_last_line = false;
if ( 'clear' === $action ) {
$last_line = '';
return true;
}
if ( 'put-back' === $action ) {
$use_last_line = true;
return true;
}
$line = $use_last_line ? $last_line : fgets( $f );
$line = ( "\r\n" === substr( $line, -2 ) ) ? rtrim( $line, "\r\n" ) . "\n" : $line;
$last_line = $line;
$use_last_line = false;
return $line;
}
/**
* @param wfTranslation_Entry $entry
* @param string $po_comment_line
*/
function add_comment_to_entry( &$entry, $po_comment_line ) {
$first_two = substr( $po_comment_line, 0, 2 );
$comment = trim( substr( $po_comment_line, 2 ) );
if ( '#:' === $first_two ) {
$entry->references = array_merge( $entry->references, preg_split( '/\s+/', $comment ) );
} elseif ( '#.' === $first_two ) {
$entry->extracted_comments = trim( $entry->extracted_comments . "\n" . $comment );
} elseif ( '#,' === $first_two ) {
$entry->flags = array_merge( $entry->flags, preg_split( '/,\s*/', $comment ) );
} else {
$entry->translator_comments = trim( $entry->translator_comments . "\n" . $comment );
}
}
/**
* @param string $s
* @return string
*/
public static function trim_quotes( $s ) {
if ( '"' === substr( $s, 0, 1 ) ) {
$s = substr( $s, 1 );
}
if ( '"' === substr( $s, -1, 1 ) ) {
$s = substr( $s, 0, -1 );
}
return $s;
}
}
endif;

338
wp/plugins/wordfence/waf/pomo/streams.php Normal file
View File

@@ -0,0 +1,338 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* Classes, which help reading streams of data from files.
* Based on the classes from Danilo Segan <danilo@kvota.net>
*
* @version $Id: streams.php 1157 2015-11-20 04:30:11Z dd32 $
* @package pomo
* @subpackage streams
*/
if ( ! class_exists( 'wfPOMO_Reader', false ) ) :
class wfPOMO_Reader {
var $endian = 'little';
var $_post = '';
private $is_overloaded;
protected $_pos;
/**
* PHP5 constructor.
*/
function __construct() {
$this->is_overloaded = ( ( ini_get( 'mbstring.func_overload' ) & 2 ) != 0 ) && function_exists( 'mb_substr' ); // phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecated
$this->_pos = 0;
}
/**
* Sets the endianness of the file.
*
* @param string $endian Set the endianness of the file. Accepts 'big', or 'little'.
*/
function setEndian( $endian ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid
$this->endian = $endian;
}
/**
* Reads a 32bit Integer from the Stream
*
* @return mixed The integer, corresponding to the next 32 bits from
* the stream of false if there are not enough bytes or on error
*/
function readint32() {
$bytes = $this->read( 4 );
if ( 4 != $this->strlen( $bytes ) ) {
return false;
}
$endian_letter = ( 'big' === $this->endian ) ? 'N' : 'V';
$int = unpack( $endian_letter, $bytes );
return reset( $int );
}
/**
* Reads an array of 32-bit Integers from the Stream
*
* @param integer $count How many elements should be read
* @return mixed Array of integers or false if there isn't
* enough data or on error
*/
function readint32array( $count ) {
$bytes = $this->read( 4 * $count );
if ( 4 * $count != $this->strlen( $bytes ) ) {
return false;
}
$endian_letter = ( 'big' === $this->endian ) ? 'N' : 'V';
return unpack( $endian_letter . $count, $bytes );
}
/**
* @param string $string
* @param int $start
* @param int $length
* @return string
*/
function substr( $string, $start, $length ) {
if ( $this->is_overloaded ) {
return mb_substr( $string, $start, $length, 'ascii' );
} else {
return substr( $string, $start, $length );
}
}
/**
* @param string $string
* @return int
*/
function strlen( $string ) {
if ( $this->is_overloaded ) {
return mb_strlen( $string, 'ascii' );
} else {
return strlen( $string );
}
}
/**
* @param string $string
* @param int $chunk_size
* @return array
*/
function str_split( $string, $chunk_size ) {
if ( ! function_exists( 'str_split' ) ) {
$length = $this->strlen( $string );
$out = array();
for ( $i = 0; $i < $length; $i += $chunk_size ) {
$out[] = $this->substr( $string, $i, $chunk_size );
}
return $out;
} else {
return str_split( $string, $chunk_size );
}
}
/**
* @return int
*/
function pos() {
return $this->_pos;
}
/**
* @return true
*/
function is_resource() {
return true;
}
/**
* @return true
*/
function close() {
return true;
}
}
endif;
if ( ! class_exists( 'wfPOMO_FileReader', false ) ) :
class wfPOMO_FileReader extends wfPOMO_Reader {
private $_f;
/**
* @param string $filename
*/
function __construct( $filename ) {
parent::__construct();
$this->_f = fopen( $filename, 'rb' );
}
/**
* @param int $bytes
* @return string|false Returns read string, otherwise false.
*/
function read( $bytes ) {
return fread( $this->_f, $bytes );
}
/**
* @param int $pos
* @return boolean
*/
function seekto( $pos ) {
if ( -1 == fseek( $this->_f, $pos, SEEK_SET ) ) {
return false;
}
$this->_pos = $pos;
return true;
}
/**
* @return bool
*/
function is_resource() {
return is_resource( $this->_f );
}
/**
* @return bool
*/
function feof() {
return feof( $this->_f );
}
/**
* @return bool
*/
function close() {
return fclose( $this->_f );
}
/**
* @return string
*/
function read_all() {
$all = '';
while ( ! $this->feof() ) {
$all .= $this->read( 4096 );
}
return $all;
}
}
endif;
if ( ! class_exists( 'wfPOMO_StringReader', false ) ) :
/**
* Provides file-like methods for manipulating a string instead
* of a physical file.
*/
class wfPOMO_StringReader extends wfPOMO_Reader {
var $_str = '';
/**
* PHP5 constructor.
