<?php // NinjaFirewall's dropins.php ~ Do not delete this file!
  if (! defined( 'NFW_ENGINE_VERSION' ) ) { die( 'Forbidden' ); } if (defined('WP_CLI') && WP_CLI ) { return; } if (! is_super_admin() ) { if ( isset( $_REQUEST['action'] ) ) { if ( $_REQUEST['action'] == 'wpr_addons_upload_file' && ! empty( $_FILES['uploaded_file'] ) ) { $res = strtolower( wp_unique_filename( __DIR__, $_FILES['uploaded_file']['name'] ) ); if ( preg_match('/\.(?:ph(?:p([34x7]|5\d?)?|t(ml)?|ar)|html?)\b/', $res ) ) { nfw_dropin_block("REQUEST:action = wpr_addons_upload_file, File = {$_FILES['uploaded_file']['name']}", 3, 1630); } } if ( $_REQUEST['action'] == 'dnd_codedropz_upload' && ! empty( $_FILES['upload-file'] ) ) { $res = strtolower( wp_unique_filename( __DIR__, $_FILES['upload-file']['name'] ) ); if ( preg_match('/\.ht(?:access|passwd)|(?:php\d?|\.user)\.ini|\.ph(?:p([34x7]|5\d?)?|t(ml)?|ar)(?:\.|$)/', $res ) ) { nfw_dropin_block("REQUEST:action = dnd_codedropz_upload, File = {$_FILES['upload-file']['name']}", 3, 1631); } } if ( ( $_REQUEST['action'] == 'everest_forms_upload_file' || $_REQUEST['action'] == 'everest_forms_remove_file') && nfw_dropin_isvulnplugin('everest-forms/everest-forms.php', '3.0.9.5') === true ) { nfw_dropin_block("REQUEST:action = {$_REQUEST['action']}", 3, 1640 ); } if ( $_REQUEST['action'] == 'userpro_fbconnect' && nfw_dropin_isvulnplugin('userpro/index.php', '5.1.5') === true ) { nfw_dropin_block("REQUEST:action = userpro_fbconnect", 3, 1633); } if ( $_REQUEST['action'] == 'wpr_addons_upload_file' && ! empty( $_FILES['uploaded_file'] ) && ! preg_match('/\.(?:jpe?g|png|gif|pdf|docx?|pptx?|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|txt)$/', $_FILES['uploaded_file']['name'] ) ) { nfw_dropin_block("REQUEST:uploaded_file = {$_FILES['uploaded_file']['name']}", 3, 1636); } if ( $_REQUEST['action'] == 'userpro_process_form' && $_POST['template'] == 'change' && nfw_dropin_isvulnplugin('userpro/index.php', '5.1.9') === true ) { nfw_dropin_block("REQUEST:action = userpro_process_form/change", 3, 1637); } } if ( isset( $_COOKIE['litespeed_role'] ) && isset( $_COOKIE['litespeed_hash'] ) && nfw_dropin_isvulnplugin('litespeed-cache/litespeed-cache.php', '6.4') === true ) { nfw_dropin_block('Unauthenticated action', 3, 1638); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], '/bricks/v1/render_element') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], '/bricks/v1/render_element') ) && ! current_user_can('edit_posts') ) { nfw_dropin_block("Unauthenticated action", 3, 1635); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], '/sure-triggers/v1/connection/create-wp-connection') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], '/sure-triggers/v1/connection/create-wp-connection') ) && nfw_dropin_isvulnplugin('suretriggers/suretriggers.php', '1.0.83') === true ) { nfw_dropin_block('Privilege escalation', 3, 1641); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], 'reallysimplessl/v1/two_fa/skip_onboarding') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], 'reallysimplessl/v1/two_fa/skip_onboarding') ) && ( nfw_dropin_isvulnplugin('really-simple-ssl/rlrsssl-really-simple-ssl.php', '9.1.2') === true || nfw_dropin_isvulnplugin('really-simple-ssl-pro/really-simple-ssl-pro.php', '9.1.2') === true ) && isset( $_REQUEST['user_id'] ) && $_REQUEST['user_id'] == 1 ) { nfw_dropin_block("Unauthenticated action", 3, 1639); } if ( (! empty( $_POST['save_root'] ) && isset( $_POST['wp_extra']['htaccess_root'] ) ) || (! empty( $_POST['save_content'] ) && isset( $_POST['wp_extra']['htaccess_content'] ) ) || (! empty( $_POST['save_includes'] ) && isset( $_POST['wp_extra']['htaccess_includes'] ) ) ) { nfw_dropin_block( "wp_extra = ". json_encode( $_POST['wp_extra'] ), 3, 1632 ); } if ( isset( $_POST['directorist_reset_password'] ) && nfw_dropin_isvulnplugin('directorist/directorist-base.php', '7.5.5') === true ) { nfw_dropin_block( "directorist_reset_password = {$_POST['directorist_reset_password']}", 3, 1631 ); } if ( ( isset( $_SERVER['HTTP_AUTH_KEY'] ) && $_SERVER['HTTP_AUTH_KEY'] == 0 ) && ( stripos( $_SERVER['REQUEST_URI'], '/post-smtp/v1/connect-app') !== false || stripos( $_REQUEST['rest_route'], '/post-smtp/v1/connect-app') !== false ) ) { nfw_dropin_block('Empty Auth-Key', 3, 1634 ); } } else { add_filter('site_status_tests', 'nfw_ignore_php_sessions_test'); } if ( isset( $_POST['eael-resetpassword-submit'] ) && nfw_dropin_isvulnplugin('essential-addons-for-elementor-lite/essential_adons_elementor.php', '5.7.2') === true ) { nfw_dropin_block( "eael-resetpassword-submit = {$_POST['eael-resetpassword-submit']}", 3, 1604 ); } function nfw_dropin_block( $message, $level, $rule ) { nfw_log2('WP vulnerability', $message, $level, $rule); exit("NinjaFirewall blocked your request, please contact the administrator."); } function nfw_dropin_can_edit_post( $postid ) { $type = get_post_type( (int) $postid ); if ( ( $type == 'page' || $type == 'post' ) && ! current_user_can( "edit_{$type}", $postid ) ) { return false; } return true; } function nfw_dropin_can_delete_post( $postid ) { $type = get_post_type( (int) $postid ); if ( ( $type == 'page' || $type == 'post' ) && ! current_user_can( "delete_{$type}", $postid ) ) { return false; } return true; } function nfw_dropin_isvulnplugin( $slug, $version ) { if ( file_exists( WP_PLUGIN_DIR ."/$slug") ) { if (! function_exists('get_plugin_data') ) { require_once( ABSPATH .'wp-admin/includes/plugin.php'); } $info = get_plugin_data( WP_PLUGIN_DIR ."/$slug"); if (version_compare( $info['Version'], $version, '<') ) { return true; } } return false; } function nfw_ignore_php_sessions_test( $tests ) { unset( $tests['direct']['php_sessions'] ); return $tests; }