Version Description
- Fix : Security vulnerabilities (Thanks @juliobox)
Download this release
Release Info
Developer | NicolasKulka |
Plugin | WPS Hide Login |
Version | 1.5.3 |
Comparing to | |
See all releases |
Code changes from version 1.5.2.2 to 1.5.3
- classes/plugin.php +26 -32
- readme.txt +4 -1
- uninstall.php +3 -0
- wps-hide-login.php +2 -2
classes/plugin.php
CHANGED
@@ -74,7 +74,7 @@ class Plugin {
|
|
74 |
add_action( 'admin_menu', array( $this, 'wps_hide_login_menu_page' ) );
|
75 |
add_action( 'admin_init', array( $this, 'whl_template_redirect' ) );
|
76 |
|
77 |
-
add_action( 'template_redirect', array( $this, '
|
78 |
add_filter( 'login_url', array( $this, 'login_url' ), 10, 3 );
|
79 |
|
80 |
add_filter( 'user_request_action_email_content', array( $this, 'user_request_action_email_content' ), 999, 2 );
|
@@ -112,12 +112,6 @@ class Plugin {
|
|
112 |
|
113 |
wp();
|
114 |
|
115 |
-
if ( $_SERVER['REQUEST_URI'] === $this->user_trailingslashit( str_repeat( '-/', 10 ) ) ) {
|
116 |
-
|
117 |
-
$_SERVER['REQUEST_URI'] = $this->user_trailingslashit( '/wp-login-php/' );
|
118 |
-
|
119 |
-
}
|
120 |
-
|
121 |
require_once( ABSPATH . WPINC . '/template-loader.php' );
|
122 |
|
123 |
die;
|
@@ -214,7 +208,7 @@ class Plugin {
|
|
214 |
}
|
215 |
|
216 |
public function update_wpmu_options() {
|
217 |
-
if ( check_admin_referer( 'siteoptions' ) ) {
|
218 |
if ( ( $whl_page = sanitize_title_with_dashes( $_POST['whl_page'] ) )
|
219 |
&& strpos( $whl_page, 'wp-login' ) === false
|
220 |
&& ! in_array( $whl_page, $this->forbidden_slugs() ) ) {
|
@@ -410,6 +404,23 @@ class Plugin {
|
|
410 |
|
411 |
}
|
412 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
413 |
public function plugins_loaded() {
|
414 |
|
415 |
global $pagenow;
|
@@ -424,13 +435,9 @@ class Plugin {
|
|
424 |
|
425 |
$request = parse_url( $_SERVER['REQUEST_URI'] );
|
426 |
|
427 |
-
if (
|
428 |
-
|
429 |
-
|
430 |
-
$pagenow = 'index.php';
|
431 |
-
} elseif ( ( strpos( rawurldecode( $_SERVER['REQUEST_URI'] ), 'wp-login.php' ) !== false
|
432 |
-
|| ( isset( $request['path'] ) && untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) ) )
|
433 |
-
&& ! is_admin() ) {
|
434 |
|
435 |
$this->wp_login_php = true;
|
436 |
|
@@ -474,7 +481,7 @@ class Plugin {
|
|
474 |
|
475 |
if ( ! isset( $_POST['post_password'] ) ) {
|
476 |
|
477 |
-
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' &&
|
478 |
wp_safe_redirect( $this->new_redirect_url() );
|
479 |
die();
|
480 |
}
|
@@ -497,6 +504,8 @@ class Plugin {
|
|
497 |
|
498 |
parse_str( $referer['query'], $referer );
|
499 |
|
|
|
|
|
500 |
if ( ! empty( $referer['key'] )
|
501 |
&& ( $result = wpmu_activate_signup( $referer['key'] ) )
|
502 |
&& is_wp_error( $result )
|
@@ -560,7 +569,7 @@ class Plugin {
|
|
560 |
return $url;
|
561 |
}
|
562 |
|
563 |
-
if ( strpos( $url, 'wp-login.php' ) !== false ) {
|
564 |
|
565 |
if ( is_ssl() ) {
|
566 |
|
@@ -641,21 +650,6 @@ class Plugin {
|
|
641 |
}
|
642 |
}
|
643 |
|
644 |
-
/**
|
645 |
-
* Update redirect for Woocommerce email notification
|
646 |
-
*/
|
647 |
-
public function wps_hide_login_redirect_page_email_notif_woocommerce() {
|
648 |
-
|
649 |
-
if ( ! class_exists( 'WC_Form_Handler' ) ) {
|
650 |
-
return false;
|
651 |
-
}
|
652 |
-
|
653 |
-
if ( ! empty( $_GET ) && isset( $_GET['action'] ) && 'rp' === $_GET['action'] && isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
