Changeset 2453867

Timestamp:

01/11/2021 12:07:49 PM (5 years ago)

Author:

ethicalhack3r

Message:

New 1.14.2 version release

Location:

wpscan

Files:

• tags/1.14.2 (copied) (copied from wpscan/trunk)
• tags/1.14.2/app/Notification.php (modified) (1 diff)
• tags/1.14.2/app/Plugin.php (modified) (2 diffs)
• tags/1.14.2/app/Settings.php (modified) (3 diffs)
• tags/1.14.2/app/Summary.php (modified) (1 diff)
• tags/1.14.2/readme.txt (modified) (2 diffs)
• tags/1.14.2/security-checks/https/check.php (modified) (1 diff)
• tags/1.14.2/wpscan.php (modified) (1 diff)
• trunk/app/Notification.php (modified) (1 diff)
• trunk/app/Plugin.php (modified) (2 diffs)
• trunk/app/Settings.php (modified) (3 diffs)
• trunk/app/Summary.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/security-checks/https/check.php (modified) (1 diff)
• trunk/wpscan.php (modified) (1 diff)

wpscan/tags/1.14.2/app/Notification.php

@@ -80 +80 @@
      */
     public function add_meta_box_notification() {
-        if ( $this->parent->is_wp_cron_disabled() ) {
-            return;
-        }
-
         add_meta_box(
             'wpscan-metabox-notification',

wpscan/tags/1.14.2/app/Plugin.php

@@ -84 +84 @@
         add_action( 'in_admin_header', array( $this, 'deactivate_screen' ) );
 
-        // Check if wp cron is disabled
-        if ( $this->is_wp_cron_disabled() ) {
-            add_action( 'admin_notices', array( $this, 'wp_cron_alert' ) );
-        }
-
         if ( defined( 'WPSCAN_API_TOKEN' ) ) {
             add_action( 'admin_init', array( $this, 'api_token_from_constant' ) );
@@ -158 +153 @@
             include_once plugin_dir_path( WPSCAN_PLUGIN_FILE ) . 'views/deactivate.php';
         }
-    }
-
-    /**
-     * Check if WP-Cron is disabled
-     *
-     * @since 1.14.0
-     * @access public
-     * @return bool
-     */
-    public function is_wp_cron_disabled() {
-        return defined('DISABLE_WP_CRON') && DISABLE_WP_CRON;
-    }
-
-    /**
-     * Display cron disabled alert
-     *
-     * @since 1.14.0
-     * @access public
-     * @return void
-     */
-    public function wp_cron_alert() {
-        echo "<div class='notice notice-error'><p>". __( 'WP-Cron has been disabled in the wp-config.php file using the <code>DISABLE_WP_CRON</code> constant. Automated scans and other features that rely on cron will not work.', 'wpscan' ) ."</p></div>";
     }
 

wpscan/tags/1.14.2/app/Settings.php

@@ -30 +30 @@
         add_action( 'admin_notices', array( $this, 'got_api_token' ) );
         add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue' ) );
-
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-            add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
-            add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
-            add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 );
-        }
-
+        add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
+        add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
+        add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 );
         add_action( 'update_option_' . $this->parent->OPT_IGNORE_ITEMS, array( $this, 'update_ignored_items' ), 10, 2 );
     }
@@ -85 +81 @@
 
         register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS );
-
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-            register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
-            register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
-        }
+        register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
+        register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
 
         $section = $this->page . '_section';
@@ -108 +101 @@
         );
 
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-
-            add_settings_field(
-                $this->parent->OPT_SCANNING_INTERVAL,
-                __( 'Automated Scanning', 'wpscan' ),
-                array( $this, 'field_scanning_interval' ),
-                $this->page,
-                $section
-            );
-
-            add_settings_field(
-                $this->parent->OPT_SCANNING_TIME,
-                __( 'Scanning Time', 'wpscan' ),
-                array( $this, 'field_scanning_time' ),
-                $this->page,
-                $section
-            );
-
-        }
+        add_settings_field(
+            $this->parent->OPT_SCANNING_INTERVAL,
+            __( 'Automated Scanning', 'wpscan' ),
+            array( $this, 'field_scanning_interval' ),
+            $this->page,
+            $section
+        );
+
+        add_settings_field(
+            $this->parent->OPT_SCANNING_TIME,
+            __( 'Scanning Time', 'wpscan' ),
+            array( $this, 'field_scanning_time' ),
+            $this->page,
+            $section
+        );
 
         add_settings_field(

wpscan/tags/1.14.2/app/Summary.php

@@ -101 +101 @@
         </p>
 
-            <?php if ( ! $this->parent->is_wp_cron_disabled() && wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>
+            <?php if ( wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>
                 <p>
                     <?php _e( 'The next scan will automatically be run on ', 'wpscan' ) ?>

wpscan/tags/1.14.2/readme.txt

@@ -4 +4 @@
 Requires at least: 3.4
 Tested up to: 5.6
-Stable tag: 1.14.1
+Stable tag: 1.14.2
 Requires PHP: 5.5
 License: GPLv3
@@ -78 +78 @@
 
 == Changelog ==
+
+= 1.14.2 =
+
+* Revert DISABLE_WP_CRON check
+* Fix HTTPS check
 
 = 1.14.1 =

wpscan/tags/1.14.2/security-checks/https/check.php

@@ -61 +61 @@
     $vulnerabilities = $this->get_vulnerabilities();
 
-    // The current page is using HTTPS.
-    if ( is_ssl() ) {
-      $wp_url   = get_bloginfo( 'wpurl' );
-      $site_url = get_bloginfo( 'url' );
+    $wp_url   = get_bloginfo( 'wpurl' );
+    $site_url = get_bloginfo( 'url' );
 
-      // Is the configured WordPress URL using HTTPS?
-      if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
-        $this->add_vulnerability( __( 'The website seems to support HTTPS but it is not configured to be used by default', 'wpscan' ), 'medium', 'https' );
-      }
-    } else {
+    // Check if the current page is using HTTPS.
+    if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
       // No HTTPS used.
       $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications', 'wpscan' ), 'high', 'https' );

wpscan/tags/1.14.2/wpscan.php

@@ -4 +4 @@
  * Plugin URI:    http://wordpress.org/plugins/wpscan/
  * Description:   WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
- * Version:       1.14.1
+ * Version:       1.14.2
  * Author:        WPScan Team
  * Author URI:    https://wpscan.com/

wpscan/trunk/app/Notification.php

@@ -80 +80 @@
      */
     public function add_meta_box_notification() {
-        if ( $this->parent->is_wp_cron_disabled() ) {
-            return;
-        }
-
         add_meta_box(
             'wpscan-metabox-notification',

wpscan/trunk/app/Plugin.php

@@ -84 +84 @@
         add_action( 'in_admin_header', array( $this, 'deactivate_screen' ) );
 
-        // Check if wp cron is disabled
-        if ( $this->is_wp_cron_disabled() ) {
-            add_action( 'admin_notices', array( $this, 'wp_cron_alert' ) );
-        }
-
         if ( defined( 'WPSCAN_API_TOKEN' ) ) {
             add_action( 'admin_init', array( $this, 'api_token_from_constant' ) );
@@ -158 +153 @@
             include_once plugin_dir_path( WPSCAN_PLUGIN_FILE ) . 'views/deactivate.php';
         }
-    }
-
-    /**
-     * Check if WP-Cron is disabled
-     *
-     * @since 1.14.0
-     * @access public
-     * @return bool
-     */
-    public function is_wp_cron_disabled() {
-        return defined('DISABLE_WP_CRON') && DISABLE_WP_CRON;
-    }
-
-    /**
-     * Display cron disabled alert
-     *
-     * @since 1.14.0
-     * @access public
-     * @return void
-     */
-    public function wp_cron_alert() {
-        echo "<div class='notice notice-error'><p>". __( 'WP-Cron has been disabled in the wp-config.php file using the <code>DISABLE_WP_CRON</code> constant. Automated scans and other features that rely on cron will not work.', 'wpscan' ) ."</p></div>";
     }
 

