Changeset 2453867
- Timestamp:
- 01/11/2021 12:07:49 PM (5 years ago)
- Location:
- wpscan
- Files:
-
- 14 edited
- 1 copied
-
tags/1.14.2 (copied) (copied from wpscan/trunk)
-
tags/1.14.2/app/Notification.php (modified) (1 diff)
-
tags/1.14.2/app/Plugin.php (modified) (2 diffs)
-
tags/1.14.2/app/Settings.php (modified) (3 diffs)
-
tags/1.14.2/app/Summary.php (modified) (1 diff)
-
tags/1.14.2/readme.txt (modified) (2 diffs)
-
tags/1.14.2/security-checks/https/check.php (modified) (1 diff)
-
tags/1.14.2/wpscan.php (modified) (1 diff)
-
trunk/app/Notification.php (modified) (1 diff)
-
trunk/app/Plugin.php (modified) (2 diffs)
-
trunk/app/Settings.php (modified) (3 diffs)
-
trunk/app/Summary.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/security-checks/https/check.php (modified) (1 diff)
-
trunk/wpscan.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wpscan/tags/1.14.2/app/Notification.php
r2452411 r2453867 80 80 */ 81 81 public function add_meta_box_notification() { 82 if ( $this->parent->is_wp_cron_disabled() ) {83 return;84 }85 86 82 add_meta_box( 87 83 'wpscan-metabox-notification', -
wpscan/tags/1.14.2/app/Plugin.php
r2452411 r2453867 84 84 add_action( 'in_admin_header', array( $this, 'deactivate_screen' ) ); 85 85 86 // Check if wp cron is disabled87 if ( $this->is_wp_cron_disabled() ) {88 add_action( 'admin_notices', array( $this, 'wp_cron_alert' ) );89 }90 91 86 if ( defined( 'WPSCAN_API_TOKEN' ) ) { 92 87 add_action( 'admin_init', array( $this, 'api_token_from_constant' ) ); … … 158 153 include_once plugin_dir_path( WPSCAN_PLUGIN_FILE ) . 'views/deactivate.php'; 159 154 } 160 }161 162 /**163 * Check if WP-Cron is disabled164 *165 * @since 1.14.0166 * @access public167 * @return bool168 */169 public function is_wp_cron_disabled() {170 return defined('DISABLE_WP_CRON') && DISABLE_WP_CRON;171 }172 173 /**174 * Display cron disabled alert175 *176 * @since 1.14.0177 * @access public178 * @return void179 */180 public function wp_cron_alert() {181 echo "<div class='notice notice-error'><p>". __( 'WP-Cron has been disabled in the wp-config.php file using the <code>DISABLE_WP_CRON</code> constant. Automated scans and other features that rely on cron will not work.', 'wpscan' ) ."</p></div>";182 155 } 183 156 -
wpscan/tags/1.14.2/app/Settings.php
r2452411 r2453867 30 30 add_action( 'admin_notices', array( $this, 'got_api_token' ) ); 31 31 add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue' ) ); 32 33 if ( ! $this->parent->is_wp_cron_disabled() ) { 34 add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 35 add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 36 add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 ); 37 } 38 32 add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 33 add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 34 add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 ); 39 35 add_action( 'update_option_' . $this->parent->OPT_IGNORE_ITEMS, array( $this, 'update_ignored_items' ), 10, 2 ); 40 36 } … … 85 81 86 82 register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS ); 87 88 if ( ! $this->parent->is_wp_cron_disabled() ) { 89 register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); 90 register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); 91 } 83 register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); 84 register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); 92 85 93 86 $section = $this->page . '_section'; … … 108 101 ); 109 102 110 if ( ! $this->parent->is_wp_cron_disabled() ) { 111 112 add_settings_field( 113 $this->parent->OPT_SCANNING_INTERVAL, 114 __( 'Automated Scanning', 'wpscan' ), 115 array( $this, 'field_scanning_interval' ), 116 $this->page, 117 $section 118 ); 119 120 add_settings_field( 121 $this->parent->OPT_SCANNING_TIME, 122 __( 'Scanning Time', 'wpscan' ), 123 array( $this, 'field_scanning_time' ), 124 $this->page, 125 $section 126 ); 127 128 } 103 add_settings_field( 104 $this->parent->OPT_SCANNING_INTERVAL, 105 __( 'Automated Scanning', 'wpscan' ), 106 array( $this, 'field_scanning_interval' ), 107 $this->page, 108 $section 109 ); 110 111 add_settings_field( 112 $this->parent->OPT_SCANNING_TIME, 113 __( 'Scanning Time', 'wpscan' ), 114 array( $this, 'field_scanning_time' ), 115 $this->page, 116 $section 117 ); 129 118 130 119 add_settings_field( -
wpscan/tags/1.14.2/app/Summary.php
r2452411 r2453867 101 101 </p> 102 102 103 <?php if ( ! $this->parent->is_wp_cron_disabled() &&wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>103 <?php if ( wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?> 104 104 <p> 105 105 <?php _e( 'The next scan will automatically be run on ', 'wpscan' ) ?> -
wpscan/tags/1.14.2/readme.txt
r2452843 r2453867 4 4 Requires at least: 3.4 5 5 Tested up to: 5.6 6 Stable tag: 1.14. 16 Stable tag: 1.14.2 7 7 Requires PHP: 5.5 8 8 License: GPLv3 … … 78 78 79 79 == Changelog == 80 81 = 1.14.2 = 82 83 * Revert DISABLE_WP_CRON check 84 * Fix HTTPS check 80 85 81 86 = 1.14.1 = -
wpscan/tags/1.14.2/security-checks/https/check.php
r2452411 r2453867 61 61 $vulnerabilities = $this->get_vulnerabilities(); 62 62 63 // The current page is using HTTPS. 64 if ( is_ssl() ) { 65 $wp_url = get_bloginfo( 'wpurl' ); 66 $site_url = get_bloginfo( 'url' ); 63 $wp_url = get_bloginfo( 'wpurl' ); 64 $site_url = get_bloginfo( 'url' ); 67 65 68 // Is the configured WordPress URL using HTTPS? 69 if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { 70 $this->add_vulnerability( __( 'The website seems to support HTTPS but it is not configured to be used by default', 'wpscan' ), 'medium', 'https' ); 71 } 72 } else { 66 // Check if the current page is using HTTPS. 67 if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { 73 68 // No HTTPS used. 74 69 $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications', 'wpscan' ), 'high', 'https' ); -
wpscan/tags/1.14.2/wpscan.php
r2452843 r2453867 4 4 * Plugin URI: http://wordpress.org/plugins/wpscan/ 5 5 * Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database. 6 * Version: 1.14. 16 * Version: 1.14.2 7 7 * Author: WPScan Team 8 8 * Author URI: https://wpscan.com/ -
wpscan/trunk/app/Notification.php
r2452411 r2453867 80 80 */ 81 81 public function add_meta_box_notification() { 82 if ( $this->parent->is_wp_cron_disabled() ) {83 return;84 }85 86 82 add_meta_box( 87 83 'wpscan-metabox-notification', -
wpscan/trunk/app/Plugin.php
r2452411 r2453867 84 84 add_action( 'in_admin_header', array( $this, 'deactivate_screen' ) ); 85 85 86 // Check if wp cron is disabled87 if ( $this->is_wp_cron_disabled() ) {88 add_action( 'admin_notices', array( $this, 'wp_cron_alert' ) );89 }90 91 86 if ( defined( 'WPSCAN_API_TOKEN' ) ) { 92 87 add_action( 'admin_init', array( $this, 'api_token_from_constant' ) ); … … 158 153 include_once plugin_dir_path( WPSCAN_PLUGIN_FILE ) . 'views/deactivate.php'; 159 154 } 160 }161 162 /**163 * Check if WP-Cron is disabled164 *165 * @since 1.14.0166 * @access public167 * @return bool168 */169 public function is_wp_cron_disabled() {170 return defined('DISABLE_WP_CRON') && DISABLE_WP_CRON;171 }172 173 /**174 * Display cron disabled alert175 *176 * @since 1.14.0177 * @access public178 * @return void179 */180 public function wp_cron_alert() {181 echo "<div class='notice notice-error'><p>". __( 'WP-Cron has been disabled in the wp-config.php file using the <code>DISABLE_WP_CRON</code> constant. Automated scans and other features that rely on cron will not work.', 'wpscan' ) ."</p></div>";182 155 } 183 156 -
wpscan/trunk/app/Settings.php
r2452411 r2453867 30 30 add_action( 'admin_notices', array( $this, 'got_api_token' ) ); 31 31 add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue' ) ); 32 33 if ( ! $this->parent->is_wp_cron_disabled() ) { 34 add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 35 add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 36 add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 ); 37 } 38 32 add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 33 add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 ); 34 add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 ); 39 35 add_action( 'update_option_' . $this->parent->OPT_IGNORE_ITEMS, array( $this, 'update_ignored_items' ), 10, 2 ); 40 36 } … … 85 81 86 82 register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS ); 87 88 if ( ! $this->parent->is_wp_cron_disabled() ) { 89 register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); 90 register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); 91 } 83 register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' ); 84 register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' ); 92 85 93 86 $section = $this->page . '_section'; … … 108 101 ); 109 102 110 if ( ! $this->parent->is_wp_cron_disabled() ) { 111 112 add_settings_field( 113 $this->parent->OPT_SCANNING_INTERVAL, 114 __( 'Automated Scanning', 'wpscan' ), 115 array( $this, 'field_scanning_interval' ), 116 $this->page, 117 $section 118 ); 119 120 add_settings_field( 121 $this->parent->OPT_SCANNING_TIME, 122 __( 'Scanning Time', 'wpscan' ), 123 array( $this, 'field_scanning_time' ), 124 $this->page, 125 $section 126 ); 127 128 } 103 add_settings_field( 104 $this->parent->OPT_SCANNING_INTERVAL, 105 __( 'Automated Scanning', 'wpscan' ), 106 array( $this, 'field_scanning_interval' ), 107 $this->page, 108 $section 109 ); 110 111 add_settings_field( 112 $this->parent->OPT_SCANNING_TIME, 113 __( 'Scanning Time', 'wpscan' ), 114 array( $this, 'field_scanning_time' ), 115 $this->page, 116 $section 117 ); 129 118 130 119 add_settings_field( -
wpscan/trunk/app/Summary.php
r2452411 r2453867 101 101 </p> 102 102 103 <?php if ( ! $this->parent->is_wp_cron_disabled() &&wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>103 <?php if ( wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?> 104 104 <p> 105 105 <?php _e( 'The next scan will automatically be run on ', 'wpscan' ) ?> -
wpscan/trunk/readme.txt
r2452843 r2453867 4 4 Requires at least: 3.4 5 5 Tested up to: 5.6 6 Stable tag: 1.14. 16 Stable tag: 1.14.2 7 7 Requires PHP: 5.5 8 8 License: GPLv3 … … 78 78 79 79 == Changelog == 80 81 = 1.14.2 = 82 83 * Revert DISABLE_WP_CRON check 84 * Fix HTTPS check 80 85 81 86 = 1.14.1 = -
wpscan/trunk/security-checks/https/check.php
r2452411 r2453867 61 61 $vulnerabilities = $this->get_vulnerabilities(); 62 62 63 // The current page is using HTTPS. 64 if ( is_ssl() ) { 65 $wp_url = get_bloginfo( 'wpurl' ); 66 $site_url = get_bloginfo( 'url' ); 63 $wp_url = get_bloginfo( 'wpurl' ); 64 $site_url = get_bloginfo( 'url' ); 67 65 68 // Is the configured WordPress URL using HTTPS? 69 if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { 70 $this->add_vulnerability( __( 'The website seems to support HTTPS but it is not configured to be used by default', 'wpscan' ), 'medium', 'https' ); 71 } 72 } else { 66 // Check if the current page is using HTTPS. 67 if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) { 73 68 // No HTTPS used. 74 69 $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications', 'wpscan' ), 'high', 'https' ); -
wpscan/trunk/wpscan.php
r2452843 r2453867 4 4 * Plugin URI: http://wordpress.org/plugins/wpscan/ 5 5 * Description: WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database. 6 * Version: 1.14. 16 * Version: 1.14.2 7 7 * Author: WPScan Team 8 8 * Author URI: https://wpscan.com/
Note: See TracChangeset
for help on using the changeset viewer.