Changeset 1808279
- Timestamp:
- 01/24/2018 02:06:25 AM (8 years ago)
- Location:
- security-safe/trunk
- Files:
-
- 3 added
- 14 edited
-
README.txt (modified) (4 diffs)
-
admin/Admin.php (modified) (10 diffs)
-
admin/AdminPage.php (modified) (8 diffs)
-
admin/AdminPageFiles.php (modified) (6 diffs)
-
admin/AdminPageGeneral.php (modified) (3 diffs)
-
common/Plugin.php (modified) (10 diffs)
-
common/Security.php (modified) (7 diffs)
-
css/admin.css (modified) (1 diff)
-
screenshot-1.png (modified) (previous)
-
screenshot-2.png (modified) (previous)
-
screenshot-3.png (modified) (previous)
-
screenshot-4.png (modified) (previous)
-
screenshot-5.png (modified) (previous)
-
screenshot-6.png (added)
-
screenshot-7.png (added)
-
screenshot-8.png (added)
-
security-safe.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
security-safe/trunk/README.txt
r1800788 r1808279 1 1 === Security Safe === 2 2 Contributors: sovstack, cfullsteam 3 Tags: security, wp security, privacy 3 Tags: security, wp security, privacy, security audit, file permissions, brute force login 4 4 Requires at least: 4 5 5 Requires PHP: 5.3 6 Tested up to: 4.9. 16 Tested up to: 4.9.2 7 7 Stable tag: trunk 8 8 … … 18 18 * Enable Automatic Core, Plugin, and Theme Updates 19 19 * Disable Editing Theme Files 20 * Audit Website File Permissions 20 * Audit WordPress File Permissions 21 * Audit All Plugins' File Permissions 22 * Audit Theme File Permissions 23 * Audit Hosting Software Versions 21 24 * Disable Remote Script Execution 22 25 * Make Login Errors Generic … … 25 28 * Disable Password Reset 26 29 * Turn On/Off All Security Policies Easily 27 * Plugin Uses Minimal PHP Memory28 30 29 31 == Installation == … … 37 39 == Screenshots == 38 40 39 1. General Settings 40 2. Privacy Settings 41 3. File Settings 42 4. File Permissions 43 5. User Access 41 1. General Settings - Turn off all security settings temporarily and reset settings. 42 2. Privacy Settings - Hide WordPress version in the source code. 43 3. File Settings - Enable Automatic Updates and disable theme file editing from the admin panel. 44 4. WordPress Base Directory - Validate file permissions and quickly see if there are any suspicious looking files in the base directory. 45 5. Theme Audit - Quickly verify your theme files have secure file permissions. 46 6. Plugins Audit - Verify that all of your plugins have proper file permissions. 47 7. Server Information - Audit PHP version and all modules installed on the server. 48 8. User Access - Make login errors generic, disable password reset, disable the 'remember me' checkbox, disable xml-rpc.php, force local logins to deter brute-force logins. 44 49 45 50 == Changelog == 51 52 = 1.0.3 = 53 * Added Feature: Server software version auditing. 54 * Added Feature: Theme file permissions auditing. 55 * Added Feature: Plugins files permissions auditing. 56 * Bug Fix: Plugin version history was not logging properly. 57 * Bug Fix: Automatic Updates were not running when the settings were selected. 58 * Security: Added Nonce to admin forms. 59 * Security: Removed the absolute path from file permissions auditing. 60 * Improvement: File permissions were expaned to include all files and folders of WordPress base directory. 61 * Improvement: Minor code standardization. 62 * Improvement: Updated all screenshots. 63 * Tested up to: 4.9.2 46 64 47 65 = 1.0.2 = -
security-safe/trunk/admin/Admin.php
r1799945 r1808279 72 72 73 73 // Memory Cleanup 74 unset( $plugin ); 75 unset( $local_page ); 74 unset( $plugin, $local_page ); 76 75 77 76 } // isset() … … 118 117 119 118 // Memory Cleanup 120 unset( $page ); 121 unset( $subpages ); 119 unset( $page, $subpages ); 122 120 123 121 } //admin_menus() … … 204 202 205 203 // Memory Cleanup 206 unset( $title ); 207 unset( $title_lc ); 208 unset( $title_uscore ); 209 unset( $title_hyphen ); 204 unset( $title, $title_lc, $title_uscore, $title_hyphen ); 210 205 211 206 } else { … … 218 213 219 214 // Memory Cleanup 220 unset( $subpages ); 221 unset( $pages ); 215 unset( $subpages, $pages ); 222 216 223 217 } // add_submenu_pages() … … 256 250 257 251 // Memory Cleanup 258 unset( $title_camel ); 259 unset( $class ); 260 unset( $page_settings ); 252 unset( $title_camel, $class, $page_settings ); 261 253 262 254 } else { … … 378 370 379 371 <form method="post" action=""> 372 373 <?php wp_nonce_field( 'security-safe-settings' ); ?> 380 374 381 375 <div class="all-tab-content"> … … 391 385 </form> 392 386 387 <div class="wrap-footer full clear"> 388 389 <hr /> 390 <p><?php echo $plugin['name'] . ' v.' . $plugin['version']; ?>: Need help? Visit the <a href="https://wordpress.org/support/plugin/security-safe" target="_blank">support forum</a>.</p> 391 392 </div> 393 393 </div><!-- .wrap --> 394 394 <?php 395 395 396 396 // Memory Cleanup 397 unset( $page ); 398 unset( $plugin ); 397 unset( $page, $plugin ); 399 398 400 399 } // display_page() … … 439 438 440 439 // Memory Cleanup 441 unset( $html ); 442 unset( $menus ); 443 unset( $m ); 444 unset( $disabled ); 445 unset( $class ); 446 unset( $href ); 447 unset( $active ); 440 unset( $html, $menus, $m, $disabled, $class, $href, $active ); 448 441 449 442 } // display_heading_menu() … … 475 468 476 469 // Memory Cleanup 477 unset( $m ); 478 unset( $message ); 479 unset( $status ); 480 unset( $dismiss ); 470 unset( $m, $message, $status, $dismiss ); 481 471 482 472 } // is_array() … … 513 503 514 504 // Memory Cleanup 515 unset( $message ); 516 unset( $status ); 517 unset( $dismiss ); 518 unset( $class ); 505 unset( $message, $status, $dismiss, $class ); 519 506 520 507 } //admin_notice() -
