Changeset 1406697 for querywall

Timestamp:

04/28/2016 05:57:12 PM (10 years ago)

Author:

4ley

Message:

Settings page added

Location:

querywall/trunk

Files:

• LICENSE (added)
• core/class-qwall-admin.php (modified) (5 diffs)
• core/class-qwall-core.php (modified) (4 diffs)
• core/class-qwall-dic.php (added)
• core/class-qwall-firewall.php (modified) (6 diffs)
• core/class-qwall-monitor.php (modified) (1 diff)
• core/class-qwall-notice.php (modified) (2 diffs)
• core/class-qwall-settings.php (added)
• core/class-qwall-setup.php (modified) (2 diffs)
• querywall.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)

querywall/trunk/core/class-qwall-admin.php

@@ -16 +16 @@
 
     /**
-     * Enqueue actions to build the admin pages.
+     * Magic starts here.
      *
-     * Calls all the needed actions to build any given admin page.
+     * All custom functionality will be hooked into the "init" action.
+     *
+     * @since 1.0.7
+     * @return void
+     */
+    public function __construct() {
+        add_action( 'init', array( $this, 'init' ), 30 );
+    }
+
+    /**
+     * Conditionally hook into WordPress.
+     *
+     * @since 1.0.7
+     * @return void
+     */
+    public function init() {
+
+        add_action( 'admin_menu', array( $this, 'cb_admin_menu' ) );
+        add_filter( 'plugin_row_meta', array( $this, 'cb_plugin_meta' ), 10, 2 );
+        add_action( 'qwall_purge_logs', array( $this, 'purge_logs' ) );
+    }
+
+    /**
+     * Enqueue actions to build the admin menu.
+     *
+     * Calls all the needed actions to build the admin menu.
      *
      * @since 1.0.1
      * @return void
      */
-    public static function build_admin() {
+    public function cb_admin_menu() {
 
-        global $plugin_file;
-
+        // add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $function, $icon_url, $position );
         add_menu_page(
             __( 'Firewall Request Monitor', 'querywall' ),
@@ -32 +56 @@
             'manage_options',
             'querywall',
-            array( __CLASS__, 'render_page' ),
+            array( $this, 'display_monitor_page' ),
             'dashicons-shield'
+        );
+
+        // add_submenu_page( $parent_slug, $page_title, $menu_title, $capability, $menu_slug, $function );
+        add_submenu_page(
+            'querywall',
+            __( 'Firewall Request Monitor', 'querywall' ),
+            __( 'Monitor', 'querywall' ),
+            'manage_options',
+            'querywall',
+            array( $this, 'display_monitor_page' )
         );
     }
 
     /**
-     * Displays firewall logs table
+     * Displays firewall request monitor page
      *
      * @since 1.0.1
      * @return void
      */
-    public static function render_page() {
+    public function display_monitor_page() {
 
         require( dirname( __FILE__ ) . '/class-qwall-monitor.php' );
@@ -124 +158 @@
 
     /**
-     * Displays admin notice on success, error, warning, etc.
-     *
-     * @since 1.0.5
-     * @return void
-     */
-    public static function render_admin_notice( $message, $css_classes = 'notice-success is-dismissible' ) {
-        ?>
-        <div class="notice <?php echo $css_classes; ?>">
-            <p><?php echo $message; ?></p>
-        </div>
-        <?php
-    }
-
-    /**
      * Purge blocked request logs.
      *
@@ -143 +163 @@
      * @return int|boolen
      */
-    public static function purge_logs( $older_than_hours = 0 ) {
+    public function purge_logs( $older_than_hours = 0 ) {
 
         global $wpdb;
@@ -159 +179 @@
      * Add rating link to plugin page.
      *
-     * @since 1.0.1
+     * @since 1.0.7
      * @return array
      */
-    public static function rate( $links, $file ) {
+    public function cb_plugin_meta( $links, $file ) {
+
         if ( strpos( $file, 'querywall.php' ) !== false ) {
-            $wp_url = 'https://wordpress.org/support/view/plugin-reviews/querywall?rate=5#postform';
-            $fb_url = 'https://www.facebook.com/querywall';
-            $links[] = '<a target="_blank" href="' . $wp_url . '" title="Rate and review QueryWall on WordPress.org">Rate this plugin</a>';
-            $links[] = '<a target="_blank" href="' . $fb_url . '" title="Visit QueryWall on Facebook" style="padding:0 5px;color:#fff;vertical-align:middle;border-radius:2px;background:#f5c140;">Visit on Facebook</a>';
+            // style="padding:0 2px;color:#fff;vertical-align:middle;border-radius:2px;background:#00b9eb;"
+            $links[] = '<a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/querywall?rate=5#postform" title="Rate and review QueryWall on WordPress.org">Rate on WordPress.org</a>';
+            $links[] = '<a target="_blank" href="https://github.com/4ley/querywall" title="Contribute to QueryWall on GitHub">Contribute on GitHub</a>';
+            $links[] = '<a target="_blank" href="https://www.facebook.com/querywall" title="Visit QueryWall on Facebook">Visit on Facebook</a>';
         }
+
         return $links;
     }
 }
 
+QWall_DIC::set( 'admin', new QWall_Admin() );
+
 endif;

querywall/trunk/core/class-qwall-core.php

@@ -30 +30 @@
     public static function init( $plugin_file ) {
 
-        $dirname = dirname( __FILE__ );
-
         self::$settings = array(
             'plugin_file' => $plugin_file,
@@ -37 +35 @@
         );
 
-        require_once( $dirname . '/class-qwall-firewall.php' );
-        QWall_Firewall::init();
+        $dirname = dirname( self::$settings['plugin_file'] );
+
+        require_once( $dirname . '/core/class-qwall-dic.php' );
+        require_once( $dirname . '/core/class-qwall-settings.php' );
+        require_once( $dirname . '/core/class-qwall-firewall.php' );
 
         if ( is_admin() ) {
@@ -59 +60 @@
         require_once( $dirname . '/core/class-qwall-notice.php' );
         require_once( $dirname . '/core/class-qwall-admin.php' );
+
         register_activation_hook( self::$settings['plugin_file'], array( 'QWall_Setup', 'on_activate' ) );
         register_deactivation_hook( self::$settings['plugin_file'], array( 'QWall_Setup', 'on_deactivate' ) );
         register_uninstall_hook( self::$settings['plugin_file'], array( 'QWall_Setup', 'on_uninstall' ) );
         add_action( 'activated_plugin', array( 'QWall_Setup', 'on_activated_plugin' ) );
-        add_action( 'admin_menu', array( 'QWall_Admin', 'build_admin' ) );
-        add_filter( 'plugin_row_meta', array( 'QWall_Admin', 'rate' ), 10, 2 );
-        add_action( 'qwall_purge_logs', array( 'QWall_Admin', 'purge_logs' ) );
 
         if ( isset( $_POST['qwall_purge_logs_now'] ) ) {
@@ -73 +72 @@
             if ( wp_verify_nonce( $_POST['qwall_purge_logs_nonce'], 'qwall_purge_logs' ) ) {
                 
-                $affected_rows = QWall_Admin::purge_logs( ( int ) $_POST['qwall_purge_logs_older_than'] );
+                $affected_rows = QWall_DIC::get( 'admin' )->purge_logs( ( int ) $_POST['qwall_purge_logs_older_than'] );
                 
                 if ( false === $affected_rows ) {

querywall/trunk/core/class-qwall-firewall.php

@@ -30 +30 @@
 
     /**
-     * Magic starts here
+     * Magic starts here.
      *
-     * @since 1.0.1
+     * All custom functionality will be hooked into the "plugins_loaded" action.
+     *
+     * @since 1.0.7
      * @return void
      */
-    public static function init() {
+    public function __construct() {
+        add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ) );
+    }
+
+    /**
+     * Conditionally hook into WordPress.
+     *
+     * @since 1.0.7
+     * @return void
+     */
+    public function plugins_loaded() {
+
+        if ( is_user_logged_in() && QWall_DIC::get( 'settings' )->get( 'settings', 'disable_loggedin_users' ) ) {
+            return null;
+        }
+
+        self::analyze();
+    }
+
+    /**
+     * Analyze request
+     *
+     * @since 1.0.7
+     * @return void
+     */
+    private static function analyze() {
 
         // Analyze server variable
@@ -85 +112 @@
 
     /**
-     * You shall not pass
+     * You shall not pass!
      *
      * @since 1.0.1
@@ -92 +119 @@
     private static function close() {
 
-        header('HTTP/1.1 403 Forbidden');
-        header('Status: 403 Forbidden');
-        header('Connection: Close');
+        $qwall_settings   = QWall_DIC::get( 'settings' );
+        $redirect_url     = $qwall_settings->get( 'settings', 'redirect_url' );
+        $http_status_code = $qwall_settings->get( 'settings', 'http_status_code' );
+        $server_response  = $qwall_settings->get( 'settings', 'server_response' );
+
+        if ( empty( $redirect_url ) ) {
+
+            if( ! isset( $_SERVER['SERVER_PROTOCOL'] ) || empty( $_SERVER['SERVER_PROTOCOL'] ) ) {
+                $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.1';
+            }
+
+            $http_status_code_message = QWall_DIC::get( 'settings' )->get_http_status_codes( $http_status_code );
+
+            header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $http_status_code_message, true, $http_status_code);
+            header( 'Connection: Close' );
+        } else {
+            header('Location: ' . $redirect_url, true, $http_status_code);
+        }
+
+        if( ! empty( $server_response ) ) {
+            exit( $server_response );
+        }
+
         exit;
     }
@@ -112 +159 @@
         global $wpdb;
 
+        if( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
+            $user_agent = $_SERVER['HTTP_USER_AGENT'];
+        } else {
+            $user_agent = '';
+        }
+
+        if ( QWall_DIC::get( 'settings' )->get( 'settings', 'anonymize_ip' ) ) {
+            $ipv4 = long2ip( ip2long( $_SERVER['REMOTE_ADDR'] ) & 0xFFFFFF00 );
+        } else {
+            $ipv4 = $_SERVER['REMOTE_ADDR'];
+        }
+
         $wpdb->insert(
             $wpdb->base_prefix . 'qwall_monitor',
@@ -117 +176 @@
                 'date_time'     => current_time( 'mysql' ),
                 'date_time_gmt' => current_time( 'mysql', 1 ),
-                'ipv4'          => sprintf( '%u', ip2long( $_SERVER['REMOTE_ADDR'] ) ),
-                'agent'         => $_SERVER['HTTP_USER_AGENT'],
+                'ipv4'          => sprintf( '%u', ip2long( $ipv4 ) ),
+                'agent'         => $user_agent,
                 'filter_group'  => $filter_group,
                 'filter_match'  => $filter_match,
@@ -127 +186 @@
 }
 
+QWall_DIC::set( 'firewall', new QWall_Firewall() );
+
 endif;

querywall/trunk/core/class-qwall-monitor.php

@@ -85 +85 @@
                 return '<span title="' . $item['date_time'] . '">' . human_time_diff( $item['time_stamp'], current_time( 'timestamp' ) ) . ' ago';
             case 'ipv4':
-                return long2ip( $item[ $column_name ] );
+
+                $ipv4 = long2ip( $item[ $column_name ] );
+                
+                if ( substr( $ipv4, -2 ) == '.0' ) {
+                    $ipv4 = substr_replace( $ipv4, '***', -1 );
+                }
+
+                return $ipv4;
+
             case 'filter_input':
                 return preg_replace( '/' . preg_quote( $item['filter_match'], '/' ) . '/i', '<strong>\\0</strong>', $item['filter_input'] );

querywall/trunk/core/class-qwall-notice.php

@@ -42 +42 @@
         }
 
-        add_action( 'admin_notices', array( $this, 'render_admin_notice' ) );
+        add_action( 'admin_notices', array( $this, 'display_admin_notice' ) );
     }
 
@@ -51 +51 @@
      * @return void
      */
-    public function render_admin_notice() {
+    public function display_admin_notice() {
         ?>
         <div class="<?php echo implode( ' ', $this->css_classes ); ?>">

querywall/trunk/core/class-qwall-setup.php

@@ -41 +41 @@
      */
     public static function on_uninstall() {
+
+        self::remove_options();
         self::remove_database_tables();
         self::remove_scheduled_events();
@@ -119 +121 @@
 
     /**
+     * Remove plugin options
+     *
+     * @since 1.0.7
+     * @return void
+     */
+    private static function remove_options() {
+
+        QWall_DIC::get( 'settings' )->delete( 'settings' );
+    }
+
+    /**
      * Make sure plugin loads first
      *

querywall/trunk/querywall.php

@@ -6 +6 @@
  * Tags: firewall, security, protect, block, antivirus, defender, malicious, request, query, blacklist, url, eval, base64, hack, attack, brute force, infection, injection, malware, botnet, backdoor, web application firewall, xss, website security, wordpress security, secure, prevention, protection, trojan, virus, xss, waf, security audit, querywall, bbq, block bad queries, ninjafirewall, wordfence, bulletproof security, ithemes security, better wp security, sucuri, vaultpress, simple firewall
  * Usage: No configuration needed, just activate it.
- * Version: 1.0.6
+ * Version: 1.0.7
  * Author: 4ley
  * Author URI: https://github.com/4ley/querywall

querywall/trunk/readme.txt

@@ -25 +25 @@
 * Upload, activate, ready and done
 * Works in background
-* Identifies and forbids a wide range of malicious queries including [5G/6G Blacklist](https://perishablepress.com/6g-beta/)
+* Identifies and forbids a wide range of malicious queries
 
 **Contribution / Social**
@@ -46 +46 @@
 
 == Changelog ==
+
+= 1.0.7 =
+
+* Options added: Disable for logged in users, Anonymize IP addresses, Server status code, Redirect URL, Server response
+
+= 1.0.6 =
+
+* Minor fixes
 
 = 1.0.5 =