WPS Hide Login - Version 1.5.3

Version Description

  • Fix : Security vulnerabilities (Thanks @juliobox)
Download this release

Release Info

Developer NicolasKulka
Plugin Icon 128x128 WPS Hide Login
Version 1.5.3
Comparing to
See all releases

Code changes from version 1.5.2.2 to 1.5.3

Files changed (4) hide show
  1. classes/plugin.php +26 -32
  2. readme.txt +4 -1
  3. uninstall.php +3 -0
  4. wps-hide-login.php +2 -2
classes/plugin.php CHANGED
@@ -74,7 +74,7 @@ class Plugin {
74
  add_action( 'admin_menu', array( $this, 'wps_hide_login_menu_page' ) );
75
  add_action( 'admin_init', array( $this, 'whl_template_redirect' ) );
76
 
77
- add_action( 'template_redirect', array( $this, 'wps_hide_login_redirect_page_email_notif_woocommerce' ) );
78
  add_filter( 'login_url', array( $this, 'login_url' ), 10, 3 );
79
 
80
  add_filter( 'user_request_action_email_content', array( $this, 'user_request_action_email_content' ), 999, 2 );
@@ -112,12 +112,6 @@ class Plugin {
112
 
113
  wp();
114
 
115
- if ( $_SERVER['REQUEST_URI'] === $this->user_trailingslashit( str_repeat( '-/', 10 ) ) ) {
116
-
117
- $_SERVER['REQUEST_URI'] = $this->user_trailingslashit( '/wp-login-php/' );
118
-
119
- }
120
-
121
  require_once( ABSPATH . WPINC . '/template-loader.php' );
122
 
123
  die;
@@ -214,7 +208,7 @@ class Plugin {
214
  }
215
 
216
  public function update_wpmu_options() {
217
- if ( check_admin_referer( 'siteoptions' ) ) {
218
  if ( ( $whl_page = sanitize_title_with_dashes( $_POST['whl_page'] ) )
219
  && strpos( $whl_page, 'wp-login' ) === false
220
  && ! in_array( $whl_page, $this->forbidden_slugs() ) ) {
@@ -410,6 +404,23 @@ class Plugin {
410
 
411
  }
412
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
413
  public function plugins_loaded() {
414
 
415
  global $pagenow;
@@ -424,13 +435,9 @@ class Plugin {
424
 
425
  $request = parse_url( $_SERVER['REQUEST_URI'] );
426
 
427
- if ( isset( $request['query'] ) && strpos( $request['query'], 'action=confirmaction' ) !== false ) {
428
- @require_once ABSPATH . 'wp-login.php';
429
-
430
- $pagenow = 'index.php';
431
- } elseif ( ( strpos( rawurldecode( $_SERVER['REQUEST_URI'] ), 'wp-login.php' ) !== false
432
- || ( isset( $request['path'] ) && untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) ) )
433
- && ! is_admin() ) {
434
 
435
  $this->wp_login_php = true;
436
 
@@ -474,7 +481,7 @@ class Plugin {
474
 
475
  if ( ! isset( $_POST['post_password'] ) ) {
476
 
477
- if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' && ( isset( $_GET ) && empty( $_GET['adminhash'] ) && $request['path'] !== '/wp-admin/options.php' ) ) {
478
  wp_safe_redirect( $this->new_redirect_url() );
479
  die();
480
  }
@@ -497,6 +504,8 @@ class Plugin {
497
 
498
  parse_str( $referer['query'], $referer );
499
 
 
 
500
  if ( ! empty( $referer['key'] )
501
  && ( $result = wpmu_activate_signup( $referer['key'] ) )
502
  && is_wp_error( $result )
@@ -560,7 +569,7 @@ class Plugin {
560
  return $url;
561
  }
562
 
563
- if ( strpos( $url, 'wp-login.php' ) !== false ) {
564
 
565
  if ( is_ssl() ) {
566
 
@@ -641,21 +650,6 @@ class Plugin {
641
  }
642
  }
643
 
644
- /**
645
- * Update redirect for Woocommerce email notification
646
- */
647
- public function wps_hide_login_redirect_page_email_notif_woocommerce() {
648
-
649
- if ( ! class_exists( 'WC_Form_Handler' ) ) {
650
- return false;
651
- }
652
-
653
- if ( ! empty( $_GET ) && isset( $_GET['action'] ) && 'rp' === $_GET['action'] && isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
654
- wp_redirect( $this->new_login_url() );
655
- exit();
656
- }
657
- }
658
-
659
  /**
660
  *
661
  * Update url redirect : wp-admin/options.php
74
  add_action( 'admin_menu', array( $this, 'wps_hide_login_menu_page' ) );
75
  add_action( 'admin_init', array( $this, 'whl_template_redirect' ) );
76
 
77
+ add_action( 'template_redirect', array( $this, 'redirect_export_data' ) );
78
  add_filter( 'login_url', array( $this, 'login_url' ), 10, 3 );
79
 
80
  add_filter( 'user_request_action_email_content', array( $this, 'user_request_action_email_content' ), 999, 2 );
112
 
113
  wp();
114
 
 
 
 
 
 
 
115
  require_once( ABSPATH . WPINC . '/template-loader.php' );
116
 
117
  die;
208
  }
209
 
210
  public function update_wpmu_options() {
211
+ if ( ! empty( $_POST ) && check_admin_referer( 'siteoptions' ) ) {
212
  if ( ( $whl_page = sanitize_title_with_dashes( $_POST['whl_page'] ) )
213
  && strpos( $whl_page, 'wp-login' ) === false
214
  && ! in_array( $whl_page, $this->forbidden_slugs() ) ) {
404
 
405
  }
406
 
407
+ public function redirect_export_data() {
408
+ if ( ! empty( $_GET ) && isset( $_GET['action'] ) && 'confirmaction' === $_GET['action'] && isset( $_GET['request_id'] ) && isset( $_GET['confirm_key'] ) ) {
409
+ $request_id = (int) $_GET['request_id'];
410
+ $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
411
+ $result = wp_validate_user_request_key( $request_id, $key );
412
+ if ( ! is_wp_error( $result ) ) {
413
+ wp_redirect( add_query_arg( array(
414
+ 'action' => 'confirmaction',
415
+ 'request_id' => $_GET['request_id'],
416
+ 'confirm_key' => $_GET['confirm_key']
417
+ ), $this->new_login_url()
418
+ ) );
419
+ exit();
420
+ }
421
+ }
422
+ }
423
+
424
  public function plugins_loaded() {
425
 
426
  global $pagenow;
435
 
436
  $request = parse_url( $_SERVER['REQUEST_URI'] );
437
 
438
+ if ( ( strpos( rawurldecode( $_SERVER['REQUEST_URI'] ), 'wp-login.php' ) !== false
439
+ || ( isset( $request['path'] ) && untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) ) )
440
+ && ! is_admin() ) {
 
 
 
 
441
 
442
  $this->wp_login_php = true;
443
 
481
 
482
  if ( ! isset( $_POST['post_password'] ) ) {
483
 
484
+ if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' && $request['path'] !== '/wp-admin/options.php' ) {
485
  wp_safe_redirect( $this->new_redirect_url() );
486
  die();
487
  }
504
 
505
  parse_str( $referer['query'], $referer );
506
 
507
+ @require_once WPINC . '/ms-functions.php';
508
+
509
  if ( ! empty( $referer['key'] )
510
  && ( $result = wpmu_activate_signup( $referer['key'] ) )
511
  && is_wp_error( $result )
569
  return $url;
570
  }
571
 
572
+ if ( strpos( $url, 'wp-login.php' ) !== false && strpos( wp_get_referer(), 'wp-login.php' ) === false ) {
573
 
574
  if ( is_ssl() ) {
575
 
650
  }
651
  }
652
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
653
  /**
654
  *
655
  * Update url redirect : wp-admin/options.php
readme.txt CHANGED
@@ -6,7 +6,7 @@ Tags: rename, login, wp-login, wp-login.php, custom login url, jetpack, wpserveu
6
  Requires at least: 4.1
7
  Tested up to: 5.2
8
  Requires PHP: 7.0
9
- Stable tag: 1.5.2.2
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -146,6 +146,9 @@ First step is to check your .htaccess file and compare it to a regular one, to s
146
 
147
  == Changelog ==
148
 
 
 
 
149
  = 1.5.2.2 =
150
  * Tested up to 5.2
151
  * Fix : Domain language
6
  Requires at least: 4.1
7
  Tested up to: 5.2
8
  Requires PHP: 7.0
9
+ Stable tag: 1.5.3
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
146
 
147
  == Changelog ==
148
 
149
+ = 1.5.3 =
150
+ * Fix : Security vulnerabilities (Thanks @juliobox)
151
+
152
  = 1.5.2.2 =
153
  * Tested up to 5.2
154
  * Fix : Domain language
uninstall.php CHANGED
@@ -20,12 +20,14 @@ if ( is_multisite() ) {
20
 
21
  $blogs = $wpdb->get_results( "SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A );
22
  delete_site_option( 'whl_page' );
 
23
 
24
  if ( $blogs ) {
25
 
26
  foreach ( $blogs as $blog ) {
27
  switch_to_blog( $blog['blog_id'] );
28
  delete_option( 'whl_page' );
 
29
 
30
  //info: optimize table
31
  $GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
@@ -35,6 +37,7 @@ if ( is_multisite() ) {
35
 
36
  } else {
37
  delete_option( 'whl_page' );
 
38
 
39
  //info: optimize table
40
  $GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
20
 
21
  $blogs = $wpdb->get_results( "SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A );
22
  delete_site_option( 'whl_page' );
23
+ delete_site_option( 'whl_redirect_admin' );
24
 
25
  if ( $blogs ) {
26
 
27
  foreach ( $blogs as $blog ) {
28
  switch_to_blog( $blog['blog_id'] );
29
  delete_option( 'whl_page' );
30
+ delete_option( 'whl_redirect_admin' );
31
 
32
  //info: optimize table
33
  $GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
37
 
38
  } else {
39
  delete_option( 'whl_page' );
40
+ delete_option( 'whl_redirect_admin' );
41
 
42
  //info: optimize table
43
  $GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
wps-hide-login.php CHANGED
@@ -5,7 +5,7 @@ Description: Protect your website by changing the login URL and preventing acces
5
  Donate link: https://www.paypal.me/donateWPServeur
6
  Author: WPServeur, NicolasKulka, tabrisrp
7
  Author URI: https://wpserveur.net
8
- Version: 1.5.2.2
9
  Requires at least: 4.1
10
  Tested up to: 5.2
11
  Requires PHP: 7.0
@@ -21,7 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) {
21
  }
22
 
23
  // Plugin constants
24
- define( 'WPS_HIDE_LOGIN_VERSION', '1.5.2.2' );
25
  define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
26
 
27
  define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
5
  Donate link: https://www.paypal.me/donateWPServeur
6
  Author: WPServeur, NicolasKulka, tabrisrp
7
  Author URI: https://wpserveur.net
8
+ Version: 1.5.3
9
  Requires at least: 4.1
10
  Tested up to: 5.2
11
  Requires PHP: 7.0
21
  }
22
 
23
  // Plugin constants
24
+ define( 'WPS_HIDE_LOGIN_VERSION', '1.5.3' );
25
  define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
26
 
27
  define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );