VaultPress - Version 1.6.5

Version Description

  • 4 Sep 2014 =
  • Security: Hotfix for the Slider Revolution plugin.
Download this release

Release Info

Developer josephscott
Plugin Icon 128x128 VaultPress
Version 1.6.5
Comparing to
See all releases

Code changes from version 1.6.4 to 1.6.5

Files changed (3) hide show
  1. class.vaultpress-hotfixes.php +19 -0
  2. readme.txt +20 -17
  3. vaultpress.php +2 -2
class.vaultpress-hotfixes.php CHANGED
@@ -88,6 +88,9 @@ class VaultPress_Hotfixes {
88
 
89
  // Protect The MailPoet plugin (wysija-newsletters) from remote file upload. Affects versions <= 2.6.6
90
  add_action( 'admin_init', array( $this , 'protect_wysija_newsletters_verify_capability' ), 1 );
 
 
 
91
  }
92
 
93
  function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {
@@ -616,6 +619,22 @@ EOD;
616
  return true;
617
  }
618
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
619
  }
620
 
621
  global $wp_version;
88
 
89
  // Protect The MailPoet plugin (wysija-newsletters) from remote file upload. Affects versions <= 2.6.6
90
  add_action( 'admin_init', array( $this , 'protect_wysija_newsletters_verify_capability' ), 1 );
91
+
92
+ // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
93
+ add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
94
  }
95
 
96
  function disable_jetpack_xmlrpc_methods_293( $jetpack_methods, $core_methods, $user = false ) {
619
  return true;
620
  }
621
  }
622
+
623
+ // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
624
+ function protect_revslider_lfi() {
625
+ if ( isset( $_GET['action'] ) && 'revslider_show_image' == $_GET['action'] ) {
626
+ $img = '';
627
+ if ( isset( $_GET['img'] ) )
628
+ $img = $_GET['img'];
629
+ if ( is_numeric( $img ) )
630
+ return;
631
+ $validate = validate_file( $img );
632
+ if ( 0 !== $validate )
633
+ die( 'invalid file' );
634
+ if ( !file_exists( $img ) )
635
+ die( 'file does not exist' );
636
+ }
637
+ }
638
  }
639
 
640
  global $wp_version;
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.0
6
- Stable tag: 1.6.4
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
@@ -51,59 +51,62 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
- = 1.6.4 =
 
 
 
55
  * Bumping the "Tested up to" tag to 4.0
56
 
57
- = 1.6.3 =
58
  * Bugfix: Make sure existing empty key and secret options are always strings. This fixes an error when run with HHVM.
59
  * Bugfix: Detect if the plugin has been installed on localhost and show an error.
60
  * CSS Fix: Stop the "Register" button from bouncing around when clicked.
61
 
62
- = 1.6.2 =
63
  * Feature: Instantly register for a VaultPress trial via Jetpack.
64
  * Bugfix: Make sure the key and secret options are always strings. This fixes an error when run with HHVM.
65
 
66
- = 1.6.1 =
67
  * Security: Add a new security hotfix.
68
 
69
- = 1.6 =
70
  * Bugfix: Better handling for Multisite table prefixes.
71
  * Bugfix: Do not use the deprecated wpdb::escape() method.
72
 
73
- = 1.5.9 =
74
  * Feature: If available, use command line md5sum and sha1sum to get checksums for large files.
75
 
76
- = 1.5.8 =
77
  * Security: Add a new security hotfix.
78
 
79
- = 1.5.7 =
80
  * Bugfix: Avoid PHP 5.4 warnings due to invalid constructor names.
81
  * Security: Add a new security hotfix.
82
 
83
- = 1.5.6 =
84
  * Bugfix: Avoid PHP 5.4 warnings.
85
  * Bugfix: Some servers with restrictive security filters make database restores fail.
86
  * Feature: Add a new restore method to VaultPress_Database.
87
 
88
- = 1.5.2 =
89
  * Bugfix: Adding less greedy patterns for cache directories.
90
 
91
- = 1.5.1 =
92
  * Feature: Adding file exclusion patterns to avoid backing up cache and backup directories.
93
 
94
- = 1.5 =
95
  * Bugfix: Don't show admin notices on the about page.
96
 
97
- = 1.4.9 =
98
  * Bugfix: Clean up PHP5 strict warnings.
99
 
100
- = 1.4.8 =
101
  * Feature: Include styles and images with the plugin instead of loading them externally.
102
 
103
- = 1.4.7 =
104
  * Bugfix: Some servers have SSL configuration problems, which breaks the plugin when SSL verification is enforced.
105
 
106
- = 1.4.6 =
107
  * Bugfix: PHP 5.4 notices
108
  * Feature: Add the possibility to ignore frequent updates on some postmeta keys.
109
 
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.0
6
+ Stable tag: 1.6.5
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
+ = 1.6.5 - 4 Sep 2014 =
55
+ * Security: Hotfix for the Slider Revolution plugin.
56
+
57
+ = 1.6.4 - 3 Sep 2014 =
58
  * Bumping the "Tested up to" tag to 4.0
59
 
60
+ = 1.6.3 - 30 Jul 2014 =
61
  * Bugfix: Make sure existing empty key and secret options are always strings. This fixes an error when run with HHVM.
62
  * Bugfix: Detect if the plugin has been installed on localhost and show an error.
63
  * CSS Fix: Stop the "Register" button from bouncing around when clicked.
64
 
65
+ = 1.6.2 - 10 Jul 2014 =
66
  * Feature: Instantly register for a VaultPress trial via Jetpack.
67
  * Bugfix: Make sure the key and secret options are always strings. This fixes an error when run with HHVM.
68
 
69
+ = 1.6.1 - 1 Jul 2014 =
70
  * Security: Add a new security hotfix.
71
 
72
+ = 1.6 - 27 Jun 2014 =
73
  * Bugfix: Better handling for Multisite table prefixes.
74
  * Bugfix: Do not use the deprecated wpdb::escape() method.
75
 
76
+ = 1.5.9 - 16 Jun 2014 =
77
  * Feature: If available, use command line md5sum and sha1sum to get checksums for large files.
78
 
79
+ = 1.5.8 - 3 Jun 2014 =
80
  * Security: Add a new security hotfix.
81
 
82
+ = 1.5.7 - 11 Apr 2014 =
83
  * Bugfix: Avoid PHP 5.4 warnings due to invalid constructor names.
84
  * Security: Add a new security hotfix.
85
 
86
+ = 1.5.6 - 1 Apr 2014 =
87
  * Bugfix: Avoid PHP 5.4 warnings.
88
  * Bugfix: Some servers with restrictive security filters make database restores fail.
89
  * Feature: Add a new restore method to VaultPress_Database.
90
 
91
+ = 1.5.2 - 26 Dec 2013 =
92
  * Bugfix: Adding less greedy patterns for cache directories.
93
 
94
+ = 1.5.1 - 16 Dec 2013 =
95
  * Feature: Adding file exclusion patterns to avoid backing up cache and backup directories.
96
 
97
+ = 1.5 - 11 Dec 2013 =
98
  * Bugfix: Don't show admin notices on the about page.
99
 
100
+ = 1.4.9 - 10 Oct 2013 =
101
  * Bugfix: Clean up PHP5 strict warnings.
102
 
103
+ = 1.4.8 - 15 Jul 2013 =
104
  * Feature: Include styles and images with the plugin instead of loading them externally.
105
 
106
+ = 1.4.7 - 2 Jul 2013 =
107
  * Bugfix: Some servers have SSL configuration problems, which breaks the plugin when SSL verification is enforced.
108
 
109
+ = 1.4.6 - 26 Jun 2013 =
110
  * Bugfix: PHP 5.4 notices
111
  * Feature: Add the possibility to ignore frequent updates on some postmeta keys.
112
 
vaultpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
- * Version: 1.6.4
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
@@ -18,7 +18,7 @@ if ( !defined( 'ABSPATH' ) )
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
  var $db_version = 3;
21
- var $plugin_version = '1.6.4';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
+ * Version: 1.6.5
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
  var $db_version = 3;
21
+ var $plugin_version = '1.6.5';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );