Version Description
Download this release
Release Info
| Developer | paultgoodchild |
| Plugin |  Shield Security for WordPress |
| Version | 14.1.6 |
| Comparing to | |
| See all releases | |
Code changes from version 14.1.5 to 14.1.6
- cl.json +10 -0
- config/deprecated/comments_filter.php +6 -0
- icwp-wpsf.php +1 -1
- plugin-spec.php +3 -3
- plugin.json +3 -3
- readme.txt +1 -1
- src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php +5 -4
- src/lib/src/Users/BulkUpdateUserMeta.php +21 -17
- src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/IpUtils.php +25 -28
cl.json
CHANGED
|
@@ -166,6 +166,16 @@
|
|
| 166 |
"type": "fixed"
|
| 167 |
}
|
| 168 |
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 169 |
}
|
| 170 |
]
|
| 171 |
},
|
| 166 |
"type": "fixed"
|
| 167 |
}
|
| 168 |
]
|
| 169 |
+
},
|
| 170 |
+
{
|
| 171 |
+
"version": "6",
|
| 172 |
+
"released_at": 1648122640,
|
| 173 |
+
"items": [
|
| 174 |
+
{
|
| 175 |
+
"title": "Improve the updating Shield user metas to now bypass WP's User Query subsystem that fires massive SQL queries.",
|
| 176 |
+
"type": "improve"
|
| 177 |
+
}
|
| 178 |
+
]
|
| 179 |
}
|
| 180 |
]
|
| 181 |
},
|
config/deprecated/comments_filter.php
CHANGED
|
@@ -336,6 +336,12 @@
|
|
| 336 |
"ip_address",
|
| 337 |
"user_agent"
|
| 338 |
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 339 |
}
|
| 340 |
],
|
| 341 |
"definitions": {
|
| 336 |
"ip_address",
|
| 337 |
"user_agent"
|
| 338 |
]
|
| 339 |
+
},
|
| 340 |
+
{
|
| 341 |
+
"key": "enable_antibot_check",
|
| 342 |
+
"section": "section_non_ui",
|
| 343 |
+
"type": "checkbox",
|
| 344 |
+
"default": ""
|
| 345 |
}
|
| 346 |
],
|
| 347 |
"definitions": {
|
icwp-wpsf.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Shield Security
|
| 4 |
* Plugin URI: https://shsec.io/2f
|
| 5 |
* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
|
| 6 |
-
* Version: 14.1.
|
| 7 |
* Text Domain: wp-simple-firewall
|
| 8 |
* Domain Path: /languages
|
| 9 |
* Author: Shield Security
|
| 3 |
* Plugin Name: Shield Security
|
| 4 |
* Plugin URI: https://shsec.io/2f
|
| 5 |
* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
|
| 6 |
+
* Version: 14.1.6
|
| 7 |
* Text Domain: wp-simple-firewall
|
| 8 |
* Domain Path: /languages
|
| 9 |
* Author: Shield Security
|
plugin-spec.php
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
-
"version": "14.1.
|
| 4 |
-
"release_timestamp":
|
| 5 |
-
"build": "202203.
|
| 6 |
"slug_parent": "icwp",
|
| 7 |
"slug_plugin": "wpsf",
|
| 8 |
"human_name": "Shield Security",
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
+
"version": "14.1.6",
|
| 4 |
+
"release_timestamp": 1648122640,
|
| 5 |
+
"build": "202203.2401",
|
| 6 |
"slug_parent": "icwp",
|
| 7 |
"slug_plugin": "wpsf",
|
| 8 |
"human_name": "Shield Security",
|
plugin.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
-
"version": "14.1.
|
| 4 |
-
"release_timestamp":
|
| 5 |
-
"build": "202203.
|
| 6 |
"slug_parent": "icwp",
|
| 7 |
"slug_plugin": "wpsf",
|
| 8 |
"human_name": "Shield Security",
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
+
"version": "14.1.6",
|
| 4 |
+
"release_timestamp": 1648122640,
|
| 5 |
+
"build": "202203.2401",
|
| 6 |
"slug_parent": "icwp",
|
| 7 |
"slug_plugin": "wpsf",
|
| 8 |
"human_name": "Shield Security",
|
readme.txt
CHANGED
|
@@ -8,7 +8,7 @@ Requires at least: 3.7
|
|
| 8 |
Requires PHP: 7.0
|
| 9 |
Recommended PHP: 7.4
|
| 10 |
Tested up to: 5.9
|
| 11 |
-
Stable tag: 14.1.
|
| 12 |
|
| 13 |
No-Nonsense Security Hardening that protects WordPress against hackers, malicious bots, and spammers (no captchas!). Now with exclusive ShieldNET Technology.
|
| 14 |
|
| 8 |
Requires PHP: 7.0
|
| 9 |
Recommended PHP: 7.4
|
| 10 |
Tested up to: 5.9
|
| 11 |
+
Stable tag: 14.1.6
|
| 12 |
|
| 13 |
No-Nonsense Security Hardening that protects WordPress against hackers, malicious bots, and spammers (no captchas!). Now with exclusive ShieldNET Technology.
|
| 14 |
|
src/lib/src/Modules/UserManagement/Lib/Session/UserSessionHandler.php
CHANGED
|
@@ -2,7 +2,6 @@
|
|
| 2 |
|
| 3 |
namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\UserManagement\Lib\Session;
|
| 4 |
|
| 5 |
-
use FernleafSystems\Wordpress\Plugin\Shield\Databases\Session\EntryVO;
|
| 6 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
|
| 7 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\UserManagement;
|
| 8 |
use FernleafSystems\Wordpress\Plugin\Shield\Utilities\Consumer\WpLoginCapture;
|
|
@@ -42,12 +41,14 @@ class UserSessionHandler extends ExecOnceModConsumer {
|
|
| 42 |
|
| 43 |
$user = Services::WpUsers()->getCurrentWpUser();
|
| 44 |
try {
|
| 45 |
-
if ( !empty( $srvIP->isValidIp( $srvIP->getRequestIp() ) ) ) {
|
| 46 |
$this->assessSession();
|
| 47 |
}
|
| 48 |
}
|
| 49 |
catch ( \Exception $e ) {
|
| 50 |
-
$
|
|
|
|
|
|
|
| 51 |
if ( !$srvIP->isLoopback() ) {
|
| 52 |
$event = $e->getMessage();
|
| 53 |
|
|
@@ -92,7 +93,7 @@ class UserSessionHandler extends ExecOnceModConsumer {
|
|
| 92 |
}
|
| 93 |
|
| 94 |
$srvIP = Services::IP();
|
| 95 |
-
if ( $opts->isLockToIp() && $srvIP->getRequestIp()
|
| 96 |
throw new \Exception( 'session_iplock' );
|
| 97 |
}
|
| 98 |
}
|
| 2 |
|
| 3 |
namespace FernleafSystems\Wordpress\Plugin\Shield\Modules\UserManagement\Lib\Session;
|
| 4 |
|
|
|
|
| 5 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
|
| 6 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\UserManagement;
|
| 7 |
use FernleafSystems\Wordpress\Plugin\Shield\Utilities\Consumer\WpLoginCapture;
|
| 41 |
|
| 42 |
$user = Services::WpUsers()->getCurrentWpUser();
|
| 43 |
try {
|
| 44 |
+
if ( !empty( $srvIP->isValidIp( $srvIP->getRequestIp() ) ) && !$srvIP->isLoopback() ) {
|
| 45 |
$this->assessSession();
|
| 46 |
}
|
| 47 |
}
|
| 48 |
catch ( \Exception $e ) {
|
| 49 |
+
if ( $e->getMessage() === 'session_iplock' ) {
|
| 50 |
+
$srvIP->getServerPublicIPs( true );
|
| 51 |
+
}
|
| 52 |
if ( !$srvIP->isLoopback() ) {
|
| 53 |
$event = $e->getMessage();
|
| 54 |
|
| 93 |
}
|
| 94 |
|
| 95 |
$srvIP = Services::IP();
|
| 96 |
+
if ( $opts->isLockToIp() && !$srvIP->checkIp( $srvIP->getRequestIp(), $sess->ip ) ) {
|
| 97 |
throw new \Exception( 'session_iplock' );
|
| 98 |
}
|
| 99 |
}
|
src/lib/src/Users/BulkUpdateUserMeta.php
CHANGED
|
@@ -5,6 +5,7 @@ namespace FernleafSystems\Wordpress\Plugin\Shield\Users;
|
|
| 5 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
|
| 6 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\UserMeta\Ops\Select;
|
| 7 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\PluginControllerConsumer;
|
|
|
|
| 8 |
|
| 9 |
class BulkUpdateUserMeta extends ExecOnceModConsumer {
|
| 10 |
|
|
@@ -18,31 +19,34 @@ class BulkUpdateUserMeta extends ExecOnceModConsumer {
|
|
| 18 |
}
|
| 19 |
|
| 20 |
protected function run() {
|
| 21 |
-
$
|
| 22 |
-
|
| 23 |
-
|
| 24 |
-
'
|
| 25 |
-
|
| 26 |
-
|
| 27 |
-
|
| 28 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 29 |
}
|
| 30 |
|
| 31 |
-
|
| 32 |
/** @var Select $metaSelect */
|
| 33 |
$metaSelect = $this->getCon()
|
| 34 |
->getModule_Data()
|
| 35 |
->getDbH_UserMeta()
|
| 36 |
->getQuerySelector();
|
| 37 |
-
|
| 38 |
->setSelectResultsFormat( ARRAY_A )
|
| 39 |
->setColumnsToSelect( [ 'user_id' ] )
|
| 40 |
-
->
|
| 41 |
-
return array_filter( array_map(
|
| 42 |
-
function ( $res ) {
|
| 43 |
-
return (int)array_pop( $res );
|
| 44 |
-
},
|
| 45 |
-
is_array( $res ) ? $res : []
|
| 46 |
-
) );
|
| 47 |
}
|
| 48 |
}
|
| 5 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Base\Common\ExecOnceModConsumer;
|
| 6 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\Data\DB\UserMeta\Ops\Select;
|
| 7 |
use FernleafSystems\Wordpress\Plugin\Shield\Modules\PluginControllerConsumer;
|
| 8 |
+
use FernleafSystems\Wordpress\Services\Services;
|
| 9 |
|
| 10 |
class BulkUpdateUserMeta extends ExecOnceModConsumer {
|
| 11 |
|
| 19 |
}
|
| 20 |
|
| 21 |
protected function run() {
|
| 22 |
+
$WPDB = Services::WpDb();
|
| 23 |
+
/** @var array[] $IDs */
|
| 24 |
+
$IDs = $WPDB->selectCustom( sprintf(
|
| 25 |
+
'SELECT `ID` from `%s` WHERE `ID` NOT IN (%s) LIMIT 20',
|
| 26 |
+
$WPDB->getTable_Users(),
|
| 27 |
+
$this->getExistingUserMetaIDsQuery()
|
| 28 |
+
) );
|
| 29 |
+
|
| 30 |
+
array_map(
|
| 31 |
+
function ( $ID ) {
|
| 32 |
+
if ( is_array( $ID ) && !empty( $ID[ 'ID' ] ) ) {
|
| 33 |
+
$user = Services::WpUsers()->getUserById( $ID[ 'ID' ] );
|
| 34 |
+
$this->getCon()->getUserMeta( $user );
|
| 35 |
+
}
|
| 36 |
+
},
|
| 37 |
+
is_array( $IDs ) ? $IDs : []
|
| 38 |
+
);
|
| 39 |
}
|
| 40 |
|
| 41 |
+
private function getExistingUserMetaIDsQuery() :string {
|
| 42 |
/** @var Select $metaSelect */
|
| 43 |
$metaSelect = $this->getCon()
|
| 44 |
->getModule_Data()
|
| 45 |
->getDbH_UserMeta()
|
| 46 |
->getQuerySelector();
|
| 47 |
+
return $metaSelect->setResultsAsVo( false )
|
| 48 |
->setSelectResultsFormat( ARRAY_A )
|
| 49 |
->setColumnsToSelect( [ 'user_id' ] )
|
| 50 |
+
->buildQuery();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 51 |
}
|
| 52 |
}
|
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/IpUtils.php
CHANGED
|
@@ -221,31 +221,28 @@ class IpUtils {
|
|
| 221 |
}
|
| 222 |
|
| 223 |
/**
|
| 224 |
-
* @param $
|
| 225 |
-
* @return bool
|
| 226 |
*/
|
| 227 |
-
public function isPrivateIP( $
|
| 228 |
-
return $this->isValidIp( $
|
| 229 |
-
&& !$this->isValidIp_PublicRemote( $sIP );
|
| 230 |
}
|
| 231 |
|
| 232 |
/**
|
| 233 |
-
* @param string $
|
| 234 |
-
* @return bool
|
| 235 |
*/
|
| 236 |
-
public function isTrueLoopback( $
|
| 237 |
try {
|
| 238 |
-
$
|
| 239 |
-
|
| 240 |
}
|
| 241 |
catch ( \Exception $e ) {
|
| 242 |
-
$
|
| 243 |
}
|
| 244 |
-
return $
|
| 245 |
}
|
| 246 |
|
| 247 |
public function isLoopback() :bool {
|
| 248 |
-
return
|
| 249 |
}
|
| 250 |
|
| 251 |
public function isSupportedIpv6() :bool {
|
|
@@ -316,31 +313,31 @@ class IpUtils {
|
|
| 316 |
* @param string $ip
|
| 317 |
* @return bool
|
| 318 |
*/
|
| 319 |
-
public function isValidIpRange( $ip ) {
|
| 320 |
return $this->isValidIp4Range( $ip ) || $this->isValidIp6Range( $ip );
|
| 321 |
}
|
| 322 |
|
| 323 |
