BBQ: Block Bad Queries - Version 20220517

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20220517
Comparing to
See all releases

Code changes from version 20220122 to 20220517

Files changed (2) hide show
  1. block-bad-queries.php +5 -5
  2. readme.txt +8 -3
block-bad-queries.php CHANGED
@@ -9,9 +9,9 @@
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.6
12
- Tested up to: 5.9
13
- Stable tag: 20220122
14
- Version: 20220122
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -37,14 +37,14 @@
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20220122');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
44
 
45
  function bbq_core() {
46
 
47
- $request_uri_array = apply_filters('request_uri_items', array('\/\.env', '\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\*(.*)\*\/', '\+\+\+', '\{0\}', '0x00', '%00', '\(\/\(', '(\/|;|=|,)nt\.', '@eval', 'eval\(', 'union(.*)select', '\(null\)', 'base64_', '(\/|%2f)localhost', '(\/|%2f)pingserver', 'wp-config\.php', '(\/|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.inc', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', '\/(db|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.*)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(\/)?$', '((curl_|shell_)?exec|(f|p)open|function|fwrite|leak|p?fsockopen|passthru|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|system)(.*)(\()(.*)(\))', '(\/)(^$|0day|c99|configbak|curltest|db|index\.php\/index|(my)?sql|(php|web)?shell|php-?info|temp00|vuln|webconfig)(\.php)'));
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(<|>|\'|")(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|request|script|select|set|union|update)'));
50
 
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.6
12
+ Tested up to: 6.0
13
+ Stable tag: 20220517
14
+ Version: 20220517
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20220517');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
44
 
45
  function bbq_core() {
46
 
47
+ $request_uri_array = apply_filters('request_uri_items', array('\/\.env', '\s', '<', '>', '\^', '`', '@@', '\?\?', '\/&&', '\\', '\/=', '\/:\/', '\/\/\/', '\.\.\.', '\/\*(.*)\*\/', '\+\+\+', '\{0\}', '0x00', '%00', '\(\/\(', '(\/|;|=|,)nt\.', '@eval', 'eval\(', 'union(.*)select', '\(null\)', 'base64_', '(\/|%2f)localhost', '(\/|%2f)pingserver', 'wp-config\.php', '(\/|\.)(s?ftp-?)?conf(ig)?(uration)?\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https:', '\/http:', '\/ftp:', '\/file:', '\/php:', '\/cgi\/', '\.asp', '\.bak', '\.bash', '\.bat', '\.cfg', '\.cgi', '\.cmd', '\.conf', '\.db', '\.dll', '\.ds_store', '\.exe', '\/\.git', '\.hta', '\.htp', '\.init?', '\.jsp', '\.mysql', '\.pass', '\.pwd', '\.sql', '\/\.svn', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', '\/(db|mysql)-?admin', '\/document_root', '\/error_log', 'indoxploi', '\/sqlpatch', 'xrumer', 'www\.(.*)\.cn', '%3Cscript', '\/vbforum(\/)?', '\/vbulletin(\/)?', '\{\$itemURL\}', '(\/bin\/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(\/)?$', '((curl_|shell_)?exec|(f|p)open|function|fwrite|leak|p?fsockopen|passthru|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|system)(.*)(\()(.*)(\))', '(\/)(^$|0day|c99|configbak|curltest|db|index\.php\/index|(my)?sql|(php|web)?shell|php-?info|temp00|vuln|webconfig)(\.php)'));
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(<|>|\'|")(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|request|script|select|set|union|update)'));
50
 
readme.txt CHANGED
@@ -9,9 +9,9 @@ Author URI: https://plugin-planet.com/
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.6
12
- Tested up to: 5.9
13
- Stable tag: 20220122
14
- Version: 20220122
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -252,6 +252,11 @@ Links, tweets and likes also appreciated. Thank you! :)
252
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
253
 
254
 
 
 
 
 
 
255
  **2022/01/22**
256
 
257
  * Disables POST data scanning by default
9
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.6
12
+ Tested up to: 6.0
13
+ Stable tag: 20220517
14
+ Version: 20220517
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
252
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
253
 
254
 
255
+ **2022/05/17**
256
+
257
+ * Removes `.inc` from firewall patterns
258
+ * Tests on WordPress 6.0
259
+
260
  **2022/01/22**
261
 
262
  * Disables POST data scanning by default