files_and_dirs_to_check = array( array('name'=>'root directory','path'=>ABSPATH,'permissions'=>'0755'), array('name'=>'wp-includes/','path'=>ABSPATH."wp-includes",'permissions'=>'0755'), array('name'=>'.htaccess','path'=>ABSPATH.".htaccess",'permissions'=>'0644'), array('name'=>'wp-admin/index.php','path'=>ABSPATH."wp-admin/index.php",'permissions'=>'0644'), array('name'=>'wp-admin/js/','path'=>ABSPATH."wp-admin/js/",'permissions'=>'0755'), array('name'=>'wp-content/themes/','path'=>ABSPATH."wp-content/themes",'permissions'=>'0755'), array('name'=>'wp-content/plugins/','path'=>ABSPATH."wp-content/plugins",'permissions'=>'0755'), array('name'=>'wp-admin/','path'=>ABSPATH."wp-admin",'permissions'=>'0755'), array('name'=>'wp-content/','path'=>ABSPATH."wp-content",'permissions'=>'0755'), array('name'=>'wp-config.php','path'=>ABSPATH."wp-config.php",'permissions'=>'0644') //Add as many files or dirs as needed by following the convention above ); } static function write_content_to_file($file_path, $new_contents) { @chmod($file_path, 0777); if (is_writeable($file_path)) { $handle = fopen($file_path, 'w'); foreach( $new_contents as $line ) { fwrite($handle, $line); } fclose($handle); @chmod($file_path, 0644); //Let's change the file back to a secure permission setting return true; } else { return false; } } static function backup_a_file($src_file_path, $suffix = 'backup') { $backup_file_path = $src_file_path . '.' . $suffix; if (!copy($src_file_path, $backup_file_path)) { //Failed to make a backup copy return false; } return true; } //Function which reads entire contents of a file and stores serialized contents into our global_meta table static function backup_file_contents_to_db($src_file_path, $key_description) { global $wpdb, $aio_wp_security; $file_contents = AIOWPSecurity_Utility_File::get_file_contents($src_file_path); $payload = serialize($file_contents); $date_time = current_time('mysql'); $data = array('date_time' => $date_time, 'meta_key1' => $key_description, 'meta_value2' => $payload); //First check if a backup entry already exists in the global_meta table $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA; $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = '$key_description'", OBJECT); if($resultset){ $where = array('meta_key1' => $key_description); $res = $wpdb->update($aiowps_global_meta_tbl_name, $data, $where); }else{ $res = $wpdb->insert($aiowps_global_meta_tbl_name, $data); } if($res === false) { $aio_wp_security->debug_logger->log_debug("AIOWPSecurity_Utility_File::backup_file_contents_to_db() - Unable to write entry to DB",4); } return; } static function recursive_file_search($pattern='*', $flags = 0, $path='') { $paths=glob($path.'*', GLOB_MARK|GLOB_ONLYDIR|GLOB_NOSORT); if ($paths === FALSE){ return FALSE; } $files=glob($path.$pattern, $flags); if ($files === FALSE){ return FALSE; } foreach ($paths as $path) { $files=array_merge($files,AIOWPSecurity_Utility_File::recursive_file_search($pattern, $flags, $path)); } return $files; } /* * Useful when wanting to echo file contents to screen with
tags */ static function get_file_contents_with_br($src_file) { $file_contents = file_get_contents($src_file); return nl2br($file_contents); } /* * Useful when wanting to echo file contents inside textarea */ static function get_file_contents($src_file) { $file_contents = file_get_contents($src_file); return $file_contents; } /* * Returns the file's permission value eg, "0755" */ static function get_file_permission($filepath) { if (!function_exists('fileperms')) { $perms = '-1'; } else { clearstatcache(); $perms = substr(sprintf("%o", @fileperms($filepath)), -4); } return $perms; } /* * Checks if a write operation is possible for the file in question */ static function is_file_writable($filepath) { $test_string = ""; //We will attempt to append an empty string at the end of the file for the test $write_result = @file_put_contents($filepath, $test_string, FILE_APPEND | LOCK_EX); if ($write_result === false) { return false; } else { return true; } } static function download_a_file_option1($file_path, $file_name = '') { $file = $file_path;//Full ABS path to the file if(empty($file_name)){$file_name = basename($file);} header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.$file_name); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); //ob_clean(); //flush(); readfile($file); exit; } /* * This function will compare the current permission value for a file or dir with the recommended value. * It will compare the individual "execute", "write" and "read" bits for the "public", "group" and "owner" permissions. * If the permissions for an actual bit value are greater than the recommended value it returns '0' (=less secure) * Otherwise it returns '1' which means it is secure * Accepts permission value parameters in octal, ie, "0777" or "777" */ static function is_file_permission_secure($recommended, $actual) { $result = 1; //initialize return result //Check "public" permissions $public_value_actual = substr($actual,-1,1); //get dec value for actual public permission $public_value_rec = substr($recommended,-1,1); //get dec value for recommended public permission $pva_bin = decbin($public_value_actual); //Convert value to binary $pvr_bin = decbin($public_value_rec); //Convert value to binary //Compare the "executable" bit values for the public actual versus the recommended if (substr($pva_bin,-1,1)<=substr($pvr_bin,-1,1)) { //The "execute" bit is the same or less as the recommended value $result = 1*$result; }else { //The "execute" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "write" bit values for the public actual versus the recommended if (substr($pva_bin,-2,1)<=substr($pvr_bin,-2,1)) { //The "write" bit is the same or less as the recommended value $result = 1*$result; }else { //The "write" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "read" bit values for the public actual versus the recommended if (substr($pva_bin,-3,1)<=substr($pvr_bin,-3,1)) { //The "read" bit is the same or less as the recommended value $result = 1*$result; }else { //The "read" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Check "group" permissions $group_value_actual = substr($actual,-2,1); $group_value_rec = substr($recommended,-2,1); $gva_bin = decbin($group_value_actual); //Convert value to binary $gvr_bin = decbin($group_value_rec); //Convert value to binary //Compare the "executable" bit values for the group actual versus the recommended if (substr($gva_bin,-1,1)<=substr($gvr_bin,-1,1)) { //The "execute" bit is the same or less as the recommended value $result = 1*$result; }else { //The "execute" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "write" bit values for the public actual versus the recommended if (substr($gva_bin,-2,1)<=substr($gvr_bin,-2,1)) { //The "write" bit is the same or less as the recommended value $result = 1*$result; }else { //The "write" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "read" bit values for the public actual versus the recommended if (substr($gva_bin,-3,1)<=substr($gvr_bin,-3,1)) { //The "read" bit is the same or less as the recommended value $result = 1*$result; }else { //The "read" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Check "owner" permissions $owner_value_actual = substr($actual,-3,1); $owner_value_rec = substr($recommended,-3,1); $ova_bin = decbin($owner_value_actual); //Convert value to binary $ovr_bin = decbin($owner_value_rec); //Convert value to binary //Compare the "executable" bit values for the group actual versus the recommended if (substr($ova_bin,-1,1)<=substr($ovr_bin,-1,1)) { //The "execute" bit is the same or less as the recommended value $result = 1*$result; }else { //The "execute" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "write" bit values for the public actual versus the recommended if (substr($ova_bin,-2,1)<=substr($ovr_bin,-2,1)) { //The "write" bit is the same or less as the recommended value $result = 1*$result; }else { //The "write" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } //Compare the "read" bit values for the public actual versus the recommended if (substr($ova_bin,-3,1)<=substr($ovr_bin,-3,1)) { //The "read" bit is the same or less as the recommended value $result = 1*$result; }else { //The "read" bit is switched on for the actual value - meaning it is less secure $result = 0*$result; } return $result; } /* * Checks if a directory exists and creates one if it does not */ static function create_dir($dirpath='') { $res = true; if ($dirpath != '') { //TODO - maybe add some checks to make sure someone is not passing a path with a filename, ie, something which has "." at the end //$path_parts = pathinfo($dirpath); //$dirpath = $path_parts['dirname'] . '/' . $path_parts['basename']; if (!file_exists($dirpath)) { $res = mkdir($dirpath, 0755); } } return $res; } }