Ubuntu
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
title = __( 'Check if basic SQL Injections are blocked or not.', 'secupress' );
$this->more = __( 'SQL injection is a way to read, modify, delete any content of your database, this is a powerful vulnerability, don\'t let anyone play with that.', 'secupress' );
$this->more_fix = sprintf(
__( 'Activate the option %1$s in the %2$s module.', 'secupress' ),
'' . __( 'Block bad content', 'secupress' ) . '',
'' . __( 'Firewall', 'secupress' ) . ''
);
}
/**
* Get messages.
*
* @since 1.0
*
* @param (int) $message_id A message ID.
*
* @return (string|array) A message if a message ID is provided. An array containing all messages otherwise.
*/
public static function get_messages( $message_id = null ) {
/** Translators: 1 is the name of a protection, 2 is the name of a module. */
$activate_protection_message = sprintf( __( 'But you can activate the %1$s protection from the module %2$s.', 'secupress' ),
'' . __( 'Block bad content', 'secupress' ) . '',
'' . __( 'Firewall', 'secupress' ) . ''
);
$messages = array(
// "good"
0 => __( 'You are currently blocking simple SQL Injection.', 'secupress' ),
1 => __( 'Protection activated', 'secupress' ),
// "warning"
100 => __( 'Unable to determine if your homepage is blocking SQL Injection.', 'secupress' ) . ' ' . $activate_protection_message,
// "bad"
200 => __( 'Your website should block SQL Injection.', 'secupress' ),
);
if ( isset( $message_id ) ) {
return isset( $messages[ $message_id ] ) ? $messages[ $message_id ] : __( 'Unknown message', 'secupress' );
}
return $messages;
}
/** Getters. ================================================================================ */
/**
* Get the documentation URL.
*
* @since 1.2.3
*
* @return (string)
*/
public static function get_docs_url() {
return __( 'http://docs.secupress.me/article/109-basic-sql-injection-scan', 'secupress' );
}
/** Scan. =================================================================================== */
/**
* Scan for flaw(s).
*
* @since 1.0
*
* @return (array) The scan results.
*/
public function scan() {
$activated = secupress_filter_scanner( __CLASS__ );
if ( true === $activated ) {
$this->add_message( 0 );
return parent::scan();
}
$response = wp_remote_get( add_query_arg( secupress_generate_key( 6 ), 'UNION+SELECT+FOO', user_trailingslashit( home_url() ) ), $this->get_default_request_args() );
if ( ! is_wp_error( $response ) ) {
if ( 200 === wp_remote_retrieve_response_code( $response ) ) {
// "bad"
$this->add_message( 200 );
} else {
// "good"
$this->add_message( 0 );
}
}
// Good.
$this->maybe_set_status( 0 );
return parent::scan();
}
/** Fix. ==================================================================================== */
/**
* Try to fix the flaw(s).
*
* @since 1.4.5
*
* @return (array) The fix results.
*/
public function need_manual_fix() {
return [ 'fix' => 'fix' ];
}
/**
* Get an array containing ALL the forms that would fix the scan if it requires user action.
*
* @since 1.4.5
*
* @return (array) An array of HTML templates (form contents most of the time).
*/
protected function get_fix_action_template_parts() {
return [ 'fix' => ' ' ];
}
/**
* Try to fix the flaw(s) after requiring user action.
*
* @since 1.4.5
*
* @return (array) The fix results.
*/
public function manual_fix() {
if ( $this->has_fix_action_part( 'fix' ) ) {
$this->fix();
}
// "good"
$this->add_fix_message( 1 );
return parent::manual_fix();
}
/**
* Try to fix the flaw(s).
*
* @since 1.0
*
* @return (array) The fix results.
*/
public function fix() {
// Activate.
secupress_activate_submodule( 'firewall', 'bad-url-contents' );
// "good"
$this->add_fix_message( 1 );
return parent::fix();
}
}