WordPress.org
Get WordPress

Plugin Directory

Changeset 3121600


Ignore:
Timestamp:
07/18/2024 03:44:30 PM (20 months ago)
Author:
wtsec
Message:

2.4.30

  • Fixed link scanning on the WP scan page
  • Internal improvements
Location:
wt-security
Files:
451 added
11 edited

Legend:

Unmodified
Added
Removed

  • wt-security/tags/2.4.29/lib/Helper.php

    r3115977 r3121600  
    1212 */
    1313class WebTotem {
    14 
    15     public static function log($notice){
    16         file_put_contents(ABSPATH . 'wtotem_log.txt', date('Y-m-d H:i:s') . ' ' . $notice . PHP_EOL, FILE_APPEND);
    17     }
    1814
    1915    /**

  • wt-security/trunk/includes/templates/scan_logs_cve.html.twig

    r3115977 r3121600  
    66                    <span class="cve__plugin_name">{{log.plugin_name}}</span><br>
    77                    <span class="cve__plugin_version {% if log.new_version %}outdated{% endif %}">
    8                         {{ 'Version'|trans }} {{log.plugin_version}} - {% if log.new_version %}{{ 'Outdated'|trans }}{% endif %}
     8                        {{ 'Version'|trans }} {{log.plugin_version}}{% if log.new_version %} - {{ 'Outdated'|trans }}{% endif %}
    99                    </span>
    1010                </p>

  • wt-security/trunk/lib/API.php

    r3115977 r3121600  
    6060
    6161            return 'success';
    62         } elseif ($result['errors'][0]['message'] == 'INVALID_API_KEY') {
     62        } elseif (isset($result['errors'][0]['message']) and $result['errors'][0]['message'] == 'INVALID_API_KEY') {
    6363            WebTotemOption::logout();
    6464        }

  • wt-security/trunk/lib/AgentManager.php

    r3115977 r3121600  
    196196    private static function cut_inc(string $target_path)
    197197    {
    198         WebTotem::log('$target: ' . $target_path);
    199198        if (file_exists($target_path)) {
    200199            $reg = '/^([\r\n\t])*((<\?php\s)?if\s?\(function_exists\(\'current_user_can\'\)\)\s?{\s?if\s?\(\s?!current_user_can\(\'publish_posts\'\)\s?\)\s?{\s)?(<\?php\s?)?\$wtwaf\s?=\s?dirname\(__FILE__\).{76,77}\.waf\.php(\'|\")?;\s?if\s?\(file_exists\(\$wtwaf\)(\s&&\sis_readable\(\$wtwaf\))?\)\s?{(\s?if\s?\(function_exists\("is_admin"\)\)\s?{\s?if\s?\(!is_admin\(\)\)\s?{)?\s?@include_once\(\$wtwaf\);\s?}(\s?}\s?else\s?{\s?@include_once\(\$wtwaf\);\s?}\s?})?\s?unset\(\$wtwaf\);\s?(\?>|}\s})?([\r\n\t])*/im';
     
    241240
    242241        if ( empty( $wp_filesystem ) ) {
    243             require_once( ABSPATH . '/wp-admin/includes/file.php' );
     242            require_once( ABSPATH . 'wp-admin/includes/file.php' );
    244243            WP_Filesystem();
    245244        }

  • wt-security/trunk/lib/Helper.php

    r3115977 r3121600  
    1212 */
    1313class WebTotem {
    14 
    15     public static function log($notice){
    16         file_put_contents(ABSPATH . 'wtotem_log.txt', date('Y-m-d H:i:s') . ' ' . $notice . PHP_EOL, FILE_APPEND);
    17     }
    1814
    1915    /**

  • wt-security/trunk/lib/Interface.php

    r3115977 r3121600  
    101101        if( $sapi != "cli" ) {
    102102            if ($waf = WebTotemOption::getOption("waf_file")) {
    103                 $include_waf_file = ABSPATH . '/_include_' . $waf;
     103                $include_waf_file = ABSPATH . '_include_' . $waf;
    104104
    105105                if (is_file($include_waf_file) && is_readable($include_waf_file)) {

  • wt-security/trunk/lib/Option.php

    r3023313 r3121600  
    562562    public static function hideReadme($readmeFile = null) {
    563563        if ($readmeFile === null) {
    564             $readmeFile = ABSPATH . '/readme.html';
     564            $readmeFile = ABSPATH . 'readme.html';
    565565        }
    566566
     
    582582    public static function restoreReadme($readmeFile = null) {
    583583        if ($readmeFile === null) {
    584             $readmeFile = ABSPATH . '/readme.html';
     584            $readmeFile = ABSPATH . 'readme.html';
    585585        }
    586586        $readmePathInfo = pathinfo($readmeFile);

  • wt-security/trunk/lib/modules/logs/Crawler.php

    r3115977 r3121600  
    2525        $i = 1;
    2626        if (!$crawler_temp) {
    27 
    2827            $pre_scan = self::pre_scan();
    2928
     
    3231            $crawler_temp['scripts'] = WebTotem::arrayUniqueKey($pre_scan['scripts'], 'link');
    3332            $crawler_temp['iframes'] = WebTotem::arrayUniqueKey( $pre_scan['iframes'], 'link');
    34             $crawler_temp['exclude'] = array_unique($pre_scan['exclude']);
     33            $crawler_temp['exclude'] = $pre_scan['exclude'];
    3534
    3635            $crawler_temp['internal']['new'] = WebTotem::arrayUniqueKey( array_merge($crawler_temp['internal']['new'], $scan_temp['links']), 'link');
     
    3837            $i++;
    3938        }
     39
     40        $visited = [];
    4041
    4142        foreach ($crawler_temp['internal']['new'] as $key => $item) {
    4243            if($result = self::explore_page($item['link'], $crawler_temp['exclude'])) {
    43                 $crawler_temp['internal']['visited'][] = $item;
     44
     45                $crawler_temp['internal']['visited'][] = $item;
    4446
    4547                $crawler_temp['internal']['new'] = WebTotem::arrayUniqueKey(array_merge($crawler_temp['internal']['new'] ?? [], $result['internal'] ?? []), 'link');
     
    5052            }
    5153
    52             unset($crawler_temp['internal']['new'][$key]);
    53             WebTotemOption::setOptions(['crawler_temp' => $crawler_temp]);
     54            $visited[] = $key;
    5455
    5556            if ($i >= 5) break;
    5657            $i++;
    5758        }
     59
     60        foreach ($visited as $key){
     61            unset($crawler_temp['internal']['new'][$key]);
     62        }
     63        WebTotemOption::setOptions(['crawler_temp' => $crawler_temp]);
    5864
    5965        if (empty($crawler_temp['internal']['new'])) {
     
    7480                    'iframes' => $crawler_temp['iframes'] ?? [],
    7581                ];
     82
    7683                self::saveData($data);
    7784
     
