Merge remote-tracking branch 'remotes/origin/dev'

CleanTalk · Aug 13, 2020 · e21827e · e21827e
2 parents 2f88f82 + 7423041
commit e21827e
Show file tree

Hide file tree

Showing 15 changed files with 1,866 additions and 1,749 deletions.
diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
@@ -1,5 +1,6 @@
 <?php
 
+use CleantalkSP\Common\Helper;
 use CleantalkSP\SpbctWp\Helper as SpbcHelper;
 use CleantalkSP\SpbctWp\API as SpbcAPI;
 use CleantalkSP\Variables\Cookie;
@@ -304,7 +305,7 @@ function spbc_enqueue_scripts($hook) {
 	wp_enqueue_script('spbc-common-js', SPBC_PATH . '/js/spbc-common.min.js', array('jquery'), SPBC_VERSION, false);
 	wp_enqueue_script('spbc-admin-js',  SPBC_PATH . '/js/spbc-admin.min.js',  array('jquery'), SPBC_VERSION, false);
 
-	wp_localize_script('jquery', 'spbcSettings', array(
+	wp_localize_script('spbc-common-js', 'spbcSettings', array(
 		'wpms'         => (int)is_multisite(),
 		'is_main_site' => (int)is_main_site(),
 		'tc_enabled'   => $spbc->tc_enabled ? 1 : 0,
@@ -349,26 +350,26 @@ function spbc_enqueue_scripts($hook) {
 		wp_enqueue_script('spbc-settings-js',  SPBC_PATH . '/js/spbc-settings.min.js',   array('jquery'),  SPBC_VERSION, 'in_footer');
 		wp_enqueue_script('spbc-table-js',     SPBC_PATH . '/js/spbc-table.min.js',      array('jquery'),  SPBC_VERSION, 'in_footer');
 
-		wp_localize_script('jquery', 'spbcSettingsSecLogs', array(
+		wp_localize_script('spbc-settings-js', 'spbcSettingsSecLogs', array(
 			'amount'     => SPBC_LAST_ACTIONS_TO_VIEW,
 			'clicks'     => 0,
 		));
 
-		wp_localize_script('jquery', 'spbcSettingsFWLogs', array(
+		wp_localize_script('spbc-settings-js', 'spbcSettingsFWLogs', array(
 			'tc_status'  => $spbc->tc_status ? 1 : 0,
 			'amount'     => SPBC_LAST_ACTIONS_TO_VIEW,
 			'clicks'     => 0,
 		));
 
-		wp_localize_script('jquery', 'spbcTable', array(
+		wp_localize_script('spbc-settings-js', 'spbcTable', array(
 			'warning_bulk'       => __('Are sure you want to perform these actions?', 'security-malware-firewall'),
 			'warning_default'    => __('Do you want to proceed?', 'security-malware-firewall'),
 			'warning_delte'      => __('This can\'t be undone and could damage your website. Are you sure?', 'security-malware-firewall'),
 			'warning_replace'    => __('This can\'t be undone. Are you sure?', 'security-malware-firewall'),
 			'warning_quarantine' => __('This can\'t be undone and could damage your website. Are you sure?', 'security-malware-firewall'),
 		));
 
-		wp_localize_script('jquery', 'spbcScaner', array(
+		wp_localize_script('spbc-settings-js', 'spbcScaner', array(
 
 			// PARAMS
 
@@ -440,7 +441,7 @@ function spbc_enqueue_scripts($hook) {
 			'last_scan_was_just_now_links'  => __('Website last scan was just now. %s files were scanned. %s outbound links were found.', 'security-malware-firewall'),
 		));
 
-		wp_localize_script('jquery', 'spbcDescriptions', array(
+		wp_localize_script('spbc-settings-js', 'spbcDescriptions', array(
 			'waf_enabled' => __('Bla bla', 'security-malware-firewall'),
 			'waf_xss_check' => __('Cross-Site Scripting (XSS) — prevents malicious code to be executed/sent to any user. As a result malicious scripts can not get access to the cookie files, session tokens and any other confidential information browsers use and store. Such scripts can even overwrite content of HTML pages. CleanTalk WAF monitors for patterns of these parameters and block them.', 'security-malware-firewall'),
 			'waf_sql_check' => __('SQL Injection — one of the most popular ways to hack websites and programs that work with databases. It is based on injection of a custom SQL code into database queries. It could transmit data through GET, POST requests or cookie files in an SQL code. If a website is vulnerable and execute such injections then it would allow attackers to apply changes to the website\'s MySQL database.', 'security-malware-firewall'),
@@ -634,15 +635,15 @@ function spbc_set_secure_cookies( $cookies ) {
 
 	foreach( $cookies as $cookie_name => $cookie_value ) {
 
-		$success[] = setcookie($cookie_name, $cookie_value, 0, '/', $domain, false, true);
+		$success[] = Helper::cookie_set($cookie_name, $cookie_value, 0, '/', $domain, false, true);
 
 		$cookie_test_value['cookies_names'][] = $cookie_name;
 		$cookie_test_value['check_value'] .= $cookie_value;
 
 	}
 
 	$cookie_test_value['check_value'] = md5($cookie_test_value['check_value']);
-	$success[] = setcookie('spbc_cookies_test', urlencode(json_encode($cookie_test_value)), 0, '/', $domain, false, true);
+	$success[] = Helper::cookie_set('spbc_cookies_test', urlencode(json_encode($cookie_test_value)), 0, '/', $domain, false, true);
 
 	if ( in_array( false, $success ) ) {
 		throw new Exception( 'SPBC: Secure cookies does not set (setcookie error).' );

diff --git a/inc/spbc-scanner.php b/inc/spbc-scanner.php
@@ -567,6 +567,8 @@ function spbc_scanner_count_files($direct_call = false, $path = ABSPATH){
 
 	if(!$direct_call) spbc_check_ajax_referer('spbc_secret_nonce', 'security');
 
+	global $spbc;
+
 	$path_to_scan = realpath($path);
 	$root_path    = realpath(ABSPATH);
 	$init_params  = array(
@@ -578,6 +580,9 @@ function spbc_scanner_count_files($direct_call = false, $path = ABSPATH){
 			str_replace('/', '\/', str_replace('\\', '\\\\', $path_to_scan)).'(\/|\\\\)wp-content(\/|\\\\)'.'(\/|\\\\)plugins(\/|\\\\)'.'(\/|\\\\)security-malware-firewall(\/|\\\\)'.'(\/|\\\\)quarantine(\/|\\\\)?.+',
 			)
 	);
+	if( ! empty( $spbc->settings['scanner_dir_exclusions'] ) )
+		$init_params['dir_exceptions'] = array_merge( $init_params['dir_exceptions'], explode( "\r\n", $spbc->settings['scanner_dir_exclusions'] ) );
+
 	$scaner = new SpbcScaner($path_to_scan, $root_path, $init_params);
 
 	$output = array(
@@ -641,6 +646,8 @@ function spbc_scanner_scan($direct_call = false, $offset = 0, $amount = 1500, $p
 			str_replace('/', '\/', str_replace('\\', '\\\\', $path_to_scan)).'(\/|\\\\)wp-content(\/|\\\\)'.'(\/|\\\\)plugins(\/|\\\\)'.'(\/|\\\\)security-malware-firewall(\/|\\\\)'.'(\/|\\\\)quarantine(\/|\\\\)?.+',
 		)
 	);
+	if( ! empty( $spbc->settings['scanner_dir_exclusions'] ) )
+		$init_params['dir_exceptions'] = array_merge( $init_params['dir_exceptions'], explode( "\r\n", $spbc->settings['scanner_dir_exclusions'] ) );
 
 	$time_start = microtime(true);
 
@@ -1092,7 +1099,7 @@ function spbc_scanner_links_count_found__domains(/* Out */ $count = 0)
 {
 	global $wpdb;
 	$count = $wpdb->get_results(
-		'SELECT COUNT(DISTINCT domain) AS cnt FROM '. SPBC_TBL_SCAN_LINKS,
+		'SELECT COUNT(link_id) AS cnt FROM '. SPBC_TBL_SCAN_LINKS,
 		OBJECT_K);
 	return $count ? key($count) : 0;
 }

diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php
@@ -325,7 +325,7 @@ function spbc_settings__register() {
 							'scanner_auto_start_manual' => array(
 								'type' => 'field',
 								'title' => __('Manually set the auto scan time', 'security-malware-firewall'),
-								'description' => __('Scan website automatically at specific time.', 'security-malware-firewall'),
+								'description' => __('Scan website automatically at specific time. Uses your browser timezone.', 'security-malware-firewall'),
 								'childrens' => array('scanner_auto_start_manual_time'),
 								'parent' => 'scanner_auto_start',
 							),
@@ -372,6 +372,13 @@ function spbc_settings__register() {
 								'title' => __('Scan HTML code', 'security-malware-firewall'),
 								'description' => __('Will scan HTML code for known bad construstions.', 'security-malware-firewall'),
 							),
+							'scanner_dir_exclusions' => array(
+								'type' => 'field',
+								'input_type' => 'textarea',
+								'title' => __('Directory exclusions for malware scanner', 'security-malware-firewall'),
+								'title_first' => true,
+								'description' => __('Relative directories (wordpress folder is root). Separate each directory by a new line. Ahead "/" is redundant. All subdirectories will be also excluded.', 'security-malware-firewall'),
+							),
 						),
 					),
 					'misc' => array(
@@ -756,11 +763,49 @@ function spbc_settings__field__draw($field){
 				if(isset($field['description']))
 					echo '<div class="spbc_settings_description">'.$field['description'].'</div>';
 				break;
+
+			// Textarea type
+			case 'textarea':
+
+				if( $field['title_first'] )
+					echo '<label for="spbc_setting_' . $field['name'] . '" class="spbc_settings-field_title spbc_settings-field_title--' . $field['type'] . '">' . $field['title'] . '</label><br>';
+
+				echo '<textarea id="spbc_setting_' . $field['name'] . '" name="spbc_settings[' . $field['name'] . ']" '
+				     . ( $field['parent'] && ! $spbc->settings[ $field['parent'] ] ? ' disabled="disabled"' : '' )
+				     . ' style="width: 400px; height: 150px;"'
+				     . ' >'
+					 . ( $spbc->settings[ $field['name'] ] ? $spbc->settings[ $field['name'] ] : '' )
+					 . '</textarea>';
+
+				if( ! $field['title_first'] ){
+					echo '&nbsp;<label for="spbc_setting_' . $field['name'] . '" class="spbc_setting-field_title--' . $field['type'] . '">'
+					     . $field['title']
+					     . '</label>';
+				}
+
+				if( isset( $field['description'] ) )
+					echo '<div class="spbc_settings_description">' . $field['description'] . '</div>';
+
+				break;
+
+			// Time
 			case 'time':
 				echo '<input type = "time" id="spbc_setting_'.$field['name'].'" name="spbc_settings['.$field['name'].']" '.($field['parent'] && !$spbc->settings[$field['parent']] ? ' disabled="disabled"' : '').' 
 				'.'value="'.($spbc->settings[$field['name']] ? date('H:i', $spbc->settings[$field['name']]) : '').'" '.'>';
 				echo '<input type = "hidden" id = "user_timezone" name = "user_timezone" value = "">';
-				echo '<script type = "text/javascript">var date = new Date(); document.getElementById("user_timezone").value = -(date.getTimezoneOffset() / 60); if (document.getElementById("spbc_setting_'.$field['name'].'").value == "") { var currentTime = (date.getHours() < 10 ? "0" : "") + date.getHours() + ":" + (date.getMinutes() < 10 ? "0" : "") + date.getMinutes(); document.getElementById("spbc_setting_'.$field['name'].'").value = currentTime; } else {var initialDate = document.getElementById("spbc_setting_'.$field['name'].'").value; var dateObject = new Date(1900,0,1,initialDate.split(":")[0],initialDate.split(":")[1]); dateObject.setHours(dateObject.getHours() + -(date.getTimezoneOffset() / 60)); document.getElementById("spbc_setting_'.$field['name'].'").value = dateObject.getHours() + ":" + dateObject.getMinutes();}</script>';
+				echo '<script type = "text/javascript">
+					var date = new Date();
+						document.getElementById("user_timezone").value = -(date.getTimezoneOffset() / 60);
+						if (document.getElementById("spbc_setting_' . $field['name'] . '").value == "") {
+							var currentTime = (date.getHours() < 10 ? "0" : "") + date.getHours() + ":" + (date.getMinutes() < 10 ? "0" : "") + date.getMinutes();
+							document.getElementById("spbc_setting_' . $field['name'] . '").value = currentTime;
+						} else {
+							var initialDate = document.getElementById("spbc_setting_' . $field['name'] . '").value;
+							var dateObject = new Date(1900, 0, 1, initialDate.split(":")[0], initialDate.split(":")[1]);
+							dateObject.setHours(dateObject.getHours() + -(date.getTimezoneOffset() / 60));
+							document.getElementById("spbc_setting_' . $field['name'] . '").value = dateObject.getHours() + ":" + dateObject.getMinutes();
+						}
+					</script>';
 				break;
 		}
 
@@ -1126,7 +1171,10 @@ function spbc_field_statistics(){
 			? sprintf(__('%d errors in PHP log have been sent to CleanTalk Cloud on %s', 'security-malware-firewall'), $spbc->data['last_php_log_amount'], date('M d Y H:i:s', $spbc->data['last_php_log_sent']))
 			: __('Unknow last PHP log sending time.', 'security-malware-firewall'));
 	}
-
+
+	echo '<br/>';
+	echo 'Plugin version: ' . SPBC_VERSION;
+
 	echo '</div>';
 }
 
@@ -2383,6 +2431,17 @@ function spbc_sanitize_settings( $settings ){
 		}
 	}
 
+	// Sanitizing scanner dirs exceptions
+	if( $settings['scanner_dir_exclusions'] ){
+		$dirs = explode( "\r\n", $settings['scanner_dir_exclusions'] );
+ 		$settings['scanner_dir_exclusions'] = array();;
+		foreach( $dirs as $dir ){
+			if( is_dir( ABSPATH . $dir ) )
+				$settings['scanner_dir_exclusions'][] = $dir;
+		}
+		$settings['scanner_dir_exclusions'] = implode( "\r\n", $settings['scanner_dir_exclusions'] );
+	}
+
 	$settings['spbc_key'] = trim($settings['spbc_key']);
 	preg_match('/^[a-z\d]*$/', $settings['spbc_key'], $matches); // Check key format a-z\d
 	$settings['spbc_key'] = $settings['spbc_key']

diff --git a/install/security-malware-firewall-mu.php b/install/security-malware-firewall-mu.php
@@ -1,7 +1,7 @@
 /*
 Plugin Name: Security by CleanTalk: Must-Use Module
 Plugin URI: https://wordpress.org/plugins/security-malware-firewall/ 
-Description: Must-Use part of Security by CleanTalk plugin. Automaticcaly installed with Security by CleanTalk and deleted after it's deactivation.
+Description: Must-Use part of Security by CleanTalk plugin. Automatically installed with Security by CleanTalk and deleted after it's deactivation. 
 Author: CleanTalk Security
 Version: 2.0
 Author URI: https://cleantalk.org