Context Navigation

← Previous Changeset
Next Changeset →

Changeset 584844

Timestamp:

08/13/2012 12:36:27 PM (14 years ago)

Author:

6Scan

Message:

We have completely changed the file access paths. Now, when signature/.htaccess file is created/changed, wp_filesystem path functions are used instead of filesystem ones

Location:

6scan-protection/trunk

Files:

: 5 edited

6scan.php (modified) (1 diff)
admin/includes/common.php (modified) (7 diffs)
admin/includes/htaccess.php (modified) (2 diffs)
admin/includes/installation.php (modified) (3 diffs)
modules/signatures/update.php (modified) (9 diffs)

Legend:

: Unmodified
: Added
: Removed

6scan-protection/trunk/6scan.php

r580294	r584844
24	24	define( 'SIXSCAN_PLUGIN_DIR' , trailingslashit( dirname(__FILE__) ) );
25	25	define( 'SIXSCAN_PLUGIN_URL' , trailingslashit( plugins_url( basename ( dirname (__FILE__) ) ) ) );
	26	define( 'SIXSCAN_PLUGIN_DIRNAME' , basename( dirname ( __FILE__ ) ) );
26	27
27	28	/* Platform type */

6scan-protection/trunk/admin/includes/common.php

-                      r580294
+                      r584844
 define ( 'SIXSCAN_LOGIN_LOCKED_OUT_MINUTES' ,           'login_locked_out_minutes' );
 define ( 'SIXSCAN_LOGIN_NOTIFY_ADMIN_EMAIL' ,           'login_notify_admin_email' );
-define ( 'SIXSCAN_ANTISPAM_PROTECTION_ON_OPTION' ,      'antispam_protection_on' );
-define ( 'SIXSCAN_ANTISPAM_DELETE_OLD_OPTION' ,         'antispam_delete_old_spam' );
 define ( 'SIXSCAN_UPDATE_OK_RESPONSE_CODE',             200 );
 …
 define ( 'SIXSCAN_ANALYTICS_OK_STRING',                 'ok' );
 define ( 'SIXSCAN_ANALYTICS_FAIL_PREFIX_STRING',        'error_' );
+define( 'SIXSCAN_HTACCESS_FILE',                        ABSPATH . '/.htaccess' );
 define( 'SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME',        '6scan-gate.php' );
+define ( 'SIXSCAN_HTACCESS_FILE',                       ABSPATH . '/.htaccess' );
+define ( 'SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME',       '6scan-gate.php' );
 define( 'SIXSCAN_ADMIN_ACCESS_COOKIE_NAME',             'sixscan_wpblog_admin' );
 …
 /*  If this script is included from outside, we will not have SIXSCAN_PLUGIN_DIR defined, but we do not really need it */
+if ( defined( 'SIXSCAN_PLUGIN_DIR' ) ){
+if ( defined( 'SIXSCAN_PLUGIN_DIR' ) ){
     define( 'SIXSCAN_HTACCESS_6SCAN',                       SIXSCAN_PLUGIN_DIR . '/data/.htaccess.dat' );
+    function sixscan_common_get_src_htaccess( $is_direct = TRUE ){
+        if ( $is_direct == TRUE )
+            return SIXSCAN_HTACCESS_6SCAN;
+        global $wp_filesystem;
+        return $wp_filesystem->find_folder( SIXSCAN_HTACCESS_6SCAN );
+    }
     define( 'SIXSCAN_SIGNATURE_SRC',                        SIXSCAN_PLUGIN_DIR . '/data/' . SIXSCAN_COMM_SIGNATURE_FILENAME );
+    function sixscan_common_get_signature_src( $is_direct = TRUE ){
+        if ( $is_direct == TRUE )
+            return SIXSCAN_SIGNATURE_SRC;
+        global $wp_filesystem;
+        return $wp_filesystem->find_folder( SIXSCAN_SIGNATURE_SRC );
+    }
     define( 'SIXSCAN_HTACCESS_6SCAN_GATE_SOURCE',           SIXSCAN_PLUGIN_DIR . '/data/' . SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME );
+    function sixscan_common_get_gate_src( $is_direct = TRUE ){
+        if ( $is_direct == TRUE )
+            return SIXSCAN_HTACCESS_6SCAN_GATE_SOURCE;
+        global $wp_filesystem;
+        return $wp_filesystem->find_folder( SIXSCAN_HTACCESS_6SCAN_GATE_SOURCE );
+    }
     define( 'SIXSCAN_ANALYZER_LOG_FILEPATH',                SIXSCAN_PLUGIN_DIR . SIXSCAN_SECURITY_LOG_FILENAME );
+}
+define( 'SIXSCAN_HTACCESS_6SCAN_GATE_DEST',             ABSPATH . SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME );
+define( 'SIXSCAN_SIGNATURE_DEST',                       ABSPATH . SIXSCAN_COMM_SIGNATURE_FILENAME );
 define( 'SIXSCAN_COMMON_DASHBOARD_URL',                 'six-scan-dashboard' );
 define( 'SIXSCAN_COMMON_SETTINGS_URL',                  'six-scan-settings' );
 …
 EOD
 );
+function sixscan_common_get_htaccess_file_path( $is_direct ){
+    if ( $is_direct == TRUE )
+        return SIXSCAN_HTACCESS_FILE;
+    global $wp_filesystem;
+    return $wp_filesystem->abspath() . '.htaccess';
+}
+function sixscan_common_get_htaccess_dest_path( $is_direct = TRUE ){
+    if ( $is_direct == TRUE )
+        return ABSPATH . SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME;
+    global $wp_filesystem;
+    return $wp_filesystem->abspath() . SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME;
+}
+function sixscan_common_get_signature_dest_path( $is_direct = TRUE ){
+    if ( $is_direct == TRUE )
+        return ABSPATH . SIXSCAN_COMM_SIGNATURE_FILENAME;
+    global $wp_filesystem;
+    return $wp_filesystem->abspath() . SIXSCAN_COMM_SIGNATURE_FILENAME;
+}
 function sixscan_common_set_site_id( $site_id ){
 …
     $submission_data .= "Is access through proxy: $is_through_proxy\n";
     $htaccess_contents = file_get_contents( SIXSCAN_HTACCESS_FILE );
+    $htaccess_contents = file_get_contents( sixscan_common_get_htaccess_file_path( TRUE ) );
     if ( $htaccess_contents == FALSE )
         $htaccess_contents = "Empty";
 …
     global $wp_filesystem;
     $tmp_fname = tempnam( untrailingslashit( $dir_name ) , 'sixscantmp_');
+    $tmp_fname = untrailingslashit( $dir_name ) . 'sixscantmp_';
     $ftmp_result = $wp_filesystem->put_contents( $tmp_fname , 'write_test' );
 …
     /* Cleanup */
     unlink( $tmp_fname );
+    $wp_filesystem->delete( $tmp_fname );
     return TRUE;
+}

6scan-protection/trunk/admin/includes/htaccess.php

-                      r580294
+                      r584844
     $ret_error = array();
+    $htaccess_sixscan = trim ( $wp_filesystem->get_contents( SIXSCAN_HTACCESS_6SCAN . $htaccess_sixscan_version ) ) . "\n\n";
+    if ( ! $wp_filesystem->copy( SIXSCAN_HTACCESS_6SCAN_GATE_SOURCE, SIXSCAN_HTACCESS_6SCAN_GATE_DEST , TRUE , 0755 ) ) {
+        $ret_error[ 'user_message' ] = 'Failed copying ' . SIXSCAN_HTACCESS_6SCAN_GATE_FILE_NAME . ' during installation';
+    $is_direct = ( $wp_filesystem->method == 'direct' );
+    $local_htaccess_path = sixscan_common_get_htaccess_file_path( $is_direct );
+    $htaccess_sixscan = trim ( $wp_filesystem->get_contents( sixscan_common_get_src_htaccess( $is_direct ) . $htaccess_sixscan_version ) ) . "\n\n";
+    if ( ! $wp_filesystem->copy( sixscan_common_get_gate_src( $is_direct ) , sixscan_common_get_htaccess_dest_path( $is_direct ) , TRUE , 0755 ) ) {
+        $ret_error[ 'user_message' ] = 'Failed copying ' . sixscan_common_get_htaccess_dest_path( $is_direct ) . ' during installation';
         $ret_error[ 'short_description' ] = 'Failed copying htaccess during installation';
         return $ret_error;
+    }
     if ( ! $wp_filesystem->copy( SIXSCAN_SIGNATURE_SRC, SIXSCAN_SIGNATURE_DEST , TRUE , 0755 ) ) {
         $ret_error[ 'user_message' ] = 'Failed copying ' . SIXSCAN_SIGNATURE_SRC . ' during installation';
+    if ( ! $wp_filesystem->copy( sixscan_common_get_signature_src( $is_direct ), sixscan_common_get_signature_dest_path( $is_direct ) , TRUE , 0755 ) ) {
+        $ret_error[ 'user_message' ] = 'Failed copying ' . sixscan_common_get_signature_src( $is_direct ) . ' during installation';
         $ret_error[ 'short_description' ] = 'Failed copying signature during installation';
         return $ret_error;
+    }
     if ( $wp_filesystem->exists( SIXSCAN_HTACCESS_FILE ) ) {
         $htaccess_content = $wp_filesystem->get_contents( SIXSCAN_HTACCESS_FILE );
+    if ( $wp_filesystem->exists( $local_htaccess_path ) ) {
+        $htaccess_content = $wp_filesystem->get_contents( $local_htaccess_path );
         $htaccess_sixscan .= preg_replace( '@# Created by 6Scan plugin(.*?)# End of 6Scan plugin@s' , '' , $htaccess_content ) ;
         $wp_filesystem->delete( SIXSCAN_HTACCESS_FILE );
+        $wp_filesystem->delete( $local_htaccess_path );
+    }
     if ( $wp_filesystem->put_contents( SIXSCAN_HTACCESS_FILE , $htaccess_sixscan ) === FALSE ){
+    if ( $wp_filesystem->put_contents( $local_htaccess_path , $htaccess_sixscan ) === FALSE ){
         $ret_error[ 'user_message' ] = 'Failed opening htaccess during installation';
         $ret_error[ 'short_description' ] = 'Failed opening htaccess during installation';
 …
         WP_Filesystem();
+    $is_direct = ( $wp_filesystem->method == 'direct' );
+    $local_htaccess_path = sixscan_common_get_htaccess_file_path( $is_direct );
     try {
         if ( $wp_filesystem->exists( SIXSCAN_HTACCESS_FILE ) ) {
             $htaccess_content = $wp_filesystem->get_contents( SIXSCAN_HTACCESS_FILE );
+        if ( $wp_filesystem->exists( $local_htaccess_path ) ) {
+            $htaccess_content = $wp_filesystem->get_contents( $local_htaccess_path );
             $a = preg_replace( '@# Created by 6Scan plugin(.*?)# End of 6Scan plugin@s', '', $htaccess_content) ;
+            if ( $wp_filesystem->put_contents( $local_htaccess_path , $a ) === FALSE )
+                throw new Exception('Failed to open htaccess during installation');
+        }
-        if ( $wp_filesystem->put_contents( SIXSCAN_HTACCESS_FILE , $a ) === FALSE )
-            throw new Exception('Failed to open htaccess during installation');
-        if ( filesize( SIXSCAN_HTACCESS_FILE ) == 1 )
-            $wp_filesystem->delete( SIXSCAN_HTACCESS_FILE );
         if ( $wp_filesystem->exists( SIXSCAN_HTACCESS_6SCAN_GATE_DEST ) )
             $wp_filesystem->delete( SIXSCAN_HTACCESS_6SCAN_GATE_DEST );
+        if ( $wp_filesystem->exists( sixscan_common_get_htaccess_dest_path( $is_direct ) ) )
+            $wp_filesystem->delete( sixscan_common_get_htaccess_dest_path( $is_direct ) );
         if ( $wp_filesystem->exists( SIXSCAN_SIGNATURE_DEST ) )
             $wp_filesystem->delete ( SIXSCAN_SIGNATURE_DEST ) ;
+        if ( $wp_filesystem->exists( sixscan_common_get_signature_dest_path( $is_direct ) ) )
+            $wp_filesystem->delete ( sixscan_common_get_signature_dest_path( $is_direct ) ) ;
     } catch( Exception $e ) {

6scan-protection/trunk/admin/includes/installation.php

-                      r580294
+                      r584844
     if ( sixscan_installation_wpfs_init( $tmp_key ) == FALSE)
         return;
     /* Run the install */
     $install_result = sixscan_installation_install( $tmp_key );
 …
         /*  Make sure we can create signature file and update the site's .htaccess file */
         if ( sixscan_common_test_dir_writable( ABSPATH ) == FALSE ){
+        if ( sixscan_common_test_dir_writable( $wp_filesystem->abspath() ) == FALSE ){
             $err_message = "6Scan Install <b>Error</b>: Failed creating signature file at Wordpress directory " . ABSPATH . SIXSCAN_COMM_SIGNATURE_FILENAME .
             "<br/><br/>Please see <a href='http://codex.wordpress.org/Changing_File_Permissions' target='_blank'>this Wordpress article</a> for more information on how to add write permissions." .
 …
         define( 'FS_METHOD' , 'direct' );
     else if ( $wpfs_detect_try == 'ftpext' )
+        define( 'FS_METHOD' , 'ftpext' );
+        define( 'FS_METHOD' , 'ftpext' );
     if ( WP_Filesystem() ){
         $config_key = "";

6scan-protection/trunk/modules/signatures/update.php

-                      r566110
+                      r584844
     global $wp_filesystem;
     /*  Prepare temporary names */
+    $temp_upgrade_dir = get_temp_dir() . trailingslashit( "6scan_update" );
+    $temp_zip_file = get_temp_dir() . "bguard.zip";
+    $temp_upgrade_dir_local = trailingslashit( WP_CONTENT_DIR ) . trailingslashit( "6scan_update" );
+    $temp_upgrade_dir = $wp_filesystem->wp_content_dir() . trailingslashit( "6scan_update" );
+    $temp_zip_file_local = trailingslashit( WP_CONTENT_DIR ) . "bguard.zip";
+    $temp_zip_file = $wp_filesystem->wp_content_dir() . "bguard.zip";
     /*  Create temp directory for update */
+    if ( ( $wp_filesystem->is_dir( $temp_upgrade_dir ) == FALSE ) && ( $wp_filesystem->mkdir( $temp_upgrade_dir ) == FALSE ) )
+    if ( $wp_filesystem->exists( $temp_upgrade_dir ) )
+        $wp_filesystem->delete ( $temp_upgrade_dir , TRUE );
+    if ( ($wp_filesystem->is_dir( $temp_upgrade_dir ) == FALSE )  && ( $wp_filesystem->mkdir( $temp_upgrade_dir ) == FALSE ) )
         return "Failed creating temp directory for update at " . $temp_upgrade_dir;
+    /*  Write the zip file */
+    /*  Write the zip file */
+    if ( $wp_filesystem->exists( $temp_zip_file ) )
+        $wp_filesystem->delete( $temp_zip_file );
     if ( $wp_filesystem->put_contents( $temp_zip_file , $zipped_program ) == FALSE )
         return "Failed writing file to " . $temp_zip_file;
     /*  unzip_file returns mixed on failure. It uses global $wp_filesystem */
     if ( unzip_file( $temp_zip_file , $temp_upgrade_dir ) !== TRUE )
+    /*  unzip_file returns mixed on failure. It uses global $wp_filesystem. */
+    if ( unzip_file( $temp_zip_file_local , $temp_upgrade_dir ) !== TRUE ){
         return "unzip_file() from $temp_zip_file to $temp_upgrade_dir failed";
+    }
     /*  Remove the no longer required zip file */
     $wp_filesystem->delete( $temp_zip_file );
+    $plugin_main_directory = plugin_dir_path( __FILE__ ) . "../../";
+    $temp_upgrade_dir_internal = sixscan_signatures_update_find_plugin_dir( $temp_upgrade_dir );
+    if ( $temp_upgrade_dir_internal == "")
+        return "Couldn't find plugin dir in the unzipped folder $temp_upgrade_dir";
+    $plugin_main_directory = plugin_dir_path( __FILE__ ) . "../../";
+    $plugin_main_directory = $wp_filesystem->wp_plugins_dir() . SIXSCAN_PLUGIN_DIRNAME;
+    $temp_upgrade_dir_internal = sixscan_signatures_update_find_plugin_dir( $temp_upgrade_dir_local );
+    if ( $temp_upgrade_dir_internal == "" )
+        return "Couldn't find plugin dir in the unzipped folder $temp_upgrade_dir_local";
+    $temp_upgrade_dir_internal = untrailingslashit( $wp_filesystem->find_folder( $temp_upgrade_dir_internal ) );
     /*  Now bulk copy the rest of files to their places: */
     sixscan_signatures_update_move_dir_recursive( $temp_upgrade_dir_internal , $plugin_main_directory );
+    /*  Remove the tmp directory */
+    $wp_filesystem->delete ( $temp_upgrade_dir_internal );
+    $wp_filesystem->delete ( $temp_upgrade_dir );
+    /*  Remove the tmp directory */
+    $wp_filesystem->delete ( $temp_upgrade_dir , TRUE );
     return TRUE;
 …
 function sixscan_signatures_update_parse( $raw_data ) {
+    $signature_filename = ABSPATH . "/" . SIXSCAN_COMM_SIGNATURE_FILENAME;
+    global $wp_filesystem;
+    $signature_filename = $wp_filesystem->find_folder( ABSPATH ) . SIXSCAN_COMM_SIGNATURE_FILENAME;
     $signature_filename_tmp = $signature_filename . ".tmp";
     $signature_offset = strpos( $raw_data , SIXSCAN_SIGNATURE_MULTIPART_DELIMITER );
     global $wp_filesystem;
     if ($signature_offset === FALSE)
 …
     global $wp_filesystem;
+    if ( file_exists( SIXSCAN_HTACCESS_FILE ) ) {
+        $htaccess_content = $wp_filesystem->get_contents( SIXSCAN_HTACCESS_FILE );
+    $htaccess_fpath = sixscan_common_get_htaccess_file_path( $wp_filesystem->method == 'direct' );
+    if ( $wp_filesystem->exists( $htaccess_fpath ) ) {
+        $htaccess_content = $wp_filesystem->get_contents( $htaccess_fpath );
         /*  Remove old 6Scan signature contents */
         $new_content = trim( preg_replace( '@# Created by 6Scan plugin(.*?)# End of 6Scan plugin@s', '', $htaccess_content) );
 …
     $htaccess_links .= $vuln_urls;
     $tmp_htaccess_file = SIXSCAN_HTACCESS_FILE . ".tmp";
+    $tmp_htaccess_file = $htaccess_fpath . ".tmp";
     $new_content = "# Created by 6Scan plugin
 …
     $wp_filesystem->put_contents( $tmp_htaccess_file , $new_content );
     if ( sixscan_signatures_update_copy_file( $tmp_htaccess_file , SIXSCAN_HTACCESS_FILE ) == FALSE )
         return "Failed moving htaccess from $tmp_htaccess_file to " . SIXSCAN_HTACCESS_FILE;
+    if ( sixscan_signatures_update_copy_file( $tmp_htaccess_file , $htaccess_fpath ) == FALSE )
+        return "Failed moving htaccess from $tmp_htaccess_file to " . $htaccess_fpath;
     return TRUE;
 …
             $wp_filesystem->mkdir( $dest );
+        $file_list = scandir( $source );
+        foreach( $file_list as $current_file ) {
+        //$file_list = scandir( $source );
+        $file_list = $wp_filesystem->dirlist( $source );
+        foreach( $file_list as $farray => $current_fname ) {
+            $current_file = $current_fname['name'];
             if( $current_file == "." || $current_file == ".." ) {
                 /* skip "current" and "previous" directory */
 …
+            }
             if( is_dir( $source . "/" . $current_file ) ) {
+            if( $wp_filesystem->is_dir( $source . "/" . $current_file ) ) {
             /*  If it is directory , we have to call the recursion.*/
                 sixscan_signatures_update_move_dir_recursive( $source . "/" . $current_file, $dest. "/" . $current_file );
 …
     global $wp_filesystem;
+    $wp_filesystem->delete( $dst_file );
     return $wp_filesystem->move( $src_file , $dst_file , TRUE );
+}
 …
         return WP_Filesystem();
+    }
     $cfg_arr = unserialize( sixscan_common_decrypt_string( base64_decode ( $wp_fs_param ) , $config_key ) );
+    $wp_fs = WP_Filesystem( $cfg_arr );
+    if ( $wp_fs ){
+        $wp_filesystem->connect();
+        return $wp_fs;
+    }
+    $wp_fs = WP_Filesystem( $cfg_arr );
     return $wp_fs;

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: