iQ Block Country - Version 1.2.15

Version Description

Change: A lot of internal code changes to make it more in line of WordPress Best Practices
- Change: Added Privacy Policy of GeoIP API / Admin API Key
- Change: Added Terms of Use / Privacy Policy Of MaxMind

Release Info

Developer	iqpascal
Plugin	iQ Block Country
Version	1.2.15
Comparing to
See all releases

Code changes from version 1.2.14 to 1.2.15

Files changed (6) hide show

iq-block-country.php +24 -53
libs/blockcountry-checks.php +7 -7
libs/blockcountry-logging.php +3 -3
libs/blockcountry-settings.php +24 -26
libs/blockcountry-validation.php +16 -12
readme.txt +54 -5

iq-block-country.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: iQ Block Country
4	Plugin URI: https://webence.nl/plugins/iq-block-country-the-wordpress-plugin-that-blocks-countries-for-you/
5	- Version: 1.2.14
6	Author: Pascal
7	Author URI: https://webence.nl/
8	Description: Block visitors from visiting your website and backend website based on which country their IP address is from. The Maxmind GeoIP lite database is used for looking up from which country an ip address is from.
	@@ -86,63 +86,35 @@ function iqblockcountry_get_ipaddress()
86	global $iqbc_ip_address;
87
88	$iqbc_server_address = "";
89	- if(isset($_SERVER['SERVER_ADDR']) && (filter_var($_SERVER['SERVER_ADDR'],FILTER_VALIDATE_IP))) {
90	- $iqbc_server_address = $_SERVER['~~SERVER_ADDR~~'];
91	- } elseif(array_key_exists('LOCAL_ADDR', $_SERVER) && (filter_var($_SERVER['LOCAL_ADDR'],FILTER_VALIDATE_IP))) {
92	- $iqbc_server_address = $_SERVER['LOCAL_ADDR'];
93	- }
94
95	- if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'],FILTER_VALIDATE_IP) ~~) {~~
96	- $iqbc_ip_address = $_SERVER['~~HTTP_CF_CONNECTING_IP~~'];
97	- }
98	- elseif (isset($_SERVER['~~HTTP_X_REAL_IP~~']) && filter_var($_SERVER['~~HTTP_X_REAL_IP~~'],FILTER_VALIDATE_IP) ~~) {~~
99	- $iqbc_ip_address = $_SERVER['~~HTTP_X_REAL_IP~~'];
100	- }
101	- elseif (isset($_SERVER['~~HTTP_X_SUCURI_CLIENTIP~~']) && filter_var($_SERVER['~~HTTP_X_SUCURI_CLIENTIP~~'],FILTER_VALIDATE_IP) ~~) {~~
102	- $iqbc_ip_address = $_SERVER['~~HTTP_X_SUCURI_CLIENTIP~~'];
103	- }
104	- elseif (isset($_SERVER['HTTP_INCAP_CLIENT_IP']) && filter_var($_SERVER['HTTP_INCAP_CLIENT_IP'],FILTER_VALIDATE_IP) ) {
105	- $iqbc_ip_address = $_SERVER['HTTP_INCAP_CLIENT_IP'];
106	- }
107	- elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],FILTER_VALIDATE_IP)) {
108	- $iqbc_ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
109	- }
110	- elseif (isset($_SERVER['HTTP_X_FORWARDED']) && filter_var($_SERVER['HTTP_X_FORWARDED'],FILTER_VALIDATE_IP)) {
111	- $iqbc_ip_address = $_SERVER['HTTP_X_FORWARDED'];
112	- }
113	- elseif (isset($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'],FILTER_VALIDATE_IP) ) {
114	- $iqbc_ip_address = $_SERVER['HTTP_CLIENT_IP'];
115	- }
116	- elseif (isset($_SERVER['HTTP_FORWARDED']) && filter_var($_SERVER['HTTP_FORWARDED'],FILTER_VALIDATE_IP)) {
117	- $iqbc_ip_address = $_SERVER['HTTP_FORWARDED'];
118	- }
119	- elseif (isset($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP) ) {
120	- $iqbc_ip_address = $_SERVER['REMOTE_ADDR'];
121	- }
122
123	$iqbc_ipoverride = get_option('blockcountry_ipoverride');
124	if (isset($iqbc_ipoverride) && (!empty($iqbc_ipoverride) && ($iqbc_ipoverride != "NONE") )) {
125	if (isset($_SERVER[$iqbc_ipoverride]) && !empty($_SERVER[$iqbc_ipoverride])) {
126	- if (iqblockcountry_is_valid_ipv4($_SERVER[$iqbc_ipoverride]) \|\| iqblockcountry_is_valid_ipv6($_SERVER[$iqbc_ipoverride])) {
127	- $iqbc_ip_address = $_SERVER[$iqbc_ipoverride];
128	- }
129	}
130	}
131	-
132	// Get first ip if ip_address contains multiple addresses
133	$iqbc_ips = explode(',', $iqbc_ip_address);
134
135	if (iqblockcountry_is_valid_ipv4(trim($iqbc_ips[0])) \|\| iqblockcountry_is_valid_ipv6(trim($iqbc_ips[0]))) {
136	- $iqbc_ip_address = ~~trim~~($iqbc_ips[0]);
137	}
138	if ($iqbc_ip_address == $iqbc_server_address) {
139	- if (isset($_SERVER['REMOTE_ADDR']) && ~~!empty~~($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP) ~~) {~~
140	- $iqbc_ip_address = ~~$_SERVER['REMOTE_ADDR']~~;
141	- }
142	- else
143	- {
144	- $iqbc_ip_address = "0.0.0.0";
145	- }
146
147	}
148	return $iqbc_ip_address;
	@@ -156,13 +128,12 @@ function iqblockcountry_upgrade()
156	update_option('blockcountry_version', IQDBVERSION);
157
158	if ($iqbc_dbversion != "" && version_compare($iqbc_dbversion, "1.2.10", '<') ) {
159	- iqblockcountry_find_geoip_location();
160	$iqbc_server_addr = "";
161	- if(isset($_SERVER['SERVER_ADDR']) && (~~filter_var(~~$_SERVER['SERVER_ADDR']~~,FILTER_VALIDATE_IP~~))) {
162	- $iqbc_server_addr = $_SERVER['SERVER_ADDR'];
163	- } elseif(array_key_exists('LOCAL_ADDR', $_SERVER) && (~~filter_var(~~$_SERVER['LOCAL_ADDR']~~,FILTER_VALIDATE_IP~~))) {
164	- $iqbc_server_addr = $_SERVER['LOCAL_ADDR'];
165	- }
166
167	if (get_option('blockcountry_backendwhitelist') === false \|\| (get_option('blockcountry_backendwhitelist') == "")) { update_option('blockcountry_backendwhitelist', $iqbc_server_addr . ";");
168	}
	@@ -242,7 +213,7 @@ iqblockcountry_get_blockallowlist();
242
243	if (isset($_POST['iqbc_action'])) {
244
245	- $iqbc_iqaction = ~~filter_var~~($_POST['iqbc_action']~~, FILTER_SANITIZE_STRING~~);
246	if ($iqbc_iqaction == 'iqbc_csvoutput') {
247	if(!function_exists('is_user_logged_in')) {
248	include ABSPATH . "wp-includes/pluggable.php";
	@@ -259,7 +230,7 @@ if (isset($_POST['iqbc_action'])) {
259	{
260	$iqbc_datetime = strtotime($iqbc_row->datetime);
261	$iqbc_mysqldate = date($iqbc_format, $iqbc_datetime);
262	- $iqbc_output .= '"' . $iqbc_mysqldate . '"' . ';"' . $iqbc_row->ipaddress . '";"' . $iqbc_row->url . '"'. "\n";
263	}
264	$iqbc_iqtempvalue = preg_replace("/[^A-Za-z0-9]/", "", get_bloginfo());
265	$iqbc_filename = $iqbc_iqtempvalue . "-iqblockcountry-logging-export.csv";


