v3.9.2 released

davidegiunchidiennea · Apr 7, 2015 · 866f42d · 866f42d
1 parent 3c39889
commit 866f42d
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 27 deletions.
diff --git a/all-in-one-wp-security/admin/wp-security-user-login-menu.php b/all-in-one-wp-security/admin/wp-security-user-login-menu.php
@@ -562,8 +562,9 @@ function delete_lockdown_records($entries)
         } elseif ($entries != NULL)
         {
             //Delete single record
-            $delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
-            $result = $wpdb->query($delete_command);
+//            $delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
+//            $result = $wpdb->query($delete_command);
+            $result = $wpdb->delete($lockdown_table, array('ID' => absint($entries)));
             if($result != NULL)
             {
                 $this->show_msg_updated(__('The selected record was deleted successfully!','aiowpsecurity'));

diff --git a/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php b/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php
@@ -13,19 +13,4 @@ static function run_deactivation_tasks()
         //Deactivate all firewall and other .htaccess rules
         AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
     }
-
-    static function get_original_file_contents($key_description)
-    {
-        global $wpdb;
-        $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = '$key_description'", OBJECT);
-        if($resultset){
-            $file_contents = maybe_unserialize($resultset->meta_value2);
-            return $file_contents;
-        }
-        else
-        {
-            return false;
-        }
-    }
 }
diff --git a/all-in-one-wp-security/classes/wp-security-file-scan.php b/all-in-one-wp-security/classes/wp-security-file-scan.php
@@ -135,9 +135,10 @@ function aiowps_scheduled_fcd_scan_handler()
     function has_scan_data()
     {
         global $wpdb;
-        //For scanced data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
+        //For scanned data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
         $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = 'file_change_detection' AND meta_value1='file_scan_data'", OBJECT);
+        $sql = $wpdb->prepare("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1=%s AND meta_value1=%s", 'file_change_detection', 'file_scan_data');
+        $resultset = $wpdb->get_row($sql, OBJECT);
         if($resultset){
             $scan_data = maybe_unserialize($resultset->meta_value4);
             if(!empty($scan_data)){
@@ -152,7 +153,8 @@ function get_last_scan_data()
         global $wpdb;
         //For scanned data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
         $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = 'file_change_detection' AND meta_value1='file_scan_data'", OBJECT);
+        $sql = $wpdb->prepare("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1=%s AND meta_value1=%s", 'file_change_detection', 'file_scan_data');
+        $resultset = $wpdb->get_row($sql, OBJECT);
         if($resultset){
             $scan_data = maybe_unserialize($resultset->meta_value4);
             return $scan_data;

diff --git a/all-in-one-wp-security/classes/wp-security-user-registration.php b/all-in-one-wp-security/classes/wp-security-user-registration.php
@@ -6,7 +6,9 @@ function __construct()
     {
         global $aio_wp_security;
         add_action('user_register', array(&$this, 'aiowps_user_registration_action_handler'));
-        add_filter('registration_errors', array(&$this, 'aiowps_validate_registration_with_captcha'), 10, 3);
+        if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
+            add_filter('registration_errors', array(&$this, 'aiowps_validate_registration_with_captcha'), 10, 3);
+        }
     }
 
 

diff --git a/all-in-one-wp-security/classes/wp-security-utility.php b/all-in-one-wp-security/classes/wp-security-utility.php
@@ -70,8 +70,11 @@ static function check_user_exists($username)
         }
 
         //check users table
-        $user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
-        $userid = $wpdb->get_var( "SELECT ID FROM `" . $wpdb->users . "` WHERE ID='" . sanitize_text_field( $username ) . "';" );
+        //$user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
+        $sql_1 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE user_login=%s", 'user_login', sanitize_text_field( $username ));
+        $user = $wpdb->get_var( $sql_1 );
+        $sql_2 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE ID=%s", 'ID', sanitize_text_field( $username ));
+        $userid = $wpdb->get_var( $sql_2 );
 
         if ( $user == $username || $userid == $username ) {
             return true;

diff --git a/all-in-one-wp-security/readme.txt b/all-in-one-wp-security/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.1.1
-Stable tag: 3.9.1
+Stable tag: 3.9.2
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -178,11 +178,15 @@ None
 
 == Changelog ==
 
+= 3.9.2 =
+- Added a check for registration captcha feature to prevent errors when using another captcha plugin. 
+- Improved a few SQL statements.
+
 = 3.9.1 =
-- Added protection against possible SQL injection attacks.
 - Added new "Force Logout" feature which will instantly force a certain user to be logged out of their session. (See the "Logged In Users" tab in User Login menu)
 - Added more security protection for aiowps log files by creating .htaccess file and rules. AIOWPS log files can now only be viewed via dashboard menu, in new tab called "AIOWPS Logs". (NOTE:This security currently applies only for apache or similar servers)
 - Added backticks to SQL statement for DB prefix change to help prevent errors.
+- Added protection against possible SQL injection attacks.
 
 = 3.9.0 =
 - Added some robustness to the file-scan code.

diff --git a/all-in-one-wp-security/wp-security-core.php b/all-in-one-wp-security/wp-security-core.php
@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '3.9.1';
+    var $version = '3.9.2';
     var $db_version = '1.6';
     var $plugin_url;
     var $plugin_path;

diff --git a/all-in-one-wp-security/wp-security.php b/all-in-one-wp-security/wp-security.php
@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: v3.9.1
+Version: v3.9.2
 Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: http://www.tipsandtricks-hq.com/