Changeset 3149177

Timestamp:

09/10/2024 11:24:44 AM (15 months ago)

Author:

ignatggeorgiev

Message:

Bump to 1.5.4

Location:

sg-security/trunk

Files:

• core/Activity_Log/Activity_Log.php (modified) (4 diffs)
• core/Activity_Log/Activity_Log_Helper.php (modified) (14 diffs)
• core/Activity_Log/Activity_Log_Weekly_Emails.php (modified) (6 diffs)
• core/Cli/Cli_List.php (modified) (5 diffs)
• core/Rest/Rest_Helper_Activity.php (modified) (4 diffs)
• core/Salt_Shaker/Salt_Shaker.php (modified) (7 diffs)
• readme.txt (modified) (2 diffs)
• sg-security.php (modified) (2 diffs)

sg-security/trunk/core/Activity_Log/Activity_Log.php

@@ -143 +143 @@
 
         if ( ! class_exists( $class ) ) {
-            throw new \Exception( 'Unknown activity log type "' . $type . '".' );
+            throw new \Exception( 'Unknown activity log type "' . esc_html( $type ) . '".' );
         }
 
@@ -151 +151 @@
 
     /**
-     * Set the cron job for deleting old logs.
+     * Set the CRON job for deleting old logs.
      *
      * @since  1.0.0
      */
     public function set_sgs_logs_cron() {
-        // Bail if cron is disabled.
+        // Bail if CRON is disabled.
         if ( 1 === Helper_Service::is_cron_disabled() ) {
             return;
@@ -167 +167 @@
 
     /**
-     * Delete logs on plugin page if cron is disabled.
+     * Delete logs on plugin page if CRON is disabled.
      *
      * @since  1.0.0
      */
     public function delete_logs_on_admin_page() {
-        // Delete if we are on plugin page and cron is disabled.
+        // Delete if we are on plugin page and CRON is disabled.
         if (
             isset( $_GET['page'] ) &&
@@ -227 +227 @@
      */
     public static function get_activity_log_lifetime() {
-        // Set custom log lifetime interval in days. The intval covers the cases for string, array and sql injections.
+        // Set custom log lifetime interval in days. The intval covers the cases for string, array and SQL injections.
         $log_lifetime = intval( apply_filters( 'sgs_set_activity_log_lifetime', get_option( 'sgs_activity_log_lifetime', 12 ) ) );
 

sg-security/trunk/core/Activity_Log/Activity_Log_Helper.php

@@ -8 +8 @@
  */
 class Activity_Log_Helper {
+
+    /**
+     * The Database placeholder.
+     */
+    public $wpdb;
+
+    /**
+     * The Constructor.
+     */
+    public function __construct() {
+        global $wpdb;
+        $this->wpdb = $wpdb;
+    }
 
     /**
@@ -107 +120 @@
      * @param  array $args Array of event args.
      *
-     * @return bool       True if the entry alredy exists, false otherwise.
+     * @return bool       True if the entry already exists, false otherwise.
      */
     public function check_for_duplicates( $args ) {
-        global $wpdb;
 
         // Bail if table doesn't exist.
-        if ( ! Helper::table_exists( $wpdb->sgs_visitors ) ) {
+        if ( ! Helper::table_exists( $this->wpdb->sgs_visitors ) ) {
             return false;
         }
 
-        $has_duplicate = $wpdb->get_row( // phpcs:ignore
-            $wpdb->prepare(
-                'SELECT `id` FROM `' . $wpdb->sgs_log . '`
+        // Prepare the check for duplicates query.
+        $query = $this->wpdb->prepare(
+            'SELECT `ID` FROM `' . esc_sql( $this->wpdb->sgs_log ) . '`
                     WHERE `visitor_id` = %s
                         AND `ts` = %s
@@ -125 +137 @@
                         LIMIT 1
                         ;',
-                $args['visitor_id'],
-                $args['ts'],
-                $args['activity']
-            )
-        );
+            $args['visitor_id'],
+            $args['ts'],
+            $args['activity']
+        );
+
+        $has_duplicate = $this->wpdb->get_row( $query ); //phpcs:ignore
 
         if ( $has_duplicate ) {
@@ -146 +159 @@
      */
     public function insert( $args ) {
-        global $wpdb;
 
         if ( $this->check_for_duplicates( $args ) ) {
@@ -152 +164 @@
         }
 
-        $wpdb->insert(
-            $wpdb->sgs_log,
+        $this->wpdb->insert(
+            $this->wpdb->sgs_log,
             array(
                 'visitor_id'   => $args['visitor_id'],
@@ -181 +193 @@
      */
     public function get_visitor_by_user_id( $user_id ) {
-        global $wpdb;
 
         // Check if there is already a record as a visitor for this user.
-        $maybe_id = $wpdb->get_row( // phpcs:ignore.
-            $wpdb->prepare(
-                'SELECT `ID` FROM `' . $wpdb->sgs_visitors . '`
+        $query = $this->wpdb->prepare(
+            'SELECT `ID` FROM `' . esc_sql( $this->wpdb->sgs_visitors ) . '`
                     WHERE `user_id` = %s
-                    LIMIT 1;',
-                $user_id
-            )
-        );
+                    LIMIT 1
+                    ;',
+            $user_id
+        );
+
+        $maybe_id = $this->wpdb->get_row( $query ); // phpcs:ignore.
 
         // If there is such record, return the visitor ID.
@@ -199 +211 @@
 
         // Create a new record for the user as a visitor.
-        $wpdb->insert(
-            $wpdb->sgs_visitors,
+        $this->wpdb->insert(
+            $this->wpdb->sgs_visitors,
             array(
                 'user_id' => $user_id,
@@ -208 +220 @@
         );
 
-        // Get the user visitor ID.
-        $id = $wpdb->get_row( // phpcs:ignore.
-            $wpdb->prepare(
-                'SELECT `ID` FROM `' . $wpdb->sgs_visitors . '`
-                    WHERE `user_id` = %s
-                    LIMIT 1;',
-                $user_id
-            )
-        );
-
         // Return the ID.
-        return $id->ID;
-    }
-
-    /**
-     * Get the visitor unique ID by Ip address.
+        return $this->wpdb->insert_id;
+    }
+
+    /**
+     * Get the visitor unique ID by IP address.
      *
      * @since  1.0.0
@@ -232 +234 @@
      */
     public function get_visitor_by_ip( $ip ) {
-        global $wpdb;
-        $maybe_id = $wpdb->get_row( // phpcs:ignore
-            $wpdb->prepare(
-                'SELECT `ID` FROM `' . $wpdb->sgs_visitors . '`
+
+        $query = $this->wpdb->prepare(
+            'SELECT `ID` FROM `' . esc_sql( $this->wpdb->sgs_visitors ) . '`
                     WHERE `ip` = %s
                     AND `user_id` = 0
-                    LIMIT 1;',
-                $ip
-            )
-        );
+                    LIMIT 1
+                    ;',
+            $ip
+        );
+
+        $maybe_id = $this->wpdb->get_row( $query ); // phpcs:ignore
 
         if ( ! is_null( $maybe_id ) ) {
@@ -247 +250 @@
         }
 
-        // Insert the visitors ip in the db.
-        $wpdb->insert(
-            $wpdb->sgs_visitors,
+        // Insert the visitors IP in the db.
+        $this->wpdb->insert(
+            $this->wpdb->sgs_visitors,
             array(
                 'ip' => $ip,
@@ -256 +259 @@
         );
 
-        return $wpdb->insert_id;
+        return $this->wpdb->insert_id;
     }
 
@@ -265 +268 @@
      */
     public function add_log_visitor_indexes() {
-        global $wpdb;
 
         // Bail if tables does not exist.
         if (
-            ! Helper::table_exists( $wpdb->sgs_visitors ) ||
-            ! Helper::table_exists( $wpdb->sgs_log )
+            ! Helper::table_exists( $this->wpdb->sgs_visitors ) ||
+            ! Helper::table_exists( $this->wpdb->sgs_log )
         ) {
             return;
@@ -276 +278 @@
 
         // Check if the indexes are already set.
-        $log_event_index = $wpdb->get_var( "SHOW INDEX FROM `{$wpdb->prefix}sgs_log_events` WHERE `Key_name` = 'log_event_index'" );
-        $ip_index_exists = $wpdb->get_var( "SHOW INDEX FROM `{$wpdb->prefix}sgs_log_visitors` WHERE `Key_name` = 'ip_index'" );
+        $log_event_index = $this->wpdb->get_var( 'SHOW INDEX FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_events' ) . "` WHERE `Key_name` = 'log_event_index'" );
+        $ip_index_exists = $this->wpdb->get_var( 'SHOW INDEX FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . "` WHERE `Key_name` = 'ip_index'" );
 
         // Add log event index if not set.
         if ( is_null( $log_event_index ) ) {
-            $wpdb->query( "ALTER TABLE `{$wpdb->prefix}sgs_log_events` ADD INDEX `log_event_index` (`visitor_id`, `ts`, `activity`, `id`)" );
+            $this->wpdb->query( 'ALTER TABLE `' . esc_sql( $this->wpdb->prefix . 'sgs_log_events' ) . '` ADD INDEX `log_event_index` (`visitor_id`, `ts`, `activity`, `id`)' );
         }
 
         // Add the IP index if not set.
         if ( is_null( $ip_index_exists ) ) {
-            $wpdb->query( "ALTER TABLE `{$wpdb->prefix}sgs_log_visitors` ADD INDEX `ip_index` (`ip`)" );
+            $this->wpdb->query( 'ALTER TABLE `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . '` ADD INDEX `ip_index` (`ip`)' );
         }
     }
@@ -296 +298 @@
      */
     public function adjust_visitors_indexes() {
-        global $wpdb;
 
         // Bail if table does not exist.
-        if ( ! Helper::table_exists( $wpdb->sgs_visitors ) ) {
+        if ( ! Helper::table_exists( $this->wpdb->sgs_visitors ) ) {
             return;
         }
 
-        $user_id_index_exists = $wpdb->get_var( "SHOW INDEX FROM `{$wpdb->prefix}sgs_log_visitors` WHERE `Key_name` = 'user_id_index'" );
-        $block_user_index_exists = $wpdb->get_var( "SHOW INDEX FROM `{$wpdb->prefix}sgs_log_visitors` WHERE `Key_name` = 'block_user_index'" );
+        $user_id_index_exists = $this->wpdb->get_var( 'SHOW INDEX FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . "` WHERE `Key_name` = 'user_id_index'" );
+        $block_user_index_exists = $this->wpdb->get_var( 'SHOW INDEX FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . "` WHERE `Key_name` = 'block_user_index'" );
 
         // Drop the user id index.
         if ( ! is_null( $user_id_index_exists ) ) {
-            $wpdb->query( "DROP INDEX `user_id_index` ON `{$wpdb->prefix}sgs_log_visitors`" );
+            $this->wpdb->query( 'DROP INDEX `user_id_index` ON `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . '`' );
         }
 
         // Add the Block/User complex index if not set.
         if ( is_null( $block_user_index_exists ) ) {
-            $wpdb->query( "ALTER TABLE `{$wpdb->prefix}sgs_log_visitors` ADD INDEX `block_user_index` (`block`, `user_id`)" );
+            $this->wpdb->query( 'ALTER TABLE `' . esc_sql( $this->wpdb->prefix . 'sgs_log_visitors' ) . '` ADD INDEX `block_user_index` (`block`, `user_id`)' );
         }
     }

sg-security/trunk/core/Activity_Log/Activity_Log_Weekly_Emails.php

@@ -19 +19 @@
 
     /**
+     * Database placeholder.
+     */
+    public $wpdb;
+
+    /**
      * The constructor.
      *
@@ -24 +29 @@
      */
     public function __construct() {
+        // Assign the Database.
+        global $wpdb;
+        $this->wpdb = $wpdb;
 
         // Initiate the Email Service Class.
@@ -222 +230 @@
      */
     private function get_total_human_stats( $start_date, $end_date ) {
-        global $wpdb;
-
-        return $wpdb->get_var(
-            'SELECT COUNT(*) FROM `' . $wpdb->prefix . 'sgs_log_events' . '`
-            WHERE `action` = "visit"
-            AND `visitor_type` = "Human"
-            AND `type` = "unknown"
-            AND `ts` BETWEEN ' . $start_date . ' AND ' . $end_date . ' ;'
-        );
+
+        $query = $this->wpdb->prepare(
+            'SELECT COUNT(*) FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_events' ) . "`
+                WHERE `action` = 'visit'
+                AND `visitor_type` = 'Human'
+                AND `type` = 'unknown'
+                AND `ts` BETWEEN %s AND %s",
+            $start_date,
+            $end_date
+        );
+
+        return $this->wpdb->get_var( $query ); //phpcs:ignore
     }
 
@@ -244 +255 @@
      */
     private function get_total_bots_stats( $start_date, $end_date ) {
-        global $wpdb;
-
-        return $wpdb->get_var(
-            'SELECT COUNT(*) FROM `' . $wpdb->prefix . 'sgs_log_events' . '`
-            WHERE `action` = "visit"
-            AND `visitor_type` <>"Human" AND `visitor_type` <>"unknown"
-            AND `type` = "unknown"
-            AND `ts` BETWEEN ' . $start_date . ' AND ' . $end_date . ' ;'
-        );
+
+        $query = $this->wpdb->prepare(
+            'SELECT COUNT(*) FROM `' . esc_sql( $this->wpdb->prefix . 'sgs_log_events' ) . "`
+                WHERE `action` = 'visit'
+                AND `visitor_type` <> 'Human'
+                AND `visitor_type` <> 'unknown'
+                AND `type` = 'unknown'
+                AND `ts` BETWEEN %s AND %s",
+            $start_date,
+            $end_date
+        );
+
+        return $this->wpdb->get_var( $query ); //phpcs:ignore
     }
 
@@ -268 +283 @@
 
     /**
-     * Get notification receipient emails.
+     * Get notification recipient emails.
      *
      * @since  1.2.0
@@ -277 +292 @@
         $data = array();
 
-        // Get the currently set receipients.
+        // Get the currently set recipients.
         $receipients = get_option( 'sg_security_notification_emails', array() );
 
-        // Return empty array if no receipients are set.
+        // Return empty array if no recipients are set.
         if ( empty( $receipients ) ) {
             return $data;

sg-security/trunk/core/Cli/Cli_List.php

@@ -113 +113 @@
      * @param  string $type The type of log we want.
      *
-     * @return string       The sql query.
+     * @return string       The SQL  query.
      */
     public function get_query( $type ) {
@@ -160 +160 @@
         foreach ( $visitors as $visit ) {
             $table_data[] = array(
-                'Timestamp'    => get_date_from_gmt( date( 'Y-m-d h:i:s', $visit['ts'] ), 'Y-m-d H:i' ),
+                'Timestamp'    => get_date_from_gmt( gmdate( 'Y-m-d h:i:s', $visit['ts'] ), 'Y-m-d H:i' ),
                 'Visitor Type' => $visit['visitor_type'],
                 'IP Address'   => $visit['ip'],
@@ -182 +182 @@
 
         // Get all user visitors from the database.
-        $visitors = $this->wpdb->get_results( // phpcs:ignore
-            'SELECT * FROM `' . $this->wpdb->sgs_visitors . '`
-                WHERE `user_id` != 0
+        $query = $this->wpdb->prepare(
+            'SELECT * FROM `' . esc_sql( $this->wpdb->sgs_visitors ) . '`
+                WHERE `user_id` != %d
             ;',
-            OBJECT_K
+            0
         );
 
-        // Loop results and get necesary data.
+        $visitors = $this->wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore
+
+        // Loop results and get necessary data.
         $data = array();
         foreach ( $results as $entry ) {
             $log = array(
-                'ts'         => get_date_from_gmt( date( 'Y-m-d H:i', $entry['blocked_on'] ), 'Y-m-d H:i' ),
+                'ts'         => get_date_from_gmt( gmdate( 'Y-m-d H:i', $entry['blocked_on'] ), 'Y-m-d H:i' ),
                 'user'       => $entry['ip'],
                 'visitor_id' => $entry['id'],
@@ -228 +230 @@
 
         // Get visitors data.
-        $visitors = $this->wpdb->get_results( // phpcs:ignore
-            'SELECT * FROM `' . $this->wpdb->sgs_visitors . '`
-                WHERE `user_id` != 0
+        $query = $this->wpdb->prepare(
+            'SELECT * FROM `' . esc_sql( $this->wpdb->sgs_visitors ) . '`
+                WHERE `user_id` != %d
             ;',
-            OBJECT_K
+            0
         );
+
+        $visitors = $this->wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore
 
         // Populate the data for the table.
@@ -243 +247 @@
             // Add the data to the table array.
             $table_data[] = array(
-                'Timestamp'  => get_date_from_gmt( date( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
+                'Timestamp'  => get_date_from_gmt( gmdate( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
                 'IP Address' => $entry['ip'],
                 'Activity'   => $entry['description'],

sg-security/trunk/core/Rest/Rest_Helper_Activity.php

@@ -331 +331 @@
             $data[] = array(
                 'id'           => $entry['id'],
-                'ts'           => get_date_from_gmt( date( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
+                'ts'           => get_date_from_gmt( gmdate( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
                 'ip'           => $entry['ip'],
                 'page_visited' => $entry['description'],
@@ -398 +398 @@
             $data[] = array(
                 'id'           => $entry['id'],
-                'ts'           => get_date_from_gmt( date( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
+                'ts'           => get_date_from_gmt( gmdate( 'Y-m-d H:i', $entry['ts'] ), 'Y-m-d H:i' ),
                 'ip'           => $entry['ip'],
                 'activity'     => $entry['description'],
@@ -720 +720 @@
         foreach ( $results as $entry ) {
             $log = array(
-                'ts'         => get_date_from_gmt( date( 'Y-m-d H:i', $entry['blocked_on'] ), 'Y-m-d H:i' ),
+                'ts'         => get_date_from_gmt( gmdate( 'Y-m-d H:i', $entry['blocked_on'] ), 'Y-m-d H:i' ),
                 'user'       => $entry['ip'],
                 'visitor_id' => $entry['id'],
@@ -742 +742 @@
 
             $log = array(
-                'ts'         => get_date_from_gmt( date( 'Y-m-d H:i', $attempt['timestamp'] ), 'Y-m-d H:i' ),
+                'ts'         => get_date_from_gmt( gmdate( 'Y-m-d H:i', $attempt['timestamp'] ), 'Y-m-d H:i' ),
                 'user'       => $ip,
                 'visitor_id' => 0,

sg-security/trunk/core/Salt_Shaker/Salt_Shaker.php

@@ -1 +1 @@
 <?php
 namespace SG_Security\Salt_Shaker;
+
+use SiteGround_Helper\Helper_Service;
 
 /**
@@ -52 +54 @@
 
     /**
+     * The WordPress filesystem.
+     */
+    public $wp_filesystem;
+
+    public function __construct() {
+        $this->wp_filesystem = Helper_Service::setup_wp_filesystem();
+    }
+
+    /**
      * Check if the config exists.
      *
@@ -59 +70 @@
      */
     public function config_exist() {
+
         if ( file_exists( $this->config_file ) &&
-            is_writable( $this->config_file )
+            $this->wp_filesystem->is_writable( $this->config_file )
         ) {
             return $this->config_file;
+
         }
 
@@ -73 +86 @@
      * @since  1.0.0
      *
-     * @return bool|string False if we dont get a response, the fresh salts otherwise.
+     * @return bool|string False if we don't get a response, the fresh salts otherwise.
      */
     public function get_fresh_salts() {
@@ -106 +119 @@
         $new_salts = $this->get_fresh_salts();
 
-        // Bail if we dont get a response from the api.
+        // Bail if we don't get a response from the API.
         if ( false === $new_salts ) {
             return false;
@@ -149 +162 @@
 
         // Rename the file.
-        rename( $this->tmp_config_file, $this->config_file );
+        $this->wp_filesystem->move( $this->tmp_config_file, $this->config_file, true );
 
         // Keep the original permissions of wp-config.php.
-        chmod( $this->config_file, $config_permissions );
+        $this->wp_filesystem->chmod( $this->config_file, $config_permissions );
 
         return true;
@@ -158 +171 @@
 
     /**
-     * Loop the salts, find them in the config file and replace them with the newly genereated ones.
+     * Loop the salts, find them in the config file and replace them with the newly generated ones.
      *
      * @since  1.0.0

sg-security/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 6.6
 Requires PHP: 7.0
-Stable tag: 1.5.3
+Stable tag: 1.5.4
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
@@ -144 +144 @@
 
 == Changelog ==
+
+= Version 1.5.4 =
+Release Date: Sep 10th, 2024
+
+* Activity log code improvements.
+* Salt Shaker code improvements.
 
 = Version 1.5.3 =

sg-security/trunk/sg-security.php

@@ -11 +11 @@
  * Plugin URI:        https://siteground.com
  * Description:       Security Optimizer by SiteGround is the all-in-one security solution for your WordPress website. With the carefully selected and easy to configure functions the plugin provides everything you need to secure your website and prevent a number of threats such as brute-force attacks, compromised login, data leaks and more.
- * Version:           1.5.3
+ * Version:           1.5.4
  * Author:            SiteGround
  * Author URI:        https://www.siteground.com
@@ -33 +33 @@
 // Define version constant.
 if ( ! defined( __NAMESPACE__ . '\VERSION' ) ) {
-    define( __NAMESPACE__ . '\VERSION', '1.5.3' );
+    define( __NAMESPACE__ . '\VERSION', '1.5.4' );
 }