Wordfence Security – Firewall & Malware Scan - Version 7.4.2

Version Description

  • December 3, 2019 =
  • Improvement: Increased performance of IP CIDR range comparisons.
  • Improvement: Added parameter signature to remote scanning for better validation during forking.
  • Change: Removed duplicate browser label in Live Traffic.
  • Fix: Added compensation for PHP 7.4 deprecation notice with get_magic_quotes_gpc.
  • Fix: Fixed potential notice in dashboard widget when no updates are found.
  • Fix: Updated JS hashing library to compensate for a variable name collision that could occur.
  • Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files.
  • Fix: Fixed PHP memory test for newer PHP versions whose optimizations prevented it from allocating memory as desired.
Download this release

Release Info

Developer wfryan
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 7.4.2
Comparing to
See all releases

Code changes from version 7.4.1 to 7.4.2

Files changed (70) hide show
  1. css/{activity-report-widget.1573059078.css → activity-report-widget.1575390485.css} +0 -0
  2. css/{diff.1573059078.css → diff.1575390485.css} +0 -0
  3. css/{dt_table.1573059078.css → dt_table.1575390485.css} +0 -0
  4. css/{fullLog.1573059078.css → fullLog.1575390485.css} +0 -0
  5. css/{iptraf.1573059078.css → iptraf.1575390485.css} +0 -0
  6. css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} +0 -0
  7. css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} +0 -0
  8. css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} +0 -0
  9. css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} +0 -0
  10. css/{main.1573059078.css → main.1575390485.css} +0 -0
  11. css/{phpinfo.1573059078.css → phpinfo.1575390485.css} +0 -0
  12. css/{wf-adminbar.1573059078.css → wf-adminbar.1575390485.css} +0 -0
  13. css/{wf-colorbox.1573059078.css → wf-colorbox.1575390485.css} +0 -0
  14. css/{wf-font-awesome.1573059078.css → wf-font-awesome.1575390485.css} +0 -0
  15. css/{wf-global.1573059078.css → wf-global.1575390485.css} +0 -0
  16. css/{wf-ionicons.1573059078.css → wf-ionicons.1575390485.css} +0 -0
  17. css/{wf-onboarding.1573059078.css → wf-onboarding.1575390485.css} +0 -0
  18. css/{wf-roboto-font.1573059078.css → wf-roboto-font.1575390485.css} +0 -0
  19. css/{wfselect2.min.1573059078.css → wfselect2.min.1575390485.css} +0 -0
  20. css/{wordfenceBox.1573059078.css → wordfenceBox.1575390485.css} +0 -0
  21. js/{Chart.bundle.min.1573059078.js → Chart.bundle.min.1575390485.js} +0 -0
  22. js/{admin.1573059078.js → admin.1575390485.js} +0 -0
  23. js/{admin.ajaxWatcher.1573059078.js → admin.ajaxWatcher.1575390485.js} +0 -0
  24. js/{admin.liveTraffic.1573059078.js → admin.liveTraffic.1575390485.js} +0 -0
  25. js/{date.1573059078.js → date.1575390485.js} +0 -0
  26. js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} +0 -0
  27. js/{jquery.colorbox-min.1573059078.js → jquery.colorbox-min.1575390485.js} +0 -0
  28. js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} +0 -0
  29. js/{jquery.dataTables.min.1573059078.js → jquery.dataTables.min.1575390485.js} +0 -0
  30. js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} +0 -0
  31. js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} +0 -0
  32. js/{jquery.tools.min.1573059078.js → jquery.tools.min.1575390485.js} +0 -0
  33. js/{knockout-3.3.0.1573059078.js → knockout-3.3.0.1575390485.js} +0 -0
  34. js/{wfdashboard.1573059078.js → wfdashboard.1575390485.js} +0 -0
  35. js/{wfdropdown.1573059078.js → wfdropdown.1575390485.js} +0 -0
  36. js/wfglobal.1573059078.js +0 -234
  37. js/wfglobal.1575390485.js +223 -0
  38. js/{wfpopover.1573059078.js → wfpopover.1575390485.js} +0 -0
  39. js/{wfselect2.min.1573059078.js → wfselect2.min.1575390485.js} +0 -0
  40. lib/menu_tools_livetraffic.php +0 -7
  41. lib/wfCrypt.php +10 -0
  42. lib/wfScan.php +8 -1
  43. lib/wfScanEngine.php +37 -5
  44. lib/wfUtils.php +203 -30
  45. lib/wordfenceClass.php +9 -6
  46. lib/wordfenceHash.php +2 -0
  47. modules/login-security/css/{admin-global.1573059078.css → admin-global.1575390485.css} +0 -0
  48. modules/login-security/css/{admin.1573059078.css → admin.1575390485.css} +0 -0
  49. modules/login-security/css/{colorbox.1573059078.css → colorbox.1575390485.css} +0 -0
  50. modules/login-security/css/{font-awesome.1573059078.css → font-awesome.1575390485.css} +0 -0
  51. modules/login-security/css/{ionicons.1573059078.css → ionicons.1575390485.css} +0 -0
  52. modules/login-security/css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} +0 -0
  53. modules/login-security/css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} +0 -0
  54. modules/login-security/css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} +0 -0
  55. modules/login-security/css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} +0 -0
  56. modules/login-security/css/{login.1573059078.css → login.1575390485.css} +0 -0
  57. modules/login-security/js/{admin-global.1573059078.js → admin-global.1575390485.js} +0 -0
  58. modules/login-security/js/{admin.1573059078.js → admin.1575390485.js} +0 -0
  59. modules/login-security/js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} +0 -0
  60. modules/login-security/js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} +0 -0
  61. modules/login-security/js/{jquery.colorbox.min.1573059078.js → jquery.colorbox.min.1575390485.js} +0 -0
  62. modules/login-security/js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} +0 -0
  63. modules/login-security/js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} +0 -0
  64. modules/login-security/js/{login.1573059078.js → login.1575390485.js} +0 -0
  65. modules/login-security/wordfence-login-security.php +1 -1
  66. readme.txt +11 -1
  67. vendor/wordfence/wf-waf/src/lib/utils.php +208 -32
  68. views/reports/activity-report-email-inline.php +6 -1
  69. views/reports/activity-report.php +5 -0
  70. wordfence.php +3 -3
css/{activity-report-widget.1573059078.css → activity-report-widget.1575390485.css} RENAMED
File without changes
css/{diff.1573059078.css → diff.1575390485.css} RENAMED
File without changes
css/{dt_table.1573059078.css → dt_table.1575390485.css} RENAMED
File without changes
css/{fullLog.1573059078.css → fullLog.1575390485.css} RENAMED
File without changes
css/{iptraf.1573059078.css → iptraf.1575390485.css} RENAMED
File without changes
css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} RENAMED
File without changes
css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} RENAMED
File without changes
css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} RENAMED
File without changes
css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} RENAMED
File without changes
css/{main.1573059078.css → main.1575390485.css} RENAMED
File without changes
css/{phpinfo.1573059078.css → phpinfo.1575390485.css} RENAMED
File without changes
css/{wf-adminbar.1573059078.css → wf-adminbar.1575390485.css} RENAMED
File without changes
css/{wf-colorbox.1573059078.css → wf-colorbox.1575390485.css} RENAMED
File without changes
css/{wf-font-awesome.1573059078.css → wf-font-awesome.1575390485.css} RENAMED
File without changes
css/{wf-global.1573059078.css → wf-global.1575390485.css} RENAMED
File without changes
css/{wf-ionicons.1573059078.css → wf-ionicons.1575390485.css} RENAMED
File without changes
css/{wf-onboarding.1573059078.css → wf-onboarding.1575390485.css} RENAMED
File without changes
css/{wf-roboto-font.1573059078.css → wf-roboto-font.1575390485.css} RENAMED
File without changes
css/{wfselect2.min.1573059078.css → wfselect2.min.1575390485.css} RENAMED
File without changes
css/{wordfenceBox.1573059078.css → wordfenceBox.1575390485.css} RENAMED
File without changes
js/{Chart.bundle.min.1573059078.js → Chart.bundle.min.1575390485.js} RENAMED
File without changes
js/{admin.1573059078.js → admin.1575390485.js} RENAMED
File without changes
js/{admin.ajaxWatcher.1573059078.js → admin.ajaxWatcher.1575390485.js} RENAMED
File without changes
js/{admin.liveTraffic.1573059078.js → admin.liveTraffic.1575390485.js} RENAMED
File without changes
js/{date.1573059078.js → date.1575390485.js} RENAMED
File without changes
js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} RENAMED
File without changes
js/{jquery.colorbox-min.1573059078.js → jquery.colorbox-min.1575390485.js} RENAMED
File without changes
js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} RENAMED
File without changes
js/{jquery.dataTables.min.1573059078.js → jquery.dataTables.min.1575390485.js} RENAMED
File without changes
js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} RENAMED
File without changes
js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} RENAMED
File without changes
js/{jquery.tools.min.1573059078.js → jquery.tools.min.1575390485.js} RENAMED
File without changes
js/{knockout-3.3.0.1573059078.js → knockout-3.3.0.1575390485.js} RENAMED
File without changes
js/{wfdashboard.1573059078.js → wfdashboard.1575390485.js} RENAMED
File without changes
js/{wfdropdown.1573059078.js → wfdropdown.1575390485.js} RENAMED
File without changes
js/wfglobal.1573059078.js DELETED
@@ -1,234 +0,0 @@
1
- (function($) {
2
- if (!window['wordfenceExt']) {
3
- window['wordfenceExt'] = {
4
- nonce: false,
5
- loadingCount: 0,
6
- isSmallScreen: false,
7
- init: function(){
8
- this.nonce = WordfenceAdminVars.firstNonce;
9
- this.isSmallScreen = window.matchMedia("only screen and (max-width: 500px)").matches;
10
- },
11
- showLoading: function(){
12
- this.loadingCount++;
13
- if (this.loadingCount == 1) {
14
- jQuery('<div id="wordfenceWorking">Wordfence is working...</div>').appendTo('body');
15
- }
16
- },
17
- removeLoading: function(){
18
- this.loadingCount--;
19
- if(this.loadingCount == 0){
20
- jQuery('#wordfenceWorking').remove();
21
- }
22
- },
23
- autoUpdateChoice: function(choice){
24
- this.ajax('wordfence_autoUpdateChoice', {
25
- choice: choice
26
- },
27
- function(res){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); },
28
- function(){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); }
29
- );
30
- },
31
- misconfiguredHowGetIPsChoice : function(choice) {
32
- this.ajax('wordfence_misconfiguredHowGetIPsChoice', {
33
- choice: choice
34
- },
35
- function(res){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); },
36
- function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
37
- );
38
- },
39
- switchLiveTrafficSecurityOnlyChoice: function(choice) {
40
- this.ajax('wordfence_switchLiveTrafficSecurityOnlyChoice', {
41
- choice: choice
42
- },
43
- function(res){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); },
44
- function(){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); }
45
- );
46
- },
47
- dismissAdminNotice: function(nid) {
48
- this.ajax('wordfence_dismissAdminNotice', {
49
- id: nid
50
- },
51
- function(res){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); },
52
- function(){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); }
53
- );
54
- },
55
- setOption: function(key, value, successCallback) {
56
- var changes = {};
57
- changes[key] = value;
58
- this.ajax('wordfence_saveOptions', {changes: JSON.stringify(changes)}, function(res) {
59
- if (res.success) {
60
- typeof successCallback == 'function' && successCallback(res);
61
- }
62
- });
63
- },
64
- ajax: function(action, data, cb, cbErr, noLoading){
65
- if(typeof(data) == 'string'){
66
- if(data.length > 0){
67
- data += '&';
68
- }
69
- data += 'action=' + action + '&nonce=' + this.nonce;
70
- } else if(typeof(data) == 'object'){
71
- data['action'] = action;
72
- data['nonce'] = this.nonce;
73
- }
74
- if(! cbErr){
75
- cbErr = function(){};
76
- }
77
- var self = this;
78
- if(! noLoading){
79
- this.showLoading();
80
- }
81
- jQuery.ajax({
82
- type: 'POST',
83
- url: WordfenceAdminVars.ajaxURL,
84
- dataType: "json",
85
- data: data,
86
- success: function(json){
87
- if(! noLoading){
88
- self.removeLoading();
89
- }
90
- if(json && json.nonce){
91
- self.nonce = json.nonce;
92
- }
93
- cb(json);
94
- },
95
- error: function(){
96
- if(! noLoading){
97
- self.removeLoading();
98
- }
99
- cbErr();
100
- }
101
- });
102
- },
103
- hashSHA256: function(s) {
104
- return sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(s))
105
- },
106
- isEmailBlacklisted: function(email) {
107
- var hash = this.hashSHA256(email);
108
- for (var i = 0; i < WordfenceAdminVars.alertEmailBlacklist.length; i++) {
109
- if (hash === WordfenceAdminVars.alertEmailBlacklist[i]) {
110
- return true;
111
- }
112
- }
113
- return false;
114
- },
115
- parseEmails: function(raw) {
116
- var emails = [];
117
- if (typeof raw !== 'string') {
118
- return emails;
119
- }
120
-
121
- var rawEmails = raw.replace(/\s/g, '').split(',');
122
- for (var i = 0; i < rawEmails.length; i++) {
123
- //From https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address
124
- if (/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/.test(rawEmails[i]) && !this.isEmailBlacklisted(rawEmails[i])) {
125
- emails.push(rawEmails[i]);
126
- }
127
- }
128
- return emails;
129
- },
130
- onboardingProcessEmails: function(emails, subscribe, touppAgreed) {
131
- var subscribe = !!subscribe;
132
- wordfenceExt.setOption('alertEmails', emails.join(', '));
133
-
134
- if (touppAgreed) {
135
- this.ajax('wordfence_recordTOUPP', {}, function(res) {
136
- //Do nothing
137
- });
138
- }
139
-
140
- if (subscribe) {
141
- this.ajax('wordfence_mailingSignup', {emails: JSON.stringify(emails)}, function(res) {
142
- //Do nothing
143
- });
144
- }
145
- },
146
