Wordfence Security – Firewall & Malware Scan - Version 7.4.2

Version Description

  • December 3, 2019 =
  • Improvement: Increased performance of IP CIDR range comparisons.
  • Improvement: Added parameter signature to remote scanning for better validation during forking.
  • Change: Removed duplicate browser label in Live Traffic.
  • Fix: Added compensation for PHP 7.4 deprecation notice with get_magic_quotes_gpc.
  • Fix: Fixed potential notice in dashboard widget when no updates are found.
  • Fix: Updated JS hashing library to compensate for a variable name collision that could occur.
  • Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files.
  • Fix: Fixed PHP memory test for newer PHP versions whose optimizations prevented it from allocating memory as desired.
Download this release

Release Info

Developer wfryan
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 7.4.2
Comparing to
See all releases

Code changes from version 7.4.1 to 7.4.2

Files changed (70) hide show
  1. css/{activity-report-widget.1573059078.css → activity-report-widget.1575390485.css} +0 -0
  2. css/{diff.1573059078.css → diff.1575390485.css} +0 -0
  3. css/{dt_table.1573059078.css → dt_table.1575390485.css} +0 -0
  4. css/{fullLog.1573059078.css → fullLog.1575390485.css} +0 -0
  5. css/{iptraf.1573059078.css → iptraf.1575390485.css} +0 -0
  6. css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} +0 -0
  7. css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} +0 -0
  8. css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} +0 -0
  9. css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} +0 -0
  10. css/{main.1573059078.css → main.1575390485.css} +0 -0
  11. css/{phpinfo.1573059078.css → phpinfo.1575390485.css} +0 -0
  12. css/{wf-adminbar.1573059078.css → wf-adminbar.1575390485.css} +0 -0
  13. css/{wf-colorbox.1573059078.css → wf-colorbox.1575390485.css} +0 -0
  14. css/{wf-font-awesome.1573059078.css → wf-font-awesome.1575390485.css} +0 -0
  15. css/{wf-global.1573059078.css → wf-global.1575390485.css} +0 -0
  16. css/{wf-ionicons.1573059078.css → wf-ionicons.1575390485.css} +0 -0
  17. css/{wf-onboarding.1573059078.css → wf-onboarding.1575390485.css} +0 -0
  18. css/{wf-roboto-font.1573059078.css → wf-roboto-font.1575390485.css} +0 -0
  19. css/{wfselect2.min.1573059078.css → wfselect2.min.1575390485.css} +0 -0
  20. css/{wordfenceBox.1573059078.css → wordfenceBox.1575390485.css} +0 -0
  21. js/{Chart.bundle.min.1573059078.js → Chart.bundle.min.1575390485.js} +0 -0
  22. js/{admin.1573059078.js → admin.1575390485.js} +0 -0
  23. js/{admin.ajaxWatcher.1573059078.js → admin.ajaxWatcher.1575390485.js} +0 -0
  24. js/{admin.liveTraffic.1573059078.js → admin.liveTraffic.1575390485.js} +0 -0
  25. js/{date.1573059078.js → date.1575390485.js} +0 -0
  26. js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} +0 -0
  27. js/{jquery.colorbox-min.1573059078.js → jquery.colorbox-min.1575390485.js} +0 -0
  28. js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} +0 -0
  29. js/{jquery.dataTables.min.1573059078.js → jquery.dataTables.min.1575390485.js} +0 -0
  30. js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} +0 -0
  31. js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} +0 -0
  32. js/{jquery.tools.min.1573059078.js → jquery.tools.min.1575390485.js} +0 -0
  33. js/{knockout-3.3.0.1573059078.js → knockout-3.3.0.1575390485.js} +0 -0
  34. js/{wfdashboard.1573059078.js → wfdashboard.1575390485.js} +0 -0
  35. js/{wfdropdown.1573059078.js → wfdropdown.1575390485.js} +0 -0
  36. js/wfglobal.1573059078.js +0 -234
  37. js/wfglobal.1575390485.js +223 -0
  38. js/{wfpopover.1573059078.js → wfpopover.1575390485.js} +0 -0
  39. js/{wfselect2.min.1573059078.js → wfselect2.min.1575390485.js} +0 -0
  40. lib/menu_tools_livetraffic.php +0 -7
  41. lib/wfCrypt.php +10 -0
  42. lib/wfScan.php +8 -1
  43. lib/wfScanEngine.php +37 -5
  44. lib/wfUtils.php +203 -30
  45. lib/wordfenceClass.php +9 -6
  46. lib/wordfenceHash.php +2 -0
  47. modules/login-security/css/{admin-global.1573059078.css → admin-global.1575390485.css} +0 -0
  48. modules/login-security/css/{admin.1573059078.css → admin.1575390485.css} +0 -0
  49. modules/login-security/css/{colorbox.1573059078.css → colorbox.1575390485.css} +0 -0
  50. modules/login-security/css/{font-awesome.1573059078.css → font-awesome.1575390485.css} +0 -0
  51. modules/login-security/css/{ionicons.1573059078.css → ionicons.1575390485.css} +0 -0
  52. modules/login-security/css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} +0 -0
  53. modules/login-security/css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} +0 -0
  54. modules/login-security/css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} +0 -0
  55. modules/login-security/css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} +0 -0
  56. modules/login-security/css/{login.1573059078.css → login.1575390485.css} +0 -0
  57. modules/login-security/js/{admin-global.1573059078.js → admin-global.1575390485.js} +0 -0
  58. modules/login-security/js/{admin.1573059078.js → admin.1575390485.js} +0 -0
  59. modules/login-security/js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} +0 -0
  60. modules/login-security/js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} +0 -0
  61. modules/login-security/js/{jquery.colorbox.min.1573059078.js → jquery.colorbox.min.1575390485.js} +0 -0
  62. modules/login-security/js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} +0 -0
  63. modules/login-security/js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} +0 -0
  64. modules/login-security/js/{login.1573059078.js → login.1575390485.js} +0 -0
  65. modules/login-security/wordfence-login-security.php +1 -1
  66. readme.txt +11 -1
  67. vendor/wordfence/wf-waf/src/lib/utils.php +208 -32
  68. views/reports/activity-report-email-inline.php +6 -1
  69. views/reports/activity-report.php +5 -0
  70. wordfence.php +3 -3
css/{activity-report-widget.1573059078.css → activity-report-widget.1575390485.css} RENAMED
File without changes
css/{diff.1573059078.css → diff.1575390485.css} RENAMED
File without changes
css/{dt_table.1573059078.css → dt_table.1575390485.css} RENAMED
File without changes
css/{fullLog.1573059078.css → fullLog.1575390485.css} RENAMED
File without changes
css/{iptraf.1573059078.css → iptraf.1575390485.css} RENAMED
File without changes
css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} RENAMED
File without changes
css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} RENAMED
File without changes
css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} RENAMED
File without changes
css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} RENAMED
File without changes
css/{main.1573059078.css → main.1575390485.css} RENAMED
File without changes
css/{phpinfo.1573059078.css → phpinfo.1575390485.css} RENAMED
File without changes
css/{wf-adminbar.1573059078.css → wf-adminbar.1575390485.css} RENAMED
File without changes
css/{wf-colorbox.1573059078.css → wf-colorbox.1575390485.css} RENAMED
File without changes
css/{wf-font-awesome.1573059078.css → wf-font-awesome.1575390485.css} RENAMED
File without changes
css/{wf-global.1573059078.css → wf-global.1575390485.css} RENAMED
File without changes
css/{wf-ionicons.1573059078.css → wf-ionicons.1575390485.css} RENAMED
File without changes
css/{wf-onboarding.1573059078.css → wf-onboarding.1575390485.css} RENAMED
File without changes
css/{wf-roboto-font.1573059078.css → wf-roboto-font.1575390485.css} RENAMED
File without changes
css/{wfselect2.min.1573059078.css → wfselect2.min.1575390485.css} RENAMED
File without changes
css/{wordfenceBox.1573059078.css → wordfenceBox.1575390485.css} RENAMED
File without changes
js/{Chart.bundle.min.1573059078.js → Chart.bundle.min.1575390485.js} RENAMED
File without changes
js/{admin.1573059078.js → admin.1575390485.js} RENAMED
File without changes
js/{admin.ajaxWatcher.1573059078.js → admin.ajaxWatcher.1575390485.js} RENAMED
File without changes
js/{admin.liveTraffic.1573059078.js → admin.liveTraffic.1575390485.js} RENAMED
File without changes
js/{date.1573059078.js → date.1575390485.js} RENAMED
File without changes
js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} RENAMED
File without changes
js/{jquery.colorbox-min.1573059078.js → jquery.colorbox-min.1575390485.js} RENAMED
File without changes
js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} RENAMED
File without changes
js/{jquery.dataTables.min.1573059078.js → jquery.dataTables.min.1575390485.js} RENAMED
File without changes
js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} RENAMED
File without changes
js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} RENAMED
File without changes
js/{jquery.tools.min.1573059078.js → jquery.tools.min.1575390485.js} RENAMED
File without changes
js/{knockout-3.3.0.1573059078.js → knockout-3.3.0.1575390485.js} RENAMED
File without changes
js/{wfdashboard.1573059078.js → wfdashboard.1575390485.js} RENAMED
File without changes
js/{wfdropdown.1573059078.js → wfdropdown.1575390485.js} RENAMED
File without changes
js/wfglobal.1573059078.js DELETED
@@ -1,234 +0,0 @@
1
- (function($) {
2
- if (!window['wordfenceExt']) {
3
- window['wordfenceExt'] = {
4
- nonce: false,
5
- loadingCount: 0,
6
- isSmallScreen: false,
7
- init: function(){
8
- this.nonce = WordfenceAdminVars.firstNonce;
9
- this.isSmallScreen = window.matchMedia("only screen and (max-width: 500px)").matches;
10
- },
11
- showLoading: function(){
12
- this.loadingCount++;
13
- if (this.loadingCount == 1) {
14
- jQuery('<div id="wordfenceWorking">Wordfence is working...</div>').appendTo('body');
15
- }
16
- },
17
- removeLoading: function(){
18
- this.loadingCount--;
19
- if(this.loadingCount == 0){
20
- jQuery('#wordfenceWorking').remove();
21
- }
22
- },
23
- autoUpdateChoice: function(choice){
24
- this.ajax('wordfence_autoUpdateChoice', {
25
- choice: choice
26
- },
27
- function(res){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); },
28
- function(){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); }
29
- );
30
- },
31
- misconfiguredHowGetIPsChoice : function(choice) {
32
- this.ajax('wordfence_misconfiguredHowGetIPsChoice', {
33
- choice: choice
34
- },
35
- function(res){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); },
36
- function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
37
- );
38
- },
39
- switchLiveTrafficSecurityOnlyChoice: function(choice) {
40
- this.ajax('wordfence_switchLiveTrafficSecurityOnlyChoice', {
41
- choice: choice
42
- },
43
- function(res){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); },
44
- function(){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); }
45
- );
46
- },
47
- dismissAdminNotice: function(nid) {
48
- this.ajax('wordfence_dismissAdminNotice', {
49
- id: nid
50
- },
51
- function(res){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); },
52
- function(){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); }
53
- );
54
- },
55
- setOption: function(key, value, successCallback) {
56
- var changes = {};
57
- changes[key] = value;
58
- this.ajax('wordfence_saveOptions', {changes: JSON.stringify(changes)}, function(res) {
59
- if (res.success) {
60
- typeof successCallback == 'function' && successCallback(res);
61
- }
62
- });
63
- },
64
- ajax: function(action, data, cb, cbErr, noLoading){
65
- if(typeof(data) == 'string'){
66
- if(data.length > 0){
67
- data += '&';
68
- }
69
- data += 'action=' + action + '&nonce=' + this.nonce;
70
- } else if(typeof(data) == 'object'){
71
- data['action'] = action;
72
- data['nonce'] = this.nonce;
73
- }
74
- if(! cbErr){
75
- cbErr = function(){};
76
- }
77
- var self = this;
78
- if(! noLoading){
79
- this.showLoading();
80
- }
81
- jQuery.ajax({
82
- type: 'POST',
83
- url: WordfenceAdminVars.ajaxURL,
84
- dataType: "json",
85
- data: data,
86
- success: function(json){
87
- if(! noLoading){
88
- self.removeLoading();
89
- }
90
- if(json && json.nonce){
91
- self.nonce = json.nonce;
92
- }
93
- cb(json);
94
- },
95
- error: function(){
96
- if(! noLoading){
97
- self.removeLoading();
98
- }
99
- cbErr();
100
- }
101
- });
102
- },
103
- hashSHA256: function(s) {
104
- return sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(s))
105
- },
106
- isEmailBlacklisted: function(email) {
107
- var hash = this.hashSHA256(email);
108
- for (var i = 0; i < WordfenceAdminVars.alertEmailBlacklist.length; i++) {
109
- if (hash === WordfenceAdminVars.alertEmailBlacklist[i]) {
110
- return true;
111
- }
112
- }
113
- return false;
114
- },
115
- parseEmails: function(raw) {
116
- var emails = [];
117
- if (typeof raw !== 'string') {
118
- return emails;
119
- }
120
-
121
- var rawEmails = raw.replace(/\s/g, '').split(',');
122
- for (var i = 0; i < rawEmails.length; i++) {
123
- //From https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address
124
- if (/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*#x2F;.test(rawEmails[i]) && !this.isEmailBlacklisted(rawEmails[i])) {
125
- emails.push(rawEmails[i]);
126
- }
127
- }
128
- return emails;
129
- },
130
- onboardingProcessEmails: function(emails, subscribe, touppAgreed) {
131
- var subscribe = !!subscribe;
132
- wordfenceExt.setOption('alertEmails', emails.join(', '));
133
-
134
- if (touppAgreed) {
135
- this.ajax('wordfence_recordTOUPP', {}, function(res) {
136
- //Do nothing
137
- });
138
- }
139
-
140
- if (subscribe) {
141
- this.ajax('wordfence_mailingSignup', {emails: JSON.stringify(emails)}, function(res) {
142
- //Do nothing
143
- });
144
- }
145
- },
146
- onboardingInstallLicense: function(license, successCallback, errorCallback) {
147
- this.ajax('wordfence_installLicense', {license: license}, function(res) {
148
- if (res.success) {
149
- typeof successCallback == 'function' && successCallback(res);
150
- }
151
- else if (res.error) {
152
- typeof errorCallback == 'function' && errorCallback(res);
153
- }
154
- });
155
- }
156
- };
157
- }
158
-
159
- $(function() {
160
- wordfenceExt.init();
161
-
162
- $('.wf-dismiss-link').on('click', function() {
163
- $('#wf-extended-protection-notice').css({
164
- opacity: .75
165
- });
166
- $.get(this.href, function() {
167
- $('#wf-extended-protection-notice').fadeOut(1000);
168
- });
169
- return false;
170
- });
171
- });
172
- })(jQuery);
173
-
174
- //Stanford Javascript Crypto Library: https://bitwiseshiftleft.github.io/sjcl/
175
- "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notReady:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}};
176
- sjcl.cipher.aes=function(a){this.s[0][0][0]||this.O();var b,c,d,e,f=this.s[0][4],g=this.s[1];b=a.length;var h=1;if(4!==b&&6!==b&&8!==b)throw new sjcl.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=f[c>>>24]<<24^f[c>>16&255]<<16^f[c>>8&255]<<8^f[c&255],0===a%b&&(c=c<<8^c>>>24^h<<24,h=h<<1^283*(h>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:g[0][f[c>>>24]]^g[1][f[c>>16&255]]^g[2][f[c>>8&255]]^g[3][f[c&
177
- 255]]};
178
- sjcl.cipher.aes.prototype={encrypt:function(a){return t(this,a,0)},decrypt:function(a){return t(this,a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],O:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,g,h=[],k=[],l,n,m,p;for(e=0;0x100>e;e++)k[(h[e]=e<<1^283*(e>>7))^e]=e;for(f=g=0;!c[f];f^=l||1,g=k[g]||1)for(m=g^g<<1^g<<2^g<<3^g<<4,m=m>>8^m&255^99,c[f]=m,d[m]=f,n=h[e=h[l=h[f]]],p=0x1010101*n^0x10001*e^0x101*l^0x1010100*f,n=0x101*h[m]^0x1010100*m,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][m]=p=p<<24^p>>>8;for(e=
179
- 0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)}};
180
- function t(a,b,c){if(4!==b.length)throw new sjcl.exception.invalid("invalid aes block size");var d=a.b[c],e=b[0]^d[0],f=b[c?3:1]^d[1],g=b[2]^d[2];b=b[c?1:3]^d[3];var h,k,l,n=d.length/4-2,m,p=4,r=[0,0,0,0];h=a.s[c];a=h[0];var q=h[1],v=h[2],w=h[3],x=h[4];for(m=0;m<n;m++)h=a[e>>>24]^q[f>>16&255]^v[g>>8&255]^w[b&255]^d[p],k=a[f>>>24]^q[g>>16&255]^v[b>>8&255]^w[e&255]^d[p+1],l=a[g>>>24]^q[b>>16&255]^v[e>>8&255]^w[f&255]^d[p+2],b=a[b>>>24]^q[e>>16&255]^v[f>>8&255]^w[g&255]^d[p+3],p+=4,e=h,f=k,g=l;for(m=
181
- 0;4>m;m++)r[c?3&-m:m]=x[e>>>24]<<24^x[f>>16&255]<<16^x[g>>8&255]<<8^x[b&255]^d[p++],h=e,e=f,f=g,g=b,b=h;return r}
182
- sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.$(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:sjcl.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<<c)-1},concat:function(a,b){if(0===a.length||0===b.length)return a.concat(b);var c=a[a.length-1],d=sjcl.bitArray.getPartial(c);return 32===d?a.concat(b):sjcl.bitArray.$(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;return 0===
183
- b?0:32*(b-1)+sjcl.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(32*a.length<b)return a;a=a.slice(0,Math.ceil(b/32));var c=a.length;b=b&31;0<c&&b&&(a[c-1]=sjcl.bitArray.partial(b,a[c-1]&2147483648>>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d<a.length;d++)c|=a[d]^b[d];return 0===
184
- c},$:function(a,b,c,d){var e;e=0;for(void 0===d&&(d=[]);32<=b;b-=32)d.push(c),c=0;if(0===b)return d.concat(a);for(e=0;e<a.length;e++)d.push(c|a[e]>>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,32<b+a?c:d.pop(),1));return d},i:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]},byteswapM:function(a){var b,c;for(b=0;b<a.length;++b)c=a[b],a[b]=c>>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}};
185
- sjcl.codec.utf8String={fromBits:function(a){var b="",c=sjcl.bitArray.bitLength(a),d,e;for(d=0;d<c/8;d++)0===(d&3)&&(e=a[d/4]),b+=String.fromCharCode(e>>>8>>>8>>>8),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c<a.length;c++)d=d<<8|a.charCodeAt(c),3===(c&3)&&(b.push(d),d=0);c&3&&b.push(sjcl.bitArray.partial(8*(c&3),d));return b}};
186
- sjcl.codec.hex={fromBits:function(a){var b="",c;for(c=0;c<a.length;c++)b+=((a[c]|0)+0xf00000000000).toString(16).substr(4);return b.substr(0,sjcl.bitArray.bitLength(a)/4)},toBits:function(a){var b,c=[],d;a=a.replace(/\s|0x/g,"");d=a.length;a=a+"00000000";for(b=0;b<a.length;b+=8)c.push(parseInt(a.substr(b,8),16)^0);return sjcl.bitArray.clamp(c,4*d)}};
187
- sjcl.codec.base32={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",X:"0123456789ABCDEFGHIJKLMNOPQRSTUV",BITS:32,BASE:5,REMAINING:27,fromBits:function(a,b,c){var d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f="",g=0,h=sjcl.codec.base32.B,k=0,l=sjcl.bitArray.bitLength(a);c&&(h=sjcl.codec.base32.X);for(c=0;f.length*d<l;)f+=h.charAt((k^a[c]>>>g)>>>e),g<d?(k=a[c]<<d-g,g+=e,c++):(k<<=d,g-=d);for(;f.length&7&&!b;)f+="=";return f},toBits:function(a,b){a=a.replace(/\s|=/g,"").toUpperCase();var c=sjcl.codec.base32.BITS,
188
- d=sjcl.codec.base32.BASE,e=sjcl.codec.base32.REMAINING,f=[],g,h=0,k=sjcl.codec.base32.B,l=0,n,m="base32";b&&(k=sjcl.codec.base32.X,m="base32hex");for(g=0;g<a.length;g++){n=k.indexOf(a.charAt(g));if(0>n){if(!b)try{return sjcl.codec.base32hex.toBits(a)}catch(p){}throw new sjcl.exception.invalid("this isn't "+m+"!");}h>e?(h-=e,f.push(l^n>>>h),l=n<<c-h):(h+=d,l^=n<<c-h)}h&56&&f.push(sjcl.bitArray.partial(h&56,l,1));return f}};
189
- sjcl.codec.base32hex={fromBits:function(a,b){return sjcl.codec.base32.fromBits(a,b,1)},toBits:function(a){return sjcl.codec.base32.toBits(a,1)}};
190
- sjcl.codec.base64={B:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",fromBits:function(a,b,c){var d="",e=0,f=sjcl.codec.base64.B,g=0,h=sjcl.bitArray.bitLength(a);c&&(f=f.substr(0,62)+"-_");for(c=0;6*d.length<h;)d+=f.charAt((g^a[c]>>>e)>>>26),6>e?(g=a[c]<<6-e,e+=26,c++):(g<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,f=sjcl.codec.base64.B,g=0,h;b&&(f=f.substr(0,62)+"-_");for(d=0;d<a.length;d++){h=f.indexOf(a.charAt(d));
191
- if(0>h)throw new sjcl.exception.invalid("this isn't base64!");26<e?(e-=26,c.push(g^h>>>e),g=h<<32-e):(e+=6,g^=h<<32-e)}e&56&&c.push(sjcl.bitArray.partial(e&56,g,1));return c}};sjcl.codec.base64url={fromBits:function(a){return sjcl.codec.base64.fromBits(a,1,1)},toBits:function(a){return sjcl.codec.base64.toBits(a,1)}};sjcl.hash.sha256=function(a){this.b[0]||this.O();a?(this.F=a.F.slice(0),this.A=a.A.slice(0),this.l=a.l):this.reset()};sjcl.hash.sha256.hash=function(a){return(new sjcl.hash.sha256).update(a).finalize()};
192
- sjcl.hash.sha256.prototype={blockSize:512,reset:function(){this.F=this.Y.slice(0);this.A=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));var b,c=this.A=sjcl.bitArray.concat(this.A,a);b=this.l;a=this.l=b+sjcl.bitArray.bitLength(a);if(0x1fffffffffffff<a)throw new sjcl.exception.invalid("Cannot hash more than 2^53 - 1 bits");if("undefined"!==typeof Uint32Array){var d=new Uint32Array(c),e=0;for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,d.subarray(16*e,
193
- 16*(e+1))),e+=1;c.splice(0,16*e)}else for(b=512+b-(512+b&0x1ff);b<=a;b+=512)u(this,c.splice(0,16));return this},finalize:function(){var a,b=this.A,c=this.F,b=sjcl.bitArray.concat(b,[sjcl.bitArray.partial(1,1)]);for(a=b.length+2;a&15;a++)b.push(0);b.push(Math.floor(this.l/0x100000000));for(b.push(this.l|0);b.length;)u(this,b.splice(0,16));this.reset();return c},Y:[],b:[],O:function(){function a(a){return 0x100000000*(a-Math.floor(a))|0}for(var b=0,c=2,d,e;64>b;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e=
194
- !1;break}e&&(8>b&&(this.Y[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}}};
195
- function u(a,b){var c,d,e,f=a.F,g=a.b,h=f[0],k=f[1],l=f[2],n=f[3],m=f[4],p=f[5],r=f[6],q=f[7];for(c=0;64>c;c++)16>c?d=b[c]:(d=b[c+1&15],e=b[c+14&15],d=b[c&15]=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+b[c&15]+b[c+9&15]|0),d=d+q+(m>>>6^m>>>11^m>>>25^m<<26^m<<21^m<<7)+(r^m&(p^r))+g[c],q=r,r=p,p=m,m=n+d|0,n=l,l=k,k=h,h=d+(k&l^n&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;f[0]=f[0]+h|0;f[1]=f[1]+k|0;f[2]=f[2]+l|0;f[3]=f[3]+n|0;f[4]=f[4]+m|0;f[5]=f[5]+p|0;f[6]=f[6]+r|0;f[7]=
196
- f[7]+q|0}
197
- sjcl.mode.ccm={name:"ccm",G:[],listenProgress:function(a){sjcl.mode.ccm.G.push(a)},unListenProgress:function(a){a=sjcl.mode.ccm.G.indexOf(a);-1<a&&sjcl.mode.ccm.G.splice(a,1)},fa:function(a){var b=sjcl.mode.ccm.G.slice(),c;for(c=0;c<b.length;c+=1)b[c](a)},encrypt:function(a,b,c,d,e){var f,g=b.slice(0),h=sjcl.bitArray,k=h.bitLength(c)/8,l=h.bitLength(g)/8;e=e||64;d=d||[];if(7>k)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;4>f&&l>>>8*f;f++);f<15-k&&(f=15-k);c=h.clamp(c,
198
- 8*(15-f));b=sjcl.mode.ccm.V(a,b,c,d,e,f);g=sjcl.mode.ccm.C(a,g,c,b,e,f);return h.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var f=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),k=f.clamp(b,h-e),l=f.bitSlice(b,h-e),h=(h-e)/8;if(7>g)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&h>>>8*b;b++);b<15-g&&(b=15-g);c=f.clamp(c,8*(15-b));k=sjcl.mode.ccm.C(a,k,c,l,e,b);a=sjcl.mode.ccm.V(a,k.data,c,d,e,b);if(!f.equal(k.tag,a))throw new sjcl.exception.corrupt("ccm: tag doesn't match");
199
- return k.data},na:function(a,b,c,d,e,f){var g=[],h=sjcl.bitArray,k=h.i;d=[h.partial(8,(b.length?64:0)|d-2<<2|f-1)];d=h.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=h.bitLength(b)/8,65279>=c?g=[h.partial(16,c)]:0xffffffff>=c&&(g=h.concat([h.partial(16,65534)],[c])),g=h.concat(g,b),b=0;b<g.length;b+=4)d=a.encrypt(k(d,g.slice(b,b+4).concat([0,0,0])));return d},V:function(a,b,c,d,e,f){var g=sjcl.bitArray,h=g.i;e/=8;if(e%2||4>e||16<e)throw new sjcl.exception.invalid("ccm: invalid tag length");
200
- if(0xffffffff<d.length||0xffffffff<b.length)throw new sjcl.exception.bug("ccm: can't deal with 4GiB or more data");c=sjcl.mode.ccm.na(a,d,c,e,g.bitLength(b)/8,f);for(d=0;d<b.length;d+=4)c=a.encrypt(h(c,b.slice(d,d+4).concat([0,0,0])));return g.clamp(c,8*e)},C:function(a,b,c,d,e,f){var g,h=sjcl.bitArray;g=h.i;var k=b.length,l=h.bitLength(b),n=k/50,m=n;c=h.concat([h.partial(8,f-1)],c).concat([0,0,0]).slice(0,4);d=h.bitSlice(g(d,a.encrypt(c)),0,e);if(!k)return{tag:d,data:[]};for(g=0;g<k;g+=4)g>n&&(sjcl.mode.ccm.fa(g/
201
- k),n+=m),c[3]++,e=a.encrypt(c),b[g]^=e[0],b[g+1]^=e[1],b[g+2]^=e[2],b[g+3]^=e[3];return{tag:d,data:h.clamp(b,l)}}};
202
- sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");var g,h=sjcl.mode.ocb2.S,k=sjcl.bitArray,l=k.i,n=[0,0,0,0];c=h(a.encrypt(c));var m,p=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4)m=b.slice(g,g+4),n=l(n,m),p=p.concat(l(c,a.encrypt(l(c,m)))),c=h(c);m=b.slice(g);b=k.bitLength(m);g=a.encrypt(l(c,[0,0,0,b]));m=k.clamp(l(m.concat([0,0,0]),g),b);n=l(n,l(m.concat([0,0,0]),g));n=a.encrypt(l(n,l(c,h(c))));
203
- d.length&&(n=l(n,f?d:sjcl.mode.ocb2.pmac(a,d)));return p.concat(k.concat(m,k.clamp(n,e)))},decrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;var g=sjcl.mode.ocb2.S,h=sjcl.bitArray,k=h.i,l=[0,0,0,0],n=g(a.encrypt(c)),m,p,r=sjcl.bitArray.bitLength(b)-e,q=[];d=d||[];for(c=0;c+4<r/32;c+=4)m=k(n,a.decrypt(k(n,b.slice(c,c+4)))),l=k(l,m),q=q.concat(m),n=g(n);p=r-32*c;m=a.encrypt(k(n,[0,0,0,p]));m=k(m,h.clamp(b.slice(c),p).concat([0,
204
- 0,0]));l=k(l,m);l=a.encrypt(k(l,k(n,g(n))));d.length&&(l=k(l,f?d:sjcl.mode.ocb2.pmac(a,d)));if(!h.equal(h.clamp(l,e),h.bitSlice(b,r)))throw new sjcl.exception.corrupt("ocb: tag doesn't match");return q.concat(h.clamp(m,p))},pmac:function(a,b){var c,d=sjcl.mode.ocb2.S,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]),h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4)h=d(h),g=f(g,a.encrypt(f(h,b.slice(c,c+4))));c=b.slice(c);128>e.bitLength(c)&&(h=f(h,d(h)),c=e.concat(c,[-2147483648,0,0,0]));g=f(g,c);
205
- return a.encrypt(f(d(f(h,d(h))),g))},S:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}};
206
- sjcl.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var f=b.slice(0);b=sjcl.bitArray;d=d||[];a=sjcl.mode.gcm.C(!0,a,f,d,c,e||128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var f=b.slice(0),g=sjcl.bitArray,h=g.bitLength(f);e=e||128;d=d||[];e<=h?(b=g.bitSlice(f,h-e),f=g.bitSlice(f,0,h-e)):(b=f,f=[]);a=sjcl.mode.gcm.C(!1,a,f,d,c,e);if(!g.equal(a.tag,b))throw new sjcl.exception.corrupt("gcm: tag doesn't match");return a.data},ka:function(a,b){var c,d,e,f,g,h=sjcl.bitArray.i;e=[0,0,
207
- 0,0];f=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=h(e,f));g=0!==(f[3]&1);for(d=3;0<d;d--)f[d]=f[d]>>>1|(f[d-1]&1)<<31;f[0]>>>=1;g&&(f[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;d<e;d+=4)b[0]^=0xffffffff&c[d],b[1]^=0xffffffff&c[d+1],b[2]^=0xffffffff&c[d+2],b[3]^=0xffffffff&c[d+3],b=sjcl.mode.gcm.ka(b,a);return b},C:function(a,b,c,d,e,f){var g,h,k,l,n,m,p,r,q=sjcl.bitArray;m=c.length;p=q.bitLength(c);r=q.bitLength(d);h=q.bitLength(e);
208
- g=b.encrypt([0,0,0,0]);96===h?(e=e.slice(0),e=q.concat(e,[1])):(e=sjcl.mode.gcm.j(g,[0,0,0,0],e),e=sjcl.mode.gcm.j(g,e,[0,0,Math.floor(h/0x100000000),h&0xffffffff]));h=sjcl.mode.gcm.j(g,[0,0,0,0],d);n=e.slice(0);d=h.slice(0);a||(d=sjcl.mode.gcm.j(g,h,c));for(l=0;l<m;l+=4)n[3]++,k=b.encrypt(n),c[l]^=k[0],c[l+1]^=k[1],c[l+2]^=k[2],c[l+3]^=k[3];c=q.clamp(c,p);a&&(d=sjcl.mode.gcm.j(g,h,c));a=[Math.floor(r/0x100000000),r&0xffffffff,Math.floor(p/0x100000000),p&0xffffffff];d=sjcl.mode.gcm.j(g,d,a);k=b.encrypt(e);
209
- d[0]^=k[0];d[1]^=k[1];d[2]^=k[2];d[3]^=k[3];return{tag:q.bitSlice(d,0,f),data:c}}};sjcl.misc.hmac=function(a,b){this.W=b=b||sjcl.hash.sha256;var c=[[],[]],d,e=b.prototype.blockSize/32;this.w=[new b,new b];a.length>e&&(a=b.hash(a));for(d=0;d<e;d++)c[0][d]=a[d]^909522486,c[1][d]=a[d]^1549556828;this.w[0].update(c[0]);this.w[1].update(c[1]);this.R=new b(this.w[0])};
210
- sjcl.misc.hmac.prototype.encrypt=sjcl.misc.hmac.prototype.mac=function(a){if(this.aa)throw new sjcl.exception.invalid("encrypt on already updated hmac called!");this.update(a);return this.digest(a)};sjcl.misc.hmac.prototype.reset=function(){this.R=new this.W(this.w[0]);this.aa=!1};sjcl.misc.hmac.prototype.update=function(a){this.aa=!0;this.R.update(a)};sjcl.misc.hmac.prototype.digest=function(){var a=this.R.finalize(),a=(new this.W(this.w[1])).update(a).finalize();this.reset();return a};
211
- sjcl.misc.pbkdf2=function(a,b,c,d,e){c=c||1E4;if(0>d||0>c)throw new sjcl.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));e=e||sjcl.misc.hmac;a=new e(a);var f,g,h,k,l=[],n=sjcl.bitArray;for(k=1;32*l.length<(d||1);k++){e=f=a.encrypt(n.concat(b,[k]));for(g=1;g<c;g++)for(f=a.encrypt(f),h=0;h<f.length;h++)e[h]^=f[h];l=l.concat(e)}d&&(l=n.clamp(l,d));return l};
212
- sjcl.prng=function(a){this.c=[new sjcl.hash.sha256];this.m=[0];this.P=0;this.H={};this.N=0;this.U={};this.Z=this.f=this.o=this.ha=0;this.b=[0,0,0,0,0,0,0,0];this.h=[0,0,0,0];this.L=void 0;this.M=a;this.D=!1;this.K={progress:{},seeded:{}};this.u=this.ga=0;this.I=1;this.J=2;this.ca=0x10000;this.T=[0,48,64,96,128,192,0x100,384,512,768,1024];this.da=3E4;this.ba=80};
213
- sjcl.prng.prototype={randomWords:function(a,b){var c=[],d;d=this.isReady(b);var e;if(d===this.u)throw new sjcl.exception.notReady("generator isn't seeded");if(d&this.J){d=!(d&this.I);e=[];var f=0,g;this.Z=e[0]=(new Date).valueOf()+this.da;for(g=0;16>g;g++)e.push(0x100000000*Math.random()|0);for(g=0;g<this.c.length&&(e=e.concat(this.c[g].finalize()),f+=this.m[g],this.m[g]=0,d||!(this.P&1<<g));g++);this.P>=1<<this.c.length&&(this.c.push(new sjcl.hash.sha256),this.m.push(0));this.f-=f;f>this.o&&(this.o=
214
- f);this.P++;this.b=sjcl.hash.sha256.hash(this.b.concat(e));this.L=new sjcl.cipher.aes(this.b);for(d=0;4>d&&(this.h[d]=this.h[d]+1|0,!this.h[d]);d++);}for(d=0;d<a;d+=4)0===(d+1)%this.ca&&y(this),e=z(this),c.push(e[0],e[1],e[2],e[3]);y(this);return c.slice(0,a)},setDefaultParanoia:function(a,b){if(0===a&&"Setting paranoia=0 will ruin your security; use it only for testing"!==b)throw new sjcl.exception.invalid("Setting paranoia=0 will ruin your security; use it only for testing");this.M=a},addEntropy:function(a,
215
- b,c){c=c||"user";var d,e,f=(new Date).valueOf(),g=this.H[c],h=this.isReady(),k=0;d=this.U[c];void 0===d&&(d=this.U[c]=this.ha++);void 0===g&&(g=this.H[c]=0);this.H[c]=(this.H[c]+1)%this.c.length;switch(typeof a){case "number":void 0===b&&(b=1);this.c[g].update([d,this.N++,1,b,f,1,a|0]);break;case "object":c=Object.prototype.toString.call(a);if("[object Uint32Array]"===c){e=[];for(c=0;c<a.length;c++)e.push(a[c]);a=e}else for("[object Array]"!==c&&(k=1),c=0;c<a.length&&!k;c++)"number"!==typeof a[c]&&
216
- (k=1);if(!k){if(void 0===b)for(c=b=0;c<a.length;c++)for(e=a[c];0<e;)b++,e=e>>>1;this.c[g].update([d,this.N++,2,b,f,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[g].update([d,this.N++,3,b,f,a.length]);this.c[g].update(a);break;default:k=1}if(k)throw new sjcl.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[g]+=b;this.f+=b;h===this.u&&(this.isReady()!==this.u&&A("seeded",Math.max(this.o,this.f)),A("progress",this.getProgress()))},
217
- isReady:function(a){a=this.T[void 0!==a?a:this.M];return this.o&&this.o>=a?this.m[0]>this.ba&&(new Date).valueOf()>this.Z?this.J|this.I:this.I:this.f>=a?this.J|this.u:this.u},getProgress:function(a){a=this.T[a?a:this.M];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.D){this.a={loadTimeCollector:B(this,this.ma),mouseCollector:B(this,this.oa),keyboardCollector:B(this,this.la),accelerometerCollector:B(this,this.ea),touchCollector:B(this,this.qa)};if(window.addEventListener)window.addEventListener("load",
218
- this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new sjcl.exception.bug("can't attach event");
219
- this.D=!0}},stopCollectors:function(){this.D&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove",
220
- this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.D=!1)},addEventListener:function(a,b){this.K[a][this.ga++]=b},removeEventListener:function(a,b){var c,d,e=this.K[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;c<f.length;c++)d=f[c],delete e[d]},la:function(){C(this,1)},oa:function(a){var b,c;try{b=a.x||a.clientX||a.offsetX||0,c=a.y||a.clientY||a.offsetY||0}catch(d){c=b=0}0!=b&&0!=c&&this.addEntropy([b,c],2,"mouse");C(this,0)},qa:function(a){a=
221
- a.touches[0]||a.changedTouches[0];this.addEntropy([a.pageX||a.clientX,a.pageY||a.clientY],1,"touch");C(this,0)},ma:function(){C(this,2)},ea:function(a){a=a.accelerationIncludingGravity.x||a.accelerationIncludingGravity.y||a.accelerationIncludingGravity.z;if(window.orientation){var b=window.orientation;"number"===typeof b&&this.addEntropy(b,1,"accelerometer")}a&&this.addEntropy(a,2,"accelerometer");C(this,0)}};
222
- function A(a,b){var c,d=sjcl.random.K[a],e=[];for(c in d)d.hasOwnProperty(c)&&e.push(d[c]);for(c=0;c<e.length;c++)e[c](b)}function C(a,b){"undefined"!==typeof window&&window.performance&&"function"===typeof window.performance.now?a.addEntropy(window.performance.now(),b,"loadtime"):a.addEntropy((new Date).valueOf(),b,"loadtime")}function y(a){a.b=z(a).concat(z(a));a.L=new sjcl.cipher.aes(a.b)}function z(a){for(var b=0;4>b&&(a.h[b]=a.h[b]+1|0,!a.h[b]);b++);return a.L.encrypt(a.h)}
223
- function B(a,b){return function(){b.apply(a,arguments)}}sjcl.random=new sjcl.prng(6);
224
- a:try{var D,E,F,G;if(G="undefined"!==typeof module&&module.exports){var H;try{H=require("crypto")}catch(a){H=null}G=E=H}if(G&&E.randomBytes)D=E.randomBytes(128),D=new Uint32Array((new Uint8Array(D)).buffer),sjcl.random.addEntropy(D,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){F=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(F);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(F);
225
- else break a;sjcl.random.addEntropy(F,1024,"crypto['getRandomValues']")}}catch(a){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(a))}
226
- sjcl.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},ja:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json,f=e.g({iv:sjcl.random.randomWords(4,0)},e.defaults),g;e.g(f,c);c=f.adata;"string"===typeof f.salt&&(f.salt=sjcl.codec.base64.toBits(f.salt));"string"===typeof f.iv&&(f.iv=sjcl.codec.base64.toBits(f.iv));if(!sjcl.mode[f.mode]||!sjcl.cipher[f.cipher]||"string"===typeof a&&100>=f.iter||64!==f.ts&&96!==f.ts&&128!==f.ts||128!==f.ks&&192!==f.ks&&0x100!==f.ks||2>f.iv.length||
227
- 4<f.iv.length)throw new sjcl.exception.invalid("json encrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,f),a=g.key.slice(0,f.ks/32),f.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.publicKey&&(g=a.kem(),f.kemtag=g.tag,a=g.key.slice(0,f.ks/32));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));"string"===typeof c&&(f.adata=c=sjcl.codec.utf8String.toBits(c));g=new sjcl.cipher[f.cipher](a);e.g(d,f);d.key=a;f.ct="ccm"===f.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&
228
- b instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.encrypt(g,b,f.iv,c,f.ts):sjcl.mode[f.mode].encrypt(g,b,f.iv,c,f.ts);return f},encrypt:function(a,b,c,d){var e=sjcl.json,f=e.ja.apply(e,arguments);return e.encode(f)},ia:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json;b=e.g(e.g(e.g({},e.defaults),b),c,!0);var f,g;f=b.adata;"string"===typeof b.salt&&(b.salt=sjcl.codec.base64.toBits(b.salt));"string"===typeof b.iv&&(b.iv=sjcl.codec.base64.toBits(b.iv));if(!sjcl.mode[b.mode]||!sjcl.cipher[b.cipher]||"string"===
229
- typeof a&&100>=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4<b.iv.length)throw new sjcl.exception.invalid("json decrypt: invalid parameters");"string"===typeof a?(g=sjcl.misc.cachedPbkdf2(a,b),a=g.key.slice(0,b.ks/32),b.salt=g.salt):sjcl.ecc&&a instanceof sjcl.ecc.elGamal.secretKey&&(a=a.unkem(sjcl.codec.base64.toBits(b.kemtag)).slice(0,b.ks/32));"string"===typeof f&&(f=sjcl.codec.utf8String.toBits(f));g=new sjcl.cipher[b.cipher](a);f="ccm"===
230
- b.mode&&sjcl.arrayBuffer&&sjcl.arrayBuffer.ccm&&b.ct instanceof ArrayBuffer?sjcl.arrayBuffer.ccm.decrypt(g,b.ct,b.iv,b.tag,f,b.ts):sjcl.mode[b.mode].decrypt(g,b.ct,b.iv,f,b.ts);e.g(d,b);d.key=a;return 1===c.raw?f:sjcl.codec.utf8String.fromBits(f)},decrypt:function(a,b,c,d){var e=sjcl.json;return e.ia(a,e.decode(b),c,d)},encode:function(a){var b,c="{",d="";for(b in a)if(a.hasOwnProperty(b)){if(!b.match(/^[a-z0-9]+#x2F;i))throw new sjcl.exception.invalid("json encode: invalid property name");c+=d+'"'+
231
- b+'":';d=",";switch(typeof a[b]){case "number":case "boolean":c+=a[b];break;case "string":c+='"'+escape(a[b])+'"';break;case "object":c+='"'+sjcl.codec.base64.fromBits(a[b],0)+'"';break;default:throw new sjcl.exception.bug("json encode: unsupported type");}}return c+"}"},decode:function(a){a=a.replace(/\s/g,"");if(!a.match(/^\{.*\}#x2F;))throw new sjcl.exception.invalid("json decode: this isn't json!");a=a.replace(/^\{|\}#x2F;g,"").split(/,/);var b={},c,d;for(c=0;c<a.length;c++){if(!(d=a[c].match(/^\s*(?:(["']?)([a-z][a-z0-9]*)\1)\s*:\s*(?:(-?\d+)|"([a-z0-9+\/%*_.@=\-]*)"|(true|false))#x2F;i)))throw new sjcl.exception.invalid("json decode: this isn't json!");
232
- null!=d[3]?b[d[2]]=parseInt(d[3],10):null!=d[4]?b[d[2]]=d[2].match(/^(ct|adata|salt|iv)#x2F;)?sjcl.codec.base64.toBits(d[4]):unescape(d[4]):null!=d[5]&&(b[d[2]]="true"===d[5])}return b},g:function(a,b,c){void 0===a&&(a={});if(void 0===b)return a;for(var d in b)if(b.hasOwnProperty(d)){if(c&&void 0!==a[d]&&a[d]!==b[d])throw new sjcl.exception.invalid("required parameter overridden");a[d]=b[d]}return a},sa:function(a,b){var c={},d;for(d in a)a.hasOwnProperty(d)&&a[d]!==b[d]&&(c[d]=a[d]);return c},ra:function(a,
233
- b){var c={},d;for(d=0;d<b.length;d++)void 0!==a[b[d]]&&(c[b[d]]=a[b[d]]);return c}};sjcl.encrypt=sjcl.json.encrypt;sjcl.decrypt=sjcl.json.decrypt;sjcl.misc.pa={};sjcl.misc.cachedPbkdf2=function(a,b){var c=sjcl.misc.pa,d;b=b||{};d=b.iter||1E3;c=c[a]=c[a]||{};d=c[d]=c[d]||{firstSalt:b.salt&&b.salt.length?b.salt.slice(0):sjcl.random.randomWords(2,0)};c=void 0===b.salt?d.firstSalt:b.salt;d[c]=d[c]||sjcl.misc.pbkdf2(a,c,b.iter);return{key:d[c].slice(0),salt:c.slice(0)}};
234
- "undefined"!==typeof module&&module.exports&&(module.exports=sjcl);"function"===typeof define&&define([],function(){return sjcl});
js/wfglobal.1575390485.js ADDED
@@ -0,0 +1,223 @@
1
+ (function($) {
2
+ if (!window['wordfenceExt']) {
3
+ window['wordfenceExt'] = {
4
+ nonce: false,
5
+ loadingCount: 0,
6
+ isSmallScreen: false,
7
+ init: function(){
8
+ this.nonce = WordfenceAdminVars.firstNonce;
9
+ this.isSmallScreen = window.matchMedia("only screen and (max-width: 500px)").matches;
10
+ },
11
+ showLoading: function(){
12
+ this.loadingCount++;
13
+ if (this.loadingCount == 1) {
14
+ jQuery('<div id="wordfenceWorking">Wordfence is working...</div>').appendTo('body');
15
+ }
16
+ },
17
+ removeLoading: function(){
18
+ this.loadingCount--;
19
+ if(this.loadingCount == 0){
20
+ jQuery('#wordfenceWorking').remove();
21
+ }
22
+ },
23
+ autoUpdateChoice: function(choice){
24
+ this.ajax('wordfence_autoUpdateChoice', {
25
+ choice: choice
26
+ },
27
+ function(res){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); },
28
+ function(){ jQuery('#wordfenceAutoUpdateChoice').fadeOut(); }
29
+ );
30
+ },
31
+ misconfiguredHowGetIPsChoice : function(choice) {
32
+ this.ajax('wordfence_misconfiguredHowGetIPsChoice', {
33
+ choice: choice
34
+ },
35
+ function(res){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); },
36
+ function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
37
+ );
38
+ },
39
+ switchLiveTrafficSecurityOnlyChoice: function(choice) {
40
+ this.ajax('wordfence_switchLiveTrafficSecurityOnlyChoice', {
41
+ choice: choice
42
+ },
43
+ function(res){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); },
44
+ function(){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); }
45
+ );
46
+ },
47
+ dismissAdminNotice: function(nid) {
48
+ this.ajax('wordfence_dismissAdminNotice', {
49
+ id: nid
50
+ },
51
+ function(res){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); },
52
+ function(){ jQuery('.wf-admin-notice[data-notice-id="' + nid + '"]').fadeOut(); }
53
+ );
54
+ },
55
+ setOption: function(key, value, successCallback) {
56
+ var changes = {};
57
+ changes[key] = value;
58
+ this.ajax('wordfence_saveOptions', {changes: JSON.stringify(changes)}, function(res) {
59
+ if (res.success) {
60
+ typeof successCallback == 'function' && successCallback(res);
61
+ }
62
+ });
63
+ },
64
+ ajax: function(action, data, cb, cbErr, noLoading){
65
+ if(typeof(data) == 'string'){
66
+ if(data.length > 0){
67
+ data += '&';
68
+ }
69
+ data += 'action=' + action + '&nonce=' + this.nonce;
70
+ } else if(typeof(data) == 'object'){
71
+ data['action'] = action;
72
