WordPress.org

Plugin Directory

Changeset 584290


Ignore:
Timestamp:
08/11/12 17:01:03 (5 years ago)
Author:
peterebutler
Message:

Blocked direct file access

Location:
timthumb-vulnerability-scanner/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • timthumb-vulnerability-scanner/trunk/cg-tvs-admin-panel-display.php

    r525703 r584290  
     1<?php 
     2// Direct calls to this file are Forbidden when core files are not present 
     3if ( !function_exists('add_action') ){ 
     4        header('Status: 403 Forbidden'); 
     5        header('HTTP/1.1 403 Forbidden'); 
     6        die(); 
     7} 
     8 
     9if ( !current_user_can('manage_options') ){ 
     10        header('Status: 403 Forbidden'); 
     11        header('HTTP/1.1 403 Forbidden'); 
     12        die(); 
     13} 
     14?> 
    115<div class="wrap"> 
    216    <h2>Timthumb Scanner</h2> 
     
    106120      </table> 
    107121      <?php if(empty($this->suspicious_files)): ?> 
    108       <p><strong>Worried that you're already hacked?</strong> <a href="http://codegarage.com/hack-cleanup">Get in touch with me</a>.</p> 
     122      <p><strong>Worried that you're already hacked?</strong> <a href="http://codegarage.com/hack-cleanup">Get in touch with us</a>.</p> 
    109123      <?php endif; ?> 
    110124    <?php endif; ?> 
     
    121135        <div class="inside"> 
    122136            <p><strong>Tired of worrying about your WordPress sites?</strong></p> 
    123             <p><a href="http://codegarage.com" target="_blank" >Locker</a> from <a href="http://codegarage.com/"  target="_blank" >Code Garage</a> provides rock solid daily backups and hack monitoring and cleanup (for malicious code and vulnerabilities like this one), as well as personal, one on one support when you need it.</p> 
    124             <p style="text-align:center;padding-top:15px;"><a href="http://codegarage.com/" target="_blank" class="button-primary">Click here to learn more</a></p> 
     137            <p><a href="http://codegarage.com/?ref=tvs" target="_blank" >Locker</a> from <a href="http://codegarage.com/?ref=tvs"  target="_blank" >Code Garage</a> provides rock solid daily backups and hack monitoring and cleanup (for malicious code and vulnerabilities like this one), as well as personal, one on one support when you need it.</p> 
     138            <p style="text-align:center;padding-top:15px;"><a href="http://codegarage.com/?ref=tvs" target="_blank" class="button-primary">Click here to learn more</a></p> 
    125139        </div> 
    126140    </div> 
    127141   
    128142    <div class="postbox metabox-holder" style="padding-top:0px"> 
    129         <h3 class="hndle" >CodeGarage Security Newsletter</h3> 
     143        <h3 class="hndle" >Stay Informed</h3> 
    130144        <div class="inside"> 
    131145            <p>Stay up to date on best practices and stay ahead of new vulnerabilities that could threaten your site.</p> 
     146            <h4>WP Security Newsletter</h4> 
    132147        <!-- Begin MailChimp Signup Form --> 
    133148        <style type="text/css"> 
     
    136151               padding:5px; 
    137152               font-size:14px; 
    138                width:90%; 
     153               width:70%; 
    139154               margin-bottom:10px; } 
    140155        </style> 
     
    142157          <form action="http://codegarage.us1.list-manage1.com/subscribe/post?u=18eaf7659266bae84144eef88&amp;id=0029c09237" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank"> 
    143158            <label for="mce-EMAIL"></label> 
    144             <div style="text-align:center;margin-bottom:15px;"> 
     159            <div > 
    145160            <input type="email" value="" name="EMAIL" class="email" id="mce-EMAIL" placeholder="email address" required> 
    146161            <input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="button-secondary"> 
     
    148163          </form> 
    149164        <!--End mc_embed_signup--> 
     165            <h4>Codegarage on Twitter</h4> 
     166<a href="https://twitter.com/yourcodegarage" class="twitter-follow-button" data-show-count="false">Follow @yourcodegarage</a> 
     167<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> 
     168            <h4><a href="http://codegarage.com/blog/?src=tvs" >Codegarage Blog</a></h4> 
    150169        </div> 
    151170        </div> 
  • timthumb-vulnerability-scanner/trunk/class-cg-tvs-filescanner.php

    r525689 r584290  
    11<?php 
     2if ( ! defined('ABSPATH') ) { 
     3    die('Please do not load this file directly.'); 
     4} 
     5 
    26 
    37class CG_FileScanner { 
  • timthumb-vulnerability-scanner/trunk/class-cg-tvs-plugin.php

    r525703 r584290  
    11<?php 
     2if ( ! defined('ABSPATH') ) { 
     3    die('Please do not load this file directly.'); 
     4} 
    25 
    36class CG_TVS_Plugin{ 
     
    245248  function show_message( $message, $error = false ) 
    246249  { 
    247     if(DOING_CRON === TRUE){ 
     250     
     251    if(!is_admin() || DOING_CRON === TRUE){ 
    248252      return; 
    249253    } 
  • timthumb-vulnerability-scanner/trunk/readme.txt

    r525689 r584290  
    4848== Changelog == 
    4949 
     50= 1.53 = 
     51* Blocked direct access to all PHP plugin files 
     52* Made sure alerts are only shown when user is viewing in admin 
     53 
    5054= 1.52 = 
    5155* Added support for Windows servers 
  • timthumb-vulnerability-scanner/trunk/timthumb-vulnerability-scanner.php

    r525689 r584290  
    22/* 
    33Plugin Name: TimThumb Vulnerability Scanner 
    4 Plugin URI: http://codegarage.com/blog/2011/09/wordpress-timthumb-vulnerability-scanner-plugin/ 
     4Plugin URI: http://codegarage.com/blog/plugins/timthumb-vulnerability-scanner 
    55Description: Keep your instances of Timthumb up to date and free from vulnerabilities simply.  Bonus - checks for obvious signs of compromised sites. 
    66Author: Peter Butler 
    7 Version: 1.52 
     7Version: 1.53 
    88Author URI: http://codegarage.com/ 
    99*/ 
     10 
     11if ( ! defined('ABSPATH') ) { 
     12    die('Please do not load this file directly.'); 
     13} 
    1014 
    1115include_once 'class-cg-tvs-plugin.php'; 
Note: See TracChangeset for help on using the changeset viewer.