....................................../////.===Shadow-Here===./////................................................ > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < > < ------------------------------------------------------------------------------------------------------------------- /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// RIFF¤ WEBPVP8 ˜ ðÑ *ôô>‘HŸK¥¤"§£±¨àð enü¹%½_F‘åè¿2ºQú³íªú`N¿­3ÿƒügµJžaÿ¯ÿ°~¼ÎùnúîÞÖô•òíôÁÉß®Sm¥Ü/ ‡ó˜f£Ùà<˜„xëJ¢Ù€SO3x<ªÔ©4¿+ç¶A`q@Ì“Úñè™ÍÿJÌ´ª-˜ÆtÊÛL]Ïq*‘Ý”ì#ŸÌÏãY]@ê`¿ /ªfkØB4·®£ó z—Üw¥Pxù–ÞLШKÇN¾AkÙTf½è'‰g gÆv›Øuh~ a˜Z— ïj*á¥t d£“uÒ ¨`K˜¹ßþ]b>˜]_ÏÔ6W—è2r4x•íÖ…"ƒÖNîä!¦å Ú}ýxGøÌ —@ ;ÆÚŠ=ɾ1ý8lªË¥ô ^yf®Œ¢u&2©nÙÇ›ñÂñŒ³ aPo['½»øFùà­+4ê“$!lövlüÞ=;N®3ð‚õ›DÉKòÞ>ÄÍ ¥ˆuߤ#ˆ$6ù™¥îŠ‡y’ÍB¼ çxÛ;X"WL£R÷͝*ó-¶Zu}º.s¸sšXqù–DþÿvªhüïwyŸ ¯é³lÀ:KCûÄ£Ëá\…­ ~—ýóî ¼ûûÜTÓüÇy…ŽÆvc»¾×U ñ¸žþоP÷¦ó:Ò¨¨5;Ð#&#ÖúñläÿÁœ GxÉ­/ñ‡áQðìYÉtÒwŽ¼GÔ´zàÒò ð*ëzƒ•4~H]Ø‹f ñÓÈñ`NåWçs'ÆÏW^ø¹!XžµmQ5ÃËoLœÎ: ÞËÍ¥J ù…î èo£ßPÎñ¶ž8.Œ]ʵ~5›ÙË-ù*8ÙÖß±~ ©¹rÓê‚j¶d¸{^Q'˜±Crß ÚH—#¥¥QlÀ×ëã‡DÜ«èî þ&Çæžî;ŽÏºò6ÒLÃXy&ZŒ'j‚¢Ù€IßÚù+–MGi‰*jE€‘JcÜ ÓÌ EÏÚj]o˜ Þr <¾U ûŪæÍ/šÝH¥˜b”¼ ÁñßX GP›ï2›4WŠÏà×£…íÓk†¦H·ÅíMh–*nó÷à]ÁjCº€b7<ب‹¨5車bp2:Á[UªM„QŒçiNMa#<5›áËó¸HýÊ"…×Éw¹¦ì2º–x<›»a±¸3Weü®FÝ⑱ö–î–³|LPÈ~çð~Çå‡|º kD¢µÏàÆAI %1À% ¹Ò – ”ϝS¦‰4&¶£°à Öý”û_Ò Áw°A«Å€?mÇÛgHÉ/8)á¾ÛìáöŽP í¨PŸNÙµº¦‡§Ùš"ÿ«>+ªÕ`Ê÷‡‚ß Õû˜þãÇ-PÍ.¾XV‘€ dÜ"þ4¹ ±Oú‘©t¥¦FªÄÃÄ•b‚znýu½—#cDs˜ÃiÑOˆñ×QO=*IAÊ,¶ŽZƒ;‡wøXè%EÐk:F±Ú” .Ѽ+Áu&Ç`."pÈÉw o&¿dE6‘’EqTuK@Ì¥ã™À(Êk(h‰,H}RÀIXÛš3µ1©_OqÚÒJAñ$ÊÙÜ;D3çŒ[þùœh¬Ã³™ö6ç†NY".Ú‰ï[ªŸŒ '²Ð öø_¨ÂÉ9u鶳ÒŠõTàîMØ#û¯gN‡bÙ놚X„ö …ÉeüÌ^J ‹€.œ$Æ)βÄeæW#óüßĺŸ€ ÀzwV 9oä»f4V*uB «Ë†¹ì¯žR霓æHXa=&“I4K;¯ç‹h×·"UŠ~<•â•ªVêª&ÍSÃÆÅ?ÔqÎ*mTM ˜›µwêd#[C¡©§‘D<©àb†–ÁœøvH/,í:¯( ²£|4-„Æövv„Yͼ™^Á$ˆ„¢Û[6yB.åH*V¨æ?$=˜Ñ€•î¦ñ·­(VlŸ‘ nÀt8W÷´Bûba?q9ú¶Xƒl«ÿ\ù¶’þòUÐj/õ¢Ìµ³g$ƒÎR!¸»|Oߍë’BhîÚÑ¢ñåŒJ„®„£2Ð3•ô02Nt…!£Í]Ïc½Qÿ?ˆ<&ÃA¾Ú,JˆijÌ#5yz„‰Î|ÊŽ5QÏ:‹ÐaóVÔxW—CpeÏzÐïíçôÿÅ_[hãsÐ_/ŽTÝ?BîˆííV$<¿i>²F¬_Eß¿ †bÊŒº­ÿ®Z H“C}”¬,Mp ý/Bá£w>˜YV°aƒúh+cŠ- r/[%|üUMHäQ°X»|û/@|°¥Ð !BÔ Ç¢Ä©š+Õì D«7ìN¶ŽðÔ " ƶ’ÖçtA‰Û×}{tþz­¾GÍ›k¹OEJR$ Â׃ «ëÁ"oÉôž$oUK(Ä)Ãz³Ê-‹êN[Ò3Œñbï8P 4ƒ×q¢bo|?<ÛX¬òÄÍ°L–±›(™ûG?ýË©ÚÄ–ÂDØÐ_Ç¡ô ¾–ÄÏø ×e8Ë©$ÄF¹Å‹ì[©óìl:F¾f´‹‹Xì²ï®\¬ôùƒ ÿat¥óèÒùHß0äe‚;ü×h:ÆWðHž=Ã8骣"kœ'Y?³}Tûè€>?0l›e1Lòñ„aæKÆw…hÖŠùW…ÈÆÄ0ši·›[pcwËþñiêíY/~-Á5˜!¿†A›™Mÿþ(±“t@â“ö2­´TG5yé]çå僳 .·ÍïçÝ7UÚ±Ð/Nè»,_Ï ùdj7\ï Wì4›„»c¸àešg#ÒÊ⥭áØo5‘?ÌdÝô¯ ¹kzsƒ=´#ëÉK›Ø´±-¥eW?‡çßtòTã…$Ý+qÿ±ƒ÷_3Ô¥í÷:æ–ž<·Ö‡‰Å¢ š‡%Ô—utÌÈìðžgÖÀz²À—ï÷Óîäõ{K'´È÷³yaÏÁjƒô}ž§®æÊydÕÈë5¯èˆõvÕ©ã*çD„ “z„Ó‡^^xÂ3M§A´JG‚öï 3W'ˆ.OvXè¡ÊÕª?5º7†˜(˜Ç¶#çê’¶!ÌdZK§æ 0fãaN]òY³RV ™î$®K2R¨`W!1Ôó\;Ý ýB%qæK•&ÓÈe9È0êI±žeŸß -ú@žQr¦ ö4»M¼Áè¹µmw 9 EÆE_°2ó„ŸXKWÁ×Hóì^´²GѝF©óäR†¦‰ç"V»eØ<3ùd3ÿÚ¤Žú“Gi" —‘_ÙËÎ~Üö¯¥½Î»üŸEÚŽåmÞþí ;ÞólËΦMzA"Âf(´òá;Éï(/7½ûñÌ­cïÕçлþÝz¾-ÍvÑ“pH­–ðÓj$¸Äû¤‚‘ãUBË-n“2åPkS5&‹Â|+g^œ®Ì͆d!OïäîU«c;{Û!ÅŽ«ëZ9Ókóˆ]¯ƒ›né `ÇÒ+tÆš (ØKá¾—=3œ®•vuMñg²\ï Ec€ 05±d™‡×iÇ×›UúvÌ¢£Èþ¡ÕØô¶ßÎA"ß±#Ö²ˆÊŸ¦*Ä~ij|àø.-¼'»Ú¥£h ofº¦‡VsR=N½„Î v˜Z*SÌ{=jÑB‹tê…;’HžH¯8–îDù8ñ¢|Q•bÛçš–‹m³“ê¨ åÏ^m¬Žãþ©ïêO‡½6] µÆ„Ooòü ²x}N¦Ë3ïé¿»€›HA˜m%çÞ/¿í7Fø“‹léUk)É°Œµ8Q8›:ÀŠeT*šõ~ôڝG6 ¢}`ùH­–”¡k ‰P1>š†®9z11!X wKfmÁ¦xÑ,N1Q”–æB¶M…ÒÃv6SMˆhU¬ÊPŽï‘öj=·CŒ¯u¹ƒVIЃsx4’ömÛýc塶7ßŠß 57^\wÒÐÆ k§h,Œý î«q^R½3]J¸ÇðN ‚çU¬ôº^Áì} ³f©Õœ§ˆã:FÄÈ‚é(€™?