Version Description
- Fix: Allow only css files to be processed through the router to prevent other types from being displayed arbitrary.
- Mu-loader updated version
- Environment allowed path to limit css files processing
- Include _get_plugin_data_markup_translate ratter WordPress method
- Fix: replacement_exists returned wrong response since not using priority keys
- Fix: Add media replacement, use correct replacement_exists function call
- Router check for client HTTP_ACCEPT_ENCODING type to start ob_start using ob_gzhandler or not.
- Update urls dynamically within stylesheets files e.g. include '../theme-name'
- Use trailingslashit for theme / child new urls to make sure it match full url instead partial theme name (e.g. main-theme and main-theme-child)
- Block wp-register.php
- get_home_path rely on DIRECTORY_SEPARATOR for better compatibility
- Check if plugin slug actually exists within all plugins list on re_plugin_path component
Download this release
Release Info
Developer | nsp-code |
Plugin | WP Hide & Security Enhancer |
Version | 1.4 |
Comparing to | |
See all releases |
Code changes from version 1.3.9.2 to 1.4
- include/functions.class.php +88 -10
- include/update.class.php +31 -5
- include/wph.class.php +91 -7
- modules/components/rewrite-new_plugin_path.php +3 -0
- modules/components/rewrite-new_theme_path.php +2 -2
- modules/components/rewrite-new_upload_path.php +1 -1
- modules/components/rewrite-root-files.php +46 -0
- mu-loader/wp-hide-loader.php +1 -2
- readme.txt +16 -20
- router/file-process.php +74 -13
- wp-hide.php +3 -3
include/functions.class.php
CHANGED
@@ -387,14 +387,17 @@
|
|
387 |
if($pos !== FALSE)
|
388 |
{
|
389 |
$home_path = substr( $_SERVER['SCRIPT_FILENAME'], 0, $pos );
|
390 |
-
$home_path =
|
391 |
}
|
392 |
else
|
393 |
{
|
394 |
-
$wp_path_rel_to_home =
|
395 |
-
|
396 |
-
$
|
397 |
-
|
|
|
|
|
|
|
398 |
}
|
399 |
}
|
400 |
else
|
@@ -402,7 +405,7 @@
|
|
402 |
$home_path = ABSPATH;
|
403 |
}
|
404 |
|
405 |
-
|
406 |
|
407 |
return $home_path;
|
408 |
|
@@ -475,7 +478,7 @@
|
|
475 |
|
476 |
$htaccess_file = $home_path.'.htaccess';
|
477 |
|
478 |
-
if ((!file_exists($htaccess_file)
|
479 |
return TRUE;
|
480 |
|
481 |
return FALSE;
|
@@ -510,7 +513,7 @@
|
|
510 |
|
511 |
$web_config_file = $home_path . 'web.config';
|
512 |
|
513 |
-
if ( ( ! file_exists($web_config_file) &&
|
514 |
return TRUE;
|
515 |
|
516 |
return FALSE;
|
@@ -820,7 +823,7 @@
|
|
820 |
|
821 |
foreach($this->wph->urls_replacement as $priority => $replacements_block)
|
822 |
{
|
823 |
-
if(isset($this->wph->urls_replacement[ $old_url ]))
|
824 |
return TRUE;
|
825 |
}
|
826 |
|
@@ -1571,7 +1574,7 @@
|
|
1571 |
unset( $plugin_data['_sitewide'] );
|
1572 |
|
1573 |
if ( $markup || $translate ) {
|
1574 |
-
$plugin_data = _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup, $translate );
|
1575 |
} else {
|
1576 |
$plugin_data['Title'] = $plugin_data['Name'];
|
1577 |
$plugin_data['AuthorName'] = $plugin_data['Author'];
|
@@ -1581,6 +1584,81 @@
|
|
1581 |
}
|
1582 |
|
1583 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1584 |
/**
|
1585 |
* Alternative when apache_response_headers() not available
|
1586 |
*
|
387 |
if($pos !== FALSE)
|
388 |
{
|
389 |
$home_path = substr( $_SERVER['SCRIPT_FILENAME'], 0, $pos );
|
390 |
+
$home_path = trim( $home_path , '/\\') . DIRECTORY_SEPARATOR;;
|
391 |
}
|
392 |
else
|
393 |
{
|
394 |
+
$wp_path_rel_to_home = DIRECTORY_SEPARATOR . trim($wp_path_rel_to_home, '/\\') . DIRECTORY_SEPARATOR;
|
395 |
+
|
396 |
+
$real_apth = realpath(ABSPATH) . DIRECTORY_SEPARATOR ;
|
397 |
+
|
398 |
+
$pos = strpos( $real_apth, $wp_path_rel_to_home);
|
399 |
+
$home_path = substr( $real_apth, 0, $pos );
|
400 |
+
$home_path = trim( $home_path , '/\\') . DIRECTORY_SEPARATOR;
|
401 |
}
|
402 |
}
|
403 |
else
|
405 |
$home_path = ABSPATH;
|
406 |
}
|
407 |
|
408 |
+
//$home_path = str_replace( '\\', '/', $home_path );
|
409 |
|
410 |
return $home_path;
|
411 |
|
478 |
|
479 |
$htaccess_file = $home_path.'.htaccess';
|
480 |
|
481 |
+
if ((!file_exists($htaccess_file) && $this->is_permalink_enabled()) || is_writable($htaccess_file))
|
482 |
return TRUE;
|
483 |
|
484 |
return FALSE;
|
513 |
|
514 |
$web_config_file = $home_path . 'web.config';
|
515 |
|
516 |
+
if ( ( ! file_exists($web_config_file) && $this->is_permalink_enabled() ) || win_is_writable($web_config_file) )
|
517 |
return TRUE;
|
518 |
|
519 |
return FALSE;
|
823 |
|
824 |
foreach($this->wph->urls_replacement as $priority => $replacements_block)
|
825 |
{
|
826 |
+
if(isset($this->wph->urls_replacement[$priority][ $old_url ]))
|
827 |
return TRUE;
|
828 |
}
|
829 |
|
1574 |
unset( $plugin_data['_sitewide'] );
|
1575 |
|
1576 |
if ( $markup || $translate ) {
|
1577 |
+
$plugin_data = $this->_get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup, $translate );
|
1578 |
} else {
|
1579 |
$plugin_data['Title'] = $plugin_data['Name'];
|
1580 |
$plugin_data['AuthorName'] = $plugin_data['Author'];
|
1584 |
}
|
1585 |
|
1586 |
|
1587 |
+
|
1588 |
+
/**
|
1589 |
+
* Sanitizes plugin data, optionally adds markup, optionally translates.
|
1590 |
+
*
|
1591 |
+
* @since 2.7.0
|
1592 |
+
* @access private
|
1593 |
+
* @see get_plugin_data()
|
1594 |
+
*/
|
1595 |
+
function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup = true, $translate = true )
|
1596 |
+
{
|
1597 |
+
|
1598 |
+
// Sanitize the plugin filename to a WP_PLUGIN_DIR relative path
|
1599 |
+
$plugin_file = plugin_basename( $plugin_file );
|
1600 |
+
|
1601 |
+
// Translate fields
|
1602 |
+
if ( $translate ) {
|
1603 |
+
if ( $textdomain = $plugin_data['TextDomain'] ) {
|
1604 |
+
if ( ! is_textdomain_loaded( $textdomain ) ) {
|
1605 |
+
if ( $plugin_data['DomainPath'] ) {
|
1606 |
+
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) . $plugin_data['DomainPath'] );
|
1607 |
+
} else {
|
1608 |
+
load_plugin_textdomain( $textdomain, false, dirname( $plugin_file ) );
|
1609 |
+
}
|
1610 |
+
}
|
1611 |
+
} elseif ( 'hello.php' == basename( $plugin_file ) ) {
|
1612 |
+
$textdomain = 'default';
|
1613 |
+
}
|
1614 |
+
if ( $textdomain ) {
|
1615 |
+
foreach ( array( 'Name', 'PluginURI', 'Description', 'Author', 'AuthorURI', 'Version' ) as $field )
|
1616 |
+
$plugin_data[ $field ] = translate( $plugin_data[ $field ], $textdomain );
|
1617 |
+
}
|
1618 |
+
}
|
1619 |
+
|
1620 |
+
// Sanitize fields
|
1621 |
+
$allowed_tags = $allowed_tags_in_links = array(
|
1622 |
+
'abbr' => array( 'title' => true ),
|
1623 |
+
'acronym' => array( 'title' => true ),
|
1624 |
+
'code' => true,
|
1625 |
+
'em' => true,
|
1626 |
+
'strong' => true,
|
1627 |
+
);
|
1628 |
+
$allowed_tags['a'] = array( 'href' => true, 'title' => true );
|
1629 |
+
|
1630 |
+
// Name is marked up inside <a> tags. Don't allow these.
|
1631 |
+
// Author is too, but some plugins have used <a> here (omitting Author URI).
|
1632 |
+
$plugin_data['Name'] = wp_kses( $plugin_data['Name'], $allowed_tags_in_links );
|
1633 |
+
$plugin_data['Author'] = wp_kses( $plugin_data['Author'], $allowed_tags );
|
1634 |
+
|
1635 |
+
$plugin_data['Description'] = wp_kses( $plugin_data['Description'], $allowed_tags );
|
1636 |
+
$plugin_data['Version'] = wp_kses( $plugin_data['Version'], $allowed_tags );
|
1637 |
+
|
1638 |
+
$plugin_data['PluginURI'] = esc_url( $plugin_data['PluginURI'] );
|
1639 |
+
$plugin_data['AuthorURI'] = esc_url( $plugin_data['AuthorURI'] );
|
1640 |
+
|
1641 |
+
$plugin_data['Title'] = $plugin_data['Name'];
|
1642 |
+
$plugin_data['AuthorName'] = $plugin_data['Author'];
|
1643 |
+
|
1644 |
+
// Apply markup
|
1645 |
+
if ( $markup ) {
|
1646 |
+
if ( $plugin_data['PluginURI'] && $plugin_data['Name'] )
|
1647 |
+
$plugin_data['Title'] = '<a href="' . $plugin_data['PluginURI'] . '">' . $plugin_data['Name'] . '</a>';
|
1648 |
+
|
1649 |
+
if ( $plugin_data['AuthorURI'] && $plugin_data['Author'] )
|
1650 |
+
$plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '">' . $plugin_data['Author'] . '</a>';
|
1651 |
+
|
1652 |
+
$plugin_data['Description'] = wptexturize( $plugin_data['Description'] );
|
1653 |
+
|
1654 |
+
if ( $plugin_data['Author'] )
|
1655 |
+
$plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s.'), $plugin_data['Author'] ) . '</cite>';
|
1656 |
+
}
|
1657 |
+
|
1658 |
+
return $plugin_data;
|
1659 |
+
}
|
1660 |
+
|
1661 |
+
|
1662 |
/**
|
1663 |
* Alternative when apache_response_headers() not available
|
1664 |
*
|
include/update.class.php
CHANGED
@@ -31,7 +31,7 @@
|
|
31 |
}
|
32 |
|
33 |
|
34 |
-
if (version_compare($version,
|
35 |
{
|
36 |
//keep track of flushed rules to avoid doing it multiple times
|
37 |
$_triggered_flush_rules = FALSE;
|
@@ -70,8 +70,11 @@
|
|
70 |
if(version_compare($version, '1.3', '<'))
|
71 |
{
|
72 |
//flush rules
|
73 |
-
|
74 |
-
|
|
|
|
|
|
|
75 |
|
76 |
$version = '1.3';
|
77 |
