filter_var is a PHP 5.2 function. I know that wordpress requires newer versions of PHP, but there are many people on older WP installs that would break if I used it. Best to avoid it for a while. I get complaints every time I use a newer function. I just read the docs on it. It is a very useful function.
I will review the chkinvaldip code. Some of these modules were written very quickly, so I am sure there are lots of bugs to fix.
Thanks for the input. I’ll get to work on it. I have lots of bug fixes that will be in the next release, probably this weekend.
Keith
You have to remember, I am a very old school programmer, and it likely that I will come up with a solution to a problem in my head and have to translate from FORTRAN as I type. It’s a wonder any of this works.
Keith
Fixed.
It was an easy fix. This is old code and assumptions were made that were not valid.
The new code is on blogseye.com on the beta page. I will upload it to WP this weekend.
BTW this is the list of things corrected in the next release:
= 6.11 =
* Fix Akismet conflict with white list. Akismet positives should be checked against the white list before reporting.
* Fixed another bug in Threat Scan where the file open failed trying to read a file with bad permissions.
* Added additional checks to threat scan based on an articles at: https://blog.sucuri.net
* Added a more complex exclude list to threat scan.
* Fixed OpenCaptcha so that it can display the HTTP image on HTTPS sites without a warning. Catchas require the host to enable curl libraries.
* This plugin and WP Jetpack plugin Login Protection clash. You get a blank screen if you use both. The plugin disables itself if JetPack Login Protection is installed.
* Rebuilt all spammer by country modules. Deleted Africa. Now African countries are reported by lacnic.net, so my programs to extract CIDRS from Stop Forum Spam lists works for Africa now. New Countries added. This fixed a bug where I spelled Africa wrong.
* Admin checks at login are for any user containing the word ‘admin’ anywhere in login id. Changed from lower case “admin” only.
* I now show failed password because I think it is important to see the dictionary attacks with many passwords. I may make an option for this in case some admins suffer from “fat fingers” and mistype their passwords frequently.
* Fixed an error in options. The “Check credentials on all login attempts” and “Deny login attempts using ‘admin’ userid” were switched. The first one checks to the credentials of all login attempts. The second denies users who try to login with ids with the string ‘admin’, but the id doesn’t exist.
* Fixed range check in invalid IP check. Was returning false positives.
