Changeset 3410920

Timestamp:

12/04/2025 12:47:52 PM (10 days ago)

Author:

domainsupport

Message:

Tagging version 1.5.5

Location:

block-wp-login

Files:

• tags/1.5.5 (copied) (copied from block-wp-login/trunk)
• tags/1.5.5/block-wp-login.php (copied) (copied from block-wp-login/trunk/block-wp-login.php) (27 diffs)
• tags/1.5.5/includes (copied) (copied from block-wp-login/trunk/includes)
• tags/1.5.5/includes/class-bwpl-common.php (copied) (copied from block-wp-login/trunk/includes/class-bwpl-common.php) (29 diffs)
• tags/1.5.5/includes/class-webd.php (deleted)
• tags/1.5.5/includes/customize-controls.js (copied) (copied from block-wp-login/trunk/includes/customize-controls.js)
• tags/1.5.5/readme.txt (copied) (copied from block-wp-login/trunk/readme.txt) (3 diffs)
• trunk/block-wp-login.php (modified) (27 diffs)
• trunk/includes/class-bwpl-common.php (modified) (29 diffs)
• trunk/readme.txt (modified) (3 diffs)

block-wp-login/tags/1.5.5/block-wp-login.php

@@ -2 +2 @@
 /*
  * Plugin Name: Block wp-login
- * Version: 1.5.4
+ * Version: 1.5.5
  * Plugin URI: https://webd.uk/support/
  * Description: This plugin completely blocks access to wp-login.php and creates a new secret login URL
  * Author: Webd Ltd
  * Author URI: https://webd.uk
+ * License: GPLv2 or later
+ * License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
  * Text Domain: block-wp-login
  */
@@ -13 +15 @@
 
 if (!defined('ABSPATH')) {
-    exit(__('This isn\'t the page you\'re looking for. Move along, move along.', 'block-wp-login'));
+    exit(esc_html(__('This isn\'t the page you\'re looking for. Move along, move along.', 'block-wp-login')));
 }
 
@@ -22 +24 @@
     class bwpl_class {
 
-        public static $version = '1.5.4';
+        public static $version = '1.5.5';
 
         private $bwpl_new_slug = '';
@@ -73 +75 @@
         function bwpl_configure_slug() {
 
-            if (isset($_POST['bwpl_nonce']) && wp_verify_nonce($_POST['bwpl_nonce'], 'bwpl_slug_change') && isset($_POST['bwpl_slug']) && current_user_can('manage_options')) {
-
-                $this->bwpl_new_slug = trim(sanitize_key(wp_strip_all_tags($_POST['bwpl_slug'])));
+            if (isset($_POST['bwpl_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['bwpl_nonce'])), 'bwpl_slug_change') && isset($_POST['bwpl_slug']) && current_user_can('manage_options')) {
+
+                $this->bwpl_new_slug = trim(sanitize_key(wp_strip_all_tags(wp_unslash($_POST['bwpl_slug']))));
 
                 if ($this->bwpl_new_slug) {
 
+                    $notify = (isset($_POST['bwpl_notify']) && 'true' === $_POST['bwpl_notify']);
                     $this->bwpl_uninstall();
-                    $this->bwpl_install();
+                    $this->bwpl_install(false, $notify);
 
                 } else {
@@ -126 +129 @@
                 if (
                     isset($_POST['bwpl_unknown_admin']) &&
-                    $_POST['bwpl_unknown_admin'] &&
+                    sanitize_text_field(wp_unslash($_POST['bwpl_unknown_admin'])) &&
                     isset($_POST['bwpl_known_ips']) &&
-                    $_POST['bwpl_known_ips']
+                    sanitize_textarea_field(wp_unslash($_POST['bwpl_known_ips']))
                 ) {
 
-                    $known_ips = preg_split('/\r\n|[\r\n]/', $_POST['bwpl_known_ips']);
+                    $known_ips = preg_split('/\r\n|[\r\n]/', sanitize_textarea_field(wp_unslash($_POST['bwpl_known_ips'])));
 
                     foreach ($known_ips AS $key => $known_ip) {
@@ -187 +190 @@
             for ($i = 0; $i < 8; $i++) {
 
-                $randomString .= $characters[rand(0, strlen($characters) - 1)];
+                $randomString .= $characters[wp_rand(0, strlen($characters) - 1)];
 
             }
 
 ?>
-<input id="bwpl_slug" name="bwpl_slug" type="text" class="regular-text code" value="<?php echo get_option('bwpl_slug'); ?>" />
+<input id="bwpl_slug" name="bwpl_slug" type="text" class="regular-text code" value="<?php echo esc_attr(get_option('bwpl_slug')); ?>" />
 
 <script type="text/javascript">
@@ -206 +209 @@
 <p><?php esc_html_e('To change your WordPress login address, enter your chosen slug above. Leave it blank to enable the default login address.', 'block-wp-login'); ?></p>
 
-<p><?php printf(esc_html__('%1$sClick here%2$s to generate a random login address.', 'block-wp-login'),'<a href="javascript:void(0)" class="randomlogin">','</a>'); ?></p>
+<p><a href="javascript:void(0)" class="randomlogin"><?php echo esc_html(__('Click here', 'block-wp-login')); ?></a> <?php echo esc_html(__('to generate a random login address.', 'block-wp-login')); ?></p>
 
 <script type="text/javascript">
@@ -217 +220 @@
     jQuery('#bwpl_slug').val(result);
     alert(<?php echo json_encode(__('WARNING! DO NOT LOCK YOURSELF OUT! Your new login address will be', 'block-wp-login') . ' ' . get_site_url() . '/'); ?> + result + '/');
-    jQuery('#bwpl_slug').val(result);
+    jQuery('#bwpl_notify').prop('checked', true);
 });
 </script>
@@ -225 +228 @@
             if (get_option('bwpl_slug')) {
 
-                echo get_site_url(null, (get_option('bwpl_slug') . '/'));
+                echo esc_url(get_site_url(null, (get_option('bwpl_slug') . '/')));
 
             } else {
 
-                echo get_site_url(null, 'wp-login.php');
+                echo esc_url(get_site_url(null, 'wp-login.php'));
 
             } ?></p>
@@ -257 +260 @@
 <p><strong><?php esc_html_e('Please Note: ', 'block-wp-login'); ?></strong><?php
 
-                printf(
+                echo wp_kses(sprintf(
+/* translators: link to plugin install page */
                     __('To lock down your website to only serve legitimate content, please take a look at our new plugin "%s".', 'block-wp-login'),
-                    '<a href="' . esc_url(add_query_arg(array('s' => 'deny-all-firewall+genuine', 'tab' => 'search', 'type' => 'term'), self_admin_url('plugin-install.php'))) . '" title="' . __('Deny All Firewall', 'block-wp-login') . '">' . __('Deny All Firewall', 'block-wp-login') . '</a>'
-                );
+                    '<a href="' . esc_url(add_query_arg(array('s' => 'deny-all-firewall+genuine', 'tab' => 'search', 'type' => 'term'), self_admin_url('plugin-install.php'))) . '" title="' . esc_attr(__('Deny All Firewall', 'block-wp-login')) . '">' . __('Deny All Firewall', 'block-wp-login') . '</a>'
+                ), 'post');
 
 ?></p>
@@ -287 +291 @@
         }
 
-        function bwpl_install($new_version = false) {
-
-            if ($new_version || (isset($_POST['bwpl_notify']) && 'true' === $_POST['bwpl_notify'])) {
+        function bwpl_install($new_version = false, $notify = true) {
+
+            global $wp_filesystem;
+
+            if (!$wp_filesystem) {
+
+                require_once (ABSPATH . '/wp-admin/includes/file.php');
+
+                WP_Filesystem();
+
+            }
+
+            if ($new_version || $notify) {
 
                 $this->bwpl_send_emails($new_version);
@@ -301 +315 @@
                 $content = implode($this->bwpl_new_slug . '-wp-login.php', $content_chunks);
 
-                if ((!file_exists(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php') && is_writable(bwplCommon::get_home_path())) || is_writable(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php')) {
+                if ((!file_exists(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php') && $wp_filesystem->is_writable(bwplCommon::get_home_path())) || $wp_filesystem->is_writable(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php')) {
 
                     file_put_contents(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php', $content);
@@ -309 +323 @@
             }
 
-            if ((!file_exists(bwplCommon::get_home_path() . '.htaccess') && is_writable(bwplCommon::get_home_path())) || is_writable(bwplCommon::get_home_path() . '.htaccess')) {
+            if ((!file_exists(bwplCommon::get_home_path() . '.htaccess') && $wp_filesystem->is_writable(bwplCommon::get_home_path())) || $wp_filesystem->is_writable(bwplCommon::get_home_path() . '.htaccess')) {
 
                 $markerdata = file(bwplCommon::get_home_path() . '.htaccess');
@@ -346 +360 @@
                     }
 
-                    $f = @fopen(bwplCommon::get_home_path() . '.htaccess', 'w');
-                    fwrite($f, $newdata);
+                    $wp_filesystem->put_contents(
+                        bwplCommon::get_home_path() . '.htaccess',
+                        $newdata,
+                        FS_CHMOD_FILE
+                    );
 
