WP-Ban - Version 1.69.1

Version Description

Release Info

Developer	GamerZ
Plugin	WP-Ban
Version	1.69.1
Comparing to
See all releases

Code changes from version 1.69 to 1.69.1

Files changed (3) hide show

ban-options.php +64 -56
readme.txt +35 -35
wp-ban.php +33 -33

ban-options.php CHANGED Viewed

	@@ -9,6 +9,15 @@ $base_name = plugin_basename('wp-ban/ban-options.php');
9	$base_page = 'admin.php?page='.$base_name;
10	$admin_login = trim($current_user->user_login);
11









12	### Form Processing
13	// Update Options
14	if( ! empty( $_POST['Submit'] ) ) {
	@@ -24,101 +33,101 @@ if( ! empty( $_POST['Submit'] ) ) {
24	$banned_referers_post = ! empty( $_POST['banned_referers'] ) ? explode( "\n", trim($_POST['banned_referers'] ) ) : array();
25	$banned_user_agents_post = ! empty( $_POST['banned_user_agents'] ) ? explode( "\n", trim($_POST['banned_user_agents'] ) ) : array();
26	$banned_exclude_ips_post = ! empty( $_POST['banned_exclude_ips'] ) ? explode( "\n", trim( $_POST['banned_exclude_ips'] ) ) : array();
27	- $banned_message = ! empty( $_POST['banned_template_message'] ) ? trim( $_POST['banned_template_message'] ) : '';
28
29	$banned_ips = array();
30	- if(!empty($banned_ips_post)) {
31	- foreach($banned_ips_post as $banned_ip) {
32	- if($admin_login == 'admin' && ($banned_ip == ban_get_ip() \|\| is_admin_ip($banned_ip))) {
33	- $text .= '<p style="color: blue;">'.sprintf(__('This IP \'%s\' Belongs To The Admin And Will Not Be Added To Ban List', 'wp-ban'),$banned_ip).'</p>';
34	} else {
35	- $banned_ips[] = trim($banned_ip);
36	}
37	}
38	}
39
40	$banned_ips_range = array();
41	- if( ! empty( $banned_ips_range_post ) ) {
42	foreach( $banned_ips_range_post as $banned_ip_range ) {
43	$range = explode( '-', $banned_ip_range );
44	- if( sizeof( $range ) === 2 ) {
45	$range_start = trim( $range[0] );
46	$range_end = trim( $range[1] );
47	- if( $admin_login === 'admin' && ( check_ip_within_range( ban_get_ip(), $range_start, $range_end ) ) ) {
48	- $text .= '<p style="color: blue;">'.sprintf( __( 'The Admin\'s IP \'%s\' Fall Within This Range (%s - %s) And Will Not Be Added To Ban List', 'wp-ban' ), ban_get_ip(), $range_start, $range_end ).'</p>';
49	} else {
50	- $banned_ips_range[] = trim( $banned_ip_range );
51	}
52	}
53	}
54	}
55
56	$banned_hosts = array();
57	- if(!empty($banned_hosts_post)) {
58	- foreach($banned_hosts_post as $banned_host) {
59	- if($admin_login == 'admin' && ($banned_host == @gethostbyaddr(ban_get_ip()) \|\| is_admin_hostname($banned_host))) {
60	- $text .= '<p style="color: blue;">'.sprintf(__('This Hostname \'%s\' Belongs To The Admin And Will Not Be Added To Ban List', 'wp-ban'), $banned_host).'</p>';
61	} else {
62	- $banned_hosts[] = trim($banned_host);
63	}
64	}
65	}
66
67	$banned_referers = array();
68	- if(!empty($banned_referers_post)) {
69	- foreach($banned_referers_post as $banned_referer) {
70	- if(is_admin_referer($banned_referer)) {
71	- $text .= '<p style="color: blue;">'.sprintf(__('This Referer \'%s\' Belongs To This Site And Will Not Be Added To Ban List', 'wp-ban'), $banned_referer).'</p>';
72	} else {
73	- $banned_referers[] = trim($banned_referer);
74	}
75	}
76	}
77
78	$banned_user_agents = array();
79	- if(!empty($banned_user_agents_post)) {
80	- foreach($banned_user_agents_post as $banned_user_agent) {
81	- if(is_admin_user_agent($banned_user_agent)) {
82	- $text .= '<p style="color: blue;">'.sprintf(__('This User Agent \'%s\' Is Used By The Current Admin And Will Not Be Added To Ban List', 'wp-ban'), $banned_user_agent).'</p>';
83	} else {
84	- $banned_user_agents[] = trim($banned_user_agent);
85	}
86	}
87	}
88
89	$banned_exclude_ips = array();
90	- if(!empty($banned_exclude_ips_post)) {
91	- foreach($banned_exclude_ips_post as $banned_exclude_ip) {
92	- $banned_exclude_ips[] = trim($banned_exclude_ip);
93	}
94	}
95	$update_ban_queries = array();
96	$update_ban_queries[] = update_option( 'banned_options', $banned_options );
97	- $update_ban_queries[] = update_option('banned_ips', $banned_ips);
98	- $update_ban_queries[] = update_option('banned_ips_range', $banned_ips_range);
99	- $update_ban_queries[] = update_option('banned_hosts', $banned_hosts);
100	- $update_ban_queries[] = update_option('banned_referers', $banned_referers);
101	- $update_ban_queries[] = update_option('banned_user_agents', $banned_user_agents);
102	- $update_ban_queries[] = update_option('banned_exclude_ips', $banned_exclude_ips);
103	- $update_ban_queries[] = update_option('banned_message', $banned_message);
104	$update_ban_text = array();
105	$update_ban_text[] = __( 'Banned Options', 'wp-ban' );
106	- $update_ban_text[] = __('Banned IPs', 'wp-ban');
107	- $update_ban_text[] = __('Banned IP Range', 'wp-ban');
108	- $update_ban_text[] = __('Banned Host Names', 'wp-ban');
109	- $update_ban_text[] = __('Banned Referers', 'wp-ban');
110	- $update_ban_text[] = __('Banned User Agents', 'wp-ban');
111	- $update_ban_text[] = __('Banned Excluded IPs', 'wp-ban');
112	- $update_ban_text[] = __('Banned Message', 'wp-ban');
113	- $i=0;
114	- foreach($update_ban_queries as $update_ban_query) {
115	- if($update_ban_query) {
116	- $text .= '<p style="color: green;">'.$update_ban_text[$i].' '.__('Updated', 'wp-ban').'</p>';
117	}
118	$i++;
119	}
120	- if(empty($text)) {
121	- $text = '<p style="color: red;">'.__('No Ban Option Updated', 'wp-ban').'</p>';
122	}
123	}
124	if( ! empty( $_POST['do'] ) ) {
	@@ -202,7 +211,7 @@ $banned_options = get_option( 'banned_options' );
202	var default_template;
203	switch(template) {
204	case "message":
205	- default_template = "~~<!DOCTYPE html>\n~~<html>\n<head>\n<meta charset=\"utf-8\">\n<title>%SITE_NAME% - %SITE_URL%</title>\n</head>\n<body>\n<div id=\"wp-ban-container\">\n<p style=\"text-align: center; font-weight: bold;\"><?php _e('You Are Banned.', 'wp-ban'); ?></p>\n</div>\n</body>\n</html>";
206	break;
207	}
208	jQuery("#banned_template_" + template).val(default_template);
	@@ -251,7 +260,6 @@ $banned_options = get_option( 'banned_options' );
251	<form method="post" action="<?php echo admin_url('admin.php?page='.plugin_basename(__FILE__)); ?>">
252	<?php wp_nonce_field('wp-ban_templates'); ?>
253	<div class="wrap">
254	- <?php screen_icon(); ?>
255	<h2><?php _e('Ban Options', 'wp-ban'); ?></h2>
256	<table class="widefat">
257	<thead>
	@@ -270,14 +278,14 @@ $banned_options = get_option( 'banned_options' );
270	</tr>
271	<tr>
272	<td><?php _e('User Agent', 'wp-ban'); ?>:</td>
273	- <td><strong><?php echo $_SERVER['HTTP_USER_AGENT']; ?></strong></td>
274	</tr>
275	<tr class="alternate">
276	<td><?php _e('Site URL', 'wp-ban'); ?>:</td>
277	<td><strong><?php echo get_option('home'); ?></strong></td>
278	</tr>
279	<tr>
280	- <td valign="top" colspan="2" ~~align~~="center">
281	<?php _e('Please <strong>DO NOT</strong> ban yourself.', 'wp-ban'); ?>
282	</td>
283	</tr>
	@@ -329,7 +337,7 @@ $banned_options = get_option( 'banned_options' );
329	<tr>
330	<td valign="top">
331	<strong><?php _e('Banned Host Names', 'wp-ban'); ?>:</strong><br />
332	- <?php _e('Use <strong>*</strong> for wildcards', 'wp-ban'); ~~?>.<~~br />
333	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
334	<?php _e('Examples:', 'wp-ban'); ?>
335	<p style="margin: 2px 0"><strong>»</strong> <span dir="ltr">*.sg</span></p>
	@@ -343,7 +351,7 @@ $banned_options = get_option( 'banned_options' );
343	<tr>
344	<td valign="top">
345	<strong><?php _e('Banned Referers', 'wp-ban'); ?>:</strong><br />
346	- <?php _e('Use <strong>*</strong> for wildcards', 'wp-ban'); ~~?>.<~~br />
347	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
348	<?php _e('Examples:', 'wp-ban'); ?><br />
349	<strong>»</strong> <span dir="ltr">http://*.blogspot.com</span><br /><br />
	@@ -357,7 +365,7 @@ $banned_options = get_option( 'banned_options' );
357	<tr>
358	<td valign="top">
359	<strong><?php _e('Banned User Agents', 'wp-ban'); ?>:</strong><br />
360	- <?php _e('Use <strong>*</strong> for wildcards', 'wp-ban'); ~~?>.<~~br />
361	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
362	<?php _e('Examples:', 'wp-ban'); ?>
363	<p style="margin: 2px 0"><strong>»</strong> <span dir="ltr">EmailSiphon*</span></p>


9	$base_page = 'admin.php?page='.$base_name;
10	$admin_login = trim($current_user->user_login);
11
12	+ # Allow HTML
13	+ $allowed_tags = wp_kses_allowed_html( 'post' );
14	+ $allowed_tags['html'] = true;
15	+ $allowed_tags['head'] = true;
16	+ $allowed_tags['meta'] = array(
17	+ 'charset' => true,
18	+ );
19	+ $allowed_tags['body'] = true;
20	+
21	### Form Processing
22	// Update Options
23	if( ! empty( $_POST['Submit'] ) ) {

33	$banned_referers_post = ! empty( $_POST['banned_referers'] ) ? explode( "\n", trim($_POST['banned_referers'] ) ) : array();
34	$banned_user_agents_post = ! empty( $_POST['banned_user_agents'] ) ? explode( "\n", trim($_POST['banned_user_agents'] ) ) : array();
35	$banned_exclude_ips_post = ! empty( $_POST['banned_exclude_ips'] ) ? explode( "\n", trim( $_POST['banned_exclude_ips'] ) ) : array();
36	+ $banned_message = ! empty( $_POST['banned_template_message'] ) ? wp_kses( trim( $_POST['banned_template_message'] ), $allowed_tags ) : '';
37
38	$banned_ips = array();
39	+ if ( ! empty( $banned_ips_post ) ) {
40	+ foreach ( $banned_ips_post as $banned_ip ) {
41	+ if( $admin_login === 'admin' && ( $banned_ip === ban_get_ip() \|\| is_admin_ip( $banned_ip ) ) ) {
42	+ $text .= '<p style="color: blue;">' . sprintf( __( 'This IP \'%s\' Belongs To The Admin And Will Not Be Added To Ban List', 'wp-ban' ), $banned_ip ) . '</p>';
43	} else {
44	+ $banned_ips[] = esc_html( trim( $banned_ip ) );
45	}
46	}
47	}
48
49	$banned_ips_range = array();
50	+ if ( ! empty( $banned_ips_range_post ) ) {
51	foreach( $banned_ips_range_post as $banned_ip_range ) {
52	$range = explode( '-', $banned_ip_range );
53	+ if ( sizeof( $range ) === 2 ) {
54	$range_start = trim( $range[0] );
55	$range_end = trim( $range[1] );
56	+ if ( $admin_login === 'admin' && ( check_ip_within_range( ban_get_ip(), $range_start, $range_end ) ) ) {
57	+ $text .= '<p style="color: blue;">' . sprintf( __( 'The Admin\'s IP \'%s\' Fall Within This Range (%s - %s) And Will Not Be Added To Ban List', 'wp-ban' ), ban_get_ip(), $range_start, $range_end ) . '</p>';
58	} else {
59	+ $banned_ips_range[] = esc_html( trim( $banned_ip_range ) );
60	}
61	}
62	}
63	}
64
65	$banned_hosts = array();
66	+ if ( ! empty( $banned_hosts_post ) ) {
67	+ foreach ( $banned_hosts_post as $banned_host ) {
68	+ if ( $admin_login === 'admin' && ( $banned_host === @gethostbyaddr( ban_get_ip() ) \|\| is_admin_hostname( $banned_host ) ) ) {
69	+ $text .= '<p style="color: blue;">' . sprintf( __( 'This Hostname \'%s\' Belongs To The Admin And Will Not Be Added To Ban List', 'wp-ban' ), $banned_host ) . '</p>';
70	} else {
71	+ $banned_hosts[] = esc_html( trim( $banned_host ) );
72	}
73	}
74	}
75
76	$banned_referers = array();
77	+ if ( ! empty( $banned_referers_post ) ) {
78	+ foreach ( $banned_referers_post as $banned_referer ) {
79	+ if ( is_admin_referer( $banned_referer ) ) {
80	+ $text .= '<p style="color: blue;">' . sprintf( __( 'This Referer \'%s\' Belongs To This Site And Will Not Be Added To Ban List', 'wp-ban' ), $banned_referer ) . '</p>';
81	} else {
82	+ $banned_referers[] = esc_html( trim( $banned_referer ) );
83	}
84	}
85	}
86
87	$banned_user_agents = array();
88	+ if ( ! empty( $banned_user_agents_post ) ) {
89	+ foreach ( $banned_user_agents_post as $banned_user_agent ) {
90	+ if ( is_admin_user_agent( $banned_user_agent ) ) {
91	+ $text .= '<p style="color: blue;">' . sprintf( __( 'This User Agent \'%s\' Is Used By The Current Admin And Will Not Be Added To Ban List', 'wp-ban' ), $banned_user_agent ) . '</p>';
92	} else {
93	+ $banned_user_agents[] = esc_html( trim( $banned_user_agent ) );
94	}
95	}
96	}
97
98	$banned_exclude_ips = array();
99	+ if ( ! empty( $banned_exclude_ips_post ) ) {
100	+ foreach ( $banned_exclude_ips_post as $banned_exclude_ip ) {
101	+ $banned_exclude_ips[] = esc_html( trim( $banned_exclude_ip ) );
102	}
103	}
104	$update_ban_queries = array();
105	$update_ban_queries[] = update_option( 'banned_options', $banned_options );
106	+ $update_ban_queries[] = update_option( 'banned_ips', $banned_ips );
107	+ $update_ban_queries[] = update_option( 'banned_ips_range', $banned_ips_range );
108	+ $update_ban_queries[] = update_option( 'banned_hosts', $banned_hosts );
109	+ $update_ban_queries[] = update_option( 'banned_referers', $banned_referers );
110	+ $update_ban_queries[] = update_option( 'banned_user_agents', $banned_user_agents );
111	+ $update_ban_queries[] = update_option( 'banned_exclude_ips', $banned_exclude_ips );
112	+ $update_ban_queries[] = update_option( 'banned_message', $banned_message );
113	$update_ban_text = array();
114	$update_ban_text[] = __( 'Banned Options', 'wp-ban' );
115	+ $update_ban_text[] = __( 'Banned IPs', 'wp-ban');
116	+ $update_ban_text[] = __( 'Banned IP Range', 'wp-ban');
117	+ $update_ban_text[] = __( 'Banned Host Names', 'wp-ban');
118	+ $update_ban_text[] = __( 'Banned Referers', 'wp-ban');
119	+ $update_ban_text[] = __( 'Banned User Agents', 'wp-ban');
120	+ $update_ban_text[] = __( 'Banned Excluded IPs', 'wp-ban');
121	+ $update_ban_text[] = __( 'Banned Message', 'wp-ban');
122	+ $i = 0;
123	+ foreach ( $update_ban_queries as $update_ban_query ) {
124	+ if ( $update_ban_query ) {
125	+ $text .= '<p style="color: green;">' . $update_ban_text[$i] . ' ' . __( 'Updated', 'wp-ban' ) . '</p>';
126	}
127	$i++;
128	}
129	+ if ( empty( $text ) ) {
130	+ $text = '<p style="color: red;">' . __( 'No Ban Option Updated', 'wp-ban' ) . '</p>';
131	}
132	}
133	if( ! empty( $_POST['do'] ) ) {

211	var default_template;
212	switch(template) {
213	case "message":
214	+ default_template = "<html>\n<head>\n<meta charset=\"utf-8\">\n<title>%SITE_NAME% - %SITE_URL%</title>\n</head>\n<body>\n<div id=\"wp-ban-container\">\n<p style=\"text-align: center; font-weight: bold;\"><?php _e('You Are Banned.', 'wp-ban'); ?></p>\n</div>\n</body>\n</html>";
215	break;
216	}
217	jQuery("#banned_template_" + template).val(default_template);

260	<form method="post" action="<?php echo admin_url('admin.php?page='.plugin_basename(__FILE__)); ?>">
261	<?php wp_nonce_field('wp-ban_templates'); ?>
262	<div class="wrap">

263	<h2><?php _e('Ban Options', 'wp-ban'); ?></h2>
264	<table class="widefat">
265	<thead>

278	</tr>
279	<tr>
280	<td><?php _e('User Agent', 'wp-ban'); ?>:</td>
281	+ <td><strong><?php echo (!isset($_SERVER["HTTP_USER_AGENT"]) ? __('Unknown', 'wp-ban') : esc_html($_SERVER['HTTP_USER_AGENT'])); ?></strong></td>
282	</tr>
283	<tr class="alternate">
284	<td><?php _e('Site URL', 'wp-ban'); ?>:</td>
285	<td><strong><?php echo get_option('home'); ?></strong></td>
286	</tr>
287	<tr>
288	+ <td valign="top" colspan="2" style="text-align: center;">
289	<?php _e('Please <strong>DO NOT</strong> ban yourself.', 'wp-ban'); ?>
290	</td>
291	</tr>

337	<tr>
338	<td valign="top">
339	<strong><?php _e('Banned Host Names', 'wp-ban'); ?>:</strong><br />
340	+ <?php _e('Use <strong>*</strong> for wildcards.', 'wp-ban'); ?><br />
341	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
342	<?php _e('Examples:', 'wp-ban'); ?>
343	<p style="margin: 2px 0"><strong>»</strong> <span dir="ltr">*.sg</span></p>

351	<tr>
352	<td valign="top">
353	<strong><?php _e('Banned Referers', 'wp-ban'); ?>:</strong><br />
354	+ <?php _e('Use <strong>*</strong> for wildcards.', 'wp-ban'); ?><br />
355	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
356	<?php _e('Examples:', 'wp-ban'); ?><br />
357	<strong>»</strong> <span dir="ltr">http://*.blogspot.com</span><br /><br />

365	<tr>
366	<td valign="top">
367	<strong><?php _e('Banned User Agents', 'wp-ban'); ?>:</strong><br />
368	+ <?php _e('Use <strong>*</strong> for wildcards.', 'wp-ban'); ?><br />
369	<?php _e('Start each entry on a new line.', 'wp-ban'); ?><br /><br />
370	<?php _e('Examples:', 'wp-ban'); ?>
371	<p style="margin: 2px 0"><strong>»</strong> <span dir="ltr">EmailSiphon*</span></p>

readme.txt CHANGED Viewed

	@@ -1,85 +1,85 @@
1	- ~~===~~ WP-Ban ~~===~~
2	Contributors: GamerZ
3	Donate link: https://lesterchan.net/site/donation/
4	Tags: banned, ban, deny, denied, permission, ip, hostname, host, spam, bots, bot, exclude, referrer, url, referral, range
5	Requires at least: 4.3
6	- Tested up to: 4.7
7	- Stable tag: 1.69
8
9	Ban users by IP, IP Range, host name, user agent and referrer url from visiting your WordPress's blog.
10
11	- == Description ==
12	It will display a custom ban message when the banned IP, IP range, host name or referrer url that tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recorded on how many times they attempt to visit your blog. It allows wildcard matching too.
13
14	- = ~~Build Status =~~
15	- [![Build Status](https://travis-ci.org/lesterchan/wp-ban.svg?branch=master)](https://travis-ci.org/lesterchan/wp-ban)
16	-
17	- = Development =
18	* [https://github.com/lesterchan/wp-ban](https://github.com/lesterchan/wp-ban "https://github.com/lesterchan/wp-ban")
19
20	- = Translations =
21	* [http://dev.wp-plugins.org/browser/wp-ban/i18n/](http://dev.wp-plugins.org/browser/wp-ban/i18n/ "http://dev.wp-plugins.org/browser/wp-ban/i18n/")
22
23	- = Credits =
24	* Plugin icon by [Dave Gandy](http://fontawesome.io) from [Flaticon](http://www.flaticon.com)
25
26	- = Donations =
27	* I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.
28
29	- == Changelog ==
30	- = Version 1.69 =



31	* NEW: Bump WordPress 4.7
32	* FIXED: Notices
33
34	- = Version 1.68 =
35	* NEW: Use translate.wordpress.org to translate the plugin
36	* NEW: Use HTML DOCTYPE
37	* FIXED: Remove get_language_attributes()
38
39	- = Version 1.67 =
40	* FIXED: Notices
41
42	- = Version 1.66 =
43	* FIXED: Cannot redeclare get_language_attributes()
44
45	- = Version 1.65 =
46	* NEW: Supports WordPress Multisite Network Activation
47	* NEW: Uses native WordPress uninstall.php
48
49	- = Version 1.64 =
50	* NEW: Added a new ban option 'reverse proxy' to allow user to choose whether to check against HTTP_X_FORWARDED_FOR header for IP. Props Tom Adams at dxw. This fixes [CVE-2014-6230](https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/)
51
52	- = Version 1.63 =
53	* FIXED: Notices
54
55	- = Version 1.62 (12-03-2013) =
56	* FIXED: Use a different modifier for preg_match() and use preg_quote() to escape regex
57
58	- = Version 1.61 (11-03-2013) =
59	* FIXED: Replace ereg() with preg_match()
60
61	- = Version 1.60 (23-05-2012) =
62	* NEW: AJAX Preview Of Current Banned Message
63	* NEW: Added nonce To Form
64	* FIXED: Don't Process Ban If Any Of The Conditions Are Empty
65
66	- = Version 1.50 (01-06-2009) =
67	* NEW: Added "Your User Agent" Details
68	* NEW: Uses jQuery Framework
69	* FIXED: Uses $_SERVER['PHP_SELF'] With plugin_basename(__FILE__) Instead Of Just $_SERVER['REQUEST_URI']
70
71	- = Version 1.40 (12-12-2008) =
72	* NEW: Works With WordPress 2.7 Only
73	* NEW: Changed Ban Admin Setting Location To 'WP-Admin -> Settings -> Ban'
74	* NEW: Right To Left Language Support by Kambiz R. Khojasteh
75	* NEW: Called ban_textdomain() In ban_init() by Kambiz R. Khojasteh
76	* NEW: Use language_attributes() To Get Attributes Of HTML Tag For Default Template by Kambiz R. Khojasteh
77
78	- = Version 1.31 (16-07-2008) =
79	* NEW: Works With WordPress 2.6
80	* FIXED: Do Not Ban If IP is "unknown"
81
82	- = Version 1.30 (01-06-2008) =
83	* NEW: Uses /wp-ban/ Folder Instead Of /ban/
84	* NEW: Uses wp-ban.php Instead Of ban.php
85	* NEW: Uses number_format_i18n()
	@@ -87,17 +87,17 @@ It will display a custom ban message when the banned IP, IP range, host name or
87	* NEW: Banned By User Agents (By: Jorge Garcia de Bustos)
88	* FIXED: "unknown" IPs (By: Jorge Garcia de Bustos)
89
90	- = Version 1.20 (01-10-2007) =
91	* NEW: Ability To Uninstall WP-Ban
92	* NEW: Moved Ban Options From ban.php To ban-options.php
93
94	- = Version 1.11 (01-06-2007 =
95	* NEW: Banned By Referer URL
96	* NEW: Ability To Exclude Specific IPs From Being Banned
97	* NEW: Added Template Variables For User Attempts Count And Total Attempts Count
98	* FIXED: Suppress gethostbyaddr() Error
99
100	- = Version 1.10 (01-02-2007) =
101	* NEW: Works For WordPress 2.1 Only
102	* NEW: Move ban.php To ban Folder
103	* NEW: Localize WP-Ban
	@@ -106,34 +106,34 @@ It will display a custom ban message when the banned IP, IP range, host name or
106	* NEW: Added Toggle All Checkboxes
107	* FIXED: Main Administrator Of The Site Cannot Be Banned
108
109	- = Version 1.00 (02-01-2007) =
110	* NEW: Initial Release
111
112	- == Installation ==
113
114	1. Open `wp-content/plugins` Folder
115	2. Put: `Folder: wp-ban`
116	3. Activate `WP-Ban` Plugin
117	4. Go to `WP-Admin -> Settings -> Ban` to configure the plugin
118
119	- == Upgrading ==
120
121	1. Deactivate `WP-Ban` Plugin
122	2. Open `wp-content/plugins` Folder
123	3. Put/Overwrite: `Folder: wp-ban`
124	4. Activate `WP-Ban` Plugin
125
126	- == Upgrade Notice ==
127
128	N/A
129
130	- == Screenshots ==
131
132	1. Admin - Ban
133	2. Admin - Ban
134	3. Admin - Ban
135	4. Ban - Message
136
137	- == Frequently Asked Questions ==
138
139	N/A


