diff options
Diffstat (limited to 'plugins/jetpack/modules/protect.php')
| -rw-r--r-- | plugins/jetpack/modules/protect.php | 102 |
1 files changed, 64 insertions, 38 deletions
diff --git a/plugins/jetpack/modules/protect.php b/plugins/jetpack/modules/protect.php index 334439fc..09b0c81c 100644 --- a/plugins/jetpack/modules/protect.php +++ b/plugins/jetpack/modules/protect.php @@ -1,7 +1,7 @@ <?php /** * Module Name: Protect - * Module Description: Protect yourself from brute force and distributed brute force attacks, which are the most common way for hackers to get into your site. + * Module Description: Enabling brute force protection will prevent bots and hackers from attempting to log in to your website with common username and password combinations. * Sort Order: 1 * Recommendation Order: 4 * First Introduced: 3.4 @@ -12,6 +12,9 @@ * Additional Search Queries: security, jetpack protect, secure, protection, botnet, brute force, protect, login, bot, password, passwords, strong passwords, strong password, wp-login.php, protect admin */ +use Automattic\Jetpack\Constants; +use Automattic\Jetpack\Connection\Utils as Connection_Utils; + include_once JETPACK__PLUGIN_DIR . 'modules/protect/shared-functions.php'; class Jetpack_Protect_Module { @@ -139,53 +142,77 @@ class Jetpack_Protect_Module { require_once( ABSPATH . '/wp-admin/includes/plugin.php' ); } - if ( ! ( is_plugin_active_for_network( 'jetpack/jetpack.php' ) || is_plugin_active_for_network( 'jetpack-dev/jetpack.php' ) ) ) { - add_action( 'load-index.php', array ( $this, 'prepare_jetpack_protect_multisite_notice' ) ); + if ( ! is_plugin_active_for_network( plugin_basename( JETPACK__PLUGIN_FILE ) ) ) { + add_action( 'load-index.php', array( $this, 'prepare_jetpack_protect_multisite_notice' ) ); + add_action( 'wp_ajax_jetpack-protect-dismiss-multisite-banner', array( $this, 'ajax_dismiss_handler' ) ); } } } public function prepare_jetpack_protect_multisite_notice() { - add_action( 'admin_print_styles', array ( $this, 'admin_banner_styles' ) ); + $dismissed = get_site_option( 'jetpack_dismissed_protect_multisite_banner' ); + if ( $dismissed ) { + return; + } + add_action( 'admin_notices', array ( $this, 'admin_jetpack_manage_notice' ) ); } - public function admin_banner_styles() { - global $wp_styles; + public function ajax_dismiss_handler() { + check_ajax_referer( 'jetpack_protect_multisite_banner_opt_out' ); + + if ( ! current_user_can( 'manage_network' ) ) { + wp_send_json_error( new WP_Error( 'insufficient_permissions' ) ); + } - $min = ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) ? '' : '.min'; + update_site_option( 'jetpack_dismissed_protect_multisite_banner', true ); - wp_enqueue_style( 'jetpack', plugins_url( "css/jetpack-banners{$min}.css", JETPACK__PLUGIN_FILE ), false, JETPACK__VERSION ); - $wp_styles->add_data( 'jetpack', 'rtl', true ); + wp_send_json_success(); } + /** + * Displays a warning about Jetpack Protect's network activation requirement. + * Attaches some custom JS to Core's `is-dismissible` UI to save the dismissed state. + */ public function admin_jetpack_manage_notice() { - - $dismissed = get_site_option( 'jetpack_dismissed_protect_multisite_banner' ); - - if ( $dismissed ) { - return; - } - - $referer = '&_wp_http_referer=' . add_query_arg( '_wp_http_referer', null ); - $opt_out_url = wp_nonce_url( Jetpack::admin_url( 'jetpack-notice=jetpack-protect-multisite-opt-out' . $referer ), 'jetpack_protect_multisite_banner_opt_out' ); - ?> - <div id="message" class="updated jetpack-message jp-banner is-opt-in protect-error" - style="display:block !important;"> - <a class="jp-banner__dismiss" href="<?php echo esc_url( $opt_out_url ); ?>" - title="<?php esc_attr_e( 'Dismiss this notice.', 'jetpack' ); ?>"></a> - - <div class="jp-banner__content"> - <h2><?php esc_html_e( 'Protect cannot keep your site secure.', 'jetpack' ); ?></h2> - - <p><?php printf( __( 'Thanks for activating Protect! To start protecting your site, please network activate Jetpack on your Multisite installation and activate Protect on your primary site. Due to the way logins are handled on WordPress Multisite, Jetpack must be network-enabled in order for Protect to work properly. <a href="%s" target="_blank">Learn More</a>', 'jetpack' ), 'http://jetpack.com/support/multisite-protect' ); ?></p> - </div> - <div class="jp-banner__action-container is-opt-in"> - <a href="<?php echo esc_url( network_admin_url( 'plugins.php' ) ); ?>" class="jp-banner__button" - id="wpcom-connect"><?php _e( 'View Network Admin', 'jetpack' ); ?></a> - </div> + <div class="jetpack-protect-warning notice notice-warning is-dismissible" data-dismiss-nonce="<?php echo esc_attr( wp_create_nonce( 'jetpack_protect_multisite_banner_opt_out' ) ); ?>"> + <h2><?php esc_html_e( 'Jetpack Brute Force Attack Prevention cannot keep your site secure', 'jetpack' ); ?></h2> + + <p><?php esc_html_e( "Thanks for activating Jetpack's brute force attack prevention feature! To start protecting your whole WordPress Multisite Network, please network activate the Jetpack plugin. Due to the way logins are handled on WordPress Multisite Networks, Jetpack must be network activated in order for the brute force attack prevention feature to work properly.", 'jetpack' ); ?></p> + + <p> + <a class="button-primary" href="<?php echo esc_url( network_admin_url( 'plugins.php' ) ); ?>"> + <?php esc_html_e( 'View Network Admin', 'jetpack' ); ?> + </a> + <a class="button" href="<?php echo esc_url( __( 'https://jetpack.com/support/multisite-protect', 'jetpack' ) ); ?>" target="_blank"> + <?php esc_html_e( 'Learn More' ); ?> + </a> + </p> </div> + <script> + jQuery( function( $ ) { + $( '.jetpack-protect-warning' ).on( 'click', 'button.notice-dismiss', function( event ) { + event.preventDefault(); + + wp.ajax.post( + 'jetpack-protect-dismiss-multisite-banner', + { + _wpnonce: $( event.delegateTarget ).data( 'dismiss-nonce' ), + } + ).fail( function( error ) { <?php + // A failure here is really strange, and there's not really anything a site owner can do to fix one. + // Just log the error for now to help debugging. ?> + + if ( 'function' === typeof error.done && '-1' === error.responseText ) { + console.error( 'Notice dismissal failed: check_ajax_referer' ); + } else { + console.error( 'Notice dismissal failed: ' + JSON.stringify( error ) ); + } + } ) + } ); + } ); + </script> <?php } @@ -222,7 +249,6 @@ class Jetpack_Protect_Module { } // Request the key - Jetpack::load_xml_rpc_client(); $xml = new Jetpack_IXR_Client( array ( 'user_id' => get_current_user_id() ) ); @@ -438,7 +464,7 @@ class Jetpack_Protect_Module { /** * JETPACK_ALWAYS_PROTECT_LOGIN will always disable the login page, and use a page provided by Jetpack. */ - if ( Jetpack_Constants::is_true( 'JETPACK_ALWAYS_PROTECT_LOGIN' ) ) { + if ( Constants::is_true( 'JETPACK_ALWAYS_PROTECT_LOGIN' ) ) { $this->kill_login(); } @@ -840,7 +866,7 @@ class Jetpack_Protect_Module { } //Check to see if we can use SSL - $this->api_endpoint = Jetpack::fix_url_for_bad_hosts( JETPACK_PROTECT__API_HOST ); + $this->api_endpoint = Connection_Utils::fix_url_for_bad_hosts( JETPACK_PROTECT__API_HOST ); return $this->api_endpoint; } @@ -856,14 +882,14 @@ class Jetpack_Protect_Module { $uri = network_home_url(); } - $uridata = parse_url( $uri ); + $uridata = wp_parse_url( $uri ); $domain = $uridata['host']; // If we still don't have the site_url, get it if ( ! $domain ) { $uri = get_site_url( 1 ); - $uridata = parse_url( $uri ); + $uridata = wp_parse_url( $uri ); $domain = $uridata['host']; } |