class WpTarget

# File lib/wpscan/wp_target.rb, line 34
def initialize(target_url, options = {})
  @uri            = URI.parse(add_trailing_slash(add_http_protocol(target_url)))
  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]
  @multisite      = nil

  Browser.instance(options.merge(:max_threads => options[:threads]))
end

# File lib/wpscan/wp_target.rb, line 62
def self.valid_response_codes
  [200, 301, 302, 401, 403, 500]
end

# File lib/wpscan/wp_target.rb, line 109
def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end

# File lib/wpscan/wp_target.rb, line 103
def has_debug_log?
  # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
  response_body = Browser.instance.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
  response_body[%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
end

# File lib/wpscan/wp_target.rb, line 148
def is_multisite?
  unless @multisite
    # when multi site, there is no redirection or a redirect to the site itself
    # otherwise redirect to wp-login.php
    url = @uri.merge('wp-signup.php')
    resp = Browser.instance.get(url)
    if resp.code == 302 and resp.headers_hash['location'] =~ %rwp-login\.php\?action=register/
      @multisite = false
    elsif resp.code == 302 and resp.headers_hash['location'] =~ %rwp-signup\.php/
      @multisite = true
    elsif resp.code == 200
      @multisite = true
    else
      @multisite = false
    end
  end
  @multisite
end

# File lib/wpscan/wp_target.rb, line 49
def login_url
  url = @uri.merge('wp-login.php').to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end

# File lib/wpscan/wp_target.rb, line 126
def registration_enabled?
  resp = Browser.instance.get(registration_url)
  # redirect only on non multi sites
  if resp.code == 302 and resp.headers_hash['location'] =~ %rwp-login\.php\?registration=disabled/
    enabled = false
  # multi site registration form
  elsif resp.code == 200 and resp.body =~ %r<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
    enabled = true
  # normal registration form
  elsif resp.code == 200 and resp.body =~ %r<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
    enabled = true
  # registration disabled
  else
    enabled = false
  end
  enabled
end

# File lib/wpscan/wp_target.rb, line 144
def registration_url
  is_multisite? ? @uri.merge('wp-signup.php') : @uri.merge('wp-login.php?action=register')
end

# File lib/wpscan/wp_target.rb, line 120
def search_replace_db_2_exists?
  resp = Browser.instance.get(search_replace_db_2_url)
  resp.code == 200 && resp.body[%r{by interconnect}]
end

# File lib/wpscan/wp_target.rb, line 116
def search_replace_db_2_url
  @uri.merge('searchreplacedb2.php').to_s
end

# File lib/wpscan/wp_target.rb, line 67
def theme
  WpTheme.find(@uri)
end

# File lib/wpscan/wp_target.rb, line 45
def url
  @uri.to_s
end

# File lib/wpscan/wp_target.rb, line 72
def version
  WpVersion.find(@uri, wp_content_dir)
end

# File lib/wpscan/wp_target.rb, line 76
def wp_content_dir
  unless @wp_content_dir
    index_body = Browser.instance.get(@uri.to_s).body
    # Only use the path because domain can be text or an ip
    uri_path = @uri.path

    if index_body[%r\/wp-content\/(?:themes|plugins)\//]
      @wp_content_dir = 'wp-content'
    else
      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
      @wp_content_dir  = index_body[%r(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
    end
  end
  @wp_content_dir
end

# File lib/wpscan/wp_target.rb, line 92
def wp_plugins_dir
  unless @wp_plugins_dir
    @wp_plugins_dir = "#{wp_content_dir}/plugins"
  end
  @wp_plugins_dir
end

# File lib/wpscan/wp_target.rb, line 99
def wp_plugins_dir_exists?
  Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404
end