1	+ # WP-Ban
2	Contributors: GamerZ
3	Donate link: https://lesterchan.net/site/donation/
4	Tags: banned, ban, deny, denied, permission, ip, hostname, host, spam, bots, bot, exclude, referrer, url, referral, range
5	Requires at least: 4.3
6	+ Tested up to: 6.1
7	+ Stable tag: 1.69.1
8
9	Ban users by IP, IP Range, host name, user agent and referrer url from visiting your WordPress's blog.
10
11	+ ## Description
12	It will display a custom ban message when the banned IP, IP range, host name or referrer url that tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recorded on how many times they attempt to visit your blog. It allows wildcard matching too.
13
14	+ ### Development



15	* [https://github.com/lesterchan/wp-ban](https://github.com/lesterchan/wp-ban "https://github.com/lesterchan/wp-ban")
16
17	+ ### Translations
18	* [http://dev.wp-plugins.org/browser/wp-ban/i18n/](http://dev.wp-plugins.org/browser/wp-ban/i18n/ "http://dev.wp-plugins.org/browser/wp-ban/i18n/")
19
20	+ ### Credits
21	* Plugin icon by [Dave Gandy](http://fontawesome.io) from [Flaticon](http://www.flaticon.com)
22
23	+ ### Donations
24	* I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.
25
26	+ ## Changelog
27	+ ### Version 1.69.1
28	+ * NEW: Fixed XSS
29	+
30	+ ### Version 1.69
31	* NEW: Bump WordPress 4.7
32	* FIXED: Notices
33
34	+ ### Version 1.68
35	* NEW: Use translate.wordpress.org to translate the plugin
36	* NEW: Use HTML DOCTYPE
37	* FIXED: Remove get_language_attributes()
38
39	+ ### Version 1.67
40	* FIXED: Notices
41
42	+ ### Version 1.66
43	* FIXED: Cannot redeclare get_language_attributes()
44
45	+ ### Version 1.65
46	* NEW: Supports WordPress Multisite Network Activation
47	* NEW: Uses native WordPress uninstall.php
48
49	+ ### Version 1.64
50	* NEW: Added a new ban option 'reverse proxy' to allow user to choose whether to check against HTTP_X_FORWARDED_FOR header for IP. Props Tom Adams at dxw. This fixes [CVE-2014-6230](https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/)
51
52	+ ### Version 1.63
53	* FIXED: Notices
54
55	+ ### Version 1.62 (12-03-2013)
56	* FIXED: Use a different modifier for preg_match() and use preg_quote() to escape regex
57
58	+ ### Version 1.61 (11-03-2013)
59	* FIXED: Replace ereg() with preg_match()
60
61	+ ### Version 1.60 (23-05-2012)
62	* NEW: AJAX Preview Of Current Banned Message
63	* NEW: Added nonce To Form
64	* FIXED: Don't Process Ban If Any Of The Conditions Are Empty
65
66	+ ### Version 1.50 (01-06-2009)
67	* NEW: Added "Your User Agent" Details
68	* NEW: Uses jQuery Framework
69	* FIXED: Uses $_SERVER['PHP_SELF'] With plugin_basename(__FILE__) Instead Of Just $_SERVER['REQUEST_URI']
70
71	+ ### Version 1.40 (12-12-2008)
72	* NEW: Works With WordPress 2.7 Only
73	* NEW: Changed Ban Admin Setting Location To 'WP-Admin -> Settings -> Ban'
74	* NEW: Right To Left Language Support by Kambiz R. Khojasteh
75	* NEW: Called ban_textdomain() In ban_init() by Kambiz R. Khojasteh
76	* NEW: Use language_attributes() To Get Attributes Of HTML Tag For Default Template by Kambiz R. Khojasteh
77
78	+ ### Version 1.31 (16-07-2008)
79	* NEW: Works With WordPress 2.6
80	* FIXED: Do Not Ban If IP is "unknown"
81
82	+ ### Version 1.30 (01-06-2008)
83	* NEW: Uses /wp-ban/ Folder Instead Of /ban/
84	* NEW: Uses wp-ban.php Instead Of ban.php
85	* NEW: Uses number_format_i18n()

87	* NEW: Banned By User Agents (By: Jorge Garcia de Bustos)
88	* FIXED: "unknown" IPs (By: Jorge Garcia de Bustos)
89
90	+ ### Version 1.20 (01-10-2007)
91	* NEW: Ability To Uninstall WP-Ban
92	* NEW: Moved Ban Options From ban.php To ban-options.php
93
94	+ ### Version 1.11 (01-06-2007
95	* NEW: Banned By Referer URL
96	* NEW: Ability To Exclude Specific IPs From Being Banned
97	* NEW: Added Template Variables For User Attempts Count And Total Attempts Count
98	* FIXED: Suppress gethostbyaddr() Error
99
100	+ ### Version 1.10 (01-02-2007)
101	* NEW: Works For WordPress 2.1 Only
102	* NEW: Move ban.php To ban Folder
103	* NEW: Localize WP-Ban

106	* NEW: Added Toggle All Checkboxes
107	* FIXED: Main Administrator Of The Site Cannot Be Banned
108
109	+ ### Version 1.00 (02-01-2007)
110	* NEW: Initial Release
111
112	+ ## Installation
113
114	1. Open `wp-content/plugins` Folder
115	2. Put: `Folder: wp-ban`
116	3. Activate `WP-Ban` Plugin
117	4. Go to `WP-Admin -> Settings -> Ban` to configure the plugin
118
119	+ ## Upgrading
120
121	1. Deactivate `WP-Ban` Plugin
122	2. Open `wp-content/plugins` Folder
123	3. Put/Overwrite: `Folder: wp-ban`
124	4. Activate `WP-Ban` Plugin
125
126	+ ## Upgrade Notice
127
128	N/A
129
130	+ ## Screenshots
131
132	1. Admin - Ban
133	2. Admin - Ban
134	3. Admin - Ban
135	4. Ban - Message
136
137	+ ## Frequently Asked Questions
138
139	N/A

wp-ban.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WP-Ban
4	Plugin URI: https://lesterchan.net/portfolio/programming/php/
5	Description: Ban users by IP, IP Range, host name, user agent and referer url from visiting your WordPress's blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recordered on how many times they attemp to visit your blog. It allows wildcard matching too.
6	- Version: 1.69
7	Author: Lester 'GaMerZ' Chan
8	Author URI: https://lesterchan.net
9	Text Domain: wp-ban
	@@ -11,7 +11,7 @@ Text Domain: wp-ban
11
12
13	/*
14	- Copyright ~~2016~~ Lester Chan (email : lesterchan@gmail.com)
15
16	This program is free software; you can redistribute it and/or modify
17	it under the terms of the GNU General Public License as published by
	@@ -91,12 +91,12 @@ function preview_banned_message() {
91	function print_banned_message() {
92	$banned_ip = ban_get_ip();
93	$banned_stats = get_option( 'banned_stats' );
94	- if( isset( $banned_stats['count'] ) ) {
95	$banned_stats['count'] += 1;
96	} else {
97	$banned_stats['count'] = 1;
98	}
99	- if( isset( $banned_stats['users'][$banned_ip] ) ) {
100	$banned_stats['users'][$banned_ip] += 1;
101	} else {
102	$banned_stats['users'][$banned_ip] = 1;
	@@ -121,6 +121,7 @@ function print_banned_message() {
121	),
122	stripslashes( get_option( 'banned_message' ) )
123	);

124	echo $banned_message;
125	exit();
126	}
	@@ -156,60 +157,60 @@ function process_ban_ip_range($banned_ips_range) {
156
157
158	### Function: Banned
159	- add_action('init', 'banned');
160	function banned() {
161	$ip = ban_get_ip();
162	- if($ip == 'unknown') {
163	return;
164	}
165	- $banned_ips = get_option('banned_ips');
166	- if(is_array($banned_ips))
167	- $banned_ips = array_filter($banned_ips);
168
169	- $banned_ips_range = get_option('banned_ips_range');
170	- if(is_array($banned_ips_range))
171	- $banned_ips_range = array_filter($banned_ips_range);
172
173	- $banned_hosts = get_option('banned_hosts');
174	- if(is_array($banned_hosts))
175	- $banned_hosts = array_filter($banned_hosts);
176
177	- $banned_referers = get_option('banned_referers');
178	- if(is_array($banned_referers))
179	- $banned_referers = array_filter($banned_referers);
180
181	- $banned_user_agents = get_option('banned_user_agents');
182	- if(is_array($banned_user_agents))
183	- $banned_user_agents = array_filter($banned_user_agents);
184
185	$banned_exclude_ips = get_option('banned_exclude_ips');
186	- if(is_array($banned_exclude_ips))
187	- $banned_exclude_ips = array_filter($banned_exclude_ips);
188
189	$is_excluded = false;
190	- if(!empty($banned_exclude_ips)) {
191	- foreach($banned_exclude_ips as $banned_exclude_ip) {
192	- if($ip == $banned_exclude_ip) {
193	$is_excluded = true;
194	break;
195	}
196	}
197	}
198
199	- if( ! $is_excluded ) {
200	if( ! empty( $banned_ips ) ) {
201	process_ban( $banned_ips, $ip );
202	}
203	- if( ! empty( $banned_ips_range ) ) {
204	process_ban_ip_range( $banned_ips_range );
205	}
206	- if( ! empty( $banned_hosts ) ) {
207	process_ban( $banned_hosts, @gethostbyaddr( $ip ) );
208	}
209	- if( ! empty( $banned_referers ) && ! empty( $_SERVER['HTTP_REFERER'] ) ) {
210	process_ban( $banned_referers, $_SERVER['HTTP_REFERER'] );
211	}
212	- if( ! empty( $banned_user_agents ) && ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
213	process_ban( $banned_user_agents, $_SERVER['HTTP_USER_AGENT'] );
214	}
215	}
	@@ -299,8 +300,7 @@ function ban_activate() {
299	add_option('banned_ips', array());
300	add_option('banned_hosts',array());
301	add_option('banned_stats', array('users' => array(), 'count' => 0));
302	- add_option('banned_message', '~~<!DOCTYPE~~ html>'."\n".
303	- '<html>'."\n".
304	'<head>'."\n".
305	'<meta charset="utf-8">'."\n".
306	'<title>%SITE_NAME% - %SITE_URL%</title>'."\n".


3	Plugin Name: WP-Ban
4	Plugin URI: https://lesterchan.net/portfolio/programming/php/
5	Description: Ban users by IP, IP Range, host name, user agent and referer url from visiting your WordPress's blog. It will display a custom ban message when the banned IP, IP range, host name, user agent or referer url tries to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recordered on how many times they attemp to visit your blog. It allows wildcard matching too.
6	+ Version: 1.69.1
7	Author: Lester 'GaMerZ' Chan
8	Author URI: https://lesterchan.net
9	Text Domain: wp-ban

11
12
13	/*
14	+ Copyright 2022 Lester Chan (email : lesterchan@gmail.com)
15
16	This program is free software; you can redistribute it and/or modify
17	it under the terms of the GNU General Public License as published by

91	function print_banned_message() {
92	$banned_ip = ban_get_ip();
93	$banned_stats = get_option( 'banned_stats' );
94	+ if ( isset( $banned_stats['count'] ) ) {
95	$banned_stats['count'] += 1;
96	} else {
97	$banned_stats['count'] = 1;
98	}
99	+ if ( isset( $banned_stats['users'][$banned_ip] ) ) {
100	$banned_stats['users'][$banned_ip] += 1;
101	} else {
102	$banned_stats['users'][$banned_ip] = 1;

121	),
122	stripslashes( get_option( 'banned_message' ) )
123	);
124	+ echo '<!DOCTYPE html>' . "\n";
125	echo $banned_message;
126	exit();
127	}

157
158
159	### Function: Banned
160	+ add_action( 'init', 'banned' );
161	function banned() {
162	$ip = ban_get_ip();
163	+ if ( $ip === 'unknown' ) {
164	return;
165	}
166	+ $banned_ips = get_option( 'banned_ips' );
167	+ if ( is_array( $banned_ips ) )
168	+ $banned_ips = array_filter( $banned_ips );
169
170	+ $banned_ips_range = get_option( 'banned_ips_range' );
171	+ if ( is_array( $banned_ips_range ) )
172	+ $banned_ips_range = array_filter( $banned_ips_range );
173
174	+ $banned_hosts = get_option( 'banned_hosts' );
175	+ if ( is_array( $banned_hosts ) )
176	+ $banned_hosts = array_filter( $banned_hosts );
177
178	+ $banned_referers = get_option( 'banned_referers' );
179	+ if ( is_array( $banned_referers ) )
180	+ $banned_referers = array_filter( $banned_referers );
181
182	+ $banned_user_agents = get_option( 'banned_user_agents' );
183	+ if ( is_array( $banned_user_agents ) )
184	+ $banned_user_agents = array_filter( $banned_user_agents );
185
186	$banned_exclude_ips = get_option('banned_exclude_ips');
187	+ if ( is_array( $banned_exclude_ips ) )
188	+ $banned_exclude_ips = array_filter( $banned_exclude_ips );
189
190	$is_excluded = false;
191	+ if ( ! empty( $banned_exclude_ips ) ) {
192	+ foreach( $banned_exclude_ips as $banned_exclude_ip ) {
193	+ if ( $ip === $banned_exclude_ip ) {
194	$is_excluded = true;
195	break;
196	}
197	}
198	}
199
200	+ if ( ! $is_excluded ) {
201	if( ! empty( $banned_ips ) ) {
202	process_ban( $banned_ips, $ip );
203	}
204	+ if ( ! empty( $banned_ips_range ) ) {
205	process_ban_ip_range( $banned_ips_range );
206	}
207	+ if ( ! empty( $banned_hosts ) ) {
208	process_ban( $banned_hosts, @gethostbyaddr( $ip ) );
209	}
210	+ if ( ! empty( $banned_referers ) && ! empty( $_SERVER['HTTP_REFERER'] ) ) {
211	process_ban( $banned_referers, $_SERVER['HTTP_REFERER'] );
212	}
213	+ if ( ! empty( $banned_user_agents ) && ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
214	process_ban( $banned_user_agents, $_SERVER['HTTP_USER_AGENT'] );
215	}
216	}

300	add_option('banned_ips', array());
301	add_option('banned_hosts',array());
302	add_option('banned_stats', array('users' => array(), 'count' => 0));
303	+ add_option('banned_message', '<html>'."\n".

304	'<head>'."\n".
305	'<meta charset="utf-8">'."\n".
306	'<title>%SITE_NAME% - %SITE_URL%</title>'."\n".