Version Description
- Vastly improved error logging including catching fatal PHP errors and logging them to status log.
- Fixed accidental preg_replace variable interpolation.
- Syntax fixes (various)
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 1.4.7 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.6 to 1.4.7
- lib/wfAPI.php +2 -2
- lib/wfIssues.php +1 -0
- lib/wfScanEngine.php +9 -15
- lib/wordfenceClass.php +1 -1
- lib/wordfenceURLHoover.php +1 -1
- readme.txt +6 -1
- wfscan.php +20 -5
- wordfence.php +1 -1
lib/wfAPI.php
CHANGED
|
@@ -36,7 +36,7 @@ class wfAPI {
|
|
| 36 |
if(! is_array($dat)){
|
| 37 |
$this->errorMsg = "We could not understand the Wordfence API response when calling '$action'.";
|
| 38 |
}
|
| 39 |
-
if($dat['errorMsg']){
|
| 40 |
$this->errorMsg = $dat['errorMsg'];
|
| 41 |
}
|
| 42 |
if($this->errorMsg){
|
|
@@ -125,7 +125,7 @@ class wfAPI {
|
|
| 125 |
return false;
|
| 126 |
}
|
| 127 |
}
|
| 128 |
-
wordfence::status(3, 'info', "Completed binary API call $func with code: $
|
| 129 |
return array('code' => $httpStatus, 'data' => $data);
|
| 130 |
}
|
| 131 |
public function makeAPIQueryString(){
|
| 36 |
if(! is_array($dat)){
|
| 37 |
$this->errorMsg = "We could not understand the Wordfence API response when calling '$action'.";
|
| 38 |
}
|
| 39 |
+
if(empty($dat['errorMsg']) === false){
|
| 40 |
$this->errorMsg = $dat['errorMsg'];
|
| 41 |
}
|
| 42 |
if($this->errorMsg){
|
| 125 |
return false;
|
| 126 |
}
|
| 127 |
}
|
| 128 |
+
wordfence::status(3, 'info', "Completed binary API call $func with code: $httpStatus");
|
| 129 |
return array('code' => $httpStatus, 'data' => $data);
|
| 130 |
}
|
| 131 |
public function makeAPIQueryString(){
|
lib/wfIssues.php
CHANGED
|
@@ -8,6 +8,7 @@ class wfIssues {
|
|
| 8 |
public $totalIssues = 0;
|
| 9 |
public $totalCriticalIssues = 0;
|
| 10 |
public $totalWarningIssues = 0;
|
|
|
|
| 11 |
public function __construct(){
|
| 12 |
global $wpdb;
|
| 13 |
$this->issuesTable = $wpdb->base_prefix . 'wfIssues';
|
| 8 |
public $totalIssues = 0;
|
| 9 |
public $totalCriticalIssues = 0;
|
| 10 |
public $totalWarningIssues = 0;
|
| 11 |
+
private $db = false;
|
| 12 |
public function __construct(){
|
| 13 |
global $wpdb;
|
| 14 |
$this->issuesTable = $wpdb->base_prefix . 'wfIssues';
|
lib/wfScanEngine.php
CHANGED
|
@@ -121,18 +121,12 @@ class wfScanEngine {
|
|
| 121 |
//CORE SCAN
|
| 122 |
$this->status(2, 'info', "Examining files in WordPress base directory.");
|
| 123 |
$hasher = new wordfenceHash(strlen(ABSPATH));
|
| 124 |
-
$
|
| 125 |
$baseContents = scandir(ABSPATH);
|
| 126 |
-
$
|
| 127 |
-
|
| 128 |
-
$
|
| 129 |
-
|
| 130 |
-
if($includeBase){
|
| 131 |
-
foreach($baseContents as $file){ //Only include base files less than a meg that are files.
|
| 132 |
-
$file = rtrim(ABSPATH, '/') . '/' . $file;
|
| 133 |
-
if(is_file($file) && @filesize(ABSPATH . $file) < 1000000 && (! in_array($file, $includeInScan)) ){
|
| 134 |
-
$includeInScan[] = $file;
|
| 135 |
-
}
|
| 136 |
}
|
| 137 |
}
|
| 138 |
$this->status(2, 'info', "Hashing your WordPress files for comparison against originals.");
|
|
@@ -191,7 +185,7 @@ class wfScanEngine {
|
|
| 191 |
$this->errorStop($this->api->errorMsg);
|
| 192 |
return;
|
| 193 |
}
|
| 194 |
-
if($result1['errorMsg']){
|
| 195 |
$this->errorStop($result['errorMsg']);
|
| 196 |
return;
|
| 197 |
}
|
|
@@ -370,7 +364,7 @@ class wfScanEngine {
|
|
| 370 |
}
|
| 371 |
private function highestCap($caps){
|
| 372 |
foreach(array('administrator', 'editor', 'author', 'contributor', 'subscriber') as $cap){
|
| 373 |
-
if($caps[$cap]){
|
| 374 |
return $cap;
|
| 375 |
}
|
| 376 |
}
|
|
@@ -378,7 +372,7 @@ class wfScanEngine {
|
|
| 378 |
}
|
| 379 |
private function isEditor($caps){
|
| 380 |
foreach(array('contributor', 'author', 'editor', 'administrator') as $cap){
|
| 381 |
-
if($caps[$cap]){
|
| 382 |
return true;
|
| 383 |
}
|
| 384 |
}
|
|
@@ -560,7 +554,7 @@ class wfScanEngine {
|
|
| 560 |
$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
|
| 561 |
$data = get_plugin_data($pluginFile);
|
| 562 |
$data['newVersion'] = $vals->new_version;
|
| 563 |
-
$key = 'wfPluginUpgrade' . ' ' . $plugin . ' ' . $data['
|
| 564 |
$this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $data['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $data['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $data);
|
| 565 |
}
|
| 566 |
}
|
| 121 |
//CORE SCAN
|
| 122 |
$this->status(2, 'info', "Examining files in WordPress base directory.");
|
| 123 |
$hasher = new wordfenceHash(strlen(ABSPATH));
|
| 124 |
+
$baseWPStuff = array( '.htaccess', 'index.php', 'license.txt', 'readme.html', 'wp-activate.php', 'wp-admin', 'wp-app.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-config-sample.php', 'wp-content', 'wp-cron.php', 'wp-includes', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-pass.php', 'wp-register.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php', 'xmlrpc.php');
|
| 125 |
$baseContents = scandir(ABSPATH);
|
| 126 |
+
foreach($baseContents as $file){ //Only include base files less than a meg that are files.
|
| 127 |
+
$fullFile = rtrim(ABSPATH, '/') . '/' . $file;
|
| 128 |
+
if(in_array($file, $baseWPStuff) || (is_file($fullFile) && is_readable($fullFile) && filesize($fullFile) < 1000000) ){
|
| 129 |
+
$includeInScan[] = $file;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 130 |
}
|
| 131 |
}
|
| 132 |
$this->status(2, 'info', "Hashing your WordPress files for comparison against originals.");
|
| 185 |
$this->errorStop($this->api->errorMsg);
|
| 186 |
return;
|
| 187 |
}
|
| 188 |
+
if(empty($result1['errorMsg']) === false){
|
| 189 |
$this->errorStop($result['errorMsg']);
|
| 190 |
return;
|
| 191 |
}
|
| 364 |
}
|
| 365 |
private function highestCap($caps){
|
| 366 |
foreach(array('administrator', 'editor', 'author', 'contributor', 'subscriber') as $cap){
|
| 367 |
+
if(empty($caps[$cap]) === false && $caps[$cap]){
|
| 368 |
return $cap;
|
| 369 |
}
|
| 370 |
}
|
| 372 |
}
|
| 373 |
private function isEditor($caps){
|
| 374 |
foreach(array('contributor', 'author', 'editor', 'administrator') as $cap){
|
| 375 |
+
if(empty($caps[$cap]) === false && $caps[$cap]){
|
| 376 |
return true;
|
| 377 |
}
|
| 378 |
}
|
| 554 |
$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
|
| 555 |
$data = get_plugin_data($pluginFile);
|
| 556 |
$data['newVersion'] = $vals->new_version;
|
| 557 |
+
$key = 'wfPluginUpgrade' . ' ' . $plugin . ' ' . $data['newVersion'] . ' ' . $data['Version'];
|
| 558 |
$this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $data['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $data['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $data);
|
| 559 |
}
|
| 560 |
}
|
lib/wordfenceClass.php
CHANGED
|
@@ -1104,7 +1104,7 @@ class wordfence {
|
|
| 1104 |
}
|
| 1105 |
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
| 1106 |
$result = $api->call('get_next_scan_time', array(), array());
|
| 1107 |
-
if($result['errorMsg']){
|
| 1108 |
return $result['errorMsg'];
|
| 1109 |
}
|
| 1110 |
$secsToGo = 3600 * 6; //In case we can't contact the API, schedule next scan 6 hours from now.
|
| 1104 |
}
|
| 1105 |
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
| 1106 |
$result = $api->call('get_next_scan_time', array(), array());
|
| 1107 |
+
if(empty($result['errorMsg']) === false){
|
| 1108 |
return $result['errorMsg'];
|
| 1109 |
}
|
| 1110 |
$secsToGo = 3600 * 6; //In case we can't contact the API, schedule next scan 6 hours from now.
|
lib/wordfenceURLHoover.php
CHANGED
|
@@ -19,7 +19,7 @@ class wordfenceURLHoover {
|
|
| 19 |
return;
|
| 20 |
}
|
| 21 |
try {
|
| 22 |
-
@preg_replace("/(?<=^|[^a-zA-Z0-9\-])((?:[a-zA-Z0-9\-]+\.)+)(" . $this->dRegex . ")((?:$|[^a-zA-Z0-9\-\.\'\"])[^\r\n\s\t\"\'\$\{\}<>]*)/ie", "\$this->" . "addHost(\$id,
|
| 23 |
} catch(Exception $e){ error_log("Regex error 1: $e"); }
|
| 24 |
preg_replace("/(?<=[^\d]|^)(\d{8,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})([^\d\'\"][^\r\n\s\t\"\'\$\{\}<>]*)/e", "\$this->" . "addIP(\$id, \"$1\",\"$2\")", $data);
|
| 25 |
}
|
| 19 |
return;
|
| 20 |
}
|
| 21 |
try {
|
| 22 |
+
@preg_replace("/(?<=^|[^a-zA-Z0-9\-])((?:[a-zA-Z0-9\-]+\.)+)(" . $this->dRegex . ")((?:$|[^a-zA-Z0-9\-\.\'\"])[^\r\n\s\t\"\'\$\{\}<>]*)/ie", "\$this->" . "addHost(\$id, '$1$2', '$3')", $data);
|
| 23 |
} catch(Exception $e){ error_log("Regex error 1: $e"); }
|
| 24 |
preg_replace("/(?<=[^\d]|^)(\d{8,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})([^\d\'\"][^\r\n\s\t\"\'\$\{\}<>]*)/e", "\$this->" . "addIP(\$id, \"$1\",\"$2\")", $data);
|
| 25 |
}
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.3.2
|
| 6 |
-
Stable tag: 1.4.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,11 @@ or a theme, because often these have been updated to fix a security hole.
|
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 1.4.6 =
|
| 156 |
* Increased memory available to Wordfence to 256M during security scans, configurable in wordfenceConstants.php
|
| 157 |
* Improved memory logging during security scans. Current memory usage is now shown on the far right of filenames while scans occur.
