Version Description
- Security: Add a new security hotfix.
Download this release
Release Info
| Developer | briancolinger |
| Plugin |  VaultPress |
| Version | 1.6.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.6 to 1.6.1
- class.vaultpress-hotfixes.php +42 -0
- readme.txt +4 -1
- vaultpress.php +2 -2
class.vaultpress-hotfixes.php
CHANGED
|
@@ -85,6 +85,9 @@ class VaultPress_Hotfixes {
|
|
| 85 |
|
| 86 |
// Protect All-in-one SEO from non-authorized users making changes, and script injection attacks.
|
| 87 |
add_action( 'wp_ajax_aioseop_ajax_save_meta', array( $this, 'protect_aioseo_ajax' ), 1 );
|
|
|
|
|
|
|
|
|
|
| 88 |
}
|
| 89 |
|
| 90 |
function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {
|
|
@@ -574,6 +577,45 @@ EOD;
|
|
| 574 |
// Strip tags from the metadata value.
|
| 575 |
$_POST['new_meta'] = strip_tags( $_POST['new_meta'] );
|
| 576 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 577 |
}
|
| 578 |
|
| 579 |
global $wp_version;
|
| 85 |
|
| 86 |
// Protect All-in-one SEO from non-authorized users making changes, and script injection attacks.
|
| 87 |
add_action( 'wp_ajax_aioseop_ajax_save_meta', array( $this, 'protect_aioseo_ajax' ), 1 );
|
| 88 |
+
|
| 89 |
+
// Protect The MailPoet plugin (wysija-newsletters) from remote file upload. Affects versions <= 2.6.6
|
| 90 |
+
add_action( 'admin_init', array( $this , 'protect_wysija_newsletters_verify_capability' ), 1 );
|
| 91 |
}
|
| 92 |
|
| 93 |
function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {
|
| 577 |
// Strip tags from the metadata value.
|
| 578 |
$_POST['new_meta'] = strip_tags( $_POST['new_meta'] );
|
| 579 |
}
|
| 580 |
+
|
| 581 |
+
// Protect The MailPoet plugin (wysija-newsletters) from remote file upload. Affects versions <= 2.6.6
|
| 582 |
+
function protect_wysija_newsletters_verify_capability() {
|
| 583 |
+
if ( !class_exists( 'WYSIJA_object' ) )
|
| 584 |
+
return true;
|
| 585 |
+
if ( version_compare( WYSIJA::get_version(), '2.6.7', '>=' ) )
|
| 586 |
+
return true;
|
| 587 |
+
if ( !defined( 'DOING_AJAX' ) && !defined( 'WYSIJA_ITF' ) )
|
| 588 |
+
return true;
|
| 589 |
+
if( isset( $_REQUEST['page'] ) && substr( $_REQUEST['page'] ,0 ,7 ) == 'wysija_' ){
|
| 590 |
+
|
| 591 |
+
switch( $_REQUEST['page'] ){
|
| 592 |
+
case 'wysija_campaigns':
|
| 593 |
+
$role_needed = 'wysija_newsletters';
|
| 594 |
+
break;
|
| 595 |
+
case 'wysija_subscribers':
|
| 596 |
+
$role_needed = 'wysija_subscribers';
|
| 597 |
+
break;
|
| 598 |
+
case 'wysija_config':
|
| 599 |
+
$role_needed = 'wysija_config';
|
| 600 |
+
break;
|
| 601 |
+
case 'wysija_statistics':
|
| 602 |
+
$role_needed = 'wysija_stats_dashboard';
|
| 603 |
+
break;
|
| 604 |
+
default:
|
| 605 |
+
$role_needed = 'switch_themes';
|
| 606 |
+
}
|
| 607 |
+
|
| 608 |
+
if( current_user_can( $role_needed ) ){
|
| 609 |
+
return true;
|
| 610 |
+
} else{
|
| 611 |
+
die( 'You are not allowed here.' );
|
| 612 |
+
}
|
| 613 |
+
|
| 614 |
+
}else{
|
| 615 |
+
// this is not a wysija interface/action we can let it pass
|
| 616 |
+
return true;
|
| 617 |
+
}
|
| 618 |
+
}
|
| 619 |
}
|
| 620 |
|
| 621 |
global $wp_version;
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
|
|
| 3 |
Tags: security, malware, virus, backups, scanning
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
Tested up to: 3.9.1
|
| 6 |
-
Stable tag: 1.6
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
|
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 54 |
= 1.6 =
|
| 55 |
* Bugfix: Better handling for Multisite table prefixes.
|
| 56 |
* Bugfix: Do not use the deprecated wpdb::escape() method.
|
| 3 |
Tags: security, malware, virus, backups, scanning
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
Tested up to: 3.9.1
|
| 6 |
+
Stable tag: 1.6.1
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
| 54 |
+
= 1.6.1 =
|
| 55 |
+
* Security: Add a new security hotfix.
|
| 56 |
+
|
| 57 |
= 1.6 =
|
| 58 |
* Bugfix: Better handling for Multisite table prefixes.
|
| 59 |
* Bugfix: Do not use the deprecated wpdb::escape() method.
|
vaultpress.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
-
* Version: 1.6
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
|
@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
|
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
var $db_version = 3;
|
| 21 |
-
var $plugin_version = '1.6';
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
+
* Version: 1.6.1
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
var $db_version = 3;
|
| 21 |
+
var $plugin_version = '1.6.1';
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
