Version Description
- Use UTF-8 encoding for
htmlspecialchars()instead ofDB_CHARSET. - Tested under WordPress 3.3.1.
- Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
Download this release
Release Info
| Developer | convissor |
| Plugin |  Login Security Solution |
| Version | 0.3.0 |
| Comparing to | |
| See all releases | |
Code changes from version 0.2.1 to 0.3.0
- admin.inc +29 -29
- login-security-solution.php +18 -5
- readme.txt +7 -3
admin.inc
CHANGED
|
@@ -389,7 +389,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 389 |
* @return void
|
| 390 |
*/
|
| 391 |
public function page_settings() {
|
| 392 |
-
echo '<h2>' . $this->
|
| 393 |
echo '<form action="options.php" method="post">' . "\n";
|
| 394 |
settings_fields($this->option_name);
|
| 395 |
do_settings_sections(self::ID);
|
|
@@ -454,18 +454,18 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 454 |
* @return void
|
| 455 |
*/
|
| 456 |
protected function input_radio($name) {
|
| 457 |
-
echo $this->
|
| 458 |
echo '<input type="radio" value="0" name="'
|
| 459 |
-
. $this->
|
| 460 |
-
. '[' . $this->
|
| 461 |
. ($this->options[$name] ? '' : ' checked="checked"') . ' /> ';
|
| 462 |
-
echo $this->
|
| 463 |
echo '<br/>';
|
| 464 |
echo '<input type="radio" value="1" name="'
|
| 465 |
-
. $this->
|
| 466 |
-
. '[' . $this->
|
| 467 |
. ($this->options[$name] ? ' checked="checked"' : '') . ' /> ';
|
| 468 |
-
echo $this->
|
| 469 |
}
|
| 470 |
|
| 471 |
/**
|
|
@@ -474,12 +474,12 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 474 |
*/
|
| 475 |
protected function input_text($name) {
|
| 476 |
echo '<input type="text" size="3" name="'
|
| 477 |
-
. $this->
|
| 478 |
-
. '[' . $this->
|
| 479 |
-
. ' value="' . $this->
|
| 480 |
-
echo $this->
|
| 481 |
echo ' ' . __('Default:', self::ID) . ' '
|
| 482 |
-
. $this->
|
| 483 |
}
|
| 484 |
|
| 485 |
/**
|
|
@@ -513,7 +513,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 513 |
if (!is_scalar($in[$name])) {
|
| 514 |
// Not translating this since only hackers will see it.
|
| 515 |
add_settings_error($this->option_name, $name, "'"
|
| 516 |
-
. $this->
|
| 517 |
. "' was not a scalar, $default");
|
| 518 |
continue;
|
| 519 |
}
|
|
@@ -523,7 +523,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 523 |
if ($in[$name] != 0 && $in[$name] != 1) {
|
| 524 |
// Not translating this since only hackers will see it.
|
| 525 |
add_settings_error($this->option_name, $name, "'"
|
| 526 |
-
. $this->
|
| 527 |
. "' must be '0' or '1', $default");
|
| 528 |
continue 2;
|
| 529 |
}
|
|
@@ -531,7 +531,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 531 |
case 'int':
|
| 532 |
if (!ctype_digit($in[$name])) {
|
| 533 |
add_settings_error($this->option_name, $name, "'"
|
| 534 |
-
. $this->
|
| 535 |
. "' " . __("must be an integer,", self::ID)
|
| 536 |
. ' ' . $default);
|
| 537 |
continue 2;
|
|
@@ -540,7 +540,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 540 |
&& $in[$name] < $field['greater_than'])
|
| 541 |
{
|
| 542 |
add_settings_error($this->option_name, $name, "'"
|
| 543 |
-
. $this->
|
| 544 |
. "' " . sprintf($gt_format,
|
| 545 |
$field['greater_than'])
|
| 546 |
. ' ' . $default);
|
|
@@ -555,9 +555,9 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 555 |
$name = 'login_fail_tier_3';
|
| 556 |
if ($out[$name] <= $out['login_fail_tier_2']) {
|
| 557 |
add_settings_error($this->option_name, $name, "'"
|
