Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /home/avadvi5/public_html/wp-content/plugins/really-simple-ssl-pro/pro/security/wordpress/xmlrpc.php

ÐÐ°Ð·Ð°Ð´
<?php defined( 'ABSPATH' ) or die( "you do not have access to this page!" ); if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { function rsssl_check_xmlrpc_request( $method, $args, $obj ){ $logged_in = is_user_logged_in(); if ( rsssl_get_option('xmlrpc_status') ==='enforce' && !rsssl_xmlrpc_request_allowed($method, $args, $logged_in ) ){ wp_die(); } else if ( rsssl_get_option('xmlrpc_status')==='learning_mode' ){ global $wpdb; $table_name = $wpdb->base_prefix . "rsssl_xmlrpc"; $status = $logged_in; $count = $wpdb->get_var( $wpdb->prepare("select count() from {$wpdb->base_prefix}rsssl_xmlrpc where method=%s and login_status=%s", $method, $logged_in )); //if the login was successful, we set it to allowed if ( $count==0 ) { $wpdb->insert( $table_name, array( 'time' => time(), 'method' => $method, 'args' => serialize($args), 'login_status' => $logged_in, 'count' => 1, 'status' => $status, ) ); } else { $wpdb->update( $table_name, [ 'time' => time(), 'count' => $count+1, 'args' => serialize($args), ], [ 'method' => $method, 'login_status' => $logged_in, ]); } } } add_action( 'xmlrpc_call', 'rsssl_check_xmlrpc_request' , 999, 3); } /* * XML data * @return array / function rsssl_xmlrpc_get_data(){ if ( !rsssl_user_can_manage() ){ return []; } global $wpdb; return $wpdb->get_results( "select from {$wpdb->base_prefix}rsssl_xmlrpc"); } /** * Check if this request is allowed * * @param string $method * @param array $args * @param int $user_id * * @return bool / function rsssl_xmlrpc_request_allowed($method, $args, $user_id){ global $wpdb; $count = $wpdb->get_var( $wpdb->prepare("select count() from {$wpdb->base_prefix }rsssl_xmlrpc where method=%s AND status=1", $method)) ; $xmlrpc_enabled = apply_filters('xmlrpc_enabled', true ); return $count>0 && $xmlrpc_enabled; } /** * Check if there is at least one successful request * * @return bool / function rsssl_xmlrpc_has_successful_requests() { global $wpdb; $count = $wpdb->get_var("select count() from {$wpdb->base_prefix }rsssl_xmlrpc where login_status=1") ; return $count>0; } /** * @param int $update_item_id * @param int $enabled * @param string $action * * @return void / function rsssl_xml_update_allowlist( int $update_item_id, int $enabled, string $action='update') { if ( ! rsssl_user_can_manage() ) { return; } global $wpdb; if ( $action === 'update' ) { $wpdb->update( $wpdb->base_prefix . "rsssl_xmlrpc", [ 'status' => $enabled, ], [ 'id' => $update_item_id ] ); } if ( $action === 'delete' ) { $wpdb->delete( $wpdb->base_prefix . "rsssl_xmlrpc", [ 'id' => $update_item_id ] ); } } /* * Dismiss the learning mode after a week * * @return void / function rsssl_maybe_disable_xml_learning_mode_after_period() { if ( rsssl_get_option( 'xmlrpc_status' )==='learning_mode' ) { //disable learning mode after one week $activation_time = get_site_option( 'rsssl_xmlrpc_learning_mode_activation_time' ); $nr_of_days_learning_mode = apply_filters( 'rsssl_pause_after_days', 7 ); $one_week_ago = strtotime( "-$nr_of_days_learning_mode days" ); if ( $activation_time < $one_week_ago ) { //ensure the functions are included if ( !function_exists('rsssl_update_option' )) { require_once( rsssl_path . 'settings/settings.php' ); } rsssl_update_option( 'xmlrpc_status', 'completed' ); //if, after running a full week, no successful login attempt has been detected, disable xml rpc. if ( !rsssl_xmlrpc_has_successful_requests() ){ rsssl_update_option( 'disable_xmlrpc', true ); } } } } add_action( 'rsssl_daily_cron', 'rsssl_maybe_disable_xml_learning_mode_after_period' ); /* * If csp reporting is enabled, save the time so we track how long it's running * @return void / function rsssl_save_time_on_xmlrpc_learning_mode_start($field_id, $field_value, $prev_value, $field_type ){ if ( $field_id==='xmlrpc_status' && $field_value=='learning_mode' ){ update_site_option("rsssl_xmlrpc_learning_mode_activation_time", time() ); } } add_action( "rsssl_after_save_field", 'rsssl_save_time_on_xmlrpc_learning_mode_start', 100, 4 ); /* * @return void * Add the learning mode table / function rsssl_add_learning_mode_table() { require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); global $wpdb; $table_name = $wpdb->base_prefix . "rsssl_xmlrpc"; $charset_collate = $wpdb->get_charset_collate(); $sql = "CREATE TABLE $table_name ( id mediumint(9) NOT NULL AUTO_INCREMENT, time int(10) NOT NULL, method text NOT NULL, args text NOT NULL, login_status int(10) NOT NULL, status int(10) NOT NULL, count int(10) NOT NULL, PRIMARY KEY (id) ) $charset_collate"; dbDelta( $sql ); } //plugins_loaded on priority 11, as security loads on 10. add_action( 'rsssl_install_tables', 'rsssl_add_learning_mode_table', 11 ); /* * @param array $response * @param string $action * @param array $data * * @return array */ function rsssl_xml_table_data( array $response, string $action, $data): array { if ( !rsssl_user_can_manage() ) { return $response; } if ($action === 'learning_mode_data' && isset($data['type']) && $data['type']==='xmlrpc_allow_list'){ $update_item_id = $data['updateItemId'] ?? false; $enabled = $data['enabled'] ?? false; $lm_action = $data['lm_action'] ?? 'get'; if ( !in_array($lm_action, ['get', 'update', 'delete']) ) { $lm_action = 'get'; } if ( $lm_action === 'get' ) { return rsssl_xmlrpc_get_data(); } //in case of update or delete rsssl_xml_update_allowlist($update_item_id, $enabled, $lm_action); return rsssl_xmlrpc_get_data(); } return $response; } add_filter( 'rsssl_do_action', 'rsssl_xml_table_data', 10, 3 );

| ver. 1.1 | | . | PHP 8.3.30 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°