All In One WP Security & Firewall

Version Description

02/September/2022 =
FIX: The user can't login if the user set forced logout and the site's timezone is different than UTC.
FIX: Avoid an incompatibility with Wordfence Login Security by not loading our TFA module if that plugin is active

Release Info

Developer	DavidAnderson
Plugin	All In One WP Security & Firewall
Version	5.0.2
Comparing to
See all releases

Code changes from version 5.0.1 to 5.0.2

Files changed (8) hide show

classes/wp-security-two-factor-login.php +58 -2
includes/simba-tfa/simba-tfa.php +29 -1
languages/all-in-one-wp-security-and-firewall.pot +17 -5
readme.txt +4 -3
templates/admin/incompatible-plugin.php +18 -0
vendor/composer/installed.php +2 -2
wp-security-core.php +1 -1
wp-security.php +1 -1

classes/wp-security-two-factor-login.php CHANGED Viewed

@@ -10,7 +10,6 @@ if (!class_exists('Simba_Two_Factor_Authentication')) require AIO_WP_SECURITY_PA
              */
             class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_Factor_Authentication {
-            -
             	/**
             	 * Simba_Two_Factor_Authentication_Plugin Constructor
+            	 *
@@ -19,11 +18,15 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
             	 */
             	public function __construct() {
             		if (!function_exists('mcrypt_get_iv_size') && !function_exists('openssl_cipher_iv_length')) {
             			add_action('all_admin_notices', array($this, 'admin_notice_missing_mcrypt_and_openssl'));
             			return;
+            		}
-            -
            		add_filter('aiowpsecurity_setting_tabs', array($this, 'add_two_factor_setting_tab'));
             		add_action('admin_menu', array($this, 'menu_entry_for_user'), 30);
             		$this->version = AIO_WP_SECURITY_VERSION;
             		$this->set_user_settings_page_slug(AIOWPSEC_TWO_FACTOR_AUTH_MENU_SLUG);
@@ -36,6 +39,49 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
             		parent::__construct();
+            	}
             	/**
             	 * Runs upon the WP actions admin_menu and network_admin_menu
             	 */
@@ -61,6 +107,7 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
             	 */
             	public function add_two_factor_setting_tab($tabs = array()) {
             		if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) return;
             		$tabs['two-factor-authentication'] = array(
             			'title' => __('Two Factor Authentication', 'all-in-one-wp-security-and-firewall-premium'),
             			'render_callback' => array($this, 'render_two_factor_authentication'),
@@ -73,6 +120,15 @@ class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_F
             	 * Display the Two Factor Authentication tab & handle the operations
             	 */
             	public function render_two_factor_authentication() {
             		$this->get_totp_controller()->potentially_port_private_keys();
             		$this->show_admin_settings_page();
+            	}


10	*/
11	class AIO_WP_Security_Simba_Two_Factor_Authentication_Plugin extends Simba_Two_Factor_Authentication {
12

13	/**
14	* Simba_Two_Factor_Authentication_Plugin Constructor
15	*

18	*/
19	public function __construct() {
20
21	+ add_filter('aiowpsecurity_setting_tabs', array($this, 'add_two_factor_setting_tab'));
22	+
23	+ if (false !== $this->is_incompatible_plugin_active()) return;
24	+
25	if (!function_exists('mcrypt_get_iv_size') && !function_exists('openssl_cipher_iv_length')) {
26	add_action('all_admin_notices', array($this, 'admin_notice_missing_mcrypt_and_openssl'));
27	return;
28	}
29	+
30	add_action('admin_menu', array($this, 'menu_entry_for_user'), 30);
31	$this->version = AIO_WP_SECURITY_VERSION;
32	$this->set_user_settings_page_slug(AIOWPSEC_TWO_FACTOR_AUTH_MENU_SLUG);

39	parent::__construct();
40	}
41
42	+ /**
43	+ * Detect plugins that cause us to self-deactivate
44	+ *
45	+ * @return Boolean\|String
46	+ */
47	+ private function is_incompatible_plugin_active() {
48	+
49	+ if (defined('WORDFENCE_LS_VERSION')) return 'Wordfence Login Security';
50	+
51	+ $active_plugins = $this->get_active_plugins();
52	+ foreach ($active_plugins as $plugin_file_rel_to_plugins_dir) {
53	+ $temp_plugin_file_name = substr($plugin_file_rel_to_plugins_dir, strpos($plugin_file_rel_to_plugins_dir, '/') + 1);
54	+ if ('wordfence-login-security.php' == $temp_plugin_file_name) {
55	+ return 'Wordfence Login Security';
56	+ }
57	+ if ('wordfence.php' == $temp_plugin_file_name) {
58	+ return 'Wordfence';
59	+ }
60	+ }
61	+ return false;
62	+ }
63	+
64	+ /**
65	+ * Gets an array of plugins active on either the current site, or site-wide
66	+ *
67	+ * @return Array - a list of plugin paths (relative to the plugin directory)
68	+ */
69	+ private function get_active_plugins() {
70	+
71	+ // Gets all active plugins on the current site
72	+ $active_plugins = get_option('active_plugins');
73	+
74	+ if (is_multisite()) {
75	+ $network_active_plugins = get_site_option('active_sitewide_plugins');
76	+ if (!empty($network_active_plugins)) {
77	+ $network_active_plugins = array_keys($network_active_plugins);
78	+ $active_plugins = array_merge($active_plugins, $network_active_plugins);
79	+ }
80	+ }
81	+
82	+ return $active_plugins;
83	+ }
84	+
85	/**
86	* Runs upon the WP actions admin_menu and network_admin_menu
87	*/

107	*/
108	public function add_two_factor_setting_tab($tabs = array()) {
109	if (!current_user_can(AIOWPSEC_MANAGEMENT_PERMISSION)) return;
110	+
111	$tabs['two-factor-authentication'] = array(
112	'title' => __('Two Factor Authentication', 'all-in-one-wp-security-and-firewall-premium'),
113	'render_callback' => array($this, 'render_two_factor_authentication'),

120	* Display the Two Factor Authentication tab & handle the operations
121	*/
122	public function render_two_factor_authentication() {
123	+
124	+ if (false !== ($plugin = $this->is_incompatible_plugin_active())) { // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged,Squiz.PHP.DisallowMultipleAssignments.FoundInControlStructure
125	+ global $aio_wp_security;
126	+ $aio_wp_security->include_template('admin/incompatible-plugin.php', false, array(
127	+ 'incompatible_plugin' => $plugin,
128	+ ));
129	+ return;
130	+ }
131	+
132	$this->get_totp_controller()->potentially_port_private_keys();
133	$this->show_admin_settings_page();
134	}

includes/simba-tfa/simba-tfa.php CHANGED Viewed

	@@ -1147,6 +1147,10 @@ class Simba_Two_Factor_Authentication {
1147	* Called not only upon the WP action login_enqueue_scripts, but potentially upon the action 'init' and various others from other plugins too. It can handle being called multiple times.
1148	*/
1149	public function login_enqueue_scripts() {




1150
1151	if (isset($_GET['action']) && 'logout ' != $_GET['action'] && 'login' != $_GET['action']) return;
1152
	@@ -1154,7 +1158,7 @@ class Simba_Two_Factor_Authentication {
1154	if ($already_done) return;
1155	$already_done = true;
1156
1157	- // Prevent ~~cacheing~~ when in debug mode
1158	$script_ver = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/tfa.js');
1159
1160	wp_enqueue_script('tfa-ajax-request', $this->includes_url().'/tfa.js', array('jquery'), $script_ver);
	@@ -1188,6 +1192,30 @@ class Simba_Two_Factor_Authentication {
1188
1189	}
1190
























1191	/**
1192	* Return or output view content
1193	*


1147	* Called not only upon the WP action login_enqueue_scripts, but potentially upon the action 'init' and various others from other plugins too. It can handle being called multiple times.
1148	*/
1149	public function login_enqueue_scripts() {
1150	+
1151	+ if (!$this->should_enqueue_login_scripts()) {
1152	+ return;
1153	+ }
1154
1155	if (isset($_GET['action']) && 'logout ' != $_GET['action'] && 'login' != $_GET['action']) return;
1156

1158	if ($already_done) return;
1159	$already_done = true;
1160
1161	+ // Prevent caching when in debug mode
1162	$script_ver = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/tfa.js');
1163
1164	wp_enqueue_script('tfa-ajax-request', $this->includes_url().'/tfa.js', array('jquery'), $script_ver);

1192
1193	}
1194
1195	+ /**
1196	+ * Check whether TFA login scripts should be enqueued or not.
1197	+ *
1198	+ * @return boolean True if the TFA login script should be enqueued, otherwise false.
1199	+ */
1200	+ private function should_enqueue_login_scripts() {
1201	+ if (defined('TWO_FACTOR_DISABLE') && TWO_FACTOR_DISABLE) {
1202	+ return apply_filters('simbatfa_enqueue_login_scripts', false);
1203	+ }
1204	+
1205	+ global $wpdb;
1206	+ $sql = $wpdb->prepare('SELECT COUNT(user_id) FROM ' . $wpdb->usermeta . ' WHERE meta_key = %s AND meta_value = %d LIMIT 1', 'tfa_enable_tfa', 1);
1207	+ $count_user_id = $wpdb->get_var($sql);
1208	+
1209	+ if (is_null($count_user_id)) { // Error in query.
1210	+ return apply_filters('simbatfa_enqueue_login_scripts', true);
1211	+ } elseif ($count_user_id > 0) { // A user exists with TFA enabled.
1212	+ return apply_filters('simbatfa_enqueue_login_scripts', true);
1213	+ }
1214	+
1215	+ // No user exists with TFA enabled.
1216	+ return apply_filters('simbatfa_enqueue_login_scripts', false);
1217	+ }
1218	+
1219	/**
1220	* Return or output view content
1221	*

languages/all-in-one-wp-security-and-firewall.pot CHANGED Viewed

	@@ -36,7 +36,7 @@ msgstr ""
36	msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
37	msgstr ""
38
39	- #: src/admin/wp-security-admin-init.php:402, src/admin/wp-security-admin-init.php:402, src/classes/wp-security-two-factor-login.php:50, src/classes/wp-security-two-factor-login.php:50
40	msgid "WP Security"
41	msgstr ""
42
	@@ -4724,19 +4724,19 @@ msgstr ""
4724	msgid "Not available."
4725	msgstr ""
4726
4727	- #: src/classes/wp-security-two-factor-login.php:30
4728	msgid "Two Factor Authentication - Admin Settings"
4729	msgstr ""
4730
4731	- #: src/classes/wp-security-two-factor-login.php:52, src/classes/wp-security-two-factor-login.php:52
4732	msgid "Two Factor Auth"
4733	msgstr ""
4734
4735	- #: src/classes/wp-security-two-factor-login.php:98
4736	msgid "PHP OpenSSL or mcrypt module required"
4737	msgstr ""
4738
4739	- #: src/classes/wp-security-two-factor-login.php:98
4740	msgid "The All In One WP Security plugin's Two Factor Authentication module requires either the PHP openssl (preferred) or mcrypt module to be installed. Please ask your web hosting company to install one of them."
4741	msgstr ""
4742
	@@ -4900,6 +4900,18 @@ msgstr ""
4900	msgid "Send Unlock Request"
4901	msgstr ""
4902












4903	#: src/templates/automated-database-backup.php:4
4904	msgid "Automated scheduled backups"
4905	msgstr ""


36	msgid "Enjoyed %1$s? Please leave us a %2$s rating. We really appreciate your support!"
37	msgstr ""
38
39	+ #: src/admin/wp-security-admin-init.php:402, src/admin/wp-security-admin-init.php:402, src/classes/wp-security-two-factor-login.php:96, src/classes/wp-security-two-factor-login.php:96
40	msgid "WP Security"
41	msgstr ""
42

4724	msgid "Not available."
4725	msgstr ""
4726
4727	+ #: src/classes/wp-security-two-factor-login.php:33
4728	msgid "Two Factor Authentication - Admin Settings"
4729	msgstr ""
4730
4731	+ #: src/classes/wp-security-two-factor-login.php:98, src/classes/wp-security-two-factor-login.php:98
4732	msgid "Two Factor Auth"
4733	msgstr ""
4734
4735	+ #: src/classes/wp-security-two-factor-login.php:154
4736	msgid "PHP OpenSSL or mcrypt module required"
4737	msgstr ""
4738
4739	+ #: src/classes/wp-security-two-factor-login.php:154
4740	msgid "The All In One WP Security plugin's Two Factor Authentication module requires either the PHP openssl (preferred) or mcrypt module to be installed. Please ask your web hosting company to install one of them."
4741	msgstr ""
4742

4900	msgid "Send Unlock Request"
4901	msgstr ""
4902
4903	+ #: src/templates/admin/incompatible-plugin.php:6
4904	+ msgid "Two Factor Authentication"
4905	+ msgstr ""
4906	+
4907	+ #: src/templates/admin/incompatible-plugin.php:10
4908	+ msgid "Two Factor Authentication currently disabled"
4909	+ msgstr ""
4910	+
4911	+ #: src/templates/admin/incompatible-plugin.php:12, src/templates/admin/incompatible-plugin.php:16
4912	+ msgid "Two factor authentication in All In One WP Security is currently disabled because the incompatible plugin %s is active."
4913	+ msgstr ""
4914	+
4915	#: src/templates/automated-database-backup.php:4
4916	msgid "Automated scheduled backups"
4917	msgstr ""

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall,
5	Requires PHP: 5.6
6	Requires at least: 5.0
7	Tested up to: 6.0
8	- Stable tag: 5.0.1
9	License: GPLv3 or later
10
11	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.
	@@ -182,9 +182,10 @@ None
182
183	== Changelog ==
184
185	- = 5.0.1 - 02/September/2022 =
186
187	* FIX: The user can't login if the user set forced logout and the site's timezone is different than UTC.

188
189	= 5.0.0 - 01/September/2022 =
190
	@@ -1022,4 +1023,4 @@ those who want to enable the basic firewall but do not have "AllowOverride" opti
1022
1023
1024	== Upgrade Notice ==
1025	- * 5.0.1: New features such as a PHP-based firewall, Two Factor Authentication, and WHOIS lookup have been added. It contains various fixes and tweaks. A recommended update for all.


5	Requires PHP: 5.6
6	Requires at least: 5.0
7	Tested up to: 6.0
8	+ Stable tag: 5.0.2
9	License: GPLv3 or later
10
11	A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

182
183	== Changelog ==
184
185	+ = 5.0.2 - 02/September/2022 =
186
187	* FIX: The user can't login if the user set forced logout and the site's timezone is different than UTC.
188	+ * FIX: Avoid an incompatibility with Wordfence Login Security by not loading our TFA module if that plugin is active
189
190	= 5.0.0 - 01/September/2022 =
191

1023
1024
1025	== Upgrade Notice ==
1026	+ * 5.0.2: New features such as a PHP-based firewall, Two Factor Authentication, and WHOIS lookup have been added. It contains various fixes and tweaks. A recommended update for all.

templates/admin/incompatible-plugin.php ADDED Viewed

	@@ -0,0 +1,18 @@


1	+ <?php if (!defined('ABSPATH')) die('Access denied.'); ?>
2	+
3	+ <div class="wrap">
4	+
5	+ <div>
6	+ <h1><?php _e('Two Factor Authentication', 'all-in-one-wp-security-and-firewall'); ?></h1>
7	+ </div>
8	+
9	+ <div class="error">
10	+ <h3><?php _e('Two Factor Authentication currently disabled', 'all-in-one-wp-security-and-firewall');?></h3>
11	+ <p>
12	+ <?php printf(__('Two factor authentication in All In One WP Security is currently disabled because the incompatible plugin %s is active.', 'all-in-one-wp-security-and-firewall'), $incompatible_plugin); ?>
13	+ </p>
14	+ </div>
15	+
16	+ <div><?php printf(__('Two factor authentication in All In One WP Security is currently disabled because the incompatible plugin %s is active.', 'all-in-one-wp-security-and-firewall'), $incompatible_plugin); ?></div>
17	+
18	+ </div>

vendor/composer/installed.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	'type' => 'project',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	- 'reference' => '~~62c45d03175fdcff55369ef3c690712e2c09b3df~~',
9	'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10	'dev' => false,
11	),
	@@ -34,7 +34,7 @@
34	'type' => 'project',
35	'install_path' => __DIR__ . '/../../',
36	'aliases' => array(),
37	- 'reference' => '~~62c45d03175fdcff55369ef3c690712e2c09b3df~~',
38	'dev_requirement' => false,
39	),
40	),


5	'type' => 'project',
6	'install_path' => __DIR__ . '/../../',
7	'aliases' => array(),
8	+ 'reference' => '6ed5fb859957940339a65ab114d2e04beb850304',
9	'name' => 'updraftplus/all-in-one-wp-security-and-firewall',
10	'dev' => false,
11	),

34	'type' => 'project',
35	'install_path' => __DIR__ . '/../../',
36	'aliases' => array(),
37	+ 'reference' => '6ed5fb859957940339a65ab114d2e04beb850304',
38	'dev_requirement' => false,
39	),
40	),

wp-security-core.php CHANGED Viewed

	@@ -8,7 +8,7 @@ if (!class_exists('AIO_WP_Security')) {
8
9	class AIO_WP_Security {
10
11	- public $version = '5.0.1';
12
13	public $db_version = '1.9.2';
14


8
9	class AIO_WP_Security {
10
11	+ public $version = '5.0.2';
12
13	public $db_version = '1.9.2';
14

wp-security.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	// @codingStandardsIgnoreStart
3	/*
4	Plugin Name: All In One WP Security
5	- Version: 5.0.1
6	Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7	Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8	Author: All In One WP Security & Firewall Team


2	// @codingStandardsIgnoreStart
3	/*
4	Plugin Name: All In One WP Security
5	+ Version: 5.0.2
6	Plugin URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
7	Update URI: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
8	Author: All In One WP Security & Firewall Team

All In One WP Security & Firewall - Version 5.0.2

Version Description

Release Info

Code changes from version 5.0.1 to 5.0.2