}
|
@@ -87,7 +90,10 @@
|
|
87 |
{
|
88 |
//flush rules
|
89 |
if( ! $_triggered_flush_rules )
|
90 |
-
|
|
|
|
|
|
|
91 |
|
92 |
$version = '1.3.2';
|
93 |
}
|
@@ -105,8 +111,28 @@
|
|
105 |
$version = '1.3.2.2';
|
106 |
}
|
107 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
108 |
//save the last code version
|
109 |
-
$this->wph->settings['version'] =
|
110 |
$this->wph->functions->update_settings($this->wph->settings);
|
111 |
|
112 |
}
|
31 |
}
|
32 |
|
33 |
|
34 |
+
if (version_compare($version, WPH_CORE_VERSION, '<'))
|
35 |
{
|
36 |
//keep track of flushed rules to avoid doing it multiple times
|
37 |
$_triggered_flush_rules = FALSE;
|
70 |
if(version_compare($version, '1.3', '<'))
|
71 |
{
|
72 |
//flush rules
|
73 |
+
if( ! $_triggered_flush_rules )
|
74 |
+
{
|
75 |
+
add_action('wp_loaded', array($this, 'flush_rules') , -1);
|
76 |
+
$_triggered_flush_rules = TRUE;
|
77 |
+
}
|
78 |
|
79 |
$version = '1.3';
|
80 |
}
|
90 |
{
|
91 |
//flush rules
|
92 |
if( ! $_triggered_flush_rules )
|
93 |
+
{
|
94 |
+
add_action('wp_loaded', array($this, 'flush_rules') , -1);
|
95 |
+
$_triggered_flush_rules = TRUE;
|
96 |
+
}
|
97 |
|
98 |
$version = '1.3.2';
|
99 |
}
|
111 |
$version = '1.3.2.2';
|
112 |
}
|
113 |
|
114 |
+
/**
|
115 |
+
* Create the environemnt file
|
116 |
+
*/
|
117 |
+
if(version_compare($version, '1.4', '<'))
|
118 |
+
{
|
119 |
+
|
120 |
+
$this->wph->set_static_environemnt_file( FALSE );
|
121 |
+
|
122 |
+
//copy over the new mu-loader version
|
123 |
+
WPH_functions::copy_mu_loader( TRUE );
|
124 |
+
|
125 |
+
if( ! $_triggered_flush_rules )
|
126 |
+
{
|
127 |
+
add_action('wp_loaded', array($this, 'flush_rules') , -1);
|
128 |
+
$_triggered_flush_rules = TRUE;
|
129 |
+
}
|
130 |
+
|
131 |
+
}
|
132 |
+
|
133 |
+
|
134 |
//save the last code version
|
135 |
+
$this->wph->settings['version'] = WPH_CORE_VERSION;
|
136 |
$this->wph->functions->update_settings($this->wph->settings);
|
137 |
|
138 |
}
|
include/wph.class.php
CHANGED
@@ -3,6 +3,7 @@
|
|
3 |
|
4 |
class WPH
|
5 |
{
|
|
|
6 |
var $default_variables = array();
|
7 |
var $templates_data = array();
|
8 |
var $urls_replacement = array();
|
@@ -31,7 +32,13 @@
|
|
31 |
|
32 |
function __construct()
|
33 |
{
|
34 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
}
|
36 |
|
37 |
function __destruct()
|
@@ -42,8 +49,7 @@
|
|
42 |
|
43 |
function init()
|
44 |
{
|
45 |
-
|
46 |
-
|
47 |
$this->settings = $this->functions->get_settings();
|
48 |
|
49 |
//set the urls_replacement priority blocks
|
@@ -51,9 +57,6 @@
|
|
51 |
$this->urls_replacement['normal'] = array();
|
52 |
$this->urls_replacement['low'] = array();
|
53 |
|
54 |
-
//check for plugin update
|
55 |
-
$this->update();
|
56 |
-
|
57 |
//set whatever the server use htaccess or web.config configuration file
|
58 |
$this->server_htaccess_config = $this->functions->server_use_htaccess_config_file();
|
59 |
$this->server_web_config = $this->functions->server_use_web_config_file();
|
@@ -81,6 +84,9 @@
|
|
81 |
|
82 |
$this->get_default_variables();
|
83 |
|
|
|
|
|
|
|
84 |
//handle the conflicts
|
85 |
$this->plugin_conflicts();
|
86 |
|
@@ -115,6 +121,9 @@
|
|
115 |
//rebuild and change uppon settings modified
|
116 |
add_action('wph/settings_changed', array($this, 'settings_changed'));
|
117 |
|
|
|
|
|
|
|
118 |
//apache
|
119 |
add_filter('mod_rewrite_rules', array($this, 'mod_rewrite_rules'), 999);
|
120 |
//IIS7 server
|
@@ -348,7 +357,7 @@
|
|
348 |
echo "<div class='updated'><p>". __('Settings saved', 'wp-hide-security-enhancer') ."</p></div>";
|
349 |
else
|
350 |
{
|
351 |
-
echo "<div class='error'><p>". __('Some errors occurred, no setting has been saved!', 'wp-hide-security-enhancer') ."</p></div>";
|
352 |
echo "<div class='error'><p>";
|
353 |
|
354 |
foreach ($process_interface_save_errors as $error)
|
@@ -577,6 +586,81 @@
|
|
577 |
flush_rewrite_rules();
|
578 |
}
|
579 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
580 |
function mod_rewrite_rules( $rules )
|
581 |
{
|
582 |
if($this->uninstall === TRUE)
|
3 |
|
4 |
class WPH
|
5 |
{
|
6 |
+
|
7 |
var $default_variables = array();
|
8 |
var $templates_data = array();
|
9 |
var $urls_replacement = array();
|
32 |
|
33 |
function __construct()
|
34 |
{
|
35 |
+
$this->functions = new WPH_functions();
|
36 |
+
|
37 |
+
$plugin_data = $this->functions->get_plugin_data( WPH_PATH . '/wp-hide.php', $markup = true, $translate = true );
|
38 |
+
|
39 |
+
define('WPH_CORE_VERSION', $plugin_data['Version']);
|
40 |
+
define('WPH_CORE_MULOADER_VERSION', '1.2');
|
41 |
+
|
42 |
}
|
43 |
|
44 |
function __destruct()
|
49 |
|
50 |
function init()
|
51 |
{
|
52 |
+
|
|
|
53 |
$this->settings = $this->functions->get_settings();
|
54 |
|
55 |
//set the urls_replacement priority blocks
|
57 |
$this->urls_replacement['normal'] = array();
|
58 |
$this->urls_replacement['low'] = array();
|
59 |
|
|
|
|
|
|
|
60 |
//set whatever the server use htaccess or web.config configuration file
|
61 |
$this->server_htaccess_config = $this->functions->server_use_htaccess_config_file();
|
62 |
$this->server_web_config = $this->functions->server_use_web_config_file();
|
84 |
|
85 |
$this->get_default_variables();
|
86 |
|
87 |
+
//check for plugin update
|
88 |
+
$this->update();
|
89 |
+
|
90 |
//handle the conflicts
|
91 |
$this->plugin_conflicts();
|
92 |
|
121 |
//rebuild and change uppon settings modified
|
122 |
add_action('wph/settings_changed', array($this, 'settings_changed'));
|
123 |
|
124 |
+
//create the static file which contain different environment variables which will be used on router
|
125 |
+
add_action('wph/settings_changed', array($this, 'set_static_environemnt_file'), 999);
|
126 |
+
|
127 |
//apache
|
128 |
add_filter('mod_rewrite_rules', array($this, 'mod_rewrite_rules'), 999);
|
129 |
//IIS7 server
|
357 |
echo "<div class='updated'><p>". __('Settings saved', 'wp-hide-security-enhancer') ."</p></div>";
|
358 |
else
|
359 |
{
|
360 |
+
//echo "<div class='error'><p>". __('Some errors occurred, no setting has been saved!', 'wp-hide-security-enhancer') ."</p></div>";
|
361 |
echo "<div class='error'><p>";
|
362 |
|
363 |
foreach ($process_interface_save_errors as $error)
|
586 |
flush_rewrite_rules();
|
587 |
}
|
588 |
|
589 |
+
|
590 |
+
/**
|
591 |
+
* Create a staitc file which will be used in router
|
592 |
+
*
|
593 |
+
*/
|
594 |
+
function set_static_environemnt_file()
|
595 |
+
{
|
596 |
+
|
597 |
+
$environment_variable = array();
|
598 |
+
|
599 |
+
$environment_variable['theme'] = array(
|
600 |
+
'folder_name' => $this->templates_data['main']['folder_name'],
|
601 |
+
'mapped_name' => $this->settings['module_settings']['new_theme_path']
|
602 |
+
);
|
603 |
+
|
604 |
+
if(isset($this->templates_data['child']))
|
605 |
+
{
|
606 |
+
$environment_variable['child_theme'] = array(
|
607 |
+
'folder_name' => $this->templates_data['child']['folder_name'],
|
608 |
+
'mapped_name' => $this->settings['module_settings']['new_theme_child_path']
|
609 |
+
);
|
610 |
+
}
|
611 |
+
|
612 |
+
$themes_url = untrailingslashit($this->templates_data['themes_url']);
|
613 |
+
$themes_url = str_replace(array("http://", "https://"), "", $themes_url);
|
614 |
+
|
615 |
+
|
616 |
+
$site_url = site_url();
|
617 |
+
$site_url = str_replace(array("http://", "https://"), "", $site_url);
|
618 |
+
|
619 |
+
$themes_url = str_replace($site_url, "", $themes_url);
|
620 |
+
