Skip to content

Commit

Permalink
3.9.0 released
Browse files Browse the repository at this point in the history
  • Loading branch information
amin0_000 committed Feb 23, 2015
1 parent 2dd8174 commit 3b5532f
Show file tree
Hide file tree
Showing 11 changed files with 186 additions and 80 deletions.
3 changes: 3 additions & 0 deletions all-in-one-wp-security/admin/wp-security-blacklist-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,9 @@ function render_tab1()
if (!empty($_POST['aiowps_banned_user_agents']))
{
$result = $result * $this->validate_user_agent_list();
}else{
//clear the user agent list
$aio_wp_security->configs->set_value('aiowps_banned_user_agents','');
}

if ($result == 1)
Expand Down
34 changes: 24 additions & 10 deletions all-in-one-wp-security/admin/wp-security-list-404.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,21 @@ function column_id($item) {
$blocked_ips_tab = 'tab3';
//Check if this IP address is locked
$is_locked = AIOWPSecurity_Utility::check_locked_ip($ip);
$delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&id=%s', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'delete_event_log', $item['id']);
//Add nonce to delete URL
$delete_url_nonce = wp_nonce_url($delete_url, "delete_404_log", "aiowps_nonce");
if ($is_locked) {
//Build row actions
$actions = array(
'unblock' => sprintf('<a href="admin.php?page=%s&tab=%s">Unblock</a>', AIOWPSEC_MAIN_MENU_SLUG, $blocked_ips_tab),
'delete' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&id=%s" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'delete_event_log', $item['id']),
'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
);
} else {
//Build row actions
$actions = array(
'temp_block' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to block this IP address?\')">Temp Block</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'temp_block', $item['ip_or_host'], $item['username']),
'blacklist_ip' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&ip_address=%s&username=%s" onclick="return confirm(\'Are you sure you want to permanently block this IP address?\')">Blacklist IP</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'blacklist_ip', $item['ip_or_host'], $item['username']),
'delete' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&id=%s" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>', AIOWPSEC_FIREWALL_MENU_SLUG, $tab, 'delete_event_log', $item['id']),
'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
);
}

Expand Down Expand Up @@ -226,18 +229,29 @@ function blacklist_ip_address($entries) {
*/

function delete_404_event_records($entries) {
global $wpdb;
global $wpdb, $aio_wp_security;
$events_table = AIOWPSEC_TBL_EVENTS;
if (is_array($entries)) {
//Delete multiple records
$entries = array_map( 'esc_sql', $entries); //escape every array element
$id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
if (isset($_REQUEST['_wp_http_referer']))
{
//Delete multiple records
$entries = array_map( 'esc_sql', $entries); //escape every array element
$id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM " . $events_table . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}

} elseif ($entries != NULL) {
$nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_404_log'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected 404 event logs operation!",4);
die(__('Nonce check failed for delete selected 404 event logs operation!','aiowpsecurity'));
}

//Delete single record
$delete_command = "DELETE FROM " . $events_table . " WHERE id = '" . absint($entries) . "'";
//$delete_command = $wpdb->prepare("DELETE FROM $events_table WHERE id = %s", absint($entries));
Expand Down
35 changes: 24 additions & 11 deletions all-in-one-wp-security/admin/wp-security-list-acct-activity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,13 @@ function column_default($item, $column_name){

function column_user_id($item){
$tab = strip_tags($_REQUEST['tab']);
$delete_url = sprintf('admin.php?page=%s&tab=%s&action=%s&activity_login_rec=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 'delete_acct_activity_rec', $item['id']);
//Add nonce to delete URL
$delete_url_nonce = wp_nonce_url($delete_url, "delete_acct_activity_log", "aiowps_nonce");

//Build row actions
$actions = array(
'delete' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&activity_login_rec=%s" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',AIOWPSEC_USER_LOGIN_MENU_SLUG,$tab,'delete_acct_activity_rec',$item['id']),
'delete' => '<a href="'.$delete_url_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
);

//Return the user_login contents
Expand Down Expand Up @@ -93,24 +97,33 @@ function process_bulk_action() {
*/
function delete_login_activity_records($entries)
{
global $wpdb;
global $wpdb, $aio_wp_security;
$login_activity_table = AIOWPSEC_TBL_USER_LOGIN_ACTIVITY;
if (is_array($entries))
{
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
if (isset($_REQUEST['_wp_http_referer']))
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entries were deleted successfully!','aiowpsecurity');
$success_msg .= '</strong></p></div>';
_e($success_msg);
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entries were deleted successfully!','aiowpsecurity');
$success_msg .= '</strong></p></div>';
_e($success_msg);
}
}
}
elseif ($entries != NULL)
{
$nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_acct_activity_log'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected account activity logs operation!",4);
die(__('Nonce check failed for delete selected account activity logs operation!','aiowpsecurity'));
}
//Delete single record
$delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
Expand Down
36 changes: 25 additions & 11 deletions all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,12 @@ function column_comment_author_IP($item){
//Suppress the block link if site is a multi site AND not the main site
$actions = array(); //blank array
}else{
$block_url = sprintf('admin.php?page=%s&tab=%s&action=%s&spammer_ip=%s', AIOWPSEC_SPAM_MENU_SLUG, $tab, 'block_spammer_ip', $item['comment_author_IP']);
//Add nonce to block URL
$block_url_nonce = wp_nonce_url($block_url, "block_spammer_ip", "aiowps_nonce");