|
654 |
-
wp_redirect( $this->new_login_url() );
|
655 |
-
exit();
|
656 |
-
}
|
657 |
-
}
|
658 |
-
|
659 |
/**
|
660 |
*
|
661 |
* Update url redirect : wp-admin/options.php
|
74 |
add_action( 'admin_menu', array( $this, 'wps_hide_login_menu_page' ) );
|
75 |
add_action( 'admin_init', array( $this, 'whl_template_redirect' ) );
|
76 |
|
77 |
+
add_action( 'template_redirect', array( $this, 'redirect_export_data' ) );
|
78 |
add_filter( 'login_url', array( $this, 'login_url' ), 10, 3 );
|
79 |
|
80 |
add_filter( 'user_request_action_email_content', array( $this, 'user_request_action_email_content' ), 999, 2 );
|
112 |
|
113 |
wp();
|
114 |
|
|
|
|
|
|
|
|
|
|
|
|
|
115 |
require_once( ABSPATH . WPINC . '/template-loader.php' );
|
116 |
|
117 |
die;
|
208 |
}
|
209 |
|
210 |
public function update_wpmu_options() {
|
211 |
+
if ( ! empty( $_POST ) && check_admin_referer( 'siteoptions' ) ) {
|
212 |
if ( ( $whl_page = sanitize_title_with_dashes( $_POST['whl_page'] ) )
|
213 |
&& strpos( $whl_page, 'wp-login' ) === false
|
214 |
&& ! in_array( $whl_page, $this->forbidden_slugs() ) ) {
|
404 |
|
405 |
}
|
406 |
|
407 |
+
public function redirect_export_data() {
|
408 |
+
if ( ! empty( $_GET ) && isset( $_GET['action'] ) && 'confirmaction' === $_GET['action'] && isset( $_GET['request_id'] ) && isset( $_GET['confirm_key'] ) ) {
|
409 |
+
$request_id = (int) $_GET['request_id'];
|
410 |
+
$key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
|
411 |
+
$result = wp_validate_user_request_key( $request_id, $key );
|
412 |
+
if ( ! is_wp_error( $result ) ) {
|
413 |
+
wp_redirect( add_query_arg( array(
|
414 |
+
'action' => 'confirmaction',
|
415 |
+
'request_id' => $_GET['request_id'],
|
416 |
+
'confirm_key' => $_GET['confirm_key']
|
417 |
+
), $this->new_login_url()
|
418 |
+
) );
|
419 |
+
exit();
|
420 |
+
}
|
421 |
+
}
|
422 |
+
}
|
423 |
+
|
424 |
public function plugins_loaded() {
|
425 |
|
426 |
global $pagenow;
|
435 |
|
436 |
$request = parse_url( $_SERVER['REQUEST_URI'] );
|
437 |
|
438 |
+
if ( ( strpos( rawurldecode( $_SERVER['REQUEST_URI'] ), 'wp-login.php' ) !== false
|
439 |
+
|| ( isset( $request['path'] ) && untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) ) )
|
440 |
+
&& ! is_admin() ) {
|
|
|
|
|
|
|
|
|
441 |
|
442 |
$this->wp_login_php = true;
|
443 |
|
481 |
|
482 |
if ( ! isset( $_POST['post_password'] ) ) {
|
483 |
|
484 |
+
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' && $request['path'] !== '/wp-admin/options.php' ) {
|
485 |
wp_safe_redirect( $this->new_redirect_url() );
|
486 |
die();
|
487 |
}
|
504 |
|
505 |
parse_str( $referer['query'], $referer );
|
506 |
|
507 |
+
@require_once WPINC . '/ms-functions.php';
|
508 |
+
|
509 |
if ( ! empty( $referer['key'] )
|
510 |
&& ( $result = wpmu_activate_signup( $referer['key'] ) )
|
511 |
&& is_wp_error( $result )
|
569 |
return $url;
|
570 |
}
|
571 |
|
572 |
+
if ( strpos( $url, 'wp-login.php' ) !== false && strpos( wp_get_referer(), 'wp-login.php' ) === false ) {
|
573 |
|
574 |
if ( is_ssl() ) {
|
575 |
|
650 |
}
|
651 |
}
|
652 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
653 |
/**
|
654 |
*
|
655 |
* Update url redirect : wp-admin/options.php
|
readme.txt
CHANGED
@@ -6,7 +6,7 @@ Tags: rename, login, wp-login, wp-login.php, custom login url, jetpack, wpserveu
|
|
6 |
Requires at least: 4.1
|
7 |
Tested up to: 5.2
|
8 |
Requires PHP: 7.0
|
9 |
-
Stable tag: 1.5.
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
12 |
|
@@ -146,6 +146,9 @@ First step is to check your .htaccess file and compare it to a regular one, to s
|
|
146 |
|
147 |
== Changelog ==
|
148 |
|
|
|
|
|
|
|
149 |
= 1.5.2.2 =
|
150 |
* Tested up to 5.2
|
151 |
* Fix : Domain language
|
6 |
Requires at least: 4.1
|
7 |
Tested up to: 5.2
|
8 |
Requires PHP: 7.0
|
9 |
+
Stable tag: 1.5.3
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
12 |
|
146 |
|
147 |
== Changelog ==
|
148 |
|
149 |
+
= 1.5.3 =
|
150 |
+
* Fix : Security vulnerabilities (Thanks @juliobox)
|
151 |
+
|
152 |
= 1.5.2.2 =
|
153 |
* Tested up to 5.2
|
154 |
* Fix : Domain language
|
uninstall.php
CHANGED
@@ -20,12 +20,14 @@ if ( is_multisite() ) {
|
|
20 |
|
21 |
$blogs = $wpdb->get_results( "SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A );
|
22 |
delete_site_option( 'whl_page' );
|
|
|
23 |
|
24 |
if ( $blogs ) {
|
25 |
|
26 |
foreach ( $blogs as $blog ) {
|
27 |
switch_to_blog( $blog['blog_id'] );
|
28 |
delete_option( 'whl_page' );
|
|
|
29 |
|
30 |
//info: optimize table
|
31 |
$GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
|
@@ -35,6 +37,7 @@ if ( is_multisite() ) {
|
|
35 |
|
36 |
} else {
|
37 |
delete_option( 'whl_page' );
|
|
|
38 |
|
39 |
//info: optimize table
|
40 |
$GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
|
20 |
|
21 |
$blogs = $wpdb->get_results( "SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A );
|
22 |
delete_site_option( 'whl_page' );
|
23 |
+
delete_site_option( 'whl_redirect_admin' );
|
24 |
|
25 |
if ( $blogs ) {
|
26 |
|
27 |
foreach ( $blogs as $blog ) {
|
28 |
switch_to_blog( $blog['blog_id'] );
|
29 |
delete_option( 'whl_page' );
|
30 |
+
delete_option( 'whl_redirect_admin' );
|
31 |
|
32 |
//info: optimize table
|
33 |
$GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
|
37 |
|
38 |
} else {
|
39 |
delete_option( 'whl_page' );
|
40 |
+
delete_option( 'whl_redirect_admin' );
|
41 |
|
42 |
//info: optimize table
|
43 |
$GLOBALS['wpdb']->query( "OPTIMIZE TABLE `" . $GLOBALS['wpdb']->prefix . "options`" );
|
wps-hide-login.php
CHANGED
@@ -5,7 +5,7 @@ Description: Protect your website by changing the login URL and preventing acces
|
|
5 |
Donate link: https://www.paypal.me/donateWPServeur
|
6 |
Author: WPServeur, NicolasKulka, tabrisrp
|
7 |
Author URI: https://wpserveur.net
|
8 |
-
Version: 1.5.
|
9 |
Requires at least: 4.1
|
10 |
Tested up to: 5.2
|
11 |
Requires PHP: 7.0
|
@@ -21,7 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
21 |
}
|
22 |
|
23 |
// Plugin constants
|
24 |
-
define( 'WPS_HIDE_LOGIN_VERSION', '1.5.
|
25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
26 |
|
27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
5 |
Donate link: https://www.paypal.me/donateWPServeur
|
6 |
Author: WPServeur, NicolasKulka, tabrisrp
|
7 |
Author URI: https://wpserveur.net
|
8 |
+
Version: 1.5.3
|
9 |
Requires at least: 4.1
|
10 |
Tested up to: 5.2
|
11 |
Requires PHP: 7.0
|
21 |
}
|
22 |
|
23 |
// Plugin constants
|
24 |
+
define( 'WPS_HIDE_LOGIN_VERSION', '1.5.3' );
|
25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
26 |
|
27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|