📦 NEW: WSAL 3.3.1

wpwhitesecurity · Jan 25, 2019 · f33591e · f33591e
2 parents ebb84ef + 8da8c6d
commit f33591e
Show file tree

Hide file tree

Showing 54 changed files with 8,051 additions and 3,180 deletions.
diff --git a/classes/AlertManager.php b/classes/AlertManager.php
@@ -1,6 +1,21 @@
 <?php
+/**
+ * Manager: Alert Manager Class
+ *
+ * CLass file for alert manager.
+ *
+ * @since 1.0.0
+ * @package Wsal
+ */
+
+// Exit if accessed directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
 /**
  * WSAL_AlertManager class.
+ *
  * It is the actual trigger for the alerts.
  *
  * @package Wsal
@@ -67,6 +82,13 @@ final class WSAL_AlertManager {
 	 */
 	private $wp_users = array();
 
+	/**
+	 * Ignored Custom Post Types.
+	 *
+	 * @var array
+	 */
+	public $ignored_cpts = array();
+
 	/**
 	 * Create new AlertManager instance.
 	 *
@@ -91,6 +113,28 @@ public function __construct( WpSecurityAuditLog $plugin ) {
 		 * @param array $deprecated_events - Array of deprecated event ids.
 		 */
 		$this->deprecated_events = apply_filters( 'wsal_deprecated_event_ids', array( 2004, 2005, 2006, 2007, 2009, 2013, 2015, 2018, 2020, 2022, 2026, 2028, 2059, 2060, 2061, 2064, 2066, 2069, 2075, 2087, 2102, 2103, 2113, 2114, 2115, 2116, 2117, 2118, 5020, 5026, 2107, 2003, 2029, 2030, 2031, 2032, 2033, 2034, 2035, 2036, 2037, 2038, 2039, 2040, 2041, 2056, 2057, 2058, 2063, 2067, 2068, 2070, 2072, 2076, 2088, 2104, 2105, 5021, 5027, 2108 ) );
+
+		/**
+		 * Filter: `wsal_ignored_custom_post_types`
+		 *
+		 * Ignored custom post types filter.
+		 *
+		 * @since 3.3.1
+		 *
+		 * @param array $ignored_cpts - Array of custom post types.
+		 */
+		$this->ignored_cpts = apply_filters(
+			'wsal_ignored_custom_post_types',
+			array(
+				'attachment',          // Attachment CPT.
+				'revision',            // Revision CPT.
+				'nav_menu_item',       // Nav menu item CPT.
+				'customize_changeset', // Customize changeset CPT.
+				'custom_css',          // Custom CSS CPT.
+				'shop_order',          // WooCommerce Order CPT.
+				'shop_order_refund',   // WooCommerce Order Refund CPT.
+			)
+		);
 	}
 
