Version: 2.118

CleanTalk · Sep 11, 2023 · dafcd0a · dafcd0a
2 parents e09cb4a + 6c77b8f
commit dafcd0a
Show file tree

Hide file tree

Showing 17 changed files with 236 additions and 35 deletions.
diff --git a/.github/workflows/reviewNotice.yml b/.github/workflows/reviewNotice.yml
@@ -7,7 +7,7 @@ on:
 jobs:
 
   build:
-    if: github.event.review.state == 'approved'
+    if: github.event.review.state == 'approved' && toJSON(github.event.pull_request.requested_reviewers) == '[]'
     runs-on: ubuntu-latest
     steps:
       - name: Convert date format

diff --git a/inc/spbc-admin.php b/inc/spbc-admin.php
@@ -1,5 +1,6 @@
 <?php
 
+use CleantalkSP\SpbctWP\Scanner\Cure;
 use CleantalkSP\SpbctWP\Scanner\FileMonitoringModule\FileMonitoringTabData;
 use CleantalkSP\Variables\Post;
 use CleantalkSP\Variables\Server;
@@ -95,6 +96,7 @@ function spbc_admin_init()
     add_action('wp_ajax_spbc_tbl-pagination', array(ListTable::class, 'ajaxPaginationHandler'));
     add_action('wp_ajax_spbc_tbl-sort', array(ListTable::class, 'ajaxSortHandler'));
     add_action('wp_ajax_spbc_tbl-switch', array(ListTable::class, 'ajaxSwitchTable'));
+    add_action('wp_ajax_spbc_cure_selected', array(Cure::class, 'cureSelectedAction'));
 
     // Send logs_mscan
     add_action('wp_ajax_spbc_send_traffic_control', 'spbc_send_firewall_logs', 1, 0);

diff --git a/inc/spbc-scanner.php b/inc/spbc-scanner.php
@@ -1080,7 +1080,8 @@ function spbc_get_sql_where_addiction_for_table_of_category($category)
                             path NOT LIKE "%wp-content%plugins%" AND
                             path NOT LIKE "%wp-content%cache%" AND
                             path NOT LIKE "%wp-config.php" AND
-						    (severity IS NULL OR severity NOT IN ("CRITICAL", "DANGER", "SUSPICIOUS"))';
+						    (severity IS NULL OR severity NOT IN ("CRITICAL", "DANGER", "SUSPICIOUS")) AND
+						    last_sent IS NULL';
             break;
         case 'quarantined':
             $res = ' WHERE status = "QUARANTINED"';
@@ -1940,16 +1941,30 @@ function spbc_scanner_get_pdf_file_name($direct_call = false)
 
 function spbc_file_cure_ajax_action()
 {
-    global $wpdb, $spbc;
-
     spbc_check_ajax_referer('spbc_secret_nonce', 'security');
 
     $file_fast_hash = isset($_POST['file_fast_hash']) ? esc_sql($_POST['file_fast_hash']) : null;
 
+    $result = spbc_cure_file($file_fast_hash);
+
+    if (is_wp_error($result)) {
+        wp_send_json_error($result->get_error_message());
+    }
+
+    wp_send_json_success($result);
+}
+
+function spbc_cure_file($file_fast_hash)
+{
     if (is_null($file_fast_hash)) {
-        wp_send_json_error(esc_html__('Error: File not founded.', 'security-malware-firewall'));
+        return new WP_Error(
+            '422',
+            esc_html__('Error: File not found.', 'security-malware-firewall')
+        );
     }
 
+    global $wpdb, $spbc;
+
     $file_data = $wpdb->get_row(
         'SELECT * '
         . ' FROM ' . SPBC_TBL_SCAN_FILES
@@ -1961,7 +1976,10 @@ function spbc_file_cure_ajax_action()
     $cure_results = new Cure($file_data);
 
     if (isset($cure_results->result['error'])) {
-        wp_send_json_error(esc_html__('Error: ' . $cure_results->result['error'], 'security-malware-firewall'));
+        return new WP_Error(
+            '422',
+            esc_html__('Error: ' . $cure_results->result['error'], 'security-malware-firewall')
+        );
     }
 
     $cure_log_record = new CureLogRecord(array(
@@ -2001,7 +2019,7 @@ function spbc_file_cure_ajax_action()
     //record log
     $cure_log->logCureResult($cure_log_record);
 
-    wp_send_json_success(esc_html__('Success!', 'security-malware-firewall'));
+    return esc_html__('Success!', 'security-malware-firewall');
 }
 
 function spbc_restore_file_from_backup_ajax_action()
@@ -2013,7 +2031,7 @@ function spbc_restore_file_from_backup_ajax_action()
     $file_fast_hash = isset($_POST['file_fast_hash']) ? esc_sql($_POST['file_fast_hash']) : null;
 
     if (is_null($file_fast_hash)) {
-        wp_send_json_error(esc_html__('Error: File not founded.', 'security-malware-firewall'));
+        wp_send_json_error(esc_html__('Error: File not found.', 'security-malware-firewall'));
     }
 
     // Getting file path
@@ -2025,7 +2043,7 @@ function spbc_restore_file_from_backup_ajax_action()
     );
 
     if (is_null($file_path)) {
-        wp_send_json_error(esc_html__('Error: File path not founded.', 'security-malware-firewall'));
+        wp_send_json_error(esc_html__('Error: File path not found.', 'security-malware-firewall'));
     }
 
     $file_path = $file_path['path'];
@@ -2042,7 +2060,7 @@ function spbc_restore_file_from_backup_ajax_action()
     $backup_path = $wpdb->get_row($sql_prepared, ARRAY_A);
 
     if (is_null($backup_path)) {
-        wp_send_json_error(esc_html__('Error: Backup not founded.', 'security-malware-firewall'));
+        wp_send_json_error(esc_html__('Error: Backup not found.', 'security-malware-firewall'));
     }
 
     $backup_path = $backup_path['back_path'];

diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php
@@ -2922,6 +2922,10 @@ function spbc_field_scanner__show_accordion($direct_call = false)
         'cure_log'     => $cure_log_description,
     );
 
+    if (!$spbc->data['wl_mode_enabled']) {
+        $tables_files['suspicious'] .= spbc__manual_cure_service_suggest_html('suspicious');
+    }
+
     if ($spbc->settings['scanner__list_unknown']) {
         $tables_files['unknown'] = $unknown_files_description;
     }
@@ -3685,16 +3689,20 @@ function spbc_list_table__get_args_by_type($table_type)
                         'handler' => 'spbc_scanner_button_restore_from_backup_ajax_handler(this);',
                     ),
                 ),
+                'bulk_actions'      => array(
+                    'cure' => array('name' => 'Cure',),
+                ),
                 'func_data_total'   => 'spbc_scanner__cure_log_get_count_total',
                 'func_data_get'     => 'spbc_scanner__get_cure_log_data',
                 'func_data_prepare'     => 'spbc_scanner__cure_log_data_prepare',
                 'if_empty_items' => __('There are no automatically cured files.', 'security-malware-firewall'),
                 'columns' => array(
-                    'real_path'           => array('heading' => 'Path','primary' => true,),
-                    'last_cure_date'     => array('heading' => 'Cure date',),
-                    'cured'     => array('heading' => 'Status',),
-                    'cci_cured'     => array('heading' => 'Threats cured count',),
-                    'fail_reason'     => array('heading' => 'Reason of fail',),
+                    'cb'             => array('heading' => '<input type=checkbox>', 'class' => 'check-column',  'width_percent' => 2),
+                    'real_path'      => array('heading' => 'Path','primary' => true,),
+                    'last_cure_date' => array('heading' => 'Cure date',),
+                    'cured'          => array('heading' => 'Status',),
+                    'cci_cured'      => array('heading' => 'Threats cured count',),
+                    'fail_reason'    => array('heading' => 'Reason of fail',),
                 ),
                 'order_by'  => array('real_path' => 'asc'),
                 'pagination' => array(
@@ -4005,6 +4013,12 @@ function spbc_sanitize_settings($settings)
     $settings['spbc_key']      = is_main_site() || $spbc->ms__work_mode != 2 ? $settings['spbc_key'] : $spbc->network_settings['spbc_key'];
     $spbc->data['key_changed'] = $settings['spbc_key'] !== $spbc->settings['spbc_key'];
     $spbc->data['key_is_ok']   = spbc_api_key__is_correct($settings['spbc_key']);
+
+    if ($settings['spbc_key'] === '' && $spbc->data['key_changed']) {
+        $spbc = spbc_drop_to_defaults_on_key_clearance($spbc);
+        \CleantalkSP\SpbctWP\Cron::removeAllTasks();
+    }
+
     $spbc->save('data');
 
     if ($spbc->is_network && $spbc->is_mainsite) {
@@ -4846,8 +4860,13 @@ function spbc_scanner__cure_log_get_count_total()
  */
 function spbc_scanner__get_cure_log_data()
 {
+    $offset = 0;
+    $amount = 20;
+    if (isset($_POST['page'])) {
+        $offset = ((int)$_POST['page'] - 1) * $amount;
+    }
     $cure_log = new Scanner\CureLog\CureLog();
-    return $cure_log->getDataToAccordion();
+    return $cure_log->getDataToAccordion($offset, $amount);
 }
 
 /**
@@ -5001,7 +5020,7 @@ function spbc__manual_cure_service_suggest_html($for)
         $button_id = 'spbct_request_cure';
         $classes = 'notice notice-warning';
         $show_exclaim_triangle = true;
-    } elseif ($for === 'unknown') {
+    } elseif ($for === 'unknown' || $for === 'suspicious') {
         $text = __('If you are not sure about the results or looking for professional help from security specialists,
          feel free to order', 'security-malware-firewall');
         $button_id = 'spbct_request_audit';
@@ -5012,9 +5031,9 @@ function spbc__manual_cure_service_suggest_html($for)
     }
 
     $cure_request_url = 'https://cleantalk.org/my/support/open';
-    $help_href_text = __('the Professional Security Audit service', 'security-malware-firewall');
-    $button_text = __('Request Professional Security Audit', 'security-malware-firewall');
-    $href = '<a target="_blank" href="https://cleantalk.org/help/manual-cure-of-malware">' . $help_href_text . '</a>';
+    $help_href_text = __('Security Audit', 'security-malware-firewall');
+    $button_text = __('Request Security Audit', 'security-malware-firewall');
+    $href = '<a target="_blank" href="https://l.cleantalk.org/website-security-audit">' . $help_href_text . '</a>';
 
     $out = '<div id="spbc_notice_cloud_analysis_feedback" class="' . $classes . '">';
     $out .= '<p>';
@@ -5083,3 +5102,33 @@ function spbc__check_if_manual_analysis_results_exist()
         "SELECT COUNT(*) FROM " . SPBC_TBL_SCAN_FILES . " WHERE analysis_status IS NOT NULL;"
     );
 }
+
+/**
+ * Drop current data to defaults from state->default_data.
+ * On exceptions roll back to old current state.
+ * Attention! This function does not save the state to options,
+ * only the current state object will be handled.
+ * @param \CleantalkSP\SpbctWP\State $spbc current state
+ * @return \CleantalkSP\SpbctWP\State state dropped
+ */
+function spbc_drop_to_defaults_on_key_clearance(\CleantalkSP\SpbctWP\State $spbc)
+{
+    $old_data = $spbc->data;
+    try {
+        $keep_data_keys = array(
+            'scanner',
+            'display_scanner_warnings',
+            'errors'
+        );
+        $spbc->error_delete_all(true);
+        foreach ( $spbc->default_data as $key => $value) {
+            if (!in_array($key, $keep_data_keys)) {
+                $spbc->data[$key] = $value;
+            }
+        }
+    } catch (Exception $e) {
+        $spbc->data = $old_data;
+    }
+
+    return $spbc;
+}
diff --git a/js/spbc-table.min.js b/js/spbc-table.min.js
diff --git a/js/spbc-table.min.js.map b/js/spbc-table.min.js.map
diff --git a/js/src/spbc-table.js b/js/src/spbc-table.js
@@ -41,7 +41,7 @@ function spbc_tbl__bulk_actions__listen(){
 		}
 
 		var self = jQuery(this);
-		var allowed_bulk_actions = ['approve','disapprove','send','check_analysis_status','approve_page','disapprove_page'];
+		var allowed_bulk_actions = ['approve','disapprove','send','check_analysis_status','approve_page','disapprove_page','cure'];
 		var action = self.siblings('select').children()[self.siblings('select').first()[0].selectedIndex].value;
 		console.log(self);
 		if( allowed_bulk_actions.indexOf( action ) !== -1 ){
@@ -55,6 +55,18 @@ function spbc_tbl__bulk_actions__listen(){
 				add_action: action,
 				status: self.parents('.tbl-root').attr('type'),
 			};
+
+			if (action === 'cure') {
+				const selectedItems = self.closest('#spbc_tbl__scanner_cure_log').find('.cb-select');
+				let selectedIds = [];
+
+				selectedItems.each(function (index, element) {
+					const elementId = jQuery(element).val();
+					selectedIds.push(elementId);
+				});
+				data.selectedIds = selectedIds;
+			}
+
 			var params = {
 				button: this,
 				spinner: self.children('.tbl-preloader--small'),
@@ -103,6 +115,12 @@ function spbc_tbl__bulk_actions__listen(){
 		var self = spbc_bulk_action || jQuery(this);
 		spbc_bulk_action = self;
 		var action = self.siblings('select').children()[self.siblings('select').first()[0].selectedIndex].value;
+
+		if (action === 'cure') {
+			spbc_scanner__cure_selected(jQuery(this));
+			return;
+		}
+
 		if( action !== '-1' && self.parents('.tbl-root').find('.cb-select').is(':checked') ){
 			self.children('.tbl-preloader--small').show();
 			if(self.parents('.tbl-root').find('.cb-select:checked').first().parents('tr').find('.tbl-row_action--'+action)[0]){
@@ -126,7 +144,51 @@ function spbc_tbl__bulk_actions__listen(){
 			setTimeout(spbc_reload_accordion, 1900);
 		}
 	});
-}	
+}
+
+/**
+ * Cure selected files
+ * @param current
+ */
+function spbc_scanner__cure_selected(current)
+{
+	const selectedItems = current.closest('#spbc_tbl__scanner_cure_log').find('.cb-select:checked');
+	let selectedIds = [];
+
+	if (selectedItems.length === 0) {
+		alert('Please, select elements.');
+	}
+
+	selectedItems.each(function (index, element) {
+		const elementId = jQuery(element).val();
+		selectedIds.push(elementId);
+	});
+
+	const data = {
+		action: 'spbc_cure_selected',
+		security: spbcSettings.ajax_nonce,
+		selectedIds: selectedIds,
+	};
+	jQuery.ajax({
+		type: "POST",
+		url: spbcSettings.ajaxurl,
+		data: data,
+		beforeSend: function () {
+			current.closest('#spbc_tbl__scanner_cure_log').find('.tbl-button---white_blue .tbl-preloader--in_button').show();
+		},
+		success: function(result) {
+			current.closest('#spbc_tbl__scanner_cure_log').find('.tbl-button---white_blue .tbl-preloader--in_button').hide();
+			if (result.success) {
+				spbcModal.open().put(result.data);
+				document.addEventListener("spbcModalClosed", function( e ) {
+					document.location.reload();
+				});
+			} else {
+				spbcModal.open().putError(result.data);
+			}
+		},
+	});
+}
 
