/wp-content/plugins/bulletproof-security/admin/includes/admin.php

https://bitbucket.org/adatux_/uakami · PHP · 164 lines · 111 code · 29 blank · 24 comment · 10 complexity · 187c566033768ea558a2f449a10fb367 MD5 · raw file 

    

  1. <?php
    2. 

  2. // Direct calls to this file are Forbidden when core files are not present
    3. 

  3. if (!function_exists ('add_action')) {
    4. 

  4. 		header('Status: 403 Forbidden');
    5. 

  5. 		header('HTTP/1.1 403 Forbidden');
    6. 

  6. 		exit();
    7. 

  7. }
    8. 

  8. 

  9. function bulletproof_security_admin_init() {
    10. 

  10. 	// whitelist BPS DB options 
    11. 

  11. 	register_setting('bulletproof_security_options', 'bulletproof_security_options', 'bulletproof_security_options_validate');
    12. 

  12. 	register_setting('bulletproof_security_options_autolock', 'bulletproof_security_options_autolock', 'bulletproof_security_options_validate_autolock');
    13. 

  13. 	register_setting('bulletproof_security_options_customcode', 'bulletproof_security_options_customcode', 'bulletproof_security_options_validate_customcode');
    14. 

  14. 	register_setting('bulletproof_security_options_customcode_WPA', 'bulletproof_security_options_customcode_WPA', 'bulletproof_security_options_validate_customcode_WPA');
    15. 

  15. 	register_setting('bulletproof_security_options_mynotes', 'bulletproof_security_options_mynotes', 'bulletproof_security_options_validate_mynotes');
    16. 

  16. 	register_setting('bulletproof_security_options_maint', 'bulletproof_security_options_maint', 'bulletproof_security_options_validate_maint');
    17. 

  17. 			
    18. 

  18. 	// Register BPS js
    19. 

  19. 	wp_register_script( 'bps-js', plugins_url('/bulletproof-security/admin/js/bulletproof-security-admin.js'));
    20. 

  20. 				
    21. 

  21. 	// Register BPS stylesheet
    22. 

  22. 	wp_register_style('bps-css', plugins_url('/bulletproof-security/admin/css/bulletproof-security-admin-blue.css'));
    23. 

  23. 

  24. 	// Create BPS Backup Folder structure - suppressing errors on activation - errors displayed in HUD
    25. 

  25. 	if( !is_dir (WP_CONTENT_DIR . '/bps-backup')) {
    26. 

  26. 		@mkdir (WP_CONTENT_DIR . '/bps-backup/master-backups', 0755, true);
    27. 

  27. 		@chmod (WP_CONTENT_DIR . '/bps-backup/', 0755);
    28. 

  28. 		@chmod (WP_CONTENT_DIR . '/bps-backup/master-backups/', 0755);
    29. 

  29. 	}
    30. 

  30. 	
    31. 

  31. 	// Create the BPS Backup folder Deny all .htaccess file - recursive will protect all /bps-backup subfolders
    32. 

  32. 	$bps_denyall_htaccess = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/deny-all.htaccess';
    33. 

  33. 	$bps_ARHtaccess = WP_CONTENT_DIR . '/bps-backup/.htaccess';
    34. 

  34. 	
    35. 

  35. 	if (!file_exists($bps_ARHtaccess)) {
    36. 

  36. 	@copy($bps_denyall_htaccess, $bps_ARHtaccess);
    37. 

  37. 	}
    38. 

  38. 

  39. 	// Create logs folder
    40. 

  40. 	if( !is_dir (WP_CONTENT_DIR . '/bps-backup/logs')) {
    41. 

  41. 		@mkdir (WP_CONTENT_DIR . '/bps-backup/logs', 0755, true);
    42. 

  42. 		@chmod (WP_CONTENT_DIR . '/bps-backup/logs/', 0755);
    43. 

  43. 	}
    44. 

  44. 

