SiteGuard WP Plugin - Version 1.5.1

Version Description

  • Fix a server error when mod_access_compat is not loaded in apache2.4
  • In the Admin Page IP Filter function, fix an issue where site health loopback requests fail
Download this release

Release Info

Developer jp-secure
Plugin Icon 128x128 SiteGuard WP Plugin
Version 1.5.1
Comparing to
See all releases

Code changes from version 1.5.0 to 1.5.1

Files changed (8) hide show
  1. admin/siteguard-menu-waf-tuning-support.php +2 -0
  2. classes/siteguard-admin-filter.php +6 -0
  3. classes/siteguard-base.php +60 -0
  4. classes/siteguard-disable-xmlrpc.php +8 -3
  5. classes/siteguard-htaccess.php +12 -3
  6. classes/siteguard-waf-exclude-rule.php +1 -1
  7. readme.txt +7 -4
  8. siteguard.php +23 -6
admin/siteguard-menu-waf-tuning-support.php CHANGED
@@ -12,6 +12,8 @@ class SiteGuard_Menu_WAF_Tuning_Support extends SiteGuard_Base {
12
  // convert from URL to PATH
13
  function set_filename( $filename ) {
14
  $base = basename( $filename );
 
 
15
  $idx = strpos( $base, '?' );
16
  if ( false !== $idx ) {
17
  return substr( $base, 0, $idx );
12
  // convert from URL to PATH
13
  function set_filename( $filename ) {
14
  $base = basename( $filename );
15
+ $base = str_replace( '"', '', $base );
16
+ $base = trim( $base );
17
  $idx = strpos( $base, '?' );
18
  if ( false !== $idx ) {
19
  return substr( $base, 0, $idx );
classes/siteguard-admin-filter.php CHANGED
@@ -135,6 +135,12 @@ class SiteGuard_AdminFilter extends SiteGuard_Base {
135
  $htaccess_str .= $this->get_rewrite_cond( $ip, $ip_mode );
136
  }
137
  }
 
 
 
 
 
 
138
  $htaccess_str .= " RewriteRule ^wp-admin 404-siteguard [L]\n";
139
  $htaccess_str .= "</IfModule>\n";
140
 
135
  $htaccess_str .= $this->get_rewrite_cond( $ip, $ip_mode );
136
  }
137
  }
138
+ $server_ip = $this->get_server_ip( );
139
+ if ( false !== $server_ip ) {
140
+ $htaccess_str .= $this->get_rewrite_cond( $server_ip, 0 );
141
+ }
142
+ $htaccess_str .= $this->get_rewrite_cond( '127.0.0.1', 0 );
143
+ $htaccess_str .= $this->get_rewrite_cond( '::1', 0 );
144
  $htaccess_str .= " RewriteRule ^wp-admin 404-siteguard [L]\n";
145
  $htaccess_str .= "</IfModule>\n";
146
 
classes/siteguard-base.php CHANGED
@@ -58,7 +58,67 @@ class SiteGuard_Base {
58
  #}
59
  #return $default;
60
  }
 
 
 
 
 
 
61
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
62
  function get_ip( ) {
63
  global $siteguard_config;
64
  $ip_mode = $siteguard_config->get( 'ip_mode' );
58
  #}
59
  #return $default;
60
  }
61
+ function is_private_ip( $ip ) {
62
+ $private_ips = array(
63
+ '10.0.0.0,10.255.255.255',
64
+ '172.16.0.0,172.31.255.255',
65
+ '192.168.0.0,192.168.255.255'
66
+ );
67
 
