WP fail2ban - Version 4.3.0.6

Version Description

  • Fix Forbidden error on Posts page for roles below Editor when user enum blocking enabled. [WordPress only]
Download this release

Release Info

Developer invisnet
Plugin Icon 128x128 WP fail2ban
Version 4.3.0.6
Comparing to
See all releases

Code changes from version 4.3.0.5 to 4.3.0.6

Files changed (7) hide show
  1. constants.php +1 -1
  2. feature/user-enum.php +8 -4
  3. filters.d/wordpress-extra.conf +1 -1
  4. filters.d/wordpress-hard.conf +1 -1
  5. filters.d/wordpress-soft.conf +1 -1
  6. readme.txt +8 -2
  7. wp-fail2ban.php +1 -1
constants.php CHANGED
@@ -13,7 +13,7 @@ namespace org\lecklider\charles\wordpress\wp_fail2ban;
13
  // @codeCoverageIgnoreStart
14
 
15
  if (!defined('WP_FAIL2BAN_VER')) {
16
- define('WP_FAIL2BAN_VER', '4.3.0.5');
17
  }
18
  if (!defined('WP_FAIL2BAN_VER_SHORT')) {
19
  define('WP_FAIL2BAN_VER_SHORT', '4.3');
13
  // @codeCoverageIgnoreStart
14
 
15
  if (!defined('WP_FAIL2BAN_VER')) {
16
+ define('WP_FAIL2BAN_VER', '4.3.0.6');
17
  }
18
  if (!defined('WP_FAIL2BAN_VER_SHORT')) {
19
  define('WP_FAIL2BAN_VER_SHORT', '4.3');
feature/user-enum.php CHANGED
@@ -45,9 +45,10 @@ function _log_bail_user_enum()
45
  *
46
  * @see \WP::parse_request()
47
  *
48
- * @since 4.3.0 Refactored to make XDebug happy; h/t @dinghy
49
- * Changed cap to 'edit_others_posts'
50
- * @since 3.5.0 Refactored for unit testing
 
51
  * @since 2.1.0
52
  *
53
  * @param \WP $query
@@ -56,7 +57,10 @@ function _log_bail_user_enum()
56
  */
57
  function parse_request($query)
58
  {
59
- if (!current_user_can('edit_others_posts') && intval(array_value('author', $query->query_vars))) {
 
 
 
60
  _log_bail_user_enum();
61
  }
62
 
45
  *
46
  * @see \WP::parse_request()
47
  *
48
+ * @since 4.3.0.6 Ignore `author` if it's the current user
49
+ * @since 4.3.0 Refactored to make XDebug happy; h/t @dinghy
50
+ * Changed cap to 'edit_others_posts'
51
+ * @since 3.5.0 Refactored for unit testing
52
  * @since 2.1.0
53
  *
54
  * @param \WP $query
57
  */
58
  function parse_request($query)
59
  {
60
+ if (!current_user_can('edit_others_posts') &&
61
+ !is_null($author = array_value('author', $query->query_vars)) &&
62
+ get_current_user_id() != intval($author))
63
+ {
64
  _log_bail_user_enum();
65
  }
66
 
filters.d/wordpress-extra.conf CHANGED
@@ -1,5 +1,5 @@
1
  # Fail2Ban filter for WordPress extra failures
2
- # Auto-generated: 2020-07-30T10:39:40+00:00
3
  #
4
 
5
  [INCLUDES]
1
  # Fail2Ban filter for WordPress extra failures
2
+ # Auto-generated: 2020-08-04T12:35:21+00:00
3
  #
4
 
5
  [INCLUDES]
filters.d/wordpress-hard.conf CHANGED
@@ -1,5 +1,5 @@
1
  # Fail2Ban filter for WordPress hard failures
2
- # Auto-generated: 2020-07-30T10:39:40+00:00
3
  #
4
 
5
  [INCLUDES]
1
  # Fail2Ban filter for WordPress hard failures
2
+ # Auto-generated: 2020-08-04T12:35:21+00:00
3
  #
4
 
5
  [INCLUDES]
filters.d/wordpress-soft.conf CHANGED
@@ -1,5 +1,5 @@
1
  # Fail2Ban filter for WordPress soft failures
2
- # Auto-generated: 2020-07-30T10:39:40+00:00
3
  #
4
 
5
  [INCLUDES]
1
  # Fail2Ban filter for WordPress soft failures
2
+ # Auto-generated: 2020-08-04T12:35:21+00:00
3
  #
4
 
5
  [INCLUDES]
readme.txt CHANGED
@@ -5,8 +5,8 @@ Author URI: https://invis.net/?utm_source=wordpress.org&utm_medium=readme&utm_ca
5
  Plugin URI: https://wp-fail2ban.com/?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-4.3.0
6
  Tags: fail2ban, login, security, syslog, brute force, protection, classicpress
7
  Requires at least: 4.2
8
- Tested up to: 5.4.2
9
- Stable tag: 4.3.0.5
10
  Requires PHP: 5.6
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -78,6 +78,9 @@ Write a myriad of WordPress events to syslog for integration with fail2ban.
78
 
79
  == Changelog ==
80
 
 
 
 
81
  = 4.3.0.5 =
82
  * Fix empty username detection for multisite.
83
  * Fix harmless warning when activating new multisite install.
@@ -256,6 +259,9 @@ Write a myriad of WordPress events to syslog for integration with fail2ban.
256
 
257
  == Upgrade Notice ==
258
 
 
 
 
259
  = 4.3.0.5 =
260
  This is a bugfix release. You do not need to update your filters from 4.3.0.
261
 
5
  Plugin URI: https://wp-fail2ban.com/?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-4.3.0
6
  Tags: fail2ban, login, security, syslog, brute force, protection, classicpress
7
  Requires at least: 4.2
8
+ Tested up to: 5.5
9
+ Stable tag: 4.3.0.6
10
  Requires PHP: 5.6
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
78
 
79
  == Changelog ==
80
 
81
+ = 4.3.0.6 =
82
+ * Fix Forbidden error on Posts page for roles below Editor when user enum blocking enabled. [WordPress only]
83
+
84
  = 4.3.0.5 =
85
  * Fix empty username detection for multisite.
86
  * Fix harmless warning when activating new multisite install.
259
 
260
  == Upgrade Notice ==
261
 
262
+ = 4.3.0.6 =
263
+ This is a bugfix release. You do not need to update your filters from 4.3.0.
264
+
265
  = 4.3.0.5 =
266
  This is a bugfix release. You do not need to update your filters from 4.3.0.
267
 
wp-fail2ban.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin URI: https://wp-fail2ban.com/
5
  * Description: Write a myriad of WordPress events to syslog for integration with fail2ban.
6
  * Text Domain: wp-fail2ban
7
- * Version: 4.3.0.5
8
  * Author: Charles Lecklider
9
  * Author URI: https://invis.net/
10
  * License: GPLv2
4
  * Plugin URI: https://wp-fail2ban.com/
5
  * Description: Write a myriad of WordPress events to syslog for integration with fail2ban.
6
  * Text Domain: wp-fail2ban
7
+ * Version: 4.3.0.6
8
  * Author: Charles Lecklider
9
  * Author URI: https://invis.net/
10
  * License: GPLv2