BBQ: Block Bad Queries - Version 20180821

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20180821
Comparing to
See all releases

Code changes from version 20180511 to 20180821

Files changed (3) hide show
  1. bbq-settings.php +5 -5
  2. block-bad-queries.php +5 -5
  3. readme.txt +25 -9
bbq-settings.php CHANGED
@@ -47,7 +47,7 @@ function bbq_validate_options($input) {
47
function bbq_settings_section_general() {
48
49
echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
50
- echo '<a target="_blank" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('Block Bad Queries (BBQ)', 'block-bad-queries') .'</a>.</p>';
51
echo '<p>'. esc_html__('The free version is completely plug-&amp;-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
52
53
}
@@ -61,11 +61,11 @@ function bbq_settings_section_upgrade() {
61
62
$upgrade = '<p>';
63
$upgrade .= $text;
64
- $upgrade .= '<a target="_blank" href="'. $url .'">'. esc_html__('Get BBQ Pro &raquo;', 'block-bad-queries') .'</a>';
65
$upgrade .= '</p>';
66
67
$upgrade .= '<p class="bbq-pro">';
68
- $upgrade .= '<a target="_blank" href="'. $url .'" title="'. $text .'"><img src="'. $src .'" width="480" height="125" alt="'. $alt .'"></a>';
69
$upgrade .= '</p>';
70
71
echo $upgrade;
@@ -99,7 +99,7 @@ function bbq_action_links($links, $file) {
99
$pro_text = esc_html__('Go&nbsp;Pro', 'block-bad-queries');
100
$pro_style = esc_attr('font-weight:bold;');
101
102
- $pro_link = '<a target="_blank" href="'. $pro_url .'" title="'. $pro_title .'" style="'. $pro_style .'">'. $pro_text .'</a>';
103
104
array_unshift($links, $pro_link, $settings_link);
105
@@ -118,7 +118,7 @@ function bbq_meta_links($links, $file) {
118
$rate_title = esc_attr__('Click here to rate and review this plugin at WordPress.org', 'block-bad-queries');
119
$rate_text = esc_html__('Rate this plugin&nbsp;&raquo;', 'block-bad-queries');
120
121
- $links[] = '<a target="_blank" href="'. $rate_url .'" title="'. $rate_title .'">'. $rate_text .'</a>';
122
123
}
124
47
function bbq_settings_section_general() {
48
49
echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
50
+ echo '<a target="_blank" rel="noopener noreferrer" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('Block Bad Queries (BBQ)', 'block-bad-queries') .'</a>.</p>';
51
echo '<p>'. esc_html__('The free version is completely plug-&amp;-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
52
53
}
61
62
$upgrade = '<p>';
63
$upgrade .= $text;
64
+ $upgrade .= '<a target="_blank" rel="noopener noreferrer" href="'. $url .'">'. esc_html__('Get BBQ Pro &raquo;', 'block-bad-queries') .'</a>';
65
$upgrade .= '</p>';
66
67
$upgrade .= '<p class="bbq-pro">';
68
+ $upgrade .= '<a target="_blank" rel="noopener noreferrer" href="'. $url .'" title="'. $text .'"><img src="'. $src .'" width="480" height="125" alt="'. $alt .'"></a>';
69
$upgrade .= '</p>';
70
71
echo $upgrade;
99
$pro_text = esc_html__('Go&nbsp;Pro', 'block-bad-queries');
100
$pro_style = esc_attr('font-weight:bold;');
101
102
+ $pro_link = '<a target="_blank" rel="noopener noreferrer" href="'. $pro_url .'" title="'. $pro_title .'" style="'. $pro_style .'">'. $pro_text .'</a>';
103
104
array_unshift($links, $pro_link, $settings_link);
105
118
$rate_title = esc_attr__('Click here to rate and review this plugin at WordPress.org', 'block-bad-queries');
119
$rate_text = esc_html__('Rate this plugin&nbsp;&raquo;', 'block-bad-queries');
120
121
+ $links[] = '<a target="_blank" rel="noopener noreferrer" href="'. $rate_url .'" title="'. $rate_title .'">'. $rate_text .'</a>';
122
123
}
124
block-bad-queries.php CHANGED
@@ -8,11 +8,11 @@
8
Author: Jeff Starr
9
Author URI: https://plugin-planet.com/
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
- Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
- Stable tag: 20180511
15
- Version: 20180511
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
@@ -38,14 +38,14 @@
38
39
if (!defined('ABSPATH')) die();
40
41
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180511');
42
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
46
function bbq_core() {
47
48
- $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
$query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
$user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
8
Author: Jeff Starr
9
Author URI: https://plugin-planet.com/
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
+ Donate link: https://monzillamedia.com/donate.html
12
Requires at least: 4.1
13
Tested up to: 4.9
14
+ Stable tag: 20180821
15
+ Version: 20180821
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
38
39
if (!defined('ABSPATH')) die();
40
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180821');
42
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
46
function bbq_core() {
47
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
$query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
$user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
readme.txt CHANGED
@@ -8,11 +8,11 @@ Usage: No configuration necessary. Upload, activate and done. BBQ blocks bad que
8
Author: Jeff Starr
9
Author URI: https://plugin-planet.com/
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
- Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
- Stable tag: 20180511
15
- Version: 20180511
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
@@ -24,13 +24,10 @@ The fastest firewall plugin for WordPress.
24
25
== Description ==
26
27
- > Install, activate, and done!<br/>
28
> Powerful protection from WP's __fastest__ firewall plugin.
29
30
- [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
-
32
- > GDPR-compliant: does not collect any user data
33
- > Gutenberg-compliant: works perfectly with or without Gutenberg
34
35
**Awesome Features**
36
@@ -52,6 +49,12 @@ The fastest firewall plugin for WordPress.
52
* Regularly updated and "future proof"
53
* Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
54
55
**Pro Version**
56
57
For advanced protection and awesome features, check out [BBQ Pro](https://plugin-planet.com/bbq-pro/).
@@ -131,6 +134,11 @@ No, the free version of BBQ operates as each page is loaded; it does not make an
131
Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.
132
133
134
**Do I need WordPress to run BBQ?**
135
136
Nope! BBQ is available in the following flavors:
@@ -155,7 +163,7 @@ Send any questions or feedback via my [contact form](https://perishablepress.com
155
156
== Support development of this plugin ==
157
158
- I develop and maintain this free plugin with love for the WordPress community. To show support, you can [make a cash donation](https://m0n.co/donate), [bitcoin donation](https://m0n.co/bitcoin), or purchase one of my books:
159
160
* [The Tao of WordPress](https://wp-tao.com/)
161
* [Digging into WordPress](https://digwp.com/)
@@ -175,6 +183,14 @@ Links, tweets and likes also appreciated. Thank you! :)
175
176
== Changelog ==
177
178
**2018/05/11**
179
180
* Adds `xrumer` to blocked query strings and request URIs
8
Author: Jeff Starr
9
Author URI: https://plugin-planet.com/
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
+ Donate link: https://monzillamedia.com/donate.html
12
Requires at least: 4.1
13
Tested up to: 4.9
14
+ Stable tag: 20180821
15
+ Version: 20180821
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
24
25
== Description ==
26
27
+ > Install, activate, and done!
28
> Powerful protection from WP's __fastest__ firewall plugin.
29
30
+ [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
32
**Awesome Features**
33
49
* Regularly updated and "future proof"
50
* Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
51
52
+ **GDPR**
53
+
54
+ This plugin does not collect any user data. So it does _not_ do anything to make your site _less_ compliant with GDPR. I have done my best to ensure that this plugin is 100% GDPR compliant, but I'm not a lawyer so can't guarantee anything. To determine if your site is GDPR compliant, please consult an attorney.
55
+
56
+ > Works perfectly with or without Gutenberg
57
+
58
**Pro Version**
59
60
For advanced protection and awesome features, check out [BBQ Pro](https://plugin-planet.com/bbq-pro/).
134
Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.
135
136
137
+ **My PHP scanner/checker plugin says there is an error?**
138
+
139
+ For example, if your PHP/plugin scanner reports something like, "found `0x3c62723e` which is bad." Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must _know_ about it. So each bad string that is blocked by BBQ is included in the plugin "blacklist". That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ's list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to [contact me](https://perishablepress.com/contact/) if I may provide any further infos.
140
+
141
+
142
**Do I need WordPress to run BBQ?**
143
144
Nope! BBQ is available in the following flavors:
163
164
== Support development of this plugin ==
165
166
+ I develop and maintain this free plugin with love for the WordPress community. To show support, you can [make a donation](https://monzillamedia.com/donate.html) or purchase one of my books:
167
168
* [The Tao of WordPress](https://wp-tao.com/)
169
* [Digging into WordPress](https://digwp.com/)
183
184
== Changelog ==
185
186
+ **2018/08/21**
187
+
188
+ * Removes `.tar` from Request URI patterns
189
+ * Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/)
190
+ * Updates GDPR blurb and donate link
191
+ * Regenerates default translation template
192
+ * Further tests on WP 4.9 and 5.0 (alpha)
193
+
194
**2018/05/11**
195
196
* Adds `xrumer` to blocked query strings and request URIs