$actions = array(
'block' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&spammer_ip=%s" onclick="return confirm(\'Are you sure you want to add this IP address to your blacklist?\')">Block</a>',AIOWPSEC_SPAM_MENU_SLUG,$tab,'block_spammer_ip',$item['comment_author_IP']),
'block' => '<a href="'.$block_url_nonce.'" onclick="return confirm(\'Are you sure you want to add this IP address to your blacklist?\')">Block</a>',
);
}

Expand Down Expand Up @@ -105,26 +109,36 @@ function block_spammer_ip_records($entries)
$currently_banned_ips = explode(PHP_EOL, $aio_wp_security->configs->get_value('aiowps_banned_ip_addresses'));
if (is_array($entries))
{
//Bulk selection using checkboxes were used
foreach ($entries as $ip_add)
if (isset($_REQUEST['_wp_http_referer']))
{
if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == ''))
//Bulk selection using checkboxes were used
foreach ($entries as $ip_add)
{
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($ip_add, $currently_banned_ips))
if (!empty($currently_banned_ips) && !(sizeof($currently_banned_ips) == 1 && trim($currently_banned_ips[0]) == ''))
{
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($ip_add, $currently_banned_ips))
{
$raw_banned_ip_list .= PHP_EOL.$ip_add;
}
}
else
{
//if blacklist is currently empty just add all IP addresses to the list regardless
$raw_banned_ip_list .= PHP_EOL.$ip_add;
}
}
else
{
//if blacklist is currently empty just add all IP addresses to the list regardless
$raw_banned_ip_list .= PHP_EOL.$ip_add;
}
}
}
else if ($entries != NULL)
{
$nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
if (!isset($nonce) ||!wp_verify_nonce($nonce, 'block_spammer_ip'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete selected blocked IP operation!",4);
die(__('Nonce check failed for delete selected blocked IP operation!','aiowpsecurity'));
}

//individual entry where "block" link was clicked
//Check if the IP address is already in the blacklist. If not add it to the list.
if (!in_array($entries, $currently_banned_ips))
Expand Down
59 changes: 43 additions & 16 deletions all-in-one-wp-security/admin/wp-security-list-locked-ip.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,18 @@ function column_default($item, $column_name){

function column_failed_login_ip($item){
$tab = isset($_REQUEST['tab'])?strip_tags($_REQUEST['tab']):'';
$delete_lockdown_record = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'delete_blocked_ip', $item['id']);
//Add nonce to delete URL
$delete_lockdown_record_nonce = wp_nonce_url($delete_lockdown_record, "delete_lockdown_record", "aiowps_nonce");

$unlock_ip_url = sprintf('admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 'unlock_ip', $item['id']);
//Add nonce to unlock IP URL
$unlock_ip_nonce = wp_nonce_url($unlock_ip_url, "unlock_ip", "aiowps_nonce");

//Build row actions
$actions = array(
'unlock' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s" onclick="return confirm(\'Are you sure you want to unlock this address range?\')">Unlock</a>',AIOWPSEC_MAIN_MENU_SLUG,$tab,'unlock_ip',$item['id']),
'delete' => sprintf('<a href="admin.php?page=%s&tab=%s&action=%s&lockdown_id=%s" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',AIOWPSEC_USER_LOGIN_MENU_SLUG,$tab,'delete_blocked_ip',$item['id']),
'unlock' => '<a href="'.$unlock_ip_nonce.'" onclick="return confirm(\'Are you sure you want to unlock this address range?\')">Unlock</a>',
'delete' => '<a href="'.$delete_lockdown_record_nonce.'" onclick="return confirm(\'Are you sure you want to delete this item?\')">Delete</a>',
);

//Return the user_login contents
Expand Down Expand Up @@ -108,17 +116,27 @@ function unlock_ip_range($entries)
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries))
{
//Unlock multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE id IN ".$id_list;
$result = $wpdb->query($unlock_command);
if($result != NULL)
if (isset($_REQUEST['_wp_http_referer']))
{
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entries were unlocked successfully!','aiowpsecurity'));
//Unlock multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE id IN ".$id_list;
$result = $wpdb->query($unlock_command);
if($result != NULL)
{
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The selected IP entries were unlocked successfully!','aiowpsecurity'));
}
}
} elseif ($entries != NULL)
{
//Delete single record
$nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
if (!isset($nonce) ||!wp_verify_nonce($nonce, 'unlock_ip'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for unlock IP operation!",4);
die(__('Nonce check failed for unlock IP operation!','aiowpsecurity'));
}

//Unlock single record
$unlock_command = "UPDATE ".$lockdown_table." SET release_date = now() WHERE id = '".absint($entries)."'";
$result = $wpdb->query($unlock_command);
if($result != NULL)
Expand All @@ -134,21 +152,30 @@ function unlock_ip_range($entries)
*/
function delete_lockdown_records($entries)
{
global $wpdb;
global $wpdb, $aio_wp_security;
$lockdown_table = AIOWPSEC_TBL_LOGIN_LOCKDOWN;
if (is_array($entries))
{
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$lockdown_table." WHERE id IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
if (isset($_REQUEST['_wp_http_referer']))
{
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
//Delete multiple records
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$lockdown_table." WHERE id IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
{
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
}
elseif ($entries != NULL)
{
$nonce=isset($_GET['aiowps_nonce'])?$_GET['aiowps_nonce']:'';
if (!isset($nonce) ||!wp_verify_nonce($nonce, 'delete_lockdown_record'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for delete lockdown record operation!",4);
die(__('Nonce check failed for delete lockdown record operation!','aiowpsecurity'));
}
//Delete single record
$delete_command = "DELETE FROM ".$lockdown_table." WHERE id = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
Expand Down
Loading

0 comments on commit 3b5532f

Please sign in to comment.