    105112        $site_url = get_site_url();
    106113        $internal = [];
    107         $exclude = [];
     114        $exclude = [$site_url];
    108115
    109116        // Scanning the file robots.txt
    110         $robotsTxt = file_get_contents(ABSPATH . '/robots.txt');
    111         $lines = explode("\n", $robotsTxt);
    112 
    113         foreach ($lines as $line) {
    114             if (strpos($line, 'Disallow:') === 0 || strpos($line, 'Allow:') === 0) {
    115                 $url = trim(substr($line, strpos($line, ':') + 1));
    116                 $exclude[] = $url;
    117                 $robots_urls[] = (string)$url->loc;
    118             }
    119         }
    120 
    121         foreach ($robots_urls as $url) {
    122             if (substr($url, 0, 1) == "#") {
    123                 continue;
    124             }
    125             $internal[] = ['link' => $url, 'page' => $site_url . '/robots.txt', 'is_internal' => self::isInternal($url)];
    126         }
     117        if(file_exists(ABSPATH . 'robots.txt')){
     118            $robotsTxt = file_get_contents(ABSPATH . 'robots.txt');
     119            $lines = explode("\n", $robotsTxt);
     120            $robots_urls = [];
     121
     122            foreach ($lines as $line) {
     123                if (strpos($line, 'Disallow:') === 0 || strpos($line, 'Allow:') === 0) {
     124                    $url = trim(substr($line, strpos($line, ':') + 1));
     125                    $exclude[] = $url;
     126                    $robots_urls[] = (string)$url->loc;
     127                }
     128            }
     129
     130            foreach ($robots_urls as $link) {
     131                if (substr($link, 0, 1) == "#") {
     132                    continue;
     133                }
     134                $link = untrailingslashit($link);
     135                $internal[] = ['link' => $link, 'page' => $site_url . '/robots.txt', 'is_internal' => self::isInternal($link)];
     136            }
     137        }
     138
    127139
    128140        // Adding links from popular sitemaps plugins
    129141        $sitemaps = [
    130                 $site_url . '/sitemaps.xml',
    131                 $site_url . '/index.php?xml_sitemap=params=.',
    132                 $site_url . '/?sitemap=1',
    133                 $site_url . '/sitemap_index.xml',
     142            $site_url . '/sitemaps.xml',
     143            $site_url . '/index.php?xml_sitemap=params=.',
     144            $site_url . '/?sitemap=1',
     145            $site_url . '/sitemap_index.xml',
    134146        ];
    135147
    136         foreach ($sitemaps as $url) {
    137             $internal[] = ['link' => $url, 'page' => __('by sitemap plugins', 'wtotem'), 'is_internal' => true];
     148        foreach ($sitemaps as $link) {
     149            $internal[] = ['link' => $link, 'page' => __('by sitemap plugins', 'wtotem'), 'is_internal' => true];
    138150        }
    139151
    140152        // Scanning the file sitemap.xml
    141         $xml = simplexml_load_file(ABSPATH . '/sitemap.xml');
    142 
    143         $sitemap_urls = [];
    144         foreach ($xml->url as $url) {
    145             $exclude[] = (string)$url->loc;
    146             $sitemap_urls[] = (string)$url->loc;
    147         }
    148 
    149         foreach ($sitemap_urls as $url) {
    150             if (substr($url, 0, 1) == "#") {
    151                 continue;
    152             }
    153             $internal[] = ['link' => $url, 'page' => $site_url . '/sitemap.xml', 'is_internal' => self::isInternal($url)];
    154         }
     153        $xml = simplexml_load_file(ABSPATH . 'sitemap.xml');
     154
     155        if($xml){
     156            $sitemap_urls = [];
     157            foreach ($xml->url as $url) {
     158                $exclude[] = (string)$url->loc;
     159                $sitemap_urls[] = (string)$url->loc;
     160            }
     161
     162            foreach ($sitemap_urls as $link) {
     163                $link = untrailingslashit($link);
     164                if (substr($link, 0, 1) == "#") {
     165                    continue;
     166                }
     167                $internal[] = ['link' => $link, 'page' => $site_url . '/sitemap.xml', 'is_internal' => self::isInternal($link)];
     168            }
     169        }
    155170
    156171        // Scanning the main page
    157         $result = self::explore_page($site_url);
     172        $result = self::explore_page($site_url, $exclude);
    158173
    159174        $internal = array_merge($internal, $result['internal']);
    160175        $external = array_unique($result['external']);
    161         $exclude =  array_merge($exclude, $result['exclude']);
     176        $exclude =  array_merge($exclude, $result['exclude'] ?? []);
    162177
    163178        return [
     
    182197     */
    183198    private static function explore_page($url, $exclude = []) {
     199
     200        if(!$url){
     201            return false;
     202        }
    184203
    185204        $headers = get_headers($url);
     
    231250            'exclude' => [],
    232251            'scripts' => [],
    233             'iframe' => [],
     252            'iframes' => [],
    234253        ];
    235254
    236255        if($content){
    237256            // Get all the matches.
    238             $pattern = '/(<a.*?href=["\'](([\da-z\.\-:\/]+)([\/\w\.\=\-\?\%\&]*)*\/?)["\'].*?>|<script.*?src=["\'](.*?)["\'].*?>|<iframe.*?src=["\'](.*?)["\'].*?>|onclick="[^"]*location[^"][^\'"]+\'([^\']+)\')/i';
    239             preg_match_all($pattern, $content, $all_matches);
     257            $pattern = '/(<a.*?href=["\']([^"\']+)["\'].*?>|<script.*?src=["\']([^"\']+)["\'].*?>|<iframe.*?src=["\']([^"\']+)["\'].*?>|onclick=["\']?[^"\']*location.*?["\']?([^"\']+))/i';            preg_match_all($pattern, $content, $all_matches);
    240258
    241259            $array = [
     