*/
function __construct( $str = '' ) {
parent::__construct();
$this->_str = $str;
$this->_pos = 0;
}
/**
* @param string $bytes
* @return string
*/
function read( $bytes ) {
$data = $this->substr( $this->_str, $this->_pos, $bytes );
$this->_pos += $bytes;
if ( $this->strlen( $this->_str ) < $this->_pos ) {
$this->_pos = $this->strlen( $this->_str );
}
return $data;
}
/**
* @param int $pos
* @return int
*/
function seekto( $pos ) {
$this->_pos = $pos;
if ( $this->strlen( $this->_str ) < $this->_pos ) {
$this->_pos = $this->strlen( $this->_str );
}
return $this->_pos;
}
/**
* @return int
*/
function length() {
return $this->strlen( $this->_str );
}
/**
* @return string
*/
function read_all() {
return $this->substr( $this->_str, $this->_pos, $this->strlen( $this->_str ) );
}
}
endif;
if ( ! class_exists( 'wfPOMO_CachedFileReader', false ) ) :
/**
* Reads the contents of the file in the beginning.
*/
class wfPOMO_CachedFileReader extends wfPOMO_StringReader {
/**
* PHP5 constructor.
*/
function __construct( $filename ) {
parent::__construct();
$this->_str = file_get_contents( $filename );
if ( false === $this->_str ) {
return false;
}
$this->_pos = 0;
}
}
endif;
if ( ! class_exists( 'wfPOMO_CachedIntFileReader', false ) ) :
/**
* Reads the contents of the file in the beginning.
*/
class wfPOMO_CachedIntFileReader extends wfPOMO_CachedFileReader {
/**
* PHP5 constructor.
*/
public function __construct( $filename ) {
parent::__construct( $filename );
}
}
endif;

426
wp/plugins/wordfence/waf/pomo/translations.php Normal file
View File

@@ -0,0 +1,426 @@
<?php
/**
* This is a modified version of the POMO library included with WordPress. The WordPress copyright has been included
* for attribution.
*/
/*
WordPress - Web publishing software
Copyright 2011-2020 by the contributors
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
This program incorporates work covered by the following copyright and
permission notices:
b2 is (c) 2001, 2002 Michel Valdrighi - https://cafelog.com
Wherever third party code has been used, credit has been given in the code's
comments.
b2 is released under the GPL
and
WordPress - Web publishing software
Copyright 2003-2010 by the contributors
WordPress is released under the GPL
*/
/**
* Class for a set of entries for translation and their associated headers
*
* @version $Id: translations.php 1157 2015-11-20 04:30:11Z dd32 $
* @package pomo
* @subpackage translations
*/
require_once __DIR__ . '/plural-forms.php';
require_once __DIR__ . '/entry.php';
if ( ! class_exists( 'wfTranslations', false ) ) :
class wfTranslations {
var $entries = array();
var $headers = array();
/**
* Add entry to the PO structure
*
* @param array|wfTranslation_Entry $entry
* @return bool true on success, false if the entry doesn't have a key
*/
function add_entry( $entry ) {
if ( is_array( $entry ) ) {
$entry = new wfTranslation_Entry( $entry );
}
$key = $entry->key();
if ( false === $key ) {
return false;
}
$this->entries[ $key ] = &$entry;
return true;
}
/**
* @param array|wfTranslation_Entry $entry
* @return bool
*/
function add_entry_or_merge( $entry ) {
if ( is_array( $entry ) ) {
$entry = new wfTranslation_Entry( $entry );
}
$key = $entry->key();
if ( false === $key ) {
return false;
}
if ( isset( $this->entries[ $key ] ) ) {
$this->entries[ $key ]->merge_with( $entry );
} else {
$this->entries[ $key ] = &$entry;
}
return true;
}
/**
* Sets $header PO header to $value
*
* If the header already exists, it will be overwritten
*
* TODO: this should be out of this class, it is gettext specific
*
* @param string $header header name, without trailing :
* @param string $value header value, without trailing \n
*/
function set_header( $header, $value ) {
$this->headers[ $header ] = $value;
}
/**
* @param array $headers
*/
function set_headers( $headers ) {
foreach ( $headers as $header => $value ) {
$this->set_header( $header, $value );
}
}
/**
* @param string $header
*/
function get_header( $header ) {
return isset( $this->headers[ $header ] ) ? $this->headers[ $header ] : false;
}
/**
* @param wfTranslation_Entry $entry
*/
function translate_entry( &$entry ) {
$key = $entry->key();
return isset( $this->entries[ $key ] ) ? $this->entries[ $key ] : false;
}
/**
* @param string $singular
* @param string $context
* @return string
*/
function translate( $singular, $context = null ) {
$entry = new wfTranslation_Entry(
array(
'singular' => $singular,
'context' => $context,
)
);
$translated = $this->translate_entry( $entry );
return ( $translated && ! empty( $translated->translations ) ) ? $translated->translations[0] : $singular;
}
/**
* Given the number of items, returns the 0-based index of the plural form to use
*
* Here, in the base Translations class, the common logic for English is implemented:
* 0 if there is one element, 1 otherwise
*
* This function should be overridden by the subclasses. For example MO/PO can derive the logic
* from their headers.
*
* @param integer $count number of items
*/
function select_plural_form( $count ) {
return 1 == $count ? 0 : 1;
}
/**
* @return int
*/
function get_plural_forms_count() {
return 2;
}
/**
* @param string $singular
* @param string $plural
* @param int $count
* @param string $context
*/
function translate_plural( $singular, $plural, $count, $context = null ) {
$entry = new wfTranslation_Entry(
array(
'singular' => $singular,
'plural' => $plural,
'context' => $context,
)
);
$translated = $this->translate_entry( $entry );
$index = $this->select_plural_form( $count );
$total_plural_forms = $this->get_plural_forms_count();
if ( $translated && 0 <= $index && $index < $total_plural_forms &&
is_array( $translated->translations ) &&
isset( $translated->translations[ $index ] ) ) {
return $translated->translations[ $index ];
} else {
return 1 == $count ? $singular : $plural;
}
}
/**
* Merge $other in the current object.
*
* @param Object $other Another Translation object, whose translations will be merged in this one (passed by reference).
* @return void
*/
function merge_with( &$other ) {
foreach ( $other->entries as $entry ) {
$this->entries[ $entry->key() ] = $entry;
}
}
/**
* @param object $other
*/
function merge_originals_with( &$other ) {
foreach ( $other->entries as $entry ) {
if ( ! isset( $this->entries[ $entry->key() ] ) ) {
$this->entries[ $entry->key() ] = $entry;
} else {
$this->entries[ $entry->key() ]->merge_with( $entry );
}
}
}
}
class wfGettext_Translations extends wfTranslations {
private $_gettext_select_plural_form = null;
/**
* The gettext implementation of select_plural_form.
*
* It lives in this class, because there are more than one descendand, which will use it and
* they can't share it effectively.
*
* @param int $count
*/
function gettext_select_plural_form( $count ) {
if ( ! isset( $this->_gettext_select_plural_form ) || is_null( $this->_gettext_select_plural_form ) ) {
list( $nplurals, $expression ) = $this->nplurals_and_expression_from_header( $this->get_header( 'Plural-Forms' ) );
$this->_nplurals = $nplurals;
$this->_gettext_select_plural_form = $this->make_plural_form_function( $nplurals, $expression );
}
return call_user_func( $this->_gettext_select_plural_form, $count );
}
/**
* @param string $header
* @return array
*/
function nplurals_and_expression_from_header( $header ) {
if ( preg_match( '/^\s*nplurals\s*=\s*(\d+)\s*;\s+plural\s*=\s*(.+)$/', $header, $matches ) ) {
$nplurals = (int) $matches[1];
$expression = trim( $matches[2] );
return array( $nplurals, $expression );
} else {
return array( 2, 'n != 1' );
}
}
/**
* Makes a function, which will return the right translation index, according to the
* plural forms header
*
* @param int $nplurals
* @param string $expression
*/
function make_plural_form_function( $nplurals, $expression ) {
try {
$handler = new wfPlural_Forms( rtrim( $expression, ';' ) );
return array( $handler, 'get' );
} catch ( Exception $e ) {
// Fall back to default plural-form function.
return $this->make_plural_form_function( 2, 'n != 1' );
}
}
/**
* Adds parentheses to the inner parts of ternary operators in
* plural expressions, because PHP evaluates ternary oerators from left to right
*
* @param string $expression the expression without parentheses
* @return string the expression with parentheses added
*/
function parenthesize_plural_exression( $expression ) {
$expression .= ';';
$res = '';
$depth = 0;
for ( $i = 0; $i < strlen( $expression ); ++$i ) {
$char = $expression[ $i ];
switch ( $char ) {
case '?':
$res .= ' ? (';
$depth++;
break;
case ':':
$res .= ') : (';
break;
case ';':
$res .= str_repeat( ')', $depth ) . ';';
$depth = 0;
break;
default:
$res .= $char;
}
}
return rtrim( $res, ';' );
}
/**
* @param string $translation
* @return array
*/
function make_headers( $translation ) {
$headers = array();
// Sometimes \n's are used instead of real new lines.
$translation = str_replace( '\n', "\n", $translation );
$lines = explode( "\n", $translation );
foreach ( $lines as $line ) {
$parts = explode( ':', $line, 2 );
if ( ! isset( $parts[1] ) ) {
continue;
}
$headers[ trim( $parts[0] ) ] = trim( $parts[1] );
}
return $headers;
}
/**
* @param string $header
* @param string $value
*/
function set_header( $header, $value ) {
parent::set_header( $header, $value );
if ( 'Plural-Forms' === $header ) {
list( $nplurals, $expression ) = $this->nplurals_and_expression_from_header( $this->get_header( 'Plural-Forms' ) );
$this->_nplurals = $nplurals;
$this->_gettext_select_plural_form = $this->make_plural_form_function( $nplurals, $expression );
}
}
}
endif;
if ( ! class_exists( 'wfNOOP_Translations', false ) ) :
/**
* Provides the same interface as Translations, but doesn't do anything
*/
class wfNOOP_Translations {
var $entries = array();
var $headers = array();
function add_entry( $entry ) {
return true;
}
/**
* @param string $header
* @param string $value
*/
function set_header( $header, $value ) {
}
/**
* @param array $headers
*/
function set_headers( $headers ) {
}
/**
* @param string $header
* @return false
*/
function get_header( $header ) {
return false;
}
/**
* @param wfTranslation_Entry $entry
* @return false
*/
function translate_entry( &$entry ) {
return false;
}
/**
* @param string $singular
* @param string $context
*/
function translate( $singular, $context = null ) {
return $singular;
}
/**
* @param int $count
* @return bool
*/
function select_plural_form( $count ) {
return 1 == $count ? 0 : 1;
}
/**
* @return int
*/
function get_plural_forms_count() {
return 2;
}
/**
* @param string $singular
* @param string $plural
* @param int $count
* @param string $context
*/
function translate_plural( $singular, $plural, $count, $context = null ) {
return 1 == $count ? $singular : $plural;
}
/**
* @param object $other
*/
function merge_with( &$other ) {
}
}
endif;

527
wp/plugins/wordfence/waf/wfWAFIPBlocksController.php Normal file
View File

@@ -0,0 +1,527 @@
<?php
if (!defined('WFWAF_RUN_COMPLETE')) {
require_once __DIR__ . '/../vendor/wordfence/wf-waf/src/lib/shutdown.php';
class wfWAFIPBlocksController
{
const WFWAF_BLOCK_UAREFIPRANGE = 'UA/Referrer/IP Range not allowed';
const WFWAF_BLOCK_COUNTRY = 'blocked access via country blocking';
const WFWAF_BLOCK_COUNTRY_REDIR = 'blocked access via country blocking and redirected to URL';
const WFWAF_BLOCK_COUNTRY_BYPASS_REDIR = 'redirected to bypass URL';
const WFWAF_BLOCK_WFSN = 'Blocked by Wordfence Security Network';
const WFWAF_BLOCK_BADPOST = 'POST received with blank user-agent and referer';
const WFWAF_BLOCK_BANNEDURL = 'Accessed a banned URL.';
const WFWAF_BLOCK_FAKEGOOGLE = 'Fake Google crawler automatically blocked';
const WFWAF_BLOCK_LOGINSEC = 'Blocked by login security setting.';
const WFWAF_BLOCK_LOGINSEC_FORGOTPASSWD = 'Exceeded the maximum number of tries to recover their password'; //substring search
const WFWAF_BLOCK_LOGINSEC_FAILURES = 'Exceeded the maximum number of login failures'; //substring search
const WFWAF_BLOCK_THROTTLEGLOBAL = 'Exceeded the maximum global requests per minute for crawlers or humans.';
const WFWAF_BLOCK_THROTTLESCAN = 'Exceeded the maximum number of 404 requests per minute for a known security vulnerability.';
const WFWAF_BLOCK_THROTTLECRAWLER = 'Exceeded the maximum number of requests per minute for crawlers.';
const WFWAF_BLOCK_THROTTLECRAWLERNOTFOUND = 'Exceeded the maximum number of page not found errors per minute for a crawler.';
const WFWAF_BLOCK_THROTTLEHUMAN = 'Exceeded the maximum number of page requests per minute for humans.';
const WFWAF_BLOCK_THROTTLEHUMANNOTFOUND = 'Exceeded the maximum number of page not found errors per minute for humans.';
protected static $_currentController = null;
public static function currentController() {
if (self::$_currentController === null) {
self::$_currentController = new wfWAFIPBlocksController();
}
return self::$_currentController;
}
public static function setCurrentController($currentController) {
self::$_currentController = $currentController;
}
/**
* Schedules a config sync to happen at the end of the current process's execution.
*/
public static function setNeedsSynchronizeConfigSettings() {
static $willSynchronize = false;
if (!$willSynchronize) {
$willSynchronize = true;
wfShutdownRegistry::getDefaultInstance()->register('wfWAFIPBlocksController::synchronizeConfigSettings');
}
}
public static function synchronizeConfigSettings() {
if (!class_exists('wfConfig') || !wfConfig::tableExists() || !wfWAF::getInstance()) { // Ensure this is only called when WordPress and the plugin are fully loaded
return;
}
static $isSynchronizing = false;
if ($isSynchronizing) {
return;
}
$isSynchronizing = true;
global $wpdb;
$suppressed = $wpdb->suppress_errors(!(defined('WFWAF_DEBUG') && WFWAF_DEBUG));
// Pattern Blocks
$blocks = wfBlock::patternBlocks(true);
$patternBlocks = array();
foreach ($blocks as $b) {
$patternBlocks[] = array('id' => $b->id, 'ipRange' => $b->ipRange, 'hostnamePattern' => $b->hostname, 'uaPattern' => $b->userAgent, 'refPattern' => $b->referrer, 'expiration' => $b->expiration);
}
// Country Blocks
$countryBlocks = array();
$countryBlockEntries = wfBlock::countryBlocks(true);
$countryBlocks['blocks'] = array();
foreach ($countryBlockEntries as $b) {
$reason = __('Access from your area has been temporarily limited for security reasons', 'wordfence');
$countryBlocks['blocks'][] = array(
'id' => $b->id,
'countries' => $b->countries,
'blockLogin' => $b->blockLogin,
'blockSite' => $b->blockSite,
'reason' => $reason,
'expiration' => $b->expiration,
);
}
$countryBlocks['action'] = wfConfig::get('cbl_action', false);
$countryBlocks['loggedInBlocked'] = wfConfig::get('cbl_loggedInBlocked', false);
$countryBlocks['bypassRedirURL'] = wfConfig::get('cbl_bypassRedirURL', '');
$countryBlocks['bypassRedirDest'] = wfConfig::get('cbl_bypassRedirDest', '');
$countryBlocks['bypassViewURL'] = wfConfig::get('cbl_bypassViewURL', '');
$countryBlocks['redirURL'] = wfConfig::get('cbl_redirURL', '');
$countryBlocks['cookieVal'] = wfBlock::countryBlockingBypassCookieValue();
//Other Blocks
$otherBlocks = array('blockedTime' => wfConfig::get('blockedTime', 0));
$otherBlockEntries = wfBlock::ipBlocks(true);
$otherBlocks['blocks'] = array();
foreach ($otherBlockEntries as $b) {
$reason = $b->reason;
if ($b->type == wfBlock::TYPE_IP_MANUAL || $b->type == wfBlock::TYPE_IP_AUTOMATIC_PERMANENT) {
$reason = __('Manual block by administrator', 'wordfence');
}
$otherBlocks['blocks'][] = array(
'id' => $b->id,
'IP' => base64_encode(wfUtils::inet_pton($b->ip)),
'reason' => $reason,
'expiration' => $b->expiration,
);
}
//Lockouts
$lockoutEntries = wfBlock::lockouts(true);
$lockoutSecs = wfConfig::get('loginSec_lockoutMins') * 60;
$lockouts = array('lockedOutTime' => $lockoutSecs, 'lockouts' => array());
foreach ($lockoutEntries as $l) {
$lockouts['lockouts'][] = array(
'id' => $l->id,
'IP' => base64_encode(wfUtils::inet_pton($l->ip)),
'reason' => $l->reason,
'expiration' => $l->expiration,
);
}
// Save it
try {
$patternBlocksJSON = wfWAFUtils::json_encode($patternBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('patternBlocks', $patternBlocksJSON, 'synced');
$countryBlocksJSON = wfWAFUtils::json_encode($countryBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('countryBlocks', $countryBlocksJSON, 'synced');
$otherBlocksJSON = wfWAFUtils::json_encode($otherBlocks);
wfWAF::getInstance()->getStorageEngine()->setConfig('otherBlocks', $otherBlocksJSON, 'synced');
$lockoutsJSON = wfWAFUtils::json_encode($lockouts);
wfWAF::getInstance()->getStorageEngine()->setConfig('lockouts', $lockoutsJSON, 'synced');
wfWAF::getInstance()->getStorageEngine()->setConfig('advancedBlockingEnabled', wfConfig::get('firewallEnabled'), 'synced');
wfWAF::getInstance()->getStorageEngine()->setConfig('disableWAFIPBlocking', wfConfig::get('disableWAFIPBlocking'), 'synced');
}
catch (Exception $e) {
// Do nothing
}
$isSynchronizing = false;
$wpdb->suppress_errors($suppressed);
}
/**
* @param wfWAFRequest $request
* @return bool|string If not blocked, returns false. Otherwise a string of the reason it was blocked or true.
