Skip to content

Commit

Permalink
v4.3.9 released
Browse files Browse the repository at this point in the history
  • Loading branch information
Amin authored and Amin committed May 7, 2019
1 parent 1ebcbfc commit 57c8533
Show file tree
Hide file tree
Showing 20 changed files with 1,014 additions and 396 deletions.
1,137 changes: 815 additions & 322 deletions all-in-one-wp-security/admin/general/wp-security-list-table.php
View file

Large diffs are not rendered by default.

11 changes: 11 additions & 0 deletions all-in-one-wp-security/admin/wp-security-admin-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,4 +95,15 @@ function end_buffer_and_collect()
ob_end_clean();
return $output;
}

static function display_bulk_result_message()
{
if(isset($_GET['bulk_count'])) {
AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The bulk action was successful', 'all-in-one-wp-security-and-firewall'));
}

if(isset($_GET['bulk_error'])) {
AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The bulk action failed', 'all-in-one-wp-security-and-firewall'));
}
}
}
21 changes: 11 additions & 10 deletions all-in-one-wp-security/admin/wp-security-dashboard-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,7 @@ function render_tab4()
$blocked_ip_list->unblock_ip_address(strip_tags($_REQUEST['blocked_id']));
}
}
AIOWPSecurity_Admin_Menu::display_bulk_result_message();

?>
<div class="aio_blue_box">
Expand All @@ -323,7 +324,7 @@ function render_tab4()
//Fetch, prepare, sort, and filter our data...
$blocked_ip_list->prepare_items();
?>
<form id="tables-filter" method="post">
<form id="tables-filter" method="get">
<!-- For plugins, we also need to ensure that the form posts back to our current page -->
<input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
<?php
Expand Down Expand Up @@ -474,19 +475,19 @@ function wp_dashboard_setup() {
$screen = get_current_screen();

// Add widgets
wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter' ), array(&$this, 'widget_security_strength_meter') );
wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown' ), array(&$this, 'widget_security_points_breakdown') );
wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word' ), array(&$this, 'widget_spread_the_word') );
wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers' ), array(&$this, 'widget_know_developers') );
wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status' ), array(&$this, 'widget_critical_feature_status') );
wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins' ), array(&$this, 'widget_last_5_logins') );
wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status' ), array(&$this, 'widget_maintenance_mode_status') );
wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_strength_meter') );
wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_points_breakdown') );
wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_spread_the_word') );
wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_know_developers') );
wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_critical_feature_status') );
wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_last_5_logins') );
wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_maintenance_mode_status') );
if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1' ||
$aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
wp_add_dashboard_widget( 'brute_force', __( 'Brute Force Prevention Login Page' ), array(&$this, 'widget_brute_force') );
}
wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users' ), array(&$this, 'widget_logged_in_users') );
wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses' ), array(&$this, 'widget_locked_ip_addresses') );
wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_logged_in_users') );
wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_locked_ip_addresses') );

do_action( 'aiowps_dashboard_setup' );
$dashboard_widgets = apply_filters( 'aiowps_dashboard_widgets', array() );
Expand Down
3 changes: 2 additions & 1 deletion all-in-one-wp-security/admin/wp-security-database-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,11 +575,12 @@ function alter_table_views($old_db_prefix, $new_db_prefix)
{
global $wpdb;
$table_count = 0;
$db_name = $wpdb->dbname;
$info_msg_string = '<p class="aio_info_with_icon">'.__('Checking for MySQL tables of type "view".....', 'all-in-one-wp-security-and-firewall').'</p>';
echo ($info_msg_string);

//get tables which are views
$query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS";
$query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA LIKE '".$db_name."'";
$res = $wpdb->get_results($query);
if(empty($res)) return;
$view_count = 0;
Expand Down
30 changes: 22 additions & 8 deletions all-in-one-wp-security/admin/wp-security-list-acct-activity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,16 +108,24 @@ function delete_login_activity_records($entries)
if (isset($_REQUEST['_wp_http_referer']))
{
//Delete multiple records
$tab = strip_tags($_REQUEST['tab']);

$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
if($result !== false)
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entries were deleted successfully!','all-in-one-wp-security-and-firewall');
$success_msg .= '</strong></p></div>';
_e($success_msg);
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
wp_redirect($redir_url);
exit;
} else {
// error on bulk delete
$aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
wp_redirect($redir_url);
exit;

}
}
}
Expand All @@ -132,12 +140,12 @@ function delete_login_activity_records($entries)
//Delete single record
$delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
if($result != NULL)
if($result !== false)
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
$success_msg .= '</strong></p></div>';
_e($success_msg);
echo $success_msg;
}
}
}
Expand All @@ -150,6 +158,7 @@ function prepare_items($ignore_pagination = false) {
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';

$this->_column_headers = array($columns, $hidden, $sortable);

Expand All @@ -170,7 +179,12 @@ function prepare_items($ignore_pagination = false) {
$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));

$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY $orderby $order LIMIT %d", 50), ARRAY_A); //Get the last 50 records
if(empty($search)) {
$data = $wpdb->get_results("SELECT * FROM $login_activity_table ORDER BY $orderby $order", ARRAY_A);
} else {
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table WHERE `user_login` LIKE '%%%s%%' OR `login_ip` LIKE '%%%s%%' ORDER BY $orderby $order LIMIT %d", $search, $search, 50), ARRAY_A);
}

if (!$ignore_pagination) {
$current_page = $this->get_pagenum();
$total_items = count($data);
Expand Down
26 changes: 19 additions & 7 deletions all-in-one-wp-security/admin/wp-security-list-login-fails.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,16 +108,23 @@ function delete_login_failed_records($entries)
if (isset($_REQUEST['_wp_http_referer']))
{
//Delete multiple records
$tab = strip_tags($_REQUEST['tab']);
$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
$id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM ".$failed_login_table." WHERE ID IN ".$id_list;
$result = $wpdb->query($delete_command);
if($result != NULL)
if($result !== false)
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entries were deleted successfully!','all-in-one-wp-security-and-firewall');
$success_msg .= '</strong></p></div>';
_e($success_msg);
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
wp_redirect($redir_url);
exit;
} else {
// error on bulk delete
$aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
wp_redirect($redir_url);
exit;

}
}

Expand All @@ -132,7 +139,7 @@ function delete_login_failed_records($entries)
//Delete single record
$delete_command = "DELETE FROM ".$failed_login_table." WHERE ID = '".absint($entries)."'";
$result = $wpdb->query($delete_command);
if($result != NULL)
if($result !== false)
{
$success_msg = '<div id="message" class="updated fade"><p><strong>';
$success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
Expand All @@ -150,6 +157,7 @@ function prepare_items($ignore_pagination = false) {
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';

$this->_column_headers = array($columns, $hidden, $sortable);

Expand All @@ -168,8 +176,12 @@ function prepare_items($ignore_pagination = false) {

$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
if(empty($search)) {
$data = $wpdb->get_results("SELECT * FROM " . $failed_logins_table_name . " ORDER BY $orderby $order", ARRAY_A);
} else {
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE `user_login` LIKE '%%%s%%' OR `login_attempt_ip` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search), ARRAY_A);
}

$data = $wpdb->get_results("SELECT * FROM $failed_logins_table_name ORDER BY $orderby $order", ARRAY_A);
if (!$ignore_pagination) {
$current_page = $this->get_pagenum();
$total_items = count($data);
Expand Down
28 changes: 20 additions & 8 deletions all-in-one-wp-security/admin/wp-security-list-permanent-blocked-ip.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,25 @@ function unblock_ip_address($entries)
global $wpdb, $aio_wp_security;
if (is_array($entries)) {
if (isset($_REQUEST['_wp_http_referer'])) {
//Delete multiple records
// multiple records
$tab = strip_tags($_REQUEST['tab']);

$entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
$id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
$delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
$result = $wpdb->query($delete_command);
if ($result != NULL) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
if($result !== false)
{
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, count($entries));
wp_redirect($redir_url);
exit;
} else {
// error on bulk delete
$aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
$redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 1);
wp_redirect($redir_url);
exit;

}
}
} elseif ($entries != NULL) {
Expand All @@ -128,7 +140,7 @@ function unblock_ip_address($entries)
//Delete single record
$delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
$result = $wpdb->query($delete_command);
if ($result != NULL) {
if ($result !== false) {
AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
}
}
Expand All @@ -143,6 +155,7 @@ function prepare_items()
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';

$this->_column_headers = array($columns, $hidden, $sortable);

Expand All @@ -162,11 +175,10 @@ function prepare_items()
$orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
$order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));

if (isset($_POST['s'])) {
$search_term = trim($_POST['s']);
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%'", $search_term, $search_term, $search_term, $search_term), ARRAY_A);
} else {
if(empty($search)) {
$data = $wpdb->get_results("SELECT * FROM " . $block_table_name . " ORDER BY $orderby $order", ARRAY_A);
} else {
$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search, $search, $search), ARRAY_A);
}

$current_page = $this->get_pagenum();
Expand Down
14 changes: 11 additions & 3 deletions all-in-one-wp-security/admin/wp-security-list-registered-users.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,13 +304,14 @@ function prepare_items() {
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';

$this->_column_headers = array($columns, $hidden, $sortable);

$this->process_bulk_action();

//Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
$data = $this->get_registered_user_data('pending');
$data = $this->get_registered_user_data('pending', $search);

$current_page = $this->get_pagenum();
$total_items = count($data);
Expand All @@ -324,7 +325,7 @@ function prepare_items() {
}

//Returns all users who have the special 'aiowps_account_status' meta key
function get_registered_user_data($status='')
function get_registered_user_data($status='', $search='')
{
$user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
$user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
Expand All @@ -337,7 +338,14 @@ function get_registered_user_data($status='')
$temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
$ip = get_user_meta($temp_array['ID'], 'aiowps_registrant_ip', true);
$temp_array['ip_address'] = empty($ip)?'':$ip;
$final_data[] = $temp_array;
if(empty($search)) {
$final_data[] = $temp_array;
} else {
$input = preg_quote($search, '~'); // don't forget to quote input string!

$result = preg_grep('~' . $input . '~', $temp_array);
if(!empty($result)) $final_data[] = $temp_array;
}
}
return $final_data;
}
Expand Down
4 changes: 1 addition & 3 deletions all-in-one-wp-security/admin/wp-security-user-accounts-menu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,7 @@ function render_tab1()

if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
{
echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username.
It is highly recommended that you change this name to something else.
Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username. It is highly recommended that you change this name to something else. Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
?>
<form action="" method="POST">
<?php wp_nonce_field('aiowpsec-change-admin-nonce'); ?>
Expand Down
Loading

0 comments on commit 57c8533

Please sign in to comment.