Sync from 2023-06-29

classes/Helpers/class-settings-helper.php

@@ -922,7 +922,7 @@ public static function tidy_blank_values( $value ) {
 		public static function get_excluded_user_meta_fields() {
 			if ( empty( self::$excluded_user_meta ) ) {
 				$excluded_user_meta = self::get_option_value( 'excluded-user-meta', '' );
-				if ( ! is_null( $excluded_user_meta ) && empty( $excluded_user_meta ) ) {
+				if ( ! is_null( $excluded_user_meta ) && ! empty( $excluded_user_meta ) ) {
 					self::$excluded_user_meta = array_unique( array_filter( explode( ',', $excluded_user_meta ) ) );
 					asort( self::$excluded_user_meta );
 				} else {
@@ -986,6 +986,11 @@ public static function get_excluded_monitoring_users() {
 				self::$excluded_users = self::get_option_value( 'excluded-users', array() );
 			}
 
+			if ( is_string( self::$excluded_users ) ) {
+				self::$excluded_users = array_unique( array_filter( explode( ',', self::$excluded_users ) ) );
+				self::set_option_value( 'excluded-users', self::$excluded_users );
+			}
+
 			return self::$excluded_users;
 		}
 
@@ -1033,6 +1038,8 @@ public static function set_excluded_monitoring_users( $users ) {
 		 * Set roles excluded from monitoring.
 		 *
 		 * @param array $roles - Array of roles.
+		 *
+		 * @since 4.5.0
 		 */
 		public static function set_excluded_monitoring_roles( $roles ) {
 			// Trigger alert.
@@ -1070,12 +1077,21 @@ public static function set_excluded_monitoring_roles( $roles ) {
 
 		/**
 		 * Get roles excluded from monitoring.
+		 *
+		 * @return array
+		 *
+		 * @since 4.5.0
 		 */
 		public static function get_excluded_monitoring_roles() {
 			if ( empty( self::$excluded_roles ) ) {
 				self::$excluded_roles = self::get_option_value( 'excluded-roles', array() );
 			}
 
+			if ( is_string( self::$excluded_roles ) ) {
+				self::$excluded_roles = array_unique( array_filter( explode( ',', self::$excluded_roles ) ) );
+				self::set_option_value( 'excluded-roles', self::$excluded_roles );
+			}
+
 			return self::$excluded_roles;
 		}
 

classes/Migration/class-migration.php

@@ -583,8 +583,16 @@ protected static function migrate_up_to_4430() {
 						fopen( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php', 'r' )
 					);
 					if ( false === strpos( $line, '<?php' ) ) {
-						$file_data = file_get_contents( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php' );
-						file_put_contents( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php', '<?php' . PHP_EOL . $file_data );
+						$fp_source = fopen( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php', 'r' );
+						$fp_dest   = fopen( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php.tmp', 'w' ); // better to generate a real temp filename.
+						fwrite( $fp_dest, '<?php' . "\n" );
+						while ( ! feof( $fp_source ) ) {
+							fwrite( $fp_dest, fread( $fp_source, 8192 ) );
+						}
+						fclose( $fp_source );
+						fclose( $fp_dest );
+						unlink( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php' );
+						rename( $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php.tmp', $working_dir_path . WSAL_Ext_MirrorLogger::FILE_NAME_FAILED_LOGS . '.php' );
 					}
 				}
 			}

classes/WPSensors/class-wp-content-sensor.php

@@ -187,6 +187,10 @@ public static function post_changed( $post_id, $post, $update ) {
 				return;
 			}
 
+			if ( null === self::$old_post ) {
+				return;
+			}
+
 			// Ignorable states.
 			if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
 				// Check post creation event.

languages/wp-security-audit-log.pot

@@ -2,16 +2,16 @@
 # This file is distributed under the GPL v3.
 msgid ""
 msgstr ""
-"Project-Id-Version: WP Activity Log 4.5.2\n"
+"Project-Id-Version: WP Activity Log 4.5.3\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-security-audit-log\n"
 "Last-Translator: WP White Security <info@wpwhitesecurity.com>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2023-05-11T14:13:25+00:00\n"
+"POT-Creation-Date: 2023-06-29T12:10:02+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"X-Generator: WP-CLI 2.6.0\n"
+"X-Generator: WP-CLI 2.7.1\n"
 "X-Domain: wp-security-audit-log\n"
 
 #. Plugin Name of the plugin

readme.txt

@@ -6,7 +6,7 @@ License URI: https://www.gnu.org/licenses/gpl.html
 Tags: activity log, security audit log, user tracking, security event log, audit trail, user activity, changelog, history, log, website changes
 Requires at least: 5.0
 Tested up to: 6.2
-Stable tag: 4.5.2
+Stable tag: 4.5.3
 Requires PHP: 7.2
 
 The #1 user-rated activity log plugin. Keep a comprehensive log of the changes that happen on your site with this easy to use plugin.
@@ -209,6 +209,17 @@ Please refer to our [support pages](https://wpactivitylog.com/support/?utm_sourc
 
 == Changelog ==
 
+= 4.5.3 (2023-07-05) =
+
+* **Bug fixes**
+	* Fixed issue causing pruning of reports to remove all stored reports.
+	* Fixed issue which could cause a memory issue when migrating from older WSAL versions.
+	* Fixed error which could cause 'Excluded custom user fields' to not save when updating.
+	* Fixed issue which cause cause a fatal error when saving pages via the Oxygen Builder plugin.
+
+* **Security fix**
+	*  Updated Freemius SDK
+
 = 4.5.2 (2023-05-11) =
 
