Changeset 640859
- Timestamp:
- 12/18/2012 12:07:39 AM (13 years ago)
- Location:
- better-wp-security/trunk/inc
- Files:
-
- 2 edited
-
admin/construct.php (modified) (2 diffs)
-
secure.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
better-wp-security/trunk/inc/admin/construct.php
r640296 r640859 16 16 **/ 17 17 function __construct() { 18 19 global $isIWP; 18 20 19 21 //add scripts and css … … 27 29 //add donation reminder 28 30 add_action( 'admin_init', array( &$this, 'ask' ) ); 31 32 //don't execute anything but SSL for InfiniteWP 33 if ( $isIWP === false ) { 29 34 30 add_action( 'admin_init', array( &$this, 'awaycheck' ) ); 35 add_action( 'admin_init', array( &$this, 'awaycheck' ) ); 36 37 } 31 38 32 39 //Process 404 .csv file -
better-wp-security/trunk/inc/secure.php
r640273 r640859 11 11 function __construct() { 12 12 13 global $bwpsoptions, $is_404; 14 15 $this->getIp(); 13 global $bwpsoptions, $is_404, $isIWP; 14 15 //set a global variable if this is a call from InfiniteWP 16 if ( defined( 'IWP_AUTHORISED_CALL' ) ) { 17 $isIWP = true; 18 } else { 19 $isIWP = false; 20 } 16 21 17 22 //Don't redirect any SSL if SSL is turned off. … … 19 24 add_action( 'template_redirect', array( &$this, 'sslredirect' ) ); 20 25 } 21 22 //execute default checks 23 add_action( 'init', array( &$this, 'siteinit' ) ); 24 25 //execute 404 check 26 if ( $bwpsoptions['id_enabled'] == 1 ) { 27 add_action( 'wp_head', array( &$this,'check404' ) ); 28 } 29 30 //remove wp-generator meta tag 31 if ( $bwpsoptions['st_generator'] == 1 ) { 32 remove_action( 'wp_head', 'wp_generator' ); 33 } 34 35 //remove login error messages if turned on 36 if ( $bwpsoptions['st_loginerror'] == 1 ) { 37 add_filter( 'login_errors', create_function( '$a', 'return null;' ) ); 38 } 39 40 //remove wlmanifest link if turned on 41 if ( $bwpsoptions['st_manifest'] == 1 ) { 42 remove_action( 'wp_head', 'wlwmanifest_link' ); 43 } 44 45 //remove rsd link from header if turned on 46 if ( $bwpsoptions['st_edituri'] == 1 ) { 47 remove_action( 'wp_head', 'rsd_link' ); 48 } 49 50 //ban extra-long urls if turned on 51 if ( $bwpsoptions['st_longurl'] == 1 && ! is_admin() ) { 52 53 if ( strlen( $_SERVER['REQUEST_URI'] ) > 255 || 54 55 strpos( $_SERVER['REQUEST_URI'], "eval(" ) || 56 strpos( $_SERVER['REQUEST_URI'], "CONCAT" ) || 57 strpos( $_SERVER['REQUEST_URI'], "UNION+SELECT" ) || 58 strpos( $_SERVER['REQUEST_URI'], "base64" ) ) { 59 @header( 'HTTP/1.1 414 Request-URI Too Long' ); 60 @header( 'Status: 414 Request-URI Too Long' ); 61 @header( 'Cache-Control: no-cache, must-revalidate' ); 62 @header( 'Expires: Thu, 22 Jun 1978 00:28:00 GMT' ); 63 @header( 'Connection: Close' ); 64 @exit; 65 66 } 67 68 } 69 70 //require strong passwords if turned on 71 if ( $bwpsoptions['st_enablepassword'] == 1 ) { 72 add_action( 'user_profile_update_errors', array( &$this, 'strongpass' ), 0, 3 ); 73 74 if ( isset( $_GET['action'] ) && ( $_GET['action'] == 'rp' || $_GET['action'] == 'resetpass' ) && isset( $_GET['login'] ) ) { 75 add_action( 'login_head', array( &$this, 'passwordreset' ) ); 76 } 77 78 } 79 80 //display random number for wordpress version if turned on 81 if ( $bwpsoptions['st_randomversion'] == 1 ) { 82 add_action( 'plugins_loaded', array( &$this, 'randomVersion' ) ); 83 } 84 85 //remove theme update notifications if turned on 86 if ( $bwpsoptions['st_themenot'] == 1 ) { 87 add_action( 'plugins_loaded', array( &$this, 'themeupdates' ) ); 88 } 89 90 //remove plugin update notifications if turned on 91 if ( $bwpsoptions['st_pluginnot'] == 1 ) { 92 add_action( 'plugins_loaded', array( &$this, 'pluginupdates' ) ); 93 } 94 95 //remove core update notifications if turned on 96 if ( $bwpsoptions['st_corenot'] == 1 ) { 97 add_action( 'plugins_loaded', array( &$this, 'coreupdates' ) ); 98 } 99 100 //load filecheck and backup if needed (if this isn't a 404 page) 101 if ( ! $is_404 ) { 102 add_action( 'plugins_loaded', array( &$this, 'backup' ) ); 103 104 add_action( 'plugins_loaded', array( &$this, 'filecheck' ) ); 26 27 //don't execute anything but SSL for InfiniteWP 28 if ( $isIWP === false ) { 29 30 //execute default checks 31 add_action( 'init', array( &$this, 'siteinit' ) ); 32 33 //execute 404 check 34 if ( $bwpsoptions['id_enabled'] == 1 ) { 35 add_action( 'wp_head', array( &$this,'check404' ) ); 36 } 37 38 //remove wp-generator meta tag 39 if ( $bwpsoptions['st_generator'] == 1 ) { 40 remove_action( 'wp_head', 'wp_generator' ); 41 } 42 43 //remove login error messages if turned on 44 if ( $bwpsoptions['st_loginerror'] == 1 ) { 45 add_filter( 'login_errors', create_function( '$a', 'return null;' ) ); 46 } 47 48 //remove wlmanifest link if turned on 49 if ( $bwpsoptions['st_manifest'] == 1 ) { 50 remove_action( 'wp_head', 'wlwmanifest_link' ); 51 } 52 53 //remove rsd link from header if turned on 54 if ( $bwpsoptions['st_edituri'] == 1 ) { 55 remove_action( 'wp_head', 'rsd_link' ); 56 } 57 58 //ban extra-long urls if turned on 59 if ( $bwpsoptions['st_longurl'] == 1 && ! is_admin() ) { 60 61 if ( strlen( $_SERVER['REQUEST_URI'] ) > 255 || 62 63 strpos( $_SERVER['REQUEST_URI'], "eval(" ) || 64 strpos( $_SERVER['REQUEST_URI'], "CONCAT" ) || 65 strpos( $_SERVER['REQUEST_URI'], "UNION+SELECT" ) || 66 strpos( $_SERVER['REQUEST_URI'], "base64" ) ) { 67 @header( 'HTTP/1.1 414 Request-URI Too Long' ); 68 @header( 'Status: 414 Request-URI Too Long' ); 69 @header( 'Cache-Control: no-cache, must-revalidate' ); 70 @header( 'Expires: Thu, 22 Jun 1978 00:28:00 GMT' ); 71 @header( 'Connection: Close' ); 72 @exit; 73 74 } 75 76 } 77 78 //require strong passwords if turned on 79 if ( $bwpsoptions['st_enablepassword'] == 1 ) { 80 add_action( 'user_profile_update_errors', array( &$this, 'strongpass' ), 0, 3 ); 81 82 if ( isset( $_GET['action'] ) && ( $_GET['action'] == 'rp' || $_GET['action'] == 'resetpass' ) && isset( $_GET['login'] ) ) { 83 add_action( 'login_head', array( &$this, 'passwordreset' ) ); 84 } 85 86 } 87 88 //display random number for wordpress version if turned on 89 if ( $bwpsoptions['st_randomversion'] == 1 ) { 90 add_action( 'plugins_loaded', array( &$this, 'randomVersion' ) ); 91 } 92 93 //remove theme update notifications if turned on 94 if ( $bwpsoptions['st_themenot'] == 1 ) { 95 add_action( 'plugins_loaded', array( &$this, 'themeupdates' ) ); 96 } 97 98 //remove plugin update notifications if turned on 99 if ( $bwpsoptions['st_pluginnot'] == 1 ) { 100 add_action( 'plugins_loaded', array( &$this, 'pluginupdates' ) ); 101 } 102 103 //remove core update notifications if turned on 104 if ( $bwpsoptions['st_corenot'] == 1 ) { 105 add_action( 'plugins_loaded', array( &$this, 'coreupdates' ) ); 106 } 107 108 //load filecheck and backup if needed (if this isn't a 404 page) 109 if ( ! $is_404 ) { 110 add_action( 'plugins_loaded', array( &$this, 'backup' ) ); 111 112 add_action( 'plugins_loaded', array( &$this, 'filecheck' ) ); 113 } 114 105 115 } 106 116
Note: See TracChangeset
for help on using the changeset viewer.