Merge pull request #697 from wpwhitesecurity/20240214-sync

Sync from 2024-02-14
Melapress · Feb 14, 2024 · b88af55 · b88af55
2 parents 00f951e + 30c12b3
commit b88af55
Show file tree

Hide file tree

Showing 32 changed files with 111 additions and 80 deletions.
diff --git a/classes/Helpers/class-logger.php b/classes/Helpers/class-logger.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage utils
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-security-audit-log/
  * @since 4.4.3

diff --git a/classes/Helpers/class-notices.php b/classes/Helpers/class-notices.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage helpers
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-security-audit-log/
  * @since 4.6.0

diff --git a/classes/Helpers/class-plugins-helper.php b/classes/Helpers/class-plugins-helper.php
@@ -7,7 +7,7 @@
  *
  * @since 4.5.0
  *
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  *
  * @see       https://wordpress.org/plugins/wp-2fa/

diff --git a/classes/Helpers/class-settings-helper.php b/classes/Helpers/class-settings-helper.php
@@ -1328,9 +1328,10 @@ public static function get_frontend_events() {
 			if ( null === self::$frontend_events ) {
 				// Option defaults.
 				$default               = array(
-					'register'    => false,
-					'login'       => false,
-					'woocommerce' => false,
+					'register'     => false,
+					'login'        => false,
+					'woocommerce'  => false,
+					'gravityforms' => false,
 				);
 				self::$frontend_events = self::get_option_value( self::FRONT_END_EVENTS_OPTION_NAME, $default );
 			}

diff --git a/classes/Helpers/class-uninstall-helper.php b/classes/Helpers/class-uninstall-helper.php
@@ -5,7 +5,7 @@
  * @package    wsal
  * @subpackage helpers
  * @since      4.6.0
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Helpers/class-upgrade-notice.php b/classes/Helpers/class-upgrade-notice.php
@@ -5,7 +5,7 @@
  * @package    wsal
  * @subpackage helpers
  * @since      4.6.0
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Helpers/class-user-helper.php b/classes/Helpers/class-user-helper.php
@@ -5,7 +5,7 @@
  * @package    wsal
  * @subpackage helpers
  * @since      4.6.0
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Helpers/class-user-utils.php b/classes/Helpers/class-user-utils.php
@@ -5,7 +5,7 @@
  * @package    wsal
  * @subpackage helpers
  * @since      4.6.0
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Helpers/class-wp-helper.php b/classes/Helpers/class-wp-helper.php
@@ -7,7 +7,7 @@
  *
  * @since      4.4.2
  *
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  *
  * @see       https://wordpress.org/plugins/wp-2fa/

diff --git a/classes/ListAdminEvents/class-list-events.php b/classes/ListAdminEvents/class-list-events.php
@@ -7,7 +7,7 @@
  *
  * @since      4.6.0
  *
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  *
  * @see       https://wordpress.org/plugins/wp-2fa/

diff --git a/classes/MainWPAddon/class-mainwp-addon.php b/classes/MainWPAddon/class-mainwp-addon.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage mainwp
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  *

diff --git a/classes/MainWPAddon/class-mainwp-helper.php b/classes/MainWPAddon/class-mainwp-helper.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage mainwp
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  *

diff --git a/classes/MainWPAddon/class-mainwp-settings.php b/classes/MainWPAddon/class-mainwp-settings.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage mainwp
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  *

diff --git a/classes/Migration/class-abstract-migration.php b/classes/Migration/class-abstract-migration.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage utils
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Migration/class-migration.php b/classes/Migration/class-migration.php
@@ -4,7 +4,7 @@
  *
  * @package    wsal
  * @subpackage utils
- * @copyright  %%YEAR%% Melapress
+ * @copyright  2024 Melapress
  * @license    https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
  * @link       https://wordpress.org/plugins/wp-2fa/
  */

diff --git a/classes/Views/SetupWizard.php b/classes/Views/SetupWizard.php
@@ -10,6 +10,7 @@
  */
 
 use WSAL\Helpers\WP_Helper;
+use WSAL\Helpers\View_Manager;
 use WSAL\Helpers\Plugins_Helper;
 use WSAL\Helpers\Settings_Helper;
 
@@ -255,7 +256,7 @@ public function setup_page() {
 		/**
 		 * Enqueue Styles.
 		 */
-		$wizard_css = WSAL_ViewManager::get_asset_path( 'css/dist/', 'wsal-wizard', 'css', false );
+		$wizard_css = View_Manager::get_asset_path( 'css/dist/', 'wsal-wizard', 'css', false );
 		wp_enqueue_style(
 			'wsal-wizard-css',
 			WSAL_BASE_URL . '/' . $wizard_css,
@@ -266,7 +267,7 @@ public function setup_page() {
 		/**
 		 * Enqueue Scripts.
 		 */
-		$wizard_js = WSAL_ViewManager::get_asset_path( 'js/dist/', 'wsal-wizard', 'js', false );
+		$wizard_js = View_Manager::get_asset_path( 'js/dist/', 'wsal-wizard', 'js', false );
 		wp_register_script(
 			'wsal-wizard-js',
 			WSAL_BASE_URL . '/' . $wizard_js,

