Acunetix WP Security - Version 3.0.7

Version Description

Download this release

Release Info

Developer WebsiteDefender
Plugin Icon wp plugin Acunetix WP Security
Version 3.0.7
Comparing to
See all releases

Code changes from version 3.0.6 to 3.0.7

Files changed (8) hide show
  1. backups/index.php +1 -0
  2. css/acx-wp-dashboard.css +17 -0
  3. inc/admin/templates/db-change-prefix.php +1 -1
  4. libs/functions.php +70 -22
  5. libs/wsd.php +13 -9
  6. readme.txt +7 -2
  7. securityscan.php +9 -2
  8. uninstall.php +9 -6
backups/index.php ADDED
@@ -0,0 +1 @@
 
1
+ <?php /*[ Only to prevent directory listing ]*/ ?>
css/acx-wp-dashboard.css ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ /*
2
+ * manage the rss box on dashboard
3
+ */
4
+
5
+ #acx_plugin_dashboard_widget h3.hndle{
6
+ background: url('../images/wsd-logo-small.png') no-repeat 5px 50%;
7
+ padding-left: 35px; padding-top: 10px;
8
+ }
9
+ #acx_plugin_dashboard_widget h4 {
10
+ margin: 0 0; font-size: 1.2em;
11
+ /* background: url('../images/arrow-black-icon.png') no-repeat left center;
12
+ background: url('../images/wsd-logo-small-list.png') no-repeat left center;
13
+ padding-left: 20px;*/
14
+ }
15
+ #acx_plugin_dashboard_widget p { margin: 3px 0; }
16
+
17
+
inc/admin/templates/db-change-prefix.php CHANGED
@@ -64,7 +64,7 @@ echo wsd_eInfo($infoMessage,'information');
64
  if (empty($wsd_userDbRights['rightsEnough'])) {
65
  $wsd_Message .= wsd_eInfo('The User which is used to access your Wordpress Database, hasn\'t enough rights (is missing the ALTER right) to alter the Table structure.
66
  <br/>Please visit the <a href="http://www.websitedefender.com/category/faq/" target=_blank">WebsiteDefender WP Security Scan WordPress plugin documentation</a> website for more information.
67
- <br/>If the user has ALTER rights and the tool is still not working, please <a href="http://semperfiwebdesign.com/contact/" target="_blank">contact</a> the plugin author for assistance.');
68
  }
69
  if (!empty($wsd_userDbRights['rightsTooMuch'])) {
70
  $wsd_Message .= wsd_eInfo('Your currently used User to access the Wordpress Database, holds too many rights.'.
64
  if (empty($wsd_userDbRights['rightsEnough'])) {
65
  $wsd_Message .= wsd_eInfo('The User which is used to access your Wordpress Database, hasn\'t enough rights (is missing the ALTER right) to alter the Table structure.
66
  <br/>Please visit the <a href="http://www.websitedefender.com/category/faq/" target=_blank">WebsiteDefender WP Security Scan WordPress plugin documentation</a> website for more information.
67
+ <br/>If the user <code>has ALTER rights</code> and the tool is still not working, please <a href="http://www.websitedefender.com/support/" target="_blank">contact us</a> for assistance!');
68
  }
69
  if (!empty($wsd_userDbRights['rightsTooMuch'])) {
70
  $wsd_Message .= wsd_eInfo('Your currently used User to access the Wordpress Database, holds too many rights.'.
libs/functions.php CHANGED
@@ -1,19 +1,37 @@
1
  <?php
2
 
3
- function make_seed() {
4
- list($usec, $sec) = explode(' ', microtime());
5
- return (float) $sec + ((float) $usec * 100000);
6
- }
 
 
 
 
 
 
 
 
7
 
8
- function make_password($password_length){
9
- srand(make_seed());
10
- $alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
11
- $token = "";
12
- for($i = 0; $i < $password_length; $i ++) {
13
- $token .= $alfa[rand(0, strlen($alfa))];
14
- }
15
- return $token;
16
- }
 
 
 
 
 
 
 
 
 
 
17
 
18
  function check_perms($name,$path,$perm)
19
  {
@@ -183,8 +201,8 @@ function wsd_wpConfigCheckPermissions($wpConfigFilePath)
183
  */
184
  function wsd_getDbUserRights()
185
  {
 
186
  global $wpdb;
187
-
188
  $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
189
  $rightsenough = $rightstomuch = false;
190
 
@@ -207,8 +225,45 @@ function wsd_getDbUserRights()
207
  'rightsEnough' => $rightsenough,
208
  'rightsTooMuch' => $rightstomuch,
209
  );
210
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
211
 
 
 
 
 
 
212
 
213
 
214
  /**
@@ -510,11 +565,4 @@ function wsd_eInfo($infoMessage, $alertType = 'notify')
510
  {
511
  return ('<p class="wsd_user_'.$alertType.'">'.$infoMessage.'</p>');
512
  }
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
  ?>
1
  <?php
2
 
