underConstruction - Version 1.20

Version Description

Add support for 404 status code.
Address security vulnerabilies.

Release Info

Developer	grimmdude
Plugin	underConstruction
Version	1.20
Comparing to
See all releases

Code changes from version 1.19 to 1.20

Files changed (6) hide show

defaultMessage.php +3 -3
languages/underconstruction-fr_FR.po +4 -4
readme.txt +6 -2
styles/underconstruction-style-common.css +2 -2
ucOptions.php +23 -14
underConstruction.php +8 -2

defaultMessage.php CHANGED Viewed

	@@ -27,7 +27,7 @@ function displayComingSoonPage($title, $headerText, $bodyText)
27	<head>
28	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
29	<title>
30	- <?php echo $title; ?>
31	</title>
32	<style type="text/css">
33
	@@ -66,11 +66,11 @@ function displayComingSoonPage($title, $headerText, $bodyText)
66	</head>
67	<body>
68	<span class="headerText">
69	- <?php echo $headerText; ?>
70	</span>
71	<br/>
72	<span class="bodyText">
73	- <?php echo $bodyText; ?>
74	</span>
75	</body>
76	</html>


27	<head>
28	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
29	<title>
30	+ <?php echo esc_html($title); ?>
31	</title>
32	<style type="text/css">
33

66	</head>
67	<body>
68	<span class="headerText">
69	+ <?php echo esc_html($headerText); ?>
70	</span>
71	<br/>
72	<span class="bodyText">
73	+ <?php echo esc_html($bodyText); ?>
74	</span>
75	</body>
76	</html>

languages/underconstruction-fr_FR.po CHANGED Viewed

	@@ -34,12 +34,12 @@ msgid "Activate or Deactivate"
34	msgstr "Activer ou Désactiver"
35
36	#: ../ucOptions.php:178
37	- msgid "on"
38	- msgstr "~~actif~~"
39
40	#: ../ucOptions.php:181
41	- msgid "~~off~~"
42	- msgstr "~~inactif~~"
43
44	#: ../ucOptions.php:188 ../ucOptions.php:196
45	msgid "HTTP Status Code"


34	msgstr "Activer ou Désactiver"
35
36	#: ../ucOptions.php:178
37	+ msgid "On"
38	+ msgstr "Actif"
39
40	#: ../ucOptions.php:181
41	+ msgid "Off"
42	+ msgstr "Inactif"
43
44	#: ../ucOptions.php:188 ../ucOptions.php:196
45	msgid "HTTP Status Code"

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: Jeremy Massel
3	Tags: construction, under construction, private, preview, security, coming soon
4	Requires at least: 2.7
5	- Tested up to: 5.6
6	- Stable tag: 1.19
7
8	Creates a 'Coming Soon' page that will show for all users who are not logged in
9
	@@ -43,6 +43,10 @@ I've had a few people ask me this. If you like it, please go to WordPress.org an
43	Sorry, I get a lot of questions. But visit the homepage for this plugin and leave me a comment. They go right to my inbox, and well I might not be able to for a few days, I promise I'll get back to you.
44
45	== Changelog ==




46	= 1.19 =
47	* Address security vulnerability.
48


2	Contributors: Jeremy Massel
3	Tags: construction, under construction, private, preview, security, coming soon
4	Requires at least: 2.7
5	+ Tested up to: 5.9
6	+ Stable tag: 1.20
7
8	Creates a 'Coming Soon' page that will show for all users who are not logged in
9

43	Sorry, I get a lot of questions. But visit the homepage for this plugin and leave me a comment. They go right to my inbox, and well I might not be able to for a few days, I promise I'll get back to you.
44
45	== Changelog ==
46	+ = 1.20 =
47	+ * Add support for 404 status code.
48	+ * Address security vulnerabilies.
49	+
50	= 1.19 =
51	* Address security vulnerability.
52

styles/underconstruction-style-common.css CHANGED Viewed

	@@ -260,12 +260,12 @@
260	.under-construction-promo-box {
261	/display: none;/
262	width: auto !important;
263	- max-width: ~~250px~~;
264	margin: 20px auto;
265	}
266	.under-construction-promo-box-form .under-construction-appsumo-capture-container {
267	width: auto !important;
268	- max-width: ~~250px~~;
269	margin: 20px auto;
270	}
271


260	.under-construction-promo-box {
261	/display: none;/
262	width: auto !important;
263	+ max-width: 350px;
264	margin: 20px auto;
265	}
266	.under-construction-promo-box-form .under-construction-appsumo-capture-container {
267	width: auto !important;
268	+ max-width: 350px;
269	margin: 20px auto;
270	}
271

ucOptions.php CHANGED Viewed

	@@ -6,6 +6,7 @@ if($_SERVER['REQUEST_METHOD'] == "POST"){
6	}
7	}
8

9	if (isset($_GET['turnOnUnderConstructionMode']))
10	{
11	update_option('underConstructionActivationStatus', 1);
	@@ -15,6 +16,7 @@ if (isset($_GET['turnOffUnderConstructionMode']))
15	{
16	update_option('underConstructionActivationStatus', 0);
17	}

18
19	// ======================================
20	// process display options
	@@ -33,17 +35,17 @@ if (isset($_POST['display_options']))
33
34	if (isset($_POST['pageTitle']))
35	{
36	- $values['pageTitle'] = ~~esc_attr~~($_POST['pageTitle']);
37	}
38
39	if (isset($_POST['headerText']))
40	{
41	- $values['headerText'] = ~~esc_attr~~($_POST['headerText']);
42	}
43
44	if (isset($_POST['bodyText']))
45	{
46	- $values['bodyText'] = ~~esc_attr~~($_POST['bodyText']);
47	}
48
49
	@@ -55,7 +57,7 @@ if (isset($_POST['display_options']))
55	{
56	if (isset($_POST['ucHTML']))
57	{
58	- update_option('underConstructionHTML', ~~esc_attr(~~$_POST['ucHTML']));
59	update_option('underConstructionDisplayOption', 2);
60	}
61	}
	@@ -98,6 +100,11 @@ if (isset($_POST['http_status']))
98	update_option('underConstructionRedirectURL', $_POST['url']);
99	}
100





101	if ($_POST['http_status'] == 503)
102	{
103	update_option('underConstructionHTTPStatus', 503);
	@@ -185,10 +192,10 @@ if (array_key_exists('underconstruction_global_notification', $_GET) && $_GET['u
185	<span><?php _e('Activate or Deactivate', 'underconstruction');?></span>
186	</legend>
187	<label title="activate">
188	- <input type="radio" name="activate" value="1"<?php if ($this->pluginIsActive()) { echo ' checked="checked"'; } ?>> <?php _e('on', 'underconstruction');?>
189	</label><br />
190	<label title="deactivate">
191	- <input type="radio" name="activate" value="0"<?php if (!$this->pluginIsActive()) { echo ' checked="checked"'; } ?>> <?php _e('~~off~~', 'underconstruction');?>
192	</label>
193	</fieldset>
194	</td>
	@@ -206,10 +213,12 @@ if (array_key_exists('underconstruction_global_notification', $_GET) && $_GET['u
206	<span><?php _e('HTTP Status Code', 'underconstruction');?></span>
207	</legend>
208	<label title="HTTP200">
209	- <input type="radio" name="http_status" value="200" id="200_status"<?php if ($this->httpStatusCodeIs(200)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 200 - ok', 'underconstruction');?>
210	</label> <br />
211	<label title="HTTP301">
212	<input type="radio" name="http_status" value="301" id="301_status"<?php if ($this->httpStatusCodeIs(301)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 301 - Redirect', 'underconstruction');?> </label> <br />


213	<label title="HTTP503">
214	<input type="radio" name="http_status" value="503" id="503_status"<?php if ($this->httpStatusCodeIs(503)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 503 - Service Unavailable', 'underconstruction');?>
215	</label>
	@@ -238,9 +247,9 @@ if (array_key_exists('underconstruction_global_notification', $_GET) && $_GET['u
238	foreach ( $editable_roles as $role => $details ) {
239	$name = translate_user_role($details['name'] );
240	if ( $selected == $role ) // preselect specified role
241	- $p = "\n\t<option selected='selected' value='" . esc_attr($role) . "'>$name</option>";
242	else
243	- $r .= "\n\t<option value='" . esc_attr($role) . "'>$name</option>";
244	}
245	echo $p . $r;
246	?>
	@@ -256,18 +265,18 @@ if (array_key_exists('underconstruction_global_notification', $_GET) && $_GET['u
256	<td>
257	<?php $whitelist = get_option('underConstructionIPWhitelist');
258	if($whitelist && count($whitelist)): ?>
259	- <select size="4" id="ip_whitelist" name="ip_whitelist" style="width: 250px; height: 100px;">
260	<?php for($i = 0; $i < count($whitelist); $i++):?>
261	- <option id="<?php echo $i; ?>" value="<?php echo $i;?>">
262	- <?php echo $whitelist[$i];?>
263	</option>
264	<?php endfor;?>
265	</select><br />
266
267	- <input type="submit" value="<?php _e('Remove Selected IP Address', 'underconstruction'); ?>" name="remove_selected_ip_btn" class="button" id="remove_selected_ip_btn" /> <br /> <br />
268	<?php endif; ?>
269	<label><?php _e('IP Address:', 'underconstruction');?> <input type="text" name="ip_address" id="ip_address" /> </label>
270	- <a id="add_current_address_btn" style="cursor: pointer;" class="button"><?php _e('Add Current Address', 'underconstruction');?></a>
271	<span id="loading_current_address" class="hidden">Loading...</span>
272	<br />
273	</td>


6	}
7	}
8
9	+ /*
10	if (isset($_GET['turnOnUnderConstructionMode']))
11	{
12	update_option('underConstructionActivationStatus', 1);

16	{
17	update_option('underConstructionActivationStatus', 0);
18	}
19	+ */
20
21	// ======================================
22	// process display options

35
36	if (isset($_POST['pageTitle']))
37	{
38	+ $values['pageTitle'] = sanitize_text_field($_POST['pageTitle']);
39	}
40
41	if (isset($_POST['headerText']))
42	{
43	+ $values['headerText'] = sanitize_text_field($_POST['headerText']);
44	}
45
46	if (isset($_POST['bodyText']))
47	{
48	+ $values['bodyText'] = sanitize_textarea_field($_POST['bodyText']);
49	}
50
51

57	{
58	if (isset($_POST['ucHTML']))
59	{
60	+ update_option('underConstructionHTML', $_POST['ucHTML']);
61	update_option('underConstructionDisplayOption', 2);
62	}
63	}

100	update_option('underConstructionRedirectURL', $_POST['url']);
101	}
102
103	+ if ($_POST['http_status'] == 404)
104	+ {
105	+ update_option('underConstructionHTTPStatus', 404);
106	+ }
107	+
108	if ($_POST['http_status'] == 503)
109	{
110	update_option('underConstructionHTTPStatus', 503);

192	<span><?php _e('Activate or Deactivate', 'underconstruction');?></span>
193	</legend>
194	<label title="activate">
195	+ <input type="radio" name="activate" value="1"<?php if ($this->pluginIsActive()) { echo ' checked="checked"'; } ?>> <?php _e('On', 'underconstruction');?>
196	</label><br />
197	<label title="deactivate">
198	+ <input type="radio" name="activate" value="0"<?php if (!$this->pluginIsActive()) { echo ' checked="checked"'; } ?>> <?php _e('Off', 'underconstruction');?>
199	</label>
200	</fieldset>
201	</td>

213	<span><?php _e('HTTP Status Code', 'underconstruction');?></span>
214	</legend>
215	<label title="HTTP200">
216	+ <input type="radio" name="http_status" value="200" id="200_status"<?php if ($this->httpStatusCodeIs(200)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 200 - OK', 'underconstruction');?>
217	</label> <br />
218	<label title="HTTP301">
219	<input type="radio" name="http_status" value="301" id="301_status"<?php if ($this->httpStatusCodeIs(301)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 301 - Redirect', 'underconstruction');?> </label> <br />
220	+ <label title="HTTP404">
221	+ <input type="radio" name="http_status" value="404" id="404_status"<?php if ($this->httpStatusCodeIs(404)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 404 - Not Found', 'underconstruction');?> </label> <br />
222	<label title="HTTP503">
223	<input type="radio" name="http_status" value="503" id="503_status"<?php if ($this->httpStatusCodeIs(503)) { echo ' checked="checked"'; } ?>> <?php _e('HTTP 503 - Service Unavailable', 'underconstruction');?>
224	</label>

