• Major Redesign|ModSecurity CRS Proofing Continued: JTC Anti-Spam|Anti-Hacker and Idle Session Logout Encrypt and Decrypt buttons created. ModSecurity CRS falsely sees legitimate CSS code Form data as a threat. JavaScript Encryption|Decryption and PHP openssl_encrypt|openssl_decrypt used to encrypt and decrypt CSS code submitted in the JTC and ISL Forms. Form data is encrypted in POST Form submission to evade/bypass ModSecurity CRS detection and decrypted in the Form processing code. A full detailed list of broken/fixed/pending Forms/Features/Pages can be found here: ModSecurity CRS Proofing • Procedural Change|BugFix: ARQ Automation: Theme Details: JavaScript/AJAX reload code removed. Original issue: In older versions of WP the CSS properties in the Theme Overlay were not accessible unless a page reload was performed. • BugFix: DB Backup: % characters were intentionally being replaced with placeholder strings by WP when using esc_sql(). Added the WP remove_placeholder_escape() function to correct this issue. • BugFix: DB Backup: Condition added to quote PayPal numeric transaction codes. Note: Most PayPal transaction codes are alphanumeric. • BugFix: Hidden Plugin Folders|Files Cron (HPF): File contents displaying outside of pre tags. Added CSS overflow and white-space properties to pre tag style. • Procedural Change: PHP7.2|7.3 PHP Warning: Use of undefined constant assumed this will throw an Error in a future version of PHP): Newer versions of PHP check for any unquoted strings and will log php warning errors. All unquoted strings have now been quoted in BPS. • Procedural Change: Plugin Firewall: New hack/attack method/vector found. Additional file extension name added to the Plugin Firewall base protection code. • BugFix: Plugin Firewall: BPS Pro Status Display not displaying the correct Plugin Firewall status for the scenario where the Plugin Firewall is deactivated directly from Test Mode. • HUD wp-content htaccess File Check: Updated the HUD wp-content htaccess file detection message to include new additional updated help information. • BugFix: BPS Pro Upgrade Email: Email text displaying in bold font for Alternative Zip Upgrade Installation Method. Added missing closing tag. • CSS Fix: P-Security Page Title: inline CSS code added to correct Title Text margin distance. • Improvement: All Purpose File Editor: Additional help information added to the All Purpose File Editor error check. • Procedural Change: ini_set Options: ini_set options code preg_replace pattern match changed for the wp-config.php file. • Procedural Change: PHP Error Log: Additional error check added to the Set Error Log Location option. • Procedural Change: Root htaccess File: Error check for BPS version line of code in the Root htaccess file changed to a Dismiss Notice. |
Tags: BPS Pro 14.2, BulletProof Security Pro 14.2
Categories: BulletProof Security Pro