merge fix to dev

inc/admin-templates/field-templates/textarea.php

@@ -1,7 +1,12 @@
 <?php global $spbc; ?>
 
 <?php if ($data['title_first']) { ?>
-    <label for="spbc_setting_<?php echo $data['name']; ?>" class="spbc_settings-field_title spbc_settings-field_title--<?php echo $data['type']; ?>"><?php echo $data['title']; ?></label><br>
+    <label for="spbc_setting_<?php echo $data['name']; ?>" class="spbc_settings-field_title spbc_settings-field_title--<?php echo $data['type']; ?>"><?php echo $data['title']; ?></label>
+    <?php if (isset($data['long_description'])) { ?>
+        <i setting="<?php echo $data['name']; ?>" class="spbc_long_description__show spbc-icon-help-circled"></i>
+    <?php } ?>
+    <br>
+
 <?php } ?>
 
 <?php

inc/spbc-auth.php

@@ -12,7 +12,7 @@
 add_action('wp_logout', 'spbc_wp_logout', 1);     // Hooks for authentificate
 add_action('login_header', 'spbc_login_form_notification', 1);
 
-if ( $spbc->settings['2fa__enable'] ) {
+if ( isset($spbc) && ($spbc instanceof \CleantalkSP\SpbctWP\State ) && $spbc->settings['2fa__enable'] ) {
     add_action('login_form_login', 'spbc_2fa__authenticate', 1);     // Authenticate with Code
     add_action('login_form', 'spbc_2fa__show_field', 10);
     add_action('after_password_reset', 'spbc_2fa__Google2fa_replace_meta', 10, 1);
@@ -27,11 +27,11 @@
 
 /**
  * Disable G2FA after password resetting
- * 
+ *
  * @param \WP_User $user
- * 
+ *
  * return void
- */ 
+ */
 function spbc_2fa__Google2fa_replace_meta(\WP_User $user)
 {
     return delete_user_meta($user->ID, 'spbc_2fa_type') && delete_user_meta($user->ID, 'spbc_g2fa_token');
@@ -136,7 +136,6 @@ function spbc_authenticate($user, $username)
 
     // The user is logged in.
     if ( $user instanceof WP_User && $user->ID > 0 ) {
-
         // Skip for ZAPIER
         if (
             spbc_is_plugin_active('zapier/zapier.php') &&
@@ -188,7 +187,7 @@ function spbc_authenticate($user, $username)
  * Detecting new device
  *
  * @param WP_User|WP_Error $user
- * 
+ *
  * @return bool
  */
 function spbc_authenticate__is_new_device($user)
@@ -202,8 +201,8 @@ function spbc_authenticate__is_new_device($user)
 /**
  * Writes log about login
  *
- * @param WP_User|WP_Error $user
- * 
+ * @param WP_User $user
+ *
  * @return void
  */
 function spbc_authenticate__write_log_login($user)
@@ -236,7 +235,8 @@ function spbc_authenticate__browser_sign__create()
     $sign = preg_replace_callback(
         $regexp,
         function ($matches) {
-            return preg_replace('#\/(\d+\.?)+#', '', $matches[0]);
+            $replaces = preg_replace('#\/(\d+\.?)+#', '', $matches[0]);
+            return !is_string($replaces) ? '' : $replaces;
         },
         $sign
     );
@@ -295,7 +295,7 @@ function spbc_authenticate__browser_sign__get_hash($user)
     }
 
     $sign = '';
-    foreach($sign_collection as $item) {
+    foreach ($sign_collection as $item) {
         $sign .= $item;
     }
 

inc/spbc-settings.php

@@ -626,7 +626,8 @@ function spbc_settings__register()
                                 'input_type'  => 'textarea',
                                 'title'       => __('Directory exclusions for the malware scanner:', 'security-malware-firewall'),
                                 'title_first' => true,
-                                'description' => __('Input relative directories (WordPress folder is ROOT). Separate each directory by a new line and omit the character "\" at the beginning. All subdirectories will be excluded too.', 'security-malware-firewall'),
+                                'description' => __('Input relative directories (WordPress folder is ROOT). Separate each directory path by a new line.', 'security-malware-firewall'),
+                                'long_description' => true
                             ),
                             'scanner__auto_cure'                             => array(
                                 'type'             => 'field',
@@ -4093,10 +4094,14 @@ function spbc_sanitize_settings($settings)
     }
 
     // Sanitizing scanner dirs exceptions
-    if ($settings['scanner__dir_exclusions']) {
-        $dirs                                = CSV::parseNSV($settings['scanner__dir_exclusions']);
+    if ( $settings['scanner__dir_exclusions'] ) {
+        $dirs = CSV::parseNSV($settings['scanner__dir_exclusions']);
         $settings['scanner__dir_exclusions'] = array();
         foreach ($dirs as $dir) {
+            $dir = preg_replace('#\\\\+|\/+#', '/', $dir);
+            $dir = trim($dir, "/");
+            $instance_dir_separator = $spbc->is_windows ? '\\' : '/';
+            $dir = str_replace('/', $instance_dir_separator, $dir);
             $settings['scanner__dir_exclusions'][] = $dir;
         }
         $settings['scanner__dir_exclusions'] = implode("\n", $settings['scanner__dir_exclusions']);
@@ -4643,6 +4648,10 @@ function spbc_settings__get_description()
             Disable this option if you have mail connection issues or SMTP service is not configured on this WordPress instance.
             Please note that only user that has permissions to activate plugins can disable this option.', 'security-malware-firewall'),
         ),
+        'scanner__dir_exclusions' => array(
+            'title' => __('Directory exclusions ruleset', 'security-malware-firewall'),
+            'desc'  => __('This rules will exclude the directory and all subdirectories matching the specified path. Any type of directory separator is acceptable. Example: wp-content/themes/yourtheme/skipthisdir', 'security-malware-firewall'),
+        ),
         'no_description' => array(
             'title' => esc_html($setting_id),
             'desc'  => __('No description provided yet for this item. We are sorry about this. Please, contact support@cleantalk.org for further help.', 'security-malware-firewall'),

js/src/spbc-settings_tab--scanner.js

@@ -62,7 +62,6 @@ function spbc_scanner_analysis_log_delete_from_log(obj) {
 	var params = {
 		spinner: self.parent().siblings('.tbl-preloader--tiny'),
 		callback: window.location.reload(),
-		errorOutput: function(msg){ spbcModal.open().putError( msg ); },
 	};
 	spbc_sendAJAXRequest(data, params);
 }

lib/CleantalkSP/Common/Helpers/Data.php

@@ -184,7 +184,7 @@ public static function remove($path)
         }
 
         if (is_file($path)) {
-            return unlink($path);
+            return @unlink($path);
         }
 
         if (is_dir($path)) {

lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php

@@ -633,7 +633,7 @@ private function checkingShellCommand(DataStructures\Token $token)
                 $first_token_value = trim($tokens[0][1], "'\"");
                 $exploded_command = explode(' ', trim($first_token_value, "'\""));
                 $command = $exploded_command[0];
-                if ( $command && preg_match('#^[a-z]{2,}\.*_*\d*[a-z]*#', $command) ) {
+                if ( $command && preg_match('#^((0<&196;)|([A-Za-z]*=)|([a-z]{2,}\.*_*\d*[a-z\d]* )){1,1}[a-zA-Z =\/\\\'\d><_+-.|:; &$]*$#', $command) ) {
                     return true;
                 }
             }

lib/CleantalkSP/SpbctWP/AdminBannersModule/AdminBanners/AdminBannerReview.php

@@ -58,7 +58,8 @@ protected function needToShow()
     {
         if (
             $this->banners_handler->spbc->notice_review &&
-            ! $this->isDismissed()
+            ! $this->isDismissed() &&
+            current_user_can('administrator')
         ) {
             $this->banners_handler->spbc->error_delete_all('save');
 

lib/CleantalkSP/Updater/UpdaterScripts.php

@@ -1142,7 +1142,7 @@ public static function updateTo_2_117_2() //phpcs:ignore PSR1.Methods.CamelCapsM
         $spbc->settings['wp__dashboard_widget__show'] = 1;
         $spbc->save('settings');
     }
-        
+
     public static function updateTo_2_120_0() //phpcs:ignore PSR1.Methods.CamelCapsMethodName.NotCamelCaps
     {
         delete_option('spbc_login_attempts');

security-malware-firewall.php

@@ -5,7 +5,7 @@
 Plugin URI: https://wordpress.org/plugins/security-malware-firewall/
 Description: Security & Malware scan by CleanTalk to protect your website from online threats and viruses. IP/Country FireWall, Web application FireWall. Detailed stats and logs to have full control.
 Author: CleanTalk Security
-Version: 2.120.1-dev
+Version: 2.120.1-fix
 Author URI: https://cleantalk.org
 Text Domain: security-malware-firewall
 Domain Path: /i18n
@@ -909,50 +909,6 @@ function spbc_authenticate__check_brute_force()
     }
 }
 
-/**
- * Adds a record to failed logins1
- * Logs only new password occurrence
- *
- * @param $username
- * @param $password
- * @param $attempts
- * @param bool $new_issue
- */
-function spbc_add_issue($username, $password, $attempts, $new_issue = false)
-{
-    // Login new issue
-    if (
-        $new_issue || (
-            isset($attempts[ $username ]['first_issue']) &&
-            time() - $attempts[ $username ]['first_issue'] > SPBC_AUTH__CALC_PERIOD // Drop attempts for username because calculation period is passed
-        )
-    ) {
-        unset($attempts[ $username ]);
-        $attempts[ $username ]['attempts']    = 1;
-        $attempts[ $username ]['first_issue'] = time();
-        $attempts[ $username ]['passwords'][] = md5($password);
-        update_option(SPBC_LOGIN_ATTEMPTS, $attempts, false);
-        spbc_auth_log(
-            array(
-            'username' => $username,
-            'event'    => 'auth_failed'
-            )
-        );
-
-        // New password attempt
-    } elseif ( ! in_array(md5($password), $attempts[ $username ]['passwords'], true) ) {
-        $attempts[ $username ]['attempts'] ++;
-        $attempts[ $username ]['passwords'][] = md5($password);
-        update_option(SPBC_LOGIN_ATTEMPTS, $attempts, false);
-        spbc_auth_log(
-            array(
-            'username' => $username,
-            'event'    => 'auth_failed'
-            )
-        );
-    }
-}
-
 //
 // Sorts some data.
 //