àýÓüè1Gô£¼éj‚OÅñ  #>×—ßtà 0G¥Åa뀐kßhc™À_ÉñÞ#±)GD" YîäË-ÿÙ̪ ¹™a¯´¢E\ÝÒö‚;™„ë]_ p8‰o¡ñ+^÷ 3‘'dT4œŽ ðVë½° :¬víÑ«£tßÚS-3¶“þ2 †üüʨòrš¹M{É_¤`Û¨0ìjœøJ‡:÷ÃáZ˜†@GP&œÑDGÏs¡þ¦þDGú‘1Yá9Ôþ¼ ûø…§÷8&–ÜÑnÄ_m®^üÆ`;ÉVÁJ£?â€-ßê}suÍ2sõA NÌúA磸‘îÿÚ»ƒìö·á¿±tÑÐ"Tÿü˜[@/äj¬€uüªìù¥Ý˜á8Ý´sõj 8@rˆð äþZÇD®ÿUÏ2ùôõrBzÆÏÞž>Ì™xœ“ wiÎ×7_… ¸ \#€MɁV¶¥üÕÿPÔ9Z‡ø§É8#H:ƒ5ÀÝå9ÍIŒ5åKÙŠ÷qÄ>1AÈøžj"µÂд/ªnÀ qªã}"iŸBå˜ÓÛŽ¦…&ݧ;G@—³b¯“•"´4í¨ôM¨åñC‹ïùÉó¯ÓsSH2Ý@ßáM‡ˆKÀªÛUeø/4\gnm¥‹ŸŒ qÄ b9ÞwÒNÏ_4Ég³ú=܆‚´ •â¥õeíþkjz>éÚyU«Íӝ݃6"8/ø{=Ô¢»G¥ äUw°W«,ô—¿ãㆅү¢³xŠUû™yŒ (øSópÐ 9\åTâ»—*oG$/×ÍT†Y¿1¤Þ¢_‡ ¼ „±ÍçèSaÓ 3ÛMÁBkxs‰’R/¡¤ˆÙçª(*õ„üXÌ´ƒ E§´¬EF"Ù”R/ÐNyÆÂ^°?™6¡œïJ·±$§?º>ÖüœcNÌù¯G ‹ñ2ŠBB„^·úìaz¨k:#¨Æ¨8LÎõލ£^§S&cŒÐU€ü(‡F±Š¼&P>8ÙÁ ‰ p5?0ÊƃZl¸aô š¼¡}gÿ¶zÆC²¹¬ÎÖG*HB¡O<º2#ñŒAƒ–¡B˜´É$¥›É:FÀÔx¾u?XÜÏÓvN©RS{2ʈãk9rmP¼Qq̳ è¼ÐFׄ^¡Öì fE“F4A…!ì/…¦Lƒ… … $%´¾yã@CI¬ á—3PþBÏNÿ<ý°4Ü ËÃ#ØÍ~âW«rEñw‹eùMMHß²`¬Öó½íf³:‹k˜¯÷}Z!ã¿<¥,\#öµÀ¯aÒNÆIé,Ћ–lŽ#Àæ9ÀÒS·I’½-Ïp Äz¤Š Â* ­íÄ9­< h>׍3ZkËU¹§˜ŒŠ±f­’¤º³Q ÏB?‹#µíÃ¥®@(Gs«†vI¥Mµ‹Á©e~2ú³ÁP4ìÕi‚²Ê^ö@-DþÓàlÜOÍ]n"µã:žpsŽ¢:! Aõ.ç~ÓBûH÷JCÌ]õVƒd «ú´QÙEA–¯¯Œ!.ˆˆëQ±ù œ·Ì!Õâ )ùL„ÅÀlÚè5@B…o´Æ¸XÓ&Û…O«˜”_#‡ƒ„ûÈt!¤ÁÏ›ÎÝŠ?c9 â\>lÓÁVÄÑ™£eØY]:fÝ–—ù+p{™ðè û³”g±OƒÚSù£áÁÊ„ä,ï7š²G ÕÌBk)~ÑiCµ|h#u¤¶îK¨² #²vݯGãeÖ϶ú…¾múÀ¶þÔñ‚Š9'^($¤§ò “š½{éúp÷J›ušS¹áªCÂubÃH9™D™/ZöØÁ‡¦ÝÙŸ·kð*_”.C‹{áXó€‡c¡c€§/šò/&éš÷,àéJþ‰X›fµ“C¨œ®r¬"kL‰Â_q…Z–.ÉL~O µ›zn‚¹À¦Öª7\àHµšÖ %»ÇníV[¥*Õ;ƒ#½¾HK-ÖIÊdÏEÚ#=o÷Óò³´Š: Ç?{¾+9›–‘OEáU·S€˜j"ÄaÜ ŒÛWt› á–c#a»pÔZÞdŽtWê=9éöÊ¢µ~ ë ;Öe‡Œ®:bî3±ýê¢wà¼îpêñ¹¾4 zc¾ðÖÿzdêŒÑÒŝÀ‰s6¤í³ÎÙB¿OZ”+F¤á‡3@Ñëäg©·Ž ˆèª<ù@É{&S„œÕúÀA)‰h:YÀ5^ÂÓŒ°õäU\ ùËÍû#²?Xe¬tu‰^zÒÔãë¼ÛWtEtû …‚g¶Úüâî*moGè¨7%u!]PhÏd™Ý%Îx: VÒ¦ôÊD3ÀŽKÛËãvÆî…N¯ä>Eró–ð`5 Œ%u5XkñÌ*NU%¶áœÊ:Qÿú»“úzyÏ6å-၇¾ ´ ÒÊ]y žO‘w2Äøæ…H’²f±ÎÇ.ª|¥'gîV•Ü .̘¯€šòü¤U~Ù†*¢!?ò wý,}´°ÔÞnïoKq5µb!áÓ3"vAßH¡³¡·G(ÐÎ0Îò¼MG!/ài®@—¬04*`…«é8ªøøló“ˆÊ”èù¤…ßÊoÿé'ËuÌÖ5×È¡§ˆˆfŽë9}hìâ_!!¯  B&Ëö¶‰ÀAÙNVŸ Wh›¸®XÑJì¨ú“¿÷3uj²˜¨ÍÎìë±aúŠÝå¯ð*Ó¨ôJ“yºØ)m°WýOè68†ŸÏ2—‰Ïüꪫٚ¥‹l1 ø ÏÄFjêµvÌbü¦èÝx:X±¢H=MÐß—,ˆÉÇ´(9ú¾^ÅÚ4¿m‡$âX‘å%(AlZo@½¨UOÌÕ”1ø¸jÎÀÃÃ_ µ‘Ü.œº¦Ut: Æï’!=¯uwû#,“pþÇúŒø(é@?³ü¥‘Mo §—s@Œ#)§ŒùkL}NOÆêA›¸~r½¼ÙA—HJ«eˆÖ´*¡ÓpÌŸö.m<-"³ûÈ$¬_6­åf£ïÚâj1y§ÕJ½@dÞÁr&Í\Z%D£Íñ·AZ Û³øüd/ªAi†/Й~  ‡âĮҮÏh§°b—›Û«mJžòG'[ÈYýŒ¦9psl ýÁ ®±f¦x,‰½tN ‚Xª9 ÙÖH.«Lo0×?͹m¡å†Ѽ+›2ƒF ±Ê8 7Hցϓ²Æ–m9…òŸï]Â1äN†VLâCˆU .ÿ‰Ts +ÅÎx(%¦u]6AF Š ØF鈄‘ |¢¶c±soŒ/t[a¾–û:s·`i햍ê›ËchÈ…8ßÀUÜewŒðNOƒõD%q#éû\9¤x¹&UE×G¥ Í—™$ð E6-‡¼!ýpãÔM˜ Âsìe¯ñµK¢Ç¡ùôléœ4Ö£”À Š®Ðc ^¨À}ÙËŸ§›ºê{ÊuÉC ×Sr€¤’fÉ*j!úÓ’Gsùìoîßîn%ò· àc Wp÷$¨˜)û»H ×8ŽÒ€Zj¤3ÀÙºY'Ql¦py{-6íÔCeiØp‘‡XÊîÆUߢ܂ž£Xé¼Y8þ©ëgñß}é.ÎógÒ„ÃØËø¯»™§Xýy M%@NŠ À(~áÐvu7&•,Ù˜ó€uP‡^^®=_E„jt’ 403WebShell
403Webshell
Server IP : 104.21.3.15  /  Your IP : 104.23.197.86
Web Server : Apache
System : Linux host6.northwind.al 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : elettreviso ( 1011)
PHP Version : 8.1.31
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/elettreviso/public_html/wp-content/plugins/really-simple-ssl/security/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/elettreviso/public_html/wp-content/plugins/really-simple-ssl/security/tests.php
<?php
defined( 'ABSPATH' ) or die();

/**
 * Check if XML-RPC requests are allowed on this site
 * POST a request, if the request returns a 200 response code the request is allowed
 */
function rsssl_xmlrpc_allowed()
{
	$allowed = get_transient( 'rsssl_xmlrpc_allowed' );
	if ( !$allowed ) {
		$allowed = 'allowed';
		if ( function_exists( 'curl_init' ) ) {
			//set a default, in case of time out
			set_transient( 'rsssl_xmlrpc_allowed', 'no-response', DAY_IN_SECONDS );
			$url = site_url() . '/xmlrpc.php';
			$ch = curl_init($url);
			// XML-RPC listMethods call
			// Valid XML-RPC request
			$xmlstring = '<?xml version="1.0" encoding="utf-8"?> 
                            <methodCall>
                            <methodName>system.listMethods</methodName>
                            <params></params>
                            </methodCall>';

			curl_setopt($ch, CURLOPT_POST, 1);
			curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
			curl_setopt($ch, CURLOPT_HEADER, 1);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			// Post string
			curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlstring );
			curl_setopt($ch, CURLOPT_TIMEOUT, 3); //timeout in seconds
			curl_exec($ch);
			$response_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
			if ($response_code === 200) {
				$allowed = 'allowed';
			} else {
				$allowed = 'not-allowed';
			}
		}
		set_transient( 'rsssl_xmlrpc_allowed', $allowed, DAY_IN_SECONDS );
	}
	return $allowed === 'allowed';
}