/**
|
| 324 |
-
* @param bool $
|
| 325 |
* @return string[]
|
| 326 |
*/
|
| 327 |
-
public function getServerPublicIPs( $
|
| 328 |
-
if ( $
|
| 329 |
|
| 330 |
-
$
|
| 331 |
-
if ( empty( $
|
| 332 |
-
$
|
| 333 |
'check_at' => 0,
|
| 334 |
'hash' => '',
|
| 335 |
'ips' => []
|
| 336 |
];
|
| 337 |
}
|
| 338 |
|
| 339 |
-
$
|
| 340 |
-
$
|
| 341 |
-
|
| 342 |
-
if ( $
|
| 343 |
-
$
|
| 344 |
'check_at' => Services::Request()->ts(),
|
| 345 |
'hash' => Services::Data()->getServerHash(),
|
| 346 |
'ips' => array_filter(
|
|
@@ -350,12 +347,12 @@ class IpUtils {
|
|
| 350 |
}
|
| 351 |
)
|
| 352 |
];
|
| 353 |
-
Utilities\Options\Transient::Set( 'my_server_ips', $
|
| 354 |
}
|
| 355 |
|
| 356 |
-
$this->aMyIps = $
|
| 357 |
}
|
| 358 |
-
return $this->aMyIps;
|
| 359 |
}
|
| 360 |
|
| 361 |
/**
|
| 221 |
}
|
| 222 |
|
| 223 |
/**
|
| 224 |
+
* @param string $IP
|
|
|
|
| 225 |
*/
|
| 226 |
+
public function isPrivateIP( $IP ) :bool {
|
| 227 |
+
return $this->isValidIp( $IP ) && !$this->isValidIp_PublicRemote( $IP );
|
|
|
|
| 228 |
}
|
| 229 |
|
| 230 |
/**
|
| 231 |
+
* @param string $IP
|
|
|
|
| 232 |
*/
|
| 233 |
+
public function isTrueLoopback( $IP ) :bool {
|
| 234 |
try {
|
| 235 |
+
$LB = ( $this->getIpVersion( $IP ) == 4 && $this->checkIp4( $IP, '127.0.0.0/8' ) )
|
| 236 |
+
|| ( $this->getIpVersion( $IP == 6 ) && $this->checkIp6( $IP, '::1/128' ) );
|
| 237 |
}
|
| 238 |
catch ( \Exception $e ) {
|
| 239 |
+
$LB = false;
|
| 240 |
}
|
| 241 |
+
return $LB;
|
| 242 |
}
|
| 243 |
|
| 244 |
public function isLoopback() :bool {
|
| 245 |
+
return $this->checkIp( $this->getRequestIp(), $this->getServerPublicIPs() );
|
| 246 |
}
|
| 247 |
|
| 248 |
public function isSupportedIpv6() :bool {
|
| 313 |
* @param string $ip
|
| 314 |
* @return bool
|
| 315 |
*/
|
| 316 |
+
public function isValidIpRange( $ip ) :bool {
|
| 317 |
return $this->isValidIp4Range( $ip ) || $this->isValidIp6Range( $ip );
|
| 318 |
}
|
| 319 |
|
| 320 |
/**
|
| 321 |
+
* @param bool $forceRefresh
|
| 322 |
* @return string[]
|
| 323 |
*/
|
| 324 |
+
public function getServerPublicIPs( $forceRefresh = false ) :array {
|
| 325 |
+
if ( $forceRefresh || empty( $this->aMyIps ) ) {
|
| 326 |
|
| 327 |
+
$IPs = Utilities\Options\Transient::Get( 'my_server_ips' );
|
| 328 |
+
if ( empty( $IPs ) || !is_array( $IPs ) || empty( $IPs[ 'check_at' ] ) ) {
|
| 329 |
+
$IPs = [
|
| 330 |
'check_at' => 0,
|
| 331 |
'hash' => '',
|
| 332 |
'ips' => []
|
| 333 |
];
|
| 334 |
}
|
| 335 |
|
| 336 |
+
$age = Services::Request()->ts() - $IPs[ 'check_at' ];
|
| 337 |
+
$isExpired = ( $age > HOUR_IN_SECONDS )
|
| 338 |
+
&& ( Services::Data()->getServerHash() != $IPs[ 'hash' ] || $age > WEEK_IN_SECONDS );
|
| 339 |
+
if ( $forceRefresh || $isExpired ) {
|
| 340 |
+
$IPs = [
|
| 341 |
'check_at' => Services::Request()->ts(),
|
| 342 |
'hash' => Services::Data()->getServerHash(),
|
| 343 |
'ips' => array_filter(
|
| 347 |
}
|
| 348 |
)
|
| 349 |
];
|
| 350 |
+
Utilities\Options\Transient::Set( 'my_server_ips', $IPs, MONTH_IN_SECONDS );
|
| 351 |
}
|
| 352 |
|
| 353 |
+
$this->aMyIps = $IPs[ 'ips' ];
|
| 354 |
}
|
| 355 |
+
return is_array( $this->aMyIps ) ? $this->aMyIps : [];
|
| 356 |
}
|
| 357 |
|
| 358 |
/**
|
