v234

Author: JulioPotier

defines.php

@@ -1,7 +1,7 @@
 <?php
 defined( 'ABSPATH' ) or die( 'Something went wrong.' );
 
-define( 'SECUPRESS_VERSION'                   , '2.3.3' );
+define( 'SECUPRESS_VERSION'                   , '2.3.4' );
 define( 'SECUPRESS_MAJOR_VERSION'             , '2.3' );
 define( 'SECUPRESS_UPDATE_API_KEY'            , 'aHR0cHM6Ly9zZWN1cHJlc3MubWUv' );
 define( 'SECUPRESS_PATH'                      , realpath( dirname( SECUPRESS_FILE ) ) . DIRECTORY_SEPARATOR );

free/classes/scanners/class-secupress-scan-login-errors-disclose.php

@@ -107,7 +107,7 @@ public function scan() {
 		$wp_error->add( 'invalid_username', $messages );
 		/** This filter is documented in wp-login.php */
 		$messages = reset( apply_filters( 'login_errors', $wp_error ) );
-		while ( ! is_string( $messages ) ) {
+		while ( is_array( $messages ) ) {
 			$messages = reset( $messages );
 		}
 

free/classes/scanners/class-secupress-scan-wp-config.php

@@ -181,34 +181,34 @@ public function scan() {
 		}
 
 		// Other constants.
-		$results = array();
+		$results = [];
 
 		foreach ( $this->constants as $constant => $compare ) {
 			$check = defined( $constant ) ? constant( $constant ) : null;
 
 			switch ( $compare ) {
 				case 1:
 					if ( ! $check ) {
-						$results[209]           = isset( $results[209] )         ? $results[209]         : array();
-						$results[209]['true']   = isset( $results[209]['true'] ) ? $results[209]['true'] : array();
+						$results[209]           = isset( $results[209] )         ? $results[209]         : [];
+						$results[209]['true']   = isset( $results[209]['true'] ) ? $results[209]['true'] : [];
 						$results[209]['true'][] = '<code>' . $constant . '</code>';
 					}
 					break;
 				case false:
 					if ( $check ) {
-						$results[210]            = isset( $results[210] )          ? $results[210]          : array();
-						$results[210]['false']   = isset( $results[210]['false'] ) ? $results[210]['false'] : array();
+						$results[210]            = isset( $results[210] )          ? $results[210]          : [];
+						$results[210]['false']   = isset( $results[210]['false'] ) ? $results[210]['false'] : [];
 						$results[210]['false'][] = '<code>' . $constant . '</code>';
 					}
 					break;
 				default:
-					$check  = decoct( $check ) <= $compare;
-					$mes_id = 755 === $compare ? 211 : 212;
+					$check  = ! is_null( $check ) ? decoct( $check ) <= $compare : false;
+					$msg_id = 755 === $compare ? 211 : 212;
 
 					if ( ! $check ) {
-						$results[ $mes_id ]                     = isset( $results[ $mes_id ] )                   ? $results[ $mes_id ]                   : array();
-						$results[ $mes_id ][ '0' . $compare ]   = isset( $results[ $mes_id ][ '0' . $compare ] ) ? $results[ $mes_id ][ '0' . $compare ] : array();
-						$results[ $mes_id ][ '0' . $compare ][] = '<code>' . $constant . '</code>';
+						$results[ $msg_id ]                     = isset( $results[ $msg_id ] )                   ? $results[ $msg_id ]                   : [];
+						$results[ $msg_id ][ '0' . $compare ]   = isset( $results[ $msg_id ][ '0' . $compare ] ) ? $results[ $msg_id ][ '0' . $compare ] : [];
+						$results[ $msg_id ][ '0' . $compare ][] = '<code>' . $constant . '</code>';
 					}
 					break;
 			}

free/modules/antispam/plugins/antiphishing.php

@@ -103,9 +103,10 @@ function secupress_antiphishing_deactivation() {
  * @return (array) $atts
  **/
 function secupress_antiphishingcode_mail( $atts ) {
-	$user        = secupress_get_user_by( $atts['to'] );
 	$admin_email = get_option( 'admin_email' );
-	if ( ! secupress_is_user( $user ) && $atts['to'] !== $admin_email ) {
+	$atts_to     = is_array( $atts['to'] ) ? reset( $atts['to'] ) : $atts['to'];
+	$user        = secupress_get_user_by( $atts_to );
+	if ( ! secupress_is_user( $user ) && $atts_to !== $admin_email ) {
 		return $atts;
 	}
 	if ( secupress_is_user( $user ) ) { // user

readme.txt

@@ -4,7 +4,7 @@ Tags: wordpress security, malware, security plugin, security
 Requires at least: 4.9
 Tested up to: 6.7.2
 Requires PHP: 7.0
-Stable tag: 2.3.3
+Stable tag: 2.3.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -185,13 +185,11 @@ The answer is no. SecuPress is not compatible with another security plugin. Just
 
 == Changelog ==
 
-= 2.3.3 =
-* 11 March 2025
-* New: Checkbox to choose if you want to rename new or updated user if their login is the same as their display name
-* Fix: Scanner for Login Errors still in error even with the feature activated
-* Fix: Deactivating the Black Hole feature now correctly remove the rules in robots.txt
-* Fix: CSS stuff
-* Improvement: i18n
+= 2.3.4 =
+* 12 March 2025
+* Fix E_ERROR on rename login scanner
+* Fix Deprecated on PHP 8.1 when decoct passing null
+* Fix Array to String in wp_mail hook resulting in not sending the correct ajax answer for some plugin (the email still goes)
 
 == Upgrade Notice ==
 * SecuPress 2.3+ now requires PHP 7.0 minimum.

secupress.php

@@ -6,7 +6,7 @@
  * Description: More than a plugin, the guarantee of a protected website by experts.
  * Author: SecuPress
  * Author URI: https://secupress.me
- * Version: 2.3.3
+ * Version: 2.3.4
  * Code Name: Starboost (Mark XXXIX)
  * Network: true
  * Contributors: SecuPress, juliobox, GregLone

uninstall.php

@@ -33,7 +33,7 @@
 
 		/** This filter is documented in wp-includes/class-http.php. */
 		$user_agent      = apply_filters( 'http_headers_useragent', 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ) );
-		$version         = '2.3.3';
+		$version         = '2.3.4';
 		$args['headers'] = array(
 			'X-Requested-With' => sprintf( '%s;SecuPress|%s|%s|;', $user_agent, $version, esc_url( home_url() ) ),
 			'Authorization' => 'Basic ' . base64_encode( $settings['consumer_email'] . ':' . $settings['consumer_key'] )