Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.3.15

Version Description

  • Google Authenticator-Two Factor Authentication (2FA) : Anti-Malware : schedule scan.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.3.15
Comparing to
See all releases

Code changes from version 5.3.14 to 5.3.15

Files changed (5) hide show
  1. controllers/main_controller.php +19 -19
  2. controllers/malware_scan_ajax.php +2 -2
  3. handler/malware_scanner.php +15 -10
  4. miniorange_2_factor_settings.php +2 -2
  5. readme.txt +9 -3
controllers/main_controller.php CHANGED
@@ -50,24 +50,24 @@
50
  ?>
51
  <?php if(get_option('mo2f_scan_initialize')) { ?>
52
  <script>
53
- jQuery(document).ready(function(){
54
- var nonce = "<?php echo wp_create_nonce('wpns-quick-scan')?>";
55
- var data={
56
- 'action':'mo_wpns_malware_redirect',
57
- 'call_type':'malware_scan_initiate',
58
- 'scan':'scan_start',
59
- 'scantype':'quick_scan',
60
- 'nonce': nonce
61
- };
62
- jQuery.post(ajaxurl, data, function(response){
63
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
64
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
65
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
66
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
67
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
68
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
69
- document.getElementById("quick_scan_button").value = "Quick Scan";
70
- });
71
- });
72
  </script>
73
  <?php } ?>
50
  ?>
51
  <?php if(get_option('mo2f_scan_initialize')) { ?>
52
  <script>
53
+ // jQuery(document).ready(function(){
54
+ // var nonce = "<?php echo wp_create_nonce('wpns-quick-scan')?>";
55
+ // var data={
56
+ // 'action':'mo_wpns_malware_redirect',
57
+ // 'call_type':'malware_scan_initiate',
58
+ // 'scan':'scan_start',
59
+ // 'scantype':'quick_scan',
60
+ // 'nonce': nonce
61
+ // };
62
+ // jQuery.post(ajaxurl, data, function(response){
63
+ // jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
64
+ // document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
65
+ // jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
66
+ // document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
67
+ // jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
68
+ // document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
69
+ // document.getElementById("quick_scan_button").value = "Quick Scan";
70
+ // });
71
+ // });
72
  </script>
73
  <?php } ?>
controllers/malware_scan_ajax.php CHANGED
@@ -106,7 +106,7 @@ class Mo_wpns_scan_malware
106
  }
107
  $scan_configuration = array('plugin_scan' => 1 ,
108
  'theme_scan' => 1,
109
- 'core_scan' => 1,
110
  'file_extension' => "",
111
  'check_vulnerable' => 1,
112
  'check_sql' => 1,
@@ -127,7 +127,7 @@ class Mo_wpns_scan_malware
127
  }
128
  $scan_configuration = array('plugin_scan' => 1 ,
129
  'theme_scan' => 1,
130
- 'core_scan' => 1,
131
  'file_extension' => "",
132
  'check_vulnerable' => 1,
133
  'check_sql' => 1,
106
  }
107
  $scan_configuration = array('plugin_scan' => 1 ,
108
  'theme_scan' => 1,
109
+ 'core_scan' => 0,
110
  'file_extension' => "",
111
  'check_vulnerable' => 1,
112
  'check_sql' => 1,
127
  }
128
  $scan_configuration = array('plugin_scan' => 1 ,
129
  'theme_scan' => 1,
130
+ 'core_scan' => 0,
131
  'file_extension' => "",
132
  'check_vulnerable' => 1,
133
  'check_sql' => 1,
handler/malware_scanner.php CHANGED
@@ -309,6 +309,7 @@ class Mo_wpns_Scan_Handler{
309
  continue;
310
  }
311
  $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
 
312
  $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
313
  if($extns){
314
  $nooffiles++;
@@ -319,7 +320,7 @@ class Mo_wpns_Scan_Handler{
319
 
320
  $hash_of_file= md5_file($source_file_path);
321
  $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
322
-
323
  $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
324
  $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
325
  $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
@@ -332,11 +333,13 @@ class Mo_wpns_Scan_Handler{
332
  else{
333
  $flag_update=0;
334
  $file_content=file_get_contents($source_file_path);
 
335
  $source_file_path_size = str_replace("\\", "/", $source_file_path);
336
- if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
337
  $malware_status = 1;
338
  $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
339
  $postdata = array('file' => $cfile);
 
340
  $content_type = 'multipart/form-data';
341
  $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
342
  if ($issues) {
@@ -349,7 +352,7 @@ class Mo_wpns_Scan_Handler{
349
  }
350
 
351
  if($scan_config['check_repo'] == 1 && $repocheck && $extns){
352
- if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz'))){
353
  if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
354
  $repo_status = 1;
355
  if($value==$base){
@@ -369,13 +372,15 @@ class Mo_wpns_Scan_Handler{
369
  }
370
  }
371
  if($extns && $extlink){
372
- if($scan_config['ext_link_check'] == 1){
373
- $link_status = 1;
374
- $elresult= $this->check_external_link($file_content);
375
- if(!empty($elresult)){
376
- $malicious_link_count++;
377
- $flag_update=1;
378
- $scanresult['extl']=$elresult;
 
 
379
  }
380
  }
381
  }
309
  continue;
310
  }
311
  $ext = pathinfo($source_file_path, PATHINFO_EXTENSION);
312
+ $ext= strtolower($ext);
313
  $extns = $enable_extns ? true : (in_array($ext, $extensions) ? true : false);
314
  if($extns){
315
  $nooffiles++;
320
 
321
  $hash_of_file= md5_file($source_file_path);
322
  $res=$mo2f_malware_db_handler->check_hash($hash_of_file);
323
+
324
  $datascan = empty($res)?true:(isset($res[0]->scan_data) ? unserialize($res[0]->scan_data):false);
325
  $scanmalware = is_array($datascan)?$datascan['malware']==0:(!empty($datascan) ? $datascan: true);
326
  $repocheck = is_array($datascan)?$datascan['repo']==0:(!empty($datascan) ? $datascan: true);
333
  else{
334
  $flag_update=0;
335
  $file_content=file_get_contents($source_file_path);
336
+
337
  $source_file_path_size = str_replace("\\", "/", $source_file_path);
338
+ if(($scan_config['check_vulnerable'] == 1 || $scan_config['check_sql'] == 1) && !in_array($ext, array('zip','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw')) && filesize($source_file_path_size) < 1048576 && $malware_server_status && $extns && $scanmalware){
339
  $malware_status = 1;
340
  $cfile=curl_file_create($source_file_path, 'test/plain', time().basename($source_file_path));
341
  $postdata = array('file' => $cfile);
342
+
343
  $content_type = 'multipart/form-data';
344
  $issues = $this->mo_wpns_malware_scan_request($postdata, $host, $content_type);
345
  if ($issues) {
352
  }
353
 
354
  if($scan_config['check_repo'] == 1 && $repocheck && $extns){
355
+ if(!in_array('wp-config.php', $arr) && !in_array($ext, array('zip', 'log', 'htaccess','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
356
  if(($arr[count($arr)-1]== 'index.php' && (count($arr)==1 || in_array($arr[count($arr)-2], array('wp-content', 'plugins', 'themes'))) && !in_array('uploads', $arr)) || !in_array('wp-content', $arr)){
357
  $repo_status = 1;
358
  if($value==$base){
372
  }
373
  }
374
  if($extns && $extlink){
375
+ if(!in_array($ext, array('zip', 'log','sitx','7z','rar','gz','tar.gz','jpg','jpeg','png','gif','svg','tiff','raw'))){
376
+ if($scan_config['ext_link_check'] == 1){
377
+ $link_status = 1;
378
+ $elresult= $this->check_external_link($file_content);
379
+ if(!empty($elresult)){
380
+ $malicious_link_count++;
381
+ $flag_update=1;
382
+ $scanresult['extl']=$elresult;
383
+ }
384
  }
385
  }
386
  }
miniorange_2_factor_settings.php CHANGED
@@ -3,13 +3,13 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
- * Version: 5.3.14
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
- define( 'MO2F_VERSION', '5.3.14' );
13
  define( 'MO2F_TEST_MODE', false );
14
  class Miniorange_twoFactor{
15
 
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 1 User in the free version of the plugin.
6
+ * Version: 5.3.15
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * License: GPL2
10
  */
11
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
12
+ define( 'MO2F_VERSION', '5.3.15' );
13
  define( 'MO2F_TEST_MODE', false );
14
  class Miniorange_twoFactor{
15
 
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.3.14
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -272,8 +272,11 @@ miniOrange authentication service has 15+ authentication methods.One time passco
272
 
273
  == Changelog ==
274
 
 
 
 
275
  = 5.3.14 =
276
- * Google Authenticator-Two Factor Authentication (2FA) : Anit-Malware : Adding more signatures.
277
 
278
  = 5.3.13 =
279
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
@@ -706,8 +709,11 @@ More descriptive setup messages and UI changes.
706
 
707
  == Upgrade Notice ==
708
 
 
 
 
709
  = 5.3.14 =
710
- * Google Authenticator-Two Factor Authentication (2FA) : Anit-Malware : Adding more signatures.
711
 
712
  = 5.3.13 =
713
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
6
  Requires at least: 3.0.1
7
  Tested up to: 5.3
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.3.15
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
272
 
273
  == Changelog ==
274
 
275
+ = 5.3.15 =
276
+ * Google Authenticator-Two Factor Authentication (2FA) : Anti-Malware : schedule scan.
277
+
278
  = 5.3.14 =
279
+ * Google Authenticator-Two Factor Authentication (2FA) : Anti-Malware : Adding more signatures.
280
 
281
  = 5.3.13 =
282
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
709
 
710
  == Upgrade Notice ==
711
 
712
+ = 5.3.15 =
713
+ * Google Authenticator-Two Factor Authentication (2FA) : Anti-Malware : schedule scan.
714
+
715
  = 5.3.14 =
716
+ * Google Authenticator-Two Factor Authentication (2FA) : Anti-Malware : Adding more signatures.
717
 
718
  = 5.3.13 =
719
  * Google Authenticator-Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.