Restricted Site Access - Version 7.3.1

Version Description

2022-06-30 =
Added: PHP8 compatibility check GitHub Action (props @Sidsector9, dkotter).
Added: Dependency security scanning GitHub Action (props @jeffpaul).
Changed: Admin settings HTML semantics for easier testing (props @Sidsector9, @faisal-alvi).
Changed: Bump WordPress "tested up to" version 6.0 (props @peterwilsoncc, @faisal-alvi, @cadic, @jeffpaul).
Changed: Documentation, asset, and e2e test updates (props @Sidsector9, @iamdharmesh).
Fixed: Check netmask range before IP is added (props @Sidsector9, @PypWalters).
Security: Bump minimist from 1.2.5 to 1.2.6 (props @dependabot).
Security: Bump grunt from 1.4.1 to 1.5.3 (props @dependabot).
Security: Bump async from 2.6.3 to 2.6.4 (props @dependabot).

Release Info

Developer	10up
Plugin	Restricted Site Access
Version	7.3.1
Comparing to
See all releases

Code changes from version 7.3.0 to 7.3.1

Files changed (7) hide show

.eslintrc.js +0 -16
assets/css/admin.css +4 -0
assets/js/admin.min.js +1 -1
assets/js/settings.min.js +1 -1
assets/js/src/settings.js +6 -1
readme.txt +40 -26
restricted_site_access.php +54 -9

.eslintrc.js DELETED Viewed

@@ -1,16 +0,0 @@
-            -
-            -
            /**
-            -
             * Internal dependencies
-            -
             */
-            -
-            -
            module.exports = {
-            -
            	extends: 'plugin:@wordpress/eslint-plugin/recommended-with-formatting',
-            -
            	globals: {
-            -
            		window: 'readonly',
-            -
            		$: 'readonly',
-            -
            		jQuery: 'readonly',
-            -
            		rsaAdmin: 'readonly',
-            -
            		rsaSettings: 'readonly',
-            -
            		ajaxurl: 'readonly',
-            -
            	},
-            -
            };

assets/css/admin.css CHANGED Viewed

	@@ -6,3 +6,7 @@ input#rsa-user-message {
6	.rsa-user-message {
7	text-align: center
8	}


6	.rsa-user-message {
7	text-align: center
8	}
9	+
10	+ .rsa-ip-addresses-field-wrapper {
11	+ position: relative;
12	+ }

assets/js/admin.min.js CHANGED Viewed

@@ -1 +1 @@

- !function(e,s){"use strict";s(".notice").on("click",".notice-dismiss",function(e){e.delegateTarget.getAttribute("data-rsa-notice")&&s.ajax({method:"post",data:{nonce:rsaAdmin.nonce,action:"rsa_notice_dismiss"},url:ajaxurl})})}(window,jQuery),function(e,s){"use strict";({els:{dialog:document.getElementById("rsa-disable-dialog"),userMessage:document.getElementById("rsa-user-message")},variables:{expectedAnswer:rsaAdmin.strings.message.toLowerCase(),disablingURL:null},openDialog(e){e.preventDefault(),s(this.els.dialog).dialog("open")},isExpectedAnswer(){return this.els.userMessage.value.toLowerCase()===this.variables.expectedAnswer},dialogSettings(){const t=this;t.close=function(){s(t.els.dialog).dialog("close"),t.els.userMessage.style.border="1px solid #ddd",t.els.userMessage.value=""},s(this.els.dialog).dialog({dialogClass:"wp-dialog",autoOpen:!1,draggable:!1,width:"auto",modal:!0,resizable:!1,buttons:[{text:rsaAdmin.strings.confirm,click(){t.isExpectedAnswer()?e.location.href=t.variables.disablingURL:t.els.userMessage.style.border="1px solid red"}},{text:rsaAdmin.strings.cancel,click(){t.close()},class:"button-primary"}],open(){s(".ui-widget-overlay").bind("click",function(){t.close()})},create(){s(".ui-dialog-titlebar-close").addClass("ui-button"),s(this).siblings(".ui-dialog-titlebar").hide()}}),this.els.buttons=s(this.els.dialog).dialog("option","buttons")},maybeSubmit(e){switch(e.key){case"Enter":this.els.buttons[0].click()}},bindEvents(){s('[data-slug="restricted-site-access"]').on("click",".deactivate a",this.openDialog.bind(this)),this.els.userMessage.addEventListener("keyup",this.maybeSubmit.bind(this))},init(){const e=document.getElementById("the-list");e&&(this.variables.disablingURL=e.querySelector('[data-slug="restricted-site-access"] .deactivate a').href),this.bindEvents(),this.dialogSettings()}}).init()}(window,jQuery);

+ !function(e,s){"use strict";s(".notice").on("click",".notice-dismiss",function(e){e.delegateTarget.getAttribute("data-rsa-notice")&&s.ajax({method:"post",data:{nonce:rsaAdmin.nonce,action:"rsa_notice_dismiss"},url:ajaxurl})})}(window,jQuery),function(e,s){"use strict";({els:{dialog:document.getElementById("rsa-disable-dialog"),userMessage:document.getElementById("rsa-user-message")},variables:{expectedAnswer:rsaAdmin.strings.message.toLowerCase(),disablingURL:null},openDialog(e){e.preventDefault(),s(this.els.dialog).dialog("open")},isExpectedAnswer(){return this.els.userMessage.value.toLowerCase()===this.variables.expectedAnswer},dialogSettings(){const t=this;t.close=function(){s(t.els.dialog).dialog("close"),t.els.userMessage.style.border="1px solid #ddd",t.els.userMessage.value=""},s(this.els.dialog).dialog({dialogClass:"wp-dialog",autoOpen:!1,draggable:!1,width:"auto",modal:!0,resizable:!1,buttons:[{text:rsaAdmin.strings.confirm,click(){t.isExpectedAnswer()?e.location.href=t.variables.disablingURL:t.els.userMessage.style.border="1px solid red"}},{text:rsaAdmin.strings.cancel,click(){t.close()},class:"button-primary"}],open(){s(".ui-widget-overlay").bind("click",function(){t.close()})},create(){s(".ui-dialog-titlebar-close").addClass("ui-button"),s(this).siblings(".ui-dialog-titlebar").hide()}}),this.els.buttons=s(this.els.dialog).dialog("option","buttons")},maybeSubmit(e){switch(e.key){case"Enter":this.els.buttons[0].click()}},bindEvents(){s('[data-slug="restricted-site-access"]').on("click",".deactivate a",this.openDialog.bind(this)),this.els.userMessage&&this.els.userMessage.addEventListener("keyup",this.maybeSubmit.bind(this))},init(){const e=document.getElementById("the-list");e&&(this.variables.disablingURL=e.querySelector('[data-slug="restricted-site-access"] .deactivate a').href),this.bindEvents(),this.dialogSettings()}}).init()}(window,jQuery);

assets/js/settings.min.js CHANGED Viewed

@@ -1 +1 @@

- !function(e,t){"use strict";const i=e.document,c={add_btn:"",new_ip:"",ip_list_wrap:"",empty_ip:"",restrict_radio:"",table:"",redirect_choice:"",message_choice:"",page_choice:"",redirect_fields:"",message_field:"",page_field:""};!function(){c.add_btn=t(i.getElementById("addip")),c.new_ip=i.getElementById("newip"),c.new_ip_comment=i.getElementById("newipcomment"),c.ip_list_wrap=i.getElementById("ip_list"),c.empty_ip=t(i.getElementById("ip_list_empty")),c.restrict_radio=i.getElementById("blog-restricted"),c.table=t(i.getElementById("rsa-send-to-login")).closest("table"),c.redirect_choice=i.getElementById("rsa-redirect-visitor"),c.message_choice=i.getElementById("rsa-display-message"),c.page_choice=i.getElementById("rsa-unblocked-page"),c.redirect_fields=t(i.querySelectorAll(".rsa_redirect_field")).closest("tr"),c.message_field=t(i.getElementById("rsa_message")).closest("tr"),c.page_field=t(i.getElementById("rsa_page")).closest("tr"),c.restrict_radio&&!c.restrict_radio.checked&&c.table.hide(),c.redirect_choice&&!c.redirect_choice.checked&&c.redirect_fields.hide(),c.message_choice&&!c.message_choice.checked&&c.message_field.hide(),c.page_choice&&!c.page_choice.checked&&c.page_field.hide(),t(i.querySelectorAll("#rsa_handle_fields input")).on("change",function(){c.redirect_choice.checked?c.redirect_fields.show():c.redirect_fields.hide(),c.message_choice.checked?c.message_field.show():c.message_field.hide(),c.page_choice.checked?c.page_field.show():c.page_field.hide()}),t(i.querySelectorAll(".option-site-visibility input")).on("change",function(){c.restrict_radio.checked?c.table.show():c.table.hide()}),c.add_btn.on("click",function(){!function(e,d){if(""===t.trim(e))return!1;c.add_btn.attr("disabled","disabled");const n=t(i.querySelectorAll("#ip_list input"));for(let i=0;i<n.length;i++)if(n[i].value===e)return t(n[i]).parent().effect("shake",600),c.add_btn.removeAttr("disabled"),!1;jQuery.post(ajaxurl,{action:"rsa_ip_check",ip_address:e,ip_address_comment:d,nonce:rsaSettings.nonce},function(i){if(i)return t(c.new_ip.parentNode).effect("shake",600),c.add_btn.removeAttr("disabled"),!1;const n=c.empty_ip.clone().appendTo(c.ip_list_wrap);return n.children("input.ip").val(e),n.children("input.comment").val(d),n.removeAttr("id").slideDown(250),e===c.new_ip.value&&(t(c.new_ip).val(""),t(c.new_ip_comment).val("")),c.add_btn.removeAttr("disabled"),!0})}(c.new_ip.value,c.new_ip_comment.value)});const e=i.getElementById("rsa_myip");null!==e&&t(e).on("click",function(){t(c.new_ip).val(t(this).data("myip"))}),t(c.ip_list_wrap).on("click",".remove_btn",function(){t(this.parentNode).slideUp(250,function(){t(this).remove()})})}()}(window,jQuery);

+ !function(e,t){"use strict";const i=e.document,r={add_btn:"",new_ip:"",ip_list_wrap:"",empty_ip:"",restrict_radio:"",table:"",redirect_choice:"",message_choice:"",page_choice:"",redirect_fields:"",message_field:"",page_field:"",error_field:""};!function(){r.add_btn=t(i.getElementById("addip")),r.new_ip=i.getElementById("newip"),r.new_ip_comment=i.getElementById("newipcomment"),r.ip_list_wrap=i.getElementById("ip_list"),r.empty_ip=t(i.getElementById("ip_list_empty")),r.restrict_radio=i.getElementById("blog-restricted"),r.error_field=i.getElementById("rsa-error-container"),r.table=t(i.getElementById("rsa-send-to-login")).closest("table"),r.redirect_choice=i.getElementById("rsa-redirect-visitor"),r.message_choice=i.getElementById("rsa-display-message"),r.page_choice=i.getElementById("rsa-unblocked-page"),r.redirect_fields=t(i.querySelectorAll(".rsa_redirect_field")).closest("tr"),r.message_field=t(i.getElementById("rsa_message")).closest("tr"),r.page_field=t(i.getElementById("rsa_page")).closest("tr"),r.restrict_radio&&!r.restrict_radio.checked&&r.table.hide(),r.redirect_choice&&!r.redirect_choice.checked&&r.redirect_fields.hide(),r.message_choice&&!r.message_choice.checked&&r.message_field.hide(),r.page_choice&&!r.page_choice.checked&&r.page_field.hide(),t(i.querySelectorAll("#rsa_handle_fields input")).on("change",function(){r.redirect_choice.checked?r.redirect_fields.show():r.redirect_fields.hide(),r.message_choice.checked?r.message_field.show():r.message_field.hide(),r.page_choice.checked?r.page_field.show():r.page_field.hide()}),t(i.querySelectorAll(".option-site-visibility input")).on("change",function(){r.restrict_radio.checked?r.table.show():r.table.hide()}),r.add_btn.on("click",function(){!function(e,c){if(""===t.trim(e))return!1;r.add_btn.attr("disabled","disabled");const d=t(i.querySelectorAll("#ip_list input"));for(let i=0;i<d.length;i++)if(d[i].value===e)return t(d[i]).parent().effect("shake",600),r.add_btn.removeAttr("disabled"),!1;jQuery.post(ajaxurl,{action:"rsa_ip_check",ip_address:e,ip_address_comment:c,nonce:rsaSettings.nonce},function(i){if(!i.success)return t(r.new_ip.parentNode).effect("shake",600),r.add_btn.removeAttr("disabled"),t(r.error_field).text(i.data),!1;t(r.error_field).text("");const d=r.empty_ip.clone().appendTo(r.ip_list_wrap);return d.children("input.ip").val(e),d.children("input.comment").val(c),d.removeAttr("id").slideDown(250),e===r.new_ip.value&&(t(r.new_ip).val(""),t(r.new_ip_comment).val("")),r.add_btn.removeAttr("disabled"),!0})}(r.new_ip.value,r.new_ip_comment.value)});const e=i.getElementById("rsa_myip");null!==e&&t(e).on("click",function(){t(r.new_ip).val(t(this).data("myip"))}),t(r.ip_list_wrap).on("click",".remove_btn",function(){t(this.parentNode).slideUp(250,function(){t(this).remove()})})}()}(window,jQuery);

assets/js/src/settings.js CHANGED Viewed

	@@ -25,6 +25,7 @@
25	redirect_fields: '',
26	message_field: '',
27	page_field: '',

28	};
29
30	function init() {
	@@ -34,6 +35,7 @@
34	Cache.ip_list_wrap = document.getElementById( 'ip_list' );
35	Cache.empty_ip = $( document.getElementById( 'ip_list_empty' ) );
36	Cache.restrict_radio = document.getElementById( 'blog-restricted' );

37	Cache.table = $(
38	document.getElementById( 'rsa-send-to-login' )
39	).closest( 'table' );
	@@ -147,11 +149,14 @@
147	nonce: rsaSettings.nonce,
148	},
149	function( response ) {
150	- if ( response ) {
151	$( Cache.new_ip.parentNode ).effect( 'shake', shakeSpeed );
152	Cache.add_btn.removeAttr( 'disabled' );

153	return false;
154	}


155	const newIp = Cache.empty_ip
156	.clone()
157	.appendTo( Cache.ip_list_wrap );


25	redirect_fields: '',
26	message_field: '',
27	page_field: '',
28	+ error_field: '',
29	};
30
31	function init() {

35	Cache.ip_list_wrap = document.getElementById( 'ip_list' );
36	Cache.empty_ip = $( document.getElementById( 'ip_list_empty' ) );
37	Cache.restrict_radio = document.getElementById( 'blog-restricted' );
38	+ Cache.error_field = document.getElementById( 'rsa-error-container' );
39	Cache.table = $(
40	document.getElementById( 'rsa-send-to-login' )
41	).closest( 'table' );

149	nonce: rsaSettings.nonce,
150	},
151	function( response ) {
152	+ if ( ! response.success ) {
153	$( Cache.new_ip.parentNode ).effect( 'shake', shakeSpeed );
154	Cache.add_btn.removeAttr( 'disabled' );
155	+ $( Cache.error_field ).text( response.data );
156	return false;
157	}
158	+
159	+ $( Cache.error_field ).text( '' );
160	const newIp = Cache.empty_ip
161	.clone()
162	.appendTo( Cache.ip_list_wrap );

readme.txt CHANGED Viewed

	@@ -1,10 +1,10 @@
1	=== Restricted Site Access ===
2	- Contributors: jakemgold, rcbth, ~~10up~~, ~~thinkoomph~~, ~~tlovett1~~
3	Donate link: https://10up.com/plugins/restricted-site-access-wordpress/
4	Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block
5	Requires at least: 5.0
6	Tested up to: 6.0
7	- Stable tag: 7.3.0
8	Requires PHP: 5.6
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -153,7 +153,18 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR
153
154	== Changelog ==
155
156	- = 7.3.0 =











157	* Added: Ability to add, remove, and set IPs programatically (props [@ivankruchkoff](https://github.com/ivankruchkoff), [@helen](https://github.com/helen), [@paulschreiber](https://github.com/paulschreiber)).
158	* Added: Cloudflare IP detection compatibility (props [@eightam](https://github.com/eightam), [@dinhtungdu](https://github.com/dinhtungdu)).
159	* Added: WP-CLI option to modify and retrieve IP entry labels (props [@Sidsector9](https://github.com/Sidsector9), [@dinhtungdu](https://github.com/dinhtungdu), [@mikelking](https://github.com/mikelking)).
	@@ -179,13 +190,13 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR
179	* Security: Bump `grunt` from 1.0.4 to 1.3.0 (props [@dependabot](https://github.com/apps/dependabot)).
180	* Security: Bump `path-parse` from 1.0.6 to 1.0.7 (props [@dependabot](https://github.com/apps/dependabot)).
181
182	- = 7.2.0 =
183	* Added: Warn and confirm before network disabling the plugin (props [@pereirinha](profiles.wordpress.org/pereirinha), [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/))
184	* Fixed: Ensure comments associated with IPs stay associated correctly (props [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@ivankk](https://profiles.wordpress.org/ivankk/), [@helen](https://profiles.wordpress.org/helen/))
185	* Fixed: Don't show escaped HTML in page caching notice (props [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@aaemnnosttv](https://profiles.wordpress.org/aaemnnosttv/))
186	* Fixed: Multisite: Avoid a redirect loop when logging in as user with no role (props [@phyrax](https://profiles.wordpress.org/phyrax/), [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@roytanck](https://profiles.wordpress.org/roytanck/), [@helen](https://profiles.wordpress.org/helen/), [@rmccue](https://profiles.wordpress.org/rmccue/))
187
188	- = 7.1.0 =
189	* Added: IP whitelist: Add a Comment field next to each IP address to help identify IP addresses added to the whitelist.
190	* Added: Add constants to force enable/disable restrictions. Set `RSA_FORCE_RESTRICTION` to `true` to force restriction or `RSA_FORBID_RESTRICTION` to disable restriction. `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTRICTION` if both are set.
191	* Fixed: Disable individual site settings when network enforced mode is on to avoid confusion about why your settings are not being respected.
	@@ -195,11 +206,11 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR
195	* Developers: Deploy plugin from GitHub to WordPress.org using GitHub Actions.
196	* Developers: Add various GitHub community files.
197
198	- = 7.0.1 =
199	* Bug fix: Avoid redirect loop when the unrestricted page is set to be the static front page.
200	* Bug fix: Fall back to the login screen if the unrestricted page is no longer published.
201
202	- = 7.0.0 =
203	* Feature: WP-CLI support! 🎉 Try `wp rsa` to get started.
204	* Feature: Whitelist IPs via the `RSA_IP_WHITELIST` constant.
205	* Feature: Use WordPress.org-provided language packs instead of bundled translations.
	@@ -207,48 +218,48 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR
207	* Bug fix: Hide settings properly when no published pages exist.
208	* Bug fix: Avoid double slashes in asset URLs that can lead to 404 errors.
209
210	- = 6.2.1 =
211	* Bug fix: Don't redirect logged-in users viewing the site in a single site install.
212
213	- = 6.2.0 =
214	* Functionality change: Check user's role on a site in multisite before granting permission.
215	* Feature: Alter or restore previous user permission checking with the `restricted_site_access_user_can_access` filter.
216	* Avoid a fatal due to differing parameter counts for the `restricted_site_access_is_restricted` filter.
217
218	- = 6.1.0 =
219	* Correct a PHP notice when running PHP >= 7.1.
220	* Refactor logic for checking ip address is in masked ip range.
221	* Add PHPUnit tests validating the ip_in_mask functionality.
222
223	- = 6.0.2 =
224	* Add a 'restrict_site_access_ip_match' action which fires when an ip match occurs. Enables adding session_start() to the IP check, ensuring Varnish type cache will not cache the request.
225
226	- = 6.0.1 =
227	* When plugin is network activated, don't touch individual blog visiblity settings.
228	* When plugin is network deactivated, set all individual blogs to default visibility.
229
230	- = 6.0 =
231	* Use Grunt to manage assets.
232	* Network settings added for management of entire network visibility settings.
233	* Display warning if page caching is enabled.
234
235	__Note: There is currently an edge case bug affecting IP whitelisting. This bug is on the docket to be fixed shortly.__
236
237	- = 5.1 =
238	* Under the hood refactoring and clean up for performance and maintainability.
239	* Small visual refinements to the settings panel.
240
241	- = 5.0.1 =
242	* Does not block user activation page in network mode
243
244	- = 5.0 =
245	* WordPress 3.5 compatibility (3.5 eliminated the Privacy settings panel in favor of a refreshed Reading panel)
246	* Real validation (on the fly and on save) for IP address entries
247	* "Restriction message" now supports simple HTML and is edited using WordPress's simple HTML tag editor
248	* A bunch of visual refinements that conform better with WordPress 3.4 and newer (spacing, native "shake" effect on invalid entries just like the login form, etc.)
249	* A bunch of under the hood refinements (e.g. playing nicer with current screen Help API)
250
251	- = 4.0 =
252	* New restriction option - show restricted visitor a specified page; use with custom page templates for great for website teasers!
253	* Major improvements to settings user interface, including hiding unused fields based on settings, easier selection of restriction type, and cleaner "remove" confirmation for IP address list
254	* Performance improvements - catches and blocks restricted visitors earlier in the loading process
	@@ -258,17 +269,17 @@ __Note: There is currently an edge case bug affecting IP whitelisting. This bug
258	* Optimized for PHP 5.2, per new WordPress 3.2 requirements (no longer supports PHP < 5.2.4)
259	* Assorted other improvements and optimizations to the code base
260
261	- = 3.2.1 =
262	* Restored PHP4 compatibility
263
264	- = 3.2 =
265	* More meaningful page title in "Display Message" mode (previously WordPress > Error)
266	* Code clean up, prevent rare warnings in debug mode
267
268	- = 3.1.1 =
269	* Fixed PHP warning when debugging is enabled and redirect path is not checked
270
271	- = 3.1 =
272	* New feature: backwards compatibility with PHP < 5.1 (limited testing with earlier versions)
273	* Bug fix: disappearing blocked access message text box on configuration page
274	* Bug fix: login always redirects visitor back to correct page
	@@ -276,7 +287,7 @@ __Note: There is currently an edge case bug affecting IP whitelisting. This bug
276	* Improved: "IP already in list" indicator
277	* Improved: optimizations to code that handles restriction behavior
278
279	- = 3.0 =
280	* Integrates with Privacy settings page and site visibility option instead of adding a whole new page
281	* Simplified options: clearer instructions, removed unnecessary hiding / showing of some options, fewer lines
282	* Indicates whether the site is blocked in the admin next to the site title (WordPress 3.0+ only)
	@@ -284,21 +295,24 @@ __Note: There is currently an edge case bug affecting IP whitelisting. This bug
284	* Cleans up / removes settings when uninstalled
285	* Assorted under the hood improvements for best coding practices, sanitization of options, etc
286
287	- = 2.1 =
288	* Customize blocked visitor message
289	* Stronger security (patched "search" hole)
290	* Better display / handling of blocked visitor message
291
292	- = 2.0 =
293	* Add support for IP ranges courtesy Eric Buth
294	* Major UI changes and improvements; major code improvements
295
296	- = 1.0.2 =
297	* Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
298
299	- = 1.0.1 =
300	* Important fundamental change related to handling of what should be restricted
301



302	== Upgrade Notice ==
303
304	= 5.1 =


1	=== Restricted Site Access ===
2	+ Contributors: 10up, jakemgold, rcbth, thinkoomph, tlovett1, jeffpaul, nomnom99
3	Donate link: https://10up.com/plugins/restricted-site-access-wordpress/
4	Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block
5	Requires at least: 5.0
6	Tested up to: 6.0
7	+ Stable tag: 7.3.1
8	Requires PHP: 5.6
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html

153
154	== Changelog ==
155
156	+ = 7.3.1 - 2022-06-30 =
157	+ * Added: PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter)).
158	+ * Added: Dependency security scanning GitHub Action (props [@jeffpaul](https://github.com/jeffpaul)).
159	+ * Changed: Admin settings HTML semantics for easier testing (props [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)).
160	+ * Changed: Bump WordPress "tested up to" version 6.0 (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@faisal-alvi](https://github.com/faisal-alvi), [@cadic](https://github.com/cadic), [@jeffpaul](https://github.com/jeffpaul)).
161	+ * Changed: Documentation, asset, and e2e test updates (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh)).
162	+ * Fixed: Check netmask range before IP is added (props [@Sidsector9](https://github.com/Sidsector9), [@PypWalters](https://github.com/PypWalters)).
163	+ * Security: Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot)).
164	+ * Security: Bump `grunt` from 1.4.1 to 1.5.3 (props [@dependabot](https://github.com/apps/dependabot)).
165	+ * Security: Bump `async` from 2.6.3 to 2.6.4 (props [@dependabot](https://github.com/apps/dependabot)).
166	+
167	+ = 7.3.0 - 2022-02-08 =
168	* Added: Ability to add, remove, and set IPs programatically (props [@ivankruchkoff](https://github.com/ivankruchkoff), [@helen](https://github.com/helen), [@paulschreiber](https://github.com/paulschreiber)).
169	* Added: Cloudflare IP detection compatibility (props [@eightam](https://github.com/eightam), [@dinhtungdu](https://github.com/dinhtungdu)).
170	* Added: WP-CLI option to modify and retrieve IP entry labels (props [@Sidsector9](https://github.com/Sidsector9), [@dinhtungdu](https://github.com/dinhtungdu), [@mikelking](https://github.com/mikelking)).

190	* Security: Bump `grunt` from 1.0.4 to 1.3.0 (props [@dependabot](https://github.com/apps/dependabot)).
191	* Security: Bump `path-parse` from 1.0.6 to 1.0.7 (props [@dependabot](https://github.com/apps/dependabot)).
192
193	+ = 7.2.0 - 2019-11-27 =
194	* Added: Warn and confirm before network disabling the plugin (props [@pereirinha](profiles.wordpress.org/pereirinha), [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/))
195	* Fixed: Ensure comments associated with IPs stay associated correctly (props [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@ivankk](https://profiles.wordpress.org/ivankk/), [@helen](https://profiles.wordpress.org/helen/))
196	* Fixed: Don't show escaped HTML in page caching notice (props [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@aaemnnosttv](https://profiles.wordpress.org/aaemnnosttv/))
197	* Fixed: Multisite: Avoid a redirect loop when logging in as user with no role (props [@phyrax](https://profiles.wordpress.org/phyrax/), [@adamsilverstein](https://profiles.wordpress.org/adamsilverstein/), [@roytanck](https://profiles.wordpress.org/roytanck/), [@helen](https://profiles.wordpress.org/helen/), [@rmccue](https://profiles.wordpress.org/rmccue/))
198
199	+ = 7.1.0 - 2019-04-11 =
200	* Added: IP whitelist: Add a Comment field next to each IP address to help identify IP addresses added to the whitelist.
201	* Added: Add constants to force enable/disable restrictions. Set `RSA_FORCE_RESTRICTION` to `true` to force restriction or `RSA_FORBID_RESTRICTION` to disable restriction. `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTRICTION` if both are set.
202	* Fixed: Disable individual site settings when network enforced mode is on to avoid confusion about why your settings are not being respected.

206	* Developers: Deploy plugin from GitHub to WordPress.org using GitHub Actions.
207	* Developers: Add various GitHub community files.
208
209	+ = 7.0.1 - 2018-09-06 =
210	* Bug fix: Avoid redirect loop when the unrestricted page is set to be the static front page.
211	* Bug fix: Fall back to the login screen if the unrestricted page is no longer published.
212
213	+ = 7.0.0 - 2018-08-30 =
214	* Feature: WP-CLI support! 🎉 Try `wp rsa` to get started.
215	* Feature: Whitelist IPs via the `RSA_IP_WHITELIST` constant.
216	* Feature: Use WordPress.org-provided language packs instead of bundled translations.

218	* Bug fix: Hide settings properly when no published pages exist.
219	* Bug fix: Avoid double slashes in asset URLs that can lead to 404 errors.
220
221	+ = 6.2.1 - 2018-05-21 =
222	* Bug fix: Don't redirect logged-in users viewing the site in a single site install.
223
224	+ = 6.2.0 - 2018-05-18 =
225	* Functionality change: Check user's role on a site in multisite before granting permission.
226	* Feature: Alter or restore previous user permission checking with the `restricted_site_access_user_can_access` filter.
227	* Avoid a fatal due to differing parameter counts for the `restricted_site_access_is_restricted` filter.
228
229	+ = 6.1.0 - 2018-02-14 =
230	* Correct a PHP notice when running PHP >= 7.1.
231	* Refactor logic for checking ip address is in masked ip range.
232	* Add PHPUnit tests validating the ip_in_mask functionality.
233
234	+ = 6.0.2 - 2018-01-29 =
235	* Add a 'restrict_site_access_ip_match' action which fires when an ip match occurs. Enables adding session_start() to the IP check, ensuring Varnish type cache will not cache the request.
236
237	+ = 6.0.1 - 2017-06-13 =
238	* When plugin is network activated, don't touch individual blog visiblity settings.
239	* When plugin is network deactivated, set all individual blogs to default visibility.
240
241	+ = 6.0 - 2017-06-12 =
242	* Use Grunt to manage assets.
243	* Network settings added for management of entire network visibility settings.
244	* Display warning if page caching is enabled.
245
246	__Note: There is currently an edge case bug affecting IP whitelisting. This bug is on the docket to be fixed shortly.__
247
248	+ = 5.1 - 2014-11-29 =
249	* Under the hood refactoring and clean up for performance and maintainability.
250	* Small visual refinements to the settings panel.
251
252	+ = 5.0.1 - 2013-01-27 =
253	* Does not block user activation page in network mode
254
255	+ = 5.0 - 2012-11-02 =
256	* WordPress 3.5 compatibility (3.5 eliminated the Privacy settings panel in favor of a refreshed Reading panel)
257	* Real validation (on the fly and on save) for IP address entries
258	* "Restriction message" now supports simple HTML and is edited using WordPress's simple HTML tag editor
259	* A bunch of visual refinements that conform better with WordPress 3.4 and newer (spacing, native "shake" effect on invalid entries just like the login form, etc.)
260	* A bunch of under the hood refinements (e.g. playing nicer with current screen Help API)
261
262	+ = 4.0 - 2011-07-16 =
263	* New restriction option - show restricted visitor a specified page; use with custom page templates for great for website teasers!
264	* Major improvements to settings user interface, including hiding unused fields based on settings, easier selection of restriction type, and cleaner "remove" confirmation for IP address list
265	* Performance improvements - catches and blocks restricted visitors earlier in the loading process

269	* Optimized for PHP 5.2, per new WordPress 3.2 requirements (no longer supports PHP < 5.2.4)
270	* Assorted other improvements and optimizations to the code base
271
272	+ = 3.2.1 - 2011-03-25 =
273	* Restored PHP4 compatibility
274
275	+ = 3.2 - 2011-03-25 =
276	* More meaningful page title in "Display Message" mode (previously WordPress > Error)
277	* Code clean up, prevent rare warnings in debug mode
278
279	+ = 3.1.1 - 2010-07-17 =
280	* Fixed PHP warning when debugging is enabled and redirect path is not checked
281
282	+ = 3.1 - 2010-07-11 =
283	* New feature: backwards compatibility with PHP < 5.1 (limited testing with earlier versions)
284	* Bug fix: disappearing blocked access message text box on configuration page
285	* Bug fix: login always redirects visitor back to correct page

287	* Improved: "IP already in list" indicator
288	* Improved: optimizations to code that handles restriction behavior
289
290	+ = 3.0 - 2010-07-05 =
291	* Integrates with Privacy settings page and site visibility option instead of adding a whole new page
292	* Simplified options: clearer instructions, removed unnecessary hiding / showing of some options, fewer lines
293	* Indicates whether the site is blocked in the admin next to the site title (WordPress 3.0+ only)

295	* Cleans up / removes settings when uninstalled
296	* Assorted under the hood improvements for best coding practices, sanitization of options, etc
297
298	+ = 2.1 - 2010-02-10 =
299	* Customize blocked visitor message
300	* Stronger security (patched "search" hole)
301	* Better display / handling of blocked visitor message
302
303	+ = 2.0 - 2010-01-10 =
304	* Add support for IP ranges courtesy Eric Buth
305	* Major UI changes and improvements; major code improvements
306
307	+ = 1.0.2 - 2009-10-13 =
308	* Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function
309
310	+ = 1.0.1 - 2009-09-10 =
311	* Important fundamental change related to handling of what should be restricted
312
313	+ = 1.0 - 2009-08-17 =
314	+ * Added: Initial public release.
315	+
316	== Upgrade Notice ==
317
318	= 5.1 =

restricted_site_access.php CHANGED Viewed

	@@ -3,9 +3,9 @@
3	* Plugin Name: Restricted Site Access
4	* Plugin URI: https://10up.com/plugins/restricted-site-access-wordpress/
5	* Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6	- * Version: 7.3.0
7	- * Requires at least: 4.6
8	- * Requires PHP:
9	* Author: Jake Goldman, 10up, Oomph
10	* Author URI: https://10up.com
11	* License: GPL v2 or later
	@@ -13,7 +13,7 @@
13	* Text Domain: restricted-site-access
14	*/
15
16	- define( 'RSA_VERSION', '7.2.0' );
17
18	/**
19	* Class responsible for all plugin funcitonality.
	@@ -1108,7 +1108,7 @@ class Restricted_Site_Access {
1108	*/
1109	public static function settings_field_allowed() {
1110	?>
1111	- <div class="hide-if-no-js">
1112	<div id="ip_list">
1113	<div id="ip_list_empty" style="display: none;"><input type="text" name="rsa_options[allowed][]" class="ip code" value="" readonly="true" size="20" /> <input type="text" name="rsa_options[comment][]" value="" class="comment" size="20" /> <a href="#remove" class="remove_btn"><?php echo esc_html( _x( 'Remove', 'remove IP address action', 'restricted-site-access' ) ); ?></a></div>
1114	<?php
	@@ -1124,18 +1124,19 @@ class Restricted_Site_Access {
1124
1125	foreach ( $ips as $key => $ip ) {
1126	if ( ! empty( $ip ) ) {
1127	- echo '<div><input type="text" name="rsa_options[allowed][]" value="' . esc_attr( $ip ) . '" class="ip code" readonly="true" size="20" /> <input type="text" name="rsa_options[comment][]" value="' . ( isset( $comments[ $key ] ) ? esc_attr( wp_unslash( $comments[ $key ] ) ) : '' ) . '" size="20" /> <a href="#remove" class="remove_btn">' . esc_html_x( 'Remove', 'remove IP address action', 'restricted-site-access' ) . '</a></div>';
1128	}
1129	}
1130	?>
1131	</div>
1132	- <div>
1133	<input type="text" name="newip" id="newip" class="ip code" placeholder="<?php esc_attr_e( 'IP Address or Range' ); ?>" size="20" />
1134	<input type="text" name="newipcomment" id="newipcomment" placeholder="<?php esc_attr_e( 'Identify this entry' ); ?>" size="20" /> <input class="button" type="button" id="addip" value="<?php esc_attr_e( 'Add' ); ?>" />
1135	<p class="description"><label for="newip"><?php esc_html_e( 'Enter a single IP address or a range using a subnet prefix', 'restricted-site-access' ); ?></label></p>
1136	<?php if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) : ?>
1137	<input class="button" type="button" id="rsa_myip" value="<?php esc_attr_e( 'Add My Current IP Address', 'restricted-site-access' ); ?>" style="margin-top: 5px;" data-myip="<?php echo esc_attr( self::get_client_ip_address() ); ?>" /><br />
1138	<?php endif; ?>

1139	</div>
1140
1141	<?php
	@@ -1293,9 +1294,10 @@ class Restricted_Site_Access {
1293	}
1294
1295	if ( empty( $_POST['ip_address'] ) \|\| ! self::is_ip( stripslashes( sanitize_text_field( wp_unslash( $_POST['ip_address'] ) ) ) ) ) {
1296	- ~~die~~( '1' );
1297	}
1298	- ~~die;~~

1299	}
1300
1301	/**
	@@ -1312,7 +1314,24 @@ class Restricted_Site_Access {
1312	if ( empty( $ip_parts[1] ) \|\| ! is_numeric( $ip_parts[1] ) \|\| strlen( $ip_parts[1] ) > 3 ) {
1313	return false;
1314	}

1315	$ip_address = $ip_parts[0];
















1316	}
1317
1318	// confirm IP part is a valid IPv6 or IPv4 IP.
	@@ -1750,6 +1769,32 @@ class Restricted_Site_Access {
1750	update_option( 'rsa_options', self::sanitize_options( self::$rsa_options ) );
1751	}
1752	}


























1753	}
1754
1755	if ( ! defined( 'RSA_IS_NETWORK' ) ) {


3	* Plugin Name: Restricted Site Access
4	* Plugin URI: https://10up.com/plugins/restricted-site-access-wordpress/
5	* Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6	+ * Version: 7.3.1
7	+ * Requires at least: 5.0
8	+ * Requires PHP: 5.6
9	* Author: Jake Goldman, 10up, Oomph
10	* Author URI: https://10up.com
11	* License: GPL v2 or later

13	* Text Domain: restricted-site-access
14	*/
15
16	+ define( 'RSA_VERSION', '7.3.1' );
17
18	/**
19	* Class responsible for all plugin funcitonality.

1108	*/
1109	public static function settings_field_allowed() {
1110	?>
1111	+ <div class="hide-if-no-js rsa-ip-addresses-field-wrapper">
1112	<div id="ip_list">
1113	<div id="ip_list_empty" style="display: none;"><input type="text" name="rsa_options[allowed][]" class="ip code" value="" readonly="true" size="20" /> <input type="text" name="rsa_options[comment][]" value="" class="comment" size="20" /> <a href="#remove" class="remove_btn"><?php echo esc_html( _x( 'Remove', 'remove IP address action', 'restricted-site-access' ) ); ?></a></div>
1114	<?php

1124
1125	foreach ( $ips as $key => $ip ) {
1126	if ( ! empty( $ip ) ) {
1127	+ echo '<div class="rsa_unrestricted_ip_row"><input type="text" name="rsa_options[allowed][]" value="' . esc_attr( $ip ) . '" class="ip code" readonly="true" size="20" /> <input type="text" name="rsa_options[comment][]" value="' . ( isset( $comments[ $key ] ) ? esc_attr( wp_unslash( $comments[ $key ] ) ) : '' ) . '" size="20" /> <a href="#remove" class="remove_btn">' . esc_html_x( 'Remove', 'remove IP address action', 'restricted-site-access' ) . '</a></div>';
1128	}
1129	}
1130	?>
1131	</div>
1132	+ <div id="rsa_add_new_ip_fields">
1133	<input type="text" name="newip" id="newip" class="ip code" placeholder="<?php esc_attr_e( 'IP Address or Range' ); ?>" size="20" />
1134	<input type="text" name="newipcomment" id="newipcomment" placeholder="<?php esc_attr_e( 'Identify this entry' ); ?>" size="20" /> <input class="button" type="button" id="addip" value="<?php esc_attr_e( 'Add' ); ?>" />
1135	<p class="description"><label for="newip"><?php esc_html_e( 'Enter a single IP address or a range using a subnet prefix', 'restricted-site-access' ); ?></label></p>
1136	<?php if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) : ?>
1137	<input class="button" type="button" id="rsa_myip" value="<?php esc_attr_e( 'Add My Current IP Address', 'restricted-site-access' ); ?>" style="margin-top: 5px;" data-myip="<?php echo esc_attr( self::get_client_ip_address() ); ?>" /><br />
1138	<?php endif; ?>
1139	+ <p id="rsa-error-container" style="color: #DC3232;"></p>
1140	</div>
1141
1142	<?php

1294	}
1295
1296	if ( empty( $_POST['ip_address'] ) \|\| ! self::is_ip( stripslashes( sanitize_text_field( wp_unslash( $_POST['ip_address'] ) ) ) ) ) {
1297	+ wp_send_json_error( __( 'The IP entered is invalid.', 'restricted-site-access' ) );
1298	}
1299	+
1300	+ wp_send_json_success();
1301	}
1302
1303	/**

1314	if ( empty( $ip_parts[1] ) \|\| ! is_numeric( $ip_parts[1] ) \|\| strlen( $ip_parts[1] ) > 3 ) {
1315	return false;
1316	}
1317	+
1318	$ip_address = $ip_parts[0];
1319	+
1320	+ $protocol = self::get_ip_protocol( $ip_address );
1321	+
1322	+ if ( 'IPv4' === $protocol && (int)$ip_parts[1] > 32 ) {
1323	+ /**
1324	+ * Return if the prefix length is greater than 32.
1325	+ * IPv4 can use maximum of 32 bits for address space.
1326	+ */
1327	+ return false;
1328	+ } else if ( 'IPv6' === $protocol && (int)$ip_parts[1] > 128 ) {
1329	+ /**
1330	+ * Return if the prefix length is greater than 128.
1331	+ * IPv6 can use maximum of 128 bits for address space.
1332	+ */
1333	+ return false;
1334	+ }
1335	}
1336
1337	// confirm IP part is a valid IPv6 or IPv4 IP.

1769	update_option( 'rsa_options', self::sanitize_options( self::$rsa_options ) );
1770	}
1771	}
1772	+
1773	+ /**
1774	+ * Returns the protocol used by the IP address.
1775	+ *
1776	+ * @param string $ip IPv4 or IPv6 address without the netmask.
1777	+ * @return string\|boolean Returns the protocol. `false` if IP is invalid.
1778	+ */
1779	+ public static function get_ip_protocol( $ip = '' ) {
1780	+ if ( empty( $ip ) ) {
1781	+ return false;
1782	+ }
1783	+
1784	+ $protocol = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 );
1785	+
1786	+ if ( false !== $protocol ) {
1787	+ return 'IPv4';
1788	+ }
1789	+
1790	+ $protocol = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 );
1791	+
1792	+ if ( false !== $protocol ) {
1793	+ return 'IPv6';
1794	+ }
1795	+
1796	+ return false;
1797	+ }
1798	}
1799
1800	if ( ! defined( 'RSA_IS_NETWORK' ) ) {