rebase on oct-10-2023

2023-10-10 17:23:21 -04:00
parent d37566ffb6
commit d096058d7d
4789 changed files with 254611 additions and 307223 deletions
--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/request.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/request.php
@@ -348,6 +348,40 @@ class wfWAFRequest implements wfWAFRequestInterface {
 		return $request;
 	}

+	private static function extractFileProperty($key, $property) {
+		$extracted = array();
+		if (is_array($property)) {
+			foreach ($property as $nestedKey => $value) {
+				$nestedKey = "{$key}[" . var_export($nestedKey, true) . ']';
+				foreach (self::extractFileProperty($nestedKey, $value) as $nested) {
+					$extracted[] = $nested;
+				}
+			}
+		}
+		else if (is_string($property) || is_int($property)) {
+			$extracted[] = array(
+				$key,
+				$property
+			);
+		}
+		return $extracted;
+	}
+
+	private static function flattenFiles($files) {
+		$flat = array();
+		foreach ($files as $baseKey => $file) {
+			foreach ($file as $property => $value) {
+				foreach (self::extractFileProperty($baseKey, $value) as $extracted) {
+					list($finalKey, $finalValue) = $extracted;
+					if (!array_key_exists($finalKey, $flat))
+						$flat[$finalKey] = array();
+					$flat[$finalKey][$property] = $finalValue;
+				}
+			}
+		}
+		return $flat;
+	}
+
 	/**
 	 * @param wfWAFRequest|null $request
 	 * @return wfWAFRequest
@@ -387,7 +421,7 @@ class wfWAFRequest implements wfWAFRequestInterface {
 		
 		$request->setQueryString(wfWAFUtils::stripMagicQuotes($_GET));
 		$request->setCookies(wfWAFUtils::stripMagicQuotes($_COOKIE));
-		$request->setFiles(wfWAFUtils::stripMagicQuotes($_FILES));
+		$request->setFiles(wfWAFUtils::stripMagicQuotes(self::flattenFiles($_FILES)));

 		if (!empty($_FILES)) {
 			$fileNames = array();
@@ -945,9 +979,6 @@ FORM;

 				foreach ($this->getFiles() as $param => $file) {
 					$name = array_key_exists('name', $file) ? $file['name'] : '';
-					if (is_array($name)) {
-						continue; // TODO: implement files as arrays
-					}
 					$mime = array_key_exists('type', $file) ? $file['type'] : '';
 					$value = '';
 					$lenToRead = $maxRequestLen - (wfWAFUtils::strlen($request) + wfWAFUtils::strlen($body) + 1);
--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/rules.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/rules.php
@@ -453,6 +453,7 @@ class wfWAFRuleLogicalOperator implements wfWAFRuleInterface {
 }

 class wfWAFPhpBlock {
+	public $open = false;
 	public $echoTag;
 	public $shortTag;
 	public $openParentheses = 0, $closedParentheses = 0;
--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php
@@ -17,8 +17,7 @@ class wfWAFStorageFile implements wfWAFStorageInterface {
 			return true;
 		}
 		
-		$sapi = @php_sapi_name();
-		if ($sapi == "cli") {
+		if (wfWAFUtils::isCli()) {
 			return false;
 		}
 		return true;
--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/mysql.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/mysql.php
@@ -400,7 +400,9 @@ class wfWAFStorageMySQL implements wfWAFStorageInterface {
 				}
 			}
 		} catch (wfWAFStorageEngineMySQLiException $e) {
-			error_log($e);
+			if (WFWAF_DEBUG) {
+				error_log($e);
+			}
 		}
 	}

--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/utils.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/utils.php
@@ -1229,6 +1229,9 @@ class wfWAFUtils {
 	public static function isVersionBelow($target, $compared) {
 		return $compared === null || version_compare($compared, $target, '<');
 	}
-
+	
+	public static function isCli() {
+		return (@php_sapi_name()==='cli') || !array_key_exists('REQUEST_METHOD', $_SERVER);
+	}
 }
 }
--- a/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php
+++ b/wp/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php
@@ -328,6 +328,11 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 	public function loadRules() {
 		$storageEngine = $this->getStorageEngine();
 		if ($storageEngine instanceof wfWAFStorageFile) {
+			$logLevel = error_reporting();
+			if (wfWAFUtils::isCli()) { //Done to suppress errors from WP-CLI when the WAF is run on environments that have a server level constant to use the MySQLi storage engine that is not in place when running from the CLI
+				error_reporting(0); 
+			}
+			
 			// Acquire lock on this file so we're not including it while it's being written in another process.
 			$handle = fopen($storageEngine->getRulesFile(), 'r');
 			$locked = $handle !== false && flock($handle, LOCK_SH);
@@ -337,6 +342,10 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
 				flock($handle, LOCK_UN);
 			if ($handle !== false)
 				fclose($handle);
+			
+			if (wfWAFUtils::isCli()) {
+				error_reporting($logLevel);
+			}
 		} else {
 			$wafRules = $storageEngine->getRules();
 			if (is_array($wafRules)) {