All In One WP Security & Firewall - Version 2.1.1

Version Description

  • Fixed a version tagging issue.
Download this release

Release Info

Developer mra13
Plugin Icon 128x128 All In One WP Security & Firewall
Version 2.1.1
Comparing to
See all releases

Code changes from version 2.0 to 2.1.1

Files changed (8) hide show
  1. admin/wp-security-firewall-menu.php +1 -8
  2. admin/wp-security-user-accounts-menu.php +3 -3
  3. classes/wp-security-backup.php +1 -1
  4. classes/wp-security-user-login.php +4 -4
  5. classes/wp-security-utility-htaccess.php +1 -1
  6. readme.txt +9 -1
  7. wp-security-core.php +3 -3
  8. wp-security.php +2 -2
admin/wp-security-firewall-menu.php CHANGED
@@ -89,14 +89,7 @@ class AIOWPSecurity_Firewall_Menu extends AIOWPSecurity_Admin_Menu
89
  $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');
90
  }
91
 
92
- if(isset($_POST['aiowps_enable_pingback_firewall']))
93
- {
94
- $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','1');
95
- }
96
- else
97
- {
98
- $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall','');
99
- }
100
 
101
  //Commit the config settings
102
  $aio_wp_security->configs->save_config();
89
  $aio_wp_security->configs->set_value('aiowps_enable_basic_firewall','');
90
  }
91
 
92
+ $aio_wp_security->configs->set_value('aiowps_enable_pingback_firewall',isset($_POST["aiowps_enable_pingback_firewall"])?'1':'');
 
 
 
 
 
 
 
93
 
94
  //Commit the config settings
95
  $aio_wp_security->configs->save_config();
admin/wp-security-user-accounts-menu.php CHANGED
@@ -255,7 +255,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
255
  $username_is_admin = FALSE;
256
  }
257
  //Now let's change the username
258
- $result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '" . $wpdb->escape($new_username) . "' WHERE user_login='admin';");
259
  if (!$result) {
260
  //There was an error updating the users table
261
  $user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
@@ -267,8 +267,8 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
267
  //multisite considerations
268
  if ( AIOWPSecurity_Utility::is_multisite_install() ) { //process sitemeta if we're in a multi-site situation
269
  $oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
270
- $newAdmins = str_replace( '5:"admin"', strlen( $new_username ) . ':"' . $wpdb->escape( $new_username ) . '"', $oldAdmins );
271
- $wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . $wpdb->escape( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
272
  }
273
 
274
  //If user is logged in with username "admin" then log user out and send to login page so they can login again
255
  $username_is_admin = FALSE;
256
  }
257
  //Now let's change the username
258
+ $result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql($new_username) . "' WHERE user_login='admin';");
259
  if (!$result) {
260
  //There was an error updating the users table
261
  $user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
267
  //multisite considerations
268
  if ( AIOWPSecurity_Utility::is_multisite_install() ) { //process sitemeta if we're in a multi-site situation
269
  $oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
270
+ $newAdmins = str_replace( '5:"admin"', strlen( $new_username ) . ':"' . esc_sql( $new_username ) . '"', $oldAdmins );
271
+ $wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
272
  }
273
 
274
  //If user is logged in with username "admin" then log user out and send to login page so they can login again
classes/wp-security-backup.php CHANGED
@@ -22,7 +22,7 @@ class AIOWPSecurity_Backup
22
  if (function_exists('is_multisite') && is_multisite())
23
  {
24
  //Let's get the current site's table prefix
25
- $site_pref = $wpdb->escape($wpdb->prefix);
26
  $db_query = "SHOW TABLES LIKE '".$site_pref."%'";
27
  $tables = $wpdb->get_results( $db_query, ARRAY_N );
28
  $is_multi_site = true;
22
  if (function_exists('is_multisite') && is_multisite())
23
  {
24
  //Let's get the current site's table prefix
25
+ $site_pref = esc_sql($wpdb->prefix);
26
  $db_query = "SHOW TABLES LIKE '".$site_pref."%'";
27
  $tables = $wpdb->get_results( $db_query, ARRAY_N );
28
  $is_multi_site = true;
classes/wp-security-user-login.php CHANGED
@@ -113,7 +113,7 @@ class AIOWPSecurity_User_Login
113
  $ip_range = AIOWPSecurity_Utility_IP::get_sanitized_ip_range($ip); //Get the IP range of the current user
114
  $locked_user = $wpdb->get_var("SELECT user_id FROM $login_lockdown_table " .
115
  "WHERE release_date > now() AND " .
116
- "failed_login_IP LIKE '" . $wpdb->escape($ip_range) . "%'");
117
  return $locked_user;
118
  }
119
 
