Changeset 2370481

Timestamp:

08/27/2020 03:47:16 PM (5 years ago)

Author:

wfmatt

Message:

7.4.11 - August 27, 2020

• Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database.
• Improvement: Added help documentation links to modified plugin/theme file scan results.
• Fix: Prevent file system scan from following symlinks to root.
• Fix: Cleared pending plugin/theme update scan results and notification when a plugin/theme is auto-updated.
• Fix: Added check for when site is disconnected on Central's end, but not in the plugin.

Location:

wordfence

Files:

• tags/7.4.11 (copied) (copied from wordfence/trunk)
• tags/7.4.11/css/activity-report-widget.1596638737.css (deleted)
• tags/7.4.11/css/activity-report-widget.1598542714.css (added)
• tags/7.4.11/css/diff.1596638737.css (deleted)
• tags/7.4.11/css/diff.1598542714.css (added)
• tags/7.4.11/css/dt_table.1596638737.css (deleted)
• tags/7.4.11/css/dt_table.1598542714.css (added)
• tags/7.4.11/css/fullLog.1596638737.css (deleted)
• tags/7.4.11/css/fullLog.1598542714.css (added)
• tags/7.4.11/css/iptraf.1596638737.css (deleted)
• tags/7.4.11/css/iptraf.1598542714.css (added)
• tags/7.4.11/css/jquery-ui-timepicker-addon.1596638737.css (deleted)
• tags/7.4.11/css/jquery-ui-timepicker-addon.1598542714.css (added)
• tags/7.4.11/css/jquery-ui.min.1596638737.css (deleted)
• tags/7.4.11/css/jquery-ui.min.1598542714.css (added)
• tags/7.4.11/css/jquery-ui.structure.min.1596638737.css (deleted)
• tags/7.4.11/css/jquery-ui.structure.min.1598542714.css (added)
• tags/7.4.11/css/jquery-ui.theme.min.1596638737.css (deleted)
• tags/7.4.11/css/jquery-ui.theme.min.1598542714.css (added)
• tags/7.4.11/css/main.1596638737.css (deleted)
• tags/7.4.11/css/main.1598542714.css (added)
• tags/7.4.11/css/phpinfo.1596638737.css (deleted)
• tags/7.4.11/css/phpinfo.1598542714.css (added)
• tags/7.4.11/css/wf-adminbar.1596638737.css (deleted)
• tags/7.4.11/css/wf-adminbar.1598542714.css (added)
• tags/7.4.11/css/wf-colorbox.1596638737.css (deleted)
• tags/7.4.11/css/wf-colorbox.1598542714.css (added)
• tags/7.4.11/css/wf-font-awesome.1596638737.css (deleted)
• tags/7.4.11/css/wf-font-awesome.1598542714.css (added)
• tags/7.4.11/css/wf-global.1596638737.css (deleted)
• tags/7.4.11/css/wf-global.1598542714.css (added)
• tags/7.4.11/css/wf-ionicons.1596638737.css (deleted)
• tags/7.4.11/css/wf-ionicons.1598542714.css (added)
• tags/7.4.11/css/wf-onboarding.1596638737.css (deleted)
• tags/7.4.11/css/wf-onboarding.1598542714.css (added)
• tags/7.4.11/css/wf-roboto-font.1596638737.css (deleted)
• tags/7.4.11/css/wf-roboto-font.1598542714.css (added)
• tags/7.4.11/css/wfselect2.min.1596638737.css (deleted)
• tags/7.4.11/css/wfselect2.min.1598542714.css (added)
• tags/7.4.11/css/wordfenceBox.1596638737.css (deleted)
• tags/7.4.11/css/wordfenceBox.1598542714.css (added)
• tags/7.4.11/js/Chart.bundle.min.1596638737.js (deleted)
• tags/7.4.11/js/Chart.bundle.min.1598542714.js (added)
• tags/7.4.11/js/admin.1596638737.js (deleted)
• tags/7.4.11/js/admin.1598542714.js (added)
• tags/7.4.11/js/admin.ajaxWatcher.1596638737.js (deleted)
• tags/7.4.11/js/admin.ajaxWatcher.1598542714.js (added)
• tags/7.4.11/js/admin.liveTraffic.1596638737.js (deleted)
• tags/7.4.11/js/admin.liveTraffic.1598542714.js (added)
• tags/7.4.11/js/date.1596638737.js (deleted)
• tags/7.4.11/js/date.1598542714.js (added)
• tags/7.4.11/js/jquery-ui-timepicker-addon.1596638737.js (deleted)
• tags/7.4.11/js/jquery-ui-timepicker-addon.1598542714.js (added)
• tags/7.4.11/js/jquery.colorbox-min.1596638737.js (deleted)
• tags/7.4.11/js/jquery.colorbox-min.1598542714.js (added)
• tags/7.4.11/js/jquery.colorbox.1596638737.js (deleted)
• tags/7.4.11/js/jquery.colorbox.1598542714.js (added)
• tags/7.4.11/js/jquery.dataTables.min.1596638737.js (deleted)
• tags/7.4.11/js/jquery.dataTables.min.1598542714.js (added)
• tags/7.4.11/js/jquery.qrcode.min.1596638737.js (deleted)
• tags/7.4.11/js/jquery.qrcode.min.1598542714.js (added)
• tags/7.4.11/js/jquery.tmpl.min.1596638737.js (deleted)
• tags/7.4.11/js/jquery.tmpl.min.1598542714.js (added)
• tags/7.4.11/js/jquery.tools.min.1596638737.js (deleted)
• tags/7.4.11/js/jquery.tools.min.1598542714.js (added)
• tags/7.4.11/js/knockout-3.3.0.1596638737.js (deleted)
• tags/7.4.11/js/knockout-3.3.0.1598542714.js (added)
• tags/7.4.11/js/wfdashboard.1596638737.js (deleted)
• tags/7.4.11/js/wfdashboard.1598542714.js (added)
• tags/7.4.11/js/wfdropdown.1596638737.js (deleted)
• tags/7.4.11/js/wfdropdown.1598542714.js (added)
• tags/7.4.11/js/wfglobal.1596638737.js (deleted)
• tags/7.4.11/js/wfglobal.1598542714.js (added)
• tags/7.4.11/js/wfpopover.1596638737.js (deleted)
• tags/7.4.11/js/wfpopover.1598542714.js (added)
• tags/7.4.11/js/wfselect2.min.1596638737.js (deleted)
• tags/7.4.11/js/wfselect2.min.1598542714.js (added)
• tags/7.4.11/lib/menu_tools_diagnostic.php (modified) (1 diff)
• tags/7.4.11/lib/wfCentralAPI.php (modified) (1 diff)
• tags/7.4.11/lib/wfSupportController.php (modified) (4 diffs)
• tags/7.4.11/lib/wordfenceClass.php (modified) (2 diffs)
• tags/7.4.11/lib/wordfenceHash.php (modified) (3 diffs)
• tags/7.4.11/modules/login-security/css/admin-global.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/admin-global.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/admin.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/admin.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/colorbox.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/colorbox.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/font-awesome.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/font-awesome.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/ionicons.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/ionicons.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/jquery-ui-timepicker-addon.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/jquery-ui-timepicker-addon.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/jquery-ui.min.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/jquery-ui.min.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/jquery-ui.structure.min.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/jquery-ui.structure.min.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/jquery-ui.theme.min.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/jquery-ui.theme.min.1598542714.css (added)
• tags/7.4.11/modules/login-security/css/login.1596638737.css (deleted)
• tags/7.4.11/modules/login-security/css/login.1598542714.css (added)
• tags/7.4.11/modules/login-security/js/admin-global.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/admin-global.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/admin.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/admin.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/jquery-ui-timepicker-addon.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/jquery-ui-timepicker-addon.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/jquery.colorbox.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/jquery.colorbox.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/jquery.colorbox.min.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/jquery.colorbox.min.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/jquery.qrcode.min.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/jquery.qrcode.min.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/jquery.tmpl.min.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/jquery.tmpl.min.1598542714.js (added)
• tags/7.4.11/modules/login-security/js/login.1596638737.js (deleted)
• tags/7.4.11/modules/login-security/js/login.1598542714.js (added)
• tags/7.4.11/modules/login-security/wordfence-login-security.php (modified) (1 diff)
• tags/7.4.11/readme.txt (modified) (2 diffs)
• tags/7.4.11/wordfence.php (modified) (2 diffs)
• trunk/css/activity-report-widget.1596638737.css (deleted)
• trunk/css/activity-report-widget.1598542714.css (added)
• trunk/css/diff.1596638737.css (deleted)
• trunk/css/diff.1598542714.css (added)
• trunk/css/dt_table.1596638737.css (deleted)
• trunk/css/dt_table.1598542714.css (added)
• trunk/css/fullLog.1596638737.css (deleted)
• trunk/css/fullLog.1598542714.css (added)
• trunk/css/iptraf.1596638737.css (deleted)
• trunk/css/iptraf.1598542714.css (added)
• trunk/css/jquery-ui-timepicker-addon.1596638737.css (deleted)
• trunk/css/jquery-ui-timepicker-addon.1598542714.css (added)
• trunk/css/jquery-ui.min.1596638737.css (deleted)
• trunk/css/jquery-ui.min.1598542714.css (added)
• trunk/css/jquery-ui.structure.min.1596638737.css (deleted)
• trunk/css/jquery-ui.structure.min.1598542714.css (added)
• trunk/css/jquery-ui.theme.min.1596638737.css (deleted)
• trunk/css/jquery-ui.theme.min.1598542714.css (added)
• trunk/css/main.1596638737.css (deleted)
• trunk/css/main.1598542714.css (added)
• trunk/css/phpinfo.1596638737.css (deleted)
• trunk/css/phpinfo.1598542714.css (added)
• trunk/css/wf-adminbar.1596638737.css (deleted)
• trunk/css/wf-adminbar.1598542714.css (added)
• trunk/css/wf-colorbox.1596638737.css (deleted)
• trunk/css/wf-colorbox.1598542714.css (added)
• trunk/css/wf-font-awesome.1596638737.css (deleted)
• trunk/css/wf-font-awesome.1598542714.css (added)
• trunk/css/wf-global.1596638737.css (deleted)
• trunk/css/wf-global.1598542714.css (added)
• trunk/css/wf-ionicons.1596638737.css (deleted)
• trunk/css/wf-ionicons.1598542714.css (added)
• trunk/css/wf-onboarding.1596638737.css (deleted)
• trunk/css/wf-onboarding.1598542714.css (added)
• trunk/css/wf-roboto-font.1596638737.css (deleted)
• trunk/css/wf-roboto-font.1598542714.css (added)
• trunk/css/wfselect2.min.1596638737.css (deleted)
• trunk/css/wfselect2.min.1598542714.css (added)
• trunk/css/wordfenceBox.1596638737.css (deleted)
• trunk/css/wordfenceBox.1598542714.css (added)
• trunk/js/Chart.bundle.min.1596638737.js (deleted)
• trunk/js/Chart.bundle.min.1598542714.js (added)
• trunk/js/admin.1596638737.js (deleted)
• trunk/js/admin.1598542714.js (added)
• trunk/js/admin.ajaxWatcher.1596638737.js (deleted)
• trunk/js/admin.ajaxWatcher.1598542714.js (added)
• trunk/js/admin.liveTraffic.1596638737.js (deleted)
• trunk/js/admin.liveTraffic.1598542714.js (added)
• trunk/js/date.1596638737.js (deleted)
• trunk/js/date.1598542714.js (added)
• trunk/js/jquery-ui-timepicker-addon.1596638737.js (deleted)
• trunk/js/jquery-ui-timepicker-addon.1598542714.js (added)
• trunk/js/jquery.colorbox-min.1596638737.js (deleted)
• trunk/js/jquery.colorbox-min.1598542714.js (added)
• trunk/js/jquery.colorbox.1596638737.js (deleted)
• trunk/js/jquery.colorbox.1598542714.js (added)
• trunk/js/jquery.dataTables.min.1596638737.js (deleted)
• trunk/js/jquery.dataTables.min.1598542714.js (added)
• trunk/js/jquery.qrcode.min.1596638737.js (deleted)
• trunk/js/jquery.qrcode.min.1598542714.js (added)
• trunk/js/jquery.tmpl.min.1596638737.js (deleted)
• trunk/js/jquery.tmpl.min.1598542714.js (added)
• trunk/js/jquery.tools.min.1596638737.js (deleted)
• trunk/js/jquery.tools.min.1598542714.js (added)
• trunk/js/knockout-3.3.0.1596638737.js (deleted)
• trunk/js/knockout-3.3.0.1598542714.js (added)
• trunk/js/wfdashboard.1596638737.js (deleted)
• trunk/js/wfdashboard.1598542714.js (added)
• trunk/js/wfdropdown.1596638737.js (deleted)
• trunk/js/wfdropdown.1598542714.js (added)
• trunk/js/wfglobal.1596638737.js (deleted)
• trunk/js/wfglobal.1598542714.js (added)
• trunk/js/wfpopover.1596638737.js (deleted)
• trunk/js/wfpopover.1598542714.js (added)
• trunk/js/wfselect2.min.1596638737.js (deleted)
• trunk/js/wfselect2.min.1598542714.js (added)
• trunk/lib/menu_tools_diagnostic.php (modified) (1 diff)
• trunk/lib/wfCentralAPI.php (modified) (1 diff)
• trunk/lib/wfSupportController.php (modified) (4 diffs)
• trunk/lib/wordfenceClass.php (modified) (2 diffs)
• trunk/lib/wordfenceHash.php (modified) (3 diffs)
• trunk/modules/login-security/css/admin-global.1596638737.css (deleted)
• trunk/modules/login-security/css/admin-global.1598542714.css (added)
• trunk/modules/login-security/css/admin.1596638737.css (deleted)
• trunk/modules/login-security/css/admin.1598542714.css (added)
• trunk/modules/login-security/css/colorbox.1596638737.css (deleted)
• trunk/modules/login-security/css/colorbox.1598542714.css (added)
• trunk/modules/login-security/css/font-awesome.1596638737.css (deleted)
• trunk/modules/login-security/css/font-awesome.1598542714.css (added)
• trunk/modules/login-security/css/ionicons.1596638737.css (deleted)
• trunk/modules/login-security/css/ionicons.1598542714.css (added)
• trunk/modules/login-security/css/jquery-ui-timepicker-addon.1596638737.css (deleted)
• trunk/modules/login-security/css/jquery-ui-timepicker-addon.1598542714.css (added)
• trunk/modules/login-security/css/jquery-ui.min.1596638737.css (deleted)
• trunk/modules/login-security/css/jquery-ui.min.1598542714.css (added)
• trunk/modules/login-security/css/jquery-ui.structure.min.1596638737.css (deleted)
• trunk/modules/login-security/css/jquery-ui.structure.min.1598542714.css (added)
• trunk/modules/login-security/css/jquery-ui.theme.min.1596638737.css (deleted)
• trunk/modules/login-security/css/jquery-ui.theme.min.1598542714.css (added)
• trunk/modules/login-security/css/login.1596638737.css (deleted)
• trunk/modules/login-security/css/login.1598542714.css (added)
• trunk/modules/login-security/js/admin-global.1596638737.js (deleted)
• trunk/modules/login-security/js/admin-global.1598542714.js (added)
• trunk/modules/login-security/js/admin.1596638737.js (deleted)
• trunk/modules/login-security/js/admin.1598542714.js (added)
• trunk/modules/login-security/js/jquery-ui-timepicker-addon.1596638737.js (deleted)
• trunk/modules/login-security/js/jquery-ui-timepicker-addon.1598542714.js (added)
• trunk/modules/login-security/js/jquery.colorbox.1596638737.js (deleted)
• trunk/modules/login-security/js/jquery.colorbox.1598542714.js (added)
• trunk/modules/login-security/js/jquery.colorbox.min.1596638737.js (deleted)
• trunk/modules/login-security/js/jquery.colorbox.min.1598542714.js (added)
• trunk/modules/login-security/js/jquery.qrcode.min.1596638737.js (deleted)
• trunk/modules/login-security/js/jquery.qrcode.min.1598542714.js (added)
• trunk/modules/login-security/js/jquery.tmpl.min.1596638737.js (deleted)
• trunk/modules/login-security/js/jquery.tmpl.min.1598542714.js (added)
• trunk/modules/login-security/js/login.1596638737.js (deleted)
• trunk/modules/login-security/js/login.1598542714.js (added)
• trunk/modules/login-security/wordfence-login-security.php (modified) (1 diff)
• trunk/readme.txt (modified) (1 diff)
• trunk/wordfence.php (modified) (2 diffs)

wordfence/tags/7.4.11/lib/menu_tools_diagnostic.php

@@ -845 +845 @@
                             </span>
                         </li>
+                        <li>
+                            <span>
+                                <?php _e('Clear all Wordfence Central connection data', 'wordfence'); ?> <a href="<?php echo wfSupportController::esc_supportURL(wfSupportController::ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA); ?>" target="_blank" rel="noopener noreferrer" class="wfhelp wf-inline-help"></a>
+                                <input class="wf-btn wf-btn-default wf-btn-sm" type="button" value="<?php esc_attr_e('Clear Connection Data', 'wordfence'); ?>" onclick="WFAD.ajax('wordfence_wfcentral_disconnect', {}, function() { WFAD.colorboxModal((self.isSmallScreen ? '300px' : '400px'), 'Successfully romved data', 'All associated Wordfence Central data has been removed from the database.'); });"/>
+                            </span>
+                        </li>
                     </ul>
 

wordfence/tags/7.4.11/lib/wfCentralAPI.php

@@ -60 +60 @@
         $http = _wp_http_get_object();
         $response = $http->request(WORDFENCE_CENTRAL_API_URL_SEC . $this->getEndpoint(), $args);
+
+        if (!is_wp_error($response)) {
+            $body = wp_remote_retrieve_body($response);
+            $statusCode = wp_remote_retrieve_response_code($response);
+
+            // Check if site has been disconnected on Central's end, but the plugin is still trying to connect.
+            if ($statusCode === 404 && strpos($body, 'Site has been disconnected') !== false) {
+                // Increment attempt count.
+                $centralDisconnectCount = get_site_transient('wordfenceCentralDisconnectCount');
+                set_site_transient('wordfenceCentralDisconnectCount', ++$centralDisconnectCount, 86400);
+
+                // Once threshold is hit, disconnect Central.
+                if ($centralDisconnectCount > 3) {
+                    wfRESTConfigController::disconnectConfig();
+                }
+            }
+        }
+
         return new wfCentralAPIResponse($response);
     }

wordfence/tags/7.4.11/lib/wfSupportController.php

@@ -149 +149 @@
     const ITEM_SCAN_RESULT_SKIPPED_PATHS = 'scan-result-skipped-paths';
     const ITEM_SCAN_RESULT_REPAIR_MODIFIED_FILES = 'scan-result-repair-modified-files';
+    const ITEM_SCAN_RESULT_MODIFIED_PLUGIN = 'scan-result-modified-plugin';
+    const ITEM_SCAN_RESULT_MODIFIED_THEME = 'scan-result-modified-theme';
 
     const ITEM_TOOLS_TWO_FACTOR = 'tools-two-factor';
@@ -160 +162 @@
     const ITEM_DIAGNOSTICS_TEST_EMAIL = 'diagnostics-test-email';
     const ITEM_DIAGNOSTICS_TEST_ACTIVITY_REPORT = 'diagnostics-test-activity-report';
+    const ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA = 'diagnostics-remove-central-data';
     const ITEM_DIAGNOSTICS_OPTION_DEBUGGING_MODE = 'diagnostics-option-debugging-mode';
     const ITEM_DIAGNOSTICS_OPTION_REMOTE_SCANS = 'diagnostics-option-remote-scans';
@@ -327 +330 @@
             case self::ITEM_SCAN_RESULT_SKIPPED_PATHS:
             case self::ITEM_SCAN_RESULT_REPAIR_MODIFIED_FILES:
+            case self::ITEM_SCAN_RESULT_MODIFIED_PLUGIN:
+            case self::ITEM_SCAN_RESULT_MODIFIED_THEME:
 
             case self::ITEM_TOOLS_TWO_FACTOR:
@@ -338 +343 @@
             case self::ITEM_DIAGNOSTICS_TEST_EMAIL:
             case self::ITEM_DIAGNOSTICS_TEST_ACTIVITY_REPORT:
+            case self::ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA:
             case self::ITEM_DIAGNOSTICS_OPTION_DEBUGGING_MODE:
             case self::ITEM_DIAGNOSTICS_OPTION_REMOTE_SCANS:

wordfence/tags/7.4.11/lib/wordfenceClass.php

@@ -322 +322 @@
         wfConfig::remove('lastPermissionsTemplateCheck');
     }
-    public static function _scheduleRefreshUpdateNotification($upgrader, $options) {
+    public static function _scheduleRefreshUpdateNotification($upgrader = null, $options = null) {
         $defer = false;
         if (is_array($options) && isset($options['type']) && $options['type'] == 'core') {
@@ -1285 +1285 @@
         add_action('upgrader_process_complete', 'wfUpdateCheck::syncAllVersionInfo');
         add_action('upgrader_process_complete', 'wordfence::_scheduleRefreshUpdateNotification', 99, 2);
+        add_action('automatic_updates_complete', 'wordfence::_scheduleRefreshUpdateNotification', 99, 0);
         add_action('wordfence_refreshUpdateNotification', 'wordfence::_refreshUpdateNotification', 99, 0);
         add_action('wordfence_completeCoreUpdateNotification', 'wordfence::_completeCoreUpdateNotification', 99, 0);

wordfence/tags/7.4.11/lib/wordfenceHash.php

@@ -432 +432 @@
         
         $realPath = realpath($path);
+        if ($realPath === '/') {
+            return false;
+        }
         if (isset($this->foldersProcessed[$realPath])) {
             return false;
@@ -526 +529 @@
                                     'modifiedplugin' . $file . $md5,
                                     'Modified plugin file: ' . $file,
-                                    "This file belongs to plugin \"$itemName\" version \"$itemVersion\" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don't manage their code correctly. [See our FAQ on www.wordfence.com for more info]",
+                                    sprintf(__("This file belongs to plugin \"$itemName\" version \"$itemVersion\" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don't manage their code correctly. <a href=\"%s\" target=\"_blank\" rel=\"noopener noreferrer\">Learn More</a>", 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_PLUGIN)),
                                     array(
                                         'file' => $file,
@@ -566 +569 @@
                                     'modifiedtheme' . $file . $md5,
                                     'Modified theme file: ' . $file,
-                                    "This file belongs to theme \"$itemName\" version \"$itemVersion\" and has been modified from the original distribution. It is common for site owners to modify their theme files, so if you have modified this file yourself you can safely ignore this warning.",
+                                    sprintf(__("This file belongs to theme \"$itemName\" version \"$itemVersion\" and has been modified from the original distribution. It is common for site owners to modify their theme files, so if you have modified this file yourself you can safely ignore this warning. <a href=\"%s\" target=\"_blank\" rel=\"noopener noreferrer\">Learn More</a>", 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_THEME)),
                                     array(
                                         'file' => $file,

wordfence/tags/7.4.11/modules/login-security/wordfence-login-security.php

@@ -28 +28 @@
     
     define('WORDFENCE_LS_VERSION', '1.0.5');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1596638737');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1598542714');
     
     if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }

wordfence/tags/7.4.11/readme.txt

@@ -5 +5 @@
 Requires PHP: 5.3
 Tested up to: 5.5
-Stable tag: 7.4.10
+Stable tag: 7.4.11
 
 Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
@@ -183 +183 @@
 
 == Changelog ==
+
+= 7.4.11 - August 27, 2020 =
+
+* Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database.
+* Improvement: Added help documentation links to modified plugin/theme file scan results.
+* Fix: Prevent file system scan from following symlinks to root.
+* Fix: Cleared pending plugin/theme update scan results and notification when a plugin/theme is auto-updated.
+* Fix: Added check for when site is disconnected on Central's end, but not in the plugin.
 
 = 7.4.10 - August 5, 2020 =

wordfence/tags/7.4.11/wordfence.php

@@ -5 +5 @@
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
-Version: 7.4.10
+Version: 7.4.11
 Author URI: http://www.wordfence.com/
 Network: true
@@ -16 +16 @@
     exit;
 }
-define('WORDFENCE_VERSION', '7.4.10');
-define('WORDFENCE_BUILD_NUMBER', '1596638737');
+define('WORDFENCE_VERSION', '7.4.11');
+define('WORDFENCE_BUILD_NUMBER', '1598542714');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));

wordfence/trunk/lib/menu_tools_diagnostic.php

@@ -845 +845 @@
                             </span>
                         </li>
+                        <li>
+                            <span>
+                                <?php _e('Clear all Wordfence Central connection data', 'wordfence'); ?> <a href="<?php echo wfSupportController::esc_supportURL(wfSupportController::ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA); ?>" target="_blank" rel="noopener noreferrer" class="wfhelp wf-inline-help"></a>
+                                <input class="wf-btn wf-btn-default wf-btn-sm" type="button" value="<?php esc_attr_e('Clear Connection Data', 'wordfence'); ?>" onclick="WFAD.ajax('wordfence_wfcentral_disconnect', {}, function() { WFAD.colorboxModal((self.isSmallScreen ? '300px' : '400px'), 'Successfully romved data', 'All associated Wordfence Central data has been removed from the database.'); });"/>
+                            </span>
+                        </li>
                     </ul>
 

wordfence/trunk/lib/wfCentralAPI.php

@@ -60 +60 @@
         $http = _wp_http_get_object();
         $response = $http->request(WORDFENCE_CENTRAL_API_URL_SEC . $this->getEndpoint(), $args);
+
+        if (!is_wp_error($response)) {
+            $body = wp_remote_retrieve_body($response);
+            $statusCode = wp_remote_retrieve_response_code($response);
+
+            // Check if site has been disconnected on Central's end, but the plugin is still trying to connect.
+            if ($statusCode === 404 && strpos($body, 'Site has been disconnected') !== false) {
+                // Increment attempt count.
+                $centralDisconnectCount = get_site_transient('wordfenceCentralDisconnectCount');
+                set_site_transient('wordfenceCentralDisconnectCount', ++$centralDisconnectCount, 86400);
+
+                // Once threshold is hit, disconnect Central.
+                if ($centralDisconnectCount > 3) {
+                    wfRESTConfigController::disconnectConfig();
+                }
+            }
+        }
+
         return new wfCentralAPIResponse($response);
     }

wordfence/trunk/lib/wfSupportController.php

@@ -149 +149 @@
     const ITEM_SCAN_RESULT_SKIPPED_PATHS = 'scan-result-skipped-paths';
     const ITEM_SCAN_RESULT_REPAIR_MODIFIED_FILES = 'scan-result-repair-modified-files';
+    const ITEM_SCAN_RESULT_MODIFIED_PLUGIN = 'scan-result-modified-plugin';
+    const ITEM_SCAN_RESULT_MODIFIED_THEME = 'scan-result-modified-theme';
 
     const ITEM_TOOLS_TWO_FACTOR = 'tools-two-factor';
@@ -160 +162 @@
     const ITEM_DIAGNOSTICS_TEST_EMAIL = 'diagnostics-test-email';
     const ITEM_DIAGNOSTICS_TEST_ACTIVITY_REPORT = 'diagnostics-test-activity-report';
+    const ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA = 'diagnostics-remove-central-data';
     const ITEM_DIAGNOSTICS_OPTION_DEBUGGING_MODE = 'diagnostics-option-debugging-mode';
     const ITEM_DIAGNOSTICS_OPTION_REMOTE_SCANS = 'diagnostics-option-remote-scans';
@@ -327 +330 @@
             case self::ITEM_SCAN_RESULT_SKIPPED_PATHS:
             case self::ITEM_SCAN_RESULT_REPAIR_MODIFIED_FILES:
+            case self::ITEM_SCAN_RESULT_MODIFIED_PLUGIN:
+            case self::ITEM_SCAN_RESULT_MODIFIED_THEME:
 
             case self::ITEM_TOOLS_TWO_FACTOR:
@@ -338 +343 @@
             case self::ITEM_DIAGNOSTICS_TEST_EMAIL:
             case self::ITEM_DIAGNOSTICS_TEST_ACTIVITY_REPORT:
+            case self::ITEM_DIAGNOSTICS_REMOVE_CENTRAL_DATA:
             case self::ITEM_DIAGNOSTICS_OPTION_DEBUGGING_MODE:
             case self::ITEM_DIAGNOSTICS_OPTION_REMOTE_SCANS:

wordfence/trunk/lib/wordfenceClass.php

@@ -322 +322 @@
         wfConfig::remove('lastPermissionsTemplateCheck');
     }
-    public static function _scheduleRefreshUpdateNotification($upgrader, $options) {
+    public static function _scheduleRefreshUpdateNotification($upgrader = null, $options = null) {
         $defer = false;
         if (is_array($options) && isset($options['type']) && $options['type'] == 'core') {
@@ -1285 +1285 @@
         add_action('upgrader_process_complete', 'wfUpdateCheck::syncAllVersionInfo');
         add_action('upgrader_process_complete', 'wordfence::_scheduleRefreshUpdateNotification', 99, 2);
+        add_action('automatic_updates_complete', 'wordfence::_scheduleRefreshUpdateNotification', 99, 0);
         add_action('wordfence_refreshUpdateNotification', 'wordfence::_refreshUpdateNotification', 99, 0);
         add_action('wordfence_completeCoreUpdateNotification', 'wordfence::_completeCoreUpdateNotification', 99, 0);

wordfence/trunk/lib/wordfenceHash.php

@@ -432 +432 @@
         
         $realPath = realpath($path);
+        if ($realPath === '/') {
+            return false;
+        }
         if (isset($this->foldersProcessed[$realPath])) {
             return false;
@@ -526 +529 @@
                                     'modifiedplugin' . $file . $md5,
                                     'Modified plugin file: ' . $file,
-                                    "This file belongs to plugin \"$itemName\" version \"$itemVersion\" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don't manage their code correctly. [See our FAQ on www.wordfence.com for more info]",
+                                    sprintf(__("This file belongs to plugin \"$itemName\" version \"$itemVersion\" and has been modified from the file that is distributed by WordPress.org for this version. Please use the link to see how the file has changed. If you have modified this file yourself, you can safely ignore this warning. If you see a lot of changed files in a plugin that have been made by the author, then try uninstalling and reinstalling the plugin to force an upgrade. Doing this is a workaround for plugin authors who don't manage their code correctly. <a href=\"%s\" target=\"_blank\" rel=\"noopener noreferrer\">Learn More</a>", 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_PLUGIN)),
                                     array(
                                         'file' => $file,
@@ -566 +569 @@
                                     'modifiedtheme' . $file . $md5,
                                     'Modified theme file: ' . $file,
-                                    "This file belongs to theme \"$itemName\" version \"$itemVersion\" and has been modified from the original distribution. It is common for site owners to modify their theme files, so if you have modified this file yourself you can safely ignore this warning.",
+                                    sprintf(__("This file belongs to theme \"$itemName\" version \"$itemVersion\" and has been modified from the original distribution. It is common for site owners to modify their theme files, so if you have modified this file yourself you can safely ignore this warning. <a href=\"%s\" target=\"_blank\" rel=\"noopener noreferrer\">Learn More</a>", 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_MODIFIED_THEME)),
                                     array(
                                         'file' => $file,

wordfence/trunk/modules/login-security/wordfence-login-security.php

@@ -28 +28 @@
     
     define('WORDFENCE_LS_VERSION', '1.0.5');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1596638737');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1598542714');
     
     if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }

wordfence/trunk/readme.txt

@@ -183 +183 @@
 
 == Changelog ==
+
+= 7.4.11 - August 27, 2020 =
+
+* Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database.
+* Improvement: Added help documentation links to modified plugin/theme file scan results.
+* Fix: Prevent file system scan from following symlinks to root.
+* Fix: Cleared pending plugin/theme update scan results and notification when a plugin/theme is auto-updated.
+* Fix: Added check for when site is disconnected on Central's end, but not in the plugin.
 
 = 7.4.10 - August 5, 2020 =

wordfence/trunk/wordfence.php

@@ -5 +5 @@
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
-Version: 7.4.10
+Version: 7.4.11
 Author URI: http://www.wordfence.com/
 Network: true
@@ -16 +16 @@
     exit;
 }
-define('WORDFENCE_VERSION', '7.4.10');
-define('WORDFENCE_BUILD_NUMBER', '1596638737');
+define('WORDFENCE_VERSION', '7.4.11');
+define('WORDFENCE_BUILD_NUMBER', '1598542714');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));