    248266            foreach ($all_matches[0] as $match) {
    249267                preg_match_all('/<a.*?href=(["](.*?)["]|[\'](.*?)[\']).*?>/i', $match, $links_matches);
    250                 if ($links_matches[2]) $array['links'] = array_merge($array['links'], $links_matches[2]);
     268                if (isset($links_matches[2])) $array['links'] = array_merge($array['links'], $links_matches[2]);
    251269                preg_match_all('/onclick="[^"]*location[^"][^\'"]+\'([^\']+)\'/i', $match, $links_2_matches);
    252                 if ($links_2_matches[2]) $array['links'] = array_merge($array['links'], $links_2_matches[2]);
     270                if (isset($links_2_matches[2])) $array['links'] = array_merge($array['links'], $links_2_matches[2]);
    253271                preg_match_all('/<script.*?src=(["](.*?)["]|[\'](.*?)[\']).*?>/i', $match, $js_matches);
    254                 if ($js_matches[2]) $array['scripts'] = array_merge($array['scripts'], $js_matches[2]);
     272                if (isset($js_matches[2])) $array['scripts'] = array_merge($array['scripts'], $js_matches[2]);
    255273                preg_match_all('/<iframe.*?src=(["](.*?)["]|[\'](.*?)[\']).*?>/i', $match, $iframe_matches);
    256                 if ($iframe_matches[2]) $array['iframes'] = array_merge($array['iframes'], $iframe_matches[2]);
     274                if (isset($iframe_matches[2])) $array['iframes'] = array_merge($array['iframes'], $iframe_matches[2]);
    257275            }
    258276
    259277            foreach ($array['links'] as $link) {
    260                 if (self::isInternal($link)) {
    261                     if (substr($link, 0, 1) == "#") {
    262                         continue;
     278                if($link){
     279                    if (self::isInternal($link)) {
     280                        if (substr($link, 0, 1) != "#" and !in_array($link, $exclude)) {
     281                            $matches['internal'][] = ['link' => $link, 'page' => $url, 'is_internal' => true];
     282                            $matches['exclude'][] = $link;
     283                            $exclude[] = $link;
     284                        }
     285                    } else {
     286                        if(!in_array($link, $exclude)){
     287                            $matches['external'][] = ['link' => $link, 'page' => $url, 'is_internal' => false];
     288                            $matches['exclude'][] = $link;
     289                            $exclude[] = $link;
     290                        }
    263291                    }
    264                     if (in_array($link, $exclude)) {
    265                         continue;
    266                     }
    267                     $matches['internal'][] = ['link' => $link, 'page' => $url, 'is_internal' => true];
    268                     $matches['exclude'][] = $link;
    269                 } else {
    270                     $matches['external'][] = ['link' => $link, 'page' => $url, 'is_internal' => false];
    271                 }
     292                }
     293
    272294            }
    273295
    274296            foreach (array_unique($array['scripts']) as $script) {
    275                 $matches['scripts'][] = ['link' => $script, 'page' => $url, 'is_internal' => self::isInternal($script)];
     297                if($script){
     298                    $matches['scripts'][] = ['link' => $script, 'page' => $url, 'is_internal' => self::isInternal($script)];
     299                }
    276300            }
    277301            foreach (array_unique($array['iframes']) as $iframe) {
    278                 $matches['iframes'][] = ['link' => $iframe, 'page' => $url, 'is_internal' => self::isInternal($iframe)];
     302                if($iframe){
     303                    $matches['iframes'][] = ['link' => $iframe, 'page' => $url, 'is_internal' => self::isInternal($iframe)];
     304                }
    279305            }
    280306

  • wt-security/trunk/lib/modules/logs/Scan.php

    r3115977 r3121600  
    223223     * formation of an array of data on them
    224224     */
    225     public static function scanFiles($scan_temp, $max_execution_time, $time_start)
     225    public static function  scanFiles($scan_temp, $max_execution_time, $time_start)
    226226    {
    227227

  • wt-security/trunk/readme.txt

    r3115977 r3121600  
    88Requires PHP: 7.1
    99Requires at least: 6.0
    10 Stable tag: 2.4.29
     10Stable tag: 2.4.30
    1111
    1212WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.
     
    8787
    8888== Changelog ==
     89= 2.4.30 =
     90* Fixed link scanning on the WP scan page
     91* Internal improvements
     92
    8993= 2.4.29 =
    9094* Added Plugin Checks for CVEs

  • wt-security/trunk/wt-security.php

    r3115977 r3121600  
    77 * Text Domain: wtotem
    88 * Domain Path: /lang
    9  * Version: 2.4.29
     9 * Version: 2.4.30
    1010 * License: GPL v2 or later
    1111 * License URI:       http://www.gnu.org/licenses/gpl-2.0.txt
     
    5555 * Current version of the plugin's code.
    5656 */
    57 define('WEBTOTEM_VERSION', '2.4.29');
     57define('WEBTOTEM_VERSION', '2.4.30');
    5858
    5959/**
Note: See TracChangeset for help on using the changeset viewer.