Version Description
- Use
ENT_QUOTES
instead ofENT_COMPAT
inhtmlspecialchars()
calls because WordPress mixes and matches the double and single quotes to delimit attributes. - Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.
- Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
Download this release
Release Info
Developer | convissor |
Plugin | Login Security Solution |
Version | 0.6.0 |
Comparing to | |
See all releases |
Code changes from version 0.5.0 to 0.6.0
- login-security-solution.php +3 -3
- readme.txt +18 -4
login-security-solution.php
CHANGED
@@ -6,7 +6,7 @@
|
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
-
* Version: 0.
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
@@ -939,7 +939,7 @@ class login_security_solution {
|
|
939 |
}
|
940 |
}
|
941 |
|
942 |
-
return htmlspecialchars($in,
|
943 |
}
|
944 |
|
945 |
/**
|
@@ -952,7 +952,7 @@ class login_security_solution {
|
|
952 |
* @return string the sanitized string
|
953 |
*/
|
954 |
protected function hsc_utf8($in) {
|
955 |
-
return htmlspecialchars($in,
|
956 |
}
|
957 |
|
958 |
/**
|
6 |
* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
|
7 |
*
|
8 |
* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
|
9 |
+
* Version: 0.6.0
|
10 |
* Author: Daniel Convissor
|
11 |
* Author URI: http://www.analysisandsolutions.com/
|
12 |
* License: GPLv2
|
939 |
}
|
940 |
}
|
941 |
|
942 |
+
return htmlspecialchars($in, ENT_QUOTES, $encoding);
|
943 |
}
|
944 |
|
945 |
/**
|
952 |
* @return string the sanitized string
|
953 |
*/
|
954 |
protected function hsc_utf8($in) {
|
955 |
+
return htmlspecialchars($in, ENT_QUOTES, 'UTF-8');
|
956 |
}
|
957 |
|
958 |
/**
|
readme.txt
CHANGED
@@ -210,12 +210,19 @@ are not using the `InnoDB` storage engine.
|
|
210 |
|
211 |
== Frequently Asked Questions ==
|
212 |
|
|
|
|
|
|
|
|
|
|
|
|
|
213 |
= Where did the "Change All Passwords" interface go? =
|
214 |
|
215 |
A link to the page is found in this plugin's entry in the "Plugins" admin
|
216 |
interface:
|
217 |
-
|
218 |
-
|
|
|
219 |
|
220 |
= How do I generate the POT translation file? =
|
221 |
|
@@ -228,6 +235,13 @@ then `cd` into that directory and run:
|
|
228 |
|
229 |
== Changelog ==
|
230 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
231 |
= 0.5.0 =
|
232 |
* Have multisite network mode use the saved options instead of the defaults.
|
233 |
* Close more HTML injection vectors. (One would think WordPress' built in
|
@@ -295,7 +309,7 @@ problems under PHP 5.4.
|
|
295 |
== Bugs and Feature Requests ==
|
296 |
|
297 |
Report bugs and submit feature requests by opening a ticket in WordPress'
|
298 |
-
plugins Trac website
|
299 |
Select `login-security-solution` in the "Component" list.
|
300 |
|
301 |
|
@@ -303,7 +317,7 @@ Select `login-security-solution` in the "Component" list.
|
|
303 |
|
304 |
* Password Research
|
305 |
+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
|
306 |
-
+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf),
|
307 |
+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
|
308 |
+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
|
309 |
+ [Password Strength](http://xkcd.com/936/), Randall Munroe
|
210 |
|
211 |
== Frequently Asked Questions ==
|
212 |
|
213 |
+
= Where should I report bugs and feature requests? =
|
214 |
+
|
215 |
+
Report bugs and submit feature requests by opening a ticket in WordPress'
|
216 |
+
[plugins Trac website](http://plugins.trac.wordpress.org/report).
|
217 |
+
Select `login-security-solution` in the "Component" list.
|
218 |
+
|
219 |
= Where did the "Change All Passwords" interface go? =
|
220 |
|
221 |
A link to the page is found in this plugin's entry in the "Plugins" admin
|
222 |
interface:
|
223 |
+
|
224 |
+
* Regular sites: Plugins
|
225 |
+
* Sites using multisite networks: My Sites | Network Admin | Plugins
|
226 |
|
227 |
= How do I generate the POT translation file? =
|
228 |
|
235 |
|
236 |
== Changelog ==
|
237 |
|
238 |
+
= 0.6.0 =
|
239 |
+
* Use `ENT_QUOTES` instead of `ENT_COMPAT` in `htmlspecialchars()` calls
|
240 |
+
because WordPress mixes and matches the double and single quotes to
|
241 |
+
delimit attributes.
|
242 |
+
* Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.
|
243 |
+
* Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
|
244 |
+
|
245 |
= 0.5.0 =
|
246 |
* Have multisite network mode use the saved options instead of the defaults.
|
247 |
* Close more HTML injection vectors. (One would think WordPress' built in
|
309 |
== Bugs and Feature Requests ==
|
310 |
|
311 |
Report bugs and submit feature requests by opening a ticket in WordPress'
|
312 |
+
[plugins Trac website](http://plugins.trac.wordpress.org/report).
|
313 |
Select `login-security-solution` in the "Component" list.
|
314 |
|
315 |
|
317 |
|
318 |
* Password Research
|
319 |
+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
|
320 |
+
+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf), Martin Devillers
|
321 |
+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
|
322 |
+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
|
323 |
+ [Password Strength](http://xkcd.com/936/), Randall Munroe
|