Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/litespee.../lib
File: guest.cls.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Guest vary handler for LiteSpeed Cache.
[2] Fix | Delete
*
[3] Fix | Delete
* NOTE: This file is loaded directly without WordPress, so WP functions are NOT available.
[4] Fix | Delete
*
[5] Fix | Delete
* @package LiteSpeed
[6] Fix | Delete
* @since 4.1
[7] Fix | Delete
*/
[8] Fix | Delete
[9] Fix | Delete
namespace LiteSpeed\Lib;
[10] Fix | Delete
[11] Fix | Delete
/**
[12] Fix | Delete
* Update guest vary
[13] Fix | Delete
*
[14] Fix | Delete
* @since 4.1
[15] Fix | Delete
*/
[16] Fix | Delete
class Guest {
[17] Fix | Delete
[18] Fix | Delete
const CONF_FILE = '.litespeed_conf.dat';
[19] Fix | Delete
const HASH = 'hash'; // Not set-able
[20] Fix | Delete
const O_CACHE_LOGIN_COOKIE = 'cache-login_cookie';
[21] Fix | Delete
const O_DEBUG = 'debug';
[22] Fix | Delete
const O_DEBUG_IPS = 'debug-ips';
[23] Fix | Delete
const O_UTIL_NO_HTTPS_VARY = 'util-no_https_vary';
[24] Fix | Delete
[25] Fix | Delete
/**
[26] Fix | Delete
* Client IP address.
[27] Fix | Delete
*
[28] Fix | Delete
* @var string
[29] Fix | Delete
*/
[30] Fix | Delete
private static $_ip;
[31] Fix | Delete
[32] Fix | Delete
/**
[33] Fix | Delete
* Vary cookie name.
[34] Fix | Delete
*
[35] Fix | Delete
* @var string
[36] Fix | Delete
*/
[37] Fix | Delete
private static $_vary_name = '_lscache_vary';
[38] Fix | Delete
[39] Fix | Delete
/**
[40] Fix | Delete
* Configuration array.
[41] Fix | Delete
*
[42] Fix | Delete
* @var array|false
[43] Fix | Delete
*/
[44] Fix | Delete
private $_conf = false;
[45] Fix | Delete
[46] Fix | Delete
/**
[47] Fix | Delete
* Guest Mode lists cache.
[48] Fix | Delete
*
[49] Fix | Delete
* @var array
[50] Fix | Delete
*/
[51] Fix | Delete
private $_gm_lists = [
[52] Fix | Delete
'ips' => null,
[53] Fix | Delete
'uas' => null,
[54] Fix | Delete
];
[55] Fix | Delete
[56] Fix | Delete
/**
[57] Fix | Delete
* Constructor
[58] Fix | Delete
*
[59] Fix | Delete
* @since 4.1
[60] Fix | Delete
*/
[61] Fix | Delete
public function __construct() {
[62] Fix | Delete
! defined( 'LSCWP_CONTENT_FOLDER' ) && define( 'LSCWP_CONTENT_FOLDER', dirname( __DIR__, 3 ) );
[63] Fix | Delete
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- No WP available
[64] Fix | Delete
$this->_conf = file_get_contents( LSCWP_CONTENT_FOLDER . '/' . self::CONF_FILE );
[65] Fix | Delete
if ( $this->_conf ) {
[66] Fix | Delete
$this->_conf = json_decode( $this->_conf, true );
[67] Fix | Delete
}
[68] Fix | Delete
[69] Fix | Delete
if ( ! empty( $this->_conf[ self::O_CACHE_LOGIN_COOKIE ] ) ) {
[70] Fix | Delete
self::$_vary_name = $this->_conf[ self::O_CACHE_LOGIN_COOKIE ];
[71] Fix | Delete
}
[72] Fix | Delete
}
[73] Fix | Delete
[74] Fix | Delete
/**
[75] Fix | Delete
* Update Guest vary.
