3.9.4 released

all-in-one-wp-security/admin/wp-security-list-404.php

@@ -285,11 +285,15 @@ function prepare_items() {
 
         $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
         $order = !empty($order) ? esc_sql($order) : 'DESC';
+
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
         if (isset($_POST['s'])) {
             $search_term = trim($_POST['s']);
             $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $events_table_name . " WHERE `ip_or_host` LIKE '%%%s%%' OR `url` LIKE '%%%s%%' OR `referer_info` LIKE '%%%s%%'", $search_term, $search_term, $search_term), ARRAY_A);
         } else {
-            $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name ORDER BY %s %s",$orderby, $order ), ARRAY_A);
+            $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name WHERE event_type=%s ORDER BY $orderby $order",'404'), ARRAY_A);
         }
         $new_data = array();
         foreach ($data as $row) {

all-in-one-wp-security/admin/wp-security-list-acct-activity.php

@@ -162,7 +162,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'login_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY %s %s LIMIT 50",$orderby, $order), ARRAY_A); //Get the last 50 records
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY $orderby $order LIMIT %d", 50), ARRAY_A); //Get the last 50 records
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);

all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php

@@ -201,6 +201,9 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
         $sql = $wpdb->prepare("SELECT   comment_author_IP, COUNT(*) AS amount
                 FROM     $wpdb->comments 
                 WHERE    comment_approved = 'spam'

all-in-one-wp-security/admin/wp-security-list-locked-ip.php

@@ -210,7 +210,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'lockdown_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE release_date > now() ORDER BY %s %s", $orderby, $order), ARRAY_A);
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE lock_reason=%s AND release_date > now() ORDER BY $orderby $order", 'login_fail'), ARRAY_A);
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);

all-in-one-wp-security/admin/wp-security-list-login-fails.php

@@ -161,7 +161,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'failed_login_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name ORDER BY %s %s;", $orderby, $order), ARRAY_A);
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE id > %d ORDER BY $orderby $order", -1), ARRAY_A); //Note: had to deliberately introduce WHERE clause because you need at least 2 arguments in prepare statement. Cannot use order/orderby
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);

all-in-one-wp-security/classes/wp-security-utility.php

@@ -71,9 +71,9 @@ static function check_user_exists($username)
 
         //check users table
         //$user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
-        $sql_1 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE user_login=%s", 'user_login', sanitize_text_field( $username ));
+        $sql_1 = $wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_login=%s", sanitize_text_field( $username ));
         $user = $wpdb->get_var( $sql_1 );
-        $sql_2 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE ID=%s", 'ID', sanitize_text_field( $username ));
+        $sql_2 = $wpdb->prepare("SELECT ID FROM $wpdb->users WHERE ID=%s", sanitize_text_field( $username ));
         $userid = $wpdb->get_var( $sql_2 );
 
         if ( $user == $username || $userid == $username ) {
@@ -483,6 +483,17 @@ static function get_server_type()
 
     }
 
-
+    /*
+     * Checks if the string exists in the array key value of the provided array. If it doesn't exist, it returns the first key element from the valid values.
+     */
+    static function sanitize_value_by_array($to_check, $valid_values)
+    {
+        $keys = array_keys($valid_values);
+        $keys = array_map('strtolower', $keys);
+        if ( in_array( $to_check, $keys ) ) {
+            return $to_check;
+        }
+        return reset($keys);//Return he first element from the valid values
+    }
 
 }

all-in-one-wp-security/readme.txt

@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.1.1
-Stable tag: 3.9.2
+Stable tag: 3.9.4
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -178,6 +178,12 @@ None
 
 == Changelog ==
 
+= 3.9.4 =
+- The sort order and orderby parameters now use a whitelisting approach for sanitization.
+
+= 3.9.3 =
+- Fixed the sort order not working in the 404 error logging and account activity page.
+
 = 3.9.2 =
 - Added a check for registration captcha feature to prevent errors when using another captcha plugin. 
 - Improved a few SQL statements.

all-in-one-wp-security/wp-security-core.php

@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '3.9.2';
+    var $version = '3.9.4';
     var $db_version = '1.6';
     var $plugin_url;
     var $plugin_path;

all-in-one-wp-security/wp-security.php

@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: v3.9.2
+Version: v3.9.4
 Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: http://www.tipsandtricks-hq.com/