Version Description
- Fix: Fixed fatal error when using a whitelisted IPv6 range and connecting with an IPv6 address.
Download this release
Release Info
| Developer | wfmatt |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 6.1.2 |
| Comparing to | |
| See all releases | |
Code changes from version 6.1.1 to 6.1.2
- readme.txt +4 -1
- vendor/wordfence/wf-waf/src/lib/utils.php +12 -0
- waf/wfWAFUserIPRange.php +2 -2
- wordfence.php +2 -2
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, web application firewall, waf, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, two factor authentication, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.5
|
| 6 |
-
Stable tag: 6.1.
|
| 7 |
|
| 8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
== Description ==
|
|
@@ -195,6 +195,9 @@ Designed for every skill level, [The WordPress Security Learning Center](https:/
|
|
| 195 |
|
| 196 |
== Changelog ==
|
| 197 |
|
|
|
|
|
|
|
|
|
|
| 198 |
= 6.1.1 =
|
| 199 |
* Enhancement: Added Web Application Firewall
|
| 200 |
* Enhancement: Added Diagnostics page
|
| 3 |
Tags: wordpress, security, web application firewall, waf, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, two factor authentication, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.5
|
| 6 |
+
Stable tag: 6.1.2
|
| 7 |
|
| 8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
== Description ==
|
| 195 |
|
| 196 |
== Changelog ==
|
| 197 |
|
| 198 |
+
= 6.1.2 =
|
| 199 |
+
* Fix: Fixed fatal error when using a whitelisted IPv6 range and connecting with an IPv6 address.
|
| 200 |
+
|
| 201 |
= 6.1.1 =
|
| 202 |
* Enhancement: Added Web Application Firewall
|
| 203 |
* Enhancement: Added Diagnostics page
|
vendor/wordfence/wf-waf/src/lib/utils.php
CHANGED
|
@@ -131,6 +131,18 @@ class wfWAFUtils {
|
|
| 131 |
return defined('AF_INET6');
|
| 132 |
}
|
| 133 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 134 |
/**
|
| 135 |
* Compare two strings in constant time. It can leak the length of a string.
|
| 136 |
*
|
| 131 |
return defined('AF_INET6');
|
| 132 |
}
|
| 133 |
|
| 134 |
+
/**
|
| 135 |
+
* Expand a compressed printable representation of an IPv6 address.
|
| 136 |
+
*
|
| 137 |
+
* @param string $ip
|
| 138 |
+
* @return string
|
| 139 |
+
*/
|
| 140 |
+
public static function expandIPv6Address($ip) {
|
| 141 |
+
$hex = bin2hex(self::inet_pton($ip));
|
| 142 |
+
$ip = substr(preg_replace("/([a-f0-9]{4})/i", "$1:", $hex), 0, -1);
|
| 143 |
+
return $ip;
|
| 144 |
+
}
|
| 145 |
+
|
| 146 |
/**
|
| 147 |
* Compare two strings in constant time. It can leak the length of a string.
|
| 148 |
*
|
waf/wfWAFUserIPRange.php
CHANGED
|
@@ -51,7 +51,7 @@ class wfWAFUserIPRange {
|
|
| 51 |
// IPv6 range
|
| 52 |
} else if (strpos($ip_string, ':') !== false && strpos($ip, ':') !== false) {
|
| 53 |
if (preg_match('/\[[a-f0-9]+\-[a-f0-9]+\]/', $ip_string)) {
|
| 54 |
-
$IPparts = explode(':', strtolower(
|
| 55 |
$whiteParts = explode(':', strtolower(self::expandIPv6Range($ip_string)));
|
| 56 |
$mismatch = false;
|
| 57 |
for ($i = 0; $i <= 7; $i++) {
|
|
@@ -125,7 +125,7 @@ class wfWAFUserIPRange {
|
|
| 125 |
$sql = substr($sql, 0, -5) . ')';
|
| 126 |
return $sql;
|
| 127 |
}
|
| 128 |
-
return $wpdb->prepare("($column = %s)",
|
| 129 |
}
|
| 130 |
|
| 131 |
/**
|
| 51 |
// IPv6 range
|
| 52 |
} else if (strpos($ip_string, ':') !== false && strpos($ip, ':') !== false) {
|
| 53 |
if (preg_match('/\[[a-f0-9]+\-[a-f0-9]+\]/', $ip_string)) {
|
| 54 |
+
$IPparts = explode(':', strtolower(wfWAFUtils::expandIPv6Address($ip)));
|
| 55 |
$whiteParts = explode(':', strtolower(self::expandIPv6Range($ip_string)));
|
| 56 |
$mismatch = false;
|
| 57 |
for ($i = 0; $i <= 7; $i++) {
|
| 125 |
$sql = substr($sql, 0, -5) . ')';
|
| 126 |
return $sql;
|
| 127 |
}
|
| 128 |
+
return $wpdb->prepare("($column = %s)", wfWAFUtils::inet_pton($ip_string));
|
| 129 |
}
|
| 130 |
|
| 131 |
/**
|
wordfence.php
CHANGED
|
@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 6.1.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
Network: true
|
| 10 |
*/
|
| 11 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 12 |
return;
|
| 13 |
}
|
| 14 |
-
define('WORDFENCE_VERSION', '6.1.
|
| 15 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
| 16 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
| 17 |
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 6.1.2
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
Network: true
|
| 10 |
*/
|
| 11 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 12 |
return;
|
| 13 |
}
|
| 14 |
+
define('WORDFENCE_VERSION', '6.1.2');
|
| 15 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
| 16 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
| 17 |
|