diff --git a/classes/WPSensors/Helpers/class-gravityforms-helper.php b/classes/WPSensors/Helpers/class-gravityforms-helper.php
@@ -46,15 +46,19 @@ public static function wsal_gravityforms_extension_load_public_sensors( $value )
 		/**
 		 * Ensures front end sensor can load when needed.
 		 *
-		 * @param bool  $default - Current loading situation.
+		 * @param bool  $default_value - Current loading situation.
 		 * @param array $frontend_events - Array of current front end events.
 		 *
 		 * @return bool
 		 *
 		 * @since 4.6.0
 		 */
-		public static function wsal_gravityforms_allow_sensor_on_frontend( $default, $frontend_events ) {
-			return ( $default || ! false === $frontend_events['gravityforms'] );
+		public static function wsal_gravityforms_allow_sensor_on_frontend( $default_value, $frontend_events ) {
+			if ( ! isset( $frontend_events['gravityforms'] ) ) {
+				return $default_value;
+			} else {
+				return ( $default_value || ! false === $frontend_events['gravityforms'] );
+			}
 		}
 
 		/**

diff --git a/classes/WPSensors/class-woocommerce-sensor.php b/classes/WPSensors/class-woocommerce-sensor.php
@@ -4936,7 +4936,7 @@ private static function check_image_change( $oldpost, $data = false ) {
 			$event_data['SKU']           = self::get_product_sku( $oldpost->ID );
 
 			// Featued image added.
-			if ( empty( $old_attachment_metadata ) && ! empty( $attachment_metadata ) ) {
+			if ( empty( $old_attachment_metadata ) && ! empty( $attachment_metadata ) && isset( $attachment_metadata['file'] ) ) {
 				$event_data['EventType'] = 'added';
 				$event_data['name']      = basename( $attachment_metadata['file'] );
 				$event_data['path']      = $get_upload_dir['basedir'] . DIRECTORY_SEPARATOR . $attachment_metadata['file'];

diff --git a/languages/wp-security-audit-log.pot b/languages/wp-security-audit-log.pot
@@ -2,14 +2,14 @@
 # This file is distributed under the GPL v3.
 msgid ""
 msgstr ""
-"Project-Id-Version: WP Activity Log 4.6.3\n"
+"Project-Id-Version: WP Activity Log 4.6.4\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-security-audit-log\n"
 "Last-Translator: Melapress <info@wpwhitesecurity.com>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-02-08T11:47:50+00:00\n"
+"POT-Creation-Date: 2024-02-14T05:56:45+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
 "X-Domain: wp-security-audit-log\n"

diff --git a/third-party/vendor/autoload.php b/third-party/vendor/autoload.php
@@ -22,4 +22,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInita47fa0177abbad5f187d69ff99b04a62::getLoader();
+return ComposerAutoloaderInite91ce0704308900a87f5d3dee95652f3::getLoader();
diff --git a/third-party/vendor/classes/wp-async-request.php b/third-party/vendor/classes/wp-async-request.php
@@ -7,10 +7,6 @@
  *
  * @package WP-Background-Processing
  */
-// phpcs:disable Generic.Commenting.DocComment.MissingShort
-/** @noinspection PhpIllegalPsrClassPathInspection */
-/** @noinspection AutoloadingIssuesInspection */
-// phpcs:disable Generic.Commenting.DocComment.MissingShort
 /**
  * Abstract WP_Async_Request class.
  *
@@ -166,7 +162,6 @@ public function maybe_handle()
      * @param mixed $return What to return if filter says don't die, default is null.
      *
      * @return void|mixed
-     * @noinspection ForgottenDebugOutputInspection
      */
     protected function maybe_wp_die($return = null)
     {

