Version Description
- Fixed a bug introduced in version 4.2 where a user such as an editor could potentially be blocked while editing a post owned by another user.
Download this release
Release Info
| Developer | nintechnet |
| Plugin |  NinjaFirewall (WP Edition) |
| Version | 4.2.1 |
| Comparing to | |
| See all releases | |
Code changes from version 4.2 to 4.2.1
- lib/install_default.php +1 -1
- lib/utils.php +14 -7
- ninjafirewall.php +2 -2
- readme.txt +5 -1
lib/install_default.php
CHANGED
|
@@ -161,7 +161,7 @@ function nfw_load_default_conf() {
|
|
| 161 |
// 2. headers_list() and header_remove(): some hosts may disable them.
|
| 162 |
if ( function_exists('header_register_callback') && function_exists('headers_list') && function_exists('header_remove') ) {
|
| 163 |
// X-XSS-Protection:
|
| 164 |
-
$nfw_options['response_headers'] = '
|
| 165 |
}
|
| 166 |
$nfw_options['referrer_policy_enabled'] = 0;
|
| 167 |
|
| 161 |
// 2. headers_list() and header_remove(): some hosts may disable them.
|
| 162 |
if ( function_exists('header_register_callback') && function_exists('headers_list') && function_exists('header_remove') ) {
|
| 163 |
// X-XSS-Protection:
|
| 164 |
+
$nfw_options['response_headers'] = '0003000000';
|
| 165 |
}
|
| 166 |
$nfw_options['referrer_policy_enabled'] = 0;
|
| 167 |
|
lib/utils.php
CHANGED
|
@@ -152,8 +152,8 @@ function nf_wp_insert_post_empty_content( $maybe_empty, $postarr ) {
|
|
| 152 |
return false;
|
| 153 |
}
|
| 154 |
|
| 155 |
-
|
| 156 |
-
|
| 157 |
|
| 158 |
if (! isset( $postarr['ID'] ) ) {
|
| 159 |
$id = 0;
|
|
@@ -161,9 +161,14 @@ function nf_wp_insert_post_empty_content( $maybe_empty, $postarr ) {
|
|
| 161 |
$id = $postarr['ID'];
|
| 162 |
}
|
| 163 |
|
| 164 |
-
|
| 165 |
-
$
|
| 166 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 167 |
return false;
|
| 168 |
}
|
| 169 |
|
|
@@ -190,9 +195,11 @@ function nf_wp_insert_post_empty_content( $maybe_empty, $postarr ) {
|
|
| 190 |
/* Translators : "page" or "post" type and its numerical ID */
|
| 191 |
$action = sprintf( __('Attempt to edit a published %s (ID: %s)', 'ninjafirewall'), $postarr['post_type'], $id );
|
| 192 |
}
|
| 193 |
-
|
|
|
|
|
|
|
| 194 |
if ( empty( $current_user->user_login ) ) {
|
| 195 |
-
$user = 'Unauthenticated user';
|
| 196 |
} else {
|
| 197 |
$user = $current_user->user_login;
|
| 198 |
}
|
| 152 |
return false;
|
| 153 |
}
|
| 154 |
|
| 155 |
+
// We only care about page and post post_type:
|
| 156 |
+
if (! empty( $postarr['post_type'] ) && ( $postarr['post_type'] == 'post' || $postarr['post_type'] == 'page' ) ) {
|
| 157 |
|
| 158 |
if (! isset( $postarr['ID'] ) ) {
|
| 159 |
$id = 0;
|
| 161 |
$id = $postarr['ID'];
|
| 162 |
}
|
| 163 |
|
| 164 |
+
// Ignore post if it isn't either already published or set to be published immediately:
|
| 165 |
+
if ( get_post_status( $id ) != 'publish' && ( empty( $postarr['post_status'] ) || $postarr['post_status'] != 'publish' ) ) {
|
| 166 |
+
return false;
|
| 167 |
+
}
|
| 168 |
+
|
| 169 |
+
// We must use meta capability (edit_post/edit_page), not capability (edit_postS/edit_pageS).
