plugin_name = $plugin_name; $this->version = $version; } public function get_plugin_name() { return $this->plugin_name; } public function add_submenu_page() { add_submenu_page('upload.php', $this->plugin_name, 'Protect Uploads ', 'manage_options', $this->plugin_name . '-settings-page', array($this, 'render_settings_page')); } public function verify_settings_page() { if(!isset($_POST['protect-uploads_nonce'])) { return; } if(!wp_verify_nonce($_POST['protect-uploads_nonce'], 'submit_form')) { return; } if(!current_user_can('manage_options')) { return; } if(!check_admin_referer('submit_form', 'protect-uploads_nonce')) { return; } if (isset($_POST['submit']) && isset($_POST['protection'])) { $this->save_form(sanitize_text_field($_POST['protection'])); } } public function render_settings_page() { ?>
display_messages(); ?>

Protect Uploads

check_uploads_is_protected() === true) { ?> plugin_name); ?> plugin_name); ?>

get_uploads_protection_message_array(); foreach ($file_messages as $file_message) { ?>

plugin_name); ?> check_uploads_is_protected() === false) { ?>

check_protective_file_removable() && $this->check_uploads_is_protected() ) { ?>
check_protective_file('index.html') === true) { ?>

plugin_name) ?>

plugin_name); ?> plugin_name); ?> plugin_name); ?>.

support page.', $this->plugin_name); ?>

plugin_name), 'primary') ?>
Like this plugin?

Rate it to show your support!

plugin_name, plugin_dir_url(__FILE__) . 'assets/css/protect-uploads-admin.css', array(), $this->version, 'all'); } public function add_settings_link($links) { $settings_link = '' . __('Settings') . ''; array_unshift($links, $settings_link); return $links; } public function get_uploads_dir() { $uploads_dir = wp_upload_dir(); return $uploads_dir['basedir']; } public function get_uploads_url() { $uploads_dir = wp_upload_dir(); return $uploads_dir['baseurl']; } public function get_uploads_subdirectories() { return [self::get_uploads_dir()]; } public function save_form($protection) { if ($protection == 'index_php') { $this->create_index(); } if ($protection == 'htaccess') { $this->create_htaccess(); } if ($protection == 'remove') { $this->remove_index(); $this->remove_htaccess(); } } // used to check if the current htaccess has been generated by the plugin public function get_htaccess_identifier() { return "[plugin_name=" . $this->plugin_name . "]"; } public function create_index() { // check if index php does not exists if (self::check_protective_file('index.php') === false) { $indexContent = "get_plugin_name() . " Plugin\n"; $htaccessContent .= "\tOptions -Indexes\n"; $htaccessContent .= "# [date={$date}] [php={$phpv}] " . self::get_htaccess_identifier() . " [version={$this->version}]\n"; $htaccessContent .= "# END " . $this->get_plugin_name() . " Plugin\n"; // if htaccess does NOT exist yet if (self::check_protective_file('.htaccess') === false) { // try to create and save the new htaccess file if (!file_put_contents(self::get_uploads_dir() . '/' . '.htaccess', $htaccessContent)) { self::register_message('Impossible to create or modified the htaccess file.', 'error'); } else { self::register_message('The htaccess file has been created.'); } } else { // if content added to existing htaccess if (file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, FILE_APPEND | LOCK_EX)) { self::register_message('The htaccess file has been updated.'); } else { self::register_message('The existing htaccess file couldn\'t be updated. Please check file permissions.', 'error'); } } } public function remove_index() { $i = 0; foreach (self::get_uploads_subdirectories() as $subDirectory) { if (file_exists($subDirectory . '/index.php')) { unlink($subDirectory . '/index.php'); $i++; } } if ($i == count(self::get_uploads_subdirectories())) { self::register_message('The index.php file(s) have(has) been deleted.'); } } public function remove_htaccess() { if (file_exists(self::get_uploads_dir() . '/.htaccess')) { $htaccessContent = file_get_contents(self::get_uploads_dir() . '/.htaccess'); $htaccessContent = preg_replace('/(# BEGIN protect-uploads Plugin)(.*?)(# END protect-uploads Plugin)/is', '', $htaccessContent); file_put_contents(self::get_uploads_dir() . '/.htaccess', $htaccessContent, LOCK_EX); // if htaccess is empty, we remove it. if (strlen(preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "", file_get_contents(self::get_uploads_dir() . '/.htaccess'))) == 0) { unlink(self::get_uploads_dir() . '/.htaccess'); } // self::register_message('The htaccess file has been updated.'); } } public function get_protective_files_array() { $uploads_files = ['index.php', 'index.html', '.htaccess']; $response = []; foreach ($uploads_files as $file) { if (file_exists(self::get_uploads_dir() . '/' . $file)) { $response[] = $file; } } return $response; } public function check_protective_file($file) { if (in_array($file, self::get_protective_files_array())) { return true; } else { return false; } } public function get_uploads_root_response_code() { $response = wp_remote_get( self::get_uploads_url() ); $code = wp_remote_retrieve_response_code($response); return $code; } public function get_htaccess_content() { return file_get_contents(self::get_uploads_dir() . '/.htaccess'); } public function check_htaccess_is_self_generated() { if (self::check_protective_file('.htaccess') && preg_match('/' . self::get_htaccess_identifier() . '/', self::get_htaccess_content())) { return true; } else { return false; } } // heart? <3 public function check_uploads_is_protected() { foreach (self::get_protective_files_array() as $file) { if ($file === 'index.html') { return true; break; } if ($file === 'index.php') { return true; break; } if ($file === '.htaccess' && self::get_uploads_root_response_code() === 200) { return false; break; } } if (self::get_uploads_root_response_code() === 403) { return true; } else { return false; } } public function check_protective_file_removable() { if( self::check_protective_file('index.html') ) { return false; } elseif( self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403 ) { return false; } else { return true; } } public function get_uploads_protection_message_array() { $response = []; foreach (self::get_protective_files_array() as $file) { if ($file === '.htaccess' && self::get_uploads_root_response_code() === 403) { $response[] = ' ' . __('.htaccess file is present and access to uploads directory returns 403 code.', $this->plugin_name); } if ($file === 'index.php') { $response[] = ' ' . __('index.php file is present.', $this->plugin_name); } if ($file === 'index.html') { $response[] = ' ' . __('index.html file is present.', $this->plugin_name); } } if (self::check_protective_file('.htaccess') === true && self::get_uploads_root_response_code() === 200) { $response[] = ' ' . __('.htaccess file is present but not protecting uploads directory.', $this->plugin_name); } if (self::check_protective_file('.htaccess') === false && self::get_uploads_root_response_code() === 403) { $response[] = ' ' . __('Access to uploads directory is protected (403) with a global .htaccess or another global declaration.', $this->plugin_name); } return $response; } public function check_apache() { if (!function_exists('apache_get_modules')) { self::register_message('The Protect Uploads plugin cannot work without Apache. Yourself or your web host has to activate this module.'); } } public function register_message($message, $type = 'updated', $id = 0) { $this->messages['apache'][] = array( 'message' => __($message, $this->plugin_name), 'type' => $type, 'id' => $id ); } public function display_messages() { foreach ($this->messages as $name => $messages) { foreach ($messages as $message) { return '

' . $message['message'] . '

'; } } } }