Version Description
- 1 Dec 2014 =
- Security: More efficient format for internal firewall IPs.
Download this release
Release Info
| Developer | thingalon |
| Plugin |  VaultPress |
| Version | 1.6.7 |
| Comparing to | |
| See all releases | |
Code changes from version 1.6.6 to 1.6.7
- readme.txt +4 -1
- vaultpress.php +73 -29
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
|
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
Tested up to: 4.0
|
| 6 |
-
Stable tag: 1.6.
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
|
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 54 |
= 1.6.6 - 14 Nov 2014 =
|
| 55 |
* Security: Fetch service IP updates via HTTPS.
|
| 56 |
* Feature: Don't send backup notifications while mass-deleting spam.
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 2.9.2
|
| 5 |
Tested up to: 4.0
|
| 6 |
+
Stable tag: 1.6.7
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
| 54 |
+
= 1.6.7 - 1 Dec 2014 =
|
| 55 |
+
* Security: More efficient format for internal firewall IPs.
|
| 56 |
+
|
| 57 |
= 1.6.6 - 14 Nov 2014 =
|
| 58 |
* Security: Fetch service IP updates via HTTPS.
|
| 59 |
* Feature: Don't send backup notifications while mass-deleting spam.
|
vaultpress.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
-
* Version: 1.6.
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
|
@@ -17,8 +17,8 @@ if ( !defined( 'ABSPATH' ) )
|
|
| 17 |
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
-
var $db_version =
|
| 21 |
-
var $plugin_version = '1.6.
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
|
@@ -33,7 +33,7 @@ class VaultPress {
|
|
| 33 |
'key' => '',
|
| 34 |
'secret' => '',
|
| 35 |
'connection' => false,
|
| 36 |
-
'
|
| 37 |
);
|
| 38 |
|
| 39 |
$this->options = wp_parse_args( $options, $defaults );
|
|
@@ -140,6 +140,12 @@ class VaultPress {
|
|
| 140 |
$this->update_option( 'db_version', $this->db_version );
|
| 141 |
$this->clear_connection();
|
| 142 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 143 |
}
|
| 144 |
|
| 145 |
function get_option( $key ) {
|
|
@@ -973,7 +979,7 @@ class VaultPress {
|
|
| 973 |
$retry--;
|
| 974 |
$protocol = 'https';
|
| 975 |
$args['sslverify'] = 'https' == $protocol ? true : false;
|
| 976 |
-
$r = wp_remote_get( $url=sprintf( "%s://%s/%s", $protocol, $hostname, $path ), $args );
|
| 977 |
if ( 200 == wp_remote_retrieve_response_code( $r ) ) {
|
| 978 |
if ( 99 == $this->get_option( 'connection_error_code' ) )
|
| 979 |
$this->clear_connection();
|
|
@@ -1005,13 +1011,13 @@ class VaultPress {
|
|
| 1005 |
$data = $this->request_firewall_update();
|
| 1006 |
if ( $data ) {
|
| 1007 |
$newval = array( 'updated' => time(), 'data' => $data );
|
| 1008 |
-
$this->update_option( '
|
| 1009 |
}
|
| 1010 |
|
| 1011 |
$external_data = $this->request_firewall_update( true );
|
| 1012 |
if ( $external_data ) {
|
| 1013 |
$external_newval = array( 'updated' => time(), 'data' => $external_data );
|
| 1014 |
-
update_option( '
|
| 1015 |
}
|
| 1016 |
|
| 1017 |
if ( !empty( $data ) && !empty( $external_data ) )
|
|
@@ -1778,27 +1784,7 @@ JS;
|
|
| 1778 |
return false;
|
| 1779 |
}
|
| 1780 |
if ( !$this->get_option( 'disable_firewall' ) ) {
|
| 1781 |
-
|
| 1782 |
-
$service_ips_external = get_option( 'vaultpress_service_ips_external' );
|
| 1783 |
-
if ( !empty( $rxs['data'] ) && !empty( $service_ips_external['data'] ) )
|
| 1784 |
-
$rxs['data'] = array_merge( $rxs['data'], $service_ips_external['data'] );
|
| 1785 |
-
if ( $rxs ) {
|
| 1786 |
-
$timeout = time() - 86400;
|
| 1787 |
-
if ( $rxs ) {
|
| 1788 |
-
if ( $rxs['updated'] < $timeout )
|
| 1789 |
-
$refetch = true;
|
| 1790 |
-
else
|
| 1791 |
-
$refetch = false;
|
| 1792 |
-
$rxs = $rxs['data'];
|
| 1793 |
-
}
|
| 1794 |
-
} else {
|
| 1795 |
-
$refetch = true;
|
| 1796 |
-
}
|
| 1797 |
-
if ( $refetch ) {
|
| 1798 |
-
if ( $data = $this->update_firewall() )
|
| 1799 |
-
$rxs = $data;
|
| 1800 |
-
}
|
| 1801 |
-
if ( !$this->validate_ip_address( $rxs ) )
|
| 1802 |
return false;
|
| 1803 |
}
|
| 1804 |
$sig = explode( ':', $sig );
|
|
@@ -1827,7 +1813,7 @@ JS;
|
|
| 1827 |
function ip_in_cidr( $ip, $cidr ) {
|
| 1828 |
list ($net, $mask) = explode( '/', $cidr );
|
| 1829 |
return ( ip2long( $ip ) & ~((1 << (32 - $mask)) - 1) ) == ( ip2long( $net ) & ~((1 << (32 - $mask)) - 1) );
|
| 1830 |
-
}
|
| 1831 |
|
| 1832 |
function ip_in_cidrs( $ip, $cidrs ) {
|
| 1833 |
foreach ( (array)$cidrs as $cidr ) {
|
|
@@ -1835,6 +1821,64 @@ JS;
|
|
| 1835 |
return $cidr;
|
| 1836 |
}
|
| 1837 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1838 |
}
|
| 1839 |
|
| 1840 |
function validate_ip_address( $rxs ) {
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
+
* Version: 1.6.7
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
| 17 |
|
| 18 |
class VaultPress {
|
| 19 |
var $option_name = 'vaultpress';
|
| 20 |
+
var $db_version = 4;
|
| 21 |
+
var $plugin_version = '1.6.7';
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
| 33 |
'key' => '',
|
| 34 |
'secret' => '',
|
| 35 |
'connection' => false,
|
| 36 |
+
'service_ips_cidr' => false
|
| 37 |
);
|
| 38 |
|
| 39 |
$this->options = wp_parse_args( $options, $defaults );
|
| 140 |
$this->update_option( 'db_version', $this->db_version );
|
| 141 |
$this->clear_connection();
|
| 142 |
}
|
| 143 |
+
|
| 144 |
+
if ( $current_db_version < 4 ) {
|
| 145 |
+
$this->update_firewall();
|
| 146 |
+
$this->update_option( 'db_version', $this->db_version );
|
| 147 |
+
$this->clear_connection();
|
| 148 |
+
}
|
| 149 |
}
|
| 150 |
|
| 151 |
function get_option( $key ) {
|
| 979 |
$retry--;
|
| 980 |
$protocol = 'https';
|
| 981 |
$args['sslverify'] = 'https' == $protocol ? true : false;
|
| 982 |
+
$r = wp_remote_get( $url=sprintf( "%s://%s/%s?cidr_ranges=1", $protocol, $hostname, $path ), $args );
|
| 983 |
if ( 200 == wp_remote_retrieve_response_code( $r ) ) {
|
| 984 |
if ( 99 == $this->get_option( 'connection_error_code' ) )
|
| 985 |
$this->clear_connection();
|
| 1011 |
$data = $this->request_firewall_update();
|
| 1012 |
if ( $data ) {
|
| 1013 |
$newval = array( 'updated' => time(), 'data' => $data );
|
| 1014 |
+
$this->update_option( 'service_ips_cidr', $newval );
|
| 1015 |
}
|
| 1016 |
|
| 1017 |
$external_data = $this->request_firewall_update( true );
|
| 1018 |
if ( $external_data ) {
|
| 1019 |
$external_newval = array( 'updated' => time(), 'data' => $external_data );
|
| 1020 |
+
update_option( 'vaultpress_service_ips_external_cidr', $external_newval );
|
| 1021 |
}
|
| 1022 |
|
| 1023 |
if ( !empty( $data ) && !empty( $external_data ) )
|
| 1784 |
return false;
|
| 1785 |
}
|
| 1786 |
if ( !$this->get_option( 'disable_firewall' ) ) {
|
| 1787 |
+
if ( ! $this->check_firewall() )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1788 |
return false;
|
| 1789 |
}
|
| 1790 |
$sig = explode( ':', $sig );
|
| 1813 |
function ip_in_cidr( $ip, $cidr ) {
|
| 1814 |
list ($net, $mask) = explode( '/', $cidr );
|
| 1815 |
return ( ip2long( $ip ) & ~((1 << (32 - $mask)) - 1) ) == ( ip2long( $net ) & ~((1 << (32 - $mask)) - 1) );
|
| 1816 |
+
}
|
| 1817 |
|
| 1818 |
function ip_in_cidrs( $ip, $cidrs ) {
|
| 1819 |
foreach ( (array)$cidrs as $cidr ) {
|
| 1821 |
return $cidr;
|
| 1822 |
}
|
| 1823 |
}
|
| 1824 |
+
|
| 1825 |
+
return false;
|
| 1826 |
+
}
|
| 1827 |
+
|
| 1828 |
+
function check_firewall() {
|
| 1829 |
+
global $__vp_validate_error;
|
| 1830 |
+
|
| 1831 |
+
$stored_cidrs = $this->get_option( 'service_ips_cidr' );
|
| 1832 |
+
$stored_ext_cidrs = get_option( 'vaultpress_service_ips_external_cidr' );
|
| 1833 |
+
|
| 1834 |
+
$one_day_ago = time() - 86400;
|
| 1835 |
+
if ( empty( $stored_cidrs ) || empty( $stored_ext_cidrs ) || $stored_cidrs['updated'] < $one_day_ago ) {
|
| 1836 |
+
$cidrs = $this->update_firewall();
|
| 1837 |
+
} else {
|
| 1838 |
+
$cidrs = array_merge( $stored_cidrs['data'], $stored_ext_cidrs['data'] );
|
| 1839 |
+
}
|
| 1840 |
+
|
| 1841 |
+
if ( empty( $cidrs ) ) {
|
| 1842 |
+
// No up-to-date info; fall back on the old methods.
|
| 1843 |
+
if ( $this->do_c_block_firewall() ) {
|
| 1844 |
+
return true;
|
| 1845 |
+
} else {
|
| 1846 |
+
$__vp_validate_error = array( 'error' => 'empty_vp_ip_cidr_range' );
|
| 1847 |
+
return false;
|
| 1848 |
+
}
|
| 1849 |
+
}
|
| 1850 |
+
|
| 1851 |
+
// Figure out possible remote IPs
|
| 1852 |
+
if ( $this->get_option( 'allow_forwarded_for') && !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
|
| 1853 |
+
$remote_ips = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
|
| 1854 |
+
|
| 1855 |
+
if ( !empty( $_SERVER['REMOTE_ADDR'] ) )
|
| 1856 |
+
$remote_ips[] = $_SERVER['REMOTE_ADDR'];
|
| 1857 |
+
|
| 1858 |
+
if ( empty( $remote_ips ) ) {
|
| 1859 |
+
$__vp_validate_error = array( 'error' => 'no_remote_addr', 'detail' => (int) $this->get_option( 'allow_forwarded_for' ) ); // shouldn't happen
|
| 1860 |
+
return false;
|
| 1861 |
+
}
|
| 1862 |
+
|
| 1863 |
+
foreach ( $remote_ips as $ip ) {
|
| 1864 |
+
if ( $cidr = $this->ip_in_cidrs( $ip, $cidrs ) ) {
|
| 1865 |
+
return true;
|
| 1866 |
+
}
|
| 1867 |
+
}
|
| 1868 |
+
|
| 1869 |
+
return false;
|
| 1870 |
+
}
|
| 1871 |
+
|
| 1872 |
+
function do_c_block_firewall() {
|
| 1873 |
+
// Perform the firewall check by class-c ip blocks
|
| 1874 |
+
$rxs = $this->get_option( 'service_ips' );
|
| 1875 |
+
$service_ips_external = get_option( 'vaultpress_service_ips_external' );
|
| 1876 |
+
|
| 1877 |
+
if ( !empty( $rxs['data'] ) && !empty( $service_ips_external['data'] ) )
|
| 1878 |
+
$rxs = array_merge( $rxs['data'], $service_ips_external['data'] );
|
| 1879 |
+
if ( ! $rxs )
|
| 1880 |
+
return false;
|
| 1881 |
+
return $this->validate_ip_address( $rxs );
|
| 1882 |
}
|
| 1883 |
|
| 1884 |
function validate_ip_address( $rxs ) {
|
