Version Description
- 29 June 2017 =
- Security improvement: use hash_equals to compare signatures
Download this release
Release Info
| Developer | thingalon |
| Plugin |  VaultPress |
| Version | 1.9.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.9.0 to 1.9.1
- readme.txt +5 -2
- vaultpress.php +4 -3
readme.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
| 1 |
=== VaultPress ===
|
| 2 |
-
Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 3.2
|
| 5 |
Tested up to: 4.7.2
|
| 6 |
-
Stable tag: 1.9.
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering real-time backup, automated security scanning, and support from WordPress experts.
|
|
@@ -47,6 +47,9 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
|
|
| 47 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 48 |
|
| 49 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 50 |
= 1.9.0 - 5 June 2017 =
|
| 51 |
* Bugfix: Check return value from openssl_verify()
|
| 52 |
|
| 1 |
=== VaultPress ===
|
| 2 |
+
Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon, annezazu, rachelsquirrel
|
| 3 |
Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
|
| 4 |
Requires at least: 3.2
|
| 5 |
Tested up to: 4.7.2
|
| 6 |
+
Stable tag: 1.9.1
|
| 7 |
License: GPLv2
|
| 8 |
|
| 9 |
VaultPress is a subscription service offering real-time backup, automated security scanning, and support from WordPress experts.
|
| 47 |
Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
|
| 48 |
|
| 49 |
== Changelog ==
|
| 50 |
+
= 1.9.1 - 29 June 2017 =
|
| 51 |
+
* Security improvement: use hash_equals to compare signatures
|
| 52 |
+
|
| 53 |
= 1.9.0 - 5 June 2017 =
|
| 54 |
* Bugfix: Check return value from openssl_verify()
|
| 55 |
|
vaultpress.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
-
* Version: 1.9.
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
|
@@ -18,7 +18,7 @@ class VaultPress {
|
|
| 18 |
var $option_name = 'vaultpress';
|
| 19 |
var $auto_register_option = 'vaultpress_auto_register';
|
| 20 |
var $db_version = 4;
|
| 21 |
-
var $plugin_version = '1.9.
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
|
@@ -1856,8 +1856,9 @@ JS;
|
|
| 1856 |
}
|
| 1857 |
|
| 1858 |
$signature = $this->sign_string( $to_sign, $secret, $sig[1] );
|
| 1859 |
-
if ( $sig[0]
|
| 1860 |
return true;
|
|
|
|
| 1861 |
|
| 1862 |
$__vp_validate_error = array( 'error' => 'invalid_signed_data' );
|
| 1863 |
return false;
|
| 3 |
* Plugin Name: VaultPress
|
| 4 |
* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 5 |
* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
|
| 6 |
+
* Version: 1.9.1
|
| 7 |
* Author: Automattic
|
| 8 |
* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
|
| 9 |
* License: GPL2+
|
| 18 |
var $option_name = 'vaultpress';
|
| 19 |
var $auto_register_option = 'vaultpress_auto_register';
|
| 20 |
var $db_version = 4;
|
| 21 |
+
var $plugin_version = '1.9.1';
|
| 22 |
|
| 23 |
function __construct() {
|
| 24 |
register_activation_hook( __FILE__, array( $this, 'activate' ) );
|
| 1856 |
}
|
| 1857 |
|
| 1858 |
$signature = $this->sign_string( $to_sign, $secret, $sig[1] );
|
| 1859 |
+
if ( hash_equals( $sig[0], $signature ) ) {
|
| 1860 |
return true;
|
| 1861 |
+
}
|
| 1862 |
|
| 1863 |
$__vp_validate_error = array( 'error' => 'invalid_signed_data' );
|
| 1864 |
return false;
|
