📦 MERGE: Develop into master 💯

wpwhitesecurity · Mar 12, 2018 · 5816981 · 5816981
2 parents bcd2d27 + 1d122f2
commit 5816981
Show file tree

Hide file tree

Showing 196 changed files with 34,661 additions and 22,054 deletions.
diff --git a/classes/AuditLogListView.php b/classes/AuditLogListView.php
@@ -584,6 +584,16 @@ public function meta_formatter( $name, $value ) {
 					return '<strong>' . esc_html( $value ) . '</strong>';
 				}
 
+			case '%multisite_text%' === $name:
+				if ( $this->is_multisite() && $value ) {
+					$site_info = get_blog_details( $value, true );
+					if ( $site_info ) {
+						return ' on site <a href="' . esc_url( $site_info->siteurl ) . '">' . esc_html( $site_info->blogname ) . '</a>';
+					}
+					return;
+				}
+				return;
+
 			default:
 				return '<strong>' . esc_html( $value ) . '</strong>';
 		}

diff --git a/classes/Sensors/Comments.php b/classes/Sensors/Comments.php
@@ -151,13 +151,17 @@ public function EventComment( $comment_id, $comment_approved = null ) {
 						'Date' => $comment->comment_date,
 						'CommentLink' => '<a target="_blank" href="' . $comment_link . '">' . $comment->comment_date . '</a>',
 					);
-					if ( ! username_exists( $comment->comment_author ) ) {
+
+					// Get user data.
+					$user_data = get_user_by( 'email', $comment->comment_author_email );
+
+					if ( ! $user_data ) {
 						// Set the fields.
 						$fields['CommentMsg'] = sprintf( 'A comment was posted in response to the post <strong>%s</strong>. The comment was posted by <strong>%s</strong>', $post->post_title, $this->CheckAuthor( $comment ) );
 						$fields['Username'] = 'Website Visitor';
+						$this->plugin->alerts->Trigger( 2126, $fields );
 					} else {
 						// Get user roles.
-						$user_data = get_user_by( 'login', $comment->comment_author );
 						$user_roles = $user_data->roles;
 
 						// Check if superadmin.
@@ -166,12 +170,11 @@ public function EventComment( $comment_id, $comment_approved = null ) {
 						}
 
 						// Set the fields.
-						$fields['Username'] = $comment->comment_author;
+						$fields['Username'] = $user_data->user_login;
 						$fields['CurrentUserRoles'] = $user_roles;
 						$fields['CommentMsg'] = sprintf( 'Posted a comment in response to the post <strong>%s</strong>', $post->post_title );
+						$this->plugin->alerts->Trigger( 2099, $fields );
 					}
-
-					$this->plugin->alerts->Trigger( 2099, $fields );
 				}
 			}
 		}

diff --git a/classes/Sensors/Content.php b/classes/Sensors/Content.php
@@ -439,29 +439,20 @@ public function trigger_post_change_alerts( $old_status, $new_status, $post, $or
 				$this->CheckPostCreation( $this->_old_post, $post );
 			} else {
 				// Handle update post events.
-				$changes = 0
-					+ $this->CheckAuthorChange( $this->_old_post, $post )
+				$changes = 0;
+				$changes = $this->CheckAuthorChange( $this->_old_post, $post )
 					+ $this->CheckStatusChange( $this->_old_post, $post )
 					+ $this->CheckParentChange( $this->_old_post, $post )
 					+ $this->CheckStickyChange( $this->_old_stky, $sticky, $post )
 					+ $this->CheckVisibilityChange( $this->_old_post, $post, $old_status, $new_status )
 					+ $this->CheckTemplateChange( $this->_old_tmpl, $this->GetPostTemplate( $post ), $post )
 					+ $this->CheckCategoriesChange( $this->_old_cats, $this->GetPostCategories( $post ), $post )
-					+ $this->check_tags_change( $this->_old_tags, $this->get_post_tags( $post ), $post );
-
-				if ( ! $changes ) {
-					$changes = $this->CheckDateChange( $this->_old_post, $post );
-					if ( ! $changes ) {
-						$changes = $this->CheckPermalinkChange( $this->_old_link, get_permalink( $post->ID ), $post );
-						// Comments/Trackbacks and Pingbacks.
-						if ( ! $changes ) {
-							$changes = $this->CheckCommentsPings( $this->_old_post, $post );
-							if ( ! $changes ) {
-								$changes = $this->CheckModificationChange( $post->ID, $this->_old_post, $post );
-							}
-						}
-					}
-				}
+					+ $this->check_tags_change( $this->_old_tags, $this->get_post_tags( $post ), $post )
+					+ $this->CheckDateChange( $this->_old_post, $post )
+					+ $this->CheckPermalinkChange( $this->_old_link, get_permalink( $post->ID ), $post )
+					+ $this->CheckCommentsPings( $this->_old_post, $post );
+
+				$this->CheckModificationChange( $post->ID, $this->_old_post, $post, $changes );
 			}
 		}
 	}
@@ -909,7 +900,7 @@ protected function CheckParentChange( $oldpost, $newpost ) {
 	 * @param stdClass $post - The post.
 	 */
 	protected function CheckPermalinkChange( $old_link, $new_link, $post ) {
-		if ( $old_link != $new_link ) {
+		if ( $old_link !== $new_link ) {
 			$editor_link = $this->GetEditorLink( $post );
 			$this->plugin->alerts->Trigger(
 				2017, array(
@@ -1039,11 +1030,12 @@ protected function CheckStickyChange( $old_stky, $new_stky, $post ) {
 	/**
 	 * Post modified content.
 	 *
-	 * @param integer  $post_id - Post ID.
-	 * @param stdClass $oldpost - Old post.
-	 * @param stdClass $newpost - New post.
+	 * @param integer  $post_id – Post ID.
+	 * @param stdClass $oldpost – Old post.
+	 * @param stdClass $newpost – New post.
+	 * @param int      $modified – Set to 0 if no changes done to the post.
 	 */
-	public function CheckModificationChange( $post_id, $oldpost, $newpost ) {
+	public function CheckModificationChange( $post_id, $oldpost, $newpost, $modified ) {
 		if ( $this->CheckOtherSensors( $oldpost ) ) {
 			return;
 		}
@@ -1057,7 +1049,7 @@ public function CheckModificationChange( $post_id, $oldpost, $newpost ) {
 				// Check if content changed.
 				if ( $content_changed ) {
 					$event = 2065;
-				} else {
+				} elseif ( ! $modified ) {
 					$event = 2002;
 				}
 				if ( $event ) {
@@ -1541,6 +1533,8 @@ private function CheckTitleChange( $oldpost, $newpost ) {
 	 */
 	private function CheckCommentsPings( $oldpost, $newpost ) {
 		$result = 0;
+		$editor_link = $this->GetEditorLink( $newpost );
+
 		// Comments.
 		if ( $oldpost->comment_status != $newpost->comment_status ) {
 			$type = 'Comments';

diff --git a/classes/Sensors/UserProfile.php b/classes/Sensors/UserProfile.php
@@ -101,7 +101,15 @@ public function EventUserRoleChanged( $user_id, $role, $old_roles ) {
 		// Filter $_POST array for security.
 		$post_array = filter_input_array( INPUT_POST );
 
-		if ( isset( $post_array['_wpnonce'] ) && ! wp_verify_nonce( $post_array['_wpnonce'], 'update-user_' . $user_id ) ) {
+		if ( ! isset( $post_array['changeit'] ) ) {
+			if ( isset( $post_array['_wpnonce'] )
+				&& ! wp_verify_nonce( $post_array['_wpnonce'], 'update-user_' . $user_id ) ) {
+				return false;
+			}
+		} elseif ( isset( $post_array['changeit'] )
+			&& 'Change' === $post_array['changeit']
+			&& isset( $post_array['_wpnonce'] )
+			&& ! wp_verify_nonce( $post_array['_wpnonce'], 'bulk-users' ) ) {
 			return false;
 		}
 
@@ -126,15 +134,25 @@ public function EventUserRoleChanged( $user_id, $role, $old_roles ) {
 			}
 			$old_roles = array_diff( $old_roles, $bbpress_roles );
 		}
+
+		// Get roles.
 		$old_role = count( $old_roles ) ? implode( ', ', $old_roles ) : '';
 		$new_role = $role;
+
+		// If multisite, then get its URL.
+		if ( $this->plugin->IsMultisite() ) {
+			$site_id = get_current_blog_id();
+		}
+
+		// Alert if roles are changed.
 		if ( $old_role != $new_role ) {
 			$this->plugin->alerts->TriggerIf(
 				4002, array(
 					'TargetUserID' => $user_id,
 					'TargetUsername' => $user->user_login,
 					'OldRole' => $old_role,
 					'NewRole' => $new_role,
+					'multisite_text' => $this->plugin->IsMultisite() ? $site_id : false,
 				), array( $this, 'MustNotContainUserChanges' )
 			);
 		}

diff --git a/classes/ViewManager.php b/classes/ViewManager.php
@@ -153,6 +153,14 @@ public function AddAdminMenus() {
 						continue;
 					}
 
+					if ( ( 'wsal-togglealerts' === $view->GetSafeViewName()
+							|| 'wsal-settings' === $view->GetSafeViewName()
+							|| 'wsal-ext-settings' === $view->GetSafeViewName()
+						)
+						&& ! $this->_plugin->settings->CurrentUserCan( 'edit' ) ) {
+						continue;
+					}
+
 					$view->hook_suffix = add_submenu_page(
 						$view->IsVisible() ? $this->views[0]->GetSafeViewName() : null,
 						$view->GetTitle(),

diff --git a/classes/Views/AuditLog.php b/classes/Views/AuditLog.php
@@ -79,7 +79,16 @@ public function AdminNoticesPremium() {
 						<!-- /.wsal_notice__wrapper -->
 						<div class="wsal_notice__btns">
 							<?php
+							// Buy Now button link.
 							$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', admin_url( 'admin.php' ) );
+
+							// If user is not super admin and website is multisite then change the URL.
+							if ( $this->_plugin->IsMultisite() && ! is_super_admin() ) {
+								$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+							} elseif ( $this->_plugin->IsMultisite() && is_super_admin() ) {
+								$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', network_admin_url( 'admin.php' ) );
+							}
+
 							$more_info = add_query_arg(
 								array(
 									'utm_source' => 'plugin',

diff --git a/classes/Views/EmailNotifications.php b/classes/Views/EmailNotifications.php
@@ -124,7 +124,21 @@ public function Render() {
 						</ul>
 					</p>
 					<?php
+					// Buy Now button link.
 					$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', admin_url( 'admin.php' ) );
+					$buy_now_target = '';
+
+					// If user is not super admin and website is multisite then change the URL.
+					if ( $this->_plugin->IsMultisite() && ! is_super_admin() ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					} elseif ( $this->_plugin->IsMultisite() && is_super_admin() ) {
+						$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', network_admin_url( 'admin.php' ) );
+					} elseif ( ! $this->_plugin->IsMultisite() && ! current_user_can( 'manage_options' ) ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					}
+
 					$more_info = add_query_arg(
 						array(
 							'utm_source' => 'plugin',
@@ -136,7 +150,7 @@ public function Render() {
 					);
 					?>
 					<p>
-						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>"><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
 						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
 					</p>
 				</div>
@@ -166,6 +180,11 @@ public function Render() {
 							</li>
 						</ul>
 					</p>
+
+					<p>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
+					</p>
 				</div>
 			</div>
 			<!-- /.wsal-row -->

