/** * Perform an action based on the request * * @return void */ private function do_action() { global $wpdb; $sendback = remove_query_arg(array('intrusions', 'deleted', 'excluded'), wp_get_referer()); // Handle bulk actions //hassan added action if (isset($_GET['doaction']) || isset($_GET['doaction2'])) { //check_admin_referer( 'hmwp_ms_action_intrusions_bulk' ); if (($_GET['action'] != '' || $_GET['action2'] != '') && isset($_GET['page'])) { if (isset($_GET['intrusions'])) { $intrusion_ids = $_GET['intrusions']; } $doaction = $_GET['action'] != '' ? $_GET['action'] : $_GET['action2']; } else { wp_redirect(admin_url('index.php?page=hmwp_ms_intrusions')); exit; } switch ($doaction) { case 'bulk_delete': $deleted = 0; foreach ((array) $intrusion_ids as $intrusion_id) { if (!current_user_can('activate_plugins')) { wp_die(__('You are not allowed to delete this item.', 'mute-screamer')); } $sql = $wpdb->prepare('DELETE FROM ' . $wpdb->hmwp_ms_intrusions . ' WHERE id = %d', $intrusion_id); $result = $wpdb->query($sql); if (!$result) { wp_die(__('Error in deleting...', 'mute-screamer')); } $deleted++; } $sendback = add_query_arg('deleted', $deleted, $sendback); break; case 'bulk_exclude': $excluded = 0; foreach ((array) $intrusion_ids as $intrusion_id) { if (!current_user_can('activate_plugins')) { wp_die(__('You are not allowed to exclude this item.', 'mute-screamer')); } // Get the intrusion field to exclude $sql = $wpdb->prepare("SELECT name FROM {$wpdb->hmwp_ms_intrusions} WHERE id = %d", $intrusion_id); $result = $wpdb->get_row($sql); if (!$result) { wp_die(__('Error in excluding...', 'mute-screamer')); } $hmwp_ms = HMWP_MS_IDS::instance(); $exceptions = $hmwp_ms->opt('exception_fields'); $exceptions = explode("\n", $exceptions); // Exception fields array must not contain an empty string // otherwise all fields will be excepted foreach ($exceptions as $k => $v) { if (strlen($exceptions[$k]) == 0) { unset($exceptions[$k]); } } // Only add the field once if (!in_array(trim($result->name, ' /'), $exceptions)) { $exceptions[] = trim($result->name, '/ '); } $exceptions = implode("\n", array_unique($exceptions)); $hmwp_ms->set_opt('exception_fields', $exceptions); $excluded++; } $sendback = add_query_arg('excluded', $excluded, $sendback); break; } if (isset($_GET['action'])) { $sendback = remove_query_arg(array('action', 'action2', 'intrusions'), $sendback); } wp_redirect($sendback); exit; } else { if (isset($_GET['action']) && $_GET['action'] == 'delete_all') { $result = $wpdb->query("Truncate table {$wpdb->hmwp_ms_intrusions}"); if (!$result) { wp_die(__('Error in deleting all logs...', 'mute-screamer')); } $sendback = remove_query_arg(array('action'), wp_get_referer()); $sendback = add_query_arg('all_deleted', '1', $sendback); wp_redirect($sendback); exit; } else { if (!empty($_GET['_wp_http_referer'])) { wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); exit; } } } // Handle other actions $action = HMWP_MS_Utils::get('action'); $id = (int) HMWP_MS_Utils::get('intrusion'); if (!$action) { return; } switch ($action) { case 'exclude': check_admin_referer('hmwp_ms_action_exclude_intrusion'); if (!current_user_can('activate_plugins')) { wp_die(__('You are not allowed to exclude this item.', 'mute-screamer')); } // Get the intrusion field to exclude $sql = $wpdb->prepare("SELECT name FROM {$wpdb->hmwp_ms_intrusions} WHERE id = %d", $id); $result = $wpdb->get_row($sql); if (!$result) { wp_die(__('Error in excluding...', 'mute-screamer')); } $hmwp_ms = HMWP_MS_IDS::instance(); $exceptions = $hmwp_ms->opt('exception_fields'); (array) ($exceptions = explode("\n", $exceptions)); // Exception fields array must not contain an empty string // otherwise all fields will be excepted foreach ($exceptions as $k => $v) { if (strlen($exceptions[$k]) == 0) { unset($exceptions[$k]); } } // Only add the field once if (!in_array(trim($result->name, ' '), $exceptions)) { $exceptions[] = trim($result->name, ' '); } $exceptions = implode("\n", array_unique($exceptions)); $hmwp_ms->set_opt('exception_fields', $exceptions); $sendback = add_query_arg('excluded', '1', $sendback); break; case 'delete': check_admin_referer('hmwp_ms_action_delete_intrusion'); if (!current_user_can('activate_plugins')) { wp_die(__('You are not allowed to delete this item.', 'mute-screamer')); } $sql = $wpdb->prepare('DELETE FROM ' . $wpdb->hmwp_ms_intrusions . ' WHERE id = %d', $id); $result = $wpdb->query($sql); if (!$result) { wp_die(__('Error in deleting...', 'mute-screamer')); } $sendback = add_query_arg('deleted', 1, $sendback); break; } wp_redirect($sendback); exit; }
/** * This is in an iframe * * @return void */ public function do_upgrade_run() { $upgrade_files = array('default_filter.xml', 'Converter.php'); $files = HMWP_MS_Utils::get('files'); $files = explode(',', $files); if (!current_user_can('update_plugins')) { wp_die(__('You do not have sufficient permissions to update Mute Screamer for this site.', 'mute-screamer')); } check_admin_referer('bulk-update-hmwp_ms'); // Valid files to upgrade? foreach ($files as $key => $val) { if (!in_array($val, $upgrade_files)) { wp_die(sprintf(__("%s can't be upgraded.", 'mute-screamer'), esc_html($val))); } // Fetch file contents from cache $files[$val] = $this->remote_get($this->updates['updates'][$val]->revision_file_url); unset($files[$key]); // Remove existing integer based index } require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; require_once 'hmwp_ms/Upgrader.php'; wp_enqueue_script('jquery'); iframe_header(); $upgrader = new HMWP_MS_Upgrader(); $res = $upgrader->upgrade($files); // All good? Clear the update array, reset transients if ($res) { // Remove the files we updated from the update array foreach ($files as $key => $file) { unset($this->updates['updates'][$key]); } // Did we update everything? // Only clear the update array and cache if there are no files left to update if (empty($this->updates['updates'])) { $this->updates['updates'] = array(); delete_site_transient('hmwp_ms_requests_cache'); } set_site_transient('hmwp_ms_update', $this->updates, $this->timeout); } iframe_footer(); }