|
| 170 |
+
$edit_post = "edit_{$postarr['post_type']}";
|
| 171 |
+
if ( current_user_can( $edit_post, $id ) ) {
|
| 172 |
return false;
|
| 173 |
}
|
| 174 |
|
| 195 |
/* Translators : "page" or "post" type and its numerical ID */
|
| 196 |
$action = sprintf( __('Attempt to edit a published %s (ID: %s)', 'ninjafirewall'), $postarr['post_type'], $id );
|
| 197 |
}
|
| 198 |
+
|
| 199 |
+
// Check if user is authenticated
|
| 200 |
+
$current_user = wp_get_current_user();
|
| 201 |
if ( empty( $current_user->user_login ) ) {
|
| 202 |
+
$user = __('Unauthenticated user', 'ninjafirewall');
|
| 203 |
} else {
|
| 204 |
$user = $current_user->user_login;
|
| 205 |
}
|
ninjafirewall.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: NinjaFirewall (WP Edition)
|
| 4 |
Plugin URI: https://nintechnet.com/
|
| 5 |
Description: A true Web Application Firewall to protect and secure WordPress.
|
| 6 |
-
Version: 4.2
|
| 7 |
Author: The Ninja Technologies Network
|
| 8 |
Author URI: https://nintechnet.com/
|
| 9 |
License: GPLv3 or later
|
|
@@ -19,7 +19,7 @@ Domain Path: /languages
|
|
| 19 |
| (c) NinTechNet - https://nintechnet.com/ |
|
| 20 |
+---------------------------------------------------------------------+
|
| 21 |
*/
|
| 22 |
-
define( 'NFW_ENGINE_VERSION', '4.2' );
|
| 23 |
/*
|
| 24 |
+---------------------------------------------------------------------+
|
| 25 |
| This program is free software: you can redistribute it and/or |
|
| 3 |
Plugin Name: NinjaFirewall (WP Edition)
|
| 4 |
Plugin URI: https://nintechnet.com/
|
| 5 |
Description: A true Web Application Firewall to protect and secure WordPress.
|
| 6 |
+
Version: 4.2.1
|
| 7 |
Author: The Ninja Technologies Network
|
| 8 |
Author URI: https://nintechnet.com/
|
| 9 |
License: GPLv3 or later
|
| 19 |
| (c) NinTechNet - https://nintechnet.com/ |
|
| 20 |
+---------------------------------------------------------------------+
|
| 21 |
*/
|
| 22 |
+
define( 'NFW_ENGINE_VERSION', '4.2.1' );
|
| 23 |
/*
|
| 24 |
+---------------------------------------------------------------------+
|
| 25 |
| This program is free software: you can redistribute it and/or |
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: nintechnet, bruandet
|
|
| 3 |
Tags: security, firewall, malware, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid, classicpress
|
| 4 |
Requires at least: 3.7
|
| 5 |
Tested up to: 5.4
|
| 6 |
-
Stable tag: 4.2
|
| 7 |
Requires PHP: 5.5
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
|
@@ -203,6 +203,10 @@ NinjaFirewall works on Unix-like servers only. There is no Microsoft Windows ver
|
|
| 203 |
|
| 204 |
Need more security? Take the time to explore our supercharged Premium edition: [NinjaFirewall WP+ Edition](https://nintechnet.com/ninjafirewall/wp-edition/?comparison)
|
| 205 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 206 |
= 4.2 =
|
| 207 |
|
| 208 |
* Added a new policy to block attempts to publish or edit a published page/post by suspicious users. This feature can be very useful to protect against attacks where hackers (authenticated or not) try to exploit zero-day vulnerabilities to inject code into posts and pages on the blog. It is disabled by default and can be enabled from the "Firewall Policies > Basic Policies > General > Block attempts to publish or edit a published post by users who do not have the right capabilities" menu.
|
| 3 |
Tags: security, firewall, malware, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid, classicpress
|
| 4 |
Requires at least: 3.7
|
| 5 |
Tested up to: 5.4
|
| 6 |
+
Stable tag: 4.2.1
|
| 7 |
Requires PHP: 5.5
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 203 |
|
| 204 |
Need more security? Take the time to explore our supercharged Premium edition: [NinjaFirewall WP+ Edition](https://nintechnet.com/ninjafirewall/wp-edition/?comparison)
|
| 205 |
|
| 206 |
+
= 4.2.1 =
|
| 207 |
+
|
| 208 |
+
* Fixed a bug introduced in version 4.2 where a user such as an editor could potentially be blocked while editing a post owned by another user.
|
| 209 |
+
|
| 210 |
= 4.2 =
|
| 211 |
|
| 212 |
* Added a new policy to block attempts to publish or edit a published page/post by suspicious users. This feature can be very useful to protect against attacks where hackers (authenticated or not) try to exploit zero-day vulnerabilities to inject code into posts and pages on the blog. It is disabled by default and can be enabled from the "Firewall Policies > Basic Policies > General > Block attempts to publish or edit a published post by users who do not have the right capabilities" menu.
|
