Version Description
- Fixed "Early referer checks on admin hooks"
Download this release
Release Info
| Developer | unifiedexp |
| Plugin |  Sucuri Security – Auditing, Malware Scanner and Security Hardening |
| Version | 1.8.35 |
| Comparing to | |
| See all releases | |
Code changes from version 1.8.34 to 1.8.35
- readme.txt +4 -1
- src/hook.lib.php +12 -7
- sucuri.php +1 -1
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate Link: https://sucuri.net/
|
|
| 4 |
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blocklist, detection, hardening, file integrity
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0
|
| 7 |
-
Stable tag: 1.8.
|
| 8 |
|
| 9 |
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
|
| 10 |
|
|
@@ -195,6 +195,9 @@ This version adds an option to refresh the malware scan results on demand, as we
|
|
| 195 |
Daniel is no longer maintaining the Sucuri plugin at GoDaddy. We have transferred it to a dedicated team to maintain and improve it.
|
| 196 |
|
| 197 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 198 |
= 1.8.34 =
|
| 199 |
* Added referer check on admin hooks
|
| 200 |
|
| 4 |
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blocklist, detection, hardening, file integrity
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0
|
| 7 |
+
Stable tag: 1.8.35
|
| 8 |
|
| 9 |
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
|
| 10 |
|
| 195 |
Daniel is no longer maintaining the Sucuri plugin at GoDaddy. We have transferred it to a dedicated team to maintain and improve it.
|
| 196 |
|
| 197 |
== Changelog ==
|
| 198 |
+
= 1.8.35 =
|
| 199 |
+
* Fixed "Early referer checks on admin hooks"
|
| 200 |
+
|
| 201 |
= 1.8.34 =
|
| 202 |
* Added referer check on admin hooks
|
| 203 |
|
src/hook.lib.php
CHANGED
|
@@ -518,8 +518,8 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 518 |
{
|
| 519 |
// Plugin installation request.
|
| 520 |
if (current_user_can('install_plugins')
|
| 521 |
-
&& check_ajax_referer( 'updates', false, false )
|
| 522 |
&& SucuriScanRequest::getOrPost('action', '(install|upload)-plugin')
|
|
|
|
| 523 |
) {
|
| 524 |
$plugin = SucuriScanRequest::getOrPost('plugin', '.+');
|
| 525 |
|
|
@@ -544,13 +544,18 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 544 |
// Plugin update request.
|
| 545 |
$plugin_update_actions = '(upgrade-plugin|do-plugin-upgrade|update-selected)';
|
| 546 |
|
| 547 |
-
if (!current_user_can('update_plugins')
|
| 548 |
return;
|
| 549 |
}
|
| 550 |
|
| 551 |
if (SucuriScanRequest::getOrPost('action', $plugin_update_actions)
|
| 552 |
|| SucuriScanRequest::getOrPost('action2', $plugin_update_actions)
|
| 553 |
) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 554 |
$plugin_list = array();
|
| 555 |
$items_affected = array();
|
| 556 |
|
|
@@ -860,9 +865,9 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 860 |
{
|
| 861 |
// Theme deletion request.
|
| 862 |
if (current_user_can('delete_themes')
|
| 863 |
-
&& check_ajax_referer( 'updates', false, false )
|
| 864 |
&& SucuriScanRequest::getOrPost('action', 'delete')
|
| 865 |
&& SucuriScanRequest::getOrPost('stylesheet', '.+')
|
|
|
|
| 866 |
) {
|
| 867 |
$theme = SucuriScanRequest::getOrPost('stylesheet', '.+');
|
| 868 |
$theme = $theme ? $theme : __('Unknown', 'sucuri-scanner');
|
|
@@ -882,11 +887,11 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 882 |
{
|
| 883 |
// Theme editor request.
|
| 884 |
if (current_user_can('edit_themes')
|
| 885 |
-
&& check_ajax_referer( 'updates', false, false )
|
| 886 |
&& SucuriScanRequest::post('action', 'update')
|
| 887 |
&& SucuriScanRequest::post('theme', '.+')
|
| 888 |
&& SucuriScanRequest::post('file', '.+')
|
| 889 |
&& strpos($_SERVER['SCRIPT_NAME'], 'theme-editor.php') !== false
|
|
|
|
| 890 |
) {
|
| 891 |
$theme_name = SucuriScanRequest::post('theme');
|
| 892 |
$filename = SucuriScanRequest::post('file');
|
|
@@ -905,8 +910,8 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 905 |
{
|
| 906 |
// Theme installation request.
|
| 907 |
if (current_user_can('install_themes')
|
| 908 |
-
&& check_ajax_referer( 'updates', false, false )
|
| 909 |
&& SucuriScanRequest::get('action', 'install-theme')
|
|
|
|
| 910 |
) {
|
| 911 |
$theme = SucuriScanRequest::get('theme', '.+');
|
| 912 |
$theme = $theme ? $theme : __('Unknown', 'sucuri-scanner');
|
|
@@ -940,9 +945,9 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 940 |
{
|
| 941 |
// Theme update request.
|
| 942 |
if (current_user_can('update_themes')
|
| 943 |
-
&& check_ajax_referer( 'updates', false, false )
|
| 944 |
&& SucuriScanRequest::get('action', '(upgrade-theme|do-theme-upgrade)')
|
| 945 |
&& SucuriScanRequest::post('checked', '_array')
|
|
|
|
| 946 |
) {
|
| 947 |
$themes = SucuriScanRequest::post('checked', '_array');
|
| 948 |
$items_affected = array();
|
|
@@ -1081,10 +1086,10 @@ class SucuriScanHook extends SucuriScanEvent
|
|
| 1081 |
{
|
| 1082 |
// Widget addition or deletion.
|
| 1083 |
if (current_user_can('edit_theme_options')
|
| 1084 |
-
&& check_ajax_referer( 'save-sidebar-widgets', 'savewidgets', false )
|
| 1085 |
&& SucuriScanRequest::post('action', 'save-widget')
|
| 1086 |
&& SucuriScanRequest::post('id_base') !== false
|
| 1087 |
&& SucuriScanRequest::post('sidebar') !== false
|
|
|
|
| 1088 |
) {
|
| 1089 |
if (SucuriScanRequest::post('delete_widget', '1')) {
|
| 1090 |
$action_d = 'deleted';
|
| 518 |
{
|
| 519 |
// Plugin installation request.
|
| 520 |
if (current_user_can('install_plugins')
|
|
|
|
| 521 |
&& SucuriScanRequest::getOrPost('action', '(install|upload)-plugin')
|
| 522 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 523 |
) {
|
| 524 |
$plugin = SucuriScanRequest::getOrPost('plugin', '.+');
|
| 525 |
|
| 544 |
// Plugin update request.
|
| 545 |
$plugin_update_actions = '(upgrade-plugin|do-plugin-upgrade|update-selected)';
|
| 546 |
|
| 547 |
+
if (!current_user_can('update_plugins')) {
|
| 548 |
return;
|
| 549 |
}
|
| 550 |
|
| 551 |
if (SucuriScanRequest::getOrPost('action', $plugin_update_actions)
|
| 552 |
|| SucuriScanRequest::getOrPost('action2', $plugin_update_actions)
|
| 553 |
) {
|
| 554 |
+
|
| 555 |
+
if (!check_ajax_referer( 'updates', false, false )) {
|
| 556 |
+
return;
|
| 557 |
+
}
|
| 558 |
+
|
| 559 |
$plugin_list = array();
|
| 560 |
$items_affected = array();
|
| 561 |
|
| 865 |
{
|
| 866 |
// Theme deletion request.
|
| 867 |
if (current_user_can('delete_themes')
|
|
|
|
| 868 |
&& SucuriScanRequest::getOrPost('action', 'delete')
|
| 869 |
&& SucuriScanRequest::getOrPost('stylesheet', '.+')
|
| 870 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 871 |
) {
|
| 872 |
$theme = SucuriScanRequest::getOrPost('stylesheet', '.+');
|
| 873 |
$theme = $theme ? $theme : __('Unknown', 'sucuri-scanner');
|
| 887 |
{
|
| 888 |
// Theme editor request.
|
| 889 |
if (current_user_can('edit_themes')
|
|
|
|
| 890 |
&& SucuriScanRequest::post('action', 'update')
|
| 891 |
&& SucuriScanRequest::post('theme', '.+')
|
| 892 |
&& SucuriScanRequest::post('file', '.+')
|
| 893 |
&& strpos($_SERVER['SCRIPT_NAME'], 'theme-editor.php') !== false
|
| 894 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 895 |
) {
|
| 896 |
$theme_name = SucuriScanRequest::post('theme');
|
| 897 |
$filename = SucuriScanRequest::post('file');
|
| 910 |
{
|
| 911 |
// Theme installation request.
|
| 912 |
if (current_user_can('install_themes')
|
|
|
|
| 913 |
&& SucuriScanRequest::get('action', 'install-theme')
|
| 914 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 915 |
) {
|
| 916 |
$theme = SucuriScanRequest::get('theme', '.+');
|
| 917 |
$theme = $theme ? $theme : __('Unknown', 'sucuri-scanner');
|
| 945 |
{
|
| 946 |
// Theme update request.
|
| 947 |
if (current_user_can('update_themes')
|
|
|
|
| 948 |
&& SucuriScanRequest::get('action', '(upgrade-theme|do-theme-upgrade)')
|
| 949 |
&& SucuriScanRequest::post('checked', '_array')
|
| 950 |
+
&& check_ajax_referer( 'updates', false, false )
|
| 951 |
) {
|
| 952 |
$themes = SucuriScanRequest::post('checked', '_array');
|
| 953 |
$items_affected = array();
|
| 1086 |
{
|
| 1087 |
// Widget addition or deletion.
|
| 1088 |
if (current_user_can('edit_theme_options')
|
|
|
|
| 1089 |
&& SucuriScanRequest::post('action', 'save-widget')
|
| 1090 |
&& SucuriScanRequest::post('id_base') !== false
|
| 1091 |
&& SucuriScanRequest::post('sidebar') !== false
|
| 1092 |
+
&& check_ajax_referer( 'save-sidebar-widgets', 'savewidgets', false )
|
| 1093 |
) {
|
| 1094 |
if (SucuriScanRequest::post('delete_widget', '1')) {
|
| 1095 |
$action_d = 'deleted';
|
sucuri.php
CHANGED
|
@@ -8,7 +8,7 @@
|
|
| 8 |
* Author: Sucuri Inc.
|
| 9 |
* Text Domain: sucuri-scanner
|
| 10 |
* Domain Path: /lang
|
| 11 |
-
* Version: 1.8.
|
| 12 |
*
|
| 13 |
* PHP version 7
|
| 14 |
*
|
| 8 |
* Author: Sucuri Inc.
|
| 9 |
* Text Domain: sucuri-scanner
|
| 10 |
* Domain Path: /lang
|
| 11 |
+
* Version: 1.8.35
|
| 12 |
*
|
| 13 |
* PHP version 7
|
| 14 |
*
|