*/
public function shouldBlockRequest($request) {
// Checking the user whitelist is done before reaching this call
$ip = $request->getIP();
//Check the system whitelist
if ($this->checkForWhitelisted($ip)) {
return false;
}
//Let the plugin handle these
$wfFunc = $request->getQueryString('_wfsf');
if ($wfFunc == 'unlockEmail' || $wfFunc == 'unlockAccess') { // Can't check validity here, let it pass through to plugin level where it can
return false;
}
$logHuman = $request->getQueryString('wordfence_lh');
if ($logHuman !== null) {
return false;
}
//Start block checks
$ipNum = wfWAFUtils::inet_pton($ip);
$hostname = null;
$ua = $request->getHeaders('User-Agent'); if ($ua === null) { $ua = ''; }
$referer = $request->getHeaders('Referer'); if ($referer === null) { $referer = ''; }
$isPaid = false;
try {
$isPaid = wfWAF::getInstance()->getStorageEngine()->getConfig('isPaid', null, 'synced');
$pluginABSPATH = wfWAF::getInstance()->getStorageEngine()->getConfig('pluginABSPATH', null, 'synced');
$patternBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('patternBlocks', null, 'synced');
$countryBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('countryBlocks', null, 'synced');
$otherBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('otherBlocks', null, 'synced');
$lockoutsJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('lockouts', null, 'synced');
}
catch (Exception $e) {
// Do nothing
}
if (isset($_SERVER['SCRIPT_FILENAME']) && (strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-admin/") === 0 || strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-content/") === 0 || strpos($_SERVER['SCRIPT_FILENAME'], $pluginABSPATH . "wp-includes/") === 0)) {
return false; //Rely on WordPress's own access control and blocking at the plugin level
}
// Pattern Blocks from the Advanced Blocking page (IP Range, UA, Referer)
$patternBlocks = @wfWAFUtils::json_decode($patternBlocksJSON, true);
if (is_array($patternBlocks)) {
// Instead of a long block of if/else statements, using bitshifting to generate an expected value and a found value
$ipRangeOffset = 1;
$uaPatternOffset = 2;
$refPatternOffset = 3;
foreach ($patternBlocks as $b) {
$expectedBits = 0;
$foundBits = 0;
if (isset($b['expiration']) && $b['expiration'] < time() && $b['expiration'] != 0) {
continue;
}
if (!empty($b['ipRange'])) {
$expectedBits |= (1 << $ipRangeOffset);
$range = new wfWAFUserIPRange($b['ipRange']);
if ($range->isIPInRange($ip)) {
$foundBits |= (1 << $ipRangeOffset);
}
}
if (!empty($b['hostnamePattern'])) {
$expectedBits |= (1 << $ipRangeOffset);
if ($hostname === null) {
$hostname = wfWAFUtils::reverseLookup($ip);
}
if (preg_match(wfWAFUtils::patternToRegex($b['hostnamePattern']), $hostname)) {
$foundBits |= (1 << $ipRangeOffset);
}
}
if (!empty($b['uaPattern'])) {
$expectedBits |= (1 << $uaPatternOffset);
if (wfWAFUtils::isUABlocked($b['uaPattern'], $ua)) {
$foundBits |= (1 << $uaPatternOffset);
}
}
if (!empty($b['refPattern'])) {
$expectedBits |= (1 << $refPatternOffset);
if (wfWAFUtils::isRefererBlocked($b['refPattern'], $referer)) {
$foundBits |= (1 << $refPatternOffset);
}
}
if ($foundBits === $expectedBits && $expectedBits > 0) {
return array('action' => self::WFWAF_BLOCK_UAREFIPRANGE, 'id' => $b['id']);
}
}
}
// End Pattern Blocks
// Country Blocking
if ($isPaid) {
$countryBlocks = @wfWAFUtils::json_decode($countryBlocksJSON, true);
if (is_array($countryBlocks) && isset($countryBlocks['blocks'])) {
$blocks = $countryBlocks['blocks'];
foreach ($blocks as $b) {
$blockedCountries = $b['countries'];
$bareRequestURI = wfWAFUtils::extractBareURI($request->getURI());
$bareBypassRedirURI = wfWAFUtils::extractBareURI($countryBlocks['bypassRedirURL']);
$skipCountryBlocking = false;
if ($bareBypassRedirURI && $bareRequestURI == $bareBypassRedirURI) { // Run this before country blocking because even if the user isn't blocked we need to set the bypass cookie so they can bypass future blocks.
if ($countryBlocks['bypassRedirDest']) {
setcookie('wfCBLBypass', $countryBlocks['cookieVal'], time() + (86400 * 365), '/', null, $this->isFullSSL(), true);
return array('action' => self::WFWAF_BLOCK_COUNTRY_BYPASS_REDIR, 'id' => $b['id']);
}
}
$bareBypassViewURI = wfWAFUtils::extractBareURI($countryBlocks['bypassViewURL']);
if ($bareBypassViewURI && $bareBypassViewURI == $bareRequestURI) {
setcookie('wfCBLBypass', $countryBlocks['cookieVal'], time() + (86400 * 365), '/', null, $this->isFullSSL(), true);
$skipCountryBlocking = true;
}
$bypassCookieSet = false;
$bypassCookie = $request->getCookies('wfCBLBypass');
if (isset($bypassCookie) && $bypassCookie == $countryBlocks['cookieVal']) {
$bypassCookieSet = true;
}
if (!$skipCountryBlocking && $blockedCountries && !$bypassCookieSet) {
$isAuthRequest = (strpos($bareRequestURI, '/wp-login.php') !== false);
$isXMLRPC = (strpos($bareRequestURI, '/xmlrpc.php') !== false);
$isUserLoggedIn = wfWAF::getInstance()->parseAuthCookie() !== false;
// If everything is checked, make sure this always runs.
if ($countryBlocks['loggedInBlocked'] && $b['blockLogin'] && $b['blockSite']) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) { $blocked['id'] = $b['id']; return $blocked; }
}
// Block logged in users.
if ($countryBlocks['loggedInBlocked'] && $isUserLoggedIn) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) { $blocked['id'] = $b['id']; return $blocked; }
}
// Block the login form itself and any attempt to authenticate.
if ($b['blockLogin'] && $isAuthRequest) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) { $blocked['id'] = $b['id']; return $blocked; }
}
// Block requests that aren't to the login page, xmlrpc.php, or a user already logged in.
if ($b['blockSite'] && !$isAuthRequest && !$isXMLRPC && !$isUserLoggedIn) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) { $blocked['id'] = $b['id']; return $blocked; }
}
// XMLRPC is inaccesible when public portion of the site and auth is disabled.
if ($b['blockLogin'] && $b['blockSite'] && $isXMLRPC) {
if ($blocked = $this->checkForBlockedCountry($countryBlocks, $ip, $bareRequestURI)) { $blocked['id'] = $b['id']; return $blocked; }
}
// Any bypasses and other block possibilities will be checked at the plugin level once WordPress loads
}
}
}
}
// End Country Blocking
// Other Blocks
$otherBlocks = @wfWAFUtils::json_decode($otherBlocksJSON, true);
if (is_array($otherBlocks)) {
$blocks = $otherBlocks['blocks'];
$bareRequestURI = wfWAFUtils::extractBareURI($request->getURI());
$isAuthRequest = (stripos($bareRequestURI, '/wp-login.php') !== false);
foreach ($blocks as $b) {
if (isset($b['expiration']) && $b['expiration'] < time() && $b['expiration'] != 0) {
continue;
}
if (base64_decode($b['IP']) != $ipNum) {
continue;
}
if ($isAuthRequest && isset($b['wfsn']) && $b['wfsn']) {
return array('action' => self::WFWAF_BLOCK_WFSN, 'id' => $b['id']);
}
return array('action' => (empty($b['reason']) ? '' : $b['reason']), 'id' => $b['id'], 'block' => true);
}
}
// End Other Blocks
// Lockouts
$lockouts = @wfWAFUtils::json_decode($lockoutsJSON, true);
if (is_array($lockouts)) {
$lockouts = $lockouts['lockouts'];
$isAuthRequest = (stripos($bareRequestURI, '/wp-login.php') !== false) || (stripos($bareRequestURI, '/xmlrpc.php') !== false);
if ($isAuthRequest) {
foreach ($lockouts as $l) {
if (isset($l['expiration']) && $l['expiration'] < time()) {
continue;
}
if (base64_decode($l['IP']) != $ipNum) {
continue;
}
return array('action' => (empty($l['reason']) ? '' : $l['reason']), 'id' => $l['id'], 'lockout' => true);
}
}
}
// End Lockouts
return false;
}
public function countryRedirURL($countryBlocks = null) {
if (!isset($countryBlocks)) {
try {
$countryBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('countryBlocks', null, 'synced');
}
catch (Exception $e) {
return false;
}
}
$countryBlocks = @wfWAFUtils::json_decode($countryBlocksJSON, true);
if (is_array($countryBlocks)) {
if ($countryBlocks['action'] == 'redir') {
return $countryBlocks['redirURL'];
}
}
return false;
}
public function countryBypassRedirURL($countryBlocks = null) {
if (!isset($countryBlocks)) {
try {
$countryBlocksJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('countryBlocks', null, 'synced');
}
catch (Exception $e) {
return false;
}
}
$countryBlocks = @wfWAFUtils::json_decode($countryBlocksJSON, true);
if (is_array($countryBlocks)) {
return $countryBlocks['bypassRedirDest'];
}
return false;
}
protected function checkForBlockedCountry($countryBlock, $ip, $bareRequestURI) {
try {
$homeURL = wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL', null, 'synced');
}
catch (Exception $e) {
//Do nothing
}
$bareRequestURI = rtrim($bareRequestURI, '/\\');
if ($country = $this->ip2Country($ip)) {
$blocks = $countryBlock['blocks'];
foreach ($blocks as $b) {
foreach ($b['countries'] as $blocked) {
if (strtoupper($blocked) == strtoupper($country)) {
if ($countryBlock['action'] == 'redir') {
$redirURL = $countryBlock['redirURL'];
$eRedirHost = wfWAFUtils::extractHostname($redirURL);
$isExternalRedir = false;
if ($eRedirHost && $homeURL && $eRedirHost != wfWAFUtils::extractHostname($homeURL)) {
$isExternalRedir = true;
}
if ((!$isExternalRedir) && rtrim(wfWAFUtils::extractBareURI($redirURL), '/\\') == $bareRequestURI){ //Is this the URI we want to redirect to, then don't block it
//Do nothing
}
else {
return array('action' => self::WFWAF_BLOCK_COUNTRY_REDIR);
}
}
else {
return array('action' => self::WFWAF_BLOCK_COUNTRY);
}
}
}
}
}
return false;
}
protected function checkForWhitelisted($ip) {
try {
$pluginABSPATH = wfWAF::getInstance()->getStorageEngine()->getConfig('pluginABSPATH', null, 'synced');
$serverIPsJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('serverIPs', null, 'synced');
$whitelistedServiceIPsJSON = wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedServiceIPs', null, 'synced');
}
catch (Exception $e) {
// Do nothing
}
$serverIPs = @wfWAFUtils::json_decode($serverIPsJSON, true);
if (is_array($serverIPs)) {
if (
(isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == realpath($pluginABSPATH . DIRECTORY_SEPARATOR . 'wp-cron.php')) || //Safe -- plugin will do a final check to make sure the cron constant is defined
(!empty($_GET['wordfence_syncAttackData'])) //Safe but plugin will do a final check to make sure it runs
) {
foreach ($serverIPs as $testIP) {
if (wfWAFUtils::inet_pton($ip) == wfWAFUtils::inet_pton($testIP)) {
return true;
}
}
}
}
$whitelistedServiceIPs = @wfWAFUtils::json_decode($whitelistedServiceIPsJSON, true);
if (is_array($whitelistedServiceIPs)) {
$wfIPWhitelist = $whitelistedServiceIPs;
}
else {
$wordfenceLib = realpath(dirname(__FILE__) . '/../lib');
include($wordfenceLib . '/wfIPWhitelist.php'); /** @var array $wfIPWhitelist */
}
foreach ($wfIPWhitelist as $group) {
foreach ($group as $subnet) {
if ($subnet instanceof wfWAFUserIPRange) { //Not currently reached
if ($subnet->isIPInRange($ip)) {
return true;
}
} elseif (wfWAFUtils::subnetContainsIP($subnet, $ip)) {
return true;
}
}
}
return false;
}
protected function ip2Country($ip) {
/**
* It's possible this class is already loaded from a different installation of the plugin
* by the time this is reached. See wfUtils::requireIpLocator for additional details.