2	/*
3	Plugin Name: iQ Block Country
4	Plugin URI: https://webence.nl/plugins/iq-block-country-the-wordpress-plugin-that-blocks-countries-for-you/
5	+ Version: 1.2.15
6	Author: Pascal
7	Author URI: https://webence.nl/
8	Description: Block visitors from visiting your website and backend website based on which country their IP address is from. The Maxmind GeoIP lite database is used for looking up from which country an ip address is from.

86	global $iqbc_ip_address;
87
88	$iqbc_server_address = "";
89	+ if(isset($_SERVER['SERVER_ADDR']) && (rest_is_ip_address($_SERVER['SERVER_ADDR']))) { $iqbc_server_address = filter_var($_SERVER['SERVER_ADDR'],FILTER_VALIDATE_IP); }
90	+ elseif(array_key_exists('LOCAL_ADDR', $_SERVER) && (rest_is_ip_address($_SERVER['LOCAL_ADDR']))) { $iqbc_server_address = filter_var($_SERVER['LOCAL_ADDR'],FILTER_VALIDATE_IP); }



91
92	+ if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && rest_is_ip_address($_SERVER['HTTP_CF_CONNECTING_IP'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_CF_CONNECTING_IP'],FILTER_VALIDATE_IP); }
93	+ elseif (isset($_SERVER['HTTP_X_REAL_IP']) && rest_is_ip_address($_SERVER['HTTP_X_REAL_IP'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_X_REAL_IP'],FILTER_VALIDATE_IP); }
94	+ elseif (isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']) && rest_is_ip_address($_SERVER['HTTP_X_SUCURI_CLIENTIP'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_X_SUCURI_CLIENTIP'],FILTER_VALIDATE_IP); }
95	+ elseif (isset($_SERVER['HTTP_INCAP_CLIENT_IP']) && rest_is_ip_address($_SERVER['HTTP_INCAP_CLIENT_IP'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_INCAP_CLIENT_IP'],FILTER_VALIDATE_IP); }
96	+ elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && rest_is_ip_address($_SERVER['HTTP_X_FORWARDED_FOR'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],FILTER_VALIDATE_IP); }
97	+ elseif (isset($_SERVER['HTTP_X_FORWARDED']) && rest_is_ip_address($_SERVER['HTTP_X_FORWARDED'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_X_FORWARDED'],FILTER_VALIDATE_IP); }
98	+ elseif (isset($_SERVER['HTTP_CLIENT_IP']) && rest_is_ip_address($_SERVER['HTTP_CLIENT_IP'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_CLIENT_IP'],FILTER_VALIDATE_IP); }
99	+ elseif (isset($_SERVER['HTTP_FORWARDED']) && rest_is_ip_address($_SERVER['HTTP_FORWARDED'])) { $iqbc_ip_address = filter_var($_SERVER['HTTP_FORWARDED'],FILTER_VALIDATE_IP); }
100	+ elseif (isset($_SERVER['REMOTE_ADDR']) && rest_is_ip_address($_SERVER['REMOTE_ADDR'])) { $iqbc_ip_address = filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP); }


















101
102	$iqbc_ipoverride = get_option('blockcountry_ipoverride');
103	if (isset($iqbc_ipoverride) && (!empty($iqbc_ipoverride) && ($iqbc_ipoverride != "NONE") )) {
104	if (isset($_SERVER[$iqbc_ipoverride]) && !empty($_SERVER[$iqbc_ipoverride])) {
105	+ if (iqblockcountry_is_valid_ipv4($_SERVER[$iqbc_ipoverride]) \|\| iqblockcountry_is_valid_ipv6($_SERVER[$iqbc_ipoverride])) { $iqbc_ip_address = filter_var($_SERVER[$iqbc_ipoverride],FILTER_VALIDATE_IP);}


106	}
107	}
108	+
109	// Get first ip if ip_address contains multiple addresses
110	$iqbc_ips = explode(',', $iqbc_ip_address);
111
112	if (iqblockcountry_is_valid_ipv4(trim($iqbc_ips[0])) \|\| iqblockcountry_is_valid_ipv6(trim($iqbc_ips[0]))) {
113	+ $iqbc_ip_address = filter_var($iqbc_ips[0],FILTER_VALIDATE_IP);
114	}
115	if ($iqbc_ip_address == $iqbc_server_address) {
116	+ if (isset($_SERVER['REMOTE_ADDR']) && rest_is_ip_address($_SERVER['REMOTE_ADDR']) ) { $iqbc_ip_address = filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP); }
117	+ else { $iqbc_ip_address = "0.0.0.0"; }





118
119	}
120	return $iqbc_ip_address;

128	update_option('blockcountry_version', IQDBVERSION);
129
130	if ($iqbc_dbversion != "" && version_compare($iqbc_dbversion, "1.2.10", '<') ) {

131	$iqbc_server_addr = "";
132	+ if( isset( $_SERVER['SERVER_ADDR']) && rest_is_ip_address( $_SERVER['SERVER_ADDR'] ) ) {
133	+ $iqbc_server_addr = filter_var($_SERVER['SERVER_ADDR'],FILTER_VALIDATE_IP);
134	+ } elseif( array_key_exists('LOCAL_ADDR', $_SERVER) && rest_is_ip_address( $_SERVER['LOCAL_ADDR'] ) ) {
135	+ $iqbc_server_addr = filter_var($_SERVER['LOCAL_ADDR'],FILTER_VALIDATE_IP);
136	+ }
137
138	if (get_option('blockcountry_backendwhitelist') === false \|\| (get_option('blockcountry_backendwhitelist') == "")) { update_option('blockcountry_backendwhitelist', $iqbc_server_addr . ";");
139	}

213
214	if (isset($_POST['iqbc_action'])) {
215
216	+ $iqbc_iqaction = sanitize_text_field($_POST['iqbc_action']);
217	if ($iqbc_iqaction == 'iqbc_csvoutput') {
218	if(!function_exists('is_user_logged_in')) {
219	include ABSPATH . "wp-includes/pluggable.php";

230	{
231	$iqbc_datetime = strtotime($iqbc_row->datetime);
232	$iqbc_mysqldate = date($iqbc_format, $iqbc_datetime);
233	+ $iqbc_output .= '"' . esc_html($iqbc_mysqldate) . '"' . ';"' . esc_html($iqbc_row->ipaddress) . '";"' . esc_url($iqbc_row->url) . '"'. "\n";
234	}
235	$iqbc_iqtempvalue = preg_replace("/[^A-Za-z0-9]/", "", get_bloginfo());
236	$iqbc_filename = $iqbc_iqtempvalue . "-iqblockcountry-logging-export.csv";

libs/blockcountry-checks.php CHANGED Viewed

	@@ -390,9 +390,9 @@ function iqblockcountry_CheckCountryBackEnd()
390
391
392	$iqbc_blockmessage = get_option('blockcountry_blockmessage');
393	- $iqbc_blockredirect = get_option('blockcountry_redirect');
394	- $iqbc_blockredirect_url = get_option('blockcountry_redirect_url');
395	- $iqbc_header = get_option('blockcountry_header');
396	if (!empty($iqbc_header) && ($iqbc_header)) {
397	// Prevent as much as possible that this error message is cached:
398	header("Cache-Control: no-store, no-cache, must-revalidate");
	@@ -410,7 +410,7 @@ function iqblockcountry_CheckCountryBackEnd()
410	header("Location: $iqbc_redirecturl");
411	}
412	// Display block message
413	- print "$iqbc_blockmessage";
414
415
416	exit();
	@@ -462,8 +462,8 @@ function iqblockcountry_CheckCountryFrontEnd()
462
463
464	$iqbc_blockmessage = get_option('blockcountry_blockmessage');
465	- $iqbc_blockredirect = get_option('blockcountry_redirect');
466	- $iqbc_blockredirect_url = get_option('blockcountry_redirect_url');
467	$iqbc_header = get_option('blockcountry_header');
468	if (!empty($iqbc_header) && ($iqbc_header)) {
469	// Prevent as much as possible that this error message is cached:
	@@ -482,7 +482,7 @@ function iqblockcountry_CheckCountryFrontEnd()
482	header("Location: $iqbc_redirecturl");
483	}
484	// Display block message
485	- print "$iqbc_blockmessage";
486
487	exit();
488	}


390
391
392	$iqbc_blockmessage = get_option('blockcountry_blockmessage');
393	+ $iqbc_blockredirect = esc_url_raw(get_option('blockcountry_redirect'));
394	+ $iqbc_blockredirect_url = esc_url_raw(get_option('blockcountry_redirect_url'));
395	+ $iqbc_header = sanitize_text_field(get_option('blockcountry_header'));
396	if (!empty($iqbc_header) && ($iqbc_header)) {
397	// Prevent as much as possible that this error message is cached:
398	header("Cache-Control: no-store, no-cache, must-revalidate");

410	header("Location: $iqbc_redirecturl");
411	}
412	// Display block message
413	+ print esc_html($iqbc_blockmessage);
414
415
416	exit();

