3.9.6 released

all-in-one-wp-security/admin/wp-security-admin-init.php

@@ -223,11 +223,7 @@ function create_admin_menus()
         }else{
             add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'),  __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering'));
         }
-        if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
-            //Suppress the Brute Force menu if site is a multi site AND not the main site
-        }else{
-            add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'),  __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
-        }
+        add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'),  __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering'));
         add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'),  __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering'));
         if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){
             //Suppress the filescan menu if site is a multi site AND not the main site

all-in-one-wp-security/admin/wp-security-brute-force-menu.php

@@ -49,8 +49,12 @@ function render_menu_tabs()
         echo '<h2 class="nav-tab-wrapper">';
         foreach ( $this->menu_tabs as $tab_key => $tab_caption ) 
         {
-            $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
-            echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';	
+            if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1 && stristr($tab_caption, "Rename Login Page") === false){
+                //Suppress the all Brute Force menu tabs except rename login if site is a multi site AND not the main site
+            }else{
+                $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
+                echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->menu_page_slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';	
+            }
         }
         echo '</h2>';
     }

all-in-one-wp-security/admin/wp-security-maintenance-menu.php

@@ -117,7 +117,7 @@ function render_tab1()
                         $aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.';
                     }
                     $aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8");
-                    $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg', 'media_buttons' => false);
+                    $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg');
                     wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings);                    
                     ?>
                     <br />

all-in-one-wp-security/classes/wp-security-captcha.php

@@ -86,7 +86,7 @@ function generate_maths_question()
         $enc_result = base64_encode($current_time.$captcha_secret_string.$result);
         $equation_string .= '<input type="hidden" name="aiowps-captcha-string-info" id="aiowps-captcha-string-info" value="'.$enc_result.'" />';
         $equation_string .= '<input type="hidden" name="aiowps-captcha-temp-string" id="aiowps-captcha-temp-string" value="'.$current_time.'" />';
-        $equation_string .= '<input type="text" size="2" length="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
+        $equation_string .= '<input type="text" size="2" id="aiowps-captcha-answer" name="aiowps-captcha-answer" value="" />';
         return $equation_string;
     }
 

all-in-one-wp-security/classes/wp-security-cronjob-handler.php

@@ -11,7 +11,7 @@ function aiowps_hourly_cron_event_handler()
     {
         //Do stuff that needs checking every hours
         global $aio_wp_security;
-        $aio_wp_security->debug_logger->log_debug_cron("Cronjob_Handler - Hourly cron handler got fired.");
+        //$aio_wp_security->debug_logger->log_debug_cron("Cronjob_Handler - Hourly cron handler got fired.");
 
         //do_action('aiowps_force_logout_check');
         //do_action('aiowps_check_password_stuff');   

all-in-one-wp-security/classes/wp-security-general-init-tasks.php

@@ -7,6 +7,7 @@ function __construct(){
 
         if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
             add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' ));
+            add_filter( 'aiowps_retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 2); //Fix for non decoded html entities in password reset link
         }
 
         add_action('admin_notices', array(&$this,'reapply_htaccess_rules_notice'));
@@ -394,4 +395,12 @@ function reapply_htaccess_rules_notice()
             echo '<div class="updated"><p>Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?&nbsp;&nbsp;<a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=1" class="button-primary">Yes</a>&nbsp;&nbsp;<a href="admin.php?page='.AIOWPSEC_MENU_SLUG_PREFIX.'&aiowps_reapply_htaccess=2" class="button-primary">No</a></p></div>';
         }
     }
+
+    //This is a fix for cases when the password reset URL in the email was not decoding all html entities properly
+    function decode_reset_pw_msg($message, $key)
+    {
+        global $aio_wp_security;
+        $message = html_entity_decode($message);
+        return $message;
+    }   
 }

all-in-one-wp-security/classes/wp-security-user-login.php

@@ -216,7 +216,7 @@ function lock_the_user($username='', $lock_reason='login_fail')
             $this->send_ip_lock_notification_email($username, $ip_range, $ip);
             $aio_wp_security->debug_logger->log_debug("The following IP address range has been locked out for exceeding the maximum login attempts: ".$ip_range,2);//Log the lockdown event
         }
-        else if ($result == FALSE)
+        else if ($result === FALSE)
         {
             $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
         }
@@ -248,7 +248,7 @@ function increment_failed_logins($username='')
         $insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " .
                         "VALUES ('" . $user_id . "', '" . $username . "', now(), '" . $ip_range_str . "')";
         $result = $wpdb->query($insert);
-        if ($result == FALSE)
+        if ($result === FALSE)
         {
             $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error
         }
@@ -415,7 +415,7 @@ static function wp_login_action_handler($user_login, $user='')
         $insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " .
                         "VALUES ('" . $user->ID . "', '" . $user_login . "', '" . $login_date_time . "', '" . $curr_ip_address . "')";
         $result = $wpdb->query($insert);
-        if ($result == FALSE)
+        if ($result === FALSE)
         {
             $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
         }
@@ -457,7 +457,7 @@ function wp_logout_action_handler()
                         'login_ip' => $ip_addr,
                         'logout_date' => '0000-00-00 00:00:00');
         $result = $wpdb->update($login_activity_table, $data, $where);
-        if ($result == FALSE)
+        if ($result === FALSE)
         {
             $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error
         }

all-in-one-wp-security/classes/wp-security-utility.php

@@ -424,7 +424,7 @@ static function lock_IP($ip, $lock_reason='', $username='')
         if ($result > 0)
         {
         }
-        else if ($result == FALSE)
+        else if ($result === FALSE)
         {
             $aio_wp_security->debug_logger->log_debug("lock_IP: Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error
         }

all-in-one-wp-security/other-includes/wp-security-rename-login-feature.php

@@ -384,8 +384,7 @@ function retrieve_password() {
 	 * @param string $message Default mail message.
 	 * @param string $key     The activation key.
 	 */
-	$message = apply_filters( 'retrieve_password_message', $message, $key );
-
+	$message = apply_filters( 'aiowps_retrieve_password_message', $message, $key );
 	if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
 		wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
 

all-in-one-wp-security/readme.txt

@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.2
-Stable tag: 3.9.5
+Stable tag: 3.9.6
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -177,6 +177,12 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 None
 
 == Changelog ==
+= 3.9.6 =
+- Added Rename Login page feature from the "Brute Force" menu to multisite sub-sites.
+- Removed invalid "length" attribute from input element in captcha code.
+- Fixed reset password feature whereby the URL which is sent out in the email for cases when rename login feature is enabled was not decoded properly.
+- Corrected the check for boolean false if returned from wpdb query result.
+- Added media button for wp editor in maintenance settings page.
 
 = 3.9.5 =
 - Fixed minor bug - IP addresses blocked due to '404' were not being listed in the display table.

all-in-one-wp-security/wp-security-core.php

@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '3.9.5';
+    var $version = '3.9.6';
     var $db_version = '1.6';
     var $plugin_url;
     var $plugin_path;

all-in-one-wp-security/wp-security.php

@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: v3.9.5
+Version: v3.9.6
 Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: http://www.tipsandtricks-hq.com/