- onboardingInstallLicense: function(license, successCallback, errorCallback) {
147
- this.ajax('wordfence_installLicense', {license: license}, function(res) {
148
- if (res.success) {
149
- typeof successCallback == 'function' && successCallback(res);
150
- }
151
- else if (res.error) {
152
- typeof errorCallback == 'function' && errorCallback(res);
153
- }
154
- });
155
- }
156
- };
157
- }
158
-
159
- $(function() {
160
- wordfenceExt.init();
161
-
162
- $('.wf-dismiss-link').on('click', function() {
163
- $('#wf-extended-protection-notice').css({
164
- opacity: .75
165
- });
166
- $.get(this.href, function() {
167
- $('#wf-extended-protection-notice').fadeOut(1000);
168
- });
169
- return false;
170
- });
171
- });
172
- })(jQuery);
173
-
174
- //Stanford Javascript Crypto Library: https://bitwiseshiftleft.github.io/sjcl/
175
- "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notReady:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}};
176
- sjcl.cipher.aes=function(a){this.s[0][0][0]||this.O();var b,c,d,e,f=this.s[0][4],g=this.s[1];b=a.length;var h=1;if(4!==b&&6!==b&&8!==b)throw new sjcl.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=f[c>>>24]<<24^f[c>>16&255]<<16^f[c>>8&255]<<8^f[c&255],0===a%b&&(c=c<<8^c>>>24^h<<24,h=h<<1^283*(h>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:g[0][f[c>>>24]]^g[1][f[c>>16&255]]^g[2][f[c>>8&255]]^g[3][f[c&
177
- 255]]};
178
- sjcl.cipher.aes.prototype={encrypt:function(a){return t(this,a,0)},decrypt:function(a){return t(this,a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],O:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,g,h=[],k=[],l,n,m,p;for(e=0;0x100>e;e++)k[(h[e]=e<<1^283*(e>>7))^e]=e;for(f=g=0;!c[f];f^=l||1,g=k[g]||1)for(m=g^g<<1^g<<2^g<<3^g<<4,m=m>>8^m&255^99,c[f]=m,d[m]=f,n=h[e=h[l=h[f]]],p=0x1010101*n^0x10001*e^0x101*l^0x1010100*f,n=0x101*h[m]^0x1010100*m,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][m]=p=p<<24^p>>>8;for(e=
179
- 0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)}};
180
- function t(a,b,c){if(4!==b.length)throw new sjcl.exception.invalid("invalid aes block size");var d=a.b[c],e=b[0]^d[0],f=b[c?3:1]^d[1],g=b[2]^d[2];b=b[c?1:3]^d[3];var h,k,l,n=d.length/4-2,m,p=4,r=[0,0,0,0];h=a.s[c];a=h[0];var q=h[1],v=h[2],w=h[3],x=h[4];for(m=0;m<n;m++)h=a[e>>>24]^q[f>>16&255]^v[g>>8&255]^w[b&255]^d[p],k=a[f>>>24]^q[g>>16&255]^v[b>>8&255]^w[e&255]^d[p+1],l=a[g>>>24]^q[b>>16&255]^v[e>>8&255]^w[f&255]^d[p+2],b=a[b>>>24]^q[e>>16&255]^v[f>>8&255]^w[g&255]^d[p+3],p+=4,e=h,f=k,g=l;for(m=
181
- 0;4>m;m++)r[c?3&-m:m]=x[e>>>24]<<24^x[f>>16&255]<<16^x[g>>8&255]<<8^x[b&255]^d[p++],h=e,e=f,f=g,g=b,b=h;return r}
182
- sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.$(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:sjcl.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<<c)-1},concat:function(a,b){if(0===a.length||0===b.length)return a.concat(b);var c=a[a.length-1],d=sjcl.bitArray.getPartial(c);return 32===d?a.concat(b):sjcl.bitArray.$(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;return 0===
183
- b?0:32*(b-1)+sjcl.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(32*a.length<b)return a;a=a.slice(0,Math.ceil(b/32));var c=a.length;b=b&31;0<c&&b&&(a[c-1]=sjcl.bitArray.partial(b,a[c-1]&2147483648>>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d<a.length;d++)c|=a[d]^b[d];return 0===
184
- c},$:function(a,b,c,d){var e;e=0;for(void 0===d&&(d=[]);32<=b;b-=32)d.push(c),c=0;if(0===b)return d.concat(a);for(e=0;e<a.length;e++)d.push(c|a[e]>>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,32<b+a?c:d.pop(),1));return d},i:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]},byteswapM:function(a){var b,c;for(b=0;b<a.length;++b)c=a[b],a[b]=c>>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}};
185
- sjcl.codec.utf8String={fromBits:function(a){var b="",c=sjcl.bitArray.bitLength(a),d,e;for(d=0;d<c/8;d++)0===(d&3)&&(e=a[d/4]),b+=String.fromCharCode(e>>>8>>>8>>>8),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c<a.length;c++)d=d<<8|a.charCodeAt(c),3===(c&3)&&(b.push(d),d=0);c&3&&b.push(sjcl.bitArray.partial(8*(c&3),d));return b}};
186
- sjcl.codec.hex={fromBits:function(a){var b="",c;for(c=0;c<a.length;c++)b+=((a[c]|0)+0xf00000000000).toString(16).substr(4);return b.substr(0,sjcl.bitArray.bitLength(a)/4)},toBits:function(a){var b,c=[],d;a=a.replace(/\s|0x/g,"");d=a.length;a=a+"00000000";for(b=0;b<a.length;b+=8)c.push(parseInt(a.substr(b,8),16)^0);return sjcl.bitArray.clamp(c,4*d)}};
187
- sjcl.codec.base32={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",X:"0123456789ABCDEFGHIJKLMNOPQRSTUV",BITS:32,BASE:5,REMAINING:27,fromBits:function(a,b,c){var d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f="",g=0,h=sjcl.codec.base32.B,k=0,l=sjcl.bitArray.bitLength(a);c&&(h=sjcl.codec.base32.X);for(c=0;f.length*d<l;)f+=h.charAt((k^a[c]>>>g)>>>e),g<d?(k=a[c]<<d-g,g+=e,c++):(k<<=d,g-=d);for(;f.length&7&&!b;)f+="=";return f},toBits:function(a,b){a=a.replace(/\s|=/g,"").toUpperCase();var c=sjcl.codec.base32.BITS,
188
- d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f=[],g,h=0,k=sjcl.codec.base32.B,l=0,n,m="base32";b&&(k=sjcl.codec.base32.X,m="base32hex");for(g=0;g<a.length;g++){n=k.indexOf(a.charAt(g));if(0>n){if(!b)try{return sjcl.codec.base32hex.toBits(a)}catch(p){}throw new sjcl.exception.invalid("this isn't "+m+"!");}h>e?(h-=e,f.push(l^n>>>h),l=n<<c-h):(h+=d,l^=n<<c-h)}h&56&&f.push(sjcl.bitArray.partial(h&56,l,1));return f}};
189
- sjcl.codec.base32hex={fromBits:function(a,b){return sjcl.codec.base32.fromBits(a,b,1)},toBits:function(a){return sjcl.codec.base32.toBits(a,1)}};
190
- sjcl.codec.base64={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",fromBits:function(a,b,c){var d="",e=0,f=sjcl.codec.base64.B,g=0,h=sjcl.bitArray.bitLength(a);c&&(f=f.substr(0,62)+"-_");for(c=0;6*d.length<h;)d+=f.charAt((g^a[c]>>>e)>>>26),6>e?(g=a[c]<<6-e,e+=26,c++):(g<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,f=sjcl.codec.base64.B,g=0,h;b&&(f=f.substr(0,62)+"-_");for(d=0;d<a.length;d++){h=f.indexOf(a.charAt(d));
191
- if(0>h)throw new sjcl.exception.invalid("this isn't base64!");26<e?(e-=26,c.push(g^h>>>e),g=h<<32-e):(e+=6,g^=h<<32-e)}e&56&&c.push(sjcl.bitArray.partial(e&56,g,1));return c}};sjcl.codec.base64url={fromBits:function(a){return sjcl.codec.base64.fromBits(a,1,1)},toBits:function(a){return sjcl.codec.base64.toBits(a,1)}};sjcl.hash.sha256=function(a){this.b[0]||this.O();a?(this.F=a.F.slice(0),this.A=a.A.slice(0),this.l=a.l):this.reset()};sjcl.hash.sha256.hash=function(a){return(new sjcl.hash.sha256).update(a).finalize()};
192
- sjcl.hash.sha256.prototype={blockSize:512,reset:function(){this.F=this.Y.slice(0);this.A=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));var b,c=this.A=sjcl.bitArray.concat(this.A,a);b=this.l;a=this.l=b+sjcl.bitArray.bitLength(a);if(0x1fffffffffffff<a)throw new sjcl.exception.invalid("Cannot hash more than 2^53 - 1 bits");if("undefined"!==typeof Uint32Array){var d=new Uint32Array(c),e=0;for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,d.subarray(16*e,
193
- 16*(e+1))),e+=1;c.splice(0,16*e)}else for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,c.splice(0,16));return this},finalize:function(){var a,b=this.A,c=this.F,b=sjcl.bitArray.concat(b,[sjcl.bitArray.partial(1,1)]);for(a=b.length+2;a&15;a++)b.push(0);b.push(Math.floor(this.l/0x100000000));for(b.push(this.l|0);b.length;)u(this,b.splice(0,16));this.reset();return c},Y:[],b:[],O:function(){function a(a){return 0x100000000*(a-Math.floor(a))|0}for(var b=0,c=2,d,e;64>b;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e=
194
- !1;break}e&&(8>b&&(this.Y[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}}};
195
- function u(a,b){var c,d,e,f=a.F,g=a.b,h=f[0],k=f[1],l=f[2],n=f[3],m=f[4],p=f[5],r=f[6],q=f[7];for(c=0;64>c;c++)16>c?d=b[c]:(d=b[c+1&15],e=b[c+14&15],d=b[c&15]=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+b[c&15]+b[c+9&15]|0),d=d+q+(m>>>6^m>>>11^m>>>25^m<<26^m<<21^m<<7)+(r^m&(p^r))+g[c],q=r,r=p,p=m,m=n+d|0,n=l,l=k,k=h,h=d+(k&l^n&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;f[0]=f[0]+h|0;f[1]=f[1]+k|0;f[2]=f[2]+l|0;f[3]=f[3]+n|0;f[4]=f[4]+m|0;f[5]=f[5]+p|0;f[6]=f[6]+r|0;f[7]=
196
- f[7]+q|0}
197
- sjcl.mode.ccm={name:"ccm",G:[],listenProgress:function(a){sjcl.mode.ccm.G.push(a)},unListenProgress:function(a){a=sjcl.mode.ccm.G.indexOf(a);-1<a&&sjcl.mode.ccm.G.splice(a,1)},fa:function(a){var b=sjcl.mode.ccm.G.slice(),c;for(c=0;c<b.length;c+=1)b[c](a)},encrypt:function(a,b,c,d,e){var f,g=b.slice(0),h=sjcl.bitArray,k=h.bitLength(c)/8,l=h.bitLength(g)/8;e=e||64;d=d||[];if(7>k)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;4>f&&l>>>8*f;f++);f<15-k&&(f=15-k);c=h.clamp(c,
198
- 8*(15-f));b=sjcl.mode.ccm.V(a,b,c,d,e,f);g=sjcl.mode.ccm.C(a,g,c,b,e,f);return h.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var f=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),k=f.clamp(b,h-e),l=f.bitSlice(b,h-e),h=(h-e)/8;if(7>g)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&h>>>8*b;b++);b<15-g&&(b=15-g);c=f.clamp(c,8*(15-b));k=sjcl.mode.ccm.C(a,k,c,l,e,b);a=sjcl.mode.ccm.V(a,k.data,c,d,e,b);if(!f.equal(k.tag,a))throw new sjcl.exception.corrupt("ccm: tag doesn't match");
199
- return k.data},na:function(a,b,c,d,e,f){var g=[],h=sjcl.bitArray,k=h.i;d=[h.partial(8,(b.length?64:0)|d-2<<2|f-1)];d=h.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=h.bitLength(b)/8,65279>=c?g=[h.partial(16,c)]:0xffffffff>=c&&(g=h.concat([h.partial(16,65534)],[c])),g=h.concat(g,b),b=0;b<g.length;b+=4)d=a.encrypt(k(d,g.slice(b,b+4).concat([0,0,0])));return d},V:function(a,b,c,d,e,f){var g=sjcl.bitArray,h=g.i;e/=8;if(e%2||4>e||16<e)throw new sjcl.exception.invalid("ccm: invalid tag length");
200
- if(0xffffffff<d.length||0xffffffff<b.length)throw new sjcl.exception.bug("ccm: can't deal with 4GiB or more data");c=sjcl.mode.ccm.na(a,d,c,e,g.bitLength(b)/8,f);for(d=0;d<b.length;d+=4)c=a.encrypt(h(c,b.slice(d,d+4).concat([0,0,0])));return g.clamp(c,8*e)},C:function(a,b,c,d,e,f){var g,h=sjcl.bitArray;g=h.i;var k=b.length,l=h.bitLength(b),n=k/50,m=n;c=h.concat([h.partial(8,f-1)],c).concat([0,0,0]).slice(0,4);d=h.bitSlice(g(d,a.encrypt(c)),0,e);if(!k)return{tag:d,data:[]};for(g=0;g<k;g+=4)g>n&&(sjcl.mode.ccm.fa(g/
201
- k),n+=m),c[3]++,e=a.encrypt(c),b[g]^=e[0],b[g+1]^=e[1],b[g+2]^=e[2],b[g+3]^=e[3];return{tag:d,data:h.clamp(b,l)}}};
202
- sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");var g,h=sjcl.mode.ocb2.S,k=sjcl.bitArray,l=k.i,n=[0,0,0,0];c=h(a.encrypt(c));var m,p=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4)m=b.slice(g,g+4),n=l(n,m),p=p.concat(l(c,a.encrypt(l(c,m)))),c=h(c);m=b.slice(g);b=k.bitLength(m);g=a.encrypt(l(c,[0,0,0,b]));m=k.clamp(l(m.concat([0,0,0]),g),b);n=l(n,l(m.concat([0,0,0]),g));n=a.encrypt(l(n,l(c,h(c))));
203
- d.length&&(n=l(n,f?d:sjcl.mode.ocb2.pmac(a,d)));return p.concat(k.concat(m,k.clamp(n,e)))},decrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;var g=sjcl.mode.ocb2.S,h=sjcl.bitArray,k=h.i,l=[0,0,0,0],n=g(a.encrypt(c)),m,p,r=sjcl.bitArray.bitLength(b)-e,q=[];d=d||[];for(c=0;c+4<r/32;c+=4)m=k(n,a.decrypt(k(n,b.slice(c,c+4)))),l=k(l,m),q=q.concat(m),n=g(n);p=r-32*c;m=a.encrypt(k(n,[0,0,0,p]));m=k(m,h.clamp(b.slice(c),p).concat([0,
204
- 0,0]));l=k(l,m);l=a.encrypt(k(l,k(n,g(n))));d.length&&(l=k(l,f?d:sjcl.mode.ocb2.pmac(a,d)));if(!h.equal(h.clamp(l,e),h.bitSlice(b,r)))throw new sjcl.exception.corrupt("ocb: tag doesn't match");return q.concat(h.clamp(m,p))},pmac:function(a,b){var c,d=sjcl.mode.ocb2.S,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]),h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4)h=d(h),g=f(g,a.encrypt(f(h,b.slice(c,c+4))));c=b.slice(c);128>e.bitLength(c)&&(h=f(h,d(h)),c=e.concat(c,[-2147483648,0,0,0]));g=f(g,c);
205
- return a.encrypt(f(d(f(h,d(h))),g))},S:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}};
206
- sjcl.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var f=b.slice(0);b=sjcl.bitArray;d=d||[];a=sjcl.mode.gcm.C(!0,a,f,d,c,e||128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var f=b.slice(0),g=sjcl.bitArray,h=g.bitLength(f);e=e||128;d=d||[];e<=h?(b=g.bitSlice(f,h-e),f=g.bitSlice(f,0,h-e)):(b=f,f=[]);a=sjcl.mode.gcm.C(!1,a,f,d,c,e);if(!g.equal(a.tag,b))throw new sjcl.exception.corrupt("gcm: tag doesn't match");return a.data},ka:function(a,b){var c,d,e,f,g,h=sjcl.bitArray.i;e=[0,0,
207
- 0,0];f=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=h(e,f));g=0!==(f[3]&1);for(d=3;0<d;d--)f[d]=f[d]>>>1|(f[d-1]&1)<<31;f[0]>>>=1;g&&(f[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;d<e;d+=4)b[0]^=0xffffffff&c[d],b[1]^=0xffffffff&c[d+1],b[2]^=0xffffffff&c[d+2],b[3]^=0xffffffff&c[d+3],b=sjcl.mode.gcm.ka(b,a);return b},C:function(a,b,c,d,e,f){var g,h,k,l,n,m,p,r,q=sjcl.bitArray;m=c.length;p=q.bitLength(c);r=q.bitLength(d);h=q.bitLength(e);
208
- g=b.encrypt([0,0,0,0]);96===h?(e=e.slice(0),e=q.concat(e,[1])):(e=sjcl.mode.gcm.j(g,[0,0,0,0],e),e=sjcl.mode.gcm.j(g,e,[0,0,Math.floor(h/0x100000000),h&0xffffffff]));h=sjcl.mode.gcm.j(g,[0,0,0,0],d);n=e.slice(0);d=h.slice(0);a||(d=sjcl.mode.gcm.j(g,h,c));for(l=0;l<m;l+=4)n[3]++,k=b.encrypt(n),c[l]^=k[0],c[l+1]^=k[1],c[l+2]^=k[2],c[l+3]^=k[3];c=q.clamp(c,p);a&&(d=sjcl.mode.gcm.j(g,h,c));a=[Math.floor(r/0x100000000),r&0xffffffff,Math.floor(p/0x100000000),p&0xffffffff];d=sjcl.mode.gcm.j(g,d,a);k=b.encrypt(e);
209
- d[0]^=k[0];d[1]^=k[1];d[2]^=k[2];d[3]^=k[3];return{tag:q.bitSlice(d,0,f),data:c}}};sjcl.misc.hmac=function(a,b){this.W=b=b||sjcl.hash.sha256;var c=[[],[]],d,e=b.prototype.blockSize/32;this.w=[new b,new b];a.length>e&&(a=b.hash(a));for(d=0;d<e;d++)c[0][d]=a[d]^909522486,c[1][d]=a[d]^1549556828;this.w[0].update(c[0]);this.w[1].update(c[1]);this.R=new b(this.w[0])};
