BBQ: Block Bad Queries - Version 20180821

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20180821
Comparing to
See all releases

Code changes from version 20180511 to 20180821

Files changed (3) hide show
  1. bbq-settings.php +5 -5
  2. block-bad-queries.php +5 -5
  3. readme.txt +25 -9
bbq-settings.php CHANGED
@@ -47,7 +47,7 @@ function bbq_validate_options($input) {
47
  function bbq_settings_section_general() {
48
 
49
  echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
50
- echo '<a target="_blank" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('Block Bad Queries (BBQ)', 'block-bad-queries') .'</a>.</p>';
51
  echo '<p>'. esc_html__('The free version is completely plug-&amp;-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
52
 
53
  }
@@ -61,11 +61,11 @@ function bbq_settings_section_upgrade() {
61
 
62
  $upgrade = '<p>';
63
  $upgrade .= $text;
64
- $upgrade .= '<a target="_blank" href="'. $url .'">'. esc_html__('Get BBQ Pro &raquo;', 'block-bad-queries') .'</a>';
65
  $upgrade .= '</p>';
66
 
67
  $upgrade .= '<p class="bbq-pro">';
68
- $upgrade .= '<a target="_blank" href="'. $url .'" title="'. $text .'"><img src="'. $src .'" width="480" height="125" alt="'. $alt .'"></a>';
69
  $upgrade .= '</p>';
70
 
71
  echo $upgrade;
@@ -99,7 +99,7 @@ function bbq_action_links($links, $file) {
99
  $pro_text = esc_html__('Go&nbsp;Pro', 'block-bad-queries');
100
  $pro_style = esc_attr('font-weight:bold;');
101
 
102
- $pro_link = '<a target="_blank" href="'. $pro_url .'" title="'. $pro_title .'" style="'. $pro_style .'">'. $pro_text .'</a>';
103
 
104
  array_unshift($links, $pro_link, $settings_link);
105
 
@@ -118,7 +118,7 @@ function bbq_meta_links($links, $file) {
118
  $rate_title = esc_attr__('Click here to rate and review this plugin at WordPress.org', 'block-bad-queries');
119
  $rate_text = esc_html__('Rate this plugin&nbsp;&raquo;', 'block-bad-queries');
120
 
121
- $links[] = '<a target="_blank" href="'. $rate_url .'" title="'. $rate_title .'">'. $rate_text .'</a>';
122
 
123
  }
124
 
47
  function bbq_settings_section_general() {
48
 
49
  echo '<p>'. esc_html__('Thanks for using the free version of ', 'block-bad-queries');
50
+ echo '<a target="_blank" rel="noopener noreferrer" href="https://wordpress.org/plugins/block-bad-queries/">'. esc_html__('Block Bad Queries (BBQ)', 'block-bad-queries') .'</a>.</p>';
51
  echo '<p>'. esc_html__('The free version is completely plug-&amp;-play, protecting your site automatically with no settings required.', 'block-bad-queries') .'</p>';
52
 
53
  }
61
 
62
  $upgrade = '<p>';
63
  $upgrade .= $text;
64
+ $upgrade .= '<a target="_blank" rel="noopener noreferrer" href="'. $url .'">'. esc_html__('Get BBQ Pro &raquo;', 'block-bad-queries') .'</a>';
65
  $upgrade .= '</p>';
66
 
67
  $upgrade .= '<p class="bbq-pro">';
68
+ $upgrade .= '<a target="_blank" rel="noopener noreferrer" href="'. $url .'" title="'. $text .'"><img src="'. $src .'" width="480" height="125" alt="'. $alt .'"></a>';
69
  $upgrade .= '</p>';
70
 
71
  echo $upgrade;
99
  $pro_text = esc_html__('Go&nbsp;Pro', 'block-bad-queries');
100
  $pro_style = esc_attr('font-weight:bold;');
101
 
102
+ $pro_link = '<a target="_blank" rel="noopener noreferrer" href="'. $pro_url .'" title="'. $pro_title .'" style="'. $pro_style .'">'. $pro_text .'</a>';
103
 
104
  array_unshift($links, $pro_link, $settings_link);
105
 
118
  $rate_title = esc_attr__('Click here to rate and review this plugin at WordPress.org', 'block-bad-queries');
119
  $rate_text = esc_html__('Rate this plugin&nbsp;&raquo;', 'block-bad-queries');
120
 
121
+ $links[] = '<a target="_blank" rel="noopener noreferrer" href="'. $rate_url .'" title="'. $rate_title .'">'. $rate_text .'</a>';
122
 
123
  }
124
 
block-bad-queries.php CHANGED
@@ -8,11 +8,11 @@
8
  Author: Jeff Starr
9
  Author URI: https://plugin-planet.com/
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
- Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
- Stable tag: 20180511
15
- Version: 20180511
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
@@ -38,14 +38,14 @@
38
 
39
  if (!defined('ABSPATH')) die();
40
 
41
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180511');
42
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
 
46
  function bbq_core() {
47
 
48
- $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
  $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
  $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
 
8
  Author: Jeff Starr
9
  Author URI: https://plugin-planet.com/
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
+ Donate link: https://monzillamedia.com/donate.html
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
+ Stable tag: 20180821
15
+ Version: 20180821
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
38
 
39
  if (!defined('ABSPATH')) die();
40
 
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180821');
42
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
 
46
  function bbq_core() {
47
 
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
  $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
  $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
 
readme.txt CHANGED
@@ -8,11 +8,11 @@ Usage: No configuration necessary. Upload, activate and done. BBQ blocks bad que
8
  Author: Jeff Starr
9
  Author URI: https://plugin-planet.com/
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
- Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
- Stable tag: 20180511
15
- Version: 20180511
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
@@ -24,13 +24,10 @@ The fastest firewall plugin for WordPress.
24
 
25
  == Description ==
26
 
27
- > Install, activate, and done!<br/>
28
  > Powerful protection from WP's __fastest__ firewall plugin.
29
 
30
- [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
-
32
- > GDPR-compliant: does not collect any user data
33
- > Gutenberg-compliant: works perfectly with or without Gutenberg
34
 
35
  **Awesome Features**
36
 
@@ -52,6 +49,12 @@ The fastest firewall plugin for WordPress.
52
  * Regularly updated and "future proof"
53
  * Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
54
 
 
 
 
 
 
 
55
  **Pro Version**
56
 
57
  For advanced protection and awesome features, check out [BBQ Pro](https://plugin-planet.com/bbq-pro/).
@@ -131,6 +134,11 @@ No, the free version of BBQ operates as each page is loaded; it does not make an
131
  Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.
132
 
133
 
 
 
 
 
 
134
  **Do I need WordPress to run BBQ?**
135
 
136
  Nope! BBQ is available in the following flavors:
@@ -155,7 +163,7 @@ Send any questions or feedback via my [contact form](https://perishablepress.com
155
 
156
  == Support development of this plugin ==
157
 
158
- I develop and maintain this free plugin with love for the WordPress community. To show support, you can [make a cash donation](https://m0n.co/donate), [bitcoin donation](https://m0n.co/bitcoin), or purchase one of my books:
159
 
160
  * [The Tao of WordPress](https://wp-tao.com/)
161
  * [Digging into WordPress](https://digwp.com/)
@@ -175,6 +183,14 @@ Links, tweets and likes also appreciated. Thank you! :)
175
 
176
  == Changelog ==
177
 
 
 
 
 
 
 
 
 
178
  **2018/05/11**
179
 
180
  * Adds `xrumer` to blocked query strings and request URIs
8
  Author: Jeff Starr
9
  Author URI: https://plugin-planet.com/
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
+ Donate link: https://monzillamedia.com/donate.html
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
+ Stable tag: 20180821
15
+ Version: 20180821
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
24
 
25
  == Description ==
26
 
27
+ > Install, activate, and done!
28
  > Powerful protection from WP's __fastest__ firewall plugin.
29
 
30
+ [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
 
 
 
31
 
32
  **Awesome Features**
33
 
49
  * Regularly updated and "future proof"
50
  * Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
51
 
52
+ **GDPR**
53
+
54
+ This plugin does not collect any user data. So it does _not_ do anything to make your site _less_ compliant with GDPR. I have done my best to ensure that this plugin is 100% GDPR compliant, but I'm not a lawyer so can't guarantee anything. To determine if your site is GDPR compliant, please consult an attorney.
55
+
56
+ > Works perfectly with or without Gutenberg
57
+
58
  **Pro Version**
59
 
60
  For advanced protection and awesome features, check out [BBQ Pro](https://plugin-planet.com/bbq-pro/).
134
  Yes, BBQ scans any arrays that are included in the URI request. If any matching patterns are found, the request is blocked.
135
 
136
 
137
+ **My PHP scanner/checker plugin says there is an error?**
138
+
139
+ For example, if your PHP/plugin scanner reports something like, "found `0x3c62723e` which is bad." Normally you would not want to find such bad strings of code, but there is an exception for security plugins. Think about it: in order to block some nasty string, BBQ must _know_ about it. So each bad string that is blocked by BBQ is included in the plugin "blacklist". That means, when some PHP scanner looks at BBQ and finds some known bad strings, it just means that the scanner has discovered BBQ's list of blocked terms. In other words, BBQ contains static strings of non-functional text, in order to match and block malicious requests to your site. I hope this makes sense, feel free to [contact me](https://perishablepress.com/contact/) if I may provide any further infos.
140
+
141
+
142
  **Do I need WordPress to run BBQ?**
143
 
144
  Nope! BBQ is available in the following flavors:
163
 
164
  == Support development of this plugin ==
165
 
166
+ I develop and maintain this free plugin with love for the WordPress community. To show support, you can [make a donation](https://monzillamedia.com/donate.html) or purchase one of my books:
167
 
168
  * [The Tao of WordPress](https://wp-tao.com/)
169
  * [Digging into WordPress](https://digwp.com/)
183
 
184
  == Changelog ==
185
 
186
+ **2018/08/21**
187
+
188
+ * Removes `.tar` from Request URI patterns
189
+ * Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/)
190
+ * Updates GDPR blurb and donate link
191
+ * Regenerates default translation template
192
+ * Further tests on WP 4.9 and 5.0 (alpha)
193
+
194
  **2018/05/11**
195
 
196
  * Adds `xrumer` to blocked query strings and request URIs