| 558 |
-
. $this->
|
| 559 |
. "' " . sprintf($gt_format,
|
| 560 |
-
$this->
|
| 561 |
. ' ' . $default);
|
| 562 |
|
| 563 |
$out[$name] = $out['login_fail_tier_2'] + 5;
|
|
@@ -567,7 +567,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 567 |
$name = 'pw_reuse_count';
|
| 568 |
if ($out['pw_change_days'] && !$out[$name]) {
|
| 569 |
add_settings_error($this->option_name, $name, "'"
|
| 570 |
-
. $this->
|
| 571 |
. "' " . sprintf($gt_format, 1)
|
| 572 |
. ' ' . $default);
|
| 573 |
|
|
@@ -630,12 +630,12 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 630 |
* @return void
|
| 631 |
*/
|
| 632 |
public function page_pw_force_change() {
|
| 633 |
-
echo '<h2>' . $this->
|
| 634 |
|
| 635 |
echo '<p>';
|
| 636 |
_e("There may be cases where everyone's password should be reset.", self::ID);
|
| 637 |
echo ' ';
|
| 638 |
-
printf(__("This page, provided by the %s plugin, offers that functionality.", self::ID), $this->
|
| 639 |
echo '</p>';
|
| 640 |
|
| 641 |
echo '<p>';
|
|
@@ -650,8 +650,8 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 650 |
$this->echo_div();
|
| 651 |
|
| 652 |
echo '<p><strong><input type="checkbox" value="1" name="'
|
| 653 |
-
. $this->
|
| 654 |
-
. '[' . $this->
|
| 655 |
. ']" /> ';
|
| 656 |
_e("Confirm that you want to force all users to change their passwords by checking this box, then click the button, below.", self::ID);
|
| 657 |
echo '</strong></p>';
|
|
@@ -659,7 +659,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 659 |
submit_button(
|
| 660 |
$this->text_button_require,
|
| 661 |
'primary',
|
| 662 |
-
$this->
|
| 663 |
);
|
| 664 |
|
| 665 |
echo "</div>\n";
|
|
@@ -668,8 +668,8 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 668 |
$this->echo_div();
|
| 669 |
|
| 670 |
echo '<p><input type="checkbox" value="1" name="'
|
| 671 |
-
. $this->
|
| 672 |
-
. '[' . $this->
|
| 673 |
. ']" /> ';
|
| 674 |
_e("No thanks. I know what I'm doing. Please don't remind me about this.", self::ID);
|
| 675 |
echo '</p>';
|
|
@@ -677,7 +677,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 677 |
submit_button(
|
| 678 |
$this->text_button_remind,
|
| 679 |
'secondary',
|
| 680 |
-
$this->
|
| 681 |
);
|
| 682 |
|
| 683 |
echo "</div>\n";
|
|
@@ -770,7 +770,7 @@ class login_security_solution_admin extends login_security_solution {
|
|
| 770 |
_e("Speaking of which, do YOU have a strong password? Make sure by changing yours once you've submitted the Change All Passwords form.", self::ID);
|
| 771 |
echo '</strong></p>';
|
| 772 |
|
| 773 |
-
echo '<p><strong><a href="options-general.php?page=' . $this->
|
| 774 |
|
| 775 |
echo "</div>\n";
|
| 776 |
}
|
| 389 |
* @return void
|
| 390 |
*/
|
| 391 |
public function page_settings() {
|
| 392 |
+
echo '<h2>' . $this->hsc_utf8($this->text_settings) . '</h2>';
|
| 393 |
echo '<form action="options.php" method="post">' . "\n";
|
| 394 |
settings_fields($this->option_name);
|
| 395 |
do_settings_sections(self::ID);
|
| 454 |
* @return void
|
| 455 |
*/
|
| 456 |
protected function input_radio($name) {
|
| 457 |
+
echo $this->hsc_utf8($this->fields[$name]['text']) . '<br/>';
|
| 458 |
echo '<input type="radio" value="0" name="'
|
| 459 |
+
. $this->hsc_utf8($this->option_name)
|
| 460 |
+
. '[' . $this->hsc_utf8($name) . ']"'
|
| 461 |
. ($this->options[$name] ? '' : ' checked="checked"') . ' /> ';
|
| 462 |
+
echo $this->hsc_utf8($this->fields[$name]['bool0']);
|
| 463 |
echo '<br/>';
|
| 464 |
echo '<input type="radio" value="1" name="'
|
| 465 |
+
. $this->hsc_utf8($this->option_name)
|
| 466 |
+
. '[' . $this->hsc_utf8($name) . ']"'
|
| 467 |
. ($this->options[$name] ? ' checked="checked"' : '') . ' /> ';
|
| 468 |
+
echo $this->hsc_utf8($this->fields[$name]['bool1']);
|
| 469 |
}
|
| 470 |
|
| 471 |
/**
|
| 474 |
*/
|
| 475 |
protected function input_text($name) {
|
| 476 |
echo '<input type="text" size="3" name="'
|
| 477 |
+
. $this->hsc_utf8($this->option_name)
|
| 478 |
+
. '[' . $this->hsc_utf8($name) . ']"'
|
| 479 |
+
. ' value="' . $this->hsc_utf8($this->options[$name]) . '" /> ';
|
| 480 |
+
echo $this->hsc_utf8($this->fields[$name]['text']);
|
| 481 |
echo ' ' . __('Default:', self::ID) . ' '
|
| 482 |
+
. $this->hsc_utf8($this->options_default[$name]) . '.';
|
| 483 |
}
|
| 484 |
|
| 485 |
/**
|
| 513 |
if (!is_scalar($in[$name])) {
|
| 514 |
// Not translating this since only hackers will see it.
|
| 515 |
add_settings_error($this->option_name, $name, "'"
|
| 516 |
+
. $this->hsc_utf8($field['label'])
|
| 517 |
. "' was not a scalar, $default");
|
| 518 |
continue;
|
| 519 |
}
|
| 523 |
if ($in[$name] != 0 && $in[$name] != 1) {
|
| 524 |
// Not translating this since only hackers will see it.
|
| 525 |
add_settings_error($this->option_name, $name, "'"
|
| 526 |
+
. $this->hsc_utf8($field['label'])
|
| 527 |
. "' must be '0' or '1', $default");
|
| 528 |
continue 2;
|
| 529 |
}
|
| 531 |
case 'int':
|
| 532 |
if (!ctype_digit($in[$name])) {
|
| 533 |
add_settings_error($this->option_name, $name, "'"
|
| 534 |
+
. $this->hsc_utf8($field['label'])
|
| 535 |
. "' " . __("must be an integer,", self::ID)
|
| 536 |
. ' ' . $default);
|
| 537 |
continue 2;
|
| 540 |
&& $in[$name] < $field['greater_than'])
|
| 541 |
{
|
| 542 |
add_settings_error($this->option_name, $name, "'"
|
| 543 |
+
. $this->hsc_utf8($field['label'])
|
| 544 |
. "' " . sprintf($gt_format,
|
| 545 |
$field['greater_than'])
|
| 546 |
. ' ' . $default);
|
| 555 |
$name = 'login_fail_tier_3';
|
| 556 |
if ($out[$name] <= $out['login_fail_tier_2']) {
|
| 557 |
add_settings_error($this->option_name, $name, "'"
|
| 558 |
+
. $this->hsc_utf8($this->fields[$name]['label'])
|
| 559 |
. "' " . sprintf($gt_format,
|
| 560 |
+
$this->hsc_utf8($this->fields['login_fail_tier_2']['label']))
|
| 561 |
. ' ' . $default);
|
| 562 |
|
| 563 |
$out[$name] = $out['login_fail_tier_2'] + 5;
|
| 567 |
$name = 'pw_reuse_count';
|
| 568 |
if ($out['pw_change_days'] && !$out[$name]) {
|
| 569 |
add_settings_error($this->option_name, $name, "'"
|
| 570 |
+
. $this->hsc_utf8($this->fields[$name]['label'])
|
| 571 |
. "' " . sprintf($gt_format, 1)
|
| 572 |
. ' ' . $default);
|
| 573 |
|
| 630 |
* @return void
|
| 631 |
*/
|
| 632 |
public function page_pw_force_change() {
|
| 633 |
+
echo '<h2>' . $this->hsc_utf8($this->text_pw_force_change) . '</h2>';
|
| 634 |
|
| 635 |
echo '<p>';
|
| 636 |
_e("There may be cases where everyone's password should be reset.", self::ID);
|
| 637 |
echo ' ';
|
| 638 |
+
printf(__("This page, provided by the %s plugin, offers that functionality.", self::ID), $this->hsc_utf8(self::NAME));
|
| 639 |
echo '</p>';
|
| 640 |
|
| 641 |
echo '<p>';
|
| 650 |
$this->echo_div();
|
| 651 |
|
| 652 |
echo '<p><strong><input type="checkbox" value="1" name="'
|
| 653 |
+
. $this->hsc_utf8($this->option_pw_force_change_name)
|
| 654 |
+
. '[' . $this->hsc_utf8($this->key_checkbox_require)
|
| 655 |
. ']" /> ';
|
| 656 |
_e("Confirm that you want to force all users to change their passwords by checking this box, then click the button, below.", self::ID);
|
| 657 |
echo '</strong></p>';
|
| 659 |
submit_button(
|
| 660 |
$this->text_button_require,
|
| 661 |
'primary',
|
| 662 |
+
$this->hsc_utf8($this->option_pw_force_change_name) . '[submit]'
|
| 663 |
);
|
| 664 |
|
| 665 |
echo "</div>\n";
|
| 668 |
$this->echo_div();
|
| 669 |
|
| 670 |
echo '<p><input type="checkbox" value="1" name="'
|
| 671 |
+
. $this->hsc_utf8($this->option_pw_force_change_name)
|
| 672 |
+
. '[' . $this->hsc_utf8($this->key_checkbox_remind)
|
| 673 |
. ']" /> ';
|
| 674 |
_e("No thanks. I know what I'm doing. Please don't remind me about this.", self::ID);
|
| 675 |
echo '</p>';
|
| 677 |
submit_button(
|
| 678 |
$this->text_button_remind,
|
| 679 |
'secondary',
|
| 680 |
+
$this->hsc_utf8($this->option_pw_force_change_name) . '[submit]'
|
| 681 |
);
|
| 682 |
|
| 683 |
echo "</div>\n";
|
| 770 |
_e("Speaking of which, do YOU have a strong password? Make sure by changing yours once you've submitted the Change All Passwords form.", self::ID);
|
| 771 |
echo '</strong></p>';
|
| 772 |
|
| 773 |
+
echo '<p><strong><a href="options-general.php?page=' . $this->hsc_utf8($this->option_pw_force_change_name) . '">' . $this->text_pw_force_change . "</a></strong></p>\n";
|
| 774 |
|
| 775 |
echo "</div>\n";
|
| 776 |
}
|
login-security-solution.php
CHANGED
|
@@ -6,7 +6,7 @@
|
|
| 6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
| 7 |
*
|
| 8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
| 9 |
-
* Version: 0.
|
| 10 |
* Author: Daniel Convissor
|
| 11 |
* Author URI: http://www.analysisandsolutions.com/
|
| 12 |
* License: GPLv2
|
|
@@ -475,7 +475,7 @@ class login_security_solution {
|
|
| 475 |
|
| 476 |
if ($ours) {
|
| 477 |
$out .= '<p class="login message">'
|
| 478 |
-
. $this->
|
| 479 |
}
|
| 480 |
|
| 481 |
return $out;
|
|
@@ -864,16 +864,16 @@ class login_security_solution {
|
|
| 864 |
}
|
| 865 |
|
| 866 |
/**
|
| 867 |
-
* Sanitizes output via htmlspecialchars()
|
| 868 |
*
|
| 869 |
-
*
|
| 870 |
*
|
| 871 |
* @param string $in the string to sanitize
|
| 872 |
* @return string the sanitized string
|
| 873 |
*
|
| 874 |
* @uses DB_CHARSET set in wp-config.php to know which $encoding to use
|
| 875 |
*/
|
| 876 |
-
protected function
|
| 877 |
static $encoding;
|
| 878 |
|
| 879 |
if (!isset($encoding)) {
|
|
@@ -921,6 +921,19 @@ class login_security_solution {
|
|
| 921 |
return htmlspecialchars($in, ENT_COMPAT, $encoding);
|
| 922 |
}
|
| 923 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 924 |
/**
|
| 925 |
* Saves the failed login's info in the database
|
| 926 |
*
|
| 6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
| 7 |
*
|
| 8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
| 9 |
+
* Version: 0.3.0
|
| 10 |
* Author: Daniel Convissor
|
| 11 |
* Author URI: http://www.analysisandsolutions.com/
|
| 12 |
* License: GPLv2
|
| 475 |
|
| 476 |
if ($ours) {
|
| 477 |
$out .= '<p class="login message">'
|
| 478 |
+
. $this->hsc_utf8($ours) . '</p>';
|
| 479 |
}
|
| 480 |
|
| 481 |
return $out;
|
| 864 |
}
|
| 865 |
|
| 866 |
/**
|
| 867 |
+
* Sanitizes output via htmlspecialchars() using DB_CHARSET's encoding
|
| 868 |
*
|
| 869 |
+
* Makes query results safe for displaying in browsers.
|
| 870 |
*
|
| 871 |
* @param string $in the string to sanitize
|
| 872 |
* @return string the sanitized string
|
| 873 |
*
|
| 874 |
* @uses DB_CHARSET set in wp-config.php to know which $encoding to use
|
| 875 |
*/
|
| 876 |
+
protected function hsc_db($in) {
|
| 877 |
static $encoding;
|
| 878 |
|
| 879 |
if (!isset($encoding)) {
|
| 921 |
return htmlspecialchars($in, ENT_COMPAT, $encoding);
|
| 922 |
}
|
| 923 |
|
| 924 |
+
/**
|
| 925 |
+
* Sanitizes output via htmlspecialchars() using UTF-8 encoding
|
| 926 |
+
*
|
| 927 |
+
* Makes this program's native text and translated/localized strings
|
| 928 |
+
* safe for displaying in browsers.
|
| 929 |
+
*
|
| 930 |
+
* @param string $in the string to sanitize
|
| 931 |
+
* @return string the sanitized string
|
| 932 |
+
*/
|
| 933 |
+
protected function hsc_utf8($in) {
|
| 934 |
+
return htmlspecialchars($in, ENT_COMPAT, 'UTF-8');
|
| 935 |
+
}
|
| 936 |
+
|
| 937 |
/**
|
| 938 |
* Saves the failed login's info in the database
|
| 939 |
*
|
readme.txt
CHANGED
|
@@ -146,9 +146,8 @@ clients and friends.
|
|
| 146 |
|
| 147 |
* If a translation file for your language does not exist in this
|
| 148 |
plugin's `languages` directory, add one. Read
|
| 149 |
-
http://codex.wordpress.org/I18n_for_WordPress_Developers
|
| 150 |
-
|
| 151 |
-
the `DB_CHARSET` setting in `wp-config.php`. Send me the file and
|
| 152 |
I'll include it in future releases. See the features request
|
| 153 |
section, below.
|
| 154 |
|
|
@@ -210,6 +209,11 @@ Ask and ye shall receive.
|
|
| 210 |
|
| 211 |
== Changelog ==
|
| 212 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 213 |
= 0.2.1 =
|
| 214 |
* Ensure all files are in the state I intended. Needed because
|
| 215 |
WordPress' plugin site automatically rolls releases.
|
| 146 |
|
| 147 |
* If a translation file for your language does not exist in this
|
| 148 |
plugin's `languages` directory, add one. Read
|
| 149 |
+
http://codex.wordpress.org/I18n_for_WordPress_Developers for
|
| 150 |
+
details. The files must use UTF-8 encoding. Send me the file and
|
|
|
|
| 151 |
I'll include it in future releases. See the features request
|
| 152 |
section, below.
|
| 153 |
|
| 209 |
|
| 210 |
== Changelog ==
|
| 211 |
|
| 212 |
+
= 0.3.0 =
|
| 213 |
+
* Use UTF-8 encoding for `htmlspecialchars()` instead of `DB_CHARSET`.
|
| 214 |
+
* Tested under WordPress 3.3.1.
|
| 215 |
+
* Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
|
| 216 |
+
|
| 217 |
= 0.2.1 =
|
| 218 |
* Ensure all files are in the state I intended. Needed because
|
| 219 |
WordPress' plugin site automatically rolls releases.
|