3
+ if (!function_exists('make_seed')) :
4
+ /**
5
+ * @public
6
+ * Create a number
7
+ * @return double
8
+ */
9
+ function make_seed()
10
+ {
11
+ list($usec, $sec) = explode(' ', microtime());
12
+ return (float)$sec + ((float)$usec * 100000);
13
+ }
14
+ endif;
15
 
16
+
17
+ if (!function_exists('make_password')) :
18
+ /**
19
+ * @public
20
+ * @uses make_seed()
21
+ * Generate a strong password
22
+ * @return string
23
+ */
24
+ function make_password($password_length)
25
+ {
26
+ srand(make_seed());
27
+ $alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
28
+ $token = "";
29
+ for($i = 0; $i < $password_length; $i ++) {
30
+ $token .= $alfa[rand(0, strlen($alfa))];
31
+ }
32
+ return $token;
33
+ }
34
+ endif;
35
 
36
  function check_perms($name,$path,$perm)
37
  {
201
  */
202
  function wsd_getDbUserRights()
203
  {
204
+ /*
205
  global $wpdb;
 
206
  $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
207
  $rightsenough = $rightstomuch = false;
208
 
225
  'rightsEnough' => $rightsenough,
226
  'rightsTooMuch' => $rightstomuch,
227
  );
228
+ */
229
+ global $wpdb;
230
+
231
+ $rightsenough = $rightstoomuch = false;
232
+ $data = array(
233
+ 'rightsEnough' => false,
234
+ 'rightsTooMuch' => false
235
+ );
236
+
237
+ //@ $r1 09/12/2011 {c} $
238
+
239
+ $rights = $wpdb->get_results("SHOW PRIVILEGES", ARRAY_N);
240
+
241
+ if (empty($rights)) { return $data; }
242
+
243
+ $_tooManyRights = array('CREATE','DELETE','DROP','EVENT','EXECUTE','FILE','GRANT','PROCESS','RELOAD','SHUTDOWN','SUPER');
244
+ $numRights = 0;
245
+ foreach ($rights as $right)
246
+ {
247
+ if (! empty($right[0]))
248
+ {
249
+ $_right = strtoupper($right[0]);
250
+ if ('ALTER' == $_right) {
251
+ $rightsenough = true;
252
+ }
253
+ if (in_array($_right, $tooManyRights)) {
254
+ $numRights += 1;
255
+ }
256
+ }
257
+ }
258
+ if ($numRights >= 5) {
259
+ $rightstoomuch = true;
260
+ }
261
 
262
+ return array(
263
+ 'rightsEnough' => $rightsenough,
264
+ 'rightsTooMuch' => $rightstoomuch,
265
+ );
266
+ }
267
 
268
 
269
  /**
565
  {
566
  return ('<p class="wsd_user_'.$alertType.'">'.$infoMessage.'</p>');
567
  }
 
 
 
 
 
 
 
568
  ?>
libs/wsd.php CHANGED
@@ -20,7 +20,11 @@ define("HTTP_CHUNK_HEADER", 3);
20
  define("HTTP_CHUNK_BODY", 4);
21
  //globals
22
  $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
23
- function wsd_site_url(){return get_option( "siteurl" )."/";}
 
 
 
 
24
 
25
  function wsd_parseUrl($url)
26
  {
@@ -84,8 +88,8 @@ function wsd_httpRequest($verb, $url, $body="", $headers=array(), $timeout = 10)
84
  if($url["error"] !== NULL) return $url;
85
 
86
  $scheme = $url["scheme"]=="https" ? "ssl://" : "";
87
-
88
- $fp = fsockopen($scheme.$url["host"], $url["port"] , $errno, $errstr, $timeout);
89
 
90
  if (!$fp)
91
  {
@@ -100,7 +104,7 @@ function wsd_httpRequest($verb, $url, $body="", $headers=array(), $timeout = 10)
100
  }
101
  else
102
  {
103
- error_reporting($e);
104
  return array("error"=>"Can't connect to server [$errno].");
105
  }
106
  }
@@ -287,7 +291,7 @@ function wsd_jsonRPC($url, $method, $params, $timeout = 10)
287
 
288
  if((! array_key_exists("id", $response["body"])) || ($response["body"]["id"] != $id) )
289
  {
290
- $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [0].");
291
  return NULL;
292
  }
293
 
@@ -483,9 +487,9 @@ function wsd_render_add_target_id()
483
  <div class="wsd-inside">
484
  <?php if(!empty($error)) wsd_render_error($error); ?>
485
  <form action="" method="post" id="wsd_target_id_form" name="wsd_target_id_form">
486
- <label for="wsd_target_update_id">Target ID:</label>
487
- <input type="text" name="targetid" id="targetid"/>
488
- <input type="submit" name="wsd_update_target_id" value="Update" />
489
  </form>
490
  </div>
491
  <?php
@@ -660,7 +664,7 @@ function wsd_render_target_status()
660
  #echo "wsd_render_target_status<br>";
661
  $user = get_option('WSD-USER');
662
  if((!is_string($user))||($user == "") ) $user = get_option("admin_email");
663
- $status = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.status", array($user, get_option('WSD-TARGETID')));
664
  if($status === NULL)
665
  {
666
  wsd_render_error();
20
  define("HTTP_CHUNK_BODY", 4);
21
  //globals
22
  $GLOBALS['wsd_last_err'] = array('code'=>0, 'message'=>'');
23
+
24
+ function wsd_site_url(){
25
+ $url = get_option( 'siteurl' );
26
+ return trailingslashit($url);
27
+ }
28
 
29
  function wsd_parseUrl($url)
30
  {
88
  if($url["error"] !== NULL) return $url;
89
 
90
  $scheme = $url["scheme"]=="https" ? "ssl://" : "";
91
+
92
+ $fp = fsockopen($scheme.$url["host"], $url["port"] , $errno, $errstr, $timeout);
93
 
94
  if (!$fp)
95
  {
104
  }
105
  else
106
  {
107
+ error_reporting($e);
108
  return array("error"=>"Can't connect to server [$errno].");
109
  }
110
  }
291
 
292
  if((! array_key_exists("id", $response["body"])) || ($response["body"]["id"] != $id) )
293
  {
294
+ $GLOBALS['wsd_last_err'] = array("code" => 0, "message" => "Invalid JSONRPC response [0]." . var_export($response, true));
295
  return NULL;
296
  }
297
 
487
  <div class="wsd-inside">
488
  <?php if(!empty($error)) wsd_render_error($error); ?>
489
  <form action="" method="post" id="wsd_target_id_form" name="wsd_target_id_form">
490
+ <label for="wsd_target_update_id"><?php echo __('Target ID');?>:</label>
491
+ <input type="text" name="targetid" id="targetid" value="<?php echo get_option('WSD-TARGETID');?>"/>
492
+ <input type="submit" name="wsd_update_target_id" value="<?php echo __('Update');?>" />
493
  </form>
494
  </div>
495
  <?php
664
  #echo "wsd_render_target_status<br>";
665
  $user = get_option('WSD-USER');
666
  if((!is_string($user))||($user == "") ) $user = get_option("admin_email");
667
+ $status = wsd_jsonRPC(WSD_URL_RPC, "cPlugin.status", array($user, get_option('WSD-TARGETID'), wsd_site_url()));
668
  if($status === NULL)
669
  {
670
  wsd_render_error();
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: WebsiteDefender
3
  Author: WebsiteDefender
4
  Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts, wsd, websitedefender,
5
  plugins, private, protection, tracking, wordpress
6
- Requires at least: 2.6
7
  Tested up to: 3.2.1
8
  Stable tag: trunk
9
 
@@ -22,7 +22,7 @@ WP Security Scan checks your WordPress website/blog for security vulnerabilities
22
 
23
  = Requirements =
24
 
25
- * WordPress version 2.6 and higher (tested at <= 3.2.1)
26
  * PHP5 (tested with PHP Interpreter >= 5.2.9)
27
 
28
  For more information on the WP Security Scan and other WordPress security news, visit the <a href="http://www.websitedefender.com/blog" target="_blank">WebsiteDefender Blog</a> and join our <a href="http://www.facebook.com/websitedefender" target="_blank">Facebook</a> page. Post any questions or feedback on the <a href="http://www.websitedefender.com/forums/wp-security-scan-plugin/" target="_blank">WP Security Scan plugin forum</a>.
@@ -41,6 +41,11 @@ For more information on the WP Security Scan and other WordPress security news,
41
 
42
  == Changelog ==
43
 
 
 
 
 
 
44
  = v3.0.6 =
45
  * Feature: The WebsiteDefender RSS widget added to the admin dashboard
46
  * Update: The plug-in has been made compatible with Secure WP and WebsiteDefender WordPress Security
3
  Author: WebsiteDefender
4
  Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts, wsd, websitedefender,
5
  plugins, private, protection, tracking, wordpress
6
+ Requires at least: 3.0
7
  Tested up to: 3.2.1
8
  Stable tag: trunk
9
 
22
 
23
  = Requirements =
24
 
25
+ * WordPress version 3.0 and higher (tested at <= 3.2.1)
26
  * PHP5 (tested with PHP Interpreter >= 5.2.9)
27
 
28
  For more information on the WP Security Scan and other WordPress security news, visit the <a href="http://www.websitedefender.com/blog" target="_blank">WebsiteDefender Blog</a> and join our <a href="http://www.facebook.com/websitedefender" target="_blank">Facebook</a> page. Post any questions or feedback on the <a href="http://www.websitedefender.com/forums/wp-security-scan-plugin/" target="_blank">WP Security Scan plugin forum</a>.
41
 
42
  == Changelog ==
43
 
44
+ = v3.0.7 =
45
+ * BugFix: The bug reported about ALTER rights retrieval has been addressed
46
+ * Update: Code cleanup
47
+ * Update: Minor internal updates
48
+
49
  = v3.0.6 =
50
  * Feature: The WebsiteDefender RSS widget added to the admin dashboard
51
  * Update: The plug-in has been made compatible with Secure WP and WebsiteDefender WordPress Security
securityscan.php CHANGED
@@ -5,15 +5,15 @@ Plugin URI: http://www.websitedefender.com/news/free-wordpress-security-scan-plu
5
 
6
  Description: Perform security scan of WordPress installation.
7
  Author: WebsiteDefender
8
- Version: 3.0.6
9
  Author URI: http://www.websitedefender.com/
10
  */
11
-
12
  /*
13
  * $rev #1 07/17/2011 {c}
14
  * $rev #2 07/26,27/2011 {c}
15
  * $rev #3 08/05/2011 {c}
16
  * $rev #4 08/26/2011 {c}
 
17
  */
18
  /*
19
  Copyright (C) 2008-2010 Acunetix / http://www.websitedefender.com/
@@ -47,6 +47,9 @@ if ( ! defined('WP_PLUGIN_DIR')) {
47
  }
48
 
49
 
 
 
 
50
 
51
  //## $rev #1, #2, #3 {c}$
52
  if(!function_exists('json_encode') || !class_exists('Services_JSON')) {
@@ -106,6 +109,10 @@ unset($plugin1,$plugin2);
106
 
107
  function mrt_wpss_admin_init(){
108
  wp_enqueue_style('wsd_style', WP_PLUGIN_URL . '/wp-security-scan/css/wsd.css');
 
 
 
 
109
  }
110
 
111
  remove_action('wp_head', 'wp_generator');
5
 
6
  Description: Perform security scan of WordPress installation.
7
  Author: WebsiteDefender
8
+ Version: 3.0.7
9
  Author URI: http://www.websitedefender.com/
10
  */
 
11
  /*
12
  * $rev #1 07/17/2011 {c}
13
  * $rev #2 07/26,27/2011 {c}
14
  * $rev #3 08/05/2011 {c}
15
  * $rev #4 08/26/2011 {c}
16
+ * $rev #5 09/12/2011 {c}
17
  */
18
  /*
19
  Copyright (C) 2008-2010 Acunetix / http://www.websitedefender.com/
47
  }
48
 
49
 
50
+ //! #r4# @see http://wordpress.org/support/topic/update-to-306-breaks-wp-321
51
+ @require_once(ABSPATH.'wp-includes/pluggable.php');
52
+
53
 
54
  //## $rev #1, #2, #3 {c}$
55
  if(!function_exists('json_encode') || !class_exists('Services_JSON')) {
109
 
110
  function mrt_wpss_admin_init(){
111
  wp_enqueue_style('wsd_style', WP_PLUGIN_URL . '/wp-security-scan/css/wsd.css');
112
+ /* #r5# */
113
+ $h6 = 'swp-dashboard';
114
+ wp_register_style($h6, WP_PLUGIN_URL . '/wp-security-scan/css/acx-wp-dashboard.css');
115
+ wp_enqueue_style($h6);
116
  }
117
 
118
  remove_action('wp_head', 'wp_generator');
uninstall.php CHANGED
@@ -1,9 +1,12 @@
1
- <?php if (!defined('WP_UNINSTALL_PLUGIN')) {exit;}
2
  /*
3
  * Delete stored options from the options table
4
  */
5
- delete_option('WSD-COOKIE');
6
- delete_option('WSD-TOKEN');
7
- delete_option('WSD-TARGETID');
8
- delete_option('WSD-USER');
9
- delete_option('wsd_feed_data');
 
 
 
1
+ <?php if( !defined( 'ABSPATH') && !defined('WP_UNINSTALL_PLUGIN') ) { exit(); }
2
  /*
3
  * Delete stored options from the options table
4
  */
5
+ delete_option('wsd_feed_data');
6
+
7
+ // this is a shared option so if there are
8
+ // any other plug-ins installed, then don't
9
+ // delete it.
10
+ $__1 = ABSPATH.'wp-content/plugins/websitedefender-wordpress-security';
11
+ $__2 = ABSPATH.'wp-content/plugins/secure-wordpress';
12
+ if (!is_dir($__1) || !is_dir($__2)) { delete_option('wsd_feed_data'); }