Wordfence Security – Firewall & Malware Scan - Version 6.0.3

Version Description

  • Fix: Fix for hosts that don't have IPv6 compiled into PHP (which is rare) we now manually define certain functions.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 6.0.3
Comparing to
See all releases

Code changes from version 6.0.2 to 6.0.3

Files changed (3) hide show
  1. lib/wfUtils.php +135 -20
  2. readme.txt +4 -1
  3. wordfence.php +2 -2
lib/wfUtils.php CHANGED
@@ -80,28 +80,39 @@ class wfUtils {
80
  }
81
 
82
  /**
83
- * Return dot or colon notation of IPv4 or IPv6 address.
84
  *
85
- * @param string $ip
86
  * @return string|bool
87
  */
88
- public static function inet_ntop($ip) {
89
- // trim this to the IPv4 equiv if it's in the mapped range
90
- if (strlen($ip) == 16 && substr($ip, 0, 12) == pack("H*", '00000000000000000000ffff')) {
91
- $ip = substr($ip, 12, 4);
92
- }
93
- return inet_ntop($ip);
94
  }
95
 
96
  /**
97
- * Return dot notation of IPv4 address.
98
  *
99
- * @param int $ip
 
 
 
 
 
 
 
 
 
 
 
100
  * @return string|bool
101
  */
102
- public static function inet_ntoa($ip) {
103
- $long = 4294967295 - ($ip - 1);
104
- return long2ip(-$long);
 
 
 
105
  }
106
 
107
  /**
@@ -112,19 +123,111 @@ class wfUtils {
112
  */
113
  public static function inet_pton($ip) {
114
  // convert the 4 char IPv4 to IPv6 mapped version.
115
- $pton = str_pad(inet_pton($ip), 16, pack("H*", '00000000000000000000ffff00000000'), STR_PAD_LEFT);
 
116
  return $pton;
117
  }
118
 
119
  /**
120
- * Return string representation of 32 bit int of the IP address.
121
  *
122
- * @param string $ip
123
- * @return string
124
  */
125
- public static function inet_aton($ip) {
126
- $ip = preg_replace('/(?<=^|\.)0+([1-9])/', '$1', $ip);
127
- return sprintf("%u", ip2long($ip));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
128
  }
129
 
130
  public static function hasLoginCookie(){
@@ -806,5 +909,17 @@ class wfUtils {
806
  }
807
  }
808
 
 
 
 
 
 
 
 
 
 
 
 
 
809
 
810
  ?>
80
  }
81
 
82
  /**
83
+ * Return dot notation of IPv4 address.
84
  *
85
+ * @param int $ip
86
  * @return string|bool
87
  */
88
+ public static function inet_ntoa($ip) {
89
+ $long = 4294967295 - ($ip - 1);
90
+ return long2ip(-$long);
 
 
 
91
  }
92
 
93
  /**
94
+ * Return string representation of 32 bit int of the IP address.
95
  *
96
+ * @param string $ip
97
+ * @return string
98
+ */
99
+ public static function inet_aton($ip) {
100
+ $ip = preg_replace('/(?<=^|\.)0+([1-9])/', '$1', $ip);
101
+ return sprintf("%u", ip2long($ip));
102
+ }
103
+
104
+ /**
105
+ * Return dot or colon notation of IPv4 or IPv6 address.
106
+ *
107
+ * @param string $ip
108
  * @return string|bool
109
  */
110
+ public static function inet_ntop($ip) {
111
+ // trim this to the IPv4 equiv if it's in the mapped range
112
+ if (strlen($ip) == 16 && substr($ip, 0, 12) == "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff") {
113
+ $ip = substr($ip, 12, 4);
114
+ }
115
+ return self::hasIPv6Support() ? inet_ntop($ip) : self::_inet_ntop($ip);
116
  }
117
 
118
  /**
123
  */
124
  public static function inet_pton($ip) {
125
  // convert the 4 char IPv4 to IPv6 mapped version.
126
+ $pton = str_pad(self::hasIPv6Support() ? inet_pton($ip) : self::_inet_pton($ip), 16,
127
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x00\x00", STR_PAD_LEFT);
128
  return $pton;
129
  }
130
 
131
  /**
132
+ * Added compatibility for hosts that do not have inet_pton.
133
  *
134
+ * @param $ip
135
+ * @return bool|string
136
  */
137
+ public static function _inet_pton($ip) {
138
+ // IPv4
139
+ if (preg_match('/^(?:\d{1,3}(?:\.|$)){4}/', $ip)) {
140
+ $octets = explode('.', $ip);
141
+ $bin = chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
142
+ return $bin;
143
+ }
144
+
145
+ // IPv6
146
+ if (preg_match('/^((?:[\da-f]{1,4}(?::|)){0,8})(::)?((?:[\da-f]{1,4}(?::|)){0,8})$/i', $ip)) {
147
+ if ($ip === '::') {
148
+ return "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
149
+ }
150
+ $colon_count = substr_count($ip, ':');
151
+ $dbl_colon_pos = strpos($ip, '::');
152
+ if ($dbl_colon_pos !== false) {
153
+ $ip = str_replace('::', str_repeat(':0000',
154
+ (($dbl_colon_pos === 0 || $dbl_colon_pos === strlen($ip) - 2) ? 9 : 8) - $colon_count) . ':', $ip);
155
+ $ip = trim($ip, ':');
156
+ }
157
+
158
+ $ip_groups = explode(':', $ip);
159
+ $ipv6_bin = '';
160
+ foreach ($ip_groups as $ip_group) {
161
+ $ipv6_bin .= pack('H*', str_pad($ip_group, 4, '0', STR_PAD_LEFT));
162
+ }
163
+
164
+ return strlen($ipv6_bin) === 16 ? $ipv6_bin : false;
165
+ }
166
+
167
+ // IPv4 mapped IPv6
168
+ if (preg_match('/^((?:0{1,4}(?::|)){0,5})(::)?ffff:((?:\d{1,3}(?:\.|$)){4})$/i', $ip, $matches)) {
169
+ $octets = explode('.', $matches[3]);
170
+ return "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff" . chr($octets[0]) . chr($octets[1]) . chr($octets[2]) . chr($octets[3]);
171
+ }
172
+
173
+ return false;
174
+ }
175
+
176
+ /**
177
+ * Added compatibility for hosts that do not have inet_ntop.
178
+ *
179
+ * @param $ip
180
+ * @return bool|string
181
+ */
182
+ public static function _inet_ntop($ip) {
183
+ // IPv4
184
+ if (strlen($ip) === 4) {
185
+ return ord($ip[0]) . '.' . ord($ip[1]) . '.' . ord($ip[2]) . '.' . ord($ip[3]);
186
+ }
187
+
188
+ // IPv6
189
+ if (strlen($ip) === 16) {
190
+
191
+ // IPv4 mapped IPv6
192
+ if (substr($ip, 0, 12) == "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff") {
193
+ return "::ffff:" . ord($ip[12]) . '.' . ord($ip[13]) . '.' . ord($ip[14]) . '.' . ord($ip[15]);
194
+ }
195
+
196
+ $hex = bin2hex($ip);
197
+ $groups = str_split($hex, 4);
198
+ $collapse = false;
199
+ $done_collapse = false;
200
+ foreach ($groups as $index => $group) {
201
+ if ($group == '0000' && !$done_collapse) {
202
+ if (!$collapse) {
203
+ $groups[$index] = ':';
204
+ } else {
205
+ $groups[$index] = '';
206
+ }
207
+ $collapse = true;
208
+ } else if ($collapse) {
209
+ $done_collapse = true;
210
+ $collapse = false;
211
+ }
212
+ $groups[$index] = ltrim($groups[$index], '0');
213
+ }
214
+ $ip = join(':', array_filter($groups));
215
+ $ip = str_replace(':::', '::', $ip);
216
+ return $ip == ':' ? '::' : $ip;
217
+ }
218
+
219
+ return false;
220
+ }
221
+
222
+ /**
223
+ * Verify PHP was compiled with IPv6 support.
224
+ *
225
+ * Some hosts appear to not have inet_ntop, and others appear to have inet_ntop but are unable to process IPv6 addresses.
226
+ *
227
+ * @return bool
228
+ */
229
+ public static function hasIPv6Support() {
230
+ return defined('AF_INET6');
231
  }
232
 
233
  public static function hasLoginCookie(){
909
  }
910
  }
911
 
912
+ // GeoIP lib uses these as well
913
+ if (!function_exists('inet_ntop')) {
914
+ function inet_ntop($ip) {
915
+ return wfUtils::_inet_ntop($ip);
916
+ }
917
+ }
918
+ if (!function_exists('inet_pton')) {
919
+ function inet_pton($ip) {
920
+ return wfUtils::_inet_pton($ip);
921
+ }
922
+ }
923
+
924
 
925
  ?>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
  Requires at least: 3.9
5
  Tested up to: 4.2.2
6
- Stable tag: 6.0.2
7
 
8
  Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
 
@@ -172,6 +172,9 @@ fully compatible with both IPv4 and IPv6 whether you run both or only one addres
172
 
173
  == Changelog ==
174
 
 
 
 
175
  = 6.0.2 =
176
  * Fix: Fixed an issue with the schema not updating when customers migrate to IPv6 schema to store IP's.
177
  * Improvement: Added additional safety checks during the schema update.
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
  Requires at least: 3.9
5
  Tested up to: 4.2.2
6
+ Stable tag: 6.0.3
7
 
8
  Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
 
172
 
173
  == Changelog ==
174
 
175
+ = 6.0.3 =
176
+ * Fix: Fix for hosts that don't have IPv6 compiled into PHP (which is rare) we now manually define certain functions.
177
+
178
  = 6.0.2 =
179
  * Fix: Fixed an issue with the schema not updating when customers migrate to IPv6 schema to store IP's.
180
  * Improvement: Added additional safety checks during the schema update.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
- Version: 6.0.2
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
- define('WORDFENCE_VERSION', '6.0.2');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
+ Version: 6.0.3
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
+ define('WORDFENCE_VERSION', '6.0.3');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }