/** * Ajax callback function to search users, used on exclude setting page * * @uses WP_User_Query WordPress User Query class. * @return void */ public static function get_users() { if (!defined('DOING_AJAX') || !current_user_can(WP_Stream_Admin::SETTINGS_CAP)) { return; } check_ajax_referer('stream_get_users', 'nonce'); $response = (object) array('status' => false, 'message' => esc_html__('There was an error in the request', 'stream')); $search = isset($_POST['find']) ? wp_unslash(trim($_POST['find'])) : ''; $request = (object) array('find' => $search); add_filter('user_search_columns', array(__CLASS__, 'add_display_name_search_columns'), 10, 3); $users = new WP_User_Query(array('search' => "*{$request->find}*", 'search_columns' => array('user_login', 'user_nicename', 'user_email', 'user_url'), 'orderby' => 'display_name', 'number' => WP_Stream_Admin::PRELOAD_AUTHORS_MAX)); remove_filter('user_search_columns', array(__CLASS__, 'add_display_name_search_columns'), 10); if (0 === $users->get_total()) { wp_send_json_error($response); } $response->status = true; $response->message = ''; $response->users = array(); foreach ($users->results as $key => $user) { $author = new WP_Stream_Author($user->ID); $args = array('id' => $author->ID, 'text' => $author->display_name); $args['tooltip'] = esc_attr(sprintf(__("ID: %d\nUser: %s\nEmail: %s\nRole: %s", 'stream'), $author->id, $author->user_login, $author->user_email, ucwords($author->get_role()))); $args['icon'] = $author->get_avatar_src(32); $response->users[] = $args; } if (empty($search) || preg_match('/wp|cli|system|unknown/i', $search)) { $author = new WP_Stream_Author(0); $response->users[] = array('id' => $author->id, 'text' => $author->get_display_name(), 'icon' => $author->get_avatar_src(32), 'tooltip' => esc_html__('Actions performed by the system when a user is not logged in (e.g. auto site upgrader, or invoking WP-CLI without --user)', 'stream')); } wp_send_json_success($response); }
/** * Log handler * * @param $connector * @param string $message sprintf-ready error message string * @param array $args sprintf (and extra) arguments to use * @param int $object_id Target object id * @param string $context Context of the event * @param string $action Action of the event * @param int $user_id User responsible for the event * * @return mixed True if updated, otherwise false|WP_Error */ public function log($connector, $message, $args, $object_id, $context, $action, $user_id = null) { global $wpdb; if (is_null($user_id)) { $user_id = get_current_user_id(); } if (is_null($object_id)) { $object_id = 0; } $wp_cron_tracking = isset(WP_Stream_Settings::$options['advanced_wp_cron_tracking']) ? WP_Stream_Settings::$options['advanced_wp_cron_tracking'] : false; $author = new WP_Stream_Author($user_id); $agent = $author->get_current_agent(); // WP Cron tracking requires opt-in and WP Cron to be enabled if (!$wp_cron_tracking && 'wp_cron' === $agent) { return false; } $user = new WP_User($user_id); $roles = get_option($wpdb->get_blog_prefix() . 'user_roles'); $visibility = 'publish'; if (self::is_record_excluded($connector, $context, $action, $user)) { $visibility = 'private'; } $author_meta = array('user_email' => (string) (!empty($user->user_email)) ? $user->user_email : '', 'display_name' => (string) $author->get_display_name(), 'user_login' => (string) (!empty($user->user_login)) ? $user->user_login : '', 'user_role_label' => (string) $author->get_role(), 'agent' => (string) $agent); if ('wp_cli' === $agent && function_exists('posix_getuid')) { $uid = posix_getuid(); $user_info = posix_getpwuid($uid); $author_meta['system_user_id'] = (int) $uid; $author_meta['system_user_name'] = (string) $user_info['name']; } // Prevent any meta with null values from being logged $stream_meta = array_filter($args, function ($var) { return !is_null($var); }); // All meta must be strings, so we will serialize any