VaultPress - Version 1.7.3

Version Description

  • 27 Apr 2015 =
  • Security: Add a new security hotfix.
Download this release

Release Info

Developer ryelle
Plugin Icon 128x128 VaultPress
Version 1.7.3
Comparing to
See all releases

Code changes from version 1.7.2 to 1.7.3

Files changed (3) hide show
  1. class.vaultpress-hotfixes.php +10 -0
  2. readme.txt +3 -0
  3. vaultpress.php +2 -2
class.vaultpress-hotfixes.php CHANGED
@@ -83,6 +83,9 @@ class VaultPress_Hotfixes {
83
  if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
84
  add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
85
 
 
 
 
86
  add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
87
 
88
  add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
@@ -97,6 +100,13 @@ class VaultPress_Hotfixes {
97
  // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
98
  add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
99
  }
 
 
 
 
 
 
 
100
 
101
  function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
102
  if ( empty( $mimes ) )
83
  if ( version_compare( $wp_version, '4.1', '>=' ) && version_compare( $wp_version, '4.1.2', '<' ) )
84
  add_filter( 'wp_check_filetype_and_ext', array( $this, 'wp_check_filetype_and_ext' ), 20, 4 );
85
 
86
+ if ( version_compare( $wp_version, '4.2', '<=' ) )
87
+ add_filter( 'preprocess_comment', array( $this, 'filter_long_comment_xss' ), 10, 1 );
88
+
89
  add_filter( 'get_pagenum_link', array( $this, 'get_pagenum_link' ) );
90
 
91
  add_filter( 'jetpack_xmlrpc_methods', array( $this, 'disable_jetpack_xmlrpc_methods_293' ), 20, 3 );
100
  // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
101
  add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
102
  }
103
+
104
+ function filter_long_comment_xss( $commentdata ) {
105
+ if ( strlen( $commentdata['comment_content'] ) > 65500 )
106
+ wp_die( 'Comment too long', 'Invalid comment' );
107
+
108
+ return $commentdata;
109
+ }
110
 
111
  function wp_check_filetype_and_ext( $filetype, $file, $filename, $mimes ) {
112
  if ( empty( $mimes ) )
readme.txt CHANGED
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
 
 
 
54
  = 1.7.2 - 20 Apr 2015 =
55
  * Hotfix: Protect against a core security issue.
56
  * Bugfix: Don't allow direct access to plugin files
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
+ = 1.7.3 - 27 Apr 2015 =
55
+ * Security: Add a new security hotfix.
56
+
57
  = 1.7.2 - 20 Apr 2015 =
58
  * Hotfix: Protect against a core security issue.
59
  * Bugfix: Don't allow direct access to plugin files
vaultpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
- * Version: 1.7.2
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
@@ -17,7 +17,7 @@ defined( 'ABSPATH' ) or die();
17
  class VaultPress {
18
  var $option_name = 'vaultpress';
19
  var $db_version = 4;
20
- var $plugin_version = '1.7.2';
21
 
22
  function __construct() {
23
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
+ * Version: 1.7.3
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
17
  class VaultPress {
18
  var $option_name = 'vaultpress';
19
  var $db_version = 4;
20
+ var $plugin_version = '1.7.3';
21
 
22
  function __construct() {
23
  register_activation_hook( __FILE__, array( $this, 'activate' ) );