247	foreach ( $editable_roles as $role => $details ) {
248	$name = translate_user_role($details['name'] );
249	if ( $selected == $role ) // preselect specified role
250	+ $p = "\n\t<option selected='selected' value='" . esc_attr($role) . "'>".esc_html($name)."</option>";
251	else
252	+ $r .= "\n\t<option value='" . esc_attr($role) . "'>".esc_html($name)."</option>";
253	}
254	echo $p . $r;
255	?>

265	<td>
266	<?php $whitelist = get_option('underConstructionIPWhitelist');
267	if($whitelist && count($whitelist)): ?>
268	+ <select size="4" id="ip_whitelist" name="ip_whitelist" style="width: 250px; height: 100px;margin-bottom:10px;">
269	<?php for($i = 0; $i < count($whitelist); $i++):?>
270	+ <option id="<?php echo esc_attr($i); ?>" value="<?php echo esc_attr($i);?>">
271	+ <?php echo esc_html($whitelist[$i]);?>
272	</option>
273	<?php endfor;?>
274	</select><br />
275
276	+ <input type="submit" value="<?php _e('Remove Selected IP Address', 'underconstruction'); ?>" name="remove_selected_ip_btn" class="button" style="width:250px;" id="remove_selected_ip_btn" /> <br /> <br />
277	<?php endif; ?>
278	<label><?php _e('IP Address:', 'underconstruction');?> <input type="text" name="ip_address" id="ip_address" /> </label>
279	+ <?php /<a id="add_current_address_btn" style="cursor: pointer;" class="button"><?php _e('Add Current Address', 'underconstruction');?></a>/ ?>
280	<span id="loading_current_address" class="hidden">Loading...</span>
281	<br />
282	</td>

underConstruction.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Under Construction
4	Plugin URI: https://wordpress.org/plugins/underconstruction/
5	Description: Makes it so your site can only be accessed by users who log in. Useful for developing a site on a live server, without the world being able to see it
6	- Version: 1.19
7	Author: Noah Kagan
8	Author URI: https://appsumo.com/tools/wordpress/?utm_source=sumo&utm_medium=wp-widget&utm_campaign=underconstruction
9	*/
	@@ -103,6 +103,12 @@ class underConstruction
103	header('HTTP/1.1 503 Service Unavailable');
104	}
105






106	//send a 503 if the setting requires it
107	if (get_option('underConstructionHTTPStatus') == 301)
108	{
	@@ -396,7 +402,7 @@ function underConstructionPlugin_delete()
396	}
397
398	function uc_get_ip_address(){
399	- echo $_SERVER['REMOTE_ADDR'];
400	die();
401	}
402


3	Plugin Name: Under Construction
4	Plugin URI: https://wordpress.org/plugins/underconstruction/
5	Description: Makes it so your site can only be accessed by users who log in. Useful for developing a site on a live server, without the world being able to see it
6	+ Version: 1.20
7	Author: Noah Kagan
8	Author URI: https://appsumo.com/tools/wordpress/?utm_source=sumo&utm_medium=wp-widget&utm_campaign=underconstruction
9	*/

103	header('HTTP/1.1 503 Service Unavailable');
104	}
105
106	+ //send a 404 if the setting requires it
107	+ if (get_option('underConstructionHTTPStatus') == 404)
108	+ {
109	+ header('HTTP/1.1 404 Not Found');
110	+ }
111	+
112	//send a 503 if the setting requires it
113	if (get_option('underConstructionHTTPStatus') == 301)
114	{

402	}
403
404	function uc_get_ip_address(){
405	+ echo esc_html($_SERVER['REMOTE_ADDR']);
406	die();
407	}
408