Changeset 3436004
- Timestamp:
- 01/09/2026 02:42:58 PM (3 months ago)
- Location:
- wp-guardian/trunk
- Files:
-
- 4 edited
-
modules/firewall.php (modified) (4 diffs)
-
modules/security-measures.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
-
wp-guardian.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-guardian/trunk/modules/firewall.php
r3433652 r3436004 48 48 'wp-json/wp/', 49 49 'wp-json/edd/', 50 'wp-json/gf/', 50 51 ]; 51 52 … … 56 57 } 57 58 58 // If it's a REST API request and user is authenticated, skip all firewall checks59 if ( $is_rest_request && is_user_logged_in()) {59 // If it's a REST API request, skip all firewall checks (REST API is WordPress core functionality) 60 if ( $is_rest_request ) { 60 61 return; 61 62 } … … 134 135 135 136 if ( $post_scanning && isset( $_POST ) && $should_deep_scan ) { 136 // Skip POST scanning for a uthenticated REST API requests137 if ( $is_rest_request && is_user_logged_in()) {137 // Skip POST scanning for all REST API requests (REST API is WordPress core functionality) 138 if ( $is_rest_request ) { 138 139 return; 139 140 } … … 148 149 } 149 150 150 // Skip POST scanning for authenticated users in admin or REST API151 if ( ( is_admin() || ( $is_rest_request && is_user_logged_in() )) ) {151 // Skip POST scanning for authenticated users in admin 152 if ( is_admin() ) { 152 153 continue; 153 154 } -
wp-guardian/trunk/modules/security-measures.php
r3435127 r3436004 214 214 'init', 215 215 function () { 216 // Skip blocking for a uthenticated REST API requests216 // Skip blocking for all REST API requests (REST API is WordPress core functionality) 217 217 $is_rest_request = false; 218 218 if ( isset( $_SERVER['REQUEST_URI'] ) ) { … … 223 223 } 224 224 225 // Only block if not admin, not logged in, and not a uthenticatedREST API request226 if ( ! is_admin() && ! is_user_logged_in() && ! ( $is_rest_request && is_user_logged_in() )) {225 // Only block if not admin, not logged in, and not a REST API request 226 if ( ! is_admin() && ! is_user_logged_in() && ! $is_rest_request ) { 227 227 $request_uri = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : ''; 228 228 $restricted = [ '\.git', '\.svn', '\.env$', 'wp-config\.php$', '\.htaccess$', '\.htpasswd$' ]; -
wp-guardian/trunk/readme.txt
r3435127 r3436004 7 7 Requires PHP: 7.0 8 8 Requires CP: 2.0 9 Stable tag: 1.8. 49 Stable tag: 1.8.5 10 10 License: GPLv3 or later 11 11 License URI: https://www.gnu.org/licenses/gpl-3.0.html … … 43 43 44 44 == Changelog == 45 46 = 1.8.5 = 47 * Fix: All REST API requests (including unauthenticated) are now excluded from firewall blocking to support Gravity Forms and other plugins 48 * Fix: Gravity Forms REST API endpoints are now whitelisted to prevent blocking form submissions 49 * Fix: Gravity Forms form submissions from logged-out users now work correctly 45 50 46 51 = 1.8.4 = -
wp-guardian/trunk/wp-guardian.php
r3435127 r3436004 4 4 * Plugin URI: https://getbutterfly.com/wordpress-plugins/wp-guardian/ 5 5 * Description: An easy way to harden your website's security effectively. 6 * Version: 1.8. 46 * Version: 1.8.5 7 7 * Author: Ciprian Popescu 8 8 * Author URI: https://getbutterfly.com/ … … 33 33 } 34 34 35 define( 'DTJWPG_VERSION', '1.8. 4' );35 define( 'DTJWPG_VERSION', '1.8.5' ); 36 36 define( 'DTJWPG_URL', __FILE__ ); 37 37 define( 'DTJWPG_BASENAME', plugin_basename( DTJWPG_URL ) );
Note: See TracChangeset
for help on using the changeset viewer.