diff --git a/cgsecureinstaller.xml b/cgsecureinstaller.xml index 6e1092b..37b839d 100644 --- a/cgsecureinstaller.xml +++ b/cgsecureinstaller.xml @@ -2,12 +2,12 @@ plgcgsecureinstaller ConseilGouz - 2023-07-24 + 2023-08-04 (C)2023 ConseilGouz. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt pascal.leconte@conseilgouz.com www.conseilgouz.com - 2.3.5 + 2.4.0 GNU General Public License version 2 or later; see LICENSE.txt CG Secure script.install.php diff --git a/com_cgsecure_changelog.xml b/com_cgsecure_changelog.xml index 8b8b67a..05ff51b 100644 --- a/com_cgsecure_changelog.xml +++ b/com_cgsecure_changelog.xml @@ -1,4 +1,17 @@ + + com_cgsecure + package + 2.4.0 + + Update : 04/08/2023 + + + Use IpHelper to determine ip address + sql : use prepared statements + + + com_cgsecure package diff --git a/packages/com_cgsecure/admin/cgsecure.xml b/packages/com_cgsecure/admin/cgsecure.xml index 2e615d5..473f2bc 100644 --- a/packages/com_cgsecure/admin/cgsecure.xml +++ b/packages/com_cgsecure/admin/cgsecure.xml @@ -1,13 +1,13 @@ COM_CGSECURE - 2023-03-28 + 2023-08-04 ConseilGouz pascal.leconte@conseilgouz.com www.conseilgouz.com Copyright (C) 2023 ConseilGouz.com. All Rights Reserved GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html - 2.2.8 + 2.4.0 ConseilGouz\Component\CGSecure COM_CGSECURE_XML_DESCRIPTION diff --git a/packages/com_cgsecure/admin/src/Field/VersionField.php b/packages/com_cgsecure/admin/src/Field/VersionField.php index 3cbfb2a..16a09b9 100644 --- a/packages/com_cgsecure/admin/src/Field/VersionField.php +++ b/packages/com_cgsecure/admin/src/Field/VersionField.php @@ -41,7 +41,8 @@ function getInput() $query ->select($db->quoteName('manifest_cache')) ->from($db->quoteName('#__extensions')) - ->where($db->quoteName('element') . '=' . $db->Quote($extension)); + ->where($db->quoteName('element') . '= :ext') + ->bind(':ext',$extension,\Joomla\Database\ParameterType::STRING); $db->setQuery($query, 0, 1); $row = $db->loadAssoc(); $tmp = json_decode($row['manifest_cache']); diff --git a/packages/com_cgsecure/admin/src/Table/ConfigTable.php b/packages/com_cgsecure/admin/src/Table/ConfigTable.php index 9d26d74..b7c8220 100644 --- a/packages/com_cgsecure/admin/src/Table/ConfigTable.php +++ b/packages/com_cgsecure/admin/src/Table/ConfigTable.php @@ -60,7 +60,8 @@ public function store($key = 'config') $db->getQuery(true) ->select('COUNT(*)') ->from($db->quoteName($this->_tbl)) - ->where($db->quoteName('name') . ' = ' . $db->quote($key)) + ->where($db->quoteName('name') . ' = :key') + ->bind(':key',$key,\Joomla\Database\ParameterType::STRING) )->loadResult(); $exists = $result > 0 ? true : false; @@ -102,7 +103,8 @@ public function getSecureParams() { $db->getQuery(true) ->select('*') ->from($db->quoteName($this->_tbl)) - ->where($db->quoteName('name') . ' = ' . $db->quote($key)) + ->where($db->quoteName('name') . ' = :key') + ->bind(':key',$key,\Joomla\Database\ParameterType::STRING) )->loadObject(); $this->resaparams = $result; diff --git a/packages/com_cgsecure/cgsecure.xml b/packages/com_cgsecure/cgsecure.xml index b775e3e..473f2bc 100644 --- a/packages/com_cgsecure/cgsecure.xml +++ b/packages/com_cgsecure/cgsecure.xml @@ -1,13 +1,13 @@ COM_CGSECURE - 2023-07-24 + 2023-08-04 ConseilGouz pascal.leconte@conseilgouz.com www.conseilgouz.com Copyright (C) 2023 ConseilGouz.com. All Rights Reserved GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html - 2.3.5 + 2.4.0 ConseilGouz\Component\CGSecure COM_CGSECURE_XML_DESCRIPTION diff --git a/packages/library_cgsecure/cgsecure.xml b/packages/library_cgsecure/cgsecure.xml index 4688404..6b30eac 100644 --- a/packages/library_cgsecure/cgsecure.xml +++ b/packages/library_cgsecure/cgsecure.xml @@ -3,8 +3,8 @@ CGSecure Library cgsecure ConseilGouz - 2.3.5 - 2023-07-24 + 2.4.0 + 2023-08-04 (C)2023 ConseilGouz. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt pascal.leconte@conseilgouz.com diff --git a/packages/library_cgsecure/ipcheck.php b/packages/library_cgsecure/ipcheck.php index eaadc01..6607cde 100644 --- a/packages/library_cgsecure/ipcheck.php +++ b/packages/library_cgsecure/ipcheck.php @@ -1,7 +1,7 @@ errtype; self::$context = $context; self::$latest_rejected = self::get_rejected(); - // $ip = IpHelper::getIp(); - $ip = $_SERVER['REMOTE_ADDR']; + $ip = IpHelper::getIp(); + // $ip = $_SERVER['REMOTE_ADDR']; // $ip = '218.92.1.534'; // test hackeur chinois // $ip = '54.36.148.179'; // in abuseip whitelist if (self::whiteList($ip)) return true; @@ -181,7 +181,8 @@ public static function check_spammer($plugin, $context) { self::$caller = $plugin->myname; self::$message = $plugin->mymessage; self::$context = $context; - $ip = $_SERVER['REMOTE_ADDR']; + $ip = IpHelper::getIp(); + // $ip = $_SERVER['REMOTE_ADDR']; if (self::$context != 'SystemCGSecure') { // no test when system, otherwise, you'll loose your admin.... // $ip = '222.186.42.7'; // test hackeur chinois } @@ -215,7 +216,7 @@ public static function check_spammer($plugin, $context) { } // Check IP in whitelist or local public static function whiteList($ip = NULL) { - if (!$ip) $ip = $_SERVER['REMOTE_ADDR']; + if (!$ip) $ip = IpHelper::getIp(); // $ip = $_SERVER['REMOTE_ADDR']; $whitelist = self::$params->whitelist; $arr_whitelist = explode(',',$whitelist); if ( in_array($ip, $arr_whitelist) || ($ip == '::1') || ($ip == '127.0.0.1')) { // dans liste ou local @@ -286,7 +287,8 @@ private static function check_hacker($errtype,$ip) { $query = $db->getQuery(true); $query->select($db->quoteName('errtype')) ->from($db->quoteName('#__cg_rejected_ip')) - ->where($db->quoteName('ip').'="'.$ip.'"'); + ->where($db->quoteName('ip').'= :ip') + ->bind(':ip',$ip,\Joomla\Database\ParameterType::STRING); $db->setQuery($query); try { $type = $db->loadResult(); @@ -312,11 +314,6 @@ private static function redir_out() { $mainframe->redirect(self::$params->redir_ext); } } - // from https://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php - private static function get_ip() { - if (($_SERVER['REMOTE_ADDR'] == '::1') || ($_SERVER['REMOTE_ADDR'] == '127.0.0.1')) return '::1'; - return $_SERVER['HTTP_CLIENT_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']; - } // curl request function private static function abuseIPDBrequest($path, $method, $data) { $key = self::$params->api_key; diff --git a/packages/plg_authentication_cgsecure/cgsecure.xml b/packages/plg_authentication_cgsecure/cgsecure.xml index 9e91b1e..61238d1 100644 --- a/packages/plg_authentication_cgsecure/cgsecure.xml +++ b/packages/plg_authentication_cgsecure/cgsecure.xml @@ -2,12 +2,12 @@ PLG_AUTH_COUNTRY ConseilGouz - 2023/07/24 + 2023/08/04 (C)2023 ConseilGouz. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt pascal.leconte@conseilgouz.com www.conseilgouz.com - 2.3.5 + 2.4.0 PLG_AUTH_COUNTRY_XML_DESCRIPTION cgsecure.php diff --git a/packages/plg_system_cgsecure/cgsecure.xml b/packages/plg_system_cgsecure/cgsecure.xml index 99eade1..1835cf2 100644 --- a/packages/plg_system_cgsecure/cgsecure.xml +++ b/packages/plg_system_cgsecure/cgsecure.xml @@ -2,12 +2,12 @@ System - CG Secure conseilgouz - 2023/07/24 + 2023/08/04 This plugin is released under the GNU/GPL License GNU General Public License pascal.leconte@conseilgouz.com www.conseilgouz.com - 2.3.5 + 2.4.0 CG_SECURE_DESC cgsecure.php diff --git a/packages/plg_system_cgsecure/language/fr-FR/plg_system_cgsecure.ini b/packages/plg_system_cgsecure/language/fr-FR/plg_system_cgsecure.ini index 884e6a6..1d36e26 100644 --- a/packages/plg_system_cgsecure/language/fr-FR/plg_system_cgsecure.ini +++ b/packages/plg_system_cgsecure/language/fr-FR/plg_system_cgsecure.ini @@ -1,4 +1,4 @@ -CG_SECURE_DESC="Plugin CG Secure,.
Une fois activé, CG Secure protège l'accès à /administrator par un mot de passe, après avoir vérifié le pays d'origine par rapport à votre adresse ip.
Comment accéder à votre administration une fois CG Secure activé :
  • HTTP Authentication: fenêtre standard Apache d'authentification. Vous devrez entrer mot de passe dans la zone "Password". Vous pouvez laisser la zone "Username" vide, car elle n'est pas vérifiée.
  • Compatibilité: Vous devez entrer http://www.yourwebsite.com/administrator?votremotdepasse — "votremotdepasse" étant remplacé par le mot de passe que vous avez paramétré dans le plugin CG Secure.
" +CG_SECURE_DESC="Plugin CG Secure.
Une fois activé, CG Secure protège l'accès à /administrator par un mot de passe, après avoir vérifié le pays d'origine par rapport à votre adresse ip.
Comment accéder à votre administration une fois CG Secure activé :
  • HTTP Authentication: fenêtre standard Apache d'authentification. Vous devrez entrer mot de passe dans la zone "Password". Vous pouvez laisser la zone "Username" vide, car elle n'est pas vérifiée.
  • Compatibilité: Vous devez entrer http://www.yourwebsite.com/administrator?votremotdepasse — "votremotdepasse" étant remplacé par le mot de passe que vous avez paramétré dans le plugin CG Secure.
" CGSECURE_NOTE="Important" CGSECURE_NOTE_DESC="Ce plugin utilise les paramètres du composant CG Secure." CG_SECURE_LOGIN_CODE_ERROR="Erreur Login" diff --git a/packages/plg_user_cgsecure/cgsecure.xml b/packages/plg_user_cgsecure/cgsecure.xml index d493bc8..852b3f8 100644 --- a/packages/plg_user_cgsecure/cgsecure.xml +++ b/packages/plg_user_cgsecure/cgsecure.xml @@ -2,12 +2,12 @@ CG_COUNTRY ConseilGouz - 2023/07/24 + 2023/08/04 (C)2023 ConseilGouz. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt pascal.leconte@conseilgouz.com www.conseilgouz.com - 2.3.5 + 2.4.0 CG_COUNTRY_XML_DESCRIPTION cgsecure.php diff --git a/script.install.php b/script.install.php index 6ebdfe9..6c13f55 100644 --- a/script.install.php +++ b/script.install.php @@ -2,7 +2,7 @@ /** * @package CG Secure - * Version : 2.3.3 + * Version : 2.4.0 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL * @copyright (C) 2023 ConseilGouz. All Rights Reserved. * @author ConseilGouz @@ -18,6 +18,7 @@ use Joomla\CMS\Table\Table; use Joomla\CMS\Version; use Joomla\CMS\Installer\Installer; +use Joomla\CMS\Log\Log; class PlgSystemCgsecureInstallerInstallerScript { @@ -335,9 +336,6 @@ private function getMajorVersionPart($string) private function createExtensionRoot() { - jimport('joomla.filesystem.folder'); - jimport('joomla.filesystem.file'); - $destination = JPATH_PLUGINS . '/system/' . $this->installerName; Folder::create($destination); @@ -417,7 +415,7 @@ private function installPackages() { $db->execute(); } catch (RuntimeException $e) { - JLog::add('unable to enable Plugins CGSecure', JLog::ERROR, 'jerror'); + Log::add('unable to enable Plugins CGSecure', Log::ERROR, 'jerror'); } return true;