Version Description
- Added referer check on admin hooks
Download this release
Release Info
| Developer | unifiedexp |
| Plugin |  Sucuri Security – Auditing, Malware Scanner and Security Hardening |
| Version | 1.8.34 |
| Comparing to | |
| See all releases | |
Code changes from version 1.8.33 to 1.8.34
- readme.txt +4 -1
- src/globals.php +2 -2
- src/hook.lib.php +17 -14
- sucuri.php +1 -1
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate Link: https://sucuri.net/
|
|
| 4 |
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blocklist, detection, hardening, file integrity
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0
|
| 7 |
-
Stable tag: 1.8.
|
| 8 |
|
| 9 |
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
|
| 10 |
|
|
@@ -195,6 +195,9 @@ This version adds an option to refresh the malware scan results on demand, as we
|
|
| 195 |
Daniel is no longer maintaining the Sucuri plugin at GoDaddy. We have transferred it to a dedicated team to maintain and improve it.
|
| 196 |
|
| 197 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 198 |
= 1.8.33 =
|
| 199 |
* Fixed "Added option to clear cache by path"
|
| 200 |
|
| 4 |
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blocklist, detection, hardening, file integrity
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0
|
| 7 |
+
Stable tag: 1.8.34
|
| 8 |
|
| 9 |
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
|
| 10 |
|
| 195 |
Daniel is no longer maintaining the Sucuri plugin at GoDaddy. We have transferred it to a dedicated team to maintain and improve it.
|
| 196 |
|
| 197 |
== Changelog ==
|
| 198 |
+
= 1.8.34 =
|
| 199 |
+
* Added referer check on admin hooks
|
| 200 |
+
|
| 201 |
= 1.8.33 =
|
| 202 |
* Fixed "Added option to clear cache by path"
|
| 203 |
|
src/globals.php
CHANGED
|
@@ -175,9 +175,9 @@ if (defined('SUCURISCAN')) {
|
|
| 175 |
add_action('xmlrpc_publish_post', 'SucuriScanHook::hookPublishPostXMLRPC', 50, 5);
|
| 176 |
|
| 177 |
if (SucuriScan::runAdminInit()) {
|
| 178 |
-
add_action('
|
| 179 |
add_action('admin_init', 'SucuriScanHook::hookOptionsManagement');
|
| 180 |
-
add_action('
|
| 181 |
add_action('admin_init', 'SucuriScanHook::hookPluginEditor');
|
| 182 |
add_action('admin_init', 'SucuriScanHook::hookPluginInstall');
|
| 183 |
add_action('admin_init', 'SucuriScanHook::hookPluginUpdate');
|
| 175 |
add_action('xmlrpc_publish_post', 'SucuriScanHook::hookPublishPostXMLRPC', 50, 5);
|
| 176 |
|
| 177 |
if (SucuriScan::runAdminInit()) {
|
| 178 |
+
add_action('_core_updated_successfully', 'SucuriScanHook::hookCoreUpdate');
|
| 179 |
add_action('admin_init', 'SucuriScanHook::hookOptionsManagement');
|
| 180 |
+
add_action('deleted_plugin', 'SucuriScanHook::hookPluginDelete');
|
| 181 |
add_action('admin_init', 'SucuriScanHook::hookPluginEditor');
|
| 182 |
add_action('admin_init', 'SucuriScanHook::hookPluginInstall');
|
| 183 |
add_action('admin_init', 'SucuriScanHook::hookPluginUpdate');
|
src/hook.lib.php
CHANGED
|
@@ -141,19 +141,15 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 141 |
/**
|
| 142 |
* Detects when the core files are updated.
|
| 143 |
*
|
|
|
|
| 144 |
* @return void
|
| 145 |
*/
|
| 146 |
-
public static function hookCoreUpdate()
|
| 147 |
{
|
| 148 |
-
// WordPress
|
| 149 |
-
|
| 150 |
-
|
| 151 |
-
|
| 152 |
-
) {
|
| 153 |
-
$message = sprintf(__('WordPress updated to version: %s', 'sucuri-scanner'), SucuriScanRequest::post('version'));
|
| 154 |
-
self::reportCriticalEvent($message);
|
| 155 |
-
self::notifyEvent('website_updated', $message);
|
| 156 |
-
}
|
| 157 |
}
|
| 158 |
|
| 159 |
/**
|
|
@@ -522,9 +518,10 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 522 |
{
|
| 523 |
// Plugin installation request.
|
| 524 |
if (current_user_can('install_plugins')
|
| 525 |
-
&&
|
|
|
|
| 526 |
) {
|
| 527 |
-
$plugin = SucuriScanRequest::
|
| 528 |
|
| 529 |
if (isset($_FILES['pluginzip'])) {
|
| 530 |
$plugin = $_FILES['pluginzip']['name'];
|
|
@@ -547,7 +544,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 547 |
// Plugin update request.
|
| 548 |
$plugin_update_actions = '(upgrade-plugin|do-plugin-upgrade|update-selected)';
|
| 549 |
|
| 550 |
-
if (!current_user_can('update_plugins')) {
|
| 551 |
return;
|
| 552 |
}
|
| 553 |
|
|
@@ -863,6 +860,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 863 |
{
|
| 864 |
// Theme deletion request.
|
| 865 |
if (current_user_can('delete_themes')
|
|
|
|
| 866 |
&& SucuriScanRequest::getOrPost('action', 'delete')
|
| 867 |
&& SucuriScanRequest::getOrPost('stylesheet', '.+')
|
| 868 |
) {
|
|
@@ -884,6 +882,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 884 |
{
|
| 885 |
// Theme editor request.
|
| 886 |
if (current_user_can('edit_themes')
|
|
|
|
| 887 |
&& SucuriScanRequest::post('action', 'update')
|
| 888 |
&& SucuriScanRequest::post('theme', '.+')
|
| 889 |
&& SucuriScanRequest::post('file', '.+')
|
|
@@ -906,6 +905,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 906 |
{
|
| 907 |
// Theme installation request.
|
| 908 |
if (current_user_can('install_themes')
|
|
|
|
| 909 |
&& SucuriScanRequest::get('action', 'install-theme')
|
| 910 |
) {
|
| 911 |
$theme = SucuriScanRequest::get('theme', '.+');
|
|
@@ -940,6 +940,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 940 |
{
|
| 941 |
// Theme update request.
|
| 942 |
if (current_user_can('update_themes')
|
|
|
|
| 943 |
&& SucuriScanRequest::get('action', '(upgrade-theme|do-theme-upgrade)')
|
| 944 |
&& SucuriScanRequest::post('checked', '_array')
|
| 945 |
) {
|
|
@@ -1072,7 +1073,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 1072 |
}
|
| 1073 |
|
| 1074 |
/**
|
| 1075 |
-
* Detects when a widget is added
|
| 1076 |
*
|
| 1077 |
* @return void
|
| 1078 |
*/
|
|
@@ -1080,6 +1081,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 1080 |
{
|
| 1081 |
// Widget addition or deletion.
|
| 1082 |
if (current_user_can('edit_theme_options')
|
|
|
|
| 1083 |
&& SucuriScanRequest::post('action', 'save-widget')
|
| 1084 |
&& SucuriScanRequest::post('id_base') !== false
|
| 1085 |
&& SucuriScanRequest::post('sidebar') !== false
|
|
@@ -1108,6 +1110,7 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 1108 |
}
|
| 1109 |
}
|
| 1110 |
|
|
|
|
| 1111 |
/**
|
| 1112 |
* Detects when a widget is deleted.
|
| 1113 |
*
|
| 141 |
/**
|
| 142 |
* Detects when the core files are updated.
|
| 143 |
*
|
| 144 |
+
* @param string $wp_version The current WordPress version.
|
| 145 |
* @return void
|
| 146 |
*/
|
| 147 |
+
public static function hookCoreUpdate($wp_version='')
|
| 148 |
{
|
| 149 |
+
// WordPress core has been successfully updated
|
| 150 |
+
$message = sprintf(__('WordPress updated to version: %s', 'sucuri-scanner'), $wp_version);
|
| 151 |
+
self::reportCriticalEvent($message);
|
| 152 |
+
self::notifyEvent('website_updated', $message);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 153 |
}
|
| 154 |
|
| 155 |
/**
|
| 518 |
{
|
| 519 |
// Plugin installation request.
|
| 520 |
if (current_user_can('install_plugins')
|
| 521 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 522 |
+
&& SucuriScanRequest::getOrPost('action', '(install|upload)-plugin')
|
| 523 |
) {
|
| 524 |
+
$plugin = SucuriScanRequest::getOrPost('plugin', '.+');
|
| 525 |
|
| 526 |
if (isset($_FILES['pluginzip'])) {
|
| 527 |
$plugin = $_FILES['pluginzip']['name'];
|
| 544 |
// Plugin update request.
|
| 545 |
$plugin_update_actions = '(upgrade-plugin|do-plugin-upgrade|update-selected)';
|
| 546 |
|
| 547 |
+
if (!current_user_can('update_plugins') || !check_ajax_referer( 'updates', false, false )) {
|
| 548 |
return;
|
| 549 |
}
|
| 550 |
|
| 860 |
{
|
| 861 |
// Theme deletion request.
|
| 862 |
if (current_user_can('delete_themes')
|
| 863 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 864 |
&& SucuriScanRequest::getOrPost('action', 'delete')
|
| 865 |
&& SucuriScanRequest::getOrPost('stylesheet', '.+')
|
| 866 |
) {
|
| 882 |
{
|
| 883 |
// Theme editor request.
|
| 884 |
if (current_user_can('edit_themes')
|
| 885 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 886 |
&& SucuriScanRequest::post('action', 'update')
|
| 887 |
&& SucuriScanRequest::post('theme', '.+')
|
| 888 |
&& SucuriScanRequest::post('file', '.+')
|
| 905 |
{
|
| 906 |
// Theme installation request.
|
| 907 |
if (current_user_can('install_themes')
|
| 908 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 909 |
&& SucuriScanRequest::get('action', 'install-theme')
|
| 910 |
) {
|
| 911 |
$theme = SucuriScanRequest::get('theme', '.+');
|
| 940 |
{
|
| 941 |
// Theme update request.
|
| 942 |
if (current_user_can('update_themes')
|
| 943 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 944 |
&& SucuriScanRequest::get('action', '(upgrade-theme|do-theme-upgrade)')
|
| 945 |
&& SucuriScanRequest::post('checked', '_array')
|
| 946 |
) {
|
| 1073 |
}
|
| 1074 |
|
| 1075 |
/**
|
| 1076 |
+
* Detects when a widget is added or deleted
|
| 1077 |
*
|
| 1078 |
* @return void
|
| 1079 |
*/
|
| 1081 |
{
|
| 1082 |
// Widget addition or deletion.
|
| 1083 |
if (current_user_can('edit_theme_options')
|
| 1084 |
+
&& check_ajax_referer( 'save-sidebar-widgets', 'savewidgets', false )
|
| 1085 |
&& SucuriScanRequest::post('action', 'save-widget')
|
| 1086 |
&& SucuriScanRequest::post('id_base') !== false
|
| 1087 |
&& SucuriScanRequest::post('sidebar') !== false
|
| 1110 |
}
|
| 1111 |
}
|
| 1112 |
|
| 1113 |
+
|
| 1114 |
/**
|
| 1115 |
* Detects when a widget is deleted.
|
| 1116 |
*
|
sucuri.php
CHANGED
|
@@ -8,7 +8,7 @@
|
|
| 8 |
* Author: Sucuri Inc.
|
| 9 |
* Text Domain: sucuri-scanner
|
| 10 |
* Domain Path: /lang
|
| 11 |
-
* Version: 1.8.
|
| 12 |
*
|
| 13 |
* PHP version 7
|
| 14 |
*
|
| 8 |
* Author: Sucuri Inc.
|
| 9 |
* Text Domain: sucuri-scanner
|
| 10 |
* Domain Path: /lang
|
| 11 |
+
* Version: 1.8.34
|
| 12 |
*
|
| 13 |
* PHP version 7
|
| 14 |
*
|