diff --git a/classes/Views/ExternalDB.php b/classes/Views/ExternalDB.php
@@ -123,7 +123,21 @@ public function Render() {
 						</ul>
 					</p>
 					<?php
+					// Buy Now button link.
 					$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', admin_url( 'admin.php' ) );
+					$buy_now_target = '';
+
+					// If user is not super admin and website is multisite then change the URL.
+					if ( $this->_plugin->IsMultisite() && ! is_super_admin() ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					} elseif ( $this->_plugin->IsMultisite() && is_super_admin() ) {
+						$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', network_admin_url( 'admin.php' ) );
+					} elseif ( ! $this->_plugin->IsMultisite() && ! current_user_can( 'manage_options' ) ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					}
+
 					$more_info = add_query_arg(
 						array(
 							'utm_source' => 'plugin',
@@ -135,7 +149,7 @@ public function Render() {
 					);
 					?>
 					<p>
-						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>"><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
 						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
 					</p>
 				</div>
@@ -165,6 +179,11 @@ public function Render() {
 							</li>
 						</ul>
 					</p>
+
+					<p>
+					<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
+					</p>
 				</div>
 			</div>
 			<!-- /.wsal-row -->

diff --git a/classes/Views/Help.php b/classes/Views/Help.php
@@ -166,7 +166,21 @@ public function Render() {
 								</li>
 							</ul>
 							<?php
+							// Buy Now button link.
 							$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', admin_url( 'admin.php' ) );
+							$buy_now_target = '';
+
+							// If user is not super admin and website is multisite then change the URL.
+							if ( $this->_plugin->IsMultisite() && ! is_super_admin() ) {
+								$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+								$buy_now_target = 'target="_blank"';
+							} elseif ( $this->_plugin->IsMultisite() && is_super_admin() ) {
+								$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', network_admin_url( 'admin.php' ) );
+							} elseif ( ! $this->_plugin->IsMultisite() && ! current_user_can( 'manage_options' ) ) {
+								$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+								$buy_now_target = 'target="_blank"';
+							}
+
 							$more_info = add_query_arg(
 								array(
 									'utm_source' => 'plugin',
@@ -178,7 +192,7 @@ public function Render() {
 							);
 							?>
 							<p>
-								<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>"><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+								<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
 								<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
 							</p>
 						</div>

diff --git a/classes/Views/LogInUsers.php b/classes/Views/LogInUsers.php
@@ -125,7 +125,21 @@ public function Render() {
 						</ul>
 					</p>
 					<?php
+					// Buy Now button link.
 					$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', admin_url( 'admin.php' ) );
+					$buy_now_target = '';
+
+					// If user is not super admin and website is multisite then change the URL.
+					if ( $this->_plugin->IsMultisite() && ! is_super_admin() ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					} elseif ( $this->_plugin->IsMultisite() && is_super_admin() ) {
+						$buy_now = add_query_arg( 'page', 'wsal-auditlog-pricing', network_admin_url( 'admin.php' ) );
+					} elseif ( ! $this->_plugin->IsMultisite() && ! current_user_can( 'manage_options' ) ) {
+						$buy_now = 'https://www.wpsecurityauditlog.com/pricing/';
+						$buy_now_target = 'target="_blank"';
+					}
+
 					$more_info = add_query_arg(
 						array(
 							'utm_source' => 'plugin',
@@ -137,7 +151,7 @@ public function Render() {
 					);
 					?>
 					<p>
-						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>"><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
 						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
 					</p>
 				</div>
@@ -167,6 +181,11 @@ public function Render() {
 							</li>
 						</ul>
 					</p>
+
+					<p>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $buy_now ); ?>" <?php echo esc_attr( $buy_now_target ); ?>><?php esc_html_e( 'Upgrade to Premium', 'wp-security-audit-log' ); ?></a>
+						<a class="button-primary wsal-extension-btn" href="<?php echo esc_attr( $more_info ); ?>" target="_blank"><?php esc_html_e( 'More Information', 'wp-security-audit-log' ); ?></a>
+					</p>
 				</div>
 			</div>
 			<!-- /.wsal-row -->