Wordfence Security – Firewall & Malware Scan - Version 6.1.17

Version Description

  • Fix: Replaced calls to json_decode with our own implentation for hosts without the JSON extension enabled.
Download this release

Release Info

Developer wfmatt
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 6.1.17
Comparing to
See all releases

Code changes from version 6.1.16 to 6.1.17

Files changed (4) hide show
  1. readme.txt +5 -2
  2. vendor/wordfence/wf-waf/src/lib/rules.php +1 -1
  3. vendor/wordfence/wf-waf/src/lib/waf.php +4 -4
  4. wordfence.php +2 -2
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking, block hackers
4
  Requires at least: 3.9
5
  Tested up to: 4.6.1
6
- Stable tag: 6.1.16
7
 
8
  Secure your website with the Wordfence security plugin for WordPress. Wordfence provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
 
@@ -200,7 +200,10 @@ Secure your website with Wordfence.
200
 
201
  == Changelog ==
202
 
203
- = 6.1.16 =
 
 
 
204
  * Improvement: Now performing malware scanning on all uploaded files in real-time.
205
  * Improvement: Added Web Application Firewall activity to Wordfence summary email.
206
  * Fix: Now using 503 response code in the page displayed when an IP is locked out.
3
  Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking, block hackers
4
  Requires at least: 3.9
5
  Tested up to: 4.6.1
6
+ Stable tag: 6.1.17
7
 
8
  Secure your website with the Wordfence security plugin for WordPress. Wordfence provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
 
200
 
201
  == Changelog ==
202
 
203
+ = 6.1.17 =
204
+ * Fix: Replaced calls to json_decode with our own implentation for hosts without the JSON extension enabled.
205
+
206
+ = 6.1.16 =
207
  * Improvement: Now performing malware scanning on all uploaded files in real-time.
208
  * Improvement: Added Web Application Firewall activity to Wordfence summary email.
209
  * Fix: Now using 503 response code in the page displayed when an IP is locked out.
vendor/wordfence/wf-waf/src/lib/rules.php CHANGED
@@ -703,7 +703,7 @@ class wfWAFRuleComparison implements wfWAFRuleInterface {
703
  $request = $this->getWAF()->getRequest();
704
  $files = $request->getFiles();
705
  $patterns = $this->getWAF()->getMalwareSignatures();
706
- if (!is_array($patterns)) {
707
  return false;
708
  }
709
 
703
  $request = $this->getWAF()->getRequest();
704
  $files = $request->getFiles();
705
  $patterns = $this->getWAF()->getMalwareSignatures();
706
+ if (!is_array($patterns) || !is_array($files)) {
707
  return false;
708
  }
709
 
vendor/wordfence/wf-waf/src/lib/waf.php CHANGED
@@ -437,7 +437,7 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
437
  $encoded = base64_decode($encoded);
438
  $paddedKey = substr(str_repeat($authKey, ceil(strlen($encoded) / strlen($authKey))), 0, strlen($encoded));
439
  $json = $encoded ^ $paddedKey;
440
- $signatures = json_decode($json, true);
441
  if (!is_array($signatures)) {
442
  return array();
443
  }
@@ -460,7 +460,7 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
460
  }
461
 
462
  $authKey = $this->getStorageEngine()->getConfig('authKey');
463
- $json = json_encode($signatures);
464
  $paddedKey = substr(str_repeat($authKey, ceil(strlen($json) / strlen($authKey))), 0, strlen($json));
465
  $payload = $json ^ $paddedKey;
466
  $this->getStorageEngine()->setConfig('filePatterns', base64_encode($payload));
@@ -1389,7 +1389,7 @@ class wfWAFCronFetchRulesEvent extends wfWAFCronEvent {
1389
  isset($jsonData['data']['signatures']) &&
1390
  $waf->verifySignedRequest(base64_decode($jsonData['data']['signature']), $jsonData['data']['signatures'])
1391
  ) {
1392
- $waf->setMalwareSignatures(json_decode(base64_decode($jsonData['data']['signatures'])),
1393
  isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
1394
  if (array_key_exists('premiumCount', $jsonData['data'])) {
1395
  $waf->getStorageEngine()->setConfig('signaturePremiumCount', $jsonData['data']['premiumCount']);
@@ -1400,7 +1400,7 @@ class wfWAFCronFetchRulesEvent extends wfWAFCronEvent {
1400
  isset($jsonData['data']['signatures']) &&
1401
  $waf->verifyHashedRequest($jsonData['data']['hash'], $jsonData['data']['signatures'])
1402
  ) {
1403
- $waf->setMalwareSignatures(json_decode(base64_decode($jsonData['data']['signatures'])),
1404
  isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
1405
  if (array_key_exists('premiumCount', $jsonData['data'])) {
1406
  $waf->getStorageEngine()->setConfig('signaturePremiumCount', $jsonData['data']['premiumCount']);
437
  $encoded = base64_decode($encoded);
438
  $paddedKey = substr(str_repeat($authKey, ceil(strlen($encoded) / strlen($authKey))), 0, strlen($encoded));
439
  $json = $encoded ^ $paddedKey;
440
+ $signatures = wfWAFUtils::json_decode($json, true);
441
  if (!is_array($signatures)) {
442
  return array();
443
  }
460
  }
461
 
462
  $authKey = $this->getStorageEngine()->getConfig('authKey');
463
+ $json = wfWAFUtils::json_encode($signatures);
464
  $paddedKey = substr(str_repeat($authKey, ceil(strlen($json) / strlen($authKey))), 0, strlen($json));
465
  $payload = $json ^ $paddedKey;
466
  $this->getStorageEngine()->setConfig('filePatterns', base64_encode($payload));
1389
  isset($jsonData['data']['signatures']) &&
1390
  $waf->verifySignedRequest(base64_decode($jsonData['data']['signature']), $jsonData['data']['signatures'])
1391
  ) {
1392
+ $waf->setMalwareSignatures(wfWAFUtils::json_decode(base64_decode($jsonData['data']['signatures'])),
1393
  isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
1394
  if (array_key_exists('premiumCount', $jsonData['data'])) {
1395
  $waf->getStorageEngine()->setConfig('signaturePremiumCount', $jsonData['data']['premiumCount']);
1400
  isset($jsonData['data']['signatures']) &&
1401
  $waf->verifyHashedRequest($jsonData['data']['hash'], $jsonData['data']['signatures'])
1402
  ) {
1403
+ $waf->setMalwareSignatures(wfWAFUtils::json_decode(base64_decode($jsonData['data']['signatures'])),
1404
  isset($jsonData['data']['timestamp']) ? $jsonData['data']['timestamp'] : true);
1405
  if (array_key_exists('premiumCount', $jsonData['data'])) {
1406
  $waf->getStorageEngine()->setConfig('signaturePremiumCount', $jsonData['data']['premiumCount']);
wordfence.php CHANGED
@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
- Version: 6.1.16
8
  Author URI: http://www.wordfence.com/
9
  Network: true
10
  */
11
  if(defined('WP_INSTALLING') && WP_INSTALLING){
12
  return;
13
  }
14
- define('WORDFENCE_VERSION', '6.1.16');
15
  define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16
  basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17
 
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
+ Version: 6.1.17
8
  Author URI: http://www.wordfence.com/
9
  Network: true
10
  */
11
  if(defined('WP_INSTALLING') && WP_INSTALLING){
12
  return;
13
  }
14
+ define('WORDFENCE_VERSION', '6.1.17');
15
  define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16
  basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17