stklcode/statify-blacklist
stklcode/statify-blacklist
1
0
Fork 0
Code Issues Actions Releases 21 Activity

#7 implementation of IP blacklists

Browse Source
This commit is contained in:
Stefan Kalscheuer 2017-06-04 11:41:26 +02:00
parent 9f9c7af298
commit 4a0fee572b
6 changed files with 576 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -15,6 +15,9 @@ This plugin adds customizable blacklist to Statify to allow blocking of referer
#### Referer Blacklist #### #### Referer Blacklist ####
Add a list of domains (for simplicity only second-level, e.g. _example.com_ which blocks _everything.example.com_). Add a list of domains (for simplicity only second-level, e.g. _example.com_ which blocks _everything.example.com_).
#### IP Blacklist ####
Add a list of IP addresses or subnets (e.g. _192.0.2.123_, _198.51.100.0/24_, _2001:db8:a0b:12f0::/64_).
#### CleanUp Database #### #### CleanUp Database ####
Filters can be applied to data stored in database after modifying filter rules or for one-time clean-up. Filters can be applied to data stored in database after modifying filter rules or for one-time clean-up.
@ -42,7 +45,7 @@ The plugin is capable of handling multisite installations.
Nothing. By default all blacklists are empty and disabled. They can and have to be filled by the blog administrator. Nothing. By default all blacklists are empty and disabled. They can and have to be filled by the blog administrator.
A default blacklist is not provided, as the plugin itself is totally neutral. If you want to filter out referer spam, A default blacklist is not provided, as the plugin itself is totally neutral. If you want to filter out referer spam,
visitors from search engines or just "false" referers from 301 redirects only depends on you. visitors from search engines, just "false" referers from 301 redirects or you own IP address used for testing only depends on you.
### Does the filter effect user experience? ### ### Does the filter effect user experience? ###
No. It only prevent's _Statify_ from tracking, nothing more or less. No. It only prevent's _Statify_ from tracking, nothing more or less.
@ -59,12 +62,19 @@ Yes, it it. Just select if you want to filter using regular expressions case sen
Note, that regular expression matching is significantly slower than the plain domain filter. Hence it is only recommended for asynchronous cron or manual execution and not for live filtering. Note, that regular expression matching is significantly slower than the plain domain filter. Hence it is only recommended for asynchronous cron or manual execution and not for live filtering.
### Why is IP filtering only available as live filter? ###
As you might know, Statify does not store any personal information, including IP addresses in the database.
Because of this, an IP blacklist can only be applied while processing the request and not afterwards.
## Screenshots ## ## Screenshots ##
1. Statify Blacklist settings page 1. Statify Blacklist settings page
## Changelog ## ## Changelog ##
### 1.4.0 / work in progress ###
* IP blacklist implemented (#7)
### 1.3.1 / 09.12.2016 ### ### 1.3.1 / 09.12.2016 ###
* Continue filtering if no filter applies (#6) * Continue filtering if no filter applies (#6)

187
inc/statifyblacklist.class.php
View File

@ -10,6 +10,9 @@ defined( 'ABSPATH' ) OR exit;
* @version 1.4.0~dev * @version 1.4.0~dev
*/ */
class StatifyBlacklist { class StatifyBlacklist {
const VERSION_MAIN = 1.4;
/** /**
* Plugin options * Plugin options
* *
@ -99,12 +102,26 @@ class StatifyBlacklist {
public static function update_options( $options = null ) { public static function update_options( $options = null ) {
self::$_options = wp_parse_args( self::$_options = wp_parse_args(
get_option( 'statify-blacklist' ), get_option( 'statify-blacklist' ),
array( self::defaultOptions()
'active_referer' => 0, );
'cron_referer' => 0, }
'referer' => array(),
'referer_regexp' => 0 /**
) * Create default plugin configuration.
*
* @since 1.4.0
*
* @return array the options array
*/
protected static function defaultOptions() {
return array(
'active_referer' => 0,
'cron_referer' => 0,
'referer' => array(),
'referer_regexp' => 0,
'active_ip' => 0,
'ip' => array(),
'version' => self::VERSION_MAIN
); );
} }
@ -114,34 +131,150 @@ class StatifyBlacklist {
* @return TRUE if referer matches blacklist. * @return TRUE if referer matches blacklist.
