v1.9.5 released

davidegiunchidiennea · Apr 21, 2015 · fd4c6d8 · fd4c6d8
1 parent 51bc79f
commit fd4c6d8
Show file tree

Hide file tree

Showing 11 changed files with 404 additions and 371 deletions.
diff --git a/all-in-one-wp-security/admin/wp-security-database-menu.php b/all-in-one-wp-security/admin/wp-security-database-menu.php
@@ -104,7 +104,7 @@ function render_tab1()
             {
                 if( isset($_POST['aiowps_enable_random_prefix'])) 
                 {//User has elected to generate a random DB prefix
-                    $string = AIOWPSecurity_Utility::generate_alpha_numeric_random_string('6');
+                    $string = AIOWPSecurity_Utility::generate_alpha_random_string('5');
                     $new_db_prefix = $string . '_';
                     $perform_db_change = true;
                 }else 

diff --git a/all-in-one-wp-security/admin/wp-security-list-locked-ip.php b/all-in-one-wp-security/admin/wp-security-list-locked-ip.php
@@ -213,7 +213,7 @@ function prepare_items() {
         $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
         $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
 
-	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE lock_reason=%s AND release_date > now() ORDER BY $orderby $order", 'login_fail'), ARRAY_A);
+	$data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $lockdown_table_name WHERE (lock_reason=%s OR lock_reason=%s) AND release_date > now() ORDER BY $orderby $order", 'login_fail', '404'), ARRAY_A);
         $current_page = $this->get_pagenum();
         $total_items = count($data);
         $data = array_slice($data,(($current_page-1)*$per_page),$per_page);

diff --git a/all-in-one-wp-security/classes/wp-security-file-scan.php b/all-in-one-wp-security/classes/wp-security-file-scan.php
@@ -168,8 +168,8 @@ function save_scan_data_to_db($scanned_data, $save_type = 'insert', $scan_result
         $result = '';
         //For scanned data the meta_key1 column value is 'file_change_detection', meta_value1 column value is 'file_scan_data'. Then the data is stored in meta_value4 column.
         $aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
-        $payload = serialize($scanned_data);
-        $scan_result = serialize($scan_result);
+        $payload = maybe_serialize($scanned_data);
+        $scan_result = maybe_serialize($scan_result);
         $date_time = current_time('mysql');
         $data = array('date_time' => $date_time, 'meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data', 'meta_value4' => $payload, 'meta_key5' => 'last_scan_result', 'meta_value5' => $scan_result);
         if($save_type == 'insert'){
@@ -716,7 +716,7 @@ static function get_file_change_summary($scan_results_unserialized)
             foreach ($scan_results_unserialized['files_added'] as $key=>$value) {
                 $files_added_output .= "\r\n".$key.' ('.__('modified on: ', 'aiowpsecurity').date('Y-m-d H:i:s',$value['last_modified']).')';
             }
-            $files_added_output .= "\r\n======================================";
+            $files_added_output .= "\r\n======================================\r\n";
         }
         if (!empty($scan_results_unserialized['files_removed']))
         {
@@ -725,7 +725,7 @@ static function get_file_change_summary($scan_results_unserialized)
             foreach ($scan_results_unserialized['files_removed'] as $key=>$value) {
                 $files_removed_output .= "\r\n".$key.' ('.__('modified on: ', 'aiowpsecurity').date('Y-m-d H:i:s',$value['last_modified']).')';
             }
-            $files_removed_output .= "\r\n======================================";
+            $files_removed_output .= "\r\n======================================\r\n";
         }
 
         if (!empty($scan_results_unserialized['files_changed']))
@@ -735,7 +735,7 @@ static function get_file_change_summary($scan_results_unserialized)
             foreach ($scan_results_unserialized['files_changed'] as $key=>$value) {
                 $files_changed_output .= "\r\n".$key.' ('.__('modified on: ', 'aiowpsecurity').date('Y-m-d H:i:s',$value['last_modified']).')';            
             }
-            $files_changed_output .= "\r\n======================================";
+            $files_changed_output .= "\r\n======================================\r\n";
         }
 
         $scan_summary .= $files_added_output . $files_removed_output . $files_changed_output;

diff --git a/all-in-one-wp-security/classes/wp-security-process-renamed-login-page.php b/all-in-one-wp-security/classes/wp-security-process-renamed-login-page.php
@@ -63,7 +63,7 @@ function aiowps_filter_wp_login_file($url)
                     return $url; //Don't reveal the secret URL in the post password action url 
                 }
                 parse_str($args[1], $args);
-                $url = add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url());
+                $url = esc_url(add_query_arg($args, AIOWPSecurity_Process_Renamed_Login_Page::new_login_url()));
             }else{
                 $url = AIOWPSecurity_Process_Renamed_Login_Page::new_login_url();
             }

diff --git a/all-in-one-wp-security/classes/wp-security-user-login.php b/all-in-one-wp-security/classes/wp-security-user-login.php
@@ -300,7 +300,7 @@ static function generate_unlock_request_link($ip_range)
         }else{
             $query_param = array('aiowps_auth_key'=>$secret_rand_key);
             $wp_site_url = AIOWPSEC_WP_URL;
-            $unlock_link = add_query_arg($query_param, $wp_site_url); 
+            $unlock_link = esc_url(add_query_arg($query_param, $wp_site_url)); 
         }
         return $unlock_link;
     }

diff --git a/all-in-one-wp-security/classes/wp-security-utility.php b/all-in-one-wp-security/classes/wp-security-utility.php
@@ -120,6 +120,22 @@ static function generate_alpha_numeric_random_string($string_length)
         return $string;
     }
 
+
+    /*
+     * Generates a random number using a-z characters
+     */
+    static function generate_alpha_random_string($string_length)
+    {
+        //Charecters present in table prefix
+        $allowed_chars = 'abcdefghijklmnopqrstuvwxyz';
+        $string = '';
+        //Generate random string
+        for ($i = 0; $i < $string_length; $i++) {
+            $string .= $allowed_chars[rand(0, strlen($allowed_chars) - 1)];
+        }
+        return $string;
+    }
+
     static function set_cookie_value($cookie_name, $cookie_value, $expiry_seconds = 86400, $path = '/', $cookie_domain = '')
     {
         $expiry_time = time() + intval($expiry_seconds);

diff --git a/all-in-one-wp-security/languages/aiowpsecurity-ru_RU.mo b/all-in-one-wp-security/languages/aiowpsecurity-ru_RU.mo