  45. 	// Create the Security / HTTP error log in /logs
    46. 

  46. 	$bpsProLog = WP_PLUGIN_DIR . '/bulletproof-security/admin/htaccess/http_error_log.txt';
    47. 

  47. 	$bpsProLogARQ = WP_CONTENT_DIR . '/bps-backup/logs/http_error_log.txt';
    48. 

  48. 	if (!file_exists($bpsProLogARQ)) {
    49. 

  49. 	@copy($bpsProLog, $bpsProLogARQ);
    50. 

  50. 	}	
    51. 

  51. 

  52. 	// Load scripts and styles only on BPS specified pages
    53. 

  53. 	add_action('load-bulletproof-security/admin/options.php', 'bulletproof_security_load_settings_page');
    54. 

  54. 

  55. }
    56. 

  56. 

  57. // BPS Menu
    58. 

  58. function bulletproof_security_admin_menu() {
    59. 

  59. 	if (is_multisite() && !is_super_admin()) {
    60. 

  60. 		$bpsSuperAdminsError = 'Only Super Admins can access BPS';
    61. 

  61.   		return $bpsSuperAdminsError;
    62. 

  62. 		} else {
    63. 

  63. 	//if (function_exists('add_menu_page')){
    64. 

  64. 	add_menu_page(__('BulletProof Security ~ htaccess Core', 'bulletproof-security'), __('BPS Security', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/options.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png'));
    65. 

  65. 	add_submenu_page('bulletproof-security/admin/options.php', __('BulletProof Security ~ htaccess Core', 'bulletproof-security'), __('BPS Settings', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/options.php' );
    66. 

  66. }}
    67. 

  67. 

  68. // Loads Settings for H-Core and P-Security
    69. 

  69. // Enqueue BPS scripts and styles
    70. 

  70. function bulletproof_security_load_settings_page() {
    71. 

  71. 	global $bulletproof_security;
    72. 

  72. 	wp_enqueue_script('jquery');
    73. 

  73. 	wp_enqueue_script('jquery-ui-tabs');
    74. 

  74. 	wp_enqueue_script('jquery-ui-dialog');
    75. 

  75. 	wp_enqueue_script('jquery-form');
    76. 

  76. 	//wp_enqueue_script('swfobject');
    77. 

  77. 	wp_enqueue_script('bps-js');
    78. 

  78. 	  	
    79. 

  79. 	// Engueue BPS stylesheet
    80. 

  80. 	wp_enqueue_style('bps-css', plugins_url('/bulletproof-security/admin/css/bulletproof-security-admin-blue.css'));
    81. 

  81. }
    82. 

  82. 

  83. function bulletproof_security_install() {
    84. 

  84. 	global $bulletproof_security;
    85. 

  85. 	$previous_install = get_option('bulletproof_security_options');
    86. 

  86. 	if ( $previous_install ) {
    87. 

  87. 	if ( version_compare($previous_install['version'], '.48', '<') )
    88. 

  88. 	remove_role('denied');
    89. 

  89. 	}
    90. 

  90. }
    91. 

  91. 

  92. // Deactivation - remove/delete nothing at this point
    93. 

  93. function bulletproof_security_deactivation() {
    94. 

  94. // nothing needs to removed on deactivation for now
    95. 

  95. }
    96. 

  96. 

  97. // Uninstall - do not unlink .htaccess files on uninstall to prevent catastrophic user errors
    98. 

  98. function bulletproof_security_uninstall() {
    99. 

  99. 	require_once( ABSPATH . 'wp-admin/includes/plugin.php');
    100. 

  100. 	$options = get_option('bulletproof_security_options');
    101. 

  101. 	delete_option('bulletproof_security_options');
    102. 

  102. 	delete_option('bulletproof_security_options_customcode');
    103. 

  103. 	delete_option('bulletproof_security_options_customcode_WPA');
    104. 

  104. 	delete_option('bulletproof_security_options_maint');
    105. 

  105. 	delete_option('bulletproof_security_options_mynotes');
    106. 

  106. 	delete_option('bulletproof_security_options_autolock');
    107. 

  107. }
    108. 

  108. 

  109. // Validate BPS options 
    110. 

  110. function bulletproof_security_options_validate($input) {  
    111. 

  111. 	$options = get_option('bulletproof_security_options');  
    112. 

  112. 	$options['bps_blank'] = wp_filter_nohtml_kses($input['bps_blank']);
    113. 

  113. 			
    114. 

  114. 	return $options;  
    115. 

  115. }
    116. 

  116. 

  117. // Validate BPS options - Maintenance Mode Form 
    118. 

  118. function bulletproof_security_options_validate_maint($input) {  
    119. 

  119. 	$options = get_option('bulletproof_security_options_maint');  
    120. 

  120. 	$options['bps-site-title'] = wp_filter_nohtml_kses($input['bps-site-title']);
    121. 

  121. 	$options['bps-message-1'] = wp_filter_nohtml_kses($input['bps-message-1']);
    122. 

  122. 	$options['bps-message-2'] = wp_filter_nohtml_kses($input['bps-message-2']);
    123. 

  123. 	$options['bps-retry-after'] = wp_filter_nohtml_kses($input['bps-retry-after']);
    124. 

  124. 	$options['bps-background-image'] = wp_filter_nohtml_kses($input['bps-background-image']);
    125. 

  125. 		
    126. 

  126. 	return $options;  
    127. 

  127. }
    128. 

  128. 

  129. // Validate BPS options - Options.php - Edit/Uploads/Downloads page - Root .htaccess file AutoLock 
    130. 

  130. function bulletproof_security_options_validate_autolock($input) {  
    131. 

  131. 	$options = get_option('bulletproof_security_options_autolock');  
    132. 

  132. 	$options['bps_root_htaccess_autolock'] = wp_filter_nohtml_kses($input['bps_root_htaccess_autolock']);
    133. 

  133. 		
    134. 

  134. 	return $options;  
    135. 

  135. }
    136. 

  136. 

  137. // Validate BPS options - BPS Custom Code - Root .htaccess
    138. 

  138. function bulletproof_security_options_validate_customcode($input) {  
    139. 

  139. 	$options = get_option('bulletproof_security_options_customcode');  
    140. 

  140. 	$options['bps_customcode_one'] = esc_html($input['bps_customcode_one']);
    141. 

  141. 	$options['bps_customcode_two'] = esc_html($input['bps_customcode_two']);
    142. 

  142. 	$options['bps_customcode_three'] = esc_html($input['bps_customcode_three']);
    143. 

  143. 		
    144. 

  144. 	return $options;  
    145. 

  145. }
    146. 

  146. 

  147. // Validate BPS options - BPS Custom Code - WP-admin .htaccess
    148. 

  148. function bulletproof_security_options_validate_customcode_WPA($input) {  
    149. 

  149. 	$options = get_option('bulletproof_security_options_customcode_WPA');  
    150. 

  150. 	$options['bps_customcode_one_wpa'] = esc_html($input['bps_customcode_one_wpa']);
    151. 

  151. 	$options['bps_customcode_two_wpa'] = esc_html($input['bps_customcode_two_wpa']);
    152. 

  152. 		
    153. 

  153. 	return $options;  
    154. 

  154. }
    155. 

  155. 

  156. // Validate BPS options - BPS "My Notes" settings 
    157. 

  157. function bulletproof_security_options_validate_mynotes($input) {  
    158. 

  158. 	$options = get_option('bulletproof_security_options_mynotes');  
    159. 

  159. 	$options['bps_my_notes'] = esc_html($input['bps_my_notes']);
    160. 

  160. 		
    161. 

  161. 	return $options;  
    162. 

  162. }
    163. 

  163. 

  164. ?>
    165.