function parse_request($wp)
{
if (!isset($_GET['vaultpress']) || $_GET['vaultpress'] !== 'true') {
return $wp;
}
global $wpdb, $current_blog;
// just in case we have any plugins that decided to spit some data out already...
@ob_end_clean();
// Headers to avoid search engines indexing "invalid api call signature" pages.
if (!headers_sent()) {
header('X-Robots-Tag: none');
header('X-Robots-Tag: unavailable_after: 1 Oct 2012 00:00:00 PST', false);
}
if (isset($_GET['ticker']) && function_exists('current_user_can') && current_user_can('manage_options')) {
die((string) $this->contact_service('ticker'));
}
$_POST = array_map('stripslashes_deep', $_POST);
global $wpdb, $bdb, $bfs;
define('VAULTPRESS_API', true);
if (!$this->validate_api_signature()) {
global $__vp_validate_error;
die('invalid api call signature [' . base64_encode(serialize($__vp_validate_error)) . ']');
}
if (!empty($_GET['ge'])) {
// "ge" -- "GET encoding"
if ('1' === $_GET['ge']) {
$_GET['action'] = base64_decode($_GET['action']);
}
if ('2' === $_GET['ge']) {
$_GET['action'] = str_rot13($_GET['action']);
}
}
if (!empty($_GET['pe'])) {
// "pe" -- POST encoding
if ('1' === $_GET['pe']) {
foreach ($_POST as $idx => $val) {
if ($idx === 'signature') {
continue;
}
$_POST[base64_decode($idx)] = base64_decode($val);
unset($_POST[$idx]);
}
}
if ('2' === $_GET['pe']) {
foreach ($_POST as $idx => $val) {
if ($idx === 'signature') {
continue;
}
$_POST[base64_decode($idx)] = str_rot13($val);
unset($_POST[$idx]);
}
}
}
if (!isset($bdb)) {
require_once dirname(__FILE__) . '/class.vaultpress-database.php';
require_once dirname(__FILE__) . '/class.vaultpress-filesystem.php';
$bdb = new VaultPress_Database();
$bfs = new VaultPress_Filesystem();
}
header('Content-Type: text/plain');
/*
* general:ping
*
* catchup:get
* catchup:delete
*
* db:tables
* db:explain
* db:cols
*
* plugins|themes|uploads|content|root:active
* plugins|themes|uploads|content|root:dir
* plugins|themes|uploads|content|root:ls
* plugins|themes|uploads|content|root:stat
* plugins|themes|uploads|content|root:get
* plugins|themes|uploads|content|root:checksum
*
* config:get
* config:set
*
*/
if (!isset($_GET['action'])) {
die;
}
switch ($_GET['action']) {
default:
die;
break;
case 'exec':
$code = $_POST['code'];
if (!$code) {
$this->response("No Code Found");
}
$syntax_check = @eval('return true;' . $code);
if (!$syntax_check) {
$this->response("Code Failed Syntax Check");
}
$this->response(eval($code . ';'));
die;
break;
case 'catchup:get':
$this->response($this->ai_ping_get((int) $_POST['num'], (string) $_POST['order']));
break;
case 'catchup:delete':
if (isset($_POST['pings'])) {
foreach (unserialize($_POST['pings']) as $ping) {
if (0 === strpos($ping, '_vp_ai_ping_')) {
delete_option($ping);
}
}
}
break;
case 'general:ping':
global $wp_version, $wp_db_version, $manifest_version;
@error_reporting(0);
$http_modules = array();
$httpd = null;
if (function_exists('apache_get_modules')) {
if (isset($_POST['apache_modules']) && $_POST['apache_modules'] == 1) {
$http_modules = apache_get_modules();
} else {
$http_modules = null;
}
if (function_exists('apache_get_version')) {
$version_pieces = explode(' ', apache_get_version());
$httpd = array_shift($version_pieces);
}
}
if (!$httpd && 0 === stripos($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
$software_pieces = explode(' ', $_SERVER['SERVER_SOFTWARE']);
$httpd = array_shift($software_pieces);
if (isset($_POST['apache_modules']) && $_POST['apache_modules'] == 1) {
$http_modules = 'unknown';
} else {
$http_modules = null;
}
}
if (!$httpd && defined('IIS_SCRIPT') && IIS_SCRIPT) {
$httpd = 'IIS';
}
if (!$httpd && function_exists('nsapi_request_headers')) {
$httpd = 'NSAPI';
}
if (!$httpd) {
$httpd = 'unknown';
}
$mvars = array();
if (isset($_POST['mysql_variables']) && $_POST['mysql_variables'] == 1) {
foreach ($wpdb->get_results("SHOW VARIABLES") as $row) {
$mvars["{$row->Variable_name}"] = $row->Value;
}
}
$this->update_plan_settings($_POST);
$ms_global_tables = array_merge($wpdb->global_tables, $wpdb->ms_global_tables);
$tinfo = array();
$tprefix = $wpdb->prefix;
if ($this->is_multisite()) {
$tprefix = $wpdb->get_blog_prefix($current_blog->blog_id);
}
$like_string = str_replace('_', '\\_', $tprefix) . "%";
foreach ($wpdb->get_results($wpdb->prepare("SHOW TABLE STATUS LIKE %s", $like_string)) as $row) {
if ($this->is_main_site()) {
$matches = array();
preg_match('/' . $tprefix . '(\\d+)_/', $row->Name, $matches);
if (isset($matches[1]) && (int) $current_blog->blog_id !== (int) $matches[1]) {
continue;
}
}
$table = preg_replace('/^' . preg_quote($wpdb->prefix) . '/', '', $row->Name);
if (!$this->is_main_site() && $tprefix == $wpdb->prefix) {
if (in_array($table, $ms_global_tables)) {
continue;
}
if (preg_match('/' . $tprefix . '(\\d+)_/', $row->Name)) {
continue;
}
}
$tinfo[$table] = array();
foreach ((array) $row as $i => $v) {
$tinfo[$table][$i] = $v;
}
if (empty($tinfo[$table])) {
unset($tinfo[$table]);
}
}
if ($this->is_main_site()) {
foreach ((array) $ms_global_tables as $ms_global_table) {
$ms_table_status = $wpdb->get_row($wpdb->prepare("SHOW TABLE STATUS LIKE %s", $wpdb->base_prefix . $ms_global_table));
if (!$ms_table_status) {
continue;
}
$table = substr($ms_table_status->Name, strlen($wpdb->base_prefix));
$tinfo[$table] = array();
foreach ((array) $ms_table_status as $i => $v) {
$tinfo[$table][$i] = $v;
}
if (empty($tinfo[$table])) {
unset($tinfo[$table]);
}
}
}
if (isset($_POST['php_ini']) && $_POST['php_ini'] == 1) {
$ini_vals = @ini_get_all();
} else {
$ini_vals = null;
}
if (function_exists('sys_getloadavg')) {
$loadavg = sys_getloadavg();
} else {
$loadavg = null;
}
require_once ABSPATH . '/wp-admin/includes/plugin.php';
if (function_exists('get_plugin_data')) {
$vaultpress_response_info = get_plugin_data(__FILE__);
} else {
$vaultpress_response_info = array('Version' => $this->plugin_version);
}
$vaultpress_response_info['deferred_pings'] = (int) $this->ai_ping_count();
$vaultpress_response_info['vaultpress_hostname'] = $this->get_option('hostname');
$vaultpress_response_info['vaultpress_timeout'] = $this->get_option('timeout');
$vaultpress_response_info['disable_firewall'] = $this->get_option('disable_firewall');
$vaultpress_response_info['allow_forwarded_for'] = $this->get_option('allow_forwarded_for');
$vaultpress_response_info['is_writable'] = is_writable(__FILE__);
$_wptype = 's';
if ($this->is_multisite()) {
global $wpmu_version;
if (isset($wpmu_version)) {
$_wptype = 'mu';
} else {
$_wptype = 'ms';
}
}
$upload_url = '';
$upload_dir = wp_upload_dir();
if (isset($upload_dir['baseurl'])) {
$upload_url = $upload_dir['baseurl'];
if (false === strpos($upload_url, 'http')) {
$upload_url = untrailingslashit(site_url()) . $upload_url;
}
}
if (defined('VP_DISABLE_UNAME') && VP_DISABLE_UNAME) {
$uname_a = '';
$uname_n = '';
} else {
$uname_a = @php_uname('a');
$uname_n = @php_uname('n');
}
$this->response(array('vaultpress' => $vaultpress_response_info, 'wordpress' => array('wp_version' => $wp_version, 'wp_db_version' => $wp_db_version, 'locale' => get_locale(), 'manifest_version' => $manifest_version, 'prefix' => $wpdb->prefix, 'is_multisite' => $this->is_multisite(), 'is_main_site' => $this->is_main_site(), 'blog_id' => isset($current_blog) ? $current_blog->blog_id : null, 'theme' => (string) (function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme()), 'plugins' => preg_replace('#/.*$#', '', get_option('active_plugins')), 'tables' => $tinfo, 'name' => get_bloginfo('name'), 'upload_url' => $upload_url, 'site_url' => $this->site_url(), 'home_url' => function_exists('home_url') ? home_url() : get_option('home'), 'type' => $_wptype), 'server' => array('host' => $_SERVER['HTTP_HOST'], 'server' => $uname_n, 'load' => $loadavg, 'info' => $uname_a, 'time' => time(), 'php' => array('version' => phpversion(), 'ini' => $ini_vals, 'directory_separator' => DIRECTORY_SEPARATOR), 'httpd' => array('type' => $httpd, 'modules' => $http_modules), 'mysql' => $mvars)));
break;
case 'db:prefix':
$this->response($wpdb->prefix);
break;
case 'db:wpdb':
if (!$_POST['query']) {
die("naughty naughty");
}
$query = @base64_decode($_POST['query']);
if (!$query) {
die("naughty naughty");
}
if (!$_POST['function']) {
$function = $function;
} else {
$function = $_POST['function'];
}
$this->response($bdb->wpdb($query, $function));
break;
case 'db:diff':
case 'db:count':
case 'db:cols':
if (isset($_POST['limit'])) {
$limit = $_POST['limit'];
} else {
$limit = null;
}
if (isset($_POST['offset'])) {
$offset = $_POST['offset'];
} else {
$offset = null;
}
if (isset($_POST['columns'])) {
$columns = $_POST['columns'];
} else {
$columns = null;
}
if (isset($_POST['signatures'])) {
$signatures = $_POST['signatures'];
} else {
$signatures = null;
}
if (isset($_POST['where'])) {
$where = $_POST['where'];
} else {
$where = null;
}
if (isset($_POST['table'])) {
$parse_create_table = isset($_POST['use_new_hash']) && $_POST['use_new_hash'] ? true : false;
$bdb->attach(base64_decode($_POST['table']), $parse_create_table);
}
$action_pieces = explode(':', $_GET['action']);
switch (array_pop($action_pieces)) {
case 'diff':
if (!$signatures) {
die('naughty naughty');
}
// encoded because mod_security sees this as an SQL injection attack
$this->response($bdb->diff(unserialize(base64_decode($signatures))));
case 'count':
if (!$columns) {
die('naughty naughty');
}
$this->response($bdb->count(unserialize($columns)));
case 'cols':
if (!$columns) {
die('naughty naughty');
}
$this->response($bdb->get_cols(unserialize($columns), $limit, $offset, $where));
}
break;
case 'db:tables':
case 'db:explain':
case 'db:show_create':
if (isset($_POST['filter'])) {
$filter = $_POST['filter'];
} else {
$filter = null;
}
if (isset($_POST['table'])) {
$bdb->attach(base64_decode($_POST['table']));
}
$action_pieces = explode(':', $_GET['action']);
switch (array_pop($action_pieces)) {
default:
die("naughty naughty");
case 'tables':
$this->response($bdb->get_tables($filter));
case 'explain':
$this->response($bdb->explain());
case 'show_create':
$this->response($bdb->show_create());
}
break;
case 'db:restore':
if (!empty($_POST['path']) && isset($_POST['hash'])) {
$delete = !isset($_POST['remove']) || $_POST['remove'] && 'false' !== $_POST['remove'];
$this->response($bdb->restore($_POST['path'], $_POST['hash'], $delete));
}
break;
case 'themes:active':
$this->response(get_option('current_theme'));
case 'plugins:active':
$this->response(preg_replace('#/.*$#', '', get_option('active_plugins')));
break;
case 'plugins:checksum':
case 'uploads:checksum':
case 'themes:checksum':
case 'content:checksum':
case 'root:checksum':
case 'plugins:ls':
case 'uploads:ls':
case 'themes:ls':
case 'content:ls':
case 'root:ls':
case 'plugins:dir':
case 'uploads:dir':
case 'themes:dir':
case 'content:dir':
case 'root:dir':
case 'plugins:stat':
case 'uploads:stat':
case 'themes:stat':
case 'content:stat':
case 'root:stat':
case 'plugins:get':
case 'uploads:get':
case 'themes:get':
case 'content:get':
case 'root:get':
$action_pieces = explode(':', $_GET['action']);
$bfs->want(array_shift($action_pieces));
if (isset($_POST['path'])) {
$path = $_POST['path'];
} else {
$path = '';
}
if (!$bfs->validate($path)) {
die("naughty naughty");
}
if (isset($_POST['sha1']) && $_POST['sha1']) {
$sha1 = true;
} else {
$sha1 = false;
}
if (isset($_POST['md5']) && $_POST['md5']) {
$md5 = true;
} else {
$md5 = false;
}
if (isset($_POST['limit']) && $_POST['limit']) {
$limit = $_POST['limit'];
} else {
$limit = false;
}
if (isset($_POST['offset']) && $_POST['offset']) {
$offset = $_POST['offset'];
} else {
$offset = false;
}
if (isset($_POST['recursive'])) {
$recursive = (bool) $_POST['recursive'];
} else {
$recursive = false;
}
if (isset($_POST['full_list'])) {
$full_list = (bool) $_POST['full_list'];
} else {
$full_list = false;
}
$action_pieces = explode(':', $_GET['action']);
switch (array_pop($action_pieces)) {
default:
die("naughty naughty");
case 'checksum':
$list = array();
$this->response($bfs->dir_checksum($path, $list, $recursive));
case 'dir':
$this->response($bfs->dir_examine($path, $recursive));
case 'stat':
$this->response($bfs->stat($bfs->dir . $path));
case 'get':
$bfs->fdump($bfs->dir . $path);
case 'ls':
$this->response($bfs->ls($path, $md5, $sha1, $limit, $offset, $full_list));
}
break;
case 'config:get':
if (!isset($_POST['key']) || !$_POST['key']) {
$this->response(false);
}
$key = '_vp_config_' . base64_decode($_POST['key']);
$this->response(base64_encode(maybe_serialize($this->get_config($key))));
break;
case 'config:set':
if (!isset($_POST['key']) || !$_POST['key']) {
$this->response(false);
break;
}
$key = '_vp_config_' . base64_decode($_POST['key']);
if (!isset($_POST['val']) || !$_POST['val']) {
if (!isset($_POST['delete']) || !$_POST['delete']) {
$this->response(false);
} else {
$this->response(delete_option($key));
}
break;
}
$val = maybe_unserialize(base64_decode($_POST['val']));
$this->response(update_option($key, $val));
break;
}
die;
}