WordPress.org

Plugin Directory

Changeset 379805


Ignore:
Timestamp:
05/02/11 12:41:58 (3 years ago)
Author:
ampt
Message:

version 1.0.1

Location:
mute-screamer/trunk
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • mute-screamer/trunk/css/mscr.css

    r306700 r379805  
    88    -webkit-border-top-right-radius: 3px; 
    99    border-top-right-radius: 3px; 
    10  
    1110    margin: 0 0 1em 0; 
    1211    padding: 0;  
     
    4746    width: 100%; 
    4847} 
     48#mscr_diff div.mscr_diff_file #revision-field-content td div.pre table.diff .first { 
     49    width: auto; 
     50    padding: 0 1em 0 .5em; 
     51} 
    4952#mscr_diff div.mscr_diff_file #revision-field-content td div.pre table.diff .start-block { 
    5053    background: #e6eff2; 
    5154    color: #908787; 
    5255} 
     56#mscr_diff .mscr-message { 
     57    margin: 5px 0 15px; 
     58    background-color: #ffffe0; 
     59    border-color: #e6db55; 
     60    border-radius: 3px 3px 3px 3px; 
     61    border-style: solid; 
     62    border-width: 1px; 
     63    padding: 0 0.6em;    
     64} 
     65#mscr_diff .mscr-message p { 
     66    margin-top: 1em; 
     67} 
  • mute-screamer/trunk/languages/mute-screamer.pot

    r353055 r379805  
    33msgid "" 
    44msgstr "" 
    5 "Project-Id-Version: Mute Screamer 1.0.0-beta\n" 
     5"Project-Id-Version: Mute Screamer 1.0.1-beta\n" 
    66"Report-Msgid-Bugs-To: http://wordpress.org/tags/mute-screamer\n" 
    7 "POT-Creation-Date: 2011-02-28 08:32:45+00:00\n" 
     7"POT-Creation-Date: 2011-05-02 11:42:57+00:00\n" 
    88"MIME-Version: 1.0\n" 
    99"Content-Type: text/plain; charset=UTF-8\n" 
     
    5555msgstr "" 
    5656 
    57 #: libraries/mscr/Update.php:275 mscr_admin.php:215 views/admin_update.php:3 
     57#: libraries/mscr/Update.php:297 mscr_admin.php:215 views/admin_update.php:3 
    5858msgid "Mute Screamer" 
    5959msgstr "" 
    6060 
    61 #: libraries/mscr/Update.php:276 
    62 msgid "Is up to date." 
    63 msgstr "" 
    64  
    65 #: libraries/mscr/Update.php:293 libraries/mscr/Update.php:369 
    66 #: libraries/mscr/Update.php:400 
     61#: libraries/mscr/Update.php:298 
     62msgid "All files are up to date." 
     63msgstr "" 
     64 
     65#: libraries/mscr/Update.php:315 libraries/mscr/Update.php:391 
     66#: libraries/mscr/Update.php:422 
    6767msgid "You do not have sufficient permissions to update Mute Screamer for this site." 
    6868msgstr "" 
    6969 
    70 #: libraries/mscr/Update.php:308 
     70#: libraries/mscr/Update.php:330 
    7171msgid "%s does not exist." 
    7272msgstr "" 
    7373 
    74 #: libraries/mscr/Update.php:312 
     74#: libraries/mscr/Update.php:334 
    7575msgid "Can not read file %s." 
    7676msgstr "" 
    7777 
    78 #: libraries/mscr/Update.php:321 
     78#: libraries/mscr/Update.php:343 
    7979msgid "Could not connect to phpids.org, please try again later." 
    8080msgstr "" 
    8181 
    82 #: libraries/mscr/Update.php:338 libraries/mscr/Update.php:374 
    83 #: libraries/mscr/Update.php:379 views/admin_update.php:7 
     82#: libraries/mscr/Update.php:360 libraries/mscr/Update.php:396 
     83#: libraries/mscr/Update.php:401 views/admin_update.php:7 
    8484#: views/admin_update.php:34 views/admin_update_diff.php:5 
    8585msgid "Update Mute Screamer" 
    8686msgstr "" 
    8787 
    88 #: libraries/mscr/Update.php:407 
     88#: libraries/mscr/Update.php:429 
    8989msgid "%s can't be upgraded." 
    9090msgstr "" 
     
    126126msgstr "" 
    127127 
    128 #: libraries/mscr/Utils.php:118 
     128#: libraries/mscr/Utils.php:123 
    129129msgid "Mute Screamer requires that your uploads folder %s is writable." 
    130130msgstr "" 
    131131 
    132 #: libraries/mscr/Utils.php:127 
     132#: libraries/mscr/Utils.php:132 
    133133msgid "Mute Screamer multisite install currently not supported." 
    134134msgstr "" 
     
    180180msgstr[1] "" 
    181181 
    182 #: mscr_admin.php:250 
     182#: mscr_admin.php:250 mute-screamer.php:625 mute-screamer.php:634 
    183183msgid "Updates %s" 
    184184msgstr "" 
     