wpscan/trunk/app/Settings.php

@@ -30 +30 @@
         add_action( 'admin_notices', array( $this, 'got_api_token' ) );
         add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue' ) );
-
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-            add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
-            add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
-            add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 );
-        }
-
+        add_action( 'add_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
+        add_action( 'update_option_' . $this->parent->OPT_SCANNING_INTERVAL, array( $this, 'schedule_event' ), 10, 2 );
+        add_action( 'update_option_' . $this->parent->OPT_SCANNING_TIME, array( $this, 'schedule_event' ), 10, 2 );
         add_action( 'update_option_' . $this->parent->OPT_IGNORE_ITEMS, array( $this, 'update_ignored_items' ), 10, 2 );
     }
@@ -85 +81 @@
 
         register_setting( $this->page, $this->parent->OPT_IGNORE_ITEMS );
-
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-            register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
-            register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
-        }
+        register_setting( $this->page, $this->parent->OPT_SCANNING_INTERVAL, 'sanitize_text_field' );
+        register_setting( $this->page, $this->parent->OPT_SCANNING_TIME, 'sanitize_text_field' );
 
         $section = $this->page . '_section';
@@ -108 +101 @@
         );
 
-        if ( ! $this->parent->is_wp_cron_disabled() ) {
-
-            add_settings_field(
-                $this->parent->OPT_SCANNING_INTERVAL,
-                __( 'Automated Scanning', 'wpscan' ),
-                array( $this, 'field_scanning_interval' ),
-                $this->page,
-                $section
-            );
-
-            add_settings_field(
-                $this->parent->OPT_SCANNING_TIME,
-                __( 'Scanning Time', 'wpscan' ),
-                array( $this, 'field_scanning_time' ),
-                $this->page,
-                $section
-            );
-
-        }
+        add_settings_field(
+            $this->parent->OPT_SCANNING_INTERVAL,
+            __( 'Automated Scanning', 'wpscan' ),
+            array( $this, 'field_scanning_interval' ),
+            $this->page,
+            $section
+        );
+
+        add_settings_field(
+            $this->parent->OPT_SCANNING_TIME,
+            __( 'Scanning Time', 'wpscan' ),
+            array( $this, 'field_scanning_time' ),
+            $this->page,
+            $section
+        );
 
         add_settings_field(

wpscan/trunk/app/Summary.php

@@ -101 +101 @@
         </p>
 
-            <?php if ( ! $this->parent->is_wp_cron_disabled() && wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>
+            <?php if ( wp_next_scheduled( $this->parent->WPSCAN_SCHEDULE ) ) { ?>
                 <p>
                     <?php _e( 'The next scan will automatically be run on ', 'wpscan' ) ?>

wpscan/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 3.4
 Tested up to: 5.6
-Stable tag: 1.14.1
+Stable tag: 1.14.2
 Requires PHP: 5.5
 License: GPLv3
@@ -78 +78 @@
 
 == Changelog ==
+
+= 1.14.2 =
+
+* Revert DISABLE_WP_CRON check
+* Fix HTTPS check
 
 = 1.14.1 =

wpscan/trunk/security-checks/https/check.php

@@ -61 +61 @@
     $vulnerabilities = $this->get_vulnerabilities();
 
-    // The current page is using HTTPS.
-    if ( is_ssl() ) {
-      $wp_url   = get_bloginfo( 'wpurl' );
-      $site_url = get_bloginfo( 'url' );
+    $wp_url   = get_bloginfo( 'wpurl' );
+    $site_url = get_bloginfo( 'url' );
 
-      // Is the configured WordPress URL using HTTPS?
-      if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
-        $this->add_vulnerability( __( 'The website seems to support HTTPS but it is not configured to be used by default', 'wpscan' ), 'medium', 'https' );
-      }
-    } else {
+    // Check if the current page is using HTTPS.
+    if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
       // No HTTPS used.
       $this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications', 'wpscan' ), 'high', 'https' );

wpscan/trunk/wpscan.php

@@ -4 +4 @@
  * Plugin URI:    http://wordpress.org/plugins/wpscan/
  * Description:   WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
- * Version:       1.14.1
+ * Version:       1.14.2
  * Author:        WPScan Team
  * Author URI:    https://wpscan.com/