Changeset 3443653
- Timestamp:
- 01/21/2026 12:05:50 AM (7 weeks ago)
- Location:
- ghostgate/trunk
- Files:
-
- 4 edited
-
ghostgate.php (modified) (2 diffs)
-
inc/core.php (modified) (1 diff)
-
inc/feature-login-slug.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ghostgate/trunk/ghostgate.php
r3366824 r3443653 4 4 * Plugin URI: https://arce-experience.com/product/ 5 5 * Description: ログインURLを隠して、2FA認証やDoS遮断も可能なWordPress専用セキュリティ強化ツールです。WordPress Login Hardening Plugin. 6 * Version: 1.3. 26 * Version: 1.3.3 7 7 * Author: ジー(Code GEE) 8 8 * Author URI: https://arce-experience.com/developer/ … … 18 18 19 19 // 定数定義 20 define('GHOSTGATE_VERSION', '1.3. 2');20 define('GHOSTGATE_VERSION', '1.3.3'); 21 21 define('GHOSTGATE_PATH', plugin_dir_path(__FILE__)); 22 22 define('GHOSTGATE_URL', plugin_dir_url(__FILE__)); -
ghostgate/trunk/inc/core.php
r3365740 r3443653 12 12 function ghostgate_block_key( $ip, $type = null ) { 13 13 $ip = preg_replace( '/[^0-9a-fA-F:\.\-]/', '', (string) $ip ); 14 $type = is_string( $type ) ? strtolower( preg_replace( '/[^a-z0-9_]/i', '', $type ) ) : '';15 14 //$type = is_string( $type ) ? strtolower( preg_replace( '/[^a-z0-9_]/i', '', $type ) ) : ''; 20260121修正 15 $type = strtolower( preg_replace( '/[^a-z0-9_]/i', '', (string) $type ) ); 16 16 $no_block_suffixes = array( 'block', 'count', 'notify', 'attempts', 'cooldown' ); 17 17 $channels = array( 'login', 'xmlrpc', 'ajax', 'rest' ); -
ghostgate/trunk/inc/feature-login-slug.php
r3366824 r3443653 42 42 43 43 // ✅ カスタムスラッグでアクセスされた場合 44 if ( $normalized_path === $expected_slug ) { 44 // if ( $normalized_path === $expected_slug ) { 45 if ( untrailingslashit($normalized_path) === untrailingslashit($expected_slug) ) { 45 46 46 47 // 🔒 認証コード未入力 → フォームを表示 -
ghostgate/trunk/readme.txt
r3366824 r3443653 3 3 Tags: security, two-factor authentication, limit login attempts, rest api, xml-rpc 4 4 Requires at least: 5.8 5 Tested up to: 6. 85 Tested up to: 6.9 6 6 Requires PHP: 7.4 7 Stable tag: 1.3. 27 Stable tag: 1.3.3 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 70 70 71 71 == Changelog == 72 73 = 1.3.3 - 2026-01-21 = 74 * Compatibility: Verified support for WordPress 6.9. 75 * Fix: Enhanced PHP 8.x compatibility (stricter type casting in internal key generation). 76 * Fix: Improved login slug detection to strictly handle trailing slashes, preventing 404 errors in some server configurations. 77 72 78 = 1.3.2 - 2025-09-24 = 73 * Fix – Resolved “Undefined variable $user_login / $errors” warnings on the login screen when using the custom login slug or pre-login code screen. The plugin now pre-initializes wp-login.php globals and sets `$pagenow` before loading the core login template. 74 * Fix – Prevented potential “headers already sent” issues by ensuring no output occurs before redirects or the core login inclusion in the 2FA/login slug flow. 75 * Improvement – Hardened login flow compatibility with core by preparing required globals when the plugin takes over the authentication path. 76 * Improvement – Minor internal refactors around request path normalization and IP detection to reduce edge cases in server environments. 77 * Dev – No database changes. Backward compatible with 1.3.1. 79 * Fix – Resolved “Undefined variable $user_login / $errors” warnings on the login screen. 80 * Fix – Prevented potential “headers already sent” issues. 81 * Improvement – Hardened login flow compatibility with core. 82 * Improvement – Minor internal refactors around request path normalization. 78 83 79 84 = 1.3.0 - 2025-09-22 = 80 * Security: Strengthened “Hide wp-json structure” — allowlist now stores **only actually registered routes** (including regex routes) and never breaks parameterized patterns. 81 * Fix: Route allowlist UI now correctly preserves selections for regex endpoints such as `/gbrl/v1/notify/(?P<slug>[^/]+)` and nested variants. 82 * Fix: Resolved rare fatal error on “Unblock IP” admin action by hardening input handling (supports single `ip` and `ip[]`, sanitizes/validates IPv4/IPv6, safe redirect). 83 * Dev: Added `ghostgate_sanitize_allowed_routes()` and `ghostgate_sanitize_allowed_prefixes()`; introduced a temporary bypass flag so the settings UI can enumerate all routes without being filtered by itself. 84 * Dev: Always whitelists `/` root in `rest_endpoints` filter; normalized custom prefixes (auto-leading slash, condensed duplicate slashes). 85 * Perf: Reduced overhead when building the REST route list on the settings page. 86 * Tweak: Copy and help text polish in settings; minor CSS/UI adjustments. 85 * Security: Strengthened “Hide wp-json structure”. 86 * Fix: Route allowlist UI now correctly preserves selections for regex endpoints. 87 * Fix: Resolved rare fatal error on “Unblock IP” admin action. 87 88 * Tested: Confirmed compatibility with WordPress 6.8. 88 89 89 90 = 1.2.1 = 90 * Tweak: Added brand header (logo + subtitle) to the code entry screen with Retina and dark mode support, plus minor a11y improvements.91 * Tweak: Added brand header (logo + subtitle) to the code entry screen. 91 92 * Tweak: Minor CSS polish. 92 93 93 94 = 1.2.0 = 94 * New: Added an option to block direct access to preview URLs with a 403 response (Settings → GhostGate → “Block preview display”). 95 * Dev: Added removal of the new option (ghostgate_block_preview) to uninstall.php. 96 * Tweak: Minor adjustments to settings UI descriptions. 95 * New: Added an option to block direct access to preview URLs. 97 96 98 97 = 1.1.1 = 99 * Maintenance and compliance improvements (enqueue scripts/styles; minor fixes) 100 * UI/diagnostics polish 101 * Tested up to WordPress 6.8 98 * Maintenance and compliance improvements. 102 99 103 100 = 1.1.0 = 104 * REST/JSON structure stealth options (allowlist & prefix-based allow) 105 * Improved status diagnostics and defaults for rate limits 101 * REST/JSON structure stealth options. 106 102 107 103 = 1.0.0 = 108 * Initial public release 109 * Dynamic login URL gate, 2FA email code 110 * IP restriction + logs, REST API and XML-RPC shielding 111 * Status analyzer and conflict detector 112 113 ➡ Full changelog (latest): https://arce-experience.com/changelog/#ghostgate 104 * Initial public release. 114 105 115 106 == Upgrade Notice == 116 = 1.2.0 = 117 Added an option to block direct access to preview URLs. It is OFF by default—enable it if needed. 118 119 = 1.1.1 = 120 Compliance and stability update. Please update to keep compatibility with the latest WordPress and to benefit from improved diagnostics. 107 = 1.3.3 = 108 This update includes compatibility verification for WordPress 6.9 and PHP 8.x improvements. Recommended for all users.
Note: See TracChangeset
for help on using the changeset viewer.