    226226msgstr "" 
    227227 
    228 #: mute-screamer.php:277 
     228#: mute-screamer.php:280 
    229229msgid "[%s] Mute Screamer IDS Alert" 
    230230msgstr "" 
    231231 
    232 #: mute-screamer.php:513 
     232#: mute-screamer.php:516 templates/500.php:13 
    233233msgid "There was an error with the page you requested." 
    234234msgstr "" 
    235235 
    236 #: mute-screamer.php:517 
     236#: mute-screamer.php:520 templates/500.php:19 
    237237msgid "There was a problem processing your request." 
     238msgstr "" 
     239 
     240#: mute-screamer.php:606 
     241msgid "%d Mute Screamer Update" 
     242msgid_plural "%d Mute Screamer Updates" 
     243msgstr[0] "" 
     244msgstr[1] "" 
     245 
     246#: templates/500.php:12 
     247msgid "An Error Was Encountered" 
     248msgstr "" 
     249 
     250#: templates/500.php:18 
     251msgid "%s Unavailable" 
    238252msgstr "" 
    239253 
     
    368382 
    369383#: views/admin_options.php:91 
    370 msgid "User Banning" 
     384msgid "IP Banning" 
    371385msgstr "" 
    372386 
    373387#: views/admin_options.php:92 
    374 msgid "Users can be banned for attacks over a certain threshold or for a number of repeated attacks." 
     388msgid "Clients can be banned for attacks over a certain threshold or for a number of repeated attacks." 
    375389msgstr "" 
    376390 
     
    384398 
    385399#: views/admin_options.php:111 
    386 msgid "Number of seconds a user will be banned." 
     400msgid "Number of seconds a client will be banned." 
    387401msgstr "" 
    388402 
     
    392406 
    393407#: views/admin_options.php:119 
    394 msgid "Minimum impact to ban a user." 
     408msgid "Minimum impact to ban a client." 
    395409msgstr "" 
    396410 
     
    400414 
    401415#: views/admin_options.php:127 
    402 msgid "Number of repeated attacks before a user is banned (repeat attacks can be under the ban threshold)." 
     416msgid "Number of repeated attacks before a client is banned (repeat attacks can be under the ban threshold)." 
    403417msgstr "" 
    404418 
  • mute-screamer/trunk/libraries/IDS/Converter.php

    r352695 r379805  
    124124        $value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value); 
    125125        $value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value); 
     126        $value = preg_replace('/[^&\-]#.*\n/m', ' ', $value); 
    126127 
    127128        return $value; 
     
    336337         
    337338        $value   = preg_replace('/\W+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value); 
    338         $value   = preg_replace('/null[,"\s]/ims', ',0', $value); 
     339        $value   = preg_replace('/null([,"\s])/ims', '0$1', $value); 
    339340        $value   = preg_replace('/\d+\./ims', ' 1', $value); 
    340341        $value   = preg_replace('/,null/ims', ',0', $value); 
     
    342343        $value   = preg_replace('/(?:and\s+\d+\.?\d*)/ims', '', $value); 
    343344        $value   = preg_replace('/(?:\s+and\s+)/ims', ' or ', $value); 
    344  
    345         $pattern = array('/[^\w,(]null|\\\n|true|false|utc_time|' . 
    346                          'localtime(?:stamp)?|current_\w+|binary|' . 
    347                          '(?:(?:ascii|soundex|find_in_set|' . 
    348                          'md5|r?like)[+\s]*\([^()]+\))|(?:-+\d)/ims'); 
    349         $value   = preg_replace($pattern, 0, $value); 
    350345 
    351346        $pattern = array('/(?:not\s+between)|(?:is\s+not)|(?:not\s+in)|' . 
  • mute-screamer/trunk/libraries/IDS/default_filter.xml

    r352695 r379805  
    7272    <filter> 
    7373        <id>8</id> 
    74         <rule><![CDATA[(?:\/\w*\s*\)\s*\()|(?:\(.*\/.+\/\w*\s*\))|(?:\([\w\s]+\([\w\s]+\)[\w\s]+\))|(?:(?<!(?:mozilla\/\d\.\d\s))\([^)[]+\[[^\]]+\][^)]*\))|(?:[^\s!][{([][^({[]+[{([][^}\])]+[}\])][\s+",\d]*[}\])])|(?:"\)?\]\W*\[)|(?:=\s*[^\s:;]+\s*[{([][^}\])]+[}\])];)]]></rule> 
     74        <rule><![CDATA[(?:\/\w*\s*\)\s*\()|(?:\([\w\s]+\([\w\s]+\)[\w\s]+\))|(?:(?<!(?:mozilla\/\d\.\d\s))\([^)[]+\[[^\]]+\][^)]*\))|(?:[^\s!][{([][^({[]+[{([][^}\])]+[}\])][\s+",\d]*[}\])])|(?:"\)?\]\W*\[)|(?:=\s*[^\s:;]+\s*[{([][^}\])]+[}\])];)]]></rule> 
    7575        <description>Detects self-executing JavaScript functions</description> 
    7676        <tags> 
     
    159159    <filter> 
    160160        <id>16</id> 
    161         <rule><![CDATA[([^*\s\w,.\/?+-]\s*)?(?<![a-mo-z]\s)(?<![a-z\/_@>])(\s*return\s*)?(?:alert|inputbox|showmodaldialog|infinity|isnan|isnull|iterator|msgbox|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.:\/+\-]))]]></rule> 
     161        <rule><![CDATA[([^*\s\w,.\/?+-]\s*)?(?<![a-mo-z]\s)(?<![a-z\/_@>])(\s*return\s*)?(?:alert|inputbox|showmodaldialog|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.:\/+\-]))]]></rule> 
    162162        <description>Detects possible includes and typical script methods</description> 
    163163        <tags> 
     
    207207    <filter> 
    208208        <id>20</id> 
    209         <rule><![CDATA[(?:\)\s*\[)|(?:\/\w*\s*\)\s*\W)|([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@>\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\s*(?:each)?|elseif|case|switch|regex|boolean|location|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%".+\-]))]]></rule> 
     209        <rule><![CDATA[(?:\)\s*\[)|([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@>\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\s*(?:each)?|elseif|case|switch|regex|boolean|location|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%".+\-]))]]></rule> 
    210210        <description>Detects JavaScript language constructs</description> 
    211211        <tags> 
     
    231231    <filter> 
    232232        <id>22</id> 
    233         <rule><![CDATA[(?:=\s*(?:top|this|window|content|self|frames|_content))|(?:\/\s*\w*\s*[)}])|(?:[^\s]\s*=\s*script)|(?:\.\s*constructor)|(?:default\s+xml\s+namespace\s*=)|(?:\/\s*\+[^+]+\s*\+\s*\/)]]></rule> 
     233        <rule><![CDATA[(?:=\s*(?:top|this|window|content|self|frames|_content))|(?:\/\s*[gimx]*\s*[)}])|(?:[^\s]\s*=\s*script)|(?:\.\s*constructor)|(?:default\s+xml\s+namespace\s*=)|(?:\/\s*\+[^+]+\s*\+\s*\/)]]></rule> 
    234234        <description>Detects advanced XSS probings via Script(), RexExp, constructors and XML namespaces</description> 
    235235        <tags> 
     
    283283    <filter> 
    284284        <id>27</id> 
    285         <rule><![CDATA[(?:data:.*,)|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?]]></rule> 
     285        <rule><![CDATA[(?:(?:vbs|vbscript|data):.*[,+])|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?]]></rule> 
    286286        <description>Detects data: URL injections, VBS injections and common URI schemes</description> 
    287287        <tags> 
     
    437437    <filter> 
    438438        <id>42</id> 
    439         <rule><![CDATA[(?:"\s*or\s*\d)|(?:\\x(?:23|27|3d))|(?:^.?"$)|(?:^.*\\".+(?<!\\)")|(?:(?:^["\\]*(?:[\d"]+|[^"]+"))+\s*(?:n?and|x?or|not|\|\||\&\&)\s*[\w"[+&!@(),.-])|(?:[^\w\s]\w+\s*[|-]\s*"\s*\w)|(?:@\w+\s+(and|or)\s*["\d]+)|(?:@[\w-]+\s(and|or)\s*[^\w\s])|(?:[^\w\s:]\s*\d\W+[^\w\s]\s*".)]]></rule> 
     439        <rule><![CDATA[(?:"\s*or\s*"?\d)|(?:\\x(?:23|27|3d))|(?:^.?"$)|(?:(?:^["\\]*(?:[\d"]+|[^"]+"))+\s*(?:n?and|x?or|not|\|\||\&\&)\s*[\w"[+&!@(),.-])|(?:[^\w\s]\w+\s*[|-]\s*"\s*\w)|(?:@\w+\s+(and|or)\s*["\d]+)|(?:@[\w-]+\s(and|or)\s*[^\w\s])|(?:[^\w\s:]\s*\d\W+[^\w\s]\s*".)]]></rule> 
    440440        <description>Detects classic SQL injection probings 1/2</description> 
    441441        <tags> 
     
    470470    <filter> 
    471471        <id>45</id> 
    472         <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,-]+from)]]></rule> 
     472        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()]]></rule> 
    473473        <description>Detects basic SQL authentication bypass attempts 2/3</description> 
    474474        <tags> 
     
    503503    <filter> 
    504504        <id>48</id> 
    505         <rule><![CDATA[(?:\d+\s*or\s*\d+\s*[\-+])|(?:\/\w+;?\s+(?:having|and|or|select))|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*(?:drop|alter))|(?:(?:;|#|--)\s*(?:update|insert)\s*\w{2,})|(?:[^\w]SET\s*@\w+)|(?:(?:n?and|x?or|not |\|\||\&\&)[\s(]+\w+[\s)]*[!=+]+[\s\d]*["=()])]]></rule> 
     505        <rule><![CDATA[(?:@.+=\s*\(\s*select)|(?:\d+\s*or\s*\d+\s*[\-+])|(?:\/\w+;?\s+(?:having|and|or|select)\W)|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*(?:drop|alter))|(?:(?:;|#|--)\s*(?:update|insert)\s*\w{2,})|(?:[^\w]SET\s*@\w+)|(?:(?:n?and|x?or|not |\|\||\&\&)[\s(]+\w+[\s)]*[!=+]+[\s\d]*["=()])]]></rule> 
    506506        <description>Detects chained SQL injection attempts 1/2</description> 
    507507        <tags> 
     
    583583    <filter> 
    584584        <id>56</id> 
    585         <rule><![CDATA[(?:merge.*using\s*\()|(execute\s*immediate\s*")|(?:\W+\d*\s*having\s*[^\s])|(?:match\s*[\w(),+-]+\s*against\s*\()]]></rule> 
     585        <rule><![CDATA[(?:merge.*using\s*\()|(execute\s*immediate\s*")|(?:\W+\d*\s*having\s*[^\s\-])|(?:match\s*[\w(),+-]+\s*against\s*\()]]></rule> 
    586586        <description>Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections</description> 
    587587        <tags> 
  • mute-screamer/trunk/libraries/mscr/Text_Diff_Render.php

    r352695 r379805  
    2424     */ 
    2525    function addedLine( $line ) { 
    26         return "<td class='diff-addedline'>+</td><td class='diff-addedline'>{$line}</td>"; 
     26        return "<td class='diff-addedline first'>+</td><td class='diff-addedline'>{$line}</td>"; 
    2727    } 
    2828 
     
    3434     */ 
    3535    function deletedLine( $line ) { 
    36         return "<td class='diff-deletedline'>-</td><td class='diff-deletedline'>{$line}</td>"; 
     36        return "<td class='diff-deletedline first'>-</td><td class='diff-deletedline'>{$line}</td>"; 
    3737    } 
    3838 
     
    4444     */ 
    4545    function contextLine( $line ) { 
    46         return "<td class='diff-context'> </td><td class='diff-context'>{$line}</td>"; 
     46        return "<td class='diff-context first'> </td><td class='diff-context'>{$line}</td>"; 
    4747    } 
    4848 
  • mute-screamer/trunk/libraries/mscr/Update.php

    r352695 r379805  
    2424 
    2525    /** 
    26      * The file to check for a new version of 
     26     * The current file to check for a newer version 
    2727     * 
    2828     * @var string 
    2929     */ 
    3030    private $file = ''; 
     31 
     32    /** 
     33     * The files to check for updates 
     34     * 
     35     * @var array 
     36     */ 
     37    private $files = array( 'default_filter.xml', 'Converter.php' ); 
    3138 
    3239    /** 
     
    6067    /** 
    6168     * Check for updates to Converter.php and default_filter.xml 
    62      * 1. does the sha1 differ from the local version? 
    63      * 2. fetch the latest rss entry, get revision number, get file revision 
    64      * 3. does the sha1 match the revision version of the file from rss? 
    65      * 4. display update notice, with link to changeset 
     69     * 
     70     * 1. Fetch remote sha1 of each file 
     71     * 2. Check if the sha1's are different 
     72     * 3. Fetch the latest RSS 
     73     * 4. Parse RSS data 
    6674     * 
    6775     * @return bool 
     
    7987 
    8088        // Initialise the update cache 
     89        $this->updates = array(); 
    8190        $this->updates['updates'] = array(); 
     91 
     92        // Delete requests cache if any are hanging around 
     93        delete_site_transient( 'mscr_requests_cache' ); 
    8294 
    8395        // Suppress libxml parsing errors 
    8496        $libxml_use_errors = libxml_use_internal_errors( true ); 
    8597 
    86         foreach( array( 'default_filter.xml', 'Converter.php' ) as $file ) { 
     98        foreach( $this->files as $file ) { 
    8799            $this->file = $file; 
    88100 
    89             // Fetch remote sha1 
     101            // Fetch the remote sha1 
    90102            $this->sha1_fetch(); 
    91103 
    92             // Fetch RSS for latest revision 
    93             $this->rss_fetch(); 
    94  
    95             // Did any remote requests fail? 
    96             $responses = $this->updates['updates'][$file]->responses; 
    97             if( $responses['sha1'] == '' OR $responses['rss'] == '' ) { 
    98                 $this->abort(); 
    99                 return false; 
    100             } 
    101  
    102             // Does the sha1 differ? 
    103             if( ! $this->sha1_check() ) { 
     104            // Is the sha1 different? 
     105            if( ! $this->sha1_compare() ) { 
    104106                // File doesn't need updating remove from update array 
    105107                unset( $this->updates['updates'][$file] ); 
    106108                continue; 
    107109            } 
    108  
     110        } 
     111 
     112        // Are there any files to update? 
     113        if( empty( $this->updates['updates'] ) ) { 
     114            $this->abort(); 
     115            return false; 
     116        } 
     117 
     118        // Fetch RSS for latest revision 
     119        $this->rss_fetch(); 
     120 
     121        // Load up the RSS 
     122        $rss = simplexml_load_string( $this->updates['rss'] ); 
     123 
     124        // Revision number 
     125        $id = (string) $rss->entry->id; 
     126        $x = explode( '/', $id ); 
     127        $revision_number = end( $x ); 
     128 
     129        // Add update information to each file 
     130        foreach( $this->files as $file ) { 
    109131            // Simple XML elements can't be serialized so cast them to strings 
    110             $details = $this->updates['updates'][$this->file]; 
    111             $rss = simplexml_load_string($details->responses['rss']); 
    112             $details->title = (string) $rss->channel->item->title; 
    113             $details->revision = preg_replace('/Revision (\d+).+/si', '$1', $rss->channel->item->title); 
    114             $details->date = (string) $rss->channel->item->pubDate; 
    115             $details->revision_url = (string) $rss->channel->item->guid; 
    116             $details->revision_file_url = "https://trac.phpids.org/index.fcgi/export/{$details->revision}/trunk/lib/IDS/{$this->file}"; 
    117  
    118             // Did we parse the revision number correctly? 
    119             if( ! ctype_digit( $details->revision ) ) { 
    120                 $this->abort(); 
    121                 return false; 
    122             } 
     132            $this->updates['updates'][$file]->title = (string) $rss->entry->title; 
     133            $this->updates['updates'][$file]->revision = $revision_number; 
     134            $this->updates['updates'][$file]->date = (string) $rss->entry->updated; 
     135            $this->updates['updates'][$file]->revision_url = (string) $rss->entry->link->attributes()->href; 
     136            $this->updates['updates'][$file]->revision_file_url = "http://dev.itratos.de/projects/php-ids/repository/revisions/{$revision_number}/raw/trunk/lib/IDS/{$file}"; 
    123137        } 
    124138 
     
    128142        // Restore libxml errors 
    129143        libxml_use_internal_errors( $libxml_use_errors ); 
    130  
    131         // TODO: Extra validation step 
    132         // TODO: Check revision_file_url sha1 and compare to remote sha1 
    133144 
    134145        set_site_transient( 'mscr_update', $this->updates, $this->timeout ); 
     
    176187     */ 
    177188    private function sha1_fetch() { 
    178         // Fetch remote sha1 
    179         $url = 'https://phpids.org/hash.php?f='.$this->file; 
     189        $url = 'http://phpids.org/hash.php?f='.$this->file; 
    180190        $response = $this->remote_get( $url ); 
     191 
     192        // Did the request fail? 
     193        if( $response['body'] == '' ) { 
     194            $this->abort(); 
     195        } 
     196 
    181197        $this->updates['updates'][$this->file] = new stdClass; 
    182198        $this->updates['updates'][$this->file]->responses['sha1'] = $response['body']; 
     
    189205     */ 
    190206    private function rss_fetch() { 
    191         $url = "https://trac.phpids.org/index.fcgi/log/trunk/lib/IDS/{$this->file}?limit=1&format=rss"; 
     207        $url = "http://dev.itratos.de/projects/php-ids/activity.atom"; 
    192208        $response = $this->remote_get( $url ); 
    193         $this->updates['updates'][$this->file]->responses['rss'] = $response['body']; 
    194     } 
    195  
    196     /** 
    197      * Check the sha1 to see if we need to update 
     209 
     210        // Did the request fail? 
     211        if( $response['body'] == '' ) { 
     212            $this->abort(); 
     213        } 
     214 
     215        $this->updates['rss'] = $response['body']; 
     216    } 
     217 
     218    /** 
     219     * Compare the sha1 of the local and remote files 
    198220     * 
    199221     * @return bool true if the sha1's are different 
    200222     */ 
    201     private function sha1_check() { 
     223    private function sha1_compare() { 
    202224        // Get the current sha1 
    203225        $local_file = MSCR_PATH."/libraries/IDS/{$this->file}"; 
     
    274296        if( empty( $this->updates['updates'] ) ) { 
    275297            echo '<h3>' . __( 'Mute Screamer', 'mute-screamer' ) . '</h3>'; 
    276             echo '<p>' . __( 'Is up to date.', 'mute-screamer' ) . '</p>'; 
     298            echo '<p>' . __( 'All files are up to date.', 'mute-screamer' ) . '</p>'; 
    277299            return; 
    278300        } 
     
    422444        // All good? Clear the update array, reset transients 
    423445        if( $res ) { 
    424             $this->updates['updates'] = array(); 
     446            // Remove the files we updated from the update array 
     447            foreach( $files as $key => $file ) { 
     448                unset( $this->updates['updates'][$key] ); 
     449            } 
     450 
     451            // Did we update everything? 
     452            // Only clear the update array and cache if there are no files left to update 
     453            if( empty( $this->updates['updates'] ) ) { 
     454                $this->updates['updates'] = array(); 
     455                delete_site_transient( 'mscr_requests_cache' ); 
     456            } 
     457 
    425458            set_site_transient( 'mscr_update', $this->updates, $this->timeout ); 
    426             delete_site_transient( 'mscr_requests_cache' ); 
    427459        } 
    428460 
  • mute-screamer/trunk/libraries/mscr/Upgrader.php

    r352695 r379805  
    5858            // Save files into upgrade folder, copy into place 
    5959            foreach( $files as $key => $val ) { 
    60                 show_message( sprintf( __("Copying %s into place...", 'mute-screamer'), $key ) ); 
     60                show_message( sprintf( __("Copying %s into place...", 'mute-screamer'), esc_html( $key ) ) ); 
    6161                $new_file = $upgrade_folder . $key; 
    6262                $wp_filesystem->put_contents( $new_file, $val['body'], FS_CHMOD_FILE ); 
  • mute-screamer/trunk/libraries/mscr/Utils.php

    r353055 r379805  
    107107    public static function upload_path() { 
    108108        $upload_dir = wp_upload_dir(); 
     109 
     110        if( ! isset( $upload_dir['basedir'] ) ) { 
     111            return ''; 
     112        } 
     113 
    109114        return $upload_dir['basedir']; 
    110115    } 
     
    171176 
    172177        if ( ! class_exists( 'WP_Text_Diff_Renderer_Table' ) ) 
    173             require( ABSPATH . WPINC . '/wp-diff.php' ); 
     178            require_once( ABSPATH . WPINC . '/wp-diff.php' ); 
    174179 
    175180        if ( ! class_exists( 'MSCR_Text_Diff_Renderer_Table' ) ) 
    176             require( 'mscr/Text_Diff_Render.php' ); 
     181            require_once( 'mscr/Text_Diff_Render.php' ); 
    177182 
    178183        $left_string  = normalize_whitespace($left_string); 
     
    256261 
    257262    /** 
    258      * Is this a ban request? 
    259      * 
    260      * @return boolean 
    261      */ 
    262     public static function is_ban() { 
    263         return Mute_Screamer::instance()->is_ban; 
    264     } 
    265  
    266     /** 
    267263     * Is the current page wp-login.php? 
    268264     * 
  • mute-screamer/trunk/libraries/mscr/functions.php

    r353055 r379805  
    1313if( ! function_exists( 'mscr_is_ban' ) ) { 
    1414    function mscr_is_ban() { 
    15         return MSCR_Utils::is_ban(); 
     15        return Mute_Screamer::instance()->is_ban; 
    1616    } 
    1717} 
  • mute-screamer/trunk/mscr_admin.php

    r352693 r379805  
    235235            return; 
    236236 
    237         $update_count = count( $updates ); 
     237        $update_count = count( $updates['updates'] ); 
    238238        $existing_count = 0; 
    239239 
     
    291291 
    292292        // Get results 
    293         $search = isset( $_GET['intrusions_search'] ) ? esc_attr($_GET['intrusions_search']) : ''; 
     293        $search = isset( $_GET['intrusions_search'] ) ? stripslashes($_GET['intrusions_search']) : ''; 
    294294        $search_title = ''; 
    295295        if($search) { 
    296             $search_title = sprintf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;', 'mute-screamer') . '</span>', $search ); 
     296            $search_title = sprintf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;', 'mute-screamer') . '</span>', esc_html( $search ) ); 
    297297            $token = '%'.$search.'%'; 
    298298            $sql = $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS * FROM " . $wpdb->mscr_intrusions . " WHERE (name LIKE %s OR page LIKE %s OR tags LIKE %s OR ip LIKE %s OR impact LIKE %s) ORDER BY created DESC LIMIT %d, %d", $token, $token, $token, $token, $token, $offset, $limit ); 
     
    428428        $options['json_fields'] = implode("\r\n", $options['json_fields']); 
    429429 
     430        // Apply textarea escaping, backwards compat for WordPress 3.0 
     431        if( function_exists( 'esc_textarea' ) ) { 
     432            $options['exception_fields'] = esc_textarea( $options['exception_fields'] ); 
     433            $options['html_fields'] = esc_textarea( $options['html_fields'] ); 
     434            $options['json_fields'] = esc_textarea( $options['json_fields'] ); 
     435        } else { 
     436            $options['exception_fields'] = esc_html( $options['exception_fields'] ); 
     437            $options['html_fields'] = esc_html( $options['html_fields'] ); 
     438            $options['json_fields'] = esc_html( $options['json_fields'] ); 
     439        } 
     440 
    430441        MSCR_Utils::view('admin_options', $options); 
    431442    } 
  • mute-screamer/trunk/mute-screamer.php

    r353055 r379805  
    55Description: <a href="http://phpids.org/">PHPIDS</a> for Wordpress. 
    66Author: ampt 
    7 Version: 1.0.0 
     7Version: 1.0.1 
    88Author URI: http://notfornoone.com/ 
    99*/ 
     
    1414 * PHPIDS for Wordpress 
    1515 * 
    16  * Copyright (c) 2010 Luke Gallagher 
     16 * Copyright (c) 2011 Luke Gallagher 
    1717 * 
    1818 * Permission is hereby granted, free of charge, to any person obtaining a copy 
     
    5252 
    5353    const INTRUSIONS_TABLE  = 'mscr_intrusions'; 
    54     const VERSION           = '1.0.0'; 
     54    const VERSION           = '1.0.1'; 
    5555    const DB_VERSION        = 2; 
    5656    const POST_TYPE         = 'mscr_ban'; 
     
    197197            return; 
    198198        } 
     199 
     200        // Display updates in admin bar, run after wp_admin_bar_updates_menu 
     201        add_action( 'admin_bar_menu', array( $this, 'action_admin_bar_menu' ), 100 ); 
    199202 
    200203        self::$instance = $this; 
     
    585588        $new_count = $this->new_intrusions_count + count($this->result->getIterator()); 
    586589        $this->set_option( 'new_intrusions_count', $new_count ); 
     590    } 
     591 
     592    /** 
     593     * Display admin bar updates for Wordpress 3.1 and later 
     594     * 
     595     * @return void 
     596     */ 
     597    public function action_admin_bar_menu() { 
     598        global $wp_admin_bar; 
     599 
     600        $updates = get_site_transient( 'mscr_update' ); 
     601        if( $updates === false OR empty( $updates['updates'] ) ) { 
     602            return; 
     603        } 
     604 
     605        $mscr_count = count( $updates['updates'] ); 
     606        $mscr_title = sprintf( _n( '%d Mute Screamer Update', '%d Mute Screamer Updates', $mscr_count, 'mute-screamer' ), $mscr_count ); 
     607 
     608        // Other WP updates, modify existing menu 
     609        if( isset( $wp_admin_bar->menu->updates ) ) { 
     610            // <span title='1 Plugin Update'>Updates <span id='ab-updates' class='update-count'>1</span></span> 
     611            $title = $wp_admin_bar->menu->updates['title']; 
     612 
     613            // Get the existing title attribute 
     614            preg_match( "/title='(.+?)'/", $title, $matches ); 
     615            $link_title = isset( $matches[1] ) ? $matches[1] : ''; 
     616            $link_title .= ', '.esc_attr( $mscr_title ); 
     617 
     618            // Get the existing update count 
     619            preg_match( "/<span\b[^>]*>(\d+)<\/span>/", $title, $matches ); 
     620            $update_count = isset( $matches[1] ) ? $matches[1] : 0; 
     621 
     622            $update_count += $mscr_count; 
     623 
     624            $update_title = "<span title='$link_title'>"; 
     625            $update_title .= sprintf( __( 'Updates %s', 'mute-screamer' ), "<span id='ab-updates' class='update-count'>" . number_format_i18n( $update_count ) . '</span>' ); 
     626            $update_title .= '</span>'; 
     627 
     628            $wp_admin_bar->menu->updates['title'] = $update_title; 
     629            return; 
     630        } 
     631 
     632        // Add update menu 
     633        $update_title = "<span title='".esc_attr( $mscr_title )."'>"; 
     634        $update_title .= sprintf( __('Updates %s', 'mute-screamer' ), "<span id='ab-updates' class='update-count'>" . number_format_i18n( $mscr_count ) . '</span>' ); 
     635        $update_title .= '</span>'; 
     636        $wp_admin_bar->add_menu( array( 'id' => 'updates', 'title' => $update_title, 'href' => network_admin_url( 'update-core.php' ) ) ); 
    587637    } 
    588638 
  • mute-screamer/trunk/readme.txt

    r353055 r379805  
    33Tags: phpids, intrusion detection, security, ids 
    44Requires at least: 3.0 
    5 Tested up to: 3.1 
    6 Stable tag: 1.0.0 
     5Tested up to: 3.2-bleeding 
     6Stable tag: 1.0.1 
    77 
    88PHPIDS for Wordpress 
     
    2323* Auto updates of default_filter.xml and Converter.php from phpids.org 
    2424* Auto update shows a diff of changes to be updated 
    25 * Ban user when attack is over the ban threshold 
    26 * Ban user when attack exceeds the repeat attack limit 
     25* Ban client when attack is over the ban threshold 
     26* Ban client when attack exceeds the repeat attack limit 
    2727* Display ban template and message 
    2828 
     
    4141 
    4242== Changelog == 
     43 
     44= 1.0.1 = 
     45 
     46* Fix PHPIDS updater 
     47* Latest PHPIDS rules and converter 
     48* Display correct update count in adminbar 
     49* Fix intrusion search escaping 
     50* Fix diff table rendering issues 
     51* Fix upload_dir undefined index 
     52* Additional output escaping 
    4353 
    4454= 1.0.0 = 
  • mute-screamer/trunk/views/admin_intrusions.php

    r352693 r379805  
    100100 
    101101                                        case 'tags': 
    102                                             echo $intrusion->tags; 
     102                                            echo esc_html($intrusion->tags); 
    103103                                            break; 
    104104 
    105105                                        case 'ip': 
    106                                             echo $intrusion->ip; 
     106                                            echo esc_html($intrusion->ip); 
    107107                                            break; 
    108108 
    109109                                        case 'impact': 
    110                                             echo $intrusion->impact; 
     110                                            echo esc_html($intrusion->impact); 
    111111                                            break; 
    112112 
  • mute-screamer/trunk/views/admin_options.php

    r352693 r379805  
    8989        </table> 
    9090 
    91         <h3><?php _e( 'User Banning', 'mute-screamer' ); ?></h3> 
    92         <p><?php _e( 'Users can be banned for attacks over a certain threshold or for a number of repeated attacks.', 'mute-screamer' ); ?></p> 
     91        <h3><?php _e( 'IP Banning', 'mute-screamer' ); ?></h3> 
     92        <p><?php _e( 'Clients can be banned for attacks over a certain threshold or for a number of repeated attacks.', 'mute-screamer' ); ?></p> 
    9393        <table class="form-table"> 
    9494            <tbody> 
     
    109109                    <td> 
    110110                        <input type="text" class="small-text" value="<?php echo esc_attr( $ban_time ); ?>" id="mscr_ban_time" name="mscr_options[ban_time]" /> 
    111                         <span class="description"><?php _e( 'Number of seconds a user will be banned.', 'mute-screamer' ); ?></span> 
     111                        <span class="description"><?php _e( 'Number of seconds a client will be banned.', 'mute-screamer' ); ?></span> 
    112112                    </td> 
    113113                </tr> 
     
    117117                    <td> 
    118118                        <input type="text" class="small-text" value="<?php echo esc_attr( $ban_threshold ); ?>" id="mscr_ban_threshold" name="mscr_options[ban_threshold]" /> 
    119                         <span class="description"><?php _e( 'Minimum impact to ban a user.', 'mute-screamer' ); ?></span> 
     119                        <span class="description"><?php _e( 'Minimum impact to ban a client.', 'mute-screamer' ); ?></span> 
    120120                    </td> 
    121121                </tr> 
     
    125125                    <td> 
    126126                        <input type="text" class="small-text" value="<?php echo esc_attr( $attack_repeat_limit ); ?>" id="mscr_attack_repeat_limit" name="mscr_options[attack_repeat_limit]" /> 
    127                         <span class="description"><?php _e( 'Number of repeated attacks before a user is banned (repeat attacks can be under the ban threshold).', 'mute-screamer' ); ?></span> 
     127                        <span class="description"><?php _e( 'Number of repeated attacks before a client is banned (repeat attacks can be under the ban threshold).', 'mute-screamer' ); ?></span> 
    128128                    </td> 
    129129                </tr> 
     
    144144                                <?php _e( 'Example - regular expression exclude: /.*foo/i', 'mute-screamer' ); ?> 
    145145                            </label></p> 
    146                             <p><textarea class="large-text code" id="mscr_exception_fields" cols="50" rows="5" name="mscr_options[exception_fields]"><?php echo esc_html( $exception_fields ); ?></textarea></p> 
     146                            <p><textarea class="large-text code" id="mscr_exception_fields" cols="50" rows="5" name="mscr_options[exception_fields]"><?php echo $exception_fields; ?></textarea></p> 
    147147                        </fieldset> 
    148148                    </td> 
     
    158158                                <?php _e( 'Note: Fields must contain valid HTML', 'mute-screamer' ); ?> 
    159159                            </label></p> 
    160                             <p><textarea class="large-text code" id="mscr_html_fields" cols="50" rows="5" name="mscr_options[html_fields]"><?php echo esc_html( $html_fields ); ?></textarea></p> 
     160                            <p><textarea class="large-text code" id="mscr_html_fields" cols="50" rows="5" name="mscr_options[html_fields]"><?php echo $html_fields; ?></textarea></p> 
    161161                        </fieldset> 
    162162                    </td> 
     
    171171                                <?php _e( 'Define fields that contain JSON data and should be treated as such.', 'mute-screamer' ); ?> 
    172172                            </label></p> 
    173                             <p><textarea class="large-text code" id="mscr_json_fields" cols="50" rows="5" name="mscr_options[json_fields]"><?php echo esc_html( $json_fields ); ?></textarea></p> 
     173                            <p><textarea class="large-text code" id="mscr_json_fields" cols="50" rows="5" name="mscr_options[json_fields]"><?php echo $json_fields; ?></textarea></p> 
    174174                        </fieldset> 
    175175                    </td> 
  • mute-screamer/trunk/views/admin_update.php

    r352693 r379805  
    2626    <tr class='active'> 
    2727        <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . esc_attr($file) . "' /></th> 
    28         <td class='plugin-title'><strong>{$file}</strong>" . sprintf(__('Update to revision %1$s. <a href="%2$s">Review changeset</a>.', 'mute-screamer'), $file_data->revision, $file_data->revision_url) . "</td> 
     28        <td class='plugin-title'><strong>".esc_html( $file )."</strong>" . sprintf(__('Update to revision %1$s. <a href="%2$s">Review changeset</a>.', 'mute-screamer'), esc_html( $file_data->revision ), esc_url( $file_data->revision_url )) . "</td> 
    2929    </tr>"; 
    3030    } 
  • mute-screamer/trunk/views/admin_update_diff.php

    r352693 r379805  
    88    <form action="update.php?action=mscr_upgrade" method="post"> 
    99        <?php wp_nonce_field('mscr-upgrade-diff'); ?> 
    10         <input type="hidden" name="url" value="<?php echo $url; ?>" /> 
     10        <input type="hidden" name="url" value="<?php echo esc_url( $url ); ?>" /> 
    1111        <p><input class="button-secondary" type="submit" value="<?php esc_attr_e('Continue', 'mute-screamer'); ?>" /></p> 
    1212    </form> 
     
    1515    <div class="mscr_diff_file" style=""> 
    1616        <div class="meta"> 
    17             <?php echo str_replace( ABSPATH, '', MSCR_PATH.'/libraries/IDS/' ).$file->name; ?> 
     17            <?php echo str_replace( ABSPATH, '', MSCR_PATH.'/libraries/IDS/' ).esc_html( $file->name ); ?> 
    1818        </div> 
    1919 
     
    2323            <?php if( ! $file->diff ) : ?> 
    2424 
    25             <tr><td colspan="2"><div class="updated"><p><?php _e( 'These revisions are identical.', 'mute-screamer' ); ?></p></div></td></tr> 
     25            <tr><td colspan="2"><div class="mscr-message"><p><?php _e( 'These revisions are identical.', 'mute-screamer' ); ?></p></div></td></tr> 
    2626 
    2727            <?php else : ?> 
Note: See TracChangeset for help on using the changeset viewer.