262 header( 'X-Robots-Tag: noindex, nofollow' );
263 header( 'Content-Type: text/html' );
264 header( 'Content-Length: 0' );
265 }
266
267 private function fake_wplogin() {
268
269 $server_name = isset( $_SERVER['SERVER_NAME'] )
270 ? $_SERVER['SERVER_NAME']
271 : $_SERVER['HTTP_HOST'];
272 $username = trim( $_POST['log'] );
273 $expire = time() + 3600;
274 $token = substr( hash_hmac( 'sha256', (string) rand(), 'token' ), 0, 43 );
275 $hash = hash_hmac( 'sha256', (string) rand(), 'hash' );
276 $auth_cookie = $username . '|' . $expire . '|' . $token . '|' . $hash;
277 $authcookie_name = 'wordpress_' . md5( 'authcookie' );
278 $loggedincookie_name = 'wordpress_logged_in_' . md5( 'cookiehash' );
279
280 header( 'Cache-Control: max-age=0, private, no-store, no-cache, must-revalidate' );
281 header( 'X-Robots-Tag: noindex, nofollow' );
282 setcookie( $authcookie_name, $auth_cookie, $expire, '/brake/wp_content/plugins', '', false, true );
283 setcookie( $authcookie_name, $auth_cookie, $expire, '/brake/wp-admin', '', false, true );
284 setcookie( $loggedincookie_name, $auth_cookie, $expire, '/', '', false, true );
|
186
187 // Trigger Miniban at first
188 if ( class_exists( '\Miniban' ) ) {
189 if ( true !== \Miniban::ban() ) {
190 $this->enhanced_error_log( 'Miniban operation failed.' );
191 }
192 }
193
194 $this->trigger( $slug, $message, $level, $this->prefix_instant );
195
196 // Remove session
197 remove_action( 'wp_logout', array( $this, 'logout' ) );
198 wp_logout();
199
200 // Respond
201 ob_get_level() && ob_end_clean();
202 if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
203 $this->fake_xmlrpc();
204 } elseif ( ! headers_sent() ) {
205 if ( 'wp-login.php' === $GLOBALS['pagenow'] && ! empty( $_POST['log'] ) ) {
206 $this->fake_wplogin();
207 } else {
208 $this->ban();
|
684 // Check tag first to speed things up
685 if ( 'wp_ajax_' === substr( $tag, 0, 8 )
686 || 'admin_post_' === substr( $tag, 0, 11 )
687 ) {
688 global $wp_actions;
689 global $wp_filter;
690
691 $whitelisted_actions = array(
692 'wp_ajax_nopriv_wp-remove-post-lock',
693 'wp_ajax_nopriv_SimpleHistoryNewRowsNotifier',
694 );
695
696 // Actions only, not filters, not registered ones, except whitelisted ones
697 // Actions are basically filters
698 if ( is_array( $wp_actions )
699 && array_key_exists( $tag, $wp_actions )
700 && is_array( $wp_filter )
701 && ! array_key_exists( $tag, $wp_filter )
702 && ! in_array( $tag, $whitelisted_actions, true )
703 ) {
704 $this->trigger_instant( 'wpf2b_admin_action_unknown', $tag );
705 }
706 }
|