* *
* @since 1.0.0 * @since 1.0.0
* @changed 1.3.1 * @changed 1.4.0
*/ */
public static function apply_blacklist_filter() { public static function apply_blacklist_filter() {
/* Skip if blacklist is inactive */ /* Referer blacklist */
if ( self::$_options['active_referer'] != 1 ) { if ( isset( self::$_options['active_referer'] ) && self::$_options['active_referer'] != 0 ) {
return NULL; /* Regular Expression filtering since 1.3.0 */
if ( isset( self::$_options['referer_regexp'] ) && self::$_options['referer_regexp'] > 0 ) {
/* Get full referer string */
$referer = ( isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '' );
/* Merge given regular expressions into one */
$regexp = '/' . implode( "|", array_keys( self::$_options['referer'] ) ) . '/';
if ( self::$_options['referer_regexp'] == 2 ) {
$regexp .= 'i';
}
/* Check blacklist (return NULL to continue filtering) */
return ( preg_match( $regexp, $referer ) === 1 ) ? true : null;
} else {
/* Extract relevant domain parts */
$referer = strtolower( ( isset( $_SERVER['HTTP_REFERER'] ) ? parse_url( $_SERVER['HTTP_REFERER'], PHP_URL_HOST ) : '' ) );
/* Get blacklist */
$blacklist = self::$_options['referer'];
/* Check blacklist */
if ( isset( $blacklist[ $referer ] ) ) {
return true;
}
}
} }
/* Regular Expression filtering since 1.3.0 */ /* IP blacklist (since 1.4.0) */
if ( isset(self::$_options['referer_regexp']) && self::$_options['referer_regexp'] > 0 ) { if ( isset ( self::$_options['active_ip'] ) && self::$_options['active_ip'] != 0 ) {
/* Get full referer string */ if ( ( $ip = self::getIP() ) !== false ) {
$referer = ( isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '' ); foreach ( self::$_options['ip'] as $net ) {
/* Merge given regular expressions into one */ if ( self::cidrMatch( $ip, $net ) ) {
$regexp = '/' . implode( "|", array_keys( self::$_options['referer'] ) ) . '/'; return true;
if ( self::$_options['referer_regexp'] == 2 ) { }
$regexp .= 'i'; }
} }
/* Check blacklist (return NULL to continue filtering) */ }
return (preg_match( $regexp, $referer) === 1) ? true : NULL;
} else {
/* Extract relevant domain parts */
$referer = strtolower( ( isset( $_SERVER['HTTP_REFERER'] ) ? parse_url( $_SERVER['HTTP_REFERER'], PHP_URL_HOST ) : '' ) );
/* Get blacklist */ /* Skip and continue (return NULL), if all blacklists are inactive */
$blacklist = self::$_options['referer'];
/* Check blacklist (return NULL to continue filtering) */ return null;
return isset($blacklist[ $referer]) ? true : NULL; }
/**
* Helper method to determine the client's IP address.
* If a proxy is used, the X-Real-IP or X-Forwarded-For header is checked, otherwise the default remote address.
* For performance reasons only the most common flags are checked. This might be even reduce by user configuration.
* Maybe some community feedback will ease the decision on that.
*
* @return string|bool the client's IP address or FALSE, if none could be determined
*/
private static function getIP() {
foreach (
array(
// 'HTTP_CLIENT_IP',
'HTTP_X_REAL_IP',
'HTTP_X_FORWARDED_FOR',
// 'HTTP_X_FORWARDED',
// 'HTTP_X_CLUSTER_CLIENT_IP',
// 'HTTP_FORWARDED_FOR',
// 'HTTP_FORWARDED',
'REMOTE_ADDR'
) as $k
) {
if ( isset( $_SERVER[ $k ] ) ) {
foreach ( explode( ',', $_SERVER[ $k ] ) as $ip ) {
if ( filter_var( $ip, FILTER_VALIDATE_IP ) !== false ) {
return $ip;
}
}
}
}
return false;
}
/**
* Helper function to check if an IP address matches a given subnet.
