Skip to content

Commit

Permalink
WAF: ensure the mode option is set during activation
Browse files Browse the repository at this point in the history
Move functionality from module activation into the more generic waf activation method

changelog

Move hooks out of Waf_Runner class

Use update_option to ensure empty/falsey options are updated
  • Loading branch information
nateweller committed Nov 13, 2024
1 parent e1fd272 commit b8d9e6b
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 17 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: fixed

WAF: Ensure mode option is set during activation
9 changes: 6 additions & 3 deletions projects/packages/waf/src/class-waf-initializer.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,19 @@ public static function init() {
// Update the WAF after installing or upgrading a relevant Jetpack plugin
add_action( 'upgrader_process_complete', __CLASS__ . '::update_waf_after_plugin_upgrade', 10, 2 );

// Update the WAF after updating the rules settings
Waf_Rules_Manager::add_hooks();

// Check for compatibility updates
add_action( 'admin_init', __CLASS__ . '::check_for_updates' );

// WAF activation/deactivation hooks
add_action( 'jetpack_activate_module_waf', __CLASS__ . '::on_waf_activation' );
add_action( 'jetpack_deactivate_module_waf', __CLASS__ . '::on_waf_deactivation' );

// Update the WAF rule files on a schedule
Waf_Rules_Manager::schedule_rules_cron();

// Brute force protection activation/deactivation hooks
add_action( 'jetpack_activate_module_protect', __CLASS__ . '::on_brute_force_protection_activation' );
add_action( 'jetpack_deactivate_module_protect', __CLASS__ . '::on_brute_force_protection_deactivation' );
Expand All @@ -68,9 +74,6 @@ public static function init() {
* @return bool|WP_Error True if the WAF activation is successful, WP_Error otherwise.
*/
public static function on_waf_activation() {
update_option( Waf_Runner::MODE_OPTION_NAME, 'normal' );
add_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME, false );

try {
Waf_Runner::activate();
( new Waf_Standalone_Bootstrap() )->generate();
Expand Down
27 changes: 13 additions & 14 deletions projects/packages/waf/src/class-waf-runner.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,7 @@ public static function initialize() {
if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) {
return;
}
// Don't run if in standalone mode
if ( function_exists( 'add_action' ) ) {
self::add_hooks();
Waf_Rules_Manager::add_hooks();
Waf_Rules_Manager::schedule_rules_cron();
}

if ( ! self::did_run() ) {
self::run();
}
Expand All @@ -52,11 +47,10 @@ public static function initialize() {
* Set action hooks
*
* @return void
*
* @deprecated $$next-version$$ Hooks have been moved to Waf_Initializer class.
*/
public static function add_hooks() {
// Register REST routes.
add_action( 'rest_api_init', array( new REST_Controller(), 'register_rest_routes' ) );
}
public static function add_hooks() {}

/**
* Did the WAF run yet or not?
Expand Down Expand Up @@ -306,19 +300,24 @@ public static function initialize_filesystem() {
}

/**
* Activates the WAF by generating the rules script and setting the version
* Activates the WAF by generating the rules script and setting the related options.
*
* @throws Waf_Exception If the firewall mode is invalid.
* @throws Waf_Exception If the activation fails.
*
* @return void
*/
public static function activate() {
$version = get_option( Waf_Rules_Manager::VERSION_OPTION_NAME );
if ( ! $version ) {
add_option( Waf_Rules_Manager::VERSION_OPTION_NAME, Waf_Rules_Manager::RULES_VERSION );
// Ensure version and mode options exist and have non-empty values.
if ( ! get_option( Waf_Rules_Manager::VERSION_OPTION_NAME ) ) {
update_option( Waf_Rules_Manager::VERSION_OPTION_NAME, Waf_Rules_Manager::RULES_VERSION );
}
if ( ! get_option( self::MODE_OPTION_NAME ) ) {
update_option( self::MODE_OPTION_NAME, 'normal' );
}

// Ensure options exist.
add_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME, false );
add_option( self::SHARE_DATA_OPTION_NAME, true );

self::initialize_filesystem();
Expand Down

0 comments on commit b8d9e6b

Please sign in to comment.