Changeset 3466580
- Timestamp:
- 02/21/2026 08:34:09 PM (5 weeks ago)
- Location:
- advanced-ip-blocker/trunk
- Files:
-
- 6 edited
-
advanced-ip-blocker.php (modified) (2 diffs)
-
css/advaipbl-styles.css (modified) (1 diff)
-
includes/class-advaipbl-cloudflare-manager.php (modified) (5 diffs)
-
includes/class-advaipbl-main.php (modified) (2 diffs)
-
languages/advanced-ip-blocker.pot (modified) (1 diff)
-
readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
advanced-ip-blocker/trunk/advanced-ip-blocker.php
r3465088 r3466580 4 4 Plugin URI: https://advaipbl.com/ 5 5 Description: Your complete WordPress security firewall. Blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, and Two-Factor Authentication. 6 Version: 8.8. 46 Version: 8.8.5 7 7 Author: IniLerm 8 8 Author URI: https://advaipbl.com/ … … 19 19 } 20 20 21 define( 'ADVAIPBL_VERSION', '8.8. 4' );21 define( 'ADVAIPBL_VERSION', '8.8.5' ); 22 22 define( 'ADVAIPBL_PLUGIN_FILE', __FILE__ ); 23 23 -
advanced-ip-blocker/trunk/css/advaipbl-styles.css
r3465088 r3466580 1 1 /** 2 2 * Advanced IP Blocker - Admin Panel Styles 3 * Version: 8.8. 43 * Version: 8.8.5 4 4 */ 5 5 -
advanced-ip-blocker/trunk/includes/class-advaipbl-cloudflare-manager.php
r3464093 r3466580 36 36 'Content-Type' => 'application/json', 37 37 ], 38 'timeout' => 30,38 'timeout' => 10, 39 39 ]; 40 40 … … 226 226 } 227 227 228 /**229 * Sincroniza todas las IPs bloqueadas localmente con Cloudflare.230 * Se ejecuta vía Cron.231 */232 228 public function sync_blocked_ips() { 233 229 if (empty($this->plugin->options['enable_cloudflare']) || '1' !== $this->plugin->options['enable_cloudflare']) { … … 235 231 } 236 232 233 $zone_id = $this->plugin->options['cf_zone_id'] ?? ''; 234 if ( empty( $zone_id ) ) { 235 return; // No se puede sincronizar sin Zone ID 236 } 237 237 238 global $wpdb; 238 239 $table_name = $wpdb->prefix . 'advaipbl_blocked_ips'; 239 240 240 // Obtener todas las IPs bloqueadas241 // 1. Obtener IPs locales 241 242 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, PluginCheck.Security.DirectDB.UnescapedDBParameter 242 $blocked_ips = $wpdb->get_col("SELECT ip_range FROM $table_name"); 243 244 if (empty($blocked_ips)) { 243 $local_ips = $wpdb->get_col("SELECT ip_range FROM $table_name"); 244 245 if (empty($local_ips)) { 246 return; 247 } 248 249 // 2. Obtener IPs actualmente bloqueadas en Cloudflare (Paso de Reconciliación) 250 $cf_ips = []; 251 $page = 1; 252 $has_more = true; 253 254 while ( $has_more ) { 255 $endpoint = "zones/{$zone_id}/firewall/access_rules/rules?per_page=100&page={$page}"; 256 $result = $this->make_api_request( 'GET', $endpoint ); 257 258 if ( is_wp_error( $result ) ) { 259 // Si falla la petición de lectura, abortamos para no duplicar reglas ciegamente 260 $this->plugin->log_event( 'Cloudflare Sync Aborted: Could not fetch current rules. ' . $result->get_error_message(), 'error' ); 261 return; 262 } 263 264 $rules = $result['result'] ?? []; 265 if ( empty( $rules ) ) { 266 $has_more = false; 267 break; 268 } 269 270 foreach ( $rules as $rule ) { 271 // Consideramos reglas que tengan el valor de IP y que estén bloqueadas 272 if ( isset( $rule['configuration']['value'] ) && isset($rule['mode']) && $rule['mode'] === 'block' ) { 273 $cf_ips[] = $rule['configuration']['value']; 274 } 275 } 276 277 $total_pages = $result['result_info']['total_pages'] ?? 1; 278 if ( $page >= $total_pages ) { 279 $has_more = false; 280 } else { 281 $page++; 282 } 283 } 284 285 // 3. Calcular Delta: ¿Qué IPs locales NO están todavía en Cloudflare? 286 $ips_to_sync = array_diff($local_ips, $cf_ips); 287 288 // Si todas las IPs ya existen, el proceso termina en milisegundos sin estrangular la API. 289 if (empty($ips_to_sync)) { 290 /* translators: 1: The number of IPs synced, 2: The number of errors encountered. */ 291 $this->plugin->log_event(sprintf(__('Cloudflare Sync Complete. Up to date. Synced: %1$d, Errors: 0', 'advanced-ip-blocker'), count($local_ips)), 'info'); 245 292 return; 246 293 } … … 249 296 $errors = 0; 250 297 251 foreach ($blocked_ips as $ip) {252 // Intentar bloquear. block_ip maneja duplicados silenciosamente.298 // 4. Sincronizar solo el delta 299 foreach ($ips_to_sync as $ip) { 253 300 $result = $this->block_ip($ip, 'Synced from Advanced IP Blocker'); 254 301 … … 259 306 } 260 307 261 // P equeña pausa para no saturar la API si hay muchas262 usleep( 100000); // 0.1s308 // Pausa sutil (50ms) entre IPs faltantes. 309 usleep(50000); 263 310 } 264 311 265 312 /* translators: 1: The number of IPs synced, 2: The number of errors encountered. */ 266 $this->plugin->log_event(sprintf(__('Cloudflare Sync Complete. Synced: %1$d, Errors: %2$d', 'advanced-ip-blocker'), $count, $errors), 'info');313 $this->plugin->log_event(sprintf(__('Cloudflare Sync Complete. Newly Synced: %1$d, Errors: %2$d', 'advanced-ip-blocker'), $count, $errors), 'info'); 267 314 } 268 315 } -
advanced-ip-blocker/trunk/includes/class-advaipbl-main.php
r3464093 r3466580 448 448 return; 449 449 } 450 if (wp_doing_cron() || is_admin() || (defined('WP_CLI') && WP_CLI)) { return; } 450 451 // Excluir AJAX, JSON, Cron y procesos internos (ej: Elementor, WP Dashboard) 452 if (wp_doing_ajax() || wp_is_json_request() || is_admin() || wp_doing_cron() || (defined('WP_CLI') && WP_CLI)) { 453 return; 454 } 451 455 if ($this->challenge_passed_this_request) { return; } 452 456 … … 665 669 * Si la firma es maliciosa, sirve un desafío JavaScript. 666 670 */ 667 public function check_for_malicious_signature() {671 public function check_for_malicious_signature() { 668 672 if ($this->is_request_uri_excluded()) { return; } 669 673 if ($this->request_is_asn_whitelisted) { return; } 674 675 // Excluir AJAX, JSON, Cron y procesos internos (ej: Elementor, WP Dashboard) 676 if (wp_doing_ajax() || wp_is_json_request() || is_admin() || wp_doing_cron() || (defined('WP_CLI') && WP_CLI)) { 677 return; 678 } 670 679 // Si el usuario acaba de pasar un desafío, le damos un pase de gracia de 15s. 671 680 if (get_transient('advaipbl_grace_pass_' . md5($this->get_client_ip()))) { -
advanced-ip-blocker/trunk/languages/advanced-ip-blocker.pot
r3465088 r3466580 4 4 msgid "" 5 5 msgstr "" 6 "Project-Id-Version: Advanced IP Blocker 8.8. 4\n"6 "Project-Id-Version: Advanced IP Blocker 8.8.5\n" 7 7 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/advanced-ip-blocker\n" 8 8 "POT-Creation-Date: 2025-07-22 14:47+0200\n" -
advanced-ip-blocker/trunk/readme.txt
r3465088 r3466580 6 6 Requires at least: 6.7 7 7 Tested up to: 6.9 8 Stable tag: 8.8. 48 Stable tag: 8.8.5 9 9 Requires PHP: 8.1 10 10 License: GPLv2 or later … … 223 223 == Changelog == 224 224 225 = 8.8.5 = 226 * **CRITICAL FIX (AJAX/Editor Conflict):** Resolved a severe conflict where the "Attack Signature Engine" was incorrectly intercepting background AJAX requests (like `admin-ajax.php`), causing infinite loading loops in page builders (Elementor) and our own Security Dashboard. Standard AJAX and REST API requests are now safely excluded. 227 * **PERFORMANCE (Cloudflare Sync):** Implemented a "Memory Reconciliation" (Delta Sync) module for Cloudflare. The plugin now fetches active rules via a single API call and only pushes missing IPs (the delta) to Cloudflare, eliminating the `cURL error 28: Operation timed out` that occurred when syncing large databases on shared hosting. 228 225 229 = 8.8.4 = 226 230 * **CRITICAL FIX:** Resolved the "Spamhaus Drop List" automatic update failure. The cron job is now correctly registered and updating the list daily. … … 381 385 == Upgrade Notice == 382 386 387 = 8.8.5 = 388 **CRITICAL UPDATE:** Fixes infinite loading conflicts with Elementor and background AJAX requests. Also resolves Cloudflare synchronization timeouts. Update immediately. 389 383 390 = 8.8.4 = 384 391 **CRITICAL UPDATE:** Fixes automatic Spamhaus updates and Bulk Import display issues. Update immediately.
Note: See TracChangeset
for help on using the changeset viewer.