Version Description
- 27 Apr 2015 =
- Security: Add a new security hotfix.
Download this release
Release Info
Developer | ryelle |
Plugin | VaultPress |
Version | 1.7.3 |
Comparing to | |
See all releases |
Code changes from version 1.7.2 to 1.7.3
- class.vaultpress-hotfixes.php +10 -0
- readme.txt +3 -0
- vaultpress.php +2 -2
class.vaultpress-hotfixes.php
CHANGED
@@ -83,6 +83,9 @@ class VaultPress_Hotfixes {
|
|
83 |
if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
|
84 |
add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
|
85 |
|
|
|
|
|
|
|
86 |
add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
|
87 |
|
88 |
add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
|
@@ -97,6 +100,13 @@ class VaultPress_Hotfixes {
|
|
97 |
// Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
|
98 |
add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
|
99 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
100 |
|
101 |
function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
|
102 |
if ( empty( $mimes ) )
|
83 |
if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
|
84 |
add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
|
85 |
|
86 |
+
if ( version_compare( $wp_version, '4.2', '<=' ) )
|
87 |
+
add_filter( 'preprocess_comment', array( $this, 'filter_long_comment_xss' ), 10, 1 );
|
88 |
+
|
89 |
add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
|
90 |
|
91 |
add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
|
100 |
// Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
|
101 |
add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
|
102 |
}
|
103 |
+
|
104 |
+
function filter_long_comment_xss( $commentdata ) {
|
105 |
+
if ( strlen( $commentdata['comment_content'] ) > 65500 )
|
106 |
+
wp_die( 'Comment too long', 'Invalid comment' );
|
107 |
+
|
108 |
+
return $commentdata;
|
109 |
+
}
|
110 |
|
111 |
function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
|
112 |
if ( empty( $mimes ) )
|
readme.txt
CHANGED
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
52 |
|
53 |
== Changelog ==
|
|
|
|
|
|
|
54 |
= 1.7.2 - 20 Apr 2015 =
|
55 |
* Hotfix: Protect against a core security issue.
|
56 |
* Bugfix: Don't allow direct access to plugin files
|
51 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
52 |
|
53 |
== Changelog ==
|
54 |
+
= 1.7.3 - 27 Apr 2015 =
|
55 |
+
* Security: Add a new security hotfix.
|
56 |
+
|
57 |
= 1.7.2 - 20 Apr 2015 =
|
58 |
* Hotfix: Protect against a core security issue.
|
59 |
* Bugfix: Don't allow direct access to plugin files
|
vaultpress.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: VaultPress
|
4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
6 |
-
* Version: 1.7.
|
7 |
* Author: Automattic
|
8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
9 |
* License: GPL2+
|
@@ -17,7 +17,7 @@ defined( 'ABSPATH' ) or die();
|
|
17 |
class VaultPress {
|
18 |
var $option_name = 'vaultpress';
|
19 |
var $db_version = 4;
|
20 |
-
var $plugin_version = '1.7.
|
21 |
|
22 |
function __construct() {
|
23 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
3 |
* Plugin Name: VaultPress
|
4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
6 |
+
* Version: 1.7.3
|
7 |
* Author: Automattic
|
8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
9 |
* License: GPL2+
|
17 |
class VaultPress {
|
18 |
var $option_name = 'vaultpress';
|
19 |
var $db_version = 4;
|
20 |
+
var $plugin_version = '1.7.3';
|
21 |
|
22 |
function __construct() {
|
23 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|