VaultPress - Version 1.6.7

Version Description

  • 1 Dec 2014 =
  • Security: More efficient format for internal firewall IPs.
Download this release

Release Info

Developer thingalon
Plugin Icon 128x128 VaultPress
Version 1.6.7
Comparing to
See all releases

Code changes from version 1.6.6 to 1.6.7

Files changed (2) hide show
  1. readme.txt +4 -1
  2. vaultpress.php +73 -29
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.0
6
- Stable tag: 1.6.6
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
 
 
 
54
  = 1.6.6 - 14 Nov 2014 =
55
  * Security: Fetch service IP updates via HTTPS.
56
  * Feature: Don't send backup notifications while mass-deleting spam.
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.0
6
+ Stable tag: 1.6.7
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
+ = 1.6.7 - 1 Dec 2014 =
55
+ * Security: More efficient format for internal firewall IPs.
56
+
57
  = 1.6.6 - 14 Nov 2014 =
58
  * Security: Fetch service IP updates via HTTPS.
59
  * Feature: Don't send backup notifications while mass-deleting spam.
vaultpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
- * Version: 1.6.6
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
@@ -17,8 +17,8 @@ if ( !defined( 'ABSPATH' ) )
17
 
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
- var $db_version = 3;
21
- var $plugin_version = '1.6.6';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
@@ -33,7 +33,7 @@ class VaultPress {
33
  'key' => '',
34
  'secret' => '',
35
  'connection' => false,
36
- 'service_ips' => false
37
  );
38
 
39
  $this->options = wp_parse_args( $options, $defaults );
@@ -140,6 +140,12 @@ class VaultPress {
140
  $this->update_option( 'db_version', $this->db_version );
141
  $this->clear_connection();
142
  }
 
 
 
 
 
 
143
  }
144
 
145
  function get_option( $key ) {
@@ -973,7 +979,7 @@ class VaultPress {
973
  $retry--;
974
  $protocol = 'https';
975
  $args['sslverify'] = 'https' == $protocol ? true : false;
976
- $r = wp_remote_get( $url=sprintf( "%s://%s/%s", $protocol, $hostname, $path ), $args );
977
  if ( 200 == wp_remote_retrieve_response_code( $r ) ) {
978
  if ( 99 == $this->get_option( 'connection_error_code' ) )
979
  $this->clear_connection();
@@ -1005,13 +1011,13 @@ class VaultPress {
1005
  $data = $this->request_firewall_update();
1006
  if ( $data ) {
1007
  $newval = array( 'updated' => time(), 'data' => $data );
1008
- $this->update_option( 'service_ips', $newval );
1009
  }
1010
 
1011
  $external_data = $this->request_firewall_update( true );
1012
  if ( $external_data ) {
1013
  $external_newval = array( 'updated' => time(), 'data' => $external_data );
1014
- update_option( 'vaultpress_service_ips_external', $external_newval );
1015
  }
1016
 
1017
  if ( !empty( $data ) && !empty( $external_data ) )
@@ -1778,27 +1784,7 @@ JS;
1778
  return false;
1779
  }
1780
  if ( !$this->get_option( 'disable_firewall' ) ) {
1781
- $rxs = $this->get_option( 'service_ips' );
1782
- $service_ips_external = get_option( 'vaultpress_service_ips_external' );
1783
- if ( !empty( $rxs['data'] ) && !empty( $service_ips_external['data'] ) )
1784
- $rxs['data'] = array_merge( $rxs['data'], $service_ips_external['data'] );
1785
- if ( $rxs ) {
1786
- $timeout = time() - 86400;
1787
- if ( $rxs ) {
1788
- if ( $rxs['updated'] < $timeout )
1789
- $refetch = true;
1790
- else
1791
- $refetch = false;
1792
- $rxs = $rxs['data'];
1793
- }
1794
- } else {
1795
- $refetch = true;
1796
- }
1797
- if ( $refetch ) {
1798
- if ( $data = $this->update_firewall() )
1799
- $rxs = $data;
1800
- }
1801
- if ( !$this->validate_ip_address( $rxs ) )
1802
  return false;
1803
  }
1804
  $sig = explode( ':', $sig );
@@ -1827,7 +1813,7 @@ JS;
1827
  function ip_in_cidr( $ip, $cidr ) {
1828
  list ($net, $mask) = explode( '/', $cidr );
1829
  return ( ip2long( $ip ) & ~((1 << (32 - $mask)) - 1) ) == ( ip2long( $net ) & ~((1 << (32 - $mask)) - 1) );
1830
- }
1831
 
1832
  function ip_in_cidrs( $ip, $cidrs ) {
1833
  foreach ( (array)$cidrs as $cidr ) {
@@ -1835,6 +1821,64 @@ JS;
1835
  return $cidr;
1836
  }
1837
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1838
  }
1839
 
1840
  function validate_ip_address( $rxs ) {
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
+ * Version: 1.6.7
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
17
 
18
  class VaultPress {
19
  var $option_name = 'vaultpress';
20
+ var $db_version = 4;
21
+ var $plugin_version = '1.6.7';
22
 
23
  function __construct() {
24
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
33
  'key' => '',
34
  'secret' => '',
35
  'connection' => false,
36
+ 'service_ips_cidr' => false
37
  );
38
 
39
  $this->options = wp_parse_args( $options, $defaults );
140
  $this->update_option( 'db_version', $this->db_version );
141
  $this->clear_connection();
142
  }
143
+
144
+ if ( $current_db_version < 4 ) {
145
+ $this->update_firewall();
146
+ $this->update_option( 'db_version', $this->db_version );
147
+ $this->clear_connection();
148
+ }
149
  }
150
 
151
  function get_option( $key ) {
979
  $retry--;
980
  $protocol = 'https';
981
  $args['sslverify'] = 'https' == $protocol ? true : false;
982
+ $r = wp_remote_get( $url=sprintf( "%s://%s/%s?cidr_ranges=1", $protocol, $hostname, $path ), $args );
983
  if ( 200 == wp_remote_retrieve_response_code( $r ) ) {
984
  if ( 99 == $this->get_option( 'connection_error_code' ) )
985
  $this->clear_connection();
1011
  $data = $this->request_firewall_update();
1012
  if ( $data ) {
1013
  $newval = array( 'updated' => time(), 'data' => $data );
1014
+ $this->update_option( 'service_ips_cidr', $newval );
1015
  }
1016
 
1017
  $external_data = $this->request_firewall_update( true );
1018
  if ( $external_data ) {
1019
  $external_newval = array( 'updated' => time(), 'data' => $external_data );
1020
+ update_option( 'vaultpress_service_ips_external_cidr', $external_newval );
1021
  }
1022
 
1023
  if ( !empty( $data ) && !empty( $external_data ) )
1784
  return false;
1785
  }
1786
  if ( !$this->get_option( 'disable_firewall' ) ) {
1787
+ if ( ! $this->check_firewall() )
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1788
  return false;
1789
  }
1790
  $sig = explode( ':', $sig );
1813
  function ip_in_cidr( $ip, $cidr ) {
1814
  list ($net, $mask) = explode( '/', $cidr );
1815
  return ( ip2long( $ip ) & ~((1 << (32 - $mask)) - 1) ) == ( ip2long( $net ) & ~((1 << (32 - $mask)) - 1) );
1816
+ }
1817
 
1818
  function ip_in_cidrs( $ip, $cidrs ) {
1819
  foreach ( (array)$cidrs as $cidr ) {
1821
  return $cidr;
1822
  }
1823
  }
1824
+
1825
+ return false;
1826
+ }
1827
+
1828
+ function check_firewall() {
1829
+ global $__vp_validate_error;
1830
+
1831
+ $stored_cidrs = $this->get_option( 'service_ips_cidr' );
1832
+ $stored_ext_cidrs = get_option( 'vaultpress_service_ips_external_cidr' );
1833
+
1834
+ $one_day_ago = time() - 86400;
1835
+ if ( empty( $stored_cidrs ) || empty( $stored_ext_cidrs ) || $stored_cidrs['updated'] < $one_day_ago ) {
1836
+ $cidrs = $this->update_firewall();
1837
+ } else {
1838
+ $cidrs = array_merge( $stored_cidrs['data'], $stored_ext_cidrs['data'] );
1839
+ }
1840
+
1841
+ if ( empty( $cidrs ) ) {
1842
+ // No up-to-date info; fall back on the old methods.
1843
+ if ( $this->do_c_block_firewall() ) {
1844
+ return true;
1845
+ } else {
1846
+ $__vp_validate_error = array( 'error' => 'empty_vp_ip_cidr_range' );
1847
+ return false;
1848
+ }
1849
+ }
1850
+
1851
+ // Figure out possible remote IPs
1852
+ if ( $this->get_option( 'allow_forwarded_for') && !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
1853
+ $remote_ips = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
1854
+
1855
+ if ( !empty( $_SERVER['REMOTE_ADDR'] ) )
1856
+ $remote_ips[] = $_SERVER['REMOTE_ADDR'];
1857
+
1858
+ if ( empty( $remote_ips ) ) {
1859
+ $__vp_validate_error = array( 'error' => 'no_remote_addr', 'detail' => (int) $this->get_option( 'allow_forwarded_for' ) ); // shouldn't happen
1860
+ return false;
1861
+ }
1862
+
1863
+ foreach ( $remote_ips as $ip ) {
1864
+ if ( $cidr = $this->ip_in_cidrs( $ip, $cidrs ) ) {
1865
+ return true;
1866
+ }
1867
+ }
1868
+
1869
+ return false;
1870
+ }
1871
+
1872
+ function do_c_block_firewall() {
1873
+ // Perform the firewall check by class-c ip blocks
1874
+ $rxs = $this->get_option( 'service_ips' );
1875
+ $service_ips_external = get_option( 'vaultpress_service_ips_external' );
1876
+
1877
+ if ( !empty( $rxs['data'] ) && !empty( $service_ips_external['data'] ) )
1878
+ $rxs = array_merge( $rxs['data'], $service_ips_external['data'] );
1879
+ if ( ! $rxs )
1880
+ return false;
1881
+ return $this->validate_ip_address( $rxs );
1882
  }
1883
 
1884
  function validate_ip_address( $rxs ) {