Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3199740

Timestamp:

11/30/2024 04:57:49 AM (16 months ago)

Author:

blobfolio

Message:

release: 21.8.1

Location:

apocalypse-meow/trunk

Files:

: 5 edited

index.php (modified) (2 diffs)
languages/apocalypse-meow-es_ES.po (modified) (12 diffs)
languages/apocalypse-meow.pot (modified) (22 diffs)
lib/blobfolio/wp/meow/login.php (modified) (3 diffs)
readme.txt (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

apocalypse-meow/trunk/index.php

-                      r3197854
+                      r3199740
+ *
  * @package Apocalypse Meow
  * @version 21.8.0
+ * @version 21.8.1
+ *
  * @wordpress-plugin
  * Plugin Name: Apocalypse Meow
  * Version: 21.8.0
+ * Version: 21.8.1
  * Plugin URI: https://wordpress.org/plugins/apocalypse-meow/
  * Description: A simple, light-weight collection of tools to harden WordPress security and help mitigate common types of attacks.
 …
 // Constants.
 define('MEOW_VERSION', '21.8.0');
+define('MEOW_VERSION', '21.8.1');
 define('MEOW_MIN_PHP', '7.2.0');
 define('MEOW_PLUGIN_DIR', __DIR__ . '/');

apocalypse-meow/trunk/languages/apocalypse-meow-es_ES.po

-                      r3197854
+                      r3199740
 "Project-Id-Version: Apocalypse Meow\n"
 "Report-Msgid-Bugs-To: Translator Name <translations@example.com>\n"
 "POT-Creation-Date: 2024-11-26 21:48-0800\n"
+"POT-Creation-Date: 2024-11-29 20:47-0800\n"
 "PO-Revision-Date: \n"
 "Last-Translator: Josh Stoik <josh@blobfolio.com>\n"
 …
 #: lib/blobfolio/wp/meow/cli/activity.php:136
 #: lib/blobfolio/wp/meow/cli/activity.php:447
 #: lib/blobfolio/wp/meow/cli/jail.php:121 lib/blobfolio/wp/meow/login.php:629
+#: lib/blobfolio/wp/meow/cli/jail.php:121 lib/blobfolio/wp/meow/login.php:634
 msgid "IP"
 msgstr "IP"
 …
 msgstr "Y/m/d"
 #: lib/blobfolio/wp/meow/ajax.php:107 lib/blobfolio/wp/meow/login.php:359
 #: lib/blobfolio/wp/meow/login.php:931 lib/blobfolio/wp/meow/login.php:991
+#: lib/blobfolio/wp/meow/ajax.php:107 lib/blobfolio/wp/meow/login.php:364
+#: lib/blobfolio/wp/meow/login.php:936 lib/blobfolio/wp/meow/login.php:996
 msgid "The form had expired. Please try again."
 msgstr "El formulario había caducado. Vuelve a intentarlo."
 …
 #: lib/blobfolio/wp/meow/cli/activity.php:448
 #: lib/blobfolio/wp/meow/login.php:628
+#: lib/blobfolio/wp/meow/login.php:633
 msgid "Browser"
 msgstr "Navegador"
 …
 msgstr "Ingresar negado"
 #: lib/blobfolio/wp/meow/login.php:268 lib/blobfolio/wp/meow/login.php:359
 #: lib/blobfolio/wp/meow/login.php:823 lib/blobfolio/wp/meow/login.php:875
 #: lib/blobfolio/wp/meow/login.php:940 lib/blobfolio/wp/meow/login.php:991
 #: lib/blobfolio/wp/meow/login.php:1045
+#: lib/blobfolio/wp/meow/login.php:271 lib/blobfolio/wp/meow/login.php:364
+#: lib/blobfolio/wp/meow/login.php:828 lib/blobfolio/wp/meow/login.php:880
+#: lib/blobfolio/wp/meow/login.php:945 lib/blobfolio/wp/meow/login.php:996
+#: lib/blobfolio/wp/meow/login.php:1050
 msgid "ERROR:"
 msgstr "ERROR:"
 #: lib/blobfolio/wp/meow/login.php:268 lib/blobfolio/wp/meow/login.php:303
+#: lib/blobfolio/wp/meow/login.php:271 lib/blobfolio/wp/meow/login.php:308
 #, fuzzy
 #| msgid ""
 …
 "temporalmente prohibidos. Por favor, inténtelo de nuevo más tarde."
+#: lib/blobfolio/wp/meow/login.php:303
+#: lib/blobfolio/wp/meow/login.php:272
+#, fuzzy
+#| msgid "Login Jail"
+msgid "Login Unavailable"
+msgstr "La cárcel"
+#: lib/blobfolio/wp/meow/login.php:308
 msgid "NOTE:"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:615
+#: lib/blobfolio/wp/meow/login.php:620
 msgid "Hi"
 msgstr "Hola"
 #: lib/blobfolio/wp/meow/login.php:618
+#: lib/blobfolio/wp/meow/login.php:623
 #, php-format
 msgid ""
 …
 "desde una nueva dirección de red."
 #: lib/blobfolio/wp/meow/login.php:623
+#: lib/blobfolio/wp/meow/login.php:628
 #, php-format
 msgid ""
 …
 "que no se han realizado cambios no autorizados en su cuenta."
 #: lib/blobfolio/wp/meow/login.php:627
+#: lib/blobfolio/wp/meow/login.php:632
 msgid "Login Time"
 msgstr "Hora de inicio de sesión"
 #: lib/blobfolio/wp/meow/login.php:631
+#: lib/blobfolio/wp/meow/login.php:636
 msgid "This email has been sent to"
 msgstr "Este correo electrónico se ha enviado a"
 #: lib/blobfolio/wp/meow/login.php:633
+#: lib/blobfolio/wp/meow/login.php:638
 msgid "Regards,"
 msgstr "Saludos,"
 #: lib/blobfolio/wp/meow/login.php:634
+#: lib/blobfolio/wp/meow/login.php:639
 msgid "All at"
 msgstr "Todos en"
 #: lib/blobfolio/wp/meow/login.php:641
+#: lib/blobfolio/wp/meow/login.php:646
 msgid "Login Alert"
 msgstr "Alerta de inicio de sesión"
 #: lib/blobfolio/wp/meow/login.php:762
+#: lib/blobfolio/wp/meow/login.php:767
 msgid "Login attempts remaining"
 msgstr "Intentos de inicio de sesión restantes"
 #: lib/blobfolio/wp/meow/login.php:823
+#: lib/blobfolio/wp/meow/login.php:828
 msgid "Registration requires cookie support."
 msgstr "El registro requiere soporte para cookies."
 #: lib/blobfolio/wp/meow/login.php:844 lib/blobfolio/wp/meow/login.php:845
+#: lib/blobfolio/wp/meow/login.php:849 lib/blobfolio/wp/meow/login.php:850
 msgid "Please leave this field blank."
 msgstr "Deje este campo en blanco."
 #: lib/blobfolio/wp/meow/login.php:875
+#: lib/blobfolio/wp/meow/login.php:880
 msgid "The control field should be left blank."
 msgstr "El campo de control debe dejarse en blanco."
 #: lib/blobfolio/wp/meow/login.php:900 lib/blobfolio/wp/meow/login.php:935
+#: lib/blobfolio/wp/meow/login.php:905 lib/blobfolio/wp/meow/login.php:940
 msgid "Registration requires Javascript support."
 msgstr "El registro requiere soporte para Javascript."
 #: lib/blobfolio/wp/meow/login.php:1045
+#: lib/blobfolio/wp/meow/login.php:1050
 msgid "The form was submitted too quickly. Please wait a moment and try again."
 msgstr ""
 …
 "intentarlo."
 #: lib/blobfolio/wp/meow/login.php:1065
+#: lib/blobfolio/wp/meow/login.php:1070
 msgid ""
 "For security reasons, registrations from your network are temporarily "
 …
 "prohibidos. Por favor, inténtelo de nuevo más tarde."
 #: lib/blobfolio/wp/meow/login.php:1066
+#: lib/blobfolio/wp/meow/login.php:1071
 msgid "Registration Denied"
 msgstr "Registro denegado"
 #: lib/blobfolio/wp/meow/login.php:1151
+#: lib/blobfolio/wp/meow/login.php:1156
 msgid "Registration attempts remaining"
 msgstr "Intentos de registro restantes"
 #: lib/blobfolio/wp/meow/login.php:1481
+#: lib/blobfolio/wp/meow/login.php:1486
 #, php-format
 msgid ""
 …
 "favor, intente otra cosa!"
 #: lib/blobfolio/wp/meow/login.php:1497
+#: lib/blobfolio/wp/meow/login.php:1502
 msgid "The password must contain at least one letter."
 msgstr "La contraseña debe contener al menos una letra."
 #: lib/blobfolio/wp/meow/login.php:1503
+#: lib/blobfolio/wp/meow/login.php:1508
 msgid ""
 "The password must contain at least one uppercase letter and one lowercase "
 …
 "La contraseña debe contener al menos una letra mayúscula y una minúscula."
 #: lib/blobfolio/wp/meow/login.php:1508
+#: lib/blobfolio/wp/meow/login.php:1513
 msgid "The password must contain at least one number."
 msgstr "La contraseña debe contener al menos un número."
 #: lib/blobfolio/wp/meow/login.php:1513
+#: lib/blobfolio/wp/meow/login.php:1518
 msgid "The password must contain at least one non-alphanumeric symbol."
 msgstr "La contraseña debe contener al menos un símbolo no alfanumérico."
 #: lib/blobfolio/wp/meow/login.php:1520
+#: lib/blobfolio/wp/meow/login.php:1525
 #, php-format
 msgid "The password must be at least %d characters long."
 msgstr "La contraseña debe tener al menos %d caracteres."
 #: lib/blobfolio/wp/meow/login.php:1534
+#: lib/blobfolio/wp/meow/login.php:1539
 #, php-format
 msgid "The password must consist of at least %d different characters."

apocalypse-meow/trunk/languages/apocalypse-meow.pot

-                      r3197854
+                      r3199740
 "com>\n"
 "POT-Creation-Date: "
 "2024-11-26 21:48-0800\n"
+"2024-11-29 20:46-0800\n"
 "PO-Revision-Date: \n"
 "Last-Translator: Your "
 …
 #: lib/blobfolio/wp/meow/cli/activity.php:447
 #: lib/blobfolio/wp/meow/cli/jail.php:121
 #: lib/blobfolio/wp/meow/login.php:629
+#: lib/blobfolio/wp/meow/login.php:634
 msgid "IP"
 msgstr ""
 …
 #: lib/blobfolio/wp/meow/ajax.php:107
 #: lib/blobfolio/wp/meow/login.php:359
 #: lib/blobfolio/wp/meow/login.php:931
 #: lib/blobfolio/wp/meow/login.php:991
+#: lib/blobfolio/wp/meow/login.php:364
+#: lib/blobfolio/wp/meow/login.php:936
+#: lib/blobfolio/wp/meow/login.php:996
 msgid ""
 "The form had expired. "
 …
 #: lib/blobfolio/wp/meow/cli/activity.php:448
 #: lib/blobfolio/wp/meow/login.php:628
+#: lib/blobfolio/wp/meow/login.php:633
 msgid "Browser"
 msgstr ""
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:268
 #: lib/blobfolio/wp/meow/login.php:359
 #: lib/blobfolio/wp/meow/login.php:823
 #: lib/blobfolio/wp/meow/login.php:875
 #: lib/blobfolio/wp/meow/login.php:940
 #: lib/blobfolio/wp/meow/login.php:991
 #: lib/blobfolio/wp/meow/login.php:1045
+#: lib/blobfolio/wp/meow/login.php:271
+#: lib/blobfolio/wp/meow/login.php:364
+#: lib/blobfolio/wp/meow/login.php:828
+#: lib/blobfolio/wp/meow/login.php:880
+#: lib/blobfolio/wp/meow/login.php:945
+#: lib/blobfolio/wp/meow/login.php:996
+#: lib/blobfolio/wp/meow/login.php:1050
 msgid "ERROR:"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:268
 #: lib/blobfolio/wp/meow/login.php:303
+#: lib/blobfolio/wp/meow/login.php:271
+#: lib/blobfolio/wp/meow/login.php:308
 msgid ""
 "New logins are "
 …
 msgstr ""
+#: lib/blobfolio/wp/meow/login.php:303
+#: lib/blobfolio/wp/meow/login.php:272
+msgid "Login Unavailable"
+msgstr ""
+#: lib/blobfolio/wp/meow/login.php:308
 msgid "NOTE:"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:615
+#: lib/blobfolio/wp/meow/login.php:620
 msgid "Hi"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:618
+#: lib/blobfolio/wp/meow/login.php:623
 #, php-format
 msgid ""
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:623
+#: lib/blobfolio/wp/meow/login.php:628
 #, php-format
 msgid ""
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:627
+#: lib/blobfolio/wp/meow/login.php:632
 msgid "Login Time"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:631
+#: lib/blobfolio/wp/meow/login.php:636
 msgid ""
 "This email has been sent "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:633
+#: lib/blobfolio/wp/meow/login.php:638
 msgid "Regards,"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:634
+#: lib/blobfolio/wp/meow/login.php:639
 msgid "All at"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:641
+#: lib/blobfolio/wp/meow/login.php:646
 msgid "Login Alert"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:762
+#: lib/blobfolio/wp/meow/login.php:767
 msgid ""
 "Login attempts remaining"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:823
+#: lib/blobfolio/wp/meow/login.php:828
 msgid ""
 "Registration requires "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:844
 #: lib/blobfolio/wp/meow/login.php:845
+#: lib/blobfolio/wp/meow/login.php:849
+#: lib/blobfolio/wp/meow/login.php:850
 msgid ""
 "Please leave this field "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:875
+#: lib/blobfolio/wp/meow/login.php:880
 msgid ""
 "The control field should "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:900
 #: lib/blobfolio/wp/meow/login.php:935
+#: lib/blobfolio/wp/meow/login.php:905
+#: lib/blobfolio/wp/meow/login.php:940
 msgid ""
 "Registration requires "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1045
+#: lib/blobfolio/wp/meow/login.php:1050
 msgid ""
 "The form was submitted "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1065
+#: lib/blobfolio/wp/meow/login.php:1070
 msgid ""
 "For security reasons, "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1066
+#: lib/blobfolio/wp/meow/login.php:1071
 msgid "Registration Denied"
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1151
+#: lib/blobfolio/wp/meow/login.php:1156
 msgid ""
 "Registration attempts "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1481
+#: lib/blobfolio/wp/meow/login.php:1486
 #, php-format
 msgid ""
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1497
+#: lib/blobfolio/wp/meow/login.php:1502
 msgid ""
 "The password must "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1503
+#: lib/blobfolio/wp/meow/login.php:1508
 msgid ""
 "The password must "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1508
+#: lib/blobfolio/wp/meow/login.php:1513
 msgid ""
 "The password must "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1513
+#: lib/blobfolio/wp/meow/login.php:1518
 msgid ""
 "The password must "
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1520
+#: lib/blobfolio/wp/meow/login.php:1525
 #, php-format
 msgid ""
 …
 msgstr ""
 #: lib/blobfolio/wp/meow/login.php:1534
+#: lib/blobfolio/wp/meow/login.php:1539
 #, php-format
 msgid ""

apocalypse-meow/trunk/lib/blobfolio/wp/meow/login.php

-                      r3197854
+                      r3199740
         if ($settings['login']['lockdown_limit']) {
             \add_action('wp_login_errors', array(static::class, 'login_lockdown_message'), 100, 1);
             \add_action('authenticate', array(static::class, 'login_lockdown'), 50, 1);
+            \add_action('authenticate', array(static::class, 'login_lockdown'), 5, 2);
+        }
 …
      * Login Lockdown.
+     *
+     * @param WP_User $user User object.
+     * If the lockdown applies, log the request as a de-facto failure and exit
+     * with a 403 error.
+     *
+     * @param WP_User $user User object or null.
+     * @param string $username Username (raw).
      * @return mixed User or error.
      */
     public static function login_lockdown($user) {
+    public static function login_lockdown($user=null, $username='') {
         if (('POST' === \getenv('REQUEST_METHOD')) && static::is_login_lockdown()) {
+            return new WP_Error(
+                'meow_login_lockdown',
+            // Log it as a failure.
+            static::login_log_fail($username);
+            // Then kill the process good and dead!
+            \wp_die(
                 '<strong>' . \__('ERROR:', 'apocalypse-meow') . '</strong> ' . \__('New logins are temporarily disabled. Please try again in a few minutes.', 'apocalypse-meow'),
+                \__('Login Unavailable', 'apocalypse-meow'),
+,
             );
+        }
 …
     public static function login_lockdown_message($errors) {
         if (
             // Post attempts will get their own error.
+            // Post attempts are handled separately.
             ('POST' !== \getenv('REQUEST_METHOD')) &&
             // Ignore WP's random non-login bits that use this hook.

apocalypse-meow/trunk/readme.txt

-                      r3197854
+                      r3199740
 == Changelog ==
+= 21.8.1 =
+* [Misc] Exit with 403 for lockdown POST requests instead of returning error.
 = 21.8.0 =
 * [New] Login Lockdown option to help mitigate distributed brute-force attacks.
 …
 * [Docs] Update notes for the `referrer-policy` setting.
+= 21.7.2 =
+* [Fix] Improve PHP 8 compatibility.
+== Upgrade Notice ==
+== Upgrade Notice ==
+= 21.8.1 =
+This release tweaks the lockdown behavior to exit POST requests with a 403 status instead of returning an error.
 = 21.8.0 =
 …
 = 21.7.3 =
 This release provides updated documentation for the `referrer-policy` setting.
-= 21.7.2 =
-This release improves compatibility with PHP 8.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: