plugin_name = $plugin_name; $this->version = $version; } public function get_plugin_name() { return $this->plugin_name; } public function add_submenu_page() { add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads ', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page')); } public function render_settings_page() { require plugin_dir_path(__FILE__) . 'views/' . $this->plugin_name . '-admin-settings-page.php'; } public function enqueue_styles() { wp_enqueue_style($this->plugin_name, plugin_dir_url(__FILE__) . 'assets/css/protect-uploads-admin.css', array(), $this->version, 'all'); } public function add_settings_link($links) { $settings_link = '' . __('Settings') . ''; array_unshift($links, $settings_link); return $links; } public function get_uploads_dir() { $uploads_dir = wp_upload_dir(); return $uploads_dir['basedir']; } public function get_uploads_url() { $uploads_dir = wp_upload_dir(); return $uploads_dir['baseurl']; } public function get_uploads_subdirectories() { $directories = scandir(self::get_uploads_dir()); $subs = array(self::get_uploads_dir()); foreach ($directories as $directory) { if (is_dir(self::get_uploads_dir() . '/' . $directory) && !preg_match('/^\.*$/', $directory)) { $subs[] = self::get_uploads_dir() . '/' . $directory; $subDirectories = scandir(self::get_uploads_dir() . '/' . $directory); foreach ($subDirectories as $subDirectory) { if (is_dir(self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory) && !preg_match('/^\.*$/', $subDirectory)) $subs[] = self::get_uploads_dir() . '/' . $directory . '/' . $subDirectory; } } } return $subs; } public function save_form($form) { if ($form['protection'] == 'index_php') { $this->create_index(); } if ($form['protection'] == 'htaccess') { $this->create_htaccess(); } if ($form['protection'] == 'remove') { $this->remove_index(); $this->remove_htaccess(); } } // used to check if the current htaccess has been generated by the plugin public function get_htaccess_identifier() { return "[plugin_name=" . $this->plugin_name . "]"; } public function create_index() { // check if index php does not exists if (self::check_protective_file('index.php') === false) { $indexContent = "get_plugin_name() . " Plugin\n"; $htaccessContent .= "\tOptions -Indexes\n"; $htaccessContent .= "# [date={$date}] [php={$phpv}] " . self::get_htaccess_identifier() . " [version={$this->version}]\n"; $htaccessContent .= "# END " . $this->get_plugin_name() . " Plugin\n"; // if htaccess does NOT exist yet if (self::check_protective_file('.htaccess') === false) { // try to create and save the new htaccess file if (!file_put_contents(self::get_uploads_dir() . '/' . '.htaccess', $htaccessContent)) { self::register_message('Impossible to create or modified the htaccess file.', 'error'); } else { self::register_message('The htaccess file has been created.'); } } else { // if content added to existing htaccess if (file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, FILE_APPEND | LOCK_EX)) { self::register_message('The htaccess file has been updated.'); } else { self::register_message('The existing htaccess file couldn\'t be updated. Please check file permissions.', 'error'); } } } public function remove_index() { $i = 0; foreach (self::get_uploads_subdirectories() as $subDirectory) { if (file_exists($subDirectory . '/index.php')) { unlink($subDirectory . '/index.php'); $i++; } } if ($i == count(self::get_uploads_subdirectories())) { self::register_message('The index.php file(s) have(has) been deleted.'); } } public function remove_htaccess() { if (file_exists(self::get_uploads_dir() . '/.htaccess')) { $htaccessContent = file_get_contents(self::get_uploads_dir() . '/.htaccess'); $htaccessContent = preg_replace('/(# BEGIN protect-uploads Plugin)(.*?)(# END protect-uploads Plugin)/is', '', $htaccessContent); file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, LOCK_EX); // if htaccess is empty, we remove it. if (strlen(preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "", file_get_contents(self::get_uploads_dir() . '/.htaccess'))) == 0) { unlink(self::get_uploads_dir() . '/.htaccess'); } // self::register_message('The htaccess file has been updated.'); } } public function get_protective_files_array() { $uploads_files = ['index.php', 'index.html', '.htaccess']; $response = []; foreach ($uploads_files as $file) { if (file_exists(self::get_uploads_dir() . '/' . $file)) { $response[] = $file; } } return $response; } public function check_protective_file($file) { if (in_array($file, self::get_protective_files_array())) { return true; } else { return false; } } public function get_uploads_root_response_code() { $uploads_headers = get_headers(self::get_uploads_url() . '/'); $response = null; if (is_array($uploads_headers)) { if (preg_match('/200/', $uploads_headers[0])) $response = 200; if (preg_match('/403/', $uploads_headers[0])) $response = 403; } return $response; } public function get_htaccess_content() { return file_get_contents(self::get_uploads_dir() . '/.htaccess'); } public function check_htaccess_is_self_generated() { if (self::check_protective_file('.htaccess') && preg_match('/' . self::get_htaccess_identifier() . '/', self::get_htaccess_content())) { return true; } else { return false; } } // heart? <3 public function check_uploads_is_protected() { foreach (self::get_protective_files_array() as $file) { if ($file === 'index.html') { return true; break; } if ($file === 'index.php') { return true; break; } if ($file === '.htaccess' && self::get_uploads_root_response_code() === 200) { return false; break; } } if (self::get_uploads_root_response_code() === 403) { return true; } else { return false; } } public function check_protective_file_removable() { if( self::check_protective_file('index.html') ) { return false; } elseif( self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403 ) { return false; } else { return true; } } public function get_uploads_protection_message_array() { $response = []; foreach (self::get_protective_files_array() as $file) { if ($file === '.htaccess' && self::get_uploads_root_response_code() === 403) { $response[] = ' ' . __('.htaccess file is present and access to uploads directory returns 403 code.', $this->plugin_name); } if ($file === 'index.php') { $response[] = ' ' . __('index.php file is present.', $this->plugin_name); } if ($file === 'index.html') { $response[] = ' ' . __('index.html file is present.', $this->plugin_name); } } if (self::check_protective_file('.htaccess') === true && self::get_uploads_root_response_code() === 200) { $response[] = ' ' . __('.htaccess file is present but not protecting uploads directory.', $this->plugin_name); } if (self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403) { $response[] = ' ' . __('Access to uploads directory is protected (403) with a global .htaccess or another global declaration.', $this->plugin_name); } return $response; } public function check_apache() { if (!function_exists('apache_get_modules')) { self::register_message('The Protect Uploads plugin cannot work without Apache. Yourself or your web host has to activate this module.'); } } public function register_message($message, $type = 'updated', $id = 0) { $this->messages['apache'][] = array( 'message' => __($message, $this->plugin_name), 'type' => $type, 'id' => $id ); } public function display_messages() { foreach ($this->messages as $name => $messages) { foreach ($messages as $message) { return '

' . $message['message'] . '

'; } } } }