|
621 |
+
//set the allowe paths
|
622 |
+
$environment_variable['allowed_paths'] = array( $themes_url );
|
623 |
+
|
624 |
+
global $wp_filesystem;
|
625 |
+
|
626 |
+
if (empty($wp_filesystem))
|
627 |
+
{
|
628 |
+
require_once (ABSPATH . '/wp-admin/includes/file.php');
|
629 |
+
WP_Filesystem();
|
630 |
+
}
|
631 |
+
|
632 |
+
ob_start();
|
633 |
+
|
634 |
+
echo "<?php ";
|
635 |
+
echo '$environment_variable = \''. json_encode($environment_variable) .'\'';
|
636 |
+
echo " ?>";
|
637 |
+
|
638 |
+
$file_data = ob_get_contents();
|
639 |
+
ob_end_clean();
|
640 |
+
|
641 |
+
if( ! $wp_filesystem->put_contents( WPH_PATH . 'router/environment.php', $file_data , 0644) )
|
642 |
+
{
|
643 |
+
$process_interface_save_errors = get_transient( 'wph-process_interface_save_errors' );
|
644 |
+
delete_transient( 'wph-process_interface_save_errors' );
|
645 |
+
|
646 |
+
$process_interface_save_errors[] = __('Unable to create environemnt static file. Is ', 'wp-hide-security-enhancer') . WPH_PATH . 'router/ ' . __('writable', 'wp-hide-security-enhancer') . '? <b>Remove description header from Style file</b> and <b>Child - Remove description header from Style file</b> ' . __('will not work correctly, so where turned off.', 'wp-hide-security-enhancer');
|
647 |
+
|
648 |
+
//disable certain options
|
649 |
+
$this->settings['module_settings']['style_file_clean'] = 'no';
|
650 |
+
$this->settings['module_settings']['child_style_file_clean'] = 'no';
|
651 |
+
|
652 |
+
//save the new options
|
653 |
+
$this->functions->update_settings($this->settings);
|
654 |
+
|
655 |
+
//regenerate permalinks
|
656 |
+
$this->settings_changed();
|
657 |
+
|
658 |
+
set_transient( 'wph-process_interface_save_errors', $process_interface_save_errors, HOUR_IN_SECONDS );
|
659 |
+
}
|
660 |
+
|
661 |
+
}
|
662 |
+
|
663 |
+
|
664 |
function mod_rewrite_rules( $rules )
|
665 |
{
|
666 |
if($this->uninstall === TRUE)
|
modules/components/rewrite-new_plugin_path.php
CHANGED
@@ -58,6 +58,9 @@
|
|
58 |
|
59 |
$plugin_slug = sanitize_title($active_plugin);
|
60 |
|
|
|
|
|
|
|
61 |
$pluding_data = $all_plugins[$active_plugin];
|
62 |
|
63 |
$this->module_settings[] = array(
|
58 |
|
59 |
$plugin_slug = sanitize_title($active_plugin);
|
60 |
|
61 |
+
if(!isset($all_plugins[$active_plugin]))
|
62 |
+
continue;
|
63 |
+
|
64 |
$pluding_data = $all_plugins[$active_plugin];
|
65 |
|
66 |
$this->module_settings[] = array(
|
modules/components/rewrite-new_theme_path.php
CHANGED
@@ -160,7 +160,7 @@
|
|
160 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
161 |
|
162 |
//add replacement url
|
163 |
-
$this->wph->functions->add_replacement(
|
164 |
|
165 |
}
|
166 |
|
@@ -301,7 +301,7 @@
|
|
301 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
302 |
|
303 |
//add replacement url
|
304 |
-
$this->wph->functions->add_replacement(
|
305 |
|
306 |
}
|
307 |
|
160 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
161 |
|
162 |
//add replacement url
|
163 |
+
$this->wph->functions->add_replacement( trailingslashit( $this->wph->default_variables['template_url']), trailingslashit( trailingslashit( home_url() ) . $saved_field_data ) );
|
164 |
|
165 |
}
|
166 |
|
301 |
//add_filter('theme_root_uri', array(&$this, 'theme_root_uri'), 999, 3);
|
302 |
|
303 |
//add replacement url
|
304 |
+
$this->wph->functions->add_replacement( trailingslashit( $this->wph->default_variables['stylesheet_uri'] ) , trailingslashit( trailingslashit( home_url() ) . untrailingslashit( $saved_field_data ) ) );
|
305 |
|
306 |
}
|
307 |
|
modules/components/rewrite-new_upload_path.php
CHANGED
@@ -127,7 +127,7 @@
|
|
127 |
//$data['baseurl'] = $new_url;
|
128 |
|
129 |
//add replacement
|
130 |
-
if(!
|
131 |
{
|
132 |
//prevent media images from being replaced on admin, as when plugin disable the links will not work anymore
|
133 |
$block_upload_url = $this->wph->functions->get_module_item_setting('block_upload_url');
|
127 |
//$data['baseurl'] = $new_url;
|
128 |
|
129 |
//add replacement
|
130 |
+
if(! ($this->wph->functions->replacement_exists( $this->wph->default_variables['upload_url'] )))
|
131 |
{
|
132 |
//prevent media images from being replaced on admin, as when plugin disable the links will not work anymore
|
133 |
$block_upload_url = $this->wph->functions->get_module_item_setting('block_upload_url');
|
modules/components/rewrite-root-files.php
CHANGED
@@ -93,6 +93,23 @@
|
|
93 |
|
94 |
);
|
95 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
96 |
$this->module_settings[] = array(
|
97 |
'id' => 'block_other_wp_files',
|
98 |
'label' => 'Block other wp-*.php files',
|
@@ -263,6 +280,35 @@
|
|
263 |
|
264 |
return $processing_response;
|
265 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
266 |
|
267 |
function _callback_saved_block_other_wp_files($saved_field_data)
|
268 |
{
|
93 |
|
94 |
);
|
95 |
|
96 |
+
$this->module_settings[] = array(
|
97 |
+
'id' => 'block_default_wp_register_php',
|
98 |
+
'label' => 'Block wp-register.php',
|
99 |
+
'description' => __('Block default wp-register.php file. This file is now deprecated however still exists within code and redirected to /register page.', 'wp-hide-security-enhancer'),
|
100 |
+
|
101 |
+
'input_type' => 'radio',
|
102 |
+
'options' => array(
|
103 |
+
'yes' => __('Yes', 'wp-hide-security-enhancer'),
|
104 |
+
'no' => __('No', 'wp-hide-security-enhancer'),
|
105 |
+
),
|
106 |
+
'default_value' => 'no',
|
107 |
+
|
108 |
+
'sanitize_type' => array('sanitize_title', 'strtolower'),
|
109 |
+
'processing_order' => 55
|
110 |
+
|
111 |
+
);
|
112 |
+
|
113 |
$this->module_settings[] = array(
|
114 |
'id' => 'block_other_wp_files',
|
115 |
'label' => 'Block other wp-*.php files',
|
280 |
|
281 |
return $processing_response;
|
282 |
}
|
283 |
+
|
284 |
+
|
285 |
+
function _callback_saved_block_default_wp_register_php( $saved_field_data )
|
286 |
+
{
|
287 |
+
$processing_response = array();
|
288 |
+
|
289 |
+
if(empty($saved_field_data) || $saved_field_data == 'no')
|
290 |
+
return $processing_response;
|
291 |
+
|
292 |
+
$rewrite_file_base = !empty($this->wph->default_variables['wordpress_directory']) ? trailingslashit( $this->wph->default_variables['wordpress_directory'] ) . 'wp-signup.php' : 'wp-signup.php';
|
293 |
+
|
294 |
+
if($this->wph->server_htaccess_config === TRUE)
|
295 |
+
{
|
296 |
+
$text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
|
297 |
+
$text .= "RewriteRule ^wp-register.php /index.php?wph-throw-404 [L]";
|
298 |
+
}
|
299 |
+
|
300 |
+
if($this->wph->server_web_config === TRUE)
|
301 |
+
$text = '
|
302 |
+
<rule name="wph-block_default_wp_register_php" stopProcessing="true">
|
303 |
+
<match url="^wp-register.php" />
|
304 |
+
<action type="Rewrite" url="'. $this->wph->default_variables['site_relative_path'] .'index.php?wph-throw-404" />
|
305 |
+
</rule>
|
306 |
+
';
|
307 |
+
|
308 |
+
$processing_response['rewrite'] = $text;
|
309 |
+
|
310 |
+
return $processing_response;
|
311 |
+
}
|
312 |
|
313 |
function _callback_saved_block_other_wp_files($saved_field_data)
|
314 |
{
|
mu-loader/wp-hide-loader.php
CHANGED
@@ -15,10 +15,9 @@
|
|
15 |
if( !in_array( 'wp-hide-security-enhancer/wp-hide.php' , $active_plugins) )
|
16 |
return FALSE;
|
17 |
|
18 |
-
define('WPH_VERSION', '1.3.9');
|
19 |
define('WPH_PATH', trailingslashit( dirname( WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ) ) );
|
20 |
define('WPH_MULOADER', TRUE);
|
21 |
-
define('WPH_MULOADER_VERSION', '1.
|
22 |
|
23 |
include_once(WPH_PATH . '/include/wph.class.php');
|
24 |
include_once(WPH_PATH . '/include/functions.class.php');
|
15 |
if( !in_array( 'wp-hide-security-enhancer/wp-hide.php' , $active_plugins) )
|
16 |
return FALSE;
|
17 |
|
|
|
18 |
define('WPH_PATH', trailingslashit( dirname( WP_PLUGIN_DIR . '/wp-hide-security-enhancer/wp-hide.php' ) ) );
|
19 |
define('WPH_MULOADER', TRUE);
|
20 |
+
define('WPH_MULOADER_VERSION', '1.2');
|
21 |
|
22 |
include_once(WPH_PATH . '/include/wph.class.php');
|
23 |
include_once(WPH_PATH . '/include/functions.class.php');
|
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: nsp-code, tdgu
|
|
3 |
Donate link: http://www.nsp-code.com/donate.php
|
4 |
Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
|
5 |
Requires at least: 2.8
|
6 |
-
Tested up to: 4.7.
|
7 |
-
Stable tag: 1.
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
@@ -239,6 +239,20 @@ Please get in touch with us and we'll do our best to include it for a next versi
|
|
239 |
|
240 |
== Changelog ==
|
241 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
242 |
= 1.3.9.2 =
|
243 |
* Fix: Use of undefined constant WPH_VERSION
|
244 |
|
@@ -321,24 +335,6 @@ Please get in touch with us and we'll do our best to include it for a next versi
|
|
321 |
* Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
|
322 |
* Updated PO / MO translation files
|
323 |
|
324 |
-
= 1.3.4 =
|
325 |
-
* Improved replacement code for Uploads, when "Block uploads URL" is set for "No" it use default media urls within the admin editor, to ensure links are still functional if plugin is disabled.
|
326 |
-
* Priority (high, normal, low) for replacement urls
|
327 |
-
* Replacement Urls for gziped buffer
|
328 |
-
* Fix rule name for child_style_file_clean on web.config IIS
|
329 |
-
* bbPress Compatibility
|
330 |
-
* BuddyPress Compatibility
|
331 |
-
* Prevent replacements on wp_redirect filter if is_404()
|
332 |
-
* Updated PO / MO translation files
|
333 |
-
* Removed in line components filters which changed the urls, leave for end buffering to make all changes.
|
334 |
-
* Fix for mod_rewrite line on child theme when router is turned Off, append the default style.css filename
|
335 |
-
* Improvements for Templates default variables to match customized themes like Sage
|
336 |
-
* Compatibility fix for Super Cache plugin ob callback
|
337 |
-
* Add IfModule mod_env.c before set nSetEnv HTTP_MOD_REWRITE On to prevent server internal error in case mod_env module is not available
|
338 |
-
* Check for Empty $saved_field_data within new plugin path component, to avoid creating rewrite rule if empty and existent path
|
339 |
-
* Improved get_home_path()
|
340 |
-
* Replacements for Relative URL's
|
341 |
-
|
342 |
See full list of changelogs at http://www.wp-hide.com/plugin-changelogs/
|
343 |
|
344 |
== Upgrade Notice ==
|
3 |
Donate link: http://www.nsp-code.com/donate.php
|
4 |
Tags: hide, security, improve security, hacking, wp hide, wordpress hide, custom login url, wp-loging.php, ap-admin
|
5 |
Requires at least: 2.8
|
6 |
+
Tested up to: 4.7.2
|
7 |
+
Stable tag: 1.4
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
239 |
|
240 |
== Changelog ==
|
241 |
|
242 |
+
= 1.4 =
|
243 |
+
* Fix: Allow only css files to be processed through the router to prevent other types from being displayed arbitrary.
|
244 |
+
* Mu-loader updated version
|
245 |
+
* Environment allowed path to limit css files processing
|
246 |
+
* Include _get_plugin_data_markup_translate ratter WordPress method
|
247 |
+
* Fix: replacement_exists returned wrong response since not using priority keys
|
248 |
+
* Fix: Add media replacement, use correct replacement_exists function call
|
249 |
+
* Router check for client HTTP_ACCEPT_ENCODING type to start ob_start using ob_gzhandler or not.
|
250 |
+
* Update urls dynamically within stylesheets files e.g. include '../theme-name'
|
251 |
+
* Use trailingslashit for theme / child new urls to make sure it match full url instead partial theme name (e.g. main-theme and main-theme-child)
|
252 |
+
* Block wp-register.php
|
253 |
+
* get_home_path rely on DIRECTORY_SEPARATOR for better compatibility
|
254 |
+
* Check if plugin slug actually exists within all plugins list on re_plugin_path component
|
255 |
+
|
256 |
= 1.3.9.2 =
|
257 |
* Fix: Use of undefined constant WPH_VERSION
|
258 |
|
335 |
* Removed 'admin_url' and 'wp_default_scripts' filters to allow replacement at the end, within the buffer
|
336 |
* Updated PO / MO translation files
|
337 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
338 |
See full list of changelogs at http://www.wp-hide.com/plugin-changelogs/
|
339 |
|
340 |
== Upgrade Notice ==
|
router/file-process.php
CHANGED
@@ -9,27 +9,70 @@
|
|
9 |
die();
|
10 |
|
11 |
//append doc root to path
|
12 |
-
$
|
13 |
|
14 |
//check if file exists
|
15 |
-
if (!file_exists($
|
16 |
die();
|
17 |
-
|
18 |
-
$WPH_FileProcess = new WPH_FileProcess();
|
19 |
-
|
20 |
-
$WPH_FileProcess->action = $action;
|
21 |
-
$WPH_FileProcess->file_path = $file_path;
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
23 |
$WPH_FileProcess->run();
|
24 |
|
25 |
class WPH_FileProcess
|
26 |
{
|
27 |
var $action;
|
28 |
var $file_path;
|
|
|
29 |
|
30 |
-
|
|
|
|
|
31 |
{
|
32 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
33 |
}
|
34 |
|
35 |
function __destruct()
|
@@ -39,9 +82,14 @@
|
|
39 |
|
40 |
echo $out;
|
41 |
}
|
42 |
-
|
|
|
|
|
|
|
|
|
43 |
function run()
|
44 |
{
|
|
|
45 |
switch($this->action)
|
46 |
{
|
47 |
case 'style-clean' :
|
@@ -49,6 +97,7 @@
|
|
49 |
break;
|
50 |
|
51 |
}
|
|
|
52 |
}
|
53 |
|
54 |
|
@@ -60,14 +109,26 @@
|
|
60 |
header('Content-Type: text/css; charset=UTF-8');
|
61 |
header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
|
62 |
header("Cache-Control: public, max-age=$expires_offset");
|
63 |
-
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($this->
|
64 |
|
65 |
-
$handle = fopen($this->
|
66 |
-
$file_data = fread($handle, filesize($this->
|
67 |
fclose($handle);
|
68 |
|
69 |
$file_data = preg_replace('!/\*.*?\*/!s', '', $file_data);
|
70 |
$file_data = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $file_data);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
71 |
|
72 |
echo $file_data;
|
73 |
|
9 |
die();
|
10 |
|
11 |
//append doc root to path
|
12 |
+
$full_file_path = $_SERVER["DOCUMENT_ROOT"] . $file_path;
|
13 |
|
14 |
//check if file exists
|
15 |
+
if (!file_exists($full_file_path))
|
16 |
die();
|
|
|
|
|
|
|
|
|
|
|
17 |
|
18 |
+
//allow only style files
|
19 |
+
$pathinfo = pathinfo($full_file_path);