/**
 * @return bool
 * Test if HTTP methods are allowed
 */
function rsssl_http_methods_allowed()
{
	if ( ! rsssl_user_can_manage() ) {
		return false;
	}

	$methods = [
		'GET',
		'POST',
		'PUT',
		'DELETE',
		'HEAD',
		'OPTIONS',
		'CONNECT',
		'TRACE',
		'TRACK',
		'PATCH',
		'COPY',
		'LINK',
		'UNLINK',
		'PURGE',
		'LOCK',
		'UNLOCK',
		'PROPFIND',
		'VIEW',
	];
	$tested = get_option( 'rsssl_http_methods_allowed' );

	#if the option was reset, start couting from 0
	if ( !$tested ){
		delete_option('rsssl_last_tested_http_method');
	}
	$last_tested = get_option('rsssl_last_tested_http_method', -1);

	$nr_of_tests_on_batch = 4;
	if ( !$tested || ( $last_tested < count($methods)-1 ) ) {
		$tested = get_option( 'rsssl_http_methods_allowed', [] );
		$next_test = $last_tested+1;

		$test_methods = array_slice($methods, $next_test, $nr_of_tests_on_batch, true);
		update_option('rsssl_last_tested_http_method', $last_tested+$nr_of_tests_on_batch, false);

		foreach ( $test_methods as $method ) {
			#set a default, in case a timeout occurs
			$tested['not-allowed'][] = $method;
			update_option( 'rsssl_http_methods_allowed', $tested, false );

			if ( function_exists( 'curl_init' ) ) {

				$ch = curl_init();
				curl_setopt( $ch, CURLOPT_URL, site_url() );
				curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, $method );
				curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
				curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
				curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
				curl_setopt( $ch, CURLOPT_HEADER, true );
				curl_setopt( $ch, CURLOPT_NOBODY, true );
				curl_setopt( $ch, CURLOPT_VERBOSE, true );
				curl_setopt( $ch, CURLOPT_TIMEOUT, 3 ); //timeout in seconds
				curl_exec( $ch );

				#if there are no errors, the request is allowed
				if ( ! curl_errno( $ch ) ) {
					//remove the not allowed entry
					$not_allowed_index = array_search( $method, $tested['not-allowed'], true );
					if ( $not_allowed_index !== false ) {
						unset( $tested['not-allowed'][ $not_allowed_index ] );
					}
					$tested['allowed'][] = $method;
				}
				curl_close( $ch );
				update_option( 'rsssl_http_methods_allowed', $tested, false );
			}
		}
	}


	if ( !empty($tested['allowed'])) {
		return true;
	}
	return false;
}

/**
 * @return bool
 *
 * Check if DB has default wp_ prefix
 */

function rsssl_is_default_wp_prefix() {
	global $wpdb;
	if ( $wpdb->prefix === 'wp_' ) {
		return true;
	}
	return false;
}

function rsssl_xmlrpc_enabled(){
	return apply_filters('xmlrpc_enabled', true );
}

/**
 * @return bool
 *
 * Check if user admin exists
 */

function rsssl_has_admin_user() {
	if ( !rsssl_user_can_manage() ) {
		return false;
	}
	//transient is more persistent then wp cache set
	$count = get_transient('rsssl_admin_user_count');
	//get from cache, but not on settings page
	if ( $count === false || RSSSL()->admin->is_settings_page() ){
		//use wp_cache_get to prevent duplicate queries in one pageload
		$count = wp_cache_get('rsssl_admin_user_count', 'really-simple-ssl');
		if ( $count === false ) {
			global $wpdb;
			$count = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->base_prefix}users WHERE user_login = 'admin'" );
			wp_cache_set('rsssl_admin_user_count', $count, 'really-simple-ssl', HOUR_IN_SECONDS );
		}
		set_transient('rsssl_admin_user_count', $count, HOUR_IN_SECONDS);
	}

	return $count > 0;
}

/**
 * Check if username is valid for use
 * @return bool
 */
function rsssl_new_username_valid(): bool {

	$new_user_login = trim(sanitize_user(rsssl_get_option('new_admin_user_login')));
	if ( $new_user_login === 'admin' ) {
		return false;
	}
	$user_exists = get_user_by('login', $new_user_login);
	if ( $user_exists ) {
		return false;
	}

	return is_string($new_user_login) && strlen($new_user_login)>2;
}

/**
 * For backward compatibility we need to wrap this function, as older versions do not have this function (<5.6)
 * @return bool
 */
function rsssl_wp_is_application_passwords_available(){
	if ( function_exists('wp_is_application_passwords_available') ) {
		return wp_is_application_passwords_available();
	}

	return false;
}

/**
 * Get users where display name is the same as login
 *
 * @param bool $return_users
 *
 * @return bool | array
 *
 */

function rsssl_get_users_where_display_name_is_login( $return_users=false ) {
	$found_users = [];
	$users = get_transient('rsssl_admin_users');
	if ( !$users ){
		$args = array(
			'role'    => 'administrator',
		);
		$users = get_users( $args );
		set_transient('rsssl_admin_users', $users, HOUR_IN_SECONDS);
	}

	foreach ( $users as $user ) {
		if ($user->display_name === $user->user_login) {
			$found_users[] = $user->user_login;
		}
	}

