Version Description
- less memory used for wp-login.php checks (thanks https://github.com/stodorovic)
- fixed MySQL errors for threat scan (thanks https://github.com/stodorovic)
Download this release
Release Info
| Developer | bhadaway |
| Plugin |  Stop Spammers |
| Version | 7.0.7 |
| Comparing to | |
| See all releases | |
Code changes from version 7.0.6 to 7.0.7
- modules/chkadmin.php +1 -5
- readme.txt +4 -0
- settings/ss_threat_scan.php +3 -5
- stop-spammer-registrations-new.php +2 -2
modules/chkadmin.php
CHANGED
|
@@ -10,11 +10,7 @@ if (stripos($login,'admin')===false) return false;
|
|
| 10 |
// no users or authors named admin
|
| 11 |
// do a look up to see if there is an author named admin
|
| 12 |
if (!function_exists('get_users')) return false; // non-WP?
|
| 13 |
-
|
| 14 |
-
if (empty($blogusers)) return false;
|
| 15 |
-
foreach($blogusers as $u) {
|
| 16 |
-
if ($u->user_login==$login) return false; // false alarm - really is a person admin
|
| 17 |
-
}
|
| 18 |
// this may cause problems when a legitimate new user wants to include the string admin in their username
|
| 19 |
return "Admin Login or Registration Attempt: $login";
|
| 20 |
}
|
| 10 |
// no users or authors named admin
|
| 11 |
// do a look up to see if there is an author named admin
|
| 12 |
if (!function_exists('get_users')) return false; // non-WP?
|
| 13 |
+
if (get_user_by('login',$login)) return false; // false alarm - really is a person admin
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
// this may cause problems when a legitimate new user wants to include the string admin in their username
|
| 15 |
return "Admin Login or Registration Attempt: $login";
|
| 16 |
}
|
readme.txt
CHANGED
|
@@ -38,6 +38,10 @@ OR
|
|
| 38 |
|
| 39 |
== Changelog ==
|
| 40 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41 |
= 7.0.6 =
|
| 42 |
* fixed issue with menu icon
|
| 43 |
* removed debug submission form (not needed)
|
| 38 |
|
| 39 |
== Changelog ==
|
| 40 |
|
| 41 |
+
= 7.0.7 =
|
| 42 |
+
* less memory used for wp-login.php checks (thanks https://github.com/stodorovic)
|
| 43 |
+
* fixed MySQL errors for threat scan (thanks https://github.com/stodorovic)
|
| 44 |
+
|
| 45 |
= 7.0.6 =
|
| 46 |
* fixed issue with menu icon
|
| 47 |
* removed debug submission form (not needed)
|
settings/ss_threat_scan.php
CHANGED
|
@@ -67,14 +67,12 @@ INSTR(LCASE(post_author), 'eval (') +
|
|
| 67 |
INSTR(LCASE(post_title), 'eval (') +
|
| 68 |
INSTR(LCASE(post_name), 'eval (') +
|
| 69 |
INSTR(LCASE(guid), 'eval (') +
|
| 70 |
-
|
| 71 |
INSTR(LCASE(post_content), 'document.write(unescape(') +
|
| 72 |
INSTR(LCASE(post_content), 'try{window.onload') +
|
| 73 |
INSTR(LCASE(post_content), 'setAttribute(\'src\'') +
|
| 74 |
-
INSTR(LCASE(post_mime_type), 'script')
|
| 75 |
-
INSTR(LCASE(document.write(string.fromcharcode), 'script')) >0
|
| 76 |
";
|
| 77 |
-
// echo " <br /> $sql <br />";
|
| 78 |
flush();
|
| 79 |
$myrows = $wpdb->get_results( $sql );
|
| 80 |
if ($myrows) {
|
|
@@ -282,7 +280,7 @@ $badguys=array(
|
|
| 282 |
'(gz'.'inflate'=>'gzip inflate often used to hide code',
|
| 283 |
'UA-27917097-1'=>'Bogus Google Analytics code',
|
| 284 |
'w.wpquery.o'=>'Malicious jquery in bootleg plugin or theme',
|
| 285 |
-
|
| 286 |
);
|
| 287 |
$sql="select option_id,option_value,option_name
|
| 288 |
from $ptab where
|
| 67 |
INSTR(LCASE(post_title), 'eval (') +
|
| 68 |
INSTR(LCASE(post_name), 'eval (') +
|
| 69 |
INSTR(LCASE(guid), 'eval (') +
|
| 70 |
+
INSTR(LCASE(post_content), 'eval (') +
|
| 71 |
INSTR(LCASE(post_content), 'document.write(unescape(') +
|
| 72 |
INSTR(LCASE(post_content), 'try{window.onload') +
|
| 73 |
INSTR(LCASE(post_content), 'setAttribute(\'src\'') +
|
| 74 |
+
INSTR(LCASE(post_mime_type), 'script') > 0
|
|
|
|
| 75 |
";
|
|
|
|
| 76 |
flush();
|
| 77 |
$myrows = $wpdb->get_results( $sql );
|
| 78 |
if ($myrows) {
|
| 280 |
'(gz'.'inflate'=>'gzip inflate often used to hide code',
|
| 281 |
'UA-27917097-1'=>'Bogus Google Analytics code',
|
| 282 |
'w.wpquery.o'=>'Malicious jquery in bootleg plugin or theme',
|
| 283 |
+
'<scr\\\'+'=>'Obfuscated script tag, usually in bootleg plugin or theme'
|
| 284 |
);
|
| 285 |
$sql="select option_id,option_value,option_name
|
| 286 |
from $ptab where
|
stop-spammer-registrations-new.php
CHANGED
|
@@ -5,11 +5,11 @@ Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
|
|
| 5 |
Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
|
| 6 |
Author: Bryan Hadaway
|
| 7 |
Author URI: https://calmestghost.com/
|
| 8 |
-
Version: 7.0.
|
| 9 |
License: https://www.gnu.org/licenses/gpl.html
|
| 10 |
*/
|
| 11 |
// networking requires a couple of globals
|
| 12 |
-
define('SS_VERSION', '7.0.
|
| 13 |
define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
|
| 14 |
define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
|
| 15 |
define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
|
| 5 |
Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
|
| 6 |
Author: Bryan Hadaway
|
| 7 |
Author URI: https://calmestghost.com/
|
| 8 |
+
Version: 7.0.7
|
| 9 |
License: https://www.gnu.org/licenses/gpl.html
|
| 10 |
*/
|
| 11 |
// networking requires a couple of globals
|
| 12 |
+
define('SS_VERSION', '7.0.7');
|
| 13 |
define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
|
| 14 |
define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
|
| 15 |
define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
|