*/
if (!class_exists('wfIpLocator'))
require_once __DIR__ . '/../lib/wfIpLocator.php';
return wfIpLocator::getInstance()->getCountryCode($ip);
}
/**
* Returns whether or not the site should be treated as if it's full-time SSL.
*
* @return bool
*/
protected function isFullSSL() {
try {
$is_ssl = false; //This is the same code from WP modified so we can use it here
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' == strtolower( $_SERVER['HTTPS'] ) ) {
$is_ssl = true;
}
if ( '1' == $_SERVER['HTTPS'] ) {
$is_ssl = true;
}
} elseif ( isset($_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
$is_ssl = true;
}
$homeURL = wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL', null, 'synced');
return $is_ssl && parse_url($homeURL, PHP_URL_SCHEME) === 'https';
}
catch (Exception $e) {
//Do nothing
}
return false;
}
}
}

266
wp/plugins/wordfence/waf/wfWAFUserIPRange.php Normal file
View File

@@ -0,0 +1,266 @@
<?php
if (!defined('WFWAF_RUN_COMPLETE')) {
/**
*
*/
class wfWAFUserIPRange {
/**
* @var string|null
*/
private $ip_string;
/**
* @param string|null $ip_string
*/
public function __construct($ip_string = null) {
$this->setIPString($ip_string);
}
public function isIPInRange($ip) {
$ip_string = $this->getIPString();
if (strpos($ip_string, '/') !== false) { //CIDR range -- 127.0.0.1/24
return wfWAFUtils::subnetContainsIP($ip_string, $ip);
}
else if (strpos($ip_string, '[') !== false) //Bracketed range -- 127.0.0.[1-100]
{
// IPv4 range
if (strpos($ip_string, '.') !== false && strpos($ip, '.') !== false) {
// IPv4-mapped-IPv6
if (preg_match('/:ffff:([^:]+)$/i', $ip_string, $matches)) {
$ip_string = $matches[1];
}
if (preg_match('/:ffff:([^:]+)$/i', $ip, $matches)) {
$ip = $matches[1];
}
// Range check
if (preg_match('/\[\d+\-\d+\]/', $ip_string)) {
$IPparts = explode('.', $ip);
$whiteParts = explode('.', $ip_string);
$mismatch = false;
if (count($whiteParts) != 4 || count($IPparts) != 4) {
return false;
}
for ($i = 0; $i <= 3; $i++) {
if (preg_match('/^\[(\d+)\-(\d+)\]$/', $whiteParts[$i], $m)) {
if ($IPparts[$i] < $m[1] || $IPparts[$i] > $m[2]) {
$mismatch = true;
}
}
else if ($whiteParts[$i] != $IPparts[$i]) {
$mismatch = true;
}
}
if ($mismatch === false) {
return true; // Is whitelisted because we did not get a mismatch
}
}
else if ($ip_string == $ip) {
return true;
}
// IPv6 range
}
else if (strpos($ip_string, ':') !== false && strpos($ip, ':') !== false) {
$ip = strtolower(wfWAFUtils::expandIPv6Address($ip));
$ip_string = strtolower(self::expandIPv6Range($ip_string));
if (preg_match('/\[[a-f0-9]+\-[a-f0-9]+\]/i', $ip_string)) {
$IPparts = explode(':', $ip);
$whiteParts = explode(':', $ip_string);
$mismatch = false;
if (count($whiteParts) != 8 || count($IPparts) != 8) {
return false;
}
for ($i = 0; $i <= 7; $i++) {
if (preg_match('/^\[([a-f0-9]+)\-([a-f0-9]+)\]$/i', $whiteParts[$i], $m)) {
$ip_group = hexdec($IPparts[$i]);
$range_group_from = hexdec($m[1]);
$range_group_to = hexdec($m[2]);
if ($ip_group < $range_group_from || $ip_group > $range_group_to) {
$mismatch = true;
break;
}
}
else if ($whiteParts[$i] != $IPparts[$i]) {
$mismatch = true;
break;
}
}
if ($mismatch === false) {
return true; // Is whitelisted because we did not get a mismatch
}
}
else if ($ip_string == $ip) {
return true;
}
}
}
else if (strpos($ip_string, '-') !== false) { //Linear range -- 127.0.0.1 - 127.0.1.100
list($ip1, $ip2) = explode('-', $ip_string);
$ip1N = wfWAFUtils::inet_pton($ip1);
$ip2N = wfWAFUtils::inet_pton($ip2);
$ipN = wfWAFUtils::inet_pton($ip);
return (strcmp($ip1N, $ipN) <= 0 && strcmp($ip2N, $ipN) >= 0);
}
else { //Treat as a literal IP
$ip1 = @wfWAFUtils::inet_pton($ip_string);
$ip2 = @wfWAFUtils::inet_pton($ip);
if ($ip1 !== false && $ip1 == $ip2) {
return true;
}
}
return false;
}
private static function repeatString($string, $count) {
if ($count <= 0)
return '';
return str_repeat($string, $count);
}
/**
* Expand a compressed printable range representation of an IPv6 address.
*
* @todo Hook up exceptions for better error handling.
* @todo Allow IPv4 mapped IPv6 addresses (::ffff:192.168.1.1).
* @param string $ip_range
* @return string
*/
public static function expandIPv6Range($ip_range) {
$colon_count = substr_count($ip_range, ':');
$dbl_colon_count = substr_count($ip_range, '::');
if ($dbl_colon_count > 1) {
return false;
}
$dbl_colon_pos = strpos($ip_range, '::');
if ($dbl_colon_pos !== false) {
$ip_range = str_replace('::', self::repeatString(':0000',
(($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip_range) - 2) ? 9 : 8) - $colon_count) . ':', $ip_range);
$ip_range = trim($ip_range, ':');
}
$colon_count = substr_count($ip_range, ':');
if ($colon_count != 7) {
return false;
}
$groups = explode(':', $ip_range);
$expanded = '';
foreach ($groups as $group) {
if (preg_match('/\[([a-f0-9]{1,4})\-([a-f0-9]{1,4})\]/i', $group, $matches)) {
$expanded .= sprintf('[%s-%s]', str_pad(strtolower($matches[1]), 4, '0', STR_PAD_LEFT), str_pad(strtolower($matches[2]), 4, '0', STR_PAD_LEFT)) . ':';
} else if (preg_match('/[a-f0-9]{1,4}/i', $group)) {
$expanded .= str_pad(strtolower($group), 4, '0', STR_PAD_LEFT) . ':';
} else {
return false;
}
}
return trim($expanded, ':');
}
/**
* @return bool
*/
public function isValidRange() {
return $this->isValidCIDRRange() || $this->isValidBracketedRange() || $this->isValidLinearRange() || filter_var($this->getIPString(), FILTER_VALIDATE_IP) !== false;
}
public function isValidCIDRRange() { //e.g., 192.0.2.1/24
$ip_string = $this->getIPString();
if (preg_match('/[^0-9a-f:\/\.]/i', $ip_string)) { return false; }
$components = explode('/', $ip_string);
if (count($components) != 2) { return false; }
list($ip, $prefix) = $components;
if (filter_var($ip, FILTER_VALIDATE_IP) === false) { return false; }
if (!preg_match('/^\d+$/', $prefix)) { return false; }
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
if ($prefix < 0 || $prefix > 32) { return false; }
}
else {
if ($prefix < 1 || $prefix > 128) { return false; }
}
return true;
}
public function isValidBracketedRange() { //e.g., 192.0.2.[1-10]
$ip_string = $this->getIPString();
if (preg_match('/[^0-9a-f:\.\[\]\-]/i', $ip_string)) { return false; }
if (strpos($ip_string, '.') !== false) { //IPv4
if (preg_match_all('/(\d+)/', $ip_string, $matches) > 0) {
foreach ($matches[1] as $match) {
$group = (int) $match;
if ($group > 255 || $group < 0) {
return false;
}
}
}
$group_regex = '([0-9]{1,3}|\[[0-9]{1,3}\-[0-9]{1,3}\])';
return preg_match('/^' . str_repeat("{$group_regex}\\.", 3) . $group_regex . '$/i', $ip_string) > 0;
}
//IPv6
if (strpos($ip_string, '::') !== false) {
$ip_string = self::expandIPv6Range($ip_string);
}
if (!$ip_string) {
return false;
}
$group_regex = '([a-f0-9]{1,4}|\[[a-f0-9]{1,4}\-[a-f0-9]{1,4}\])';
return preg_match('/^' . str_repeat("$group_regex:", 7) . $group_regex . '$/i', $ip_string) > 0;
}
public function isValidLinearRange() { //e.g., 192.0.2.1-192.0.2.100
$ip_string = $this->getIPString();
if (preg_match('/[^0-9a-f:\.\-]/i', $ip_string)) { return false; }
list($ip1, $ip2) = explode("-", $ip_string);
$ip1N = @wfWAFUtils::inet_pton($ip1);
$ip2N = @wfWAFUtils::inet_pton($ip2);
if ($ip1N === false || filter_var($ip1, FILTER_VALIDATE_IP) === false || $ip2N === false || filter_var($ip2, FILTER_VALIDATE_IP) === false) {
return false;
}
return strcmp($ip1N, $ip2N) <= 0;
}
protected function _sanitizeIPRange($ip_string) {
$ip_string = preg_replace('/\s/', '', $ip_string); //Strip whitespace
$ip_string = preg_replace('/[\\x{2013}-\\x{2015}]/u', '-', $ip_string); //Non-hyphen dashes to hyphen
$ip_string = strtolower($ip_string);
if (preg_match('/^\d+-\d+$/', $ip_string)) { //v5 32 bit int style format
list($start, $end) = explode('-', $ip_string);
$start = long2ip($start);
$end = long2ip($end);
$ip_string = "{$start}-{$end}";
}
return $ip_string;
}
/**
* @return string|null
*/
public function getIPString() {
return $this->ip_string;
}
/**
* @param string|null $ip_string
*/
public function setIPString($ip_string) {
$this->ip_string = $this->_sanitizeIPRange($ip_string);
}
}
}