WordPress Zero Spam - Version 5.2.11

Version Description

Release Info

Developer	bmarshall511
Plugin	WordPress Zero Spam
Version	5.2.11
Comparing to
See all releases

Code changes from version 5.2.10 to 5.2.11

Files changed (9) hide show

core/admin/class-settings.php +1 -5
core/admin/tables/class-blockedlocations.php +1 -1
core/admin/tables/class-blockedtable.php +1 -1
core/admin/tables/class-logtable.php +3 -3
core/class-settings.php +3 -3
includes/class-db.php +5 -4
modules/class-zerospam.php +1 -1
readme.txt +8 -2
wordpress-zero-spam.php +2 -2

core/admin/class-settings.php CHANGED Viewed

	@@ -321,11 +321,7 @@ class Settings {
321	<?php if ( ! empty( $args['placeholder'] ) ) : ?>
322	placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
323	<?php endif; ?>
324	- >
325	- <?php if ( ! empty( $args['value'] ) ) : ?>
326	- <?php echo esc_attr( $args['value'] ); ?>
327	- <?php endif; ?>
328	- </textarea>
329	<?php
330	break;
331	case 'url':


321	<?php if ( ! empty( $args['placeholder'] ) ) : ?>
322	placeholder="<?php echo esc_attr( $args['placeholder'] ); ?>"
323	<?php endif; ?>
324	+ ><?php if ( ! empty( $args['value'] ) ) : ?><?php echo trim( esc_attr( $args['value'] ) ); ?><?php endif; ?></textarea>




325	<?php
326	break;
327	case 'url':

core/admin/tables/class-blockedlocations.php CHANGED Viewed

	@@ -138,7 +138,7 @@ class BlockedLocations extends WP_List_Table {
138	$per_page = 50;
139	$current_page = $this->get_pagenum();
140	$offset = $per_page * ( $current_page - 1 );
141	- $order = ! empty( $_REQUEST['order'] ) ? ~~sanitize_text_field~~( $_REQUEST['order'] ) : 'desc';
142	$orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_sql_orderby( $_REQUEST['orderby'] ) : 'date_added';
143
144	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( $_REQUEST['type'] ) : false;


138	$per_page = 50;
139	$current_page = $this->get_pagenum();
140	$offset = $per_page * ( $current_page - 1 );
141	+ $order = ! empty( $_REQUEST['order'] ) ? sanitize_key( $_REQUEST['order'] ) : 'desc';
142	$orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_sql_orderby( $_REQUEST['orderby'] ) : 'date_added';
143
144	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( $_REQUEST['type'] ) : false;

core/admin/tables/class-blockedtable.php CHANGED Viewed

	@@ -130,7 +130,7 @@ class BlockedTable extends WP_List_Table {
130	$per_page = 50;
131	$current_page = $this->get_pagenum();
132	$offset = $per_page * ( $current_page - 1 );
133	- $order = ! empty( $_REQUEST['order'] ) ? ~~sanitize_text_field~~( $_REQUEST['order'] ) : 'desc';
134	$orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_sql_orderby( $_REQUEST['orderby'] ) : 'date_added';
135
136	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( $_REQUEST['type'] ) : false;


130	$per_page = 50;
131	$current_page = $this->get_pagenum();
132	$offset = $per_page * ( $current_page - 1 );
133	+ $order = ! empty( $_REQUEST['order'] ) ? sanitize_key( $_REQUEST['order'] ) : 'desc';
134	$orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_sql_orderby( $_REQUEST['orderby'] ) : 'date_added';
135
136	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( $_REQUEST['type'] ) : false;

core/admin/tables/class-logtable.php CHANGED Viewed

	@@ -59,7 +59,7 @@ class LogTable extends WP_List_Table {
59	return '<a href="' . ZEROSPAM_URL . 'ip-lookup/' . urlencode( $item[ $column_name ] ) .'" target="_blank" rel="noopener noreferrer">' . $item[ $column_name ] . '</a>';
60	break;
61	case 'date_recorded':
62	- return ~~gmdate~~( 'm/d/y g:ia' , strtotime( $item[ $column_name ] ) );
63	break;
64	case 'actions':
65	ob_start();
	@@ -152,9 +152,9 @@ class LogTable extends WP_List_Table {
152	$current_page = $this->get_pagenum();
153	$offset = 1 === $current_page ? false : $per_page * $current_page;
154	// @codingStandardsIgnoreLine
155	- $order = ! empty( $_REQUEST['order'] ) ? ~~sanitize_text_field~~( wp_unslash( $_REQUEST['order'] ) ) : 'desc';
156	// @codingStandardsIgnoreLine
157	- $orderby = ! empty( $_REQUEST['orderby'] ) ? ~~sanitize_text_field~~( wp_unslash( $_REQUEST['orderby'] ) ) : 'date_recorded';
158
159	// @codingStandardsIgnoreLine
160	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) : false;