 * **Plugin & features improvements**

third-party/vendor/autoload.php

@@ -3,10 +3,23 @@
 // autoload.php @generated by Composer
 
 if (PHP_VERSION_ID < 50600) {
-    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
-    exit(1);
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInit5920eeb7f8be8a34a3f7b3e023c74371::getLoader();
+return ComposerAutoloaderInitbc9b2788d841a60d096fa4c5a780a893::getLoader();

third-party/vendor/composer/ClassLoader.php

@@ -42,6 +42,9 @@
  */
 class ClassLoader
 {
+    /** @var \Closure(string):void */
+    private static $includeFile;
+
     /** @var ?string */
     private $vendorDir;
 
@@ -106,6 +109,7 @@ class ClassLoader
     public function __construct($vendorDir = null)
     {
         $this->vendorDir = $vendorDir;
+        self::initializeIncludeClosure();
     }
 
     /**
@@ -425,7 +429,8 @@ public function unregister()
     public function loadClass($class)
     {
         if ($file = $this->findFile($class)) {
-            includeFile($file);
+            $includeFile = self::$includeFile;
+            $includeFile($file);
 
             return true;
         }
@@ -555,18 +560,26 @@ private function findFileWithExtension($class, $ext)
 
         return false;
     }
-}
 
-/**
- * Scope isolated include.
- *
- * Prevents access to $this/self from included files.
- *
- * @param  string $file
- * @return void
- * @private
- */
-function includeFile($file)
-{
-    include $file;
+    /**
+     * @return void
+     */
+    private static function initializeIncludeClosure()
+    {
+        if (self::$includeFile !== null) {
+            return;
+        }
+
+        /**
+         * Scope isolated include.
+         *
+         * Prevents access to $this/self from included files.
+         *
+         * @param  string $file
+         * @return void
+         */
+        self::$includeFile = \Closure::bind(static function($file) {
+            include $file;
+        }, null, null);
+    }
 }

third-party/vendor/composer/InstalledVersions.php

@@ -98,7 +98,7 @@ public static function isInstalled($packageName, $includeDevRequirements = true)
     {
         foreach (self::getInstalled() as $installed) {
             if (isset($installed['versions'][$packageName])) {
-                return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);
+                return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
             }
         }
 
@@ -119,7 +119,7 @@ public static function isInstalled($packageName, $includeDevRequirements = true)
      */
     public static function satisfies(VersionParser $parser, $packageName, $constraint)
     {
-        $constraint = $parser->parseConstraints($constraint);
+        $constraint = $parser->parseConstraints((string) $constraint);
         $provided = $parser->parseConstraints(self::getVersionRanges($packageName));
 
         return $provided->matches($constraint);
@@ -328,7 +328,9 @@ private static function getInstalled()
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
                 } elseif (is_file($vendorDir.'/composer/installed.php')) {
-                    $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
+                    /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                    $required = require $vendorDir.'/composer/installed.php';
+                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
                     if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
                         self::$installed = $installed[count($installed) - 1];
                     }
@@ -340,12 +342,17 @@ private static function getInstalled()
             // only require the installed.php file if this file is loaded from its dumped location,
             // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
             if (substr(__DIR__, -8, 1) !== 'C') {
-                self::$installed = require __DIR__ . '/installed.php';
+                /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                $required = require __DIR__ . '/installed.php';
+                self::$installed = $required;
             } else {
                 self::$installed = array();
             }
         }
-        $installed[] = self::$installed;
+
+        if (self::$installed !== array()) {
+            $installed[] = self::$installed;
+        }
 
         return $installed;
     }

third-party/vendor/composer/autoload_real.php

@@ -2,7 +2,7 @@
 
 // autoload_real.php @generated by Composer
 
-class ComposerAutoloaderInit5920eeb7f8be8a34a3f7b3e023c74371
+class ComposerAutoloaderInitbc9b2788d841a60d096fa4c5a780a893
 {
     private static $loader;
 
@@ -22,12 +22,12 @@ public static function getLoader()
             return self::$loader;
         }
 
-        spl_autoload_register(array('ComposerAutoloaderInit5920eeb7f8be8a34a3f7b3e023c74371', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInitbc9b2788d841a60d096fa4c5a780a893', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
-        spl_autoload_unregister(array('ComposerAutoloaderInit5920eeb7f8be8a34a3f7b3e023c74371', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInitbc9b2788d841a60d096fa4c5a780a893', 'loadClassLoader'));
 
         require __DIR__ . '/autoload_static.php';
-        call_user_func(\Composer\Autoload\ComposerStaticInit5920eeb7f8be8a34a3f7b3e023c74371::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticInitbc9b2788d841a60d096fa4c5a780a893::getInitializer($loader));
 
         $loader->setClassMapAuthoritative(true);
         $loader->register(true);

third-party/vendor/composer/autoload_static.php

@@ -4,7 +4,7 @@
 
 namespace Composer\Autoload;
 
-class ComposerStaticInit5920eeb7f8be8a34a3f7b3e023c74371
+class ComposerStaticInitbc9b2788d841a60d096fa4c5a780a893
 {
     public static $classMap = array (
         'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
@@ -15,7 +15,7 @@ class ComposerStaticInit5920eeb7f8be8a34a3f7b3e023c74371
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
-            $loader->classMap = ComposerStaticInit5920eeb7f8be8a34a3f7b3e023c74371::$classMap;
+            $loader->classMap = ComposerStaticInitbc9b2788d841a60d096fa4c5a780a893::$classMap;
 
         }, null, ClassLoader::class);
     }

vendor/autoload.php

@@ -3,10 +3,23 @@
 // autoload.php @generated by Composer
 
 if (PHP_VERSION_ID < 50600) {
-    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
-    exit(1);
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInit0c92317a9b8beb8201a628f48b163d1b::getLoader();
+return ComposerAutoloaderInit044151a9a14b6e089c398c934d01d44c::getLoader();