 	/**
@@ -420,36 +464,36 @@ public function GetLoggers() {
 	 * Converts an Alert into a Log entry (by invoking loggers).
 	 * You should not call this method directly.
 	 *
-	 * @param integer $type - Alert type.
-	 * @param array   $data - Misc alert data.
+	 * @param integer $event_id   - Alert type.
+	 * @param array   $event_data - Misc alert data.
 	 */
-	protected function Log( $type, $data = array() ) {
-		if ( ! isset( $data['ClientIP'] ) ) {
+	protected function Log( $event_id, $event_data = array() ) {
+		if ( ! isset( $event_data['ClientIP'] ) ) {
 			$client_ip = $this->plugin->settings->GetMainClientIP();
 			if ( ! empty( $client_ip ) ) {
-				$data['ClientIP'] = $client_ip;
+				$event_data['ClientIP'] = $client_ip;
 			}
 		}
-		if ( ! isset( $data['OtherIPs'] ) && $this->plugin->settings->IsMainIPFromProxy() ) {
+		if ( ! isset( $event_data['OtherIPs'] ) && $this->plugin->settings->IsMainIPFromProxy() ) {
 			$other_ips = $this->plugin->settings->GetClientIPs();
 			if ( ! empty( $other_ips ) ) {
-				$data['OtherIPs'] = $other_ips;
+				$event_data['OtherIPs'] = $other_ips;
 			}
 		}
-		if ( ! isset( $data['UserAgent'] ) ) {
+		if ( ! isset( $event_data['UserAgent'] ) ) {
 			if ( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
-				$data['UserAgent'] = $_SERVER['HTTP_USER_AGENT'];
+				$event_data['UserAgent'] = $_SERVER['HTTP_USER_AGENT'];
 			}
 		}
-		if ( ! isset( $data['Username'] ) && ! isset( $data['CurrentUserID'] ) ) {
+		if ( ! isset( $event_data['Username'] ) && ! isset( $event_data['CurrentUserID'] ) ) {
 			if ( function_exists( 'get_current_user_id' ) ) {
-				$data['CurrentUserID'] = get_current_user_id();
+				$event_data['CurrentUserID'] = get_current_user_id();
 			}
 		}
-		if ( ! isset( $data['CurrentUserRoles'] ) && function_exists( 'is_user_logged_in' ) && is_user_logged_in() ) {
+		if ( ! isset( $event_data['CurrentUserRoles'] ) && function_exists( 'is_user_logged_in' ) && is_user_logged_in() ) {
 			$current_user_roles = $this->plugin->settings->GetCurrentUserRoles();
 			if ( ! empty( $current_user_roles ) ) {
-				$data['CurrentUserRoles'] = $current_user_roles;
+				$event_data['CurrentUserRoles'] = $current_user_roles;
 			}
 		}
 		// Check if the user management plugin is loaded and adds the SessionID.
@@ -458,13 +502,59 @@ protected function Log( $type, $data = array() ) {
 				$session_tokens = get_user_meta( get_current_user_id(), 'session_tokens', true );
 				if ( ! empty( $session_tokens ) ) {
 					end( $session_tokens );
-					$data['SessionID'] = key( $session_tokens );
+					$event_data['SessionID'] = key( $session_tokens );
 				}
 			}
 		}
 
+		// Get event severity.
+		$alert_obj  = $this->GetAlert( $event_id );
+		$alert_code = $alert_obj ? $alert_obj->code : 0;
+		$severity   = $this->plugin->constants->GetConstantBy( 'value', $alert_code );
+
+		/**
+		 * Events Severity.
+		 *
+		 * Add event severity to the meta data of the event.
+		 * The lower the number, the higher is the severity.
+		 *
+		 * @see https://en.wikipedia.org/wiki/Syslog#Severity_level
+		 * @since 3.3.1
+		 */
+		if ( 'E_CRITICAL' === $severity->name ) {
+			$event_data['Severity'] = 2;
+		} elseif ( 'E_WARNING' === $severity->name ) {
+			$event_data['Severity'] = 4;
+		} elseif ( 'E_NOTICE' === $severity->name ) {
+			$event_data['Severity'] = 5;
+		}
+
+		/**
+		 * WSAL Filter: `wsal_event_id_before_log`
+		 *
+		 * Filters event id before logging it to the database.
+		 *
+		 * @since 3.3.1
+		 *
+		 * @param integer $event_id   - Event ID.
+		 * @param array   $event_data - Event data.
+		 */
+		$event_id = apply_filters( 'wsal_event_id_before_log', $event_id, $event_data );
+
+		/**
+		 * WSAL Filter: `wsal_event_data_before_log`
+		 *
+		 * Filters event data before logging it to the database.
+		 *
+		 * @since 3.3.1
+		 *
+		 * @param array   $event_data - Event data.
+		 * @param integer $event_id   - Event ID.
+		 */
+		$event_data = apply_filters( 'wsal_event_data_before_log', $event_data, $event_id );
+
 		foreach ( $this->_loggers as $logger ) {
-			$logger->Log( $type, $data );
+			$logger->Log( $event_id, $event_data );
 		}
 	}
 

diff --git a/classes/AuditLogListView.php b/classes/AuditLogListView.php
@@ -48,6 +48,20 @@ class WSAL_AuditLogListView extends WP_List_Table {
 	 */
 	private $current_alert_id = 0;
 
+	/**
+	 * Selected Columns.
+	 *
+	 * @var array()
+	 */
+	private $selected_columns = '';
+
+	/**
+	 * Display Name Type.
+	 *
+	 * @var string
+	 */
+	private $name_type = '';
+
 	/**
 	 * Method: Constructor.
 	 *
@@ -245,10 +259,12 @@ public function get_site_count() {
 	 */
 	public function get_columns() {
 		// Get user information from settings.
-		$type_name = $this->_plugin->settings->get_type_username();
-		if ( 'display_name' === $type_name || 'first_last_name' === $type_name ) {
+		if ( empty( $this->name_type ) ) {
+			$this->name_type = $this->_plugin->settings->get_type_username();
+		}
+		if ( 'display_name' === $this->name_type || 'first_last_name' === $this->name_type ) {
 			$name_column = __( 'User', 'wp-security-audit-log' );
-		} elseif ( 'username' === $type_name ) {
+		} elseif ( 'username' === $this->name_type ) {
 			$name_column = __( 'Username', 'wp-security-audit-log' );
 		}
 
@@ -269,13 +285,15 @@ public function get_columns() {
 		$cols['mesg'] = __( 'Message', 'wp-security-audit-log' );
 
 		// Get selected columns from settings.
-		$sel_columns = $this->_plugin->settings->GetColumnsSelected();
+		if ( empty( $this->selected_columns ) && ! is_array( $this->selected_columns ) ) {
+			$this->selected_columns = $this->_plugin->settings->GetColumnsSelected();
+		}
 
 		// If selected columns are not empty, then unset default columns.
-		if ( ! empty( $sel_columns ) ) {
+		if ( ! empty( $this->selected_columns ) ) {
 			unset( $cols );
-			$sel_columns = (array) json_decode( $sel_columns );
-			foreach ( $sel_columns as $key => $value ) {
+			$this->selected_columns = (array) json_decode( $this->selected_columns );
+			foreach ( $this->selected_columns as $key => $value ) {
 				switch ( $key ) {
 					case 'alert_code':
 						$cols['type'] = __( 'Event ID', 'wp-security-audit-log' );
@@ -394,20 +412,22 @@ public function column_default( $item, $column_name ) {
 						)
 					) : '<i>' . __( 'Unknown', 'wp-security-audit-log' ) . '</i>';
 			case 'user':
-				$username  = $item->GetUsername(); // Get username.
-				$type_name = $this->_plugin->settings->get_type_username(); // Get the data to display.
-				$user      = get_user_by( 'login', $username ); // Get user.
+				$username = $item->GetUsername(); // Get username.
+				$user     = get_user_by( 'login', $username ); // Get user.
+				if ( empty( $this->name_type ) ) {
+					$this->name_type = $this->_plugin->settings->get_type_username();
+				}
 
 				// Check if the username and user exists.
 				if ( $username && $user ) {
 					// Get user avatar.
 					$image = get_avatar( $user->ID, 32 );
 
 					// Checks for display name.
-					if ( 'display_name' === $type_name && ! empty( $user->display_name ) ) {
+					if ( 'display_name' === $this->name_type && ! empty( $user->display_name ) ) {
 						$display_name = $user->display_name;
 					} elseif (
-						'first_last_name' === $type_name
+						'first_last_name' === $this->name_type
 						&& ( ! empty( $user->first_name ) || ! empty( $user->last_name ) )
 					) {
 						$display_name = $user->first_name . ' ' . $user->last_name;
@@ -450,7 +470,19 @@ public function column_default( $item, $column_name ) {
 					$uhtml = '<i>' . __( 'System', 'wp-security-audit-log' ) . '</i>';
 					$roles = '';
 				}
-				return $image . $uhtml . '<br/>' . $roles;
+				$row_user_data = $image . $uhtml . '<br/>' . $roles;
+
+				/**
+				 * WSAL Filter: `wsal_auditlog_row_user_data`
+				 *
+				 * Filters user data before displaying on the audit log.
+				 *
+				 * @since 3.3.1
+				 *
+				 * @param string  $row_user_data          - User data to display in audit log row.
+				 * @param integer $this->current_alert_id - Event database ID.
+				 */
+				return apply_filters( 'wsal_auditlog_row_user_data', $row_user_data, $this->current_alert_id );
 			case 'scip':
 				$scip = $item->GetSourceIP();
 				if ( is_string( $scip ) ) {
@@ -549,6 +581,7 @@ public function reorder_items_int( $a, $b ) {
 	 * @param string $name - Name of the data.
 	 * @param mixed  $value - Value of the data.
 	 * @return string
+	 * @deprecated 3.3
 	 */
 	public function meta_formatter( $name, $value ) {
 		switch ( true ) {
@@ -900,7 +933,7 @@ public function print_column_headers( $with_id = true ) {
 					$class[] = $desc_first ? 'asc' : 'desc';
 				}
 
-				$column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
+				$column_display_name = '<a class="wsal-column-name" href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
 			}
 
 			$tag   = ( 'cb' === $column_key ) ? 'td' : 'th';
@@ -912,8 +945,7 @@ public function print_column_headers( $with_id = true ) {
 			}
 
 			echo "<$tag $scope $id $class>";
-
-			echo $column_display_name;
+			echo '<div class="wsal-filter-wrap">';
 
 			if ( $with_id ) {
 				/**
@@ -927,7 +959,18 @@ public function print_column_headers( $with_id = true ) {
 				do_action( 'wsal_audit_log_column_header', $column_key );
 			}
 
+			echo $column_display_name;
+			echo '</div>';
 			echo "</$tag>";
 		}
 	}
+
+	/**
+	 * Returns total events in the Audit Log.
+	 *
+	 * @return int
+	 */
+	public function get_total_items() {
+		return $this->_pagination_args['total_items'];
+	}
 }
diff --git a/classes/Connector/MySQLDB.php b/classes/Connector/MySQLDB.php
@@ -128,9 +128,9 @@ protected function getAdapterClassName( $class_name ) {
 	 * @return bool true|false
 	 */
 	public function isInstalled() {
-		global $wpdb;
+		$wpdb  = $this->getConnection();
 		$table = $wpdb->base_prefix . 'wsal_occurrences';
-		return ($wpdb->get_var( 'SHOW TABLES LIKE "' . $table . '"' ) == $table);
+		return $table === $wpdb->get_var( 'SHOW TABLES LIKE "' . $table . '"' );
 	}
 
 	/**
@@ -139,9 +139,9 @@ public function isInstalled() {
 	 * @return bool true|false
 	 */
 	public function canMigrate() {
-		$wpdb = $this->getConnection();
+		$wpdb  = $this->getConnection();
 		$table = $wpdb->base_prefix . 'wordpress_auditlog_events';
-		return ($wpdb->get_var( 'SHOW TABLES LIKE "' . $table . '"' ) == $table);
+		return $table === $wpdb->get_var( 'SHOW TABLES LIKE "' . $table . '"' );
 	}
 
 	/**
@@ -153,8 +153,8 @@ public function installAll( $exclude_options = false ) {
 		$plugin = WpSecurityAuditLog::GetInstance();
 
 		foreach ( glob( $this->getAdaptersDirectory() . DIRECTORY_SEPARATOR . '*.php' ) as $file ) {
-			$file_path = explode( DIRECTORY_SEPARATOR, $file );
-			$file_name = $file_path[ count( $file_path ) - 1 ];
+			$file_path  = explode( DIRECTORY_SEPARATOR, $file );
+			$file_name  = $file_path[ count( $file_path ) - 1 ];
 			$class_name = $this->getAdapterClassName( str_replace( 'Adapter.php', '', $file_name ) );
 
 			$class = new $class_name( $this->getConnection() );
@@ -180,8 +180,8 @@ public function uninstallAll() {
 		$plugin = WpSecurityAuditLog::GetInstance();
 
 		foreach ( glob( $this->getAdaptersDirectory() . DIRECTORY_SEPARATOR . '*.php' ) as $file ) {
-			$file_path = explode( DIRECTORY_SEPARATOR, $file );
-			$file_name = $file_path[ count( $file_path ) - 1 ];
+			$file_path  = explode( DIRECTORY_SEPARATOR, $file );
+			$file_name  = $file_path[ count( $file_path ) - 1 ];
 			$class_name = $this->getAdapterClassName( str_replace( 'Adapter.php', '', $file_name ) );
 
 			$class = new $class_name( $this->getConnection() );