@@ -130,7 +130,7 @@ class AIOWPSecurity_User_Login
130
  $login_failures = $wpdb->get_var("SELECT COUNT(ID) FROM $failed_logins_table " .
131
  "WHERE failed_login_date + INTERVAL " .
132
  $login_retry_interval . " MINUTE > now() AND " .
133
- "login_attempt_ip LIKE '" . $wpdb->escape($ip_range) . "%'");
134
  return $login_failures;
135
  }
136
 
@@ -157,7 +157,7 @@ class AIOWPSecurity_User_Login
157
 
158
  $insert = "INSERT INTO " . $login_lockdown_table . " (user_id, user_login, lockdown_date, release_date, failed_login_IP) " .
159
  "VALUES ('" . $user_id . "', '" . $username . "', now(), date_add(now(), INTERVAL " .
160
- $lockout_time_length . " MINUTE), '" . $wpdb->escape($ip_range) . "')";
161
  $result = $wpdb->query($insert);
162
  if ($result > 0)
163
  {
@@ -194,7 +194,7 @@ class AIOWPSecurity_User_Login
194
  $user_id = '';
195
  }
196
  $insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " .
197
- "VALUES ('" . $user_id . "', '" . $username . "', now(), '" . $wpdb->escape($ip_range) . "')";
198
  $result = $wpdb->query($insert);
199
  if ($result == FALSE)
200
  {
113
  $ip_range = AIOWPSecurity_Utility_IP::get_sanitized_ip_range($ip); //Get the IP range of the current user
114
  $locked_user = $wpdb->get_var("SELECT user_id FROM $login_lockdown_table " .
115
  "WHERE release_date > now() AND " .
116
+ "failed_login_IP LIKE '" . esc_sql($ip_range) . "%'");
117
  return $locked_user;
118
  }
119
 
130
  $login_failures = $wpdb->get_var("SELECT COUNT(ID) FROM $failed_logins_table " .
131
  "WHERE failed_login_date + INTERVAL " .
132
  $login_retry_interval . " MINUTE > now() AND " .
133
+ "login_attempt_ip LIKE '" . esc_sql($ip_range) . "%'");
134
  return $login_failures;
135
  }
136
 
157
 
158
  $insert = "INSERT INTO " . $login_lockdown_table . " (user_id, user_login, lockdown_date, release_date, failed_login_IP) " .
159
  "VALUES ('" . $user_id . "', '" . $username . "', now(), date_add(now(), INTERVAL " .
160
+ $lockout_time_length . " MINUTE), '" . esc_sql($ip_range) . "')";
161
  $result = $wpdb->query($insert);
162
  if ($result > 0)
163
  {
194
  $user_id = '';
195
  }
196
  $insert = "INSERT INTO " . $login_fails_table . " (user_id, user_login, failed_login_date, login_attempt_ip) " .
197
+ "VALUES ('" . $user_id . "', '" . $username . "', now(), '" . esc_sql($ip_range) . "')";
198
  $result = $wpdb->query($insert);
199
  if ($result == FALSE)
200
  {
classes/wp-security-utility-htaccess.php CHANGED
@@ -148,7 +148,7 @@ class AIOWPSecurity_Utility_Htaccess
148
  * This function will delete the code which has been added to the .htaccess file by this plugin
149
  * It will try to find the comment markers "# BEGIN All In One WP Security" and "# END All In One WP Security" and delete contents in between
150
  */
151
- function delete_from_htaccess($section = 'All In One WP Security')
152
  {
153
  //TODO
154
  $htaccess = ABSPATH . '.htaccess';
148
  * This function will delete the code which has been added to the .htaccess file by this plugin
149
  * It will try to find the comment markers "# BEGIN All In One WP Security" and "# END All In One WP Security" and delete contents in between
150
  */
151
+ static function delete_from_htaccess($section = 'All In One WP Security')
152
  {
153
  //TODO
154
  $htaccess = ABSPATH . '.htaccess';
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection, ssl, restrict
5
  Requires at least: 3.5
6
  Tested up to: 3.6
7
- Stable tag: 2.0
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
@@ -129,6 +129,14 @@ None
129
 
130
  == Changelog ==
131
 
 
 
 
 
 
 
 
 
132
  = 2.0 =
133
  - Fixed a bug for general DB backup functionality.
134
  - Fixed multi-site DB backup - the plugin will now backup only the tables relevant for the sub-site in question.
4
  Tags: security, secure, Anti Virus, antivirus, virus, firewall, login, lockdown, htaccess, hacking, ban hacker, malware, vulnerability, protect, phishing, database, backup, plugin, sql injection, ssl, restrict
5
  Requires at least: 3.5
6
  Tested up to: 3.6
7
+ Stable tag: 2.1.1
8
  License: GPLv3
9
 
10
  A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
129
 
130
  == Changelog ==
131
 
132
+ = 2.1.1 =
133
+ - Fixed a version tagging issue.
134
+
135
+ = 2.1 =
136
+ - Fixed an issue with install time error on some sites for WordPress 3.6
137
+ - Fixed some WP Debug related errors for WordPress 3.6
138
+ - Replaced the deprecated $wpdb->escape() function calls with esc_sql() calls
139
+
140
  = 2.0 =
141
  - Fixed a bug for general DB backup functionality.
142
  - Fixed multi-site DB backup - the plugin will now backup only the tables relevant for the sub-site in question.
wp-security-core.php CHANGED
@@ -3,7 +3,7 @@
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
- var $version = '2.0';
7
  var $db_version = '1.2';
8
  var $plugin_url;
9
  var $plugin_path;
@@ -107,7 +107,7 @@ class AIO_WP_Security{
107
  }
108
  }
109
 
110
- function activate_handler()
111
  {
112
  //Only runs when the plugin activates
113
  include_once ('classes/wp-security-installer.php');
@@ -116,7 +116,7 @@ class AIO_WP_Security{
116
  //wp_schedule_event(time(), 'daily', 'aiowps_daily_cron_event'); //schedule an daily cron event
117
  }
118
 
119
- function deactivate_handler()
120
  {
121
  //Only runs with the pluign is deactivated
122
  wp_clear_scheduled_hook('aiowps_hourly_cron_event');
3
  if (!class_exists('AIO_WP_Security')){
4
 
5
  class AIO_WP_Security{
6
+ var $version = '2.1.1';
7
  var $db_version = '1.2';
8
  var $plugin_url;
9
  var $plugin_path;
107
  }
108
  }
109
 
110
+ static function activate_handler()
111
  {
112
  //Only runs when the plugin activates
113
  include_once ('classes/wp-security-installer.php');
116
  //wp_schedule_event(time(), 'daily', 'aiowps_daily_cron_event'); //schedule an daily cron event
117
  }
118
 
119
+ static function deactivate_handler()
120
  {
121
  //Only runs with the pluign is deactivated
122
  wp_clear_scheduled_hook('aiowps_hourly_cron_event');
wp-security.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
- Version: v2.0
5
  Plugin URI: http://www.tipsandtricks-hq.com/
6
  Author: Tips and Tricks HQ, Peter, Ruhul Amin
7
  Author URI: http://www.tipsandtricks-hq.com/
@@ -23,4 +23,4 @@ function aiowps_show_plugin_settings_link($links, $file)
23
  }
24
  return $links;
25
  }
26
- add_filter('plugin_action_links', 'aiowps_show_plugin_settings_link', 10, 2 );
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
+ Version: v2.1.1
5
  Plugin URI: http://www.tipsandtricks-hq.com/
6
  Author: Tips and Tricks HQ, Peter, Ruhul Amin
7
  Author URI: http://www.tipsandtricks-hq.com/
23
  }
24
  return $links;
25
  }
26
+ add_filter('plugin_action_links', 'aiowps_show_plugin_settings_link', 10, 2 );