VaultPress - Version 1.7.5

Version Description

  • 11 Jun 2015 =
  • Security: Add a new security hotfix.
Download this release

Release Info

Developer thingalon
Plugin Icon 128x128 VaultPress
Version 1.7.5
Comparing to
See all releases

Code changes from version 1.7.4 to 1.7.5

Files changed (5) hide show
  1. class.vaultpress-hotfixes.php +23 -0
  2. nav-styles.css +36 -1
  3. readme.txt +4 -1
  4. styles.css +0 -37
  5. vaultpress.php +2 -2
class.vaultpress-hotfixes.php CHANGED
@@ -99,6 +99,9 @@ class VaultPress_Hotfixes {
99
 
100
  // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
101
  add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
 
 
 
102
  }
103
 
104
  function filter_long_comment_xss( $commentdata ) {
@@ -668,6 +671,26 @@ EOD;
668
  die( 'file does not exist' );
669
  }
670
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
671
  }
672
 
673
  global $wp_version;
99
 
100
  // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
101
  add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
102
+
103
+ // Protect WooCommerce from object injection via PayPal IPN notifications. Affects 2.0.20 -> 2.3.10
104
+ add_action( 'init', array( $this , 'protect_woocommerce_paypal_object_injection' ), 1 );
105
  }
106
 
107
  function filter_long_comment_xss( $commentdata ) {
671
  die( 'file does not exist' );
672
  }
673
  }
674
+
675
+ // Protect WooCommerce 2.0.20 - 2.3.10 from PayPal IPN object injection attack.
676
+ function protect_woocommerce_paypal_object_injection() {
677
+ global $woocommerce;
678
+ if ( ! isset( $woocommerce ) )
679
+ return;
680
+
681
+ $wc_version = $woocommerce->version;
682
+ if ( version_compare( $wc_version, '2.0.20', '<' ) || version_compare( $wc_version, '2.3.11', '>=' ) )
683
+ return;
684
+
685
+ if ( isset( $_REQUEST['paypalListener'] ) ) {
686
+ $check_fields = array( 'custom', 'cm' );
687
+ foreach ( $check_fields as $field ) {
688
+ if ( isset( $_REQUEST[ $field ] ) && preg_match( '/[CO]:\+?[0-9]+:/', $_REQUEST[ $field ] ) ) {
689
+ die();
690
+ }
691
+ }
692
+ }
693
+ }
694
  }
695
 
696
  global $wp_version;
nav-styles.css CHANGED
@@ -13,4 +13,39 @@
13
  content: '\f219';
14
  font-size: 18px !important;
15
  font-family: 'vaultpressregular' !important;
16
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  content: '\f219';
14
  font-size: 18px !important;
15
  font-family: 'vaultpressregular' !important;
16
+ }
17
+
18
+ /* ==========================================================================
19
+ Notices
20
+ ========================================================================== */
21
+
22
+ .vp-notice {
23
+ display: block;
24
+ margin-top: 30px;
25
+ padding: 30px;
26
+ border-radius: 6px;
27
+ background: #fff;
28
+ }
29
+
30
+ .vp-notice h3 {
31
+ margin: 0 0 10px 0;
32
+ font-size: 20px;
33
+ font-weight: 400;
34
+ }
35
+
36
+ .vp-notice p {
37
+ margin: 0;
38
+ padding: 0;
39
+ font-size: 14px;
40
+ line-height: 1.6;
41
+ }
42
+
43
+ .vp-error {
44
+ background-color: #AB0300;
45
+ color: #fff;
46
+ }
47
+
48
+ .vp-error h3,
49
+ .vp-error a {
50
+ color: #fff;
51
+ }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews,
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.2
6
- Stable tag: 1.7.4
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
@@ -51,6 +51,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
 
 
 
54
  = 1.7.4 - 28 Apr 2015 =
55
  * Bugfix: Don't allow openssl signing unless the public key exists.
56
 
3
  Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4
  Requires at least: 2.9.2
5
  Tested up to: 4.2
6
+ Stable tag: 1.7.5
7
  License: GPLv2
8
 
9
  VaultPress is a subscription service offering realtime backup, automated security scanning, and support from WordPress experts.
51
  Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
52
 
53
  == Changelog ==
54
+ = 1.7.5 - 11 Jun 2015 =
55
+ * Security: Add a new security hotfix.
56
+
57
  = 1.7.4 - 28 Apr 2015 =
58
  * Bugfix: Don't allow openssl signing unless the public key exists.
59
 
styles.css CHANGED
@@ -243,43 +243,6 @@ Header
243
  right: 15px;
244
  }
245
 
246
-
247
- /* ==========================================================================
248
- Notices
249
- ========================================================================== */
250
-
251
- .vp-notice {
252
- display: block;
253
- margin-top: 30px;
254
- padding: 30px;
255
- border-radius: 6px;
256
- background: #fff;
257
- }
258
-
259
- .vp-notice h3 {
260
- margin: 0 0 10px 0;
261
- font-size: 20px;
262
- font-weight: 400;
263
- }
264
-
265
- .vp-notice p {
266
- margin: 0;
267
- padding: 0;
268
- font-size: 14px;
269
- line-height: 1.6;
270
- }
271
-
272
- .vp-error {
273
- background-color: #AB0300;
274
- color: #fff;
275
- }
276
-
277
- .vp-error h3,
278
- .vp-error a {
279
- color: #fff;
280
- }
281
-
282
-
283
  /* --- Trial period notice --- */
284
  .trial-notice {
285
  clear: both;
243
  right: 15px;
244
  }
245
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
246
  /* --- Trial period notice --- */
247
  .trial-notice {
248
  clear: both;
vaultpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
- * Version: 1.7.4
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
@@ -17,7 +17,7 @@ defined( 'ABSPATH' ) or die();
17
  class VaultPress {
18
  var $option_name = 'vaultpress';
19
  var $db_version = 4;
20
- var $plugin_version = '1.7.4';
21
 
22
  function __construct() {
23
  register_activation_hook( __FILE__, array( $this, 'activate' ) );
3
  * Plugin Name: VaultPress
4
  * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
5
  * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
6
+ * Version: 1.7.5
7
  * Author: Automattic
8
  * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
9
  * License: GPL2+
17
  class VaultPress {
18
  var $option_name = 'vaultpress';
19
  var $db_version = 4;
20
+ var $plugin_version = '1.7.5';
21
 
22
  function __construct() {
23
  register_activation_hook( __FILE__, array( $this, 'activate' ) );