diff --git a/all-in-one-wp-security/admin/wp-security-admin-init.php b/all-in-one-wp-security/admin/wp-security-admin-init.php index 0c71222..fe685ab 100644 --- a/all-in-one-wp-security/admin/wp-security-admin-init.php +++ b/all-in-one-wp-security/admin/wp-security-admin-init.php @@ -223,11 +223,7 @@ function create_admin_menus() }else{ add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Firewall', 'aiowpsecurity'), __('Firewall', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_FIREWALL_MENU_SLUG, array(&$this, 'handle_firewall_menu_rendering')); } - if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){ - //Suppress the Brute Force menu if site is a multi site AND not the main site - }else{ - add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering')); - } + add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('Brute Force', 'aiowpsecurity'), __('Brute Force', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_BRUTE_FORCE_MENU_SLUG, array(&$this, 'handle_brute_force_menu_rendering')); add_submenu_page(AIOWPSEC_MAIN_MENU_SLUG, __('SPAM Prevention', 'aiowpsecurity'), __('SPAM Prevention', 'aiowpsecurity') , AIOWPSEC_MANAGEMENT_PERMISSION, AIOWPSEC_SPAM_MENU_SLUG, array(&$this, 'handle_spam_menu_rendering')); if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1){ //Suppress the filescan menu if site is a multi site AND not the main site diff --git a/all-in-one-wp-security/admin/wp-security-brute-force-menu.php b/all-in-one-wp-security/admin/wp-security-brute-force-menu.php index 2d8f509..20525d6 100644 --- a/all-in-one-wp-security/admin/wp-security-brute-force-menu.php +++ b/all-in-one-wp-security/admin/wp-security-brute-force-menu.php @@ -49,8 +49,12 @@ function render_menu_tabs() echo '

'; foreach ( $this->menu_tabs as $tab_key => $tab_caption ) { - $active = $current_tab == $tab_key ? 'nav-tab-active' : ''; - echo '' . $tab_caption . ''; + if (AIOWPSecurity_Utility::is_multisite_install() && get_current_blog_id() != 1 && stristr($tab_caption, "Rename Login Page") === false){ + //Suppress the all Brute Force menu tabs except rename login if site is a multi site AND not the main site + }else{ + $active = $current_tab == $tab_key ? 'nav-tab-active' : ''; + echo '' . $tab_caption . ''; + } } echo '

'; } diff --git a/all-in-one-wp-security/admin/wp-security-maintenance-menu.php b/all-in-one-wp-security/admin/wp-security-maintenance-menu.php index 18ef700..965ec93 100644 --- a/all-in-one-wp-security/admin/wp-security-maintenance-menu.php +++ b/all-in-one-wp-security/admin/wp-security-maintenance-menu.php @@ -117,7 +117,7 @@ function render_tab1() $aiowps_site_lockout_msg_raw = 'This site is currently not available. Please try again later.'; } $aiowps_site_lockout_msg = html_entity_decode($aiowps_site_lockout_msg_raw, ENT_COMPAT, "UTF-8"); - $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg', 'media_buttons' => false); + $aiowps_site_lockout_msg_settings = array('textarea_name' => 'aiowps_site_lockout_msg'); wp_editor($aiowps_site_lockout_msg, "aiowps_site_lockout_msg_editor_content", $aiowps_site_lockout_msg_settings); ?>
diff --git a/all-in-one-wp-security/classes/wp-security-captcha.php b/all-in-one-wp-security/classes/wp-security-captcha.php index a3cfde4..3ba64e2 100644 --- a/all-in-one-wp-security/classes/wp-security-captcha.php +++ b/all-in-one-wp-security/classes/wp-security-captcha.php @@ -86,7 +86,7 @@ function generate_maths_question() $enc_result = base64_encode($current_time.$captcha_secret_string.$result); $equation_string .= ''; $equation_string .= ''; - $equation_string .= ''; + $equation_string .= ''; return $equation_string; } diff --git a/all-in-one-wp-security/classes/wp-security-cronjob-handler.php b/all-in-one-wp-security/classes/wp-security-cronjob-handler.php index 0cad03a..ed768c2 100644 --- a/all-in-one-wp-security/classes/wp-security-cronjob-handler.php +++ b/all-in-one-wp-security/classes/wp-security-cronjob-handler.php @@ -11,7 +11,7 @@ function aiowps_hourly_cron_event_handler() { //Do stuff that needs checking every hours global $aio_wp_security; - $aio_wp_security->debug_logger->log_debug_cron("Cronjob_Handler - Hourly cron handler got fired."); + //$aio_wp_security->debug_logger->log_debug_cron("Cronjob_Handler - Hourly cron handler got fired."); //do_action('aiowps_force_logout_check'); //do_action('aiowps_check_password_stuff'); diff --git a/all-in-one-wp-security/classes/wp-security-general-init-tasks.php b/all-in-one-wp-security/classes/wp-security-general-init-tasks.php index cd39c94..dec88a4 100644 --- a/all-in-one-wp-security/classes/wp-security-general-init-tasks.php +++ b/all-in-one-wp-security/classes/wp-security-general-init-tasks.php @@ -7,6 +7,7 @@ function __construct(){ if ($aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') { add_action( 'widgets_init', array(&$this, 'remove_standard_wp_meta_widget' )); + add_filter( 'aiowps_retrieve_password_message', array(&$this, 'decode_reset_pw_msg'), 10, 2); //Fix for non decoded html entities in password reset link } add_action('admin_notices', array(&$this,'reapply_htaccess_rules_notice')); @@ -394,4 +395,12 @@ function reapply_htaccess_rules_notice() echo '

Would you like All In One WP Security & Firewall to re-insert the security rules in your .htaccess file which were cleared when you deactivated the plugin?  Yes  No

'; } } + + //This is a fix for cases when the password reset URL in the email was not decoding all html entities properly + function decode_reset_pw_msg($message, $key) + { + global $aio_wp_security; + $message = html_entity_decode($message); + return $message; + } } \ No newline at end of file diff --git a/all-in-one-wp-security/classes/wp-security-user-login.php b/all-in-one-wp-security/classes/wp-security-user-login.php index 6a985e1..041c230 100644 --- a/all-in-one-wp-security/classes/wp-security-user-login.php +++ b/all-in-one-wp-security/classes/wp-security-user-login.php @@ -216,7 +216,7 @@ function lock_the_user($username='', $lock_reason='login_fail') $this->send_ip_lock_notification_email($username, $ip_range, $ip); $aio_wp_security->debug_logger->log_debug("The following IP address range has been locked out for exceeding the maximum login attempts: ".$ip_range,2);//Log the lockdown event } - else if ($result == FALSE) + else if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error } @@ -248,7 +248,7 @@ function increment_failed_logins($username='') $insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " . "VALUES ('" . $user_id . "', '" . $username . "', now(), '" . $ip_range_str . "')"; $result = $wpdb->query($insert); - if ($result == FALSE) + if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_fails_table,4);//Log the highly unlikely event of DB error } @@ -415,7 +415,7 @@ static function wp_login_action_handler($user_login, $user='') $insert = "INSERT INTO " . $login_activity_table . " (user_id, user_login, login_date, login_ip) " . "VALUES ('" . $user->ID . "', '" . $user_login . "', '" . $login_date_time . "', '" . $curr_ip_address . "')"; $result = $wpdb->query($insert); - if ($result == FALSE) + if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error } @@ -457,7 +457,7 @@ function wp_logout_action_handler() 'login_ip' => $ip_addr, 'logout_date' => '0000-00-00 00:00:00'); $result = $wpdb->update($login_activity_table, $data, $where); - if ($result == FALSE) + if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("Error inserting record into ".$login_activity_table,4);//Log the highly unlikely event of DB error } diff --git a/all-in-one-wp-security/classes/wp-security-utility.php b/all-in-one-wp-security/classes/wp-security-utility.php index 65ad299..8986f04 100644 --- a/all-in-one-wp-security/classes/wp-security-utility.php +++ b/all-in-one-wp-security/classes/wp-security-utility.php @@ -424,7 +424,7 @@ static function lock_IP($ip, $lock_reason='', $username='') if ($result > 0) { } - else if ($result == FALSE) + else if ($result === FALSE) { $aio_wp_security->debug_logger->log_debug("lock_IP: Error inserting record into ".$login_lockdown_table,4);//Log the highly unlikely event of DB error } diff --git a/all-in-one-wp-security/other-includes/wp-security-rename-login-feature.php b/all-in-one-wp-security/other-includes/wp-security-rename-login-feature.php index d7ad507..4fc5c03 100644 --- a/all-in-one-wp-security/other-includes/wp-security-rename-login-feature.php +++ b/all-in-one-wp-security/other-includes/wp-security-rename-login-feature.php @@ -384,8 +384,7 @@ function retrieve_password() { * @param string $message Default mail message. * @param string $key The activation key. */ - $message = apply_filters( 'retrieve_password_message', $message, $key ); - + $message = apply_filters( 'aiowps_retrieve_password_message', $message, $key ); if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function.') ); diff --git a/all-in-one-wp-security/readme.txt b/all-in-one-wp-security/readme.txt index 9888b7e..8481fb1 100644 --- a/all-in-one-wp-security/readme.txt +++ b/all-in-one-wp-security/readme.txt @@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe, Requires at least: 3.5 Tested up to: 4.2 -Stable tag: 3.9.5 +Stable tag: 3.9.6 License: GPLv3 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site. @@ -177,6 +177,12 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin None == Changelog == += 3.9.6 = +- Added Rename Login page feature from the "Brute Force" menu to multisite sub-sites. +- Removed invalid "length" attribute from input element in captcha code. +- Fixed reset password feature whereby the URL which is sent out in the email for cases when rename login feature is enabled was not decoded properly. +- Corrected the check for boolean false if returned from wpdb query result. +- Added media button for wp editor in maintenance settings page. = 3.9.5 = - Fixed minor bug - IP addresses blocked due to '404' were not being listed in the display table. diff --git a/all-in-one-wp-security/wp-security-core.php b/all-in-one-wp-security/wp-security-core.php index 1ffc483..ccf9d94 100644 --- a/all-in-one-wp-security/wp-security-core.php +++ b/all-in-one-wp-security/wp-security-core.php @@ -3,7 +3,7 @@ if (!class_exists('AIO_WP_Security')){ class AIO_WP_Security{ - var $version = '3.9.5'; + var $version = '3.9.6'; var $db_version = '1.6'; var $plugin_url; var $plugin_path; diff --git a/all-in-one-wp-security/wp-security.php b/all-in-one-wp-security/wp-security.php index 88ee7cb..82ff5d5 100644 --- a/all-in-one-wp-security/wp-security.php +++ b/all-in-one-wp-security/wp-security.php @@ -1,7 +1,7 @@