VaultPress - Version 1.9.9

Version Description

28 March 2019 =
PHP 7.2.0 compatibility fix.
Adding button to delete all VaultPress settings

Release Info

Developer	briancolinger
Plugin	VaultPress
Version	1.9.9
Comparing to
See all releases

Code changes from version 1.9.8 to 1.9.9

Files changed (4) hide show

cron-tasks.php +2 -2
readme.txt +6 -2
vaultpress.php +60 -3
vp-scanner.php +31 -29

cron-tasks.php CHANGED Viewed

	@@ -103,12 +103,12 @@ class VP_Site_Scanner {
103	}
104
105	function _scan_batch() {
106	- $paths = get_option( '_vp_current_scan' );
107	if ( empty( $paths ) \|\| $this->_scan_clean_up( $paths ) )
108	return false;
109
110	reset( $paths );
111	- list( $type, $current ) = ~~each~~( $paths );
112	if ( !is_object( $current ) \|\| empty( $current->last_dir ) )
113	return $this->_scan_clean_up( $paths, $type );
114


103	}
104
105	function _scan_batch() {
106	+ $paths = (array) get_option( '_vp_current_scan' );
107	if ( empty( $paths ) \|\| $this->_scan_clean_up( $paths ) )
108	return false;
109
110	reset( $paths );
111	+ list( $type, $current ) = current( $paths );
112	if ( !is_object( $current ) \|\| empty( $current->last_dir ) )
113	return $this->_scan_clean_up( $paths, $type );
114

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon, annezazu, rachelsquirrel
3	Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4	Requires at least: 3.2
5	- Tested up to: 5.0
6	- Stable tag: 1.9.8
7	License: GPLv2
8
9	VaultPress is a subscription service offering real-time backup, automated security scanning, and support from WordPress experts.
	@@ -47,6 +47,10 @@ A VaultPress subscription is for a single WordPress site. You can purchase addit
47	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
48
49	== Changelog ==




50	= 1.9.8 - 7 February 2019 =
51	* Limit the size of _vp_ai_ping_% entries when a site gets disconnected from VaultPress.com
52


2	Contributors: automattic, apokalyptik, briancolinger, josephscott, shaunandrews, xknown, thingalon, annezazu, rachelsquirrel
3	Tags: security, malware, virus, archive, back up, back ups, backup, backups, scanning, restore, wordpress backup, site backup, website backup
4	Requires at least: 3.2
5	+ Tested up to: 5.1.1
6	+ Stable tag: 1.9.9
7	License: GPLv2
8
9	VaultPress is a subscription service offering real-time backup, automated security scanning, and support from WordPress experts.

47	Yes, VaultPress supports Multisite installs. Each site will require its own subscription.
48
49	== Changelog ==
50	+ = 1.9.9 - 28 March 2019 =
51	+ * PHP 7.2.0 compatibility fix.
52	+ * Adding button to delete all VaultPress settings
53	+
54	= 1.9.8 - 7 February 2019 =
55	* Limit the size of _vp_ai_ping_% entries when a site gets disconnected from VaultPress.com
56

vaultpress.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	- * Version: 1.9.8
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+
	@@ -18,7 +18,7 @@ class VaultPress {
18	var $option_name = 'vaultpress';
19	var $auto_register_option = 'vaultpress_auto_register';
20	var $db_version = 4;
21	- var $plugin_version = '1.9.8';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );
	@@ -441,6 +441,27 @@ class VaultPress {
441	if ( !current_user_can( 'manage_options' ) )
442	return;
443





















444	// run code that might be updating the registration key
445	if ( isset( $_POST['action'] ) && 'register' == $_POST['action'] ) {
446	check_admin_referer( 'vaultpress_register' );
	@@ -548,7 +569,9 @@ class VaultPress {
548	</div>
549	</div><!-- .card-grid -->
550	</div><!-- #vp_registration -->
551	- ~~</div><!-- #vp-head -->~~


552	<?php
553	}
554
	@@ -559,6 +582,8 @@ class VaultPress {
559	$response = base64_decode( $this->contact_service( 'plugin_ui' ) );
560	echo $response;
561	?>


562	</div>
563	<?php
564	}
	@@ -600,6 +625,32 @@ class VaultPress {
600	<?php
601	}
602


























603	function get_config( $key ) {
604	$val = get_option( $key );
605	if ( $val )
	@@ -1033,6 +1084,12 @@ class VaultPress {
1033	) );
1034	}
1035