                 }
@@ -361 +378 @@
 ?>
 <div class="notice notice-success">
-    <p><?php printf(esc_html__('%1$sBlock wp-login%2$s activated. ', 'block-wp-login'),'<strong>','</strong>'); ?><a href="<?php echo admin_url('options-permalink.php'); ?>"><?php esc_html_e('Configure the plugin here.', 'block-wp-login'); ?></a></p>
+    <p><?php
+/* translators: <strong> HTML tags */
+echo wp_kses(sprintf(__('%1$sBlock wp-login%2$s activated. ', 'block-wp-login'),'<strong>','</strong>'), 'post'); ?><a href="<?php echo esc_url(admin_url('options-permalink.php')); ?>"><?php esc_html_e('Configure the plugin here.', 'block-wp-login'); ?></a></p>
 </div>
 <?php
@@ -369 +388 @@
         function bwpl_uninstall() {
 
-            if (is_writable(bwplCommon::get_home_path() . '.htaccess')) {
+            global $wp_filesystem;
+
+            if (!$wp_filesystem) {
+
+                require_once (ABSPATH . '/wp-admin/includes/file.php');
+
+                WP_Filesystem();
+
+            }
+
+            if ($wp_filesystem->is_writable(bwplCommon::get_home_path() . '.htaccess')) {
 
                 $markerdata = file(bwplCommon::get_home_path() . '.htaccess');
@@ -424 +453 @@
                     }
 
-                    $f = @fopen(bwplCommon::get_home_path() . '.htaccess', 'w');
-                    fwrite($f, $newdata);
+                    $wp_filesystem->put_contents(
+                        bwplCommon::get_home_path() . '.htaccess',
+                        $newdata,
+                        FS_CHMOD_FILE
+                    );
 
                 }
@@ -435 +467 @@
             add_filter('lostpassword_url', array($this, 'bwpl_reset_logout_url'));
 
-            if (is_writable(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php') && get_option('bwpl_slug')) {
-
-                unlink(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php');
+            if ($wp_filesystem->is_writable(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php') && get_option('bwpl_slug')) {
+
+                wp_delete_file(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php');
 
             }
@@ -525 +557 @@
             if ($new_version) {
 
-                $message = __('A new version of WordPress has been detected so we have reinstalled "Block wp-login" and here is a reminder of your login URL:', 'block-wp-login') . "\r\n\r\n";
+                $message = __('A recent WordPress core update has been detected and “Block wp-login” has been re-installed. Here is a reminder of your login address:', 'block-wp-login');
 
             } else {
 
-                $message = __('Your WordPress login URL has been changed:', 'block-wp-login') . "\r\n\r\n";
-
-            }
+                $message = __('Your WordPress login address has been changed:', 'block-wp-login');
+
+            }
+
+            $message .=  "\r\n\r\n";
 
             if ($this->bwpl_new_slug) {
@@ -543 +577 @@
             }
 
-            $message .= __('Make sure you save this email and / or bookmark this address so you don\'t get locked out!', 'block-wp-login') . "\r\n\r\n";
-            $message .= __('Contact us if you are having trouble with WordPress https://webd.uk', 'block-wp-login') . "\r\n\r\n";
-            $message .= __('If you like our plugin please leave a short review: https://wordpress.org/support/plugin/block-wp-login/reviews/#new-post', 'block-wp-login') . "\r\n\r\n";
+            $message .= __('Keep this link handy! Bookmarking it is the best way to ensure you never get locked out.', 'block-wp-login');
+            $message .=  "\r\n\r\n---\r\n\r\n";
+            $message .= __('Does your site need a glow-up?', 'block-wp-login');
+            $message .=  "\r\n";
+            $message .= __('Running slowly?', 'block-wp-login');
+            $message .=  "\r\n";
+            $message .= __('Want new features?', 'block-wp-login');
+            $message .=  "\r\n\r\n";
+            $message .= __('See how we can help', 'block-wp-login');
+            $message .=  ' https://webd.uk';
 
             if (is_multisite()) {
@@ -559 +600 @@
             if ($new_version) {
 
+/* translators: website title */
                 $title = sprintf(__('[%s] WordPress Login Reminder', 'block-wp-login'), $blogname);
 
             } else {
 
+/* translators: website title */
                 $title = sprintf(__('[%s] WordPress Login Changed', 'block-wp-login'), $blogname);
 
@@ -579 +622 @@
 ?>
 <div class="notice notice-error">
-    <p><?php printf(esc_html__('%1$sBlock wp-login%2$s activated email could not be sent.', 'block-wp-login'),'<strong>','</strong>'); ?></p>
+    <p><?php
+/* translators: <strong> HTML tags */
+wp_kses(sprintf(__('%1$sBlock wp-login%2$s activated email could not be sent.', 'block-wp-login'),'<strong>','</strong>'), 'post'); ?></p>
 </div>
 <?php
@@ -655 +700 @@
                             }
 
+/* translators: website title */
                             $title = sprintf(__('[%s] WordPress Login Alert', 'block-wp-login'), $blogname);
 
@@ -681 +727 @@
             if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
 
-                $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+                $ip = filter_var(wp_unslash($_SERVER['HTTP_CF_CONNECTING_IP']), FILTER_VALIDATE_IP);
 
             } elseif (isset($_SERVER['REMOTE_ADDR'])) {
 
-                $ip = $_SERVER['REMOTE_ADDR'];
+                $ip = filter_var(wp_unslash($_SERVER['REMOTE_ADDR']), FILTER_VALIDATE_IP);
 
             }
@@ -710 +756 @@
             global $wpdb;
 
+// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             return (bool) $wpdb->get_var($wpdb->prepare("SELECT GET_LOCK(%s, %d)", 'bwpl_lock', 0));
 
@@ -718 +765 @@
             global $wpdb;
 
+// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             return (bool) $wpdb->get_var($wpdb->prepare("SELECT RELEASE_LOCK(%s)", 'bwpl_lock'));
 
@@ -730 +778 @@
     }
 
-    $Block_wp_login = new bwpl_class();
+    new bwpl_class();
 
 }

block-wp-login/tags/1.5.5/includes/class-bwpl-common.php

@@ -1 +1 @@
 <?php
 /*
- * Version: 1.3.9
+ * Version: 1.4
  */
 
@@ -43 +43 @@
         public static function plugin_text_domain() {
 
-            return self::$plugin_text_domain;
+            return 'block-wp-login';
 
         }
@@ -61 +61 @@
         public static function support_url() {
 
-            return 'https://wordpress.org/support/plugin/' . self::$plugin_text_domain . '/';
+            return 'https://wordpress.org/support/plugin/' . 'block-wp-login' . '/';
 
         }
@@ -67 +67 @@
         public static function control_upgrade_text() {
 
-            $upgrade_text = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name)) . '">' . sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name) . '</a>';
+/* translators: name of the plugin */
+            $upgrade_text = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name)) . '">' . sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name) . '</a>';
 
             if (!class_exists(self::$plugin_premium_class) || !get_option(self::$plugin_prefix . '_purchased')) {
@@ -73 +74 @@
                 if (!class_exists(self::$plugin_premium_class)) {
 
-                    $upgrade_text .= sprintf(wp_kses(__(' or <a href="%s" title="Download Free Trial">trial it for 7 days</a>', self::$plugin_text_domain), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::premium_link()));
+/* translators: link to the premium upgrade */
+                    $upgrade_text .= sprintf(wp_kses(__(' or <a href="%s" title="Download Free Trial">trial it for 7 days</a>', 'block-wp-login'), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::premium_link()));
 
                 }
@@ -85 +87 @@
         public static function control_section_description() {
 
-            $default_description = sprintf(wp_kses(__('If you have any requests for new features, please <a href="%s" title="Support Forum">let us know in the support forum</a>.', self::$plugin_text_domain), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::support_url()));
+/* translators: link to the plugin's support forum */
+            $default_description = sprintf(wp_kses(__('If you have any requests for new features, please <a href="%s" title="Support Forum">let us know in the support forum</a>.', 'block-wp-login'), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::support_url()));
 
             if (self::$plugin_premium_class) {
@@ -95 +98 @@
                     if (!class_exists(self::$plugin_premium_class)) {
 
-                        $section_description = '<strong>' . __('For even more options', self::$plugin_text_domain) . '</strong>' . ' ' . $upgrade_text;
+                        $section_description = '<strong>' . __('For even more options', 'block-wp-login') . '</strong>' . ' ' . $upgrade_text;
 
                     } else {
 
-                        $section_description = '<strong>' . __('To keep using premium options', self::$plugin_text_domain) . '</strong>' . ' ' . $upgrade_text;
+                        $section_description = '<strong>' . __('To keep using premium options', 'block-wp-login') . '</strong>' . ' ' . $upgrade_text;
 
                     }
@@ -119 +122 @@
                 $section_description .= ' ' . sprintf(
                     wp_kses(
+/* translators: link to plugin install page */
                         __(
                             '<strong>To reset this section of options to default settings</strong> without affecting other sections in the customizer, install <a href="%s" title="Reset Customizer">Reset Customizer</a>.',
-                            self::$plugin_text_domain
+                            'block-wp-login'
                         ),
                         array('strong' => array(), 'a' => array('href' => array(), 'title' => array()))
@@ -145 +149 @@
         public static function control_setting_upgrade_nag() {
 
-            $upgrade_nag = self::control_upgrade_text() . __(' to use this option.', self::$plugin_text_domain);
+            $upgrade_nag = self::control_upgrade_text() . __(' to use this option.', 'block-wp-login');
 
             return $upgrade_nag;
@@ -234 +238 @@
 
                 $generated_css = sprintf('%s { %s: %s; }', $selector, $style, $prefix.$mod.$postfix);
-                echo $generated_css;
+                echo wp_kses($generated_css, 'strip');
 
             } elseif ($mod) {
 
                 $generated_css = sprintf('%s { %s:%s; }', $selector, $style, $prefix.$value.$postfix);
-                echo $generated_css;
+                echo wp_kses($generated_css, 'strip');
 
             }
@@ -249 +253 @@
             if (self::$plugin_premium_class) {
 
-                return add_query_arg('url', (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'], 'https://webd.uk/product/' . self::$plugin_text_domain . '-upgrade/');
-
+                if (isset($_SERVER['HTTP_HOST'])) {
+
+                    return add_query_arg('url', (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . filter_var(wp_unslash($_SERVER['HTTP_HOST'], FILTER_SANITIZE_URL)), 'https://webd.uk/product/' . 'block-wp-login' . '-upgrade/');
+
+                } else {
+
+                    return 'https://webd.uk/product/' . 'block-wp-login' . '-upgrade/';
+
+                }
 
             } else {
@@ -276 +287 @@
             $settings_links = array();
 
-            $settings_links[] = '<a href="' . esc_url($settings_link) . '" title="' . esc_attr(__('Settings', self::$plugin_text_domain)) . '">' . __('Settings', self::$plugin_text_domain) . '</a>';
+            $settings_links[] = '<a href="' . esc_url($settings_link) . '" title="' . esc_attr(__('Settings', 'block-wp-login')) . '">' . __('Settings', 'block-wp-login') . '</a>';
 
             if (!get_option(self::$plugin_prefix . '_purchased')) {
@@ -284 +295 @@
                     if (self::$plugin_upgrade) {
 
-                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s Premium', self::$plugin_text_domain), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', self::$plugin_text_domain) . '</a>';
+/* translators: name of the plugin */
+                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s Premium', 'block-wp-login'), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', 'block-wp-login') . '</a>';
 
                     } else {
 
-                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s', self::$plugin_text_domain), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', self::$plugin_text_domain) . '</a>';
+/* translators: name of the plugin */
+                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s', 'block-wp-login'), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', 'block-wp-login') . '</a>';
 
                     }
@@ -294 +307 @@
                 } else {
 
-                    $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr((self::$plugin_premium_class ? sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name) : sprintf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name))) . '" style="color: orange; font-weight: bold;">' . (self::$plugin_premium_class ? __('Upgrade', self::$plugin_text_domain) : __('Support Us', self::$plugin_text_domain)) . '</a>';
+/* translators: name of the plugin */
+                    $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr((self::$plugin_premium_class ? sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name) : sprintf(__('Contribute to %s', 'block-wp-login'), self::$plugin_name))) . '" style="color: orange; font-weight: bold;">' . (self::$plugin_premium_class ? __('Upgrade', 'block-wp-login') : __('Support Us', 'block-wp-login')) . '</a>';
 
                 }
@@ -300 +314 @@
                 if ($premium) {
 
-                    $settings_links[] = '<a href="' . wp_nonce_url('?activate-' . self::$plugin_prefix . '=true', self::$plugin_prefix . '_activate') . '" id="' . self::$plugin_prefix . '_activate_upgrade" title="' . esc_attr(__('Activate Purchase', self::$plugin_text_domain)) . '" onclick="jQuery(this).append(&#39; <img src=&#34;/wp-admin/images/loading.gif&#34; style=&#34;float: none; width: auto; height: auto;&#34; />&#39;); setTimeout(function(){document.getElementById(\'' . self::$plugin_prefix . '_activate_upgrade\').removeAttribute(\'href\');},1); return true;">' . __('Activate Purchase', self::$plugin_text_domain) . '</a>';
-
-                } elseif (self::$plugin_trial && !is_plugin_active(self::$plugin_text_domain . '-premium/' . self::$plugin_text_domain . '-premium.php')) {
-
-                    $settings_links[] = '<a href="' . esc_url(self::premium_link()) . '" title="' . esc_attr(sprintf(__('Trial %s Premium', self::$plugin_text_domain), self::$plugin_name)) . ' for 7 days">' . __('Download Trial', self::$plugin_text_domain) . '</a>';
+                    $settings_links[] = '<a href="' . wp_nonce_url('?activate-' . self::$plugin_prefix . '=true', self::$plugin_prefix . '_activate') . '" id="' . self::$plugin_prefix . '_activate_upgrade" title="' . esc_attr(__('Activate Purchase', 'block-wp-login')) . '" onclick="jQuery(this).append(&#39; <img src=&#34;/wp-admin/images/loading.gif&#34; style=&#34;float: none; width: auto; height: auto;&#34; />&#39;); setTimeout(function(){document.getElementById(\'' . self::$plugin_prefix . '_activate_upgrade\').removeAttribute(\'href\');},1); return true;">' . __('Activate Purchase', 'block-wp-login') . '</a>';
+
+                } elseif (self::$plugin_trial && !is_plugin_active('block-wp-login' . '-premium/' . 'block-wp-login' . '-premium.php')) {
+
+/* translators: name of the plugin */
+                    $settings_links[] = '<a href="' . esc_url(self::premium_link()) . '" title="' . esc_attr(sprintf(__('Trial %s Premium', 'block-wp-login'), self::$plugin_name)) . ' for 7 days">' . __('Download Trial', 'block-wp-login') . '</a>';
 
                 }
@@ -310 +325 @@
             } elseif ($premium) {
 
-                $settings_links[] = '<strong style="color: green; display: inline;">' . __('Purchase Confirmed', self::$plugin_text_domain) . '</strong>';
+                $settings_links[] = '<strong style="color: green; display: inline;">' . __('Purchase Confirmed', 'block-wp-login') . '</strong>';
 
             }
@@ -320 +335 @@
         public static function plugin_row_meta($plugin_meta, $plugin_file, $plugin_data, $status) {
 
-            if ($plugin_file === self::$plugin_text_domain . '/' . self::$plugin_text_domain . '.php') {
-
-                $plugin_meta[] = '<a href="' . esc_url(self::support_url()) . '" title="' . __('Problems? We are here to help!', self::$plugin_text_domain) . '" style="color: orange; font-weight: bold;">' . __('Need help?', self::$plugin_text_domain) . '</a>';
-                $plugin_meta[] = '<a href="https://wordpress.org/support/plugin/' . self::$plugin_text_domain . '/reviews/#new-post" title="' . esc_attr(sprintf(__('If you like %s, please leave a review!', self::$plugin_text_domain), self::$plugin_name)) . '">' . __('Review plugin', self::$plugin_text_domain) . '</a>';
+            if ($plugin_file === 'block-wp-login' . '/' . 'block-wp-login' . '.php') {
+
+                $plugin_meta[] = '<a href="' . esc_url(self::support_url()) . '" title="' . __('Problems? We are here to help!', 'block-wp-login') . '" style="color: orange; font-weight: bold;">' . __('Need help?', 'block-wp-login') . '</a>';
+/* translators: name of the plugin */
+                $plugin_meta[] = '<a href="https://wordpress.org/support/plugin/' . 'block-wp-login' . '/reviews/#new-post" title="' . esc_attr(sprintf(__('If you like %s, please leave a review!', 'block-wp-login'), self::$plugin_name)) . '">' . __('Review plugin', 'block-wp-login') . '</a>';
 
             }
@@ -357 +373 @@
 ?>
 
-<div class="notice notice-error is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-
-<p><strong><?php echo self::$plugin_name; ?></strong><br />
-<?php esc_html_e('In order to use the premium features, you need to install the premium version of the plugin ...', self::$plugin_text_domain); ?></p>
-
-<p><a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Download %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Download %s Premium', self::$plugin_text_domain), self::$plugin_name); ?></a></p>
+<div class="notice notice-error is-dismissible <?php echo esc_html(self::$plugin_prefix); ?>-notice">
+
+<p><strong><?php echo esc_html(self::$plugin_name); ?></strong><br />
+<?php esc_html_e('In order to use the premium features, you need to install the premium version of the plugin ...', 'block-wp-login'); ?></p>
+
+<p><a href="<?php
+/* translators: name of the plugin */
+echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Download %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Download %s Premium', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a></p>
 
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -384 +402 @@
 ?>
 
-<div class="notice notice-info is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-
-<p><strong><?php printf(__('Thank you for using %s plugin', self::$plugin_text_domain), self::$plugin_name); ?></strong><br />
+<div class="notice notice-info is-dismissible <?php echo esc_attr(self::$plugin_prefix); ?>-notice">
+
+<p><strong><?php
+/* translators: name of the plugin */
+printf(esc_html(__('Thank you for using %s plugin', 'block-wp-login')), esc_html(self::$plugin_name)); ?></strong><br />
 <?php
 
                     if (self::$plugin_trial == true) {
 
-                        _e('Would you like to try even more features? Download your 7 day free trial now!', self::$plugin_text_domain); 
+                        echo esc_html(__('Would you like to try even more features? Download your 7 day free trial now!', 'block-wp-login')); 
 
                     } else {
 
-                        echo sprintf(__('Upgrade now to %s Premium to enable more options and features and contribute to the further development of this plugin.', self::$plugin_text_domain), self::$plugin_name);
+/* translators: name of the plugin */
+                        echo esc_html(sprintf(__('Upgrade now to %s Premium to enable more options and features and contribute to the further development of this plugin.', 'block-wp-login'), self::$plugin_name));
 
                     }
@@ -407 +428 @@
 ?>
 
-<a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Try %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Trial %s Premium for 7 days', self::$plugin_text_domain), self::$plugin_name); ?></a>
+<a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Try %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Trial %s Premium for 7 days', 'block-wp-login'), self::$plugin_name)); ?></a>
 
 <?php
@@ -414 +437 @@
 
 ?>
-<a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php echo esc_attr(sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name); ?></a></p>
+<a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Upgrade now to %s Premium', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a></p>
 
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -434 +459 @@
                 }
 
-            } elseif (time() > (strtotime('+1 hour', filectime(__DIR__))) && get_user_meta(get_current_user_id(), self::$plugin_prefix . '-notice-dismissed', true) != self::plugin_version() && !get_option(self::$plugin_prefix . '_donated')) {
-
-?>
-
-<div class="notice notice-info is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-<p><strong><?php printf(__('Thank you for using %s plugin', self::$plugin_text_domain), self::$plugin_name); ?></strong></p>
-<?php
-
+            } elseif (
+                time() > (strtotime('+1 hour', filectime(__DIR__))) &&
+                get_user_meta(get_current_user_id(), self::$plugin_prefix . '-notice-dismissed', true) != self::plugin_version() &&
+                !get_option(self::$plugin_prefix . '_donated')
+            ) {
+
+?>
+
+<div class="notice notice-info is-dismissible <?php echo esc_attr(self::$plugin_prefix); ?>-notice">
+<p><strong><?php
+/* translators: name of the plugin */
+printf(esc_html(__('Thank you for using %s plugin', 'block-wp-login')), esc_html(self::$plugin_name)); ?></strong></p>
+<?php
+
+// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
                 do_action(self::$plugin_prefix . '_admin_notice_donate');
 
 ?>
-<p><?php esc_html_e('Funding plugins like this one with small financial contributions is essential to pay the developers to continue to do what they do. Please take a moment to give a small amount ...', self::$plugin_text_domain); ?></p>
-<p><a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php echo esc_attr(sprintf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name); ?></a> <a href="#" id="<?php echo self::$plugin_prefix; ?>-already-paid" title="<?php echo esc_attr(__('Aleady Contributed!', self::$plugin_text_domain)); ?>" class="button-primary"><?php esc_html_e('Aleady Contributed!', self::$plugin_text_domain); ?></a></p>
+<p><?php esc_html_e('Funding plugins like this one with small financial contributions is essential to pay the developers to continue to do what they do. Please take a moment to give a small amount ...', 'block-wp-login'); ?></p>
+<p><a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Contribute to %s', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Contribute to %s', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a> <a href="#" id="<?php echo esc_attr(self::$plugin_prefix); ?>-already-paid" title="<?php echo esc_attr(__('Aleady Contributed!', 'block-wp-login')); ?>" class="button-primary"><?php esc_html_e('Aleady Contributed!', 'block-wp-login'); ?></a></p>
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '#<?php echo self::$plugin_prefix; ?>-already-paid', function() {
-        if (confirm(<?php echo json_encode(__('Have you really? Press "Cancel" if you forgot to 🙂', self::$plugin_text_domain)); ?>)) {
-            alert(<?php echo json_encode(__('Thank you!', self::$plugin_text_domain)); ?>);
-            jQuery('.<?php echo self::$plugin_prefix; ?>-notice').fadeTo(100, 0, function() {
-                jQuery('.<?php echo self::$plugin_prefix; ?>-notice').slideUp(100, function() {
-                    jQuery('.<?php echo self::$plugin_prefix; ?>-notice').remove()
+    jQuery(document).on('click', '#<?php echo esc_attr(self::$plugin_prefix); ?>-already-paid', function() {
+        if (confirm(<?php echo json_encode(__('Have you really? Press "Cancel" if you forgot to 🙂', 'block-wp-login')); ?>)) {
+            alert(<?php echo json_encode(__('Thank you!', 'block-wp-login')); ?>);
+            jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').fadeTo(100, 0, function() {
+                jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').slideUp(100, function() {
+                    jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').remove()
                 });
             });
@@ -461 +495 @@
                 url: ajaxurl,
                 data: {
-                    action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
+                    action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
                     donated: 'true',
-                    _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                    _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
                 }
             });
         } else {
-            window.location.assign('<?php echo self::upgrade_link(); ?>');
+            window.location.assign('<?php echo esc_url(self::upgrade_link()); ?>');
         }
     });
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -509 +543 @@
                     is_admin() && 
                     $pagenow === 'customize.php' &&
-                    isset($_GET['theme']) && 
-                    !in_array($_GET['theme'], $themes, true)
+                    isset($_GET['theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    !in_array($_GET['theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ) && !(
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid']) && 
-                    !in_array($_GET['customize_theme'], $themes, true)
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    !in_array($_GET['customize_theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 )
             ) {
@@ -530 +564 @@
                     is_admin() && 
                     $pagenow === 'customize.php' &&
-                    isset($_GET['theme']) && 
-                    in_array($_GET['theme'], $themes, true)
+                    isset($_GET['theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    in_array($_GET['theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ) || (
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid']) && 
-                    in_array($_GET['customize_theme'], $themes, true)
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    in_array($_GET['customize_theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ))
             ) {
@@ -549 +583 @@
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid'])
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 
             ) {
 
-                $child = wp_get_theme($_GET['customize_theme']);
+                $child = wp_get_theme(sanitize_file_name(wp_unslash($_GET['customize_theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
                 if (isset($child->template) && in_array($child->template, $themes, true)) {
@@ -568 +602 @@
                 is_admin() && 
                 ($pagenow === 'customize.php' || $pagenow === 'admin-ajax.php') &&
-                isset($_GET['theme']) || (isset($_POST['customize_theme']) && isset($_POST['customize_changeset_uuid']))
+                (
+                    isset($_GET['theme']) || // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    (
+                        isset($_POST['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Missing
+                        isset($_POST['customize_changeset_uuid']) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+                    )
+                )
             ) {
 
-                if (isset($_GET['theme'])) {
-
-                    $child = wp_get_theme($_GET['theme']);
+                if (isset($_GET['theme'])) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+
+                    $child = wp_get_theme(sanitize_file_name(wp_unslash($_GET['theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
                 } else {
 
-                    $child = wp_get_theme($_POST['customize_theme']);
+                    $child = wp_get_theme(sanitize_file_name(wp_unslash($_POST['customize_theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Missing
 
                 }
@@ -622 +662 @@
 
 ?>
-<span class="description customize-control-description"><?php echo $this->description; ?></span>
+<span class="description customize-control-description"><?php echo esc_html($this->description); ?></span>
 <?php
 
@@ -647 +687 @@
 ?>
         </ul>
-        <input type="hidden" id="_customize-input-<?php echo $this->id; ?>" <?php $this->link(); ?> value="<?php echo esc_attr(implode(',', $multi_values)); ?>" />
+        <input type="hidden" id="_customize-input-<?php echo esc_attr($this->id); ?>" <?php $this->link(); ?> value="<?php echo esc_attr(implode(',', $multi_values)); ?>" />
 <?php
 

block-wp-login/tags/1.5.5/readme.txt

@@ -4 +4 @@
 Tags: security, secure, login security, block hackers, security plugin
 Requires at least: 3.5.0
-Tested up to: 6.8
+Tested up to: 6.9
 Requires PHP: 5.6
-Stable tag: 1.5.4
+Stable tag: 1.5.5
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -44 +44 @@
 
 == Changelog ==
+
+= 1.5.5 =
+* Fix a minor bug and general housekeeping preparing for "Plugin Check" code review
 
 = 1.5.4 =
@@ -178 +181 @@
 == Upgrade Notice ==
 
-= 1.5.4 =
-* Updated race condition prevention when WordPress core version changes
+= 1.5.5 =
+* Fix a minor bug and general housekeeping preparing for "Plugin Check" code review

block-wp-login/trunk/block-wp-login.php

@@ -2 +2 @@
 /*
  * Plugin Name: Block wp-login
- * Version: 1.5.4
+ * Version: 1.5.5
  * Plugin URI: https://webd.uk/support/
  * Description: This plugin completely blocks access to wp-login.php and creates a new secret login URL
  * Author: Webd Ltd
  * Author URI: https://webd.uk
+ * License: GPLv2 or later
+ * License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
  * Text Domain: block-wp-login
  */
@@ -13 +15 @@
 
 if (!defined('ABSPATH')) {
-    exit(__('This isn\'t the page you\'re looking for. Move along, move along.', 'block-wp-login'));
+    exit(esc_html(__('This isn\'t the page you\'re looking for. Move along, move along.', 'block-wp-login')));
 }
 
@@ -22 +24 @@
     class bwpl_class {
 
-        public static $version = '1.5.4';
+        public static $version = '1.5.5';
 
         private $bwpl_new_slug = '';
@@ -73 +75 @@
         function bwpl_configure_slug() {
 
-            if (isset($_POST['bwpl_nonce']) && wp_verify_nonce($_POST['bwpl_nonce'], 'bwpl_slug_change') && isset($_POST['bwpl_slug']) && current_user_can('manage_options')) {
-
-                $this->bwpl_new_slug = trim(sanitize_key(wp_strip_all_tags($_POST['bwpl_slug'])));
+            if (isset($_POST['bwpl_nonce']) && wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['bwpl_nonce'])), 'bwpl_slug_change') && isset($_POST['bwpl_slug']) && current_user_can('manage_options')) {
+
+                $this->bwpl_new_slug = trim(sanitize_key(wp_strip_all_tags(wp_unslash($_POST['bwpl_slug']))));
 
                 if ($this->bwpl_new_slug) {
 
+                    $notify = (isset($_POST['bwpl_notify']) && 'true' === $_POST['bwpl_notify']);
                     $this->bwpl_uninstall();
-                    $this->bwpl_install();
+                    $this->bwpl_install(false, $notify);
 
                 } else {
@@ -126 +129 @@
                 if (
                     isset($_POST['bwpl_unknown_admin']) &&
-                    $_POST['bwpl_unknown_admin'] &&
+                    sanitize_text_field(wp_unslash($_POST['bwpl_unknown_admin'])) &&
                     isset($_POST['bwpl_known_ips']) &&
-                    $_POST['bwpl_known_ips']
+                    sanitize_textarea_field(wp_unslash($_POST['bwpl_known_ips']))
                 ) {
 
-                    $known_ips = preg_split('/\r\n|[\r\n]/', $_POST['bwpl_known_ips']);
+                    $known_ips = preg_split('/\r\n|[\r\n]/', sanitize_textarea_field(wp_unslash($_POST['bwpl_known_ips'])));
 
                     foreach ($known_ips AS $key => $known_ip) {
@@ -187 +190 @@
             for ($i = 0; $i < 8; $i++) {
 
-                $randomString .= $characters[rand(0, strlen($characters) - 1)];
+                $randomString .= $characters[wp_rand(0, strlen($characters) - 1)];
 
             }
 
 ?>
-<input id="bwpl_slug" name="bwpl_slug" type="text" class="regular-text code" value="<?php echo get_option('bwpl_slug'); ?>" />
+<input id="bwpl_slug" name="bwpl_slug" type="text" class="regular-text code" value="<?php echo esc_attr(get_option('bwpl_slug')); ?>" />
 
 <script type="text/javascript">
@@ -206 +209 @@
 <p><?php esc_html_e('To change your WordPress login address, enter your chosen slug above. Leave it blank to enable the default login address.', 'block-wp-login'); ?></p>
 
-<p><?php printf(esc_html__('%1$sClick here%2$s to generate a random login address.', 'block-wp-login'),'<a href="javascript:void(0)" class="randomlogin">','</a>'); ?></p>
+<p><a href="javascript:void(0)" class="randomlogin"><?php echo esc_html(__('Click here', 'block-wp-login')); ?></a> <?php echo esc_html(__('to generate a random login address.', 'block-wp-login')); ?></p>
 
 <script type="text/javascript">
@@ -217 +220 @@
     jQuery('#bwpl_slug').val(result);
     alert(<?php echo json_encode(__('WARNING! DO NOT LOCK YOURSELF OUT! Your new login address will be', 'block-wp-login') . ' ' . get_site_url() . '/'); ?> + result + '/');
-    jQuery('#bwpl_slug').val(result);
+    jQuery('#bwpl_notify').prop('checked', true);
 });
 </script>
@@ -225 +228 @@
             if (get_option('bwpl_slug')) {
 
-                echo get_site_url(null, (get_option('bwpl_slug') . '/'));
+                echo esc_url(get_site_url(null, (get_option('bwpl_slug') . '/')));
 
             } else {
 
-                echo get_site_url(null, 'wp-login.php');
+                echo esc_url(get_site_url(null, 'wp-login.php'));
 
             } ?></p>
@@ -257 +260 @@
 <p><strong><?php esc_html_e('Please Note: ', 'block-wp-login'); ?></strong><?php
 
-                printf(
+                echo wp_kses(sprintf(
+/* translators: link to plugin install page */
                     __('To lock down your website to only serve legitimate content, please take a look at our new plugin "%s".', 'block-wp-login'),
-                    '<a href="' . esc_url(add_query_arg(array('s' => 'deny-all-firewall+genuine', 'tab' => 'search', 'type' => 'term'), self_admin_url('plugin-install.php'))) . '" title="' . __('Deny All Firewall', 'block-wp-login') . '">' . __('Deny All Firewall', 'block-wp-login') . '</a>'
-                );
+                    '<a href="' . esc_url(add_query_arg(array('s' => 'deny-all-firewall+genuine', 'tab' => 'search', 'type' => 'term'), self_admin_url('plugin-install.php'))) . '" title="' . esc_attr(__('Deny All Firewall', 'block-wp-login')) . '">' . __('Deny All Firewall', 'block-wp-login') . '</a>'
+                ), 'post');
 
 ?></p>
@@ -287 +291 @@
         }
 
-        function bwpl_install($new_version = false) {
-
-            if ($new_version || (isset($_POST['bwpl_notify']) && 'true' === $_POST['bwpl_notify'])) {
+        function bwpl_install($new_version = false, $notify = true) {
+
+            global $wp_filesystem;
+
+            if (!$wp_filesystem) {
+
+                require_once (ABSPATH . '/wp-admin/includes/file.php');
+
+                WP_Filesystem();
+
+            }
+
+            if ($new_version || $notify) {
 
                 $this->bwpl_send_emails($new_version);
@@ -301 +315 @@
                 $content = implode($this->bwpl_new_slug . '-wp-login.php', $content_chunks);
 
-                if ((!file_exists(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php') && is_writable(bwplCommon::get_home_path())) || is_writable(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php')) {
+                if ((!file_exists(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php') && $wp_filesystem->is_writable(bwplCommon::get_home_path())) || $wp_filesystem->is_writable(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php')) {
 
                     file_put_contents(bwplCommon::get_home_path() . $this->bwpl_new_slug . '-wp-login.php', $content);
@@ -309 +323 @@
             }
 
-            if ((!file_exists(bwplCommon::get_home_path() . '.htaccess') && is_writable(bwplCommon::get_home_path())) || is_writable(bwplCommon::get_home_path() . '.htaccess')) {
+            if ((!file_exists(bwplCommon::get_home_path() . '.htaccess') && $wp_filesystem->is_writable(bwplCommon::get_home_path())) || $wp_filesystem->is_writable(bwplCommon::get_home_path() . '.htaccess')) {
 
                 $markerdata = file(bwplCommon::get_home_path() . '.htaccess');
@@ -346 +360 @@
                     }
 
-                    $f = @fopen(bwplCommon::get_home_path() . '.htaccess', 'w');
-                    fwrite($f, $newdata);
+                    $wp_filesystem->put_contents(
+                        bwplCommon::get_home_path() . '.htaccess',
+                        $newdata,
+                        FS_CHMOD_FILE
+                    );
 
                 }
@@ -361 +378 @@
 ?>
 <div class="notice notice-success">
-    <p><?php printf(esc_html__('%1$sBlock wp-login%2$s activated. ', 'block-wp-login'),'<strong>','</strong>'); ?><a href="<?php echo admin_url('options-permalink.php'); ?>"><?php esc_html_e('Configure the plugin here.', 'block-wp-login'); ?></a></p>
+    <p><?php
+/* translators: <strong> HTML tags */
+echo wp_kses(sprintf(__('%1$sBlock wp-login%2$s activated. ', 'block-wp-login'),'<strong>','</strong>'), 'post'); ?><a href="<?php echo esc_url(admin_url('options-permalink.php')); ?>"><?php esc_html_e('Configure the plugin here.', 'block-wp-login'); ?></a></p>
 </div>
 <?php
@@ -369 +388 @@
         function bwpl_uninstall() {
 
-            if (is_writable(bwplCommon::get_home_path() . '.htaccess')) {
+            global $wp_filesystem;
+
+            if (!$wp_filesystem) {
+
+                require_once (ABSPATH . '/wp-admin/includes/file.php');
+
+                WP_Filesystem();
+
+            }
+
+            if ($wp_filesystem->is_writable(bwplCommon::get_home_path() . '.htaccess')) {
 
                 $markerdata = file(bwplCommon::get_home_path() . '.htaccess');
@@ -424 +453 @@
                     }
 
-                    $f = @fopen(bwplCommon::get_home_path() . '.htaccess', 'w');
-                    fwrite($f, $newdata);
+                    $wp_filesystem->put_contents(
+                        bwplCommon::get_home_path() . '.htaccess',
+                        $newdata,
+                        FS_CHMOD_FILE
+                    );
 
                 }
@@ -435 +467 @@
             add_filter('lostpassword_url', array($this, 'bwpl_reset_logout_url'));
 
-            if (is_writable(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php') && get_option('bwpl_slug')) {
-
-                unlink(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php');
+            if ($wp_filesystem->is_writable(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php') && get_option('bwpl_slug')) {
+
+                wp_delete_file(bwplCommon::get_home_path() . get_option('bwpl_slug') . '-wp-login.php');
 
             }
@@ -525 +557 @@
             if ($new_version) {
 
-                $message = __('A new version of WordPress has been detected so we have reinstalled "Block wp-login" and here is a reminder of your login URL:', 'block-wp-login') . "\r\n\r\n";
+                $message = __('A recent WordPress core update has been detected and “Block wp-login” has been re-installed. Here is a reminder of your login address:', 'block-wp-login');
 
             } else {
 
-                $message = __('Your WordPress login URL has been changed:', 'block-wp-login') . "\r\n\r\n";
-
-            }
+                $message = __('Your WordPress login address has been changed:', 'block-wp-login');
+
+            }
+
+            $message .=  "\r\n\r\n";
 
             if ($this->bwpl_new_slug) {
@@ -543 +577 @@
             }
 
-            $message .= __('Make sure you save this email and / or bookmark this address so you don\'t get locked out!', 'block-wp-login') . "\r\n\r\n";
-            $message .= __('Contact us if you are having trouble with WordPress https://webd.uk', 'block-wp-login') . "\r\n\r\n";
-            $message .= __('If you like our plugin please leave a short review: https://wordpress.org/support/plugin/block-wp-login/reviews/#new-post', 'block-wp-login') . "\r\n\r\n";
+            $message .= __('Keep this link handy! Bookmarking it is the best way to ensure you never get locked out.', 'block-wp-login');
+            $message .=  "\r\n\r\n---\r\n\r\n";
+            $message .= __('Does your site need a glow-up?', 'block-wp-login');
+            $message .=  "\r\n";
+            $message .= __('Running slowly?', 'block-wp-login');
+            $message .=  "\r\n";
+            $message .= __('Want new features?', 'block-wp-login');
+            $message .=  "\r\n\r\n";
+            $message .= __('See how we can help', 'block-wp-login');
+            $message .=  ' https://webd.uk';
 
             if (is_multisite()) {
@@ -559 +600 @@
             if ($new_version) {
 
+/* translators: website title */
                 $title = sprintf(__('[%s] WordPress Login Reminder', 'block-wp-login'), $blogname);
 
             } else {
 
+/* translators: website title */
                 $title = sprintf(__('[%s] WordPress Login Changed', 'block-wp-login'), $blogname);
 
@@ -579 +622 @@
 ?>
 <div class="notice notice-error">
-    <p><?php printf(esc_html__('%1$sBlock wp-login%2$s activated email could not be sent.', 'block-wp-login'),'<strong>','</strong>'); ?></p>
+    <p><?php
+/* translators: <strong> HTML tags */
+wp_kses(sprintf(__('%1$sBlock wp-login%2$s activated email could not be sent.', 'block-wp-login'),'<strong>','</strong>'), 'post'); ?></p>
 </div>
 <?php
@@ -655 +700 @@
                             }
 
+/* translators: website title */
                             $title = sprintf(__('[%s] WordPress Login Alert', 'block-wp-login'), $blogname);
 
@@ -681 +727 @@
             if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
 
-                $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+                $ip = filter_var(wp_unslash($_SERVER['HTTP_CF_CONNECTING_IP']), FILTER_VALIDATE_IP);
 
             } elseif (isset($_SERVER['REMOTE_ADDR'])) {
 
-                $ip = $_SERVER['REMOTE_ADDR'];
+                $ip = filter_var(wp_unslash($_SERVER['REMOTE_ADDR']), FILTER_VALIDATE_IP);
 
             }
@@ -710 +756 @@
             global $wpdb;
 
+// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             return (bool) $wpdb->get_var($wpdb->prepare("SELECT GET_LOCK(%s, %d)", 'bwpl_lock', 0));
 
@@ -718 +765 @@
             global $wpdb;
 
+// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             return (bool) $wpdb->get_var($wpdb->prepare("SELECT RELEASE_LOCK(%s)", 'bwpl_lock'));
 
@@ -730 +778 @@
     }
 
-    $Block_wp_login = new bwpl_class();
+    new bwpl_class();
 
 }

block-wp-login/trunk/includes/class-bwpl-common.php

@@ -1 +1 @@
 <?php
 /*
- * Version: 1.3.9
+ * Version: 1.4
  */
 
@@ -43 +43 @@
         public static function plugin_text_domain() {
 
-            return self::$plugin_text_domain;
+            return 'block-wp-login';
 
         }
@@ -61 +61 @@
         public static function support_url() {
 
-            return 'https://wordpress.org/support/plugin/' . self::$plugin_text_domain . '/';
+            return 'https://wordpress.org/support/plugin/' . 'block-wp-login' . '/';
 
         }
@@ -67 +67 @@
         public static function control_upgrade_text() {
 
-            $upgrade_text = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name)) . '">' . sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name) . '</a>';
+/* translators: name of the plugin */
+            $upgrade_text = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name)) . '">' . sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name) . '</a>';
 
             if (!class_exists(self::$plugin_premium_class) || !get_option(self::$plugin_prefix . '_purchased')) {
@@ -73 +74 @@
                 if (!class_exists(self::$plugin_premium_class)) {
 
-                    $upgrade_text .= sprintf(wp_kses(__(' or <a href="%s" title="Download Free Trial">trial it for 7 days</a>', self::$plugin_text_domain), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::premium_link()));
+/* translators: link to the premium upgrade */
+                    $upgrade_text .= sprintf(wp_kses(__(' or <a href="%s" title="Download Free Trial">trial it for 7 days</a>', 'block-wp-login'), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::premium_link()));
 
                 }
@@ -85 +87 @@
         public static function control_section_description() {
 
-            $default_description = sprintf(wp_kses(__('If you have any requests for new features, please <a href="%s" title="Support Forum">let us know in the support forum</a>.', self::$plugin_text_domain), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::support_url()));
+/* translators: link to the plugin's support forum */
+            $default_description = sprintf(wp_kses(__('If you have any requests for new features, please <a href="%s" title="Support Forum">let us know in the support forum</a>.', 'block-wp-login'), array('a' => array('href' => array(), 'title' => array()))), esc_url(self::support_url()));
 
             if (self::$plugin_premium_class) {
@@ -95 +98 @@
                     if (!class_exists(self::$plugin_premium_class)) {
 
-                        $section_description = '<strong>' . __('For even more options', self::$plugin_text_domain) . '</strong>' . ' ' . $upgrade_text;
+                        $section_description = '<strong>' . __('For even more options', 'block-wp-login') . '</strong>' . ' ' . $upgrade_text;
 
                     } else {
 
-                        $section_description = '<strong>' . __('To keep using premium options', self::$plugin_text_domain) . '</strong>' . ' ' . $upgrade_text;
+                        $section_description = '<strong>' . __('To keep using premium options', 'block-wp-login') . '</strong>' . ' ' . $upgrade_text;
 
                     }
@@ -119 +122 @@
                 $section_description .= ' ' . sprintf(
                     wp_kses(
+/* translators: link to plugin install page */
                         __(
                             '<strong>To reset this section of options to default settings</strong> without affecting other sections in the customizer, install <a href="%s" title="Reset Customizer">Reset Customizer</a>.',
-                            self::$plugin_text_domain
+                            'block-wp-login'
                         ),
                         array('strong' => array(), 'a' => array('href' => array(), 'title' => array()))
@@ -145 +149 @@
         public static function control_setting_upgrade_nag() {
 
-            $upgrade_nag = self::control_upgrade_text() . __(' to use this option.', self::$plugin_text_domain);
+            $upgrade_nag = self::control_upgrade_text() . __(' to use this option.', 'block-wp-login');
 
             return $upgrade_nag;
@@ -234 +238 @@
 
                 $generated_css = sprintf('%s { %s: %s; }', $selector, $style, $prefix.$mod.$postfix);
-                echo $generated_css;
+                echo wp_kses($generated_css, 'strip');
 
             } elseif ($mod) {
 
                 $generated_css = sprintf('%s { %s:%s; }', $selector, $style, $prefix.$value.$postfix);
-                echo $generated_css;
+                echo wp_kses($generated_css, 'strip');
 
             }
@@ -249 +253 @@
             if (self::$plugin_premium_class) {
 
-                return add_query_arg('url', (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'], 'https://webd.uk/product/' . self::$plugin_text_domain . '-upgrade/');
-
+                if (isset($_SERVER['HTTP_HOST'])) {
+
+                    return add_query_arg('url', (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . filter_var(wp_unslash($_SERVER['HTTP_HOST'], FILTER_SANITIZE_URL)), 'https://webd.uk/product/' . 'block-wp-login' . '-upgrade/');
+
+                } else {
+
+                    return 'https://webd.uk/product/' . 'block-wp-login' . '-upgrade/';
+
+                }
 
             } else {
@@ -276 +287 @@
             $settings_links = array();
 
-            $settings_links[] = '<a href="' . esc_url($settings_link) . '" title="' . esc_attr(__('Settings', self::$plugin_text_domain)) . '">' . __('Settings', self::$plugin_text_domain) . '</a>';
+            $settings_links[] = '<a href="' . esc_url($settings_link) . '" title="' . esc_attr(__('Settings', 'block-wp-login')) . '">' . __('Settings', 'block-wp-login') . '</a>';
 
             if (!get_option(self::$plugin_prefix . '_purchased')) {
@@ -284 +295 @@
                     if (self::$plugin_upgrade) {
 
-                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s Premium', self::$plugin_text_domain), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', self::$plugin_text_domain) . '</a>';
+/* translators: name of the plugin */
+                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s Premium', 'block-wp-login'), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', 'block-wp-login') . '</a>';
 
                     } else {
 
-                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s', self::$plugin_text_domain), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', self::$plugin_text_domain) . '</a>';
+/* translators: name of the plugin */
+                        $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr(sprintf(__('Buy %s', 'block-wp-login'), self::$plugin_name)) . '" style="color: orange; font-weight: bold;">' . __('Buy Now', 'block-wp-login') . '</a>';
 
                     }
@@ -294 +307 @@
                 } else {
 
-                    $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr((self::$plugin_premium_class ? sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name) : sprintf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name))) . '" style="color: orange; font-weight: bold;">' . (self::$plugin_premium_class ? __('Upgrade', self::$plugin_text_domain) : __('Support Us', self::$plugin_text_domain)) . '</a>';
+/* translators: name of the plugin */
+                    $settings_links[] = '<a href="' . esc_url(self::upgrade_link()) . '" title="' . esc_attr((self::$plugin_premium_class ? sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name) : sprintf(__('Contribute to %s', 'block-wp-login'), self::$plugin_name))) . '" style="color: orange; font-weight: bold;">' . (self::$plugin_premium_class ? __('Upgrade', 'block-wp-login') : __('Support Us', 'block-wp-login')) . '</a>';
 
                 }
@@ -300 +314 @@
                 if ($premium) {
 
-                    $settings_links[] = '<a href="' . wp_nonce_url('?activate-' . self::$plugin_prefix . '=true', self::$plugin_prefix . '_activate') . '" id="' . self::$plugin_prefix . '_activate_upgrade" title="' . esc_attr(__('Activate Purchase', self::$plugin_text_domain)) . '" onclick="jQuery(this).append(&#39; <img src=&#34;/wp-admin/images/loading.gif&#34; style=&#34;float: none; width: auto; height: auto;&#34; />&#39;); setTimeout(function(){document.getElementById(\'' . self::$plugin_prefix . '_activate_upgrade\').removeAttribute(\'href\');},1); return true;">' . __('Activate Purchase', self::$plugin_text_domain) . '</a>';
-
-                } elseif (self::$plugin_trial && !is_plugin_active(self::$plugin_text_domain . '-premium/' . self::$plugin_text_domain . '-premium.php')) {
-
-                    $settings_links[] = '<a href="' . esc_url(self::premium_link()) . '" title="' . esc_attr(sprintf(__('Trial %s Premium', self::$plugin_text_domain), self::$plugin_name)) . ' for 7 days">' . __('Download Trial', self::$plugin_text_domain) . '</a>';
+                    $settings_links[] = '<a href="' . wp_nonce_url('?activate-' . self::$plugin_prefix . '=true', self::$plugin_prefix . '_activate') . '" id="' . self::$plugin_prefix . '_activate_upgrade" title="' . esc_attr(__('Activate Purchase', 'block-wp-login')) . '" onclick="jQuery(this).append(&#39; <img src=&#34;/wp-admin/images/loading.gif&#34; style=&#34;float: none; width: auto; height: auto;&#34; />&#39;); setTimeout(function(){document.getElementById(\'' . self::$plugin_prefix . '_activate_upgrade\').removeAttribute(\'href\');},1); return true;">' . __('Activate Purchase', 'block-wp-login') . '</a>';
+
+                } elseif (self::$plugin_trial && !is_plugin_active('block-wp-login' . '-premium/' . 'block-wp-login' . '-premium.php')) {
+
+/* translators: name of the plugin */
+                    $settings_links[] = '<a href="' . esc_url(self::premium_link()) . '" title="' . esc_attr(sprintf(__('Trial %s Premium', 'block-wp-login'), self::$plugin_name)) . ' for 7 days">' . __('Download Trial', 'block-wp-login') . '</a>';
 
                 }
@@ -310 +325 @@
             } elseif ($premium) {
 
-                $settings_links[] = '<strong style="color: green; display: inline;">' . __('Purchase Confirmed', self::$plugin_text_domain) . '</strong>';
+                $settings_links[] = '<strong style="color: green; display: inline;">' . __('Purchase Confirmed', 'block-wp-login') . '</strong>';
 
             }
@@ -320 +335 @@
         public static function plugin_row_meta($plugin_meta, $plugin_file, $plugin_data, $status) {
 
-            if ($plugin_file === self::$plugin_text_domain . '/' . self::$plugin_text_domain . '.php') {
-
-                $plugin_meta[] = '<a href="' . esc_url(self::support_url()) . '" title="' . __('Problems? We are here to help!', self::$plugin_text_domain) . '" style="color: orange; font-weight: bold;">' . __('Need help?', self::$plugin_text_domain) . '</a>';
-                $plugin_meta[] = '<a href="https://wordpress.org/support/plugin/' . self::$plugin_text_domain . '/reviews/#new-post" title="' . esc_attr(sprintf(__('If you like %s, please leave a review!', self::$plugin_text_domain), self::$plugin_name)) . '">' . __('Review plugin', self::$plugin_text_domain) . '</a>';
+            if ($plugin_file === 'block-wp-login' . '/' . 'block-wp-login' . '.php') {
+
+                $plugin_meta[] = '<a href="' . esc_url(self::support_url()) . '" title="' . __('Problems? We are here to help!', 'block-wp-login') . '" style="color: orange; font-weight: bold;">' . __('Need help?', 'block-wp-login') . '</a>';
+/* translators: name of the plugin */
+                $plugin_meta[] = '<a href="https://wordpress.org/support/plugin/' . 'block-wp-login' . '/reviews/#new-post" title="' . esc_attr(sprintf(__('If you like %s, please leave a review!', 'block-wp-login'), self::$plugin_name)) . '">' . __('Review plugin', 'block-wp-login') . '</a>';
 
             }
@@ -357 +373 @@
 ?>
 
-<div class="notice notice-error is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-
-<p><strong><?php echo self::$plugin_name; ?></strong><br />
-<?php esc_html_e('In order to use the premium features, you need to install the premium version of the plugin ...', self::$plugin_text_domain); ?></p>
-
-<p><a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Download %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Download %s Premium', self::$plugin_text_domain), self::$plugin_name); ?></a></p>
+<div class="notice notice-error is-dismissible <?php echo esc_html(self::$plugin_prefix); ?>-notice">
+
+<p><strong><?php echo esc_html(self::$plugin_name); ?></strong><br />
+<?php esc_html_e('In order to use the premium features, you need to install the premium version of the plugin ...', 'block-wp-login'); ?></p>
+
+<p><a href="<?php
+/* translators: name of the plugin */
+echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Download %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Download %s Premium', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a></p>
 
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -384 +402 @@
 ?>
 
-<div class="notice notice-info is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-
-<p><strong><?php printf(__('Thank you for using %s plugin', self::$plugin_text_domain), self::$plugin_name); ?></strong><br />
+<div class="notice notice-info is-dismissible <?php echo esc_attr(self::$plugin_prefix); ?>-notice">
+
+<p><strong><?php
+/* translators: name of the plugin */
+printf(esc_html(__('Thank you for using %s plugin', 'block-wp-login')), esc_html(self::$plugin_name)); ?></strong><br />
 <?php
 
                     if (self::$plugin_trial == true) {
 
-                        _e('Would you like to try even more features? Download your 7 day free trial now!', self::$plugin_text_domain); 
+                        echo esc_html(__('Would you like to try even more features? Download your 7 day free trial now!', 'block-wp-login')); 
 
                     } else {
 
-                        echo sprintf(__('Upgrade now to %s Premium to enable more options and features and contribute to the further development of this plugin.', self::$plugin_text_domain), self::$plugin_name);
+/* translators: name of the plugin */
+                        echo esc_html(sprintf(__('Upgrade now to %s Premium to enable more options and features and contribute to the further development of this plugin.', 'block-wp-login'), self::$plugin_name));
 
                     }
@@ -407 +428 @@
 ?>
 
-<a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php echo esc_attr(sprintf(__('Try %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Trial %s Premium for 7 days', self::$plugin_text_domain), self::$plugin_name); ?></a>
+<a href="<?php echo esc_url(self::premium_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Try %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Trial %s Premium for 7 days', 'block-wp-login'), self::$plugin_name)); ?></a>
 
 <?php
@@ -414 +437 @@
 
 ?>
-<a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php echo esc_attr(sprintf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Upgrade now to %s Premium', self::$plugin_text_domain), self::$plugin_name); ?></a></p>
+<a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Upgrade now to %s Premium', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Upgrade now to %s Premium', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a></p>
 
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -434 +459 @@
                 }
 
-            } elseif (time() > (strtotime('+1 hour', filectime(__DIR__))) && get_user_meta(get_current_user_id(), self::$plugin_prefix . '-notice-dismissed', true) != self::plugin_version() && !get_option(self::$plugin_prefix . '_donated')) {
-
-?>
-
-<div class="notice notice-info is-dismissible <?php echo self::$plugin_prefix; ?>-notice">
-<p><strong><?php printf(__('Thank you for using %s plugin', self::$plugin_text_domain), self::$plugin_name); ?></strong></p>
-<?php
-
+            } elseif (
+                time() > (strtotime('+1 hour', filectime(__DIR__))) &&
+                get_user_meta(get_current_user_id(), self::$plugin_prefix . '-notice-dismissed', true) != self::plugin_version() &&
+                !get_option(self::$plugin_prefix . '_donated')
+            ) {
+
+?>
+
+<div class="notice notice-info is-dismissible <?php echo esc_attr(self::$plugin_prefix); ?>-notice">
+<p><strong><?php
+/* translators: name of the plugin */
+printf(esc_html(__('Thank you for using %s plugin', 'block-wp-login')), esc_html(self::$plugin_name)); ?></strong></p>
+<?php
+
+// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
                 do_action(self::$plugin_prefix . '_admin_notice_donate');
 
 ?>
-<p><?php esc_html_e('Funding plugins like this one with small financial contributions is essential to pay the developers to continue to do what they do. Please take a moment to give a small amount ...', self::$plugin_text_domain); ?></p>
-<p><a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php echo esc_attr(sprintf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name)); ?>" class="button-primary"><?php printf(__('Contribute to %s', self::$plugin_text_domain), self::$plugin_name); ?></a> <a href="#" id="<?php echo self::$plugin_prefix; ?>-already-paid" title="<?php echo esc_attr(__('Aleady Contributed!', self::$plugin_text_domain)); ?>" class="button-primary"><?php esc_html_e('Aleady Contributed!', self::$plugin_text_domain); ?></a></p>
+<p><?php esc_html_e('Funding plugins like this one with small financial contributions is essential to pay the developers to continue to do what they do. Please take a moment to give a small amount ...', 'block-wp-login'); ?></p>
+<p><a href="<?php echo esc_url(self::upgrade_link()); ?>" title="<?php
+/* translators: name of the plugin */
+echo esc_attr(sprintf(__('Contribute to %s', 'block-wp-login'), self::$plugin_name)); ?>" class="button-primary"><?php printf(esc_html(__('Contribute to %s', 'block-wp-login')), esc_html(self::$plugin_name)); ?></a> <a href="#" id="<?php echo esc_attr(self::$plugin_prefix); ?>-already-paid" title="<?php echo esc_attr(__('Aleady Contributed!', 'block-wp-login')); ?>" class="button-primary"><?php esc_html_e('Aleady Contributed!', 'block-wp-login'); ?></a></p>
 </div>
 
 <script type="text/javascript">
-    jQuery(document).on('click', '#<?php echo self::$plugin_prefix; ?>-already-paid', function() {
-        if (confirm(<?php echo json_encode(__('Have you really? Press "Cancel" if you forgot to 🙂', self::$plugin_text_domain)); ?>)) {
-            alert(<?php echo json_encode(__('Thank you!', self::$plugin_text_domain)); ?>);
-            jQuery('.<?php echo self::$plugin_prefix; ?>-notice').fadeTo(100, 0, function() {
-                jQuery('.<?php echo self::$plugin_prefix; ?>-notice').slideUp(100, function() {
-                    jQuery('.<?php echo self::$plugin_prefix; ?>-notice').remove()
+    jQuery(document).on('click', '#<?php echo esc_attr(self::$plugin_prefix); ?>-already-paid', function() {
+        if (confirm(<?php echo json_encode(__('Have you really? Press "Cancel" if you forgot to 🙂', 'block-wp-login')); ?>)) {
+            alert(<?php echo json_encode(__('Thank you!', 'block-wp-login')); ?>);
+            jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').fadeTo(100, 0, function() {
+                jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').slideUp(100, function() {
+                    jQuery('.<?php echo esc_attr(self::$plugin_prefix); ?>-notice').remove()
                 });
             });
@@ -461 +495 @@
                 url: ajaxurl,
                 data: {
-                    action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
+                    action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
                     donated: 'true',
-                    _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                    _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
                 }
             });
         } else {
-            window.location.assign('<?php echo self::upgrade_link(); ?>');
+            window.location.assign('<?php echo esc_url(self::upgrade_link()); ?>');
         }
     });
-    jQuery(document).on('click', '.<?php echo self::$plugin_prefix; ?>-notice .notice-dismiss', function() {
+    jQuery(document).on('click', '.<?php echo esc_attr(self::$plugin_prefix); ?>-notice .notice-dismiss', function() {
         jQuery.ajax({
             url: ajaxurl,
             data: {
-                action: 'dismiss_<?php echo self::$plugin_prefix; ?>_notice_handler',
-                _ajax_nonce: '<?php echo wp_create_nonce(self::$plugin_prefix . '-ajax-nonce'); ?>'
+                action: 'dismiss_<?php echo esc_attr(self::$plugin_prefix); ?>_notice_handler',
+                _ajax_nonce: '<?php echo esc_attr(wp_create_nonce(self::$plugin_prefix . '-ajax-nonce')); ?>'
             }
         });
@@ -509 +543 @@
                     is_admin() && 
                     $pagenow === 'customize.php' &&
-                    isset($_GET['theme']) && 
-                    !in_array($_GET['theme'], $themes, true)
+                    isset($_GET['theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    !in_array($_GET['theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ) && !(
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid']) && 
-                    !in_array($_GET['customize_theme'], $themes, true)
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    !in_array($_GET['customize_theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 )
             ) {
@@ -530 +564 @@
                     is_admin() && 
                     $pagenow === 'customize.php' &&
-                    isset($_GET['theme']) && 
-                    in_array($_GET['theme'], $themes, true)
+                    isset($_GET['theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    in_array($_GET['theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ) || (
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid']) && 
-                    in_array($_GET['customize_theme'], $themes, true)
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    in_array($_GET['customize_theme'], $themes, true) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 ))
             ) {
@@ -549 +583 @@
                     !is_admin() && 
                     $pagenow === 'index.php' &&
-                    isset($_GET['customize_theme']) && 
-                    isset($_GET['customize_changeset_uuid'])
+                    isset($_GET['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    isset($_GET['customize_changeset_uuid']) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 
             ) {
 
-                $child = wp_get_theme($_GET['customize_theme']);
+                $child = wp_get_theme(sanitize_file_name(wp_unslash($_GET['customize_theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
                 if (isset($child->template) && in_array($child->template, $themes, true)) {
@@ -568 +602 @@
                 is_admin() && 
                 ($pagenow === 'customize.php' || $pagenow === 'admin-ajax.php') &&
-                isset($_GET['theme']) || (isset($_POST['customize_theme']) && isset($_POST['customize_changeset_uuid']))
+                (
+                    isset($_GET['theme']) || // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+                    (
+                        isset($_POST['customize_theme']) && // phpcs:ignore WordPress.Security.NonceVerification.Missing
+                        isset($_POST['customize_changeset_uuid']) // phpcs:ignore WordPress.Security.NonceVerification.Missing
+                    )
+                )
             ) {
 
-                if (isset($_GET['theme'])) {
-
-                    $child = wp_get_theme($_GET['theme']);
+                if (isset($_GET['theme'])) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+
+                    $child = wp_get_theme(sanitize_file_name(wp_unslash($_GET['theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 
                 } else {
 
-                    $child = wp_get_theme($_POST['customize_theme']);
+                    $child = wp_get_theme(sanitize_file_name(wp_unslash($_POST['customize_theme']))); // phpcs:ignore WordPress.Security.NonceVerification.Missing
 
                 }
@@ -622 +662 @@
 
 ?>
-<span class="description customize-control-description"><?php echo $this->description; ?></span>
+<span class="description customize-control-description"><?php echo esc_html($this->description); ?></span>
 <?php
 
@@ -647 +687 @@
 ?>
         </ul>
-        <input type="hidden" id="_customize-input-<?php echo $this->id; ?>" <?php $this->link(); ?> value="<?php echo esc_attr(implode(',', $multi_values)); ?>" />
+        <input type="hidden" id="_customize-input-<?php echo esc_attr($this->id); ?>" <?php $this->link(); ?> value="<?php echo esc_attr(implode(',', $multi_values)); ?>" />
 <?php
 

block-wp-login/trunk/readme.txt

@@ -4 +4 @@
 Tags: security, secure, login security, block hackers, security plugin
 Requires at least: 3.5.0
-Tested up to: 6.8
+Tested up to: 6.9
 Requires PHP: 5.6
-Stable tag: 1.5.4
+Stable tag: 1.5.5
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -44 +44 @@
 
 == Changelog ==
+
+= 1.5.5 =
+* Fix a minor bug and general housekeeping preparing for "Plugin Check" code review
 
 = 1.5.4 =
@@ -178 +181 @@
 == Upgrade Notice ==
 
-= 1.5.4 =
-* Updated race condition prevention when WordPress core version changes
+= 1.5.5 =
+* Fix a minor bug and general housekeeping preparing for "Plugin Check" code review