Changeset 1471801

Timestamp:

08/10/2016 06:32:30 PM (10 years ago)

Author:

fdoromo

Message:

tags/3.4.2 - FIX - Security issues

Location:

total-security

Files:

• tags/3.4.2 (added)
• tags/3.4.2/css (added)
• tags/3.4.2/css/admin.css (added)
• tags/3.4.2/css/bookmarklet.css (added)
• tags/3.4.2/css/snippet.min.css (added)
• tags/3.4.2/images (added)
• tags/3.4.2/images/_16x16-3.png (added)
• tags/3.4.2/images/_16x16.png (added)
• tags/3.4.2/images/ajax-loader.gif (added)
• tags/3.4.2/images/bg.png (added)
• tags/3.4.2/images/error2.png (added)
• tags/3.4.2/images/ext (added)
• tags/3.4.2/images/ext/_no.png (added)
• tags/3.4.2/images/ext/css.png (added)
• tags/3.4.2/images/ext/data.png (added)
• tags/3.4.2/images/ext/exe.png (added)
• tags/3.4.2/images/ext/f1.png (added)
• tags/3.4.2/images/ext/f2.png (added)
• tags/3.4.2/images/ext/flash.png (added)
• tags/3.4.2/images/ext/html.png (added)
• tags/3.4.2/images/ext/java.png (added)
• tags/3.4.2/images/ext/jpg.png (added)
• tags/3.4.2/images/ext/js.png (added)
• tags/3.4.2/images/ext/pdf.png (added)
• tags/3.4.2/images/ext/php.png (added)
• tags/3.4.2/images/ext/txt.png (added)
• tags/3.4.2/images/ext/zip.png (added)
• tags/3.4.2/images/h3_icons (added)
• tags/3.4.2/images/h3_icons/bug.png (added)
• tags/3.4.2/images/h3_icons/code.png (added)
• tags/3.4.2/images/h3_icons/locate.png (added)
• tags/3.4.2/images/h3_icons/star.png (added)
• tags/3.4.2/images/info.png (added)
• tags/3.4.2/images/info0.png (added)
• tags/3.4.2/images/info2.png (added)
• tags/3.4.2/images/loading.gif (added)
• tags/3.4.2/images/paypal.png (added)
• tags/3.4.2/images/success.png (added)
• tags/3.4.2/images/warning.png (added)
• tags/3.4.2/js (added)
• tags/3.4.2/js/admin.js (added)
• tags/3.4.2/js/jquery.blockUI.js (added)
• tags/3.4.2/js/snippet.min.js (added)
• tags/3.4.2/lang (added)
• tags/3.4.2/lang/Help translating it.url (added)
• tags/3.4.2/lang/total-security-ru_RU.mo (added)
• tags/3.4.2/libs (added)
• tags/3.4.2/libs/hashes-4.5.3.php (added)
• tags/3.4.2/modules (added)
• tags/3.4.2/modules/class-p2.php (added)
• tags/3.4.2/modules/class-p3.php (added)
• tags/3.4.2/modules/class-p4.php (added)
• tags/3.4.2/modules/class-p5.php (added)
• tags/3.4.2/modules/class-p7.php (added)
• tags/3.4.2/modules/class-process.php (added)
• tags/3.4.2/modules/inc-p1.php (added)
• tags/3.4.2/modules/inc-p2.php (added)
• tags/3.4.2/modules/inc-p3.php (added)
• tags/3.4.2/modules/inc-p4.php (added)
• tags/3.4.2/modules/inc-p5.php (added)
• tags/3.4.2/modules/inc-p6.php (added)
• tags/3.4.2/modules/inc-p7.php (added)
• tags/3.4.2/modules/inc-popup.php (added)
• tags/3.4.2/modules/inc-sidebar.php (added)
• tags/3.4.2/readme.txt (added)
• tags/3.4.2/total-security.php (added)
• tags/3.4.2/uninstall.php (added)
• trunk/libs/bookmarklet (deleted)
• trunk/libs/brute-force-dictionary.txt (deleted)
• trunk/libs/hashes-4.5.3.php (modified) (1 diff)
• trunk/modules/class-p2.php (modified) (1 diff)
• trunk/modules/class-p3.php (modified) (1 diff)
• trunk/modules/class-p4.php (modified) (1 diff)
• trunk/modules/class-p5.php (modified) (1 diff)
• trunk/modules/class-p7.php (modified) (1 diff)
• trunk/modules/class-process.php (modified) (1 diff)
• trunk/modules/inc-p1.php (modified) (2 diffs)
• trunk/modules/inc-p2.php (modified) (1 diff)
• trunk/modules/inc-p3.php (modified) (1 diff)
• trunk/modules/inc-p4.php (modified) (1 diff)
• trunk/modules/inc-p5.php (modified) (1 diff)
• trunk/modules/inc-p6.php (modified) (1 diff)
• trunk/modules/inc-p7.php (modified) (1 diff)
• trunk/modules/inc-popup.php (modified) (1 diff)
• trunk/modules/inc-sidebar.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/total-security.php (modified) (2 diffs)
• trunk/uninstall.php (modified) (1 diff)

total-security/trunk/libs/hashes-4.5.3.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly    
 $filehashes = array(
 /*----------------------------------------------------------------------*/

total-security/trunk/modules/class-p2.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 class FDX_CLASS_P2 extends Total_Security {
 static $security_tests = array(

total-security/trunk/modules/class-p3.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 class FDX_CLASS_P3 {
     var $results;

total-security/trunk/modules/class-p4.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 class FDX_CLASS_P4 extends Total_Security {
 

total-security/trunk/modules/class-p5.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 include_once( ABSPATH . WPINC . '/wp-diff.php' );
 

total-security/trunk/modules/class-p7.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 class FDX_CLASS_P7 extends Total_Security {
     public static $file_log;

total-security/trunk/modules/class-process.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 class FDX_Process extends Total_Security {
 

total-security/trunk/modules/inc-p1.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly
 $results = get_option($this->p5_options_key); //time
 $tests = get_option($this->p2_options_key); //time
@@ -131 +132 @@
 //------------postbox
 echo '<div class="postbox">';
-echo '<div class="handlediv" title="' . __('Click to toggle', $this->hook) . '"><br /></div><h3 class="hndle"><span>Bookmarklets '. __('and useful information', $this->hook) . '.</span></h3>';
+echo '<div class="handlediv" title="' . __('Click to toggle', $this->hook) . '"><br /></div><h3 class="hndle"><span>'. __('Useful information', $this->hook) . '</span></h3>';
 echo '<div class="inside">';
-echo '<p class="bookmarklet"><code><a class="pluginbuddy_tip" title="'.__('Drag this link to your bookmark bar, or right-click the link and add to Favorites', $this->hook). '" onclick="window.alert(\''.__('Drag this link to your bookmark bar, or right-click the link and add to Favorites', $this->hook). '\');return false;" href="javascript:(function(){w=410;h=650;window.open(\''.plugins_url( 'libs/bookmarklet/password_hash.php',dirname(__FILE__) ).'\',null,\'width=\'+w+\',height=\'+h+\',left=\'+parseInt((screen.availWidth/2)-(765/2))+\',top=\'+parseInt((screen.availHeight/3)-(102/2))+\'resizable=0toolbar=0,scrollbars=1,location=0,status=0,menubar=0\');})();">Password Hash&rsaquo;&rsaquo;&rsaquo;</code></a>';
-echo ' - '.__('Use to generate your passwords. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there\'s nothing to be hacked, lost, or stolen.', $this->hook). ' [<strong><a href="http://www.passwordmaker.org/" target="_blank">?</a></strong>]</p>';
-echo '<hr><div style="text-align: center"><a class="button newWindow pluginbuddy_tip" href="'.$p2_url2.'" data-width="700" data-height="600" rel="1" id="pop_lats" title="'.__('Display Extended PHP Settings via phpinfo()', $this->hook).'">Phpinfo()</a>&nbsp;&nbsp;&nbsp;&nbsp; <a href="'.$p2_url4.'" class="button fdx-dialog pluginbuddy_tip" title="'.__('Debug information is used to provide help.', $this->hook).'">'.__('Debug', $this->hook).'</a>&nbsp;&nbsp;&nbsp;&nbsp; <a href="'.$p2_url3.'" class="button fdx-dialog pluginbuddy_tip" title="'.__('Tables in blue = Wordpress Default, Table in Green = Total Security Plugin', $this->hook).'">'.__('Database Info', $this->hook).'</a></div>';
+echo '<div style="text-align: center"><a class="button newWindow pluginbuddy_tip" href="'.$p2_url2.'" data-width="700" data-height="600" rel="1" id="pop_lats" title="'.__('Display Extended PHP Settings via phpinfo()', $this->hook).'">Phpinfo()</a>&nbsp;&nbsp;&nbsp;&nbsp; <a href="'.$p2_url4.'" class="button fdx-dialog pluginbuddy_tip" title="'.__('Debug information is used to provide help.', $this->hook).'">'.__('Debug', $this->hook).'</a>&nbsp;&nbsp;&nbsp;&nbsp; <a href="'.$p2_url3.'" class="button fdx-dialog pluginbuddy_tip" title="'.__('Tables in blue = Wordpress Default, Table in Green = Total Security Plugin', $this->hook).'">'.__('Database Info', $this->hook).'</a></div>';
 echo '<div id="fdx-dialog-wrap"><div id="fdx-dialog"></div></div>'; //popup
 

total-security/trunk/modules/inc-p2.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 $tests = get_option($this->p2_options_key);
 $tests2 = array();

total-security/trunk/modules/inc-p3.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 $settings = Total_Security::fdx_get_settings(); 
 

total-security/trunk/modules/inc-p4.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 $settings = Total_Security::fdx_get_settings(); 
 $tests = get_option($this->p2_options_key);

total-security/trunk/modules/inc-p5.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 $results = get_option($this->p5_options_key);
 

total-security/trunk/modules/inc-p6.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 $settings = Total_Security::fdx_get_settings();
 $p6_url1 = add_query_arg( array( 'popup' => 'pp_page', 'target' => 'debug_log' ), menu_page_url( $this->hook , false ) );

total-security/trunk/modules/inc-p7.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 /* wrap
 *********************************************************************************/

total-security/trunk/modules/inc-popup.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 // phpinfo
 if ($target == 'phpinfo'){

total-security/trunk/modules/inc-sidebar.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 # Donation Message #
 if( get_site_option( 'fdx1_hidden_time' ) && get_site_option( 'fdx1_hidden_time' ) < time() ) {

total-security/trunk/readme.txt

@@ -6 +6 @@
 Requires at least: 4.5.3
 Tested up to: 4.5.3
-Stable tag: 3.4.1
+Stable tag: 3.4.2
 License: GPLv2 or later
 
@@ -124 +124 @@
 
 == Changelog ==
+* 3.4.2
+    * FIX - Security issues
+
 * 3.4.1
     * IMPROVED - Compatibility with WordPress 4.5.3

total-security/trunk/total-security.php

@@ -4 +4 @@
  * Plugin URI: http://fabrix.net/total-security/
  * Description: Checks your WordPress installation and provides detailed reporting on discovered vulnerabilities, anything suspicious and how to fix them.
- * Version: 3.4.1
+ * Version: 3.4.2
  * Author: Fabrix DoRoMo
  * Author URI: http://fabrix.net
@@ -12 +12 @@
  * Copyright 2016 - fabrix.net
  */
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly
 
 class Total_Security {
         public $min_wp_ver          = '4.5.3'; //
-        public $pluginversion       = '3.4.1';
+        public $pluginversion       = '3.4.2';
         public $pluginname          = 'Total Security';
         public $hook                = 'total-security';

total-security/trunk/uninstall.php

@@ -1 +1 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit;  // Exit if accessed directly  
 /**
  * Code used when the plugin is removed (not just deactivated but actively deleted through the WordPress Admin).