iThemes Security (formerly Better WP Security)

Version Description

Enhancement: When ITSEC_DISABLE_MODULES is set, prevent hide backend from running.
Bug Fix: Tabnapping: Apply noopener to links instead of using blankshield script when available to prevent new pop-up blocker behavior from killing the links.

Release Info

Developer	TimothyBlynJacobs
Plugin	iThemes Security (formerly Better WP Security)
Version	7.3.1
Comparing to
See all releases

Code changes from version 7.3.0 to 7.3.1

Files changed (14) hide show

better-wp-security.php +1 -1
core/core.php +1 -1
core/history.txt +4 -0
core/lib/class-itsec-lib-login-interstitial.php +2 -0
core/lib/login-interstitial/abstract-itsec-login-interstitial.php +7 -0
core/modules/global/settings.php +1 -0
core/modules/global/validator.php +2 -2
core/modules/hide-backend/class-itsec-hide-backend.php +1 -1
core/modules/wordpress-tweaks/class-itsec-wordpress-tweaks.php +1 -1
core/modules/wordpress-tweaks/js/block-tabnapping.js +703 -2
core/modules/wordpress-tweaks/js/block-tabnapping.min.js +1 -0
core/setup.php +8 -0
history.txt +3 -1
readme.txt +7 -3

better-wp-security.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7	* Author: iThemes
8	* Author URI: https://ithemes.com
9	- * Version: 7.3.0
10	* Text Domain: better-wp-security
11	* Network: True
12	* License: GPLv2


6	* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
7	* Author: iThemes
8	* Author URI: https://ithemes.com
9	+ * Version: 7.3.1
10	* Text Domain: better-wp-security
11	* Network: True
12	* License: GPLv2

core/core.php CHANGED Viewed

	@@ -24,7 +24,7 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
24	*
25	* @access private
26	*/
27	- private $plugin_build = ~~4112~~;
28
29	/**
30	* Used to distinguish between a user modifying settings and the API modifying settings (such as from Sync


24	*
25	* @access private
26	*/
27	+ private $plugin_build = 4113;
28
29	/**
30	* Used to distinguish between a user modifying settings and the API modifying settings (such as from Sync

core/history.txt CHANGED Viewed

	@@ -786,3 +786,7 @@
786	Enhancement: Improve redirecting after processing a login interstitial from a front-end login form.
787	Tweak: Add display description for log when safe guarding against an empty config file write.
788	Bug Fix: Include Hide Backend token when emailing a password reset URL.


786	Enhancement: Improve redirecting after processing a login interstitial from a front-end login form.
787	Tweak: Add display description for log when safe guarding against an empty config file write.
788	Bug Fix: Include Hide Backend token when emailing a password reset URL.
789	+ 5.1.1 - 2019-02-19 - Chris Jean & Timothy Jacobs
790	+ Bug Fix: Tabnapping: Apply noopener to links instead of using blankshield script when available to prevent new pop-up blocker behavior from killing the links.
791	+ 5.1.2 - 2019-02-20 - Chris Jean & Timothy Jacobs
792	+ Enhancement: When ITSEC_DISABLE_MODULES is set, prevent hide backend from running.

core/lib/class-itsec-lib-login-interstitial.php CHANGED Viewed

	@@ -588,6 +588,8 @@ class ITSEC_Lib_Login_Interstitial {
588	$wp_login_url = $this->get_base_wp_login_url();
589	$wp_login_url = add_query_arg( 'action', "itsec-{$action}", $wp_login_url );
590


591	// Prevent JetPack from attempting to SSO the update password form.
592	add_filter( 'jetpack_sso_allowed_actions', '__return_empty_array' );
593


588	$wp_login_url = $this->get_base_wp_login_url();
589	$wp_login_url = add_query_arg( 'action', "itsec-{$action}", $wp_login_url );
590
591	+ $interstitial->pre_render( $session );
592	+
593	// Prevent JetPack from attempting to SSO the update password form.
594	add_filter( 'jetpack_sso_allowed_actions', '__return_empty_array' );
595

core/lib/login-interstitial/abstract-itsec-login-interstitial.php CHANGED Viewed

	@@ -38,6 +38,13 @@ abstract class ITSEC_Login_Interstitial {
38	*/
39	abstract public function render( ITSEC_Login_Interstitial_Session $session, array $args );
40







41	/**
42	* Must this interstitial be completed by the given user.
43	*


38	*/
39	abstract public function render( ITSEC_Login_Interstitial_Session $session, array $args );
40
41	+ /**
42	+ * Run code before any HTML it outputted for rendering an interstitial.
43	+ *
44	+ * @param ITSEC_Login_Interstitial_Session $session
45	+ */
46	+ public function pre_render( ITSEC_Login_Interstitial_Session $session ) { }
47	+
48	/**
49	* Must this interstitial be completed by the given user.
50	*

core/modules/global/settings.php CHANGED Viewed

	@@ -32,6 +32,7 @@ final class ITSEC_Global_Settings_New extends ITSEC_Settings {
32	'show_error_codes' => false,
33	'show_security_check' => true,
34	'build' => 0,

35	'activation_timestamp' => 0,
36	'cron_status' => - 1,
37	'use_cron' => true,


32	'show_error_codes' => false,
33	'show_security_check' => true,
34	'build' => 0,
35	+ 'initial_build' => 0,
36	'activation_timestamp' => 0,
37	'cron_status' => - 1,
38	'use_cron' => true,

core/modules/global/validator.php CHANGED Viewed

	@@ -19,8 +19,8 @@ class ITSEC_Global_Validator extends ITSEC_Validator {
19	}
20
21
22	- $this->vars_to_skip_validate_matching_fields = array( 'digest_last_sent', 'digest_messages', 'digest_email', 'email_notifications', 'notification_email', 'backup_email', 'show_new_dashboard_notice', 'proxy_override', 'proxy', 'proxy_header', 'server_ips' );
23	- $this->set_previous_if_empty( array( 'did_upgrade', 'log_info', 'show_security_check', 'build', 'activation_timestamp', 'lock_file', 'cron_status', 'use_cron', 'cron_test_time', 'proxy', 'proxy_header', 'server_ips' ) );
24	$this->set_default_if_empty( array( 'log_location', 'nginx_file', 'enable_grade_report' ) );
25	$this->preserve_setting_if_exists( array( 'digest_email', 'email_notifications', 'notification_email', 'backup_email', 'proxy_override' ) );
26


19	}
20
21
22	+ $this->vars_to_skip_validate_matching_fields = array( 'digest_last_sent', 'digest_messages', 'digest_email', 'email_notifications', 'notification_email', 'backup_email', 'show_new_dashboard_notice', 'proxy_override', 'proxy', 'proxy_header', 'server_ips', 'initial_build' );
23	+ $this->set_previous_if_empty( array( 'did_upgrade', 'log_info', 'show_security_check', 'build', 'activation_timestamp', 'lock_file', 'cron_status', 'use_cron', 'cron_test_time', 'proxy', 'proxy_header', 'server_ips', 'initial_build' ) );
24	$this->set_default_if_empty( array( 'log_location', 'nginx_file', 'enable_grade_report' ) );
25	$this->preserve_setting_if_exists( array( 'digest_email', 'email_notifications', 'notification_email', 'backup_email', 'proxy_override' ) );
26

core/modules/hide-backend/class-itsec-hide-backend.php CHANGED Viewed

	@@ -17,7 +17,7 @@ class ITSEC_Hide_Backend {
17	add_filter( 'itsec_notifications', array( $this, 'register_notification' ) );
18	add_filter( 'itsec_hide-backend_notification_strings', array( $this, 'notification_strings' ) );
19
20	- if ( ! $this->settings['enabled'] ) {
21	return;
22	}
23


17	add_filter( 'itsec_notifications', array( $this, 'register_notification' ) );
18	add_filter( 'itsec_hide-backend_notification_strings', array( $this, 'notification_strings' ) );
19
20	+ if ( ! $this->settings['enabled'] \|\| ITSEC_Core::is_temp_disable_modules_set() ) {
21	return;
22	}
23

core/modules/wordpress-tweaks/class-itsec-wordpress-tweaks.php CHANGED Viewed

	@@ -447,7 +447,7 @@ final class ITSEC_WordPress_Tweaks {
447
448	public function add_block_tabnapping_script() {
449	wp_enqueue_script( 'blankshield', plugins_url( 'js/blankshield/blankshield.min.js', __FILE__ ), array(), ITSEC_Core::get_plugin_build(), true );
450	- wp_enqueue_script( 'itsec-wt-block-tabnapping', plugins_url( 'js/block-tabnapping.js', __FILE__ ), array( 'blankshield' ), ITSEC_Core::get_plugin_build(), true );
451	}
452
453	/**


447
448	public function add_block_tabnapping_script() {
449	wp_enqueue_script( 'blankshield', plugins_url( 'js/blankshield/blankshield.min.js', __FILE__ ), array(), ITSEC_Core::get_plugin_build(), true );
450	+ wp_enqueue_script( 'itsec-wt-block-tabnapping', plugins_url( 'js/block-tabnapping.min.js', __FILE__ ), array( 'blankshield' ), ITSEC_Core::get_plugin_build(), true );
451	}
452
453	/**

core/modules/wordpress-tweaks/js/block-tabnapping.js CHANGED Viewed

@@ -1,3 +1,704 @@
             document.addEventListener( 'DOMContentLoaded', function() {
-            -
            	blankshield( document.querySelectorAll( 'a[target=_blank]' ) );
-            -
            });


1	document.addEventListener( 'DOMContentLoaded', function() {
2	+ // Extract from https://github.com/lancedikson/bowser licensed MIT
3	+ /**
4	+ * Get first matched item for a string
5	+ * @param {RegExp} regexp
6	+ * @param {String} ua
7	+ * @return {Array\|{index: number, input: string}\|*\|boolean\|string}
8	+ */
9	+ function getFirstMatch( regexp, ua ) {
10	+ var match = ua.match( regexp );
11	+ return ( match && match.length > 0 && match[ 1 ] ) \|\| '';
12	+ }
13	+
14	+ /**
15	+ * Get second matched item for a string
16	+ * @param regexp
17	+ * @param {String} ua
18	+ * @return {Array\|{index: number, input: string}\|*\|boolean\|string}
19	+ */
20	+ function getSecondMatch( regexp, ua ) {
21	+ var match = ua.match( regexp );
22	+ return ( match && match.length > 1 && match[ 2 ] ) \|\| '';
23	+ }
24	+
25	+ var commonVersionIdentifier = /version\/(\d+(\.?_?\d+)+)/i;
26	+
27	+ var browsersList = [
28	+ /* Googlebot */
29	+ {
30	+ test : [ /googlebot/i ],
31	+ describe: function describe( ua ) {
32	+ var browser = {
33	+ name: 'Googlebot',
34	+ };
35	+ var version = getFirstMatch( /googlebot\/(\d+(\.\d+))/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
36	+
37	+ if ( version ) {
38	+ browser.version = version;
39	+ }
40	+
41	+ return browser;
42	+ },
43	+ },
44	+ /* Opera < 13.0 */
45	+ {
46	+ test : [ /opera/i ],
47	+ describe: function describe( ua ) {
48	+ var browser = {
49	+ name: 'Opera',
50	+ };
51	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:opera)[\s/](\d+(\.?_?\d+)+)/i, ua );
52	+
53	+ if ( version ) {
54	+ browser.version = version;
55	+ }
56	+
57	+ return browser;
58	+ },
59	+ },
60	+ /* Opera > 13.0 */
61	+ {
62	+ test : [ /opr\/\|opios/i ],
63	+ describe: function describe( ua ) {
64	+ var browser = {
65	+ name: 'Opera',
66	+ };
67	+ var version = getFirstMatch( /(?:opr\|opios)[\s/](\S+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
68	+
69	+ if ( version ) {
70	+ browser.version = version;
71	+ }
72	+
73	+ return browser;
74	+ },
75	+ }, {
76	+ test : [ /SamsungBrowser/i ],
77	+ describe: function describe( ua ) {
78	+ var browser = {
79	+ name: 'Samsung Internet for Android',
80	+ };
81	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:SamsungBrowser)[\s/](\d+(\.?_?\d+)+)/i, ua );
82	+
83	+ if ( version ) {
84	+ browser.version = version;
85	+ }
86	+
87	+ return browser;
88	+ },
89	+ }, {
90	+ test : [ /Whale/i ],
91	+ describe: function describe( ua ) {
92	+ var browser = {
93	+ name: 'NAVER Whale Browser',
94	+ };
95	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:whale)[\s/](\d+(?:\.\d+)+)/i, ua );
96	+
97	+ if ( version ) {
98	+ browser.version = version;
99	+ }
100	+
101	+ return browser;
102	+ },
103	+ }, {
104	+ test : [ /MZBrowser/i ],
105	+ describe: function describe( ua ) {
106	+ var browser = {
107	+ name: 'MZ Browser',
108	+ };
109	+ var version = getFirstMatch( /(?:MZBrowser)[\s/](\d+(?:\.\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
110	+
111	+ if ( version ) {
112	+ browser.version = version;
113	+ }
114	+
115	+ return browser;
116	+ },
117	+ }, {
118	+ test : [ /focus/i ],
119	+ describe: function describe( ua ) {
120	+ var browser = {
121	+ name: 'Focus',
122	+ };
123	+ var version = getFirstMatch( /(?:focus)[\s/](\d+(?:\.\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
124	+
125	+ if ( version ) {
126	+ browser.version = version;
127	+ }
128	+
129	+ return browser;
130	+ },
131	+ }, {
132	+ test : [ /swing/i ],
133	+ describe: function describe( ua ) {
134	+ var browser = {
135	+ name: 'Swing',
136	+ };
137	+ var version = getFirstMatch( /(?:swing)[\s/](\d+(?:\.\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
138	+
139	+ if ( version ) {
140	+ browser.version = version;
141	+ }
142	+
143	+ return browser;
144	+ },
145	+ }, {
146	+ test : [ /coast/i ],
147	+ describe: function describe( ua ) {
148	+ var browser = {
149	+ name: 'Opera Coast',
150	+ };
151	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:coast)[\s/](\d+(\.?_?\d+)+)/i, ua );
152	+
153	+ if ( version ) {
154	+ browser.version = version;
155	+ }
156	+
157	+ return browser;
158	+ },
159	+ }, {
160	+ test : [ /yabrowser/i ],
161	+ describe: function describe( ua ) {
162	+ var browser = {
163	+ name: 'Yandex Browser',
164	+ };
165	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:yabrowser)[\s/](\d+(\.?_?\d+)+)/i, ua );
166	+
167	+ if ( version ) {
168	+ browser.version = version;
169	+ }
170	+
171	+ return browser;
172	+ },
173	+ }, {
174	+ test : [ /ucbrowser/i ],
175	+ describe: function describe( ua ) {
176	+ var browser = {
177	+ name: 'UC Browser',
178	+ };
179	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:ucbrowser)[\s/](\d+(\.?_?\d+)+)/i, ua );
180	+
181	+ if ( version ) {
182	+ browser.version = version;
183	+ }
184	+
185	+ return browser;
186	+ },
187	+ }, {
188	+ test : [ /Maxthon\|mxios/i ],
189	+ describe: function describe( ua ) {
190	+ var browser = {
191	+ name: 'Maxthon',
192	+ };
193	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:Maxthon\|mxios)[\s/](\d+(\.?_?\d+)+)/i, ua );
194	+
195	+ if ( version ) {
196	+ browser.version = version;
197	+ }
198	+
199	+ return browser;
200	+ },
201	+ }, {
202	+ test : [ /epiphany/i ],
203	+ describe: function describe( ua ) {
204	+ var browser = {
205	+ name: 'Epiphany',
206	+ };
207	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:epiphany)[\s/](\d+(\.?_?\d+)+)/i, ua );
208	+
209	+ if ( version ) {
210	+ browser.version = version;
211	+ }
212	+
213	+ return browser;
214	+ },
215	+ }, {
216	+ test : [ /puffin/i ],
217	+ describe: function describe( ua ) {
218	+ var browser = {
219	+ name: 'Puffin',
220	+ };
221	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:puffin)[\s/](\d+(\.?_?\d+)+)/i, ua );
222	+
223	+ if ( version ) {
224	+ browser.version = version;
225	+ }
226	+
227	+ return browser;
228	+ },
229	+ }, {
230	+ test : [ /sleipnir/i ],
231	+ describe: function describe( ua ) {
232	+ var browser = {
233	+ name: 'Sleipnir',
234	+ };
235	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:sleipnir)[\s/](\d+(\.?_?\d+)+)/i, ua );
236	+
237	+ if ( version ) {
238	+ browser.version = version;
239	+ }
240	+
241	+ return browser;
242	+ },
243	+ }, {
244	+ test : [ /k-meleon/i ],
245	+ describe: function describe( ua ) {
246	+ var browser = {
247	+ name: 'K-Meleon',
248	+ };
249	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /(?:k-meleon)[\s/](\d+(\.?_?\d+)+)/i, ua );
250	+
251	+ if ( version ) {
252	+ browser.version = version;
253	+ }
254	+
255	+ return browser;
256	+ },
257	+ }, {
258	+ test : [ /micromessenger/i ],
259	+ describe: function describe( ua ) {
260	+ var browser = {
261	+ name: 'WeChat',
262	+ };
263	+ var version = getFirstMatch( /(?:micromessenger)[\s/](\d+(\.?_?\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
264	+
265	+ if ( version ) {
266	+ browser.version = version;
267	+ }
268	+
269	+ return browser;
270	+ },
271	+ }, {
272	+ test : [ /msie\|trident/i ],
273	+ describe: function describe( ua ) {
274	+ var browser = {
275	+ name: 'Internet Explorer',
276	+ };
277	+ var version = getFirstMatch( /(?:msie \|rv:)(\d+(\.?_?\d+)+)/i, ua );
278	+
279	+ if ( version ) {
280	+ browser.version = version;
281	+ }
282	+
283	+ return browser;
284	+ },
285	+ }, {
286	+ test : [ /edg([ea]\|ios)/i ],
287	+ describe: function describe( ua ) {
288	+ var browser = {
289	+ name: 'Microsoft Edge',
290	+ };
291	+ var version = getSecondMatch( /edg([ea]\|ios)\/(\d+(\.?_?\d+)+)/i, ua );
292	+
293	+ if ( version ) {
294	+ browser.version = version;
295	+ }
296	+
297	+ return browser;
298	+ },
299	+ }, {
300	+ test : [ /vivaldi/i ],
301	+ describe: function describe( ua ) {
302	+ var browser = {
303	+ name: 'Vivaldi',
304	+ };
305	+ var version = getFirstMatch( /vivaldi\/(\d+(\.?_?\d+)+)/i, ua );
306	+
307	+ if ( version ) {
308	+ browser.version = version;
309	+ }
310	+
311	+ return browser;
312	+ },
313	+ }, {
314	+ test : [ /seamonkey/i ],
315	+ describe: function describe( ua ) {
316	+ var browser = {
317	+ name: 'SeaMonkey',
318	+ };
319	+ var version = getFirstMatch( /seamonkey\/(\d+(\.?_?\d+)+)/i, ua );
320	+
321	+ if ( version ) {
322	+ browser.version = version;
323	+ }
324	+
325	+ return browser;
326	+ },
327	+ }, {
328	+ test : [ /sailfish/i ],
329	+ describe: function describe( ua ) {
330	+ var browser = {
331	+ name: 'Sailfish',
332	+ };
333	+ var version = getFirstMatch( /sailfish\s?browser\/(\d+(\.\d+)?)/i, ua );
334	+
335	+ if ( version ) {
336	+ browser.version = version;
337	+ }
338	+
339	+ return browser;
340	+ },
341	+ }, {
342	+ test : [ /silk/i ],
343	+ describe: function describe( ua ) {
344	+ var browser = {
345	+ name: 'Amazon Silk',
346	+ };
347	+ var version = getFirstMatch( /silk\/(\d+(\.?_?\d+)+)/i, ua );
348	+
349	+ if ( version ) {
350	+ browser.version = version;
351	+ }
352	+
353	+ return browser;
354	+ },
355	+ }, {
356	+ test : [ /phantom/i ],
357	+ describe: function describe( ua ) {
358	+ var browser = {
359	+ name: 'PhantomJS',
360	+ };
361	+ var version = getFirstMatch( /phantomjs\/(\d+(\.?_?\d+)+)/i, ua );
362	+
363	+ if ( version ) {
364	+ browser.version = version;
365	+ }
366	+
367	+ return browser;
368	+ },
369	+ }, {
370	+ test : [ /slimerjs/i ],
371	+ describe: function describe( ua ) {
372	+ var browser = {
373	+ name: 'SlimerJS',
374	+ };
375	+ var version = getFirstMatch( /slimerjs\/(\d+(\.?_?\d+)+)/i, ua );
376	+
377	+ if ( version ) {
378	+ browser.version = version;
379	+ }
380	+
381	+ return browser;
382	+ },
383	+ }, {
384	+ test : [ /blackberry\|\bbb\d+/i, /rim\stablet/i ],
385	+ describe: function describe( ua ) {
386	+ var browser = {
387	+ name: 'BlackBerry',
388	+ };
389	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /blackberry[\d]+\/(\d+(\.?_?\d+)+)/i, ua );
390	+
391	+ if ( version ) {
392	+ browser.version = version;
393	+ }
394	+
395	+ return browser;
396	+ },
397	+ }, {
398	+ test : [ /(web\|hpw)[o0]s/i ],
399	+ describe: function describe( ua ) {
400	+ var browser = {
401	+ name: 'WebOS Browser',
402	+ };
403	+ var version = getFirstMatch( commonVersionIdentifier, ua ) \|\| getFirstMatch( /w(?:eb)?[o0]sbrowser\/(\d+(\.?_?\d+)+)/i, ua );
404	+
405	+ if ( version ) {
406	+ browser.version = version;
407	+ }
408	+
409	+ return browser;
410	+ },
411	+ }, {
412	+ test : [ /bada/i ],
413	+ describe: function describe( ua ) {
414	+ var browser = {
415	+ name: 'Bada',
416	+ };
417	+ var version = getFirstMatch( /dolfin\/(\d+(\.?_?\d+)+)/i, ua );
418	+
419	+ if ( version ) {
420	+ browser.version = version;
421	+ }
422	+
423	+ return browser;
424	+ },
425	+ }, {
426	+ test : [ /tizen/i ],
427	+ describe: function describe( ua ) {
428	+ var browser = {
429	+ name: 'Tizen',
430	+ };
431	+ var version = getFirstMatch( /(?:tizen\s?)?browser\/(\d+(\.?_?\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
432	+
433	+ if ( version ) {
434	+ browser.version = version;
435	+ }
436	+
437	+ return browser;
438	+ },
439	+ }, {
440	+ test : [ /qupzilla/i ],
441	+ describe: function describe( ua ) {
442	+ var browser = {
443	+ name: 'QupZilla',
444	+ };
445	+ var version = getFirstMatch( /(?:qupzilla)[\s/](\d+(\.?_?\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
446	+
447	+ if ( version ) {
448	+ browser.version = version;
449	+ }
450	+
451	+ return browser;
452	+ },
453	+ }, {
454	+ test : [ /firefox\|iceweasel\|fxios/i ],
455	+ describe: function describe( ua ) {
456	+ var browser = {
457	+ name: 'Firefox',
458	+ };
459	+ var version = getFirstMatch( /(?:firefox\|iceweasel\|fxios)[\s/](\d+(\.?_?\d+)+)/i, ua );
460	+
461	+ if ( version ) {
462	+ browser.version = version;
463	+ }
464	+
465	+ return browser;
466	+ },
467	+ }, {
468	+ test : [ /chromium/i ],
469	+ describe: function describe( ua ) {
470	+ var browser = {
471	+ name: 'Chromium',
472	+ };
473	+ var version = getFirstMatch( /(?:chromium)[\s/](\d+(\.?_?\d+)+)/i, ua ) \|\| getFirstMatch( commonVersionIdentifier, ua );
474	+
475	+ if ( version ) {
476	+ browser.version = version;
477	+ }
478	+
479	+ return browser;
480	+ },
481	+ }, {
482	+ test : [ /chrome\|crios\|crmo/i ],
483	+ describe: function describe( ua ) {
484	+ var browser = {
485	+ name: 'Chrome',
486	+ };
487	+ var version = getFirstMatch( /(?:chrome\|crios\|crmo)\/(\d+(\.?_?\d+)+)/i, ua );
488	+
489	+ if ( version ) {
490	+ browser.version = version;
491	+ }
492	+
493	+ return browser;
494	+ },
495	+ },
496	+ /* Android Browser */
497	+ {
498	+ test : function test( ua ) {
499	+ var notLikeAndroid = !/like android/i.test( ua );
500	+ var butAndroid = /android/i.test( ua );
501	+ return notLikeAndroid && butAndroid;
502	+ },
503	+ describe: function describe( ua ) {
504	+ var browser = {
505	+ name: 'Android Browser',
506	+ };
507	+ var version = getFirstMatch( commonVersionIdentifier, ua );
508	+
509	+ if ( version ) {
510	+ browser.version = version;
511	+ }
512	+
513	+ return browser;
514	+ },
515	+ },
516	+ /* Safari */
517	+ {
518	+ test : [ /safari\|applewebkit/i ],
519	+ describe: function describe( ua ) {
520	+ var browser = {
521	+ name: 'Safari',
522	+ };
523	+ var version = getFirstMatch( commonVersionIdentifier, ua );
524	+
525	+ if ( version ) {
526	+ browser.version = version;
527	+ }
528	+
529	+ return browser;
530	+ },
531	+ },
532	+ /* Something else */
533	+ {
534	+ test : [ /.*/i ],
535	+ describe: function describe( ua ) {
536	+ return {
537	+ name : getFirstMatch( /^(.)\/(.) /, ua ),
538	+ version: getSecondMatch( /^(.)\/(.) /, ua ),
539	+ };
540	+ },
541	+ },
542	+ ];
543	+
544	+ function compareVersions( versionA, versionB ) {
545	+ var isLoose = arguments.length > 2 && arguments[ 2 ] !== undefined ? arguments[ 2 ] : false;
