VaultPress - Version 1.5.8

Version Description

Files changed (3) hide show

class.vaultpress-hotfixes.php CHANGED Viewed

@@ -82,6 +82,9 @@ class VaultPress_Hotfixes {
             		add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
             		add_filter( 'xmlrpc_methods', array( $this, 'disable_xmlrpc_methods_293' ), 20 );
+            	}
             	function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {
@@ -551,6 +554,26 @@ EOD;
             		else
             			return $value;
+            	}
+            }
             global $wp_version;


82
83	add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
84	add_filter( 'xmlrpc_methods', array( $this, 'disable_xmlrpc_methods_293' ), 20 );
85	+
86	+ // Protect All-in-one SEO from non-authorized users making changes, and script injection attacks.
87	+ add_action( 'wp_ajax_aioseop_ajax_save_meta', array( $this, 'protect_aioseo_ajax' ), 1 );
88	}
89
90	function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {

554	else
555	return $value;
556	}
557	+
558	+ // Protect All-in-one SEO AJAX calls from script injection and changes without privileges. Affects versions <= 2.1.5
559	+ function protect_aioseo_ajax() {
560	+ if ( defined( 'AIOSEOP_VERSION' ) && version_compare( AIOSEOP_VERSION, '2.1.5', '>' ) )
561	+ return;
562	+
563	+ if ( ! isset( $_POST['post_id'] ) \|\| ! isset( $_POST['target_meta'] ) )
564	+ die();
565	+
566	+ // Ensure the current user has permission to write to the post.
567	+ if ( ! current_user_can( 'edit_post', intval( $_POST['post_id'] ) ) )
568	+ die();
569	+
570	+ // Limit the fields that can be written to
571	+ if ( ! in_array( $_POST['target_meta'], array( 'title', 'description', 'keywords' ) ) )
572	+ die();
573	+
574	+ // Strip tags from the metadata value.
575	+ $_POST['new_meta'] = strip_tags( $_POST['new_meta'] );
576	+ }
577	}
578
579	global $wp_version;

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon
3	Tags: security, malware, virus, backups, scanning
4	Requires at least: 2.9.2
5	- Tested up to: 3.8
6	- Stable tag: 1.5.7
7	License: GPLv2
8
9	VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
	@@ -51,9 +51,13 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
53	== Changelog ==



54	= 1.5.7 =
55	* Bugfix: Avoid PHP 5.4 warnings due to invalid constructor names.
56	* Security: Add a new security hotfix.

57	= 1.5.6 =
58	* Bugfix: Avoid PHP 5.4 warnings.
59	* Bugfix: Some servers with restrictive security filters make database restores fail.


2	Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon
3	Tags: security, malware, virus, backups, scanning
4	Requires at least: 2.9.2
5	+ Tested up to: 3.9.1
6	+ Stable tag: 1.5.8
7	License: GPLv2
8
9	VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.

51	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
53	== Changelog ==
54	+ = 1.5.8 =
55	+ * Security: Add a new security hotfix.
56	+
57	= 1.5.7 =
58	* Bugfix: Avoid PHP 5.4 warnings due to invalid constructor names.
59	* Security: Add a new security hotfix.
60	+
61	= 1.5.6 =
62	* Bugfix: Avoid PHP 5.4 warnings.
63	* Bugfix: Some servers with restrictive security filters make database restores fail.

vaultpress.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	- * Version: 1.5.7
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+
	@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
18	class VaultPress {
19	var $option_name = 'vaultpress';
20	var $db_version = 3;
21	- var $plugin_version = '1.5.7';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );


3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	+ * Version: 1.5.8
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+

18	class VaultPress {
19	var $option_name = 'vaultpress';
20	var $db_version = 3;
21	+ var $plugin_version = '1.5.8';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );