diff --git a/projects/packages/waf/changelog/fix-waf-ensure-mode-option-set b/projects/packages/waf/changelog/fix-waf-ensure-mode-option-set new file mode 100644 index 0000000000000..0af8132fdb0d1 --- /dev/null +++ b/projects/packages/waf/changelog/fix-waf-ensure-mode-option-set @@ -0,0 +1,4 @@ +Significance: patch +Type: fixed + +WAF: Ensure mode option is set during activation diff --git a/projects/packages/waf/src/class-waf-initializer.php b/projects/packages/waf/src/class-waf-initializer.php index c2720f83ca7cf..1433dcfe14090 100644 --- a/projects/packages/waf/src/class-waf-initializer.php +++ b/projects/packages/waf/src/class-waf-initializer.php @@ -42,6 +42,9 @@ public static function init() { // Update the WAF after installing or upgrading a relevant Jetpack plugin add_action( 'upgrader_process_complete', __CLASS__ . '::update_waf_after_plugin_upgrade', 10, 2 ); + // Update the WAF after updating the rules settings + Waf_Rules_Manager::add_hooks(); + // Check for compatibility updates add_action( 'admin_init', __CLASS__ . '::check_for_updates' ); @@ -49,6 +52,9 @@ public static function init() { add_action( 'jetpack_activate_module_waf', __CLASS__ . '::on_waf_activation' ); add_action( 'jetpack_deactivate_module_waf', __CLASS__ . '::on_waf_deactivation' ); + // Update the WAF rule files on a schedule + Waf_Rules_Manager::schedule_rules_cron(); + // Brute force protection activation/deactivation hooks add_action( 'jetpack_activate_module_protect', __CLASS__ . '::on_brute_force_protection_activation' ); add_action( 'jetpack_deactivate_module_protect', __CLASS__ . '::on_brute_force_protection_deactivation' ); @@ -68,9 +74,6 @@ public static function init() { * @return bool|WP_Error True if the WAF activation is successful, WP_Error otherwise. */ public static function on_waf_activation() { - update_option( Waf_Runner::MODE_OPTION_NAME, 'normal' ); - add_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME, false ); - try { Waf_Runner::activate(); ( new Waf_Standalone_Bootstrap() )->generate(); diff --git a/projects/packages/waf/src/class-waf-runner.php b/projects/packages/waf/src/class-waf-runner.php index c1a8eb1965057..7747335ac5c82 100644 --- a/projects/packages/waf/src/class-waf-runner.php +++ b/projects/packages/waf/src/class-waf-runner.php @@ -37,12 +37,7 @@ public static function initialize() { if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) { return; } - // Don't run if in standalone mode - if ( function_exists( 'add_action' ) ) { - self::add_hooks(); - Waf_Rules_Manager::add_hooks(); - Waf_Rules_Manager::schedule_rules_cron(); - } + if ( ! self::did_run() ) { self::run(); } @@ -52,11 +47,10 @@ public static function initialize() { * Set action hooks * * @return void + * + * @deprecated $$next-version$$ Hooks have been moved to Waf_Initializer class. */ - public static function add_hooks() { - // Register REST routes. - add_action( 'rest_api_init', array( new REST_Controller(), 'register_rest_routes' ) ); - } + public static function add_hooks() {} /** * Did the WAF run yet or not? @@ -306,7 +300,7 @@ public static function initialize_filesystem() { } /** - * Activates the WAF by generating the rules script and setting the version + * Activates the WAF by generating the rules script and setting the related options. * * @throws Waf_Exception If the firewall mode is invalid. * @throws Waf_Exception If the activation fails. @@ -314,11 +308,16 @@ public static function initialize_filesystem() { * @return void */ public static function activate() { - $version = get_option( Waf_Rules_Manager::VERSION_OPTION_NAME ); - if ( ! $version ) { - add_option( Waf_Rules_Manager::VERSION_OPTION_NAME, Waf_Rules_Manager::RULES_VERSION ); + // Ensure version and mode options exist and have non-empty values. + if ( ! get_option( Waf_Rules_Manager::VERSION_OPTION_NAME ) ) { + update_option( Waf_Rules_Manager::VERSION_OPTION_NAME, Waf_Rules_Manager::RULES_VERSION ); + } + if ( ! get_option( self::MODE_OPTION_NAME ) ) { + update_option( self::MODE_OPTION_NAME, 'normal' ); } + // Ensure options exist. + add_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME, false ); add_option( self::SHARE_DATA_OPTION_NAME, true ); self::initialize_filesystem();