Merge pull request #699 from wpwhitesecurity/20240522-sync

Sync from 2024-05-22

classes/AbstractLogger.php

@@ -66,7 +66,7 @@ protected function get_correct_timestamp( $metadata, $legacy_date ) {
 			$timestamp = current_time( 'U.u', true );
 
 			$timestamp = \apply_filters( 'wsal_database_timestamp_value', $timestamp, $metadata );
-			
+
 			return array_key_exists( 'Timestamp', $metadata ) ? $metadata['Timestamp'] : current_time( 'U.u', true );
 		}
 

classes/AbstractView.php

@@ -30,11 +30,13 @@ abstract class WSAL_AbstractView {
 	protected $plugin;
 
 	/**
-	 * Contains the result to a call to add_submenu_page().
+	 * Pointer to the hook suffix
 	 *
 	 * @var string
+	 *
+	 * @since 5.0.0
 	 */
-	public $hook_suffix = '';
+	private static $hook_suffix = null;
 
 	/**
 	 * Tells us whether this view is currently being displayed or not.
@@ -242,4 +244,12 @@ public function get_url() {
 	public function get_view_name() {
 		return strtolower( str_replace( array( 'WSAL_Views_', 'WSAL_' ), '', get_class( $this ) ) );
 	}
+
+	public static function set_hook_suffix( $suffix ) {
+		self::$hook_suffix = $suffix;
+	}
+
+	public static function get_hook_suffix() {
+		return self::$hook_suffix;
+	}
 }

classes/Actions/class-plugin-installer.php

@@ -2,6 +2,8 @@
 /**
  * Plugin installer action
  *
+ * NOTE: Currently this class is used only for deactivating the legacy extension plugins.
+ *
  * Class file for installing plugins from the repo.
  *
  * @since 4.0.1
@@ -28,20 +30,22 @@ class Plugin_Installer {
 		 * Register the ajax action.
 		 *
 		 * @method register
+		 *
 		 * @since  4.0.1
 		 */
 		public static function init() {
-			add_action( 'wp_ajax_wsal_run_addon_install', array( __CLASS__, 'run_addon_install' ) );
+			\add_action( 'wp_ajax_wsal_run_addon_install', array( __CLASS__, 'run_addon_install' ) );
 		}
 
 		/**
 		 * Run the installer.
 		 *
 		 * @method run_addon_install
+		 *
 		 * @since  4.0.1
 		 */
 		public static function run_addon_install() {
-			check_ajax_referer( 'wsal-install-addon' );
+			\check_ajax_referer( 'wsal-install-addon' );
 
 			$predefined_plugins = Plugins_Helper::get_installable_plugins();
 
@@ -88,7 +92,7 @@ public static function run_addon_install() {
 
 			// bail early if we didn't get a valid url and slug to install.
 			if ( ! $valid ) {
-				wp_send_json_error(
+				\wp_send_json_error(
 					array(
 						'message' => esc_html__( 'Tried to install a zip or slug that was not in the allowed list', 'wp-security-audit-log' ),
 					)
@@ -118,15 +122,15 @@ public static function run_addon_install() {
 				\WSAL\Helpers\Settings_Helper::delete_option_value( 'show-helper-plugin-needed-nudge' );
 			}
 
-			wp_send_json( $result );
+			\wp_send_json( $result );
 		}
 
 		/**
 		 * Install a plugin given a slug.
 		 *
-		 * @method install
-		 * @since  4.0.1
 		 * @param  string $plugin_zip URL to the direct zip file.
+		 *
+		 * @since  4.0.1
 		 */
 		public static function install_plugin( $plugin_zip = '' ) {
 			// bail early if we don't have a slug to work with.
@@ -138,7 +142,7 @@ public static function install_plugin( $plugin_zip = '' ) {
 				include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
 			}
 			// clear the cache so we're using fresh data.
-			wp_cache_flush();
+			\wp_cache_flush();
 			$upgrader       = new \Plugin_Upgrader();
 			$install_result = $upgrader->install( $plugin_zip );
 			if ( ! $install_result || is_wp_error( $install_result ) ) {
@@ -152,10 +156,11 @@ public static function install_plugin( $plugin_zip = '' ) {
 		/**
 		 * Activates a plugin that is available on the site.
 		 *
-		 * @method activate
-		 * @since  4.0.1
 		 * @param  string $plugin_zip URL to the direct zip file.
+		 *
 		 * @return void
+		 *
+		 * @since  4.0.1
 		 */
 		public static function activate( $plugin_zip = '' ) {
 			// bail early if we don't have a slug to work with.
@@ -196,10 +201,10 @@ public static function deactivate_plugin( string $plugin ): bool {
 					$network_wide = true;
 				}
 