diff --git a/third-party/vendor/classes/wp-background-process.php b/third-party/vendor/classes/wp-background-process.php
@@ -7,10 +7,6 @@
  *
  * @package WP-Background-Processing
  */
-// phpcs:disable Generic.Commenting.DocComment.MissingShort
-/** @noinspection PhpIllegalPsrClassPathInspection */
-/** @noinspection AutoloadingIssuesInspection */
-// phpcs:disable Generic.Commenting.DocComment.MissingShort
 /**
  * Abstract WP_Background_Process class.
  *
@@ -51,6 +47,12 @@ abstract class WP_Background_Process extends WP_Async_Request
      * @access protected
      */
     protected $cron_interval_identifier;
+    /**
+     * Restrict object instantiation when using unserialize.
+     *
+     * @var bool|array
+     */
+    protected $allowed_batch_data_classes = \true;
     /**
      * The status set when process is cancelling.
      *
@@ -65,14 +67,26 @@ abstract class WP_Background_Process extends WP_Async_Request
     const STATUS_PAUSED = 2;
     /**
      * Initiate new background process.
+     *
+     * @param bool|array $allowed_batch_data_classes Optional. Array of class names that can be unserialized. Default true (any class).
      */
-    public function __construct()
+    public function __construct($allowed_batch_data_classes = \true)
     {
         parent::__construct();
+        if (empty($allowed_batch_data_classes) && \false !== $allowed_batch_data_classes) {
+            $allowed_batch_data_classes = \true;
+        }
+        if (!\is_bool($allowed_batch_data_classes) && !\is_array($allowed_batch_data_classes)) {
+            $allowed_batch_data_classes = \true;
+        }
+        // If allowed_batch_data_classes property set in subclass,
+        // only apply override if not allowing any class.
+        if (\true === $this->allowed_batch_data_classes || \true !== $allowed_batch_data_classes) {
+            $this->allowed_batch_data_classes = $allowed_batch_data_classes;
+        }
         $this->cron_hook_identifier = $this->identifier . '_cron';
         $this->cron_interval_identifier = $this->identifier . '_cron_interval';
         add_action($this->cron_hook_identifier, array($this, 'handle_cron_healthcheck'));
-        // phpcs:ignore WordPress.WP.CronInterval.ChangeDetected
         add_filter('cron_schedules', array($this, 'schedule_cron_healthcheck'));
     }
     /**
@@ -307,7 +321,6 @@ public function maybe_handle()
      * Is queue empty?
      *
      * @return bool
-     * @noinspection IsEmptyFunctionUsageInspection
      */
     protected function is_queue_empty()
     {
@@ -323,7 +336,6 @@ protected function is_queue_empty()
      *
      * @deprecated 1.1.0 Superseded.
      * @see        is_processing()
-     * @noinspection PhpUnused
      */
     protected function is_process_running()
     {
@@ -409,7 +421,7 @@ public function get_batches($limit = 0)
 			SELECT *
 			FROM ' . $table . '
 			WHERE ' . $column . ' LIKE %s
-			ORDER BY ' . $key_column . '
+			ORDER BY ' . $key_column . ' ASC
 			';
         $args = array($key);
         if (!empty($limit)) {
@@ -420,10 +432,11 @@ public function get_batches($limit = 0)
         // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
         $batches = array();
         if (!empty($items)) {
-            $batches = \array_map(static function ($item) use($column, $value_column) {
+            $allowed_classes = $this->allowed_batch_data_classes;
+            $batches = \array_map(static function ($item) use($column, $value_column, $allowed_classes) {
                 $batch = new \stdClass();
                 $batch->key = $item->{$column};
-                $batch->data = maybe_unserialize($item->{$value_column});
+                $batch->data = static::maybe_unserialize($item->{$value_column}, $allowed_classes);
                 return $batch;
             }, $items);
         }
@@ -434,8 +447,6 @@ public function get_batches($limit = 0)
      *
      * Pass each queue item to the task handler, while remaining
      * within server memory and time limit constraints.
-     *
-     * @noinspection DisconnectedForeachInstructionInspection
      */
     protected function handle()
     {
@@ -512,7 +523,7 @@ protected function get_memory_limit()
             // Sensible default.
             $memory_limit = '128M';
         }
-        if (!$memory_limit || -1 === (int) $memory_limit) {
+        if (!$memory_limit || -1 === \intval($memory_limit)) {
             // Unlimited, set to 32GB.
             $memory_limit = '32000M';
         }
@@ -531,7 +542,7 @@ protected function time_exceeded()
         $finish = $this->start_time + apply_filters($this->identifier . '_default_time_limit', 20);
         // 20 seconds
         $return = \false;
-        if (!(\defined('WP_CLI') && \WP_CLI) && \time() >= $finish) {
+        if (\time() >= $finish) {
             $return = \true;
         }
         return apply_filters($this->identifier . '_time_exceeded', $return);
@@ -625,7 +636,6 @@ protected function clear_scheduled_event()
      *
      * @deprecated 1.1.0 Superseded.
      * @see        cancel()
-     * @noinspection PhpUnused
      */
     public function cancel_process()
     {
@@ -644,4 +654,24 @@ public function cancel_process()
      * @return mixed
      */
     protected abstract function task($item);
+    /**
+     * Maybe unserialize data, but not if an object.
+     *
+     * @param mixed      $data            Data to be unserialized.
+     * @param bool|array $allowed_classes Array of class names that can be unserialized.
+     *
+     * @return mixed
+     */
+    protected static function maybe_unserialize($data, $allowed_classes)
+    {
+        if (is_serialized($data)) {
+            $options = array();
+            if (\is_bool($allowed_classes) || \is_array($allowed_classes)) {
+                $options['allowed_classes'] = $allowed_classes;
+            }
+            return @\unserialize($data, $options);
+            // @phpcs:ignore
+        }
+        return $data;
+    }
 }