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.3.2
|
| 6 |
+
Stable tag: 1.4.7
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
| 155 |
+
= 1.4.7 =
|
| 156 |
+
* Vastly improved error logging including catching fatal PHP errors and logging them to status log.
|
| 157 |
+
* Fixed accidental preg_replace variable interpolation.
|
| 158 |
+
* Syntax fixes (various)
|
| 159 |
+
|
| 160 |
= 1.4.6 =
|
| 161 |
* Increased memory available to Wordfence to 256M during security scans, configurable in wordfenceConstants.php
|
| 162 |
* Improved memory logging during security scans. Current memory usage is now shown on the far right of filenames while scans occur.
|
wfscan.php
CHANGED
|
@@ -47,13 +47,31 @@ class wfScan {
|
|
| 47 |
@ini_set('memory_limit', WORDFENCE_MEM_LIMIT . 'M');
|
| 48 |
}
|
| 49 |
|
| 50 |
-
|
| 51 |
-
register_shutdown_function('wfScan::
|
|
|
|
|
|
|
|
|
|
| 52 |
|
|
|
|
| 53 |
$scan = new wfScanEngine();
|
| 54 |
$scan->go();
|
| 55 |
wfConfig::set('wf_scanRunning', '');
|
| 56 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 |
private static function errorExit($msg){
|
| 58 |
echo json_encode(array('errorMsg' => $msg));
|
| 59 |
exit();
|
|
@@ -77,9 +95,6 @@ class wfScan {
|
|
| 77 |
if($a['level'] == $b['level']){ return 0; }
|
| 78 |
return ($a['level'] < $b['level']) ? -1 : 1;
|
| 79 |
}
|
| 80 |
-
public static function clearScan(){
|
| 81 |
-
wfConfig::set('wf_scanRunning', '');
|
| 82 |
-
}
|
| 83 |
}
|
| 84 |
wfScan::wfScanMain();
|
| 85 |
?>
|
| 47 |
@ini_set('memory_limit', WORDFENCE_MEM_LIMIT . 'M');
|
| 48 |
}
|
| 49 |
|
| 50 |
+
set_error_handler('wfScan::error_handler', E_ALL);
|
| 51 |
+
register_shutdown_function('wfScan::shutdown');
|
| 52 |
+
ob_start('wfScan::obHandler');
|
| 53 |
+
@error_reporting(E_ALL);
|
| 54 |
+
@ini_set('display_errors','On');
|
| 55 |
|
| 56 |
+
wfConfig::set('wf_scanRunning', time());
|
| 57 |
$scan = new wfScanEngine();
|
| 58 |
$scan->go();
|
| 59 |
wfConfig::set('wf_scanRunning', '');
|
| 60 |
}
|
| 61 |
+
public static function obHandler($buf){
|
| 62 |
+
if(strlen($buf) > 1000){
|
| 63 |
+
$buf = substr($buf, 0, 255);
|
| 64 |
+
}
|
| 65 |
+
if(empty($buf) === false && preg_match('/[a-zA-Z0-9]+/', $buf)){
|
| 66 |
+
wordfence::status(1, 'error', $buf);
|
| 67 |
+
}
|
| 68 |
+
}
|
| 69 |
+
public static function error_handler($errno, $errstr, $errfile, $errline){
|
| 70 |
+
wordfence::status(1, 'error', "$errstr ($errno) File: $errfile Line: $errline");
|
| 71 |
+
}
|
| 72 |
+
public static function shutdown(){
|
| 73 |
+
wfConfig::set('wf_scanRunning', '');
|
| 74 |
+
}
|
| 75 |
private static function errorExit($msg){
|
| 76 |
echo json_encode(array('errorMsg' => $msg));
|
| 77 |
exit();
|
| 95 |
if($a['level'] == $b['level']){ return 0; }
|
| 96 |
return ($a['level'] < $b['level']) ? -1 : 1;
|
| 97 |
}
|
|
|
|
|
|
|
|
|
|
| 98 |
}
|
| 99 |
wfScan::wfScanMain();
|
| 100 |
?>
|
wordfence.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: WordPress Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 1.4.
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
require_once('lib/wordfenceConstants.php');
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: WordPress Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 1.4.7
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
require_once('lib/wordfenceConstants.php');
|
