Version Description
- Fix : by-pass security issue allowing an unauthenticated user to get login page by setting a random referer string via curl request.
Download this release
Release Info
| Developer | NicolasKulka |
| Plugin |  WPS Hide Login |
| Version | 1.9.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.9 to 1.9.1
- classes/plugin.php +5 -0
- readme.txt +4 -1
- wps-hide-login.php +2 -2
classes/plugin.php
CHANGED
|
@@ -538,6 +538,11 @@ class Plugin {
|
|
| 538 |
die();
|
| 539 |
}
|
| 540 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 541 |
if ( $pagenow === 'wp-login.php'
|
| 542 |
&& $request['path'] !== $this->user_trailingslashit( $request['path'] )
|
| 543 |
&& get_option( 'permalink_structure' ) ) {
|
| 538 |
die();
|
| 539 |
}
|
| 540 |
|
| 541 |
+
if ( ! is_user_logged_in() && $request['path'] === '/wp-admin/options.php' ) {
|
| 542 |
+
header('Location: ' . $this->new_redirect_url() );
|
| 543 |
+
die;
|
| 544 |
+
}
|
| 545 |
+
|
| 546 |
if ( $pagenow === 'wp-login.php'
|
| 547 |
&& $request['path'] !== $this->user_trailingslashit( $request['path'] )
|
| 548 |
&& get_option( 'permalink_structure' ) ) {
|
readme.txt
CHANGED
|
@@ -6,7 +6,7 @@ Tags: rename, login, wp-login, wp-login.php, custom login url, jetpack, wpserveu
|
|
| 6 |
Requires at least: 4.1
|
| 7 |
Tested up to: 5.8
|
| 8 |
Requires PHP: 7.0
|
| 9 |
-
Stable tag: 1.9
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
|
@@ -148,6 +148,9 @@ La première étape consiste à vérifier votre fichier .htaccess et à le compa
|
|
| 148 |
|
| 149 |
== Changelog ==
|
| 150 |
|
|
|
|
|
|
|
|
|
|
| 151 |
= 1.9 =
|
| 152 |
* Fix : redirect ajax add_to_cart
|
| 153 |
|
| 6 |
Requires at least: 4.1
|
| 7 |
Tested up to: 5.8
|
| 8 |
Requires PHP: 7.0
|
| 9 |
+
Stable tag: 1.9.1
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
| 148 |
|
| 149 |
== Changelog ==
|
| 150 |
|
| 151 |
+
= 1.9.1 =
|
| 152 |
+
* Fix : by-pass security issue allowing an unauthenticated user to get login page by setting a random referer string via curl request.
|
| 153 |
+
|
| 154 |
= 1.9 =
|
| 155 |
* Fix : redirect ajax add_to_cart
|
| 156 |
|
wps-hide-login.php
CHANGED
|
@@ -5,7 +5,7 @@ Description: Protect your website by changing the login URL and preventing acces
|
|
| 5 |
Donate link: https://www.paypal.me/donateWPServeur
|
| 6 |
Author: WPServeur, NicolasKulka, wpformation
|
| 7 |
Author URI: https://wpserveur.net
|
| 8 |
-
Version: 1.9
|
| 9 |
Requires at least: 4.1
|
| 10 |
Tested up to: 5.8
|
| 11 |
Requires PHP: 7.0
|
|
@@ -21,7 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 21 |
}
|
| 22 |
|
| 23 |
// Plugin constants
|
| 24 |
-
define( 'WPS_HIDE_LOGIN_VERSION', '1.9' );
|
| 25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
| 26 |
|
| 27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
| 5 |
Donate link: https://www.paypal.me/donateWPServeur
|
| 6 |
Author: WPServeur, NicolasKulka, wpformation
|
| 7 |
Author URI: https://wpserveur.net
|
| 8 |
+
Version: 1.9.1
|
| 9 |
Requires at least: 4.1
|
| 10 |
Tested up to: 5.8
|
| 11 |
Requires PHP: 7.0
|
| 21 |
}
|
| 22 |
|
| 23 |
// Plugin constants
|
| 24 |
+
define( 'WPS_HIDE_LOGIN_VERSION', '1.9.1' );
|
| 25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
| 26 |
|
| 27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
