error log and xss and some minor improvents

error log, xss, cancel button on frontend listing page, chrome OS and some minor improvements
faiyazalam · Oct 19, 2017 · 519341a · 519341a
1 parent 1a90bb1
commit 519341a
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 29 deletions.
diff --git a/admin/class-user-login-history-user-tracker.php b/admin/class-user-login-history-user-tracker.php
@@ -181,7 +181,8 @@ private function get_operating_system() {
             '/ipad/i' => 'iPad',
             '/android/i' => 'Android',
             '/blackberry/i' => 'BlackBerry',
-            '/webos/i' => 'Mobile'
+            '/webos/i' => 'Mobile',
+            '/cros/i' => 'Chrome'
         );
 
         foreach ($os_array as $regex => $value) {
@@ -337,10 +338,10 @@ public function save_user_login($user_login, $user) {
         $operating_system = $this->get_operating_system();
 
         $geo_location = $this->get_geo_location();
-        $country_name = $geo_location->geoplugin_countryName ? $geo_location->geoplugin_countryName : $unknown;
-        $country_code = $geo_location->geoplugin_countryCode ? $geo_location->geoplugin_countryCode : $unknown;
-        $lat = $geo_location->geoplugin_latitude ? $geo_location->geoplugin_latitude : 0;
-        $long = $geo_location->geoplugin_longitude ? $geo_location->geoplugin_longitude : 0;
+        $country_name = isset($geo_location->geoplugin_countryName) ? $geo_location->geoplugin_countryName : $unknown;
+        $country_code = isset($geo_location->geoplugin_countryCode) ? $geo_location->geoplugin_countryCode : $unknown;
+        $lat = isset($geo_location->geoplugin_latitude) ? $geo_location->geoplugin_latitude : 0;
+        $long = isset($geo_location->geoplugin_longitude )? $geo_location->geoplugin_longitude : 0;
 
         if ($lat != 0 && $long != 0 && $country_code != $unknown) {
             $user_timezone = $this->get_nearest_timezone($lat, $long, $country_code);
@@ -369,9 +370,8 @@ public function save_user_login($user_login, $user) {
 
         $wpdb->insert($table, $data);
         if ("" != $wpdb->last_error) {
-            ini_set('error_log', WP_CONTENT_DIR . '/debug-user-login-history.log');
-            error_log("last error:" . $wpdb->last_error);
-            error_log("last query:" . $wpdb->last_query);
+           User_Login_History_Error_Handler::error_log("last error:" . $wpdb->last_error. " last query:" . $wpdb->last_query);
+            return;
         }
 
         //save user time zone in user_meta table
@@ -400,13 +400,10 @@ public function save_user_logout() {
         $wpdb->query($sql);
 
          if ("" != $wpdb->last_error) {
-            ini_set('error_log', WP_CONTENT_DIR . '/debug-user-login-history.log');
-            error_log("last error:" . $wpdb->last_error);
-            error_log("last query:" . $wpdb->last_query);
+          User_Login_History_Error_Handler::error_log("last error:" . $wpdb->last_error. " last query:" . $wpdb->last_query);
         }
 
-        //unset session for this plugin after user gets logged out.
-        unset($_SESSION[$this->name]);
+        session_destroy();
     }
 
     /**
@@ -453,9 +450,7 @@ public function update_time_last_seen() {
         $sql = " update $table set time_last_seen='$current_date' where id=$last_id ";
         $wpdb->query($sql);
            if ("" != $wpdb->last_error) {
-            ini_set('error_log', WP_CONTENT_DIR . '/debug-user-login-history.log');
-            error_log("last error:" . $wpdb->last_error);
-            error_log("last query:" . $wpdb->last_query);
+          User_Login_History_Error_Handler::error_log("last error:" . $wpdb->last_error. " last query:" . $wpdb->last_query);
         }
     }
 

diff --git a/admin/partials/listing/listing.php b/admin/partials/listing/listing.php
@@ -32,8 +32,8 @@
                 <table class="wp-list-table widefat fixed striped">
                     <tbody>
                         <tr>
-                            <td><input readonly autocomplete="off" placeholder="<?php _e("From", "user-login-history") ?>" id="date_from" name="date_from" value="<?php echo isset($_GET['date_from']) ? $_GET['date_from'] : "" ?>" class="textfield-bg"></td>
-                            <td><input readonly autocomplete="off" placeholder="<?php _e("To", "user-login-history") ?>" name="date_to" id="date_to" value="<?php echo isset($_GET['date_to']) ? $_GET['date_to'] : "" ?>" class="textfield-bg"></td>
+                            <td><input readonly autocomplete="off" placeholder="<?php _e("From", "user-login-history") ?>" id="date_from" name="date_from" value="<?php echo isset($_GET['date_from']) ? esc_html($_GET['date_from']) : "" ?>" class="textfield-bg"></td>
+                            <td><input readonly autocomplete="off" placeholder="<?php _e("To", "user-login-history") ?>" name="date_to" id="date_to" value="<?php echo isset($_GET['date_to']) ? esc_html($_GET['date_to']) : "" ?>" class="textfield-bg"></td>
                             <td>
                                 <select class="selectfield-bg" name="date_type" >
                                     <?php
@@ -51,12 +51,12 @@
                 <table class="wp-list-table widefat fixed striped">
                     <tbody>
                         <tr>
-                            <td><input placeholder="<?php _e("Enter User Id", "user-login-history") ?>" name="user_id" value="<?php echo isset($_GET['user_id']) ? $_GET['user_id'] : "" ?>" class="textfield-bg"></td>
-                            <td><input placeholder="<?php _e("Enter Username", "user-login-history") ?>" name="username" value="<?php echo isset($_GET['username']) ? $_GET['username'] : "" ?>" class="textfield-bg"></td>
-                            <td><input placeholder="<?php _e("Enter Country", "user-login-history") ?>" name="country_name" value="<?php echo isset($_GET['country_name']) ? $_GET['country_name'] : "" ?>" class="textfield-bg"></td>
-                            <td><input placeholder="<?php _e("Enter Browser", "user-login-history") ?>" name="browser" value="<?php echo isset($_GET['browser']) ? $_GET['browser'] : "" ?>" class="textfield-bg"></td>
-                            <td><input placeholder="<?php _e("Enter Operating System", "user-login-history") ?>" name="operating_system" value="<?php echo isset($_GET['operating_system']) ? $_GET['operating_system'] : "" ?>" class="textfield-bg"></td>
-                            <td><input placeholder="<?php _e("Enter IP Address", "user-login-history") ?>" name="ip_address" value="<?php echo isset($_GET['ip_address']) ? $_GET['ip_address'] : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter User Id", "user-login-history") ?>" name="user_id" value="<?php echo isset($_GET['user_id']) ? esc_html($_GET['user_id']) : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter Username", "user-login-history") ?>" name="username" value="<?php echo isset($_GET['username']) ? esc_html($_GET['username']) : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter Country", "user-login-history") ?>" name="country_name" value="<?php echo isset($_GET['country_name']) ? esc_html($_GET['country_name']) : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter Browser", "user-login-history") ?>" name="browser" value="<?php echo isset($_GET['browser']) ? esc_html($_GET['browser']) : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter Operating System", "user-login-history") ?>" name="operating_system" value="<?php echo isset($_GET['operating_system']) ? esc_html($_GET['operating_system']) : "" ?>" class="textfield-bg"></td>
+                            <td><input placeholder="<?php _e("Enter IP Address", "user-login-history") ?>" name="ip_address" value="<?php echo isset($_GET['ip_address']) ? esc_html($_GET['ip_address']) : "" ?>" class="textfield-bg"></td>
                         </tr>
                     </tbody></table>
                 <table class="wp-list-table widefat fixed striped">

diff --git a/includes/class-user-login-history-error-handler.php b/includes/class-user-login-history-error-handler.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * Fired during plugin activation
+ *
+ * @link       https://github.com/faiyazalam
+ * @since      1.4.1
+ *
+ * @package    User_Login_History
+ * @subpackage User_Login_History/includes
+ * @author     Er Faiyaz Alam
+ */
+class User_Login_History_Error_Handler {
+
+    const ULH_ERROR_LOG_FILE = WP_CONTENT_DIR . '/user-login-history.log';
+
+    public static function error_log($message = '') {
+        ini_set('error_log', self::ULH_ERROR_LOG_FILE);
+        error_log("$message at line:" . __LINE__ . " file:" . __FILE__);
+    }
+
+}
diff --git a/public/partials/listing/listing.php b/public/partials/listing/listing.php
@@ -1,5 +1,6 @@
 <?php
-global $wpdb, $current_user;
+
+global $wpdb, $current_user,$wp;
 if (!$current_user->ID) {
     _e('Error- Unable to find user id. Please login.', 'user-login-history');
     return;
@@ -54,12 +55,12 @@
 $logins = $paginations['rows'];
 $timezones = User_Login_History_Date_Time_Helper :: get_timezone_list();
 ?>
-<form name="user_login_history_public_filter_form" method="get" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+<form name="user_login_history_public_filter_form" method="get" action="">
     <table width="100%" class="form-table">
         <tbody>
             <tr>
-                <td><input readonly="readonly" autocomplete="off" placeholder="From" id="date_from" name="date_from" value="<?php echo isset($_GET['date_from']) ? $_GET['date_from'] : "" ?>" class="textfield-bg"></td>
-                <td><input readonly="readonly" autocomplete="off" placeholder="To" name="date_to" id="date_to" value="<?php echo isset($_GET['date_to']) ? $_GET['date_to'] : "" ?>" class="textfield-bg"></td>
+                <td><input readonly="readonly" autocomplete="off" placeholder="From" id="date_from" name="date_from" value="<?php echo isset($_GET['date_from']) ? esc_html($_GET['date_from']) : "" ?>" class="textfield-bg"></td>
+                <td><input readonly="readonly" autocomplete="off" placeholder="To" name="date_to" id="date_to" value="<?php echo isset($_GET['date_to']) ? esc_html($_GET['date_to']) : "" ?>" class="textfield-bg"></td>
                 <td>
                     <select name="date_type" class="selectfield-bg">
                         <?php
@@ -78,7 +79,10 @@
         <tbody>
             <tr>
                 <td>
-                    <input type="submit" value="Filter" name="ulh_public_filter_form_submit" class="go-bg">
+                    <input type="submit" value="<?php _e('FILTER', 'user-login-history') ?>" name="ulh_public_filter_form_submit" class="go-bg">
+                </td>
+                <td>
+                   <?php echo "<a class='ulh-cancel-link' href=".(explode('?',  home_url( $wp->request ), 2)[0])."> ".__('RESET', 'user-login-history')."</a>";?>
                 </td>
             </tr>
         </tbody></table>

diff --git a/user-login-history.php b/user-login-history.php
@@ -26,7 +26,9 @@
 if (!defined('WPINC')) {
     die;
 }
+
 require_once plugin_dir_path(__FILE__) . 'includes/user-login-history-config.php';
+require_once plugin_dir_path(__FILE__) . 'includes/class-user-login-history-error-handler.php';
 
 /**
  * The code that runs during plugin activation.