Version Description
- Fix : by-pass security issue allowing an unauthenticated user to get login page by setting a random referer string via curl request.
Download this release
Release Info
Developer | NicolasKulka |
Plugin | WPS Hide Login |
Version | 1.9.1 |
Comparing to | |
See all releases |
Code changes from version 1.9 to 1.9.1
- classes/plugin.php +5 -0
- readme.txt +4 -1
- wps-hide-login.php +2 -2
classes/plugin.php
CHANGED
@@ -538,6 +538,11 @@ class Plugin {
|
|
538 |
die();
|
539 |
}
|
540 |
|
|
|
|
|
|
|
|
|
|
|
541 |
if ( $pagenow === 'wp-login.php'
|
542 |
&& $request['path'] !== $this->user_trailingslashit( $request['path'] )
|
543 |
&& get_option( 'permalink_structure' ) ) {
|
538 |
die();
|
539 |
}
|
540 |
|
541 |
+
if ( ! is_user_logged_in() && $request['path'] === '/wp-admin/options.php' ) {
|
542 |
+
header('Location: ' . $this->new_redirect_url() );
|
543 |
+
die;
|
544 |
+
}
|
545 |
+
|
546 |
if ( $pagenow === 'wp-login.php'
|
547 |
&& $request['path'] !== $this->user_trailingslashit( $request['path'] )
|
548 |
&& get_option( 'permalink_structure' ) ) {
|
readme.txt
CHANGED
@@ -6,7 +6,7 @@ Tags: rename, login, wp-login, wp-login.php, custom login url, jetpack, wpserveu
|
|
6 |
Requires at least: 4.1
|
7 |
Tested up to: 5.8
|
8 |
Requires PHP: 7.0
|
9 |
-
Stable tag: 1.9
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
12 |
|
@@ -148,6 +148,9 @@ La première étape consiste à vérifier votre fichier .htaccess et à le compa
|
|
148 |
|
149 |
== Changelog ==
|
150 |
|
|
|
|
|
|
|
151 |
= 1.9 =
|
152 |
* Fix : redirect ajax add_to_cart
|
153 |
|
6 |
Requires at least: 4.1
|
7 |
Tested up to: 5.8
|
8 |
Requires PHP: 7.0
|
9 |
+
Stable tag: 1.9.1
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
12 |
|
148 |
|
149 |
== Changelog ==
|
150 |
|
151 |
+
= 1.9.1 =
|
152 |
+
* Fix : by-pass security issue allowing an unauthenticated user to get login page by setting a random referer string via curl request.
|
153 |
+
|
154 |
= 1.9 =
|
155 |
* Fix : redirect ajax add_to_cart
|
156 |
|
wps-hide-login.php
CHANGED
@@ -5,7 +5,7 @@ Description: Protect your website by changing the login URL and preventing acces
|
|
5 |
Donate link: https://www.paypal.me/donateWPServeur
|
6 |
Author: WPServeur, NicolasKulka, wpformation
|
7 |
Author URI: https://wpserveur.net
|
8 |
-
Version: 1.9
|
9 |
Requires at least: 4.1
|
10 |
Tested up to: 5.8
|
11 |
Requires PHP: 7.0
|
@@ -21,7 +21,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
21 |
}
|
22 |
|
23 |
// Plugin constants
|
24 |
-
define( 'WPS_HIDE_LOGIN_VERSION', '1.9' );
|
25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
26 |
|
27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|
5 |
Donate link: https://www.paypal.me/donateWPServeur
|
6 |
Author: WPServeur, NicolasKulka, wpformation
|
7 |
Author URI: https://wpserveur.net
|
8 |
+
Version: 1.9.1
|
9 |
Requires at least: 4.1
|
10 |
Tested up to: 5.8
|
11 |
Requires PHP: 7.0
|
21 |
}
|
22 |
|
23 |
// Plugin constants
|
24 |
+
define( 'WPS_HIDE_LOGIN_VERSION', '1.9.1' );
|
25 |
define( 'WPS_HIDE_LOGIN_FOLDER', 'wps-hide-login' );
|
26 |
|
27 |
define( 'WPS_HIDE_LOGIN_URL', plugin_dir_url( __FILE__ ) );
|