Release 2.155

css/src/spbc-settings.css

@@ -1039,6 +1039,10 @@ button#spbc_setting_get_key_auto:disabled {
 	flex-wrap: nowrap;
 }
 
+#spbc-settings-general-wrapper-settings {
+	flex-grow: 1;
+}
+
 .spbc-quicknav--bar_wrapper {
 	display: flex;
 	flex-direction: column;

inc/fw-update.php

@@ -186,7 +186,7 @@ function spbc_security_firewall_update__worker($checker_work = null)
     }
 
     // This is the repeat stage request, do not generate any new RC
-    if ( stripos(Request::get('stage'), 'Repeat') !== false ) {
+    if ( stripos(Request::getString('stage'), 'Repeat') !== false ) {
         spbc_security_firewall_update_log('repeat request');
 
         return true;

inc/spbc-auth.php

@@ -58,11 +58,11 @@ function spbc_login_form_notification()
     //Return if it's not a registration page.
     $login_url = rtrim(wp_login_url(), '/');
     $server_url = rtrim(Server::getURL(), '/');
-    if ( empty(Server::get('REQUEST_SCHEME')) ) {
+    if ( empty(Server::getString('REQUEST_SCHEME')) ) {
         $login_url = preg_replace('/https?/', '', $login_url);
         $server_url = preg_replace('/https?/', '', $server_url);
     }
-    if ( strpos($server_url, $login_url) === 0 && Get::get('action') !== 'register' ) {
+    if ( strpos($server_url, $login_url) === 0 && Get::getString('action') !== 'register' ) {
         $show_notification = ( ! empty($spbc->settings['misc__show_link_in_login_form']) ? true : false );
         if ( $show_notification ) {
             $link = $spbc->settings['spbc_trusted_and_affiliate__footer']
@@ -158,7 +158,7 @@ function spbc_authenticate($user, $username)
         // Skip for ZAPIER
         if (
             spbc_is_plugin_active('zapier/zapier.php') &&
-            Server::get('REQUEST_URI') === '/wp-json/zapier/v1/token'
+            Server::get('REQUEST_URI', null, 'url') === '/wp-json/zapier/v1/token'
         ) {
             spbc_authenticate__write_log_login($user);
             return $user;
@@ -244,7 +244,7 @@ function spbc_authenticate__write_log_login($user)
             'username'     => $user->user_login,
             'event'        => spbc_authenticate__is_new_device($user) ? 'login_new_device' : 'login',
             'roles'        => $role,
-            'user_agent'   => filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'),
+            'user_agent'   => htmlspecialchars(Server::getString('HTTP_USER_AGENT')),
             'browser_sign' => spbc_authenticate__browser_sign__get_hash($user),
         )
     );
@@ -257,7 +257,7 @@ function spbc_authenticate__write_log_login($user)
  */
 function spbc_authenticate__browser_sign__create()
 {
-    $sign = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');
+    $sign = htmlspecialchars(Server::getString('HTTP_USER_AGENT'));
     $regexp = '#(Firefox|Chrome|Safari|Edge|Edg|Version)\/(\d+\.?)+#';
     $sign = preg_replace_callback(
         $regexp,
@@ -339,7 +339,8 @@ function spbc_authenticate__browser_sign__get_hash($user)
  */
 function spbc_authenticate__user_agent__set($user)
 {
-    update_user_meta($user->ID, 'spbc_user_agent', filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'));
+    $ua = htmlspecialchars(Server::getString('HTTP_USER_AGENT'));
+    update_user_meta($user->ID, 'spbc_user_agent', $ua);
 }
 
 /**
@@ -653,7 +654,7 @@ function spbc_2fa__success(\WP_User $user)
         'username'     => $user->user_login,
         'event'        => $event,
         'roles'        => reset($user->roles),
-        'user_agent'   => filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'),
+        'user_agent'   => htmlspecialchars(Server::getString('HTTP_USER_AGENT')),
         'browser_sign' => spbc_authenticate__browser_sign__get_hash($user),
         )
     );
@@ -695,7 +696,7 @@ function spbc_2fa__failed(\WP_User $user)
         'username'     => $user->user_login,
         'event'        => $event,
         'roles'        => 'administrator',
-        'user_agent'   => filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'),
+        'user_agent'   => htmlspecialchars(Server::getString('HTTP_USER_AGENT')),
         'browser_sign' => spbc_authenticate__browser_sign__get_hash($user),
         )
     );

inc/spbc-firewall.php

@@ -59,7 +59,7 @@ function spbc_firewall__check()
             'api_key'       => $spbc->api_key,
             'state'         => $spbc,
             'is_login_page' => strpos(trim(Server::getURL(), '/'), trim($login_url, '/')) === 0,
-            'is_logged_in'  => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
+            'is_logged_in'  => Cookie::getString('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
             'bf_limit'      => $spbc->settings['bfp__allowed_wrong_auths'],
             'block_period'  => $spbc->settings['bfp__block_period__5_fails'],
             'count_period'  => $spbc->settings['bfp__count_interval'], // Counting login attempts in this interval
@@ -83,7 +83,7 @@ function spbc_firewall__check()
                 'log_table'    => SPBC_TBL_TC_LOG,
                 'state'        => $spbc,
                 'api_key'      => $spbc->api_key,
-                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
+                'is_logged_in' => Cookie::getString('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
                 'store_interval' => $spbc->settings['traffic_control__autoblock_timeframe'],
                 'tc_limit'     => $spbc->settings['traffic_control__autoblock_amount'],
                 'block_period' => $spbc->settings['traffic_control__autoblock_period'],
@@ -124,7 +124,7 @@ function spbc_firewall_check_waf($firewall)
         ];
         if ( $spbc->settings['waf_blocker__enabled'] ) {
             $waf_blocker_params = [
-                'is_logged_in' => Cookie::get('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
+                'is_logged_in' => Cookie::getString('spbc_is_logged_in') === md5($spbc->data['salt'] . get_option('home')),
                 'db' => DB::getInstance(),
                 'ip_array' => $firewall->ip_array
             ];
@@ -197,7 +197,7 @@ function spbc_firewall_skip_check()
     $ip_set = empty($ip_set) ? [] : $ip_set;
     $ip_set = is_array($ip_set) ? $ip_set : [$ip_set];
     foreach ( $ip_set as $spbc_cur_ip ) {
-        if ( Cookie::get('spbc_firewall_pass_key') == md5($spbc_cur_ip . $spbc->settings['spbc_key']) ) {
+        if ( Cookie::getString('spbc_firewall_pass_key') == md5($spbc_cur_ip . $spbc->settings['spbc_key']) ) {
             return true;
         }
     }

inc/spbc-pluggable.php

@@ -76,7 +76,7 @@ function spbc_mailpoet_doing_cron()
     return (
         // MailPoet cron requests skip
         spbc_is_plugin_active('mailpoet/mailpoet.php') &&
-        Server::get('HTTP_USER_AGENT') === 'MailPoet Cron' &&
-        strpos(Server::get('REQUEST_URI'), 'mailpoet_router') !== false
+        Server::getString('HTTP_USER_AGENT') === 'MailPoet Cron' &&
+        strpos(Server::get('REQUEST_URI', null, 'url'), 'mailpoet_router') !== false
     );
 }

inc/spbc-scanner.php

@@ -180,7 +180,7 @@ function spbc_scanner_file_send($direct_call = false, $file_id = null, $do_resca
 {
     if ( ! $direct_call) {
         spbc_check_ajax_referer('spbc_secret_nonce', 'security');
-        $file_id = preg_match('@[a-zA-Z0-9]{32}@', Post::get('file_id')) ? Post::get('file_id') : null;
+        $file_id = preg_match('@[a-zA-Z0-9]{32}@', Post::getString('file_id')) ? Post::getString('file_id') : null;
     }
 
     $output = $handler::sendFile($file_id, $do_rescan);
@@ -379,7 +379,7 @@ function spbc_scanner_file_delete($direct_call = false, $file_id = null)
 
     $time_start = microtime(true);
 
-    $file_id = $direct_call ? $file_id : Post::get('file_id', 'hash');
+    $file_id = $direct_call ? $file_id : Post::getString('file_id');
     $output = spbc_scanner_file_delete_handler($file_id);
 
     $exec_time           = round(microtime(true) - $time_start);
@@ -526,7 +526,7 @@ function spbc_scanner_pscan_check_analysis_status($direct_call = false, $file_id
     // Check ajax nonce
     if ( !$direct_call ) {
         spbc_check_ajax_referer('spbc_secret_nonce', 'security');
-        $file_ids_input = Post::get('file_id', 'hash') ? (string)Post::get('file_id') : '';
+        $file_ids_input = Post::get('file_id', 'hash') ? (string)Post::getString('file_id') : '';
     }
 
     global $spbc, $wpdb;
@@ -1184,7 +1184,7 @@ function spbc_scanner_page_view($direct_call = false, $page_url = false)
 
     $page_url = $direct_call
         ? $page_url
-        : Post::get('page_url');
+        : Post::get('page_url', null, 'url');
 
     $page_content = HTTP::getContentFromURL($page_url);
 
@@ -1294,8 +1294,8 @@ function spbc_scanner_page_approve_process($action)
 
     $action = $action === 'approve' ? '1' : '0';
 
-    $page_url = Post::get('page_url');
-    $page_id = (int)Post::get('page_id');
+    $page_url = Post::get('page_url', null, 'url');
+    $page_id = Post::getInt('page_id');
 
     if (empty($page_url) || $page_id === 0 ) {
         throw new \Exception('PAGE_ID_OR_PAGE_URL_IS_EMPTY');
@@ -1762,7 +1762,7 @@ function spbc_scanner_analysis_log_delete_from_log($direct_call = false)
 
     global $wpdb;
 
-    $file_ids = Post::get('file_ids');
+    $file_ids = Post::getString('file_ids'); // validation is done in Validate::isHash method next line
     $file_ids_clean = [];
 
     if ( is_array($file_ids) ) {
@@ -1862,7 +1862,7 @@ function spbc_scanner_get_file_by_id($file_id)
  */
 function spbc_scanner_load_more_scan_logs()
 {
-    $offset = Post::get('offset');
+    $offset = Post::getInt('offset');
 
     $scan_logs = ScanningLogFacade::render(100, (int)$offset, true);
 

inc/spbc-settings.php

@@ -1300,12 +1300,12 @@ function spbc_settings__draw_elements($elems_to_draw = null, $direct_call = fals
 {
     global $spbc;
 
-    if ( ! $direct_call && Post::get('security')) {
+    if ( ! $direct_call && Post::getString('security')) {
         spbc_settings__register();
         spbc_check_ajax_referer('spbc_secret_nonce', 'security');
-        if (Post::get('tab_name')) {
+        if (Post::getString('tab_name')) {
             /** @psalm-suppress InvalidArrayOffset */
-            $elems_to_draw = array($_POST['tab_name'] => $spbc->settings__elements[ Post::get('tab_name') ]);
+            $elems_to_draw = array($_POST['tab_name'] => $spbc->settings__elements[ Post::getString('tab_name') ]);
         }
     }
 
@@ -2617,7 +2617,7 @@ function spbc_settings__create_notice_on_tab($flag_text_banner)
     switch ($flag_text_banner) {
         case 'found_critical_files': // Creates a banner with a notification if important files are found and if the banner has not already been closed
             if ($spbc->data['display_scanner_warnings']['critical'] > 0 &&
-                Cookie::get('spbct_notice-found_critical_files') != '1') {
+                Cookie::getString('spbct_notice-found_critical_files') != '1') {
                 $email = spbc_get_admin_email();
                 $website = get_home_url();
                 $text = __("There's a high probability that your website has been compromised, as critical files show signs of infection. Take action now by ordering malware removal from our experienced security specialists.", 'security-malware-firewall');
@@ -3562,7 +3562,7 @@ function spbc__analysyis_files_stats__get_html()
         $last_updated_chunk
     );
 
-    if (Post::get('sub_action') === 'give_me_html') {
+    if (Post::getString('sub_action') === 'give_me_html') {
         echo $out;
         exit;
     }
@@ -3871,11 +3871,11 @@ function spbc_list_table__get_args_by_type($table_type)
                 'sql'               => array(
                     'table'     => SPBC_TBL_SCAN_LINKS,
                     'get_array' => false,
-                    'where'     => ' WHERE domain = "' . Post::get('domain', null, 'word') . '"',
+                    'where'     => ' WHERE domain = "' . Post::getString('domain') . '"',
                 ),
                 'order_by'          => array('domain' => 'asc'),
                 'html_before'       =>
-                    sprintf(__('Links for <b>%s</b> domain.', 'security-malware-firewall'), Post::get('domain', null, 'word')) . ' '
+                    sprintf(__('Links for <b>%s</b> domain.', 'security-malware-firewall'), Post::getString('domain')) . ' '
                     . sprintf(__('%sSee all domains%s', 'security-malware-firewall'), '<a href="javascript://" onclick="spbcScannerSwitchTable(this, \'outbound_links\');">', '</a>')
                     . '<br /><br />',
                 'func_data_prepare' => 'spbc_field_scanner__prepare_data__links',
@@ -4971,8 +4971,8 @@ function spbc_get_key_auto($direct_call = false)
     $website        = parse_url(get_option('home'), PHP_URL_HOST) . parse_url(get_option('home'), PHP_URL_PATH);
     $platform       = 'wordpress';
     $user_ip        = \CleantalkSP\SpbctWP\Helpers\IP::get();
-    $timezone       = Post::get('ct_admin_timezone');
-    $language       = \CleantalkSP\Variables\Server::get('HTTP_ACCEPT_LANGUAGE');
+    $timezone       = Post::getString('ct_admin_timezone');
+    $language       = \CleantalkSP\Variables\Server::getString('HTTP_ACCEPT_LANGUAGE');
     /** @psalm-suppress RedundantCondition */
     $wpms           = SPBC_WPMS && defined('SUBDOMAIN_INSTALL') && ! SUBDOMAIN_INSTALL;
     $white_label    = false;
@@ -5068,10 +5068,10 @@ function spbc_settings__update_account_email($direct_call = false)
 
     global $spbc;
 
-    $account_email = Post::get('accountEmail');
+    $account_email = Post::getString('accountEmail'); // validation is done next line
 
     // not valid email
-    if (!$account_email || !filter_var(Post::get('accountEmail'), FILTER_VALIDATE_EMAIL)) {
+    if (!$account_email || !filter_var(Post::getString('accountEmail'), FILTER_VALIDATE_EMAIL)) {
         die(
             json_encode(
                 array(
@@ -5118,7 +5118,7 @@ function spbc_show_more_security_logs_callback()
 
     // PREPROCESS INPUT
     $args                 = spbc_list_table__get_args_by_type('security_logs');
-    $args['sql']['limit_force'] = Post::get('amount', 'int') ?: SPBC_LAST_ACTIONS_TO_VIEW;
+    $args['sql']['limit_force'] = Post::getInt('amount') ?: SPBC_LAST_ACTIONS_TO_VIEW;
 
     // OUTPUT
     $table = new ListTable($args);
@@ -5139,13 +5139,13 @@ function spbc_show_more_security_firewall_logs_callback()
     spbc_check_ajax_referer('spbc_secret_nonce', 'security');
 
     $args                 = spbc_list_table__get_args_by_type('traffic_control');
-    $args['sql']['limit'] = Post::get('amount', 'int') ?: SPBC_LAST_ACTIONS_TO_VIEW;
+    $args['sql']['limit'] = Post::getInt('amount') ?: SPBC_LAST_ACTIONS_TO_VIEW;
 
     // OUTPUT
     $table = new ListTable($args);
     $table->getData();
 
-    if (Post::get('full_refresh')) {
+    if (Post::getString('full_refresh')) {
         $table->display();
         die();
     }
@@ -5166,8 +5166,8 @@ function spbc_tc__filter_ip()
 
     spbc_check_ajax_referer('spbc_secret_nonce', 'security');
 
-    $ip = Post::get('ip');
-    $status = Post::get('status');
+    $ip = Post::getString('ip'); // validation is done next line
+    $status = Post::getString('status');
 
     if ( IP::validate($ip) === false ) {
         wp_send_json_error('IP is not correct.');