public static function export() { if (!wp_verify_nonce(wp_stream_filter_input(INPUT_GET, 'stream_notifications_nonce'), 'stream-notifications-nonce')) { wp_die(__('Invalid nonce, go back and try again.', 'stream-notifications')); } $args = array('type' => 'notification_rule', 'ignore_context' => true, 'posts_per_page' => -1, 'order' => 'asc'); $query = wp_stream_query($args); $items = array(); $cached = get_transient('stream-notification-rules'); foreach ($query as $rule) { $rule = new WP_Stream_Notification_Rule($rule->ID); $rule->ID = null; $items[] = $rule->to_array(); } $json = json_encode($items); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="stream-notification-rules_' . current_time('timestamp', 1) . '.json"'); header('Connection: Keep-Alive'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . strlen($json)); echo $json; // xss ok die; }
/** * Log handler * * @param $connector * @param string $message sprintf-ready error message string * @param array $args sprintf (and extra) arguments to use * @param int $object_id Target object id * @param array $contexts Contexts of the action * @param int $user_id User responsible for the action * * @internal param string $action Action performed (stream_action) * @return int */ public function log($connector, $message, $args, $object_id, $contexts, $user_id = null) { global $wpdb; if (is_null($user_id)) { $user_id = get_current_user_id(); } require_once WP_STREAM_INC_DIR . 'class-wp-stream-author.php'; $user = new WP_User($user_id); $roles = get_option($wpdb->get_blog_prefix() . 'user_roles'); if (!isset($args['author_meta'])) { $args['author_meta'] = array('user_email' => $user->user_email, 'display_name' => defined('WP_CLI') && empty($user->display_name) ? 'WP-CLI' : $user->display_name, 'user_login' => $user->user_login, 'user_role_label' => !empty($user->roles) ? $roles[$user->roles[0]]['name'] : null, 'agent' => WP_Stream_Author::get_current_agent()); if (defined('WP_CLI') && function_exists('posix_getuid')) { $uid = posix_getuid(); $user_info = posix_getpwuid($uid); $args['author_meta']['system_user_id'] = $uid; $args['author_meta']['system_user_name'] = $user_info['name']; } } // Remove meta with null values from being logged $meta = array_filter($args, function ($var) { return !is_null($var); }); $recordarr = array('object_id' => $object_id, 'site_id' => is_multisite() ? get_current_site()->id : 1, 'blog_id' => apply_filters('blog_id_logged', is_network_admin() ? 0 : get_current_blog_id()), 'author' => $user_id, 'author_role' => !empty($user->roles) ? $user->roles[0] : null, 'created' => current_time('mysql', 1), 'summary' => vsprintf($message, $args), 'parent' => self::$instance->prev_record, 'connector' => $connector, 'contexts' => $contexts, 'meta' => $meta, 'ip' => wp_stream_filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP)); $record_id = WP_Stream_DB::get_instance()->insert($recordarr); return $record_id; }
/** * Handle ajax saving of time intervals */ public function save_interval() { $interval = array('key' => wp_stream_filter_input(INPUT_GET, 'key', FILTER_SANITIZE_STRING, array('default' => '')), 'start' => wp_stream_filter_input(INPUT_GET, 'start', FILTER_SANITIZE_STRING, array('default' => '')), 'end' => wp_stream_filter_input(INPUT_GET, 'end', FILTER_SANITIZE_STRING, array('default' => ''))); // Get predefined interval for validation $avail_intervals = $this->get_predefined_intervals(); if ('' !== $interval['key'] && 'custom' !== $interval['key'] && !isset($avail_intervals[$interval['key']])) { wp_die(esc_html__('That time interval is not available.', 'stream')); } // Only store dates if we are dealing with custom dates and no relative preset if ('custom' !== $interval['key']) { $interval['start'] = ''; $interval['end'] = ''; } WP_Stream_Reports_Settings::update_user_option_and_redirect('interval', $interval); }
/** * @action wp_ajax_wp_stream_get_filter_value_by_id */ public static function get_filter_value_by_id() { $filter = wp_stream_filter_input(INPUT_POST, 'filter'); switch ($filter) { case 'author': $id = wp_stream_filter_input(INPUT_POST, 'id'); if ($id === '0') { $value = 'WP-CLI'; break; } $user = get_userdata($id); if (!$user || is_wp_error($user)) { $value = ''; } else { $value = $user->display_name; } break; default: $value = ''; } echo json_encode($value); wp_die(); }
/** * Ajax callback for processing migrate actions * * Break down the total number of records found into reasonably-sized chunks * and send each of those chunks to the Stream API * * Drops the legacy Stream data from the DB once the API has consumed everything * * @action wp_ajax_wp_stream_migrate_action * @return void */ public static function process_migrate_action() { $action = wp_stream_filter_input(INPUT_POST, 'migrate_action'); $nonce = wp_stream_filter_input(INPUT_POST, 'nonce'); if (!wp_verify_nonce($nonce, 'wp_stream_migrate-' . absint(get_current_blog_id()) . absint(get_current_user_id()))) { return; } set_time_limit(0); // Just in case, this could take a while for some if ('migrate' === $action) { self::migrate_notification_rules(); $records = self::get_records(self::$limit); if (!$records) { // If all the records are gone, clean everything up self::drop_legacy_data(); wp_send_json_success(__('Migration complete!', 'stream')); } $response = self::send_records($records); if (true === $response) { // Delete the records that were just sent to the API successfully self::delete_records(self::$_records); wp_send_json_success('migrate'); } else { if (isset($response['body']['message']) && !empty($response['body']['message'])) { $body = json_decode($response['body'], true); $message = $body['message']; } elseif (isset($response['response']['message']) && !empty($response['response']['message'])) { $message = $response['response']['message']; } else { $message = __('An unknown error occurred during migration.', 'stream'); } wp_send_json_error(sprintf(__('%s Please try again later or contact support.', 'stream'), esc_html($message))); } } if ('delay' === $action) { set_transient(self::MIGRATE_DELAY_TRANSIENT, "Don't nag me, bro", HOUR_IN_SECONDS * 3); wp_send_json_success(__("OK, we'll remind you again in a few hours.", 'stream')); } if ('delete' === $action) { $success_message = __('All existing records have been deleted from the database.', 'stream'); if (!is_multisite()) { // If this is a single-site install, force delete everything self::drop_legacy_data(true, true); wp_send_json_success($success_message); } else { // If multisite, only delete records for this site - this will take longer $records = self::get_record_ids(self::$limit); if (!$records) { // If all the records are gone, clean everything up self::drop_legacy_data(); wp_send_json_success($success_message); } else { self::delete_records($records); wp_send_json_success('delete'); } } } die; }
/** * Output for Stream Records as a feed. * * @return xml */ public static function feed_template() { $die_title = esc_html__('Access Denied', 'stream'); $die_message = sprintf('<h1>%s</h1><p>%s</p>', $die_title, esc_html__("You don't have permission to view this feed, please contact your site Administrator.", 'stream')); $query_var = is_network_admin() ? self::FEED_NETWORK_QUERY_VAR : self::FEED_QUERY_VAR; $args = array('meta_key' => self::USER_FEED_OPTION_KEY, 'meta_value' => wp_stream_filter_input(INPUT_GET, self::FEED_KEY_QUERY_VAR), 'number' => 1); $user = get_users($args); if (empty($user)) { wp_die($die_message, $die_title); } if (!is_super_admin($user[0]->ID)) { $roles = isset($user[0]->roles) ? (array) $user[0]->roles : array(); if (self::$is_network_feed) { wp_die($die_message, $die_title); } if (!$roles || !array_intersect($roles, WP_Stream_Settings::$options['general_role_access'])) { wp_die($die_message, $die_title); } } $blog_id = self::$is_network_feed ? null : get_current_blog_id(); $args = array('blog_id' => $blog_id, 'records_per_page' => wp_stream_filter_input(INPUT_GET, 'records_per_page', FILTER_SANITIZE_NUMBER_INT), 'search' => wp_stream_filter_input(INPUT_GET, 'search'), 'object_id' => wp_stream_filter_input(INPUT_GET, 'object_id', FILTER_SANITIZE_NUMBER_INT), 'ip' => wp_stream_filter_input(INPUT_GET, 'ip', FILTER_VALIDATE_IP), 'author' => wp_stream_filter_input(INPUT_GET, 'author', FILTER_SANITIZE_NUMBER_INT), 'author_role' => wp_stream_filter_input(INPUT_GET, 'author_role'), 'date' => wp_stream_filter_input(INPUT_GET, 'date'), 'date_from' => wp_stream_filter_input(INPUT_GET, 'date_from'), 'date_to' => wp_stream_filter_input(INPUT_GET, 'date_to'), 'record__in' => wp_stream_filter_input(INPUT_GET, 'record__in'), 'order' => wp_stream_filter_input(INPUT_GET, 'order'), 'orderby' => wp_stream_filter_input(INPUT_GET, 'orderby'), 'fields' => wp_stream_filter_input(INPUT_GET, 'fields')); $records = wp_stream_query($args); $latest_record = isset($records[0]->created) ? $records[0]->created : null; $records_admin_url = add_query_arg(array('page' => WP_Stream_Admin::RECORDS_PAGE_SLUG), admin_url(WP_Stream_Admin::ADMIN_PARENT_PAGE)); $latest_link = null; if (isset($records[0]->ID)) { $latest_link = add_query_arg(array('record__in' => $records[0]->ID), $records_admin_url); } $domain = parse_url($records_admin_url, PHP_URL_HOST); $format = wp_stream_filter_input(INPUT_GET, self::FEED_TYPE_QUERY_VAR); if ('atom' === $format) { require_once WP_STREAM_INC_DIR . 'feeds/atom.php'; } elseif ('json' === $format) { require_once WP_STREAM_INC_DIR . 'feeds/json.php'; } else { require_once WP_STREAM_INC_DIR . 'feeds/rss-2.0.php'; } exit; }
/** * Log Order major status changes ( creating / updating / trashing ) * * @action transition_post_status * * @param string $new * @param string $old * @param \WP_Post $post */ public function callback_transition_post_status($new, $old, $post) { // Only track orders if ('shop_order' !== $post->post_type) { return; } // Don't track customer actions if (!is_admin()) { return; } // Don't track minor status change actions if (in_array(wp_stream_filter_input(INPUT_GET, 'action'), array('mark_processing', 'mark_on-hold', 'mark_completed')) || defined('DOING_AJAX')) { return; } // Don't log updates when more than one happens at the same time if ($post->ID === $this->order_update_logged) { return; } if (in_array($new, array('auto-draft', 'draft', 'inherit'))) { return; } elseif ('auto-draft' === $old && 'publish' === $new) { $message = esc_html_x('%s created', 'Order title', 'stream'); $action = 'created'; } elseif ('trash' === $new) { $message = esc_html_x('%s trashed', 'Order title', 'stream'); $action = 'trashed'; } elseif ('trash' === $old && 'publish' === $new) { $message = esc_html_x('%s restored from the trash', 'Order title', 'stream'); $action = 'untrashed'; } else { $message = esc_html_x('%s updated', 'Order title', 'stream'); } if (empty($action)) { $action = 'updated'; } $order = new \WC_Order($post->ID); $order_title = esc_html__('Order number', 'stream') . ' ' . esc_html($order->get_order_number()); $order_type_name = esc_html__('order', 'stream'); $this->log($message, array('post_title' => $order_title, 'singular_name' => $order_type_name, 'new_status' => $new, 'old_status' => $old, 'revision_id' => null), $post->ID, $post->post_type, $action); $this->order_update_logged = $post->ID; }
/** * @todo Core needs a delete_plugin hook * @todo This does not work in WP-CLI */ public static function callback_pre_set_site_transient_update_plugins($value) { if (!wp_stream_filter_input(INPUT_POST, 'verify-delete') || !($plugins_to_delete = get_option('wp_stream_plugins_to_delete'))) { return $value; } foreach ($plugins_to_delete as $plugin => $data) { $name = $data['Name']; $network_wide = $data['Network'] ? __('network wide', 'stream') : ''; self::log(__('"%s" plugin deleted', 'stream'), compact('name', 'plugin', 'network_wide'), null, 'plugins', 'deleted'); } delete_option('wp_stream_plugins_to_delete'); return $value; }
/** * @action wp_ajax_wp_stream_get_filter_value_by_id */ public function get_filter_value_by_id() { $filter = wp_stream_filter_input(INPUT_POST, 'filter'); switch ($filter) { case 'user_id': $id = wp_stream_filter_input(INPUT_POST, 'id'); if ('0' === $id) { $value = 'WP-CLI'; break; } $user = get_userdata($id); if (!$user || is_wp_error($user)) { $value = ''; } else { $value = $user->display_name; } break; default: $value = ''; } echo wp_stream_json_encode($value); // xss ok if (defined('WP_STREAM_TESTS') && WP_STREAM_TESTS) { return; } die; }
/** * @action load-edit.php */ public function actions() { if (!isset($_REQUEST['action']) || !isset($_REQUEST['post_type']) || WP_Stream_Notifications_Post_Type::POSTTYPE !== wp_stream_filter_input(INPUT_GET, 'post_type')) { return; } $action = $_REQUEST['action']; $request = isset($_REQUEST['post']) ? is_array($_REQUEST['post']) ? $_REQUEST['post'] : explode(',', $_REQUEST['post']) : isset($_REQUEST['id']) ? array($_REQUEST['id']) : array(); $ids = array_map('absint', $request); if (empty($action) || empty($ids)) { return; } if (in_array($action, array('publish', 'unpublish'))) { $status = 'publish' === $action ? 'publish' : 'draft'; foreach ($ids as $id) { wp_update_post(array('ID' => $id, 'post_status' => $status)); } wp_safe_redirect(add_query_arg(array('updated' => count($ids)), remove_query_arg(array('action', 'action2', 'id', 'ids', 'post', '_wp_http_referer', 'post_status', 'mode', 'm')))); exit; // Without this, the page displays the weird 'Are you sure you want this?' } }
public function get_stream() { // Filters $allowed_params = array('connector', 'context', 'action', 'author', 'author_role', 'object_id', 'search', 'date', 'date_from', 'date_to', 'record__in', 'blog_id', 'ip'); $sections = isset($_POST['sections']) ? maybe_unserialize(base64_decode($_POST['sections'])) : array(); if (!is_array($sections)) { $sections = array(); } //return $sections; $other_tokens = isset($_POST['other_tokens']) ? maybe_unserialize(base64_decode($_POST['other_tokens'])) : array(); if (!is_array($other_tokens)) { $other_tokens = array(); } //return $other_tokens; unset($_POST['sections']); unset($_POST['other_tokens']); $args = array(); foreach ($allowed_params as $param) { if (self::$mainwpChildReports) { $paramval = mainwp_wp_stream_filter_input(INPUT_POST, $param); } else { $paramval = wp_stream_filter_input(INPUT_POST, $param); } if ($paramval || '0' === $paramval) { $args[$param] = $paramval; } } foreach ($args as $arg => $val) { if (!in_array($arg, $allowed_params)) { unset($args[$arg]); } } // to fix bug $exclude_connector_posts = true; if (isset($sections['body']) && isset($sections['body']['section_token']) && is_array($sections['body']['section_token'])) { foreach ($sections['body']['section_token'] as $sec) { if (strpos($sec, "[section.posts") !== false) { $exclude_connector_posts = false; break; } } } if ($exclude_connector_posts) { if (isset($sections['header']) && isset($sections['header']['section_token']) && is_array($sections['header']['section_token'])) { foreach ($sections['header']['section_token'] as $sec) { if (strpos($sec, "[section.posts") !== false) { $exclude_connector_posts = false; break; } } } } if ($exclude_connector_posts) { if (isset($sections['footer']) && isset($sections['footer']['section_token']) && is_array($sections['footer']['section_token'])) { foreach ($sections['footer']['section_token'] as $sec) { if (strpos($sec, "[section.posts") !== false) { $exclude_connector_posts = false; break; } } } } if ($exclude_connector_posts) { if (isset($other_tokens['body']) && is_array($other_tokens['body'])) { foreach ($other_tokens['body'] as $sec) { if (strpos($sec, "[post.") !== false) { $exclude_connector_posts = false; break; } } } } if ($exclude_connector_posts) { if (isset($other_tokens['header']) && is_array($other_tokens['header'])) { foreach ($other_tokens['header'] as $sec) { if (strpos($sec, "[post.") !== false) { $exclude_connector_posts = false; break; } } } } if ($exclude_connector_posts) { if (isset($other_tokens['footer']) && is_array($other_tokens['footer'])) { foreach ($other_tokens['footer'] as $sec) { if (strpos($sec, "[post.") !== false) { $exclude_connector_posts = false; break; } } } } if ($exclude_connector_posts) { $args['connector__not_in'] = array('posts'); } ///// end fix ///// $args['action__not_in'] = array('login'); // fix for Stream 3 if (3 !== self::$streamVersionNumber) { $args['fields'] = 'with-meta'; if (isset($args['date_from'])) { $args['date_from'] = date('Y-m-d H:i:s', $args['date_from']); } if (isset($args['date_to'])) { $args['date_to'] = date('Y-m-d H:i:s', $args['date_to']); } } else { if (isset($args['date_from'])) { $args['date_from'] = date('Y-m-d', $args['date_from']); } if (isset($args['date_to'])) { $args['date_to'] = date('Y-m-d', $args['date_to']); } } $args['records_per_page'] = 9999; // error_log(print_r($args, true)); if (self::$mainwpChildReports) { $records = mainwp_wp_stream_query($args); } else { if (149 === self::$streamVersionNumber) { $records = wp_stream_query($args); } else { if (3 === self::$streamVersionNumber) { $records = wp_stream_get_instance()->db->query->query($args); } } } if (!is_array($records)) { $records = array(); } //return $records; //$other_tokens_data = $this->get_other_tokens_data($records, $other_tokens); if (isset($other_tokens['header']) && is_array($other_tokens['header'])) { $other_tokens_data['header'] = $this->get_other_tokens_data($records, $other_tokens['header']); } if (isset($other_tokens['body']) && is_array($other_tokens['body'])) { $other_tokens_data['body'] = $this->get_other_tokens_data($records, $other_tokens['body']); } if (isset($other_tokens['footer']) && is_array($other_tokens['footer'])) { $other_tokens_data['footer'] = $this->get_other_tokens_data($records, $other_tokens['footer']); } $sections_data = array(); if (isset($sections['header']) && is_array($sections['header']) && !empty($sections['header'])) { foreach ($sections['header']['section_token'] as $index => $sec) { $tokens = $sections['header']['section_content_tokens'][$index]; $sections_data['header'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } if (isset($sections['body']) && is_array($sections['body']) && !empty($sections['body'])) { foreach ($sections['body']['section_token'] as $index => $sec) { $tokens = $sections['body']['section_content_tokens'][$index]; $sections_data['body'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } if (isset($sections['footer']) && is_array($sections['footer']) && !empty($sections['footer'])) { foreach ($sections['footer'] as $index => $sec) { $tokens = $sections['footer']['section_content_tokens'][$index]; $sections_data['footer'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } $information = array('other_tokens_data' => $other_tokens_data, 'sections_data' => $sections_data); return $information; }
/** * @action load-theme-editor.php */ public static function get_edition_data() { if ('POST' !== $_SERVER['REQUEST_METHOD']) { return; } if ('update' !== wp_stream_filter_input(INPUT_POST, 'action')) { return; } $theme_slug = wp_stream_filter_input(INPUT_POST, 'theme') ? wp_stream_filter_input(INPUT_POST, 'theme') : get_stylesheet(); $theme = wp_get_theme($theme_slug); if (!$theme->exists() || $theme->errors() && 'theme_no_stylesheet' === $theme->errors()->get_error_code()) { return; } $allowed_files = $theme->get_files('php', 1); $style_files = $theme->get_files('css'); $allowed_files['style.css'] = $style_files['style.css']; $file = wp_stream_filter_input(INPUT_POST, 'file'); if (empty($file)) { $file_name = 'style.css'; $file_path = $allowed_files['style.css']; } else { $file_name = $file; $file_path = sprintf('%s/%s', $theme->get_stylesheet_directory(), $file_name); } $file_contents_before = file_get_contents($file_path); self::$edited_file = compact('file_name', 'file_path', 'file_contents_before', 'theme'); }
/** * Retrieve plugin data needed for the log message * * @param string $slug The plugin file base name (e.g. akismet/akismet.php) * @return mixed $output Compacted variables */ public static function get_plugin_data($slug) { $base = null; $name = null; $slug = current(explode('/', $slug)); $file_name = wp_stream_filter_input(INPUT_POST, 'file'); $file_path = WP_PLUGIN_DIR . '/' . $file_name; $file_contents_before = file_get_contents($file_path); $plugins = get_plugins(); foreach ($plugins as $key => $plugin_data) { if (0 === strpos($key, $slug)) { $base = $key; $name = $plugin_data['Name']; break; } } $file_name = str_ireplace(trailingslashit($slug), '', $file_name); $slug = !empty($base) ? $base : $slug; $output = compact('file_name', 'file_path', 'file_contents_before', 'slug', 'name'); return $output; }
/** * Add a description to each of the Settings pages in the Network Admin * * @param $description * * @return string */ function settings_form_description($description) { if (!is_network_admin()) { return; } $current_page = wp_stream_filter_input(INPUT_GET, 'page'); switch ($current_page) { case self::NETWORK_SETTINGS_PAGE_SLUG: $description = __('These settings apply to all sites on the network.', 'stream'); break; case self::DEFAULT_SETTINGS_PAGE_SLUG: $description = __('These default settings will apply to new sites created on the network. These settings do not alter existing sites.', 'stream'); break; } return $description; }
/** * Add a description to each of the Settings pages in the Network Admin * * @param $description * * @return string */ public function settings_form_description($description) { if (!is_network_admin()) { return ''; } $current_page = wp_stream_filter_input(INPUT_GET, 'page'); switch ($current_page) { case $this->network_settings_page_slug: $description = __('These settings apply to all sites on the network.', 'stream'); break; case $this->default_settings_page_slug: $description = __('These default settings will apply to new sites created on the network. These settings do not alter existing sites.', 'stream'); break; } return $description; }
/** * Ajax callback for processing migrate actions * * Break down the total number of records found into reasonably-sized * chunks and save records from each of those chunks to the local DB. * * Disconnects from WP Stream once the migration is complete. * * @action wp_ajax_wp_stream_migrate_action */ public function migrate_action_callback() { $action = wp_stream_filter_input(INPUT_POST, 'migrate_action'); $nonce = wp_stream_filter_input(INPUT_POST, 'nonce'); if (!wp_verify_nonce($nonce, 'wp_stream_migrate-' . absint(get_current_blog_id()) . absint(get_current_user_id()))) { return; } set_time_limit(0); // Just in case, this could take a while for some switch ($action) { case 'migrate': case 'continue': $this->migrate(); break; case 'delay': $this->delay(); break; case 'ignore': $this->ignore(); break; } die; }
public function ajax_reset_occ() { $id = wp_stream_filter_input(INPUT_GET, 'id'); $nonce = wp_stream_filter_input(INPUT_GET, 'wp_stream_nonce'); if (!wp_verify_nonce($nonce, 'reset-occ_' . $id)) { wp_send_json_error(esc_html__('Invalid nonce', 'stream-notifications')); } if (empty($id) || (int) $id !== $id) { wp_send_json_error(esc_html__('Invalid record ID', 'stream-notifications')); } wp_stream_update_meta($id, 'occurrences', 0); wp_send_json_success(); }
public function get_stream() { // Filters $allowed_params = array('connector', 'context', 'action', 'author', 'author_role', 'object_id', 'search', 'date', 'date_from', 'date_to', 'record__in', 'blog_id', 'ip'); $sections = isset($_POST['sections']) ? unserialize(base64_decode($_POST['sections'])) : array(); if (!is_array($sections)) { $sections = array(); } //return $sections; $other_tokens = isset($_POST['other_tokens']) ? unserialize(base64_decode($_POST['other_tokens'])) : array(); if (!is_array($other_tokens)) { $other_tokens = array(); } //return $other_tokens; unset($_POST['sections']); unset($_POST['other_tokens']); $args = array(); foreach ($allowed_params as $param) { if (self::$mainwpChildReports) { $paramval = mainwp_wp_stream_filter_input(INPUT_POST, $param); } else { $paramval = wp_stream_filter_input(INPUT_POST, $param); } if ($paramval || '0' === $paramval) { $args[$param] = $paramval; } } foreach ($args as $arg => $val) { if (!in_array($arg, $allowed_params)) { unset($args[$arg]); } } $args['action__not_in'] = array('login'); $args['fields'] = 'with-meta'; if (isset($args['date_from'])) { $args['date_from'] = date("Y-m-d H:i:s", $args['date_from']); } if (isset($args['date_to'])) { $args['date_to'] = date("Y-m-d H:i:s", $args['date_to']); } $args['records_per_page'] = 9999; // error_log(print_r($args, true)); if (self::$mainwpChildReports) { $records = mainwp_wp_stream_query($args); } else { $records = wp_stream_query($args); } // if (count($records) > 0) // error_log(print_r($records, true)); // else // error_log("=============="); if (!is_array($records)) { $records = array(); } //return $records; //$other_tokens_data = $this->get_other_tokens_data($records, $other_tokens); if (isset($other_tokens['header']) && is_array($other_tokens['header'])) { $other_tokens_data['header'] = $this->get_other_tokens_data($records, $other_tokens['header']); } if (isset($other_tokens['body']) && is_array($other_tokens['body'])) { $other_tokens_data['body'] = $this->get_other_tokens_data($records, $other_tokens['body']); } if (isset($other_tokens['footer']) && is_array($other_tokens['footer'])) { $other_tokens_data['footer'] = $this->get_other_tokens_data($records, $other_tokens['footer']); } $sections_data = array(); if (isset($sections['header']) && is_array($sections['header']) && !empty($sections['header'])) { foreach ($sections['header']['section_token'] as $index => $sec) { $tokens = $sections['header']['section_content_tokens'][$index]; $sections_data['header'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } if (isset($sections['body']) && is_array($sections['body']) && !empty($sections['body'])) { foreach ($sections['body']['section_token'] as $index => $sec) { $tokens = $sections['body']['section_content_tokens'][$index]; $sections_data['body'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } if (isset($sections['footer']) && is_array($sections['footer']) && !empty($sections['footer'])) { foreach ($sections['footer'] as $index => $sec) { $tokens = $sections['footer']['section_content_tokens'][$index]; $sections_data['footer'][$index] = $this->get_section_loop_data($records, $tokens, $sec); } } $information = array('other_tokens_data' => $other_tokens_data, 'sections_data' => $sections_data); return $information; }
/** * Returns the option key * * @return string */ public function get_option_key() { $option_key = $this->option_key; $current_page = wp_stream_filter_input(INPUT_GET, 'page'); if (!$current_page) { $current_page = wp_stream_filter_input(INPUT_GET, 'action'); } if ('wp_stream_network_settings' === $current_page) { $option_key = $this->network_options_key; } return apply_filters('wp_stream_settings_option_key', $option_key); }
<div class="wrap"> <?php if (wp_stream_filter_input(INPUT_GET, 'updated') || wp_stream_filter_input(INPUT_POST, 'summary')) { ?> <div class="updated fade"> <p><?php esc_html_e('Rule saved.', 'stream-notifications'); ?> </p> </div> <?php } ?> <h2><?php $rule->exists() ? esc_html_e('Edit Notification Rule', 'stream-notifications') : esc_html_e('Add New Notification Rule', 'stream-notifications'); ?> <?php if ($rule->exists()) { ?> <?php $new_link = add_query_arg(array('page' => WP_Stream_Notifications::NOTIFICATIONS_PAGE_SLUG, 'view' => 'rule'), is_network_admin() ? network_admin_url(WP_Stream_Admin::ADMIN_PARENT_PAGE) : admin_url(WP_Stream_Admin::ADMIN_PARENT_PAGE)); ?> <a href="<?php echo esc_url($new_link); ?> " class="add-new-h2"><?php esc_html_e('Add New', 'stream-notifications'); ?> </a>
/** * Track Monitor module notification status */ public function callback_jetpack_module_configuration_load_monitor() { $active = wp_stream_filter_input(INPUT_POST, 'receive_jetpack_monitor_notification'); if (!$active) { return; } $this->log(__('Monitor notifications %s', 'stream'), array('status' => $active ? esc_html__('activated', 'stream') : esc_html__('deactivated', 'stream'), 'option' => 'receive_jetpack_monitor_notification', 'old_value' => !$active, 'value' => $active), null, 'monitor', 'updated'); }
/** * Track Monitor module notification status */ public static function callback_jetpack_module_configuration_load_monitor() { if ($_POST) { $active = wp_stream_filter_input(INPUT_POST, 'receive_jetpack_monitor_notification'); self::log(__('Monitor notifications %s', 'stream'), array('status' => $active ? __('activated', 'stream') : __('deactivated', 'stream'), 'option' => 'receive_jetpack_monitor_notification', 'old_value' => !$active, 'value' => $active), null, 'monitor', 'updated'); } }
/** * Output for Stream Records as a feed. * * @return xml */ public static function feed_template() { $die_title = esc_html__('Access Denied', 'stream'); $die_message = '<h1>' . $die_title . '</h1><p>' . esc_html__('You don\'t have permission to view this feed, please contact your site Administrator.', 'stream') . '</p>'; if (!isset($_GET[self::FEED_QUERY_VAR]) || empty($_GET[self::FEED_QUERY_VAR])) { wp_die($die_message, $die_title); } $args = array('meta_key' => self::USER_FEED_KEY, 'meta_value' => $_GET[self::FEED_QUERY_VAR], 'number' => 1); $user = get_users($args); if (!is_super_admin($user[0]->ID)) { $roles = isset($user[0]->roles) ? (array) $user[0]->roles : array(); if (self::$is_network_feed) { wp_die($die_message, $die_title); } if (!$roles || !array_intersect($roles, WP_Stream_Settings::$options['general_role_access'])) { wp_die($die_message, $die_title); } } $blog_id = self::$is_network_feed ? null : get_current_blog_id(); $args = array('blog_id' => $blog_id, 'records_per_page' => wp_stream_filter_input(INPUT_GET, 'records_per_page', FILTER_SANITIZE_NUMBER_INT, array('options' => array('default' => get_option('posts_per_rss')))), 'search' => wp_stream_filter_input(INPUT_GET, 'search'), 'object_id' => wp_stream_filter_input(INPUT_GET, 'object_id', FILTER_SANITIZE_NUMBER_INT), 'ip' => wp_stream_filter_input(INPUT_GET, 'ip', FILTER_VALIDATE_IP), 'author' => wp_stream_filter_input(INPUT_GET, 'author', FILTER_SANITIZE_NUMBER_INT), 'author_role' => wp_stream_filter_input(INPUT_GET, 'author_role'), 'date' => wp_stream_filter_input(INPUT_GET, 'date'), 'date_from' => wp_stream_filter_input(INPUT_GET, 'date_from'), 'date_to' => wp_stream_filter_input(INPUT_GET, 'date_to'), 'record__in' => wp_stream_filter_input(INPUT_GET, 'record__in', FILTER_SANITIZE_NUMBER_INT), 'record_parent' => wp_stream_filter_input(INPUT_GET, 'record_parent', FILTER_SANITIZE_NUMBER_INT), 'order' => wp_stream_filter_input(INPUT_GET, 'order', FILTER_DEFAULT, array('options' => array('default' => 'desc'))), 'orderby' => wp_stream_filter_input(INPUT_GET, 'orderby', FILTER_DEFAULT, array('options' => array('default' => 'ID'))), 'fields' => wp_stream_filter_input(INPUT_GET, 'fields', FILTER_DEFAULT, array('options' => array('default' => 'with-meta')))); $records = wp_stream_query($args); $latest_record = isset($records[0]->created) ? $records[0]->created : null; $records_admin_url = add_query_arg(array('page' => WP_Stream_Admin::RECORDS_PAGE_SLUG), admin_url(WP_Stream_Admin::ADMIN_PARENT_PAGE)); if ('json' === wp_stream_filter_input(INPUT_GET, self::FEED_TYPE_QUERY_VAR)) { if (version_compare(PHP_VERSION, '5.4', '>=')) { echo json_encode($records, JSON_PRETTY_PRINT); } else { echo json_encode($records); } } else { header('Content-Type: ' . feed_content_type('rss-http') . '; charset=' . get_option('blog_charset'), true); printf('<?xml version="1.0" encoding="%s"?>', esc_attr(get_option('blog_charset'))); ?> <rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" <?php /** * Action fires during RSS xmls printing */ ?> <?php do_action('rss2_ns'); ?> > <channel> <title><?php bloginfo_rss('name'); ?> - <?php esc_html_e('Stream Feed', 'stream'); ?> </title> <atom:link href="<?php self_link(); ?> " rel="self" type="application/rss+xml" /> <link><?php echo esc_url($records_admin_url); ?> </link> <description><?php bloginfo_rss('description'); ?> </description> <lastBuildDate><?php echo esc_html(mysql2date('r', $latest_record, false)); ?> </lastBuildDate> <language><?php bloginfo_rss('language'); ?> </language> <sy:updatePeriod><?php echo esc_html('hourly'); ?> </sy:updatePeriod> <sy:updateFrequency><?php echo absint(1); ?> </sy:updateFrequency> <?php /** * Action fires during RSS head */ ?> <?php do_action('rss2_head'); ?> <?php foreach ($records as $record) { ?> <?php $record_link = add_query_arg(array('record__in' => (int) $record->ID), $records_admin_url); $author = get_userdata($record->author); $display_name = isset($author->display_name) ? $author->display_name : 'N/A'; ?> <item> <title><![CDATA[ <?php echo trim($record->summary); ?> ]]></title> <pubDate><?php echo esc_html(mysql2date('r', $record->created, false)); ?> </pubDate> <dc:creator><?php echo esc_html($display_name); ?> </dc:creator> <category domain="connector"><![CDATA[ <?php echo esc_html($record->connector); ?> ]]></category> <category domain="context"><![CDATA[ <?php echo esc_html($record->context); ?> ]]></category> <category domain="action"><![CDATA[ <?php echo esc_html($record->action); ?> ]]></category> <category domain="ip"><?php echo esc_html($record->ip); ?> </category> <guid isPermaLink="false"><?php echo esc_url($record_link); ?> </guid> <link><?php echo esc_url($record_link); ?> </link> <?php /** * Action fires during RSS item */ ?> <?php do_action('rss2_item'); ?> </item> <?php } ?> </channel> </rss> <?php exit; } }
public function handle_rule_deletion($id, $action, $is_bulk = false) { $data = $_GET; $nonce = wp_stream_filter_input(INPUT_GET, 'wp_stream_nonce'); $nonce_identifier = $is_bulk ? 'wp_stream_notifications_bulk_actions' : "delete-record_{$id}"; $visibility = wp_stream_filter_input(INPUT_GET, 'visibility', FILTER_DEFAULT); if (!wp_verify_nonce($nonce, $nonce_identifier)) { return; } $activate_rule = apply_filters('wp_stream_notifications_before_rule_' . $action, true, $id); if (false === $activate_rule) { return; } $this->delete_record($id); wp_redirect(add_query_arg(array('wp_stream_nonce' => false, 'action' => false, 'id' => false, 'visibility' => $visibility))); }
/** * This function is use to check whether or not a record should be excluded from the log * * @param $connector string name of the connector being logged * @param $context string name of the context being logged * @param $action string name of the action being logged * @param $user_id int id of the user being logged * @param $ip string ip address being logged * @return bool */ public function is_record_excluded($connector, $context, $action, $user = null, $ip = null) { if (is_null($user)) { $user = wp_get_current_user(); } if (is_null($ip)) { $ip = wp_stream_filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP); } else { $ip = wp_stream_filter_var($ip, FILTER_VALIDATE_IP); } $user_role = isset($user->roles[0]) ? $user->roles[0] : null; $record = array('connector' => $connector, 'context' => $context, 'action' => $action, 'author' => $user->ID, 'role' => $user_role, 'ip_address' => $ip); $exclude_settings = isset(WP_Stream_Settings::$options['exclude_rules']) ? WP_Stream_Settings::$options['exclude_rules'] : array(); if (isset($exclude_settings['exclude_row']) && !empty($exclude_settings['exclude_row'])) { foreach ($exclude_settings['exclude_row'] as $key => $value) { // Prepare values $author_or_role = isset($exclude_settings['author_or_role'][$key]) ? $exclude_settings['author_or_role'][$key] : ''; $connector = isset($exclude_settings['connector'][$key]) ? $exclude_settings['connector'][$key] : ''; $context = isset($exclude_settings['context'][$key]) ? $exclude_settings['context'][$key] : ''; $action = isset($exclude_settings['action'][$key]) ? $exclude_settings['action'][$key] : ''; $ip_address = isset($exclude_settings['ip_address'][$key]) ? $exclude_settings['ip_address'][$key] : ''; $exclude = array('connector' => !empty($connector) ? $connector : null, 'context' => !empty($context) ? $context : null, 'action' => !empty($action) ? $action : null, 'ip_address' => !empty($ip_address) ? $ip_address : null, 'author' => is_numeric($author_or_role) ? $author_or_role : null, 'role' => !empty($author_or_role) && !is_numeric($author_or_role) ? $author_or_role : null); $exclude_rules = array_filter($exclude, 'strlen'); if (!empty($exclude_rules)) { $excluded = true; foreach ($exclude_rules as $exclude_key => $exclude_value) { if ($record[$exclude_key] !== $exclude_value) { $excluded = false; break; } } if ($excluded) { return true; } } } } return false; }
/** * Override connector log for our own Settings / Actions * * @param array $data * * @return array|bool */ public static function log_override(array $data) { global $pagenow; if ('options.php' === $pagenow && 'settings' === $data['connector'] && wp_stream_filter_input(INPUT_POST, '_wp_http_referer')) { if (!isset($data['args']['context']) || !isset(self::$option_groups[$data['args']['context']])) { return $data; } $page = preg_match('#page=([^&]*)#', wp_stream_filter_input(INPUT_POST, '_wp_http_referer'), $match) ? $match[1] : ''; $labels = self::get_context_labels(); if (!isset($labels[$page])) { return $data; } if (!($label = self::settings_labels($data['args']['option_key']))) { $data['message'] = __('%s settings updated', 'stream'); $label = $labels[$page]; } $data['args']['label'] = $label; $data['args']['context'] = $page; $data['context'] = $page; $data['connector'] = self::$name; } return $data; }
/** * Returns the option key depending on which settings page is being viewed * * @return string Option key for this page */ public static function get_option_key() { $option_key = self::OPTION_KEY; $current_page = wp_stream_filter_input(INPUT_GET, 'page'); if (!$current_page) { $current_page = wp_stream_filter_input(INPUT_GET, 'action'); } return apply_filters('wp_stream_settings_option_key', $option_key); }
function filter_date($items) { wp_enqueue_style('jquery-ui'); wp_enqueue_style('wp-stream-datepicker'); wp_enqueue_script('jquery-ui-datepicker'); $date_predefined = wp_stream_filter_input(INPUT_GET, 'date_predefined'); $date_from = wp_stream_filter_input(INPUT_GET, 'date_from'); $date_to = wp_stream_filter_input(INPUT_GET, 'date_to'); ob_start(); ?> <div class="date-interval"> <select class="field-predefined hide-if-no-js" name="date_predefined" data-placeholder="<?php esc_attr_e('All Time', 'stream'); ?> "> <option></option> <option value="custom" <?php selected('custom' === $date_predefined); ?> ><?php esc_attr_e('Custom', 'stream'); ?> </option> <?php foreach ($items as $key => $interval) { $end = isset($interval['end']) ? $interval['end']->format('Y/m/d') : null; printf('<option value="%s" data-from="%s" data-to="%s" %s>%s</option>', esc_attr($key), esc_attr($interval['start']->format('Y/m/d')), esc_attr($end), selected($key === $date_predefined), esc_html($interval['label'])); } ?> </select> <div class="date-inputs"> <div class="box"> <i class="date-remove dashicons"></i> <input type="text" name="date_from" class="date-picker field-from" placeholder="<?php esc_attr_e('Start Date', 'stream'); ?> " value="<?php echo esc_attr($date_from); ?> " /> </div> <span class="connector dashicons"></span> <div class="box"> <i class="date-remove dashicons"></i> <input type="text" name="date_to" class="date-picker field-to" placeholder="<?php esc_attr_e('End Date', 'stream'); ?> " value="<?php echo esc_attr($date_to); ?> " /> </div> </div> </div> <?php return ob_get_clean(); }
/** * Returns the option key depending on which settings page is being viewed * * @return string Option key for this page */ public static function get_option_key() { $option_key = self::KEY; $current_page = wp_stream_filter_input(INPUT_GET, 'page'); if (!$current_page) { $current_page = wp_stream_filter_input(INPUT_GET, 'action'); } if ('wp_stream_default_settings' === $current_page) { $option_key = self::DEFAULTS_KEY; } if ('wp_stream_network_settings' === $current_page) { $option_key = self::NETWORK_KEY; } return apply_filters('wp_stream_settings_option_key', $option_key); }
public function save_chart_height() { $chart_height = wp_stream_filter_input(INPUT_GET, 'chart_height', FILTER_SANITIZE_NUMBER_INT); if (false === $chart_height) { wp_send_json_error(); } // Update the database option WP_Stream_Reports_Settings::ajax_update_user_option('chart_height', $chart_height); }