From 0732b4f21e014604c7f007d95707057094a59892 Mon Sep 17 00:00:00 2001 From: "David E. Smith" Date: Fri, 21 Feb 2020 09:39:37 -0600 Subject: [PATCH 01/25] Add RSA_ACCEPT_PRIVATE_IPS flag for all-internal, multi-tier environments. --- restricted_site_access.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 33305d2b..9623a8fe 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1484,7 +1484,12 @@ public static function get_client_ip_address() { ) as $ip ) { $ip = trim( $ip ); // just to be safe. - if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) !== false ) { + $filter_flags = FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ; + if ( defined( 'RSA_ACCEPT_PRIVATE_IPS' ) && RSA_ACCEPT_PRIVATE_IPS === true ) { + $filter_flags = 0; + } + + if ( filter_var( $ip, FILTER_VALIDATE_IP, $filter_flags ) !== false ) { return $ip; } } From 53877e3abe62ae1ea42212db99d362ce72a51fd0 Mon Sep 17 00:00:00 2001 From: "David E. Smith" Date: Fri, 21 Feb 2020 10:17:58 -0600 Subject: [PATCH 02/25] Boy, phpcs is picky :) --- restricted_site_access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 9623a8fe..d84c0191 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1484,7 +1484,7 @@ public static function get_client_ip_address() { ) as $ip ) { $ip = trim( $ip ); // just to be safe. - $filter_flags = FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ; + $filter_flags = FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE; if ( defined( 'RSA_ACCEPT_PRIVATE_IPS' ) && RSA_ACCEPT_PRIVATE_IPS === true ) { $filter_flags = 0; } From a6f32bd02963cb1fe368ea30c78482cfe976b84f Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Fri, 13 May 2022 00:05:16 +0530 Subject: [PATCH 03/25] try: trust REMOTE_ADDR header only --- restricted_site_access.php | 87 +++++++++++++++++++++++++++++--------- 1 file changed, 68 insertions(+), 19 deletions(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 551a231f..6c37f6f4 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1529,36 +1529,85 @@ public static function ip_in_range( $ip, $range ) { * @return string */ public static function get_client_ip_address() { - $ip = ''; - $headers = array( - 'HTTP_CF_CONNECTING_IP', - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED', - 'HTTP_X_CLUSTER_CLIENT_IP', - 'HTTP_FORWARDED_FOR', - 'HTTP_FORWARDED', - 'REMOTE_ADDR', - ); - foreach ( $headers as $key ) { - - if ( ! isset( $_SERVER[ $key ] ) ) { + $ip = ''; + $remote_addr_header_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : false; + + /** + * Assume empty REMOTE_ADDR as unreliable. + */ + if ( false === $remote_addr_header_ip ) { + return ''; + } + + /** + * Accepts the string 'REMOTE_ADDR' or array of trusted proxies. + * It is advisable to pass 'REMOTE_ADDR' if your proxy server doesn't have + * a static IP. + * + * @param string|array + * + * @since 7.3.1 + */ + $trusted_proxies = apply_filters( 'rsa_trusted_proxies', 'REMOTE_ADDR' ); + + /** + * Add headers that your reverse proxy uses to send client IP information. + * + * Example of possible values are: + * + * HTTP_CF_CONNECTING_IP + * HTTP_CLIENT_IP + * HTTP_X_FORWARDED_FOR + * HTTP_X_FORWARDED + * HTTP_X_CLUSTER_CLIENT_IP + * HTTP_FORWARDED_FOR + * HTTP_FORWARDED + * + * @param array + * + * @since 7.3.1 + */ + $proxy_trusted_headers = apply_filters( 'rsa_proxy_trusted_headers', array( 'HTTP_X_FORWARDED_FOR' ) ); + + if ( is_string( $trusted_proxies ) && 'REMOTE_ADDR' === $trusted_proxies ) { + if ( ! empty( $proxy_trusted_headers ) ) { + return self::get_ip_from_headers( $proxy_trusted_headers ); + } else { + return $remote_addr_header_ip; + } + } else if ( is_array( $trusted_proxies ) && ! empty( $trusted_proxies ) ) { + if ( in_array( $remote_addr_header_ip, $trusted_proxies ) ) { + return self::get_ip_from_headers( $proxy_trusted_headers ); + } + } + + return ''; + } + + /** + * Returns the first matched IP from the list of array of headers. + * + * @return string + */ + public static function get_ip_from_headers( $headers = array() ) { + foreach ( $headers as $header ) { + if ( ! isset( $_SERVER[ $header ] ) ) { continue; } - + foreach ( explode( ',', - sanitize_text_field( wp_unslash( $_SERVER[ $key ] ) ) + sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) ) ) as $ip ) { $ip = trim( $ip ); // just to be safe. - + if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) !== false ) { return $ip; } } } - - return $ip; + + return ''; } /** From 0690600477e519dc451b5144c2579750e22e50fe Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Mon, 11 Jul 2022 15:38:19 +0530 Subject: [PATCH 04/25] refactor logic --- restricted_site_access.php | 98 +++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 44 deletions(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 8ba702df..de2265af 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1529,31 +1529,54 @@ public static function ip_in_range( $ip, $range ) { * @return string */ public static function get_client_ip_address() { - $ip = ''; + /** REMOTE_ADDR IP Address. */ $remote_addr_header_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : false; - - /** - * Assume empty REMOTE_ADDR as unreliable. - */ - if ( false === $remote_addr_header_ip ) { + + /** Return if REMOTE_ADDR is not set. */ + if ( empty( $remote_addr_header_ip ) ) { return ''; } - - /** - * Accepts the string 'REMOTE_ADDR' or array of trusted proxies. - * It is advisable to pass 'REMOTE_ADDR' if your proxy server doesn't have - * a static IP. + + /* + * Filter hook to set array of trusted proxies. + * + * Some reverse proxies (like AWS Elastic Load Balancing) don't have + * a static IP address or even a range that you can target with the CIDR notation. + * In this case, you'll need to - very carefully - trust all proxies by setting + * $trusted_proxies to an empty array - (default behaviour). * - * @param string|array + * In case your reverse proxy uses static IP addresses, then you can add those + * addresses to the $trusted_proxies array. * - * @since 7.3.1 + * (Note: This is for advanced users only.) */ - $trusted_proxies = apply_filters( 'rsa_trusted_proxies', 'REMOTE_ADDR' ); + $trusted_proxies = apply_filters( 'rsa_trusted_proxies', array() ); + + if ( ! empty( $trusted_proxies ) ) { + + /** If REMOTE_ADDR is found in the array of trusted proxies... */ + if ( in_array( $remote_addr_header_ip, $trusted_proxies ) ) { + return self::get_ip_from_headers(); + } else { + return ''; + } + } else { + return self::get_ip_from_headers(); + } + } - /** - * Add headers that your reverse proxy uses to send client IP information. + /** + * Returns the first matched IP from the list of array of headers. + * + * @return string + */ + public static function get_ip_from_headers() { + /* + * If your site is not behind a reverse proxy, then REMOTE_ADDR will contain the + * actual client IP address. In this case, set $trusted_headers to an empty array - (default behaviour). * - * Example of possible values are: + * In case of a proxy server, the proxy server will replace REMOTE_ADDR with its own IP address and + * forward the client IP address using one of the following headers depending on the implementation. * * HTTP_CF_CONNECTING_IP * HTTP_CLIENT_IP @@ -1563,34 +1586,21 @@ public static function get_client_ip_address() { * HTTP_FORWARDED_FOR * HTTP_FORWARDED * - * @param array + * Use the `rsa_trusted_headers` filter hook to set the headers that should be trusted with client IP + * address. * - * @since 7.3.1 + * (Note: This is for advanced users only.) */ - $proxy_trusted_headers = apply_filters( 'rsa_proxy_trusted_headers', array( 'HTTP_X_FORWARDED_FOR' ) ); - - if ( is_string( $trusted_proxies ) && 'REMOTE_ADDR' === $trusted_proxies ) { - if ( ! empty( $proxy_trusted_headers ) ) { - return self::get_ip_from_headers( $proxy_trusted_headers ); - } else { - return $remote_addr_header_ip; - } - } else if ( is_array( $trusted_proxies ) && ! empty( $trusted_proxies ) ) { - if ( in_array( $remote_addr_header_ip, $trusted_proxies ) ) { - return self::get_ip_from_headers( $proxy_trusted_headers ); - } + $trusted_headers = apply_filters( 'rsa_trusted_headers', array() ); + + /* + * If trusted_headers array is empty, then we return REMOTE_ADDR. + */ + if ( empty( $trusted_headers ) ) { + return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); } - - return ''; - } - - /** - * Returns the first matched IP from the list of array of headers. - * - * @return string - */ - public static function get_ip_from_headers( $headers = array() ) { - foreach ( $headers as $header ) { + + foreach ( $trusted_headers as $header ) { if ( ! isset( $_SERVER[ $header ] ) ) { continue; } @@ -1600,13 +1610,13 @@ public static function get_ip_from_headers( $headers = array() ) { sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) ) ) as $ip ) { $ip = trim( $ip ); // just to be safe. - + if ( filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ) !== false ) { return $ip; } } } - + return ''; } From 8f56bb46691d99824f990a55dc338b7aee00601a Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Tue, 12 Jul 2022 13:15:25 +0530 Subject: [PATCH 05/25] add hook to filter IP flags --- restricted_site_access.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 52d29db4..9a614f73 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1552,10 +1552,8 @@ public static function get_client_ip_address() { ) as $ip ) { $ip = trim( $ip ); // just to be safe. - $filter_flags = FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE; - if ( defined( 'RSA_ACCEPT_PRIVATE_IPS' ) && RSA_ACCEPT_PRIVATE_IPS === true ) { - $filter_flags = 0; - } + /** Hook to filter IP flags. */ + $filter_flags = apply_filters( 'rsa_get_client_ip_address_flags', FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ); if ( filter_var( $ip, FILTER_VALIDATE_IP, $filter_flags ) !== false ) { return $ip; From 049c625015bf2913592184cd3a06163259ed7a70 Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Sun, 24 Jul 2022 22:16:19 +0530 Subject: [PATCH 06/25] updated filter name --- restricted_site_access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 9a614f73..b178c78e 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1553,7 +1553,7 @@ public static function get_client_ip_address() { $ip = trim( $ip ); // just to be safe. /** Hook to filter IP flags. */ - $filter_flags = apply_filters( 'rsa_get_client_ip_address_flags', FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ); + $filter_flags = apply_filters( 'rsa_get_client_ip_address_filter_flags', FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ); if ( filter_var( $ip, FILTER_VALIDATE_IP, $filter_flags ) !== false ) { return $ip; From ab9d576d1a4e76ab4dce488601c2ae931398f73e Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Sun, 14 Aug 2022 12:21:03 +0530 Subject: [PATCH 07/25] bump minimum PHP and WordPress versions --- .github/workflows/cypress.yml | 2 +- .github/workflows/php-compatibility.yml | 6 +++--- .github/workflows/phpunit.yml | 2 +- readme.txt | 4 ++-- restricted_site_access.php | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 94fe82a2..6e7a101f 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -21,7 +21,7 @@ jobs: core: - {name: 'WP latest', version: 'latest'} - {name: 'WP trunk', version: 'WordPress/WordPress#master'} - - {name: 'WP minimum', version: 'WordPress/WordPress#4.6'} + - {name: 'WP minimum', version: 'WordPress/WordPress#5.7'} steps: - name: Checkout diff --git a/.github/workflows/php-compatibility.yml b/.github/workflows/php-compatibility.yml index 30d691ef..a2a673f9 100644 --- a/.github/workflows/php-compatibility.yml +++ b/.github/workflows/php-compatibility.yml @@ -11,7 +11,7 @@ on: jobs: php-compatibility: - name: PHP minimum 5.6 + name: PHP minimum 7.4 runs-on: ubuntu-latest @@ -22,7 +22,7 @@ jobs: - name: Set PHP version uses: shivammathur/setup-php@v2 with: - php-version: '7.3' + php-version: '7.4' tools: composer:v2 coverage: none @@ -30,4 +30,4 @@ jobs: run: composer install - name: Run PHP Compatibility - run: vendor/bin/phpcs . --standard=PHPCompatibilityWP --ignore=vendor --extensions=php --runtime-set testVersion 5.6- \ No newline at end of file + run: vendor/bin/phpcs . --standard=PHPCompatibilityWP --ignore=vendor --extensions=php --runtime-set testVersion 7.4- \ No newline at end of file diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index 8ba469fb..4e1dae48 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -24,7 +24,7 @@ jobs: - name: Set PHP version uses: shivammathur/setup-php@v2 with: - php-version: '7.3' + php-version: '7.4' coverage: none tools: composer:v1 diff --git a/readme.txt b/readme.txt index 7f43a533..02a75232 100644 --- a/readme.txt +++ b/readme.txt @@ -2,10 +2,10 @@ Contributors: 10up, jakemgold, rcbth, thinkoomph, tlovett1, jeffpaul, nomnom99 Donate link: https://10up.com/plugins/restricted-site-access-wordpress/ Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block -Requires at least: 5.0 +Requires at least: 5.7 Tested up to: 6.0 Stable tag: 7.3.1 -Requires PHP: 5.6 +Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html diff --git a/restricted_site_access.php b/restricted_site_access.php index d40af720..7f9b38ec 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -4,8 +4,8 @@ * Plugin URI: https://10up.com/plugins/restricted-site-access-wordpress/ * Description: Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. Powerful control over redirection, including SEO friendly redirect headers. Great solution for Extranets, publicly hosted Intranets, or parallel development sites. * Version: 7.3.1 - * Requires at least: 5.0 - * Requires PHP: 5.6 + * Requires at least: 5.7 + * Requires PHP: 7.4 * Author: Jake Goldman, 10up, Oomph * Author URI: https://10up.com * License: GPL v2 or later From 