Limit Login Attempts Reloaded - Version 2.7.1

Version Description

  • A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
Download this release

Release Info

Developer wpchefgadget
Plugin Icon 128x128 Limit Login Attempts Reloaded
Version 2.7.1
Comparing to
See all releases

Code changes from version 2.7.0 to 2.7.1

Files changed (4) hide show
  1. core/LimitLoginAttempts.php +3 -2
  2. limit-login-attempts-reloaded.php +1 -1
  3. readme.txt +5 -2
  4. views/options-page.php +7 -7
core/LimitLoginAttempts.php CHANGED
@@ -1037,10 +1037,10 @@ class Limit_Login_Attempts
1037
  */
1038
  public function get_address() {
1039
 
1040
- if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
1041
  $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
1042
 
1043
- elseif ( !empty( $_SERVER['HTTP_X_SUCURI_CLIENTIP'] ) )
1044
  $ip = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
1045
 
1046
  elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
@@ -1050,6 +1050,7 @@ class Limit_Login_Attempts
1050
  $ip = '';
1051
 
1052
  $ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
 
1053
  return $ip;
1054
  }
1055
 
1037
  */
1038
  public function get_address() {
1039
 
1040
+ if ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && filter_var( $_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP ) )
1041
  $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
1042
 
1043
+ elseif ( !empty( $_SERVER['HTTP_X_SUCURI_CLIENTIP'] ) && filter_var( $_SERVER['HTTP_X_SUCURI_CLIENTIP'], FILTER_VALIDATE_IP ) )
1044
  $ip = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
1045
 
1046
  elseif ( isset( $_SERVER['REMOTE_ADDR'] ) )
1050
  $ip = '';
1051
 
1052
  $ip = preg_replace('/^(\d+\.\d+\.\d+\.\d+):\d+$/', '\1', $ip);
1053
+
1054
  return $ip;
1055
  }
1056
 
limit-login-attempts-reloaded.php CHANGED
@@ -4,7 +4,7 @@
4
  Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
5
  Author: wpchefgadget
6
  Text Domain: limit-login-attempts-reloaded
7
- Version: 2.7.0
8
 
9
  Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
10
 
4
  Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
5
  Author: wpchefgadget
6
  Text Domain: limit-login-attempts-reloaded
7
+ Version: 2.7.1
8
 
9
  Copyright 2008 - 2012 Johan Eenfeldt, 2016 - 2017 WPChef
10
 
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: wpchefgadget
3
  Tags: login, security, authentication, Limit Login Attempts, GDPR, brute-force attack, brute force, login abuse, ddos protection
4
  Requires at least: 3.0
5
- Tested up to: 4.9.5
6
- Stable tag: 2.7.0
7
 
8
  Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
9
 
@@ -51,6 +51,9 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
51
 
52
  == Changelog ==
53
 
 
 
 
54
  = 2.7.0 =
55
  * GDPR compliance implemented.
56
 
2
  Contributors: wpchefgadget
3
  Tags: login, security, authentication, Limit Login Attempts, GDPR, brute-force attack, brute force, login abuse, ddos protection
4
  Requires at least: 3.0
5
+ Tested up to: 4.9.7
6
+ Stable tag: 2.7.1
7
 
8
  Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers. GDPR compliant.
9
 
51
 
52
  == Changelog ==
53
 
54
+ = 2.7.1 =
55
+ * A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.
56
+
57
  = 2.7.0 =
58
  * GDPR compliance implemented.
59
 
views/options-page.php CHANGED
@@ -138,11 +138,11 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
138
  <td>
139
  <div class="field-col">
140
  <p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
141
- <textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo $white_list_ips; ?></textarea>
142
  </div>
143
  <div class="field-col">
144
  <p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
145
- <textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo $white_list_usernames; ?></textarea>
146
  </div>
147
  </td>
148
  </tr>
@@ -152,11 +152,11 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
152
  <td>
153
  <div class="field-col">
154
  <p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
155
- <textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo $black_list_ips; ?></textarea>
156
  </div>
157
  <div class="field-col">
158
  <p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
159
- <textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo $black_list_usernames; ?></textarea>
160
  </div>
161
  </td>
162
  </tr>
@@ -197,10 +197,10 @@ $black_list_usernames = ( is_array( $black_list_usernames ) && !empty( $black_li
197
  <tr>
198
  <td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
199
  <td class="limit-login-ip">
200
- <?php echo $user_info['ip']; ?>
201
  </td>
202
- <td class="limit-login-max"><?php echo $user_info['username'] . ' (' . $user_info['counter'] .' lockouts)'; ?></td>
203
- <td class="limit-login-gateway"><?php echo $user_info['gateway']; ?></td>
204
  <td>
205
  <?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
206
  <a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>
138
  <td>
139
  <div class="field-col">
140
  <p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
141
+ <textarea name="lla_whitelist_ips" rows="10" cols="50"><?php echo esc_textarea( $white_list_ips ); ?></textarea>
142
  </div>
143
  <div class="field-col">
144
  <p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
145
+ <textarea name="lla_whitelist_usernames" rows="10" cols="50"><?php echo esc_textarea( $white_list_usernames ); ?></textarea>
146
  </div>
147
  </td>
148
  </tr>
152
  <td>
153
  <div class="field-col">
154
  <p class="description"><?php _e( 'One IP or IP range (1.2.3.4-5.6.7.8) per line', 'limit-login-attempts-reloaded' ); ?></p>
155
+ <textarea name="lla_blacklist_ips" rows="10" cols="50"><?php echo esc_textarea( $black_list_ips ); ?></textarea>
156
  </div>
157
  <div class="field-col">
158
  <p class="description"><?php _e( 'One Username per line', 'limit-login-attempts-reloaded' ); ?></p>
159
+ <textarea name="lla_blacklist_usernames" rows="10" cols="50"><?php echo esc_textarea( $black_list_usernames ); ?></textarea>
160
  </div>
161
  </td>
162
  </tr>
197
  <tr>
198
  <td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $date ); ?></td>
199
  <td class="limit-login-ip">
200
+ <?php echo esc_html( $user_info['ip'] ); ?>
201
  </td>
202
+ <td class="limit-login-max"><?php echo esc_html( $user_info['username'] ) . ' (' . esc_html( $user_info['counter'] ) .' lockouts)'; ?></td>
203
+ <td class="limit-login-gateway"><?php echo esc_html( $user_info['gateway'] ); ?></td>
204
  <td>
205
  <?php if ( !empty( $lockouts[ $user_info['ip'] ] ) && $lockouts[ $user_info['ip'] ] > time() ) : ?>
206
  <a href="#" class="button limit-login-unlock" data-ip="<?=esc_attr($user_info['ip'])?>" data-username="<?=esc_attr($user_info['username'])?>">Unlock</a>