WordPress.org
Get WordPress

Plugin Directory

Changeset 464769


Ignore:
Timestamp:
11/18/2011 03:25:41 PM (14 years ago)
Author:
ljmacphee
Message:

Security patch

Location:
ttc-wordpress-security-plugin/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • ttc-wordpress-security-plugin/trunk/readme.txt

    r432898 r464769  
    44Requires at least: 2.5
    55Tested up to: 3.2.1
    6 Stable tag: 3.2
     6Stable tag: 3.3
    77
    88This plugin blocks scrapers, cross-site scripting attempts, and other ill behaved bots.  This is the second of three security plugins.

  • ttc-wordpress-security-plugin/trunk/ttc_security.php

    r432898 r464769  
    22    /**
    33     * @package TimesToCome_Security_Plugin
    4      * @version 3.2
     4     * @version 3.3
    55     **/
    66    /*
    77     Plugin Name: TimesToCome Security Plugin
    8      Version: 3.2
     8     Version: 3.3
    99     Plugin URI:  http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html
    1010     Description: Security plugin for Wordpress
     
    4747    //Aug 2011 version 3.1 fix overwriting of log file names
    4848// ************************************************************************************************************
    49     // Sept 2011 version 3.2 fix redirect loops
     49    //Nov 2011 version 3.3 security fix
    5050// ************************************************************************************************************
    51 
    52    
     51   
    5352
    5453
     
    6564    $request_method = $_SERVER['REQUEST_METHOD'];
    6665
    67    
     66    // clean server vars
     67    // server variables
     68    $http_accept = mysql_real_escape_string($http_accept);
     69    $http_remote_addr = mysql_real_escape_string($http_remote_addr);
     70    $http_local_addr = mysql_real_escape_string($http_local_addr);
     71    $http_user_agent = mysql_real_escape_string($http_user_agent) ;
     72    $request_time = mysql_real_escape_string($request_time);
     73    $request_uri = mysql_real_escape_string($request_uri) ;
     74    $request_method = mysql_real_escape_string($request_method);
     75
    6876
    6977
     
    280288        $http_remote_addr = htmlentities($http_remote_addr);
    281289        $request_uri = htmlentities($request_uri);
     290       
     291        // clean again to prevent injection attacks
     292        $http_accept = mysql_real_escape_string($http_accept);
     293        $http_user_agent = mysql_real_escape_string($http_user_agent);
     294        $http_remote_addr = mysql_real_escape_string($http_remote_addr);
     295        $request_uri = mysql_real_escape_string($request_uri);
     296       
     297       
    282298       
    283299        // ok now stuff the info into the log files in the db
Note: See TracChangeset for help on using the changeset viewer.