security-safe/trunk/admin/AdminPage.php
r1799945 r1808279 81 81 82 82 // Memory Cleanup 83 unset( $num ); 84 unset( $t ); 85 unset( $classes ); 86 unset( $html ); 83 unset( $num, $t, $classes, $html ); 87 84 88 85 } // $this->tabs … … 171 168 172 169 // Memory Cleanup 173 unset( $num ); 174 unset( $t ); 175 unset( $classes ); 176 unset( $html ); 170 unset( $num, $t, $classes, $html ); 177 171 178 172 } // $this->tabs … … 202 196 203 197 // Memory Cleanup 204 unset( $title ); 205 unset( $desc ); 198 unset( $title, $desc ); 206 199 207 200 return $html; … … 254 247 255 248 // Memory Cleanup 256 unset( $page_options ); 257 unset( $name ); 258 unset( $slug ); 259 unset( $short_desc ); 260 unset( $long_desc ); 249 unset( $page_options, $name, $slug, $short_desc, $long_desc ); 261 250 262 251 return $html; … … 293 282 294 283 // Memory Cleanup 295 unset( $value ); 296 unset( $label ); 297 unset( $selected ); 284 unset( $value, $label, $selected ); 298 285 299 286 } else { … … 322 309 323 310 // Memory Cleanup 324 unset( $page_options ); 325 unset( $name ); 326 unset( $slug ); 327 unset( $options ); 328 unset( $long_desc ); 311 unset( $page_options, $name, $slug, $options, $long_desc ); 329 312 330 313 return $html; … … 373 356 374 357 // Memory Cleanup 375 unset( $text ); 376 unset( $type ); 377 unset( $value ); 378 unset( $long_desc ); 358 unset( $text, $type, $value, $long_desc ); 379 359 380 360 return $html; … … 416 396 417 397 // Memory Cleanup 418 unset( $text ); 419 unset( $type ); 420 unset( $value ); 421 unset( $classes ); 398 unset( $text, $type, $value, $classes ); 422 399 423 400 return $html; -
security-safe/trunk/admin/AdminPageFiles.php
r1800788 r1808279 34 34 35 35 $this->tabs[] = array( 36 'id' => ' permissions',37 'label' => ' Permissions',38 'title' => ' File Permissions',39 'heading' => ' Leanient file permissions can lead to unauthorized users writing to files.',40 'intro' => ' File permissions can be confusing.Incorrect directory or file permission values can lead to security vulnerabilities or even plugins or themes not functioning properly. If you are not sure what permissions value to set a file or directory to, use the minimum recommended value provided. ',36 'id' => 'core', 37 'label' => 'Core', 38 'title' => 'WordPress Base Directory & Files', 39 'heading' => 'Check to make sure all file permissions have a good or OK status. ', 40 'intro' => 'Incorrect directory or file permission values can lead to security vulnerabilities or even plugins or themes not functioning properly. If you are not sure what permissions value to set a file or directory to, use the minimum recommended value provided. ', 41 41 'classes' => array( 'full' ), 42 'content_callback' => 'tab_ permissions',42 'content_callback' => 'tab_core', 43 43 ); 44 44 45 $this->tabs[] = array( 46 'id' => 'theme', 47 'label' => 'Theme', 48 'title' => 'Theme Audit', 49 'heading' => 'Check to ensure that your theme files have secure permissions.', 50 'intro' => '', 51 'classes' => array( 'full' ), 52 'content_callback' => 'tab_theme', 53 ); 54 55 $this->tabs[] = array( 56 'id' => 'plugins', 57 'label' => 'Plugins', 58 'title' => 'Plugins Audit', 59 'heading' => 'Check to ensure that your plugins have secure permissions.', 60 'intro' => '', 61 'classes' => array( 'full' ), 62 'content_callback' => 'tab_plugins', 63 ); 64 65 $this->tabs[] = array( 66 'id' => 'server', 67 'label' => 'Server', 68 'title' => 'Server Information', 69 'heading' => 'It is your hosting provider\'s job to keep your server up-to-date.', 70 'intro' => 'This table below will help identify the software versions currently on your hosting server. <br>NOTE: System administrators often do server updates once per month. If something is a version behind, then you might be between update cycles or there may be compatibility issues due to version dependencies.', 71 'classes' => array( 'full' ), 72 'content_callback' => 'tab_server', 73 ); 74 45 75 } // set_page() 46 76 47 77 48 78 /** 49 * This populates all the metaboxes for this specific page.79 * This tab displays file settings. 50 80 * @since 0.2.0 51 81 */ 52 82 function tab_settings() { 83 84 global $wp_version; 53 85 54 86 $html = ''; … … 58 90 $html .