Shield Security for WordPress - Version 8.2.3

Version Description

Current Release = Released: 25th October, 2019 - Release Notes
(v.3) FIXED: Fix for reported RXSS vulnerability - more info.
(v.3) FIXED: Fix for Rest API detection.
(v.3) FIXED: Fix for translation of some strings.

Release Info

Developer	paultgoodchild
Plugin	Shield Security for WordPress
Version	8.2.3
Comparing to
See all releases

Code changes from version 8.2.2 to 8.2.3

Files changed (10) hide show

icwp-wpsf.php +1 -1
plugin-spec.php +3 -3
readme.txt +10 -7
src/common/icwp-request.php +3 -2
src/lib/src/Modules/HackGuard/Strings.php +1 -1
src/lib/src/Scans/Apc/PluginScanner.php +3 -1
src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Response.php +2 -2
src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Rest.php +2 -2
src/processors/hack_protect.php +4 -2
src/processors/hackprotect_scan_ptg.php +2 -1

icwp-wpsf.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	- * Version: 8.2.2
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages
9	* Author: One Dollar Plugin


3	* Plugin Name: Shield Security
4	* Plugin URI: https://icwp.io/2f
5	* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6	+ * Version: 8.2.3
7	* Text Domain: wp-simple-firewall
8	* Domain Path: /languages
9	* Author: One Dollar Plugin

plugin-spec.php CHANGED Viewed

	@@ -1,8 +1,8 @@
1	{
2	"properties": {
3	- "version": "8.2.2",
4	- "release_timestamp": ~~1570808000~~,
5	- "build": "201910.~~1102~~",
6	"slug_parent": "icwp",
7	"slug_plugin": "wpsf",
8	"human_name": "Shield",


1	{
2	"properties": {
3	+ "version": "8.2.3",
4	+ "release_timestamp": 1571990000,
5	+ "build": "201910.2501",
6	"slug_parent": "icwp",
7	"slug_plugin": "wpsf",
8	"human_name": "Shield",

readme.txt CHANGED Viewed

	@@ -8,7 +8,7 @@ Requires at least: 3.5.2
8	Requires PHP: 5.4.0
9	Recommended PHP: 7.0
10	Tested up to: 5.3
11	- Stable tag: 8.2.2
12
13	Security protection from hackers through smarter automation. Powerful scanners, 2-Factor Auth, limit logins, auto IP blocks & more.
14
	@@ -370,8 +370,15 @@ You will always be able to use Shield Security and its free features in-full.
370
371	[Go Pro for just $1/month](https://icwp.io/aa).
372
373	- = 8.2.2 - Current Release =
374	- Released: ~~14th~~ October, 2019 - [Release Notes](https://icwp.io/g0)







375
376	* (v.2) FIXED: Fixes for scans running under Windows/IIS.
377	* (v.2) IMPROVED: Adds a check that a site can send an HTTP request to itself before allowing scans to run.
	@@ -379,10 +386,6 @@ You will always be able to use Shield Security and its free features in-full.
379	* (v.2) IMPROVED: Server's own IP address detection when site migrated to a new host.
380	* (v.2) UPDATED: International translations.
381	* (v.2) FIXED: PHP notices when data wasn't as expected.
382	-
383	- = 8.2 - Series =
384	- Released: 1st October, 2019 - [Release Notes](https://icwp.io/g0)
385	-
386	* (v.1) IMPROVED: Further reduce Malware false positives by also using SVN trunk data when verifying files for plugins and themes.
387	* (v.1) ADDED: Initial support for repairing Themes that have been installed from WordPress.org.
388	* (v.1) ADDED: Support for using [WP Hashes.com](https://wphashes.com) for WordPress.org themes (already done for plugins).


8	Requires PHP: 5.4.0
9	Recommended PHP: 7.0
10	Tested up to: 5.3
11	+ Stable tag: 8.2.3
12
13	Security protection from hackers through smarter automation. Powerful scanners, 2-Factor Auth, limit logins, auto IP blocks & more.
14

370
371	[Go Pro for just $1/month](https://icwp.io/aa).
372
373	+ = 8.2.3 - Current Release =
374	+ Released: 25th October, 2019 - [Release Notes](https://icwp.io/g1)
375	+
376	+ * (v.3) FIXED: Fix for reported RXSS vulnerability - [more info](https://icwp.io/g1).
377	+ * (v.3) FIXED: Fix for Rest API detection.
378	+ * (v.3) FIXED: Fix for translation of some strings.
379	+
380	+ = 8.2 - Series =
381	+ Released: 1st October, 2019 - [Release Notes](https://icwp.io/g0)
382
383	* (v.2) FIXED: Fixes for scans running under Windows/IIS.
384	* (v.2) IMPROVED: Adds a check that a site can send an HTTP request to itself before allowing scans to run.

386	* (v.2) IMPROVED: Server's own IP address detection when site migrated to a new host.
387	* (v.2) UPDATED: International translations.
388	* (v.2) FIXED: PHP notices when data wasn't as expected.