 // TABLE ROW ACTIONS
 function spbc_tbl__row_actions__listen(){

diff --git a/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php b/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php
@@ -613,8 +613,8 @@ private function checkingDecryptedToken(DataStructures\Token $token)
     private function checkingSuperGlobalsInTheSystemCommands(DataStructures\Token $token)
     {
         //search for next semicolon to find depth of seek
-        $next_semicolon = $this->tokens->searchForward($token->key, ';');
-        $depth = $next_semicolon ? $next_semicolon - $token->key : 0;
+        $end_of_expression = $this->tokens->searchForward($token->key, array(';','`','?'));
+        $depth = $end_of_expression ? $end_of_expression - $token->key : 0;
         foreach ($this->super_globals as $super_global) {
             //search for superglobs usage
             $forward_look_super_globals = $this->tokens->searchForward($token->key, $super_global, $depth);

diff --git a/lib/CleantalkSP/SpbctWP/Cron.php b/lib/CleantalkSP/SpbctWP/Cron.php
@@ -173,4 +173,13 @@ public static function updateTask($task, $handler, $period, $first_call = null,
 
         return self::addTask($task, $handler, $period, $first_call, $params);
     }
+
+    /**
+     * Delete all the cron tasks.
+     * @return void
+     */
+    public static function removeAllTasks()
+    {
+        update_option(self::CRON_OPTION_NAME, array());
+    }
 }
diff --git a/lib/CleantalkSP/SpbctWP/DB/SQLSchema.php b/lib/CleantalkSP/SpbctWP/DB/SQLSchema.php
@@ -401,6 +401,7 @@ class SQLSchema extends \CleantalkSP\Common\DB\SQLSchema
                 array('field' => 'country_code', 'type' => 'char(2)', 'null' => 'yes', 'default' => 'NULL',),
                 array('field' => 'is_personal', 'type' => 'tinyint unsigned', 'null' => 'yes', 'default' => 'NULL',),
                 array('field' => 'entry_timestamp', 'type' => 'int', 'null' => 'no',),
+                array('field' => 'send_status', 'type' => 'tinyint unsigned', 'null' => 'yes', 'default' => 'NULL',),
             ),
             'indexes' => array(
                 array('type' => 'PRIMARY', 'name' => 'KEY', 'body' => '(`entry_id`)'),

diff --git a/lib/CleantalkSP/SpbctWP/Firewall/FW.php b/lib/CleantalkSP/SpbctWP/Firewall/FW.php
@@ -322,7 +322,7 @@ protected function ipv6GetResultsFromDb($ip)
     public static function sendLog($db, $log_table, $ct_key)
     {
         //Getting logs
-        $query = 'SELECT * FROM ' . $log_table . ' LIMIT ' . SPBC_SELECT_LIMIT . ';';
+        $query = 'SELECT * FROM ' . $log_table . ' WHERE send_status IS NULL LIMIT ' . SPBC_SELECT_LIMIT . ';';
         $db->fetchAll($query);
 
         if ( count($db->result) ) {
@@ -457,7 +457,10 @@ public static function sendLog($db, $log_table, $ct_key)
             //Checking answer and deleting all lines from the table
             if ( empty($result['error']) ) {
                 if ( (int)$result['rows'] === count($data) ) {
-                    $db->execute("TRUNCATE TABLE " . $log_table . ";");
+                    $db->execute("DELETE FROM " . $log_table . " WHERE entry_id NOT IN (" .
+                                 "SELECT entry_id FROM (" .
+                                 "SELECT entry_id, entry_timestamp FROM " . $log_table . " ORDER BY entry_timestamp DESC LIMIT 20) too );");
+                    $db->execute("UPDATE " . $log_table . " SET send_status = 1;");
                     return count($data);
                 }