Merge tag '21.0.9' into develop

paulgoodchild · paulgoodchild · commit 24bb5a207710 · 2026-01-12T14:06:09.000Z
Finish 21.0.9

# Conflicts:
#	icwp-wpsf.php
#	plugin.json
diff --git a/cl.json b/cl.json
@@ -113,6 +113,24 @@
       }
     ],
     "patches":     [
+      {
+        "version":     "9",
+        "released_at": 1768227000,
+        "items":       [
+          {
+            "type":        "fixed",
+            "title":       "[Security Vulnerabilities] Addresses 2x Security Vulnerabilities.",
+            "description": [
+              "Details of vulnerabilities will be published in due-course."
+            ]
+          },
+          {
+            "title":    "Data Handling Hardening - in light of the 2 vulnerabilities discovered, hardened data handling in various areas of the plugin.",
+            "category": "enhancement",
+            "type":     "fixed"
+          }
+        ]
+      },
       {
         "version":     "8",
         "released_at": 1765482000,
diff --git a/icwp-wpsf.php b/icwp-wpsf.php
@@ -13,7 +13,7 @@
  */
 
 /**
- * Copyright (c) 2025 Shield Security <support@getshieldsecurity.com>
+ * Copyright (c) 2026 Shield Security <support@getshieldsecurity.com>
  * All rights reserved.
  * "Shield" (formerly WordPress Simple Firewall) is distributed under the GNU
  * General Public License, Version 2, June 1991. Copyright (C) 1989, 1991 Free
diff --git a/plugin_autoload.php b/plugin_autoload.php
@@ -1,5 +1,7 @@
 <?php declare( strict_types=1 );
 
+if ( !\defined( 'ABSPATH' ) ) { exit(); }
+
 require_once( __DIR__.'/src/lib/vendor/autoload.php' );
 
 /** We initialise our Carbon early. */
diff --git a/plugin_compatibility.php b/plugin_compatibility.php
@@ -1,5 +1,7 @@
 <?php declare( strict_types=1 );
 
+if ( !\defined( 'ABSPATH' ) ) exit();
+
 new class() {
 
 	private ?string $incompatible = null;
diff --git a/plugin_init.php b/plugin_init.php
@@ -3,14 +3,11 @@
 use FernleafSystems\Wordpress\Plugin\Shield\Controller;
 use FernleafSystems\Wordpress\Services\Services;
 
+if ( !\defined( 'ABSPATH' ) ) { exit(); }
+
 /** @var string $rootFile */
 global $oICWP_Wpsf;
-if ( isset( $oICWP_Wpsf ) ) {
-	error_log( 'Attempting to load the Shield Plugin twice?' );
-	return;
-}
-if ( empty( $rootFile ) ) {
-	error_log( 'Attempt to directly access plugin init file.' );
+if ( isset( $oICWP_Wpsf ) || empty( $rootFile ) ) {
 	return;
 }
 
diff --git a/readme.txt b/readme.txt
@@ -8,7 +8,7 @@ Requires at least: 5.7
 Requires PHP: 7.4
 Recommended PHP: 8.2
 Tested up to: 6.9
-Stable tag: 21.0.8
+Stable tag: 21.0.9
 
 Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.
 
diff --git a/uninstall.php b/uninstall.php
@@ -1,11 +1,9 @@
 <?php declare( strict_types=1 );
 
-if ( !defined( 'WP_UNINSTALL_PLUGIN' ) ) {
-	die;
-}
+if ( !defined( 'WP_UNINSTALL_PLUGIN' ) ) { exit(); }
 
 // Ensure Shield isn't active elsewhere.
-if ( !@class_exists( '\FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller' ) ) {
+if ( !@\class_exists( '\FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller' ) ) {
 	return;
 	require_once( dirname( __FILE__ ).'/src/lib/vendor/autoload.php' );
 	try {