462
463
464	$iqbc_blockmessage = get_option('blockcountry_blockmessage');
465	+ $iqbc_blockredirect = esc_url_raw(get_option('blockcountry_redirect'));
466	+ $iqbc_blockredirect_url = esc_url_raw(get_option('blockcountry_redirect_url'));
467	$iqbc_header = get_option('blockcountry_header');
468	if (!empty($iqbc_header) && ($iqbc_header)) {
469	// Prevent as much as possible that this error message is cached:

482	header("Location: $iqbc_redirecturl");
483	}
484	// Display block message
485	+ print esc_html($iqbc_blockmessage);
486
487	exit();
488	}

libs/blockcountry-logging.php CHANGED Viewed

	@@ -123,7 +123,7 @@ function iqblockcountry_logging($iqbc_ipaddress,$iqbc_country,$iqbc_banned)
123	{
124	global $wpdb;
125
126	- $iqbc_urlRequested = (isset($_SERVER["REQUEST_URI"]) ? ~~htmlspecialchars~~($_SERVER["REQUEST_URI"]) : '/' );
127
128	$iqbc_table_name = $wpdb->prefix . "iqblock_logging";
129	$wpdb->insert($iqbc_table_name, array ('datetime' => current_time('mysql'), 'ipaddress' => $iqbc_ipaddress, 'country' => $iqbc_country, 'banned' => $iqbc_banned,'url' => $iqbc_urlRequested));
	@@ -134,8 +134,8 @@ function iqblockcountry_debug_logging($iqbc_ipaddress,$iqbc_country,$iqbc_banned
134	if (get_option('blockcountry_debuglogging')) {
135	global $wpdb;
136
137	- $iqbc_urlRequested = (isset($_SERVER["REQUEST_URI"]) ? ~~htmlspecialchars~~($_SERVER["REQUEST_URI"]) : '/' );
138	- $iqbc_type = ~~htmlspecialchars($_SERVER['REQUEST_METHOD'])~~;
139
140	$iqbc_table_name = $wpdb->prefix . "iqblock_debug_logging";
141	$wpdb->insert($iqbc_table_name, array ('datetime' => current_time('mysql'), 'ipaddress' => $iqbc_ipaddress, 'type' => $iqbc_type, 'country' => $iqbc_country, 'banned' => $iqbc_banned,'url' => $iqbc_urlRequested));


123	{
124	global $wpdb;
125
126	+ $iqbc_urlRequested = (isset($_SERVER["REQUEST_URI"]) ? esc_url_raw($_SERVER["REQUEST_URI"]) : '/' );
127
128	$iqbc_table_name = $wpdb->prefix . "iqblock_logging";
129	$wpdb->insert($iqbc_table_name, array ('datetime' => current_time('mysql'), 'ipaddress' => $iqbc_ipaddress, 'country' => $iqbc_country, 'banned' => $iqbc_banned,'url' => $iqbc_urlRequested));

134	if (get_option('blockcountry_debuglogging')) {
135	global $wpdb;
136
137	+ $iqbc_urlRequested = (isset($_SERVER["REQUEST_URI"]) ? esc_url_raw($_SERVER["REQUEST_URI"]) : '/' );
138	+ $iqbc_type = "POST";
139
140	$iqbc_table_name = $wpdb->prefix . "iqblock_debug_logging";
141	$wpdb->insert($iqbc_table_name, array ('datetime' => current_time('mysql'), 'ipaddress' => $iqbc_ipaddress, 'type' => $iqbc_type, 'country' => $iqbc_country, 'banned' => $iqbc_banned,'url' => $iqbc_urlRequested));

libs/blockcountry-settings.php CHANGED Viewed

	@@ -163,13 +163,15 @@ function iqblockcountry_set_defaults()
163	$iqbc_countrylist = iqblockcountry_get_isocountries();
164	$iqbc_ip_address = iqblockcountry_get_ipaddress();
165	$usercountry = iqblockcountry_check_ipaddress($iqbc_ip_address);

166	$iqbc_server_addr = "";
167	- if(isset($_SERVER['SERVER_ADDR']) && (~~filter_var(~~$_SERVER['SERVER_ADDR']~~,FILTER_VALIDATE_IP~~))) {
168	- $iqbc_server_addr = $_SERVER['SERVER_ADDR'];
169	- } elseif(array_key_exists('LOCAL_ADDR', $_SERVER) && (~~filter_var(~~$_SERVER['LOCAL_ADDR']~~,FILTER_VALIDATE_IP~~))) {
170	- $iqbc_server_addr = $_SERVER['LOCAL_ADDR'];
171	- }
172