-				$result = deactivate_plugins( $plugin, false, $network_wide );
+				$result = \deactivate_plugins( $plugin, false, $network_wide );
 
 				// Check if the plugin was deactivated.
-				if ( is_wp_error( $result ) ) {
+				if ( \is_wp_error( $result ) ) {
 					return false;
 				}
 			}
@@ -229,10 +234,10 @@ public static function run_activate( $plugin_slug = '' ) {
 			if ( ! in_array( $plugin_slug, $current, true ) ) {
 				if ( WP_Helper::is_multisite() ) {
 					$current[] = $plugin_slug;
-					activate_plugin( $plugin_slug, '', true );
+					\activate_plugin( $plugin_slug, '', true );
 				} else {
 					$current[] = $plugin_slug;
-					activate_plugin( $plugin_slug );
+					\activate_plugin( $plugin_slug );
 				}
 			}
 			return null;
@@ -241,9 +246,9 @@ public static function run_activate( $plugin_slug = '' ) {
 		/**
 		 * Check if a plugin is installed.
 		 *
-		 * @method is_plugin_installed
-		 * @since  4.0.1
 		 * @param  string $plugin_slug slug for plugin.
+		 *
+		 * @since  4.0.1
 		 */
 		public static function is_plugin_installed( $plugin_slug = '' ) {
 			// bail early if we don't have a slug to work with.
@@ -255,7 +260,7 @@ public static function is_plugin_installed( $plugin_slug = '' ) {
 			if ( ! function_exists( 'get_plugins' ) ) {
 				require_once ABSPATH . 'wp-admin/includes/plugin.php';
 			}
-			$all_plugins = get_plugins();
+			$all_plugins = \get_plugins();
 
 			// true if plugin is already installed or false if not.
 			if ( ! empty( $all_plugins[ $plugin_slug ] ) ) {

classes/AlertFormatter.php

@@ -14,7 +14,9 @@
 }
 
 use WSAL\Helpers\WP_Helper;
+use WSAL\MainWP\MainWP_Helper;
 use WSAL\Entities\Metadata_Entity;
+use WSAL\Entities\Occurrences_Entity;
 
 /**
  * WSAL_AlertFormatter class.
@@ -150,6 +152,18 @@ public function format_meta_expression( $expression, $value, $occurrence_id = nu
 					$post_id = $this->get_occurrence_meta_item( $occurrence_id, 'PostID' );
 				}
 
+				$occurrence_data = Occurrences_Entity::load( 'id = %d', array( $occurrence_id ) );
+
+				if ( isset( $occurrence_data ) && isset( $occurrence_data['site_id'] ) ) {
+					if ( MainWP_Helper::SET_SITE_ID_NUMBER < $occurrence_data['site_id'] ) {
+						if ( isset( $metadata['PostUrl'] ) ) {
+							return $metadata['PostUrl'];
+						} else {
+							return '';
+						}
+					}
+				}
+
 				$occ_post = ! is_null( $post_id ) ? get_post( $post_id ) : null;
 				if ( null !== $occ_post && 'publish' === $occ_post->post_status ) {
 					return get_permalink( $occ_post->ID );
@@ -184,6 +198,24 @@ public function format_meta_expression( $expression, $value, $occurrence_id = nu
 					return $value;
 				}
 
+			case '%Users%' === $expression: // Failed login attempts.
+				if ( isset( $metadata['Users'] ) && is_array( $metadata['Users'] ) ) {
+					if ( empty( $metadata['Users'] ) ) {
+						return 'Unknown username';
+					}
+					return $metadata['Users'][0];
+				} elseif ( isset( $metadata['Users'] ) ) {
+					return $metadata['Users'];
+				} else {
+					return 'Unknown username';
+				}
+				$check_value = (int) $value;
+				if ( 0 === $check_value ) {
+					return '';
+				} else {
+					return $metadata['Users'][0];
+				}
+
 			case '%LogFileText%' === $expression: // Failed login file text.
 				if ( $this->configuration->is_js_in_links_allowed() ) {
 					$result = '<a href="javascript:;" onclick="download_failed_login_log( this )" data-download-nonce="' . esc_attr( wp_create_nonce( 'wsal-download-failed-logins' ) ) . '" title="' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '">' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '</a>';
@@ -225,6 +257,10 @@ public function format_meta_expression( $expression, $value, $occurrence_id = nu
 			case '%PluginFile%' === $expression:
 				return $this->wrap_in_hightlight_markup( dirname( $value ) );
 
+			case '%OldVersion%' === $expression:
+				$return = ( $value !== 'NULL' ) ? $value : esc_html__( 'Upgrade event prior to WP Activity Log 5.0.0.', 'wp-security-audit-log' );
+				return $this->wrap_in_hightlight_markup( $return );
+
 			default:
 				/**
 				 * Allows meta formatting via filter if no match was found.