v4.2.3 released

all-in-one-wp-security/classes/wp-security-user-registration.php

@@ -8,6 +8,7 @@ function __construct()
         add_action('user_register', array(&$this, 'aiowps_user_registration_action_handler'));
         if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
             add_filter('registration_errors', array(&$this, 'aiowps_validate_registration_with_captcha'), 10, 3);
+            add_filter('woocommerce_process_registration_errors', array(&$this, 'aiowps_validate_woo_registration_with_captcha'), 10, 4);
         }
     }
 
@@ -80,5 +81,35 @@ function aiowps_validate_registration_with_captcha($errors, $sanitized_user_logi
         }
         return $errors;
     }
+
+    function aiowps_validate_woo_registration_with_captcha($errors, $username, $password, $email)
+    {
+        global $aio_wp_security;
+
+        $locked = $aio_wp_security->user_login_obj->check_locked_user();
+        if($locked == null){
+            //user is not locked continue
+        }else{
+            $errors->add('authentication_failed', __('<strong>ERROR</strong>: You are not allowed to register because your IP address is currently locked!', 'all-in-one-wp-security-and-firewall'));
+            return $errors;
+        }
+
+        if (array_key_exists('aiowps-captcha-answer', $_POST)) //If the register form with captcha was submitted then do some processing
+        {
+            isset($_POST['aiowps-captcha-answer'])?$captcha_answer = strip_tags(trim($_POST['aiowps-captcha-answer'])): $captcha_answer = '';
+            $captcha_secret_string = $aio_wp_security->configs->get_value('aiowps_captcha_secret_key');
+            $submitted_encoded_string = base64_encode($_POST['aiowps-captcha-temp-string'].$captcha_secret_string.$captcha_answer);
+            $trans_handle = sanitize_text_field($_POST['aiowps-captcha-string-info']);
+            $captcha_string_info_trans = (AIOWPSecurity_Utility::is_multisite_install() ? get_site_transient('aiowps_captcha_string_info_'.$trans_handle) : get_transient('aiowps_captcha_string_info_'.$trans_handle));
+
+            if($submitted_encoded_string !== $captcha_string_info_trans)
+            {
+                //This means a wrong answer was entered
+                $errors->add('authentication_failed', __('<strong>ERROR</strong>: Your answer was incorrect - please try again.', 'all-in-one-wp-security-and-firewall'));
+                return $errors;
+            }
+        }
+        return $errors;
+    }
 
 }

all-in-one-wp-security/classes/wp-security-utility.php

@@ -572,6 +572,8 @@ static function get_server_type()
             return 'nginx';
         } else if (strstr(strtolower(filter_var($_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING)), 'litespeed')) {
             return 'litespeed';
+        } else if (strstr(strtolower(filter_var($_SERVER['SERVER_SOFTWARE'], FILTER_SANITIZE_STRING)), 'iis')) {
+            return 'iis';
         } else { //unsupported server
             return -1;
         }

all-in-one-wp-security/readme.txt

@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.6
-Stable tag: 4.2.2
+Stable tag: 4.2.3
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -183,9 +183,12 @@ None
 
 == Changelog ==
 
-= TODO 4.2.3 =
+= 4.2.3 =
+- Fixed bug when math captcha was displayed on Woocommerce registration page.
+- Fixed login page bug for cases where email address and captcha are used to submit login form (thanks to @chesio for fix).
 - Logs directory now contains a .htaccess file with proper deny directives.
 - Small UX improvement: add for attribute to captcha label.
+- Added check for IIS server in get_server_type function.
 
 = 4.2.2 =
 - Debug logger class improvements.

all-in-one-wp-security/wp-security-core.php

@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '4.2.2';
+    var $version = '4.2.3';
     var $db_version = '1.8';
     var $plugin_url;
     var $plugin_path;

all-in-one-wp-security/wp-security.php

@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: 4.2.2
+Version: 4.2.3
 Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: https://www.tipsandtricks-hq.com/