array meta values array_walk($stream_meta, function (&$v) { $v = (string) maybe_serialize($v); }); // Get the current time in milliseconds $iso_8601_extended_date = wp_stream_get_iso_8601_extended_date(); $recordarr = array('object_id' => (int) $object_id, 'site_id' => (int) is_multisite() ? get_current_site()->id : 1, 'blog_id' => (int) apply_filters('wp_stream_blog_id_logged', get_current_blog_id()), 'author' => (int) $user_id, 'author_role' => (string) (!empty($user->roles)) ? $user->roles[0] : '', 'author_meta' => (array) $author_meta, 'created' => (string) $iso_8601_extended_date, 'visibility' => (string) $visibility, 'type' => 'stream', 'summary' => (string) vsprintf($message, $args), 'connector' => (string) $connector, 'context' => (string) $context, 'action' => (string) $action, 'stream_meta' => (array) $stream_meta, 'ip' => (string) wp_stream_filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP)); $result = WP_Stream::$db->store(array($recordarr)); self::debug_backtrace($recordarr); return $result; }
function column_default($item, $column_name) { switch ($column_name) { case 'date': $created = date('Y-m-d H:i:s', strtotime($item->created)); $date_string = sprintf('<time datetime="%s" class="relative-time record-created">%s</time>', wp_stream_get_iso_8601_extended_date(strtotime($item->created)), get_date_from_gmt($created, 'Y/m/d')); $out = $this->column_link($date_string, 'date', get_date_from_gmt($created, 'Y/m/d')); $out .= '<br />'; $out .= get_date_from_gmt($created, 'h:i:s A'); break; case 'summary': $out = $item->summary; $object_title = wp_stream_get_object_title($item); $view_all_text = $object_title ? sprintf(__('View all activity for "%s"', 'stream'), esc_attr($object_title)) : __('View all activity for this object', 'stream'); if ($item->object_id) { $out .= $this->column_link('<span class="dashicons dashicons-search stream-filter-object-id"></span>', array('object_id' => $item->object_id, 'context' => $item->context), null, esc_attr($view_all_text)); } $out .= $this->get_action_links($item); break; case 'author': $author = new WP_Stream_Author((int) $item->author, (array) $item->author_meta); $out = sprintf('<a href="%s">%s <span>%s</span></a>%s%s%s', $author->get_records_page_url(), $author->get_avatar_img(80), $author->get_display_name(), $author->is_deleted() ? sprintf('<br /><small class="deleted">%s</small>', esc_html__('Deleted User', 'stream')) : '', $author->get_role() ? sprintf('<br /><small>%s</small>', $author->get_role()) : '', $author->get_agent() ? sprintf('<br /><small>%s</small>', WP_Stream_Author::get_agent_label($author->get_agent())) : ''); break; case 'context': $connector_title = $this->get_term_title($item->{'connector'}, 'connector'); $context_title = $this->get_term_title($item->{'context'}, 'context'); $out = $this->column_link($connector_title, 'connector', $item->{'connector'}); $out .= '<br />↳ '; $out .= $this->column_link($context_title, array('connector' => $item->{'connector'}, 'context' => $item->{'context'})); break; case 'action': $out = $this->column_link($this->get_term_title($item->{$column_name}, $column_name), $column_name, $item->{$column_name}); break; case 'ip': $out = $this->column_link($item->{$column_name}, 'ip', $item->{$column_name}); break; default: /** * Registers new Columns to be inserted into the table. The cell contents of this column is set * below with 'wp_stream_inster_column_default-' * * @since 1.0.0 * * @return array */ $inserted_columns = apply_filters('wp_stream_register_column_defaults', $new_columns = array()); if (!empty($inserted_columns) && is_array($inserted_columns)) { foreach ($inserted_columns as $column_title) { /** * If column title inserted via wp_stream_register_column_defaults ($column_title) exists * among columns registered with get_columns ($column_name) and there is an action associated * with this column, do the action * * Also, note that the action name must include the $column_title registered * with wp_stream_register_column_defaults */ if ($column_title == $column_name && has_filter("wp_stream_insert_column_default-{$column_title}")) { /** * Allows for the addition of content under a specified column. * * @since 2.0.4 * * @param object $item Contents of the row * * @return string */ $out = apply_filters("wp_stream_insert_column_default-{$column_title}", $column_name, $item); } else { $out = $column_name; } } } else { $out = $column_name; } } echo $out; // xss ok }
function column_default($item, $column_name) { switch ($column_name) { case 'date': $date_string = sprintf('<time datetime="%s" class="relative-time">%s</time>', $item->created, get_date_from_gmt($item->created, 'Y/m/d')); $out = $this->column_link($date_string, 'date', date('Y/m/d', strtotime($item->created))); $out .= '<br />'; $out .= get_date_from_gmt($item->created, 'h:i:s A'); break; case 'summary': $out = $item->summary; if ($item->object_id) { $out .= $this->column_link('<span class="dashicons dashicons-search stream-filter-object-id"></span>', array('object_id' => $item->object_id, 'context' => $item->context), null, __('View all records for this object', 'stream')); } $out .= $this->get_action_links($item); break; case 'author': require_once WP_STREAM_INC_DIR . 'class-wp-stream-author.php'; $author_meta = wp_stream_get_meta($item->ID, 'author_meta', true); $author = new WP_Stream_Author((int) $item->author, $author_meta); $out = sprintf('<a href="%s">%s <span>%s</span></a>%s%s%s', $author->get_records_page_url(), $author->get_avatar_img(80), $author->get_display_name(), $author->is_deleted() ? sprintf('<br /><small class="deleted">%s</small>', esc_html__('Deleted User', 'stream')) : '', $author->get_role() ? sprintf('<br /><small>%s</small>', $author->get_role()) : '', $author->get_agent() ? sprintf('<br /><small>%s</small>', WP_Stream_Author::get_agent_label($author->get_agent())) : ''); break; case 'connector': case 'context': case 'action': $out = $this->column_link($this->get_term_title($item->{$column_name}, $column_name), $column_name, $item->{$column_name}); break; case 'ip': $out = $this->column_link($item->{$column_name}, 'ip', $item->{$column_name}); break; case 'id': $out = absint($item->ID); break; case 'blog_id': $blog = $item->blog_id && is_multisite() ? get_blog_details($item->blog_id) : WP_Stream_Network::get_network_blog(); $out = sprintf('<a href="%s"><span>%s</span></a>', add_query_arg(array('blog_id' => $blog->blog_id), network_admin_url('admin.php?page=wp_stream')), esc_html($blog->blogname)); break; default: /** * Registers new Columns to be inserted into the table. The cell contents of this column is set * below with 'wp_stream_inster_column_default-' * * @param array $new_columns Array of new column titles to add */ $inserted_columns = apply_filters('wp_stream_register_column_defaults', $new_columns = array()); if (!empty($inserted_columns) && is_array($inserted_columns)) { foreach ($inserted_columns as $column_title) { /** * If column title inserted via wp_stream_register_column_defaults ($column_title) exists * among columns registered with get_columns ($column_name) and there is an action associated * with this column, do the action * * Also, note that the action name must include the $column_title registered * with wp_stream_register_column_defaults */ if ($column_title == $column_name && has_action('wp_stream_insert_column_default-' . $column_title)) { /** * This action allows for the addition of content under the specified column ($column_title) * * @param string $column_title Title of the column (set in wp_stream_register_column_defaults) * @param obj $item Contents of the row */ $out = do_action('wp_stream_insert_column_default-' . $column_title, $item); } else { $out = $column_name; } } } else { $out = $column_name; // xss ok } } echo $out; // xss ok }