NinjaFirewall (WP Edition) - Version 4.4.2

Version Description

  • Fixed an issue introduced in v4.4.1 where a notification email was sent each time an external application authenticated itself.
Download this release

Release Info

Developer nintechnet
Plugin Icon 128x128 NinjaFirewall (WP Edition)
Version 4.4.2
Comparing to
See all releases

Code changes from version 4.4.1 to 4.4.2

Files changed (2) hide show
  1. ninjafirewall.php +14 -19
  2. readme.txt +5 -1
ninjafirewall.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: NinjaFirewall (WP Edition)
4
  Plugin URI: https://nintechnet.com/
5
  Description: A true Web Application Firewall to protect and secure WordPress.
6
- Version: 4.4.1
7
  Author: The Ninja Technologies Network
8
  Author URI: https://nintechnet.com/
9
  License: GPLv3 or later
@@ -19,7 +19,7 @@ Domain Path: /languages
19
  | (c) NinTechNet - https://nintechnet.com/ |
20
  +---------------------------------------------------------------------+
21
  */
22
- define( 'NFW_ENGINE_VERSION', '4.4.1' );
23
  /*
24
  +---------------------------------------------------------------------+
25
  | This program is free software: you can redistribute it and/or |
@@ -543,20 +543,18 @@ add_action('init', 'nfw_init_emailremoval' );
543
  // ---------------------------------------------------------------------
544
  // Check if the user is an admin and if we must whitelist them.
545
 
546
- function nfw_auth_cookie( $cookie, $user_id, $expiration, $scheme, $token ) {
547
 
548
- if ( $scheme != 'logged_in' ) { return $cookie; }
549
 
550
  $nfw_options = nfw_get_option( 'nfw_options' );
551
- // Don't do anything if NinjaFirewall is disabled:
552
- if ( empty( $nfw_options['enabled'] ) ) { return $cookie; }
553
 
554
- nfw_session_start();
 
555
 
556
- $wp_user = get_user_by( 'id', $user_id );
557
- // Fetch user roles
558
  $whoami = '';
559
- foreach( $wp_user->roles as $k => $v ) {
560
  if ( $v == 'administrator' ) {
561
  $admin_flag = 1;
562
  }
@@ -567,7 +565,7 @@ function nfw_auth_cookie( $cookie, $user_id, $expiration, $scheme, $token ) {
567
  // Still nothing: Maybe an additional superadmin
568
  if ( empty( $whoami ) && is_multisite() ) {
569
  // $user->ID is required here
570
- if ( is_super_admin( $wp_user->ID ) ) {
571
  $admin_flag = 1;
572
  $whoami = 'administrator';
573
  }
@@ -576,10 +574,10 @@ function nfw_auth_cookie( $cookie, $user_id, $expiration, $scheme, $token ) {
576
  // Are we supposed to send an alert?
577
  if (! empty($nfw_options['a_0']) ) {
578
  if ( ( $nfw_options['a_0'] == 1 && isset( $admin_flag ) ) || $nfw_options['a_0'] == 2 ) {
579
- nfw_send_loginemail( $wp_user->data->user_login, $whoami );
580
  // Write event to log?
581
- if (! empty( $nfw_options['a_41'] ) ) {
582
- nfw_log2('Logged in user', "{$wp_user->data->user_login} ({$whoami})", 6, 0);
583
  }
584
  }
585
  }
@@ -589,7 +587,7 @@ function nfw_auth_cookie( $cookie, $user_id, $expiration, $scheme, $token ) {
589
  if ( ( $nfw_options['wl_admin'] == 1 && isset( $admin_flag ) ) || $nfw_options['wl_admin'] == 2 ) {
590
  // Set the goodguy flag:
591
  $_SESSION['nfw_goodguy'] = 1;
592
- return $cookie;
593
  }
594
  }
595
 
@@ -597,8 +595,6 @@ function nfw_auth_cookie( $cookie, $user_id, $expiration, $scheme, $token ) {
597
  if ( isset( $_SESSION['nfw_goodguy'] ) ) {
598
  unset( $_SESSION['nfw_goodguy'] );
599
  }
600
-
601
- return $cookie;
602
  }
603
 
604
  // Hook priority can be defined in the wp-config.php or .htninja
@@ -607,8 +603,7 @@ if ( defined('NFW_LOGINHOOK') ) {
607
  } else {
608
  $NFW_LOGINHOOK = -999999999;
609
  }
610
-
611
- add_filter( 'auth_cookie', 'nfw_auth_cookie', $NFW_LOGINHOOK, 5 );
612
 
613
  /* ------------------------------------------------------------------ */
614
  function nfw_logout_hook() {
3
  Plugin Name: NinjaFirewall (WP Edition)
4
  Plugin URI: https://nintechnet.com/
5
  Description: A true Web Application Firewall to protect and secure WordPress.
6
+ Version: 4.4.2
7
  Author: The Ninja Technologies Network
8
  Author URI: https://nintechnet.com/
9
  License: GPLv3 or later
19
  | (c) NinTechNet - https://nintechnet.com/ |
20
  +---------------------------------------------------------------------+
21
  */
22
+ define( 'NFW_ENGINE_VERSION', '4.4.2' );
23
  /*
24
  +---------------------------------------------------------------------+
25
  | This program is free software: you can redistribute it and/or |
543
  // ---------------------------------------------------------------------
544
  // Check if the user is an admin and if we must whitelist them.
545
 
546
+ function nfw_login_hook( $user_login, $user ) {
547
 
548
+ nfw_session_start();
549
 
550
  $nfw_options = nfw_get_option( 'nfw_options' );
 
 
551
 
552
+ // Don't do anything if NinjaFirewall is disabled:
553
+ if ( empty( $nfw_options['enabled'] ) ) { return; }
554
 
555
+ // Fetch user roles:
 
556
  $whoami = '';
557
+ foreach( $user->roles as $k => $v ) {
558
  if ( $v == 'administrator' ) {
559
  $admin_flag = 1;
560
  }
565
  // Still nothing: Maybe an additional superadmin
566
  if ( empty( $whoami ) && is_multisite() ) {
567
  // $user->ID is required here
568
+ if ( is_super_admin( $user->ID ) ) {
569
  $admin_flag = 1;
570
  $whoami = 'administrator';
571
  }
574
  // Are we supposed to send an alert?
575
  if (! empty($nfw_options['a_0']) ) {
576
  if ( ( $nfw_options['a_0'] == 1 && isset( $admin_flag ) ) || $nfw_options['a_0'] == 2 ) {
577
+ nfw_send_loginemail( $user_login, $whoami );
578
  // Write event to log?
579
+ if (! empty($nfw_options['a_41']) ) {
580
+ nfw_log2('Logged in user', "{$user_login} ({$whoami})", 6, 0);
581
  }
582
  }
583
  }
587
  if ( ( $nfw_options['wl_admin'] == 1 && isset( $admin_flag ) ) || $nfw_options['wl_admin'] == 2 ) {
588
  // Set the goodguy flag:
589
  $_SESSION['nfw_goodguy'] = 1;
590
+ return;
591
  }
592
  }
593
 
595
  if ( isset( $_SESSION['nfw_goodguy'] ) ) {
596
  unset( $_SESSION['nfw_goodguy'] );
597
  }
 
 
598
  }
599
 
600
  // Hook priority can be defined in the wp-config.php or .htninja
603
  } else {
604
  $NFW_LOGINHOOK = -999999999;
605
  }
606
+ add_action( 'wp_login', 'nfw_login_hook', $NFW_LOGINHOOK, 2 );
 
607
 
608
  /* ------------------------------------------------------------------ */
609
  function nfw_logout_hook() {
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: nintechnet, bruandet
3
  Tags: security, firewall, malware, protection, hack, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid, classicpress
4
  Requires at least: 4.7
5
  Tested up to: 5.8
6
- Stable tag: 4.4.1
7
  Requires PHP: 5.5
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
@@ -208,6 +208,10 @@ WordPress Sicherheit Plugin.
208
 
209
  Need more security? Take the time to explore our supercharged Premium edition: [NinjaFirewall WP+ Edition](https://nintechnet.com/ninjafirewall/wp-edition/?comparison)
210
 
 
 
 
 
211
  = 4.4.1 =
212
 
213
  * Added support for MySQL/MariaDB database connection over SSL.
3
  Tags: security, firewall, malware, protection, hack, antispam, virus, scanner, hacked site, brute force, seguridad, seguranca, sicherheit, sicurezza, veiligheid, classicpress
4
  Requires at least: 4.7
5
  Tested up to: 5.8
6
+ Stable tag: 4.4.2
7
  Requires PHP: 5.5
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
208
 
209
  Need more security? Take the time to explore our supercharged Premium edition: [NinjaFirewall WP+ Edition](https://nintechnet.com/ninjafirewall/wp-edition/?comparison)
210
 
211
+ = 4.4.2 =
212
+
213
+ * Fixed an issue introduced in v4.4.1 where a notification email was sent each time an external application authenticated itself.
214
+
215
  = 4.4.1 =
216
 
217
  * Added support for MySQL/MariaDB database connection over SSL.