''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end $value){ if(in_array($query, $ignored_parameters)){ unset($parsed_query[$query]); continue; } } $uri = $parsed_uri['path'] . (!empty($parsed_query) ? '?'.http_build_query($parsed_query) : ''); } // We dont know if the site is a /directory based so we just hit and try $site_dir = ''; $path = ''; if(!empty($parsed_uri['path'])){ $path = trim($parsed_uri['path'], '/'); } if(strpos($path, '/') !== FALSE){ $parsed_path = explode('/', $path); $site_dir = $parsed_path[0]; } elseif(!empty($path)){ $site_dir = $path; } $config_file = WP_CONTENT_DIR . '/speedycache-config/' . basename($_SERVER['HTTP_HOST']) . '.php'; if(!file_exists($config_file)){ $config_file = WP_CONTENT_DIR . '/speedycache-config/' . basename($_SERVER['HTTP_HOST']) . '.'. $site_dir . '.php'; if(!file_exists($config_file)){ return; } } if(!file_exists($config_file)){ return; } // Accessing the config file include_once $config_file; if(empty($speedycache_ac_config) || !is_array($speedycache_ac_config)){ return; } if(empty($speedycache_ac_config['settings']['status'])){ return; } // Exclude pages|useragent|cookie if(speedycache_ac_excludes($speedycache_ac_config)){ return; } if(!empty($speedycache_ac_config['user_agents']) && preg_match('/'.preg_quote($speedycache_ac_config['user_agents']).'/', $_SERVER['HTTP_USER_AGENT'])){ return; } if(empty($speedycache_ac_config['settings']['logged_in_user']) && preg_grep('/^wordpress_logged_in_/i', array_keys($_COOKIE))){ return false; } // check comment author if(preg_grep('/comment_author_/i', array_keys($_COOKIE))){ return false; } $cache_path = WP_CONTENT_DIR.'/cache/speedycache/' . basename($_SERVER['HTTP_HOST']); // For the test cache if(isset($_GET['test_speedycache'])){ $cache_path = '/test'. $uri; } else if(!empty($speedycache_ac_config['settings']['mobile']) && preg_match('/Mobile|Android|Silk\/|Kindle|BlackBerry|Opera (Mini|Mobi)/i', $_SERVER['HTTP_USER_AGENT'])) { // Check for Mobile if(!empty($speedycache_ac_config['settings']['mobile_theme'])){ $cache_path .= '/mobile-cache' . $uri; } else { return; // If just mobile is enabled then we don't want to show desktop verison of cache on mobile. } } else { // get path of file $cache_path .= '/all'. $uri; } $file_name = 'index'; if(isset($_COOKIE['wcu_current_currency'])){ $file_name .= '-' . strtolower($_COOKIE['wcu_current_currency']); $file_name = preg_replace('/\.{2,}/', '', $file_name); // Cleaning the path } $file_name .= '.html'; //check file extension $serving_gz = ''; if(isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE && !empty($speedycache_ac_config['settings']['gzip']) && @file_exists($cache_path . '/'. $file_name.'.gz')){ $serving_gz = '.gz'; // We do not want output compression to be enabled if we are gzipping the page. if(function_exists('ini_set')){ ini_set('zlib.output_compression', 0); } header('Content-Encoding: gzip'); } if(!file_exists($cache_path . '/'.$file_name . $serving_gz)){ $serving_gz = ''; } if(!file_exists($cache_path . '/'.$file_name . $serving_gz)){ return; } if(!headers_sent()){ header('x-speedycache-source: PHP'); } $cache_created_at = filemtime($cache_path. '/'.$file_name . $serving_gz); header('Last-Modified: ' . gmdate( 'D, d M Y H:i:s', $cache_created_at) . ' GMT'); $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) : 0; if($if_modified_since === $cache_created_at){ header($_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified', true, 304); header('Cache-Control: no-cache, must-revalidate'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); exit(); } readfile($cache_path. '/'.$file_name . $serving_gz); exit(); } function speedycache_ac_excludes($excludes){ if(empty($excludes) || !is_array($excludes)){ return false; } $preg_match_rule = ''; $request_url = !empty($_SERVER['REQUEST_URI']) ? urldecode(trim($_SERVER['REQUEST_URI'], '/')) : ''; foreach($excludes as $key => $value){ $value['type'] = !empty($value['type']) ? $value['type'] : 'page'; if(!empty($value['prefix']) && $value['type'] == 'page'){ $value['content'] = trim($value['content']); $value['content'] = trim($value['content'], '/'); if($value['prefix'] == 'exact' && strtolower($value['content']) == strtolower($request_url)){ return true; }else{ $preg_match_rule = preg_quote($value['content'], '/'); if($preg_match_rule){ if(preg_match('/'.$preg_match_rule.'/i', $request_url)){ return true; } } } }else if($value['type'] == 'useragent'){ if(preg_match('/'.preg_quote($value['content'], '/').'/i', $_SERVER['HTTP_USER_AGENT'])){ return true; } }else if($value['type'] == 'cookie'){ if(isset($_SERVER['HTTP_COOKIE'])){ if(preg_match('/'.preg_quote($value['content'], '/').'/i', $_SERVER['HTTP_COOKIE'])){ return true; } } } } } speedycache_ac_serve_cache();