Merge branch 'develop'

classes/AuditLogListView.php

@@ -536,16 +536,8 @@ public function meta_formatter( $name, $value ) {
 
 			case '%LinkFile%' === $name:
 				if ( 'NULL' != $value ) {
-					$site_url = trailingslashit( site_url() ); // Site URL.
-					$site_url = str_replace( array( 'http://', 'https://' ), '', $site_url ); // Replace HTTP protocol.
-					$value    = str_replace( array( 'http://', 'https://' ), '', $value ); // Replace HTTP protocol.
-					$find_url = $site_url . 'wp-content/uploads/wp-security-audit-log/404s/'; // URL to replace from file URL.
 					$site_id  = $this->get_view_site_id(); // Site id for multisite.
-					if ( $this->is_multisite() && $site_id ) {
-						$find_url = $site_url . 'wp-content/uploads/sites/' . $site_id . '/wp-security-audit-log/404s/';
-					}
-					$value = str_replace( $find_url, '', $value );
-					return '<a href="javascript:;" onclick="download_404_log( this )" data-log-file="' . esc_attr( $value ) . '" data-nonce-404="' . esc_attr( wp_create_nonce( 'wsal-download-404-log-' . $value ) ) . '" title="' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '">' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '</a>';
+					return '<a href="javascript:;" onclick="download_404_log( this )" data-log-file="' . esc_attr( $value ) . '" data-site-id="' . esc_attr( $site_id ) . '" data-nonce-404="' . esc_attr( wp_create_nonce( 'wsal-download-404-log-' . $value ) ) . '" title="' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '">' . esc_html__( 'Download the log file.', 'wp-security-audit-log' ) . '</a>';
 				} else {
 					return 'Click <a href="' . esc_url( admin_url( 'admin.php?page=wsal-togglealerts#tab-system-activity' ) ) . '">here</a> to log such requests to file.';
 				}

classes/Views/AuditLog.php

@@ -413,7 +413,8 @@ public function wsal_download_failed_login_log() {
 	public function wsal_download_404_log() {
 		// Get post array through filter.
 		$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
-		$filename = filter_input( INPUT_POST, 'log_file', FILTER_SANITIZE_NUMBER_INT );
+		$filename = filter_input( INPUT_POST, 'log_file', FILTER_SANITIZE_STRING );
+		$site_id = filter_input( INPUT_POST, 'site_id', FILTER_SANITIZE_NUMBER_INT );
 
 		// If file name is empty then return error.
 		if ( empty( $filename ) ) {
@@ -425,14 +426,26 @@ public function wsal_download_404_log() {
 			die();
 		}
 
-		// Set file name.
-		$filename = substr_replace( $filename, '_', 4, 0 ) . '.log';
-
 		// Verify nonce.
 		if ( ! empty( $filename ) && ! empty( $nonce ) && wp_verify_nonce( $nonce,  'wsal-download-404-log-' . $filename ) ) {
 			// Set log file path.
 			$uploads_dir   = wp_upload_dir();
-			$log_file_path = trailingslashit( $uploads_dir['basedir'] ) . 'wp-security-audit-log/404s/' . $filename;
+
+			if ( ! $site_id ) {
+				$position = strpos( $filename, '/sites/' );
+
+				if ( $position ) {
+					$filename = substr( $filename, $position );
+				} else {
+					$position = strpos( $filename, '/wp-security-audit-log/' );
+					$filename = substr( $filename, $position );
+				}
+				$log_file_path = trailingslashit( $uploads_dir['basedir'] ) . $filename;
+			} else {
+				$position = strpos( $filename, '/wp-security-audit-log/' );
+				$filename = substr( $filename, $position );
+				$log_file_path = trailingslashit( $uploads_dir['basedir'] ) . $filename;
+			}
 
 			// Request the file.
 			$response = file_get_contents( $log_file_path, true );

js/auditlog.js

@@ -247,6 +247,7 @@ function download( filename, text ) {
 function download_404_log( element ) {
 	download_nonce = jQuery( element ).data( 'nonce-404' ); // Nonce.
 	log_file = jQuery( element ).data( 'log-file' ); // Log file URL.
+	site_id = jQuery( element ).data( 'site-id' ); // Site ID.
 
 	if ( ! download_nonce || ! log_file ) {
 		console.log( 'Something went wrong!' );
@@ -260,7 +261,8 @@ function download_404_log( element ) {
 		data: {
 			action: 'wsal_download_404_log',
 			nonce: download_nonce,
-			log_file: log_file
+			log_file: log_file,
+			site_id: site_id
 		},
 		success: function( data ) {
 			if ( data.success ) {