From 866f42d7bce387bba426ae6593eaff2197ad3552 Mon Sep 17 00:00:00 2001
From: amin0_000 <amin0_000@aminpc>
Date: Tue, 7 Apr 2015 19:13:11 +1000
Subject: [PATCH] v3.9.2 released

---
 .../admin/wp-security-user-login-menu.php         |  5 +++--
 .../classes/wp-security-deactivation-tasks.php    | 15 ---------------
 .../classes/wp-security-file-scan.php             |  8 +++++---
 .../classes/wp-security-user-registration.php     |  4 +++-
 .../classes/wp-security-utility.php               |  7 +++++--
 all-in-one-wp-security/readme.txt                 |  8 ++++++--
 all-in-one-wp-security/wp-security-core.php       |  2 +-
 all-in-one-wp-security/wp-security.php            |  2 +-
 8 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/all-in-one-wp-security/admin/wp-security-user-login-menu.php b/all-in-one-wp-security/admin/wp-security-user-login-menu.php
index f2fe3e5..fa6709d 100644
--- a/all-in-one-wp-security/admin/wp-security-user-login-menu.php
+++ b/all-in-one-wp-security/admin/wp-security-user-login-menu.php
@@ -562,8 +562,9 @@ function delete_lockdown_records($entries)
         } elseif ($entries != NULL)
         {
             //Delete single record
-            $delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
-            $result = $wpdb->query($delete_command);
+//            $delete_command = "DELETE FROM ".$lockdown_table." WHERE ID = '".absint($entries)."'";
+//            $result = $wpdb->query($delete_command);
+            $result = $wpdb->delete($lockdown_table, array('ID' => absint($entries)));
             if($result != NULL)
             {
                 $this->show_msg_updated(__('The selected record was deleted successfully!','aiowpsecurity'));
diff --git a/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php b/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php
index 227ba73..6201626 100644
--- a/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php
+++ b/all-in-one-wp-security/classes/wp-security-deactivation-tasks.php
@@ -13,19 +13,4 @@ static function run_deactivation_tasks()
         //Deactivate all firewall and other .htaccess rules
         AIOWPSecurity_Configure_Settings::turn_off_all_firewall_rules();
     }
-    
-    static function get_original_file_contents($key_description)
-    {
-        global $wpdb;
-        $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = '$key_description'", OBJECT);
-        if($resultset){
-            $file_contents = maybe_unserialize($resultset->meta_value2);
-            return $file_contents;
-        }
-        else
-        {
-            return false;
-        }
-    }
 }
diff --git a/all-in-one-wp-security/classes/wp-security-file-scan.php b/all-in-one-wp-security/classes/wp-security-file-scan.php
index f3ab5ea..1a8d133 100644
--- a/all-in-one-wp-security/classes/wp-security-file-scan.php
+++ b/all-in-one-wp-security/classes/wp-security-file-scan.php
@@ -135,9 +135,10 @@ function aiowps_scheduled_fcd_scan_handler()
     function has_scan_data()
     {
         global $wpdb;
-        //For scanced data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
+        //For scanned data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
         $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = 'file_change_detection' AND meta_value1='file_scan_data'", OBJECT);
+        $sql = $wpdb->prepare("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1=%s AND meta_value1=%s", 'file_change_detection', 'file_scan_data');
+        $resultset = $wpdb->get_row($sql, OBJECT);
         if($resultset){
             $scan_data = maybe_unserialize($resultset->meta_value4);
             if(!empty($scan_data)){
@@ -152,7 +153,8 @@ function get_last_scan_data()
         global $wpdb;
         //For scanned data the meta_key1 column valu is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
         $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $resultset = $wpdb->get_row("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1 = 'file_change_detection' AND meta_value1='file_scan_data'", OBJECT);
+        $sql = $wpdb->prepare("SELECT * FROM $aiowps_global_meta_tbl_name WHERE meta_key1=%s AND meta_value1=%s", 'file_change_detection', 'file_scan_data');
+        $resultset = $wpdb->get_row($sql, OBJECT);
         if($resultset){
             $scan_data = maybe_unserialize($resultset->meta_value4);
             return $scan_data;
diff --git a/all-in-one-wp-security/classes/wp-security-user-registration.php b/all-in-one-wp-security/classes/wp-security-user-registration.php
index 88ad8fb..b767066 100644
--- a/all-in-one-wp-security/classes/wp-security-user-registration.php
+++ b/all-in-one-wp-security/classes/wp-security-user-registration.php
@@ -6,7 +6,9 @@ function __construct()
     {
         global $aio_wp_security;
         add_action('user_register', array(&$this, 'aiowps_user_registration_action_handler'));
-        add_filter('registration_errors', array(&$this, 'aiowps_validate_registration_with_captcha'), 10, 3);
+        if($aio_wp_security->configs->get_value('aiowps_enable_registration_page_captcha') == '1'){
+            add_filter('registration_errors', array(&$this, 'aiowps_validate_registration_with_captcha'), 10, 3);
+        }
     }
     
 
diff --git a/all-in-one-wp-security/classes/wp-security-utility.php b/all-in-one-wp-security/classes/wp-security-utility.php
index 4d6cee3..d1f49e5 100644
--- a/all-in-one-wp-security/classes/wp-security-utility.php
+++ b/all-in-one-wp-security/classes/wp-security-utility.php
@@ -70,8 +70,11 @@ static function check_user_exists($username)
         }
         
         //check users table
-        $user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
-        $userid = $wpdb->get_var( "SELECT ID FROM `" . $wpdb->users . "` WHERE ID='" . sanitize_text_field( $username ) . "';" );
+        //$user = $wpdb->get_var( "SELECT user_login FROM `" . $wpdb->users . "` WHERE user_login='" . sanitize_text_field( $username ) . "';" );
+        $sql_1 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE user_login=%s", 'user_login', sanitize_text_field( $username ));
+        $user = $wpdb->get_var( $sql_1 );
+        $sql_2 = $wpdb->prepare("SELECT %s FROM $wpdb->users WHERE ID=%s", 'ID', sanitize_text_field( $username ));
+        $userid = $wpdb->get_var( $sql_2 );
 
         if ( $user == $username || $userid == $username ) {
             return true;
diff --git a/all-in-one-wp-security/readme.txt b/all-in-one-wp-security/readme.txt
index 472bdfb..b637b10 100644
--- a/all-in-one-wp-security/readme.txt
+++ b/all-in-one-wp-security/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
 Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
 Requires at least: 3.5
 Tested up to: 4.1.1
-Stable tag: 3.9.1
+Stable tag: 3.9.2
 License: GPLv3
 
 A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -178,11 +178,15 @@ None
 
 == Changelog ==
 
+= 3.9.2 =
+- Added a check for registration captcha feature to prevent errors when using another captcha plugin. 
+- Improved a few SQL statements.
+
 = 3.9.1 =
-- Added protection against possible SQL injection attacks.
 - Added new "Force Logout" feature which will instantly force a certain user to be logged out of their session. (See the "Logged In Users" tab in User Login menu)
 - Added more security protection for aiowps log files by creating .htaccess file and rules. AIOWPS log files can now only be viewed via dashboard menu, in new tab called "AIOWPS Logs". (NOTE:This security currently applies only for apache or similar servers)
 - Added backticks to SQL statement for DB prefix change to help prevent errors.
+- Added protection against possible SQL injection attacks.
 
 = 3.9.0 =
 - Added some robustness to the file-scan code.
diff --git a/all-in-one-wp-security/wp-security-core.php b/all-in-one-wp-security/wp-security-core.php
index c7a1b3a..d36d713 100644
--- a/all-in-one-wp-security/wp-security-core.php
+++ b/all-in-one-wp-security/wp-security-core.php
@@ -3,7 +3,7 @@
 if (!class_exists('AIO_WP_Security')){
 
 class AIO_WP_Security{
-    var $version = '3.9.1';
+    var $version = '3.9.2';
     var $db_version = '1.6';
     var $plugin_url;
     var $plugin_path;
diff --git a/all-in-one-wp-security/wp-security.php b/all-in-one-wp-security/wp-security.php
index 4e7e780..c7384c8 100644
--- a/all-in-one-wp-security/wp-security.php
+++ b/all-in-one-wp-security/wp-security.php
@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: All In One WP Security
-Version: v3.9.1
+Version: v3.9.2
 Plugin URI: http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
 Author: Tips and Tricks HQ, Peter, Ruhul, Ivy
 Author URI: http://www.tipsandtricks-hq.com/