WAF: Options Improvements (#38580)

projects/packages/waf/changelog/add-sync-waf-options

@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Janitorial: improved type consistency in WAF settings API
+
+

projects/packages/waf/src/class-waf-rules-manager.php

@@ -44,6 +44,33 @@ class Waf_Rules_Manager {
 	const IP_ALLOW_RULES_FILE   = '/rules/allow-ip.php';
 	const IP_BLOCK_RULES_FILE   = '/rules/block-ip.php';
 
+	/**
+	 * Whether automatic rules are enabled.
+	 *
+	 * @return bool
+	 */
+	public static function automatic_rules_enabled() {
+		return (bool) get_option( self::AUTOMATIC_RULES_ENABLED_OPTION_NAME );
+	}
+
+	/**
+	 * Whether IP allow list is enabled.
+	 *
+	 * @return bool
+	 */
+	public static function ip_allow_list_enabled() {
+		return (bool) get_option( self::IP_ALLOW_LIST_ENABLED_OPTION_NAME );
+	}
+
+	/**
+	 * Whether IP block list is enabled.
+	 *
+	 * @return bool
+	 */
+	public static function ip_block_list_enabled() {
+		return (bool) get_option( self::IP_BLOCK_LIST_ENABLED_OPTION_NAME );
+	}
+
 	/**
 	 * Register WordPress hooks for the WAF rules.
 	 *
@@ -215,17 +242,17 @@ public static function generate_rules() {
 		}
 
 		// Add IP allow list
-		if ( get_option( self::IP_ALLOW_LIST_ENABLED_OPTION_NAME ) ) {
+		if ( self::ip_allow_list_enabled() ) {
 			$rules .= self::wrap_require( Waf_Runner::get_waf_file_path( self::IP_ALLOW_RULES_FILE ) ) . "\n";
 		}
 
 		// Add IP block list
-		if ( get_option( self::IP_BLOCK_LIST_ENABLED_OPTION_NAME ) ) {
+		if ( self::ip_block_list_enabled() ) {
 			$rules .= self::wrap_require( Waf_Runner::get_waf_file_path( self::IP_BLOCK_RULES_FILE ), "return \$waf->block( 'block', -1, 'ip block list' );" ) . "\n";
 		}
 
 		// Add automatic rules
-		if ( get_option( self::AUTOMATIC_RULES_ENABLED_OPTION_NAME ) ) {
+		if ( self::automatic_rules_enabled() ) {
 			$rules .= self::wrap_require( Waf_Runner::get_waf_file_path( self::AUTOMATIC_RULES_FILE ) ) . "\n";
 		}
 

projects/packages/waf/src/class-waf-runner.php

@@ -160,11 +160,11 @@ public static function disable() {
 	 */
 	public static function get_config() {
 		return array(
-			Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME => get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME ),
+			Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME => Waf_Rules_Manager::automatic_rules_enabled(),
 			Waf_Rules_Manager::IP_ALLOW_LIST_OPTION_NAME => get_option( Waf_Rules_Manager::IP_ALLOW_LIST_OPTION_NAME ),
-			Waf_Rules_Manager::IP_ALLOW_LIST_ENABLED_OPTION_NAME => get_option( Waf_Rules_Manager::IP_ALLOW_LIST_ENABLED_OPTION_NAME ),
+			Waf_Rules_Manager::IP_ALLOW_LIST_ENABLED_OPTION_NAME => Waf_Rules_Manager::ip_allow_list_enabled(),
 			Waf_Rules_Manager::IP_BLOCK_LIST_OPTION_NAME => get_option( Waf_Rules_Manager::IP_BLOCK_LIST_OPTION_NAME ),
-			Waf_Rules_Manager::IP_BLOCK_LIST_ENABLED_OPTION_NAME => get_option( Waf_Rules_Manager::IP_BLOCK_LIST_ENABLED_OPTION_NAME ),
+			Waf_Rules_Manager::IP_BLOCK_LIST_ENABLED_OPTION_NAME => Waf_Rules_Manager::ip_block_list_enabled(),
 			self::SHARE_DATA_OPTION_NAME                 => get_option( self::SHARE_DATA_OPTION_NAME ),
 			self::SHARE_DEBUG_DATA_OPTION_NAME           => get_option( self::SHARE_DEBUG_DATA_OPTION_NAME ),
 			'bootstrap_path'                             => self::get_bootstrap_file_path(),
@@ -179,7 +179,7 @@ public static function get_config() {
 			 * @deprecated $next-version$
 			 */
 			// @phan-suppress-next-line PhanDeprecatedClassConstant -- Needed for backwards compatibility.
-			Waf_Rules_Manager::IP_LISTS_ENABLED_OPTION_NAME => get_option( Waf_Rules_Manager::IP_ALLOW_LIST_ENABLED_OPTION_NAME ) || get_option( Waf_Rules_Manager::IP_BLOCK_LIST_ENABLED_OPTION_NAME ),
+			Waf_Rules_Manager::IP_LISTS_ENABLED_OPTION_NAME => Waf_Rules_Manager::ip_allow_list_enabled() || Waf_Rules_Manager::ip_block_list_enabled(),
 		);
 	}
 
@@ -445,10 +445,8 @@ public static function automatic_rules_available() {
 			// Delete the automatic rules last updated option.
 			delete_option( Waf_Rules_Manager::AUTOMATIC_RULES_LAST_UPDATED_OPTION_NAME );
 
-			$automatic_rules_enabled = get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME );
-
 			// If automatic rules setting is enabled, disable it.
-			if ( $automatic_rules_enabled ) {
+			if ( Waf_Rules_Manager::automatic_rules_enabled() ) {
 				update_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME, false );
 			}
 

projects/plugins/jetpack/_inc/lib/class.core-rest-api-endpoints.php

@@ -2335,13 +2335,6 @@ public static function get_updateable_data_list( $selector = '' ) {
 				'validate_callback' => __CLASS__ . '::validate_boolean',
 				'jp_group'          => 'waf',
 			),
-			'jetpack_waf_ip_allow_list_enabled'     => array(
-				'description'       => esc_html__( 'Allow list - Allow a specific request IP.', 'jetpack' ),
-				'type'              => 'boolean',
-				'default'           => 0,
-				'validate_callback' => __CLASS__ . '::validate_boolean',
-				'jp_group'          => 'waf',
-			),
 			'jetpack_waf_ip_block_list_enabled'     => array(
 				'description'       => esc_html__( 'Block list - Block a specific request IP.', 'jetpack' ),
 				'type'              => 'boolean',
@@ -2357,6 +2350,13 @@ public static function get_updateable_data_list( $selector = '' ) {
 				'sanitize_callback' => 'esc_textarea',
 				'jp_group'          => 'waf',
 			),
+			'jetpack_waf_ip_allow_list_enabled'     => array(
+				'description'       => esc_html__( 'Allow list - Allow a specific request IP.', 'jetpack' ),
+				'type'              => 'boolean',
+				'default'           => 0,
+				'validate_callback' => __CLASS__ . '::validate_boolean',
+				'jp_group'          => 'settings',
+			),
 			'jetpack_waf_ip_allow_list'             => array(
 				'description'       => esc_html__( 'Always allowed IP addresses', 'jetpack' ),
 				'type'              => 'string',

projects/plugins/jetpack/changelog/add-sync-waf-options-2

@@ -0,0 +1,5 @@
+Significance: patch
+Type: other
+Comment: Janitorial: Updated jetpack_waf_ip_allow_list_enabled options group from "waf" to "settings".
+
+