[76] Fix | Delete
*
[77] Fix | Delete
* @since 4.0
[78] Fix | Delete
* @return void
[79] Fix | Delete
*/
[80] Fix | Delete
public function update_guest_vary() {
[81] Fix | Delete
// This process must not be cached
[82] Fix | Delete
// @reference https://wordpress.org/support/topic/soft-404-from-google-search-on-litespeed-cache-guest-vary-php/#post-16838583
[83] Fix | Delete
header( 'X-Robots-Tag: noindex' );
[84] Fix | Delete
header( 'X-LiteSpeed-Cache-Control: no-cache' );
[85] Fix | Delete
header( 'Cache-Control: no-store, no-cache, must-revalidate, max-age=0' );
[86] Fix | Delete
header( 'Pragma: no-cache' );
[87] Fix | Delete
[88] Fix | Delete
if ( $this->always_guest() ) {
[89] Fix | Delete
echo '[]';
[90] Fix | Delete
exit;
[91] Fix | Delete
}
[92] Fix | Delete
[93] Fix | Delete
// If contains vary already, don't reload to avoid infinite loop when parent page having browser cache
[94] Fix | Delete
if ( $this->_conf && self::has_vary() ) {
[95] Fix | Delete
echo '[]';
[96] Fix | Delete
exit;
[97] Fix | Delete
}
[98] Fix | Delete
[99] Fix | Delete
// Send vary cookie
[100] Fix | Delete
$vary = 'guest_mode:1';
[101] Fix | Delete
if ( $this->_conf && empty( $this->_conf[ self::O_DEBUG ] ) ) {
[102] Fix | Delete
$vary = md5( $this->_conf[ self::HASH ] . $vary );
[103] Fix | Delete
}
[104] Fix | Delete
[105] Fix | Delete
$expire = time() + 2 * 86400;
[106] Fix | Delete
$is_ssl = ! empty( $this->_conf[ self::O_UTIL_NO_HTTPS_VARY ] ) ? false : $this->is_ssl();
[107] Fix | Delete
setcookie( self::$_vary_name, $vary, $expire, '/', false, $is_ssl, true );
[108] Fix | Delete
[109] Fix | Delete
// phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode -- No WP available
[110] Fix | Delete
echo json_encode( [ 'reload' => 'yes' ] );
[111] Fix | Delete
exit;
[112] Fix | Delete
}
[113] Fix | Delete
[114] Fix | Delete
/**
[115] Fix | Delete
* WP's is_ssl() func
[116] Fix | Delete
*
[117] Fix | Delete
* @since 4.1
[118] Fix | Delete
* @return bool
[119] Fix | Delete
*/
[120] Fix | Delete
private function is_ssl() {
[121] Fix | Delete
// phpcs:disable WordPress.Security.ValidatedSanitizedInput -- No WP available
[122] Fix | Delete
if ( isset( $_SERVER['HTTPS'] ) ) {
[123] Fix | Delete
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
[124] Fix | Delete
return true;
[125] Fix | Delete
}
[126] Fix | Delete
[127] Fix | Delete
if ( '1' === $_SERVER['HTTPS'] ) {
[128] Fix | Delete
return true;
[129] Fix | Delete
}
[130] Fix | Delete
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && '443' === $_SERVER['SERVER_PORT'] ) {
[131] Fix | Delete
return true;
[132] Fix | Delete
}
[133] Fix | Delete
// phpcs:enable WordPress.Security.ValidatedSanitizedInput
[134] Fix | Delete
return false;
[135] Fix | Delete
}
[136] Fix | Delete
[137] Fix | Delete
/**
[138] Fix | Delete
* Check if default vary has a value
[139] Fix | Delete
*
[140] Fix | Delete
* @since 1.1.3
[141] Fix | Delete
* @access public
[142] Fix | Delete
* @return string|false
[143] Fix | Delete
*/
[144] Fix | Delete
public static function has_vary() {
[145] Fix | Delete
if ( empty( $_COOKIE[ self::$_vary_name ] ) ) {
[146] Fix | Delete
return false;
[147] Fix | Delete
}
[148] Fix | Delete
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- No WP available
[149] Fix | Delete
return $_COOKIE[ self::$_vary_name ];
[150] Fix | Delete
}
[151] Fix | Delete
[152] Fix | Delete
/**
[153] Fix | Delete
* Load Guest Mode list from file.
[154] Fix | Delete
*
[155] Fix | Delete
* Priority: cloud synced file > plugin data file
[156] Fix | Delete
*
[157] Fix | Delete
* @since 7.7
[158] Fix | Delete
* @param string $type 'ips' or 'uas'.
[159] Fix | Delete
* @return array
[160] Fix | Delete
*/
[161] Fix | Delete
private function _load_gm_list( $type ) {
[162] Fix | Delete
if ( null !== $this->_gm_lists[ $type ] ) {
[163] Fix | Delete
return $this->_gm_lists[ $type ];
[164] Fix | Delete
}
[165] Fix | Delete
[166] Fix | Delete
$this->_gm_lists[ $type ] = [];
[167] Fix | Delete
$filename = 'gm_' . $type . '.txt';
[168] Fix | Delete
[169] Fix | Delete
// Try cloud synced file first, then fallback to plugin data file
[170] Fix | Delete
$files = [
[171] Fix | Delete
LSCWP_CONTENT_FOLDER . '/litespeed/cloud/' . $filename,
[172] Fix | Delete
dirname( __DIR__ ) . '/data/' . $filename,
[173] Fix | Delete
];
[174] Fix | Delete
[175] Fix | Delete
foreach ( $files as $file ) {
[176] Fix | Delete
if ( file_exists( $file ) ) {
[177] Fix | Delete
// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- No WP available
[178] Fix | Delete
$content = file_get_contents( $file );
[179] Fix | Delete
if ( $content ) {
[180] Fix | Delete
$this->_gm_lists[ $type ] = array_filter( array_map( 'trim', explode( "\n", $content ) ) );
[181] Fix | Delete
break;
[182] Fix | Delete
}
[183] Fix | Delete
}
[184] Fix | Delete
}
[185] Fix | Delete
[186] Fix | Delete
return $this->_gm_lists[ $type ];
[187] Fix | Delete
}
[188] Fix | Delete
[189] Fix | Delete
/**
[190] Fix | Delete
* Detect if is a guest visitor or not
[191] Fix | Delete
*
[192] Fix | Delete
* @since 4.0
[193] Fix | Delete
* @return bool
[194] Fix | Delete
*/
[195] Fix | Delete
public function always_guest() {
[196] Fix | Delete
if ( empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
[197] Fix | Delete
return false;
[198] Fix | Delete
}
[199] Fix | Delete
[200] Fix | Delete
$guest_uas = $this->_load_gm_list( 'uas' );
[201] Fix | Delete
if ( $guest_uas ) {
[202] Fix | Delete
$quoted_uas = [];
[203] Fix | Delete
foreach ( $guest_uas as $v ) {
[204] Fix | Delete
$quoted_uas[] = preg_quote( $v, '#' );
[205] Fix | Delete
}
[206] Fix | Delete
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- No WP available
[207] Fix | Delete
$match = preg_match( '#' . implode( '|', $quoted_uas ) . '#i', $_SERVER['HTTP_USER_AGENT'] );
[208] Fix | Delete
if ( $match ) {
[209] Fix | Delete
return true;
[210] Fix | Delete
}
[211] Fix | Delete
}
[212] Fix | Delete
[213] Fix | Delete
$guest_ips = $this->_load_gm_list( 'ips' );
[214] Fix | Delete
if ( $this->ip_access( $guest_ips ) ) {
[215] Fix | Delete
return true;
[216] Fix | Delete
}
[217] Fix | Delete
[218] Fix | Delete
return false;
[219] Fix | Delete
}
[220] Fix | Delete
[221] Fix | Delete
/**
[222] Fix | Delete
* Check if the ip is in the range (supports CIDR notation)
[223] Fix | Delete
*
[224] Fix | Delete
* @since 1.1.0
[225] Fix | Delete
* @since 7.7 Added CIDR support
[226] Fix | Delete
* @access public
[227] Fix | Delete
* @param array $ip_list List of IPs or CIDRs.
[228] Fix | Delete
* @return bool
[229] Fix | Delete
*/
[230] Fix | Delete
public function ip_access( $ip_list ) {
[231] Fix | Delete
if ( ! $ip_list ) {
[232] Fix | Delete
return false;
[233] Fix | Delete
}
[234] Fix | Delete
if ( ! isset( self::$_ip ) ) {
[235] Fix | Delete
self::$_ip = self::get_ip();
[236] Fix | Delete
}
[237] Fix | Delete
[238] Fix | Delete
foreach ( $ip_list as $ip_entry ) {
[239] Fix | Delete
$ip_entry = trim( $ip_entry );
[240] Fix | Delete
// Check CIDR format
[241] Fix | Delete
if ( strpos( $ip_entry, '/' ) !== false ) {
[242] Fix | Delete
if ( $this->_ip_in_cidr( self::$_ip, $ip_entry ) ) {
[243] Fix | Delete
return true;
[244] Fix | Delete
}
[245] Fix | Delete
} elseif ( self::$_ip === $ip_entry ) {
[246] Fix | Delete
// Exact match
[247] Fix | Delete
return true;
[248] Fix | Delete
}
[249] Fix | Delete
}
[250] Fix | Delete
[251] Fix | Delete
return false;
[252] Fix | Delete
}
[253] Fix | Delete
[254] Fix | Delete
/**
[255] Fix | Delete
* Check if IP is within CIDR range
[256] Fix | Delete
*
[257] Fix | Delete
* @since 7.7
[258] Fix | Delete
* @access private
[259] Fix | Delete
* @param string $ip IP address to check.
[260] Fix | Delete
* @param string $cidr CIDR notation (e.g., 192.168.1.0/24).
[261] Fix | Delete
* @return bool
[262] Fix | Delete
*/
[263] Fix | Delete
private function _ip_in_cidr( $ip, $cidr ) {
[264] Fix | Delete
list( $subnet, $mask ) = explode( '/', $cidr, 2 );
[265] Fix | Delete
[266] Fix | Delete
// Mask must be numeric and > 0
[267] Fix | Delete
if ( ! is_numeric( $mask ) || $mask <= 0 ) {
[268] Fix | Delete
return false;
[269] Fix | Delete
}
[270] Fix | Delete
$mask = (int) $mask;
[271] Fix | Delete
[272] Fix | Delete
// Determine IP version and validate
[273] Fix | Delete
$is_ipv6 = filter_var( $subnet, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 );
[274] Fix | Delete
$max_mask = $is_ipv6 ? 128 : 32;
[275] Fix | Delete
$byte_len = $is_ipv6 ? 16 : 4;
[276] Fix | Delete
$ip_filter = $is_ipv6 ? FILTER_FLAG_IPV6 : FILTER_FLAG_IPV4;
[277] Fix | Delete
[278] Fix | Delete
if ( ! filter_var( $ip, FILTER_VALIDATE_IP, $ip_filter ) ) {
[279] Fix | Delete
return false;
[280] Fix | Delete
}
[281] Fix | Delete
[282] Fix | Delete
if ( $mask > $max_mask ) {
[283] Fix | Delete
return false;
[284] Fix | Delete
}
[285] Fix | Delete
[286] Fix | Delete
$ip_bin = inet_pton( $ip );
[287] Fix | Delete
$subnet_bin = inet_pton( $subnet );
[288] Fix | Delete
[289] Fix | Delete
if ( false === $ip_bin || false === $subnet_bin ) {
[290] Fix | Delete
return false;
[291] Fix | Delete
}
[292] Fix | Delete
[293] Fix | Delete
// Build mask
[294] Fix | Delete
$full_bytes = (int) ( $mask / 8 );
[295] Fix | Delete
$rem_bits = $mask % 8;
[296] Fix | Delete
[297] Fix | Delete
$mask_bin = str_repeat( "\xff", $full_bytes );
[298] Fix | Delete
if ( $rem_bits > 0 ) {
[299] Fix | Delete
$mask_bin .= chr( 0xff << ( 8 - $rem_bits ) );
[300] Fix | Delete
}
[301] Fix | Delete
$mask_bin = str_pad( $mask_bin, $byte_len, "\x00" );
[302] Fix | Delete
[303] Fix | Delete
return ( $ip_bin & $mask_bin ) === ( $subnet_bin & $mask_bin );
[304] Fix | Delete
}
[305] Fix | Delete
[306] Fix | Delete
/**
[307] Fix | Delete
* Get client ip
[308] Fix | Delete
*
[309] Fix | Delete
* @since 1.1.0
[310] Fix | Delete
* @since 1.6.5 changed to public
[311] Fix | Delete
* @access public
[312] Fix | Delete
* @return string
[313] Fix | Delete
*/
[314] Fix | Delete
public static function get_ip() {
[315] Fix | Delete
$_ip = '';
[316] Fix | Delete
if ( function_exists( 'apache_request_headers' ) ) {
[317] Fix | Delete
$apache_headers = apache_request_headers();
[318] Fix | Delete
$_ip = ! empty( $apache_headers['True-Client-IP'] ) ? $apache_headers['True-Client-IP'] : false;
[319] Fix | Delete
if ( ! $_ip ) {
[320] Fix | Delete
$_ip = ! empty( $apache_headers['X-Forwarded-For'] ) ? $apache_headers['X-Forwarded-For'] : false;
[321] Fix | Delete
$_ip = explode( ',', $_ip );
[322] Fix | Delete
$_ip = $_ip[0];
[323] Fix | Delete
}
[324] Fix | Delete
}
[325] Fix | Delete
[326] Fix | Delete
if ( ! $_ip ) {
[327] Fix | Delete
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- No WP available
[328] Fix | Delete
$_ip = ! empty( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : '';
[329] Fix | Delete
}
[330] Fix | Delete
return $_ip;
[331] Fix | Delete
}
[332] Fix | Delete
}
[333] Fix | Delete
[334] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function