210
- sjcl.misc.hmac.prototype.encrypt=sjcl.misc.hmac.prototype.mac=function(a){if(this.aa)throw new sjcl.exception.invalid("encrypt on already updated hmac called!");this.update(a);return this.digest(a)};sjcl.misc.hmac.prototype.reset=function(){this.R=new this.W(this.w[0]);this.aa=!1};sjcl.misc.hmac.prototype.update=function(a){this.aa=!0;this.R.update(a)};sjcl.misc.hmac.prototype.digest=function(){var a=this.R.finalize(),a=(new this.W(this.w[1])).update(a).finalize();this.reset();return a};
211
- sjcl.misc.pbkdf2=function(a,b,c,d,e){c=c||1E4;if(0>d||0>c)throw new sjcl.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));e=e||sjcl.misc.hmac;a=new e(a);var f,g,h,k,l=[],n=sjcl.bitArray;for(k=1;32*l.length<(d||1);k++){e=f=a.encrypt(n.concat(b,[k]));for(g=1;g<c;g++)for(f=a.encrypt(f),h=0;h<f.length;h++)e[h]^=f[h];l=l.concat(e)}d&&(l=n.clamp(l,d));return l};
212
- sjcl.prng=function(a){this.c=[new sjcl.hash.sha256];this.m=[0];this.P=0;this.H={};this.N=0;this.U={};this.Z=this.f=this.o=this.ha=0;this.b=[0,0,0,0,0,0,0,0];this.h=[0,0,0,0];this.L=void 0;this.M=a;this.D=!1;this.K={progress:{},seeded:{}};this.u=this.ga=0;this.I=1;this.J=2;this.ca=0x10000;this.T=[0,48,64,96,128,192,0x100,384,512,768,1024];this.da=3E4;this.ba=80};
213
- sjcl.prng.prototype={randomWords:function(a,b){var c=[],d;d=this.isReady(b);var e;if(d===this.u)throw new sjcl.exception.notReady("generator isn't seeded");if(d&this.J){d=!(d&this.I);e=[];var f=0,g;this.Z=e[0]=(new Date).valueOf()+this.da;for(g=0;16>g;g++)e.push(0x100000000*Math.random()|0);for(g=0;g<this.c.length&&(e=e.concat(this.c[g].finalize()),f+=this.m[g],this.m[g]=0,d||!(this.P&1<<g));g++);this.P>=1<<this.c.length&&(this.c.push(new sjcl.hash.sha256),this.m.push(0));this.f-=f;f>this.o&&(this.o=
214
- f);this.P++;this.b=sjcl.hash.sha256.hash(this.b.concat(e));this.L=new sjcl.cipher.aes(this.b);for(d=0;4>d&&(this.h[d]=this.h[d]+1|0,!this.h[d]);d++);}for(d=0;d<a;d+=4)0===(d+1)%this.ca&&y(this),e=z(this),c.push(e[0],e[1],e[2],e[3]);y(this);return c.slice(0,a)},setDefaultParanoia:function(a,b){if(0===a&&"Setting paranoia=0 will ruin your security; use it only for testing"!==b)throw new sjcl.exception.invalid("Setting paranoia=0 will ruin your security; use it only for testing");this.M=a},addEntropy:function(a,
215
- b,c){c=c||"user";var d,e,f=(new Date).valueOf(),g=this.H[c],h=this.isReady(),k=0;d=this.U[c];void 0===d&&(d=this.U[c]=this.ha++);void 0===g&&(g=this.H[c]=0);this.H[c]=(this.H[c]+1)%this.c.length;switch(typeof a){case "number":void 0===b&&(b=1);this.c[g].update([d,this.N++,1,b,f,1,a|0]);break;case "object":c=Object.prototype.toString.call(a);if("[object Uint32Array]"===c){e=[];for(c=0;c<a.length;c++)e.push(a[c]);a=e}else for("[object Array]"!==c&&(k=1),c=0;c<a.length&&!k;c++)"number"!==typeof a[c]&&
216
- (k=1);if(!k){if(void 0===b)for(c=b=0;c<a.length;c++)for(e=a[c];0<e;)b++,e=e>>>1;this.c[g].update([d,this.N++,2,b,f,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[g].update([d,this.N++,3,b,f,a.length]);this.c[g].update(a);break;default:k=1}if(k)throw new sjcl.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[g]+=b;this.f+=b;h===this.u&&(this.isReady()!==this.u&&A("seeded",Math.max(this.o,this.f)),A("progress",this.getProgress()))},
217
- isReady:function(a){a=this.T[void 0!==a?a:this.M];return this.o&&this.o>=a?this.m[0]>this.ba&&(new Date).valueOf()>this.Z?this.J|this.I:this.I:this.f>=a?this.J|this.u:this.u},getProgress:function(a){a=this.T[a?a:this.M];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.D){this.a={loadTimeCollector:B(this,this.ma),mouseCollector:B(this,this.oa),keyboardCollector:B(this,this.la),accelerometerCollector:B(this,this.ea),touchCollector:B(this,this.qa)};if(window.addEventListener)window.addEventListener("load",
218
- this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new sjcl.exception.bug("can't attach event");
219
- this.D=!0}},stopCollectors:function(){this.D&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove",
220
- this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.D=!1)},addEventListener:function(a,b){this.K[a][this.ga++]=b},removeEventListener:function(a,b){var c,d,e=this.K[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;c<f.length;c++)d=f[c],delete e[d]},la:function(){C(this,1)},oa:function(a){var b,c;try{b=a.x||a.clientX||a.offsetX||0,c=a.y||a.clientY||a.offsetY||0}catch(d){c=b=0}0!=b&&0!=c&&this.addEntropy([b,c],2,"mouse");C(this,0)},qa:function(a){a=
221
- a.touches[0]||a.changedTouches[0];this.addEntropy([a.pageX||a.clientX,a.pageY||a.clientY],1,"touch");C(this,0)},ma:function(){C(this,2)},ea:function(a){a=a.accelerationIncludingGravity.x||a.accelerationIncludingGravity.y||a.accelerationIncludingGravity.z;if(window.orientation){var b=window.orientation;"number"===typeof b&&this.addEntropy(b,1,"accelerometer")}a&&this.addEntropy(a,2,"accelerometer");C(this,0)}};
222
- function A(a,b){var c,d=sjcl.random.K[a],e=[];for(c in d)d.hasOwnProperty(c)&&e.push(d[c]);for(c=0;c<e.length;c++)e[c](b)}function C(a,b){"undefined"!==typeof window&&window.performance&&"function"===typeof window.performance.now?a.addEntropy(window.performance.now(),b,"loadtime"):a.addEntropy((new Date).valueOf(),b,"loadtime")}function y(a){a.b=z(a).concat(z(a));a.L=new sjcl.cipher.aes(a.b)}function z(a){for(var b=0;4>b&&(a.h[b]=a.h[b]+1|0,!a.h[b]);b++);return a.L.encrypt(a.h)}
223
- function B(a,b){return function(){b.apply(a,arguments)}}sjcl.random=new sjcl.prng(6);
224
- a:try{var D,E,F,G;if(G="undefined"!==typeof module&&module.exports){var H;try{H=require("crypto")}catch(a){H=null}G=E=H}if(G&&E.randomBytes)D=E.randomBytes(128),D=new Uint32Array((new Uint8Array(D)).buffer),sjcl.random.addEntropy(D,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){F=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(F);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(F);
225
- else break a;sjcl.random.addEntropy(F,1024,"crypto['getRandomValues']")}}catch(a){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(a))}
226
- sjcl.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},ja:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json,f=e.g({iv:sjcl.random.randomWords(4,0)},e.defaults),g;e.g(f,c);c=f.adata;"string"===typeof f.salt&&(f.salt=sjcl.codec.base64.toBits(f.salt));"string"===typeof f.iv&&(f.iv=sjcl.codec.base64.toBits(f.iv));if(!sjcl.mode[f.mode]||!sjcl.cipher[f.cipher]||"string"===typeof a&&100>=f.iter||64!==f.ts&&96!==f.ts&&128!==f.ts||128!==f.ks&&192!==f.ks&&0x100!==f.ks||2>f.iv.length||
227
- 4<f.iv.length)throw new sjcl.exception.invalid("json encrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,f),a=g.key.slice(0,f.ks/32),f.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.publicKey&&(g=a.kem(),f.kemtag=g.tag,a=g.key.slice(0,f.ks/32));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));"string"===typeof c&&(f.adata=c=sjcl.codec.utf8String.toBits(c));g=new sjcl.cipher[f.cipher](a);e.g(d,f);d.key=a;f.ct="ccm"===f.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&
228
- b instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.encrypt(g,b,f.iv,c,f.ts):sjcl.mode[f.mode].encrypt(g,b,f.iv,c,f.ts);return f},encrypt:function(a,b,c,d){var e=sjcl.json,f=e.ja.apply(e,arguments);return e.encode(f)},ia:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json;b=e.g(e.g(e.g({},e.defaults),b),c,!0);var f,g;f=b.adata;"string"===typeof b.salt&&(b.salt=sjcl.codec.base64.toBits(b.salt));"string"===typeof b.iv&&(b.iv=sjcl.codec.base64.toBits(b.iv));if(!sjcl.mode[b.mode]||!sjcl.cipher[b.cipher]||"string"===
229
- typeof a&&100>=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4<b.iv.length)throw new sjcl.exception.invalid("json decrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,b),a=g.key.slice(0,b.ks/32),b.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.secretKey&&(a=a.unkem(sjcl.codec.base64.toBits(b.kemtag)).slice(0,b.ks/32));"string"===typeof f&&(f=sjcl.codec.utf8String.toBits(f));g=new sjcl.cipher[b.cipher](a);f="ccm"===
230
- b.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&b.ct instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.decrypt(g,b.ct,b.iv,b.tag,f,b.ts):sjcl.mode[b.mode].decrypt(g,b.ct,b.iv,f,b.ts);e.g(d,b);d.key=a;return 1===c.raw?f:sjcl.codec.utf8String.fromBits(f)},decrypt:function(a,b,c,d){var e=sjcl.json;return e.ia(a,e.decode(b),c,d)},encode:function(a){var b,c="{",d="";for(b in a)if(a.hasOwnProperty(b)){if(!b.match(/^[a-z0-9]+$/i))throw new sjcl.exception.invalid("json encode: invalid property name");c+=d+'"'+
231
- b+'":';d=",";switch(typeof a[b]){case "number":case "boolean":c+=a[b];break;case "string":c+='"'+escape(a[b])+'"';break;case "object":c+='"'+sjcl.codec.base64.fromBits(a[b],0)+'"';break;default:throw new sjcl.exception.bug("json encode: unsupported type");}}return c+"}"},decode:function(a){a=a.replace(/\s/g,"");if(!a.match(/^\{.*\}$/))throw new sjcl.exception.invalid("json decode: this isn't json!");a=a.replace(/^\{|\}$/g,"").split(/,/);var b={},c,d;for(c=0;c<a.length;c++){if(!(d=a[c].match(/^\s*(?:(["']?)([a-z][a-z0-9]*)\1)\s*:\s*(?:(-?\d+)|"([a-z0-9+\/%*_.@=\-]*)"|(true|false))$/i)))throw new sjcl.exception.invalid("json decode: this isn't json!");
232
- null!=d[3]?b[d[2]]=parseInt(d[3],10):null!=d[4]?b[d[2]]=d[2].match(/^(ct|adata|salt|iv)$/)?sjcl.codec.base64.toBits(d[4]):unescape(d[4]):null!=d[5]&&(b[d[2]]="true"===d[5])}return b},g:function(a,b,c){void 0===a&&(a={});if(void 0===b)return a;for(var d in b)if(b.hasOwnProperty(d)){if(c&&void 0!==a[d]&&a[d]!==b[d])throw new sjcl.exception.invalid("required parameter overridden");a[d]=b[d]}return a},sa:function(a,b){var c={},d;for(d in a)a.hasOwnProperty(d)&&a[d]!==b[d]&&(c[d]=a[d]);return c},ra:function(a,
233
- b){var c={},d;for(d=0;d<b.length;d++)void 0!==a[b[d]]&&(c[b[d]]=a[b[d]]);return c}};sjcl.encrypt=sjcl.json.encrypt;sjcl.decrypt=sjcl.json.decrypt;sjcl.misc.pa={};sjcl.misc.cachedPbkdf2=function(a,b){var c=sjcl.misc.pa,d;b=b||{};d=b.iter||1E3;c=c[a]=c[a]||{};d=c[d]=c[d]||{firstSalt:b.salt&&b.salt.length?b.salt.slice(0):sjcl.random.randomWords(2,0)};c=void 0===b.salt?d.firstSalt:b.salt;d[c]=d[c]||sjcl.misc.pbkdf2(a,c,b.iter);return{key:d[c].slice(0),salt:c.slice(0)}};
234
- "undefined"!==typeof module&&module.exports&&(module.exports=sjcl);"function"===typeof define&&define([],function(){return sjcl});
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
js/wfglobal.1575390485.js ADDED
@@ -0,0 +1,223 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ (function($) {
2
+ if (!window['wordfenceExt']) {
3
+ window['wordfenceExt'] = {
4
+ nonce: false,
5
+ loadingCount: 0,
6
+ isSmallScreen: false,
7
+ init: function(){
8
+ this.nonce = WordfenceAdminVars.firstNonce;
9
+ this.isSmallScreen = window.matchMedia("only screen and (max-width: 500px)").matches;
10
+ },
11
+ showLoading: function(){
12
+ this.loadingCount++;
13
+ if (this.loadingCount == 1) {
14
+ jQuery('<div id="wordfenceWorking">Wordfence is working...</div>').appendTo('body');
15
+ }
16
+ },
17
+ removeLoading: function(){
18
+ this.loadingCount--;
19
+ if(this.loadingCount == 0){
20
+ jQuery('#wordfenceWorking').remove();
21
+ }
22
+ },
23
+ autoUpdateChoice: function(choice){
24
+ this.ajax('wordfence_autoUpdateChoice', {
25
+ choice: choice
26
+ },
27
+ function(res){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); },
28
+ function(){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); }
29
+ );
30
+ },
31
+ misconfiguredHowGetIPsChoice : function(choice) {
32
+ this.ajax('wordfence_misconfiguredHowGetIPsChoice', {
33
+ choice: choice
34
+ },
35
+ function(res){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); },
36
+ function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
37
+ );
38
+ },
39
+ switchLiveTrafficSecurityOnlyChoice: function(choice) {
40
+ this.ajax('wordfence_switchLiveTrafficSecurityOnlyChoice', {
41
+ choice: choice
42
+ },
43
+ function(res){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); },
44
+ function(){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); }
45
+ );
46
+ },
47
+ dismissAdminNotice: function(nid) {
48
+ this.ajax('wordfence_dismissAdminNotice', {
49
+ id: nid
50
+ },
51
+ function(res){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); },
52
+ function(){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); }
53
+ );
54
+ },
55
+ setOption: function(key, value, successCallback) {
56
+ var changes = {};
57
+ changes[key] = value;
58
+ this.ajax('wordfence_saveOptions', {changes: JSON.stringify(changes)}, function(res) {
59
+ if (res.success) {
60
+ typeof successCallback == 'function' && successCallback(res);
61
+ }
62
+ });
63
+ },
64
+ ajax: function(action, data, cb, cbErr, noLoading){
65
+ if(typeof(data) == 'string'){
66
+ if(data.length > 0){
67
+ data += '&';
68
+ }
69
+ data += 'action=' + action + '&nonce=' + this.nonce;
70
+ } else if(typeof(data) == 'object'){
71
+ data['action'] = action;
72
+ data['nonce'] = this.nonce;
73
+ }
74
+ if(! cbErr){
75
+ cbErr = function(){};
76
+ }
77
+ var self = this;
78
+ if(! noLoading){
79
+ this.showLoading();
80
+ }
81
+ jQuery.ajax({
82
+ type: 'POST',
83
+ url: WordfenceAdminVars.ajaxURL,
84
+ dataType: "json",
85
+ data: data,
86
+ success: function(json){
87
+ if(! noLoading){
88
+ self.removeLoading();
89
+ }
90
+ if(json && json.nonce){
91
+ self.nonce = json.nonce;
92
+ }
93
+ cb(json);
94
+ },
95
+ error: function(){
96
+ if(! noLoading){
97
+ self.removeLoading();
98
+ }
99
+ cbErr();
100
+ }
101
+ });
102
+ },
103
+ hashSHA256: function(s) {
104
+ return sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(s))
105
+ },
106
+ isEmailBlacklisted: function(email) {
107
+ var hash = this.hashSHA256(email);
108
+ for (var i = 0; i < WordfenceAdminVars.alertEmailBlacklist.length; i++) {
109
+ if (hash === WordfenceAdminVars.alertEmailBlacklist[i]) {
110
+ return true;
111
+ }
112
+ }
113
+ return false;
114
+ },
115
+ parseEmails: function(raw) {
116
+ var emails = [];
117
+ if (typeof raw !== 'string') {
118
+ return emails;
119
+ }
120
+
121
+ var rawEmails = raw.replace(/\s/g, '').split(',');
122
+ for (var i = 0; i < rawEmails.length; i++) {
123
+ //From https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address
124
+ if (/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/.test(rawEmails[i]) && !this.isEmailBlacklisted(rawEmails[i])) {
125
+ emails.push(rawEmails[i]);
126
+ }
127
+ }
128
+ return emails;
129
+ },
130
+ onboardingProcessEmails: function(emails, subscribe, touppAgreed) {
131
+ var subscribe = !!subscribe;
132
+ wordfenceExt.setOption('alertEmails', emails.join(', '));
133
+
134
+ if (touppAgreed) {
135
+ this.ajax('wordfence_recordTOUPP', {}, function(res) {
136
+ //Do nothing
137
+ });
138
+ }
139
+
140
+ if (subscribe) {
141
+ this.ajax('wordfence_mailingSignup', {emails: JSON.stringify(emails)}, function(res) {
142
+ //Do nothing
143
+ });
144
+ }
145
+ },
146
+ onboardingInstallLicense: function(license, successCallback, errorCallback) {
147
+ this.ajax('wordfence_installLicense', {license: license}, function(res) {
148
+ if (res.success) {
149
+ typeof successCallback == 'function' && successCallback(res);
150
+ }
151
+ else if (res.error) {
152
+ typeof errorCallback == 'function' && errorCallback(res);
153
+ }
154
+ });
155
+ }
156
+ };
157
+ }
158
+
159
+ $(function() {
160
+ wordfenceExt.init();
161
+
162
+ $('.wf-dismiss-link').on('click', function() {
163
+ $('#wf-extended-protection-notice').css({
164
+ opacity: .75
165
+ });
166
+ $.get(this.href, function() {
167
+ $('#wf-extended-protection-notice').fadeOut(1000);
168
+ });
169
+ return false;
170
+ });
171
+ });
172
+ })(jQuery);
173
+
174
+ //Stanford Javascript Crypto Library: https://bitwiseshiftleft.github.io/sjcl/
175
+ "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(f){this.toString=function(){return"CORRUPT: "+this.message};this.message=f},invalid:function(f){this.toString=function(){return"INVALID: "+this.message};this.message=f},bug:function(f){this.toString=function(){return"BUG: "+this.message};this.message=f},notReady:function(f){this.toString=function(){return"NOT READY: "+this.message};this.message=f}}};
176
+ (function(f){f.cipher.aes=function(a){this.s[0][0][0]||this.T();var b,c,d,e,g=this.s[0][4],h=this.s[1];b=a.length;var k=1;if(4!==b&&6!==b&&8!==b)throw new f.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=g[c>>>24]<<24^g[c>>16&255]<<16^g[c>>8&255]<<8^g[c&255],0===a%b&&(c=c<<8^c>>>24^k<<24,k=k<<1^283*(k>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:h[0][g[c>>>24]]^h[1][g[c>>16&255]]^h[2][g[c>>8&
177
+ 255]]^h[3][g[c&255]]};f.cipher.aes.prototype={encrypt:function(a){return this.$(a,0)},decrypt:function(a){return this.$(a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],T:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,h,k=[],l=[],m,n,p,q;for(e=0;0x100>e;e++)l[(k[e]=e<<1^283*(e>>7))^e]=e;for(f=h=0;!c[f];f^=m||1,h=l[h]||1)for(p=h^h<<1^h<<2^h<<3^h<<4,p=p>>8^p&255^99,c[f]=p,d[p]=f,n=k[e=k[m=k[f]]],q=0x1010101*n^0x10001*e^0x101*m^0x1010100*f,n=0x101*k[p]^0x1010100*p,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][p]=
178
+ q=q<<24^q>>>8;for(e=0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)},$:function(a,b){if(4!==a.length)throw new f.exception.invalid("invalid aes block size");var c=this.b[b],d=a[0]^c[0],e=a[b?3:1]^c[1],g=a[2]^c[2],h=a[b?1:3]^c[3],k,l,m,n=c.length/4-2,p,q=4,t=[0,0,0,0];k=this.s[b];var r=k[0],u=k[1],v=k[2],w=k[3],x=k[4];for(p=0;p<n;p++)k=r[d>>>24]^u[e>>16&255]^v[g>>8&255]^w[h&255]^c[q],l=r[e>>>24]^u[g>>16&255]^v[h>>8&255]^w[d&255]^c[q+1],m=r[g>>>24]^u[h>>16&255]^v[d>>8&255]^w[e&255]^c[q+2],h=r[h>>>24]^
179
+ u[d>>16&255]^v[e>>8&255]^w[g&255]^c[q+3],q+=4,d=k,e=l,g=m;for(p=0;4>p;p++)t[b?3&-p:p]=x[d>>>24]<<24^x[e>>16&255]<<16^x[g>>8&255]<<8^x[h&255]^c[q++],k=d,d=e,e=g,g=h,h=k;return t}};f.bitArray={bitSlice:function(a,b,c){a=f.bitArray.ga(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:f.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<<c)-1},concat:function(a,b){if(0===a.length||0===b.length)return a.concat(b);
180
+ var c=a[a.length-1],d=f.bitArray.getPartial(c);return 32===d?a.concat(b):f.bitArray.ga(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;return 0===b?0:32*(b-1)+f.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(32*a.length<b)return a;a=a.slice(0,Math.ceil(b/32));var c=a.length;b=b&31;0<c&&b&&(a[c-1]=f.bitArray.partial(b,a[c-1]&2147483648>>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||
181
+ 32},equal:function(a,b){if(f.bitArray.bitLength(a)!==f.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d<a.length;d++)c|=a[d]^b[d];return 0===c},ga:function(a,b,c,d){var e;e=0;for(void 0===d&&(d=[]);32<=b;b-=32)d.push(c),c=0;if(0===b)return d.concat(a);for(e=0;e<a.length;e++)d.push(c|a[e]>>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=f.bitArray.getPartial(e);d.push(f.bitArray.partial(b+a&31,32<b+a?c:d.pop(),1));return d},i:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]},byteswapM:function(a){var b,
182
+ c;for(b=0;b<a.length;++b)c=a[b],a[b]=c>>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}};f.codec.utf8String={fromBits:function(a){var b="",c=f.bitArray.bitLength(a),d,e;for(d=0;d<c/8;d++)0===(d&3)&&(e=a[d/4]),b+=String.fromCharCode(e>>>8>>>8>>>8),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c<a.length;c++)d=d<<8|a.charCodeAt(c),3===(c&3)&&(b.push(d),d=0);c&3&&b.push(f.bitArray.partial(8*(c&3),d));return b}};f.codec.hex={fromBits:function(a){var b=
183
+ "",c;for(c=0;c<a.length;c++)b+=((a[c]|0)+0xf00000000000).toString(16).substr(4);return b.substr(0,f.bitArray.bitLength(a)/4)},toBits:function(a){var b,c=[],d;a=a.replace(/\s|0x/g,"");d=a.length;a=a+"00000000";for(b=0;b<a.length;b+=8)c.push(parseInt(a.substr(b,8),16)^0);return f.bitArray.clamp(c,4*d)}};f.codec.base32={D:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",da:"0123456789ABCDEFGHIJKLMNOPQRSTUV",BITS:32,BASE:5,REMAINING:27,fromBits:function(a,b,c){var d=f.codec.base32.BASE,e=f.codec.base32.REMAINING,g=
184
+ "",h=0,k=f.codec.base32.D,l=0,m=f.bitArray.bitLength(a);c&&(k=f.codec.base32.da);for(c=0;g.length*d<m;)g+=k.charAt((l^a[c]>>>h)>>>e),h<d?(l=a[c]<<d-h,h+=e,c++):(l<<=d,h-=d);for(;g.length&7&&!b;)g+="=";return g},toBits:function(a,b){a=a.replace(/\s|=/g,"").toUpperCase();var c=f.codec.base32.BITS,d=f.codec.base32.BASE,e=f.codec.base32.REMAINING,g=[],h,k=0,l=f.codec.base32.D,m=0,n,p="base32";b&&(l=f.codec.base32.da,p="base32hex");for(h=0;h<a.length;h++){n=l.indexOf(a.charAt(h));if(0>n){if(!b)try{return f.codec.base32hex.toBits(a)}catch(q){}throw new f.exception.invalid("this isn't "+
185
+ p+"!");}k>e?(k-=e,g.push(m^n>>>k),m=n<<c-k):(k+=d,m^=n<<c-k)}k&56&&g.push(f.bitArray.partial(k&56,m,1));return g}};f.codec.base32hex={fromBits:function(a,b){return f.codec.base32.fromBits(a,b,1)},toBits:function(a){return f.codec.base32.toBits(a,1)}};f.codec.base64={D:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",fromBits:function(a,b,c){var d="",e=0,g=f.codec.base64.D,h=0,k=f.bitArray.bitLength(a);c&&(g=g.substr(0,62)+"-_");for(c=0;6*d.length<k;)d+=g.charAt((h^a[c]>>>e)>>>26),
186
+ 6>e?(h=a[c]<<6-e,e+=26,c++):(h<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,g=f.codec.base64.D,h=0,k;b&&(g=g.substr(0,62)+"-_");for(d=0;d<a.length;d++){k=g.indexOf(a.charAt(d));if(0>k)throw new f.exception.invalid("this isn't base64!");26<e?(e-=26,c.push(h^k>>>e),h=k<<32-e):(e+=6,h^=k<<32-e)}e&56&&c.push(f.bitArray.partial(e&56,h,1));return c}};f.codec.base64url={fromBits:function(a){return f.codec.base64.fromBits(a,1,1)},toBits:function(a){return f.codec.base64.toBits(a,
187
+ 1)}};f.hash.sha256=function(a){this.b[0]||this.T();a?(this.H=a.H.slice(0),this.C=a.C.slice(0),this.l=a.l):this.reset()};f.hash.sha256.hash=function(a){return(new f.hash.sha256).update(a).finalize()};f.hash.sha256.prototype={blockSize:512,reset:function(){this.H=this.ea.slice(0);this.C=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=f.codec.utf8String.toBits(a));var b,c=this.C=f.bitArray.concat(this.C,a);b=this.l;a=this.l=b+f.bitArray.bitLength(a);if(0x1fffffffffffff<a)throw new f.exception.invalid("Cannot hash more than 2^53 - 1 bits");
188
+ if("undefined"!==typeof Uint32Array){var d=new Uint32Array(c),e=0;for(b=512+b-(512+b&0x1ff);b<=a;b+=512)this.M(d.subarray(16*e,16*(e+1))),e+=1;c.splice(0,16*e)}else for(b=512+b-(512+b&0x1ff);b<=a;b+=512)this.M(c.splice(0,16));return this},finalize:function(){var a,b=this.C,c=this.H,b=f.bitArray.concat(b,[f.bitArray.partial(1,1)]);for(a=b.length+2;a&15;a++)b.push(0);b.push(Math.floor(this.l/0x100000000));for(b.push(this.l|0);b.length;)this.M(b.splice(0,16));this.reset();return c},ea:[],b:[],T:function(){function a(a){return 0x100000000*
189
+ (a-Math.floor(a))|0}for(var b=0,c=2,d,e;64>b;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e=!1;break}e&&(8>b&&(this.ea[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}},M:function(a){var b,c,d,e=this.H,f=this.b,h=e[0],k=e[1],l=e[2],m=e[3],n=e[4],p=e[5],q=e[6],t=e[7];for(b=0;64>b;b++)16>b?c=a[b]:(c=a[b+1&15],d=a[b+14&15],c=a[b&15]=(c>>>7^c>>>18^c>>>3^c<<25^c<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+a[b&15]+a[b+9&15]|0),c=c+t+(n>>>6^n>>>11^n>>>25^n<<26^n<<21^n<<7)+(q^n&(p^q))+f[b],t=q,q=p,p=n,n=
190
+ m+c|0,m=l,l=k,k=h,h=c+(k&l^m&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;e[0]=e[0]+h|0;e[1]=e[1]+k|0;e[2]=e[2]+l|0;e[3]=e[3]+m|0;e[4]=e[4]+n|0;e[5]=e[5]+p|0;e[6]=e[6]+q|0;e[7]=e[7]+t|0}};f.mode.ccm={name:"ccm",I:[],listenProgress:function(a){f.mode.ccm.I.push(a)},unListenProgress:function(a){a=f.mode.ccm.I.indexOf(a);-1<a&&f.mode.ccm.I.splice(a,1)},ma:function(a){var b=f.mode.ccm.I.slice(),c;for(c=0;c<b.length;c+=1)b[c](a)},encrypt:function(a,b,c,d,e){var g,h=b.slice(0),k=f.bitArray,l=k.bitLength(c)/
191
+ 8,m=k.bitLength(h)/8;e=e||64;d=d||[];if(7>l)throw new f.exception.invalid("ccm: iv must be at least 7 bytes");for(g=2;4>g&&m>>>8*g;g++);g<15-l&&(g=15-l);c=k.clamp(c,8*(15-g));b=f.mode.ccm.Z(a,b,c,d,e,g);h=f.mode.ccm.F(a,h,c,b,e,g);return k.concat(h.data,h.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var g=f.bitArray,h=g.bitLength(c)/8,k=g.bitLength(b),l=g.clamp(b,k-e),m=g.bitSlice(b,k-e),k=(k-e)/8;if(7>h)throw new f.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&k>>>8*b;b++);
192
+ b<15-h&&(b=15-h);c=g.clamp(c,8*(15-b));l=f.mode.ccm.F(a,l,c,m,e,b);a=f.mode.ccm.Z(a,l.data,c,d,e,b);if(!g.equal(l.tag,a))throw new f.exception.corrupt("ccm: tag doesn't match");return l.data},ua:function(a,b,c,d,e,g){var h=[],k=f.bitArray,l=k.i;d=[k.partial(8,(b.length?64:0)|d-2<<2|g-1)];d=k.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=k.bitLength(b)/8,65279>=c?h=[k.partial(16,c)]:0xffffffff>=c&&(h=k.concat([k.partial(16,65534)],[c])),h=k.concat(h,b),b=0;b<h.length;b+=4)d=a.encrypt(l(d,h.slice(b,
193
+ b+4).concat([0,0,0])));return d},Z:function(a,b,c,d,e,g){var h=f.bitArray,k=h.i;e/=8;if(e%2||4>e||16<e)throw new f.exception.invalid("ccm: invalid tag length");if(0xffffffff<d.length||0xffffffff<b.length)throw new f.exception.bug("ccm: can't deal with 4GiB or more data");c=f.mode.ccm.ua(a,d,c,e,h.bitLength(b)/8,g);for(d=0;d<b.length;d+=4)c=a.encrypt(k(c,b.slice(d,d+4).concat([0,0,0])));return h.clamp(c,8*e)},F:function(a,b,c,d,e,g){var h,k=f.bitArray;h=k.i;var l=b.length,m=k.bitLength(b),n=l/50,p=
194
+ n;c=k.concat([k.partial(8,g-1)],c).concat([0,0,0]).slice(0,4);d=k.bitSlice(h(d,a.encrypt(c)),0,e);if(!l)return{tag:d,data:[]};for(h=0;h<l;h+=4)h>n&&(f.mode.ccm.ma(h/l),n+=p),c[3]++,e=a.encrypt(c),b[h]^=e[0],b[h+1]^=e[1],b[h+2]^=e[2],b[h+3]^=e[3];return{tag:d,data:k.clamp(b,m)}}};f.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,g){if(128!==f.bitArray.bitLength(c))throw new f.exception.invalid("ocb iv must be 128 bits");var h,k=f.mode.ocb2.W,l=f.bitArray,m=l.i,n=[0,0,0,0];c=k(a.encrypt(c));var p,
195
+ q=[];d=d||[];e=e||64;for(h=0;h+4<b.length;h+=4)p=b.slice(h,h+4),n=m(n,p),q=q.concat(m(c,a.encrypt(m(c,p)))),c=k(c);p=b.slice(h);b=l.bitLength(p);h=a.encrypt(m(c,[0,0,0,b]));p=l.clamp(m(p.concat([0,0,0]),h),b);n=m(n,m(p.concat([0,0,0]),h));n=a.encrypt(m(n,m(c,k(c))));d.length&&(n=m(n,g?d:f.mode.ocb2.pmac(a,d)));return q.concat(l.concat(p,l.clamp(n,e)))},decrypt:function(a,b,c,d,e,g){if(128!==f.bitArray.bitLength(c))throw new f.exception.invalid("ocb iv must be 128 bits");e=e||64;var h=f.mode.ocb2.W,
196
+ k=f.bitArray,l=k.i,m=[0,0,0,0],n=h(a.encrypt(c)),p,q,t=f.bitArray.bitLength(b)-e,r=[];d=d||[];for(c=0;c+4<t/32;c+=4)p=l(n,a.decrypt(l(n,b.slice(c,c+4)))),m=l(m,p),r=r.concat(p),n=h(n);q=t-32*c;p=a.encrypt(l(n,[0,0,0,q]));p=l(p,k.clamp(b.slice(c),q).concat([0,0,0]));m=l(m,p);m=a.encrypt(l(m,l(n,h(n))));d.length&&(m=l(m,g?d:f.mode.ocb2.pmac(a,d)));if(!k.equal(k.clamp(m,e),k.bitSlice(b,t)))throw new f.exception.corrupt("ocb: tag doesn't match");return r.concat(k.clamp(p,q))},pmac:function(a,b){var c,
197
+ d=f.mode.ocb2.W,e=f.bitArray,g=e.i,h=[0,0,0,0],k=a.encrypt([0,0,0,0]),k=g(k,d(d(k)));for(c=0;c+4<b.length;c+=4)k=d(k),h=g(h,a.encrypt(g(k,b.slice(c,c+4))));c=b.slice(c);128>e.bitLength(c)&&(k=g(k,d(k)),c=e.concat(c,[-2147483648,0,0,0]));h=g(h,c);return a.encrypt(g(d(g(k,d(k))),h))},W:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}};f.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var g=b.slice(0);b=f.bitArray;d=d||[];a=f.mode.gcm.F(!0,a,g,d,c,e||
198
+ 128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var g=b.slice(0),h=f.bitArray,k=h.bitLength(g);e=e||128;d=d||[];e<=k?(b=h.bitSlice(g,k-e),g=h.bitSlice(g,0,k-e)):(b=g,g=[]);a=f.mode.gcm.F(!1,a,g,d,c,e);if(!h.equal(a.tag,b))throw new f.exception.corrupt("gcm: tag doesn't match");return a.data},ra:function(a,b){var c,d,e,g,h,k=f.bitArray.i;e=[0,0,0,0];g=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=k(e,g));h=0!==(g[3]&1);for(d=3;0<d;d--)g[d]=g[d]>>>1|(g[d-
199
+ 1]&1)<<31;g[0]>>>=1;h&&(g[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;d<e;d+=4)b[0]^=0xffffffff&c[d],b[1]^=0xffffffff&c[d+1],b[2]^=0xffffffff&c[d+2],b[3]^=0xffffffff&c[d+3],b=f.mode.gcm.ra(b,a);return b},F:function(a,b,c,d,e,g){var h,k,l,m,n,p,q,t,r=f.bitArray;p=c.length;q=r.bitLength(c);t=r.bitLength(d);k=r.bitLength(e);h=b.encrypt([0,0,0,0]);96===k?(e=e.slice(0),e=r.concat(e,[1])):(e=f.mode.gcm.j(h,[0,0,0,0],e),e=f.mode.gcm.j(h,e,[0,0,Math.floor(k/0x100000000),
200
+ k&0xffffffff]));k=f.mode.gcm.j(h,[0,0,0,0],d);n=e.slice(0);d=k.slice(0);a||(d=f.mode.gcm.j(h,k,c));for(m=0;m<p;m+=4)n[3]++,l=b.encrypt(n),c[m]^=l[0],c[m+1]^=l[1],c[m+2]^=l[2],c[m+3]^=l[3];c=r.clamp(c,q);a&&(d=f.mode.gcm.j(h,k,c));a=[Math.floor(t/0x100000000),t&0xffffffff,Math.floor(q/0x100000000),q&0xffffffff];d=f.mode.gcm.j(h,d,a);l=b.encrypt(e);d[0]^=l[0];d[1]^=l[1];d[2]^=l[2];d[3]^=l[3];return{tag:r.bitSlice(d,0,g),data:c}}};f.misc.hmac=function(a,b){this.ca=b=b||f.hash.sha256;var c=[[],[]],d,e=
201
+ b.prototype.blockSize/32;this.A=[new b,new b];a.length>e&&(a=b.hash(a));for(d=0;d<e;d++)c[0][d]=a[d]^909522486,c[1][d]=a[d]^1549556828;this.A[0].update(c[0]);this.A[1].update(c[1]);this.V=new b(this.A[0])};f.misc.hmac.prototype.encrypt=f.misc.hmac.prototype.mac=function(a){if(this.ha)throw new f.exception.invalid("encrypt on already updated hmac called!");this.update(a);return this.digest(a)};f.misc.hmac.prototype.reset=function(){this.V=new this.ca(this.A[0]);this.ha=!1};f.misc.hmac.prototype.update=
202
+ function(a){this.ha=!0;this.V.update(a)};f.misc.hmac.prototype.digest=function(){var a=this.V.finalize(),a=(new this.ca(this.A[1])).update(a).finalize();this.reset();return a};f.misc.pbkdf2=function(a,b,c,d,e){c=c||1E4;if(0>d||0>c)throw new f.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=f.codec.utf8String.toBits(a));"string"===typeof b&&(b=f.codec.utf8String.toBits(b));e=e||f.misc.hmac;a=new e(a);var g,h,k,l,m=[],n=f.bitArray;for(l=1;32*m.length<(d||1);l++){e=g=a.encrypt(n.concat(b,
203
+ [l]));for(h=1;h<c;h++)for(g=a.encrypt(g),k=0;k<g.length;k++)e[k]^=g[k];m=m.concat(e)}d&&(m=n.clamp(m,d));return m};f.prng=function(a){this.c=[new f.hash.sha256];this.m=[0];this.U=0;this.J={};this.R=0;this.Y={};this.fa=this.f=this.o=this.oa=0;this.b=[0,0,0,0,0,0,0,0];this.h=[0,0,0,0];this.O=void 0;this.P=a;this.G=!1;this.N={progress:{},seeded:{}};this.u=this.na=0;this.K=1;this.L=2;this.ja=0x10000;this.X=[0,48,64,96,128,192,0x100,384,512,768,1024];this.ka=3E4;this.ia=80};f.prng.prototype={randomWords:function(a,
204
+ b){var c=[],d;d=this.isReady(b);var e;if(d===this.u)throw new f.exception.notReady("generator isn't seeded");d&this.L&&this.ya(!(d&this.K));for(d=0;d<a;d+=4)0===(d+1)%this.ja&&this.ba(),e=this.S(),c.push(e[0],e[1],e[2],e[3]);this.ba();return c.slice(0,a)},setDefaultParanoia:function(a,b){if(0===a&&"Setting paranoia=0 will ruin your security; use it only for testing"!==b)throw new f.exception.invalid("Setting paranoia=0 will ruin your security; use it only for testing");this.P=a},addEntropy:function(a,
205
+ b,c){c=c||"user";var d,e,g=(new Date).valueOf(),h=this.J[c],k=this.isReady(),l=0;d=this.Y[c];void 0===d&&(d=this.Y[c]=this.oa++);void 0===h&&(h=this.J[c]=0);this.J[c]=(this.J[c]+1)%this.c.length;switch(typeof a){case "number":void 0===b&&(b=1);this.c[h].update([d,this.R++,1,b,g,1,a|0]);break;case "object":c=Object.prototype.toString.call(a);if("[object Uint32Array]"===c){e=[];for(c=0;c<a.length;c++)e.push(a[c]);a=e}else for("[object Array]"!==c&&(l=1),c=0;c<a.length&&!l;c++)"number"!==typeof a[c]&&
206
+ (l=1);if(!l){if(void 0===b)for(c=b=0;c<a.length;c++)for(e=a[c];0<e;)b++,e=e>>>1;this.c[h].update([d,this.R++,2,b,g,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[h].update([d,this.R++,3,b,g,a.length]);this.c[h].update(a);break;default:l=1}if(l)throw new f.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[h]+=b;this.f+=b;k===this.u&&(this.isReady()!==this.u&&this.aa("seeded",Math.max(this.o,this.f)),this.aa("progress",this.getProgress()))},
207
+ isReady:function(a){a=this.X[void 0!==a?a:this.P];return this.o&&this.o>=a?this.m[0]>this.ia&&(new Date).valueOf()>this.fa?this.L|this.K:this.K:this.f>=a?this.L|this.u:this.u},getProgress:function(a){a=this.X[a?a:this.P];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.G){this.a={loadTimeCollector:this.B(this.ta),mouseCollector:this.B(this.va),keyboardCollector:this.B(this.sa),accelerometerCollector:this.B(this.la),touchCollector:this.B(this.za)};if(window.addEventListener)window.addEventListener("load",
208
+ this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new f.exception.bug("can't attach event");
209
+ this.G=!0}},stopCollectors:function(){this.G&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove",
210
+ this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.G=!1)},addEventListener:function(a,b){this.N[a][this.na++]=b},removeEventListener:function(a,b){var c,d,e=this.N[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;c<f.length;c++)d=f[c],delete e[d]},B:function(a){var b=this;return function(){a.apply(b,arguments)}},S:function(){for(var a=0;4>a&&(this.h[a]=this.h[a]+1|0,!this.h[a]);a++);return this.O.encrypt(this.h)},ba:function(){this.b=this.S().concat(this.S());
211
+ this.O=new f.cipher.aes(this.b)},xa:function(a){this.b=f.hash.sha256.hash(this.b.concat(a));this.O=new f.cipher.aes(this.b);for(a=0;4>a&&(this.h[a]=this.h[a]+1|0,!this.h[a]);a++);},ya:function(a){var b=[],c=0,d;this.fa=b[0]=(new Date).valueOf()+this.ka;for(d=0;16>d;d++)b.push(0x100000000*Math.random()|0);for(d=0;d<this.c.length&&(b=b.concat(this.c[d].finalize()),c+=this.m[d],this.m[d]=0,a||!(this.U&1<<d));d++);this.U>=1<<this.c.length&&(this.c.push(new f.hash.sha256),this.m.push(0));this.f-=c;c>this.o&&
212
+ (this.o=c);this.U++;this.xa(b)},sa:function(){this.w(1)},va:function(a){var b,c;try{b=a.x||a.clientX||a.offsetX||0,c=a.y||a.clientY||a.offsetY||0}catch(d){c=b=0}0!=b&&0!=c&&this.addEntropy([b,c],2,"mouse");this.w(0)},za:function(a){a=a.touches[0]||a.changedTouches[0];this.addEntropy([a.pageX||a.clientX,a.pageY||a.clientY],1,"touch");this.w(0)},ta:function(){this.w(2)},w:function(a){"undefined"!==typeof window&&window.performance&&"function"===typeof window.performance.now?this.addEntropy(window.performance.now(),
213
+ a,"loadtime"):this.addEntropy((new Date).valueOf(),a,"loadtime")},la:function(a){a=a.accelerationIncludingGravity.x||a.accelerationIncludingGravity.y||a.accelerationIncludingGravity.z;if(window.orientation){var b=window.orientation;"number"===typeof b&&this.addEntropy(b,1,"accelerometer")}a&&this.addEntropy(a,2,"accelerometer");this.w(0)},aa:function(a,b){var c,d=f.random.N[a],e=[];for(c in d)d.hasOwnProperty(c)&&e.push(d[c]);for(c=0;c<e.length;c++)e[c](b)}};f.random=new f.prng(6);(function(){try{var a,
214
+ b,c,d;if(d="undefined"!==typeof module&&module.exports){var e;try{e=require("crypto")}catch(g){e=null}d=b=e}if(d&&b.randomBytes)a=b.randomBytes(128),a=new Uint32Array((new Uint8Array(a)).buffer),f.random.addEntropy(a,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){c=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(c);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(c);
215
+ else return;f.random.addEntropy(c,1024,"crypto['getRandomValues']")}}catch(g){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(g))}})();f.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},qa:function(a,b,c,d){c=c||{};d=d||{};var e=f.json,g=e.g({iv:f.random.randomWords(4,0)},e.defaults),h;e.g(g,c);c=g.adata;"string"===typeof g.salt&&(g.salt=f.codec.base64.toBits(g.salt));"string"===typeof g.iv&&
216
+ (g.iv=f.codec.base64.toBits(g.iv));if(!f.mode[g.mode]||!f.cipher[g.cipher]||"string"===typeof a&&100>=g.iter||64!==g.ts&&96!==g.ts&&128!==g.ts||128!==g.ks&&192!==g.ks&&0x100!==g.ks||2>g.iv.length||4<g.iv.length)throw new f.exception.invalid("json encrypt: invalid parameters");"string"===typeof a?(h=f.misc.cachedPbkdf2(a,g),a=h.key.slice(0,g.ks/32),g.salt=h.salt):f.ecc&&a instanceof f.ecc.elGamal.publicKey&&(h=a.kem(),g.kemtag=h.tag,a=h.key.slice(0,g.ks/32));"string"===typeof b&&(b=f.codec.utf8String.toBits(b));
217
+ "string"===typeof c&&(g.adata=c=f.codec.utf8String.toBits(c));h=new f.cipher[g.cipher](a);e.g(d,g);d.key=a;g.ct="ccm"===g.mode&&f.arrayBuffer&&f.arrayBuffer.ccm&&b instanceof ArrayBuffer?f.arrayBuffer.ccm.encrypt(h,b,g.iv,c,g.ts):f.mode[g.mode].encrypt(h,b,g.iv,c,g.ts);return g},encrypt:function(a,b,c,d){var e=f.json,g=e.qa.apply(e,arguments);return e.encode(g)},pa:function(a,b,c,d){c=c||{};d=d||{};var e=f.json;b=e.g(e.g(e.g({},e.defaults),b),c,!0);var g,h;g=b.adata;"string"===typeof b.salt&&(b.salt=
218
+ f.codec.base64.toBits(b.salt));"string"===typeof b.iv&&(b.iv=f.codec.base64.toBits(b.iv));if(!f.mode[b.mode]||!f.cipher[b.cipher]||"string"===typeof a&&100>=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4<b.iv.length)throw new f.exception.invalid("json decrypt: invalid parameters");"string"===typeof a?(h=f.misc.cachedPbkdf2(a,b),a=h.key.slice(0,b.ks/32),b.salt=h.salt):f.ecc&&a instanceof f.ecc.elGamal.secretKey&&(a=a.unkem(f.codec.base64.toBits(b.kemtag)).slice(0,
219
+ b.ks/32));"string"===typeof g&&(g=f.codec.utf8String.toBits(g));h=new f.cipher[b.cipher](a);g="ccm"===b.mode&&f.arrayBuffer&&f.arrayBuffer.ccm&&b.ct instanceof ArrayBuffer?f.arrayBuffer.ccm.decrypt(h,b.ct,b.iv,b.tag,g,b.ts):f.mode[b.mode].decrypt(h,b.ct,b.iv,g,b.ts);e.g(d,b);d.key=a;return 1===c.raw?g:f.codec.utf8String.fromBits(g)},decrypt:function(a,b,c,d){var e=f.json;return e.pa(a,e.decode(b),c,d)},encode:function(a){var b,c="{",d="";for(b in a)if(a.hasOwnProperty(b)){if(!b.match(/^[a-z0-9]+$/i))throw new f.exception.invalid("json encode: invalid property name");
220
+ c+=d+'"'+b+'":';d=",";switch(typeof a[b]){case "number":case "boolean":c+=a[b];break;case "string":c+='"'+escape(a[b])+'"';break;case "object":c+='"'+f.codec.base64.fromBits(a[b],0)+'"';break;default:throw new f.exception.bug("json encode: unsupported type");}}return c+"}"},decode:function(a){a=a.replace(/\s/g,"");if(!a.match(/^\{.*\}$/))throw new f.exception.invalid("json decode: this isn't json!");a=a.replace(/^\{|\}$/g,"").split(/,/);var b={},c,d;for(c=0;c<a.length;c++){if(!(d=a[c].match(/^\s*(?:(["']?)([a-z][a-z0-9]*)\1)\s*:\s*(?:(-?\d+)|"([a-z0-9+\/%*_.@=\-]*)"|(true|false))$/i)))throw new f.exception.invalid("json decode: this isn't json!");
221
+ null!=d[3]?b[d[2]]=parseInt(d[3],10):null!=d[4]?b[d[2]]=d[2].match(/^(ct|adata|salt|iv)$/)?f.codec.base64.toBits(d[4]):unescape(d[4]):null!=d[5]&&(b[d[2]]="true"===d[5])}return b},g:function(a,b,c){void 0===a&&(a={});if(void 0===b)return a;for(var d in b)if(b.hasOwnProperty(d)){if(c&&void 0!==a[d]&&a[d]!==b[d])throw new f.exception.invalid("required parameter overridden");a[d]=b[d]}return a},Ba:function(a,b){var c={},d;for(d in a)a.hasOwnProperty(d)&&a[d]!==b[d]&&(c[d]=a[d]);return c},Aa:function(a,
222
+ b){var c={},d;for(d=0;d<b.length;d++)void 0!==a[b[d]]&&(c[b[d]]=a[b[d]]);return c}};f.encrypt=f.json.encrypt;f.decrypt=f.json.decrypt;f.misc.wa={};f.misc.cachedPbkdf2=function(a,b){var c=f.misc.wa,d;b=b||{};d=b.iter||1E3;c=c[a]=c[a]||{};d=c[d]=c[d]||{firstSalt:b.salt&&b.salt.length?b.salt.slice(0):f.random.randomWords(2,0)};c=void 0===b.salt?d.firstSalt:b.salt;d[c]=d[c]||f.misc.pbkdf2(a,c,b.iter);return{key:d[c].slice(0),salt:c.slice(0)}};"undefined"!==typeof module&&module.exports&&(module.exports=
223
+ f);"function"===typeof define&&define([],function(){return f})})(sjcl);
js/{wfpopover.1573059078.js → wfpopover.1575390485.js} RENAMED
File without changes
js/{wfselect2.min.1573059078.js → wfselect2.min.1575390485.js} RENAMED
File without changes
lib/menu_tools_livetraffic.php CHANGED
@@ -433,13 +433,6 @@ if (!wfConfig::liveTrafficEnabled($overridden)):
433
  <div data-bind="visible: (jQuery.inArray(parseInt(statusCode(), 10), [403, 503, 404]) !== -1 || action() == 'loginFailValidUsername' || action() == 'loginFailInvalidUsername')">
434
  <strong>Human/Bot:</strong> <span data-bind="text: (jsRun() === '1' ? 'Human' : 'Bot')"></span>
435
  </div>
436
- <div data-bind="if: browser() && browser().browser != 'Default Browser'">
437
- <strong>Browser:</strong>
438
- <span data-bind="text: browser().browser +
439
- (browser().version ? ' version ' + browser().version : '') +
440
- (browser().platform && browser().platform != 'unknown' ? ' running on ' + browser().platform : '')
441
- "></span>
442
- </div>
443
  <div class="wf-split-word" data-bind="text: UA"></div>
444
  <div class="wf-live-traffic-actions">
445
  <span data-bind="if: blocked()">
433
  <div data-bind="visible: (jQuery.inArray(parseInt(statusCode(), 10), [403, 503, 404]) !== -1 || action() == 'loginFailValidUsername' || action() == 'loginFailInvalidUsername')">
434
  <strong>Human/Bot:</strong> <span data-bind="text: (jsRun() === '1' ? 'Human' : 'Bot')"></span>
435
  </div>
 
 
 
 
 
 
 
436
  <div class="wf-split-word" data-bind="text: UA"></div>
437
  <div class="wf-live-traffic-actions">
438
  <span data-bind="if: blocked()">
lib/wfCrypt.php CHANGED
@@ -73,4 +73,14 @@ ENDKEY;
73
  }
74
  return array();
75
  }
 
 
 
 
 
 
 
 
 
 
76
  }
73
  }
74
  return array();
75
  }
76
+
77
+ /**
78
+ * Returns a SHA256 HMAC for $payload using the local long key.
79
+ *
80
+ * @param $payload
81
+ * @return false|string
82
+ */
83
+ public static function local_sign($payload) {
84
+ return hash_hmac('sha256', $payload, wfConfig::get('longEncKey'));
85
+ }
86
  }
lib/wfScan.php CHANGED
@@ -49,9 +49,16 @@ class wfScan {
49
  self::status(4, 'info', "Cron test received and message printed");
50
  exit();
51
  }
52
- /* ----------Starting cronkey check -------- */
53
  self::status(4, 'info', "Scan engine received request.");
54
 
 
 
 
 
 
 
 
55
  self::status(4, 'info', "Fetching stored cronkey for comparison.");
56
  $expired = false;
57
  $storedCronKey = self::storedCronKey($expired);
49
  self::status(4, 'info', "Cron test received and message printed");
50
  exit();
51
  }
52
+
53
  self::status(4, 'info', "Scan engine received request.");
54
 
55
+ /* ----------Starting signature check -------- */
56
+ self::status(4, 'info', "Verifying start request signature.");
57
+ if (!isset($_GET['signature']) || !wfScanEngine::verifyStartSignature($_GET['signature'], isset($_GET['isFork']) ? wfUtils::truthyToBoolean($_GET['isFork']) : false, isset($_GET['scanMode']) ? $_GET['scanMode'] : '', isset($_GET['cronKey']) ? $_GET['cronKey'] : '', isset($_GET['remote']) ? wfUtils::truthyToBoolean($_GET['remote']) : false)) {
58
+ self::errorExit(__('The signature on the request to start a scan is invalid. Please try again.', 'wordfence'));
59
+ }
60
+
61
+ /* ----------Starting cronkey check -------- */
62
  self::status(4, 'info', "Fetching stored cronkey for comparison.");
63
  $expired = false;
64
  $storedCronKey = self::storedCronKey($expired);
lib/wfScanEngine.php CHANGED
@@ -1940,8 +1940,7 @@ class wfScanEngine {
1940
  wfConfig::set('currentCronKey', time() . ',' . $cronKey);
1941
  if ((!wfConfig::get('startScansRemotely', false)) && (!is_wp_error($testResult)) && (is_array($testResult) || $testResult instanceof ArrayAccess) && strstr($testResult['body'], 'WFSCANTESTOK') !== false) {
1942
  //ajax requests can be sent by the server to itself
1943
- $cronURL = 'admin-ajax.php?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . $scanMode . '&cronKey=' . $cronKey;
1944
- $cronURL = admin_url($cronURL);
1945
  $headers = array('Referer' => false/*, 'Cookie' => 'XDEBUG_SESSION=1'*/);
1946
  wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
1947
 
@@ -1972,9 +1971,7 @@ class wfScanEngine {
1972
  wordfence::status(4, 'info', "Scan process ended after forking.");
1973
  }
1974
  else {
1975
- $cronURL = admin_url('admin-ajax.php');
1976
- $cronURL = preg_replace('/^(https?:\/\/)/i', '$1noc1.wordfence.com/scanp/', $cronURL);
1977
- $cronURL .= '?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . $scanMode . '&cronKey=' . $cronKey;
1978
  $headers = array();
1979
  wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
1980
 
@@ -2006,6 +2003,41 @@ class wfScanEngine {
2006
  }
2007
  return false; //No error
2008
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2009
  public function processResponse($result){
2010
  return false;
2011
  }
1940
  wfConfig::set('currentCronKey', time() . ',' . $cronKey);
1941
  if ((!wfConfig::get('startScansRemotely', false)) && (!is_wp_error($testResult)) && (is_array($testResult) || $testResult instanceof ArrayAccess) && strstr($testResult['body'], 'WFSCANTESTOK') !== false) {
1942
  //ajax requests can be sent by the server to itself
1943
+ $cronURL = self::_localStartURL($isFork, $scanMode, $cronKey);
 
1944
  $headers = array('Referer' => false/*, 'Cookie' => 'XDEBUG_SESSION=1'*/);
1945
  wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
1946
 
1971
  wordfence::status(4, 'info', "Scan process ended after forking.");
1972
  }
1973
  else {
1974
+ $cronURL = self::_remoteStartURL($isFork, $scanMode, $cronKey);
 
 
1975
  $headers = array();
1976
  wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
1977
 
2003
  }
2004
  return false; //No error
2005
  }
2006
+
2007
+ public static function verifyStartSignature($signature, $isFork, $scanMode, $cronKey, $remote) {
2008
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2009
+ if ($remote) {
2010
+ $url = self::_remoteStartURL($isFork, $scanMode, $cronKey);
2011
+ $url = remove_query_arg('signature', $url);
2012
+ }
2013
+ $test = self::_signStartURL($url);
2014
+ return hash_equals($signature, $test);
2015
+ }
2016
+
2017
+ protected static function _baseStartURL($isFork, $scanMode, $cronKey) {
2018
+ $url = admin_url('admin-ajax.php');
2019
+ $url .= '?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . urlencode($scanMode) . '&cronKey=' . urlencode($cronKey);
2020
+ return $url;
2021
+ }
2022
+
2023
+ protected static function _localStartURL($isFork, $scanMode, $cronKey) {
2024
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2025
+ return add_query_arg('signature', self::_signStartURL($url), $url);
2026
+ }
2027
+
2028
+ protected static function _remoteStartURL($isFork, $scanMode, $cronKey) {
2029
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2030
+ $url = preg_replace('/^https?:\/\//i', (wfAPI::SSLEnabled() ? WORDFENCE_API_URL_SEC : WORDFENCE_API_URL_NONSEC) . 'scanp/', $url);
2031
+ $url = add_query_arg('k', wfConfig::get('apiKey'), $url);
2032
+ $url = add_query_arg('ssl', wfUtils::isFullSSL() ? '1' : '0', $url);
2033
+ return add_query_arg('signature', self::_signStartURL($url), $url);
2034
+ }
2035
+
2036
+ protected static function _signStartURL($url) {
2037
+ $payload = preg_replace('~^https?://[^/]+~i', '', $url);
2038
+ return wfCrypt::local_sign($payload);
2039
+ }
2040
+
2041
  public function processResponse($result){
2042
  return false;
2043
  }
lib/wfUtils.php CHANGED
@@ -157,7 +157,7 @@ class wfUtils {
157
  }
158
  return $version;
159
  }
160
-
161
  /**
162
  * Check if an IP address is in a network block
163
  *
@@ -166,43 +166,216 @@ class wfUtils {
166
  * @return boolean
167
  */
168
  public static function subnetContainsIP($subnet, $ip) {
169
- list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
170
-
171
- if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
172
- // If no prefix was supplied, 32 is implied for IPv4
173
- if ($prefix === null) {
174
- $prefix = 32;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
175
  }
176
-
177
- // Validate the IPv4 network prefix
178
- if ($prefix < 0 || $prefix > 32) {
179
- return false;
 
 
180
  }
181
-
182
- // Increase the IPv4 network prefix to work in the IPv6 address space
183
- $prefix += 96;
184
- } else {
185
- // If no prefix was supplied, 128 is implied for IPv6
186
- if ($prefix === null) {
187
- $prefix = 128;
188
  }
189
-
190
- // Validate the IPv6 network prefix
191
- if ($prefix < 1 || $prefix > 128) {
192
- return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
193
  }
 
 
 
 
194
  }
195
 
196
- $bin_network = wfUtils::substr(self::inet_pton($network), 0, ceil($prefix / 8));
197
- $bin_ip = wfUtils::substr(self::inet_pton($ip), 0, ceil($prefix / 8));
198
- if ($prefix % 8 != 0) { //Adjust the last relevant character to fit the mask length since the character's bits are split over it
199
- $pos = intval($prefix / 8);
200
- $adjustment = chr(((0xff << (8 - ($prefix % 8))) & 0xff));
201
- $bin_network[$pos] = ($bin_network[$pos] & $adjustment);
202
- $bin_ip[$pos] = ($bin_ip[$pos] & $adjustment);
 
 
 
203
  }
204
 
205
- return ($bin_network === $bin_ip);
206
  }
207
 
208
  /**
157
  }
158
  return $version;
159
  }
160
+
161
  /**
162
  * Check if an IP address is in a network block
163
  *
166
  * @return boolean
167
  */
168
  public static function subnetContainsIP($subnet, $ip) {
169
+ static $_network_cache = array();
170
+ static $_ip_cache = array();
171
+ static $_masks = array(
172
+ 0 => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
173
+ 1 => "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
174
+ 2 => "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
175
+ 3 => "\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
176
+ 4 => "\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
177
+ 5 => "\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
178
+ 6 => "\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
179
+ 7 => "\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
180
+ 8 => "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
181
+ 9 => "\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
182
+ 10 => "\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
183
+ 11 => "\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
184
+ 12 => "\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
185
+ 13 => "\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
186
+ 14 => "\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
187
+ 15 => "\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
188
+ 16 => "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
189
+ 17 => "\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
190
+ 18 => "\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
191
+ 19 => "\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
192
+ 20 => "\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
193
+ 21 => "\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
194
+ 22 => "\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
195
+ 23 => "\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
196
+ 24 => "\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
197
+ 25 => "\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
198
+ 26 => "\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
199
+ 27 => "\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
200
+ 28 => "\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
201
+ 29 => "\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
202
+ 30 => "\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
203
+ 31 => "\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
204
+ 32 => "\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
205
+ 33 => "\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
206
+ 34 => "\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
207
+ 35 => "\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
208
+ 36 => "\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
209
+ 37 => "\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
210
+ 38 => "\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
211
+ 39 => "\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
212
+ 40 => "\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
213
+ 41 => "\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
214
+ 42 => "\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
215
+ 43 => "\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
216
+ 44 => "\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
217
+ 45 => "\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
218
+ 46 => "\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
219
+ 47 => "\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
220
+ 48 => "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
221
+ 49 => "\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00",
222
+ 50 => "\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
223
+ 51 => "\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
224
+ 52 => "\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
225
+ 53 => "\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00",
226
+ 54 => "\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00",
227
+ 55 => "\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00",
228
+ 56 => "\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00",
229
+ 57 => "\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00",
230
+ 58 => "\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00",
231
+ 59 => "\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00",
232
+ 60 => "\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00",
233
+ 61 => "\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00",
234
+ 62 => "\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00",
235
+ 63 => "\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00",
236
+ 64 => "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00",
237
+ 65 => "\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00",
238
+ 66 => "\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00",
239
+ 67 => "\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00",
240
+ 68 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00",
241
+ 69 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00",
242
+ 70 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00",
243
+ 71 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00",
244
+ 72 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00",
245
+ 73 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00",
246
+ 74 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00",
247
+ 75 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00",
248
+ 76 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00",
249
+ 77 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00",
250
+ 78 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00",
251
+ 79 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00",
252
+ 80 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00",
253
+ 81 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00",
254
+ 82 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00",
255
+ 83 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00",
256
+ 84 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00",
257
+ 85 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00",
258
+ 86 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00",
259
+ 87 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00",
260
+ 88 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00",
261
+ 89 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00",
262
+ 90 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00",
263
+ 91 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00",
264
+ 92 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00",
265
+ 93 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00",
266
+ 94 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00",
267
+ 95 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00",
268
+ 96 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00",
269
+ 97 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00",
270
+ 98 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00",
271
+ 99 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00",
272
+ 100 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00",
273
+ 101 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00",
274
+ 102 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00",
275
+ 103 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00",
276
+ 104 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00",
277
+ 105 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00",
278
+ 106 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00",
279
+ 107 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00",
280
+ 108 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00",
281
+ 109 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00",
282
+ 110 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00",
283
+ 111 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00",
284
+ 112 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00",
285
+ 113 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00",
286
+ 114 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00",
287
+ 115 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00",
288
+ 116 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00",
289
+ 117 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00",
290
+ 118 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00",
291
+ 119 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00",
292
+ 120 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00",
293
+ 121 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80",
294
+ 122 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0",
295
+ 123 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0",
296
+ 124 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0",
297
+ 125 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8",
298
+ 126 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc",
299
+ 127 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
300
+ 128 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
301
+ );
302
+ /*
303
+ * The above is generated by:
304
+ *
305
+ function gen_mask($prefix, $size = 128) {
306
+ //Workaround to avoid overflow, split into four pieces
307
+ $mask_1 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 1 * $size / 4 - $prefix))) - 1);
308
+ $mask_2 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 2 * $size / 4 - $prefix))) - 1);
309
+ $mask_3 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 3 * $size / 4 - $prefix))) - 1);
310
+ $mask_4 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 4 * $size / 4 - $prefix))) - 1);
311
+ return ($mask_1 ? pack('N', $mask_1) : "\0\0\0\0") . ($mask_2 ? pack('N', $mask_2) : "\0\0\0\0") . ($mask_3 ? pack('N', $mask_3) : "\0\0\0\0") . ($mask_4 ? pack('N', $mask_4) : "\0\0\0\0");
312
  }
313
+
314
+ $masks = array();
315
+ for ($i = 0; $i <= 128; $i++) {
316
+ $mask = gen_mask($i);
317
+ $chars = str_split($mask);
318
+ $masks[] = implode('', array_map(function($c) { return '\\x' . bin2hex($c); }, $chars));
319
  }
320
+
321
+ echo 'array(' . "\n";
322
+ foreach ($masks as $index => $m) {
323
+ echo "\t{$index} => \"{$m}\",\n";
 
 
 
324
  }
325
+ echo ')';
326
+ *
327
+ */
328
+
329
+ if (isset($_network_cache[$subnet])) {
330
+ list($bin_network, $prefix, $masked_network) = $_network_cache[$subnet];
331
+ $mask = $_masks[$prefix];
332
+ }
333
+ else {
334
+ list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
335
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
336
+ // If no prefix was supplied, 32 is implied for IPv4
337
+ if ($prefix === null) {
338
+ $prefix = 32;
339
+ }
340
+
341
+ // Validate the IPv4 network prefix
342
+ if ($prefix < 0 || $prefix > 32) {
343
+ return false;
344
+ }
345
+
346
+ // Increase the IPv4 network prefix to work in the IPv6 address space
347
+ $prefix += 96;
348
+ }
349
+ else {
350
+ // If no prefix was supplied, 128 is implied for IPv6
351
+ if ($prefix === null) {
352
+ $prefix = 128;
353
+ }
354
+
355
+ // Validate the IPv6 network prefix
356
+ if ($prefix < 1 || $prefix > 128) {
357
+ return false;
358
+ }
359
  }
360
+ $mask = $_masks[$prefix];
361
+ $bin_network = self::inet_pton($network);
362
+ $masked_network = $bin_network & $mask;
363
+ $_network_cache[$subnet] = array($bin_network, $prefix, $masked_network);
364
  }
365
 
366
+ if (isset($_ip_cache[$ip]) && isset($_ip_cache[$ip][$prefix])) {
367
+ list($bin_ip, $masked_ip) = $_ip_cache[$ip][$prefix];
368
+ }
369
+ else {
370
+ $bin_ip = self::inet_pton($ip);
371
+ $masked_ip = $bin_ip & $mask;
372
+ if (!isset($_ip_cache[$ip])) {
373
+ $_ip_cache[$ip] = array();
374
+ }
375
+ $_ip_cache[$ip][$prefix] = array($bin_ip, $masked_ip);
376
  }
377
 
378
+ return ($masked_ip === $masked_network);
379
  }
380
 
381
  /**
lib/wordfenceClass.php CHANGED
@@ -5379,7 +5379,7 @@ HTACCESS;
5379
  echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
5380
  echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
5381
  echo "Attempting to set max memory to {$configuredMax}M.\n";
5382
- wfUtils::iniSet('memory_limit', ($configuredMax + 1) . 'M'); //Allow a little extra for testing overhead
5383
  echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested {$configuredMax} megabytes.\n";
5384
 
5385
  if (memory_get_usage(true) < 1) {
@@ -5391,26 +5391,29 @@ HTACCESS;
5391
  exit();
5392
  }
5393
 
5394
- //256 bytes
5395
- $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
5396
 
 
5397
  $currentUsage = memory_get_usage(true);
5398
  $tenMB = 10 * 1024 * 1024;
5399
  $start = ceil($currentUsage / $tenMB) * $tenMB - $currentUsage; //Start at the closest 10 MB increment to the current usage
5400
  $configuredMax = $configuredMax * 1048576; //Bytes
5401
  $testLimit = $configuredMax - memory_get_usage(true);
5402
  $finalUsage = '0';
 
 
 
5403
  while ($start <= $testLimit) {
5404
- $accumulatedMemory = str_repeat($chars, $start / 256);
5405
 
5406
  $finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
5407
  echo "Tested up to " . $finalUsage . " megabytes.\n";
5408
  if ($start == $testLimit) { break; }
 
5409
  $start = min($start + $stepSize, $testLimit);
5410
 
5411
  if (memory_get_usage(true) > $configuredMax) { break; }
5412
-
5413
- unset($accumulatedMemory);
5414
  }
5415
  echo "--Test complete.--\n\nYour web host allows you to use at least {$finalUsage} megabytes of memory for each PHP process hosting your WordPress site.\n";
5416
  exit();
5379
  echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
5380
  echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
5381
  echo "Attempting to set max memory to {$configuredMax}M.\n";
5382
+ wfUtils::iniSet('memory_limit', ($configuredMax + 5) . 'M'); //Allow a little extra for testing overhead
5383
  echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested {$configuredMax} megabytes.\n";
5384
 
5385
  if (memory_get_usage(true) < 1) {
5391
  exit();
5392
  }
5393
 
5394
+ if (!defined('WP_SANDBOX_SCRAPING')) { define('WP_SANDBOX_SCRAPING', true); } //Disables the WP error handler in somewhat of a hacky way
 
5395
 
5396
+ $accumulatedMemory = array_fill(0, ceil($configuredMax / $stepSize), '');
5397
  $currentUsage = memory_get_usage(true);
5398
  $tenMB = 10 * 1024 * 1024;
5399
  $start = ceil($currentUsage / $tenMB) * $tenMB - $currentUsage; //Start at the closest 10 MB increment to the current usage
5400
  $configuredMax = $configuredMax * 1048576; //Bytes
5401
  $testLimit = $configuredMax - memory_get_usage(true);
5402
  $finalUsage = '0';
5403
+ $previous = 0;
5404
+ $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
5405
+ $index = 0;
5406
  while ($start <= $testLimit) {
5407
+ $accumulatedMemory[$index] = str_repeat($chars, ($start - $previous) / 256);
5408
 
5409
  $finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
5410
  echo "Tested up to " . $finalUsage . " megabytes.\n";
5411
  if ($start == $testLimit) { break; }
5412
+ $previous = $start;
5413
  $start = min($start + $stepSize, $testLimit);
5414
 
5415
  if (memory_get_usage(true) > $configuredMax) { break; }
5416
+ $index++;
 
5417
  }
5418
  echo "--Test complete.--\n\nYour web host allows you to use at least {$finalUsage} megabytes of memory for each PHP process hosting your WordPress site.\n";
5419
  exit();
lib/wordfenceHash.php CHANGED
@@ -360,6 +360,8 @@ class wordfenceHash {
360
  $indexedFiles = array();
361
  }
362
 
 
 
363
  if (count($payload) > 0) {
364
  global $wpdb;
365
  $table_wfKnownFileList = wfDB::networkTable('wfKnownFileList');
360
  $indexedFiles = array();
361
  }
362
 
363
+ $payload = array_filter($payload); //Strip empty strings -- these are symlinks to files outside of the site root (ABSPATH)
364
+
365
  if (count($payload) > 0) {
366
  global $wpdb;
367
  $table_wfKnownFileList = wfDB::networkTable('wfKnownFileList');
modules/login-security/css/{admin-global.1573059078.css → admin-global.1575390485.css} RENAMED
File without changes
modules/login-security/css/{admin.1573059078.css → admin.1575390485.css} RENAMED
File without changes
modules/login-security/css/{colorbox.1573059078.css → colorbox.1575390485.css} RENAMED
File without changes
modules/login-security/css/{font-awesome.1573059078.css → font-awesome.1575390485.css} RENAMED
File without changes
modules/login-security/css/{ionicons.1573059078.css → ionicons.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{login.1573059078.css → login.1575390485.css} RENAMED
File without changes
modules/login-security/js/{admin-global.1573059078.js → admin-global.1575390485.js} RENAMED
File without changes
modules/login-security/js/{admin.1573059078.js → admin.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.min.1573059078.js → jquery.colorbox.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{login.1573059078.js → login.1575390485.js} RENAMED
File without changes
modules/login-security/wordfence-login-security.php CHANGED
@@ -27,7 +27,7 @@ else {
27
  define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
 
29
  define('WORDFENCE_LS_VERSION', '1.0.4');
30
- define('WORDFENCE_LS_BUILD_NUMBER', '1573059078');
31
 
32
  if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
 
27
  define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
 
29
  define('WORDFENCE_LS_VERSION', '1.0.4');
30
+ define('WORDFENCE_LS_BUILD_NUMBER', '1575390485');
31
 
32
  if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: security, firewall, malware scanner, web application firewall, two factor
4
  Requires at least: 3.9
5
  Requires PHP: 5.3
6
  Tested up to: 5.3
7
- Stable tag: 7.4.1
8
 
9
  Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
 
@@ -183,6 +183,16 @@ Secure your website with Wordfence.
183
 
184
  == Changelog ==
185
 
 
 
 
 
 
 
 
 
 
 
186
  = 7.4.1 - November 6, 2019 =
187
  * Improvement: Updated the bundled GeoIP database.
188
  * Improvement: Minor changes to ensure compatibility with PHP 7.4.
4
  Requires at least: 3.9
5
  Requires PHP: 5.3
6
  Tested up to: 5.3
7
+ Stable tag: 7.4.2
8
 
9
  Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
 
183
 
184
  == Changelog ==
185
 
186
+ = 7.4.2 - December 3, 2019 =
187
+ * Improvement: Increased performance of IP CIDR range comparisons.
188
+ * Improvement: Added parameter signature to remote scanning for better validation during forking.
189
+ * Change: Removed duplicate browser label in Live Traffic.
190
+ * Fix: Added compensation for PHP 7.4 deprecation notice with get_magic_quotes_gpc.
191
+ * Fix: Fixed potential notice in dashboard widget when no updates are found.
192
+ * Fix: Updated JS hashing library to compensate for a variable name collision that could occur.
193
+ * Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files.
194
+ * Fix: Fixed PHP memory test for newer PHP versions whose optimizations prevented it from allocating memory as desired.
195
+
196
  = 7.4.1 - November 6, 2019 =
197
  * Improvement: Updated the bundled GeoIP database.
198
  * Improvement: Minor changes to ensure compatibility with PHP 7.4.
vendor/wordfence/wf-waf/src/lib/utils.php CHANGED
@@ -353,6 +353,9 @@ class wfWAFUtils {
353
  'off',
354
  'false'
355
  ))));
 
 
 
356
  // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated
357
  if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || $sybaseEnabled) {
358
  return self::stripslashes_deep($subject);
@@ -717,7 +720,7 @@ class wfWAFUtils {
717
  if (!defined('DONOTCDN')) { define('DONOTCDN', true); }
718
  if (!defined('DONOTCACHEOBJECT')) { define('DONOTCACHEOBJECT', true); }
719
  }
720
-
721
  /**
722
  * Check if an IP address is in a network block
723
  *
@@ -726,43 +729,216 @@ class wfWAFUtils {
726
  * @return boolean
727
  */
728
  public static function subnetContainsIP($subnet, $ip) {
729
- list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
730
-
731
- if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
732
- // If no prefix was supplied, 32 is implied for IPv4
733
- if ($prefix === null) {
734
- $prefix = 32;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
735
  }
736
-
737
- // Validate the IPv4 network prefix
738
- if ($prefix < 0 || $prefix > 32) {
739
- return false;
 
 
740
  }
741
-
742
- // Increase the IPv4 network prefix to work in the IPv6 address space
743
- $prefix += 96;
744
- } else {
745
- // If no prefix was supplied, 128 is implied for IPv6
746
- if ($prefix === null) {
747
- $prefix = 128;
748
  }
749
-
750
- // Validate the IPv6 network prefix
751
- if ($prefix < 1 || $prefix > 128) {
752
- return false;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
753
  }
 
 
 
 
754
  }
755
-
756
- $bin_network = wfWAFUtils::substr(self::inet_pton($network), 0, ceil($prefix / 8));
757
- $bin_ip = wfWAFUtils::substr(self::inet_pton($ip), 0, ceil($prefix / 8));
758
- if ($prefix % 8 != 0) { //Adjust the last relevant character to fit the mask length since the character's bits are split over it
759
- $pos = intval($prefix / 8);
760
- $adjustment = chr(((0xff << (8 - ($prefix % 8))) & 0xff));
761
- $bin_network[$pos] = ($bin_network[$pos] & $adjustment);
762
- $bin_ip[$pos] = ($bin_ip[$pos] & $adjustment);
763
  }
764
-
765
- return ($bin_network === $bin_ip);
 
 
 
 
 
 
 
 
766
  }
767
 
768
  /**
353
  'off',
354
  'false'
355
  ))));
356
+ if (defined('PHP_VERSION_ID') && PHP_VERSION_ID >= 70400) { //Avoid get_magic_quotes_gpc on PHP >= 7.4.0
357
+ return $subject;
358
+ }
359
  // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated
360
  if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || $sybaseEnabled) {
361
  return self::stripslashes_deep($subject);
720
  if (!defined('DONOTCDN')) { define('DONOTCDN', true); }
721
  if (!defined('DONOTCACHEOBJECT')) { define('DONOTCACHEOBJECT', true); }
722
  }
723
+
724
  /**
725
  * Check if an IP address is in a network block
726
  *
729
  * @return boolean
730
  */
731
  public static function subnetContainsIP($subnet, $ip) {
732
+ static $_network_cache = array();
733
+ static $_ip_cache = array();
734
+ static $_masks = array(
735
+ 0 => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
736
+ 1 => "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
737
+ 2 => "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
738
+ 3 => "\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
739
+ 4 => "\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
740
+ 5 => "\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
741
+ 6 => "\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
742
+ 7 => "\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
743
+ 8 => "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
744
+ 9 => "\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
745
+ 10 => "\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
746
+ 11 => "\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
747
+ 12 => "\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
748
+ 13 => "\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
749
+ 14 => "\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
750
+ 15 => "\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
751
+ 16 => "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
752
+ 17 => "\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
753
+ 18 => "\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
754
+ 19 => "\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
755
+ 20 => "\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
756
+ 21 => "\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
757
+ 22 => "\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
758
+ 23 => "\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
759
+ 24 => "\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
760
+ 25 => "\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
761
+ 26 => "\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
762
+ 27 => "\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
763
+ 28 => "\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
764
+ 29 => "\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
765
+ 30 => "\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
766
+ 31 => "\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
767
+ 32 => "\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
768
+ 33 => "\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
769
+ 34 => "\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
770
+ 35 => "\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
771
+ 36 => "\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
772
+ 37 => "\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
773
+ 38 => "\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
774
+ 39 => "\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
775
+ 40 => "\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
776
+ 41 => "\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
777
+ 42 => "\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
778
+ 43 => "\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
779
+ 44 => "\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
780
+ 45 => "\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
781
+ 46 => "\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
782
+ 47 => "\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
783
+ 48 => "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
784
+ 49 => "\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00",
785
+ 50 => "\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
786
+ 51 => "\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
787
+ 52 => "\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
788
+ 53 => "\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00",
789
+ 54 => "\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00",
790
+ 55 => "\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00",
791
+ 56 => "\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00",
792
+ 57 => "\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00",
793
+ 58 => "\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00",
794
+ 59 => "\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00",
795
+ 60 => "\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00",
796
+ 61 => "\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00",
797
+ 62 => "\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00",
798
+ 63 => "\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00",
799
+ 64 => "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00",
800
+ 65 => "\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00",
801
+ 66 => "\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00",
802
+ 67 => "\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00",
803
+ 68 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00",
804
+ 69 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00",
805
+ 70 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00",
806
+ 71 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00",
807
+ 72 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00",
808
+ 73 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00",
809
+ 74 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00",
810
+ 75 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00",
811
+ 76 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00",
812
+ 77 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00",
813
+ 78 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00",
814
+ 79 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00",
815
+ 80 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00",
816
+ 81 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00",
817
+ 82 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00",
818
+ 83 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00",
819
+ 84 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00",
820
+ 85 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00",
821
+ 86 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00",
822
+ 87 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00",
823
+ 88 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00",
824
+ 89 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00",
825
+ 90 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00",
826
+ 91 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00",
827
+ 92 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00",
828
+ 93 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00",
829
+ 94 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00",
830
+ 95 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00",
831
+ 96 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00",
832
+ 97 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00",
833
+ 98 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00",
834
+ 99 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00",
835
+ 100 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00",
836
+ 101 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00",
837
+ 102 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00",
838
+ 103 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00",
839
+ 104 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00",
840
+ 105 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00",
841
+ 106 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00",
842
+ 107 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00",
843
+ 108 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00",
844
+ 109 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00",
845
+ 110 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00",
846
+ 111 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00",
847
+ 112 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00",
848
+ 113 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00",
849
+ 114 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00",
850
+ 115 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00",
851
+ 116 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00",
852
+ 117 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00",
853
+ 118 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00",
854
+ 119 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00",
855
+ 120 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00",
856
+ 121 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80",
857
+ 122 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0",
858
+ 123 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0",
859
+ 124 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0",
860
+ 125 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8",
861
+ 126 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc",
862
+ 127 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
863
+ 128 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
864
+ );
865
+ /*
866
+ * The above is generated by:
867
+ *
868
+ function gen_mask($prefix, $size = 128) {
869
+ //Workaround to avoid overflow, split into four pieces
870
+ $mask_1 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 1 * $size / 4 - $prefix))) - 1);
871
+ $mask_2 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 2 * $size / 4 - $prefix))) - 1);
872
+ $mask_3 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 3 * $size / 4 - $prefix))) - 1);
873
+ $mask_4 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 4 * $size / 4 - $prefix))) - 1);
874
+ return ($mask_1 ? pack('N', $mask_1) : "\0\0\0\0") . ($mask_2 ? pack('N', $mask_2) : "\0\0\0\0") . ($mask_3 ? pack('N', $mask_3) : "\0\0\0\0") . ($mask_4 ? pack('N', $mask_4) : "\0\0\0\0");
875
  }
876
+
877
+ $masks = array();
878
+ for ($i = 0; $i <= 128; $i++) {
879
+ $mask = gen_mask($i);
880
+ $chars = str_split($mask);
881
+ $masks[] = implode('', array_map(function($c) { return '\\x' . bin2hex($c); }, $chars));
882
  }
883
+
884
+ echo 'array(' . "\n";
885
+ foreach ($masks as $index => $m) {
886
+ echo "\t{$index} => \"{$m}\",\n";
 
 
 
887
  }
888
+ echo ')';
889
+ *
890
+ */
891
+
892
+ if (isset($_network_cache[$subnet])) {
893
+ list($bin_network, $prefix, $masked_network) = $_network_cache[$subnet];
894
+ $mask = $_masks[$prefix];
895
+ }
896
+ else {
897
+ list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
898
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
899
+ // If no prefix was supplied, 32 is implied for IPv4
900
+ if ($prefix === null) {
901
+ $prefix = 32;
902
+ }
903
+
904
+ // Validate the IPv4 network prefix
905
+ if ($prefix < 0 || $prefix > 32) {
906
+ return false;
907
+ }
908
+
909
+ // Increase the IPv4 network prefix to work in the IPv6 address space
910
+ $prefix += 96;
911
+ }
912
+ else {
913
+ // If no prefix was supplied, 128 is implied for IPv6
914
+ if ($prefix === null) {
915
+ $prefix = 128;
916
+ }
917
+
918
+ // Validate the IPv6 network prefix
919
+ if ($prefix < 1 || $prefix > 128) {
920
+ return false;
921
+ }
922
  }
923
+ $mask = $_masks[$prefix];
924
+ $bin_network = self::inet_pton($network);
925
+ $masked_network = $bin_network & $mask;
926
+ $_network_cache[$subnet] = array($bin_network, $prefix, $masked_network);
927
  }
928
+
929
+ if (isset($_ip_cache[$ip]) && isset($_ip_cache[$ip][$prefix])) {
930
+ list($bin_ip, $masked_ip) = $_ip_cache[$ip][$prefix];
 
 
 
 
 
931
  }
932
+ else {
933
+ $bin_ip = self::inet_pton($ip);
934
+ $masked_ip = $bin_ip & $mask;
935
+ if (!isset($_ip_cache[$ip])) {
936
+ $_ip_cache[$ip] = array();
937
+ }
938
+ $_ip_cache[$ip][$prefix] = array($bin_ip, $masked_ip);
939
+ }
940
+
941
+ return ($masked_ip === $masked_network);
942
  }
943
 
944
  /**
views/reports/activity-report-email-inline.php CHANGED
@@ -355,7 +355,12 @@ h6 a:visited { color: purple !important; }
355
  <?php wfHelperString::cycle(); ?>
356
 
357
  <h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Updates Needed', 'wordfence'); ?></h2>
358
-
 
 
 
 
 
359
  <?php if ($updates_needed['core']): ?>
360
  <h4 style="font-size: 16px; vertical-align: baseline; clear: both; color: #666666 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Core', 'wordfence'); ?></h4>
361
  <ul style="font-size: 100%; vertical-align: baseline; list-style-type: none; margin: 0; padding: 0; border: 0;">
355
  <?php wfHelperString::cycle(); ?>
356
 
357
  <h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Updates Needed', 'wordfence'); ?></h2>
358
+
359
+ <?php
360
+ if (!is_array($updates_needed)) {
361
+ $updates_needed = array('core' => array(), 'plugins' => array(), 'themes' => array());
362
+ }
363
+ ?>
364
  <?php if ($updates_needed['core']): ?>
365
  <h4 style="font-size: 16px; vertical-align: baseline; clear: both; color: #666666 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Core', 'wordfence'); ?></h4>
366
  <ul style="font-size: 100%; vertical-align: baseline; list-style-type: none; margin: 0; padding: 0; border: 0;">
views/reports/activity-report.php CHANGED
@@ -163,6 +163,11 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
163
 
164
  <h2><?php _e('Updates Needed', 'wordfence'); ?></h2>
165
 
 
 
 
 
 
166
  <?php if ($updates_needed['core']): ?>
167
  <h4><?php _e('Core', 'wordfence'); ?></h4>
168
  <ul>
163
 
164
  <h2><?php _e('Updates Needed', 'wordfence'); ?></h2>
165
 
166
+ <?php
167
+ if (!is_array($updates_needed)) {
168
+ $updates_needed = array('core' => array(), 'plugins' => array(), 'themes' => array());
169
+ }
170
+ ?>
171
  <?php if ($updates_needed['core']): ?>
172
  <h4><?php _e('Core', 'wordfence'); ?></h4>
173
  <ul>
wordfence.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
  Author: Wordfence
7
- Version: 7.4.1
8
  Author URI: http://www.wordfence.com/
9
  Network: true
10
  */
@@ -15,8 +15,8 @@ if(defined('WP_INSTALLING') && WP_INSTALLING){
15
  if (!defined('ABSPATH')) {
16
  exit;
17
  }
18
- define('WORDFENCE_VERSION', '7.4.1');
19
- define('WORDFENCE_BUILD_NUMBER', '1573059078');
20
  define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
  basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22
 
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
  Author: Wordfence
7
+ Version: 7.4.2
8
  Author URI: http://www.wordfence.com/
9
  Network: true
10
  */
15
  if (!defined('ABSPATH')) {
16
  exit;
17
  }
18
+ define('WORDFENCE_VERSION', '7.4.2');
19
+ define('WORDFENCE_BUILD_NUMBER', '1575390485');
20
  define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
  basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22