*
* @param $ip string IP address to check
* @param $net string IP address or subnet in CIDR notation
*
* @return bool TRUE, if the given IP addresses matches the given subnet
*/
private static function cidrMatch( $ip, $net ) {
if ( substr_count( $net, ':' ) > 1 ) { /* Check for IPv6 */
if ( ! ( ( extension_loaded( 'sockets' ) && defined( 'AF_INET6' ) ) || @inet_pton( '::1' ) ) ) {
return false;
}
if ( false !== strpos( $net, '/' ) ) { /* Parse CIDR subnet */
list( $base, $mask ) = explode( '/', $net, 2 );
if ( $mask < 1 || $mask > 128 ) {
return false;
}
} else {
$base = $net;
$mask = 128;
}
$bytesAddr = unpack( 'n*', @inet_pton( $base ) );
$bytesTest = unpack( 'n*', @inet_pton( $ip ) );
if ( ! $bytesAddr || ! $bytesTest ) {
return false;
}
for ( $i = 1, $ceil = ceil( $mask / 16 ); $i <= $ceil; ++ $i ) {
$left = $mask - 16 * ( $i - 1 );
$left = ( $left <= 16 ) ? $left : 16;
$maskB = ~( 0xffff >> $left ) & 0xffff;
if ( ( $bytesAddr[ $i ] & $maskB ) != ( $bytesTest[ $i ] & $maskB ) ) {
return false;
}
}
return true;
} else { /* Check for IPv4 */
if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ) {
return false;
}
if ( false !== strpos( $net, '/' ) ) { /* Parse CIDR subnet */
list( $base, $mask ) = explode( '/', $net, 2 );
if ( $mask === '0' ) {
return filter_var( $base, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 );
}
if ( $mask < 0 || $mask > 32 ) {
return false;
}
} else { /* Use single address */
$base = $net;
$mask = 32;
}
return 0 === substr_compare( sprintf( '%032b', ip2long( $ip ) ), sprintf( '%032b', ip2long( $base ) ), 0, $mask );
} }
} }
} }

36
inc/statifyblacklist_admin.class.php
View File

@ -14,22 +14,30 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
* Update options * Update options
* *
* @param $options array New options to save * @param $options array New options to save
*
* @return mixed array of sanitized array on errors, FALSE if there were none * @return mixed array of sanitized array on errors, FALSE if there were none
* @since 1.1.1 * @since 1.1.1
* @changed 1.3.0 * @changed 1.4.0
*/ */
public static function update_options( $options = null ) { public static function update_options( $options = null ) {
if ( isset( $options ) && current_user_can( 'manage_options' ) ) { if ( isset( $options ) && current_user_can( 'manage_options' ) ) {
/* Sanitize URLs and remove empty inputs */ /* Sanitize URLs and remove empty inputs */
$givenReferer = $options['referer']; $givenReferer = $options['referer'];
if ($options['referer_regexp'] == 0) if ( $options['referer_regexp'] == 0 ) {
$sanitizedReferer = self::sanitizeURLs( $givenReferer ); $sanitizedReferer = self::sanitizeURLs( $givenReferer );
else } else {
$sanitizedReferer = $givenReferer; $sanitizedReferer = $givenReferer;
}
/* Sanitize IPs and Subnets and remove empty inputs */
$givenIP = $options['ip'];
$sanitizedIP = self::sanitizeIPs( $givenIP );
/* Abort on errors */ /* Abort on errors */
if ( ! empty( array_diff( $givenReferer, $sanitizedReferer ) ) ) { if ( ! empty( array_diff( array_keys( $givenReferer ), array_keys( $sanitizedReferer ) ) ) ) {
return $sanitizedReferer; return array( 'referer' => $sanitizedReferer );
} elseif ( ! empty( array_diff( $givenIP, $sanitizedIP ) ) ) {
return array( 'ip' => array_diff( $givenIP, $sanitizedIP ) );
} }
/* Update database on success */ /* Update database on success */
@ -175,4 +183,22 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
) )
); );
} }
/**
* Sanitize IP addresses with optional CIDR notation and remove empty results
*
* @param $ips array given array of URLs
*
* @return array sanitized array
*
* @since 1.4.0
*/
private static function sanitizeIPs( $ips ) {
return array_filter( $ips, function ( $ip ) {
return preg_match('/^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'.
'(\/([0-9]|[1-2][0-9]|3[0-2]))?$/', $ip) ||
preg_match('/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'.
'(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/', $ip);
} );
}
} }

31
inc/statifyblacklist_system.class.php
View File

@ -11,8 +11,6 @@ defined( 'ABSPATH' ) OR exit;
*/ */
class StatifyBlacklist_System extends StatifyBlacklist { class StatifyBlacklist_System extends StatifyBlacklist {
const VERSION_MAIN = 1.3;
/** /**
* Plugin install handler. * Plugin install handler.
* *
@ -49,23 +47,6 @@ class StatifyBlacklist_System extends StatifyBlacklist {
} }
} }
/**
* Create default plugin configuration.
*
* @since 1.4.0
*
* @return array the options array
*/
private static function defaultOptions() {
return array(
'activate-referer' => 0,
'cron_referer' => 0,
'referer' => array(),
'referer_regexp' => 0,
'version' => self::VERSION_MAIN
);
}
/** /**
* Plugin uninstall handler. * Plugin uninstall handler.
@ -100,7 +81,7 @@ class StatifyBlacklist_System extends StatifyBlacklist {
* Upgrade plugin options. * Upgrade plugin options.
* *
* @since 1.2.0 * @since 1.2.0
* @changed 1.3.0 * @changed 1.4.0
*/ */
public static function upgrade() { public static function upgrade() {
self::update_options(); self::update_options();
@ -116,13 +97,11 @@ class StatifyBlacklist_System extends StatifyBlacklist {
} }
} }
/* Check if version is set (not before 1.3.0) */ /* Version not set (pre 1.3.0) or older than current major release */
if ( ! isset( self::$_options['version'] ) ) { if ( ! isset( self::$_options['version'] ) || self::$_options['version'] < self::VERSION_MAIN ) {
$options = self::$_options; /* Merge default options with current config, assuming only additive changes */
/* Set version */ $options = array_merge( self::defaultOptions(), self::$_options );
$options['version'] = self::VERSION_MAIN; $options['version'] = self::VERSION_MAIN;
/* Add regular expression option (as of 1.3) */
$options['referer_regexp'] = 0;
if ( ( is_multisite() && array_key_exists( STATIFYBLACKLIST_BASE, (array) get_site_option( 'active_sitewide_plugins' ) ) ) ) { if ( ( is_multisite() && array_key_exists( STATIFYBLACKLIST_BASE, (array) get_site_option( 'active_sitewide_plugins' ) ) ) ) {
update_site_option( 'statify-blacklist', $options ); update_site_option( 'statify-blacklist', $options );
} else { } else {

257
test/StatifyBlacklistTest.php
View File

@ -2,6 +2,8 @@
const ABSPATH = false; const ABSPATH = false;
require_once( '../inc/statifyblacklist.class.php' ); require_once( '../inc/statifyblacklist.class.php' );
require_once( '../inc/statifyblacklist_system.class.php' );
require_once( '../inc/statifyblacklist_admin.class.php' );
/** /**
* Class StatifyBlacklistTest * Class StatifyBlacklistTest
@ -12,7 +14,10 @@ require_once( '../inc/statifyblacklist.class.php' );
*/ */
class StatifyBlacklistTest extends PHPUnit_Framework_TestCase { class StatifyBlacklistTest extends PHPUnit_Framework_TestCase {
public function testFilter() { /**
* Test simple referer filter.
*/
public function testRefererFilter() {
/* Prepare Options: 2 blacklisted domains, disabled */ /* Prepare Options: 2 blacklisted domains, disabled */
StatifyBlacklist::$_options = array( StatifyBlacklist::$_options = array(
'active_referer' => 0, 'active_referer' => 0,
@ -21,7 +26,9 @@ class StatifyBlacklistTest extends PHPUnit_Framework_TestCase {
'example.com' => 0, 'example.com' => 0,
'example.net' => 1 'example.net' => 1
), ),
'version' => 1.3 'active_ip' => 0,
'ip' => array(),
'version' => StatifyBlacklist::VERSION_MAIN
); );
/* No multisite */ /* No multisite */
@ -56,7 +63,10 @@ class StatifyBlacklistTest extends PHPUnit_Framework_TestCase {
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() ); $this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
} }
public function testRegexFilter() { /**
* Test referer filter using regular expressions.
*/
public function testRefererRegexFilter() {
/* Prepare Options: 2 regular expressions */ /* Prepare Options: 2 regular expressions */
StatifyBlacklist::$_options = array( StatifyBlacklist::$_options = array(
'active_referer' => 1, 'active_referer' => 1,
@ -96,4 +106,243 @@ class StatifyBlacklistTest extends PHPUnit_Framework_TestCase {
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() ); $this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
} }
} /**
* Test the upgrade methodology for configuration options.
*/
public function testUpgrade() {
/* Create configuration of version 1.3 */
$options13 = array(
'active_referer' => 1,
'cron_referer' => 0,
'referer' => array(
'example.net' => 0,
'example.com' => 1
),
'referer_regexp' => 0,
'version' => 1.3
);
/* Set options in mock */
update_option( 'statify-blacklist', $options13 );
/* Execute upgrade */
StatifyBlacklist_System::upgrade();
/* Retrieve updated options */
$optionsUpdated = get_option( 'statify-blacklist' );
/* Verify size against default options (no junk left) */
$this->assertEquals( 7, sizeof( $optionsUpdated ) );
/* Verify that original attributes are unchanged */
$this->assertEquals( $options13['active_referer'], $optionsUpdated['active_referer'] );
$this->assertEquals( $options13['cron_referer'], $optionsUpdated['cron_referer'] );
$this->assertEquals( $options13['referer'], $optionsUpdated['referer'] );
$this->assertEquals( $options13['referer_regexp'], $optionsUpdated['referer_regexp'] );
/* Verify that new attributes are present in config */
$this->assertEquals( 0, $optionsUpdated['active_ip'] );
$this->assertEquals( array(), $optionsUpdated['ip'] );
/* Verify that version number has changed to current release */
$this->assertEquals( StatifyBlacklist::VERSION_MAIN, $optionsUpdated['version'] );
}
/**
* Test CIDR address matching for IP filter (#7)
*/
public function testCidrMatch() {
/* IPv4 tests */
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '127.0.0.1', '127.0.0.1' ) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '127.0.0.1', '127.0.0.1/32' ) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'127.0.0.1',
'127.0.0.1/33'
) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'127.0.0.1',
'127.0.0.1/-1'
) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'192.0.2.123',
'192.0.2.0/24'
) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'192.0.3.123',
'192.0.2.0/24'
) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'192.0.2.123',
'192.0.2.120/29'
) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'192.0.2.128',
'192.0.2.120/29'
) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '10.11.12.13', '10.0.0.0/8' ) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'10.11.12.345',
'10.0.0.0/8'
) ) );
/* IPv6 tests */
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '::1', '::1' ) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '::1', '::1/128' ) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '::1', '::1/129' ) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array( '::1', '::1/-1' ) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'2001:db8:a0b:12f0:1:2:3:4',
'2001:db8:a0b:12f0::1/64 '
) ) );
$this->assertTrue( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'2001:db8:a0b:12f0::123:456',
'2001:db8:a0b:12f0::1/96 '
) ) );
$this->assertFalse( invokeStatic( StatifyBlacklist::class, 'cidrMatch', array(
'2001:db8:a0b:12f0::1:132:465',
'2001:db8:a0b:12f0::1/96 '
) ) );
}
/**
* Test sanitization of IP addresses
*/
public function testSanitizeIPs() {
/* IPv4 tests */
$valid = array( '192.0.2.123', '192.0.2.123/32', '192.0.2.0/24', '192.0.2.128/25' );
$invalid = array( '12.34.56.789', '192.0.2.123/33', '192.0.2.123/-1' );
$result = invokeStatic( StatifyBlacklist_Admin::class, 'sanitizeIPs', array( array_merge( $valid, $invalid ) ) );
$this->assertNotFalse( $result );
$this->assertInternalType( 'array', $result );
$this->assertEquals( $valid, $result );
/* IPv6 tests */
$valid = array(
'2001:db8:a0b:12f0::',
'2001:db8:a0b:12f0::1',
'2001:db8:a0b:12f0::1/128',
'2001:db8:a0b:12f0::/64'
);
$invalid = array(
'2001:db8:a0b:12f0::x',
'2001:db8:a0b:12f0:::',
'2001:fffff:a0b:12f0::1',
'2001:db8:a0b:12f0::/129',
'1:2:3:4:5:6:7:8:9'
);
$result = invokeStatic( StatifyBlacklist_Admin::class, 'sanitizeIPs', array( array_merge( $valid, $invalid ) ) );
$this->assertNotFalse( $result );
$this->assertInternalType( 'array', $result );
$this->assertEquals( $valid, $result );
}
/**
* Test IP filter (#7).
*/
public function testIPFilter() {
/* Prepare Options: 2 blacklisted IPs, disabled */
StatifyBlacklist::$_options = array(
'active_referer' => 0,
'cron_referer' => 0,
'referer' => array(),
'active_ip' => 0,
'ip' => array(
'192.0.2.123',
'2001:db8:a0b:12f0::1'
),
'version' => StatifyBlacklist::VERSION_MAIN
);
/* No multisite */
StatifyBlacklist::$multisite = false;
/* Set matching IP */
$_SERVER['REMOTE_ADDR'] = '192.0.2.123';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
/* Activate filter */
StatifyBlacklist::$_options['active_ip'] = 1;
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
/* Try matching v6 address */
$_SERVER['REMOTE_ADDR'] = '2001:db8:a0b:12f0::1';
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
/* Non-matching addresses */
$_SERVER['REMOTE_ADDR'] = '192.0.2.234';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['REMOTE_ADDR'] = '2001:db8:a0b:12f0::2';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
/* Subnet matching */
StatifyBlacklist::$_options['ip'] = array(
'192.0.2.0/25',
'2001:db8:a0b:12f0::/96'
);
$_SERVER['REMOTE_ADDR'] = '192.0.2.123';
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['REMOTE_ADDR'] = '192.0.2.234';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['REMOTE_ADDR'] = '2001:db8:a0b:12f0::5';
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['REMOTE_ADDR'] = '2001:db8:a0b:12f0:0:1111::1';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
/* Filter using proxy header */
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['HTTP_X_FORWARDED_FOR'] = '192.0.2.123';
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['HTTP_X_REAL_IP'] = '2001:db8:a0b:12f0:0:1111::1';
$this->assertNull( StatifyBlacklist::apply_blacklist_filter() );
$_SERVER['HTTP_X_REAL_IP'] = '2001:db8:a0b:12f0:0::1';
$this->assertTrue( StatifyBlacklist::apply_blacklist_filter() );
}
}
/**
* Helper for testing inaccessible static methods
*/
function invokeStatic( $class, $methodName, $parameters = array() ) {
$reflection = new \ReflectionClass( $class );
$method = $reflection->getMethod( $methodName );
$method->setAccessible( true );
return $method->invokeArgs( null, $parameters );
}
/* Some mocked functions */
$mock_options = array();
$mock_multisite = false;
function is_multisite() {
global $mock_multisite;
return $mock_multisite;
}
function wp_parse_args( $args, $defaults = '' ) {
if ( is_object( $args ) ) {
$r = get_object_vars( $args );
} elseif ( is_array( $args ) ) {
$r =& $args;
} else {
parse_str( $args, $r );
}
if ( is_array( $defaults ) ) {
return array_merge( $defaults, $r );
}
return $r;
}
function get_option( $option, $default = false ) {
global $mock_options;
return isset( $mock_options[ $option ] ) ? $mock_options[ $option ] : $default;
}
function update_option( $option, $value, $autoload = null ) {
global $mock_options;
$mock_options[ $option ] = $value;
}

178
views/settings_page.php
View File

@ -24,21 +24,35 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
$referer = explode( "\r\n", $_POST['statifyblacklist']['referer'] ); $referer = explode( "\r\n", $_POST['statifyblacklist']['referer'] );
} }
/* Extract IP array */
if ( empty( trim( $_POST['statifyblacklist']['ip'] ) ) ) {
$ip = array();
} else {
$ip = explode( "\r\n", $_POST['statifyblacklist']['ip'] );
}
/* Update options (data will be sanitized) */ /* Update options (data will be sanitized) */
$statifyBlacklistUpdateResult = StatifyBlacklist_Admin::update_options( $statifyBlacklistUpdateResult = StatifyBlacklist_Admin::update_options(
array( array(
'active_referer' => (int) @$_POST['statifyblacklist']['active_referer'], 'active_referer' => (int) @$_POST['statifyblacklist']['active_referer'],
'cron_referer' => (int) @$_POST['statifyblacklist']['cron_referer'], 'cron_referer' => (int) @$_POST['statifyblacklist']['cron_referer'],
'referer' => array_flip( $referer ), 'referer' => array_flip( $referer ),
'referer_regexp' => (int) @$_POST['statifyblacklist']['referer_regexp'] 'referer_regexp' => (int) @$_POST['statifyblacklist']['referer_regexp'],
'active_ip' => (int) @$_POST['statifyblacklist']['active_ip'],
'ip' => $ip,
'version' => StatifyBlacklist::VERSION_MAIN
) )
); );
/* Generate messages */ /* Generate messages */
