set_translation_strings(); if ( ! empty( $_GET['enable'] ) && ! empty( $_GET['itsec-enable-nonce'] ) && wp_verify_nonce( $_GET['itsec-enable-nonce'], 'itsec-enable-' . $_GET['enable'] ) ) { ITSEC_Modules::activate( $_GET['enable'] ); } require( dirname( __FILE__ ) . '/module-settings.php' ); require( dirname( __FILE__ ) . '/sidebar-widget.php' ); require_once( ITSEC_Core::get_core_dir() . '/lib/form.php' ); do_action( 'itsec-settings-page-init' ); do_action( 'itsec-settings-page-register-modules' ); do_action( 'itsec-settings-page-register-widgets' ); if ( ! empty( $_POST ) && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) ) { $this->handle_post(); } } public static function get_instance() { if ( ! self::$instance ) { self::$instance = new self; } return self::$instance; } public function add_settings_classes( $classes ) { if ( ITSEC_Modules::get_setting( 'global', 'show_error_codes' ) ) { $classes .= ' itsec-show-error-codes'; } if ( ITSEC_Modules::get_setting( 'global', 'write_files' ) ) { $classes .= ' itsec-write-files-enabled'; } else { $classes .= ' itsec-write-files-disabled'; } $classes = trim( $classes ); return $classes; } public function add_scripts() { ITSEC_Lib::enqueue_util(); foreach ( $this->modules as $id => $module ) { $module->enqueue_scripts_and_styles(); } foreach ( $this->widgets as $id => $widget ) { $widget->enqueue_scripts_and_styles(); } $vars = array( 'ajax_action' => 'itsec_settings_page', 'ajax_nonce' => wp_create_nonce( 'itsec-settings-nonce' ), 'show_security_check' => ITSEC_Modules::get_setting( 'global', 'show_security_check' ), 'translations' => $this->translations, ); if ( $vars['show_security_check'] ) { ITSEC_Modules::set_setting( 'global', 'show_security_check', false ); if ( ! empty( $_GET['module'] ) && 'security-check' === $_GET['module'] ) { $vars['show_security_check'] = false; } } wp_enqueue_script( 'itsec-scrollTo', plugins_url( 'js/scrollTo.js', dirname( __FILE__ ) ), array( 'jquery' ) ); wp_enqueue_script( 'itsec-settings-page-script', plugins_url( 'js/settings.js', __FILE__ ), array( 'underscore' ), ITSEC_Core::get_plugin_build(), true ); wp_localize_script( 'itsec-settings-page-script', 'itsec_page', $vars ); } public function add_styles() { wp_enqueue_style( 'itsec-settings-page-style', plugins_url( 'css/style.css', __FILE__ ), array(), ITSEC_Core::get_plugin_build() ); } private function set_translation_strings() { $this->translations = array( 'save_settings' => __( 'Save Settings', 'better-wp-security' ), 'close_settings' => __( 'Close', 'better-wp-security' ), 'show_settings' => __( 'Configure Settings', 'better-wp-security' ), 'hide_settings' => __( 'Hide Settings', 'better-wp-security' ), 'show_description' => __( 'Learn More', 'better-wp-security' ), 'hide_description' => __( 'Hide Details', 'better-wp-security' ), 'show_information' => __( 'Show Details', 'better-wp-security' ), 'activate' => __( 'Enable', 'better-wp-security' ), 'deactivate' => __( 'Disable', 'better-wp-security' ), 'error' => __( 'Error', 'better-wp-security' ), 'dismiss' => __( 'Dismiss Notice', 'better-wp-security' ), // Screen reader text for dismissible notices 'copied' => __( 'Copied!', 'better-wp-security' ), 'copy_instruction' => __( 'Please press Ctrl/Cmd+C to copy.', 'better-wp-security' ), /* translators: 1: module name */ 'successful_save' => __( 'Settings saved successfully for %1$s.', 'better-wp-security' ), ); foreach ( $this->translations as $key => $message ) { if ( is_wp_error( $message ) ) { $messages = ITSEC_Response::get_error_strings( $message ); $this->translations[$key] = $messages[0]; } } } public function handle_ajax_request() { if ( WP_DEBUG ) { ini_set( 'display_errors', 1 ); } ITSEC_Core::set_interactive( true ); $method = ( isset( $_POST['method'] ) && is_string( $_POST['method'] ) ) ? $_POST['method'] : ''; $module = ( isset( $_POST['module'] ) && is_string( $_POST['module'] ) ) ? $_POST['module'] : ''; if ( empty( $GLOBALS['hook_suffix'] ) ) { $GLOBALS['hook_suffix'] = 'toplevel_page_itsec'; } if ( false === check_ajax_referer( 'itsec-settings-nonce', 'nonce', false ) ) { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-failed-nonce', __( 'A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.', 'better-wp-security' ) ) ); } else if ( ! ITSEC_Core::current_user_can_manage() ) { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-insufficient-privileges', __( 'A permissions security check failed, preventing the request from completing as expected. The currently logged in user does not have sufficient permissions to make this request. Please try reloading the page and trying again.', 'better-wp-security' ) ) ); } else if ( empty( $method ) ) { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-missing-method', __( 'The server did not receive a valid request. The required "method" argument is missing. Please try again.', 'better-wp-security' ) ) ); } else if ( 'save' === $method ) { $this->handle_post(); ITSEC_Response::maybe_flag_new_notifications_available(); } else if ( empty( $module ) ) { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-missing-module', __( 'The server did not receive a valid request. The required "module" argument is missing. Please try again.', 'better-wp-security' ) ) ); } else if ( 'activate' === $method ) { $was_active = ITSEC_Modules::activate( $module ); ITSEC_Response::set_response( $was_active ); if ( ! $was_active ) { ITSEC_Modules::load_module_file( 'active.php', $module ); } ITSEC_Response::maybe_flag_new_notifications_available(); } else if ( 'deactivate' === $method ) { ITSEC_Response::set_response( ITSEC_Modules::deactivate( $module ) ); ITSEC_Response::maybe_flag_new_notifications_available(); } else if ( 'is_active' === $method ) { ITSEC_Response::set_response( ITSEC_Modules::is_active( $module ) ); } else if ( 'get_refreshed_module_settings' === $method ) { ITSEC_Response::set_response( $this->get_module_settings( $module ) ); } else if ( 'get_refreshed_widget_settings' === $method ) { ITSEC_Response::set_response( $this->get_widget_settings( $module ) ); } else if ( 'get_refreshed_module_form' === $method ) { $form = new ITSEC_Form(); $this->prepare_modules_and_calculate_filters(); ob_start(); $this->print_modules_form( $form ); ITSEC_Response::set_response( ob_get_clean() ); } else if ( 'handle_module_request' === $method ) { if ( isset( $this->modules[$module] ) ) { if ( isset( $_POST['data'] ) ) { $returned_value = $this->modules[$module]->handle_ajax_request( $_POST['data'] ); if ( ! is_null( $returned_value ) ) { ITSEC_Response::set_response( $returned_value ); } } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-module-request-missing-data', __( 'The server did not receive a valid request. The required "data" argument for the module is missing. Please try again.', 'better-wp-security' ) ) ); } } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-module-request-invalid-module', __( "The server did not receive a valid request. The supplied module, \"$module\", does not exist. Please try again.", 'better-wp-security' ) ) ); } } else if ( 'handle_widget_request' === $method ) { if ( isset( $this->widgets[$module] ) ) { if ( isset( $_POST['data'] ) ) { $this->widgets[$module]->handle_ajax_request( $_POST['data'] ); } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-widget-request-missing-data', __( 'The server did not receive a valid request. The required "data" argument for the widget is missing. Please try again.', 'better-wp-security' ) ) ); } } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-widget-request-invalid-widget', __( "The server did not receive a valid request. The supplied widget, \"$module\", does not exist. Please try again.", 'better-wp-security' ) ) ); } } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-page-unknown-method', __( 'The server did not receive a valid request. An unknown "method" argument was supplied. Please try again.', 'better-wp-security' ) ) ); } ITSEC_Response::send_json(); } public function register_module( $module ) { if ( ! is_object( $module ) || ! is_a( $module, 'ITSEC_Module_Settings_Page' ) ) { trigger_error( 'An invalid module was registered.', E_USER_ERROR ); return; } if ( isset( $this->modules[$module->id] ) ) { trigger_error( "A module with the id of {$module->id} is already registered. Module id's must be unique." ); return; } $this->modules[$module->id] = $module; } public function register_widget( $widget ) { if ( ! is_object( $widget ) || ! is_a( $widget, 'ITSEC_Settings_Page_Sidebar_Widget' ) ) { trigger_error( 'An invalid widget was registered.', E_USER_ERROR ); return; } if ( isset( $this->modules[$widget->id] ) ) { trigger_error( "A widget with the id of {$widget->id} is registered. Widget id's must be unique from any other module or widget." ); return; } if ( isset( $this->widgets[$widget->id] ) ) { trigger_error( "A widget with the id of {$widget->id} is already registered. Widget id's must be unique from any other module or widget." ); return; } $this->widgets[$widget->id] = $widget; } private function handle_post() { if ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) { // Only process the nonce when the request is not an AJAX request as the AJAX handler has its own nonce check. ITSEC_Form::check_nonce( 'itsec-settings-page' ); } $post_data = ITSEC_Form::get_post_data(); $saved = true; $js_function_calls = array(); if ( ! empty( $_POST['widget-id'] ) ) { $id = $_POST['widget-id']; if ( isset( $post_data[$id] ) && isset( $this->widgets[$id] ) ) { $widget = $this->widgets[$id]; $widget->handle_form_post( $post_data[$id] ); } } else { if ( ! empty( $_POST['module'] ) ) { if ( isset( $this->modules[$_POST['module']] ) ) { $modules = array( $_POST['module'] => $this->modules[$_POST['module']] ); } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-save-unrecognized-module', sprintf( __( 'The supplied module (%s) is not recognized. The module settings could not be saved.', 'better-wp-security' ), $_POST['module'] ) ) ); $modules = array(); } } else { $modules = $this->modules; } foreach ( $modules as $id => $module ) { if ( isset( $post_data[$id] ) ) { $results = $module->handle_form_post( $post_data[$id] ); } } if ( ITSEC_Response::is_success() ) { if ( ITSEC_Response::get_show_default_success_message() ) { ITSEC_Response::add_message( __( 'The settings saved successfully.', 'better-wp-security' ) ); } } else { if ( ITSEC_Response::get_show_default_error_message() ) { $error_count = ITSEC_Response::get_error_count(); if ( $error_count > 0 ) { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-data-not-saved', _n( 'The settings could not be saved. Please correct the error above and try again.', 'The settings could not be saved. Please correct the errors above and try again.', $error_count, 'better-wp-security' ) ) ); } else { ITSEC_Response::add_error( new WP_Error( 'itsec-settings-data-not-saved-missing-error', __( 'The settings could not be saved. Due to an unknown error. Please try refreshing the page and trying again.', 'better-wp-security' ) ) ); } } } } if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { return; } ITSEC_Response::maybe_flag_new_notifications_available(); ITSEC_Response::maybe_regenerate_wp_config(); ITSEC_Response::maybe_regenerate_server_config(); ITSEC_Response::maybe_do_force_logout(); ITSEC_Response::maybe_do_redirect(); } public function handle_page_load( $self_url ) { $this->self_url = $self_url; $this->show_settings_page(); } private function get_module_settings( $id, $form = false, $echo = false ) { if ( ! isset( $this->modules[$id] ) ) { $error = new WP_Error( 'itsec-settings-page-get-module-settings-invalid-id', sprintf( __( 'The requested module (%s) does not exist. Settings for it cannot be rendered.', 'better-wp-security' ), $id ) ); if ( $echo ) { ITSEC_Lib::show_error_message( $error ); } else { return $error; } } if ( false === $form ) { $form = new ITSEC_Form(); } $module = $this->modules[$id]; $form->add_input_group( $id ); $form->set_defaults( $module->get_settings() ); if ( ! $echo ) { ob_start(); } $module->render( $form ); $form->remove_all_input_groups(); if ( ! $echo ) { return ob_get_clean(); } } private function get_widget_settings( $id, $form = false, $echo = false ) { if ( ! isset( $this->widgets[$id] ) ) { $error = new WP_Error( 'itsec-settings-page-get-widget-settings-invalid-id', sprintf( __( 'The requested widget (%s) does not exist. Settings for it cannot be rendered.', 'better-wp-security' ), $id ) ); if ( $echo ) { ITSEC_Lib::show_error_message( $error ); } else { return $error; } } if ( false === $form ) { $form = new ITSEC_Form(); } $widget = $this->widgets[$id]; $form->add_input_group( $id ); $form->set_defaults( $widget->get_defaults() ); if ( ! $echo ) { ob_start(); } $widget->render( $form ); $form->remove_all_input_groups(); if ( ! $echo ) { return ob_get_clean(); } } private function prepare_modules_and_calculate_filters() { $module_filters = array( 'all' => array( _x( 'All', 'List all modules', 'better-wp-security' ), 0, ), 'recommended' => array( _x( 'Recommended', 'List recommended modules', 'better-wp-security' ), 0, ), 'advanced' => array( _x( 'Advanced', 'List advanced modules', 'better-wp-security' ), 0, ), ); foreach ( $this->modules as $id => $module ) { $module_filters['all'][1]++; if ( isset( $module_filters[$module->type] ) ) { $module_filters[$module->type][1]++; } $module->enabled = ITSEC_Modules::is_active( $id ); $module->always_active = ITSEC_Modules::is_always_active( $id ); } return $module_filters; } private function show_settings_page() { $form = new ITSEC_Form(); $module_filters = $this->prepare_modules_and_calculate_filters(); $current_type = isset( $_REQUEST['module_type'] ) ? $_REQUEST['module_type'] : 'recommended'; $feature_tabs = array(); foreach ( $module_filters as $type => $data ) { if ( $current_type === $type ) { $class = 'current'; } else { $class = ''; } $feature_tabs[] = "
  • self_url ) ) . "' class='$class'>{$data[0]} ({$data[1]})"; } // Get user's view preference $view = get_user_meta( get_current_user_id(), 'itsec-settings-view', true ); // Default to grid view for users that have an invalid or unspecified view if ( ! in_array( $view, array( 'grid', 'list' ) ) ) { $view = 'grid'; } ?>

      \n" ) . "\n"; ?>
    print_modules_form( $form ); ?>
    widgets as $id => $widget ) : ?> settings_form ) : ?> start_form( "itsec-sidebar-widget-form-$id" ); ?> add_nonce( 'itsec-settings-page' ); ?> add_hidden( 'widget-id', $id ); ?>

    title ); ?>

    get_widget_settings( $id, $form, true ); ?>
    settings_form ) { $form->end_form(); } ?>

    start_form( 'itsec-module-settings-form' ); ?> add_nonce( 'itsec-settings-page' ); ?> end_form(); ?> \n"; echo "$description
    \n"; echo '' . esc_html( $self->translations['show_information'] ) . ''; echo "
    \n"; echo $details; echo "
    \n"; echo "\n"; } } ITSEC_Settings_Page::get_instance();