Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #558 from WPWhiteSecurity/develop
4.1.5 Release
  • Loading branch information
DannyWPWS committed Nov 2, 2020
2 parents f24a215 + a0fbfb0 commit 150c682
Show file tree
Hide file tree
Showing 59 changed files with 1,725 additions and 3,706 deletions.
2 changes: 1 addition & 1 deletion classes/AbstractView.php
Expand Up @@ -92,7 +92,7 @@ public function IsNoticeDismissed( $name ) {
$meta_key = 'wsal-notice-' . $name;

self::$AllowedNoticeNames[] = $name;
return ! ! get_user_meta( $user_id, $meta_key, true );
return get_user_meta( $user_id, $meta_key, true );
}

/**
Expand Down
7 changes: 7 additions & 0 deletions classes/Adapters/ActiveRecordInterface.php
Expand Up @@ -88,4 +88,11 @@ public function Count( $cond = '%d', $args = array( 1 ) );
* @param array $args - Query arguments.
*/
public function LoadMultiQuery( $query, $args = array() );

/**
* Returns the model class for adapter.
*
* @return WSAL_Models_ActiveRecord
*/
public function GetModel();
}
11 changes: 6 additions & 5 deletions classes/Adapters/MetaInterface.php
Expand Up @@ -22,16 +22,17 @@ interface WSAL_Adapters_MetaInterface {
/**
* Create a meta object
*
* @param array $occurenceIds - Array of meta data.
* @param array $occurrence_ids - Array of meta data.
*
* @return int ID of the new meta data
*/
public function deleteByOccurenceIds( $occurenceIds );
public function DeleteByOccurrenceIds( $occurrence_ids );

/**
* Load by name and occurrence id.
*
* @param string $metaName - Meta name.
* @param int $occurenceId - Occurrence ID.
* @param string $meta_name - Meta name.
* @param int $occurrence_id - Occurrence ID.
*/
public function loadByNameAndOccurenceId( $metaName, $occurenceId );
public function LoadByNameAndOccurrenceId( $meta_name, $occurrence_id );
}
89 changes: 49 additions & 40 deletions classes/Adapters/MySQL/ActiveRecordAdapter.php
Expand Up @@ -62,15 +62,6 @@ public function get_connection() {
return $this->connection;
}

/**
* Returns the model class for adapter.
*
* @throws RuntimeException - Throw exception if the function is not overriden.
*/
public function GetModel() {
throw new RuntimeException( 'GetModel() should have been overridden in ' . get_class( $this ) );
}

/**
* Returns table name.
*
Expand Down Expand Up @@ -179,8 +170,7 @@ public function table_exists() {

// Query table exists.
$table_exists_query = "SHOW TABLES LIKE '" . $this->GetTable() . "'";
$result = $_wpdb->query( $table_exists_query );
return $result;
return $_wpdb->query( $table_exists_query );
}

/**
Expand Down Expand Up @@ -223,10 +213,8 @@ public function Save( $active_record ) {

$result = $_wpdb->replace( $this->GetTable(), $data, $format );

if ( false !== $result ) {
if ( $_wpdb->insert_id ) {
$copy->setId( $_wpdb->insert_id );
}
if ( false !== $result && $_wpdb->insert_id ) {
$copy->setId( $_wpdb->insert_id );
}
return $result;
}
Expand All @@ -235,20 +223,24 @@ public function Save( $active_record ) {
* Load record from DB (Single row).
*
* @param string $cond - (Optional) Load condition.
* @param array $args - (Optional) Load condition arguments.
* @param array $args - (Optional) Load condition arguments.
*
* @return array
*/
public function Load( $cond = '%d', $args = array( 1 ) ) {
$_wpdb = $this->connection;
$sql = $_wpdb->prepare( 'SELECT * FROM ' . $this->GetTable() . ' WHERE ' . $cond, $args );
$data = $_wpdb->get_row( $sql, ARRAY_A );
return $data;
return $_wpdb->get_row( $sql, ARRAY_A );
}

/**
* Load records from DB (Multi rows).
*
* @param string $cond Load condition.
* @param array $args (Optional) Load condition arguments.
* @param array $args (Optional) Load condition arguments.
*
* @return array
* @throws Exception
*/
public function LoadArray( $cond, $args = array() ) {
$_wpdb = $this->connection;
Expand All @@ -268,32 +260,34 @@ public function LoadArray( $cond, $args = array() ) {
*/
public function Delete( $active_record ) {
$_wpdb = $this->connection;
$result = $_wpdb->delete(
return $_wpdb->delete(
$this->GetTable(),
$active_record->getId()
);
return $result;
}

/**
* Delete records in DB matching a query.
*
* @param string $query Full SQL query.
* @param array $args (Optional) Query arguments.
* @param array $args (Optional) Query arguments.
*
* @return int|bool
*/
public function DeleteQuery( $query, $args = array() ) {
$_wpdb = $this->connection;
$sql = count( $args ) ? $_wpdb->prepare( $query, $args ) : $query;
$result = $_wpdb->query( $sql );
return $result;
return $_wpdb->query( $sql );
}

/**
* Load multiple records from DB.
*
* @param string $cond (Optional) Load condition (eg: 'some_id = %d' ).
* @param array $args (Optional) Load condition arguments (rg: array(45) ).
* @param array $args (Optional) Load condition arguments (rg: array(45) ).
*
* @return self[] List of loaded records.
* @throws Exception
*/
public function LoadMulti( $cond, $args = array() ) {
$_wpdb = $this->connection;
Expand Down Expand Up @@ -334,7 +328,6 @@ public function LoadAndCallForEach( $callback, $cond = '%d', $args = array( 1 )
*/
public function Count( $cond = '%d', $args = array( 1 ) ) {
$_wpdb = $this->connection;
$class = get_called_class();
$sql = $_wpdb->prepare( 'SELECT COUNT(*) FROM ' . $this->GetTable() . ' WHERE ' . $cond, $args );
return (int) $_wpdb->get_var( $sql );
}
Expand All @@ -356,12 +349,13 @@ public function CountQuery( $query, $args = array() ) {
* Similar to LoadMulti but allows the use of a full SQL query.
*
* @param string $query Full SQL query.
* @param array $args (Optional) Query arguments.
* @param array $args (Optional) Query arguments.
*
* @return array List of loaded records.
* @throws Exception
*/
public function LoadMultiQuery( $query, $args = array() ) {
$_wpdb = $this->connection;
$class = get_called_class();
$result = array();
$sql = count( $args ) ? $_wpdb->prepare( $query, $args ) : $query;
foreach ( $_wpdb->get_results( $sql, ARRAY_A ) as $data ) {
Expand Down Expand Up @@ -410,6 +404,7 @@ protected function _GetInstallQuery( $prefix = false ) {
case is_object( $copy->$key ):
$sql .= $key . ' LONGTEXT NOT NULL,' . PHP_EOL;
break;
default:
}
}

Expand Down Expand Up @@ -472,16 +467,19 @@ private function GetUserNames( $_user_id ) {
/**
* Function used in WSAL reporting extension.
*
* @param int $_site_id - Site ID.
* @param int $_user_id - User ID.
* @param int $_site_id - Site ID.
* @param int $_user_id - User ID.
* @param string $_role_name - User role.
* @param int $_alert_code - Alert code.
* @param int $_start_timestamp - From created_on.
* @param int $_end_timestamp - To created_on.
* @param int $_next_date - (Optional) Created on >.
* @param int $_limit - (Optional) Limit.
* @param int $_alert_code - Alert code.
* @param int $_start_timestamp - From created_on.
* @param int $_end_timestamp - To created_on.
* @param int $_next_date - (Optional) Created on >.
* @param int $_limit - (Optional) Limit.
* @param string $_post_types - (Optional) Post types.
* @param string $_post_statuses - (Optional) Post statuses.
* @param string $_objects
* @param string $_event_types
*
* @return array Report results
*/
public function GetReporting( $_site_id, $_user_id, $_role_name, $_alert_code, $_start_timestamp, $_end_timestamp, $_next_date = null, $_limit = 0, $_post_types = '', $_post_statuses = '', $_objects = '', $_event_types = '' ) {
Expand Down Expand Up @@ -511,7 +509,9 @@ public function GetReporting( $_site_id, $_user_id, $_role_name, $_alert_code, $
COALESCE(
(SELECT replace(t4.value, '\"', '') FROM $table_meta as t4 WHERE t4.name = 'Username' AND t4.occurrence_id = occ.id LIMIT 1),
(SELECT replace(t5.value, '\"', '') FROM $table_meta as t5 WHERE t5.name = 'CurrentUserID' AND t5.occurrence_id = occ.id LIMIT 1)
) as user_id
) as user_id,
(SELECT replace(t6.value, '\"', '') FROM $table_meta as t6 WHERE t6.name = 'Object' AND t6.occurrence_id = occ.id LIMIT 1) AS object,
(SELECT replace(t7.value, '\"', '') FROM $table_meta as t7 WHERE t7.name = 'EventType' AND t7.occurrence_id = occ.id LIMIT 1) AS event_type
FROM $table_occ AS occ
JOIN $table_meta AS meta ON meta.occurrence_id = occ.id
WHERE
Expand Down Expand Up @@ -561,7 +561,9 @@ public function GetReporting( $_site_id, $_user_id, $_role_name, $_alert_code, $
COALESCE(
(SELECT replace(t4.value, '\"', '') FROM $table_meta as t4 WHERE t4.name = 'Username' AND t4.occurrence_id = occ.id LIMIT 1),
(SELECT replace(t5.value, '\"', '') FROM $table_meta as t5 WHERE t5.name = 'CurrentUserID' AND t5.occurrence_id = occ.id LIMIT 1)
) as user_id
) as user_id,
(SELECT replace(t6.value, '\"', '') FROM $table_meta as t6 WHERE t6.name = 'Object' AND t6.occurrence_id = occ.id LIMIT 1) AS object,
(SELECT replace(t7.value, '\"', '') FROM $table_meta as t7 WHERE t7.name = 'EventType' AND t7.occurrence_id = occ.id LIMIT 1) AS event_type
FROM
$table_occ as occ
WHERE
Expand Down Expand Up @@ -734,8 +736,7 @@ public function CheckMatchReportCriteria( $criteria ) {
$_wpdb->query( "SET @endTimestamp = $_end_timestamp" );
$_wpdb->query( "SET @ipAddress = $_ip_address" );

$count = (int) $_wpdb->get_var( $sql );
return $count;
return (int) $_wpdb->get_var( $sql );
}

/**
Expand Down Expand Up @@ -840,11 +841,12 @@ public function GetReportGrouped( $_site_id, $_start_timestamp, $_end_timestamp,
if ( ! empty( $results ) ) {
foreach ( $results as $key => $row ) {
// Get the display_name only for the first row & if the user_login changed from the previous row.
$row->display_name = '';
if ( 0 == $key || ( $key > 1 && $results[ ( $key - 1 ) ]->user_login != $row->user_login ) ) {
$sql = "SELECT t5.display_name FROM $wpdb->users AS t5 WHERE t5.user_login = \"$row->user_login\"";
$display_name = $wpdb->get_var( $sql );
$row->display_name = $display_name;
}
$row->display_name = $display_name;

if ( ! isset( $grouped_types[ $row->user_login ] ) ) {
$grouped_types[ $row->user_login ] = array(
Expand Down Expand Up @@ -904,4 +906,11 @@ private function TempUsers( $table_users ) {
public function UpdateQuery( $table, $data, $where ) {
return $this->connection->update( $table, $data, $where );
}

/**
* @inheritDoc
*/
public function GetModel() {
// implement in subclass
}
}
32 changes: 6 additions & 26 deletions classes/Adapters/MySQL/MetaAdapter.php
Expand Up @@ -80,15 +80,6 @@ public function GetModel() {
return new WSAL_Models_Meta();
}

/**
* Method: Constructor.
*
* @param array $conn - Connection array.
*/
public function __construct( $conn ) {
parent::__construct( $conn );
}

/**
* SQL table options (constraints, foreign keys, indexes etc).
*
Expand All @@ -99,28 +90,16 @@ protected function GetTableOptions() {
. ' KEY occurrence_name (occurrence_id,name)';
}

/**
* Delete metadata by occurrence_id.
*
* @param array $occurence_ids - List of occurrence IDs.
*/
public function DeleteByOccurenceIds( $occurence_ids ) {
if ( ! empty( $occurence_ids ) ) {
$sql = 'DELETE FROM ' . $this->GetTable() . ' WHERE occurrence_id IN (' . implode( ',', $occurence_ids ) . ')';
public function DeleteByOccurrenceIds( $occurrence_ids ) {
if ( ! empty( $occurrence_ids ) ) {
$sql = 'DELETE FROM ' . $this->GetTable() . ' WHERE occurrence_id IN (' . implode( ',', $occurrence_ids ) . ')';
// Execute query.
parent::DeleteQuery( $sql );
}
}

/**
* Load metadata by name and occurrence_id.
*
* @param string $meta_name - Metadata name.
* @param string $occurence_id - Metadata occurrence_id.
* @return WSAL_Models_Meta[]
*/
public function LoadByNameAndOccurenceId( $meta_name, $occurence_id ) {
return $this->Load( 'occurrence_id = %d AND name = %s', array( $occurence_id, $meta_name ) );
public function LoadByNameAndOccurrenceId( $meta_name, $occurrence_id ) {
return $this->Load( 'occurrence_id = %d AND name = %s', array( $occurrence_id, $meta_name ) );
}

/**
Expand Down Expand Up @@ -148,6 +127,7 @@ public function GetMatchingIPs( $limit = null ) {
public function create_indexes() {
$db_connection = $this->get_connection();
// check if an index exists.
$index_exists = false;
if ( $db_connection->query( 'SELECT COUNT(1) IndexIsThere FROM INFORMATION_SCHEMA.STATISTICS WHERE table_schema=DATABASE() AND table_name="' . $this->GetTable() . '" AND index_name="name_value"' ) ) {
// query succeeded, does index exist?
$index_exists = ( isset( $db_connection->last_result[0]->IndexIsThere ) ) ? $db_connection->last_result[0]->IndexIsThere : false;
Expand Down
30 changes: 0 additions & 30 deletions classes/Adapters/MySQL/OccurrenceAdapter.php
Expand Up @@ -84,15 +84,6 @@ class WSAL_Adapters_MySQL_Occurrence extends WSAL_Adapters_MySQL_ActiveRecord im
*/
public $is_migrated = false;

/**
* Method: Constructor.
*
* @param array $conn - Connection array.
*/
public function __construct( $conn ) {
parent::__construct( $conn );
}

/**
* SQL table options (constraints, foreign keys, indexes etc).
*
Expand Down Expand Up @@ -292,27 +283,6 @@ public function GetByPostID( $post_id ) {
);
}

/**
* Gets occurrences of the same type by IP within specified time frame.
*
* @param array $args - Query Arguments.
* @return WSAL_Models_Occurrence[]
*/
public function CheckAlert404( $args = array() ) {
$tt2 = new WSAL_Adapters_MySQL_Meta( $this->connection );
return $this->LoadMultiQuery(
'SELECT occurrence.* FROM `' . $this->GetTable() . '` occurrence
INNER JOIN `' . $tt2->GetTable() . '` ipMeta on ipMeta.occurrence_id = occurrence.id
and ipMeta.name = "ClientIP" and ipMeta.value = %s
INNER JOIN `' . $tt2->GetTable() . '` usernameMeta on usernameMeta.occurrence_id = occurrence.id
and usernameMeta.name = "Username" and usernameMeta.value = %s
WHERE occurrence.alert_id = %d AND occurrence.site_id = %d
AND (created_on BETWEEN %d AND %d)
GROUP BY occurrence.id',
$args
);
}

/**
* Create relevant indexes on the occurrence table.
*/
Expand Down
9 changes: 7 additions & 2 deletions classes/Adapters/MySQL/QueryAdapter.php
Expand Up @@ -106,11 +106,16 @@ protected function GetSql( $query, &$args = array() ) {
$args[] = $search_condition['args'];
}

$search_statement = '';
if ( ! empty( $search_condition ) ) {
$search_statement = empty( $s_where_clause ) ? ' WHERE ' . $search_condition['sql'] : ' AND ' . $search_condition['sql'];
}

$sql = 'SELECT ' . $fields
. ' FROM ' . implode( ',', $from_data_sets )
. $join_clause
. $s_where_clause
. ( ! empty( $search_condition ) ? (empty( $s_where_clause ) ? ' WHERE ' . $search_condition['sql'] : ' AND ' . $search_condition['sql']) : '')
. $search_statement
// @todo GROUP BY goes here
. ( ! empty( $order_bys ) ? (' ORDER BY ' . implode( ', ', array_keys( $order_bys ) ) . ' ' . implode( ', ', array_values( $order_bys ) )) : '')
. $s_limit_clause;
Expand Down Expand Up @@ -211,7 +216,7 @@ public function DeleteMetas( $query, $args ) {
$occ_ids[] = $data['id'];
}
$meta = new WSAL_Adapters_MySQL_Meta( $this->connection );
$meta->DeleteByOccurenceIds( $occ_ids );
$meta->DeleteByOccurrenceIds( $occ_ids );
}

/**
Expand Down

0 comments on commit 150c682

Please sign in to comment.