	// Maybe return users in integration
	if ( $return_users ) {
		return $found_users;
	}

	if ( count($found_users) > 0 ) {
		return true;
	}

	return false;
}

/**
 * Check if debugging in WordPress is enabled
 *
 * @return bool
 */
function rsssl_is_debugging_enabled() {
	return ( defined('WP_DEBUG') && WP_DEBUG && defined('WP_DEBUG_LOG') && WP_DEBUG_LOG );
}

function rsssl_debug_log_value_is_default(){
	$value = rsssl_get_debug_log_value();

	return (string) $value === 'true';
}

/**
 * Get value of debug_log constant
 * Please note that for a value 'true', you should check for the string value === 'true'
 * @return bool|string
 */

function rsssl_get_debug_log_value(){
	if ( !defined('WP_DEBUG_LOG')) {
		return false;
	}
	$wpconfig_path = rsssl_find_wp_config_path();

	if ( !$wpconfig_path ) {
		return false;
	}
	$wpconfig      = file_get_contents( $wpconfig_path );

	// Get WP_DEBUG_LOG declaration
	$regex = "/^\s*define\([ ]{0,2}[\'|\"]WP_DEBUG_LOG[\'|\"][ ]{0,2},[ ]{0,2}(.*)[ ]{0,2}\);/m";
	preg_match( $regex, $wpconfig, $matches );
	if ($matches && isset($matches[1]) ){
		return trim($matches[1]);
	}

	return false;
}

/**
 * Check if the debug log file exists in the default location, and if it contains our bogus info
 * @return bool
 *
 */
function rsssl_debug_log_file_exists_in_default_location(){
	$default_file = trailingslashit(WP_CONTENT_DIR).'debug.log';
	if ( !file_exists($default_file) ) {
		return false;
	}
	//limit max length of string to 500
	$content = file_get_contents($default_file, false, null, 0, 500 );
	return trim( $content ) !== 'Access denied';
}

/**
 * @return string
 * Test if code execution is allowed in /uploads folder
 */
function rsssl_code_execution_allowed()
{
	$code_execution_allowed = get_transient('rsssl_code_execution_allowed_status');
	if ( !$code_execution_allowed ) {
		$upload_dir = wp_get_upload_dir();
		//set a default, in case of timeouts
		$code_execution_allowed = 'not-allowed';
		set_transient( 'rsssl_code_execution_allowed_status', $code_execution_allowed, DAY_IN_SECONDS );

		$test_file = $upload_dir['basedir'] . '/' . 'code-execution.php';
		if ( is_writable($upload_dir['basedir'] ) && ! file_exists( $test_file ) ) {
			try {
				copy( rsssl_path . 'security/tests/code-execution.php', $test_file );
			} catch (Exception $e) {
				$code_execution_allowed = 'not-allowed';
			}
		}

		if ( file_exists( $test_file ) ) {
			$uploads    = wp_upload_dir();
			$upload_url = trailingslashit($uploads['baseurl']).'code-execution.php';
			$response = wp_remote_get($upload_url);
			if ( !is_wp_error($response) ) {
				if ( is_array( $response ) ) {
					$status = wp_remote_retrieve_response_code( $response );
					$web_source = wp_remote_retrieve_body( $response );
				}

				if ( $status != 200 ) {
					//Could not connect to website
					$code_execution_allowed = 'not-allowed';
				} elseif ( strpos( $web_source, "RSSSL CODE EXECUTION MARKER" ) === false ) {
					//Mixed content fixer marker not found in the websource
					$code_execution_allowed = 'not-allowed';
				} else {
					$code_execution_allowed = 'allowed';
				}
			} else {
				$code_execution_allowed = 'not-allowed';
			}
		}

		//clean up file again
		if ( file_exists($test_file) ) {
			unlink($test_file);
		}
		set_transient('rsssl_code_execution_allowed_status', $code_execution_allowed, DAY_IN_SECONDS);
	}

	return $code_execution_allowed === 'allowed';
}

/**
 * Test if directory indexing is allowed
 * We assume allowed if test is not possible due to restrictions. Only an explicity 403 on the response results in "forbidden".
 * On non htaccess servers, the default is non indexing, so we return forbidden.
 *
 * @return bool
 */
function rsssl_directory_indexing_allowed() {
	$status = get_transient('rsssl_directory_indexing_status');
	if ( !$status ) {
		if ( !rsssl_uses_htaccess() ) {
			$status = 'forbidden';
		} else {
			$status = 'allowed';
			//set a default, in case of timeouts
			set_transient( 'rsssl_directory_indexing_status', $status, DAY_IN_SECONDS );

			try {
				$test_folder = 'indexing-test';
				$test_dir = trailingslashit(ABSPATH) . $test_folder;
				if ( ! is_dir( $test_dir ) ) {
					mkdir( $test_dir, 0755 );
				}

				$response = wp_remote_get(trailingslashit( site_url($test_folder) ) );
				if ( is_dir( $test_dir )  ) {
					rmdir( $test_dir );
				}

				// WP_Error doesn't contain response code, return false
				if ( !is_wp_error( $response ) ) {
					$response_code = $response['response']['code'];
					if ( $response_code === 403 ) {
						$status = 'forbidden';
					}
				}
			} catch( Exception $e ) {

			}
		}
		set_transient('rsssl_directory_indexing_status', $status, DAY_IN_SECONDS );
	}

	return $status !== 'forbidden';
}

/**
 * Check if file editing is allowed
 * @return bool
 */
function rsssl_file_editing_allowed()
{
	if ( function_exists('wp_is_block_theme') && wp_is_block_theme() ) {
		return false;
	}
	return !defined('DISALLOW_FILE_EDIT' ) || !DISALLOW_FILE_EDIT;
}

/**
 * Check if user registration is allowed
 * @return bool
 */
function rsssl_user_registration_allowed()
{
	return get_option( 'users_can_register' );
}

/**
 * Check if page source contains WordPress version information
 * @return bool
 */

function rsssl_src_contains_wp_version() {
	$result = get_option('rsssl_wp_version_detected' );
	if ( $result===false ) {
		$result = 'no-response';
		update_option( 'rsssl_wp_version_detected', 'no-response', false );
		try {
			$wp_version = get_bloginfo( 'version' );
			$web_source = "";
			$response = wp_remote_get( home_url() );
			if ( ! is_wp_error( $response ) ) {
				if ( is_array( $response ) ) {
					$status     = wp_remote_retrieve_response_code( $response );
					$web_source = wp_remote_retrieve_body( $response );
				}

				if ( $status != 200 ) {
					$result = 'no-response';
				} elseif ( strpos( $web_source, 'ver='.$wp_version ) === false ) {
					$result = 'not-found';
				} else {
					$result = 'found';
				}
			}
			update_option( 'rsssl_wp_version_detected', $result, false );
		} catch(Exception $e) {
			update_option( 'rsssl_wp_version_detected', 'no-response', false );
		}
	}
	return $result==='found';
}

/**
 * Count the number of open hardening features
 * @return int
 */
function rsssl_count_open_hardening_features() {
	$open   = 0;
	$fields = rsssl_fields( false );

	// Filter out unused fields
	$recommended_hardening_fields = array_filter($fields, function($field){
		return isset($field['recommended']) && $field['recommended'];
	});

	// Create $hardening_options dynamically based on recommended field IDs
	$hardening_options = array_map(function($field) {
		return $field['id'];
	}, $recommended_hardening_fields);

	foreach ( $hardening_options as $option ) {

		// Get the field
		$field = array_filter( $fields, function ( $f ) use ( $option ) {
			return $f['id'] === $option;
		} );

		if ( ! empty( $field ) ) {
			$field = reset( $field );
			// Apply the rsssl_disable_fields filter
			$field = apply_filters( 'rsssl_field', $field, $field['id'] );

			// Check if the option is not set to true and the field is not disabled
			if ( rsssl_get_option( $option ) !== true &&
			     ( ! isset( $field['disabled'] ) || $field['disabled'] !== true ) &&
			     ( ! isset( $field['value'] ) || $field['value'] !== true ) ) {
				$open ++;
			}
		}
	}

	return $open;
}

function rsssl_has_open_hardening_features() {
	return rsssl_count_open_hardening_features() > 0;
}

Youez - 2016 - github.com/yon3zu
LinuXploit