5a7a04620a5a16dbcf4e60be1dd5f5a3a156c6aa Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Fri, 19 Aug 2022 15:21:43 -0600 Subject: [PATCH 08/25] Iterate over each trusted proxy IP address and pass into our validation function, instead of doing a strict match. Set the default for our trusted headers to match the current functionality to avoid backwards compat issues. Documentation changes --- restricted_site_access.php | 78 ++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 33 deletions(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index b2adaece..b70859ff 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1529,10 +1529,10 @@ public static function ip_in_range( $ip, $range ) { * @return string */ public static function get_client_ip_address() { - /** REMOTE_ADDR IP Address. */ + // REMOTE_ADDR IP address. $remote_addr_header_ip = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : false; - /** Return if REMOTE_ADDR is not set. */ + // Return if REMOTE_ADDR is not set. if ( empty( $remote_addr_header_ip ) ) { return ''; } @@ -1548,63 +1548,75 @@ public static function get_client_ip_address() { * In case your reverse proxy uses static IP addresses, then you can add those * addresses to the $trusted_proxies array. * - * (Note: This is for advanced users only.) + * @param string[] $trusted_proxies The IP addresses of the proxy we want to trust. */ $trusted_proxies = apply_filters( 'rsa_trusted_proxies', array() ); if ( ! empty( $trusted_proxies ) ) { - - /** If REMOTE_ADDR is found in the array of trusted proxies... */ - if ( in_array( $remote_addr_header_ip, $trusted_proxies ) ) { - return self::get_ip_from_headers(); - } else { - return ''; + foreach ( $trusted_proxies as $trusted_proxy ) { + // If REMOTE_ADDR is found in our trusted proxy, get IP from headers. + if ( self::ip_in_range( $remote_addr_header_ip, $trusted_proxy ) ) { + return self::get_ip_from_headers(); + } } + + return ''; } else { return self::get_ip_from_headers(); } } - + /** * Returns the first matched IP from the list of array of headers. * * @return string */ public static function get_ip_from_headers() { + $trusted_headers = array( + 'HTTP_CF_CONNECTING_IP', + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_CLUSTER_CLIENT_IP', + 'HTTP_FORWARDED_FOR', + 'HTTP_FORWARDED', + ); + /* - * If your site is not behind a reverse proxy, then REMOTE_ADDR will contain the - * actual client IP address. In this case, set $trusted_headers to an empty array - (default behaviour). + * Filter hook to set array of trusted IP address headers. + * + * Most CDN providers will set the IP address of the client in a number + * of headers. This allows the plugin to detect the IP address of the client + * even if it is behind a proxy. * - * In case of a proxy server, the proxy server will replace REMOTE_ADDR with its own IP address and - * forward the client IP address using one of the following headers depending on the implementation. + * Use this hook to modify the permitted proxy headers. For sites without a + * CDN (or local proxy) it is recommended to add a filter to this hook to + * return an empty array. * - * HTTP_CF_CONNECTING_IP - * HTTP_CLIENT_IP - * HTTP_X_FORWARDED_FOR - * HTTP_X_FORWARDED - * HTTP_X_CLUSTER_CLIENT_IP - * HTTP_FORWARDED_FOR - * HTTP_FORWARDED + * add_filter( 'rsa_trusted_headers', '__return_empty_array' ); * - * Use the `rsa_trusted_headers` filter hook to set the headers that should be trusted with client IP - * address. + * By default, the following headers are trusted: + * - HTTP_CF_CONNECTING_IP + * - HTTP_CLIENT_IP + * - HTTP_X_FORWARDED_FOR + * - HTTP_X_FORWARDED + * - HTTP_X_CLUSTER_CLIENT_IP + * - HTTP_FORWARDED_FOR + * - HTTP_FORWARDED * - * (Note: This is for advanced users only.) + * To allow for CDNs, these headers take priority over the REMOTE_ADDR value. + * + * @param string[] $trusted_proxies Array of trusted IP Address headers. */ - $trusted_headers = apply_filters( 'rsa_trusted_headers', array() ); + $trusted_headers = apply_filters( 'rsa_trusted_headers', $trusted_headers ); - /* - * If trusted_headers array is empty, then we return REMOTE_ADDR. - */ - if ( empty( $trusted_headers ) ) { - return sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); - } + // Add the REMOTE_ADDR value to the end of the array. + $trusted_headers[] = 'REMOTE_ADDR'; - foreach ( $trusted_headers as $header ) { + foreach ( array_unique( $trusted_headers ) as $header ) { if ( ! isset( $_SERVER[ $header ] ) ) { continue; } - + foreach ( explode( ',', sanitize_text_field( wp_unslash( $_SERVER[ $header ] ) ) From 3b2b6e8b46ecf2b832c7bddb808f3d0d632b7ee3 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Fri, 19 Aug 2022 15:38:09 -0600 Subject: [PATCH 09/25] Add back header --- restricted_site_access.php | 1 + 1 file changed, 1 insertion(+) diff --git a/restricted_site_access.php b/restricted_site_access.php index b70859ff..7195d9bc 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1576,6 +1576,7 @@ public static function get_ip_from_headers() { 'HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', From 041ec15e66e2f80248b7beabe375e90e311192a2 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Mon, 22 Aug 2022 15:19:47 -0600 Subject: [PATCH 10/25] Always return the REMOTE_ADDR header value if nothing else matches --- restricted_site_access.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 7195d9bc..501f0ec1 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1560,7 +1560,7 @@ public static function get_client_ip_address() { } } - return ''; + return $remote_addr_header_ip; } else { return self::get_ip_from_headers(); } @@ -1572,6 +1572,7 @@ public static function get_client_ip_address() { * @return string */ public static function get_ip_from_headers() { + $ip = ''; $trusted_headers = array( 'HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', From 5c103a2925b511a9201c7044ca3fd219fe30bcd7 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Mon, 22 Aug 2022 15:25:13 -0600 Subject: [PATCH 11/25] Make sure we actually return our variable --- restricted_site_access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index 10834954..dcc79a84 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1634,7 +1634,7 @@ public static function get_ip_from_headers() { } } - return ''; + return $ip; } /** From 3ae9a38caa09cd9839fb544f1b2d4c5eefc06636 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Mon, 22 Aug 2022 16:02:56 -0600 Subject: [PATCH 12/25] Add tests Set our REMOTE_ADDR header in our tests Properly reset things between tests Change filter flags so local IPs pass verification Move filter location --- restricted_site_access.php | 2 +- tests/php/test-ip-addresses.php | 89 +++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index dcc79a84..a49ec012 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1560,7 +1560,7 @@ public static function get_client_ip_address() { } } - return $remote_addr_header_ip; + return ''; } else { return self::get_ip_from_headers(); } diff --git a/tests/php/test-ip-addresses.php b/tests/php/test-ip-addresses.php index 50b299a3..d52cd11d 100644 --- a/tests/php/test-ip-addresses.php +++ b/tests/php/test-ip-addresses.php @@ -71,4 +71,93 @@ public function test_get_client_ip_address() { unset( $_SERVER[ $header ] ); } } + + public function test_rsa_trusted_proxies() { + $rsa = Restricted_Site_Access::get_instance(); + + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + + // Test that if the REMOTE_ADDR matches our proxy, we return a proper IP. + add_filter( 'rsa_trusted_proxies', function() { + return array( '127.0.0.1/24' ); + } ); + + $this->assertSame( '127.0.0.1', $rsa::get_client_ip_address() ); + + // Test that if the REMOTE_ADDR doesn't match our proxy, we return an empty string. + add_filter( 'rsa_trusted_proxies', function() { + return array( '10.0.0.0/8' ); + } ); + + $this->assertSame( '', $rsa::get_client_ip_address() ); + + // Test if we have multiple proxies and one matches, we return a proper IP. + add_filter( 'rsa_trusted_proxies', function() { + return array( '10.0.0.0/8', '127.0.0.1' ); + } ); + + $this->assertSame( '127.0.0.1', $rsa::get_client_ip_address() ); + + // Reset the filter. + add_filter( 'rsa_trusted_proxies', '__return_empty_array' ); + unset( $_SERVER['REMOTE_ADDR'] ); + } + + public function test_rsa_trusted_headers() { + $rsa = Restricted_Site_Access::get_instance(); + + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + + add_filter( 'rsa_get_client_ip_address_filter_flags', function() { + return FILTER_FLAG_NO_RES_RANGE; + } ); + + $headers = array( + 'HTTP_CF_CONNECTING_IP', + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED', + 'HTTP_X_CLUSTER_CLIENT_IP', + 'HTTP_FORWARDED_FOR', + 'HTTP_FORWARDED', + ); + + // Test that each header returns the value we expect. + foreach( $headers as $header ) { + $_SERVER[ $header ] = '127.0.0.1'; + $this->assertSame( '127.0.0.1', $rsa::get_ip_from_headers() ); + unset( $_SERVER[ $header ] ); + } + + // Test that if we don't trust any headers, we get the REMOTE_ADDR value. + $_SERVER['HTTP_CLIENT_IP'] = '10.0.0.0'; + add_filter( 'rsa_trusted_headers', '__return_empty_array' ); + $this->assertSame( '127.0.0.1', $rsa::get_ip_from_headers() ); + unset( $_SERVER['HTTP_CLIENT_IP'] ); + + // Test if we trust a single header, we get that value back. + $_SERVER['HTTP_CLIENT_IP'] = '10.0.0.0'; + add_filter( 'rsa_trusted_headers', function() { + return array( 'HTTP_CLIENT_IP' ); + } ); + $this->assertSame( '10.0.0.0', $rsa::get_ip_from_headers() ); + unset( $_SERVER['HTTP_CLIENT_IP'] ); + + // Test if we trust multiple headers, we get the first matched value back. + $_SERVER['HTTP_X_FORWARDED'] = '10.0.0.8'; + $_SERVER['HTTP_FORWARDED'] = '10.0.0.0'; + add_filter( 'rsa_trusted_headers', function() use ( $headers ) { + return $headers; + } ); + $this->assertSame( '10.0.0.8', $rsa::get_ip_from_headers() ); + unset( $_SERVER['HTTP_X_FORWARDED'] ); + unset( $_SERVER['HTTP_FORWARDED'] ); + + // Reset things. + add_filter( 'rsa_get_client_ip_address_filter_flags', function() { + return FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE; + } ); + unset( $_SERVER['REMOTE_ADDR'] ); + } + } From c0ba4586c676bcc6a7f17bae90840212c6712785 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 24 Aug 2022 14:50:23 -0600 Subject: [PATCH 13/25] CR feedback --- restricted_site_access.php | 4 ++-- tests/php/test-ip-addresses.php | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index a49ec012..c95245ae 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -1537,7 +1537,7 @@ public static function get_client_ip_address() { return ''; } - /* + /** * Filter hook to set array of trusted proxies. * * Some reverse proxies (like AWS Elastic Load Balancing) don't have @@ -1583,7 +1583,7 @@ public static function get_ip_from_headers() { 'HTTP_FORWARDED', ); - /* + /** * Filter hook to set array of trusted IP address headers. * * Most CDN providers will set the IP address of the client in a number diff --git a/tests/php/test-ip-addresses.php b/tests/php/test-ip-addresses.php index d52cd11d..807da716 100644 --- a/tests/php/test-ip-addresses.php +++ b/tests/php/test-ip-addresses.php @@ -98,8 +98,6 @@ public function test_rsa_trusted_proxies() { $this->assertSame( '127.0.0.1', $rsa::get_client_ip_address() ); - // Reset the filter. - add_filter( 'rsa_trusted_proxies', '__return_empty_array' ); unset( $_SERVER['REMOTE_ADDR'] ); } @@ -153,10 +151,6 @@ public function test_rsa_trusted_headers() { unset( $_SERVER['HTTP_X_FORWARDED'] ); unset( $_SERVER['HTTP_FORWARDED'] ); - // Reset things. - add_filter( 'rsa_get_client_ip_address_filter_flags', function() { - return FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE; - } ); unset( $_SERVER['REMOTE_ADDR'] ); } From 569ae83a566164ea50ba2197979889fe70d9e7a5 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 24 Aug 2022 15:21:38 -0600 Subject: [PATCH 14/25] Modify tests a bit to use data providers Fix our tests to ensure we set all headers first before asserting the value More test clean up More test clean up --- tests/php/test-ip-addresses.php | 149 +++++++++++++++++++------------- 1 file changed, 90 insertions(+), 59 deletions(-) diff --git a/tests/php/test-ip-addresses.php b/tests/php/test-ip-addresses.php index 807da716..a411c860 100644 --- a/tests/php/test-ip-addresses.php +++ b/tests/php/test-ip-addresses.php @@ -72,86 +72,117 @@ public function test_get_client_ip_address() { } } - public function test_rsa_trusted_proxies() { + /** + * Test trusted proxies. + * + * @dataProvider trusted_proxy_provider + * + * @param string $remote_ip Remote IP address. + * @param array $proxies Proxies to trust. + */ + public function test_rsa_trusted_proxies( string $remote_ip = '', array $proxies = array() ) { $rsa = Restricted_Site_Access::get_instance(); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - // Test that if the REMOTE_ADDR matches our proxy, we return a proper IP. - add_filter( 'rsa_trusted_proxies', function() { - return array( '127.0.0.1/24' ); + add_filter( 'rsa_trusted_proxies', function() use ( $proxies ) { + return $proxies; } ); - $this->assertSame( '127.0.0.1', $rsa::get_client_ip_address() ); - - // Test that if the REMOTE_ADDR doesn't match our proxy, we return an empty string. - add_filter( 'rsa_trusted_proxies', function() { - return array( '10.0.0.0/8' ); - } ); - - $this->assertSame( '', $rsa::get_client_ip_address() ); - - // Test if we have multiple proxies and one matches, we return a proper IP. - add_filter( 'rsa_trusted_proxies', function() { - return array( '10.0.0.0/8', '127.0.0.1' ); - } ); - - $this->assertSame( '127.0.0.1', $rsa::get_client_ip_address() ); + $this->assertSame( $remote_ip, $rsa::get_client_ip_address() ); unset( $_SERVER['REMOTE_ADDR'] ); } - public function