546	+ // 1) get common precision for both versions, for example for "10.0" and "9" it should be 2
547	+ var versionAPrecision = getVersionPrecision( versionA );
548	+ var versionBPrecision = getVersionPrecision( versionB );
549	+ var precision = Math.max( versionAPrecision, versionBPrecision );
550	+ var lastPrecision = 0;
551	+ var chunks = map( [ versionA, versionB ], function( version ) {
552	+ var delta = precision - getVersionPrecision( version ); // 2) "9" -> "9.0" (for precision = 2)
553	+
554	+ var _version = version + new Array( delta + 1 ).join( '.0' ); // 3) "9.0" -> ["000000000"", "000000009"]
555	+
556	+ return map( _version.split( '.' ), function( chunk ) {
557	+ return new Array( 20 - chunk.length ).join( '0' ) + chunk;
558	+ } ).reverse();
559	+ } ); // adjust precision for loose comparison
560	+
561	+ if ( isLoose ) {
562	+ lastPrecision = precision - Math.min( versionAPrecision, versionBPrecision );
563	+ } // iterate in reverse order by reversed chunks array
564	+
565	+ precision -= 1;
566	+
567	+ while ( precision >= lastPrecision ) {
568	+ // 4) compare: "000000009" > "000000010" = false (but "9" > "10" = true)
569	+ if ( chunks[ 0 ][ precision ] > chunks[ 1 ][ precision ] ) {
570	+ return 1;
571	+ }
572	+
573	+ if ( chunks[ 0 ][ precision ] === chunks[ 1 ][ precision ] ) {
574	+ if ( precision === lastPrecision ) {
575	+ // all version chunks are same
576	+ return 0;
577	+ }
578	+
579	+ precision -= 1;
580	+ } else if ( chunks[ 0 ][ precision ] < chunks[ 1 ][ precision ] ) {
581	+ return -1;
582	+ }
583	+ }
584	+ }
585	+
586	+ function getVersionPrecision( version ) {
587	+ return version.split( '.' ).length;
588	+ }
589	+
590	+ function map( arr, iterator ) {
591	+ var result = [];
592	+ var i;
593	+
594	+ if ( Array.prototype.map ) {
595	+ return Array.prototype.map.call( arr, iterator );
596	+ }
597	+
598	+ for ( i = 0; i < arr.length; i += 1 ) {
599	+ result.push( iterator( arr[ i ] ) );
600	+ }
601	+
602	+ return result;
603	+ }
604	+
605	+ function getBrowser() {
606	+
607	+ if ( !window.navigator \|\| !window.navigator.userAgent ) {
608	+ return false;
609	+ }
610	+
611	+ var agent = window.navigator.userAgent;
612	+
613	+ for ( var i = 0; i < browsersList.length; i++ ) {
614	+ var _browser = browsersList[ i ];
615	+
616	+ if ( typeof _browser.test === 'function' ) {
617	+ if ( _browser.test( agent ) ) {
618	+ return _browser.describe( agent );
619	+ }
620	+
621	+ continue;
622	+ }
623	+
624	+ if ( _browser.test instanceof Array ) {
625	+ for ( var j = 0; j < _browser.test.length; j++ ) {
626	+ var regex = _browser.test[ j ];
627	+
628	+ if ( regex.test( agent ) ) {
629	+ return _browser.describe( agent );
630	+ }
631	+ }
632	+ }
633	+ }
634	+
635	+ return false;
636	+ }
637	+
638	+ var noOpenerSupport = {
639	+ 'Firefox' : '52',
640	+ 'Chrome' : '49',
641	+ 'Safari' : '10.3',
642	+ 'Opera' : '36',
643	+ operaMobile : '46',
644	+ 'Android Browser' : '67',
645	+ chromeForAndroid : '71',
646	+ firefoxForAndroid : '64',
647	+ 'UC Browser' : '11.8',
648	+ 'Samsung Internet for Android': '5',
649	+ qcBrowser : '1.2',
650	+ baiduBrowser : '7.12',
651	+ };
652	+
653	+ var browser = getBrowser();
654	+ var hasNoOpener;
655	+
656	+ if ( browser ) {
657	+ switch ( browser.name ) {
658	+ case 'Safari':
659	+ hasNoOpener = browser.version && compareVersions( browser.version, noOpenerSupport.Safari ) !== -1;
660	+ break;
661	+ case 'Chrome':
662	+ // Has it earlier, but chrome started blocking in this version
663	+ // since chrome can appear in so many UAs be conservative and only use the noopener attr when
664	+ // required
665	+ hasNoOpener = browser.version && compareVersions( browser.version, '72' ) !== -1;
666	+ break;
667	+ case 'Opera':
668	+ hasNoOpener = browser.version && compareVersions( browser.version, '46' ) !== -1;
669	+ break;
670	+ default:
671	+ hasNoOpener = false;
672	+ break;
673	+ }
674	+ }
675	+
676	+ if ( hasNoOpener ) {
677	+ var links = document.querySelectorAll( 'a[target=_blank]' );
678	+
679	+ for ( var i = 0; i < links.length; i++ ) {
680	+ var link = links[ i ];
681	+
682	+ var rel = link.getAttribute( 'rel' );
683	+
684	+ if ( typeof rel !== 'string' ) {
685	+ rel = '';
686	+ }
687	+
688	+ if ( rel.indexOf( 'noopener' ) !== -1 ) {
689	+ continue;
690	+ }
691	+
692	+ if ( rel.length > 0 ) {
693	+ rel += ' noopener';
694	+ } else {
695	+ rel += 'noopener';
696	+ }
697	+
698	+ link.setAttribute( 'rel', rel );
699	+ }
700	+
701	+ } else {
702	+ blankshield( document.querySelectorAll( 'a[target=_blank]' ) );
703	+ }
704	+ } );

core/modules/wordpress-tweaks/js/block-tabnapping.min.js ADDED Viewed

	@@ -0,0 +1 @@

+ document.addEventListener("DOMContentLoaded",function(){function n(r,e){var i=e.match(r);return i&&i.length>0&&i[1]||""}function a(r,e){var i=e.match(r);return i&&i.length>1&&i[2]||""}var t=/version\/(\d+(\.?_?\d+)+)/i;var s=[{test:[/googlebot/i],i:function r(r){var e={name:"Googlebot"};var i=n(/googlebot\/(\d+(\.\d+))/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/opera/i],i:function r(r){var e={name:"Opera"};var i=n(t,r)||n(/(?:opera)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/opr\/|opios/i],i:function r(r){var e={name:"Opera"};var i=n(/(?:opr|opios)[\s/](\S+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/SamsungBrowser/i],i:function r(r){var e={name:"Samsung Internet for Android"};var i=n(t,r)||n(/(?:SamsungBrowser)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/Whale/i],i:function r(r){var e={name:"NAVER Whale Browser"};var i=n(t,r)||n(/(?:whale)[\s/](\d+(?:\.\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/MZBrowser/i],i:function r(r){var e={name:"MZ Browser"};var i=n(/(?:MZBrowser)[\s/](\d+(?:\.\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/focus/i],i:function r(r){var e={name:"Focus"};var i=n(/(?:focus)[\s/](\d+(?:\.\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/swing/i],i:function r(r){var e={name:"Swing"};var i=n(/(?:swing)[\s/](\d+(?:\.\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/coast/i],i:function r(r){var e={name:"Opera Coast"};var i=n(t,r)||n(/(?:coast)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/yabrowser/i],i:function r(r){var e={name:"Yandex Browser"};var i=n(t,r)||n(/(?:yabrowser)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/ucbrowser/i],i:function r(r){var e={name:"UC Browser"};var i=n(t,r)||n(/(?:ucbrowser)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/Maxthon|mxios/i],i:function r(r){var e={name:"Maxthon"};var i=n(t,r)||n(/(?:Maxthon|mxios)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/epiphany/i],i:function r(r){var e={name:"Epiphany"};var i=n(t,r)||n(/(?:epiphany)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/puffin/i],i:function r(r){var e={name:"Puffin"};var i=n(t,r)||n(/(?:puffin)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/sleipnir/i],i:function r(r){var e={name:"Sleipnir"};var i=n(t,r)||n(/(?:sleipnir)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/k-meleon/i],i:function r(r){var e={name:"K-Meleon"};var i=n(t,r)||n(/(?:k-meleon)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/micromessenger/i],i:function r(r){var e={name:"WeChat"};var i=n(/(?:micromessenger)[\s/](\d+(\.?_?\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/msie|trident/i],i:function r(r){var e={name:"Internet Explorer"};var i=n(/(?:msie |rv:)(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/edg([ea]|ios)/i],i:function r(r){var e={name:"Microsoft Edge"};var i=a(/edg([ea]|ios)\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/vivaldi/i],i:function r(r){var e={name:"Vivaldi"};var i=n(/vivaldi\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/seamonkey/i],i:function r(r){var e={name:"SeaMonkey"};var i=n(/seamonkey\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/sailfish/i],i:function r(r){var e={name:"Sailfish"};var i=n(/sailfish\s?browser\/(\d+(\.\d+)?)/i,r);if(i){e.version=i}return e}},{test:[/silk/i],i:function r(r){var e={name:"Amazon Silk"};var i=n(/silk\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/phantom/i],i:function r(r){var e={name:"PhantomJS"};var i=n(/phantomjs\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/slimerjs/i],i:function r(r){var e={name:"SlimerJS"};var i=n(/slimerjs\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/blackberry|\bbb\d+/i,/rim\stablet/i],i:function r(r){var e={name:"BlackBerry"};var i=n(t,r)||n(/blackberry[\d]+\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/(web|hpw)[o0]s/i],i:function r(r){var e={name:"WebOS Browser"};var i=n(t,r)||n(/w(?:eb)?[o0]sbrowser\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/bada/i],i:function r(r){var e={name:"Bada"};var i=n(/dolfin\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/tizen/i],i:function r(r){var e={name:"Tizen"};var i=n(/(?:tizen\s?)?browser\/(\d+(\.?_?\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/qupzilla/i],i:function r(r){var e={name:"QupZilla"};var i=n(/(?:qupzilla)[\s/](\d+(\.?_?\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/firefox|iceweasel|fxios/i],i:function r(r){var e={name:"Firefox"};var i=n(/(?:firefox|iceweasel|fxios)[\s/](\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:[/chromium/i],i:function r(r){var e={name:"Chromium"};var i=n(/(?:chromium)[\s/](\d+(\.?_?\d+)+)/i,r)||n(t,r);if(i){e.version=i}return e}},{test:[/chrome|crios|crmo/i],i:function r(r){var e={name:"Chrome"};var i=n(/(?:chrome|crios|crmo)\/(\d+(\.?_?\d+)+)/i,r);if(i){e.version=i}return e}},{test:function e(r){var e=!/like android/i.test(r);var i=/android/i.test(r);return e&&i},i:function r(r){var e={name:"Android Browser"};var i=n(t,r);if(i){e.version=i}return e}},{test:[/safari|applewebkit/i],i:function r(r){var e={name:"Safari"};var i=n(t,r);if(i){e.version=i}return e}},{test:[/.*/i],i:function r(r){return{name:n(/^(.*)\/(.*) /,r),version:a(/^(.*)\/(.*) /,r)}}}];function i(r,e){var i=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;var n=d(r);var a=d(e);var t=Math.max(n,a);var s=0;var o=f([r,e],function(r){var e=t-d(r);var i=r+new Array(e+1).join(".0");return f(i.split("."),function(r){return new Array(20-r.length).join("0")+r}).reverse()});if(i){s=t-Math.min(n,a)}t-=1;while(t>=s){if(o[0][t]>o[1][t]){return 1}if(o[0][t]===o[1][t]){if(t===s){return 0}t-=1}else if(o[0][t]<o[1][t]){return-1}}}function d(r){return r.split(".").length}function f(r,e){var i=[];var n;if(Array.prototype.map){return Array.prototype.map.call(r,e)}for(n=0;n<r.length;n+=1){i.push(e(r[n]))}return i}function o(){if(!window.navigator||!window.navigator.userAgent){return false}var r=window.navigator.userAgent;for(var e=0;e<s.length;e++){var i=s[e];if(typeof i.test==="function"){if(i.test(r)){return i.i(r)}continue}if(i.test instanceof Array){for(var n=0;n<i.test.length;n++){var a=i.test[n];if(a.test(r)){return i.i(r)}}}}return false}var u={t:"52",s:"49",o:"10.3",u:"36",v:"46",m:"67",l:"71",p:"64",h:"11.8",_:"5",g:"1.2",k:"7.12"};var c=o();var v;if(c){switch(c.name){case"Safari":v=c.version&&i(c.version,u.o)!==-1;break;case"Chrome":v=c.version&&i(c.version,"72")!==-1;break;case"Opera":v=c.version&&i(c.version,"46")!==-1;break;default:v=false;break}}if(v){var m=document.querySelectorAll("a[target=_blank]");for(var b=0;b<m.length;b++){var l=m[b];var w=l.getAttribute("rel");if(typeof w!=="string"){w=""}if(w.indexOf("noopener")!==-1){continue}if(w.length>0){w+=" noopener"}else{w+="noopener"}l.setAttribute("rel",w)}}else{blankshield(document.querySelectorAll("a[target=_blank]"))}});

core/setup.php CHANGED Viewed

	@@ -9,6 +9,10 @@
9	final class ITSEC_Setup {
10	public static function handle_activation() {
11	self::setup_plugin_data();




12	}
13
14	public static function handle_deactivation() {
	@@ -42,6 +46,10 @@ final class ITSEC_Setup {
42	}
43
44	public static function handle_upgrade( $build = false ) {




45	self::setup_plugin_data( $build );
46	}
47


9	final class ITSEC_Setup {
10	public static function handle_activation() {
11	self::setup_plugin_data();
12	+
13	+ if ( ! ITSEC_Modules::get_setting( 'global', 'initial_build' ) ) {
14	+ ITSEC_Modules::set_setting( 'global', 'initial_build', ITSEC_Core::get_plugin_build() );
15	+ }
16	}
17
18	public static function handle_deactivation() {

46	}
47
48	public static function handle_upgrade( $build = false ) {
49	+ if ( ! ITSEC_Modules::get_setting( 'global', 'initial_build' ) ) {
50	+ ITSEC_Modules::set_setting( 'global', 'initial_build', ITSEC_Core::get_plugin_build() - 1 );
51	+ }
52	+
53	self::setup_plugin_data( $build );
54	}
55

history.txt CHANGED Viewed

	@@ -825,4 +825,6 @@
825	Bug Fix: Notification Center - Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
826	Bug Fix: Error when trying to edit reusable blocks with per-post SSL enabled.
827	Bug Fix: Resolve warnings on PHP 5.2.
828	-


825	Bug Fix: Notification Center - Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
826	Bug Fix: Error when trying to edit reusable blocks with per-post SSL enabled.
827	Bug Fix: Resolve warnings on PHP 5.2.
828	+ 7.3.1 - 2019-02-21 - Chris Jean & Timothy Jacobs
829	+ Enhancement: When ITSEC_DISABLE_MODULES is set, prevent hide backend from running.
830	+ Bug Fix: Tabnapping: Apply noopener to links instead of using blankshield script when available to prevent new pop-up blocker behavior from killing the links.

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: ithemes, chrisjean, gerroald, mattdanner, timothyblynjacobs
3	Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4	Requires at least: 4.7
5	Tested up to: 5.1.0
6	- Stable tag: 7.3.0
7	Requires PHP: 5.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -189,6 +189,10 @@ Free support may be available with the help of the community in the <a href="htt
189
190	== Changelog ==
191




192	= 7.3.0 =
193	* Enhancement: Add Per-Content SSL toggle to the upcoming Block Editor interface.
194	* Enhancement: Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".
	@@ -520,5 +524,5 @@ Free support may be available with the help of the community in the <a href="htt
520
521	== Upgrade Notice ==
522
523	- = 7.3.0 =
524	- Version 7.3.0 contains important bug fixes and improvements. It is recommended for all users.


3	Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
4	Requires at least: 4.7
5	Tested up to: 5.1.0
6	+ Stable tag: 7.3.1
7	Requires PHP: 5.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

189
190	== Changelog ==
191
192	+ = 7.3.1 =
193	+ * Enhancement: When ITSEC_DISABLE_MODULES is set, prevent hide backend from running.
194	+ * Bug Fix: Tabnapping: Apply noopener to links instead of using blankshield script when available to prevent new pop-up blocker behavior from killing the links.
195	+
196	= 7.3.0 =
197	* Enhancement: Add Per-Content SSL toggle to the upcoming Block Editor interface.
198	* Enhancement: Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".

524
525	== Upgrade Notice ==
526
527	+ = 7.3.1 =
528	+ Version 7.3.1 contains important bug fixes and improvements. It is recommended for all users.

iThemes Security (formerly Better WP Security) - Version 7.3.1

Version Description

Release Info

Code changes from version 7.3.0 to 7.3.1