173	if (get_option('blockcountry_blockfrontend') === false) { update_option('blockcountry_blockfrontend', 'on');
174	}
175	if (get_option('blockcountry_blockfeed') === false) { update_option('blockcountry_blockfeed', 'on');
	@@ -201,7 +203,6 @@ function iqblockcountry_set_defaults()
201	}
202	if (get_option('blockcountry_ipoverride') === false) { update_option('blockcountry_ipoverride', 'NONE');
203	}
204	- iqblockcountry_find_geoip_location();
205	}
206
207
	@@ -266,7 +267,7 @@ function iqblockcountry_settings_tools()
266	<h3><?php esc_html_e('Check which country belongs to an IP Address according to the current database.', 'iq-block-country'); ?></h3>
267
268	<form name="ipcheck" action="#ipcheck" method="post">
269	- <input type="hidden" name="~~action~~" value="iqbc_ipcheck" />
270	<input name="iqbc_ipcheck_nonce" type="hidden" value="<?php echo wp_create_nonce('iqbc_ipcheck_nonce'); ?>" />
271	<?php esc_html_e('IP Address to check:', 'iq-block-country'); ?> <input type="text" name="iqbc_ipaddress" lenth="50" />
272	<?php
	@@ -792,15 +793,12 @@ function iqblockcountry_settings_importexport()
792
793	$iqbc_url = $iqbc_dir['url'] . '/' . $iqbc_json_name . '-iqblockcountry.zip';
794	$iqbc_content = "<div class='notice notice-success'><p>" . esc_html("Exporting settings...", 'iq-block-country') . "</p></div>";
795	-
796	- ~~if ($iqbc_url ) {~~
797	- ~~$iqbc_content .= '~~<script ~~type="text/javascript"~~>
798	- document.location = ~~\''~~ . $iqbc_url ~~. '\';~~
799	- </script>';
800	- ~~} else {~~
801	- $iqbc_content .= 'Error: ' . $iqbc_url;
802	- }
803	- echo $iqbc_content;
804	}
805	elseif (isset($_POST['iqbc_import'])) {
806	$iqbc_optarr = iqblockcountry_get_options_arr();
	@@ -889,7 +887,7 @@ function iqblockcountry_settings_pages()
889	$iqbc_selected = "";
890	}
891	}
892	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_pages[]\" value=\"" . $iqbc_page->ID . "\" id=\"" . $iqbc_page->post_title . "\" /> <label for=\"" . $iqbc_page->post_title . "\">" . $iqbc_page->post_title . "</label></li>";
893	}
894	?>
895	</td></tr>
	@@ -944,7 +942,7 @@ function iqblockcountry_settings_categories()
944	$iqbc_selected = "";
945	}
946	}
947	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_categories[]\" value=\"" . $iqbc_category->term_id . "\" id=\"" . $iqbc_category->name . "\" /> <label for=\"" . $iqbc_category->name . "\">" . $iqbc_category->name . "</label></li>";
948	}
949	?>
950	</td></tr>
	@@ -993,7 +991,7 @@ function iqblockcountry_settings_tags()
993	$iqbc_selected = "";
994	}
995	}
996	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_tags[]\" value=\"" . $iqbc_tag->term_id . "\" id=\"" . $iqbc_tag->name . "\" /> <label for=\"" . $iqbc_tag->name . "\">" . $iqbc_tag->name . "</label></li>";
997	}
998	?>
999	</td></tr>
	@@ -1042,7 +1040,7 @@ function iqblockcountry_settings_posttypes()
1042	$iqbc_selected = "";
1043	}
1044	}
1045	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_posttypes[]\" value=\"" . $iqbc_post_type . "\" id=\"" . $iqbc_post_type . "\" /> <label for=\"" . $iqbc_post_type . "\">" . $iqbc_post_type . "</label></li>";
1046	}
1047	?>
1048	</td></tr>
	@@ -1090,7 +1088,7 @@ function iqblockcountry_settings_services()
1090	$iqbc_selected = "";
1091	}
1092	}
1093	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_allowse[]\" value=\"" . $iqbc_se . "\" id=\"" . $iqbc_se . "\" /> <label for=\"" . $iqbc_se . "\">" . $iqbc_se . "</label></li>";
1094	}
1095	?>
1096	</td></tr>
	@@ -1178,7 +1176,7 @@ function iqblockcountry_settings_frontend()
1178	} else {
1179	$iqbc_selected = "";
1180	}
1181	- echo "<li><input type=\"checkbox\" " . $iqbc_selected . " name=\"blockcountry_banlist[]\" value=\"" . esc_html($iqbc_key) . "\" \"/> <label for=\"" . esc_html($iqbc_value) . "\">" . esc_html($iqbc_value) . "</label></li>";
1182	}
1183	echo "</ul>";
1184	}
	@@ -1442,7 +1440,7 @@ function iqblockcountry_settings_home()
1442	echo "<option value=\"0\">". esc_html("Choose a page...", 'iq-block-country') . "</option>";
1443	$iqbc_pages = get_pages();
1444	foreach ( $iqbc_pages as $iqbc_page ) {
1445	- print "<option value=\"$iqbc_page->ID\"";
1446	if ($iqbc_page->ID == $iqbc_haystack) {
1447
1448	print " selected=\"selected\" ";
	@@ -1544,7 +1542,7 @@ function iqblockcountry_settings_home()
1544
1545	<tr valign="top">
1546	<th width="30%"><?php esc_html_e('GeoIP API Key:', 'iq-block-country'); ?><br />
1547	- <em><?php esc_html_e('If for some reason you cannot or do not want to download the MaxMind GeoIP databases you will need an API key for the GeoIP api~~.<br~~ />You can get an API key from: ', 'iq-block-country'); ?> <a href="https://webence.nl/geoip-api/" target="_blank">https://webence.nl/geoip-api/</a></em></th>
1548	</th>
1549	<td width="70%">
1550	<input type="text" size="25" name="blockcountry_geoapikey" value="<?php echo get_option('blockcountry_geoapikey');?>">
	@@ -1566,7 +1564,7 @@ function iqblockcountry_settings_home()
1566	</td></tr>
1567	<tr valign="top">
1568	<th width="30%"><?php esc_html_e('Admin block API Key:', 'iq-block-country'); ?><br />
1569	- <em><?php esc_html_e('For additional security you can protect your backend from known IP addresses who have made hack attempts at other WordPress sites~~.<br~~ />You can get more information and an API key from: ', 'iq-block-country'); ?> <a href="https://webence.nl/admin-block-api/" target="_blank">https://webence.nl/admin-block-api/</a></em></th>
1570	</th>
1571	<td width="70%">
1572	<input type="text" size="25" name="blockcountry_apikey" value="<?php echo get_option('blockcountry_apikey');?>">
	@@ -1780,7 +1778,7 @@ function iqblockcountry_settings_page()
1780
1781
1782	if(isset($_GET[ 'tab' ]) ) {
1783	- $iqbc_active_tab = ~~filter_var~~($_GET[ 'tab' ]~~, FILTER_SANITIZE_STRING~~);
1784	}
1785	else
1786	{