68
+ $long_ip = ip2long( $ip );
69
+ if ( -1 !== $long_ip && false !== $long_ip ) {
70
+ $long_ip = sprintf( '%u', $long_ip );
71
+ foreach( $private_ips as $private_ip ) {
72
+ list( $start, $end ) = explode( ',', $private_ip );
73
+ $long_start = ip2long( $start );
74
+ $long_start = sprintf( '%u', $long_start );
75
+ $long_end = ip2long( $end );
76
+ $long_end = sprintf( '%u', $long_end );
77
+ if ( $long_ip >= $long_start && $long_ip <= $long_end ) {
78
+ return true;
79
+ }
80
+ }
81
+ }
82
+ return false;
83
+ }
84
+ function get_server_ip( ) {
85
+ if ( isset( $_SERVER['SERVER_ADDR'] ) ) {
86
+ $ip = $_SERVER['SERVER_ADDR'];
87
+ if ( false === $this->is_private_ip( $ip ) ) {
88
+ if ( preg_match( '/[0-9.:]+/', $ip ) ) {
89
+ return $ip;
90
+ }
91
+ }
92
+ }
93
+
94
+ $url = 'http://inet-ip.info/ip';
95
+ $options = [
96
+ 'http' => [
97
+ 'method' => 'GET',
98
+ 'timeout' => 2,
99
+ ]
100
+ ];
101
+ $ip = file_get_contents( $url, false, stream_context_create( $options ) );
102
+ if ( false !== $ip ) {
103
+ if ( preg_match( '/[0-9.:]+/', $ip ) ) {
104
+ return $ip;
105
+ }
106
+ }
107
+
108
+ $host = parse_url( home_url( ), PHP_URL_HOST );
109
+ if ( false !== $host && null !== $host ) {
110
+ putenv( 'RES_OPTIONS=retrans:1 retry:1 timeout:2 attempts:1' );
111
+ $ip = gethostbyname( $host );
112
+ if ( $ip !== $host ) {
113
+ if ( '127.0.0.1' !== $ip && '::1' !== $ip ) {
114
+ if ( preg_match( '/[0-9.:]+/', $ip ) ) {
115
+ return $ip;
116
+ }
117
+ }
118
+ }
119
+ }
120
+ return false;
121
+ }
122
  function get_ip( ) {
123
  global $siteguard_config;
124
  $ip_mode = $siteguard_config->get( 'ip_mode' );
classes/siteguard-disable-xmlrpc.php CHANGED
@@ -16,9 +16,14 @@ class SiteGuard_Disable_XMLRPC extends SiteGuard_Base {
16
  function update_settings( ) {
17
  global $siteguard_config;
18
 
19
- $htaccess_str = "<Files xmlrpc.php>\n";
20
- $htaccess_str .= " Order allow,deny\n";
21
- $htaccess_str .= " Deny from all \n";
 
 
 
 
 
22
  $htaccess_str .= "</Files>\n";
23
 
24
  return $htaccess_str;
16
  function update_settings( ) {
17
  global $siteguard_config;
18
 
19
+ $htaccess_str = "<Files xmlrpc.php>\n";
20
+ $htaccess_str .= " <IfModule authz_core_module>\n";
21
+ $htaccess_str .= " Require all denied\n";
22
+ $htaccess_str .= " </IfModule>\n";
23
+ $htaccess_str .= " <IfModule !authz_core_module>\n";
24
+ $htaccess_str .= " Order allow,deny\n";
25
+ $htaccess_str .= " Deny from all\n";
26
+ $htaccess_str .= " </IfModule>\n";
27
  $htaccess_str .= "</Files>\n";
28
 
29
  return $htaccess_str;
classes/siteguard-htaccess.php CHANGED
@@ -33,12 +33,21 @@ class SiteGuard_Htaccess extends SiteGuard_Base {
33
  $htaccess_file = $dir . '.htaccess';
34
 
35
  if ( file_exists( $htaccess_file ) ) {
36
- return true;
 
 
 
 
37
  }
38
 
39
  if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
40
- fwrite( $handle, 'Order deny,allow' . "\n" );
41
- fwrite( $handle, 'Deny from all' . "\n" );
 
 
 
 
 
42
  fclose( $handle );
43
  }
44
 
33
  $htaccess_file = $dir . '.htaccess';
34
 
35
  if ( file_exists( $htaccess_file ) ) {
36
+ $lines = file( $htaccess_file );
37
+ $res = preg_grep( '/IfModule authz_core_module/', $lines );
38
+ if ( ! empty( $res ) ) {
39
+ return true;
40
+ }
41
  }
42
 
43
  if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
44
+ fwrite( $handle, '<IfModule authz_core_module>' . "\n" );
45
+ fwrite( $handle, ' Require all denied' . "\n" );
46
+ fwrite( $handle, '</IfModule>' . "\n" );
47
+ fwrite( $handle, '<IfModule !authz_core_module>' . "\n" );
48
+ fwrite( $handle, ' Order deny,allow' . "\n" );
49
+ fwrite( $handle, ' Deny from all' . "\n" );
50
+ fwrite( $handle, '</IfModule>' . "\n" );
51
  fclose( $handle );
52
  }
53
 
classes/siteguard-waf-exclude-rule.php CHANGED
@@ -216,7 +216,7 @@ class SiteGuard_WAF_Exclude_Rule extends SiteGuard_Base {
216
  $filename = $rule['filename'];
217
  $sig = $rule['sig'];
218
  if ( ! empty( $filename ) ) {
219
- $htaccess_str .= " <Files $filename >\n";
220
  $htaccess_str .= $this->output_exclude_sig_1( $sig );
221
  $htaccess_str .= " </Files>\n";
222
  } else {
216
  $filename = $rule['filename'];
217
  $sig = $rule['sig'];
218
  if ( ! empty( $filename ) ) {
219
+ $htaccess_str .= " <Files \"$filename\" >\n";
220
  $htaccess_str .= $this->output_exclude_sig_1( $sig );
221
  $htaccess_str .= " </Files>\n";
222
  } else {
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: jp-secure
3
  Donate link: -
4
  Tags: security, waf, brute force, password list, login lock, login alert, captcha, pingback, fail once
5
  Requires at least: 3.9
6
- Tested up to: 5.4
7
- Stable tag: 1.5.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -102,9 +102,12 @@ If you have created your own language pack, or have an update of an existing one
102
  [Japanese Page](https://www.jp-secure.com/siteguard_wp_plugin/faq/)
103
 
104
  == Changelog ==
 
 
 
105
  = 1.5.0 =
106
- * Do not redirect from admin page to login page.
107
- * Add site-health.php to the initial value of the exclusion path.
108
  = 1.4.3 =
109
  * Fix bug in 1.4.2 "Notice:Use of undefined constant HTTPS"
110
  = 1.4.2 =
3
  Donate link: -
4
  Tags: security, waf, brute force, password list, login lock, login alert, captcha, pingback, fail once
5
  Requires at least: 3.9
6
+ Tested up to: 5.5
7
+ Stable tag: 1.5.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
102
  [Japanese Page](https://www.jp-secure.com/siteguard_wp_plugin/faq/)
103
 
104
  == Changelog ==
105
+ = 1.5.1 =
106
+ * Fix a server error when mod_access_compat is not loaded in apache2.4
107
+ * In the Admin Page IP Filter function, fix an issue where site health loopback requests fail
108
  = 1.5.0 =
109
+ * Add the function not to redirect from admin page to login page
110
+ * Add site-health.php to the initial value of the exclusion path
111
  = 1.4.3 =
112
  * Fix bug in 1.4.2 "Notice:Use of undefined constant HTTPS"
113
  = 1.4.2 =
siteguard.php CHANGED
@@ -7,7 +7,7 @@ Author: JP-Secure
7
  Author URI: http://www.jp-secure.com/eng/
8
  Text Domain: siteguard
9
  Domain Path: /languages/
10
- Version: 1.5.0
11
  */
12
 
13
  /* Copyright 2014 JP-Secure Inc
@@ -209,6 +209,9 @@ class SiteGuard extends SiteGuard_Base {
209
  if ( '' === $old_version ) {
210
  $old_version = '0.0.0';
211
  }
 
 
 
212
  if ( version_compare( $old_version, '1.0.6' ) < 0 ) {
213
  if ( '1' === $siteguard_config->get( 'admin_filter_enable' ) ) {
214
  if ( true !== $siteguard_admin_filter->feature_on( $this->get_ip( ) ) ) {
@@ -234,22 +237,36 @@ class SiteGuard extends SiteGuard_Base {
234
  }
235
  }
236
  }
237
- if ( $upgrade_ok && SITEGUARD_VERSION !== $old_version ) {
238
- $siteguard_config->set( 'version', SITEGUARD_VERSION );
239
- $siteguard_config->update( );
240
- }
241
  if ( version_compare( $old_version, '1.3.0' ) < 0 ) {
242
  $siteguard_login_history->init( );
243
  $siteguard_xmlrpc->init( );
244
  }
245
  if ( version_compare( $old_version, '1.5.0' ) < 0 ) {
246
  $admin_filter_exclude_path = $siteguard_config->get( 'admin_filter_exclude_path' );
247
- if( false === strpos($admin_filter_exclude_path, 'site-health.php' ) ){
248
  $admin_filter_exclude_path .= ', site-health.php';
249
  $siteguard_config->set( 'admin_filter_exclude_path', $admin_filter_exclude_path );
250
  $siteguard_config->update( );
251
  }
252
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
253
  }
254
  }
255
  $siteguard = new SiteGuard;
7
  Author URI: http://www.jp-secure.com/eng/
8
  Text Domain: siteguard
9
  Domain Path: /languages/
10
+ Version: 1.5.1
11
  */
12
 
13
  /* Copyright 2014 JP-Secure Inc
209
  if ( '' === $old_version ) {
210
  $old_version = '0.0.0';
211
  }
212
+ if ( $old_version === SITEGUARD_VERSION ) {
213
+ return;
214
+ }
215
  if ( version_compare( $old_version, '1.0.6' ) < 0 ) {
216
  if ( '1' === $siteguard_config->get( 'admin_filter_enable' ) ) {
217
  if ( true !== $siteguard_admin_filter->feature_on( $this->get_ip( ) ) ) {
237
  }
238
  }
239
  }
 
 
 
 
240
  if ( version_compare( $old_version, '1.3.0' ) < 0 ) {
241
  $siteguard_login_history->init( );
242
  $siteguard_xmlrpc->init( );
243
  }
244
  if ( version_compare( $old_version, '1.5.0' ) < 0 ) {
245
  $admin_filter_exclude_path = $siteguard_config->get( 'admin_filter_exclude_path' );
246
+ if( false === strpos( $admin_filter_exclude_path, 'site-health.php' ) ){
247
  $admin_filter_exclude_path .= ', site-health.php';
248
  $siteguard_config->set( 'admin_filter_exclude_path', $admin_filter_exclude_path );
249
  $siteguard_config->update( );
250
  }
251
  }
252
+ if ( version_compare( $old_version, '1.5.1' ) < 0 ) {
253
+ if ( '1' === $siteguard_config->get( 'admin_filter_enable' ) ) {
254
+ if ( true !== $siteguard_admin_filter->feature_on( $this->get_ip( ) ) ) {
255
+ siteguard_error_log( 'Failed to update at admin_filter from ' . $old_version . ' to ' . SITEGUARD_VERSION . '.' );
256
+ $upgrade_ok = false;
257
+ }
258
+ }
259
+ if ( '1' === $siteguard_config->get( 'disable_xmlrpc_enable' ) ) {
260
+ if ( true !== $siteguard_xmlrpc->feature_on( ) ) {
261
+ siteguard_error_log( 'Failed to update at disable_xmlrpc from ' . $old_version . ' to ' . SITEGUARD_VERSION . '.' );
262
+ $upgrade_ok = false;
263
+ }
264
+ }
265
+ }
266
+ if ( $upgrade_ok && SITEGUARD_VERSION !== $old_version ) {
267
+ $siteguard_config->set( 'version', SITEGUARD_VERSION );
268
+ $siteguard_config->update( );
269
+ }
270
  }
271
  }
272
  $siteguard = new SiteGuard;