Changeset 3402189

Timestamp:

11/25/2025 04:30:15 AM (3 weeks ago)

Author:

ishitaka

Message:

Update to version 3.10.6 from GitHub

Location:

xo-security

Files:

• tags/3.10.6 (copied) (copied from xo-security/trunk)
• tags/3.10.6/inc/class-xo-security.php (modified) (2 diffs)
• tags/3.10.6/readme.txt (modified) (2 diffs)
• tags/3.10.6/xo-security.php (modified) (2 diffs)
• trunk/inc/class-xo-security.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/xo-security.php (modified) (2 diffs)

xo-security/tags/3.10.6/inc/class-xo-security.php

@@ -786 +786 @@
             $loginfile     = $this->options['login_page_name'] . '.php';
             $formated_path = '/' . ltrim( $path, '/' );
-            if ( '/wp-login.php' === $formated_path || preg_match( '#/wp-login\.php\?action=\w+#', $formated_path ) ) {
+            $pattern       = '#/wp-login\.php(\?action=\w+(&key=[^&]+&login=[^&]+)?)?#';
+
+            if ( '/wp-login.php' === $formated_path || preg_match( $pattern, $formated_path ) ) {
                 $url = $this->get_login_url( $url, $loginfile );
             } elseif ( is_multisite() && ! is_subdomain_install() ) {
-                $blog = get_site( $blog_id );
-                if ( $blog->path . 'wp-login.php' === $formated_path || preg_match( '#' . $blog->path . 'wp-login\.php\?action=\w+#', $formated_path ) ) {
+                $blog              = get_site( $blog_id );
+                $multisite_pattern = '#' . preg_quote( $blog->path, '#' ) . 'wp-login\.php(\?action=\w+(&key=[^&]+&login=[^&]+)?)?#';
+                if ( $blog->path . 'wp-login.php' === $formated_path || preg_match( $multisite_pattern, $formated_path ) ) {
                     $url = $this->get_login_url( $url, $loginfile );
                 }
@@ -831 +834 @@
 
         $login_page_filename = ( isset( $this->options['login_page_name'] ) ? $this->options['login_page_name'] . '.php' : '' );
-        if ( basename($wp->request) === $login_page_filename ) {
+        if ( basename( $wp->request ) === $login_page_filename ) {
             $path = ABSPATH . $login_page_filename;
             if ( ! file_exists( $path ) ) {

xo-security/tags/3.10.6/readme.txt

@@ -5 +5 @@
 Tested up to: 6.9
 Requires PHP: 5.6
-Stable tag: 3.10.5
+Stable tag: 3.10.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -72 +72 @@
 == Changelog ==
 
+= 3.10.6 =
+
+* Fixed an issue where the URL in the email sent when resetting a password was incorrect when changing the login page.
+
 = 3.10.5 =
 

xo-security/tags/3.10.6/xo-security.php

@@ -11 +11 @@
  * Plugin URI:        https://xakuro.com/wordpress/xo-security/
  * Description:       XO Security is a plugin to enhance login related security.
- * Version:           3.10.5
+ * Version:           3.10.6
  * Requires at least: 4.9
  * Requires PHP:      5.6
@@ -25 +25 @@
 }
 
-define( 'XO_SECURITY_VERSION', '3.10.5' );
+define( 'XO_SECURITY_VERSION', '3.10.6' );
 define( 'XO_SECURITY_URL', plugins_url( '', __FILE__ ) );
 define( 'XO_SECURITY_DIR', __DIR__ );

xo-security/trunk/inc/class-xo-security.php

@@ -786 +786 @@
             $loginfile     = $this->options['login_page_name'] . '.php';
             $formated_path = '/' . ltrim( $path, '/' );
-            if ( '/wp-login.php' === $formated_path || preg_match( '#/wp-login\.php\?action=\w+#', $formated_path ) ) {
+            $pattern       = '#/wp-login\.php(\?action=\w+(&key=[^&]+&login=[^&]+)?)?#';
+
+            if ( '/wp-login.php' === $formated_path || preg_match( $pattern, $formated_path ) ) {
                 $url = $this->get_login_url( $url, $loginfile );
             } elseif ( is_multisite() && ! is_subdomain_install() ) {
-                $blog = get_site( $blog_id );
-                if ( $blog->path . 'wp-login.php' === $formated_path || preg_match( '#' . $blog->path . 'wp-login\.php\?action=\w+#', $formated_path ) ) {
+                $blog              = get_site( $blog_id );
+                $multisite_pattern = '#' . preg_quote( $blog->path, '#' ) . 'wp-login\.php(\?action=\w+(&key=[^&]+&login=[^&]+)?)?#';
+                if ( $blog->path . 'wp-login.php' === $formated_path || preg_match( $multisite_pattern, $formated_path ) ) {
                     $url = $this->get_login_url( $url, $loginfile );
                 }
@@ -831 +834 @@
 
         $login_page_filename = ( isset( $this->options['login_page_name'] ) ? $this->options['login_page_name'] . '.php' : '' );
-        if ( basename($wp->request) === $login_page_filename ) {
+        if ( basename( $wp->request ) === $login_page_filename ) {
             $path = ABSPATH . $login_page_filename;
             if ( ! file_exists( $path ) ) {

xo-security/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 6.9
 Requires PHP: 5.6
-Stable tag: 3.10.5
+Stable tag: 3.10.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -72 +72 @@
 == Changelog ==
 
+= 3.10.6 =
+
+* Fixed an issue where the URL in the email sent when resetting a password was incorrect when changing the login page.
+
 = 3.10.5 =
 

xo-security/trunk/xo-security.php

@@ -11 +11 @@
  * Plugin URI:        https://xakuro.com/wordpress/xo-security/
  * Description:       XO Security is a plugin to enhance login related security.
- * Version:           3.10.5
+ * Version:           3.10.6
  * Requires at least: 4.9
  * Requires PHP:      5.6
@@ -25 +25 @@
 }
 
-define( 'XO_SECURITY_VERSION', '3.10.5' );
+define( 'XO_SECURITY_VERSION', '3.10.6' );
 define( 'XO_SECURITY_URL', plugins_url( '', __FILE__ ) );
 define( 'XO_SECURITY_DIR', __DIR__ );