163	$iqbc_countrylist = iqblockcountry_get_isocountries();
164	$iqbc_ip_address = iqblockcountry_get_ipaddress();
165	$usercountry = iqblockcountry_check_ipaddress($iqbc_ip_address);
166	+
167	$iqbc_server_addr = "";
168	+ if( isset( $_SERVER['SERVER_ADDR']) && rest_is_ip_address( $_SERVER['SERVER_ADDR'] ) ) {
169	+ $iqbc_server_addr = filter_var($_SERVER['SERVER_ADDR'],FILTER_VALIDATE_IP);
170	+ } elseif( array_key_exists('LOCAL_ADDR', $_SERVER) && rest_is_ip_address( $_SERVER['LOCAL_ADDR'] ) ) {
171	+ $iqbc_server_addr = filter_var($_SERVER['LOCAL_ADDR'],FILTER_VALIDATE_IP);
172	+ }
173
174	+
175	if (get_option('blockcountry_blockfrontend') === false) { update_option('blockcountry_blockfrontend', 'on');
176	}
177	if (get_option('blockcountry_blockfeed') === false) { update_option('blockcountry_blockfeed', 'on');

203	}
204	if (get_option('blockcountry_ipoverride') === false) { update_option('blockcountry_ipoverride', 'NONE');
205	}

206	}
207
208

267	<h3><?php esc_html_e('Check which country belongs to an IP Address according to the current database.', 'iq-block-country'); ?></h3>
268
269	<form name="ipcheck" action="#ipcheck" method="post">
270	+ <input type="hidden" name="iqbc_action" value="iqbc_ipcheck" />
271	<input name="iqbc_ipcheck_nonce" type="hidden" value="<?php echo wp_create_nonce('iqbc_ipcheck_nonce'); ?>" />
272	<?php esc_html_e('IP Address to check:', 'iq-block-country'); ?> <input type="text" name="iqbc_ipaddress" lenth="50" />
273	<?php

793
794	$iqbc_url = $iqbc_dir['url'] . '/' . $iqbc_json_name . '-iqblockcountry.zip';
795	$iqbc_content = "<div class='notice notice-success'><p>" . esc_html("Exporting settings...", 'iq-block-country') . "</p></div>";
796	+
797	+ ?>
798	+ <script>
799	+ document.location = "<?php echo esc_url_raw($iqbc_url); ?>"
800	+ </script>
801	+ <?php



802	}
803	elseif (isset($_POST['iqbc_import'])) {
804	$iqbc_optarr = iqblockcountry_get_options_arr();

887	$iqbc_selected = "";
888	}
889	}
890	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_pages[]\" value=\"" . esc_html($iqbc_page->ID) . "\" id=\"" . esc_html($iqbc_page->post_title) . "\" /> <label for=\"" . esc_html($iqbc_page->post_title) . "\">" . esc_html($iqbc_page->post_title) . "</label></li>";
891	}
892	?>
893	</td></tr>

942	$iqbc_selected = "";
943	}
944	}
945	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_categories[]\" value=\"" . esc_html($iqbc_category->term_id) . "\" id=\"" . esc_html($iqbc_category->name) . "\" /> <label for=\"" . esc_html($iqbc_category->name) . "\">" . esc_html($iqbc_category->name) . "</label></li>";
946	}
947	?>
948	</td></tr>

991	$iqbc_selected = "";
992	}
993	}
994	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_tags[]\" value=\"" . esc_html($iqbc_tag->term_id) . "\" id=\"" . esc_html($iqbc_tag->name) . "\" /> <label for=\"" . esc_html($iqbc_tag->name) . "\">" . esc_html($iqbc_tag->name) . "</label></li>";
995	}
996	?>
997	</td></tr>

1040	$iqbc_selected = "";
1041	}
1042	}
1043	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_posttypes[]\" value=\"" . esc_html($iqbc_post_type) . "\" id=\"" . esc_html($iqbc_post_type) . "\" /> <label for=\"" . esc_html($iqbc_post_type) . "\">" . esc_html($iqbc_post_type) . "</label></li>";
1044	}
1045	?>
1046	</td></tr>

1088	$iqbc_selected = "";
1089	}
1090	}
1091	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_allowse[]\" value=\"" . esc_html($iqbc_se) . "\" id=\"" . esc_html($iqbc_se) . "\" /> <label for=\"" . esc_html($iqbc_se) . "\">" . esc_html($iqbc_se) . "</label></li>";
1092	}
1093	?>
1094	</td></tr>

1176	} else {
1177	$iqbc_selected = "";
1178	}
1179	+ echo "<li><input type=\"checkbox\" " . esc_html($iqbc_selected) . " name=\"blockcountry_banlist[]\" value=\"" . esc_html($iqbc_key) . "\" \"/> <label for=\"" . esc_html($iqbc_value) . "\">" . esc_html($iqbc_value) . "</label></li>";
1180	}
1181	echo "</ul>";
1182	}

1440	echo "<option value=\"0\">". esc_html("Choose a page...", 'iq-block-country') . "</option>";
1441	$iqbc_pages = get_pages();
1442	foreach ( $iqbc_pages as $iqbc_page ) {
1443	+ print "<option value " . esc_html($iqbc_page->ID) . "\"";
1444	if ($iqbc_page->ID == $iqbc_haystack) {
1445
1446	print " selected=\"selected\" ";

1542
1543	<tr valign="top">
1544	<th width="30%"><?php esc_html_e('GeoIP API Key:', 'iq-block-country'); ?><br />
1545	+ <em><?php esc_html_e('If for some reason you cannot or do not want to download the MaxMind GeoIP databases you will need an API key for the GeoIP api. You can get an API key from: ', 'iq-block-country'); ?> <a href="https://webence.nl/geoip-api/" target="_blank">https://webence.nl/geoip-api/</a></em></th>
1546	</th>
1547	<td width="70%">
1548	<input type="text" size="25" name="blockcountry_geoapikey" value="<?php echo get_option('blockcountry_geoapikey');?>">