+ data['nonce'] = this.nonce;
73
+ }
74
+ if(! cbErr){
75
+ cbErr = function(){};
76
+ }
77
+ var self = this;
78
+ if(! noLoading){
79
+ this.showLoading();
80
+ }
81
+ jQuery.ajax({
82
+ type: 'POST',
83
+ url: WordfenceAdminVars.ajaxURL,
84
+ dataType: "json",
85
+ data: data,
86
+ success: function(json){
87
+ if(! noLoading){
88
+ self.removeLoading();
89
+ }
90
+ if(json && json.nonce){
91
+ self.nonce = json.nonce;
92
+ }
93
+ cb(json);
94
+ },
95
+ error: function(){
96
+ if(! noLoading){
97
+ self.removeLoading();
98
+ }
99
+ cbErr();
100
+ }
101
+ });
102
+ },
103
+ hashSHA256: function(s) {
104
+ return sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(s))
105
+ },
106
+ isEmailBlacklisted: function(email) {
107
+ var hash = this.hashSHA256(email);
108
+ for (var i = 0; i < WordfenceAdminVars.alertEmailBlacklist.length; i++) {
109
+ if (hash === WordfenceAdminVars.alertEmailBlacklist[i]) {
110
+ return true;
111
+ }
112
+ }
113
+ return false;
114
+ },
115
+ parseEmails: function(raw) {
116
+ var emails = [];
117
+ if (typeof raw !== 'string') {
118
+ return emails;
119
+ }
120
+
121
+ var rawEmails = raw.replace(/\s/g, '').split(',');
122
+ for (var i = 0; i < rawEmails.length; i++) {
123
+ //From https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address
124
+ if (/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*#x2F;.test(rawEmails[i]) && !this.isEmailBlacklisted(rawEmails[i])) {
125
+ emails.push(rawEmails[i]);
126
+ }
127
+ }
128
+ return emails;
129
+ },
130
+ onboardingProcessEmails: function(emails, subscribe, touppAgreed) {
131
+ var subscribe = !!subscribe;
132
+ wordfenceExt.setOption('alertEmails', emails.join(', '));
133
+
134
+ if (touppAgreed) {
135
+ this.ajax('wordfence_recordTOUPP', {}, function(res) {
136
+ //Do nothing
137
+ });
138
+ }
139
+
140
+ if (subscribe) {
141
+ this.ajax('wordfence_mailingSignup', {emails: JSON.stringify(emails)}, function(res) {
142
+ //Do nothing
143
+ });
144
+ }
145
+ },
146
+ onboardingInstallLicense: function(license, successCallback, errorCallback) {
147
+ this.ajax('wordfence_installLicense', {license: license}, function(res) {
148
+ if (res.success) {
149
+ typeof successCallback == 'function' && successCallback(res);
150
+ }
151
+ else if (res.error) {
152
+ typeof errorCallback == 'function' && errorCallback(res);
153
+ }
154
+ });
155
+ }
156
+ };
157
+ }
158
+
159
+ $(function() {
160
+ wordfenceExt.init();
161
+
162
+ $('.wf-dismiss-link').on('click', function() {
163
+ $('#wf-extended-protection-notice').css({
164
+ opacity: .75
165
+ });
166
+ $.get(this.href, function() {
167
+ $('#wf-extended-protection-notice').fadeOut(1000);
168
+ });
169
+ return false;
170
+ });
171
+ });
172
+ })(jQuery);
173
+
174
+ //Stanford Javascript Crypto Library: https://bitwiseshiftleft.github.io/sjcl/
175
+ "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(f){this.toString=function(){return"CORRUPT: "+this.message};this.message=f},invalid:function(f){this.toString=function(){return"INVALID: "+this.message};this.message=f},bug:function(f){this.toString=function(){return"BUG: "+this.message};this.message=f},notReady:function(f){this.toString=function(){return"NOT READY: "+this.message};this.message=f}}};
176
+ (function(f){f.cipher.aes=function(a){this.s[0][0][0]||this.T();var b,c,d,e,g=this.s[0][4],h=this.s[1];b=a.length;var k=1;if(4!==b&&6!==b&&8!==b)throw new f.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=g[c>>>24]<<24^g[c>>16&255]<<16^g[c>>8&255]<<8^g[c&255],0===a%b&&(c=c<<8^c>>>24^k<<24,k=k<<1^283*(k>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:h[0][g[c>>>24]]^h[1][g[c>>16&255]]^h[2][g[c>>8&
177
+ 255]]^h[3][g[c&255]]};f.cipher.aes.prototype={encrypt:function(a){return this.$(a,0)},decrypt:function(a){return this.$(a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],T:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,h,k=[],l=[],m,n,p,q;for(e=0;0x100>e;e++)l[(k[e]=e<<1^283*(e>>7))^e]=e;for(f=h=0;!c[f];f^=m||1,h=l[h]||1)for(p=h^h<<1^h<<2^h<<3^h<<4,p=p>>8^p&255^99,c[f]=p,d[p]=f,n=k[e=k[m=k[f]]],q=0x1010101*n^0x10001*e^0x101*m^0x1010100*f,n=0x101*k[p]^0x1010100*p,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][p]=
178
+ q=q<<24^q>>>8;for(e=0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)},$:function(a,b){if(4!==a.length)throw new f.exception.invalid("invalid aes block size");var c=this.b[b],d=a[0]^c[0],e=a[b?3:1]^c[1],g=a[2]^c[2],h=a[b?1:3]^c[3],k,l,m,n=c.length/4-2,p,q=4,t=[0,0,0,0];k=this.s[b];var r=k[0],u=k[1],v=k[2],w=k[3],x=k[4];for(p=0;p<n;p++)k=r[d>>>24]^u[e>>16&255]^v[g>>8&255]^w[h&255]^c[q],l=r[e>>>24]^u[g>>16&255]^v[h>>8&255]^w[d&255]^c[q+1],m=r[g>>>24]^u[h>>16&255]^v[d>>8&255]^w[e&255]^c[q+2],h=r[h>>>24]^
179
+ u[d>>16&255]^v[e>>8&255]^w[g&255]^c[q+3],q+=4,d=k,e=l,g=m;for(p=0;4>p;p++)t[b?3&-p:p]=x[d>>>24]<<24^x[e>>16&255]<<16^x[g>>8&255]<<8^x[h&255]^c[q++],k=d,d=e,e=g,g=h,h=k;return t}};f.bitArray={bitSlice:function(a,b,c){a=f.bitArray.ga(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:f.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<<c)-1},concat:function(a,b){if(0===a.length||0===b.length)return a.concat(b);
180
+ var c=a[a.length-1],d=f.bitArray.getPartial(c);return 32===d?a.concat(b):f.bitArray.ga(b,d,c|0,a.slice(0,a.length-1))},bitLength:function(a){var b=a.length;return 0===b?0:32*(b-1)+f.bitArray.getPartial(a[b-1])},clamp:function(a,b){if(32*a.length<b)return a;a=a.slice(0,Math.ceil(b/32));var c=a.length;b=b&31;0<c&&b&&(a[c-1]=f.bitArray.partial(b,a[c-1]&2147483648>>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||
181
+ 32},equal:function(a,b){if(f.bitArray.bitLength(a)!==f.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d<a.length;d++)c|=a[d]^b[d];return 0===c},ga:function(a,b,c,d){var e;e=0;for(void 0===d&&(d=[]);32<=b;b-=32)d.push(c),c=0;if(0===b)return d.concat(a);for(e=0;e<a.length;e++)d.push(c|a[e]>>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=f.bitArray.getPartial(e);d.push(f.bitArray.partial(b+a&31,32<b+a?c:d.pop(),1));return d},i:function(a,b){return[a[0]^b[0],a[1]^b[1],a[2]^b[2],a[3]^b[3]]},byteswapM:function(a){var b,
182
+ c;for(b=0;b<a.length;++b)c=a[b],a[b]=c>>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}};f.codec.utf8String={fromBits:function(a){var b="",c=f.bitArray.bitLength(a),d,e;for(d=0;d<c/8;d++)0===(d&3)&&(e=a[d/4]),b+=String.fromCharCode(e>>>8>>>8>>>8),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c<a.length;c++)d=d<<8|a.charCodeAt(c),3===(c&3)&&(b.push(d),d=0);c&3&&b.push(f.bitArray.partial(8*(c&3),d));return b}};f.codec.hex={fromBits:function(a){var b=
183
+ "",c;for(c=0;c<a.length;c++)b+=((a[c]|0)+0xf00000000000).toString(16).substr(4);return b.substr(0,f.bitArray.bitLength(a)/4)},toBits:function(a){var b,c=[],d;a=a.replace(/\s|0x/g,"");d=a.length;a=a+"00000000";for(b=0;b<a.length;b+=8)c.push(parseInt(a.substr(b,8),16)^0);return f.bitArray.clamp(c,4*d)}};f.codec.base32={D:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",da:"0123456789ABCDEFGHIJKLMNOPQRSTUV",BITS:32,BASE:5,REMAINING:27,fromBits:function(a,b,c){var d=f.codec.base32.BASE,e=f.codec.base32.REMAINING,g=
184
+ "",h=0,k=f.codec.base32.D,l=0,m=f.bitArray.bitLength(a);c&&(k=f.codec.base32.da);for(c=0;g.length*d<m;)g+=k.charAt((l^a[c]>>>h)>>>e),h<d?(l=a[c]<<d-h,h+=e,c++):(l<<=d,h-=d);for(;g.length&7&&!b;)g+="=";return g},toBits:function(a,b){a=a.replace(/\s|=/g,"").toUpperCase();var c=f.codec.base32.BITS,d=f.codec.base32.BASE,e=f.codec.base32.REMAINING,g=[],h,k=0,l=f.codec.base32.D,m=0,n,p="base32";b&&(l=f.codec.base32.da,p="base32hex");for(h=0;h<a.length;h++){n=l.indexOf(a.charAt(h));if(0>n){if(!b)try{return f.codec.base32hex.toBits(a)}catch(q){}throw new f.exception.invalid("this isn't "+
185
+ p+"!");}k>e?(k-=e,g.push(m^n>>>k),m=n<<c-k):(k+=d,m^=n<<c-k)}k&56&&g.push(f.bitArray.partial(k&56,m,1));return g}};f.codec.base32hex={fromBits:function(a,b){return f.codec.base32.fromBits(a,b,1)},toBits:function(a){return f.codec.base32.toBits(a,1)}};f.codec.base64={D:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",fromBits:function(a,b,c){var d="",e=0,g=f.codec.base64.D,h=0,k=f.bitArray.bitLength(a);c&&(g=g.substr(0,62)+"-_");for(c=0;6*d.length<k;)d+=g.charAt((h^a[c]>>>e)>>>26),
186
+ 6>e?(h=a[c]<<6-e,e+=26,c++):(h<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,g=f.codec.base64.D,h=0,k;b&&(g=g.substr(0,62)+"-_");for(d=0;d<a.length;d++){k=g.indexOf(a.charAt(d));if(0>k)throw new f.exception.invalid("this isn't base64!");26<e?(e-=26,c.push(h^k>>>e),h=k<<32-e):(e+=6,h^=k<<32-e)}e&56&&c.push(f.bitArray.partial(e&56,h,1));return c}};f.codec.base64url={fromBits:function(a){return f.codec.base64.fromBits(a,1,1)},toBits:function(a){return f.codec.base64.toBits(a,
187
+ 1)}};f.hash.sha256=function(a){this.b[0]||this.T();a?(this.H=a.H.slice(0),this.C=a.C.slice(0),this.l=a.l):this.reset()};f.hash.sha256.hash=function(a){return(new f.hash.sha256).update(a).finalize()};f.hash.sha256.prototype={blockSize:512,reset:function(){this.H=this.ea.slice(0);this.C=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=f.codec.utf8String.toBits(a));var b,c=this.C=f.bitArray.concat(this.C,a);b=this.l;a=this.l=b+f.bitArray.bitLength(a);if(0x1fffffffffffff<a)throw new f.exception.invalid("Cannot hash more than 2^53 - 1 bits");
188
+ if("undefined"!==typeof Uint32Array){var d=new Uint32Array(c),e=0;for(b=512+b-(512+b&0x1ff);b<=a;b+=512)this.M(d.subarray(16*e,16*(e+1))),e+=1;c.splice(0,16*e)}else for(b=512+b-(512+b&0x1ff);b<=a;b+=512)this.M(c.splice(0,16));return this},finalize:function(){var a,b=this.C,c=this.H,b=f.bitArray.concat(b,[f.bitArray.partial(1,1)]);for(a=b.length+2;a&15;a++)b.push(0);b.push(Math.floor(this.l/0x100000000));for(b.push(this.l|0);b.length;)this.M(b.splice(0,16));this.reset();return c},ea:[],b:[],T:function(){function a(a){return 0x100000000*
189
+ (a-Math.floor(a))|0}for(var b=0,c=2,d,e;64>b;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e=!1;break}e&&(8>b&&(this.ea[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}},M:function(a){var b,c,d,e=this.H,f=this.b,h=e[0],k=e[1],l=e[2],m=e[3],n=e[4],p=e[5],q=e[6],t=e[7];for(b=0;64>b;b++)16>b?c=a[b]:(c=a[b+1&15],d=a[b+14&15],c=a[b&15]=(c>>>7^c>>>18^c>>>3^c<<25^c<<14)+(d>>>17^d>>>19^d>>>10^d<<15^d<<13)+a[b&15]+a[b+9&15]|0),c=c+t+(n>>>6^n>>>11^n>>>25^n<<26^n<<21^n<<7)+(q^n&(p^q))+f[b],t=q,q=p,p=n,n=
190
+ m+c|0,m=l,l=k,k=h,h=c+(k&l^m&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;e[0]=e[0]+h|0;e[1]=e[1]+k|0;e[2]=e[2]+l|0;e[3]=e[3]+m|0;e[4]=e[4]+n|0;e[5]=e[5]+p|0;e[6]=e[6]+q|0;e[7]=e[7]+t|0}};f.mode.ccm={name:"ccm",I:[],listenProgress:function(a){f.mode.ccm.I.push(a)},unListenProgress:function(a){a=f.mode.ccm.I.indexOf(a);-1<a&&f.mode.ccm.I.splice(a,1)},ma:function(a){var b=f.mode.ccm.I.slice(),c;for(c=0;c<b.length;c+=1)b[c](a)},encrypt:function(a,b,c,d,e){var g,h=b.slice(0),k=f.bitArray,l=k.bitLength(c)/
191
+ 8,m=k.bitLength(h)/8;e=e||64;d=d||[];if(7>l)throw new f.exception.invalid("ccm: iv must be at least 7 bytes");for(g=2;4>g&&m>>>8*g;g++);g<15-l&&(g=15-l);c=k.clamp(c,8*(15-g));b=f.mode.ccm.Z(a,b,c,d,e,g);h=f.mode.ccm.F(a,h,c,b,e,g);return k.concat(h.data,h.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var g=f.bitArray,h=g.bitLength(c)/8,k=g.bitLength(b),l=g.clamp(b,k-e),m=g.bitSlice(b,k-e),k=(k-e)/8;if(7>h)throw new f.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&k>>>8*b;b++);
192
+ b<15-h&&(b=15-h);c=g.clamp(c,8*(15-b));l=f.mode.ccm.F(a,l,c,m,e,b);a=f.mode.ccm.Z(a,l.data,c,d,e,b);if(!g.equal(l.tag,a))throw new f.exception.corrupt("ccm: tag doesn't match");return l.data},ua:function(a,b,c,d,e,g){var h=[],k=f.bitArray,l=k.i;d=[k.partial(8,(b.length?64:0)|d-2<<2|g-1)];d=k.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=k.bitLength(b)/8,65279>=c?h=[k.partial(16,c)]:0xffffffff>=c&&(h=k.concat([k.partial(16,65534)],[c])),h=k.concat(h,b),b=0;b<h.length;b+=4)d=a.encrypt(l(d,h.slice(b,
193
+ b+4).concat([0,0,0])));return d},Z:function(a,b,c,d,e,g){var h=f.bitArray,k=h.i;e/=8;if(e%2||4>e||16<e)throw new f.exception.invalid("ccm: invalid tag length");if(0xffffffff<d.length||0xffffffff<b.length)throw new f.exception.bug("ccm: can't deal with 4GiB or more data");c=f.mode.ccm.ua(a,d,c,e,h.bitLength(b)/8,g);for(d=0;d<b.length;d+=4)c=a.encrypt(k(c,b.slice(d,d+4).concat([0,0,0])));return h.clamp(c,8*e)},F:function(a,b,c,d,e,g){var h,k=f.bitArray;h=k.i;var l=b.length,m=k.bitLength(b),n=l/50,p=
194
+ n;c=k.concat([k.partial(8,g-1)],c).concat([0,0,0]).slice(0,4);d=k.bitSlice(h(d,a.encrypt(c)),0,e);if(!l)return{tag:d,data:[]};for(h=0;h<l;h+=4)h>n&&(f.mode.ccm.ma(h/l),n+=p),c[3]++,e=a.encrypt(c),b[h]^=e[0],b[h+1]^=e[1],b[h+2]^=e[2],b[h+3]^=e[3];return{tag:d,data:k.clamp(b,m)}}};f.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,g){if(128!==f.bitArray.bitLength(c))throw new f.exception.invalid("ocb iv must be 128 bits");var h,k=f.mode.ocb2.W,l=f.bitArray,m=l.i,n=[0,0,0,0];c=k(a.encrypt(c));var p,
195
+ q=[];d=d||[];e=e||64;for(h=0;h+4<b.length;h+=4)p=b.slice(h,h+4),n=m(n,p),q=q.concat(m(c,a.encrypt(m(c,p)))),c=k(c);p=b.slice(h);b=l.bitLength(p);h=a.encrypt(m(c,[0,0,0,b]));p=l.clamp(m(p.concat([0,0,0]),h),b);n=m(n,m(p.concat([0,0,0]),h));n=a.encrypt(m(n,m(c,k(c))));d.length&&(n=m(n,g?d:f.mode.ocb2.pmac(a,d)));return q.concat(l.concat(p,l.clamp(n,e)))},decrypt:function(a,b,c,d,e,g){if(128!==f.bitArray.bitLength(c))throw new f.exception.invalid("ocb iv must be 128 bits");e=e||64;var h=f.mode.ocb2.W,
196
+ k=f.bitArray,l=k.i,m=[0,0,0,0],n=h(a.encrypt(c)),p,q,t=f.bitArray.bitLength(b)-e,r=[];d=d||[];for(c=0;c+4<t/32;c+=4)p=l(n,a.decrypt(l(n,b.slice(c,c+4)))),m=l(m,p),r=r.concat(p),n=h(n);q=t-32*c;p=a.encrypt(l(n,[0,0,0,q]));p=l(p,k.clamp(b.slice(c),q).concat([0,0,0]));m=l(m,p);m=a.encrypt(l(m,l(n,h(n))));d.length&&(m=l(m,g?d:f.mode.ocb2.pmac(a,d)));if(!k.equal(k.clamp(m,e),k.bitSlice(b,t)))throw new f.exception.corrupt("ocb: tag doesn't match");return r.concat(k.clamp(p,q))},pmac:function(a,b){var c,
197
+ d=f.mode.ocb2.W,e=f.bitArray,g=e.i,h=[0,0,0,0],k=a.encrypt([0,0,0,0]),k=g(k,d(d(k)));for(c=0;c+4<b.length;c+=4)k=d(k),h=g(h,a.encrypt(g(k,b.slice(c,c+4))));c=b.slice(c);128>e.bitLength(c)&&(k=g(k,d(k)),c=e.concat(c,[-2147483648,0,0,0]));h=g(h,c);return a.encrypt(g(d(g(k,d(k))),h))},W:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}};f.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var g=b.slice(0);b=f.bitArray;d=d||[];a=f.mode.gcm.F(!0,a,g,d,c,e||
198
+ 128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var g=b.slice(0),h=f.bitArray,k=h.bitLength(g);e=e||128;d=d||[];e<=k?(b=h.bitSlice(g,k-e),g=h.bitSlice(g,0,k-e)):(b=g,g=[]);a=f.mode.gcm.F(!1,a,g,d,c,e);if(!h.equal(a.tag,b))throw new f.exception.corrupt("gcm: tag doesn't match");return a.data},ra:function(a,b){var c,d,e,g,h,k=f.bitArray.i;e=[0,0,0,0];g=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=k(e,g));h=0!==(g[3]&1);for(d=3;0<d;d--)g[d]=g[d]>>>1|(g[d-
199
+ 1]&1)<<31;g[0]>>>=1;h&&(g[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;d<e;d+=4)b[0]^=0xffffffff&c[d],b[1]^=0xffffffff&c[d+1],b[2]^=0xffffffff&c[d+2],b[3]^=0xffffffff&c[d+3],b=f.mode.gcm.ra(b,a);return b},F:function(a,b,c,d,e,g){var h,k,l,m,n,p,q,t,r=f.bitArray;p=c.length;q=r.bitLength(c);t=r.bitLength(d);k=r.bitLength(e);h=b.encrypt([0,0,0,0]);96===k?(e=e.slice(0),e=r.concat(e,[1])):(e=f.mode.gcm.j(h,[0,0,0,0],e),e=f.mode.gcm.j(h,e,[0,0,Math.floor(k/0x100000000),
200
+ k&0xffffffff]));k=f.mode.gcm.j(h,[0,0,0,0],d);n=e.slice(0);d=k.slice(0);a||(d=f.mode.gcm.j(h,k,c));for(m=0;m<p;m+=4)n[3]++,l=b.encrypt(n),c[m]^=l[0],c[m+1]^=l[1],c[m+2]^=l[2],c[m+3]^=l[3];c=r.clamp(c,q);a&&(d=f.mode.gcm.j(h,k,c));a=[Math.floor(t/0x100000000),t&0xffffffff,Math.floor(q/0x100000000),q&0xffffffff];d=f.mode.gcm.j(h,d,a);l=b.encrypt(e);d[0]^=l[0];d[1]^=l[1];d[2]^=l[2];d[3]^=l[3];return{tag:r.bitSlice(d,0,g),data:c}}};f.misc.hmac=function(a,b){this.ca=b=b||f.hash.sha256;var c=[[],[]],d,e=
201
+ b.prototype.blockSize/32;this.A=[new b,new b];a.length>e&&(a=b.hash(a));for(d=0;d<e;d++)c[0][d]=a[d]^909522486,c[1][d]=a[d]^1549556828;this.A[0].update(c[0]);this.A[1].update(c[1]);this.V=new b(this.A[0])};f.misc.hmac.prototype.encrypt=f.misc.hmac.prototype.mac=function(a){if(this.ha)throw new f.exception.invalid("encrypt on already updated hmac called!");this.update(a);return this.digest(a)};f.misc.hmac.prototype.reset=function(){this.V=new this.ca(this.A[0]);this.ha=!1};f.misc.hmac.prototype.update=
202
+ function(a){this.ha=!0;this.V.update(a)};f.misc.hmac.prototype.digest=function(){var a=this.V.finalize(),a=(new this.ca(this.A[1])).update(a).finalize();this.reset();return a};f.misc.pbkdf2=function(a,b,c,d,e){c=c||1E4;if(0>d||0>c)throw new f.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=f.codec.utf8String.toBits(a));"string"===typeof b&&(b=f.codec.utf8String.toBits(b));e=e||f.misc.hmac;a=new e(a);var g,h,k,l,m=[],n=f.bitArray;for(l=1;32*m.length<(d||1);l++){e=g=a.encrypt(n.concat(b,
203
+ [l]));for(h=1;h<c;h++)for(g=a.encrypt(g),k=0;k<g.length;k++)e[k]^=g[k];m=m.concat(e)}d&&(m=n.clamp(m,d));return m};f.prng=function(a){this.c=[new f.hash.sha256];this.m=[0];this.U=0;this.J={};this.R=0;this.Y={};this.fa=this.f=this.o=this.oa=0;this.b=[0,0,0,0,0,0,0,0];this.h=[0,0,0,0];this.O=void 0;this.P=a;this.G=!1;this.N={progress:{},seeded:{}};this.u=this.na=0;this.K=1;this.L=2;this.ja=0x10000;this.X=[0,48,64,96,128,192,0x100,384,512,768,1024];this.ka=3E4;this.ia=80};f.prng.prototype={randomWords:function(a,
204
+ b){var c=[],d;d=this.isReady(b);var e;if(d===this.u)throw new f.exception.notReady("generator isn't seeded");d&this.L&&this.ya(!(d&this.K));for(d=0;d<a;d+=4)0===(d+1)%this.ja&&this.ba(),e=this.S(),c.push(e[0],e[1],e[2],e[3]);this.ba();return c.slice(0,a)},setDefaultParanoia:function(a,b){if(0===a&&"Setting paranoia=0 will ruin your security; use it only for testing"!==b)throw new f.exception.invalid("Setting paranoia=0 will ruin your security; use it only for testing");this.P=a},addEntropy:function(a,
205
+ b,c){c=c||"user";var d,e,g=(new Date).valueOf(),h=this.J[c],k=this.isReady(),l=0;d=this.Y[c];void 0===d&&(d=this.Y[c]=this.oa++);void 0===h&&(h=this.J[c]=0);this.J[c]=(this.J[c]+1)%this.c.length;switch(typeof a){case "number":void 0===b&&(b=1);this.c[h].update([d,this.R++,1,b,g,1,a|0]);break;case "object":c=Object.prototype.toString.call(a);if("[object Uint32Array]"===c){e=[];for(c=0;c<a.length;c++)e.push(a[c]);a=e}else for("[object Array]"!==c&&(l=1),c=0;c<a.length&&!l;c++)"number"!==typeof a[c]&&
206
+ (l=1);if(!l){if(void 0===b)for(c=b=0;c<a.length;c++)for(e=a[c];0<e;)b++,e=e>>>1;this.c[h].update([d,this.R++,2,b,g,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[h].update([d,this.R++,3,b,g,a.length]);this.c[h].update(a);break;default:l=1}if(l)throw new f.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[h]+=b;this.f+=b;k===this.u&&(this.isReady()!==this.u&&this.aa("seeded",Math.max(this.o,this.f)),this.aa("progress",this.getProgress()))},
207
+ isReady:function(a){a=this.X[void 0!==a?a:this.P];return this.o&&this.o>=a?this.m[0]>this.ia&&(new Date).valueOf()>this.fa?this.L|this.K:this.K:this.f>=a?this.L|this.u:this.u},getProgress:function(a){a=this.X[a?a:this.P];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.G){this.a={loadTimeCollector:this.B(this.ta),mouseCollector:this.B(this.va),keyboardCollector:this.B(this.sa),accelerometerCollector:this.B(this.la),touchCollector:this.B(this.za)};if(window.addEventListener)window.addEventListener("load",
208
+ this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new f.exception.bug("can't attach event");
209
+ this.G=!0}},stopCollectors:function(){this.G&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove",
210
+ this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.G=!1)},addEventListener:function(a,b){this.N[a][this.na++]=b},removeEventListener:function(a,b){var c,d,e=this.N[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;c<f.length;c++)d=f[c],delete e[d]},B:function(a){var b=this;return function(){a.apply(b,arguments)}},S:function(){for(var a=0;4>a&&(this.h[a]=this.h[a]+1|0,!this.h[a]);a++);return this.O.encrypt(this.h)},ba:function(){this.b=this.S().concat(this.S());
211
+ this.O=new f.cipher.aes(this.b)},xa:function(a){this.b=f.hash.sha256.hash(this.b.concat(a));this.O=new f.cipher.aes(this.b);for(a=0;4>a&&(this.h[a]=this.h[a]+1|0,!this.h[a]);a++);},ya:function(a){var b=[],c=0,d;this.fa=b[0]=(new Date).valueOf()+this.ka;for(d=0;16>d;d++)b.push(0x100000000*Math.random()|0);for(d=0;d<this.c.length&&(b=b.concat(this.c[d].finalize()),c+=this.m[d],this.m[d]=0,a||!(this.U&1<<d));d++);this.U>=1<<this.c.length&&(this.c.push(new f.hash.sha256),this.m.push(0));this.f-=c;c>this.o&&
212
+ (this.o=c);this.U++;this.xa(b)},sa:function(){this.w(1)},va:function(a){var b,c;try{b=a.x||a.clientX||a.offsetX||0,c=a.y||a.clientY||a.offsetY||0}catch(d){c=b=0}0!=b&&0!=c&&this.addEntropy([b,c],2,"mouse");this.w(0)},za:function(a){a=a.touches[0]||a.changedTouches[0];this.addEntropy([a.pageX||a.clientX,a.pageY||a.clientY],1,"touch");this.w(0)},ta:function(){this.w(2)},w:function(a){"undefined"!==typeof window&&window.performance&&"function"===typeof window.performance.now?this.addEntropy(window.performance.now(),
213
+ a,"loadtime"):this.addEntropy((new Date).valueOf(),a,"loadtime")},la:function(a){a=a.accelerationIncludingGravity.x||a.accelerationIncludingGravity.y||a.accelerationIncludingGravity.z;if(window.orientation){var b=window.orientation;"number"===typeof b&&this.addEntropy(b,1,"accelerometer")}a&&this.addEntropy(a,2,"accelerometer");this.w(0)},aa:function(a,b){var c,d=f.random.N[a],e=[];for(c in d)d.hasOwnProperty(c)&&e.push(d[c]);for(c=0;c<e.length;c++)e[c](b)}};f.random=new f.prng(6);(function(){try{var a,
214
+ b,c,d;if(d="undefined"!==typeof module&&module.exports){var e;try{e=require("crypto")}catch(g){e=null}d=b=e}if(d&&b.randomBytes)a=b.randomBytes(128),a=new Uint32Array((new Uint8Array(a)).buffer),f.random.addEntropy(a,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){c=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(c);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(c);
215
+ else return;f.random.addEntropy(c,1024,"crypto['getRandomValues']")}}catch(g){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(g))}})();f.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},qa:function(a,b,c,d){c=c||{};d=d||{};var e=f.json,g=e.g({iv:f.random.randomWords(4,0)},e.defaults),h;e.g(g,c);c=g.adata;"string"===typeof g.salt&&(g.salt=f.codec.base64.toBits(g.salt));"string"===typeof g.iv&&
216
+ (g.iv=f.codec.base64.toBits(g.iv));if(!f.mode[g.mode]||!f.cipher[g.cipher]||"string"===typeof a&&100>=g.iter||64!==g.ts&&96!==g.ts&&128!==g.ts||128!==g.ks&&192!==g.ks&&0x100!==g.ks||2>g.iv.length||4<g.iv.length)throw new f.exception.invalid("json encrypt: invalid parameters");"string"===typeof a?(h=f.misc.cachedPbkdf2(a,g),a=h.key.slice(0,g.ks/32),g.salt=h.salt):f.ecc&&a instanceof f.ecc.elGamal.publicKey&&(h=a.kem(),g.kemtag=h.tag,a=h.key.slice(0,g.ks/32));"string"===typeof b&&(b=f.codec.utf8String.toBits(b));
217
+ "string"===typeof c&&(g.adata=c=f.codec.utf8String.toBits(c));h=new f.cipher[g.cipher](a);e.g(d,g);d.key=a;g.ct="ccm"===g.mode&&f.arrayBuffer&&f.arrayBuffer.ccm&&b instanceof ArrayBuffer?f.arrayBuffer.ccm.encrypt(h,b,g.iv,c,g.ts):f.mode[g.mode].encrypt(h,b,g.iv,c,g.ts);return g},encrypt:function(a,b,c,d){var e=f.json,g=e.qa.apply(e,arguments);return e.encode(g)},pa:function(a,b,c,d){c=c||{};d=d||{};var e=f.json;b=e.g(e.g(e.g({},e.defaults),b),c,!0);var g,h;g=b.adata;"string"===typeof b.salt&&(b.salt=
218
+ f.codec.base64.toBits(b.salt));"string"===typeof b.iv&&(b.iv=f.codec.base64.toBits(b.iv));if(!f.mode[b.mode]||!f.cipher[b.cipher]||"string"===typeof a&&100>=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4<b.iv.length)throw new f.exception.invalid("json decrypt: invalid parameters");"string"===typeof a?(h=f.misc.cachedPbkdf2(a,b),a=h.key.slice(0,b.ks/32),b.salt=h.salt):f.ecc&&a instanceof f.ecc.elGamal.secretKey&&(a=a.unkem(f.codec.base64.toBits(b.kemtag)).slice(0,
219
+ b.ks/32));"string"===typeof g&&(g=f.codec.utf8String.toBits(g));h=new f.cipher[b.cipher](a);g="ccm"===b.mode&&f.arrayBuffer&&f.arrayBuffer.ccm&&b.ct instanceof ArrayBuffer?f.arrayBuffer.ccm.decrypt(h,b.ct,b.iv,b.tag,g,b.ts):f.mode[b.mode].decrypt(h,b.ct,b.iv,g,b.ts);e.g(d,b);d.key=a;return 1===c.raw?g:f.codec.utf8String.fromBits(g)},decrypt:function(a,b,c,d){var e=f.json;return e.pa(a,e.decode(b),c,d)},encode:function(a){var b,c="{",d="";for(b in a)if(a.hasOwnProperty(b)){if(!b.match(/^[a-z0-9]+#x2F;i))throw new f.exception.invalid("json encode: invalid property name");
220
+ c+=d+'"'+b+'":';d=",";switch(typeof a[b]){case "number":case "boolean":c+=a[b];break;case "string":c+='"'+escape(a[b])+'"';break;case "object":c+='"'+f.codec.base64.fromBits(a[b],0)+'"';break;default:throw new f.exception.bug("json encode: unsupported type");}}return c+"}"},decode:function(a){a=a.replace(/\s/g,"");if(!a.match(/^\{.*\}#x2F;))throw new f.exception.invalid("json decode: this isn't json!");a=a.replace(/^\{|\}#x2F;g,"").split(/,/);var b={},c,d;for(c=0;c<a.length;c++){if(!(d=a[c].match(/^\s*(?:(["']?)([a-z][a-z0-9]*)\1)\s*:\s*(?:(-?\d+)|"([a-z0-9+\/%*_.@=\-]*)"|(true|false))#x2F;i)))throw new f.exception.invalid("json decode: this isn't json!");
221
+ null!=d[3]?b[d[2]]=parseInt(d[3],10):null!=d[4]?b[d[2]]=d[2].match(/^(ct|adata|salt|iv)#x2F;)?f.codec.base64.toBits(d[4]):unescape(d[4]):null!=d[5]&&(b[d[2]]="true"===d[5])}return b},g:function(a,b,c){void 0===a&&(a={});if(void 0===b)return a;for(var d in b)if(b.hasOwnProperty(d)){if(c&&void 0!==a[d]&&a[d]!==b[d])throw new f.exception.invalid("required parameter overridden");a[d]=b[d]}return a},Ba:function(a,b){var c={},d;for(d in a)a.hasOwnProperty(d)&&a[d]!==b[d]&&(c[d]=a[d]);return c},Aa:function(a,
222
+ b){var c={},d;for(d=0;d<b.length;d++)void 0!==a[b[d]]&&(c[b[d]]=a[b[d]]);return c}};f.encrypt=f.json.encrypt;f.decrypt=f.json.decrypt;f.misc.wa={};f.misc.cachedPbkdf2=function(a,b){var c=f.misc.wa,d;b=b||{};d=b.iter||1E3;c=c[a]=c[a]||{};d=c[d]=c[d]||{firstSalt:b.salt&&b.salt.length?b.salt.slice(0):f.random.randomWords(2,0)};c=void 0===b.salt?d.firstSalt:b.salt;d[c]=d[c]||f.misc.pbkdf2(a,c,b.iter);return{key:d[c].slice(0),salt:c.slice(0)}};"undefined"!==typeof module&&module.exports&&(module.exports=
223
+ f);"function"===typeof define&&define([],function(){return f})})(sjcl);
js/{wfpopover.1573059078.js → wfpopover.1575390485.js} RENAMED
File without changes
js/{wfselect2.min.1573059078.js → wfselect2.min.1575390485.js} RENAMED
File without changes
lib/menu_tools_livetraffic.php CHANGED
@@ -433,13 +433,6 @@ if (!wfConfig::liveTrafficEnabled($overridden)):
433
<div data-bind="visible: (jQuery.inArray(parseInt(statusCode(), 10), [403, 503, 404]) !== -1 || action() == 'loginFailValidUsername' || action() == 'loginFailInvalidUsername')">
434
<strong>Human/Bot:</strong> <span data-bind="text: (jsRun() === '1' ? 'Human' : 'Bot')"></span>
435
</div>
436
- <div data-bind="if: browser() && browser().browser != 'Default Browser'">
437
- <strong>Browser:</strong>
438
- <span data-bind="text: browser().browser +
439
- (browser().version ? ' version ' + browser().version : '') +
440
- (browser().platform && browser().platform != 'unknown' ? ' running on ' + browser().platform : '')
441
- "></span>
442
- </div>
443
<div class="wf-split-word" data-bind="text: UA"></div>
444
<div class="wf-live-traffic-actions">
445
<span data-bind="if: blocked()">
433
<div data-bind="visible: (jQuery.inArray(parseInt(statusCode(), 10), [403, 503, 404]) !== -1 || action() == 'loginFailValidUsername' || action() == 'loginFailInvalidUsername')">
434
<strong>Human/Bot:</strong> <span data-bind="text: (jsRun() === '1' ? 'Human' : 'Bot')"></span>
435
</div>
436
<div class="wf-split-word" data-bind="text: UA"></div>
437
<div class="wf-live-traffic-actions">
438
<span data-bind="if: blocked()">
lib/wfCrypt.php CHANGED
@@ -73,4 +73,14 @@ ENDKEY;
73
}
74
return array();
75
}
76
}
73
}
74
return array();
75
}
76
+
77
+ /**
78
+ * Returns a SHA256 HMAC for $payload using the local long key.
79
+ *
80
+ * @param $payload
81
+ * @return false|string
82
+ */
83
+ public static function local_sign($payload) {
84
+ return hash_hmac('sha256', $payload, wfConfig::get('longEncKey'));
85
+ }
86
}
lib/wfScan.php CHANGED
@@ -49,9 +49,16 @@ class wfScan {
49
self::status(4, 'info', "Cron test received and message printed");
50
exit();
51
}
52
- /* ----------Starting cronkey check -------- */
53
self::status(4, 'info', "Scan engine received request.");
54
55
self::status(4, 'info', "Fetching stored cronkey for comparison.");
56
$expired = false;
57
$storedCronKey = self::storedCronKey($expired);
49
self::status(4, 'info', "Cron test received and message printed");
50
exit();
51
}
52
+
53
self::status(4, 'info', "Scan engine received request.");
54
55
+ /* ----------Starting signature check -------- */
56
+ self::status(4, 'info', "Verifying start request signature.");
57
+ if (!isset($_GET['signature']) || !wfScanEngine::verifyStartSignature($_GET['signature'], isset($_GET['isFork']) ? wfUtils::truthyToBoolean($_GET['isFork']) : false, isset($_GET['scanMode']) ? $_GET['scanMode'] : '', isset($_GET['cronKey']) ? $_GET['cronKey'] : '', isset($_GET['remote']) ? wfUtils::truthyToBoolean($_GET['remote']) : false)) {
58
+ self::errorExit(__('The signature on the request to start a scan is invalid. Please try again.', 'wordfence'));
59
+ }
60
+
61
+ /* ----------Starting cronkey check -------- */
62
self::status(4, 'info', "Fetching stored cronkey for comparison.");
63
$expired = false;
64
$storedCronKey = self::storedCronKey($expired);
lib/wfScanEngine.php CHANGED
@@ -1940,8 +1940,7 @@ class wfScanEngine {
1940
wfConfig::set('currentCronKey', time() . ',' . $cronKey);
1941
if ((!wfConfig::get('startScansRemotely', false)) && (!is_wp_error($testResult)) && (is_array($testResult) || $testResult instanceof ArrayAccess) && strstr($testResult['body'], 'WFSCANTESTOK') !== false) {
1942
//ajax requests can be sent by the server to itself
1943
- $cronURL = 'admin-ajax.php?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . $scanMode . '&cronKey=' . $cronKey;
1944
- $cronURL = admin_url($cronURL);
1945
$headers = array('Referer' => false/*, 'Cookie' => 'XDEBUG_SESSION=1'*/);
1946
wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
1947
@@ -1972,9 +1971,7 @@ class wfScanEngine {
1972
wordfence::status(4, 'info', "Scan process ended after forking.");
1973
}
1974
else {
1975
- $cronURL = admin_url('admin-ajax.php');
1976
- $cronURL = preg_replace('/^(https?:\/\/)/i', '$1noc1.wordfence.com/scanp/', $cronURL);
1977
- $cronURL .= '?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . $scanMode . '&cronKey=' . $cronKey;
1978
$headers = array();
1979
wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
1980
@@ -2006,6 +2003,41 @@ class wfScanEngine {
2006
}
2007
return false; //No error
2008
}
2009
public function processResponse($result){
2010
return false;
2011
}
1940
wfConfig::set('currentCronKey', time() . ',' . $cronKey);
1941
if ((!wfConfig::get('startScansRemotely', false)) && (!is_wp_error($testResult)) && (is_array($testResult) || $testResult instanceof ArrayAccess) && strstr($testResult['body'], 'WFSCANTESTOK') !== false) {
1942
//ajax requests can be sent by the server to itself
1943
+ $cronURL = self::_localStartURL($isFork, $scanMode, $cronKey);
1944
$headers = array('Referer' => false/*, 'Cookie' => 'XDEBUG_SESSION=1'*/);
1945
wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
1946
1971
wordfence::status(4, 'info', "Scan process ended after forking.");
1972
}
1973
else {
1974
+ $cronURL = self::_remoteStartURL($isFork, $scanMode, $cronKey);
1975
$headers = array();
1976
wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
1977
2003
}
2004
return false; //No error
2005
}
2006
+
2007
+ public static function verifyStartSignature($signature, $isFork, $scanMode, $cronKey, $remote) {
2008
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2009
+ if ($remote) {
2010
+ $url = self::_remoteStartURL($isFork, $scanMode, $cronKey);
2011
+ $url = remove_query_arg('signature', $url);
2012
+ }
2013
+ $test = self::_signStartURL($url);
2014
+ return hash_equals($signature, $test);
2015
+ }
2016
+
2017
+ protected static function _baseStartURL($isFork, $scanMode, $cronKey) {
2018
+ $url = admin_url('admin-ajax.php');
2019
+ $url .= '?action=wordfence_doScan&isFork=' . ($isFork ? '1' : '0') . '&scanMode=' . urlencode($scanMode) . '&cronKey=' . urlencode($cronKey);
2020
+ return $url;
2021
+ }
2022
+
2023
+ protected static function _localStartURL($isFork, $scanMode, $cronKey) {
2024
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2025
+ return add_query_arg('signature', self::_signStartURL($url), $url);
2026
+ }
2027
+
2028
+ protected static function _remoteStartURL($isFork, $scanMode, $cronKey) {
2029
+ $url = self::_baseStartURL($isFork, $scanMode, $cronKey);
2030
+ $url = preg_replace('/^https?:\/\//i', (wfAPI::SSLEnabled() ? WORDFENCE_API_URL_SEC : WORDFENCE_API_URL_NONSEC) . 'scanp/', $url);
2031
+ $url = add_query_arg('k', wfConfig::get('apiKey'), $url);
2032
+ $url = add_query_arg('ssl', wfUtils::isFullSSL() ? '1' : '0', $url);
2033
+ return add_query_arg('signature', self::_signStartURL($url), $url);
2034
+ }
2035
+
2036
+ protected static function _signStartURL($url) {
2037
+ $payload = preg_replace('~^https?://[^/]+~i', '', $url);
2038
+ return wfCrypt::local_sign($payload);
2039
+ }
2040
+
2041
public function processResponse($result){
2042
return false;
2043
}
lib/wfUtils.php CHANGED
@@ -157,7 +157,7 @@ class wfUtils {
157
}
158
return $version;
159
}
160
-
161
/**
162
* Check if an IP address is in a network block
163
*
@@ -166,43 +166,216 @@ class wfUtils {
166
* @return boolean
167
*/
168
public static function subnetContainsIP($subnet, $ip) {
169
- list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
170
-
171
- if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
172
- // If no prefix was supplied, 32 is implied for IPv4
173
- if ($prefix === null) {
174
- $prefix = 32;
175
}
176
-
177
- // Validate the IPv4 network prefix
178
- if ($prefix < 0 || $prefix > 32) {
179
- return false;
180
}
181
-
182
- // Increase the IPv4 network prefix to work in the IPv6 address space
183
- $prefix += 96;
184
- } else {
185
- // If no prefix was supplied, 128 is implied for IPv6
186
- if ($prefix === null) {
187
- $prefix = 128;
188
}
189
-
190
- // Validate the IPv6 network prefix
191
- if ($prefix < 1 || $prefix > 128) {
192
- return false;
193
}
194
}
195
196
- $bin_network = wfUtils::substr(self::inet_pton($network), 0, ceil($prefix / 8));
197
- $bin_ip = wfUtils::substr(self::inet_pton($ip), 0, ceil($prefix / 8));
198
- if ($prefix % 8 != 0) { //Adjust the last relevant character to fit the mask length since the character's bits are split over it
199
- $pos = intval($prefix / 8);
200
- $adjustment = chr(((0xff << (8 - ($prefix % 8))) & 0xff));
201
- $bin_network[$pos] = ($bin_network[$pos] & $adjustment);
202
- $bin_ip[$pos] = ($bin_ip[$pos] & $adjustment);
203
}
204
205
- return ($bin_network === $bin_ip);
206
}
207
208
/**
157
}
158
return $version;
159
}
160
+
161
/**
162
* Check if an IP address is in a network block
163
*
166
* @return boolean
167
*/
168
public static function subnetContainsIP($subnet, $ip) {
169
+ static $_network_cache = array();
170
+ static $_ip_cache = array();
171
+ static $_masks = array(
172
+ 0 => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
173
+ 1 => "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
174
+ 2 => "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
175
+ 3 => "\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
176
+ 4 => "\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
177
+ 5 => "\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
178
+ 6 => "\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
179
+ 7 => "\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
180
+ 8 => "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
181
+ 9 => "\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
182
+ 10 => "\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
183
+ 11 => "\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
184
+ 12 => "\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
185
+ 13 => "\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
186
+ 14 => "\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
187
+ 15 => "\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
188
+ 16 => "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
189
+ 17 => "\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
190
+ 18 => "\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
191
+ 19 => "\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
192
+ 20 => "\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
193
+ 21 => "\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
194
+ 22 => "\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
195
+ 23 => "\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
196
+ 24 => "\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
197
+ 25 => "\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
198
+ 26 => "\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
199
+ 27 => "\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
200
+ 28 => "\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
201
+ 29 => "\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
202
+ 30 => "\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
203
+ 31 => "\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
204
+ 32 => "\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
205
+ 33 => "\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
206
+ 34 => "\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
207
+ 35 => "\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
208
+ 36 => "\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
209
+ 37 => "\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
210
+ 38 => "\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
211
+ 39 => "\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
212
+ 40 => "\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
213
+ 41 => "\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
214
+ 42 => "\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
215
+ 43 => "\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
216
+ 44 => "\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
217
+ 45 => "\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
218
+ 46 => "\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
219
+ 47 => "\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
220
+ 48 => "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
221
+ 49 => "\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00",
222
+ 50 => "\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
223
+ 51 => "\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
224
+ 52 => "\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
225
+ 53 => "\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00",
226
+ 54 => "\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00",
227
+ 55 => "\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00",
228
+ 56 => "\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00",
229
+ 57 => "\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00",
230
+ 58 => "\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00",
231
+ 59 => "\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00",
232
+ 60 => "\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00",
233
+ 61 => "\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00",
234
+ 62 => "\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00",
235
+ 63 => "\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00",
236
+ 64 => "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00",
237
+ 65 => "\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00",
238
+ 66 => "\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00",
239
+ 67 => "\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00",
240
+ 68 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00",
241
+ 69 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00",
242
+ 70 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00",
243
+ 71 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00",
244
+ 72 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00",
245
+ 73 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00",
246
+ 74 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00",
247
+ 75 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00",
248
+ 76 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00",
249
+ 77 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00",
250
+ 78 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00",
251
+ 79 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00",
252
+ 80 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00",
253
+ 81 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00",
254
+ 82 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00",
255
+ 83 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00",
256
+ 84 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00",
257
+ 85 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00",
258
+ 86 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00",
259
+ 87 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00",
260
+ 88 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00",
261
+ 89 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00",
262
+ 90 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00",
263
+ 91 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00",
264
+ 92 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00",
265
+ 93 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00",
266
+ 94 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00",
267
+ 95 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00",
268
+ 96 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00",
269
+ 97 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00",
270
+ 98 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00",
271
+ 99 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00",
272
+ 100 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00",
273
+ 101 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00",
274
+ 102 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00",
275
+ 103 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00",
276
+ 104 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00",
277
+ 105 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00",
278
+ 106 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00",
279
+ 107 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00",
280
+ 108 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00",
281
+ 109 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00",
282
+ 110 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00",
283
+ 111 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00",
284
+ 112 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00",
285
+ 113 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00",
286
+ 114 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00",
287
+ 115 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00",
288
+ 116 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00",
289
+ 117 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00",
290
+ 118 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00",
291
+ 119 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00",
292
+ 120 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00",
293
+ 121 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80",
294
+ 122 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0",
295
+ 123 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0",
296
+ 124 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0",
297
+ 125 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8",
298
+ 126 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc",
299
+ 127 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
300
+ 128 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
301
+ );
302
+ /*
303
+ * The above is generated by:
304
+ *
305
+ function gen_mask($prefix, $size = 128) {
306
+ //Workaround to avoid overflow, split into four pieces
307
+ $mask_1 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 1 * $size / 4 - $prefix))) - 1);
308
+ $mask_2 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 2 * $size / 4 - $prefix))) - 1);
309
+ $mask_3 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 3 * $size / 4 - $prefix))) - 1);
310
+ $mask_4 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 4 * $size / 4 - $prefix))) - 1);
311
+ return ($mask_1 ? pack('N', $mask_1) : "\0\0\0\0") . ($mask_2 ? pack('N', $mask_2) : "\0\0\0\0") . ($mask_3 ? pack('N', $mask_3) : "\0\0\0\0") . ($mask_4 ? pack('N', $mask_4) : "\0\0\0\0");
312
}
313
+
314
+ $masks = array();
315
+ for ($i = 0; $i <= 128; $i++) {
316
+ $mask = gen_mask($i);
317
+ $chars = str_split($mask);
318
+ $masks[] = implode('', array_map(function($c) { return '\\x' . bin2hex($c); }, $chars));
319
}
320
+
321
+ echo 'array(' . "\n";
322
+ foreach ($masks as $index => $m) {
323
+ echo "\t{$index} => \"{$m}\",\n";
324
}
325
+ echo ')';
326
+ *
327
+ */
328
+
329
+ if (isset($_network_cache[$subnet])) {
330
+ list($bin_network, $prefix, $masked_network) = $_network_cache[$subnet];
331
+ $mask = $_masks[$prefix];
332
+ }
333
+ else {
334
+ list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
335
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
336
+ // If no prefix was supplied, 32 is implied for IPv4
337
+ if ($prefix === null) {
338
+ $prefix = 32;
339
+ }
340
+
341
+ // Validate the IPv4 network prefix
342
+ if ($prefix < 0 || $prefix > 32) {
343
+ return false;
344
+ }
345
+
346
+ // Increase the IPv4 network prefix to work in the IPv6 address space
347
+ $prefix += 96;
348
+ }
349
+ else {
350
+ // If no prefix was supplied, 128 is implied for IPv6
351
+ if ($prefix === null) {
352
+ $prefix = 128;
353
+ }
354
+
355
+ // Validate the IPv6 network prefix
356
+ if ($prefix < 1 || $prefix > 128) {
357
+ return false;
358
+ }
359
}
360
+ $mask = $_masks[$prefix];
361
+ $bin_network = self::inet_pton($network);
362
+ $masked_network = $bin_network & $mask;
363
+ $_network_cache[$subnet] = array($bin_network, $prefix, $masked_network);
364
}
365
366
+ if (isset($_ip_cache[$ip]) && isset($_ip_cache[$ip][$prefix])) {
367
+ list($bin_ip, $masked_ip) = $_ip_cache[$ip][$prefix];
368
+ }
369
+ else {
370
+ $bin_ip = self::inet_pton($ip);
371
+ $masked_ip = $bin_ip & $mask;
372
+ if (!isset($_ip_cache[$ip])) {
373
+ $_ip_cache[$ip] = array();
374
+ }
375
+ $_ip_cache[$ip][$prefix] = array($bin_ip, $masked_ip);
376
}
377
378
+ return ($masked_ip === $masked_network);
379
}
380
381
/**
lib/wordfenceClass.php CHANGED
@@ -5379,7 +5379,7 @@ HTACCESS;
5379
echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
5380
echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
5381
echo "Attempting to set max memory to {$configuredMax}M.\n";
5382
- wfUtils::iniSet('memory_limit', ($configuredMax + 1) . 'M'); //Allow a little extra for testing overhead
5383
echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested {$configuredMax} megabytes.\n";
5384
5385
if (memory_get_usage(true) < 1) {
@@ -5391,26 +5391,29 @@ HTACCESS;
5391
exit();
5392
}
5393
5394
- //256 bytes
5395
- $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
5396
5397
$currentUsage = memory_get_usage(true);
5398
$tenMB = 10 * 1024 * 1024;
5399
$start = ceil($currentUsage / $tenMB) * $tenMB - $currentUsage; //Start at the closest 10 MB increment to the current usage
5400
$configuredMax = $configuredMax * 1048576; //Bytes
5401
$testLimit = $configuredMax - memory_get_usage(true);
5402
$finalUsage = '0';
5403
while ($start <= $testLimit) {
5404
- $accumulatedMemory = str_repeat($chars, $start / 256);
5405
5406
$finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
5407
echo "Tested up to " . $finalUsage . " megabytes.\n";
5408
if ($start == $testLimit) { break; }
5409
$start = min($start + $stepSize, $testLimit);
5410
5411
if (memory_get_usage(true) > $configuredMax) { break; }
5412
-
5413
- unset($accumulatedMemory);
5414
}
5415
echo "--Test complete.--\n\nYour web host allows you to use at least {$finalUsage} megabytes of memory for each PHP process hosting your WordPress site.\n";
5416
exit();
5379
echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
5380
echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
5381
echo "Attempting to set max memory to {$configuredMax}M.\n";
5382
+ wfUtils::iniSet('memory_limit', ($configuredMax + 5) . 'M'); //Allow a little extra for testing overhead
5383
echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested {$configuredMax} megabytes.\n";
5384
5385
if (memory_get_usage(true) < 1) {
5391
exit();
5392
}
5393
5394
+ if (!defined('WP_SANDBOX_SCRAPING')) { define('WP_SANDBOX_SCRAPING', true); } //Disables the WP error handler in somewhat of a hacky way
5395
5396
+ $accumulatedMemory = array_fill(0, ceil($configuredMax / $stepSize), '');
5397
$currentUsage = memory_get_usage(true);
5398
$tenMB = 10 * 1024 * 1024;
5399
$start = ceil($currentUsage / $tenMB) * $tenMB - $currentUsage; //Start at the closest 10 MB increment to the current usage
5400
$configuredMax = $configuredMax * 1048576; //Bytes
5401
$testLimit = $configuredMax - memory_get_usage(true);
5402
$finalUsage = '0';
5403
+ $previous = 0;
5404
+ $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
5405
+ $index = 0;
5406
while ($start <= $testLimit) {
5407
+ $accumulatedMemory[$index] = str_repeat($chars, ($start - $previous) / 256);
5408
5409
$finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
5410
echo "Tested up to " . $finalUsage . " megabytes.\n";
5411
if ($start == $testLimit) { break; }
5412
+ $previous = $start;
5413
$start = min($start + $stepSize, $testLimit);
5414
5415
if (memory_get_usage(true) > $configuredMax) { break; }
5416
+ $index++;
5417
}
5418
echo "--Test complete.--\n\nYour web host allows you to use at least {$finalUsage} megabytes of memory for each PHP process hosting your WordPress site.\n";
5419
exit();
lib/wordfenceHash.php CHANGED
@@ -360,6 +360,8 @@ class wordfenceHash {
360
$indexedFiles = array();
361
}
362
363
if (count($payload) > 0) {
364
global $wpdb;
365
$table_wfKnownFileList = wfDB::networkTable('wfKnownFileList');
360
$indexedFiles = array();
361
}
362
363
+ $payload = array_filter($payload); //Strip empty strings -- these are symlinks to files outside of the site root (ABSPATH)
364
+
365
if (count($payload) > 0) {
366
global $wpdb;
367
$table_wfKnownFileList = wfDB::networkTable('wfKnownFileList');
modules/login-security/css/{admin-global.1573059078.css → admin-global.1575390485.css} RENAMED
File without changes
modules/login-security/css/{admin.1573059078.css → admin.1575390485.css} RENAMED
File without changes
modules/login-security/css/{colorbox.1573059078.css → colorbox.1575390485.css} RENAMED
File without changes
modules/login-security/css/{font-awesome.1573059078.css → font-awesome.1575390485.css} RENAMED
File without changes
modules/login-security/css/{ionicons.1573059078.css → ionicons.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui-timepicker-addon.1573059078.css → jquery-ui-timepicker-addon.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.min.1573059078.css → jquery-ui.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.structure.min.1573059078.css → jquery-ui.structure.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.theme.min.1573059078.css → jquery-ui.theme.min.1575390485.css} RENAMED
File without changes
modules/login-security/css/{login.1573059078.css → login.1575390485.css} RENAMED
File without changes
modules/login-security/js/{admin-global.1573059078.js → admin-global.1575390485.js} RENAMED
File without changes
modules/login-security/js/{admin.1573059078.js → admin.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery-ui-timepicker-addon.1573059078.js → jquery-ui-timepicker-addon.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.1573059078.js → jquery.colorbox.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.min.1573059078.js → jquery.colorbox.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.qrcode.min.1573059078.js → jquery.qrcode.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{jquery.tmpl.min.1573059078.js → jquery.tmpl.min.1575390485.js} RENAMED
File without changes
modules/login-security/js/{login.1573059078.js → login.1575390485.js} RENAMED
File without changes
modules/login-security/wordfence-login-security.php CHANGED
@@ -27,7 +27,7 @@ else {
27
define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
29
define('WORDFENCE_LS_VERSION', '1.0.4');
30
- define('WORDFENCE_LS_BUILD_NUMBER', '1573059078');
31
32
if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
27
define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
29
define('WORDFENCE_LS_VERSION', '1.0.4');
30
+ define('WORDFENCE_LS_BUILD_NUMBER', '1575390485');
31
32
if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: security, firewall, malware scanner, web application firewall, two factor
4
Requires at least: 3.9
5
Requires PHP: 5.3
6
Tested up to: 5.3
7
- Stable tag: 7.4.1
8
9
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
@@ -183,6 +183,16 @@ Secure your website with Wordfence.
183
184
== Changelog ==
185
186
= 7.4.1 - November 6, 2019 =
187
* Improvement: Updated the bundled GeoIP database.
188
* Improvement: Minor changes to ensure compatibility with PHP 7.4.
4
Requires at least: 3.9
5
Requires PHP: 5.3
6
Tested up to: 5.3
7
+ Stable tag: 7.4.2
8
9
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
183
184
== Changelog ==
185
186
+ = 7.4.2 - December 3, 2019 =
187
+ * Improvement: Increased performance of IP CIDR range comparisons.
188
+ * Improvement: Added parameter signature to remote scanning for better validation during forking.
189
+ * Change: Removed duplicate browser label in Live Traffic.
190
+ * Fix: Added compensation for PHP 7.4 deprecation notice with get_magic_quotes_gpc.
191
+ * Fix: Fixed potential notice in dashboard widget when no updates are found.
192
+ * Fix: Updated JS hashing library to compensate for a variable name collision that could occur.
193
+ * Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files.
194
+ * Fix: Fixed PHP memory test for newer PHP versions whose optimizations prevented it from allocating memory as desired.
195
+
196
= 7.4.1 - November 6, 2019 =
197
* Improvement: Updated the bundled GeoIP database.
198
* Improvement: Minor changes to ensure compatibility with PHP 7.4.
vendor/wordfence/wf-waf/src/lib/utils.php CHANGED
@@ -353,6 +353,9 @@ class wfWAFUtils {
353
'off',
354
'false'
355
))));
356
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated
357
if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || $sybaseEnabled) {
358
return self::stripslashes_deep($subject);
@@ -717,7 +720,7 @@ class wfWAFUtils {
717
if (!defined('DONOTCDN')) { define('DONOTCDN', true); }
718
if (!defined('DONOTCACHEOBJECT')) { define('DONOTCACHEOBJECT', true); }
719
}
720
-
721
/**
722
* Check if an IP address is in a network block
723
*
@@ -726,43 +729,216 @@ class wfWAFUtils {
726
* @return boolean
727
*/
728
public static function subnetContainsIP($subnet, $ip) {
729
- list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
730
-
731
- if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
732
- // If no prefix was supplied, 32 is implied for IPv4
733
- if ($prefix === null) {
734
- $prefix = 32;
735
}
736
-
737
- // Validate the IPv4 network prefix
738
- if ($prefix < 0 || $prefix > 32) {
739
- return false;
740
}
741
-
742
- // Increase the IPv4 network prefix to work in the IPv6 address space
743
- $prefix += 96;
744
- } else {
745
- // If no prefix was supplied, 128 is implied for IPv6
746
- if ($prefix === null) {
747
- $prefix = 128;
748
}
749
-
750
- // Validate the IPv6 network prefix
751
- if ($prefix < 1 || $prefix > 128) {
752
- return false;
753
}
754
}
755
-
756
- $bin_network = wfWAFUtils::substr(self::inet_pton($network), 0, ceil($prefix / 8));
757
- $bin_ip = wfWAFUtils::substr(self::inet_pton($ip), 0, ceil($prefix / 8));
758
- if ($prefix % 8 != 0) { //Adjust the last relevant character to fit the mask length since the character's bits are split over it
759
- $pos = intval($prefix / 8);
760
- $adjustment = chr(((0xff << (8 - ($prefix % 8))) & 0xff));
761
- $bin_network[$pos] = ($bin_network[$pos] & $adjustment);
762
- $bin_ip[$pos] = ($bin_ip[$pos] & $adjustment);
763
}
764
-
765
- return ($bin_network === $bin_ip);
766
}
767
768
/**
353
'off',
354
'false'
355
))));
356
+ if (defined('PHP_VERSION_ID') && PHP_VERSION_ID >= 70400) { //Avoid get_magic_quotes_gpc on PHP >= 7.4.0
357
+ return $subject;
358
+ }
359
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.get_magic_quotes_gpcDeprecated
360
if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || $sybaseEnabled) {
361
return self::stripslashes_deep($subject);
720
if (!defined('DONOTCDN')) { define('DONOTCDN', true); }
721
if (!defined('DONOTCACHEOBJECT')) { define('DONOTCACHEOBJECT', true); }
722
}
723
+
724
/**
725
* Check if an IP address is in a network block
726
*
729
* @return boolean
730
*/
731
public static function subnetContainsIP($subnet, $ip) {
732
+ static $_network_cache = array();
733
+ static $_ip_cache = array();
734
+ static $_masks = array(
735
+ 0 => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
736
+ 1 => "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
737
+ 2 => "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
738
+ 3 => "\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
739
+ 4 => "\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
740
+ 5 => "\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
741
+ 6 => "\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
742
+ 7 => "\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
743
+ 8 => "\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
744
+ 9 => "\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
745
+ 10 => "\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
746
+ 11 => "\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
747
+ 12 => "\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
748
+ 13 => "\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
749
+ 14 => "\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
750
+ 15 => "\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
751
+ 16 => "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
752
+ 17 => "\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
753
+ 18 => "\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
754
+ 19 => "\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
755
+ 20 => "\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
756
+ 21 => "\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
757
+ 22 => "\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
758
+ 23 => "\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
759
+ 24 => "\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
760
+ 25 => "\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
761
+ 26 => "\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
762
+ 27 => "\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
763
+ 28 => "\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
764
+ 29 => "\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
765
+ 30 => "\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
766
+ 31 => "\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
767
+ 32 => "\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
768
+ 33 => "\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
769
+ 34 => "\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
770
+ 35 => "\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
771
+ 36 => "\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
772
+ 37 => "\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
773
+ 38 => "\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
774
+ 39 => "\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
775
+ 40 => "\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
776
+ 41 => "\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
777
+ 42 => "\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
778
+ 43 => "\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
779
+ 44 => "\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
780
+ 45 => "\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
781
+ 46 => "\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
782
+ 47 => "\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
783
+ 48 => "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
784
+ 49 => "\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00",
785
+ 50 => "\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
786
+ 51 => "\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
787
+ 52 => "\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00",
788
+ 53 => "\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00",
789
+ 54 => "\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00",
790
+ 55 => "\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00",
791
+ 56 => "\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00",
792
+ 57 => "\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00\x00",
793
+ 58 => "\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00",
794
+ 59 => "\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00",
795
+ 60 => "\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00\x00",
796
+ 61 => "\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00\x00",
797
+ 62 => "\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00\x00",
798
+ 63 => "\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00",
799
+ 64 => "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00",
800
+ 65 => "\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00\x00",
801
+ 66 => "\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00",
802
+ 67 => "\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00",
803
+ 68 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00\x00",
804
+ 69 => "\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00\x00",
805
+ 70 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00\x00",
806
+ 71 => "\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00\x00",
807
+ 72 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00",
808
+ 73 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00\x00",
809
+ 74 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00\x00",
810
+ 75 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00\x00",
811
+ 76 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00\x00",
812
+ 77 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00\x00",
813
+ 78 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00\x00",
814
+ 79 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00\x00",
815
+ 80 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00",
816
+ 81 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00\x00",
817
+ 82 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00\x00",
818
+ 83 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00\x00",
819
+ 84 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00\x00",
820
+ 85 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00\x00",
821
+ 86 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00\x00",
822
+ 87 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00\x00",
823
+ 88 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00",
824
+ 89 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00\x00",
825
+ 90 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00\x00",
826
+ 91 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00\x00",
827
+ 92 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00\x00",
828
+ 93 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00\x00",
829
+ 94 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00\x00",
830
+ 95 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00\x00",
831
+ 96 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00",
832
+ 97 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00\x00",
833
+ 98 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00\x00",
834
+ 99 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00\x00",
835
+ 100 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00\x00",
836
+ 101 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00\x00",
837
+ 102 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00\x00",
838
+ 103 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00\x00",
839
+ 104 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00",
840
+ 105 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00\x00",
841
+ 106 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00\x00",
842
+ 107 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00\x00",
843
+ 108 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00\x00",
844
+ 109 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00\x00",
845
+ 110 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00\x00",
846
+ 111 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00\x00",
847
+ 112 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00",
848
+ 113 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80\x00",
849
+ 114 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0\x00",
850
+ 115 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0\x00",
851
+ 116 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0\x00",
852
+ 117 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8\x00",
853
+ 118 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc\x00",
854
+ 119 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\x00",
855
+ 120 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00",
856
+ 121 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x80",
857
+ 122 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xc0",
858
+ 123 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xe0",
859
+ 124 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf0",
860
+ 125 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf8",
861
+ 126 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfc",
862
+ 127 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
863
+ 128 => "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
864
+ );
865
+ /*
866
+ * The above is generated by:
867
+ *
868
+ function gen_mask($prefix, $size = 128) {
869
+ //Workaround to avoid overflow, split into four pieces
870
+ $mask_1 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 1 * $size / 4 - $prefix))) - 1);
871
+ $mask_2 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 2 * $size / 4 - $prefix))) - 1);
872
+ $mask_3 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 3 * $size / 4 - $prefix))) - 1);
873
+ $mask_4 = (pow(2, $size / 4) - 1) ^ (pow(2, min($size / 4, max(0, 4 * $size / 4 - $prefix))) - 1);
874
+ return ($mask_1 ? pack('N', $mask_1) : "\0\0\0\0") . ($mask_2 ? pack('N', $mask_2) : "\0\0\0\0") . ($mask_3 ? pack('N', $mask_3) : "\0\0\0\0") . ($mask_4 ? pack('N', $mask_4) : "\0\0\0\0");
875
}
876
+
877
+ $masks = array();
878
+ for ($i = 0; $i <= 128; $i++) {
879
+ $mask = gen_mask($i);
880
+ $chars = str_split($mask);
881
+ $masks[] = implode('', array_map(function($c) { return '\\x' . bin2hex($c); }, $chars));
882
}
883
+
884
+ echo 'array(' . "\n";
885
+ foreach ($masks as $index => $m) {
886
+ echo "\t{$index} => \"{$m}\",\n";
887
}
888
+ echo ')';
889
+ *
890
+ */
891
+
892
+ if (isset($_network_cache[$subnet])) {
893
+ list($bin_network, $prefix, $masked_network) = $_network_cache[$subnet];
894
+ $mask = $_masks[$prefix];
895
+ }
896
+ else {
897
+ list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
898
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
899
+ // If no prefix was supplied, 32 is implied for IPv4
900
+ if ($prefix === null) {
901
+ $prefix = 32;
902
+ }
903
+
904
+ // Validate the IPv4 network prefix
905
+ if ($prefix < 0 || $prefix > 32) {
906
+ return false;
907
+ }
908
+
909
+ // Increase the IPv4 network prefix to work in the IPv6 address space
910
+ $prefix += 96;
911
+ }
912
+ else {
913
+ // If no prefix was supplied, 128 is implied for IPv6
914
+ if ($prefix === null) {
915
+ $prefix = 128;
916
+ }
917
+
918
+ // Validate the IPv6 network prefix
919
+ if ($prefix < 1 || $prefix > 128) {
920
+ return false;
921
+ }
922
}
923
+ $mask = $_masks[$prefix];
924
+ $bin_network = self::inet_pton($network);
925
+ $masked_network = $bin_network & $mask;
926
+ $_network_cache[$subnet] = array($bin_network, $prefix, $masked_network);
927
}
928
+
929
+ if (isset($_ip_cache[$ip]) && isset($_ip_cache[$ip][$prefix])) {
930
+ list($bin_ip, $masked_ip) = $_ip_cache[$ip][$prefix];
931
}
932
+ else {
933
+ $bin_ip = self::inet_pton($ip);
934
+ $masked_ip = $bin_ip & $mask;
935
+ if (!isset($_ip_cache[$ip])) {
936
+ $_ip_cache[$ip] = array();
937
+ }
938
+ $_ip_cache[$ip][$prefix] = array($bin_ip, $masked_ip);
939
+ }
940
+
941
+ return ($masked_ip === $masked_network);
942
}
943
944
/**
views/reports/activity-report-email-inline.php CHANGED
@@ -355,7 +355,12 @@ h6 a:visited { color: purple !important; }
355
<?php wfHelperString::cycle(); ?>
356
357
<h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Updates Needed', 'wordfence'); ?></h2>
358
-
359
<?php if ($updates_needed['core']): ?>
360
<h4 style="font-size: 16px; vertical-align: baseline; clear: both; color: #666666 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Core', 'wordfence'); ?></h4>
361
<ul style="font-size: 100%; vertical-align: baseline; list-style-type: none; margin: 0; padding: 0; border: 0;">
355
<?php wfHelperString::cycle(); ?>
356
357
<h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Updates Needed', 'wordfence'); ?></h2>
358
+
359
+ <?php
360
+ if (!is_array($updates_needed)) {
361
+ $updates_needed = array('core' => array(), 'plugins' => array(), 'themes' => array());
362
+ }
363
+ ?>
364
<?php if ($updates_needed['core']): ?>
365
<h4 style="font-size: 16px; vertical-align: baseline; clear: both; color: #666666 !important; margin: 20px 0 4px; padding: 0; border: 0;"><?php _e('Core', 'wordfence'); ?></h4>
366
<ul style="font-size: 100%; vertical-align: baseline; list-style-type: none; margin: 0; padding: 0; border: 0;">
views/reports/activity-report.php CHANGED
@@ -163,6 +163,11 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
163
164
<h2><?php _e('Updates Needed', 'wordfence'); ?></h2>
165
166
<?php if ($updates_needed['core']): ?>
167
<h4><?php _e('Core', 'wordfence'); ?></h4>
168
<ul>
163
164
<h2><?php _e('Updates Needed', 'wordfence'); ?></h2>
165
166
+ <?php
167
+ if (!is_array($updates_needed)) {
168
+ $updates_needed = array('core' => array(), 'plugins' => array(), 'themes' => array());
169
+ }
170
+ ?>
171
<?php if ($updates_needed['core']): ?>
172
<h4><?php _e('Core', 'wordfence'); ?></h4>
173
<ul>
wordfence.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
Author: Wordfence
7
- Version: 7.4.1
8
Author URI: http://www.wordfence.com/
9
Network: true
10
*/
@@ -15,8 +15,8 @@ if(defined('WP_INSTALLING') && WP_INSTALLING){
15
if (!defined('ABSPATH')) {
16
exit;
17
}
18
- define('WORDFENCE_VERSION', '7.4.1');
19
- define('WORDFENCE_BUILD_NUMBER', '1573059078');
20
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
Author: Wordfence
7
+ Version: 7.4.2
8
Author URI: http://www.wordfence.com/
9
Network: true
10
*/
15
if (!defined('ABSPATH')) {
16
exit;
17
}
18
+ define('WORDFENCE_VERSION', '7.4.2');
19
+ define('WORDFENCE_BUILD_NUMBER', '1575390485');
20
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22