updated plugin Jetpack Protect version 2.0.0

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-ip/CHANGELOG.md

@@ -5,7 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.1] - 2023-11-21
+### Changed
+- Added a note of non-usage of PHP8+ functions yet. [#34137]
+
+## [0.2.0] - 2023-11-20
+### Changed
+- Updated required PHP version to >= 7.0. [#34192]
+
 ## [0.1.6] - 2023-09-19
+
 - Minor internal updates.
 
 ## [0.1.5] - 2023-08-23
@@ -34,6 +43,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add jetpack-ip package functionality [#28846]
 - Initialized the package. [#28765]
 
+[0.2.1]: https://github.com/automattic/jetpack-ip/compare/v0.2.0...v0.2.1
+[0.2.0]: https://github.com/automattic/jetpack-ip/compare/v0.1.6...v0.2.0
 [0.1.6]: https://github.com/automattic/jetpack-ip/compare/v0.1.5...v0.1.6
 [0.1.5]: https://github.com/automattic/jetpack-ip/compare/v0.1.4...v0.1.5
 [0.1.4]: https://github.com/automattic/jetpack-ip/compare/v0.1.3...v0.1.4

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-ip/SECURITY.md

@@ -4,11 +4,20 @@ Full details of the Automattic Security Policy can be found on [automattic.com](
 
 ## Supported Versions
 
-Generally, only the latest version of Jetpack has continued support. If a critical vulnerability is found in the current version of Jetpack, we may opt to backport any patches to previous versions. 
+Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions. 
 
 ## Reporting a Vulnerability
 
-[Jetpack](https://jetpack.com/) is an open-source plugin for WordPress. Our HackerOne program covers the plugin software, as well as a variety of related projects and infrastructure.
+Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
+
+* [Jetpack](https://jetpack.com/)
+* Jetpack Backup
+* Jetpack Boost
+* Jetpack CRM
+* Jetpack Protect
+* Jetpack Search
+* Jetpack Social
+* Jetpack VideoPress
 
 **For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
 

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-ip/composer.json

@@ -3,11 +3,13 @@
 	"description": "Utilities for working with IP addresses.",
 	"type": "jetpack-library",
 	"license": "GPL-2.0-or-later",
-	"require": {},
+	"require": {
+		"php": ">=7.0"
+	},
 	"require-dev": {
 		"brain/monkey": "2.6.1",
 		"yoast/phpunit-polyfills": "1.1.0",
-		"automattic/jetpack-changelogger": "^3.3.9"
+		"automattic/jetpack-changelogger": "^4.0.2"
 	},
 	"suggest": {
 		"automattic/jetpack-autoloader": "Allow for better interoperability with other plugins that use this package."
@@ -34,7 +36,7 @@
 			"link-template": "https://github.com/automattic/jetpack-ip/compare/v${old}...v${new}"
 		},
 		"branch-alias": {
-			"dev-trunk": "0.1.x-dev"
+			"dev-trunk": "0.2.x-dev"
 		},
 		"textdomain": "jetpack-ip",
 		"version-constants": {

wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-ip/src/class-utils.php

@@ -12,7 +12,7 @@ namespace Automattic\Jetpack\IP;
  */
 class Utils {
 
-	const PACKAGE_VERSION = '0.1.6';
+	const PACKAGE_VERSION = '0.2.1';
 
 	/**
 	 * Get the current user's IP address.
@@ -92,6 +92,7 @@ class Utils {
 	 */
 	public static function ip_is_private( $ip ) {
 		// We are dealing with ipv6, so we can simply rely on filter_var.
+		// Note: str_contains() is not used here, as wp-includes/compat.php may not be loaded in this file.
 		if ( false === strpos( $ip, '.' ) ) {
 			return ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE );
 		}
@@ -117,28 +118,17 @@ class Utils {
 
 	/**
 	 * Uses inet_pton if available to convert an IP address to a binary string.
-	 * If inet_pton is not available, ip2long will convert the address to an integer.
 	 * Returns false if an invalid IP address is given.
 	 *
-	 * NOTE: ip2long will return false for any ipv6 address. servers that do not support
-	 * inet_pton will not support ipv6
-	 *
 	 * @param mixed $ip IP address.
 	 * @return int|string|bool
 	 */
 	public static function convert_ip_address( $ip ) {
-		if ( function_exists( 'inet_pton' ) ) {
-			return inet_pton( $ip );
-		}
-		return ip2long( $ip );
+		return inet_pton( $ip );
 	}
 
 	/**
 	 * Checks that a given IP address is within a given low - high range.
-	 * Servers that support inet_pton will use that function to convert the ip to number,
-	 * while other servers will use ip2long.
-	 *
-	 * NOTE: servers that do not support inet_pton cannot support ipv6.
 	 *
 	 * @param mixed $ip IP.
 	 * @param mixed $range_low Range Low.
@@ -146,23 +136,11 @@ class Utils {
 	 * @return Bool
 	 */
 	public static function ip_address_is_in_range( $ip, $range_low, $range_high ) {
-		// The inet_pton will give us binary string of an ipv4 or ipv6.
-		// We can then use strcmp to see if the address is in range.
-		if ( function_exists( 'inet_pton' ) ) {
-			$ip_num  = inet_pton( $ip );
-			$ip_low  = inet_pton( $range_low );
-			$ip_high = inet_pton( $range_high );
-			if ( $ip_num && $ip_low && $ip_high && strcmp( $ip_num, $ip_low ) >= 0 && strcmp( $ip_num, $ip_high ) <= 0 ) {
-				return true;
-			}
-			// The ip2long will give us an integer of an ipv4 address only. it will produce FALSE for ipv6.
-		} else {
-			$ip_num  = ip2long( $ip );
-			$ip_low  = ip2long( $range_low );
-			$ip_high = ip2long( $range_high );
-			if ( $ip_num && $ip_low && $ip_high && $ip_num >= $ip_low && $ip_num <= $ip_high ) {
-				return true;
-			}
+		$ip_num  = inet_pton( $ip );
+		$ip_low  = inet_pton( $range_low );
+		$ip_high = inet_pton( $range_high );
+		if ( $ip_num && $ip_low && $ip_high && strcmp( $ip_num, $ip_low ) >= 0 && strcmp( $ip_num, $ip_high ) <= 0 ) {
+			return true;
 		}
 		return false;
 	}
@@ -204,8 +182,6 @@ class Utils {
 	/**
 	 * Validates the low and high IP addresses of a range.
 	 *
-	 * NOTE: servers that do not support inet_pton cannot support ipv6.
-	 *
 	 * @param string $range_low  Low IP address.
 	 * @param string $range_high High IP address.
 	 * @return bool True if the range is valid, false otherwise.
@@ -217,27 +193,15 @@ class Utils {
 		}
 
 		// Validate that the $range_low is lower or equal to $range_high.
-		if ( function_exists( 'inet_pton' ) ) {
-			// The inet_pton will give us binary string of an ipv4 or ipv6.
-			// We can then use strcmp to see if the address is in range.
-			$ip_low  = inet_pton( $range_low );
-			$ip_high = inet_pton( $range_high );
-			if ( false === $ip_low || false === $ip_high ) {
-				return false;
-			}
-			if ( strcmp( $ip_low, $ip_high ) > 0 ) {
-				return false;
-			}
-		} else {
-			// The ip2long will give us an integer of an ipv4 address only. it will produce FALSE for ipv6.
-			$ip_low  = ip2long( $range_low );
-			$ip_high = ip2long( $range_high );
-			if ( false === $ip_low || false === $ip_high ) {
-				return false;
-			}
-			if ( $ip_low > $ip_high ) {
-				return false;
-			}
+		// The inet_pton will give us binary string of an ipv4 or ipv6.
+		// We can then use strcmp to see if the address is in range.
+		$ip_low  = inet_pton( $range_low );
+		$ip_high = inet_pton( $range_high );
+		if ( false === $ip_low || false === $ip_high ) {
+			return false;
+		}
+		if ( strcmp( $ip_low, $ip_high ) > 0 ) {
+			return false;
 		}
 
 		return true;