59	return '<a href="' . ZEROSPAM_URL . 'ip-lookup/' . urlencode( $item[ $column_name ] ) .'" target="_blank" rel="noopener noreferrer">' . $item[ $column_name ] . '</a>';
60	break;
61	case 'date_recorded':
62	+ return get_date_from_gmt( date( 'Y-m-d H:i:s', strtotime( $item[ $column_name ] )), 'm/d/y g:ia' );
63	break;
64	case 'actions':
65	ob_start();

152	$current_page = $this->get_pagenum();
153	$offset = 1 === $current_page ? false : $per_page * $current_page;
154	// @codingStandardsIgnoreLine
155	+ $order = ! empty( $_REQUEST['order'] ) ? sanitize_key( wp_unslash( $_REQUEST['order'] ) ) : 'desc';
156	// @codingStandardsIgnoreLine
157	+ $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_sql_orderby( wp_unslash( $_REQUEST['orderby'] ) ) : 'date_recorded';
158
159	// @codingStandardsIgnoreLine
160	$log_type = ! empty( $_REQUEST['type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) : false;

core/class-settings.php CHANGED Viewed

	@@ -286,7 +286,7 @@ class Settings {
286	'type' => 'textarea',
287	'field_class' => 'regular-text code',
288	'placeholder' => '',
289	- 'value' => ! empty( $options['ip_whitelist'] ) ? $options['ip_whitelist'] : false,
290	);
291
292	self::$settings['blocked_email_domains'] = array(
	@@ -296,7 +296,7 @@ class Settings {
296	'type' => 'textarea',
297	'field_class' => 'regular-text code',
298	'placeholder' => '',
299	- 'value' => ! empty( $options['blocked_email_domains'] ) ? $options['blocked_email_domains'] : false,
300	);
301
302	self::$settings['update_blocked_email_domains'] = array(
	@@ -342,7 +342,7 @@ class Settings {
342	'type' => 'html',
343	'html' => sprintf(
344	wp_kses(
345	- /* translators: %s: ~~url~~ */
346	__( '<a href="%s" class="button">Regenerate Honeypot ID</a>', 'zerospam' ),
347	array(
348	'a' => array(


286	'type' => 'textarea',
287	'field_class' => 'regular-text code',
288	'placeholder' => '',
289	+ 'value' => ! empty( $options['ip_whitelist'] ) ? trim( $options['ip_whitelist'] ) : false,
290	);
291
292	self::$settings['blocked_email_domains'] = array(

296	'type' => 'textarea',
297	'field_class' => 'regular-text code',
298	'placeholder' => '',
299	+ 'value' => ! empty( $options['blocked_email_domains'] ) ? trim( $options['blocked_email_domains'] ) : false,
300	);
301
302	self::$settings['update_blocked_email_domains'] = array(

342	'type' => 'html',
343	'html' => sprintf(
344	wp_kses(
345	+ /* translators: %s: admin URL to regenerate the Zero Spam honeypot ID */
346	__( '<a href="%s" class="button">Regenerate Honeypot ID</a>', 'zerospam' ),
347	array(
348	'a' => array(

includes/class-db.php CHANGED Viewed

	@@ -282,11 +282,12 @@ class DB {
282	}
283
284	if ( ! empty( $args['orderby'] ) ) {
285	- $~~sql~~ .= ~~' ORDER BY ' .~~ $args['orderby'];
286	- }


287
288	- if ( ! ~~empty~~( $~~args['order']~~ ) ~~) {~~
289	- $sql .= ' ' . $args['order'];
290	}
291
292	if ( ! empty( $args['limit'] ) ) {


282	}
283
284	if ( ! empty( $args['orderby'] ) ) {
285	+ $orderby = $args['orderby'];
286	+ if ( ! empty( $args['order'] ) ) {
287	+ $orderby = ' ' . $args['order'];
288	+ }
289
290	+ $sql .= ' ORDER BY ' . sanitize_sql_orderby( $orderby );

291	}
292
293	if ( ! empty( $args['limit'] ) ) {

modules/class-zerospam.php CHANGED Viewed

	@@ -112,7 +112,7 @@ class Zero_Spam {
112	'title' => __( 'License Key', 'zerospam' ),
113	'desc' => sprintf(
114	wp_kses(
115	- /* translators: %1$s: ~~Replaced with~~ the ~~Zero~~ ~~Spam~~ URL, %2$s: ~~Replaced with~~ the ~~Zero~~ ~~Spam~~ ~~subscription~~ URL */
116	__( 'Enter your <a href="%1$s" target="_blank" rel="noopener noreferrer">Zero Spam</a> license key or define it in <code>wp-config.php</code>, using the constant <code>ZEROSPAM_LICENSE_KEY</code> to enable enhanced protection. Don\'t have an license key? <a href="%2$s" target="_blank" rel="noopener noreferrer"><strong>Get one now!</strong></a>', 'zerospam' ),
117	array(
118	'strong' => array(),


112	'title' => __( 'License Key', 'zerospam' ),
113	'desc' => sprintf(
114	wp_kses(
115	+ /* translators: 1: the zerospam.org URL 2: the zerospam.org premium product URL */
116	__( 'Enter your <a href="%1$s" target="_blank" rel="noopener noreferrer">Zero Spam</a> license key or define it in <code>wp-config.php</code>, using the constant <code>ZEROSPAM_LICENSE_KEY</code> to enable enhanced protection. Don\'t have an license key? <a href="%2$s" target="_blank" rel="noopener noreferrer"><strong>Get one now!</strong></a>', 'zerospam' ),
117	array(
118	'strong' => array(),

readme.txt CHANGED Viewed

	@@ -3,9 +3,9 @@ Contributors: bmarshall511
3	Tags: protection, firewall, security, spam, spam blocker
4	Donate link: https://www.zerospam.org/subscribe/
5	Requires at least: 5.2
6	- Tested up to: 5.~~8.3~~
7	Requires PHP: 7.3
8	- Stable tag: 5.2.10
9	License: GNU GPLv3
10	License URI: https://choosealicense.com/licenses/gpl-3.0/
11
	@@ -103,6 +103,12 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
103
104	== Changelog ==
105






106	= v5.2.10 =
107
108	* fix(security): fixes the missing parameter sanitization in the admin dashboard, resolves #301


3	Tags: protection, firewall, security, spam, spam blocker
4	Donate link: https://www.zerospam.org/subscribe/
5	Requires at least: 5.2
6	+ Tested up to: 5.9
7	Requires PHP: 7.3
8	+ Stable tag: 5.2.11
9	License: GNU GPLv3
10	License URI: https://choosealicense.com/licenses/gpl-3.0/
11

103
104	== Changelog ==
105
106	+ = v5.2.11
107	+
108	+ * fix(security): fixes the missing orderby parameter sanitization in the admin dashboard
109	+ * fix(admin settings): fixed whitespace issue in textarea setting fields, resolves #303
110	+ * fix(admin log): updated date column to use the local setting date & time format, resolves #305
111	+
112	= v5.2.10 =
113
114	* fix(security): fixes the missing parameter sanitization in the admin dashboard, resolves #301

wordpress-zero-spam.php CHANGED Viewed

	@@ -13,7 +13,7 @@
13	* Plugin Name: WordPress Zero Spam
14	* Plugin URI: https://www.highfivery.com/projects/zero-spam/
15	* Description: Tired of all the worthless and bloated WordPress anti-spam & security plugins? WordPress Zero Spam makes blocking spam & malicious activity a cinch. <strong>Just install, activate, configure, and say goodbye to spam.</strong>
16	- * Version: 5.2.10
17	* Requires at least: 5.2
18	* Requires PHP: 7.3
19	* Author: Highfivery LLC
	@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) \|\| die();
31	define( 'ZEROSPAM', __FILE__ );
32	define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33	define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34	- define( 'ZEROSPAM_VERSION', '5.2.10' );
35
36	if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37	define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );


13	* Plugin Name: WordPress Zero Spam
14	* Plugin URI: https://www.highfivery.com/projects/zero-spam/
15	* Description: Tired of all the worthless and bloated WordPress anti-spam & security plugins? WordPress Zero Spam makes blocking spam & malicious activity a cinch. <strong>Just install, activate, configure, and say goodbye to spam.</strong>
16	+ * Version: 5.2.11
17	* Requires at least: 5.2
18	* Requires PHP: 7.3
19	* Author: Highfivery LLC

31	define( 'ZEROSPAM', __FILE__ );
32	define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33	define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34	+ define( 'ZEROSPAM_VERSION', '5.2.11' );
35
36	if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37	define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );