From 51bc79fcef6e796d52f2b83d2f924690f9ff5a9e Mon Sep 17 00:00:00 2001
From: amin0_000 <amin0_000@aminpc>
Date: Fri, 10 Apr 2015 09:59:43 +1000
Subject: [PATCH] 3.9.4 released

---
 .../admin/wp-security-list-404.php              |  6 +++++-
 .../admin/wp-security-list-acct-activity.php    |  5 ++++-
 .../wp-security-list-comment-spammer-ip.php     |  3 +++
 .../admin/wp-security-list-locked-ip.php        |  5 ++++-
 .../admin/wp-security-list-login-fails.php      |  5 ++++-
 .../classes/wp-security-utility.php             | 17 ++++++++++++++---
 all-in-one-wp-security/readme.txt               |  8 +++++++-
 all-in-one-wp-security/wp-security-core.php     |  2 +-
 all-in-one-wp-security/wp-security.php          |  2 +-
 9 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/all-in-one-wp-security/admin/wp-security-list-404.php b/all-in-one-wp-security/admin/wp-security-list-404.php
index 9a5a59f..d7d0aba 100644
--- a/all-in-one-wp-security/admin/wp-security-list-404.php
+++ b/all-in-one-wp-security/admin/wp-security-list-404.php
@@ -285,11 +285,15 @@ function prepare_items() {
 
         $orderby = !empty($orderby) ? esc_sql($orderby) : 'id';
         $order = !empty($order) ? esc_sql($order) : 'DESC';
+        
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+
         if (isset($_POST['s'])) {
             $search_term = trim($_POST['s']);
             $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $events_table_name . " WHERE `ip_or_host` LIKE '%%%s%%' OR `url` LIKE '%%%s%%' OR `referer_info` LIKE '%%%s%%'", $search_term, $search_term, $search_term), ARRAY_A);
         } else {
-            $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name ORDER BY %s %s",$orderby, $order ), ARRAY_A);
+            $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $events_table_name WHERE event_type=%s ORDER BY $orderby $order",'404'), ARRAY_A);
         }
         $new_data = array();
         foreach ($data as $row) {
diff --git a/all-in-one-wp-security/admin/wp-security-list-acct-activity.php b/all-in-one-wp-security/admin/wp-security-list-acct-activity.php
index 115c6d5..9a172d8 100644
--- a/all-in-one-wp-security/admin/wp-security-list-acct-activity.php
+++ b/all-in-one-wp-security/admin/wp-security-list-acct-activity.php
@@ -162,7 +162,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'login_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY %s %s LIMIT 50",$orderby, $order), ARRAY_A); //Get the last 50 records
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+        
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY $orderby $order LIMIT %d", 50), ARRAY_A); //Get the last 50 records
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
diff --git a/all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php b/all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php
index e1ea706..351718c 100644
--- a/all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php
+++ b/all-in-one-wp-security/admin/wp-security-list-comment-spammer-ip.php
@@ -201,6 +201,9 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'amount';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+        
         $sql = $wpdb->prepare("SELECT   comment_author_IP, COUNT(*) AS amount
                 FROM     $wpdb->comments 
                 WHERE    comment_approved = 'spam'
diff --git a/all-in-one-wp-security/admin/wp-security-list-locked-ip.php b/all-in-one-wp-security/admin/wp-security-list-locked-ip.php
index 0769bc1..bcbcb96 100644
--- a/all-in-one-wp-security/admin/wp-security-list-locked-ip.php
+++ b/all-in-one-wp-security/admin/wp-security-list-locked-ip.php
@@ -210,7 +210,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'lockdown_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE release_date > now() ORDER BY %s %s", $orderby, $order), ARRAY_A);
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+        
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE lock_reason=%s AND release_date > now() ORDER BY $orderby $order", 'login_fail'), ARRAY_A);
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
diff --git a/all-in-one-wp-security/admin/wp-security-list-login-fails.php b/all-in-one-wp-security/admin/wp-security-list-login-fails.php
index 5310690..a1b8412 100644
--- a/all-in-one-wp-security/admin/wp-security-list-login-fails.php
+++ b/all-in-one-wp-security/admin/wp-security-list-login-fails.php
@@ -161,7 +161,10 @@ function prepare_items() {
 	$orderby = !empty($orderby) ? esc_sql($orderby) : 'failed_login_date';
 	$order = !empty($order) ? esc_sql($order) : 'DESC';
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name ORDER BY %s %s;", $orderby, $order), ARRAY_A);
+        $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
+        $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
+        
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE id > %d ORDER BY $orderby $order", -1), ARRAY_A); //Note: had to deliberately introduce WHERE clause because you need at least 2 arguments in prepare statement. Cannot use order/orderby
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);
diff --git a/all-in-one-wp-security/classes/wp-security-utility.php b/all-in-one-wp-security/classes/wp-security-utility.php
index d1f49e5..6dec0f4 100644
--- a/all-in-one-wp-security/classes/wp-security-utility.php
+++ b/all-in-one-wp-security/classes/wp-security-utility.php
@@ -71,9 +71,9 @@ static function check_user_exists($username)
         
