Version Description
- Bug Fix: Roll back public-key signed request support
Download this release
Release Info
Developer | layotte |
Plugin | iThemes Sync |
Version | 2.1.4.1 |
Comparing to | |
See all releases |
Code changes from version 2.1.4 to 2.1.4.1
- functions.php +0 -50
- history.txt +3 -1
- init.php +1 -1
- lang/ithemes-sync.pot +2 -2
- readme.txt +4 -1
- request-handler.php +0 -41
functions.php
CHANGED
@@ -1030,54 +1030,4 @@ class Ithemes_Sync_Functions {
|
|
1030 |
return false;
|
1031 |
}
|
1032 |
|
1033 |
-
/**
|
1034 |
-
* Checks if sodium library and methods we use are available
|
1035 |
-
* Also checks if sodium is fast enough on this system
|
1036 |
-
* If available: include the compatiability layer, core utilities, and Base64 UrlSafe classes
|
1037 |
-
*
|
1038 |
-
* @return bool
|
1039 |
-
*/
|
1040 |
-
public static function is_sodium_available() {
|
1041 |
-
$requiredFiles = array(
|
1042 |
-
'wp-includes/sodium_compat/src/Compat.php',
|
1043 |
-
'wp-includes/sodium_compat/src/Core/Base64/UrlSafe.php',
|
1044 |
-
'wp-includes/sodium_compat/src/Core/Util.php'
|
1045 |
-
);
|
1046 |
-
|
1047 |
-
foreach ( $requiredFiles as $file ) {
|
1048 |
-
if ( file_exists( ABSPATH . $file ) ) {
|
1049 |
-
require_once( ABSPATH . $file );
|
1050 |
-
} else {
|
1051 |
-
return false;
|
1052 |
-
}
|
1053 |
-
}
|
1054 |
-
|
1055 |
-
// Check for a edge-case affecting PHP Maths abilities
|
1056 |
-
// Sodium_Compat isn't compatible with PHP 7.2.0~7.2.2 due to a bug in the PHP Opcache extension, bail early as it'll fail.
|
1057 |
-
if (
|
1058 |
-
! extension_loaded( 'sodium' ) &&
|
1059 |
-
in_array( PHP_VERSION_ID, [ 70200, 70201, 70202 ], true ) &&
|
1060 |
-
extension_loaded( 'opcache' )
|
1061 |
-
) {
|
1062 |
-
return false;
|
1063 |
-
}
|
1064 |
-
|
1065 |
-
// Verify runtime speed of Sodium_Compat is acceptable.
|
1066 |
-
if ( ! extension_loaded( 'sodium' ) && ! ParagonIE_Sodium_Compat::polyfill_is_fast() ) {
|
1067 |
-
|
1068 |
-
// Allow for an old version of Sodium_Compat being loaded before the bundled WordPress one.
|
1069 |
-
if ( method_exists( 'ParagonIE_Sodium_Compat', 'runtime_speed_test' ) ) {
|
1070 |
-
// Run `ParagonIE_Sodium_Compat::runtime_speed_test()` in optimized integer mode, as that's what is used for signing verifications.
|
1071 |
-
$old_fastMult = ParagonIE_Sodium_Compat::$fastMult;
|
1072 |
-
ParagonIE_Sodium_Compat::$fastMult = true;
|
1073 |
-
$sodium_compat_is_fast = ParagonIE_Sodium_Compat::runtime_speed_test( 100, 10 );
|
1074 |
-
ParagonIE_Sodium_Compat::$fastMult = $old_fastMult;
|
1075 |
-
|
1076 |
-
return $sodium_compat_is_fast;
|
1077 |
-
}
|
1078 |
-
|
1079 |
-
}
|
1080 |
-
|
1081 |
-
return true;
|
1082 |
-
}
|
1083 |
}
|
1030 |
return false;
|
1031 |
}
|
1032 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1033 |
}
|
history.txt
CHANGED
@@ -229,4 +229,6 @@
|
|
229 |
2.1.3.1 - 2020-02-18 - Lew Ayotte
|
230 |
Forgot to update the stable tag from last update
|
231 |
2.1.4 - 2020-03-16 - Josh Oakes
|
232 |
-
Enhancement: Added support for public-key signed requests to the plugin
|
|
|
|
229 |
2.1.3.1 - 2020-02-18 - Lew Ayotte
|
230 |
Forgot to update the stable tag from last update
|
231 |
2.1.4 - 2020-03-16 - Josh Oakes
|
232 |
+
Enhancement: Added support for public-key signed requests to the plugin
|
233 |
+
2.1.4.1 - 2020-03-17 - Josh Oakes
|
234 |
+
Bug Fix: Roll back public-key signed request support
|
init.php
CHANGED
@@ -4,7 +4,7 @@ Plugin Name: iThemes Sync
|
|
4 |
Plugin URI: http://ithemes.com/sync
|
5 |
Description: Manage updates to your WordPress sites easily in one place.
|
6 |
Author: iThemes
|
7 |
-
Version: 2.1.4
|
8 |
Author URI: http://ithemes.com/
|
9 |
Domain Path: /lang/
|
10 |
iThemes Package: ithemes-sync
|
4 |
Plugin URI: http://ithemes.com/sync
|
5 |
Description: Manage updates to your WordPress sites easily in one place.
|
6 |
Author: iThemes
|
7 |
+
Version: 2.1.4.1
|
8 |
Author URI: http://ithemes.com/
|
9 |
Domain Path: /lang/
|
10 |
iThemes Package: ithemes-sync
|
lang/ithemes-sync.pot
CHANGED
@@ -2,9 +2,9 @@
|
|
2 |
# This file is distributed under the same license as the iThemes Sync package.
|
3 |
msgid ""
|
4 |
msgstr ""
|
5 |
-
"Project-Id-Version: iThemes Sync 2.1.4\n"
|
6 |
"Report-Msgid-Bugs-To: http://ithemes.com/support/\n"
|
7 |
-
"POT-Creation-Date: 2020-03-
|
8 |
"PO-Revision-Date: 2020-MO-DA HO:MI+ZONE\n"
|
9 |
"MIME-Version: 1.0\n"
|
10 |
"Content-Type: text/plain; charset=UTF-8\n"
|
2 |
# This file is distributed under the same license as the iThemes Sync package.
|
3 |
msgid ""
|
4 |
msgstr ""
|
5 |
+
"Project-Id-Version: iThemes Sync 2.1.4.1\n"
|
6 |
"Report-Msgid-Bugs-To: http://ithemes.com/support/\n"
|
7 |
+
"POT-Creation-Date: 2020-03-18 14:28:37+00:00\n"
|
8 |
"PO-Revision-Date: 2020-MO-DA HO:MI+ZONE\n"
|
9 |
"MIME-Version: 1.0\n"
|
10 |
"Content-Type: text/plain; charset=UTF-8\n"
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: manage multiple Sites, backup, security, migrate, SEO, manage updates, adm
|
|
4 |
Requires at least: 4.5
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.4
|
7 |
-
Stable tag: 2.1.4
|
8 |
License: GPLv3 or later
|
9 |
License URI: http://www.gnu.org/licenses/quick-guide-gplv3.html
|
10 |
|
@@ -87,6 +87,9 @@ Make steady, reliable income for WordPress maintenance with iThemes Sync Pro’s
|
|
87 |
|
88 |
== Changelog ==
|
89 |
|
|
|
|
|
|
|
90 |
= 2.1.4 =
|
91 |
* Enhancement: Added support for public-key signed requests to the plugin
|
92 |
|
4 |
Requires at least: 4.5
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.4
|
7 |
+
Stable tag: 2.1.4.1
|
8 |
License: GPLv3 or later
|
9 |
License URI: http://www.gnu.org/licenses/quick-guide-gplv3.html
|
10 |
|
87 |
|
88 |
== Changelog ==
|
89 |
|
90 |
+
= 2.1.4.1 =
|
91 |
+
* Bug Fix: Roll back public-key signed request support
|
92 |
+
|
93 |
= 2.1.4 =
|
94 |
* Enhancement: Added support for public-key signed requests to the plugin
|
95 |
|
request-handler.php
CHANGED
@@ -61,25 +61,6 @@ class Ithemes_Sync_Request_Handler {
|
|
61 |
|
62 |
$request = $_POST['request'];
|
63 |
|
64 |
-
if ( !empty( $_POST['signature'] ) ) {
|
65 |
-
|
66 |
-
// Append success and failures to response
|
67 |
-
$sodium_available = Ithemes_Sync_Functions::is_sodium_available();
|
68 |
-
|
69 |
-
if ( $sodium_available && ! $this->verify_request_signature( $request, $_POST['signature'] ) ) {
|
70 |
-
// Sodium is available and verification failed
|
71 |
-
do_action( 'ithemes-sync-add-log', 'signature-verification', array( 'available' => true, 'verified' => false ) );
|
72 |
-
|
73 |
-
// $this->send_response( new WP_Error( 'request-signature-invalid', 'The request signature could not be verified' ) );
|
74 |
-
} elseif ( $sodium_available ) {
|
75 |
-
// Sodium available and signature was verified
|
76 |
-
do_action( 'ithemes-sync-add-log', 'signature-verification', array( 'available' => true, 'verified' => true ) );
|
77 |
-
} else {
|
78 |
-
// Sodium is not available
|
79 |
-
do_action( 'ithemes-sync-add-log', 'signature-verification', array( 'available' => false, 'verified' => false ) );
|
80 |
-
}
|
81 |
-
}
|
82 |
-
|
83 |
if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
|
84 |
$request = stripslashes( $request );
|
85 |
}
|
@@ -480,28 +461,6 @@ class Ithemes_Sync_Request_Handler {
|
|
480 |
return $json;
|
481 |
}
|
482 |
|
483 |
-
/**
|
484 |
-
* Determine if signature supplied in the request can be verified using the public key
|
485 |
-
*
|
486 |
-
* @param $request
|
487 |
-
* @param $signature
|
488 |
-
*
|
489 |
-
* @return bool
|
490 |
-
*/
|
491 |
-
private function verify_request_signature( $request, $signature ) {
|
492 |
-
|
493 |
-
try {
|
494 |
-
|
495 |
-
$public_key = sodium_base642bin( file_get_contents( $GLOBALS['ithemes_sync_path'] . '/public.key' ), 5 );
|
496 |
-
$signature = sodium_base642bin( $signature, 5 );
|
497 |
-
|
498 |
-
} catch ( Exception $e ) {
|
499 |
-
return false;
|
500 |
-
}
|
501 |
-
|
502 |
-
return sodium_crypto_sign_verify_detached( $signature, $request, $public_key );
|
503 |
-
}
|
504 |
-
|
505 |
}
|
506 |
|
507 |
new Ithemes_Sync_Request_Handler();
|
61 |
|
62 |
$request = $_POST['request'];
|
63 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
64 |
if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
|
65 |
$request = stripslashes( $request );
|
66 |
}
|
461 |
return $json;
|
462 |
}
|
463 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
464 |
}
|
465 |
|
466 |
new Ithemes_Sync_Request_Handler();
|