389	* (v.1) IMPROVED: Further reduce Malware false positives by also using SVN trunk data when verifying files for plugins and themes.
390	* (v.1) ADDED: Initial support for repairing Themes that have been installed from WordPress.org.
391	* (v.1) ADDED: Support for using [WP Hashes.com](https://wphashes.com) for WordPress.org themes (already done for plugins).

src/common/icwp-request.php CHANGED Viewed

	@@ -215,11 +215,12 @@ class ICWP_WPSF_Request extends ICWP_WPSF_Foundation {
215
216	$bSsl = is_ssl() \|\| $this->server( 'HTTP_X_FORWARDED_PROTO' ) == 'https';
217	header( 'HTTP/1.1 404 Not Found' );

218	$sDie = sprintf(
219	'<html><head><title>404 Not Found</title><style type="text/css"></style></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at %s Port %s</address></body></html>',
220	- $sRequestedUriPath,
221	$sHostName,
222	- $~~bSsl~~ ? ~~443~~ : $~~this->server( 'SERVER_PORT' )~~
223	);
224	die( $sDie );
225	}


215
216	$bSsl = is_ssl() \|\| $this->server( 'HTTP_X_FORWARDED_PROTO' ) == 'https';
217	header( 'HTTP/1.1 404 Not Found' );
218	+ $nPort = $bSsl ? 443 : (int)$this->server( 'SERVER_PORT' );
219	$sDie = sprintf(
220	'<html><head><title>404 Not Found</title><style type="text/css"></style></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at %s Port %s</address></body></html>',
221	+ preg_replace( '#[^a-z0-9_&;=%/-]#i', '', esc_html( $sRequestedUriPath ) ),
222	$sHostName,
223	+ empty( $nPort ) ? 80 : $nPort
224	);
225	die( $sDie );
226	}

src/lib/src/Modules/HackGuard/Strings.php CHANGED Viewed

	@@ -43,7 +43,7 @@ class Strings extends Base\Strings {
43	sprintf( __( '%s scan completed and items were discovered.', 'wp-simple-firewall' ), $sScanName ),
44	sprintf( '%s: %s',
45	__( 'Note', 'wp-simple-firewall' ),
46	- __( "These items wont display in results if you've previously marked them as ignored." )
47	)
48	];
49	$aMessages[ $sSlug.'_item_repair_success' ] = [


43	sprintf( __( '%s scan completed and items were discovered.', 'wp-simple-firewall' ), $sScanName ),
44	sprintf( '%s: %s',
45	__( 'Note', 'wp-simple-firewall' ),
46	+ __( "These items wont display in results if you've previously marked them as ignored.", 'wp-simple-firewall' )
47	)
48	];
49	$aMessages[ $sSlug.'_item_repair_success' ] = [

src/lib/src/Scans/Apc/PluginScanner.php CHANGED Viewed

	@@ -3,6 +3,7 @@
3	namespace FernleafSystems\Wordpress\Plugin\Shield\Scans\Apc;
4
5	use FernleafSystems\Wordpress\Plugin\Shield;

6	use FernleafSystems\Wordpress\Services\Services;
7
8	/**
	@@ -23,7 +24,8 @@ class PluginScanner {
23	/** @var ScanActionVO $oAction */
24	$oAction = $this->getScanActionVO();
25
26	- if ( Services::WpPlugins()->~~isWpOrg~~( $sPluginFile ) ~~) {~~

27	$nLastUpdatedAt = $this->getLastUpdateTime( $sPluginFile );
28	if ( $nLastUpdatedAt > 0
29	&& ( Services::Request()->ts() - $nLastUpdatedAt > $oAction->abandoned_limit ) ) {


3	namespace FernleafSystems\Wordpress\Plugin\Shield\Scans\Apc;
4
5	use FernleafSystems\Wordpress\Plugin\Shield;
6	+ use FernleafSystems\Wordpress\Services\Core\VOs\WpPluginVo;
7	use FernleafSystems\Wordpress\Services\Services;
8
9	/**

24	/** @var ScanActionVO $oAction */
25	$oAction = $this->getScanActionVO();
26
27	+ $oPlgn = Services::WpPlugins()->getPluginAsVo( $sPluginFile );
28	+ if ( $oPlgn instanceof WpPluginVo && $oPlgn->isWpOrg() ) {
29	$nLastUpdatedAt = $this->getLastUpdateTime( $sPluginFile );
30	if ( $nLastUpdatedAt > 0
31	&& ( Services::Request()->ts() - $nLastUpdatedAt > $oAction->abandoned_limit ) ) {

src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Response.php CHANGED Viewed

	@@ -137,10 +137,10 @@ class Response {
137	$bSsl = is_ssl() \|\| $oReq->server( 'HTTP_X_FORWARDED_PROTO' ) == 'https';
138	header( 'HTTP/1.1 404 Not Found' );
139
140	- $nPort = $bSsl ? 443 : $oReq->server( 'SERVER_PORT' );
141	$sDie = sprintf(
142	'<html><head><title>404 Not Found</title><style type="text/css"></style></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at %s Port %s</address></body></html>',
143	- $sRequestedUriPath,
144	$sHostName,
145	empty( $nPort ) ? 80 : $nPort
146	);


137	$bSsl = is_ssl() \|\| $oReq->server( 'HTTP_X_FORWARDED_PROTO' ) == 'https';
138	header( 'HTTP/1.1 404 Not Found' );
139
140	+ $nPort = $bSsl ? 443 : (int)$oReq->server( 'SERVER_PORT' );
141	$sDie = sprintf(
142	'<html><head><title>404 Not Found</title><style type="text/css"></style></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache Server at %s Port %s</address></body></html>',
143	+ preg_replace( '#[^a-z0-9_&;=%/-]#i', '', esc_html( $sRequestedUriPath ) ),
144	$sHostName,
145	empty( $nPort ) ? 80 : $nPort
146	);

src/lib/vendor/fernleafsystems/wordpress-services/src/Core/Rest.php CHANGED Viewed

	@@ -18,9 +18,9 @@ class Rest {
18
19	$sRoute = $this->getRoute();
20	if ( !empty( $sRoute ) ) {
21	- $aParts = explode( '/', $sRoute );
22	if ( !empty( $aParts ) ) {
23	- $sNameSpace = $aParts[ ~~0 ]~~;
24	}
25	}
26	return $sNameSpace;


18
19	$sRoute = $this->getRoute();
20	if ( !empty( $sRoute ) ) {
21	+ $aParts = array_filter( explode( '/', $sRoute ) );
22	if ( !empty( $aParts ) ) {
23	+ $sNameSpace = array_shift( $aParts );
24	}
25	}
26	return $sNameSpace;

src/processors/hack_protect.php CHANGED Viewed

	@@ -3,6 +3,7 @@
3	use FernleafSystems\Wordpress\Plugin\Shield;
4	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
5	use FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard;

6	use FernleafSystems\Wordpress\Services\Services;
7
8	class ICWP_WPSF_Processor_HackProtect extends Modules\BaseShield\ShieldProcessor {
	@@ -259,8 +260,9 @@ class ICWP_WPSF_Processor_HackProtect extends Modules\BaseShield\ShieldProcessor
259	}
260
261	$bInstalled = $oWpPlugins->isInstalled( $oIT->slug );
262	- $~~bIsWpOrg~~ = $~~bInstalled && $~~oWpPlugins->~~isWpOrg~~( $~~sSlug~~ );
263	- $~~bHasUpdate~~ = $~~bIsWpOrg~~ && $~~oWpPlugins~~->~~isUpdateAvailable~~( ~~$sSlug~~ );

264	$aProfile = [
265	'id' => $oSelector->filterByHash( $oIT->hash )->first()->id,
266	'name' => __( 'unknown', 'wp-simple-firewall' ),


3	use FernleafSystems\Wordpress\Plugin\Shield;
4	use FernleafSystems\Wordpress\Plugin\Shield\Modules;
5	use FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard;
6	+ use FernleafSystems\Wordpress\Services\Core\VOs\WpPluginVo;
7	use FernleafSystems\Wordpress\Services\Services;
8
9	class ICWP_WPSF_Processor_HackProtect extends Modules\BaseShield\ShieldProcessor {

260	}
261
262	$bInstalled = $oWpPlugins->isInstalled( $oIT->slug );
263	+ $oPlgn = $oWpPlugins->getPluginAsVo( $oIT->slug );
264	+ $bIsWpOrg = $bInstalled && $oPlgn instanceof WpPluginVo && $oPlgn->isWpOrg();
265	+ $bHasUpdate = $bIsWpOrg && $oPlgn->hasUpdate();
266	$aProfile = [
267	'id' => $oSelector->filterByHash( $oIT->hash )->first()->id,
268	'name' => __( 'unknown', 'wp-simple-firewall' ),

src/processors/hackprotect_scan_ptg.php CHANGED Viewed

	@@ -104,7 +104,8 @@ class ICWP_WPSF_Processor_HackProtect_Ptg extends ICWP_WPSF_Processor_HackProtec
104	public function addActionLinkRefresh( $aLinks, $sPluginFile ) {
105	$oWpP = Services\Services::WpPlugins();
106
107	- if ( $oWpP->~~isWpOrg~~( $sPluginFile ) ~~&& !$oWpP->isUpdateAvailable( $sPluginFile ) ) {~~

108	$sLinkTemplate = '<a href="javascript:void(0)">%s</a>';
109	$aLinks[ 'icwp-reinstall' ] = sprintf(
110	$sLinkTemplate,


104	public function addActionLinkRefresh( $aLinks, $sPluginFile ) {
105	$oWpP = Services\Services::WpPlugins();
106
107	+ $oPlgn = $oWpP->getPluginAsVo( $sPluginFile );
108	+ if ( $oPlgn instanceof Services\Core\VOs\WpPluginVo && $oPlgn->isWpOrg() && !$oWpP->isUpdateAvailable( $sPluginFile ) ) {
109	$sLinkTemplate = '<a href="javascript:void(0)">%s</a>';
110	$aLinks[ 'icwp-reinstall' ] = sprintf(
111	$sLinkTemplate,