1036	function request_firewall_update( $external_services = false ) {
1037	$args = array( 'timeout' => $this->get_option( 'timeout' ), 'sslverify' => true );
1038	$hostname = $this->get_option( 'hostname' );


3	* Plugin Name: VaultPress
4	* Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&utm_medium=plugin-description&utm_campaign=1.0
5	* Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&utm_medium=plugin-description&utm_campaign=1.0" rel="nofollow">Need some help?</a>
6	+ * Version: 1.9.9
7	* Author: Automattic
8	* Author URI: http://vaultpress.com/?utm_source=author-uri&utm_medium=plugin-description&utm_campaign=1.0
9	* License: GPL2+

18	var $option_name = 'vaultpress';
19	var $auto_register_option = 'vaultpress_auto_register';
20	var $db_version = 4;
21	+ var $plugin_version = '1.9.9';
22
23	function __construct() {
24	register_activation_hook( __FILE__, array( $this, 'activate' ) );

441	if ( !current_user_can( 'manage_options' ) )
442	return;
443
444	+ if ( isset( $_POST['action'] ) && 'delete-vp-settings' == $_POST['action'] ) {
445	+ check_admin_referer( 'delete_vp_settings' );
446	+
447	+ $ai_ping_queue_size = $this->ai_ping_queue_size();
448	+ if ( ! empty( $ai_ping_queue_size->option_count ) && $ai_ping_queue_size->option_count > 1 ) {
449	+ $this->ai_ping_queue_delete();
450	+ }
451	+
452	+ delete_option( $this->option_name );
453	+ delete_option( 'vaultpress_service_ips_external_cidr' );
454	+ delete_option( '_vp_signatures' );
455	+ delete_option( '_vp_config_option_name_ignore' );
456	+ delete_option( '_vp_config_post_meta_name_ignore' );
457	+ delete_option( '_vp_config_should_ignore_files' );
458	+ delete_option( '_vp_current_scan' );
459	+ delete_option( 'vaultpress_auto_register' );
460	+
461	+ wp_redirect( admin_url( 'admin.php?page=vaultpress&delete-vp-settings=1' ) );
462	+ exit();
463	+ }
464	+
465	// run code that might be updating the registration key
466	if ( isset( $_POST['action'] ) && 'register' == $_POST['action'] ) {
467	check_admin_referer( 'vaultpress_register' );

569	</div>
570	</div><!-- .card-grid -->
571	</div><!-- #vp_registration -->
572	+
573	+ <?php $this->ui_delete_vp_settings_button(); ?>
574	+ </div><!-- #vp-head -->
575	<?php
576	}
577

582	$response = base64_decode( $this->contact_service( 'plugin_ui' ) );
583	echo $response;
584	?>
585	+
586	+ <?php $this->ui_delete_vp_settings_button(); ?>
587	</div>
588	<?php
589	}

625	<?php
626	}
627
628	+ function ui_delete_vp_settings_button() {
629	+ ?>
630	+ <div class="grid" style="margin-top: 10px;">
631	+ <div class="vp_card half">
632	+ <?php
633	+ if ( isset( $_GET['delete-vp-settings'] ) && 1 == (int) $_GET['delete-vp-settings'] ) {
634	+ ?>
635	+ <p><?php _e( 'All VaultPress settings have been deleted.', 'vaultpress' ); ?></p>
636	+ <?php
637	+ } else {
638	+ ?>
639	+ <h2><?php _e( 'Delete VaultPress Settings', 'vaultpress' ); ?></h2>
640	+ <p class="vp_card-description"><?php _e( 'Warning: Clicking this button will reset ALL VaultPress options in the database.', 'vaultpress' ); ?></p>
641	+ <form method="post" action="">
642	+ <button class="vp_button-secondary"><?php _e( 'Delete all VaultPress Settings', 'vaultpress' ); ?></button>
643	+ <input type="hidden" name="action" value="delete-vp-settings"/>
644	+ <?php wp_nonce_field( 'delete_vp_settings' ); ?>
645	+ </form>
646	+ <?php
647	+ }
648	+ ?>
649	+ </div>
650	+ </div><!-- .card-grid -->
651	+ <?php
652	+ }
653	+
654	function get_config( $key ) {
655	$val = get_option( $key );
656	if ( $val )

1084	) );
1085	}
1086
1087	+ function ai_ping_queue_delete() {
1088	+ global $wpdb;
1089	+
1090	+ return $wpdb->query( "DELETE FROM `$wpdb->options` WHERE `option_name` LIKE '\_vp\_ai\_ping%'" );
1091	+ }
1092	+
1093	function request_firewall_update( $external_services = false ) {
1094	$args = array( 'timeout' => $this->get_option( 'timeout' ), 'sslverify' => true );
1095	$hostname = $this->get_option( 'hostname' );

vp-scanner.php CHANGED Viewed

@@ -267,44 +267,42 @@ function vp_scan_file( $file, $tmp_file = null, $use_parser = false ) {
+            			}
             			$is_vulnerable = true;
-            -
            			$matches = array ();
-            -
            			if ( is_array( $file_content ) && ( $signature->patterns ) && is_array( $signature->patterns ) ) {
-            -
            				if ( ! $use_parser ) {
-            -
            					reset( $signature->patterns );
-            -
            					while ( $is_vulnerable && list( , $pattern ) = each( $signature->patterns ) ) {
-            -
            						if ( ! $match = preg_grep( '#' . addcslashes( $pattern, '#' ) . '#im', $file_content ) ) {
-            -
            							$is_vulnerable = false;
-            -
            							break;
-            -
            						}
-            -
            						$matches += $match;
-            -
            					}
-            -
            				} else {
-            -
            					// use the language specified in the signature if it has one
-            -
            					if ( ! empty( $signature->target_language ) && array_key_exists( $signature->target_language, $file_parsed ) ) {
-            -
            						$code = $file_parsed[ $signature->target_language ];
-            -
            					} else {
-            -
            						$code = $file_content;
-            -
            					}
-            -
            					// same code as the '! $use_parser' branch above
-            -
            					reset( $signature->patterns );
-            -
            					while ( $is_vulnerable && list( , $pattern ) = each( $signature->patterns ) ) {
-            -
            						if ( ! $match = preg_grep( '#' . addcslashes( $pattern, '#' ) . '#im', $code ) ) {
-            -
            							$is_vulnerable = false;
-            -
            							break;
-            -
            						}
-            -
            						$matches += $match;
+            					}
+            				}
-            -
            			} else {
-            -
            				$is_vulnerable = false;
+            			}
             			// convert the matched line to an array of details showing context around the lines
             			$lines = array();
             			if ( $use_parser ) {
-            -
            				$lines_parsed = array();
             				$line_indices_parsed = array_keys( $code );
+            			}
             			foreach ( $matches as $line => $text ) {
             				$lines = array_merge( $lines, range( $line - 1, $line + 1 ) );
             				if ( $use_parser ) {
@@ -324,7 +322,11 @@ function vp_scan_file( $file, $tmp_file = null, $use_parser = false ) {
             					$lines_parsed = array_merge( $lines_parsed, $idx_around );
+            				}
+            			}
             			$details = array_intersect_key( $file_content, array_flip( $lines ) );
             			if ( $use_parser ) {
             				$details_parsed = array_intersect_key( $code, array_flip( $lines_parsed ) );
+            			}


267	}
268
269	$is_vulnerable = true;
270	+
271	+ $code = $file_content;
272	+
273	+ if ( $use_parser ) {
274	+ // use the language specified in the signature if it has one
275	+ if ( ! empty( $signature->target_language ) && array_key_exists( $signature->target_language, $file_parsed ) ) {
276	+ $code = $file_parsed[ $signature->target_language ];
277	+
278	+
279	+ }
280	+ }
281	+
282	+ $matches = array();
283	+ if ( ! empty( $signature->patterns ) ) {
284	+ foreach ( $signature->patterns as $pattern ) {
285	+ $match = preg_grep( '#' . addcslashes( $pattern, '#' ) . '#im', $code );
286	+ if ( empty( $match ) ) {
287	+ $is_vulnerable = false;
288	+ break;







289	}
290	+
291	+ $matches += $match;
292	}


293	}
294
295	// convert the matched line to an array of details showing context around the lines
296	$lines = array();
297	+
298	+ $lines_parsed = array();
299	+
300	+ $line_indices_parsed = array();
301	+
302	if ( $use_parser ) {

303	$line_indices_parsed = array_keys( $code );
304	}
305	+
306	foreach ( $matches as $line => $text ) {
307	$lines = array_merge( $lines, range( $line - 1, $line + 1 ) );
308	if ( $use_parser ) {

322	$lines_parsed = array_merge( $lines_parsed, $idx_around );
323	}
324	}
325	+
326	$details = array_intersect_key( $file_content, array_flip( $lines ) );
327	+
328	+ $details_parsed = array();
329	+
330	if ( $use_parser ) {
331	$details_parsed = array_intersect_key( $code, array_flip( $lines_parsed ) );
332	}