<?php
class kerberos_xmlrpc_filter {
private $config = [
'disable-rpc' => false,
'remove-pingback-header' => false,
'filter' => [
'enable' => true,
'process' => 1,
'message' => [
'enable' => true,
'status' => 200,
'content-mime' => 'text/plain',
'message' => 'You don\'t have permission to access on this server.'
],
'methods' => [
'demo.sayHello' => ['enable' => true, 'process' => 0],
'system.multicall' => ['enable' => false, 'process' => 0],
'wp.getUsersBlogs' => ['enable' => false, 'process' => 0],
'wp.newPost' => ['enable' => false, 'process' => 0],
'wp.editPost' => ['enable' => false, 'process' => 0],
'wp.deletePost' => ['enable' => false, 'process' => 0],
'wp.getPost' => ['enable' => true, 'process' => 0],
'wp.getPosts' => ['enable' => true, 'process' => 0],
'wp.newTerm' => ['enable' => false, 'process' => 0],
'wp.editTerm' => ['enable' => false, 'process' => 0],
'wp.deleteTerm' => ['enable' => false, 'process' => 0],
'wp.getTerm' => ['enable' => true, 'process' => 0],
'wp.getTerms' => ['enable' => true, 'process' => 0],
'wp.getTaxonomy' => ['enable' => true, 'process' => 0],
'wp.getTaxonomies' => ['enable' => true, 'process' => 0],
'wp.getUser' => ['enable' => false, 'process' => 0],
'wp.getUsers' => ['enable' => false, 'process' => 0],
'wp.getProfile' => ['enable' => false, 'process' => 0],
'wp.editProfile' => ['enable' => false, 'process' => 0],
'wp.getPage' => ['enable' => true, 'process' => 0],
'wp.getPages' => ['enable' => true, 'process' => 0],
'wp.newPage' => ['enable' => false, 'process' => 0],
'wp.deletePage' => ['enable' => false, 'process' => 0],
'wp.editPage' => ['enable' => false, 'process' => 0],
'wp.getPageList' => ['enable' => true, 'process' => 0],
'wp.getAuthors' => ['enable' => true, 'process' => 0],
'wp.getCategories' => ['enable' => true, 'process' => 0],
'wp.getTags' => ['enable' => true, 'process' => 0],
'wp.newCategory' => ['enable' => false, 'process' => 0],
'wp.deleteCategory' => ['enable' => false, 'process' => 0],
'wp.suggestCategories' => ['enable' => true, 'process' => 0],
'wp.uploadFile' => ['enable' => false, 'process' => 0],
'wp.deleteFile' => ['enable' => false, 'process' => 0],
'wp.getCommentCount' => ['enable' => true, 'process' => 0],
'wp.getPostStatusList' => ['enable' => false, 'process' => 0],
'wp.getPageStatusList' => ['enable' => false, 'process' => 0],
'wp.getPageTemplates' => ['enable' => false, 'process' => 0],
'wp.getOptions' => ['enable' => false, 'process' => 0],
'wp.setOptions' => ['enable' => false, 'process' => 0],
'wp.getComment' => ['enable' => true, 'process' => 0],
'wp.getComments' => ['enable' => true, 'process' => 0],
'wp.deleteComment' => ['enable' => false, 'process' => 0],
'wp.editComment' => ['enable' => false, 'process' => 0],
'wp.newComment' => ['enable' => false, 'process' => 0],
'wp.getCommentStatusList' => ['enable' => false, 'process' => 0],
'wp.getMediaItem' => ['enable' => false, 'process' => 0],
'wp.getMediaLibrary' => ['enable' => false, 'process' => 0],
'wp.getPostFormats' => ['enable' => false, 'process' => 0],
'wp.getPostType' => ['enable' => false, 'process' => 0],
'wp.getPostTypes' => ['enable' => false, 'process' => 0],
'wp.getRevisions' => ['enable' => false, 'process' => 0],
'wp.restoreRevision' => ['enable' => false, 'process' => 0],
'blogger.getUsersBlogs' => ['enable' => true, 'process' => 0],
'blogger.getUserInfo' => ['enable' => true, 'process' => 0],
'blogger.getPost' => ['enable' => true, 'process' => 0],
'blogger.getRecentPosts' => ['enable' => true, 'process' => 0],
'blogger.newPost' => ['enable' => true, 'process' => 0],
'blogger.editPost' => ['enable' => true, 'process' => 0],
'blogger.deletePost' => ['enable' => true, 'process' => 0],
'metaWeblog.newPost' => ['enable' => true, 'process' => 0],
'metaWeblog.editPost' => ['enable' => true, 'process' => 0],
'metaWeblog.getPost' => ['enable' => true, 'process' => 0],
'metaWeblog.getRecentPosts' => ['enable' => true, 'process' => 0],
'metaWeblog.getCategories' => ['enable' => true, 'process' => 0],
'metaWeblog.newMediaObject' => ['enable' => true, 'process' => 0],
http://www.xmlrpc.com/stories/storyReader
'metaWeblog.deletePost' => ['enable' => true, 'process' => 0],
'metaWeblog.getUsersBlogs' => ['enable' => true, 'process' => 0],
'mt.getCategoryList' => ['enable' => true, 'process' => 0],
'mt.getRecentPostTitles' => ['enable' => true, 'process' => 0],
'mt.getPostCategories' => ['enable' => true, 'process' => 0],
'mt.setPostCategories' => ['enable' => true, 'process' => 0],
'mt.supportedMethods' => ['enable' => true, 'process' => 0],
'mt.supportedTextFilters' => ['enable' => true, 'process' => 0],
'mt.getTrackbackPings' => ['enable' => true, 'process' => 0],
'mt.publishPost' => ['enable' => true, 'process' => 0],
'pingback.ping' => ['enable' => true, 'process' => 0],
'pingback.extensions.getPingbacks' => ['enable' => false, 'process' => 0]
]
]
];
public function __construct() {
if ($this->config['disable-rpc'] === true) {
add_filter('option_enable_xmlrpc', false);
} else {
if ($this->config['remove-pingback-header'] === true) {
add_filter('wp_headers', [$this, 'wp_headers']);
}
if ($this->config['filter']['enable'] === true) {
add_filter('xmlrpc_methods', [$this, 'xmlrpc_methods'], 3);
}
}
}
public function wp_headers($headers) {
unset($headers['X-Pingback']);
return $headers;
}
public function xmlrpc_methods($methods) {
if ($_SERVER['REMOTE_ADDR'] === '127.0.0.1') {
return $methods;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_SERVER['POST']) === false) {
return [];
}
foreach ($this->config['filter']['methods'] as $method_name => $method_option) {
$postData = $postData = $_SERVER['POST'];
if (strpos($postData, $method_name) !== false) {
if ($method_option['enable'] === false) {
switch ($this->config['filter']['process']) {
case 0:
unset($methods[$method_name]);
break 2;
case 1:
http_response_code(403);
if ($this->config['filter']['message']['enable'] === true) {
header('Content-type: '.$this->config['filter']['message']['content-mime']);
echo $this->config['filter']['message']['message'];
}
exit;
break 2;
case 2:
http_response_code($this->config['filter']['message']['status']);
if ($this->config['filter']['message']['enable'] === true) {
header('Content-type: '.$this->config['filter']['message']['content-mime']);
echo $this->config['filter']['message']['message'];
}
exit;
break 2;
}
break 1;
}
}
}
}
return $methods;
}
}
new kerberos_xmlrpc_filter();
?>
最近のコメント