0.2.0.8 Release Note

Posted on May 11, 2021

I’d like to briefly describe about release 0.2.0.8.

Fixed an issue

When I tested the vulnerability in Custom Contact Forms (<= 5.1.0.3) reported by Sucuri on August 2014, I found that IP Location Block could not prevent it.

After my short investigation, I noticed that CCF had accepted a certain attack vector at init action hook with the highest priority which was triggered prior to the validation of IP Location Block at admin_init.

I don’t know why CCF accepted it in such a manner, but I had to change the action hook and the priority to trigger WP-ZEP before CCF.

Re-creating DB table for validation logs

In previous version, the DB table ip_geo_block_logs will be created when this plugin is activated. But issue #1 was reported from my user. So I implemented the re-creating process into the administrative diagnosis process.

This means that it always spend additional 1 query on admin screen. While I can’t determine whether this case happens to a specific user or not at this moment, I’d like to hide this feature behind a debug mode in the future.

Showing the time of day on validation logs

Priviously, the time of day was shown by UTC on validation logs. With adding GMT offset, it will be shown by local time of day.

Optimizing resource loading

Before 0.2.0.8, script for google map was loaded on every tab of IP Location Block dashboard. But now it will be loaded only on “Search” tab.