if ( $statifyBlacklistUpdateResult !== false ) { if ( $statifyBlacklistUpdateResult !== false ) {
$statifyBlacklistPostWarning = 'Some URLs are invalid and have been sanitized. Settings have not been saved yet.'; if ( array_key_exists( 'referer', $statifyBlacklistUpdateResult ) ) {
$statifyBlacklistPostWarning = __( 'Some URLs are invalid and have been sanitized.', 'statify-blacklist' );
} elseif ( array_key_exists( 'ip', $statifyBlacklistUpdateResult ) ) {
$statifyBlacklistPostWarning = sprintf( __( 'Some IPs are invalid : %s', 'statify-blacklist' ), implode( ', ', $statifyBlacklistUpdateResult['ip'] ) );
}
} else { } else {
$statifyBlacklistPostSuccess = 'Settings updated successfully.'; $statifyBlacklistPostSuccess = __('Settings updated successfully.', 'statify-blacklist');
} }
} }
} }
@ -49,73 +63,113 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
<?php <?php
if ( is_plugin_inactive( 'statify/statify.php' ) ) { if ( is_plugin_inactive( 'statify/statify.php' ) ) {
print '<div class="notice notice-warning"><p>'; print '<div class="notice notice-warning"><p>';
esc_html_e( 'Statify plugin is not active.', 'statify-blacklist' ); esc_html( 'Statify plugin is not active.');
print '</p></div>'; print '</p></div>';
} }
if ( isset( $statifyBlacklistPostWarning ) ) { if ( isset( $statifyBlacklistPostWarning ) ) {
print '<div class="notice notice-warning"><p>'; print '<div class="notice notice-warning"><p>' .
esc_html_e( $statifyBlacklistPostWarning ); esc_html( $statifyBlacklistPostWarning );
print '<br/>';
esc_html_e('Settings have not been saved yet.', 'statify-blacklist');
print '</p></div>'; print '</p></div>';
} }
if ( isset( $statifyBlacklistPostSuccess ) ) { if ( isset( $statifyBlacklistPostSuccess ) ) {
print '<div class="notice notice-success"><p>'; print '<div class="notice notice-success"><p>'.
esc_html_e( $statifyBlacklistPostSuccess ); esc_html( $statifyBlacklistPostSuccess ).
print '</p></div>'; '</p></div>';
} }
?> ?>
<form action="" method="post" id="statify-blacklist-settings"> <form action="" method="post" id="statify-blacklist-settings">
<ul style="list-style: none;"> <fieldset>
<li> <h2><?php esc_html_e( 'Referer blacklist', 'statify-blacklist' ); ?></h2>
<label for="statify-blacklist_active_referer"> <ul style="list-style: none;">
<input type="checkbox" name="statifyblacklist[active_referer]" id="statifyblacklist_active_referer" <li>
value="1" <?php checked( StatifyBlacklist::$_options['active_referer'], 1 ); ?> /> <label for="statify-blacklist_active_referer">
<?php esc_html_e( 'Activate referer blacklist', 'statify-blacklist' ); ?> <input type="checkbox" name="statifyblacklist[active_referer]" id="statifyblacklist_active_referer"
</label> value="1" <?php checked( StatifyBlacklist::$_options['active_referer'], 1 ); ?> />
</li> <?php esc_html_e( 'Activate live fiter', 'statify-blacklist' ); ?>
<li> </label>
<label for="statify-blacklist_cron_referer"> </li>
<input type="checkbox" name="statifyblacklist[cron_referer]" id="statifyblacklist_cron_referer" <li>
value="1" <?php checked( StatifyBlacklist::$_options['cron_referer'], 1 ); ?> /> <label for="statify-blacklist_cron_referer">
<?php esc_html_e( 'CronJob execution', 'statify-blacklist' ); ?> <input type="checkbox" name="statifyblacklist[cron_referer]" id="statifyblacklist_cron_referer"
<small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>)</small> value="1" <?php checked( StatifyBlacklist::$_options['cron_referer'], 1 ); ?> />
</label> <?php esc_html_e( 'CronJob execution', 'statify-blacklist' ); ?>
</li> <small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>)</small>
<li> </label>
<label for="statify-blacklist_referer_regexp"> </li>
<?php esc_html_e( 'Use regular expressions', 'statify-blacklist' ); ?>: <li>
<br /> <label for="statify-blacklist_referer_regexp">
<select name="statifyblacklist[referer_regexp]" id="statifyblacklist_referer_regexp"> <?php esc_html_e( 'Use regular expressions', 'statify-blacklist' ); ?>:
<option value="0" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 0 ); ?>> <br />
<?php esc_html_e( 'Disabled', 'statify-blacklist' ); ?> <select name="statifyblacklist[referer_regexp]" id="statifyblacklist_referer_regexp">
</option> <option value="0" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 0 ); ?>>
<option value="1" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 1 ); ?>> <?php esc_html_e( 'Disabled', 'statify-blacklist' ); ?>
<?php esc_html_e( 'Case-sensitive', 'statify-blacklist' ); ?> </option>
</option> <option value="1" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 1 ); ?>>
<option value="2" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 2 ); ?>> <?php esc_html_e( 'Case-sensitive', 'statify-blacklist' ); ?>
<?php esc_html_e( 'Case-insensitive', 'statify-blacklist' ); ?> </option>
</option> <option value="2" <?php selected( StatifyBlacklist::$_options['referer_regexp'], 2 ); ?>>
</select> <?php esc_html_e( 'Case-insensitive', 'statify-blacklist' ); ?>
<small>(<?php esc_html_e( 'Performance slower than standard domain filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>)</small> </option>
</label> </select>
</li> <small>(<?php esc_html_e( 'Performance slower than standard domain filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>)</small>
<li> </label>
<label for="statify-blacklist_referer"> </li>
<?php esc_html_e( 'Referer blacklist:', 'statify-blacklist' ); ?><br/> <li>
<textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php <label for="statify-blacklist_referer">
if ( isset( $statifyBlacklistUpdateResult ) && $statifyBlacklistUpdateResult !== false ) { <?php esc_html_e( 'Referer blacklist:', 'statify-blacklist' ); ?><br/>
print esc_html( implode( "\r\n", array_keys( $statifyBlacklistUpdateResult ) ) ); <textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php
} else { if ( isset( $statifyBlacklistUpdateResult['referer'] ) ) {
print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['referer'] ) ) ); print esc_html( implode( "\r\n", array_keys( $statifyBlacklistUpdateResult['referer'] ) ) );
} } else {
?></textarea> print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['referer'] ) ) );
<br /> }
<small> ?></textarea>
(<?php esc_html_e( 'Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist' ); ?> <br />
) <small>
</small> (<?php esc_html_e( 'Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist' ); ?>
</label> )
</li> </small>
</ul> </label>
</li>
</ul>
</fieldset>
<fieldset>
<h2><?php esc_html_e( 'IP blacklist', 'statify-blacklist' ); ?></h2>
<ul style="list-style: none;">
<li>
<label for="statify-blacklist_active_ip">
<input type="checkbox" name="statifyblacklist[active_ip]" id="statifyblacklist_active_ip"
value="1" <?php checked( StatifyBlacklist::$_options['active_ip'], 1 ); ?> />
<?php esc_html_e( 'Activate live fiter', 'statify-blacklist' ); ?>
</label>
</li>
<li>
<small>(<?php esc_html_e( 'Cron execution is not possible for IP filter, because IP addresses are not stored.', 'statify-blacklist' ); ?>)</small>
</li>
<li>
<label for="statify-blacklist_ip">
<?php esc_html_e( 'IP blacklist:', 'statify-blacklist' ); ?><br/>
<textarea cols="40" rows="5" name="statifyblacklist[ip]" id="statify-blacklist_ip"><?php
if ( isset( $statifyBlacklistUpdateResult['ip'] ) ) {
print esc_html( $_POST['statifyblacklist']['ip'] );
} else {
print esc_html( implode( "\r\n", StatifyBlacklist::$_options['ip'] ) );
}
?></textarea>
<br/>
<small>
(<?php esc_html_e( 'Add one IP address or range per line, e.g.' ) ?> 127.0.0.1,
192.168.123.0/24, 2001:db8:a0b:12f0::1/64
)
</small>
</label>
</li>
</ul>
</fieldset>
<?php wp_nonce_field( 'statify-blacklist-settings' ); ?> <?php wp_nonce_field( 'statify-blacklist-settings' ); ?>
<p class="submit"> <p class="submit">
@ -125,7 +179,7 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
value="<?php esc_html_e( 'CleanUp Database', 'statify-blacklist' ) ?>" value="<?php esc_html_e( 'CleanUp Database', 'statify-blacklist' ) ?>"
onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');"> onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');">
<br /> <br />
<small><?php esc_html_e( 'Applies filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist' ); ?></small> <small><?php esc_html_e( 'Applies referer filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist' ); ?></small>
</p> </p>
</form> </form>
</div> </div>