Version Description
- 27 Apr 2015 =
- Security: Add a new security hotfix.
Download this release
Release Info
| Developer | ryelle |
| Plugin |  VaultPress |
| Version | 1.7.3 |
| Comparing to | |
| See all releases | |
Code changes from version 1.7.2 to 1.7.3
- class.vaultpress-hotfixes.php +10 -0
- readme.txt +3 -0
- vaultpress.php +2 -2
class.vaultpress-hotfixes.php
CHANGED
|
@@ -83,6 +83,9 @@ class VaultPress_Hotfixes {
|
|
| 83 |
if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
|
| 84 |
add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
|
| 85 |
|
|
|
|
|
|
|
|
|
|
| 86 |
add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
|
| 87 |
|
| 88 |
add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
|
|
@@ -97,6 +100,13 @@ class VaultPress_Hotfixes {
|
|
| 97 |
// Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
|
| 98 |
add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
|
| 99 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 100 |
|
| 101 |
function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
|
| 102 |
if ( empty( $mimes ) )
|
| 83 |
if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
|
| 84 |
add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
|
| 85 |
|
| 86 |
+
if ( version_compare( $wp_version, '4.2', '<=' ) )
|
| 87 |
+
add_filter( 'preprocess_comment', array( $this, 'filter_long_comment_xss' ), 10, 1 );
|
| 88 |
+
|
| 89 |
add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
|
| 90 |
|
| 91 |
add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
|
| 100 |
// Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
|
| 101 |
add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
|
| 102 |
}
|
| 103 |
+
|
| 104 |
+
function filter_long_comment_xss( $commentdata ) {
|
| 105 |
+
if ( strlen( $commentdata['comment_content'] ) > 65500 )
|
| 106 |
+
wp_die( 'Comment too long', 'Invalid comment' );
|
| 107 |
+
|
| 108 |
+
return $commentdata;
|
| 109 |
+
}
|
| 110 |
|
| 111 |
function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
|
| 112 |
if ( empty( $mimes ) )
|
readme.txt
CHANGED
|
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 54 |
= 1.7.2 - 20 Apr 2015 =
|
| 55 |
* Hotfix: Protect against a core security issue.
|
| 56 |
* Bugfix: Don't allow direct access to plugin files
|
| 51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 52 |
|
| 53 |
== Changelog ==
|
| 54 |
+
= 1.7.3 - 27 Apr 2015 =
|
| 55 |
+
* Security: Add a new security hotfix.
|
| 56 |
+
|
| 57 |
= 1.7.2 - 20 Apr 2015 =
|
| 58 |
* Hotfix: Protect against a core security issue.
|
| 59 |
* Bugfix: Don't allow direct access to plugin files
|
vaultpress.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
-
* Version: 1.7.
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
|
@@ -17,7 +17,7 @@ defined( 'ABSPATH' ) or die();
|
|
| 17 |
class VaultPress {
|
| 18 |
var $option_name = 'vaultpress';
|
| 19 |
var $db_version = 4;
|
| 20 |
-
var $plugin_version = '1.7.
|
| 21 |
|
| 22 |
function __construct() {
|
| 23 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
+
* Version: 1.7.3
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
| 17 |
class VaultPress {
|
| 18 |
var $option_name = 'vaultpress';
|
| 19 |
var $db_version = 4;
|
| 20 |
+
var $plugin_version = '1.7.3';
|
| 21 |
|
| 22 |
function __construct() {
|
| 23 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