test_rsa_trusted_headers() { - $rsa = Restricted_Site_Access::get_instance(); + public function trusted_proxy_provider() { + /** + * Data to use in our trusted proxy tests + * + * First key is a string containing our REMOTE_ADDR IP. + * Second is an array of proxy IP addresses. + */ + return array( + // Test that if the REMOTE_ADDR matches our proxy, we return a proper IP. + array( '127.0.0.1', array( '127.0.0.1/24' ) ), + // Test that if the REMOTE_ADDR doesn't match our proxy, we return an empty string. + array( '', array( '10.0.0.0/8' ) ), + // Test if we have multiple proxies and one matches, we return a proper IP. + array( '127.0.0.1', array( '10.0.0.0/8', '127.0.0.1' ) ), + ); + } - $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + /** + * Test trusted headers + * + * @dataProvider trusted_headers_provider + * + * @param string $remote_ip Remote IP address + * @param array $headers Headers to set. + * @param array $trusted_headers Headers we want to trust. + */ + public function test_rsa_trusted_headers( string $remote_ip = '', array $headers = array(), array $trusted_headers = array() ) { + $rsa = Restricted_Site_Access::get_instance(); add_filter( 'rsa_get_client_ip_address_filter_flags', function() { return FILTER_FLAG_NO_RES_RANGE; } ); - $headers = array( - 'HTTP_CF_CONNECTING_IP', - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED', - 'HTTP_X_CLUSTER_CLIENT_IP', - 'HTTP_FORWARDED_FOR', - 'HTTP_FORWARDED', - ); + add_filter( 'rsa_trusted_headers', function() use ( $trusted_headers ) { + return $trusted_headers; + } ); - // Test that each header returns the value we expect. - foreach( $headers as $header ) { - $_SERVER[ $header ] = '127.0.0.1'; - $this->assertSame( '127.0.0.1', $rsa::get_ip_from_headers() ); - unset( $_SERVER[ $header ] ); + foreach( $headers as $header => $ip ) { + $_SERVER[ $header ] = $ip; } - // Test that if we don't trust any headers, we get the REMOTE_ADDR value. - $_SERVER['HTTP_CLIENT_IP'] = '10.0.0.0'; - add_filter( 'rsa_trusted_headers', '__return_empty_array' ); - $this->assertSame( '127.0.0.1', $rsa::get_ip_from_headers() ); - unset( $_SERVER['HTTP_CLIENT_IP'] ); + $this->assertSame( $remote_ip, $rsa::get_ip_from_headers() ); - // Test if we trust a single header, we get that value back. - $_SERVER['HTTP_CLIENT_IP'] = '10.0.0.0'; - add_filter( 'rsa_trusted_headers', function() { - return array( 'HTTP_CLIENT_IP' ); - } ); - $this->assertSame( '10.0.0.0', $rsa::get_ip_from_headers() ); - unset( $_SERVER['HTTP_CLIENT_IP'] ); - - // Test if we trust multiple headers, we get the first matched value back. - $_SERVER['HTTP_X_FORWARDED'] = '10.0.0.8'; - $_SERVER['HTTP_FORWARDED'] = '10.0.0.0'; - add_filter( 'rsa_trusted_headers', function() use ( $headers ) { - return $headers; - } ); - $this->assertSame( '10.0.0.8', $rsa::get_ip_from_headers() ); - unset( $_SERVER['HTTP_X_FORWARDED'] ); - unset( $_SERVER['HTTP_FORWARDED'] ); + foreach( $headers as $header ) { + unset( $_SERVER[ $header ] ); + } + } - unset( $_SERVER['REMOTE_ADDR'] ); + public function trusted_headers_provider() { + /** + * Data to use in our trusted header tests + * + * First key is a string containing our expected IP. + * Second is an array of headers and the IP they are set to. + * Third is an array of headers to trust. + */ + return array( + // Test that if we don't trust any headers, we get the REMOTE_ADDR value. + array( + '127.0.0.1', + array( + 'HTTP_CLIENT_IP' => '10.0.0.0', + 'REMOTE_ADDR' => '127.0.0.1', + ), + array() + ), + // Test if we trust a single header, we get that value back. + array( + '10.0.0.0', + array( + 'HTTP_CLIENT_IP' => '10.0.0.0', + 'REMOTE_ADDR' => '127.0.0.1', + ), + array( 'HTTP_CLIENT_IP' ) + ), + // Test if we trust multiple headers, we get the first matched value back. + array( + '10.0.0.8', + array( + 'HTTP_FORWARDED' => '10.0.0.0', + 'HTTP_X_FORWARDED' => '10.0.0.8', + 'REMOTE_ADDR' => '127.0.0.1', + ), + array( + 'HTTP_X_FORWARDED', + 'HTTP_FORWARDED', + ) + ), + ); } } From 740653c4bfe95d4c16a4dac588e003ec02791084 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 24 Aug 2022 16:22:59 -0600 Subject: [PATCH 15/25] Ensure we have an IP before checking it --- restricted_site_access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restricted_site_access.php b/restricted_site_access.php index c95245ae..f371bbf1 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -372,7 +372,7 @@ public static function restrict_access_check( $wp ) { // iterate through the allow list. foreach ( $allowed_ips as $line ) { - if ( self::ip_in_range( $remote_ip, $line ) ) { + if ( $remote_ip && self::ip_in_range( $remote_ip, $line ) ) { /** * Fires when an ip address match occurs. From 8356e1d0408a2d92a33dc81734e24ee78c509f61 Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Thu, 25 Aug 2022 16:46:26 +0530 Subject: [PATCH 16/25] update version to 7.3.2 --- CHANGELOG.md | 6 ++++++ package.json | 2 +- readme.txt | 7 ++++++- restricted_site_access.php | 4 ++-- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6496ca6..aa54fef3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] +## [7.3.2] - 2022-08-29 + +### Changed +- Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9) via [#200](https://github.com/10up/restricted-site-access/pull/200)). +- Bump minimum WordPress and PHP versions to 5.7 and 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). + ## [7.3.1] - 2022-06-30 ### Added - PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter) via [#183](https://github.com/10up/restricted-site-access/pull/183)). diff --git a/package.json b/package.json index 96a5321d..e8f3557e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "restricted-site-access", - "version": "7.3.1", + "version": "7.3.2", "description": "Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.", "homepage": "https://github.com/10up/restricted-site-access#readme", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index 02a75232..87190655 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: https://10up.com/plugins/restricted-site-access-wordpress/ Tags: privacy, restricted, restrict, privacy, limited, permissions, security, block Requires at least: 5.7 Tested up to: 6.0 -Stable tag: 7.3.1 +Stable tag: 7.3.2 Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -153,6 +153,11 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR == Changelog == += 7.3.1 - 2022-08-29 = + +* **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). +* **Changed:** Bump minimum WordPress and PHP versions to 5.7 and 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). + = 7.3.1 - 2022-06-30 = * **Added:** PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter)). * **Added:** Dependency security scanning GitHub Action (props [@jeffpaul](https://github.com/jeffpaul)). diff --git a/restricted_site_access.php b/restricted_site_access.php index 56458874..cb775358 100644 --- a/restricted_site_access.php +++ b/restricted_site_access.php @@ -3,7 +3,7 @@ * Plugin Name: Restricted Site Access * Plugin URI: https://10up.com/plugins/restricted-site-access-wordpress/ * Description: Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. Powerful control over redirection, including SEO friendly redirect headers. Great solution for Extranets, publicly hosted Intranets, or parallel development sites. - * Version: 7.3.1 + * Version: 7.3.2 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: Jake Goldman, 10up, Oomph @@ -13,7 +13,7 @@ * Text Domain: restricted-site-access */ -define( 'RSA_VERSION', '7.3.1' ); +define( 'RSA_VERSION', '7.3.2' ); /** * Class responsible for all plugin funcitonality. From 283a30c044d0d69331c4d7631e0dff954386b97a Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Thu, 25 Aug 2022 19:06:15 +0530 Subject: [PATCH 17/25] update CREDITS --- CHANGELOG.md | 1 + CREDITS.md | 2 +- readme.txt | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa54fef3..e8990174 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -236,6 +236,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial public release [Unreleased]: https://github.com/10up/restricted-site-access/compare/trunk...develop +[7.3.2]: https://github.com/10up/restricted-site-access/compare/7.3.1...7.3.2 [7.3.1]: https://github.com/10up/restricted-site-access/compare/7.3.0...7.3.1 [7.3.0]: https://github.com/10up/restricted-site-access/compare/7.2.0...7.3.0 [7.2.0]: https://github.com/10up/restricted-site-access/compare/7.1.0...7.2.0 diff --git a/CREDITS.md b/CREDITS.md index 341db32a..9cf6745d 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [@vikrampm1](https://github.com/vikrampm1). ## Libraries diff --git a/readme.txt b/readme.txt index 87190655..19a255a7 100644 --- a/readme.txt +++ b/readme.txt @@ -153,7 +153,7 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR == Changelog == -= 7.3.1 - 2022-08-29 = += 7.3.2 - 2022-08-29 = * **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). * **Changed:** Bump minimum WordPress and PHP versions to 5.7 and 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). From 4e0d868f82f49fa3e916f4a91985935850a63e5c Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Thu, 25 Aug 2022 22:57:44 +0530 Subject: [PATCH 18/25] CR feedback --- CHANGELOG.md | 3 ++- CREDITS.md | 2 +- readme.txt | 7 ++++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8990174..fa3721ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,8 @@ All notable changes to this project will be documented in this file, per [the Ke ### Changed - Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9) via [#200](https://github.com/10up/restricted-site-access/pull/200)). -- Bump minimum WordPress and PHP versions to 5.7 and 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). +- Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). +- Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). ## [7.3.1] - 2022-06-30 ### Added diff --git a/CREDITS.md b/CREDITS.md index 9cf6745d..1ed2b4c4 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [@vikrampm1](https://github.com/vikrampm1). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy @vikrampm1](https://github.com/vikrampm1). ## Libraries diff --git a/readme.txt b/readme.txt index 19a255a7..6560c316 100644 --- a/readme.txt +++ b/readme.txt @@ -156,7 +156,8 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR = 7.3.2 - 2022-08-29 = * **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). -* **Changed:** Bump minimum WordPress and PHP versions to 5.7 and 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). +* **Changed:** Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). +* **Changed:** Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). = 7.3.1 - 2022-06-30 = * **Added:** PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter)). @@ -328,6 +329,10 @@ This update improves performance, refines the user interface, and adds support f == Upgrade Notice == += 7.3.2 = +Drops support for versions of WordPress prior to 5.7. +Drops support for versions of PHP prior to 7.4. + = 6.2.1 = IMPORTANT MULTISITE FUNCTIONALITY CHANGE: User access is now checked against their role on a given site in multisite. To restore previous behavior, use the new restricted_site_access_user_can_access filter. From bd762090f944660499937fb1bdcbc92f4fe0fdba Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Fri, 26 Aug 2022 10:32:40 -0600 Subject: [PATCH 19/25] Update readmes with information on how to utilize these new filters --- README.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ readme.txt | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/README.md b/README.md index c2028e69..d99cb7e4 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,51 @@ Visitors that are not logged in or allowed by IP address will not be able to bro Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors. +In 7.3.2, two new filters have been added that can be utilized to help prevent IP spoofing attacks. The first filter allows you to set up a list of approved proxy IP addresses and the second allows you to set up a list of approved HTTP headers. By default, these filters will not change existing behavior. It is recommended to review these filters and utilize them appropriately for your site to secure things further. + +If your site is not running behind a proxy, we recommend doing the following: + +```php +add_filter( 'rsa_trusted_headers', '__return_empty_array' ); +``` + +This will then only use the `REMOTE_ADDR` HTTP header to determine the IP address of the visitor. This header can't be spoofed, so this will increase security. + +If your site is running behind a proxy (like a CDN), you can't rely on the `REMOTE_ADDR` HTTP header, as this will contain the IP address of the proxy, not the user. If your proxy uses static IP addresses, we recommend using the `rsa_trusted_proxies` filter to set those trusted IP addresses: + +```php +add_filter( 'rsa_trusted_proxies', 'my_rsa_trusted_proxies' ); + +function my_rsa_trusted_proxies( $trusted_proxies = array() ) { + // Set one or more trusted proxy IP addresses. + $proxy_ips = array( + '10.0.0.0/24', + '10.0.0.0/32', + ); + $trusted_proxies = array_merge( $trusted_proxies, $proxy_ips ); + + return array_unique( $trusted_proxies ); +} +``` + +And then use the `rsa_trusted_headers` filter to set which HTTP headers you want to trust. Consult with your proxy provider to determine which header(s) they use to hold the original client IP: + +```php +add_filter( 'rsa_trusted_headers', 'my_rsa_trusted_headers' ); + +function my_rsa_trusted_headers( $trusted_headers = array() ) { + // Set one or more trusted HTTP headers. + $headers = array( + 'HTTP_X_FORWARDED', + 'HTTP_FORWARDED', + ); + + return $headers; +} +``` + +If your proxy does not use static IP addresses, you can still utilize the `rsa_trusted_headers` filter to change which HTTP headers you want to trust. + ### I received a warning about page caching. What does it mean? Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings. diff --git a/readme.txt b/readme.txt index 02a75232..7dee1780 100644 --- a/readme.txt +++ b/readme.txt @@ -64,6 +64,51 @@ Visitors that are not logged in or allowed by IP address will not be able to bro Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors. +In 7.3.2, two new filters have been added that can be utilized to help prevent IP spoofing attacks. The first filter allows you to set up a list of approved proxy IP addresses and the second allows you to set up a list of approved HTTP headers. By default, these filters will not change existing behavior. It is recommended to review these filters and utilize them appropriately for your site to secure things further. + +If your site is not running behind a proxy, we recommend doing the following: + +` +add_filter( 'rsa_trusted_headers', '__return_empty_array' ); +` + +This will then only use the `REMOTE_ADDR` HTTP header to determine the IP address of the visitor. This header can't be spoofed, so this will increase security. + +If your site is running behind a proxy (like a CDN), you can't rely on the `REMOTE_ADDR` HTTP header, as this will contain the IP address of the proxy, not the user. If your proxy uses static IP addresses, we recommend using the `rsa_trusted_proxies` filter to set those trusted IP addresses: + +` +add_filter( 'rsa_trusted_proxies', 'my_rsa_trusted_proxies' ); + +function my_rsa_trusted_proxies( $trusted_proxies = array() ) { + // Set one or more trusted proxy IP addresses. + $proxy_ips = array( + '10.0.0.0/24', + '10.0.0.0/32', + ); + $trusted_proxies = array_merge( $trusted_proxies, $proxy_ips ); + + return array_unique( $trusted_proxies ); +} +` + +And then use the `rsa_trusted_headers` filter to set which HTTP headers you want to trust. Consult with your proxy provider to determine which header(s) they use to hold the original client IP: + +` +add_filter( 'rsa_trusted_headers', 'my_rsa_trusted_headers' ); + +function my_rsa_trusted_headers( $trusted_headers = array() ) { + // Set one or more trusted HTTP headers. + $headers = array( + 'HTTP_X_FORWARDED', + 'HTTP_FORWARDED', + ); + + return $headers; +} +` + +If your proxy does not use static IP addresses, you can still utilize the `rsa_trusted_headers` filter to change which HTTP headers you want to trust. + = I received a warning about page caching. What does it mean? = Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings. From 768586cc6d2e0e2e7fca63143b8a7ec099be9755 Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Mon, 29 Aug 2022 20:11:24 +0530 Subject: [PATCH 20/25] update docs with PR 198 --- CHANGELOG.md | 3 +++ CREDITS.md | 2 +- readme.txt | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa3721ff..8e8d66cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ All notable changes to this project will be documented in this file, per [the Ke - Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). - Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). +### Security +- New filters - `rsa_trusted_proxies` and `rsa_trusted_headers` have been added to help prevent IP spoofing attacks (props [dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc), [@marcS0H](https://github.com/marcS0H), [Vlad Visse](https://patchstack.com/), [@Sidsector9](https://github.com/Sidsector9) via [#198](https://github.com/10up/restricted-site-access/pull/198)). + ## [7.3.1] - 2022-06-30 ### Added - PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter) via [#183](https://github.com/10up/restricted-site-access/pull/183)). diff --git a/CREDITS.md b/CREDITS.md index 1ed2b4c4..ccef73e3 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy @vikrampm1](https://github.com/vikrampm1). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [Vlad Visse](https://patchstack.com/). ## Libraries diff --git a/readme.txt b/readme.txt index 371f07a4..4bc6d30c 100644 --- a/readme.txt +++ b/readme.txt @@ -203,6 +203,7 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR * **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). * **Changed:** Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). * **Changed:** Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). +* **Security:** New filters - `rsa_trusted_proxies` and `rsa_trusted_headers` have been added to help prevent IP spoofing attacks. = 7.3.1 - 2022-06-30 = * **Added:** PHP8 compatibility check GitHub Action (props [@Sidsector9](https://github.com/Sidsector9), [dkotter](https://github.com/dkotter)). From 48407c00d555801ee97e9e8eab2a5c225426441c Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Mon, 29 Aug 2022 10:03:03 -0500 Subject: [PATCH 21/25] Update CHANGELOG.md --- CHANGELOG.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e8d66cd..d40b97de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,17 +2,16 @@ All notable changes to this project will be documented in this file, per [the Keep a Changelog standard](http://keepachangelog.com/). Moving forward, this project will (more strictly) adhere to [Semantic Versioning](http://semver.org/). -## [Unreleased] +## [Unreleased] - TBD ## [7.3.2] - 2022-08-29 - ### Changed - Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9) via [#200](https://github.com/10up/restricted-site-access/pull/200)). - Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). - Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). ### Security -- New filters - `rsa_trusted_proxies` and `rsa_trusted_headers` have been added to help prevent IP spoofing attacks (props [dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc), [@marcS0H](https://github.com/marcS0H), [Vlad Visse](https://patchstack.com/), [@Sidsector9](https://github.com/Sidsector9) via [#198](https://github.com/10up/restricted-site-access/pull/198)). +- New filters - `rsa_trusted_proxies` and `rsa_trusted_headers` have been added to help prevent IP spoofing attacks (props [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc), [@marcS0H](https://github.com/marcS0H), [@DanielRuf](https://github.com/DanielRuf), [@Sidsector9](https://github.com/Sidsector9) via [#198](https://github.com/10up/restricted-site-access/pull/198)). ## [7.3.1] - 2022-06-30 ### Added From 298f01e6e19c08731c9fbd166cd7c16d7de5e40d Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Mon, 29 Aug 2022 10:06:26 -0500 Subject: [PATCH 22/25] Update CREDITS.md --- CREDITS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CREDITS.md b/CREDITS.md index ccef73e3..01e704dc 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [Vlad Visse](https://patchstack.com/). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [DanielRuf (@DanielRuf)](https://github.com/DanielRuf). ## Libraries From bd70ff8fcb8d1df109ac82b190e8fc4fba7cc6c4 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Mon, 29 Aug 2022 10:08:05 -0500 Subject: [PATCH 23/25] Update readme.txt --- readme.txt | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/readme.txt b/readme.txt index 4bc6d30c..d8a4db81 100644 --- a/readme.txt +++ b/readme.txt @@ -199,7 +199,6 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR == Changelog == = 7.3.2 - 2022-08-29 = - * **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). * **Changed:** Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). * **Changed:** Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). @@ -367,14 +366,6 @@ __Note: There is currently an edge case bug affecting IP whitelisting. This bug == Upgrade Notice == -= 5.1 = -Drops support for versions of WordPress prior to 3.5. - -= 4.0 = -This update improves performance, refines the user interface, and adds support for showing restricted visitors a specific page. Please be advised that this udpate is specifically designed for WordPress 3.2+, and like WordPress 3.2, no longer supports PHP < 5.2.4. - -== Upgrade Notice == - = 7.3.2 = Drops support for versions of WordPress prior to 5.7. Drops support for versions of PHP prior to 7.4. @@ -387,3 +378,9 @@ IMPORTANT MULTISITE FUNCTIONALITY CHANGE: User access is now checked against the = 6.1.0 = * Important: version 6.1 improves testing visitors for allowed IP addresses ("Unrestricted IP addresses"). We recommend testing IP based restrictions after updating. + += 5.1 = +Drops support for versions of WordPress prior to 3.5. + += 4.0 = +This update improves performance, refines the user interface, and adds support for showing restricted visitors a specific page. Please be advised that this udpate is specifically designed for WordPress 3.2+, and like WordPress 3.2, no longer supports PHP < 5.2.4. From 8134c4d0edbd711ab22af03b4fcee8c69764b456 Mon Sep 17 00:00:00 2001 From: Siddharth Thevaril Date: Mon, 29 Aug 2022 20:43:47 +0530 Subject: [PATCH 24/25] update doc with PR 113 --- CHANGELOG.md | 4 ++++ CREDITS.md | 2 +- readme.txt | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d40b97de..75e5bcf3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD ## [7.3.2] - 2022-08-29 + +### Added +- New filter - `rsa_get_client_ip_address_filter_flags` to modify the range of accepted IP addresses (props [@dsXLII](https://github.com/dsXLII), [@dinhtungdu](https://github.com/dinhtungdu), [@Sidsector9](https://github.com/Sidsector9) via [#113](https://github.com/10up/restricted-site-access/pull/113)). + ### Changed - Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9) via [#200](https://github.com/10up/restricted-site-access/pull/200)). - Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi) via [#207](https://github.com/10up/restricted-site-access/pull/207)). diff --git a/CREDITS.md b/CREDITS.md index 01e704dc..08752cc4 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [DanielRuf (@DanielRuf)](https://github.com/DanielRuf). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [DanielRuf (@DanielRuf)](https://github.com/DanielRuf), [David E. Smith (@dsXLII)](https://github.com/dsXLII). ## Libraries diff --git a/readme.txt b/readme.txt index d8a4db81..13d175b3 100644 --- a/readme.txt +++ b/readme.txt @@ -199,6 +199,7 @@ Please note that setting `RSA_FORCE_RESTRICTION` will override `RSA_FORBID_RESTR == Changelog == = 7.3.2 - 2022-08-29 = +* **Added:** New filter - `rsa_get_client_ip_address_filter_flags` to modify the range of accepted IP addresses. * **Changed:** Avoid disjointed plugin settings (props [@helen](https://github.com/helen), [@peterwilsoncc](https://github.com/peterwilsoncc), [@Sidsector9](https://github.com/Sidsector9)). * **Changed:** Bump minimum WordPress version from 5.0 to 5.7 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). * **Changed:** Bump minimum PHP version from 5.6 to 7.4 (props [@vikrampm1](https://github.com/vikrampm1), [@Sidsector9](https://github.com/Sidsector9), [@faisal-alvi](https://github.com/faisal-alvi)). From 8ba6dd57810ea2e7b2213aa76ab12345915a9477 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Mon, 29 Aug 2022 12:07:48 -0500 Subject: [PATCH 25/25] Update CREDITS.md --- CREDITS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CREDITS.md b/CREDITS.md index 08752cc4..863b8c7e 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc Montpas (@marcS0H)](https://github.com/marcS0H), [DanielRuf (@DanielRuf)](https://github.com/DanielRuf), [David E. Smith (@dsXLII)](https://github.com/dsXLII). +[Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Joey Blake (@joeyblake)](https://github.com/joeyblake), [Steve Grunwell (@stevegrunwell)](https://github.com/stevegrunwell), [Grant Mangham (@vancoder)](https://github.com/vancoder), [@jmata-loop](https://github.com/jmata-loop), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Mika Epstein (@Ipstenu)](https://github.com/Ipstenu), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Prasath Nadarajah (@nprasath002)](https://github.com/nprasath002), [Mathieu Viet (@imath)](https://github.com/imath), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Peter Tasker (@ptasker)](https://github.com/ptasker), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Echo (@ChaosExAnima)](https://github.com/ChaosExAnima), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Pete Nelson (@petenelson)](https://github.com/petenelson), [Nate Allen (@nate-allen)](https://github.com/nate-allen), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Evan Mattson (@aaemnnosttv)](https://github.com/aaemnnosttv), [@JayWood](https://github.com/JayWood), [Ivan Kruchkoff (@ivankruchkoff)](https://github.com/ivankruchkoff), [Paul Schreiber (@paulschreiber)](https://github.com/paulschreiber), [Nick Lobeck (@eightam)](https://github.com/eightam), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Mikel King (@mikelking)](https://github.com/mikelking), [Max Lyuchin (@cadic)](https://github.com/cadic), [Crisoforo Gaspar Hernández (@mitogh)](https://github.com/mitogh), [Ankit K Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Justin Kopepasah (@kopepasah)](https://github.com/kopepasah), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Wayne K. Walrath (@wkw)](https://github.com/wkw), [Ivan Lopez (@ivanlopez)](https://github.com/ivanlopez), [Chuck Scott (@n8dnx)](https://github.com/n8dnx), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Pablo Amato (@pabamato)](https://github.com/pabamato), [Pedro Mendonça (@pedro-mendonca)](https://github.com/pedro-mendonca), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Stephanie Walters (@PypWalters)](https://github.com/PypWalters), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Marc-Alexandre Montpas (@marcS0H)](https://github.com/marcS0H), [Daniel Ruf (@DanielRuf)](https://github.com/DanielRuf), [David E. Smith (@dsXLII)](https://github.com/dsXLII). ## Libraries