= $this->form_table( $rows ); 59 91 60 // Wordpress Updates 61 $html .= $this->form_section( 'Automatic WordPress Updates', 'Updates are one of the main culprits to a compromised website. We recommend turning on automatic updates for your site to ensure that security patches are applied quickly.' ); 62 $rows = $this->form_checkbox( $this->settings, 'Core Updates', 'auto_update_core', 'Automatic Core Updates', false ); 63 $rows .= $this->form_checkbox( $this->settings, 'Plugin Updates', 'auto_update_plugin', 'Automatic Plugin Updates', false ); 64 $rows .= $this->form_checkbox( $this->settings, 'Theme Updates', 'auto_update_theme', 'Automatic Theme Updates', false ); 65 $html .= $this->form_table( $rows ); 92 if ( version_compare( $wp_version, '3.7.0') >= 0 && ! defined('AUTOMATIC_UPDATER_DISABLED') ) { 93 94 // Wordpress Updates 95 $rows = ''; 96 $html .= $this->form_section( 'Automatic WordPress Updates', 'Updates are one of the main culprits to a compromised website.' ); 97 98 if ( ! defined('WP_AUTO_UPDATE_CORE') ) { 99 100 $rows .= $this->form_checkbox( $this->settings, 'Dev Core Updates', 'allow_dev_auto_core_updates', 'Automatic Nightly Core Updates', 'Select this option if the site is in development only.' ); 101 $rows .= $this->form_checkbox( $this->settings, 'Major Core Updates', 'allow_major_auto_core_updates', 'Automatic Major Core Updates', 'If you feel very confident in your code, you could automate the major version upgrades. (not recommended in most cases)' ); 102 $rows .= $this->form_checkbox( $this->settings, 'Minor Core Updates', 'allow_minor_auto_core_updates', 'Automatic Minor Core Updates', 'This is enabled by default in WordPress and only includes minor version and security updates.' ); 103 104 } 105 106 $rows .= $this->form_checkbox( $this->settings, 'Plugin Updates', 'auto_update_plugin', 'Automatic Plugin Updates', false ); 107 $rows .= $this->form_checkbox( $this->settings, 'Theme Updates', 'auto_update_theme', 'Automatic Theme Updates', false ); 108 $html .= $this->form_table( $rows ); 109 110 } // version_compare() 66 111 67 112 // File Access … … 82 127 83 128 /** 84 * This populates all the metaboxes for this specific page.85 * @since 0.2.086 */ 87 function tab_ permissions() {129 * This tab displays current and suggested file permissions. 130 * @since 1.0.3 131 */ 132 function tab_core() { 88 133 89 134 // Determine File Structure … … 93 138 $uploads_dir = wp_upload_dir(); 94 139 $uploads_dir = $uploads_dir["basedir"]; 95 $theme_dir = get_template_directory(); 96 $themes_dir = dirname( $theme_dir ); 140 $themes_dir = dirname( get_template_directory() ); 141 142 // Array of Files To Be Checked 143 $paths = array( 144 $uploads_dir, 145 $plugins_dir, 146 $muplugins_dir, 147 $themes_dir, 148 ); 149 150 // Remove Trailing Slash 151 $base = str_replace( '//', '', ABSPATH . '/' ); 152 153 // Get All Files / Folders In Base Directory 154 $base = $this->get_dir_files( $base, false ); 155 156 // Combine File List 157 $paths = array_merge( $base, $paths ); 158 159 // Get Rid of Duplicates 160 $paths = array_unique( $paths ); 161 162 // Memory Cleanup 163 unset( $plugins_dir, $content_dir, $muplugins_dir, $uploads_dir, $themes_dir, $base ); 164 165 return $this->display_permissions_table( $paths ); 166 167 } // tab_core() 168 169 170 /** 171 * This tab displays current and suggested file permissions. 172 * @since 1.0.3 173 */ 174 function tab_theme() { 175 176 return $this->display_permissions_table( $this->get_dir_files( get_template_directory() ) ); 177 178 } // tab_theme() 179 180 181 /** 182 * This tab displays current and suggested file permissions. 183 * @since 1.0.3 184 */ 185 function tab_plugins() { 186 187 $plugins_dir = ( defined( 'WP_PLUGIN_DIR' ) ) ? WP_PLUGIN_DIR : dirname ( dirname( __DIR__ ) ); 188 189 return $this->display_permissions_table( $this->get_dir_files( $plugins_dir ) ); 190 191 } // tab_plugins() 192 193 194 /** 195 * This tab displays software installed on the server. 196 * @since 1.0.3 197 */ 198 function tab_server() { 199 200 // Latest Versions 201 $latest_versions = array(); 202 $latest_versions['PHP'] = array( '7' => '7.2.1', '5.6' => '5.6.33' ); 97 203 98 204 $html = ''; … … 101 207 <table class="file-perm-table wp-list-table striped" cellpadding="10px"> 102 208 <tr> 103 <th>' . __( 'Location', 'security-safe' ) . '</th> 209 <th>' . __( 'Description', 'security-safe' ) . '</th> 210 <th style="width: 250px;">' . __( 'Current Version', 'security-safe' ) . '</th> 211 <th style="width: 250px;">' . __( 'Recommend', 'security-safe' ) . '</th> 212 <th style="width: 70px;">' . __( 'Status', 'security-safe' ) . '</th> 213 </tr>'; 214 215 $versions = array(); 216 217 // PHP Version 218 if( defined('PHP_VERSION') ) { 219 220 $status = ''; 221 $recommend = ''; 222 223 if ( version_compare( PHP_VERSION, $latest_versions['PHP']['7'] ) == 0 ) { 224 225 $status = 'Good'; 226 $recommend = $latest_versions['PHP']['7']; 227 228 } elseif ( version_compare( PHP_VERSION, '7.0.0' ) >= 0 ) { 229 230 $status = 'OK'; 231 $recommend = $latest_versions['PHP']['7']; 232 233 } elseif ( version_compare( PHP_VERSION, $latest_versions['PHP']['5.6'] ) == 0 ) { 234 235 $status = 'Good'; 236 $recommend = $latest_versions['PHP']['5.6']; 237 238 } elseif ( version_compare( PHP_VERSION, '5.6.0' ) >= 0 ) { 239 240 $status = 'OK'; 241 $recommend = $latest_versions['PHP']['5.6']; 242 243 } else { 244 245 $status = 'Bad'; 246 $recommend = $latest_versions['PHP']['5.6']; 247 248 } 249 250 $versions[] = array( 251 'name' => 'PHP', 252 'current' => PHP_VERSION, 253 'recommend' => $recommend, 254 'status' => $status, 255 ); 256 257 } // PHP_VERSION 258 259 // Get All Versions From phpinfo 260 $phpinfo = $this->get_phpinfo(8); 261 262 if ( ! empty( $phpinfo ) ) { 263 264 foreach ( $phpinfo as $name => $section ) { 265 266 foreach ( $section as $key => $val ) { 267 268 if ( strpos( strtolower( $key ), 'version') !== false && strpos( strtolower( $key ), 'php version') === false ) { 269 270 if ( is_array($val) ) { 271 272 $current = $val[0]; 273 274 } elseif ( is_string( $key ) ) { 275 276 $current = $val; 277 278 } // is_array() 279 280 // Remove Duplicate Text 281 $name = $name . ': ' . str_replace( $name, '', $key ); 282 283 $versions[] = array( 284 'name' => $name, 285 'current' => $current, 286 'recommend' => '-', 287 'status' => '-', 288 ); 289 290 } // strpos() 291 292 } // foreach() 293 294 } // foreach() 295 296 } // ! empty() 297 298 // Display All Version 299 foreach ( $versions as $v ) { 300 301 $html .= '<tr>'; 302 $html .= '<td class="check-column">' . __( $v['name'] ) . '</td>'; 303 $html .= '<td class="check-column" style="text-align: center;">' . __( $v['current'], 'security-safe' ) . '</td>'; 304 $html .= '<td class="check-column" style="text-align: center;">' . __( $v['recommend'], 'security-safe' ) . '</td>'; 305 $html .= '<td class="check-column ' . strtolower( $v['status'] ) . '" style="text-align: center;">' . __( $v['status'], 'security-safe' ) . '</td>'; 306 $html .= '</tr>'; 307 308 } // foreach 309 310 // If phpinfo is disabled, display notice 311 if ( empty( $phpinfo ) ) { 312 313 $html .= '<tr><td colspan="4">It seems that the phpinfo() function is disabled. You may need to contact the hosting provider to enable this function for more advanced version details. <a href="http://php.net/manual/en/function.phpinfo.php">See the documentation.</a></td></tr>'; 314 315 } // ! empty() 316 317 $html .= '</table>'; 318 319 // Memory Cleanup 320 unset( $latest_versions, $versions, $status, $recommend, $phpinfo, $name, $section, $key, $val, $current, $v ); 321 322 return $html; 323 324 } // tab_server() 325 326 327 /** 328 * Returns phpinfo as an array 329 * @since 1.0.3 330 */ 331 private function get_phpinfo( $type = 1 ) { 332 333 ob_start(); 334 335 phpinfo( $type ); 336 337 $phpinfo = array(); 338 $pattern = '#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s'; 339 340 if ( preg_match_all( $pattern, ob_get_clean(), $matches, PREG_SET_ORDER)){ 341 342 foreach ( $matches as $m ) { 343 344 if ( strlen( $m[1] ) ) { 345 346 $phpinfo[ $m[1] ] = array(); 347 348 } else { 349 350 $keys = array_keys( $phpinfo ); 351 352 if ( isset( $m[3] ) ) { 353 354 $phpinfo[ end( $keys ) ][ $m[2] ] = ( isset( $m[4] ) ) ? array( $m[3], $m[4] ) : $m[3]; 355 356 } else { 357 358 $phpinfo[ end( $keys ) ][] = $m[2]; 359 360 } // isset() 361 362 } // strlen() 363 364 } // foreach() 365 366 } // preg_match_all() 367 368 // Memory Cleanup 369 unset( $type, $pattern, $matches, $m, $keys ); 370 371 return $phpinfo; 372 373 } // get_phpinfo() 374 375 376 /** 377 * Display all file permissions ina table 378 * @since 1.0.3 379 */ 380 private function display_permissions_table( $paths = false ) { 381 382 $html = ''; 383 384 $html .= ' 385 <table class="file-perm-table wp-list-table striped" cellpadding="10px"> 386 <tr> 387 <th>' . __( 'Relative Location', 'security-safe' ) . '</th> 104 388 <th style="width: 100px;">' . __( 'Type', 'security-safe' ) . '</th> 105 389 <th style="width: 70px;">' . __( 'Current', 'security-safe' ) . '</th> … … 107 391 <th style="width: 70px;">' . __( 'Status', 'security-safe' ) . '</th> 108 392 </tr>'; 393 394 if ( is_array( $paths ) && ! empty ( $paths ) ) { 395 396 foreach ( $paths as $p ) { 397 398 if ( file_exists( $p ) ){ 399 400 // Get File Type 401 $is_dir = is_dir( $p ); 402 403 // Get Details of Path 404 $info = @stat( $p ); 405 $permissions = sprintf( '%o', $info['mode'] ); // Get all info about permissions 406 $current = substr( $permissions, -3 ); // Get current o/g/w permissions 407 $perm = str_split( $current ); // Convert permissions to an array 408 409 // Specific Role Permissions 410 $owner = ( isset( $perm[0] ) ) ? $perm[0] : 0; 411 $group = ( isset( $perm[1] ) ) ? $perm[1] : 0; 412 $world = ( isset( $perm[2] ) ) ? $perm[2] : 0; 413 414 // Determine Directory or File 415 if ( $is_dir ) { 416 417 $type = 'directory'; 418 $rec = '755'; 419 $status = ( $current == $rec ) ? 'Good' : 'OK'; 109 420 110 // Array of Files and type 111 $paths = array( 112 ABSPATH, 113 ABSPATH . '.htaccess', 114 ABSPATH . 'wp-admin', 115 ABSPATH . 'wp-includes', 116 ABSPATH . 'wp-config.php', 117 ABSPATH . 'wp-config-sample.php', 118 $content_dir, 119 $uploads_dir, 120 $plugins_dir, 121 $muplugins_dir, 122 $themes_dir, 123 $theme_dir, 124 ); 125 126 foreach ( $paths as $p ) { 127 128 if ( file_exists( $p ) ){ 129 130 // Get File Type 131 $is_dir = is_dir( $p ); 132 133 // Get Details of Path 134 $info = @stat( $p ); 135 $permissions = sprintf( '%o', $info['mode'] ); // Get all info about permissions 136 $current = substr( $permissions, -3 ); // Get current o/g/w permissions 137 $perm = str_split( $current ); // Convert permissions to an array 138 139 // Specific Role Permissions 140 $owner = ( isset( $perm[0] ) ) ? $perm[0] : 0; 141 $group = ( isset( $perm[1] ) ) ? $perm[1] : 0; 142 $world = ( isset( $perm[2] ) ) ? $perm[2] : 0; 143 144 // Determine Directory or File 145 if ( $is_dir ) { 146 147 $type = 'directory'; 148 $rec = '755'; 149 $status = ( $current == $rec ) ? 'Good' : 'OK'; 421 // Ceiling 422 $status = ( $owner > 7 || $group > 5 || $world > 5 ) ? 'OK' : $status; 423 $status = ( $owner > 7 || $group > 7 || $world > 5 ) ? 'Bad' : $status; 424 425 // Floor 426 $status = ( $owner < 7 || $group < 5 || $world < 0 ) ? 'OK' : $status; 427 428 } else { 429 430 $type = 'file'; 431 $rec = '644'; 432 433 // Secure Permissions for certain files 434 $rec = ( strpos( $p, 'wp-config.php' ) ) ? '600' : $rec; 435 $rec = ( strpos( $p, 'php.ini' ) ) ? '600' : $rec; 436 $rec = ( strpos( $p, 'php.cgi' ) ) ? '711' : $rec; 437 438 if ( $current == $rec ) { 439 440 $status = 'Good'; 441 442 } else { 443 444 // Ceiling 445 $status = ( $owner > 6 || $group > 4 || $world > 4 ) ? 'Bad' : 'OK'; 446 447 // Floor 448 $status = ( $owner < 4 || $group < 0 || $world < 0 ) ? 'Bad' : $status; 449 450 } // $current 451 452 } // $permissions[0] 453 454 $html .= '<tr>'; 455 $html .= '<td class="check-column" >' . str_replace( ABSPATH, '/', $p ) . '</td>'; 456 $html .= '<td class="check-column" style="text-align: center;">' . $type . '</td>'; 457 $html .= '<td class="check-column" style="text-align: center;">' . $owner . $group . $world . '</td>'; 458 $html .= '<td class="check-column" style="text-align: center;">' . $rec . '</td>'; 459 $html .= '<td class="check-column ' . strtolower( $status ) . '" style="text-align: center;">' . $status . '</td>'; 460 $html .= '</tr>'; 461 462 } // file_exists() 463 464 } // foreach() 465 466 } else { 467 468 $html .= '<tr><td colspan="4">Error: There were not any files to check.</td></tr>'; 469 470 } // is_array() 471 472 $html .= '</table>'; 473 474 // Memory Cleanup 475 unset( $paths, $p, $info, $permissions, $perm, $owner, $group, $world, $type, $rec, $status ); 476 477 return $html; 478 479 } // display_permissions_table() 480 481 482 /** 483 * Grabs all the files and folders for a provided directory. It scans in-depth by default. 484 * @since 1.0.3 485 */ 486 private function get_dir_files( $folder, $deep = true ) { 487 488 // Scan All Files In Plugins Directory 489 $files = scandir( $folder ); 490 $results = array(); 491 492 foreach ( $files as $file ) { 493 494 if( in_array( $file, array('.','..') ) ) { 495 496 if ( $file == '.' ) { 497 498 $abspath = $folder . '/'; 499 500 if ( $abspath == ABSPATH ){ 501 $results[] = ABSPATH; 502 } else { 503 $results[] = $folder; 504 } 505 506 } // $file 507 508 } elseif ( is_dir( $folder . '/' . $file ) ) { 509 510 if ( $deep ) { 511 512 //It is a dir; let's scan it 513 $array_results = $this->get_dir_files( $folder . '/' . $file ); 150 514 151 // Ceiling 152 $status = ( $owner > 7 || $group > 5 || $world > 5 ) ? 'Bad' : $status; 153 154 // Floor 155 $status = ( $owner < 7 || $group < 4 || $world < 0 ) ? 'Bad' : $status; 515 foreach ( $array_results as $r ){ 516 $results[] = $r; 517 }// foreach() 156 518 157 519 } else { 158 520 159 $type = 'file'; 160 $rec = '644'; 161 $status = ( $current == $rec ) ? 'Good' : 'OK'; 162 163 // Ceiling 164 $status = ( $owner > 6 || $group > 4 || $world > 4 ) ? 'Bad' : $status; 165 166 // Floor 167 $status = ( $owner < 4 || $group < 4 || $world < 0 ) ? 'Bad' : $status; 168 169 } // $permissions[0] 170 171 $html .= '<tr>'; 172 $html .= '<td class="check-column" >' . $p . '</td>'; 173 $html .= '<td class="check-column" style="text-align: center;">' . $type . '</td>'; 174 $html .= '<td class="check-column" style="text-align: center;">' . $owner . $group . $world . '</td>'; 175 $html .= '<td class="check-column" style="text-align: center;">' . $rec . '</td>'; 176 $html .= '<td class="check-column ' . strtolower( $status ) . '" style="text-align: center;">' . $status . '</td>'; 177 $html .= '</tr>'; 178 179 } // file_exists() 521 // Add folder to list and do not scan it. 522 $results[] = $folder . '/' . $file; 523 524 } // $deep 525 526 } else { 527 //It is a file 528 $results[] = $folder . '/' . $file; 529 } 180 530 181 531 } // foreach() 182 532 183 $html .= '</table>';184 185 533 // Memory Cleanup 186 unset( $plugins_dir ); 187 unset( $content_dir ); 188 unset( $muplugins_dir ); 189 unset( $uploads_dir ); 190 unset( $theme_dir ); 191 unset( $themes_dir ); 192 unset( $paths ); 193 unset( $p ); 194 unset( $info ); 195 unset( $permissions ); 196 unset( $perm ); 197 unset( $owner ); 198 unset( $group ); 199 unset( $world ); 200 unset( $type ); 201 unset( $rec ); 202 unset( $status ); 203 204 return $html; 205 206 } // tab_permissions() 534 unset( $folder, $deep, $files, $file, $abspath, $array_results ); 535 536 return $results; 537 538 } // get_dir_files() 207 539 208 540 -
security-safe/trunk/admin/AdminPageGeneral.php
r1799945 r1808279 24 24 $this->description = 'Thank you for choosing Security Safe to help protect your website.'; 25 25 26 /* // Disbaled For Now27 $this->tabs[] = array(28 'id' => 'start',29 'label' => 'Get Started',30 'title' => 'Quick Start Guide',31 'heading' => 'Quickly configure your site with the options below:',32 'intro' => '',33 'content_callback' => 'tab_start',34 ); */35 36 26 $this->tabs[] = array( 37 27 'id' => 'general', … … 43 33 ); 44 34 45 /*46 $this->tabs[] = array(47 'id' => 'credits',48 'label' => 'Credits',49 'title' => 'Credits',50 'heading' => 'Give credit where credit is due.',51 'intro' => 'This plugin is the result of many coding hours, conversations, and past experiences. We like to give credit to all that have helped this plugin become what it is today.',52 'content_callback' => 'tab_credits',53 ); */54 55 35 } // set_page() 56 57 /**58 * All Start Tab Content59 * @since 0.2.060 * @return $html html61 */62 public function tab_start() {63 64 return; // Disable Functionality65 66 $html = '';67 68 $html .= $this->form_section( 'Preset Settings', false );69 $rows .= $this->form_select( $this->settings, 'Security Level', 'security_level', array('-- Disabled --', 'Minimum', 'Medium', 'Maximum', 'Custom'), 'Minimum should work for all sites. Medium removes remote access and Maximum incorporates all security features. Custom ignores presets and relies on your settings.' );70 $html .= $this->form_table( $rows );71 72 // Memory Cleanup73 unset( $rows );74 75 return $html;76 77 } // tab_start()78 79 36 80 37 /** … … 105 62 106 63 107 /**108 * All Credits Tab Content109 * @since 0.2.0110 * @return $html html111 */112 public function tab_credits() {113 114 $html = '<h3>Contributors</h3>';115 $html .= '<p>These are people that have contributed code to this plugin along its development journey.</p>';116 117 $con = array();118 $con[] = array( 'name' => 'Person 1', 'url' => 'https://sovstack.com', 'gravitar' => '' );119 $con[] = array( 'name' => 'Person 2', 'url' => 'https://sovstack.com', 'gravitar' => '' );120 121 $html .= '<ul class="contributors">';122 123 foreach ( $con as $c ) {124 125 $html .= '<li>' . $c['name'] . '</li>';126 127 } // foreach128 129 $html .= '</ul>';130 131 $inf = array();132 $inf[] = array( 'name' => 'Inf Person 1', 'url' => 'https://sovstack.com', 'gravitar' => '' );133 $inf[] = array( 'name' => 'Inf Person 2', 'url' => 'https://sovstack.com', 'gravitar' => '' );134 135 $html .= '<h3>Influencers</h3>';136 $html .= '<p>These are people that have spent a significant amount of time discussing design, development, and features. Thank you for your valuable input.</p>';137 $html .= '<ul class="influencers">';138 139 foreach( $inf as $i ) {140 141 $html .= '<li>' . $i['name'] . '</li>';142 143 } // foreach144 145 $html .= '</ul>';146 147 // Memory Cleanup148 unset( $con );149 unset( $c );150 unset( $inf );151 unset( $i );152 153 return $html;154 155 } // tab_credits()156 157 158 64 } // AdminPageGeneral() -
security-safe/trunk/common/Plugin.php
r1799945 r1808279 103 103 protected function set_settings( $settings ) { 104 104 105 // Check to see if the posted request is valid 106 if( isset( $_POST ) && ! empty( $POST) ) { 107 108 $valid = check_admin_referer( 'security-safe-settings' ); 109 110 if ( ! $valid ) { die( 'Not A Valid Request!' ); } 111 112 } // isset() 113 105 114 if ( is_array( $settings ) && isset( $settings['plugin']['version'] ) ) { 106 115 … … 161 170 function check_settings() { 162 171 163 // Initially get settings172 // Initially Get Settings 164 173 $this->settings = $this->get_settings(); 165 174 … … 181 190 $this->post_settings( $page_slug ); 182 191 183 } // isset( $_POST )184 185 // Set Back to Default 186 if (192 // Memory Cleanup 193 unset( $page_slug ); 194 195 } elseif ( 187 196 isset( $_GET['page'] ) && 188 197 $_GET['page'] == $this->plugin['slug'] && … … 200 209 $this->reset_settings( true ); 201 210 202 } // ! isset() 211 } else { 212 213 // Check For Upgrades 214 $this->upgrade_settings(); 215 216 } // isset( $_POST ) 203 217 204 218 } //check_settings() … … 215 229 // Keep Plugin Version History 216 230 $plugin_history = ( isset( $this->settings['plugin']['version_history'] ) && $this->settings['plugin']['version_history'] ) ? $this->settings['plugin']['version_history'] : array( $this->plugin['version'] ); 217 218 // Add Plugin Version To History219 if ( in_array( $this->plugin['version'], $plugin_history) ) {220 221 $plugin_history[] = $this->plugin['version'];222 223 } // in_array()224 231 225 232 if ( ! $initial ) { … … 245 252 $files['on'] = '1'; 246 253 $files['DISALLOW_FILE_EDIT'] = '1'; 247 $files['auto_update_core'] = '0'; 254 $files['allow_dev_auto_core_updates'] = '0'; 255 $files['allow_major_auto_core_updates'] = '0'; 256 $files['allow_minor_auto_core_updates'] = '1'; 248 257 $files['auto_update_plugin'] = '0'; 249 258 $files['auto_update_theme'] = '0'; … … 311 320 312 321 // Memory Cleanup 313 unset( $privacy ); 314 unset( $files ); 315 unset( $content ); 316 unset( $access ); 317 unset( $firewall ); 318 unset( $backups ); 319 unset( $general ); 320 unset( $plugin ); 321 unset( $settings ); 322 unset( $result ); 323 unset( $delete ); 324 unset( $plugin_history ); 322 unset( $privacy, $files, $content, $access, $firewall, $backups, $general, $plugin, $settings, $result, $delete, $plugin_history ); 325 323 326 324 } // reset_settings() 327 325 326 /** 327 * Upgrade settings from an older version 328 * @since 1.1.0 329 */ 330 protected function upgrade_settings(){ 331 332 $settings = $this->settings; 333 $upgrade = false; 334 335 // Upgrade Versions 336 if ( $this->plugin['version'] != $settings['plugin']['version'] ) { 337 338 $upgrade = true; 339 340 // Add old version to history 341 $settings['plugin']['version_history'][] = $settings['plugin']['version']; 342 $settings['plugin']['version_history'] = array_unique( $settings['plugin']['version_history'] ); 343 344 // Update DB To New Version 345 $settings['plugin']['version'] = $this->plugin['version']; 346 347 } // $this->plugin['version'] 348 349 // Upgrade to version 1.1.0 350 if ( isset( $settings['files']['auto_update_core'] ) ) { 351 352 $upgrade = true; 353 354 // Remove old setting 355 unset( $settings['files']['auto_update_core'] ); 356 357 if( ! isset( $settings['files']['allow_dev_auto_core_updates'] ) ) { 358 $settings['files']['allow_dev_auto_core_updates'] = '0'; 359 } 360 361 if( ! isset( $settings['files']['allow_major_auto_core_updates'] ) ) { 362 $settings['files']['allow_major_auto_core_updates'] = '0'; 363 } 364 365 if( ! isset( $settings['files']['allow_minor_auto_core_updates'] ) ) { 366 $settings['files']['allow_minor_auto_core_updates'] = '1'; 367 } 368 369 } // $settings['auto_update_core'] 370 371 if ( $upgrade ) { 372 373 $result = $this->set_settings( $settings ); // Update DB 374 375 if ( $result ) { 376 377 $this->messages[] = array( 'Security Safe: Your settings have been upgraded.', 0, 1 ); 378 $this->log( 'Added upgrade success message.' ); 379 380 // Get Settings Again 381 $this->settings = $this->get_settings(); 382 383 } else { 384 385 $this->messages[] = array( 'Security Safe: There was an error upgrading your settings. We would recommend resetting your settings to fix the issue.', 3 ); 386 $this->log( 'Added upgrade error message.' ); 387 388 } // $success 389 390 } // $upgrade 391 392 // Memory Cleanup 393 unset( $settings, $upgrade ); 394 395 } // upgrade_settings() 328 396 329 397 /** … … 422 490 423 491 // Memory Cleanup 424 unset( $new_settings ); 425 unset( $settings ); 426 unset( $options ); 427 unset( $same ); 428 unset( $label ); 429 unset( $value ); 492 unset( $new_settings, $settings, $options, $same, $label, $value ); 430 493 431 494 } else { … … 449 512 450 513 // Memory Cleanup 451 unset( $SecuritySafe);514 unset( $SecuritySafe ); 452 515 453 516 } // shutdown() … … 500 563 501 564 // Memory Cleanup 502 unset( $activity_log_path ); 503 unset( $datestamp ); 504 unset( $message ); 505 unset( $file ); 506 unset( $line ); 507 unset( $activity_log ); 565 unset( $activity_log_path, $datestamp, $message, $file, $line, $activity_log ); 508 566 509 567 } else { -
security-safe/trunk/common/Security.php
r1799945 r1808279 78 78 private function files() { 79 79 80 global $wp_version; 81 80 82 $settings = $this->settings['files']; 81 83 82 if ( $settings['on'] == "1") {84 if ( $settings['on'] == '1' ) { 83 85 84 86 // Disallow Theme File Editing 85 87 $this->add_constant_policy( $settings, 'PolicyDisallowFileEdit', 'DISALLOW_FILE_EDIT', true ); 86 88 87 // Automatic Core Updates 88 $this->add_filter_bool( $settings, 'PolicyUpdatesCore', 'auto_update_core' ); 89 90 // Automatic Plugin Updates 91 $this->add_filter_bool( $settings, 'PolicyUpdatesPlugin', 'auto_update_plugin' ); 92 93 // Automatic Theme Updates 94 $this->add_filter_bool( $settings, 'PolicyUpdatesTheme', 'auto_update_theme' ); 89 // Auto Updates: https://codex.wordpress.org/Configuring_Automatic_Background_Updates 90 if ( version_compare( $wp_version, '3.7.0') >= 0 && ! defined('AUTOMATIC_UPDATER_DISABLED') ) { 91 92 if ( ! defined('WP_AUTO_UPDATE_CORE') ) { 93 94 // Automatic Nightly Core Updates 95 $this->add_filter_bool( $settings, 'PolicyUpdatesCoreDev', 'allow_dev_auto_core_updates' ); 96 97 // Automatic Major Core Updates 98 $this->add_filter_bool( $settings, 'PolicyUpdatesCoreMajor', 'allow_major_auto_core_updates' ); 99 100 // Automatic Minor Core Updates 101 $this->add_filter_bool( $settings, 'PolicyUpdatesCoreMinor', 'allow_minor_auto_core_updates' ); 102 103 } else { 104 105 if ( isset( $_GET['page'] ) && $_GET['page'] == 'security-safe-files' ) { 106 107 $this->messages['files'] = array( 'WordPress Automatic Core Updates are being controlled by the constant WP_AUTO_UPDATE_CORE possibly in the wp-config.php file. Automatic Core Update features disabled in this plugin.', 2, 0 ); 108 109 } // $_GET['page'] 110 111 }// WP_AUTO_UPDATE_CORE 112 113 // Automatic Plugin Updates 114 $this->add_filter_bool( $settings, 'PolicyUpdatesPlugin', 'auto_update_plugin' ); 115 116 // Automatic Theme Updates 117 $this->add_filter_bool( $settings, 'PolicyUpdatesTheme', 'auto_update_theme' ); 118 119 } else { 120 121 if ( defined('AUTOMATIC_UPDATER_DISABLED') ) { 122 123 if ( isset( $_GET['page'] ) && $_GET['page'] == 'security-safe-files' ) { 124 125 $this->messages['files'] = array( 'WordPress Automatic Updates are disabled by the constant AUTOMATIC_UPDATER_DISABLED possibly in the wp-config.php file. Automatic Update features are disabled in this plugin.', 2, 0 ); 126 127 } // $_GET['page'] 128 129 } // AUTOMATIC_UPDATER_DISABLED 130 131 if ( version_compare( $wp_version, '3.7.0') < 0 ) { 132 133 $this->messages['files'] = array( 'You are using WordPress Version ' . $wp_version . '. The WordPress Automatic Updates feature controls require version 3.7 or greater.', 2, 0 ); 134 135 } // version_compare() 136 137 } // version_compare() 95 138 96 139 } else { … … 139 182 140 183 $settings = $this->settings['access']; 141 184 142 185 if ( $settings['on'] == "1" ) { 143 186 … … 237 280 238 281 // Memory Cleanup 239 unset( $settings ); 240 unset( $policy ); 241 unset( $slug ); 282 unset( $settings, $policy, $slug ); 242 283 243 284 } // add_policy() … … 273 314 274 315 // Memory Cleanup 275 unset( $policy ); 276 unset( $slug ); 277 unset( $action ); 278 unset( $type ); 279 unset( $value ); 280 unset( $hook ); 316 unset( $policy, $slug, $action, $type, $value, $hook ); 281 317 282 318 } // add_hook_policy() … … 284 320 285 321 /** 286 * Adds policy constant variable and rthen adds it to the policies list.322 * Adds policy constant variable and then adds it to the policies list. 287 323 * @since 0.2.0 288 324 */ … … 318 354 319 355 // Memory Cleanup 320 unset( $settings ); 321 unset( $policy ); 322 unset( $slug ); 323 unset( $value ); 356 unset( $settings, $policy, $slug, $value ); 324 357 325 358 } // add_constant_policy() … … 332 365 private function add_filter_bool( $settings, $policy, $slug ) { 333 366 334 if( is_array( $settings ) && $policy && $slug ) { 335 336 // Get Value of Setting 337 $value = ( isset( $settings[ $slug ] ) && $settings[ $slug ] ) ? true : false; 338 339 // Add Policy 340 $this->add_hook_policy( $policy . '_' . $value, $slug, 'add', 'filter', $value ); 341 342 } // is_array() 343 344 // Memory Cleanup 345 unset( $settings ); 346 unset( $policy ); 347 unset( $slug ); 348 unset( $value ); 367 // Get Value 368 $value = ( isset( $settings[ $slug ] ) && $settings[ $slug ] == '1' ) ? '__return_true' : '__return_false'; 369 370 // Add Filter 371 add_filter( $slug, $value, 1 ); 372 373 // Add Policy 374 $this->policies[] = $policy . $value; 375 376 // Memory Cleanup 377 unset( $settings, $policy, $slug, $value ); 349 378 350 379 } // add_filter_bool() -
security-safe/trunk/css/admin.css
r1799945 r1808279 238 238 float: right; 239 239 width: 300px; 240 min-height: 300px;241 240 } 242 241 -
security-safe/trunk/security-safe.php
r1800788 r1808279 8 8 /** 9 9 * @package SecuritySafe 10 * @version 1.0. 210 * @version 1.0.3 11 11 */ 12 12 … … 17 17 * Author: Sovereign Stack, LLC 18 18 * Author URI: https://sovstack.com 19 * Version: 1.0. 219 * Version: 1.0.3 20 20 * Text Domain: security-safe 21 21 * Domain Path: /languages … … 41 41 $plugin = array( 42 42 'name' => 'Security Safe', 43 'version' => '1.0. 2',43 'version' => '1.0.3', 44 44 'slug' => 'security-safe', 45 45 'options' => 'securitysafe_options', … … 63 63 64 64 // Memory Cleanup 65 unset( $init ); 66 unset( $plugin ); 65 unset( $init, $plugin ); 67 66 68 67 // Cleanup Plugin Memory
Note: See TracChangeset
for help on using the changeset viewer.