Activity Log - Version 2.8.5

Version Description

  • 2022-11-21 =
  • Tweak: Now the date/time format is displayed according to the site settings (Topic)
  • Fix: Added compatibility for PHP 8.1 (Topic)
  • Fix: Add input sanitization to avoid security issues
Download this release

Release Info

Developer KingYes
Plugin Icon 128x128 Activity Log
Version 2.8.5
Comparing to
See all releases

Code changes from version 2.8.4 to 2.8.5

Files changed (5) hide show
  1. aryo-activity-log.php +1 -1
  2. classes/class-aal-activity-log-list-table.php +12 -9
  3. classes/class-aal-settings.php +15 -15
  4. hooks/class-aal-hook-widgets.php +2 -2
  5. readme.txt +6 -1
aryo-activity-log.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://activitylog.io/?utm_source=wp-plugins&utm_campaign=plugin-ur
5
  Description: Get aware of any activities that are taking place on your dashboard! Imagine it like a black-box for your WordPress site. e.g. post was deleted, plugin was activated, user logged in or logged out - it's all these for you to see.
6
  Author: Activity Log Team
7
  Author URI: https://activitylog.io/?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
8
- Version: 2.8.4
9
  Text Domain: aryo-activity-log
10
  License: GPLv2 or later
11
 
5
  Description: Get aware of any activities that are taking place on your dashboard! Imagine it like a black-box for your WordPress site. e.g. post was deleted, plugin was activated, user logged in or logged out - it's all these for you to see.
6
  Author: Activity Log Team
7
  Author URI: https://activitylog.io/?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash
8
+ Version: 2.8.5
9
  Text Domain: aryo-activity-log
10
  License: GPLv2 or later
11
 
classes/class-aal-activity-log-list-table.php CHANGED
@@ -194,13 +194,13 @@ class AAL_Activity_Log_List_Table extends WP_List_Table {
194
  $return = sprintf( '<strong>' . __( '%s ago', 'aryo-activity-log' ) . '</strong>', human_time_diff( $item->hist_time, current_time( 'timestamp' ) ) );
195
 
196
  $date_formatted = date( 'd/m/Y', $item->hist_time );
197
- $return .= '<br /><a href="' . $this->get_filtered_link( 'dateshow', $date_formatted ) . '">' . date( 'd/m/Y', $item->hist_time ) . '</a>';
198
 
199
- $return .= '<br />' . date( 'H:i:s', $item->hist_time );
200
  break;
201
 
202
  case 'ip':
203
- $return = '<a href="' . $this->get_filtered_link( 'filter_ip', $item->hist_ip ) . '">' . $item->hist_ip. '</a>';
204
  break;
205
 
206
  default:
@@ -563,23 +563,23 @@ class AAL_Activity_Log_List_Table extends WP_List_Table {
563
  }
564
 
565
  if ( ! empty( $_REQUEST['typeshow'] ) ) {
566
- $where .= $wpdb->prepare( ' AND `object_type` = %s', $_REQUEST['typeshow'] );
567
  }
568
 
569
  if ( isset( $_REQUEST['showaction'] ) && '' !== $_REQUEST['showaction'] ) {
570
- $where .= $wpdb->prepare( ' AND `action` = %s', $_REQUEST['showaction'] );
571
  }
572
 
573
  if ( isset( $_REQUEST['filter_ip'] ) && '' !== $_REQUEST['filter_ip'] ) {
574
- $where .= $wpdb->prepare( ' AND `hist_ip` = %s', $_REQUEST['filter_ip'] );
575
  }
576
 
577
  if ( isset( $_REQUEST['usershow'] ) && '' !== $_REQUEST['usershow'] ) {
578
- $where .= $wpdb->prepare( ' AND `user_id` = %d', $_REQUEST['usershow'] );
579
  }
580
 
581
  if ( isset( $_REQUEST['capshow'] ) && '' !== $_REQUEST['capshow'] ) {
582
- $where .= $wpdb->prepare( ' AND `user_caps` = %s', strtolower( $_REQUEST['capshow'] ) );
583
  }
584
 
585
  if ( isset( $_REQUEST['dateshow'] ) ) {
@@ -626,7 +626,10 @@ class AAL_Activity_Log_List_Table extends WP_List_Table {
626
  ' . $this->_get_where_by_role()
627
  );
628
 
629
- $items_orderby = sanitize_sql_orderby( filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_STRING ) );
 
 
 
630
  if ( empty( $items_orderby ) ) {
631
  $items_orderby = 'hist_time'; // Sort by time by default.
632
  }
194
  $return = sprintf( '<strong>' . __( '%s ago', 'aryo-activity-log' ) . '</strong>', human_time_diff( $item->hist_time, current_time( 'timestamp' ) ) );
195
 
196
  $date_formatted = date( 'd/m/Y', $item->hist_time );
197
+ $return .= '<br /><a href="' . $this->get_filtered_link( 'dateshow', $date_formatted ) . '">' . date_i18n( get_option( 'date_format' ), $item->hist_time ) . '</a>';
198
 
199
+ $return .= '<br />' . date_i18n( get_option( 'time_format' ), $item->hist_time );
200
  break;
201
 
202
  case 'ip':
203
+ $return = '<a href="' . $this->get_filtered_link( 'filter_ip', $item->hist_ip ) . '">' . esc_html( $item->hist_ip ) . '</a>';
204
  break;
205
 
206
  default:
563
  }
564
 
565
  if ( ! empty( $_REQUEST['typeshow'] ) ) {
566
+ $where .= $wpdb->prepare( ' AND `object_type` = %s', sanitize_text_field( $_REQUEST['typeshow'] ) );
567
  }
568
 
569
  if ( isset( $_REQUEST['showaction'] ) && '' !== $_REQUEST['showaction'] ) {
570
+ $where .= $wpdb->prepare( ' AND `action` = %s', sanitize_text_field( $_REQUEST['showaction'] ) );
571
  }
572
 
573
  if ( isset( $_REQUEST['filter_ip'] ) && '' !== $_REQUEST['filter_ip'] ) {
574
+ $where .= $wpdb->prepare( ' AND `hist_ip` = %s', sanitize_text_field( $_REQUEST['filter_ip'] ) );
575
  }
576
 
577
  if ( isset( $_REQUEST['usershow'] ) && '' !== $_REQUEST['usershow'] ) {
578
+ $where .= $wpdb->prepare( ' AND `user_id` = %d', sanitize_text_field( $_REQUEST['usershow'] ) );
579
  }
580
 
581
  if ( isset( $_REQUEST['capshow'] ) && '' !== $_REQUEST['capshow'] ) {
582
+ $where .= $wpdb->prepare( ' AND `user_caps` = %s', strtolower( sanitize_text_field( $_REQUEST['capshow'] ) ) );
583
  }
584
 
585
  if ( isset( $_REQUEST['dateshow'] ) ) {
626
  ' . $this->_get_where_by_role()
627
  );
628
 
629
+ if ( ! empty( $_GET['orderby'] ) ) {
630
+ $items_orderby = sanitize_sql_orderby( htmlspecialchars( $_GET['orderby'] ) );
631
+ }
632
+
633
  if ( empty( $items_orderby ) ) {
634
  $items_orderby = 'hist_time'; // Sort by time by default.
635
  }
classes/class-aal-settings.php CHANGED
@@ -363,9 +363,9 @@ final class AAL_Settings_Fields {
363
  if ( empty( $args['html'] ) )
364
  return;
365
 
366
- echo $args['html'];
367
  if ( ! empty( $args['desc'] ) ) : ?>
368
- <p class="description"><?php echo $args['desc']; ?></p>
369
  <?php endif;
370
  }
371
 
@@ -382,7 +382,7 @@ final class AAL_Settings_Fields {
382
  ?>
383
  <input type="text" id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $value ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" />
384
  <?php if ( ! empty( $desc ) ) : ?>
385
- <p class="description"><?php echo $desc; ?></p>
386
  <?php endif;
387
  }
388
 
@@ -403,7 +403,7 @@ final class AAL_Settings_Fields {
403
  <textarea id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" rows="<?php echo absint( $args['rows'] ); ?>" cols="<?php echo absint( $args['cols'] ); ?>"><?php echo esc_textarea( $value ); ?></textarea>
404
 
405
  <?php if ( ! empty( $desc ) ) : ?>
406
- <p class="description"><?php echo $desc; ?></p>
407
  <?php endif;
408
  }
409
 
@@ -421,10 +421,10 @@ final class AAL_Settings_Fields {
421
  return;
422
 
423
  ?>
424
- <input type="number" id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $value ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" min="<?php echo $args['min']; ?>" step="<?php echo $args['step']; ?>" />
425
- <?php if ( ! empty( $args['sub_desc'] ) ) echo $args['sub_desc']; ?>
426
  <?php if ( ! empty( $args['desc'] ) ) : ?>
427
- <p class="description"><?php echo $args['desc']; ?></p>
428
  <?php endif;
429
  }
430
 
@@ -444,7 +444,7 @@ final class AAL_Settings_Fields {
444
  <?php endforeach; ?>
445
  </select>
446
  <?php if ( ! empty( $desc ) ) : ?>
447
- <p class="description"><?php echo $desc; ?></p>
448
  <?php endif; ?>
449
  <?php
450
  }
@@ -458,7 +458,7 @@ final class AAL_Settings_Fields {
458
  <label class="tix-yes-no description"><input type="radio" name="<?php echo esc_attr( $name ); ?>" value="0" <?php checked( $value, false ); ?>> <?php _e( 'No', 'aryo-activity-log' ); ?></label>
459
 
460
  <?php if ( isset( $args['description'] ) ) : ?>
461
- <p class="description"><?php echo $args['description']; ?></p>
462
  <?php endif; ?>
463
  <?php
464
  }
@@ -497,19 +497,19 @@ final class AAL_Settings_Fields {
497
  $row_condition = isset( $row['condition'] ) ? $row['condition'] : '';
498
  $row_value = isset( $row['value'] ) ? $row['value'] : '';
499
  ?>
500
- <li data-id="<?php echo $rid; ?>">
501
- <select name="<?php echo $common_name; ?>[<?php echo $rid; ?>][key]" class="aal-category">
502
  <?php foreach ( $keys as $k => $v ) : ?>
503
- <option value="<?php echo $k; ?>" <?php selected( $row_key, $k ); ?>><?php echo $v; ?></option>
504
  <?php endforeach; ?>
505
  </select>
506
- <select name="<?php echo $common_name; ?>[<?php echo $rid; ?>][condition]" class="aal-condition">
507
  <?php foreach ( $conditions as $k => $v ) : ?>
508
- <option value="<?php echo $k; ?>" <?php selected( $row_condition, $k ); ?>><?php echo $v; ?></option>
509
  <?php endforeach; ?>
510
  </select>
511
  <?php $value_options = AAL_Main::instance()->notifications->get_settings_dropdown_values( $row_key ); ?>
512
- <select name="<?php echo $common_name; ?>[<?php echo $rid; ?>][value]" class="aal-value">
513
  <?php foreach ( $value_options as $option_key => $option_value ) : ?>
514
  <option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( $option_key, $row_value ); ?>><?php echo esc_html( $option_value ); ?></option>
515
  <?php endforeach; ?>
363
  if ( empty( $args['html'] ) )
364
  return;
365
 
366
+ echo wp_kses_post( $args['html'] );
367
  if ( ! empty( $args['desc'] ) ) : ?>
368
+ <p class="description"><?php echo wp_kses_post( $args['desc'] ); ?></p>
369
  <?php endif;
370
  }
371
 
382
  ?>
383
  <input type="text" id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $value ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" />
384
  <?php if ( ! empty( $desc ) ) : ?>
385
+ <p class="description"><?php echo wp_kses_post( $desc ); ?></p>
386
  <?php endif;
387
  }
388
 
403
  <textarea id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" rows="<?php echo absint( $args['rows'] ); ?>" cols="<?php echo absint( $args['cols'] ); ?>"><?php echo esc_textarea( $value ); ?></textarea>
404
 
405
  <?php if ( ! empty( $desc ) ) : ?>
406
+ <p class="description"><?php echo wp_kses_post( $desc ); ?></p>
407
  <?php endif;
408
  }
409
 
421
  return;
422
 
423
  ?>
424
+ <input type="number" id="<?php echo esc_attr( $args['id'] ); ?>" name="<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $value ); ?>" class="<?php echo implode( ' ', $args['classes'] ); ?>" min="<?php echo esc_attr( $args['min'] ); ?>" step="<?php echo esc_attr( $args['step'] ); ?>" />
425
+ <?php if ( ! empty( $args['sub_desc'] ) ) echo wp_kses_post( $args['sub_desc'] ); ?>
426
  <?php if ( ! empty( $args['desc'] ) ) : ?>
427
+ <p class="description"><?php echo wp_kses_post( $args['desc'] ); ?></p>
428
  <?php endif;
429
  }
430
 
444
  <?php endforeach; ?>
445
  </select>
446
  <?php if ( ! empty( $desc ) ) : ?>
447
+ <p class="description"><?php echo wp_kses_post( $desc ); ?></p>
448
  <?php endif; ?>
449
  <?php
450
  }
458
  <label class="tix-yes-no description"><input type="radio" name="<?php echo esc_attr( $name ); ?>" value="0" <?php checked( $value, false ); ?>> <?php _e( 'No', 'aryo-activity-log' ); ?></label>
459
 
460
  <?php if ( isset( $args['description'] ) ) : ?>
461
+ <p class="description"><?php echo wp_kses_post( $args['description'] ); ?></p>
462
  <?php endif; ?>
463
  <?php
464
  }
497
  $row_condition = isset( $row['condition'] ) ? $row['condition'] : '';
498
  $row_value = isset( $row['value'] ) ? $row['value'] : '';
499
  ?>
500
+ <li data-id="<?php echo esc_attr( $rid ); ?>">
501
+ <select name="<?php echo esc_attr( $common_name ); ?>[<?php echo esc_attr( $rid ); ?>][key]" class="aal-category">
502
  <?php foreach ( $keys as $k => $v ) : ?>
503
+ <option value="<?php echo esc_attr( $k ); ?>" <?php selected( $row_key, $k ); ?>><?php echo esc_attr( $v ); ?></option>
504
  <?php endforeach; ?>
505
  </select>
506
+ <select name="<?php echo esc_attr( $common_name ); ?>[<?php echo esc_attr( $rid ); ?>][condition]" class="aal-condition">
507
  <?php foreach ( $conditions as $k => $v ) : ?>
508
+ <option value="<?php echo esc_attr( $k ); ?>" <?php selected( $row_condition, $k ); ?>><?php echo esc_html( $v ); ?></option>
509
  <?php endforeach; ?>
510
  </select>
511
  <?php $value_options = AAL_Main::instance()->notifications->get_settings_dropdown_values( $row_key ); ?>
512
+ <select name="<?php echo esc_attr( $common_name ); ?>[<?php echo esc_attr( $rid ); ?>][value]" class="aal-value">
513
  <?php foreach ( $value_options as $option_key => $option_value ) : ?>
514
  <option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( $option_key, $row_value ); ?>><?php echo esc_html( $option_value ); ?></option>
515
  <?php endforeach; ?>
hooks/class-aal-hook-widgets.php CHANGED
@@ -29,9 +29,9 @@ class AAL_Hook_Widgets extends AAL_Hook_Base {
29
  aal_insert_log( array(
30
  'action' => 'deleted',
31
  'object_type' => 'Widget',
32
- 'object_subtype' => strtolower( $_REQUEST['sidebar'] ),
33
  'object_id' => 0,
34
- 'object_name' => $_REQUEST['id_base'],
35
  ) );
36
  }
37
  }
29
  aal_insert_log( array(
30
  'action' => 'deleted',
31
  'object_type' => 'Widget',
32
+ 'object_subtype' => strtolower( sanitize_text_field( $_REQUEST['sidebar'] ) ),
33
  'object_id' => 0,
34
+ 'object_name' => sanitize_text_field( $_REQUEST['id_base'] ),
35
  ) );
36
  }
37
  }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: pojo.me, KingYes, ariel.k, maor
3
  Tags: Activity Log, User Activity, User Log, Audit Log, Security, Tracking, WooCommerce, bbPress, GDPR,
4
  Requires at least: 4.4
5
  Tested up to: 6.1
6
- Stable tag: 2.8.4
7
  License: GPLv2 or later
8
 
9
  The #1 Activity Log plugin helps you monitor & log all changes and activities on your WordPress site, so you can run more securely and organized. Works simple & completely free!
@@ -108,6 +108,11 @@ Would you like to like to contribute to Activity Log? You are more than welcome
108
 
109
  == Changelog ==
110
 
 
 
 
 
 
111
  = 2.8.4 - 2022-09-04 =
112
  * Tweak: Added Activity Log setting to records log
113
  * Tweak: Added encoded value in CSV file ([#165](https://github.com/pojome/activity-log/issues/165))
3
  Tags: Activity Log, User Activity, User Log, Audit Log, Security, Tracking, WooCommerce, bbPress, GDPR,
4
  Requires at least: 4.4
5
  Tested up to: 6.1
6
+ Stable tag: 2.8.5
7
  License: GPLv2 or later
8
 
9
  The #1 Activity Log plugin helps you monitor & log all changes and activities on your WordPress site, so you can run more securely and organized. Works simple & completely free!
108
 
109
  == Changelog ==
110
 
111
+ = 2.8.5 - 2022-11-21 =
112
+ * Tweak: Now the date/time format is displayed according to the site settings ([Topic](https://wordpress.org/support/topic/date-format-question-2/))
113
+ * Fix: Added compatibility for PHP 8.1 ([Topic](https://wordpress.org/support/topic/deprecated-filter_sanitize_string-preg_match-and-strtolower-in-php-8-1/))
114
+ * Fix: Add input sanitization to avoid security issues
115
+
116
  = 2.8.4 - 2022-09-04 =
117
  * Tweak: Added Activity Log setting to records log
118
  * Tweak: Added encoded value in CSV file ([#165](https://github.com/pojome/activity-log/issues/165))