|
20 |
+
if(!isset($pathinfo['extension']) || strtolower($pathinfo['extension']) != 'css')
|
21 |
+
die();
|
22 |
+
|
23 |
+
$WPH_FileProcess = new WPH_FileProcess($action, $file_path);
|
24 |
$WPH_FileProcess->run();
|
25 |
|
26 |
class WPH_FileProcess
|
27 |
{
|
28 |
var $action;
|
29 |
var $file_path;
|
30 |
+
var $full_file_path;
|
31 |
|
32 |
+
var $environemnt;
|
33 |
+
|
34 |
+
function __construct( $action, $file_path )
|
35 |
{
|
36 |
+
if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false)
|
37 |
+
{
|
38 |
+
ob_start('ob_gzhandler'); ob_start();
|
39 |
+
}
|
40 |
+
else
|
41 |
+
{
|
42 |
+
ob_start();
|
43 |
+
}
|
44 |
+
|
45 |
+
$this->action = $action;
|
46 |
+
$this->file_path = $file_path;
|
47 |
+
$this->full_file_path = $_SERVER["DOCUMENT_ROOT"] . $file_path;
|
48 |
+
|
49 |
+
//load the environemtn data
|
50 |
+
$this->environment = new stdClass();
|
51 |
+
|
52 |
+
if(file_exists('environment.php'))
|
53 |
+
{
|
54 |
+
include('environment.php');
|
55 |
+
$this->environment = json_decode($environment_variable);
|
56 |
+
}
|
57 |
+
|
58 |
+
//check for allowed paths
|
59 |
+
if(!isset($this->environment->allowed_paths) || !is_array($this->environment->allowed_paths) || count($this->environment->allowed_paths) < 1)
|
60 |
+
die();
|
61 |
+
|
62 |
+
//check if the file is in allowed path
|
63 |
+
$found = FALSE;
|
64 |
+
foreach($this->environment->allowed_paths as $allowed_path)
|
65 |
+
{
|
66 |
+
if(strpos($this->file_path, $allowed_path) === 0)
|
67 |
+
{
|
68 |
+
$found = TRUE;
|
69 |
+
break;
|
70 |
+
}
|
71 |
+
}
|
72 |
+
|
73 |
+
if(! $found )
|
74 |
+
die();
|
75 |
+
|
76 |
}
|
77 |
|
78 |
function __destruct()
|
82 |
|
83 |
echo $out;
|
84 |
}
|
85 |
+
|
86 |
+
/**
|
87 |
+
* Process the action
|
88 |
+
*
|
89 |
+
*/
|
90 |
function run()
|
91 |
{
|
92 |
+
|
93 |
switch($this->action)
|
94 |
{
|
95 |
case 'style-clean' :
|
97 |
break;
|
98 |
|
99 |
}
|
100 |
+
|
101 |
}
|
102 |
|
103 |
|
109 |
header('Content-Type: text/css; charset=UTF-8');
|
110 |
header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
|
111 |
header("Cache-Control: public, max-age=$expires_offset");
|
112 |
+
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($this->full_file_path)).' GMT', true);
|
113 |
|
114 |
+
$handle = fopen($this->full_file_path, "r");
|
115 |
+
$file_data = fread($handle, filesize($this->full_file_path));
|
116 |
fclose($handle);
|
117 |
|
118 |
$file_data = preg_replace('!/\*.*?\*/!s', '', $file_data);
|
119 |
$file_data = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $file_data);
|
120 |
+
|
121 |
+
|
122 |
+
if(isset($this->environment->theme))
|
123 |
+
{
|
124 |
+
$var_theme = $this->environment->theme;
|
125 |
+
$file_data = str_replace('../' . $var_theme->folder_name .'/', '../' . $var_theme->mapped_name .'/', $file_data);
|
126 |
+
}
|
127 |
+
if(isset($this->environment->child_theme))
|
128 |
+
{
|
129 |
+
$var_theme = $this->environment->child_theme;
|
130 |
+
$file_data = str_replace('../' . $var_theme->folder_name .'/', '../' . $var_theme->mapped_name .'/', $file_data);
|
131 |
+
}
|
132 |
|
133 |
echo $file_data;
|
134 |
|
wp-hide.php
CHANGED
@@ -5,7 +5,7 @@ Plugin URI: http://www.nsp-code.com
|
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
-
Version: 1.
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
@@ -13,8 +13,7 @@ Domain Path: /languages/
|
|
13 |
//if mu-plugins component not being loaded trigger a later init
|
14 |
if(!defined('WPH_PATH'))
|
15 |
{
|
16 |
-
|
17 |
-
define('WPH_VERSION', '1.3.9');
|
18 |
define('WPH_PATH', plugin_dir_path(__FILE__));
|
19 |
include_once(WPH_PATH . '/include/wph.class.php');
|
20 |
include_once(WPH_PATH . '/include/functions.class.php');
|
@@ -35,6 +34,7 @@ Domain Path: /languages/
|
|
35 |
*/
|
36 |
ob_start(array($wph, 'ob_start_callback'));
|
37 |
|
|
|
38 |
}
|
39 |
|
40 |
|
5 |
Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
|
6 |
Author: Nsp Code
|
7 |
Author URI: http://www.nsp-code.com
|
8 |
+
Version: 1.4
|
9 |
Text Domain: wp-hide-security-enhancer
|
10 |
Domain Path: /languages/
|
11 |
*/
|
13 |
//if mu-plugins component not being loaded trigger a later init
|
14 |
if(!defined('WPH_PATH'))
|
15 |
{
|
16 |
+
|
|
|
17 |
define('WPH_PATH', plugin_dir_path(__FILE__));
|
18 |
include_once(WPH_PATH . '/include/wph.class.php');
|
19 |
include_once(WPH_PATH . '/include/functions.class.php');
|
34 |
*/
|
35 |
ob_start(array($wph, 'ob_start_callback'));
|
36 |
|
37 |
+
|
38 |
}
|
39 |
|
40 |
|