         //check users table
         //$user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
-        $sql_1 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE user_login=%s", 'user_login', sanitize_text_field( $username ));
+        $sql_1 = $wpdb->prepare("SELECT user_login FROM $wpdb->users WHERE user_login=%s", sanitize_text_field( $username ));
         $user = $wpdb->get_var( $sql_1 );
-        $sql_2 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE ID=%s", 'ID', sanitize_text_field( $username ));
+        $sql_2 = $wpdb->prepare("SELECT ID FROM $wpdb->users WHERE ID=%s", sanitize_text_field( $username ));
         $userid = $wpdb->get_var( $sql_2 );
 
         if ( $user == $username || $userid == $username ) {
@@ -483,6 +483,17 @@ static function get_server_type()
         
     }
     
-    
+    /*
+     * Checks if the string exists in the array key value of the provided array. If it doesn't exist, it returns the first key element from the valid values.
+     */
+    static function sanitize_value_by_array($to_check, $valid_values)
+    {
+        $keys = array_keys($valid_values);
+        $keys = array_map('strtolower', $keys);
+        if ( in_array( $to_check, $keys ) ) {
+            return $to_check;
+        }
+        return reset($keys);//Return he first element from the valid values
+    }
     
 }
diff --git a/all-in-one-wp-security/readme.txt b/all-in-one-wp-security/readme.txt
index b637b10..77cee14 100644
--- a/all-in-one-wp-security/readme.txt
+++ b/all-in-one-wp-security/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.1.1
-Stable tag: 3.9.2
+Stable tag: 3.9.4
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -178,6 +178,12 @@ None
 
 == Changelog ==
 
+= 3.9.4 =
+- The sort order and orderby parameters now use a whitelisting approach for sanitization.
+
+= 3.9.3 =
+- Fixed the sort order not working in the 404 error logging and account activity page.
+
 = 3.9.2 =
 - Added a check for registration captcha feature to prevent errors when using another captcha plugin. 
 - Improved a few SQL statements.
diff --git a/all-in-one-wp-security/wp-security-core.php b/all-in-one-wp-security/wp-security-core.php
index d36d713..f8627a2 100644
--- a/all-in-one-wp-security/wp-security-core.php
+++ b/all-in-one-wp-security/wp-security-core.php
@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '3.9.2';
+    var $version = '3.9.4';
     var $db_version = '1.6';
     var $plugin_url;
     var $plugin_path;
diff --git a/all-in-one-wp-security/wp-security.php b/all-in-one-wp-security/wp-security.php
index c7384c8..8f86b11 100644
--- a/all-in-one-wp-security/wp-security.php
+++ b/all-in-one-wp-security/wp-security.php
@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: v3.9.2
+Version: v3.9.4
 Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: http://www.tipsandtricks-hq.com/