1564	</td></tr>
1565	<tr valign="top">
1566	<th width="30%"><?php esc_html_e('Admin block API Key:', 'iq-block-country'); ?><br />
1567	+ <em><?php esc_html_e('For additional security you can protect your backend from known IP addresses who have made hack attempts at other WordPress sites. You can get more information and an API key from: ', 'iq-block-country'); ?> <a href="https://webence.nl/admin-block-api/" target="_blank">https://webence.nl/admin-block-api/</a></em></th>
1568	</th>
1569	<td width="70%">
1570	<input type="text" size="25" name="blockcountry_apikey" value="<?php echo get_option('blockcountry_apikey');?>">

1778
1779
1780	if(isset($_GET[ 'tab' ]) ) {
1781	+ $iqbc_active_tab = sanitize_text_field($_GET[ 'tab' ]);
1782	}
1783	else
1784	{

libs/blockcountry-validation.php CHANGED Viewed

	@@ -93,17 +93,16 @@ function iqblockcountry_validate_ip($iqbc_input)
93	*/
94	function iqblockcountry_check_geoapikey($iqbc_input)
95	{
96	-
97	// Check first if API key is empty....
98	if (!empty($iqbc_input)) {
99

100	$iqbc_url = GEOIPAPICHECKURL;
101	-
102	$iqbc_result = wp_remote_post(
103	$iqbc_url,
104	array(
105	'body' => array(
106	- 'api-key' => $~~iqbc_input~~
107	)
108	)
109	);
	@@ -123,6 +122,7 @@ function iqblockcountry_check_geoapikey($iqbc_input)
123	}
124	else
125	{

126	$iqbc_message = esc_html('Setting saved.', 'iq-block-country');
127	$iqbc_type = "updated";
128	}
	@@ -132,7 +132,7 @@ function iqblockcountry_check_geoapikey($iqbc_input)
132	$iqbc_input = false;
133	}
134	add_settings_error('iqblockcountry_geoipapi_error', esc_attr('settings_updated'), $iqbc_message, $iqbc_type);
135	- return $~~iqbc_input~~;
136	}
137	return "";
138	}
	@@ -145,15 +145,17 @@ function iqblockcountry_check_adminapikey($iqbc_input)
145
146	// Check first if API key is empty....
147	if (!empty($iqbc_input)) {
148	-


149	$iqbc_url = ADMINAPICHECKURL;
150
151	$iqbc_result = wp_remote_post(
152	$iqbc_url,
153	array(
154	'body' => array(
155	- 'api-key' => $~~iqbc_input~~
156	- )
157	)
158	);
159	$iqbc_message = "";
	@@ -180,7 +182,7 @@ function iqblockcountry_check_adminapikey($iqbc_input)
180	$iqbc_input = false;
181	}
182	add_settings_error('iqblockcountry_adminapi_error', esc_attr('settings_updated'), $iqbc_message, $iqbc_type);
183	- return $~~iqbc_input~~;
184	}
185	return "";
186	}
	@@ -189,19 +191,21 @@ function iqblockcountry_check_adminapikey($iqbc_input)
189	/*
190	* Check if GeoIP API key is correct.
191	*/
192	- function iqblockcountry_get_licensedate_geoapikey($~~iqbc_apikey~~)
193	{
194
195	// Check first if API key is empty....
196	- if (!empty($~~iqbc_apikey~~)) {
197	-


198	$iqbc_url = GEOIPAPICHECKURL;
199
200	$iqbc_result = wp_remote_post(
201	$iqbc_url,
202	array(
203	'body' => array(
204	- 'api-key' => $~~iqbc_apikey~~
205	)
206	)
207	);


93	*/
94	function iqblockcountry_check_geoapikey($iqbc_input)
95	{

96	// Check first if API key is empty....
97	if (!empty($iqbc_input)) {
98
99	+ $iqbc_license = filter_var($iqbc_input, FILTER_SANITIZE_STRING);
100	$iqbc_url = GEOIPAPICHECKURL;

101	$iqbc_result = wp_remote_post(
102	$iqbc_url,
103	array(
104	'body' => array(
105	+ 'api-key' => $iqbc_license
106	)
107	)
108	);

122	}
123	else
124	{
125	+ iqblockcountry_find_geoip_location();
126	$iqbc_message = esc_html('Setting saved.', 'iq-block-country');
127	$iqbc_type = "updated";
128	}

132	$iqbc_input = false;
133	}
134	add_settings_error('iqblockcountry_geoipapi_error', esc_attr('settings_updated'), $iqbc_message, $iqbc_type);
135	+ return $iqbc_license;
136	}
137	return "";
138	}

145
146	// Check first if API key is empty....
147	if (!empty($iqbc_input)) {
148	+
149	+ $iqbc_license = filter_var($iqbc_input, FILTER_SANITIZE_STRING);
150	+
151	$iqbc_url = ADMINAPICHECKURL;
152
153	$iqbc_result = wp_remote_post(
154	$iqbc_url,
155	array(
156	'body' => array(
157	+ 'api-key' => $iqbc_license
158	+ )
159	)
160	);
161	$iqbc_message = "";

182	$iqbc_input = false;
183	}
184	add_settings_error('iqblockcountry_adminapi_error', esc_attr('settings_updated'), $iqbc_message, $iqbc_type);
185	+ return $iqbc_license;
186	}
187	return "";
188	}

191	/*
192	* Check if GeoIP API key is correct.
193	*/
194	+ function iqblockcountry_get_licensedate_geoapikey($iqbc_input)
195	{
196
197	// Check first if API key is empty....
198	+ if (!empty($iqbc_input)) {
199	+
200	+ $iqbc_license = filter_var($iqbc_input, FILTER_SANITIZE_STRING);
201	+
202	$iqbc_url = GEOIPAPICHECKURL;
203
204	$iqbc_result = wp_remote_post(
205	$iqbc_url,
206	array(
207	'body' => array(
208	+ 'api-key' => $iqbc_license
209	)
210	)
211	);

readme.txt CHANGED Viewed

@@ -4,7 +4,7 @@ Donate link: https://webence.nl/plugins/donate
             Tags: spam, block, country, comments, ban, geo, geo blocking, geo ip, block country, block countries, ban countries, ban country, allow list, block list, security
             Requires at least: 3.5.2
             Tested up to: 6.0
-            -
            Stable tag: 1.2.14
             License: GPLv2 or later
             License URI: http://www.gnu.org/licenses/gpl-2.0.html
             Requires PHP: 7.0
@@ -60,6 +60,8 @@ Data which is stored on non blocked visitors:
             If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.
             = Using this plugin with a caching plugin =
              Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.
@@ -234,15 +236,62 @@ As the basic rule is to block all and every post you have to configure this in a
             = Is the new GeoIP2 database format supported? =
-            -
            Yes since v1.2.0 the new GeoIP2 Country database is supported. For now the old GeoIP lite database will also still be supported.
-            -
            These databases are however not updated anymore by MaxMind. If you have the new database and the old database the new one will
-            -
            be used.
             == Changelog ==
-            -
            = 1.2.14 =
              * Change: A lot of internal code changes to make it more in line of WordPress Best Practices
             = 1.2.13 =


4	Tags: spam, block, country, comments, ban, geo, geo blocking, geo ip, block country, block countries, ban countries, ban country, allow list, block list, security
5	Requires at least: 3.5.2
6	Tested up to: 6.0
7	+ Stable tag: 1.2.15
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10	Requires PHP: 7.0

60
61	If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.
62
63	+ If you use the GeoIP API service you send the IP address of your visitor to one of our servers. This IP Address is however in no way stored at our servers and only used to convert it to a country id.
64	+
65	= Using this plugin with a caching plugin =
66
67	Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.

236
237	= Is the new GeoIP2 database format supported? =
238
239	+ Yes since v1.2.0 the new GeoIP2 Country database is supported.
240	+
241	+ == GeoIP API ==
242	+
243	+ For your convenience we offer a GeoIP API service. This API is not mandatory to use as you can always use the free MaxMind GeoIP Database.
244	+
245	+ If you do not want or can't go through the hassle of updating your MaxMind GeoIP database we provide an API service to convert the IP address of your visitors to a country.
246	+
247	+ If you decide to purchase an GeoIP API Key via https://webence.nl/geoip-api/ you'll get an eMail with your API Key (License Key).
248	+ Once you enter this key in your iQ Block Country settings your license key will be validated at our API service and a the nearest API server to you will be chosen. To do this your website will contact all API servers once to request
249	+ an empty file.
250	+
251	+ Once you use the API service the IP address of your visitors and your API key are send to one of the API servers and converted to a country. The plugin checks if the visitor should be blocked based on that country or not.
252	+
253	+ What is logged on our end?
254	+ * Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).
255	+ * Upon checking an IP address of your visitor this IP address is only used to convert it to the country it belongs to and is not logged. We have no way to link a visitors IP address to your website.
256	+ What is logged is your API Key and the Website URL making the request.
257	+
258	+ If you decide to purchase the GeoIP API key your PayPal account will be charged by PayPal on a yearly basis. If you want to cancel your subscription you can cancel the subscription at the PayPal website.
259	+ If no payments are made by PayPal your API key will automatically expire.
260	+
261	+ Privacy policy regarding this service specific can be found here: https://webence.nl/wp-content/uploads/2022/06/Privacy-Policy-Webence-API.pdf
262	+
263	+ == MaxMind Database Usage ==
264	+
265	+ This plugin uses the Free version of the MaxMind GeoIP2 Country Database. You can also use the paid version but will have to make sure it is uploaded to the same location with the filename of Free database.
266	+
267	+ MaxMind Terms of Use: https://www.maxmind.com/en/terms-of-use
268	+ MaxMind Privacy Policy: https://www.maxmind.com/en/privacy-policy
269	+
270	+ == Admin Block API ==
271	+
272	+ For some extra protection we offer the Admin Block API Key. This contains a list of known IP addresses that have visited various WordPress backends in the past month and were blocked.
273	+
274	+ If you decide to purchase an Admin Block API Key via https://webence.nl/admin-block-api/ you'll get an eMail with your API Key (License Key).
275	+
276	+ If you decide to purchase an Admin Block API Key all visitors of your backend will be matched against this list and even if the visitor is from a country that is not blocked they will be blocked if the IP address is on the Admin Block List.
277	+
278	+ What is logged on our end?
279	+ * Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).
280	+ * Upon retrieving the updated blocklist (multiple times a day) this request is logged in our webserver logs (This will be the IP address of your webserver).
281	+
282	+ Privacy policy regarding this service specific can be found here: https://webence.nl/wp-content/uploads/2022/06/Privacy-Policy-Webence-API.pdf
283
284
285	== Changelog ==
286
287	+ = 1.2.15 =
288	* Change: A lot of internal code changes to make it more in line of WordPress Best Practices
289	+ * Change: Added Privacy Policy of GeoIP API / Admin API Key
290	+ * Change: Added Terms of Use / Privacy Policy Of MaxMind
291	+
292	+ = 1.2.14 =
293	+
294	+ * Unreleased version
295
296	= 1.2.13 =
297