Server IP : 52.91.253.208 / Your IP : 3.135.182.221 [ Web Server : Apache System : Linux ip-172-26-9-9 4.19.0-25-cloud-amd64 #1 SMP Debian 4.19.289-1 (2023-07-24) x86_64 User : daemon ( 1) PHP Version : 7.3.18 Disable Function : NONE Domains : 3 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/wp-letsencrypt-ssl-pro/classes/ |
Upload File : |
<?php /** * @package WP Encryption * * @author Go Web Smarty * @copyright Copyright (C) 2019-2020, Go Web Smarty. All Rights Reserved. * @link https://gowebsmarty.com * @since Class available since Release 5.1.7 * */ /** * Mixed content scanner * * @since 5.1.7 */ class WPLE_Scanner { public function __construct() { add_action('wp_ajax_wple_start_scanner', [$this, 'wple_cspro']); add_action('wp_ajax_wple_clearreport', [$this, 'wple_clear_report']); add_action('plugins_loaded', [$this, 'wple_process_reports'], 99999); add_action('wp_ajax_wple_get_scanreports', [$this, 'wple_get_mxresults']); } public function wple_clear_report() { if (!wp_verify_nonce($_POST['nc'], 'wplemixedscanner')) { http_response_code(403); exit('Unauthorized'); } if (is_writable(ABSPATH . '.htaccess')) { $htaccess = file_get_contents(ABSPATH . '.htaccess'); $group = "/#\\s?BEGIN\\s?WP_ENCRYPTION_SCANNER.*?#\\s?END\\s?WP_ENCRYPTION_SCANNER/s"; if (preg_match($group, $htaccess)) { $modhtaccess = preg_replace($group, "", $htaccess); file_put_contents(ABSPATH . '.htaccess', $modhtaccess, LOCK_EX); } } exit(); } public function wple_process_reports() { if (isset($_GET['wpencryption'])) { session_start(); //http_response_code(204); // HTTP 204 No Content if ($_SERVER['HTTP_REFERER'] != site_url('/', 'https')) exit('UNAUTHORIZED'); if (!isset($_SESSION['mxkey']) || $_SESSION['mxkey'] !== $_GET['mxnonce']) { exit('Unauthorized'); } $json_data = file_get_contents('php://input'); if ($json_data = json_decode($json_data)) { if (!empty($json_data)) { foreach ($json_data as $obj) { $reportArray = array(); foreach ($obj as $key => $val) { $reportArray[str_ireplace('-', '_', $key)] = $val; } } $jsn = json_encode($reportArray) . '|'; $_SESSION['wple_mx_reports'] .= $jsn; } } exit(); } } public function wple_cspro() { if (!wp_verify_nonce($_POST['nc'], 'wplemixedscanner')) { http_response_code(403); exit('Unauthorized'); } if (!file_exists(ABSPATH . '.htaccess') || !is_writable(ABSPATH . '.htaccess')) { echo "fail"; exit(); } $basedomain = str_ireplace(array('http://', 'https://'), array('', ''), site_url()); $streamContext = stream_context_create([ 'ssl' => [ 'verify_peer' => true, ], ]); $errorDescription = $errorNumber = ''; $client = @stream_socket_client( "ssl://$basedomain:443", $errorNumber, $errorDescription, 30, STREAM_CLIENT_CONNECT, $streamContext ); if (!$client) { echo 'nossl'; exit(); } session_start(); $_SESSION['wple_mx_reports'] = ''; $mxnonce = wp_create_nonce('wplemxscan'); $_SESSION['mxkey'] = $mxnonce; $reporter = site_url('/?wpencryption=1&mxnonce=' . $mxnonce, 'https'); $rule = '<IfModule mod_headers.c>' . "\n" . ' #<If "%{QUERY_STRING} ^wpencryption">' . "\n" . ' <FilesMatch "\.(php|html)$">' . "\n" . ' #Header set Report-To \'{"max_age": 1800, "group": "wpencryption", "endpoints": [{"url": "https://scanner.wpencryption.com"}]}\'' . "\n" . ' Header set Content-Security-Policy-Report-Only "default-src \'unsafe-inline\' \'unsafe-eval\' https: data:; report-uri ' . $reporter . ';"' . "\n" . ' </FilesMatch>' . "\n" . ' #</If>' . "\n" . ' </IfModule>'; insert_with_markers(ABSPATH . '.htaccess', 'WP_ENCRYPTION_SCANNER', $rule); echo "true"; exit(); } public function wple_get_mxresults() { if (!current_user_can('manage_options')) { exit('unauthorized'); } session_start(); header("Content-type: application/json"); $results = $_SESSION['wple_mx_reports']; if (FALSE == $results || $results == '') { echo json_encode(array()); exit(); } $results = substr($results, 0, -1); $results = explode('|', $results); $final = array(); foreach ($results as $res) { $final[] = json_decode($res, true); } echo json_encode($final); session_destroy(); exit(); } }