Changeset 3353611
- Timestamp:
- 09/01/2025 03:55:36 AM (6 months ago)
- Location:
- cloudsecure-wp-security/trunk
- Files:
-
- 6 edited
-
cloudsecure-wp.php (modified) (1 diff)
-
modules/cloudsecure-wp.php (modified) (1 diff)
-
modules/restrict-admin-page.php (modified) (1 diff)
-
modules/two-factor-authentication.php (modified) (2 diffs)
-
modules/waf-engine.php (modified) (13 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
cloudsecure-wp-security/trunk/cloudsecure-wp.php
r3341484 r3353611 14 14 * Plugin URI: https://wpplugin.cloudsecure.ne.jp/cloudsecure_wp_security 15 15 * Description: 管理画面とログインURLをサイバー攻撃から守る、安心の国産・日本語対応プラグインです。かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護し、セキュリティが向上します。また、各機能の有効・無効(ON・OFF)や設定などをお好みにカスタマイズし、いつでも保護状態を管理できます。 16 * Version: 1.3.1 716 * Version: 1.3.18 17 17 * Requires PHP: 7.1 18 18 * Author: CloudSecure,Inc. -
cloudsecure-wp-security/trunk/modules/cloudsecure-wp.php
r3341484 r3353611 23 23 require_once __DIR__ . '/two-factor-authentication.php'; 24 24 require_once __DIR__ . '/server-error-notification.php'; 25 require_once __DIR__ . '/lib/class-waf-rules.php'; 25 26 require_once __DIR__ . '/waf-engine.php'; 26 27 require_once __DIR__ . '/waf.php'; 27 require_once __DIR__ . '/lib/class-waf-rules.php';28 28 require_once __DIR__ . '/disable-access-system-file.php'; 29 29 require_once __DIR__ . '/lib/class-disable-access-system-file-rules.php'; -
cloudsecure-wp-security/trunk/modules/restrict-admin-page.php
r3153634 r3353611 155 155 */ 156 156 public function get_exclude_paths(): array { 157 return $this->config->get( self::KEY_PATHS ?? array());157 return $this->config->get( self::KEY_PATHS ) ?? array(); 158 158 } 159 159 -
cloudsecure-wp-security/trunk/modules/two-factor-authentication.php
r3341484 r3353611 143 143 // 2段階認証が無効なとき 144 144 if ( ! $this->is_enabled() ) { 145 return; 146 } 147 148 if ( ! isset( $user->roles[0] ) ) { 145 149 return; 146 150 } … … 254 258 public function redirect_if_not_two_factor_authentication_registered( $user_login, $user ) { 255 259 $secret = get_user_option( 'cloudsecurewp_two_factor_authentication_secret', $user->ID ); 256 if ( $this->is_enabled() && $this->is_role_enabled( $user->roles[0] ) && ! $secret && $_SERVER['REQUEST_URI'] !== '/wp-admin/admin.php?page=cloudsecurewp_two_factor_authentication_registration' ) { 257 wp_redirect( admin_url( 'admin.php?page=cloudsecurewp_two_factor_authentication_registration' ) ); 258 exit; 260 261 if ( isset( $user->roles[0] ) ) { 262 if ( $this->is_enabled() && $this->is_role_enabled( $user->roles[0] ) && ! $secret && $_SERVER['REQUEST_URI'] !== '/wp-admin/admin.php?page=cloudsecurewp_two_factor_authentication_registration' ) { 263 wp_redirect( admin_url( 'admin.php?page=cloudsecurewp_two_factor_authentication_registration' ) ); 264 exit; 265 } 259 266 } 260 267 } -
cloudsecure-wp-security/trunk/modules/waf-engine.php
r3274035 r3353611 506 506 */ 507 507 public function check_request_item_value( $waf_rule, $request_items_key, $request_items_value, $variable ): array { 508 $results['is_matched'] = false; 508 $results = array( 509 'is_matched' => false, 510 'match_string' => '' 511 ); 509 512 $matches = array(); 510 513 … … 536 539 */ 537 540 public function check_request_item_key( $waf_rule, $request_items_key, $variable ): array { 538 $results['is_matched'] = false; 539 $matches = array(); 541 $results = array( 542 'is_matched' => false, 543 'match_string' => '' 544 ); 545 $matches = array(); 540 546 541 547 // リクエスト情報配列のkeyの変換 … … 650 656 if ( preg_match( '/wp-admin\/customize\.php|customize_changeset_uuid/', $_SERVER['HTTP_REFERER'] ?? '' ) === 1 ) { 651 657 if ( in_array( $rule_id, $remove_rules['ajax_customize'], true ) ) { 652 if ( isset( $request_items['args']['customize_autosaved'] ) || isset( $request_items['args']['wp_customize'] ) ) { 653 if ( $request_items['args']['customize_autosaved'] === 'on' || $request_items['args']['wp_customize'] === 'on' ) { 654 $is_rule_removed = true; 655 } 658 if ( ( $request_items['args']['customize_autosaved'] ?? '' ) === 'on' || ( $request_items['args']['wp_customize'] ?? '' ) === 'on' ) { 659 $is_rule_removed = true; 656 660 } 657 661 } … … 671 675 } elseif ( preg_match( '/wp-admin\/post\.php/', $request_items['request_filename'] ) === 1 ) { 672 676 if ( in_array( $rule_id, $remove_rules['rest_api'], true ) ) { 673 if ( isset( $request_items['args']['action'] ) ) { 674 if ( $request_items['args']['action'] === 'editpost' ) { 675 $is_rule_removed = true; 676 } 677 if ( ( $request_items['args']['action'] ?? '' ) === 'editpost' ) { 678 $is_rule_removed = true; 677 679 } 678 680 } … … 725 727 if ( preg_match( '/wp-admin\/admin\.php\?page\=theme-(settings|func-text|ranking|affiliate-tag)/', $_SERVER['HTTP_REFERER'] ?? '' ) === 1 ) { 726 728 if ( in_array( $rule_id, $remove_rules['coccon'], true ) ) { 727 if ( isset( $request_items['args']['action'] ) ) { 728 if ( $request_items['args']['action'] === 'new' || $request_items['args']['action'] === 'edit' ) { 729 $is_rule_removed = true; 730 } 729 $action = $request_items['args']['action'] ?? ''; 730 if ( $action === 'new' || $action === 'edit' ) { 731 $is_rule_removed = true; 731 732 } 732 733 … … 742 743 if ( preg_match( '/wp-admin\/admin.php\?page\=emanon_setting_page/', $_SERVER['HTTP_REFERER'] ?? '' ) === 1 ) { 743 744 if ( in_array( $rule_id, $remove_rules['emanon'], true ) ) { 744 if ( isset( $request_items['args']['action'] ) ) { 745 if ( $request_items['args']['action'] === 'delete_transients_emanon_setting' ) { 746 $is_rule_removed = true; 747 } 745 if ( ( $request_items['args']['action'] ?? '' ) === 'delete_transients_emanon_setting' ) { 746 $is_rule_removed = true; 748 747 } 749 748 } … … 764 763 if ( preg_match( '/wp-admin\/admin.php\?page\=vkExUnit_css_customize/', $_SERVER['REQUEST_URI'] ?? '' ) === 1 ) { 765 764 if ( in_array( $rule_id, $remove_rules['vkexunit'], true ) ) { 766 if ( isset( $request_items['args']['_wp_http_referer'] ) ) { 767 if ( strpos( $request_items['args']['_wp_http_referer'], '/wp-admin/admin.php?page=vkExUnit_css_customize' ) !== false ) { 768 $is_rule_removed = true; 769 } 765 $wp_http_referer = $request_items['args']['_wp_http_referer'] ?? ''; 766 if ( strpos( $wp_http_referer, '/wp-admin/admin.php?page=vkExUnit_css_customize' ) !== false ) { 767 $is_rule_removed = true; 770 768 } 771 769 } … … 777 775 if ( preg_match( '/wp-admin\/admin.php\?page\=nishiki-pro-general\.php/', $_SERVER['HTTP_REFERER'] ?? '' ) === 1 ) { 778 776 if ( in_array( $rule_id, $remove_rules['nishiki'], true ) ) { 779 if ( isset( $request_items['args']['action'] ) ) { 780 if ( $request_items['args']['action'] === 'update' ) { 781 $is_rule_removed = true; 782 } 777 if ( ( $request_items['args']['action'] ?? '' ) === 'update' ) { 778 $is_rule_removed = true; 783 779 } 784 780 } … … 790 786 if ( preg_match( '/wp-admin\/admin.php\?page\=swell_settings_editor/', $_SERVER['HTTP_REFERER'] ?? '' ) === 1 ) { 791 787 if ( in_array( $rule_id, $remove_rules['swell'], true ) ) { 792 if ( isset( $request_items['args']['action'] ) ) { 793 if ( $request_items['args']['action'] === 'update' ) { 794 $is_rule_removed = true; 795 } 788 if ( ( $request_items['args']['action'] ?? '' ) === 'update' ) { 789 $is_rule_removed = true; 796 790 } 797 791 } … … 803 797 if ( preg_match( '/wp-admin\/comment\.php/', $request_items['request_filename'] ?? '' ) === 1 ) { 804 798 if ( in_array( $rule_id, $remove_rules['comment'], true ) ) { 805 if ( isset( $request_items['args']['action'] ) ) { 806 if ( $request_items['args']['action'] === 'editedcomment' ) { 807 $is_rule_removed = true; 808 } 799 if ( ( $request_items['args']['action'] ?? '' ) === 'editedcomment' ) { 800 $is_rule_removed = true; 809 801 } 810 802 } … … 816 808 if ( preg_match( '/wp-admin\/admin-ajax\.php/', $request_items['request_filename'] ) === 1 ) { 817 809 if ( in_array( $rule_id, $remove_rules['ajax_editor'], true ) ) { 818 if ( isset( $request_items['args']['_wp_http_referer'] ) ) { 819 if ( preg_match( '/theme-editor(\.php)?|plugin-editor(\.php)?/', $request_items['args']['_wp_http_referer'] ) === 1 ) { 820 $is_rule_removed = true; 821 } 810 $wp_http_referer = $request_items['args']['_wp_http_referer'] ?? ''; 811 if ( preg_match( '/theme-editor(\.php)?|plugin-editor(\.php)?/', $wp_http_referer ) === 1 ) { 812 $is_rule_removed = true; 822 813 } 823 814 824 815 // オートセーブ時 825 if ( isset( $request_items['args']['screen_id'] ) ) { 826 if ( preg_match( '/theme-editor(\.php)?|plugin-editor(\.php)?/', $request_items['args']['screen_id'] ) === 1 ) { 827 $is_rule_removed = true; 828 } 816 $screen_id = $request_items['args']['screen_id'] ?? ''; 817 if ( preg_match( '/theme-editor(\.php)?|plugin-editor(\.php)?/', $screen_id ) === 1 ) { 818 $is_rule_removed = true; 829 819 } 830 820 } … … 861 851 $post_content = unserialize( $result->post_content, [ 'allowed_classes' => false ] ); 862 852 863 if ( ! is_array( $post_content) ) {853 if ( is_array( $post_content ) && isset( $post_content['post_type'] ) ) { 864 854 $acf_post_types[] = $post_content['post_type']; 865 855 } … … 888 878 $skipafter = ''; 889 879 $chain_items = array(); 880 $tmp_match_results = array(); 890 881 891 882 // Advanced Custom Fieldsプラグイン除外対応で追加 -
cloudsecure-wp-security/trunk/readme.txt
r3341484 r3353611 4 4 Requires at least: 5.3.15 5 5 Tested up to: 6.8 6 Stable tag: 1.3.1 76 Stable tag: 1.3.18 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 107 107 == Changelog == 108 108 109 = 1.3.18 = 110 * 軽微な修正 111 109 112 = 1.3.17 = 110 113 * 2段階認証機能に関する不具合を修正
Note: See TracChangeset
for help on using the changeset viewer.