Skip to content

Commit

Permalink
v4.3.8 released
Browse files Browse the repository at this point in the history
  • Loading branch information
Amin authored and Amin committed Dec 17, 2018
1 parent d070e27 commit 1ebcbfc
Show file tree
Hide file tree
Showing 15 changed files with 4,912 additions and 4,784 deletions.
2 changes: 1 addition & 1 deletion all-in-one-wp-security/admin/wp-security-filesystem-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ function render_tab1()
</div>
<?php
$detected_os = strtoupper(PHP_OS);
if(strpos($detected_os, "WIN") !== false){
if(strpos($detected_os, "WIN") !== false && $detected_os != "DARWIN"){
echo '<div class="aio_yellow_box">';
echo '<p>'.__('This plugin has detected that your site is running on a Windows server.', 'all-in-one-wp-security-and-firewall').'
<br />'.__('This feature is not applicable for Windows server installations.', 'all-in-one-wp-security-and-firewall').'
Expand Down
1 change: 1 addition & 0 deletions all-in-one-wp-security/admin/wp-security-settings-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,7 @@ function render_tab2()
{
global $aio_wp_security;

if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
$home_path = get_home_path();
$htaccess_path = $home_path . '.htaccess';

Expand Down
9 changes: 8 additions & 1 deletion all-in-one-wp-security/classes/wp-security-general-init-tasks.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,7 @@ function __construct(){
switch_to_blog($blog_id);
if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1'){
if (!is_user_logged_in()) {
add_action('wp_head', array(&$this, 'add_recaptcha_script'));
add_action( 'comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1 );
add_action( 'comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1 );
add_filter( 'preprocess_comment', array(&$this, 'process_comment_post') );
Expand All @@ -213,6 +214,7 @@ function __construct(){
}else{
if($aio_wp_security->configs->get_value('aiowps_enable_comment_captcha') == '1'){
if (!is_user_logged_in()) {
add_action('wp_head', array(&$this, 'add_recaptcha_script'));
add_action( 'comment_form_after_fields', array(&$this, 'insert_captcha_question_form'), 1 );
add_action( 'comment_form_logged_in_after', array(&$this, 'insert_captcha_question_form'), 1 );
add_filter( 'preprocess_comment', array(&$this, 'process_comment_post') );
Expand Down Expand Up @@ -601,5 +603,10 @@ function check_rest_api_requests($rest_server_object){
$error_message = apply_filters('aiowps_rest_api_error_message', __('You are not authorized to perform this action.', 'disable-wp-rest-api'));
wp_die($error_message);
}
}
}

function add_recaptcha_script()
{
wp_enqueue_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js', false );
}
}
47 changes: 29 additions & 18 deletions all-in-one-wp-security/classes/wp-security-installer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,42 +7,53 @@

class AIOWPSecurity_Installer
{
static function run_installer()
static function run_installer($networkwide='')
{
global $wpdb;
if (function_exists('is_multisite') && is_multisite()) {
if (function_exists('is_multisite') && is_multisite() && $networkwide) {
// check if it is a network activation - if so, run the activation function for each blog id
if (isset($_GET['networkwide']) && ($_GET['networkwide'] == 1)) {
$old_blog = $wpdb->blogid;
// Get all blog ids
$blogids = $wpdb->get_col("SELECT blog_id FROM $wpdb->blogs");
foreach ($blogids as $blog_id) {
switch_to_blog($blog_id);
AIOWPSecurity_Installer::create_db_tables();
AIOWPSecurity_Configure_Settings::add_option_values();
restore_current_blog();
}
AIOWPSecurity_Installer::create_db_backup_dir(); //Create a backup dir in the WP uploads directory
switch_to_blog($old_blog);
return;
}
} else {
AIOWPSecurity_Installer::create_db_tables();
AIOWPSecurity_Configure_Settings::add_option_values();
AIOWPSecurity_Installer::create_db_backup_dir(); //Create a backup dir in the WP uploads directory
}
AIOWPSecurity_Installer::create_db_tables();
AIOWPSecurity_Configure_Settings::add_option_values();
AIOWPSecurity_Installer::create_db_backup_dir(); //Create a backup dir in the WP uploads directory
}

static function create_db_tables()
{
global $wpdb;
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');

//"User Login" related tables
$lockdown_tbl_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
$failed_login_tbl_name = AIOWPSEC_TBL_FAILED_LOGINS;
$user_login_activity_tbl_name = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
$aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
$aiowps_event_tbl_name = AIOWPSEC_TBL_EVENTS;
$perm_block_tbl_name = AIOWPSEC_TBL_PERM_BLOCK;
if (function_exists('is_multisite') && is_multisite()) {
/*
* FIX for multisite table creation case:
* Although each table name is defined in a constant inside the wp-security-core.php,
* we need to do this step for multisite case because we need to refresh the $wpdb->prefix value
* otherwise it will contain the original blog id and not the current id we need.
*
*/
$lockdown_tbl_name = $wpdb->prefix.'aiowps_login_lockdown';
$failed_login_tbl_name = $wpdb->prefix.'aiowps_failed_logins';
$user_login_activity_tbl_name = $wpdb->prefix.'aiowps_login_activity';
$aiowps_global_meta_tbl_name = $wpdb->prefix.'aiowps_global_meta';
$aiowps_event_tbl_name = $wpdb->prefix.'aiowps_events';
$perm_block_tbl_name = $wpdb->prefix.'aiowps_permanent_block';
} else {
$lockdown_tbl_name = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
$failed_login_tbl_name = AIOWPSEC_TBL_FAILED_LOGINS;
$user_login_activity_tbl_name = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
$aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
$aiowps_event_tbl_name = AIOWPSEC_TBL_EVENTS;
$perm_block_tbl_name = AIOWPSEC_TBL_PERM_BLOCK;
}

$charset_collate = '';
if (!empty($wpdb->charset)) {
Expand Down
46 changes: 46 additions & 0 deletions all-in-one-wp-security/classes/wp-security-process-renamed-login-page.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ function __construct()
add_filter('network_site_url', array(&$this, 'aiowps_site_url'), 10, 2);
add_filter('wp_redirect', array(&$this, 'aiowps_wp_redirect'), 10, 2);
add_filter('register', array(&$this, 'register_link'));
add_filter('user_request_action_email_content', array(&$this, 'aiowps_user_request_email_content'), 10, 2);
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL

}
Expand Down Expand Up @@ -56,6 +57,28 @@ function register_link($registration_url)
return $this->aiowps_filter_wp_login_file($registration_url);
}

// Filter confirm link so we hide the secret login slug in the export_personal_data email
function aiowps_user_request_email_content($email_text, $email_data)
{
global $aio_wp_security;
if(isset($email_data['request']) && isset($email_data['request']->action_name)) {
if($email_data['request']->action_name == 'export_personal_data') {
$confirm_url = $email_data['confirm_url'];
$login_slug = $aio_wp_security->configs->get_value('aiowps_login_page_slug');
if(get_option('permalink_structure')) {
$new_confirm_url = str_replace( $login_slug, 'wp-login.php', $confirm_url );
} else {
$search_pattern = '?'.$login_slug.'&action';
$new_confirm_url = str_replace( $search_pattern, '/wp-login.php/?action', $confirm_url );
}

$email_text_modified = str_replace( '###CONFIRM_URL###', esc_url_raw( $new_confirm_url ), $email_text );
return $email_text_modified;
}
}
return $email_text;
}

//Filter all login url strings on the login page
function aiowps_filter_wp_login_file($url)
{
Expand Down Expand Up @@ -112,6 +135,29 @@ static function renamed_login_init_tasks()

//case where someone attempting to reach wp-login
if(isset($_SERVER['REQUEST_URI']) && strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) && !is_user_logged_in()){

// Handle export personal data request for rename login case
if(isset($_GET['request_id'])) {
$request_id = (int) $_GET['request_id'];
$result = '';
if ( isset( $_GET['confirm_key'] ) ) {
$key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
$result = wp_validate_user_request_key( $request_id, $key );
} else {
$result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}

if ( is_wp_error( $result ) ) {
wp_die( $result );
}else if(!empty($result)) {
_wp_privacy_account_request_confirmed($request_id);
$message = _wp_privacy_account_request_confirmed_message( $request_id );
login_header( __( 'User action confirmed.' ), $message );
login_footer();
exit;
}
}

//Check if the maintenance (lockout) mode is active - if so prevent access to site by not displaying 404 page!
if($aio_wp_security->configs->get_value('aiowps_site_lockout') == '1'){
AIOWPSecurity_WP_Loaded_Tasks::site_lockout_tasks();
Expand Down
2 changes: 1 addition & 1 deletion all-in-one-wp-security/classes/wp-security-user-login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ function __construct()
// Check whether user needs to be manually approved after default WordPress authenticate hooks (with priority 20).
add_filter('authenticate', array($this, 'check_manual_registration_approval'), 30, 1);
// Check login captcha
add_filter('authenticate', array($this, 'check_captcha'), 30, 1);
add_filter('authenticate', array($this, 'check_captcha'), 1, 1);
// As a last authentication step, perform post authentication steps
add_filter('authenticate', array($this, 'post_authenticate'), 100, 3);
add_action('aiowps_force_logout_check', array($this, 'aiowps_force_logout_action_handler'));
Expand Down
1 change: 1 addition & 0 deletions all-in-one-wp-security/classes/wp-security-utility-file.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ function __construct(){
*/

//Get wp-config.php file path
if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
$wp_config_path = AIOWPSecurity_Utility_File::get_wp_config_file_path();
$home_path = get_home_path();

Expand Down
2 changes: 2 additions & 0 deletions all-in-one-wp-security/classes/wp-security-utility-htaccess.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ static function write_to_htaccess()
return false; //unable to write to the file
}

if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
$home_path = get_home_path();
$htaccess = $home_path . '.htaccess';

Expand Down Expand Up @@ -138,6 +139,7 @@ static function write_to_htaccess()
*/
static function delete_from_htaccess($section = 'All In One WP Security')
{
if ( !function_exists( 'get_home_path' ) ) require_once( ABSPATH. '/wp-admin/includes/file.php' );
$home_path = get_home_path();
$htaccess = $home_path . '.htaccess';

Expand Down
16 changes: 10 additions & 6 deletions all-in-one-wp-security/classes/wp-security-wp-footer-content.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,16 @@ function print_google_recaptcha_api() {
alert(response);
};
var onloadCallback = function() {
grecaptcha.render('woo_recaptcha_1', {
'sitekey' : '<?php echo $site_key; ?>',
});
grecaptcha.render('woo_recaptcha_2', {
'sitekey' : '<?php echo $site_key; ?>',
});
if ( jQuery('#woo_recaptcha_1').length ) {
grecaptcha.render('woo_recaptcha_1', {
'sitekey' : '<?php echo $site_key; ?>',
});
}
if ( jQuery('#woo_recaptcha_2').length ) {
grecaptcha.render('woo_recaptcha_2', {
'sitekey' : '<?php echo $site_key; ?>',
});
}
};
</script>
<script src='https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit' async defer></script>
Expand Down
Binary file modified all-in-one-wp-security/languages/all-in-one-wp-security-and-firewall-nl_NL.mo
View file
Binary file not shown.
Loading

0 comments on commit 1ebcbfc

Please sign in to comment.