Файловый менеджер

Файловый менеджер - Редактировать - /home/beautybuzzbeyond/public_html/wp-content/plugins/sucuri-scanner/src/base.lib.php

Назад
<?php /** * Code related to the base.lib.php interface. * * PHP version 5 * * @category Library * @package Sucuri * @subpackage SucuriScanner * @author Daniel Cid <dcid@sucuri.net> * @copyright 2010-2018 Sucuri Inc. * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2 * @link https://wordpress.org/plugins/sucuri-scanner / if (!defined('SUCURISCAN_INIT') \|\| SUCURISCAN_INIT !== true) { if (!headers_sent()) { / Report invalid access if possible. / header('HTTP/1.1 403 Forbidden'); } exit(1); } /* * Miscellaneous library. * * Multiple and generic methods that will be used through out the code of other * libraries extending from this and methods defined in other files, be aware of * the hierarchy and check the other libraries for duplicated methods. * * @category Library * @package Sucuri * @subpackage SucuriScanner * @author Daniel Cid <dcid@sucuri.net> * @copyright 2010-2018 Sucuri Inc. * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2 * @link https://wordpress.org/plugins/sucuri-scanner / class SucuriScan { /* * Throw generic exception instead of silent failure for unit-tests. * * @throws Exception * * @param string $message Error or information message. * @param string $type Either info or error. * @return bool False all the time. / public static function throwException($message, $type = 'error') { if (defined('SUCURISCAN_THROW_EXCEPTIONS') && SUCURISCAN_THROW_EXCEPTIONS === true && is_string($message) ) { $code = ($type === 'error' ? 157 : 333); $message = str_replace( SUCURISCAN_ADMIN_NOTICE_PREFIX, ($type === 'error' ? __('Error:', 'sucuri-scanner') : __('Info:', 'sucuri-scanner')), $message ); / throw catchable errors via tests / throw new Exception($message, $code); } return false; / for backward compatibility / } /* * Return name of a variable with the plugin's prefix (if needed). * * To facilitate the development, you can prefix the name of the key in the * request (when accessing it) with a single colon, this method will auto- * matically replace that character with the unique plugin ID. * * @param string $name Text with optional colon prefix. * @return string Real variable name. / public static function varPrefix($name = '') { if (!empty($name) && $name[0] === ':') { return sprintf( '%s_%s', SUCURISCAN, substr($name, 1) ); } return $name; } /* * Gets the value of a configuration option. * * @param string $property The configuration option name. * @param bool $raw Return the original value from the php.ini file. * @return string Value of the option as a string on success. / public static function iniGet($property = '', $raw = false) { $ini_value = ini_get($property); if ($raw) { return $ini_value; } $default = array( 'error_log' => 'error_log', 'safe_mode' => 'not active', 'memory_limit' => '128M', 'upload_max_filesize' => '2M', 'post_max_size' => '8M', 'max_execution_time' => '30', 'max_input_time' => '-1', ); if ($ini_value === false) { $ini_value = 'unknown'; } elseif (empty($ini_value) \|\| $ini_value === null) { if (array_key_exists($property, $default)) { $ini_value = $default[$property]; } else { $ini_value = 'not active'; } } if ($property == 'error_log') { $ini_value = basename($ini_value); } return $ini_value; } /* * Encodes the less-than, greater-than, ampersand, double quote and single * quote characters, will never double encode entities. * * @see https://developer.wordpress.org/reference/functions/esc_attr/ * * @param string $text The text which is to be encoded. * @return string The encoded text with HTML entities. / public static function escape($text = '') { return esc_attr($text); } /* * Translate a given number in bytes to a human readable file size using the * a approximate value in Kylo, Mega, Giga, etc. * * @see https://www.php.net/manual/en/function.filesize.php#106569 * * @param int $bytes Integer representing a file size in bytes. * @param int $decimals How many decimals should be returned. * @return string Human readable representation of the given number. / public static function humanFileSize($bytes = 0, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen((string) $bytes) - 1) / 3); $number = $bytes / pow(1024, $factor); $result = sprintf("%.{$decimals}f", $number) . @$sz[$factor]; $zeroes = '.' . str_repeat('0', $decimals); $result = str_replace($zeroes, '', $result); return $result; } /* * Returns the human version of the time difference. * * If the timestamp is in the past in comparison with the current time, it * will return a string in the form of "X time ago". If the timestamp is in * the future in comparison with the current time, it will return a string * in the form of "in X time". If the timestamp is the same as the current * time it will return "right now". * * @param int $time Unix timestamp. * @return string Different between timestamp and current time. / public static function humanTime($time = 0) { if (!is_numeric($time)) { return 'N/A'; } $now = time(); if ($time === $now) { return 'right now'; } $result = ''; $template = ''; $diff = $now - $time; $groups = array( 31536000 => 'year', 2592000 => 'month', 86400 => 'day', 3600 => 'hour', 60 => 'minute', 1 => 'second', ); if ($time < $now) { $template = '%d %s ago'; } else { $template = 'in %d %s'; } foreach ($groups as $secs => $label) { $distance = abs($diff / $secs); if ($distance >= 1) { $plural = (round($distance) == 1) ? '' : 's'; $result = sprintf( $template, round($distance), $label . $plural ); break; } } return $result; } /* * Check if the admin init hook must not be intercepted. * * @return bool True if the admin init hook must not be intercepted. / public static function noAdminInit() { return (bool) ( defined('SUCURISCAN_ADMIN_INIT') && SUCURISCAN_ADMIN_INIT === false ); } /* * Check if the admin init hook must be intercepted. * * @return bool True if the admin init hook must be intercepted. / public static function runAdminInit() { return (bool) (self::noAdminInit() === false); } /* * Fix the deliminar of a resource path. * * In Windows based system the directory separator is a back slash which * differs from what other file systems use. To keep consistency during the * unit-tests we have decided to replace any non forward slash with it. * * @param string $path Directory path to fix. * @return string Fixed file path. / public static function fixPath($path = '') { $new = str_replace(DIRECTORY_SEPARATOR, '/', $path); $new = rtrim($new, '/'); / purge right side. / return empty($new) ? '/' : $new; } /* * Returns the full path to a specific directory or file. * * @param string $path Path that needs to be completed. * @return string Full path including the base directory. / public static function dataStorePath($path = '') { $folder = WP_CONTENT_DIR . '/uploads/sucuri'; / custom path no matter its existence / if (defined('SUCURI_DATA_STORAGE')) { $folder = SUCURI_DATA_STORAGE; } $fullpath = self::fixPath($folder . '/' . $path); $fullpath = str_replace('//', '/', $fullpath); $fullpath = rtrim($fullpath, '/'); return $fullpath; } /* * Check whether the current site is working as a multi-site instance. * * @return bool Either TRUE or FALSE in case WordPress is being used as a multi-site instance. / public static function isMultiSite() { return (bool) (function_exists('is_multisite') && is_multisite()); } /* * Returns an URL from the admin dashboard. * * @param string $url Optional trailing of the URL. * @return string Full valid URL from the admin dashboard. / public static function adminURL($url = '') { if (self::isMultiSite()) { // @codeCoverageIgnoreStart return network_admin_url($url); // @codeCoverageIgnoreEnd } return admin_url($url); } /* * Find and retrieve the current version of WordPress installed. * * @return string The version number of WordPress installed. / public static function siteVersion() { if (isset($GLOBALS['wp_version'])) { return self::escape($GLOBALS['wp_version']); } $wp_version = ''; $filename = ABSPATH . '/' . WPINC . '/version.php'; $lines = SucuriScanFileInfo::fileLines($filename); foreach ($lines as $line) { if (strpos($line, '$wp_version') === 0) { $version = str_replace("\x20", '', $line); $index = strpos($version, "'"); $version = substr($version, $index + 1); $index = strpos($version, "'"); $version = substr($version, 0, $index); $wp_version = $version; break; } } return self::escape($wp_version); } /* * Find and retrieve the absolute path of the WordPress configuration file. * * @return string\|bool Absolute path of the WordPress configuration file. / public static function getConfigPath() { $filename = ABSPATH . '/wp-config.php'; / check one directory up / if (!file_exists($filename)) { $filename = ABSPATH . '/../wp-config.php'; } return @realpath($filename); } /* * Find and retrieve the absolute path of the main WordPress htaccess file. * * @return string Absolute path of the main WordPress htaccess file. / public static function getHtaccessPath() { $result = ''; $base_dirs = array( rtrim(ABSPATH, '/'), dirname(ABSPATH), dirname(dirname(ABSPATH)), ); foreach ($base_dirs as $base_dir) { $htaccess_path = sprintf('%s/.htaccess', $base_dir); if (file_exists($htaccess_path)) { $result = $htaccess_path; break; } } return $result; } /* * Get the pattern of the definition related with a WordPress secret key. * * @return string Secret key definition pattern. / public static function secretKeyPattern() { return '/define$\s\'([A-Z_]+)\',(\s)\'(.+)\'\s$;/'; } /** * Execute the plugin' scheduled tasks. * * @return void / public static function runScheduledTask() { SucuriScanEvent::filesystemScan(); SucuriScanEvent::reportSiteVersion(); SucuriScanIntegrity::getIntegrityStatus(true); SucuriScanSettingsPosthack::availableUpdatesContent(true); SucuriScanEvent::sendLogsFromQueue(); / blocking; keep at the end / } /* * List of allowed HTTP headers to retrieve the real IP. * * Once the DNS lookups are enabled to discover the real IP address of the * visitors the user may choose the HTTP header that will be used by default to * retrieve the real IP address of each HTTP request, generally they do not need * to set this but in rare cases the hosting provider may have a load balancer * that can interfere in the process, in which case they will have to explicitly * specify the main HTTP header. This is a list of the allowed headers that the * user can choose. * * @param bool $with_keys Return the array with its values are keys. * @return array Allowed HTTP headers to retrieve real IP. / public static function allowedHttpHeaders($with_keys = false) { $allowed = array( / Sucuri custom HTTP headers / 'HTTP_X_SUCURI_CLIENTIP', / CloudFlare custom HTTP headers / 'HTTP_CF_CONNECTING_IP', / Real visitor IP. / 'HTTP_CF_IPCOUNTRY', / Country of visitor. / 'HTTP_CF_RAY', / https://support.cloudflare.com/entries/23046742-w. / 'HTTP_CF_VISITOR', / Determine if HTTP or HTTPS. / / Possible HTTP headers / 'HTTP_X_REAL_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'SUCURI_RIP', 'REMOTE_ADDR', ); if ($with_keys === true) { $verbose = array(); foreach ($allowed as $header) { $verbose[$header] = $header; } return $verbose; } return $allowed; } /* * List HTTP headers ordered. * * The list of HTTP headers is ordered per relevancy, and having the main * HTTP header as the first entry, this guarantees that the IP address of * the visitors will be retrieved from the HTTP header chosen by the user * first and fallback to the other alternatives if available. * * @return array Ordered allowed HTTP headers. / private static function orderedHttpHeaders() { $ordered = array(); $allowed = self::allowedHttpHeaders(); $addr_header = SucuriScanOption::getOption(':addr_header'); $ordered[] = $addr_header; foreach ($allowed as $header) { if (!in_array($header, $ordered)) { $ordered[] = $header; } } return $ordered; } /* * Retrieve the real ip address of the user in the current request. * * @param bool $with_header Return HTTP header where the IP address was found. * @return string Real IP address of the user in the current request. / public static function getRemoteAddr($with_header = false) { $remote_addr = false; $header_used = 'unknown'; $headers = self::orderedHttpHeaders(); foreach ($headers as $header) { if (array_key_exists($header, $_SERVER) && self::isValidIP($_SERVER[$header]) ) { $remote_addr = $_SERVER[$header]; $header_used = $header; break; } } if (!$remote_addr \|\| $remote_addr === '::1') { $remote_addr = '127.0.0.1'; } if ($with_header) { return $header_used; } return $remote_addr; } /* * Return the HTTP header used to retrieve the remote address. * * @return string The HTTP header used to retrieve the remote address. / public static function getRemoteAddrHeader() { return self::getRemoteAddr(true); } /* * Retrieve the user-agent from the current request. * * @return string The user-agent from the current request. / public static function getUserAgent() { if (isset($_SERVER['HTTP_USER_AGENT'])) { return self::escape($_SERVER['HTTP_USER_AGENT']); } return 'Mozilla/5.0 (KHTML, like Gecko) Safari/537.36'; } /* * Get the clean version of the current domain. * * @see https://developer.wordpress.org/reference/functions/get_site_url/ * * @param bool $return_tld Returns the top-level domain instead. * @return string The domain of the current site. / public static function getDomain($return_tld = false) { $site_url = get_site_url(); $pattern = '/([fhtps]+:\/\/)?([^:\/]+)(:[0-9:]+)?(\/.)?/'; $replacement = ($return_tld === true) ? '$2' : '$2$3$4'; $domain_name = @preg_replace($pattern, $replacement, $site_url); return $domain_name; } /** * Get top-level domain (TLD) of the website. * * @return string Top-level domain (TLD) of the website. / public static function getTopLevelDomain() { return self::getDomain(true); } /* * Check whether reverse proxy servers must be supported. * * @return bool TRUE if reverse proxies must be supported, FALSE otherwise. / public static function supportReverseProxy() { return SucuriScanOption::isEnabled(':revproxy'); } /* * Checks the existence of the HTTP_X_SUCURI_CLIENTIP header in the request headers * * Once active, the Sucuri Firewall sends custom headers to the server with information * about the original request. * * @return boolean True if the website is being reached with our HTTP_X_SUCURI_CLIENTIP header. / private static function hasSucuriClientIPHeader() { return array_key_exists('HTTP_X_SUCURI_CLIENTIP', $_SERVER); } /* * Checks whether the site is behind the firewall network. * * @param bool $verbose Return array with HTTP and HOST information. * @return array\|bool True if the firewall is in use, false otherwise. / public static function isBehindFirewall($verbose = false) { if (!$verbose) { return (bool) self::hasSucuriClientIPHeader(); } $http_host = self::getTopLevelDomain(); $host_by_addr = @gethostbyname($http_host); $host_by_name = @gethostbyaddr($host_by_addr); return array( 'status' => self::hasSucuriClientIPHeader(), 'http_host' => self::getTopLevelDomain(), 'host_name' => $host_by_name, 'host_addr' => $host_by_addr, ); } /* * Get the email address set by the administrator to receive the alerts * sent by the plugin, if the email is missing the WordPress email address is * chosen by default. * * @return string The administrator email address. / public static function getSiteEmail() { $email = get_option('admin_email'); if (self::isValidEmail($email)) { return $email; } return 'noreply@example.org'; } /* * Get user data by field and data. * * @see https://developer.wordpress.org/reference/functions/get_user_by/ * * @param int $identifier User account identifier. * @return array WordPress user object with data. / public static function getUserByID($identifier = 0) { return get_user_by('id', $identifier); } /* * Retrieve a list of all admin user accounts. * * @see https://developer.wordpress.org/reference/functions/get_users/ * * @return array\|bool List of admin users, false otherwise. / public static function getAdminUsers() { return get_users(array('role' => 'administrator')); } /* * Get a list of user emails that can be used to generate an API key for this * website. Only accounts with the status in zero will be returned, the status * field in the users table is officially deprecated but some 3rd-party plugins * still use it to check if the account was activated by the owner of the email, * a value different than zero generally means that the email was not verified * successfully. * * @return array List of user identifiers and email addresses. / public static function getUsersForAPIKey() { $valid_users = array(); $users = self::getAdminUsers(); if ($users !== false) { foreach ($users as $user) { if ($user->user_status === '0') { $valid_users[$user->ID] = sprintf( '%s - %s', $user->user_login, $user->user_email ); } } } return $valid_users; } /* * Retrieve the date in localized format, based on timestamp. * * If the locale specifies the locale month and weekday, then the locale will * take over the format for the date. If it isn't, then the date format string * will be used instead. * * @param null\|string\|int $timestamp Unix timestamp. * @param string $format Optional format for the date and time. * @return string The date, translated if locale specifies it. / public static function datetime($timestamp = null, $format = null) { $diff = 0; / use server time / $tz = SucuriScanOption::getOption(':timezone'); $length = strlen($tz); / example: UTC+12.75 / if ($timestamp === null) { $timestamp = time(); } if ($length === 9 && substr($tz, 0, 3) === 'UTC' && ($tz[3] === '-' \|\| $tz[3] === '+') && $tz[6] === '.' ) { $hour = (float) substr($tz, 4); $sign = ($tz[3] === '-') ? -1 : +1; $diff = ($hour $sign); } else { /* reset; value seems to be corrupt / SucuriScanOption::deleteOption(':timezone'); } if ($format === null) { $format = sprintf( "%s\x20%s", SucuriScanOption::getOption('date_format'), SucuriScanOption::getOption('time_format') ); } return date($format, (intval($timestamp) + ($diff 3600))); } /** * Check whether an IP address has a valid format or not. * * @param string $remote_addr The host IP address. * @return bool Whether the IP address specified is valid or not. / public static function isValidIP($remote_addr = '') { return (bool) @filter_var($remote_addr, FILTER_VALIDATE_IP); } /* * Check whether an IP address is formatted as CIDR or not. * * @param string $remote_addr The supposed ip address that will be checked. * @return bool Either TRUE or FALSE if the ip address specified is valid or not. / public static function isValidCIDR($remote_addr = '') { if (!is_string($remote_addr)) { return false; } if (preg_match('/^([0-9\.]{7,15})\/(8\|16\|24)$/', $remote_addr, $match)) { return self::isValidIP($match[1]); } return false; } /* * Separate the parts of an IP address. * * @param string $remote_addr The supposed ip address that will be formatted. * @return array\|bool Clean address, CIDR range, and CIDR format; FALSE otherwise. / public static function getIPInfo($remote_addr = '') { if ($remote_addr) { $ip_parts = explode('/', $remote_addr); if (isset($ip_parts[0]) && self::isValidIP($ip_parts[0])) { $addr_info = array(); $addr_info['remote_addr'] = $ip_parts[0]; $addr_info['cidr_range'] = isset($ip_parts[1]) ? $ip_parts[1] : '32'; $addr_info['cidr_format'] = $addr_info['remote_addr'] . '/' . $addr_info['cidr_range']; return $addr_info; } } return false; } /* * Validate email address. * * This use the native PHP method filter_var which is available in PHP >= * 5.2.0 if it is not found in the interpreter this method will sue regular * expressions to check whether the email address passed is valid or not. * * @see https://www.php.net/manual/en/function.filter-var.php * * @param string $email The string that will be validated as an email address. * @return bool TRUE if the email address passed to the method is valid, FALSE if not. / public static function isValidEmail($email = '') { return (bool) @filter_var($email, FILTER_VALIDATE_EMAIL); } /* * Cut a long text to the length specified, and append suspensive points at the end. * * @param string $text String of characters that will be cut. * @param int $length Maximum length of the returned string, default is 10. * @return string Short version of the text specified. / public static function excerpt($text = '', $length = 10) { $text_length = strlen($text); if ($text_length > $length) { return substr($text, 0, $length) . '...'; } return $text; } /* * Check whether an list is a multidimensional array or not. * * @param array $list An array or multidimensional array of different values. * @return bool TRUE if the list is multidimensional, FALSE otherwise. / public static function isMultiList($list = array()) { if (empty($list)) { return false; } $status = false; foreach ((array) $list as $item) { if (is_array($item)) { $status = true; break; } } return $status; } /* * Join array elements with a string no matter if it is multidimensional. * * @param string $separator Character that will act as a separator, default to an empty string. * @param array $list The array of strings to implode. * @return string String of all the items in the list, with the separator between them. / public static function implode($separator = '', $list = array()) { if (!is_array($list)) { return 'INVALID_ARGS'; } if (self::isMultiList($list)) { $pieces = array(); foreach ($list as $items) { $pieces[] = @implode($separator, $items); } return '(' . implode('), (', $pieces) . ')'; } return implode($separator, $list); } /* * Check whether the site is running over the Nginx web server. * * @return bool TRUE if the site is running over Nginx, FALSE otherwise. / public static function isNginxServer() { return (bool) (stripos(@$_SERVER['SERVER_SOFTWARE'], 'nginx') !== false); } /* * Check whether the site is running over the Nginx web server. * * @return bool TRUE if the site is running over Nginx, FALSE otherwise. / public static function isIISServer() { return (bool) (stripos(@$_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false); } /* * Returns the md5 hash representing the content of a file. * * @param string $file Relative path to the file. * @return string Seven first characters in the hash of the file. */ public static function fileVersion($file = '') { return substr(md5_file(SUCURISCAN_PLUGIN_PATH . '/' . $file), 0, 7); } public static function issetScanApiUrl() { return defined('SUCURISCAN_API_URL') && !empty(SUCURISCAN_API_URL); } }

| ver. 1.4 | Github | . | PHP 8.0.30 | Генерация страницы: 0 | proxy | phpinfo | Настройка