Version Description
- Fix vulnerability (Thanks Sebastian Schmitt) : Posting "post_password" with arbitrary content to /wp-login.php reveals the normal wordpress login page.
Download this release
Release Info
| Developer | NicolasKulka |
| Plugin |  WPS Hide Login |
| Version | 1.7 |
| Comparing to | |
| See all releases | |
Code changes from version 1.6.1 to 1.7
- classes/plugin.php +1 -1
- readme.txt +4 -1
- wps-hide-login.php +2 -2
classes/plugin.php
CHANGED
|
@@ -491,7 +491,7 @@ class Plugin {
|
|
| 491 |
|
| 492 |
$request = parse_url( rawurldecode( $_SERVER['REQUEST_URI'] ) );
|
| 493 |
|
| 494 |
-
if ( ! isset( $_POST['post_password'] ) ) {
|
| 495 |
|
| 496 |
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' && $request['path'] !== '/wp-admin/options.php' ) {
|
| 497 |
wp_safe_redirect( $this->new_redirect_url() );
|
| 491 |
|
| 492 |
$request = parse_url( rawurldecode( $_SERVER['REQUEST_URI'] ) );
|
| 493 |
|
| 494 |
+
if ( ! ( isset( $_GET['action'] ) && $_GET['action'] === 'postpass' && isset( $_POST['post_password'] ) ) ) {
|
| 495 |
|
| 496 |
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && $pagenow !== 'admin-post.php' && $request['path'] !== '/wp-admin/options.php' ) {
|
| 497 |
wp_safe_redirect( $this->new_redirect_url() );
|
readme.txt
CHANGED
|
@@ -6,7 +6,7 @@ Tags: rename, login, wp-login, wp-login.php, custom login url, jetpack, wpserveu
|
|
| 6 |
Requires at least: 4.1
|
| 7 |
Tested up to: 5.6
|
| 8 |
Requires PHP: 7.0
|
| 9 |
-
Stable tag: 1.
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
|
@@ -148,6 +148,9 @@ La première étape consiste à vérifier votre fichier .htaccess et à le compa
|
|
| 148 |
|
| 149 |
== Changelog ==
|
| 150 |
|
|
|
|
|
|
|
|
|
|
| 151 |
= 1.6.1 =
|
| 152 |
* Fix : loopback request site-health
|
| 153 |
|
| 6 |
Requires at least: 4.1
|
| 7 |
Tested up to: 5.6
|
| 8 |
Requires PHP: 7.0
|
| 9 |
+
Stable tag: 1.7
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
| 148 |
|
| 149 |
== Changelog ==
|
| 150 |
|
| 151 |
+
= 1.7 =
|
| 152 |
+
* Fix vulnerability (Thanks Sebastian Schmitt) : Posting "post_password" with arbitrary content to /wp-login.php reveals the normal wordpress login page.
|
| 153 |
+
|
| 154 |
= 1.6.1 =
|
| 155 |
* Fix : loopback request site-health
|
| 156 |
|
wps-hide-login.php
CHANGED
|
@@ -5,7 +5,7 @@ Description: Protect your website by changing the login URL and preventing acces
|
|
| 5 |
Donate link: https://www.paypal.me/donateWPServeur
|
| 6 |
Author: WPServeur, NicolasKulka, wpformation
|
| 7 |
Author URI: https://wpserveur.net
|
| 8 |
-
Version: 1.
|
| 9 |
Requires at least: 4.1
|
| 10 |
Tested up to: 5.6
|
| 11 |
Requires PHP: 7.0
|
|
@@ -21,7 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 21 |
}
|
| 22 |
|
| 23 |
// Plugin constants
|
| 24 |
-
define( 'WPS_HIDE_LOGIN_VERSION', '1.
|
| 25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
| 26 |
|
| 27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
| 5 |
Donate link: https://www.paypal.me/donateWPServeur
|
| 6 |
Author: WPServeur, NicolasKulka, wpformation
|
| 7 |
Author URI: https://wpserveur.net
|
| 8 |
+
Version: 1.7
|
| 9 |
Requires at least: 4.1
|
| 10 |
Tested up to: 5.6
|
| 11 |
Requires PHP: 7.0
|
| 21 |
}
|
| 22 |
|
| 23 |
// Plugin constants
|
| 24 |
+
define( 'WPS_HIDE_LOGIN_VERSION', '1.7' );
|
| 25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
| 26 |
|
| 27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
