WP Mail Logging - Version 1.8.3

Version Description

  • Fix: security bug

=

Download this release

Release Info

Developer No3x
Plugin Icon 128x128 WP Mail Logging
Version 1.8.3
Comparing to
See all releases

Code changes from version 1.8.2 to 1.8.3

Files changed (3) hide show
  1. WPML_Email_Log_List.php +21 -27
  2. readme.txt +5 -2
  3. wp-mail-logging.php +1 -1
WPML_Email_Log_List.php CHANGED
@@ -195,31 +195,28 @@ class WPML_Email_Log_List extends \WP_List_Table {
195
  * @return string The cell content
196
  */
197
  function column_default( $item, $column_name ) {
198
- switch ( $column_name ) {
199
- case 'mail_id':
200
- case 'timestamp':
201
- case 'host':
202
- case 'subject':
203
- case 'message':
204
- case 'headers':
205
- case 'attachments':
206
- case 'error':
207
- case 'plugin_version':
208
- case 'receiver':
209
- return $item[ $column_name ];
210
- default:
211
- // If we don't know this column maybe a hook does - if no hook extracted data (string) out of the array we can avoid the output of 'Array()' (array).
212
- return ( is_array( $res = apply_filters( WPML_Plugin::HOOK_LOGGING_COLUMNS_RENDER, $item, $column_name ) ) ) ? '' : $res;
213
  }
 
 
214
  }
215
 
216
  /**
217
- * Sanitize message to remove unsafe html.
218
  * @since 1.5.1
219
- * @param string $message unsafe message.
220
- * @return string safe message.
221
  */
222
- function sanitize_message( $message ) {
223
  $allowed_tags = wp_kses_allowed_html( 'post' );
224
  $allowed_tags['a']['data-message'] = true;
225
  $allowed_tags['style'][''] = true;
@@ -233,9 +230,6 @@ class WPML_Email_Log_List extends \WP_List_Table {
233
  * @return string
234
  */
235
  function column_message( $item ) {
236
- if ( empty( $item['message'] ) ) {
237
- return '';
238
- }
239
  $content = $item['mail_id'];
240
  $message = '<a class="wp-mail-logging-view-message button button-secondary" href="#" data-mail-id="' . esc_attr( $content ) . '">View</a>';
241
  return $message;
@@ -247,7 +241,7 @@ class WPML_Email_Log_List extends \WP_List_Table {
247
  * @param array $item The current item.
248
  * @return string
249
  */
250
- function column_timestamp( $item ) {
251
  return date_i18n( apply_filters( 'wpml_get_date_time_format', '' ), strtotime( $item['timestamp'] ) );
252
  }
253
 
@@ -284,7 +278,7 @@ class WPML_Email_Log_List extends \WP_List_Table {
284
  * @param array $item The current item.
285
  * @return string The attachment column.
286
  */
287
- function column_attachments( $item ) {
288
 
289
  if ( version_compare( trim( $item ['plugin_version'] ), '1.6.0', '<' ) ) {
290
  return $this->column_attachments_compat_152( $item );
@@ -318,7 +312,7 @@ class WPML_Email_Log_List extends \WP_List_Table {
318
  * @param $item
319
  * @return string
320
  */
321
- function column_error($item ) {
322
  $error = $item['error'];
323
  if( empty($error)) return "";
324
  $errorMessage = is_array($error) ? join(',', $error) : $error;
@@ -509,8 +503,8 @@ class WPML_Email_Log_List extends \WP_List_Table {
509
  $mailAppend .= apply_filters( WPML_Plugin::HOOK_LOGGING_FORMAT_CONTENT . "_{$format_requested}", $mail->to_array() );
510
  break;
511
  }
512
-
513
- echo $instance->sanitize_message($mailAppend);
514
  wp_die(); // this is required to terminate immediately and return a proper response
515
  }
516
  }
195
  * @return string The cell content
196
  */
197
  function column_default( $item, $column_name ) {
198
+ $column_content = '';
199
+
200
+ // colmn_message is handled called directly by the list table by naming it colmn_$name. All other columns pass this function and might be named column_overridden_$column_name for further adaptation on output.
201
+ if ( method_exists( $this, 'column_overridden_' . $column_name ) ) {
202
+ $column_content = call_user_func( array( $this, 'column_overridden_' . $column_name ), $item );
203
+ } elseif( array_key_exists( $column_name, $item ) ) {
204
+ $column_content = $item[ $column_name ];
205
+ } else {
206
+ // If we don't know this column maybe a hook does - if no hook extracted data (string) out of the array we can avoid the output of 'Array()' (array).
207
+ $column_content = ( is_array( $res = apply_filters( WPML_Plugin::HOOK_LOGGING_COLUMNS_RENDER, $item, $column_name ) ) ) ? '' : $res;
 
 
 
 
 
208
  }
209
+
210
+ return $this->sanitize_text($column_content);
211
  }
212
 
213
  /**
214
+ * Sanitize text to remove unsafe html.
215
  * @since 1.5.1
216
+ * @param string $message unsafe text.
217
+ * @return string safe text.
218
  */
219
+ function sanitize_text( $message ) {
220
  $allowed_tags = wp_kses_allowed_html( 'post' );
221
  $allowed_tags['a']['data-message'] = true;
222
  $allowed_tags['style'][''] = true;
230
  * @return string
231
  */
232
  function column_message( $item ) {
 
 
 
233
  $content = $item['mail_id'];
234
  $message = '<a class="wp-mail-logging-view-message button button-secondary" href="#" data-mail-id="' . esc_attr( $content ) . '">View</a>';
235
  return $message;
241
  * @param array $item The current item.
242
  * @return string
243
  */
244
+ function column_overridden_timestamp( $item ) {
245
  return date_i18n( apply_filters( 'wpml_get_date_time_format', '' ), strtotime( $item['timestamp'] ) );
246
  }
247
 
278
  * @param array $item The current item.
279
  * @return string The attachment column.
280
  */
281
+ function column_overridden_attachments( $item ) {
282
 
283
  if ( version_compare( trim( $item ['plugin_version'] ), '1.6.0', '<' ) ) {
284
  return $this->column_attachments_compat_152( $item );
312
  * @param $item
313
  * @return string
314
  */
315
+ function column_overridden_error($item ) {
316
  $error = $item['error'];
317
  if( empty($error)) return "";
318
  $errorMessage = is_array($error) ? join(',', $error) : $error;
503
  $mailAppend .= apply_filters( WPML_Plugin::HOOK_LOGGING_FORMAT_CONTENT . "_{$format_requested}", $mail->to_array() );
504
  break;
505
  }
506
+
507
+ echo $instance->sanitize_text($mailAppend);
508
  wp_die(); // this is required to terminate immediately and return a proper response
509
  }
510
  }
readme.txt CHANGED
@@ -6,7 +6,7 @@ License: GPLv3
6
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
7
  Requires at least: 3.0
8
  Tested up to: 4.8.3
9
- Stable tag: 1.8.2
10
 
11
  Logs each email sent by WordPress.
12
 
@@ -50,11 +50,14 @@ The logged email has been sent by WordPress but please note this does NOT mean i
50
  3. The Settings
51
 
52
  == Upgrade Notice ==
53
- = 1.8.2 =
54
  - Fix: security bug
55
 
56
  == Changelog ==
57
 
 
 
 
58
  = 1.8.2, November 7, 2017 =
59
  - Fix: security bug
60
 
6
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
7
  Requires at least: 3.0
8
  Tested up to: 4.8.3
9
+ Stable tag: 1.8.3
10
 
11
  Logs each email sent by WordPress.
12
 
50
  3. The Settings
51
 
52
  == Upgrade Notice ==
53
+ = 1.8.3 =
54
  - Fix: security bug
55
 
56
  == Changelog ==
57
 
58
+ = 1.8.3, November 10, 2017 =
59
+ - Fix: another security bug
60
+
61
  = 1.8.2, November 7, 2017 =
62
  - Fix: security bug
63
 
wp-mail-logging.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP Mail Logging
4
  Plugin URI: http://wordpress.org/extend/plugins/wp-mail-logging/
5
  Support URI: https://github.com/No3x/wp-mail-logging/issues
6
- Version: 1.8.2
7
  Author: Christian Z&ouml;ller
8
  Author URI: http://no3x.de/
9
  Description: Logs each email sent by WordPress.
3
  Plugin Name: WP Mail Logging
4
  Plugin URI: http://wordpress.org/extend/plugins/wp-mail-logging/
5
  Support URI: https://github.com/No3x/wp-mail-logging/issues
6
+ Version: 1.8.3
7
  Author: Christian Z&ouml;ller
8
  Author URI: http://no3x.de/
9
  Description: Logs each email sent by WordPress.